Release v0.8.14

Causes missing parameters in $_GET query

.editorconfig

@@ -11,9 +11,4 @@ insert_final_newline = true
 
 [*.md]
 trim_trailing_whitespace = false
-
-[{composer.json,package.json}]
-indent_style = space
-
-[package.json]
-indent_size = 2
+indent_style = tab

.gitattributes

@@ -3,12 +3,9 @@
 .gitignore export-ignore
 .github export-ignore
 .editorconfig export-ignore
+.travis.yml export-ignore
 _config.yml export-ignore
 release.sh export-ignore
 
-# cypress
-cypress export-ignore
-cypress.config.js export-ignore
-cypress.env.json
-
 *.sh text eol=lf
+VERSION text eol=lf

.github/workflows/cypress.yml

@@ -1,120 +0,0 @@
-name: Cypress
-on:
-  pull_request:
-    branches: [0.9]
-  push:
-    branches: [0.9]
-
-jobs:
-  cypress:
-    runs-on: ubuntu-latest
-    services:
-      mysql:
-        image: mysql:8.0
-        env:
-          MYSQL_ROOT_PASSWORD: root
-          MYSQL_DATABASE: myaac
-          MYSQL_USER: myaac
-          MYSQL_PASSWORD: myaac
-        ports:
-          - 3306/tcp
-        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
-    strategy:
-      fail-fast: false
-      matrix:
-        php-versions: [ '7.4', '8.0', '8.1' ]
-    name: MyAAC on PHP ${{ matrix.php-versions }}
-    steps:
-        - name: 📌 MySQL Start & init & show db
-          run: |
-            sudo /etc/init.d/mysql start
-            mysql -e 'CREATE DATABASE myaac;' -uroot -proot
-            mysql -e "SHOW DATABASES" -uroot -proot
-
-        - name: Checkout MyAAC
-          uses: actions/checkout@v3
-          with:
-            ref: 0.9
-
-        - name: Checkout TFS
-          uses: actions/checkout@v3
-          with:
-            repository: otland/forgottenserver
-            ref: 1.4
-            path: tfs
-
-        - name: Import TFS Schema
-          run: |
-              mysql -uroot -proot myaac < tfs/schema.sql
-
-        - name: Rename config.lua
-          run: mv tfs/config.lua.dist tfs/config.lua
-
-        - name: Replace mysqlUser
-          uses: jacobtomlinson/gha-find-replace@v2
-          with:
-            find: 'mysqlUser = "forgottenserver"'
-            replace: 'mysqlUser = "root"'
-            regex: false
-            include: 'tfs/config.lua'
-
-        - name: Replace mysqlPass
-          uses: jacobtomlinson/gha-find-replace@v2
-          with:
-              find: 'mysqlPass = ""'
-              replace: 'mysqlPass = "root"'
-              regex: false
-              include: 'tfs/config.lua'
-
-        - name: Replace mysqlDatabase
-          uses: jacobtomlinson/gha-find-replace@v2
-          with:
-              find: 'mysqlDatabase = "forgottenserver"'
-              replace: 'mysqlDatabase = "myaac"'
-              regex: false
-              include: 'tfs/config.lua'
-
-        - name: Setup PHP
-          uses: shivammathur/setup-php@v2
-          with:
-            php-version: ${{ matrix.php-versions }}
-            extensions: mbstring, dom, fileinfo, mysql, json, xml, pdo, pdo_mysql
-
-        - name: Get composer cache directory
-          id: composer-cache
-          run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
-
-        - name: Cache composer dependencies
-          uses: actions/cache@v3
-          with:
-            path: ${{ steps.composer-cache.outputs.dir }}
-            # Use composer.json for key, if composer.lock is not committed.
-            # key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
-            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
-            restore-keys: ${{ runner.os }}-composer-
-
-        - name: Install Composer dependencies
-          run: composer install --no-progress --prefer-dist --optimize-autoloader
-
-        - name: Run PHP server
-          run: nohup php -S localhost:8080 > php.log 2>&1 &
-
-        - name: Cypress Run
-          uses: cypress-io/github-action@v5
-          env:
-            CYPRESS_URL: http://localhost:8080
-            CYPRESS_SERVER_PATH: /home/runner/work/myaac/myaac/tfs
-
-        - name: Save screenshots
-          uses: actions/upload-artifact@v3
-          if: always()
-          with:
-            name: cypress-screenshots
-            path: cypress/screenshots
-
-        - name: Upload Cypress Videos
-          uses: actions/upload-artifact@v3
-          if: always()
-          with:
-            name: cypress-videos
-            path: cypress/videos

.github/workflows/phplint.yml

@@ -1,16 +1,16 @@
 name: PHP Linting
 on:
   pull_request:
-    branches: [develop]
+    branches: [master]
   push:
-    branches: [develop]
+    branches: [master]
 
 jobs:
   phplint:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: overtrue/phplint@8.2
+      - uses: overtrue/phplint@7.4
         with:
           path: .
-          options: --exclude=*.log
+          options: --exclude="system/libs/polyfill-mbstring/bootstrap80.php"

.gitignore

@@ -48,6 +48,10 @@ system/cache/*
 !system/cache/signatures/index.html
 !system/cache/plugins/index.html
 
+# php sessions
+system/php_sessions/*
+!system/php_sessions/index.html
+
 # logs
 system/logs/*
 !system/logs/index.html
@@ -56,10 +60,6 @@ system/logs/*
 system/data/*
 !system/data/index.html
 
-# php sessions
-system/php_sessions/*
-!system/php_sessions/index.html
-
 # plugins
 plugins/*
 !plugins/.htaccess
@@ -70,8 +70,5 @@ plugins/*
 !plugins/email-confirmed-reward
 landing
 
-# system
-system/functions_custom.php
-
 # others/rest
 system/pages/downloads.php

.htaccess.dist

@@ -6,14 +6,12 @@
 	Options -MultiViews
 </IfModule>
 
-<FilesMatch "^(CHANGELOG\.md|README\.md|composer\.json|composer\.lock|package\.json|package-lock\.json|cypress\.env\.json)$">
-	Require all denied
-</FilesMatch>
-
 <IfModule mod_rewrite.c>
 	RewriteEngine On
 
-	#RewriteBase /myaac/
+	# you can put here your myaac root folder
+	# path relative to web root
+    #RewriteBase /myaac/
 
 	RewriteCond %{REQUEST_FILENAME} !-f
 	RewriteCond %{REQUEST_FILENAME} !-d

.travis.yml

@@ -0,0 +1,20 @@
+
+language: php
+php:
+  - 5.6
+  - 7.0
+  - 7.1
+  - 7.2
+  - 7.3
+  - 7.4
+  - 8.0
+
+cache:
+  directories:
+    - $HOME/.composer/cache
+
+before_script:
+  - composer require php-parallel-lint/php-parallel-lint --no-suggest --no-progress --no-interaction --no-ansi --quiet --optimize-autoloader
+
+script:
+  - php vendor/bin/parallel-lint --no-progress --no-colors --exclude vendor --exclude "system/libs/pot/OTS_DB_PDOQuery_PHP71.php" .

CHANGELOG.md

@@ -1,55 +1,891 @@
 # Changelog
 
-## [0.9.0-alpha - 02.06.2023]
-
-Minimum PHP version for this release is 7.2.5.
-
-### Added
-* reworked Admin Panel (@Leesneaks, @gpedro, @slawkens)
-  * updated to Bootstrap v4
-  * new Menu
-  * new Dashboard: statistics, server status
-  * new Admin Bar showed on top when admin logged in
-  * new page: Server Data, to reload server data
-  * new pages: mass account & teleport tools
-  * changelogs editor
-  * revised Accounts & Players editors
-  * option to add/modify menus with plugins
-  * option to enable/disable plugins
-  * better, updated TinyMCE editor (v6.x)
-    * with option to upload images
-  * list of open source libraries used in project
-* brand new charming installation page (by @fernandomatos)
-  * using Bootstrap
-* new pages router: nikic/fast-route, allowing for better customisation
-* Guild Wars support (available as plugin)
-* support for login and create account only by email (configurable)
-  * with no need for account name
-* Google ReCAPTCHA v3 support (available as plugin)
-* automatically load towns names from .OTBM file
-* support for Account Number
-  * suggest account number option
-* many new functions, hooks and configurables
-* better Exception Handler (Whoops - https://github.com/filp/whoops)
-* add Cypress testing
-
-### Changed
-* Composer is now used for external libraries like: Twig, PHPMailer, fast-route etc.
-* mail support is disabled on fresh install, can be manually enabled by user
-* disable add php pages in admin panel for security. Option to disable plugins upload
-* visitors counter shows now user browser, and also if its bot
-* changes in required and optional PHP extensions
-* reworked Pages:
-	* Bans
-		* works now for TFS 1.x
-	* Highscores
-		* frags works for TFS 1.x
-		* cached
-	* creatures
-* moved pages to Twig:
-  * experience stages
-* update player_deaths entries on name change
-* change_password email to be more informal
+## [0-8.14 - 27.11.2023]
+Security fixes.
 
