Release v1.1

Secure direct access to template.php
Fix error in CLI, where BASE_URL is not defined
2025-09-14 12:33:35 +02:00 · 2025-01-27 22:30:18 +01:00 · 2025-01-27 22:15:00 +01:00 · 2025-01-24 21:42:52 +01:00 · 2025-01-22 21:45:07 +01:00 · 2025-01-22 21:44:58 +01:00
421 changed files with 13302 additions and 11705 deletions
--- a/.github/workflows/cypress.yml
+++ b/.github/workflows/cypress.yml
@@ -1,9 +1,9 @@
 name: Cypress
 on:
  pull_request:
-    branches: [develop]
+    branches: [master]
  push:
-    branches: [develop]
+    branches: [master]
 jobs:
  cypress:
@@ -22,8 +22,9 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        php-versions: [ '7.4', '8.0', '8.1' ]
+        php-versions: [ '8.1', '8.2', '8.3' ]
-    name: MyAAC on PHP ${{ matrix.php-versions }}
+        ots: ['tfs-1.4', 'canary-3.1.2'] # TODO: add 'tfs-master' (actually doesn't work cause AAC doesn't support reading .env configuration)
    name: Cypress (PHP ${{ matrix.php-versions }}, ${{ matrix.ots }})
    steps:
        - name: 📌 MySQL Start & init & show db
          run: |
@@ -32,47 +33,81 @@ jobs:
            mysql -e "SHOW DATABASES" -uroot -proot
        - name: Checkout MyAAC
-          uses: actions/checkout@v3
+          uses: actions/checkout@v4
          with:
-            ref: 0.9
+            ref: master
        - uses: actions/setup-node@v4
          with:
            node-version: 18
        - run: npm ci
        - name: Checkout TFS
-          uses: actions/checkout@v3
+          uses: actions/checkout@v4
          if: matrix.ots == 'tfs-1.4'
          with:
            repository: otland/forgottenserver
            ref: 1.4
-            path: tfs
+            path: ots
-        - name: Import TFS Schema
+        - name: Checkout TFS
          uses: actions/checkout@v4
          if: matrix.ots == 'tfs-master'
          with:
            repository: otland/forgottenserver
            ref: master
            path: ots
        - name: Checkout Canary
          uses: actions/checkout@v4
          if: matrix.ots == 'canary-3.1.2'
          with:
            repository: opentibiabr/canary
            ref: v3.1.2
            path: ots
        - name: Import OTS Schema
          run: |
-              mysql -uroot -proot myaac < tfs/schema.sql
+              mysql -uroot -proot myaac < ots/schema.sql
        - name: Rename config.lua
-          run: mv tfs/config.lua.dist tfs/config.lua
+          run: mv ots/config.lua.dist ots/config.lua
-        - name: Replace mysqlUser
+        - name: Replace mysqlUser (TFS 1.4)
-          uses: jacobtomlinson/gha-find-replace@v2
+          uses: jacobtomlinson/gha-find-replace@v3
          if: matrix.ots == 'tfs-1.4'
          with:
            find: 'mysqlUser = "forgottenserver"'
            replace: 'mysqlUser = "root"'
            regex: false
-            include: 'tfs/config.lua'
+            include: 'ots/config.lua'
-        - name: Replace mysqlPass
+        - name: Replace mysqlPass (TFS 1.4)
-          uses: jacobtomlinson/gha-find-replace@v2
+          uses: jacobtomlinson/gha-find-replace@v3
          if: matrix.ots == 'tfs-1.4'
          with:
              find: 'mysqlPass = ""'
              replace: 'mysqlPass = "root"'
              regex: false
-              include: 'tfs/config.lua'
+              include: 'ots/config.lua'
-        - name: Replace mysqlDatabase
+        - name: Replace mysqlDatabase (TFS 1.4)
-          uses: jacobtomlinson/gha-find-replace@v2
+          uses: jacobtomlinson/gha-find-replace@v3
          if: matrix.ots == 'tfs-1.4'
          with:
              find: 'mysqlDatabase = "forgottenserver"'
              replace: 'mysqlDatabase = "myaac"'
              regex: false
-              include: 'tfs/config.lua'
+              include: 'ots/config.lua'
        - name: Replace mysqlDatabase (Canary)
          uses: jacobtomlinson/gha-find-replace@v3
          if: matrix.ots == 'canary-3.1.2'
          with:
              find: 'mysqlDatabase = "otservbr-global"'
              replace: 'mysqlDatabase = "myaac"'
              regex: false
              include: 'ots/config.lua'
        - name: Setup PHP
          uses: shivammathur/setup-php@v2
@@ -85,13 +120,13 @@ jobs:
          run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
        - name: Cache composer dependencies
-          uses: actions/cache@v3
+          uses: actions/cache@v4
          with:
            path: ${{ steps.composer-cache.outputs.dir }}
            # Use composer.json for key, if composer.lock is not committed.
-            # key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
-            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+            #key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
-            restore-keys: ${{ runner.os }}-composer-
+            restore-keys: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
        - name: Install Composer dependencies
          run: composer install --no-progress --prefer-dist --optimize-autoloader
@@ -100,21 +135,28 @@ jobs:
          run: nohup php -S localhost:8080 > php.log 2>&1 &
        - name: Cypress Run
-          uses: cypress-io/github-action@v5
+          uses: cypress-io/github-action@v6
          env:
            CYPRESS_URL: http://localhost:8080
-            CYPRESS_SERVER_PATH: /home/runner/work/myaac/myaac/tfs
+            CYPRESS_SERVER_PATH: /home/runner/work/myaac/myaac/ots
        - name: Save screenshots
-          uses: actions/upload-artifact@v3
+          uses: actions/upload-artifact@v4
          if: always()
          with:
-            name: cypress-screenshots
+            name: cypress-screenshots-${{ matrix.php-versions }}-${{ matrix.ots }}
            path: cypress/screenshots
        - name: Upload Cypress Videos
-          uses: actions/upload-artifact@v3
+          uses: actions/upload-artifact@v4
          if: always()
          with:
-            name: cypress-videos
+            name: cypress-videos-${{ matrix.php-versions }}-${{ matrix.ots }}
            path: cypress/videos
        - name: Upload PHP Logs
          uses: actions/upload-artifact@v4
          if: always()
          with:
            name: php-log-${{ matrix.php-versions }}-${{ matrix.ots }}
            path: php.log
--- a/.github/workflows/phplint.yml
+++ b/.github/workflows/phplint.yml
@@ -1,9 +1,9 @@
 name: PHP Linting
 on:
  pull_request:
-    branches: [develop]
+    branches: [master]
  push:
-    branches: [develop]
+    branches: [master]
 jobs:
  phplint:
--- a/.github/workflows/phpstan.yml
+++ b/.github/workflows/phpstan.yml
@@ -0,0 +1,46 @@
 name: "PHPStan"
 on:
  pull_request:
    branches: [master]
  push:
    branches: [master]
 jobs:
  tests:
    name: PhpStan on PHP ${{ matrix.php-versions }}
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        php-versions: [ '8.1', '8.2', '8.3' ]
    steps:
      - name: "Checkout"
        uses: "actions/checkout@v4"
      - name: "Install PHP"
        uses: "shivammathur/setup-php@v2"
        with:
          coverage: "none"
          extensions: "intl, zip"
          ini-values: "memory_limit=-1"
          php-version: "${{ matrix.php-version }}"
      - name: Get composer cache directory
        id: composer-cache
        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
      - name: Cache composer dependencies
        uses: actions/cache@v4
        with:
          path: ${{ steps.composer-cache.outputs.dir }}
          # Use composer.json for key, if composer.lock is not committed.
          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
          restore-keys: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
      - name: "Install composer dependencies"
        run: "composer install"
      - name: "Run PHPStan"
        run: "/usr/bin/php vendor/bin/phpstan analyse"
--- a/.gitignore
+++ b/.gitignore
@@ -4,17 +4,20 @@ Thumbs.db
 #
 /.htaccess
 lua
 # composer
-composer.lock
+composer.phar
 vendor
 # npm
 node_modules
 tools/ext
 # cypress
 cypress.env.json
 cypress/e2e/2-advanced-examples
 cypress/screenshots
 # created by release.sh
 releases
@@ -73,6 +76,3 @@ landing
 # system
 system/functions_custom.php
 # others/rest
 system/pages/downloads.php
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,127 @@
 # Changelog
-## [0.9.0-alpha - 02.06.2023]
+## [1.1 - 27.01.2025]
-Minimum PHP version for this release is 7.2.5.
+### Changed
 * adjust mailer settings descriptions to latest gmail (https://github.com/slawkens/myaac/commit/c5d5bb80671db135e6b503f53684771c7272e05d)
 * optimize $player->isOnline() function, thanks @gesior (https://github.com/slawkens/myaac/commit/10dd818b139d5e1bb1ca9ec81edfb083ba9316b4)
 * make players.comment and guilds.description VARCHAR (https://github.com/slawkens/myaac/commit/a45ceab83a74bee2b89cdb72baceda75e577e3cf)
 * add lua/ folder to .gitignore (https://github.com/slawkens/myaac/commit/07012f786b1114cb6ab2f064f82c645b136a375a)
 ### Fixed
 * general fixes in the tibiacom template menus, better support for custom menus
 * make functions_custom.php optional
 * error in CLI, where BASE_URL is not defined (https://github.com/slawkens/myaac/commit/4d749b881582f64b5a46196dbbb5ee8097127f03)
 * hook ACCOUNT_LOGIN_BEFORE_ACCOUNT location (https://github.com/slawkens/myaac/commit/669c447fca8643ce56d9ef8c1374ec647c780998)
 ## [1.0.1 - 14.01.2025]
 ### Fixed
 * tibiacom account & news menu links not auto expanding
 ### Updated (Thanks dependabot)
 * twig from ^2.0 to ^3.11
 * tinymce from ^6.8.3 to ^7.2.0
 * cypress from ^12.12.0 to ^13.17.0
 * nesbot/carbon from 2.72.5 to 2.72.6
 ## [1.0 - 12.01.2025]
 First stable release in the v1.0 series.
 Minimum PHP 8.1 is required.
 Changes since RC.2:
 ### Added
 * feature: migrations up/down. Allows to downgrade/upgrade database to specified version (https://github.com/slawkens/myaac/commit/3f6ff3a3326b0475d28d11ffd7fff51f362d799f)
 * new hooks for news management (https://github.com/slawkens/myaac/commit/011a85d8ae34283ded6999882833f9d4797028ec, https://github.com/slawkens/myaac/commit/36bd3eb846e829b45313e10f7568dc4e95841143)
 * None Vocation to highscores (can be changed to RookStayer in Admin Panel) (https://github.com/slawkens/myaac/commit/a4a248099521bb5b8b2aa5bd592138debd2f19d5)
 * support for button_color (green, red, blue) (https://github.com/slawkens/myaac/commit/d8b6b749ee62e88b6af4a05d3d7557f90b94d94e)
 * add $whoopsHandler as variable, can be used by plugins (https://github.com/slawkens/myaac/commit/b0c8cf2ecda23045d725aaf43cfb3852ed766a4b)
 * PlayerModel->outfit_url attribute (https://github.com/slawkens/myaac/commit/3b5be1a8db5dceecaa388e2925a5536d13b38881)
 * support for selecting plugin themes in Admin menus.php (https://github.com/slawkens/myaac/commit/77a2c1cec343ffe4be5c2c2503ee81bc32a14ca1)
 ### Changed
 * schema: Change character set to utf8mb4 (support for Emojis in Menus/Pages/News/Forum etc.) (https://github.com/slawkens/myaac/commit/27c44f1bdfb6234cf0c9d5b4b491123bb205b08f)
 * prefer get_browser_real_ip() over REMOTE_ADDR (https://github.com/slawkens/myaac/commit/941846605c00cee83168d2f916410b8ba8d4b7b9)
 * automatically set selected current one on highscores filters (https://github.com/slawkens/myaac/commit/e96227fbe41ae281783b2d49edb169a603601813)
 * rewrite towns loading code, removed OTBM loader (was too slow) (https://github.com/slawkens/myaac/commit/c980a0914632e7b27f718464f669a200707d217e)
 * allow OTS_Player to be passed as object to getPlayerLink (https://github.com/slawkens/myaac/commit/84d37c5a8f2c4535a41c8aa8264752969d3f3a3d)
 * do not clear menus by default on install (https://github.com/slawkens/myaac/commit/12d8faa3eda5e798f97b71e941c035187daad96e)
 * display warning in admin panel - plugins - if zip extension is not installed (https://github.com/slawkens/myaac/commit/e3ffe5d9e11d78ab064a370d8541bac351c9bcd9)
 * set default_socket_timeout for ipinfo.io checkup to 5 seconds (https://github.com/slawkens/myaac/commit/783d96fc6568a607d3198b832fed3a0dd06c4ebb)
 * refactor getTopPlayers function (support for balance) (https://github.com/slawkens/myaac/commit/c769962e39fe8dfb72ecd5be1864e145696be794)
 ### Fixed
 * XSS in forum (https://github.com/slawkens/myaac/commit/c2b7286d20d4b579171540f7a774e8a0995d5e8f, https://github.com/slawkens/myaac/commit/8fb643596f9586005976e7bdb484a541a9d8715e)
 * price deducted when changing sex (https://github.com/slawkens/myaac/commit/16671ea40b72dcf74037c359ad572f9eb825edf9)
 * move_thread by unauthorized user (https://github.com/slawkens/myaac/commit/d6c40c836a53cb1710f911f77f45f28b54ea1b54, thanks @anyeor)
 * TFS 1.4.2 where conditions is NULL (https://github.com/slawkens/myaac/commit/b8396d4c8482e951da538b13f2296123732c4545)
 * do not show forum new thread show button if not logged in (https://github.com/slawkens/myaac/commit/507402171ba3b6e7ee184bd7fa73e0d55e0cad7a, @anyeor)
 * login if limiter is disabled (https://github.com/slawkens/myaac/commit/a0f1971583f0f790013e2145fb5ac573c59fbdef)
 * fixes to installMenus function (https://github.com/slawkens/myaac/commit/a2fadc5945fe0a5e39f740827f6ffbda1bb501e2)
 * many PHP exceptions in different places
 * fixes to tibiacom menus ActiveSubmenuItem
 ### Removed
 * bugtracker SQL table code as the page has been removed/moved to plugins (https://github.com/slawkens/myaac/commit/5782772b901b05fb814bc718d062f6e2cd71df8c)
 ## [1.0-RC.2 - 25.10.2024]
 Still waiting for your reports about bugs found in this release. We are very close to stable release.
 ### Added
 * feat: rate limit settings for blocking accounts login attempts (@gpedro, #266)
 * search by email in accounts editor (https://github.com/slawkens/myaac/commit/c2ec46824621468f2a1cb4046805c485ed13fea5)
 * New hooks in account manage + create (https://github.com/slawkens/myaac/commit/93641fc68ac9a5f1479329e2bd41380c19534d5d)
 ### Changed
 * chore: drop raw queries + accounts - search by email + accounts - required min size for search by account number (@gpedro, #266)
 * Use https for outfit & item images (https://github.com/slawkens/myaac/commit/71c00aa5e01fbdfd88802912e200dd1025976231)
 * Do not require players & guilds tables on install (https://github.com/slawkens/myaac/commit/779aa152fa940261c9b161533946f44e288597a2)
 * Do not create player if there is no players table in db (https://github.com/slawkens/myaac/commit/201f95caa8b70e88fa651eac8c3c3aa7cd765bd0)
 ### Fixed
 * Highscore frags fixed for TFS 0.3 (@Scrollog, #263)
 * Missing groups variable #262. thanks, @Scrollog for reporting (https://github.com/slawkens/myaac/commit/8d8bdb6dac6df21672ac77288fff2f2f8d6eb665)
 * Verified email for login.php (@gpedro, #265)
 * Warning if core.account_country is disabled (https://github.com/slawkens/myaac/commit/ab73d60c61e14a1cacdb6cfbf7f89f4bf3be0833)
 ## [1.0-RC.1 - 23.07.2024]
 Changes since 1.0-beta:
 ### Added
 * Feat: Hooks priority (https://github.com/slawkens/myaac/commit/dc17b701da053e04bfa64e21be9247a4f07505e1)
 * Make autoload of pages, commands and themes configurable (https://github.com/slawkens/myaac/commit/c1d4b4f80cd6bb85507ee9471e47013955a26a91)
 * Fraggers in characters page for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/42f99c3edc8de39cccc5632cb42e88b24579c5a6)
 * New hooks: HOOK_INSTALL_FINISH, HOOK_ACCOUNT_CREATE_CHARACTER_* (https://github.com/slawkens/myaac/commit/08ac8ebade106521a5c7396faa5ce7006e629f7c, https://github.com/slawkens/myaac/commit/45dda5e834ff2059faea6ef9be2efa76f1723cbd)
 ### Changed
 * Allow account_create_character_create even if account_mail_verify is activated (https://github.com/slawkens/myaac/commit/203e411b626fe62401a4b74a48420769e512aa39)
 * Create guild_rank entries, in case MySQL trigger not loaded (https://github.com/slawkens/myaac/commit/d9c1b2507c81f306970642b35e4bf5f7cc04a6f2, https://github.com/slawkens/myaac/commit/47a19e85dd84e9f3b39a1b29cfc2c04b004832b9)
 * Set Admin Account verified by default (https://github.com/slawkens/myaac/commit/cd49dfc79942f3301ce9c0b8d899b9f39bda9a41)
 * Refactor account routes into sub folders (https://github.com/slawkens/myaac/commit/bdc0c43d3fd3a51030c3e916bdb9f008468f5ecd)
 * Order towns by id (https://github.com/slawkens/myaac/commit/9ea2a5067fc4b75de395f381577b18914132ad84)
 * Do not create news about myaac, if any news already exist (on installation (https://github.com/slawkens/myaac/commit/504242fb846b73b56b87bc1e39d070687ad7f5b4)
 ### Fixed
 * Not working google recaptcha plugin (https://github.com/slawkens/myaac/commit/a1bcb217ecf4e21fd58da4ba491da1852029898a)
 * Not working account create if account_country is disabled (https://github.com/slawkens/myaac/commit/933b681a9fcdbb6283e0469b3806d2ded492d232)
 * Account verify - do not allow login without verified email (Thanks @anyeor, https://github.com/slawkens/myaac/commit/fcb13f3c0fb8ceafda0bd614a229a26a269432bd)
 * Detect tools/ext exists on install to prevent broken installs (https://github.com/slawkens/myaac/commit/10a739773c4f2911876bc802a0ee0537c3e00a92)
 * Cache reloading each time page refreshes (https://github.com/slawkens/myaac/commit/ec96985872057340112f65073efc0c4bf86dddb0)
 * Highscores frags for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/a04d186c22912915f0a7873dfe677ef3b5a23c79)
 * Monsters page: monster not found exception (https://github.com/slawkens/myaac/commit/ef79b99b8acc179f14b8475547347d9daca27512)
 * Fixed bug if \<flags\> are not present in monster.xml (https://github.com/slawkens/myaac/commit/57b47ab7983f625c7c0ef4f5303a4d07ef172786)
 * fastRoute duplicate errors (https://github.com/slawkens/myaac/commit/4c0739d3e93812dff0c33849ea3f38e4e49113ac)
 * useGuildNick displaying (https://github.com/slawkens/myaac/commit/0db0ec1aa47e044c26bc403ff5078a2115d086f8)
 ## [1.0-beta - 18.05.2024]
 Minimum PHP version for this release is 8.1.
 ### Added
 * reworked Admin Panel (@Leesneaks, @gpedro, @slawkens)
@@ -11,30 +130,41 @@ Minimum PHP version for this release is 7.2.5.
  * new Dashboard: statistics, server status
  * new Admin Bar showed on top when admin logged in
  * new page: Server Data, to reload server data
    * Towns, NPCs & Items are stored in permanent cache
  * new pages: mass account & teleport tools
  * changelogs editor
  * revised Accounts & Players editors
-  * option to add/modify menus with plugins
+  * option to add/modify admin menus with plugins
  * option to enable/disable plugins
  * better, updated TinyMCE editor (v6.x)
    * with option to upload images
-  * list of open source libraries used in project
+  * list of open source libraries used in project page
 * auto-loading of themes, commands & pages from plugins/ folder. You need just to place them in correct folder and they will be loaded automatically - this allows better customization, without interfering with core AAC folders. This will allow in the future automatic updates for plugins as well the AAC as whole.
 * config.php moved to Admin Panel -> Settings page
 * new console script: aac - using symfony/console
  * usage: `php aac` (will list all commands by default)
  * example: `php aac cache:clear`
  * example: `php aac plugin:install theme-example.zip`
 * replace POT Query Builder to Eloquent ORM. Not 100% yet - in some places there is still old $db approach used (@gpedro) (https://github.com/slawkens/myaac/pull/230)
 * brand new charming installation page (by @fernandomatos)
  * using Bootstrap
 * new pages router: nikic/fast-route, allowing for better customisation
 * Plugin cronjobs: central control of the cronjobs
 * Guild Wars support (available as plugin)
 * support for login and create account only by email (configurable)
  * with no need for account name
 * Google ReCAPTCHA v3 support (available as plugin)
 * automatically load towns names from .OTBM file
 * support for Account Number
  * suggest account number option
 * many new functions, hooks and configurables
 * better Exception Handler (Whoops - https://github.com/filp/whoops)
-* add Cypress testing
+* automated website tests (using Cypress)
 * csrf protection (https://github.com/slawkens/myaac/pull/235)
 * option to restrict Page view to specified group of users (Not-Logged in, logged-in players, tutors, gamemasters etc.)
 * phpdebug bar (http://phpdebugbar.com/). Activated if env == 'dev', can be also activated in production by enabling "enable_debugbar" in local config
 ### Changed
-* Composer is now used for external libraries like: Twig, PHPMailer, fast-route etc.
+* Composer and NPM is now used for external libraries like: Twig, PHPMailer, fast-route, jQuery, Bootstrap etc.
 * mail support is disabled on fresh install, can be manually enabled by user
 * disable add php pages in admin panel for security. Option to disable plugins upload
 * visitors counter shows now user browser, and also if its bot
@@ -45,11 +175,11 @@ Minimum PHP version for this release is 7.2.5.
