Release v0.8.14

Causes missing parameters in $_GET query

.editorconfig

@@ -11,9 +11,4 @@ insert_final_newline = true
 
 [*.md]
 trim_trailing_whitespace = false
-
-[{composer.json,package.json}]
-indent_style = space
-
-[package.json]
-indent_size = 2
+indent_style = tab

.gitattributes

@@ -3,11 +3,9 @@
 .gitignore export-ignore
 .github export-ignore
 .editorconfig export-ignore
+.travis.yml export-ignore
 _config.yml export-ignore
 release.sh export-ignore
 
-# cypress
-cypress export-ignore
-cypress.config.js export-ignore
-
 *.sh text eol=lf
+VERSION text eol=lf

.github/workflows/cypress.yml

@@ -1,120 +0,0 @@
-name: Cypress
-on:
-  pull_request:
-    branches: [develop]
-  push:
-    branches: [develop]
-
-jobs:
-  cypress:
-    runs-on: ubuntu-latest
-    services:
-      mysql:
-        image: mysql:8.0
-        env:
-          MYSQL_ROOT_PASSWORD: root
-          MYSQL_DATABASE: myaac
-          MYSQL_USER: myaac
-          MYSQL_PASSWORD: myaac
-        ports:
-          - 3306/tcp
-        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
-    strategy:
-      fail-fast: false
-      matrix:
-        php-versions: [ '7.4', '8.0', '8.1' ]
-    name: MyAAC on PHP ${{ matrix.php-versions }}
-    steps:
-        - name: 📌 MySQL Start & init & show db
-          run: |
-            sudo /etc/init.d/mysql start
-            mysql -e 'CREATE DATABASE myaac;' -uroot -proot
-            mysql -e "SHOW DATABASES" -uroot -proot
-
-        - name: Checkout MyAAC
-          uses: actions/checkout@v3
-          with:
-            ref: 0.9
-
-        - name: Checkout TFS
-          uses: actions/checkout@v3
-          with:
-            repository: otland/forgottenserver
-            ref: 1.4
-            path: tfs
-
-        - name: Import TFS Schema
-          run: |
-              mysql -uroot -proot myaac < tfs/schema.sql
-
-        - name: Rename config.lua
-          run: mv tfs/config.lua.dist tfs/config.lua
-
-        - name: Replace mysqlUser
-          uses: jacobtomlinson/gha-find-replace@v2
-          with:
-            find: 'mysqlUser = "forgottenserver"'
-            replace: 'mysqlUser = "root"'
-            regex: false
-            include: 'tfs/config.lua'
-
-        - name: Replace mysqlPass
-          uses: jacobtomlinson/gha-find-replace@v2
-          with:
-              find: 'mysqlPass = ""'
-              replace: 'mysqlPass = "root"'
-              regex: false
-              include: 'tfs/config.lua'
-
-        - name: Replace mysqlDatabase
-          uses: jacobtomlinson/gha-find-replace@v2
-          with:
-              find: 'mysqlDatabase = "forgottenserver"'
-              replace: 'mysqlDatabase = "myaac"'
-              regex: false
-              include: 'tfs/config.lua'
-
-        - name: Setup PHP
-          uses: shivammathur/setup-php@v2
-          with:
-            php-version: ${{ matrix.php-versions }}
-            extensions: mbstring, dom, fileinfo, mysql, json, xml, pdo, pdo_mysql
-
-        - name: Get composer cache directory
-          id: composer-cache
-          run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
-
-        - name: Cache composer dependencies
-          uses: actions/cache@v3
-          with:
-            path: ${{ steps.composer-cache.outputs.dir }}
-            # Use composer.json for key, if composer.lock is not committed.
-            # key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
-            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
-            restore-keys: ${{ runner.os }}-composer-
-
-        - name: Install Composer dependencies
-          run: composer install --no-progress --prefer-dist --optimize-autoloader
-
-        - name: Run PHP server
-          run: nohup php -S localhost:8080 > php.log 2>&1 &
-
-        - name: Cypress Run
-          uses: cypress-io/github-action@v5
-          env:
-            CYPRESS_URL: http://localhost:8080
-            CYPRESS_SERVER_PATH: /home/runner/work/myaac/myaac/tfs
-
-        - name: Save screenshots
-          uses: actions/upload-artifact@v3
-          if: always()
-          with:
-            name: cypress-screenshots
-            path: cypress/screenshots
-
-        - name: Upload Cypress Videos
-          uses: actions/upload-artifact@v3
-          if: always()
-          with:
-            name: cypress-videos
-            path: cypress/videos

.github/workflows/phplint.yml

@@ -1,16 +1,16 @@
 name: PHP Linting
 on:
   pull_request:
-    branches: [develop]
+    branches: [master]
   push:
-    branches: [develop]
+    branches: [master]
 
 jobs:
   phplint:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: overtrue/phplint@8.2
+      - uses: overtrue/phplint@7.4
         with:
           path: .
-          options: --exclude=*.log
+          options: --exclude="system/libs/polyfill-mbstring/bootstrap80.php"

.gitignore

@@ -48,6 +48,10 @@ system/cache/*
 !system/cache/signatures/index.html
 !system/cache/plugins/index.html
 
+# php sessions
+system/php_sessions/*
+!system/php_sessions/index.html
+
 # logs
 system/logs/*
 !system/logs/index.html
@@ -56,10 +60,6 @@ system/logs/*
 system/data/*
 !system/data/index.html
 
-# php sessions
-system/php_sessions/*
-!system/php_sessions/index.html
-
 # plugins
 plugins/*
 !plugins/.htaccess
@@ -70,8 +70,5 @@ plugins/*
 !plugins/email-confirmed-reward
 landing
 
-# system
-system/functions_custom.php
-
 # others/rest
 system/pages/downloads.php

.htaccess.dist

@@ -6,13 +6,11 @@
 	Options -MultiViews
 </IfModule>
 
-<FilesMatch "^(CHANGELOG\.md|README\.md|composer\.json|composer\.lock|package\.json|package-lock\.json|cypress\.env\.json)$">
-	Require all denied
-</FilesMatch>
-
 <IfModule mod_rewrite.c>
 	RewriteEngine On
 
+	# you can put here your myaac root folder
+	# path relative to web root
     #RewriteBase /myaac/
 
 	RewriteCond %{REQUEST_FILENAME} !-f

.travis.yml

@@ -0,0 +1,20 @@
+
+language: php
+php:
+  - 5.6
+  - 7.0
+  - 7.1
+  - 7.2
+  - 7.3
+  - 7.4
+  - 8.0
+
+cache:
+  directories:
+    - $HOME/.composer/cache
+
+before_script:
+  - composer require php-parallel-lint/php-parallel-lint --no-suggest --no-progress --no-interaction --no-ansi --quiet --optimize-autoloader
+
+script:
+  - php vendor/bin/parallel-lint --no-progress --no-colors --exclude vendor --exclude "system/libs/pot/OTS_DB_PDOQuery_PHP71.php" .

CHANGELOG.md

@@ -1,55 +1,891 @@
 # Changelog
 
-## [0.9.0-alpha - 02.06.2023]
-
-Minimum PHP version for this release is 7.2.5.
-
-### Added
-* reworked Admin Panel (@Leesneaks, @gpedro, @slawkens)
-  * updated to Bootstrap v4
-  * new Menu
-  * new Dashboard: statistics, server status
-  * new Admin Bar showed on top when admin logged in
-  * new page: Server Data, to reload server data
-  * new pages: mass account & teleport tools
-  * changelogs editor
-  * revised Accounts & Players editors
-  * option to add/modify menus with plugins
-  * option to enable/disable plugins
-  * better, updated TinyMCE editor (v6.x)
-    * with option to upload images
-  * list of open source libraries used in project
-* brand new charming installation page (by @fernandomatos)
-  * using Bootstrap
-* new pages router: nikic/fast-route, allowing for better customisation
-* Guild Wars support (available as plugin)
-* support for login and create account only by email (configurable)
-  * with no need for account name
-* Google ReCAPTCHA v3 support (available as plugin)
-* automatically load towns names from .OTBM file
-* support for Account Number
-  * suggest account number option
-* many new functions, hooks and configurables
-* better Exception Handler (Whoops - https://github.com/filp/whoops)
-* add Cypress testing
-
-### Changed
-* Composer is now used for external libraries like: Twig, PHPMailer, fast-route etc.
-* mail support is disabled on fresh install, can be manually enabled by user
-* disable add php pages in admin panel for security. Option to disable plugins upload
-* visitors counter shows now user browser, and also if its bot
-* changes in required and optional PHP extensions
-* reworked Pages:
-	* Bans
-		* works now for TFS 1.x
-	* Highscores
-		* frags works for TFS 1.x
-		* cached
-	* creatures
-* moved pages to Twig:
-  * experience stages
-* update player_deaths entries on name change
-* change_password email to be more informal
+## [0-8.14 - 27.11.2023]
+Security fixes.
 
 ### Fixed
-* hundrets of bug fixes, mostly patched from 0.8, so it makes no sense writing them again here
+* XSS vulnerability in bugtracker (https://github.com/slawkens/myaac/commit/83a91ec540072d319dd338abff45f8d5ebf48190)
+* XSS vulnerability in forum (https://github.com/slawkens/myaac/commit/d1bc63d07ad88a143358cacd2c417891eea74dcc + https://github.com/slawkens/myaac/commit/55dbade8d5280c5baed45e5f7ebc3613b8e9b9e8)
+* Session Fixation (https://github.com/slawkens/myaac/commit/483155cf4c1e3068aaee0d44541dfa61f6223379)
+* displaying ban info on account page (https://github.com/slawkens/myaac/commit/764db0c203d1826ffce3a5a78f83a97e56bd0685)
+
+### Changed
+* Clear some additional cache keys - like database cache (https://github.com/slawkens/myaac/commit/4327b66f915d06dce504211692173606b9ef3b4e)
+
+## [0.8.13 - 16.09.2023]
+
+### Added
+* latest client versions to config (https://github.com/slawkens/myaac/commit/765886f0c782807400c429577cde5e45bd7c308f)
+* patching from develop - twig context for hooks (https://github.com/slawkens/myaac/commit/f1670f4012cc7595433fe0b1937c1f9b15a60b07)
+
+### Fixed
+* fixed XSS vulnerability in some pages (https://github.com/slawkens/myaac/commit/5c3b01aca4f3cfe8abc86b8ce48194b2da87b808)
+
+Nothing more or less!
+
+## [0.8.12 - 07.08.2023]
+I've moved the repository back to my personal account. (Just so you know!)
+
+I will also try to add git commits pointed to each change, lets see if you like it or not - you can comment in discussion, that will be created just after releasing this version :)
+
+### Added
+* forum: better error messages (Suggested by @anyeor) (https://github.com/slawkens/myaac/commit/34725e0257684fe5fa43875cc3a8f587ba04642e)
+* more support for GesiorAAC classes, so some of them will work with MyAAC (https://github.com/slawkens/myaac/commit/a8172a518ff8939c4402349b16c064fcaf855d31)
+* word-break on forum thread & reply (Suggested by @anyeor) (https://github.com/slawkens/myaac/commit/ce4aed0f1719d2aadc749e5238e883e3c10e2686)
+
+### Fixed
+* not working pages/links from database, introduced in 0.8.10 (Thanks to OtLand user - https://otland.net/members/0lo.99657/ for report) (https://github.com/slawkens/myaac/commit/1e874c7027769bd09e772a1cdac75d7e37991256)
+* it was possible to create topic in board that was closed, ommiting the error check (Thanks to @anyeor for report) (https://github.com/slawkens/myaac/commit/0d52978d9fb99869500d35e7676f454ca5eaba14)
+* PHP 8.2 compatibility - removed deprecated functions utf8_encode & utf8_decode (https://github.com/slawkens/myaac/commit/a338fd967cdbcc89e86be4e6b66b2cad2ff23251)
+* guild description not being correctly shown (Reported by @anyeor)  (https://github.com/slawkens/myaac/commit/f2a3ec1185df64ad9084d4ff55790ae4a5b3e5fd, https://github.com/slawkens/myaac/commit/df321154f63d458a4bc7d83bac5e3447b67317a4)
+
+### Removed
+* Some old code for verifying messages length (Reported by @anyeor) (https://github.com/slawkens/myaac/commit/df48363ea4ced4350fd90ffddf57d464ba5afa8b)
+* some info about config failed to load, was never working (https://github.com/slawkens/myaac/commit/7a546e5a41036b0e9e926d337c6f2e3c41c591d2)
+
+## [0.8.11 - 30.06.2023]
+
+### Added
+* new function from 0.9 - Cache::remember($key, $ttl, $callback)
+* new characters page hooks
+* line number & file to exception handler, to easier localize exceptions
+
+### Changed
+* rename to .htaccess.dist, causes some problems on default setup
+* removing unneccessary PHP closing tags to prevent potential issues (by @SRNT-GG)
+* display warning if hook file does not exist
+
+### Fixed
+* important: Not allow create char if limit is exceeded (by @anyeor) could have been used to spam database
+* deleted chars: cannot change comment, name, gender, cannot create guild, cannot be invited, cannot accept invite, cannot be passed leadership to
+* forum: quote and edit post buttons not being shown
+* twig exception thrown when player does not exist, on character change comment (thanks @anyeor)
+* BASE_DIR when accessing /tools
+* do not display warning if HTTP_ACCEPT_LANGUAGE is not set
+
+## [0.8.10 - 18.05.2023]
+
+### Changed
+* PHP 7.2.5 is now required, cause of Twig 2.x
+* allow pages to be placed in templates folder, under pages/ subfolder
+
+### Fixed
+* Twig error with global variable on create account
+* links/redirects from facebook, etc. like ?fbclid=x
+* do not allow to continue install when there is no server database imported
+* cannot go forward when config.local.php cannot be saved
+* when server uses another items serializer
+* small bug on install - please fill all input
+
+## [0.8.9 - 16.03.2023]
+
+### Added
+* You can now disable server status checking for testing purposes, useful for local testing when there is no server running
+  * with this, the page won't need 2 seconds to load
+  * set status_enabled to false in config.php
+* new buttons code for tibiacom template, can create button with any text
+* patched some small changes from develop branch
+
+### Changed
+* add .git to denied folders in nginx-sample.conf
+* plugins folder is now accessible from outside
+* add plugins folder to twig search paths
+
+### Fixed
+* player save on tfs 1.5 with new ipv6
+* more php 8.x compatibility
+* rel path for exception message, causing message to be not in red background
+
+## [0.8.8 - 18.02.2023]
+
+### Added
+* mail confirmed reward
+* support for latest group changes in TFS
+* new function: escapeHtml
+
+### Updated
+* TinyMCE to v4.9.1 (latest release in 4.x series)
+* Twig to v2.15.4
+
+### Changed
+* you can now place custom pages in your template directory under pages/ folder
+* HOOK_LOGOUT parameters, now only account_id is passed
+
+### Fixed
+* ipv6 introduced in latest TFS
+* config.account_premium_days for TFS 1.4+
+* better compatibility with GesiorAAC
+* PHP 8.1 compatibility
+* myaac_ db table detection failure
+* reload creatures error, when items cache has been cleared
+
+### Removed
+* accounts.blocked column, which is not used by AAC
+
+## [0.8.7 - 31.08.2022]
+
+### Added
+* login.php for client 12.x is now part of official repo
+* browsehappy code
+* config use character sample skill (#201, @gpedro)
+* custom words blocked (#190, @gpedro)
+
+### Changed
+* save php sessions in myaac dir
+* don't count deleted players when creating new character
+
+### Fixed
+* patch vulnerability in change_rank.php (#194, @gesior, @thatmichaelguy)
+* fix guild invite page (#196, @worthdavi)
+* players not showing on highscores page (#195)
+* highscores page bug with high pages
+* $player->getStorage() does not work at all (#169, @gesior)
+* copying sample character when it have items with quotes (#200, @gpedro)
+* IPv6 issue when env is set to dev (#171)
+* admin page changed feet to match body colour (#174, @silic0nalph4)
+* exception being thrown when creating duplicated character name (#191)
+* rules page formatting (#177, @silic0nalph4)
+* account character create if auto_login is enabled
+* undefined variable notice on database_log enabled
+* removed VERSION file
+
+## [0.8.6 - 10.07.2021]
+This update contains very important security fix.
+
+Please update your MyAAC instances to this version.
+
+## [0.8.5 - 08.06.2021]
+
+### Changed
+* bcmath module is not required anymore
+* Gratis premium account fixes (#156, by @czbadaro)
+* Update 404 response (#163, by @anyeor)
+
+### Fixed
+* compatibility with PHP 7.0 and lower
+* deleting ranks in guilds (#158, by @Misztrz)
+* guild back buttons (change logo & motd)
+* forum table style (boards & thread view)
+* guild list description new lines `<br>` being ignored (Thanks @anyeor for reporting)
+
+
+## [0.8.4 - 18.02.2021]
+
+### Added
+* support for accounts.premium_ends_at (Latest TFS 1.x)
+* more clients to clients.conf.php
+
+### Changed
+* minimum PHP 5.6 is now required
+* password can now contain any characters
+* add SSL on external image requests of items and outfits (@fernandomatos)
+* Use local storage for saving menu items (tibiacom template) - fixes bug with some websites like wykop.pl (browser freeze)
+* increase size of myaac_visitors.page column to 2048 (Thanks to OtLand user kaleuui)
+
+### Fixed
+* compatibility with PHP 8.0 (latest XAMPP)
+* displaying PHP errors on env = "prod"
+* the Guildnick not showing in the guild pages (@leesneaks)
+* you cannot delete character more than twice (Thanks Okke)
+* ignore arrays in config.lua (fixes experienceStages loading)
+* parsing empty strings in config.lua (with comments)
+* headling.php cannot find font
+
+## [0.8.3 - 27.10.2020]
+
+### Added
+* pdo_mysql as required extension
+* some notice about Email validation in create account
+
+### Changed
+* Move register DATABASE_VERSION into schema.sql
+    * Caused migrations being fired when user manually imported database
+
+### Fixed
+* creating very uncommon (bugged) account names
+* XSS in character search
+* Admin menu news editing warning when leaving page without touching the inputs
+* Guild Invite not working on otservbr-global
+* two boxes being show on email_change_cancel
+* when adding poll = template tibiacom broken
+* houses: Unknown column 'guild' in 'where clause (https://github.com/slawkens/myaac/issues/131)
+* account create when account_mail_verify is enabled
+* CloudFlare IP detection
+* network_twitter link in tibiacom template
+
+## [0.8.2 - 03.06.2020]
+
+### Added
+* Log query time in database_log (can be used for benchmarking)
+* new PHP constant: IS_CLI
+* $_SERVER['REQUEST_URI'] to database.log
+* outfit to highscores box in tibiacom template
+* system/data to .gitignore
+* error_reporting in admin panel (when in dev mode), so it shows php notices and warnings
+* example quests in config.php
+
+### Changed
+* account_login input type from password to text
+
+### Fixed
+* Guild Invite not working on otservbr-global (#123)
+* news not updating after adding in admin panel
+* wrong mana of character samples (#125)
+* missing rules page on clean install
+* double space character name creation (@Lee, #121)
+* creatures page: Max count and chance not shown on hovered items
+* exception being thrown when characters.frags enabled on TFS 1.x
+* TFS 0.4 guilds creation (Where guilds.checkdata and motd doesn't have default value)
+* ERR_TOO_MANY_REDIRECTS browser error on template change
+* updating template menus on template change
+* Account change info when config.account_country is disabled
+* cancel change email request
+* config.character_name_min/max_length being ignored in change_name.php
+* some rare bugs when database is no up-to-date and someone enters admin panel
+* extra line that is added when using a newer version than official release (@Lee)
+* admin links in featured article
+* some PHP Notice when HTTP_HOST is not set (Can happen on some old versions of HTTP protocol)
+* Show character indicator in check_name.js
+* Houses list View button was wrong (was from bootstrap)
+* OTS_House __construct - not loading by houseid parameter
+* message() function when executed in CLI
+
+### Removed
+* unused myaac_commands table from schema
+* MyISAM engine from migration scripts (#128)
+
+## [0.8.1 - 10.03.2020]
+
+### Added
+* Support for Nostalrius OTS
+
+### Changed
+* Move TODO to wiki
+* .tooltip css class to .item_image (bootstrap conflict)
+
+### Fixed
+* Reloading of creatures/monsters throwing an exception
+* Loading custom pages with old Gesior variables [#108](https://github.com/slawkens/myaac/issues/107)
+* Some weird behaviour with installation of plugins
+* CHANGELOG.md loading in Admin Panel
+* spells displaying when level = 0
+* Some PHP warnings and notices
+
+## [0.8.0 - 19.02.2020]
+
+### Added:
+* new Awesome Bootstrap Admin Panel by Lee (@Leesneaks)
+	* using Bootstrap 3
+	* all existing pages were adjusted 
+	* new editor: Accounts
+	* improved editor: Players
+	* new Reports View page
+	* Modules directory, which can be added using Plugins (@Leesneaks, @whiteblXK)
+	* move News Management here (@whiteblXK)
+	* interactive player outfit chooser (@tobi132)
+* added Highscores by balance
+* possibility to define colors and "Open in New Tab" on Template Menus (needs to be supported by Template)
+* support for database persistent and socket connections (performance boost)
+* Team page - display outfits of the players (configurable)
+* added clear_cache.php, send_email.php bin commands (@slawkens, @tobi132)
+* added locale pt_br (@ivenspontes)
+* added load time into items & weapons loading admin page
+* new, beautiful exception handler
+* added travisci to prevent mistype (@gpedro, #89)
+* added showing database name into installation script (@tobi132)
+* compatibility with old z_ gesior table (@tobi132, #46)
+* added nginx-sample.conf, .editorconfig, VERSION
+* database towns table support for TFS 1.3 (@tobi132)
+* added enable_tinymce option to Pages editor
+
+### Fixed:
+* account login redirect with special chars (like '&' and '?')
+* black skull info at serverInfo (@tornadia)
+* set correct limit at lastkills page from config (anyeor from OtLand)
+* myaac_monsters table column loot problem (#79)
+* players column deleted install description (@gpedro, #91)
+* experience table being to wide and buggy on some templates (@tobi132, #90)
+* fix errors with .htaccess files
+* added index.html to prevent indexing the folder by mod_index
+
+### Changed:
+* Environment is now configurable by env setting (Significantly better load times with 'prod')
+* replace spells, monsters tables with JavaScript Sortable Tables - DataTables (@Leesneaks)
+* change default MySQL Storage Engine to InnoDB and Default Character Set to utf8
+* updated OTS_House class to support latest TFS 1.x (new columns)
+* updated monster images to the original ones from tibia.com
+* increased the minimum length (3 -> 4) and decreased the maximum length (25 -> 21) of the New Character Name (by @vankk)
+* use $db->exec instead of $db->query optimisation
+* move items from database to Cache_PHP (Much more faster load time)
+* allow simultaneous loading of config.ini and config.php in templates
+* updated copyright year and SSL link (@EPuncker, #88)
+* move commands, rules and downloads pages into database (@tobi132)
+* better view of guilds (new buttons, table look and feel) (@tobi132)
+* remove stupid alerts on account create
+* remove .dist extension from .htaccess
+
+### New Configurables (config.php)
+* env (Environment)
+* account_create_auto_login (Auto Login after Create Account - Registration)
+* account_create_character_create (Create Character directly on Create Account page) (@tobi132)
+* footer_show_load_time (display load time of the page in the footer)
+* database_socket (Connection via Unix Socket)
+* database_persistent (Database Persistent Connection)
+* database_log (Logging of Database Queries)
+* admin_panel_modules (Modules displayed in Admin Panel Dashboard)
+* status_timeout, status_interval
+* smtp_debug (More info about SMTP errors in error.log)
+* team_display_outfit (Display outfit of the team members on teams page)
+* highscores_balance (Display highscores by balance)
+* character_name_min/max_length (Minimum and maximum length of character name)
+* characters.deleted (display deleted characters on characters page)
+
+### Forum:
+* show image in full screen on click
+* show user avatar (outfit) in posts
+* replaced forum actions links (move, remove, edit, quote) with images
+* redirect directly to the thread on user login (on new reply)
+
+### Installer:
+* AJAX loader for the important stuff
+* create admin account: ask for e-mail + character name
+* load items & weapons
+* check user IP on install to prevent install by random user
+* remember status of the installation
+* remember language on first step (welcome)
+* ask user for timezone
+* auto detected browser language in select language
+
+### Plugins
+* sandbox for plugins, don't install when requirements are not satisfied
+* allow comments inside plugin json file (php style)
+* new require options for plugins: (look into example.json)
+	* require database version, table or column of the MyAAC schema
+	* require php-extension
+	* require semantic-version (like in composer.json)
+* new hooks: LOGIN, LOGIN_ATTEMPT, LOGOUT, HOOK_ACCOUNT_CREATE_*
+
+### Cache
+* php 7.x APCu cache support (faster cache engine)
+* new cache engine: plain PHP (is good with pure php 7.0+ and opcache)
+* cache lastkills.php, $db->hasTable, $db->hasColumn, hooks and template menus
+* stop using global $cache variable, use Singleton pattern instead
+
+### Twig
+* move pages to Twig templates: team, lastkills, serverinfo, houses, guilds.list, guild.view, admin.logs, admin.reports (@whiteblXK, @tobi132)
+* replace "$twig->render()" with "$this->display"
+* move Twig functions to separate file
+* move tibiacom boxes to Twig templates
+* allow Pages to be loaded as Twig template (this allows using Twig variables in Pages) (@tobi132)
+* allow string to be passed to hook twig function
+
+### Functions
+* config($key), configLua($key)
+* clearCache()
+* OTS_Account:
+	* getCountry()
+	* setLastLogin($lastlogin) (@Leesneaks)
+	* setWebFlags(webflags) (@Leesneaks)
+* OTS_Player:
+	* getAccountId()
+	* countBlessings() (@Leesneaks)
+	* checkBlessings($count) (@Leesneaks)
+* is_sub_dir (in system/libs/plugins.php)
+* Twig:
+	* getPlayerLink($name, $generate = true)
+* removed SQLquote and SQLquery from OTS_Base_DB
+* Add optional $params param into log_append (will log arrays) (@tobi132)
+
+### Internal
+* moved clients list to the new file (clients.conf.php)
+* changed tableExist and fieldExist to $db->hasTable(table) + $db->hasColumn(table, column)
+* changed deprecated $ots->createObject() functions with their OTS_ equivalents
+* add global helper config($key) function + twig binding
+	* use config() instead of global $config
+* remove unnecessary parentheses in include/require PHP functions
+* use __DIR__ instead of dirname(__FILE__) - since PHP 5.3.0
+* change intval() function to (int) casting (up to 6x faster)
+* add release.sh script (for GitHub releases)
+* use curl as alternative option for reporting install
+
+### Libraries
+* updated Twig to version v1.35.0
+* updated TinyMCE to version v4.7.4
+
+### Deprecations
+* change deprecated HTML <center> tag to <div style="text-align:center">
+* replace deprecated HTML <font> tag with <span>
+
+## [0.7.11 - 04.05.2019]
+### Added:
+* support for some old servers, where arrays are used in config.lua
+* an additional text to the install page informing that user can reinstall MyAAC by deleting config.local.php
+
+### Fixed:
+* XSS in forum show_thread
+* guilds - "Add new rank" function
+* multiple mail recipients when using admin mailer function
+* Admin Panel - MyAAC logs not shown if servers logs directory doesn't exist (#47)
+* missing prefix for cache get() and delete() functions
+* add fatal error message when myaac tables in database do not exist
+* the mystical defect where "Create Account" button was not highlighted (on the account/manage page)
+* bug where server_config table does not exist (OTHire as an example)
+* database_name in Usage_Statistics
+* forgot to open <head> in install template
+
+### Changed:
+* do not display software version
+
+## [0.7.10 - 03.03.2018]
+### Added:
+* new configurable: smtp_secure
+* robots.txt
+
+### Fixed:
+* editing an existing page that had php enabled
+* chrome bug on save (when editing page) ERR_BLOCKED_BY_XSS_AUDITOR
+* showing IP and Port in admin panel (#44, by miqueiaspenha)
+* deleting plugin showing "You don't have rights to delete"
+* some bug with PHPMailer not finding its language file
+* default accounts.vote value
+* saving some really high long ip addresses
+
+### Changed:
+* update config.highscores_ids_hidden on install when there are samples already in database
+* auto add z_polls table on install
+
+### Internal:
+* changed mb_strtolower functions to strtolower()
+* added new function: $hooks->exist($type)
+
+## [0.7.9 - 13.01.2018]
+	* removed 6mb of trash (some useless things)
+	* (fix) TFS 1.x not showing promoted vocations in highscores
+	* otserv 0.6.x: fixed some warning (on the characters page) and fatal mysql error (on the mango signature)
+	* fixed default stamina on otserv 0.6.x engine (and some others perhaps)
+	* install: change permission check to is_writable
+	* changed highscores_groups_hidden to 3 (for TFS 1.x)
+	* updated background-artwork (tibiacom template) to the latest version, removed other ones
+
+## [0.7.8 - 12.01.2018]
+	* fixed installation error " call to undefined method OTS_DB_MySQL::hasColumn()"
+	* updated tinymce to the latest (4.7.4) version
+	* enabled emoticons plugin in tinymce :)
+	* some security fixes
+
+## [0.7.7 - 08.01.2018]
+	* important fix for servers with promotion column (caused player.vocation to be resetted when saving player, for example: on change name, accept invite to guild, leave guild)
+	* immediately reload config.lua when there's change in config.server_path detected
+	* added new forum option: "Enable HTML" (only for moderators)
+	* fixed othire default column value (#26)
+	* fixed saving custom vocations in admin panel (#36)
+	* fixed warning in highscores when vocation doesn't exist
+	* fixed characters page - config.characters.frags "Notice: Use of undefined constant"
+	* fixed getBoolean function when boolean is passed
+	* fixed empty success message on leave guild
+	* fixed displaying premium account days
+	* function OTS_Account:getPremDays will now return -1 if there's freePremium configurable enabled on the server
+	* fixed tr bgcolor in characters view (Frags) (#38)
+	* fixed some warning in guild show
+	* fixed PHP warning about country not existing on online and characters pages
+	* fixed forum bbcode parsing
+	* don't add extra <br/> to the TinyMCE news forum posts
+	* (internal) using $player->getVocationName() where possible instead of older method
+
+## [0.7.6 - 05.01.2017]
+	* fixed othire account creating/installation
+	* fixed table name players -> players_online
+	* fixed unexpected error logging about email fail
+	* added max_execution_time to the install finish step
+	* some small fix regarding highscores vocation box
+
+## [0.7.5 - 04.01.2017]
+	* fixed bug on othire with config.account_premium_days
+	* fixed bug on TFS 1.x when online_afk is enabled
+	* warning about leaving news page with changes
+	* added player status to tibiacom top 5 highscores box
+	* save detected country on create account in session
+	* fixed getPremDays and isPremium functions (newest 11.x engines are bugged when it comes to PACC, its not fault of MyAAC)
+	* fix when there are no changelogs or highscores yet
+	* small fix regarding getTopPlayers function which was ignoring $limit variable
+	* fixed news adding when type != ARTICLE
+	* fixed template path finding
+	* fixed displaying article_text when it was empty saved
+
+## [0.7.4 - 24.12.2017]
+	* fixed mysql fatal error on tibiacom template - top 5 box
+	* fixed displaying of level percent bar on tibian signature
+	* inform user about Twig cache failure on installation, instead of http 500 error
+	* when dir system/cache is not writable by the webserver, then show some nice notice to the user about it instead of http 500 error
+	* remember client version select and usage stats checkbox in session on install
+	* automatically update highscores_ids_hidden for users who installed myaac before (migration)
+
+## [0.7.3 - 18.12.2017]
+	* auto generate myaac cache & session prefix on install to be unique across installations
+	* fixed hiding shop system menu on tibiacom template when disabled in config
+	* prevent adding duplicated newses with installation
+	* some changes to sample characters: chanced town_id to 1, posx: 1000, posy: 1000, posz: 1000 and default group_id to 1 so you can change in-game outfits and they will be used
+	* added version 772 constant to install client choose (OTHire)
+	* better solution for hidding samples (configurable) - highscores_ids_hidden
+	* fixed account.login redirect not working on tibiacom template
+	* installation: warn about wrong admin account name/id and password
+	* fixed last menu closing in tibiacom template
+	* updated polish locale (translation) on install
+	* (internal) removed some duplicated code on install finish
+	* (internal) renamed installation step files to be in correct order
+	* added TODO file
+
+## [0.7.1 - 13.12.2017]
+	* added changelog menu item to kathrine template
+	* fixed some php short tag in changelogs page
+	* fixed guild change description back button
+	* removed duplicated "Support List" menu item from tibiacom template
+	* changed some notice when version check is failed
+	* (internal) moved changelog to twig
+
+## [0.7.0 - 20.11.2017]
+	* moved template menus to database, they're now dynamically loaded
+	* added anonymous usage statistics reporting (only if user agrees, first usage report will be send after 7 days)
+	* you can edit them in Admin Panel under 'Menus' option
+	* you can also add custom links, like http://google.pl
+	* added networks (facebook and twitter) and highscores (top 5) boxes to tibiacom template, configurable in templates/tibiacom/config.php
+	* added news ticker for kathrine template
+	* added featured article to tibiacom template (you can add them with add news button)
+	* added tinymce editor to 'Pages' in admin panel
+	* added links to edit/delete/hide custom page directly from page
+	* update forum post after editing news (when forum post has been created)
+	* enabled code plugin for tinymce which enabled raw html code editing
+	* removed videos pages, as it can be easily added using custom Menus and Pages with insert Media
+	* removed bug_report configurable, its now enabled by default
+	* log some error info when mail cannot be send on account create
+	* twig getLink function will now return with full url (BASE_URL included)
+	* verify install post values directly on config page and display error
+	* updated tinymce to version 4.7.2 (from 4.7.0)
+	* updated phpmailer to version 5.2.26 (from 5.2.23)
+	* (#30) (fix) recovering account on servers that doesn't support salts
+	* (fix) account email confirm function
+	* (fix) showing changelog with urls in Admin Panel
+	* (fix) uninstalling plugin
+	* (fix) polls box in tibiacom template
+	* (fix) remove hooks from db on plugin deinstall
+	* (fix) some weird include possibilities with forum and account actions (verify action name)
+	* (fix) loading hooks from plugin installed from command line
+	* (fix) some changelog PHP Notice warning
+	* (internal) moved uninstall logic to Plugins class
+	* (internal) moved tibiacom boxes to separate directory
+	* (internal) moved news tickers to twig template
+	* (internal) moved Forum class to separate file
+	* (internal) moved deprecated functions to compat.php
+	* (internal) added some compat functions that are used by shop system
+	* (internal) renamed constant TICKET -> TICKER
+	* (internal) shortened message functions
+
+## [0.6.6 - 22.10.2017]
+	* fixed some php fatal error on spells page
+	* changed spells.vocations field in db size to 300
+	* please reload your spells after this update!
+
+## [0.6.5 - 21.10.2017]
+	* fixed displaying custom pages
+	* fixed adding new group forum board
+
+## [0.6.4 - 20.10.2017]
+	* reverted OTS_Account::getLastLogin() cause its used by tibia11-login plugin
+
+## [0.6.3 - 20.10.2017]
+	* fixed creating account
+	* fixed viewing thread without being logged
+	* fixed showing premium account status
+
+## [0.6.2 - 20.10.2017]
+	* added forums for guilds and groups
+	* added nice looking menu for my account page in default template
+	* new command line tool: install_plugin.php - can be used to install plugins from command line. Usage: "php install_plugin.php path_to_file"
+	* added new tooltip to view characters equipment item name and monster loot
+	* added items.xml loader class and weapons.xml loader class
+	* minimum PHP version to install AAC is now 5.3.0 cause of Anonymous functions used by Twig
+	* Added 'Are you sure?' popup when uninstalling plugin
+	* added some warnings when plugin json file is incomplete
+	* fixed showing in characters ban expires when is unlimited
+	* fixed displaying monster loot when item.name in loot is used instead of item.id
+	* load also runes into spells table
+	* display plugin uninstall option only if its possible
+	* after changing template you will be redirected to latest viewed page
+	* display gallery add image form only on main gallery page
+	* (internal) moved most of guilds html-in-php code to twig
+	* (internal) moved spells page to twig template
+	* (internal) removed useless spells.spell column that was duplicate of spells.words
+	* (internal) save monster loot in database in json format instead loading it every time from xml file
+	* (internal) store monster voices and immunities in json format
+	* (internal) moved buttons to separate template
+	* (internal) moved online search form to twig
+	* (internal) added new function getItemNameById($id)
+	* (internal) Moved plugin install logic to a new class: Plugins
+	* (internal) changed spells.vocations database field to store json data instead of comma separated
+	* (internal) removed $hook_types array, using defined() and constant() functions now
+	* (internal) removed useless monsters.gfx_name field from database
+	* (internal) renamed database field monsters.hide_creature to hidden
+	* (internal) renamed existing Items class to Items_Images
+	* (internal) optimized Spells class
+	* (internal) new function: OTS_Guild::hasMember(OTS_Player $player)
+	* (internal) new function: Forum::hasAccess($board_id)
+
+## [0.6.1 - 17.10.2017]
+	* fixed signatures loading
+	* new configurable: session_prefix, to allow more websites on one machine (must be unique for every website on your dedicated server!)
+	* better error handling for monsters and spells loader (save errors to system/logs/error.log)
+	* check if file exist before loading (monsters and spells)
+	* (internal) Account::getAccess() = Account::getGroupId()
+	* (internal) moved account actions (pages) to account/ directory
+	* (internal) moved forum actions (pages) to forum/ directory
+	* (internal) moved forum.edit_post to twig templates
+
+## [0.6.0 - 16.10.2017]
+	* added faq management - add/edit/move/hide/delete from website
+	* new account.login view for tibiacom template
+	* monsters and spells are now being loaded at the installation of the AAC
+	* fix for php versions under 5.5 where empty() function supported only variables
+	* added missing change email and change info buttons to account.management default template
+	* added new indicator icons for create account, create character and change character name
+	* fixed config loader when some inline comments are present
+	* fixed editing page in admin panel that contains some html code
+	* fixed forum new post on mac os and some specific mysql versions
+	* attempt to fix incorrect views counter behavior (its resetting to 0 in some cases)
+	* enabled cache http headers for signatures
+	* check if monster file exist before loading it
+	* fixed if plugin zip file name contains dot (.)
+	* renamed screenshots to gallery and movies to videos
+	* moved install pages to twig
+	* fixed Account::getGuildAccess function
+	* removed never used library from sources - dwoo
+	* moved check_* functions to class Validator
+	* from now all validators ajax requests will fire onblur instead of onkeyup
+	* ajax requests returns now json instead of xml
+	* added 404 response when file is not found
+
+## [0.5.1 - 11.10.2017]
+	* fixed forum add/edit board
+	* new configurable: highscores_length, how much highscores to display
+	* fixed highscores links (ALL, previous and next page)
+	* update templates cache when installing/uninstalling plugin
+	* moved character deaths and frags table generation to twig
+	* fixed some bug when you uninstall plugin and then try to install again on the same page
+	* check if plugin exist before uninstalling
+	* fixed some warning in OTS_Base_DB
+
+## [0.5.0 - 10.10.2017]
+	* moved .htaccess rules to plain php (index.php)
+	* updated tinymce to the latest (4.7.0) version, you can now embed code, for example youtube videos
+	* added option to uninstall plugin
+	* added option to require specified myaac, php or database version for plugins, without that plugin won't be installed
+	* change accountmanagement links to use friendly_urls
+	* fixed creating new forum thread
+	* sample characters are now assigned to admin account and have group_id 4 to not be shown on highscores
+	* added links loaded from database to admin panel - for future plugins
+	* print some info to error.log when can't find config.lua
+	* some fixes in account changecomment action
+	* show info when account name/number or password is empty on login
+	* fixed showing account login errors
+	* added few characters hooks
+	* fixed some kathrine template js bug when shop is disabled
+	* you can now use slash '/' in custom pages loaded from database
+	* added new twig function getLink that convert link taking into account config.friendly_urls
+	* internalLayoutLink -> getLink
+
+## [0.4.3 - 05.10.2017]
+	* better config loader taken from latest gesior, you can now include files in your config by doing dofile('config.local.lua')
+	* fixed country detection in create account
+	* fixed showing of character deaths and frags
+	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466303
+	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466313
+	* fixed rook sample, which will now have level 1, 150 health, 0 mana, and 400 cap.
+	* fixed samples being deleted by tfs 1.0+ cause of 'deletion' field set to 1
+	* pages loaded from database have higher priority than normal .php pages, so they will be loaded first if they exist
+	* moved many pages to twig templates
+	* change download client links from clients.halfaway.net to tibia-clients.com
+	* added bugtracker to kathrine template
+	* added CREDITS file
+
+## [0.4.2 - 14.09.2017]
+	* updated version number
+
+## [0.4.1 - 13.09.2017]
+	* fixed log in to admin panel
+	* fixed File is not .zip plugin upload error
+
+## [0.4.0 - 13.09.2017
+	* added option to add/edit/delete/hide/move forum boards
+	* moved some of HTML-in-PHP code to Twig templates
+	* added bug_report configurable which can enable/disable bug tracker
+	* log errors instead of showing them to users with system directories
+	* fix when $_SERVER['HTTP_ACCEPT_ENCODING'] is not set
+	* when it fails to load config.lua it will output error also to error.log
+	* automatically detect json file in .zip instead of basing on filename (admin panel - plugins)
+	* hopefully fixed the error with "The file you are trying to upload is not a .zip file. Please try again."
+	* fixed wrong name of table in bugtracker
+	* fixed some bugs in bugtracker
+	* added report bug link in templates
+	* fixed some rare error when user is logged in for longer than 15 minutes and tries to login again
+	* fixed some grammar errors
+	* some small improvements
+	* fixed some separators in kathrine template
+
+## [0.3.0 - 28.08.2017]
+	* added administration panel for screenshots management with auto thumbnail generator and image auto-resizing
+	* added Twig template engine and moved some html-in-php code to it
+	* automatically detect player country based on user location (IP) on create account
+	* player sex (gender) is now configurable at $config['genders']
+	* fixed recovering account and changing password when salt is enabled
+	* fixed installing samples when for example Rook Sample already exist and other samples not
+	* fixed some mysql error when character you trying to create already exist
+	* fixed some warning when you select nonexistent country
+	* password change minimal/maximal length notice is now more precise
+	* added 'enabled' field in myaac_hooks table, which can enable or disable specified hook
+	* removed DEFAULT '' for TEXT field. It didn't worked under some systems like MAC OS X.
+	* minimum PHP version to install the MyAAC is now 5.2.0 cause of pathinfo (extension) function
+	* removed unused admin stylish template
+	* removed some unused cities field from myaac_spells table
+	* moved news adding at installation from schema.sql to finish.php
+	* some optimizations
+
+## [0.2.4 - 09.06.2017]
+	* fixed invite to guild
+	* added id field on monsters, so you can delete them in phpmyadmin
+	* fixed adding some creatures with ' and "
+	* fixed when there are spaces at beginning of the file (creatures)
+	* fixed when file is unable to parse (creatures)
+	* fixed typo loss_items => loss_containers
+	* more elegant way of showing message on reload creatures and spells
+
+## [0.2.3 - 31.05.2017]
+	* fixed guild management on OTHire 0.0.3
+	* set default skills to 10 when creating new character
+	* fixed displaying of "Create forum thread" in newses
+	* fixed deleting guild on servers that use players.rank_id field
+	* fixed phpmailer class loading (https://otland.net/threads/myaac-v0-0-1.251454/page-8#post-2445222)
+	* fixed displaying vocation amount on online page
+	* better support for custom vocations, you just need to set in config vocations_amount to yours.
+	* fixed huge space in player name (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444328)
+	* fixed Undefined variable (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444034)
+	* fixed Undefined offset (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444035)
+
+## [0.2.2 - 22.05.2017]
+	* added missing cache/signature directory
+	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2443868
+
+## [0.2.1 - 21.05.2017]
+	* added Swedish translation by Sizaro
+	* fixed some bugs with installlation & characters & houses
+
+## [0.2.0 - 21.05.2017]
+	* added option to change character sex for premium points
+	* moved site_closed to database, now you can close your site through admin panel
+	* added option to admin panel: clear cache
+	* added experiencetable_rows configurable
+	* optimized OTS_Account->getGroupId(), now its using like 20 queries less
+	* optimized OTS_Player->load($id) function, should be much faster now
+	* fixed displaying on highscores special outfits
+	* fixed skull images displaying
+	* fixed displaying unlimited premium account
+	* fixed bug where players.lookaddons doesn't exist (OTHire etc.) (https://otland.net/threads/myaac-v0-0-1.251454/page-6#post-2442407)
+	* fixed signature tibian for OTHire and other servers that doesnt use accounts.premdays field
+	* fixed when player name in signature containst space
+	* don't show "Create forum thread" when editing
+	* fixed red color table after create account
+	* updated download links, as clients.halfaway.net isn't working anymore
+	* fixed some bugs while installing when field `email_next` or `hidden` already exist
+	* fixed movies unexpected comment
+	* added template_place_holder('center_top') to kathrine template
+
+## [0.1.5 - 13.05.2017]
+	* fixed bug with "Integrity constraint violation: 1048 Column 'ip' cannot be null"
+
+## [0.1.4 - 13.05.2017]
+	* added outfit shower, in characters, online, and highscores
+	* updated database to version 2
+	* fixed item images (now using item-images.ots.me host by default)
+	* fixed news ticket and posting long newses (https://otland.net/threads/myaac-v0-0-1.251454/page-5#post-2442026)
+	* news body limit increased to 65535 (mysql text field)
+	* removed some unused code from my old server
+	* added spells & monsters to kathrine template
+
+## [0.1.3 - 11.05.2017]
+	* this is just release to update version number
+
+## [0.1.2 - 11.05.2017]
+	* forgot to update CHANGELOG and MYAAC_VERSION
+
+## [0.1.1 - 11.05.2017]
+	* fixed updating myaac_config with database_version to 1
+	* fixed database updater
+
+## [0.1.0 - 11.05.2017]
+	* added new feature: change character name for premium points (disabled by default, you can enable it in config under account_change_character_name in config.php)
+	* added automatic database updater (data migrations)
+	* renamed events to hooks
+	* moved hooks to database
+	* now you can use hooks in plugins
+	* set account.type field to 5 on install, if TFS 1.0+
+	* added example plugin
+	* new, latest google analytics code
+	* fixed bug with loading account.name that has numbers in it
+	* fixed many bugs in player editor in admin panel
+	* added error handling to plugin manager and some more verification in
+	* file has been correctly unpacked/uploaded
+	* fixed Statistics page in admin panel when using account.number
+	* fixed bug when creating/recovering account on servers with
+	* account.salt field (TFS 0.3 for example)
+	* fixed forum showing thread with html tags (added from news manager)
+	* new, latest code for youtube videos in movies page
+	* fixed showing vocation images when using $config['online_vocations_images']
+	* many fixes in polls (also importing proper schema)
+	* fixed hovering on buttons in kathrine template (on accountmanagement page)
+	* fixed signatures (many fixes)
+	* added missing gesior signature system
+
+## [0.0.6 - 06.05.2017]
+	* fixed bug while installing (https://otland.net/threads/myaac-v0-0-1.251454/page-3#post-2440543)
+	* fixed bug when creating character (not showing errors) (one more time)
+	* fixed support for TFS 0.2 series
+	* added FAQ link
+
+## [0.0.5 - 05.05.2017]
+	* fixed bug when creating character (not showing errors)
+	* Fixed characters loading with names that has been created with other AAC
+	* fixed links to shop in default template
+	* fixed some weird PHP 7.1 warnings/notices
+	* Fixed config loading with some weird comments
+	* fixed bug with status info utf8 encoding (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440259)
+	* fixed when ip in log_action is NULL (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440357)
+	* fixed bug when guild doesn't exist on characters page (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440320)
+	* disabled friendly_urls by default
+	* fixes when $config['database_*'] is set
+	* added CHANGELOG
+
+## [0.0.3 - 03.05.2017]
+	* Full support for OTHire 0.0.3
+	* added support for otservers that doesn't use account.name field, instead just account number will be used
+	* fixed encryption detection on TFS 0.3
+	* fixed bug when server_config table doesn't exist
+	* (install) moved admin account creation to new step
+	* fixed news comment link
+	* by default, the installer creates now the Admin player, for admin account
+	* fixed installation errors
+	* fixed config.lua loading with some weird comments
+
+## [0.0.2 - 02.05.2017]
+	* updated forum links to use friendly_urls
+	* some more info will be shown when cannot connect to database
+	* show more error infos when creating character
+	* fixed forum link on newses
+	* fixed spells loading when there's vocation name instead of id
+	* fixed bug when you have changed template but it doesn't exist anymore
+	* fixed vocations with promotion loading
+	* fixed support for gesior pages and templates
+	* added function OTS_Acount:getGroupId()
+
+## [0.0.1 - 01.05.2017]
+	This is first official release of MyAAC.
+	Features are listed here
+
+	For more information, see the release announcement on OTLand: https://otland.net/threads/myaac-v0-0-1.251454/