 ### Fixed
-* hundrets of bug fixes, mostly patched from 0.8, so it makes no sense writing them again here
+* XSS vulnerability in bugtracker (https://github.com/slawkens/myaac/commit/83a91ec540072d319dd338abff45f8d5ebf48190)
+* XSS vulnerability in forum (https://github.com/slawkens/myaac/commit/d1bc63d07ad88a143358cacd2c417891eea74dcc + https://github.com/slawkens/myaac/commit/55dbade8d5280c5baed45e5f7ebc3613b8e9b9e8)
+* Session Fixation (https://github.com/slawkens/myaac/commit/483155cf4c1e3068aaee0d44541dfa61f6223379)
+* displaying ban info on account page (https://github.com/slawkens/myaac/commit/764db0c203d1826ffce3a5a78f83a97e56bd0685)
+
+### Changed
+* Clear some additional cache keys - like database cache (https://github.com/slawkens/myaac/commit/4327b66f915d06dce504211692173606b9ef3b4e)
+
+## [0.8.13 - 16.09.2023]
+
+### Added
+* latest client versions to config (https://github.com/slawkens/myaac/commit/765886f0c782807400c429577cde5e45bd7c308f)
+* patching from develop - twig context for hooks (https://github.com/slawkens/myaac/commit/f1670f4012cc7595433fe0b1937c1f9b15a60b07)
+
+### Fixed
+* fixed XSS vulnerability in some pages (https://github.com/slawkens/myaac/commit/5c3b01aca4f3cfe8abc86b8ce48194b2da87b808)
+
+Nothing more or less!
+
+## [0.8.12 - 07.08.2023]
+I've moved the repository back to my personal account. (Just so you know!)
+
+I will also try to add git commits pointed to each change, lets see if you like it or not - you can comment in discussion, that will be created just after releasing this version :)
+
+### Added
+* forum: better error messages (Suggested by @anyeor) (https://github.com/slawkens/myaac/commit/34725e0257684fe5fa43875cc3a8f587ba04642e)
+* more support for GesiorAAC classes, so some of them will work with MyAAC (https://github.com/slawkens/myaac/commit/a8172a518ff8939c4402349b16c064fcaf855d31)
+* word-break on forum thread & reply (Suggested by @anyeor) (https://github.com/slawkens/myaac/commit/ce4aed0f1719d2aadc749e5238e883e3c10e2686)
+
+### Fixed
+* not working pages/links from database, introduced in 0.8.10 (Thanks to OtLand user - https://otland.net/members/0lo.99657/ for report) (https://github.com/slawkens/myaac/commit/1e874c7027769bd09e772a1cdac75d7e37991256)
+* it was possible to create topic in board that was closed, ommiting the error check (Thanks to @anyeor for report) (https://github.com/slawkens/myaac/commit/0d52978d9fb99869500d35e7676f454ca5eaba14)
+* PHP 8.2 compatibility - removed deprecated functions utf8_encode & utf8_decode (https://github.com/slawkens/myaac/commit/a338fd967cdbcc89e86be4e6b66b2cad2ff23251)
+* guild description not being correctly shown (Reported by @anyeor)  (https://github.com/slawkens/myaac/commit/f2a3ec1185df64ad9084d4ff55790ae4a5b3e5fd, https://github.com/slawkens/myaac/commit/df321154f63d458a4bc7d83bac5e3447b67317a4)
+
+### Removed
+* Some old code for verifying messages length (Reported by @anyeor) (https://github.com/slawkens/myaac/commit/df48363ea4ced4350fd90ffddf57d464ba5afa8b)
+* some info about config failed to load, was never working (https://github.com/slawkens/myaac/commit/7a546e5a41036b0e9e926d337c6f2e3c41c591d2)
+
+## [0.8.11 - 30.06.2023]
+
+### Added
+* new function from 0.9 - Cache::remember($key, $ttl, $callback)
+* new characters page hooks
+* line number & file to exception handler, to easier localize exceptions
+
+### Changed
+* rename to .htaccess.dist, causes some problems on default setup
+* removing unneccessary PHP closing tags to prevent potential issues (by @SRNT-GG)
+* display warning if hook file does not exist
+
+### Fixed
+* important: Not allow create char if limit is exceeded (by @anyeor) could have been used to spam database
+* deleted chars: cannot change comment, name, gender, cannot create guild, cannot be invited, cannot accept invite, cannot be passed leadership to
+* forum: quote and edit post buttons not being shown
+* twig exception thrown when player does not exist, on character change comment (thanks @anyeor)
+* BASE_DIR when accessing /tools
+* do not display warning if HTTP_ACCEPT_LANGUAGE is not set
+
+## [0.8.10 - 18.05.2023]
+
+### Changed
+* PHP 7.2.5 is now required, cause of Twig 2.x
+* allow pages to be placed in templates folder, under pages/ subfolder
+
+### Fixed
+* Twig error with global variable on create account
+* links/redirects from facebook, etc. like ?fbclid=x
+* do not allow to continue install when there is no server database imported
+* cannot go forward when config.local.php cannot be saved
+* when server uses another items serializer
+* small bug on install - please fill all input
+
+## [0.8.9 - 16.03.2023]
+
+### Added
+* You can now disable server status checking for testing purposes, useful for local testing when there is no server running
+  * with this, the page won't need 2 seconds to load
+  * set status_enabled to false in config.php
+* new buttons code for tibiacom template, can create button with any text
+* patched some small changes from develop branch
+
+### Changed
+* add .git to denied folders in nginx-sample.conf
+* plugins folder is now accessible from outside
+* add plugins folder to twig search paths
+
+### Fixed
+* player save on tfs 1.5 with new ipv6
+* more php 8.x compatibility
+* rel path for exception message, causing message to be not in red background
+
+## [0.8.8 - 18.02.2023]
+
+### Added
+* mail confirmed reward
+* support for latest group changes in TFS
+* new function: escapeHtml
+
+### Updated
+* TinyMCE to v4.9.1 (latest release in 4.x series)
+* Twig to v2.15.4
+
+### Changed
+* you can now place custom pages in your template directory under pages/ folder
+* HOOK_LOGOUT parameters, now only account_id is passed
+
+### Fixed
+* ipv6 introduced in latest TFS
+* config.account_premium_days for TFS 1.4+
+* better compatibility with GesiorAAC
+* PHP 8.1 compatibility
+* myaac_ db table detection failure
+* reload creatures error, when items cache has been cleared
+
+### Removed
+* accounts.blocked column, which is not used by AAC
+
+## [0.8.7 - 31.08.2022]
+
+### Added
+* login.php for client 12.x is now part of official repo
+* browsehappy code
+* config use character sample skill (#201, @gpedro)
+* custom words blocked (#190, @gpedro)
+
+### Changed
+* save php sessions in myaac dir
+* don't count deleted players when creating new character
+
+### Fixed
+* patch vulnerability in change_rank.php (#194, @gesior, @thatmichaelguy)
+* fix guild invite page (#196, @worthdavi)
+* players not showing on highscores page (#195)
+* highscores page bug with high pages
+* $player->getStorage() does not work at all (#169, @gesior)
+* copying sample character when it have items with quotes (#200, @gpedro)
+* IPv6 issue when env is set to dev (#171)
+* admin page changed feet to match body colour (#174, @silic0nalph4)
+* exception being thrown when creating duplicated character name (#191)
+* rules page formatting (#177, @silic0nalph4)
+* account character create if auto_login is enabled
+* undefined variable notice on database_log enabled
+* removed VERSION file
+
+## [0.8.6 - 10.07.2021]
+This update contains very important security fix.
+
+Please update your MyAAC instances to this version.
+
+## [0.8.5 - 08.06.2021]
+
+### Changed
+* bcmath module is not required anymore
+* Gratis premium account fixes (#156, by @czbadaro)
+* Update 404 response (#163, by @anyeor)
+
+### Fixed
+* compatibility with PHP 7.0 and lower
+* deleting ranks in guilds (#158, by @Misztrz)
+* guild back buttons (change logo & motd)
+* forum table style (boards & thread view)
+* guild list description new lines `<br>` being ignored (Thanks @anyeor for reporting)
+
+
+## [0.8.4 - 18.02.2021]
+
+### Added
+* support for accounts.premium_ends_at (Latest TFS 1.x)
+* more clients to clients.conf.php
+
+### Changed
+* minimum PHP 5.6 is now required
+* password can now contain any characters
+* add SSL on external image requests of items and outfits (@fernandomatos)
+* Use local storage for saving menu items (tibiacom template) - fixes bug with some websites like wykop.pl (browser freeze)
+* increase size of myaac_visitors.page column to 2048 (Thanks to OtLand user kaleuui)
+
+### Fixed
+* compatibility with PHP 8.0 (latest XAMPP)
+* displaying PHP errors on env = "prod"
+* the Guildnick not showing in the guild pages (@leesneaks)
+* you cannot delete character more than twice (Thanks Okke)
+* ignore arrays in config.lua (fixes experienceStages loading)
+* parsing empty strings in config.lua (with comments)
+* headling.php cannot find font
+
+## [0.8.3 - 27.10.2020]
+
+### Added
+* pdo_mysql as required extension
+* some notice about Email validation in create account
+
+### Changed
+* Move register DATABASE_VERSION into schema.sql
+    * Caused migrations being fired when user manually imported database
+
+### Fixed
+* creating very uncommon (bugged) account names
+* XSS in character search
+* Admin menu news editing warning when leaving page without touching the inputs
+* Guild Invite not working on otservbr-global
+* two boxes being show on email_change_cancel
+* when adding poll = template tibiacom broken
+* houses: Unknown column 'guild' in 'where clause (https://github.com/slawkens/myaac/issues/131)
+* account create when account_mail_verify is enabled
+* CloudFlare IP detection
+* network_twitter link in tibiacom template
+
+## [0.8.2 - 03.06.2020]
+
+### Added
+* Log query time in database_log (can be used for benchmarking)
+* new PHP constant: IS_CLI
+* $_SERVER['REQUEST_URI'] to database.log
+* outfit to highscores box in tibiacom template
+* system/data to .gitignore
+* error_reporting in admin panel (when in dev mode), so it shows php notices and warnings
+* example quests in config.php
+
+### Changed
+* account_login input type from password to text
+
+### Fixed
+* Guild Invite not working on otservbr-global (#123)
+* news not updating after adding in admin panel
+* wrong mana of character samples (#125)
+* missing rules page on clean install
+* double space character name creation (@Lee, #121)
+* creatures page: Max count and chance not shown on hovered items
+* exception being thrown when characters.frags enabled on TFS 1.x
+* TFS 0.4 guilds creation (Where guilds.checkdata and motd doesn't have default value)
+* ERR_TOO_MANY_REDIRECTS browser error on template change
+* updating template menus on template change
+* Account change info when config.account_country is disabled
+* cancel change email request
+* config.character_name_min/max_length being ignored in change_name.php
+* some rare bugs when database is no up-to-date and someone enters admin panel
+* extra line that is added when using a newer version than official release (@Lee)
+* admin links in featured article
+* some PHP Notice when HTTP_HOST is not set (Can happen on some old versions of HTTP protocol)
+* Show character indicator in check_name.js
+* Houses list View button was wrong (was from bootstrap)
+* OTS_House __construct - not loading by houseid parameter
+* message() function when executed in CLI
+
+### Removed
+* unused myaac_commands table from schema
+* MyISAM engine from migration scripts (#128)
+
+## [0.8.1 - 10.03.2020]
+
+### Added
+* Support for Nostalrius OTS
+
+### Changed
+* Move TODO to wiki
+* .tooltip css class to .item_image (bootstrap conflict)
+
+### Fixed
+* Reloading of creatures/monsters throwing an exception
+* Loading custom pages with old Gesior variables [#108](https://github.com/slawkens/myaac/issues/107)
+* Some weird behaviour with installation of plugins
+* CHANGELOG.md loading in Admin Panel
+* spells displaying when level = 0
+* Some PHP warnings and notices
+
+## [0.8.0 - 19.02.2020]
+
+### Added:
+* new Awesome Bootstrap Admin Panel by Lee (@Leesneaks)
+	* using Bootstrap 3
+	* all existing pages were adjusted 
+	* new editor: Accounts
+	* improved editor: Players
+	* new Reports View page
+	* Modules directory, which can be added using Plugins (@Leesneaks, @whiteblXK)
+	* move News Management here (@whiteblXK)
+	* interactive player outfit chooser (@tobi132)
+* added Highscores by balance
+* possibility to define colors and "Open in New Tab" on Template Menus (needs to be supported by Template)
+* support for database persistent and socket connections (performance boost)
+* Team page - display outfits of the players (configurable)
+* added clear_cache.php, send_email.php bin commands (@slawkens, @tobi132)
+* added locale pt_br (@ivenspontes)
+* added load time into items & weapons loading admin page
+* new, beautiful exception handler
+* added travisci to prevent mistype (@gpedro, #89)
+* added showing database name into installation script (@tobi132)
+* compatibility with old z_ gesior table (@tobi132, #46)
+* added nginx-sample.conf, .editorconfig, VERSION
+* database towns table support for TFS 1.3 (@tobi132)
+* added enable_tinymce option to Pages editor
+
+### Fixed:
+* account login redirect with special chars (like '&' and '?')
+* black skull info at serverInfo (@tornadia)
+* set correct limit at lastkills page from config (anyeor from OtLand)
+* myaac_monsters table column loot problem (#79)
+* players column deleted install description (@gpedro, #91)
+* experience table being to wide and buggy on some templates (@tobi132, #90)
+* fix errors with .htaccess files
+* added index.html to prevent indexing the folder by mod_index
+
+### Changed:
+* Environment is now configurable by env setting (Significantly better load times with 'prod')
+* replace spells, monsters tables with JavaScript Sortable Tables - DataTables (@Leesneaks)
+* change default MySQL Storage Engine to InnoDB and Default Character Set to utf8
+* updated OTS_House class to support latest TFS 1.x (new columns)
+* updated monster images to the original ones from tibia.com
+* increased the minimum length (3 -> 4) and decreased the maximum length (25 -> 21) of the New Character Name (by @vankk)
+* use $db->exec instead of $db->query optimisation
+* move items from database to Cache_PHP (Much more faster load time)
+* allow simultaneous loading of config.ini and config.php in templates
+* updated copyright year and SSL link (@EPuncker, #88)
+* move commands, rules and downloads pages into database (@tobi132)
+* better view of guilds (new buttons, table look and feel) (@tobi132)
+* remove stupid alerts on account create
+* remove .dist extension from .htaccess
+
+### New Configurables (config.php)
+* env (Environment)
+* account_create_auto_login (Auto Login after Create Account - Registration)
+* account_create_character_create (Create Character directly on Create Account page) (@tobi132)
+* footer_show_load_time (display load time of the page in the footer)
+* database_socket (Connection via Unix Socket)
+* database_persistent (Database Persistent Connection)
+* database_log (Logging of Database Queries)
+* admin_panel_modules (Modules displayed in Admin Panel Dashboard)
+* status_timeout, status_interval
+* smtp_debug (More info about SMTP errors in error.log)
+* team_display_outfit (Display outfit of the team members on teams page)
+* highscores_balance (Display highscores by balance)
+* character_name_min/max_length (Minimum and maximum length of character name)
+* characters.deleted (display deleted characters on characters page)
+
+### Forum:
+* show image in full screen on click
+* show user avatar (outfit) in posts
+* replaced forum actions links (move, remove, edit, quote) with images
+* redirect directly to the thread on user login (on new reply)
+
+### Installer:
+* AJAX loader for the important stuff
+* create admin account: ask for e-mail + character name
+* load items & weapons
+* check user IP on install to prevent install by random user
+* remember status of the installation
+* remember language on first step (welcome)
+* ask user for timezone
+* auto detected browser language in select language
+
+### Plugins
+* sandbox for plugins, don't install when requirements are not satisfied
+* allow comments inside plugin json file (php style)
+* new require options for plugins: (look into example.json)
+	* require database version, table or column of the MyAAC schema
+	* require php-extension
+	* require semantic-version (like in composer.json)
+* new hooks: LOGIN, LOGIN_ATTEMPT, LOGOUT, HOOK_ACCOUNT_CREATE_*
+
+### Cache
+* php 7.x APCu cache support (faster cache engine)
+* new cache engine: plain PHP (is good with pure php 7.0+ and opcache)
+* cache lastkills.php, $db->hasTable, $db->hasColumn, hooks and template menus
+* stop using global $cache variable, use Singleton pattern instead
+
+### Twig
+* move pages to Twig templates: team, lastkills, serverinfo, houses, guilds.list, guild.view, admin.logs, admin.reports (@whiteblXK, @tobi132)
+* replace "$twig->render()" with "$this->display"
+* move Twig functions to separate file
+* move tibiacom boxes to Twig templates
+* allow Pages to be loaded as Twig template (this allows using Twig variables in Pages) (@tobi132)
+* allow string to be passed to hook twig function
+
+### Functions
+* config($key), configLua($key)
+* clearCache()
+* OTS_Account:
+	* getCountry()
+	* setLastLogin($lastlogin) (@Leesneaks)
+	* setWebFlags(webflags) (@Leesneaks)
+* OTS_Player:
+	* getAccountId()
+	* countBlessings() (@Leesneaks)
+	* checkBlessings($count) (@Leesneaks)
+* is_sub_dir (in system/libs/plugins.php)
+* Twig:
+	* getPlayerLink($name, $generate = true)
+* removed SQLquote and SQLquery from OTS_Base_DB
+* Add optional $params param into log_append (will log arrays) (@tobi132)
+
+### Internal
+* moved clients list to the new file (clients.conf.php)
+* changed tableExist and fieldExist to $db->hasTable(table) + $db->hasColumn(table, column)
+* changed deprecated $ots->createObject() functions with their OTS_ equivalents
+* add global helper config($key) function + twig binding
+	* use config() instead of global $config
+* remove unnecessary parentheses in include/require PHP functions
+* use __DIR__ instead of dirname(__FILE__) - since PHP 5.3.0
+* change intval() function to (int) casting (up to 6x faster)
+* add release.sh script (for GitHub releases)
+* use curl as alternative option for reporting install
+
+### Libraries
+* updated Twig to version v1.35.0
+* updated TinyMCE to version v4.7.4
+
+### Deprecations
+* change deprecated HTML <center> tag to <div style="text-align:center">
+* replace deprecated HTML <font> tag with <span>
+
+## [0.7.11 - 04.05.2019]
+### Added:
+* support for some old servers, where arrays are used in config.lua
+* an additional text to the install page informing that user can reinstall MyAAC by deleting config.local.php
+
+### Fixed:
+* XSS in forum show_thread
+* guilds - "Add new rank" function
+* multiple mail recipients when using admin mailer function
+* Admin Panel - MyAAC logs not shown if servers logs directory doesn't exist (#47)
+* missing prefix for cache get() and delete() functions
+* add fatal error message when myaac tables in database do not exist
+* the mystical defect where "Create Account" button was not highlighted (on the account/manage page)
+* bug where server_config table does not exist (OTHire as an example)
+* database_name in Usage_Statistics
+* forgot to open <head> in install template
+
+### Changed:
+* do not display software version
+
+## [0.7.10 - 03.03.2018]
+### Added:
+* new configurable: smtp_secure
+* robots.txt
+
+### Fixed:
+* editing an existing page that had php enabled
+* chrome bug on save (when editing page) ERR_BLOCKED_BY_XSS_AUDITOR
+* showing IP and Port in admin panel (#44, by miqueiaspenha)
+* deleting plugin showing "You don't have rights to delete"
+* some bug with PHPMailer not finding its language file
+* default accounts.vote value
+* saving some really high long ip addresses
+
+### Changed:
+* update config.highscores_ids_hidden on install when there are samples already in database
+* auto add z_polls table on install
+
+### Internal:
+* changed mb_strtolower functions to strtolower()
+* added new function: $hooks->exist($type)
+
+## [0.7.9 - 13.01.2018]
+	* removed 6mb of trash (some useless things)
+	* (fix) TFS 1.x not showing promoted vocations in highscores
+	* otserv 0.6.x: fixed some warning (on the characters page) and fatal mysql error (on the mango signature)
+	* fixed default stamina on otserv 0.6.x engine (and some others perhaps)
+	* install: change permission check to is_writable
+	* changed highscores_groups_hidden to 3 (for TFS 1.x)
+	* updated background-artwork (tibiacom template) to the latest version, removed other ones
+
+## [0.7.8 - 12.01.2018]
+	* fixed installation error " call to undefined method OTS_DB_MySQL::hasColumn()"
+	* updated tinymce to the latest (4.7.4) version
+	* enabled emoticons plugin in tinymce :)
+	* some security fixes
+
+## [0.7.7 - 08.01.2018]
+	* important fix for servers with promotion column (caused player.vocation to be resetted when saving player, for example: on change name, accept invite to guild, leave guild)
+	* immediately reload config.lua when there's change in config.server_path detected
+	* added new forum option: "Enable HTML" (only for moderators)
+	* fixed othire default column value (#26)
+	* fixed saving custom vocations in admin panel (#36)
+	* fixed warning in highscores when vocation doesn't exist
+	* fixed characters page - config.characters.frags "Notice: Use of undefined constant"
+	* fixed getBoolean function when boolean is passed
+	* fixed empty success message on leave guild
+	* fixed displaying premium account days
+	* function OTS_Account:getPremDays will now return -1 if there's freePremium configurable enabled on the server
+	* fixed tr bgcolor in characters view (Frags) (#38)
+	* fixed some warning in guild show
+	* fixed PHP warning about country not existing on online and characters pages
+	* fixed forum bbcode parsing
+	* don't add extra <br/> to the TinyMCE news forum posts
+	* (internal) using $player->getVocationName() where possible instead of older method
+
+## [0.7.6 - 05.01.2017]
+	* fixed othire account creating/installation
+	* fixed table name players -> players_online
+	* fixed unexpected error logging about email fail
+	* added max_execution_time to the install finish step
+	* some small fix regarding highscores vocation box
+
+## [0.7.5 - 04.01.2017]
+	* fixed bug on othire with config.account_premium_days
+	* fixed bug on TFS 1.x when online_afk is enabled
+	* warning about leaving news page with changes
+	* added player status to tibiacom top 5 highscores box
+	* save detected country on create account in session
+	* fixed getPremDays and isPremium functions (newest 11.x engines are bugged when it comes to PACC, its not fault of MyAAC)
+	* fix when there are no changelogs or highscores yet
+	* small fix regarding getTopPlayers function which was ignoring $limit variable
+	* fixed news adding when type != ARTICLE
+	* fixed template path finding
+	* fixed displaying article_text when it was empty saved
+
+## [0.7.4 - 24.12.2017]
+	* fixed mysql fatal error on tibiacom template - top 5 box
+	* fixed displaying of level percent bar on tibian signature
+	* inform user about Twig cache failure on installation, instead of http 500 error
+	* when dir system/cache is not writable by the webserver, then show some nice notice to the user about it instead of http 500 error
+	* remember client version select and usage stats checkbox in session on install
+	* automatically update highscores_ids_hidden for users who installed myaac before (migration)
+
+## [0.7.3 - 18.12.2017]
+	* auto generate myaac cache & session prefix on install to be unique across installations
+	* fixed hiding shop system menu on tibiacom template when disabled in config
+	* prevent adding duplicated newses with installation
+	* some changes to sample characters: chanced town_id to 1, posx: 1000, posy: 1000, posz: 1000 and default group_id to 1 so you can change in-game outfits and they will be used
+	* added version 772 constant to install client choose (OTHire)
+	* better solution for hidding samples (configurable) - highscores_ids_hidden
+	* fixed account.login redirect not working on tibiacom template
+	* installation: warn about wrong admin account name/id and password
+	* fixed last menu closing in tibiacom template
+	* updated polish locale (translation) on install
+	* (internal) removed some duplicated code on install finish
+	* (internal) renamed installation step files to be in correct order
+	* added TODO file
+
+## [0.7.1 - 13.12.2017]
+	* added changelog menu item to kathrine template
+	* fixed some php short tag in changelogs page
+	* fixed guild change description back button
+	* removed duplicated "Support List" menu item from tibiacom template
+	* changed some notice when version check is failed
+	* (internal) moved changelog to twig
+
+## [0.7.0 - 20.11.2017]
+	* moved template menus to database, they're now dynamically loaded
+	* added anonymous usage statistics reporting (only if user agrees, first usage report will be send after 7 days)
+	* you can edit them in Admin Panel under 'Menus' option
+	* you can also add custom links, like http://google.pl
+	* added networks (facebook and twitter) and highscores (top 5) boxes to tibiacom template, configurable in templates/tibiacom/config.php
+	* added news ticker for kathrine template
+	* added featured article to tibiacom template (you can add them with add news button)
+	* added tinymce editor to 'Pages' in admin panel
+	* added links to edit/delete/hide custom page directly from page
+	* update forum post after editing news (when forum post has been created)
+	* enabled code plugin for tinymce which enabled raw html code editing
+	* removed videos pages, as it can be easily added using custom Menus and Pages with insert Media
+	* removed bug_report configurable, its now enabled by default
+	* log some error info when mail cannot be send on account create
+	* twig getLink function will now return with full url (BASE_URL included)
+	* verify install post values directly on config page and display error
+	* updated tinymce to version 4.7.2 (from 4.7.0)
+	* updated phpmailer to version 5.2.26 (from 5.2.23)
+	* (#30) (fix) recovering account on servers that doesn't support salts
+	* (fix) account email confirm function
+	* (fix) showing changelog with urls in Admin Panel
+	* (fix) uninstalling plugin
+	* (fix) polls box in tibiacom template
+	* (fix) remove hooks from db on plugin deinstall
+	* (fix) some weird include possibilities with forum and account actions (verify action name)
+	* (fix) loading hooks from plugin installed from command line
+	* (fix) some changelog PHP Notice warning
+	* (internal) moved uninstall logic to Plugins class
+	* (internal) moved tibiacom boxes to separate directory
+	* (internal) moved news tickers to twig template
+	* (internal) moved Forum class to separate file
+	* (internal) moved deprecated functions to compat.php
+	* (internal) added some compat functions that are used by shop system
+	* (internal) renamed constant TICKET -> TICKER
+	* (internal) shortened message functions
+
+## [0.6.6 - 22.10.2017]
+	* fixed some php fatal error on spells page
+	* changed spells.vocations field in db size to 300
+	* please reload your spells after this update!
+
+## [0.6.5 - 21.10.2017]
+	* fixed displaying custom pages
+	* fixed adding new group forum board
+
+## [0.6.4 - 20.10.2017]
+	* reverted OTS_Account::getLastLogin() cause its used by tibia11-login plugin
+
+## [0.6.3 - 20.10.2017]
+	* fixed creating account
+	* fixed viewing thread without being logged
+	* fixed showing premium account status
+
+## [0.6.2 - 20.10.2017]
+	* added forums for guilds and groups
+	* added nice looking menu for my account page in default template
+	* new command line tool: install_plugin.php - can be used to install plugins from command line. Usage: "php install_plugin.php path_to_file"
+	* added new tooltip to view characters equipment item name and monster loot
+	* added items.xml loader class and weapons.xml loader class
+	* minimum PHP version to install AAC is now 5.3.0 cause of Anonymous functions used by Twig
+	* Added 'Are you sure?' popup when uninstalling plugin
+	* added some warnings when plugin json file is incomplete
+	* fixed showing in characters ban expires when is unlimited
+	* fixed displaying monster loot when item.name in loot is used instead of item.id
+	* load also runes into spells table
+	* display plugin uninstall option only if its possible
+	* after changing template you will be redirected to latest viewed page
+	* display gallery add image form only on main gallery page
+	* (internal) moved most of guilds html-in-php code to twig
+	* (internal) moved spells page to twig template
+	* (internal) removed useless spells.spell column that was duplicate of spells.words
+	* (internal) save monster loot in database in json format instead loading it every time from xml file
+	* (internal) store monster voices and immunities in json format
+	* (internal) moved buttons to separate template
+	* (internal) moved online search form to twig
+	* (internal) added new function getItemNameById($id)
+	* (internal) Moved plugin install logic to a new class: Plugins
+	* (internal) changed spells.vocations database field to store json data instead of comma separated
+	* (internal) removed $hook_types array, using defined() and constant() functions now
+	* (internal) removed useless monsters.gfx_name field from database
+	* (internal) renamed database field monsters.hide_creature to hidden
+	* (internal) renamed existing Items class to Items_Images
+	* (internal) optimized Spells class
+	* (internal) new function: OTS_Guild::hasMember(OTS_Player $player)
+	* (internal) new function: Forum::hasAccess($board_id)
+
+## [0.6.1 - 17.10.2017]
+	* fixed signatures loading
+	* new configurable: session_prefix, to allow more websites on one machine (must be unique for every website on your dedicated server!)
+	* better error handling for monsters and spells loader (save errors to system/logs/error.log)
+	* check if file exist before loading (monsters and spells)
+	* (internal) Account::getAccess() = Account::getGroupId()
+	* (internal) moved account actions (pages) to account/ directory
+	* (internal) moved forum actions (pages) to forum/ directory
+	* (internal) moved forum.edit_post to twig templates
+
+## [0.6.0 - 16.10.2017]
+	* added faq management - add/edit/move/hide/delete from website
+	* new account.login view for tibiacom template
+	* monsters and spells are now being loaded at the installation of the AAC
+	* fix for php versions under 5.5 where empty() function supported only variables
+	* added missing change email and change info buttons to account.management default template
+	* added new indicator icons for create account, create character and change character name
+	* fixed config loader when some inline comments are present
+	* fixed editing page in admin panel that contains some html code
+	* fixed forum new post on mac os and some specific mysql versions
+	* attempt to fix incorrect views counter behavior (its resetting to 0 in some cases)
+	* enabled cache http headers for signatures
+	* check if monster file exist before loading it
+	* fixed if plugin zip file name contains dot (.)
+	* renamed screenshots to gallery and movies to videos
+	* moved install pages to twig
+	* fixed Account::getGuildAccess function
+	* removed never used library from sources - dwoo
+	* moved check_* functions to class Validator
+	* from now all validators ajax requests will fire onblur instead of onkeyup
+	* ajax requests returns now json instead of xml
+	* added 404 response when file is not found
+
+## [0.5.1 - 11.10.2017]
+	* fixed forum add/edit board
+	* new configurable: highscores_length, how much highscores to display
+	* fixed highscores links (ALL, previous and next page)
+	* update templates cache when installing/uninstalling plugin
+	* moved character deaths and frags table generation to twig
+	* fixed some bug when you uninstall plugin and then try to install again on the same page
+	* check if plugin exist before uninstalling
+	* fixed some warning in OTS_Base_DB
+
+## [0.5.0 - 10.10.2017]
+	* moved .htaccess rules to plain php (index.php)
+	* updated tinymce to the latest (4.7.0) version, you can now embed code, for example youtube videos
+	* added option to uninstall plugin
+	* added option to require specified myaac, php or database version for plugins, without that plugin won't be installed
+	* change accountmanagement links to use friendly_urls
+	* fixed creating new forum thread
+	* sample characters are now assigned to admin account and have group_id 4 to not be shown on highscores
+	* added links loaded from database to admin panel - for future plugins
+	* print some info to error.log when can't find config.lua
+	* some fixes in account changecomment action
+	* show info when account name/number or password is empty on login
+	* fixed showing account login errors
+	* added few characters hooks
+	* fixed some kathrine template js bug when shop is disabled
+	* you can now use slash '/' in custom pages loaded from database
+	* added new twig function getLink that convert link taking into account config.friendly_urls
+	* internalLayoutLink -> getLink
+
+## [0.4.3 - 05.10.2017]
+	* better config loader taken from latest gesior, you can now include files in your config by doing dofile('config.local.lua')
+	* fixed country detection in create account
+	* fixed showing of character deaths and frags
+	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466303
+	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466313
+	* fixed rook sample, which will now have level 1, 150 health, 0 mana, and 400 cap.
+	* fixed samples being deleted by tfs 1.0+ cause of 'deletion' field set to 1
+	* pages loaded from database have higher priority than normal .php pages, so they will be loaded first if they exist
+	* moved many pages to twig templates
+	* change download client links from clients.halfaway.net to tibia-clients.com
+	* added bugtracker to kathrine template
+	* added CREDITS file
+
+## [0.4.2 - 14.09.2017]
+	* updated version number
+
+## [0.4.1 - 13.09.2017]
+	* fixed log in to admin panel
+	* fixed File is not .zip plugin upload error
+
+## [0.4.0 - 13.09.2017
+	* added option to add/edit/delete/hide/move forum boards
+	* moved some of HTML-in-PHP code to Twig templates
+	* added bug_report configurable which can enable/disable bug tracker
+	* log errors instead of showing them to users with system directories
+	* fix when $_SERVER['HTTP_ACCEPT_ENCODING'] is not set
+	* when it fails to load config.lua it will output error also to error.log
+	* automatically detect json file in .zip instead of basing on filename (admin panel - plugins)
+	* hopefully fixed the error with "The file you are trying to upload is not a .zip file. Please try again."
+	* fixed wrong name of table in bugtracker
+	* fixed some bugs in bugtracker
+	* added report bug link in templates
+	* fixed some rare error when user is logged in for longer than 15 minutes and tries to login again
+	* fixed some grammar errors
+	* some small improvements
+	* fixed some separators in kathrine template
+
+## [0.3.0 - 28.08.2017]
+	* added administration panel for screenshots management with auto thumbnail generator and image auto-resizing
+	* added Twig template engine and moved some html-in-php code to it
+	* automatically detect player country based on user location (IP) on create account
+	* player sex (gender) is now configurable at $config['genders']
+	* fixed recovering account and changing password when salt is enabled
+	* fixed installing samples when for example Rook Sample already exist and other samples not
+	* fixed some mysql error when character you trying to create already exist
+	* fixed some warning when you select nonexistent country
+	* password change minimal/maximal length notice is now more precise
+	* added 'enabled' field in myaac_hooks table, which can enable or disable specified hook
+	* removed DEFAULT '' for TEXT field. It didn't worked under some systems like MAC OS X.
+	* minimum PHP version to install the MyAAC is now 5.2.0 cause of pathinfo (extension) function
+	* removed unused admin stylish template
+	* removed some unused cities field from myaac_spells table
+	* moved news adding at installation from schema.sql to finish.php
+	* some optimizations
+
+## [0.2.4 - 09.06.2017]
+	* fixed invite to guild
+	* added id field on monsters, so you can delete them in phpmyadmin
+	* fixed adding some creatures with ' and "
+	* fixed when there are spaces at beginning of the file (creatures)
+	* fixed when file is unable to parse (creatures)
+	* fixed typo loss_items => loss_containers
+	* more elegant way of showing message on reload creatures and spells
+
+## [0.2.3 - 31.05.2017]
+	* fixed guild management on OTHire 0.0.3
+	* set default skills to 10 when creating new character
+	* fixed displaying of "Create forum thread" in newses
+	* fixed deleting guild on servers that use players.rank_id field
+	* fixed phpmailer class loading (https://otland.net/threads/myaac-v0-0-1.251454/page-8#post-2445222)
+	* fixed displaying vocation amount on online page
+	* better support for custom vocations, you just need to set in config vocations_amount to yours.
+	* fixed huge space in player name (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444328)
+	* fixed Undefined variable (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444034)
+	* fixed Undefined offset (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444035)
+
+## [0.2.2 - 22.05.2017]
+	* added missing cache/signature directory
+	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2443868
+
+## [0.2.1 - 21.05.2017]
+	* added Swedish translation by Sizaro
+	* fixed some bugs with installlation & characters & houses
+
+## [0.2.0 - 21.05.2017]
+	* added option to change character sex for premium points
+	* moved site_closed to database, now you can close your site through admin panel
+	* added option to admin panel: clear cache
+	* added experiencetable_rows configurable
+	* optimized OTS_Account->getGroupId(), now its using like 20 queries less
+	* optimized OTS_Player->load($id) function, should be much faster now
+	* fixed displaying on highscores special outfits
+	* fixed skull images displaying
+	* fixed displaying unlimited premium account
+	* fixed bug where players.lookaddons doesn't exist (OTHire etc.) (https://otland.net/threads/myaac-v0-0-1.251454/page-6#post-2442407)
+	* fixed signature tibian for OTHire and other servers that doesnt use accounts.premdays field
+	* fixed when player name in signature containst space
+	* don't show "Create forum thread" when editing
+	* fixed red color table after create account
+	* updated download links, as clients.halfaway.net isn't working anymore
+	* fixed some bugs while installing when field `email_next` or `hidden` already exist
+	* fixed movies unexpected comment
+	* added template_place_holder('center_top') to kathrine template
+
+## [0.1.5 - 13.05.2017]
+	* fixed bug with "Integrity constraint violation: 1048 Column 'ip' cannot be null"
+
+## [0.1.4 - 13.05.2017]
+	* added outfit shower, in characters, online, and highscores
+	* updated database to version 2
+	* fixed item images (now using item-images.ots.me host by default)
+	* fixed news ticket and posting long newses (https://otland.net/threads/myaac-v0-0-1.251454/page-5#post-2442026)
+	* news body limit increased to 65535 (mysql text field)
+	* removed some unused code from my old server
+	* added spells & monsters to kathrine template
+
+## [0.1.3 - 11.05.2017]
+	* this is just release to update version number
+
+## [0.1.2 - 11.05.2017]
+	* forgot to update CHANGELOG and MYAAC_VERSION
+
+## [0.1.1 - 11.05.2017]
+	* fixed updating myaac_config with database_version to 1
+	* fixed database updater
+
+## [0.1.0 - 11.05.2017]
+	* added new feature: change character name for premium points (disabled by default, you can enable it in config under account_change_character_name in config.php)
+	* added automatic database updater (data migrations)
+	* renamed events to hooks
+	* moved hooks to database
+	* now you can use hooks in plugins
+	* set account.type field to 5 on install, if TFS 1.0+
+	* added example plugin
+	* new, latest google analytics code
+	* fixed bug with loading account.name that has numbers in it
+	* fixed many bugs in player editor in admin panel
+	* added error handling to plugin manager and some more verification in
+	* file has been correctly unpacked/uploaded
+	* fixed Statistics page in admin panel when using account.number
+	* fixed bug when creating/recovering account on servers with
+	* account.salt field (TFS 0.3 for example)
+	* fixed forum showing thread with html tags (added from news manager)
+	* new, latest code for youtube videos in movies page
+	* fixed showing vocation images when using $config['online_vocations_images']
+	* many fixes in polls (also importing proper schema)
+	* fixed hovering on buttons in kathrine template (on accountmanagement page)
+	* fixed signatures (many fixes)
+	* added missing gesior signature system
+
+## [0.0.6 - 06.05.2017]
+	* fixed bug while installing (https://otland.net/threads/myaac-v0-0-1.251454/page-3#post-2440543)
+	* fixed bug when creating character (not showing errors) (one more time)
+	* fixed support for TFS 0.2 series
+	* added FAQ link
+
+## [0.0.5 - 05.05.2017]
+	* fixed bug when creating character (not showing errors)
+	* Fixed characters loading with names that has been created with other AAC
+	* fixed links to shop in default template
+	* fixed some weird PHP 7.1 warnings/notices
+	* Fixed config loading with some weird comments
+	* fixed bug with status info utf8 encoding (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440259)
+	* fixed when ip in log_action is NULL (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440357)
+	* fixed bug when guild doesn't exist on characters page (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440320)
+	* disabled friendly_urls by default
+	* fixes when $config['database_*'] is set
+	* added CHANGELOG
+
+## [0.0.3 - 03.05.2017]
+	* Full support for OTHire 0.0.3
+	* added support for otservers that doesn't use account.name field, instead just account number will be used
+	* fixed encryption detection on TFS 0.3
+	* fixed bug when server_config table doesn't exist
+	* (install) moved admin account creation to new step
+	* fixed news comment link
+	* by default, the installer creates now the Admin player, for admin account
+	* fixed installation errors
+	* fixed config.lua loading with some weird comments
+
+## [0.0.2 - 02.05.2017]
+	* updated forum links to use friendly_urls
+	* some more info will be shown when cannot connect to database
+	* show more error infos when creating character
+	* fixed forum link on newses
+	* fixed spells loading when there's vocation name instead of id
+	* fixed bug when you have changed template but it doesn't exist anymore
+	* fixed vocations with promotion loading
+	* fixed support for gesior pages and templates
+	* added function OTS_Acount:getGroupId()
+
+## [0.0.1 - 01.05.2017]
+	This is first official release of MyAAC.
+	Features are listed here
+
+	For more information, see the release announcement on OTLand: https://otland.net/threads/myaac-v0-0-1.251454/

README.md

@@ -23,7 +23,7 @@ Official website: https://my-aac.org
 	- MySQL database
 	- PDO PHP Extension
 	- XML PHP Extension
-	- (optional) ZIP PHP Extension
+	- ZIP PHP Extension
 	- (optional) mod_rewrite to use friendly_urls
 
 ### Installation

admin/index.php

@@ -1,10 +1,9 @@
 <?php
-
 // few things we'll need
 require '../common.php';
 
-const ADMIN_PANEL = true;
-const MYAAC_ADMIN = true;
+define('ADMIN_PANEL', true);
+define('MYAAC_ADMIN', true);
 
 if(file_exists(BASE . 'config.local.php')) {
 	require_once BASE . 'config.local.php';
@@ -19,8 +18,8 @@ if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['i
 $content = '';
 
 // validate page
-$page = $_GET['p'] ?? '';
-if(empty($page) || preg_match("/[^a-zA-Z0-9_\-\/.]/", $page))
+$page = isset($_GET['p']) ? $_GET['p'] : '';
+if(empty($page) || preg_match("/[^a-zA-Z0-9_\-]/", $page))
 	$page = 'dashboard';
 
 $page = strtolower($page);
@@ -29,11 +28,6 @@ define('PAGE', $page);
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
 
-// verify myaac tables exists in database
-if(!$db->hasTable('myaac_account_actions')) {
-	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
-}
-
 if(config('env') === 'dev') {
 	ini_set('display_errors', 1);
 	ini_set('display_startup_errors', 1);
@@ -48,40 +42,30 @@ $hooks->load();
 require SYSTEM . 'status.php';
 require SYSTEM . 'login.php';
 require SYSTEM . 'migrate.php';
-require __DIR__ . '/includes/functions.php';
+require ADMIN . 'includes/functions.php';
 
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
 
-if (ACTION == 'logout') {
-	require SYSTEM . 'logout.php';
-}
-
 // if we're not logged in - show login box
 if(!$logged || !admin()) {
 	$page = 'login';
 }
 
 // include our page
-$file = __DIR__ . '/pages/' . $page . '.php';
+$file = ADMIN . 'pages/' . $page . '.php';
 if(!@file_exists($file)) {
-	if (strpos($page, 'plugins/') !== false) {
-		$file = BASE . $page;
-	}
-	else {
-		$page = '404';
-		$file = SYSTEM . 'pages/404.php';
-	}
+	$page = '404';
+	$file = SYSTEM . 'pages/404.php';
 }
 
 ob_start();
-if($hooks->trigger(HOOK_ADMIN_BEFORE_PAGE)) {
-	require $file;
-}
+include($file);
 
 $content .= ob_get_contents();
 ob_end_clean();
 
 // template
 $template_path = 'template/';
-require __DIR__ . '/' . $template_path . 'template.php';
+require ADMIN . $template_path . 'template.php';
+

admin/pages/changelog.php

@@ -1,139 +1,26 @@
 <?php
 /**
- * CHANGELOG modifier
+ * CHANGELOG viewer
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @author    Lee
- * @copyright 2020 MyAAC
+ * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
+$title = 'MyAAC Changelog';
 
-if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
-	echo 'Access denied.';
+if (!file_exists(BASE . 'CHANGELOG.md')) {
+	echo 'File CHANGELOG.md doesn\'t exist.';
 	return;
 }
 