 	* Highscores
 		* frags works for TFS 1.x
 		* cached
-	* creatures
+	* Monsters
 * moved pages to Twig:
  * experience stages
 * update player_deaths entries on name change
 * change_password email to be more informal
 ### Fixed
-* hundrets of bug fixes, mostly patched from 0.8, so it makes no sense writing them again here
+* hundreds of bug fixes, mostly patched from 0.8, so it makes no sense writing them again here
--- a/CONTRIBUTORS.txt
+++ b/CONTRIBUTORS.txt
@@ -8,7 +8,11 @@ Fernando Matos <fernando@pixele.com.br>
 Lee <42119604+Leesneaks@users.noreply.github.com>
 caio <caio.zucoli@gmail.com>
 slawkens <slawkens@gmail.com>
-tobi132 <52947952+tobi132@users.noreply.github.com>
+tobi132 <tobi132@gmx.net>
 vankk <nwtr.otland@hotmail.com>
 whiteblXK <krzys16001@gmail.com>
 xitobuh <jonas.hockert92@gmail.com>
 Danilo Pucci <dnlps@hotmail.com>
 gpedro <gpedro831@gmail.com>
 Matheus Collier <matheuscollier@gmail.com>
 SRNT-GG <95472530+SRNT-GG@users.noreply.github.com>
--- a/README.md
+++ b/README.md
@@ -11,20 +11,19 @@ Official website: https://my-aac.org
 [![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
 | Version | Status                 | Branch  | Requirements   |
-|:-----------|:------------------------------------------|:--------|:---------------|
+|:--------|:-----------------------|:--------|:---------------|
-| **0.10.x** | **Active development**                    | develop | **PHP >= 8.0** |
+| **1.x** | **Active development** | develop | **PHP >= 8.1** |
-| 0.9.x      | Active support                            | 0.9     | PHP >= 7.2.5   |
+| 0.9.x   | Not developed anymore  | 0.9     | PHP >= 7.2.5   |
 | 0.8.x   | Active support         | master  | PHP >= 7.2.5   |
 | 0.7.x   | End Of Life            | 0.7     | PHP >= 5.3.3   |
 ### Requirements
 	- PHP 8.0 or later
 	- MySQL database
-	- PDO PHP Extension
+	- PHP Extensions: pdo, xml, json
-	- XML PHP Extension
+	- (optional) apache2 mod_rewrite (to use friendly_urls)
-	- (optional) ZIP PHP Extension
+	- (optional) zip PHP Extension (to install plugins)
-	- (optional) mod_rewrite to use friendly_urls
+	- (optional) gd PHP Extension (for generating signature images)
 ### Installation
@@ -48,7 +47,8 @@ Official website: https://my-aac.org
 ### Configuration
-Check *config.php* to get more informations.
+Check *config.php* to get more informations. (Notice: MyAAC 1.0+ doesn't use config.php anymore, it has been moved to Admin Panel - Settings page).
 Use *config.local.php* for your local configuration changes.
 ### Branches
--- a/36
+++ b/36
@@ -0,0 +1,36 @@
 #!/usr/bin/env php
 <?php
 require_once __DIR__ . '/common.php';
 if(!IS_CLI) {
 	echo 'This script can be run only in command line mode.';
 	exit(1);
 }
 require_once SYSTEM . 'functions.php';
 define('SELF_NAME', basename(__FILE__));
 use MyAAC\Plugins;
 use Symfony\Component\Console\Application;
 $application = new Application('MyAAC', MYAAC_VERSION);
 $commandsGlob = glob(SYSTEM . 'src/Commands/*.php');
 foreach ($commandsGlob as $item) {
 	$name = pathinfo($item, PATHINFO_FILENAME);
 	if ($name == 'Command') { // ignore base Command class
 		continue;
 	}
 	$commandPre = '\\MyAAC\Commands\\';
 	$application->add(new ($commandPre . $name));
 }
 $pluginCommands = Plugins::getCommands();
 foreach ($pluginCommands as $item) {
 	$application->add(require $item);
 }
 $application->run();
--- a/admin/includes/settings_menus.php
+++ b/admin/includes/settings_menus.php
@@ -1,5 +1,7 @@
 <?php
 use MyAAC\Plugins;
 $order = 10;
 $settingsMenu = [];
--- a/admin/index.php
+++ b/admin/index.php
@@ -25,11 +25,6 @@ define('PAGE', $page);
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
 // verify myaac tables exists in database
 if(!$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
 }
 require __DIR__ . '/includes/debugbar.php';
 require SYSTEM . 'status.php';
 require SYSTEM . 'login.php';
@@ -50,7 +45,7 @@ if(!$logged || !admin()) {
 // include our page
 $file = __DIR__ . '/pages/' . $page . '.php';
 if(!@file_exists($file)) {
-	if (strpos($page, 'plugins/') !== false) {
+	if (str_contains($page, 'plugins/')) {
 		$file = BASE . $page;
 	}
 	else {
--- a/admin/pages/accounts.php
+++ b/admin/pages/accounts.php
@@ -8,6 +8,7 @@
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Account as AccountModel;
 use MyAAC\Models\Player;
 defined('MYAAC') or die('Direct access not allowed!');
@@ -22,10 +23,7 @@ $use_datatable = true;
 if (setting('core.account_country'))
 	require SYSTEM . 'countries.conf.php';
-$nameOrNumberColumn = 'name';
+$nameOrNumberColumn = getAccountIdentityColumn();
 if (USE_ACCOUNT_NUMBER) {
 	$nameOrNumberColumn = 'number';
 }
 $hasSecretColumn = $db->hasColumn('accounts', 'secret');
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
@@ -51,36 +49,51 @@ $acc_type = setting('core.account_types');
 <?php
 $id = 0;
-$search_account = '';
+$search_account = $search_account_email = '';
 if (isset($_REQUEST['id']))
 	$id = (int)$_REQUEST['id'];
 else if (isset($_REQUEST['search_email'])) {
 	$search_account_email = $_REQUEST['search_email'];
 	$accountModel = AccountModel::where('email', $search_account_email)->limit(11)->get(['email', 'id']);
 	if (count($accountModel) == 0) {
 		echo_error('No entries found.');
 	} else if (count($accountModel) == 1) {
 		$id = $accountModel->first()->getKey();
 	} else if (count($accountModel) > 10) {
 		echo_error('Specified e-mail resulted with too many accounts.');
 	}
 }
 else if (isset($_REQUEST['search'])) {
 	$search_account = $_REQUEST['search'];
-	if (strlen($search_account) < 3 && !Validator::number($search_account)) {
+	$min_size = 3;
-		echo_error('Player name is too short.');
+	if (in_array($nameOrNumberColumn, ['id', 'number'])) {
 		$min_size = 1;
 	}
 	if (strlen($search_account) < $min_size && !Validator::number($search_account)) {
 		echo_error('Account ' . $nameOrNumberColumn . ' is too short.');
 	} else {
-		$query = $db->query('SELECT `id` FROM `accounts` WHERE `' . $nameOrNumberColumn . '` = ' . $db->quote($search_account));
+		$query = AccountModel::where($nameOrNumberColumn, '=', $search_account)->limit(11)->get(['id', $nameOrNumberColumn]);
-		if ($query->rowCount() == 1) {
+		if (count($query) == 0) {
-			$query = $query->fetch();
+			echo_error('No entries found.');
-			$id = (int)$query['id'];
+		} else if (count($query) == 1) {
 			$id = $query->first()->getKey();
 		} else if (count($query) > 10) {
 			echo_error('Specified name resulted with too many accounts.');
 		} else {
 			$query = $db->query('SELECT `id`, `' . $nameOrNumberColumn . '` FROM `accounts` WHERE `' . $nameOrNumberColumn . '` LIKE ' . $db->quote('%' . $search_account . '%'));
 			if ($query->rowCount() > 0 && $query->rowCount() <= 10) {
 			$str_construct = 'Do you mean?<ul class="mb-0">';
-				foreach ($query as $row)
+			foreach ($query as $row) {
-					$str_construct .= '<li><a href="' . $admin_base . '&id=' . $row['id'] . '">' . $row[$nameOrNumberColumn] . '</a></li>';
+				$str_construct .= '<li><a href="' . $admin_base . '&id=' . $row->getKey() . '">' . $row->attributes[$nameOrNumberColumn] . '</a></li>';
 			}
 			$str_construct .= '</ul>';
 			echo_error($str_construct);
 			} else if ($query->rowCount() > 10)
 				echo_error('Specified name resulted with too many accounts.');
 			else
 				echo_error('No entries found.');
 		}
 	}
 }
 ?>
 <div class="row">
 	<?php
 	$groups = new OTS_Groups_List();
 	if ($id > 0) {
 		$account = new OTS_Account();
 		$account->load($id);
@@ -143,7 +156,9 @@ else if (isset($_REQUEST['search'])) {
 			$rl_loca = $_POST['rl_loca'];
 			//country
 			if(setting('core.account_country')) {
 				$rl_country = $_POST['rl_country'];
 			}
 			$web_flags = $_POST['web_flags'];
 			verify_number($web_flags, 'Web Flags', 1);
@@ -190,7 +205,11 @@ else if (isset($_REQUEST['search'])) {
 				}
 				$account->setRLName($rl_name);
 				$account->setLocation($rl_loca);
 				if(setting('core.account_country')) {
 					$account->setCountry($rl_country);
 				}
 				$account->setCustomField('created', $created);
 				$account->setWebFlags($web_flags);
 				$account->setCustomField('web_lastlogin', $web_lastlogin);
@@ -214,7 +233,7 @@ else if (isset($_REQUEST['search'])) {
 			}
 		}
 	} else if ($id == 0) {
-		$accounts_db = $db->query('SELECT `id`, `' . $nameOrNumberColumn . '`' . ($hasTypeColumn ? ',type' : ($hasGroupColumn ? ',group_id' : '')) . ' FROM `accounts` ORDER BY `id` ASC');
+		$accounts_db = $db->query('SELECT `id`, `' . $nameOrNumberColumn . '`' . ($hasTypeColumn ? ',type' : ($hasGroupColumn ? ',group_id' : '')) . ', email FROM `accounts` ORDER BY `id` ASC');
 		?>
 		<div class="col-12 col-sm-12 col-lg-10">
 			<div class="card card-info card-outline">
@@ -226,8 +245,9 @@ else if (isset($_REQUEST['search'])) {
 						<thead>
 						<tr>
 							<th>ID</th>
-							<th><?= ($nameOrNumberColumn == 'number' ? 'Number' : 'Name'); ?></th>
+							<th><?= ($nameOrNumberColumn == 'name' ? 'Name' : 'Number'); ?></th>
 							<?php if($hasTypeColumn || $hasGroupColumn): ?>
 							<th>E-Mail</th>
 							<th>Position</th>
 							<?php endif; ?>
 							<th style="width: 40px">Edit</th>
@@ -238,6 +258,7 @@ else if (isset($_REQUEST['search'])) {
 							<tr>
 								<th><?php echo $account_lst['id']; ?></th>
 								<td><?php echo $account_lst[$nameOrNumberColumn]; ?></a></td>
 								<td><?php echo $account_lst['email']; ?></td>
 								<?php if($hasTypeColumn || $hasGroupColumn): ?>
 								<td>
 									<?php if ($hasTypeColumn) {
@@ -291,7 +312,7 @@ else if (isset($_REQUEST['search'])) {
 				<div class="card-body">
 					<div class="tab-content" id="accounts-tabContent">
 						<div class="tab-pane fade active show" id="accounts-acc">
-							<form action="<?php echo $admin_base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post">
+							<form action="<?php echo $admin_base . ($id > 0 ? '&id=' . $id : ''); ?>" method="post">
 								<?php csrf(); ?>
 								<div class="form-group row">
 									<?php if (USE_ACCOUNT_NAME): ?>
@@ -404,6 +425,7 @@ else if (isset($_REQUEST['search'])) {
 											   autocomplete="off" maxlength="20"
 											   value="<?php echo $account->getLocation(); ?>"/>
 									</div>
 									<?php if(setting('core.account_country')): ?>
 									<div class="col-12 col-sm-12 col-lg-4">
 										<label for="rl_country">Country:</label>
 										<select name="rl_country" id="rl_country" class="form-control">
@@ -412,6 +434,7 @@ else if (isset($_REQUEST['search'])) {
 											<?php endforeach; ?>
 										</select>
 									</div>
 									<?php endif; ?>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
@@ -583,6 +606,16 @@ else if (isset($_REQUEST['search'])) {
 			</div>
 			<div class="card-body">
 				<div class="row">
 					<div class="col-6 col-lg-12">
 						<form action="<?php echo $admin_base; ?>" method="post">
 							<?php csrf(); ?>
 							<label for="search">Account E-Mail:</label>
 							<div class="input-group input-group-sm">
 								<input type="email" class="form-control" id="search_email" name="search_email" value="<?= escapeHtml($search_account_email); ?>" maxlength="255" size="255">
 								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 							</div>
 						</form>
 					</div>
 					<div class="col-6 col-lg-12">
 						<form action="<?php echo $admin_base; ?>" method="post">
 							<?php csrf(); ?>
--- a/admin/pages/changelog.php
+++ b/admin/pages/changelog.php
@@ -9,6 +9,7 @@
 * @link      https://my-aac.org
 */
 use MyAAC\Changelog;
 use MyAAC\Models\Changelog as ModelsChangelog;
 defined('MYAAC') or die('Direct access not allowed!');
@@ -26,9 +27,8 @@ $use_datatable = true;
 const CL_LIMIT = 600; // maximum changelog body length
 $id = $_GET['id'] ?? 0;
 require_once LIBS . 'changelog.php';
-if(!empty($action))
+if(!empty($action) && isRequestMethod('post'))
 {
 	$id = $_POST['id'] ?? null;
 	$body = isset($_POST['body']) ? stripslashes($_POST['body']) : null;
@@ -73,7 +73,7 @@ if(!empty($action))
 		}
 	}
 	else if($action == 'hide') {
-		if (Changelog::toggleHidden($id, $errors, $status)) {
+		if (Changelog::toggleHide($id, $errors, $status)) {
 			success(($status == 1 ? 'Hide' : 'Show') . ' successful.');
 		}
 	}
--- a/admin/pages/mailer.php
+++ b/admin/pages/mailer.php
@@ -7,6 +7,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Account;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Mailer';
@@ -61,15 +64,15 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
 		$add = ' AND `email_verified` = 1';
 	}
-	$query = $db->query('SELECT `email` FROM `accounts` WHERE `email` != ""' . $add);
+	$query = Account::where('email', '!=', '')->get(['email']);
 	foreach ($query as $email) {
-		if (_mail($email['email'], $mail_subject, $mail_content)) {
+		if (_mail($email->email, $mail_subject, $mail_content)) {
 			$success++;
 		}
 		else {
 			$failed++;
 			echo '<br />';
-			error('An error occorred while sending email to <b>' . $email['email'] . '</b>. For Admin: More info can be found in system/logs/mailer-error.log');
+			error('An error occorred while sending email to <b>' . $email->email . '</b>. For Admin: More info can be found in system/logs/mailer-error.log');
 		}
 	}
--- a/admin/pages/mass_account.php
+++ b/admin/pages/mass_account.php
@@ -24,20 +24,13 @@ $freePremium = $config['lua']['freePremium'];
 function admin_give_points($points)
 {
-	global $db, $hasPointsColumn;
+	global $hasPointsColumn;
 	if (!$hasPointsColumn) {
 		displayMessage('Points not supported.');
 		return;
 	}
 	$statement = $db->prepare('UPDATE `accounts` SET `premium_points` = `premium_points` + :points');
 	if (!$statement) {
 		displayMessage('Failed to prepare query statement.');
 		return;
 	}
 	if (!Account::query()->increment('premium_points', $points)) {
 		displayMessage('Failed to add points.');
 		return;
@@ -47,7 +40,7 @@ function admin_give_points($points)
 function admin_give_coins($coins)
 {
-	global $db, $hasCoinsColumn;
+	global $hasCoinsColumn;
 	if (!$hasCoinsColumn) {
 		displayMessage('Coins not supported.');
@@ -62,24 +55,6 @@ function admin_give_coins($coins)
 	displayMessage($coins . ' coins added to all accounts.', true);
 }
 function query_add_premium($column, $value_query, $condition_query = '1=1', $params = [])
 {
 	global $db;
 	$statement = $db->prepare("UPDATE `accounts` SET `{$column}` = $value_query WHERE $condition_query");
 	if (!$statement) {
 		displayMessage('Failed to prepare query statement.');
 		return false;
 	}
 	if (!$statement->execute($params)) {
 		displayMessage('Failed to add premium days.');
 		return false;
 	}
 	return true;
 }
 function admin_give_premdays($days)
 {
 	global $db, $freePremium;
@@ -94,9 +69,9 @@ function admin_give_premdays($days)
 	// othire
 	if ($db->hasColumn('accounts', 'premend')) {
 		// append premend
-		if (query_add_premium('premend', '`premend` + :value', '`premend` > :now', ['value' => $value, 'now' => $now])) {
+		if (Account::where('premend', '>', $now)->increment('premend', $value)) {
 			// set premend
-			if (query_add_premium('premend', ':value', '`premend` <= :now', ['value' => $now + $value, 'now' => $now])) {
+			if (Account::where('premend', '<=', $now)->update(['premend' => $now + $value])) {
 				displayMessage($days . ' premium days added to all accounts.', true);
 				return;
 			} else {
@@ -114,11 +89,11 @@ function admin_give_premdays($days)
 	// tfs 0.x
 	if ($db->hasColumn('accounts', 'premdays')) {
 		// append premdays
-		if (query_add_premium('premdays', '`premdays` + :value', '1=1', ['value' => $days])) {
+		if (Account::query()->update(['premdays' => $days])) {
 			// append lastday
-			if (query_add_premium('lastday', '`lastday` + :value', '`lastday` > :now', ['value' => $value, 'now' => $now])) {
+			if (Account::where('lastday', '>', $now)->increment('lastday', $value)) {
 				// set lastday
-				if (query_add_premium('lastday', ':value', '`lastday` <= :now', ['value' => $now + $value, 'now' => $now])) {
+				if (Account::where('lastday', '<=', $now)->update(['lastday' => $now + $value])) {
 					displayMessage($days . ' premium days added to all accounts.', true);
 					return;
 				} else {
@@ -142,9 +117,9 @@ function admin_give_premdays($days)
 	// tfs 1.x
 	if ($db->hasColumn('accounts', 'premium_ends_at')) {
 		// append premium_ends_at
-		if (query_add_premium('premium_ends_at', '`premium_ends_at` + :value', '`premium_ends_at` > :now', ['value' => $value, 'now' => $now])) {
+		if (Account::where('premium_ends_at', '>', $now)->increment('premium_ends_at', $value)) {
 			// set premium_ends_at
-			if (query_add_premium('premium_ends_at', ':value', '`premium_ends_at` <= :now', ['value' => $now + $value, 'now' => $now])) {
+			if (Account::where('premium_ends_at', '<=', $now)->update(['premium_ends_at' => $now + $value])) {
 				displayMessage($days . ' premium days added to all accounts.', true);
 				return;
 			} else {
@@ -162,9 +137,9 @@ function admin_give_premdays($days)
 	displayMessage('Premium Days not supported.');
 }
-if (isset($_POST['action']) && $_POST['action']) {
+if (!empty(ACTION) && isRequestMethod('post')) {
-	$action = $_POST['action'];
+	$action = ACTION;
 	if (preg_match("/[^A-z0-9_\-]/", $action)) {
 		displayMessage('Invalid action.');
--- a/admin/pages/mass_teleport.php
+++ b/admin/pages/mass_teleport.php
@@ -40,9 +40,9 @@ function admin_teleport_town($town_id) {
 	displayMessage('Player\'s town updated.', true);
 }
-if (isset($_POST['action']) && $_POST['action'])    {
+if (!empty(ACTION) && isRequestMethod('post'))    {
-	$action = $_POST['action'];
+	$action = ACTION;
 	if (preg_match("/[^A-z0-9_\-]/", $action)) {
 		displayMessage('Invalid action.');
--- a/admin/pages/menus.php
+++ b/admin/pages/menus.php
@@ -8,7 +8,9 @@
 * @link      https://my-aac.org
 */
 use MyAAC\Cache\Cache;
 use MyAAC\Models\Menu;
 use MyAAC\Plugins;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Menus';
@@ -20,6 +22,8 @@ if (!hasFlag(FLAG_CONTENT_MENUS) && !superAdmin()) {
 	return;
 }
 $pluginThemes = Plugins::getThemes();
 if (isset($_POST['template'])) {
 	$template = $_POST['template'];
@@ -63,9 +67,16 @@ if (isset($_POST['template'])) {
 		success('Saved at ' . date('H:i'));
 	}
-	$file = TEMPLATES . $template . '/config.php';
+	$path = TEMPLATES . $template;
-	if (file_exists($file)) {
+
-		require_once $file;
+	if (isset($pluginThemes[$template])) {
 		$path = BASE . $pluginThemes[$template];
 	}
 	$path .= '/config.php';
 	if (file_exists($path)) {
 		require_once $path;
 	} else {
 		echo 'Cannot find template config.php file.';
 		return;
@@ -168,8 +179,13 @@ if (isset($_POST['template'])) {
 } else {
 	$templates = Menu::select('template')->distinct()->get()->toArray();
 	foreach ($templates as $key => $value) {
-		$file = TEMPLATES . $value['template'] . '/config.php';
+		$path = TEMPLATES . $value['template'];
-		if (!file_exists($file)) {
+
 		if (isset($pluginThemes[$value['template']])) {
 			$path = BASE . $pluginThemes[$value['template']];
 		}
 		if (!file_exists($path . '/config.php')) {
 			unset($templates[$key]);
 		}
 	}
--- a/admin/pages/modules/created.php
+++ b/admin/pages/modules/created.php
@@ -7,7 +7,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 $accounts = 0;
 if ($db->hasColumn('accounts', 'created')) {
-	$accounts = Account::orderByDesc('created')->limit(10)->get(['created', (USE_ACCOUNT_NAME ? 'name' : 'id')])->toArray();
+	$accounts = Account::orderByDesc('created')->limit(10)->get(['id', 'created'])->toArray();
 }
 $twig->display('created.html.twig', array(
--- a/admin/pages/modules/templates/created.html.twig
+++ b/admin/pages/modules/templates/created.html.twig
@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=accounts&id={{ result.id }}">{{ result.id }}</a></td>
 							<td>{{ result.created|date("M d Y, H:i:s") }}</td>
 						</tr>
 					{% endfor %}
--- a/admin/pages/news.php
+++ b/admin/pages/news.php
@@ -7,6 +7,10 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Forum;
 use MyAAC\News;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'News Panel';
@@ -15,9 +19,6 @@ csrfProtect();
 $use_datatable = true;
 require_once LIBS . 'forum.php';
 require_once LIBS . 'news.php';
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
@@ -25,7 +26,7 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 header('X-XSS-Protection:0');
-// some constants, used mainly by database (cannot by modified without schema changes)
+// some constants, used mainly by database (cannot be modified without schema changes)
 const NEWS_TITLE_LIMIT = 100;
 const NEWS_BODY_LIMIT = 65535; // maximum news body length
 const ARTICLE_TEXT_LIMIT = 300;
@@ -46,6 +47,7 @@ if(!empty($action))
