Update phpstan.neon

Release Candidate.

.github/workflows/phpstan.yml

@@ -0,0 +1,46 @@
+name: "PHPStan"
+
+on:
+  pull_request:
+    branches: [develop]
+  push:
+    branches: [develop]
+
+jobs:
+  tests:
+    name: PhpStan on PHP ${{ matrix.php-versions }}
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        php-versions: [ '8.1', '8.2', '8.3' ]
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v4"
+
+      - name: "Install PHP"
+        uses: "shivammathur/setup-php@v2"
+        with:
+          coverage: "none"
+          extensions: "intl, zip"
+          ini-values: "memory_limit=-1"
+          php-version: "${{ matrix.php-version }}"
+
+      - name: Get composer cache directory
+        id: composer-cache
+        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+
+      - name: Cache composer dependencies
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          # Use composer.json for key, if composer.lock is not committed.
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+
+      - name: "Install composer dependencies"
+        run: "composer install"
+
+      - name: "Run PHPStan"
+        run: "/usr/bin/php vendor/bin/phpstan analyse"

.gitignore

@@ -7,7 +7,6 @@ Thumbs.db
 
 # composer
 composer.phar
-composer.lock
 vendor
 
 # npm

CHANGELOG.md

@@ -1,6 +1,36 @@
 # Changelog
 
-## [1.0-beta - 02.02.2024]
+## [1.0-RC -23.07.2024]
+
+Changes since 1.0-beta:
+
+### Added
+* Feat: Hooks priority (https://github.com/slawkens/myaac/commit/dc17b701da053e04bfa64e21be9247a4f07505e1)
+* Make autoload of pages, commands and themes configurable (https://github.com/slawkens/myaac/commit/c1d4b4f80cd6bb85507ee9471e47013955a26a91)
+* Fraggers in characters page for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/42f99c3edc8de39cccc5632cb42e88b24579c5a6)
+* New hooks: HOOK_INSTALL_FINISH, HOOK_ACCOUNT_CREATE_CHARACTER_* (https://github.com/slawkens/myaac/commit/08ac8ebade106521a5c7396faa5ce7006e629f7c, https://github.com/slawkens/myaac/commit/45dda5e834ff2059faea6ef9be2efa76f1723cbd)
+
+### Changed
+* Allow account_create_character_create even if account_mail_verify is activated (https://github.com/slawkens/myaac/commit/203e411b626fe62401a4b74a48420769e512aa39)
+* Create guild_rank entries, in case MySQL trigger not loaded (https://github.com/slawkens/myaac/commit/d9c1b2507c81f306970642b35e4bf5f7cc04a6f2, https://github.com/slawkens/myaac/commit/47a19e85dd84e9f3b39a1b29cfc2c04b004832b9)
+* Set Admin Account verified by default (https://github.com/slawkens/myaac/commit/cd49dfc79942f3301ce9c0b8d899b9f39bda9a41)
+* Refactor account routes into sub folders (https://github.com/slawkens/myaac/commit/bdc0c43d3fd3a51030c3e916bdb9f008468f5ecd)
+* Order towns by id (https://github.com/slawkens/myaac/commit/9ea2a5067fc4b75de395f381577b18914132ad84)
+* Do not create news about myaac, if any news already exist (on installation (https://github.com/slawkens/myaac/commit/504242fb846b73b56b87bc1e39d070687ad7f5b4)
+
+### Fixed
+* Not working google recaptcha plugin (https://github.com/slawkens/myaac/commit/a1bcb217ecf4e21fd58da4ba491da1852029898a)
+* Not working account create if account_country is disabled (https://github.com/slawkens/myaac/commit/933b681a9fcdbb6283e0469b3806d2ded492d232)
+* Account verify - do not allow login without verified email (Thanks @anyeor, https://github.com/slawkens/myaac/commit/fcb13f3c0fb8ceafda0bd614a229a26a269432bd)
+* Detect tools/ext exists on install to prevent broken installs (https://github.com/slawkens/myaac/commit/10a739773c4f2911876bc802a0ee0537c3e00a92)
+* Cache reloading each time page refreshes (https://github.com/slawkens/myaac/commit/ec96985872057340112f65073efc0c4bf86dddb0)
+* Highscores frags for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/a04d186c22912915f0a7873dfe677ef3b5a23c79)
+* Monsters page: monster not found exception (https://github.com/slawkens/myaac/commit/ef79b99b8acc179f14b8475547347d9daca27512)
+* Fixed bug if \<flags\> are not present in monster.xml (https://github.com/slawkens/myaac/commit/57b47ab7983f625c7c0ef4f5303a4d07ef172786)
+* fastRoute duplicate errors (https://github.com/slawkens/myaac/commit/4c0739d3e93812dff0c33849ea3f38e4e49113ac)
+* useGuildNick displaying (https://github.com/slawkens/myaac/commit/0db0ec1aa47e044c26bc403ff5078a2115d086f8)
+
+## [1.0-beta - 18.05.2024]
 
 Minimum PHP version for this release is 8.1.
 
@@ -22,7 +52,7 @@ Minimum PHP version for this release is 8.1.
   * list of open source libraries used in project page
 * auto-loading of themes, commands & pages from plugins/ folder. You need just to place them in correct folder and they will be loaded automatically - this allows better customization, without interfering with core AAC folders. This will allow in the future automatic updates for plugins as well the AAC as whole.
 * config.php moved to Admin Panel -> Settings page
-* new console script: aac (comes from MyAAC) - using symfony/console
+* new console script: aac - using symfony/console
   * usage: `php aac` (will list all commands by default)
   * example: `php aac cache:clear`
   * example: `php aac plugin:install theme-example.zip`
@@ -46,7 +76,7 @@ Minimum PHP version for this release is 8.1.
 * phpdebug bar (http://phpdebugbar.com/). Activated if env == 'dev', can be also activated in production by enabling "enable_debugbar" in local config
 
 ### Changed
-* Composer is now used for external libraries like: Twig, PHPMailer, fast-route etc.
+* Composer and NPM is now used for external libraries like: Twig, PHPMailer, fast-route, jQuery, Bootstrap etc.
 * mail support is disabled on fresh install, can be manually enabled by user
 * disable add php pages in admin panel for security. Option to disable plugins upload
 * visitors counter shows now user browser, and also if its bot

admin/pages/accounts.php

@@ -404,6 +404,7 @@ else if (isset($_REQUEST['search'])) {
 											   autocomplete="off" maxlength="20"
 											   value="<?php echo $account->getLocation(); ?>"/>
 									</div>
+									<?php if(setting('core.account_country')): ?>
 									<div class="col-12 col-sm-12 col-lg-4">
 										<label for="rl_country">Country:</label>
 										<select name="rl_country" id="rl_country" class="form-control">
@@ -412,6 +413,7 @@ else if (isset($_REQUEST['search'])) {
 											<?php endforeach; ?>
 										</select>
 									</div>
+									<?php endif; ?>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">

admin/pages/notepad.php

@@ -16,7 +16,7 @@ $title = 'Notepad';
 csrfProtect();
 
 /**
- * @var $account_logged OTS_Account
+ * @var OTS_Account $account_logged
  */
 $_content = '';
 $notepad = ModelsNotepad::where('account_id', $account_logged->getId())->first();

admin/pages/players.php

@@ -202,7 +202,7 @@ else if (isset($_REQUEST['search'])) {
 
 			if ($hasBlessingsColumn) {
 				$blessings = $_POST['blessings'];
-				verify_number($blessings, 'Blessings', 2);
+				verify_number($blessings, 'Blessings', 3);
 			}
 
 			$balance = $_POST['balance'];
@@ -274,7 +274,7 @@ else if (isset($_REQUEST['search'])) {
 					$player->setLossContainers($loss_containers);
 					$player->setLossItems($loss_items);
 				}
-				if ($db->hasColumn('players', 'blessings'))
+				if ($hasBlessingsColumn)
 					$player->setBlessings($blessings);
 
 				if ($hasBlessingColumn) {

admin/pages/settings.php

@@ -48,7 +48,7 @@ if (!is_array($settingsFile)) {
 
 $settingsKeyName = ($plugin == 'core' ? $plugin : $settingsFile['key']);
 
-$title = ($plugin == 'core' ? 'Settings' : 'Plugin Settings - ' . $plugin);
+$title = ($plugin == 'core' ? 'Settings' : 'Plugin Settings - ' . $settingsFile['name']);
 
 $settingsParsed = Settings::display($settingsKeyName, $settingsFile['settings']);
 

admin/template/template.php

@@ -6,7 +6,7 @@
 	<?php echo template_header(true); ?>
 	<title><?php echo (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];?></title>
 	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
-	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/ext/admin-lte/css/adminlte.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/adminlte.min.css">
 	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/font-awesome.min.css">
 	<?php if (isset($use_datatable)) { ?>
 	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/datatables.bs.min.css">
@@ -197,7 +197,7 @@ if ($logged && admin()) {
 <script src="<?php echo BASE_URL; ?>tools/js/datatables.min.js"></script>
 <script src="<?php echo BASE_URL; ?>tools/js/datatables.bs.min.js"></script>
 <?php } ?>
-<script src="<?php echo BASE_URL; ?>tools/ext/admin-lte/js/adminlte.min.js"></script>
+<script src="<?php echo BASE_URL; ?>tools/js/adminlte.min.js"></script>
 <?php $hooks->trigger(HOOK_ADMIN_BODY_END); ?>
 </body>
 </html>

common.php

@@ -20,13 +20,13 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
+ * @copyright 2024 MyAAC
  * @link      https://my-aac.org
  */
 if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
 
 const MYAAC = true;
-const MYAAC_VERSION = '1.0-beta';
+const MYAAC_VERSION = '1.0-RC';
 const DATABASE_VERSION = 40;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
@@ -156,7 +156,7 @@ if (file_exists(BASE . 'config.local.php')) {
 
 /** @var array $config */
 ini_set('log_errors', 1);
-if(@$config['env'] === 'dev') {
+if(@$config['env'] === 'dev' || defined('MYAAC_INSTALL')) {
 	ini_set('display_errors', 1);
 	ini_set('display_startup_errors', 1);
 	error_reporting(E_ALL);

composer.json

@@ -15,12 +15,14 @@
         "illuminate/database": "^10.18",
         "peppeocchi/php-cron-scheduler": "4.*",
         "symfony/console": "^6.4",
-        "symfony/string": "^6.4"
-    },
-    "require-dev": {
+        "symfony/string": "^6.4",
+        "symfony/var-dumper": "^6.4",
         "filp/whoops": "^2.15",
         "maximebf/debugbar": "dev-master"
     },
+    "require-dev": {
+        "phpstan/phpstan": "^1.10"
+    },
     "autoload": {
         "psr-4": {
             "MyAAC\\": "system/src"

cypress/e2e/1-install.cy.js

@@ -67,7 +67,7 @@ describe('Install MyAAC', () => {
 
 		cy.get('form').submit()
 
-		cy.contains('[class="alert alert-success"]', 'Congratulations', { timeout: 30000 }).should('be.visible')
+		cy.contains('[class="alert alert-success"]', 'Congratulations', { timeout: 60000 }).should('be.visible')
 
 		cy.wait(2000);
 

install/includes/functions.php

@@ -17,7 +17,7 @@ function query($query)
 
 // define php version id if its not already
 if(!defined('PHP_VERSION_ID')) {
-	$version = explode('.', PHP_VERSION);
+	$version = array_map('intval', explode('.', PHP_VERSION));
 
 	define('PHP_VERSION_ID', ($version[0] * 10000 + $version[1] * 100 + $version[2]));
 }

install/index.php

@@ -3,9 +3,9 @@
 use Twig\Environment as Twig_Environment;
 use Twig\Loader\FilesystemLoader as Twig_FilesystemLoader;
 
-require '../common.php';
+const MYAAC_INSTALL = true;
 
-define('MYAAC_INSTALL', true);
+require '../common.php';
 
 // includes
 require SYSTEM . 'functions.php';

install/steps/3-requirements.php

@@ -2,10 +2,15 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 // configuration
-$dirs_required = [
+$dirs_required_writable = [
 	'system/logs',
 	'system/cache',
 ];
+
+$dirs_required = [
+	'tools/ext' => $locale['step_requirements_folder_not_exists_tools_ext'],
+];
+
 $dirs_optional = [
 	GUILD_IMAGES_DIR => $locale['step_requirements_warning_images_guilds'],
 	GALLERY_DIR => $locale['step_requirements_warning_images_gallery'],
@@ -18,6 +23,7 @@ $extensions_optional = [
 	'gd' => $locale['step_requirements_warning_player_signatures'],
 	'zip' => $locale['step_requirements_warning_install_plugins'],
 ];
+
 /*
  *
  * @param string $name
@@ -41,7 +47,7 @@ $failed = false;
 // start validating
 version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50500), PHP_VERSION);
 
-foreach ($dirs_required as $value)
+foreach ($dirs_required_writable as $value)
 {
 	$is_writable = is_writable(BASE . $value) && (MYAAC_OS != 'WINDOWS' || win_is_writable(BASE . $value));
 	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $is_writable);
@@ -52,6 +58,12 @@ foreach ($dirs_optional as $dir => $errorMsg) {
 	version_check($locale['step_requirements_write_perms'] . ': ' . $dir, $is_writable, $is_writable ? '' : $errorMsg, true);
 }
 
+foreach ($dirs_required as $dir => $errorMsg)
+{
+	$exists = is_dir(BASE . $dir);
+	version_check($locale['step_requirements_folder_exists'] . ': ' . $dir, $exists, $exists ? '' : $errorMsg);
+}
+
 $ini_register_globals = ini_get_bool('register_globals');
 version_check('register_long_arrays', !$ini_register_globals, $ini_register_globals ? $locale['on'] : $locale['off']);
 
@@ -78,4 +90,3 @@ if($failed) {
 }
 
 echo '</div>';
-?>

install/steps/5-database.php

@@ -41,49 +41,50 @@ if(!$error) {
 	$configToSave['cache_engine'] = 'auto';
 	$configToSave['cache_prefix'] = 'myaac_' . generateRandomString(8, true, false, true);
 
+	if(!$error) {
+		$content = '';
+		$saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content);
+		if ($saved) {
+			success($locale['step_database_config_saved']);
+			$_SESSION['saved'] = true;
+
+			require BASE . 'config.local.php';
 			require BASE . 'install/includes/config.php';
 
-	if(!$error) {
+			if (!$error) {
 				require BASE . 'install/includes/database.php';
 
-		$locale['step_database_importing'] = str_replace('$DATABASE_NAME$', config('database_name'), $locale['step_database_importing']);
-		success($locale['step_database_importing']);
-
-		if(isset($database_error)) { // we failed connect to the database
+				if (isset($database_error)) { // we failed connect to the database
 					error($database_error);
 				}
 				else {
-			if(!$db->hasTable('accounts')) {
+					if (!$db->hasTable('accounts')) {
 						$tmp = str_replace('$TABLE$', 'accounts', $locale['step_database_error_table']);
 						error($tmp);
 						$error = true;
 					}
 
-			if(!$db->hasTable('players')) {
+					if (!$db->hasTable('players')) {
 						$tmp = str_replace('$TABLE$', 'players', $locale['step_database_error_table']);
 						error($tmp);
 						$error = true;
 					}
 
-			if(!$db->hasTable('guilds')) {
+					if (!$db->hasTable('guilds')) {
 						$tmp = str_replace('$TABLE$', 'guilds', $locale['step_database_error_table']);
 						error($tmp);
 						$error = true;
 					}
 
-			if(!$error) {
+					if (!$error) {
 						$twig->display('install.installer.html.twig', array(
 							'url' => 'tools/5-database.php',
 							'message' => $locale['loading_spinner']
 						));
-
-				$content = '';
-				$saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content);
-				if($saved) {
-					success($locale['step_database_config_saved']);
-					$_SESSION['saved'] = true;
 					}
-				else {
+				}
+			}
+		} else {
 			$_SESSION['config_content'] = $content;
 			unset($_SESSION['saved']);
 
@@ -92,8 +93,6 @@ if(!$error) {
 				<textarea cols="70" rows="10">' . $content . '</textarea>');
 		}
 	}
-		}
-	}
 }
 ?>
 

install/steps/7-finish.php

@@ -1,5 +1,7 @@
 <?php
 
+use MyAAC\Cache\Cache;
+use MyAAC\Models\News;
 use MyAAC\Settings;
 
 defined('MYAAC') or die('Direct access not allowed!');
@@ -7,56 +9,66 @@ defined('MYAAC') or die('Direct access not allowed!');
 ini_set('max_execution_time', 300);
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
+	return;
 }
-else {
-	require SYSTEM . 'init.php';
-	if(!$error) {
-		if(USE_ACCOUNT_NAME || USE_ACCOUNT_NUMBER)
-			$account = isset($_SESSION['var_account']) ? $_SESSION['var_account'] : null;
-		else
-			$account_id = isset($_SESSION['var_account_id']) ? $_SESSION['var_account_id'] : null;
 
-		$password = $_SESSION['var_password'];
+$cache = Cache::getInstance();
+if ($cache->enabled()) {
+	// clear plugin_hooks to have fresh hooks
+	$cache->delete('plugins_hooks');
+}
 
-		if(USE_ACCOUNT_SALT)
-		{
+require SYSTEM . 'init.php';
+if($error) {
+	return;
+}
+
+if(USE_ACCOUNT_NAME || USE_ACCOUNT_NUMBER)
+	$account = $_SESSION['var_account'] ?? null;
+else
+	$account_id = $_SESSION['var_account_id'] ?? null;
+
+$password = $_SESSION['var_password'];
+
+if(USE_ACCOUNT_SALT)
+{
 	$salt = generateRandomString(10, false, true, true);
 	$password = $salt . $password;
-		}
+}
 