-$title = 'Changelog';
-$use_datatable = true;
-const CL_LIMIT = 600; // maximum changelog body length
-?>
+require LIBS . 'Parsedown.php';
 
-<link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
-<script src="<?php echo BASE_URL; ?>tools/js/jquery.datetimepicker.js"></script>
-<?php
-$id = $_GET['id'] ?? 0;
-require_once LIBS . 'changelog.php';
+$changelog = file_get_contents(BASE . 'CHANGELOG.md');
 
-if(!empty($action))
-{
-	$id = $_REQUEST['id'] ?? null;
-	$body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null;
-	$create_date = isset($_REQUEST['createdate']) ? (int)strtotime($_REQUEST['createdate'] ): null;
-	$player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null;
-	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null;
-	$where = isset($_REQUEST['where']) ? (int)$_REQUEST['where'] : null;
+$Parsedown = new Parsedown();
 
-	$errors = array();
+$changelog = $Parsedown->text($changelog); # prints: <p>Hello <em>Parsedown</em>!</p>
 
-	if($action == 'new') {
-
-		if(isset($body) && Changelog::add($body, $type, $where, $player_id, $create_date, $errors)) {
-			$body = '';
-			$type = $where = $player_id = $create_date = 0;
-
-			success("Added successful.");
-		}
-	}
-	else if($action == 'delete') {
-		Changelog::delete($id, $errors);
-		success("Deleted successful.");
-	}
-	else if($action == 'edit')
-	{
-		if(isset($id) && !isset($body)) {
-			$cl = Changelog::get($id);
-			$body = $cl['body'];
-			$type = $cl['type'];
-			$where = $cl['where'];
-			$create_date = $cl['date'];
-			$player_id = $cl['player_id'];
-		}
-		else {
-			if(Changelog::update($id, $body, $type, $where, $player_id, $create_date,$errors)) {
-				$action = $body = '';
-				$type = $where = $player_id = $create_date = 0;
-
-				success("Updated successful.");
-			}
-		}
-	}
-	else if($action == 'hide') {
-		Changelog::toggleHidden($id, $errors, $status);
-		success(($status == 1 ? 'Show' : 'Hide') . " successful.");
-	}
-
-	if(!empty($errors))
-		error(implode(", ", $errors));
-}
-
-$changelogs = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'changelog' . '` ORDER BY `id` DESC')->fetchAll();
-
-$i = 0;
-
-$log_type = [
-	['id' => 1, 'icon' => 'added'],
-	['id' => 2, 'icon' => 'removed'],
-	['id' => 3, 'icon' => 'changed'],
-	['id' => 4, 'icon' => 'fixed'],
-];
-
-$log_where = [
-	['id' => 1, 'icon' => 'server'],
-	['id' => 2, 'icon' => 'website'],
-];
-
-foreach($changelogs as $key => &$log)
-{
-	$log['type'] = getChangelogType($log['type']);
-	$log['where'] = getChangelogWhere($log['where']);
-}
-
-if($action == 'edit' || $action == 'new') {
-	if($action == 'edit') {
-		$player = new OTS_Player();
-		$player->load($player_id);
-	}
-
-	$account_players = $account_logged->getPlayersList();
-	$account_players->orderBy('group_id', POT::ORDER_DESC);
-	$twig->display('admin.changelog.form.html.twig', array(
-		'action' => $action,
-		'cl_link_form' => constant('ADMIN_URL').'?p=changelog&action=' . ($action == 'edit' ? 'edit' : 'new'),
-		'cl_id' => $id ?? null,
-		'body' => isset($body) ? escapeHtml($body) : '',
-		'create_date' => $create_date ?? '',
-		'player_id' => $player_id ?? null,
-		'account_players' => $account_players,
-		'type' => $type ?? 0,
-		'where' => $where ?? 0,
-		'log_type' => $log_type,
-		'log_where' => $log_where,
-	));
-}
-$twig->display('admin.changelog.html.twig', array(
-	'changelogs' => $changelogs,
-));
-
-?>
-<script>
-	$(document).ready(function () {
-		$('#createdate').datetimepicker({format: "M d Y, H:i:s",});
-
-		$('.tb_datatable').DataTable({
-			"order": [[0, "desc"]],
-			"columnDefs": [{targets: [1, 2,4,5],orderable: false}]
-		});
-	});
-</script>
+echo '<div>' . $changelog . '</div>';

admin/pages/clmd.php

@@ -1,25 +0,0 @@
-<?php
-/**
- * CHANGELOG viewer
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @author    Lee
- * @copyright 2020 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-$title = 'MyAAC Changelog';
-
-if (!file_exists(BASE . 'CHANGELOG.md')) {
-	echo 'File CHANGELOG.md doesn\'t exist.';
-	return;
-}
-
-$changelog = file_get_contents(BASE . 'CHANGELOG.md');
-
-$Parsedown = new Parsedown();
-
-$changelog = $Parsedown->text($changelog); # prints: <p>Hello <em>Parsedown</em>!</p>
-
-echo '<div>' . $changelog . '</div>';

admin/pages/dashboard.php

@@ -19,10 +19,8 @@ if (isset($_GET['clear_cache'])) {
 }
 
 if (isset($_GET['maintenance'])) {
-	$message = (!empty($_POST['message']) ? $_POST['message'] : null);
-	$_status = (isset($_POST['status']) && $_POST['status'] == 'true');
-	$_status = ($_status ? '0' : '1');
-
+	$_status = (int)$_POST['status'];
+	$message = $_POST['message'];
 	if (empty($message)) {
 		error('Message cannot be empty.');
 	} else if (strlen($message) > 255) {
@@ -47,16 +45,47 @@ $tmp = '';
 if (fetchDatabaseConfig('site_closed_message', $tmp))
 	$closed_message = $tmp;
 
+$query = $db->query('SELECT count(*) as `how_much` FROM `accounts`;');
+$query = $query->fetch();
+$total_accounts = $query['how_much'];
+
+$query = $db->query('SELECT count(*) as `how_much` FROM `players`;');
+$query = $query->fetch();
+$total_players = $query['how_much'];
+
+$query = $db->query('SELECT count(*) as `how_much` FROM `guilds`;');
+$query = $query->fetch();
+$total_guilds = $query['how_much'];
+
+$query = $db->query('SELECT count(*) as `how_much` FROM `houses`;');
+$query = $query->fetch();
+$total_houses = $query['how_much'];
+
+$twig->display('admin.statistics.html.twig', array(
+	'total_accounts' => $total_accounts,
+	'total_players' => $total_players,
+	'total_guilds' => $total_guilds,
+	'total_houses' => $total_houses
+));
+
+$twig->display('admin.dashboard.html.twig', array(
+	'is_closed' => $is_closed,
+	'closed_message' => $closed_message,
+	'status' => $status,
+	'account_type' => USE_ACCOUNT_NAME ? 'name' : 'number'
+));
+
+echo '<div class="row">';
+
 $configAdminPanelModules = config('admin_panel_modules');
-if (isset($configAdminPanelModules)) {
-	echo '<div class="row">';
+if(isset($configAdminPanelModules))
 	$configAdminPanelModules = explode(',', $configAdminPanelModules);
-	$twig_loader->prependPath(__DIR__ . '/modules/templates');
-	foreach ($configAdminPanelModules as $box) {
-		$file = __DIR__ . '/modules/' . $box . '.php';
-		if (file_exists($file)) {
-			include($file);
-		}
+
+$twig_loader->prependPath(__DIR__ . '/modules/templates');
+foreach($configAdminPanelModules as $box) {
+	$file = __DIR__ . '/modules/' . $box . '.php';
+	if(file_exists($file)) {
+		include($file);
 	}
-echo '</div>';
 }
+echo '</div>';

admin/pages/items.php

@@ -0,0 +1,35 @@
+<?php
+/**
+ * Load items.xml
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Load items.xml';
+
+require_once LIBS . 'items.php';
+require_once LIBS . 'weapons.php';
+
+$twig->display('admin.items.html.twig');
+
+$reload = isset($_REQUEST['reload']) && (int)$_REQUEST['reload'] === 1;
+if ($reload) {
+	$items_start_time = microtime(true);
+	if (Items::loadFromXML(true)) {
+		success('Successfully loaded items (in ' . round(microtime(true) - $items_start_time, 4) . ' seconds).');
+	}
+	else {
+		error(Items::getError());
+	}
+
+	$weapons_start_time = microtime(true);
+	if (Weapons::loadFromXML(true)) {
+		success('Successfully loaded weapons (in ' . round(microtime(true) - $weapons_start_time, 4) . ' seconds).');
+	}
+	else {
+		error(Weapons::getError());
+	}
+}

admin/pages/login.php

@@ -9,16 +9,18 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Login';
-
-require PAGES . 'account/login.php';
-if ($logged) {
-	header('Location: ' . (admin() ? ADMIN_URL : BASE_URL));
-	return;
+$logout = '';
+if ($action == 'logout') {
+	$logout = "You have  been logged out!";
 }
 
-$twig->display('admin.login.html.twig', [
-	'logout' => (ACTION == 'logout' ? 'You have  been logged out!'  : ''),
+if (isset($errors)) {
+	foreach ($errors as $error) {
+		error($error);
+	}
+}
+
+$twig->display('admin.login.html.twig', array(
+	'logout' => $logout,
 	'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
-	'account_login_by' => getAccountLoginByLabel(),
-	'errors' => $errors ?? ''
-]);
+));

admin/pages/logs.php

@@ -4,56 +4,56 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2020 MyAAC
+ * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Logs Viewer';
-$use_datatable = true;
 
 $files = array();
 $aac_path_logs = BASE . 'system/logs/';
 foreach (scandir($aac_path_logs, SCANDIR_SORT_ASCENDING) as $f) {
-	if ($f[0] === '.' || is_dir($aac_path_logs . $f) || $f === 'index.html') {
-		continue;
-	}
+    if ($f[0] === '.' || is_dir($aac_path_logs . $f)) {
+	    continue;
+    }
 
-	$files[] = array($f, $aac_path_logs);
+    $files[] = array($f, $aac_path_logs);
 }
 
 $server_path_logs = $config['server_path'] . 'logs/';
 if (!file_exists($server_path_logs)) {
-	$server_path_logs = $config['data_path'] . 'logs/';
+    $server_path_logs = $config['data_path'] . 'logs/';
 }
 
 if (file_exists($server_path_logs)) {
-	foreach (scandir($server_path_logs, SCANDIR_SORT_ASCENDING) as $f) {
-		if ($f[0] === '.') {
-			continue;
-		}
+    foreach (scandir($server_path_logs, SCANDIR_SORT_ASCENDING) as $f) {
+        if ($f[0] === '.') {
+	        continue;
+        }
 
-		if (is_dir($server_path_logs . $f)) {
-			foreach (scandir($server_path_logs . $f, SCANDIR_SORT_ASCENDING) as $f2) {
-				if ($f2[0] === '.') {
-					continue;
-				}
+        if (is_dir($server_path_logs . $f)) {
+            foreach (scandir($server_path_logs . $f, SCANDIR_SORT_ASCENDING) as $f2) {
+                if ($f2[0] === '.') {
+	                continue;
+                }
 
-				$files[] = array($f . '/' . $f2, $server_path_logs);
-			}
+                $files[] = array($f . '/' . $f2, $server_path_logs);
+            }
 
-			continue;
-		}
+            continue;
+        }
 
-		$files[] = array($f, $server_path_logs);
-	}
+        $files[] = array($f, $server_path_logs);
+    }
 }
 
 foreach ($files as &$f) {
-	$f['mtime'] = filemtime($f[1] . $f[0]);
-	$f['name'] = $f[0];
+    $f['mtime'] = filemtime($f[1] . $f[0]);
+    $f['name'] = $f[0];
 }
 unset($f);
 
+$twig->display('admin.logs.html.twig', array('files' => $files));
 
 define('EXIST_NONE', 0);
 define('EXIST_SERVER_LOG', 1);
@@ -72,12 +72,10 @@ if (!empty($file)) {
 		}
 
 		if ($exist !== EXIST_NONE) {
-			$file_content = nl2br(file_get_contents(($exist === EXIST_SERVER_LOG ? $server_path_logs : $aac_path_logs) . $file));
-			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $file_content));
+			$content = nl2br(file_get_contents(($exist === EXIST_SERVER_LOG ? $server_path_logs : $aac_path_logs) . $file));
+			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $content));
 		}
 	} else {
 		echo 'Invalid file name specified.';
 	}
-}
-
-$twig->display('admin.logs.html.twig', array('files' => $files));
+}

admin/pages/mailer.php

@@ -15,69 +15,55 @@ if (!hasFlag(FLAG_CONTENT_MAILER) && !superAdmin()) {
 	return;
 }
 
-if (!config('mail_enabled')) {
-	echo 'Mail support disabled in config.';
+if (!$config['mail_enabled']) {
+	echo 'Mail support disabled.';
 	return;
 }
 
-$mail_to = isset($_REQUEST['mail_to']) ? stripslashes(trim($_REQUEST['mail_to'])) : null;
-$mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : null;
-$mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : null;
+$mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : NULL;
+$mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : NULL;
+$preview = isset($_REQUEST['preview']);
 
-if (isset($_POST['submit'])) {
-	if (empty($mail_subject)) {
-		warning('Please enter subject of the message.');
-	}
+$preview_done = false;
+if ($preview) {
+	if (!empty($mail_content) && !empty($mail_subject)) {
+		$preview_done = _mail($account_logged->getCustomField('email'), $mail_subject, $mail_content);
 
-	if (empty($mail_content)) {
-		warning('Please enter content of the message.');
-	}
-}
-if (!empty($mail_to)) {
-	if(!Validator::email($mail_to)) {
-		warning('E-Mail is invalid.');
-	}
-	else {
-		if (!empty($mail_content) && !empty($mail_subject)) {
-			if (_mail($mail_to, $mail_subject, $mail_content)) {
-				success("Successfully mailed <strong>$mail_to</strong>");
-			}
-			else {
-				error("Error while sending mail to <strong>$mail_to</strong>. More info can be found in system/logs/mailer-error.log");
-			}
-		}
+		if (!$preview_done)
+			error('Error while sending preview mail. More info can be found in system/logs/mailer-error.log');
 	}
 }
 
-if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
-	$success = 0;
-	$failed = 0;
 
-	$add = '';
-	if (config('account_mail_verify')) {
-		note('Note: Sending only to users with verified E-Mail.');
-		$add = ' AND `email_verified` = 1';
-	}
-
-	$query = $db->query('SELECT `email` FROM `accounts` WHERE `email` != ""' . $add);
-	foreach ($query as $email) {
-		if (_mail($email['email'], $mail_subject, $mail_content)) {
-			$success++;
-		}
-		else {
-			$failed++;
-			echo '<br />';
-			error('An error occorred while sending email to <b>' . $email['email'] . '</b>. For Admin: More info can be found in system/logs/mailer-error.log');
-		}
-	}
-
-	success('Mailing finished.');
-	success("$success emails delivered.");
-	warning("$failed emails failed.");
-}
-
-$twig->display('admin.mailer.html.twig', [
-	'mail_to' => $mail_to,
+$twig->display('admin.mailer.html.twig', array(
 	'mail_subject' => $mail_subject,
-	'mail_content' => $mail_content
-]);
+	'mail_content' => $mail_content,
+	'preview_done' => $preview_done
+));
+
+if (empty($mail_content) || empty($mail_subject) || $preview)
+	return;
+
+$success = 0;
+$failed = 0;
+
+$add = '';
+if ($config['account_mail_verify']) {
+	note('Note: Sending only to users with verified E-Mail.');
+	$add = ' AND ' . $db->fieldName('email_verified') . ' = 1';
+}
+
+$query = $db->query('SELECT ' . $db->fieldName('email') . ' FROM ' . $db->tableName('accounts') . ' WHERE ' . $db->fieldName('email') . ' != ""' . $add);
+foreach ($query as $email) {
+	if (_mail($email['email'], $mail_subject, $mail_content))
+		$success++;
+	else {
+		$failed++;
+		echo '<br />';
+		error('An error occorred while sending email to <b>' . $email['email'] . '</b>. For Admin: More info can be found in system/logs/mailer-error.log');
+	}
+}
+
+success('Mailing finished.');
+success("$success emails delivered.");
+warning("$failed emails failed.");

admin/pages/mass_account.php

@@ -1,215 +0,0 @@
-<?php
-
-/**
- * Account Admin Tool
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @author    Lee
- * @copyright 2020 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-
-$title = 'Mass Account Actions';
-
-$hasCoinsColumn = $db->hasColumn('accounts', 'coins');
-$hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
-$freePremium = $config['lua']['freePremium'];
-
-function admin_give_points($points)
-{
-	global $db, $hasPointsColumn;
-
-	if (!$hasPointsColumn) {
-		displayMessage('Points not supported.');
-		return;
-	}
-
-	$statement = $db->prepare('UPDATE `accounts` SET `premium_points` = `premium_points` + :points');
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return;
-	}
-
-	if (!$statement->execute([
-		'points' => $points
-	])) {
-		displayMessage('Failed to add points.');
-		return;
-	}
-	displayMessage($points . ' points added to all accounts.', true);
-}
-
-function admin_give_coins($coins)
-{
-	global $db, $hasCoinsColumn;
-
-	if (!$hasCoinsColumn) {
-		displayMessage('Coins not supported.');
-		return;
-	}
-
-	$statement = $db->prepare('UPDATE `accounts` SET `coins` = `coins` + :coins');
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return;
-	}
-
-	if (!$statement->execute([
-		'coins' => $coins
-	])) {
-		displayMessage('Failed to add coins.');
-		return;
-	}
-
-	displayMessage($coins . ' coins added to all accounts.', true);
-}
-
-function query_add_premium($column, $value_query, $condition_query = '1=1', $params = [])
-{
-	global $db;
-
-	$statement = $db->prepare("UPDATE `accounts` SET `{$column}` = $value_query WHERE $condition_query");
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return false;
-	}
-
-	if (!$statement->execute($params)) {
-		displayMessage('Failed to add premium days.');
-		return false;
-	}
-
-	return true;
-}
-
-function admin_give_premdays($days)
-{
-	global $db, $freePremium;
-
-	if ($freePremium) {
-		displayMessage('Premium days not supported. Free Premium enabled.');
-		return;
-	}
-
-	$value = $days * 86400;
-	$now = time();
-	// othire
-	if ($db->hasColumn('accounts', 'premend')) {
-		// append premend
-		if (query_add_premium('premend', '`premend` + :value', '`premend` > :now', ['value' => $value, 'now' => $now])) {
-			// set premend
-			if (query_add_premium('premend', ':value', '`premend` <= :now', ['value' => $now + $value, 'now' => $now])) {
-				displayMessage($days . ' premium days added to all accounts.', true);
-				return;
-			} else {
-				displayMessage('Failed to execute set query.');
-				return;
-			}
-		} else {
-			displayMessage('Failed to execute append query.');
-			return;
-		}
-
-		return;
-	}
-
-	// tfs 0.x
-	if ($db->hasColumn('accounts', 'premdays')) {
-		// append premdays
-		if (query_add_premium('premdays', '`premdays` + :value', '1=1', ['value' => $days])) {
-			// append lastday
-			if (query_add_premium('lastday', '`lastday` + :value', '`lastday` > :now', ['value' => $value, 'now' => $now])) {
-				// set lastday
-				if (query_add_premium('lastday', ':value', '`lastday` <= :now', ['value' => $now + $value, 'now' => $now])) {
-					displayMessage($days . ' premium days added to all accounts.', true);
-					return;
-				} else {
-					displayMessage('Failed to execute set query.');
-					return;
-				}
-
-				return;
-			} else {
-				displayMessage('Failed to execute append query.');
-				return;
-			}
-		} else {
-			displayMessage('Failed to execute set days query.');
-			return;
-		}
-
-		return;
-	}
-
-	// tfs 1.x
-	if ($db->hasColumn('accounts', 'premium_ends_at')) {
-		// append premium_ends_at
-		if (query_add_premium('premium_ends_at', '`premium_ends_at` + :value', '`premium_ends_at` > :now', ['value' => $value, 'now' => $now])) {
-			// set premium_ends_at
-			if (query_add_premium('premium_ends_at', ':value', '`premium_ends_at` <= :now', ['value' => $now + $value, 'now' => $now])) {
-				displayMessage($days . ' premium days added to all accounts.', true);
-				return;
-			} else {
-				displayMessage('Failed to execute set query.');
-				return;
-			}
-		} else {
-			displayMessage('Failed to execute append query.');
-			return;
-		}
-
-		return;
-	}
-
-	displayMessage('Premium Days not supported.');
-}
-
-if (isset($_POST['action']) && $_POST['action']) {
-
-	$action = $_POST['action'];
-
-	if (preg_match("/[^A-z0-9_\-]/", $action)) {
-		displayMessage('Invalid action.');
-	} else {
-		$value = isset($_POST['value']) ? intval($_POST['value']) : 0;
-
-		if (!$value) {
-			displayMessage('Please fill all inputs');
-		} else {
-			switch ($action) {
-				case 'give-points':
-					admin_give_points($value);
-					break;
-				case 'give-coins':
-					admin_give_coins($value);
-					break;
-				case 'give-premdays':
-					admin_give_premdays($value);
-					break;
-				default:
-					displayMessage('Action ' . $action . 'not found.');
-			}
-		}
-	}
-}
-else {
-	$twig->display('admin.tools.account.html.twig', array(
-		'hasCoinsColumn' => $hasCoinsColumn,
-		'hasPointsColumn' => $hasPointsColumn,
-		'freePremium' => $freePremium,
-	));
-}
-
-function displayMessage($message, $success = false) {
-	global $twig, $hasCoinsColumn, $hasPointsColumn, $freePremium;
-
-	$success ? success($message): error($message);
-
-	$twig->display('admin.tools.account.html.twig', array(
-		'hasCoinsColumn' => $hasCoinsColumn,
-		'hasPointsColumn' => $hasPointsColumn,
-		'freePremium' => $freePremium,
-	));
-}

admin/pages/mass_teleport.php

@@ -1,116 +0,0 @@
-<?php
-/**
- * Teleport Admin Tool
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @author    Lee
- * @copyright 2020 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-
-$title = 'Mass Teleport Actions';
-
-function admin_teleport_position($x, $y, $z) {
-	global $db;
-	$statement = $db->prepare('UPDATE `players` SET `posx` = :x, `posy` = :y, `posz` = :z');
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return;
-	}
-
-	if (!$statement->execute([
-		'x' => $x, 'y' => $y, 'z' => $z
-	])) {
-		displayMessage('Failed to execute query.');
-		return;
-	}
-
-	displayMessage('Player\'s position updated.', true);
-}
-
-function admin_teleport_town($town_id) {
-	global $db;
-	$statement = $db->prepare('UPDATE `players` SET `town_id` = :town_id');
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return;
-	}
-
-	if (!$statement->execute([
-		'town_id' => $town_id
-	])) {
-		displayMessage('Failed to execute query.');
-		return;
-	}
-
-	displayMessage('Player\'s town updated.', true);
-}
-
-if (isset($_POST['action']) && $_POST['action'])    {
-
-	$action = $_POST['action'];
-
-	if (preg_match("/[^A-z0-9_\-]/", $action)) {
-		displayMessage('Invalid action.');
-	} else {
-
-		$playersOnline = 0;
-		if($db->hasTable('players_online')) {// tfs 1.0
-			$query = $db->query('SELECT count(*) AS `count` FROM `players_online`');
-		} else {
-			$query = $db->query('SELECT count(*) AS `count` FROM `players` WHERE `players`.`online` > 0');
-		}
-
-		$playersOnline = $query->fetch(PDO::FETCH_ASSOC);
-		if ($playersOnline['count'] > 0) {
-			displayMessage('Please, close the server before execute this action otherwise players will not be affected.');
-			return;
-		}
-
-		$town_id = isset($_POST['town_id']) ? intval($_POST['town_id']) : null;
-		$posx = isset($_POST['posx']) ? intval($_POST['posx']) : null;
-		$posy = isset($_POST['posy']) ? intval($_POST['posy']) : null;
-		$posz = isset($_POST['posz']) ? intval($_POST['posz']) : null;
-		$to_temple = $_POST['to_temple'] ?? null;
-
-		switch ($action) {
-			case 'set-town':
-				if (!$town_id) {
-					displayMessage('Please fill all inputs');
-					return;
-				}
-
-				if (!isset($config['towns'][$town_id])) {
-					displayMessage('Specified town does not exist');
-					return;
-				}
-
-				admin_teleport_town($town_id);
-				break;
-			case 'set-position':
-				if (!$to_temple &&  ($posx < 0 || $posx > 65535 || $posy < 0 || $posy > 65535|| $posz < 0 || $posz > 16)) {
-					displayMessage('Invalid Position');
-					return;
-				}
-
-				admin_teleport_position($posx, $posy, $posz);
-				break;
-			default:
-				displayMessage('Action ' . $action . 'not found.');
-		}
-	}
-
-}
-else {
-	$twig->display('admin.tools.teleport.html.twig', array());
-}
-
-
-function displayMessage($message, $success = false) {
-	global $twig;
-
-	$success ? success($message): error($message);
-	$twig->display('admin.tools.teleport.html.twig', array());
-}