 	$forum_section = $_POST['forum_section'] ?? null;
 	$errors = [];
 	if (isRequestMethod('post')) {
 		if ($action == 'new') {
 			if (isset($forum_section) && $forum_section != '-1') {
 				$forum_add = Forum::add_thread($p_title, $body, $forum_section, $player_id, $account_logged->getId(), $errors);
@@ -57,14 +59,11 @@ if(!empty($action))
 				success('Added successful.');
 			}
-	}
+		} else if ($action == 'delete') {
 	else if($action == 'delete') {
 			if (News::delete($id, $errors)) {
 				success('Deleted successful.');
 			}
-	}
+		} else if ($action == 'edit') {
 	else if($action == 'edit')
 	{
 			if (isset($id) && !isset($p_title)) {
 				$news = News::get($id);
 				$p_title = $news['title'];
@@ -75,8 +74,7 @@ if(!empty($action))
 				$player_id = $news['player_id'];
 				$article_text = $news['article_text'];
 				$article_image = $news['article_image'];
-		}
+			} else {
 		else {
 				if (News::update($id, $p_title, $body, $type, $category, $player_id, $forum_section, $article_text, $article_image, $errors)) {
 					// update forum thread if exists
 					if (isset($forum_section) && Validator::number($forum_section)) {
@@ -89,19 +87,19 @@ if(!empty($action))
 					success('Updated successful.');
 				}
 			}
-	}
+		} else if ($action == 'hide') {
-	else if($action == 'hide') {
+			if (News::toggleHide($id, $errors, $status)) {
 		if (News::toggleHidden($id, $errors, $status)) {
 				success(($status == 1 ? 'Hide' : 'Show') . ' successful.');
 			}
 		}
 	}
 	if(!empty($errors))
 		error(implode(", ", $errors));
 }
 $categories = array();
-foreach($db->query('SELECT `id`, `name`, `icon_id` FROM `' . TABLE_PREFIX . 'news_categories` WHERE `hidden` != 1') as $cat)
+foreach($db->query('SELECT `id`, `name`, `icon_id` FROM `' . TABLE_PREFIX . 'news_categories` WHERE `hide` != 1') as $cat)
 {
 	$categories[$cat['id']] = array(
 		'name' => $cat['name'],
@@ -138,18 +136,27 @@ if($action == 'edit' || $action == 'new') {
 $query = $db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'news'));
 $newses = array();
 $cachePlayers = [];
 foreach ($query as $_news) {
 	$playerId = $_news['player_id'];
 	if (isset($cachePlayers[$playerId])) {
 		$_player = $cachePlayers[$playerId];
 	}
 	else {
 		$_player = new OTS_Player();
-	$_player->load($_news['player_id']);
+		$_player->load($playerId);
 		$cachePlayers[$playerId] = $_player;
 	}
 	$newses[$_news['type']][] = array(
 		'id' => $_news['id'],
-		'hidden' => $_news['hidden'],
+		'hide' => $_news['hide'],
 		'archive_link' => getLink('news') . '/archive/' . $_news['id'],
 		'title' => $_news['title'],
 		'date' => $_news['date'],
-		'player_name' => isset($_player) && $_player->isLoaded() ? $_player->getName() : '',
+		'player_name' => $_player->isLoaded() ? $_player->getName() : '',
-		'player_link' => isset($_player) && $_player->isLoaded() ? getPlayerLink($_player->getName(), false) : '',
+		'player_link' => $_player->isLoaded() ? getPlayerLink($_player, false) : '',
 	);
 }
--- a/admin/pages/notepad.php
+++ b/admin/pages/notepad.php
@@ -16,7 +16,7 @@ $title = 'Notepad';
 csrfProtect();
 /**
- * @var $account_logged OTS_Account
+ * @var OTS_Account $account_logged
 */
 $_content = '';
 $notepad = ModelsNotepad::where('account_id', $account_logged->getId())->first();
--- a/admin/pages/pages.php
+++ b/admin/pages/pages.php
@@ -36,7 +36,7 @@ const PAGE_TITLE_LIMIT = 30;
 const PAGE_NAME_LIMIT = 30;
 const PAGE_BODY_LIMIT = 65535; // maximum page body length
-if (!empty($action)) {
+if (!empty($action) && isRequestMethod('post')) {
 	if ($action == 'delete' || $action == 'edit' || $action == 'hide') {
 		$id = $_POST['id'];
 	}
@@ -97,7 +97,7 @@ if (!empty($action)) {
 			}
 		}
 	} else if ($action == 'hide') {
-		if (Pages::toggleHidden($id, $errors, $status)) {
+		if (Pages::toggleHide($id, $errors, $status)) {
 			success(($status == 0 ? 'Show' : 'Hide') . ' successful.');
 		}
 	}
@@ -112,7 +112,7 @@ $pages = ModelsPages::all()->map(function ($e) {
 		'title' => substr($e->title, 0, 20),
 		'php' => $e->php == '1',
 		'id' => $e->id,
-		'hidden' => $e->hidden
+		'hide' => $e->hide
 	];
 })->toArray();
--- a/admin/pages/players.php
+++ b/admin/pages/players.php
@@ -8,6 +8,7 @@
 * @link      https://my-aac.org
 */
 use MyAAC\Forum;
 use MyAAC\Models\Player;
 defined('MYAAC') or die('Direct access not allowed!');
@@ -19,7 +20,6 @@ csrfProtect();
 $player_base = ADMIN_URL . '?p=players';
 $use_datatable = true;
 require_once LIBS . 'forum.php';
 $skills = array(
 	POT::SKILL_FIST => array('Fist fighting', 'fist'),
@@ -51,22 +51,20 @@ else if (isset($_REQUEST['search'])) {
 	if (strlen($search_player) < 3 && !Validator::number($search_player)) {
 		echo_error('Player name is too short.');
 	} else {
-		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote($search_player));
+		$query = Player::where('name', 'like', '%' . $search_player . '%')->orderBy('name')->limit(11)->get(['id', 'name']);
-		if ($query->rowCount() == 1) {
+		if (count($query) == 0) {
-			$query = $query->fetch();
+			echo_error('No entries found.');
-			$id = (int)$query['id'];
+		} else if (count($query) == 1) {
 			$id = $query->first()->getKey();
 		} else if (count($query) > 10) {
 			echo_error('Specified name resulted with too many players.');
 		} else {
 			$query = $db->query('SELECT `id`, `name` FROM `players` WHERE `name` LIKE ' . $db->quote('%' . $search_player . '%'));
 			if ($query->rowCount() > 0 && $query->rowCount() <= 10) {
 			$str_construct = 'Do you mean?<ul>';
-				foreach ($query as $row)
+			foreach ($query as $row) {
-					$str_construct .= '<li><a href="' . $player_base . '&id=' . $row['id'] . '">' . $row['name'] . '</a></li>';
+				$str_construct .= '<li><a href="' . $player_base . '&id=' . $row->getKey() . '">' . $row->name . '</a></li>';
 			}
 			$str_construct .= '</ul>';
 			echo_error($str_construct);
 			} else if ($query->rowCount() > 10)
 				echo_error('Specified name resulted with too many players.');
 			else
 				echo_error('No entries found.');
 		}
 	}
 }
@@ -202,7 +200,7 @@ else if (isset($_REQUEST['search'])) {
 			if ($hasBlessingsColumn) {
 				$blessings = $_POST['blessings'];
-				verify_number($blessings, 'Blessings', 2);
+				verify_number($blessings, 'Blessings', 3);
 			}
 			$balance = $_POST['balance'];
@@ -213,7 +211,7 @@ else if (isset($_REQUEST['search'])) {
 			}
 			$deleted = (isset($_POST['deleted']) && $_POST['deleted'] == 'true');
-			$hidden = (isset($_POST['hidden']) && $_POST['hidden'] == 'true');
+			$hide = (isset($_POST['hide']) && $_POST['hide'] == 'true');
 			$created = strtotime($_POST['created']);
 			verify_number($created, 'Created', 11);
@@ -274,7 +272,7 @@ else if (isset($_REQUEST['search'])) {
 					$player->setLossContainers($loss_containers);
 					$player->setLossItems($loss_items);
 				}
-				if ($db->hasColumn('players', 'blessings'))
+				if ($hasBlessingsColumn)
 					$player->setBlessings($blessings);
 				if ($hasBlessingColumn) {
@@ -290,7 +288,7 @@ else if (isset($_REQUEST['search'])) {
 					$player->setCustomField('deletion', $deleted ? '1' : '0');
 				else
 					$player->setCustomField('deleted', $deleted ? '1' : '0');
-				$player->setCustomField('hidden', $hidden ? '1' : '0');
+				$player->setCustomField('hide', $hide ? '1' : '0');
 				$player->setCustomField('created', $created);
 				if (isset($comment))
 					$player->setCustomField('comment', $comment);
@@ -307,7 +305,7 @@ else if (isset($_REQUEST['search'])) {
 			}
 		}
 	} else if ($id == 0) {
-		$players_db = $db->query('SELECT `id`, `name`, `level` FROM `players` ORDER BY `id` asc');
+		$players_db = Player::orderBy('id')->get(['id','name', 'level']);
 		?>
 		<div class="col-12 col-sm-12 col-lg-10">
 			<div class="card card-info card-outline">
@@ -327,11 +325,11 @@ else if (isset($_REQUEST['search'])) {
 						<tbody>
 						<?php foreach ($players_db as $player_db): ?>
 							<tr>
-								<th><?php echo $player_db['id']; ?></th>
+								<th><?php echo $player_db->id; ?></th>
-								<td><?php echo $player_db['name']; ?></a></td>
+								<td><?php echo $player_db->name; ?></a></td>
-								<td><?php echo $player_db['level']; ?></a></td>
+								<td><?php echo $player_db->level; ?></a></td>
-								<td><a href="?p=players&id=<?php echo $player_db['id']; ?>" class="btn btn-success btn-sm" title="Edit">
+								<td><a href="?p=players&id=<?php echo $player_db->id; ?>" class="btn btn-success btn-sm" title="Edit">
 										<i class="fas fa-pencil-alt"></i>
 									</a>
 								</td>
@@ -375,7 +373,7 @@ else if (isset($_REQUEST['search'])) {
 						</li>
 					</ul>
 				</div>
-				<form action="<?php echo $player_base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post">
+				<form action="<?php echo $player_base . ($id > 0 ? '&id=' . $id : ''); ?>" method="post">
 					<?php csrf(); ?>
 					<div class="card-body">
 						<div class="tab-content" id="tabs-tabContent">
@@ -485,8 +483,8 @@ else if (isset($_REQUEST['search'])) {
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<div class="custom-control custom-switch custom-switch-on-success">
-											<input type="checkbox" class="custom-control-input" name="hidden" id="hidden" value="true" <?php echo($player->isHidden() ? ' checked' : ''); ?>>
+											<input type="checkbox" class="custom-control-input" name="hide" id="hide" value="true" <?php echo($player->isHidden() ? ' checked' : ''); ?>>
-											<label class="custom-control-label" for="hidden">Hidden</label>
+											<label class="custom-control-label" for="hide">Hidden</label>
 										</div>
 									</div>
 								</div>
--- a/admin/pages/plugins.php
+++ b/admin/pages/plugins.php
@@ -7,6 +7,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Plugins;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Plugin manager';
@@ -14,13 +17,17 @@ csrfProtect();
 $use_datatable = true;
 require_once LIBS . 'plugins.php';
 if (!getBoolean(setting('core.admin_plugins_manage_enable'))) {
 	warning('Plugin installation and management is disabled in Settings.<br/>If you wish to enable, go to Settings and enable <strong>Enable Plugins Manage</strong>.');
 }
 else {
-	$twig->display('admin.plugins.form.html.twig');
+	$pluginUploadEnabled = true;
 	if(!\class_exists('\ZipArchive')) {
 		error('Please install PHP zip extension. Plugins upload disabled until then.');
 		$pluginUploadEnabled = false;
 	}
 	$twig->display('admin.plugins.form.html.twig', ['pluginUploadEnabled' => $pluginUploadEnabled]);
 	if (isset($_POST['uninstall'])) {
 		$uninstall = $_POST['uninstall'];
--- a/admin/pages/settings.php
+++ b/admin/pages/settings.php
@@ -7,6 +7,10 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Plugins;
 use MyAAC\Settings;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Settings';
@@ -44,7 +48,7 @@ if (!is_array($settingsFile)) {
 $settingsKeyName = ($plugin == 'core' ? $plugin : $settingsFile['key']);
-$title = ($plugin == 'core' ? 'Settings' : 'Plugin Settings - ' . $plugin);
+$title = ($plugin == 'core' ? 'Settings' : 'Plugin Settings - ' . $settingsFile['name']);
 $settingsParsed = Settings::display($settingsKeyName, $settingsFile['settings']);
--- a/admin/pages/visitors.php
+++ b/admin/pages/visitors.php
@@ -12,6 +12,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 use DeviceDetector\DeviceDetector;
 use DeviceDetector\Parser\Client\Browser;
 use DeviceDetector\Parser\OperatingSystem;
 use MyAAC\Visitors;
 $title = 'Visitors';
 $use_datatable = true;
@@ -24,7 +25,6 @@ if (!setting('core.visitors_counter')): ?>
 	return;
 endif;
 require SYSTEM . 'libs/visitors.php';
 $visitors = new Visitors(setting('core.visitors_counter_ttl'));
 function compare($a, $b): int {
--- a/admin/template/menus.php
+++ b/admin/template/menus.php
@@ -1,6 +1,6 @@
 <?php
-return [
+$menus = [
 	['name' => 'Dashboard', 'icon' => 'tachometer-alt', 'order' => 10, 'link' => 'dashboard'],
 	['name' => 'Settings', 'icon' => 'edit', 'order' => 19, 'link' =>
 		require ADMIN . 'includes/settings_menus.php'
--- a/admin/template/style.css
+++ b/admin/template/style.css
@@ -8,3 +8,8 @@
 .sidebar-mini.sidebar-collapse .menu-text {
 	display: none;
 }
 .myaac-table tbody tr:nth-child(even) {background: #FFF} /* light border */
 .myaac-table tbody tr:nth-child(odd) {background: #CCC} /* dark border */
 .myaac-table thead td {background: #000000; color: #ffffff !important;} /* vdark border */
 .myaac-table tfoot td {background: #000000; color: #ffffff !important;} /* vdark border */
--- a/admin/template/template.php
+++ b/admin/template/template.php
@@ -191,8 +191,8 @@ if ($logged && admin()) {
 	]);
 }
 ?>
-<script src="<?php echo BASE_URL; ?>tools/js/bootstrap.min.js"></script>
+<script src="<?php echo BASE_URL; ?>tools/ext/bootstrap/js/bootstrap.min.js"></script>
-<script src="<?php echo BASE_URL; ?>tools/js/jquery-ui.min.js"></script>
+<script src="<?php echo BASE_URL; ?>tools/ext/jquery-ui/jquery-ui.min.js"></script>
 <?php if (isset($use_datatable))  { ?>
 <script src="<?php echo BASE_URL; ?>tools/js/datatables.min.js"></script>
 <script src="<?php echo BASE_URL; ?>tools/js/datatables.bs.min.js"></script>
--- a/admin/tools/reload_data.php
+++ b/admin/tools/reload_data.php
@@ -22,7 +22,10 @@
 * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
-define('MYAAC_ADMIN', true);
+
 use MyAAC\DataLoader;
 const MYAAC_ADMIN = true;
 require '../../common.php';
 require SYSTEM . 'functions.php';
@@ -34,11 +37,9 @@ if (!admin())
 ini_set('max_execution_time', 300);
 ob_implicit_flush();
-ob_end_flush();
+@ob_end_flush();
 header('X-Accel-Buffering: no');
 require LIBS . 'DataLoader.php';
 require LOCALE . 'en/main.php';
 require LOCALE . 'en/install.php';
--- a/admin/tools/settings_save.php
+++ b/admin/tools/settings_save.php
@@ -1,4 +1,8 @@
 <?php
 use MyAAC\Hooks;
 use MyAAC\Settings;
 const MYAAC_ADMIN = true;
 require '../../common.php';
@@ -6,11 +10,6 @@ require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
 require SYSTEM . 'login.php';
 // event system
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
 $hooks->load();
 if(!admin()) {
 	http_response_code(500);
 	die('Access denied.');
--- a/common.php
+++ b/common.php
@@ -20,14 +20,14 @@
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
+ * @copyright 2024 MyAAC
 * @link      https://my-aac.org
 */
-if (version_compare(phpversion(), '8.0', '<')) die('PHP version 8.0 or higher is required.');
+if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
 const MYAAC = true;
-const MYAAC_VERSION = '1.0-dev';
+const MYAAC_VERSION = '1.1';
-const DATABASE_VERSION = 38;
+const DATABASE_VERSION = 43;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
@@ -156,7 +156,7 @@ if (file_exists(BASE . 'config.local.php')) {
 /** @var array $config */
 ini_set('log_errors', 1);
-if(@$config['env'] === 'dev') {
+if(@$config['env'] === 'dev' || defined('MYAAC_INSTALL')) {
 	ini_set('display_errors', 1);
 	ini_set('display_startup_errors', 1);
 	error_reporting(E_ALL);
--- a/composer.json
+++ b/composer.json
@@ -1,6 +1,6 @@
 {
    "require": {
-        "php": "^8.0",
+        "php": "^8.1",
        "ext-pdo": "*",
        "ext-pdo_mysql": "*",
        "ext-json": "*",
@@ -8,20 +8,25 @@
        "ext-dom": "*",
        "phpmailer/phpmailer": "^6.1",
        "composer/semver": "^3.2",
-        "twig/twig": "^2.0",
+        "twig/twig": "^3.11",
        "erusev/parsedown": "^1.7",
        "nikic/fast-route": "^1.3",
        "matomo/device-detector": "^6.0",
        "illuminate/database": "^10.18",
-        "peppeocchi/php-cron-scheduler": "4.*"
+        "peppeocchi/php-cron-scheduler": "4.*",
        "symfony/console": "^6.4",
        "symfony/string": "^6.4",
        "symfony/var-dumper": "^6.4",
        "filp/whoops": "^2.15",
        "maximebf/debugbar": "1.*"
    },
    "require-dev": {
-        "filp/whoops": "^2.15",
+        "phpstan/phpstan": "^1.10"
        "maximebf/debugbar": "dev-master"
    },
    "autoload": {
        "psr-4": {
            "MyAAC\\": "system/src"
-        }
+        },
        "files": ["system/src/global.php"]
    }
 }
--- a/composer.lock
+++ b/composer.lock
--- a/cypress/e2e/1-install.cy.js
+++ b/cypress/e2e/1-install.cy.js
@@ -38,7 +38,6 @@ describe('Install MyAAC', () => {
 		cy.contains('Basic configuration');
 		cy.get('#vars_server_path').click().clear().type(Cypress.env('SERVER_PATH'))
 		cy.get('#vars_mail_admin').click().clear().type('noone@example.net')
 		cy.get('[type="checkbox"]').uncheck() // usage statistics uncheck
@@ -68,7 +67,9 @@ describe('Install MyAAC', () => {
 		cy.get('form').submit()
-		cy.contains('[class="alert alert-success"]', 'Congratulations', { timeout: 30000 }).should('be.visible')
+		cy.contains('[class="alert alert-success"]', 'Congratulations', { timeout: 60000 }).should('be.visible')
 		cy.wait(2000);
 		cy.screenshot('install-finish')
 	})
--- a/cypress/e2e/3-check-public-pages.cy.js
+++ b/cypress/e2e/3-check-public-pages.cy.js
@@ -82,7 +82,7 @@ describe('Check Public Pages', () => {
 	it('Go to last kills page', () => {
 		cy.visit({
-			url: Cypress.env('URL') + '/lastkills',
+			url: Cypress.env('URL') + '/last-kills',
 			method: 'GET',
 		})
 	})
@@ -116,9 +116,9 @@ describe('Check Public Pages', () => {
 	})
 	// library
-	it('Go to creatures page', () => {
+	it('Go to monsters page', () => {
 		cy.visit({
-			url: Cypress.env('URL') + '/creatures',
+			url: Cypress.env('URL') + '/monsters',
 			method: 'GET',
 		})
 	})
@@ -132,7 +132,7 @@ describe('Check Public Pages', () => {
 	it('Go to server info page', () => {
 		cy.visit({
-			url: Cypress.env('URL') + '/serverInfo',
+			url: Cypress.env('URL') + '/server-info',
 			method: 'GET',
 		})
 	})
@@ -160,7 +160,7 @@ describe('Check Public Pages', () => {
 	it('Go to experience table page', () => {
 		cy.visit({
-			url: Cypress.env('URL') + '/experienceTable',
+			url: Cypress.env('URL') + '/exp-table',
 			method: 'GET',
 		})
 	})
--- a/cypress/e2e/4-check-protected-pages.cy.js
+++ b/cypress/e2e/4-check-protected-pages.cy.js
@@ -4,7 +4,7 @@ const YOU_ARE_NOT_LOGGEDIN = 'You are not logged in.';
 describe('Check Protected Pages', () => {
 	// character actions
-	it('Go to accouht character creation page', () => {
+	it('Go to account character creation page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/character/create',
 			method: 'GET',
@@ -12,7 +12,7 @@ describe('Check Protected Pages', () => {
 		cy.contains(REQUIRED_LOGIN_MESSAGE)
 	})
-	it('Go to accouht character deletion page', () => {
+	it('Go to account character deletion page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/character/delete',
 			method: 'GET',
@@ -21,7 +21,7 @@ describe('Check Protected Pages', () => {
 	})
 	// account actions
-	it('Go to accouht email change page', () => {
+	it('Go to account email change page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/email',
 			method: 'GET',
@@ -29,7 +29,7 @@ describe('Check Protected Pages', () => {
 		cy.contains(REQUIRED_LOGIN_MESSAGE)
 	})
-	it('Go to accouht password change page', () => {
+	it('Go to account password change page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/password',
 			method: 'GET',
@@ -37,7 +37,7 @@ describe('Check Protected Pages', () => {
 		cy.contains(REQUIRED_LOGIN_MESSAGE)
 	})
-	it('Go to accouht info change page', () => {
+	it('Go to account info change page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/info',
 			method: 'GET',
@@ -45,7 +45,7 @@ describe('Check Protected Pages', () => {
 		cy.contains(REQUIRED_LOGIN_MESSAGE)
 	})
-	it('Go to accouht logout change page', () => {
+	it('Go to account logout change page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/logout',
 			method: 'GET',
--- a/index.php
+++ b/index.php
@@ -24,6 +24,9 @@
 * @link      https://my-aac.org
 */
 use MyAAC\UsageStatistics;
 use MyAAC\Visitors;
 require_once 'common.php';
 require_once SYSTEM . 'functions.php';
@@ -59,18 +62,13 @@ if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|zip|rar|g
 if((!isset($config['installed']) || !$config['installed']) && file_exists(BASE . 'install'))
 {
 	header('Location: ' . BASE_URL . 'install/');
-	throw new RuntimeException('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
+	exit();
 }
 $template_place_holders = array();
 require_once SYSTEM . 'init.php';
 // verify myaac tables exists in database
 if(!$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
 }
 require_once SYSTEM . 'template.php';
 require_once SYSTEM . 'login.php';
 require_once SYSTEM . 'status.php';
@@ -78,53 +76,6 @@ require_once SYSTEM . 'status.php';
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
 require_once SYSTEM . 'router.php';
 $hooks->trigger(HOOK_STARTUP);
 // anonymous usage statistics
 // sent only when user agrees
