Update phpstan.neon

Release Candidate.

.github/workflows/phpstan.yml

@@ -36,9 +36,8 @@ jobs:
         with:
           path: ${{ steps.composer-cache.outputs.dir }}
           # Use composer.json for key, if composer.lock is not committed.
-          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
-          #key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
-          restore-keys: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
 
       - name: "Install composer dependencies"
         run: "composer install"

.gitignore

@@ -7,7 +7,6 @@ Thumbs.db
 
 # composer
 composer.phar
-composer.lock
 vendor
 
 # npm

CHANGELOG.md

@@ -1,6 +1,36 @@
 # Changelog
 
-## [1.0-beta - 02.02.2024]
+## [1.0-RC -23.07.2024]
+
+Changes since 1.0-beta:
+
+### Added
+* Feat: Hooks priority (https://github.com/slawkens/myaac/commit/dc17b701da053e04bfa64e21be9247a4f07505e1)
+* Make autoload of pages, commands and themes configurable (https://github.com/slawkens/myaac/commit/c1d4b4f80cd6bb85507ee9471e47013955a26a91)
+* Fraggers in characters page for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/42f99c3edc8de39cccc5632cb42e88b24579c5a6)
+* New hooks: HOOK_INSTALL_FINISH, HOOK_ACCOUNT_CREATE_CHARACTER_* (https://github.com/slawkens/myaac/commit/08ac8ebade106521a5c7396faa5ce7006e629f7c, https://github.com/slawkens/myaac/commit/45dda5e834ff2059faea6ef9be2efa76f1723cbd)
+
+### Changed
+* Allow account_create_character_create even if account_mail_verify is activated (https://github.com/slawkens/myaac/commit/203e411b626fe62401a4b74a48420769e512aa39)
+* Create guild_rank entries, in case MySQL trigger not loaded (https://github.com/slawkens/myaac/commit/d9c1b2507c81f306970642b35e4bf5f7cc04a6f2, https://github.com/slawkens/myaac/commit/47a19e85dd84e9f3b39a1b29cfc2c04b004832b9)
+* Set Admin Account verified by default (https://github.com/slawkens/myaac/commit/cd49dfc79942f3301ce9c0b8d899b9f39bda9a41)
+* Refactor account routes into sub folders (https://github.com/slawkens/myaac/commit/bdc0c43d3fd3a51030c3e916bdb9f008468f5ecd)
+* Order towns by id (https://github.com/slawkens/myaac/commit/9ea2a5067fc4b75de395f381577b18914132ad84)
+* Do not create news about myaac, if any news already exist (on installation (https://github.com/slawkens/myaac/commit/504242fb846b73b56b87bc1e39d070687ad7f5b4)
+
+### Fixed
+* Not working google recaptcha plugin (https://github.com/slawkens/myaac/commit/a1bcb217ecf4e21fd58da4ba491da1852029898a)
+* Not working account create if account_country is disabled (https://github.com/slawkens/myaac/commit/933b681a9fcdbb6283e0469b3806d2ded492d232)
+* Account verify - do not allow login without verified email (Thanks @anyeor, https://github.com/slawkens/myaac/commit/fcb13f3c0fb8ceafda0bd614a229a26a269432bd)
+* Detect tools/ext exists on install to prevent broken installs (https://github.com/slawkens/myaac/commit/10a739773c4f2911876bc802a0ee0537c3e00a92)
+* Cache reloading each time page refreshes (https://github.com/slawkens/myaac/commit/ec96985872057340112f65073efc0c4bf86dddb0)
+* Highscores frags for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/a04d186c22912915f0a7873dfe677ef3b5a23c79)
+* Monsters page: monster not found exception (https://github.com/slawkens/myaac/commit/ef79b99b8acc179f14b8475547347d9daca27512)
+* Fixed bug if \<flags\> are not present in monster.xml (https://github.com/slawkens/myaac/commit/57b47ab7983f625c7c0ef4f5303a4d07ef172786)
+* fastRoute duplicate errors (https://github.com/slawkens/myaac/commit/4c0739d3e93812dff0c33849ea3f38e4e49113ac)
+* useGuildNick displaying (https://github.com/slawkens/myaac/commit/0db0ec1aa47e044c26bc403ff5078a2115d086f8)
+
+## [1.0-beta - 18.05.2024]
 
 Minimum PHP version for this release is 8.1.
 
@@ -22,7 +52,7 @@ Minimum PHP version for this release is 8.1.
   * list of open source libraries used in project page
 * auto-loading of themes, commands & pages from plugins/ folder. You need just to place them in correct folder and they will be loaded automatically - this allows better customization, without interfering with core AAC folders. This will allow in the future automatic updates for plugins as well the AAC as whole.
 * config.php moved to Admin Panel -> Settings page
-* new console script: aac (comes from MyAAC) - using symfony/console
+* new console script: aac - using symfony/console
   * usage: `php aac` (will list all commands by default)
   * example: `php aac cache:clear`
   * example: `php aac plugin:install theme-example.zip`
@@ -46,7 +76,7 @@ Minimum PHP version for this release is 8.1.
 * phpdebug bar (http://phpdebugbar.com/). Activated if env == 'dev', can be also activated in production by enabling "enable_debugbar" in local config
 
 ### Changed
-* Composer is now used for external libraries like: Twig, PHPMailer, fast-route etc.
+* Composer and NPM is now used for external libraries like: Twig, PHPMailer, fast-route, jQuery, Bootstrap etc.
 * mail support is disabled on fresh install, can be manually enabled by user
 * disable add php pages in admin panel for security. Option to disable plugins upload
 * visitors counter shows now user browser, and also if its bot

admin/pages/accounts.php

@@ -404,6 +404,7 @@ else if (isset($_REQUEST['search'])) {
 											   autocomplete="off" maxlength="20"
 											   value="<?php echo $account->getLocation(); ?>"/>
 									</div>
+									<?php if(setting('core.account_country')): ?>
 									<div class="col-12 col-sm-12 col-lg-4">
 										<label for="rl_country">Country:</label>
 										<select name="rl_country" id="rl_country" class="form-control">
@@ -412,6 +413,7 @@ else if (isset($_REQUEST['search'])) {
 											<?php endforeach; ?>
 										</select>
 									</div>
+									<?php endif; ?>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">

admin/pages/players.php

@@ -202,7 +202,7 @@ else if (isset($_REQUEST['search'])) {
 
 			if ($hasBlessingsColumn) {
 				$blessings = $_POST['blessings'];
-				verify_number($blessings, 'Blessings', 2);
+				verify_number($blessings, 'Blessings', 3);
 			}
 
 			$balance = $_POST['balance'];
@@ -274,7 +274,7 @@ else if (isset($_REQUEST['search'])) {
 					$player->setLossContainers($loss_containers);
 					$player->setLossItems($loss_items);
 				}
-				if ($db->hasColumn('players', 'blessings'))
+				if ($hasBlessingsColumn)
 					$player->setBlessings($blessings);
 
 				if ($hasBlessingColumn) {

admin/pages/settings.php

@@ -48,7 +48,7 @@ if (!is_array($settingsFile)) {
 
 $settingsKeyName = ($plugin == 'core' ? $plugin : $settingsFile['key']);
 
-$title = ($plugin == 'core' ? 'Settings' : 'Plugin Settings - ' . $plugin);
+$title = ($plugin == 'core' ? 'Settings' : 'Plugin Settings - ' . $settingsFile['name']);
 
 $settingsParsed = Settings::display($settingsKeyName, $settingsFile['settings']);
 

common.php

@@ -20,13 +20,13 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
+ * @copyright 2024 MyAAC
  * @link      https://my-aac.org
  */
 if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
 
 const MYAAC = true;
-const MYAAC_VERSION = '1.0-beta';
+const MYAAC_VERSION = '1.0-RC';
 const DATABASE_VERSION = 40;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
@@ -156,7 +156,7 @@ if (file_exists(BASE . 'config.local.php')) {
 
 /** @var array $config */
 ini_set('log_errors', 1);
-if(@$config['env'] === 'dev') {
+if(@$config['env'] === 'dev' || defined('MYAAC_INSTALL')) {
 	ini_set('display_errors', 1);
 	ini_set('display_startup_errors', 1);
 	error_reporting(E_ALL);

composer.json

@@ -15,11 +15,12 @@
         "illuminate/database": "^10.18",
         "peppeocchi/php-cron-scheduler": "4.*",
         "symfony/console": "^6.4",
-        "symfony/string": "^6.4"
+        "symfony/string": "^6.4",
+        "symfony/var-dumper": "^6.4",
+        "filp/whoops": "^2.15",
+        "maximebf/debugbar": "dev-master"
     },
     "require-dev": {
-        "filp/whoops": "^2.15",
-        "maximebf/debugbar": "dev-master",
         "phpstan/phpstan": "^1.10"
     },
     "autoload": {

cypress/e2e/1-install.cy.js

@@ -67,7 +67,7 @@ describe('Install MyAAC', () => {
 
 		cy.get('form').submit()
 
-		cy.contains('[class="alert alert-success"]', 'Congratulations', { timeout: 30000 }).should('be.visible')
+		cy.contains('[class="alert alert-success"]', 'Congratulations', { timeout: 60000 }).should('be.visible')
 
 		cy.wait(2000);
 

install/index.php

@@ -3,9 +3,9 @@
 use Twig\Environment as Twig_Environment;
 use Twig\Loader\FilesystemLoader as Twig_FilesystemLoader;
 
-require '../common.php';
+const MYAAC_INSTALL = true;
 
-define('MYAAC_INSTALL', true);
+require '../common.php';
 
 // includes
 require SYSTEM . 'functions.php';

install/steps/3-requirements.php

@@ -2,10 +2,15 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 // configuration
-$dirs_required = [
+$dirs_required_writable = [
 	'system/logs',
 	'system/cache',
 ];
+
+$dirs_required = [
+	'tools/ext' => $locale['step_requirements_folder_not_exists_tools_ext'],
+];
+
 $dirs_optional = [
 	GUILD_IMAGES_DIR => $locale['step_requirements_warning_images_guilds'],
 	GALLERY_DIR => $locale['step_requirements_warning_images_gallery'],
@@ -18,6 +23,7 @@ $extensions_optional = [
 	'gd' => $locale['step_requirements_warning_player_signatures'],
 	'zip' => $locale['step_requirements_warning_install_plugins'],
 ];
+
 /*
  *
  * @param string $name
@@ -41,7 +47,7 @@ $failed = false;
 // start validating
 version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50500), PHP_VERSION);
 
-foreach ($dirs_required as $value)
+foreach ($dirs_required_writable as $value)
 {
 	$is_writable = is_writable(BASE . $value) && (MYAAC_OS != 'WINDOWS' || win_is_writable(BASE . $value));
 	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $is_writable);
@@ -52,6 +58,12 @@ foreach ($dirs_optional as $dir => $errorMsg) {
 	version_check($locale['step_requirements_write_perms'] . ': ' . $dir, $is_writable, $is_writable ? '' : $errorMsg, true);
 }
 
+foreach ($dirs_required as $dir => $errorMsg)
+{
+	$exists = is_dir(BASE . $dir);
+	version_check($locale['step_requirements_folder_exists'] . ': ' . $dir, $exists, $exists ? '' : $errorMsg);
+}
+
 $ini_register_globals = ini_get_bool('register_globals');
 version_check('register_long_arrays', !$ini_register_globals, $ini_register_globals ? $locale['on'] : $locale['off']);
 
@@ -78,4 +90,3 @@ if($failed) {
 }
 
 echo '</div>';
-?>

install/steps/5-database.php

@@ -41,14 +41,19 @@ if(!$error) {
 	$configToSave['cache_engine'] = 'auto';
 	$configToSave['cache_prefix'] = 'myaac_' . generateRandomString(8, true, false, true);
 
+	if(!$error) {
+		$content = '';
+		$saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content);
+		if ($saved) {
+			success($locale['step_database_config_saved']);
+			$_SESSION['saved'] = true;
+
+			require BASE . 'config.local.php';
 			require BASE . 'install/includes/config.php';
 
 			if (!$error) {
 				require BASE . 'install/includes/database.php';
 
-		$locale['step_database_importing'] = str_replace('$DATABASE_NAME$', config('database_name'), $locale['step_database_importing']);
-		success($locale['step_database_importing']);
-
 				if (isset($database_error)) { // we failed connect to the database
 					error($database_error);
 				}
@@ -76,14 +81,10 @@ if(!$error) {
 							'url' => 'tools/5-database.php',
 							'message' => $locale['loading_spinner']
 						));
-
-				$content = '';
-				$saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content);
-				if($saved) {
-					success($locale['step_database_config_saved']);
-					$_SESSION['saved'] = true;
 					}
-				else {
+				}
+			}
+		} else {
 			$_SESSION['config_content'] = $content;
 			unset($_SESSION['saved']);
 
@@ -93,8 +94,6 @@ if(!$error) {
 		}
 	}
 }
-	}
-}
 ?>
 
 <div class="text-center m-3">

install/steps/7-finish.php

@@ -1,5 +1,7 @@
 <?php
 
+use MyAAC\Cache\Cache;
+use MyAAC\Models\News;
 use MyAAC\Settings;
 
 defined('MYAAC') or die('Direct access not allowed!');
@@ -7,14 +9,24 @@ defined('MYAAC') or die('Direct access not allowed!');
 ini_set('max_execution_time', 300);
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
+	return;
 }
-else {
+
+$cache = Cache::getInstance();
+if ($cache->enabled()) {
+	// clear plugin_hooks to have fresh hooks
+	$cache->delete('plugins_hooks');
+}
+
 require SYSTEM . 'init.php';
-	if(!$error) {
+if($error) {
+	return;
+}
+
 if(USE_ACCOUNT_NAME || USE_ACCOUNT_NUMBER)
-			$account = isset($_SESSION['var_account']) ? $_SESSION['var_account'] : null;
+	$account = $_SESSION['var_account'] ?? null;
 else
-			$account_id = isset($_SESSION['var_account_id']) ? $_SESSION['var_account_id'] : null;
+	$account_id = $_SESSION['var_account_id'] ?? null;
 
 $password = $_SESSION['var_password'];
 
