Release v1.8

(for an example server with 2k players)

.editorconfig

@@ -15,5 +15,5 @@ trim_trailing_whitespace = false
 [{composer.json,package.json}]
 indent_style = space
 
-[package.json]
+[{package.json, *.yml}]
 indent_size = 2

.gitattributes

@@ -3,8 +3,11 @@
 .gitignore export-ignore
 .github export-ignore
 .editorconfig export-ignore
-.travis.yml export-ignore
 _config.yml export-ignore
 release.sh export-ignore
 
+# cypress
+cypress export-ignore
+cypress.config.js export-ignore
+
 *.sh text eol=lf

.github/workflows/cypress.yml

@@ -0,0 +1,164 @@
+name: Cypress
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+
+jobs:
+  cypress:
+    runs-on: ubuntu-latest
+    services:
+      mysql:
+        image: mysql:8.0
+        env:
+          MYSQL_ROOT_PASSWORD: root
+          MYSQL_DATABASE: myaac
+          MYSQL_USER: myaac
+          MYSQL_PASSWORD: myaac
+        ports:
+          - 3306/tcp
+        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
+    strategy:
+      fail-fast: false
+      matrix:
+        php-versions: [ '8.1', '8.2', '8.3', '8.4' ]
+        ots: ['tfs-1.4', 'canary-3.1.2'] # TODO: add 'tfs-master' (actually doesn't work cause AAC doesn't support reading .env configuration)
+    name: Cypress (PHP ${{ matrix.php-versions }}, ${{ matrix.ots }})
+    steps:
+        - name: 📌 MySQL Start & init & show db
+          run: |
+            sudo /etc/init.d/mysql start
+            mysql -e 'CREATE DATABASE myaac;' -uroot -proot
+            mysql -e "SHOW DATABASES" -uroot -proot
+
+        - name: Checkout MyAAC
+          uses: actions/checkout@v4
+          with:
+            ref: main
+
+        - uses: actions/setup-node@v4
+          with:
+            node-version: 18
+        - run: npm ci
+
+        - name: Checkout TFS
+          uses: actions/checkout@v4
+          if: matrix.ots == 'tfs-1.4'
+          with:
+            repository: otland/forgottenserver
+            ref: 1.4
+            path: ots
+
+        - name: Checkout TFS
+          uses: actions/checkout@v4
+          if: matrix.ots == 'tfs-master'
+          with:
+            repository: otland/forgottenserver
+            ref: master
+            path: ots
+
+        - name: Checkout Canary
+          uses: actions/checkout@v4
+          if: matrix.ots == 'canary-3.1.2'
+          with:
+            repository: opentibiabr/canary
+            ref: v3.1.2
+            path: ots
+
+        - name: Import OTS Schema
+          run: |
+              mysql -uroot -proot myaac < ots/schema.sql
+
+        - name: Rename config.lua
+          run: mv ots/config.lua.dist ots/config.lua
+
+        - name: Replace mysqlUser (TFS 1.4)
+          uses: jacobtomlinson/gha-find-replace@v3
+          if: matrix.ots == 'tfs-1.4'
+          with:
+            find: 'mysqlUser = "forgottenserver"'
+            replace: 'mysqlUser = "root"'
+            regex: false
+            include: 'ots/config.lua'
+
+        - name: Replace mysqlPass (TFS 1.4)
+          uses: jacobtomlinson/gha-find-replace@v3
+          if: matrix.ots == 'tfs-1.4'
+          with:
+              find: 'mysqlPass = ""'
+              replace: 'mysqlPass = "root"'
+              regex: false
+              include: 'ots/config.lua'
+
+        - name: Replace mysqlDatabase (TFS 1.4)
+          uses: jacobtomlinson/gha-find-replace@v3
+          if: matrix.ots == 'tfs-1.4'
+          with:
+              find: 'mysqlDatabase = "forgottenserver"'
+              replace: 'mysqlDatabase = "myaac"'
+              regex: false
+              include: 'ots/config.lua'
+
+        - name: Replace mysqlDatabase (Canary)
+          uses: jacobtomlinson/gha-find-replace@v3
+          if: matrix.ots == 'canary-3.1.2'
+          with:
+              find: 'mysqlDatabase = "otservbr-global"'
+              replace: 'mysqlDatabase = "myaac"'
+              regex: false
+              include: 'ots/config.lua'
+
+        - name: Setup PHP
+          uses: shivammathur/setup-php@v2
+          with:
+            php-version: ${{ matrix.php-versions }}
+            extensions: mbstring, dom, fileinfo, mysql, json, xml, pdo, pdo_mysql
+
+        - name: Get composer cache directory
+          id: composer-cache
+          run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+
+        - name: Cache composer dependencies
+          uses: actions/cache@v4
+          with:
+            path: ${{ steps.composer-cache.outputs.dir }}
+            # Use composer.json for key, if composer.lock is not committed.
+            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+            #key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+            restore-keys: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+
+        - name: Install Composer dependencies
+          run: composer install --no-progress --prefer-dist --optimize-autoloader
+
+        - name: Run PHP server
+          run: nohup php -S localhost:8080 > php.log 2>&1 &
+
+        - name: Cypress Run
+          uses: cypress-io/github-action@v6
+          env:
+            CYPRESS_URL: http://localhost:8080
+            CYPRESS_SERVER_PATH: /home/runner/work/myaac/myaac/ots
+
+        - name: Save screenshots
+          uses: actions/upload-artifact@v4
+          if: always()
+          with:
+            name: cypress-screenshots-${{ matrix.php-versions }}-${{ matrix.ots }}
+            path: cypress/screenshots
+            if-no-files-found: ignore
+
+        - name: Upload Cypress Videos
+          uses: actions/upload-artifact@v4
+          if: always()
+          with:
+            name: cypress-videos-${{ matrix.php-versions }}-${{ matrix.ots }}
+            path: cypress/videos
+            if-no-files-found: ignore
+
+        - name: Upload PHP Logs
+          uses: actions/upload-artifact@v4
+          if: always()
+          with:
+            name: php-log-${{ matrix.php-versions }}-${{ matrix.ots }}
+            path: php.log

.github/workflows/phplint.yml

@@ -1,13 +1,16 @@
 name: PHP Linting
 on:
   pull_request:
-    branches: [master, develop]
+    branches: [main]
   push:
-    branches: [master]
+    branches: [main]
 
 jobs:
   phplint:
     runs-on: ubuntu-latest
     steps:
-        - uses: actions/checkout@v1
-        - uses: michaelw90/PHP-Lint@master
+      - uses: actions/checkout@v3
+      - uses: overtrue/phplint@8.2
+        with:
+          path: .
+          options: --exclude=*.log

.github/workflows/phpstan.yml

@@ -0,0 +1,46 @@
+name: "PHPStan"
+
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+
+jobs:
+  tests:
+    name: PhpStan on PHP ${{ matrix.php-versions }}
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        php-versions: [ '8.1', '8.2', '8.3', '8.4' ]
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v4"
+
+      - name: "Install PHP"
+        uses: "shivammathur/setup-php@v2"
+        with:
+          coverage: "none"
+          extensions: "intl, zip"
+          ini-values: "memory_limit=-1"
+          php-version: "${{ matrix.php-version }}"
+
+      - name: Get composer cache directory
+        id: composer-cache
+        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+
+      - name: Cache composer dependencies
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          # Use composer.json for key, if composer.lock is not committed.
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+
+      - name: "Install composer dependencies"
+        run: "composer install"
+
+      - name: "Run PHPStan"
+        run: "/usr/bin/php vendor/bin/phpstan analyse"

.gitignore

@@ -2,12 +2,22 @@ Thumbs.db
 .DS_Store
 .idea
 
+#
+/.htaccess
+lua
+
 # composer
-composer.lock
+composer.phar
 vendor
 
 # npm
 node_modules
+tools/ext
+
+# cypress
+cypress.env.json
+cypress/e2e/2-advanced-examples
+cypress/screenshots
 
 # created by release.sh
 releases
@@ -28,12 +38,19 @@ images/guilds/*
 images/editor/*
 !images/editor/index.html
 
+# gallery images
+images/gallery/*
+!images/gallery/index.html
+!images/gallery/demon.jpg
+!images/gallery/demon_thumb.gif
+
 # cache
 system/cache/*
 !system/cache/index.html
 !system/cache/twig/index.html
 !system/cache/signatures/index.html
 !system/cache/plugins/index.html
+!system/cache/persistent/index.html
 
 # logs
 system/logs/*
@@ -59,6 +76,3 @@ landing
 
 # system
 system/functions_custom.php
-
-# others/rest
-system/pages/downloads.php

.htaccess.dist

@@ -6,6 +6,10 @@
 	Options -MultiViews
 </IfModule>
 
+<FilesMatch "^(.*\.md|.*\.json|.*\.dist|.*\.sql|CHANGELOG|README|composer\.lock)$">
+	Require all denied
+</FilesMatch>
+
 <IfModule mod_rewrite.c>
 	RewriteEngine On
 

.travis.yml

@@ -1,18 +0,0 @@
-
-language: php
-php:
-  - 7.1
-  - 7.2
-  - 7.3
-  - 7.4
-  - 8.0
-
-cache:
-  directories:
-    - $HOME/.composer/cache
-
-before_script:
-  - composer require php-parallel-lint/php-parallel-lint --no-suggest --no-progress --no-interaction --no-ansi --quiet --optimize-autoloader
-
-script:
-  - php vendor/bin/parallel-lint --no-progress --no-colors --exclude vendor --exclude "system/libs/pot/OTS_DB_PDOQuery.php" .

CHANGELOG-1.x.md

@@ -0,0 +1,389 @@
+# Changelog
+
+## [1.8 - 01.08.2025]
+
+### Added
+* Templates - Kathrine: Possibility to add custom menu categories (https://github.com/slawkens/myaac/commit/ec11c1402417c25980582467546d1c1e9bb8267f)
+* Admin Panel - Accounts Editor: Add Coins Transferable (https://github.com/slawkens/myaac/commit/45d6047031c9c3a0e7e512dc5d15c75629aec5a2, https://github.com/slawkens/myaac/commit/bb097b69ce106500a49686d6f4fe604348eaa310)
+* Highscores:
+  * Revamped: (https://github.com/slawkens/myaac/commit/d8132d4d76e03d5aa0c042be426320655a601392)
+    * Show real rank, if 2 or more players have the same skill, show them with same rank
+    * New setting: highscores_online_status
+    * Additional fields passed to twig: updatedAt, totalResults, page, baseLink
+  * Add new Setting: Display Skills Box (https://github.com/slawkens/myaac/commit/36ca755243ef1c83f6ac87465b426d4d8d3b0bb9)
+* Functions: Add getExperienceForLevel (level) (https://github.com/slawkens/myaac/commit/1566deb84a082176b8c683fda205d828bc38fbcc)
+* Commands - cache:clear : Add warning about APCu clear in CLI (https://github.com/slawkens/myaac/commit/83f84172e02e8ea2ccb6dca29bc033e44c35aebc)
+* Models - PlayerOnline: Add missing $fillable into model (https://github.com/slawkens/myaac/commit/43415cf35db1c1307f2684c1728693d65065ffff)
+* Twig: add cache variable (https://github.com/slawkens/myaac/commit/0efe47ce71c4b364a9e96bc5a55b1655326ae6da)
+
+### Changed
+* pages/online: add cache, resulting in 20x performance boost
+  * (for an example server with 2k players) (https://github.com/slawkens/myaac/commit/c8363086015cbb6e8786c398c7b9ac3959a26ec4)
+* Admin Bar: Move admin bar code into body_start place_holder (https://github.com/slawkens/myaac/commit/f17269e44ce9dd38447bd2e2a8e1bdb065d4161f)
+* Cache::remember: $ttl = 0 means no cache (https://github.com/slawkens/myaac/commit/3b47e9df2f4051807c5ff87892f7fa3d348f9c55)
+* Templates: Load config.ini with $process_sections set to true (https://github.com/slawkens/myaac/commit/a89f9a84847630eb75b4890fdcc8b7a7bfa6b8ac)
+* Twig: Allow for timestamp as integer in the timeago twig function
+  (https://github.com/slawkens/myaac/commit/34fead906ea13b9f09d7a3c41ed88109d34d386c)
+
+### Fixed
+* Settings: Fixed two exceptions (https://github.com/slawkens/myaac/commit/6e5a4ff8c78ff5373aba091baa66cae029557643, https://github.com/slawkens/myaac/commit/20d69a641c0a933d14889a89da6d32f6a4bc6c7d)
+* Models\Account + OTS_Account -> isPremium -> ignore config.freePremium (https://github.com/slawkens/myaac/commit/5271633bdbfbbfed0b1d59c403093ce6fc2b7d20)
+* Admin Panel - Mailer:
+  * Fix send to email link redirecting from accounts page (https://github.com/slawkens/myaac/commit/080cc2781f034c844af658229e495e9a47fd2298)
+  * Option to send only to verified accounts - only if setting('core.account_mail_verify') enabled (https://github.com/slawkens/myaac/commit/cf7fd20452e863980045bb5d6012ec86c6e8e01f)
+
+### Internal
+* Rewrite to use constants (account transferable coins) (https://github.com/slawkens/myaac/commit/bccf8e056df985bbe1bab5f7ab5492f714d6b62b)
+* Refactor to use HAS_ACCOUNT_COINS (https://github.com/slawkens/myaac/commit/caf326a6584a234775ebc6c8000ea02b3fecd160)
+
+## [1.7.1 - 27.06.2025]
+
+### Changed
+* Rename plugin:install:install to plugin:setup, also add alias to previous command (https://github.com/slawkens/myaac/commit/13d33822b59df349199e885a78a3d6beb0863d0b)
+
+### Fixed
+* Fix commands: setup + cache:clear (https://github.com/slawkens/myaac/commit/0da524fefe93b3028392e9014550eea3324d3a22, https://github.com/slawkens/myaac/commit/fe8281594e989f00280ba1adc734a9198c6b5cc1)
+* Fix polls link in tibiacom template (https://github.com/slawkens/myaac/commit/d90fa323d7c77d81768df60feeb1c374b1650a0c)
+
+## [1.7 - 22.06.2025]
+
+### Added
+* Feature: plugins versions check (#310)
+* New hooks: HOOK_ACCOUNT_MANAGE_AFTER_CHARACTERS, HOOK_GUILDS_AFTER_MANAGE_BUTTON (https://github.com/slawkens/myaac/commit/c074a48f245df55646b6705737f667b6a84149b2, https://github.com/slawkens/myaac/commit/e6100a1b72de8695bba1dae9ba4e28bfdce47b10)
+* Add OTS_Toolbox::getVocationName(id, promotion) + OTS_Player->isNameLocked() (https://github.com/slawkens/myaac/commit/e222957893c4a1de0dc8dbba55bce1a43418d275, https://github.com/slawkens/myaac/commit/522f6c11d835afd36fd07a07074d96d7e219b488)
+* Add missing csrf in more places, causing white page with error about Request (https://github.com/slawkens/myaac/commit/dca904e61d21d856bf809070e7652803a2df0f58, https://github.com/slawkens/myaac/commit/c720ccc451ff90ef40b2a1595468d061ffd7e1e4)
+
+### Changed
+* Revamped online page (https://github.com/slawkens/myaac/commit/9a90e4aae280e607430511c6727d9a714b11f4c5, https://github.com/slawkens/myaac/commit/4767120043b09141870383e249f3729638d53dc2)
+* Better $title inventing (https://github.com/slawkens/myaac/commit/0c95bcfd06b68b21512e477646ef7bd3a0d4912b)
+
+### Fixed
+* Use apcu cache clear (https://github.com/slawkens/myaac/commit/b329da52aae9d0e21120a6444d3caf442420ce50, https://github.com/slawkens/myaac/commit/566c2a9151ab6392286f74e26853faa19a1b4f24)
+* fix: boostedcreatures for 13.40 (by @GooseWithAKnife) (#307)
+
+## [1.6.1 - 11.06.2025]
+
+### Fixed
+* Fixed "Request has been cancelled due to security reasons", cause of missing csrf() in twig files (https://github.com/slawkens/myaac/commit/10cd71a6630ffec91b43a26a6d685b66c5836a6a)
+* Fix: Ignore duplicated route exception (https://github.com/slawkens/myaac/commit/9d8e9d27bd87167d8d4005942a6af62bfe4c0892)
+
+### Changed
+* Move counter & visitors code before router (In case someone wants to include that info on page) (https://github.com/slawkens/myaac/commit/f78285030708ad3c74ab048711f73bbf3ee5281e)
+* Set TinyMCE license key to gpl (Avoid warning message in browser console) (https://github.com/slawkens/myaac/commit/8d29fdb98b92dbc3d2853ef88a185c67036b4a77)
+
+### Removed
+* Remove deprecated TinyMCE plugin - template (https://github.com/slawkens/myaac/commit/309c1fb715b882e67cb673b1544a03befbf64a22)
+
+## [1.6 - 03.06.2025]
+
+### Added
+* Add new setting/configurable: site_url, prevents domain spoofing (https://github.com/slawkens/myaac/commit/d8a6090be382c35c19117cfef964b594ed02b8d4)
+* Add new account coins setting (https://github.com/slawkens/myaac/commit/28886551e86fe562172c4c7f2afb89a2e7672c2e)
+* autoload: settings/install/init.php (https://github.com/slawkens/myaac/commit/e5749437074c3b3556628a2aeb5bad2edf97bde0, https://github.com/slawkens/myaac/commit/7d213f479a7e40c6254069b5fc4e578dc32bf8d9, https://github.com/slawkens/myaac/commit/207d6bc69120aba1af2b51808f17e0059b571fed)
+* Protect against csrf in more places (accounts & guilds & forums pages) (https://github.com/slawkens/myaac/commit/6eda38603c8ed7e99b92a78a4600b1245377f74d, https://github.com/slawkens/myaac/commit/e776bd52beb3064a9e694efd1b9021ec972ee2f6, https://github.com/slawkens/myaac/commit/84d502bf105f2a789481fba1acc820d236b4de66)
+* Added two new hooks for pages loaded from database (custom pages): HOOK_BEFORE_PAGE_CUSTOM, HOOK_AFTER_PAGE_CUSTOM (https://github.com/slawkens/myaac/commit/c961a1ebf837f2ab1734a825ff2c57b4937610c9)
+* Add global variables into $hooks->executeFilter (https://github.com/slawkens/myaac/commit/8fdea943768b20193eede99d60313ee84511a0be)
+* Add getNPCsCount() to OTS_InfoRespond (https://github.com/slawkens/myaac/commit/7d435ff6433ef1fb2295ee79ed043ee10dc725e9)
+
+### Fixed
+* Allow [] in character name (https://github.com/slawkens/myaac/commit/de6603a51347b9e656c58637ed9971fffdd7cedd)
+* Do not allow access to tools/ folder after install (https://github.com/slawkens/myaac/commit/6e0f5913831f8dba69fd2d1505be3e2a303c6324)
+* Fix CHANGELOG-1.x.md loading in admin panel (https://github.com/slawkens/myaac/commit/4a30fb495dbfbe1d434e8d52419eaf44fe517aee)
+* Fix links not working in admin dashboard modules (https://github.com/slawkens/myaac/commit/be7b27c31aa3bbd6c0289c34d1e61139a3fe015c)
+* Fix twig variables: logged + account_logged being not set directly after login (https://github.com/slawkens/myaac/commit/1e9b10d6489c488cadf7f6ed17b42f1ea6c767a8)
+
+### Changed
+* OTS_ServerInfo -> move setTimeout out of class - Possibility to use the class without MyAAC (https://github.com/slawkens/myaac/commit/40d65a6613149fda51bdceb82c807e5301a3388b)
+
+## [1.5 - 14.05.2025]
+
+### Added
+* Feature/twig hooks filters (#258)
+* Add latest client versions (14.00 - 15.01) (https://github.com/slawkens/myaac/commit/5367df23812c6182863353c9a39fd7fb0b743f4b)
+* db variable to twig (https://github.com/slawkens/myaac/commit/5ed1aec28e146b871a75597411d12e42a067f4e6)
+* New filter: HOOK_FILTER_ROUTES (https://github.com/slawkens/myaac/commit/9b75011224f385db8b27e109bfeb28e75b9d779c)
+* Allow optionally separate folder for views (thanks @Scrollog for idea) (https://github.com/slawkens/myaac/commit/03e275213901a89edb0ebb8974b776a992ab391f)
+* Add float & double types to the Settings (https://github.com/slawkens/myaac/commit/67ab425bb9796d9d123296e3fda542fa8f7f05ee)
+* Add optional param _page_only for single-page apps etc. (https://github.com/slawkens/myaac/commit/113473f2560aab6d364c301cc14a8b5ba8f309f4)
+
+### Changed
+* Change OTS_Account->getPremDays to not return -1 in case of freePremium (https://github.com/slawkens/myaac/commit/3befde2a1e4d24a011311e785f15185db57e19b8)
+* Add note about highscores being updated x minutes + allow ttl 0 to disable cache (https://github.com/slawkens/myaac/commit/a161cff00329da6f970f3a70967fe8346fe92bbc)
+* Better monster images (no image not found anymore) + use cache (https://github.com/slawkens/myaac/commit/73a5829974ceca3f02d7925d5cfbd5fa50b1bbd2)
+* Rename server-info -> ots-info, changelog -> change-log (Due to conflict with apache2 server-info mod) (https://github.com/slawkens/myaac/commit/3949d84e5d7631f332111b6d00278bddbd0ad10a)
+* Move rules page to admin panel (https://github.com/slawkens/myaac/commit/3949d84e5d7631f332111b6d00278bddbd0ad10a)
+
+### Fixed
+* php 8.4 warnings
+* Visitors counter not working properly on dev mode (https://github.com/slawkens/myaac/commit/da151051186c913dd0dd091aabe893649c2b9ee7)
+* Fix login.php boosted creature & boss (not sure exact version, but should be 14.12 or around) (https://github.com/slawkens/myaac/commit/c48b8006319f6c3b5f082befd16785420bb98110)
+* Fix installMenus when theme/template was removed from disc (https://github.com/slawkens/myaac/commit/c24c580796bccd54bf9e95b864763f4642684d55)
+* Fix if user removes the menu category (https://github.com/slawkens/myaac/commit/dbea69f31478391dacfbbc02c8353c39b4245daf)
+
+### Updated:
+* Update cypress from version ^13.17.0 to ^14.3.3 (https://github.com/slawkens/myaac/commit/629fd18ea166860d5898a822f44f9277da6ce43d)
+
+## [1.4 - 22.04.2025]
+
+### Added
+* feat: admin-pages (can add admin pages through plugins) (https://github.com/slawkens/myaac/commit/ceaa0639e66d31e8177ff90791463470367aa45d)
+	* just place the page in admin-pages folder in the plugin
+	* Also, possibility to overwrite default myaac admin pages
+* Add db->hasTableAndColumns(table, columns), credits to @opentibiabr Team (https://github.com/slawkens/myaac/commit/82a533d88c8a342076891d132b4b409ed9a1fe72)
+* Add noSubmit option to buttons.base (https://github.com/slawkens/myaac/commit/64f6d3abcada3bf9fd7599f50d2fac0a1367f383)
+
+### Fixed
+* Fix: display 404 error instead of 500 when page has been removed from filesystem (https://github.com/slawkens/myaac/commit/c2bf94fb2370d2009a2eb907f818955132cf8611)
+* Fix headline.php: change image format to .png cause of black background (https://github.com/slawkens/myaac/commit/b618084d50918539d9a70abd97e764137b966067)
+* Clear cache on plugin enable/disable, fixes some issues with plugin pages being cached (https://github.com/slawkens/myaac/commit/1d0c173e7d000aecbd432800941fc3e38a0e50f2)
+* Do not autoload sub-folders if autoload pages is disabled (https://github.com/slawkens/myaac/commit/d47195a7878095336f9c9edc6f96244257f67eec)
+
+### Changed
+* SQL Syntax Standardization (by @JoaozinhoBrasil, #298)
+* Pages in theme/template folder will now have precedence over normal pages (https://github.com/slawkens/myaac/commit/6d8f4718a1d349fba8f0ebc39cfd3a1a84d104b0)
+* Small changes in account.login.html.twig (https://github.com/slawkens/myaac/commit/f40b986b59d4c8fa89ab4745731bf366f8619976)
+* Plugin name is required, version is optional (https://github.com/slawkens/myaac/commit/e6f05a2731c61d931be49e121c068e49c0ad5e01)
+
+## [1.3.3 - 04.04.2025]
+
+### Fixed
+* Fix uninstall plugin when plugin is disabled (https://github.com/slawkens/myaac/commit/6c568fd36a271270684fc412ccd556b230273a6d)
+
+### Changed
+* Display more useful info when error parsing config.lua (https://github.com/slawkens/myaac/commit/fa6b6aa153ffc131e0d1631a4dcd9012a5850c2e)
+
+### Other
+* Small adjustments (https://github.com/slawkens/myaac/commit/35e2483de86e295bdf089cceffa25842eeb2e34c, https://github.com/slawkens/myaac/commit/ae639d65b0bfa491e747e907e2ebc77f83f47981)
+
+## [1.3.2 - 01.04.2025]
+
+### Fixed
+* Fix debugBar/admin panel menu when using custom base_dir (https://github.com/slawkens/myaac/commit/65696f63e3aac02ff952ea81279e7cb2fa7570fb)
+
+### Changed
+* Settings: Show/hide IP Ban Protection options depending on the value (enabled/disabled) (https://github.com/slawkens/myaac/commit/dbf73d0b61b45601ae95e51b23c051c2704169c5)
+* Do not require init.php in cache:clear command (https://github.com/slawkens/myaac/commit/d25c71857f767834239bbffacd00fdc671adb157)
+
+## [1.3.1 - 19.03.2025]
+
+### Fixed
+* Fixed migrate:run command (https://github.com/slawkens/myaac/commit/1a5771ad51e595fe13368a0721b059c4ecefb17d)
+
+### Changed
+* Small adjustments (https://github.com/slawkens/myaac/commit/6fac883659f581baac1361826d046410156f1e58, https://github.com/slawkens/myaac/commit/4a6896b4469968b9904292734cf6c14ba5eeef14)
+
+## [1.3 - 10.03.2025]
+
+### Changed
+* Use latest outfit-images host from @gesior (https://github.com/slawkens/myaac/commit/529bdcf016dd0f9dffbc34d81f99a046a9ddb70d)
+* Change monster link to $_GET ?name= (https://github.com/slawkens/myaac/commit/4c5cc8b573b2b3e7ec00a22b7ede30a68083a924)
+
+### Fixed
+* Fixed house links (https://github.com/slawkens/myaac/commit/887b5068ad11c4cdab614afd34525caba785ce13)
+* Fixed long title on headline.php (https://github.com/slawkens/myaac/commit/3e3f4bb5a514158ec8777684ca6c7f1c2a37bed5)
+* Fixed menu colors once again, plus add !important tag (https://github.com/slawkens/myaac/commit/aa52df6e2ec92cafc25b655ae907bf2e1746d9cc)
+* Fix: add possibility to remove all menu items in admin panel (https://github.com/slawkens/myaac/commit/00fe1adc15ea7646596d755f6e6e1f7854ffc1d5, https://github.com/slawkens/myaac/commit/9239a4f4198c3ad260802ac3b47e9c41b80b754e)
+
+## [1.2 - 09.02.2025]
+
+### Added
+* Twig session(key) function + reworked session functions to accept multi-array like in Laravel (https://github.com/slawkens/myaac/commit/b46ddb43d03ef7e5fc34e555e92e856bdc905691)
+* add template_name to twig variables (https://github.com/slawkens/myaac/commit/ae1161d77050bda181802b4496c9de920a7bb1bc)
+* add HOOK_INIT, executed just after $hooks are loaded (https://github.com/slawkens/myaac/commit/19686725dc810f63a07f049f82c66cf336d90ca6)
+
+### Changed
+* settings: password input hide/show, enable Save button only if changes has been made, save settings in transaction (https://github.com/slawkens/myaac/commit/4fda4f643b60a151179e5dd4f04912fb2618d98f, https://github.com/slawkens/myaac/commit/28fef952f857b79d64bc7495ffa5e1999e68e192, https://github.com/slawkens/myaac/commit/4b6024dc451accadb6c469fa282a9a764c1c0a81)
+* rework menus: Different categories can have different colors + Option to reset menus (https://github.com/slawkens/myaac/commit/73de93a561f6b13111e019075724357d8a617249, https://github.com/slawkens/myaac/commit/3da3e62c5b12390d75de9b3320729bcca6e0b458)
+
+### Fixed
+* highscores: Fix online status + vocation for TFS 0.x (https://github.com/slawkens/myaac/commit/ea51ad27c38be88d86514cb979bb394fcfbef1f0)
+* clear cache button in admin bar needed to be clicked twice until it worked (https://github.com/slawkens/myaac/commit/ea51ad27c38be88d86514cb979bb394fcfbef1f0)
+* HOOK_STARTUP location (https://github.com/slawkens/myaac/commit/a73fb1003ee3f812cf182d1834d65f08e6f60d1f)
+* if vocation name has more words (https://github.com/slawkens/myaac/commit/9d7fc98e1e0a96b59ecc1a7c39800a64445db364)
+
+### Updated
+* Bump twig/twig from 3.18.0 to 3.19.0 (#284)
+
+## [1.1 - 27.01.2025]
+
+### Changed
+* adjust mailer settings descriptions to latest gmail (https://github.com/slawkens/myaac/commit/c5d5bb80671db135e6b503f53684771c7272e05d)
+* optimize $player->isOnline() function, thanks @gesior (https://github.com/slawkens/myaac/commit/10dd818b139d5e1bb1ca9ec81edfb083ba9316b4)
+* make players.comment and guilds.description VARCHAR (https://github.com/slawkens/myaac/commit/a45ceab83a74bee2b89cdb72baceda75e577e3cf)
+* add lua/ folder to .gitignore (https://github.com/slawkens/myaac/commit/07012f786b1114cb6ab2f064f82c645b136a375a)
+
+### Fixed
+* general fixes in the tibiacom template menus, better support for custom menus
+* make functions_custom.php optional (https://github.com/slawkens/myaac/commit/dc2b5afd9980984e2b259c9fc99f2ade46f70a5a)
+* error in CLI, where BASE_URL is not defined (https://github.com/slawkens/myaac/commit/4d749b881582f64b5a46196dbbb5ee8097127f03)
+* hook ACCOUNT_LOGIN_BEFORE_ACCOUNT location (https://github.com/slawkens/myaac/commit/669c447fca8643ce56d9ef8c1374ec647c780998)
+
+## [1.0.1 - 14.01.2025]
+
+### Fixed
+* tibiacom account & news menu links not auto expanding
+
+### Updated (Thanks dependabot)
+* twig from ^2.0 to ^3.11
+* tinymce from ^6.8.3 to ^7.2.0
+* cypress from ^12.12.0 to ^13.17.0
+* nesbot/carbon from 2.72.5 to 2.72.6
+
+## [1.0 - 12.01.2025]
+
+First stable release in the v1.0 series.
+
+Minimum PHP 8.1 is required.
+
+Changes since RC.2:
+
+### Added
+* feature: migrations up/down. Allows to downgrade/upgrade database to specified version (https://github.com/slawkens/myaac/commit/3f6ff3a3326b0475d28d11ffd7fff51f362d799f)
+* new hooks for news management (https://github.com/slawkens/myaac/commit/011a85d8ae34283ded6999882833f9d4797028ec, https://github.com/slawkens/myaac/commit/36bd3eb846e829b45313e10f7568dc4e95841143)
+* None Vocation to highscores (can be changed to RookStayer in Admin Panel) (https://github.com/slawkens/myaac/commit/a4a248099521bb5b8b2aa5bd592138debd2f19d5)
+* support for button_color (green, red, blue) (https://github.com/slawkens/myaac/commit/d8b6b749ee62e88b6af4a05d3d7557f90b94d94e)
+* add $whoopsHandler as variable, can be used by plugins (https://github.com/slawkens/myaac/commit/b0c8cf2ecda23045d725aaf43cfb3852ed766a4b)
+* PlayerModel->outfit_url attribute (https://github.com/slawkens/myaac/commit/3b5be1a8db5dceecaa388e2925a5536d13b38881)
+* support for selecting plugin themes in Admin menus.php (https://github.com/slawkens/myaac/commit/77a2c1cec343ffe4be5c2c2503ee81bc32a14ca1)
+
+### Changed
+* schema: Change character set to utf8mb4 (support for Emojis in Menus/Pages/News/Forum etc.) (https://github.com/slawkens/myaac/commit/27c44f1bdfb6234cf0c9d5b4b491123bb205b08f)
+* prefer get_browser_real_ip() over REMOTE_ADDR (https://github.com/slawkens/myaac/commit/941846605c00cee83168d2f916410b8ba8d4b7b9)
+* automatically set selected current one on highscores filters (https://github.com/slawkens/myaac/commit/e96227fbe41ae281783b2d49edb169a603601813)
+* rewrite towns loading code, removed OTBM loader (was too slow) (https://github.com/slawkens/myaac/commit/c980a0914632e7b27f718464f669a200707d217e)
+* allow OTS_Player to be passed as object to getPlayerLink (https://github.com/slawkens/myaac/commit/84d37c5a8f2c4535a41c8aa8264752969d3f3a3d)
+* do not clear menus by default on install (https://github.com/slawkens/myaac/commit/12d8faa3eda5e798f97b71e941c035187daad96e)
+* display warning in admin panel - plugins - if zip extension is not installed (https://github.com/slawkens/myaac/commit/e3ffe5d9e11d78ab064a370d8541bac351c9bcd9)
+* set default_socket_timeout for ipinfo.io checkup to 5 seconds (https://github.com/slawkens/myaac/commit/783d96fc6568a607d3198b832fed3a0dd06c4ebb)
+* refactor getTopPlayers function (support for balance) (https://github.com/slawkens/myaac/commit/c769962e39fe8dfb72ecd5be1864e145696be794)
+
+### Fixed
+* XSS in forum (https://github.com/slawkens/myaac/commit/c2b7286d20d4b579171540f7a774e8a0995d5e8f, https://github.com/slawkens/myaac/commit/8fb643596f9586005976e7bdb484a541a9d8715e)
+* price deducted when changing sex (https://github.com/slawkens/myaac/commit/16671ea40b72dcf74037c359ad572f9eb825edf9)
+* move_thread by unauthorized user (https://github.com/slawkens/myaac/commit/d6c40c836a53cb1710f911f77f45f28b54ea1b54, thanks @anyeor)
+* TFS 1.4.2 where conditions is NULL (https://github.com/slawkens/myaac/commit/b8396d4c8482e951da538b13f2296123732c4545)
+* do not show forum new thread show button if not logged in (https://github.com/slawkens/myaac/commit/507402171ba3b6e7ee184bd7fa73e0d55e0cad7a, @anyeor)
+* login if limiter is disabled (https://github.com/slawkens/myaac/commit/a0f1971583f0f790013e2145fb5ac573c59fbdef)
+* fixes to installMenus function (https://github.com/slawkens/myaac/commit/a2fadc5945fe0a5e39f740827f6ffbda1bb501e2)
+* many PHP exceptions in different places
+* fixes to tibiacom menus ActiveSubmenuItem
+
+### Removed
+* bugtracker SQL table code as the page has been removed/moved to plugins (https://github.com/slawkens/myaac/commit/5782772b901b05fb814bc718d062f6e2cd71df8c)
+
+## [1.0-RC.2 - 25.10.2024]
+
+Still waiting for your reports about bugs found in this release. We are very close to stable release.
+
+### Added
+* feat: rate limit settings for blocking accounts login attempts (@gpedro, #266)
+* search by email in accounts editor (https://github.com/slawkens/myaac/commit/c2ec46824621468f2a1cb4046805c485ed13fea5)
+* New hooks in account manage + create (https://github.com/slawkens/myaac/commit/93641fc68ac9a5f1479329e2bd41380c19534d5d)
+
+### Changed
+* chore: drop raw queries + accounts - search by email + accounts - required min size for search by account number (@gpedro, #266)
+* Use https for outfit & item images (https://github.com/slawkens/myaac/commit/71c00aa5e01fbdfd88802912e200dd1025976231)
+* Do not require players & guilds tables on install (https://github.com/slawkens/myaac/commit/779aa152fa940261c9b161533946f44e288597a2)
+* Do not create player if there is no players table in db (https://github.com/slawkens/myaac/commit/201f95caa8b70e88fa651eac8c3c3aa7cd765bd0)
+
+### Fixed
+* Highscore frags fixed for TFS 0.3 (@Scrollog, #263)
+* Missing groups variable #262. thanks, @Scrollog for reporting (https://github.com/slawkens/myaac/commit/8d8bdb6dac6df21672ac77288fff2f2f8d6eb665)
+* Verified email for login.php (@gpedro, #265)
+* Warning if core.account_country is disabled (https://github.com/slawkens/myaac/commit/ab73d60c61e14a1cacdb6cfbf7f89f4bf3be0833)
+
+
+## [1.0-RC.1 - 23.07.2024]
+
+Changes since 1.0-beta:
+
+### Added
+* Feat: Hooks priority (https://github.com/slawkens/myaac/commit/dc17b701da053e04bfa64e21be9247a4f07505e1)
+* Make autoload of pages, commands and themes configurable (https://github.com/slawkens/myaac/commit/c1d4b4f80cd6bb85507ee9471e47013955a26a91)
+* Fraggers in characters page for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/42f99c3edc8de39cccc5632cb42e88b24579c5a6)
+* New hooks: HOOK_INSTALL_FINISH, HOOK_ACCOUNT_CREATE_CHARACTER_* (https://github.com/slawkens/myaac/commit/08ac8ebade106521a5c7396faa5ce7006e629f7c, https://github.com/slawkens/myaac/commit/45dda5e834ff2059faea6ef9be2efa76f1723cbd)
+
+### Changed
+* Allow account_create_character_create even if account_mail_verify is activated (https://github.com/slawkens/myaac/commit/203e411b626fe62401a4b74a48420769e512aa39)
+* Create guild_rank entries, in case MySQL trigger not loaded (https://github.com/slawkens/myaac/commit/d9c1b2507c81f306970642b35e4bf5f7cc04a6f2, https://github.com/slawkens/myaac/commit/47a19e85dd84e9f3b39a1b29cfc2c04b004832b9)
+* Set Admin Account verified by default (https://github.com/slawkens/myaac/commit/cd49dfc79942f3301ce9c0b8d899b9f39bda9a41)
+* Refactor account routes into sub folders (https://github.com/slawkens/myaac/commit/bdc0c43d3fd3a51030c3e916bdb9f008468f5ecd)
+* Order towns by id (https://github.com/slawkens/myaac/commit/9ea2a5067fc4b75de395f381577b18914132ad84)
+* Do not create news about myaac, if any news already exist (on installation (https://github.com/slawkens/myaac/commit/504242fb846b73b56b87bc1e39d070687ad7f5b4)
+
+### Fixed
+* Not working google recaptcha plugin (https://github.com/slawkens/myaac/commit/a1bcb217ecf4e21fd58da4ba491da1852029898a)
+* Not working account create if account_country is disabled (https://github.com/slawkens/myaac/commit/933b681a9fcdbb6283e0469b3806d2ded492d232)
+* Account verify - do not allow login without verified email (Thanks @anyeor, https://github.com/slawkens/myaac/commit/fcb13f3c0fb8ceafda0bd614a229a26a269432bd)
+* Detect tools/ext exists on install to prevent broken installs (https://github.com/slawkens/myaac/commit/10a739773c4f2911876bc802a0ee0537c3e00a92)
+* Cache reloading each time page refreshes (https://github.com/slawkens/myaac/commit/ec96985872057340112f65073efc0c4bf86dddb0)
+* Highscores frags for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/a04d186c22912915f0a7873dfe677ef3b5a23c79)
+* Monsters page: monster not found exception (https://github.com/slawkens/myaac/commit/ef79b99b8acc179f14b8475547347d9daca27512)
+* Fixed bug if \<flags\> are not present in monster.xml (https://github.com/slawkens/myaac/commit/57b47ab7983f625c7c0ef4f5303a4d07ef172786)
+* fastRoute duplicate errors (https://github.com/slawkens/myaac/commit/4c0739d3e93812dff0c33849ea3f38e4e49113ac)
+* useGuildNick displaying (https://github.com/slawkens/myaac/commit/0db0ec1aa47e044c26bc403ff5078a2115d086f8)
+
+## [1.0-beta - 18.05.2024]
+
+Minimum PHP version for this release is 8.1.
+
+### Added
+* reworked Admin Panel (@Leesneaks, @gpedro, @slawkens)
+  * updated to Bootstrap v4
+  * new Menu
+  * new Dashboard: statistics, server status
+  * new Admin Bar showed on top when admin logged in
+  * new page: Server Data, to reload server data
+    * Towns, NPCs & Items are stored in permanent cache
+  * new pages: mass account & teleport tools
+  * changelogs editor
+  * revised Accounts & Players editors
+  * option to add/modify admin menus with plugins
+  * option to enable/disable plugins
+  * better, updated TinyMCE editor (v6.x)
+    * with option to upload images
+  * list of open source libraries used in project page
+* auto-loading of themes, commands & pages from plugins/ folder. You need just to place them in correct folder and they will be loaded automatically - this allows better customization, without interfering with core AAC folders. This will allow in the future automatic updates for plugins as well the AAC as whole.
+* config.php moved to Admin Panel -> Settings page
+* new console script: aac - using symfony/console
+  * usage: `php aac` (will list all commands by default)
+  * example: `php aac cache:clear`
+  * example: `php aac plugin:install theme-example.zip`
+* replace POT Query Builder to Eloquent ORM. Not 100% yet - in some places there is still old $db approach used (@gpedro) (https://github.com/slawkens/myaac/pull/230)
+* brand new charming installation page (by @fernandomatos)
+  * using Bootstrap
+* new pages router: nikic/fast-route, allowing for better customisation
+* Plugin cronjobs: central control of the cronjobs
+* Guild Wars support (available as plugin)
+* support for login and create account only by email (configurable)
+  * with no need for account name
+* Google ReCAPTCHA v3 support (available as plugin)
+* support for Account Number
+  * suggest account number option
+* many new functions, hooks and configurables
+* better Exception Handler (Whoops - https://github.com/filp/whoops)
+* automated website tests (using Cypress)
+* csrf protection (https://github.com/slawkens/myaac/pull/235)
+* option to restrict Page view to specified group of users (Not-Logged in, logged-in players, tutors, gamemasters etc.)
+* phpdebug bar (http://phpdebugbar.com/). Activated if env == 'dev', can be also activated in production by enabling "enable_debugbar" in local config
+
+### Changed
+* Composer and NPM is now used for external libraries like: Twig, PHPMailer, fast-route, jQuery, Bootstrap etc.
+* mail support is disabled on fresh install, can be manually enabled by user
+* disable add php pages in admin panel for security. Option to disable plugins upload
+* visitors counter shows now user browser, and also if its bot
+* changes in required and optional PHP extensions
+* reworked Pages:
+	* Bans
+		* works now for TFS 1.x
+	* Highscores
+		* frags works for TFS 1.x
+		* cached
+	* Monsters
+* moved pages to Twig:
+  * experience stages
+* update player_deaths entries on name change
+* change_password email to be more informal
+
+### Fixed
+* hundreds of bug fixes, mostly patched from 0.8, so it makes no sense writing them again here

