Fix branch

We have to login first to see new thread button.

.editorconfig

@@ -11,9 +11,4 @@ insert_final_newline = true
 
 [*.md]
 trim_trailing_whitespace = false
-
-[{composer.json,package.json}]
-indent_style = space
-
-[package.json]
-indent_size = 2
+indent_style = tab

.gitattributes

@@ -3,12 +3,9 @@
 .gitignore export-ignore
 .github export-ignore
 .editorconfig export-ignore
+.travis.yml export-ignore
 _config.yml export-ignore
 release.sh export-ignore
 
-# cypress
-cypress export-ignore
-cypress.config.js export-ignore
-cypress.env.json
-
 *.sh text eol=lf
+VERSION text eol=lf

.github/workflows/cypress.yml

@@ -1,120 +0,0 @@
-name: Cypress
-on:
-  pull_request:
-    branches: [0.9]
-  push:
-    branches: [0.9]
-
-jobs:
-  cypress:
-    runs-on: ubuntu-latest
-    services:
-      mysql:
-        image: mysql:8.0
-        env:
-          MYSQL_ROOT_PASSWORD: root
-          MYSQL_DATABASE: myaac
-          MYSQL_USER: myaac
-          MYSQL_PASSWORD: myaac
-        ports:
-          - 3306/tcp
-        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
-    strategy:
-      fail-fast: false
-      matrix:
-        php-versions: [ '7.4', '8.0', '8.1' ]
-    name: MyAAC on PHP ${{ matrix.php-versions }}
-    steps:
-        - name: 📌 MySQL Start & init & show db
-          run: |
-            sudo /etc/init.d/mysql start
-            mysql -e 'CREATE DATABASE myaac;' -uroot -proot
-            mysql -e "SHOW DATABASES" -uroot -proot
-
-        - name: Checkout MyAAC
-          uses: actions/checkout@v3
-          with:
-            ref: 0.9
-
-        - name: Checkout TFS
-          uses: actions/checkout@v3
-          with:
-            repository: otland/forgottenserver
-            ref: 1.4
-            path: tfs
-
-        - name: Import TFS Schema
-          run: |
-              mysql -uroot -proot myaac < tfs/schema.sql
-
-        - name: Rename config.lua
-          run: mv tfs/config.lua.dist tfs/config.lua
-
-        - name: Replace mysqlUser
-          uses: jacobtomlinson/gha-find-replace@v2
-          with:
-            find: 'mysqlUser = "forgottenserver"'
-            replace: 'mysqlUser = "root"'
-            regex: false
-            include: 'tfs/config.lua'
-
-        - name: Replace mysqlPass
-          uses: jacobtomlinson/gha-find-replace@v2
-          with:
-              find: 'mysqlPass = ""'
-              replace: 'mysqlPass = "root"'
-              regex: false
-              include: 'tfs/config.lua'
-
-        - name: Replace mysqlDatabase
-          uses: jacobtomlinson/gha-find-replace@v2
-          with:
-              find: 'mysqlDatabase = "forgottenserver"'
-              replace: 'mysqlDatabase = "myaac"'
-              regex: false
-              include: 'tfs/config.lua'
-
-        - name: Setup PHP
-          uses: shivammathur/setup-php@v2
-          with:
-            php-version: ${{ matrix.php-versions }}
-            extensions: mbstring, dom, fileinfo, mysql, json, xml, pdo, pdo_mysql
-
-        - name: Get composer cache directory
-          id: composer-cache
-          run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
-
-        - name: Cache composer dependencies
-          uses: actions/cache@v3
-          with:
-            path: ${{ steps.composer-cache.outputs.dir }}
-            # Use composer.json for key, if composer.lock is not committed.
-            # key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
-            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
-            restore-keys: ${{ runner.os }}-composer-
-
-        - name: Install Composer dependencies
-          run: composer install --no-progress --prefer-dist --optimize-autoloader
-
-        - name: Run PHP server
-          run: nohup php -S localhost:8080 > php.log 2>&1 &
-
-        - name: Cypress Run
-          uses: cypress-io/github-action@v5
-          env:
-            CYPRESS_URL: http://localhost:8080
-            CYPRESS_SERVER_PATH: /home/runner/work/myaac/myaac/tfs
-
-        - name: Save screenshots
-          uses: actions/upload-artifact@v3
-          if: always()
-          with:
-            name: cypress-screenshots
-            path: cypress/screenshots
-
-        - name: Upload Cypress Videos
-          uses: actions/upload-artifact@v3
-          if: always()
-          with:
-            name: cypress-videos
-            path: cypress/videos

.github/workflows/phplint.yml

@@ -1,16 +1,16 @@
 name: PHP Linting
 on:
   pull_request:
-    branches: [develop]
+    branches: [master]
   push:
-    branches: [develop]
+    branches: [master]
 
 jobs:
   phplint:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: overtrue/phplint@8.2
+      - uses: overtrue/phplint@3.4.0
         with:
           path: .
-          options: --exclude=*.log
+          options: --exclude="system/libs/polyfill-mbstring/bootstrap80.php"

.gitignore

@@ -11,10 +11,12 @@ vendor
 
 # npm
 node_modules
+tools/ext
 
 # cypress
 cypress.env.json
 cypress/e2e/2-advanced-examples
+cypress/screenshots
 
 # created by release.sh
 releases
@@ -48,6 +50,10 @@ system/cache/*
 !system/cache/signatures/index.html
 !system/cache/plugins/index.html
 
+# php sessions
+system/php_sessions/*
+!system/php_sessions/index.html
+
 # logs
 system/logs/*
 !system/logs/index.html
@@ -56,10 +62,6 @@ system/logs/*
 system/data/*
 !system/data/index.html
 
-# php sessions
-system/php_sessions/*
-!system/php_sessions/index.html
-
 # plugins
 plugins/*
 !plugins/.htaccess
@@ -70,8 +72,5 @@ plugins/*
 !plugins/email-confirmed-reward
 landing
 
-# system
-system/functions_custom.php
-
 # others/rest
 system/pages/downloads.php

.htaccess.dist

@@ -6,13 +6,11 @@
 	Options -MultiViews
 </IfModule>
 
-<FilesMatch "^(CHANGELOG\.md|README\.md|composer\.json|composer\.lock|package\.json|package-lock\.json|cypress\.env\.json)$">
-	Require all denied
-</FilesMatch>
-
 <IfModule mod_rewrite.c>
 	RewriteEngine On
 
+	# you can put here your myaac root folder
+	# path relative to web root
     #RewriteBase /myaac/
 
 	RewriteCond %{REQUEST_FILENAME} !-f

.travis.yml

@@ -0,0 +1,20 @@
+
+language: php
+php:
+  - 5.6
+  - 7.0
+  - 7.1
+  - 7.2
+  - 7.3
+  - 7.4
+  - 8.0
+
+cache:
+  directories:
+    - $HOME/.composer/cache
+
+before_script:
+  - composer require php-parallel-lint/php-parallel-lint --no-suggest --no-progress --no-interaction --no-ansi --quiet --optimize-autoloader
+
+script:
+  - php vendor/bin/parallel-lint --no-progress --no-colors --exclude vendor --exclude "system/libs/pot/OTS_DB_PDOQuery_PHP71.php" .

README.md

@@ -11,20 +11,19 @@ Official website: https://my-aac.org
 [![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
 
 | Version | Status                 | Branch  | Requirements   |
-|:-----------|:------------------------------------------|:--------|:---------------|
-| **0.10.x** | **Active development**                    | develop | **PHP >= 8.0** |
-| 0.9.x      | Active support                            | 0.9     | PHP >= 7.2.5   |
+|:--------|:-----------------------|:--------|:---------------|
+| **1.x** | **Active development** | develop | **PHP >= 8.1** |
+| 0.9.x   | Not developed anymore  | 0.9     | PHP >= 7.2.5   |
 | 0.8.x   | Active support         | master  | PHP >= 7.2.5   |
 | 0.7.x   | End Of Life            | 0.7     | PHP >= 5.3.3   |
 
 ### Requirements
 
-	- PHP 7.2.5 or later
 	- MySQL database
-	- PDO PHP Extension
-	- XML PHP Extension
-	- (optional) ZIP PHP Extension
-	- (optional) mod_rewrite to use friendly_urls
+	- PHP Extensions: pdo, xml, json
+	- (optional) apache2 mod_rewrite (to use friendly_urls)
+	- (optional) zip PHP Extension (to install plugins)
+	- (optional) gd PHP Extension (for generating signature images)
 
 ### Installation
 
@@ -48,7 +47,8 @@ Official website: https://my-aac.org
 
 ### Configuration
 
-Check *config.php* to get more informations.
+Check *config.php* to get more informations. (Notice: MyAAC 1.0+ doesn't use config.php anymore, it has been moved to Admin Panel - Settings page).
+
 Use *config.local.php* for your local configuration changes.
 
 ### Branches

SECURITY.md

@@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x.y   | :white_check_mark: |
+| 0.9.x   | :x:                |
+| 0.8.x   | :white_check_mark: |
+| < 0.7   | :x:                |
+
+## Reporting a Vulnerability
+
+If you found a security vulnerability, please write an email to security@my-aac.org
+
+All reports will be taken very seriously, and a fix will be posted as soon as possible.

admin/index.php

@@ -1,10 +1,9 @@
 <?php
-
 // few things we'll need
 require '../common.php';
 
-const ADMIN_PANEL = true;
-const MYAAC_ADMIN = true;
+define('ADMIN_PANEL', true);
+define('MYAAC_ADMIN', true);
 
 if(file_exists(BASE . 'config.local.php')) {
 	require_once BASE . 'config.local.php';
@@ -19,8 +18,8 @@ if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['i
 $content = '';
 
 // validate page
-$page = $_GET['p'] ?? '';
-if(empty($page) || preg_match("/[^a-zA-Z0-9_\-\/.]/", $page))
+$page = isset($_GET['p']) ? $_GET['p'] : '';
+if(empty($page) || preg_match("/[^a-zA-Z0-9_\-]/", $page))
 	$page = 'dashboard';
 
 $page = strtolower($page);
@@ -29,11 +28,6 @@ define('PAGE', $page);
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
 
-// verify myaac tables exists in database
-if(!$db->hasTable('myaac_account_actions')) {
-	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
-}
-
 if(config('env') === 'dev') {
 	ini_set('display_errors', 1);
 	ini_set('display_startup_errors', 1);
@@ -48,40 +42,30 @@ $hooks->load();
 require SYSTEM . 'status.php';
 require SYSTEM . 'login.php';
 require SYSTEM . 'migrate.php';
-require __DIR__ . '/includes/functions.php';
+require ADMIN . 'includes/functions.php';
 
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
 
-if (ACTION == 'logout') {
-	require SYSTEM . 'logout.php';
-}
-
 // if we're not logged in - show login box
 if(!$logged || !admin()) {
 	$page = 'login';
 }
 
 // include our page
-$file = __DIR__ . '/pages/' . $page . '.php';
+$file = ADMIN . 'pages/' . $page . '.php';
 if(!@file_exists($file)) {
-	if (strpos($page, 'plugins/') !== false) {
-		$file = BASE . $page;
-	}
-	else {
 	$page = '404';
 	$file = SYSTEM . 'pages/404.php';
 }
-}
 
 ob_start();
-if($hooks->trigger(HOOK_ADMIN_BEFORE_PAGE)) {
-	require $file;
-}
+include($file);
 
 $content .= ob_get_contents();
 ob_end_clean();
 
 // template
 $template_path = 'template/';
-require __DIR__ . '/' . $template_path . 'template.php';
+require ADMIN . $template_path . 'template.php';
+

admin/pages/accounts.php

@@ -4,21 +4,37 @@
  *
  * @package   MyAAC
  * @author    Lee
- * @copyright 2020 MyAAC
+ * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Account editor';
-$admin_base = ADMIN_URL . '?p=accounts';
-$use_datatable = true;
+$base = BASE_URL . 'admin/?p=accounts';
 
 if ($config['account_country'])
 	require SYSTEM . 'countries.conf.php';
 
-$nameOrNumberColumn = 'name';
-if (USE_ACCOUNT_NUMBER) {
-	$nameOrNumberColumn = 'number';
+function echo_success($message)
+{
+	echo '<p class="success">' . $message . '</p>';
+}
+
+function echo_error($message)
+{
+	global $error;
+	echo '<p class="error">' . $message . '</p>';
+	$error = true;
+}
+
+function verify_number($number, $name, $max_length)
+{
+	if (!Validator::number($number))
+		echo_error($name . ' can contain only numbers.');
+
+	$number_length = strlen($number);
+	if ($number_length <= 0 || $number_length > $max_length)
+		echo_error($name . ' cannot be longer than ' . $max_length . ' digits.');
 }
 
 $hasSecretColumn = $db->hasColumn('accounts', 'secret');
@@ -36,8 +52,6 @@ if ($config['account_country']) {
 	foreach ($config['countries'] as $code => $c)
 		$countries[$code] = $c;
 }
-$web_acc = ACCOUNT_WEB_FLAGS;
-$acc_type = config('account_types');
 ?>
 
 <link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
@@ -45,41 +59,38 @@ $acc_type = config('account_types');
 
 <?php
 $id = 0;
-$search_account = '';
 if (isset($_REQUEST['id']))
 	$id = (int)$_REQUEST['id'];
-else if (isset($_REQUEST['search'])) {
-	$search_account = $_REQUEST['search'];
-	if (strlen($search_account) < 3 && !Validator::number($search_account)) {
-		echo_error('Player name is too short.');
+else if (isset($_REQUEST['search_name'])) {
+	if (strlen($_REQUEST['search_name']) < 3 && !Validator::number($_REQUEST['search_name'])) {
+		echo 'Player name is too short.';
 	} else {
-		$query = $db->query('SELECT `id` FROM `accounts` WHERE `' . $nameOrNumberColumn . '` = ' . $db->quote($search_account));
+		if (Validator::number($_REQUEST['search_name']))
+			$id = $_REQUEST['search_name'];
+		else {
+			$query = $db->query('SELECT `id` FROM `accounts` WHERE `name` = ' . $db->quote($_REQUEST['search_name']));
 			if ($query->rowCount() == 1) {
 				$query = $query->fetch();
-			$id = (int)$query['id'];
+				$id = $query['id'];
 			} else {
-			$query = $db->query('SELECT `id`, `' . $nameOrNumberColumn . '` FROM `accounts` WHERE `' . $nameOrNumberColumn . '` LIKE ' . $db->quote('%' . $search_account . '%'));
+				$query = $db->query('SELECT `id`, `name` FROM `accounts` WHERE `name` LIKE ' . $db->quote('%' . $_REQUEST['search_name'] . '%'));
 				if ($query->rowCount() > 0 && $query->rowCount() <= 10) {
-				$str_construct = 'Do you mean?<ul class="mb-0">';
+					echo 'Do you mean?<ul>';
 					foreach ($query as $row)
-					$str_construct .= '<li><a href="' . $admin_base . '&id=' . $row['id'] . '">' . $row[$nameOrNumberColumn] . '</a></li>';
-				$str_construct .= '</ul>';
-				echo_error($str_construct);
+						echo '<li><a href="' . $base . '&id=' . $row['id'] . '">' . $row['name'] . '</a></li>';
+					echo '</ul>';
 				} else if ($query->rowCount() > 10)
-				echo_error('Specified name resulted with too many accounts.');
-			else
-				echo_error('No entries found.');
+					echo 'Specified name resulted with too many accounts.';
 			}
 		}
 	}
-?>
-<div class="row">
-	<?php
+}
+$groups = new OTS_Groups_List();
 if ($id > 0) {
 	$account = new OTS_Account();
 	$account->load($id);
 
-		if (isset($account, $_POST['save']) && $account->isLoaded()) {
+	if (isset($account, $_POST['save']) && $account->isLoaded()) {// we want to save
 		$error = false;
 
 		$_error = '';
@@ -143,14 +154,14 @@ else if (isset($_REQUEST['search'])) {
 		verify_number($web_flags, 'Web Flags', 1);
 
 		//created
-			$created = strtotime($_POST['created']);
+		$created = $_POST['created'];
 		verify_number($created, 'Created', 11);
 
 		//web last login
-			$web_lastlogin = strtotime($_POST['web_lastlogin']);
-			verify_number($web_lastlogin, 'Web Last login', 11);
+		$web_lastlogin = $_POST['web_lastlogin'];
+		verify_number($web_lastlogin, 'Web Last logout', 11);
 
-			if (!$error && $hooks->trigger(HOOK_ADMIN_ACCOUNTS_SAVE_POST, ['account_id' => $account->getId(), 'account_email' =>  $account->getEMail()])) {
+		if (!$error) {
 			if(USE_ACCOUNT_NAME) {
 				$account->setName($name);
 			}
@@ -190,16 +201,17 @@ else if (isset($_REQUEST['search'])) {
 			$account->setCustomField('web_lastlogin', $web_lastlogin);
 
 			if (isset($password)) {
-					if (USE_ACCOUNT_SALT) {
+				$config_salt_enabled = $db->hasColumn('accounts', 'salt');
+				if ($config_salt_enabled) {
 					$salt = generateRandomString(10, false, true, true);
 					$password = $salt . $password;
-						$account->setCustomField('salt', $salt);
+					$account_logged->setCustomField('salt', $salt);
 				}
 
 				$password = encrypt($password);
 				$account->setPassword($password);
 
-					if (USE_ACCOUNT_SALT)
+				if ($config_salt_enabled)
 					$account->setCustomField('salt', $salt);
 			}
 
@@ -207,195 +219,165 @@ else if (isset($_REQUEST['search'])) {
 			echo_success('Account saved at: ' . date('G:i'));
 		}
 	}
-	} else if ($id == 0) {
-		$accounts_db = $db->query('SELECT `id`, `' . $nameOrNumberColumn . '`' . ($hasTypeColumn ? ',type' : ($hasGroupColumn ? ',group_id' : '')) . ' FROM `accounts` ORDER BY `id` ASC');
+}
+
+$search_account = '';
+if (isset($_REQUEST['search_name']))
+	$search_account = $_REQUEST['search_name'];
+else if (isset($_REQUEST['search_account']))
+	$search_account = $_REQUEST['search_account'];
+else if ($id > 0 && isset($account) && $account->isLoaded()) {
+	if(USE_ACCOUNT_NAME) {
+		$search_account = $account->getName();
+	}
+	else {
+		$search_account = $account->getId();
+	}
+}
+
 ?>
-		<div class="col-12 col-sm-12 col-lg-10">
-			<div class="card card-info card-outline">
-				<div class="card-header">
-					<h5 class="m-0">Accounts</h5>
-				</div>
-				<div class="card-body">
-					<table class="acc_datatable table table-striped table-bordered table-responsive d-md-table">
-						<thead>
-						<tr>
-							<th>ID</th>
-							<th><?= ($nameOrNumberColumn == 'number' ? 'Number' : 'Name'); ?></th>
-							<?php if($hasTypeColumn || $hasGroupColumn): ?>
-							<th>Position</th>
-							<?php endif; ?>
-							<th style="width: 40px">Edit</th>
-						</tr>
-						</thead>
-						<tbody>
-						<?php foreach ($accounts_db as $account_lst): ?>
-							<tr>
-								<th><?php echo $account_lst['id']; ?></th>
-								<td><?php echo $account_lst[$nameOrNumberColumn]; ?></a></td>
-								<?php if($hasTypeColumn || $hasGroupColumn): ?>
-								<td>
-									<?php if ($hasTypeColumn) {
-										echo $acc_type[$account_lst['type']];
-									} elseif ($hasGroupColumn) {
-										$group = $groups->getGroups();
-										echo $group[$account_lst['group_id']];
-									} ?>
-								</td>
-								<?php endif; ?>
-								<td><a href="?p=accounts&id=<?php echo $account_lst['id']; ?>" class="btn btn-success btn-sm" title="Edit">
-										<i class="fas fa-pencil-alt"></i>
-									</a>
-								</td>
-							</tr>
-						<?php endforeach; ?>
-						</tbody>
-					</table>
-				</div>
-			</div>
-		</div>
-	<?php } ?>
-
+<div class="row">
 	<?php if (isset($account) && $account->isLoaded()) { ?>
-		<div class="col-12 col-sm-12 col-lg-10">
-			<div class="card card-primary card-outline card-outline-tabs">
-				<div class="card-header p-0 border-bottom-0">
-					<ul class="nav nav-tabs" id="accounts-tab" role="tablist">
-						<li class="nav-item">
-							<a class="nav-link active" id="accounts-acc-tab" data-toggle="pill" href="#accounts-acc">Account</a>
-						</li>
-						<li class="nav-item">
-							<a class="nav-link" id="accounts-chars-tab" data-toggle="pill" href="#accounts-chars">Characters</a>
-						</li>
-						<?php if ($db->hasTable('bans')) : ?>
-							<li class="nav-item">
-								<a class="nav-link" id="accounts-bans-tab" data-toggle="pill" href="#accounts-bans">Bans</a>
-							</li>
-						<?php endif;
 