@@ -81,6 +93,8 @@ else {
 
 $account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
 $account_used->setCustomField('country', 'us');
+$account_used->setCustomField('email_verified', 1);
+
 if($db->hasColumn('accounts', 'group_id'))
 	$account_used->setCustomField('group_id', $groups->getHighestId());
 if($db->hasColumn('accounts', 'type'))
@@ -104,20 +118,37 @@ else {
 	$player->save();
 }
 
+if(!News::all()->count()) {
 	$player_id = 0;
-		$query = $db->query("SELECT `id` FROM `players` WHERE `name` = " . $db->quote($player_name) . ";");
-		if($query->rowCount() == 1) {
-			$query = $query->fetch();
-			$player_id = $query['id'];
+	$tmpNewsPlayer = \MyAAC\Models\Player::where('name', $player_name)->first();
+	if($tmpNewsPlayer) {
+		$player_id = $tmpNewsPlayer->id;
 	}
 
-		$query = $db->query("SELECT `id` FROM `" . TABLE_PREFIX ."news` WHERE `title` LIKE 'Hello!';");
-		if($query->rowCount() == 0) {
-			if(query("INSERT INTO `" . TABLE_PREFIX ."news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hide`) VALUES (NULL, '1', UNIX_TIMESTAMP(), '2', 'Hello!', 'MyAAC is just READY to use!', " . $player_id . ", 'https://my-aac.org', '0');
-	INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hide`) VALUES (NULL, '2', UNIX_TIMESTAMP(), '4', 'Hello tickets!', 'https://my-aac.org', " . $player_id . ", '', '0');")) {
+	News::create([
+		'type' => 1,
+		'date' => time(),
+		'category' => 2,
+		'title' => 'Hello!',
+		'body' => 'MyAAC is just READY to use!',
+		'player_id' => $player_id,
+		'comments' => 'https://my-aac.org',
+		'hide' => 0,
+	]);
+
+	News::create([
+		'type' => 2,
+		'date' => time(),
+		'category' => 4,
+		'title' => 'Hello tickers!',
+		'body' => 'https://my-aac.org',
+		'player_id' => $player_id,
+		'comments' => '',
+		'hide' => 0,
+	]);
+
 	success($locale['step_database_created_news']);
 }
-		}
 
 $settings = Settings::getInstance();
 foreach($_SESSION as $key => $value) {
@@ -168,5 +199,5 @@ else {
 if(file_exists(CACHE . 'install.txt')) {
 	unlink(CACHE . 'install.txt');
 }
-	}
-}
+
+$hooks->trigger(HOOK_INSTALL_FINISH_END);

install/tools/5-database.php

@@ -32,6 +32,9 @@ if($db->hasTable(TABLE_PREFIX . 'account_actions')) {
 else {
 	// import schema
 	try {
+		$locale['step_database_importing'] = str_replace('$DATABASE_NAME$', config('database_name'), $locale['step_database_importing']);
+		success($locale['step_database_importing']);
+
 		$db->query(file_get_contents(BASE . 'install/includes/schema.sql'));
 
 		$locale['step_database_success_schema'] = str_replace('$PREFIX$', TABLE_PREFIX, $locale['step_database_success_schema']);
@@ -138,6 +141,7 @@ if(!$db->hasColumn('accounts', 'premium_points')) {
 		success($locale['step_database_adding_field'] . ' accounts.premium_points...');
 }
 
+if ($db->hasTable('guilds')) {
 	if ($db->hasColumn('guilds', 'checkdata')) {
 		if (query("ALTER TABLE `guilds` MODIFY `checkdata` INT NOT NULL DEFAULT 0;"))
 			success($locale['step_database_modifying_field'] . ' guilds.checkdata...');
@@ -146,8 +150,7 @@ if($db->hasColumn('guilds', 'checkdata')) {
 	if (!$db->hasColumn('guilds', 'motd')) {
 		if (query("ALTER TABLE `guilds` ADD `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
 			success($locale['step_database_adding_field'] . ' guilds.motd...');
-}
-else {
+	} else {
 		if (query("ALTER TABLE `guilds` MODIFY `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
 			success($locale['step_database_modifying_field'] . ' guilds.motd...');
 	}
@@ -163,12 +166,13 @@ if($db->hasColumn('guilds', 'logo_gfx_name')) {
 			$tmp = str_replace('$FIELD_NEW$', 'guilds.logo_name', $tmp);
 			success($tmp);
 		}
-}
-else if(!$db->hasColumn('guilds', 'logo_name')) {
+	} else if (!$db->hasColumn('guilds', 'logo_name')) {
 		if (query("ALTER TABLE `guilds` ADD `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';"))
 			success($locale['step_database_adding_field'] . ' guilds.logo_name...');
 	}
+}
 
+if ($db->hasTable('players')) {
 	if (!$db->hasColumn('players', 'created')) {
 		if (query("ALTER TABLE `players` ADD `created` INT(11) NOT NULL DEFAULT 0;"))
 			success($locale['step_database_adding_field'] . ' players.created...');
@@ -187,8 +191,7 @@ if($db->hasColumn('players', 'hide_char')) {
 				success($tmp);
 			}
 		}
-}
-else if(!$db->hasColumn('players', 'hide')) {
+	} else if (!$db->hasColumn('players', 'hide')) {
 		if (query("ALTER TABLE `players` ADD `hide` TINYINT(1) NOT NULL DEFAULT 0;"))
 			success($locale['step_database_adding_field'] . ' players.hide...');
 	}
@@ -208,6 +211,7 @@ if($db->hasColumn('players', 'rank_id')) {
 			}
 		}
 	}
+}
 
 if($db->hasTable('z_forum')) {
 	if(!$db->hasColumn('z_forum', 'post_html')) {

install/tools/7-finish.php

@@ -77,6 +77,8 @@ if(ModelsFAQ::count() == 0) {
 	]);
 }
 
+$hooks->trigger(HOOK_INSTALL_FINISH);
+
 $db->setClearCacheAfter(true);
 
 $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_replace('tools/', '',ADMIN_URL), $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);

nginx-sample.conf

@@ -10,17 +10,20 @@ server {
 	# this is very important, be sure its in your nginx conf - it prevents access to logs etc.
 	location ~ /system {
 		deny all;
-		return 404;
 	}
 
-	# block .htaccess
-	location ~ /\.ht {
+	location /vendor {
+		deny all;
+	}
+
+	# block .htaccess, CHANGELOG.md, composer.json etc.
+	# this is to prevent finding software versions
+	location ~\.(ht|md|json|dist)$ {
 		deny all;
 	}
 
 	# block git files and folders
 	location ~ /\.git {
-		return 404;
 		deny all;
 	}
 

phpstan.neon

@@ -28,7 +28,8 @@ parameters:
 		- '#Variable \$guild might not be defined#'
 		- '#Variable \$[a-zA-Z0-9\\_]+ might not be defined#'
 		# Eloquent models
-		- '#Call to an undefined static method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+()#'
+		- '#Call to an undefined static method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+\(\)#'
+		- '#Call to an undefined method object::toArray\(\)#'
 		# system/pages/highscores.php
 		- '#Call to an undefined method Illuminate\\Database\\Query\\Builder::withOnlineStatus\(\)#'
 		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$online_status#'

plugins/email-confirmed-reward/reward.php

@@ -1,8 +1,6 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
-$reward = setting('core.account_mail_confirmed_reward');
-
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $rewardCoins = setting('core.account_mail_confirmed_reward_coins');
 if ($rewardCoins > 0 && !$hasCoinsColumn) {

plugins/example.json

@@ -25,7 +25,8 @@
 	"hooks": {
 		"Example Hook": {
 			"type": "BEFORE_PAGE",
-			"file": "plugins/example/before.php"
+			"file": "plugins/example/before.php",
+			"priority": 1000
 		}
 	},
 	"routes": {
@@ -33,12 +34,20 @@
 			"pattern": "/YourAwesomePage/{name:string}/{page:int}",
 			"file": "plugins/your-plugin/your-awesome-page.php",
 			"method": "GET",
-			"priority": "130"
+			"priority": 130
 		},
 		"Redirect Example": {
 			"redirect_from": "/redirectExample",
 			"redirect_to": "account/manage"
 		}
 	},
-	"settings": "plugins/your-plugin-folder/settings.php"
+	"routes-default-priority": 1000,
+	"pages-default-priority": 1000,
+	"settings": "plugins/your-plugin-folder/settings.php",
+	"autoload": {
+		"pages": true,
+		"pagesSubFolders": false,
+		"commands": true,
+		"themes": true
+	}
  }

release.sh

@@ -38,7 +38,11 @@ if [ $1 = "prepare" ]; then
 	cd $dir || exit
 
 	# dependencies
-	composer install --prefer-dist --optimize-autoloader
+	composer install --no-dev --prefer-dist --optimize-autoloader
+	npm install
+
+	# node_modules is useless, we already have copy in tools/ext
+	rm -R node_modules
 
 	echo "Now you can make changes to $dir. When you are ready, type 'release.sh pack'"
 	exit

system/database.php

@@ -127,6 +127,7 @@ try {
 	}
 
 	if(defined('MYAAC_INSTALL')) {
+		$error = $e->getMessage();
 		return; // installer will take care of this
 	}
 

system/functions.php

@@ -87,18 +87,29 @@ function getForumBoardLink($board_id, $page = NULL): string {
 	return BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'forum/board/' . (int)$board_id . (isset($page) ? '/' . $page : '');
 }
 
-function getPlayerLink($name, $generate = true): string
-{
-	if(is_numeric($name))
+function getPlayerLink($name, $generate = true, bool $colored = false): string
 {
 	$player = new OTS_Player();
+
+	if(is_numeric($name)) {
 		$player->load((int)$name);
-		if($player->isLoaded())
-			$name = $player->getName();
+	}
+	else {
+		$player->find($name);
 	}
 
+	if (!$player->isLoaded()) {
+		return '(error)';
+	}
+
+	$name = $player->getName();
+
 	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'characters/' . urlencode($name);
 
+	if ($colored) {
+		$name = '<span style="color: ' . ($player->isOnline() ? 'green' : 'red') . ';">' . $name . '</span>';
+	}
+
 	if(!$generate) return $url;
 	return generateLink($url, $name);
 }
@@ -1623,7 +1634,7 @@ function removeIfFirstSlash(&$text) {
 };
 
 function escapeHtml($html) {
-	return htmlentities($html, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
+	return htmlspecialchars($html);
 }
 
 function getGuildNameById($id)

system/init.php

@@ -134,10 +134,6 @@ $ots = POT::getInstance();
 $eloquentConnection = null;
 require_once SYSTEM . 'database.php';
 
-if ($config_lua_reload) {
-	clearCache();
-}
-
 // verify myaac tables exists in database
 if(!defined('MYAAC_INSTALL') && !$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table myaac_account_actions of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting ' . BASE_URL . 'install');
@@ -163,8 +159,8 @@ date_default_timezone_set(setting('core.date_timezone'));
 
 setting(
 	[
-		'core.account_create_character_create',
-		setting('core.account_create_character_create') && (!setting('core.mail_enabled') || !setting('core.account_mail_verify'))
+		'core.account_mail_verify',
+		setting('core.account_mail_verify') && setting('core.mail_enabled')
 	]
 );
 

system/libs/pot/OTS_Base_DAO.php

@@ -83,38 +83,4 @@ abstract class OTS_Base_DAO implements IOTS_DAO
     {
         unset($this->data['id']);
     }
-
-/**
- * Magic PHP5 method.
- * 
- * <p>
- * Allows object importing from {@link http://www.php.net/manual/en/function.var-export.php var_export()}.
- * </p>
- * 
- * @version 0.1.0
- * @param array $properties List of object properties.
- */
-    public static function __set_state($properties)
-    {
-        // deletes database handle
-        if( isset($properties['db']) )
-        {
-            unset($properties['db']);
 }
-
-        // initializes new object with current database connection
-        $object = new self();
-
-        // loads properties
-        foreach($properties as $name => $value)
-        {
-            $object->$name = $value;
-        }
-
-        return $object;
-    }
-}
-
-/**#@-*/
-
-?>

system/libs/pot/OTS_Buffer.php

@@ -196,6 +196,16 @@ class OTS_Buffer
 		return $value[1];
 	}
 
+	public function getLongLong()
+	{
+		// checks buffer size
+		$this->check(8);
+
+		$value = unpack('P', substr($this->buffer, $this->pos, 8) );
+		$this->pos += 8;
+		return $value[1];
+	}
+
 /**
  * Appends quater byte to buffer.
  *

system/libs/pot/OTS_Monster.php

@@ -135,13 +135,14 @@ class OTS_Monster extends DOMDocument
 	{
 		$flags = array();
 
-        // read all flags
+		if ($this->documentElement->getElementsByTagName('flags')->item(0)) {
 			foreach( $this->documentElement->getElementsByTagName('flags')->item(0)->getElementsByTagName('flag') as $flag)
 			{
 				$flag = $flag->attributes->item(0);
 
 				$flags[$flag->nodeName] = (int) $flag->nodeValue;
 			}
+		}
 
 		return $flags;
 	}

system/libs/pot/OTS_Player.php

@@ -90,7 +90,7 @@ class OTS_Player extends OTS_Row_DAO
  * @version 0.1.2
  * @var array
  */
-    private $data = array('sex' => 0, 'vocation' => 0, 'experience' => 0, 'level' => 1, 'maglevel' => 0, 'health' => 100, 'healthmax' => 100, 'mana' => 100, 'manamax' => 100, 'manaspent' => 0, 'soul' => 0, 'lookbody' => 10, 'lookfeet' => 10, 'lookhead' => 10, 'looklegs' => 10, 'looktype' => 136, 'lookaddons' => 0, 'posx' => 0, 'posy' => 0, 'posz' => 0, 'cap' => 0, 'lastlogin' => 0, 'lastip' => 0, 'save' => true, 'skulltime' => 0, 'skull' => 0, 'balance' => 0, 'lastlogout' => 0, 'blessings' => 0, 'stamina' => 0, 'online' => 0, 'comment' => '', 'created' => 0, 'hide' => 0);
+    private $data = array('group_id' => 1, 'sex' => 0, 'vocation' => 0, 'experience' => 0, 'level' => 1, 'maglevel' => 0, 'health' => 100, 'healthmax' => 100, 'mana' => 100, 'manamax' => 100, 'manaspent' => 0, 'soul' => 0, 'lookbody' => 10, 'lookfeet' => 10, 'lookhead' => 10, 'looklegs' => 10, 'looktype' => 136, 'lookaddons' => 0, 'posx' => 0, 'posy' => 0, 'posz' => 0, 'cap' => 0, 'lastlogin' => 0, 'lastip' => 0, 'save' => true, 'skulltime' => 0, 'skull' => 0, 'balance' => 0, 'lastlogout' => 0, 'blessings' => 0, 'stamina' => 0, 'online' => 0, 'comment' => '', 'created' => 0, 'hide' => 0);
 