CHANGELOG.md

@@ -1,9 +0,0 @@
-# Changelog
-
-## [0.9.0 - x.x.2020]
-
-### Added
-
-### Changed
-
-### Fixed

CONTRIBUTORS.txt

@@ -8,7 +8,11 @@ Fernando Matos <fernando@pixele.com.br>
 Lee <42119604+Leesneaks@users.noreply.github.com>
 caio <caio.zucoli@gmail.com>
 slawkens <slawkens@gmail.com>
-tobi132 <52947952+tobi132@users.noreply.github.com>
+tobi132 <tobi132@gmx.net>
 vankk <nwtr.otland@hotmail.com>
 whiteblXK <krzys16001@gmail.com>
 xitobuh <jonas.hockert92@gmail.com>
+Danilo Pucci <dnlps@hotmail.com>
+gpedro <gpedro831@gmail.com>
+Matheus Collier <matheuscollier@gmail.com>
+SRNT-GG <95472530+SRNT-GG@users.noreply.github.com>

CREDITS

@@ -1,3 +1,3 @@
 * Gesior.pl (2007 - 2008)
-* Slawkens (2009 - 2022)
+* Slawkens (2009 - 2025)
 * Contributors listed in CONTRIBUTORS.txt

README.md

@@ -1,24 +1,36 @@
 # [MyAAC](https://my-aac.org)
 
-[![Build Status Master](https://img.shields.io/travis/slawkens/myaac/master)](https://travis-ci.org/github/slawkens/myaac)
-[![License: GPL-3.0](https://img.shields.io/github/license/slawkens/myaac)](https://opensource.org/licenses/gpl-license)
-[![Downloads Count](https://img.shields.io/github/downloads/slawkens/myaac/total)](https://github.com/slawkens/myaac/releases)
-[![PHP Versions](https://img.shields.io/travis/php-v/slawkens/myaac/master)](https://github.com/slawkens/myaac/blob/d8b3b4135827ee17e3c6d41f08a925e718c587ed/.travis.yml#L3)
-[![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
-[![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
-
-MyAAC is a free and open-source Automatic Account Creator (AAC) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
+MyAAC is a free and open-source Automatic Account Creator (AAC) for Open Tibia Servers written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
 
 Official website: https://my-aac.org
 
+[![GitHub Workflow Status (with event)](https://img.shields.io/github/actions/workflow/status/slawkens/myaac/cypress.yml)](https://github.com/slawkens/myaac/actions)
+[![License: GPL-3.0](https://img.shields.io/github/license/slawkens/myaac)](https://opensource.org/licenses/gpl-license)
+[![Downloads Count](https://img.shields.io/github/downloads/slawkens/myaac/total)](https://github.com/slawkens/myaac/releases)
+[![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
+[![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
+
+| Version | Status                 | Branch  | Requirements   |
+|:--------|:-----------------------|:--------|:---------------|
+| 2.x     | Experimental features  | develop | PHP >= 8.1     |
+| **1.x** | **Active development** | main    | **PHP >= 8.1** |
+| 0.9.x   | Not developed anymore  | 0.9     | PHP >= 7.2.5   |
+| 0.8.x   | Active support         | 0.8     | PHP >= 7.2.5   |
+| 0.7.x   | End Of Life            | 0.7     | PHP >= 5.3.3   |
+
+The recommended version to install is 1.x, which can be found at releases page - [https://github.com/slawkens/myaac/releases](https://github.com/slawkens/myaac/releases).
+
+### Documentation
+* [docs.my-aac.org](https://docs.my-aac.org)
+* [my-aac.org - FAQ](https://my-aac.org/faqs/)
+
 ### Requirements
 
-	- PHP 5.6 or later
 	- MySQL database
-	- PDO PHP Extension
-	- XML PHP Extension
-	- ZIP PHP Extension
-	- (optional) mod_rewrite to use friendly_urls
+	- PHP Extensions: pdo, xml, json
+	- (optional) apache2 mod_rewrite (to use friendly_urls)
+	- (optional) zip PHP Extension (to install plugins)
+	- (optional) gd PHP Extension (for generating signature images)
 
 ### Installation
 
@@ -36,28 +48,29 @@ Official website: https://my-aac.org
 			chmod 660 images/guilds
 			chmod 660 images/houses
 			chmod 660 images/gallery
-			chmod -R 770 system/cache
+			chmod -R 760 system/cache
 
 	Visit http://your_domain/install (http://localhost/install) and follow instructions in the browser.
 
 ### Configuration
 
-Check *config.php* to get more informations.
+Check *config.php* to get more information. (Notice: MyAAC 1.0+ doesn't use config.php anymore, it has been moved to Admin Panel - Settings page).
+
 Use *config.local.php* for your local configuration changes.
 
 ### Branches
 
 This repository follows the Git Flow Workflow.
-Cheatsheet: [Git-Flow-Cheetsheet](https://danielkummer.github.io/git-flow-cheatsheet)
+Cheatsheet: [Git-Flow-Cheatsheet](https://danielkummer.github.io/git-flow-cheatsheet)
 
 That means, we use:
-* master branch, for current stable release
+* main branch, for current stable release
 * develop branch, for development version (next release)
 * feature branches, for features etc.
 
 ### Known Problems
 
-- Some compatibility issues with some exotical distibutions.
+- Some compatibility issues with some exotic distributions.
 
 ### Contributing
 
@@ -67,13 +80,19 @@ Pull requests should be made to the *develop* branch as that is the working bran
 
 Bug fixes to current release should be done to master branch.
 
-Look: [Contributing](https://github.com/otsoft/myaac/wiki/Contributing) in our wiki.
+Look: [Contributing](https://docs.my-aac.org/misc/contributing) in our wiki.
 
 ### Other Notes
 
-	If you have a great idea or want contribute to the project - visit our website at https://www.my-aac.org
+If you have a great idea or want to contribute to the project - visit our website at https://www.my-aac.org
+
+## Project supported by JetBrains
+
+Many thanks to Jetbrains for kindly providing a license for me to work on this and other open-source projects.
+
+[![JetBrains](https://resources.jetbrains.com/storage/products/company/brand/logos/jb_beam.svg)](https://www.jetbrains.com/?from=https://github.com/slawkens)
 
 ### License
 
 This program and all associated files are released under the GNU Public License.  
-See [LICENSE](https://github.com/slawkens/myaac/blob/master/LICENSE) for details.
+See [LICENSE](https://github.com/slawkens/myaac/blob/main/LICENSE) for details.

aac

@@ -0,0 +1,36 @@
+#!/usr/bin/env php
+<?php
+
+require_once __DIR__ . '/common.php';
+
+if(!IS_CLI) {
+	echo 'This script can be run only in command line mode.';
+	exit(1);
+}
+
+require_once SYSTEM . 'functions.php';
+
+define('SELF_NAME', basename(__FILE__));
+
+use MyAAC\Plugins;
+use Symfony\Component\Console\Application;
+
+$application = new Application('MyAAC', MYAAC_VERSION);
+
+$commandsGlob = glob(SYSTEM . 'src/Commands/*.php');
+foreach ($commandsGlob as $item) {
+	$name = pathinfo($item, PATHINFO_FILENAME);
+	if ($name == 'Command') { // ignore base Command class
+		continue;
+	}
+
+	$commandPre = '\\MyAAC\Commands\\';
+	$application->add(new ($commandPre . $name));
+}
+
+$pluginCommands = Plugins::getCommands();
+foreach ($pluginCommands as $item) {
+	$application->add(require $item);
+}
+
+$application->run();

admin/includes/debugbar.php

@@ -0,0 +1,22 @@
+<?php
+
+$hooks->register('debugbar_admin_head_end', HOOK_ADMIN_HEAD_END, function ($params) {
+	global $debugBar;
+
+	if (!isset($debugBar)) {
+		return;
+	}
+
+	$debugBarRenderer = $debugBar->getJavascriptRenderer(BASE_URL . 'vendor/maximebf/debugbar/src/DebugBar/Resources/');
+	echo $debugBarRenderer->renderHead();
+});
+$hooks->register('debugbar_admin_body_end', HOOK_ADMIN_BODY_END, function ($params) {
+	global $debugBar;
+
+	if (!isset($debugBar)) {
+		return;
+	}
+
+	$debugBarRenderer = $debugBar->getJavascriptRenderer(BASE_URL . 'vendor/maximebf/debugbar/src/DebugBar/Resources/');
+	echo $debugBarRenderer->render();
+});

admin/includes/functions.php

@@ -1 +1,2 @@
-<?php
+<?php
+// nothing yet here

admin/includes/settings_menus.php

@@ -0,0 +1,37 @@
+<?php
+
+use MyAAC\Plugins;
+
+$order = 10;
+
+$settingsMenu = [];
+
+$settingsMenu[] = [
+	'name' => 'MyAAC',
+	'link' => 'settings&plugin=core',
+	'icon' => 'list',
+	'order' => $order,
+];
+
+foreach (Plugins::getAllPluginsSettings() as $setting) {
+	$file = BASE . $setting['settingsFilename'];
+	if (!file_exists($file)) {
+		warning('Plugin setting: ' . $file . ' - cannot be loaded.');
+		continue;
+	}
+
+	$order += 10;
+
+	$settings = require $file;
+
+	$settingsMenu[] = [
+		'name' => $settings['name'],
+		'link' => 'settings&plugin=' . $setting['pluginFilename'],
+		'icon' => 'list',
+		'order' => $order,
+	];
+}
+
+unset($settings, $file, $order);
+
+return $settingsMenu;

admin/index.php

@@ -1,15 +1,13 @@
 <?php
 
 // few things we'll need
+use MyAAC\Plugins;
+
 require '../common.php';
 
 const ADMIN_PANEL = true;
 const MYAAC_ADMIN = true;
 
-if(file_exists(BASE . 'config.local.php')) {
-	require_once BASE . 'config.local.php';
-}
-
 if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed']))
 {
 	header('Location: ' . BASE_URL . 'install/');
@@ -29,20 +27,9 @@ define('PAGE', $page);
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
 
-if(config('env') === 'dev') {
-	ini_set('display_errors', 1);
-	ini_set('display_startup_errors', 1);
-	error_reporting(E_ALL);
-}
-
-// event system
-require_once SYSTEM . 'hooks.php';
-$hooks = new Hooks();
-$hooks->load();
-
+require __DIR__ . '/includes/debugbar.php';
 require SYSTEM . 'status.php';
 require SYSTEM . 'login.php';
-require SYSTEM . 'migrate.php';
 require __DIR__ . '/includes/functions.php';
 
 $twig->addGlobal('config', $config);
@@ -57,20 +44,28 @@ if(!$logged || !admin()) {
 	$page = 'login';
 }
 
-// include our page
-$file = __DIR__ . '/pages/' . $page . '.php';
-if(!@file_exists($file)) {
-	if (strpos($page, 'plugins/') !== false) {
+$pluginsAdminPages = Plugins::getAdminPages();
+if(isset($pluginsAdminPages[$page]) && file_exists(BASE . $pluginsAdminPages[$page])) {
+	$file = BASE . $pluginsAdminPages[$page];
+}
+else {
+	// include our page
+	$file = __DIR__ . '/pages/' . $page . '.php';
+	if(!@file_exists($file)) {
+		if (str_contains($page, 'plugins/')) {
 			$file = BASE . $page;
 		}
 		else {
 			$page = '404';
 			$file = SYSTEM . 'pages/404.php';
 		}
+	}
 }
 
 ob_start();
-include($file);
+if($hooks->trigger(HOOK_ADMIN_BEFORE_PAGE)) {
+	require $file;
+}
 
 $content .= ob_get_contents();
 ob_end_clean();

admin/pages/accounts.php

@@ -7,22 +7,30 @@
  * @copyright 2020 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Models\Account as AccountModel;
+use MyAAC\Models\Player;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Account editor';
-$admin_base = BASE_URL . 'admin/?p=accounts';
+
+csrfProtect();
+
+$admin_base = ADMIN_URL . '?p=accounts';
 $use_datatable = true;
 
-if ($config['account_country'])
+if (setting('core.account_country'))
 	require SYSTEM . 'countries.conf.php';
 
+$nameOrNumberColumn = getAccountIdentityColumn();
+
 $hasSecretColumn = $db->hasColumn('accounts', 'secret');
-$hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $hasTypeColumn = $db->hasColumn('accounts', 'type');
 $hasGroupColumn = $db->hasColumn('accounts', 'group_id');
 
-if ($config['account_country']) {
+if (setting('core.account_country')) {
 	$countries = array();
 	foreach (array('pl', 'se', 'br', 'us', 'gb') as $c)
 		$countries[$c] = $config['countries'][$c];
@@ -32,7 +40,7 @@ if ($config['account_country']) {
 		$countries[$code] = $c;
 }
 $web_acc = ACCOUNT_WEB_FLAGS;
-$acc_type = config('account_types');
+$acc_type = setting('core.account_types');
 ?>
 
 <link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
@@ -40,41 +48,56 @@ $acc_type = config('account_types');
 
 <?php
 $id = 0;
-$search_account = '';
+$search_account = $search_account_email = '';
 if (isset($_REQUEST['id']))
 	$id = (int)$_REQUEST['id'];
+else if (isset($_REQUEST['search_email'])) {
+	$search_account_email = $_REQUEST['search_email'];
+	$accountModel = AccountModel::where('email', $search_account_email)->limit(11)->get(['email', 'id']);
+	if (count($accountModel) == 0) {
+		echo_error('No entries found.');
+	} else if (count($accountModel) == 1) {
+		$id = $accountModel->first()->getKey();
+	} else if (count($accountModel) > 10) {
+		echo_error('Specified e-mail resulted with too many accounts.');
+	}
+}
 else if (isset($_REQUEST['search'])) {
 	$search_account = $_REQUEST['search'];
-	if (strlen($search_account) < 3 && !Validator::number($search_account)) {
-		echo_error('Player name is too short.');
+	$min_size = 3;
+	if (in_array($nameOrNumberColumn, ['id', 'number'])) {
+		$min_size = 1;
+	}
+
+	if (strlen($search_account) < $min_size && !Validator::number($search_account)) {
+		echo_error('Account ' . $nameOrNumberColumn . ' is too short.');
 	} else {
-		$query = $db->query('SELECT `id` FROM `accounts` WHERE `name` = ' . $db->quote($search_account));
-		if ($query->rowCount() == 1) {
-			$query = $query->fetch();
-			$id = (int)$query['id'];
+		$query = AccountModel::where($nameOrNumberColumn, '=', $search_account)->limit(11)->get(['id', $nameOrNumberColumn]);
+		if (count($query) == 0) {
+			echo_error('No entries found.');
+		} else if (count($query) == 1) {
+			$id = $query->first()->getKey();
+		} else if (count($query) > 10) {
+			echo_error('Specified name resulted with too many accounts.');
 		} else {
-			$query = $db->query('SELECT `id`, `name` FROM `accounts` WHERE `name` LIKE ' . $db->quote('%' . $search_account . '%'));
-			if ($query->rowCount() > 0 && $query->rowCount() <= 10) {
 			$str_construct = 'Do you mean?<ul class="mb-0">';
-				foreach ($query as $row)
-					$str_construct .= '<li><a href="' . $admin_base . '&id=' . $row['id'] . '">' . $row['name'] . '</a></li>';
+			foreach ($query as $row) {
+				$str_construct .= '<li><a href="' . $admin_base . '&id=' . $row->getKey() . '">' . $row->attributes[$nameOrNumberColumn] . '</a></li>';
+			}
 			$str_construct .= '</ul>';
 			echo_error($str_construct);
-			} else if ($query->rowCount() > 10)
-				echo_error('Specified name resulted with too many accounts.');
-			else
-				echo_error('No entries found.');
 		}
 	}
 }
 ?>
 <div class="row">
 	<?php
+	$groups = new OTS_Groups_List();
 	if ($id > 0) {
 		$account = new OTS_Account();
 		$account->load($id);
 
-		if (isset($account, $_POST['save']) && $account->isLoaded()) {
+		if (isset($_POST['save']) && $account->isLoaded()) {
 			$error = false;
 
 			$_error = '';
@@ -112,11 +135,18 @@ else if (isset($_REQUEST['search'])) {
 			if (!Validator::email($email))
 				$errors['email'] = Validator::getLastError();
 
-			//tibia coins
-			if ($hasCoinsColumn) {
+			// tibia coins
+			if (HAS_ACCOUNT_COINS) {
 				$t_coins = $_POST['t_coins'];
 				verify_number($t_coins, 'Tibia coins', 12);
 			}
+
+			// transferable tibia coins
+			if (HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS) {
+				$t_coins_transferable = $_POST['t_coins_transferable'];
+				verify_number($t_coins_transferable, 'Transferable Tibia coins', 12);
+			}
+
 			// prem days
 			$p_days = (int)$_POST['p_days'];
 			verify_number($p_days, 'Prem days', 11);
@@ -132,7 +162,9 @@ else if (isset($_REQUEST['search'])) {
 			$rl_loca = $_POST['rl_loca'];
 
 			//country
+			if(setting('core.account_country')) {
 				$rl_country = $_POST['rl_country'];
+			}
 
 			$web_flags = $_POST['web_flags'];
 			verify_number($web_flags, 'Web Flags', 1);
@@ -145,7 +177,7 @@ else if (isset($_REQUEST['search'])) {
 			$web_lastlogin = strtotime($_POST['web_lastlogin']);
 			verify_number($web_lastlogin, 'Web Last login', 11);
 
-			if (!$error) {
+			if (!$error && $hooks->trigger(HOOK_ADMIN_ACCOUNTS_SAVE_POST, ['account_id' => $account->getId(), 'account_email' =>  $account->getEMail()])) {
 				if (USE_ACCOUNT_NAME) {
 					$account->setName($name);
 				}
@@ -159,12 +191,18 @@ else if (isset($_REQUEST['search'])) {
 				if ($hasSecretColumn) {
 					$account->setCustomField('secret', $secret);
 				}
+
 				$account->setCustomField('key', $key);
 				$account->setEMail($email);
-				if ($hasCoinsColumn) {
+
+				if (HAS_ACCOUNT_COINS) {
 					$account->setCustomField('coins', $t_coins);
 				}
 
+				if (HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS) {
+					$account->setCustomField(ACCOUNT_COINS_TRANSFERABLE_COLUMN, $t_coins_transferable);
+				}
+
 				$lastDay = 0;
 				if($p_days != 0 && $p_days != OTS_Account::GRATIS_PREMIUM_DAYS) {
 					$lastDay = time();
@@ -179,7 +217,11 @@ else if (isset($_REQUEST['search'])) {
 				}
 				$account->setRLName($rl_name);
 				$account->setLocation($rl_loca);
+
+				if(setting('core.account_country')) {
 					$account->setCountry($rl_country);
+				}
+
 				$account->setCustomField('created', $created);
 				$account->setWebFlags($web_flags);
 				$account->setCustomField('web_lastlogin', $web_lastlogin);
@@ -193,9 +235,6 @@ else if (isset($_REQUEST['search'])) {
 
 					$password = encrypt($password);
 					$account->setPassword($password);
-
-					if (USE_ACCOUNT_SALT)
-						$account->setCustomField('salt', $salt);
 				}
 
 				$account->save();
@@ -203,7 +242,7 @@ else if (isset($_REQUEST['search'])) {
 			}
 		}
 	} else if ($id == 0) {
-		$accounts_db = $db->query('SELECT `id`, `name`' . ($hasTypeColumn ? ',type' : ($hasGroupColumn ? ',group_id' : '')) . ' FROM `accounts` ORDER BY `id` ASC');
+		$accounts_db = $db->query('SELECT `id`, `' . $nameOrNumberColumn . '`' . ($hasTypeColumn ? ',type' : ($hasGroupColumn ? ',group_id' : '')) . ', email FROM `accounts` ORDER BY `id` ASC');
 		?>
 		<div class="col-12 col-sm-12 col-lg-10">
 			<div class="card card-info card-outline">
@@ -215,8 +254,9 @@ else if (isset($_REQUEST['search'])) {
 						<thead>
 						<tr>
 							<th>ID</th>
-							<th>Name</th>
+							<th><?= ($nameOrNumberColumn == 'name' ? 'Name' : 'Number'); ?></th>
 							<?php if($hasTypeColumn || $hasGroupColumn): ?>
+							<th>E-Mail</th>
 							<th>Position</th>
 							<?php endif; ?>
 							<th style="width: 40px">Edit</th>
@@ -226,7 +266,8 @@ else if (isset($_REQUEST['search'])) {
 						<?php foreach ($accounts_db as $account_lst): ?>
 							<tr>
 								<th><?php echo $account_lst['id']; ?></th>
-								<td><?php echo $account_lst['name']; ?></a></td>
+								<td><?php echo $account_lst[$nameOrNumberColumn]; ?></a></td>
+								<td><?php echo $account_lst['email']; ?></td>
 								<?php if($hasTypeColumn || $hasGroupColumn): ?>
 								<td>
 									<?php if ($hasTypeColumn) {
@@ -258,6 +299,9 @@ else if (isset($_REQUEST['search'])) {
 						<li class="nav-item">
 							<a class="nav-link active" id="accounts-acc-tab" data-toggle="pill" href="#accounts-acc">Account</a>
 						</li>
+						<li class="nav-item">
+							<a class="nav-link" id="accounts-logs-tab" data-toggle="pill" href="#accounts-logs">Logs</a>
+						</li>
 						<li class="nav-item">
 							<a class="nav-link" id="accounts-chars-tab" data-toggle="pill" href="#accounts-chars">Characters</a>
 						</li>
@@ -267,7 +311,7 @@ else if (isset($_REQUEST['search'])) {
 							</li>
 						<?php endif;
 
-						if ($db->hasTable('store_history')) : ?>
+						if ($db->hasTable('store_history') && $db->hasColumn('store_history', 'time')) : ?>
 							<li class="nav-item">
 								<a class="nav-link" id="accounts-store-tab" data-toggle="pill" href="#accounts-store">Store History</a>
 							</li>
@@ -277,13 +321,19 @@ else if (isset($_REQUEST['search'])) {
 				<div class="card-body">
 					<div class="tab-content" id="accounts-tabContent">
 						<div class="tab-pane fade active show" id="accounts-acc">
-							<form action="<?php echo $admin_base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post">
+							<form action="<?php echo $admin_base . ($id > 0 ? '&id=' . $id : ''); ?>" method="post">
+								<?php csrf(); ?>
 								<div class="form-group row">
 									<?php if (USE_ACCOUNT_NAME): ?>
 										<div class="col-12 col-sm-12 col-lg-4">
 											<label for="name">Account Name:</label>
 											<input type="text" class="form-control" id="name" name="name" autocomplete="off" value="<?php echo $account->getName(); ?>"/>
 										</div>
+									<?php elseif (USE_ACCOUNT_NUMBER): ?>
+										<div class="col-12 col-sm-12 col-lg-4">
+											<label for="name">Account Number:</label>
+											<input type="text" class="form-control" id="name" name="name" autocomplete="off" value="<?php echo $account->getNumber(); ?>"/>
+										</div>
 									<?php endif; ?>
 									<div class="col-12 col-sm-12 col-lg-5">
 										<div class="form-check">
@@ -311,8 +361,8 @@ else if (isset($_REQUEST['search'])) {
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="group">Account Type:</label>
 											<select name="group" id="group" class="form-control">
-												<?php foreach ($acc_type as $id => $a_type): ?>
-													<option value="<?php echo($id); ?>" <?php echo($acc_group == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
+												<?php foreach ($acc_type as $_id => $a_type): ?>
+													<option value="<?php echo($_id); ?>" <?php echo($acc_group == ($_id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 												<?php endforeach; ?>
 											</select>
 										</div>
@@ -322,8 +372,8 @@ else if (isset($_REQUEST['search'])) {
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="group">Account Type:</label>
 											<select name="group" id="group" class="form-control">
-												<?php foreach ($groups->getGroups() as $id => $group): ?>
-													<option value="<?php echo $id; ?>" <?php echo($acc_group == $id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
+												<?php foreach ($groups->getGroups() as $_id => $group): ?>
+													<option value="<?php echo $_id; ?>" <?php echo($acc_group == $_id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
 												<?php endforeach; ?>
 											</select>
 										</div>
@@ -331,8 +381,8 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="web_flags">Website Access:</label>
 										<select name="web_flags" id="web_flags" class="form-control">
-											<?php foreach ($web_acc as $id => $a_type): ?>
-												<option value="<?php echo($id); ?>" <?php echo($account->getWebFlags() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
+											<?php foreach ($web_acc as $_id => $a_type): ?>
+												<option value="<?php echo($_id); ?>" <?php echo($account->getWebFlags() == ($_id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -351,15 +401,21 @@ else if (isset($_REQUEST['search'])) {
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
-										<label for="email">Email:</label><?php echo (config('mail_enabled') ? ' (<a href="' . ADMIN_URL . '?p=mailer&mail_to=' . $account->getEMail() . '">Send Mail</a>)' : ''); ?>
+										<label for="email">Email:</label><?php echo (setting('core.mail_enabled') ? ' (<a href="' . ADMIN_URL . '?p=mailer&mail_to=' . $account->getEMail() . '">Send Mail</a>)' : ''); ?>
 										<input type="text" class="form-control" id="email" name="email" autocomplete="off" value="<?php echo $account->getEMail(); ?>"/>
 									</div>
-									<?php if ($hasCoinsColumn): ?>
+									<?php if (HAS_ACCOUNT_COINS): ?>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="t_coins">Tibia Coins:</label>
 											<input type="text" class="form-control" id="t_coins" name="t_coins" autocomplete="off" maxlength="11" value="<?php echo $account->getCustomField('coins') ?>"/>
 										</div>
 									<?php endif; ?>
+									<?php if (HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS): ?>
+										<div class="col-12 col-sm-12 col-lg-6">
+											<label for="t_coins_transferable">Transferable Tibia Coins:</label>
+											<input type="text" class="form-control" id="t_coins_transferable" name="t_coins_transferable" autocomplete="off" maxlength="11" value="<?php echo $account->getCustomField(ACCOUNT_COINS_TRANSFERABLE_COLUMN) ?>"/>
+										</div>
+									<?php endif; ?>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="p_days">Premium Days:</label>
 										<input type="text" class="form-control" id="p_days" name="p_days" autocomplete="off" maxlength="11" value="<?php echo $account->getPremDays(); ?>"/>
@@ -384,14 +440,16 @@ else if (isset($_REQUEST['search'])) {
 											   autocomplete="off" maxlength="20"
 											   value="<?php echo $account->getLocation(); ?>"/>
 									</div>
+									<?php if(setting('core.account_country')): ?>
 									<div class="col-12 col-sm-12 col-lg-4">
 										<label for="rl_country">Country:</label>
 										<select name="rl_country" id="rl_country" class="form-control">
-											<?php foreach ($countries as $id => $a_type): ?>
-												<option value="<?php echo($id); ?>" <?php echo($account->getCountry() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
+											<?php foreach ($countries as $_id => $a_type): ?>
+												<option value="<?php echo($_id); ?>" <?php echo($account->getCountry() == ($_id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
+									<?php endif; ?>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
@@ -410,12 +468,39 @@ else if (isset($_REQUEST['search'])) {
 								<a href="<?php echo ADMIN_URL; ?>?p=accounts" class="btn btn-danger float-right"><i class="fas fa-cancel"></i> Cancel</a>
 							</form>
 						</div>
+						<div class="tab-pane fade" id="accounts-logs">
+							<div class="row">
+								<table class="table table-striped table-condensed table-responsive d-md-table">
+									<thead>
+										<tr>
+											<th>#</th>
+											<th>Date</th>
+											<th>Action</th>
+											<th>IP</th>
+										</tr>
+									</thead>
+									<tbody>
+										<?php
+											$accountActions = \MyAAC\Models\AccountAction::where('account_id', $account->getId())->orderByDesc('date')->get();
+											foreach ($accountActions as $i => $log):
+												$log->ip = ($log->ip != 0 ? long2ip($log->ip) : inet_ntop($log->ipv6));
+												?>
+											<tr>
+												<td><?php echo $i + 1; ?></td>
+												<td><?= date("M d Y, H:i:s", $log->date); ?></td>
+												<td><?= $log->action; ?></td>
+												<td><?= $log->ip; ?></td>
+											</tr>
+											<?php endforeach; ?>
+									</tbody>
+								</table>
+							</div>
+						</div>
 						<div class="tab-pane fade" id="accounts-chars">
 							<div class="row">
 								<?php
 								if (isset($account) && $account->isLoaded()) {
-									$account_players = $account->getPlayersList();
-									$account_players->orderBy('id');
+									$account_players = Player::where('account_id', $account->getId())->orderBy('id')->get();
 									if (isset($account_players)) { ?>
 										<table class="table table-striped table-condensed table-responsive d-md-table">
 											<thead>
@@ -428,25 +513,13 @@ else if (isset($_REQUEST['search'])) {
 											</tr>
 											</thead>
 											<tbody>
-											<?php $i= 0;
-											foreach ($account_players as $i => $player):
-												$i++;
-												$player_vocation = $player->getVocation();
-												$player_promotion = $player->getPromotion();
-												if (isset($player_promotion)) {
-													if ((int)$player_promotion > 0)
-														$player_vocation += ($player_promotion * $config['vocations_amount']);
-												}
-
-												if (isset($config['vocations'][$player_vocation])) {
-													$vocation_name = $config['vocations'][$player_vocation];
-												} ?>
+											<?php foreach ($account_players as $i => $player): ?>
 												<tr>
-													<th><?php echo $i; ?></th>
-													<td><?php echo $player->getName(); ?></td>
-													<td><?php echo $player->getLevel(); ?></td>
-													<td><?php echo $vocation_name; ?></td>
-													<td><a href="?p=players&id=<?php echo $player->getId() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
+													<th><?php echo $i + 1; ?></th>
+													<td><?php echo $player->name; ?></td>
+													<td><?php echo $player->level; ?></td>
+													<td><?php echo $player->vocation_name; ?></td>
+													<td><a href="?p=players&id=<?php echo $player->getKey() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
 												</tr>
 											<?php endforeach ?>
 											</tbody>
@@ -513,7 +586,7 @@ else if (isset($_REQUEST['search'])) {
 								} ?>
 							</div>
 						<?php endif;
-						if ($db->hasTable('store_history')) { ?>
+						if ($db->hasTable('store_history') && $db->hasColumn('store_history', 'time')) { ?>
 							<div class="tab-pane fade" id="accounts-store">
 								<?php $store_history = $db->query('SELECT * FROM `store_history` WHERE `account_id` = "' . $account->getId() . '" ORDER BY `time` DESC')->fetchAll(); ?>
 								<table class="table table-striped table-condensed table-responsive d-md-table">
@@ -550,18 +623,30 @@ else if (isset($_REQUEST['search'])) {
 				<div class="row">
 					<div class="col-6 col-lg-12">
 						<form action="<?php echo $admin_base; ?>" method="post">
-							<label for="name">Account Name:</label>
+							<?php csrf(); ?>
+							<label for="search">Account E-Mail:</label>
 							<div class="input-group input-group-sm">
-								<input type="text" class="form-control" name="search" value="<?php echo $search_account; ?>" maxlength="32" size="32">
+								<input type="email" class="form-control" id="search_email" name="search_email" value="<?= escapeHtml($search_account_email); ?>" maxlength="255" size="255">
 								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 							</div>
 						</form>
 					</div>
 					<div class="col-6 col-lg-12">
 						<form action="<?php echo $admin_base; ?>" method="post">
-							<label for="name">Account ID:</label>
+							<?php csrf(); ?>
+							<label for="search">Account Name:</label>
 							<div class="input-group input-group-sm">
-								<input type="text" class="form-control" name="id" value="" maxlength="32" size="32">
+								<input type="text" class="form-control" id="search" name="search" value="<?= escapeHtml($search_account); ?>" maxlength="32" size="32">
+								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
+							</div>
+						</form>
+					</div>
+					<div class="col-6 col-lg-12">
+						<form action="<?php echo $admin_base; ?>" method="post">
+							<?php csrf(); ?>
+							<label for="id">Account ID:</label>
+							<div class="input-group input-group-sm">
+								<input type="text" class="form-control" id="id" name="id" value="<?= $id; ?>" maxlength="32" size="32">
 								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 							</div>
 						</form>

admin/pages/changelog.php

@@ -8,32 +8,34 @@
  * @copyright 2020 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Changelog;
+use MyAAC\Models\Changelog as ModelsChangelog;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
+$title = 'Changelog';
+
+csrfProtect();
+
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
 }
 