README.md

@@ -19,11 +19,11 @@ Official website: https://my-aac.org
 
 ### Requirements
 
-	- PHP 8.0 or later
+	- PHP 7.2.5 or later
 	- MySQL database
 	- PDO PHP Extension
 	- XML PHP Extension
-	- (optional) ZIP PHP Extension
+	- ZIP PHP Extension
 	- (optional) mod_rewrite to use friendly_urls
 
 ### Installation

admin/includes/settings_menus.php

@@ -1,35 +0,0 @@
-<?php
-
-$order = 10;
-
-$settingsMenu = [];
-
-$settingsMenu[] = [
-	'name' => 'MyAAC',
-	'link' => 'settings&plugin=core',
-	'icon' => 'list',
-	'order' => $order,
-];
-
-foreach (Plugins::getAllPluginsSettings() as $setting) {
-	$file = BASE . $setting['settingsFilename'];
-	if (!file_exists($file)) {
-		warning('Plugin setting: ' . $file . ' - cannot be loaded.');
-		continue;
-	}
-
-	$order += 10;
-
-	$settings = require $file;
-
-	$settingsMenu[] = [
-		'name' => $settings['name'],
-		'link' => 'settings&plugin=' . $setting['pluginFilename'],
-		'icon' => 'list',
-		'order' => $order,
-	];
-}
-
-unset($settings, $file, $order);
-
-return $settingsMenu;

admin/index.php

@@ -1,10 +1,13 @@
 <?php
-
 // few things we'll need
 require '../common.php';
 
-const ADMIN_PANEL = true;
-const MYAAC_ADMIN = true;
+define('ADMIN_PANEL', true);
+define('MYAAC_ADMIN', true);
+
+if(file_exists(BASE . 'config.local.php')) {
+	require_once BASE . 'config.local.php';
+}
 
 if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed']))
 {
@@ -15,8 +18,8 @@ if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['i
 $content = '';
 
 // validate page
-$page = $_GET['p'] ?? '';
-if(empty($page) || preg_match("/[^a-zA-Z0-9_\-\/.]/", $page))
+$page = isset($_GET['p']) ? $_GET['p'] : '';
+if(empty($page) || preg_match("/[^a-zA-Z0-9_\-]/", $page))
 	$page = 'dashboard';
 
 $page = strtolower($page);
@@ -25,9 +28,10 @@ define('PAGE', $page);
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
 
-// verify myaac tables exists in database
-if(!$db->hasTable('myaac_account_actions')) {
-	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
+if(config('env') === 'dev') {
+	ini_set('display_errors', 1);
+	ini_set('display_startup_errors', 1);
+	error_reporting(E_ALL);
 }
 
 // event system
@@ -37,40 +41,31 @@ $hooks->load();
 
 require SYSTEM . 'status.php';
 require SYSTEM . 'login.php';
-require __DIR__ . '/includes/functions.php';
+require SYSTEM . 'migrate.php';
+require ADMIN . 'includes/functions.php';
 
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
 
-if (ACTION == 'logout') {
-	require SYSTEM . 'logout.php';
-}
-
 // if we're not logged in - show login box
 if(!$logged || !admin()) {
 	$page = 'login';
 }
 
 // include our page
-$file = __DIR__ . '/pages/' . $page . '.php';
+$file = ADMIN . 'pages/' . $page . '.php';
 if(!@file_exists($file)) {
-	if (strpos($page, 'plugins/') !== false) {
-		$file = BASE . $page;
-	}
-	else {
 	$page = '404';
 	$file = SYSTEM . 'pages/404.php';
 }
-}
 
 ob_start();
-if($hooks->trigger(HOOK_ADMIN_BEFORE_PAGE)) {
-	require $file;
-}
+include($file);
 
 $content .= ob_get_contents();
 ob_end_clean();
 
 // template
 $template_path = 'template/';
-require __DIR__ . '/' . $template_path . 'template.php';
+require ADMIN . $template_path . 'template.php';
+

admin/pages/accounts.php

@@ -4,24 +4,37 @@
  *
  * @package   MyAAC
  * @author    Lee
- * @copyright 2020 MyAAC
+ * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
-
-use MyAAC\Models\Player;
-
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Account editor';
-$admin_base = ADMIN_URL . '?p=accounts';
-$use_datatable = true;
+$base = BASE_URL . 'admin/?p=accounts';
 
-if (setting('core.account_country'))
+if ($config['account_country'])
 	require SYSTEM . 'countries.conf.php';
 
-$nameOrNumberColumn = 'name';
-if (USE_ACCOUNT_NUMBER) {
-	$nameOrNumberColumn = 'number';
+function echo_success($message)
+{
+	echo '<p class="success">' . $message . '</p>';
+}
+
+function echo_error($message)
+{
+	global $error;
+	echo '<p class="error">' . $message . '</p>';
+	$error = true;
+}
+
+function verify_number($number, $name, $max_length)
+{
+	if (!Validator::number($number))
+		echo_error($name . ' can contain only numbers.');
+
+	$number_length = strlen($number);
+	if ($number_length <= 0 || $number_length > $max_length)
+		echo_error($name . ' cannot be longer than ' . $max_length . ' digits.');
 }
 
 $hasSecretColumn = $db->hasColumn('accounts', 'secret');
@@ -30,7 +43,7 @@ $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $hasTypeColumn = $db->hasColumn('accounts', 'type');
 $hasGroupColumn = $db->hasColumn('accounts', 'group_id');
 
-if (setting('core.account_country')) {
+if ($config['account_country']) {
 	$countries = array();
 	foreach (array('pl', 'se', 'br', 'us', 'gb') as $c)
 		$countries[$c] = $config['countries'][$c];
@@ -39,8 +52,6 @@ if (setting('core.account_country')) {
 	foreach ($config['countries'] as $code => $c)
 		$countries[$code] = $c;
 }
-$web_acc = ACCOUNT_WEB_FLAGS;
-$acc_type = setting('core.account_types');
 ?>
 
 <link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
@@ -48,41 +59,38 @@ $acc_type = setting('core.account_types');
 
 <?php
 $id = 0;
-$search_account = '';
 if (isset($_REQUEST['id']))
 	$id = (int)$_REQUEST['id'];
-else if (isset($_REQUEST['search'])) {
-	$search_account = $_REQUEST['search'];
-	if (strlen($search_account) < 3 && !Validator::number($search_account)) {
-		echo_error('Player name is too short.');
+else if (isset($_REQUEST['search_name'])) {
+	if (strlen($_REQUEST['search_name']) < 3 && !Validator::number($_REQUEST['search_name'])) {
+		echo 'Player name is too short.';
 	} else {
-		$query = $db->query('SELECT `id` FROM `accounts` WHERE `' . $nameOrNumberColumn . '` = ' . $db->quote($search_account));
+		if (Validator::number($_REQUEST['search_name']))
+			$id = $_REQUEST['search_name'];
+		else {
+			$query = $db->query('SELECT `id` FROM `accounts` WHERE `name` = ' . $db->quote($_REQUEST['search_name']));
 			if ($query->rowCount() == 1) {
 				$query = $query->fetch();
-			$id = (int)$query['id'];
+				$id = $query['id'];
 			} else {
-			$query = $db->query('SELECT `id`, `' . $nameOrNumberColumn . '` FROM `accounts` WHERE `' . $nameOrNumberColumn . '` LIKE ' . $db->quote('%' . $search_account . '%'));
+				$query = $db->query('SELECT `id`, `name` FROM `accounts` WHERE `name` LIKE ' . $db->quote('%' . $_REQUEST['search_name'] . '%'));
 				if ($query->rowCount() > 0 && $query->rowCount() <= 10) {
-				$str_construct = 'Do you mean?<ul class="mb-0">';
+					echo 'Do you mean?<ul>';
 					foreach ($query as $row)
-					$str_construct .= '<li><a href="' . $admin_base . '&id=' . $row['id'] . '">' . $row[$nameOrNumberColumn] . '</a></li>';
-				$str_construct .= '</ul>';
-				echo_error($str_construct);
+						echo '<li><a href="' . $base . '&id=' . $row['id'] . '">' . $row['name'] . '</a></li>';
+					echo '</ul>';
 				} else if ($query->rowCount() > 10)
-				echo_error('Specified name resulted with too many accounts.');
-			else
-				echo_error('No entries found.');
+					echo 'Specified name resulted with too many accounts.';
 			}
 		}
 	}
-?>
-<div class="row">
-	<?php
+}
+$groups = new OTS_Groups_List();
 if ($id > 0) {
 	$account = new OTS_Account();
 	$account->load($id);
 
-		if (isset($account, $_POST['save']) && $account->isLoaded()) {
+	if (isset($account, $_POST['save']) && $account->isLoaded()) {// we want to save
 		$error = false;
 
 		$_error = '';
@@ -146,14 +154,14 @@ else if (isset($_REQUEST['search'])) {
 		verify_number($web_flags, 'Web Flags', 1);
 
 		//created
-			$created = strtotime($_POST['created']);
+		$created = $_POST['created'];
 		verify_number($created, 'Created', 11);
 
 		//web last login
-			$web_lastlogin = strtotime($_POST['web_lastlogin']);
-			verify_number($web_lastlogin, 'Web Last login', 11);
+		$web_lastlogin = $_POST['web_lastlogin'];
+		verify_number($web_lastlogin, 'Web Last logout', 11);
 
-			if (!$error && $hooks->trigger(HOOK_ADMIN_ACCOUNTS_SAVE_POST, ['account_id' => $account->getId(), 'account_email' =>  $account->getEMail()])) {
+		if (!$error) {
 			if(USE_ACCOUNT_NAME) {
 				$account->setName($name);
 			}
@@ -193,16 +201,17 @@ else if (isset($_REQUEST['search'])) {
 			$account->setCustomField('web_lastlogin', $web_lastlogin);
 
 			if (isset($password)) {
-					if (USE_ACCOUNT_SALT) {
+				$config_salt_enabled = $db->hasColumn('accounts', 'salt');
+				if ($config_salt_enabled) {
 					$salt = generateRandomString(10, false, true, true);
 					$password = $salt . $password;
-						$account->setCustomField('salt', $salt);
+					$account_logged->setCustomField('salt', $salt);
 				}
 
 				$password = encrypt($password);
 				$account->setPassword($password);
 
-					if (USE_ACCOUNT_SALT)
+				if ($config_salt_enabled)
 					$account->setCustomField('salt', $salt);
 			}
 
@@ -210,195 +219,165 @@ else if (isset($_REQUEST['search'])) {
 			echo_success('Account saved at: ' . date('G:i'));
 		}
 	}
-	} else if ($id == 0) {
-		$accounts_db = $db->query('SELECT `id`, `' . $nameOrNumberColumn . '`' . ($hasTypeColumn ? ',type' : ($hasGroupColumn ? ',group_id' : '')) . ' FROM `accounts` ORDER BY `id` ASC');
+}
+
+$search_account = '';
+if (isset($_REQUEST['search_name']))
+	$search_account = $_REQUEST['search_name'];
+else if (isset($_REQUEST['search_account']))
+	$search_account = $_REQUEST['search_account'];
+else if ($id > 0 && isset($account) && $account->isLoaded()) {
+	if(USE_ACCOUNT_NAME) {
+		$search_account = $account->getName();
+	}
+	else {
+		$search_account = $account->getId();
+	}
+}
+
 ?>
-		<div class="col-12 col-sm-12 col-lg-10">
-			<div class="card card-info card-outline">
-				<div class="card-header">
-					<h5 class="m-0">Accounts</h5>
-				</div>
-				<div class="card-body">
-					<table class="acc_datatable table table-striped table-bordered table-responsive d-md-table">
-						<thead>
-						<tr>
-							<th>ID</th>
-							<th><?= ($nameOrNumberColumn == 'number' ? 'Number' : 'Name'); ?></th>
-							<?php if($hasTypeColumn || $hasGroupColumn): ?>
-							<th>Position</th>
-							<?php endif; ?>
-							<th style="width: 40px">Edit</th>
-						</tr>
-						</thead>
-						<tbody>
-						<?php foreach ($accounts_db as $account_lst): ?>
-							<tr>
-								<th><?php echo $account_lst['id']; ?></th>
-								<td><?php echo $account_lst[$nameOrNumberColumn]; ?></a></td>
-								<?php if($hasTypeColumn || $hasGroupColumn): ?>
-								<td>
-									<?php if ($hasTypeColumn) {
-										echo $acc_type[$account_lst['type']];
-									} elseif ($hasGroupColumn) {
-										$group = $groups->getGroups();
-										echo $group[$account_lst['group_id']];
-									} ?>
-								</td>
-								<?php endif; ?>
-								<td><a href="?p=accounts&id=<?php echo $account_lst['id']; ?>" class="btn btn-success btn-sm" title="Edit">
-										<i class="fas fa-pencil-alt"></i>
-									</a>
-								</td>
-							</tr>
-						<?php endforeach; ?>
-						</tbody>
-					</table>
-				</div>
-			</div>
-		</div>
-	<?php } ?>
-
+<div class="row">
 	<?php if (isset($account) && $account->isLoaded()) { ?>
-		<div class="col-12 col-sm-12 col-lg-10">
-			<div class="card card-primary card-outline card-outline-tabs">
-				<div class="card-header p-0 border-bottom-0">
-					<ul class="nav nav-tabs" id="accounts-tab" role="tablist">
-						<li class="nav-item">
-							<a class="nav-link active" id="accounts-acc-tab" data-toggle="pill" href="#accounts-acc">Account</a>
-						</li>
-						<li class="nav-item">
-							<a class="nav-link" id="accounts-chars-tab" data-toggle="pill" href="#accounts-chars">Characters</a>
-						</li>
-						<?php if ($db->hasTable('bans')) : ?>
-							<li class="nav-item">
-								<a class="nav-link" id="accounts-bans-tab" data-toggle="pill" href="#accounts-bans">Bans</a>
-							</li>
-						<?php endif;
 