admin/pages/menus.php

@@ -63,70 +63,64 @@ if (isset($_REQUEST['template'])) {
 		return;
 	}
 
-	$title = 'Menus - ' . $template;
-	?>
-	<div align="center" class="text-center">
-		<p class="note">You are editing: <?= $template ?><br/><br/>
-			Hint: You can drag menu items.<br/>
-			Hint: Add links to external sites using: <b>http://</b> or <b>https://</b> prefix.<br/>
-			Not all templates support blank and colorful links.
-		</p>
-	</div>
-	<?php
+	echo 'Hint: You can drag menu items.<br/>
+	Hint: Add links to external sites using: <b>http://</b> or <b>https://</b> prefix.<br/>
+	Not all templates support blank and colorful links.<br/><br/>
+    <div class="row">';
 	$menus = array();
 	$menus_db = $db->query('SELECT `name`, `link`, `blank`, `color`, `category`, `ordering` FROM `' . TABLE_PREFIX . 'menu` WHERE `enabled` = 1 AND `template` = ' . $db->quote($template) . ' ORDER BY `ordering` ASC;')->fetchAll();
 	foreach ($menus_db as $menu) {
 		$menus[$menu['category']][] = array('name' => $menu['name'], 'link' => $menu['link'], 'blank' => $menu['blank'], 'color' => $menu['color'], 'ordering' => $menu['ordering']);
 	}
+
 	$last_id = array();
-	?>
-	<form method="post" id="menus-form" action="?p=menus">
-		<input type="hidden" name="template" value="<?php echo $template ?>"/>
-		<div class="row">
-			<?php foreach ($config['menu_categories'] as $id => $cat): ?>
-				<div class="col-md-12 col-lg-6">
-					<div class="card card-info card-outline">
-						<div class="card-header">
-							<h5 class="m-0"><?php echo $cat['name'] ?> <i class="far fa-plus-square add-button" id="add-button-<?php echo $id ?>"></i></h5>
-						</div>
-						<div class="card-body">
-							<ul class="sortable" id="sortable-<?php echo $id ?>">
-								<?php
-								if (isset($menus[$id])) {
-									$i = 0;
-									foreach ($menus[$id] as $menu):
-										?>
-										<li class="ui-state-default" id="list-<?php echo $id ?>-<?php echo $i ?>"><label>Name:</label> <input type="text" name="menu[<?php echo $id ?>][]" value="<?php echo escapeHtml($menu['name']); ?>"/>
-											<label>Link:</label> <input type="text" name="menu_link[<?php echo $id ?>][]" value="<?php echo $menu['link'] ?>"/>
-											<input type="hidden" name="menu_blank[<?php echo $id ?>][]" value="0"/>
-											<label><input class="blank-checkbox" type="checkbox" <?php echo($menu['blank'] == 1 ? 'checked' : '') ?>/><span title="Open in New Window">New Window</span></label>
-											<input class="color-picker" type="text" name="menu_color[<?php echo $id ?>][]" value="<?php echo (empty($menu['color']) ? ($config['menu_default_color'] ?? '#ffffff') : $menu['color']); ?>"/>
-											<a class="remove-button" id="remove-button-<?php echo $id ?>-<?php echo $i ?>"><i class="fas fa-trash"></a></i></li>
-										<?php $i++; $last_id[$id] = $i;
-									endforeach;
-								} ?>
-							</ul>
-						</div>
-					</div>
-				</div>
-			<?php endforeach ?>
-		</div>
-		<div class="row pb-2">
-			<div class="col-md-12">
-				<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> Save</button>
-				<?php
-				echo '<button type="button" class="btn btn-danger float-right" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus\';"><i class="fas fa-cancel"></i> Cancel</button>';
-				?>
-			</div>
-		</div>
-	</form>
-	<?php
+	echo '<form method="post" id="menus-form" action="?p=menus">';
+	echo '<input type="hidden" name="template" value="' . $template . '"/>';
+	foreach ($config['menu_categories'] as $id => $cat) {
+		echo '        <div class="col-md-12 col-lg-6">
+            <div class="box box-danger">
+                <div class="box-header with-border">
+                    <h3 class="box-title">' . $cat['name'] . ' <img class="add-button" id="add-button-' . $id . '" src="' . BASE_URL . 'images/plus.png" width="16" height="16"/></h3>
+                </div>
+                <div class="box-body">';
+
+
+		echo '<ul class="sortable" id="sortable-' . $id . '">';
+		if (isset($menus[$id])) {
+			$i = 0;
+			foreach ($menus[$id] as $menu) {
+				echo '<li class="ui-state-default" id="list-' . $id . '-' . $i . '"><label>Name:</label><input type="text" name="menu[' . $id . '][]" value="' . escapeHtml($menu['name']) . '"/>
+				<label>Link:</label><input type="text" name="menu_link[' . $id . '][]" value="' . $menu['link'] . '"/>
+				<input type="hidden" name="menu_blank[' . $id . '][]" value="0" />
+				<label><input class="blank-checkbox" type="checkbox" ' . ($menu['blank'] == 1 ? 'checked' : '') . '/><span title="Open in New Window">Open in New Window</span></label>
+				
+				<input class="color-picker" type="text" name="menu_color[' . $id . '][]" value="#' . $menu['color'] . '" />
+				
+				<a class="remove-button" id="remove-button-' . $id . '-' . $i . '"><img src="' . BASE_URL . 'images/del.png"/></a></li>';
+
+				$i++;
+				$last_id[$id] = $i;
+			}
+		}
+
+		echo '</ul>';
+		echo '                </div>
+            </div>
+        </div>
+';
+	}
+	echo ' </div><div class="row"><div class="col-md-6">';
+	echo '<input type="submit" class="btn btn-info" value="Save">';
+	echo '<input type="button" class="btn btn-default pull-right" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus&template=' . $template . '\';">';
+	echo '</div></div>';
+	echo '</form>';
+
 	$twig->display('admin.menus.js.html.twig', array(
 		'menus' => $menus,
-		'last_id' => $last_id,
-		'menu_default_color' => $config['menu_default_color'] ?? '#ffffff'
+		'last_id' => $last_id
 	));
 	?>
+
 	<?php
 } else {
 	$templates = $db->query('SELECT `template` FROM `' . TABLE_PREFIX . 'menu` GROUP BY `template`;')->fetchAll();

admin/pages/modules/balance.php

@@ -1,8 +0,0 @@
-<?php
-defined('MYAAC') or die('Direct access not allowed!');
-
-$balance = ($db->hasColumn('players', 'balance') ? $db->query('SELECT `balance`, `id`, `name`,`level` FROM `players` ORDER BY `balance` DESC LIMIT 10;') : 0);
-
-$twig->display('balance.html.twig', array(
-	'balance' => $balance
-));

admin/pages/modules/coins.php

@@ -1,8 +1,11 @@
 <?php
-defined('MYAAC') or die('Direct access not allowed!');
 
-$coins = ($db->hasColumn('accounts', 'coins') ?  $db->query('SELECT `coins`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `coins` DESC LIMIT 10;') : 0);
+if ($db->hasColumn('accounts', 'coins')) {
+	$coins = $db->query('SELECT `coins`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `coins` DESC LIMIT 10;');
+} else {
+	$coins = 0;
+}
 
 $twig->display('coins.html.twig', array(
 	'coins' => $coins
-));
+));

admin/pages/modules/created.php

@@ -1,8 +0,0 @@
-<?php
-defined('MYAAC') or die('Direct access not allowed!');
-
-$players = ($db->hasColumn('accounts', 'created') ? $db->query('SELECT `created`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `created` DESC LIMIT 10;') : 0);
-
-$twig->display('created.html.twig', array(
-	'players' => $players,
-));

admin/pages/modules/lastlogin.php

@@ -1,7 +1,11 @@
 <?php
-defined('MYAAC') or die('Direct access not allowed!');
 
-$players = ($db->hasColumn('players', 'lastlogin') ? $db->query('SELECT name, level, lastlogin FROM players ORDER BY lastlogin DESC LIMIT 10;') : 0);
+if ($db->hasColumn('players', 'lastlogin')) {
+	$players = $db->query('SELECT name, level, lastlogin FROM players ORDER BY lastlogin DESC LIMIT 10;');
+} else {
+	$players = 0;
+}
+
 $twig->display('lastlogin.html.twig', array(
 	'players' => $players,
-));
+));

admin/pages/modules/points.php

@@ -1,8 +1,10 @@
 <?php
-defined('MYAAC') or die('Direct access not allowed!');
-
-$points = ($db->hasColumn('accounts', 'premium_points') ? $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;') : 0);
+if ($db->hasColumn('accounts', 'premium_points')) {
+	$points = $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;');
+} else {
+	$points = 0;
+}
 
 $twig->display('points.html.twig', array(
 	'points' => $points,
-));
+));

admin/pages/modules/server_status.php

@@ -1,46 +0,0 @@
-<?php
-defined('MYAAC') or die('Direct access not allowed!');
-if (isset($status)) {
-
-	$error_icon = '<i class="fas fa-exclamation-circle text-danger"></i>'; ?>
-	<div class=" col-md-6 col-lg-6">
-		<div class="card card-info card-outline">
-			<div class="card-header border-bottom-0">
-				<span class="font-weight-bold m-0">Server Status</span> <span class="float-right small"><b>Last checked</b>: <?php echo(isset($status['lastCheck']) ? date("l, d.m.Y H:i:s", $status['lastCheck']) : $error_icon); ?></span>
-			</div>
-			<div class="card-body p-0 ">
-				<table class="table">
-					<tbody>
-					<tr>
-						<th width="30%">Server</th>
-						<td><?php echo(isset($status['server']) & isset($status['serverVersion']) ? $status['server'] . ' x ' . $status['serverVersion'] : $error_icon) ?></td>
-
-					</tr>
-					<tr>
-						<th>Client</th>
-						<td><?php echo(isset($status['clientVersion']) ? $status['clientVersion'] : $error_icon) ?></td>
-					</tr>
-					<tr>
-						<th>Map</th>
-						<td>
-							<?php if (isset($status['mapName']) & isset($status['mapAuthor']) & isset($status['mapWidth']) & isset($status['mapHeight'])) {
-								echo $status['mapName'] . ' by <b>' . $status['mapAuthor'] . '</b><br/>' . $status['mapWidth'] . ' x ' . $status['mapHeight'];
-							} else {
-								echo $error_icon;
-							} ?>
-						</td>
-					</tr>
-					<tr>
-						<th>Monsters</th>
-						<td><?php echo (isset($status['monsters']) ? $status['monsters'] : $error_icon); ?></td>
-					</tr>
-					<tr>
-						<th>MOTD:</th>
-						<td><?php echo(isset($status['motd']) ? $status['motd'] : $error_icon); ?></td>
-					</tr>
-					</tbody>
-				</table>
-			</div>
-		</div>
-	</div>
-<?php } ?>

admin/pages/modules/statistics.php

@@ -1,12 +0,0 @@
-<?php
-defined('MYAAC') or die('Direct access not allowed!');
-$count = $db->query('SELECT
-  (SELECT COUNT(*) FROM `accounts`) as total_accounts, 
-  (SELECT COUNT(*) FROM `players`) as total_players,
-  (SELECT COUNT(*) FROM `guilds`) as total_guilds,
-  (SELECT COUNT(*) FROM `' . TABLE_PREFIX . 'monsters`) as total_monsters,
-  (SELECT COUNT(*) FROM `houses`) as total_houses;')->fetch();
-
-$twig->display('statistics.html.twig', array(
-	'count' => $count,
-));

admin/pages/modules/templates/balance.html.twig

@@ -1,31 +0,0 @@
-{% if balance is iterable %}
-	<div class=" col-md-6 col-lg-3">
-		<div class="card card-info card-outline">
-			<div class="card-header">
-				<h5 class="m-0">Top 10 - Balance</h5>
-			</div>
-			<div class="card-body p-0">
-				<table class="table table-striped table-condensed">
-					<thead>
-					<tr>
-						<th>#</th>
-						<th>Player</th>
-						<th>Balance</th>
-					</tr>
-					</thead>
-					<tbody>
-					{% set i = 0 %}
-					{% for result in balance %}
-						{% set i = i + 1 %}
-						<tr>
-							<th>{{ i }}</th>
-							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
-							<td>{{ result.balance }}</td>
-						</tr>
-					{% endfor %}
-					</tbody>
-				</table>
-			</div>
-		</div>
-	</div>
-{% endif %}

admin/pages/modules/templates/coins.html.twig

@@ -1,25 +1,23 @@
 {% if coins is iterable %}
-	<div class=" col-md-6 col-lg-3">
-		<div class="card card-info card-outline">
-			<div class="card-header">
-				<h5 class="m-0">Top 10 - Most coins</h5>
+	<div class="col-md-3">
+		<div class="box">
+			<div class="box-header">
+				<h3 class="box-title">Top 10 - Most coins</h3>
 			</div>
-			<div class="card-body p-0">
-				<table class="table table-striped table-condensed">
-					<thead>
+			<div class="box-body no-padding">
+				<table class="table table-condensed">
+					<tbody>
 					<tr>
 						<th>#</th>
-						<th>Account</th>
+						<th>Account {{ account_type }}</th>
 						<th>Tibia coins</th>
 					</tr>
-					</thead>
-					<tbody>
 					{% set i = 0 %}
 					{% for result in coins %}
 						{% set i = i + 1 %}
 						<tr>
-							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td>{{ i }}</td>
+							<td>{{ result.name }}</td>
 							<td>{{ result.coins }}</td>
 						</tr>
 					{% endfor %}
@@ -28,4 +26,4 @@
 			</div>
 		</div>
 	</div>
-{% endif %}
+{% endif %}

admin/pages/modules/templates/created.html.twig

@@ -1,31 +0,0 @@
-{% if players is iterable %}
-	<div class=" col-md-6 col-lg-3">
-		<div class="card card-info card-outline">
-			<div class="card-header">
-				<h5 class="m-0">Last 10 created</h5>
-			</div>
-			<div class="card-body p-0">
-				<table class="table table-striped table-condensed">
-					<thead>
-					<tr>
-						<th>#</th>
-						<th>Account</th>
-						<th>Creation Date</th>
-					</tr>
-					</thead>
-					<tbody>
-					{% set i = 0 %}
-					{% for result in players %}
-						{% set i = i + 1 %}
-						<tr>
-							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
-							<td>{{ result.created|date("M d Y, H:i:s") }}</td>
-						</tr>
-					{% endfor %}
-					</tbody>
-				</table>
-			</div>
-		</div>
-	</div>
-{% endif %}

admin/pages/modules/templates/lastlogin.html.twig

@@ -1,25 +1,23 @@
 {% if players is iterable %}
-	<div class=" col-md-6 col-lg-3">
-		<div class="card card-info card-outline">
-			<div class="card-header">
-				<h5 class="m-0">Last 10 logins</h5>
+	<div class="col-md-3">
+		<div class="box">
+			<div class="box-header">
+				<h3 class="box-title">Last 10 Logins</h3>
 			</div>
-			<div class="card-body p-0">
-				<table class="table table-striped table-condensed">
-					<thead>
+			<div class="box-body no-padding">
+				<table class="table table-condensed">
+					<tbody>
 					<tr>
 						<th>#</th>
 						<th>Player</th>
 						<th>Login Date</th>
 					</tr>
-					</thead>
-					<tbody>
 					{% set i = 0 %}
 					{% for result in players %}
 						{% set i = i + 1 %}
 						<tr>
-							<th>{{ i }}</th>
-							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td>{{ i }}</td>
+							<td>{{ result.name }}</td>
 							<td>{{ result.lastlogin|date("M d Y, H:i:s") }}</td>
 						</tr>
 					{% endfor %}
@@ -28,4 +26,4 @@
 			</div>
 		</div>
 	</div>
-{% endif %}
+{% endif %}

admin/pages/modules/templates/points.html.twig

@@ -1,25 +1,23 @@
 {% if points is iterable %}
-	<div class=" col-md-6 col-lg-3">
-		<div class="card card-info card-outline">
-			<div class="card-header">
-				<h5 class="m-0">Top 10 - Most premium points</h5>
+	<div class="col-md-3">
+		<div class="box">
+			<div class="box-header">
+				<h3 class="box-title">Top 10 - Most premium points</h3>
 			</div>
-			<div class="card-body p-0">
-				<table class="table table-striped table-condensed">
-					<thead>
+			<div class="box-body no-padding">
+				<table class="table table-condensed">
+					<tbody>
 					<tr>
 						<th>#</th>
-						<th>Account</th>
+						<th>Account {{ account_type }}</th>
 						<th>Premium points</th>
 					</tr>
-					</thead>
-					<tbody>
 					{% set i = 0 %}
 					{% for result in points %}
 						{% set i = i + 1 %}
 						<tr>
-							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td>{{ i }}</td>
+							<td>{{ result.name }}</td>
 							<td>{{ result.premium_points }}</td>
 						</tr>
 					{% endfor %}
@@ -28,4 +26,4 @@
 			</div>
 		</div>
 	</div>
-{% endif %}
+{% endif %}

admin/pages/modules/templates/statistics.html.twig

@@ -1,45 +0,0 @@
-<div class="col">
-	<div class="info-box">
-		<span class="info-box-icon bg-info elevation-1"><i class="fas fa-user-plus"></i></span>
-		<div class="info-box-content">
-			<span class="info-box-text">Accounts:</span>
-			<span class="info-box-number">{{ count.total_accounts }}</span>
-		</div>
-	</div>
-</div>
-<div class="col">
-	<div class="info-box">
-		<span class="info-box-icon bg-red elevation-1"><i class="fas fa-user-plus"></i></span>
-		<div class="info-box-content">
-			<span class="info-box-text">Players:</span>
-			<span class="info-box-number">{{ count.total_players }}</span>
-		</div>
-	</div>
-</div>
-<div class="col">
-	<div class="info-box">
-		<span class="info-box-icon bg-teal elevation-1"><i class="fas fa-pastafarianism"></i></span>
-		<div class="info-box-content">
-			<span class="info-box-text">Monsters:</span>
-			<span class="info-box-number">{{ count.total_monsters }}</span>
-		</div>
-	</div>
-</div>
-<div class="col">
-	<div class="info-box">
-		<span class="info-box-icon bg-green elevation-1"><i class="fas fa-chart-pie"></i></span>
-		<div class="info-box-content">
-			<span class="info-box-text">Guilds:</span>
-			<span class="info-box-number">{{ count.total_guilds }}</span>
-		</div>
-	</div>
-</div>
-<div class="col">
-	<div class="info-box">
-		<span class="info-box-icon bg-yellow elevation-1"><i class="fas fa-home"></i></span>
-		<div class="info-box-content">
-			<span class="info-box-text">Houses:</span>
-			<span class="info-box-number">{{ count.total_houses }}</span>
-		</div>
-	</div>
-</div>

admin/pages/modules/templates/web_status.twig

@@ -1,39 +0,0 @@
-<div class="col-12 col-md-6">
-	<div class="card card-warning card-outline">
-		<form action="?p=dashboard&maintenance" method="post" class="form-horizontal">
-			<div class="card-header">
-				<span class="m-0">Website Status<span class="float-right">
-				<div class="custom-control custom-switch custom-switch-off-danger custom-switch-on-success">
-					<input type="checkbox" class="custom-control-input" name="status" id="status" value="true" {% if not is_closed %} checked{% endif %}>
-					<label id="status-label" class="custom-control-label" for="status"> {% if is_closed %}Closed{% else %}Open{% endif %}</label>
-				</div></span>
-				</span>
-			</div>
-			<div class="card-body p-2">
-				<div class="col-sm-12">
-					<label for="message" class="col-form-label">Maintenance Message</label>
-					<textarea name="message" class="form-control" cols="40" rows="3" maxlength="255" placeholder="Enter ...">{{ closed_message }}</textarea>
-					<small>(only visible if closed)</small>
-				</div>
-			</div>
-			<div class="card-footer">
-				<button type="submit" class="btn btn-info"><i class="far fa-update"></i> Update</button>
-				<a href="?p=dashboard&clear_cache" onclick="return confirm('Are you sure?');" class="float-right">
-					<span class="btn btn-danger"><i class="fas fa-clear"></i>Clear cache</span>
-				</a>
-			</div>
-		</form>
-	</div>
-</div>
-
-<script>
-	$(function() {
-		$("#status").change(function() {
-			$statusLabel = $("#status-label");
-			$statusLabel.html("Closed");
-			if ($(this).is(':checked')) {
-				$statusLabel.html("Open");
-			}
-		});
-	});
-</script>

admin/pages/modules/web_status.php

@@ -1,10 +0,0 @@
-<?php
-defined('MYAAC') or die('Direct access not allowed!');
-
-$twig->display('web_status.twig', array(
-	'is_closed' => $is_closed,
-	'closed_message' => $closed_message,
-	'status' => $status,
-	'account_type' => USE_ACCOUNT_NAME ? 'name' : 'number'
-));
-?>

admin/pages/news.php

@@ -13,7 +13,6 @@ require_once LIBS . 'forum.php';
 require_once LIBS . 'news.php';
 
 $title = 'News Panel';
-$use_datatable = true;
 
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
@@ -23,8 +22,8 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 header('X-XSS-Protection:0');
 
 // some constants, used mainly by database (cannot by modified without schema changes)
-define('NEWS_TITLE_LIMIT', 100);
-define('NEWS_BODY_LIMIT', 65535); // maximum news body length
+define('TITLE_LIMIT', 100);
+define('BODY_LIMIT', 65535); // maximum news body length
 define('ARTICLE_TEXT_LIMIT', 300);
 define('ARTICLE_IMAGE_LIMIT', 100);
 
@@ -43,12 +42,12 @@ if(!empty($action))
 	$forum_section = isset($_REQUEST['forum_section']) ? $_REQUEST['forum_section'] : null;
 	$errors = array();
 
-	if($action == 'new') {
+	if($action == 'add') {
 		if(isset($forum_section) && $forum_section != '-1') {
 			$forum_add = Forum::add_thread($p_title, $body, $forum_section, $player_id, $account_logged->getId(), $errors);
 		}
 
-		if(isset($p_title) && News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
+		if(News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
 			$p_title = $body = $comments = $article_text = $article_image = '';
 			$type = $category = $player_id = 0;
 
@@ -115,21 +114,21 @@ if($action == 'edit' || $action == 'new') {
 	$twig->display('admin.news.form.html.twig', array(
 		'action' => $action,
 		'news_link' => getLink(PAGE),
-		'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'new'),
-		'news_id' => $id ?? null,
-		'title' => $p_title ?? '',
+		'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'add'),
+		'news_id' => isset($id) ? $id : null,
+		'title' => isset($p_title) ? $p_title : '',
 		'body' => isset($body) ? escapeHtml($body) : '',
-		'type' => $type ?? null,
+		'type' => isset($type) ? $type : null,
 		'player' => isset($player) && $player->isLoaded() ? $player : null,
-		'player_id' => $player_id ?? null,
+		'player_id' => isset($player_id) ? $player_id : null,
 		'account_players' => $account_players,
-		'category' => $category ?? 0,
+		'category' => isset($category) ? $category : 0,
 		'categories' => $categories,
 		'forum_boards' => getForumBoards(),
-		'forum_section' => $forum_section ?? null,
-		'comments' => $comments ?? null,
-		'article_text' => $article_text ?? null,
-		'article_image' => $article_image ?? null
+		'forum_section' => isset($forum_section) ? $forum_section : null,
+		'comments' => isset($comments) ? $comments : null,
+		'article_text' => isset($article_text) ? $article_text : null,
+		'article_image' => isset($article_image) ? $article_image : null
 	));
 }
 

admin/pages/open_source.php

@@ -1,14 +0,0 @@
-<?php
-/**
- * Open Source libraries
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2023 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-
-$title = 'Open Source';
-
-$twig->display('admin.open_source.html.twig');

admin/pages/pages.php

@@ -9,7 +9,6 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Pages';
-$use_datatable = true;
 
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
@@ -18,18 +17,13 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 
 header('X-XSS-Protection:0');
 
-$name = $p_title = null;
+$name = $p_title = '';
 $groups = new OTS_Groups_List();
 
 $php = false;
 $enable_tinymce = true;
 $access = 0;
 
-// some constants, used mainly by database (cannot by modified without schema changes)
-define('PAGE_TITLE_LIMIT', 30);
-define('PAGE_NAME_LIMIT', 30);
-define('PAGE_BODY_LIMIT', 65535); // maximum page body length
-
 if (!empty($action)) {
 	if ($action == 'delete' || $action == 'edit' || $action == 'hide')
 		$id = $_REQUEST['id'];
@@ -55,13 +49,12 @@ if (!empty($action)) {
 	$errors = array();
 	$player_id = 1;
 
-	if ($action == 'new') {
-		if (isset($p_title) && Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
+	if ($action == 'add') {
+		if (Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
 			$name = $p_title = $body = '';
 			$player_id = $access = 0;
 			$php = false;
 			$enable_tinymce = true;
-			success('Added successful.');
 		}
 	} else if ($action == 'delete') {
 		if (Pages::delete($id, $errors))
@@ -76,18 +69,15 @@ if (!empty($action)) {
 			$enable_tinymce = $_page['enable_tinymce'] == '1';
 			$access = $_page['access'];
 		} else {
-			if(Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
-				$action = $name = $p_title = $body = '';
-				$player_id = 1;
-				$access = 0;
-				$php = false;
-				$enable_tinymce = true;
-				success('Updated successful.');
-			}
+			Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access);
+			$action = $name = $p_title = $body = '';
+			$player_id = 1;
+			$access = 0;
+			$php = false;
+			$enable_tinymce = true;
 		}
 	} else if ($action == 'hide') {
-		Pages::toggleHidden($id, $errors, $status);
-		success(($status == 1 ? 'Show' : 'Hide') . ' successful.');
+		Pages::toggleHidden($id, $errors);
 	}
 
 	if (!empty($errors))
@@ -126,48 +116,6 @@ $twig->display('admin.pages.html.twig', array(
 
 class Pages
 {
-	static public function verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
-	{
-		if(!isset($title[0]) || !isset($body[0])) {
-			$errors[] = 'Please fill all inputs.';
-			return false;
-		}
-		if(strlen($name) > PAGE_NAME_LIMIT) {
-			$errors[] = 'Page name cannot be longer than ' . PAGE_NAME_LIMIT . ' characters.';
-			return false;
-		}
-		if(strlen($title) > PAGE_TITLE_LIMIT) {
-			$errors[] = 'Page title cannot be longer than ' . PAGE_TITLE_LIMIT . ' characters.';
-			return false;
-		}
-		if(strlen($body) > PAGE_BODY_LIMIT) {
-			$errors[] = 'Page content cannot be longer than ' . PAGE_BODY_LIMIT . ' characters.';
-			return false;
-		}
-		if(!isset($player_id) || $player_id == 0) {
-			$errors[] = 'Player ID is wrong.';
-			return false;
-		}
-		if(!isset($php) || ($php != 0 && $php != 1)) {
-			$errors[] = 'Enable PHP is wrong.';
-			return false;
-		}
-		if ($php == 1 && !getBoolean(config('admin_pages_php_enable'))) {
-			$errors[] = 'PHP pages disabled on this server. To enable go to config.php and change admin_pages_php_enable to "yes".';
-			return false;
-		}
-		if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) {
-			$errors[] = 'Enable TinyMCE is wrong.';
-			return false;
-		}
-		if(!isset($access) || $access < 0 || $access > PHP_INT_MAX) {
-			$errors[] = 'Access is wrong.';
-			return false;
-		}
-
-		return true;
-	}
-
 	static public function get($id)
 	{
 		global $db;
@@ -180,36 +128,31 @@ class Pages
 
 	static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
 	{
-		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
-			return false;
-		}
-
 		global $db;
-		$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name));
-		if ($query === false)
-			$db->insert(TABLE_PREFIX . 'pages',
-				array(
-					'name' => $name,
-					'title' => $title,
-					'body' => $body,
-					'player_id' => $player_id,
-					'php' => $php ? '1' : '0',
-					'enable_tinymce' => $enable_tinymce ? '1' : '0',
-					'access' => $access
-				)
-			);
-		else
-			$errors[] = 'Page with this link already exists.';
+		if (isset($name[0]) && isset($title[0]) && isset($body[0]) && $player_id != 0) {
+			$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name));
+			if ($query === false)
+				$db->insert(TABLE_PREFIX . 'pages',
+					array(
+						'name' => $name,
+						'title' => $title,
+						'body' => $body,
+						'player_id' => $player_id,
+						'php' => $php ? '1' : '0',
+						'enable_tinymce' => $enable_tinymce ? '1' : '0',
+						'access' => $access
+					)
+				);
+			else
+				$errors[] = 'Page with this link already exists.';
+		} else
+			$errors[] = 'Please fill all inputs.';
 
 		return !count($errors);
 	}
 
-	static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
+	static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access)
 	{
-		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
-			return false;
-		}
-
 		global $db;
 		$db->update(TABLE_PREFIX . 'pages',
 			array(
@@ -222,8 +165,6 @@ class Pages
 				'access' => $access
 			),
 			array('id' => $id));
-
-		return true;
 	}
 
 	static public function delete($id, &$errors)
@@ -240,18 +181,15 @@ class Pages
 		return !count($errors);
 	}
 