-		$account_db = new OTS_Account();
-		if(isset($account))
+$account_db = new OTS_Account();
+if(isset($account))
 	$account_db->find($account);
-		else
+else
 	$account_db->load($account_id);
 
-		$player_name = $_SESSION['var_player_name'];
-		$player_db = new OTS_Player();
-		$player_db->find($player_name);
+$player_name = $_SESSION['var_player_name'];
+$player_db = new OTS_Player();
+$player_db->find($player_name);
 
-		if(!$player_db->isLoaded())
-		{
+if(!$player_db->isLoaded())
+{
 	$player = new OTS_Player();
 	$player->setName($player_name);
 
 	$player_used = &$player;
-		}
-		else {
+}
+else {
 	$player_used = &$player_db;
-		}
+}
 
-		$groups = new OTS_Groups_List();
-		$player_used->setGroupId($groups->getHighestId());
+$groups = new OTS_Groups_List();
+$player_used->setGroupId($groups->getHighestId());
 
-		$email = $_SESSION['var_email'];
-		if($account_db->isLoaded()) {
+$email = $_SESSION['var_email'];
+if($account_db->isLoaded()) {
 	$account_db->setPassword(encrypt($password));
 	$account_db->setEMail($email);
 	$account_db->save();
 
 	$account_used = &$account_db;
-		}
-		else {
+}
+else {
 	$new_account = new OTS_Account();
 	if(USE_ACCOUNT_NAME) {
 		$new_account->create($account);
@@ -74,53 +86,72 @@ else {
 	$new_account->logAction('Account created.');
 
 	$account_used = &$new_account;
-		}
+}
 
-		if(USE_ACCOUNT_SALT)
+if(USE_ACCOUNT_SALT)
 	$account_used->setCustomField('salt', $salt);
 
-		$account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
-		$account_used->setCustomField('country', 'us');
-		if($db->hasColumn('accounts', 'group_id'))
+$account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
+$account_used->setCustomField('country', 'us');
+$account_used->setCustomField('email_verified', 1);
+
+if($db->hasColumn('accounts', 'group_id'))
 	$account_used->setCustomField('group_id', $groups->getHighestId());
-		if($db->hasColumn('accounts', 'type'))
+if($db->hasColumn('accounts', 'type'))
 	$account_used->setCustomField('type', 6);
 
-		if(!$player_db->isLoaded())
+if(!$player_db->isLoaded())
 	$player->setAccountId($account_used->getId());
-		else
+else
 	$player_db->setAccountId($account_used->getId());
 
-		success($locale['step_database_created_account']);
+success($locale['step_database_created_account']);
 
-		setSession('account', $account_used->getId());
-		setSession('password', encrypt($password));
-		setSession('remember_me', true);
+setSession('account', $account_used->getId());
+setSession('password', encrypt($password));
+setSession('remember_me', true);
 
-		if($player_db->isLoaded()) {
+if($player_db->isLoaded()) {
 	$player_db->save();
-		}
-		else {
+}
+else {
 	$player->save();
-		}
+}
 
+if(!News::all()->count()) {
 	$player_id = 0;
-		$query = $db->query("SELECT `id` FROM `players` WHERE `name` = " . $db->quote($player_name) . ";");
-		if($query->rowCount() == 1) {
-			$query = $query->fetch();
-			$player_id = $query['id'];
+	$tmpNewsPlayer = \MyAAC\Models\Player::where('name', $player_name)->first();
+	if($tmpNewsPlayer) {
+		$player_id = $tmpNewsPlayer->id;
 	}
 
-		$query = $db->query("SELECT `id` FROM `" . TABLE_PREFIX ."news` WHERE `title` LIKE 'Hello!';");
-		if($query->rowCount() == 0) {
-			if(query("INSERT INTO `" . TABLE_PREFIX ."news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hide`) VALUES (NULL, '1', UNIX_TIMESTAMP(), '2', 'Hello!', 'MyAAC is just READY to use!', " . $player_id . ", 'https://my-aac.org', '0');
-	INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hide`) VALUES (NULL, '2', UNIX_TIMESTAMP(), '4', 'Hello tickets!', 'https://my-aac.org', " . $player_id . ", '', '0');")) {
+	News::create([
+		'type' => 1,
+		'date' => time(),
+		'category' => 2,
+		'title' => 'Hello!',
+		'body' => 'MyAAC is just READY to use!',
+		'player_id' => $player_id,
+		'comments' => 'https://my-aac.org',
+		'hide' => 0,
+	]);
+
+	News::create([
+		'type' => 2,
+		'date' => time(),
+		'category' => 4,
+		'title' => 'Hello tickers!',
+		'body' => 'https://my-aac.org',
+		'player_id' => $player_id,
+		'comments' => '',
+		'hide' => 0,
+	]);
+
 	success($locale['step_database_created_news']);
-			}
-		}
+}
 
-		$settings = Settings::getInstance();
-		foreach($_SESSION as $key => $value) {
+$settings = Settings::getInstance();
+foreach($_SESSION as $key => $value) {
 	if (in_array($key, ['var_usage', 'var_date_timezone', 'var_client'])) {
 		if ($key == 'var_usage') {
 			$key = 'anonymous_usage_statistics';
@@ -133,15 +164,15 @@ else {
 
 		$settings->updateInDatabase('core', $key, $value);
 	}
-		}
-		success('Settings saved.');
+}
+success('Settings saved.');
 
-		$twig->display('install.installer.html.twig', array(
+$twig->display('install.installer.html.twig', array(
 	'url' => 'tools/7-finish.php',
 	'message' => $locale['importing_spinner']
-		));
+));
 
-		if(!isset($_SESSION['installed'])) {
+if(!isset($_SESSION['installed'])) {
 	if (!array_key_exists('CI', getenv())) {
 		$report_url = 'https://my-aac.org/report_install.php?v=' . MYAAC_VERSION . '&b=' . urlencode(BASE_URL);
 		if (function_exists('curl_version'))
@@ -158,15 +189,15 @@ else {
 	}
 
 	$_SESSION['installed'] = true;
-		}
+}
 
-		foreach($_SESSION as $key => $value) {
+foreach($_SESSION as $key => $value) {
 	if(strpos($key, 'var_') !== false)
 		unset($_SESSION[$key]);
-		}
-		unset($_SESSION['saved']);
-		if(file_exists(CACHE . 'install.txt')) {
-			unlink(CACHE . 'install.txt');
-		}
-	}
 }
+unset($_SESSION['saved']);
+if(file_exists(CACHE . 'install.txt')) {
+	unlink(CACHE . 'install.txt');
+}
+
+$hooks->trigger(HOOK_INSTALL_FINISH_END);

install/tools/5-database.php

@@ -32,6 +32,9 @@ if($db->hasTable(TABLE_PREFIX . 'account_actions')) {
 else {
 	// import schema
 	try {
+		$locale['step_database_importing'] = str_replace('$DATABASE_NAME$', config('database_name'), $locale['step_database_importing']);
+		success($locale['step_database_importing']);
+
 		$db->query(file_get_contents(BASE . 'install/includes/schema.sql'));
 
 		$locale['step_database_success_schema'] = str_replace('$PREFIX$', TABLE_PREFIX, $locale['step_database_success_schema']);
@@ -138,75 +141,76 @@ if(!$db->hasColumn('accounts', 'premium_points')) {
 		success($locale['step_database_adding_field'] . ' accounts.premium_points...');
 }
 
-if($db->hasColumn('guilds', 'checkdata')) {
-	if(query("ALTER TABLE `guilds` MODIFY `checkdata` INT NOT NULL DEFAULT 0;"))
+if ($db->hasTable('guilds')) {
+	if ($db->hasColumn('guilds', 'checkdata')) {
+		if (query("ALTER TABLE `guilds` MODIFY `checkdata` INT NOT NULL DEFAULT 0;"))
 			success($locale['step_database_modifying_field'] . ' guilds.checkdata...');
-}
+	}
 
-if(!$db->hasColumn('guilds', 'motd')) {
-	if(query("ALTER TABLE `guilds` ADD `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
+	if (!$db->hasColumn('guilds', 'motd')) {
+		if (query("ALTER TABLE `guilds` ADD `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
 			success($locale['step_database_adding_field'] . ' guilds.motd...');
-}
-else {
-	if(query("ALTER TABLE `guilds` MODIFY `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
+	} else {
+		if (query("ALTER TABLE `guilds` MODIFY `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
 			success($locale['step_database_modifying_field'] . ' guilds.motd...');
-}
+	}
 
-if(!$db->hasColumn('guilds', 'description')) {
-	if(query("ALTER TABLE `guilds` ADD `description` TEXT NOT NULL;"))
+	if (!$db->hasColumn('guilds', 'description')) {
+		if (query("ALTER TABLE `guilds` ADD `description` TEXT NOT NULL;"))
 			success($locale['step_database_adding_field'] . ' guilds.description...');
-}
+	}
 
-if($db->hasColumn('guilds', 'logo_gfx_name')) {
-	if(query("ALTER TABLE `guilds` CHANGE `logo_gfx_name` `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';")) {
+	if ($db->hasColumn('guilds', 'logo_gfx_name')) {
+		if (query("ALTER TABLE `guilds` CHANGE `logo_gfx_name` `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';")) {
 			$tmp = str_replace('$FIELD$', 'guilds.logo_gfx_name', $locale['step_database_changing_field']);
 			$tmp = str_replace('$FIELD_NEW$', 'guilds.logo_name', $tmp);
 			success($tmp);
 		}
-}
-else if(!$db->hasColumn('guilds', 'logo_name')) {
-	if(query("ALTER TABLE `guilds` ADD `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';"))
+	} else if (!$db->hasColumn('guilds', 'logo_name')) {
+		if (query("ALTER TABLE `guilds` ADD `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';"))
 			success($locale['step_database_adding_field'] . ' guilds.logo_name...');
+	}
 }
 
-if(!$db->hasColumn('players', 'created')) {
-	if(query("ALTER TABLE `players` ADD `created` INT(11) NOT NULL DEFAULT 0;"))
+if ($db->hasTable('players')) {
+	if (!$db->hasColumn('players', 'created')) {
+		if (query("ALTER TABLE `players` ADD `created` INT(11) NOT NULL DEFAULT 0;"))
 			success($locale['step_database_adding_field'] . ' players.created...');
-}
+	}
 
-if(!$db->hasColumn('players', 'deleted') && !$db->hasColumn('players', 'deletion')) {
-	if(query("ALTER TABLE `players` ADD `deleted` TINYINT(1) NOT NULL DEFAULT 0;"))
+	if (!$db->hasColumn('players', 'deleted') && !$db->hasColumn('players', 'deletion')) {
+		if (query("ALTER TABLE `players` ADD `deleted` TINYINT(1) NOT NULL DEFAULT 0;"))
 			success($locale['step_database_adding_field'] . ' players.deleted...');
-}
+	}
 
-if($db->hasColumn('players', 'hide_char')) {
-	if(!$db->hasColumn('players', 'hide')) {
-		if(query("ALTER TABLE `players` CHANGE `hide_char` `hide` TINYINT(1) NOT NULL DEFAULT 0;")) {
+	if ($db->hasColumn('players', 'hide_char')) {
+		if (!$db->hasColumn('players', 'hide')) {
+			if (query("ALTER TABLE `players` CHANGE `hide_char` `hide` TINYINT(1) NOT NULL DEFAULT 0;")) {
 				$tmp = str_replace('$FIELD$', 'players.hide_char', $locale['step_database_changing_field']);
 				$tmp = str_replace('$FIELD_NEW$', 'players.hide', $tmp);
 				success($tmp);
 			}
 		}
-}
-else if(!$db->hasColumn('players', 'hide')) {
-	if(query("ALTER TABLE `players` ADD `hide` TINYINT(1) NOT NULL DEFAULT 0;"))
+	} else if (!$db->hasColumn('players', 'hide')) {
+		if (query("ALTER TABLE `players` ADD `hide` TINYINT(1) NOT NULL DEFAULT 0;"))
 			success($locale['step_database_adding_field'] . ' players.hide...');
-}
+	}
 
-if(!$db->hasColumn('players', 'comment')) {
-	if(query("ALTER TABLE `players` ADD `comment` TEXT NOT NULL;"))
+	if (!$db->hasColumn('players', 'comment')) {
+		if (query("ALTER TABLE `players` ADD `comment` TEXT NOT NULL;"))
 			success($locale['step_database_adding_field'] . ' players.comment...');
-}
+	}
 
-if($db->hasColumn('players', 'rank_id')) {
-	if(query("ALTER TABLE players MODIFY `rank_id` INT(11) NOT NULL DEFAULT 0;"))
+	if ($db->hasColumn('players', 'rank_id')) {
+		if (query("ALTER TABLE players MODIFY `rank_id` INT(11) NOT NULL DEFAULT 0;"))
 			success($locale['step_database_modifying_field'] . ' players.rank_id...');
 
-	if($db->hasColumn('players', 'guildnick')) {
-		if(query("ALTER TABLE players MODIFY `guildnick` VARCHAR(255) NOT NULL DEFAULT '';")) {
+		if ($db->hasColumn('players', 'guildnick')) {
+			if (query("ALTER TABLE players MODIFY `guildnick` VARCHAR(255) NOT NULL DEFAULT '';")) {
 				success($locale['step_database_modifying_field'] . ' players.guildnick...');
 			}
 		}
+	}
 }
 
 if($db->hasTable('z_forum')) {

install/tools/7-finish.php

@@ -77,6 +77,8 @@ if(ModelsFAQ::count() == 0) {
 	]);
 }
 
+$hooks->trigger(HOOK_INSTALL_FINISH);
+
 $db->setClearCacheAfter(true);
 
 $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_replace('tools/', '',ADMIN_URL), $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);

nginx-sample.conf

@@ -10,17 +10,20 @@ server {
 	# this is very important, be sure its in your nginx conf - it prevents access to logs etc.
 	location ~ /system {
 		deny all;
-		return 404;
 	}
 
-	# block .htaccess
-	location ~ /\.ht {
+	location /vendor {
+		deny all;
+	}
+
+	# block .htaccess, CHANGELOG.md, composer.json etc.
+	# this is to prevent finding software versions
+	location ~\.(ht|md|json|dist)$ {
 		deny all;
 	}
 
 	# block git files and folders
 	location ~ /\.git {
-		return 404;
 		deny all;
 	}
 

phpstan-bootstrap.php

@@ -0,0 +1,13 @@
+<?php
+
+require __DIR__ . '/system/libs/pot/OTS.php';
+$ots = POT::getInstance();
+
+require __DIR__ . '/system/libs/pot/InvitesDriver.php';
+require __DIR__ . '/system/libs/rfc6238.php';
+require __DIR__ . '/common.php';
+
+const ACTION = '';
+const PAGE = '';
+const URI = '';
+define('SELF_NAME', basename(__FILE__));

phpstan.neon

@@ -0,0 +1,39 @@
+parameters:
+	level: 3
+	paths:
+		- .
+		- templates/tibiacom
+		- templates/kathrine
+	excludePaths:
+		- system/cache/*
+		- vendor/*
+		- plugins/*
+		- system/libs
+		- tools/signature/mango.php
+		- tools/signature/gd.class.php
+	bootstrapFiles:
+		- phpstan-bootstrap.php
+	ignoreErrors:
+		- '#Variable \$db might not be defined#'
+		- '#Variable \$twig might not be defined#'
+		- '#Variable \$hooks might not be defined#'
+		- '#Variable \$account_logged might not be defined#'
+		- '#Variable \$logged might not be defined#'
+		- '#Variable \$config might not be defined#'
+		- '#Variable \$action might not be defined#'
+		- '#Variable \$errors might not be defined#'
+		- '#Variable \$cache might not be defined#'
+		- '#Variable \$status might not be defined#'
+		- '#Variable \$player might not be defined#'
+		- '#Variable \$guild might not be defined#'
+		- '#Variable \$[a-zA-Z0-9\\_]+ might not be defined#'
+		# Eloquent models
+		- '#Call to an undefined static method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+\(\)#'
+		- '#Call to an undefined method object::toArray\(\)#'
+		# system/pages/highscores.php
+		- '#Call to an undefined method Illuminate\\Database\\Query\\Builder::withOnlineStatus\(\)#'
+		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$online_status#'
+		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$vocation_name#'
+		-
+			message: '#Variable \$tmp in empty\(\) always exists and is always falsy#'
+			path: templates\kathrine\javascript.php

plugins/email-confirmed-reward/reward.php

@@ -1,8 +1,6 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
-$reward = setting('core.account_mail_confirmed_reward');
-
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $rewardCoins = setting('core.account_mail_confirmed_reward_coins');
 if ($rewardCoins > 0 && !$hasCoinsColumn) {

plugins/example.json

@@ -25,7 +25,8 @@
 	"hooks": {
 		"Example Hook": {
 			"type": "BEFORE_PAGE",
-			"file": "plugins/example/before.php"
+			"file": "plugins/example/before.php",
+			"priority": 1000
 		}
 	},
 	"routes": {
@@ -33,12 +34,20 @@
 			"pattern": "/YourAwesomePage/{name:string}/{page:int}",
 			"file": "plugins/your-plugin/your-awesome-page.php",
 			"method": "GET",
-			"priority": "130"
+			"priority": 130
 		},
 		"Redirect Example": {
 			"redirect_from": "/redirectExample",
 			"redirect_to": "account/manage"
 		}
 	},
-	"settings": "plugins/your-plugin-folder/settings.php"
+	"routes-default-priority": 1000,
+	"pages-default-priority": 1000,
+	"settings": "plugins/your-plugin-folder/settings.php",
+	"autoload": {
+		"pages": true,
+		"pagesSubFolders": false,
+		"commands": true,
+		"themes": true
+	}
  }

release.sh

@@ -38,7 +38,11 @@ if [ $1 = "prepare" ]; then
 	cd $dir || exit
 
 	# dependencies
-	composer install --prefer-dist --optimize-autoloader
+	composer install --no-dev --prefer-dist --optimize-autoloader
+	npm install
+
+	# node_modules is useless, we already have copy in tools/ext
+	rm -R node_modules
 
 	echo "Now you can make changes to $dir. When you are ready, type 'release.sh pack'"
 	exit

system/database.php

@@ -127,6 +127,7 @@ try {
 	}
 
 	if(defined('MYAAC_INSTALL')) {
+		$error = $e->getMessage();
 		return; // installer will take care of this
 	}
 

system/functions.php

@@ -87,18 +87,29 @@ function getForumBoardLink($board_id, $page = NULL): string {
 	return BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'forum/board/' . (int)$board_id . (isset($page) ? '/' . $page : '');
 }
 