-						if ($db->hasTable('store_history') && $db->hasColumn('store_history', 'time')) : ?>
-							<li class="nav-item">
-								<a class="nav-link" id="accounts-store-tab" data-toggle="pill" href="#accounts-store">Store History</a>
-							</li>
-						<?php endif; ?>
-					</ul>
-				</div>
-				<div class="card-body">
-					<div class="tab-content" id="accounts-tabContent">
-						<div class="tab-pane fade active show" id="accounts-acc">
-							<form action="<?php echo $admin_base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post">
-								<div class="form-group row">
+	<form action="<?php echo $base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post"
+		  class="form-horizontal">
+		<div class="col-md-8">
+			<div class="box box-primary">
+				<div class="box-body">
+					<div class="row">
 						<?php if(USE_ACCOUNT_NAME): ?>
-										<div class="col-12 col-sm-12 col-lg-4">
-											<label for="name">Account Name:</label>
-											<input type="text" class="form-control" id="name" name="name" autocomplete="off" value="<?php echo $account->getName(); ?>"/>
-										</div>
-									<?php elseif (USE_ACCOUNT_NUMBER): ?>
-										<div class="col-12 col-sm-12 col-lg-4">
-											<label for="name">Account Number:</label>
-											<input type="text" class="form-control" id="name" name="name" autocomplete="off" value="<?php echo $account->getNumber(); ?>"/>
+						<div class="col-xs-4">
+							<label for="name" class="control-label">Account Name:</label>
+							<input type="text" class="form-control" id="name" name="name"
+								   autocomplete="off" style="cursor: auto;"
+								   value="<?php echo $account->getName(); ?>"/>
 						</div>
 						<?php endif; ?>
-									<div class="col-12 col-sm-12 col-lg-5">
-										<div class="form-check">
+						<div class="col-xs-5">
+							<label for="c_pass" class="control-label">Password: (check to change)</label>
+							<div class="input-group">
+                            <span class="input-group-addon">
                               <input type="checkbox"
 									 name="c_pass"
 									 id="c_pass"
 									 value="false"
-												   class="form-check-input"/>
-											<label for="c_pass">Password: (check to change)</label>
-										</div>
-										<div class="input-group">
-											<input type="text" class="form-control" id="pass" name="pass" autocomplete="off" maxlength="20" value=""/>
+									 class="input_control"/>
+                            </span>
+								<input type="text" class="form-control" id="pass" name="pass"
+									   autocomplete="off" maxlength="20"
+									   value=""/>
 							</div>
 						</div>
-									<div class="col-12 col-sm-12 col-lg-3">
+						<div class="col-xs-3">
 							<label for="account_id" class="control-label">Account ID:</label>
-										<input type="text" class="form-control" id="account_id" name="account_id" autocomplete="off" size="8" maxlength="11" disabled value="<?php echo $account->getId(); ?>"/>
+							<input type="text" class="form-control" id="account_id" name="account_id"
+								   autocomplete="off" style="cursor: auto;" size="8" maxlength="11" disabled
+								   value="<?php echo $account->getId(); ?>"/>
 						</div>
 					</div>
-								<div class="form-group row">
+					<div class="row">
 						<?php
 						$acc_group = $account->getAccGroupId();
 						if ($hasTypeColumn) {
+							$groups = new OTS_Groups_List();
+
+							$acc_type = array("Normal", "Tutor", "Senior Tutor", "Gamemaster", "God");
+							if ($groups->getHighestId() == 6) {
+								$acc_type = array("Normal", "Tutor", "Senior Tutor", "Gamemaster", "Community Manager", "God");
+							}
 						?>
-										<div class="col-12 col-sm-12 col-lg-6">
-											<label for="group">Account Type:</label>
+							<div class="col-xs-6">
+								<label for="group" class="control-label">Account Type:</label>
 								<select name="group" id="group" class="form-control">
 									<?php foreach ($acc_type as $id => $a_type): ?>
-													<option value="<?php echo($id); ?>" <?php echo($acc_group == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
+										<option value="<?php echo($id + 1); ?>" <?php echo($acc_group == ($id + 1) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 									<?php endforeach; ?>
 								</select>
 							</div>
 							<?php
 						} elseif ($hasGroupColumn) {
 							?>
-										<div class="col-12 col-sm-12 col-lg-6">
-											<label for="group">Account Type:</label>
+							<div class="col-xs-6">
+								<label for="group" class="control-label">Account Type:</label>
 								<select name="group" id="group" class="form-control">
-												<?php foreach ($groups->getGroups() as $id => $group): ?>
+									<?php
+									foreach ($groups->getGroups() as $id => $group): ?>
 										<option value="<?php echo $id; ?>" <?php echo($acc_group == $id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
 									<?php endforeach; ?>
 								</select>
 							</div>
 						<?php } ?>
-									<div class="col-12 col-sm-12 col-lg-6">
-										<label for="web_flags">Website Access:</label>
+						<div class="col-xs-6">
+							<label for="web_flags" class="control-label">Website Access:</label>
 							<select name="web_flags" id="web_flags" class="form-control">
-											<?php foreach ($web_acc as $id => $a_type): ?>
+								<?php $web_acc = array("None", "Admin", "Super Admin", "(Admin + Super Admin)");
+								foreach ($web_acc as $id => $a_type): ?>
 									<option value="<?php echo($id); ?>" <?php echo($account->getWebFlags() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 								<?php endforeach; ?>
 							</select>
 						</div>
 					</div>
-								<div class="form-group row">
+					<div class="row">
 						<?php if($hasSecretColumn): ?>
-										<div class="col-12 col-sm-12 col-lg-6">
-											<label for="secret">Secret:</label>
-											<input type="text" class="form-control" id="secret" name="secret" autocomplete="off" value="<?php echo $account->getCustomField('secret'); ?>"/>
+						<div class="col-xs-6">
+							<label for="secret" class="control-label">Secret:</label>
+							<input type="text" class="form-control" id="secret" name="secret"
+								   autocomplete="off" style="cursor: auto;" size="8" maxlength="11"
+								   value="<?php echo $account->getCustomField('secret'); ?>"/>
 						</div>
 						<?php endif; ?>
-									<div class="col-12 col-sm-12 col-lg-6">
-										<label for="key">Recovery Key:</label>
-										<input type="text" class="form-control" id="key" name="key" autocomplete="off" value="<?php echo $account->getCustomField('key'); ?>"/>
+						<div class="col-xs-6">
+							<label for="key" class="control-label">Key:</label>
+							<input type="text" class="form-control" id="key" name="key"
+								   autocomplete="off" style="cursor: auto;" size="8" maxlength="11"
+								   value="<?php echo $account->getCustomField('key'); ?>"/>
 						</div>
 					</div>
-								<div class="form-group row">
-									<div class="col-12 col-sm-12 col-lg-6">
-										<label for="email">Email:</label><?php echo (setting('core.mail_enabled') ? ' (<a href="' . ADMIN_URL . '?p=mailer&mail_to=' . $account->getEMail() . '">Send Mail</a>)' : ''); ?>
-										<input type="text" class="form-control" id="email" name="email" autocomplete="off" value="<?php echo $account->getEMail(); ?>"/>
+					<div class="row">
+						<div class="col-xs-6">
+							<label for="email" class="control-label">Email:</label>
+							<input type="text" class="form-control" id="email" name="email"
+								   autocomplete="off" maxlength="20"
+								   value="<?php echo $account->getEMail(); ?>"/>
 						</div>
 						<?php if ($hasCoinsColumn): ?>
-										<div class="col-12 col-sm-12 col-lg-6">
-											<label for="t_coins">Tibia Coins:</label>
-											<input type="text" class="form-control" id="t_coins" name="t_coins" autocomplete="off" maxlength="11" value="<?php echo $account->getCustomField('coins') ?>"/>
+							<div class="col-xs-6">
+								<label for="t_coins" class="control-label">Tibia Coins:</label>
+								<input type="text" class="form-control" id="t_coins" name="t_coins"
+									   autocomplete="off" maxlength="8"
+									   value="<?php echo $account->getCustomField('coins') ?>"/>
 							</div>
 						<?php endif; ?>
-									<div class="col-12 col-sm-12 col-lg-6">
-										<label for="p_days">Premium Days:</label>
-										<input type="text" class="form-control" id="p_days" name="p_days" autocomplete="off" maxlength="11" value="<?php echo $account->getPremDays(); ?>"/>
+						<div class="col-xs-6">
+							<label for="p_days" class="control-label">Premium Days:</label>
+							<input type="text" class="form-control" id="p_days" name="p_days"
+								   autocomplete="off" maxlength="11"
+								   value="<?php echo $account->getPremDays(); ?>"/>
 						</div>
 						<?php if ($hasPointsColumn): ?>
-										<div class="col-12 col-sm-12 col-lg-6">
+							<div class="col-xs-6">
 								<label for="p_points" class="control-label">Premium Points:</label>
-											<input type="text" class="form-control" id="p_points" name="p_points" autocomplete="off" maxlength="8" value="<?php echo $account->getCustomField('premium_points') ?>"/>
+								<input type="text" class="form-control" id="p_points" name="p_points"
+									   autocomplete="off" maxlength="8"
+									   value="<?php echo $account->getCustomField('premium_points') ?>"/>
 							</div>
 						<?php endif; ?>
 					</div>
-								<div class="form-group row">
-									<div class="col-12 col-sm-12 col-lg-4">
-										<label for="rl_name">RL Name:</label>
+					<div class="row">
+						<div class="col-xs-4">
+							<label for="rl_name" class="control-label">RL Name:</label>
 							<input type="text" class="form-control" id="rl_name" name="rl_name"
 								   autocomplete="off" maxlength="20"
 								   value="<?php echo $account->getRLName(); ?>"/>
 						</div>
-									<div class="col-12 col-sm-12 col-lg-4">
-										<label for="rl_loca">Location:</label>
+						<div class="col-xs-4">
+							<label for="rl_loca" class="control-label">Location:</label>
 							<input type="text" class="form-control" id="rl_loca" name="rl_loca"
 								   autocomplete="off" maxlength="20"
 								   value="<?php echo $account->getLocation(); ?>"/>
 						</div>
-									<div class="col-12 col-sm-12 col-lg-4">
-										<label for="rl_country">Country:</label>
+						<div class="col-xs-4">
+							<label for="rl_country" class="control-label">Country:</label>
 							<select name="rl_country" id="rl_country" class="form-control">
 								<?php foreach ($countries as $id => $a_type): ?>
 									<option value="<?php echo($id); ?>" <?php echo($account->getCountry() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
@@ -406,184 +385,106 @@ else if (isset($_REQUEST['search'])) {
 							</select>
 						</div>
 					</div>
-								<div class="form-group row">
-									<div class="col-12 col-sm-12 col-lg-6">
+					<div class="row">
+						<div class="col-xs-4">
 							<label for="created" class="control-label">Created:</label>
-										<input type="text" class="form-control" id="created" name="created" autocomplete="off" maxlength="20" value="<?php echo date("M d Y, H:i:s", $account->getCustomField('created')); ?>"/>
+							<input type="text" class="form-control" id="created" name="created"
+								   autocomplete="off" maxlength="20"
+								   value="<?php echo $account->getCustomField('created'); ?>"/>
 						</div>
-									<div class="col-12 col-sm-12 col-lg-6">
+						<div class="col-xs-4">
 							<label for="web_lastlogin" class="control-label">Web Last Login:</label>
-										<input type="text" class="form-control" id="web_lastlogin" name="web_lastlogin" autocomplete="off" maxlength="20" value="<?php echo date("M d Y, H:i:s", $account->getCustomField('web_lastlogin')); ?>"/>
+							<input type="text" class="form-control" id="web_lastlogin" name="web_lastlogin"
+								   autocomplete="off" maxlength="20"
+								   value="<?php echo $account->getCustomField('web_lastlogin'); ?>"/>
 						</div>
 					</div>
 
 					<input type="hidden" name="save" value="yes"/>
+					<div class="box-footer">
+						<a href="<?php echo ADMIN_URL; ?>?p=accounts"><span class="btn btn-danger">Cancel</span></a>
+						<div class="pull-right">
+							<input type="submit" class="btn btn-primary" value="Update">
+						</div>
+					</div>
 
-								<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> Update</button>
-								<a href="<?php echo ADMIN_URL; ?>?p=accounts" class="btn btn-danger float-right"><i class="fas fa-cancel"></i> Cancel</a>
+				</div>
+			</div>
 	</form>
 </div>
-						<div class="tab-pane fade" id="accounts-chars">
-							<div class="row">
+<?php } ?>
+<div class="col-md-4">
+	<div class="box box-primary">
+		<div class="box-header with-border">
+			<h3 class="box-title">Search Account:</h3>
+			<div class="box-tools pull-right">
+				<button type="button" class="btn btn-box-tool" data-widget="collapse"><i class="fa fa-minus"></i>
+				</button>
+			</div>
+		</div>
+
+		<div class="box-body">
+			<form action="<?php echo $base; ?>" method="post">
+				<div class="input-group input-group-sm">
+					<input type="text" class="form-control" name="search_name" value="<?php echo escapeHtml($search_account); ?>"
+						   maxlength="32" size="32">
+					<span class="input-group-btn">
+                          <button type="submit" type="button" class="btn btn-info btn-flat">Search</button>
+                        </span>
+				</div>
+			</form>
+		</div>
+	</div>
 	<?php
 	if (isset($account) && $account->isLoaded()) {
-									$account_players = Player::where('account_id', $account->getId())->orderBy('id')->get();
-									if (isset($account_players)) { ?>
-										<table class="table table-striped table-condensed table-responsive d-md-table">
-											<thead>
+		$account_players = array();
+		$query = $db->query('SELECT `name`,`level`,`vocation`  FROM `players` WHERE `account_id` = ' . $account->getId() . ' ORDER BY `name`')->fetchAll();
+		if (isset($query)) {
+			?>
+			<div class="box">
+				<div class="box-header">
+					<h3 class="box-title">Character List:</h3>
+				</div>
+				<div class="box-body no-padding">
+					<table class="table table-striped">
+						<tbody>
 						<tr>
-												<th>#</th>
+							<th style="width: 10px">#</th>
 							<th>Name</th>
 							<th>Level</th>
-												<th>Vocation</th>
 							<th style="width: 40px">Edit</th>
 						</tr>
-											</thead>
-											<tbody>
-											<?php foreach ($account_players as $i => $player): ?>
-												<tr>
-													<th><?php echo $i + 1; ?></th>
-													<td><?php echo $player->name; ?></td>
-													<td><?php echo $player->level; ?></td>
-													<td><?php echo $player->vocation_name; ?></td>
-													<td><a href="?p=players&id=<?php echo $player->getKey() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
-												</tr>
-											<?php endforeach ?>
-											</tbody>
-										</table>
 						<?php
-									}
+						$i = 1;
+						foreach ($query as $p) {
+							$account_players[] = $p;
+							echo '<tr>
+                            <td>' . $i . '.</td>
+                            <td>' . $p['name'] . '</td>
+                            <td>' . $p['level'] . '</td>
+                            <td><a href="?p=players&search_name=' . $p['name'] . '"><span class="btn btn-success btn-sm edit btn-flat"><i class="fa fa-edit"></i></span></a></span></td>
+                        </tr>';
+							$i++;
 						} ?>
-							</div>
-						</div>
-						<?php if ($db->hasTable('bans')) : ?>
-							<div class="tab-pane fade" id="accounts-bans">
-								<?php
-								$bans = $db->query('SELECT * FROM ' . $db->tableName('bans') . ' WHERE ' . $db->fieldName('active') . ' = 1 AND ' . $db->fieldName('id') . ' = ' . $account->getId() . ' ORDER BY ' . $db->fieldName('added') . ' DESC LIMIT 10');
-								if ($bans->rowCount()) {
-									?>
-									<table class="table table-striped table-condensed table-responsive d-md-table">
-										<thead>
-										<tr>
-											<th>Nick</th>
-											<th>Type</th>
-											<th>Expires</th>
-											<th>Reason</th>
-											<th>Comment</th>
-											<th>Added by:</th>
-										</tr>
-										</thead>
-										<tbody>
-										<?php
-										foreach ($bans as $ban) {
-											?>
-											<tr>
-												<td><?php
-													$pName = getPlayerNameByAccount($ban['value']);
-													echo '<a href="?p=players&search=' . $pName . '">' . $pName . '</a>'; ?>
-												</td>
-												<td><?php echo getBanType($ban['type']); ?></td>
-												<td>
-													<?php
-													if ($ban['expires'] == "-1")
-														echo 'Never';
-													else
-														echo date("H:i:s", $ban['expires']) . '<br/>' . date("d M Y", $ban['expires']);
-													?>
-												</td>
-												<td><?php echo getBanReason($ban['reason']); ?></td>
-												<td><?php echo $ban['comment']; ?></td>
-												<td>
-													<?php
-													if ($ban['admin_id'] == "0")
-														echo 'Autoban';
-													else
-														$aName = getPlayerNameByAccount($ban['admin_id']);
-													echo '<a href="?p=players&search=' . $aName . '">' . $aName . '</a>';
-													echo '<br/>' . date("d.m.Y", $ban['added']);
-													?>
-												</td>
-											</tr>
-										<?php } ?>
-										</tbody>
-									</table>
-									<?php
-								} else {
-									echo 'No Account bans.';
-								} ?>
-							</div>
-						<?php endif;
-						if ($db->hasTable('store_history') && $db->hasColumn('store_history', 'time')) { ?>
-							<div class="tab-pane fade" id="accounts-store">
-								<?php $store_history = $db->query('SELECT * FROM `store_history` WHERE `account_id` = "' . $account->getId() . '" ORDER BY `time` DESC')->fetchAll(); ?>
-								<table class="table table-striped table-condensed table-responsive d-md-table">
-									<thead>
-									<tr>
-										<th>Description</th>
-										<th>Coins</th>
-										<th>Date</th>
-									</tr>
-									</thead>
-									<tbody>
-									<?php foreach ($store_history as $p): ?>
-										<tr>
-											<td><?php echo $p['description']; ?></td>
-											<td><?php echo $p['coin_amount']; ?></td>
-											<td><?php echo date('d M y H:i:s', $p['time']); ?></td>
-										</tr>
-									<?php endforeach; ?>
 						</tbody>
 					</table>
 				</div>
-						<?php } ?>
 			</div>
+
+			<?php
+		};
+	};
+	?>
 </div>
-			</div>
-		</div>
-	<?php } ?>
-	<div class="col-12 col-sm-12 col-lg-2">
-		<div class="card card-info card-outline">
-			<div class="card-header">
-				<h5 class="m-0">Search Accounts</h5>
-			</div>
-			<div class="card-body">
-				<div class="row">
-					<div class="col-6 col-lg-12">
-						<form action="<?php echo $admin_base; ?>" method="post">
-							<label for="name">Account Name:</label>
-							<div class="input-group input-group-sm">
-								<input type="text" class="form-control" name="search" value="<?php echo $search_account; ?>" maxlength="32" size="32">
-								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
-							</div>
-						</form>
-					</div>
-					<div class="col-6 col-lg-12">
-						<form action="<?php echo $admin_base; ?>" method="post">
-							<label for="name">Account ID:</label>
-							<div class="input-group input-group-sm">
-								<input type="text" class="form-control" name="id" value="" maxlength="32" size="32">
-								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
-							</div>
-						</form>
-					</div>
-				</div>
-			</div>
-		</div>
-	</div>
-</div>
-<script>
+
+<script type="text/javascript">
+	$('#lastlogout').datetimepicker({format: 'unixtime'});
+	$('#created').datetimepicker({format: 'unixtime'});
+	$('#web_lastlogin').datetimepicker({format: 'unixtime'});
 	$(document).ready(function () {
-		$('#created').datetimepicker({format: "M d Y, H:i:s",});
-		$('#web_lastlogin').datetimepicker({format: 'M d Y, H:i:s'});
-
-		$('#c_pass').change(function () {
-			const ipass = $('input[name=pass]');
-			ipass[0].disabled = !this.checked;
-			ipass[0].value = '';
+		$('.input_control').change(function () {
+			$('input[name=pass]')[0].disabled = !this.checked;
+			$('input[name=pass]')[0].value = '';
 		}).change();
-
-		$('.acc_datatable').DataTable({
-			"order": [[0, "asc"]]
-		});
 	});
 </script>

admin/pages/changelog.php

@@ -1,142 +1,26 @@
 <?php
 /**
- * CHANGELOG modifier
+ * CHANGELOG viewer
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @author    Lee
- * @copyright 2020 MyAAC
+ * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
-
-use MyAAC\Models\Changelog as ModelsChangelog;
-
 defined('MYAAC') or die('Direct access not allowed!');
+$title = 'MyAAC Changelog';
 
-if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
-	echo 'Access denied.';
+if (!file_exists(BASE . 'CHANGELOG.md')) {
+	echo 'File CHANGELOG.md doesn\'t exist.';
 	return;
 }
 
-$title = 'Changelog';
-$use_datatable = true;
-const CL_LIMIT = 600; // maximum changelog body length
-?>
+require LIBS . 'Parsedown.php';
 
-<link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
-<script src="<?php echo BASE_URL; ?>tools/js/jquery.datetimepicker.js"></script>
-<?php
-$id = $_GET['id'] ?? 0;
-require_once LIBS . 'changelog.php';
+$changelog = file_get_contents(BASE . 'CHANGELOG.md');
 
-if(!empty($action))
-{
-	$id = $_REQUEST['id'] ?? null;
-	$body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null;
-	$create_date = isset($_REQUEST['createdate']) ? (int)strtotime($_REQUEST['createdate'] ): null;
-	$player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null;
-	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null;
-	$where = isset($_REQUEST['where']) ? (int)$_REQUEST['where'] : null;
+$Parsedown = new Parsedown();
 
-	$errors = array();
+$changelog = $Parsedown->text($changelog); # prints: <p>Hello <em>Parsedown</em>!</p>
 
-	if($action == 'new') {
-
-		if(isset($body) && Changelog::add($body, $type, $where, $player_id, $create_date, $errors)) {
-			$body = '';
-			$type = $where = $player_id = $create_date = 0;
-
-			success("Added successful.");
-		}
-	}
-	else if($action == 'delete') {
-		Changelog::delete($id, $errors);
-		success("Deleted successful.");
-	}
-	else if($action == 'edit')
-	{
-		if(isset($id) && !isset($body)) {
-			$cl = Changelog::get($id);
-			$body = $cl['body'];
-			$type = $cl['type'];
-			$where = $cl['where'];
-			$create_date = $cl['date'];
-			$player_id = $cl['player_id'];
-		}
-		else {
-			if(Changelog::update($id, $body, $type, $where, $player_id, $create_date,$errors)) {
-				$action = $body = '';
-				$type = $where = $player_id = $create_date = 0;
-
-				success("Updated successful.");
-			}
-		}
-	}
-	else if($action == 'hide') {
-		Changelog::toggleHidden($id, $errors, $status);
-		success(($status == 1 ? 'Show' : 'Hide') . " successful.");
-	}
-
-	if(!empty($errors))
-		error(implode(", ", $errors));
-}
-
-$changelogs = ModelsChangelog::orderBy('id')->get()->toArray();
-
-$i = 0;
-
-$log_type = [
-	['id' => 1, 'icon' => 'added'],
-	['id' => 2, 'icon' => 'removed'],
-	['id' => 3, 'icon' => 'changed'],
-	['id' => 4, 'icon' => 'fixed'],
-];
-
-$log_where = [
-	['id' => 1, 'icon' => 'server'],
-	['id' => 2, 'icon' => 'website'],
-];
-
-foreach($changelogs as $key => &$log)
-{
-	$log['type'] = getChangelogType($log['type']);
-	$log['where'] = getChangelogWhere($log['where']);
-}
-
-if($action == 'edit' || $action == 'new') {
-	if($action == 'edit') {
-		$player = new OTS_Player();
-		$player->load($player_id);
-	}
-
-	$account_players = $account_logged->getPlayersList();
-	$account_players->orderBy('group_id', POT::ORDER_DESC);
-	$twig->display('admin.changelog.form.html.twig', array(
-		'action' => $action,
-		'cl_link_form' => constant('ADMIN_URL').'?p=changelog&action=' . ($action == 'edit' ? 'edit' : 'new'),
-		'cl_id' => $id ?? null,
-		'body' => isset($body) ? escapeHtml($body) : '',
-		'create_date' => $create_date ?? '',
-		'player_id' => $player_id ?? null,
-		'account_players' => $account_players,
-		'type' => $type ?? 0,
-		'where' => $where ?? 0,
-		'log_type' => $log_type,
-		'log_where' => $log_where,
-	));
-}
-$twig->display('admin.changelog.html.twig', array(
-	'changelogs' => $changelogs,
-));
-
-?>
-<script>
-	$(document).ready(function () {
-		$('#createdate').datetimepicker({format: "M d Y, H:i:s",});
-
-		$('.tb_datatable').DataTable({
-			"order": [[0, "desc"]],
-			"columnDefs": [{targets: [1, 2,4,5],orderable: false}]
-		});
-	});
-</script>
+echo '<div>' . $changelog . '</div>';

admin/pages/clmd.php

@@ -1,25 +0,0 @@
-<?php
-/**
- * CHANGELOG viewer
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @author    Lee
- * @copyright 2020 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-$title = 'MyAAC Changelog';
-
-if (!file_exists(BASE . 'CHANGELOG.md')) {
-	echo 'File CHANGELOG.md doesn\'t exist.';
-	return;
-}
-
-$changelog = file_get_contents(BASE . 'CHANGELOG.md');
-
-$Parsedown = new Parsedown();
-
-$changelog = $Parsedown->text($changelog); # prints: <p>Hello <em>Parsedown</em>!</p>
-
-echo '<div>' . $changelog . '</div>';

admin/pages/dashboard.php

@@ -19,10 +19,8 @@ if (isset($_GET['clear_cache'])) {
 }
 
 if (isset($_GET['maintenance'])) {
-	$message = (!empty($_POST['message']) ? $_POST['message'] : null);
-	$_status = (isset($_POST['status']) && $_POST['status'] == 'true');
-	$_status = ($_status ? '0' : '1');
-
+	$_status = (int)$_POST['status'];
+	$message = $_POST['message'];
 	if (empty($message)) {
 		error('Message cannot be empty.');
 	} else if (strlen($message) > 255) {
@@ -47,15 +45,47 @@ $tmp = '';
 if (fetchDatabaseConfig('site_closed_message', $tmp))
 	$closed_message = $tmp;
 
-$settingAdminPanelModules = setting('core.admin_panel_modules');
-if (count($settingAdminPanelModules) > 0) {
+$query = $db->query('SELECT count(*) as `how_much` FROM `accounts`;');
+$query = $query->fetch();
+$total_accounts = $query['how_much'];
+
+$query = $db->query('SELECT count(*) as `how_much` FROM `players`;');
+$query = $query->fetch();
+$total_players = $query['how_much'];
+
+$query = $db->query('SELECT count(*) as `how_much` FROM `guilds`;');
+$query = $query->fetch();
+$total_guilds = $query['how_much'];
+
+$query = $db->query('SELECT count(*) as `how_much` FROM `houses`;');
+$query = $query->fetch();
+$total_houses = $query['how_much'];
+
+$twig->display('admin.statistics.html.twig', array(
+	'total_accounts' => $total_accounts,
+	'total_players' => $total_players,
+	'total_guilds' => $total_guilds,
+	'total_houses' => $total_houses
+));
+
+$twig->display('admin.dashboard.html.twig', array(
+	'is_closed' => $is_closed,
+	'closed_message' => $closed_message,
+	'status' => $status,
+	'account_type' => USE_ACCOUNT_NAME ? 'name' : 'number'
+));
+
 echo '<div class="row">';
+
+$configAdminPanelModules = config('admin_panel_modules');
+if(isset($configAdminPanelModules))
+	$configAdminPanelModules = explode(',', $configAdminPanelModules);
+
 $twig_loader->prependPath(__DIR__ . '/modules/templates');
-	foreach ($settingAdminPanelModules as $box) {
+foreach($configAdminPanelModules as $box) {
 	$file = __DIR__ . '/modules/' . $box . '.php';
 	if(file_exists($file)) {
 		include($file);
 	}
 }
 echo '</div>';
-}

admin/pages/items.php

@@ -0,0 +1,35 @@
+<?php
+/**
+ * Load items.xml
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Load items.xml';
+
+require_once LIBS . 'items.php';
+require_once LIBS . 'weapons.php';
+
+$twig->display('admin.items.html.twig');
+
+$reload = isset($_REQUEST['reload']) && (int)$_REQUEST['reload'] === 1;
+if ($reload) {
+	$items_start_time = microtime(true);
+	if (Items::loadFromXML(true)) {
+		success('Successfully loaded items (in ' . round(microtime(true) - $items_start_time, 4) . ' seconds).');
+	}
+	else {
+		error(Items::getError());
+	}
+
+	$weapons_start_time = microtime(true);
+	if (Weapons::loadFromXML(true)) {
+		success('Successfully loaded weapons (in ' . round(microtime(true) - $weapons_start_time, 4) . ' seconds).');
+	}
+	else {
+		error(Weapons::getError());
+	}
+}

admin/pages/login.php

@@ -9,16 +9,18 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Login';
-
-require PAGES . 'account/login.php';
-if ($logged) {
-	header('Location: ' . (admin() ? ADMIN_URL : BASE_URL));
-	return;
+$logout = '';
+if ($action == 'logout') {
+	$logout = "You have  been logged out!";
 }
 
-$twig->display('admin.login.html.twig', [
-	'logout' => (ACTION == 'logout' ? 'You have  been logged out!'  : ''),
+if (isset($errors)) {
+	foreach ($errors as $error) {
+		error($error);
+	}
+}
+
+$twig->display('admin.login.html.twig', array(
+	'logout' => $logout,
 	'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
-	'account_login_by' => getAccountLoginByLabel(),
-	'errors' => $errors ?? ''
-]);
+));

admin/pages/logs.php

@@ -4,17 +4,16 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2020 MyAAC
+ * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Logs Viewer';
-$use_datatable = true;
 
 $files = array();
 $aac_path_logs = BASE . 'system/logs/';
 foreach (scandir($aac_path_logs, SCANDIR_SORT_ASCENDING) as $f) {
-	if ($f[0] === '.' || is_dir($aac_path_logs . $f) || $f === 'index.html') {
+    if ($f[0] === '.' || is_dir($aac_path_logs . $f)) {
 	    continue;
     }
 
@@ -54,6 +53,7 @@ foreach ($files as &$f) {
 }
 unset($f);
 
+$twig->display('admin.logs.html.twig', array('files' => $files));
 
 define('EXIST_NONE', 0);
 define('EXIST_SERVER_LOG', 1);
@@ -72,12 +72,10 @@ if (!empty($file)) {
 		}
 
 		if ($exist !== EXIST_NONE) {
-			$file_content = nl2br(file_get_contents(($exist === EXIST_SERVER_LOG ? $server_path_logs : $aac_path_logs) . $file));
-			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $file_content));
+			$content = nl2br(file_get_contents(($exist === EXIST_SERVER_LOG ? $server_path_logs : $aac_path_logs) . $file));
+			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $content));
 		}
 	} else {
 		echo 'Invalid file name specified.';
 	}
 }
-
-$twig->display('admin.logs.html.twig', array('files' => $files));

admin/pages/mailer.php

@@ -15,55 +15,48 @@ if (!hasFlag(FLAG_CONTENT_MAILER) && !superAdmin()) {
 	return;
 }
 
-if (!setting('core.mail_enabled')) {
-	echo 'Mail support disabled in config.';
+if (!$config['mail_enabled']) {
+	echo 'Mail support disabled.';
 	return;
 }
 
-$mail_to = isset($_REQUEST['mail_to']) ? stripslashes(trim($_REQUEST['mail_to'])) : null;
-$mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : null;
-$mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : null;
+$mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : NULL;
+$mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : NULL;
+$preview = isset($_REQUEST['preview']);
 
-if (isset($_POST['submit'])) {
-	if (empty($mail_subject)) {
-		warning('Please enter subject of the message.');
-	}
-
-	if (empty($mail_content)) {
-		warning('Please enter content of the message.');
-	}
-}
-if (!empty($mail_to)) {
-	if(!Validator::email($mail_to)) {
-		warning('E-Mail is invalid.');
-	}
-	else {
+$preview_done = false;
+if ($preview) {
 	if (!empty($mail_content) && !empty($mail_subject)) {
-			if (_mail($mail_to, $mail_subject, $mail_content)) {
-				success("Successfully mailed <strong>$mail_to</strong>");
-			}
-			else {
-				error("Error while sending mail to <strong>$mail_to</strong>. More info can be found in system/logs/mailer-error.log");
-			}
-		}
+		$preview_done = _mail($account_logged->getCustomField('email'), $mail_subject, $mail_content);
+
+		if (!$preview_done)
+			error('Error while sending preview mail. More info can be found in system/logs/mailer-error.log');
 	}
 }
 
-if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
+
+$twig->display('admin.mailer.html.twig', array(
+	'mail_subject' => $mail_subject,
+	'mail_content' => $mail_content,
+	'preview_done' => $preview_done
+));
+
+if (empty($mail_content) || empty($mail_subject) || $preview)
+	return;
+
 $success = 0;
 $failed = 0;
 
 $add = '';
-	if (setting('core.account_mail_verify')) {
+if ($config['account_mail_verify']) {
 	note('Note: Sending only to users with verified E-Mail.');
-		$add = ' AND `email_verified` = 1';
+	$add = ' AND ' . $db->fieldName('email_verified') . ' = 1';
 }
 