 /**
  * Player skills.
@@ -1229,6 +1229,13 @@ class OTS_Player extends OTS_Row_DAO
         $this->data['direction'] = (int) $direction;
     }
 
+	public function getOutfit(): string
+	{
+		$hasLookAddons = $this->db->hasColumn('players', 'lookaddons');
+
+		return setting('core.outfit_images_url') . '?id=' . $this->getLookType() . ($hasLookAddons ? '&addons=' . $this->getLookAddons() : '') . '&head=' . $this->getLookHead() . '&body=' . $this->getLookBody() . '&legs=' . $this->getLookLegs() . '&feet=' . $this->getLookFeet();
+	}
+
 /**
  * Body color.
  *

system/locale/de/install.php

@@ -36,6 +36,10 @@ $locale['step_requirements'] = 'Anforderungen';
 $locale['step_requirements_title'] = 'Anforderungen überprüfen';
 $locale['step_requirements_php_version'] = 'PHP Version';
 $locale['step_requirements_write_perms'] = 'Schreibberechtigungen';
+$locale['step_requirements_folder_exists'] = 'Ordner ist vorhanden';
+$locale['step_requirements_folder_not_exists_tools_ext'] = 'NPM Package Manager wird verwendet für externe JavaScript/CSS Bibliotheken.'
+	. ' Es sollte via Command Line installiert werden: <a href="https://docs.npmjs.com/downloading-and-installing-node-js-and-npm">https://docs.npmjs.com/downloading-and-installing-node-js-and-npm</a>'
+	. ' Nachdem das Tool installiert wurde, folgende Befehl sollte ausgeführt in dem Hauptordner des MyAACs: "npm install".';
 $locale['step_requirements_failed'] = 'Die Installation wird deaktiviert, bis diese Anforderungen erfüllt sind.</b><br/>Für weitere Informationen siehe <b>README</b> Datei.';
 $locale['step_requirements_extension'] = '$EXTENSION$ PHP Erweiterung';
 

system/locale/en/install.php

@@ -36,6 +36,10 @@ $locale['step_requirements'] = 'Requirements';
 $locale['step_requirements_title'] = 'Requirements check';
 $locale['step_requirements_php_version'] = 'PHP Version';
 $locale['step_requirements_write_perms'] = 'Write permissions';
+$locale['step_requirements_folder_exists'] = 'Directory exists';
+$locale['step_requirements_folder_not_exists_tools_ext'] = 'NPM Package Manager is used for external JavaScript/CSS libraries.'
+	. ' You need to install it through Command Line: <a href="https://docs.npmjs.com/downloading-and-installing-node-js-and-npm">https://docs.npmjs.com/downloading-and-installing-node-js-and-npm</a>'
+	. ' When you done with installing that tool, execute: "npm install" in the main MyAAC folder.';
 $locale['step_requirements_failed'] = 'Installation will be disabled until these requirements will be passed.</b><br/>For more informations see <b>README</b> file.';
 $locale['step_requirements_extension'] = '$EXTENSION$ PHP extension';
 $locale['step_requirements_warning_images_guilds'] = 'Guild logo upload will not work';

system/locale/pl/install.php

@@ -36,6 +36,10 @@ $locale['step_requirements'] = 'Wymagania';
 $locale['step_requirements_title'] = 'Sprawdzanie wymagań';
 $locale['step_requirements_php_version'] = 'Wersja PHP';
 $locale['step_requirements_write_perms'] = 'Uprawnienia do zapisu';
+$locale['step_requirements_folder_exists'] = 'Folder istnieje';
+$locale['step_requirements_folder_not_exists_tools_ext'] = 'Manadżer Pakietów NPM jest używany do zewnętrznych bibliotek JavaScript/CSS.'
+	. ' Trzeba go zainstalować poprzez wiersz poleceń: <a href="https://docs.npmjs.com/downloading-and-installing-node-js-and-npm">https://docs.npmjs.com/downloading-and-installing-node-js-and-npm</a>'
+	. ' Po instalacji narzędzia, wywołaj następujące polecenie w głownym katalogu MyAAC: "npm install".';
 $locale['step_requirements_failed'] = 'Instalacja zostanie zablokowana dopóki te wymagania nie zostaną spełnione.</b><br/>Po więcej informacji zasięgnij do pliku <b>README</b>.';
 $locale['step_requirements_extension'] = 'Rozszerzenie PHP - $EXTENSION$';
 $locale['step_requirements_warning_images_guilds'] = 'Nie będzie możliwości uploadu obrazków gildii';

system/logout.php

@@ -22,11 +22,5 @@ if(isset($account_logged) && $account_logged->isLoaded()) {
 
 		$logged = false;
 		unset($account_logged);
-
-		if(isset($_REQUEST['redirect']))
-		{
-			header('Location: ' . urldecode($_REQUEST['redirect']));
-			exit;
-		}
 	}
 }

system/pages/account/base.php

@@ -12,6 +12,8 @@ defined('MYAAC') or die('Direct access not allowed!');
 
 if(!$logged)
 {
+	$title = 'Login';
+
 	if(!empty($errors))
 		$twig->display('error_box.html.twig', array('errors' => $errors));
 
@@ -19,7 +21,8 @@ if(!$logged)
 		'redirect' => $_REQUEST['redirect'] ?? null,
 		'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
 		'account_login_by' => getAccountLoginByLabel(),
-		'error' => $errors[0] ?? null
+		'error' => $errors[0] ?? null,
+		'errors' => $errors ?? [],
 	));
 
 	return;

system/pages/account/change-email.php

@@ -57,14 +57,14 @@ if($email_new_time < 10) {
 			$twig->display('error_box.html.twig', array('errors' => $errors));
 
 			//show form
-			$twig->display('account.change_mail.html.twig', array(
+			$twig->display('account.change-email.html.twig', array(
 				'new_email' => isset($_POST['new_email']) ? $_POST['new_email'] : null
 			));
 		}
 	}
 	else
 	{
-		$twig->display('account.change_mail.html.twig', array(
+		$twig->display('account.change-email.html.twig', array(
 			'new_email' => isset($_POST['new_email']) ? $_POST['new_email'] : null
 		));
 	}

system/pages/account/change-info.php

@@ -26,12 +26,13 @@ if(setting('core.account_country'))
 $account = Account::find($account_logged->getId());
 
 $show_form = true;
-$new_rlname = isset($_POST['info_rlname']) ? htmlspecialchars(stripslashes($_POST['info_rlname'])) : NULL;
-$new_location = isset($_POST['info_location']) ? htmlspecialchars(stripslashes($_POST['info_location'])) : NULL;
-$new_country = isset($_POST['info_country']) ? htmlspecialchars(stripslashes($_POST['info_country'])) : NULL;
+$new_rlname = isset($_POST['info_rlname']) ? htmlspecialchars(stripslashes($_POST['info_rlname'])) : '';
+$new_location = isset($_POST['info_location']) ? htmlspecialchars(stripslashes($_POST['info_location'])) : '';
+$new_country = isset($_POST['info_country']) ? htmlspecialchars(stripslashes($_POST['info_country'])) : '';
 if(isset($_POST['changeinfosave']) && $_POST['changeinfosave'] == 1) {
-	if(!isset($config['countries'][$new_country]))
+	if(setting('core.account_country') && !isset($config['countries'][$new_country])) {
 		$errors[] = 'Country is not correct.';
+	}
 
 	if(empty($errors)) {
 		//save data from form
@@ -39,7 +40,14 @@ if(isset($_POST['changeinfosave']) && $_POST['changeinfosave'] == 1) {
 		$account->location = $new_location;
 		$account->country = $new_country;
 		$account->save();
-		$account_logged->logAction('Changed Real Name to <b>' . $new_rlname . '</b>, Location to <b>' . $new_location . '</b> and Country to <b>' . $config['countries'][$new_country] . '</b>.');
+
+		$log = 'Changed Real Name to <b>' . $new_rlname . '</b>, Location to <b>' . $new_location . '</b>';
+		if(setting('core.account_country')) {
+			$log .= ' and Country to <b>' . $config['countries'][$new_country] . '</b>';
+		}
+		$log .= '.';
+
+		$account_logged->logAction($log);
 		$twig->display('success.html.twig', array(
 			'title' => 'Public Information Changed',
 			'description' => 'Your public information has been changed.'
@@ -68,7 +76,7 @@ if($show_form) {
 			$countries[$code] = $country;
 	}
 
-	$twig->display('account.change_info.html.twig', array(
+	$twig->display('account.change-info.html.twig', array(
 		'countries' => $countries ?? [],
 		'account_rlname' => $account_rlname,
 		'account_location' => $account_location,

system/pages/account/change-password.php

@@ -21,7 +21,7 @@ $new_password = $_POST['newpassword'] ?? NULL;
 $new_password_confirm = $_POST['newpassword_confirm'] ?? NULL;
 $old_password = $_POST['oldpassword'] ?? NULL;
 if(empty($new_password) && empty($new_password_confirm) && empty($old_password)) {
-	$twig->display('account.change_password.html.twig');
+	$twig->display('account.change-password.html.twig');
 }
 else
 {
@@ -52,7 +52,7 @@ else
 		$twig->display('error_box.html.twig', array('errors' => $errors));
 
 		//show form
-		$twig->display('account.change_password.html.twig');
+		$twig->display('account.change-password.html.twig');
 	}
 	else {
 		$org_pass = $new_password;

system/pages/account/characters/change-comment.php

@@ -14,7 +14,7 @@ use MyAAC\Models\Player;
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Change Comment';
-require __DIR__ . '/base.php';
+require PAGES . 'account/base.php';
 
 if(!$logged) {
 	return;
@@ -68,7 +68,7 @@ if($show_form) {
 	}
 
 	if(isset($player) && $player) {
-		$twig->display('account.change_comment.html.twig', array(
+		$twig->display('account.characters.change-comment.html.twig', array(
 			'player' => $player->toArray()
 		));
 	}

system/pages/account/characters/change-name.php

@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Change Name';
-require __DIR__ . '/base.php';
+require PAGES . 'account/base.php';
 
 if(!$logged) {
 	return;
@@ -109,7 +109,7 @@ else
 			$twig->display('error_box.html.twig', array('errors' => $errors));
 		}
 
-		$twig->display('account.change_name.html.twig', array(
+		$twig->display('account.characters.change-name.html.twig', array(
 			'points' => $points,
 			'errors' => $errors
 			//'account_players' => $account_logged->getPlayersList()

system/pages/account/characters/change-sex.php

@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Change Sex';
-require __DIR__ . '/base.php';
+require PAGES . 'account/base.php';
 
 if(!$logged) {
 	return;
@@ -88,7 +88,7 @@ else
 		if(!empty($errors)) {
 			$twig->display('error_box.html.twig', array('errors' => $errors));
 		}
-		$twig->display('account.change_sex.html.twig', array(
+		$twig->display('account.characters.change-sex.html.twig', array(
 			'players' => $account_logged->getPlayersList(false),
 			'player_sex' => isset($player) ? $player->getSex() : -1,
 			'points' => $points

system/pages/account/characters/create.php

@@ -14,7 +14,7 @@ use MyAAC\CreateCharacter;
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Create Character';
-require __DIR__ . '/base.php';
+require PAGES . 'account/base.php';
 
 if(!$logged) {
 	return;
@@ -43,7 +43,7 @@ if(count($errors) > 0) {
 }
 
 if(!$character_created) {
-	$twig->display('account.create_character.html.twig', array(
+	$twig->display('account.characters.create.html.twig', array(
 		'name' => $character_name,
 		'sex' => $character_sex,
 		'vocation' => $character_vocation,

system/pages/account/characters/delete.php

@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Delete Character';
-require __DIR__ . '/base.php';
+require PAGES . 'account/base.php';
 
 if(!$logged) {
 	return;
@@ -93,5 +93,5 @@ if($show_form) {
 		$twig->display('error_box.html.twig', array('errors' => $errors));
 	}
 
-	$twig->display('account.delete_character.html.twig');
+	$twig->display('account.characters.delete.html.twig');
 }

system/pages/account/confirm-email.php

@@ -25,16 +25,20 @@ if(!Account::where('email_hash', $hash)->exists()) {
 }
 else
 {
-	if (Account::where('email_hash', $hash)->where('email_verified', 0)->exists()) {
-		$query = $query->fetch(PDO::FETCH_ASSOC);
+	$accountModel = Account::where('email_hash', $hash)->where('email_verified', 0)->first();
+	if ($accountModel) {
+		$accountModel->email_verified = 1;
+		$accountModel->save();
+
+		success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this. You can now <a href=' . getLink('account/manage') . '>log in</a>.');
+
 		$account = new OTS_Account();
-		$account->load($query['id']);
+		$account->load($accountModel->id);
 		if ($account->isLoaded()) {
 			$hooks->trigger(HOOK_EMAIL_CONFIRMED, ['account' => $account]);
 		}
 	}
-
-	Account::where('email_hash', $hash)->update('email_verified', 1);
-	success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.');
+	else {
+		error('Link has expired.');
+	}
 }
-?>

system/pages/account/create.php

@@ -227,7 +227,7 @@ if($save)
 			$hash = md5(generateRandomString(16, true, true) . $email);
 			$new_account->setCustomField('email_hash', $hash);
 