-						if ($db->hasTable('store_history') && $db->hasColumn('store_history', 'time')) : ?>
-							<li class="nav-item">
-								<a class="nav-link" id="accounts-store-tab" data-toggle="pill" href="#accounts-store">Store History</a>
-							</li>
-						<?php endif; ?>
-					</ul>
-				</div>
-				<div class="card-body">
-					<div class="tab-content" id="accounts-tabContent">
-						<div class="tab-pane fade active show" id="accounts-acc">
-							<form action="<?php echo $admin_base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post">
-								<div class="form-group row">
+	<form action="<?php echo $base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post"
+		  class="form-horizontal">
+		<div class="col-md-8">
+			<div class="box box-primary">
+				<div class="box-body">
+					<div class="row">
 						<?php if(USE_ACCOUNT_NAME): ?>
-										<div class="col-12 col-sm-12 col-lg-4">
-											<label for="name">Account Name:</label>
-											<input type="text" class="form-control" id="name" name="name" autocomplete="off" value="<?php echo $account->getName(); ?>"/>
-										</div>
-									<?php elseif (USE_ACCOUNT_NUMBER): ?>
-										<div class="col-12 col-sm-12 col-lg-4">
-											<label for="name">Account Number:</label>
-											<input type="text" class="form-control" id="name" name="name" autocomplete="off" value="<?php echo $account->getNumber(); ?>"/>
+						<div class="col-xs-4">
+							<label for="name" class="control-label">Account Name:</label>
+							<input type="text" class="form-control" id="name" name="name"
+								   autocomplete="off" style="cursor: auto;"
+								   value="<?php echo $account->getName(); ?>"/>
 						</div>
 						<?php endif; ?>
-									<div class="col-12 col-sm-12 col-lg-5">
-										<div class="form-check">
+						<div class="col-xs-5">
+							<label for="c_pass" class="control-label">Password: (check to change)</label>
+							<div class="input-group">
+                            <span class="input-group-addon">
                               <input type="checkbox"
 									 name="c_pass"
 									 id="c_pass"
 									 value="false"
-												   class="form-check-input"/>
-											<label for="c_pass">Password: (check to change)</label>
-										</div>
-										<div class="input-group">
-											<input type="text" class="form-control" id="pass" name="pass" autocomplete="off" maxlength="20" value=""/>
+									 class="input_control"/>
+                            </span>
+								<input type="text" class="form-control" id="pass" name="pass"
+									   autocomplete="off" maxlength="20"
+									   value=""/>
 							</div>
 						</div>
-									<div class="col-12 col-sm-12 col-lg-3">
+						<div class="col-xs-3">
 							<label for="account_id" class="control-label">Account ID:</label>
-										<input type="text" class="form-control" id="account_id" name="account_id" autocomplete="off" size="8" maxlength="11" disabled value="<?php echo $account->getId(); ?>"/>
+							<input type="text" class="form-control" id="account_id" name="account_id"
+								   autocomplete="off" style="cursor: auto;" size="8" maxlength="11" disabled
+								   value="<?php echo $account->getId(); ?>"/>
 						</div>
 					</div>
-								<div class="form-group row">
+					<div class="row">
 						<?php
 						$acc_group = $account->getAccGroupId();
 						if ($hasTypeColumn) {
+							$groups = new OTS_Groups_List();
+
+							$acc_type = array("Normal", "Tutor", "Senior Tutor", "Gamemaster", "God");
+							if ($groups->getHighestId() == 6) {
+								$acc_type = array("Normal", "Tutor", "Senior Tutor", "Gamemaster", "Community Manager", "God");
+							}
 						?>
-										<div class="col-12 col-sm-12 col-lg-6">
-											<label for="group">Account Type:</label>
+							<div class="col-xs-6">
+								<label for="group" class="control-label">Account Type:</label>
 								<select name="group" id="group" class="form-control">
 									<?php foreach ($acc_type as $id => $a_type): ?>
-													<option value="<?php echo($id); ?>" <?php echo($acc_group == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
+										<option value="<?php echo($id + 1); ?>" <?php echo($acc_group == ($id + 1) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 									<?php endforeach; ?>
 								</select>
 							</div>
 							<?php
 						} elseif ($hasGroupColumn) {
 							?>
-										<div class="col-12 col-sm-12 col-lg-6">
-											<label for="group">Account Type:</label>
+							<div class="col-xs-6">
+								<label for="group" class="control-label">Account Type:</label>
 								<select name="group" id="group" class="form-control">
-												<?php foreach ($groups->getGroups() as $id => $group): ?>
+									<?php
+									foreach ($groups->getGroups() as $id => $group): ?>
 										<option value="<?php echo $id; ?>" <?php echo($acc_group == $id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
 									<?php endforeach; ?>
 								</select>
 							</div>
 						<?php } ?>
-									<div class="col-12 col-sm-12 col-lg-6">
-										<label for="web_flags">Website Access:</label>
+						<div class="col-xs-6">
+							<label for="web_flags" class="control-label">Website Access:</label>
 							<select name="web_flags" id="web_flags" class="form-control">
-											<?php foreach ($web_acc as $id => $a_type): ?>
+								<?php $web_acc = array("None", "Admin", "Super Admin", "(Admin + Super Admin)");
+								foreach ($web_acc as $id => $a_type): ?>
 									<option value="<?php echo($id); ?>" <?php echo($account->getWebFlags() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 								<?php endforeach; ?>
 							</select>
 						</div>
 					</div>
-								<div class="form-group row">
+					<div class="row">
 						<?php if($hasSecretColumn): ?>
-										<div class="col-12 col-sm-12 col-lg-6">
-											<label for="secret">Secret:</label>
-											<input type="text" class="form-control" id="secret" name="secret" autocomplete="off" value="<?php echo $account->getCustomField('secret'); ?>"/>
+						<div class="col-xs-6">
+							<label for="secret" class="control-label">Secret:</label>
+							<input type="text" class="form-control" id="secret" name="secret"
+								   autocomplete="off" style="cursor: auto;" size="8" maxlength="11"
+								   value="<?php echo $account->getCustomField('secret'); ?>"/>
 						</div>
 						<?php endif; ?>
-									<div class="col-12 col-sm-12 col-lg-6">
-										<label for="key">Recovery Key:</label>
-										<input type="text" class="form-control" id="key" name="key" autocomplete="off" value="<?php echo $account->getCustomField('key'); ?>"/>
+						<div class="col-xs-6">
+							<label for="key" class="control-label">Key:</label>
+							<input type="text" class="form-control" id="key" name="key"
+								   autocomplete="off" style="cursor: auto;" size="8" maxlength="11"
+								   value="<?php echo $account->getCustomField('key'); ?>"/>
 						</div>
 					</div>
-								<div class="form-group row">
-									<div class="col-12 col-sm-12 col-lg-6">
-										<label for="email">Email:</label><?php echo (config('mail_enabled') ? ' (<a href="' . ADMIN_URL . '?p=mailer&mail_to=' . $account->getEMail() . '">Send Mail</a>)' : ''); ?>
-										<input type="text" class="form-control" id="email" name="email" autocomplete="off" value="<?php echo $account->getEMail(); ?>"/>
+					<div class="row">
+						<div class="col-xs-6">
+							<label for="email" class="control-label">Email:</label>
+							<input type="text" class="form-control" id="email" name="email"
+								   autocomplete="off" maxlength="20"
+								   value="<?php echo $account->getEMail(); ?>"/>
 						</div>
 						<?php if ($hasCoinsColumn): ?>
-										<div class="col-12 col-sm-12 col-lg-6">
-											<label for="t_coins">Tibia Coins:</label>
-											<input type="text" class="form-control" id="t_coins" name="t_coins" autocomplete="off" maxlength="11" value="<?php echo $account->getCustomField('coins') ?>"/>
+							<div class="col-xs-6">
+								<label for="t_coins" class="control-label">Tibia Coins:</label>
+								<input type="text" class="form-control" id="t_coins" name="t_coins"
+									   autocomplete="off" maxlength="8"
+									   value="<?php echo $account->getCustomField('coins') ?>"/>
 							</div>
 						<?php endif; ?>
-									<div class="col-12 col-sm-12 col-lg-6">
-										<label for="p_days">Premium Days:</label>
-										<input type="text" class="form-control" id="p_days" name="p_days" autocomplete="off" maxlength="11" value="<?php echo $account->getPremDays(); ?>"/>
+						<div class="col-xs-6">
+							<label for="p_days" class="control-label">Premium Days:</label>
+							<input type="text" class="form-control" id="p_days" name="p_days"
+								   autocomplete="off" maxlength="11"
+								   value="<?php echo $account->getPremDays(); ?>"/>
 						</div>
 						<?php if ($hasPointsColumn): ?>
-										<div class="col-12 col-sm-12 col-lg-6">
+							<div class="col-xs-6">
 								<label for="p_points" class="control-label">Premium Points:</label>
-											<input type="text" class="form-control" id="p_points" name="p_points" autocomplete="off" maxlength="8" value="<?php echo $account->getCustomField('premium_points') ?>"/>
+								<input type="text" class="form-control" id="p_points" name="p_points"
+									   autocomplete="off" maxlength="8"
+									   value="<?php echo $account->getCustomField('premium_points') ?>"/>
 							</div>
 						<?php endif; ?>
 					</div>
-								<div class="form-group row">
-									<div class="col-12 col-sm-12 col-lg-4">
-										<label for="rl_name">RL Name:</label>
+					<div class="row">
+						<div class="col-xs-4">
+							<label for="rl_name" class="control-label">RL Name:</label>
 							<input type="text" class="form-control" id="rl_name" name="rl_name"
 								   autocomplete="off" maxlength="20"
 								   value="<?php echo $account->getRLName(); ?>"/>
 						</div>
-									<div class="col-12 col-sm-12 col-lg-4">
-										<label for="rl_loca">Location:</label>
+						<div class="col-xs-4">
+							<label for="rl_loca" class="control-label">Location:</label>
 							<input type="text" class="form-control" id="rl_loca" name="rl_loca"
 								   autocomplete="off" maxlength="20"
 								   value="<?php echo $account->getLocation(); ?>"/>
 						</div>
-									<div class="col-12 col-sm-12 col-lg-4">
-										<label for="rl_country">Country:</label>
+						<div class="col-xs-4">
+							<label for="rl_country" class="control-label">Country:</label>
 							<select name="rl_country" id="rl_country" class="form-control">
 								<?php foreach ($countries as $id => $a_type): ?>
 									<option value="<?php echo($id); ?>" <?php echo($account->getCountry() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
@@ -403,197 +385,106 @@ else if (isset($_REQUEST['search'])) {
 							</select>
 						</div>
 					</div>
-								<div class="form-group row">
-									<div class="col-12 col-sm-12 col-lg-6">
+					<div class="row">
+						<div class="col-xs-4">
 							<label for="created" class="control-label">Created:</label>
-										<input type="text" class="form-control" id="created" name="created" autocomplete="off" maxlength="20" value="<?php echo date("M d Y, H:i:s", $account->getCustomField('created')); ?>"/>
+							<input type="text" class="form-control" id="created" name="created"
+								   autocomplete="off" maxlength="20"
+								   value="<?php echo $account->getCustomField('created'); ?>"/>
 						</div>
-									<div class="col-12 col-sm-12 col-lg-6">
+						<div class="col-xs-4">
 							<label for="web_lastlogin" class="control-label">Web Last Login:</label>
-										<input type="text" class="form-control" id="web_lastlogin" name="web_lastlogin" autocomplete="off" maxlength="20" value="<?php echo date("M d Y, H:i:s", $account->getCustomField('web_lastlogin')); ?>"/>
+							<input type="text" class="form-control" id="web_lastlogin" name="web_lastlogin"
+								   autocomplete="off" maxlength="20"
+								   value="<?php echo $account->getCustomField('web_lastlogin'); ?>"/>
 						</div>
 					</div>
 
 					<input type="hidden" name="save" value="yes"/>
+					<div class="box-footer">
+						<a href="<?php echo ADMIN_URL; ?>?p=accounts"><span class="btn btn-danger">Cancel</span></a>
+						<div class="pull-right">
+							<input type="submit" class="btn btn-primary" value="Update">
+						</div>
+					</div>
 
-								<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> Update</button>
-								<a href="<?php echo ADMIN_URL; ?>?p=accounts" class="btn btn-danger float-right"><i class="fas fa-cancel"></i> Cancel</a>
+				</div>
+			</div>
 	</form>
 </div>
-						<div class="tab-pane fade" id="accounts-chars">
-							<div class="row">
+<?php } ?>
+<div class="col-md-4">
+	<div class="box box-primary">
+		<div class="box-header with-border">
+			<h3 class="box-title">Search Account:</h3>
+			<div class="box-tools pull-right">
+				<button type="button" class="btn btn-box-tool" data-widget="collapse"><i class="fa fa-minus"></i>
+				</button>
+			</div>
+		</div>
+
+		<div class="box-body">
+			<form action="<?php echo $base; ?>" method="post">
+				<div class="input-group input-group-sm">
+					<input type="text" class="form-control" name="search_name" value="<?php echo escapeHtml($search_account); ?>"
+						   maxlength="32" size="32">
+					<span class="input-group-btn">
+                          <button type="submit" type="button" class="btn btn-info btn-flat">Search</button>
+                        </span>
+				</div>
+			</form>
+		</div>
+	</div>
 	<?php
 	if (isset($account) && $account->isLoaded()) {
-									$account_players = $account->getPlayersList();
-									$account_players->orderBy('id');
-									if (isset($account_players)) { ?>
-										<table class="table table-striped table-condensed table-responsive d-md-table">
-											<thead>
+		$account_players = array();
+		$query = $db->query('SELECT `name`,`level`,`vocation`  FROM `players` WHERE `account_id` = ' . $account->getId() . ' ORDER BY `name`')->fetchAll();
+		if (isset($query)) {
+			?>
+			<div class="box">
+				<div class="box-header">
+					<h3 class="box-title">Character List:</h3>
+				</div>
+				<div class="box-body no-padding">
+					<table class="table table-striped">
+						<tbody>
 						<tr>
-												<th>#</th>
+							<th style="width: 10px">#</th>
 							<th>Name</th>
 							<th>Level</th>
-												<th>Vocation</th>
 							<th style="width: 40px">Edit</th>
 						</tr>
-											</thead>
-											<tbody>
-											<?php $i= 0;
-											foreach ($account_players as $i => $player):
+						<?php
+						$i = 1;
+						foreach ($query as $p) {
+							$account_players[] = $p;
+							echo '<tr>
+                            <td>' . $i . '.</td>
+                            <td>' . $p['name'] . '</td>
+                            <td>' . $p['level'] . '</td>
+                            <td><a href="?p=players&search_name=' . $p['name'] . '"><span class="btn btn-success btn-sm edit btn-flat"><i class="fa fa-edit"></i></span></a></span></td>
+                        </tr>';
 							$i++;
-												$player_vocation = $player->getVocation();
-												$player_promotion = $player->getPromotion();
-												if (isset($player_promotion)) {
-													if ((int)$player_promotion > 0)
-														$player_vocation += ($player_promotion * $config['vocations_amount']);
-												}
+						} ?>
+						</tbody>
+					</table>
+				</div>
+			</div>
 
-												if (isset($config['vocations'][$player_vocation])) {
-													$vocation_name = $config['vocations'][$player_vocation];
-												} ?>
-												<tr>
-													<th><?php echo $i; ?></th>
-													<td><?php echo $player->getName(); ?></td>
-													<td><?php echo $player->getLevel(); ?></td>
-													<td><?php echo $vocation_name; ?></td>
-													<td><a href="?p=players&id=<?php echo $player->getId() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
-												</tr>
-											<?php endforeach ?>
-											</tbody>
-										</table>
 			<?php
-									}
-								} ?>
-							</div>
-						</div>
-						<?php if ($db->hasTable('bans')) : ?>
-							<div class="tab-pane fade" id="accounts-bans">
-								<?php
-								$bans = $db->query('SELECT * FROM ' . $db->tableName('bans') . ' WHERE ' . $db->fieldName('active') . ' = 1 AND ' . $db->fieldName('id') . ' = ' . $account->getId() . ' ORDER BY ' . $db->fieldName('added') . ' DESC LIMIT 10');
-								if ($bans->rowCount()) {
+		};
+	};
 	?>
-									<table class="table table-striped table-condensed table-responsive d-md-table">
-										<thead>
-										<tr>
-											<th>Nick</th>
-											<th>Type</th>
-											<th>Expires</th>
-											<th>Reason</th>
-											<th>Comment</th>
-											<th>Added by:</th>
-										</tr>
-										</thead>
-										<tbody>
-										<?php
-										foreach ($bans as $ban) {
-											?>
-											<tr>
-												<td><?php
-													$pName = getPlayerNameByAccount($ban['value']);
-													echo '<a href="?p=players&search=' . $pName . '">' . $pName . '</a>'; ?>
-												</td>
-												<td><?php echo getBanType($ban['type']); ?></td>
-												<td>
-													<?php
-													if ($ban['expires'] == "-1")
-														echo 'Never';
-													else
-														echo date("H:i:s", $ban['expires']) . '<br/>' . date("d M Y", $ban['expires']);
-													?>
-												</td>
-												<td><?php echo getBanReason($ban['reason']); ?></td>
-												<td><?php echo $ban['comment']; ?></td>
-												<td>
-													<?php
-													if ($ban['admin_id'] == "0")
-														echo 'Autoban';
-													else
-														$aName = getPlayerNameByAccount($ban['admin_id']);
-													echo '<a href="?p=players&search=' . $aName . '">' . $aName . '</a>';
-													echo '<br/>' . date("d.m.Y", $ban['added']);
-													?>
-												</td>
-											</tr>
-										<?php } ?>
-										</tbody>
-									</table>
-									<?php
-								} else {
-									echo 'No Account bans.';
-								} ?>
 </div>
-						<?php endif;
-						if ($db->hasTable('store_history') && $db->hasColumn('store_history', 'time')) { ?>
-							<div class="tab-pane fade" id="accounts-store">
-								<?php $store_history = $db->query('SELECT * FROM `store_history` WHERE `account_id` = "' . $account->getId() . '" ORDER BY `time` DESC')->fetchAll(); ?>
-								<table class="table table-striped table-condensed table-responsive d-md-table">
-									<thead>
-									<tr>
-										<th>Description</th>
-										<th>Coins</th>
-										<th>Date</th>
-									</tr>
-									</thead>
-									<tbody>
-									<?php foreach ($store_history as $p): ?>
-										<tr>
-											<td><?php echo $p['description']; ?></td>
-											<td><?php echo $p['coin_amount']; ?></td>
-											<td><?php echo date('d M y H:i:s', $p['time']); ?></td>
-										</tr>
-									<?php endforeach; ?>
-									</tbody>
-								</table>
-							</div>
-						<?php } ?>
-					</div>
-				</div>
-			</div>
-		</div>
-	<?php } ?>
-	<div class="col-12 col-sm-12 col-lg-2">
-		<div class="card card-info card-outline">
-			<div class="card-header">
-				<h5 class="m-0">Search Accounts</h5>
-			</div>
-			<div class="card-body">
-				<div class="row">
-					<div class="col-6 col-lg-12">
-						<form action="<?php echo $admin_base; ?>" method="post">
-							<label for="name">Account Name:</label>
-							<div class="input-group input-group-sm">
-								<input type="text" class="form-control" name="search" value="<?php echo $search_account; ?>" maxlength="32" size="32">
-								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
-							</div>
-						</form>
-					</div>
-					<div class="col-6 col-lg-12">
-						<form action="<?php echo $admin_base; ?>" method="post">
-							<label for="name">Account ID:</label>
-							<div class="input-group input-group-sm">
-								<input type="text" class="form-control" name="id" value="" maxlength="32" size="32">
-								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
-							</div>
-						</form>
-					</div>
-				</div>
-			</div>
-		</div>
-	</div>
-</div>
-<script>
+
+<script type="text/javascript">
+	$('#lastlogout').datetimepicker({format: 'unixtime'});
+	$('#created').datetimepicker({format: 'unixtime'});
+	$('#web_lastlogin').datetimepicker({format: 'unixtime'});
 	$(document).ready(function () {
-		$('#created').datetimepicker({format: "M d Y, H:i:s",});
-		$('#web_lastlogin').datetimepicker({format: 'M d Y, H:i:s'});
-
-		$('#c_pass').change(function () {
-			const ipass = $('input[name=pass]');
-			ipass[0].disabled = !this.checked;
-			ipass[0].value = '';
+		$('.input_control').change(function () {
+			$('input[name=pass]')[0].disabled = !this.checked;
+			$('input[name=pass]')[0].value = '';
 		}).change();
-
-		$('.acc_datatable').DataTable({
-			"order": [[0, "asc"]]
-		});
 	});
 </script>

admin/pages/changelog.php

@@ -1,139 +1,26 @@
 <?php
 /**
- * CHANGELOG modifier
+ * CHANGELOG viewer
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @author    Lee
- * @copyright 2020 MyAAC
+ * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
+$title = 'MyAAC Changelog';
 
-if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
-	echo 'Access denied.';
+if (!file_exists(BASE . 'CHANGELOG.md')) {
+	echo 'File CHANGELOG.md doesn\'t exist.';
 	return;
 }
 
-$title = 'Changelog';
-$use_datatable = true;
-const CL_LIMIT = 600; // maximum changelog body length
-?>
+require LIBS . 'Parsedown.php';
 
-<link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
-<script src="<?php echo BASE_URL; ?>tools/js/jquery.datetimepicker.js"></script>
-<?php
-$id = $_GET['id'] ?? 0;
-require_once LIBS . 'changelog.php';
+$changelog = file_get_contents(BASE . 'CHANGELOG.md');
 
-if(!empty($action))
-{
-	$id = $_REQUEST['id'] ?? null;
-	$body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null;
-	$create_date = isset($_REQUEST['createdate']) ? (int)strtotime($_REQUEST['createdate'] ): null;
-	$player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null;
-	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null;
-	$where = isset($_REQUEST['where']) ? (int)$_REQUEST['where'] : null;
+$Parsedown = new Parsedown();
 
-	$errors = array();
+$changelog = $Parsedown->text($changelog); # prints: <p>Hello <em>Parsedown</em>!</p>
 
-	if($action == 'new') {
-
-		if(isset($body) && Changelog::add($body, $type, $where, $player_id, $create_date, $errors)) {
-			$body = '';
-			$type = $where = $player_id = $create_date = 0;
-
-			success("Added successful.");
-		}
-	}
-	else if($action == 'delete') {
-		Changelog::delete($id, $errors);
-		success("Deleted successful.");
-	}
-	else if($action == 'edit')
-	{
-		if(isset($id) && !isset($body)) {
-			$cl = Changelog::get($id);
-			$body = $cl['body'];
-			$type = $cl['type'];
-			$where = $cl['where'];
-			$create_date = $cl['date'];
-			$player_id = $cl['player_id'];
-		}
-		else {
-			if(Changelog::update($id, $body, $type, $where, $player_id, $create_date,$errors)) {
-				$action = $body = '';
-				$type = $where = $player_id = $create_date = 0;
-
-				success("Updated successful.");
-			}
-		}
-	}
-	else if($action == 'hide') {
-		Changelog::toggleHidden($id, $errors, $status);
-		success(($status == 1 ? 'Show' : 'Hide') . " successful.");
-	}
-
-	if(!empty($errors))
-		error(implode(", ", $errors));
-}
-
-$changelogs = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'changelog' . '` ORDER BY `id` DESC')->fetchAll();
-
-$i = 0;
-
-$log_type = [
-	['id' => 1, 'icon' => 'added'],
-	['id' => 2, 'icon' => 'removed'],
-	['id' => 3, 'icon' => 'changed'],
-	['id' => 4, 'icon' => 'fixed'],
-];
-
-$log_where = [
-	['id' => 1, 'icon' => 'server'],
-	['id' => 2, 'icon' => 'website'],
-];
-
-foreach($changelogs as $key => &$log)
-{
-	$log['type'] = getChangelogType($log['type']);
-	$log['where'] = getChangelogWhere($log['where']);
-}
-
-if($action == 'edit' || $action == 'new') {
-	if($action == 'edit') {
-		$player = new OTS_Player();
-		$player->load($player_id);
-	}
-
-	$account_players = $account_logged->getPlayersList();
-	$account_players->orderBy('group_id', POT::ORDER_DESC);
-	$twig->display('admin.changelog.form.html.twig', array(
-		'action' => $action,
-		'cl_link_form' => constant('ADMIN_URL').'?p=changelog&action=' . ($action == 'edit' ? 'edit' : 'new'),
-		'cl_id' => $id ?? null,
-		'body' => isset($body) ? escapeHtml($body) : '',
-		'create_date' => $create_date ?? '',
-		'player_id' => $player_id ?? null,
-		'account_players' => $account_players,
-		'type' => $type ?? 0,
-		'where' => $where ?? 0,
-		'log_type' => $log_type,
-		'log_where' => $log_where,
-	));
-}
-$twig->display('admin.changelog.html.twig', array(
-	'changelogs' => $changelogs,
-));
-
-?>
-<script>
-	$(document).ready(function () {
-		$('#createdate').datetimepicker({format: "M d Y, H:i:s",});
-
-		$('.tb_datatable').DataTable({
-			"order": [[0, "desc"]],
-			"columnDefs": [{targets: [1, 2,4,5],orderable: false}]
-		});
-	});
-</script>
+echo '<div>' . $changelog . '</div>';

admin/pages/clmd.php

@@ -1,25 +0,0 @@
-<?php
-/**
- * CHANGELOG viewer
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @author    Lee
- * @copyright 2020 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-$title = 'MyAAC Changelog';
-
-if (!file_exists(BASE . 'CHANGELOG.md')) {
-	echo 'File CHANGELOG.md doesn\'t exist.';
-	return;
-}
-
-$changelog = file_get_contents(BASE . 'CHANGELOG.md');
-
-$Parsedown = new Parsedown();
-
-$changelog = $Parsedown->text($changelog); # prints: <p>Hello <em>Parsedown</em>!</p>
-
-echo '<div>' . $changelog . '</div>';

admin/pages/dashboard.php

@@ -19,10 +19,8 @@ if (isset($_GET['clear_cache'])) {
 }
 
 if (isset($_GET['maintenance'])) {
-	$message = (!empty($_POST['message']) ? $_POST['message'] : null);
-	$_status = (isset($_POST['status']) && $_POST['status'] == 'true');
-	$_status = ($_status ? '0' : '1');
-
+	$_status = (int)$_POST['status'];
+	$message = $_POST['message'];
 	if (empty($message)) {
 		error('Message cannot be empty.');
 	} else if (strlen($message) > 255) {
@@ -47,10 +45,42 @@ $tmp = '';
 if (fetchDatabaseConfig('site_closed_message', $tmp))
 	$closed_message = $tmp;
 