-	$query = $db->query('SELECT `email` FROM `accounts` WHERE `email` != ""' . $add);
+$query = $db->query('SELECT ' . $db->fieldName('email') . ' FROM ' . $db->tableName('accounts') . ' WHERE ' . $db->fieldName('email') . ' != ""' . $add);
 foreach ($query as $email) {
-		if (_mail($email['email'], $mail_subject, $mail_content)) {
+	if (_mail($email['email'], $mail_subject, $mail_content))
 		$success++;
-		}
 	else {
 		$failed++;
 		echo '<br />';
@@ -74,10 +67,3 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
 success('Mailing finished.');
 success("$success emails delivered.");
 warning("$failed emails failed.");
-}
-
-$twig->display('admin.mailer.html.twig', [
-	'mail_to' => $mail_to,
-	'mail_subject' => $mail_subject,
-	'mail_content' => $mail_content
-]);

admin/pages/mass_account.php

@@ -1,209 +0,0 @@
-<?php
-
-/**
- * Account Admin Tool
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @author    Lee
- * @copyright 2020 MyAAC
- * @link      https://my-aac.org
- */
-
-use MyAAC\Models\Account;
-
-defined('MYAAC') or die('Direct access not allowed!');
-
-$title = 'Mass Account Actions';
-
-$hasCoinsColumn = $db->hasColumn('accounts', 'coins');
-$hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
-$freePremium = $config['lua']['freePremium'];
-
-function admin_give_points($points)
-{
-	global $db, $hasPointsColumn;
-
-	if (!$hasPointsColumn) {
-		displayMessage('Points not supported.');
-		return;
-	}
-
-
-	$statement = $db->prepare('UPDATE `accounts` SET `premium_points` = `premium_points` + :points');
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return;
-	}
-
-	if (!Account::query()->increment('premium_points', $points)) {
-		displayMessage('Failed to add points.');
-		return;
-	}
-	displayMessage($points . ' points added to all accounts.', true);
-}
-
-function admin_give_coins($coins)
-{
-	global $db, $hasCoinsColumn;
-
-	if (!$hasCoinsColumn) {
-		displayMessage('Coins not supported.');
-		return;
-	}
-
-	if (!Account::query()->increment('coins', $coins)) {
-		displayMessage('Failed to add coins.');
-		return;
-	}
-
-	displayMessage($coins . ' coins added to all accounts.', true);
-}
-
-function query_add_premium($column, $value_query, $condition_query = '1=1', $params = [])
-{
-	global $db;
-
-	$statement = $db->prepare("UPDATE `accounts` SET `{$column}` = $value_query WHERE $condition_query");
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return false;
-	}
-
-	if (!$statement->execute($params)) {
-		displayMessage('Failed to add premium days.');
-		return false;
-	}
-
-	return true;
-}
-
-function admin_give_premdays($days)
-{
-	global $db, $freePremium;
-
-	if ($freePremium) {
-		displayMessage('Premium days not supported. Free Premium enabled.');
-		return;
-	}
-
-	$value = $days * 86400;
-	$now = time();
-	// othire
-	if ($db->hasColumn('accounts', 'premend')) {
-		// append premend
-		if (query_add_premium('premend', '`premend` + :value', '`premend` > :now', ['value' => $value, 'now' => $now])) {
-			// set premend
-			if (query_add_premium('premend', ':value', '`premend` <= :now', ['value' => $now + $value, 'now' => $now])) {
-				displayMessage($days . ' premium days added to all accounts.', true);
-				return;
-			} else {
-				displayMessage('Failed to execute set query.');
-				return;
-			}
-		} else {
-			displayMessage('Failed to execute append query.');
-			return;
-		}
-
-		return;
-	}
-
-	// tfs 0.x
-	if ($db->hasColumn('accounts', 'premdays')) {
-		// append premdays
-		if (query_add_premium('premdays', '`premdays` + :value', '1=1', ['value' => $days])) {
-			// append lastday
-			if (query_add_premium('lastday', '`lastday` + :value', '`lastday` > :now', ['value' => $value, 'now' => $now])) {
-				// set lastday
-				if (query_add_premium('lastday', ':value', '`lastday` <= :now', ['value' => $now + $value, 'now' => $now])) {
-					displayMessage($days . ' premium days added to all accounts.', true);
-					return;
-				} else {
-					displayMessage('Failed to execute set query.');
-					return;
-				}
-
-				return;
-			} else {
-				displayMessage('Failed to execute append query.');
-				return;
-			}
-		} else {
-			displayMessage('Failed to execute set days query.');
-			return;
-		}
-
-		return;
-	}
-
-	// tfs 1.x
-	if ($db->hasColumn('accounts', 'premium_ends_at')) {
-		// append premium_ends_at
-		if (query_add_premium('premium_ends_at', '`premium_ends_at` + :value', '`premium_ends_at` > :now', ['value' => $value, 'now' => $now])) {
-			// set premium_ends_at
-			if (query_add_premium('premium_ends_at', ':value', '`premium_ends_at` <= :now', ['value' => $now + $value, 'now' => $now])) {
-				displayMessage($days . ' premium days added to all accounts.', true);
-				return;
-			} else {
-				displayMessage('Failed to execute set query.');
-				return;
-			}
-		} else {
-			displayMessage('Failed to execute append query.');
-			return;
-		}
-
-		return;
-	}
-
-	displayMessage('Premium Days not supported.');
-}
-
-if (isset($_POST['action']) && $_POST['action']) {
-
-	$action = $_POST['action'];
-
-	if (preg_match("/[^A-z0-9_\-]/", $action)) {
-		displayMessage('Invalid action.');
-	} else {
-		$value = isset($_POST['value']) ? intval($_POST['value']) : 0;
-
-		if (!$value) {
-			displayMessage('Please fill all inputs');
-		} else {
-			switch ($action) {
-				case 'give-points':
-					admin_give_points($value);
-					break;
-				case 'give-coins':
-					admin_give_coins($value);
-					break;
-				case 'give-premdays':
-					admin_give_premdays($value);
-					break;
-				default:
-					displayMessage('Action ' . $action . 'not found.');
-			}
-		}
-	}
-}
-else {
-	$twig->display('admin.tools.account.html.twig', array(
-		'hasCoinsColumn' => $hasCoinsColumn,
-		'hasPointsColumn' => $hasPointsColumn,
-		'freePremium' => $freePremium,
-	));
-}
-
-function displayMessage($message, $success = false) {
-	global $twig, $hasCoinsColumn, $hasPointsColumn, $freePremium;
-
-	$success ? success($message): error($message);
-
-	$twig->display('admin.tools.account.html.twig', array(
-		'hasCoinsColumn' => $hasCoinsColumn,
-		'hasPointsColumn' => $hasPointsColumn,
-		'freePremium' => $freePremium,
-	));
-}

admin/pages/mass_teleport.php

@@ -1,105 +0,0 @@
-<?php
-/**
- * Teleport Admin Tool
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @author    Lee
- * @copyright 2020 MyAAC
- * @link      https://my-aac.org
- */
-
-use MyAAC\Models\Player;
-use MyAAC\Models\PlayerOnline;
-
-defined('MYAAC') or die('Direct access not allowed!');
-
-$title = 'Mass Teleport Actions';
-
-function admin_teleport_position($x, $y, $z) {
-	if (!Player::query()->update([
-		'posx' => $x, 'posy' => $y, 'posz' => $z
-	])) {
-		displayMessage('Failed to execute query. Probably already updated.');
-		return;
-	}
-
-	displayMessage('Player\'s position updated.', true);
-}
-
-function admin_teleport_town($town_id) {
-	if (!Player::query()->update([
-		'town_id' => $town_id,
-	])) {
-		displayMessage('Failed to execute query. Probably already updated.');
-		return;
-	}
-
-	displayMessage('Player\'s town updated.', true);
-}
-
-if (isset($_POST['action']) && $_POST['action'])    {
-
-	$action = $_POST['action'];
-
-	if (preg_match("/[^A-z0-9_\-]/", $action)) {
-		displayMessage('Invalid action.');
-	} else {
-
-		$playersOnline = 0;
-		if($db->hasTable('players_online')) {// tfs 1.0
-			$playersOnline = PlayerOnline::count();
-		} else {
-			$playersOnline = Player::online()->count();
-		}
-
-		if ($playersOnline > 0) {
-			displayMessage('Please, close the server before execute this action otherwise players will not be affected.');
-			return;
-		}
-
-		$town_id = isset($_POST['town_id']) ? intval($_POST['town_id']) : null;
-		$posx = isset($_POST['posx']) ? intval($_POST['posx']) : null;
-		$posy = isset($_POST['posy']) ? intval($_POST['posy']) : null;
-		$posz = isset($_POST['posz']) ? intval($_POST['posz']) : null;
-		$to_temple = $_POST['to_temple'] ?? null;
-
-		switch ($action) {
-			case 'set-town':
-				if (!$town_id) {
-					displayMessage('Please fill all inputs');
-					return;
-				}
-
-				if (!isset($config['towns'][$town_id])) {
-					displayMessage('Specified town does not exist');
-					return;
-				}
-
-				admin_teleport_town($town_id);
-				break;
-			case 'set-position':
-				if (!$to_temple &&  ($posx < 0 || $posx > 65535 || $posy < 0 || $posy > 65535|| $posz < 0 || $posz > 16)) {
-					displayMessage('Invalid Position');
-					return;
-				}
-
-				admin_teleport_position($posx, $posy, $posz);
-				break;
-			default:
-				displayMessage('Action ' . $action . 'not found.');
-		}
-	}
-
-}
-else {
-	$twig->display('admin.tools.teleport.html.twig', array());
-}
-
-
-function displayMessage($message, $success = false) {
-	global $twig;
-
-	$success ? success($message): error($message);
-	$twig->display('admin.tools.teleport.html.twig', array());
-}

admin/pages/menus.php

@@ -7,9 +7,6 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
-
-use MyAAC\Models\Menu;
-
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Menus';
 
@@ -31,22 +28,14 @@ if (isset($_REQUEST['template'])) {
 			return;
 		}
 
-		Menu::where('template', $template)->delete();
+		$db->query('DELETE FROM `' . TABLE_PREFIX . 'menu` WHERE `template` = ' . $db->quote($template));
 		foreach ($post_menu as $category => $menus) {
 			foreach ($menus as $i => $menu) {
 				if (empty($menu)) // don't save empty menu item
 					continue;
 
 				try {
-					Menu::create([
-						'template' => $template,
-						'name' => $menu,
-						'link' => $post_menu_link[$category][$i],
-						'blank' => $post_menu_blank[$category][$i] == 'on' ? 1 : 0,
-						'color' => str_replace('#', '', $post_menu_color[$category][$i]),
-						'category' => $category,
-						'ordering' => $i
-					]);
+					$db->insert(TABLE_PREFIX . 'menu', array('template' => $template, 'name' => $menu, 'link' => $post_menu_link[$category][$i], 'blank' => $post_menu_blank[$category][$i] == 'on' ? 1 : 0, 'color' => str_replace('#', '', $post_menu_color[$category][$i]), 'category' => $category, 'ordering' => $i));
 				} catch (PDOException $error) {
 					warning('Error while adding menu item (' . $menu . '): ' . $error->getMessage());
 				}
@@ -69,99 +58,72 @@ if (isset($_REQUEST['template'])) {
 		return;
 	}
 
-	if (isset($_REQUEST['reset_colors'])) {
-		if (isset($config['menu_default_color'])) {
-			Menu::where('template', $template)->update(['color' => str_replace('#', '', $config['menu_default_color'])]);
-		}
-		else {
-			warning('There is no default color defined, cannot reset colors.');
-		}
-	}
-
 	if (!isset($config['menu_categories'])) {
 		echo "No menu categories set in template config.php.<br/>This template doesn't support dynamic menus.";
 		return;
 	}
 
-	$title = 'Menus - ' . $template;
-	?>
-	<div align="center" class="text-center">
-		<p class="note">You are editing: <?= $template ?><br/><br/>
-			Hint: You can drag menu items.<br/>
+	echo 'Hint: You can drag menu items.<br/>
 	Hint: Add links to external sites using: <b>http://</b> or <b>https://</b> prefix.<br/>
-			Not all templates support blank and colorful links.
-		</p>
-		<?php if (isset($config['menu_default_color'])) {?>
-		<form method="post" action="?p=menus&reset_colors" onsubmit="return confirm('Do you really want to reset colors?');">
-			<input type="hidden" name="template" value="<?php echo $template ?>"/>
-			<button type="submit" class="btn btn-danger">Reset Colors to default</button>
-		</form>
-		<br/>
-		<?php } ?>
-	</div>
-	<?php
-	$menus = Menu::query()
-		->select('name', 'link', 'blank', 'color', 'category', 'ordering')
-		->where('enabled', 1)
-		->where('template', $template)
-		->orderBy('ordering')
-		->get()
-		->groupBy('category')
-		->toArray();
+	Not all templates support blank and colorful links.<br/><br/>
+    <div class="row">';
+	$menus = array();
+	$menus_db = $db->query('SELECT `name`, `link`, `blank`, `color`, `category`, `ordering` FROM `' . TABLE_PREFIX . 'menu` WHERE `enabled` = 1 AND `template` = ' . $db->quote($template) . ' ORDER BY `ordering` ASC;')->fetchAll();
+	foreach ($menus_db as $menu) {
+		$menus[$menu['category']][] = array('name' => $menu['name'], 'link' => $menu['link'], 'blank' => $menu['blank'], 'color' => $menu['color'], 'ordering' => $menu['ordering']);
+	}
 
 	$last_id = array();
-	?>
-	<form method="post" id="menus-form" action="?p=menus">
-		<input type="hidden" name="template" value="<?php echo $template ?>"/>
-		<button type="submit" class="btn btn-info">Save</button><br/><br/>
-		<div class="row">
-			<?php foreach ($config['menu_categories'] as $id => $cat): ?>
-				<div class="col-md-12 col-lg-6">
-					<div class="card card-info card-outline">
-						<div class="card-header">
-							<h5 class="m-0"><?php echo $cat['name'] ?> <i class="far fa-plus-square add-button" id="add-button-<?php echo $id ?>"></i></h5>
+	echo '<form method="post" id="menus-form" action="?p=menus">';
+	echo '<input type="hidden" name="template" value="' . $template . '"/>';
+	foreach ($config['menu_categories'] as $id => $cat) {
+		echo '        <div class="col-md-12 col-lg-6">
+            <div class="box box-danger">
+                <div class="box-header with-border">
+                    <h3 class="box-title">' . $cat['name'] . ' <img class="add-button" id="add-button-' . $id . '" src="' . BASE_URL . 'images/plus.png" width="16" height="16"/></h3>
                 </div>
-						<div class="card-body">
-							<ul class="sortable" id="sortable-<?php echo $id ?>">
-								<?php
+                <div class="box-body">';
+
+
+		echo '<ul class="sortable" id="sortable-' . $id . '">';
 		if (isset($menus[$id])) {
 			$i = 0;
-									foreach ($menus[$id] as $menu):
-										?>
-										<li class="ui-state-default" id="list-<?php echo $id ?>-<?php echo $i ?>"><label>Name:</label> <input type="text" name="menu[<?php echo $id ?>][]" value="<?php echo escapeHtml($menu['name']); ?>"/>
-											<label>Link:</label> <input type="text" name="menu_link[<?php echo $id ?>][]" value="<?php echo $menu['link'] ?>"/>
-											<input type="hidden" name="menu_blank[<?php echo $id ?>][]" value="0"/>
-											<label><input class="blank-checkbox" type="checkbox" <?php echo($menu['blank'] == 1 ? 'checked' : '') ?>/><span title="Open in New Window">New Window</span></label>
-											<input class="color-picker" type="text" name="menu_color[<?php echo $id ?>][]" value="<?php echo (empty($menu['color']) ? ($config['menu_default_color'] ?? '#ffffff') : $menu['color']); ?>"/>
-											<a class="remove-button" id="remove-button-<?php echo $id ?>-<?php echo $i ?>"><i class="fas fa-trash"></a></i></li>
-										<?php $i++; $last_id[$id] = $i;
-									endforeach;
-								} ?>
-							</ul>
+			foreach ($menus[$id] as $menu) {
+				echo '<li class="ui-state-default" id="list-' . $id . '-' . $i . '"><label>Name:</label><input type="text" name="menu[' . $id . '][]" value="' . escapeHtml($menu['name']) . '"/>
+				<label>Link:</label><input type="text" name="menu_link[' . $id . '][]" value="' . $menu['link'] . '"/>
+				<input type="hidden" name="menu_blank[' . $id . '][]" value="0" />
+				<label><input class="blank-checkbox" type="checkbox" ' . ($menu['blank'] == 1 ? 'checked' : '') . '/><span title="Open in New Window">Open in New Window</span></label>
+				
+				<input class="color-picker" type="text" name="menu_color[' . $id . '][]" value="#' . $menu['color'] . '" />
+				
+				<a class="remove-button" id="remove-button-' . $id . '-' . $i . '"><img src="' . BASE_URL . 'images/del.png"/></a></li>';
+
+				$i++;
+				$last_id[$id] = $i;
+			}
+		}
+
+		echo '</ul>';
+		echo '                </div>
             </div>
         </div>
-				</div>
-			<?php endforeach ?>
-		</div>
-		<div class="row pb-2">
-			<div class="col-md-12">
-				<button type="submit" class="btn btn-info">Save</button>
-				<?php
-				echo '<button type="button" class="btn btn-danger float-right" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus\';"><i class="fas fa-cancel"></i> Cancel</button>';
-				?>
-			</div>
-		</div>
-	</form>
-	<?php
+';
+	}
+	echo ' </div><div class="row"><div class="col-md-6">';
+	echo '<input type="submit" class="btn btn-info" value="Save">';
+	echo '<input type="button" class="btn btn-default pull-right" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus&template=' . $template . '\';">';
+	echo '</div></div>';
+	echo '</form>';
+
 	$twig->display('admin.menus.js.html.twig', array(
 		'menus' => $menus,
-		'last_id' => $last_id,
-		'menu_default_color' => $config['menu_default_color'] ?? '#ffffff'
+		'last_id' => $last_id
 	));
 	?>
+
 	<?php
 } else {
-	$templates = Menu::select('template')->distinct()->get()->toArray();
+	$templates = $db->query('SELECT `template` FROM `' . TABLE_PREFIX . 'menu` GROUP BY `template`;')->fetchAll();
 	foreach ($templates as $key => $value) {
 		$file = TEMPLATES . $value['template'] . '/config.php';
 		if (!file_exists($file)) {

admin/pages/modules/balance.php

@@ -1,15 +0,0 @@
-<?php
-
-use MyAAC\Models\Player;
-
-defined('MYAAC') or die('Direct access not allowed!');
-
-$balance = 0;
-
-if ($db->hasColumn('players', 'balance')) {
-	$balance = Player::orderByDesc('balance')->limit(10)->get(['balance', 'id','name', 'level'])->toArray();
-}
-
-$twig->display('balance.html.twig', array(
-	'balance' => $balance
-));

admin/pages/modules/coins.php

@@ -1,13 +1,9 @@
 <?php
 
-use MyAAC\Models\Account;
-
-defined('MYAAC') or die('Direct access not allowed!');
-
-$coins = 0;
-
 if ($db->hasColumn('accounts', 'coins')) {
-	$coins = Account::orderByDesc('coins')->limit(10)->get(['coins', (USE_ACCOUNT_NAME ? 'name' : 'id')])->toArray();
+	$coins = $db->query('SELECT `coins`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `coins` DESC LIMIT 10;');
+} else {
+	$coins = 0;
 }
 
 $twig->display('coins.html.twig', array(

admin/pages/modules/created.php

@@ -1,15 +0,0 @@
-<?php
-
-use MyAAC\Models\Account;
-
-defined('MYAAC') or die('Direct access not allowed!');
-
-$accounts = 0;
-
-if ($db->hasColumn('accounts', 'created')) {
-	$accounts = Account::orderByDesc('created')->limit(10)->get(['created', (USE_ACCOUNT_NAME ? 'name' : 'id')])->toArray();
-}
-
-$twig->display('created.html.twig', array(
-	'accounts' => $accounts,
-));

admin/pages/modules/lastlogin.php

@@ -1,13 +1,9 @@
 <?php
 
-use MyAAC\Models\Player;
-
-defined('MYAAC') or die('Direct access not allowed!');
-
-$players = 0;
-
 if ($db->hasColumn('players', 'lastlogin')) {
-	$players = Player::orderByDesc('lastlogin')->limit(10)->get(['name', 'level', 'lastlogin'])->toArray();
+	$players = $db->query('SELECT name, level, lastlogin FROM players ORDER BY lastlogin DESC LIMIT 10;');
+} else {
+	$players = 0;
 }
 
 $twig->display('lastlogin.html.twig', array(

admin/pages/modules/points.php

@@ -1,13 +1,8 @@
 <?php
-
-use MyAAC\Models\Account;
-
-defined('MYAAC') or die('Direct access not allowed!');
-
-$points = 0;
-
 if ($db->hasColumn('accounts', 'premium_points')) {
-	$coins = Account::orderByDesc('premium_points')->limit(10)->get(['premium_points', (USE_ACCOUNT_NAME ? 'name' : 'id')])->toArray();
+	$points = $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;');
+} else {
+	$points = 0;
 }
 
 $twig->display('points.html.twig', array(

admin/pages/modules/server_status.php

@@ -1,46 +0,0 @@
-<?php
-defined('MYAAC') or die('Direct access not allowed!');
-if (isset($status)) {
-
-	$error_icon = '<i class="fas fa-exclamation-circle text-danger"></i>'; ?>
-	<div class=" col-md-6 col-lg-6">
-		<div class="card card-info card-outline">
-			<div class="card-header border-bottom-0">
-				<span class="font-weight-bold m-0">Server Status</span> <span class="float-right small"><b>Last checked</b>: <?php echo(isset($status['lastCheck']) ? date("l, d.m.Y H:i:s", $status['lastCheck']) : $error_icon); ?></span>
-			</div>
-			<div class="card-body p-0 ">
-				<table class="table">
-					<tbody>
-					<tr>
-						<th width="30%">Server</th>
-						<td><?php echo(isset($status['server']) & isset($status['serverVersion']) ? $status['server'] . ' x ' . $status['serverVersion'] : $error_icon) ?></td>
-
-					</tr>
-					<tr>
-						<th>Client</th>
-						<td><?php echo(isset($status['clientVersion']) ? $status['clientVersion'] : $error_icon) ?></td>
-					</tr>
-					<tr>
-						<th>Map</th>
-						<td>
-							<?php if (isset($status['mapName']) & isset($status['mapAuthor']) & isset($status['mapWidth']) & isset($status['mapHeight'])) {
-								echo $status['mapName'] . ' by <b>' . $status['mapAuthor'] . '</b><br/>' . $status['mapWidth'] . ' x ' . $status['mapHeight'];
-							} else {
-								echo $error_icon;
-							} ?>
-						</td>
-					</tr>
-					<tr>
-						<th>Monsters</th>
-						<td><?php echo (isset($status['monsters']) ? $status['monsters'] : $error_icon); ?></td>
-					</tr>
-					<tr>
-						<th>MOTD:</th>
-						<td><?php echo(isset($status['motd']) ? $status['motd'] : $error_icon); ?></td>
-					</tr>
-					</tbody>
-				</table>
-			</div>
-		</div>
-	</div>
-<?php } ?>

admin/pages/modules/statistics.php

@@ -1,21 +0,0 @@
-<?php
-
-use MyAAC\Models\Account;
-use MyAAC\Models\Guild;
-use MyAAC\Models\House;
-use MyAAC\Models\Monster;
-use MyAAC\Models\Player;
-
-defined('MYAAC') or die('Direct access not allowed!');
-$count = $eloquentConnection->query()
-	->select([
-		'total_accounts' => Account::selectRaw('COUNT(id)'),
-		'total_players' => Player::selectRaw('COUNT(id)'),
-		'total_guilds' => Guild::selectRaw('COUNT(id)'),
-		'total_monsters' => Monster::selectRaw('COUNT(id)'),
-		'total_houses' => House::selectRaw('COUNT(id)'),
-	])->first();
-
-$twig->display('statistics.html.twig', array(
-	'count' => $count,
-));

admin/pages/modules/templates/balance.html.twig

@@ -1,31 +0,0 @@
-{% if balance is iterable %}
-	<div class=" col-md-6 col-lg-3">
-		<div class="card card-info card-outline">
-			<div class="card-header">
-				<h5 class="m-0">Top 10 - Balance</h5>
-			</div>
-			<div class="card-body p-0">
-				<table class="table table-striped table-condensed">
-					<thead>
-					<tr>
-						<th>#</th>
-						<th>Player</th>
-						<th>Balance</th>
-					</tr>
-					</thead>
-					<tbody>
-					{% set i = 0 %}
-					{% for result in balance %}
-						{% set i = i + 1 %}
-						<tr>
-							<th>{{ i }}</th>
-							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
-							<td>{{ result.balance }}</td>
-						</tr>
-					{% endfor %}
-					</tbody>
-				</table>
-			</div>
-		</div>
-	</div>
-{% endif %}

admin/pages/modules/templates/coins.html.twig

@@ -1,25 +1,23 @@
 {% if coins is iterable %}
-	<div class=" col-md-6 col-lg-3">
-		<div class="card card-info card-outline">
-			<div class="card-header">
-				<h5 class="m-0">Top 10 - Most coins</h5>
+	<div class="col-md-3">
+		<div class="box">
+			<div class="box-header">
+				<h3 class="box-title">Top 10 - Most coins</h3>
 			</div>
-			<div class="card-body p-0">
-				<table class="table table-striped table-condensed">
-					<thead>
+			<div class="box-body no-padding">
+				<table class="table table-condensed">
+					<tbody>
 					<tr>
 						<th>#</th>
-						<th>Account</th>
+						<th>Account {{ account_type }}</th>
 						<th>Tibia coins</th>
 					</tr>
-					</thead>
-					<tbody>
 					{% set i = 0 %}
 					{% for result in coins %}
 						{% set i = i + 1 %}
 						<tr>
-							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td>{{ i }}</td>
+							<td>{{ result.name }}</td>
 							<td>{{ result.coins }}</td>
 						</tr>
 					{% endfor %}

admin/pages/modules/templates/created.html.twig

@@ -1,31 +0,0 @@
-{% if accounts is iterable %}
-	<div class=" col-md-6 col-lg-3">
-		<div class="card card-info card-outline">
-			<div class="card-header">
-				<h5 class="m-0">Last 10 created</h5>
-			</div>
-			<div class="card-body p-0">
-				<table class="table table-striped table-condensed">
-					<thead>
-					<tr>
-						<th>#</th>
-						<th>Account</th>
-						<th>Creation Date</th>
-					</tr>
-					</thead>
-					<tbody>
-					{% set i = 0 %}
-					{% for result in accounts %}
-						{% set i = i + 1 %}
-						<tr>
-							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
-							<td>{{ result.created|date("M d Y, H:i:s") }}</td>
-						</tr>
-					{% endfor %}
-					</tbody>
-				</table>
-			</div>
-		</div>
-	</div>
-{% endif %}

admin/pages/modules/templates/lastlogin.html.twig

@@ -1,25 +1,23 @@
 {% if players is iterable %}
-	<div class=" col-md-6 col-lg-3">
-		<div class="card card-info card-outline">
-			<div class="card-header">
-				<h5 class="m-0">Last 10 logins</h5>
+	<div class="col-md-3">
+		<div class="box">
+			<div class="box-header">
+				<h3 class="box-title">Last 10 Logins</h3>
 			</div>
-			<div class="card-body p-0">
-				<table class="table table-striped table-condensed">
-					<thead>
+			<div class="box-body no-padding">
+				<table class="table table-condensed">
+					<tbody>
 					<tr>
 						<th>#</th>
 						<th>Player</th>
 						<th>Login Date</th>
 					</tr>
-					</thead>
-					<tbody>
 					{% set i = 0 %}
 					{% for result in players %}
 						{% set i = i + 1 %}
 						<tr>
-							<th>{{ i }}</th>
-							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td>{{ i }}</td>
+							<td>{{ result.name }}</td>
 							<td>{{ result.lastlogin|date("M d Y, H:i:s") }}</td>
 						</tr>
 					{% endfor %}

admin/pages/modules/templates/points.html.twig

@@ -1,25 +1,23 @@
 {% if points is iterable %}
-	<div class=" col-md-6 col-lg-3">
-		<div class="card card-info card-outline">
-			<div class="card-header">
-				<h5 class="m-0">Top 10 - Most premium points</h5>
+	<div class="col-md-3">
+		<div class="box">
+			<div class="box-header">
+				<h3 class="box-title">Top 10 - Most premium points</h3>
 			</div>
-			<div class="card-body p-0">
-				<table class="table table-striped table-condensed">
-					<thead>
+			<div class="box-body no-padding">
+				<table class="table table-condensed">
+					<tbody>
 					<tr>
 						<th>#</th>
-						<th>Account</th>
+						<th>Account {{ account_type }}</th>
 						<th>Premium points</th>
 					</tr>
-					</thead>
-					<tbody>
 					{% set i = 0 %}
 					{% for result in points %}
 						{% set i = i + 1 %}
 						<tr>
-							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td>{{ i }}</td>
+							<td>{{ result.name }}</td>
 							<td>{{ result.premium_points }}</td>
 						</tr>
 					{% endfor %}

admin/pages/modules/templates/statistics.html.twig

@@ -1,45 +0,0 @@
-<div class="col">
-	<div class="info-box">
-		<span class="info-box-icon bg-info elevation-1"><i class="fas fa-user-plus"></i></span>
-		<div class="info-box-content">
-			<span class="info-box-text">Accounts:</span>
-			<span class="info-box-number">{{ count.total_accounts }}</span>
-		</div>
-	</div>
-</div>
-<div class="col">
-	<div class="info-box">
-		<span class="info-box-icon bg-red elevation-1"><i class="fas fa-user-plus"></i></span>
-		<div class="info-box-content">
-			<span class="info-box-text">Players:</span>
-			<span class="info-box-number">{{ count.total_players }}</span>
-		</div>
-	</div>
-</div>
-<div class="col">
-	<div class="info-box">
-		<span class="info-box-icon bg-teal elevation-1"><i class="fas fa-pastafarianism"></i></span>
-		<div class="info-box-content">
-			<span class="info-box-text">Monsters:</span>
-			<span class="info-box-number">{{ count.total_monsters }}</span>
-		</div>
-	</div>
-</div>
-<div class="col">
-	<div class="info-box">
-		<span class="info-box-icon bg-green elevation-1"><i class="fas fa-chart-pie"></i></span>
-		<div class="info-box-content">
-			<span class="info-box-text">Guilds:</span>
-			<span class="info-box-number">{{ count.total_guilds }}</span>
-		</div>
-	</div>
-</div>
-<div class="col">
-	<div class="info-box">
-		<span class="info-box-icon bg-yellow elevation-1"><i class="fas fa-home"></i></span>
-		<div class="info-box-content">
-			<span class="info-box-text">Houses:</span>
-			<span class="info-box-number">{{ count.total_houses }}</span>
-		</div>
-	</div>
-</div>

admin/pages/modules/templates/web_status.twig

@@ -1,39 +0,0 @@
-<div class="col-12 col-md-6">
-	<div class="card card-warning card-outline">
-		<form action="?p=dashboard&maintenance" method="post" class="form-horizontal">
-			<div class="card-header">
-				<span class="m-0">Website Status<span class="float-right">
-				<div class="custom-control custom-switch custom-switch-off-danger custom-switch-on-success">
-					<input type="checkbox" class="custom-control-input" name="status" id="status" value="true" {% if not is_closed %} checked{% endif %}>
-					<label id="status-label" class="custom-control-label" for="status"> {% if is_closed %}Closed{% else %}Open{% endif %}</label>
-				</div></span>
-				</span>
-			</div>
-			<div class="card-body p-2">
-				<div class="col-sm-12">
-					<label for="message" class="col-form-label">Maintenance Message</label>
-					<textarea name="message" class="form-control" cols="40" rows="3" maxlength="255" placeholder="Enter ...">{{ closed_message }}</textarea>
-					<small>(only visible if closed)</small>
-				</div>
-			</div>
-			<div class="card-footer">
-				<button type="submit" class="btn btn-info"><i class="far fa-update"></i> Update</button>
-				<a href="?p=dashboard&clear_cache" onclick="return confirm('Are you sure?');" class="float-right">
-					<span class="btn btn-danger"><i class="fas fa-clear"></i>Clear cache</span>
-				</a>
-			</div>
-		</form>
-	</div>
-</div>
-
-<script>
-	$(function() {
-		$("#status").change(function() {
-			$statusLabel = $("#status-label");
-			$statusLabel.html("Closed");
-			if ($(this).is(':checked')) {
-				$statusLabel.html("Open");
-			}
-		});
-	});
-</script>

admin/pages/modules/web_status.php

@@ -1,10 +0,0 @@
-<?php
-defined('MYAAC') or die('Direct access not allowed!');
-
-$twig->display('web_status.twig', array(
-	'is_closed' => $is_closed,
-	'closed_message' => $closed_message,
-	'status' => $status,
-	'account_type' => USE_ACCOUNT_NAME ? 'name' : 'number'
-));
-?>

admin/pages/news.php

@@ -13,7 +13,6 @@ require_once LIBS . 'forum.php';
 require_once LIBS . 'news.php';
 
 $title = 'News Panel';
-$use_datatable = true;
 
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
@@ -23,8 +22,8 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 header('X-XSS-Protection:0');
 
 // some constants, used mainly by database (cannot by modified without schema changes)
-define('NEWS_TITLE_LIMIT', 100);
-define('NEWS_BODY_LIMIT', 65535); // maximum news body length
+define('TITLE_LIMIT', 100);
+define('BODY_LIMIT', 65535); // maximum news body length
 define('ARTICLE_TEXT_LIMIT', 300);
 define('ARTICLE_IMAGE_LIMIT', 100);
 
@@ -43,12 +42,12 @@ if(!empty($action))
 	$forum_section = isset($_REQUEST['forum_section']) ? $_REQUEST['forum_section'] : null;
 	$errors = array();
 
-	if($action == 'new') {
+	if($action == 'add') {
 		if(isset($forum_section) && $forum_section != '-1') {
 			$forum_add = Forum::add_thread($p_title, $body, $forum_section, $player_id, $account_logged->getId(), $errors);
 		}
 
-		if(isset($p_title) && News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
+		if(News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
 			$p_title = $body = $comments = $article_text = $article_image = '';
 			$type = $category = $player_id = 0;
 
@@ -115,21 +114,21 @@ if($action == 'edit' || $action == 'new') {
 	$twig->display('admin.news.form.html.twig', array(
 		'action' => $action,
 		'news_link' => getLink(PAGE),
-		'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'new'),
-		'news_id' => $id ?? null,
-		'title' => $p_title ?? '',
+		'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'add'),
+		'news_id' => isset($id) ? $id : null,
+		'title' => isset($p_title) ? $p_title : '',
 		'body' => isset($body) ? escapeHtml($body) : '',
-		'type' => $type ?? null,
+		'type' => isset($type) ? $type : null,
 		'player' => isset($player) && $player->isLoaded() ? $player : null,
-		'player_id' => $player_id ?? null,
+		'player_id' => isset($player_id) ? $player_id : null,
 		'account_players' => $account_players,
-		'category' => $category ?? 0,
+		'category' => isset($category) ? $category : 0,
 		'categories' => $categories,
 		'forum_boards' => getForumBoards(),
-		'forum_section' => $forum_section ?? null,
-		'comments' => $comments ?? null,
-		'article_text' => $article_text ?? null,
-		'article_image' => $article_image ?? null
+		'forum_section' => isset($forum_section) ? $forum_section : null,
+		'comments' => isset($comments) ? $comments : null,
+		'article_text' => isset($article_text) ? $article_text : null,
+		'article_image' => isset($article_image) ? $article_image : null
 	));
 }
 

admin/pages/notepad.php

@@ -7,33 +7,46 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
-
-use MyAAC\Models\Notepad as ModelsNotepad;
-
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Notepad';
 