 if(setting('core.anonymous_usage_statistics')) {
 	$report_time = 30 * 24 * 60 * 60; // report one time per 30 days
 	$should_report = true;
 	$value = '';
 	if($cache->enabled() && $cache->fetch('last_usage_report', $value)) {
 		$should_report = time() > (int)$value + $report_time;
 	}
 	else {
 		$value = '';
 		if(fetchDatabaseConfig('last_usage_report', $value)) {
 			$should_report = time() > (int)$value + $report_time;
 			if($cache->enabled()) {
 				$cache->set('last_usage_report', $value);
 			}
 		}
 		else {
 			registerDatabaseConfig('last_usage_report', time() - ($report_time - (7 * 24 * 60 * 60))); // first report after a week
 			$should_report = false;
 		}
 	}
 	if($should_report) {
 		require_once LIBS . 'usage_statistics.php';
 		Usage_Statistics::report();
 		updateDatabaseConfig('last_usage_report', time());
 		if($cache->enabled()) {
 			$cache->set('last_usage_report', time());
 		}
 	}
 }
 if(setting('core.views_counter'))
 	require_once SYSTEM . 'counter.php';
 if(setting('core.visitors_counter')) {
 	require_once SYSTEM . 'libs/visitors.php';
 	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
 }
 // backward support for gesior
 if(setting('core.backward_support')) {
 	define('INITIALIZED', true);
@@ -164,6 +115,51 @@ if(setting('core.backward_support')) {
 		$config['status']['serverStatus_' . $key] = $value;
 }
 require_once SYSTEM . 'router.php';
 $hooks->trigger(HOOK_STARTUP);
 // anonymous usage statistics
 // sent only when user agrees
 if(setting('core.anonymous_usage_statistics')) {
 	$report_time = 30 * 24 * 60 * 60; // report one time per 30 days
 	$should_report = true;
 	$value = '';
 	if($cache->enabled() && $cache->fetch('last_usage_report', $value)) {
 		$should_report = time() > (int)$value + $report_time;
 	}
 	else {
 		$value = '';
 		if(fetchDatabaseConfig('last_usage_report', $value)) {
 			$should_report = time() > (int)$value + $report_time;
 			if($cache->enabled()) {
 				$cache->set('last_usage_report', $value, 60 * 60);
 			}
 		}
 		else {
 			registerDatabaseConfig('last_usage_report', time() - ($report_time - (7 * 24 * 60 * 60))); // first report after a week
 			$should_report = false;
 		}
 	}
 	if($should_report) {
 		UsageStatistics::report();
 		updateDatabaseConfig('last_usage_report', time());
 		if($cache->enabled()) {
 			$cache->set('last_usage_report', time(), 60 * 60);
 		}
 	}
 }
 if(setting('core.views_counter'))
 	require_once SYSTEM . 'counter.php';
 if(setting('core.visitors_counter')) {
 	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
 }
 /**
 * @var OTS_Account $account_logged
 */
--- a/install/includes/functions.php
+++ b/install/includes/functions.php
@@ -17,7 +17,7 @@ function query($query)
 // define php version id if its not already
 if(!defined('PHP_VERSION_ID')) {
-	$version = explode('.', PHP_VERSION);
+	$version = array_map('intval', explode('.', PHP_VERSION));
 	define('PHP_VERSION_ID', ($version[0] * 10000 + $version[1] * 100 + $version[2]));
 }
--- a/install/includes/schema.sql
+++ b/install/includes/schema.sql
@@ -1,4 +1,4 @@
-SET @myaac_database_version = 36;
+SET @myaac_database_version = 43;
 CREATE TABLE `myaac_account_actions`
 (
@@ -8,7 +8,7 @@ CREATE TABLE `myaac_account_actions`
 	`date` INT(11) NOT NULL DEFAULT 0,
 	`action` VARCHAR(255) NOT NULL DEFAULT '',
 	KEY (`account_id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_admin_menu`
 (
@@ -19,22 +19,7 @@ CREATE TABLE `myaac_admin_menu`
 	`flags` INT(11) NOT NULL DEFAULT 0,
 	`enabled` INT(1) NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_bugtracker`
 (
 	`account` VARCHAR(255) NOT NULL,
 	`type` INT(11) NOT NULL DEFAULT 0,
 	`status` INT(11) NOT NULL DEFAULT 0,
 	`text` text NOT NULL,
 	`id` INT(11) NOT NULL DEFAULT 0,
 	`subject` VARCHAR(255) NOT NULL DEFAULT '',
 	`reply` INT(11) NOT NULL DEFAULT 0,
 	`who` INT(11) NOT NULL DEFAULT 0,
 	`uid` INT(11) NOT NULL AUTO_INCREMENT,
 	`tag` INT(11) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`uid`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 CREATE TABLE `myaac_changelog`
 (
@@ -44,11 +29,11 @@ CREATE TABLE `myaac_changelog`
 	`where` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - server, 2 - site',
 	`date` INT(11) NOT NULL DEFAULT 0,
 	`player_id` INT(11) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-INSERT INTO `myaac_changelog` (`id`, `type`, `where`, `date`, `body`, `hidden`) VALUES (1, 3, 2, UNIX_TIMESTAMP(), 'MyAAC installed. (:', 0);
+INSERT INTO `myaac_changelog` (`id`, `type`, `where`, `date`, `body`, `hide`) VALUES (1, 3, 2, UNIX_TIMESTAMP(), 'MyAAC installed. (:', 0);
 CREATE TABLE `myaac_config`
 (
@@ -57,7 +42,7 @@ CREATE TABLE `myaac_config`
 	`value` VARCHAR(1000) NOT NULL,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 INSERT INTO `myaac_config` (`name`, `value`) VALUES ('database_version', @myaac_database_version);
@@ -67,9 +52,9 @@ CREATE TABLE `myaac_faq`
 	`question` VARCHAR(255) NOT NULL DEFAULT '',
 	`answer` VARCHAR(1020) NOT NULL DEFAULT '',
 	`ordering` INT(11) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_forum_boards`
 (
@@ -80,9 +65,9 @@ CREATE TABLE `myaac_forum_boards`
 	`guild` INT(11) NOT NULL DEFAULT 0,
 	`access` INT(11) NOT NULL DEFAULT 0,
 	`closed` TINYINT(1) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`, `closed`) VALUES (NULL, 'News', 'News commenting', 0, 1);
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`) VALUES (NULL, 'Trade', 'Trade offers.', 1);
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`) VALUES (NULL, 'Quests', 'Quest making.', 2);
@@ -106,12 +91,12 @@ CREATE TABLE `myaac_forum`
 	`post_date` int(20) NOT NULL default '0',
 	`last_edit_aid` int(20) NOT NULL default '0',
 	`edit_date` int(20) NOT NULL default '0',
-	`post_ip` varchar(32) NOT NULL default '0.0.0.0',
+	`post_ip` varchar(45) NOT NULL default '0.0.0.0',
 	`sticked` tinyint(1) NOT NULL DEFAULT '0',
 	`closed` tinyint(1) NOT NULL DEFAULT '0',
 	PRIMARY KEY (`id`),
 	KEY `section` (`section`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_menu`
 (
@@ -125,11 +110,11 @@ CREATE TABLE `myaac_menu`
 	`ordering` INT(11) NOT NULL DEFAULT 0,
 	`enabled` INT(1) NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_monsters` (
 	`id` int(11) NOT NULL AUTO_INCREMENT,
-	`hidden` tinyint(1) NOT NULL default 0,
+	`hide` tinyint(1) NOT NULL default 0,
 	`name` varchar(255) NOT NULL,
 	`mana` int(11) NOT NULL DEFAULT 0,
 	`exp` int(11) NOT NULL,
@@ -158,7 +143,7 @@ CREATE TABLE `myaac_monsters` (
 	`loot` text NOT NULL,
 	`summons` TEXT NOT NULL,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_news`
 (
@@ -174,9 +159,9 @@ CREATE TABLE `myaac_news`
 	`comments` VARCHAR(50) NOT NULL DEFAULT '',
 	`article_text` VARCHAR(300) NOT NULL DEFAULT '',
 	`article_image` VARCHAR(100) NOT NULL DEFAULT '',
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_news_categories`
 (
@@ -184,9 +169,9 @@ CREATE TABLE `myaac_news_categories`
 	`name` VARCHAR(50) NOT NULL DEFAULT "",
 	`description` VARCHAR(50) NOT NULL DEFAULT "",
 	`icon_id` INT(2) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 INSERT INTO `myaac_news_categories` (`id`, `icon_id`) VALUES (NULL, 0);
 INSERT INTO `myaac_news_categories` (`id`, `icon_id`) VALUES (NULL, 1);
@@ -202,7 +187,7 @@ CREATE TABLE `myaac_notepad`
 	`content` TEXT NOT NULL,
 	/*`public` TINYINT(1) NOT NULL DEFAULT 0*/
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_pages`
 (
@@ -215,10 +200,10 @@ CREATE TABLE `myaac_pages`
 	`php` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '0 - plain html, 1 - php',
 	`enable_tinymce` TINYINT(1) NOT NULL DEFAULT 1 COMMENT '1 - enabled, 0 - disabled',
 	`access` TINYINT(2) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_gallery`
 (
@@ -228,9 +213,9 @@ CREATE TABLE `myaac_gallery`
 	`thumb` VARCHAR(255) NOT NULL,
 	`author` VARCHAR(50) NOT NULL DEFAULT '',
 	`ordering` INT(11) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 INSERT INTO `myaac_gallery` (`id`, `ordering`, `comment`, `image`, `thumb`, `author`) VALUES (NULL, 1, 'Demon', 'images/gallery/demon.jpg', 'images/gallery/demon_thumb.gif', 'MyAAC');
@@ -242,7 +227,7 @@ CREATE TABLE `myaac_settings`
 	`value` TEXT NOT NULL,
 	PRIMARY KEY (`id`),
 	KEY `key` (`key`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_spells`
 (
@@ -262,10 +247,10 @@ CREATE TABLE `myaac_spells`
 	`item_id` INT(11) NOT NULL DEFAULT 0,
 	`premium` TINYINT(1) NOT NULL DEFAULT 0,
 	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_visitors`
 (
@@ -274,7 +259,7 @@ CREATE TABLE `myaac_visitors`
 	`page` VARCHAR(2048) NOT NULL,
 	`user_agent` VARCHAR(255) NOT NULL DEFAULT '',
 	UNIQUE (`ip`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_weapons`
 (
@@ -283,4 +268,4 @@ CREATE TABLE `myaac_weapons`
 	`maglevel` INT(11) NOT NULL DEFAULT 0,
 	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
--- a/install/index.php
+++ b/install/index.php
@@ -3,16 +3,15 @@
 use Twig\Environment as Twig_Environment;
 use Twig\Loader\FilesystemLoader as Twig_FilesystemLoader;
-require '../common.php';
+const MYAAC_INSTALL = true;
-define('MYAAC_INSTALL', true);
+require '../common.php';
 // includes
 require SYSTEM . 'functions.php';
 require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 require SYSTEM . 'clients.conf.php';
 require LIBS . 'Settings.php';
 // ignore undefined index from Twig autoloader
 $config['env'] = 'prod';
@@ -115,7 +114,7 @@ else if($step == 'finish') {
 	$email = $_SESSION['var_email'];
 	$password = $_SESSION['var_password'];
 	$password_confirm = $_SESSION['var_password_confirm'];
-	$player_name = $_SESSION['var_player_name'];
+	$player_name = $_SESSION['var_player_name'] ?? null;
 	// email check
 	if(empty($email)) {
@@ -126,18 +125,7 @@ else if($step == 'finish') {
 	}
 	// account check
-	if(isset($_SESSION['var_account'])) {
+	if(isset($_SESSION['var_account_id'])) {
 		if(empty($_SESSION['var_account'])) {
 			$errors[] = $locale['step_admin_account_error_empty'];
 		}
 		else if(!Validator::accountName($_SESSION['var_account'])) {
 			$errors[] = $locale['step_admin_account_error_format'];
 		}
 		else if(strtoupper($_SESSION['var_account']) == strtoupper($password)) {
 			$errors[] = $locale['step_admin_account_error_same'];
 		}
 	}
 	else if(isset($_SESSION['var_account_id'])) {
 		if(empty($_SESSION['var_account_id'])) {
 			$errors[] = $locale['step_admin_account_id_error_empty'];
 		}
@@ -148,6 +136,17 @@ else if($step == 'finish') {
 			$errors[] = $locale['step_admin_account_id_error_same'];
 		}
 	}
 	else if(isset($_SESSION['var_account'])) {
 		if(empty($_SESSION['var_account'])) {
 			$errors[] = $locale['step_admin_account_error_empty'];
 		}
 		else if(!Validator::accountName($_SESSION['var_account'])) {
 			$errors[] = $locale['step_admin_account_error_format'];
 		}
 		else if(strtoupper($_SESSION['var_account']) == strtoupper($password)) {
 			$errors[] = $locale['step_admin_account_error_same'];
 		}
 	}
 	// password check
 	if(empty($password)) {
@@ -160,13 +159,14 @@ else if($step == 'finish') {
 		$errors[] = $locale['step_admin_password_confirm_error_not_same'];
 	}
 	if (isset($player_name)) {
 		// player name check
 		if (empty($player_name)) {
 			$errors[] = $locale['step_admin_player_name_error_empty'];
-	}
+		} else if (!Validator::characterName($player_name)) {
 	else if(!Validator::characterName($player_name)) {
 			$errors[] = $locale['step_admin_player_name_error_format'];
 		}
 	}
 	if(!empty($errors)) {
 		$step = 'admin';
@@ -183,14 +183,14 @@ clearstatcache();
 if(is_writable(CACHE) && (MYAAC_OS != 'WINDOWS' || win_is_writable(CACHE))) {
 	if(!file_exists(BASE . 'install/ip.txt')) {
 		$content = warning('AAC installation is disabled. To enable it make file <b>ip.txt</b> in install/ directory and put there your IP.<br/>
-		Your IP is:<br /><b>' . $_SERVER['REMOTE_ADDR'] . '</b>', true);
+		Your IP is:<br /><b>' . get_browser_real_ip() . '</b>', true);
 	}
 	else {
 		$file_content = trim(file_get_contents(BASE . 'install/ip.txt'));
 		$allow = false;
 		$listIP = preg_split('/\s+/', $file_content);
 		foreach($listIP as $ip) {
-			if($_SERVER['REMOTE_ADDR'] == $ip) {
+			if(get_browser_real_ip() == $ip) {
 				$allow = true;
 			}
 		}
@@ -199,7 +199,7 @@ if(is_writable(CACHE) && (MYAAC_OS != 'WINDOWS' || win_is_writable(CACHE))) {
 		{
 			$content = warning('In file <b>install/ip.txt</b> must be your IP!<br/>
 			In file is:<br /><b>' . nl2br($file_content) . '</b><br/>
-			Your IP is:<br /><b>' . $_SERVER['REMOTE_ADDR'] . '</b>', true);
+			Your IP is:<br /><b>' . get_browser_real_ip() . '</b>', true);
 		}
 		else {
 			ob_start();
--- a/install/steps/3-requirements.php
+++ b/install/steps/3-requirements.php
@@ -2,10 +2,15 @@
 defined('MYAAC') or die('Direct access not allowed!');
 // configuration
-$dirs_required = [
+$dirs_required_writable = [
 	'system/logs',
 	'system/cache',
 ];
 $dirs_required = [
 	'tools/ext' => $locale['step_requirements_folder_not_exists_tools_ext'],
 ];
 $dirs_optional = [
 	GUILD_IMAGES_DIR => $locale['step_requirements_warning_images_guilds'],
 	GALLERY_DIR => $locale['step_requirements_warning_images_gallery'],
@@ -18,6 +23,7 @@ $extensions_optional = [
 	'gd' => $locale['step_requirements_warning_player_signatures'],
 	'zip' => $locale['step_requirements_warning_install_plugins'],
 ];
 /*
 *
 * @param string $name
@@ -41,7 +47,7 @@ $failed = false;
 // start validating
 version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50500), PHP_VERSION);
-foreach ($dirs_required as $value)
+foreach ($dirs_required_writable as $value)
 {
 	$is_writable = is_writable(BASE . $value) && (MYAAC_OS != 'WINDOWS' || win_is_writable(BASE . $value));
 	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $is_writable);
@@ -52,6 +58,12 @@ foreach ($dirs_optional as $dir => $errorMsg) {
 	version_check($locale['step_requirements_write_perms'] . ': ' . $dir, $is_writable, $is_writable ? '' : $errorMsg, true);
 }
 foreach ($dirs_required as $dir => $errorMsg)
 {
 	$exists = is_dir(BASE . $dir);
 	version_check($locale['step_requirements_folder_exists'] . ': ' . $dir, $exists, $exists ? '' : $errorMsg);
 }
 $ini_register_globals = ini_get_bool('register_globals');
 version_check('register_long_arrays', !$ini_register_globals, $ini_register_globals ? $locale['on'] : $locale['off']);
@@ -78,4 +90,3 @@ if($failed) {
 }
 echo '</div>';
 ?>
--- a/install/steps/5-database.php
+++ b/install/steps/5-database.php
@@ -1,4 +1,7 @@
 <?php
 use MyAAC\Settings;
 defined('MYAAC') or die('Direct access not allowed!');
 //ini_set('display_errors', false);
@@ -37,15 +40,21 @@ if(!$error) {
 	$configToSave['gzip_output'] = false;
 	$configToSave['cache_engine'] = 'auto';
 	$configToSave['cache_prefix'] = 'myaac_' . generateRandomString(8, true, false, true);
 	$configToSave['database_auto_migrate'] = true;
 	if(!$error) {
 		$content = '';
 		$saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content);
 		if ($saved) {
 			success($locale['step_database_config_saved']);
 			$_SESSION['saved'] = true;
 			require BASE . 'config.local.php';
 			require BASE . 'install/includes/config.php';
 			if (!$error) {
 				require BASE . 'install/includes/database.php';
 		$locale['step_database_importing'] = str_replace('$DATABASE_NAME$', config('database_name'), $locale['step_database_importing']);
 		success($locale['step_database_importing']);
 				if (isset($database_error)) { // we failed connect to the database
 					error($database_error);
 				}
@@ -56,31 +65,15 @@ if(!$error) {
 						$error = true;
 					}
 			if(!$db->hasTable('players')) {
 				$tmp = str_replace('$TABLE$', 'players', $locale['step_database_error_table']);
 				error($tmp);
 				$error = true;
 			}
 			if(!$db->hasTable('guilds')) {
 				$tmp = str_replace('$TABLE$', 'guilds', $locale['step_database_error_table']);
 				error($tmp);
 				$error = true;
 			}
 					if (!$error) {
 						$twig->display('install.installer.html.twig', array(
 							'url' => 'tools/5-database.php',
 							'message' => $locale['loading_spinner']
 						));
 				$content = '';
 				$saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content);
 				if($saved) {
 					success($locale['step_database_config_saved']);
 					$_SESSION['saved'] = true;
 					}
-				else {
+				}
 			}
 		} else {
 			$_SESSION['config_content'] = $content;
 			unset($_SESSION['saved']);
@@ -90,8 +83,6 @@ if(!$error) {
 		}
 	}
 }
 	}
 }
 ?>
 <div class="text-center m-3">
--- a/install/steps/6-admin.php
+++ b/install/steps/6-admin.php
@@ -18,6 +18,7 @@ if(!$error) {
 		'locale' => $locale,
 		'session' => $_SESSION,
 		'account' => $account,
 		'hasTablePlayers' => $db->hasTable('players'),
 		'errors' => isset($errors) ? $errors : null,
 		'buttons' => next_buttons(true, $error ? false : true)
 	));
--- a/install/steps/7-finish.php
+++ b/install/steps/7-finish.php
@@ -1,17 +1,32 @@
 <?php
 use MyAAC\Cache\Cache;
 use MyAAC\Models\News;
 use MyAAC\Settings;
 defined('MYAAC') or die('Direct access not allowed!');
 ini_set('max_execution_time', 300);
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
 	return;
 }
-else {
+
 $cache = Cache::getInstance();
 if ($cache->enabled()) {
 	// clear plugin_hooks to have fresh hooks
 	$cache->delete('plugins_hooks');
 }
 require SYSTEM . 'init.php';
-	if(!$error) {
+if($error) {
 	return;
 }
 if(USE_ACCOUNT_NAME || USE_ACCOUNT_NUMBER)
-			$account = isset($_SESSION['var_account']) ? $_SESSION['var_account'] : null;
+	$account = $_SESSION['var_account'] ?? null;
 else
-			$account_id = isset($_SESSION['var_account_id']) ? $_SESSION['var_account_id'] : null;
+	$account_id = $_SESSION['var_account_id'] ?? null;
 $password = $_SESSION['var_password'];
@@ -27,6 +42,7 @@ else {
 else
 	$account_db->load($account_id);
 if ($db->hasTable('players')) {
 	$player_name = $_SESSION['var_player_name'];
 	$player_db = new OTS_Player();
 	$player_db->find($player_name);
@@ -44,6 +60,7 @@ else {
 	$groups = new OTS_Groups_List();
 	$player_used->setGroupId($groups->getHighestId());
 }
 $email = $_SESSION['var_email'];
 if($account_db->isLoaded()) {
@@ -78,15 +95,23 @@ else {
 $account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
 $account_used->setCustomField('country', 'us');
 $account_used->setCustomField('email_verified', 1);
 if($db->hasColumn('accounts', 'group_id'))
 	$account_used->setCustomField('group_id', $groups->getHighestId());
 if($db->hasColumn('accounts', 'type'))
 	$account_used->setCustomField('type', 6);
-		if(!$player_db->isLoaded())
+if ($db->hasTable('players')) {
 	if(!$player_db->isLoaded()) {
 		$player->setAccountId($account_used->getId());
-		else
+		$player->save();
 	}
 	else {
 		$player_db->setAccountId($account_used->getId());
 		$player_db->save();
 	}
 }
 success($locale['step_database_created_account']);
@@ -94,27 +119,40 @@ else {
 setSession('password', encrypt($password));
 setSession('remember_me', true);
-		if($player_db->isLoaded()) {
+if(!News::all()->count()) {
 			$player_db->save();
 		}
 		else {
 			$player->save();
 		}
 	$player_id = 0;
-		$query = $db->query("SELECT `id` FROM `players` WHERE `name` = " . $db->quote($player_name) . ";");
+
-		if($query->rowCount() == 1) {
+	if ($db->hasTable('players')) {
-			$query = $query->fetch();
+		$tmpNewsPlayer = \MyAAC\Models\Player::where('name', $player_name)->first();
-			$player_id = $query['id'];
+		if($tmpNewsPlayer) {
 			$player_id = $tmpNewsPlayer->id;
 		}
 	}
-		$query = $db->query("SELECT `id` FROM `" . TABLE_PREFIX ."news` WHERE `title` LIKE 'Hello!';");
+	News::create([
-		if($query->rowCount() == 0) {
+		'type' => 1,
-			if(query("INSERT INTO `" . TABLE_PREFIX ."news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '1', UNIX_TIMESTAMP(), '2', 'Hello!', 'MyAAC is just READY to use!', " . $player_id . ", 'https://my-aac.org', '0');
+		'date' => time(),
-	INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '2', UNIX_TIMESTAMP(), '4', 'Hello tickets!', 'https://my-aac.org', " . $player_id . ", '', '0');")) {
+		'category' => 2,
 		'title' => 'Hello!',
 		'body' => 'MyAAC is just READY to use!',
 		'player_id' => $player_id,
 		'comments' => 'https://my-aac.org',
 		'hide' => 0,
 	]);
 	News::create([
 		'type' => 2,
 		'date' => time(),
 		'category' => 4,
 		'title' => 'Hello tickers!',
 		'body' => 'https://my-aac.org',
 		'player_id' => $player_id,
 		'comments' => '',
 		'hide' => 0,
 	]);
 	success($locale['step_database_created_news']);
 }
 		}
 $settings = Settings::getInstance();
 foreach($_SESSION as $key => $value) {
@@ -165,5 +203,5 @@ else {
 if(file_exists(CACHE . 'install.txt')) {
 	unlink(CACHE . 'install.txt');
 }
-	}
+
-}
+$hooks->trigger(HOOK_INSTALL_FINISH_END);
--- a/install/template/template.php