-function getPlayerLink($name, $generate = true): string
+function getPlayerLink($name, $generate = true, bool $colored = false): string
 {
-	if(is_numeric($name))
-	{
 	$player = new OTS_Player();
+
+	if(is_numeric($name)) {
 		$player->load((int)$name);
-		if($player->isLoaded())
-			$name = $player->getName();
+	}
+	else {
+		$player->find($name);
 	}
 
+	if (!$player->isLoaded()) {
+		return '(error)';
+	}
+
+	$name = $player->getName();
+
 	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'characters/' . urlencode($name);
 
+	if ($colored) {
+		$name = '<span style="color: ' . ($player->isOnline() ? 'green' : 'red') . ';">' . $name . '</span>';
+	}
+
 	if(!$generate) return $url;
 	return generateLink($url, $name);
 }
@@ -418,7 +429,10 @@ function delete_guild($id)
 	if(count($rank_list) > 0) {
 		$rank_list->orderBy('level');
 
-		global $db, $ots;
+		global $db;
+		/**
+		 * @var OTS_GuildRank $rank_in_guild
+		 */
 		foreach($rank_list as $rank_in_guild) {
 			if($db->hasTable('guild_members'))
 				$players_with_rank = $db->query('SELECT `players`.`id` as `id`, `guild_members`.`rank_id` as `rank_id` FROM `players`, `guild_members` WHERE `guild_members`.`rank_id` = ' . $rank_in_guild->getId() . ' AND `players`.`id` = `guild_members`.`player_id` ORDER BY `name`;');
@@ -710,11 +724,8 @@ function getSkillName($skillId, $suffix = true)
 /**
  * Performs flag check on the current logged in user.
  * Table in database: accounts, field: website_flags
- *
- * @param int @flag Flag to be verified.
- * @return bool If user got flag.
  */
-function hasFlag($flag) {
+function hasFlag(int $flag): bool {
 	global $logged, $logged_flags;
 	return ($logged && ($logged_flags & $flag) == $flag);
 }
@@ -1623,7 +1634,7 @@ function removeIfFirstSlash(&$text) {
 };
 
 function escapeHtml($html) {
-	return htmlentities($html, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
+	return htmlspecialchars($html);
 }
 
 function getGuildNameById($id)

system/init.php

@@ -134,10 +134,6 @@ $ots = POT::getInstance();
 $eloquentConnection = null;
 require_once SYSTEM . 'database.php';
 
-if ($config_lua_reload) {
-	clearCache();
-}
-
 // verify myaac tables exists in database
 if(!defined('MYAAC_INSTALL') && !$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table myaac_account_actions of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting ' . BASE_URL . 'install');
@@ -163,8 +159,8 @@ date_default_timezone_set(setting('core.date_timezone'));
 
 setting(
 	[
-		'core.account_create_character_create',
-		setting('core.account_create_character_create') && (!setting('core.mail_enabled') || !setting('core.account_mail_verify'))
+		'core.account_mail_verify',
+		setting('core.account_mail_verify') && setting('core.mail_enabled')
 	]
 );
 

system/libs/pot/OTS_Base_DAO.php

@@ -83,38 +83,4 @@ abstract class OTS_Base_DAO implements IOTS_DAO
     {
         unset($this->data['id']);
     }
-
-/**
- * Magic PHP5 method.
- * 
- * <p>
- * Allows object importing from {@link http://www.php.net/manual/en/function.var-export.php var_export()}.
- * </p>
- * 
- * @version 0.1.0
- * @param array $properties List of object properties.
- */
-    public static function __set_state($properties)
-    {
-        // deletes database handle
-        if( isset($properties['db']) )
-        {
-            unset($properties['db']);
-        }
-
-        // initializes new object with current database connection
-        $object = new self();
-
-        // loads properties
-        foreach($properties as $name => $value)
-        {
-            $object->$name = $value;
-        }
-
-        return $object;
-    }
 }
-
-/**#@-*/
-
-?>

system/libs/pot/OTS_Buffer.php

@@ -196,6 +196,16 @@ class OTS_Buffer
 		return $value[1];
 	}
 
+	public function getLongLong()
+	{
+		// checks buffer size
+		$this->check(8);
+
+		$value = unpack('P', substr($this->buffer, $this->pos, 8) );
+		$this->pos += 8;
+		return $value[1];
+	}
+
 /**
  * Appends quater byte to buffer.
  *

system/libs/pot/OTS_Monster.php

@@ -135,13 +135,14 @@ class OTS_Monster extends DOMDocument
 	{
 		$flags = array();
 
-        // read all flags
+		if ($this->documentElement->getElementsByTagName('flags')->item(0)) {
 			foreach( $this->documentElement->getElementsByTagName('flags')->item(0)->getElementsByTagName('flag') as $flag)
 			{
 				$flag = $flag->attributes->item(0);
 
 				$flags[$flag->nodeName] = (int) $flag->nodeValue;
 			}
+		}
 
 		return $flags;
 	}

system/libs/pot/OTS_Player.php

@@ -90,7 +90,7 @@ class OTS_Player extends OTS_Row_DAO
  * @version 0.1.2
  * @var array
  */
-    private $data = array('sex' => 0, 'vocation' => 0, 'experience' => 0, 'level' => 1, 'maglevel' => 0, 'health' => 100, 'healthmax' => 100, 'mana' => 100, 'manamax' => 100, 'manaspent' => 0, 'soul' => 0, 'lookbody' => 10, 'lookfeet' => 10, 'lookhead' => 10, 'looklegs' => 10, 'looktype' => 136, 'lookaddons' => 0, 'posx' => 0, 'posy' => 0, 'posz' => 0, 'cap' => 0, 'lastlogin' => 0, 'lastip' => 0, 'save' => true, 'skulltime' => 0, 'skull' => 0, 'balance' => 0, 'lastlogout' => 0, 'blessings' => 0, 'stamina' => 0, 'online' => 0, 'comment' => '', 'created' => 0, 'hide' => 0);
+    private $data = array('group_id' => 1, 'sex' => 0, 'vocation' => 0, 'experience' => 0, 'level' => 1, 'maglevel' => 0, 'health' => 100, 'healthmax' => 100, 'mana' => 100, 'manamax' => 100, 'manaspent' => 0, 'soul' => 0, 'lookbody' => 10, 'lookfeet' => 10, 'lookhead' => 10, 'looklegs' => 10, 'looktype' => 136, 'lookaddons' => 0, 'posx' => 0, 'posy' => 0, 'posz' => 0, 'cap' => 0, 'lastlogin' => 0, 'lastip' => 0, 'save' => true, 'skulltime' => 0, 'skull' => 0, 'balance' => 0, 'lastlogout' => 0, 'blessings' => 0, 'stamina' => 0, 'online' => 0, 'comment' => '', 'created' => 0, 'hide' => 0);
 
 /**
  * Player skills.
@@ -1229,6 +1229,13 @@ class OTS_Player extends OTS_Row_DAO
         $this->data['direction'] = (int) $direction;
     }
 
+	public function getOutfit(): string
+	{
+		$hasLookAddons = $this->db->hasColumn('players', 'lookaddons');
+
+		return setting('core.outfit_images_url') . '?id=' . $this->getLookType() . ($hasLookAddons ? '&addons=' . $this->getLookAddons() : '') . '&head=' . $this->getLookHead() . '&body=' . $this->getLookBody() . '&legs=' . $this->getLookLegs() . '&feet=' . $this->getLookFeet();
+	}
+
 /**
  * Body color.
  *

system/locale/de/install.php

@@ -36,6 +36,10 @@ $locale['step_requirements'] = 'Anforderungen';
 $locale['step_requirements_title'] = 'Anforderungen überprüfen';
 $locale['step_requirements_php_version'] = 'PHP Version';
 $locale['step_requirements_write_perms'] = 'Schreibberechtigungen';
+$locale['step_requirements_folder_exists'] = 'Ordner ist vorhanden';
+$locale['step_requirements_folder_not_exists_tools_ext'] = 'NPM Package Manager wird verwendet für externe JavaScript/CSS Bibliotheken.'
+	. ' Es sollte via Command Line installiert werden: <a href="https://docs.npmjs.com/downloading-and-installing-node-js-and-npm">https://docs.npmjs.com/downloading-and-installing-node-js-and-npm</a>'
+	. ' Nachdem das Tool installiert wurde, folgende Befehl sollte ausgeführt in dem Hauptordner des MyAACs: "npm install".';
 $locale['step_requirements_failed'] = 'Die Installation wird deaktiviert, bis diese Anforderungen erfüllt sind.</b><br/>Für weitere Informationen siehe <b>README</b> Datei.';
 $locale['step_requirements_extension'] = '$EXTENSION$ PHP Erweiterung';
 

system/locale/en/install.php

@@ -36,6 +36,10 @@ $locale['step_requirements'] = 'Requirements';
 $locale['step_requirements_title'] = 'Requirements check';
 $locale['step_requirements_php_version'] = 'PHP Version';
 $locale['step_requirements_write_perms'] = 'Write permissions';
+$locale['step_requirements_folder_exists'] = 'Directory exists';
+$locale['step_requirements_folder_not_exists_tools_ext'] = 'NPM Package Manager is used for external JavaScript/CSS libraries.'
+	. ' You need to install it through Command Line: <a href="https://docs.npmjs.com/downloading-and-installing-node-js-and-npm">https://docs.npmjs.com/downloading-and-installing-node-js-and-npm</a>'
+	. ' When you done with installing that tool, execute: "npm install" in the main MyAAC folder.';
 $locale['step_requirements_failed'] = 'Installation will be disabled until these requirements will be passed.</b><br/>For more informations see <b>README</b> file.';
 $locale['step_requirements_extension'] = '$EXTENSION$ PHP extension';
 $locale['step_requirements_warning_images_guilds'] = 'Guild logo upload will not work';

system/locale/pl/install.php

@@ -36,6 +36,10 @@ $locale['step_requirements'] = 'Wymagania';
 $locale['step_requirements_title'] = 'Sprawdzanie wymagań';
 $locale['step_requirements_php_version'] = 'Wersja PHP';
 $locale['step_requirements_write_perms'] = 'Uprawnienia do zapisu';
+$locale['step_requirements_folder_exists'] = 'Folder istnieje';
+$locale['step_requirements_folder_not_exists_tools_ext'] = 'Manadżer Pakietów NPM jest używany do zewnętrznych bibliotek JavaScript/CSS.'
+	. ' Trzeba go zainstalować poprzez wiersz poleceń: <a href="https://docs.npmjs.com/downloading-and-installing-node-js-and-npm">https://docs.npmjs.com/downloading-and-installing-node-js-and-npm</a>'
+	. ' Po instalacji narzędzia, wywołaj następujące polecenie w głownym katalogu MyAAC: "npm install".';
 $locale['step_requirements_failed'] = 'Instalacja zostanie zablokowana dopóki te wymagania nie zostaną spełnione.</b><br/>Po więcej informacji zasięgnij do pliku <b>README</b>.';
 $locale['step_requirements_extension'] = 'Rozszerzenie PHP - $EXTENSION$';
 $locale['step_requirements_warning_images_guilds'] = 'Nie będzie możliwości uploadu obrazków gildii';

system/logout.php

@@ -22,11 +22,5 @@ if(isset($account_logged) && $account_logged->isLoaded()) {
 
 		$logged = false;
 		unset($account_logged);
-
-		if(isset($_REQUEST['redirect']))
-		{
-			header('Location: ' . urldecode($_REQUEST['redirect']));
-			exit;
-		}
 	}
 }

system/pages/account/base.php

@@ -12,6 +12,8 @@ defined('MYAAC') or die('Direct access not allowed!');
 
 if(!$logged)
 {
+	$title = 'Login';
+
 	if(!empty($errors))
 		$twig->display('error_box.html.twig', array('errors' => $errors));
 
@@ -19,7 +21,8 @@ if(!$logged)
 		'redirect' => $_REQUEST['redirect'] ?? null,
 		'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
 		'account_login_by' => getAccountLoginByLabel(),
-		'error' => $errors[0] ?? null
+		'error' => $errors[0] ?? null,
+		'errors' => $errors ?? [],
 	));
 
 	return;

system/pages/account/change-email.php

@@ -57,14 +57,14 @@ if($email_new_time < 10) {
 			$twig->display('error_box.html.twig', array('errors' => $errors));
 
 			//show form
-			$twig->display('account.change_mail.html.twig', array(
+			$twig->display('account.change-email.html.twig', array(
 				'new_email' => isset($_POST['new_email']) ? $_POST['new_email'] : null
 			));
 		}
 	}
 	else
 	{
-		$twig->display('account.change_mail.html.twig', array(
+		$twig->display('account.change-email.html.twig', array(
 			'new_email' => isset($_POST['new_email']) ? $_POST['new_email'] : null
 		));
 	}

system/pages/account/change-info.php

@@ -26,12 +26,13 @@ if(setting('core.account_country'))
 $account = Account::find($account_logged->getId());
 
 $show_form = true;
-$new_rlname = isset($_POST['info_rlname']) ? htmlspecialchars(stripslashes($_POST['info_rlname'])) : NULL;
-$new_location = isset($_POST['info_location']) ? htmlspecialchars(stripslashes($_POST['info_location'])) : NULL;
-$new_country = isset($_POST['info_country']) ? htmlspecialchars(stripslashes($_POST['info_country'])) : NULL;
+$new_rlname = isset($_POST['info_rlname']) ? htmlspecialchars(stripslashes($_POST['info_rlname'])) : '';
+$new_location = isset($_POST['info_location']) ? htmlspecialchars(stripslashes($_POST['info_location'])) : '';
+$new_country = isset($_POST['info_country']) ? htmlspecialchars(stripslashes($_POST['info_country'])) : '';
 if(isset($_POST['changeinfosave']) && $_POST['changeinfosave'] == 1) {
-	if(!isset($config['countries'][$new_country]))
+	if(setting('core.account_country') && !isset($config['countries'][$new_country])) {
 		$errors[] = 'Country is not correct.';
+	}
 
 	if(empty($errors)) {
 		//save data from form
@@ -39,7 +40,14 @@ if(isset($_POST['changeinfosave']) && $_POST['changeinfosave'] == 1) {
 		$account->location = $new_location;
 		$account->country = $new_country;
 		$account->save();
-		$account_logged->logAction('Changed Real Name to <b>' . $new_rlname . '</b>, Location to <b>' . $new_location . '</b> and Country to <b>' . $config['countries'][$new_country] . '</b>.');
+
+		$log = 'Changed Real Name to <b>' . $new_rlname . '</b>, Location to <b>' . $new_location . '</b>';
+		if(setting('core.account_country')) {
+			$log .= ' and Country to <b>' . $config['countries'][$new_country] . '</b>';
+		}
+		$log .= '.';
+
+		$account_logged->logAction($log);
 		$twig->display('success.html.twig', array(
 			'title' => 'Public Information Changed',
 			'description' => 'Your public information has been changed.'
@@ -68,7 +76,7 @@ if($show_form) {
 			$countries[$code] = $country;
 	}
 
-	$twig->display('account.change_info.html.twig', array(
+	$twig->display('account.change-info.html.twig', array(
 		'countries' => $countries ?? [],
 		'account_rlname' => $account_rlname,
 		'account_location' => $account_location,

system/pages/account/change-password.php

@@ -21,7 +21,7 @@ $new_password = $_POST['newpassword'] ?? NULL;
 $new_password_confirm = $_POST['newpassword_confirm'] ?? NULL;
 $old_password = $_POST['oldpassword'] ?? NULL;
 if(empty($new_password) && empty($new_password_confirm) && empty($old_password)) {
-	$twig->display('account.change_password.html.twig');
+	$twig->display('account.change-password.html.twig');
 }
 else
 {
@@ -52,7 +52,7 @@ else
 		$twig->display('error_box.html.twig', array('errors' => $errors));
 
 		//show form
-		$twig->display('account.change_password.html.twig');
+		$twig->display('account.change-password.html.twig');
 	}
 	else {
 		$org_pass = $new_password;

system/pages/account/characters/change-comment.php

@@ -14,7 +14,7 @@ use MyAAC\Models\Player;
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Change Comment';
-require __DIR__ . '/base.php';
+require PAGES . 'account/base.php';
 
 if(!$logged) {
 	return;
@@ -68,7 +68,7 @@ if($show_form) {
 	}
 
 	if(isset($player) && $player) {
-		$twig->display('account.change_comment.html.twig', array(
+		$twig->display('account.characters.change-comment.html.twig', array(
 			'player' => $player->toArray()
 		));
 	}

system/pages/account/characters/change-name.php

@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Change Name';
-require __DIR__ . '/base.php';
+require PAGES . 'account/base.php';
 
 if(!$logged) {
 	return;
@@ -109,7 +109,7 @@ else
 			$twig->display('error_box.html.twig', array('errors' => $errors));
 		}
 