-$title = 'Changelog';
 $use_datatable = true;
 const CL_LIMIT = 600; // maximum changelog body length
-?>
 
-<link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
-<script src="<?php echo BASE_URL; ?>tools/js/jquery.datetimepicker.js"></script>
-<?php
 $id = $_GET['id'] ?? 0;
-require_once LIBS . 'changelog.php';
 
-if(!empty($action))
+if(!empty($action) && isRequestMethod('post'))
 {
-	$id = $_REQUEST['id'] ?? null;
-	$body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null;
-	$create_date = isset($_REQUEST['createdate']) ? (int)strtotime($_REQUEST['createdate'] ): null;
-	$player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null;
-	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null;
-	$where = isset($_REQUEST['where']) ? (int)$_REQUEST['where'] : null;
+	$id = $_POST['id'] ?? null;
+	$body = isset($_POST['body']) ? stripslashes($_POST['body']) : null;
+	$create_date = isset($_POST['createdate']) ? (int)strtotime($_POST['createdate'] ): null;
+	$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : null;
+	$type = isset($_POST['type']) ? (int)$_POST['type'] : null;
+	$where = isset($_POST['where']) ? (int)$_POST['where'] : null;
 
 	$errors = array();
 
@@ -43,12 +45,13 @@ if(!empty($action))
 			$body = '';
 			$type = $where = $player_id = $create_date = 0;
 
-			success("Added successful.");
+			success('Added successful.');
 		}
 	}
 	else if($action == 'delete') {
-		Changelog::delete($id, $errors);
-		success("Deleted successful.");
+		if (Changelog::delete($id, $errors)) {
+			success('Deleted successful.');
+		}
 	}
 	else if($action == 'edit')
 	{
@@ -65,20 +68,21 @@ if(!empty($action))
 				$action = $body = '';
 				$type = $where = $player_id = $create_date = 0;
 
-				success("Updated successful.");
+				success('Updated successful.');
 			}
 		}
 	}
 	else if($action == 'hide') {
-		Changelog::toggleHidden($id, $errors, $status);
-		success(($status == 1 ? 'Show' : 'Hide') . " successful.");
+		if (Changelog::toggleHide($id, $errors, $status)) {
+			success(($status == 1 ? 'Hide' : 'Show') . ' successful.');
+		}
 	}
 
 	if(!empty($errors))
 		error(implode(", ", $errors));
 }
 
-$changelogs = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'changelog' . '` ORDER BY `id` DESC')->fetchAll();
+$changelogs = ModelsChangelog::orderBy('id')->get()->toArray();
 
 $i = 0;
 
@@ -110,7 +114,7 @@ if($action == 'edit' || $action == 'new') {
 	$account_players->orderBy('group_id', POT::ORDER_DESC);
 	$twig->display('admin.changelog.form.html.twig', array(
 		'action' => $action,
-		'cl_link_form' => constant('ADMIN_URL').'?p=changelog&action=' . ($action == 'edit' ? 'edit' : 'new'),
+		'cl_link_form' => constant('ADMIN_URL').'?p=changelog',
 		'cl_id' => $id ?? null,
 		'body' => isset($body) ? escapeHtml($body) : '',
 		'create_date' => $create_date ?? '',
@@ -125,15 +129,3 @@ if($action == 'edit' || $action == 'new') {
 $twig->display('admin.changelog.html.twig', array(
 	'changelogs' => $changelogs,
 ));
-
-?>
-<script>
-	$(document).ready(function () {
-		$('#createdate').datetimepicker({format: "M d Y, H:i:s",});
-
-		$('.tb_datatable').DataTable({
-			"order": [[0, "desc"]],
-			"columnDefs": [{targets: [1, 2,4,5],orderable: false}]
-		});
-	});
-</script>

admin/pages/clmd.php

@@ -11,12 +11,12 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'MyAAC Changelog';
 
-if (!file_exists(BASE . 'CHANGELOG.md')) {
+if (!file_exists(BASE . 'CHANGELOG-1.x.md')) {
 	echo 'File CHANGELOG.md doesn\'t exist.';
 	return;
 }
 
-$changelog = file_get_contents(BASE . 'CHANGELOG.md');
+$changelog = file_get_contents(BASE . 'CHANGELOG-1.x.md');
 
 $Parsedown = new Parsedown();
 

admin/pages/dashboard.php

@@ -10,7 +10,9 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Dashboard';
 
-if (isset($_GET['clear_cache'])) {
+csrfProtect();
+
+if (isset($_POST['clear_cache'])) {
 	if (clearCache()) {
 		success('Cache cleared.');
 	} else {
@@ -18,7 +20,7 @@ if (isset($_GET['clear_cache'])) {
 	}
 }
 
-if (isset($_GET['maintenance'])) {
+if (isset($_POST['maintenance'])) {
 	$message = (!empty($_POST['message']) ? $_POST['message'] : null);
 	$_status = (isset($_POST['status']) && $_POST['status'] == 'true');
 	$_status = ($_status ? '0' : '1');
@@ -47,12 +49,11 @@ $tmp = '';
 if (fetchDatabaseConfig('site_closed_message', $tmp))
 	$closed_message = $tmp;
 
-$configAdminPanelModules = config('admin_panel_modules');
-if (isset($configAdminPanelModules)) {
+$settingAdminPanelModules = setting('core.admin_panel_modules');
+if (count($settingAdminPanelModules) > 0) {
 	echo '<div class="row">';
-	$configAdminPanelModules = explode(',', $configAdminPanelModules);
 	$twig_loader->prependPath(__DIR__ . '/modules/templates');
-	foreach ($configAdminPanelModules as $box) {
+	foreach ($settingAdminPanelModules as $box) {
 		$file = __DIR__ . '/modules/' . $box . '.php';
 		if (file_exists($file)) {
 			include($file);

admin/pages/login.php

@@ -10,6 +10,14 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Login';
 
+csrfProtect();
+
+require PAGES . 'account/login.php';
+if ($logged) {
+	header('Location: ' . (admin() ? ADMIN_URL : BASE_URL));
+	return;
+}
+
 $twig->display('admin.login.html.twig', [
 	'logout' => (ACTION == 'logout' ? 'You have  been logged out!'  : ''),
 	'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',

admin/pages/mailer.php

@@ -7,22 +7,28 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Models\Account;
+
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Mailer';
 
+csrfProtect();
+
 if (!hasFlag(FLAG_CONTENT_MAILER) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
 }
 
-if (!config('mail_enabled')) {
-	echo 'Mail support disabled.';
+if (!setting('core.mail_enabled')) {
+	echo 'Mail support disabled in config.';
 	return;
 }
 
 $mail_to = isset($_REQUEST['mail_to']) ? stripslashes(trim($_REQUEST['mail_to'])) : null;
 $mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : null;
 $mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : null;
+$mail_verified_only = $_POST['mail_verified_only'] ?? false;
 
 if (isset($_POST['submit'])) {
 	if (empty($mail_subject)) {
@@ -53,21 +59,21 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
 	$success = 0;
 	$failed = 0;
 
-	$add = '';
-	if (config('account_mail_verify')) {
-		note('Note: Sending only to users with verified E-Mail.');
-		$add = ' AND `email_verified` = 1';
+	$query = Account::where('email', '!=', '');
+
+	if ($mail_verified_only) {
+		info('Note: Sending only to users with verified E-Mail.');
+		$query->where('email_verified', 1);
 	}
 
-	$query = $db->query('SELECT `email` FROM `accounts` WHERE `email` != ""' . $add);
-	foreach ($query as $email) {
-		if (_mail($email['email'], $mail_subject, $mail_content)) {
+	foreach ($query->get(['email']) as $email) {
+		if (_mail($email->email, $mail_subject, $mail_content)) {
 			$success++;
 		}
 		else {
 			$failed++;
 			echo '<br />';
-			error('An error occorred while sending email to <b>' . $email['email'] . '</b>. For Admin: More info can be found in system/logs/mailer-error.log');
+			error('An error occorred while sending email to <b>' . $email->email . '</b>. For Admin: More info can be found in system/logs/mailer-error.log');
 		}
 	}
 
@@ -79,5 +85,6 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
 $twig->display('admin.mailer.html.twig', [
 	'mail_to' => $mail_to,
 	'mail_subject' => $mail_subject,
-	'mail_content' => $mail_content
+	'mail_content' => $mail_content,
+	'mail_verified_only' => $mail_verified_only,
 ]);

admin/pages/mass_account.php

@@ -9,32 +9,28 @@
  * @copyright 2020 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Models\Account;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Mass Account Actions';
 
-$hasCoinsColumn = $db->hasColumn('accounts', 'coins');
+csrfProtect();
+
 $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $freePremium = $config['lua']['freePremium'];
 
 function admin_give_points($points)
 {
-	global $db, $hasPointsColumn;
+	global $hasPointsColumn;
 
 	if (!$hasPointsColumn) {
 		displayMessage('Points not supported.');
 		return;
 	}
 
-	$statement = $db->prepare('UPDATE `accounts` SET `premium_points` = `premium_points` + :points');
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return;
-	}
-
-	if (!$statement->execute([
-		'points' => $points
-	])) {
+	if (!Account::query()->increment('premium_points', $points)) {
 		displayMessage('Failed to add points.');
 		return;
 	}
@@ -43,22 +39,12 @@ function admin_give_points($points)
 
 function admin_give_coins($coins)
 {
-	global $db, $hasCoinsColumn;
-
-	if (!$hasCoinsColumn) {
+	if (!HAS_ACCOUNT_COINS) {
 		displayMessage('Coins not supported.');
 		return;
 	}
 
-	$statement = $db->prepare('UPDATE `accounts` SET `coins` = `coins` + :coins');
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return;
-	}
-
-	if (!$statement->execute([
-		'coins' => $coins
-	])) {
+	if (!Account::query()->increment('coins', $coins)) {
 		displayMessage('Failed to add coins.');
 		return;
 	}
@@ -66,24 +52,6 @@ function admin_give_coins($coins)
 	displayMessage($coins . ' coins added to all accounts.', true);
 }
 
-function query_add_premium($column, $value_query, $condition_query = '1=1', $params = [])
-{
-	global $db;
-
-	$statement = $db->prepare("UPDATE `accounts` SET `{$column}` = $value_query WHERE $condition_query");
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return false;
-	}
-
-	if (!$statement->execute($params)) {
-		displayMessage('Failed to add premium days.');
-		return false;
-	}
-
-	return true;
-}
-
 function admin_give_premdays($days)
 {
 	global $db, $freePremium;
@@ -98,9 +66,9 @@ function admin_give_premdays($days)
 	// othire
 	if ($db->hasColumn('accounts', 'premend')) {
 		// append premend
-		if (query_add_premium('premend', '`premend` + :value', '`premend` > :now', ['value' => $value, 'now' => $now])) {
+		if (Account::where('premend', '>', $now)->increment('premend', $value)) {
 			// set premend
-			if (query_add_premium('premend', ':value', '`premend` <= :now', ['value' => $now + $value, 'now' => $now])) {
+			if (Account::where('premend', '<=', $now)->update(['premend' => $now + $value])) {
 				displayMessage($days . ' premium days added to all accounts.', true);
 				return;
 			} else {
@@ -118,11 +86,11 @@ function admin_give_premdays($days)
 	// tfs 0.x
 	if ($db->hasColumn('accounts', 'premdays')) {
 		// append premdays
-		if (query_add_premium('premdays', '`premdays` + :value', '1=1', ['value' => $days])) {
+		if (Account::query()->update(['premdays' => $days])) {
 			// append lastday
-			if (query_add_premium('lastday', '`lastday` + :value', '`lastday` > :now', ['value' => $value, 'now' => $now])) {
+			if (Account::where('lastday', '>', $now)->increment('lastday', $value)) {
 				// set lastday
-				if (query_add_premium('lastday', ':value', '`lastday` <= :now', ['value' => $now + $value, 'now' => $now])) {
+				if (Account::where('lastday', '<=', $now)->update(['lastday' => $now + $value])) {
 					displayMessage($days . ' premium days added to all accounts.', true);
 					return;
 				} else {
@@ -146,9 +114,9 @@ function admin_give_premdays($days)
 	// tfs 1.x
 	if ($db->hasColumn('accounts', 'premium_ends_at')) {
 		// append premium_ends_at
-		if (query_add_premium('premium_ends_at', '`premium_ends_at` + :value', '`premium_ends_at` > :now', ['value' => $value, 'now' => $now])) {
+		if (Account::where('premium_ends_at', '>', $now)->increment('premium_ends_at', $value)) {
 			// set premium_ends_at
-			if (query_add_premium('premium_ends_at', ':value', '`premium_ends_at` <= :now', ['value' => $now + $value, 'now' => $now])) {
+			if (Account::where('premium_ends_at', '<=', $now)->update(['premium_ends_at' => $now + $value])) {
 				displayMessage($days . ' premium days added to all accounts.', true);
 				return;
 			} else {
@@ -166,9 +134,9 @@ function admin_give_premdays($days)
 	displayMessage('Premium Days not supported.');
 }
 
-if (isset($_POST['action']) && $_POST['action']) {
+if (!empty(ACTION) && isRequestMethod('post')) {
 
-	$action = $_POST['action'];
+	$action = ACTION;
 
 	if (preg_match("/[^A-z0-9_\-]/", $action)) {
 		displayMessage('Invalid action.');
@@ -196,19 +164,19 @@ if (isset($_POST['action']) && $_POST['action']) {
 }
 else {
 	$twig->display('admin.tools.account.html.twig', array(
-		'hasCoinsColumn' => $hasCoinsColumn,
+		'hasCoinsColumn' => HAS_ACCOUNT_COINS,
 		'hasPointsColumn' => $hasPointsColumn,
 		'freePremium' => $freePremium,
 	));
 }
 
 function displayMessage($message, $success = false) {
-	global $twig, $hasCoinsColumn, $hasPointsColumn, $freePremium;
+	global $twig, $hasPointsColumn, $freePremium;
 
 	$success ? success($message): error($message);
 
 	$twig->display('admin.tools.account.html.twig', array(
-		'hasCoinsColumn' => $hasCoinsColumn,
+		'hasCoinsColumn' => HAS_ACCOUNT_COINS,
 		'hasPointsColumn' => $hasPointsColumn,
 		'freePremium' => $freePremium,
 	));

admin/pages/mass_teleport.php

@@ -8,22 +8,21 @@
  * @copyright 2020 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Models\Player;
+use MyAAC\Models\PlayerOnline;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Mass Teleport Actions';
 
-function admin_teleport_position($x, $y, $z) {
-	global $db;
-	$statement = $db->prepare('UPDATE `players` SET `posx` = :x, `posy` = :y, `posz` = :z');
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return;
-	}
+csrfProtect();
 
-	if (!$statement->execute([
-		'x' => $x, 'y' => $y, 'z' => $z
+function admin_teleport_position($x, $y, $z) {
+	if (!Player::query()->update([
+		'posx' => $x, 'posy' => $y, 'posz' => $z
 	])) {
-		displayMessage('Failed to execute query.');
+		displayMessage('Failed to execute query. Probably already updated.');
 		return;
 	}
 
@@ -31,26 +30,19 @@ function admin_teleport_position($x, $y, $z) {
 }
 
 function admin_teleport_town($town_id) {
-	global $db;
-	$statement = $db->prepare('UPDATE `players` SET `town_id` = :town_id');
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return;
-	}
-
-	if (!$statement->execute([
-		'town_id' => $town_id
+	if (!Player::query()->update([
+		'town_id' => $town_id,
 	])) {
-		displayMessage('Failed to execute query.');
+		displayMessage('Failed to execute query. Probably already updated.');
 		return;
 	}
 
 	displayMessage('Player\'s town updated.', true);
 }
 
-if (isset($_POST['action']) && $_POST['action'])    {
+if (!empty(ACTION) && isRequestMethod('post'))    {
 
-	$action = $_POST['action'];
+	$action = ACTION;
 
 	if (preg_match("/[^A-z0-9_\-]/", $action)) {
 		displayMessage('Invalid action.');
@@ -58,13 +50,12 @@ if (isset($_POST['action']) && $_POST['action'])    {
 
 		$playersOnline = 0;
 		if($db->hasTable('players_online')) {// tfs 1.0
-			$query = $db->query('SELECT count(*) AS `count` FROM `players_online`');
+			$playersOnline = PlayerOnline::count();
 		} else {
-			$query = $db->query('SELECT count(*) AS `count` FROM `players` WHERE `players`.`online` > 0');
+			$playersOnline = Player::online()->count();
 		}
 
-		$playersOnline = $query->fetch(PDO::FETCH_ASSOC);
-		if ($playersOnline['count'] > 0) {
+		if ($playersOnline > 0) {
 			displayMessage('Please, close the server before execute this action otherwise players will not be affected.');
 			return;
 		}

admin/pages/menus.php

@@ -7,79 +7,135 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Cache\Cache;
+use MyAAC\Models\Menu;
+use MyAAC\Plugins;
+
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Menus';
 
+csrfProtect();
+
 if (!hasFlag(FLAG_CONTENT_MENUS) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
 }
 
-if (isset($_REQUEST['template'])) {
-	$template = $_REQUEST['template'];
+$pluginThemes = Plugins::getThemes();
 
-	if (isset($_REQUEST['menu'])) {
-		$post_menu = $_REQUEST['menu'];
-		$post_menu_link = $_REQUEST['menu_link'];
-		$post_menu_blank = $_REQUEST['menu_blank'];
-		$post_menu_color = $_REQUEST['menu_color'];
+if (isset($_POST['template'])) {
+	$template = $_POST['template'];
+
+	if (isset($_POST['save'])) {
+		$post_menu = $_POST['menu'] ?? [];
+		$post_menu_link = $_POST['menu_link'] ?? [];
+		$post_menu_blank = $_POST['menu_blank'] ?? [];
+		$post_menu_color = $_POST['menu_color'] ?? [];
 		if (count($post_menu) != count($post_menu_link)) {
 			echo 'Menu count is not equal menu links. Something went wrong when sending form.';
 			return;
 		}
 
-		$db->query('DELETE FROM `' . TABLE_PREFIX . 'menu` WHERE `template` = ' . $db->quote($template));
+		Menu::where('template', $template)->delete();
 		foreach ($post_menu as $category => $menus) {
 			foreach ($menus as $i => $menu) {
 				if (empty($menu)) // don't save empty menu item
 					continue;
 
 				try {
-					$db->insert(TABLE_PREFIX . 'menu', array('template' => $template, 'name' => $menu, 'link' => $post_menu_link[$category][$i], 'blank' => $post_menu_blank[$category][$i] == 'on' ? 1 : 0, 'color' => str_replace('#', '', $post_menu_color[$category][$i]), 'category' => $category, 'ordering' => $i));
+					Menu::create([
+						'template' => $template,
+						'name' => $menu,
+						'link' => $post_menu_link[$category][$i],
+						'blank' => $post_menu_blank[$category][$i] == 'on' ? 1 : 0,
+						'color' => str_replace('#', '', $post_menu_color[$category][$i]),
+						'category' => $category,
+						'ordering' => $i
+					]);
 				} catch (PDOException $error) {
 					warning('Error while adding menu item (' . $menu . '): ' . $error->getMessage());
 				}
 			}
 		}
 
-		$cache = Cache::getInstance();
-		if ($cache->enabled()) {
-			$cache->delete('template_menus');
-		}
+		onTemplateMenusChange();
 		success('Saved at ' . date('H:i'));
 	}
 
-	$file = TEMPLATES . $template . '/config.php';
-	if (file_exists($file)) {
-		require_once $file;
+	$path = TEMPLATES . $template;
+
+	if (isset($pluginThemes[$template])) {
+		$path = BASE . $pluginThemes[$template];
+	}
+
+	$path .= '/config.php';
+
+	if (file_exists($path)) {
+		require_once $path;
 	} else {
 		echo 'Cannot find template config.php file.';
 		return;
 	}
+
 	if (!isset($config['menu_categories'])) {
 		echo "No menu categories set in template config.php.<br/>This template doesn't support dynamic menus.";
 		return;
 	}
 
-	$title = 'Menus - ' . $template;
-	?>
-	<div align="center" class="text-center">
-		<p class="note">You are editing: <?= $template ?><br/><br/>
-			Hint: You can drag menu items.<br/>
-			Hint: Add links to external sites using: <b>http://</b> or <b>https://</b> prefix.<br/>
-			Not all templates support blank and colorful links.
-		</p>
-	</div>
-	<?php
-	$menus = array();
-	$menus_db = $db->query('SELECT `name`, `link`, `blank`, `color`, `category`, `ordering` FROM `' . TABLE_PREFIX . 'menu` WHERE `enabled` = 1 AND `template` = ' . $db->quote($template) . ' ORDER BY `ordering` ASC;')->fetchAll();
-	foreach ($menus_db as $menu) {
-		$menus[$menu['category']][] = array('name' => $menu['name'], 'link' => $menu['link'], 'blank' => $menu['blank'], 'color' => $menu['color'], 'ordering' => $menu['ordering']);
+	if (isset($_GET['reset_colors'])) {
+		foreach ($config['menu_categories'] as $id => $options) {
+			$color = $options['default_links_color'] ?? ($config['menu_default_links_color'] ?? ($config['menu_default_color'] ?? '#ffffff'));
+			Menu::where('template', $template)->where('category', $id)->update(['color' => str_replace('#', '', $color)]);
 		}
+
+		onTemplateMenusChange();
+		success('Colors has been reset at ' . date('H:i'));
+	}
+
+	if (isset($_GET['reset_menus'])) {
+		$configMenus = config('menus');
+		if (isset($configMenus)) {
+			Plugins::installMenus($template, config('menus'), true);
+
+			onTemplateMenusChange();
+			success('Menus has been reset at ' . date('H:i'));
+		}
+		else {
+			error("This template don't support reinstalling menus.");
+		}
+	}
+
+	$title = 'Menus - ' . $template;
+
+	$canResetColors = isset($config['menu_default_color']) || isset($config['menu_default_links_color']);
+	foreach ($config['menu_categories'] as $id => $options) {
+		if (isset($options['default_links_color'])) {
+			$canResetColors = true;
+		}
+	}
+
+	$twig->display('admin.menus.header.html.twig', [
+		'template' => $template,
+		'canResetColors' => $canResetColors
+	]);
+	?>
+	<?php
+	$menus = Menu::query()
+		->select('name', 'link', 'blank', 'color', 'category', 'ordering')
+		->where('enabled', 1)
+		->where('template', $template)
+		->orderBy('ordering')
+		->get()
+		->groupBy('category')
+		->toArray();
+
 	$last_id = array();
 	?>
 	<form method="post" id="menus-form" action="?p=menus">
+		<?php csrf(); ?>
 		<input type="hidden" name="template" value="<?php echo $template ?>"/>
+		<button type="submit" name="save" class="btn btn-info">Save</button><br/><br/>
 		<div class="row">
 			<?php foreach ($config['menu_categories'] as $id => $cat): ?>
 				<div class="col-md-12 col-lg-6">
@@ -91,15 +147,17 @@ if (isset($_REQUEST['template'])) {
 							<ul class="sortable" id="sortable-<?php echo $id ?>">
 								<?php
 								if (isset($menus[$id])) {
-									foreach ($menus[$id] as $i => $menu):
+									$i = 0;
+									foreach ($menus[$id] as $menu):
+										$color = (empty($menu['color']) ? ($cat['default_links_color'] ?? ($config['menu_default_links_color'] ?? ($config['menu_default_color'] ?? '#ffffff'))) : '#' . $menu['color']);
 										?>
 										<li class="ui-state-default" id="list-<?php echo $id ?>-<?php echo $i ?>"><label>Name:</label> <input type="text" name="menu[<?php echo $id ?>][]" value="<?php echo escapeHtml($menu['name']); ?>"/>
 											<label>Link:</label> <input type="text" name="menu_link[<?php echo $id ?>][]" value="<?php echo $menu['link'] ?>"/>
 											<input type="hidden" name="menu_blank[<?php echo $id ?>][]" value="0"/>
 											<label><input class="blank-checkbox" type="checkbox" <?php echo($menu['blank'] == 1 ? 'checked' : '') ?>/><span title="Open in New Window">New Window</span></label>
-											<input class="color-picker" type="text" name="menu_color[<?php echo $id ?>][]" value="#<?php echo $menu['color'] ?>"/>
+											<input class="color-picker" type="text" name="menu_color[<?php echo $id ?>][]" value="<?php echo $color; ?>"/>
 											<a class="remove-button" id="remove-button-<?php echo $id ?>-<?php echo $i ?>"><i class="fas fa-trash"></a></i></li>
-										<?php $last_id[$id] = $i;
+										<?php $i++; $last_id[$id] = $i;
 									endforeach;
 								} ?>
 							</ul>
@@ -110,7 +168,7 @@ if (isset($_REQUEST['template'])) {
 		</div>
 		<div class="row pb-2">
 			<div class="col-md-12">
-				<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> Save</button>
+				<button type="submit" name="save" class="btn btn-info">Save</button>
 				<?php
 				echo '<button type="button" class="btn btn-danger float-right" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus\';"><i class="fas fa-cancel"></i> Cancel</button>';
 				?>
@@ -120,15 +178,20 @@ if (isset($_REQUEST['template'])) {
 	<?php
 	$twig->display('admin.menus.js.html.twig', array(
 		'menus' => $menus,
-		'last_id' => $last_id
+		'last_id' => $last_id,
 	));
 	?>
 	<?php
 } else {
-	$templates = $db->query('SELECT `template` FROM `' . TABLE_PREFIX . 'menu` GROUP BY `template`;')->fetchAll();
+	$templates = Menu::select('template')->distinct()->get()->toArray();
 	foreach ($templates as $key => $value) {
-		$file = TEMPLATES . $value['template'] . '/config.php';
-		if (!file_exists($file)) {
+		$path = TEMPLATES . $value['template'];
+
+		if (isset($pluginThemes[$value['template']])) {
+			$path = BASE . $pluginThemes[$value['template']];
+		}
+
+		if (!file_exists($path . '/config.php')) {
 			unset($templates[$key]);
 		}
 	}
@@ -137,3 +200,11 @@ if (isset($_REQUEST['template'])) {
 		'templates' => $templates
 	));
 }
+
+function onTemplateMenusChange(): void
+{
+	$cache = Cache::getInstance();
+	if ($cache->enabled()) {
+		$cache->delete('template_menus');
+	}
+}

admin/pages/modules/balance.php

@@ -1,5 +1,14 @@
 <?php
-$balance = ($db->hasColumn('players', 'balance') ? $db->query('SELECT `balance`, `id`, `name`,`level` FROM `players` ORDER BY `balance` DESC LIMIT 10;') : 0);
+
+use MyAAC\Models\Player;
+
+defined('MYAAC') or die('Direct access not allowed!');
+
+$balance = 0;
+
+if ($db->hasColumn('players', 'balance')) {
+	$balance = Player::orderByDesc('balance')->limit(10)->get(['id', 'name', 'balance'])->toArray();
+}
 
 $twig->display('balance.html.twig', array(
 	'balance' => $balance

admin/pages/modules/coins.php

@@ -1,5 +1,19 @@
 <?php
-$coins = ($db->hasColumn('accounts', 'coins') ?  $db->query('SELECT `coins`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `coins` DESC LIMIT 10;') : 0);
+
+use MyAAC\Models\Account;
+
+defined('MYAAC') or die('Direct access not allowed!');
+
+$coins = 0;
+
+if (HAS_ACCOUNT_COINS) {
+	$whatToGet = ['id', 'coins'];
+	if (USE_ACCOUNT_NAME) {
+		$whatToGet[] = 'name';
+	}
+
+	$coins = Account::orderByDesc('coins')->limit(10)->get($whatToGet)->toArray();
+}
 
 $twig->display('coins.html.twig', array(
 	'coins' => $coins

admin/pages/modules/created.php

@@ -1,6 +1,15 @@
 <?php
-$players = ($db->hasColumn('accounts', 'created') ? $db->query('SELECT `created`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `created` DESC LIMIT 10;') : 0);
+
+use MyAAC\Models\Account;
+
+defined('MYAAC') or die('Direct access not allowed!');
+
+$accounts = 0;
+
+if ($db->hasColumn('accounts', 'created')) {
+	$accounts = Account::orderByDesc('created')->limit(10)->get(['id', 'created'])->toArray();
+}
 
 $twig->display('created.html.twig', array(
-	'players' => $players,
+	'accounts' => $accounts,
 ));

admin/pages/modules/lastlogin.php

@@ -1,5 +1,15 @@
 <?php
-$players = ($db->hasColumn('players', 'lastlogin') ? $db->query('SELECT name, level, lastlogin FROM players ORDER BY lastlogin DESC LIMIT 10;') : 0);
+
+use MyAAC\Models\Player;
+
+defined('MYAAC') or die('Direct access not allowed!');
+
+$players = 0;
+
+if ($db->hasColumn('players', 'lastlogin')) {
+	$players = Player::orderByDesc('lastlogin')->limit(10)->get(['id', 'name', 'level', 'lastlogin'])->toArray();
+}
+
 $twig->display('lastlogin.html.twig', array(
 	'players' => $players,
 ));

admin/pages/modules/points.php

@@ -1,5 +1,14 @@
 <?php
-$points = ($db->hasColumn('accounts', 'premium_points') ? $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;') : 0);
+
+use MyAAC\Models\Account;
+
+defined('MYAAC') or die('Direct access not allowed!');
+
+$points = 0;
+
+if ($db->hasColumn('accounts', 'premium_points')) {
+	$coins = Account::orderByDesc('premium_points')->limit(10)->get(['premium_points', (USE_ACCOUNT_NAME ? 'name' : 'id')])->toArray();
+}
 
 $twig->display('points.html.twig', array(
 	'points' => $points,

admin/pages/modules/statistics.php

@@ -1,11 +1,20 @@
 <?php
+
+use MyAAC\Models\Account;
+use MyAAC\Models\Guild;
+use MyAAC\Models\House;
+use MyAAC\Models\Monster;
+use MyAAC\Models\Player;
+
 defined('MYAAC') or die('Direct access not allowed!');
-$count = $db->query('SELECT
-  (SELECT COUNT(*) FROM `accounts`) as total_accounts, 
-  (SELECT COUNT(*) FROM `players`) as total_players,
-  (SELECT COUNT(*) FROM `guilds`) as total_guilds,
-  (SELECT COUNT(*) FROM `' . TABLE_PREFIX . 'monsters`) as total_monsters,
-  (SELECT COUNT(*) FROM `houses`) as total_houses;')->fetch();
+$count = $eloquentConnection->query()
+	->select([
+		'total_accounts' => Account::selectRaw('COUNT(id)'),
+		'total_players' => Player::selectRaw('COUNT(id)'),
+		'total_guilds' => Guild::selectRaw('COUNT(id)'),
+		'total_monsters' => Monster::selectRaw('COUNT(id)'),
+		'total_houses' => House::selectRaw('COUNT(id)'),
+	])->first();
 
 $twig->display('statistics.html.twig', array(
 	'count' => $count,

admin/pages/modules/templates/balance.html.twig

@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=players&id={{ result.id }}">{{ result.name }}</a></td>
 							<td>{{ result.balance }}</td>
 						</tr>
 					{% endfor %}

admin/pages/modules/templates/coins.html.twig

@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=accounts&id={{ result.id }}">{{ result.name ?? result.id }}</a></td>
 							<td>{{ result.coins }}</td>
 						</tr>
 					{% endfor %}

admin/pages/modules/templates/created.html.twig

@@ -1,4 +1,4 @@
-{% if players is iterable %}
+{% if accounts is iterable %}
 	<div class=" col-md-6 col-lg-3">
 		<div class="card card-info card-outline">
 			<div class="card-header">
@@ -15,11 +15,11 @@
 					</thead>
 					<tbody>
 					{% set i = 0 %}
-					{% for result in players %}
+					{% for result in accounts %}
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=accounts&id={{ result.id }}">{{ result.id }}</a></td>
 							<td>{{ result.created|date("M d Y, H:i:s") }}</td>
 						</tr>
 					{% endfor %}

admin/pages/modules/templates/lastlogin.html.twig

@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=players&id={{ result.id }}">{{ result.name }}</a></td>
 							<td>{{ result.lastlogin|date("M d Y, H:i:s") }}</td>
 						</tr>
 					{% endfor %}

admin/pages/modules/templates/points.html.twig

@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=accounts&id={{ result.id }}">{{ result.name }}</a></td>
 							<td>{{ result.premium_points }}</td>
 						</tr>
 					{% endfor %}

admin/pages/modules/templates/web_status.twig

@@ -1,10 +1,9 @@
 <div class="col-12 col-md-6">
 	<div class="card card-warning card-outline">
-		<form action="?p=dashboard&maintenance" method="post" class="form-horizontal">
 		<div class="card-header">
 			<span class="m-0">Website Status<span class="float-right">
 			<div class="custom-control custom-switch custom-switch-off-danger custom-switch-on-success">
-					<input type="checkbox" class="custom-control-input" name="status" id="status" value="true" {% if not is_closed %} checked{% endif %}>
+				<input form="maintenance-form" type="checkbox" class="custom-control-input" name="status" id="status" value="true" {% if not is_closed %} checked{% endif %}>
 				<label id="status-label" class="custom-control-label" for="status"> {% if is_closed %}Closed{% else %}Open{% endif %}</label>
 			</div></span>
 			</span>
@@ -12,17 +11,22 @@
 		<div class="card-body p-2">
 			<div class="col-sm-12">
 				<label for="message" class="col-form-label">Maintenance Message</label>
-					<textarea name="message" class="form-control" cols="40" rows="3" maxlength="255" placeholder="Enter ...">{{ closed_message }}</textarea>
+				<textarea form="maintenance-form" name="message" class="form-control" cols="40" rows="3" maxlength="255" placeholder="Enter ...">{{ closed_message }}</textarea>
 				<small>(only visible if closed)</small>
 			</div>
 		</div>
 		<div class="card-footer">
+			<form id="maintenance-form" method="post" action="?p=dashboard" class="float-left">
+				{{ csrf() }}
+				<input type="hidden" name="maintenance" value="1" />
 				<button type="submit" class="btn btn-info"><i class="far fa-update"></i> Update</button>
-				<a href="?p=dashboard&clear_cache" onclick="return confirm('Are you sure?');" class="float-right">
-					<span class="btn btn-danger"><i class="fas fa-clear"></i>Clear cache</span>
-				</a>
-			</div>
 			</form>
+			<form method="post" action="?p=dashboard" class="float-right">
+				{{ csrf() }}
+				<input type="hidden" name="clear_cache" value="1" />
+				<button type="submit" onclick="return confirm('Are you sure that you want to clear cache?');" class="btn btn-danger" title="Clear Cache"><i class="fas fa-clear"></i>Clear cache</button>
+			</form>
+		</div>
 	</div>
 </div>
 

admin/pages/news.php

@@ -7,12 +7,16 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Forum;
+use MyAAC\News;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
-require_once LIBS . 'forum.php';
-require_once LIBS . 'news.php';
-
 $title = 'News Panel';
+
+csrfProtect();
+
 $use_datatable = true;
 