-			$verify_url = getLink('account/confirm_email/' . $hash);
+			$verify_url = getLink('account/confirm-email/' . $hash);
 			$body_html = $twig->render('mail.account.verify.html.twig', array(
 				'account' => $tmp_account,
 				'verify_url' => generateLink($verify_url, $verify_url, true)
@@ -236,6 +236,9 @@ if($save)
 			if(_mail($email, 'New account on ' . $config['lua']['serverName'], $body_html))
 			{
 				echo 'Your account has been created.<br/><br/>';
+
+				warning("Before you can login - you need to verify your E-Mail. The verification link has been sent to $email. If the message is not coming - remember to check the SPAM folder.");
+
 				$twig->display('success.html.twig', array(
 					'title' => 'Account Created',
 					'description' => 'Your account ' . $account_type . ' is <b>' . $tmp_account . '</b><br/>You will need the account ' . $account_type . ' and your password to play on ' . configLua('serverName') . '.
@@ -252,15 +255,6 @@ if($save)
 		}
 		else
 		{
-			if(setting('core.account_create_character_create')) {
-				// character creation
-				$character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors);
-				if (!$character_created) {
-					error('There was an error creating your character. Please create your character later in account management page.');
-					error(implode(' ', $errors));
-				}
-			}
-
 			if(setting('core.account_create_auto_login')) {
 				if ($hasBeenCreatedByEMail) {
 					$_POST['account_login'] = $email;
@@ -311,6 +305,15 @@ if($save)
 			}
 		}
 
+		if(setting('core.account_create_character_create')) {
+			// character creation
+			$character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors);
+			if (!$character_created) {
+				error('There was an error creating your character. Please create your character later in account management page.');
+				error(implode(' ', $errors));
+			}
+		}
+
 		return;
 	}
 }

system/pages/account/login.php

@@ -9,11 +9,12 @@
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = 'Login';
 
 // new login with data from form
-if(!$logged && isset($_POST['account_login'], $_POST['password_login']))
-{
+if($logged || !isset($_POST['account_login']) || !isset($_POST['password_login'])) {
+	return;
+}
+
 $login_account = $_POST['account_login'];
 $login_password = $_POST['password_login'];
 $remember_me = isset($_POST['remember_me']);
@@ -59,6 +60,10 @@ if(!$logged && isset($_POST['account_login'], $_POST['password_login']))
 		&& (!isset($t) || $t['attempts'] < 5)
 	)
 	{
+		if (setting('core.account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) {
+			$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.';
+		}
+		else {
 			session_regenerate_id();
 			setSession('account', $account_logged->getId());
 			setSession('password', encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password));
@@ -82,6 +87,7 @@ if(!$logged && isset($_POST['account_login'], $_POST['password_login']))
 
 			$hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me));
 		}
+	}
 	else
 	{
 		$hooks->trigger(HOOK_LOGIN_ATTEMPT, array('account' => $login_account, 'password' => $login_password, 'remember_me' => $remember_me));
@@ -122,4 +128,3 @@ if(!$logged && isset($_POST['account_login'], $_POST['password_login']))
 }
 
 $hooks->trigger(HOOK_ACCOUNT_LOGIN_POST);
-}

system/pages/account/manage.php

@@ -22,6 +22,12 @@ if(isset($_REQUEST['redirect']))
 {
 	$redirect = urldecode($_REQUEST['redirect']);
 
+	// should never happen, unless hacker modify the URL
+	if (!str_contains($redirect, BASE_URL)) {
+		error('Fatal error: Cannot redirect outside the website.');
+		return;
+	}
+
 	$twig->display('account.redirect.html.twig', array(
 		'redirect' => $redirect
 	));
@@ -46,7 +52,7 @@ if(empty($recovery_key))
 else
 {
 	if(setting('core.account_generate_new_reckey') && setting('core.mail_enabled'))
-		$account_registered = '<b><span style="color: green">Yes ( <a href="' . getLink('account/register/new') . '"> Buy new Recovery Key </a> )</span></b>';
+		$account_registered = '<b><span style="color: green">Yes ( <a href="' . getLink('account/register-new') . '"> Buy new Recovery Key </a> )</span></b>';
 	else
 		$account_registered = '<b><span style="color: green">Yes</span></b>';
 }

system/pages/account/redirect.php

@@ -12,6 +12,12 @@ defined('MYAAC') or die('Direct access not allowed!');
 
 $redirect = urldecode($_REQUEST['redirect']);
 
+// should never happen, unless hacker modify the URL
+if (!str_contains($redirect, BASE_URL)) {
+	error('Fatal error: Cannot redirect outside the website.');
+	return;
+}
+
 $twig->display('account.redirect.html.twig', array(
 	'redirect' => $redirect
 ));

system/pages/characters.php

@@ -8,6 +8,9 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Models\PlayerDeath;
+
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Characters';
 
@@ -322,20 +325,39 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 
 	$frags = array();
 	$frag_add_content = '';
-	if($config['characters']['frags'] && $db->hasTable('killers')) {
+	if ($config['characters']['frags']) {
+		$frags_limit = 10; // frags limit to show? // default: 10
+
+		if ($db->hasTable('killers')) {
 			//frags list by Xampy
 			$i = 0;
-		$frags_limit = 10; // frags limit to show? // default: 10
 			$player_frags = $db->query('SELECT `player_deaths`.*, `players`.`name`, `killers`.`unjustified` FROM `player_deaths` LEFT JOIN `killers` ON `killers`.`death_id` = `player_deaths`.`id` LEFT JOIN `player_killers` ON `player_killers`.`kill_id` = `killers`.`id` LEFT JOIN `players` ON `players`.`id` = `player_deaths`.`player_id` WHERE `player_killers`.`player_id` = ' . $player->getId() . ' ORDER BY `date` DESC LIMIT 0,' . $frags_limit . ';')->fetchAll();
 			if (count($player_frags)) {
 				$row_count = 0;
-			foreach($player_frags as $frag)
-			{
+				foreach ($player_frags as $frag) {
 					$description = 'Fragged <a href="' . getPlayerLink($frag['name'], false) . '">' . $frag['name'] . '</a> at level ' . $frag['level'];
 					$frags[] = array('time' => $frag['date'], 'description' => $description, 'unjustified' => $frag['unjustified'] != 0);
 				}
 			}
 		}
+		else if($db->hasTable('player_deaths') && $db->hasColumn('player_deaths', 'killed_by')) {
+			$i = 0;
+			$player_frags = PlayerDeath::where('player_deaths.killed_by', $player->getName())
+				->join('players', 'players.id', '=', 'player_deaths.player_id')
+				->limit($frags_limit)
+				->selectRaw('players.name, player_deaths.*')
+				->orderBy('player_deaths.time', 'DESC')
+				->get();
+
+			if ($player_frags->count()) {
+				$row_count = 0;
+				foreach ($player_frags as $frag) {
+					$description = 'Fragged <a href="' . getPlayerLink($frag->name, false) . '">' . $frag->name . '</a> at level ' . $frag->level;
+					$frags[] = array('time' => $frag->time, 'description' => $description, 'unjustified' => $frag->unjustified != 0);
+				}
+			}
+		}
+	}
 
 	// signature
 	if(setting('core.signature_enabled')) {

system/pages/forum/edit_post.php

@@ -19,7 +19,7 @@ if ($ret === false) {
 }
 
 if(!$logged) {
-	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . BASE_URL . urlencode(getLink('forum')) . '">Log in</a> to post on the forum.<br /><br />';
+	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . urlencode(getLink('forum')) . '">Log in</a> to post on the forum.<br /><br />';
 	return;
 }
 

system/pages/forum/move_thread.php

@@ -19,7 +19,7 @@ if ($ret === false) {
 }
 
 if(!$logged) {
-	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . BASE_URL . urlencode(getLink('forum')) . '">Log in</a> to post on the forum.<br /><br />';
+	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . urlencode(getLink('forum')) . '">Log in</a> to post on the forum.<br /><br />';
 	return;
 }
 

system/pages/forum/new_post.php

@@ -24,7 +24,7 @@ if(!$logged) {
 		$extra_url = '?action=new_post&thread_id=' . $_GET['thread_id'];
 	}
 
-	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . BASE_URL . urlencode(getLink('forum') . $extra_url) . '">Log in</a> to post on the forum.<br /><br />';
+	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . urlencode(getLink('forum') . $extra_url) . '">Log in</a> to post on the forum.<br /><br />';
 	return;
 }
 

system/pages/forum/new_thread.php

@@ -24,7 +24,7 @@ if(!$logged) {
 		$extra_url = '?action=new_thread&section_id=' . $_GET['section_id'];
 	}
 
-	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . BASE_URL . urlencode(getLink('forum') . $extra_url) . '">Log in</a> to post on the forum.<br /><br />';
+	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . urlencode(getLink('forum') . $extra_url) . '">Log in</a> to post on the forum.<br /><br />';
 	return;
 }
 

system/pages/forum/remove_post.php

@@ -19,7 +19,7 @@ if ($ret === false) {
 }
 
 if(!$logged) {
-	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . BASE_URL . urlencode(getLink('forum')) . '">Log in</a> to post on the forum.<br /><br />';
+	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . urlencode(getLink('forum')) . '">Log in</a> to post on the forum.<br /><br />';
 	return;
 }
 

system/pages/forum/show_thread.php

@@ -60,7 +60,7 @@ foreach($posts as &$post) {
 	}
 
 	if($config['characters']['outfit']) {
-		$post['outfit'] = setting('core.outfit_images_url') . '?id=' . $player->getLookType() . ($lookaddons ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet();
+		$post['outfit'] = $player->getOutfit();
 	}
 
 	$groupName = '';

system/pages/guilds/cleanup_players.php

@@ -40,7 +40,7 @@ if(count($players_list) > 0)
 				if(!$rank_guild->isLoaded())
 				{
 					$player->setRank();
-					$player->setGuildNick();
+					$player->setGuildNick('');
 					$changed_ranks_of[] = $player->getName();
 					$deleted_ranks[] = 'ID: '.$player_rank->getId().' - '.$player_rank->getName();
 					$player_rank->delete();

system/pages/guilds/create.php

@@ -10,6 +10,8 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
+use MyAAC\Models\GuildRank;
+
 require __DIR__ . '/base.php';
 
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
@@ -113,7 +115,25 @@ if(isset($todo) && $todo == 'save')
 	$new_guild->setOwner($player);
 	$new_guild->save();
 	$new_guild->setCustomField('description', setting('core.guild_description_default'));
-	//$new_guild->setCustomField('creationdata', time());
+
+	if ($db->hasTable('guild_ranks')) {
+		if (!GuildRank::where('guild_id', $new_guild->getId())->first()) {
+			$ranks = [
+				['level' => 3, 'name' => 'the Leader'],
+				['level' => 2, 'name' => 'a Vice-Leader'],
+				['level' => 1, 'name' => 'a Member'],
+			];
+
+			foreach ($ranks as $rank) {
+				GuildRank::create([
+					'guild_id' => $new_guild->getId(),
+					'name' => $rank['name'],
+					'level' => $rank['level'],
+				]);
+			}
+		}
+	}
+
 	$ranks = $new_guild->getGuildRanksList();
 	$ranks->orderBy('level', POT::ORDER_DESC);
 	foreach($ranks as $rank) {
@@ -124,14 +144,11 @@ if(isset($todo) && $todo == 'save')
 			$player->setRank($rank);
 		}
 	}
+
 	$twig->display('guilds.create.success.html.twig', array(
 		'guild_name' => $guild_name,
 		'leader_name' => $player->getName()
 	));
-
-	/*$db->exec('INSERT INTO `guild_ranks` (`id`, `guild_id`, `name`, `level`) VALUES (null, '.$new_guild->getId().', "the Leader", 3)');
-	$db->exec('INSERT INTO `guild_ranks` (`id`, `guild_id`, `name`, `level`) VALUES (null, '.$new_guild->getId().', "a Vice-Leader", 2)');
-	$db->exec('INSERT INTO `guild_ranks` (`id`, `guild_id`, `name`, `level`) VALUES (null, '.$new_guild->getId().', "a Member", 1)');*/
 }
 else {
 	sort($array_of_player_nig);

system/pages/guilds/show.php

@@ -142,9 +142,7 @@ if($logged && count($invited_list) > 0)
 	}
 }
 
-$useGuildNick = false;
-if($db->hasColumn('players', 'guildnick'))
-	$useGuildNick = true;
+$useGuildNick = $db->hasTable('guild_members') || $db->hasTable('guild_membership') || $db->hasColumn('players', 'guildnick');
 
 $twig->display('guilds.view.html.twig', array(
 	'logo' => $guild_logo,
@@ -160,7 +158,6 @@ $twig->display('guilds.view.html.twig', array(
 	'level_in_guild' => $level_in_guild,
 	'isLeader' => $guild_leader,
 	'isVice' => $guild_vice,
-	'logged' => $logged,
 	'invited_list' => $invited_list,
 	'show_accept_invite' => $show_accept_invite,
 	'useGuildNick' => $useGuildNick

system/pages/highscores.php

@@ -182,7 +182,7 @@ if (empty($highscores)) {
 		if ($db->hasTable('player_killers')) {
 			$query->addSelect(['value' => PlayerKillers::where('player_killers.player_id', 'players.id')->selectRaw('COUNT(*)')]);
 		} else {
-			$query->addSelect(['value' => PlayerDeath::unjustified()->where('player_deaths.killed_by', 'players.name')->selectRaw('COUNT(*)')]);
+			$query->addSelect(['value' => PlayerDeath::unjustified()->whereColumn('player_deaths.killed_by', 'players.name')->selectRaw('COUNT(*)')]);
 		}
 	} else if ($skill == SKILL_BALANCE) // balance
 	{

system/pages/monsters.php

@@ -39,9 +39,12 @@ if (empty($_REQUEST['name'])) {
 
 // display monster
 $monster_name = urldecode(stripslashes(ucwords(strtolower($_REQUEST['name']))));
-$monster = Monster::where('hide', '!=', 1)->where('name', $monster_name)->first()->toArray();
+$monsterModel = Monster::where('hide', '!=', 1)->where('name', $monster_name)->first();
+
+if ($monsterModel && isset($monsterModel->name)) {
+	/** @var array $monster */
+	$monster = $monsterModel->toArray();
 
-if (isset($monster['name'])) {
 	function sort_by_chance($a, $b)
 	{
 		if ($a['chance'] == $b['chance']) {
@@ -79,7 +82,7 @@ if (isset($monster['name'])) {
 	));
 
 } else {
-	echo "Monster with name <b>" . $monster_name . "</b> doesn't exist.";
+	echo "Monster with name <b>" . htmlspecialchars($monster_name) . "</b> doesn't exist.";
 }
 