-		$twig->display('account.change_name.html.twig', array(
+		$twig->display('account.characters.change-name.html.twig', array(
 			'points' => $points,
 			'errors' => $errors
 			//'account_players' => $account_logged->getPlayersList()

system/pages/account/characters/change-sex.php

@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Change Sex';
-require __DIR__ . '/base.php';
+require PAGES . 'account/base.php';
 
 if(!$logged) {
 	return;
@@ -88,7 +88,7 @@ else
 		if(!empty($errors)) {
 			$twig->display('error_box.html.twig', array('errors' => $errors));
 		}
-		$twig->display('account.change_sex.html.twig', array(
+		$twig->display('account.characters.change-sex.html.twig', array(
 			'players' => $account_logged->getPlayersList(false),
 			'player_sex' => isset($player) ? $player->getSex() : -1,
 			'points' => $points

system/pages/account/characters/create.php

@@ -14,7 +14,7 @@ use MyAAC\CreateCharacter;
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Create Character';
-require __DIR__ . '/base.php';
+require PAGES . 'account/base.php';
 
 if(!$logged) {
 	return;
@@ -43,7 +43,7 @@ if(count($errors) > 0) {
 }
 
 if(!$character_created) {
-	$twig->display('account.create_character.html.twig', array(
+	$twig->display('account.characters.create.html.twig', array(
 		'name' => $character_name,
 		'sex' => $character_sex,
 		'vocation' => $character_vocation,

system/pages/account/characters/delete.php

@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Delete Character';
-require __DIR__ . '/base.php';
+require PAGES . 'account/base.php';
 
 if(!$logged) {
 	return;
@@ -93,5 +93,5 @@ if($show_form) {
 		$twig->display('error_box.html.twig', array('errors' => $errors));
 	}
 
-	$twig->display('account.delete_character.html.twig');
+	$twig->display('account.characters.delete.html.twig');
 }

system/pages/account/confirm-email.php

@@ -25,16 +25,20 @@ if(!Account::where('email_hash', $hash)->exists()) {
 }
 else
 {
-	if (Account::where('email_hash', $hash)->where('email_verified', 0)->exists()) {
-		$query = $query->fetch(PDO::FETCH_ASSOC);
+	$accountModel = Account::where('email_hash', $hash)->where('email_verified', 0)->first();
+	if ($accountModel) {
+		$accountModel->email_verified = 1;
+		$accountModel->save();
+
+		success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this. You can now <a href=' . getLink('account/manage') . '>log in</a>.');
+
 		$account = new OTS_Account();
-		$account->load($query['id']);
+		$account->load($accountModel->id);
 		if ($account->isLoaded()) {
 			$hooks->trigger(HOOK_EMAIL_CONFIRMED, ['account' => $account]);
 		}
 	}
-
-	Account::where('email_hash', $hash)->update('email_verified', 1);
-	success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.');
+	else {
+		error('Link has expired.');
+	}
 }
-?>

system/pages/account/create.php

@@ -227,7 +227,7 @@ if($save)
 			$hash = md5(generateRandomString(16, true, true) . $email);
 			$new_account->setCustomField('email_hash', $hash);
 
-			$verify_url = getLink('account/confirm_email/' . $hash);
+			$verify_url = getLink('account/confirm-email/' . $hash);
 			$body_html = $twig->render('mail.account.verify.html.twig', array(
 				'account' => $tmp_account,
 				'verify_url' => generateLink($verify_url, $verify_url, true)
@@ -236,6 +236,9 @@ if($save)
 			if(_mail($email, 'New account on ' . $config['lua']['serverName'], $body_html))
 			{
 				echo 'Your account has been created.<br/><br/>';
+
+				warning("Before you can login - you need to verify your E-Mail. The verification link has been sent to $email. If the message is not coming - remember to check the SPAM folder.");
+
 				$twig->display('success.html.twig', array(
 					'title' => 'Account Created',
 					'description' => 'Your account ' . $account_type . ' is <b>' . $tmp_account . '</b><br/>You will need the account ' . $account_type . ' and your password to play on ' . configLua('serverName') . '.
@@ -252,15 +255,6 @@ if($save)
 		}
 		else
 		{
-			if(setting('core.account_create_character_create')) {
-				// character creation
-				$character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors);
-				if (!$character_created) {
-					error('There was an error creating your character. Please create your character later in account management page.');
-					error(implode(' ', $errors));
-				}
-			}
-
 			if(setting('core.account_create_auto_login')) {
 				if ($hasBeenCreatedByEMail) {
 					$_POST['account_login'] = $email;
@@ -311,6 +305,15 @@ if($save)
 			}
 		}
 
+		if(setting('core.account_create_character_create')) {
+			// character creation
+			$character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors);
+			if (!$character_created) {
+				error('There was an error creating your character. Please create your character later in account management page.');
+				error(implode(' ', $errors));
+			}
+		}
+
 		return;
 	}
 }

system/pages/account/login.php

@@ -9,16 +9,17 @@
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = 'Login';
 
 // new login with data from form
-if(!$logged && isset($_POST['account_login'], $_POST['password_login']))
+if($logged || !isset($_POST['account_login']) || !isset($_POST['password_login'])) {
+	return;
+}
+
+$login_account = $_POST['account_login'];
+$login_password = $_POST['password_login'];
+$remember_me = isset($_POST['remember_me']);
+if(!empty($login_account) && !empty($login_password))
 {
-	$login_account = $_POST['account_login'];
-	$login_password = $_POST['password_login'];
-	$remember_me = isset($_POST['remember_me']);
-	if(!empty($login_account) && !empty($login_password))
-	{
 	if($cache->enabled())
 	{
 		$tmp = '';
@@ -59,6 +60,10 @@ if(!$logged && isset($_POST['account_login'], $_POST['password_login']))
 		&& (!isset($t) || $t['attempts'] < 5)
 	)
 	{
+		if (setting('core.account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) {
+			$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.';
+		}
+		else {
 			session_regenerate_id();
 			setSession('account', $account_logged->getId());
 			setSession('password', encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password));
@@ -82,6 +87,7 @@ if(!$logged && isset($_POST['account_login'], $_POST['password_login']))
 
 			$hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me));
 		}
+	}
 	else
 	{
 		$hooks->trigger(HOOK_LOGIN_ATTEMPT, array('account' => $login_account, 'password' => $login_password, 'remember_me' => $remember_me));
@@ -114,12 +120,11 @@ if(!$logged && isset($_POST['account_login'], $_POST['password_login']))
 			$errors[] = $errorMessage;
 		}
 	}
-	}
-	else {
+}
+else {
 	$errors[] = 'Please enter your ' . getAccountLoginByLabel() . ' and password.';
 
 	$hooks->trigger(HOOK_LOGIN_ATTEMPT, array('account' => $login_account, 'password' => $login_password, 'remember_me' => $remember_me));
-	}
-
-	$hooks->trigger(HOOK_ACCOUNT_LOGIN_POST);
 }
+
+$hooks->trigger(HOOK_ACCOUNT_LOGIN_POST);

system/pages/account/lost.php

@@ -55,7 +55,7 @@ elseif($action == 'step1' && $action_type == 'email')
 				</TD></TR></FORM></TABLE></TABLE>';
 			else
 			{
-				$insec = $account->getCustomField('email_next') - time();
+				$insec = (int)$account->getCustomField('email_next') - time();
 				$minutesleft = floor($insec / 60);
 				$secondsleft = $insec - ($minutesleft * 60);
 				$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';
@@ -118,7 +118,7 @@ elseif($action == 'sendcode')
 			}
 			else
 			{
-				$insec = $account->getCustomField('email_next') - time();
+				$insec = (int)$account->getCustomField('email_next') - time();
 				$minutesleft = floor($insec / 60);
 				$secondsleft = $insec - ($minutesleft * 60);
 				$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';

system/pages/account/manage.php

@@ -22,6 +22,12 @@ if(isset($_REQUEST['redirect']))
 {
 	$redirect = urldecode($_REQUEST['redirect']);
 
+	// should never happen, unless hacker modify the URL
+	if (!str_contains($redirect, BASE_URL)) {
+		error('Fatal error: Cannot redirect outside the website.');
+		return;
+	}
+
 	$twig->display('account.redirect.html.twig', array(
 		'redirect' => $redirect
 	));
@@ -46,7 +52,7 @@ if(empty($recovery_key))
 else
 {
 	if(setting('core.account_generate_new_reckey') && setting('core.mail_enabled'))
-		$account_registered = '<b><span style="color: green">Yes ( <a href="' . getLink('account/register/new') . '"> Buy new Recovery Key </a> )</span></b>';
+		$account_registered = '<b><span style="color: green">Yes ( <a href="' . getLink('account/register-new') . '"> Buy new Recovery Key </a> )</span></b>';
 	else
 		$account_registered = '<b><span style="color: green">Yes</span></b>';
 }

system/pages/account/redirect.php

@@ -12,6 +12,12 @@ defined('MYAAC') or die('Direct access not allowed!');
 
 $redirect = urldecode($_REQUEST['redirect']);
 
+// should never happen, unless hacker modify the URL
+if (!str_contains($redirect, BASE_URL)) {
+	error('Fatal error: Cannot redirect outside the website.');
+	return;
+}
+
 $twig->display('account.redirect.html.twig', array(
 	'redirect' => $redirect
 ));

system/pages/characters.php

@@ -8,6 +8,9 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Models\PlayerDeath;
+
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Characters';
 
@@ -199,7 +202,7 @@ if($player->isLoaded() && !$player->isDeleted())
 		unset($storage);
 	}
 
-	if($config['characters']['equipment'] && $db->hasTable('player_items') && $db->hasColumn('player_items', 'pid') && $db->hasColumn('player_items', 'sid') && $db->hasColumn('player_items', 'itemtype')) {
+	if($db->hasTable('player_items') && $db->hasColumn('player_items', 'pid') && $db->hasColumn('player_items', 'sid') && $db->hasColumn('player_items', 'itemtype')) {
 		$eq_sql = $db->query('SELECT `pid`, `itemtype` FROM player_items WHERE player_id = '.$player->getId().' AND (`pid` >= 1 and `pid` <= 10)');
 		$equipment = array();
 		foreach($eq_sql as $eq)
@@ -322,20 +325,39 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 
 	$frags = array();
 	$frag_add_content = '';
-	if($config['characters']['frags'] && $db->hasTable('killers')) {
+	if ($config['characters']['frags']) {
+		$frags_limit = 10; // frags limit to show? // default: 10
+
+		if ($db->hasTable('killers')) {
 			//frags list by Xampy
 			$i = 0;
-		$frags_limit = 10; // frags limit to show? // default: 10
-		$player_frags = $db->query('SELECT `player_deaths`.*, `players`.`name`, `killers`.`unjustified` FROM `player_deaths` LEFT JOIN `killers` ON `killers`.`death_id` = `player_deaths`.`id` LEFT JOIN `player_killers` ON `player_killers`.`kill_id` = `killers`.`id` LEFT JOIN `players` ON `players`.`id` = `player_deaths`.`player_id` WHERE `player_killers`.`player_id` = '.$player->getId().' ORDER BY `date` DESC LIMIT 0,'.$frags_limit.';')->fetchAll();
-		if(count($player_frags)) {
+			$player_frags = $db->query('SELECT `player_deaths`.*, `players`.`name`, `killers`.`unjustified` FROM `player_deaths` LEFT JOIN `killers` ON `killers`.`death_id` = `player_deaths`.`id` LEFT JOIN `player_killers` ON `player_killers`.`kill_id` = `killers`.`id` LEFT JOIN `players` ON `players`.`id` = `player_deaths`.`player_id` WHERE `player_killers`.`player_id` = ' . $player->getId() . ' ORDER BY `date` DESC LIMIT 0,' . $frags_limit . ';')->fetchAll();
+			if (count($player_frags)) {
 				$row_count = 0;
-			foreach($player_frags as $frag)
-			{
+				foreach ($player_frags as $frag) {
 					$description = 'Fragged <a href="' . getPlayerLink($frag['name'], false) . '">' . $frag['name'] . '</a> at level ' . $frag['level'];
 					$frags[] = array('time' => $frag['date'], 'description' => $description, 'unjustified' => $frag['unjustified'] != 0);
 				}
 			}
 		}
+		else if($db->hasTable('player_deaths') && $db->hasColumn('player_deaths', 'killed_by')) {
+			$i = 0;
+			$player_frags = PlayerDeath::where('player_deaths.killed_by', $player->getName())
+				->join('players', 'players.id', '=', 'player_deaths.player_id')
+				->limit($frags_limit)
+				->selectRaw('players.name, player_deaths.*')
+				->orderBy('player_deaths.time', 'DESC')
+				->get();
+
+			if ($player_frags->count()) {
+				$row_count = 0;
+				foreach ($player_frags as $frag) {
+					$description = 'Fragged <a href="' . getPlayerLink($frag->name, false) . '">' . $frag->name . '</a> at level ' . $frag->level;
+					$frags[] = array('time' => $frag->time, 'description' => $description, 'unjustified' => $frag->unjustified != 0);
+				}
+			}
+		}
+	}
 
 	// signature
 	if(setting('core.signature_enabled')) {

system/pages/forum/edit_post.php

@@ -19,7 +19,7 @@ if ($ret === false) {
 }
 
 if(!$logged) {
-	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . BASE_URL . urlencode(getLink('forum')) . '">Log in</a> to post on the forum.<br /><br />';
+	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . urlencode(getLink('forum')) . '">Log in</a> to post on the forum.<br /><br />';
 	return;
 }
 

system/pages/forum/move_thread.php

@@ -19,7 +19,7 @@ if ($ret === false) {
 }
 
 if(!$logged) {
-	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . BASE_URL . urlencode(getLink('forum')) . '">Log in</a> to post on the forum.<br /><br />';
+	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . urlencode(getLink('forum')) . '">Log in</a> to post on the forum.<br /><br />';
 	return;
 }
 

system/pages/forum/new_post.php

@@ -24,7 +24,7 @@ if(!$logged) {
 		$extra_url = '?action=new_post&thread_id=' . $_GET['thread_id'];
 	}
 
-	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . BASE_URL . urlencode(getLink('forum') . $extra_url) . '">Log in</a> to post on the forum.<br /><br />';
+	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . urlencode(getLink('forum') . $extra_url) . '">Log in</a> to post on the forum.<br /><br />';
 	return;
 }
 

system/pages/forum/new_thread.php

@@ -24,7 +24,7 @@ if(!$logged) {
 		$extra_url = '?action=new_thread&section_id=' . $_GET['section_id'];
 	}
 
-	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . BASE_URL . urlencode(getLink('forum') . $extra_url) . '">Log in</a> to post on the forum.<br /><br />';
+	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . urlencode(getLink('forum') . $extra_url) . '">Log in</a> to post on the forum.<br /><br />';
 	return;
 }
 

system/pages/forum/remove_post.php

@@ -19,7 +19,7 @@ if ($ret === false) {
 }
 
 if(!$logged) {
-	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . BASE_URL . urlencode(getLink('forum')) . '">Log in</a> to post on the forum.<br /><br />';
+	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . urlencode(getLink('forum')) . '">Log in</a> to post on the forum.<br /><br />';
 	return;
 }
 

system/pages/forum/show_thread.php

@@ -60,7 +60,7 @@ foreach($posts as &$post) {
 	}
 
 	if($config['characters']['outfit']) {
-		$post['outfit'] = setting('core.outfit_images_url') . '?id=' . $player->getLookType() . ($lookaddons ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet();
+		$post['outfit'] = $player->getOutfit();
 	}
 
 	$groupName = '';

system/pages/guilds/cleanup_guilds.php

@@ -23,9 +23,15 @@ $guilds_list = new OTS_Guilds_List();
 $guilds_list->init();
 if(count($guilds_list) > 0)
 {
+	/**
+	 * @var OTS_Guild $guild
+	 */
 	foreach($guilds_list as $guild)
 	{
 		$error = 0;
+		/**
+		 * @var OTS_Player $leader
+		 */
 		$leader = $guild->getOwner();
 		if($leader->isLoaded())
 		{

system/pages/guilds/cleanup_players.php

@@ -40,7 +40,7 @@ if(count($players_list) > 0)
 				if(!$rank_guild->isLoaded())
 				{
 					$player->setRank();
-					$player->setGuildNick();
+					$player->setGuildNick('');
 					$changed_ranks_of[] = $player->getName();
 					$deleted_ranks[] = 'ID: '.$player_rank->getId().' - '.$player_rank->getName();
 					$player_rank->delete();

system/pages/guilds/create.php

@@ -10,6 +10,8 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
+use MyAAC\Models\GuildRank;
+
 require __DIR__ . '/base.php';
 