-$configAdminPanelModules = config('admin_panel_modules');
-if (isset($configAdminPanelModules)) {
+$query = $db->query('SELECT count(*) as `how_much` FROM `accounts`;');
+$query = $query->fetch();
+$total_accounts = $query['how_much'];
+
+$query = $db->query('SELECT count(*) as `how_much` FROM `players`;');
+$query = $query->fetch();
+$total_players = $query['how_much'];
+
+$query = $db->query('SELECT count(*) as `how_much` FROM `guilds`;');
+$query = $query->fetch();
+$total_guilds = $query['how_much'];
+
+$query = $db->query('SELECT count(*) as `how_much` FROM `houses`;');
+$query = $query->fetch();
+$total_houses = $query['how_much'];
+
+$twig->display('admin.statistics.html.twig', array(
+	'total_accounts' => $total_accounts,
+	'total_players' => $total_players,
+	'total_guilds' => $total_guilds,
+	'total_houses' => $total_houses
+));
+
+$twig->display('admin.dashboard.html.twig', array(
+	'is_closed' => $is_closed,
+	'closed_message' => $closed_message,
+	'status' => $status,
+	'account_type' => USE_ACCOUNT_NAME ? 'name' : 'number'
+));
+
 echo '<div class="row">';
+
+$configAdminPanelModules = config('admin_panel_modules');
+if(isset($configAdminPanelModules))
 	$configAdminPanelModules = explode(',', $configAdminPanelModules);
+
 $twig_loader->prependPath(__DIR__ . '/modules/templates');
 foreach($configAdminPanelModules as $box) {
 	$file = __DIR__ . '/modules/' . $box . '.php';
@@ -59,4 +89,3 @@ if (isset($configAdminPanelModules)) {
 	}
 }
 echo '</div>';
-}

admin/pages/items.php

@@ -0,0 +1,35 @@
+<?php
+/**
+ * Load items.xml
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Load items.xml';
+
+require_once LIBS . 'items.php';
+require_once LIBS . 'weapons.php';
+
+$twig->display('admin.items.html.twig');
+
+$reload = isset($_REQUEST['reload']) && (int)$_REQUEST['reload'] === 1;
+if ($reload) {
+	$items_start_time = microtime(true);
+	if (Items::loadFromXML(true)) {
+		success('Successfully loaded items (in ' . round(microtime(true) - $items_start_time, 4) . ' seconds).');
+	}
+	else {
+		error(Items::getError());
+	}
+
+	$weapons_start_time = microtime(true);
+	if (Weapons::loadFromXML(true)) {
+		success('Successfully loaded weapons (in ' . round(microtime(true) - $weapons_start_time, 4) . ' seconds).');
+	}
+	else {
+		error(Weapons::getError());
+	}
+}

admin/pages/login.php

@@ -9,16 +9,18 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Login';
-
-require PAGES . 'account/login.php';
-if ($logged) {
-	header('Location: ' . (admin() ? ADMIN_URL : BASE_URL));
-	return;
+$logout = '';
+if ($action == 'logout') {
+	$logout = "You have  been logged out!";
 }
 
-$twig->display('admin.login.html.twig', [
-	'logout' => (ACTION == 'logout' ? 'You have  been logged out!'  : ''),
+if (isset($errors)) {
+	foreach ($errors as $error) {
+		error($error);
+	}
+}
+
+$twig->display('admin.login.html.twig', array(
+	'logout' => $logout,
 	'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
-	'account_login_by' => getAccountLoginByLabel(),
-	'errors' => $errors ?? ''
-]);
+));

admin/pages/logs.php

@@ -4,17 +4,16 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2020 MyAAC
+ * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Logs Viewer';
-$use_datatable = true;
 
 $files = array();
 $aac_path_logs = BASE . 'system/logs/';
 foreach (scandir($aac_path_logs, SCANDIR_SORT_ASCENDING) as $f) {
-	if ($f[0] === '.' || is_dir($aac_path_logs . $f) || $f === 'index.html') {
+    if ($f[0] === '.' || is_dir($aac_path_logs . $f)) {
 	    continue;
     }
 
@@ -54,6 +53,7 @@ foreach ($files as &$f) {
 }
 unset($f);
 
+$twig->display('admin.logs.html.twig', array('files' => $files));
 
 define('EXIST_NONE', 0);
 define('EXIST_SERVER_LOG', 1);
@@ -72,12 +72,10 @@ if (!empty($file)) {
 		}
 
 		if ($exist !== EXIST_NONE) {
-			$file_content = nl2br(file_get_contents(($exist === EXIST_SERVER_LOG ? $server_path_logs : $aac_path_logs) . $file));
-			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $file_content));
+			$content = nl2br(file_get_contents(($exist === EXIST_SERVER_LOG ? $server_path_logs : $aac_path_logs) . $file));
+			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $content));
 		}
 	} else {
 		echo 'Invalid file name specified.';
 	}
 }
-
-$twig->display('admin.logs.html.twig', array('files' => $files));

admin/pages/mailer.php

@@ -15,55 +15,48 @@ if (!hasFlag(FLAG_CONTENT_MAILER) && !superAdmin()) {
 	return;
 }
 
-if (!config('mail_enabled')) {
-	echo 'Mail support disabled in config.';
+if (!$config['mail_enabled']) {
+	echo 'Mail support disabled.';
 	return;
 }
 
-$mail_to = isset($_REQUEST['mail_to']) ? stripslashes(trim($_REQUEST['mail_to'])) : null;
-$mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : null;
-$mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : null;
+$mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : NULL;
+$mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : NULL;
+$preview = isset($_REQUEST['preview']);
 
-if (isset($_POST['submit'])) {
-	if (empty($mail_subject)) {
-		warning('Please enter subject of the message.');
-	}
-
-	if (empty($mail_content)) {
-		warning('Please enter content of the message.');
-	}
-}
-if (!empty($mail_to)) {
-	if(!Validator::email($mail_to)) {
-		warning('E-Mail is invalid.');
-	}
-	else {
+$preview_done = false;
+if ($preview) {
 	if (!empty($mail_content) && !empty($mail_subject)) {
-			if (_mail($mail_to, $mail_subject, $mail_content)) {
-				success("Successfully mailed <strong>$mail_to</strong>");
-			}
-			else {
-				error("Error while sending mail to <strong>$mail_to</strong>. More info can be found in system/logs/mailer-error.log");
-			}
-		}
+		$preview_done = _mail($account_logged->getCustomField('email'), $mail_subject, $mail_content);
+
+		if (!$preview_done)
+			error('Error while sending preview mail. More info can be found in system/logs/mailer-error.log');
 	}
 }
 
-if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
+
+$twig->display('admin.mailer.html.twig', array(
+	'mail_subject' => $mail_subject,
+	'mail_content' => $mail_content,
+	'preview_done' => $preview_done
+));
+
+if (empty($mail_content) || empty($mail_subject) || $preview)
+	return;
+
 $success = 0;
 $failed = 0;
 
 $add = '';
-	if (config('account_mail_verify')) {
+if ($config['account_mail_verify']) {
 	note('Note: Sending only to users with verified E-Mail.');
-		$add = ' AND `email_verified` = 1';
+	$add = ' AND ' . $db->fieldName('email_verified') . ' = 1';
 }
 
-	$query = $db->query('SELECT `email` FROM `accounts` WHERE `email` != ""' . $add);
+$query = $db->query('SELECT ' . $db->fieldName('email') . ' FROM ' . $db->tableName('accounts') . ' WHERE ' . $db->fieldName('email') . ' != ""' . $add);
 foreach ($query as $email) {
-		if (_mail($email['email'], $mail_subject, $mail_content)) {
+	if (_mail($email['email'], $mail_subject, $mail_content))
 		$success++;
-		}
 	else {
 		$failed++;
 		echo '<br />';
@@ -74,10 +67,3 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
 success('Mailing finished.');
 success("$success emails delivered.");
 warning("$failed emails failed.");
-}
-
-$twig->display('admin.mailer.html.twig', [
-	'mail_to' => $mail_to,
-	'mail_subject' => $mail_subject,
-	'mail_content' => $mail_content
-]);

admin/pages/mass_account.php

@@ -1,215 +0,0 @@
-<?php
-
-/**
- * Account Admin Tool
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @author    Lee
- * @copyright 2020 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-
-$title = 'Mass Account Actions';
-
-$hasCoinsColumn = $db->hasColumn('accounts', 'coins');
-$hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
-$freePremium = $config['lua']['freePremium'];
-
-function admin_give_points($points)
-{
-	global $db, $hasPointsColumn;
-
-	if (!$hasPointsColumn) {
-		displayMessage('Points not supported.');
-		return;
-	}
-
-	$statement = $db->prepare('UPDATE `accounts` SET `premium_points` = `premium_points` + :points');
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return;
-	}
-
-	if (!$statement->execute([
-		'points' => $points
-	])) {
-		displayMessage('Failed to add points.');
-		return;
-	}
-	displayMessage($points . ' points added to all accounts.', true);
-}
-
-function admin_give_coins($coins)
-{
-	global $db, $hasCoinsColumn;
-
-	if (!$hasCoinsColumn) {
-		displayMessage('Coins not supported.');
-		return;
-	}
-
-	$statement = $db->prepare('UPDATE `accounts` SET `coins` = `coins` + :coins');
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return;
-	}
-
-	if (!$statement->execute([
-		'coins' => $coins
-	])) {
-		displayMessage('Failed to add coins.');
-		return;
-	}
-
-	displayMessage($coins . ' coins added to all accounts.', true);
-}
-
-function query_add_premium($column, $value_query, $condition_query = '1=1', $params = [])
-{
-	global $db;
-
-	$statement = $db->prepare("UPDATE `accounts` SET `{$column}` = $value_query WHERE $condition_query");
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return false;
-	}
-
-	if (!$statement->execute($params)) {
-		displayMessage('Failed to add premium days.');
-		return false;
-	}
-
-	return true;
-}
-
-function admin_give_premdays($days)
-{
-	global $db, $freePremium;
-
-	if ($freePremium) {
-		displayMessage('Premium days not supported. Free Premium enabled.');
-		return;
-	}
-
-	$value = $days * 86400;
-	$now = time();
-	// othire
-	if ($db->hasColumn('accounts', 'premend')) {
-		// append premend
-		if (query_add_premium('premend', '`premend` + :value', '`premend` > :now', ['value' => $value, 'now' => $now])) {
-			// set premend
-			if (query_add_premium('premend', ':value', '`premend` <= :now', ['value' => $now + $value, 'now' => $now])) {
-				displayMessage($days . ' premium days added to all accounts.', true);
-				return;
-			} else {
-				displayMessage('Failed to execute set query.');
-				return;
-			}
-		} else {
-			displayMessage('Failed to execute append query.');
-			return;
-		}
-
-		return;
-	}
-
-	// tfs 0.x
-	if ($db->hasColumn('accounts', 'premdays')) {
-		// append premdays
-		if (query_add_premium('premdays', '`premdays` + :value', '1=1', ['value' => $days])) {
-			// append lastday
-			if (query_add_premium('lastday', '`lastday` + :value', '`lastday` > :now', ['value' => $value, 'now' => $now])) {
-				// set lastday
-				if (query_add_premium('lastday', ':value', '`lastday` <= :now', ['value' => $now + $value, 'now' => $now])) {
-					displayMessage($days . ' premium days added to all accounts.', true);
-					return;
-				} else {
-					displayMessage('Failed to execute set query.');
-					return;
-				}
-
-				return;
-			} else {
-				displayMessage('Failed to execute append query.');
-				return;
-			}
-		} else {
-			displayMessage('Failed to execute set days query.');
-			return;
-		}
-
-		return;
-	}
-
-	// tfs 1.x
-	if ($db->hasColumn('accounts', 'premium_ends_at')) {
-		// append premium_ends_at
-		if (query_add_premium('premium_ends_at', '`premium_ends_at` + :value', '`premium_ends_at` > :now', ['value' => $value, 'now' => $now])) {
-			// set premium_ends_at
-			if (query_add_premium('premium_ends_at', ':value', '`premium_ends_at` <= :now', ['value' => $now + $value, 'now' => $now])) {
-				displayMessage($days . ' premium days added to all accounts.', true);
-				return;
-			} else {
-				displayMessage('Failed to execute set query.');
-				return;
-			}
-		} else {
-			displayMessage('Failed to execute append query.');
-			return;
-		}
-
-		return;
-	}
-
-	displayMessage('Premium Days not supported.');
-}
-
-if (isset($_POST['action']) && $_POST['action']) {
-
-	$action = $_POST['action'];
-
-	if (preg_match("/[^A-z0-9_\-]/", $action)) {
-		displayMessage('Invalid action.');
-	} else {
-		$value = isset($_POST['value']) ? intval($_POST['value']) : 0;
-
-		if (!$value) {
-			displayMessage('Please fill all inputs');
-		} else {
-			switch ($action) {
-				case 'give-points':
-					admin_give_points($value);
-					break;
-				case 'give-coins':
-					admin_give_coins($value);
-					break;
-				case 'give-premdays':
-					admin_give_premdays($value);
-					break;
-				default:
-					displayMessage('Action ' . $action . 'not found.');
-			}
-		}
-	}
-}
-else {
-	$twig->display('admin.tools.account.html.twig', array(
-		'hasCoinsColumn' => $hasCoinsColumn,
-		'hasPointsColumn' => $hasPointsColumn,
-		'freePremium' => $freePremium,
-	));
-}
-
-function displayMessage($message, $success = false) {
-	global $twig, $hasCoinsColumn, $hasPointsColumn, $freePremium;
-
-	$success ? success($message): error($message);
-
-	$twig->display('admin.tools.account.html.twig', array(
-		'hasCoinsColumn' => $hasCoinsColumn,
-		'hasPointsColumn' => $hasPointsColumn,
-		'freePremium' => $freePremium,
-	));
-}

admin/pages/mass_teleport.php

@@ -1,116 +0,0 @@
-<?php
-/**
- * Teleport Admin Tool
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @author    Lee
- * @copyright 2020 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-
-$title = 'Mass Teleport Actions';
-
-function admin_teleport_position($x, $y, $z) {
-	global $db;
-	$statement = $db->prepare('UPDATE `players` SET `posx` = :x, `posy` = :y, `posz` = :z');
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return;
-	}
-
-	if (!$statement->execute([
-		'x' => $x, 'y' => $y, 'z' => $z
-	])) {
-		displayMessage('Failed to execute query.');
-		return;
-	}
-
-	displayMessage('Player\'s position updated.', true);
-}
-
-function admin_teleport_town($town_id) {
-	global $db;
-	$statement = $db->prepare('UPDATE `players` SET `town_id` = :town_id');
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return;
-	}
-
-	if (!$statement->execute([
-		'town_id' => $town_id
-	])) {
-		displayMessage('Failed to execute query.');
-		return;
-	}
-
-	displayMessage('Player\'s town updated.', true);
-}
-
-if (isset($_POST['action']) && $_POST['action'])    {
-
-	$action = $_POST['action'];
-
-	if (preg_match("/[^A-z0-9_\-]/", $action)) {
-		displayMessage('Invalid action.');
-	} else {
-
-		$playersOnline = 0;
-		if($db->hasTable('players_online')) {// tfs 1.0
-			$query = $db->query('SELECT count(*) AS `count` FROM `players_online`');
-		} else {
-			$query = $db->query('SELECT count(*) AS `count` FROM `players` WHERE `players`.`online` > 0');
-		}
-
-		$playersOnline = $query->fetch(PDO::FETCH_ASSOC);
-		if ($playersOnline['count'] > 0) {
-			displayMessage('Please, close the server before execute this action otherwise players will not be affected.');
-			return;
-		}
-
-		$town_id = isset($_POST['town_id']) ? intval($_POST['town_id']) : null;
-		$posx = isset($_POST['posx']) ? intval($_POST['posx']) : null;
-		$posy = isset($_POST['posy']) ? intval($_POST['posy']) : null;
-		$posz = isset($_POST['posz']) ? intval($_POST['posz']) : null;
-		$to_temple = $_POST['to_temple'] ?? null;
-
-		switch ($action) {
-			case 'set-town':
-				if (!$town_id) {
-					displayMessage('Please fill all inputs');
-					return;
-				}
-
-				if (!isset($config['towns'][$town_id])) {
-					displayMessage('Specified town does not exist');
-					return;
-				}
-
-				admin_teleport_town($town_id);
-				break;
-			case 'set-position':
-				if (!$to_temple &&  ($posx < 0 || $posx > 65535 || $posy < 0 || $posy > 65535|| $posz < 0 || $posz > 16)) {
-					displayMessage('Invalid Position');
-					return;
-				}
-
-				admin_teleport_position($posx, $posy, $posz);
-				break;
-			default:
-				displayMessage('Action ' . $action . 'not found.');
-		}
-	}
-
-}
-else {
-	$twig->display('admin.tools.teleport.html.twig', array());
-}
-
-
-function displayMessage($message, $success = false) {
-	global $twig;
-
-	$success ? success($message): error($message);
-	$twig->display('admin.tools.teleport.html.twig', array());
-}

admin/pages/menus.php

@@ -63,70 +63,64 @@ if (isset($_REQUEST['template'])) {
 		return;
 	}
 
-	$title = 'Menus - ' . $template;
-	?>
-	<div align="center" class="text-center">
-		<p class="note">You are editing: <?= $template ?><br/><br/>
-			Hint: You can drag menu items.<br/>
+	echo 'Hint: You can drag menu items.<br/>
 	Hint: Add links to external sites using: <b>http://</b> or <b>https://</b> prefix.<br/>
-			Not all templates support blank and colorful links.
-		</p>
-	</div>
-	<?php
+	Not all templates support blank and colorful links.<br/><br/>
+    <div class="row">';
 	$menus = array();
 	$menus_db = $db->query('SELECT `name`, `link`, `blank`, `color`, `category`, `ordering` FROM `' . TABLE_PREFIX . 'menu` WHERE `enabled` = 1 AND `template` = ' . $db->quote($template) . ' ORDER BY `ordering` ASC;')->fetchAll();
 	foreach ($menus_db as $menu) {
 		$menus[$menu['category']][] = array('name' => $menu['name'], 'link' => $menu['link'], 'blank' => $menu['blank'], 'color' => $menu['color'], 'ordering' => $menu['ordering']);
 	}
+
 	$last_id = array();
-	?>
-	<form method="post" id="menus-form" action="?p=menus">
-		<input type="hidden" name="template" value="<?php echo $template ?>"/>
-		<div class="row">
-			<?php foreach ($config['menu_categories'] as $id => $cat): ?>
-				<div class="col-md-12 col-lg-6">
-					<div class="card card-info card-outline">
-						<div class="card-header">
-							<h5 class="m-0"><?php echo $cat['name'] ?> <i class="far fa-plus-square add-button" id="add-button-<?php echo $id ?>"></i></h5>
+	echo '<form method="post" id="menus-form" action="?p=menus">';
+	echo '<input type="hidden" name="template" value="' . $template . '"/>';
+	foreach ($config['menu_categories'] as $id => $cat) {
+		echo '        <div class="col-md-12 col-lg-6">
+            <div class="box box-danger">
+                <div class="box-header with-border">
+                    <h3 class="box-title">' . $cat['name'] . ' <img class="add-button" id="add-button-' . $id . '" src="' . BASE_URL . 'images/plus.png" width="16" height="16"/></h3>
                 </div>
-						<div class="card-body">
-							<ul class="sortable" id="sortable-<?php echo $id ?>">
-								<?php
+                <div class="box-body">';
+
+
+		echo '<ul class="sortable" id="sortable-' . $id . '">';
 		if (isset($menus[$id])) {
 			$i = 0;
-									foreach ($menus[$id] as $menu):
-										?>
-										<li class="ui-state-default" id="list-<?php echo $id ?>-<?php echo $i ?>"><label>Name:</label> <input type="text" name="menu[<?php echo $id ?>][]" value="<?php echo escapeHtml($menu['name']); ?>"/>
-											<label>Link:</label> <input type="text" name="menu_link[<?php echo $id ?>][]" value="<?php echo $menu['link'] ?>"/>
-											<input type="hidden" name="menu_blank[<?php echo $id ?>][]" value="0"/>
-											<label><input class="blank-checkbox" type="checkbox" <?php echo($menu['blank'] == 1 ? 'checked' : '') ?>/><span title="Open in New Window">New Window</span></label>
-											<input class="color-picker" type="text" name="menu_color[<?php echo $id ?>][]" value="<?php echo (empty($menu['color']) ? ($config['menu_default_color'] ?? '#ffffff') : $menu['color']); ?>"/>
-											<a class="remove-button" id="remove-button-<?php echo $id ?>-<?php echo $i ?>"><i class="fas fa-trash"></a></i></li>
-										<?php $i++; $last_id[$id] = $i;
-									endforeach;
-								} ?>
-							</ul>
+			foreach ($menus[$id] as $menu) {
+				echo '<li class="ui-state-default" id="list-' . $id . '-' . $i . '"><label>Name:</label><input type="text" name="menu[' . $id . '][]" value="' . escapeHtml($menu['name']) . '"/>
+				<label>Link:</label><input type="text" name="menu_link[' . $id . '][]" value="' . $menu['link'] . '"/>
+				<input type="hidden" name="menu_blank[' . $id . '][]" value="0" />
+				<label><input class="blank-checkbox" type="checkbox" ' . ($menu['blank'] == 1 ? 'checked' : '') . '/><span title="Open in New Window">Open in New Window</span></label>
+				
+				<input class="color-picker" type="text" name="menu_color[' . $id . '][]" value="#' . $menu['color'] . '" />
+				
+				<a class="remove-button" id="remove-button-' . $id . '-' . $i . '"><img src="' . BASE_URL . 'images/del.png"/></a></li>';
+
+				$i++;
+				$last_id[$id] = $i;
+			}
+		}
+
+		echo '</ul>';
+		echo '                </div>
             </div>
         </div>
-				</div>
-			<?php endforeach ?>
-		</div>
-		<div class="row pb-2">
-			<div class="col-md-12">
-				<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> Save</button>
-				<?php
-				echo '<button type="button" class="btn btn-danger float-right" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus\';"><i class="fas fa-cancel"></i> Cancel</button>';
-				?>
-			</div>
-		</div>
-	</form>
-	<?php
+';
+	}
+	echo ' </div><div class="row"><div class="col-md-6">';
+	echo '<input type="submit" class="btn btn-info" value="Save">';
+	echo '<input type="button" class="btn btn-default pull-right" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus&template=' . $template . '\';">';
+	echo '</div></div>';
+	echo '</form>';
+
 	$twig->display('admin.menus.js.html.twig', array(
 		'menus' => $menus,
-		'last_id' => $last_id,
-		'menu_default_color' => $config['menu_default_color'] ?? '#ffffff'
+		'last_id' => $last_id
 	));
 	?>
+
 	<?php
 } else {
 	$templates = $db->query('SELECT `template` FROM `' . TABLE_PREFIX . 'menu` GROUP BY `template`;')->fetchAll();

admin/pages/modules/balance.php

@@ -1,8 +0,0 @@
-<?php
-defined('MYAAC') or die('Direct access not allowed!');
-
-$balance = ($db->hasColumn('players', 'balance') ? $db->query('SELECT `balance`, `id`, `name`,`level` FROM `players` ORDER BY `balance` DESC LIMIT 10;') : 0);
-
-$twig->display('balance.html.twig', array(
-	'balance' => $balance
-));

admin/pages/modules/coins.php

@@ -1,7 +1,10 @@
 <?php
-defined('MYAAC') or die('Direct access not allowed!');
 
-$coins = ($db->hasColumn('accounts', 'coins') ?  $db->query('SELECT `coins`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `coins` DESC LIMIT 10;') : 0);
+if ($db->hasColumn('accounts', 'coins')) {
+	$coins = $db->query('SELECT `coins`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `coins` DESC LIMIT 10;');
+} else {
+	$coins = 0;
+}
 
 $twig->display('coins.html.twig', array(
 	'coins' => $coins

admin/pages/modules/created.php

@@ -1,8 +0,0 @@
-<?php
-defined('MYAAC') or die('Direct access not allowed!');
-
-$players = ($db->hasColumn('accounts', 'created') ? $db->query('SELECT `created`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `created` DESC LIMIT 10;') : 0);
-
-$twig->display('created.html.twig', array(
-	'players' => $players,
-));

admin/pages/modules/lastlogin.php

@@ -1,7 +1,11 @@
 <?php
-defined('MYAAC') or die('Direct access not allowed!');
 