 // back button

system/pages/polls.php

@@ -51,7 +51,7 @@ function getColorByPercent($percent)
 					if($logged)
 						echo $link.'?id='.$poll['id'];
 					else
-						echo getLink('account/manage') . '?redirect=' . BASE_URL . urlencode($link.'?id='.$poll['id']);
+						echo getLink('account/manage') . '?redirect=' . urlencode($link.'?id='.$poll['id']);
 
 					echo '">'.$poll['question'] . '</a>
 				</td>
@@ -80,7 +80,7 @@ function getColorByPercent($percent)
 					if($logged)
 						echo $link.'?id='.$poll['id'];
 					else
-						echo getLink('account/manage') . '?redirect=' . BASE_URL . urlencode($link.'?id='.$poll['id']);
+						echo getLink('account/manage') . '?redirect=' . urlencode($link.'?id='.$poll['id']);
 
 					echo '">'.$poll['question'] . '</a>
 				</td>

system/router.php

@@ -91,35 +91,67 @@ if($logged && $account_logged && $account_logged->isLoaded()) {
 $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r) {
 	$routes = require SYSTEM . 'routes.php';
 
-	$isAlreadyDefined = [];
-
-	$routesTmp = [];
+	$routesFinal = [];
 	foreach(getDatabasePages() as $page) {
-		$isAlreadyDefined[$page] = true;
-		$routesTmp[] = ['*', $page, '__database__/' . $page, true];
+		$routesFinal[] = ['*', $page, '__database__/' . $page, 100];
 	}
 
 	Plugins::clearWarnings();
 	foreach (Plugins::getRoutes() as $route) {
-		if(!isset($isAlreadyDefined[$route[1]])) {
-			$isAlreadyDefined[$route[1]] = true;
-			$routesTmp[] = [$route[0], $route[1], $route[2]];
-		}
+		$routesFinal[] = [$route[0], $route[1], $route[2], $route[3] ?? 1000];
+/*
+		echo '<pre>';
+		var_dump($route[1], $route[3], $route[2]);
+		echo '/<pre>';
+*/
 	}
 
 	foreach ($routes as $route) {
-		if(!isset($isAlreadyDefined[$route[1]])) {
-			if (strpos($route[2], '__redirect__') === false && strpos($route[2], '__database__') === false) {
-				$routesTmp[] = [$route[0], $route[1], 'system/pages/' . $route[2]];
+		if (!str_contains($route[2], '__redirect__') && !str_contains($route[2], '__database__')) {
+			$routesFinal[] = [$route[0], $route[1], 'system/pages/' . $route[2], $route[3] ?? 10000];
 		}
 		else {
-				$routesTmp[] = [$route[0], $route[1], $route[2]];
-			}
+			$routesFinal[] = [$route[0], $route[1], $route[2], $route[3] ?? 10000];
 		}
 	}
 
-	//var_dump($routesTmp);
-	foreach ($routesTmp as $route) {
+	// sort required for the next step (filter)
+	usort($routesFinal, function ($a, $b)
+	{
+		// key 3 is priority
+		if ($a[3] == $b[3]) {
+			return 0;
+		}
+
+		return ($a[3] < $b[3]) ? -1 : 1;
+	});
+
+	// remove duplicates
+	// if same route pattern, but different priority
+	$routesFinal = array_filter($routesFinal, function ($a) {
+		$aliases = [
+			[':int', ':string', ':alphanum'],
+			[':\d+', ':[A-Za-z0-9-_%+\' ]+', ':[A-Za-z0-9]+'],
+		];
+
+		// apply aliases
+		$a[1] = str_replace($aliases[0], $aliases[1], $a[1]);
+
+		static $duplicates = [];
+		if (isset($duplicates[$a[1]])) {
+			return false;
+		}
+
+		$duplicates[$a[1]] = true;
+		return true;
+	});
+/*
+	echo '<pre>';
+	var_dump($routesFinal);
+	echo '</pre>';
+	die;
+*/
+	foreach ($routesFinal as $route) {
 		if ($route[0] === '*') {
 			$route[0] = ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'HEAD'];
 		}

system/routes.php

@@ -11,50 +11,56 @@ defined('MYAAC') or die('Direct access not allowed!');
 
 return [
 	['GET', '', 'news.php'], // empty URL = show news
-	['GET', 'news/archive/{id:int}[/]', 'news/archive.php'],
-	['GET', 'news/{id:int}[/]', 'news/archive.php'],
+	['GET', 'news/archive/{id:int}', 'news/archive.php'],
+	['GET', 'news/{id:int}', 'news/archive.php'],
 
 	// block access to some files
-	['*', 'account/base[/]', '404.php'], // this is to block account/base.php
-	['*', 'forum/base[/]', '404.php'],
-	['*', 'guilds/base[/]', '404.php'],
+	['*', 'account/base', '404.php', 10], // this is to block account/base.php
+	['*', 'forum/base', '404.php', 10],
+	['*', 'guilds/base', '404.php', 10],
 
-	[['GET', 'POST'], 'account/password[/]', 'account/change_password.php'],
-	[['GET', 'POST'], 'account/register/new[/]', 'account/register_new.php'],
-	[['GET', 'POST'], 'account/email[/]', 'account/change_email.php'],
-	[['GET', 'POST'], 'account/info[/]', 'account/change_info.php'],
-	[['GET', 'POST'], 'account/character/create[/]', 'account/create_character.php'],
-	[['GET', 'POST'], 'account/character/name[/]', 'account/change_name.php'],
-	[['GET', 'POST'], 'account/character/sex[/]', 'account/change_sex.php'],
-	[['GET', 'POST'], 'account/character/delete[/]', 'account/delete_character.php'],
-	[['GET', 'POST'], 'account/character/comment[/{name:[A-Za-z0-9-_%+\']+}]', 'account/change_comment.php'],
-	['GET', 'account/confirm_email/{hash:alphanum}[/]', 'account/confirm_email.php'],
+	['GET', 'account/confirm-email/{hash:alphanum}', 'account/confirm-email.php'],
 
-	['GET', 'bans/{page:int}[/]', 'bans.php'],
+	['GET', 'bans/{page:int}', 'bans.php'],
 	[['GET', 'POST'], 'characters[/{name:string}]', 'characters.php'],
 	['GET', 'changelog[/{page:int}]', 'changelog.php'],
 	[['GET', 'POST'], 'monsters[/{name:string}]', 'monsters.php'],
 
 	[['GET', 'POST'], 'faq[/{action:string}]', 'faq.php'],
 
-	[['GET', 'POST'], 'forum/{action:string}[/]', 'forum.php'],
-	['GET', 'forum/board/{id:int}[/]', 'forum/show_board.php'],
-	['GET', 'forum/board/{id:int}/{page:[0-9]+}[/]', 'forum/show_board.php'],
-	['GET', 'forum/thread/{id:int}[/]', 'forum/show_thread.php'],
-	['GET', 'forum/thread/{id:int}/{page:int}[/]', 'forum/show_thread.php'],
+	[['GET', 'POST'], 'forum/{action:string}', 'forum.php'],
+	['GET', 'forum/board/{id:int}', 'forum/show_board.php'],
+	['GET', 'forum/board/{id:int}/{page:[0-9]+}', 'forum/show_board.php'],
+	['GET', 'forum/thread/{id:int}', 'forum/show_thread.php'],
+	['GET', 'forum/thread/{id:int}/{page:int}', 'forum/show_thread.php'],
 
-	['GET', 'gallery/{image:int}[/]', 'gallery.php'],
-	[['GET', 'POST'], 'gallery/{action:string}[/]', 'gallery.php'],
+	['GET', 'gallery/{image:int}', 'gallery.php'],
+	[['GET', 'POST'], 'gallery/{action:string}', 'gallery.php'],
 
-	[['GET', 'POST'], 'guilds/{guild:string}[/]', 'guilds/show.php'],
+	[['GET', 'POST'], 'guilds/{guild:string}', 'guilds/show.php'],
 
-	['GET', 'highscores/{list:alphanum}/{vocation:alphanum}/{page:int}[/]', 'highscores.php'],
-	['GET', 'highscores/{list:alphanum}/{page:int}[/]', 'highscores.php'],
-	['GET', 'highscores/{list:alphanum}/{vocation:alphanum}[/]', 'highscores.php'],
-	['GET', 'highscores/{list:alphanum}[/]', 'highscores.php'],
+	['GET', 'highscores/{list:alphanum}/{vocation:alphanum}/{page:int}', 'highscores.php'],
+	['GET', 'highscores/{list:alphanum}/{page:int}', 'highscores.php'],
+	['GET', 'highscores/{list:alphanum}/{vocation:alphanum}', 'highscores.php'],
+	['GET', 'highscores/{list:alphanum}', 'highscores.php'],
 /*
-	'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
 	'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
 	'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
 	'/^houses\/view\/?$/' => array('subtopic' => 'houses', 'page' => 'view')*/
+
+	/**
+	 * Deprecated
+	 * To be removed in next versions
+	 * Kept just for compatibility
+	 */
+	[['GET', 'POST'], 'account/password', 'account/change-password.php'],
+	[['GET', 'POST'], 'account/register/new', 'account/register-new.php'],
+	[['GET', 'POST'], 'account/email', 'account/change-email.php'],
+	[['GET', 'POST'], 'account/info', 'account/change-info.php'],
+	[['GET', 'POST'], 'account/character/create', 'account/characters/create.php'],
+	[['GET', 'POST'], 'account/character/name', 'account/characters/change-name.php'],
+	[['GET', 'POST'], 'account/character/sex', 'account/characters/change-sex.php'],
+	[['GET', 'POST'], 'account/character/delete', 'account/characters/delete.php'],
+	[['GET', 'POST'], 'account/character/comment[/{name:string}]', 'account/characters/change-comment.php'],
+	['GET', 'account/confirm_email/{hash:alphanum}', 'account/confirm-email.php'],
 ];

system/settings.php

@@ -735,7 +735,7 @@ Sent by MyAAC,<br/>
 			'name' => 'Name Min Length',
 			'type' => 'number',
 			'desc' => '',
-			'default' => 4,
+			'default' => 3,
 		],
 		'create_character_name_max_length' => [
 			'name' => 'Name Max Length',

system/src/CreateCharacter.php

@@ -149,9 +149,9 @@ class CreateCharacter
 		if(empty($errors))
 		{
 			$char_to_copy_name = config('character_samples')[$vocation];
-			$char_to_copy = new \OTS_Player();
-			$char_to_copy->find($char_to_copy_name);
-			if(!$char_to_copy->isLoaded())
+			$playerSample = new \OTS_Player();
+			$playerSample->find($char_to_copy_name);
+			if(!$playerSample->isLoaded())
 				$errors[] = 'Wrong characters configuration. Try again or contact with admin. ADMIN: Go to Admin Panel -> Settings -> Create Character and set valid characters to copy names. Character to copy: <b>'.$char_to_copy_name.'</b> doesn\'t exist.';
 		}
 
@@ -162,72 +162,72 @@ class CreateCharacter
 		global $db;
 
 		if($sex == "0")
-			$char_to_copy->setLookType(136);
+			$playerSample->setLookType(136);
 
 		$player = new \OTS_Player();
 		$player->setName($name);
 		$player->setAccount($account);
 		$player->setGroupId(1);
 		$player->setSex($sex);
-		$player->setVocation($char_to_copy->getVocation());
+		$player->setVocation($playerSample->getVocation());
 		if($db->hasColumn('players', 'promotion'))
-			$player->setPromotion($char_to_copy->getPromotion());
+			$player->setPromotion($playerSample->getPromotion());
 
 		if($db->hasColumn('players', 'direction'))
-			$player->setDirection($char_to_copy->getDirection());
+			$player->setDirection($playerSample->getDirection());
 
-		$player->setConditions($char_to_copy->getConditions());
-		$rank = $char_to_copy->getRank();
+		$player->setConditions($playerSample->getConditions());
+		$rank = $playerSample->getRank();
 		if($rank->isLoaded()) {
-			$player->setRank($char_to_copy->getRank());
+			$player->setRank($playerSample->getRank());
 		}
 
 		if($db->hasColumn('players', 'lookaddons'))
-			$player->setLookAddons($char_to_copy->getLookAddons());
+			$player->setLookAddons($playerSample->getLookAddons());
 
 		$player->setTownId($town);
-		$player->setExperience($char_to_copy->getExperience());
-		$player->setLevel($char_to_copy->getLevel());
-		$player->setMagLevel($char_to_copy->getMagLevel());
-		$player->setHealth($char_to_copy->getHealth());
-		$player->setHealthMax($char_to_copy->getHealthMax());
-		$player->setMana($char_to_copy->getMana());
-		$player->setManaMax($char_to_copy->getManaMax());
-		$player->setManaSpent($char_to_copy->getManaSpent());
-		$player->setSoul($char_to_copy->getSoul());
+		$player->setExperience($playerSample->getExperience());
+		$player->setLevel($playerSample->getLevel());
+		$player->setMagLevel($playerSample->getMagLevel());
+		$player->setHealth($playerSample->getHealth());
+		$player->setHealthMax($playerSample->getHealthMax());
+		$player->setMana($playerSample->getMana());
+		$player->setManaMax($playerSample->getManaMax());
+		$player->setManaSpent($playerSample->getManaSpent());
+		$player->setSoul($playerSample->getSoul());
 
 		for($skill = \POT::SKILL_FIRST; $skill <= \POT::SKILL_LAST; $skill++) {
 			$value = 10;
 			if (setting('core.use_character_sample_skills')) {
-				$value = $char_to_copy->getSkill($skill);
+				$value = $playerSample->getSkill($skill);
 			}
 