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
@@ -113,22 +115,40 @@ if(isset($todo) && $todo == 'save')
 	$new_guild->setOwner($player);
 	$new_guild->save();
 	$new_guild->setCustomField('description', setting('core.guild_description_default'));
-	//$new_guild->setCustomField('creationdata', time());
+
+	if ($db->hasTable('guild_ranks')) {
+		if (!GuildRank::where('guild_id', $new_guild->getId())->first()) {
+			$ranks = [
+				['level' => 3, 'name' => 'the Leader'],
+				['level' => 2, 'name' => 'a Vice-Leader'],
+				['level' => 1, 'name' => 'a Member'],
+			];
+
+			foreach ($ranks as $rank) {
+				GuildRank::create([
+					'guild_id' => $new_guild->getId(),
+					'name' => $rank['name'],
+					'level' => $rank['level'],
+				]);
+			}
+		}
+	}
+
 	$ranks = $new_guild->getGuildRanksList();
 	$ranks->orderBy('level', POT::ORDER_DESC);
 	foreach($ranks as $rank) {
+		/**
+		 * @var OTS_GuildRank $rank
+		 */
 		if($rank->getLevel() == 3) {
 			$player->setRank($rank);
 		}
 	}
+
 	$twig->display('guilds.create.success.html.twig', array(
 		'guild_name' => $guild_name,
 		'leader_name' => $player->getName()
 	));
-
-	/*$db->exec('INSERT INTO `guild_ranks` (`id`, `guild_id`, `name`, `level`) VALUES (null, '.$new_guild->getId().', "the Leader", 3)');
-	$db->exec('INSERT INTO `guild_ranks` (`id`, `guild_id`, `name`, `level`) VALUES (null, '.$new_guild->getId().', "a Vice-Leader", 2)');
-	$db->exec('INSERT INTO `guild_ranks` (`id`, `guild_id`, `name`, `level`) VALUES (null, '.$new_guild->getId().', "a Member", 1)');*/
 }
 else {
 	sort($array_of_player_nig);

system/pages/guilds/list.php

@@ -19,6 +19,9 @@ $guilds_list->orderBy("name");
 $guilds = array();
 if(count($guilds_list) > 0)
 {
+	/**
+	 * @var OTS_Guild $guild
+	 */
 	foreach ($guilds_list as $guild) {
 		$guild_logo = $guild->getCustomField('logo_name');
 		if (empty($guild_logo) || !file_exists(GUILD_IMAGES_DIR . $guild_logo))

system/pages/guilds/show.php

@@ -142,9 +142,7 @@ if($logged && count($invited_list) > 0)
 	}
 }
 
-$useGuildNick = false;
-if($db->hasColumn('players', 'guildnick'))
-	$useGuildNick = true;
+$useGuildNick = $db->hasTable('guild_members') || $db->hasTable('guild_membership') || $db->hasColumn('players', 'guildnick');
 
 $twig->display('guilds.view.html.twig', array(
 	'logo' => $guild_logo,
@@ -160,7 +158,6 @@ $twig->display('guilds.view.html.twig', array(
 	'level_in_guild' => $level_in_guild,
 	'isLeader' => $guild_leader,
 	'isVice' => $guild_vice,
-	'logged' => $logged,
 	'invited_list' => $invited_list,
 	'show_accept_invite' => $show_accept_invite,
 	'useGuildNick' => $useGuildNick

system/pages/highscores.php

@@ -182,7 +182,7 @@ if (empty($highscores)) {
 		if ($db->hasTable('player_killers')) {
 			$query->addSelect(['value' => PlayerKillers::where('player_killers.player_id', 'players.id')->selectRaw('COUNT(*)')]);
 		} else {
-			$query->addSelect(['value' => PlayerDeath::unjustified()->where('player_deaths.killed_by', 'players.name')->selectRaw('COUNT(*)')]);
+			$query->addSelect(['value' => PlayerDeath::unjustified()->whereColumn('player_deaths.killed_by', 'players.name')->selectRaw('COUNT(*)')]);
 		}
 	} else if ($skill == SKILL_BALANCE) // balance
 	{

system/pages/last-kills.php

@@ -39,13 +39,13 @@ else {
 						if($i == 1) {
 							if($count <= 4)
 								$killers_string .= 'killed';
-							else if($count > 4 and $count < 10)
+							else if($count < 10)
 								$killers_string .= 'slain';
-							else if($count > 9 and $count < 15)
+							else if($count < 15)
 								$killers_string .= 'crushed';
-							else if($count > 14 and $count < 20)
+							else if($count < 20)
 								$killers_string .= 'eliminated';
-							else if($count > 19)
+							else
 								$killers_string .= 'annihilated';
 							$killers_string .= ' at level <b>' . $death['level'] . '</b> ';
 						} else if($i == $count)

system/pages/monsters.php

@@ -39,9 +39,12 @@ if (empty($_REQUEST['name'])) {
 
 // display monster
 $monster_name = urldecode(stripslashes(ucwords(strtolower($_REQUEST['name']))));
-$monster = Monster::where('hide', '!=', 1)->where('name', $monster_name)->first()->toArray();
+$monsterModel = Monster::where('hide', '!=', 1)->where('name', $monster_name)->first();
+
+if ($monsterModel && isset($monsterModel->name)) {
+	/** @var array $monster */
+	$monster = $monsterModel->toArray();
 
-if (isset($monster['name'])) {
 	function sort_by_chance($a, $b)
 	{
 		if ($a['chance'] == $b['chance']) {
@@ -79,7 +82,7 @@ if (isset($monster['name'])) {
 	));
 
 } else {
-	echo "Monster with name <b>" . $monster_name . "</b> doesn't exist.";
+	echo "Monster with name <b>" . htmlspecialchars($monster_name) . "</b> doesn't exist.";
 }
 
 // back button

system/pages/polls.php

@@ -51,7 +51,7 @@ function getColorByPercent($percent)
 					if($logged)
 						echo $link.'?id='.$poll['id'];
 					else
-						echo getLink('account/manage') . '?redirect=' . BASE_URL . urlencode($link.'?id='.$poll['id']);
+						echo getLink('account/manage') . '?redirect=' . urlencode($link.'?id='.$poll['id']);
 
 					echo '">'.$poll['question'] . '</a>
 				</td>
@@ -80,7 +80,7 @@ function getColorByPercent($percent)
 					if($logged)
 						echo $link.'?id='.$poll['id'];
 					else
-						echo getLink('account/manage') . '?redirect=' . BASE_URL . urlencode($link.'?id='.$poll['id']);
+						echo getLink('account/manage') . '?redirect=' . urlencode($link.'?id='.$poll['id']);
 
 					echo '">'.$poll['question'] . '</a>
 				</td>

system/router.php

@@ -91,35 +91,67 @@ if($logged && $account_logged && $account_logged->isLoaded()) {
 $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r) {
 	$routes = require SYSTEM . 'routes.php';
 
-	$isAlreadyDefined = [];
-
-	$routesTmp = [];
+	$routesFinal = [];
 	foreach(getDatabasePages() as $page) {
-		$isAlreadyDefined[$page] = true;
-		$routesTmp[] = ['*', $page, '__database__/' . $page, true];
+		$routesFinal[] = ['*', $page, '__database__/' . $page, 100];
 	}
 
 	Plugins::clearWarnings();
 	foreach (Plugins::getRoutes() as $route) {
-		if(!isset($isAlreadyDefined[$route[1]])) {
-			$isAlreadyDefined[$route[1]] = true;
-			$routesTmp[] = [$route[0], $route[1], $route[2]];
-		}
+		$routesFinal[] = [$route[0], $route[1], $route[2], $route[3] ?? 1000];
+/*
+		echo '<pre>';
+		var_dump($route[1], $route[3], $route[2]);
+		echo '/<pre>';
+*/
 	}
 
 	foreach ($routes as $route) {
-		if(!isset($isAlreadyDefined[$route[1]])) {
-			if (strpos($route[2], '__redirect__') === false && strpos($route[2], '__database__') === false) {
-				$routesTmp[] = [$route[0], $route[1], 'system/pages/' . $route[2]];
+		if (!str_contains($route[2], '__redirect__') && !str_contains($route[2], '__database__')) {
+			$routesFinal[] = [$route[0], $route[1], 'system/pages/' . $route[2], $route[3] ?? 10000];
 		}
 		else {
-				$routesTmp[] = [$route[0], $route[1], $route[2]];
-			}
+			$routesFinal[] = [$route[0], $route[1], $route[2], $route[3] ?? 10000];
 		}
 	}
 
-	//var_dump($routesTmp);
-	foreach ($routesTmp as $route) {
+	// sort required for the next step (filter)
+	usort($routesFinal, function ($a, $b)
+	{
+		// key 3 is priority
+		if ($a[3] == $b[3]) {
+			return 0;
+		}
+
+		return ($a[3] < $b[3]) ? -1 : 1;
+	});
+
+	// remove duplicates
+	// if same route pattern, but different priority
+	$routesFinal = array_filter($routesFinal, function ($a) {
+		$aliases = [
+			[':int', ':string', ':alphanum'],
+			[':\d+', ':[A-Za-z0-9-_%+\' ]+', ':[A-Za-z0-9]+'],
+		];
+
+		// apply aliases
+		$a[1] = str_replace($aliases[0], $aliases[1], $a[1]);
+
+		static $duplicates = [];
+		if (isset($duplicates[$a[1]])) {
+			return false;
+		}
+
+		$duplicates[$a[1]] = true;
+		return true;
+	});
+/*
+	echo '<pre>';
+	var_dump($routesFinal);
+	echo '</pre>';
+	die;
+*/
+	foreach ($routesFinal as $route) {
 		if ($route[0] === '*') {
 			$route[0] = ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'HEAD'];
 		}
@@ -236,7 +268,7 @@ else {
 				// parse for define PAGE
 				$tmp = BASE_DIR;
 				$uri = $_SERVER['REQUEST_URI'];
-				if (!empty($tmp)) {
+				if (strlen($tmp) > 0) {
 					$uri = str_replace(BASE_DIR . '/', '', $uri);
 				}
 

system/routes.php

@@ -11,50 +11,56 @@ defined('MYAAC') or die('Direct access not allowed!');
 
 return [
 	['GET', '', 'news.php'], // empty URL = show news
-	['GET', 'news/archive/{id:int}[/]', 'news/archive.php'],
-	['GET', 'news/{id:int}[/]', 'news/archive.php'],
+	['GET', 'news/archive/{id:int}', 'news/archive.php'],
+	['GET', 'news/{id:int}', 'news/archive.php'],
 
 	// block access to some files
-	['*', 'account/base[/]', '404.php'], // this is to block account/base.php
-	['*', 'forum/base[/]', '404.php'],
-	['*', 'guilds/base[/]', '404.php'],
+	['*', 'account/base', '404.php', 10], // this is to block account/base.php
+	['*', 'forum/base', '404.php', 10],
+	['*', 'guilds/base', '404.php', 10],
 
-	[['GET', 'POST'], 'account/password[/]', 'account/change_password.php'],
-	[['GET', 'POST'], 'account/register/new[/]', 'account/register_new.php'],
-	[['GET', 'POST'], 'account/email[/]', 'account/change_email.php'],
-	[['GET', 'POST'], 'account/info[/]', 'account/change_info.php'],
-	[['GET', 'POST'], 'account/character/create[/]', 'account/create_character.php'],
-	[['GET', 'POST'], 'account/character/name[/]', 'account/change_name.php'],
-	[['GET', 'POST'], 'account/character/sex[/]', 'account/change_sex.php'],
-	[['GET', 'POST'], 'account/character/delete[/]', 'account/delete_character.php'],
-	[['GET', 'POST'], 'account/character/comment[/{name:[A-Za-z0-9-_%+\']+}]', 'account/change_comment.php'],
-	['GET', 'account/confirm_email/{hash:alphanum}[/]', 'account/confirm_email.php'],
+	['GET', 'account/confirm-email/{hash:alphanum}', 'account/confirm-email.php'],
 
-	['GET', 'bans/{page:int}[/]', 'bans.php'],
+	['GET', 'bans/{page:int}', 'bans.php'],
 	[['GET', 'POST'], 'characters[/{name:string}]', 'characters.php'],
 	['GET', 'changelog[/{page:int}]', 'changelog.php'],
 	[['GET', 'POST'], 'monsters[/{name:string}]', 'monsters.php'],
 
 	[['GET', 'POST'], 'faq[/{action:string}]', 'faq.php'],
 
-	[['GET', 'POST'], 'forum/{action:string}[/]', 'forum.php'],
-	['GET', 'forum/board/{id:int}[/]', 'forum/show_board.php'],
-	['GET', 'forum/board/{id:int}/{page:[0-9]+}[/]', 'forum/show_board.php'],
-	['GET', 'forum/thread/{id:int}[/]', 'forum/show_thread.php'],
-	['GET', 'forum/thread/{id:int}/{page:int}[/]', 'forum/show_thread.php'],
+	[['GET', 'POST'], 'forum/{action:string}', 'forum.php'],
+	['GET', 'forum/board/{id:int}', 'forum/show_board.php'],
+	['GET', 'forum/board/{id:int}/{page:[0-9]+}', 'forum/show_board.php'],
+	['GET', 'forum/thread/{id:int}', 'forum/show_thread.php'],
+	['GET', 'forum/thread/{id:int}/{page:int}', 'forum/show_thread.php'],
 
-	['GET', 'gallery/{image:int}[/]', 'gallery.php'],
-	[['GET', 'POST'], 'gallery/{action:string}[/]', 'gallery.php'],
+	['GET', 'gallery/{image:int}', 'gallery.php'],
+	[['GET', 'POST'], 'gallery/{action:string}', 'gallery.php'],
 
-	[['GET', 'POST'], 'guilds/{guild:string}[/]', 'guilds/show.php'],
+	[['GET', 'POST'], 'guilds/{guild:string}', 'guilds/show.php'],
 
-	['GET', 'highscores/{list:alphanum}/{vocation:alphanum}/{page:int}[/]', 'highscores.php'],
-	['GET', 'highscores/{list:alphanum}/{page:int}[/]', 'highscores.php'],
-	['GET', 'highscores/{list:alphanum}/{vocation:alphanum}[/]', 'highscores.php'],
-	['GET', 'highscores/{list:alphanum}[/]', 'highscores.php'],
+	['GET', 'highscores/{list:alphanum}/{vocation:alphanum}/{page:int}', 'highscores.php'],
+	['GET', 'highscores/{list:alphanum}/{page:int}', 'highscores.php'],
+	['GET', 'highscores/{list:alphanum}/{vocation:alphanum}', 'highscores.php'],
+	['GET', 'highscores/{list:alphanum}', 'highscores.php'],
 /*
-	'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
 	'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
 	'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
 	'/^houses\/view\/?$/' => array('subtopic' => 'houses', 'page' => 'view')*/
+
+	/**
+	 * Deprecated
+	 * To be removed in next versions
+	 * Kept just for compatibility
+	 */
+	[['GET', 'POST'], 'account/password', 'account/change-password.php'],
+	[['GET', 'POST'], 'account/register/new', 'account/register-new.php'],
+	[['GET', 'POST'], 'account/email', 'account/change-email.php'],
+	[['GET', 'POST'], 'account/info', 'account/change-info.php'],
+	[['GET', 'POST'], 'account/character/create', 'account/characters/create.php'],
+	[['GET', 'POST'], 'account/character/name', 'account/characters/change-name.php'],
+	[['GET', 'POST'], 'account/character/sex', 'account/characters/change-sex.php'],
+	[['GET', 'POST'], 'account/character/delete', 'account/characters/delete.php'],
+	[['GET', 'POST'], 'account/character/comment[/{name:string}]', 'account/characters/change-comment.php'],
+	['GET', 'account/confirm_email/{hash:alphanum}', 'account/confirm-email.php'],
 ];

system/settings.php

@@ -735,7 +735,7 @@ Sent by MyAAC,<br/>
 			'name' => 'Name Min Length',
 			'type' => 'number',
 			'desc' => '',
-			'default' => 4,
+			'default' => 3,
 		],
 		'create_character_name_max_length' => [
 			'name' => 'Name Max Length',

system/src/CreateCharacter.php

@@ -149,9 +149,9 @@ class CreateCharacter
 		if(empty($errors))
 		{
 			$char_to_copy_name = config('character_samples')[$vocation];
-			$char_to_copy = new \OTS_Player();
-			$char_to_copy->find($char_to_copy_name);
-			if(!$char_to_copy->isLoaded())
+			$playerSample = new \OTS_Player();
+			$playerSample->find($char_to_copy_name);
+			if(!$playerSample->isLoaded())
 				$errors[] = 'Wrong characters configuration. Try again or contact with admin. ADMIN: Go to Admin Panel -> Settings -> Create Character and set valid characters to copy names. Character to copy: <b>'.$char_to_copy_name.'</b> doesn\'t exist.';
 		}
 
@@ -162,72 +162,72 @@ class CreateCharacter
 		global $db;
 
 		if($sex == "0")
-			$char_to_copy->setLookType(136);
+			$playerSample->setLookType(136);
 
 		$player = new \OTS_Player();
 		$player->setName($name);
 		$player->setAccount($account);
 		$player->setGroupId(1);
 		$player->setSex($sex);
-		$player->setVocation($char_to_copy->getVocation());
+		$player->setVocation($playerSample->getVocation());
 		if($db->hasColumn('players', 'promotion'))
-			$player->setPromotion($char_to_copy->getPromotion());
+			$player->setPromotion($playerSample->getPromotion());
 
 		if($db->hasColumn('players', 'direction'))
-			$player->setDirection($char_to_copy->getDirection());
+			$player->setDirection($playerSample->getDirection());
 
-		$player->setConditions($char_to_copy->getConditions());
-		$rank = $char_to_copy->getRank();
+		$player->setConditions($playerSample->getConditions());
+		$rank = $playerSample->getRank();
 		if($rank->isLoaded()) {
-			$player->setRank($char_to_copy->getRank());
+			$player->setRank($playerSample->getRank());
 		}
 
 		if($db->hasColumn('players', 'lookaddons'))
-			$player->setLookAddons($char_to_copy->getLookAddons());
+			$player->setLookAddons($playerSample->getLookAddons());
 
 		$player->setTownId($town);
-		$player->setExperience($char_to_copy->getExperience());
-		$player->setLevel($char_to_copy->getLevel());
-		$player->setMagLevel($char_to_copy->getMagLevel());
-		$player->setHealth($char_to_copy->getHealth());
-		$player->setHealthMax($char_to_copy->getHealthMax());
-		$player->setMana($char_to_copy->getMana());
-		$player->setManaMax($char_to_copy->getManaMax());
-		$player->setManaSpent($char_to_copy->getManaSpent());
-		$player->setSoul($char_to_copy->getSoul());
+		$player->setExperience($playerSample->getExperience());
+		$player->setLevel($playerSample->getLevel());
+		$player->setMagLevel($playerSample->getMagLevel());
+		$player->setHealth($playerSample->getHealth());
+		$player->setHealthMax($playerSample->getHealthMax());
+		$player->setMana($playerSample->getMana());
+		$player->setManaMax($playerSample->getManaMax());
+		$player->setManaSpent($playerSample->getManaSpent());
+		$player->setSoul($playerSample->getSoul());
 
 		for($skill = \POT::SKILL_FIRST; $skill <= \POT::SKILL_LAST; $skill++) {
 			$value = 10;
 			if (setting('core.use_character_sample_skills')) {
-				$value = $char_to_copy->getSkill($skill);
+				$value = $playerSample->getSkill($skill);
 			}
 