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
@@ -22,46 +26,45 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 
 header('X-XSS-Protection:0');
 
-// some constants, used mainly by database (cannot by modified without schema changes)
-define('NEWS_TITLE_LIMIT', 100);
-define('NEWS_BODY_LIMIT', 65535); // maximum news body length
-define('ARTICLE_TEXT_LIMIT', 300);
-define('ARTICLE_IMAGE_LIMIT', 100);
+// some constants, used mainly by database (cannot be modified without schema changes)
+const NEWS_TITLE_LIMIT = 100;
+const NEWS_BODY_LIMIT = 65535; // maximum news body length
+const ARTICLE_TEXT_LIMIT = 300;
+const ARTICLE_IMAGE_LIMIT = 100;
 
 $name = $p_title = '';
 if(!empty($action))
 {
-	$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : null;
-	$p_title = isset($_REQUEST['title']) ? $_REQUEST['title'] : null;
-	$body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null;
-	$comments = isset($_REQUEST['comments']) ? $_REQUEST['comments'] : null;
-	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null;
-	$category = isset($_REQUEST['category']) ? (int)$_REQUEST['category'] : null;
-	$player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null;
-	$article_text = isset($_REQUEST['article_text']) ? $_REQUEST['article_text'] : null;
-	$article_image = isset($_REQUEST['article_image']) ? $_REQUEST['article_image'] : null;
-	$forum_section = isset($_REQUEST['forum_section']) ? $_REQUEST['forum_section'] : null;
-	$errors = array();
+	$id = $_POST['id'] ?? null;
+	$p_title = $_POST['title'] ?? null;
+	$body = isset($_POST['body']) ? stripslashes($_POST['body']) : null;
+	$comments = $_POST['comments'] ?? null;
+	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : 1;
+	$category = isset($_POST['category']) ? (int)$_POST['category'] : null;
+	$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : null;
+	$article_text = $_POST['article_text'] ?? null;
+	$article_image = $_POST['article_image'] ?? null;
+	$forum_section = $_POST['forum_section'] ?? null;
+	$errors = [];
 
-	if($action == 'new') {
-		if(isset($forum_section) && $forum_section != '-1') {
+	if (isRequestMethod('post')) {
+		if ($action == 'new') {
+			if (isset($forum_section) && $forum_section != '-1') {
 				$forum_add = Forum::add_thread($p_title, $body, $forum_section, $player_id, $account_logged->getId(), $errors);
 			}
 
-		if(isset($p_title) && News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
+			if (isset($p_title) && News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
 				$p_title = $body = $comments = $article_text = $article_image = '';
 				$type = $category = $player_id = 0;
 
-			success("Added successful.");
+				success('Added successful.');
 			}
+		} else if ($action == 'delete') {
+			if (News::delete($id, $errors)) {
+				success('Deleted successful.');
 			}
-	else if($action == 'delete') {
-		News::delete($id, $errors);
-		success("Deleted successful.");
-	}
-	else if($action == 'edit')
-	{
-		if(isset($id) && !isset($p_title)) {
+		} else if ($action == 'edit') {
+			if (isset($id) && !isset($p_title)) {
 				$news = News::get($id);
 				$p_title = $news['title'];
 				$body = $news['body'];
@@ -71,24 +74,24 @@ if(!empty($action))
 				$player_id = $news['player_id'];
 				$article_text = $news['article_text'];
 				$article_image = $news['article_image'];
-		}
-		else {
-			if(News::update($id, $p_title, $body, $type, $category, $player_id, $forum_section, $article_text, $article_image, $errors)) {
+			} else {
+				if (News::update($id, $p_title, $body, $type, $category, $player_id, $forum_section, $article_text, $article_image, $errors)) {
 					// update forum thread if exists
-				if(isset($forum_section) && Validator::number($forum_section)) {
-					$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `author_guid` = ".(int) $player_id.", `post_text` = ".$db->quote($body).", `post_topic` = ".$db->quote($p_title).", `edit_date` = " . time() . " WHERE `id` = " . $db->quote($forum_section));
+					if (isset($forum_section) && Validator::number($forum_section)) {
+						$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `author_guid` = " . (int)$player_id . ", `post_text` = " . $db->quote($body) . ", `post_topic` = " . $db->quote($p_title) . ", `edit_date` = " . time() . " WHERE `id` = " . $db->quote($forum_section));
 					}
 
 					$action = $p_title = $body = $comments = $article_text = $article_image = '';
 					$type = $category = $player_id = 0;
 
-				success("Updated successful.");
+					success('Updated successful.');
 				}
 			}
+		} else if ($action == 'hide') {
+			if (News::toggleHide($id, $errors, $status)) {
+				success(($status == 1 ? 'Hide' : 'Show') . ' successful.');
+			}
 		}
-	else if($action == 'hide') {
-		News::toggleHidden($id, $errors, $status);
-		success(($status == 1 ? 'Show' : 'Hide') . " successful.");
 	}
 
 	if(!empty($errors))
@@ -96,7 +99,7 @@ if(!empty($action))
 }
 
 $categories = array();
-foreach($db->query('SELECT `id`, `name`, `icon_id` FROM `' . TABLE_PREFIX . 'news_categories` WHERE `hidden` != 1') as $cat)
+foreach($db->query('SELECT `id`, `name`, `icon_id` FROM `' . TABLE_PREFIX . 'news_categories` WHERE `hide` != 1') as $cat)
 {
 	$categories[$cat['id']] = array(
 		'name' => $cat['name'],
@@ -114,12 +117,10 @@ if($action == 'edit' || $action == 'new') {
 	$account_players->orderBy('group_id', POT::ORDER_DESC);
 	$twig->display('admin.news.form.html.twig', array(
 		'action' => $action,
-		'news_link' => getLink(PAGE),
-		'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'new'),
 		'news_id' => $id ?? null,
 		'title' => $p_title ?? '',
 		'body' => isset($body) ? escapeHtml($body) : '',
-		'type' => $type ?? null,
+		'type' => $type,
 		'player' => isset($player) && $player->isLoaded() ? $player : null,
 		'player_id' => $player_id ?? null,
 		'account_players' => $account_players,
@@ -135,18 +136,27 @@ if($action == 'edit' || $action == 'new') {
 
 $query = $db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'news'));
 $newses = array();
+
+$cachePlayers = [];
 foreach ($query as $_news) {
+	$playerId = $_news['player_id'];
+	if (isset($cachePlayers[$playerId])) {
+		$_player = $cachePlayers[$playerId];
+	}
+	else {
 		$_player = new OTS_Player();
-	$_player->load($_news['player_id']);
+		$_player->load($playerId);
+		$cachePlayers[$playerId] = $_player;
+	}
 
 	$newses[$_news['type']][] = array(
 		'id' => $_news['id'],
-		'hidden' => $_news['hidden'],
+		'hide' => $_news['hide'],
 		'archive_link' => getLink('news') . '/archive/' . $_news['id'],
 		'title' => $_news['title'],
 		'date' => $_news['date'],
-		'player_name' => isset($_player) && $_player->isLoaded() ? $_player->getName() : '',
-		'player_link' => isset($_player) && $_player->isLoaded() ? getPlayerLink($_player->getName(), false) : '',
+		'player_name' => $_player->isLoaded() ? $_player->getName() : '',
+		'player_link' => $_player->isLoaded() ? getPlayerLink($_player, false) : '',
 	);
 }
 

admin/pages/notepad.php

@@ -7,46 +7,35 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Models\Notepad as ModelsNotepad;
+
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Notepad';
 
-$notepad_content = Notepad::get($account_logged->getId());
+csrfProtect();
+
+/**
+ * @var OTS_Account $account_logged
+ */
+$_content = '';
+$notepad = ModelsNotepad::where('account_id', $account_logged->getId())->first();
 if (isset($_POST['content'])) {
 	$_content = html_entity_decode(stripslashes($_POST['content']));
-	if (!$notepad_content)
-		Notepad::create($account_logged->getId(), $_content);
-	else
-		Notepad::update($account_logged->getId(), $_content);
+	if (!$notepad) {
+		ModelsNotepad::create([
+			'account_id' => $account_logged->getId(),
+			'content' => $_content
+		]);
+	}
+	else {
+		ModelsNotepad::where('account_id', $account_logged->getId())->update(['content' => $_content]);
+	}
 
-	echo '<div class="success" style="text-align: center;">Saved at ' . date('H:i') . '</div>';
+	success('Saved at ' . date('H:i'));
 } else {
-	if ($notepad_content !== false)
-		$_content = $notepad_content;
+	if ($notepad)
+		$_content = $notepad->content;
 }
 
-$twig->display('admin.notepad.html.twig', array('content' => isset($_content) ? $_content : null));
-
-class Notepad
-{
-	static public function get($account_id)
-	{
-		global $db;
-		$query = $db->select(TABLE_PREFIX . 'notepad', array('account_id' => $account_id));
-		if ($query !== false)
-			return $query['content'];
-
-		return false;
-	}
-
-	static public function create($account_id, $content = '')
-	{
-		global $db;
-		$db->insert(TABLE_PREFIX . 'notepad', array('account_id' => $account_id, 'content' => $content));
-	}
-
-	static public function update($account_id, $content = '')
-	{
-		global $db;
-		$db->update(TABLE_PREFIX . 'notepad', array('content' => $content), array('account_id' => $account_id));
-	}
-}
+$twig->display('admin.notepad.html.twig', ['content' => $_content]);

admin/pages/pages.php

@@ -7,10 +7,16 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Models\Pages as ModelsPages;
+use MyAAC\Admin\Pages;
+
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Pages';
 $use_datatable = true;
 
+csrfProtect();
+
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
@@ -26,31 +32,36 @@ $enable_tinymce = true;
 $access = 0;
 
 // some constants, used mainly by database (cannot by modified without schema changes)
-define('PAGE_TITLE_LIMIT', 30);
-define('PAGE_NAME_LIMIT', 30);
-define('PAGE_BODY_LIMIT', 65535); // maximum page body length
+const PAGE_TITLE_LIMIT = 30;
+const PAGE_NAME_LIMIT = 30;
+const PAGE_BODY_LIMIT = 65535; // maximum page body length
 
-if (!empty($action)) {
-	if ($action == 'delete' || $action == 'edit' || $action == 'hide')
-		$id = $_REQUEST['id'];
-
-	if (isset($_REQUEST['name']))
-		$name = $_REQUEST['name'];
-
-	if (isset($_REQUEST['title']))
-		$p_title = $_REQUEST['title'];
-
-	$php = isset($_REQUEST['php']) && $_REQUEST['php'] == 1;
-	$enable_tinymce = isset($_REQUEST['enable_tinymce']) && $_REQUEST['enable_tinymce'] == 1;
-	if ($php)
-		$body = $_REQUEST['body'];
-	else if (isset($_REQUEST['body'])) {
-		//$body = $_REQUEST['body'];
-		$body = html_entity_decode(stripslashes($_REQUEST['body']));
+if (!empty($action) && isRequestMethod('post')) {
+	if ($action == 'delete' || $action == 'edit' || $action == 'hide') {
+		$id = $_POST['id'];
 	}
 
-	if (isset($_REQUEST['access']))
-		$access = $_REQUEST['access'];
+	if (isset($_POST['name'])) {
+		$name = $_POST['name'];
+	}
+
+	if (isset($_POST['title'])) {
+		$p_title = $_POST['title'];
+	}
+
+	$php = isset($_POST['php']) && $_POST['php'] == 1;
+	$enable_tinymce = (isset($_POST['enable_tinymce']) && $_POST['enable_tinymce'] == 1) ?: $enable_tinymce;
+	if ($php) {
+		$body = $_POST['body'];
+	}
+	else if (isset($_POST['body'])) {
+		//$body = $_POST['body'];
+		$body = html_entity_decode(stripslashes($_POST['body']));
+	}
+
+	if (isset($_POST['access'])) {
+		$access = $_POST['access'];
+	}
 
 	$errors = array();
 	$player_id = 1;
@@ -67,7 +78,7 @@ if (!empty($action)) {
 		if (Pages::delete($id, $errors))
 			success('Page with id ' . $id . ' has been deleted');
 	} else if ($action == 'edit') {
-		if (isset($id) && !isset($_REQUEST['name'])) {
+		if (isset($id) && !isset($_POST['name'])) {
 			$_page = Pages::get($id);
 			$name = $_page['name'];
 			$p_title = $_page['title'];
@@ -76,39 +87,36 @@ if (!empty($action)) {
 			$enable_tinymce = $_page['enable_tinymce'] == '1';
 			$access = $_page['access'];
 		} else {
-			if(Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access)) {
+			if(Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
 				$action = $name = $p_title = $body = '';
 				$player_id = 1;
 				$access = 0;
 				$php = false;
 				$enable_tinymce = true;
-				success("Updated successful.");
+				success('Updated successful.');
 			}
 		}
 	} else if ($action == 'hide') {
-		Pages::toggleHidden($id, $errors, $status);
-		success(($status == 1 ? 'Show' : 'Hide') . " successful.");
+		if (Pages::toggleHide($id, $errors, $status)) {
+			success(($status == 0 ? 'Show' : 'Hide') . ' successful.');
+		}
 	}
 
 	if (!empty($errors))
 		error(implode(", ", $errors));
 }
 
-$query =
-	$db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'pages'));
+$pages = ModelsPages::all()->map(function ($e) {
+	return [
+		'link' => getFullLink($e->name, $e->name, true),
+		'title' => substr($e->title, 0, 20),
+		'php' => $e->php == '1',
+		'id' => $e->id,
+		'hide' => $e->hide
+	];
+})->toArray();
 
-$pages = array();
-foreach ($query as $_page) {
-	$pages[] = array(
-		'link' => getFullLink($_page['name'], $_page['name'], true),
-		'title' => substr($_page['title'], 0, 20),
-		'php' => $_page['php'] == '1',
-		'id' => $_page['id'],
-		'hidden' => $_page['hidden']
-	);
-}
-
-$twig->display('admin.pages.form.html.twig', array(
+$twig->display('admin.pages.form.html.twig', [
 	'action' => $action,
 	'id' => $action == 'edit' ? $id : null,
 	'name' => $name,
@@ -118,141 +126,8 @@ $twig->display('admin.pages.form.html.twig', array(
 	'body' => isset($body) ? escapeHtml($body) : '',
 	'groups' => $groups->getGroups(),
 	'access' => $access
-));
+]);
 
-$twig->display('admin.pages.html.twig', array(
+$twig->display('admin.pages.html.twig', [
 	'pages' => $pages
-));
-
-class Pages
-{
-	static public function verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
-	{
-		if(!isset($title[0]) || !isset($body[0])) {
-			$errors[] = 'Please fill all inputs.';
-			return false;
-		}
-		if(strlen($name) > PAGE_NAME_LIMIT) {
-			$errors[] = 'Page name cannot be longer than ' . PAGE_NAME_LIMIT . ' characters.';
-			return false;
-		}
-		if(strlen($title) > PAGE_TITLE_LIMIT) {
-			$errors[] = 'Page title cannot be longer than ' . PAGE_TITLE_LIMIT . ' characters.';
-			return false;
-		}
-		if(strlen($body) > PAGE_BODY_LIMIT) {
-			$errors[] = 'Page content cannot be longer than ' . PAGE_BODY_LIMIT . ' characters.';
-			return false;
-		}
-		if(!isset($player_id) || $player_id == 0) {
-			$errors[] = 'Player ID is wrong.';
-			return false;
-		}
-		if(!isset($php) || ($php != 0 && $php != 1)) {
-			$errors[] = 'Enable PHP is wrong.';
-			return false;
-		}
-		if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) {
-			$errors[] = 'Enable TinyMCE is wrong.';
-			return false;
-		}
-		if(!isset($access) || $access < 0 || $access > PHP_INT_MAX) {
-			$errors[] = 'Access is wrong.';
-			return false;
-		}
-
-		return true;
-	}
-
-	static public function get($id)
-	{
-		global $db;
-		$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
-		if ($query !== false)
-			return $query;
-
-		return false;
-	}
-
-	static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
-	{
-		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
-			return false;
-		}
-
-		global $db;
-		$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name));
-		if ($query === false)
-			$db->insert(TABLE_PREFIX . 'pages',
-				array(
-					'name' => $name,
-					'title' => $title,
-					'body' => $body,
-					'player_id' => $player_id,
-					'php' => $php ? '1' : '0',
-					'enable_tinymce' => $enable_tinymce ? '1' : '0',
-					'access' => $access
-				)
-			);
-		else
-			$errors[] = 'Page with this link already exists.';
-
-		return !count($errors);
-	}
-
-	static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access)
-	{
-		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
-			return false;
-		}
-
-		global $db;
-		$db->update(TABLE_PREFIX . 'pages',
-			array(
-				'name' => $name,
-				'title' => $title,
-				'body' => $body,
-				'player_id' => $player_id,
-				'php' => $php ? '1' : '0',
-				'enable_tinymce' => $enable_tinymce ? '1' : '0',
-				'access' => $access
-			),
-			array('id' => $id));
-
-		return true;
-	}
-
-	static public function delete($id, &$errors)
-	{
-		global $db;
-		if (isset($id)) {
-			if ($db->select(TABLE_PREFIX . 'pages', array('id' => $id)) !== false)
-				$db->delete(TABLE_PREFIX . 'pages', array('id' => $id));
-			else
-				$errors[] = 'Page with id ' . $id . ' does not exists.';
-		} else
-			$errors[] = 'id not set';
-
-		return !count($errors);
-	}
-
-	static public function toggleHidden($id, &$errors, &$status)
-	{
-		global $db;
-		if (isset($id)) {
-			$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
-			if ($query !== false) {
-				$db->update(TABLE_PREFIX . 'pages', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
-				$status = $query['hidden'];
-			}
-			else {
-				$errors[] = 'Page with id ' . $id . ' does not exists.';
-			}
-		} else
-			$errors[] = 'id not set';
-
-		return !count($errors);
-	}
-}
-
-?>
+]);

admin/pages/phpinfo.php

@@ -16,4 +16,4 @@ if (!function_exists('phpinfo')) { ?>
 	<?php return;
 }
 ?>
-<iframe src="<?php echo BASE_URL; ?>admin/tools/phpinfo.php" width="1024" height="550"></iframe>
+<iframe src="<?php echo ADMIN_URL; ?>tools/phpinfo.php" width="1024" height="550"></iframe>

admin/pages/players.php

@@ -7,13 +7,19 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Forum;
+use MyAAC\Models\Player;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Player editor';
-$player_base = BASE_URL . 'admin/?p=players';
+
+csrfProtect();
+
+$player_base = ADMIN_URL . '?p=players';
 
 $use_datatable = true;
-require_once LIBS . 'forum.php';
 
 $skills = array(
 	POT::SKILL_FIST => array('Fist fighting', 'fist'),
@@ -45,22 +51,20 @@ else if (isset($_REQUEST['search'])) {
 	if (strlen($search_player) < 3 && !Validator::number($search_player)) {
 		echo_error('Player name is too short.');
 	} else {
-		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote($search_player));
-		if ($query->rowCount() == 1) {
-			$query = $query->fetch();
-			$id = (int)$query['id'];
+		$query = Player::where('name', 'like', '%' . $search_player . '%')->orderBy('name')->limit(11)->get(['id', 'name']);
+		if (count($query) == 0) {
+			echo_error('No entries found.');
+		} else if (count($query) == 1) {
+			$id = $query->first()->getKey();
+		} else if (count($query) > 10) {
+			echo_error('Specified name resulted with too many players.');
 		} else {
-			$query = $db->query('SELECT `id`, `name` FROM `players` WHERE `name` LIKE ' . $db->quote('%' . $search_player . '%'));
-			if ($query->rowCount() > 0 && $query->rowCount() <= 10) {
 			$str_construct = 'Do you mean?<ul>';
-				foreach ($query as $row)
-					$str_construct .= '<li><a href="' . $player_base . '&id=' . $row['id'] . '">' . $row['name'] . '</a></li>';
+			foreach ($query as $row) {
+				$str_construct .= '<li><a href="' . $player_base . '&id=' . $row->getKey() . '">' . $row->name . '</a></li>';
+			}
 			$str_construct .= '</ul>';
 			echo_error($str_construct);
-			} else if ($query->rowCount() > 10)
-				echo_error('Specified name resulted with too many players.');
-			else
-				echo_error('No entries found.');
 		}
 	}
 }
@@ -72,7 +76,7 @@ else if (isset($_REQUEST['search'])) {
 		$player = new OTS_Player();
 		$player->load($id);
 
-		if (isset($player) && $player->isLoaded() && isset($_POST['save'])) {// we want to save
+		if ($player->isLoaded() && isset($_POST['save'])) {// we want to save
 			$error = false;
 
 			if ($player->isOnline())
@@ -196,7 +200,7 @@ else if (isset($_REQUEST['search'])) {
 
 			if ($hasBlessingsColumn) {
 				$blessings = $_POST['blessings'];
-				verify_number($blessings, 'Blessings', 2);
+				verify_number($blessings, 'Blessings', 3);
 			}
 
 			$balance = $_POST['balance'];
@@ -207,7 +211,7 @@ else if (isset($_REQUEST['search'])) {
 			}
 
 			$deleted = (isset($_POST['deleted']) && $_POST['deleted'] == 'true');
-			$hidden = (isset($_POST['hidden']) && $_POST['hidden'] == 'true');
+			$hide = (isset($_POST['hide']) && $_POST['hide'] == 'true');
 
 			$created = strtotime($_POST['created']);
 			verify_number($created, 'Created', 11);
@@ -268,7 +272,7 @@ else if (isset($_REQUEST['search'])) {
 					$player->setLossContainers($loss_containers);
 					$player->setLossItems($loss_items);
 				}
-				if ($db->hasColumn('players', 'blessings'))
+				if ($hasBlessingsColumn)
 					$player->setBlessings($blessings);
 
 				if ($hasBlessingColumn) {
@@ -284,7 +288,7 @@ else if (isset($_REQUEST['search'])) {
 					$player->setCustomField('deletion', $deleted ? '1' : '0');
 				else
 					$player->setCustomField('deleted', $deleted ? '1' : '0');
-				$player->setCustomField('hidden', $hidden ? '1' : '0');
+				$player->setCustomField('hide', $hide ? '1' : '0');
 				$player->setCustomField('created', $created);
 				if (isset($comment))
 					$player->setCustomField('comment', $comment);
@@ -301,7 +305,7 @@ else if (isset($_REQUEST['search'])) {
 			}
 		}
 	} else if ($id == 0) {
-		$players_db = $db->query('SELECT `id`, `name`, `level` FROM `players` ORDER BY `id` asc');
+		$players_db = Player::orderBy('id')->get(['id','name', 'level']);
 		?>
 		<div class="col-12 col-sm-12 col-lg-10">
 			<div class="card card-info card-outline">
@@ -321,11 +325,11 @@ else if (isset($_REQUEST['search'])) {
 						<tbody>
 						<?php foreach ($players_db as $player_db): ?>
 							<tr>
-								<th><?php echo $player_db['id']; ?></th>
-								<td><?php echo $player_db['name']; ?></a></td>
-								<td><?php echo $player_db['level']; ?></a></td>
+								<th><?php echo $player_db->id; ?></th>
+								<td><?php echo $player_db->name; ?></a></td>
+								<td><?php echo $player_db->level; ?></a></td>
 
-								<td><a href="?p=players&id=<?php echo $player_db['id']; ?>" class="btn btn-success btn-sm" title="Edit">
+								<td><a href="?p=players&id=<?php echo $player_db->id; ?>" class="btn btn-success btn-sm" title="Edit">
 										<i class="fas fa-pencil-alt"></i>
 									</a>
 								</td>
@@ -369,7 +373,8 @@ else if (isset($_REQUEST['search'])) {
 						</li>
 					</ul>
 				</div>
-				<form action="<?php echo $player_base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post">
+				<form action="<?php echo $player_base . ($id > 0 ? '&id=' . $id : ''); ?>" method="post">
+					<?php csrf(); ?>
 					<div class="card-body">
 						<div class="tab-content" id="tabs-tabContent">
 							<div class="tab-pane fade active show" id="tabs-home">
@@ -387,8 +392,8 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="group">Group:</label>
 										<select name="group" id="group" class="form-control custom-select">
-											<?php foreach ($groups->getGroups() as $id => $group): ?>
-												<option value="<?php echo $id; ?>" <?php echo($player->getGroup()->getId() == $id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
+											<?php foreach ($groups->getGroups() as $_id => $group): ?>
+												<option value="<?php echo $_id; ?>" <?php echo($player->getGroup()->getId() == $_id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -396,8 +401,8 @@ else if (isset($_REQUEST['search'])) {
 										<label for="vocation">Vocation</label>
 										<select name="vocation" id="vocation" class="form-control custom-select">
 											<?php
-											foreach ($config['vocations'] as $id => $name) {
-												echo '<option value=' . $id . ($id == $player->getVocation() ? ' selected' : '') . '>' . $name . '</option>';
+											foreach ($config['vocations'] as $_id => $name) {
+												echo '<option value=' . $_id . ($_id == $player->getVocation() ? ' selected' : '') . '>' . $name . '</option>';
 											}
 											?>
 										</select>
@@ -407,8 +412,8 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="sex">Sex:</label>
 										<select name="sex" id="sex" class="form-control custom-select">>
-											<?php foreach ($config['genders'] as $id => $sex): ?>
-												<option value="<?php echo $id; ?>" <?php echo($player->getSex() == $id ? 'selected' : ''); ?>><?php echo strtolower($sex); ?></option>
+											<?php foreach ($config['genders'] as $_id => $sex): ?>
+												<option value="<?php echo $_id; ?>" <?php echo($player->getSex() == $_id ? 'selected' : ''); ?>><?php echo strtolower($sex); ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -421,8 +426,8 @@ else if (isset($_REQUEST['search'])) {
 												$configTowns[$player->getTownId()] = 'Unknown Town';
 											}
 
-											foreach ($configTowns as $id => $town): ?>
-												<option value="<?php echo $id; ?>" <?php echo($player->getTownId() == $id ? 'selected' : ''); ?>><?php echo $town; ?></option>
+											foreach ($configTowns as $_id => $town): ?>
+												<option value="<?php echo $_id; ?>" <?php echo($player->getTownId() == $_id ? 'selected' : ''); ?>><?php echo $town; ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -433,8 +438,8 @@ else if (isset($_REQUEST['search'])) {
 										<select name="skull" id="skull" class="form-control custom-select">
 											<?php
 
-											foreach ($skull_type as $id => $s_name) {
-												echo '<option value=' . $id . ($id == $player->getSkull() ? ' selected' : '') . '>' . $s_name . '</option>';
+											foreach ($skull_type as $_id => $s_name) {
+												echo '<option value=' . $_id . ($_id == $player->getSkull() ? ' selected' : '') . '>' . $s_name . '</option>';
 											}
 											?>
 										</select>
@@ -478,8 +483,8 @@ else if (isset($_REQUEST['search'])) {
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<div class="custom-control custom-switch custom-switch-on-success">
-											<input type="checkbox" class="custom-control-input" name="hidden" id="hidden" value="true" <?php echo($player->isHidden() ? ' checked' : ''); ?>>
-											<label class="custom-control-label" for="hidden">Hidden</label>
+											<input type="checkbox" class="custom-control-input" name="hide" id="hide" value="true" <?php echo($player->isHidden() ? ' checked' : ''); ?>>
+											<label class="custom-control-label" for="hide">Hidden</label>
 										</div>
 									</div>
 								</div>
@@ -551,22 +556,22 @@ else if (isset($_REQUEST['search'])) {
 							</div>
 							<div class="tab-pane fade" id="tabs-skills">
 								<?php
-								foreach ($skills as $id => $info) {
+								foreach ($skills as $_id => $info) {
 									?>
 									<div class="form-group row">
 										<div class="col-12 col-sm-12 col-lg-6">
-											<?php echo '<label for="skills[' . $id . ']" class="control-label">' . $info[0] . '</label>
-									<input type="text" class="form-control" id="skills[' . $id . ']" name="skills[' . $id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkill($id) . '"/>'; ?>
+											<?php echo '<label for="skills[' . $_id . ']" class="control-label">' . $info[0] . '</label>
+									<input type="text" class="form-control" id="skills[' . $_id . ']" name="skills[' . $_id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkill($_id) . '"/>'; ?>
 										</div>
 										<div class="col-12 col-sm-12 col-lg-6">
-											<?php echo '<label for="skills_tries[' . $id . ']" class="control-label">' . $info[0] . ' tries</label>
-									<input type="text" class="form-control" id="skills_tries[' . $id . ']" name="skills_tries[' . $id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkillTries($id) . '"/>'; ?>
+											<?php echo '<label for="skills_tries[' . $_id . ']" class="control-label">' . $info[0] . ' tries</label>
+									<input type="text" class="form-control" id="skills_tries[' . $_id . ']" name="skills_tries[' . $_id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkillTries($_id) . '"/>'; ?>
 										</div>
 									</div>
 								<?php } ?>
 							</div>
 							<div class="tab-pane fade" id="tabs-pos">
-								<?php $outfit = $config['outfit_images_url'] . '?id=' . $player->getLookType() . ($hasLookAddons ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet(); ?>
+								<?php $outfit = setting('core.outfit_images_url') . '?id=' . $player->getLookType() . ($hasLookAddons ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet(); ?>
 								<div id="imgchar" style="width:64px;height:64px;position:absolute; top:30px; right:30px">
 									<img id="player_outfit" style="margin-left:0;margin-top:0;width:64px;height:64px;" src="<?php echo $outfit; ?>" alt="player outfit"/>
 								</div>
@@ -619,7 +624,7 @@ else if (isset($_REQUEST['search'])) {
 										if ($outfitlist) { ?>
 											<select name="look_type" id="look_type" class="form-control custom-select">
 												<?php
-												foreach ($outfitlist as $id => $outfit) {
+												foreach ($outfitlist as $_id => $outfit) {
 													if ($outfit['enabled'] == 'yes') ;
 													echo '<option value=' . $outfit['id'] . ($outfit['id'] == $player->getLookType() ? ' selected' : '') . '>' . $outfit['name'] . ' - ' . ($outfit['type'] == 1 ? 'Male' : 'Female') . '</option>';
 												}
@@ -635,8 +640,8 @@ else if (isset($_REQUEST['search'])) {
 											<select name="look_addons" id="look_addons" class="form-control custom-select">
 												<?php
 												$addon_type = array("None", "First", "Second", "Both");
-												foreach ($addon_type as $id => $s_name) {
-													echo '<option value=' . $id . ($id == $player->getLookAddons() ? ' selected' : '') . '>' . $s_name . '</option>';
+												foreach ($addon_type as $_id => $s_name) {
+													echo '<option value=' . $_id . ($_id == $player->getLookAddons() ? ' selected' : '') . '>' . $s_name . '</option>';
 												}
 												?>
 											</select>
@@ -663,7 +668,14 @@ else if (isset($_REQUEST['search'])) {
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="lastip" class="control-label">Last IP:</label>
-										<input type="text" class="form-control" id="lastip" name="lastip" autocomplete="off" maxlength="10" value="<?php echo longToIp($player->getLastIP()); ?>" readonly/>
+										<input type="text" class="form-control" id="lastip" name="lastip" autocomplete="off" maxlength="10" value="<?php
+										if (strlen($player->getLastIP()) > 11) {
+											echo inet_ntop($player->getLastIP());
+										}
+										else {
+											echo longToIp($player->getLastIP());
+										}
+										?>" readonly/>
 									</div>
 								</div>
 								<?php if ($db->hasColumn('players', 'loss_experience')): ?>
@@ -694,7 +706,7 @@ else if (isset($_REQUEST['search'])) {
 								<div class="form-group row">
 									<div class="col-12">
 										<label for="comment" class="control-label">Comment:</label>
-										<textarea class="form-control" name="comment" rows="10" cols="50" wrap="virtual"><?php echo $player->getCustomField("comment"); ?></textarea>
+										<textarea class="form-control" id="comment" name="comment" rows="10" cols="50" wrap="virtual"><?php echo $player->getCustomField("comment"); ?></textarea>
 										<small>[max. length: 2000 chars, 50 lines (ENTERs)]</small>
 									</div>
 								</div>
@@ -737,8 +749,7 @@ else if (isset($_REQUEST['search'])) {
 								<div class="row">
 									<?php
 									if (isset($account) && $account->isLoaded()) {
-										$account_players = $account->getPlayersList();
-										$account_players->orderBy('id');
+										$account_players = Player::where('account_id', $account->getId())->orderBy('id')->get();
 										if (isset($account_players)) { ?>
 											<table class="table table-striped table-condensed table-responsive d-md-table">
 												<thead>
@@ -751,23 +762,13 @@ else if (isset($_REQUEST['search'])) {
 												</tr>
 												</thead>
 												<tbody>
-												<?php foreach ($account_players as $i => $player):
-													$player_vocation = $player->getVocation();
-													$player_promotion = $player->getPromotion();
-													if (isset($player_promotion)) {
-														if ((int)$player_promotion > 0)
-															$player_vocation += ($player_promotion * $config['vocations_amount']);
-													}
-
-													if (isset($config['vocations'][$player_vocation])) {
-														$vocation_name = $config['vocations'][$player_vocation];
-													} ?>
+												<?php foreach ($account_players as $i => $player): ?>
 													<tr>
-														<th><?php echo $i; ?></th>
-														<td><?php echo $player->getName(); ?></td>
-														<td><?php echo $player->getLevel(); ?></td>
-														<td><?php echo $vocation_name; ?></td>
-														<td><a href="?p=players&id=<?php echo $player->getId() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
+														<th><?php echo $i + 1; ?></th>
+														<td><?php echo $player->name; ?></td>
+														<td><?php echo $player->level; ?></td>
+														<td><?php echo $player->vocation_name; ?></td>
+														<td><a href="?p=players&id=<?php echo $player->getKey() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
 													</tr>
 												<?php endforeach ?>
 												</tbody>
@@ -842,7 +843,7 @@ else if (isset($_REQUEST['search'])) {
 
 				<?php if($hasLookAddons): ?>
 				const $addonvalue = $('#look_addons');
-				$('#look_addons').on('change', () => {
+				$addonvalue.on('change', () => {
 					updateOutfit();
 				});
 				<?php endif; ?>
@@ -859,7 +860,7 @@ else if (isset($_REQUEST['search'])) {
 				<?php if($hasLookAddons): ?>
 				look_addons = '&addons=' + $('#look_addons').val();
 				<?php endif; ?>
-				$("#player_outfit").attr("src", '<?= $config['outfit_images_url']; ?>?id=' + look_type + look_addons + '&head=' + look_head + '&body=' + look_body + '&legs=' + look_legs + '&feet=' + look_feet);
+				$("#player_outfit").attr("src", '<?= setting('core.outfit_images_url'); ?>?id=' + look_type + look_addons + '&head=' + look_head + '&body=' + look_body + '&legs=' + look_legs + '&feet=' + look_feet);
 			}
 		</script>
 	<?php } ?>
@@ -871,18 +872,20 @@ else if (isset($_REQUEST['search'])) {
 			<div class="card-body row">
 				<div class="col-6 col-lg-12">
 					<form action="<?php echo $player_base; ?>" method="post">
-						<label for="name">Player Name:</label>
+						<?php csrf(); ?>
+						<label for="search">Player Name:</label>
 						<div class="input-group input-group-sm">
-							<input type="text" class="form-control" name="search" value="<?php echo $search_player; ?>" maxlength="32" size="32">
+							<input type="text" class="form-control" id="search" name="search" value="<?= escapeHtml($search_player); ?>" maxlength="32" size="32">
 							<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 						</div>
 					</form>
 				</div>
 				<div class="col-6 col-lg-12">
 					<form action="<?php echo $player_base; ?>" method="post">
-						<label for="name">Player ID:</label>
+						<?php csrf(); ?>
+						<label for="id">Player ID:</label>
 						<div class="input-group input-group-sm">
-							<input type="text" class="form-control" name="id" value="" maxlength="32" size="32">
+							<input type="text" class="form-control" id="id" name="id" value="<?= $id; ?>" maxlength="32" size="32">
 							<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 						</div>
 					</form>
@@ -893,7 +896,7 @@ else if (isset($_REQUEST['search'])) {
 </div>
 
 <script>
-	$(document).ready(function () {
+	$(function () {
 		$('.player_datatable').DataTable({
 			"order": [[0, "asc"]]
 		});

admin/pages/plugins.php

@@ -7,29 +7,107 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Plugins;
+
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Plugin manager';
+
+csrfProtect();
+
 $use_datatable = true;
 