+++ b/install/template/template.php
@@ -1,3 +1,4 @@
 <?php defined('MYAAC') or die('Direct access not allowed!'); ?>
 <!DOCTYPE html>
 <html dir="<?php echo $locale['direction']; ?>" lang="<?php echo $locale['lang']; ?>" xml:lang="<?php echo $locale['lang']; ?>">
 <head>
@@ -6,7 +7,7 @@
 	<title>MyAAC - <?php echo $locale['installation']; ?></title>
 	<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-rbsA2VBKQhggwzxH7pPCaAqO46MgnOM80zW1RWuH61DGLwZJEdK2Kadq2F9CUG65" crossorigin="anonymous">
 	<link rel="stylesheet" type="text/css" href="template/style.css" />
-	<script type="text/javascript" src="<?php echo BASE_URL; ?>tools/js/jquery.min.js"></script>
+	<script type="text/javascript" src="<?php echo BASE_URL; ?>tools/ext/jquery/jquery.min.js"></script>
 </head>
 <body>
--- a/install/tools/5-database.php
+++ b/install/tools/5-database.php
@@ -11,8 +11,10 @@ $error = false;
 require BASE . 'install/includes/config.php';
 ini_set('max_execution_time', 300);
@ob_end_flush();
 ob_implicit_flush();
-ob_end_flush();
+
 header('X-Accel-Buffering: no');
 if(!$error) {
@@ -30,6 +32,9 @@ if($db->hasTable(TABLE_PREFIX . 'account_actions')) {
 else {
 	// import schema
 	try {
 		$locale['step_database_importing'] = str_replace('$DATABASE_NAME$', config('database_name'), $locale['step_database_importing']);
 		success($locale['step_database_importing']);
 		$db->query(file_get_contents(BASE . 'install/includes/schema.sql'));
 		$locale['step_database_success_schema'] = str_replace('$PREFIX$', TABLE_PREFIX, $locale['step_database_success_schema']);
@@ -136,6 +141,7 @@ if(!$db->hasColumn('accounts', 'premium_points')) {
 		success($locale['step_database_adding_field'] . ' accounts.premium_points...');
 }
 if ($db->hasTable('guilds')) {
 	if ($db->hasColumn('guilds', 'checkdata')) {
 		if (query("ALTER TABLE `guilds` MODIFY `checkdata` INT NOT NULL DEFAULT 0;"))
 			success($locale['step_database_modifying_field'] . ' guilds.checkdata...');
@@ -144,16 +150,20 @@ if($db->hasColumn('guilds', 'checkdata')) {
 	if (!$db->hasColumn('guilds', 'motd')) {
 		if (query("ALTER TABLE `guilds` ADD `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
 			success($locale['step_database_adding_field'] . ' guilds.motd...');
-}
+	} else {
 else {
 		if (query("ALTER TABLE `guilds` MODIFY `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
 			success($locale['step_database_modifying_field'] . ' guilds.motd...');
 	}
 	if (!$db->hasColumn('guilds', 'description')) {
-	if(query("ALTER TABLE `guilds` ADD `description` TEXT NOT NULL;"))
+		if (query("ALTER TABLE `guilds` ADD `description` VARCHAR(5000) NOT NULL DEFAULT '';"))
 			success($locale['step_database_adding_field'] . ' guilds.description...');
 	}
 	else {
 		if (query("ALTER TABLE `guilds` MODIFY `description` VARCHAR(5000) NOT NULL DEFAULT '';")) {
 			success($locale['step_database_modifying_field'] . ' guilds.description...');
 		}
 	}
 	if ($db->hasColumn('guilds', 'logo_gfx_name')) {
 		if (query("ALTER TABLE `guilds` CHANGE `logo_gfx_name` `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';")) {
@@ -161,12 +171,13 @@ if($db->hasColumn('guilds', 'logo_gfx_name')) {
 			$tmp = str_replace('$FIELD_NEW$', 'guilds.logo_name', $tmp);
 			success($tmp);
 		}
-}
+	} else if (!$db->hasColumn('guilds', 'logo_name')) {
 else if(!$db->hasColumn('guilds', 'logo_name')) {
 		if (query("ALTER TABLE `guilds` ADD `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';"))
 			success($locale['step_database_adding_field'] . ' guilds.logo_name...');
 	}
 }
 if ($db->hasTable('players')) {
 	if (!$db->hasColumn('players', 'created')) {
 		if (query("ALTER TABLE `players` ADD `created` INT(11) NOT NULL DEFAULT 0;"))
 			success($locale['step_database_adding_field'] . ' players.created...');
@@ -178,23 +189,27 @@ if(!$db->hasColumn('players', 'deleted') && !$db->hasColumn('players', 'deletion
 	}
 	if ($db->hasColumn('players', 'hide_char')) {
-	if(!$db->hasColumn('players', 'hidden')) {
+		if (!$db->hasColumn('players', 'hide')) {
-		if(query("ALTER TABLE `players` CHANGE `hide_char` `hidden` TINYINT(1) NOT NULL DEFAULT 0;")) {
+			if (query("ALTER TABLE `players` CHANGE `hide_char` `hide` TINYINT(1) NOT NULL DEFAULT 0;")) {
 				$tmp = str_replace('$FIELD$', 'players.hide_char', $locale['step_database_changing_field']);
-			$tmp = str_replace('$FIELD_NEW$', 'players.hidden', $tmp);
+				$tmp = str_replace('$FIELD_NEW$', 'players.hide', $tmp);
 				success($tmp);
 			}
 		}
-}
+	} else if (!$db->hasColumn('players', 'hide')) {
-else if(!$db->hasColumn('players', 'hidden')) {
+		if (query("ALTER TABLE `players` ADD `hide` TINYINT(1) NOT NULL DEFAULT 0;"))
-	if(query("ALTER TABLE `players` ADD `hidden` TINYINT(1) NOT NULL DEFAULT 0;"))
+			success($locale['step_database_adding_field'] . ' players.hide...');
 		success($locale['step_database_adding_field'] . ' players.hidden...');
 	}
 	if (!$db->hasColumn('players', 'comment')) {
-	if(query("ALTER TABLE `players` ADD `comment` TEXT NOT NULL;"))
+		if (query("ALTER TABLE `players` ADD `comment` VARCHAR(5000) NOT NULL DEFAULT '';"))
 			success($locale['step_database_adding_field'] . ' players.comment...');
 	}
 	else {
 		if (query("ALTER TABLE `players` MODIFY `comment` VARCHAR(5000) NOT NULL DEFAULT '';")) {
 			success($locale['step_database_modifying_field'] . ' players.comment...');
 		}
 	}
 	if ($db->hasColumn('players', 'rank_id')) {
 		if (query("ALTER TABLE players MODIFY `rank_id` INT(11) NOT NULL DEFAULT 0;"))
@@ -206,6 +221,7 @@ if($db->hasColumn('players', 'rank_id')) {
 			}
 		}
 	}
 }
 if($db->hasTable('z_forum')) {
 	if(!$db->hasColumn('z_forum', 'post_html')) {
--- a/install/tools/7-finish.php
+++ b/install/tools/7-finish.php
@@ -1,6 +1,10 @@
 <?php
 define('MYAAC_INSTALL', true);
 use MyAAC\DataLoader;
 use MyAAC\Models\FAQ as ModelsFAQ;
 use MyAAC\Plugins;
 require_once '../../common.php';
 require SYSTEM . 'functions.php';
@@ -8,8 +12,10 @@ require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 ini_set('max_execution_time', 300);
@ob_end_flush();
 ob_implicit_flush();
-ob_end_flush();
+
 header('X-Accel-Buffering: no');
 /*
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
@@ -19,17 +25,19 @@ if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['save
 require SYSTEM . 'init.php';
 if ($db->hasTable('players')) {
 	$deleted = 'deleted';
 	if ($db->hasColumn('players', 'deletion'))
 		$deleted = 'deletion';
 	$time = time();
-function insert_sample_if_not_exist($p) {
+	function insert_sample_if_not_exist($p)
 	{
 		global $db, $success, $deleted, $time;
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote($p['name']));
 		if ($query->rowCount() == 0) {
-		if(!query("INSERT INTO `players` (`id`, `name`, `group_id`, `account_id`, `level`, `vocation`, `health`, `healthmax`, `experience`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`, `maglevel`, `mana`, `manamax`, `manaspent`, `soul`, `town_id`, `posx`, `posy`, `posz`, `conditions`, `cap`, `sex`, `lastlogin`, `lastip`, `save`, `lastlogout`, `balance`, `$deleted`, `created`, `hidden`, `comment`) VALUES (null, " . $db->quote($p['name']) . ", 1, " . getSession('account') . ", " . $p['level'] . ", " . $p['vocation_id'] . ", " . $p['health'] . ", " . $p['healthmax'] . ", " . $p['experience'] . ", 118, 114, 38, 57, " . $p['looktype'] . ", 0, " . $p['mana'] . ", " . $p['manamax'] . ", 0, " . $p['soul'] . ", 1, 1000, 1000, 7, '', " . $p['cap'] . ", 1, " . $time . ", 2130706433, 1, " . $time . ", 0, 0, " . $time . ", 1, '');"))
+			if (!query("INSERT INTO `players` (`id`, `name`, `group_id`, `account_id`, `level`, `vocation`, `health`, `healthmax`, `experience`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`, `maglevel`, `mana`, `manamax`, `manaspent`, `soul`, `town_id`, `posx`, `posy`, `posz`, `conditions`, `cap`, `sex`, `lastlogin`, `lastip`, `save`, `lastlogout`, `balance`, `$deleted`, `created`, `hide`, `comment`) VALUES (null, " . $db->quote($p['name']) . ", 1, " . getSession('account') . ", " . $p['level'] . ", " . $p['vocation_id'] . ", " . $p['health'] . ", " . $p['healthmax'] . ", " . $p['experience'] . ", 118, 114, 38, 57, " . $p['looktype'] . ", 0, " . $p['mana'] . ", " . $p['manamax'] . ", 0, " . $p['soul'] . ", 1, 1000, 1000, 7, '', " . $p['cap'] . ", 1, " . $time . ", 2130706433, 1, " . $time . ", 0, 0, " . $time . ", 1, '');"))
 				$success = false;
 		}
 	}
@@ -44,26 +52,32 @@ insert_sample_if_not_exist(array('name' => 'Knight Sample', 'level' => 8, 'vocat
 	if ($success) {
 		success($locale['step_database_imported_players']);
 	}
 }
 require_once LIBS . 'plugins.php';
 Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php');
 Plugins::installMenus('tibiacom', require TEMPLATES . 'tibiacom/menus.php');
 require LIBS . 'DataLoader.php';
 DataLoader::setLocale($locale);
 DataLoader::load();
 // update config.highscores_ids_hidden
 require_once SYSTEM . 'migrations/20.php';
 $up();
 // add z_polls tables
 require_once SYSTEM . 'migrations/22.php';
 $up();
 // add myaac_pages pages
 require_once SYSTEM . 'migrations/27.php';
 $up();
 require_once SYSTEM . 'migrations/30.php';
 $up();
 // new monster columns
 require_once SYSTEM . 'migrations/31.php';
 $up();
 use MyAAC\Models\FAQ as ModelsFAQ;
 if(ModelsFAQ::count() == 0) {
 	ModelsFAQ::create([
 		'question' => 'What is this?',
@@ -71,6 +85,10 @@ if(ModelsFAQ::count() == 0) {
 	]);
 }
 $hooks->trigger(HOOK_INSTALL_FINISH);
 $db->setClearCacheAfter(true);
 $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_replace('tools/', '',ADMIN_URL), $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(str_replace('tools/', '', BASE_URL), $locale['step_finish_homepage'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$LINK$', generateLink('https://my-aac.org', 'https://my-aac.org', true), $locale['step_finish_desc']);
--- a/login.php
+++ b/login.php
@@ -4,6 +4,7 @@ use MyAAC\Models\BoostedCreature;
 use MyAAC\Models\PlayerOnline;
 use MyAAC\Models\Account;
 use MyAAC\Models\Player;
 use MyAAC\RateLimit;
 require_once 'common.php';
 require_once SYSTEM . 'functions.php';
@@ -130,12 +131,29 @@ switch ($action) {
 		}
 		$account = $account->first();
 		$ip = get_browser_real_ip();
 		$limiter = new RateLimit('failed_logins', setting('core.account_login_attempts_limit'), setting('core.account_login_ban_time'));
 		$limiter->enabled = setting('core.account_login_ipban_protection');
 		$limiter->load();
 		$ban_msg = 'A wrong account, password or secret has been entered ' . setting('core.account_login_attempts_limit') . ' times in a row. You are unable to log into your account for the next ' . setting('core.account_login_ban_time') . ' minutes. Please wait.';
 		if (!$account) {
 			$limiter->increment($ip);
 			if ($limiter->exceeded($ip)) {
 				sendError($ban_msg);
 			}
 			sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');
 		}
 		$current_password = encrypt((USE_ACCOUNT_SALT ? $account->salt : '') . $request->password);
 		if (!$account || $account->password != $current_password) {
 			$limiter->increment($ip);
 			if ($limiter->exceeded($ip)) {
 				sendError($ban_msg);
 			}
 			sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');
 		}
@@ -145,16 +163,30 @@ switch ($action) {
 			if ($accountSecret != null && $accountSecret != '') {
 				$accountHasSecret = true;
 				if ($inputToken === false) {
 					$limiter->increment($ip);
 					if ($limiter->exceeded($ip)) {
 						sendError($ban_msg);
 					}
 					sendError('Submit a valid two-factor authentication token.', 6);
 				} else {
 					require_once LIBS . 'rfc6238.php';
 					if (TokenAuth6238::verify($accountSecret, $inputToken) !== true) {
 						$limiter->increment($ip);
 						if ($limiter->exceeded($ip)) {
 							sendError($ban_msg);
 						}
 						sendError('Two-factor authentication failed, token is wrong.', 6);
 					}
 				}
 			}
 		}
 		$limiter->reset($ip);
 		if (setting('core.account_mail_verify') && $account->email_verified !== 1) {
 			sendError('You need to verify your account, enter in our site and resend verify e-mail!');
 		}
 		// common columns
 		$columns = 'id, name, level, sex, vocation, looktype, lookhead, lookbody, looklegs, lookfeet, lookaddons';
--- a/nginx-sample.conf
+++ b/nginx-sample.conf
@@ -10,22 +10,21 @@ server {
 	# this is very important, be sure its in your nginx conf - it prevents access to logs etc.
 	location ~ /system {
 		deny all;
 		return 404;
 	}
-	# block .htaccess
+	# block .htaccess, CHANGELOG.md, composer.json etc.
-	location ~ /\.ht {
+	# this is to prevent finding software versions
 	location ~\.(ht|md|json|dist)$ {
 		deny all;
 	}
 	# block git files and folders
 	location ~ /\.git {
 		return 404;
 		deny all;
 	}
 	location / {
-		try_files $uri $uri/ /index.php;
+		try_files $uri $uri/ /index.php?$query_string;
 	}
 	location ~ \.php$ {
--- a/npm-post-install.js
+++ b/npm-post-install.js
@@ -0,0 +1,16 @@
 const fse = require('fs-extra');
 const path = require('path');
 const nodeModulesDir = path.join(__dirname, 'node_modules');
 const publicDir = path.join(__dirname, 'tools/ext');
 fse.emptyDirSync(path.join(publicDir, 'jquery'));
 fse.emptyDirSync(path.join(publicDir, 'jquery-ui'));
 fse.emptyDirSync(path.join(publicDir, 'bootstrap'));
 fse.emptyDirSync(path.join(publicDir, 'tinymce'));
 fse.emptyDirSync(path.join(publicDir, 'tinymce-jquery'));
 fse.copySync(path.join(nodeModulesDir, 'jquery', 'dist'), path.join(publicDir, 'jquery'), { overwrite: true });
 fse.copySync(path.join(nodeModulesDir, 'jquery-ui', 'dist'), path.join(publicDir, 'jquery-ui'), { overwrite: true });
 fse.copySync(path.join(nodeModulesDir, 'bootstrap', 'dist'), path.join(publicDir, 'bootstrap'), { overwrite: true });
 fse.copySync(path.join(nodeModulesDir, 'tinymce'), path.join(publicDir, 'tinymce'), { overwrite: true });
 fse.copySync(path.join(nodeModulesDir, '@tinymce', 'tinymce-jquery', 'dist'), path.join(publicDir, 'tinymce-jquery'), { overwrite: true });
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -1,8 +1,17 @@
 {
  "scripts": {
-    "cypress:open": "cypress open"
+    "cypress:open": "cypress open",
    "postinstall": "node ./npm-post-install.js"
  },
  "devDependencies": {
-    "cypress": "^12.12.0"
+    "cypress": "^13.17.0"
  },
  "dependencies": {
    "@tinymce/tinymce-jquery": "^2.1.0",
    "bootstrap": "^4.6.2",
    "fs-extra": "^11.2.0",
    "jquery": "^3.7.1",
    "jquery-ui": "^1.13.2",
    "tinymce": "^7.2.0"
  }
 }
--- a/phpstan-bootstrap.php
+++ b/phpstan-bootstrap.php
@@ -0,0 +1,13 @@
 <?php
 require __DIR__ . '/system/libs/pot/OTS.php';
 $ots = POT::getInstance();
 require __DIR__ . '/system/libs/pot/InvitesDriver.php';
 require __DIR__ . '/system/libs/rfc6238.php';
 require __DIR__ . '/common.php';
 const ACTION = '';
 const PAGE = '';
 const URI = '';
 define('SELF_NAME', basename(__FILE__));
--- a/phpstan.neon
+++ b/phpstan.neon
@@ -0,0 +1,39 @@
 parameters:
 	level: 3
 	paths:
 		- .
 		- templates/tibiacom
 		- templates/kathrine
 	excludePaths:
 		- system/cache/*
 		- vendor/*
 		- plugins/*
 		- system/libs
 		- tools/signature/mango.php
 		- tools/signature/gd.class.php
 	bootstrapFiles:
 		- phpstan-bootstrap.php
 	ignoreErrors:
 		- '#Variable \$db might not be defined#'
 		- '#Variable \$twig might not be defined#'
 		- '#Variable \$hooks might not be defined#'
 		- '#Variable \$account_logged might not be defined#'
 		- '#Variable \$logged might not be defined#'
 		- '#Variable \$config might not be defined#'
 		- '#Variable \$action might not be defined#'
 		- '#Variable \$errors might not be defined#'
 		- '#Variable \$cache might not be defined#'
 		- '#Variable \$status might not be defined#'
 		- '#Variable \$player might not be defined#'
 		- '#Variable \$guild might not be defined#'
 		- '#Variable \$[a-zA-Z0-9\\_]+ might not be defined#'
 		# Eloquent models
 		- '#Call to an undefined static method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+\(\)#'
 		- '#Call to an undefined method object::toArray\(\)#'
 		# system/pages/highscores.php
 		- '#Call to an undefined method Illuminate\\Database\\Query\\Builder::withOnlineStatus\(\)#'
 		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$online_status#'
 		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$vocation_name#'
 		-
 			message: '#Variable \$tmp in empty\(\) always exists and is always falsy#'
 			path: templates\kathrine\javascript.php
--- a/plugins/account-create-hint.json
+++ b/plugins/account-create-hint.json
@@ -1,6 +1,6 @@
 {
 	"name": "create-account-hint",
-	"description": "This plugin display text 'To play on Forgotten you need an account.  All you have to do to create your new account is to enter an account name, password, country and your email address. Also you have to agree to the terms presented below. If you have done so, your account name will be shown on the following page and your account password will be sent to your email address along with further instructions. If you do not receive the email with your password, please check your spam filter.' on the create account page. <strong>Be careful when uninstalling this!</strong>",
+	"description": "This plugin display text 'To play on Forgotten you need an account.  All you have to do to create your new account is to enter an account name, password, country and your email address. Also you have to agree to the terms presented below. If you have done so, your account name will be shown on the following page and your account password will be sent to your email address along with further instructions. If you do not receive the email with your password, please check your spam filter.' on the create account page.",
 	"version": "1.0",
 	"author": "slawkens",
 	"contact": "slawkens@gmail.com",
--- a/plugins/account-create-hint/hint.php
+++ b/plugins/account-create-hint/hint.php
@@ -9,7 +9,4 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
-global $twig_loader;
+$twig->display('account-create-hint/hint.html.twig');
 $twig_loader->prependPath(BASE . 'plugins/account-create-hint');
 $twig->display('hint.html.twig');
--- a/plugins/email-confirmed-reward/reward.php
+++ b/plugins/email-confirmed-reward/reward.php
@@ -1,8 +1,6 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 $reward = setting('core.account_mail_confirmed_reward');
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $rewardCoins = setting('core.account_mail_confirmed_reward_coins');
 if ($rewardCoins > 0 && !$hasCoinsColumn) {
--- a/plugins/example.json
+++ b/plugins/example.json
@@ -25,7 +25,8 @@
 	"hooks": {
 		"Example Hook": {
 			"type": "BEFORE_PAGE",
-			"file": "plugins/example/before.php"
+			"file": "plugins/example/before.php",
 			"priority": 1000
 		}
 	},
 	"routes": {
@@ -33,12 +34,20 @@
 			"pattern": "/YourAwesomePage/{name:string}/{page:int}",
 			"file": "plugins/your-plugin/your-awesome-page.php",
 			"method": "GET",
-			"priority": "130"
+			"priority": 130
 		},
 		"Redirect Example": {
 			"redirect_from": "/redirectExample",
 			"redirect_to": "account/manage"
 		}
 	},
-	"settings": "plugins/your-plugin-folder/settings.php"
+	"routes-default-priority": 1000,
 	"pages-default-priority": 1000,
 	"settings": "plugins/your-plugin-folder/settings.php",
 	"autoload": {
 		"pages": true,
 		"pagesSubFolders": false,
 		"commands": true,
 		"themes": true
 	}
 }
--- a/release.sh
+++ b/release.sh
@@ -22,7 +22,7 @@ if [ $1 = "prepare" ]; then
 	mkdir -p tmp
 	# get myaac from git archive
-	git archive --format zip --output tmp/myaac.zip develop
+	git archive --format zip --output tmp/myaac.zip master
 	cd tmp/ || exit
@@ -38,7 +38,11 @@ if [ $1 = "prepare" ]; then
 	cd $dir || exit
 	# dependencies
-	composer install --no-dev
+	composer install --no-dev --prefer-dist --optimize-autoloader
 	npm install
 	# node_modules is useless, we already have copy in tools/ext
 	rm -R node_modules
 	echo "Now you can make changes to $dir. When you are ready, type 'release.sh pack'"
 	exit
--- a/system/bin/clear_cache.php
+++ b/system/bin/clear_cache.php
@@ -1,18 +0,0 @@
 <?php
 if(PHP_SAPI !== 'cli') {
 	echo 'This script can be run only in command line mode.';
 	exit(1);
 }
 require_once __DIR__ . '/../../common.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
 if(clearCache()) {
 	echo 'Cache cleared.' . PHP_EOL;
 }
 else {
 	echo 'Unexpected error.' . PHP_EOL;
 	exit(2);
 }
--- a/system/bin/cronjob.php
+++ b/system/bin/cronjob.php
@@ -1,19 +0,0 @@
 <?php
 require_once __DIR__ . '/../../common.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
 $hooks->load();
 use GO\Scheduler;
 // Create a new scheduler
 $scheduler = new Scheduler();
 $hooks->trigger(HOOK_CRONJOB, ['scheduler' => $scheduler]);
 // Let the scheduler execute jobs which are due.