 			$player->setSkill($skill, $value);
 		}
 
-		$player->setLookBody($char_to_copy->getLookBody());
-		$player->setLookFeet($char_to_copy->getLookFeet());
-		$player->setLookHead($char_to_copy->getLookHead());
-		$player->setLookLegs($char_to_copy->getLookLegs());
-		$player->setLookType($char_to_copy->getLookType());
-		$player->setCap($char_to_copy->getCap());
+		$player->setLookBody($playerSample->getLookBody());
+		$player->setLookFeet($playerSample->getLookFeet());
+		$player->setLookHead($playerSample->getLookHead());
+		$player->setLookLegs($playerSample->getLookLegs());
+		$player->setLookType($playerSample->getLookType());
+		$player->setCap($playerSample->getCap());
 		$player->setBalance(0);
 		$player->setPosX(0);
 		$player->setPosY(0);
 		$player->setPosZ(0);
 
 		if($db->hasColumn('players', 'stamina')) {
-			$player->setStamina($char_to_copy->getStamina());
+			$player->setStamina($playerSample->getStamina());
 		}
 
 		if($db->hasColumn('players', 'loss_experience')) {
-			$player->setLossExperience($char_to_copy->getLossExperience());
-			$player->setLossMana($char_to_copy->getLossMana());
-			$player->setLossSkills($char_to_copy->getLossSkills());
+			$player->setLossExperience($playerSample->getLossExperience());
+			$player->setLossMana($playerSample->getLossMana());
+			$player->setLossSkills($playerSample->getLossSkills());
 		}
 		if($db->hasColumn('players', 'loss_items')) {
-			$player->setLossItems($char_to_copy->getLossItems());
-			$player->setLossContainers($char_to_copy->getLossContainers());
+			$player->setLossItems($playerSample->getLossItems());
+			$player->setLossContainers($playerSample->getLossContainers());
 		}
 
 		$player->save();
@@ -245,7 +245,7 @@ class CreateCharacter
 			for($skill = \POT::SKILL_FIRST; $skill <= \POT::SKILL_LAST; $skill++) {
 				$value = 10;
 				if (setting('core.use_character_sample_skills')) {
-					$value = $char_to_copy->getSkill($skill);
+					$value = $playerSample->getSkill($skill);
 				}
 				$skillExists = $db->query('SELECT `skillid` FROM `player_skills` WHERE `player_id` = ' . $player->getId() . ' AND `skillid` = ' . $skill);
 				if($skillExists->rowCount() <= 0) {
@@ -255,7 +255,7 @@ class CreateCharacter
 		}
 
 		if ($db->hasTable('player_items') && $db->hasColumn('player_items', 'pid') && $db->hasColumn('player_items', 'sid') && $db->hasColumn('player_items', 'itemtype')) {
-			$loaded_items_to_copy = $db->query("SELECT * FROM player_items WHERE player_id = ".$char_to_copy->getId()."");
+			$loaded_items_to_copy = $db->query("SELECT * FROM player_items WHERE player_id = ".$playerSample->getId()."");
 			foreach($loaded_items_to_copy as $save_item) {
 				$blob = $db->quote($save_item['attributes']);
 				$db->query("INSERT INTO `player_items` (`player_id` ,`pid` ,`sid` ,`itemtype`, `count`, `attributes`) VALUES ('".$player->getId()."', '".$save_item['pid']."', '".$save_item['sid']."', '".$save_item['itemtype']."', '".$save_item['count']."', $blob);");
@@ -267,6 +267,7 @@ class CreateCharacter
 			[
 				'account' => $account,
 				'player' => $player,
+				'playerSample' => $playerSample,
 				'name' => $name,
 				'sex' => $sex,
 				'vocation' => $vocation,

system/src/Models/GuildRank.php

@@ -9,6 +9,8 @@ class GuildRank extends Model {
 
 	public $timestamps = false;
 
+	protected $fillable = ['guild_id', 'name', 'level'];
+
 	public function guild()
 	{
 		return $this->belongsTo(Guild::class);

system/src/Plugins.php

@@ -23,18 +23,15 @@ class Plugins {
 
 		$routes = [];
 		foreach(self::getAllPluginsJson() as $plugin) {
-			$pluginPages = glob(PLUGINS . $plugin['filename'] . '/pages/*.php');
-			foreach ($pluginPages as $file) {
-				$file = str_replace(PLUGINS, 'plugins/', $file);
-				$name = pathinfo($file, PATHINFO_FILENAME);
-
-				$routes[] = [['get', 'post'], $name, $file, 1000];
+			$routesDefaultPriority = 1000;
+			if (isset($plugin['routes-default-priority'])) {
+				$routesDefaultPriority = $plugin['routes-default-priority'];
 			}
 
 			$warningPreTitle = 'Plugin: ' . $plugin['name'] . ' - ';
 
 			if (isset($plugin['routes'])) {
-				foreach ($plugin['routes'] as $_name => $info) {
+				foreach ($plugin['routes'] as $info) {
 					// default method: get
 					$method = $info['method'] ?? ['GET'];
 					if ($method !== '*') {
@@ -51,7 +48,7 @@ class Plugins {
 					}
 
 					if (!isset($info['priority'])) {
-						$info['priority'] = 100; // default priority
+						$info['priority'] = $routesDefaultPriority; // default priority taken from plugin.json
 					}
 
 					if (isset($info['redirect_from'])) {
@@ -70,24 +67,60 @@ class Plugins {
 					// replace first occurrence of / in pattern if found (will be auto-added later)
 					removeIfFirstSlash($info['pattern']);
 
-					foreach ($routes as $id => &$route) {
-						if($route[1] == $info['pattern']) {
-							if($info['priority'] < $route[3]) {
-								self::$warnings[] = $warningPreTitle . "Duplicated route with lower priority: {$info['pattern']}. Disabling this route...";
-								continue 2;
+					$routes[] = [$methods, $info['pattern'], $info['file'], $info['priority']];
+				}
+			}
+
+			$pagesDefaultPriority = 1000;
+			if (isset($plugin['pages-default-priority'])) {
+				$pagesDefaultPriority = $plugin['pages-default-priority'];
+			}
+
+			if (self::getAutoLoadOption($plugin, 'pages', true)) {
+				//
+				// Get all plugins/*/pages/*.php pages
+				//
+				$pluginPages = glob(PLUGINS . $plugin['filename'] . '/pages/*.php');
+				foreach ($pluginPages as $file) {
+					$file = str_replace(PLUGINS, 'plugins/', $file);
+					$name = pathinfo($file, PATHINFO_FILENAME);
+
+					$routes[] = [['get', 'post'], $name, $file, $pagesDefaultPriority];
+				}
+			}
+
+			if (self::getAutoLoadOption($plugin, 'pagesSubFolders', true)) {
+				//
+				// Get all plugins/*/pages/subFolder/*.php pages
+				//
+				$pluginPagesSubFolders = glob(PLUGINS . $plugin['filename'] . '/pages/*', GLOB_ONLYDIR);
+				foreach ($pluginPagesSubFolders as $folder) {
+					$folderName = pathinfo($folder, PATHINFO_FILENAME);
+
+					$subFiles = glob(PLUGINS . $plugin['filename'] . '/pages/' . $folderName . '/*.php');
+					foreach ($subFiles as $file) {
+						$file = str_replace(PLUGINS, 'plugins/', $file);
+						$name = $folderName . '/' . pathinfo($file, PATHINFO_FILENAME);
+
+						$routes[] = [['get', 'post'], $name, $file, $pagesDefaultPriority];
+					}
+
+					$subFolders = glob(PLUGINS . $plugin['filename'] . '/pages/' . $folderName . '/*', GLOB_ONLYDIR);
+					foreach ($subFolders as $subFolder) {
+						$subFolderName = pathinfo($subFolder, PATHINFO_FILENAME);
+						$subSubFiles = glob(PLUGINS . $plugin['filename'] . '/pages/' . $folderName . '/' . $subFolderName . '/*.php');
+
+						foreach ($subSubFiles as $subSubFile) {
+							$subSubFile = str_replace(PLUGINS, 'plugins/', $subSubFile);
+							$name = $folderName . '/' . $subFolderName . '/' . pathinfo($subSubFile, PATHINFO_FILENAME);
+
+							$routes[] = [['get', 'post'], $name, $subSubFile, $pagesDefaultPriority];
+						}
 					}
-							else {
-								self::$warnings[] = $warningPreTitle . "Duplicated route with lower priority: {$route[1]} ({$route[3]}). Disabling this route...";
-								unset($routes[$id]);
 				}
 			}
 		}
 
-					$routes[] = [$methods, $info['pattern'], $info['file'], $info['priority']];
-				}
-			}
-		}
-		/*
 		usort($routes, function ($a, $b)
 		{
 			// key 3 is priority
@@ -95,14 +128,14 @@ class Plugins {
 				return 0;
 			}
 
-					return ($a[3] > $b[3]) ? -1 : 1;
+			return ($a[3] < $b[3]) ? -1 : 1;
 		});
-		*/
+
 		// cleanup before passing back
 		// priority is not needed anymore
-		foreach ($routes as &$route) {
-			unset($route[3]);
-		}
+		//foreach ($routes as &$route) {
+		//	unset($route[3]);
+		//}
 
 		if ($cache->enabled()) {
 			$cache->set('plugins_routes', serialize($routes), 600);
@@ -123,6 +156,10 @@ class Plugins {
 
 		$themes = [];
 		foreach(self::getAllPluginsJson() as $plugin) {
+			if (!self::getAutoLoadOption($plugin, 'themes', true)) {
+				continue;
+			}
+
 			$pluginThemes = glob(PLUGINS . $plugin['filename'] . '/themes/*', GLOB_ONLYDIR);
 			foreach ($pluginThemes as $path) {
 				$path = str_replace(PLUGINS, 'plugins/', $path);
@@ -151,6 +188,10 @@ class Plugins {
 
 		$commands = [];
 		foreach(self::getAllPluginsJson() as $plugin) {
+			if (!self::getAutoLoadOption($plugin, 'commands', true)) {
+				continue;
+			}
+
 			$pluginCommands = glob(PLUGINS . $plugin['filename'] . '/commands/*.php');
 			foreach ($pluginCommands as $path) {
 				$commands[] = $path;
@@ -178,13 +219,19 @@ class Plugins {
 		foreach(self::getAllPluginsJson() as $plugin) {
 			if (isset($plugin['hooks'])) {
 				foreach ($plugin['hooks'] as $_name => $info) {
+					$priority = 1000;
+
 					if (str_contains($info['type'], 'HOOK_')) {
 						$info['type'] = str_replace('HOOK_', '', $info['type']);
 					}
 
+					if (isset($info['priority'])) {
+						$priority = (int)$info['priority'];
+					}
+
 					if (defined('HOOK_'. $info['type'])) {
 						$hook = constant('HOOK_'. $info['type']);
-						$hooks[] = ['name' => $_name, 'type' => $hook, 'file' => $info['file']];
+						$hooks[] = ['name' => $_name, 'type' => $hook, 'file' => $info['file'], 'priority' => $priority];
 					} else {
 						self::$warnings[] = 'Plugin: ' . $plugin['name'] . '. Unknown event type: ' . $info['type'];
 					}
@@ -192,6 +239,15 @@ class Plugins {
 			}
 		}
 
+		usort($hooks, function ($a, $b)
+		{
+			if ($a['priority'] == $b['priority']) {
+				return 0;
+			}
+
+			return ($a['priority'] < $b['priority']) ? -1 : 1;
+		});
+
 		if ($cache->enabled()) {
 			$cache->set('plugins_hooks', serialize($hooks), 600);
 		}
@@ -757,4 +813,21 @@ class Plugins {
 			}
 		}
 	}
+
+	private static function getAutoLoadOption(array $plugin, string $optionName, bool $default = true)
+	{
+		if (isset($plugin['autoload'])) {
+			$autoload = $plugin['autoload'];
+			if (is_array($autoload)) {
+				if (isset($autoload[$optionName])) {
+					return getBoolean($autoload[$optionName]);
+				}
+			}
+			else if (is_bool($autoload)) {
+				return $autoload;
+			}
+		}
+
+		return $default;
+	}
 }

system/src/Settings.php

@@ -382,6 +382,8 @@ class Settings implements \ArrayAccess
 		}
 
 		$this->settingsDatabase[$pluginKeyName][$key] = $value;
+		// invalidate cache
+		unset($this->cache[$offset]);
 	}
 
 	#[\ReturnTypeWillChange]

system/src/Towns.php

@@ -124,6 +124,6 @@ class Towns
 	 */
 	public static function getFromDatabase()
 	{
-		return Town::pluck('name', 'id')->toArray();
+		return Town::orderBy('id', 'ASC')->pluck('name', 'id')->toArray();
 	}
 }

system/src/Twig/Extension/TypeCastingExtension.php

@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace MyAAC\Twig\Extension;
+
+use Twig\Extension\AbstractExtension;
+use Twig\TwigFilter;
+
+final class TypeCastingExtension extends AbstractExtension
+{
+	/** @return array<int, TwigFilter> */
+	public function getFilters(): array
+	{
+		return [
+			new TwigFilter('int', function ($value) {
+				return (int)$value;
+			}),
+			new TwigFilter('float', function ($value) {
+				return (float)$value;
+			}),
+			new TwigFilter('string', function ($value) {
+				return (string)$value;
+			}),
+			new TwigFilter('bool', function ($value) {
+				return (bool)$value;
+			}),
+			new TwigFilter('array', function (object $value) {
+				return (array)$value;
+			}),
+			new TwigFilter('object', function (array $value) {
+				return (object)$value;
+			}),
+		];
+	}
+}

system/src/global.php

@@ -54,6 +54,11 @@ define('HOOK_ACCOUNT_LOGIN_AFTER_REMEMBER_ME', ++$i);
 define('HOOK_ACCOUNT_LOGIN_AFTER_PAGE', ++$i);
 define('HOOK_ACCOUNT_LOGIN_POST', ++$i);
 define('HOOK_ACCOUNT_CREATE_CHARACTER_AFTER', ++$i);
+define('HOOK_ACCOUNT_CREATE_CHARACTER_BEFORE_FIRST_TABLE', ++$i);
+define('HOOK_ACCOUNT_CREATE_CHARACTER_BEFORE_VOCATIONS', ++$i);
+define('HOOK_ACCOUNT_CREATE_CHARACTER_BEFORE_TOWNS', ++$i);
+define('HOOK_ACCOUNT_CREATE_CHARACTER_AFTER_TOWNS', ++$i);
+define('HOOK_ACCOUNT_CREATE_CHARACTER_AFTER_SECOND_TABLE', ++$i);
 define('HOOK_ADMIN_HEAD_END', ++$i);
 define('HOOK_ADMIN_HEAD_START', ++$i);
 define('HOOK_ADMIN_BODY_START', ++$i);
@@ -74,6 +79,8 @@ define('HOOK_GUILDS_AFTER_GUILD_MEMBERS', ++$i);
 define('HOOK_GUILDS_AFTER_INVITED_CHARACTERS', ++$i);
 define('HOOK_TWIG', ++$i);
 define('HOOK_CACHE_CLEAR', ++$i);
+define('HOOK_INSTALL_FINISH', ++$i);
+define('HOOK_INSTALL_FINISH_END', ++$i);
 