-$players = ($db->hasColumn('players', 'lastlogin') ? $db->query('SELECT name, level, lastlogin FROM players ORDER BY lastlogin DESC LIMIT 10;') : 0);
+if ($db->hasColumn('players', 'lastlogin')) {
+	$players = $db->query('SELECT name, level, lastlogin FROM players ORDER BY lastlogin DESC LIMIT 10;');
+} else {
+	$players = 0;
+}
+
 $twig->display('lastlogin.html.twig', array(
 	'players' => $players,
 ));

admin/pages/modules/points.php

@@ -1,7 +1,9 @@
 <?php
-defined('MYAAC') or die('Direct access not allowed!');
-
-$points = ($db->hasColumn('accounts', 'premium_points') ? $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;') : 0);
+if ($db->hasColumn('accounts', 'premium_points')) {
+	$points = $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;');
+} else {
+	$points = 0;
+}
 
 $twig->display('points.html.twig', array(
 	'points' => $points,

admin/pages/modules/server_status.php

@@ -1,46 +0,0 @@
-<?php
-defined('MYAAC') or die('Direct access not allowed!');
-if (isset($status)) {
-
-	$error_icon = '<i class="fas fa-exclamation-circle text-danger"></i>'; ?>
-	<div class=" col-md-6 col-lg-6">
-		<div class="card card-info card-outline">
-			<div class="card-header border-bottom-0">
-				<span class="font-weight-bold m-0">Server Status</span> <span class="float-right small"><b>Last checked</b>: <?php echo(isset($status['lastCheck']) ? date("l, d.m.Y H:i:s", $status['lastCheck']) : $error_icon); ?></span>
-			</div>
-			<div class="card-body p-0 ">
-				<table class="table">
-					<tbody>
-					<tr>
-						<th width="30%">Server</th>
-						<td><?php echo(isset($status['server']) & isset($status['serverVersion']) ? $status['server'] . ' x ' . $status['serverVersion'] : $error_icon) ?></td>
-
-					</tr>
-					<tr>
-						<th>Client</th>
-						<td><?php echo(isset($status['clientVersion']) ? $status['clientVersion'] : $error_icon) ?></td>
-					</tr>
-					<tr>
-						<th>Map</th>
-						<td>
-							<?php if (isset($status['mapName']) & isset($status['mapAuthor']) & isset($status['mapWidth']) & isset($status['mapHeight'])) {
-								echo $status['mapName'] . ' by <b>' . $status['mapAuthor'] . '</b><br/>' . $status['mapWidth'] . ' x ' . $status['mapHeight'];
-							} else {
-								echo $error_icon;
-							} ?>
-						</td>
-					</tr>
-					<tr>
-						<th>Monsters</th>
-						<td><?php echo (isset($status['monsters']) ? $status['monsters'] : $error_icon); ?></td>
-					</tr>
-					<tr>
-						<th>MOTD:</th>
-						<td><?php echo(isset($status['motd']) ? $status['motd'] : $error_icon); ?></td>
-					</tr>
-					</tbody>
-				</table>
-			</div>
-		</div>
-	</div>
-<?php } ?>

admin/pages/modules/statistics.php

@@ -1,12 +0,0 @@
-<?php
-defined('MYAAC') or die('Direct access not allowed!');
-$count = $db->query('SELECT
-  (SELECT COUNT(*) FROM `accounts`) as total_accounts, 
-  (SELECT COUNT(*) FROM `players`) as total_players,
-  (SELECT COUNT(*) FROM `guilds`) as total_guilds,
-  (SELECT COUNT(*) FROM `' . TABLE_PREFIX . 'monsters`) as total_monsters,
-  (SELECT COUNT(*) FROM `houses`) as total_houses;')->fetch();
-
-$twig->display('statistics.html.twig', array(
-	'count' => $count,
-));

admin/pages/modules/templates/balance.html.twig

@@ -1,31 +0,0 @@
-{% if balance is iterable %}
-	<div class=" col-md-6 col-lg-3">
-		<div class="card card-info card-outline">
-			<div class="card-header">
-				<h5 class="m-0">Top 10 - Balance</h5>
-			</div>
-			<div class="card-body p-0">
-				<table class="table table-striped table-condensed">
-					<thead>
-					<tr>
-						<th>#</th>
-						<th>Player</th>
-						<th>Balance</th>
-					</tr>
-					</thead>
-					<tbody>
-					{% set i = 0 %}
-					{% for result in balance %}
-						{% set i = i + 1 %}
-						<tr>
-							<th>{{ i }}</th>
-							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
-							<td>{{ result.balance }}</td>
-						</tr>
-					{% endfor %}
-					</tbody>
-				</table>
-			</div>
-		</div>
-	</div>
-{% endif %}

admin/pages/modules/templates/coins.html.twig

@@ -1,25 +1,23 @@
 {% if coins is iterable %}
-	<div class=" col-md-6 col-lg-3">
-		<div class="card card-info card-outline">
-			<div class="card-header">
-				<h5 class="m-0">Top 10 - Most coins</h5>
+	<div class="col-md-3">
+		<div class="box">
+			<div class="box-header">
+				<h3 class="box-title">Top 10 - Most coins</h3>
 			</div>
-			<div class="card-body p-0">
-				<table class="table table-striped table-condensed">
-					<thead>
+			<div class="box-body no-padding">
+				<table class="table table-condensed">
+					<tbody>
 					<tr>
 						<th>#</th>
-						<th>Account</th>
+						<th>Account {{ account_type }}</th>
 						<th>Tibia coins</th>
 					</tr>
-					</thead>
-					<tbody>
 					{% set i = 0 %}
 					{% for result in coins %}
 						{% set i = i + 1 %}
 						<tr>
-							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td>{{ i }}</td>
+							<td>{{ result.name }}</td>
 							<td>{{ result.coins }}</td>
 						</tr>
 					{% endfor %}

admin/pages/modules/templates/created.html.twig

@@ -1,31 +0,0 @@
-{% if players is iterable %}
-	<div class=" col-md-6 col-lg-3">
-		<div class="card card-info card-outline">
-			<div class="card-header">
-				<h5 class="m-0">Last 10 created</h5>
-			</div>
-			<div class="card-body p-0">
-				<table class="table table-striped table-condensed">
-					<thead>
-					<tr>
-						<th>#</th>
-						<th>Account</th>
-						<th>Creation Date</th>
-					</tr>
-					</thead>
-					<tbody>
-					{% set i = 0 %}
-					{% for result in players %}
-						{% set i = i + 1 %}
-						<tr>
-							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
-							<td>{{ result.created|date("M d Y, H:i:s") }}</td>
-						</tr>
-					{% endfor %}
-					</tbody>
-				</table>
-			</div>
-		</div>
-	</div>
-{% endif %}

admin/pages/modules/templates/lastlogin.html.twig

@@ -1,25 +1,23 @@
 {% if players is iterable %}
-	<div class=" col-md-6 col-lg-3">
-		<div class="card card-info card-outline">
-			<div class="card-header">
-				<h5 class="m-0">Last 10 logins</h5>
+	<div class="col-md-3">
+		<div class="box">
+			<div class="box-header">
+				<h3 class="box-title">Last 10 Logins</h3>
 			</div>
-			<div class="card-body p-0">
-				<table class="table table-striped table-condensed">
-					<thead>
+			<div class="box-body no-padding">
+				<table class="table table-condensed">
+					<tbody>
 					<tr>
 						<th>#</th>
 						<th>Player</th>
 						<th>Login Date</th>
 					</tr>
-					</thead>
-					<tbody>
 					{% set i = 0 %}
 					{% for result in players %}
 						{% set i = i + 1 %}
 						<tr>
-							<th>{{ i }}</th>
-							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td>{{ i }}</td>
+							<td>{{ result.name }}</td>
 							<td>{{ result.lastlogin|date("M d Y, H:i:s") }}</td>
 						</tr>
 					{% endfor %}

admin/pages/modules/templates/points.html.twig

@@ -1,25 +1,23 @@
 {% if points is iterable %}
-	<div class=" col-md-6 col-lg-3">
-		<div class="card card-info card-outline">
-			<div class="card-header">
-				<h5 class="m-0">Top 10 - Most premium points</h5>
+	<div class="col-md-3">
+		<div class="box">
+			<div class="box-header">
+				<h3 class="box-title">Top 10 - Most premium points</h3>
 			</div>
-			<div class="card-body p-0">
-				<table class="table table-striped table-condensed">
-					<thead>
+			<div class="box-body no-padding">
+				<table class="table table-condensed">
+					<tbody>
 					<tr>
 						<th>#</th>
-						<th>Account</th>
+						<th>Account {{ account_type }}</th>
 						<th>Premium points</th>
 					</tr>
-					</thead>
-					<tbody>
 					{% set i = 0 %}
 					{% for result in points %}
 						{% set i = i + 1 %}
 						<tr>
-							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td>{{ i }}</td>
+							<td>{{ result.name }}</td>
 							<td>{{ result.premium_points }}</td>
 						</tr>
 					{% endfor %}

admin/pages/modules/templates/statistics.html.twig

@@ -1,45 +0,0 @@
-<div class="col">
-	<div class="info-box">
-		<span class="info-box-icon bg-info elevation-1"><i class="fas fa-user-plus"></i></span>
-		<div class="info-box-content">
-			<span class="info-box-text">Accounts:</span>
-			<span class="info-box-number">{{ count.total_accounts }}</span>
-		</div>
-	</div>
-</div>
-<div class="col">
-	<div class="info-box">
-		<span class="info-box-icon bg-red elevation-1"><i class="fas fa-user-plus"></i></span>
-		<div class="info-box-content">
-			<span class="info-box-text">Players:</span>
-			<span class="info-box-number">{{ count.total_players }}</span>
-		</div>
-	</div>
-</div>
-<div class="col">
-	<div class="info-box">
-		<span class="info-box-icon bg-teal elevation-1"><i class="fas fa-pastafarianism"></i></span>
-		<div class="info-box-content">
-			<span class="info-box-text">Monsters:</span>
-			<span class="info-box-number">{{ count.total_monsters }}</span>
-		</div>
-	</div>
-</div>
-<div class="col">
-	<div class="info-box">
-		<span class="info-box-icon bg-green elevation-1"><i class="fas fa-chart-pie"></i></span>
-		<div class="info-box-content">
-			<span class="info-box-text">Guilds:</span>
-			<span class="info-box-number">{{ count.total_guilds }}</span>
-		</div>
-	</div>
-</div>
-<div class="col">
-	<div class="info-box">
-		<span class="info-box-icon bg-yellow elevation-1"><i class="fas fa-home"></i></span>
-		<div class="info-box-content">
-			<span class="info-box-text">Houses:</span>
-			<span class="info-box-number">{{ count.total_houses }}</span>
-		</div>
-	</div>
-</div>

admin/pages/modules/templates/web_status.twig

@@ -1,39 +0,0 @@
-<div class="col-12 col-md-6">
-	<div class="card card-warning card-outline">
-		<form action="?p=dashboard&maintenance" method="post" class="form-horizontal">
-			<div class="card-header">
-				<span class="m-0">Website Status<span class="float-right">
-				<div class="custom-control custom-switch custom-switch-off-danger custom-switch-on-success">
-					<input type="checkbox" class="custom-control-input" name="status" id="status" value="true" {% if not is_closed %} checked{% endif %}>
-					<label id="status-label" class="custom-control-label" for="status"> {% if is_closed %}Closed{% else %}Open{% endif %}</label>
-				</div></span>
-				</span>
-			</div>
-			<div class="card-body p-2">
-				<div class="col-sm-12">
-					<label for="message" class="col-form-label">Maintenance Message</label>
-					<textarea name="message" class="form-control" cols="40" rows="3" maxlength="255" placeholder="Enter ...">{{ closed_message }}</textarea>
-					<small>(only visible if closed)</small>
-				</div>
-			</div>
-			<div class="card-footer">
-				<button type="submit" class="btn btn-info"><i class="far fa-update"></i> Update</button>
-				<a href="?p=dashboard&clear_cache" onclick="return confirm('Are you sure?');" class="float-right">
-					<span class="btn btn-danger"><i class="fas fa-clear"></i>Clear cache</span>
-				</a>
-			</div>
-		</form>
-	</div>
-</div>
-
-<script>
-	$(function() {
-		$("#status").change(function() {
-			$statusLabel = $("#status-label");
-			$statusLabel.html("Closed");
-			if ($(this).is(':checked')) {
-				$statusLabel.html("Open");
-			}
-		});
-	});
-</script>

admin/pages/modules/web_status.php

@@ -1,10 +0,0 @@
-<?php
-defined('MYAAC') or die('Direct access not allowed!');
-
-$twig->display('web_status.twig', array(
-	'is_closed' => $is_closed,
-	'closed_message' => $closed_message,
-	'status' => $status,
-	'account_type' => USE_ACCOUNT_NAME ? 'name' : 'number'
-));
-?>

admin/pages/news.php

@@ -13,7 +13,6 @@ require_once LIBS . 'forum.php';
 require_once LIBS . 'news.php';
 
 $title = 'News Panel';
-$use_datatable = true;
 
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
@@ -23,8 +22,8 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 header('X-XSS-Protection:0');
 
 // some constants, used mainly by database (cannot by modified without schema changes)
-define('NEWS_TITLE_LIMIT', 100);
-define('NEWS_BODY_LIMIT', 65535); // maximum news body length
+define('TITLE_LIMIT', 100);
+define('BODY_LIMIT', 65535); // maximum news body length
 define('ARTICLE_TEXT_LIMIT', 300);
 define('ARTICLE_IMAGE_LIMIT', 100);
 
@@ -43,12 +42,12 @@ if(!empty($action))
 	$forum_section = isset($_REQUEST['forum_section']) ? $_REQUEST['forum_section'] : null;
 	$errors = array();
 
-	if($action == 'new') {
+	if($action == 'add') {
 		if(isset($forum_section) && $forum_section != '-1') {
 			$forum_add = Forum::add_thread($p_title, $body, $forum_section, $player_id, $account_logged->getId(), $errors);
 		}
 
-		if(isset($p_title) && News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
+		if(News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
 			$p_title = $body = $comments = $article_text = $article_image = '';
 			$type = $category = $player_id = 0;
 
@@ -115,21 +114,21 @@ if($action == 'edit' || $action == 'new') {
 	$twig->display('admin.news.form.html.twig', array(
 		'action' => $action,
 		'news_link' => getLink(PAGE),
-		'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'new'),
-		'news_id' => $id ?? null,
-		'title' => $p_title ?? '',
+		'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'add'),
+		'news_id' => isset($id) ? $id : null,
+		'title' => isset($p_title) ? $p_title : '',
 		'body' => isset($body) ? escapeHtml($body) : '',
-		'type' => $type ?? null,
+		'type' => isset($type) ? $type : null,
 		'player' => isset($player) && $player->isLoaded() ? $player : null,
-		'player_id' => $player_id ?? null,
+		'player_id' => isset($player_id) ? $player_id : null,
 		'account_players' => $account_players,
-		'category' => $category ?? 0,
+		'category' => isset($category) ? $category : 0,
 		'categories' => $categories,
 		'forum_boards' => getForumBoards(),
-		'forum_section' => $forum_section ?? null,
-		'comments' => $comments ?? null,
-		'article_text' => $article_text ?? null,
-		'article_image' => $article_image ?? null
+		'forum_section' => isset($forum_section) ? $forum_section : null,
+		'comments' => isset($comments) ? $comments : null,
+		'article_text' => isset($article_text) ? $article_text : null,
+		'article_image' => isset($article_image) ? $article_image : null
 	));
 }
 

admin/pages/open_source.php

@@ -1,14 +0,0 @@
-<?php
-/**
- * Open Source libraries
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2023 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-
-$title = 'Open Source';
-
-$twig->display('admin.open_source.html.twig');

admin/pages/pages.php

@@ -9,7 +9,6 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Pages';
-$use_datatable = true;
 
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
@@ -18,18 +17,13 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 
 header('X-XSS-Protection:0');
 
-$name = $p_title = null;
+$name = $p_title = '';
 $groups = new OTS_Groups_List();
 
 $php = false;
 $enable_tinymce = true;
 $access = 0;
 
-// some constants, used mainly by database (cannot by modified without schema changes)
-define('PAGE_TITLE_LIMIT', 30);
-define('PAGE_NAME_LIMIT', 30);
-define('PAGE_BODY_LIMIT', 65535); // maximum page body length
-
 if (!empty($action)) {
 	if ($action == 'delete' || $action == 'edit' || $action == 'hide')
 		$id = $_REQUEST['id'];
@@ -55,13 +49,12 @@ if (!empty($action)) {
 	$errors = array();
 	$player_id = 1;
 
-	if ($action == 'new') {
-		if (isset($p_title) && Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
+	if ($action == 'add') {
+		if (Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
 			$name = $p_title = $body = '';
 			$player_id = $access = 0;
 			$php = false;
 			$enable_tinymce = true;
-			success('Added successful.');
 		}
 	} else if ($action == 'delete') {
 		if (Pages::delete($id, $errors))
@@ -76,18 +69,15 @@ if (!empty($action)) {
 			$enable_tinymce = $_page['enable_tinymce'] == '1';
 			$access = $_page['access'];
 		} else {
-			if(Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
+			Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access);
 			$action = $name = $p_title = $body = '';
 			$player_id = 1;
 			$access = 0;
 			$php = false;
 			$enable_tinymce = true;
-				success('Updated successful.');
-			}
 		}
 	} else if ($action == 'hide') {
-		Pages::toggleHidden($id, $errors, $status);
-		success(($status == 1 ? 'Show' : 'Hide') . ' successful.');
+		Pages::toggleHidden($id, $errors);
 	}
 
 	if (!empty($errors))
@@ -126,48 +116,6 @@ $twig->display('admin.pages.html.twig', array(
 
 class Pages
 {
-	static public function verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
-	{
-		if(!isset($title[0]) || !isset($body[0])) {
-			$errors[] = 'Please fill all inputs.';
-			return false;
-		}
-		if(strlen($name) > PAGE_NAME_LIMIT) {
-			$errors[] = 'Page name cannot be longer than ' . PAGE_NAME_LIMIT . ' characters.';
-			return false;
-		}
-		if(strlen($title) > PAGE_TITLE_LIMIT) {
-			$errors[] = 'Page title cannot be longer than ' . PAGE_TITLE_LIMIT . ' characters.';
-			return false;
-		}
-		if(strlen($body) > PAGE_BODY_LIMIT) {
-			$errors[] = 'Page content cannot be longer than ' . PAGE_BODY_LIMIT . ' characters.';
-			return false;
-		}
-		if(!isset($player_id) || $player_id == 0) {
-			$errors[] = 'Player ID is wrong.';
-			return false;
-		}
-		if(!isset($php) || ($php != 0 && $php != 1)) {
-			$errors[] = 'Enable PHP is wrong.';
-			return false;
-		}
-		if ($php == 1 && !getBoolean(config('admin_pages_php_enable'))) {
-			$errors[] = 'PHP pages disabled on this server. To enable go to config.php and change admin_pages_php_enable to "yes".';
-			return false;
-		}
-		if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) {
-			$errors[] = 'Enable TinyMCE is wrong.';
-			return false;
-		}
-		if(!isset($access) || $access < 0 || $access > PHP_INT_MAX) {
-			$errors[] = 'Access is wrong.';
-			return false;
-		}
-
-		return true;
-	}
-
 	static public function get($id)
 	{
 		global $db;
@@ -180,11 +128,8 @@ class Pages
 
 	static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
 	{
-		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
-			return false;
-		}
-
 		global $db;
+		if (isset($name[0]) && isset($title[0]) && isset($body[0]) && $player_id != 0) {
 			$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name));
 			if ($query === false)
 				$db->insert(TABLE_PREFIX . 'pages',
@@ -200,16 +145,14 @@ class Pages
 				);
 			else
 				$errors[] = 'Page with this link already exists.';
+		} else
+			$errors[] = 'Please fill all inputs.';
 
 		return !count($errors);
 	}
 
-	static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
+	static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access)
 	{
-		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
-			return false;
-		}
-
 		global $db;
 		$db->update(TABLE_PREFIX . 'pages',
 			array(
@@ -222,8 +165,6 @@ class Pages
 				'access' => $access
 			),
 			array('id' => $id));
-
-		return true;
 	}
 
 	static public function delete($id, &$errors)
@@ -240,18 +181,15 @@ class Pages
 		return !count($errors);
 	}
 
-	static public function toggleHidden($id, &$errors, &$status)
+	static public function toggleHidden($id, &$errors)
 	{
 		global $db;
 		if (isset($id)) {
 			$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
-			if ($query !== false) {
+			if ($query !== false)
 				$db->update(TABLE_PREFIX . 'pages', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
-				$status = $query['hidden'];
-			}
-			else {
+			else
 				$errors[] = 'Page with id ' . $id . ' does not exists.';
-			}
 		} else
 			$errors[] = 'id not set';
 

admin/pages/phpinfo.php

@@ -16,4 +16,4 @@ if (!function_exists('phpinfo')) { ?>
 	<?php return;
 }
 ?>
-<iframe src="<?php echo ADMIN_URL; ?>tools/phpinfo.php" width="1024" height="550"></iframe>
+<iframe src="<?php echo BASE_URL; ?>admin/tools/phpinfo.php" width="1024" height="550"/>

admin/pages/plugins.php

@@ -9,14 +9,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Plugin manager';
-$use_datatable = true;
 
-require_once LIBS . 'plugins.php';
-
-if (!getBoolean(config('admin_plugins_manage_enable'))) {
-	warning('Plugin installation and management is disabled in config.<br/>If you wish to enable, go to config.php and change <b>admin_plugins_manage_enable</b> to "yes".');
-}
-else {
 $twig->display('admin.plugins.form.html.twig');
 
 if (isset($_REQUEST['uninstall'])) {
@@ -27,27 +20,13 @@ else {
 	} else {
 		error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
 	}
-	} else if (isset($_REQUEST['enable'])) {
-		$enable = $_REQUEST['enable'];
-		if (Plugins::enable($enable)) {
-			success('Successfully enabled plugin ' . $enable);
-		} else {
-			error('Error while enabling plugin ' . $enable . ': ' . Plugins::getError());
-		}
-	} else if (isset($_REQUEST['disable'])) {
-		$disable = $_REQUEST['disable'];
-		if (Plugins::disable($disable)) {
-			success('Successfully disabled plugin ' . $disable);
-		} else {
-			error('Error while disabling plugin ' . $disable . ': ' . Plugins::getError());
-		}
-	} else if (isset($_FILES['plugin']['name'])) {
-		$file = $_FILES['plugin'];
-		$filename = $file['name'];
-		$tmp_name = $file['tmp_name'];
-		$type = $file['type'];
+} else if (isset($_FILES["plugin"]["name"])) {
+	$file = $_FILES["plugin"];
+	$filename = $file["name"];
+	$tmp_name = $file["tmp_name"];
+	$type = $file["type"];
 
-		$name = explode('.', $filename);
+	$name = explode(".", $filename);
 	$accepted_types = array('application/zip', 'application/x-zip-compressed', 'multipart/x-zip', 'application/x-compressed', 'application/octet-stream', 'application/zip-compressed');
 
 	if (isset($file['error'])) {
@@ -106,26 +85,23 @@ else {
 		}
 	}
 }
-}
 
 $plugins = array();
-foreach (get_plugins(true) as $plugin) {
+foreach (get_plugins() as $plugin) {
 	$string = file_get_contents(BASE . 'plugins/' . $plugin . '.json');
+	$string = Plugins::removeComments($string);
 	$plugin_info = json_decode($string, true);
 