-/**
- * @var $account_logged OTS_Account
- */
-$_content = '';
-$notepad = ModelsNotepad::where('account_id', $account_logged->getId())->first();
+$notepad_content = Notepad::get($account_logged->getId());
 if (isset($_POST['content'])) {
 	$_content = html_entity_decode(stripslashes($_POST['content']));
-	if (!$notepad) {
-		ModelsNotepad::create([
-			'account_id' => $account_logged->getId(),
-			'content' => $_content
-		]);
-	}
-	else {
-		ModelsNotepad::where('account_id', $account_logged->getId())->update(['content' => $_content]);
-	}
+	if (!$notepad_content)
+		Notepad::create($account_logged->getId(), $_content);
+	else
+		Notepad::update($account_logged->getId(), $_content);
 
-	success('Saved at ' . date('H:i'));
+	echo '<div class="success" style="text-align: center;">Saved at ' . date('H:i') . '</div>';
 } else {
-	if ($notepad)
-		$_content = $notepad->content;
+	if ($notepad_content !== false)
+		$_content = $notepad_content;
 }
 
-$twig->display('admin.notepad.html.twig', ['content' => $_content]);
+$twig->display('admin.notepad.html.twig', array('content' => isset($_content) ? $_content : null));
+
+class Notepad
+{
+	static public function get($account_id)
+	{
+		global $db;
+		$query = $db->select(TABLE_PREFIX . 'notepad', array('account_id' => $account_id));
+		if ($query !== false)
+			return $query['content'];
+
+		return false;
+	}
+
+	static public function create($account_id, $content = '')
+	{
+		global $db;
+		$db->insert(TABLE_PREFIX . 'notepad', array('account_id' => $account_id, 'content' => $content));
+	}
+
+	static public function update($account_id, $content = '')
+	{
+		global $db;
+		$db->update(TABLE_PREFIX . 'notepad', array('content' => $content), array('account_id' => $account_id));
+	}
+}

admin/pages/open_source.php

@@ -1,14 +0,0 @@
-<?php
-/**
- * Open Source libraries
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2023 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-
-$title = 'Open Source';
-
-$twig->display('admin.open_source.html.twig');

admin/pages/pages.php

@@ -7,12 +7,8 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
-
-use MyAAC\Models\Pages as ModelsPages;
-
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Pages';
-$use_datatable = true;
 
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
@@ -21,18 +17,13 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 
 header('X-XSS-Protection:0');
 
-$name = $p_title = null;
+$name = $p_title = '';
 $groups = new OTS_Groups_List();
 
 $php = false;
 $enable_tinymce = true;
 $access = 0;
 
-// some constants, used mainly by database (cannot by modified without schema changes)
-define('PAGE_TITLE_LIMIT', 30);
-define('PAGE_NAME_LIMIT', 30);
-define('PAGE_BODY_LIMIT', 65535); // maximum page body length
-
 if (!empty($action)) {
 	if ($action == 'delete' || $action == 'edit' || $action == 'hide')
 		$id = $_REQUEST['id'];
@@ -58,13 +49,12 @@ if (!empty($action)) {
 	$errors = array();
 	$player_id = 1;
 
-	if ($action == 'new') {
-		if (isset($p_title) && Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
+	if ($action == 'add') {
+		if (Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
 			$name = $p_title = $body = '';
 			$player_id = $access = 0;
 			$php = false;
 			$enable_tinymce = true;
-			success('Added successful.');
 		}
 	} else if ($action == 'delete') {
 		if (Pages::delete($id, $errors))
@@ -79,33 +69,34 @@ if (!empty($action)) {
 			$enable_tinymce = $_page['enable_tinymce'] == '1';
 			$access = $_page['access'];
 		} else {
-			if(Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
+			Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access);
 			$action = $name = $p_title = $body = '';
 			$player_id = 1;
 			$access = 0;
 			$php = false;
 			$enable_tinymce = true;
-				success('Updated successful.');
-			}
 		}
 	} else if ($action == 'hide') {
-		Pages::toggleHidden($id, $errors, $status);
-		success(($status == 1 ? 'Show' : 'Hide') . ' successful.');
+		Pages::toggleHidden($id, $errors);
 	}
 
 	if (!empty($errors))
 		error(implode(", ", $errors));
 }
 
-$pages = ModelsPages::all()->map(function ($e) {
-	return [
-		'link' => getFullLink($e->name, $e->name, true),
-		'title' => substr($e->title, 0, 20),
-		'php' => $e->php == '1',
-		'id' => $e->id,
-		'hidden' => $e->hidden
-	];
-})->toArray();
+$query =
+	$db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'pages'));
+
+$pages = array();
+foreach ($query as $_page) {
+	$pages[] = array(
+		'link' => getFullLink($_page['name'], $_page['name'], true),
+		'title' => substr($_page['title'], 0, 20),
+		'php' => $_page['php'] == '1',
+		'id' => $_page['id'],
+		'hidden' => $_page['hidden']
+	);
+}
 
 $twig->display('admin.pages.form.html.twig', array(
 	'action' => $action,
@@ -125,66 +116,24 @@ $twig->display('admin.pages.html.twig', array(
 
 class Pages
 {
-	static public function verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
-	{
-		if(!isset($title[0]) || !isset($body[0])) {
-			$errors[] = 'Please fill all inputs.';
-			return false;
-		}
-		if(strlen($name) > PAGE_NAME_LIMIT) {
-			$errors[] = 'Page name cannot be longer than ' . PAGE_NAME_LIMIT . ' characters.';
-			return false;
-		}
-		if(strlen($title) > PAGE_TITLE_LIMIT) {
-			$errors[] = 'Page title cannot be longer than ' . PAGE_TITLE_LIMIT . ' characters.';
-			return false;
-		}
-		if(strlen($body) > PAGE_BODY_LIMIT) {
-			$errors[] = 'Page content cannot be longer than ' . PAGE_BODY_LIMIT . ' characters.';
-			return false;
-		}
-		if(!isset($player_id) || $player_id == 0) {
-			$errors[] = 'Player ID is wrong.';
-			return false;
-		}
-		if(!isset($php) || ($php != 0 && $php != 1)) {
-			$errors[] = 'Enable PHP is wrong.';
-			return false;
-		}
-		if ($php == 1 && !getBoolean(setting('core.admin_pages_php_enable'))) {
-			$errors[] = 'PHP pages disabled on this server. To enable go to Settings in Admin Panel and enable <strong>Enable PHP Pages</strong>.';
-			return false;
-		}
-		if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) {
-			$errors[] = 'Enable TinyMCE is wrong.';
-			return false;
-		}
-		if(!isset($access) || $access < 0 || $access > PHP_INT_MAX) {
-			$errors[] = 'Access is wrong.';
-			return false;
-		}
-
-		return true;
-	}
-
 	static public function get($id)
 	{
-		$row = ModelsPages::find($id);
-		if ($row) {
-			return $row->toArray();
-		}
+		global $db;
+		$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
+		if ($query !== false)
+			return $query;
 
 		return false;
 	}
 
 	static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
 	{
-		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
-			return false;
-		}
-
-		if (!ModelsPages::where('name', $name)->exists())
-			ModelsPages::create([
+		global $db;
+		if (isset($name[0]) && isset($title[0]) && isset($body[0]) && $player_id != 0) {
+			$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name));
+			if ($query === false)
+				$db->insert(TABLE_PREFIX . 'pages',
+					array(
 						'name' => $name,
 						'title' => $title,
 						'body' => $body,
@@ -192,20 +141,21 @@ class Pages
 						'php' => $php ? '1' : '0',
 						'enable_tinymce' => $enable_tinymce ? '1' : '0',
 						'access' => $access
-			]);
+					)
+				);
 			else
 				$errors[] = 'Page with this link already exists.';
+		} else
+			$errors[] = 'Please fill all inputs.';
 
 		return !count($errors);
 	}
 
-	static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
+	static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access)
 	{
-		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
-			return false;
-		}
-
-		ModelsPages::where('id', $id)->update([
+		global $db;
+		$db->update(TABLE_PREFIX . 'pages',
+			array(
 				'name' => $name,
 				'title' => $title,
 				'body' => $body,
@@ -213,17 +163,16 @@ class Pages
 				'php' => $php ? '1' : '0',
 				'enable_tinymce' => $enable_tinymce ? '1' : '0',
 				'access' => $access
-		]);
-		return true;
+			),
+			array('id' => $id));
 	}
 
 	static public function delete($id, &$errors)
 	{
+		global $db;
 		if (isset($id)) {
-			$row = ModelsPages::find($id);
-			if ($row) {
-				$row->delete();
-			}
+			if ($db->select(TABLE_PREFIX . 'pages', array('id' => $id)) !== false)
+				$db->delete(TABLE_PREFIX . 'pages', array('id' => $id));
 			else
 				$errors[] = 'Page with id ' . $id . ' does not exists.';
 		} else
@@ -232,18 +181,15 @@ class Pages
 		return !count($errors);
 	}
 
-	static public function toggleHidden($id, &$errors, &$status)
+	static public function toggleHidden($id, &$errors)
 	{
+		global $db;
 		if (isset($id)) {
-			$row = ModelsPages::find($id);
-			if ($row) {
-				$row->hidden = $row->hidden == 1 ? 0 : 1;
-				$row->save();
-				$status = $row->hidden;
-			}
-			else {
+			$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
+			if ($query !== false)
+				$db->update(TABLE_PREFIX . 'pages', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
+			else
 				$errors[] = 'Page with id ' . $id . ' does not exists.';
-			}
 		} else
 			$errors[] = 'id not set';
 

admin/pages/phpinfo.php

@@ -16,4 +16,4 @@ if (!function_exists('phpinfo')) { ?>
 	<?php return;
 }
 ?>
-<iframe src="<?php echo ADMIN_URL; ?>tools/phpinfo.php" width="1024" height="550"></iframe>
+<iframe src="<?php echo BASE_URL; ?>admin/tools/phpinfo.php" width="1024" height="550"/>

admin/pages/plugins.php

@@ -9,14 +9,9 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Plugin manager';
-$use_datatable = true;
 
 require_once LIBS . 'plugins.php';
 
-if (!getBoolean(setting('core.admin_plugins_manage_enable'))) {
-	warning('Plugin installation and management is disabled in Settings.<br/>If you wish to enable, go to Settings and enable <strong>Enable Plugins Manage</strong>.');
-}
-else {
 $twig->display('admin.plugins.form.html.twig');
 
 if (isset($_REQUEST['uninstall'])) {
@@ -27,27 +22,13 @@ else {
 	} else {
 		error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
 	}
-	} else if (isset($_REQUEST['enable'])) {
-		$enable = $_REQUEST['enable'];
-		if (Plugins::enable($enable)) {
-			success('Successfully enabled plugin ' . $enable);
-		} else {
-			error('Error while enabling plugin ' . $enable . ': ' . Plugins::getError());
-		}
-	} else if (isset($_REQUEST['disable'])) {
-		$disable = $_REQUEST['disable'];
-		if (Plugins::disable($disable)) {
-			success('Successfully disabled plugin ' . $disable);
-		} else {
-			error('Error while disabling plugin ' . $disable . ': ' . Plugins::getError());
-		}
-	} else if (isset($_FILES['plugin']['name'])) {
-		$file = $_FILES['plugin'];
-		$filename = $file['name'];
-		$tmp_name = $file['tmp_name'];
-		$type = $file['type'];
+} else if (isset($_FILES["plugin"]["name"])) {
+	$file = $_FILES["plugin"];
+	$filename = $file["name"];
+	$tmp_name = $file["tmp_name"];
+	$type = $file["type"];
 
-		$name = explode('.', $filename);
+	$name = explode(".", $filename);
 	$accepted_types = array('application/zip', 'application/x-zip-compressed', 'multipart/x-zip', 'application/x-compressed', 'application/octet-stream', 'application/zip-compressed');
 
 	if (isset($file['error'])) {
@@ -106,26 +87,23 @@ else {
 		}
 	}
 }
-}
 
 $plugins = array();
-foreach (get_plugins(true) as $plugin) {
+foreach (get_plugins() as $plugin) {
 	$string = file_get_contents(BASE . 'plugins/' . $plugin . '.json');
+	$string = Plugins::removeComments($string);
 	$plugin_info = json_decode($string, true);
 
-	if (!$plugin_info) {
+	if ($plugin_info == false) {
 		warning('Cannot load plugin info ' . $plugin . '.json');
 	} else {
-		$disabled = (strpos($plugin, 'disabled.') !== false);
-		$pluginOriginal = ($disabled ? str_replace('disabled.', '', $plugin) : $plugin);
 		$plugins[] = array(
-			'name' => $plugin_info['name'] ?? '',
-			'description' => $plugin_info['description'] ?? '',
-			'version' => $plugin_info['version'] ?? '',
-			'author' => $plugin_info['author'] ?? '',
-			'contact' => $plugin_info['contact'] ?? '',
-			'file' => $pluginOriginal,
-			'enabled' => !$disabled,
+			'name' => isset($plugin_info['name']) ? $plugin_info['name'] : '',
+			'description' => isset($plugin_info['description']) ? $plugin_info['description'] : '',
+			'version' => isset($plugin_info['version']) ? $plugin_info['version'] : '',
+			'author' => isset($plugin_info['author']) ? $plugin_info['author'] : '',
+			'contact' => isset($plugin_info['contact']) ? $plugin_info['contact'] : '',
+			'file' => $plugin,
 			'uninstall' => isset($plugin_info['uninstall'])
 		);
 	}

admin/pages/reports.php

@@ -4,12 +4,11 @@
  *
  * @package   MyAAC
  * @author    Lee
- * @copyright 2020 MyAAC
+ * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Report Viewer';
-$use_datatable = true;
 
 $files = array();
 $server_path_reports = $config['data_path'] . 'reports/';
@@ -43,13 +42,16 @@ foreach ($files as &$f) {
 
 unset($f);
 
+$twig->display('admin.reports.html.twig', array('files' => $files));
+
+
 $file = isset($_GET['file']) ? $_GET['file'] : NULL;
 if (!empty($file)) {
 	if (!preg_match('/[^A-z0-9\' _\/\-\.]/', $file)) {
 		if (file_exists($server_path_reports . $file)) {
-			$file_content = nl2br(file_get_contents($server_path_reports . $file));
+			$content = nl2br(file_get_contents($server_path_reports . $file));
 
-			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $file_content));
+			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $content));
 		} else {
 			echo 'Specified file does not exist.';
 		}
@@ -57,5 +59,3 @@ if (!empty($file)) {
 		echo 'Invalid file name specified.';
 	}
 }
-
-$twig->display('admin.reports.html.twig', array('files' => $files));

admin/pages/settings.php

@@ -1,56 +0,0 @@
-<?php
-/**
- * Menus
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-$title = 'Settings';
-
-require_once SYSTEM . 'clients.conf.php';
-if (empty($_GET['plugin'])) {
-	error('Please select plugin from left Panel.');
-	return;
-}
-
-$plugin = $_GET['plugin'];
-
-if($plugin != 'core') {
-	$pluginSettings = Plugins::getPluginSettings($plugin);
-	if (!$pluginSettings) {
-		error('This plugin does not exist or does not have settings defined.');
-		return;
-	}
-
-	$settingsFilePath = BASE . $pluginSettings;
-}
-else {
-	$settingsFilePath = SYSTEM . 'settings.php';
-}
-
-if (!file_exists($settingsFilePath)) {
-	error("Plugin $plugin does not exist or does not have settings defined.");
-	return;
-}
-
-$settingsFile = require $settingsFilePath;
-if (!is_array($settingsFile)) {
-	error("Cannot load settings file for plugin $plugin");
-	return;
-}
-
-$settingsKeyName = ($plugin == 'core' ? $plugin : $settingsFile['key']);
-
-$title = ($plugin == 'core' ? 'Settings' : 'Plugin Settings - ' . $plugin);
-
-$settingsParsed = Settings::display($settingsKeyName, $settingsFile['settings']);
-
-$twig->display('admin.settings.html.twig', [
-	'settingsParsed' => $settingsParsed['content'],
-	'settings' => $settingsFile['settings'],
-	'script' => $settingsParsed['script'],
-	'settingsKeyName' => $settingsKeyName,
-]);

admin/pages/statistics.php

@@ -7,25 +7,26 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
-
-use MyAAC\Models\Account;
-use MyAAC\Models\Guild;
-use MyAAC\Models\House;
-use MyAAC\Models\Player;
-
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Statistics';
 
-$total_accounts = Account::count();
-$total_players = Player::count();
-$total_guilds = Guild::count();
-$total_houses = House::count();
+$query = $db->query('SELECT count(*) as `how_much` FROM `accounts`;');
+$query = $query->fetch();
+$total_accounts = $query['how_much'];
 
-$points = Account::select(['premium_points', (USE_ACCOUNT_NAME ? 'name' : 'id')])
-	->orderByDesc('premium_points')
-	->limit(10)
-	->get()
-	->toArray();
+$query = $db->query('SELECT count(*) as `how_much` FROM `players`;');
+$query = $query->fetch();
+$total_players = $query['how_much'];
+
+$query = $db->query('SELECT count(*) as `how_much` FROM `guilds`;');
+$query = $query->fetch();
+$total_guilds = $query['how_much'];
+
+$query = $db->query('SELECT count(*) as `how_much` FROM `houses`;');
+$query = $query->fetch();
+$total_houses = $query['how_much'];
+
+$points = $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;');
 
 $twig->display('admin.statistics.html.twig', array(
 	'total_accounts' => $total_accounts,

admin/pages/tools.php

@@ -10,24 +10,18 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Tools';
 
-if (!isset($_GET['tool'])) {
+$tool = $_GET['tool'];
+if (!isset($tool)) {
 	echo 'Tool not set.';
 	return;
 }
 
-$tool = $_GET['tool'];
 if (preg_match("/[^A-z0-9_\-]/", $tool)) {
 	echo 'Invalid tool.';
 	return;
 }
 
-$file = ADMIN . 'tools/' . $tool . '.php';
-
-if (@file_exists($file)) {
+$file = BASE . 'admin/pages/tools/' . $tool . '.php';
+if (!@file_exists($file))
 	require $file;
-	return;
-}
-
-echo 'Tool <strong>' . $tool . '</strong> not found.';
-
 ?>

admin/pages/version.php

@@ -24,10 +24,10 @@ if (!$myaac_version) {
 $version_compare = version_compare($myaac_version, MYAAC_VERSION);
 if ($version_compare == 0) {
 	success('MyAAC latest version is ' . $myaac_version . '. You\'re using the latest version.
-	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=clmd', 'here'));
+	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=changelog', 'here'));
 } else if ($version_compare < 0) {
 	success('Woah, seems you\'re using newer version as latest released one! MyAAC latest released version is ' . $myaac_version . ', and you\'re using version ' . MYAAC_VERSION . '.
-	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=clmd', 'here'));
+	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=changelog', 'here'));
 } else {
 	warning('You\'re using outdated version.<br/>
 		Your version: <b>' . MYAAC_VERSION . '</b><br/>

admin/pages/visitors.php

@@ -8,15 +8,9 @@
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
-
-use DeviceDetector\DeviceDetector;
-use DeviceDetector\Parser\Client\Browser;
-use DeviceDetector\Parser\OperatingSystem;
-
 $title = 'Visitors';
-$use_datatable = true;
 
-if (!setting('core.visitors_counter')): ?>
+if (!$config['visitors_counter']): ?>
 	Visitors counter is disabled.<br/>
 	You can enable it by editing this configurable in <b>config.local.php</b> file:<br/>
 	<p style="margin-left: 3em;"><b>$config['visitors_counter'] = true;</b></p>
@@ -25,42 +19,18 @@ if (!setting('core.visitors_counter')): ?>
 endif;
 
 require SYSTEM . 'libs/visitors.php';
-$visitors = new Visitors(setting('core.visitors_counter_ttl'));
+$visitors = new Visitors($config['visitors_counter_ttl']);
 
-function compare($a, $b): int {
+function compare($a, $b)
+{
 	return $a['lastvisit'] > $b['lastvisit'] ? -1 : 1;
 }
 
 $tmp = $visitors->getVisitors();
 usort($tmp, 'compare');
 
-foreach ($tmp as &$visitor) {
-	$userAgent = $visitor['user_agent'] ?? '';
-	if (!strlen($userAgent) || $userAgent == 'unknown') {
-		$browser = 'Unknown';
-	}
-	else {
-		$dd = new DeviceDetector($userAgent);
-		$dd->parse();
-
-		if ($dd->isBot()) {
-			$bot = $dd->getBot();
-			$message = '(Bot) %s, <a href="%s" target="_blank">%s</a>';
-			$browser = sprintf($message, $bot['category'], $bot['url'], $bot['name']);
-		}
-		else {
-			$osFamily = OperatingSystem::getOsFamily($dd->getOs('name'));
-			$browserFamily = Browser::getBrowserFamily($dd->getClient('name'));
-
-			$browser = $osFamily . ', ' . $browserFamily;
-		}
-	}
-
-	$visitor['browser'] = $browser;
-}
-
 $twig->display('admin.visitors.html.twig', array(
-	'config_visitors_counter_ttl' => setting('core.visitors_counter_ttl'),
+	'config_visitors_counter_ttl' => $config['visitors_counter_ttl'],
 	'visitors' => $tmp
 ));
 ?>

admin/template/menus.php

@@ -1,69 +0,0 @@
-<?php
-
-return [
-	['name' => 'Dashboard', 'icon' => 'tachometer-alt', 'order' => 10, 'link' => 'dashboard'],
-	['name' => 'Settings', 'icon' => 'edit', 'order' => 19, 'link' =>
-		require ADMIN . 'includes/settings_menus.php'
-	],
-	['name' => 'News', 'icon' => 'newspaper', 'order' => 20,  'link' =>
-		[
-			['name' => 'View', 'link' => 'news', 'icon' => 'list', 'order' => 10],
-			['name' => 'Add news', 'link' => 'news&action=new&type=1', 'icon' => 'plus', 'order' => 20],
-			['name' => 'Add ticker', 'link' => 'news&action=new&type=2', 'icon' => 'plus', 'order' => 30],
-			['name' => 'Add article', 'link' => 'news&action=new&type=3', 'icon' => 'plus', 'order' => 40],
-		],
-	],
-	['name' => 'Changelogs', 'icon' => 'newspaper', 'order' => 30, 'link' =>
-		[
-			['name' => 'View', 'link' => 'changelog', 'icon' => 'list', 'order' => 10],
-			['name' => 'Add', 'link' => 'changelog&action=new', 'icon' => 'plus', 'order' => 20],
-		],
-	],
-	['name' => 'Mailer', 'icon' => 'envelope', 'order' => 40, 'link' => 'mailer', 'disabled' => !setting('core.mail_enabled')],
-	['name' => 'Pages', 'icon' => 'book', 'order' => 50, 'link' =>
-		[
-			['name' => 'View', 'link' => 'pages', 'icon' => 'list', 'order' => 10],
-			['name' => 'Add', 'link' => 'pages&action=new', 'icon' => 'plus', 'order' => 20],
-		],
-	],
-	['name' => 'Menus', 'icon' => 'list', 'order' => 60, 'link' => 'menus'],
-	['name' => 'Plugins', 'icon' => 'plug', 'order' => 70, 'link' => 'plugins'],
-	['name' => 'Server Data', 'icon' => 'gavel', 'order' => 80, 'link' => 'data'],
-	['name' => 'Editor', 'icon' => 'edit', 'order' => 90, 'link' =>
-		[
-			['name' => 'Accounts', 'link' => 'accounts', 'icon' => 'users', 'order' => 10],
-			['name' => 'Players', 'link' => 'players', 'icon' => 'user-astronaut', 'order' => 20],
-		],
-	],
-	['name' => 'Tools', 'icon' => 'tools', 'order' => 100, 'link' =>
-		[
-			['name' => 'Mass Account Actions', 'link' => 'mass_account', 'icon' => 'globe', 'order' => 10],
-			['name' => 'Mass Teleport Actions', 'link' => 'mass_teleport', 'icon' => 'globe', 'order' => 20],
-			['name' => 'Notepad', 'link' => 'notepad', 'icon' => 'marker', 'order' => 30],
-			['name' => 'phpinfo', 'link' => 'phpinfo', 'icon' => 'server', 'order' => 40],
-		],
-	],
-	['name' => 'Logs', 'icon' => 'bug', 'order' => 110, 'link' =>
-		[
-			['name' => 'Logs', 'link' => 'logs', 'icon' => 'book', 'order' => 10],
-			['name' => 'Reports', 'link' => 'reports', 'icon' => 'book', 'order' => 20],
-			['name' => 'Visitors', 'link' => 'visitors', 'icon' => 'user', 'order' => 30],
-		],
-	],
-];
-
-$hooks->trigger(HOOK_ADMIN_MENU);
-
-usort($menus, function ($a, $b) {
-	return $a['order'] - $b['order'];
-});
-
-foreach ($menus as $i => $menu) {
-	if (isset($menu['link']) && is_array($menu['link'])) {
-		usort($menus[$i]['link'], function ($a, $b) {
-			return $a['order'] - $b['order'];
-		});
-	}
-}
-
-return $menus;

admin/template/style.css

@@ -1,10 +1,44 @@
-.menu-text-li {color: #4b646f; background: #1a2226;}
-.menu-text {
-	display: block;
-	padding: .5rem 1rem;
-	white-space: nowrap;
+.slidecontainer {
+	width: 100%;
 }
 
-.sidebar-mini.sidebar-collapse .menu-text {
-	display: none;
+.slider {
+	-webkit-appearance: none;
+	width: 100%;
+
+	outline: none;
+	opacity: 0.7;
+	-webkit-transition: .2s;
+	transition: opacity .2s;
+}
+
+.slider:hover {
+	opacity: 1;
+}
+
+.slider::-webkit-slider-thumb {
+	-webkit-appearance: none;
+	appearance: none;
+	width: 15px;
+	height: 25px;
+	background: #3c8dbc;
+	cursor: pointer;
+}
+
+.slider::-moz-range-thumb {
+	width: 25px;
+	height: 25px;
+	background: #3c8dbc;
+	cursor: pointer;
+}
+
+td.details-control {
+	text-align: center;
+	color: forestgreen;
+	cursor: pointer;
+}
+
+tr.shown td.details-control {
+	text-align: center;
+	color: red;
 }

admin/template/template.php

@@ -1,203 +1,229 @@
 <?php defined('MYAAC') or die('Direct access not allowed!'); ?>
-<!doctype html>
-<html lang="en">
+<!DOCTYPE html>
+<html>
 <head>
-	<?php $hooks->trigger(HOOK_ADMIN_HEAD_START); ?>
-	<?php echo template_header(true); ?>
-	<title><?php echo (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];?></title>
-	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
-	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/adminlte.min.css">
+	<?php echo template_header(true);
+	$title_full =  (isset($title) ? $title . $config['title_separator'] : '') . $config['lua']['serverName'];
+	?>
+
+	<title><?php echo $title_full ?></title>
+	<link rel="shortcut icon" href="<?php echo BASE_URL; ?>images/favicon.ico" type="image/x-icon" />
+	<link rel="icon" href="<?php echo BASE_URL; ?>images/favicon.ico" type="image/x-icon" />
+	<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
+
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/bootstrap.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/AdminLTE.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/skins/skin-blue.min.css">
 	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/font-awesome.min.css">
-	<?php if (isset($use_datatable)) { ?>
-	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/datatables.bs.min.css">
-	<?php } ?>
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/ionicons.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/jquery.dataTables.min.css">
 	<link rel="stylesheet" type="text/css" href="<?php echo $template_path; ?>style.css"/>
 	<!--[if lt IE 9]>
-	<script src="<?php echo BASE_URL; ?>tools/js/html5shiv.min.js"></script>
-	<script src="<?php echo BASE_URL; ?>tools/js/respond.min.js"></script>
+	<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
+	<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
 	<![endif]-->
-	<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
-	<?php $hooks->trigger(HOOK_ADMIN_HEAD_END); ?>
+	<link rel="stylesheet"
+		  href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
 </head>
-<body class="sidebar-mini ">
-<?php $hooks->trigger(HOOK_ADMIN_BODY_START); ?>
-<?php if ($logged && admin()) { ?>
+<body class="hold-transition skin-blue sidebar-mini">
 <div class="wrapper">
-		<nav class="main-header navbar navbar-expand navbar-white navbar-light">
-			<ul class="navbar-nav">
-				<li class="nav-item">
-					<a class="nav-link" data-widget="pushmenu" href="#"><i class="fas fa-bars"></i></a>
-				</li>
-				<li class="nav-item d-none d-sm-inline-block">
-					<a href="<?php echo ADMIN_URL; ?>" class="nav-link">Home</a>
-				</li>
-			</ul>
-			<ul class="navbar-nav ml-auto">
-				<li class="nav-item">
-					<a class="nav-link" data-widget="control-sidebar" data-slide="true" href="#"><i class="fas fa-th-large"></i></a>
-				</li>
-			</ul>
-		</nav>
-		<aside class="main-sidebar sidebar-dark-info elevation-4">
-			<a href="<?php echo ADMIN_URL; ?>" class="brand-link navbar-info">
-				<img src="<?php echo ADMIN_URL; ?>images/logo.png" class="brand-image img-circle elevation-3" style="opacity: .8">
-				<span class="brand-text"><b>My</b>AAC</span>
-			</a>
-			<div class="sidebar">
-				<nav class="mt-1">
-					<ul class="nav nav-pills nav-sidebar flex-column nav-legacy nav-child-indent" data-widget="treeview" data-accordion="false">
-						<li class="menu-text-li">
-							<span class="menu-text">
-								<a class="text-info" href="<?php echo BASE_URL; ?>" target="_blank">
-									<?php echo $config['lua']['serverName'] ?>
-								</a>
-							</span>
-						</li>
 	<?php
-						// name = Display name of link
-						// icon = fontawesome icon name without "fas fa-"
-						// link = Page link or use as array for sub items
-						$menus = require __DIR__ . '/menus.php';
+	if ($logged && admin()) {
+	?>
+	<header class="main-header">
+		<a href="." class="logo">
+			<span class="logo-mini"><b>M</b>A</span>
+			<span class="logo-lg"><b>My</b>AAC</span>
+		</a>
 
-						foreach ($menus as $category => $menu) {
-							if (isset($menu['disabled']) && $menu['disabled']) {
-								continue;
+		<nav class="navbar navbar-static-top" role="navigation">
+			<a href="#" class="sidebar-toggle" data-toggle="push-menu" role="button">
+				<span class="sr-only">Toggle navigation</span>
+			</a>
+			<div class="navbar-custom-menu">
+				<ul class="nav navbar-nav">
+					<li>
+						<a href="#" data-toggle="control-sidebar"><i class="fa fa-gears"></i></a>
+					</li>
+				</ul>
+			</div>
+		</nav>
+	</header>
+	<aside class="main-sidebar">
+		<section class="sidebar">
+			<ul class="sidebar-menu" data-widget="tree">
+				<li class="header">MyAAC</li>
+
+				<?php
+				$icons_a = array(
+                    'dashboard','newspaper-o', 'envelope',
+                    'book', 'list',
+                    'plug', 'user',
+                    'edit', 'gavel',
+                    'wrench', 'edit', 'book', 'book',
+                );
+
+				$menus = array(
+					'Dashboard' => 'dashboard',
+					'News' => 'news',
+					'Mailer' => 'mailer',
+					'Pages' => 'pages',
+					'Menus' => 'menus',
+					'Plugins' => 'plugins',
+					'Visitors' => 'visitors',
+					'Editor' => array(
+						'Accounts' => 'accounts',
+						'Players' => 'players',
+					),
+					'Items' => 'items',
+					'Tools' => array(
+						'Notepad' => 'notepad',
+						'phpinfo' => 'phpinfo',
+					),
+					'Logs' => array(
+						'Logs' => 'logs',
+						'Reports' => 'reports',
+					),
+				);
+
+				$i = 0;
+				foreach ($menus as $_name => $_page) {
+					$has_child = is_array($_page);
+					if (!$has_child) {
+						echo '<li ';
+						if ($page == $_page) echo ' class="active"';
+						echo ">";
+						echo '<a href="?p=' . $_page . '"><i class="fa fa-' . (isset($icons_a[$i]) ? $icons_a[$i] : 'link') . '"></i> <span>' . $_name . '</span></a></li>';
 					}
 