-	static public function toggleHidden($id, &$errors, &$status)
+	static public function toggleHidden($id, &$errors)
 	{
 		global $db;
 		if (isset($id)) {
 			$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
-			if ($query !== false) {
+			if ($query !== false)
 				$db->update(TABLE_PREFIX . 'pages', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
-				$status = $query['hidden'];
-			}
-			else {
+			else
 				$errors[] = 'Page with id ' . $id . ' does not exists.';
-			}
 		} else
 			$errors[] = 'id not set';
 

admin/pages/phpinfo.php

@@ -16,4 +16,4 @@ if (!function_exists('phpinfo')) { ?>
 	<?php return;
 }
 ?>
-<iframe src="<?php echo ADMIN_URL; ?>tools/phpinfo.php" width="1024" height="550"></iframe>
+<iframe src="<?php echo BASE_URL; ?>admin/tools/phpinfo.php" width="1024" height="550"/>

admin/pages/plugins.php

@@ -9,123 +9,101 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Plugin manager';
-$use_datatable = true;
 
 require_once LIBS . 'plugins.php';
 
-if (!getBoolean(config('admin_plugins_manage_enable'))) {
-	warning('Plugin installation and management is disabled in config.<br/>If you wish to enable, go to config.php and change <b>admin_plugins_manage_enable</b> to "yes".');
-}
-else {
-	$twig->display('admin.plugins.form.html.twig');
+$twig->display('admin.plugins.form.html.twig');
 
-	if (isset($_REQUEST['uninstall'])) {
-		$uninstall = $_REQUEST['uninstall'];
+if (isset($_REQUEST['uninstall'])) {
+	$uninstall = $_REQUEST['uninstall'];
 
-		if (Plugins::uninstall($uninstall)) {
-			success('Successfully uninstalled plugin ' . $uninstall);
-		} else {
-			error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
+	if (Plugins::uninstall($uninstall)) {
+		success('Successfully uninstalled plugin ' . $uninstall);
+	} else {
+		error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
+	}
+} else if (isset($_FILES["plugin"]["name"])) {
+	$file = $_FILES["plugin"];
+	$filename = $file["name"];
+	$tmp_name = $file["tmp_name"];
+	$type = $file["type"];
+
+	$name = explode(".", $filename);
+	$accepted_types = array('application/zip', 'application/x-zip-compressed', 'multipart/x-zip', 'application/x-compressed', 'application/octet-stream', 'application/zip-compressed');
+
+	if (isset($file['error'])) {
+		$error = 'Error uploading file';
+		switch ($file['error']) {
+			case UPLOAD_ERR_OK:
+				$error = false;
+				break;
+			case UPLOAD_ERR_INI_SIZE:
+			case UPLOAD_ERR_FORM_SIZE:
+				$error .= ' - file too large (limit of ' . ini_get('upload_max_filesize') . ' bytes). You can enlarge the limits by changing "upload_max_filesize" in php.ini';
+				break;
+			case UPLOAD_ERR_PARTIAL:
+				$error .= ' - file upload was not completed.';
+				break;
+			case UPLOAD_ERR_NO_FILE:
+				$error .= ' - zero-length file uploaded.';
+				break;
+			default:
+				$error .= ' - internal error #' . $file['error'];
+				break;
 		}
-	} else if (isset($_REQUEST['enable'])) {
-		$enable = $_REQUEST['enable'];
-		if (Plugins::enable($enable)) {
-			success('Successfully enabled plugin ' . $enable);
-		} else {
-			error('Error while enabling plugin ' . $enable . ': ' . Plugins::getError());
-		}
-	} else if (isset($_REQUEST['disable'])) {
-		$disable = $_REQUEST['disable'];
-		if (Plugins::disable($disable)) {
-			success('Successfully disabled plugin ' . $disable);
-		} else {
-			error('Error while disabling plugin ' . $disable . ': ' . Plugins::getError());
-		}
-	} else if (isset($_FILES['plugin']['name'])) {
-		$file = $_FILES['plugin'];
-		$filename = $file['name'];
-		$tmp_name = $file['tmp_name'];
-		$type = $file['type'];
+	}
 
-		$name = explode('.', $filename);
-		$accepted_types = array('application/zip', 'application/x-zip-compressed', 'multipart/x-zip', 'application/x-compressed', 'application/octet-stream', 'application/zip-compressed');
+	if (isset($error) && $error != false) {
+		error($error);
+	} else {
+		if (is_uploaded_file($file['tmp_name'])) {
+			$filetype = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
+			if ($filetype == 'zip') // check if it is zipped/compressed file
+			{
+				$tmp_filename = pathinfo($filename, PATHINFO_FILENAME);
+				$targetzip = BASE . 'plugins/' . $tmp_filename . '.zip';
 
-		if (isset($file['error'])) {
-			$error = 'Error uploading file';
-			switch ($file['error']) {
-				case UPLOAD_ERR_OK:
-					$error = false;
-					break;
-				case UPLOAD_ERR_INI_SIZE:
-				case UPLOAD_ERR_FORM_SIZE:
-					$error .= ' - file too large (limit of ' . ini_get('upload_max_filesize') . ' bytes). You can enlarge the limits by changing "upload_max_filesize" in php.ini';
-					break;
-				case UPLOAD_ERR_PARTIAL:
-					$error .= ' - file upload was not completed.';
-					break;
-				case UPLOAD_ERR_NO_FILE:
-					$error .= ' - zero-length file uploaded.';
-					break;
-				default:
-					$error .= ' - internal error #' . $file['error'];
-					break;
-			}
-		}
-
-		if (isset($error) && $error != false) {
-			error($error);
-		} else {
-			if (is_uploaded_file($file['tmp_name'])) {
-				$filetype = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
-				if ($filetype == 'zip') // check if it is zipped/compressed file
-				{
-					$tmp_filename = pathinfo($filename, PATHINFO_FILENAME);
-					$targetzip = BASE . 'plugins/' . $tmp_filename . '.zip';
-
-					if (move_uploaded_file($tmp_name, $targetzip)) { // move uploaded file
-						if (Plugins::install($targetzip)) {
-							foreach (Plugins::getWarnings() as $warning) {
-								warning($warning);
-							}
-
-							$info = Plugins::getPluginJson();
-							success((isset($info['name']) ? '<strong>' . $info['name'] . '</strong> p' : 'P') . 'lugin has been successfully installed.');
-						} else {
-							$error = Plugins::getError();
-							error(!empty($error) ? $error : 'Unexpected error happened while installing plugin. Please try again later.');
+				if (move_uploaded_file($tmp_name, $targetzip)) { // move uploaded file
+					if (Plugins::install($targetzip)) {
+						foreach (Plugins::getWarnings() as $warning) {
+							warning($warning);
 						}
 
-						unlink($targetzip); // delete the Zipped file
-					} else
-						error('There was a problem with the upload. Please try again.');
-				} else {
-					error('The file you are trying to upload is not a .zip file. Please try again.');
-				}
+						$info = Plugins::getPluginJson();
+						success((isset($info['name']) ? '<strong>' . $info['name'] . '</strong> p' : 'P') . 'lugin has been successfully installed.');
+					} else {
+						$error = Plugins::getError();
+						error(!empty($error) ? $error : 'Unexpected error happened while installing plugin. Please try again later.');
+					}
+
+					unlink($targetzip); // delete the Zipped file
+				} else
+					error('There was a problem with the upload. Please try again.');
 			} else {
-				error('Error uploading file - unknown error.');
+				error('The file you are trying to upload is not a .zip file. Please try again.');
 			}
+		} else {
+			error('Error uploading file - unknown error.');
 		}
 	}
 }
 
 $plugins = array();
-foreach (get_plugins(true) as $plugin) {
+foreach (get_plugins() as $plugin) {
 	$string = file_get_contents(BASE . 'plugins/' . $plugin . '.json');
+	$string = Plugins::removeComments($string);
 	$plugin_info = json_decode($string, true);
 
-	if (!$plugin_info) {
+	if ($plugin_info == false) {
 		warning('Cannot load plugin info ' . $plugin . '.json');
 	} else {
-		$disabled = (strpos($plugin, 'disabled.') !== false);
-		$pluginOriginal = ($disabled ? str_replace('disabled.', '', $plugin) : $plugin);
 		$plugins[] = array(
-			'name' => $plugin_info['name'] ?? '',
-			'description' => $plugin_info['description'] ?? '',
-			'version' => $plugin_info['version'] ?? '',
-			'author' => $plugin_info['author'] ?? '',
-			'contact' => $plugin_info['contact'] ?? '',
-			'file' => $pluginOriginal,
-			'enabled' => !$disabled,
+			'name' => isset($plugin_info['name']) ? $plugin_info['name'] : '',
+			'description' => isset($plugin_info['description']) ? $plugin_info['description'] : '',
+			'version' => isset($plugin_info['version']) ? $plugin_info['version'] : '',
+			'author' => isset($plugin_info['author']) ? $plugin_info['author'] : '',
+			'contact' => isset($plugin_info['contact']) ? $plugin_info['contact'] : '',
+			'file' => $plugin,
 			'uninstall' => isset($plugin_info['uninstall'])
 		);
 	}

admin/pages/reports.php

@@ -4,36 +4,35 @@
  *
  * @package   MyAAC
  * @author    Lee
- * @copyright 2020 MyAAC
+ * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Report Viewer';
-$use_datatable = true;
 
 $files = array();
 $server_path_reports = $config['data_path'] . 'reports/';
 
 if (file_exists($server_path_reports)) {
-	foreach (scandir($server_path_reports, SCANDIR_SORT_ASCENDING) as $f) {
-		if ($f[0] === '.') {
-			continue;
-		}
+    foreach (scandir($server_path_reports, SCANDIR_SORT_ASCENDING) as $f) {
+        if ($f[0] === '.') {
+	        continue;
+        }
 
-		if (is_dir($server_path_reports . $f)) {
-			foreach (scandir($server_path_reports . $f, SCANDIR_SORT_ASCENDING) as $f2) {
-				if ($f2[0] === '.') {
-					continue;
-				}
+        if (is_dir($server_path_reports . $f)) {
+            foreach (scandir($server_path_reports . $f, SCANDIR_SORT_ASCENDING) as $f2) {
+                if ($f2[0] === '.') {
+	                continue;
+                }
 
-				$files[] = array($f . '/' . $f2, $server_path_reports);
-			}
+                $files[] = array($f . '/' . $f2, $server_path_reports);
+            }
 
-			continue;
-		}
+            continue;
+        }
 
-		$files[] = array($f, $server_path_reports);
-	}
+        $files[] = array($f, $server_path_reports);
+    }
 }
 
 foreach ($files as &$f) {
@@ -43,19 +42,20 @@ foreach ($files as &$f) {
 
 unset($f);
 
+$twig->display('admin.reports.html.twig', array('files' => $files));
+
+
 $file = isset($_GET['file']) ? $_GET['file'] : NULL;
 if (!empty($file)) {
 	if (!preg_match('/[^A-z0-9\' _\/\-\.]/', $file)) {
 		if (file_exists($server_path_reports . $file)) {
-			$file_content = nl2br(file_get_contents($server_path_reports . $file));
+			$content = nl2br(file_get_contents($server_path_reports . $file));
 
-			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $file_content));
+			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $content));
 		} else {
 			echo 'Specified file does not exist.';
 		}
 	} else {
 		echo 'Invalid file name specified.';
 	}
-}
-
-$twig->display('admin.reports.html.twig', array('files' => $files));
+}

admin/pages/tools.php

@@ -10,24 +10,18 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Tools';
 
-if (!isset($_GET['tool'])) {
+$tool = $_GET['tool'];
+if (!isset($tool)) {
 	echo 'Tool not set.';
 	return;
 }
 
-$tool = $_GET['tool'];
 if (preg_match("/[^A-z0-9_\-]/", $tool)) {
 	echo 'Invalid tool.';
 	return;
 }
 
-$file = ADMIN . 'tools/' . $tool . '.php';
-
-if (@file_exists($file)) {
+$file = BASE . 'admin/pages/tools/' . $tool . '.php';
+if (!@file_exists($file))
 	require $file;
-	return;
-}
-
-echo 'Tool <strong>' . $tool . '</strong> not found.';
-
 ?>

admin/pages/version.php

@@ -24,10 +24,10 @@ if (!$myaac_version) {
 $version_compare = version_compare($myaac_version, MYAAC_VERSION);
 if ($version_compare == 0) {
 	success('MyAAC latest version is ' . $myaac_version . '. You\'re using the latest version.
-	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=clmd', 'here'));
+	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=changelog', 'here'));
 } else if ($version_compare < 0) {
 	success('Woah, seems you\'re using newer version as latest released one! MyAAC latest released version is ' . $myaac_version . ', and you\'re using version ' . MYAAC_VERSION . '.
-	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=clmd', 'here'));
+	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=changelog', 'here'));
 } else {
 	warning('You\'re using outdated version.<br/>
 		Your version: <b>' . MYAAC_VERSION . '</b><br/>

admin/pages/visitors.php

@@ -8,13 +8,7 @@
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
-
-use DeviceDetector\DeviceDetector;
-use DeviceDetector\Parser\Client\Browser;
-use DeviceDetector\Parser\OperatingSystem;
-
 $title = 'Visitors';
-$use_datatable = true;
 
 if (!$config['visitors_counter']): ?>
 	Visitors counter is disabled.<br/>
@@ -35,31 +29,6 @@ function compare($a, $b)
 $tmp = $visitors->getVisitors();
 usort($tmp, 'compare');
 
-foreach ($tmp as &$visitor) {
-	$userAgent = $visitor['user_agent'] ?? '';
-	if (!strlen($userAgent) || $userAgent == 'unknown') {
-		$browser = 'Unknown';
-	}
-	else {
-		$dd = new DeviceDetector($userAgent);
-		$dd->parse();
-
-		if ($dd->isBot()) {
-			$bot = $dd->getBot();
-			$message = '(Bot) %s, <a href="%s" target="_blank">%s</a>';
-			$browser = sprintf($message, $bot['category'], $bot['url'], $bot['name']);
-		}
-		else {
-			$osFamily = OperatingSystem::getOsFamily($dd->getOs('name'));
-			$browserFamily = Browser::getBrowserFamily($dd->getClient('name'));
-
-			$browser = $osFamily . ', ' . $browserFamily;
-		}
-	}
-
-	$visitor['browser'] = $browser;
-}
-
 $twig->display('admin.visitors.html.twig', array(
 	'config_visitors_counter_ttl' => $config['visitors_counter_ttl'],
 	'visitors' => $tmp

admin/template/menus.php

@@ -1,66 +0,0 @@
-<?php
-
-$menus = [
-	['name' => 'Dashboard', 'icon' => 'tachometer-alt', 'order' => 10, 'link' => 'dashboard'],
-	['name' => 'News', 'icon' => 'newspaper', 'order' => 20, 'link' =>
-		[
-			['name' => 'View', 'link' => 'news', 'icon' => 'list', 'order' => 10],
-			['name' => 'Add news', 'link' => 'news&action=new&type=1', 'icon' => 'plus', 'order' => 20],
-			['name' => 'Add ticker', 'link' => 'news&action=new&type=2', 'icon' => 'plus', 'order' => 30],
-			['name' => 'Add article', 'link' => 'news&action=new&type=3', 'icon' => 'plus', 'order' => 40],
-		],
-	],
-	['name' => 'Changelogs', 'icon' => 'newspaper', 'order' => 30, 'link' =>
-		[
-			['name' => 'View', 'link' => 'changelog', 'icon' => 'list', 'order' => 10],
-			['name' => 'Add', 'link' => 'changelog&action=new', 'icon' => 'plus', 'order' => 20],
-		],
-	],
-	['name' => 'Mailer', 'icon' => 'envelope', 'order' => 40, 'link' => 'mailer', 'disabled' => !config('mail_enabled')],
-	['name' => 'Pages', 'icon' => 'book', 'order' => 50, 'link' =>
-		[
-			['name' => 'View', 'link' => 'pages', 'icon' => 'list', 'order' => 10],
-			['name' => 'Add', 'link' => 'pages&action=new', 'icon' => 'plus', 'order' => 20],
-		],
-	],
-	['name' => 'Menus', 'icon' => 'list', 'order' => 60, 'link' => 'menus'],
-	['name' => 'Plugins', 'icon' => 'plug', 'order' => 70, 'link' => 'plugins'],
-	['name' => 'Server Data', 'icon' => 'gavel', 'order' => 80, 'link' => 'data'],
-	['name' => 'Editor', 'icon' => 'edit', 'order' => 90, 'link' =>
-		[
-			['name' => 'Accounts', 'link' => 'accounts', 'icon' => 'users', 'order' => 10],
-			['name' => 'Players', 'link' => 'players', 'icon' => 'user-astronaut', 'order' => 20],
-		],
-	],
-	['name' => 'Tools', 'icon' => 'tools', 'order' => 100, 'link' =>
-		[
-			['name' => 'Mass Account Actions', 'link' => 'mass_account', 'icon' => 'globe', 'order' => 10],
-			['name' => 'Mass Teleport Actions', 'link' => 'mass_teleport', 'icon' => 'globe', 'order' => 20],
-			['name' => 'Notepad', 'link' => 'notepad', 'icon' => 'marker', 'order' => 30],
-			['name' => 'phpinfo', 'link' => 'phpinfo', 'icon' => 'server', 'order' => 40],
-		],
-	],
-	['name' => 'Logs', 'icon' => 'bug', 'order' => 110, 'link' =>
-		[
-			['name' => 'Logs', 'link' => 'logs', 'icon' => 'book', 'order' => 10],
-			['name' => 'Reports', 'link' => 'reports', 'icon' => 'book', 'order' => 20],
-			['name' => 'Visitors', 'link' => 'visitors', 'icon' => 'user', 'order' => 30],
-		],
-	],
-];
-
-$hooks->trigger(HOOK_ADMIN_MENU);
-
-usort($menus, function ($a, $b) {
-	return $a['order'] - $b['order'];
-});
-
-foreach ($menus as $i => $menu) {
-	if (isset($menu['link']) && is_array($menu['link'])) {
-		usort($menus[$i]['link'], function ($a, $b) {
-			return $a['order'] - $b['order'];
-		});
-	}
-}
-
-return $menus;

admin/template/style.css

@@ -1,10 +1,44 @@
-.menu-text-li {color: #4b646f; background: #1a2226;}
-.menu-text {
-	display: block;
-	padding: .5rem 1rem;
-	white-space: nowrap;
+.slidecontainer {
+	width: 100%;
 }
 
-.sidebar-mini.sidebar-collapse .menu-text {
-	display: none;
+.slider {
+	-webkit-appearance: none;
+	width: 100%;
+
+	outline: none;
+	opacity: 0.7;
+	-webkit-transition: .2s;
+	transition: opacity .2s;
+}
+
+.slider:hover {
+	opacity: 1;
+}
+
+.slider::-webkit-slider-thumb {
+	-webkit-appearance: none;
+	appearance: none;
+	width: 15px;
+	height: 25px;
+	background: #3c8dbc;
+	cursor: pointer;
+}
+
+.slider::-moz-range-thumb {
+	width: 25px;
+	height: 25px;
+	background: #3c8dbc;
+	cursor: pointer;
+}
+
+td.details-control {
+	text-align: center;
+	color: forestgreen;
+	cursor: pointer;
+}
+
+tr.shown td.details-control {
+	text-align: center;
+	color: red;
 }

admin/template/template.php

@@ -1,203 +1,229 @@
 <?php defined('MYAAC') or die('Direct access not allowed!'); ?>
-<!doctype html>
-<html lang="en">
+<!DOCTYPE html>
+<html>
 <head>
-	<?php $hooks->trigger(HOOK_ADMIN_HEAD_START); ?>
-	<?php echo template_header(true); ?>
-	<title><?php echo (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];?></title>
-	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
-	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/adminlte.min.css">
+	<?php echo template_header(true);
+	$title_full =  (isset($title) ? $title . $config['title_separator'] : '') . $config['lua']['serverName'];
+	?>
+
+	<title><?php echo $title_full ?></title>
+	<link rel="shortcut icon" href="<?php echo BASE_URL; ?>images/favicon.ico" type="image/x-icon" />
+	<link rel="icon" href="<?php echo BASE_URL; ?>images/favicon.ico" type="image/x-icon" />
+	<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
+
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/bootstrap.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/AdminLTE.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/skins/skin-blue.min.css">
 	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/font-awesome.min.css">
-	<?php if (isset($use_datatable)) { ?>
-	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/datatables.bs.min.css">
-	<?php } ?>
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/ionicons.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/jquery.dataTables.min.css">
 	<link rel="stylesheet" type="text/css" href="<?php echo $template_path; ?>style.css"/>
 	<!--[if lt IE 9]>
-	<script src="<?php echo BASE_URL; ?>tools/js/html5shiv.min.js"></script>
-	<script src="<?php echo BASE_URL; ?>tools/js/respond.min.js"></script>
+	<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
+	<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
 	<![endif]-->
-	<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
-	<?php $hooks->trigger(HOOK_ADMIN_HEAD_END); ?>
+	<link rel="stylesheet"
+		  href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
 </head>
-<body class="sidebar-mini ">
-<?php $hooks->trigger(HOOK_ADMIN_BODY_START); ?>
-<?php if ($logged && admin()) { ?>
-	<div class="wrapper">
-		<nav class="main-header navbar navbar-expand navbar-white navbar-light">
-			<ul class="navbar-nav">
-				<li class="nav-item">
-					<a class="nav-link" data-widget="pushmenu" href="#"><i class="fas fa-bars"></i></a>
-				</li>
-				<li class="nav-item d-none d-sm-inline-block">
-					<a href="<?php echo ADMIN_URL; ?>" class="nav-link">Home</a>
-				</li>
-			</ul>
-			<ul class="navbar-nav ml-auto">
-				<li class="nav-item">
-					<a class="nav-link" data-widget="control-sidebar" data-slide="true" href="#"><i class="fas fa-th-large"></i></a>
-				</li>
-			</ul>
-		</nav>
-		<aside class="main-sidebar sidebar-dark-info elevation-4">
-			<a href="<?php echo ADMIN_URL; ?>" class="brand-link navbar-info">
-				<img src="<?php echo ADMIN_URL; ?>images/logo.png" class="brand-image img-circle elevation-3" style="opacity: .8">
-				<span class="brand-text"><b>My</b>AAC</span>
+<body class="hold-transition skin-blue sidebar-mini">
+<div class="wrapper">
+	<?php
+	if ($logged && admin()) {
+	?>
+	<header class="main-header">
+		<a href="." class="logo">
+			<span class="logo-mini"><b>M</b>A</span>
+			<span class="logo-lg"><b>My</b>AAC</span>
+		</a>
+
+		<nav class="navbar navbar-static-top" role="navigation">
+			<a href="#" class="sidebar-toggle" data-toggle="push-menu" role="button">
+				<span class="sr-only">Toggle navigation</span>
 			</a>
-			<div class="sidebar">
-				<nav class="mt-1">
-					<ul class="nav nav-pills nav-sidebar flex-column nav-legacy nav-child-indent" data-widget="treeview" data-accordion="false">
-						<li class="menu-text-li">
-							<span class="menu-text">
-								<a class="text-info" href="<?php echo BASE_URL; ?>" target="_blank">
-									<?php echo $config['lua']['serverName'] ?>
-								</a>
-							</span>
-						</li>
-						<?php
-						// name = Display name of link
-						// icon = fontawesome icon name without "fas fa-"
-						// link = Page link or use as array for sub items
-						$menus = require __DIR__ . '/menus.php';
+			<div class="navbar-custom-menu">
+				<ul class="nav navbar-nav">
+					<li>
+						<a href="#" data-toggle="control-sidebar"><i class="fa fa-gears"></i></a>
+					</li>
+				</ul>
+			</div>
+		</nav>
+	</header>
+	<aside class="main-sidebar">
+		<section class="sidebar">
+			<ul class="sidebar-menu" data-widget="tree">
+				<li class="header">MyAAC</li>
 
-						foreach ($menus as $category => $menu) {
-							if (isset($menu['disabled']) && $menu['disabled']) {
-								continue;
-							}
+				<?php
+				$icons_a = array(
+                    'dashboard','newspaper-o', 'envelope',
+                    'book', 'list',
+                    'plug', 'user',
+                    'edit', 'gavel',
+                    'wrench', 'edit', 'book', 'book',
+                );
 