-	if (!$plugin_info) {
+	if ($plugin_info == false) {
 		warning('Cannot load plugin info ' . $plugin . '.json');
 	} else {
-		$disabled = (strpos($plugin, 'disabled.') !== false);
-		$pluginOriginal = ($disabled ? str_replace('disabled.', '', $plugin) : $plugin);
 		$plugins[] = array(
-			'name' => $plugin_info['name'] ?? '',
-			'description' => $plugin_info['description'] ?? '',
-			'version' => $plugin_info['version'] ?? '',
-			'author' => $plugin_info['author'] ?? '',
-			'contact' => $plugin_info['contact'] ?? '',
-			'file' => $pluginOriginal,
-			'enabled' => !$disabled,
+			'name' => isset($plugin_info['name']) ? $plugin_info['name'] : '',
+			'description' => isset($plugin_info['description']) ? $plugin_info['description'] : '',
+			'version' => isset($plugin_info['version']) ? $plugin_info['version'] : '',
+			'author' => isset($plugin_info['author']) ? $plugin_info['author'] : '',
+			'contact' => isset($plugin_info['contact']) ? $plugin_info['contact'] : '',
+			'file' => $plugin,
 			'uninstall' => isset($plugin_info['uninstall'])
 		);
 	}

admin/pages/reports.php

@@ -4,12 +4,11 @@
  *
  * @package   MyAAC
  * @author    Lee
- * @copyright 2020 MyAAC
+ * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Report Viewer';
-$use_datatable = true;
 
 $files = array();
 $server_path_reports = $config['data_path'] . 'reports/';
@@ -43,13 +42,16 @@ foreach ($files as &$f) {
 
 unset($f);
 
+$twig->display('admin.reports.html.twig', array('files' => $files));
+
+
 $file = isset($_GET['file']) ? $_GET['file'] : NULL;
 if (!empty($file)) {
 	if (!preg_match('/[^A-z0-9\' _\/\-\.]/', $file)) {
 		if (file_exists($server_path_reports . $file)) {
-			$file_content = nl2br(file_get_contents($server_path_reports . $file));
+			$content = nl2br(file_get_contents($server_path_reports . $file));
 
-			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $file_content));
+			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $content));
 		} else {
 			echo 'Specified file does not exist.';
 		}
@@ -57,5 +59,3 @@ if (!empty($file)) {
 		echo 'Invalid file name specified.';
 	}
 }
-
-$twig->display('admin.reports.html.twig', array('files' => $files));

admin/pages/tools.php

@@ -10,24 +10,18 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Tools';
 
-if (!isset($_GET['tool'])) {
+$tool = $_GET['tool'];
+if (!isset($tool)) {
 	echo 'Tool not set.';
 	return;
 }
 
-$tool = $_GET['tool'];
 if (preg_match("/[^A-z0-9_\-]/", $tool)) {
 	echo 'Invalid tool.';
 	return;
 }
 
-$file = ADMIN . 'tools/' . $tool . '.php';
-
-if (@file_exists($file)) {
+$file = BASE . 'admin/pages/tools/' . $tool . '.php';
+if (!@file_exists($file))
 	require $file;
-	return;
-}
-
-echo 'Tool <strong>' . $tool . '</strong> not found.';
-
 ?>

admin/pages/version.php

@@ -24,10 +24,10 @@ if (!$myaac_version) {
 $version_compare = version_compare($myaac_version, MYAAC_VERSION);
 if ($version_compare == 0) {
 	success('MyAAC latest version is ' . $myaac_version . '. You\'re using the latest version.
-	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=clmd', 'here'));
+	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=changelog', 'here'));
 } else if ($version_compare < 0) {
 	success('Woah, seems you\'re using newer version as latest released one! MyAAC latest released version is ' . $myaac_version . ', and you\'re using version ' . MYAAC_VERSION . '.
-	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=clmd', 'here'));
+	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=changelog', 'here'));
 } else {
 	warning('You\'re using outdated version.<br/>
 		Your version: <b>' . MYAAC_VERSION . '</b><br/>

admin/pages/visitors.php

@@ -8,13 +8,7 @@
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
-
-use DeviceDetector\DeviceDetector;
-use DeviceDetector\Parser\Client\Browser;
-use DeviceDetector\Parser\OperatingSystem;
-
 $title = 'Visitors';
-$use_datatable = true;
 
 if (!$config['visitors_counter']): ?>
 	Visitors counter is disabled.<br/>
@@ -35,31 +29,6 @@ function compare($a, $b)
 $tmp = $visitors->getVisitors();
 usort($tmp, 'compare');
 
-foreach ($tmp as &$visitor) {
-	$userAgent = $visitor['user_agent'] ?? '';
-	if (!strlen($userAgent) || $userAgent == 'unknown') {
-		$browser = 'Unknown';
-	}
-	else {
-		$dd = new DeviceDetector($userAgent);
-		$dd->parse();
-
-		if ($dd->isBot()) {
-			$bot = $dd->getBot();
-			$message = '(Bot) %s, <a href="%s" target="_blank">%s</a>';
-			$browser = sprintf($message, $bot['category'], $bot['url'], $bot['name']);
-		}
-		else {
-			$osFamily = OperatingSystem::getOsFamily($dd->getOs('name'));
-			$browserFamily = Browser::getBrowserFamily($dd->getClient('name'));
-
-			$browser = $osFamily . ', ' . $browserFamily;
-		}
-	}
-
-	$visitor['browser'] = $browser;
-}
-
 $twig->display('admin.visitors.html.twig', array(
 	'config_visitors_counter_ttl' => $config['visitors_counter_ttl'],
 	'visitors' => $tmp

admin/template/menus.php

@@ -1,66 +0,0 @@
-<?php
-
-$menus = [
-	['name' => 'Dashboard', 'icon' => 'tachometer-alt', 'order' => 10, 'link' => 'dashboard'],
-	['name' => 'News', 'icon' => 'newspaper', 'order' => 20, 'link' =>
-		[
-			['name' => 'View', 'link' => 'news', 'icon' => 'list', 'order' => 10],
-			['name' => 'Add news', 'link' => 'news&action=new&type=1', 'icon' => 'plus', 'order' => 20],
-			['name' => 'Add ticker', 'link' => 'news&action=new&type=2', 'icon' => 'plus', 'order' => 30],
-			['name' => 'Add article', 'link' => 'news&action=new&type=3', 'icon' => 'plus', 'order' => 40],
-		],
-	],
-	['name' => 'Changelogs', 'icon' => 'newspaper', 'order' => 30, 'link' =>
-		[
-			['name' => 'View', 'link' => 'changelog', 'icon' => 'list', 'order' => 10],
-			['name' => 'Add', 'link' => 'changelog&action=new', 'icon' => 'plus', 'order' => 20],
-		],
-	],
-	['name' => 'Mailer', 'icon' => 'envelope', 'order' => 40, 'link' => 'mailer', 'disabled' => !config('mail_enabled')],
-	['name' => 'Pages', 'icon' => 'book', 'order' => 50, 'link' =>
-		[
-			['name' => 'View', 'link' => 'pages', 'icon' => 'list', 'order' => 10],
-			['name' => 'Add', 'link' => 'pages&action=new', 'icon' => 'plus', 'order' => 20],
-		],
-	],
-	['name' => 'Menus', 'icon' => 'list', 'order' => 60, 'link' => 'menus'],
-	['name' => 'Plugins', 'icon' => 'plug', 'order' => 70, 'link' => 'plugins'],
-	['name' => 'Server Data', 'icon' => 'gavel', 'order' => 80, 'link' => 'data'],
-	['name' => 'Editor', 'icon' => 'edit', 'order' => 90, 'link' =>
-		[
-			['name' => 'Accounts', 'link' => 'accounts', 'icon' => 'users', 'order' => 10],
-			['name' => 'Players', 'link' => 'players', 'icon' => 'user-astronaut', 'order' => 20],
-		],
-	],
-	['name' => 'Tools', 'icon' => 'tools', 'order' => 100, 'link' =>
-		[
-			['name' => 'Mass Account Actions', 'link' => 'mass_account', 'icon' => 'globe', 'order' => 10],
-			['name' => 'Mass Teleport Actions', 'link' => 'mass_teleport', 'icon' => 'globe', 'order' => 20],
-			['name' => 'Notepad', 'link' => 'notepad', 'icon' => 'marker', 'order' => 30],
-			['name' => 'phpinfo', 'link' => 'phpinfo', 'icon' => 'server', 'order' => 40],
-		],
-	],
-	['name' => 'Logs', 'icon' => 'bug', 'order' => 110, 'link' =>
-		[
-			['name' => 'Logs', 'link' => 'logs', 'icon' => 'book', 'order' => 10],
-			['name' => 'Reports', 'link' => 'reports', 'icon' => 'book', 'order' => 20],
-			['name' => 'Visitors', 'link' => 'visitors', 'icon' => 'user', 'order' => 30],
-		],
-	],
-];
-
-$hooks->trigger(HOOK_ADMIN_MENU);
-
-usort($menus, function ($a, $b) {
-	return $a['order'] - $b['order'];
-});
-
-foreach ($menus as $i => $menu) {
-	if (isset($menu['link']) && is_array($menu['link'])) {
-		usort($menus[$i]['link'], function ($a, $b) {
-			return $a['order'] - $b['order'];
-		});
-	}
-}
-
-return $menus;

admin/template/style.css

@@ -1,10 +1,44 @@
-.menu-text-li {color: #4b646f; background: #1a2226;}
-.menu-text {
-	display: block;
-	padding: .5rem 1rem;
-	white-space: nowrap;
+.slidecontainer {
+	width: 100%;
 }
 
-.sidebar-mini.sidebar-collapse .menu-text {
-	display: none;
+.slider {
+	-webkit-appearance: none;
+	width: 100%;
+
+	outline: none;
+	opacity: 0.7;
+	-webkit-transition: .2s;
+	transition: opacity .2s;
+}
+
+.slider:hover {
+	opacity: 1;
+}
+
+.slider::-webkit-slider-thumb {
+	-webkit-appearance: none;
+	appearance: none;
+	width: 15px;
+	height: 25px;
+	background: #3c8dbc;
+	cursor: pointer;
+}
+
+.slider::-moz-range-thumb {
+	width: 25px;
+	height: 25px;
+	background: #3c8dbc;
+	cursor: pointer;
+}
+
+td.details-control {
+	text-align: center;
+	color: forestgreen;
+	cursor: pointer;
+}
+
+tr.shown td.details-control {
+	text-align: center;
+	color: red;
 }

admin/template/template.php

@@ -1,203 +1,229 @@
 <?php defined('MYAAC') or die('Direct access not allowed!'); ?>
-<!doctype html>
-<html lang="en">
+<!DOCTYPE html>
+<html>
 <head>
-	<?php $hooks->trigger(HOOK_ADMIN_HEAD_START); ?>
-	<?php echo template_header(true); ?>
-	<title><?php echo (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];?></title>
-	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
-	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/adminlte.min.css">
+	<?php echo template_header(true);
+	$title_full =  (isset($title) ? $title . $config['title_separator'] : '') . $config['lua']['serverName'];
+	?>
+
+	<title><?php echo $title_full ?></title>
+	<link rel="shortcut icon" href="<?php echo BASE_URL; ?>images/favicon.ico" type="image/x-icon" />
+	<link rel="icon" href="<?php echo BASE_URL; ?>images/favicon.ico" type="image/x-icon" />
+	<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
+
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/bootstrap.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/AdminLTE.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/skins/skin-blue.min.css">
 	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/font-awesome.min.css">
-	<?php if (isset($use_datatable)) { ?>
-	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/datatables.bs.min.css">
-	<?php } ?>
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/ionicons.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/jquery.dataTables.min.css">
 	<link rel="stylesheet" type="text/css" href="<?php echo $template_path; ?>style.css"/>
 	<!--[if lt IE 9]>
-	<script src="<?php echo BASE_URL; ?>tools/js/html5shiv.min.js"></script>
-	<script src="<?php echo BASE_URL; ?>tools/js/respond.min.js"></script>
+	<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
+	<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
 	<![endif]-->
-	<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
-	<?php $hooks->trigger(HOOK_ADMIN_HEAD_END); ?>
+	<link rel="stylesheet"
+		  href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
 </head>
-<body class="sidebar-mini ">
-<?php $hooks->trigger(HOOK_ADMIN_BODY_START); ?>
-<?php if ($logged && admin()) { ?>
+<body class="hold-transition skin-blue sidebar-mini">
 <div class="wrapper">
-		<nav class="main-header navbar navbar-expand navbar-white navbar-light">
-			<ul class="navbar-nav">
-				<li class="nav-item">
-					<a class="nav-link" data-widget="pushmenu" href="#"><i class="fas fa-bars"></i></a>
-				</li>
-				<li class="nav-item d-none d-sm-inline-block">
-					<a href="<?php echo ADMIN_URL; ?>" class="nav-link">Home</a>
-				</li>
-			</ul>
-			<ul class="navbar-nav ml-auto">
-				<li class="nav-item">
-					<a class="nav-link" data-widget="control-sidebar" data-slide="true" href="#"><i class="fas fa-th-large"></i></a>
-				</li>
-			</ul>
-		</nav>
-		<aside class="main-sidebar sidebar-dark-info elevation-4">
-			<a href="<?php echo ADMIN_URL; ?>" class="brand-link navbar-info">
-				<img src="<?php echo ADMIN_URL; ?>images/logo.png" class="brand-image img-circle elevation-3" style="opacity: .8">
-				<span class="brand-text"><b>My</b>AAC</span>
-			</a>
-			<div class="sidebar">
-				<nav class="mt-1">
-					<ul class="nav nav-pills nav-sidebar flex-column nav-legacy nav-child-indent" data-widget="treeview" data-accordion="false">
-						<li class="menu-text-li">
-							<span class="menu-text">
-								<a class="text-info" href="<?php echo BASE_URL; ?>" target="_blank">
-									<?php echo $config['lua']['serverName'] ?>
-								</a>
-							</span>
-						</li>
 	<?php
-						// name = Display name of link
-						// icon = fontawesome icon name without "fas fa-"
-						// link = Page link or use as array for sub items
-						$menus = require __DIR__ . '/menus.php';
+	if ($logged && admin()) {
+	?>
+	<header class="main-header">
+		<a href="." class="logo">
+			<span class="logo-mini"><b>M</b>A</span>
+			<span class="logo-lg"><b>My</b>AAC</span>
+		</a>
 
-						foreach ($menus as $category => $menu) {
-							if (isset($menu['disabled']) && $menu['disabled']) {
-								continue;
+		<nav class="navbar navbar-static-top" role="navigation">
+			<a href="#" class="sidebar-toggle" data-toggle="push-menu" role="button">
+				<span class="sr-only">Toggle navigation</span>
+			</a>
+			<div class="navbar-custom-menu">
+				<ul class="nav navbar-nav">
+					<li>
+						<a href="#" data-toggle="control-sidebar"><i class="fa fa-gears"></i></a>
+					</li>
+				</ul>
+			</div>
+		</nav>
+	</header>
+	<aside class="main-sidebar">
+		<section class="sidebar">
+			<ul class="sidebar-menu" data-widget="tree">
+				<li class="header">MyAAC</li>
+
+				<?php
+				$icons_a = array(
+                    'dashboard','newspaper-o', 'envelope',
+                    'book', 'list',
+                    'plug', 'user',
+                    'edit', 'gavel',
+                    'wrench', 'edit', 'book', 'book',
+                );
+
+				$menus = array(
+					'Dashboard' => 'dashboard',
+					'News' => 'news',
+					'Mailer' => 'mailer',
+					'Pages' => 'pages',
+					'Menus' => 'menus',
+					'Plugins' => 'plugins',
+					'Visitors' => 'visitors',
+					'Editor' => array(
+						'Accounts' => 'accounts',
+						'Players' => 'players',
+					),
+					'Items' => 'items',
+					'Tools' => array(
+						'Notepad' => 'notepad',
+						'phpinfo' => 'phpinfo',
+					),
+					'Logs' => array(
+						'Logs' => 'logs',
+						'Reports' => 'reports',
+					),
+				);
+
+				$i = 0;
+				foreach ($menus as $_name => $_page) {
+					$has_child = is_array($_page);
+					if (!$has_child) {
+						echo '<li ';
+						if ($page == $_page) echo ' class="active"';
+						echo ">";
+						echo '<a href="?p=' . $_page . '"><i class="fa fa-' . (isset($icons_a[$i]) ? $icons_a[$i] : 'link') . '"></i> <span>' . $_name . '</span></a></li>';
 					}
 
-							$has_child = is_array($menu['link']);
-							if (!$has_child) { ?>
-								<li class="nav-item">
-									<a class="nav-link<?php echo(strpos($menu['link'], $page) !== false ? ' active' : '') ?>" href="?p=<?php echo $menu['link'] ?>">
-										<i class="nav-icon fas fa-<?php echo($menu['icon'] ?? 'link') ?>"></i>
-										<p><?php echo $menu['name'] ?></p>
-									</a>
-								</li>
-								<?php
-							} else if ($has_child) {
-								$used_menu = null;
+					if ($has_child) {
+						$used_menu = "";
 						$nav_construct = '';
-								foreach ($menu['link'] as $sub_category => $sub_menu) {
-									$nav_construct .= '<li class="nav-item"><a href="?p=' . $sub_menu['link'] . '" class="nav-link';
-									if ($_SERVER['QUERY_STRING'] == 'p=' . $sub_menu['link']) {
-										$nav_construct .= ' active';
+						foreach ($_page as $__name => $__page) {
+							$nav_construct = $nav_construct . '<li';
+
+							if ($page == $__page) {
+								$nav_construct = $nav_construct . ' class="active"';
 								$used_menu = true;
 							}
-									$nav_construct .= '"><i class="fas fa-' . ($sub_menu['icon'] ?? 'circle') . ' nav-icon"></i><p>' . $sub_menu['name'] . '</p></a></li>';
+							$nav_construct = $nav_construct . '><a href="?p=' . $__page . '"><i class="fa fa-circle-o"></i> ' . $__name . '</a></li>';
 						}
-								?>
-								<li class="nav-item has-treeview<?php echo($used_menu ? ' menu-open' : '') ?>">
-									<a href="#" class="nav-link<?php echo($used_menu ? ' active' : '') ?>">
-										<i class="nav-icon fas fa-<?php echo($menu['icon'] ?? 'link') ?>"></i>
-										<p><?php echo $menu['name'] ?></p><i class="right fas fa-angle-left"></i>
-									</a>
-									<ul class="nav nav-treeview">
-										<?php echo $nav_construct; ?>
-									</ul>
-								</li>
-								<?php
+
+						echo '<li class="treeview' . (($used_menu) ? ' menu-open' : '') . '">
+                                      <a href="#"><i class="fa fa-' . (isset($icons_a[$i]) ? $icons_a[$i] : 'link') . '"></i> <span>' . $_name . '</span>
+						              <span class="pull-right-container"><i class="fa fa-angle-left pull-right"></i></span></a>
+						              <ul class="treeview-menu" style="' . (($used_menu) ? '  display: block' : ' display: none') . '">';
+						echo $nav_construct;
+						echo '</ul>
+                                </li>';
 					}
+					$i++;
 				}
 
 				$query = $db->query('SELECT `name`, `page`, `flags` FROM `' . TABLE_PREFIX . 'admin_menu` ORDER BY `ordering`');
 				$menu_db = $query->fetchAll();
 				foreach ($menu_db as $item) {
-							if ($item['flags'] == 0 || hasFlag($item['flags'])) { ?>
-								<li class="nav-item">
-									<a class="nav-link<?php echo($page == $item['page'] ? ' active' : '') ?>" href="?p=<?php echo $item['page'] ?>">
-										<i class="nav-icon fas fa-link"></i>
-										<p><?php echo $item['name'] ?></p>
-									</a>
-								</li>
-								<?php
+					if ($item['flags'] == 0 || hasFlag($item['flags'])) {
+						echo '<li ';
+						if ($page == $item['page']) echo ' class="active"';
+						echo ">";
+						echo '<a href="?p=' . $item['page'] . '"><i class="fa fa-link"></i> <span>' . $item['name'] . '</span></a></li>';
 					}
 				}
 				?>
 			</ul>
-				</nav>
-			</div>
+		</section>
 	</aside>
 
-		<div class="content-wrapper" style="min-height: 823px;">
-			<div class="content-header">
-				<div class="container-fluid">
-					<div class="row mb-2">
-						<div class="col-sm-6">
-							<h3 class="m-0 text-dark"><?php echo(isset($title) ? $title : ''); ?><small> - Admin Panel</small></h3>
+	<div class="content-wrapper">
+		<section class="content-header">
+			<h1><?php echo(isset($title) ? $title : ''); ?>
+				<small> - Admin Panel</small>
+				<div class="pull-right">
+					<span class="label label-<?php echo(($status['online']) ? 'success' : 'danger'); ?>"><?php echo $config['lua']['serverName'] ?></span>
 				</div>
-						<div class="col-sm-6">
-							<div class="float-sm-right d-none d-sm-inline">
-								<span class="p-2 right badge badge-<?php echo((isset($status['online']) and $status['online']) ? 'success' : 'danger'); ?>"><?php echo $config['lua']['serverName'] ?></span>
-							</div>
-						</div>
-					</div>
-				</div>
-			</div>
-			<div class="content">
-				<div class="container-fluid">
+			</h1>
+		</section>
+		<section class="content">
 			<?php echo $content; ?>
-				</div>
-			</div>
-		</div>
+		</section>
 
-		<aside class="control-sidebar control-sidebar-dark">
-			<div class="p-3">
-				<h4>Account:</h4>
-				<p><h5><a href="?action=logout"><i class="fas fa-sign-out-alt text-danger"></i> Log out</h5></a>
-				<small>This will log you out</small></p>
 	</div>
-			<div class="p-3">
-				<h4>Site:</h4>
-				<p><h5><a href="<?php echo BASE_URL; ?>" target="_blank"><i class="far fa-eye text-blue"></i> Preview</a></h5>
-				<small>This will open a new tab</small></p>
-			</div>
-			<div class="p-3">
-				<h4>Version:</h4>
-				<p><h5><a href="?p=version"><i class="fas fa-code-branch"></i> <?php echo MYAAC_VERSION; ?></a></h5>
-				<small>Check for updates</small></p>
-			</div>
-			<div class="p-3">
-				<h4>Site:</h4>
-				<p><h5><a href="https://github.com/slawkens/myaac" target="_blank"><i class="fab fa-github"></i> Github</a></h5>
-				<small>Goto GitHub Page</small></p>
-
-				<p><h5><a href="http://my-aac.org/" target="_blank"><i class="fas fa-shoe-prints"></i> MyAAC Official</a></h5>
-				<small>Goto MyAAC Official Website</small></p>
-
-				<p><h5><a href="?p=open_source"><i class="fas fa-wrench"></i> Open Source</a></h5>
-				<small>View Open Source Software MyAAC is using</small></p>
-			</div>
-		</aside>
 
 	<footer class="main-footer">
-			<div class="float-sm-right d-none d-sm-inline">
-				<span class="p-2 right badge badge-<?php echo((isset($status['online']) and $status['online']) ? 'success' : 'danger'); ?>"><?php echo $config['lua']['serverName'] ?></span>
+
+		<div class="pull-right hidden-xs">
+			<div id="status">
+				<?php if ($status['online']): ?>
+					<p class="success" style="width: 120px; text-align: center;">Server Online</p>
+				<?php else: ?>
+					<p class="error" style="width: 120px; text-align: center;">Server Offline</p>
+				<?php endif; ?>
+			</div>
 		</div>
 		<?php echo base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4='); ?>
 	</footer>
-		<div id="sidebar-overlay"></div>
+
+	<aside class="control-sidebar control-sidebar-dark">
+		<ul class="nav nav-tabs nav-justified control-sidebar-tabs">
+			<li class="active"><a href="#control-sidebar-home-tab" data-toggle="tab"><i class="fa fa-home"></i></a></li>
+			<li><a href="#control-sidebar-settings-tab" data-toggle="tab"><i class="fa fa-gears"></i></a></li>
+		</ul>
+		<div class="tab-content">
+			<div class="tab-pane active" id="control-sidebar-home-tab">
+				<h3 class="control-sidebar-heading">Account</h3>
+				<ul class="control-sidebar-menu">
+					<li>
+						<a href="?action=logout">
+							<i class="menu-icon fa  fa-sign-out bg-red"></i>
+							<div class="menu-info">
+								<h4 class="control-sidebar-subheading">Log out</h4>
+								<p>This will log you out
+									of <?php echo(USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()); ?></p>
+							</div>
+						</a>
+					</li>
+				</ul>
+				<h3 class="control-sidebar-heading">Site</h3>
+				<ul class="control-sidebar-menu">
+					<li>
+						<a href="<?php echo BASE_URL; ?>" target="_blank">
+							<i class="menu-icon fa  fa-eye bg-blue"></i>
+							<div class="menu-info">
+								<h4 class="control-sidebar-subheading">Preview</h4>
+								<p>This will open a new tab</p>
+							</div>
+						</a>
+					</li>
+				</ul>
+			</div>
+			<div class="tab-pane" id="control-sidebar-settings-tab">
+				<form method="post">
+					<h3 class="control-sidebar-heading">Version</h3>
+
+					<div class="form-group">
+						<label class="control-sidebar-subheading">
+							<?php echo MYAAC_VERSION; ?> (<a href="?p=version">Check for updates</a>)<br/>
+						</label>
+						<label class="control-sidebar-subheading">
+							<p><a href="https://github.com/slawkens/myaac" target="_blank">Github</a></p>
+					</div>
+				</form>
+			</div>
+		</div>
+	</aside>
+	<div class="control-sidebar-bg"></div>
 </div>
 