 $scheduler->run();
--- a/system/bin/index.html
+++ b/system/bin/index.html
--- a/system/bin/install_cronjob.php
+++ b/system/bin/install_cronjob.php
@@ -1,50 +0,0 @@
 <?php
 require_once __DIR__ . '/../../common.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
 if(!IS_CLI) {
 	echo 'This script can be run only in command line mode.' . PHP_EOL;
 	exit(1);
 }
 if (MYAAC_OS !== 'LINUX') {
 	echo 'This script can be run only on linux.' . PHP_EOL;
 	exit(1);
 }
 $job = '* * * * * /usr/bin/php ' . SYSTEM . 'bin/cronjob.php >> ' . SYSTEM . 'logs/cron.log 2>&1';
 if (cronjob_exists($job)) {
 	echo 'MyAAC cronjob already installed.' . PHP_EOL;
 	exit(0);
 }
 exec ('crontab -l', $content);
 $content = implode(' ', $content);
 $content .= PHP_EOL . $job;
 file_put_contents(CACHE . 'cronjob', $content . PHP_EOL);
 exec('crontab ' . CACHE. 'cronjob');
 echo 'Installed crontab successfully.' . PHP_EOL;
 function cronjob_exists($command)
 {
 	$cronjob_exists=false;
 	exec('crontab -l', $crontab);
 	if(isset($crontab)&&is_array($crontab)) {
 		$crontab = array_flip($crontab);
 		if(isset($crontab[$command])){
 			$cronjob_exists = true;
 		}
 	}
 	return $cronjob_exists;
 }
--- a/system/bin/install_plugin.php
+++ b/system/bin/install_plugin.php
@@ -1,42 +0,0 @@
 <?php
 if(PHP_SAPI !== 'cli') {
 	echo 'This script can be run only in command line mode.';
 	exit(1);
 }
 require_once __DIR__ . '/../../common.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
 require_once SYSTEM . 'hooks.php';
 require_once LIBS . 'plugins.php';
 if($argc !== 2) {
 	echo 'This command expects one parameter: zip file name (plugin)' . PHP_EOL;
 	exit(2);
 }
 $path_to_file = $argv[1];
 $ext = strtolower(pathinfo($path_to_file, PATHINFO_EXTENSION));
 if($ext !== 'zip') {// check if it is zipped/compressed file
 	echo 'Please install only .zip files.' . PHP_EOL;
 	exit(3);
 }
 if(!file_exists($path_to_file)) {
 	echo 'ERROR: File ' . $path_to_file . ' does not exist' . PHP_EOL;
 	exit(4);
 }
 if(Plugins::install($path_to_file)) {
 	foreach(Plugins::getWarnings() as $warning) {
 		echo 'WARNING: ' . $warning;
 	}
 	$info = Plugins::getPluginJson();
 	echo (isset($info['name']) ? $info['name'] . ' p' : 'P') . 'lugin has been successfully installed.' . PHP_EOL;
 }
 else {
 	echo 'ERROR: ' . Plugins::getError() . PHP_EOL;
 	exit(5);
 }
--- a/system/bin/send_email.php
+++ b/system/bin/send_email.php
@@ -1,61 +0,0 @@
 <?php
 if(PHP_SAPI !== 'cli') {
 	echo 'This script can be run only in command line mode.';
 	exit(1);
 }
 require_once __DIR__ . '/../../common.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
 if($argc !== 3) {
 	echo 'This command expects two parameters: account_name_or_id|player_name|email address, subject.' . PHP_EOL;
 	exit(2);
 }
 $email_account_name = $argv[1];
 $subject = $argv[2];
 $message = file_get_contents('php://stdin');
 if(strpos($email_account_name, '@') === false) {
 	$account = new OTS_Account();
 	if(USE_ACCOUNT_NAME) {
 		$account->find($email_account_name);
 	}
 	else {
 		$account->load($email_account_name);
 	}
 	if($account->isLoaded()) {
 		$email_account_name = $account->getEMail();
 	}
 	else {
 		$player = new OTS_Player();
 		$player->find($email_account_name);
 		if($player->isLoaded()) {
 			$email_account_name = $player->getAccount()->getEMail();
 		}
 		else {
 			echo 'Cannot find player or account with name: ' . $email_account_name . '.' . PHP_EOL;
 			exit(3);
 		}
 	}
 }
 if(!Validator::email($email_account_name)) {
 	echo 'Invalid E-Mail format.' . PHP_EOL;
 	exit(4);
 }
 if(strlen($subject) > 255) {
 	echo 'Subject max length is 255 characters.' . PHP_EOL;
 	exit(5);
 }
 if(!_mail($email_account_name, $subject, $message)) {
 	echo 'An error occurred while sending email. More info can be found in system/logs/mailer-error.log';
 	exit(6);
 }
 echo 'Mail sent to ' . $email_account_name . '.' . PHP_EOL;
--- a/system/clients.conf.php
+++ b/system/clients.conf.php
@@ -105,4 +105,8 @@ $config['clients'] = [
 	1316,
 	1320,
 	1321,
 	1322,
 	1330,
 	1332,
 	1340,
 ];
--- a/system/compat/base.php
+++ b/system/compat/base.php
@@ -9,6 +9,8 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
 class Validator extends \MyAAC\Validator {}
 function check_name($name, &$errors = '') {
 	if(Validator::characterName($name))
 		return true;
@@ -72,4 +74,7 @@ function fieldExist($field, $table)
 	global $db;
 	return $db->hasColumn($table, $field);
 }
-?>
+
 function getCreatureImgPath($creature): string {
 	return getMonsterImgPath($creature);
 }
--- a/system/compat/classes.php
+++ b/system/compat/classes.php
@@ -36,3 +36,5 @@ class Guild extends OTS_Guild {
 }
 class GuildRank extends OTS_GuildRank {}
 class House extends OTS_House {}
 class Cache extends \MyAAC\Cache\Cache {}
--- a/system/compat/pages.php
+++ b/system/compat/pages.php
@@ -44,7 +44,7 @@ switch($page)
 		break;
 	case 'killstatistics':
-		$page = 'lastkills';
+		$page = 'last-kills';
 		break;
 	case 'buypoints':
--- a/system/counter.php
+++ b/system/counter.php
@@ -7,6 +7,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Cache\Cache;
 defined('MYAAC') or die('Direct access not allowed!');
 define('COUNTER_SYNC', 10); // how often counter is synchronized with database (each x site refreshes)
--- a/system/database.php
+++ b/system/database.php
@@ -106,6 +106,7 @@ try {
 		'persistent' => @$config['database_persistent']
 	));
 	global $db;
 	$db = POT::getInstance()->getDBHandle();
 	$capsule = new Capsule;
 	$capsule->addConnection([
@@ -127,6 +128,7 @@ try {
 	}
 	if(defined('MYAAC_INSTALL')) {
 		$error = $e->getMessage();
 		return; // installer will take care of this
 	}
--- a/system/exception.php
+++ b/system/exception.php
@@ -8,21 +8,21 @@
 * @link      https://my-aac.org
 */
-if (class_exists(\Whoops\Run::class)) {
+use MyAAC\Exceptions\SensitiveException;
-	$whoops = new \Whoops\Run;
+use Whoops\Handler\PlainTextHandler;
-	if(IS_CLI) {
+use Whoops\Handler\PrettyPageHandler;
-		$whoops->pushHandler(new \Whoops\Handler\PlainTextHandler);
+use Whoops\Run;
 	}
 	else {
 		$whoops->pushHandler(new \Whoops\Handler\PrettyPageHandler);
 	}
 if (class_exists(Run::class)) {
 	$whoops = new Run;
 	$whoopsHandler = IS_CLI ? (new PlainTextHandler()) : (new PrettyPageHandler());
 	$whoops->pushHandler($whoopsHandler);
 	$whoops->register();
 	return;
 }
 require LIBS . 'SensitiveException.php';
 /**
 * @param Exception $exception
 */
--- a/system/functions.php
+++ b/system/functions.php
@@ -9,12 +9,17 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
 use MyAAC\Cache\Cache;
 use MyAAC\CsrfToken;
 use MyAAC\Items;
 use MyAAC\Models\Config;
 use MyAAC\Models\Guild;
 use MyAAC\Models\House;
 use MyAAC\Models\Pages;
 use MyAAC\Models\Player;
 use MyAAC\News;
 use MyAAC\Plugins;
 use MyAAC\Settings;
 use PHPMailer\PHPMailer\PHPMailer;
 use Twig\Loader\ArrayLoader as Twig_ArrayLoader;
@@ -44,7 +49,7 @@ function warning($message, $return = false) {
 	return message($message, 'warning', $return);
 }
 function note($message, $return = false) {
-	return info($message, $return);
+	return message($message, 'note', $return);
 }
 function info($message, $return = false) {
 	return message($message, 'info', $return);
@@ -82,25 +87,41 @@ function getForumBoardLink($board_id, $page = NULL): string {
 	return BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'forum/board/' . (int)$board_id . (isset($page) ? '/' . $page : '');
 }
-function getPlayerLink($name, $generate = true): string
+function getPlayerLink($name, $generate = true, bool $colored = false): string
 {
 	if(is_numeric($name))
 {
 	if (is_object($name) and $name instanceof OTS_Player) {
 		$player = $name;
 	}
 	else {
 		$player = new OTS_Player();
 		if(is_numeric($name)) {
 			$player->load((int)$name);
-		if($player->isLoaded())
+		}
-			$name = $player->getName();
+		else {
 			$player->find($name);
 		}
 	}
 	if (!$player->isLoaded()) {
 		return '(error)';
 	}
 	$name = $player->getName();
 	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'characters/' . urlencode($name);
 	if ($colored) {
 		$name = '<span style="color: ' . ($player->isOnline() ? 'green' : 'red') . ';">' . $name . '</span>';
 	}
 	if(!$generate) return $url;
 	return generateLink($url, $name);
 }
 function getMonsterLink($name, $generate = true): string
 {
-	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'creatures/' . urlencode($name);
+	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'monsters/' . urlencode($name);
 	if(!$generate) return $url;
 	return generateLink($url, $name);
@@ -137,7 +158,6 @@ function getGuildLink($name, $generate = true): string
 }
 function getItemNameById($id) {
 	require_once LIBS . 'items.php';
 	$item = Items::get($id);
 	return !empty($item['name']) ? $item['name'] : '';
 }
@@ -197,7 +217,7 @@ function getFlagImage($country): string
 * @param mixed $v Variable to check.
 * @return bool Value boolean status.
 */
-function getBoolean($v): bool
+function getBoolean(mixed $v): bool
 {
 	if(is_bool($v)) {
 		return $v;
@@ -206,6 +226,10 @@ function getBoolean($v): bool
 	if(is_numeric($v))
 		return (int)$v > 0;
 	if (is_null($v)) {
 		return false;
 	}
 	$v = strtolower($v);
 	return $v === 'yes' || $v === 'true';
 }
@@ -253,7 +277,7 @@ function generateRandomString($length, $lowCase = true, $upCase = false, $numeri
 function getForumBoards()
 {
 	global $db, $canEdit;
-	$sections = $db->query('SELECT `id`, `name`, `description`, `closed`, `guild`, `access`' . ($canEdit ? ', `hidden`, `ordering`' : '') . ' FROM `' . TABLE_PREFIX . 'forum_boards` ' . (!$canEdit ? ' WHERE `hidden` != 1' : '') .
+	$sections = $db->query('SELECT `id`, `name`, `description`, `closed`, `guild`, `access`' . ($canEdit ? ', `hide`, `ordering`' : '') . ' FROM `' . TABLE_PREFIX . 'forum_boards` ' . (!$canEdit ? ' WHERE `hide` != 1' : '') .
 		' ORDER BY `ordering`;');
 	if($sections)
 		return $sections->fetchAll();
@@ -410,7 +434,10 @@ function delete_guild($id)
 	if(count($rank_list) > 0) {
 		$rank_list->orderBy('level');
-		global $db, $ots;
+		global $db;
 		/**
 		 * @var OTS_GuildRank $rank_in_guild
 		 */
 		foreach($rank_list as $rank_in_guild) {
 			if($db->hasTable('guild_members'))
 				$players_with_rank = $db->query('SELECT `players`.`id` as `id`, `guild_members`.`rank_id` as `rank_id` FROM `players`, `guild_members` WHERE `guild_members`.`rank_id` = ' . $rank_in_guild->getId() . ' AND `players`.`id` = `guild_members`.`player_id` ORDER BY `name`;');
@@ -562,24 +589,12 @@ function template_form()
 {
 	global $template_name;
-	$cache = Cache::getInstance();
+	$templates = Cache::remember('templates', 5 * 60, function() {
-	if($cache->enabled())
+		return get_templates();
-	{
+	});
 		$tmp = '';
 		if($cache->fetch('templates', $tmp)) {
 			$templates = unserialize($tmp);
 		}
 		else
 		{
 			$templates = get_templates();
 			$cache->set('templates', serialize($templates), 30);
 		}
 	}
 	else
 		$templates = get_templates();
 	$options = '';
-	foreach($templates as $key => $value)
+	foreach($templates as $value)
 		$options .= '<option ' . ($template_name == $value ? 'SELECTED' : '') . '>' . $value . '</option>';
 	global $twig;
@@ -702,11 +717,8 @@ function getSkillName($skillId, $suffix = true)
 /**
 * Performs flag check on the current logged in user.
 * Table in database: accounts, field: website_flags
 *
 * @param int @flag Flag to be verified.
 * @return bool If user got flag.
 */
-function hasFlag($flag) {
+function hasFlag(int $flag): bool {
 	global $logged, $logged_flags;
 	return ($logged && ($logged_flags & $flag) == $flag);
 }
@@ -779,7 +791,7 @@ function get_browser_languages()
 	$languages = str_replace(' ', '', $languages);
 	foreach(explode(',', $languages) as $language_list)
-		$ret[] .= substr($language_list, 0, 2);
+		$ret[] = substr($language_list, 0, 2);
 	return $ret;
 }
@@ -798,6 +810,10 @@ function get_templates()
 			$ret[] = $file;
 	}
 	foreach (Plugins::getThemes() as $name => $path) {
 		$ret[] = $name;
 	}
 	return $ret;
 }
@@ -1041,19 +1057,19 @@ function get_browser_real_ip() {
 	return '0';
 }
-function setSession($key, $data) {
+function setSession($key, $data): void {
 	$_SESSION[setting('core.session_prefix') . $key] = $data;
 }
 function getSession($key) {
 	$key = setting('core.session_prefix') . $key;
-	return isset($_SESSION[$key]) ? $_SESSION[$key] : false;
+	return $_SESSION[$key] ?? false;
 }
-function unsetSession($key) {
+function unsetSession($key): void {
 	unset($_SESSION[setting('core.session_prefix') . $key]);
 }
-function csrf(): void {
+function csrf(bool $return = false): string {
-	CsrfToken::create();
+	return CsrfToken::create($return);
 }
 function csrfToken(): string {
@@ -1062,7 +1078,7 @@ function csrfToken(): string {
 function isValidToken(): bool {
 	$token = $_POST['csrf_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
-	return ($_SERVER['REQUEST_METHOD'] !== 'POST' || (isset($token) && CsrfToken::isValid($token)));
+	return (!isRequestMethod('post') || (isset($token) && CsrfToken::isValid($token)));
 }
 function csrfProtect(): void
@@ -1074,20 +1090,16 @@ function csrfProtect(): void
 	}
 }
-function getTopPlayers($limit = 5) {
+function getTopPlayers($limit = 5, $skill = 'level') {
 	global $db;
-	$cache = Cache::getInstance();
+	if ($skill === 'level') {
-	if($cache->enabled()) {
+		$skill = 'experience';
 		$tmp = '';
 		if($cache->fetch('top_' . $limit . '_level', $tmp)) {
 			$players = unserialize($tmp);
 		}
 	}
-	if (!isset($players)) {
+	return Cache::remember("top_{$limit}_{$skill}", 2 * 60, function () use ($db, $limit, $skill) {
 		$columns = [
-			'id', 'name', 'level', 'vocation', 'experience',
+			'id', 'name', 'level', 'vocation', 'experience', 'balance',
 			'looktype', 'lookhead', 'lookbody', 'looklegs', 'lookfeet'
 		];
@@ -1099,32 +1111,27 @@ function getTopPlayers($limit = 5) {
 			$columns[] = 'online';
 		}
-		$players = Player::query()
+		return Player::query()
 			->select($columns)
 			->withOnlineStatus()
 			->notDeleted()
 			->where('group_id', '<', setting('core.highscores_groups_hidden'))
 			->whereNotIn('id', setting('core.highscores_ids_hidden'))
 			->where('account_id', '!=', 1)
-			->orderByDesc('experience')
+			->orderByDesc($skill)
 			->limit($limit)
 			->get()
 			->map(function ($e, $i) {
 				$row = $e->toArray();
 				$row['online'] = $e->online_status;
 				$row['rank'] = $i + 1;
 				$row['outfit_url'] = $e->outfit_url;
 				unset($row['online_table']);
 				return $row;
 			})->toArray();
-
+	});
 		if($cache->enabled()) {
 			$cache->set('top_' . $limit . '_level', serialize($players), 120);
 		}
 	}
 	return $players;
 }
 function deleteDirectory($dir, $ignore = array(), $contentOnly = false) {
@@ -1191,72 +1198,48 @@ function setting($key)
 function clearCache()
 {
 	require_once LIBS . 'news.php';
 	News::clearCache();
 	$cache = Cache::getInstance();
 	if($cache->enabled()) {
-		$tmp = '';
+		$keysToClear = [
-
+			'status', 'templates',
-		if ($cache->fetch('status', $tmp))
+			'config_lua',
-			$cache->delete('status');
+			'towns', 'groups', 'vocations',
-
+			'visitors', 'views_counter', 'failed_logins',
-		if ($cache->fetch('templates', $tmp))
+			'template_menus',
-			$cache->delete('templates');
+			'last_kills',
-
+			'hooks', 'plugins_hooks', 'plugins_routes', 'plugins_settings', 'plugins_themes', 'plugins_commands',
-		if ($cache->fetch('config_lua', $tmp))
+			'settings',
-			$cache->delete('config_lua');
+		];
 		if ($cache->fetch('vocations', $tmp))
 			$cache->delete('vocations');
 		if ($cache->fetch('towns', $tmp))
 			$cache->delete('towns');
 		if ($cache->fetch('groups', $tmp))
 			$cache->delete('groups');
 		if ($cache->fetch('visitors', $tmp))
 			$cache->delete('visitors');
 		if ($cache->fetch('views_counter', $tmp))
 			$cache->delete('views_counter');
 		if ($cache->fetch('failed_logins', $tmp))
 			$cache->delete('failed_logins');
 		foreach (get_templates() as $template) {
-			if ($cache->fetch('template_ini_' . $template, $tmp)) {
+			$keysToClear[] = 'template_ini_' . $template;
-				$cache->delete('template_ini_' . $template);
+		}
 		// highscores cache
 		$configHighscoresPerPage = setting('core.highscores_per_page');
 		$skills = [POT::SKILL_FIST, POT::SKILL_CLUB, POT::SKILL_SWORD, POT::SKILL_AXE, POT::SKILL_DIST, POT::SKILL_SHIELD, POT::SKILL_FISH, POT::SKILL_LEVEL, POT::SKILL__MAGLEVEL, SKILL_FRAGS, SKILL_BALANCE];
 		foreach ($skills as $skill) {
 			// config('vocations') may be empty after previous cache clear
 			$vocations = (config('vocations') ?? []) + ['all'];
 			foreach ($vocations as $vocation) {
 				for($page = 0; $page < 10; $page++) {
 					$cacheKey = 'highscores_' . $skill . '_' . strtolower($vocation) . '_' . $page . '_' . $configHighscoresPerPage;
 					$keysToClear[] = $cacheKey;
 				}
 			}
 		}
-		if ($cache->fetch('template_menus', $tmp)) {
+		foreach ($keysToClear as $item) {
-			$cache->delete('template_menus');
+			$tmp = '';
 			if ($cache->fetch($item, $tmp)) {
 				$cache->delete($item);
 			}
 		if ($cache->fetch('database_tables', $tmp)) {
 			$cache->delete('database_tables');
 		}
 		if ($cache->fetch('database_columns', $tmp)) {
 			$cache->delete('database_columns');
 		}
 		if ($cache->fetch('database_checksum', $tmp)) {
 			$cache->delete('database_checksum');
 		}
 		if ($cache->fetch('last_kills', $tmp)) {
 			$cache->delete('last_kills');
 		}
-		if ($cache->fetch('hooks', $tmp)) {
+		global $db;
-			$cache->delete('hooks');
+		$db->setClearCacheAfter(true);
 		}
 		if ($cache->fetch('plugins_hooks', $tmp)) {
 			$cache->delete('plugins_hooks');
 		}
 		if ($cache->fetch('plugins_routes', $tmp)) {
 			$cache->delete('plugins_routes');
 		}
 	}
 	deleteDirectory(CACHE . 'signatures', ['index.html'], true);
@@ -1265,12 +1248,20 @@ function clearCache()
 	deleteDirectory(CACHE, ['signatures', 'twig', 'plugins', 'index.html', 'persistent'], true);
 	// routes cache
 	clearRouteCache();
 	global $hooks;
 	$hooks->trigger(HOOK_CACHE_CLEAR, ['cache' => Cache::getInstance()]);
 	return true;
 }
 function clearRouteCache(): void
 {
 	$routeCacheFile = CACHE . 'route.cache';
 	if (file_exists($routeCacheFile)) {
 		unlink($routeCacheFile);
 	}
 	return true;
 }
 function getCustomPageInfo($name)
@@ -1312,13 +1303,6 @@ function getCustomPage($name, &$success): string
 			else
 				$tmp = $page['body'];
 			$php_errors = array();
 			function error_handler($errno, $errstr) {
 				global $php_errors;
 				$php_errors[] = array('errno' => $errno, 'errstr' => $errstr);
 			}
 			set_error_handler('error_handler');
 			global $config;
 			if(setting('core.backward_support')) {
 				global $SQL, $main_content, $subtopic;
@@ -1328,11 +1312,6 @@ function getCustomPage($name, &$success): string
 			eval($tmp);
 			$content .= ob_get_contents();
 			ob_end_clean();
 			restore_error_handler();
 			if(isset($php_errors[0]) && superAdmin()) {
 				var_dump($php_errors);
 			}
 		}
 		else {
 			$oldLoader = $twig->getLoader();
@@ -1576,18 +1555,19 @@ function right($str, $length) {
 	return substr($str, -$length);
 }
-function getCreatureImgPath($creature){
+function getMonsterImgPath($monster): string
-	$creature_path = setting('core.monsters_images_url');
+{
-	$creature_gfx_name = trim(strtolower($creature)) . setting('core.monsters_images_extension');