-							$has_child = is_array($menu['link']);
-							if (!$has_child) { ?>
-								<li class="nav-item">
-									<a class="nav-link<?php echo(strpos($menu['link'], $page) !== false ? ' active' : '') ?>" href="?p=<?php echo $menu['link'] ?>">
-										<i class="nav-icon fas fa-<?php echo($menu['icon'] ?? 'link') ?>"></i>
-										<p><?php echo $menu['name'] ?></p>
-									</a>
-								</li>
-								<?php
-							} else if ($has_child) {
-								$used_menu = null;
-								$nav_construct = '';
-								foreach ($menu['link'] as $sub_category => $sub_menu) {
-									$nav_construct .= '<li class="nav-item"><a href="?p=' . $sub_menu['link'] . '" class="nav-link';
-									if ($_SERVER['QUERY_STRING'] == 'p=' . $sub_menu['link']) {
-										$nav_construct .= ' active';
-										$used_menu = true;
-									}
-									$nav_construct .= '"><i class="fas fa-' . ($sub_menu['icon'] ?? 'circle') . ' nav-icon"></i><p>' . $sub_menu['name'] . '</p></a></li>';
-								}
-								?>
-								<li class="nav-item has-treeview<?php echo($used_menu ? ' menu-open' : '') ?>">
-									<a href="#" class="nav-link<?php echo($used_menu ? ' active' : '') ?>">
-										<i class="nav-icon fas fa-<?php echo($menu['icon'] ?? 'link') ?>"></i>
-										<p><?php echo $menu['name'] ?></p><i class="right fas fa-angle-left"></i>
-									</a>
-									<ul class="nav nav-treeview">
-										<?php echo $nav_construct; ?>
-									</ul>
-								</li>
-								<?php
+				$menus = array(
+					'Dashboard' => 'dashboard',
+					'News' => 'news',
+					'Mailer' => 'mailer',
+					'Pages' => 'pages',
+					'Menus' => 'menus',
+					'Plugins' => 'plugins',
+					'Visitors' => 'visitors',
+					'Editor' => array(
+						'Accounts' => 'accounts',
+						'Players' => 'players',
+					),
+					'Items' => 'items',
+					'Tools' => array(
+						'Notepad' => 'notepad',
+						'phpinfo' => 'phpinfo',
+					),
+					'Logs' => array(
+						'Logs' => 'logs',
+						'Reports' => 'reports',
+					),
+				);
+
+				$i = 0;
+				foreach ($menus as $_name => $_page) {
+					$has_child = is_array($_page);
+					if (!$has_child) {
+						echo '<li ';
+						if ($page == $_page) echo ' class="active"';
+						echo ">";
+						echo '<a href="?p=' . $_page . '"><i class="fa fa-' . (isset($icons_a[$i]) ? $icons_a[$i] : 'link') . '"></i> <span>' . $_name . '</span></a></li>';
+					}
+
+					if ($has_child) {
+						$used_menu = "";
+						$nav_construct = '';
+						foreach ($_page as $__name => $__page) {
+							$nav_construct = $nav_construct . '<li';
+
+							if ($page == $__page) {
+								$nav_construct = $nav_construct . ' class="active"';
+								$used_menu = true;
 							}
+							$nav_construct = $nav_construct . '><a href="?p=' . $__page . '"><i class="fa fa-circle-o"></i> ' . $__name . '</a></li>';
 						}
 
-						$query = $db->query('SELECT `name`, `page`, `flags` FROM `' . TABLE_PREFIX . 'admin_menu` ORDER BY `ordering`');
-						$menu_db = $query->fetchAll();
-						foreach ($menu_db as $item) {
-							if ($item['flags'] == 0 || hasFlag($item['flags'])) { ?>
-								<li class="nav-item">
-									<a class="nav-link<?php echo($page == $item['page'] ? ' active' : '') ?>" href="?p=<?php echo $item['page'] ?>">
-										<i class="nav-icon fas fa-link"></i>
-										<p><?php echo $item['name'] ?></p>
-									</a>
-								</li>
-								<?php
-							}
-						}
-						?>
-					</ul>
-				</nav>
-			</div>
-		</aside>
+						echo '<li class="treeview' . (($used_menu) ? ' menu-open' : '') . '">
+                                      <a href="#"><i class="fa fa-' . (isset($icons_a[$i]) ? $icons_a[$i] : 'link') . '"></i> <span>' . $_name . '</span>
+						              <span class="pull-right-container"><i class="fa fa-angle-left pull-right"></i></span></a>
+						              <ul class="treeview-menu" style="' . (($used_menu) ? '  display: block' : ' display: none') . '">';
+						echo $nav_construct;
+						echo '</ul>
+                                </li>';
+					}
+					$i++;
+				}
 
-		<div class="content-wrapper" style="min-height: 823px;">
-			<div class="content-header">
-				<div class="container-fluid">
-					<div class="row mb-2">
-						<div class="col-sm-6">
-							<h3 class="m-0 text-dark"><?php echo(isset($title) ? $title : ''); ?><small> - Admin Panel</small></h3>
-						</div>
-						<div class="col-sm-6">
-							<div class="float-sm-right d-none d-sm-inline">
-								<span class="p-2 right badge badge-<?php echo((isset($status['online']) and $status['online']) ? 'success' : 'danger'); ?>"><?php echo $config['lua']['serverName'] ?></span>
-							</div>
-						</div>
-					</div>
+				$query = $db->query('SELECT `name`, `page`, `flags` FROM `' . TABLE_PREFIX . 'admin_menu` ORDER BY `ordering`');
+				$menu_db = $query->fetchAll();
+				foreach ($menu_db as $item) {
+					if ($item['flags'] == 0 || hasFlag($item['flags'])) {
+						echo '<li ';
+						if ($page == $item['page']) echo ' class="active"';
+						echo ">";
+						echo '<a href="?p=' . $item['page'] . '"><i class="fa fa-link"></i> <span>' . $item['name'] . '</span></a></li>';
+					}
+				}
+				?>
+			</ul>
+		</section>
+	</aside>
+
+	<div class="content-wrapper">
+		<section class="content-header">
+			<h1><?php echo(isset($title) ? $title : ''); ?>
+				<small> - Admin Panel</small>
+				<div class="pull-right">
+					<span class="label label-<?php echo(($status['online']) ? 'success' : 'danger'); ?>"><?php echo $config['lua']['serverName'] ?></span>
 				</div>
-			</div>
-			<div class="content">
-				<div class="container-fluid">
-					<?php echo $content; ?>
-				</div>
-			</div>
-		</div>
+			</h1>
+		</section>
+		<section class="content">
+			<?php echo $content; ?>
+		</section>
 
-		<aside class="control-sidebar control-sidebar-dark">
-			<div class="p-3">
-				<h4>Account:</h4>
-				<p><h5><a href="?action=logout"><i class="fas fa-sign-out-alt text-danger"></i> Log out</h5></a>
-				<small>This will log you out</small></p>
-			</div>
-			<div class="p-3">
-				<h4>Site:</h4>
-				<p><h5><a href="<?php echo BASE_URL; ?>" target="_blank"><i class="far fa-eye text-blue"></i> Preview</a></h5>
-				<small>This will open a new tab</small></p>
-			</div>
-			<div class="p-3">
-				<h4>Version:</h4>
-				<p><h5><a href="?p=version"><i class="fas fa-code-branch"></i> <?php echo MYAAC_VERSION; ?></a></h5>
-				<small>Check for updates</small></p>
-			</div>
-			<div class="p-3">
-				<h4>Site:</h4>
-				<p><h5><a href="https://github.com/slawkens/myaac" target="_blank"><i class="fab fa-github"></i> Github</a></h5>
-				<small>Goto GitHub Page</small></p>
-
-				<p><h5><a href="http://my-aac.org/" target="_blank"><i class="fas fa-shoe-prints"></i> MyAAC Official</a></h5>
-				<small>Goto MyAAC Official Website</small></p>
-
-				<p><h5><a href="?p=open_source"><i class="fas fa-wrench"></i> Open Source</a></h5>
-				<small>View Open Source Software MyAAC is using</small></p>
-			</div>
-		</aside>
-
-		<footer class="main-footer">
-			<div class="float-sm-right d-none d-sm-inline">
-				<span class="p-2 right badge badge-<?php echo((isset($status['online']) and $status['online']) ? 'success' : 'danger'); ?>"><?php echo $config['lua']['serverName'] ?></span>
-			</div>
-			<?php echo base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4='); ?>
-		</footer>
-		<div id="sidebar-overlay"></div>
 	</div>
 
-<?php } else if (!$logged && !admin()) {
+	<footer class="main-footer">
+
+		<div class="pull-right hidden-xs">
+			<div id="status">
+				<?php if ($status['online']): ?>
+					<p class="success" style="width: 120px; text-align: center;">Server Online</p>
+				<?php else: ?>
+					<p class="error" style="width: 120px; text-align: center;">Server Offline</p>
+				<?php endif; ?>
+			</div>
+		</div>
+		<?php echo base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4='); ?>
+	</footer>
+
+	<aside class="control-sidebar control-sidebar-dark">
+		<ul class="nav nav-tabs nav-justified control-sidebar-tabs">
+			<li class="active"><a href="#control-sidebar-home-tab" data-toggle="tab"><i class="fa fa-home"></i></a></li>
+			<li><a href="#control-sidebar-settings-tab" data-toggle="tab"><i class="fa fa-gears"></i></a></li>
+		</ul>
+		<div class="tab-content">
+			<div class="tab-pane active" id="control-sidebar-home-tab">
+				<h3 class="control-sidebar-heading">Account</h3>
+				<ul class="control-sidebar-menu">
+					<li>
+						<a href="?action=logout">
+							<i class="menu-icon fa  fa-sign-out bg-red"></i>
+							<div class="menu-info">
+								<h4 class="control-sidebar-subheading">Log out</h4>
+								<p>This will log you out
+									of <?php echo(USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()); ?></p>
+							</div>
+						</a>
+					</li>
+				</ul>
+				<h3 class="control-sidebar-heading">Site</h3>
+				<ul class="control-sidebar-menu">
+					<li>
+						<a href="<?php echo BASE_URL; ?>" target="_blank">
+							<i class="menu-icon fa  fa-eye bg-blue"></i>
+							<div class="menu-info">
+								<h4 class="control-sidebar-subheading">Preview</h4>
+								<p>This will open a new tab</p>
+							</div>
+						</a>
+					</li>
+				</ul>
+			</div>
+			<div class="tab-pane" id="control-sidebar-settings-tab">
+				<form method="post">
+					<h3 class="control-sidebar-heading">Version</h3>
+
+					<div class="form-group">
+						<label class="control-sidebar-subheading">
+							<?php echo MYAAC_VERSION; ?> (<a href="?p=version">Check for updates</a>)<br/>
+						</label>
+						<label class="control-sidebar-subheading">
+							<p><a href="https://github.com/slawkens/myaac" target="_blank">Github</a></p>
+					</div>
+				</form>
+			</div>
+		</div>
+	</aside>
+	<div class="control-sidebar-bg"></div>
+</div>
+
+<?php }
+if (!$logged && !admin()) {
 	echo $content;
 }
 ?>
-<?php
-/**
- * @var OTS_Account $account_logged
- */
-if ($logged && admin()) {
-	$twig->display('admin-bar.html.twig', [
-		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
-	]);
-}
-?>
+
 <script src="<?php echo BASE_URL; ?>tools/js/bootstrap.min.js"></script>
 <script src="<?php echo BASE_URL; ?>tools/js/jquery-ui.min.js"></script>
-<?php if (isset($use_datatable))  { ?>
-<script src="<?php echo BASE_URL; ?>tools/js/datatables.min.js"></script>
-<script src="<?php echo BASE_URL; ?>tools/js/datatables.bs.min.js"></script>
-<?php } ?>
+<script src="<?php echo BASE_URL; ?>tools/js/jquery.dataTables.min.js"></script>
 <script src="<?php echo BASE_URL; ?>tools/js/adminlte.min.js"></script>
-<?php $hooks->trigger(HOOK_ADMIN_BODY_END); ?>
 </body>
-</html>
+</html>

admin/tools/reload_data.php

@@ -1,46 +0,0 @@
-<?php
-/**
- * Project: MyAAC
- *     Automatic Account Creator for Open Tibia Servers
- *
- * This is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2020 MyAAC
- * @link      https://my-aac.org
- */
-define('MYAAC_ADMIN', true);
-
-require '../../common.php';
-require SYSTEM . 'functions.php';
-require SYSTEM . 'init.php';
-require SYSTEM . 'login.php';
-
-if (!admin())
-	die('Access denied.');
-
-ini_set('max_execution_time', 300);
-ob_implicit_flush();
-ob_end_flush();
-header('X-Accel-Buffering: no');
-
-require LIBS . 'DataLoader.php';
-
-require LOCALE . 'en/main.php';
-require LOCALE . 'en/install.php';
-
-DataLoader::setLocale($locale);
-DataLoader::load();

admin/tools/upload_image.php

@@ -1,53 +0,0 @@
-<?php
-define('MYAAC_ADMIN', true);
-
-require '../../common.php';
-require SYSTEM . 'functions.php';
-require SYSTEM . 'init.php';
-require SYSTEM . 'login.php';
-
-if(!admin())
-	die('Access denied.');
-
-// Don't attempt to process the upload on an OPTIONS request
-if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
-	header('Access-Control-Allow-Methods: POST, OPTIONS');
-	return;
-}
-
-$imageFolder = BASE . EDITOR_IMAGES_DIR;
-
-reset ($_FILES);
-$temp = current($_FILES);
-if (is_uploaded_file($temp['tmp_name'])) {
-	header('Access-Control-Allow-Credentials: true');
-	header('P3P: CP="There is no P3P policy."');
-
-	// Sanitize input
-	if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) {
-		header('HTTP/1.1 400 Invalid file name.');
-		return;
-	}
-
-	// Verify extension
-	$ext = strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION));
-	if (!in_array($ext, ['gif', 'jpg', 'png'])) {
-		header('HTTP/1.1 400 Invalid extension.');
-		return;
-	}
-
-	do {
-		$randomName = generateRandomString(8). ".$ext";
-		$fileToWrite = $imageFolder . $randomName;
-	} while (file_exists($fileToWrite));
-
-	move_uploaded_file($temp['tmp_name'], $fileToWrite);
-
-	$returnPathToImage = BASE_URL . EDITOR_IMAGES_DIR . $randomName;
-	echo json_encode(['location' => $returnPathToImage]);
-} else {
-	// Notify editor that the upload failed
-	header('HTTP/1.1 500 Server Error');
-}
-
-

common.php

@@ -25,93 +25,68 @@
  */
 if (version_compare(phpversion(), '7.2.5', '<')) die('PHP version 7.2.5 or higher is required.');
 
-const MYAAC = true;
-const MYAAC_VERSION = '0.9.0-alpha';
-const DATABASE_VERSION = 35;
-const TABLE_PREFIX = 'myaac_';
+define('MYAAC', true);
+define('MYAAC_VERSION', '0.8.14');
+define('DATABASE_VERSION', 33);
+define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
 define('IS_CLI', in_array(php_sapi_name(), ['cli', 'phpdb']));
 
 // account flags
-const FLAG_NONE = 0;
-const FLAG_ADMIN = 1;
-const FLAG_SUPER_ADMIN = 2;
-const FLAG_SUPER_BOTH = 3;
-const FLAG_CONTENT_PAGES = 4;
-const FLAG_CONTENT_MAILER = 8;
-const FLAG_CONTENT_NEWS = 16;
-const FLAG_CONTENT_FORUM = 32;
-const FLAG_CONTENT_COMMANDS = 64;
-const FLAG_CONTENT_SPELLS = 128;
-const FLAG_CONTENT_MONSTERS = 256;
-const FLAG_CONTENT_GALLERY = 512;
-const FLAG_CONTENT_VIDEOS = 1024;
-const FLAG_CONTENT_FAQ = 2048;
-const FLAG_CONTENT_MENUS = 4096;
-const FLAG_CONTENT_PLAYERS = 8192;
-
-// account access types
-const ACCOUNT_WEB_FLAGS = [
-	FLAG_NONE => 'None',
-	FLAG_ADMIN =>'Admin',
-	FLAG_SUPER_ADMIN => 'Super Admin',
-	FLAG_SUPER_BOTH =>'(Admin + Super Admin)',
-];
+define('FLAG_ADMIN', 1);
+define('FLAG_SUPER_ADMIN', 2);
+define('FLAG_CONTENT_PAGES', 4);
+define('FLAG_CONTENT_MAILER', 8);
+define('FLAG_CONTENT_NEWS', 16);
+define('FLAG_CONTENT_FORUM', 32);
+define('FLAG_CONTENT_COMMANDS', 64);
+define('FLAG_CONTENT_SPELLS', 128);
+define('FLAG_CONTENT_MONSTERS', 256);
+define('FLAG_CONTENT_GALLERY', 512);
+define('FLAG_CONTENT_VIDEOS', 1024);
+define('FLAG_CONTENT_FAQ', 2048);
+define('FLAG_CONTENT_MENUS', 4096);
+define('FLAG_CONTENT_PLAYERS', 8192);
 
 // news
-const NEWS = 1;
-const TICKER = 2;
-const ARTICLE = 3;
-
-// here you can change location of admin panel
-// you need also to rename folder "admin"
-// this may improve security
-const ADMIN_PANEL_FOLDER = 'admin';
+define('NEWS', 1);
+define('TICKER', 2);
+define('ARTICLE', 3);
 
 // directories
-const BASE = __DIR__ . '/';
-const ADMIN = BASE . ADMIN_PANEL_FOLDER . '/';
-const SYSTEM = BASE . 'system/';
-const CACHE = SYSTEM . 'cache/';
-const LOCALE = SYSTEM . 'locale/';
-const LIBS = SYSTEM . 'libs/';
-const LOGS = SYSTEM . 'logs/';
-const PAGES = SYSTEM . 'pages/';
-const PLUGINS = BASE . 'plugins/';
-const TEMPLATES = BASE . 'templates/';
-const TOOLS = BASE . 'tools/';
-const VENDOR = BASE . 'vendor/';
-
-// other dirs
-const SESSIONS_DIR = SYSTEM . 'php_sessions';
-const GUILD_IMAGES_DIR = 'images/guilds/';
-const EDITOR_IMAGES_DIR = 'images/editor/';
-const GALLERY_DIR = 'images/gallery/';
+define('BASE', __DIR__ . '/');
+define('ADMIN', BASE . 'admin/');
+define('SYSTEM', BASE . 'system/');
+define('CACHE', SYSTEM . 'cache/');
+define('LOCALE', SYSTEM . 'locale/');
+define('LIBS', SYSTEM . 'libs/');
+define('LOGS', SYSTEM . 'logs/');
+define('PAGES', SYSTEM . 'pages/');
+define('PLUGINS', BASE . 'plugins/');
+define('TEMPLATES', BASE . 'templates/');
+define('TOOLS', BASE . 'tools/');
 
 // menu categories
-const MENU_CATEGORY_NEWS = 1;
-const MENU_CATEGORY_ACCOUNT = 2;
-const MENU_CATEGORY_COMMUNITY = 3;
-const MENU_CATEGORY_FORUM = 4;
-const MENU_CATEGORY_LIBRARY = 5;
-const MENU_CATEGORY_SHOP = 6;
+define('MENU_CATEGORY_NEWS', 1);
+define('MENU_CATEGORY_ACCOUNT', 2);
+define('MENU_CATEGORY_COMMUNITY', 3);
+define('MENU_CATEGORY_FORUM', 4);
+define('MENU_CATEGORY_LIBRARY', 5);
+define('MENU_CATEGORY_SHOP', 6);
 
 // otserv versions
-const OTSERV = 1;
-const OTSERV_06 = 2;
-const OTSERV_FIRST = OTSERV;
-const OTSERV_LAST = OTSERV_06;
-const TFS_02 = 3;
-const TFS_03 = 4;
-const TFS_FIRST = TFS_02;
-const TFS_LAST = TFS_03;
-
-// other definitions
-const ACCOUNT_NUMBER_LENGTH = 8;
+define('OTSERV', 1);
+define('OTSERV_06', 2);
+define('OTSERV_FIRST', OTSERV);
+define('OTSERV_LAST', OTSERV_06);
+define('TFS_02', 3);
+define('TFS_03', 4);
+define('TFS_FIRST', TFS_02);
+define('TFS_LAST', TFS_03);
 
 if (!IS_CLI) {
-	session_save_path(SESSIONS_DIR);
+	session_save_path(SYSTEM . 'php_sessions');
 	session_start();
 }
 
@@ -122,7 +97,7 @@ $size = count($tmp) - 1;
 for($i = 1; $i < $size; $i++)
 	$basedir .= '/' . $tmp[$i];
 
-$basedir = str_replace(['/' . ADMIN_PANEL_FOLDER, '/install', '/tools'], '', $basedir);
+$basedir = str_replace(array('/admin', '/install', '/tools'), '', $basedir);
 define('BASE_DIR', $basedir);
 
 if(!IS_CLI) {
@@ -138,14 +113,10 @@ if(!IS_CLI) {
 
 	define('SERVER_URL', 'http' . (isset($_SERVER['HTTPS'][0]) && strtolower($_SERVER['HTTPS']) === 'on' ? 's' : '') . '://' . $baseHost);
 	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
-	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
+	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
 
 	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
-}
 
-$autoloadFile = VENDOR . 'autoload.php';
-if (!is_file($autoloadFile)) {
-	throw new RuntimeException('The vendor folder is missing. Please download Composer: <a href="https://getcomposer.org/download">https://getcomposer.org/download</a>, install it and execute in the main MyAAC directory this command: <b>composer install</b>. Or download MyAAC from <a href="https://github.com/slawkens/myaac/releases">GitHub releases</a>, which includes Vendor folder.');
+	require SYSTEM . 'exception.php';
 }
-
-require $autoloadFile;
+require SYSTEM . 'autoload.php';

composer.json

@@ -1,19 +0,0 @@
-{
-    "require": {
-        "php": "^7.2.5 || ^8.0",
-        "ext-pdo": "*",
-        "ext-pdo_mysql": "*",
-        "ext-json": "*",
-        "ext-xml": "*",
-        "ext-dom": "*",
-        "phpmailer/phpmailer": "^6.1",
-        "composer/semver": "^3.2",
-        "twig/twig": "^2.0",
-        "erusev/parsedown": "^1.7",
-        "nikic/fast-route": "^1.3",
-        "matomo/device-detector": "^6.0"
-    },
-    "require-dev": {
-        "filp/whoops": "^2.15"
-    }
-}

config.php

@@ -52,6 +52,7 @@ $config = array(
 	// head options (html)
 	'meta_description' => 'Tibia is a free massive multiplayer online role playing game (MMORPG).', // description of the site
 	'meta_keywords' => 'free online game, free multiplayer game, ots, open tibia server', // keywords list separated by commas
+	'title_separator' => ' - ',
 
 	// footer
 	'footer' => ''/*'<br/>Your Server &copy; 2016. All rights reserved.'*/,
@@ -73,7 +74,7 @@ $config = array(
 	'database_user' => '',
 	'database_password' => '',
 	'database_name' => '',
-	'database_log' => false, // should database queries be logged and saved into system/logs/database.log?
+	'database_log' => false, // should database queries be logged and and saved into system/logs/database.log?
 	'database_socket' => '', // set if you want to connect to database through socket (example: /var/run/mysqld/mysqld.sock)
 	'database_persistent' => false, // use database permanent connection (like server), may speed up your site
 
@@ -86,21 +87,10 @@ $config = array(
 
 	// images
 	'outfit_images_url' => 'https://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
-	'outfit_images_wrong_looktypes' => [75, 126, 127, 266, 302], // this looktypes needs to have different margin-top and margin-left because they are wrong positioned
 	'item_images_url' => 'https://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
-	'item_images_extension' => '.gif',
-
-	// creatures
-	'creatures_images_url' => 'images/monsters/', // set to images/monsters if you host your own creatures in images folder
-	'creatures_images_extension' => '.gif',
-	'creatures_images_preview' => false,  // set to true to allow picture previews for creatures
-	'creatures_items_url' => 'https://tibia.fandom.com/wiki/', // set to website which shows details about items.
-	'creatures_loot_percentage' => true, // set to true to show the loot tooltip percent
 
 	// account
 	'account_management' => true, // disable if you're using other method to manage users (fe. tfs account manager)
-	'account_login_by_email' => false, // use email instead of Account Name like in latest Tibia
-	'account_login_by_email_fallback' => false, // allow also additionally login by Account Name/Number (for users that might forget their email)
 	'account_create_auto_login' => false, // auto login after creating account?
 	'account_create_character_create' => true, // allow directly to create character on create account page?
 	'account_mail_verify' => false, // force users to confirm their email addresses when registering
@@ -112,7 +102,6 @@ $config = array(
 		'message' => 'You received %d %s for confirming your E-Mail address.' // example: You received 20 premium points for confirming your E-Mail address.
 	],
 	'account_mail_unique' => true, // email addresses cannot be duplicated? (one account = one email)
-	'account_mail_block_plus_sign' => true, // block email with '+' signs like test+box@gmail.com (help protect against spamming accounts)
 	'account_premium_days' => 0, // default premium days on new account
 	'account_premium_points' => 0, // default premium points on new account
 	'account_welcome_mail' => true, // send welcome email when user registers
@@ -142,24 +131,18 @@ $config = array(
 	'smtp_secure' => '', // What kind of encryption to use on the SMTP connection. Options: '', 'ssl' (GMail) or 'tls' (Microsoft Outlook)
 	'smtp_debug' => false, // set true to debug (you will see more info in error.log)
 
+	// reCAPTCHA (prevent spam bots)
+	'recaptcha_enabled' => false, // enable recaptcha verification code
+	'recaptcha_site_key' => '', // get your own site and secret keys at https://www.google.com/recaptcha
+	'recaptcha_secret_key' => '',
+	'recaptcha_theme' => 'light', // light, dark
+
 	//
 	'generate_new_reckey' => true,				// let player generate new recovery key, he will receive e-mail with new rec key (not display on page, hacker can't generate rec key)
 	'generate_new_reckey_price' => 20,			// price for new recovery key
 	'send_mail_when_change_password' => true,	// send e-mail with new password when change password to account
 	'send_mail_when_generate_reckey' => true,	// send e-mail with rec key (key is displayed on page anyway when generate)
 
-	// you may need to adjust this for older tfs versions
-	// by removing Community Manager
-	'account_types' => [
-		'None',
-		'Normal',
-		'Tutor',
-		'Senior Tutor',
-		'Gamemaster',
-		'Community Manager',
-		'God',
-	],
-
 	// genders (aka sex)
 	'genders' => array(
 		0 => 'Female',
@@ -188,12 +171,9 @@ $config = array(
 	// This is the minimum and the maximum length that a player can create a character. It is highly recommend the maximum length to be 21.
 	'character_name_min_length' => 4,
 	'character_name_max_length' => 21,
-	'character_name_npc_check' => true,
 