-							$has_child = is_array($menu['link']);
-							if (!$has_child) { ?>
-								<li class="nav-item">
-									<a class="nav-link<?php echo(strpos($menu['link'], $page) !== false ? ' active' : '') ?>" href="?p=<?php echo $menu['link'] ?>">
-										<i class="nav-icon fas fa-<?php echo($menu['icon'] ?? 'link') ?>"></i>
-										<p><?php echo $menu['name'] ?></p>
-									</a>
-								</li>
-								<?php
-							} else if ($has_child) {
-								$used_menu = null;
+					if ($has_child) {
+						$used_menu = "";
 						$nav_construct = '';
-								foreach ($menu['link'] as $sub_category => $sub_menu) {
-									$nav_construct .= '<li class="nav-item"><a href="?p=' . $sub_menu['link'] . '" class="nav-link';
-									if ($_SERVER['QUERY_STRING'] == 'p=' . $sub_menu['link']) {
-										$nav_construct .= ' active';
+						foreach ($_page as $__name => $__page) {
+							$nav_construct = $nav_construct . '<li';
+
+							if ($page == $__page) {
+								$nav_construct = $nav_construct . ' class="active"';
 								$used_menu = true;
 							}
-									$nav_construct .= '"><i class="fas fa-' . ($sub_menu['icon'] ?? 'circle') . ' nav-icon"></i><p>' . $sub_menu['name'] . '</p></a></li>';
+							$nav_construct = $nav_construct . '><a href="?p=' . $__page . '"><i class="fa fa-circle-o"></i> ' . $__name . '</a></li>';
 						}
-								?>
-								<li class="nav-item has-treeview<?php echo($used_menu ? ' menu-open' : '') ?>">
-									<a href="#" class="nav-link<?php echo($used_menu ? ' active' : '') ?>">
-										<i class="nav-icon fas fa-<?php echo($menu['icon'] ?? 'link') ?>"></i>
-										<p><?php echo $menu['name'] ?></p><i class="right fas fa-angle-left"></i>
-									</a>
-									<ul class="nav nav-treeview">
-										<?php echo $nav_construct; ?>
-									</ul>
-								</li>
-								<?php
+
+						echo '<li class="treeview' . (($used_menu) ? ' menu-open' : '') . '">
+                                      <a href="#"><i class="fa fa-' . (isset($icons_a[$i]) ? $icons_a[$i] : 'link') . '"></i> <span>' . $_name . '</span>
+						              <span class="pull-right-container"><i class="fa fa-angle-left pull-right"></i></span></a>
+						              <ul class="treeview-menu" style="' . (($used_menu) ? '  display: block' : ' display: none') . '">';
+						echo $nav_construct;
+						echo '</ul>
+                                </li>';
 					}
+					$i++;
 				}
 
 				$query = $db->query('SELECT `name`, `page`, `flags` FROM `' . TABLE_PREFIX . 'admin_menu` ORDER BY `ordering`');
 				$menu_db = $query->fetchAll();
 				foreach ($menu_db as $item) {
-							if ($item['flags'] == 0 || hasFlag($item['flags'])) { ?>
-								<li class="nav-item">
-									<a class="nav-link<?php echo($page == $item['page'] ? ' active' : '') ?>" href="?p=<?php echo $item['page'] ?>">
-										<i class="nav-icon fas fa-link"></i>
-										<p><?php echo $item['name'] ?></p>
-									</a>
-								</li>
-								<?php
+					if ($item['flags'] == 0 || hasFlag($item['flags'])) {
+						echo '<li ';
+						if ($page == $item['page']) echo ' class="active"';
+						echo ">";
+						echo '<a href="?p=' . $item['page'] . '"><i class="fa fa-link"></i> <span>' . $item['name'] . '</span></a></li>';
 					}
 				}
 				?>
 			</ul>
-				</nav>
-			</div>
+		</section>
 	</aside>
 
-		<div class="content-wrapper" style="min-height: 823px;">
-			<div class="content-header">
-				<div class="container-fluid">
-					<div class="row mb-2">
-						<div class="col-sm-6">
-							<h3 class="m-0 text-dark"><?php echo(isset($title) ? $title : ''); ?><small> - Admin Panel</small></h3>
+	<div class="content-wrapper">
+		<section class="content-header">
+			<h1><?php echo(isset($title) ? $title : ''); ?>
+				<small> - Admin Panel</small>
+				<div class="pull-right">
+					<span class="label label-<?php echo(($status['online']) ? 'success' : 'danger'); ?>"><?php echo $config['lua']['serverName'] ?></span>
 				</div>
-						<div class="col-sm-6">
-							<div class="float-sm-right d-none d-sm-inline">
-								<span class="p-2 right badge badge-<?php echo((isset($status['online']) and $status['online']) ? 'success' : 'danger'); ?>"><?php echo $config['lua']['serverName'] ?></span>
-							</div>
-						</div>
-					</div>
-				</div>
-			</div>
-			<div class="content">
-				<div class="container-fluid">
+			</h1>
+		</section>
+		<section class="content">
 			<?php echo $content; ?>
-				</div>
-			</div>
-		</div>
+		</section>
 
-		<aside class="control-sidebar control-sidebar-dark">
-			<div class="p-3">
-				<h4>Account:</h4>
-				<p><h5><a href="?action=logout"><i class="fas fa-sign-out-alt text-danger"></i> Log out</h5></a>
-				<small>This will log you out</small></p>
 	</div>
-			<div class="p-3">
-				<h4>Site:</h4>
-				<p><h5><a href="<?php echo BASE_URL; ?>" target="_blank"><i class="far fa-eye text-blue"></i> Preview</a></h5>
-				<small>This will open a new tab</small></p>
-			</div>
-			<div class="p-3">
-				<h4>Version:</h4>
-				<p><h5><a href="?p=version"><i class="fas fa-code-branch"></i> <?php echo MYAAC_VERSION; ?></a></h5>
-				<small>Check for updates</small></p>
-			</div>
-			<div class="p-3">
-				<h4>Site:</h4>
-				<p><h5><a href="https://github.com/slawkens/myaac" target="_blank"><i class="fab fa-github"></i> Github</a></h5>
-				<small>Goto GitHub Page</small></p>
-
-				<p><h5><a href="http://my-aac.org/" target="_blank"><i class="fas fa-shoe-prints"></i> MyAAC Official</a></h5>
-				<small>Goto MyAAC Official Website</small></p>
-
-				<p><h5><a href="?p=open_source"><i class="fas fa-wrench"></i> Open Source</a></h5>
-				<small>View Open Source Software MyAAC is using</small></p>
-			</div>
-		</aside>
 
 	<footer class="main-footer">
-			<div class="float-sm-right d-none d-sm-inline">
-				<span class="p-2 right badge badge-<?php echo((isset($status['online']) and $status['online']) ? 'success' : 'danger'); ?>"><?php echo $config['lua']['serverName'] ?></span>
+
+		<div class="pull-right hidden-xs">
+			<div id="status">
+				<?php if ($status['online']): ?>
+					<p class="success" style="width: 120px; text-align: center;">Server Online</p>
+				<?php else: ?>
+					<p class="error" style="width: 120px; text-align: center;">Server Offline</p>
+				<?php endif; ?>
+			</div>
 		</div>
 		<?php echo base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4='); ?>
 	</footer>
-		<div id="sidebar-overlay"></div>
+
+	<aside class="control-sidebar control-sidebar-dark">
+		<ul class="nav nav-tabs nav-justified control-sidebar-tabs">
+			<li class="active"><a href="#control-sidebar-home-tab" data-toggle="tab"><i class="fa fa-home"></i></a></li>
+			<li><a href="#control-sidebar-settings-tab" data-toggle="tab"><i class="fa fa-gears"></i></a></li>
+		</ul>
+		<div class="tab-content">
+			<div class="tab-pane active" id="control-sidebar-home-tab">
+				<h3 class="control-sidebar-heading">Account</h3>
+				<ul class="control-sidebar-menu">
+					<li>
+						<a href="?action=logout">
+							<i class="menu-icon fa  fa-sign-out bg-red"></i>
+							<div class="menu-info">
+								<h4 class="control-sidebar-subheading">Log out</h4>
+								<p>This will log you out
+									of <?php echo(USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()); ?></p>
+							</div>
+						</a>
+					</li>
+				</ul>
+				<h3 class="control-sidebar-heading">Site</h3>
+				<ul class="control-sidebar-menu">
+					<li>
+						<a href="<?php echo BASE_URL; ?>" target="_blank">
+							<i class="menu-icon fa  fa-eye bg-blue"></i>
+							<div class="menu-info">
+								<h4 class="control-sidebar-subheading">Preview</h4>
+								<p>This will open a new tab</p>
+							</div>
+						</a>
+					</li>
+				</ul>
+			</div>
+			<div class="tab-pane" id="control-sidebar-settings-tab">
+				<form method="post">
+					<h3 class="control-sidebar-heading">Version</h3>
+
+					<div class="form-group">
+						<label class="control-sidebar-subheading">
+							<?php echo MYAAC_VERSION; ?> (<a href="?p=version">Check for updates</a>)<br/>
+						</label>
+						<label class="control-sidebar-subheading">
+							<p><a href="https://github.com/slawkens/myaac" target="_blank">Github</a></p>
+					</div>
+				</form>
+			</div>
+		</div>
+	</aside>
+	<div class="control-sidebar-bg"></div>
 </div>
 
-<?php } else if (!$logged && !admin()) {
+<?php }
+if (!$logged && !admin()) {
 	echo $content;
 }
 ?>
-<?php
-/**
- * @var OTS_Account $account_logged
- */
-if ($logged && admin()) {
-	$twig->display('admin-bar.html.twig', [
-		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
-	]);
-}
-?>
+
 <script src="<?php echo BASE_URL; ?>tools/js/bootstrap.min.js"></script>
 <script src="<?php echo BASE_URL; ?>tools/js/jquery-ui.min.js"></script>
-<?php if (isset($use_datatable))  { ?>
-<script src="<?php echo BASE_URL; ?>tools/js/datatables.min.js"></script>
-<script src="<?php echo BASE_URL; ?>tools/js/datatables.bs.min.js"></script>
-<?php } ?>
+<script src="<?php echo BASE_URL; ?>tools/js/jquery.dataTables.min.js"></script>
 <script src="<?php echo BASE_URL; ?>tools/js/adminlte.min.js"></script>
-<?php $hooks->trigger(HOOK_ADMIN_BODY_END); ?>
 </body>
 </html>

admin/tools/reload_data.php

@@ -1,46 +0,0 @@
-<?php
-/**
- * Project: MyAAC
- *     Automatic Account Creator for Open Tibia Servers
- *
- * This is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2020 MyAAC
- * @link      https://my-aac.org
- */
-define('MYAAC_ADMIN', true);
-
-require '../../common.php';
-require SYSTEM . 'functions.php';
-require SYSTEM . 'init.php';
-require SYSTEM . 'login.php';
-
-if (!admin())
-	die('Access denied.');
-
-ini_set('max_execution_time', 300);
-ob_implicit_flush();
-ob_end_flush();
-header('X-Accel-Buffering: no');
-
-require LIBS . 'DataLoader.php';
-
-require LOCALE . 'en/main.php';
-require LOCALE . 'en/install.php';
-
-DataLoader::setLocale($locale);
-DataLoader::load();

admin/tools/settings_save.php

@@ -1,41 +0,0 @@
-<?php
-const MYAAC_ADMIN = true;
-
-require '../../common.php';
-require SYSTEM . 'functions.php';
-require SYSTEM . 'init.php';
-require SYSTEM . 'login.php';
-
-// event system
-require_once SYSTEM . 'hooks.php';
-$hooks = new Hooks();
-$hooks->load();
-
-if(!admin()) {
-	http_response_code(500);
-	die('Access denied.');
-}
-
-if (!isset($_REQUEST['plugin'])) {
-	http_response_code(500);
-	die('Please enter plugin name.');
-}
-
-if (!isset($_POST['settings'])) {
-	http_response_code(500);
-	die('Please enter settings.');
-}
-
-$settings = Settings::getInstance();
-
-$success = $settings->save($_REQUEST['plugin'], $_POST['settings']);
-
-$errors = $settings->getErrors();
-if (count($errors) > 0) {
-	http_response_code(500);
-	die(implode('<br/>', $errors));
-}
-
-if ($success) {
-	echo 'Saved at ' . date('H:i');
-}

admin/tools/upload_image.php

@@ -1,53 +0,0 @@
-<?php
-define('MYAAC_ADMIN', true);
-
-require '../../common.php';
-require SYSTEM . 'functions.php';
-require SYSTEM . 'init.php';
-require SYSTEM . 'login.php';
-
-if(!admin())
-	die('Access denied.');
-
-// Don't attempt to process the upload on an OPTIONS request
-if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
-	header('Access-Control-Allow-Methods: POST, OPTIONS');
-	return;
-}
-
-$imageFolder = BASE . EDITOR_IMAGES_DIR;
-
-reset ($_FILES);
-$temp = current($_FILES);
-if (is_uploaded_file($temp['tmp_name'])) {
-	header('Access-Control-Allow-Credentials: true');
-	header('P3P: CP="There is no P3P policy."');
-
-	// Sanitize input
-	if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) {
-		header('HTTP/1.1 400 Invalid file name.');
-		return;
-	}
-
-	// Verify extension
-	$ext = strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION));
-	if (!in_array($ext, ['gif', 'jpg', 'png'])) {
-		header('HTTP/1.1 400 Invalid extension.');
-		return;
-	}
-
-	do {
-		$randomName = generateRandomString(8). ".$ext";
-		$fileToWrite = $imageFolder . $randomName;
-	} while (file_exists($fileToWrite));
-
-	move_uploaded_file($temp['tmp_name'], $fileToWrite);
-
-	$returnPathToImage = BASE_URL . EDITOR_IMAGES_DIR . $randomName;
-	echo json_encode(['location' => $returnPathToImage]);
-} else {
-	// Notify editor that the upload failed
-	header('HTTP/1.1 500 Server Error');
-}
-
-

common.php

@@ -23,95 +23,70 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
-if (version_compare(phpversion(), '8.0', '<')) die('PHP version 8.0 or higher is required.');
+if (version_compare(phpversion(), '7.2.5', '<')) die('PHP version 7.2.5 or higher is required.');
 
-const MYAAC = true;
-const MYAAC_VERSION = '0.10.0-dev';
-const DATABASE_VERSION = 36;
-const TABLE_PREFIX = 'myaac_';
+define('MYAAC', true);
+define('MYAAC_VERSION', '0.8.14');
+define('DATABASE_VERSION', 33);
+define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
 define('IS_CLI', in_array(php_sapi_name(), ['cli', 'phpdb']));
 
 // account flags
-const FLAG_NONE = 0;
-const FLAG_ADMIN = 1;
-const FLAG_SUPER_ADMIN = 2;
-const FLAG_SUPER_BOTH = 3;
-const FLAG_CONTENT_PAGES = 4;
-const FLAG_CONTENT_MAILER = 8;
-const FLAG_CONTENT_NEWS = 16;
-const FLAG_CONTENT_FORUM = 32;
-const FLAG_CONTENT_COMMANDS = 64;
-const FLAG_CONTENT_SPELLS = 128;
-const FLAG_CONTENT_MONSTERS = 256;
-const FLAG_CONTENT_GALLERY = 512;
-const FLAG_CONTENT_VIDEOS = 1024;
-const FLAG_CONTENT_FAQ = 2048;
-const FLAG_CONTENT_MENUS = 4096;
-const FLAG_CONTENT_PLAYERS = 8192;
-
-// account access types
-const ACCOUNT_WEB_FLAGS = [
-	FLAG_NONE => 'None',
-	FLAG_ADMIN =>'Admin',
-	FLAG_SUPER_ADMIN => 'Super Admin',
-	FLAG_SUPER_BOTH =>'(Admin + Super Admin)',
-];
+define('FLAG_ADMIN', 1);
+define('FLAG_SUPER_ADMIN', 2);
+define('FLAG_CONTENT_PAGES', 4);
+define('FLAG_CONTENT_MAILER', 8);
+define('FLAG_CONTENT_NEWS', 16);
+define('FLAG_CONTENT_FORUM', 32);
+define('FLAG_CONTENT_COMMANDS', 64);
+define('FLAG_CONTENT_SPELLS', 128);
+define('FLAG_CONTENT_MONSTERS', 256);
+define('FLAG_CONTENT_GALLERY', 512);
+define('FLAG_CONTENT_VIDEOS', 1024);
+define('FLAG_CONTENT_FAQ', 2048);
+define('FLAG_CONTENT_MENUS', 4096);
+define('FLAG_CONTENT_PLAYERS', 8192);
 
 // news
-const NEWS = 1;
-const TICKER = 2;
-const ARTICLE = 3;
-
-// here you can change location of admin panel
-// you need also to rename folder "admin"
-// this may improve security
-const ADMIN_PANEL_FOLDER = 'admin';
+define('NEWS', 1);
+define('TICKER', 2);
+define('ARTICLE', 3);
 
 // directories
-const BASE = __DIR__ . '/';
-const ADMIN = BASE . ADMIN_PANEL_FOLDER . '/';
-const SYSTEM = BASE . 'system/';
-const CACHE = SYSTEM . 'cache/';
-const LOCALE = SYSTEM . 'locale/';
-const LIBS = SYSTEM . 'libs/';
-const LOGS = SYSTEM . 'logs/';
-const PAGES = SYSTEM . 'pages/';
-const PLUGINS = BASE . 'plugins/';
-const TEMPLATES = BASE . 'templates/';
-const TOOLS = BASE . 'tools/';
-const VENDOR = BASE . 'vendor/';
-
-// other dirs
-const SESSIONS_DIR = SYSTEM . 'php_sessions';
-const GUILD_IMAGES_DIR = 'images/guilds/';
-const EDITOR_IMAGES_DIR = 'images/editor/';
-const GALLERY_DIR = 'images/gallery/';
+define('BASE', __DIR__ . '/');
+define('ADMIN', BASE . 'admin/');
+define('SYSTEM', BASE . 'system/');
+define('CACHE', SYSTEM . 'cache/');
+define('LOCALE', SYSTEM . 'locale/');
+define('LIBS', SYSTEM . 'libs/');
+define('LOGS', SYSTEM . 'logs/');
+define('PAGES', SYSTEM . 'pages/');
+define('PLUGINS', BASE . 'plugins/');
+define('TEMPLATES', BASE . 'templates/');
+define('TOOLS', BASE . 'tools/');
 
 // menu categories
-const MENU_CATEGORY_NEWS = 1;
-const MENU_CATEGORY_ACCOUNT = 2;
-const MENU_CATEGORY_COMMUNITY = 3;
-const MENU_CATEGORY_FORUM = 4;
-const MENU_CATEGORY_LIBRARY = 5;
-const MENU_CATEGORY_SHOP = 6;
+define('MENU_CATEGORY_NEWS', 1);
+define('MENU_CATEGORY_ACCOUNT', 2);
+define('MENU_CATEGORY_COMMUNITY', 3);
+define('MENU_CATEGORY_FORUM', 4);
+define('MENU_CATEGORY_LIBRARY', 5);
+define('MENU_CATEGORY_SHOP', 6);
 
 // otserv versions
-const OTSERV = 1;
-const OTSERV_06 = 2;
-const OTSERV_FIRST = OTSERV;
-const OTSERV_LAST = OTSERV_06;
-const TFS_02 = 3;
-const TFS_03 = 4;
-const TFS_FIRST = TFS_02;
-const TFS_LAST = TFS_03;
-
-// other definitions
-const ACCOUNT_NUMBER_LENGTH = 8;
+define('OTSERV', 1);
+define('OTSERV_06', 2);
+define('OTSERV_FIRST', OTSERV);
+define('OTSERV_LAST', OTSERV_06);
+define('TFS_02', 3);
+define('TFS_03', 4);
+define('TFS_FIRST', TFS_02);
+define('TFS_LAST', TFS_03);
 
 if (!IS_CLI) {
-	session_save_path(SESSIONS_DIR);
+	session_save_path(SYSTEM . 'php_sessions');
 	session_start();
 }
 
@@ -122,7 +97,7 @@ $size = count($tmp) - 1;
 for($i = 1; $i < $size; $i++)
 	$basedir .= '/' . $tmp[$i];
 
-$basedir = str_replace(['/' . ADMIN_PANEL_FOLDER, '/install', '/tools'], '', $basedir);
+$basedir = str_replace(array('/admin', '/install', '/tools'), '', $basedir);
 define('BASE_DIR', $basedir);
 
 if(!IS_CLI) {
@@ -138,30 +113,10 @@ if(!IS_CLI) {
 
 	define('SERVER_URL', 'http' . (isset($_SERVER['HTTPS'][0]) && strtolower($_SERVER['HTTPS']) === 'on' ? 's' : '') . '://' . $baseHost);
 	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
-	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
+	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
 
 	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
-}
 
-if (file_exists(BASE . 'config.local.php')) {
-	require BASE . 'config.local.php';
+	require SYSTEM . 'exception.php';
 }
-
-ini_set('log_errors', 1);
-if(@$config['env'] === 'dev') {
-	ini_set('display_errors', 1);
-	ini_set('display_startup_errors', 1);
-	error_reporting(E_ALL);
-}
-else {
-	ini_set('display_errors', 0);
-	ini_set('display_startup_errors', 0);
-	error_reporting(E_ALL & ~E_DEPRECATED & ~E_STRICT);
-}
-
-$autoloadFile = VENDOR . 'autoload.php';
-if (!is_file($autoloadFile)) {
-	throw new RuntimeException('The vendor folder is missing. Please download Composer: <a href="https://getcomposer.org/download">https://getcomposer.org/download</a>, install it and execute in the main MyAAC directory this command: <b>composer install</b>. Or download MyAAC from <a href="https://github.com/slawkens/myaac/releases">GitHub releases</a>, which includes Vendor folder.');
-}
-
-require $autoloadFile;
+require SYSTEM . 'autoload.php';

composer.json

@@ -1,26 +0,0 @@
-{
-    "require": {
-        "php": "^8.0",
-        "ext-pdo": "*",
-        "ext-pdo_mysql": "*",
-        "ext-json": "*",
-        "ext-xml": "*",
-        "ext-dom": "*",
-        "phpmailer/phpmailer": "^6.1",
-        "composer/semver": "^3.2",
-        "twig/twig": "^2.0",
-        "erusev/parsedown": "^1.7",
-        "nikic/fast-route": "^1.3",
-        "matomo/device-detector": "^6.0",
-        "illuminate/database": "^10.18",
-        "peppeocchi/php-cron-scheduler": "4.*"
-    },
-    "require-dev": {
-        "filp/whoops": "^2.15"
-    },
-    "autoload": {
-        "psr-4": {
-            "MyAAC\\": "system/src"
-        }
-    }
-}

config.php

@@ -0,0 +1,301 @@
+<?php
+/**
+ * This is MyAAC's Main Configuration file
+ *
+ * All the default values are kept here, you should not modify it but use
+ * a config.local.php file instead to override the settings from here.
+ *
+ * This is a piece of PHP code so PHP syntax applies!
+ * For boolean values please use true/false.
+ *
+ * Minimally 'server_path' directive have to be filled, other options are optional.
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+
+$config = array(
+	// directories & files
+	'server_path' => '', // path to the server directory (same directory where config file is located)
+
+	/**
+	 * Environment Setting
+	 *
+	 * if you use this script on your live server - set to 'prod' (production)
+	 * if you want to test and debug the script locally, or develop plugins, set to 'dev' (development)
+	 * WARNING: on 'dev' cache is disabled, so site will be significantly slower !!!
+	 * WARNING2: on 'dev' all PHP errors/warnings are displayed
+	 * Recommended: 'prod' cause of speed (page load time is better)
+	 */
+	'env' => 'prod', // 'prod' for production and 'dev' for development
+
+	'template' => 'kathrine', // template used by website (kathrine, tibiacom)
+	'template_allow_change' => true, // allow users to choose their own template while browsing website?
+
+	'vocations_amount' => 4, // how much basic vocations your server got (without promotion)
+
+	// what client version are you using on this OT?
+	// used for the Downloads page and some templates aswell
+	'client' => 1098, // 954 = client 9.54
+
+	'session_prefix' => 'myaac_', // must be unique for every site on your server
+	'friendly_urls' => false, // mod_rewrite is required for this, it makes links looks more elegant to eye, and also are SEO friendly (example: https://my-aac.org/guilds/Testing instead of https://my-aac.org/?subtopic=guilds&name=Testing). Remember to rename .htaccess.dist to .htaccess
+	'gzip_output' => false, // gzip page content before sending it to the browser, uses less bandwidth but more cpu cycles
+
+	// gesior backward support (templates & pages)
+	// allows using gesior templates and pages with myaac
+	// might bring some performance when disabled
+	'backward_support' => true,
+
+	// head options (html)
+	'meta_description' => 'Tibia is a free massive multiplayer online role playing game (MMORPG).', // description of the site
+	'meta_keywords' => 'free online game, free multiplayer game, ots, open tibia server', // keywords list separated by commas
+	'title_separator' => ' - ',
+
+	// footer
+	'footer' => ''/*'<br/>Your Server &copy; 2016. All rights reserved.'*/,
+
+	'language' => 'en', // default language (currently only 'en' available)
+	'language_allow_change' => false,
+
+	'visitors_counter' => true,
+	'visitors_counter_ttl' => 10, // how long visitor will be marked as online (in minutes)
+	'views_counter' => true,
+
+	// cache system. by default file cache is used
+	'cache_engine' => 'auto', // apc, apcu, eaccelerator, xcache, file, auto, or blank to disable.
+	'cache_prefix' => 'myaac_', // have to be unique if running more MyAAC instances on the same server (except file system cache)
+
+	// database details (leave blank for auto detect from config.lua)
+	'database_host' => '',
+	'database_port' => '', // leave blank to default 3306
+	'database_user' => '',
+	'database_password' => '',
+	'database_name' => '',
+	'database_log' => false, // should database queries be logged and and saved into system/logs/database.log?
+	'database_socket' => '', // set if you want to connect to database through socket (example: /var/run/mysqld/mysqld.sock)
+	'database_persistent' => false, // use database permanent connection (like server), may speed up your site
+
+	// multiworld system (only TFS 0.3)
+	'multiworld' => false, // use multiworld system?
+	'worlds' => array( // list of worlds
+		//'1' => 'Your World Name',
+		//'2' => 'Your Second World Name'
+	),
+
+	// images
+	'outfit_images_url' => 'https://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
+	'item_images_url' => 'https://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
+
+	// account
+	'account_management' => true, // disable if you're using other method to manage users (fe. tfs account manager)
+	'account_create_auto_login' => false, // auto login after creating account?
+	'account_create_character_create' => true, // allow directly to create character on create account page?
+	'account_mail_verify' => false, // force users to confirm their email addresses when registering
+	'account_mail_confirmed_reward' => [ // reward users for confirming their E-Mails
+		// account_mail_verify needs to be enabled too
+		'premium_days' => 0,
+		'premium_points' => 0,
+		'coins' => 0,
+		'message' => 'You received %d %s for confirming your E-Mail address.' // example: You received 20 premium points for confirming your E-Mail address.
+	],
+	'account_mail_unique' => true, // email addresses cannot be duplicated? (one account = one email)
+	'account_premium_days' => 0, // default premium days on new account
+	'account_premium_points' => 0, // default premium points on new account
+	'account_welcome_mail' => true, // send welcome email when user registers
+	'account_mail_change' => 2, // how many days user need to change email to account - block hackers
+	'account_country' => true, // user will be able to set country of origin when registering account, this information will be viewable in others places aswell
+	'account_country_recognize' => true, // should country of user be automatically recognized by his IP? This makes an external API call to http://ipinfo.io
+	'account_change_character_name' => false, // can user change their character name for premium points?
+	'account_change_character_name_points' => 30, // cost of name change
+	'account_change_character_sex' => false, // can user change their character sex for premium points?
+	'account_change_character_sex_points' => 30, // cost of sex change
+	'characters_per_account' => 10,	// max. number of characters per account
+
+	// mail
+	'mail_enabled' => false, // is aac maker configured to send e-mails?
+	'mail_address' => 'no-reply@your-server.org', // server e-mail address (from:)
+	'mail_admin' => 'your-address@your-server.org', // admin email address, where mails from contact form will be sent
+	'mail_signature' => array( // signature that will be included at the end of every message sent using _mail function
+		'plain' => ""/*"--\nMy Server,\nhttp://www.myserver.com"*/,
+		'html' => ''/*'<br/>My Server,\n<a href="http://www.myserver.com">myserver.com</a>'*/
+	),
+	'smtp_enabled' => false, // send by smtp or mail function (set false if use mail function, set to true if you use GMail or Microsoft Outlook)
+	'smtp_host' => '', // mail host. smtp.gmail.com for GMail / smtp-mail.outlook.com for Microsoft Outlook
+	'smtp_port' => 25, // 25 (default) / 465 (ssl, GMail) / 587 (tls, Microsoft Outlook)
+	'smtp_auth' => true, // need authorization?
+	'smtp_user' => 'admin@example.org', // here your email username
+	'smtp_pass' => '',
+	'smtp_secure' => '', // What kind of encryption to use on the SMTP connection. Options: '', 'ssl' (GMail) or 'tls' (Microsoft Outlook)
+	'smtp_debug' => false, // set true to debug (you will see more info in error.log)
+
+	// reCAPTCHA (prevent spam bots)
+	'recaptcha_enabled' => false, // enable recaptcha verification code
+	'recaptcha_site_key' => '', // get your own site and secret keys at https://www.google.com/recaptcha
+	'recaptcha_secret_key' => '',
+	'recaptcha_theme' => 'light', // light, dark
+
+	//
+	'generate_new_reckey' => true,				// let player generate new recovery key, he will receive e-mail with new rec key (not display on page, hacker can't generate rec key)
+	'generate_new_reckey_price' => 20,			// price for new recovery key
+	'send_mail_when_change_password' => true,	// send e-mail with new password when change password to account
+	'send_mail_when_generate_reckey' => true,	// send e-mail with rec key (key is displayed on page anyway when generate)
+
+	// genders (aka sex)
+	'genders' => array(
+		0 => 'Female',
+		1 => 'Male'
+	),
+
+	// new character config
+	'character_samples' => array( // vocations, format: ID_of_vocation => 'Name of Character to copy'
+		//0 => 'Rook Sample',
+		1 => 'Sorcerer Sample',
+		2 => 'Druid Sample',
+		3 => 'Paladin Sample',
+		4 => 'Knight Sample'
+	),
+
+	'use_character_sample_skills' => false,
+
+	// it must show limited number of players after using search in character page
+	'characters_search_limit' => 15,
+
+	// town list used when creating character
+	// won't be displayed if there is only one item (rookgaard for example)
+	'character_towns' => array(1),
+
+	// characters length
+	// This is the minimum and the maximum length that a player can create a character. It is highly recommend the maximum length to be 21.
+	'character_name_min_length' => 4,
+	'character_name_max_length' => 21,
+
+	// list of towns
+	// if you use TFS 1.3 with support for 'towns' table in database, then you can ignore this - it will be configured automatically (generated from your .OTBM map)
+	'towns' => array(
+		0 => 'No town',
+		1 => 'Sample town'
+	),
+
+	// guilds
+	'guild_management' => true, // enable guild management system on the site?
+	'guild_need_level' => 1, // min. level to form a guild
+	'guild_need_premium' => true, // require premium account to form a guild?
+	'guild_image_size_kb' => 80, // maximum size of the guild logo image in KB (kilobytes)
+	'guild_description_chars_limit' => 1000, // limit of guild description
+	'guild_description_lines_limit' => 6, // limit of lines, if description has more lines it will be showed as long text, without 'enters'
+	'guild_motd_chars_limit' => 150, // limit of MOTD (message of the day) that is shown later in the game on the guild channel
+
+	// online page
+	'online_record' => true, // display players record?
+	'online_vocations' => false, // display vocation statistics?
+	'online_vocations_images' => false, // display vocation images?
+	'online_skulls' => false, // display skull images
+	'online_outfit' => true,
+	'online_afk' => false,
+
+	// support list page
+	'team_style' => 2, // 1/2 (1 - normal table, 2 - in boxes, grouped by group id)
+	'team_display_status' => true,
+	'team_display_lastlogin' => true,
+	'team_display_world' => false,
+	'team_display_outfit' => true,
+
+	// bans page
+	'bans_limit' => 50,
+	'bans_display_all' => true, // should all bans be displayed? (sorted page by page)
+
+	// highscores page
+	'highscores_vocation_box' => true, // show 'Choose a vocation' box on the highscores (allowing peoples to sort highscores by vocation)?
+	'highscores_vocation' => true, // show player vocation under his nickname?
+	'highscores_frags' => false, // show 'Frags' tab (best fraggers on the server)? Only 0.3
+	'highscores_balance' => false, // show 'Balance' tab (richest players on the server)
+	'highscores_outfit' => true, // show player outfit?
+	'highscores_country_box' => false, // doesnt work yet! (not implemented)
+	'highscores_groups_hidden' => 3, // this group id and higher won't be shown on the highscores
+	'highscores_ids_hidden' => array(0), // this ids of players will be hidden on the highscores (should be ids of samples)
+	'highscores_length' => 100, // how many records per page on highscores
+
+	// characters page
+	'characters' => array( // what things to display on character view page (true/false in each option)
+		'level' => true,
+		'experience' => false,
+		'magic_level' => false,
+		'balance' => false,
+		'marriage_info' => true, // only 0.3
+		'outfit' => true,
+		'creation_date' => true,
+		'quests' => true,
+		'skills' => true,
+		'equipment' => true,
+		'frags' => false,
+		'deleted' => false, // should deleted characters from same account be still listed on the list of characters? When enabled it will show that character is "[DELETED]"
+	),
+	'quests' => array(
+		//'Some Quest' => 123,
+		//'Some Quest Two' => 456,
+	), // quests list (displayed in character view), name => storage
+	'signature_enabled' => true,
+	'signature_type' => 'tibian', // signature engine to use: tibian, mango, gesior
+	'signature_cache_time' => 5, // how long to store cached file (in minutes), default 5 minutes
+	'signature_browser_cache' => 60, // how long to cache by browser (in minutes), default 1 hour
+
+	// news page
+	'news_limit' => 5, // limit of news on the latest news page
+	'news_ticker_limit' => 5, // limit of news in tickers (mini news) (0 to disable)
+	'news_date_format' => 'j.n.Y', // check php manual date() function for more info about this
+	'news_author' => true, // show author of the news
+
+	// gifts/shop system
+	'gifts_system' => false,
+
+	// support/system
+	'bug_report' => true, // this configurable has no effect, its always enabled
+
+	// forum
+	'forum' => 'site', // link to the server forum, set to "site" if you want to use build in forum system, otherwise leave empty if you aren't going to use any forum
+	'forum_level_required' => 0, // level required to post, 0 to disable
+	'forum_post_interval' => 30, // in seconds
+	'forum_posts_per_page' => 20,
+	'forum_threads_per_page' => 20,
+	// uncomment to force use table for forum
+	//'forum_table_prefix' => 'z_', // what forum mysql table to use, z_ (for gesior old forum) or myaac_ (for myaac)
+
+	// last kills
+	'last_kills_limit' => 50, // max. number of deaths shown on the last kills page
+
+	// status, took automatically from config file if empty
+	'status_enabled' => true, // you can disable status checking by settings this to "false"
+	'status_ip' => '',
+	'status_port' => '',
+	'status_timeout' => 2, // how long to wait for the initial response from the server (default: 2 seconds)
+
+	// how often to connect to server and update status (default: every minute)
+	// if your status timeout in config.lua is bigger, that it will be used instead
+	// when server is offline, it will be checked every time web refreshes, ignoring this variable
+	'status_interval' => 60,
+
+	// admin panel
+	'admin_panel_modules' => 'lastlogin,points,coins',
+
+	// other
+	'anonymous_usage_statistics' => true,
+	'email_lai_sec_interval' => 60, // time in seconds between e-mails to one account from lost account interface, block spam
+	'google_analytics_id' => '', // e.g.: UA-XXXXXXX-X
+	'experiencetable_columns' => 3, // how many columns to display in experience table page. * experiencetable_rows, 5 = 500 (will show up to 500 level)
+	'experiencetable_rows' => 200, // till how many levels in one column
+	'date_timezone' => 'Europe/Berlin', // more info at http://php.net/manual/en/timezones.php
+	'footer_show_load_time' => true, // display load time of the page in the footer
+
+	'npc' => array(),
+	
+	// character name blocked
+	'character_name_blocked' => array(
+		'prefix' => array(),
+		'names' => array(),
+		'words' => array(),
+	),
+	
+);