-<?php } else if (!$logged && !admin()) {
+<?php }
+if (!$logged && !admin()) {
 	echo $content;
 }
 ?>
-<?php
-/**
- * @var OTS_Account $account_logged
- */
-if ($logged && admin()) {
-	$twig->display('admin-bar.html.twig', [
-		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
-	]);
-}
-?>
+
 <script src="<?php echo BASE_URL; ?>tools/js/bootstrap.min.js"></script>
 <script src="<?php echo BASE_URL; ?>tools/js/jquery-ui.min.js"></script>
-<?php if (isset($use_datatable))  { ?>
-<script src="<?php echo BASE_URL; ?>tools/js/datatables.min.js"></script>
-<script src="<?php echo BASE_URL; ?>tools/js/datatables.bs.min.js"></script>
-<?php } ?>
+<script src="<?php echo BASE_URL; ?>tools/js/jquery.dataTables.min.js"></script>
 <script src="<?php echo BASE_URL; ?>tools/js/adminlte.min.js"></script>
-<?php $hooks->trigger(HOOK_ADMIN_BODY_END); ?>
 </body>
 </html>

admin/tools/reload_data.php

@@ -1,46 +0,0 @@
-<?php
-/**
- * Project: MyAAC
- *     Automatic Account Creator for Open Tibia Servers
- *
- * This is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2020 MyAAC
- * @link      https://my-aac.org
- */
-define('MYAAC_ADMIN', true);
-
-require '../../common.php';
-require SYSTEM . 'functions.php';
-require SYSTEM . 'init.php';
-require SYSTEM . 'login.php';
-
-if (!admin())
-	die('Access denied.');
-
-ini_set('max_execution_time', 300);
-ob_implicit_flush();
-ob_end_flush();
-header('X-Accel-Buffering: no');
-
-require LIBS . 'DataLoader.php';
-
-require LOCALE . 'en/main.php';
-require LOCALE . 'en/install.php';
-
-DataLoader::setLocale($locale);
-DataLoader::load();

admin/tools/upload_image.php

@@ -1,53 +0,0 @@
-<?php
-define('MYAAC_ADMIN', true);
-
-require '../../common.php';
-require SYSTEM . 'functions.php';
-require SYSTEM . 'init.php';
-require SYSTEM . 'login.php';
-
-if(!admin())
-	die('Access denied.');
-
-// Don't attempt to process the upload on an OPTIONS request
-if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
-	header('Access-Control-Allow-Methods: POST, OPTIONS');
-	return;
-}
-
-$imageFolder = BASE . EDITOR_IMAGES_DIR;
-
-reset ($_FILES);
-$temp = current($_FILES);
-if (is_uploaded_file($temp['tmp_name'])) {
-	header('Access-Control-Allow-Credentials: true');
-	header('P3P: CP="There is no P3P policy."');
-
-	// Sanitize input
-	if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) {
-		header('HTTP/1.1 400 Invalid file name.');
-		return;
-	}
-
-	// Verify extension
-	$ext = strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION));
-	if (!in_array($ext, ['gif', 'jpg', 'png'])) {
-		header('HTTP/1.1 400 Invalid extension.');
-		return;
-	}
-
-	do {
-		$randomName = generateRandomString(8). ".$ext";
-		$fileToWrite = $imageFolder . $randomName;
-	} while (file_exists($fileToWrite));
-
-	move_uploaded_file($temp['tmp_name'], $fileToWrite);
-
-	$returnPathToImage = BASE_URL . EDITOR_IMAGES_DIR . $randomName;
-	echo json_encode(['location' => $returnPathToImage]);
-} else {
-	// Notify editor that the upload failed
-	header('HTTP/1.1 500 Server Error');
-}
-
-

common.php

@@ -25,93 +25,68 @@
  */
 if (version_compare(phpversion(), '7.2.5', '<')) die('PHP version 7.2.5 or higher is required.');
 
-const MYAAC = true;
-const MYAAC_VERSION = '0.9.0-alpha';
-const DATABASE_VERSION = 35;
-const TABLE_PREFIX = 'myaac_';
+define('MYAAC', true);
+define('MYAAC_VERSION', '0.8.22');
+define('DATABASE_VERSION', 33);
+define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
 define('IS_CLI', in_array(php_sapi_name(), ['cli', 'phpdb']));
 
 // account flags
-const FLAG_NONE = 0;
-const FLAG_ADMIN = 1;
-const FLAG_SUPER_ADMIN = 2;
-const FLAG_SUPER_BOTH = 3;
-const FLAG_CONTENT_PAGES = 4;
-const FLAG_CONTENT_MAILER = 8;
-const FLAG_CONTENT_NEWS = 16;
-const FLAG_CONTENT_FORUM = 32;
-const FLAG_CONTENT_COMMANDS = 64;
-const FLAG_CONTENT_SPELLS = 128;
-const FLAG_CONTENT_MONSTERS = 256;
-const FLAG_CONTENT_GALLERY = 512;
-const FLAG_CONTENT_VIDEOS = 1024;
-const FLAG_CONTENT_FAQ = 2048;
-const FLAG_CONTENT_MENUS = 4096;
-const FLAG_CONTENT_PLAYERS = 8192;
-
-// account access types
-const ACCOUNT_WEB_FLAGS = [
-	FLAG_NONE => 'None',
-	FLAG_ADMIN =>'Admin',
-	FLAG_SUPER_ADMIN => 'Super Admin',
-	FLAG_SUPER_BOTH =>'(Admin + Super Admin)',
-];
+define('FLAG_ADMIN', 1);
+define('FLAG_SUPER_ADMIN', 2);
+define('FLAG_CONTENT_PAGES', 4);
+define('FLAG_CONTENT_MAILER', 8);
+define('FLAG_CONTENT_NEWS', 16);
+define('FLAG_CONTENT_FORUM', 32);
+define('FLAG_CONTENT_COMMANDS', 64);
+define('FLAG_CONTENT_SPELLS', 128);
+define('FLAG_CONTENT_MONSTERS', 256);
+define('FLAG_CONTENT_GALLERY', 512);
+define('FLAG_CONTENT_VIDEOS', 1024);
+define('FLAG_CONTENT_FAQ', 2048);
+define('FLAG_CONTENT_MENUS', 4096);
+define('FLAG_CONTENT_PLAYERS', 8192);
 
 // news
-const NEWS = 1;
-const TICKER = 2;
-const ARTICLE = 3;
-
-// here you can change location of admin panel
-// you need also to rename folder "admin"
-// this may improve security
-const ADMIN_PANEL_FOLDER = 'admin';
+define('NEWS', 1);
+define('TICKER', 2);
+define('ARTICLE', 3);
 
 // directories
-const BASE = __DIR__ . '/';
-const ADMIN = BASE . ADMIN_PANEL_FOLDER . '/';
-const SYSTEM = BASE . 'system/';
-const CACHE = SYSTEM . 'cache/';
-const LOCALE = SYSTEM . 'locale/';
-const LIBS = SYSTEM . 'libs/';
-const LOGS = SYSTEM . 'logs/';
-const PAGES = SYSTEM . 'pages/';
-const PLUGINS = BASE . 'plugins/';
-const TEMPLATES = BASE . 'templates/';
-const TOOLS = BASE . 'tools/';
-const VENDOR = BASE . 'vendor/';
-
-// other dirs
-const SESSIONS_DIR = SYSTEM . 'php_sessions';
-const GUILD_IMAGES_DIR = 'images/guilds/';
-const EDITOR_IMAGES_DIR = 'images/editor/';
-const GALLERY_DIR = 'images/gallery/';
+define('BASE', __DIR__ . '/');
+define('ADMIN', BASE . 'admin/');
+define('SYSTEM', BASE . 'system/');
+define('CACHE', SYSTEM . 'cache/');
+define('LOCALE', SYSTEM . 'locale/');
+define('LIBS', SYSTEM . 'libs/');
+define('LOGS', SYSTEM . 'logs/');
+define('PAGES', SYSTEM . 'pages/');
+define('PLUGINS', BASE . 'plugins/');
+define('TEMPLATES', BASE . 'templates/');
+define('TOOLS', BASE . 'tools/');
 
 // menu categories
-const MENU_CATEGORY_NEWS = 1;
-const MENU_CATEGORY_ACCOUNT = 2;
-const MENU_CATEGORY_COMMUNITY = 3;
-const MENU_CATEGORY_FORUM = 4;
-const MENU_CATEGORY_LIBRARY = 5;
-const MENU_CATEGORY_SHOP = 6;
+define('MENU_CATEGORY_NEWS', 1);
+define('MENU_CATEGORY_ACCOUNT', 2);
+define('MENU_CATEGORY_COMMUNITY', 3);
+define('MENU_CATEGORY_FORUM', 4);
+define('MENU_CATEGORY_LIBRARY', 5);
+define('MENU_CATEGORY_SHOP', 6);
 
 // otserv versions
-const OTSERV = 1;
-const OTSERV_06 = 2;
-const OTSERV_FIRST = OTSERV;
-const OTSERV_LAST = OTSERV_06;
-const TFS_02 = 3;
-const TFS_03 = 4;
-const TFS_FIRST = TFS_02;
-const TFS_LAST = TFS_03;
-
-// other definitions
-const ACCOUNT_NUMBER_LENGTH = 8;
+define('OTSERV', 1);
+define('OTSERV_06', 2);
+define('OTSERV_FIRST', OTSERV);
+define('OTSERV_LAST', OTSERV_06);
+define('TFS_02', 3);
+define('TFS_03', 4);
+define('TFS_FIRST', TFS_02);
+define('TFS_LAST', TFS_03);
 
 if (!IS_CLI) {
-	session_save_path(SESSIONS_DIR);
+	session_save_path(SYSTEM . 'php_sessions');
 	session_start();
 }
 
@@ -122,9 +97,13 @@ $size = count($tmp) - 1;
 for($i = 1; $i < $size; $i++)
 	$basedir .= '/' . $tmp[$i];
 
-$basedir = str_replace(['/' . ADMIN_PANEL_FOLDER, '/install', '/tools'], '', $basedir);
+$basedir = str_replace(array('/admin', '/install', '/tools'), '', $basedir);
 define('BASE_DIR', $basedir);
 
+if (file_exists(BASE . 'config.local.php') && !defined('MYAAC_INSTALL')) {
+	require BASE . 'config.local.php';
+}
+
 if(!IS_CLI) {
 	if (isset($_SERVER['HTTP_HOST'][0])) {
 		$baseHost = $_SERVER['HTTP_HOST'];
@@ -136,16 +115,21 @@ if(!IS_CLI) {
 		}
 	}
 
-	define('SERVER_URL', 'http' . (isset($_SERVER['HTTPS'][0]) && strtolower($_SERVER['HTTPS']) === 'on' ? 's' : '') . '://' . $baseHost);
+	define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
 	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
-	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
+	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
 
 	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
+	if(@$config['env'] === 'dev') {
+		require SYSTEM . 'exception.php';
 	}
-
-$autoloadFile = VENDOR . 'autoload.php';
-if (!is_file($autoloadFile)) {
-	throw new RuntimeException('The vendor folder is missing. Please download Composer: <a href="https://getcomposer.org/download">https://getcomposer.org/download</a>, install it and execute in the main MyAAC directory this command: <b>composer install</b>. Or download MyAAC from <a href="https://github.com/slawkens/myaac/releases">GitHub releases</a>, which includes Vendor folder.');
 }
+require SYSTEM . 'autoload.php';
 
-require $autoloadFile;
+function isHttps(): bool
+{
+	return
+		(!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https')
+		|| (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
+		|| (isset($_SERVER['SERVER_PORT']) && (int) $_SERVER['SERVER_PORT'] === 443);
+}

composer.json

@@ -1,19 +0,0 @@
-{
-    "require": {
-        "php": "^7.2.5 || ^8.0",
-        "ext-pdo": "*",
-        "ext-pdo_mysql": "*",
-        "ext-json": "*",
-        "ext-xml": "*",
-        "ext-dom": "*",
-        "phpmailer/phpmailer": "^6.1",
-        "composer/semver": "^3.2",
-        "twig/twig": "^2.0",
-        "erusev/parsedown": "^1.7",
-        "nikic/fast-route": "^1.3",
-        "matomo/device-detector": "^6.0"
-    },
-    "require-dev": {
-        "filp/whoops": "^2.15"
-    }
-}

config.php

@@ -52,6 +52,7 @@ $config = array(
 	// head options (html)
 	'meta_description' => 'Tibia is a free massive multiplayer online role playing game (MMORPG).', // description of the site
 	'meta_keywords' => 'free online game, free multiplayer game, ots, open tibia server', // keywords list separated by commas
+	'title_separator' => ' - ',
 
 	// footer
 	'footer' => ''/*'<br/>Your Server &copy; 2016. All rights reserved.'*/,
@@ -73,9 +74,10 @@ $config = array(
 	'database_user' => '',
 	'database_password' => '',
 	'database_name' => '',
-	'database_log' => false, // should database queries be logged and saved into system/logs/database.log?
+	'database_log' => false, // should database queries be logged and and saved into system/logs/database.log?
 	'database_socket' => '', // set if you want to connect to database through socket (example: /var/run/mysqld/mysqld.sock)
 	'database_persistent' => false, // use database permanent connection (like server), may speed up your site
+	'database_encryption' => 'sha1',
 
 	// multiworld system (only TFS 0.3)
 	'multiworld' => false, // use multiworld system?
@@ -86,21 +88,10 @@ $config = array(
 
 	// images
 	'outfit_images_url' => 'https://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
-	'outfit_images_wrong_looktypes' => [75, 126, 127, 266, 302], // this looktypes needs to have different margin-top and margin-left because they are wrong positioned
 	'item_images_url' => 'https://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
-	'item_images_extension' => '.gif',
-
-	// creatures
-	'creatures_images_url' => 'images/monsters/', // set to images/monsters if you host your own creatures in images folder
-	'creatures_images_extension' => '.gif',
-	'creatures_images_preview' => false,  // set to true to allow picture previews for creatures
-	'creatures_items_url' => 'https://tibia.fandom.com/wiki/', // set to website which shows details about items.
-	'creatures_loot_percentage' => true, // set to true to show the loot tooltip percent
 
 	// account
 	'account_management' => true, // disable if you're using other method to manage users (fe. tfs account manager)
-	'account_login_by_email' => false, // use email instead of Account Name like in latest Tibia
-	'account_login_by_email_fallback' => false, // allow also additionally login by Account Name/Number (for users that might forget their email)
 	'account_create_auto_login' => false, // auto login after creating account?
 	'account_create_character_create' => true, // allow directly to create character on create account page?
 	'account_mail_verify' => false, // force users to confirm their email addresses when registering
@@ -112,7 +103,6 @@ $config = array(
 		'message' => 'You received %d %s for confirming your E-Mail address.' // example: You received 20 premium points for confirming your E-Mail address.
 	],
 	'account_mail_unique' => true, // email addresses cannot be duplicated? (one account = one email)
-	'account_mail_block_plus_sign' => true, // block email with '+' signs like test+box@gmail.com (help protect against spamming accounts)
 	'account_premium_days' => 0, // default premium days on new account
 	'account_premium_points' => 0, // default premium points on new account
 	'account_welcome_mail' => true, // send welcome email when user registers
@@ -142,24 +132,18 @@ $config = array(
 	'smtp_secure' => '', // What kind of encryption to use on the SMTP connection. Options: '', 'ssl' (GMail) or 'tls' (Microsoft Outlook)
 	'smtp_debug' => false, // set true to debug (you will see more info in error.log)
 
+	// reCAPTCHA (prevent spam bots)
+	'recaptcha_enabled' => false, // enable recaptcha verification code
+	'recaptcha_site_key' => '', // get your own site and secret keys at https://www.google.com/recaptcha
+	'recaptcha_secret_key' => '',
+	'recaptcha_theme' => 'light', // light, dark
+
 	//
 	'generate_new_reckey' => true,				// let player generate new recovery key, he will receive e-mail with new rec key (not display on page, hacker can't generate rec key)
 	'generate_new_reckey_price' => 20,			// price for new recovery key
 	'send_mail_when_change_password' => true,	// send e-mail with new password when change password to account
 	'send_mail_when_generate_reckey' => true,	// send e-mail with rec key (key is displayed on page anyway when generate)
 
-	// you may need to adjust this for older tfs versions
-	// by removing Community Manager
-	'account_types' => [
-		'None',
-		'Normal',
-		'Tutor',
-		'Senior Tutor',
-		'Gamemaster',
-		'Community Manager',
-		'God',
-	],
-
 	// genders (aka sex)
 	'genders' => array(
 		0 => 'Female',
@@ -188,12 +172,9 @@ $config = array(
 	// This is the minimum and the maximum length that a player can create a character. It is highly recommend the maximum length to be 21.
 	'character_name_min_length' => 4,
 	'character_name_max_length' => 21,
-	'character_name_npc_check' => true,
 
 	// list of towns
-	// if you use TFS 1.3 with support for 'towns' table in database, then you can ignore this - it will be configured automatically (from MySQL database - Table - towns)
-	// otherwise it will try to load from your .OTBM map file
-	// if you don't see towns on website, then you need to fill this out
+	// if you use TFS 1.3 with support for 'towns' table in database, then you can ignore this - it will be configured automatically (generated from your .OTBM map)
 	'towns' => array(
 		0 => 'No town',
 		1 => 'Sample town'
@@ -204,7 +185,6 @@ $config = array(
 	'guild_need_level' => 1, // min. level to form a guild
 	'guild_need_premium' => true, // require premium account to form a guild?
 	'guild_image_size_kb' => 80, // maximum size of the guild logo image in KB (kilobytes)
-	'guild_description_default' => 'New guild. Leader must edit this text :)',
 	'guild_description_chars_limit' => 1000, // limit of guild description
 	'guild_description_lines_limit' => 6, // limit of lines, if description has more lines it will be showed as long text, without 'enters'
 	'guild_motd_chars_limit' => 150, // limit of MOTD (message of the day) that is shown later in the game on the guild channel
@@ -225,19 +205,19 @@ $config = array(
 	'team_display_outfit' => true,
 
 	// bans page
-	'bans_per_page' => 20,
+	'bans_limit' => 50,
+	'bans_display_all' => true, // should all bans be displayed? (sorted page by page)
 
 	// highscores page
 	'highscores_vocation_box' => true, // show 'Choose a vocation' box on the highscores (allowing peoples to sort highscores by vocation)?
 	'highscores_vocation' => true, // show player vocation under his nickname?
-	'highscores_frags' => false, // show 'Frags' tab (best fraggers on the server)?
+	'highscores_frags' => false, // show 'Frags' tab (best fraggers on the server)? Only 0.3
 	'highscores_balance' => false, // show 'Balance' tab (richest players on the server)
 	'highscores_outfit' => true, // show player outfit?
 	'highscores_country_box' => false, // doesnt work yet! (not implemented)
 	'highscores_groups_hidden' => 3, // this group id and higher won't be shown on the highscores
 	'highscores_ids_hidden' => array(0), // this ids of players will be hidden on the highscores (should be ids of samples)
-	'highscores_per_page' => 100, // how many records per page on highscores
-	'highscores_cache_ttl' => 15, // how often to update highscores from database in minutes (default 15 minutes)
+	'highscores_length' => 100, // how many records per page on highscores
 
 	// characters page
 	'characters' => array( // what things to display on character view page (true/false in each option)
@@ -289,9 +269,9 @@ $config = array(
 
 	// status, took automatically from config file if empty
 	'status_enabled' => true, // you can disable status checking by settings this to "false"
-	'status_ip' => '',
+	'status_ip' => '127.0.0.1',
 	'status_port' => '',
-	'status_timeout' => 2.0, // how long to wait for the initial response from the server (default: 2 seconds)
+	'status_timeout' => 1.0, // how long to wait for the initial response from the server (default: 1 second)
 
 	// how often to connect to server and update status (default: every minute)
 	// if your status timeout in config.lua is bigger, that it will be used instead
@@ -299,11 +279,7 @@ $config = array(
 	'status_interval' => 60,
 
 	// admin panel
-	'admin_plugins_manage_enable' => 'yes', // you can disable possibility to upload and uninstall plugins, for security
-	// enable support for plain php pages in admin panel, for security
-	// existing pages still will be working, so you need to delete them manually
-	'admin_pages_php_enable' => 'no',
-	'admin_panel_modules' => 'statistics,web_status,server_status,lastlogin,created,points,coins,balance',    // default - statistics,web_status,server_status,lastlogin,created,points,coins,balance
+	'admin_panel_modules' => 'lastlogin,points,coins',
 
 	// other
 	'anonymous_usage_statistics' => true,
@@ -314,5 +290,13 @@ $config = array(
 	'date_timezone' => 'Europe/Berlin', // more info at http://php.net/manual/en/timezones.php
 	'footer_show_load_time' => true, // display load time of the page in the footer
 