 	// list of towns
-	// if you use TFS 1.3 with support for 'towns' table in database, then you can ignore this - it will be configured automatically (from MySQL database - Table - towns)
-	// otherwise it will try to load from your .OTBM map file
-	// if you don't see towns on website, then you need to fill this out
+	// if you use TFS 1.3 with support for 'towns' table in database, then you can ignore this - it will be configured automatically (generated from your .OTBM map)
 	'towns' => array(
 		0 => 'No town',
 		1 => 'Sample town'
@@ -204,7 +184,6 @@ $config = array(
 	'guild_need_level' => 1, // min. level to form a guild
 	'guild_need_premium' => true, // require premium account to form a guild?
 	'guild_image_size_kb' => 80, // maximum size of the guild logo image in KB (kilobytes)
-	'guild_description_default' => 'New guild. Leader must edit this text :)',
 	'guild_description_chars_limit' => 1000, // limit of guild description
 	'guild_description_lines_limit' => 6, // limit of lines, if description has more lines it will be showed as long text, without 'enters'
 	'guild_motd_chars_limit' => 150, // limit of MOTD (message of the day) that is shown later in the game on the guild channel
@@ -225,19 +204,19 @@ $config = array(
 	'team_display_outfit' => true,
 
 	// bans page
-	'bans_per_page' => 20,
+	'bans_limit' => 50,
+	'bans_display_all' => true, // should all bans be displayed? (sorted page by page)
 
 	// highscores page
 	'highscores_vocation_box' => true, // show 'Choose a vocation' box on the highscores (allowing peoples to sort highscores by vocation)?
 	'highscores_vocation' => true, // show player vocation under his nickname?
-	'highscores_frags' => false, // show 'Frags' tab (best fraggers on the server)?
+	'highscores_frags' => false, // show 'Frags' tab (best fraggers on the server)? Only 0.3
 	'highscores_balance' => false, // show 'Balance' tab (richest players on the server)
 	'highscores_outfit' => true, // show player outfit?
 	'highscores_country_box' => false, // doesnt work yet! (not implemented)
 	'highscores_groups_hidden' => 3, // this group id and higher won't be shown on the highscores
 	'highscores_ids_hidden' => array(0), // this ids of players will be hidden on the highscores (should be ids of samples)
-	'highscores_per_page' => 100, // how many records per page on highscores
-	'highscores_cache_ttl' => 15, // how often to update highscores from database in minutes (default 15 minutes)
+	'highscores_length' => 100, // how many records per page on highscores
 
 	// characters page
 	'characters' => array( // what things to display on character view page (true/false in each option)
@@ -291,7 +270,7 @@ $config = array(
 	'status_enabled' => true, // you can disable status checking by settings this to "false"
 	'status_ip' => '',
 	'status_port' => '',
-	'status_timeout' => 2.0, // how long to wait for the initial response from the server (default: 2 seconds)
+	'status_timeout' => 2, // how long to wait for the initial response from the server (default: 2 seconds)
 
 	// how often to connect to server and update status (default: every minute)
 	// if your status timeout in config.lua is bigger, that it will be used instead
@@ -299,11 +278,7 @@ $config = array(
 	'status_interval' => 60,
 
 	// admin panel
-	'admin_plugins_manage_enable' => 'yes', // you can disable possibility to upload and uninstall plugins, for security
-	// enable support for plain php pages in admin panel, for security
-	// existing pages still will be working, so you need to delete them manually
-	'admin_pages_php_enable' => 'no',
-	'admin_panel_modules' => 'statistics,web_status,server_status,lastlogin,created,points,coins,balance',    // default - statistics,web_status,server_status,lastlogin,created,points,coins,balance
+	'admin_panel_modules' => 'lastlogin,points,coins',
 
 	// other
 	'anonymous_usage_statistics' => true,
@@ -314,5 +289,13 @@ $config = array(
 	'date_timezone' => 'Europe/Berlin', // more info at http://php.net/manual/en/timezones.php
 	'footer_show_load_time' => true, // display load time of the page in the footer
 
-	'npc' => array()
+	'npc' => array(),
+	
+	// character name blocked
+	'character_name_blocked' => array(
+		'prefix' => array(),
+		'names' => array(),
+		'words' => array(),
+	),
+	
 );

cypress.config.js

@@ -1,9 +0,0 @@
-const { defineConfig } = require("cypress");
-
-module.exports = defineConfig({
-  e2e: {
-    setupNodeEvents(on, config) {
-      // implement node event listeners here
-    },
-  },
-});

cypress/e2e/1-install.cy.js

@@ -1,75 +0,0 @@
-describe('Install MyAAC', () => {
-	beforeEach(() => {
-		// Cypress starts out with a blank slate for each test
-		// so we must tell it to visit our website with the `cy.visit()` command.
-		// Since we want to visit the same URL at the start of all our tests,
-		// we include it in our beforeEach function so that it runs before each test
-		cy.visit(Cypress.env('URL'))
-	})
-
-	it('Go through installer', () => {
-		cy.visit(Cypress.env('URL') + '/install/?step=welcome')
-		cy.wait(1000)
-
-		cy.screenshot('install-welcome')
-
-		// step 1 - Welcome
-		cy.get('select[name="lang"]').select('en')
-
-		//cy.get('input[type=button]').contains('Next »').click()
-
-		cy.get('form').submit()
-
-		// step 2 - License
-		// just skip
-		cy.contains('GNU/GPL License');
-		cy.get('form').submit()
-
-		// step 3 - Requirements
-		cy.contains('Requirements check');
-
-		cy.get('#step').then(elem => {
-			elem.val('config');
-		});
-
-		cy.get('form').submit()
-
-		// step 4 - Configuration
-		cy.contains('Basic configuration');
-
-		cy.get('#vars_server_path').click().clear().type(Cypress.env('SERVER_PATH'))
-		cy.get('#vars_mail_admin').click().clear().type('noone@example.net')
-
-		cy.get('[type="checkbox"]').uncheck() // usage statistics uncheck
-
-		cy.wait(1000)
-
-		cy.get('form').submit()
-
-		// check if there is any error
-
-
-		// step 5 - Import Schema
-		cy.contains('Import MySQL schema');
-
-		// AAC is not installed yet, this message should not come
-		cy.contains('Seems AAC is already installed. Skipping importing MySQL schema..').should('not.exist')
-
-		cy.contains('[class="alert alert-success"]', 'Local configuration has been saved into file: config.local.php').should('be.visible')
-
-		cy.get('form').submit()
-
-		// step 6 - Admin Account
-		cy.get('#vars_email').click().clear().type('admin@my-aac.org')
-		cy.get('#vars_account').click().clear().type('admin')
-		cy.get('#vars_password').click().clear().type('test1234')
-		cy.get('#vars_password_confirm').click().clear().type('test1234')
-		cy.get('#vars_player_name').click().clear().type('Admin')
-
-		cy.get('form').submit()
-
-		cy.contains('[class="alert alert-success"]', 'Congratulations', { timeout: 30000 }).should('be.visible')
-
-		cy.screenshot('install-finish')
-	})
-})

cypress/e2e/2-create-account.cy.js

@@ -1,33 +0,0 @@
-describe('Create Account Page', () => {
-	beforeEach(() => {
-		// Cypress starts out with a blank slate for each test
-		// so we must tell it to visit our website with the `cy.visit()` command.
-		// Since we want to visit the same URL at the start of all our tests,
-		// we include it in our beforeEach function so that it runs before each test
-		cy.visit(Cypress.env('URL') + '/index.php/account/create')
-	})
-
-	it('Create Test Account', () => {
-		cy.screenshot('create-account-page')
-
-		cy.get('#account_input').type('tester')
-		cy.get('#email').type('tester@example.com')
-
-		cy.get('#password').type('test1234')
-		cy.get('#password2').type('test1234')
-
-		cy.get('#character_name').type('Slaw')
-
-		cy.get('#sex1').check()
-		cy.get('#vocation1').check()
-		cy.get('#accept_rules').check()
-
-		cy.get('#createaccount').submit()
-
-		// no errors please
-		cy.contains('The Following Errors Have Occurred:').should('not.exist')
-
-		// ss of post page
-		cy.screenshot('create-account-page-post')
-	})
-})

cypress/e2e/3-check-public-pages.cy.js

@@ -1,174 +0,0 @@
-describe('Check Public Pages', () => {
-
-	/// news
-	it('Go to news page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/news',
-			method: 'GET',
-		})
-	})
-
-	it('Go to news archive page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/news/archive',
-			method: 'GET',
-		})
-	})
-
-	it('Go to changelog page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/changelog',
-			method: 'GET',
-		})
-	})
-
-	/// account management
-	it('Go to account manage page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/manage',
-			method: 'GET',
-		})
-	})
-
-	it('Go to account create page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/create',
-			method: 'GET',
-		})
-	})
-
-	it('Go to account lost page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/lost',
-			method: 'GET',
-		})
-	})
-
-	it('Go to rules page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/rules',
-			method: 'GET',
-		})
-	})
-
-	// community
-	it('Go to online page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/online',
-			method: 'GET',
-		})
-	})
-
-	it('Go to characters list page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/characters',
-			method: 'GET',
-		})
-	})
-
-	it('Go to guilds page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/guilds',
-			method: 'GET',
-		})
-	})
-
-	it('Go to highscores page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/highscores',
-			method: 'GET',
-		})
-	})
-
-	it('Go to last kills page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/lastkills',
-			method: 'GET',
-		})
-	})
-
-	it('Go to houses page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/houses',
-			method: 'GET',
-		})
-	})
-
-	it('Go to bans page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/bans',
-			method: 'GET',
-		})
-	})
-
-	it('Go to forum page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/forum',
-			method: 'GET',
-		})
-	})
-
-	it('Go to team page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/team',
-			method: 'GET',
-		})
-	})
-
-	// library
-	it('Go to creatures page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/creatures',
-			method: 'GET',
-		})
-	})
-
-	it('Go to spells page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/spells',
-			method: 'GET',
-		})
-	})
-
-	it('Go to server info page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/serverInfo',
-			method: 'GET',
-		})
-	})
-
-	it('Go to commands page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/commands',
-			method: 'GET',
-		})
-	})
-
-	it('Go to downloads page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/downloads',
-			method: 'GET',
-		})
-	})
-
-	it('Go to gallery page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/gallery',
-			method: 'GET',
-		})
-	})
-
-	it('Go to experience table page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/experienceTable',
-			method: 'GET',
-		})
-	})
-
-	it('Go to faq page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/faq',
-			method: 'GET',
-		})
-	})
-})

cypress/e2e/4-check-protected-pages.cy.js

@@ -1,81 +0,0 @@
-const REQUIRED_LOGIN_MESSAGE = 'Please enter your account name and your password.';
-const YOU_ARE_NOT_LOGGEDIN = 'You are not logged in.';
-
-describe('Check Protected Pages', () => {
-
-	// character actions
-	it('Go to accouht character creation page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/character/create',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	it('Go to accouht character deletion page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/character/delete',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	// account actions
-	it('Go to accouht email change page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/email',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	it('Go to accouht password change page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/password',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	it('Go to accouht info change page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/info',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	it('Go to accouht logout change page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/logout',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	// guild actions
-	it('Go to guild creation page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/?subtopic=guilds&action=create',
-			method: 'GET',
-		})
-		cy.contains(YOU_ARE_NOT_LOGGEDIN)
-	})
-
-	it('Go to guilds cleanup players action page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/?subtopic=guilds&action=cleanup_players',
-			method: 'GET',
-		})
-		cy.contains(YOU_ARE_NOT_LOGGEDIN)
-	})
-
-	it('Go to guilds cleanup guilds action page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/?subtopic=guilds&action=cleanup_guilds',
-			method: 'GET',
-		})
-		cy.contains(YOU_ARE_NOT_LOGGEDIN)
-	})
-
-})

cypress/fixtures/example.json

@@ -1,5 +0,0 @@
-{
-  "name": "Using fixtures to represent data",
-  "email": "hello@cypress.io",
-  "body": "Fixtures are a great way to mock data for responses to routes"
-}

cypress/support/commands.js

@@ -1,25 +0,0 @@
-// ***********************************************
-// This example commands.js shows you how to
-// create various custom commands and overwrite
-// existing commands.
-//
-// For more comprehensive examples of custom
-// commands please read more here:
-// https://on.cypress.io/custom-commands
-// ***********************************************
-//
-//
-// -- This is a parent command --
-// Cypress.Commands.add('login', (email, password) => { ... })
-//
-//
-// -- This is a child command --
-// Cypress.Commands.add('drag', { prevSubject: 'element'}, (subject, options) => { ... })
-//
-//
-// -- This is a dual command --
-// Cypress.Commands.add('dismiss', { prevSubject: 'optional'}, (subject, options) => { ... })
-//
-//
-// -- This will overwrite an existing command --
-// Cypress.Commands.overwrite('visit', (originalFn, url, options) => { ... })

cypress/support/e2e.js

@@ -1,20 +0,0 @@
-// ***********************************************************
-// This example support/e2e.js is processed and
-// loaded automatically before your test files.
-//
-// This is a great place to put global configuration and
-// behavior that modifies Cypress.
-//
-// You can change the location of this file or turn off
-// automatically serving support files with the
-// 'supportFile' configuration option.
-//
-// You can read more here:
-// https://on.cypress.io/configuration
-// ***********************************************************
-
-// Import commands.js using ES2015 syntax:
-import './commands'
-
-// Alternatively you can use CommonJS syntax:
-// require('./commands')

index.php

@@ -28,22 +28,18 @@ require_once 'common.php';
 require_once SYSTEM . 'functions.php';
 
 $uri = $_SERVER['REQUEST_URI'];
-if(false !== strpos($uri, 'index.php')) {
-	$uri = str_replace_first('/index.php', '', $uri);
-}
 
-if(0 === strpos($uri, '/')) {
+$tmp = BASE_DIR;
+if(!empty($tmp))
+	$uri = str_replace(BASE_DIR . '/', '', $uri);
+else
 	$uri = str_replace_first('/', '', $uri);
-}
 
-if(preg_match("/^[A-Za-z0-9-_%'+\/]+\.png$/i", $uri)) {
-	if (!empty(BASE_DIR)) {
-		$tmp = explode('.', str_replace_first(str_replace_first('/', '', BASE_DIR) . '/', '', $uri));
-	}
-	else {
-		$tmp = explode('.', $uri);
-	}
+$uri = str_replace(array('index.php/', '?'), '', $uri);
+define('URI', $uri);
 
+if(preg_match("/^[A-Za-z0-9-_%'+]+\.png$/i", $uri)) {
+	$tmp = explode('.', $uri);
 	$_REQUEST['name'] = urldecode($tmp[0]);
 
 	chdir(TOOLS . 'signature');
@@ -51,7 +47,7 @@ if(preg_match("/^[A-Za-z0-9-_%'+\/]+\.png$/i", $uri)) {
 	exit();
 }
 
-if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
+if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
 	http_response_code(404);
 	exit;
 }
@@ -78,28 +74,134 @@ if((!isset($config['installed']) || !$config['installed']) && file_exists(BASE .
 	throw new RuntimeException('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
 }
 
-$template_place_holders = array();
-
 require_once SYSTEM . 'init.php';
+require_once SYSTEM . 'template.php';
 
 // verify myaac tables exists in database
 if(!$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
 }
 
+$found = false;
+if(empty($uri) || isset($_REQUEST['template'])) {
+	$_REQUEST['p'] = 'news';
+	$found = true;
+}
+else {
+	$tmp = strtolower($uri);
+	if (!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(TEMPLATES . $template_name . '/pages/' . $tmp . '.php')) {
+		$_REQUEST['p'] = $uri;
+		$found = true;
+	}
+	else if (!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $tmp . '.php')) {
+		$_REQUEST['p'] = $uri;
+		$found = true;
+	}
+	else {
+		$rules = array(
+			'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
+			'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
+			'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
+			'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
+			'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
+			'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
+			'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
+			'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
+			'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
+			'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
+			'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
+			'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
+			'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
+			'/^account\/character\/comment\/[A-Za-z0-9-_%+\']+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
+			'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
+			'/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
+			'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
+			'/^changelog\/[0-9]+\/?$/' => array('subtopic' => 'changelog', 'page' => '$1'),
+			'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
+			'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
+			'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
+			'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
+			'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
+			'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
+			'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
+			'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
+			'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
+			'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
+			'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
+			'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
+			'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
+			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
+			'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
+			'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
+			'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
+			'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
+			'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
+			'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
+			'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
+			'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
+			'/^houses\/view\/?$/' => array('subtopic' => 'houses', 'page' => 'view')
+		);
+
+		foreach ($rules as $rule => $redirect) {
+			if (preg_match($rule, $uri)) {
+				$tmp = explode('/', $uri);
+				/* @var $redirect array */
+				foreach ($redirect as $key => $value) {
+
+					if (strpos($value, '$') !== false) {
+						$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
+					}
+
+					$_REQUEST[$key] = $value;
+					$_GET[$key] = $value;
+				}
+
+				$found = true;
+				break;
+			}
+		}
+	}
+}
+
+// handle ?fbclid=x, etc. (show news page)
+if (!$found && count($_GET) > 0 && !isset($_REQUEST['subtopic']) && !isset($_REQUEST['p']) && !in_array($_SERVER['QUERY_STRING'], getDatabasePages())) {
+	$_REQUEST['p'] = $_REQUEST['subtopic'] = 'news';
+	$found = true;
+}
+
+// define page visited, so it can be used within events system
+$page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_REQUEST['p']) ? $_REQUEST['p'] : '');
+if(empty($page) || !preg_match('/^[A-z0-9\_\-]+$/', $page)) {
+	$tmp = URI;
+	if(!empty($tmp)) {
+		$page = $tmp;
+	}
+	else {
+		if(!$found)
+			$page = '404';
+		else
+			$page = 'news';
+	}
+}
+
+$page = strtolower($page);
+define('PAGE', $page);
+
+$template_place_holders = array();
+
 // event system
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
 $hooks->load();
-require_once SYSTEM . 'template.php';
 require_once SYSTEM . 'login.php';
 require_once SYSTEM . 'status.php';
 
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
 
-require_once SYSTEM . 'router.php';
-
 require SYSTEM . 'migrate.php';
 
 $hooks->trigger(HOOK_STARTUP);
@@ -148,6 +250,35 @@ if($config['visitors_counter'])
 	$visitors = new Visitors($config['visitors_counter_ttl']);
 }
 
+// page content loading
+if(!isset($content[0]))
+	$content = '';
+$load_it = true;
+
+// check if site has been closed
+$site_closed = false;
+if(fetchDatabaseConfig('site_closed', $site_closed)) {
+	$site_closed = ($site_closed == 1);
+	if($site_closed) {
+		if(!admin())
+		{
+			$title = getDatabaseConfig('site_closed_title');
+			$content .= '<p class="note">' . getDatabaseConfig('site_closed_message') . '</p><br/>';
+			$load_it = false;
+		}
+
+		if(!$logged)
+		{
+			ob_start();
+			require SYSTEM . 'pages/accountmanagement.php';
+			$content .= ob_get_contents();
+			ob_end_clean();
+			$load_it = false;
+		}
+	}
+}
+define('SITE_CLOSED', $site_closed);
+
 // backward support for gesior
 if($config['backward_support']) {
 	define('INITIALIZED', true);
@@ -156,6 +287,7 @@ if($config['backward_support']) {
 	$layout_name = $template_path;
 	$news_content = '';
 	$tickers_content = '';
+	$subtopic = PAGE;
 	$main_content = '';
 
 	$config['access_admin_panel'] = 2;
@@ -186,15 +318,67 @@ if($config['backward_support']) {
 		$config['status']['serverStatus_' . $key] = $value;
 }
 
-/**
- * @var OTS_Account $account_logged
- */
-if ($logged && admin()) {
-	$content .= $twig->render('admin-bar.html.twig', [
-		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
-	]);
+if($load_it)
+{
+	if(SITE_CLOSED && admin())
+		$content .= '<p class="note">Site is under maintenance (closed mode). Only privileged users can see it.</p>';
+
+	if($config['backward_support']) {
+		require SYSTEM . 'compat/pages.php';
+		require SYSTEM . 'compat/classes.php';
+	}
+
+	$ignore = false;
+
+	$logged_access = 1;
+	if($logged && $account_logged && $account_logged->isLoaded()) {
+		$logged_access = $account_logged->getAccess();
+	}
+
+	$success = false;
+	$tmp_content = getCustomPage($page, $success);
+	if($success) {
+		$content .= $tmp_content;
+		if(hasFlag(FLAG_CONTENT_PAGES) || superAdmin()) {
+			$pageInfo = getCustomPageInfo($page);
+			$content = $twig->render('admin.pages.links.html.twig', array(
+					'page' => array('id' => $pageInfo !== null ? $pageInfo['id'] : 0, 'hidden' => $pageInfo !== null ? $pageInfo['hidden'] : '0')
+				)) . $content;
+		}
+	} else {
+		$file = TEMPLATES . "$template_name/pages/$page.php";
+		if(!@file_exists($file) || preg_match('/[^A-z0-9_\-]/', $page)) {
+			$file = SYSTEM . "pages/$page.php";
+			if(!@file_exists($file) || preg_match('/[^A-z0-9_\-]/', $page)) {
+				$page = '404';
+				$file = SYSTEM . 'pages/404.php';
+			}
+		}
+	}
+
+	ob_start();
+	if($hooks->trigger(HOOK_BEFORE_PAGE)) {
+		if(!$ignore)
+			require $file;
+	}
+
+	if($config['backward_support'] && isset($main_content[0]))
+		$content .= $main_content;
+
+	$content .= ob_get_contents();
+	ob_end_clean();
+	$hooks->trigger(HOOK_AFTER_PAGE);
 }
-$title_full =  (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];
+
+if($config['backward_support']) {
+	$main_content = $content;
+	if(!isset($title))
+		$title = ucfirst($page);
+
+	$topic = $title;
+}
+
+$title_full =  (isset($title) ? $title . $config['title_separator'] : '') . $config['lua']['serverName'];
 require $template_path . '/' . $template_index;
 
 echo base64_decode('PCEtLSBQb3dlcmVkIGJ5IE15QUFDIDo6IGh0dHBzOi8vd3d3Lm15LWFhYy5vcmcvIC0tPg==') . PHP_EOL;

install/includes/database.php

@@ -6,18 +6,12 @@ $ots = POT::getInstance();
 require SYSTEM . 'database.php';
 
 if(!isset($db)) {
-	$database_error = '<p class="lead">' . $locale['step_database_error_mysql_connect'] . '</p>';
-	
-	$database_error .= '<p>' . $locale['step_database_error_mysql_connect_2'] . '</p>';
-
-	$database_error .= '<ul class="list-group">' .
-							'<li class="list-group-item list-group-item-warning">' . $locale['step_database_error_mysql_connect_3'] . '</li>' .
-							'<li class="list-group-item list-group-item-warning">' . $locale['step_database_error_mysql_connect_4'] . '</li>' .
-						'</ul>';
-
-	$database_error .= '<div class="alert alert-danger mt-4">
-							<span>' . $error . '</span>
-						</div>';
+	$database_error = $locale['step_database_error_mysql_connect'] . '<br/>' .
+			$locale['step_database_error_mysql_connect_2'] .
+			'<ul>' .
+				'<li>' . $locale['step_database_error_mysql_connect_3'] . '</li>' .
+				'<li>' . $locale['step_database_error_mysql_connect_4'] . '</li>' .
+			'</ul>' . '<br/>' . $error;
 }
 else {
 	if($db->hasTable('accounts'))

install/includes/functions.php

@@ -62,9 +62,9 @@ function next_buttons($previous = true, $next = true)
 		$ret .= '<input class="button" type="submit" onclick="document.getElementById(\'step\').value=\'' . $steps[$i + 1] . '\';" value="' . $locale['next'] . '" />';
 */
 	if($previous)
-		$ret .= '<input type="button" class="button btn btn-primary m-2" onclick="document.getElementById(\'step\').value=\'' . $steps[$i - 1] . '\'; this.form.submit();" value="&laquo; ' . $locale['previous'] . '" />';
+		$ret .= '<input type="button" class="button" onclick="document.getElementById(\'step\').value=\'' . $steps[$i - 1] . '\'; this.form.submit();" value="&laquo; ' . $locale['previous'] . '" />';
 	if($next)
-		$ret .= '<input type="button" class="button btn btn-primary m-2" onclick="document.getElementById(\'step\').value=\'' . $steps[$i + 1] . '\'; this.form.submit(); " value="' . $locale['next'] . ' &raquo;" />';
+		$ret .= '<input type="button" class="button" onclick="document.getElementById(\'step\').value=\'' . $steps[$i + 1] . '\'; this.form.submit(); " value="' . $locale['next'] . ' &raquo;" />';
 
 	$ret .= '</div>';
 	return $ret;

install/includes/schema.sql

@@ -1,4 +1,4 @@
-SET @myaac_database_version = 35;
+SET @myaac_database_version = 33;
 