-require_once LIBS . 'plugins.php';
+if (!setting('core.admin_plugins_manage_enable')) {
+	warning('Plugin installation and management is disabled in Settings.<br/>If you wish to enable, go to Settings and enable <strong>Enable Plugins Manage</strong>.');
+}
+else {
+	$pluginUploadEnabled = true;
+	if(!\class_exists('\ZipArchive')) {
+		error('Please install PHP zip extension. Plugins upload disabled until then.');
+		$pluginUploadEnabled = false;
+	}
 
-$twig->display('admin.plugins.form.html.twig');
+	$twig->display('admin.plugins.form.html.twig', ['pluginUploadEnabled' => $pluginUploadEnabled]);
 
-if (isset($_REQUEST['uninstall'])) {
-	$uninstall = $_REQUEST['uninstall'];
+	if (isset($_POST['uninstall'])) {
+		$uninstall = $_POST['uninstall'];
 
 		if (Plugins::uninstall($uninstall)) {
 			success('Successfully uninstalled plugin ' . $uninstall);
 		} else {
 			error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
 		}
-} else if (isset($_FILES["plugin"]["name"])) {
-	$file = $_FILES["plugin"];
-	$filename = $file["name"];
-	$tmp_name = $file["tmp_name"];
-	$type = $file["type"];
+	} else if (isset($_POST['enable'])) {
+		$enable = $_POST['enable'];
+		if (Plugins::enable($enable)) {
+			success('Successfully enabled plugin ' . $enable);
+		} else {
+			error('Error while enabling plugin ' . $enable . ': ' . Plugins::getError());
+		}
+	} else if (isset($_POST['disable'])) {
+		$disable = $_POST['disable'];
+		if (Plugins::disable($disable)) {
+			success('Successfully disabled plugin ' . $disable);
+		} else {
+			error('Error while disabling plugin ' . $disable . ': ' . Plugins::getError());
+		}
+	}
+	else if (isset($_GET['check-updates'])) {
+		$repoUri = $config['admin_plugins_api_uri'] ?? 'https://plugins.my-aac.org/api/';
+		success("Fetching latest info from $repoUri..");
 
-	$name = explode(".", $filename);
+		$adminPlugins = new \MyAAC\Admin\Plugins();
+
+		$adminPlugins->setApiBaseUri($repoUri);
+
+		try {
+			$plugins = $adminPlugins->getLatestVersions();
+		}
+		catch (Exception $e) {
+			error($e->getMessage());
+		}
+
+		if (isset($plugins) && count($plugins) > 0) {
+			$outdated = [];
+
+			foreach (get_plugins(true) as $plugin) {
+				$string = file_get_contents(BASE . 'plugins/' . $plugin . '.json');
+				$plugin_info = json_decode($string, true);
+
+				if (!$plugin_info) {
+					continue;
+				}
+
+				$disabled = (str_contains($plugin, 'disabled.'));
+				$pluginOriginal = ($disabled ? str_replace('disabled.', '', $plugin) : $plugin);
+
+				$info = $plugins[$pluginOriginal] ?? false;
+				if ($info && version_compare($info['version'], $plugin_info['version'], '>')) {
+					$outdated[] = [
+						'name' => $pluginOriginal,
+						'yourVersion' => $plugin_info['version'],
+						'latestVersion' => $info['version'],
+						'link' => $info['link'] ?? 'Unknown',
+						'download_link' => $info['download_link'] ?? 'Unknown',
+					];
+				}
+			}
+
+			if (count($outdated) > 0) {
+				info('Following updates have been found for your plugins:');
+				$twig->display('admin.plugins.outdated.html.twig', ['plugins' => $outdated]);
+			}
+			else {
+				success('All plugins up to date!');
+			}
+		}
+	} else if (isset($_FILES['plugin']['name'])) {
+		$file = $_FILES['plugin'];
+		$filename = $file['name'];
+		$tmp_name = $file['tmp_name'];
+		$type = $file['type'];
+
+		$name = explode('.', $filename);
 		$accepted_types = array('application/zip', 'application/x-zip-compressed', 'multipart/x-zip', 'application/x-compressed', 'application/octet-stream', 'application/zip-compressed');
 
 		if (isset($file['error'])) {
@@ -87,24 +165,27 @@ if (isset($_REQUEST['uninstall'])) {
 				error('Error uploading file - unknown error.');
 			}
 		}
+	}
 }
 
 $plugins = array();
-foreach (get_plugins() as $plugin) {
+foreach (get_plugins(true) as $plugin) {
 	$string = file_get_contents(BASE . 'plugins/' . $plugin . '.json');
-	$string = Plugins::removeComments($string);
 	$plugin_info = json_decode($string, true);
 
-	if ($plugin_info == false) {
+	if (!$plugin_info) {
 		warning('Cannot load plugin info ' . $plugin . '.json');
 	} else {
+		$disabled = (str_contains($plugin, 'disabled.'));
+		$pluginOriginal = ($disabled ? str_replace('disabled.', '', $plugin) : $plugin);
 		$plugins[] = array(
-			'name' => isset($plugin_info['name']) ? $plugin_info['name'] : '',
-			'description' => isset($plugin_info['description']) ? $plugin_info['description'] : '',
-			'version' => isset($plugin_info['version']) ? $plugin_info['version'] : '',
-			'author' => isset($plugin_info['author']) ? $plugin_info['author'] : '',
-			'contact' => isset($plugin_info['contact']) ? $plugin_info['contact'] : '',
-			'file' => $plugin,
+			'name' => $plugin_info['name'] ?? '',
+			'description' => $plugin_info['description'] ?? '',
+			'version' => $plugin_info['version'] ?? '',
+			'author' => $plugin_info['author'] ?? '',
+			'contact' => $plugin_info['contact'] ?? '',
+			'file' => $pluginOriginal,
+			'enabled' => !$disabled,
 			'uninstall' => isset($plugin_info['uninstall'])
 		);
 	}

admin/pages/settings.php

@@ -0,0 +1,60 @@
+<?php
+/**
+ * Menus
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+
+use MyAAC\Plugins;
+use MyAAC\Settings;
+
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Settings';
+
+require_once SYSTEM . 'clients.conf.php';
+if (empty($_GET['plugin'])) {
+	error('Please select plugin from left Panel.');
+	return;
+}
+
+$plugin = $_GET['plugin'];
+
+if($plugin != 'core') {
+	$pluginSettings = Plugins::getPluginSettings($plugin);
+	if (!$pluginSettings) {
+		error('This plugin does not exist or does not have settings defined.');
+		return;
+	}
+
+	$settingsFilePath = BASE . $pluginSettings;
+}
+else {
+	$settingsFilePath = SYSTEM . 'settings.php';
+}
+
+if (!file_exists($settingsFilePath)) {
+	error("Plugin $plugin does not exist or does not have settings defined.");
+	return;
+}
+
+$settingsFile = require $settingsFilePath;
+if (!is_array($settingsFile)) {
+	error("Cannot load settings file for plugin $plugin");
+	return;
+}
+
+$settingsKeyName = ($plugin == 'core' ? $plugin : $settingsFile['key']);
+
+$title = ($plugin == 'core' ? 'Settings' : 'Plugin Settings - ' . $settingsFile['name']);
+
+$settingsParsed = Settings::display($settingsKeyName, $settingsFile['settings']);
+
+$twig->display('admin.settings.html.twig', [
+	'settingsParsed' => $settingsParsed['content'],
+	'settings' => $settingsFile['settings'],
+	'script' => $settingsParsed['script'],
+	'settingsKeyName' => $settingsKeyName,
+]);

admin/pages/statistics.php

@@ -7,26 +7,25 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Models\Account;
+use MyAAC\Models\Guild;
+use MyAAC\Models\House;
+use MyAAC\Models\Player;
+
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Statistics';
 
-$query = $db->query('SELECT count(*) as `how_much` FROM `accounts`;');
-$query = $query->fetch();
-$total_accounts = $query['how_much'];
+$total_accounts = Account::count();
+$total_players = Player::count();
+$total_guilds = Guild::count();
+$total_houses = House::count();
 
-$query = $db->query('SELECT count(*) as `how_much` FROM `players`;');
-$query = $query->fetch();
-$total_players = $query['how_much'];
-
-$query = $db->query('SELECT count(*) as `how_much` FROM `guilds`;');
-$query = $query->fetch();
-$total_guilds = $query['how_much'];
-
-$query = $db->query('SELECT count(*) as `how_much` FROM `houses`;');
-$query = $query->fetch();
-$total_houses = $query['how_much'];
-
-$points = $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;');
+$points = Account::select(['premium_points', (USE_ACCOUNT_NAME ? 'name' : 'id')])
+	->orderByDesc('premium_points')
+	->limit(10)
+	->get()
+	->toArray();
 
 $twig->display('admin.statistics.html.twig', array(
 	'total_accounts' => $total_accounts,
@@ -36,4 +35,3 @@ $twig->display('admin.statistics.html.twig', array(
 	'account_type' => (USE_ACCOUNT_NAME ? 'name' : 'number'),
 	'points' => $points
 ));
-?>

admin/pages/version.php

@@ -47,4 +47,3 @@ function version_revert($version)
 	$release = $version;
 	return $major . '.' . $minor . '.' . $release;
 }*/
-?>

admin/pages/visitors.php

@@ -8,30 +8,58 @@
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
+
+use DeviceDetector\DeviceDetector;
+use DeviceDetector\Parser\Client\Browser;
+use DeviceDetector\Parser\OperatingSystem;
+use MyAAC\Visitors;
+
 $title = 'Visitors';
 $use_datatable = true;
 
-if (!$config['visitors_counter']): ?>
+if (!setting('core.visitors_counter')): ?>
 	Visitors counter is disabled.<br/>
-	You can enable it by editing this configurable in <b>config.local.php</b> file:<br/>
-	<p style="margin-left: 3em;"><b>$config['visitors_counter'] = true;</b></p>
+	You can enable it in Settings -> General -> Visitors Counter.<br/>
 	<?php
 	return;
 endif;
 
-require SYSTEM . 'libs/visitors.php';
-$visitors = new Visitors($config['visitors_counter_ttl']);
+$visitors = new Visitors(setting('core.visitors_counter_ttl'));
 
-function compare($a, $b)
-{
+function compare($a, $b): int {
 	return $a['lastvisit'] > $b['lastvisit'] ? -1 : 1;
 }
 
 $tmp = $visitors->getVisitors();
 usort($tmp, 'compare');
 
+foreach ($tmp as &$visitor) {
+	$userAgent = $visitor['user_agent'] ?? '';
+	if (!strlen($userAgent) || $userAgent == 'unknown') {
+		$browser = 'Unknown';
+	}
+	else {
+		$dd = new DeviceDetector($userAgent);
+		$dd->parse();
+
+		if ($dd->isBot()) {
+			$bot = $dd->getBot();
+			$message = '(Bot) %s, <a href="%s" target="_blank">%s</a>';
+			$browser = sprintf($message, $bot['category'] ?? 'Unknown', $bot['url'] ?? '', $bot['name'] ?? 'Unknown name');
+		}
+		else {
+			$osFamily = OperatingSystem::getOsFamily($dd->getOs('name'));
+			$browserFamily = Browser::getBrowserFamily($dd->getClient('name'));
+
+			$browser = $osFamily . ', ' . $browserFamily;
+		}
+	}
+
+	$visitor['browser'] = $browser;
+}
+
 $twig->display('admin.visitors.html.twig', array(
-	'config_visitors_counter_ttl' => $config['visitors_counter_ttl'],
+	'config_visitors_counter_ttl' => setting('core.visitors_counter_ttl'),
 	'visitors' => $tmp
 ));
 ?>

admin/template/menus.php

@@ -2,6 +2,9 @@
 
 $menus = [
 	['name' => 'Dashboard', 'icon' => 'tachometer-alt', 'order' => 10, 'link' => 'dashboard'],
+	['name' => 'Settings', 'icon' => 'edit', 'order' => 19, 'link' =>
+		require ADMIN . 'includes/settings_menus.php'
+	],
 	['name' => 'News', 'icon' => 'newspaper', 'order' => 20,  'link' =>
 		[
 			['name' => 'View', 'link' => 'news', 'icon' => 'list', 'order' => 10],
@@ -16,7 +19,7 @@ $menus = [
 			['name' => 'Add', 'link' => 'changelog&action=new', 'icon' => 'plus', 'order' => 20],
 		],
 	],
-	['name' => 'Mailer', 'icon' => 'envelope', 'order' => 40, 'link' => 'mailer', 'disabled' => !config('mail_enabled')],
+	['name' => 'Mailer', 'icon' => 'envelope', 'order' => 40, 'link' => 'mailer', 'disabled' => !setting('core.mail_enabled')],
 	['name' => 'Pages', 'icon' => 'book', 'order' => 50, 'link' =>
 		[
 			['name' => 'View', 'link' => 'pages', 'icon' => 'list', 'order' => 10],

admin/template/style.css

@@ -8,3 +8,8 @@
 .sidebar-mini.sidebar-collapse .menu-text {
 	display: none;
 }
+
+.myaac-table tbody tr:nth-child(even) {background: #FFF} /* light border */
+.myaac-table tbody tr:nth-child(odd) {background: #CCC} /* dark border */
+.myaac-table thead td {background: #000000; color: #ffffff !important;} /* vdark border */
+.myaac-table tfoot td {background: #000000; color: #ffffff !important;} /* vdark border */

admin/template/template.php

@@ -2,6 +2,7 @@
 <!doctype html>
 <html lang="en">
 <head>
+	<?php $hooks->trigger(HOOK_ADMIN_HEAD_START); ?>
 	<?php echo template_header(true); ?>
 	<title><?php echo (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];?></title>
 	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
@@ -16,8 +17,10 @@
 	<script src="<?php echo BASE_URL; ?>tools/js/respond.min.js"></script>
 	<![endif]-->
 	<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
+	<?php $hooks->trigger(HOOK_ADMIN_HEAD_END); ?>
 </head>
 <body class="sidebar-mini ">
+<?php $hooks->trigger(HOOK_ADMIN_BODY_START); ?>
 <?php if ($logged && admin()) { ?>
 	<div class="wrapper">
 		<nav class="main-header navbar navbar-expand navbar-white navbar-light">
@@ -65,7 +68,7 @@
 							if (!$has_child) { ?>
 								<li class="nav-item">
 									<a class="nav-link<?php echo(strpos($menu['link'], $page) !== false ? ' active' : '') ?>" href="?p=<?php echo $menu['link'] ?>">
-										<i class="nav-icon fas fa-<?php echo(isset($menu['icon']) ? $menu['icon'] : 'link') ?>"></i>
+										<i class="nav-icon fas fa-<?php echo($menu['icon'] ?? 'link') ?>"></i>
 										<p><?php echo $menu['name'] ?></p>
 									</a>
 								</li>
@@ -73,9 +76,9 @@
 							} else if ($has_child) {
 								$used_menu = null;
 								$nav_construct = '';
-								foreach ($menu['link'] as $category => $sub_menu) {
+								foreach ($menu['link'] as $sub_category => $sub_menu) {
 									$nav_construct .= '<li class="nav-item"><a href="?p=' . $sub_menu['link'] . '" class="nav-link';
-									if ($page == $sub_menu['link']) {
+									if ($_SERVER['QUERY_STRING'] == 'p=' . $sub_menu['link']) {
 										$nav_construct .= ' active';
 										$used_menu = true;
 									}
@@ -188,12 +191,13 @@ if ($logged && admin()) {
 	]);
 }
 ?>
-<script src="<?php echo BASE_URL; ?>tools/js/bootstrap.min.js"></script>
-<script src="<?php echo BASE_URL; ?>tools/js/jquery-ui.min.js"></script>
+<script src="<?php echo BASE_URL; ?>tools/ext/bootstrap/js/bootstrap.min.js"></script>
+<script src="<?php echo BASE_URL; ?>tools/ext/jquery-ui/jquery-ui.min.js"></script>
 <?php if (isset($use_datatable))  { ?>
 <script src="<?php echo BASE_URL; ?>tools/js/datatables.min.js"></script>
 <script src="<?php echo BASE_URL; ?>tools/js/datatables.bs.min.js"></script>
 <?php } ?>
 <script src="<?php echo BASE_URL; ?>tools/js/adminlte.min.js"></script>
+<?php $hooks->trigger(HOOK_ADMIN_BODY_END); ?>
 </body>
 </html>

admin/tools/phpinfo.php

@@ -13,4 +13,3 @@ if(!function_exists('phpinfo'))
 	die('phpinfo() disabled on this web server.');
 
 phpinfo();
-?>

admin/tools/reload_data.php

@@ -22,7 +22,10 @@
  * @copyright 2020 MyAAC
  * @link      https://my-aac.org
  */
-define('MYAAC_ADMIN', true);
+
+use MyAAC\DataLoader;
+
+const MYAAC_ADMIN = true;
 
 require '../../common.php';
 require SYSTEM . 'functions.php';
@@ -34,11 +37,9 @@ if (!admin())
 
 ini_set('max_execution_time', 300);
 ob_implicit_flush();
-ob_end_flush();
+@ob_end_flush();
 header('X-Accel-Buffering: no');
 
-require LIBS . 'DataLoader.php';
-
 require LOCALE . 'en/main.php';
 require LOCALE . 'en/install.php';
 

admin/tools/settings_save.php

@@ -0,0 +1,41 @@
+<?php
+
+use MyAAC\Settings;
+
+const MYAAC_ADMIN = true;
+
+require '../../common.php';
+require SYSTEM . 'functions.php';
+require SYSTEM . 'init.php';
+require SYSTEM . 'login.php';
+
+if(!admin()) {
+	http_response_code(500);
+	die('Access denied.');
+}
+
+csrfProtect();
+
+if (!isset($_REQUEST['plugin'])) {
+	http_response_code(500);
+	die('Please enter plugin name.');
+}
+
+if (!isset($_POST['settings'])) {
+	http_response_code(500);
+	die('Please enter settings.');
+}
+
+$settings = Settings::getInstance();
+
+$success = $settings->save($_REQUEST['plugin'], $_POST['settings']);
+
+$errors = $settings->getErrors();
+if (count($errors) > 0) {
+	http_response_code(500);
+	die(implode('<br/>', $errors));
+}
+
+if ($success) {
+	echo 'Saved at ' . date('H:i');
+}

common.php

@@ -20,14 +20,14 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
+ * @copyright 2024 MyAAC
  * @link      https://my-aac.org
  */
-if (version_compare(phpversion(), '7.2.5', '<')) die('PHP version 7.2.5 or higher is required.');
+if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
 
 const MYAAC = true;
-const MYAAC_VERSION = '0.9.0-dev';
-const DATABASE_VERSION = 33;
+const MYAAC_VERSION = '1.8';
+const DATABASE_VERSION = 45;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
@@ -108,6 +108,13 @@ const TFS_FIRST = TFS_02;
 const TFS_LAST = TFS_03;
 
 // other definitions
+const MAIL_MAIL = 0;
+const MAIL_SMTP = 1;
+
+const SMTP_SECURITY_NONE = 0;
+const SMTP_SECURITY_SSL = 1;
+const SMTP_SECURITY_TLS = 2;
+
 const ACCOUNT_NUMBER_LENGTH = 8;
 
 if (!IS_CLI) {
@@ -115,34 +122,41 @@ if (!IS_CLI) {
 	session_start();
 }
 
-// basedir
-$basedir = '';
-$tmp = explode('/', $_SERVER['SCRIPT_NAME']);
-$size = count($tmp) - 1;
-for($i = 1; $i < $size; $i++)
-	$basedir .= '/' . $tmp[$i];
+if (file_exists(BASE . 'config.local.php')) {
+	require BASE . 'config.local.php';
+}
 
-$basedir = str_replace(['/' . ADMIN_PANEL_FOLDER, '/install', '/tools'], '', $basedir);
-define('BASE_DIR', $basedir);
+require SYSTEM . 'base.php';
+define('BASE_DIR', $baseDir);
 
 if(!IS_CLI) {
-	if (isset($_SERVER['HTTP_HOST'][0])) {
-		$baseHost = $_SERVER['HTTP_HOST'];
-	} else {
-		if (isset($_SERVER['SERVER_NAME'][0])) {
-			$baseHost = $_SERVER['SERVER_NAME'];
-		} else {
-			$baseHost = $_SERVER['SERVER_ADDR'];
-		}
-	}
+	if (isset($config['site_url'])) {
+		$hasSlashAtEnd = ($config['site_url'][strlen($config['site_url']) - 1] == '/');
 
-	define('SERVER_URL', 'http' . (isset($_SERVER['HTTPS'][0]) && strtolower($_SERVER['HTTPS']) === 'on' ? 's' : '') . '://' . $baseHost);
+		define('SERVER_URL', $config['site_url']);
+		define('BASE_URL', SERVER_URL . ($hasSlashAtEnd ? '' : '/'));
+		define('ADMIN_URL', SERVER_URL . ($hasSlashAtEnd ? '' : '/') . ADMIN_PANEL_FOLDER . '/');
+	}
+	else {
+		define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
 		define('BASE_URL', SERVER_URL . BASE_DIR . '/');
-	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
+		define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
 
 		//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
+	}
+}
 
-	require SYSTEM . 'exception.php';
+/** @var array $config */
+ini_set('log_errors', 1);
+if(@$config['env'] === 'dev' || defined('MYAAC_INSTALL')) {
+	ini_set('display_errors', 1);
+	ini_set('display_startup_errors', 1);
+	error_reporting(E_ALL);
+}
+else {
+	ini_set('display_errors', 0);
+	ini_set('display_startup_errors', 0);
+	error_reporting(E_ALL & ~E_DEPRECATED & ~E_STRICT);
 }
 
 $autoloadFile = VENDOR . 'autoload.php';
@@ -151,3 +165,11 @@ if (!is_file($autoloadFile)) {
 }
 
 require $autoloadFile;
+
+function isHttps(): bool
+{
+	return
+		(!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https')
+		|| (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
+		|| (isset($_SERVER['SERVER_PORT']) && (int) $_SERVER['SERVER_PORT'] === 443);
+}

composer.json

@@ -1,6 +1,6 @@
 {
     "require": {
-        "php": "^7.2.5 || ^8.0",
+        "php": "^8.1",
         "ext-pdo": "*",
         "ext-pdo_mysql": "*",
         "ext-json": "*",
@@ -8,8 +8,26 @@
         "ext-dom": "*",
         "phpmailer/phpmailer": "^6.1",
         "composer/semver": "^3.2",
-        "twig/twig": "^2.0",
+        "twig/twig": "^3.11",
         "erusev/parsedown": "^1.7",
-        "nikic/fast-route": "^1.3"
+        "nikic/fast-route": "^1.3",
+        "matomo/device-detector": "^6.0",
+        "illuminate/database": "^10.18",
+        "peppeocchi/php-cron-scheduler": "4.*",
+        "symfony/console": "^6.4",
+        "symfony/string": "^6.4",
+        "symfony/var-dumper": "^6.4",
+        "filp/whoops": "^2.15",
+        "maximebf/debugbar": "1.*",
+        "guzzlehttp/guzzle": "7.9.3"
+    },
+    "require-dev": {
+        "phpstan/phpstan": "^1.10"
+    },
+    "autoload": {
+        "psr-4": {
+            "MyAAC\\": "system/src"
+        },
+        "files": ["system/src/global.php"]
     }
 }

config.php

@@ -1,326 +0,0 @@
-<?php
-/**
- * This is MyAAC's Main Configuration file
- *
- * All the default values are kept here, you should not modify it but use
- * a config.local.php file instead to override the settings from here.
- *
- * This is a piece of PHP code so PHP syntax applies!
- * For boolean values please use true/false.
- *
- * Minimally 'server_path' directive have to be filled, other options are optional.
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
- * @link      https://my-aac.org
- */
-
-$config = array(
-	// directories & files
-	'server_path' => '', // path to the server directory (same directory where config file is located)
-
-	/**
-	 * Environment Setting
-	 *
-	 * if you use this script on your live server - set to 'prod' (production)
-	 * if you want to test and debug the script locally, or develop plugins, set to 'dev' (development)
-	 * WARNING: on 'dev' cache is disabled, so site will be significantly slower !!!
-	 * WARNING2: on 'dev' all PHP errors/warnings are displayed
-	 * Recommended: 'prod' cause of speed (page load time is better)
-	 */
-	'env' => 'prod', // 'prod' for production and 'dev' for development
-
-	'template' => 'kathrine', // template used by website (kathrine, tibiacom)
-	'template_allow_change' => true, // allow users to choose their own template while browsing website?
-
-	'vocations_amount' => 4, // how much basic vocations your server got (without promotion)
-
-	// what client version are you using on this OT?
-	// used for the Downloads page and some templates aswell
-	'client' => 1098, // 954 = client 9.54
-
-	'session_prefix' => 'myaac_', // must be unique for every site on your server
-	'friendly_urls' => false, // mod_rewrite is required for this, it makes links looks more elegant to eye, and also are SEO friendly (example: https://my-aac.org/guilds/Testing instead of https://my-aac.org/?subtopic=guilds&name=Testing). Remember to rename .htaccess.dist to .htaccess
-	'gzip_output' => false, // gzip page content before sending it to the browser, uses less bandwidth but more cpu cycles
-
-	// gesior backward support (templates & pages)
-	// allows using gesior templates and pages with myaac
-	// might bring some performance when disabled
-	'backward_support' => true,
-
-	// head options (html)
-	'meta_description' => 'Tibia is a free massive multiplayer online role playing game (MMORPG).', // description of the site
-	'meta_keywords' => 'free online game, free multiplayer game, ots, open tibia server', // keywords list separated by commas
-
-	// footer
-	'footer' => ''/*'<br/>Your Server &copy; 2016. All rights reserved.'*/,
-
-	'language' => 'en', // default language (currently only 'en' available)
-	'language_allow_change' => false,
-
-	'visitors_counter' => true,
-	'visitors_counter_ttl' => 10, // how long visitor will be marked as online (in minutes)
-	'views_counter' => true,
-
-	// cache system. by default file cache is used
-	'cache_engine' => 'auto', // apc, apcu, eaccelerator, xcache, file, auto, or blank to disable.
-	'cache_prefix' => 'myaac_', // have to be unique if running more MyAAC instances on the same server (except file system cache)
-
-	// database details (leave blank for auto detect from config.lua)
-	'database_host' => '',
-	'database_port' => '', // leave blank to default 3306
-	'database_user' => '',
-	'database_password' => '',
-	'database_name' => '',
-	'database_log' => false, // should database queries be logged and saved into system/logs/database.log?
-	'database_socket' => '', // set if you want to connect to database through socket (example: /var/run/mysqld/mysqld.sock)
-	'database_persistent' => false, // use database permanent connection (like server), may speed up your site
-
-	// multiworld system (only TFS 0.3)
-	'multiworld' => false, // use multiworld system?
-	'worlds' => array( // list of worlds
-		//'1' => 'Your World Name',
-		//'2' => 'Your Second World Name'
-	),
-
-	// images
-	'outfit_images_url' => 'https://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
-	'outfit_images_wrong_looktypes' => [75, 126, 127, 266, 302], // this looktypes needs to have different margin-top and margin-left because they are wrong positioned
-	'item_images_url' => 'https://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
-	'item_images_extension' => '.gif',
-
-	// creatures
-	'creatures_images_url' => 'images/monsters/', // set to images/monsters if you host your own creatures in images folder
-	'creatures_images_extension' => '.gif',
-	'creatures_images_preview' => false,  // set to true to allow picture previews for creatures
-	'creatures_items_url' => 'https://tibia.fandom.com/wiki/', // set to website which shows details about items.
-	'creatures_loot_percentage' => true, // set to true to show the loot tooltip percent
-
-	// account
-	'account_management' => true, // disable if you're using other method to manage users (fe. tfs account manager)
-	'account_login_by_email' => false, // use email instead of Account Name like in latest Tibia
-	'account_login_by_email_fallback' => false, // allow also additionally login by Account Name/Number (for users that might forget their email)
-	'account_create_auto_login' => false, // auto login after creating account?
-	'account_create_character_create' => true, // allow directly to create character on create account page?
-	'account_mail_verify' => false, // force users to confirm their email addresses when registering
-	'account_mail_confirmed_reward' => [ // reward users for confirming their E-Mails
-		// account_mail_verify needs to be enabled too
-		'premium_days' => 0,
-		'premium_points' => 0,
-		'coins' => 0,
-		'message' => 'You received %d %s for confirming your E-Mail address.' // example: You received 20 premium points for confirming your E-Mail address.
-	],
-	'account_mail_unique' => true, // email addresses cannot be duplicated? (one account = one email)
-	'account_mail_block_plus_sign' => true, // block email with '+' signs like test+box@gmail.com (help protect against spamming accounts)
-	'account_premium_days' => 0, // default premium days on new account
-	'account_premium_points' => 0, // default premium points on new account
-	'account_welcome_mail' => true, // send welcome email when user registers
-	'account_mail_change' => 2, // how many days user need to change email to account - block hackers
-	'account_country' => true, // user will be able to set country of origin when registering account, this information will be viewable in others places aswell
-	'account_country_recognize' => true, // should country of user be automatically recognized by his IP? This makes an external API call to http://ipinfo.io
-	'account_change_character_name' => false, // can user change their character name for premium points?
-	'account_change_character_name_points' => 30, // cost of name change
-	'account_change_character_sex' => false, // can user change their character sex for premium points?
-	'account_change_character_sex_points' => 30, // cost of sex change
-	'characters_per_account' => 10,	// max. number of characters per account
-
-	// mail
-	'mail_enabled' => false, // is aac maker configured to send e-mails?
-	'mail_address' => 'no-reply@your-server.org', // server e-mail address (from:)
-	'mail_admin' => 'your-address@your-server.org', // admin email address, where mails from contact form will be sent
-	'mail_signature' => array( // signature that will be included at the end of every message sent using _mail function
-		'plain' => ""/*"--\nMy Server,\nhttp://www.myserver.com"*/,
-		'html' => ''/*'<br/>My Server,\n<a href="http://www.myserver.com">myserver.com</a>'*/
-	),
-	'smtp_enabled' => false, // send by smtp or mail function (set false if use mail function, set to true if you use GMail or Microsoft Outlook)
-	'smtp_host' => '', // mail host. smtp.gmail.com for GMail / smtp-mail.outlook.com for Microsoft Outlook
-	'smtp_port' => 25, // 25 (default) / 465 (ssl, GMail) / 587 (tls, Microsoft Outlook)
-	'smtp_auth' => true, // need authorization?
-	'smtp_user' => 'admin@example.org', // here your email username
-	'smtp_pass' => '',
-	'smtp_secure' => '', // What kind of encryption to use on the SMTP connection. Options: '', 'ssl' (GMail) or 'tls' (Microsoft Outlook)
-	'smtp_debug' => false, // set true to debug (you will see more info in error.log)
-
-	// Google reCAPTCHA (prevent spam bots)
-	'recaptcha_enabled' => false, // enable recaptcha verification code
-	'recaptcha_type' => 'v3', // 'v2-checkbox', 'v2-invisible', 'v3'
-	'recaptcha_site_key' => '', // get your own site and secret keys at https://www.google.com/recaptcha
-	'recaptcha_secret_key' => '',
-	// following option apply only for ReCaptcha v2-checkbox
-	'recaptcha_v2_theme' => 'light', // light, dark
-	// following option apply only for ReCaptcha v3
-	// min score for validation, between 0 - 1.0
-	// https://developers.google.com/recaptcha/docs/v3#interpreting_the_score
-	'recaptcha_v3_min_score' => 0.5,
-
-	//
-	'generate_new_reckey' => true,				// let player generate new recovery key, he will receive e-mail with new rec key (not display on page, hacker can't generate rec key)
-	'generate_new_reckey_price' => 20,			// price for new recovery key
-	'send_mail_when_change_password' => true,	// send e-mail with new password when change password to account
-	'send_mail_when_generate_reckey' => true,	// send e-mail with rec key (key is displayed on page anyway when generate)
-
-	// you may need to adjust this for older tfs versions
-	// by removing Community Manager
-	'account_types' => [
-		'None',
-		'Normal',
-		'Tutor',
-		'Senior Tutor',
-		'Gamemaster',
-		'Community Manager',
-		'God',
-	],
-
-	// genders (aka sex)
-	'genders' => array(
-		0 => 'Female',
-		1 => 'Male'
-	),
-
-	// new character config
-	'character_samples' => array( // vocations, format: ID_of_vocation => 'Name of Character to copy'
-		//0 => 'Rook Sample',
-		1 => 'Sorcerer Sample',
-		2 => 'Druid Sample',
-		3 => 'Paladin Sample',
-		4 => 'Knight Sample'
-	),
-
-	'use_character_sample_skills' => false,
-
-	// it must show limited number of players after using search in character page
-	'characters_search_limit' => 15,
-
-	// town list used when creating character
-	// won't be displayed if there is only one item (rookgaard for example)
-	'character_towns' => array(1),
-
-	// characters length
-	// This is the minimum and the maximum length that a player can create a character. It is highly recommend the maximum length to be 21.
-	'character_name_min_length' => 4,
-	'character_name_max_length' => 21,
-	'character_name_npc_check' => true,
-
-	// list of towns
-	// if you use TFS 1.3 with support for 'towns' table in database, then you can ignore this - it will be configured automatically (from MySQL database - Table - towns)
-	// otherwise it will try to load from your .OTBM map file
-	// if you don't see towns on website, then you need to fill this out
-	'towns' => array(
-		0 => 'No town',
-		1 => 'Sample town'
-	),
-
-	// guilds
-	'guild_management' => true, // enable guild management system on the site?
-	'guild_need_level' => 1, // min. level to form a guild
-	'guild_need_premium' => true, // require premium account to form a guild?
-	'guild_image_size_kb' => 80, // maximum size of the guild logo image in KB (kilobytes)
-	'guild_description_default' => 'New guild. Leader must edit this text :)',
-	'guild_description_chars_limit' => 1000, // limit of guild description
-	'guild_description_lines_limit' => 6, // limit of lines, if description has more lines it will be showed as long text, without 'enters'
-	'guild_motd_chars_limit' => 150, // limit of MOTD (message of the day) that is shown later in the game on the guild channel
-
-	// online page
-	'online_record' => true, // display players record?
-	'online_vocations' => false, // display vocation statistics?
-	'online_vocations_images' => false, // display vocation images?
-	'online_skulls' => false, // display skull images
-	'online_outfit' => true,
-	'online_afk' => false,
-
-	// support list page
-	'team_style' => 2, // 1/2 (1 - normal table, 2 - in boxes, grouped by group id)
-	'team_display_status' => true,
-	'team_display_lastlogin' => true,
-	'team_display_world' => false,
-	'team_display_outfit' => true,
-
-	// bans page
-	'bans_per_page' => 20,
-
-	// highscores page
-	'highscores_vocation_box' => true, // show 'Choose a vocation' box on the highscores (allowing peoples to sort highscores by vocation)?
-	'highscores_vocation' => true, // show player vocation under his nickname?
-	'highscores_frags' => false, // show 'Frags' tab (best fraggers on the server)?
-	'highscores_balance' => false, // show 'Balance' tab (richest players on the server)
-	'highscores_outfit' => true, // show player outfit?
-	'highscores_country_box' => false, // doesnt work yet! (not implemented)
-	'highscores_groups_hidden' => 3, // this group id and higher won't be shown on the highscores
-	'highscores_ids_hidden' => array(0), // this ids of players will be hidden on the highscores (should be ids of samples)
-	'highscores_per_page' => 100, // how many records per page on highscores
-	'highscores_cache_ttl' => 15, // how often to update highscores from database in minutes (default 15 minutes)
-
-	// characters page
-	'characters' => array( // what things to display on character view page (true/false in each option)
-		'level' => true,
-		'experience' => false,
-		'magic_level' => false,
-		'balance' => false,
-		'marriage_info' => true, // only 0.3
-		'outfit' => true,
-		'creation_date' => true,
-		'quests' => true,
-		'skills' => true,
-		'equipment' => true,
-		'frags' => false,
-		'deleted' => false, // should deleted characters from same account be still listed on the list of characters? When enabled it will show that character is "[DELETED]"
-	),
-	'quests' => array(
-		//'Some Quest' => 123,
-		//'Some Quest Two' => 456,
-	), // quests list (displayed in character view), name => storage
-	'signature_enabled' => true,
-	'signature_type' => 'tibian', // signature engine to use: tibian, mango, gesior
-	'signature_cache_time' => 5, // how long to store cached file (in minutes), default 5 minutes
-	'signature_browser_cache' => 60, // how long to cache by browser (in minutes), default 1 hour
-
-	// news page
-	'news_limit' => 5, // limit of news on the latest news page
-	'news_ticker_limit' => 5, // limit of news in tickers (mini news) (0 to disable)
-	'news_date_format' => 'j.n.Y', // check php manual date() function for more info about this
-	'news_author' => true, // show author of the news
-
-	// gifts/shop system
-	'gifts_system' => false,
-
-	// support/system
-	'bug_report' => true, // this configurable has no effect, its always enabled
-
-	// forum
-	'forum' => 'site', // link to the server forum, set to "site" if you want to use build in forum system, otherwise leave empty if you aren't going to use any forum
-	'forum_level_required' => 0, // level required to post, 0 to disable
-	'forum_post_interval' => 30, // in seconds
-	'forum_posts_per_page' => 20,
-	'forum_threads_per_page' => 20,
-	// uncomment to force use table for forum
-	//'forum_table_prefix' => 'z_', // what forum mysql table to use, z_ (for gesior old forum) or myaac_ (for myaac)
-
-	// last kills
-	'last_kills_limit' => 50, // max. number of deaths shown on the last kills page
-
-	// status, took automatically from config file if empty
-	'status_enabled' => true, // you can disable status checking by settings this to "false"
-	'status_ip' => '',
-	'status_port' => '',
-	'status_timeout' => 2.0, // how long to wait for the initial response from the server (default: 2 seconds)
-
-	// how often to connect to server and update status (default: every minute)
-	// if your status timeout in config.lua is bigger, that it will be used instead
-	// when server is offline, it will be checked every time web refreshes, ignoring this variable
-	'status_interval' => 60,
-
-	// admin panel
-	'admin_panel_modules' => 'statistics,web_status,server_status,lastlogin,created,points,coins,balance',    // default - statistics,web_status,server_status,lastlogin,created,points,coins,balance
-
-	// other
-	'anonymous_usage_statistics' => true,
-	'email_lai_sec_interval' => 60, // time in seconds between e-mails to one account from lost account interface, block spam
-	'google_analytics_id' => '', // e.g.: UA-XXXXXXX-X
-	'experiencetable_columns' => 3, // how many columns to display in experience table page. * experiencetable_rows, 5 = 500 (will show up to 500 level)
-	'experiencetable_rows' => 200, // till how many levels in one column
-	'date_timezone' => 'Europe/Berlin', // more info at http://php.net/manual/en/timezones.php
-	'footer_show_load_time' => true, // display load time of the page in the footer
-
-	'npc' => array()
-);