 			$player->setSkill($skill, $value);
 		}
 
-		$player->setLookBody($char_to_copy->getLookBody());
-		$player->setLookFeet($char_to_copy->getLookFeet());
-		$player->setLookHead($char_to_copy->getLookHead());
-		$player->setLookLegs($char_to_copy->getLookLegs());
-		$player->setLookType($char_to_copy->getLookType());
-		$player->setCap($char_to_copy->getCap());
+		$player->setLookBody($playerSample->getLookBody());
+		$player->setLookFeet($playerSample->getLookFeet());
+		$player->setLookHead($playerSample->getLookHead());
+		$player->setLookLegs($playerSample->getLookLegs());
+		$player->setLookType($playerSample->getLookType());
+		$player->setCap($playerSample->getCap());
 		$player->setBalance(0);
 		$player->setPosX(0);
 		$player->setPosY(0);
 		$player->setPosZ(0);
 
 		if($db->hasColumn('players', 'stamina')) {
-			$player->setStamina($char_to_copy->getStamina());
+			$player->setStamina($playerSample->getStamina());
 		}
 
 		if($db->hasColumn('players', 'loss_experience')) {
-			$player->setLossExperience($char_to_copy->getLossExperience());
-			$player->setLossMana($char_to_copy->getLossMana());
-			$player->setLossSkills($char_to_copy->getLossSkills());
+			$player->setLossExperience($playerSample->getLossExperience());
+			$player->setLossMana($playerSample->getLossMana());
+			$player->setLossSkills($playerSample->getLossSkills());
 		}
 		if($db->hasColumn('players', 'loss_items')) {
-			$player->setLossItems($char_to_copy->getLossItems());
-			$player->setLossContainers($char_to_copy->getLossContainers());
+			$player->setLossItems($playerSample->getLossItems());
+			$player->setLossContainers($playerSample->getLossContainers());
 		}
 
 		$player->save();
@@ -245,7 +245,7 @@ class CreateCharacter
 			for($skill = \POT::SKILL_FIRST; $skill <= \POT::SKILL_LAST; $skill++) {
 				$value = 10;
 				if (setting('core.use_character_sample_skills')) {
-					$value = $char_to_copy->getSkill($skill);
+					$value = $playerSample->getSkill($skill);
 				}
 				$skillExists = $db->query('SELECT `skillid` FROM `player_skills` WHERE `player_id` = ' . $player->getId() . ' AND `skillid` = ' . $skill);
 				if($skillExists->rowCount() <= 0) {
@@ -255,7 +255,7 @@ class CreateCharacter
 		}
 
 		if ($db->hasTable('player_items') && $db->hasColumn('player_items', 'pid') && $db->hasColumn('player_items', 'sid') && $db->hasColumn('player_items', 'itemtype')) {
-			$loaded_items_to_copy = $db->query("SELECT * FROM player_items WHERE player_id = ".$char_to_copy->getId()."");
+			$loaded_items_to_copy = $db->query("SELECT * FROM player_items WHERE player_id = ".$playerSample->getId()."");
 			foreach($loaded_items_to_copy as $save_item) {
 				$blob = $db->quote($save_item['attributes']);
 				$db->query("INSERT INTO `player_items` (`player_id` ,`pid` ,`sid` ,`itemtype`, `count`, `attributes`) VALUES ('".$player->getId()."', '".$save_item['pid']."', '".$save_item['sid']."', '".$save_item['itemtype']."', '".$save_item['count']."', $blob);");
@@ -267,6 +267,7 @@ class CreateCharacter
 			[
 				'account' => $account,
 				'player' => $player,
+				'playerSample' => $playerSample,
 				'name' => $name,
 				'sex' => $sex,
 				'vocation' => $vocation,

system/src/CsrfToken.php

@@ -25,7 +25,7 @@ class CsrfToken
 	 *
 	 * @access public
 	 * @static true
-	 * @return void
+	 * @return string
 	 **/
 	public static function create(bool $return = false): string {
 		$input = '<input type="hidden" name="csrf_token" value="' . self::get() . '" />';

system/src/Models/Changelog.php

@@ -4,6 +4,14 @@ namespace MyAAC\Models;
 
 use Illuminate\Database\Eloquent\Model;
 
+/**
+ * @property int $id
+ * @property int $type
+ * @property int $where
+ * @property string $body
+ * @property int $player_id
+ * @property int $date
+ */
 class Changelog extends Model {
 
 	protected $table = TABLE_PREFIX . 'changelog';

system/src/Models/GuildRank.php

@@ -9,6 +9,8 @@ class GuildRank extends Model {
 
 	public $timestamps = false;
 
+	protected $fillable = ['guild_id', 'name', 'level'];
+
 	public function guild()
 	{
 		return $this->belongsTo(Guild::class);

system/src/Models/Pages.php

@@ -3,6 +3,13 @@
 namespace MyAAC\Models;
 use Illuminate\Database\Eloquent\Model;
 
+/**
+ * @property int $id
+ * @property string $name
+ * @property string $title
+ * @property int $php
+ * @property int $hide
+ */
 class Pages extends Model {
 
 	protected $table = TABLE_PREFIX . 'pages';

system/src/Models/Settings.php

@@ -3,6 +3,11 @@
 namespace MyAAC\Models;
 use Illuminate\Database\Eloquent\Model;
 
+/**
+ * @property string $name
+ * @property string $key
+ * @property string $value
+ */
 class Settings extends Model {
 
 	protected $table = TABLE_PREFIX . 'settings';

system/src/Plugins.php

@@ -23,18 +23,15 @@ class Plugins {
 
 		$routes = [];
 		foreach(self::getAllPluginsJson() as $plugin) {
-			$pluginPages = glob(PLUGINS . $plugin['filename'] . '/pages/*.php');
-			foreach ($pluginPages as $file) {
-				$file = str_replace(PLUGINS, 'plugins/', $file);
-				$name = pathinfo($file, PATHINFO_FILENAME);
-
-				$routes[] = [['get', 'post'], $name, $file, 1000];
+			$routesDefaultPriority = 1000;
+			if (isset($plugin['routes-default-priority'])) {
+				$routesDefaultPriority = $plugin['routes-default-priority'];
 			}
 
 			$warningPreTitle = 'Plugin: ' . $plugin['name'] . ' - ';
 
 			if (isset($plugin['routes'])) {
-				foreach ($plugin['routes'] as $_name => $info) {
+				foreach ($plugin['routes'] as $info) {
 					// default method: get
 					$method = $info['method'] ?? ['GET'];
 					if ($method !== '*') {
@@ -51,7 +48,7 @@ class Plugins {
 					}
 
 					if (!isset($info['priority'])) {
-						$info['priority'] = 100; // default priority
+						$info['priority'] = $routesDefaultPriority; // default priority taken from plugin.json
 					}
 
 					if (isset($info['redirect_from'])) {
@@ -70,24 +67,60 @@ class Plugins {
 					// replace first occurrence of / in pattern if found (will be auto-added later)
 					removeIfFirstSlash($info['pattern']);
 
-					foreach ($routes as $id => &$route) {
-						if($route[1] == $info['pattern']) {
-							if($info['priority'] < $route[3]) {
-								self::$warnings[] = $warningPreTitle . "Duplicated route with lower priority: {$info['pattern']}. Disabling this route...";
-								continue 2;
+					$routes[] = [$methods, $info['pattern'], $info['file'], $info['priority']];
+				}
+			}
+
+			$pagesDefaultPriority = 1000;
+			if (isset($plugin['pages-default-priority'])) {
+				$pagesDefaultPriority = $plugin['pages-default-priority'];
+			}
+
+			if (self::getAutoLoadOption($plugin, 'pages', true)) {
+				//
+				// Get all plugins/*/pages/*.php pages
+				//
+				$pluginPages = glob(PLUGINS . $plugin['filename'] . '/pages/*.php');
+				foreach ($pluginPages as $file) {
+					$file = str_replace(PLUGINS, 'plugins/', $file);
+					$name = pathinfo($file, PATHINFO_FILENAME);
+
+					$routes[] = [['get', 'post'], $name, $file, $pagesDefaultPriority];
+				}
+			}
+
+			if (self::getAutoLoadOption($plugin, 'pagesSubFolders', true)) {
+				//
+				// Get all plugins/*/pages/subFolder/*.php pages
+				//
+				$pluginPagesSubFolders = glob(PLUGINS . $plugin['filename'] . '/pages/*', GLOB_ONLYDIR);
+				foreach ($pluginPagesSubFolders as $folder) {
+					$folderName = pathinfo($folder, PATHINFO_FILENAME);
+
+					$subFiles = glob(PLUGINS . $plugin['filename'] . '/pages/' . $folderName . '/*.php');
+					foreach ($subFiles as $file) {
+						$file = str_replace(PLUGINS, 'plugins/', $file);
+						$name = $folderName . '/' . pathinfo($file, PATHINFO_FILENAME);
+
+						$routes[] = [['get', 'post'], $name, $file, $pagesDefaultPriority];
+					}
+
+					$subFolders = glob(PLUGINS . $plugin['filename'] . '/pages/' . $folderName . '/*', GLOB_ONLYDIR);
+					foreach ($subFolders as $subFolder) {
+						$subFolderName = pathinfo($subFolder, PATHINFO_FILENAME);
+						$subSubFiles = glob(PLUGINS . $plugin['filename'] . '/pages/' . $folderName . '/' . $subFolderName . '/*.php');
+
+						foreach ($subSubFiles as $subSubFile) {
+							$subSubFile = str_replace(PLUGINS, 'plugins/', $subSubFile);
+							$name = $folderName . '/' . $subFolderName . '/' . pathinfo($subSubFile, PATHINFO_FILENAME);
+
+							$routes[] = [['get', 'post'], $name, $subSubFile, $pagesDefaultPriority];
+						}
 					}
-							else {
-								self::$warnings[] = $warningPreTitle . "Duplicated route with lower priority: {$route[1]} ({$route[3]}). Disabling this route...";
-								unset($routes[$id]);
 				}
 			}
 		}
 
-					$routes[] = [$methods, $info['pattern'], $info['file'], $info['priority']];
-				}
-			}
-		}
-		/*
 		usort($routes, function ($a, $b)
 		{
 			// key 3 is priority
@@ -95,14 +128,14 @@ class Plugins {
 				return 0;
 			}
 
-					return ($a[3] > $b[3]) ? -1 : 1;
+			return ($a[3] < $b[3]) ? -1 : 1;
 		});
-		*/
+
 		// cleanup before passing back
 		// priority is not needed anymore
-		foreach ($routes as &$route) {
-			unset($route[3]);
-		}
+		//foreach ($routes as &$route) {
+		//	unset($route[3]);
+		//}
 
 		if ($cache->enabled()) {
 			$cache->set('plugins_routes', serialize($routes), 600);
@@ -123,6 +156,10 @@ class Plugins {
 
 		$themes = [];
 		foreach(self::getAllPluginsJson() as $plugin) {
+			if (!self::getAutoLoadOption($plugin, 'themes', true)) {
+				continue;
+			}
+
 			$pluginThemes = glob(PLUGINS . $plugin['filename'] . '/themes/*', GLOB_ONLYDIR);
 			foreach ($pluginThemes as $path) {
 				$path = str_replace(PLUGINS, 'plugins/', $path);
@@ -151,6 +188,10 @@ class Plugins {
 
 		$commands = [];
 		foreach(self::getAllPluginsJson() as $plugin) {
+			if (!self::getAutoLoadOption($plugin, 'commands', true)) {
+				continue;
+			}
+
 			$pluginCommands = glob(PLUGINS . $plugin['filename'] . '/commands/*.php');
 			foreach ($pluginCommands as $path) {
 				$commands[] = $path;
@@ -178,13 +219,19 @@ class Plugins {
 		foreach(self::getAllPluginsJson() as $plugin) {
 			if (isset($plugin['hooks'])) {
 				foreach ($plugin['hooks'] as $_name => $info) {
+					$priority = 1000;
+
 					if (str_contains($info['type'], 'HOOK_')) {
 						$info['type'] = str_replace('HOOK_', '', $info['type']);
 					}
 
+					if (isset($info['priority'])) {
+						$priority = (int)$info['priority'];
+					}
+
 					if (defined('HOOK_'. $info['type'])) {
 						$hook = constant('HOOK_'. $info['type']);
-						$hooks[] = ['name' => $_name, 'type' => $hook, 'file' => $info['file']];
+						$hooks[] = ['name' => $_name, 'type' => $hook, 'file' => $info['file'], 'priority' => $priority];
 					} else {
 						self::$warnings[] = 'Plugin: ' . $plugin['name'] . '. Unknown event type: ' . $info['type'];
 					}
@@ -192,6 +239,15 @@ class Plugins {
 			}
 		}
 
+		usort($hooks, function ($a, $b)
+		{
+			if ($a['priority'] == $b['priority']) {
+				return 0;
+			}
+
+			return ($a['priority'] < $b['priority']) ? -1 : 1;
+		});
+
 		if ($cache->enabled()) {
 			$cache->set('plugins_hooks', serialize($hooks), 600);
 		}
@@ -757,4 +813,21 @@ class Plugins {
 			}
 		}
 	}
+
+	private static function getAutoLoadOption(array $plugin, string $optionName, bool $default = true)
+	{
+		if (isset($plugin['autoload'])) {
+			$autoload = $plugin['autoload'];
+			if (is_array($autoload)) {
+				if (isset($autoload[$optionName])) {
+					return getBoolean($autoload[$optionName]);
+				}
+			}
+			else if (is_bool($autoload)) {
+				return $autoload;
+			}
+		}
+
+		return $default;
+	}
 }

system/src/Settings.php

@@ -382,6 +382,8 @@ class Settings implements \ArrayAccess
 		}
 
 		$this->settingsDatabase[$pluginKeyName][$key] = $value;
+		// invalidate cache
+		unset($this->cache[$offset]);
 	}
 
 	#[\ReturnTypeWillChange]

system/src/Towns.php

@@ -124,6 +124,6 @@ class Towns
 	 */
 	public static function getFromDatabase()
 	{
-		return Town::pluck('name', 'id')->toArray();
+		return Town::orderBy('id', 'ASC')->pluck('name', 'id')->toArray();
 	}
 }

system/src/Twig/Extension/TypeCastingExtension.php

@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace MyAAC\Twig\Extension;
+
+use Twig\Extension\AbstractExtension;
+use Twig\TwigFilter;
+
+final class TypeCastingExtension extends AbstractExtension
+{
+	/** @return array<int, TwigFilter> */
+	public function getFilters(): array
+	{
+		return [
+			new TwigFilter('int', function ($value) {
+				return (int)$value;
+			}),
+			new TwigFilter('float', function ($value) {
+				return (float)$value;
+			}),
+			new TwigFilter('string', function ($value) {
+				return (string)$value;
+			}),
+			new TwigFilter('bool', function ($value) {
+				return (bool)$value;
+			}),
+			new TwigFilter('array', function (object $value) {
+				return (array)$value;
+			}),
+			new TwigFilter('object', function (array $value) {
+				return (object)$value;
+			}),
+		];
+	}
+}

system/src/Validator.php

@@ -141,8 +141,8 @@ class Validator
 	 * Validate account password
 	 * Name lenght must be 3-32 chars
 	 *
-	 * @param string $name Account name to check
-	 * @return bool Is account name valid?
+	 * @param string $password Password to check
+	 * @return bool Is password valid?
 	 */
 	public static function password($password)
 	{

system/src/global.php

@@ -54,6 +54,11 @@ define('HOOK_ACCOUNT_LOGIN_AFTER_REMEMBER_ME', ++$i);
 define('HOOK_ACCOUNT_LOGIN_AFTER_PAGE', ++$i);
 define('HOOK_ACCOUNT_LOGIN_POST', ++$i);
 define('HOOK_ACCOUNT_CREATE_CHARACTER_AFTER', ++$i);
+define('HOOK_ACCOUNT_CREATE_CHARACTER_BEFORE_FIRST_TABLE', ++$i);
+define('HOOK_ACCOUNT_CREATE_CHARACTER_BEFORE_VOCATIONS', ++$i);
+define('HOOK_ACCOUNT_CREATE_CHARACTER_BEFORE_TOWNS', ++$i);
+define('HOOK_ACCOUNT_CREATE_CHARACTER_AFTER_TOWNS', ++$i);
+define('HOOK_ACCOUNT_CREATE_CHARACTER_AFTER_SECOND_TABLE', ++$i);
 define('HOOK_ADMIN_HEAD_END', ++$i);
 define('HOOK_ADMIN_HEAD_START', ++$i);
 define('HOOK_ADMIN_BODY_START', ++$i);
@@ -74,6 +79,8 @@ define('HOOK_GUILDS_AFTER_GUILD_MEMBERS', ++$i);
 define('HOOK_GUILDS_AFTER_INVITED_CHARACTERS', ++$i);
 define('HOOK_TWIG', ++$i);
 define('HOOK_CACHE_CLEAR', ++$i);
+define('HOOK_INSTALL_FINISH', ++$i);
+define('HOOK_INSTALL_FINISH_END', ++$i);
 
 const HOOK_FIRST = HOOK_STARTUP;
 define('HOOK_LAST', $i);

system/status.php

@@ -102,6 +102,9 @@ if($status_interval && $status_timeout < $status_interval) {
 	$status_timeout = $status_interval;
 }
 