-	'npc' => array()
+	'npc' => array(),
+
+	// character name blocked
+	'character_name_blocked' => array(
+		'prefix' => array(),
+		'names' => array(),
+		'words' => array(),
+	),
+
 );

cypress.config.js

@@ -1,9 +0,0 @@
-const { defineConfig } = require("cypress");
-
-module.exports = defineConfig({
-  e2e: {
-    setupNodeEvents(on, config) {
-      // implement node event listeners here
-    },
-  },
-});

cypress/e2e/1-install.cy.js

@@ -1,75 +0,0 @@
-describe('Install MyAAC', () => {
-	beforeEach(() => {
-		// Cypress starts out with a blank slate for each test
-		// so we must tell it to visit our website with the `cy.visit()` command.
-		// Since we want to visit the same URL at the start of all our tests,
-		// we include it in our beforeEach function so that it runs before each test
-		cy.visit(Cypress.env('URL'))
-	})
-
-	it('Go through installer', () => {
-		cy.visit(Cypress.env('URL') + '/install/?step=welcome')
-		cy.wait(1000)
-
-		cy.screenshot('install-welcome')
-
-		// step 1 - Welcome
-		cy.get('select[name="lang"]').select('en')
-
-		//cy.get('input[type=button]').contains('Next »').click()
-
-		cy.get('form').submit()
-
-		// step 2 - License
-		// just skip
-		cy.contains('GNU/GPL License');
-		cy.get('form').submit()
-
-		// step 3 - Requirements
-		cy.contains('Requirements check');
-
-		cy.get('#step').then(elem => {
-			elem.val('config');
-		});
-
-		cy.get('form').submit()
-
-		// step 4 - Configuration
-		cy.contains('Basic configuration');
-
-		cy.get('#vars_server_path').click().clear().type(Cypress.env('SERVER_PATH'))
-		cy.get('#vars_mail_admin').click().clear().type('noone@example.net')
-
-		cy.get('[type="checkbox"]').uncheck() // usage statistics uncheck
-
-		cy.wait(1000)
-
-		cy.get('form').submit()
-
-		// check if there is any error
-
-
-		// step 5 - Import Schema
-		cy.contains('Import MySQL schema');
-
-		// AAC is not installed yet, this message should not come
-		cy.contains('Seems AAC is already installed. Skipping importing MySQL schema..').should('not.exist')
-
-		cy.contains('[class="alert alert-success"]', 'Local configuration has been saved into file: config.local.php').should('be.visible')
-
-		cy.get('form').submit()
-
-		// step 6 - Admin Account
-		cy.get('#vars_email').click().clear().type('admin@my-aac.org')
-		cy.get('#vars_account').click().clear().type('admin')
-		cy.get('#vars_password').click().clear().type('test1234')
-		cy.get('#vars_password_confirm').click().clear().type('test1234')
-		cy.get('#vars_player_name').click().clear().type('Admin')
-
-		cy.get('form').submit()
-
-		cy.contains('[class="alert alert-success"]', 'Congratulations', { timeout: 30000 }).should('be.visible')
-
-		cy.screenshot('install-finish')
-	})
-})

cypress/e2e/2-create-account.cy.js

@@ -1,33 +0,0 @@
-describe('Create Account Page', () => {
-	beforeEach(() => {
-		// Cypress starts out with a blank slate for each test
-		// so we must tell it to visit our website with the `cy.visit()` command.
-		// Since we want to visit the same URL at the start of all our tests,
-		// we include it in our beforeEach function so that it runs before each test
-		cy.visit(Cypress.env('URL') + '/index.php/account/create')
-	})
-
-	it('Create Test Account', () => {
-		cy.screenshot('create-account-page')
-
-		cy.get('#account_input').type('tester')
-		cy.get('#email').type('tester@example.com')
-
-		cy.get('#password').type('test1234')
-		cy.get('#password2').type('test1234')
-
-		cy.get('#character_name').type('Slaw')
-
-		cy.get('#sex1').check()
-		cy.get('#vocation1').check()
-		cy.get('#accept_rules').check()
-
-		cy.get('#createaccount').submit()
-
-		// no errors please
-		cy.contains('The Following Errors Have Occurred:').should('not.exist')
-
-		// ss of post page
-		cy.screenshot('create-account-page-post')
-	})
-})

cypress/e2e/3-check-public-pages.cy.js

@@ -1,174 +0,0 @@
-describe('Check Public Pages', () => {
-
-	/// news
-	it('Go to news page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/news',
-			method: 'GET',
-		})
-	})
-
-	it('Go to news archive page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/news/archive',
-			method: 'GET',
-		})
-	})
-
-	it('Go to changelog page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/changelog',
-			method: 'GET',
-		})
-	})
-
-	/// account management
-	it('Go to account manage page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/manage',
-			method: 'GET',
-		})
-	})
-
-	it('Go to account create page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/create',
-			method: 'GET',
-		})
-	})
-
-	it('Go to account lost page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/lost',
-			method: 'GET',
-		})
-	})
-
-	it('Go to rules page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/rules',
-			method: 'GET',
-		})
-	})
-
-	// community
-	it('Go to online page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/online',
-			method: 'GET',
-		})
-	})
-
-	it('Go to characters list page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/characters',
-			method: 'GET',
-		})
-	})
-
-	it('Go to guilds page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/guilds',
-			method: 'GET',
-		})
-	})
-
-	it('Go to highscores page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/highscores',
-			method: 'GET',
-		})
-	})
-
-	it('Go to last kills page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/lastkills',
-			method: 'GET',
-		})
-	})
-
-	it('Go to houses page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/houses',
-			method: 'GET',
-		})
-	})
-
-	it('Go to bans page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/bans',
-			method: 'GET',
-		})
-	})
-
-	it('Go to forum page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/forum',
-			method: 'GET',
-		})
-	})
-
-	it('Go to team page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/team',
-			method: 'GET',
-		})
-	})
-
-	// library
-	it('Go to creatures page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/creatures',
-			method: 'GET',
-		})
-	})
-
-	it('Go to spells page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/spells',
-			method: 'GET',
-		})
-	})
-
-	it('Go to server info page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/serverInfo',
-			method: 'GET',
-		})
-	})
-
-	it('Go to commands page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/commands',
-			method: 'GET',
-		})
-	})
-
-	it('Go to downloads page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/downloads',
-			method: 'GET',
-		})
-	})
-
-	it('Go to gallery page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/gallery',
-			method: 'GET',
-		})
-	})
-
-	it('Go to experience table page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/experienceTable',
-			method: 'GET',
-		})
-	})
-
-	it('Go to faq page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/faq',
-			method: 'GET',
-		})
-	})
-})

cypress/e2e/4-check-protected-pages.cy.js

@@ -1,81 +0,0 @@
-const REQUIRED_LOGIN_MESSAGE = 'Please enter your account name and your password.';
-const YOU_ARE_NOT_LOGGEDIN = 'You are not logged in.';
-
-describe('Check Protected Pages', () => {
-
-	// character actions
-	it('Go to accouht character creation page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/character/create',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	it('Go to accouht character deletion page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/character/delete',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	// account actions
-	it('Go to accouht email change page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/email',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	it('Go to accouht password change page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/password',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	it('Go to accouht info change page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/info',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	it('Go to accouht logout change page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/logout',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	// guild actions
-	it('Go to guild creation page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/?subtopic=guilds&action=create',
-			method: 'GET',
-		})
-		cy.contains(YOU_ARE_NOT_LOGGEDIN)
-	})
-
-	it('Go to guilds cleanup players action page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/?subtopic=guilds&action=cleanup_players',
-			method: 'GET',
-		})
-		cy.contains(YOU_ARE_NOT_LOGGEDIN)
-	})
-
-	it('Go to guilds cleanup guilds action page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/?subtopic=guilds&action=cleanup_guilds',
-			method: 'GET',
-		})
-		cy.contains(YOU_ARE_NOT_LOGGEDIN)
-	})
-
-})

cypress/fixtures/example.json

@@ -1,5 +0,0 @@
-{
-  "name": "Using fixtures to represent data",
-  "email": "hello@cypress.io",
-  "body": "Fixtures are a great way to mock data for responses to routes"
-}

cypress/support/commands.js

@@ -1,25 +0,0 @@
-// ***********************************************
-// This example commands.js shows you how to
-// create various custom commands and overwrite
-// existing commands.
-//
-// For more comprehensive examples of custom
-// commands please read more here:
-// https://on.cypress.io/custom-commands
-// ***********************************************
-//
-//
-// -- This is a parent command --
-// Cypress.Commands.add('login', (email, password) => { ... })
-//
-//
-// -- This is a child command --
-// Cypress.Commands.add('drag', { prevSubject: 'element'}, (subject, options) => { ... })
-//
-//
-// -- This is a dual command --
-// Cypress.Commands.add('dismiss', { prevSubject: 'optional'}, (subject, options) => { ... })
-//
-//
-// -- This will overwrite an existing command --
-// Cypress.Commands.overwrite('visit', (originalFn, url, options) => { ... })

cypress/support/e2e.js

@@ -1,20 +0,0 @@
-// ***********************************************************
-// This example support/e2e.js is processed and
-// loaded automatically before your test files.
-//
-// This is a great place to put global configuration and
-// behavior that modifies Cypress.
-//
-// You can change the location of this file or turn off
-// automatically serving support files with the
-// 'supportFile' configuration option.
-//
-// You can read more here:
-// https://on.cypress.io/configuration
-// ***********************************************************
-
-// Import commands.js using ES2015 syntax:
-import './commands'
-
-// Alternatively you can use CommonJS syntax:
-// require('./commands')

index.php

@@ -24,26 +24,23 @@
  * @link      https://my-aac.org
  */
 
+ob_start();
 require_once 'common.php';
 require_once SYSTEM . 'functions.php';
 
 $uri = $_SERVER['REQUEST_URI'];
-if(false !== strpos($uri, 'index.php')) {
-	$uri = str_replace_first('/index.php', '', $uri);
-}
 
-if(0 === strpos($uri, '/')) {
+$tmp = BASE_DIR;
+if(!empty($tmp))
+	$uri = str_replace(BASE_DIR . '/', '', $uri);
+else
 	$uri = str_replace_first('/', '', $uri);
-}
 
-if(preg_match("/^[A-Za-z0-9-_%'+\/]+\.png$/i", $uri)) {
-	if (!empty(BASE_DIR)) {
-		$tmp = explode('.', str_replace_first(str_replace_first('/', '', BASE_DIR) . '/', '', $uri));
-	}
-	else {
+$uri = str_replace(array('index.php/', '?'), '', $uri);
+define('URI', $uri);
+
+if(preg_match("/^[A-Za-z0-9-_%'+]+\.png$/i", $uri)) {
 	$tmp = explode('.', $uri);
-	}
-
 	$_REQUEST['name'] = urldecode($tmp[0]);
 
 	chdir(TOOLS . 'signature');
@@ -51,7 +48,7 @@ if(preg_match("/^[A-Za-z0-9-_%'+\/]+\.png$/i", $uri)) {
 	exit();
 }
 
-if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
+if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
 	http_response_code(404);
 	exit;
 }
@@ -78,28 +75,134 @@ if((!isset($config['installed']) || !$config['installed']) && file_exists(BASE .
 	throw new RuntimeException('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
 }
 
-$template_place_holders = array();
-
 require_once SYSTEM . 'init.php';
+require_once SYSTEM . 'template.php';
 
 // verify myaac tables exists in database
 if(!$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
 }
 
+$found = false;
+if(empty($uri) || isset($_REQUEST['template'])) {
+	$_REQUEST['p'] = 'news';
+	$found = true;
+}
+else {
+	$tmp = strtolower($uri);
+	if (!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(TEMPLATES . $template_name . '/pages/' . $tmp . '.php')) {
+		$_REQUEST['p'] = $uri;
+		$found = true;
+	}
+	else if (!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $tmp . '.php')) {
+		$_REQUEST['p'] = $uri;
+		$found = true;
+	}
+	else {
+		$rules = array(
+			'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
+			'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
+			'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
+			'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
+			'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
+			'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
+			'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
+			'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
+			'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
+			'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
+			'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
+			'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
+			'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
+			'/^account\/character\/comment\/[A-Za-z0-9-_%+\']+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
+			'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
+			'/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
+			'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
+			'/^changelog\/[0-9]+\/?$/' => array('subtopic' => 'changelog', 'page' => '$1'),
+			'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
+			'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
+			'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
+			'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
+			'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
+			'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
+			'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
+			'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
+			'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
+			'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
+			'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
+			'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
+			'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
+			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
+			'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
+			'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
+			'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
+			'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
+			'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
+			'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
+			'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
+			'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
+			'/^houses\/view\/?$/' => array('subtopic' => 'houses', 'page' => 'view')
+		);
+
+		foreach ($rules as $rule => $redirect) {
+			if (preg_match($rule, $uri)) {
+				$tmp = explode('/', $uri);
+				/* @var $redirect array */
+				foreach ($redirect as $key => $value) {
+
+					if (strpos($value, '$') !== false) {
+						$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
+					}
+
+					$_REQUEST[$key] = $value;
+					$_GET[$key] = $value;
+				}
+
+				$found = true;
+				break;
+			}
+		}
+	}
+}
+
+// handle ?fbclid=x, etc. (show news page)
+if (!$found && count($_GET) > 0 && !isset($_REQUEST['subtopic']) && !isset($_REQUEST['p']) && !in_array($_SERVER['QUERY_STRING'], getDatabasePages())) {
+	$_REQUEST['p'] = $_REQUEST['subtopic'] = 'news';
+	$found = true;
+}
+
+// define page visited, so it can be used within events system
+$page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_REQUEST['p']) ? $_REQUEST['p'] : '');
+if(empty($page) || !preg_match('/^[A-z0-9\_\-]+$/', $page)) {
+	$tmp = URI;
+	if(!empty($tmp)) {
+		$page = $tmp;
+	}
+	else {
+		if(!$found)
+			$page = '404';
+		else
+			$page = 'news';
+	}
+}
+
+$page = strtolower($page);
+define('PAGE', $page);
+
+$template_place_holders = array();
+
 // event system
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
 $hooks->load();
-require_once SYSTEM . 'template.php';
 require_once SYSTEM . 'login.php';
 require_once SYSTEM . 'status.php';
 
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
 
-require_once SYSTEM . 'router.php';
-
 require SYSTEM . 'migrate.php';
 
 $hooks->trigger(HOOK_STARTUP);
@@ -119,7 +222,7 @@ if(isset($config['anonymous_usage_statistics']) && $config['anonymous_usage_stat
 		if(fetchDatabaseConfig('last_usage_report', $value)) {
 			$should_report = time() > (int)$value + $report_time;
 			if($cache->enabled()) {
-				$cache->set('last_usage_report', $value);
+				$cache->set('last_usage_report', $value, 60 * 60);
 			}
 		}
 		else {
@@ -134,7 +237,7 @@ if(isset($config['anonymous_usage_statistics']) && $config['anonymous_usage_stat
 
 		updateDatabaseConfig('last_usage_report', time());
 		if($cache->enabled()) {
-			$cache->set('last_usage_report', time());
+			$cache->set('last_usage_report', time(), 60 * 60);
 		}
 	}
 }
@@ -148,6 +251,35 @@ if($config['visitors_counter'])
 	$visitors = new Visitors($config['visitors_counter_ttl']);
 }
 
+// page content loading
+if(!isset($content[0]))
+	$content = '';
+$load_it = true;
+
+// check if site has been closed
+$site_closed = false;
+if(fetchDatabaseConfig('site_closed', $site_closed)) {
+	$site_closed = ($site_closed == 1);
+	if($site_closed) {
+		if(!admin())
+		{
+			$title = getDatabaseConfig('site_closed_title');
+			$content .= '<p class="note">' . getDatabaseConfig('site_closed_message') . '</p><br/>';
+			$load_it = false;
+		}
+
+		if(!$logged)
+		{
+			ob_start();
+			require SYSTEM . 'pages/accountmanagement.php';
+			$content .= ob_get_contents();
+			ob_end_clean();
+			$load_it = false;
+		}
+	}
+}
+define('SITE_CLOSED', $site_closed);
+
 // backward support for gesior
 if($config['backward_support']) {
 	define('INITIALIZED', true);
@@ -156,6 +288,7 @@ if($config['backward_support']) {
 	$layout_name = $template_path;
 	$news_content = '';
 	$tickers_content = '';
+	$subtopic = PAGE;
 	$main_content = '';
 
 	$config['access_admin_panel'] = 2;
@@ -186,15 +319,67 @@ if($config['backward_support']) {
 		$config['status']['serverStatus_' . $key] = $value;
 }
 
-/**
- * @var OTS_Account $account_logged
- */
-if ($logged && admin()) {
-	$content .= $twig->render('admin-bar.html.twig', [
-		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
-	]);
+if($load_it)
+{
+	if(SITE_CLOSED && admin())
+		$content .= '<p class="note">Site is under maintenance (closed mode). Only privileged users can see it.</p>';
+
+	if($config['backward_support']) {
+		require SYSTEM . 'compat/pages.php';
+		require SYSTEM . 'compat/classes.php';
 	}
-$title_full =  (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];
+
+	$ignore = false;
+
+	$logged_access = 1;
+	if($logged && $account_logged && $account_logged->isLoaded()) {
+		$logged_access = $account_logged->getAccess();
+	}
+
+	$success = false;
+	$tmp_content = getCustomPage($page, $success);
+	if($success) {
+		$content .= $tmp_content;
+		if(hasFlag(FLAG_CONTENT_PAGES) || superAdmin()) {
+			$pageInfo = getCustomPageInfo($page);
+			$content = $twig->render('admin.pages.links.html.twig', array(
+					'page' => array('id' => $pageInfo !== null ? $pageInfo['id'] : 0, 'hidden' => $pageInfo !== null ? $pageInfo['hidden'] : '0')
+				)) . $content;
+		}
+	} else {
+		$file = TEMPLATES . "$template_name/pages/$page.php";
+		if(!@file_exists($file) || preg_match('/[^A-z0-9_\-]/', $page)) {
+			$file = SYSTEM . "pages/$page.php";
+			if(!@file_exists($file) || preg_match('/[^A-z0-9_\-]/', $page)) {
+				$page = '404';
+				$file = SYSTEM . 'pages/404.php';
+			}
+		}
+	}
+
+	ob_start();
+	if($hooks->trigger(HOOK_BEFORE_PAGE)) {
+		if(!$ignore)
+			require $file;
+	}
+
+	if($config['backward_support'] && isset($main_content[0]))
+		$content .= $main_content;
+
+	$content .= ob_get_contents();
+	ob_end_clean();
+	$hooks->trigger(HOOK_AFTER_PAGE);
+}
+
+if($config['backward_support']) {
+	$main_content = $content;
+	if(!isset($title))
+		$title = ucfirst($page);
+
+	$topic = $title;
+}
+
+$title_full =  (isset($title) ? $title . $config['title_separator'] : '') . $config['lua']['serverName'];
 require $template_path . '/' . $template_index;
 
 echo base64_decode('PCEtLSBQb3dlcmVkIGJ5IE15QUFDIDo6IGh0dHBzOi8vd3d3Lm15LWFhYy5vcmcvIC0tPg==') . PHP_EOL;

install/includes/database.php

@@ -6,18 +6,12 @@ $ots = POT::getInstance();
 require SYSTEM . 'database.php';
 
 if(!isset($db)) {
-	$database_error = '<p class="lead">' . $locale['step_database_error_mysql_connect'] . '</p>';
-	
-	$database_error .= '<p>' . $locale['step_database_error_mysql_connect_2'] . '</p>';
-
-	$database_error .= '<ul class="list-group">' .
-							'<li class="list-group-item list-group-item-warning">' . $locale['step_database_error_mysql_connect_3'] . '</li>' .
-							'<li class="list-group-item list-group-item-warning">' . $locale['step_database_error_mysql_connect_4'] . '</li>' .
-						'</ul>';
-
-	$database_error .= '<div class="alert alert-danger mt-4">
-							<span>' . $error . '</span>
-						</div>';
+	$database_error = $locale['step_database_error_mysql_connect'] . '<br/>' .
+			$locale['step_database_error_mysql_connect_2'] .
+			'<ul>' .
+				'<li>' . $locale['step_database_error_mysql_connect_3'] . '</li>' .
+				'<li>' . $locale['step_database_error_mysql_connect_4'] . '</li>' .
+			'</ul>' . '<br/>' . $error;
 }
 else {
 	if($db->hasTable('accounts'))

install/includes/functions.php

@@ -62,9 +62,9 @@ function next_buttons($previous = true, $next = true)
 		$ret .= '<input class="button" type="submit" onclick="document.getElementById(\'step\').value=\'' . $steps[$i + 1] . '\';" value="' . $locale['next'] . '" />';
 */
 	if($previous)
-		$ret .= '<input type="button" class="button btn btn-primary m-2" onclick="document.getElementById(\'step\').value=\'' . $steps[$i - 1] . '\'; this.form.submit();" value="&laquo; ' . $locale['previous'] . '" />';
+		$ret .= '<input type="button" class="button" onclick="document.getElementById(\'step\').value=\'' . $steps[$i - 1] . '\'; this.form.submit();" value="&laquo; ' . $locale['previous'] . '" />';
 	if($next)
-		$ret .= '<input type="button" class="button btn btn-primary m-2" onclick="document.getElementById(\'step\').value=\'' . $steps[$i + 1] . '\'; this.form.submit(); " value="' . $locale['next'] . ' &raquo;" />';
+		$ret .= '<input type="button" class="button" onclick="document.getElementById(\'step\').value=\'' . $steps[$i + 1] . '\'; this.form.submit(); " value="' . $locale['next'] . ' &raquo;" />';
 
 	$ret .= '</div>';
 	return $ret;

install/includes/schema.sql

@@ -1,4 +1,4 @@
-SET @myaac_database_version = 35;
+SET @myaac_database_version = 33;
 
 CREATE TABLE `myaac_account_actions`
 (
@@ -203,29 +203,25 @@ CREATE TABLE `myaac_monsters` (
 	`mana` int(11) NOT NULL DEFAULT 0,
 	`exp` int(11) NOT NULL,
 	`health` int(11) NOT NULL,
-	`look` VARCHAR(255) NOT NULL DEFAULT '',
 	`speed_lvl` int(11) NOT NULL default 1,
 	`use_haste` tinyint(1) NOT NULL,
 	`voices` text NOT NULL,
 	`immunities` varchar(255) NOT NULL,
-	`elements` TEXT NOT NULL,
 	`summonable` tinyint(1) NOT NULL,
 	`convinceable` tinyint(1) NOT NULL,
-	`pushable` TINYINT(1) NOT NULL DEFAULT '0',
-	`canpushitems` TINYINT(1) NOT NULL DEFAULT '0',
-	`canwalkonenergy` TINYINT(1) NOT NULL DEFAULT '0',
-	`canwalkonpoison` TINYINT(1) NOT NULL DEFAULT '0',
-	`canwalkonfire` TINYINT(1) NOT NULL DEFAULT '0',
-	`runonhealth` TINYINT(1) NOT NULL DEFAULT '0',
-	`hostile` TINYINT(1) NOT NULL DEFAULT '0',
-	`attackable` TINYINT(1) NOT NULL DEFAULT '0',
-	`rewardboss` TINYINT(1) NOT NULL DEFAULT '0',
-	`defense` INT(11) NOT NULL DEFAULT '0',
-	`armor` INT(11) NOT NULL DEFAULT '0',
-	`canpushcreatures` TINYINT(1) NOT NULL DEFAULT '0',
 	`race` varchar(255) NOT NULL,
 	`loot` text NOT NULL,
-	`summons` TEXT NOT NULL,
+	PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+
+CREATE TABLE `myaac_videos`
+(
+	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`title` VARCHAR(100) NOT NULL DEFAULT '',
+	`youtube_id` VARCHAR(20) NOT NULL,
+	`author` VARCHAR(50) NOT NULL DEFAULT '',
+	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 
@@ -331,7 +327,6 @@ CREATE TABLE `myaac_visitors`
 	`ip` VARCHAR(45) NOT NULL,
 	`lastvisit` INT(11) NOT NULL DEFAULT 0,
 	`page` VARCHAR(2048) NOT NULL,
-	`user_agent` VARCHAR(255) NOT NULL DEFAULT '',
 	UNIQUE (`ip`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 

install/index.php

@@ -26,13 +26,13 @@ $twig = new Twig_Environment($twig_loader, array(
 ));
 
 // load installation status
-$step = $_REQUEST['step'] ?? 'welcome';
+$step = isset($_POST['step']) ? $_POST['step'] : 'welcome';
 
 $install_status = array();
 if(file_exists(CACHE . 'install.txt')) {
 	$install_status = unserialize(file_get_contents(CACHE . 'install.txt'));
 
-	if(!isset($_REQUEST['step'])) {
+	if(!isset($_POST['step'])) {
 		$step = isset($install_status['step']) ? $install_status['step'] : '';
 	}
 }
@@ -70,7 +70,7 @@ if($step == 'database') {
 
 		$key = str_replace('var_', '', $key);
 
-		if(in_array($key, array('account', 'account_id', 'password', 'password_confirm', 'email', 'player_name'))) {
+		if(in_array($key, array('account', 'account_id', 'password', 'email', 'player_name'))) {
 			continue;
 		}
 
@@ -95,6 +95,10 @@ if($step == 'database') {
 			$errors[] = $locale['step_config_mail_admin_error'];
 			break;
 		}
+		else if($key == 'mail_address' && !Validator::email($value)) {
+			$errors[] = $locale['step_config_mail_address_error'];
+			break;
+		}
 		else if($key == 'timezone' && !in_array($value, DateTimeZone::listIdentifiers())) {
 			$errors[] = $locale['step_config_timezone_error'];
 			break;
@@ -120,7 +124,6 @@ else if($step == 'admin') {
 else if($step == 'finish') {
 	$email = $_SESSION['var_email'];
 	$password = $_SESSION['var_password'];
-	$password_confirm = $_SESSION['var_password_confirm'];
 	$player_name = $_SESSION['var_player_name'];
 