 const HOOK_FIRST = HOOK_STARTUP;
 define('HOOK_LAST', $i);

system/templates/account.change-email.html.twig

@@ -29,7 +29,7 @@ Please enter your password and the new email address. Make sure that you enter a
 			<table border="0" cellspacing="0" cellpadding="0">
 				<tr>
 					<td style="border:0px;">
-						<form id="form" action="{{ getLink('account/email') }}" method="post">
+						<form id="form" action="{{ getLink('account/change-email') }}" method="post">
 							{{ csrf() }}
 							<input type="hidden" name="changeemailsave" value="1"/>
 							{{ include('buttons.submit.html.twig') }}

system/templates/account.change-info.html.twig

@@ -59,7 +59,7 @@ Here you can tell other players about yourself. This information will be display
 			<table border="0" cellspacing="0" cellpadding="0" >
 				<tr>
 					<td style="border:0px;" >
-						<form id="form" action="{{ getLink('account/info') }}" method="post">
+						<form id="form" action="{{ getLink('account/change-info') }}" method="post">
 							{{ csrf() }}
 							<input type="hidden" name="changeinfosave" value="1">
 							{{ include('buttons.submit.html.twig') }}

system/templates/account.change-password.html.twig

@@ -38,7 +38,7 @@ Please enter your current password and a new password. For your security, please
 			<table border="0" cellspacing="0" cellpadding="0">
 				<tr>
 					<td style="border:0px;">
-						<form id="form" action="{{ getLink('account/password') }}" method="post">
+						<form id="form" action="{{ getLink('account/change-password') }}" method="post">
 							{{ csrf() }}
 							{{ include('buttons.submit.html.twig') }}
 						</form>

system/templates/account.characters.change-comment.html.twig

@@ -1,6 +1,6 @@
 Here you can see and edit the information about your character.<br/>
 If you do not want to specify a certain field, just leave it blank.<br/><br/>
-<form action="{{ getLink('account/character/comment') }}" method="post">
+<form action="{{ getLink('account/characters/change-comment') }}" method="post">
 	{{ csrf() }}
 	<div class="TableContainer" >
 		<table class="Table5" cellpadding="0" cellspacing="0">

system/templates/account.characters.change-name.html.twig

@@ -36,7 +36,7 @@ To change a name of character select player and choose a new name.<br/>
 			<table border="0" cellspacing="0" cellpadding="0">
 				<tr>
 					<td style="border:0px;">
-						<form id="form" action="{{ getLink('account/character/name') }}" method="post">
+						<form id="form" action="{{ getLink('account/characters/change-name') }}" method="post">
 							{{ csrf() }}
 							<input type="hidden" name="changenamesave" value="1">
 							{{ include('buttons.submit.html.twig') }}

system/templates/account.characters.change-sex.html.twig

@@ -36,7 +36,7 @@ To change a sex of character select player and choose a new sex.<br/>
 			<table border="0" cellspacing="0" cellpadding="0" >
 				<tr>
 					<td style="border:0px;">
-						<form id="form" action="{{ getLink('account/character/sex') }}" method="post">
+						<form id="form" action="{{ getLink('account/characters/change-sex') }}" method="post">
 							{{ csrf() }}
 							<input type="hidden" name="changesexsave" value="1"/>
 							{{ include('buttons.submit.html.twig') }}

system/templates/account.characters.create.html.twig

@@ -23,6 +23,9 @@ In any case the name must not violate the naming conventions stated in the <a hr
 		</div>
 		<tr>
 			<td>
+
+				{{ hook('HOOK_ACCOUNT_CREATE_CHARACTER_BEFORE_FIRST_TABLE') }}
+
 				<div class="InnerTableContainer">
 					<table style="width:100%;">
 						<tr>
@@ -62,8 +65,13 @@ In any case the name must not violate the naming conventions stated in the <a hr
 										</table>
 									</div>
 								</div>
+							</td>
+						</tr>
 					</table>
 				</div>
+
+				{{ hook('HOOK_ACCOUNT_CREATE_CHARACTER_BEFORE_VOCATION') }}
+
 				<div class="InnerTableContainer">
 					<table style="width: 100%;">
 						<tr>
@@ -87,7 +95,11 @@ In any case the name must not violate the naming conventions stated in the <a hr
 										</td>
 									</tr>
 								</table>
+							</td>
 							{% endif %}
+
+							{{ hook('HOOK_ACCOUNT_CREATE_CHARACTER_BEFORE_TOWNS') }}
+
 							{% if config.character_towns|length > 1 %}
 							<td>
 								<table class="TableContent" width="100%">
@@ -110,9 +122,15 @@ In any case the name must not violate the naming conventions stated in the <a hr
 								</table>
 							</td>
 							{% endif %}
+
+							{{ hook('HOOK_ACCOUNT_CREATE_CHARACTER_AFTER_TOWNS') }}
+
 						</tr>
 					</table>
 				</div>
+
+				{{ hook('HOOK_ACCOUNT_CREATE_CHARACTER_AFTER_SECOND_TABLE') }}
+
 			</td>
 		</tr>
 	</table>
@@ -124,7 +142,7 @@ In any case the name must not violate the naming conventions stated in the <a hr
 			<table border="0" cellspacing="0" cellpadding="0">
 				<tr>
 					<td style="border:0px;">
-						<form id="form" action="{{ getLink('account/character/create') }}" method="post">
+						<form id="form" action="{{ getLink('account/characters/create') }}" method="post">
 							{{ csrf() }}
 							<input type="hidden" name="save" value="1">
 							{{ include('buttons.submit.html.twig') }}

system/templates/account.characters.delete.html.twig

@@ -25,7 +25,7 @@ To delete a character enter the name of the character and your password.<br/><br
 			<table border="0" cellspacing="0" cellpadding="0">
 				<tr>
 					<td style="border:0px;">
-						<form id="form" action="{{ getLink('account/character/delete') }}" method="post">
+						<form id="form" action="{{ getLink('account/characters/delete') }}" method="post">
 							{{ csrf() }}
 							<input type="hidden" name="deletecharactersave" value="1"/>
 							{{ include('buttons.submit.html.twig') }}

system/templates/account.create.html.twig

@@ -1,24 +1,11 @@
 {{ hook('HOOK_ACCOUNT_CREATE_BEFORE_FORM') }}
 <form action="{{ getLink('account/create') }}" method="post" id="createaccount">
 	{{ csrf() }}
-	<div class="TableContainer" >
-		<table class="Table5" cellpadding="0" cellspacing="0" >
-			<div class="CaptionContainer" >
-				<div class="CaptionInnerContainer" >
-					<span class="CaptionEdgeLeftTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-					<span class="CaptionEdgeRightTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-					<span class="CaptionBorderTop" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);" ></span>
-					<span class="CaptionVerticalLeft" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);" /></span>
-					<div class="Text" >Create {{ config.lua.serverName }} Account</div>
-					<span class="CaptionVerticalRight" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);" /></span>
-					<span class="CaptionBorderBottom" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);" ></span>
-					<span class="CaptionEdgeLeftBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-					<span class="CaptionEdgeRightBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-				</div>
-			</div>
-			<tr>
-				<td>
-					<div class="InnerTableContainer" >
+
+	{% set title = 'Create ' ~ config.lua.serverName ~ ' Account' %}
+	{% set background = config('darkborder') %}
+	{% set tableClass = 'Table5' %}
+	{% set content %}
 		<table style="width:100%;" >
 			{{ hook('HOOK_ACCOUNT_CREATE_BEFORE_BOXES') }}
 			<tr>
@@ -123,7 +110,7 @@
 
 			{{ hook('HOOK_ACCOUNT_CREATE_BETWEEN_BOXES_1') }}
 
-							{% if (not setting('core.mail_enabled') or not setting('core.account_mail_verify')) and setting('core.account_create_character_create') %}
+			{% if setting('core.account_create_character_create') %}
 			<tr>
 				<td>
 					<div class="TableShadowContainerRightTop">
@@ -303,11 +290,9 @@
 			{{ hook('HOOK_ACCOUNT_CREATE_AFTER_BOXES') }}
 
 		</table>
-					</div>
-				</td>
-			</tr>
-		</table>
-	</div>
+	{% endset %}
+	{% include 'tables.headline.html.twig' %}
+
 	<br/>
 	{{ hook('HOOK_ACCOUNT_CREATE_BEFORE_SUBMIT_BUTTON') }}
 	<table width="100%">

system/templates/account.create.js.html.twig

@@ -3,10 +3,12 @@
 	var lastSend = 0;
 
 	$(function() {
+		{% if setting('core.account_country') %}
 			updateFlag();
 			$('#account_country').change(function() {
 				updateFlag();
 			});
+		{% endif %}
 
 		$('#account_input').blur(function() {
 			checkAccount();

system/templates/account.generate_new_recovery_key.html.twig

@@ -19,7 +19,7 @@ To generate new recovery key for your account please enter your password.<br/>
 			<table border="0" cellspacing="0" cellpadding="0">
 				<tr>
 					<td style="border:0px;">
-						<form id="form" action="{{ getLink('account/register/new') }}" method="post">
+						<form id="form" action="{{ getLink('account/register-new') }}" method="post">
 							{{ csrf() }}
 							<input type="hidden" name="registeraccountsave" value="1">
 							{{ include('buttons.submit.html.twig') }}

system/templates/account.generate_recovery_key.html.twig

@@ -1,5 +1,6 @@
 To generate recovery key for your account please enter your password.<br/><br/>
 {% set title = 'Generate recovery key' %}
+{% set background = config('darkborder') %}
 {% set content %}
 <table style="width:100%;" >
 	<tr>

system/templates/account.login.html.twig

@@ -61,20 +61,19 @@ Please enter your account {{ account|lower }} and your password.<br/><a href="{{
 							{{ include('buttons.submit.html.twig') }}
 						</td>
 					<tr>
-					</form>
 				</table>
 			</td>
 			<td>
 				<table border="0" cellspacing="0" cellpadding="0">
-					<form action="{{ getLink('account/lost') }}" method="post">
-						{{ csrf() }}
 					<tr>
 						<td style="border:0px;">
+							<a href="{{ getLink('account/lost') }}">
 								{{ include('buttons.account_lost.html.twig') }}
+							</a>
 						</td>
 					</tr>
+				</table>
+			</td>
+		</tr>
+	</table>
 </form>
-				</table>
-			</td>
-		</tr>
-	</table>

system/templates/account.management.html.twig

@@ -26,8 +26,8 @@
 	}
 </style>
 {% set menus = {
-	'Create Character': 'account/character/create','Delete Character': 'account/character/delete',
-	'Change Info': 'account/info', 'Change Password': 'account/password', 'Change Email': 'account/email'
+	'Create Character': 'account/characters/create','Delete Character': 'account/characters/delete',
+	'Change Info': 'account/change-info', 'Change Password': 'account/change-password', 'Change Email': 'account/change-email'
 } %}
 <div id="account-manage">
 	<div id="one">
@@ -40,10 +40,10 @@
 				<a href="{{ getLink(link) }}">{{ name }}</a>
 			{% endfor %}
 			{% if setting('core.account_change_character_name') %}
-				<a href="{{ getLink('account/character/name') }}">Change Name</a>
+				<a href="{{ getLink('account/characters/change-name') }}">Change Name</a>
 			{% endif %}
 			{% if setting('core.account_change_character_sex') %}
-				<a href="{{ getLink('account/character/sex') }}">Change Sex</a>
+				<a href="{{ getLink('account/characters/change-sex') }}">Change Sex</a>
 			{% endif %}
 			<a href="{{ getLink('account/logout') }}">Logout</a>
 		</div>
@@ -80,7 +80,7 @@
 			<div style="text-align:center">
 				A request has been submitted to change the email address of this account to <b>{{ email_new }}</b>. After <b>{{ email_new_time|date("j F Y, G:i:s") }}</b> you can accept the new email address and finish the process. Please cancel the request if you do not want your email address to be changed! Also cancel the request if you have no access to the new email address!
 