+/**
+ * @var int $status_timeout
+ */
 if($status['lastCheck'] + $status_timeout < time()) {
 	updateStatus();
 }

system/template.php

@@ -171,8 +171,6 @@ function get_template_menus() {
 	$new_menus = array();
 	/**
 	 * @var array $configMenuCategories
-	 * @var int $id
-	 * @var array $options
 	 */
 	$configMenuCategories = config('menu_categories');
 	if($configMenuCategories === null) {

system/templates/account.change-email.html.twig

@@ -0,0 +1,54 @@
+Please enter your password and the new email address. Make sure that you enter a valid email address which you have access to. <br/><b>For security reasons, the actual change will be finalised after a waiting period of {{ setting('core.account_mail_change') }} days.</b><br/><br/>
+{% set title = 'Change Email Address' %}
+{% set background = config('darkborder') %}
+{% set content %}
+	<table style="width:100%;">
+		<tr>
+			<td class="LabelV" >
+				<span>New Email Address:</span>
+			</td>
+			<td style="width:90%;">
+				<input form="form" name="new_email" value="{% if new_email is defined %}{{ new_email }}{% endif %}" size="30" maxlength="50" autofocus/>
+			</td>
+		</tr>
+		<tr>
+			<td class="LabelV">
+				<span >Password:</span>
+			</td>
+			<td>
+				<input form="form" type="password" name="password" size="30" maxlength="29">
+			</td>
+		</tr>
+	</table>
+{% endset %}
+{% include 'tables.headline.html.twig' %}
+<br/>
+<table style="width:100%;">
+	<tr align="center">
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0">
+				<tr>
+					<td style="border:0px;">
+						<form id="form" action="{{ getLink('account/change-email') }}" method="post">
+							{{ csrf() }}
+							<input type="hidden" name="changeemailsave" value="1"/>
+							{{ include('buttons.submit.html.twig') }}
+						</form>
+					</td>
+				<tr>
+			</table>
+		</td>
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0">
+				<form action="{{ getLink('account/manage') }}" method="post">
+					{{ csrf() }}
+					<tr>
+						<td style="border:0px;">
+							{{ include('buttons.back.html.twig') }}
+						</td>
+					</tr>
+				</form>
+			</table>
+		</td>
+	</tr>
+</table>

system/templates/account.change-info.html.twig

@@ -0,0 +1,84 @@
+Here you can tell other players about yourself. This information will be displayed alongside the data of your characters. If you do not want to fill in a certain field, just leave it blank.<br/><br/>
+{% set title = 'Change Public Information' %}
+{% set background = config('darkborder') %}
+{% set content %}
+<table style="width: 100%;" >
+	<tr>
+		<td class="LabelV">Real Name:</td>
+		<td style="width:90%;" >
+			<input form="form" name="info_rlname" value="{{ account_rlname }}" size="30" maxlength="50" >
+		</td>
+	</tr>
+	<tr>
+		<td class="LabelV" >Location:</td>
+		<td>
+			<input form="form" name="info_location" value="{{ account_location }}" size="30" maxlength="50" >
+		</td>
+	</tr>
+	{% if setting('core.account_country') %}
+	<tr>
+		<td class="LabelV">Country:</td>
+		<td>
+			<select form="form" name="info_country" id="account_country">
+				{% for code, country in countries %}
+				<option value="{{ code}}"{% if account_country == code %} selected{% endif %}>{{ country }} </option>
+				{% endfor %}
+			</select>
+			<img src="" id="account_country_img"/>
+			<script>
+				function updateFlag()
+				{
+					var img = $('#account_country_img');
+					var country = $('#account_country :selected').val();
+					if(country.length) {
+						img.attr('src', 'images/flags/' + country + '.gif');
+						img.show();
+					}
+					else {
+						img.hide();
+					}
+				}
+
+				$(function() {
+					updateFlag();
+					$('#account_country').change(function() {
+						updateFlag();
+					});
+				});
+			</script>
+		</td>
+	</tr>
+	{% endif %}
+</table>
+{% endset %}
+{% include 'tables.headline.html.twig' %}
+<br/>
+<table width="100%">
+	<tr align="center">
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0" >
+				<tr>
+					<td style="border:0px;" >
+						<form id="form" action="{{ getLink('account/change-info') }}" method="post">
+							{{ csrf() }}
+							<input type="hidden" name="changeinfosave" value="1">
+							{{ include('buttons.submit.html.twig') }}
+						</form>
+					</td>
+				</tr>
+			</table>
+		</td>
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0" >
+				<tr>
+					<td style="border:0px;" >
+						<form action="{{ getLink('account/manage') }}" method="post" >
+							{{ csrf() }}
+							{{ include('buttons.back.html.twig') }}
+						</form>
+					</td>
+				</tr>
+			</table>
+		</td>
+	</tr>
+</table>

system/templates/account.change-password.html.twig

@@ -0,0 +1,62 @@
+Please enter your current password and a new password. For your security, please enter the new password twice.<br/>
+<br/>
+{% set title = 'Change Password' %}
+{% set background = config('darkborder') %}
+{% set content %}
+<table style="width:100%;">
+	<tr>
+		<td class="LabelV">
+			<span>New Password:</span>
+		</td>
+		<td style="width:90%;">
+			<input form="form" type="password" name="newpassword" size="30" maxlength="29">
+		</td>
+	</tr>
+	<tr>
+		<td class="LabelV">
+			<span>New Password Again:</span>
+		</td>
+		<td>
+			<input form="form" type="password" name="newpassword_confirm" size="30" maxlength="29">
+		</td>
+	</tr>
+	<tr>
+		<td class="LabelV">
+			<span>Current Password:</span>
+		</td>
+		<td>
+			<input form="form" type="password" name="oldpassword" size="30" maxlength="29">
+		</td>
+	</tr>
+</table>
+{% endset %}
+{% include 'tables.headline.html.twig' %}
+<br/>
+<table style="width:100%;">
+	<tr align="center">
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0">
+				<tr>
+					<td style="border:0px;">
+						<form id="form" action="{{ getLink('account/change-password') }}" method="post">
+							{{ csrf() }}
+							{{ include('buttons.submit.html.twig') }}
+						</form>
+					</td>
+				<tr>
+			</table>
+		</td>
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0">
+				<tr>
+					<td style="border:0px;">
+						<form action="{{ getLink('account/manage') }}" method="post">
+							{{ csrf() }}
+							{{ include('buttons.back.html.twig') }}
+						</form>
+					</td>
+				</tr>
+			</table>
+		</td>
+	</tr>
+</table>

system/templates/account.change_info.html.twig

@@ -1,102 +0,0 @@
-Here you can tell other players about yourself. This information will be displayed alongside the data of your characters. If you do not want to fill in a certain field, just leave it blank.<br/><br/>
-<form action="{{ getLink('account/info') }}" method="post">
-	{{ csrf() }}
-	<div class="TableContainer" >
-		<table class="Table1" cellpadding="0" cellspacing="0" >
-			<div class="CaptionContainer" >
-				<div class="CaptionInnerContainer" >
-					<span class="CaptionEdgeLeftTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-					<span class="CaptionEdgeRightTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-					<span class="CaptionBorderTop" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);" ></span>
-					<span class="CaptionVerticalLeft" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);" /></span>
-					<div class="Text" >Change Public Information</div>
-					<span class="CaptionVerticalRight" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);" /></span>
-					<span class="CaptionBorderBottom" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);" ></span>
-					<span class="CaptionEdgeLeftBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-					<span class="CaptionEdgeRightBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-				</div>
-			</div>
-			<tr>
-				<td>
-					<div class="InnerTableContainer" >
-						<table style="width:100%;" >
-							<tr>
-								<td class="LabelV" >Real Name:</td>
-								<td style="width:90%;" >
-									<input name="info_rlname" value="{{ account_rlname }}" size="30" maxlength="50" >
-								</td>
-							</tr>
-							<tr>
-								<td class="LabelV" >Location:</td>
-								<td>
-									<input name="info_location" value="{{ account_location }}" size="30" maxlength="50" >
-								</td>
-							</tr>
-							{% if setting('core.account_country') %}
-							<tr>
-								<td class="LabelV" >Country:</td>
-								<td>
-									<select name="info_country" id="account_country">
-										{% for code, country in countries %}
-										<option value="{{ code}}"{% if account_country == code %} selected{% endif %}>{{ country }} </option>
-										{% endfor %}
-									</select>
-									<img src="" id="account_country_img"/>
-									<script>
-										function updateFlag()
-										{
-											var img = $('#account_country_img');
-											var country = $('#account_country :selected').val();
-											if(country.length) {
-												img.attr('src', 'images/flags/' + country + '.gif');
-												img.show();
-											}
-											else {
-												img.hide();
-											}
-										}
-
-										$(function() {
-											updateFlag();
-											$('#account_country').change(function() {
-												updateFlag();
-											});
-										});
-									</script>
-								</td>
-							</tr>
-							{% endif %}
-						</table>
-					</div>
-				</td>
-			</tr>
-		</table>
-	</div>
-	<br/>
-	<table width="100%">
-		<tr align="center">
-			<td>
-				<table border="0" cellspacing="0" cellpadding="0" >
-					<tr>
-						<td style="border:0px;" >
-							<input type="hidden" name="changeinfosave" value="1">
-								{{ include('buttons.submit.html.twig') }}
-						</td>
-					</tr>
-				</table>
-			</td>
-			<td>
-</form>
-				<table border="0" cellspacing="0" cellpadding="0" >
-					<form action="{{ getLink('account/manage') }}" method="post" >
-						{{ csrf() }}
-						<tr>
-							<td style="border:0px;" >
-								{{ include('buttons.back.html.twig') }}
-							</td>
-						</tr>
-					</form>
-				</table>
-			</td>
-		</tr>
-	</table>

system/templates/account.change_mail.html.twig

@@ -1,72 +0,0 @@
-Please enter your password and the new email address. Make sure that you enter a valid email address which you have access to. <br/><b>For security reasons, the actual change will be finalised after a waiting period of {{ setting('core.account_mail_change') }} days.</b><br/><br/>
-<form action="{{ getLink('account/email') }}" method="post">
-	{{ csrf() }}
-<div class="TableContainer">
-	<table class="Table1" cellpadding="0" cellspacing="0">
-		<div class="CaptionContainer">
-			<div class="CaptionInnerContainer" >
-				<span class="CaptionEdgeLeftTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-				<span class="CaptionEdgeRightTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-				<span class="CaptionBorderTop" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);"></span>
-				<span class="CaptionVerticalLeft" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
-				<div class="Text" >Change Email Address</div>
-				<span class="CaptionVerticalRight" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
-				<span class="CaptionBorderBottom" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);"></span>
-				<span class="CaptionEdgeLeftBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-				<span class="CaptionEdgeRightBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-			</div>
-		</div>
-		<tr>
-			<td>
-				<div class="InnerTableContainer">
-					<table style="width:100%;">
-						<tr>
-							<td class="LabelV" >
-								<span >New Email Address:</span>
-							</td>
-							<td style="width:90%;">
-								<input name="new_email" value="{% if new_email is defined %}{{ new_email }}{% endif %}" size="30" maxlength="50" autofocus/>
-							</td>
-						</tr>
-						<tr>
-							<td class="LabelV">
-								<span >Password:</span>
-							</td>
-							<td>
-								<input type="password" name="password" size="30" maxlength="29">
-							</td>
-						</tr>
-					</table>
-				</div>
-			</td>
-		</tr>
-	</table>
-</div>
-<br/>
-<table style="width:100%;">
-	<tr align="center">
-		<td>
-			<table border="0" cellspacing="0" cellpadding="0">
-				<tr>
-					<td style="border:0px;">
-						<input type="hidden" name="changeemailsave" value="1"/>
-						{{ include('buttons.submit.html.twig') }}
-					</td>
-				<tr>
-			</table>
-		</td>
-</form>
-		<td>
-			<table border="0" cellspacing="0" cellpadding="0">
-				<form action="{{ getLink('account/manage') }}" method="post">
-					{{ csrf() }}
-					<tr>
-						<td style="border:0px;">
-							{{ include('buttons.back.html.twig') }}
-						</td>
-					</tr>
-				</form>
-			</table>
-		</td>
-	</tr>
-</table>

system/templates/account.change_name.html.twig

@@ -1,79 +0,0 @@
-To change a name of character select player and choose a new name.<br/>
-<span style="color: red">Change name cost {{ setting('core.account_change_character_name_price') }} {{ setting('core.donate_column') == 'coins' ? 'coins' : 'premium points' }}. You have {{ points }} {{ setting('core.donate_column') == 'coins' ? 'coins' : 'premium points' }}.</span><br/><br/>
-<form action="{{ getLink('account/character/name') }}" method="post">
-	{{ csrf() }}
-	<input type="hidden" name="changenamesave" value="1">
-	<div class="TableContainer">
-		<table class="Table1" cellpadding="0" cellspacing="0">
-			<div class="CaptionContainer">
-				<div class="CaptionInnerContainer" >
-					<span class="CaptionEdgeLeftTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-					<span class="CaptionEdgeRightTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-					<span class="CaptionBorderTop" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);"></span>
-					<span class="CaptionVerticalLeft" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
-					<div class="Text" >Change Name</div>
-					<span class="CaptionVerticalRight" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
-					<span class="CaptionBorderBottom" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);"></span>
-					<span class="CaptionEdgeLeftBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-					<span class="CaptionEdgeRightBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-				</div>
-			</div>
-			<tr>
-				<td>
-					<div class="InnerTableContainer" >
-						<table style="width:100%;" >
-							<tr>
-                                <td class="LabelV" ><span>Character:</span></td>
-								<td style="width:90%;" >
-									<select name="player_id">
-										{% for player in account_logged.getPlayersList(false) %}
-										<option value="{{ player.getId() }}">{{ player.getName() }}</option>
-										{% endfor %}
-									</select>
-								</td>
-							</tr>
-							<tr>
-                                <td class="LabelV" ><span>New Name:</span></td>
-								<td>
-									<input type="text" name="name" id="character_name" size="25" maxlength="25" >
-									<img id="character_indicator" src="images/global/general/{% if not save or errors|length > 0 %}n{% endif %}ok.gif" />
-									<br/>
-									<span style="font-size: 10px">
-										<div id="character_error">Please enter your character name.</div>
-									</span>
-								</td>
-							</tr>
-						</table>
-					</div>
-				</td>
-			</tr>
-		</table>
-	</div>
-	<br/>
-	<table style="width:100%" >
-		<tr align="center">
-			<td>
-				<table border="0" cellspacing="0" cellpadding="0">
-					<tr>
-						<td style="border:0px;">
-							{{ include('buttons.submit.html.twig') }}
-						</td>
-					</tr>
-</form>
-				</table>
-			</td>
-			<td>
-				<table border="0" cellspacing="0" cellpadding="0">
-					<form action="{{ getLink('account/manage') }}" method="post">
-						{{ csrf() }}
-						<tr>
-							<td style="border:0px;">
-								{{ include('buttons.back.html.twig') }}
-							</td>
-						</tr>
-					</form>
-				</table>
-			</td>
-		</tr>
-	</table>
-<script type="text/javascript" src="tools/check_name.js"></script>

system/templates/account.change_password.html.twig

@@ -1,80 +0,0 @@
-Please enter your current password and a new password. For your security, please enter the new password twice.<br/>
-<br/>
-<form action="{{ getLink('account/password') }}" method="post">
-	{{ csrf() }}
-	<div class="TableContainer">
-		<table class="Table1" cellpadding="0" cellspacing="0">
-			<div class="CaptionContainer">
-				<div class="CaptionInnerContainer">
-					<span class="CaptionEdgeLeftTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-					<span class="CaptionEdgeRightTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-					<span class="CaptionBorderTop" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);"></span>
-					<span class="CaptionVerticalLeft" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
-					<div class="Text" >Change Password</div>
-					<span class="CaptionVerticalRight" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
-					<span class="CaptionBorderBottom" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);"></span>
-					<span class="CaptionEdgeLeftBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-					<span class="CaptionEdgeRightBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-				</div>
-			</div>
-			<tr>
-				<td>
-					<div class="InnerTableContainer">
-						<table style="width:100%;">
-							<tr>
-								<td class="LabelV">
-									<span>New Password:</span>
-								</td>
-								<td style="width:90%;">
-									<input type="password" name="newpassword" size="30" maxlength="29">
-								</td>
-							</tr>
-							<tr>
-								<td class="LabelV">
-									<span>New Password Again:</span>
-								</td>
-								<td>
-									<input type="password" name="newpassword_confirm" size="30" maxlength="29">
-								</td>
-							</tr>
-							<tr>
-								<td class="LabelV">
-									<span>Current Password:</span>
-								</td>
-								<td>
-									<input type="password" name="oldpassword" size="30" maxlength="29">
-								</td>
-							</tr>
-						</table>
-					</div>
-				</td>
-			</tr>
-		</table>
-	</div>
-	<br/>
-	<table style="width:100%;">
-		<tr align="center">
-			<td>
-				<table border="0" cellspacing="0" cellpadding="0">
-					<tr>
-						<td style="border:0px;">
-							{{ include('buttons.submit.html.twig') }}
-						</td>
-					<tr>
-				</table>
-			</td>
-</form>
-			<td>
-				<table border="0" cellspacing="0" cellpadding="0">
-					<form action="{{ getLink('account/manage') }}" method="post">
-						{{ csrf() }}
-						<tr>
-							<td style="border:0px;">
-								{{ include('buttons.back.html.twig') }}
-							</td>
-						</tr>
-					</form>
-				</table>
-			</td>
-		</tr>
-	</table>