cypress.config.js

@@ -0,0 +1,9 @@
+const { defineConfig } = require("cypress");
+
+module.exports = defineConfig({
+  e2e: {
+    setupNodeEvents(on, config) {
+      // implement node event listeners here
+    },
+  },
+});

cypress/e2e/1-install.cy.js

@@ -0,0 +1,76 @@
+describe('Install MyAAC', () => {
+	beforeEach(() => {
+		// Cypress starts out with a blank slate for each test
+		// so we must tell it to visit our website with the `cy.visit()` command.
+		// Since we want to visit the same URL at the start of all our tests,
+		// we include it in our beforeEach function so that it runs before each test
+		cy.visit(Cypress.env('URL'))
+	})
+
+	it('Go through installer', () => {
+		cy.visit(Cypress.env('URL') + '/install/?step=welcome')
+		cy.wait(1000)
+
+		cy.screenshot('install-welcome')
+
+		// step 1 - Welcome
+		cy.get('select[name="lang"]').select('en')
+
+		//cy.get('input[type=button]').contains('Next »').click()
+
+		cy.get('form').submit()
+
+		// step 2 - License
+		// just skip
+		cy.contains('GNU/GPL License');
+		cy.get('form').submit()
+
+		// step 3 - Requirements
+		cy.contains('Requirements check');
+
+		cy.get('#step').then(elem => {
+			elem.val('config');
+		});
+
+		cy.get('form').submit()
+
+		// step 4 - Configuration
+		cy.contains('Basic configuration');
+
+		cy.get('#vars_server_path').click().clear().type(Cypress.env('SERVER_PATH'))
+
+		cy.get('[type="checkbox"]').uncheck() // usage statistics uncheck
+
+		cy.wait(1000)
+
+		cy.get('form').submit()
+
+		// check if there is any error
+
+
+		// step 5 - Import Schema
+		cy.contains('Import MySQL schema');
+
+		// AAC is not installed yet, this message should not come
+		cy.contains('Seems AAC is already installed. Skipping importing MySQL schema..').should('not.exist')
+
+		cy.contains('[class="alert alert-success"]', 'Local configuration has been saved into file: config.local.php').should('be.visible')
+
+		cy.get('form').submit()
+
+		// step 6 - Admin Account
+		cy.get('#vars_email').click().clear().type('admin@my-aac.org')
+		cy.get('#vars_account').click().clear().type('admin')
+		cy.get('#vars_password').click().clear().type('test1234')
+		cy.get('#vars_password_confirm').click().clear().type('test1234')
+		cy.get('#vars_player_name').click().clear().type('Admin')
+
+		cy.get('form').submit()
+
+		cy.contains('[class="alert alert-success"]', 'Congratulations', { timeout: 60000 }).should('be.visible')
+
+		cy.wait(2000);
+
+		cy.screenshot('install-finish')
+	})
+})

cypress/e2e/2-create-account.cy.js

@@ -0,0 +1,33 @@
+describe('Create Account Page', () => {
+	beforeEach(() => {
+		// Cypress starts out with a blank slate for each test
+		// so we must tell it to visit our website with the `cy.visit()` command.
+		// Since we want to visit the same URL at the start of all our tests,
+		// we include it in our beforeEach function so that it runs before each test
+		cy.visit(Cypress.env('URL') + '/index.php/account/create')
+	})
+
+	it('Create Test Account', () => {
+		cy.screenshot('create-account-page')
+
+		cy.get('#account_input').type('tester')
+		cy.get('#email').type('tester@example.com')
+
+		cy.get('#password').type('test1234')
+		cy.get('#password_confirm').type('test1234')
+
+		cy.get('#character_name').type('Slaw')
+
+		cy.get('#sex1').check()
+		cy.get('#vocation1').check()
+		cy.get('#accept_rules').check()
+
+		cy.get('#createaccount').submit()
+
+		// no errors please
+		cy.contains('The Following Errors Have Occurred:').should('not.exist')
+
+		// ss of post page
+		cy.screenshot('create-account-page-post')
+	})
+})

cypress/e2e/3-check-public-pages.cy.js

@@ -0,0 +1,174 @@
+describe('Check Public Pages', () => {
+
+	/// news
+	it('Go to news page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/news',
+			method: 'GET',
+		})
+	})
+
+	it('Go to news archive page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/news/archive',
+			method: 'GET',
+		})
+	})
+
+	it('Go to changelog page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/change-log',
+			method: 'GET',
+		})
+	})
+
+	/// account management
+	it('Go to account manage page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/manage',
+			method: 'GET',
+		})
+	})
+
+	it('Go to account create page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/create',
+			method: 'GET',
+		})
+	})
+
+	it('Go to account lost page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/lost',
+			method: 'GET',
+		})
+	})
+
+	it('Go to rules page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/rules',
+			method: 'GET',
+		})
+	})
+
+	// community
+	it('Go to online page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/online',
+			method: 'GET',
+		})
+	})
+
+	it('Go to characters list page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/characters',
+			method: 'GET',
+		})
+	})
+
+	it('Go to guilds page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/guilds',
+			method: 'GET',
+		})
+	})
+
+	it('Go to highscores page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/highscores',
+			method: 'GET',
+		})
+	})
+
+	it('Go to last kills page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/last-kills',
+			method: 'GET',
+		})
+	})
+
+	it('Go to houses page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/houses',
+			method: 'GET',
+		})
+	})
+
+	it('Go to bans page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/bans',
+			method: 'GET',
+		})
+	})
+
+	it('Go to forum page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/forum',
+			method: 'GET',
+		})
+	})
+
+	it('Go to team page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/team',
+			method: 'GET',
+		})
+	})
+
+	// library
+	it('Go to monsters page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/monsters',
+			method: 'GET',
+		})
+	})
+
+	it('Go to spells page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/spells',
+			method: 'GET',
+		})
+	})
+
+	it('Go to server info page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/ots-info',
+			method: 'GET',
+		})
+	})
+
+	it('Go to commands page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/commands',
+			method: 'GET',
+		})
+	})
+
+	it('Go to downloads page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/downloads',
+			method: 'GET',
+		})
+	})
+
+	it('Go to gallery page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/gallery',
+			method: 'GET',
+		})
+	})
+
+	it('Go to experience table page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/exp-table',
+			method: 'GET',
+		})
+	})
+
+	it('Go to faq page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/faq',
+			method: 'GET',
+		})
+	})
+})

cypress/e2e/4-check-protected-pages.cy.js

@@ -0,0 +1,81 @@
+const REQUIRED_LOGIN_MESSAGE = 'Please enter your account name and your password.';
+const YOU_ARE_NOT_LOGGEDIN = 'You are not logged in.';
+
+describe('Check Protected Pages', () => {
+
+	// character actions
+	it('Go to account character creation page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/character/create',
+			method: 'GET',
+		})
+		cy.contains(REQUIRED_LOGIN_MESSAGE)
+	})
+
+	it('Go to account character deletion page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/character/delete',
+			method: 'GET',
+		})
+		cy.contains(REQUIRED_LOGIN_MESSAGE)
+	})
+
+	// account actions
+	it('Go to account email change page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/email',
+			method: 'GET',
+		})
+		cy.contains(REQUIRED_LOGIN_MESSAGE)
+	})
+
+	it('Go to account password change page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/password',
+			method: 'GET',
+		})
+		cy.contains(REQUIRED_LOGIN_MESSAGE)
+	})
+
+	it('Go to account info change page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/info',
+			method: 'GET',
+		})
+		cy.contains(REQUIRED_LOGIN_MESSAGE)
+	})
+
+	it('Go to account logout change page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/logout',
+			method: 'GET',
+		})
+		cy.contains(REQUIRED_LOGIN_MESSAGE)
+	})
+
+	// guild actions
+	it('Go to guild creation page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/?subtopic=guilds&action=create',
+			method: 'GET',
+		})
+		cy.contains(YOU_ARE_NOT_LOGGEDIN)
+	})
+
+	it('Go to guilds cleanup players action page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/?subtopic=guilds&action=cleanup_players',
+			method: 'GET',
+		})
+		cy.contains(YOU_ARE_NOT_LOGGEDIN)
+	})
+
+	it('Go to guilds cleanup guilds action page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/?subtopic=guilds&action=cleanup_guilds',
+			method: 'GET',
+		})
+		cy.contains(YOU_ARE_NOT_LOGGEDIN)
+	})
+
+})

cypress/fixtures/example.json

@@ -0,0 +1,5 @@
+{
+  "name": "Using fixtures to represent data",
+  "email": "hello@cypress.io",
+  "body": "Fixtures are a great way to mock data for responses to routes"
+}

cypress/support/commands.js

@@ -0,0 +1,25 @@
+// ***********************************************
+// This example commands.js shows you how to
+// create various custom commands and overwrite
+// existing commands.
+//
+// For more comprehensive examples of custom
+// commands please read more here:
+// https://on.cypress.io/custom-commands
+// ***********************************************
+//
+//
+// -- This is a parent command --
+// Cypress.Commands.add('login', (email, password) => { ... })
+//
+//
+// -- This is a child command --
+// Cypress.Commands.add('drag', { prevSubject: 'element'}, (subject, options) => { ... })
+//
+//
+// -- This is a dual command --
+// Cypress.Commands.add('dismiss', { prevSubject: 'optional'}, (subject, options) => { ... })
+//
+//
+// -- This will overwrite an existing command --
+// Cypress.Commands.overwrite('visit', (originalFn, url, options) => { ... })

cypress/support/e2e.js

@@ -0,0 +1,20 @@
+// ***********************************************************
+// This example support/e2e.js is processed and
+// loaded automatically before your test files.
+//
+// This is a great place to put global configuration and
+// behavior that modifies Cypress.
+//
+// You can change the location of this file or turn off
+// automatically serving support files with the
+// 'supportFile' configuration option.
+//
+// You can read more here:
+// https://on.cypress.io/configuration
+// ***********************************************************
+
+// Import commands.js using ES2015 syntax:
+import './commands'
+
+// Alternatively you can use CommonJS syntax:
+// require('./commands')

index.php

@@ -24,15 +24,18 @@
  * @link      https://my-aac.org
  */
 
+use MyAAC\UsageStatistics;
+use MyAAC\Visitors;
+
 require_once 'common.php';
 require_once SYSTEM . 'functions.php';
 
 $uri = $_SERVER['REQUEST_URI'];
-if(false !== strpos($uri, 'index.php')) {
+if(str_contains($uri, 'index.php')) {
 	$uri = str_replace_first('/index.php', '', $uri);
 }
 
-if(0 === strpos($uri, '/')) {
+if(str_starts_with($uri, '/')) {
 	$uri = str_replace_first('/', '', $uri);
 }
 
@@ -56,41 +59,16 @@ if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|zip|rar|g
 	exit;
 }
 
-if(file_exists(BASE . 'config.local.php')) {
-	require_once BASE . 'config.local.php';
-}
-
-ini_set('log_errors', 1);
-if(config('env') === 'dev') {
-	ini_set('display_errors', 1);
-	ini_set('display_startup_errors', 1);
-	error_reporting(E_ALL);
-}
-else {
-	ini_set('display_errors', 0);
-	ini_set('display_startup_errors', 0);
-	error_reporting(E_ALL & ~E_DEPRECATED & ~E_STRICT);
-}
-
 if((!isset($config['installed']) || !$config['installed']) && file_exists(BASE . 'install'))
 {
 	header('Location: ' . BASE_URL . 'install/');
-	throw new RuntimeException('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
+	exit();
 }
 
 $template_place_holders = array();
 
 require_once SYSTEM . 'init.php';
 
-// verify myaac tables exists in database
-if(!$db->hasTable('myaac_account_actions')) {
-	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
-}
-
-// event system
-require_once SYSTEM . 'hooks.php';
-$hooks = new Hooks();
-$hooks->load();
 require_once SYSTEM . 'template.php';
 require_once SYSTEM . 'login.php';
 require_once SYSTEM . 'status.php';
@@ -98,58 +76,10 @@ require_once SYSTEM . 'status.php';
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
 
-require_once SYSTEM . 'router.php';
-
-require SYSTEM . 'migrate.php';
-
 $hooks->trigger(HOOK_STARTUP);
 
-// anonymous usage statistics
-// sent only when user agrees
-if(isset($config['anonymous_usage_statistics']) && $config['anonymous_usage_statistics']) {
-	$report_time = 30 * 24 * 60 * 60; // report one time per 30 days
-	$should_report = true;
-
-	$value = '';
-	if($cache->enabled() && $cache->fetch('last_usage_report', $value)) {
-		$should_report = time() > (int)$value + $report_time;
-	}
-	else {
-		$value = '';
-		if(fetchDatabaseConfig('last_usage_report', $value)) {
-			$should_report = time() > (int)$value + $report_time;
-			if($cache->enabled()) {
-				$cache->set('last_usage_report', $value);
-			}
-		}
-		else {
-			registerDatabaseConfig('last_usage_report', time() - ($report_time - (7 * 24 * 60 * 60))); // first report after a week
-			$should_report = false;
-		}
-	}
-
-	if($should_report) {
-		require_once LIBS . 'usage_statistics.php';
-		Usage_Statistics::report();
-
-		updateDatabaseConfig('last_usage_report', time());
-		if($cache->enabled()) {
-			$cache->set('last_usage_report', time());
-		}
-	}
-}
-
-if($config['views_counter'])
-	require_once SYSTEM . 'counter.php';
-
-if($config['visitors_counter'])
-{
-	require_once SYSTEM . 'libs/visitors.php';
-	$visitors = new Visitors($config['visitors_counter_ttl']);
-}
-
 // backward support for gesior
-if($config['backward_support']) {
+if(setting('core.backward_support')) {
 	define('INITIALIZED', true);
 	$SQL = $db;
 	$layout_header = template_header();
@@ -163,9 +93,11 @@ if($config['backward_support']) {
 	if($logged && $account_logged)
 		$group_id_of_acc_logged = $account_logged->getGroupId();
 
+	$config['serverPath'] = $config['server_path'];
 	$config['site'] = &$config;
 	$config['server'] = &$config['lua'];
-	$config['site']['shop_system'] = $config['gifts_system'];
+	$config['site']['shop_system'] = setting('core.gifts_system');
+	$config['site']['gallery_page'] = true;
 
 	if(!isset($config['vdarkborder']))
 		$config['vdarkborder'] = '#505050';
@@ -178,21 +110,58 @@ if($config['backward_support']) {
 	$config['site']['serverinfo_page'] = true;
 	$config['site']['screenshot_page'] = true;
 
-	if($config['forum'] != '')
-		$config['forum_link'] = (strtolower($config['forum']) === 'site' ? getLink('forum') : $config['forum']);
+	$forumSetting = setting('core.forum');
+	if($forumSetting != '')
+		$config['forum_link'] = (strtolower($forumSetting) === 'site' ? getLink('forum') : $forumSetting);
 
 	foreach($status as $key => $value)
 		$config['status']['serverStatus_' . $key] = $value;
 }
 
-/**
- * @var OTS_Account $account_logged
- */
-if ($logged && admin()) {
-	$content .= $twig->render('admin-bar.html.twig', [
-		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
-	]);
+if(setting('core.views_counter')) {
+	require_once SYSTEM . 'counter.php';
 }
+
+if(setting('core.visitors_counter')) {
+	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
+}
+
+require_once SYSTEM . 'router.php';
+
+// anonymous usage statistics
+// sent only when user agrees
+if(setting('core.anonymous_usage_statistics')) {
+	$report_time = 30 * 24 * 60 * 60; // report one time per 30 days
+	$should_report = true;
+
+	$value = '';
+	if($cache->enabled() && $cache->fetch('last_usage_report', $value)) {
+		$should_report = time() > (int)$value + $report_time;
+	}
+	else {
+		$value = '';
+		if(fetchDatabaseConfig('last_usage_report', $value)) {
+			$should_report = time() > (int)$value + $report_time;
+			if($cache->enabled()) {
+				$cache->set('last_usage_report', $value, 60 * 60);
+			}
+		}
+		else {
+			registerDatabaseConfig('last_usage_report', time() - ($report_time - (7 * 24 * 60 * 60))); // first report after a week
+			$should_report = false;
+		}
+	}
+
+	if($should_report) {
+		UsageStatistics::report();
+
+		updateDatabaseConfig('last_usage_report', time());
+		if($cache->enabled()) {
+			$cache->set('last_usage_report', time(), 60 * 60);
+		}
+	}
+}
+
 $title_full =  (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];
 require $template_path . '/' . $template_index;
 

install/includes/config.php

@@ -26,6 +26,9 @@ if(!isset($error) || !$error) {
 		$config['database_type'] = $config['lua']['database_type'];
 	else if(isset($config['lua']['sql_type'])) // otserv
 		$config['database_type'] = $config['lua']['sql_type'];
+	else {
+		$config['database_type'] = '';
+	}
 
 	$config['database_type'] = strtolower($config['database_type']);
 	if(empty($config['database_type'])) {
@@ -38,4 +41,3 @@ if(!isset($error) || !$error) {
 		$error = true;
 	}
 }
-?>

install/includes/functions.php

@@ -17,7 +17,7 @@ function query($query)
 
 // define php version id if its not already
 if(!defined('PHP_VERSION_ID')) {
-	$version = explode('.', PHP_VERSION);
+	$version = array_map('intval', explode('.', PHP_VERSION));
 
 	define('PHP_VERSION_ID', ($version[0] * 10000 + $version[1] * 100 + $version[2]));
 }

install/includes/schema.sql

@@ -1,88 +1,73 @@
-SET @myaac_database_version = 33;
+SET @myaac_database_version = 45;
 
 CREATE TABLE `myaac_account_actions`
 (
-	`account_id` INT(11) NOT NULL,
-	`ip` INT(10) UNSIGNED NOT NULL DEFAULT 0,
-	`ipv6` BINARY(16) NOT NULL DEFAULT 0,
-	`date` INT(11) NOT NULL DEFAULT 0,
-	`action` VARCHAR(255) NOT NULL DEFAULT '',
+	`account_id` int NOT NULL,
+	`ip` int unsigned NOT NULL DEFAULT 0,
+	`ipv6` binary(16) NOT NULL DEFAULT 0,
+	`date` int NOT NULL DEFAULT 0,
+	`action` varchar(255) NOT NULL DEFAULT '',
 	KEY (`account_id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_admin_menu`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(255) NOT NULL DEFAULT '',
-	`page` VARCHAR(255) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
-	`flags` INT(11) NOT NULL DEFAULT 0,
-	`enabled` INT(1) NOT NULL DEFAULT 1,
+	`id` int NOT NULL AUTO_INCREMENT,
+	`name` varchar(255) NOT NULL DEFAULT '',
+	`page` varchar(255) NOT NULL DEFAULT '',
+	`ordering` int NOT NULL DEFAULT 0,
+	`flags` int NOT NULL DEFAULT 0,
+	`enabled` int NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
-
-CREATE TABLE `myaac_bugtracker`
-(
-	`account` VARCHAR(255) NOT NULL,
-	`type` INT(11) NOT NULL DEFAULT 0,
-	`status` INT(11) NOT NULL DEFAULT 0,
-	`text` text NOT NULL,
-	`id` INT(11) NOT NULL DEFAULT 0,
-	`subject` VARCHAR(255) NOT NULL DEFAULT '',
-	`reply` INT(11) NOT NULL DEFAULT 0,
-	`who` INT(11) NOT NULL DEFAULT 0,
-	`uid` INT(11) NOT NULL AUTO_INCREMENT,
-	`tag` INT(11) NOT NULL DEFAULT 0,
-	PRIMARY KEY (`uid`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_changelog`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
-	`body` VARCHAR(500) NOT NULL DEFAULT '',
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - added, 2 - removed, 3 - changed, 4 - fixed',
-	`where` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - server, 2 - site',
-	`date` INT(11) NOT NULL DEFAULT 0,
-	`player_id` INT(11) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`id` int NOT NULL AUTO_INCREMENT,
+	`body` varchar(500) NOT NULL DEFAULT '',
+	`type` tinyint NOT NULL DEFAULT 0 COMMENT '1 - added, 2 - removed, 3 - changed, 4 - fixed',
+	`where` tinyint NOT NULL DEFAULT 0 COMMENT '1 - server, 2 - site',
+	`date` int NOT NULL DEFAULT 0,
+	`player_id` int NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
-INSERT INTO `myaac_changelog` (`id`, `type`, `where`, `date`, `body`, `hidden`) VALUES (1, 3, 2, UNIX_TIMESTAMP(), 'MyAAC installed. (:', 0);
+INSERT INTO `myaac_changelog` (`id`, `type`, `where`, `date`, `body`, `hide`) VALUES (1, 3, 2, UNIX_TIMESTAMP(), 'MyAAC installed. (:', 0);
 
 CREATE TABLE `myaac_config`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(30) NOT NULL,
-	`value` VARCHAR(1000) NOT NULL,
+	`id` int NOT NULL AUTO_INCREMENT,
+	`name` varchar(30) NOT NULL,
+	`value` varchar(1000) NOT NULL,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 INSERT INTO `myaac_config` (`name`, `value`) VALUES ('database_version', @myaac_database_version);
 
 CREATE TABLE `myaac_faq`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
-	`question` VARCHAR(255) NOT NULL DEFAULT '',
-	`answer` VARCHAR(1020) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`id` int NOT NULL AUTO_INCREMENT,
+	`question` varchar(255) NOT NULL DEFAULT '',
+	`answer` varchar(1020) NOT NULL DEFAULT '',
+	`ordering` int NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_forum_boards`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(32) NOT NULL,
-	`description` VARCHAR(255) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
-	`guild` INT(11) NOT NULL DEFAULT 0,
-	`access` INT(11) NOT NULL DEFAULT 0,
-	`closed` TINYINT(1) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`id` int NOT NULL AUTO_INCREMENT,
+	`name` varchar(32) NOT NULL,
+	`description` varchar(255) NOT NULL DEFAULT '',
+	`ordering` int NOT NULL DEFAULT 0,
+	`guild` int NOT NULL DEFAULT 0,
+	`access` int NOT NULL DEFAULT 0,
+	`closed` tinyint NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`, `closed`) VALUES (NULL, 'News', 'News commenting', 0, 1);
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`) VALUES (NULL, 'Trade', 'Trade offers.', 1);
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`) VALUES (NULL, 'Quests', 'Quest making.', 2);
@@ -91,170 +76,102 @@ INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`) VALUE
 
 CREATE TABLE `myaac_forum`
 (
-	`id` int(11) NOT NULL AUTO_INCREMENT,
-	`first_post` int(11) NOT NULL default '0',
-	`last_post` int(11) NOT NULL default '0',
-	`section` int(3) NOT NULL default '0',
-	`replies` int(20) NOT NULL default '0',
-	`views` int(20) NOT NULL default '0',
-	`author_aid` int(20) NOT NULL default '0',
-	`author_guid` int(20) NOT NULL default '0',
+	`id` int NOT NULL AUTO_INCREMENT,
+	`first_post` int NOT NULL DEFAULT 0,
+	`last_post` int NOT NULL DEFAULT 0,
+	`section` int NOT NULL DEFAULT 0,
+	`replies` int NOT NULL DEFAULT 0,
+	`views` int NOT NULL DEFAULT 0,
+	`author_aid` int NOT NULL DEFAULT 0,
+	`author_guid` int NOT NULL DEFAULT 0,
 	`post_text` text NOT NULL,
 	`post_topic` varchar(255) NOT NULL DEFAULT '',
-	`post_smile` tinyint(1) NOT NULL default '0',
-	`post_html` tinyint(1) NOT NULL default '0',
-	`post_date` int(20) NOT NULL default '0',
-	`last_edit_aid` int(20) NOT NULL default '0',
-	`edit_date` int(20) NOT NULL default '0',
-	`post_ip` varchar(32) NOT NULL default '0.0.0.0',
-	`sticked` tinyint(1) NOT NULL DEFAULT '0',
-	`closed` tinyint(1) NOT NULL DEFAULT '0',
+	`post_smile` tinyint NOT NULL DEFAULT 0,
+	`post_html` tinyint NOT NULL DEFAULT 0,
+	`post_date` int NOT NULL DEFAULT 0,
+	`last_edit_aid` int NOT NULL DEFAULT 0,
+	`edit_date` int NOT NULL DEFAULT 0,
+	`post_ip` varchar(45) NOT NULL DEFAULT '0.0.0.0',
+	`sticked` tinyint NOT NULL DEFAULT 0,
+	`closed` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	KEY `section` (`section`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_menu`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
-	`template` VARCHAR(255) NOT NULL,
-	`name` VARCHAR(255) NOT NULL,
-	`link` VARCHAR(255) NOT NULL,
-	`blank` TINYINT(1) NOT NULL DEFAULT 0,
-	`color` VARCHAR(6) NOT NULL DEFAULT '',
-	`category` INT(11) NOT NULL DEFAULT 1,
-	`ordering` INT(11) NOT NULL DEFAULT 0,
-	`enabled` INT(1) NOT NULL DEFAULT 1,
+	`id` int NOT NULL AUTO_INCREMENT,
+	`template` varchar(255) NOT NULL,
+	`name` varchar(255) NOT NULL,
+	`link` varchar(255) NOT NULL,
+	`blank` tinyint NOT NULL DEFAULT 0,
+	`color` varchar(6) NOT NULL DEFAULT '',
+	`category` int NOT NULL DEFAULT 1,
+	`ordering` int NOT NULL DEFAULT 0,
+	`enabled` int NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
-
-/* MENU_CATEGORY_NEWS kathrine */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Latest News', 'news', 1, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'News Archive', 'news/archive', 1, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Changelog', 'changelog', 1, 2);
-/* MENU_CATEGORY_ACCOUNT kathrine */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Account Management', 'account/manage', 2, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Create Account', 'account/create', 2, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Lost Account?', 'account/lost', 2, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Rules', 'rules', 2, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Downloads', 'downloads', 5, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Report Bug', 'bugtracker', 2, 5);
-/* MENU_CATEGORY_COMMUNITY kathrine */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Who is Online?', 'online', 3, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Characters', 'characters', 3, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Guilds', 'guilds', 3, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Highscores', 'highscores', 3, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Last Deaths', 'lastkills', 3, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Houses', 'houses', 3, 5);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Bans', 'bans', 3, 6);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Forum', 'forum', 3, 7);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Team', 'team', 3, 8);
-/* MENU_CATEGORY_LIBRARY kathrine */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Monsters', 'creatures', 5, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Spells', 'spells', 5, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Info', 'serverInfo', 5, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Commands', 'commands', 5, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Gallery', 'gallery', 5, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Experience Table', 'experienceTable', 5, 5);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'FAQ', 'faq', 5, 6);
-/* MENU_CATEGORY_SHOP kathrine */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Buy Points', 'points', 6, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop Offer', 'gifts', 6, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop History', 'gifts/history', 6, 2);
-/* MENU_CATEGORY_NEWS tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Latest News', 'news', 1, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'News Archive', 'news/archive', 1, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Changelog', 'changelog', 1, 2);
-/* MENU_CATEGORY_ACCOUNT tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Account Management', 'account/manage', 2, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Create Account', 'account/create', 2, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Lost Account?', 'account/lost', 2, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Rules', 'rules', 2, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Downloads', 'downloads', 2, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Report Bug', 'bugtracker', 2, 5);
-/* MENU_CATEGORY_COMMUNITY tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Characters', 'characters', 3, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Who Is Online?', 'online', 3, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Highscores', 'highscores', 3, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Last Kills', 'lastkills', 3, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Houses', 'houses', 3, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Guilds', 'guilds', 3, 5);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Polls', 'polls', 3, 6);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Bans', 'bans', 3, 7);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Support List', 'team', 3, 8);
-/* MENU_CATEGORY_FORUM tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Forum', 'forum', 4, 0);
-/* MENU_CATEGORY_LIBRARY tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Creatures', 'creatures', 5, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Spells', 'spells', 5, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Commands', 'commands', 5, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Exp Stages', 'experienceStages', 5, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Gallery', 'gallery', 5, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Info', 'serverInfo', 5, 5);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Experience Table', 'experienceTable', 5, 6);
-/* MENU_CATEGORY_SHOP tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Buy Points', 'points', 6, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop Offer', 'gifts', 6, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop History', 'gifts/history', 6, 2);
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_monsters` (
-	`id` int(11) NOT NULL AUTO_INCREMENT,
-	`hidden` tinyint(1) NOT NULL default 0,
+	`id` int NOT NULL AUTO_INCREMENT,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	`name` varchar(255) NOT NULL,
-	`mana` int(11) NOT NULL DEFAULT 0,
-	`exp` int(11) NOT NULL,
-	`health` int(11) NOT NULL,
-	`speed_lvl` int(11) NOT NULL default 1,
-	`use_haste` tinyint(1) NOT NULL,
+	`mana` int NOT NULL DEFAULT 0,
+	`exp` int NOT NULL,
+	`health` int NOT NULL,
+	`look` varchar(255) NOT NULL DEFAULT '',
+	`speed_lvl` int NOT NULL DEFAULT 1,
+	`use_haste` tinyint NOT NULL,
 	`voices` text NOT NULL,
 	`immunities` varchar(255) NOT NULL,
-	`elements` TEXT NOT NULL,
-	`summonable` tinyint(1) NOT NULL,
-	`convinceable` tinyint(1) NOT NULL,
-	`pushable` TINYINT(1) NOT NULL DEFAULT '0',
-	`canpushitems` TINYINT(1) NOT NULL DEFAULT '0',
-	`canwalkonenergy` TINYINT(1) NOT NULL DEFAULT '0',
-	`canwalkonpoison` TINYINT(1) NOT NULL DEFAULT '0',
-	`canwalkonfire` TINYINT(1) NOT NULL DEFAULT '0',
-	`runonhealth` TINYINT(1) NOT NULL DEFAULT '0',
-	`hostile` TINYINT(1) NOT NULL DEFAULT '0',
-	`attackable` TINYINT(1) NOT NULL DEFAULT '0',
-	`rewardboss` TINYINT(1) NOT NULL DEFAULT '0',
-	`defense` INT(11) NOT NULL DEFAULT '0',
-	`armor` INT(11) NOT NULL DEFAULT '0',
-	`canpushcreatures` TINYINT(1) NOT NULL DEFAULT '0',
+	`elements` text NOT NULL,
+	`summonable` tinyint NOT NULL,
+	`convinceable` tinyint NOT NULL,
+	`pushable` tinyint NOT NULL DEFAULT 0,
+	`canpushitems` tinyint NOT NULL DEFAULT 0,
+	`canwalkonenergy` tinyint NOT NULL DEFAULT 0,
+	`canwalkonpoison` tinyint NOT NULL DEFAULT 0,
+	`canwalkonfire` tinyint NOT NULL DEFAULT 0,
+	`runonhealth` tinyint NOT NULL DEFAULT 0,
+	`hostile` tinyint NOT NULL DEFAULT 0,
+	`attackable` tinyint NOT NULL DEFAULT 0,
+	`rewardboss` tinyint NOT NULL DEFAULT 0,
+	`defense` int NOT NULL DEFAULT 0,
+	`armor` int NOT NULL DEFAULT 0,
+	`canpushcreatures` tinyint NOT NULL DEFAULT 0,
 	`race` varchar(255) NOT NULL,
 	`loot` text NOT NULL,
-	`summons` TEXT NOT NULL,
+	`summons` text NOT NULL,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_news`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
-	`title` VARCHAR(100) NOT NULL,
-	`body` TEXT NOT NULL,
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - news, 2 - ticker, 3 - article',
-	`date` INT(11) NOT NULL DEFAULT 0,
-	`category` TINYINT(1) NOT NULL DEFAULT 0,
-	`player_id` INT(11) NOT NULL DEFAULT 0,
-	`last_modified_by` INT(11) NOT NULL DEFAULT 0,
-	`last_modified_date` INT(11) NOT NULL DEFAULT 0,
-	`comments` VARCHAR(50) NOT NULL DEFAULT '',
-	`article_text` VARCHAR(300) NOT NULL DEFAULT '',
-	`article_image` VARCHAR(100) NOT NULL DEFAULT '',
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`id` int NOT NULL AUTO_INCREMENT,
+	`title` varchar(100) NOT NULL,
+	`body` text NOT NULL,
+	`type` tinyint NOT NULL DEFAULT 0 COMMENT '1 - news, 2 - ticker, 3 - article',
+	`date` int NOT NULL DEFAULT 0,
+	`category` tinyint NOT NULL DEFAULT 0,
+	`player_id` int NOT NULL DEFAULT 0,
+	`last_modified_by` int NOT NULL DEFAULT 0,
+	`last_modified_date` int NOT NULL DEFAULT 0,
+	`comments` varchar(50) NOT NULL DEFAULT '',
+	`article_text` varchar(300) NOT NULL DEFAULT '',
+	`article_image` varchar(100) NOT NULL DEFAULT '',
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_news_categories`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(50) NOT NULL DEFAULT "",
-	`description` VARCHAR(50) NOT NULL DEFAULT "",
-	`icon_id` INT(2) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`id` int NOT NULL AUTO_INCREMENT,
+	`name` varchar(50) NOT NULL DEFAULT "",
+	`description` varchar(50) NOT NULL DEFAULT "",
+	`icon_id` int NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 INSERT INTO `myaac_news_categories` (`id`, `icon_id`) VALUES (NULL, 0);
 INSERT INTO `myaac_news_categories` (`id`, `icon_id`) VALUES (NULL, 1);
@@ -264,80 +181,91 @@ INSERT INTO `myaac_news_categories` (`id`, `icon_id`) VALUES (NULL, 4);
 