cypress.config.js

@@ -1,9 +0,0 @@
-const { defineConfig } = require("cypress");
-
-module.exports = defineConfig({
-  e2e: {
-    setupNodeEvents(on, config) {
-      // implement node event listeners here
-    },
-  },
-});

cypress/e2e/1-install.cy.js

@@ -1,75 +0,0 @@
-describe('Install MyAAC', () => {
-	beforeEach(() => {
-		// Cypress starts out with a blank slate for each test
-		// so we must tell it to visit our website with the `cy.visit()` command.
-		// Since we want to visit the same URL at the start of all our tests,
-		// we include it in our beforeEach function so that it runs before each test
-		cy.visit(Cypress.env('URL'))
-	})
-
-	it('Go through installer', () => {
-		cy.visit(Cypress.env('URL') + '/install/?step=welcome')
-		cy.wait(1000)
-
-		cy.screenshot('install-welcome')
-
-		// step 1 - Welcome
-		cy.get('select[name="lang"]').select('en')
-
-		//cy.get('input[type=button]').contains('Next »').click()
-
-		cy.get('form').submit()
-
-		// step 2 - License
-		// just skip
-		cy.contains('GNU/GPL License');
-		cy.get('form').submit()
-
-		// step 3 - Requirements
-		cy.contains('Requirements check');
-
-		cy.get('#step').then(elem => {
-			elem.val('config');
-		});
-
-		cy.get('form').submit()
-
-		// step 4 - Configuration
-		cy.contains('Basic configuration');
-
-		cy.get('#vars_server_path').click().clear().type(Cypress.env('SERVER_PATH'))
-		cy.get('#vars_mail_admin').click().clear().type('noone@example.net')
-
-		cy.get('[type="checkbox"]').uncheck() // usage statistics uncheck
-
-		cy.wait(1000)
-
-		cy.get('form').submit()
-
-		// check if there is any error
-
-
-		// step 5 - Import Schema
-		cy.contains('Import MySQL schema');
-
-		// AAC is not installed yet, this message should not come
-		cy.contains('Seems AAC is already installed. Skipping importing MySQL schema..').should('not.exist')
-
-		cy.contains('[class="alert alert-success"]', 'Local configuration has been saved into file: config.local.php').should('be.visible')
-
-		cy.get('form').submit()
-
-		// step 6 - Admin Account
-		cy.get('#vars_email').click().clear().type('admin@my-aac.org')
-		cy.get('#vars_account').click().clear().type('admin')
-		cy.get('#vars_password').click().clear().type('test1234')
-		cy.get('#vars_password_confirm').click().clear().type('test1234')
-		cy.get('#vars_player_name').click().clear().type('Admin')
-
-		cy.get('form').submit()
-
-		cy.contains('[class="alert alert-success"]', 'Congratulations', { timeout: 30000 }).should('be.visible')
-
-		cy.screenshot('install-finish')
-	})
-})

cypress/e2e/2-create-account.cy.js

@@ -1,33 +0,0 @@
-describe('Create Account Page', () => {
-	beforeEach(() => {
-		// Cypress starts out with a blank slate for each test
-		// so we must tell it to visit our website with the `cy.visit()` command.
-		// Since we want to visit the same URL at the start of all our tests,
-		// we include it in our beforeEach function so that it runs before each test
-		cy.visit(Cypress.env('URL') + '/index.php/account/create')
-	})
-
-	it('Create Test Account', () => {
-		cy.screenshot('create-account-page')
-
-		cy.get('#account_input').type('tester')
-		cy.get('#email').type('tester@example.com')
-
-		cy.get('#password').type('test1234')
-		cy.get('#password2').type('test1234')
-
-		cy.get('#character_name').type('Slaw')
-
-		cy.get('#sex1').check()
-		cy.get('#vocation1').check()
-		cy.get('#accept_rules').check()
-
-		cy.get('#createaccount').submit()
-
-		// no errors please
-		cy.contains('The Following Errors Have Occurred:').should('not.exist')
-
-		// ss of post page
-		cy.screenshot('create-account-page-post')
-	})
-})

cypress/e2e/3-check-public-pages.cy.js

@@ -1,174 +0,0 @@
-describe('Check Public Pages', () => {
-
-	/// news
-	it('Go to news page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/news',
-			method: 'GET',
-		})
-	})
-
-	it('Go to news archive page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/news/archive',
-			method: 'GET',
-		})
-	})
-
-	it('Go to changelog page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/changelog',
-			method: 'GET',
-		})
-	})
-
-	/// account management
-	it('Go to account manage page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/manage',
-			method: 'GET',
-		})
-	})
-
-	it('Go to account create page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/create',
-			method: 'GET',
-		})
-	})
-
-	it('Go to account lost page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/lost',
-			method: 'GET',
-		})
-	})
-
-	it('Go to rules page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/rules',
-			method: 'GET',
-		})
-	})
-
-	// community
-	it('Go to online page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/online',
-			method: 'GET',
-		})
-	})
-
-	it('Go to characters list page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/characters',
-			method: 'GET',
-		})
-	})
-
-	it('Go to guilds page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/guilds',
-			method: 'GET',
-		})
-	})
-
-	it('Go to highscores page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/highscores',
-			method: 'GET',
-		})
-	})
-
-	it('Go to last kills page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/lastkills',
-			method: 'GET',
-		})
-	})
-
-	it('Go to houses page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/houses',
-			method: 'GET',
-		})
-	})
-
-	it('Go to bans page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/bans',
-			method: 'GET',
-		})
-	})
-
-	it('Go to forum page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/forum',
-			method: 'GET',
-		})
-	})
-
-	it('Go to team page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/team',
-			method: 'GET',
-		})
-	})
-
-	// library
-	it('Go to creatures page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/creatures',
-			method: 'GET',
-		})
-	})
-
-	it('Go to spells page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/spells',
-			method: 'GET',
-		})
-	})
-
-	it('Go to server info page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/serverInfo',
-			method: 'GET',
-		})
-	})
-
-	it('Go to commands page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/commands',
-			method: 'GET',
-		})
-	})
-
-	it('Go to downloads page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/downloads',
-			method: 'GET',
-		})
-	})
-
-	it('Go to gallery page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/gallery',
-			method: 'GET',
-		})
-	})
-
-	it('Go to experience table page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/experienceTable',
-			method: 'GET',
-		})
-	})
-
-	it('Go to faq page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/faq',
-			method: 'GET',
-		})
-	})
-})

cypress/e2e/4-check-protected-pages.cy.js

@@ -1,81 +0,0 @@
-const REQUIRED_LOGIN_MESSAGE = 'Please enter your account name and your password.';
-const YOU_ARE_NOT_LOGGEDIN = 'You are not logged in.';
-
-describe('Check Protected Pages', () => {
-
-	// character actions
-	it('Go to accouht character creation page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/character/create',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	it('Go to accouht character deletion page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/character/delete',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	// account actions
-	it('Go to accouht email change page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/email',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	it('Go to accouht password change page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/password',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	it('Go to accouht info change page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/info',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	it('Go to accouht logout change page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/account/logout',
-			method: 'GET',
-		})
-		cy.contains(REQUIRED_LOGIN_MESSAGE)
-	})
-
-	// guild actions
-	it('Go to guild creation page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/?subtopic=guilds&action=create',
-			method: 'GET',
-		})
-		cy.contains(YOU_ARE_NOT_LOGGEDIN)
-	})
-
-	it('Go to guilds cleanup players action page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/?subtopic=guilds&action=cleanup_players',
-			method: 'GET',
-		})
-		cy.contains(YOU_ARE_NOT_LOGGEDIN)
-	})
-
-	it('Go to guilds cleanup guilds action page', () => {
-		cy.visit({
-			url: Cypress.env('URL') + '/?subtopic=guilds&action=cleanup_guilds',
-			method: 'GET',
-		})
-		cy.contains(YOU_ARE_NOT_LOGGEDIN)
-	})
-
-})

cypress/fixtures/example.json

@@ -1,5 +0,0 @@
-{
-  "name": "Using fixtures to represent data",
-  "email": "hello@cypress.io",
-  "body": "Fixtures are a great way to mock data for responses to routes"
-}

cypress/support/commands.js

@@ -1,25 +0,0 @@
-// ***********************************************
-// This example commands.js shows you how to
-// create various custom commands and overwrite
-// existing commands.
-//
-// For more comprehensive examples of custom
-// commands please read more here:
-// https://on.cypress.io/custom-commands
-// ***********************************************
-//
-//
-// -- This is a parent command --
-// Cypress.Commands.add('login', (email, password) => { ... })
-//
-//
-// -- This is a child command --
-// Cypress.Commands.add('drag', { prevSubject: 'element'}, (subject, options) => { ... })
-//
-//
-// -- This is a dual command --
-// Cypress.Commands.add('dismiss', { prevSubject: 'optional'}, (subject, options) => { ... })
-//
-//
-// -- This will overwrite an existing command --
-// Cypress.Commands.overwrite('visit', (originalFn, url, options) => { ... })

cypress/support/e2e.js

@@ -1,20 +0,0 @@
-// ***********************************************************
-// This example support/e2e.js is processed and
-// loaded automatically before your test files.
-//
-// This is a great place to put global configuration and
-// behavior that modifies Cypress.
-//
-// You can change the location of this file or turn off
-// automatically serving support files with the
-// 'supportFile' configuration option.
-//
-// You can read more here:
-// https://on.cypress.io/configuration
-// ***********************************************************
-
-// Import commands.js using ES2015 syntax:
-import './commands'
-
-// Alternatively you can use CommonJS syntax:
-// require('./commands')

index.php

@@ -28,22 +28,18 @@ require_once 'common.php';
 require_once SYSTEM . 'functions.php';
 
 $uri = $_SERVER['REQUEST_URI'];
-if(false !== strpos($uri, 'index.php')) {
-	$uri = str_replace_first('/index.php', '', $uri);
-}
 
-if(0 === strpos($uri, '/')) {
+$tmp = BASE_DIR;
+if(!empty($tmp))
+	$uri = str_replace(BASE_DIR . '/', '', $uri);
+else
 	$uri = str_replace_first('/', '', $uri);
-}
 
-if(preg_match("/^[A-Za-z0-9-_%'+\/]+\.png$/i", $uri)) {
-	if (!empty(BASE_DIR)) {
-		$tmp = explode('.', str_replace_first(str_replace_first('/', '', BASE_DIR) . '/', '', $uri));
-	}
-	else {
+$uri = str_replace(array('index.php/', '?'), '', $uri);
+define('URI', $uri);
+
+if(preg_match("/^[A-Za-z0-9-_%'+]+\.png$/i", $uri)) {
 	$tmp = explode('.', $uri);
-	}
-
 	$_REQUEST['name'] = urldecode($tmp[0]);
 
 	chdir(TOOLS . 'signature');
@@ -51,44 +47,168 @@ if(preg_match("/^[A-Za-z0-9-_%'+\/]+\.png$/i", $uri)) {
 	exit();
 }
 
-if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
+if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
 	http_response_code(404);
 	exit;
 }
 
+if(file_exists(BASE . 'config.local.php')) {
+	require_once BASE . 'config.local.php';
+}
+
+ini_set('log_errors', 1);
+if(config('env') === 'dev') {
+	ini_set('display_errors', 1);
+	ini_set('display_startup_errors', 1);
+	error_reporting(E_ALL);
+}
+else {
+	ini_set('display_errors', 0);
+	ini_set('display_startup_errors', 0);
+	error_reporting(E_ALL & ~E_DEPRECATED & ~E_STRICT);
+}
+
 if((!isset($config['installed']) || !$config['installed']) && file_exists(BASE . 'install'))
 {
 	header('Location: ' . BASE_URL . 'install/');
 	throw new RuntimeException('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
 }
 
-$template_place_holders = array();
-
 require_once SYSTEM . 'init.php';
+require_once SYSTEM . 'template.php';
 
 // verify myaac tables exists in database
 if(!$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
 }
 
+$found = false;
+if(empty($uri) || isset($_REQUEST['template'])) {
+	$_REQUEST['p'] = 'news';
+	$found = true;
+}
+else {
+	$tmp = strtolower($uri);
+	if (!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(TEMPLATES . $template_name . '/pages/' . $tmp . '.php')) {
+		$_REQUEST['p'] = $uri;
+		$found = true;
+	}
+	else if (!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $tmp . '.php')) {
+		$_REQUEST['p'] = $uri;
+		$found = true;
+	}
+	else {
+		$rules = array(
+			'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
+			'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
+			'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
+			'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
+			'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
+			'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
+			'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
+			'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
+			'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
+			'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
+			'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
+			'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
+			'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
+			'/^account\/character\/comment\/[A-Za-z0-9-_%+\']+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
+			'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
+			'/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
+			'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
+			'/^changelog\/[0-9]+\/?$/' => array('subtopic' => 'changelog', 'page' => '$1'),
+			'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
+			'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
+			'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
+			'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
+			'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
+			'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
+			'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
+			'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
+			'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
+			'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
+			'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
+			'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
+			'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
+			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
+			'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
+			'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
+			'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
+			'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
+			'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
+			'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
+			'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
+			'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
+			'/^houses\/view\/?$/' => array('subtopic' => 'houses', 'page' => 'view')
+		);
+
+		foreach ($rules as $rule => $redirect) {
+			if (preg_match($rule, $uri)) {
+				$tmp = explode('/', $uri);
+				/* @var $redirect array */
+				foreach ($redirect as $key => $value) {
+
+					if (strpos($value, '$') !== false) {
+						$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
+					}
+
+					$_REQUEST[$key] = $value;
+					$_GET[$key] = $value;
+				}
+
+				$found = true;
+				break;
+			}
+		}
+	}
+}
+
+// handle ?fbclid=x, etc. (show news page)
+if (!$found && count($_GET) > 0 && !isset($_REQUEST['subtopic']) && !isset($_REQUEST['p']) && !in_array($_SERVER['QUERY_STRING'], getDatabasePages())) {
+	$_REQUEST['p'] = $_REQUEST['subtopic'] = 'news';
+	$found = true;
+}
+
+// define page visited, so it can be used within events system
+$page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_REQUEST['p']) ? $_REQUEST['p'] : '');
+if(empty($page) || !preg_match('/^[A-z0-9\_\-]+$/', $page)) {
+	$tmp = URI;
+	if(!empty($tmp)) {
+		$page = $tmp;
+	}
+	else {
+		if(!$found)
+			$page = '404';
+		else
+			$page = 'news';
+	}
+}
+
+$page = strtolower($page);
+define('PAGE', $page);
+
+$template_place_holders = array();
+
 // event system
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
 $hooks->load();
-require_once SYSTEM . 'template.php';
 require_once SYSTEM . 'login.php';
 require_once SYSTEM . 'status.php';
 
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
 
-require_once SYSTEM . 'router.php';
+require SYSTEM . 'migrate.php';
 
 $hooks->trigger(HOOK_STARTUP);
 
 // anonymous usage statistics
 // sent only when user agrees
-if(setting('core.anonymous_usage_statistics')) {
+if(isset($config['anonymous_usage_statistics']) && $config['anonymous_usage_statistics']) {
 	$report_time = 30 * 24 * 60 * 60; // report one time per 30 days
 	$should_report = true;
 
@@ -121,22 +241,53 @@ if(setting('core.anonymous_usage_statistics')) {
 	}
 }
 
-if(setting('core.views_counter'))
+if($config['views_counter'])
 	require_once SYSTEM . 'counter.php';
 
-if(setting('core.visitors_counter')) {
+if($config['visitors_counter'])
+{
 	require_once SYSTEM . 'libs/visitors.php';
-	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
+	$visitors = new Visitors($config['visitors_counter_ttl']);
 }
 
+// page content loading
+if(!isset($content[0]))
+	$content = '';
+$load_it = true;
+
+// check if site has been closed
+$site_closed = false;
+if(fetchDatabaseConfig('site_closed', $site_closed)) {
+	$site_closed = ($site_closed == 1);
+	if($site_closed) {
+		if(!admin())
+		{
+			$title = getDatabaseConfig('site_closed_title');
+			$content .= '<p class="note">' . getDatabaseConfig('site_closed_message') . '</p><br/>';
+			$load_it = false;
+		}
+
+		if(!$logged)
+		{
+			ob_start();
+			require SYSTEM . 'pages/accountmanagement.php';
+			$content .= ob_get_contents();
+			ob_end_clean();
+			$load_it = false;
+		}
+	}
+}
+define('SITE_CLOSED', $site_closed);
+
 // backward support for gesior
-if(setting('core.backward_support')) {
+if($config['backward_support']) {
 	define('INITIALIZED', true);
 	$SQL = $db;
 	$layout_header = template_header();
 	$layout_name = $template_path;
 	$news_content = '';
 	$tickers_content = '';
+	$subtopic = PAGE;
 	$main_content = '';
 
 	$config['access_admin_panel'] = 2;
@@ -146,7 +297,7 @@ if(setting('core.backward_support')) {
 
 	$config['site'] = &$config;
 	$config['server'] = &$config['lua'];
-	$config['site']['shop_system'] = setting('core.gifts_system');
+	$config['site']['shop_system'] = $config['gifts_system'];
 	$config['site']['gallery_page'] = true;
 
 	if(!isset($config['vdarkborder']))
@@ -160,23 +311,74 @@ if(setting('core.backward_support')) {
 	$config['site']['serverinfo_page'] = true;
 	$config['site']['screenshot_page'] = true;
 
-	$forumSetting = setting('core.forum');
-	if($forumSetting != '')
-		$config['forum_link'] = (strtolower($forumSetting) === 'site' ? getLink('forum') : $forumSetting);
+	if($config['forum'] != '')
+		$config['forum_link'] = (strtolower($config['forum']) === 'site' ? getLink('forum') : $config['forum']);
 
 	foreach($status as $key => $value)
 		$config['status']['serverStatus_' . $key] = $value;
 }
 
-/**
- * @var OTS_Account $account_logged
- */
-if ($logged && admin()) {
-	$content .= $twig->render('admin-bar.html.twig', [
-		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
-	]);
+if($load_it)
+{
+	if(SITE_CLOSED && admin())
+		$content .= '<p class="note">Site is under maintenance (closed mode). Only privileged users can see it.</p>';
+
+	if($config['backward_support']) {
+		require SYSTEM . 'compat/pages.php';
+		require SYSTEM . 'compat/classes.php';
 	}
-$title_full =  (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];
+
+	$ignore = false;
+
+	$logged_access = 1;
+	if($logged && $account_logged && $account_logged->isLoaded()) {
+		$logged_access = $account_logged->getAccess();
+	}
+
+	$success = false;
+	$tmp_content = getCustomPage($page, $success);
+	if($success) {
+		$content .= $tmp_content;
+		if(hasFlag(FLAG_CONTENT_PAGES) || superAdmin()) {
+			$pageInfo = getCustomPageInfo($page);
+			$content = $twig->render('admin.pages.links.html.twig', array(
+					'page' => array('id' => $pageInfo !== null ? $pageInfo['id'] : 0, 'hidden' => $pageInfo !== null ? $pageInfo['hidden'] : '0')
+				)) . $content;
+		}
+	} else {
+		$file = TEMPLATES . "$template_name/pages/$page.php";
+		if(!@file_exists($file) || preg_match('/[^A-z0-9_\-]/', $page)) {
+			$file = SYSTEM . "pages/$page.php";
+			if(!@file_exists($file) || preg_match('/[^A-z0-9_\-]/', $page)) {
+				$page = '404';
+				$file = SYSTEM . 'pages/404.php';
+			}
+		}
+	}
+
+	ob_start();
+	if($hooks->trigger(HOOK_BEFORE_PAGE)) {
+		if(!$ignore)
+			require $file;
+	}
+
+	if($config['backward_support'] && isset($main_content[0]))
+		$content .= $main_content;
+
+	$content .= ob_get_contents();
+	ob_end_clean();
+	$hooks->trigger(HOOK_AFTER_PAGE);
+}
+
+if($config['backward_support']) {
+	$main_content = $content;
+	if(!isset($title))
+		$title = ucfirst($page);
+
+	$topic = $title;
+}
+
+$title_full =  (isset($title) ? $title . $config['title_separator'] : '') . $config['lua']['serverName'];
 require $template_path . '/' . $template_index;
 
 echo base64_decode('PCEtLSBQb3dlcmVkIGJ5IE15QUFDIDo6IGh0dHBzOi8vd3d3Lm15LWFhYy5vcmcvIC0tPg==') . PHP_EOL;

install/includes/database.php

@@ -6,18 +6,12 @@ $ots = POT::getInstance();
 require SYSTEM . 'database.php';
 
 if(!isset($db)) {
-	$database_error = '<p class="lead">' . $locale['step_database_error_mysql_connect'] . '</p>';
-	
-	$database_error .= '<p>' . $locale['step_database_error_mysql_connect_2'] . '</p>';
-
-	$database_error .= '<ul class="list-group">' .
-							'<li class="list-group-item list-group-item-warning">' . $locale['step_database_error_mysql_connect_3'] . '</li>' .
-							'<li class="list-group-item list-group-item-warning">' . $locale['step_database_error_mysql_connect_4'] . '</li>' .
-						'</ul>';
-
-	$database_error .= '<div class="alert alert-danger mt-4">
-							<span>' . $error . '</span>
-						</div>';
+	$database_error = $locale['step_database_error_mysql_connect'] . '<br/>' .
+			$locale['step_database_error_mysql_connect_2'] .
+			'<ul>' .
+				'<li>' . $locale['step_database_error_mysql_connect_3'] . '</li>' .
+				'<li>' . $locale['step_database_error_mysql_connect_4'] . '</li>' .
+			'</ul>' . '<br/>' . $error;
 }
 else {
 	if($db->hasTable('accounts'))

install/includes/functions.php

@@ -62,9 +62,9 @@ function next_buttons($previous = true, $next = true)
 		$ret .= '<input class="button" type="submit" onclick="document.getElementById(\'step\').value=\'' . $steps[$i + 1] . '\';" value="' . $locale['next'] . '" />';
 */
 	if($previous)
-		$ret .= '<input type="button" class="button btn btn-primary m-2" onclick="document.getElementById(\'step\').value=\'' . $steps[$i - 1] . '\'; this.form.submit();" value="&laquo; ' . $locale['previous'] . '" />';
+		$ret .= '<input type="button" class="button" onclick="document.getElementById(\'step\').value=\'' . $steps[$i - 1] . '\'; this.form.submit();" value="&laquo; ' . $locale['previous'] . '" />';
 	if($next)
-		$ret .= '<input type="button" class="button btn btn-primary m-2" onclick="document.getElementById(\'step\').value=\'' . $steps[$i + 1] . '\'; this.form.submit(); " value="' . $locale['next'] . ' &raquo;" />';
+		$ret .= '<input type="button" class="button" onclick="document.getElementById(\'step\').value=\'' . $steps[$i + 1] . '\'; this.form.submit(); " value="' . $locale['next'] . ' &raquo;" />';
 
 	$ret .= '</div>';
 	return $ret;

install/includes/schema.sql

@@ -1,4 +1,4 @@
-SET @myaac_database_version = 36;
+SET @myaac_database_version = 33;
 
 CREATE TABLE `myaac_account_actions`
 (
@@ -127,6 +127,70 @@ CREATE TABLE `myaac_menu`
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 
+/* MENU_CATEGORY_NEWS kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Latest News', 'news', 1, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'News Archive', 'news/archive', 1, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Changelog', 'changelog', 1, 2);
+/* MENU_CATEGORY_ACCOUNT kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Account Management', 'account/manage', 2, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Create Account', 'account/create', 2, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Lost Account?', 'account/lost', 2, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Rules', 'rules', 2, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Downloads', 'downloads', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Report Bug', 'bugtracker', 2, 5);
+/* MENU_CATEGORY_COMMUNITY kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Who is Online?', 'online', 3, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Characters', 'characters', 3, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Guilds', 'guilds', 3, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Highscores', 'highscores', 3, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Last Deaths', 'lastkills', 3, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Houses', 'houses', 3, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Bans', 'bans', 3, 6);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Forum', 'forum', 3, 7);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Team', 'team', 3, 8);
+/* MENU_CATEGORY_LIBRARY kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Monsters', 'creatures', 5, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Spells', 'spells', 5, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Info', 'serverInfo', 5, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Commands', 'commands', 5, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Gallery', 'gallery', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Experience Table', 'experienceTable', 5, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'FAQ', 'faq', 5, 6);
+/* MENU_CATEGORY_SHOP kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Buy Points', 'points', 6, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop Offer', 'gifts', 6, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop History', 'gifts/history', 6, 2);
+/* MENU_CATEGORY_NEWS tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Latest News', 'news', 1, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'News Archive', 'news/archive', 1, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Changelog', 'changelog', 1, 2);
+/* MENU_CATEGORY_ACCOUNT tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Account Management', 'account/manage', 2, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Create Account', 'account/create', 2, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Lost Account?', 'account/lost', 2, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Rules', 'rules', 2, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Downloads', 'downloads', 2, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Report Bug', 'bugtracker', 2, 5);
+/* MENU_CATEGORY_COMMUNITY tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Characters', 'characters', 3, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Who Is Online?', 'online', 3, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Highscores', 'highscores', 3, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Last Kills', 'lastkills', 3, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Houses', 'houses', 3, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Guilds', 'guilds', 3, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Polls', 'polls', 3, 6);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Bans', 'bans', 3, 7);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Support List', 'team', 3, 8);
+/* MENU_CATEGORY_FORUM tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Forum', 'forum', 4, 0);
+/* MENU_CATEGORY_LIBRARY tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Creatures', 'creatures', 5, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Spells', 'spells', 5, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Commands', 'commands', 5, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Exp Stages', 'experienceStages', 5, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Gallery', 'gallery', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Info', 'serverInfo', 5, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Experience Table', 'experienceTable', 5, 6);
 /* MENU_CATEGORY_SHOP tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Buy Points', 'points', 6, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop Offer', 'gifts', 6, 1);
@@ -139,29 +203,25 @@ CREATE TABLE `myaac_monsters` (
 	`mana` int(11) NOT NULL DEFAULT 0,
 	`exp` int(11) NOT NULL,
 	`health` int(11) NOT NULL,
-	`look` VARCHAR(255) NOT NULL DEFAULT '',
 	`speed_lvl` int(11) NOT NULL default 1,
 	`use_haste` tinyint(1) NOT NULL,
 	`voices` text NOT NULL,
 	`immunities` varchar(255) NOT NULL,
-	`elements` TEXT NOT NULL,
 	`summonable` tinyint(1) NOT NULL,
 	`convinceable` tinyint(1) NOT NULL,
-	`pushable` TINYINT(1) NOT NULL DEFAULT '0',
-	`canpushitems` TINYINT(1) NOT NULL DEFAULT '0',
-	`canwalkonenergy` TINYINT(1) NOT NULL DEFAULT '0',
-	`canwalkonpoison` TINYINT(1) NOT NULL DEFAULT '0',
-	`canwalkonfire` TINYINT(1) NOT NULL DEFAULT '0',
-	`runonhealth` TINYINT(1) NOT NULL DEFAULT '0',
-	`hostile` TINYINT(1) NOT NULL DEFAULT '0',
-	`attackable` TINYINT(1) NOT NULL DEFAULT '0',
-	`rewardboss` TINYINT(1) NOT NULL DEFAULT '0',
-	`defense` INT(11) NOT NULL DEFAULT '0',
-	`armor` INT(11) NOT NULL DEFAULT '0',
-	`canpushcreatures` TINYINT(1) NOT NULL DEFAULT '0',
 	`race` varchar(255) NOT NULL,
 	`loot` text NOT NULL,
-	`summons` TEXT NOT NULL,
+	PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+
+CREATE TABLE `myaac_videos`
+(
+	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`title` VARCHAR(100) NOT NULL DEFAULT '',
+	`youtube_id` VARCHAR(20) NOT NULL,
+	`author` VARCHAR(50) NOT NULL DEFAULT '',
+	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 
@@ -239,16 +299,6 @@ CREATE TABLE `myaac_gallery`
 
 INSERT INTO `myaac_gallery` (`id`, `ordering`, `comment`, `image`, `thumb`, `author`) VALUES (NULL, 1, 'Demon', 'images/gallery/demon.jpg', 'images/gallery/demon_thumb.gif', 'MyAAC');
 
-CREATE TABLE `myaac_settings`
-(
-	`id` int(11) NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(255) NOT NULL DEFAULT '',
-	`key` VARCHAR(255) NOT NULL DEFAULT '',
-	`value` TEXT NOT NULL,
-	PRIMARY KEY (`id`),
-	KEY `key` (`key`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
-
 CREATE TABLE `myaac_spells`
 (
 	`id` INT(11) NOT NULL AUTO_INCREMENT,
@@ -277,7 +327,6 @@ CREATE TABLE `myaac_visitors`
 	`ip` VARCHAR(45) NOT NULL,
 	`lastvisit` INT(11) NOT NULL DEFAULT 0,
 	`page` VARCHAR(2048) NOT NULL,
-	`user_agent` VARCHAR(255) NOT NULL DEFAULT '',
 	UNIQUE (`ip`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 

install/index.php

@@ -12,7 +12,9 @@ require SYSTEM . 'functions.php';
 require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 require SYSTEM . 'clients.conf.php';
-require LIBS . 'settings.php';
+
+if(file_exists(BASE . 'config.local.php'))
+	require BASE . 'config.local.php';
 
 // ignore undefined index from Twig autoloader
 $config['env'] = 'prod';
@@ -24,13 +26,13 @@ $twig = new Twig_Environment($twig_loader, array(
 ));
 
 // load installation status
-$step = $_REQUEST['step'] ?? 'welcome';
+$step = isset($_POST['step']) ? $_POST['step'] : 'welcome';
 
 $install_status = array();
 if(file_exists(CACHE . 'install.txt')) {
 	$install_status = unserialize(file_get_contents(CACHE . 'install.txt'));
 
-	if(!isset($_REQUEST['step'])) {
+	if(!isset($_POST['step'])) {
 		$step = isset($install_status['step']) ? $install_status['step'] : '';
 	}
 }
@@ -68,7 +70,7 @@ if($step == 'database') {
 
 		$key = str_replace('var_', '', $key);
 
-		if(in_array($key, array('account', 'account_id', 'password', 'password_confirm', 'email', 'player_name'))) {
+		if(in_array($key, array('account', 'account_id', 'password', 'email', 'player_name'))) {
 			continue;
 		}
 