+	$monster_path = setting('core.monsters_images_url');
-	if (!file_exists($creature_path . $creature_gfx_name)) {
+	$monster_gfx_name = trim(strtolower($monster)) . setting('core.monsters_images_extension');
-		$creature_gfx_name = str_replace(" ", "", $creature_gfx_name);
+	if (!file_exists($monster_path . $monster_gfx_name)) {
-		if (file_exists($creature_path . $creature_gfx_name)) {
+		$monster_gfx_name = str_replace(" ", "", $monster_gfx_name);
-			return $creature_path . $creature_gfx_name;
+		if (file_exists($monster_path . $monster_gfx_name)) {
 			return $monster_path . $monster_gfx_name;
 		} else {
-			return $creature_path . 'nophoto.png';
+			return $monster_path . 'nophoto.png';
 		}
 	} else {
-		return $creature_path . $creature_gfx_name;
+		return $monster_path . $monster_gfx_name;
 	}
 }
@@ -1638,7 +1618,7 @@ function removeIfFirstSlash(&$text) {
 };
 function escapeHtml($html) {
-	return htmlentities($html, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
+	return htmlspecialchars($html);
 }
 function getGuildNameById($id)
@@ -1675,9 +1655,31 @@ function displayErrorBoxWithBackButton($errors, $action = null) {
 	]);
 }
 function makeLinksClickable($text, $blank = true) {
 	return preg_replace('!(((f|ht)tp(s)?://)[-a-zA-Zа-яА-Я()0-9@:%_+.~#?&;//=]+)!i', '<a href="$1"' . (!$blank ?: ' target="_blank"') . '>$1</a>', $text);
 }
 function isRequestMethod(string $method): bool {
 	return strtolower($_SERVER['REQUEST_METHOD']) == strtolower($method);
 }
 function getAccountIdentityColumn(): string
 {
 	if (USE_ACCOUNT_NAME) {
 		return 'name';
 	}
 	elseif (USE_ACCOUNT_NUMBER) {
 		return 'number';
 	}
 	return 'id';
 }
 // validator functions
 require_once LIBS . 'validator.php';
 require_once SYSTEM . 'compat/base.php';
 // custom functions
-require SYSTEM . 'functions_custom.php';
+$customFunctions = SYSTEM . 'functions_custom.php';
 if (is_file($customFunctions)) {
 	require $customFunctions;
 }
--- a/system/init.php
+++ b/system/init.php
@@ -8,16 +8,20 @@
 * @link      https://my-aac.org
 */
 use DebugBar\StandardDebugBar;
 use MyAAC\Cache\Cache;
 use MyAAC\CsrfToken;
 use MyAAC\Hooks;
 use MyAAC\Models\Town;
 use MyAAC\Settings;
 defined('MYAAC') or die('Direct access not allowed!');
 global $config;
 if(!isset($config['installed']) || !$config['installed']) {
 	throw new RuntimeException('MyAAC has not been installed yet or there was error during installation. Please install again.');
 }
 use DebugBar\StandardDebugBar;
 if(config('env') === 'dev') {
 	require SYSTEM . 'exception.php';
 }
@@ -35,15 +39,15 @@ if($config['server_path'][strlen($config['server_path']) - 1] !== '/')
 	$config['server_path'] .= '/';
 // enable gzip compression if supported by the browser
-if(isset($config['gzip_output']) && $config['gzip_output'] && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false && function_exists('ob_gzhandler'))
+if(isset($config['gzip_output']) && $config['gzip_output'] && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && str_contains($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('ob_gzhandler'))
 	ob_start('ob_gzhandler');
 // cache
-require_once SYSTEM . 'libs/cache.php';
+global $cache;
 $cache = Cache::getInstance();
 // event system
-require_once SYSTEM . 'hooks.php';
+global $hooks;
 $hooks = new Hooks();
 $hooks->load();
@@ -54,29 +58,25 @@ require_once SYSTEM . 'twig.php';
 $action = $_REQUEST['action'] ?? '';
 define('ACTION', $action);
 // errors, is also often used
 $errors = [];
 // trim values we receive
 if(isset($_POST))
 {
 foreach($_POST as $var => $value) {
 	if(is_string($value)) {
 		$_POST[$var] = trim($value);
 	}
 }
-}
+
 if(isset($_GET))
 {
 foreach($_GET as $var => $value) {
 	if(is_string($value))
 		$_GET[$var] = trim($value);
 }
-}
+
 if(isset($_REQUEST))
 {
 foreach($_REQUEST as $var => $value) {
 	if(is_string($value))
 		$_REQUEST[$var] = trim($value);
 }
 }
 // load otserv config file
 $config_lua_reload = true;
@@ -96,8 +96,8 @@ if($config_lua_reload) {
 	// cache config
 	if($cache->enabled()) {
-		$cache->set('config_lua', serialize($config['lua']), 120);
+		$cache->set('config_lua', serialize($config['lua']), 2 * 60);
-		$cache->set('server_path', $config['server_path']);
+		$cache->set('server_path', $config['server_path'], 10 * 60);
 	}
 }
 unset($tmp);
@@ -131,18 +131,24 @@ if(!isset($foundValue)) {
 $config['data_path'] = $foundValue;
 unset($foundValue);
 // POT
 require_once SYSTEM . 'libs/pot/OTS.php';
 $ots = POT::getInstance();
 $eloquentConnection = null;
 require_once SYSTEM . 'database.php';
 // verify myaac tables exists in database
 if(!defined('MYAAC_INSTALL') && !$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table myaac_account_actions of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting ' . (IS_CLI ? 'http://your-ip.com/' : BASE_URL) . 'install');
 }
 // execute migrations
 $configDatabaseAutoMigrate = config('database_auto_migrate');
 if (!isset($configDatabaseAutoMigrate) || $configDatabaseAutoMigrate) {
 	require SYSTEM . 'migrate.php';
 }
 // settings
 require_once LIBS . 'Settings.php';
 $settings = Settings::getInstance();
 $settings->load();
@@ -155,12 +161,15 @@ if (!isset($token) || !$token) {
 // deprecated config values
 require_once SYSTEM . 'compat/config.php';
 // deprecated classes
 require_once SYSTEM . 'compat/classes.php';
 date_default_timezone_set(setting('core.date_timezone'));
 setting(
 	[
-		'core.account_create_character_create',
+		'core.account_mail_verify',
-		setting('core.account_create_character_create') && (!setting('core.mail_enabled') || !setting('core.account_mail_verify'))
+		setting('core.account_mail_verify') && setting('core.mail_enabled')
 	]
 );
@@ -173,5 +182,17 @@ define('USE_ACCOUNT_NAME', $db->hasColumn('accounts', 'name'));
 define('USE_ACCOUNT_NUMBER', $db->hasColumn('accounts', 'number'));
 define('USE_ACCOUNT_SALT', $db->hasColumn('accounts', 'salt'));
-require LIBS . 'Towns.php';
+$towns = Cache::remember('towns', 10 * 60, function () use ($db) {
-Towns::load();
+	if ($db->hasTable('towns') && Town::count() > 0) {
 		return Town::orderBy('id', 'ASC')->pluck('name', 'id')->toArray();
 	}
 	return [];
 });
 if (count($towns) <= 0) {
 	$towns = setting('core.towns');
 }
 config(['towns', $towns]);
 unset($towns);
--- a/system/libs/SensitiveException.php
+++ b/system/libs/SensitiveException.php
@@ -1,3 +0,0 @@
 <?php
 class SensitiveException extends Exception {}
--- a/system/libs/Towns.php
+++ b/system/libs/Towns.php
@@ -1,131 +0,0 @@
 <?php
 /**
 * Project: MyAAC
 *     Automatic Account Creator for Open Tibia Servers
 *
 * This is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Town;
 /**
 * Class Towns
 */
 class Towns
 {
 	/**
 	 * @var string
 	 */
 	private static $filename = CACHE . 'persistent/' . 'towns.php';
 	/**
 	 * Determine towns
 	 *
 	 * @return array
 	 */
 	public static function determine()
 	{
 		global $db;
 		if($db->hasTable('towns')) {
 			return self::getFromDatabase();
 		}
 		return self::getFromOTBM();
 	}
 	/**
 	 * Load cached towns file
 	 */
 	public static function load()
 	{
 		$towns = config('towns');
 		if (file_exists(self::$filename)) {
 			$towns = require self::$filename;
 		}
 		config(['towns', $towns]);
 	}
 	/**
 	 * Save into cache file
 	 *
 	 * @return bool
 	 */
 	public static function save()
 	{
 		$towns = self::determine();
 		if (count($towns) > 0) {
 			file_put_contents(self::$filename, '<?php return ' . var_export($towns, true) . ';', LOCK_EX);
 			return true;
 		}
 		return false;
 	}
 	/**
 	 * Load from OTBM map file
 	 *
 	 * @return array
 	 */
 	public static function getFromOTBM()
 	{
 		$mapName = configLua('mapName');
 		if (!isset($mapName)) {
 			$mapName = configLua('map');
 			$mapFile = config('server_path') . $mapName;
 		}
 		if (strpos($mapName, '.otbm') === false) {
 			$mapName .= '.otbm';
 		}
 		if (!isset($mapFile)) {
 			$mapFile = config('data_path') . 'world/' . $mapName;
 		}
 		if (strpos($mapFile, '.gz') !== false) {
 			$mapFile = str_replace('.gz', '', $mapFile);
 		}
 		$towns = [];
 		if (file_exists($mapFile)) {
 			ini_set('memory_limit', '-1');
 			require LIBS . 'TownsReader.php';
 			$townsReader = new TownsReader($mapFile);
 			$townsReader->load();
 			$towns = $townsReader->get();
 		}
 		return $towns;
 	}
 	/**
 	 * Load from database
 	 *
 	 * @return array
 	 */
 	public static function getFromDatabase()
 	{
 		return Town::pluck('name', 'id')->toArray();
 	}
 }
--- a/system/libs/TownsReader.php
+++ b/system/libs/TownsReader.php
@@ -1,82 +0,0 @@
 <?php
 /*
    This file is part of OTSCMS (http://www.otscms.com/) project.
    Copyright (C) 2005 - 2007 Wrzasq (wrzasq@gmail.com)
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */
 /*
    This code bases on oryginal OTServ code for .otbm files - file iomapotbm.cpp rev.2141
 */
 class TownsReader
 {
 	// node bytes
 	const ESCAPE_CHAR = 0xFD;
 	const NODE_START = 0xFE;
 	// map node types
 	const OTBM_TOWN = 13;
 	// file handler
 	protected $file;
 	// towns
 	private $towns = [];
 	// loads map .otbm file
 	public function __construct($file)
 	{
 		// opens file for reading
 		$this->file = fopen($file, 'rb');
 	}
 	public function load()
 	{
 		// checks if file is opened correctly
 		if ($this->file) {
 			// skips version
 			fseek($this->file, 4);
 			// reads nodes chain
 			while (!feof($this->file)) {
 				// reads byte
 				switch (ord(fgetc($this->file))) {
 					// maybe a town node
 					case self::NODE_START:
 						// reads node type
 						if (ord(fgetc($this->file)) == self::OTBM_TOWN) {
 							$id = unpack('L', fread($this->file, 4));
 							$length = unpack('S', fread($this->file, 2));
 							// reads town name
 							$this->towns[$id[1]] = fread($this->file, $length[1]);
 						}
 						break;
 					// escape next character - it might be NODE_START character which is in fact not
 					case self::ESCAPE_CHAR:
 						fgetc($this->file);
 						break;
 				}
 			}
 		}
 	}
 	public function get() {
 		return $this->towns;
 	}
 }
--- a/system/libs/cache_eaccelerator.php
+++ b/system/libs/cache_eaccelerator.php
@@ -1,51 +0,0 @@
 <?php
 /**
 * Cache eAccelerator class
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 class Cache_eAccelerator
 {
 	private $prefix;
 	private $enabled;
 	public function __construct($prefix = '') {
 		$this->prefix = $prefix;
 		$this->enabled = function_exists('eaccelerator_get');
 	}
 	public function set($key, $var, $ttl = 0)
 	{
 		$key = $this->prefix . $key;
 		eaccelerator_rm($key);
 		eaccelerator_put($key, $var, $ttl);
 	}
 	public function get($key)
 	{
 		$tmp = '';
 		if($this->fetch($this->prefix . $key, $tmp)) {
 			return $tmp;
 		}
 		return '';
 	}
 	public function fetch($key, &$var) {
 		return ($var = eaccelerator_get($this->prefix . $key)) !== null;
 	}
 	public function delete($key) {
 		eaccelerator_rm($this->prefix . $key);
 	}
 	public function enabled() {
 		return $this->enabled;
 	}
 }
--- a/system/libs/pot/OTS_Base_DAO.php
+++ b/system/libs/pot/OTS_Base_DAO.php
@@ -83,38 +83,4 @@ abstract class OTS_Base_DAO implements IOTS_DAO
    {
        unset($this->data['id']);
    }
 /**
 * Magic PHP5 method.
 * 
 * <p>
 * Allows object importing from {@link http://www.php.net/manual/en/function.var-export.php var_export()}.
 * </p>
 * 
 * @version 0.1.0
 * @param array $properties List of object properties.
 */
    public static function __set_state($properties)
    {
        // deletes database handle
        if( isset($properties['db']) )
        {
            unset($properties['db']);
 }
        // initializes new object with current database connection
        $object = new self();
        // loads properties
        foreach($properties as $name => $value)
        {
            $object->$name = $value;
        }
        return $object;
    }
 }
 /**#@-*/
 ?>
--- a/system/libs/pot/OTS_Base_DB.php
+++ b/system/libs/pot/OTS_Base_DB.php
@@ -184,8 +184,14 @@ abstract class OTS_Base_DB extends PDO implements IOTS_DB
 		$query = 'UPDATE '.$this->tableName($table).' SET ';
 		$count = count($fields);
-		for ($i = 0; $i < $count; $i++)
+		for ($i = 0; $i < $count; $i++) {
-			$query.= $this->fieldName($fields[$i]).' = '.$this->quote($values[$i]).', ';
+			$value = 'NULL';
 			if ($values[$i] !== null) {
 				$value = $this->quote($values[$i]);
 			}
 			$query.= $this->fieldName($fields[$i]).' = '.$value.', ';
 		}
 		$query = substr($query, 0, -2);
 		$query.=' WHERE (';
@@ -229,6 +235,30 @@ abstract class OTS_Base_DB extends PDO implements IOTS_DB
 		$this->exec($query);
 		return true;
 	}
 	public function addColumn($table, $column, $definition): void {
 		$this->exec('ALTER TABLE ' . $this->tableName($table) . ' ADD ' . $this->fieldName($column) . ' ' . $definition . ';');
 	}
 	public function modifyColumn($table, $column, $definition): void {
 		$this->exec('ALTER TABLE ' . $this->tableName($table) . ' MODIFY ' . $this->fieldName($column) . ' ' . $definition . ';');
 	}
 	public function changeColumn($table, $from, $to, $definition): void {
 		$this->exec('ALTER TABLE ' . $this->tableName($table) . ' CHANGE ' . $this->fieldName($from) . ' ' . $this->fieldName($to) . ' ' . $definition . ';');
 	}
 	public function dropColumn($table, $column): void {
 		$this->exec('ALTER TABLE ' . $this->tableName($table) . ' DROP COLUMN ' . $this->fieldName($column) . ';');
 	}
 	public function renameTable($from, $to): void {
 		$this->exec('RENAME TABLE ' . $this->tableName($from) . ' TO ' . $this->tableName($to) . ';');
 	}
 	public function dropTable($table, $ifExists = true): void {
 		$this->exec('DROP TABLE ' . ($ifExists ? 'IF EXISTS' : '') . ' ' . $this->tableName($table) . ';');
 	}
 /**
 * LIMIT/OFFSET clause for queries.
 *
--- a/system/libs/pot/OTS_Buffer.php
+++ b/system/libs/pot/OTS_Buffer.php
@@ -196,6 +196,16 @@ class OTS_Buffer
 		return $value[1];
 	}
 	public function getLongLong()
 	{
 		// checks buffer size
 		$this->check(8);
 		$value = unpack('P', substr($this->buffer, $this->pos, 8) );
 		$this->pos += 8;
 		return $value[1];
 	}
 /**
 * Appends quater byte to buffer.
 *
--- a/system/libs/pot/OTS_DB_MySQL.php
+++ b/system/libs/pot/OTS_DB_MySQL.php
@@ -12,6 +12,8 @@
 * @license http://www.gnu.org/licenses/lgpl-3.0.txt GNU Lesser General Public License, Version 3
 */
 use MyAAC\Cache\Cache;
 /**
 * MySQL connection interface.
 *
@@ -26,6 +28,8 @@ class OTS_DB_MySQL extends OTS_Base_DB
 {
 	private $has_table_cache = array();
 	private $has_column_cache = array();
 	private $clearCacheAfter = false;
 /**
 * Creates database connection.
 *
@@ -94,7 +98,8 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		}
 		global $config;
-		if(class_exists('Cache') && ($cache = Cache::getInstance()) && $cache->enabled()) {
+		$cache = Cache::getInstance();
 		if($cache->enabled()) {
 			$tmp = null;
 			$need_revalidation = true;
 			if($cache->fetch('database_checksum', $tmp) && $tmp) {
@@ -145,14 +150,23 @@ class OTS_DB_MySQL extends OTS_Base_DB
 	{
 		global $config;
-	    if(class_exists('Cache') && ($cache = Cache::getInstance()) && $cache->enabled()) {
+		$cache = Cache::getInstance();
 		if($cache->enabled()) {
 			if ($this->clearCacheAfter) {
 				$cache->delete('database_tables');
 				$cache->delete('database_columns');
 				$cache->delete('database_checksum');
 			}
 			else {
 				$cache->set('database_tables', serialize($this->has_table_cache), 3600);
 				$cache->set('database_columns', serialize($this->has_column_cache), 3600);
 				$cache->set('database_checksum', serialize(sha1($config['database_host'] . '.' . $config['database_name'])), 3600);
 			}
 		}
 		if($this->logged) {
-			log_append('database.log', $_SERVER['REQUEST_URI'] . PHP_EOL . $this->getLog());
+			$currentScript = $_SERVER['REQUEST_URI'] ?? $_SERVER['SCRIPT_FILENAME'];
 			log_append('database.log', $currentScript . PHP_EOL . $this->getLog());
 		}
 	}
@@ -236,6 +250,11 @@ class OTS_DB_MySQL extends OTS_Base_DB
 			}
 		}
 	}
 	public function setClearCacheAfter($clearCache)
 	{
 		$this->clearCacheAfter = $clearCache;
 	}
 }
 /**#@-*/
--- a/system/libs/pot/OTS_Groups_List.php
+++ b/system/libs/pot/OTS_Groups_List.php
@@ -8,6 +8,8 @@
 * @license http://www.gnu.org/licenses/lgpl-3.0.txt GNU Lesser General Public License, Version 3
 */
 use MyAAC\Cache\Cache;
 /**
 * List of groups.
 *
--- a/system/libs/pot/OTS_House.php
+++ b/system/libs/pot/OTS_House.php
@@ -60,12 +60,7 @@ class OTS_House extends OTS_Row_DAO
    private $tiles = array();
 	public function load($id) {
-		$this->data = $this->db->query('SELECT * FROM `houses` WHERE `id` = ' . $id )->fetch();
+		$this->data = $this->db->query('SELECT * FROM `houses` WHERE `id` = ' . $id )->fetch(PDO::FETCH_ASSOC);
 		foreach($this->data as $key => $value) {
 			if(is_numeric($key)) {
 				unset($this->data[$key]);
 			}
 		}
 	}
    public function find($name)
--- a/system/libs/pot/OTS_Monster.php
+++ b/system/libs/pot/OTS_Monster.php
@@ -41,9 +41,10 @@
 class OTS_Monster extends DOMDocument
 {
 	private $loaded = false;
-	public function loadXML($source , $options = 0)
+	public function loadXML(string $source , int $options = 0): bool
 	{
 		$this->loaded = parent::loadXML($source, $options);
 		return $this->loaded;
 	}
 	public function loaded()
@@ -134,13 +135,14 @@ class OTS_Monster extends DOMDocument
 	{
 		$flags = array();
-        // read all flags
+		if ($this->documentElement->getElementsByTagName('flags')->item(0)) {
 			foreach( $this->documentElement->getElementsByTagName('flags')->item(0)->getElementsByTagName('flag') as $flag)
 			{
 				$flag = $flag->attributes->item(0);
 				$flags[$flag->nodeName] = (int) $flag->nodeValue;
 			}
 		}
 		return $flags;
 	}
--- a/system/libs/pot/OTS_Player.php
+++ b/system/libs/pot/OTS_Player.php
@@ -90,7 +90,7 @@ class OTS_Player extends OTS_Row_DAO
 * @version 0.1.2
 * @var array
 */
-    private $data = array('sex' => 0, 'vocation' => 0, 'experience' => 0, 'level' => 1, 'maglevel' => 0, 'health' => 100, 'healthmax' => 100, 'mana' => 100, 'manamax' => 100, 'manaspent' => 0, 'soul' => 0, 'lookbody' => 10, 'lookfeet' => 10, 'lookhead' => 10, 'looklegs' => 10, 'looktype' => 136, 'lookaddons' => 0, 'posx' => 0, 'posy' => 0, 'posz' => 0, 'cap' => 0, 'lastlogin' => 0, 'lastip' => 0, 'save' => true, 'skulltime' => 0, 'skull' => 0, 'balance' => 0, 'lastlogout' => 0, 'blessings' => 0, 'stamina' => 0, 'online' => 0, 'comment' => '', 'created' => 0, 'hidden' => 0);
+	private $data = array('group_id' => 1, 'sex' => 0, 'vocation' => 0, 'experience' => 0, 'level' => 1, 'maglevel' => 0, 'health' => 100, 'healthmax' => 100, 'mana' => 100, 'manamax' => 100, 'manaspent' => 0, 'soul' => 0, 'lookbody' => 10, 'lookfeet' => 10, 'lookhead' => 10, 'looklegs' => 10, 'looktype' => 136, 'lookaddons' => 0, 'posx' => 0, 'posy' => 0, 'posz' => 0, 'cap' => 0, 'lastlogin' => 0, 'lastip' => 0, 'save' => true, 'skulltime' => 0, 'skull' => 0, 'balance' => 0, 'lastlogout' => 0, 'blessings' => 0, 'stamina' => 0, 'online' => 0, 'comment' => '', 'created' => 0, 'hide' => 0);
 /**
 * Player skills.
@@ -108,6 +108,8 @@ class OTS_Player extends OTS_Row_DAO
 		POT::SKILL_SHIELD => array('value' => 0, 'tries' => 0),
 		POT::SKILL_FISH => array('value' => 0, 'tries' => 0)
 	);
 	private static array $playersOnline;
 /**
 * Magic PHP5 method.