 CREATE TABLE `myaac_notepad`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
-	`account_id` INT(11) NOT NULL,
-	/*`name` VARCHAR(30) NOT NULL,*/
-	`content` TEXT NOT NULL,
-	/*`public` TINYINT(1) NOT NULL DEFAULT 0*/
+	`id` int NOT NULL AUTO_INCREMENT,
+	`account_id` int NOT NULL,
+	/*`name` varchar(30) NOT NULL,*/
+	`content` text NOT NULL,
+	/*`public` tinyint NOT NULL DEFAULT 0*/
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_pages`
 (
 	`id` INT NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(30) NOT NULL,
-	`title` VARCHAR(30) NOT NULL,
-	`body` TEXT NOT NULL,
-	`date` INT(11) NOT NULL DEFAULT 0,
-	`player_id` INT(11) NOT NULL DEFAULT 0,
-	`php` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '0 - plain html, 1 - php',
-	`enable_tinymce` TINYINT(1) NOT NULL DEFAULT 1 COMMENT '1 - enabled, 0 - disabled',
-	`access` TINYINT(2) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`name` varchar(30) NOT NULL,
+	`title` varchar(30) NOT NULL,
+	`body` text NOT NULL,
+	`date` int NOT NULL DEFAULT 0,
+	`player_id` int NOT NULL DEFAULT 0,
+	`php` tinyint NOT NULL DEFAULT 0 COMMENT '0 - plain html, 1 - php',
+	`enable_tinymce` tinyint NOT NULL DEFAULT 1 COMMENT '1 - enabled, 0 - disabled',
+	`access` tinyint NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_gallery`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
-	`comment` VARCHAR(255) NOT NULL DEFAULT '',
-	`image` VARCHAR(255) NOT NULL,
-	`thumb` VARCHAR(255) NOT NULL,
-	`author` VARCHAR(50) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`id` int NOT NULL AUTO_INCREMENT,
+	`comment` varchar(255) NOT NULL DEFAULT '',
+	`image` varchar(255) NOT NULL,
+	`thumb` varchar(255) NOT NULL,
+	`author` varchar(50) NOT NULL DEFAULT '',
+	`ordering` int NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 INSERT INTO `myaac_gallery` (`id`, `ordering`, `comment`, `image`, `thumb`, `author`) VALUES (NULL, 1, 'Demon', 'images/gallery/demon.jpg', 'images/gallery/demon_thumb.gif', 'MyAAC');
 
+CREATE TABLE `myaac_settings`
+(
+	`id` int NOT NULL AUTO_INCREMENT,
+	`name` varchar(255) NOT NULL DEFAULT '',
+	`key` varchar(255) NOT NULL DEFAULT '',
+	`value` text NOT NULL,
+	PRIMARY KEY (`id`),
+	KEY `key` (`key`)
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
+
 CREATE TABLE `myaac_spells`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
-	`spell` VARCHAR(255) NOT NULL DEFAULT '',
-	`name` VARCHAR(255) NOT NULL,
-	`words` VARCHAR(255) NOT NULL DEFAULT '',
-	`category` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - attack, 2 - healing, 3 - summon, 4 - supply, 5 - support',
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune',
-	`level` INT(11) NOT NULL DEFAULT 0,
-	`maglevel` INT(11) NOT NULL DEFAULT 0,
-	`mana` INT(11) NOT NULL DEFAULT 0,
-	`soul` TINYINT(3) NOT NULL DEFAULT 0,
-	`conjure_id` INT(11) NOT NULL DEFAULT 0,
-	`conjure_count` TINYINT(3) NOT NULL DEFAULT 0,
-	`reagent` INT(11) NOT NULL DEFAULT 0,
-	`item_id` INT(11) NOT NULL DEFAULT 0,
-	`premium` TINYINT(1) NOT NULL DEFAULT 0,
-	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`id` int NOT NULL AUTO_INCREMENT,
+	`spell` varchar(255) NOT NULL DEFAULT '',
+	`name` varchar(255) NOT NULL,
+	`words` varchar(255) NOT NULL DEFAULT '',
+	`category` tinyint NOT NULL DEFAULT 0 COMMENT '1 - attack, 2 - healing, 3 - summon, 4 - supply, 5 - support',
+	`type` tinyint NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune',
+	`level` int NOT NULL DEFAULT 0,
+	`maglevel` int NOT NULL DEFAULT 0,
+	`mana` int NOT NULL DEFAULT 0,
+	`soul` tinyint NOT NULL DEFAULT 0,
+	`conjure_id` int NOT NULL DEFAULT 0,
+	`conjure_count` tinyint NOT NULL DEFAULT 0,
+	`reagent` int NOT NULL DEFAULT 0,
+	`item_id` int NOT NULL DEFAULT 0,
+	`premium` tinyint NOT NULL DEFAULT 0,
+	`vocations` varchar(100) NOT NULL DEFAULT '',
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_visitors`
 (
-	`ip` VARCHAR(45) NOT NULL,
-	`lastvisit` INT(11) NOT NULL DEFAULT 0,
-	`page` VARCHAR(2048) NOT NULL,
+	`ip` varchar(45) NOT NULL,
+	`lastvisit` int NOT NULL DEFAULT 0,
+	`page` varchar(2048) NOT NULL,
+	`user_agent` varchar(255) NOT NULL DEFAULT '',
 	UNIQUE (`ip`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_weapons`
 (
-	`id` INT(11) NOT NULL,
-	`level` INT(11) NOT NULL DEFAULT 0,
-	`maglevel` INT(11) NOT NULL DEFAULT 0,
-	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
+	`id` int NOT NULL,
+	`level` int NOT NULL DEFAULT 0,
+	`maglevel` int NOT NULL DEFAULT 0,
+	`vocations` varchar(100) NOT NULL DEFAULT '',
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;

install/includes/twig_error.html

@@ -1,4 +1,4 @@
-We have detected that you don't have access to write to the system/cache directory. Under linux you can fix it by using this two command, where first one should be enough (for apache):<br/><br/><span class="console">chown -R www-data.www-data /var/www/*</span><br/><span class="console">chmod -R 660 system/cache</span>
+We have detected that you don't have access to write to the system/cache directory. Under linux you can fix it by using this two command, where first one should be enough (for apache):<br/><br/><span class="console">chown -R www-data.www-data /var/www/*</span><br/><span class="console">chmod -R 760 system/cache</span>
 
 <style type="text/css">
 .console {

install/index.php

@@ -3,9 +3,9 @@
 use Twig\Environment as Twig_Environment;
 use Twig\Loader\FilesystemLoader as Twig_FilesystemLoader;
 
-require '../common.php';
+const MYAAC_INSTALL = true;
 
-define('MYAAC_INSTALL', true);
+require '../common.php';
 
 // includes
 require SYSTEM . 'functions.php';
@@ -13,9 +13,6 @@ require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 require SYSTEM . 'clients.conf.php';
 
-if(file_exists(BASE . 'config.local.php'))
-	require BASE . 'config.local.php';
-
 // ignore undefined index from Twig autoloader
 $config['env'] = 'prod';
 
@@ -26,13 +23,13 @@ $twig = new Twig_Environment($twig_loader, array(
 ));
 
 // load installation status
-$step = isset($_POST['step']) ? $_POST['step'] : 'welcome';
+$step = $_REQUEST['step'] ?? 'welcome';
 
 $install_status = array();
 if(file_exists(CACHE . 'install.txt')) {
 	$install_status = unserialize(file_get_contents(CACHE . 'install.txt'));
 
-	if(!isset($_POST['step'])) {
+	if(!isset($_REQUEST['step'])) {
 		$step = isset($install_status['step']) ? $install_status['step'] : '';
 	}
 }
@@ -70,7 +67,7 @@ if($step == 'database') {
 
 		$key = str_replace('var_', '', $key);
 
-		if(in_array($key, array('account', 'password', 'password_confirm', 'email', 'player_name'))) {
+		if(in_array($key, array('account', 'account_id', 'password', 'password_confirm', 'email', 'player_name'))) {
 			continue;
 		}
 
@@ -91,10 +88,6 @@ if($step == 'database') {
 				break;
 			}
 		}
-		else if($key == 'mail_admin' && !Validator::email($value)) {
-			$errors[] = $locale['step_config_mail_admin_error'];
-			break;
-		}
 		else if($key == 'timezone' && !in_array($value, DateTimeZone::listIdentifiers())) {
 			$errors[] = $locale['step_config_timezone_error'];
 			break;
@@ -110,20 +103,18 @@ if($step == 'database') {
 	}
 }
 else if($step == 'admin') {
-	$config_failed = true;
-	if(file_exists(BASE . 'config.local.php') && isset($config['installed']) && $config['installed'] && isset($_SESSION['saved'])) {
-		$config_failed = false;
-	}
-
-	if($config_failed) {
+	if(!file_exists(BASE . 'config.local.php') || !isset($config['installed']) || !$config['installed']) {
 		$step = 'database';
 	}
+	else {
+		$_SESSION['saved'] = true;
+	}
 }
 else if($step == 'finish') {
 	$email = $_SESSION['var_email'];
 	$password = $_SESSION['var_password'];
 	$password_confirm = $_SESSION['var_password_confirm'];
-	$player_name = $_SESSION['var_player_name'];
+	$player_name = $_SESSION['var_player_name'] ?? null;
 
 	// email check
 	if(empty($email)) {
@@ -134,18 +125,7 @@ else if($step == 'finish') {
 	}
 
 	// account check
-	if(isset($_SESSION['var_account'])) {
-		if(empty($_SESSION['var_account'])) {
-			$errors[] = $locale['step_admin_account_error_empty'];
-		}
-		else if(!Validator::accountName($_SESSION['var_account'])) {
-			$errors[] = $locale['step_admin_account_error_format'];
-		}
-		else if(strtoupper($_SESSION['var_account']) == strtoupper($password)) {
-			$errors[] = $locale['step_admin_account_error_same'];
-		}
-	}
-	else if(isset($_SESSION['var_account_id'])) {
+	if(isset($_SESSION['var_account_id'])) {
 		if(empty($_SESSION['var_account_id'])) {
 			$errors[] = $locale['step_admin_account_id_error_empty'];
 		}
@@ -156,6 +136,17 @@ else if($step == 'finish') {
 			$errors[] = $locale['step_admin_account_id_error_same'];
 		}
 	}
+	else if(isset($_SESSION['var_account'])) {
+		if(empty($_SESSION['var_account'])) {
+			$errors[] = $locale['step_admin_account_error_empty'];
+		}
+		else if(!Validator::accountName($_SESSION['var_account'])) {
+			$errors[] = $locale['step_admin_account_error_format'];
+		}
+		else if(strtoupper($_SESSION['var_account']) == strtoupper($password)) {
+			$errors[] = $locale['step_admin_account_error_same'];
+		}
+	}
 
 	// password check
 	if(empty($password)) {
@@ -168,13 +159,14 @@ else if($step == 'finish') {
 		$errors[] = $locale['step_admin_password_confirm_error_not_same'];
 	}
 
+	if (isset($player_name)) {
 		// player name check
-	if(empty($player_name)) {
+		if (empty($player_name)) {
 			$errors[] = $locale['step_admin_player_name_error_empty'];
-	}
-	else if(!Validator::characterName($player_name)) {
+		} else if (!Validator::characterName($player_name)) {
 			$errors[] = $locale['step_admin_player_name_error_format'];
 		}
+	}
 
 	if(!empty($errors)) {
 		$step = 'admin';
@@ -191,14 +183,14 @@ clearstatcache();
 if(is_writable(CACHE) && (MYAAC_OS != 'WINDOWS' || win_is_writable(CACHE))) {
 	if(!file_exists(BASE . 'install/ip.txt')) {
 		$content = warning('AAC installation is disabled. To enable it make file <b>ip.txt</b> in install/ directory and put there your IP.<br/>
-		Your IP is:<br /><b>' . $_SERVER['REMOTE_ADDR'] . '</b>', true);
+		Your IP is:<br /><b>' . get_browser_real_ip() . '</b>', true);
 	}
 	else {
 		$file_content = trim(file_get_contents(BASE . 'install/ip.txt'));
 		$allow = false;
 		$listIP = preg_split('/\s+/', $file_content);
 		foreach($listIP as $ip) {
-			if($_SERVER['REMOTE_ADDR'] == $ip) {
+			if(get_browser_real_ip() == $ip) {
 				$allow = true;
 			}
 		}
@@ -207,7 +199,7 @@ if(is_writable(CACHE) && (MYAAC_OS != 'WINDOWS' || win_is_writable(CACHE))) {
 		{
 			$content = warning('In file <b>install/ip.txt</b> must be your IP!<br/>
 			In file is:<br /><b>' . nl2br($file_content) . '</b><br/>
-			Your IP is:<br /><b>' . $_SERVER['REMOTE_ADDR'] . '</b>', true);
+			Your IP is:<br /><b>' . get_browser_real_ip() . '</b>', true);
 		}
 		else {
 			ob_start();

install/steps/2-license.php

@@ -5,4 +5,3 @@ $twig->display('install.license.html.twig', array(
 	'license' => file_get_contents(BASE . 'LICENSE'),
 	'buttons' => next_buttons()
 ));
-?>

install/steps/3-requirements.php

@@ -2,10 +2,15 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 // configuration
-$dirs_required = [
+$dirs_required_writable = [
 	'system/logs',
 	'system/cache',
 ];
+
+$dirs_required = [
+	'tools/ext' => $locale['step_requirements_folder_not_exists_tools_ext'],
+];
+
 $dirs_optional = [
 	GUILD_IMAGES_DIR => $locale['step_requirements_warning_images_guilds'],
 	GALLERY_DIR => $locale['step_requirements_warning_images_gallery'],
@@ -18,6 +23,7 @@ $extensions_optional = [
 	'gd' => $locale['step_requirements_warning_player_signatures'],
 	'zip' => $locale['step_requirements_warning_install_plugins'],
 ];
+
 /*
  *
  * @param string $name
@@ -41,7 +47,7 @@ $failed = false;
 // start validating
 version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50500), PHP_VERSION);
 
-foreach ($dirs_required as $value)
+foreach ($dirs_required_writable as $value)
 {
 	$is_writable = is_writable(BASE . $value) && (MYAAC_OS != 'WINDOWS' || win_is_writable(BASE . $value));
 	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $is_writable);
@@ -52,6 +58,12 @@ foreach ($dirs_optional as $dir => $errorMsg) {
 	version_check($locale['step_requirements_write_perms'] . ': ' . $dir, $is_writable, $is_writable ? '' : $errorMsg, true);
 }
 
+foreach ($dirs_required as $dir => $errorMsg)
+{
+	$exists = is_dir(BASE . $dir);
+	version_check($locale['step_requirements_folder_exists'] . ': ' . $dir, $exists, $exists ? '' : $errorMsg);
+}
+
 $ini_register_globals = ini_get_bool('register_globals');
 version_check('register_long_arrays', !$ini_register_globals, $ini_register_globals ? $locale['on'] : $locale['off']);
 
@@ -78,4 +90,3 @@ if($failed) {
 }
 
 echo '</div>';
-?>

install/steps/4-config.php

@@ -10,6 +10,14 @@ foreach($config['clients'] as $client) {
 	$clients[$client] = $client_version;
 }
 
+if (empty($_SESSION['var_site_url'])) {
+	//require SYSTEM . 'base.php';
+	$serverUrl = 'http' . (isHttps() ? 's' : '') . '://' . $baseHost;
+	$siteURL = $serverUrl . $baseDir;
+
+	$_SESSION['var_site_url'] = $siteURL;
+}
+
 $twig->display('install.config.html.twig', array(
 	'clients' => $clients,
 	'timezones' => DateTimeZone::listIdentifiers(),
@@ -18,4 +26,3 @@ $twig->display('install.config.html.twig', array(
 	'errors' => isset($errors) ? $errors : null,
 	'buttons' => next_buttons()
 ));
-?>

install/steps/5-database.php

@@ -1,4 +1,7 @@
 <?php
+
+use MyAAC\Settings;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
 //ini_set('display_errors', false);
@@ -11,16 +14,12 @@ if(!isset($_SESSION['var_server_path'])) {
 }
 
 if(!$error) {
-	$content = "<?php";
-	$content .= PHP_EOL;
-	$content .= '// place for your configuration directives, so you can later easily update myaac';
-	$content .= PHP_EOL;
-	$content .= '$config[\'installed\'] = true;';
-	$content .= PHP_EOL;
+	$configToSave = [
 		// by default, set env to prod
 		// user can disable when he wants
-	$content .= '$config[\'env\'] = \'prod\'; // dev or prod';
-	$content .= PHP_EOL;
+		'env' => 'prod',
+	];
+
 	foreach($_SESSION as $key => $value)
 	{
 		if(strpos($key, 'var_') !== false)
@@ -32,73 +31,64 @@ if(!$error) {
 					$value .= '/';
 			}
 
-			if($key === 'var_usage') {
-				$content .= '$config[\'anonymous_usage_statistics\'] = ' . ((int)$value == 1 ? 'true' : 'false') . ';';
-				$content .= PHP_EOL;
-			}
-			else if(!in_array($key, array('var_account', 'var_account_id', 'var_password', 'var_step', 'var_email', 'var_player_name'), true)) {
-				$content .= '$config[\'' . str_replace('var_', '', $key) . '\'] = \'' . $value . '\';';
-				$content .= PHP_EOL;
+			if(!in_array($key, ['var_usage', 'var_date_timezone', 'var_client', 'var_account', 'var_account_id', 'var_password', 'var_password_confirm', 'var_step', 'var_email', 'var_player_name'], true)) {
+				$configToSave[str_replace('var_', '', $key)] = $value;
 			}
 		}
 	}
 
-	require BASE . 'install/includes/config.php';
+	$configToSave['gzip_output'] = false;
+	$configToSave['cache_engine'] = 'auto';
+	$configToSave['cache_prefix'] = 'myaac_' . generateRandomString(8, true, false, true);
+	$configToSave['database_auto_migrate'] = true;
 
 	if(!$error) {
+		$content = '';
+		$saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content);
+		if ($saved) {
+			success($locale['step_database_config_saved']);
+			$_SESSION['saved'] = true;
+
+			require BASE . 'config.local.php';
+			require BASE . 'install/includes/config.php';
+
+			if (!$error) {
 				require BASE . 'install/includes/database.php';
 
-		$locale['step_database_importing'] = str_replace('$DATABASE_NAME$', config('database_name'), $locale['step_database_importing']);
-		success($locale['step_database_importing']);
-
-		if(isset($database_error)) { // we failed connect to the database
+				if (isset($database_error)) { // we failed connect to the database
 					error($database_error);
 				}
 				else {
+					if (!$db->hasTable('accounts')) {
+						$tmp = str_replace('$TABLE$', 'accounts', $locale['step_database_error_table']);
+						error($tmp);
+						$error = true;
+					}
+
+					if (!$error) {
 						$twig->display('install.installer.html.twig', array(
 							'url' => 'tools/5-database.php',
 							'message' => $locale['loading_spinner']
 						));
-
-			if(!$error) {
-				if(!Validator::email($_SESSION['var_mail_admin'])) {
-					error($locale['step_config_mail_admin_error']);
-					$error = true;
-				}
-
-				$content .= '$config[\'session_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
-				$content .= PHP_EOL;
-				$content .= '$config[\'cache_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
-
-				$saved = true;
-				if(!$error) {
-					$saved = file_put_contents(BASE . 'config.local.php', $content);
-				}
-
-				if($saved) {
-					success($locale['step_database_config_saved']);
-					if(!$error) {
-						$_SESSION['saved'] = true;
 					}
 				}
-				else {
+			}
+		} else {
 			$_SESSION['config_content'] = $content;
 			unset($_SESSION['saved']);
 
-					$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.local.php</b>', $locale['step_database_error_file']);
-					warning($locale['step_database_error_file'] . '<br/>
+			$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.php</b>', $locale['step_database_error_file']);
+			error($locale['step_database_error_file'] . '<br/>
 				<textarea cols="70" rows="10">' . $content . '</textarea>');
 		}
 	}
-		}
-	}
 }
 ?>
 
 <div class="text-center m-3">
 	<form action="<?php echo BASE_URL; ?>install/" method="post">
 		<input type="hidden" name="step" id="step" value="admin" />
-		<?php echo next_buttons(true, $error ? false : true);
+		<?php echo next_buttons(true, !$error);
 		?>
 	</form>
 </div>

install/steps/6-admin.php

@@ -18,6 +18,7 @@ if(!$error) {
 		'locale' => $locale,
 		'session' => $_SESSION,
 		'account' => $account,
+		'hasTablePlayers' => $db->hasTable('players'),
 		'errors' => isset($errors) ? $errors : null,
 		'buttons' => next_buttons(true, $error ? false : true)
 	));

install/steps/7-finish.php

@@ -1,32 +1,48 @@
 <?php
+
+use MyAAC\Cache\Cache;
+use MyAAC\Models\News;
+use MyAAC\Settings;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
 ini_set('max_execution_time', 300);
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
+	return;
 }
-else {
-	require SYSTEM . 'init.php';
-	if(!$error) {
-		if(USE_ACCOUNT_NAME)
-			$account = isset($_SESSION['var_account']) ? $_SESSION['var_account'] : null;
-		else
-			$account_id = isset($_SESSION['var_account_id']) ? $_SESSION['var_account_id'] : null;
 
-		$password = $_SESSION['var_password'];
+$cache = Cache::getInstance();
+if ($cache->enabled()) {
+	// clear plugin_hooks to have fresh hooks
+	$cache->delete('plugins_hooks');
+}
 
-		if(USE_ACCOUNT_SALT)
-		{
+require SYSTEM . 'init.php';
+if($error) {
+	return;
+}
+
+if(USE_ACCOUNT_NAME || USE_ACCOUNT_NUMBER)
+	$account = $_SESSION['var_account'] ?? null;
+else
+	$account_id = $_SESSION['var_account_id'] ?? null;
+
+$password = $_SESSION['var_password'];
+
+if(USE_ACCOUNT_SALT)
+{
 	$salt = generateRandomString(10, false, true, true);
 	$password = $salt . $password;
-		}
+}
 
-		$account_db = new OTS_Account();
-		if(isset($account))
+$account_db = new OTS_Account();
+if(isset($account))
 	$account_db->find($account);
-		else
+else
 	$account_db->load($account_id);
 
+if ($db->hasTable('players')) {
 	$player_name = $_SESSION['var_player_name'];
 	$player_db = new OTS_Player();
 	$player_db->find($player_name);
@@ -44,16 +60,17 @@ else {
 
 	$groups = new OTS_Groups_List();
 	$player_used->setGroupId($groups->getHighestId());
+}
 
-		$email = $_SESSION['var_email'];
-		if($account_db->isLoaded()) {
+$email = $_SESSION['var_email'];
+if($account_db->isLoaded()) {
 	$account_db->setPassword(encrypt($password));
 	$account_db->setEMail($email);
 	$account_db->save();
 
 	$account_used = &$account_db;
-		}
-		else {
+}
+else {
 	$new_account = new OTS_Account();
 	if(USE_ACCOUNT_NAME) {
 		$new_account->create($account);
@@ -65,64 +82,102 @@ else {
 	$new_account->setPassword(encrypt($password));
 	$new_account->setEMail($email);
 
-			$new_account->unblock();
 	$new_account->save();
 
 	$new_account->setCustomField('created', time());
 	$new_account->logAction('Account created.');
 
 	$account_used = &$new_account;
-		}
+}
 
-		if(USE_ACCOUNT_SALT)
+if(USE_ACCOUNT_SALT)
 	$account_used->setCustomField('salt', $salt);
 
-		$account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
-		$account_used->setCustomField('country', 'us');
-		if($db->hasColumn('accounts', 'group_id'))
+$account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
+$account_used->setCustomField('country', 'us');
+$account_used->setCustomField('email_verified', 1);
+
+if($db->hasColumn('accounts', 'group_id'))
 	$account_used->setCustomField('group_id', $groups->getHighestId());
-		if($db->hasColumn('accounts', 'type'))
+if($db->hasColumn('accounts', 'type'))
 	$account_used->setCustomField('type', 6);
 
-		if(!$player_db->isLoaded())
+if ($db->hasTable('players')) {
+	if(!$player_db->isLoaded()) {
 		$player->setAccountId($account_used->getId());
-		else
-			$player_db->setAccountId($account_used->getId());
-
-		success($locale['step_database_created_account']);
-
-		setSession('account', $account_used->getId());
-		setSession('password', encrypt($password));
-		setSession('remember_me', true);
-
-		if($player_db->isLoaded()) {
-			$player_db->save();
-		}
-		else {
 		$player->save();
 	}
+	else {
+		$player_db->setAccountId($account_used->getId());
+		$player_db->save();
+	}
+}
 
+success($locale['step_database_created_account']);
+
+setSession('account', $account_used->getId());
+setSession('password', encrypt($password));
+setSession('remember_me', true);
+
+if(!News::all()->count()) {
 	$player_id = 0;
-		$query = $db->query("SELECT `id` FROM `players` WHERE `name` = " . $db->quote($player_name) . ";");
-		if($query->rowCount() == 1) {
-			$query = $query->fetch();
-			$player_id = $query['id'];
+
+	if ($db->hasTable('players')) {
+		$tmpNewsPlayer = \MyAAC\Models\Player::where('name', $player_name)->first();
+		if($tmpNewsPlayer) {
+			$player_id = $tmpNewsPlayer->id;
+		}
 	}
 
-		$query = $db->query("SELECT `id` FROM `" . TABLE_PREFIX ."news` WHERE `title` LIKE 'Hello!';");
-		if($query->rowCount() == 0) {
-			if(query("INSERT INTO `" . TABLE_PREFIX ."news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '1', UNIX_TIMESTAMP(), '2', 'Hello!', 'MyAAC is just READY to use!', " . $player_id . ", 'https://my-aac.org', '0');
-	INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '2', UNIX_TIMESTAMP(), '4', 'Hello tickets!', 'https://my-aac.org', " . $player_id . ", '', '0');")) {
+	News::create([
+		'type' => 1,
+		'date' => time(),
+		'category' => 2,
+		'title' => 'Hello!',
+		'body' => 'MyAAC is just READY to use!',
+		'player_id' => $player_id,
+		'comments' => 'https://my-aac.org',
+		'hide' => 0,
+	]);
+
+	News::create([
+		'type' => 2,
+		'date' => time(),
+		'category' => 4,
+		'title' => 'Hello tickers!',
+		'body' => 'https://my-aac.org',
+		'player_id' => $player_id,
+		'comments' => '',
+		'hide' => 0,
+	]);
+
 	success($locale['step_database_created_news']);
-			}
+}
+
+$settings = Settings::getInstance();
+foreach($_SESSION as $key => $value) {
+	if (in_array($key, ['var_usage', 'var_date_timezone', 'var_client'])) {
+		if ($key == 'var_usage') {
+			$key = 'anonymous_usage_statistics';
+			$value = ((int)$value == 1 ? 'true' : 'false');
+		} elseif ($key == 'var_date_timezone') {
+			$key = 'date_timezone';
+		} elseif ($key == 'var_client') {
+			$key = 'client';
 		}
 
-		$twig->display('install.installer.html.twig', array(
+		$settings->updateInDatabase('core', $key, $value);
+	}
+}
+success('Settings saved.');
+
+$twig->display('install.installer.html.twig', array(
 	'url' => 'tools/7-finish.php',
 	'message' => $locale['importing_spinner']
-		));
+));
 
-		if(!isset($_SESSION['installed'])) {
+if(!isset($_SESSION['installed'])) {
+	if (!array_key_exists('CI', getenv())) {
 		$report_url = 'https://my-aac.org/report_install.php?v=' . MYAAC_VERSION . '&b=' . urlencode(BASE_URL);
 		if (function_exists('curl_version'))
 		{
@@ -135,16 +190,9 @@ else {
 		else if (ini_get('allow_url_fopen') ) {
 			file_get_contents($report_url);
 		}
-			$_SESSION['installed'] = true;
 	}
 
-		foreach($_SESSION as $key => $value) {
-			if(strpos($key, 'var_') !== false)
-				unset($_SESSION[$key]);
-		}
-		unset($_SESSION['saved']);
-		if(file_exists(CACHE . 'install.txt')) {
-			unlink(CACHE . 'install.txt');
-		}
-	}
+	$_SESSION['installed'] = true;
 }
+
+$hooks->trigger(HOOK_INSTALL_FINISH_END);

install/template/template.php

@@ -1,12 +1,13 @@
+<?php defined('MYAAC') or die('Direct access not allowed!'); ?>
 <!DOCTYPE html>
 <html dir="<?php echo $locale['direction']; ?>" lang="<?php echo $locale['lang']; ?>" xml:lang="<?php echo $locale['lang']; ?>">
 <head>
 	<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $locale['encoding']; ?>" />
 	<meta name="viewport" content="width=device-width, initial-scale=1">
 	<title>MyAAC - <?php echo $locale['installation']; ?></title>
-	<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-giJF6kkoqNQ00vy+HMDP7azOuL0xtbfIcaT9wjKHr8RbDVddVHyTfAAsrekwKmP1" crossorigin="anonymous">
+	<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-rbsA2VBKQhggwzxH7pPCaAqO46MgnOM80zW1RWuH61DGLwZJEdK2Kadq2F9CUG65" crossorigin="anonymous">
 	<link rel="stylesheet" type="text/css" href="template/style.css" />
-	<script type="text/javascript" src="<?php echo BASE_URL; ?>tools/js/jquery.min.js"></script>
+	<script type="text/javascript" src="<?php echo BASE_URL; ?>tools/ext/jquery/jquery.min.js"></script>
 </head>
 <body>
 
@@ -29,7 +30,7 @@
 								$progress = ($i == 6) ? 100 : $i * 16;
 							}
 
-							echo '<li' . ($step == $value ? ' class="list-group-item active"' : ' class="list-group-item"') . '>' . ++$i . '. ' . $locale['step_' . $value] . '</li>';
+							echo '<li class="list-group-item' . ($step == $value ? ' active' : '') . '">' . ++$i . '. ' . $locale['step_' . $value] . '</li>';
 						}
 
 					?>

install/tools/5-database.php

@@ -7,12 +7,19 @@ require SYSTEM . 'functions.php';
 require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 
+if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
+	warning($locale['already_installed']);
+	return;
+}
+
 $error = false;
 require BASE . 'install/includes/config.php';
 
 ini_set('max_execution_time', 300);
+
+@ob_end_flush();
 ob_implicit_flush();
-ob_end_flush();
+
 header('X-Accel-Buffering: no');
 
 if(!$error) {
@@ -23,24 +30,6 @@ if(!$error) {
 	}
 }
 
-if(!$db->hasTable('accounts')) {
-	$locale['step_database_error_table'] = str_replace('$TABLE$', 'accounts', $locale['step_database_error_table']);
-	error($locale['step_database_error_table']);
-	return;
-}
-
-if(!$db->hasTable('players')) {
-	$locale['step_database_error_table'] = str_replace('$TABLE$', 'players', $locale['step_database_error_table']);
-	error($locale['step_database_error_table']);
-	return;
-}
-
-if(!$db->hasTable('guilds')) {
-	$locale['step_database_error_table'] = str_replace('$TABLE$', 'guilds', $locale['step_database_error_table']);
-	error($locale['step_database_error_table']);
-	return;
-}
-
 if($db->hasTable(TABLE_PREFIX . 'account_actions')) {
 	$locale['step_database_error_table_exist'] = str_replace('$TABLE$', TABLE_PREFIX . 'account_actions', $locale['step_database_error_table_exist']);
 	warning($locale['step_database_error_table_exist']);
@@ -48,6 +37,9 @@ if($db->hasTable(TABLE_PREFIX . 'account_actions')) {
 else {
 	// import schema
 	try {
+		$locale['step_database_importing'] = str_replace('$DATABASE_NAME$', config('database_name'), $locale['step_database_importing']);
+		success($locale['step_database_importing']);
+
 		$db->query(file_get_contents(BASE . 'install/includes/schema.sql'));
 
 		$locale['step_database_success_schema'] = str_replace('$PREFIX$', TABLE_PREFIX, $locale['step_database_success_schema']);
@@ -73,13 +65,8 @@ else {
 		success($locale['step_database_adding_field'] . ' accounts.key...');
 }
 
-if(!$db->hasColumn('accounts', 'blocked')) {
-	if(query("ALTER TABLE `accounts` ADD `blocked` TINYINT(1) NOT NULL DEFAULT FALSE COMMENT 'internal usage' AFTER `key`;"))
-		success($locale['step_database_adding_field'] . ' accounts.blocked...');
-}
-
 if(!$db->hasColumn('accounts', 'created')) {
-	if(query("ALTER TABLE `accounts` ADD `created` INT(11) NOT NULL DEFAULT 0 AFTER `" . ($db->hasColumn('accounts', 'group_id') ? 'group_id' : 'blocked') . "`;"))
+	if(query("ALTER TABLE `accounts` ADD `created` INT(11) NOT NULL DEFAULT 0 AFTER `" . ($db->hasColumn('accounts', 'group_id') ? 'group_id' : 'key') . "`;"))
 		success($locale['step_database_adding_field'] . ' accounts.created...');
 }
 
@@ -159,75 +146,86 @@ if(!$db->hasColumn('accounts', 'premium_points')) {
 		success($locale['step_database_adding_field'] . ' accounts.premium_points...');
 }
 
-if($db->hasColumn('guilds', 'checkdata')) {
-	if(query("ALTER TABLE `guilds` MODIFY `checkdata` INT NOT NULL DEFAULT 0;"))
+if ($db->hasTable('guilds')) {
+	if ($db->hasColumn('guilds', 'checkdata')) {
+		if (query("ALTER TABLE `guilds` MODIFY `checkdata` INT NOT NULL DEFAULT 0;"))
 			success($locale['step_database_modifying_field'] . ' guilds.checkdata...');
-}
+	}
 
-if(!$db->hasColumn('guilds', 'motd')) {
-	if(query("ALTER TABLE `guilds` ADD `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
+	if (!$db->hasColumn('guilds', 'motd')) {
+		if (query("ALTER TABLE `guilds` ADD `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
 			success($locale['step_database_adding_field'] . ' guilds.motd...');
-}
-else {
-	if(query("ALTER TABLE `guilds` MODIFY `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
+	} else {
+		if (query("ALTER TABLE `guilds` MODIFY `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
 			success($locale['step_database_modifying_field'] . ' guilds.motd...');
-}
+	}
 
-if(!$db->hasColumn('guilds', 'description')) {
-	if(query("ALTER TABLE `guilds` ADD `description` TEXT NOT NULL;"))
+	if (!$db->hasColumn('guilds', 'description')) {
+		if (query("ALTER TABLE `guilds` ADD `description` VARCHAR(5000) NOT NULL DEFAULT '';"))
 			success($locale['step_database_adding_field'] . ' guilds.description...');
-}
+	}
+	else {
+		if (query("ALTER TABLE `guilds` MODIFY `description` VARCHAR(5000) NOT NULL DEFAULT '';")) {
+			success($locale['step_database_modifying_field'] . ' guilds.description...');
+		}
+	}
 
-if($db->hasColumn('guilds', 'logo_gfx_name')) {
-	if(query("ALTER TABLE `guilds` CHANGE `logo_gfx_name` `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';")) {
+	if ($db->hasColumn('guilds', 'logo_gfx_name')) {
+		if (query("ALTER TABLE `guilds` CHANGE `logo_gfx_name` `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';")) {
 			$tmp = str_replace('$FIELD$', 'guilds.logo_gfx_name', $locale['step_database_changing_field']);
 			$tmp = str_replace('$FIELD_NEW$', 'guilds.logo_name', $tmp);
 			success($tmp);
 		}
-}
-else if(!$db->hasColumn('guilds', 'logo_name')) {
-	if(query("ALTER TABLE `guilds` ADD `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';"))
+	} else if (!$db->hasColumn('guilds', 'logo_name')) {
+		if (query("ALTER TABLE `guilds` ADD `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';"))
 			success($locale['step_database_adding_field'] . ' guilds.logo_name...');
+	}
 }
 
-if(!$db->hasColumn('players', 'created')) {
-	if(query("ALTER TABLE `players` ADD `created` INT(11) NOT NULL DEFAULT 0;"))
+if ($db->hasTable('players')) {
+	if (!$db->hasColumn('players', 'created')) {
+		if (query("ALTER TABLE `players` ADD `created` INT(11) NOT NULL DEFAULT 0;"))
 			success($locale['step_database_adding_field'] . ' players.created...');
-}
+	}
 
-if(!$db->hasColumn('players', 'deleted') && !$db->hasColumn('players', 'deletion')) {
-	if(query("ALTER TABLE `players` ADD `deleted` TINYINT(1) NOT NULL DEFAULT 0;"))
+	if (!$db->hasColumn('players', 'deleted') && !$db->hasColumn('players', 'deletion')) {
+		if (query("ALTER TABLE `players` ADD `deleted` TINYINT(1) NOT NULL DEFAULT 0;"))
 			success($locale['step_database_adding_field'] . ' players.deleted...');
-}
+	}
 
-if($db->hasColumn('players', 'hide_char')) {
-	if(!$db->hasColumn('players', 'hidden')) {
-		if(query("ALTER TABLE `players` CHANGE `hide_char` `hidden` TINYINT(1) NOT NULL DEFAULT 0;")) {
+	if ($db->hasColumn('players', 'hide_char')) {
+		if (!$db->hasColumn('players', 'hide')) {
+			if (query("ALTER TABLE `players` CHANGE `hide_char` `hide` TINYINT(1) NOT NULL DEFAULT 0;")) {
 				$tmp = str_replace('$FIELD$', 'players.hide_char', $locale['step_database_changing_field']);
-			$tmp = str_replace('$FIELD_NEW$', 'players.hidden', $tmp);
+				$tmp = str_replace('$FIELD_NEW$', 'players.hide', $tmp);
 				success($tmp);
 			}
 		}
-}
-else if(!$db->hasColumn('players', 'hidden')) {
-	if(query("ALTER TABLE `players` ADD `hidden` TINYINT(1) NOT NULL DEFAULT 0;"))
-		success($locale['step_database_adding_field'] . ' players.hidden...');
-}
+	} else if (!$db->hasColumn('players', 'hide')) {
+		if (query("ALTER TABLE `players` ADD `hide` TINYINT(1) NOT NULL DEFAULT 0;"))
+			success($locale['step_database_adding_field'] . ' players.hide...');
+	}
 