system/templates/account.change_sex.html.twig

@@ -1,78 +0,0 @@
-To change a sex of character select player and choose a new sex.<br/>
-<span style="color: red">Change sex cost {{ setting('core.account_change_character_sex_price') }} {{ setting('core.donate_column') == 'coins' ? 'coins' : 'premium points' }}. You have {{ points }} {{ setting('core.donate_column') == 'coins' ? 'coins' : 'premium points' }}.</span><br/><br/>
-<form action="{{ getLink('account/character/sex') }}" method="post">
-	{{ csrf() }}
-	<input type="hidden" name="changesexsave" value="1"/>
-	<div class="TableContainer">
-		<table class="Table1" cellpadding="0" cellspacing="0">
-			<div class="CaptionContainer">
-				<div class="CaptionInnerContainer">
-					<span class="CaptionEdgeLeftTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-					<span class="CaptionEdgeRightTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-					<span class="CaptionBorderTop" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);"></span>
-					<span class="CaptionVerticalLeft" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
-					<div class="Text" >Change sex</div>
-					<span class="CaptionVerticalRight" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
-					<span class="CaptionBorderBottom" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);" ></span>
-					<span class="CaptionEdgeLeftBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-					<span class="CaptionEdgeRightBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-				</div>
-			</div>
-			<tr>
-				<td>
-					<div class="InnerTableContainer">
-						<table style="width:100%;" >
-							<tr>
-								<td class="LabelV" ><span >Character:</td>
-								<td style="width:90%;" >
-									<select name="player_id">
-										{% for player in players %}
-										<option value="{{ player.getId() }}">{{ player.getName() }}</option>
-										{% endfor %}
-									</select>
-								</td>
-							</tr>
-							<tr>
-								<td class="LabelV" ><span >New Sex:</td>
-								<td>
-									<select name="new_sex">
-										{% for id, gender in config.genders %}
-										<option value="{{ id }}"{% if player_sex == id %} selected{% endif %}>{{ gender }}</option>
-										{% endfor %}
-									</select>
-								</td>
-							</tr>
-						</table>
-					</div>
-				</td>
-			</tr>
-		</table>
-	</div>
-	<br/>
-	<table style="width:100%">
-		<tr align="center">
-			<td>
-				<table border="0" cellspacing="0" cellpadding="0" >
-					<tr>
-						<td style="border:0px;" >
-							{{ include('buttons.submit.html.twig') }}
-						</td>
-					</tr>
-					<tr>
-</form>
-				</table>
-			</td>
-			<td>
-				<table border="0" cellspacing="0" cellpadding="0">
-					<form action="{{ getLink('account/manage') }}" method="post">
-						{{ csrf() }}
-						<tr>
-							<td style="border:0px;" >
-								{{ include('buttons.back.html.twig') }}
-							</td>
-						</tr>
-					</form>
-				</table>
-			</td>
-		</tr>
-	</table>

system/templates/account.characters.change-comment.html.twig

@@ -1,6 +1,6 @@
 Here you can see and edit the information about your character.<br/>
 If you do not want to specify a certain field, just leave it blank.<br/><br/>
-<form action="{{ getLink('account/character/comment') }}" method="post">
+<form action="{{ getLink('account/characters/change-comment') }}" method="post">
 	{{ csrf() }}
 	<div class="TableContainer" >
 		<table class="Table5" cellpadding="0" cellspacing="0">

system/templates/account.characters.change-name.html.twig

@@ -0,0 +1,62 @@
+To change a name of character select player and choose a new name.<br/>
+<span style="color: red">Change name cost {{ setting('core.account_change_character_name_price') }} {{ setting('core.donate_column') == 'coins' ? 'coins' : 'premium points' }}. You have {{ points }} {{ setting('core.donate_column') == 'coins' ? 'coins' : 'premium points' }}.</span><br/><br/>
+
+{% set title = 'Change Name' %}
+{% set background = config('darkborder') %}
+{% set content %}
+<table style="width:100%;" >
+	<tr>
+		<td class="LabelV" ><span>Character:</span></td>
+		<td style="width:90%;" >
+			<select form="form" name="player_id">
+				{% for player in account_logged.getPlayersList(false) %}
+				<option value="{{ player.getId() }}">{{ player.getName() }}</option>
+				{% endfor %}
+			</select>
+		</td>
+	</tr>
+	<tr>
+		<td class="LabelV" ><span>New Name:</span></td>
+		<td>
+			<input form="form" type="text" name="name" id="character_name" size="25" maxlength="25" >
+			<img id="character_indicator" src="images/global/general/{% if not save or errors|length > 0 %}n{% endif %}ok.gif" />
+			<br/>
+			<span style="font-size: 10px">
+				<div id="character_error">Please enter your character name.</div>
+			</span>
+		</td>
+	</tr>
+</table>
+{% endset %}
+{% include 'tables.headline.html.twig' %}
+<br/>
+<table style="width:100%" >
+	<tr align="center">
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0">
+				<tr>
+					<td style="border:0px;">
+						<form id="form" action="{{ getLink('account/characters/change-name') }}" method="post">
+							{{ csrf() }}
+							<input type="hidden" name="changenamesave" value="1">
+							{{ include('buttons.submit.html.twig') }}
+						</form>
+					</td>
+				</tr>
+			</table>
+		</td>
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0">
+				<tr>
+					<td style="border:0px;">
+						<form action="{{ getLink('account/manage') }}" method="post">
+							{{ csrf() }}
+							{{ include('buttons.back.html.twig') }}
+						</form>
+					</td>
+				</tr>
+			</table>
+		</td>
+	</tr>
+</table>
+<script type="text/javascript" src="tools/check_name.js"></script>

system/templates/account.characters.change-sex.html.twig

@@ -0,0 +1,61 @@
+To change a sex of character select player and choose a new sex.<br/>
+<span style="color: red">Change sex cost {{ setting('core.account_change_character_sex_price') }} {{ setting('core.donate_column') == 'coins' ? 'coins' : 'premium points' }}. You have {{ points }} {{ setting('core.donate_column') == 'coins' ? 'coins' : 'premium points' }}.</span>
+<br/><br/>
+{% set title = 'Change sex' %}
+{% set background = config('darkborder') %}
+{% set content %}
+<table style="width:100%;" >
+	<tr>
+		<td class="LabelV" ><span>Character:</span></td>
+		<td style="width:90%;" >
+			<select form="form" name="player_id">
+				{% for player in players %}
+				<option value="{{ player.getId() }}">{{ player.getName() }}</option>
+				{% endfor %}
+			</select>
+		</td>
+	</tr>
+	<tr>
+		<td class="LabelV" ><span>New Sex:</span></td>
+		<td>
+			<select form="form" name="new_sex">
+				{% for id, gender in config.genders %}
+				<option value="{{ id }}"{% if player_sex == id %} selected{% endif %}>{{ gender }}</option>
+				{% endfor %}
+			</select>
+		</td>
+	</tr>
+</table>
+{% endset %}
+{% include 'tables.headline.html.twig' %}
+
+<br/>
+<table style="width:100%">
+	<tr align="center">
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0" >
+				<tr>
+					<td style="border:0px;">
+						<form id="form" action="{{ getLink('account/characters/change-sex') }}" method="post">
+							{{ csrf() }}
+							<input type="hidden" name="changesexsave" value="1"/>
+							{{ include('buttons.submit.html.twig') }}
+						</form>
+					</td>
+				</tr>
+			</table>
+		</td>
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0">
+				<tr>
+					<td style="border:0px;">
+						<form action="{{ getLink('account/manage') }}" method="post">
+							{{ csrf() }}
+							{{ include('buttons.back.html.twig') }}
+						</form>
+					</td>
+				</tr>
+			</table>
+		</td>
+	</tr>
+</table>

system/templates/account.characters.create.html.twig

@@ -0,0 +1,168 @@
+Please choose a name{% if config.character_samples|length > 1 %}, vocation{% endif %}
+{% if config.character_towns|length > 1 %}, town{% endif %}
+ and sex for your character. <br/>
+In any case the name must not violate the naming conventions stated in the <a href="?subtopic=rules" target="_blank" >{{ config.lua.serverName }} Rules</a>, or your character might get deleted or name locked.
+{% if account_logged.getPlayersList(true)|length >= setting('core.characters_per_account') %}
+<b><span style="color: red"> You have maximum number of characters per account on your account. Delete one before you make new.</span></b>
+{% endif %}
+<br/><br/>
+<div class="TableContainer">
+	<table class="Table3" cellpadding="0" cellspacing="0">
+		<div class="CaptionContainer">
+			<div class="CaptionInnerContainer">
+				<span class="CaptionEdgeLeftTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
+				<span class="CaptionEdgeRightTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
+				<span class="CaptionBorderTop" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);"></span>
+				<span class="CaptionVerticalLeft" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
+				<div class="Text" >Create Character</div>
+				<span class="CaptionVerticalRight" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
+				<span class="CaptionBorderBottom" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);"></span>
+				<span class="CaptionEdgeLeftBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
+				<span class="CaptionEdgeRightBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
+			</div>
+		</div>
+		<tr>
+			<td>
+
+				{{ hook('HOOK_ACCOUNT_CREATE_CHARACTER_BEFORE_FIRST_TABLE') }}
+
+				<div class="InnerTableContainer">
+					<table style="width:100%;">
+						<tr>
+							<td>
+								<div class="TableShadowContainerRightTop">
+									<div class="TableShadowRightTop" style="background-image:url({{ template_path }}/images/content/table-shadow-rt.gif);"></div>
+								</div>
+								<div class="TableContentAndRightShadow" style="background-image:url({{ template_path }}/images/content/table-shadow-rm.gif);">
+									<div class="TableContentContainer">
+										<table class="TableContent" width="100%">
+											<tr class="LabelH">
+												<td style="width:50%;">
+													<span>Name</span>
+												</td>
+												<td>
+													<span>Sex</span>
+												</td>
+											</tr>
+											<tr class="Odd">
+												<td>
+													<input form="form" name="name" id="character_name" value="{{ name }}" size="{{ setting('core.create_character_name_max_length') }}" maxlength="{{ setting('core.create_character_name_max_length') }}" >
+													<img id="character_indicator" src="images/global/general/{% if not save or errors.name is defined %}n{% endif %}ok.gif" />
+													<br/>
+													<span style="font-size: 10px">
+														<div id="character_error">{% if not save or errors.name is defined %}Please enter your character name.{% endif %}</div>
+													</span>
+												</td>
+												<td>
+													{% set i = 0 %}
+													{% for id, gender in config.genders|reverse(true) %}
+													{% set i = i + 1 %}
+													<input form="form" type="radio" name="sex" id="sex{{ i }}" value="{{ id }}"{% if sex is not null and sex == id %} checked="checked"{% endif %}
+													><label for="sex{{ i }}">{{ gender|lower }}</label><br/>
+													{% endfor %}
+												</td>
+											</tr>
+										</table>
+									</div>
+								</div>
+							</td>
+						</tr>
+					</table>
+				</div>
+
+				{{ hook('HOOK_ACCOUNT_CREATE_CHARACTER_BEFORE_VOCATION') }}
+
+				<div class="InnerTableContainer">
+					<table style="width: 100%;">
+						<tr>
+							{% if config.character_samples|length > 1 %}
+							<td>
+								<table class="TableContent" width="100%">
+									<tr class="Odd" valign="top">
+										<td width="160"><br/><b>Select your vocation:</b></td>
+										<td>
+											<table class="TableContent" width="100%" >
+												{% for key, sample_char in config.character_samples %}
+												<tr>
+													<td>
+														<input form="form" type="radio" name="vocation" id="vocation{{ key }}" value="{{ key }}"
+														{% if vocation is not null and vocation == key %} checked="checked"{% endif %}>
+														<label for="vocation{{ key }}">{{ config['vocations'][key] }}</label>
+													</td>
+												</tr>
+												{% endfor %}
+											</table>
+										</td>
+									</tr>
+								</table>
+							</td>
+							{% endif %}
+
+							{{ hook('HOOK_ACCOUNT_CREATE_CHARACTER_BEFORE_TOWNS') }}
+
+							{% if config.character_towns|length > 1 %}
+							<td>
+								<table class="TableContent" width="100%">
+									<tr class="Odd" valign="top">
+										<td width="160"><br/><b>Select your city:</b></td>
+										<td>
+											<table class="TableContent" width="100%">
+												{% for town_id in config.character_towns %}
+												<tr>
+													<td>
+														<input form="form" type="radio" name="town" id="town{{ town_id }}" value="{{ town_id }}"
+														{% if town is not null and town == town_id %} checked="checked"{% endif %}>
+														<label for="town{{ town_id }}">{{ config.towns[town_id] }}</label>
+													</td>
+												</tr>
+												{% endfor %}
+											</table>
+										</td>
+									</tr>
+								</table>
+							</td>
+							{% endif %}
+
+							{{ hook('HOOK_ACCOUNT_CREATE_CHARACTER_AFTER_TOWNS') }}
+
+						</tr>
+					</table>
+				</div>
+
+				{{ hook('HOOK_ACCOUNT_CREATE_CHARACTER_AFTER_SECOND_TABLE') }}
+
+			</td>
+		</tr>
+	</table>
+</div>
+<br/>
+<table style="width:100%;">
+	<tr align="center">
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0">
+				<tr>
+					<td style="border:0px;">
+						<form id="form" action="{{ getLink('account/characters/create') }}" method="post">
+							{{ csrf() }}
+							<input type="hidden" name="save" value="1">
+							{{ include('buttons.submit.html.twig') }}
+						</form>
+					</td>
+				</tr>
+			</table>
+		</td>
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0">
+				<tr>
+					<td style="border:0px;">
+						<form action="{{ getLink('account/manage') }}" method="post">
+							{{ csrf() }}
+							{{ include('buttons.back.html.twig') }}
+						</form>
+					</td>
+				</tr>
+			</table>
+		</td>
+	</tr>
+</table>
+<script type="text/javascript" src="tools/check_name.js"></script>

system/templates/account.characters.delete.html.twig

@@ -0,0 +1,50 @@
+To delete a character enter the name of the character and your password.<br/><br/>
+{% set title = 'Delete Character' %}
+{% set background = config('darkborder') %}
+{% set content %}
+<table style="width:100%;">
+	<tr>
+		<td class="LabelV" ><span>Character Name:</span></td>
+		<td style="width:90%;">
+			<input form="form" name="delete_name" value="" size="30" maxlength="29"/>
+		</td>
+	</tr>
+	<tr>
+		<td class="LabelV" ><span>Password:</span></td>
+		<td>
+			<input form="form" type="password" name="delete_password" size="30" maxlength="29"/>
+		</td>
+	</tr>
+</table>
+{% endset %}
+{% include 'tables.headline.html.twig' %}
+<br/>
+<table style="width:100%">
+	<tr align="center">
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0">
+				<tr>
+					<td style="border:0px;">
+						<form id="form" action="{{ getLink('account/characters/delete') }}" method="post">
+							{{ csrf() }}
+							<input type="hidden" name="deletecharactersave" value="1"/>
+							{{ include('buttons.submit.html.twig') }}
+						</form>
+					</td>
+				</tr>
+			</table>
+		</td>
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0">
+				<form action="{{ getLink('account/manage') }}" method="post">
+					{{ csrf() }}
+					<tr>
+						<td style="border:0px;">
+							{{ include('buttons.back.html.twig') }}
+						</td>
+					</tr>
+				</form>
+			</table>
+		</td>
+	</tr>
+</table>

system/templates/account.create.html.twig

@@ -1,24 +1,11 @@
 {{ hook('HOOK_ACCOUNT_CREATE_BEFORE_FORM') }}
 <form action="{{ getLink('account/create') }}" method="post" id="createaccount">
 	{{ csrf() }}
-	<div class="TableContainer" >
-		<table class="Table5" cellpadding="0" cellspacing="0" >
-			<div class="CaptionContainer" >
-				<div class="CaptionInnerContainer" >
-					<span class="CaptionEdgeLeftTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-					<span class="CaptionEdgeRightTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-					<span class="CaptionBorderTop" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);" ></span>
-					<span class="CaptionVerticalLeft" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);" /></span>
-					<div class="Text" >Create {{ config.lua.serverName }} Account</div>
-					<span class="CaptionVerticalRight" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);" /></span>
-					<span class="CaptionBorderBottom" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);" ></span>
-					<span class="CaptionEdgeLeftBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-					<span class="CaptionEdgeRightBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);" /></span>
-				</div>
-			</div>
-			<tr>
-				<td>
-					<div class="InnerTableContainer" >
+
+	{% set title = 'Create ' ~ config.lua.serverName ~ ' Account' %}
+	{% set background = config('darkborder') %}
+	{% set tableClass = 'Table5' %}
+	{% set content %}
 		<table style="width:100%;" >
 			{{ hook('HOOK_ACCOUNT_CREATE_BEFORE_BOXES') }}
 			<tr>
@@ -123,7 +110,7 @@
 
 			{{ hook('HOOK_ACCOUNT_CREATE_BETWEEN_BOXES_1') }}
 
-							{% if (not setting('core.mail_enabled') or not setting('core.account_mail_verify')) and setting('core.account_create_character_create') %}
+			{% if setting('core.account_create_character_create') %}
 			<tr>
 				<td>
 					<div class="TableShadowContainerRightTop">
@@ -303,11 +290,9 @@
 			{{ hook('HOOK_ACCOUNT_CREATE_AFTER_BOXES') }}
 
 		</table>
-					</div>
-				</td>
-			</tr>
-		</table>
-	</div>
+	{% endset %}
+	{% include 'tables.headline.html.twig' %}
+
 	<br/>
 	{{ hook('HOOK_ACCOUNT_CREATE_BEFORE_SUBMIT_BUTTON') }}
 	<table width="100%">

system/templates/account.create.js.html.twig

@@ -3,10 +3,12 @@
 	var lastSend = 0;
 
 	$(function() {
+		{% if setting('core.account_country') %}
 			updateFlag();
 			$('#account_country').change(function() {
 				updateFlag();
 			});
+		{% endif %}
 
 		$('#account_input').blur(function() {
 			checkAccount();