-				<form action="{{ getLink('account/email') }}" method="post">
+				<form action="{{ getLink('account/change-email') }}" method="post">
 					{{ csrf() }}
 					{% set button_name = 'Edit' %}
 					{% include('buttons.base.html.twig') %}
@@ -99,8 +99,8 @@
 			{% endif %}
 			<tr style="background-color: {{ config.darkborder }};" >
 				<td style="width: 90px;">Email Address:</td>
-				<td>{{ account_email ~ email_change }}
-					<form action="{{ getLink('account/email') }}" method="post">
+				<td>{{ account_email }}{{ email_change|raw }}
+					<form action="{{ getLink('account/change-email') }}" method="post">
 						{{ csrf() }}
 						{% set button_name = 'Change Email' %}
 						{% include('buttons.base.html.twig') %}
@@ -139,7 +139,7 @@
 				<td >{{ account_location }}</td>
 			</tr>
 		</table>
-		<form action="{{ getLink('account/info') }}" method="post">
+		<form action="{{ getLink('account/change-info') }}" method="post">
 			{{ csrf() }}
 			{% set button_name = 'Change Info' %}
 			{% include('buttons.base.html.twig') %}
@@ -183,7 +183,7 @@
 					<td>{% if player.getLastLogin() > 0 %}{{ player.getLastLogin|date('d F Y (H:i)') }}{% else %}Never.{% endif %}</td>
 					<td>{% if player.isOnline() %}<span style="color: green">ONLINE</span>{% else %}<span style="color: red">Offline</span>{% endif %}</td>
 					<td>{% if player.isHidden() %}Hidden{% else %}Visible{% endif %}</td>
-					<td>{% if not player.isDeleted() %}[<a href="{{ getLink('account/character/comment/' ~ player.getName|urlencode) }}" >Edit</a>]{% endif %}</td>
+					<td>{% if not player.isDeleted() %}[<a href="{{ getLink('account/characters/change-comment?name=' ~ player.getName()|urlencode) }}" >Edit</a>]{% endif %}</td>
 				</tr>
 			{% endfor %}
 		</table>
@@ -191,7 +191,7 @@
 		<table>
 			<tr>
 				<td>
-					<form action="{{ getLink('account/character/create') }}" method="post" >
+					<form action="{{ getLink('account/characters/create') }}" method="post" >
 						{{ csrf() }}
 						{% set button_name = 'Create Character' %}
 						{% include('buttons.base.html.twig') %}
@@ -199,7 +199,7 @@
 				</td>
 				{% if setting('core.account_change_character_name') %}
 				<td>
-					<form action="{{ getLink('account/character/name') }}" method="post" >
+					<form action="{{ getLink('account/characters/change-name') }}" method="post" >
 						{{ csrf() }}
 						{% set button_name = 'Change Name' %}
 						{% include('buttons.base.html.twig') %}
@@ -208,7 +208,7 @@
 				{% endif %}
 				{% if setting('core.account_change_character_sex') %}
 				<td>
-					<form action="{{ getLink('account/character/sex') }}" method="post" >
+					<form action="{{ getLink('account/characters/change-sex') }}" method="post" >
 						{{ csrf() }}
 						{% set button_name = 'Change Sex' %}
 						{% include('buttons.base.html.twig') %}
@@ -216,7 +216,7 @@
 				</td>
 				{% endif %}
 				<td>
-					<form action="{{ getLink('account/character/delete') }}" method="post">
+					<form action="{{ getLink('account/characters/delete') }}" method="post">
 						{{ csrf() }}
 						{% set button_name = 'Delete Character' %}
 						{% include('buttons.base.html.twig') %}

system/templates/account.redirect.html.twig

@@ -1,31 +1,13 @@
-<div class="TableContainer">
-	<table class="Table1" cellpadding="0" cellspacing="0">
-		<div class="CaptionContainer">
-			<div class="CaptionInnerContainer">
-				<span class="CaptionEdgeLeftTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-				<span class="CaptionEdgeRightTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-				<span class="CaptionBorderTop" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);" ></span>
-				<span class="CaptionVerticalLeft" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);" /></span>
-				<div class="Text" >Login Successful</div>
-				<span class="CaptionVerticalRight" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);" /></span>
-				<span class="CaptionBorderBottom" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);" ></span>
-				<span class="CaptionEdgeLeftBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-				<span class="CaptionEdgeRightBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-			</div>
-		</div>
-		<tr>
-			<td>
-				<div class="InnerTableContainer">
+{% set title = 'Login Successful' %}
+{% set background = config('darkborder') %}
+{% set content %}
 <table style="width:100%;" >
 	<tr>
 		<td>You have logged in.<br/>Press <a href="{{ redirect }}" >here</a> if you are not returned automatically.</td>
 	</tr>
 </table>
-				</div>
-			</td>
-		</tr>
-	</table>
-</div>
+{% endset %}
+{% include 'tables.headline.html.twig' %}
 
 <script language="javascript" type="text/javascript">
 	// Automatic redirect

system/templates/forum.add_board.html.twig

@@ -39,7 +39,9 @@
 						</td>
 					</tr>
 					<tr>
-						<td colspan="2" align="center"><input type="submit" value="Submit"/>
+						<td colspan="2" align="center">
+							{{ include('buttons.submit.html.twig') }}
+						</td>
 					</tr>
 				</table>
 			</td>

system/templates/forum.boards.html.twig

@@ -1,24 +1,26 @@
 <b>Boards</b>
 <table width="100%">
+	<thead>
 	<tr bgcolor="{{ config.vdarkborder }}" class="white">
-		<td>
+		<th>
 			<span style="font-size: 10px"><b>Board</b></span>
-		</td>
-		<td>
+		</th>
+		<th>
 			<span style="font-size: 10px"><b>Posts</b></span>
-		</td>
-		<td>
+		</th>
+		<th>
 			<span style="font-size: 10px"><b>Threads</b></span>
-		</td>
-		<td align="center">
+		</th>
+		<th align="center">
 			<span style="font-size: 10px"><b>Last Post</b></span>
-		</td>
+		</th>
 		{% if canEdit %}
-			<td>
+			<th>
 				<span style="font-size: 10px"><b>Options</b></span>
-			</td>
+			</th>
 		{% endif %}
 	</tr>
+	</thead>
 	{% set i = 0 %}
 	{% for board in boards %}
 	{% set i = i + 1 %}

system/templates/highscores.html.twig

@@ -11,7 +11,7 @@
 						<select onchange="location = this.value;" aria-label="skillFilter" id="skillFilter">
 							{% set i = 0 %}
 							{% for link, name in types %}
-								<option value="{{ getLink('highscores') }}/{{ link }}{% if vocation is defined %}/{{ vocation }}{% endif %}" class="size_xs">{{ name }}</option>
+								<option value="{{ getLink('highscores') }}/{{ link }}{% if vocation is not null %}{{ vocation }}{% endif %}" class="size_xs">{{ name }}</option>
 							{% endfor %}
 						</select>
 					</td>
@@ -105,7 +105,7 @@
 				<tr bgcolor="{{ config.lightborder }}">
 					<td>
 						{% for link, name in types %}
-						<a href="{{ getLink('highscores') }}/{{ link }}{% if vocation is defined %}/{{ vocation }}{% endif %}" class="size_xs">{{ name }}</a><br/>
+						<a href="{{ getLink('highscores') }}/{{ link }}{% if vocation is not null %}/{{ vocation }}{% endif %}" class="size_xs">{{ name }}</a><br/>
 						{% endfor %}
 					</td>
 				</tr>

system/templates/success.html.twig

@@ -1,31 +1,17 @@
-<div class="TableContainer">
-	<table class="Table1" cellpadding="0" cellspacing="0">
-		<div class="CaptionContainer">
-			<div class="CaptionInnerContainer">
-				<span class="CaptionEdgeLeftTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-				<span class="CaptionEdgeRightTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-				<span class="CaptionBorderTop" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);"></span>
-				<span class="CaptionVerticalLeft" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
-				<div class="Text" >{{ title|raw }}</div>
-				<span class="CaptionVerticalRight" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
-				<span class="CaptionBorderBottom" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);"></span>
-				<span class="CaptionEdgeLeftBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-				<span class="CaptionEdgeRightBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-			</div>
-		</div>
-		<tr>
-			<td>
-				<div class="InnerTableContainer">
-					<table style="width:100%;">
-						<tr>
-							<td>{{ description|raw }}</td>
+<table border="0" cellspacing="1" cellpadding="4" width="100%">
+	<thead>
+	<tr bgcolor="{{ config.vdarkborder }}">
+		<td colspan="3" class="white"><b>{{ title|raw }}</b></td>
 	</tr>
-					</table>
-				</div>
+	</thead>
+	<tbody>
+	<tr style="background-color: {% if background is not null %}{{ background }}{% else %}{{ config.darkborder }}{% endif %}">
+		<td>
+			{{ description|raw }}
 		</td>
 	</tr>
+	</tbody>
 </table>
-</div>
 <br/>
 {% if custom_buttons is defined %}
 {{ custom_buttons|raw }}

system/twig.php

@@ -31,6 +31,8 @@ if($dev_mode) {
 }
 unset($dev_mode);
 
+$twig->addExtension(new MyAAC\Twig\Extension\TypeCastingExtension());
+
 $filter = new TwigFilter('timeago', function ($datetime) {
 
 	$time = time() - strtotime($datetime);
@@ -71,8 +73,8 @@ $function = new TwigFunction('generateLink', function ($s, $n, $b = false) {
 });
 $twig->addFunction($function);
 
-$function = new TwigFunction('getPlayerLink', function ($s, $p = true) {
-	return getPlayerLink($s, $p);
+$function = new TwigFunction('getPlayerLink', function ($s, $p = true, $colored = false) {
+	return getPlayerLink($s, $p, $colored);
 });
 $twig->addFunction($function);
 

templates/kathrine/success.html.twig

@@ -1,17 +0,0 @@
-<h2>{{ title }}</h2><br/>
-{{ description|raw }}
-{% if custom_buttons is defined %}
-{{ custom_buttons|raw }}
-{% else %}
-<div style="text-align: center; margin: 0 auto;">
-	<table border="0" cellspacing="0" cellpadding="0">
-		<form action="{{ getLink('account/manage') }}" method="post">
-			<tr>
-				<td style="border:0px; text-align: center;">
-					<input type="submit" name="Back" value="Back"/>
-				</td>
-			</tr>
-		</form>
-	</table>
-</div>
-{% endif %}

templates/tibiacom/account.management.html.twig

@@ -94,7 +94,7 @@
 			</table>
 			<div style="text-align:center">
 				<table border="0" cellspacing="0" cellpadding="0">
-					<form action="{{ getLink('account/email') }}" method="post">
+					<form action="{{ getLink('account/change-email') }}" method="post">
 						<tr>
 							<td style="border:0px;">
 								{{ include('buttons.edit.html.twig') }}
@@ -139,7 +139,7 @@
 						{% endif %}
 						<tr style="background-color: {{ config.darkborder }};" >
 							<td class="LabelV" >Email Address:</td>
-							<td style="width:90%;" >{{ account_email ~ email_change}}</td>
+							<td style="width:90%;" >{{ account_email }}{{ email_change|raw }}</td>
 						</tr>
 						<tr style="background-color: {{ config.lightborder }};" >
 							<td class="LabelV" >Created:</td>
@@ -176,7 +176,7 @@
 				<tr>
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
-							<form action="{{ getLink('account/password') }}" method="post">
+							<form action="{{ getLink('account/change-password') }}" method="post">
 								<tr>
 									<td style="border:0px;" >
 										{{ include('buttons.change_password.html.twig') }}
@@ -187,7 +187,7 @@
 					</td>
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
-							<form action="{{ getLink('account/email') }}" method="post">
+							<form action="{{ getLink('account/change-email') }}" method="post">
 								<tr>
 									<td style="border:0px;">
 										<input type="hidden" name="newemail" value=""/>
@@ -256,7 +256,7 @@
 							</td>
 							<td align=right>
 								<table border="0" cellspacing="0" cellpadding="0">
-									<form action="{{ getLink('account/info') }}" method="post">
+									<form action="{{ getLink('account/change-info') }}" method="post">
 										<tr>
 											<td style="border:0px;">
 												{{ include('buttons.edit.html.twig') }}
@@ -373,7 +373,7 @@
 							{% else %}
 							<td><span style="color: red"><b>Offline</b></span></td>
 							{% endif %}
-							<td>{% if not player.isDeleted() %}[<a href="{{ getLink('account/character/comment/' ~ player.getName|urlencode) }}" >Edit</a>]{% endif %}</td>
+							<td>{% if not player.isDeleted() %}[<a href="{{ getLink('account/characters/change-comment?name=' ~ player.getName|urlencode) }}" >Edit</a>]{% endif %}</td>
 						</tr>
 						{% endfor %}
 					</table>
@@ -395,7 +395,7 @@
 						<table border="0" cellspacing="0" cellpadding="0" >
 							<tr>
 								<td style="border:0px;">
-									<form action="{{ getLink('account/character/create') }}" method="post" >
+									<form action="{{ getLink('account/characters/create') }}" method="post" >
 										{{ include('buttons.create_character.html.twig') }}
 									</form>
 								</td>
@@ -407,7 +407,7 @@
 						<table border="0" cellspacing="0" cellpadding="0" >
 							<tr>
 								<td style="border:0px;">
-									<form action="{{ getLink('account/character/name') }}" method="post" >
+									<form action="{{ getLink('account/characters/change-name') }}" method="post" >
 										{{ include('buttons.change_name.html.twig') }}
 									</form>
 								</td>
@@ -420,7 +420,7 @@
 						<table border="0" cellspacing="0" cellpadding="0" >
 							<tr>
 								<td style="border:0px;">
-									<form action="{{ getLink('account/character/sex') }}" method="post">
+									<form action="{{ getLink('account/characters/change-sex') }}" method="post">
 										{{ include('buttons.change_sex.html.twig') }}
 									</form>
 								</td>
@@ -433,7 +433,7 @@
 						<table border="0" cellspacing="0" cellpadding="0">
 							<tr>
 								<td style="border: 0px;">
-									<form action="{{ getLink('account/character/delete') }}" method="post">
+									<form action="{{ getLink('account/characters/delete') }}" method="post">
 										{{ include('buttons.delete_character.html.twig') }}
 									</form>
 								</td>

templates/tibiacom/success.html.twig

@@ -0,0 +1,44 @@
+<div class="TableContainer">
+	<table class="Table1" cellpadding="0" cellspacing="0">
+		<div class="CaptionContainer">
+			<div class="CaptionInnerContainer">
+				<span class="CaptionEdgeLeftTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
+				<span class="CaptionEdgeRightTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
+				<span class="CaptionBorderTop" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);"></span>
+				<span class="CaptionVerticalLeft" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
+				<div class="Text" >{{ title|raw }}</div>
+				<span class="CaptionVerticalRight" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
+				<span class="CaptionBorderBottom" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);"></span>
+				<span class="CaptionEdgeLeftBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
+				<span class="CaptionEdgeRightBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
+			</div>
+		</div>
+		<tr>
+			<td>
+				<div class="InnerTableContainer">
+					<table style="width:100%;">
+						<tr>
+							<td>{{ description|raw }}</td>
+						</tr>
+					</table>
+				</div>
+			</td>
+		</tr>
+	</table>
+</div>
+<br/>
+{% if custom_buttons is defined %}
+{{ custom_buttons|raw }}
+{% else %}
+<div style="text-align:center">
+	<table border="0" cellspacing="0" cellpadding="0">
+		<form action="{{ getLink('account/manage') }}" method="post">
+			<tr>
+				<td style="border:0px;">
+					{{ include('buttons.back.html.twig') }}
+				</td>
+			</tr>
+		</form>
+	</table>
+</div>
+{% endif %}

tools/basic.js

@@ -1,9 +1,13 @@
 function MouseOverBigButton(source) {
+	if (source?.firstChild?.style) {
 		source.firstChild.style.visibility = "visible";
 	}
+}
 function MouseOutBigButton(source) {
+	if (source?.firstChild?.style) {
 		source.firstChild.style.visibility = "hidden";
 	}
+}
 function BigButtonAction(path) {
   window.location = path;
 }