@@ -89,6 +91,14 @@ if($step == 'database') {
 				break;
 			}
 		}
+		else if($key == 'mail_admin' && !Validator::email($value)) {
+			$errors[] = $locale['step_config_mail_admin_error'];
+			break;
+		}
+		else if($key == 'mail_address' && !Validator::email($value)) {
+			$errors[] = $locale['step_config_mail_address_error'];
+			break;
+		}
 		else if($key == 'timezone' && !in_array($value, DateTimeZone::listIdentifiers())) {
 			$errors[] = $locale['step_config_timezone_error'];
 			break;
@@ -114,7 +124,6 @@ else if($step == 'admin') {
 else if($step == 'finish') {
 	$email = $_SESSION['var_email'];
 	$password = $_SESSION['var_password'];
-	$password_confirm = $_SESSION['var_password_confirm'];
 	$player_name = $_SESSION['var_player_name'];
 
 	// email check
@@ -156,9 +165,6 @@ else if($step == 'finish') {
 	else if(!Validator::password($password)) {
 		$errors[] = $locale['step_admin_password_error_format'];
 	}
-	else if($password != $password_confirm) {
-		$errors[] = $locale['step_admin_password_confirm_error_not_same'];
-	}
 
 	// player name check
 	if(empty($player_name)) {

install/steps/1-welcome.php

@@ -1,7 +1,7 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
-	echo '<div class="alert alert-warning"><span>' . $locale['already_installed'] . '</span></div>';
+	echo '<p class="warning">' . $locale['already_installed'] . '</p>';
 }
 else {
 	unset($_SESSION['saved']);

install/steps/3-requirements.php

@@ -2,21 +2,8 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 // configuration
-$dirs_required = [
-	'system/logs',
-	'system/cache',
-];
-$dirs_optional = [
-	GUILD_IMAGES_DIR => $locale['step_requirements_warning_images_guilds'],
-	GALLERY_DIR => $locale['step_requirements_warning_images_gallery'],
-];
-
 $extensions_required = [
-	'pdo', 'pdo_mysql', 'json', 'xml'
-];
-$extensions_optional = [
-	'gd' => $locale['step_requirements_warning_player_signatures'],
-	'zip' => $locale['step_requirements_warning_install_plugins'],
+	'pdo', 'pdo_mysql', 'xml', 'zip'
 ];
 /*
  *
@@ -27,11 +14,11 @@ $extensions_optional = [
 function version_check($name, $ok, $info = '', $warning = false)
 {
 	global $failed;
-	echo '<div class="alert alert-' . ($ok ? 'success' : ($warning ? 'warning' : 'danger')) . '">' . $name;
+	echo '<p class="' . ($ok ? 'success' : ($warning ? 'warning' : 'error')) . '">' . $name;
 	if(!empty($info))
 		echo ': <b>' . $info . '</b>';
 
-	echo '</div>';
+	echo '</p>';
 	if(!$ok && !$warning)
 		$failed = true;
 }
@@ -40,18 +27,12 @@ $failed = false;
 
 // start validating
 version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50500), PHP_VERSION);
-
-foreach ($dirs_required as $value)
+foreach(array('images/guilds', 'images/houses', 'images/gallery') as $value)
 {
-	$is_writable = is_writable(BASE . $value) && (MYAAC_OS != 'WINDOWS' || win_is_writable(BASE . $value));
+	$is_writable = is_writable(BASE . $value);
 	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $is_writable);
 }
 
-foreach ($dirs_optional as $dir => $errorMsg) {
-	$is_writable = is_writable(BASE . $dir) && (MYAAC_OS != 'WINDOWS' || win_is_writable(BASE . $dir));
-	version_check($locale['step_requirements_write_perms'] . ': ' . $dir, $is_writable, $is_writable ? '' : $errorMsg, true);
-}
-
 $ini_register_globals = ini_get_bool('register_globals');
 version_check('register_long_arrays', !$ini_register_globals, $ini_register_globals ? $locale['on'] : $locale['off']);
 
@@ -63,19 +44,12 @@ foreach ($extensions_required as $ext) {
 	version_check(str_replace('$EXTENSION$', strtoupper($ext), $locale['step_requirements_extension']) , $loaded, $loaded ? $locale['loaded'] : $locale['not_loaded']);
 }
 
-foreach ($extensions_optional as $ext => $errorMsg) {
-	$loaded = extension_loaded($ext);
-	version_check(str_replace('$EXTENSION$', strtoupper($ext), $locale['step_requirements_extension']) , $loaded, $loaded ? $locale['loaded'] : $locale['not_loaded'] . '. ' . $errorMsg, true);
-}
 
-echo '<div class="text-center m-3">';
-
-if($failed) {
-	echo '<div class="alert alert-warning"><span>' . $locale['step_requirements_failed'] . '</span></div>';
+if($failed)
+{
+	echo '<br/><b>' . $locale['step_requirements_failed'];
 	echo next_form(true, false);
-}else {
-	echo next_form(true, true);
 }
-
-echo '</div>';
+else
+	echo next_form(true, true);
 ?>

install/steps/5-database.php

@@ -11,12 +11,18 @@ if(!isset($_SESSION['var_server_path'])) {
 }
 
 if(!$error) {
-	$configToSave = [
+	$content = "<?php";
+	$content .= PHP_EOL;
+	$content .= '// place for your configuration directives, so you can later easily update myaac';
+	$content .= PHP_EOL;
+	$content .= '$config[\'installed\'] = true;';
+	$content .= PHP_EOL;
 	// by default, set env to prod
 	// user can disable when he wants
-		'env' => 'prod',
-	];
-
+	$content .= '$config[\'env\'] = \'prod\'; // dev or prod';
+	$content .= PHP_EOL;
+	$content .= '$config[\'mail_enabled\'] = true;';
+	$content .= PHP_EOL;
 	foreach($_SESSION as $key => $value)
 	{
 		if(strpos($key, 'var_') !== false)
@@ -28,16 +34,17 @@ if(!$error) {
 					$value .= '/';
 			}
 
-			if(!in_array($key, ['var_usage', 'var_date_timezone', 'var_client', 'var_account', 'var_account_id', 'var_password', 'var_password_confirm', 'var_step', 'var_email', 'var_player_name'], true)) {
-				$configToSave[str_replace('var_', '', $key)] = $value;
+			if($key === 'var_usage') {
+				$content .= '$config[\'anonymous_usage_statistics\'] = ' . ((int)$value == 1 ? 'true' : 'false') . ';';
+				$content .= PHP_EOL;
+			}
+			else if(!in_array($key, array('var_account', 'var_account_id', 'var_password', 'var_step', 'var_email', 'var_player_name'), true)) {
+				$content .= '$config[\'' . str_replace('var_', '', $key) . '\'] = \'' . $value . '\';';
+				$content .= PHP_EOL;
 			}
 		}
 	}
 
-	$configToSave['gzip_output'] = false;
-	$configToSave['cache_engine'] = 'auto';
-	$configToSave['cache_prefix'] = 'myaac_' . generateRandomString(8, true, false, true);
-
 	require BASE . 'install/includes/config.php';
 
 	if(!$error) {
@@ -74,17 +81,36 @@ if(!$error) {
 					'message' => $locale['loading_spinner']
 				));
 
-				$content = '';
-				$saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content);
+				if(!Validator::email($_SESSION['var_mail_admin'])) {
+					error($locale['step_config_mail_admin_error']);
+					$error = true;
+				}
+
+				if(!Validator::email($_SESSION['var_mail_address'])) {
+					error($locale['step_config_mail_address_error']);
+					$error = true;
+				}
+
+				$content .= '$config[\'session_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
+				$content .= PHP_EOL;
+				$content .= '$config[\'cache_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
+
+				$saved = true;
+				if(!$error) {
+					$saved = file_put_contents(BASE . 'config.local.php', $content);
+				}
+
 				if($saved) {
 					success($locale['step_database_config_saved']);
+					if(!$error) {
 						$_SESSION['saved'] = true;
 					}
+				}
 				else {
 					$_SESSION['config_content'] = $content;
 					unset($_SESSION['saved']);
 
-					$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.php</b>', $locale['step_database_error_file']);
+					$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.local.php</b>', $locale['step_database_error_file']);
 					error($locale['step_database_error_file'] . '<br/>
 						<textarea cols="70" rows="10">' . $content . '</textarea>');
 				}
@@ -94,10 +120,8 @@ if(!$error) {
 }
 ?>
 
-<div class="text-center m-3">
 <form action="<?php echo BASE_URL; ?>install/" method="post">
 	<input type="hidden" name="step" id="step" value="admin" />
 	<?php echo next_buttons(true, !$error);
 	?>
 </form>
-</div>

install/steps/7-finish.php

@@ -8,14 +8,15 @@ if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['save
 else {
 	require SYSTEM . 'init.php';
 	if(!$error) {
-		if(USE_ACCOUNT_NAME || USE_ACCOUNT_NUMBER)
+		if(USE_ACCOUNT_NAME)
 			$account = isset($_SESSION['var_account']) ? $_SESSION['var_account'] : null;
 		else
 			$account_id = isset($_SESSION['var_account_id']) ? $_SESSION['var_account_id'] : null;
 
 		$password = $_SESSION['var_password'];
 
-		if(USE_ACCOUNT_SALT)
+		$config_salt_enabled = $db->hasColumn('accounts', 'salt');
+		if($config_salt_enabled)
 		{
 			$salt = generateRandomString(10, false, true, true);
 			$password = $salt . $password;
@@ -73,7 +74,7 @@ else {
 			$account_used = &$new_account;
 		}
 
-		if(USE_ACCOUNT_SALT)
+		if($config_salt_enabled)
 			$account_used->setCustomField('salt', $salt);
 
 		$account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
@@ -116,30 +117,12 @@ else {
 			}
 		}
 
-		$settings = Settings::getInstance();
-		foreach($_SESSION as $key => $value) {
-			if (in_array($key, ['var_usage', 'var_date_timezone', 'var_client'])) {
-				if ($key == 'var_usage') {
-					$key = 'anonymous_usage_statistics';
-					$value = ((int)$value == 1 ? 'true' : 'false');
-				} elseif ($key == 'var_date_timezone') {
-					$key = 'date_timezone';
-				} elseif ($key == 'var_client') {
-					$key = 'client';
-				}
-
-				$settings->updateInDatabase('core', $key, $value);
-			}
-		}
-		success('Settings saved.');
-
 		$twig->display('install.installer.html.twig', array(
 			'url' => 'tools/7-finish.php',
 			'message' => $locale['importing_spinner']
 		));
 
 		if(!isset($_SESSION['installed'])) {
-			if (!array_key_exists('CI', getenv())) {
 			$report_url = 'https://my-aac.org/report_install.php?v=' . MYAAC_VERSION . '&b=' . urlencode(BASE_URL);
 			if (function_exists('curl_version'))
 			{
@@ -152,8 +135,6 @@ else {
 			else if (ini_get('allow_url_fopen') ) {
 				file_get_contents($report_url);
 			}
-			}
-
 			$_SESSION['installed'] = true;
 		}
 

install/template/style.css

@@ -1,13 +1,299 @@
-@import url('https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400&display=swap');
-
+* {
+	margin: 0; padding: 0;
+}
 body {
-    font-family: 'Roboto', sans-serif;
+	text-align: center;
+	font: 12px Verdana;
+	color: #000000;
+	background-color: #000000;
+}
+img {
+	border: 0;
 }
 
-h1{
-    font-weight: 100 !important;
+.break {
+	font-size: 0;
+	width: 0; height: 0;
+	clear: both;
+}
+.alignleft {
+	float: left;
+	margin: 4px 10px 5px 0;
+}
+.alignright {
+	float: right;
+	margin: 4px 0 5px 10px;
+}
+.aligncenter {
+	text-align: center;
 }
 
-h3 {
-    font-weight: 300 !important;
+/** BEGIN wrapper **/
+#wrapper {
+	background: #ffffff url(images/background.jpg) repeat-x 0 0;
+	width: 980px;
+}
+
+#header {
+	margin-bottom: 10px;
+	border-bottom: 1px solid #eee;
+	padding-bottom: 15px;
+}
+
+#footer {
+	padding-top: 15px;
+	border-top: 1px solid #eee;
+	margin-top: 10px;
+	text-align: right;
+	color: #555;
+}
+
+#header h1 {
+	font-weight: bold;
+	margin: 0;
+	padding: 0;
+}
+
+#header span {
+	font-size: 25px;
+	color: #000;
+	font-weight: bold;
+	padding-left: 40px;
+	line-height: 80px;
+}
+
+#version {
+	float: right;
+	color: #000;
+	font-size: 17px;
+	padding-top: 25px;
+	padding-right: 5px;
+}
+
+/** BEGIN body **/
+#body {
+	background: url(images/wrapper.gif) repeat-y 0 0;
+}
+/** END body **/
+
+/** BEGIN content **/
+#content {
+	width: 642px;
+	float: left;
+	padding: 20px 18px 20px 20px;
+	color: #434242;
+}
+
+	/** begin headers **/
+	h1, h2, h3, h4, h5, h6 {
+		font-family: Tahoma;
+		margin-bottom: 10px;
+	}
+	h2, h3, h4, h5, h6 {
+		margin-top: 30px;
+	}
+	h1 { font-size: 2em; }
+	h2 { font-size: 1.6em; }
+	h3 { font-size: 1.3em; }
+	h4, h5, h6 { font-size: 1em; }
+	/** end headers **/
+	
+	/** begin messages **/
+	.error, .success, .note, .warning {
+		font-weight: bold;
+		font-size: 0.9em;
+		padding: 4px 10px 4px 24px;
+		background-repeat: no-repeat;
+		background-position: 5px 6px;
+		border-style: solid;
+		border-width: 1px;
+		line-height: 1.6em;
+		margin-bottom: 10px;
+	}
+	.error {
+		background-color: #FDD9D9;
+		background-image: url(images/error.gif);
+		border-color: #FBA3A3;
+		color: #D80303;
+	}
+	.success {
+		background-color: #E4FCD9;
+		background-image: url(images/success.gif);
+		border-color: #BFFDA3;
+		color: #35A502;
+	}
+	.note {
+		background-color: #DDEAFA;
+		background-image: url(images/note.gif);
+		border-color: #A3D8FD;
+		color: #026DA5;
+	}
+	.warning {
+		background-color: #FBF0B3;
+		background-image: url(images/warning.gif);
+		border-color: #FBBB95;
+		color: #FD6002;
+	}
+	/** end messages **/
+	
+	/** begin form **/
+	form {
+		border: 1px solid #DDDDDD;
+		padding: 16px;
+	}
+		form .input {
+			padding-top: 12px;
+			clear: both;
+		}
+		form .first { 
+			padding-top: 0;
+		}
+		form .input p {
+			margin-bottom: 7px !important;
+		}
+		form input {
+			margin-right: 5px;
+		}
+		form label {
+			margin-right: 10px;
+			color: #8B8B8B;
+		}
+		form input.text, form textarea {
+			border: 1px solid #BEBDBD;
+			font-size: 1em;
+			font-family: Verdana;
+			background-color: #F3F3F3;
+			color: #808080;
+			padding: 2px;
+			max-width: 100%;
+		}
+		.positive, .negative {
+			font-size: 0.9em;
+			font-weight: bold;
+			padding: 1px 0 0 20px;
+			background-repeat: no-repeat;
+			background-position: 0 0;
+			display: inline;
+			margin-top: 2px;
+		}
+		.positive {
+			background-image: url(images/positive.gif);
+			color: #35A502;
+		}
+		.negative {
+			background-image: url(images/negative.gif);
+			color: #D80303;
+		}
+		form textarea {
+			line-height: 1.6em;
+		}
+		form button, form input.button {
+			font-size: 0.9em;
+			font-family: Verdana;
+			font-weight: bold;
+			color: #ffffff;
+			background: #B6B4B4 url(images/button.gif) repeat-x 0 0;
+			border: 1px solid #B6B4B4;
+			padding: 5px 10px;
+		}
+	/** end form **/
+	
+	/** begin table **/
+	table {
+		
+	}
+		table th {
+			font-size: 0.9em;
+			color: #ffffff;
+			background-color: #679BC5;
+			padding: 2px 4px;
+			line-height: 1.6em;
+		}
+		table td {
+			line-height: 1.6em;
+			padding: 2px 4px;
+		}
+		table tr.odd td { background-color: #EEEEEE; }
+		table tr.even td { background-color: #E5E5E5; }
+		
+	/** end table **/
+	
+	/** begin paragraphs, lists, etc. **/
+	#content p {
+		line-height: 1.6em;
+		margin-bottom: 10px;
+	}
+	#content ul, #content ol {
+		list-style-position: inside;
+	}
+	#content li {
+		line-height: 1.6em;
+		padding: 2px 0 2px 0;
+	}
+	a {
+		color: #679BC5;
+	}
+	a:hover {
+		color: #ff0000;
+		text-decoration: none;
+	}
+	blockquote {
+		padding: 10px;
+		background-color: #eeeeee;
+		line-height: 1.6em;
+		border-width: 2px 0 1px;
+		border-style: solid;
+		border-color: #e0e0e0;
+	}
+	/** end paragraphs, lists, etc. **/
+
+/** END content **/
+
+/** BEGIN sidebar **/
+#sidebar {
+	width: 300px;
+	float: right;
+	padding: 10px 0;
+}
+	#sidebar h2 {
+		background: green url(images/sidehead.gif) no-repeat 0 0;
+		margin: 0 10px;
+		font-size: 1em;
+		color: #ffffff;
+		padding: 7px 10px;
+	}
+	#sidebar ul {
+		list-style-type: none;
+		background: #E0E0E0 url(images/sidebody.gif) no-repeat 0 bottom;
+		padding: 10px;
+		margin: 0 10px 10px;
+	}
+	#sidebar ul li {
+		padding: 4px 0 4px 14px;
+		background: none;
+		line-height: 1.6em;
+		font-size: 0.9em;
+		font-weight: bold;
+	}
+	#sidebar ul li a {
+		color: #000000;
+		text-decoration: none;
+	}
+	#sidebar ul li a:hover {
+		text-decoration: none;
+		color: #ff0000;
+	}
+	
+	#sidebar ul li a:active {
+		text-decoration: none;
+		color: #ff0000;
+	}
+	
+	#sidebar ul li current {
+		text-decoration: none;
+		color: #ff0000;
+	}
+	.current {
+		text-decoration: none;
+		color: #ff0000;
 	}

install/template/template.php

@@ -1,74 +1,48 @@
-<!DOCTYPE html>
-<html dir="<?php echo $locale['direction']; ?>" lang="<?php echo $locale['lang']; ?>" xml:lang="<?php echo $locale['lang']; ?>">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" dir="<?php echo $locale['direction']; ?>" lang="<?php echo $locale['lang']; ?>" xml:lang="<?php echo $locale['lang']; ?>">
 <head>
 	<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $locale['encoding']; ?>" />
-	<meta name="viewport" content="width=device-width, initial-scale=1">
 	<title>MyAAC - <?php echo $locale['installation']; ?></title>
-	<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-rbsA2VBKQhggwzxH7pPCaAqO46MgnOM80zW1RWuH61DGLwZJEdK2Kadq2F9CUG65" crossorigin="anonymous">
 	<link rel="stylesheet" type="text/css" href="template/style.css" />
 	<script type="text/javascript" src="<?php echo BASE_URL; ?>tools/js/jquery.min.js"></script>
 </head>
 <body>
-
-	<div id="body" class="container">
-
-		<header id="header" class="pt-5 pb-4 pb-sm-5">
+	<div id="wrapper">
+		<!--div class="buffer"-->
+			<div id="header">
 				<h1>MyAAC <?php echo $locale['installation']; ?></h1>
-		</header>
+			</div>
 
-		<div class="row">
+			<div id="body">
 
-			<div id="sidebar" class="col-md-3">
-				<h3><?php echo $locale['steps']; ?></h3>
-				<ul class="list-group mt-4">
+				<div id="sidebar">
+					<h2><?php echo $locale['steps']; ?></h2>
+					<ul>
 						<?php
 							$i = 0;
-						foreach($steps as $key => $value){
-
-							if ($step == $value) {
-								$progress = ($i == 6) ? 100 : $i * 16;
-							}
-
-							echo '<li class="list-group-item' . ($step == $value ? ' active' : '') . '">' . ++$i . '. ' . $locale['step_' . $value] . '</li>';
-						}
-
+							foreach($steps as $key => $value)
+								echo '<li' . ($step == $value ? ' class="current"' : '') . '>' . ++$i . '. ' . $locale['step_' . $value] . '</li>';
 						?>
 					</ul>
 				</div>
 
-			<div id="content" class="col-md-9">
-
+				<div id="content">
 					<?php
 						if(isset($locale['step_' . $step . '_title']))
-						echo '<h3 class="mb-4 mt-4 mt-md-0">' . $locale['step_' . $step . '_title'] . '</h3>';
+							echo '<h1>' . $locale['step_' . $step . '_title'] . '</h1>';
 						else
-						echo '<h3 class="mb-4 mt-4 mt-md-0">' . $locale['step_' . $step] . '</h3>';
+							echo '<h1>' . $locale['step_' . $step] . '</h1>';
+						echo $content;
 					?>
-
-				<?php
-				if(!isset($config['installed'])):
-				?>
-				<div class="row">
-					<div class="col-md-12">
-						<div class="progress mb-2">
-							<div class="progress-bar progress-bar-striped progress-bar-animated" style="width: <?php echo $progress; ?>%" role="progressbar" aria-valuenow="<?php echo $progress; ?>" aria-valuemin="0" aria-valuemax="100"></div>
-						</div>
-					</div>
-				</div>
-				<?php endif; ?>
-
-				<?php echo $content; ?>
-
 				</div>
 
+				<div class="break"></div>
+			</div>
+		<!--/div-->
 	</div>
 
-		<hr />
-
-	</div>
-
-	<footer id="footer" class="p-4">
+	<div id="footer">
 		<p style="text-align: center;"><?php echo base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4='); ?></p>
-	</footer>
+	</div>
 </body>
 </html>

install/tools/5-database.php

@@ -56,7 +56,7 @@ else {
 }
 
 if(!$db->hasColumn('accounts', 'created')) {
-	if(query("ALTER TABLE `accounts` ADD `created` INT(11) NOT NULL DEFAULT 0 AFTER `" . ($db->hasColumn('accounts', 'group_id') ? 'group_id' : 'key') . "`;"))
+	if(query("ALTER TABLE `accounts` ADD `created` INT(11) NOT NULL DEFAULT 0 AFTER `" . ($db->hasColumn('accounts', 'group_id') ? 'group_id' : 'email') . "`;"))
 		success($locale['step_database_adding_field'] . ' accounts.created...');
 }
 

install/tools/7-finish.php

@@ -11,11 +11,11 @@ ini_set('max_execution_time', 300);
 ob_implicit_flush();
 ob_end_flush();
 header('X-Accel-Buffering: no');
-/*
+
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
 	return;
-}*/
+}
 
 require SYSTEM . 'init.php';
 
@@ -45,16 +45,48 @@ if($success) {
 	success($locale['step_database_imported_players']);
 }
 
-require_once LIBS . 'plugins.php';
-Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php');
-Plugins::installMenus('tibiacom', require TEMPLATES . 'tibiacom/menus.php');
+require LIBS . 'items.php';
+if(Items::loadFromXML())
+	success($locale['step_database_loaded_items']);
+else
+	error(Items::getError());
 
-require LIBS . 'DataLoader.php';
-DataLoader::setLocale($locale);
-DataLoader::load();
+require LIBS . 'weapons.php';
+if(Weapons::loadFromXML())
+	success($locale['step_database_loaded_weapons']);
+else
+	error(Weapons::getError());
+
+require LIBS . 'creatures.php';
+if(Creatures::loadFromXML()) {
+	success($locale['step_database_loaded_monsters']);
+
+	if(Creatures::getMonstersList()->hasErrors()) {
+		$locale['step_database_error_monsters'] = str_replace('$LOG$', 'system/logs/error.log', $locale['step_database_error_monsters']);
+		warning($locale['step_database_error_monsters']);
+	}
+}
+else {
+	error(Creatures::getLastError());
+}
+
+require LIBS . 'spells.php';
+if(Spells::loadFromXML()) {
+	success($locale['step_database_loaded_spells']);
+}
+else {
+	error(Spells::getLastError());
+}
 
 // update config.highscores_ids_hidden
 require_once SYSTEM . 'migrations/20.php';
+$database_migration_20 = true;
+$content = '';
+if(!databaseMigration20($content)) {
+	$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.local.php</b>', $locale['step_database_error_file']);
+	warning($locale['step_database_error_file'] . '<br/>
+				<textarea cols="70" rows="10">' . $content . '</textarea>');
+}
 
 // add z_polls tables
 require_once SYSTEM . 'migrations/22.php';
@@ -63,14 +95,6 @@ require_once SYSTEM . 'migrations/22.php';
 require_once SYSTEM . 'migrations/27.php';
 require_once SYSTEM . 'migrations/30.php';
 
-use MyAAC\Models\FAQ as ModelsFAQ;
-if(ModelsFAQ::count() == 0) {
-	ModelsFAQ::create([
-		'question' => 'What is this?',
-		'answer' => 'This is website for OTS powered by MyAAC.',
-	]);
-}
-
 $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_replace('tools/', '',ADMIN_URL), $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(str_replace('tools/', '', BASE_URL), $locale['step_finish_homepage'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$LINK$', generateLink('https://my-aac.org', 'https://my-aac.org', true), $locale['step_finish_desc']);

install/tools/installer.js

@@ -29,9 +29,8 @@ function performInstall(url) {
 		}
 	});
 	// On completed
-	ajaxRequest.done(function(/*data*/) {
+	ajaxRequest.done(function(data) {
 		$('#spinner').hide();
-		$('#reload_button').show();
 	});
 	// On failed
 	ajaxRequest.fail(function(error){

login.php

@@ -1,9 +1,7 @@
 <?php
-
-use MyAAC\Models\BoostedCreature;
-use MyAAC\Models\PlayerOnline;
-
 require_once 'common.php';
+require_once 'config.php';
+require_once 'config.local.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
 require_once SYSTEM . 'status.php';
@@ -47,9 +45,9 @@ $action = $request->type ?? '';
 
 switch ($action) {
 	case 'cacheinfo':
-		$playersonline = PlayerOnline::count();
+		$playersonline = $db->query("select count(*) from `players_online`")->fetchAll();
 		die(json_encode([
-			'playersonline' => $playersonline,
+			'playersonline' => (intval($playersonline[0][0])),
 			'twitchstreams' => 0,
 			'twitchviewer' => 0,
 			'gamingyoutubestreams' => 0,
@@ -83,11 +81,13 @@ switch ($action) {
 		die(json_encode(['eventlist' => $eventlist, 'lastupdatetimestamp' => time()]));
 
 	case 'boostedcreature':
-		$boostedCreature = BoostedCreature::latest();
+		$boostDB = $db->query("select * from " . $db->tableName('boosted_creature'))->fetchAll();
+		foreach ($boostDB as $Tableboost) {
 		die(json_encode([
 			'boostedcreature' => true,
-			'raceid' => $boostedCreature->raceid
+			'raceid' => intval($Tableboost['raceid'])
 		]));
+		}
 	break;
 
 	case 'login':
@@ -114,32 +114,30 @@ switch ($action) {
 		];
 
 		$characters = [];
+		$account = new OTS_Account();
 
 		$inputEmail = $request->email ?? false;
 		$inputAccountName = $request->accountname ?? false;
 		$inputToken = $request->token ?? false;
 
-		$account = Account::query();
 		if ($inputEmail != false) { // login by email
-			$account->where('email', $inputEmail);
+			$account->findByEmail($request->email);
 		}
 		else if($inputAccountName != false) { // login by account name
-			$account->where('name', $inputAccountName);
+			$account->find($inputAccountName);
 		}
 
-		$account = $account->first();
-		if (!$account) {
-			sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');
-		}
-
-		$current_password = encrypt((USE_ACCOUNT_SALT ? $account->salt : '') . $request->password);
-		if (!$account || $account->password != $current_password) {
+		$config_salt_enabled = fieldExist('salt', 'accounts');
+		$current_password = encrypt(($config_salt_enabled ? $account->getCustomField('salt') : '') . $request->password);
+
+		if (!$account->isLoaded() || $account->getPassword() != $current_password) {
 			sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');
 		}
 
+		//log_append('test.log', var_export($account->getCustomField('secret'), true));
 		$accountHasSecret = false;
 		if (fieldExist('secret', 'accounts')) {
-			$accountSecret = $account->secret;
+			$accountSecret = $account->getCustomField('secret');
 			if ($accountSecret != null && $accountSecret != '') {
 				$accountHasSecret = true;
 				if ($inputToken === false) {
@@ -164,9 +162,18 @@ switch ($action) {
 			$columns .= ', istutorial';
 		}
 
-		$players = Player::where('account_id', $account->id)->notDeleted()->selectRaw($columns)->get();
-		if($players && $players->count()) {
-			$highestLevelId = $players->sortByDesc('experience')->first()->getKey();
+		$players = $db->query("select {$columns} from players where account_id = " . $account->getId() . " AND deletion = 0");
+		if($players && $players->rowCount() > 0) {
+			$players = $players->fetchAll();
+
+			$highestLevelId = 0;
+			$highestLevel = 0;
+			foreach ($players as $player) {
+				if ($player['level'] >= $highestLevel) {
+					$highestLevel = $player['level'];
+					$highestLevelId = $player['id'];
+				}
+			}
 
 			foreach ($players as $player) {
 				$characters[] = create_char($player, $highestLevelId);
@@ -176,10 +183,15 @@ switch ($action) {
 		if (fieldExist('premdays', 'accounts') && fieldExist('lastday', 'accounts')) {
 			$save = false;
 			$timeNow = time();
-			$premDays = $account->premdays;
-			$lastDay = $account->lastday;
+			$query = $db->query("select `premdays`, `lastday` from `accounts` where `id` = " . $account->getId());
+			if ($query->rowCount() > 0) {
+				$query = $query->fetch();
+				$premDays = (int)$query['premdays'];
+				$lastDay = (int)$query['lastday'];
 				$lastLogin = $lastDay;
-
+			} else {
+				sendError("Error while fetching your account data. Please contact admin.");
+			}
 			if ($premDays != 0 && $premDays != PHP_INT_MAX) {
 				if ($lastDay == 0) {
 					$lastDay = $timeNow;
@@ -204,9 +216,7 @@ switch ($action) {
 				$save = true;
 			}
 			if ($save) {
-				$account->premdays = $premDays;
-				$account->lastday = $lastDay;
-				$account->save();
+				$db->query("update `accounts` set `premdays` = " . $premDays . ", `lastday` = " . $lastDay . " where `id` = " . $account->getId());
 			}
 		}
 
@@ -228,11 +238,13 @@ switch ($action) {
 			$sessionKey .= "\n".floor(time() / 30);
 		}
 
+		//log_append('slaw.log', $sessionKey);
+
 		$session = [
 			'sessionkey' => $sessionKey,
 			'lastlogintime' => 0,
-			'ispremium' => $account->is_premium,
-			'premiumuntil' => ($account->premium_days) > 0 ? (time() + ($account->premium_days * 86400)) : 0,
+			'ispremium' => $config['lua']['freePremium'] || $account->isPremium(),
+			'premiumuntil' => ($account->getPremDays()) > 0 ? (time() + ($account->getPremDays() * 86400)) : 0,
 			'status' => 'active', // active, frozen or suspended
 			'returnernotification' => false,
 			'showrewardnews' => true,
@@ -250,23 +262,24 @@ switch ($action) {
 }
 
 function create_char($player, $highestLevelId) {
+	global $config;
 	return [
 		'worldid' => 0,
-		'name' => $player->name,
-		'ismale' => $player->sex === 1,
-		'tutorial' => isset($player->istutorial) && $player->istutorial,
-		'level' => $player->level,
-		'vocation' => $player->vocation_name,
-		'outfitid' => $player->looktype,
-		'headcolor' => $player->lookhead,
-		'torsocolor' => $player->lookbody,
-		'legscolor' => $player->looklegs,
-		'detailcolor' => $player->lookfeet,
-		'addonsflags' => $player->lookaddons,
-		'ishidden' => $player->is_deleted,
+		'name' => $player['name'],
+		'ismale' => intval($player['sex']) === 1,
+		'tutorial' => isset($player['istutorial']) && $player['istutorial'],
+		'level' => intval($player['level']),
+		'vocation' => $config['vocations'][$player['vocation']],
+		'outfitid' => intval($player['looktype']),
+		'headcolor' => intval($player['lookhead']),
+		'torsocolor' => intval($player['lookbody']),
+		'legscolor' => intval($player['looklegs']),
+		'detailcolor' => intval($player['lookfeet']),
+		'addonsflags' => intval($player['lookaddons']),
+		'ishidden' => isset($player['deletion']) && (int)$player['deletion'] === 1,
 		'istournamentparticipant' => false,
-		'ismaincharacter' => $highestLevelId === $player->getKey(),
-		'dailyrewardstate' => $player->isreward ?? 0,
+		'ismaincharacter' => $highestLevelId == $player['id'],
+		'dailyrewardstate' => isset($player['isreward']) ? intval($player['isreward']) : 0,
 		'remainingdailytournamentplaytime' => 0
 	];
 }