-if(!$db->hasColumn('players', 'comment')) {
-	if(query("ALTER TABLE `players` ADD `comment` TEXT NOT NULL;"))
+	if (!$db->hasColumn('players', 'comment')) {
+		if (query("ALTER TABLE `players` ADD `comment` VARCHAR(5000) NOT NULL DEFAULT '';"))
 			success($locale['step_database_adding_field'] . ' players.comment...');
-}
+	}
+	else {
+		if (query("ALTER TABLE `players` MODIFY `comment` VARCHAR(5000) NOT NULL DEFAULT '';")) {
+			success($locale['step_database_modifying_field'] . ' players.comment...');
+		}
+	}
 
-if($db->hasColumn('players', 'rank_id')) {
-	if(query("ALTER TABLE players MODIFY `rank_id` INT(11) NOT NULL DEFAULT 0;"))
+	if ($db->hasColumn('players', 'rank_id')) {
+		if (query("ALTER TABLE players MODIFY `rank_id` INT(11) NOT NULL DEFAULT 0;"))
 			success($locale['step_database_modifying_field'] . ' players.rank_id...');
 
-	if($db->hasColumn('players', 'guildnick')) {
-		if(query("ALTER TABLE players MODIFY `guildnick` VARCHAR(255) NOT NULL DEFAULT '';")) {
+		if ($db->hasColumn('players', 'guildnick')) {
+			if (query("ALTER TABLE players MODIFY `guildnick` VARCHAR(255) NOT NULL DEFAULT '';")) {
 				success($locale['step_database_modifying_field'] . ' players.guildnick...');
 			}
 		}
+	}
 }
 
 if($db->hasTable('z_forum')) {

install/tools/7-finish.php

@@ -1,6 +1,10 @@
 <?php
 define('MYAAC_INSTALL', true);
 
+use MyAAC\DataLoader;
+use MyAAC\Models\FAQ as ModelsFAQ;
+use MyAAC\Plugins;
+
 require_once '../../common.php';
 
 require SYSTEM . 'functions.php';
@@ -8,8 +12,10 @@ require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 
 ini_set('max_execution_time', 300);
+
+@ob_end_flush();
 ob_implicit_flush();
-ob_end_flush();
+
 header('X-Accel-Buffering: no');
 
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
@@ -19,52 +25,85 @@ if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['save
 
 require SYSTEM . 'init.php';
 
-$deleted = 'deleted';
-if($db->hasColumn('players', 'deletion'))
+if ($db->hasTable('players')) {
+	$deleted = 'deleted';
+	if ($db->hasColumn('players', 'deletion'))
 		$deleted = 'deletion';
 
-$time = time();
-function insert_sample_if_not_exist($p) {
+	$time = time();
+	function insert_sample_if_not_exist($p)
+	{
 		global $db, $success, $deleted, $time;
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote($p['name']));
-	if($query->rowCount() == 0) {
-		if(!query("INSERT INTO `players` (`id`, `name`, `group_id`, `account_id`, `level`, `vocation`, `health`, `healthmax`, `experience`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`, `maglevel`, `mana`, `manamax`, `manaspent`, `soul`, `town_id`, `posx`, `posy`, `posz`, `conditions`, `cap`, `sex`, `lastlogin`, `lastip`, `save`, `lastlogout`, `balance`, `$deleted`, `created`, `hidden`, `comment`) VALUES (null, " . $db->quote($p['name']) . ", 1, " . getSession('account') . ", " . $p['level'] . ", " . $p['vocation_id'] . ", " . $p['health'] . ", " . $p['healthmax'] . ", " . $p['experience'] . ", 118, 114, 38, 57, " . $p['looktype'] . ", 0, " . $p['mana'] . ", " . $p['manamax'] . ", 0, " . $p['soul'] . ", 1, 1000, 1000, 7, '', " . $p['cap'] . ", 1, " . $time . ", 2130706433, 1, " . $time . ", 0, 0, " . $time . ", 1, '');"))
+		if ($query->rowCount() == 0) {
+			if (!query("INSERT INTO `players` (`id`, `name`, `group_id`, `account_id`, `level`, `vocation`, `health`, `healthmax`, `experience`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`, `maglevel`, `mana`, `manamax`, `manaspent`, `soul`, `town_id`, `posx`, `posy`, `posz`, `conditions`, `cap`, `sex`, `lastlogin`, `lastip`, `save`, `lastlogout`, `balance`, `$deleted`, `created`, `hide`, `comment`) VALUES (null, " . $db->quote($p['name']) . ", 1, " . getSession('account') . ", " . $p['level'] . ", " . $p['vocation_id'] . ", " . $p['health'] . ", " . $p['healthmax'] . ", " . $p['experience'] . ", 118, 114, 38, 57, " . $p['looktype'] . ", 0, " . $p['mana'] . ", " . $p['manamax'] . ", 0, " . $p['soul'] . ", 1, 1000, 1000, 7, '', " . $p['cap'] . ", 1, " . $time . ", 2130706433, 1, " . $time . ", 0, 0, " . $time . ", 1, '');"))
 				$success = false;
 		}
+	}
+
+	$success = true;
+	insert_sample_if_not_exist(array('name' => 'Rook Sample', 'level' => 1, 'vocation_id' => 0, 'health' => 150, 'healthmax' => 150, 'experience' => 0, 'looktype' => 130, 'mana' => 0, 'manamax' => 0, 'soul' => 100, 'cap' => 400));
+	insert_sample_if_not_exist(array('name' => 'Sorcerer Sample', 'level' => 8, 'vocation_id' => 1, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
+	insert_sample_if_not_exist(array('name' => 'Druid Sample', 'level' => 8, 'vocation_id' => 2, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
+	insert_sample_if_not_exist(array('name' => 'Paladin Sample', 'level' => 8, 'vocation_id' => 3, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 129, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
+	insert_sample_if_not_exist(array('name' => 'Knight Sample', 'level' => 8, 'vocation_id' => 4, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 131, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
+
+	if ($success) {
+		success($locale['step_database_imported_players']);
+	}
 }
 
-$success = true;
-insert_sample_if_not_exist(array('name' => 'Rook Sample', 'level' => 1, 'vocation_id' => 0, 'health' => 150, 'healthmax' => 150, 'experience' => 0, 'looktype' => 130, 'mana' => 0, 'manamax' => 0, 'soul' => 100, 'cap' => 400));
-insert_sample_if_not_exist(array('name' => 'Sorcerer Sample', 'level' => 8, 'vocation_id' => 1, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
-insert_sample_if_not_exist(array('name' => 'Druid Sample', 'level' => 8, 'vocation_id' => 2, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
-insert_sample_if_not_exist(array('name' => 'Paladin Sample', 'level' => 8, 'vocation_id' => 3, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 129, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
-insert_sample_if_not_exist(array('name' => 'Knight Sample', 'level' => 8, 'vocation_id' => 4, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 131, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
-
-if($success) {
-	success($locale['step_database_imported_players']);
-}
-
-require LIBS . 'DataLoader.php';
 DataLoader::setLocale($locale);
 DataLoader::load();
 
+// add menus entries
+require_once SYSTEM . 'migrations/17.php';
+$up();
+
 // update config.highscores_ids_hidden
 require_once SYSTEM . 'migrations/20.php';
-$database_migration_20 = true;
-$content = '';
-if(!databaseMigration20($content)) {
-	$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.local.php</b>', $locale['step_database_error_file']);
-	warning($locale['step_database_error_file'] . '<br/>
-				<textarea cols="70" rows="10">' . $content . '</textarea>');
-}
+$up();
 
 // add z_polls tables
 require_once SYSTEM . 'migrations/22.php';
+$up();
 
 // add myaac_pages pages
 require_once SYSTEM . 'migrations/27.php';
+$up();
 require_once SYSTEM . 'migrations/30.php';
+$up();
+
+// new monster columns
+require_once SYSTEM . 'migrations/31.php';
+$up();
+
+// rules page
+require_once SYSTEM . 'migrations/45.php';
+$up();
+
+if(ModelsFAQ::count() == 0) {
+	ModelsFAQ::create([
+		'question' => 'What is this?',
+		'answer' => 'This is website for OTS powered by MyAAC.',
+	]);
+}
+
+$hooks->trigger(HOOK_INSTALL_FINISH);
+
+$db->setClearCacheAfter(true);
+
+// cleanup
+foreach($_SESSION as $key => $value) {
+	if(str_contains($key, 'var_')) {
+		unset($_SESSION[$key]);
+	}
+}
+unset($_SESSION['saved']);
+if(file_exists(CACHE . 'install.txt')) {
+	unlink(CACHE . 'install.txt');
+}
 
 $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_replace('tools/', '',ADMIN_URL), $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(str_replace('tools/', '', BASE_URL), $locale['step_finish_homepage'], true), $locale['step_finish_desc']);

login.php

@@ -1,7 +1,12 @@
 <?php
+
+use MyAAC\Models\BoostedCreature;
+use MyAAC\Models\PlayerOnline;
+use MyAAC\Models\Account;
+use MyAAC\Models\Player;
+use MyAAC\RateLimit;
+
 require_once 'common.php';
-require_once 'config.php';
-require_once 'config.local.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
 require_once SYSTEM . 'status.php';
@@ -45,9 +50,9 @@ $action = $request->type ?? '';
 
 switch ($action) {
 	case 'cacheinfo':
-		$playersonline = $db->query("select count(*) from `players_online`")->fetchAll();
+		$playersonline = PlayerOnline::count();
 		die(json_encode([
-			'playersonline' => (intval($playersonline[0][0])),
+			'playersonline' => $playersonline,
 			'twitchstreams' => 0,
 			'twitchviewer' => 0,
 			'gamingyoutubestreams' => 0,
@@ -81,14 +86,25 @@ switch ($action) {
 		die(json_encode(['eventlist' => $eventlist, 'lastupdatetimestamp' => time()]));
 
 	case 'boostedcreature':
-		$boostDB = $db->query("select * from " . $db->tableName('boosted_creature'))->fetchAll();
-		foreach ($boostDB as $Tableboost) {
+		$clientVersion = (int)setting('core.client');
+
+		// 13.40 and up
+		if ($clientVersion >= 1340) {
+			$creatureBoost = $db->query("SELECT * FROM " . $db->tableName('boosted_creature'))->fetchAll();
+			$bossBoost     = $db->query("SELECT * FROM " . $db->tableName('boosted_boss'))->fetchAll();
 			die(json_encode([
 				'boostedcreature' => true,
-			'raceid' => intval($Tableboost['raceid'])
+				'creatureraceid'  => intval($creatureBoost[0]['raceid']),
+				'bossraceid'      => intval($bossBoost[0]['raceid'])
 			]));
 		}
-	break;
+
+		// lower clients
+		$boostedCreature = BoostedCreature::first();
+		die(json_encode([
+			'boostedcreature' => true,
+			'raceid' => $boostedCreature->raceid
+		]));
 
 	case 'login':
 
@@ -114,42 +130,76 @@ switch ($action) {
 		];
 
 		$characters = [];
-		$account = new OTS_Account();
 
 		$inputEmail = $request->email ?? false;
 		$inputAccountName = $request->accountname ?? false;
 		$inputToken = $request->token ?? false;
 
+		$account = Account::query();
 		if ($inputEmail != false) { // login by email
-			$account->findByEmail($request->email);
+			$account->where('email', $inputEmail);
 		}
 		else if($inputAccountName != false) { // login by account name
-			$account->find($inputAccountName);
+			$account->where('name', $inputAccountName);
 		}
 
-		$current_password = encrypt((USE_ACCOUNT_SALT ? $account->getCustomField('salt') : '') . $request->password);
+		$account = $account->first();
+
+		$ip = get_browser_real_ip();
+		$limiter = new RateLimit('failed_logins', setting('core.account_login_attempts_limit'), setting('core.account_login_ban_time'));
+		$limiter->enabled = setting('core.account_login_ipban_protection');
+		$limiter->load();
+
+		$ban_msg = 'A wrong account, password or secret has been entered ' . setting('core.account_login_attempts_limit') . ' times in a row. You are unable to log into your account for the next ' . setting('core.account_login_ban_time') . ' minutes. Please wait.';
+		if (!$account) {
+			$limiter->increment($ip);
+			if ($limiter->exceeded($ip)) {
+				sendError($ban_msg);
+			}
+
+			sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');
+		}
+
+		$current_password = encrypt((USE_ACCOUNT_SALT ? $account->salt : '') . $request->password);
+		if (!$account || $account->password != $current_password) {
+			$limiter->increment($ip);
+			if ($limiter->exceeded($ip)) {
+				sendError($ban_msg);
+			}
 
-		if (!$account->isLoaded() || $account->getPassword() != $current_password) {
 			sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');
 		}
 
-		//log_append('test.log', var_export($account->getCustomField('secret'), true));
 		$accountHasSecret = false;
 		if (fieldExist('secret', 'accounts')) {
-			$accountSecret = $account->getCustomField('secret');
+			$accountSecret = $account->secret;
 			if ($accountSecret != null && $accountSecret != '') {
 				$accountHasSecret = true;
 				if ($inputToken === false) {
+					$limiter->increment($ip);
+					if ($limiter->exceeded($ip)) {
+						sendError($ban_msg);
+					}
 					sendError('Submit a valid two-factor authentication token.', 6);
 				} else {
 					require_once LIBS . 'rfc6238.php';
 					if (TokenAuth6238::verify($accountSecret, $inputToken) !== true) {
+						$limiter->increment($ip);
+						if ($limiter->exceeded($ip)) {
+							sendError($ban_msg);
+						}
+
 						sendError('Two-factor authentication failed, token is wrong.', 6);
 					}
 				}
 			}
 		}
 
+		$limiter->reset($ip);
+		if (setting('core.account_mail_verify') && $account->email_verified !== 1) {
+			sendError('You need to verify your account, enter in our site and resend verify e-mail!');
+		}
+
 		// common columns
 		$columns = 'id, name, level, sex, vocation, looktype, lookhead, lookbody, looklegs, lookfeet, lookaddons';
 
@@ -161,18 +211,9 @@ switch ($action) {
 			$columns .= ', istutorial';
 		}
 
-		$players = $db->query("select {$columns} from players where account_id = " . $account->getId() . " AND deletion = 0");
-		if($players && $players->rowCount() > 0) {
-			$players = $players->fetchAll();
-
-			$highestLevelId = 0;
-			$highestLevel = 0;
-			foreach ($players as $player) {
-				if ($player['level'] >= $highestLevel) {
-					$highestLevel = $player['level'];
-					$highestLevelId = $player['id'];
-				}
-			}
+		$players = Player::where('account_id', $account->id)->notDeleted()->selectRaw($columns)->get();
+		if($players && $players->count()) {
+			$highestLevelId = $players->sortByDesc('experience')->first()->getKey();
 
 			foreach ($players as $player) {
 				$characters[] = create_char($player, $highestLevelId);
@@ -182,15 +223,10 @@ switch ($action) {
 		if (fieldExist('premdays', 'accounts') && fieldExist('lastday', 'accounts')) {
 			$save = false;
 			$timeNow = time();
-			$query = $db->query("select `premdays`, `lastday` from `accounts` where `id` = " . $account->getId());
-			if ($query->rowCount() > 0) {
-				$query = $query->fetch();
-				$premDays = (int)$query['premdays'];
-				$lastDay = (int)$query['lastday'];
+			$premDays = $account->premdays;
+			$lastDay = $account->lastday;
 			$lastLogin = $lastDay;
-			} else {
-				sendError("Error while fetching your account data. Please contact admin.");
-			}
+
 			if ($premDays != 0 && $premDays != PHP_INT_MAX) {
 				if ($lastDay == 0) {
 					$lastDay = $timeNow;
@@ -215,7 +251,9 @@ switch ($action) {
 				$save = true;
 			}
 			if ($save) {
-				$db->query("update `accounts` set `premdays` = " . $premDays . ", `lastday` = " . $lastDay . " where `id` = " . $account->getId());
+				$account->premdays = $premDays;
+				$account->lastday = $lastDay;
+				$account->save();
 			}
 		}
 
@@ -237,13 +275,11 @@ switch ($action) {
 			$sessionKey .= "\n".floor(time() / 30);
 		}
 
-		//log_append('slaw.log', $sessionKey);
-
 		$session = [
 			'sessionkey' => $sessionKey,
 			'lastlogintime' => 0,
-			'ispremium' => $config['lua']['freePremium'] || $account->isPremium(),
-			'premiumuntil' => ($account->getPremDays()) > 0 ? (time() + ($account->getPremDays() * 86400)) : 0,
+			'ispremium' => $account->is_premium,
+			'premiumuntil' => ($account->premium_days) > 0 ? (time() + ($account->premium_days * 86400)) : 0,
 			'status' => 'active', // active, frozen or suspended
 			'returnernotification' => false,
 			'showrewardnews' => true,
@@ -261,24 +297,23 @@ switch ($action) {
 }
 
 function create_char($player, $highestLevelId) {
-	global $config;
 	return [
 		'worldid' => 0,
-		'name' => $player['name'],
-		'ismale' => intval($player['sex']) === 1,
-		'tutorial' => isset($player['istutorial']) && $player['istutorial'],
-		'level' => intval($player['level']),
-		'vocation' => $config['vocations'][$player['vocation']],
-		'outfitid' => intval($player['looktype']),
-		'headcolor' => intval($player['lookhead']),
-		'torsocolor' => intval($player['lookbody']),
-		'legscolor' => intval($player['looklegs']),
-		'detailcolor' => intval($player['lookfeet']),
-		'addonsflags' => intval($player['lookaddons']),
-		'ishidden' => isset($player['deletion']) && (int)$player['deletion'] === 1,
+		'name' => $player->name,
+		'ismale' => $player->sex === 1,
+		'tutorial' => isset($player->istutorial) && $player->istutorial,
+		'level' => $player->level,
+		'vocation' => $player->vocation_name,
+		'outfitid' => $player->looktype,
+		'headcolor' => $player->lookhead,
+		'torsocolor' => $player->lookbody,
+		'legscolor' => $player->looklegs,
+		'detailcolor' => $player->lookfeet,
+		'addonsflags' => $player->lookaddons,
+		'ishidden' => $player->is_deleted,
 		'istournamentparticipant' => false,
-		'ismaincharacter' => $highestLevelId == $player['id'],
-		'dailyrewardstate' => isset($player['isreward']) ? intval($player['isreward']) : 0,
+		'ismaincharacter' => $highestLevelId === $player->getKey(),
+		'dailyrewardstate' => $player->isreward ?? 0,
 		'remainingdailytournamentplaytime' => 0
 	];
 }

nginx-sample.conf

@@ -1,29 +1,36 @@
 server {
 	listen 80;
-	root /home/otserv/www/public;
+	root /var/www/html;
 	index index.php;
 	server_name your-domain.com;
 
 	# increase max file upload
 	client_max_body_size 10M;
 
+	# this is very important, be sure its in your nginx conf - it prevents access to logs etc.
+	location ~ /system {
+		deny all;
+	}
+
+	# block .htaccess, CHANGELOG.md, composer.json etc.
+	# this is to prevent finding software versions
+	location ~\.(ht|md|json|dist|sql)$ {
+		deny all;
+	}
+
+	# block git files and folders
+	location ~ /\.git {
+		deny all;
+	}
+
 	location / {
-		try_files $uri $uri/ /index.php;
+		try_files $uri $uri/ /index.php?$query_string;
 	}
 
 	location ~ \.php$ {
 		include snippets/fastcgi-php.conf;
 		fastcgi_read_timeout 240;
 		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
-		# for ubuntu 22.04+ it will be php8.1-sock
-	}
-
-	location ~ /\.ht {
-		deny all;
-	}
-
-	location /system {
-		deny all;
-		return 404;
+		# for ubuntu 22.04+ it will be php8.1-fpm.sock
 	}
 }

npm-post-install.js

@@ -0,0 +1,16 @@
+const fse = require('fs-extra');
+const path = require('path');
+
+const nodeModulesDir = path.join(__dirname, 'node_modules');
+const publicDir = path.join(__dirname, 'tools/ext');
+
+fse.emptyDirSync(path.join(publicDir, 'jquery'));
+fse.emptyDirSync(path.join(publicDir, 'jquery-ui'));
+fse.emptyDirSync(path.join(publicDir, 'bootstrap'));
+fse.emptyDirSync(path.join(publicDir, 'tinymce'));
+fse.emptyDirSync(path.join(publicDir, 'tinymce-jquery'));
+fse.copySync(path.join(nodeModulesDir, 'jquery', 'dist'), path.join(publicDir, 'jquery'), { overwrite: true });
+fse.copySync(path.join(nodeModulesDir, 'jquery-ui', 'dist'), path.join(publicDir, 'jquery-ui'), { overwrite: true });
+fse.copySync(path.join(nodeModulesDir, 'bootstrap', 'dist'), path.join(publicDir, 'bootstrap'), { overwrite: true });
+fse.copySync(path.join(nodeModulesDir, 'tinymce'), path.join(publicDir, 'tinymce'), { overwrite: true });
+fse.copySync(path.join(nodeModulesDir, '@tinymce', 'tinymce-jquery', 'dist'), path.join(publicDir, 'tinymce-jquery'), { overwrite: true });

package.json

@@ -0,0 +1,17 @@
+{
+  "scripts": {
+    "cypress:open": "cypress open",
+    "postinstall": "node ./npm-post-install.js"
+  },
+  "devDependencies": {
+    "cypress": "^14.3.3"
+  },
+  "dependencies": {
+    "@tinymce/tinymce-jquery": "^2.1.0",
+    "bootstrap": "^4.6.2",
+    "fs-extra": "^11.2.0",
+    "jquery": "^3.7.1",
+    "jquery-ui": "^1.13.2",
+    "tinymce": "^7.2.0"
+  }
+}

phpstan-bootstrap.php

@@ -0,0 +1,13 @@
+<?php
+
+require __DIR__ . '/system/libs/pot/OTS.php';
+$ots = POT::getInstance();
+
+require __DIR__ . '/system/libs/pot/InvitesDriver.php';
+require __DIR__ . '/system/libs/rfc6238.php';
+require __DIR__ . '/common.php';
+
+const ACTION = '';
+const PAGE = '';
+const URI = '';
+define('SELF_NAME', basename(__FILE__));

phpstan.neon

@@ -0,0 +1,38 @@
+parameters:
+	level: 3
+	paths:
+		- .
+		- templates/tibiacom
+		- templates/kathrine
+	excludePaths:
+		- system/cache/*
+		- vendor/*
+		- plugins/*
+		- system/libs
+		- tools/signature/mango.php
+		- tools/signature/gd.class.php
+	bootstrapFiles:
+		- phpstan-bootstrap.php
+	ignoreErrors:
+		- '#Variable \$db might not be defined#'
+		- '#Variable \$twig might not be defined#'
+		- '#Variable \$hooks might not be defined#'
+		- '#Variable \$account_logged might not be defined#'
+		- '#Variable \$logged might not be defined#'
+		- '#Variable \$config might not be defined#'
+		- '#Variable \$action might not be defined#'
+		- '#Variable \$errors might not be defined#'
+		- '#Variable \$cache might not be defined#'
+		- '#Variable \$status might not be defined#'
+		- '#Variable \$player might not be defined#'
+		- '#Variable \$guild might not be defined#'
+		- '#Variable \$[a-zA-Z0-9\\_]+ might not be defined#'
+		# Eloquent models
+		- '#Call to an undefined method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+\(\)#'
+		- '#Call to an undefined static method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+\(\)#'
+		# system/pages/highscores.php
+		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$online_status#'
+		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$vocation_name#'
+		-
+			message: '#Variable \$tmp in empty\(\) always exists and is always falsy#'
+			path: templates\kathrine\javascript.php

plugins/.htaccess

@@ -1,11 +1,3 @@
 <IfModule mod_autoindex.c>
 	Options -Indexes
 </IfModule>
-
-<IfVersion < 2.4>
-    order allow,deny
-    deny from all
-</IfVersion>
-<IfVersion >= 2.4>
-    Require all denied
-</IfVersion>

plugins/account-create-hint.json

@@ -1,6 +1,6 @@
 {
 	"name": "create-account-hint",
-	"description": "This plugin display text 'To play on Forgotten you need an account.  All you have to do to create your new account is to enter an account name, password, country and your email address. Also you have to agree to the terms presented below. If you have done so, your account name will be shown on the following page and your account password will be sent to your email address along with further instructions. If you do not receive the email with your password, please check your spam filter.' on the create account page. <strong>Be careful when uninstalling this!</strong>",
+	"description": "This plugin display text 'To play on Forgotten you need an account.  All you have to do to create your new account is to enter an account name, password, country and your email address. Also you have to agree to the terms presented below. If you have done so, your account name will be shown on the following page and your account password will be sent to your email address along with further instructions. If you do not receive the email with your password, please check your spam filter.' on the create account page.",
 	"version": "1.0",
 	"author": "slawkens",
 	"contact": "slawkens@gmail.com",

plugins/account-create-hint/hint.html.twig

@@ -1,3 +1,3 @@
 To play on {{ config.lua.serverName }} you need an account.
-All you have to do to create your new account is to enter an account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %}, password{% if config.recaptcha_enabled %}, confirm reCAPTCHA{% endif %}{% if config.account_country %}, country{% endif %} and your email address.
+All you have to do to create your new account is to enter an account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %}, password{% if setting('core.account_country') %}, country{% endif %} and your email address.
 Also you have to agree to the terms presented below. If you have done so, your account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %} will be shown on the following page and your account password will be sent to your email address along with further instructions. If you do not receive the email with your password, please check your spam filter.<br/><br/>

plugins/account-create-hint/hint.php

@@ -9,7 +9,4 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-global $twig_loader;
-$twig_loader->prependPath(BASE . 'plugins/account-create-hint');
-
-$twig->display('hint.html.twig');
+$twig->display('account-create-hint/hint.html.twig');

plugins/email-confirmed-reward/reward.php

@@ -1,33 +1,35 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
-$reward = config('account_mail_confirmed_reward');
-
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
-if ($reward['coins'] > 0 && $hasCoinsColumn) {
-	log_append('email_confirm_error.log', 'accounts.coins column does not exist.');
+$rewardCoins = setting('core.account_mail_confirmed_reward_coins');
+if ($rewardCoins > 0 && !$hasCoinsColumn) {
+	log_append('error.log', 'email_confirm: accounts.coins column does not exist.');
 }
 
 if (!isset($account) || !$account->isLoaded()) {
-	log_append('email_confirm_error.log', 'Account not loaded.');
 	return;
 }
 
-if ($reward['premium_points'] > 0) {
-	$account->setCustomField('premium_points', (int)$account->getCustomField('premium_points') + $reward['premium_points']);
+$rewardMessage = 'You received %d %s for confirming your E-Mail address.';
 
-	success(sprintf($reward['message'], $reward['premium_points'], 'premium points'));
+$rewardPremiumPoints = setting('core.account_mail_confirmed_reward_premium_points');
+if ($rewardPremiumPoints > 0) {
+	$account->setCustomField('premium_points', (int)$account->getCustomField('premium_points') + $rewardPremiumPoints);
+
+	success(sprintf($rewardMessage, $rewardPremiumPoints, 'premium points'));
 }
 
-if ($reward['coins'] > 0 && $hasCoinsColumn) {
-	$account->setCustomField('coins', (int)$account->getCustomField('coins') + $reward['coins']);
+if ($rewardCoins > 0 && $hasCoinsColumn) {
+	$account->setCustomField('coins', (int)$account->getCustomField('coins') + $rewardCoins);
 
-	success(sprintf($reward['message'], $reward['coins'], 'coins'));
+	success(sprintf($rewardMessage, $rewardCoins, 'coins'));
 }
 
-if ($reward['premium_days'] > 0) {
-	$account->setPremDays($account->getPremDays() + $reward['premium_days']);
+$rewardPremiumDays = setting('core.account_mail_confirmed_reward_premium_days');
+if ($rewardPremiumDays > 0) {
+	$account->setPremDays($account->getPremDays() + $rewardPremiumDays);
 	$account->save();
 
-	success(sprintf($reward['message'], $reward['premium_days'], 'premium days'));
+	success(sprintf($rewardMessage, $rewardPremiumDays, 'premium days'));
 }

plugins/example.json

@@ -25,7 +25,8 @@
 	"hooks": {
 		"Example Hook": {
 			"type": "BEFORE_PAGE",
-			"file": "plugins/example/before.php"
+			"file": "plugins/example/before.php",
+			"priority": 1000
 		}
 	},
 	"routes": {
@@ -33,11 +34,25 @@
 			"pattern": "/YourAwesomePage/{name:string}/{page:int}",
 			"file": "plugins/your-plugin/your-awesome-page.php",
 			"method": "GET",
-			"priority": "130"
+			"priority": 130
 		},
 		"Redirect Example": {
 			"redirect_from": "/redirectExample",
 			"redirect_to": "account/manage"
 		}
+	},
+	"routes-default-priority": 1000,
+	"pages-default-priority": 1000,
+	"settings": "plugins/your-plugin-folder/settings.php",
+	"autoload": {
+		"pages": true,
+		"pages-sub-folders": false,
+		"commands": true,
+		"themes": true,
+		"admin-pages": true,
+		"admin-pages-sub-folders": true,
+		"settings": true,
+		"install": true,
+		"init": false
 	}
  }

release.sh

@@ -22,7 +22,7 @@ if [ $1 = "prepare" ]; then
 	mkdir -p tmp
 
 	# get myaac from git archive
-	git archive --format zip --output tmp/myaac.zip master
+	git archive --format zip --output tmp/myaac.zip main
 
 	cd tmp/ || exit
 
@@ -35,6 +35,15 @@ if [ $1 = "prepare" ]; then
 	unzip -q myaac.zip -d $dir
 	rm myaac.zip
 
+	cd $dir || exit
+
+	# dependencies
+	composer install --no-dev --prefer-dist --optimize-autoloader
+	npm install
+
+	# node_modules is useless, we already have copy in tools/ext
+	rm -R node_modules
+
 	echo "Now you can make changes to $dir. When you are ready, type 'release.sh pack'"
 	exit
 fi

system/autoload.php

@@ -1,206 +0,0 @@
-<?php
-namespace MyAAC;
-
-$loader = new \MyAAC\Psr4AutoloaderClass;
-
- // register the autoloader
-$loader->register();
-
-// register the base directories for the namespace prefix
-$loader->addNamespace('Composer\Semver', LIBS . 'semver');
-$loader->addNamespace('Twig', LIBS . 'Twig');
-/**
- * An example of a general-purpose implementation that includes the optional
- * functionality of allowing multiple base directories for a single namespace
- * prefix.
- *
- * Given a foo-bar package of classes in the file system at the following
- * paths ...
- *
- *     /path/to/packages/foo-bar/
- *         src/
- *             Baz.php             # Foo\Bar\Baz
- *             Qux/
- *                 Quux.php        # Foo\Bar\Qux\Quux
- *         tests/
- *             BazTest.php         # Foo\Bar\BazTest
- *             Qux/
- *                 QuuxTest.php    # Foo\Bar\Qux\QuuxTest
- *
- * ... add the path to the class files for the \Foo\Bar\ namespace prefix
- * as follows:
- *
- *      <?php
- *      // instantiate the loader
- *      $loader = new \Example\Psr4AutoloaderClass;
- *
- *      // register the autoloader
- *      $loader->register();
- *
- *      // register the base directories for the namespace prefix
- *      $loader->addNamespace('Foo\Bar', '/path/to/packages/foo-bar/src');
- *      $loader->addNamespace('Foo\Bar', '/path/to/packages/foo-bar/tests');
- *
- * The following line would cause the autoloader to attempt to load the
- * \Foo\Bar\Qux\Quux class from /path/to/packages/foo-bar/src/Qux/Quux.php:
- *
- *      <?php
- *      new \Foo\Bar\Qux\Quux;
- *
- * The following line would cause the autoloader to attempt to load the
- * \Foo\Bar\Qux\QuuxTest class from /path/to/packages/foo-bar/tests/Qux/QuuxTest.php:
- *
- *      <?php
- *      new \Foo\Bar\Qux\QuuxTest;
- */
-class Psr4AutoloaderClass
-{
-	/**
-	 * An associative array where the key is a namespace prefix and the value
-	 * is an array of base directories for classes in that namespace.
-	 *
-	 * @var array
-	 */
-	protected $prefixes = array();
-
-	/**
-	 * Register loader with SPL autoloader stack.
-	 *
-	 * @return void
-	 */
-	public function register()
-	{
-		spl_autoload_register(array($this, 'loadClass'));
-	}
-
-	/**
-	 * Adds a base directory for a namespace prefix.
-	 *
-	 * @param string $prefix The namespace prefix.
-	 * @param string $base_dir A base directory for class files in the
-	 * namespace.
-	 * @param bool $prepend If true, prepend the base directory to the stack
-	 * instead of appending it; this causes it to be searched first rather
-	 * than last.
-	 * @return void
-	 */
-	public function addNamespace($prefix, $base_dir, $prepend = false)
-	{
-		// normalize namespace prefix
-		$prefix = trim($prefix, '\\') . '\\';
-
-		// normalize the base directory with a trailing separator
-		$base_dir = rtrim($base_dir, DIRECTORY_SEPARATOR) . '/';
-
-		// initialize the namespace prefix array
-		if (isset($this->prefixes[$prefix]) === false) {
-			$this->prefixes[$prefix] = array();
-		}
-
-		// retain the base directory for the namespace prefix
-		if ($prepend) {
-			array_unshift($this->prefixes[$prefix], $base_dir);
-		} else {
-			array_push($this->prefixes[$prefix], $base_dir);
-		}
-	}
-
-	/**
-	 * Loads the class file for a given class name.
-	 *
-	 * @param string $class The fully-qualified class name.
-	 * @return mixed The mapped file name on success, or boolean false on
-	 * failure.
-	 */
-	public function loadClass($class)
-	{
-		if (0 === strpos($class, 'Twig_')) {
-			$file = LIBS . 'Twig/' . str_replace(array('_', "\0"), array('/', ''), $class).'.php';
-
-			if((config('env') === 'dev') && !is_file($file)) {
-				return false;
-			}
-
-			require $file;
-			return false;
-		}
-
-		// the current namespace prefix
-		$prefix = $class;
-
-		// work backwards through the namespace names of the fully-qualified
-		// class name to find a mapped file name
-		while (false !== $pos = strrpos($prefix, '\\')) {
-
-			// retain the trailing namespace separator in the prefix
-			$prefix = substr($class, 0, $pos + 1);
-
-			// the rest is the relative class name
-			$relative_class = substr($class, $pos + 1);
-
-			// try to load a mapped file for the prefix and relative class
-			$mapped_file = $this->loadMappedFile($prefix, $relative_class);
-			if ($mapped_file) {
-				return $mapped_file;
-			}
-
-			// remove the trailing namespace separator for the next iteration
-			// of strrpos()
-			$prefix = rtrim($prefix, '\\');
-		}
-
-		// never found a mapped file
-		return false;
-	}
-
-	/**
-	 * Load the mapped file for a namespace prefix and relative class.
-	 *
-	 * @param string $prefix The namespace prefix.
-	 * @param string $relative_class The relative class name.
-	 * @return mixed Boolean false if no mapped file can be loaded, or the
-	 * name of the mapped file that was loaded.
-	 */
-	protected function loadMappedFile($prefix, $relative_class)
-	{
-		// are there any base directories for this namespace prefix?
-		if (isset($this->prefixes[$prefix]) === false) {
-			return false;
-		}
-
-		// look through base directories for this namespace prefix
-		foreach ($this->prefixes[$prefix] as $base_dir) {
-
-			// replace the namespace prefix with the base directory,
-			// replace namespace separators with directory separators
-			// in the relative class name, append with .php
-			$file = $base_dir
-				. str_replace('\\', '/', $relative_class)
-				. '.php';
-
-			// if the mapped file exists, require it
-			if ($this->requireFile($file)) {
-				// yes, we're done
-				return $file;
-			}
-		}
-
-		// never found it
-		return false;
-	}
-
-	/**
-	 * If a file exists, require it from the file system.
-	 *
-	 * @param string $file The file to require.
-	 * @return bool True if the file exists, false if not.
-	 */
-	protected function requireFile($file)
-	{
-		if (config('env') !== 'dev' || file_exists($file)) {
-			require $file;
-			return true;
-		}
-		return false;
-	}
-}