 CREATE TABLE `myaac_account_actions`
 (
@@ -203,29 +203,25 @@ CREATE TABLE `myaac_monsters` (
 	`mana` int(11) NOT NULL DEFAULT 0,
 	`exp` int(11) NOT NULL,
 	`health` int(11) NOT NULL,
-	`look` VARCHAR(255) NOT NULL DEFAULT '',
 	`speed_lvl` int(11) NOT NULL default 1,
 	`use_haste` tinyint(1) NOT NULL,
 	`voices` text NOT NULL,
 	`immunities` varchar(255) NOT NULL,
-	`elements` TEXT NOT NULL,
 	`summonable` tinyint(1) NOT NULL,
 	`convinceable` tinyint(1) NOT NULL,
-	`pushable` TINYINT(1) NOT NULL DEFAULT '0',
-	`canpushitems` TINYINT(1) NOT NULL DEFAULT '0',
-	`canwalkonenergy` TINYINT(1) NOT NULL DEFAULT '0',
-	`canwalkonpoison` TINYINT(1) NOT NULL DEFAULT '0',
-	`canwalkonfire` TINYINT(1) NOT NULL DEFAULT '0',
-	`runonhealth` TINYINT(1) NOT NULL DEFAULT '0',
-	`hostile` TINYINT(1) NOT NULL DEFAULT '0',
-	`attackable` TINYINT(1) NOT NULL DEFAULT '0',
-	`rewardboss` TINYINT(1) NOT NULL DEFAULT '0',
-	`defense` INT(11) NOT NULL DEFAULT '0',
-	`armor` INT(11) NOT NULL DEFAULT '0',
-	`canpushcreatures` TINYINT(1) NOT NULL DEFAULT '0',
 	`race` varchar(255) NOT NULL,
 	`loot` text NOT NULL,
-	`summons` TEXT NOT NULL,
+	PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+
+CREATE TABLE `myaac_videos`
+(
+	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`title` VARCHAR(100) NOT NULL DEFAULT '',
+	`youtube_id` VARCHAR(20) NOT NULL,
+	`author` VARCHAR(50) NOT NULL DEFAULT '',
+	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 
@@ -331,7 +327,6 @@ CREATE TABLE `myaac_visitors`
 	`ip` VARCHAR(45) NOT NULL,
 	`lastvisit` INT(11) NOT NULL DEFAULT 0,
 	`page` VARCHAR(2048) NOT NULL,
-	`user_agent` VARCHAR(255) NOT NULL DEFAULT '',
 	UNIQUE (`ip`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 

install/includes/twig_error.html

@@ -8,4 +8,4 @@ We have detected that you don't have access to write to the system/cache directo
 	border: 3px double #CCCCCC;
 	padding: 0;
 }
-</style>
+</style>

install/index.php

@@ -26,13 +26,13 @@ $twig = new Twig_Environment($twig_loader, array(
 ));
 
 // load installation status
-$step = $_REQUEST['step'] ?? 'welcome';
+$step = isset($_POST['step']) ? $_POST['step'] : 'welcome';
 
 $install_status = array();
 if(file_exists(CACHE . 'install.txt')) {
 	$install_status = unserialize(file_get_contents(CACHE . 'install.txt'));
 
-	if(!isset($_REQUEST['step'])) {
+	if(!isset($_POST['step'])) {
 		$step = isset($install_status['step']) ? $install_status['step'] : '';
 	}
 }
@@ -70,7 +70,7 @@ if($step == 'database') {
 
 		$key = str_replace('var_', '', $key);
 
-		if(in_array($key, array('account', 'account_id', 'password', 'password_confirm', 'email', 'player_name'))) {
+		if(in_array($key, array('account', 'account_id', 'password', 'email', 'player_name'))) {
 			continue;
 		}
 
@@ -95,6 +95,10 @@ if($step == 'database') {
 			$errors[] = $locale['step_config_mail_admin_error'];
 			break;
 		}
+		else if($key == 'mail_address' && !Validator::email($value)) {
+			$errors[] = $locale['step_config_mail_address_error'];
+			break;
+		}
 		else if($key == 'timezone' && !in_array($value, DateTimeZone::listIdentifiers())) {
 			$errors[] = $locale['step_config_timezone_error'];
 			break;
@@ -120,7 +124,6 @@ else if($step == 'admin') {
 else if($step == 'finish') {
 	$email = $_SESSION['var_email'];
 	$password = $_SESSION['var_password'];
-	$password_confirm = $_SESSION['var_password_confirm'];
 	$player_name = $_SESSION['var_player_name'];
 
 	// email check
@@ -162,9 +165,6 @@ else if($step == 'finish') {
 	else if(!Validator::password($password)) {
 		$errors[] = $locale['step_admin_password_error_format'];
 	}
-	else if($password != $password_confirm) {
-		$errors[] = $locale['step_admin_password_confirm_error_not_same'];
-	}
 
 	// player name check
 	if(empty($player_name)) {

install/steps/1-welcome.php

@@ -1,7 +1,7 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
-	echo '<div class="alert alert-warning"><span>' . $locale['already_installed'] . '</span></div>';
+	echo '<p class="warning">' . $locale['already_installed'] . '</p>';
 }
 else {
 	unset($_SESSION['saved']);

install/steps/3-requirements.php

@@ -2,21 +2,8 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 // configuration
-$dirs_required = [
-	'system/logs',
-	'system/cache',
-];
-$dirs_optional = [
-	GUILD_IMAGES_DIR => $locale['step_requirements_warning_images_guilds'],
-	GALLERY_DIR => $locale['step_requirements_warning_images_gallery'],
-];
-
 $extensions_required = [
-	'pdo', 'pdo_mysql', 'json', 'xml'
-];
-$extensions_optional = [
-	'gd' => $locale['step_requirements_warning_player_signatures'],
-	'zip' => $locale['step_requirements_warning_install_plugins'],
+	'pdo', 'pdo_mysql', 'xml', 'zip'
 ];
 /*
  *
@@ -27,11 +14,11 @@ $extensions_optional = [
 function version_check($name, $ok, $info = '', $warning = false)
 {
 	global $failed;
-	echo '<div class="alert alert-' . ($ok ? 'success' : ($warning ? 'warning' : 'danger')) . '">' . $name;
+	echo '<p class="' . ($ok ? 'success' : ($warning ? 'warning' : 'error')) . '">' . $name;
 	if(!empty($info))
 		echo ': <b>' . $info . '</b>';
 
-	echo '</div>';
+	echo '</p>';
 	if(!$ok && !$warning)
 		$failed = true;
 }
@@ -40,18 +27,12 @@ $failed = false;
 
 // start validating
 version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50500), PHP_VERSION);
-
-foreach ($dirs_required as $value)
+foreach(array('images/guilds', 'images/houses', 'images/gallery') as $value)
 {
-	$is_writable = is_writable(BASE . $value) && (MYAAC_OS != 'WINDOWS' || win_is_writable(BASE . $value));
+	$is_writable = is_writable(BASE . $value);
 	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $is_writable);
 }
 
-foreach ($dirs_optional as $dir => $errorMsg) {
-	$is_writable = is_writable(BASE . $dir) && (MYAAC_OS != 'WINDOWS' || win_is_writable(BASE . $dir));
-	version_check($locale['step_requirements_write_perms'] . ': ' . $dir, $is_writable, $is_writable ? '' : $errorMsg, true);
-}
-
 $ini_register_globals = ini_get_bool('register_globals');
 version_check('register_long_arrays', !$ini_register_globals, $ini_register_globals ? $locale['on'] : $locale['off']);
 
@@ -63,19 +44,12 @@ foreach ($extensions_required as $ext) {
 	version_check(str_replace('$EXTENSION$', strtoupper($ext), $locale['step_requirements_extension']) , $loaded, $loaded ? $locale['loaded'] : $locale['not_loaded']);
 }
 
-foreach ($extensions_optional as $ext => $errorMsg) {
-	$loaded = extension_loaded($ext);
-	version_check(str_replace('$EXTENSION$', strtoupper($ext), $locale['step_requirements_extension']) , $loaded, $loaded ? $locale['loaded'] : $locale['not_loaded'] . '. ' . $errorMsg, true);
-}
 
-echo '<div class="text-center m-3">';
-
-if($failed) {
-	echo '<div class="alert alert-warning"><span>' . $locale['step_requirements_failed'] . '</span></div>';
+if($failed)
+{
+	echo '<br/><b>' . $locale['step_requirements_failed'];
 	echo next_form(true, false);
-}else {
-	echo next_form(true, true);
 }
-
-echo '</div>';
-?>
+else
+	echo next_form(true, true);
+?>

install/steps/5-database.php

@@ -21,6 +21,8 @@ if(!$error) {
 	// user can disable when he wants
 	$content .= '$config[\'env\'] = \'prod\'; // dev or prod';
 	$content .= PHP_EOL;
+	$content .= '$config[\'mail_enabled\'] = true;';
+	$content .= PHP_EOL;
 	foreach($_SESSION as $key => $value)
 	{
 		if(strpos($key, 'var_') !== false)
@@ -84,6 +86,11 @@ if(!$error) {
 					$error = true;
 				}
 
+				if(!Validator::email($_SESSION['var_mail_address'])) {
+					error($locale['step_config_mail_address_error']);
+					$error = true;
+				}
+
 				$content .= '$config[\'session_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
 				$content .= PHP_EOL;
 				$content .= '$config[\'cache_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
@@ -113,10 +120,8 @@ if(!$error) {
 }
 ?>
 
-<div class="text-center m-3">
-	<form action="<?php echo BASE_URL; ?>install/" method="post">
-		<input type="hidden" name="step" id="step" value="admin" />
-		<?php echo next_buttons(true, !$error);
-		?>
-	</form>
-</div>
+<form action="<?php echo BASE_URL; ?>install/" method="post">
+	<input type="hidden" name="step" id="step" value="admin" />
+	<?php echo next_buttons(true, !$error);
+	?>
+</form>

install/steps/7-finish.php

@@ -8,14 +8,15 @@ if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['save
 else {
 	require SYSTEM . 'init.php';
 	if(!$error) {
-		if(USE_ACCOUNT_NAME || USE_ACCOUNT_NUMBER)
+		if(USE_ACCOUNT_NAME)
 			$account = isset($_SESSION['var_account']) ? $_SESSION['var_account'] : null;
 		else
 			$account_id = isset($_SESSION['var_account_id']) ? $_SESSION['var_account_id'] : null;
 
 		$password = $_SESSION['var_password'];
 
-		if(USE_ACCOUNT_SALT)
+		$config_salt_enabled = $db->hasColumn('accounts', 'salt');
+		if($config_salt_enabled)
 		{
 			$salt = generateRandomString(10, false, true, true);
 			$password = $salt . $password;
@@ -73,7 +74,7 @@ else {
 			$account_used = &$new_account;
 		}
 
-		if(USE_ACCOUNT_SALT)
+		if($config_salt_enabled)
 			$account_used->setCustomField('salt', $salt);
 
 		$account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
@@ -122,21 +123,18 @@ else {
 		));
 
 		if(!isset($_SESSION['installed'])) {
-			if (!array_key_exists('CI', getenv())) {
-				$report_url = 'https://my-aac.org/report_install.php?v=' . MYAAC_VERSION . '&b=' . urlencode(BASE_URL);
-				if (function_exists('curl_version'))
-				{
-					$curl = curl_init();
-					curl_setopt($curl, CURLOPT_URL, $report_url);
-					curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
-					curl_exec($curl);
-					curl_close($curl);
-				}
-				else if (ini_get('allow_url_fopen') ) {
-					file_get_contents($report_url);
-				}
+			$report_url = 'https://my-aac.org/report_install.php?v=' . MYAAC_VERSION . '&b=' . urlencode(BASE_URL);
+			if (function_exists('curl_version'))
+			{
+				$curl = curl_init();
+				curl_setopt($curl, CURLOPT_URL, $report_url);
+				curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+				curl_exec($curl);
+				curl_close($curl);
+			}
+			else if (ini_get('allow_url_fopen') ) {
+				file_get_contents($report_url);
 			}
-
 			$_SESSION['installed'] = true;
 		}
 

install/template/style.css

@@ -1,13 +1,299 @@
-@import url('https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400&display=swap');
-
+* {
+	margin: 0; padding: 0;
+}
 body {
-    font-family: 'Roboto', sans-serif;
+	text-align: center;
+	font: 12px Verdana;
+	color: #000000;
+	background-color: #000000;
+}
+img {
+	border: 0;
 }
 
-h1{
-    font-weight: 100 !important;
+.break {
+	font-size: 0;
+	width: 0; height: 0;
+	clear: both;
+}
+.alignleft {
+	float: left;
+	margin: 4px 10px 5px 0;
+}
+.alignright {
+	float: right;
+	margin: 4px 0 5px 10px;
+}
+.aligncenter {
+	text-align: center;
 }
 
-h3 {
-    font-weight: 300 !important;
-}
+/** BEGIN wrapper **/
+#wrapper {
+	background: #ffffff url(images/background.jpg) repeat-x 0 0;
+	width: 980px;
+}
+
+#header {
+	margin-bottom: 10px;
+	border-bottom: 1px solid #eee;
+	padding-bottom: 15px;
+}
+
+#footer {
+	padding-top: 15px;
+	border-top: 1px solid #eee;
+	margin-top: 10px;
+	text-align: right;
+	color: #555;
+}
+
+#header h1 {
+	font-weight: bold;
+	margin: 0;
+	padding: 0;
+}
+
+#header span {
+	font-size: 25px;
+	color: #000;
+	font-weight: bold;
+	padding-left: 40px;
+	line-height: 80px;
+}
+
+#version {
+	float: right;
+	color: #000;
+	font-size: 17px;
+	padding-top: 25px;
+	padding-right: 5px;
+}
+
+/** BEGIN body **/
+#body {
+	background: url(images/wrapper.gif) repeat-y 0 0;
+}
+/** END body **/
+
+/** BEGIN content **/
+#content {
+	width: 642px;
+	float: left;
+	padding: 20px 18px 20px 20px;
+	color: #434242;
+}
+
+	/** begin headers **/
+	h1, h2, h3, h4, h5, h6 {
+		font-family: Tahoma;
+		margin-bottom: 10px;
+	}
+	h2, h3, h4, h5, h6 {
+		margin-top: 30px;
+	}
+	h1 { font-size: 2em; }
+	h2 { font-size: 1.6em; }
+	h3 { font-size: 1.3em; }
+	h4, h5, h6 { font-size: 1em; }
+	/** end headers **/
+	
+	/** begin messages **/
+	.error, .success, .note, .warning {
+		font-weight: bold;
+		font-size: 0.9em;
+		padding: 4px 10px 4px 24px;
+		background-repeat: no-repeat;
+		background-position: 5px 6px;
+		border-style: solid;
+		border-width: 1px;
+		line-height: 1.6em;
+		margin-bottom: 10px;
+	}
+	.error {
+		background-color: #FDD9D9;
+		background-image: url(images/error.gif);
+		border-color: #FBA3A3;
+		color: #D80303;
+	}
+	.success {
+		background-color: #E4FCD9;
+		background-image: url(images/success.gif);
+		border-color: #BFFDA3;
+		color: #35A502;
+	}
+	.note {
+		background-color: #DDEAFA;
+		background-image: url(images/note.gif);
+		border-color: #A3D8FD;
+		color: #026DA5;
+	}
+	.warning {
+		background-color: #FBF0B3;
+		background-image: url(images/warning.gif);
+		border-color: #FBBB95;
+		color: #FD6002;
+	}
+	/** end messages **/
+	
+	/** begin form **/
+	form {
+		border: 1px solid #DDDDDD;
+		padding: 16px;
+	}
+		form .input {
+			padding-top: 12px;
+			clear: both;
+		}
+		form .first { 
+			padding-top: 0;
+		}
+		form .input p {
+			margin-bottom: 7px !important;
+		}
+		form input {
+			margin-right: 5px;
+		}
+		form label {
+			margin-right: 10px;
+			color: #8B8B8B;
+		}
+		form input.text, form textarea {
+			border: 1px solid #BEBDBD;
+			font-size: 1em;
+			font-family: Verdana;
+			background-color: #F3F3F3;
+			color: #808080;
+			padding: 2px;
+			max-width: 100%;
+		}
+		.positive, .negative {
+			font-size: 0.9em;
+			font-weight: bold;
+			padding: 1px 0 0 20px;
+			background-repeat: no-repeat;
+			background-position: 0 0;
+			display: inline;
+			margin-top: 2px;
+		}
+		.positive {
+			background-image: url(images/positive.gif);
+			color: #35A502;
+		}
+		.negative {
+			background-image: url(images/negative.gif);
+			color: #D80303;
+		}
+		form textarea {
+			line-height: 1.6em;
+		}
+		form button, form input.button {
+			font-size: 0.9em;
+			font-family: Verdana;
+			font-weight: bold;
+			color: #ffffff;
+			background: #B6B4B4 url(images/button.gif) repeat-x 0 0;
+			border: 1px solid #B6B4B4;
+			padding: 5px 10px;
+		}
+	/** end form **/
+	
+	/** begin table **/
+	table {
+		
+	}
+		table th {
+			font-size: 0.9em;
+			color: #ffffff;
+			background-color: #679BC5;
+			padding: 2px 4px;
+			line-height: 1.6em;
+		}
+		table td {
+			line-height: 1.6em;
+			padding: 2px 4px;
+		}
+		table tr.odd td { background-color: #EEEEEE; }
+		table tr.even td { background-color: #E5E5E5; }
+		
+	/** end table **/
+	
+	/** begin paragraphs, lists, etc. **/
+	#content p {
+		line-height: 1.6em;
+		margin-bottom: 10px;
+	}
+	#content ul, #content ol {
+		list-style-position: inside;
+	}
+	#content li {
+		line-height: 1.6em;
+		padding: 2px 0 2px 0;
+	}
+	a {
+		color: #679BC5;
+	}
+	a:hover {
+		color: #ff0000;
+		text-decoration: none;
+	}
+	blockquote {
+		padding: 10px;
+		background-color: #eeeeee;
+		line-height: 1.6em;
+		border-width: 2px 0 1px;
+		border-style: solid;
+		border-color: #e0e0e0;
+	}
+	/** end paragraphs, lists, etc. **/
+
+/** END content **/
+
+/** BEGIN sidebar **/
+#sidebar {
+	width: 300px;
+	float: right;
+	padding: 10px 0;
+}
+	#sidebar h2 {
+		background: green url(images/sidehead.gif) no-repeat 0 0;
+		margin: 0 10px;
+		font-size: 1em;
+		color: #ffffff;
+		padding: 7px 10px;
+	}
+	#sidebar ul {
+		list-style-type: none;
+		background: #E0E0E0 url(images/sidebody.gif) no-repeat 0 bottom;
+		padding: 10px;
+		margin: 0 10px 10px;
+	}
+	#sidebar ul li {
+		padding: 4px 0 4px 14px;
+		background: none;
+		line-height: 1.6em;
+		font-size: 0.9em;
+		font-weight: bold;
+	}
+	#sidebar ul li a {
+		color: #000000;
+		text-decoration: none;
+	}
+	#sidebar ul li a:hover {
+		text-decoration: none;
+		color: #ff0000;
+	}
+	
+	#sidebar ul li a:active {
+		text-decoration: none;
+		color: #ff0000;
+	}
+	
+	#sidebar ul li current {
+		text-decoration: none;
+		color: #ff0000;
+	}
+	.current {
+		text-decoration: none;
+		color: #ff0000;
+	}

install/template/template.php

@@ -1,74 +1,48 @@
-<!DOCTYPE html>
-<html dir="<?php echo $locale['direction']; ?>" lang="<?php echo $locale['lang']; ?>" xml:lang="<?php echo $locale['lang']; ?>">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" dir="<?php echo $locale['direction']; ?>" lang="<?php echo $locale['lang']; ?>" xml:lang="<?php echo $locale['lang']; ?>">
 <head>
 	<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $locale['encoding']; ?>" />
-	<meta name="viewport" content="width=device-width, initial-scale=1">
 	<title>MyAAC - <?php echo $locale['installation']; ?></title>
-	<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-rbsA2VBKQhggwzxH7pPCaAqO46MgnOM80zW1RWuH61DGLwZJEdK2Kadq2F9CUG65" crossorigin="anonymous">
 	<link rel="stylesheet" type="text/css" href="template/style.css" />
 	<script type="text/javascript" src="<?php echo BASE_URL; ?>tools/js/jquery.min.js"></script>
 </head>
 <body>
-
-	<div id="body" class="container">
-
-		<header id="header" class="pt-5 pb-4 pb-sm-5">
-			<h1>MyAAC <?php echo $locale['installation']; ?></h1>
-		</header>
-
-		<div class="row">
-
-			<div id="sidebar" class="col-md-3">
-				<h3><?php echo $locale['steps']; ?></h3>
-				<ul class="list-group mt-4">
-					<?php
-						$i = 0;
-						foreach($steps as $key => $value){
-
-							if ($step == $value) {
-								$progress = ($i == 6) ? 100 : $i * 16;
-							}
-
-							echo '<li class="list-group-item' . ($step == $value ? ' active' : '') . '">' . ++$i . '. ' . $locale['step_' . $value] . '</li>';
-						}
-
-					?>
-				</ul>
+	<div id="wrapper">
+		<!--div class="buffer"-->
+			<div id="header">
+				<h1>MyAAC <?php echo $locale['installation']; ?></h1>
 			</div>
 
-			<div id="content" class="col-md-9">
+			<div id="body">
 
-				<?php
-					if(isset($locale['step_' . $step . '_title']))
-						echo '<h3 class="mb-4 mt-4 mt-md-0">' . $locale['step_' . $step . '_title'] . '</h3>';
-					else
-						echo '<h3 class="mb-4 mt-4 mt-md-0">' . $locale['step_' . $step] . '</h3>';
-				?>
-
-				<?php
-				if(!isset($config['installed'])):
-				?>
-				<div class="row">
-					<div class="col-md-12">
-						<div class="progress mb-2">
-							<div class="progress-bar progress-bar-striped progress-bar-animated" style="width: <?php echo $progress; ?>%" role="progressbar" aria-valuenow="<?php echo $progress; ?>" aria-valuemin="0" aria-valuemax="100"></div>
-						</div>
-					</div>
+				<div id="sidebar">
+					<h2><?php echo $locale['steps']; ?></h2>
+					<ul>
+						<?php
+							$i = 0;
+							foreach($steps as $key => $value)
+								echo '<li' . ($step == $value ? ' class="current"' : '') . '>' . ++$i . '. ' . $locale['step_' . $value] . '</li>';
+						?>
+					</ul>
 				</div>
-				<?php endif; ?>
 
-				<?php echo $content; ?>
+				<div id="content">
+					<?php
+						if(isset($locale['step_' . $step . '_title']))
+							echo '<h1>' . $locale['step_' . $step . '_title'] . '</h1>';
+						else
+							echo '<h1>' . $locale['step_' . $step] . '</h1>';
+						echo $content;
+					?>
+				</div>
 
+				<div class="break"></div>
 			</div>
-
-		</div>
-
-		<hr />
-
+		<!--/div-->
 	</div>
 
-	<footer id="footer" class="p-4">
+	<div id="footer">
 		<p style="text-align: center;"><?php echo base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4='); ?></p>
-	</footer>
+	</div>
 </body>
-</html>
+</html>

install/tools/5-database.php

@@ -56,7 +56,7 @@ else {
 }
 
 if(!$db->hasColumn('accounts', 'created')) {
-	if(query("ALTER TABLE `accounts` ADD `created` INT(11) NOT NULL DEFAULT 0 AFTER `" . ($db->hasColumn('accounts', 'group_id') ? 'group_id' : 'key') . "`;"))
+	if(query("ALTER TABLE `accounts` ADD `created` INT(11) NOT NULL DEFAULT 0 AFTER `" . ($db->hasColumn('accounts', 'group_id') ? 'group_id' : 'email') . "`;"))
 		success($locale['step_database_adding_field'] . ' accounts.created...');
 }
 

install/tools/7-finish.php

@@ -45,9 +45,38 @@ if($success) {
 	success($locale['step_database_imported_players']);
 }
 
-require LIBS . 'DataLoader.php';
-DataLoader::setLocale($locale);
-DataLoader::load();
+require LIBS . 'items.php';
+if(Items::loadFromXML())
+	success($locale['step_database_loaded_items']);
+else
+	error(Items::getError());
+
+require LIBS . 'weapons.php';
+if(Weapons::loadFromXML())
+	success($locale['step_database_loaded_weapons']);
+else
+	error(Weapons::getError());
+
+require LIBS . 'creatures.php';
+if(Creatures::loadFromXML()) {
+	success($locale['step_database_loaded_monsters']);
+
+	if(Creatures::getMonstersList()->hasErrors()) {
+		$locale['step_database_error_monsters'] = str_replace('$LOG$', 'system/logs/error.log', $locale['step_database_error_monsters']);
+		warning($locale['step_database_error_monsters']);
+	}
+}
+else {
+	error(Creatures::getLastError());
+}
+
+require LIBS . 'spells.php';
+if(Spells::loadFromXML()) {
+	success($locale['step_database_loaded_spells']);
+}
+else {
+	error(Spells::getLastError());
+}
 
 // update config.highscores_ids_hidden
 require_once SYSTEM . 'migrations/20.php';
@@ -70,4 +99,4 @@ $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_repl
 $locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(str_replace('tools/', '', BASE_URL), $locale['step_finish_homepage'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$LINK$', generateLink('https://my-aac.org', 'https://my-aac.org', true), $locale['step_finish_desc']);
 
-success($locale['step_finish_desc']);
+success($locale['step_finish_desc']);

install/tools/installer.js

@@ -29,13 +29,12 @@ function performInstall(url) {
 		}
 	});
 	// On completed
-	ajaxRequest.done(function(/*data*/) {
+	ajaxRequest.done(function(data) {
 		$('#spinner').hide();
-		$('#reload_button').show();
 	});
 	// On failed
 	ajaxRequest.fail(function(error){
 		console.log('Error: ', error);
 		$('<span class="error">Error while doing AJAX request. Please refresh the page.</span>').insertAfter("#success-" + lastId);
 	});
-}
+}

login.php

@@ -127,7 +127,8 @@ switch ($action) {
 			$account->find($inputAccountName);
 		}
 
-		$current_password = encrypt((USE_ACCOUNT_SALT ? $account->getCustomField('salt') : '') . $request->password);
+		$config_salt_enabled = fieldExist('salt', 'accounts');
+		$current_password = encrypt(($config_salt_enabled ? $account->getCustomField('salt') : '') . $request->password);
 
 		if (!$account->isLoaded() || $account->getPassword() != $current_password) {
 			sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');

nginx-sample.conf

@@ -25,7 +25,7 @@ server {
 	}
 
 	location / {
-		try_files $uri $uri/ /index.php;
+		try_files $uri $uri/ /index.php?$query_string;;
 	}
 
 	location ~ \.php$ {

package.json

@@ -1,8 +0,0 @@
-{
-  "scripts": {
-    "cypress:open": "cypress open"
-  },
-  "devDependencies": {
-    "cypress": "^12.12.0"
-  }
-}

plugins/account-create-hint/hint.html.twig

@@ -1,3 +1,3 @@
 To play on {{ config.lua.serverName }} you need an account.
-All you have to do to create your new account is to enter an account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %}, password{% if config.account_country %}, country{% endif %} and your email address.
+All you have to do to create your new account is to enter an account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %}, password{% if config.recaptcha_enabled %}, confirm reCAPTCHA{% endif %}{% if config.account_country %}, country{% endif %} and your email address.
 Also you have to agree to the terms presented below. If you have done so, your account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %} will be shown on the following page and your account password will be sent to your email address along with further instructions. If you do not receive the email with your password, please check your spam filter.<br/><br/>