 	// email check
@@ -162,9 +165,6 @@ else if($step == 'finish') {
 	else if(!Validator::password($password)) {
 		$errors[] = $locale['step_admin_password_error_format'];
 	}
-	else if($password != $password_confirm) {
-		$errors[] = $locale['step_admin_password_confirm_error_not_same'];
-	}
 
 	// player name check
 	if(empty($player_name)) {
@@ -189,14 +189,14 @@ clearstatcache();
 if(is_writable(CACHE) && (MYAAC_OS != 'WINDOWS' || win_is_writable(CACHE))) {
 	if(!file_exists(BASE . 'install/ip.txt')) {
 		$content = warning('AAC installation is disabled. To enable it make file <b>ip.txt</b> in install/ directory and put there your IP.<br/>
-		Your IP is:<br /><b>' . $_SERVER['REMOTE_ADDR'] . '</b>', true);
+		Your IP is:<br /><b>' . get_browser_real_ip() . '</b>', true);
 	}
 	else {
 		$file_content = trim(file_get_contents(BASE . 'install/ip.txt'));
 		$allow = false;
 		$listIP = preg_split('/\s+/', $file_content);
 		foreach($listIP as $ip) {
-			if($_SERVER['REMOTE_ADDR'] == $ip) {
+			if(get_browser_real_ip() == $ip) {
 				$allow = true;
 			}
 		}

install/steps/1-welcome.php

@@ -1,7 +1,7 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
-	echo '<div class="alert alert-warning"><span>' . $locale['already_installed'] . '</span></div>';
+	echo '<p class="warning">' . $locale['already_installed'] . '</p>';
 }
 else {
 	unset($_SESSION['saved']);

install/steps/3-requirements.php

@@ -2,21 +2,8 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 // configuration
-$dirs_required = [
-	'system/logs',
-	'system/cache',
-];
-$dirs_optional = [
-	GUILD_IMAGES_DIR => $locale['step_requirements_warning_images_guilds'],
-	GALLERY_DIR => $locale['step_requirements_warning_images_gallery'],
-];
-
 $extensions_required = [
-	'pdo', 'pdo_mysql', 'json', 'xml'
-];
-$extensions_optional = [
-	'gd' => $locale['step_requirements_warning_player_signatures'],
-	'zip' => $locale['step_requirements_warning_install_plugins'],
+	'pdo', 'pdo_mysql', 'xml', 'zip'
 ];
 /*
  *
@@ -27,11 +14,11 @@ $extensions_optional = [
 function version_check($name, $ok, $info = '', $warning = false)
 {
 	global $failed;
-	echo '<div class="alert alert-' . ($ok ? 'success' : ($warning ? 'warning' : 'danger')) . '">' . $name;
+	echo '<p class="' . ($ok ? 'success' : ($warning ? 'warning' : 'error')) . '">' . $name;
 	if(!empty($info))
 		echo ': <b>' . $info . '</b>';
 
-	echo '</div>';
+	echo '</p>';
 	if(!$ok && !$warning)
 		$failed = true;
 }
@@ -40,18 +27,12 @@ $failed = false;
 
 // start validating
 version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50500), PHP_VERSION);
-
-foreach ($dirs_required as $value)
+foreach(array('images/guilds', 'images/houses', 'images/gallery') as $value)
 {
-	$is_writable = is_writable(BASE . $value) && (MYAAC_OS != 'WINDOWS' || win_is_writable(BASE . $value));
+	$is_writable = is_writable(BASE . $value);
 	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $is_writable);
 }
 
-foreach ($dirs_optional as $dir => $errorMsg) {
-	$is_writable = is_writable(BASE . $dir) && (MYAAC_OS != 'WINDOWS' || win_is_writable(BASE . $dir));
-	version_check($locale['step_requirements_write_perms'] . ': ' . $dir, $is_writable, $is_writable ? '' : $errorMsg, true);
-}
-
 $ini_register_globals = ini_get_bool('register_globals');
 version_check('register_long_arrays', !$ini_register_globals, $ini_register_globals ? $locale['on'] : $locale['off']);
 
@@ -63,19 +44,12 @@ foreach ($extensions_required as $ext) {
 	version_check(str_replace('$EXTENSION$', strtoupper($ext), $locale['step_requirements_extension']) , $loaded, $loaded ? $locale['loaded'] : $locale['not_loaded']);
 }
 
-foreach ($extensions_optional as $ext => $errorMsg) {
-	$loaded = extension_loaded($ext);
-	version_check(str_replace('$EXTENSION$', strtoupper($ext), $locale['step_requirements_extension']) , $loaded, $loaded ? $locale['loaded'] : $locale['not_loaded'] . '. ' . $errorMsg, true);
-}
 
-echo '<div class="text-center m-3">';
-
-if($failed) {
-	echo '<div class="alert alert-warning"><span>' . $locale['step_requirements_failed'] . '</span></div>';
+if($failed)
+{
+	echo '<br/><b>' . $locale['step_requirements_failed'];
 	echo next_form(true, false);
-}else {
-	echo next_form(true, true);
 }
-
-echo '</div>';
+else
+	echo next_form(true, true);
 ?>

install/steps/5-database.php

@@ -21,6 +21,8 @@ if(!$error) {
 	// user can disable when he wants
 	$content .= '$config[\'env\'] = \'prod\'; // dev or prod';
 	$content .= PHP_EOL;
+	$content .= '$config[\'mail_enabled\'] = true;';
+	$content .= PHP_EOL;
 	foreach($_SESSION as $key => $value)
 	{
 		if(strpos($key, 'var_') !== false)
@@ -84,6 +86,11 @@ if(!$error) {
 					$error = true;
 				}
 
+				if(!Validator::email($_SESSION['var_mail_address'])) {
+					error($locale['step_config_mail_address_error']);
+					$error = true;
+				}
+
 				$content .= '$config[\'session_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
 				$content .= PHP_EOL;
 				$content .= '$config[\'cache_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
@@ -113,10 +120,8 @@ if(!$error) {
 }
 ?>
 
-<div class="text-center m-3">
 <form action="<?php echo BASE_URL; ?>install/" method="post">
 	<input type="hidden" name="step" id="step" value="admin" />
 	<?php echo next_buttons(true, !$error);
 	?>
 </form>
-</div>

install/steps/7-finish.php

@@ -8,14 +8,15 @@ if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['save
 else {
 	require SYSTEM . 'init.php';
 	if(!$error) {
-		if(USE_ACCOUNT_NAME || USE_ACCOUNT_NUMBER)
+		if(USE_ACCOUNT_NAME)
 			$account = isset($_SESSION['var_account']) ? $_SESSION['var_account'] : null;
 		else
 			$account_id = isset($_SESSION['var_account_id']) ? $_SESSION['var_account_id'] : null;
 
 		$password = $_SESSION['var_password'];
 
-		if(USE_ACCOUNT_SALT)
+		$config_salt_enabled = $db->hasColumn('accounts', 'salt');
+		if($config_salt_enabled)
 		{
 			$salt = generateRandomString(10, false, true, true);
 			$password = $salt . $password;
@@ -73,11 +74,13 @@ else {
 			$account_used = &$new_account;
 		}
 
-		if(USE_ACCOUNT_SALT)
+		if($config_salt_enabled)
 			$account_used->setCustomField('salt', $salt);
 
 		$account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
 		$account_used->setCustomField('country', 'us');
+		$account_used->setCustomField('email_verified', 1);
+
 		if($db->hasColumn('accounts', 'group_id'))
 			$account_used->setCustomField('group_id', $groups->getHighestId());
 		if($db->hasColumn('accounts', 'type'))
@@ -122,7 +125,6 @@ else {
 		));
 
 		if(!isset($_SESSION['installed'])) {
-			if (!array_key_exists('CI', getenv())) {
 			$report_url = 'https://my-aac.org/report_install.php?v=' . MYAAC_VERSION . '&b=' . urlencode(BASE_URL);
 			if (function_exists('curl_version'))
 			{
@@ -135,8 +137,6 @@ else {
 			else if (ini_get('allow_url_fopen') ) {
 				file_get_contents($report_url);
 			}
-			}
-
 			$_SESSION['installed'] = true;
 		}
 

install/template/style.css

@@ -1,13 +1,299 @@
-@import url('https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400&display=swap');
-
+* {
+	margin: 0; padding: 0;
+}
 body {
-    font-family: 'Roboto', sans-serif;
+	text-align: center;
+	font: 12px Verdana;
+	color: #000000;
+	background-color: #000000;
+}
+img {
+	border: 0;
 }
 
-h1{
-    font-weight: 100 !important;
+.break {
+	font-size: 0;
+	width: 0; height: 0;
+	clear: both;
+}
+.alignleft {
+	float: left;
+	margin: 4px 10px 5px 0;
+}
+.alignright {
+	float: right;
+	margin: 4px 0 5px 10px;
+}
+.aligncenter {
+	text-align: center;
 }
 
-h3 {
-    font-weight: 300 !important;
+/** BEGIN wrapper **/
+#wrapper {
+	background: #ffffff url(images/background.jpg) repeat-x 0 0;
+	width: 980px;
+}
+
+#header {
+	margin-bottom: 10px;
+	border-bottom: 1px solid #eee;
+	padding-bottom: 15px;
+}
+
+#footer {
+	padding-top: 15px;
+	border-top: 1px solid #eee;
+	margin-top: 10px;
+	text-align: right;
+	color: #555;
+}
+
+#header h1 {
+	font-weight: bold;
+	margin: 0;
+	padding: 0;
+}
+
+#header span {
+	font-size: 25px;
+	color: #000;
+	font-weight: bold;
+	padding-left: 40px;
+	line-height: 80px;
+}
+
+#version {
+	float: right;
+	color: #000;
+	font-size: 17px;
+	padding-top: 25px;
+	padding-right: 5px;
+}
+
+/** BEGIN body **/
+#body {
+	background: url(images/wrapper.gif) repeat-y 0 0;
+}
+/** END body **/
+
+/** BEGIN content **/
+#content {
+	width: 642px;
+	float: left;
+	padding: 20px 18px 20px 20px;
+	color: #434242;
+}
+
+	/** begin headers **/
+	h1, h2, h3, h4, h5, h6 {
+		font-family: Tahoma;
+		margin-bottom: 10px;
+	}
+	h2, h3, h4, h5, h6 {
+		margin-top: 30px;
+	}
+	h1 { font-size: 2em; }
+	h2 { font-size: 1.6em; }
+	h3 { font-size: 1.3em; }
+	h4, h5, h6 { font-size: 1em; }
+	/** end headers **/
+	
+	/** begin messages **/
+	.error, .success, .note, .warning {
+		font-weight: bold;
+		font-size: 0.9em;
+		padding: 4px 10px 4px 24px;
+		background-repeat: no-repeat;
+		background-position: 5px 6px;
+		border-style: solid;
+		border-width: 1px;
+		line-height: 1.6em;
+		margin-bottom: 10px;
+	}
+	.error {
+		background-color: #FDD9D9;
+		background-image: url(images/error.gif);
+		border-color: #FBA3A3;
+		color: #D80303;
+	}
+	.success {
+		background-color: #E4FCD9;
+		background-image: url(images/success.gif);
+		border-color: #BFFDA3;
+		color: #35A502;
+	}
+	.note {
+		background-color: #DDEAFA;
+		background-image: url(images/note.gif);
+		border-color: #A3D8FD;
+		color: #026DA5;
+	}
+	.warning {
+		background-color: #FBF0B3;
+		background-image: url(images/warning.gif);
+		border-color: #FBBB95;
+		color: #FD6002;
+	}
+	/** end messages **/
+	
+	/** begin form **/
+	form {
+		border: 1px solid #DDDDDD;
+		padding: 16px;
+	}
+		form .input {
+			padding-top: 12px;
+			clear: both;
+		}
+		form .first { 
+			padding-top: 0;
+		}
+		form .input p {
+			margin-bottom: 7px !important;
+		}
+		form input {
+			margin-right: 5px;
+		}
+		form label {
+			margin-right: 10px;
+			color: #8B8B8B;
+		}
+		form input.text, form textarea {
+			border: 1px solid #BEBDBD;
+			font-size: 1em;
+			font-family: Verdana;
+			background-color: #F3F3F3;
+			color: #808080;
+			padding: 2px;
+			max-width: 100%;
+		}
+		.positive, .negative {
+			font-size: 0.9em;
+			font-weight: bold;
+			padding: 1px 0 0 20px;
+			background-repeat: no-repeat;
+			background-position: 0 0;
+			display: inline;
+			margin-top: 2px;
+		}
+		.positive {
+			background-image: url(images/positive.gif);
+			color: #35A502;
+		}
+		.negative {
+			background-image: url(images/negative.gif);
+			color: #D80303;
+		}
+		form textarea {
+			line-height: 1.6em;
+		}
+		form button, form input.button {
+			font-size: 0.9em;
+			font-family: Verdana;
+			font-weight: bold;
+			color: #ffffff;
+			background: #B6B4B4 url(images/button.gif) repeat-x 0 0;
+			border: 1px solid #B6B4B4;
+			padding: 5px 10px;
+		}
+	/** end form **/
+	
+	/** begin table **/
+	table {
+		
+	}
+		table th {
+			font-size: 0.9em;
+			color: #ffffff;
+			background-color: #679BC5;
+			padding: 2px 4px;
+			line-height: 1.6em;
+		}
+		table td {
+			line-height: 1.6em;
+			padding: 2px 4px;
+		}
+		table tr.odd td { background-color: #EEEEEE; }
+		table tr.even td { background-color: #E5E5E5; }
+		
+	/** end table **/
+	
+	/** begin paragraphs, lists, etc. **/
+	#content p {
+		line-height: 1.6em;
+		margin-bottom: 10px;
+	}
+	#content ul, #content ol {
+		list-style-position: inside;
+	}
+	#content li {
+		line-height: 1.6em;
+		padding: 2px 0 2px 0;
+	}
+	a {
+		color: #679BC5;
+	}
+	a:hover {
+		color: #ff0000;
+		text-decoration: none;
+	}
+	blockquote {
+		padding: 10px;
+		background-color: #eeeeee;
+		line-height: 1.6em;
+		border-width: 2px 0 1px;
+		border-style: solid;
+		border-color: #e0e0e0;
+	}
+	/** end paragraphs, lists, etc. **/
+
+/** END content **/
+
+/** BEGIN sidebar **/
+#sidebar {
+	width: 300px;
+	float: right;
+	padding: 10px 0;
+}
+	#sidebar h2 {
+		background: green url(images/sidehead.gif) no-repeat 0 0;
+		margin: 0 10px;
+		font-size: 1em;
+		color: #ffffff;
+		padding: 7px 10px;
+	}
+	#sidebar ul {
+		list-style-type: none;
+		background: #E0E0E0 url(images/sidebody.gif) no-repeat 0 bottom;
+		padding: 10px;
+		margin: 0 10px 10px;
+	}
+	#sidebar ul li {
+		padding: 4px 0 4px 14px;
+		background: none;
+		line-height: 1.6em;
+		font-size: 0.9em;
+		font-weight: bold;
+	}
+	#sidebar ul li a {
+		color: #000000;
+		text-decoration: none;
+	}
+	#sidebar ul li a:hover {
+		text-decoration: none;
+		color: #ff0000;
+	}
+	
+	#sidebar ul li a:active {
+		text-decoration: none;
+		color: #ff0000;
+	}
+	
+	#sidebar ul li current {
+		text-decoration: none;
+		color: #ff0000;
+	}
+	.current {
+		text-decoration: none;
+		color: #ff0000;
 	}

install/template/template.php

@@ -1,74 +1,49 @@
-<!DOCTYPE html>
-<html dir="<?php echo $locale['direction']; ?>" lang="<?php echo $locale['lang']; ?>" xml:lang="<?php echo $locale['lang']; ?>">
+<?php defined('MYAAC') or die('Direct access not allowed!'); ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" dir="<?php echo $locale['direction']; ?>" lang="<?php echo $locale['lang']; ?>" xml:lang="<?php echo $locale['lang']; ?>">
 <head>
 	<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $locale['encoding']; ?>" />
-	<meta name="viewport" content="width=device-width, initial-scale=1">
 	<title>MyAAC - <?php echo $locale['installation']; ?></title>
-	<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-rbsA2VBKQhggwzxH7pPCaAqO46MgnOM80zW1RWuH61DGLwZJEdK2Kadq2F9CUG65" crossorigin="anonymous">
 	<link rel="stylesheet" type="text/css" href="template/style.css" />
 	<script type="text/javascript" src="<?php echo BASE_URL; ?>tools/js/jquery.min.js"></script>
 </head>
 <body>
-
-	<div id="body" class="container">
-
-		<header id="header" class="pt-5 pb-4 pb-sm-5">
+	<div id="wrapper">
+		<!--div class="buffer"-->
+			<div id="header">
 				<h1>MyAAC <?php echo $locale['installation']; ?></h1>
-		</header>
+			</div>
 
-		<div class="row">
+			<div id="body">
 
-			<div id="sidebar" class="col-md-3">
-				<h3><?php echo $locale['steps']; ?></h3>
-				<ul class="list-group mt-4">
+				<div id="sidebar">
+					<h2><?php echo $locale['steps']; ?></h2>
+					<ul>
 						<?php
 							$i = 0;
-						foreach($steps as $key => $value){
-
-							if ($step == $value) {
-								$progress = ($i == 6) ? 100 : $i * 16;
-							}
-
-							echo '<li class="list-group-item' . ($step == $value ? ' active' : '') . '">' . ++$i . '. ' . $locale['step_' . $value] . '</li>';
-						}
-
+							foreach($steps as $key => $value)
+								echo '<li' . ($step == $value ? ' class="current"' : '') . '>' . ++$i . '. ' . $locale['step_' . $value] . '</li>';
 						?>
 					</ul>
 				</div>
 
-			<div id="content" class="col-md-9">
-
+				<div id="content">
 					<?php
 						if(isset($locale['step_' . $step . '_title']))
-						echo '<h3 class="mb-4 mt-4 mt-md-0">' . $locale['step_' . $step . '_title'] . '</h3>';
+							echo '<h1>' . $locale['step_' . $step . '_title'] . '</h1>';
 						else
-						echo '<h3 class="mb-4 mt-4 mt-md-0">' . $locale['step_' . $step] . '</h3>';
+							echo '<h1>' . $locale['step_' . $step] . '</h1>';
+						echo $content;
 					?>
-
-				<?php
-				if(!isset($config['installed'])):
-				?>
-				<div class="row">
-					<div class="col-md-12">
-						<div class="progress mb-2">
-							<div class="progress-bar progress-bar-striped progress-bar-animated" style="width: <?php echo $progress; ?>%" role="progressbar" aria-valuenow="<?php echo $progress; ?>" aria-valuemin="0" aria-valuemax="100"></div>
-						</div>
-					</div>
-				</div>
-				<?php endif; ?>
-
-				<?php echo $content; ?>
-
 				</div>
 
+				<div class="break"></div>
+			</div>
+		<!--/div-->
 	</div>
 
-		<hr />
-
-	</div>
-
-	<footer id="footer" class="p-4">
+	<div id="footer">
 		<p style="text-align: center;"><?php echo base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4='); ?></p>
-	</footer>
+	</div>
 </body>
 </html>

install/tools/5-database.php

@@ -11,8 +11,10 @@ $error = false;
 require BASE . 'install/includes/config.php';
 
 ini_set('max_execution_time', 300);
+
+@ob_end_flush();
 ob_implicit_flush();
-ob_end_flush();
+
 header('X-Accel-Buffering: no');
 
 if(!$error) {
@@ -56,7 +58,7 @@ else {
 }
 
 if(!$db->hasColumn('accounts', 'created')) {
-	if(query("ALTER TABLE `accounts` ADD `created` INT(11) NOT NULL DEFAULT 0 AFTER `" . ($db->hasColumn('accounts', 'group_id') ? 'group_id' : 'key') . "`;"))
+	if(query("ALTER TABLE `accounts` ADD `created` INT(11) NOT NULL DEFAULT 0 AFTER `" . ($db->hasColumn('accounts', 'group_id') ? 'group_id' : 'email') . "`;"))
 		success($locale['step_database_adding_field'] . ' accounts.created...');
 }
 

install/tools/7-finish.php

@@ -8,8 +8,10 @@ require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 
 ini_set('max_execution_time', 300);
+
+@ob_end_flush();
 ob_implicit_flush();
-ob_end_flush();
+
 header('X-Accel-Buffering: no');
 
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
@@ -45,9 +47,38 @@ if($success) {
 	success($locale['step_database_imported_players']);
 }
 
-require LIBS . 'DataLoader.php';
-DataLoader::setLocale($locale);
-DataLoader::load();
+require LIBS . 'items.php';
+if(Items::loadFromXML())
+	success($locale['step_database_loaded_items']);
+else
+	error(Items::getError());
+
+require LIBS . 'weapons.php';
+if(Weapons::loadFromXML())
+	success($locale['step_database_loaded_weapons']);
+else
+	error(Weapons::getError());
+
+require LIBS . 'creatures.php';
+if(Creatures::loadFromXML()) {
+	success($locale['step_database_loaded_monsters']);
+
+	if(Creatures::getMonstersList()->hasErrors()) {
+		$locale['step_database_error_monsters'] = str_replace('$LOG$', 'system/logs/error.log', $locale['step_database_error_monsters']);
+		warning($locale['step_database_error_monsters']);
+	}
+}
+else {
+	error(Creatures::getLastError());
+}
+
+require LIBS . 'spells.php';
+if(Spells::loadFromXML()) {
+	success($locale['step_database_loaded_spells']);
+}
+else {
+	error(Spells::getLastError());
+}
 
 // update config.highscores_ids_hidden
 require_once SYSTEM . 'migrations/20.php';

install/tools/installer.js

@@ -29,9 +29,8 @@ function performInstall(url) {
 		}
 	});
 	// On completed
-	ajaxRequest.done(function(/*data*/) {
+	ajaxRequest.done(function(data) {
 		$('#spinner').hide();
-		$('#reload_button').show();
 	});
 	// On failed
 	ajaxRequest.fail(function(error){

login.php

@@ -127,7 +127,8 @@ switch ($action) {
 			$account->find($inputAccountName);
 		}
 
-		$current_password = encrypt((USE_ACCOUNT_SALT ? $account->getCustomField('salt') : '') . $request->password);
+		$config_salt_enabled = fieldExist('salt', 'accounts');
+		$current_password = encrypt(($config_salt_enabled ? $account->getCustomField('salt') : '') . $request->password);
 
 		if (!$account->isLoaded() || $account->getPassword() != $current_password) {
 			sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');

nginx-sample.conf

@@ -10,22 +10,21 @@ server {
 	# this is very important, be sure its in your nginx conf - it prevents access to logs etc.
 	location ~ /system {
 		deny all;
-		return 404;
 	}
 
-	# block .htaccess
-	location ~ /\.ht {
+	# block .htaccess, CHANGELOG.md, composer.json etc.
+	# this is to prevent finding software versions
+	location ~\.(ht|md|json|dist)$ {
 		deny all;
 	}
 
 	# block git files and folders
 	location ~ /\.git {
-		return 404;
 		deny all;
 	}
 
 	location / {
-		try_files $uri $uri/ /index.php;
+		try_files $uri $uri/ /index.php?$query_string;;
 	}
 
 	location ~ \.php$ {

package.json

@@ -1,8 +0,0 @@
-{
-  "scripts": {
-    "cypress:open": "cypress open"
-  },
-  "devDependencies": {
-    "cypress": "^12.12.0"
-  }
-}

plugins/account-create-hint/hint.html.twig

@@ -1,3 +1,3 @@
 To play on {{ config.lua.serverName }} you need an account.
-All you have to do to create your new account is to enter an account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %}, password{% if config.account_country %}, country{% endif %} and your email address.
+All you have to do to create your new account is to enter an account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %}, password{% if config.recaptcha_enabled %}, confirm reCAPTCHA{% endif %}{% if config.account_country %}, country{% endif %} and your email address.
 Also you have to agree to the terms presented below. If you have done so, your account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %} will be shown on the following page and your account password will be sent to your email address along with further instructions. If you do not receive the email with your password, please check your spam filter.<br/><br/>