 *
@@ -231,7 +233,7 @@ class OTS_Player extends OTS_Row_DAO
 		}
 		else {
 			// SELECT query on database
-			$this->data = $this->db->query('SELECT `id`, `name`, `account_id`, `group_id`, `sex`, `vocation`, `experience`, `level`, `maglevel`, `health`, `healthmax`, `mana`, `manamax`, `manaspent`, `soul`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`' . ($this->db->hasColumn('players', 'lookaddons') ? ', `lookaddons`' : '') . ', `posx`, `posy`, `posz`, `cap`, `lastlogin`, `lastlogout`, `lastip`, `save`, `conditions`, `' . $__load['skull_time'] . '` as `skulltime`, `' . $__load['skull_type'] . '` as `skull`' . $__load['guild_info'] . ', `town_id`' . $__load['loss_experience'] . $__load['loss_items'] . ', `balance`' . ($__load['blessings'] ? ', `blessings`' : '') . ($__load['direction'] ? ', `direction`' : '') . ($__load['stamina'] ? ', `stamina`' : '') . ($__load['world_id'] ? ', `world_id`' : '') . ($__load['online'] ? ', `online`' : '') . ', `' . ($__load['deletion'] ? 'deletion' : 'deleted') . '`' . ($__load['promotion'] ? ', `promotion`' : '') . ($__load['marriage'] ? ', `marriage`' : '') . ', `comment`, `created`, `hidden` FROM `players` WHERE `id` = ' . (int)$id)->fetch();
+			$this->data = $this->db->query('SELECT `id`, `name`, `account_id`, `group_id`, `sex`, `vocation`, `experience`, `level`, `maglevel`, `health`, `healthmax`, `mana`, `manamax`, `manaspent`, `soul`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`' . ($this->db->hasColumn('players', 'lookaddons') ? ', `lookaddons`' : '') . ', `posx`, `posy`, `posz`, `cap`, `lastlogin`, `lastlogout`, `lastip`, `save`, `conditions`, `' . $__load['skull_time'] . '` as `skulltime`, `' . $__load['skull_type'] . '` as `skull`' . $__load['guild_info'] . ', `town_id`' . $__load['loss_experience'] . $__load['loss_items'] . ', `balance`' . ($__load['blessings'] ? ', `blessings`' : '') . ($__load['direction'] ? ', `direction`' : '') . ($__load['stamina'] ? ', `stamina`' : '') . ($__load['world_id'] ? ', `world_id`' : '') . ($__load['online'] ? ', `online`' : '') . ', `' . ($__load['deletion'] ? 'deletion' : 'deleted') . '`' . ($__load['promotion'] ? ', `promotion`' : '') . ($__load['marriage'] ? ', `marriage`' : '') . ', `comment`, `created`, `hide` FROM `players` WHERE `id` = ' . (int)$id)->fetch();
 		}
 		// loads skills
@@ -521,17 +523,17 @@ class OTS_Player extends OTS_Row_DAO
 	public function isHidden()
 	{
-        if( !isset($this->data['hidden']) )
+		if( !isset($this->data['hide']) )
 		{
 			throw new E_OTS_NotLoaded();
 		}
-        return $this->data['hidden'] == 1;
+		return $this->data['hide'] == 1;
 	}
 	public function setHidden($hidden)
 	{
-        $this->data['hidden'] = (int) $hidden;
+		$this->data['hide'] = (int) $hidden;
 	}
 	public function getMarriage()
@@ -765,10 +767,18 @@ class OTS_Player extends OTS_Row_DAO
 	public function isOnline()
 	{
-		if($this->db->hasTable('players_online')) // tfs 1.0
+		if($this->db->hasTable('players_online')) {// tfs 1.0
-		{
+			if (!isset(self::$playersOnline)) {
-			$query = $this->db->query('SELECT `player_id` FROM `players_online` WHERE `player_id` = ' . $this->data['id']);
+				self::$playersOnline = [];
-			return $query->rowCount() > 0;
+
 				$query = $this->db->query('SELECT `player_id` FROM `players_online`');
 				foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $item) {
 					self::$playersOnline[$item['player_id']] = true;
 				}
 			}
 			return isset(self::$playersOnline[$this->data['id']]);
 		}
 		if( !isset($this->data['online']) )
@@ -1229,6 +1239,13 @@ class OTS_Player extends OTS_Row_DAO
 		$this->data['direction'] = (int) $direction;
 	}
 	public function getOutfit(): string
 	{
 		$hasLookAddons = $this->db->hasColumn('players', 'lookaddons');
 		return setting('core.outfit_images_url') . '?id=' . $this->getLookType() . ($hasLookAddons ? '&addons=' . $this->getLookAddons() : '') . '&head=' . $this->getLookHead() . '&body=' . $this->getLookBody() . '&legs=' . $this->getLookLegs() . '&feet=' . $this->getLookFeet();
 	}
 /**
 * Body color.
 *
@@ -1745,11 +1762,6 @@ class OTS_Player extends OTS_Row_DAO
 */
 	public function getConditions()
 	{
        if( !isset($this->data['conditions']) )
        {
            throw new E_OTS_NotLoaded();
        }
 		return $this->data['conditions'];
 	}
--- a/system/locale/de/install.php
+++ b/system/locale/de/install.php
@@ -36,6 +36,10 @@ $locale['step_requirements'] = 'Anforderungen';
 $locale['step_requirements_title'] = 'Anforderungen überprüfen';
 $locale['step_requirements_php_version'] = 'PHP Version';
 $locale['step_requirements_write_perms'] = 'Schreibberechtigungen';
 $locale['step_requirements_folder_exists'] = 'Ordner ist vorhanden';
 $locale['step_requirements_folder_not_exists_tools_ext'] = 'NPM Package Manager wird verwendet für externe JavaScript/CSS Bibliotheken.'
 	. ' Es sollte via Command Line installiert werden: <a href="https://docs.npmjs.com/downloading-and-installing-node-js-and-npm">https://docs.npmjs.com/downloading-and-installing-node-js-and-npm</a>'
 	. ' Nachdem das Tool installiert wurde, folgende Befehl sollte ausgeführt in dem Hauptordner des MyAACs: "npm install".';
 $locale['step_requirements_failed'] = 'Die Installation wird deaktiviert, bis diese Anforderungen erfüllt sind.</b><br/>Für weitere Informationen siehe <b>README</b> Datei.';
 $locale['step_requirements_extension'] = '$EXTENSION$ PHP Erweiterung';
--- a/system/locale/en/install.php
+++ b/system/locale/en/install.php
@@ -36,6 +36,10 @@ $locale['step_requirements'] = 'Requirements';
 $locale['step_requirements_title'] = 'Requirements check';
 $locale['step_requirements_php_version'] = 'PHP Version';
 $locale['step_requirements_write_perms'] = 'Write permissions';
 $locale['step_requirements_folder_exists'] = 'Directory exists';
 $locale['step_requirements_folder_not_exists_tools_ext'] = 'NPM Package Manager is used for external JavaScript/CSS libraries.'
 	. ' You need to install it through Command Line: <a href="https://docs.npmjs.com/downloading-and-installing-node-js-and-npm">https://docs.npmjs.com/downloading-and-installing-node-js-and-npm</a>'
 	. ' When you done with installing that tool, execute: "npm install" in the main MyAAC folder.';
 $locale['step_requirements_failed'] = 'Installation will be disabled until these requirements will be passed.</b><br/>For more informations see <b>README</b> file.';
 $locale['step_requirements_extension'] = '$EXTENSION$ PHP extension';
 $locale['step_requirements_warning_images_guilds'] = 'Guild logo upload will not work';
@@ -90,7 +94,7 @@ $locale['step_database_loaded_npcs'] = 'NPCs has been loaded...';
 $locale['step_database_error_npcs'] = 'There were some problems loading your NPCs';
 $locale['step_database_loaded_spells'] = 'Spells has been loaded...';
 $locale['step_database_loaded_towns'] = 'Towns has been loaded...';
-$locale['step_database_error_towns'] = 'There were some problems loading your towns. You will need to configure them manually in config.';
+$locale['step_database_error_towns'] = 'There were some problems loading your towns. You will need to configure them manually in Settings.';
 $locale['step_database_created_account'] = 'Created admin account...';
 $locale['step_database_created_news'] = 'Newses has been created...';
--- a/system/locale/pl/install.php
+++ b/system/locale/pl/install.php
@@ -36,6 +36,10 @@ $locale['step_requirements'] = 'Wymagania';
 $locale['step_requirements_title'] = 'Sprawdzanie wymagań';
 $locale['step_requirements_php_version'] = 'Wersja PHP';
 $locale['step_requirements_write_perms'] = 'Uprawnienia do zapisu';
 $locale['step_requirements_folder_exists'] = 'Folder istnieje';
 $locale['step_requirements_folder_not_exists_tools_ext'] = 'Manadżer Pakietów NPM jest używany do zewnętrznych bibliotek JavaScript/CSS.'
 	. ' Trzeba go zainstalować poprzez wiersz poleceń: <a href="https://docs.npmjs.com/downloading-and-installing-node-js-and-npm">https://docs.npmjs.com/downloading-and-installing-node-js-and-npm</a>'
 	. ' Po instalacji narzędzia, wywołaj następujące polecenie w głownym katalogu MyAAC: "npm install".';
 $locale['step_requirements_failed'] = 'Instalacja zostanie zablokowana dopóki te wymagania nie zostaną spełnione.</b><br/>Po więcej informacji zasięgnij do pliku <b>README</b>.';
 $locale['step_requirements_extension'] = 'Rozszerzenie PHP - $EXTENSION$';
 $locale['step_requirements_warning_images_guilds'] = 'Nie będzie możliwości uploadu obrazków gildii';
@@ -89,7 +93,7 @@ $locale['step_database_loaded_npcs'] = 'Załadowano NPCs...';
 $locale['step_database_error_npcs'] = 'Wystąpił problem podczas ładowania NPCs';
 $locale['step_database_loaded_spells'] = 'Załadowano czary (spells)...';
 $locale['step_database_loaded_towns'] = 'Załadowano miasta (towns)...';
-$locale['step_database_error_towns'] = 'Wystąpił problem podczas ładowania miast. Trzeba będzie je skonfigurować manualnie.';
+$locale['step_database_error_towns'] = 'Wystąpił problem podczas ładowania miast. Trzeba będzie je skonfigurować manualnie w ustawieniach.';
 $locale['step_database_created_account'] = 'Utworzono konto admina...';
 $locale['step_database_created_news'] = 'Utworzono newsy...';
--- a/system/logout.php
+++ b/system/logout.php
@@ -22,11 +22,5 @@ if(isset($account_logged) && $account_logged->isLoaded()) {
 		$logged = false;
 		unset($account_logged);
 		if(isset($_REQUEST['redirect']))
 		{
 			header('Location: ' . urldecode($_REQUEST['redirect']));
 			exit;
 		}
 	}
 }
--- a/system/migrate.php
+++ b/system/migrate.php
@@ -17,6 +17,12 @@ if(fetchDatabaseConfig('database_version', $tmp)) { // we got version
 		$db->revalidateCache();
 		for($i = $tmp + 1; $i <= DATABASE_VERSION; $i++) {
 			require SYSTEM . 'migrations/' . $i . '.php';
 			if (isset($up)) {
 				$up();
 				unset($up);
 			}
 			updateDatabaseConfig('database_version', $i);
 		}
 	}
@@ -26,6 +32,12 @@ else { // register first version
 	$db->revalidateCache();
 	for($i = 1; $i <= DATABASE_VERSION; $i++) {
 		require SYSTEM . 'migrations/' . $i . '.php';
 		if (isset($up)) {
 			$up();
 			unset($up);
 		}
 		updateDatabaseConfig('database_version', $i);
 	}
 }
--- a/system/migrations/1-hooks.sql
+++ b/system/migrations/1-hooks.sql
@@ -0,0 +1,8 @@
 CREATE TABLE `myaac_hooks`
 (
 	`id` INT(11) NOT NULL AUTO_INCREMENT,
 	`name` VARCHAR(30) NOT NULL DEFAULT '',
 	`type` INT(2) NOT NULL DEFAULT 0,
 	`file` VARCHAR(100) NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
--- a/system/migrations/1.php
+++ b/system/migrations/1.php
@@ -1,16 +1,16 @@
 <?php
-	$db->query("ALTER TABLE `" . TABLE_PREFIX . "account_actions` MODIFY `ip` INT(11) NOT NULL DEFAULT 0;");
+/**
-	$db->query("ALTER TABLE `" . TABLE_PREFIX . "account_actions` MODIFY `date` INT(11) NOT NULL DEFAULT 0;");
+ * @var OTS_DB_MySQL $db
-	$db->query("ALTER TABLE `" . TABLE_PREFIX . "account_actions` MODIFY `action` VARCHAR(255) NOT NULL DEFAULT '';");
+ */
 	$db->query("
 	CREATE TABLE `myaac_hooks`
 (
 	`id` INT(11) NOT NULL AUTO_INCREMENT,
 	`name` VARCHAR(30) NOT NULL DEFAULT '',
 	`type` INT(2) NOT NULL DEFAULT 0,
 	`file` VARCHAR(100) NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 ");
-?>
+$up = function () use ($db) {
 	$db->modifyColumn(TABLE_PREFIX . 'account_actions', 'ip', "INT(11) NOT NULL DEFAULT 0");
 	$db->modifyColumn(TABLE_PREFIX . 'account_actions', 'date', "INT(11) NOT NULL DEFAULT 0");
 	$db->modifyColumn(TABLE_PREFIX . 'account_actions', 'action', "VARCHAR(255) NOT NULL DEFAULT ''");
 	$db->query(file_get_contents(__DIR__ . '/1-hooks.sql'));
 };
 $down = function () use ($db) {
 	$db->dropTable(TABLE_PREFIX . 'hooks');
 };
--- a/system/migrations/10-admin_menu.sql
+++ b/system/migrations/10-admin_menu.sql
@@ -0,0 +1,10 @@
 CREATE TABLE `myaac_admin_menu`
 (
 	`id` INT(11) NOT NULL AUTO_INCREMENT,
 	`name` VARCHAR(255) NOT NULL DEFAULT '',
 	`page` VARCHAR(255) NOT NULL DEFAULT '',
 	`ordering` INT(11) NOT NULL DEFAULT 0,
 	`flags` INT(11) NOT NULL DEFAULT 0,
 	`enabled` INT(1) NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
--- a/system/migrations/10.php
+++ b/system/migrations/10.php
@@ -1,17 +1,24 @@
 <?php
-	if(!$db->hasColumn(TABLE_PREFIX . 'hooks', 'ordering'))
+/**
-		$db->query("ALTER TABLE `" . TABLE_PREFIX . "hooks` ADD `ordering` INT(11) NOT NULL DEFAULT 0 AFTER `file`;");
+ * @var OTS_DB_MySQL $db
 */
-	if(!$db->hasTable(TABLE_PREFIX . 'admin_menu'))
+$up = function () use ($db) {
-		$db->query("
+	if (!$db->hasColumn(TABLE_PREFIX . 'hooks', 'ordering')) {
-CREATE TABLE `myaac_admin_menu`
+		$db->addColumn(TABLE_PREFIX . 'hooks', 'ordering', "INT(11) NOT NULL DEFAULT 0 AFTER `file`");
-(
+	}
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+
-	`name` VARCHAR(255) NOT NULL DEFAULT '',
+	if (!$db->hasTable(TABLE_PREFIX . 'admin_menu')) {
-	`page` VARCHAR(255) NOT NULL DEFAULT '',
+		$db->query(file_get_contents(__DIR__ . '/10-admin_menu.sql'));
-	`ordering` INT(11) NOT NULL DEFAULT 0,
+	}
-	`flags` INT(11) NOT NULL DEFAULT 0,
+};
-	`enabled` INT(1) NOT NULL DEFAULT 1,
+
-	PRIMARY KEY (`id`)
+$down = function () use ($db) {
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+	if ($db->hasColumn(TABLE_PREFIX . 'hooks', 'ordering')) {
-");
+		$db->dropColumn(TABLE_PREFIX . 'hooks', 'ordering');
 	}
 	if ($db->hasTable(TABLE_PREFIX . 'admin_menu')) {
 		$db->dropTable(TABLE_PREFIX . 'admin_menu');
 	}
 };
--- a/system/migrations/11.php
+++ b/system/migrations/11.php
@@ -1,8 +1,12 @@
 <?php
 /**
 * @var OTS_DB_MySQL $db
 */
 $up = function () use ($db) {
 	// rename database tables
-	$db->query("RENAME TABLE
+	$db->renameTable(TABLE_PREFIX . 'screenshots', TABLE_PREFIX . 'gallery');
-		" . TABLE_PREFIX . "screenshots TO " . TABLE_PREFIX . "gallery,
+	$db->renameTable(TABLE_PREFIX . 'movies', TABLE_PREFIX . 'videos');
 		" . TABLE_PREFIX . "movies TO " . TABLE_PREFIX . "videos;");
 	// rename images dir
 	if (file_exists(BASE . 'images/screenshots') && !file_exists(BASE . GALLERY_DIR)) {
@@ -17,3 +21,24 @@
 			'thumb' => str_replace('/screenshots/', '/gallery/', $item['thumb']),
 		), array('id' => $item['id']));
 	}
 };
 $down = function () use ($db) {
 	// rename database tables
 	$db->renameTable(TABLE_PREFIX . 'gallery', TABLE_PREFIX . 'screenshots');
 	$db->renameTable(TABLE_PREFIX . 'videos', TABLE_PREFIX . 'movies');
 	// rename images dir
 	if (file_exists(BASE . GALLERY_DIR) && !file_exists(BASE . 'images/screenshots')) {
 		rename(BASE . GALLERY_DIR, BASE . 'images/screenshots');
 	}
 	// convert new database gallery images to screenshots
 	$query = $db->query('SELECT `id`, `image`, `thumb` FROM `' . TABLE_PREFIX . 'screenshots`;');
 	foreach ($query->fetchAll() as $item) {
 		$db->update(TABLE_PREFIX . 'screenshots', [
 			'image' => str_replace('/gallery/', '/screenshots/', $item['image']),
 			'thumb' => str_replace('/gallery/', '/screenshots/', $item['thumb']),
 		], ['id' => $item['id']]);
 	}
 };
--- a/system/migrations/12-items.sql
+++ b/system/migrations/12-items.sql
@@ -0,0 +1,9 @@
 CREATE TABLE `myaac_items`
 (
 	`id` INT(11) NOT NULL,
 	`article` VARCHAR(5) NOT NULL DEFAULT '',
 	`name` VARCHAR(50) NOT NULL DEFAULT '',
 	`plural` VARCHAR(50) NOT NULL DEFAULT '',
 	`attributes` VARCHAR(500) NOT NULL DEFAULT '',
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
--- a/system/migrations/12-weapons.sql
+++ b/system/migrations/12-weapons.sql
@@ -0,0 +1,8 @@
 CREATE TABLE `myaac_weapons`
 (
 	`id` INT(11) NOT NULL,
 	`level` INT(11) NOT NULL DEFAULT 0,
 	`maglevel` INT(11) NOT NULL DEFAULT 0,
 	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
--- a/system/migrations/12.php
+++ b/system/migrations/12.php
@@ -1,51 +1,65 @@
 <?php
 /**
 * @var OTS_DB_MySQL $db
 */
 use MyAAC\Models\Spell;
 $up = function () use ($db) {
 	// add new item_id field for runes
-if(!$db->hasColumn(TABLE_PREFIX . 'spells', 'item_id'))
+	if (!$db->hasColumn(TABLE_PREFIX . 'spells', 'item_id')) {
-	$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` ADD `item_id` INT(11) NOT NULL DEFAULT 0 AFTER `conjure_count`;");
+		$db->addColumn(TABLE_PREFIX . 'spells', 'item_id', 'INT(11) NOT NULL DEFAULT 0 AFTER `conjure_count`');
 	}
 	// change unique index from spell to name
 	$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` DROP INDEX `spell`;");
 	$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` ADD UNIQUE INDEX (`name`);");
 	// change comment of spells.type
-$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` MODIFY `type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune';");
+	$db->modifyColumn(TABLE_PREFIX . 'spells', 'type', "TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune'");
 	// new items table
-if(!$db->hasTable(TABLE_PREFIX . 'items'))
+	if (!$db->hasTable(TABLE_PREFIX . 'items')) {
-$db->query("
+		$db->query(file_get_contents(__DIR__ . '/12-items.sql'));
-CREATE TABLE `" . TABLE_PREFIX . "items`
+	}
 (
 	`id` INT(11) NOT NULL,
 	`article` VARCHAR(5) NOT NULL DEFAULT '',
 	`name` VARCHAR(50) NOT NULL DEFAULT '',
 	`plural` VARCHAR(50) NOT NULL DEFAULT '',
 	`attributes` VARCHAR(500) NOT NULL DEFAULT '',
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 ");
 	// new weapons table
-if(!$db->hasTable(TABLE_PREFIX . 'weapons'))
+	if (!$db->hasTable(TABLE_PREFIX . 'weapons')) {
-$db->query("
+		$db->query(file_get_contents(__DIR__ . '/12-weapons.sql'));
-CREATE TABLE `" . TABLE_PREFIX . "weapons`
+	}
 (
 	`id` INT(11) NOT NULL,
 	`level` INT(11) NOT NULL DEFAULT 0,
 	`maglevel` INT(11) NOT NULL DEFAULT 0,
 	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 ");
 	// modify vocations to support json data
-$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` MODIFY `vocations` VARCHAR(100) NOT NULL DEFAULT '';");
+	$db->modifyColumn(TABLE_PREFIX . 'spells', 'vocations', "VARCHAR(100) NOT NULL DEFAULT ''");
-$query = $db->query('SELECT `id`, `vocations` FROM `' . TABLE_PREFIX . 'spells`');
+
-foreach($query->fetchAll() as $spell) {
+	$spells = Spell::select('id', 'vocations')->get();
-	$tmp = explode(',', $spell['vocations']);
+	foreach ($spells as $spell) {
 		$tmp = explode(',', $spell->vocations);
 		foreach ($tmp as &$v) {
 			$v = (int)$v;
 		}
-	$db->update(TABLE_PREFIX . 'spells', array('vocations' => json_encode($tmp)), array('id' => $spell['id']));
+
 		Spell::where('id', $spell->id)->update(['vocations' => json_encode($tmp)]);
 	}
-?>
+};
 $down = function () use ($db) {
 	// remove item_id field for runes
 	if ($db->hasColumn(TABLE_PREFIX . 'spells', 'item_id')) {
 		$db->dropColumn(TABLE_PREFIX . 'spells', 'item_id');
 	}
 	// change unique index from spell to name
 	$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` DROP INDEX `name`;");
 	$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` ADD INDEX (`spell`);");
 	$db->dropTable(TABLE_PREFIX . 'items');
 	$db->dropTable(TABLE_PREFIX . 'weapons');
 	$spells = Spell::select('id', 'vocations')->get();
 	// modify vocations to use vocation separated by comma
 	foreach ($spells as $spell) {
 		$vocations = empty($spell->vocations) ? [] : json_decode($spell->vocations);
 		Spell::where('id', $spell->id)->update(['vocations' => implode(',', $vocations)]);
 	}
 };
--- a/system/migrations/13.php
+++ b/system/migrations/13.php
@@ -1,3 +1,16 @@
 <?php
-	if($db->hasColumn(TABLE_PREFIX . 'spells', 'spell'))
+/**
-		$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` DROP COLUMN `spell`;");
+ * @var OTS_DB_MySQL $db
 */
 $up = function () use ($db) {
 	if ($db->hasColumn(TABLE_PREFIX . 'spells', 'spell')) {
 		$db->dropColumn(TABLE_PREFIX . 'spells', 'spell');
 	}
 };
 $down = function () use ($db) {
 	if (!$db->hasColumn(TABLE_PREFIX . 'spells', 'spell')) {
 		$db->addColumn(TABLE_PREFIX . 'spells', 'spell', "VARCHAR(255) NOT NULL DEFAULT ''");
 	}
 };
--- a/Show More
+++ b/Show More
 ,
 ,
 ,
+,
+,
+,
+,
 ];
		`@@ -1,3 +0,0 @@`
			`<?php`

			`class SensitiveException extends Exception {}`