Merge branch 'develop' into feature/app-rewrite

Removed old myaac_admin_menu code
Add logged() + accountLogged() functions

.github/workflows/cypress.yml

@@ -1,9 +1,9 @@
 name: Cypress
 on:
   pull_request:
-    branches: [develop]
+    branches: [main]
   push:
-    branches: [develop]
+    branches: [main]
 
 jobs:
   cypress:
@@ -35,7 +35,7 @@ jobs:
         - name: Checkout MyAAC
           uses: actions/checkout@v4
           with:
-            ref: develop
+            ref: main
 
         - uses: actions/setup-node@v4
           with:

.github/workflows/phplint.yml

@@ -1,9 +1,9 @@
 name: PHP Linting
 on:
   pull_request:
-    branches: [develop]
+    branches: [main]
   push:
-    branches: [develop]
+    branches: [main]
 
 jobs:
   phplint:

.github/workflows/phpstan.yml

@@ -2,9 +2,9 @@ name: "PHPStan"
 
 on:
   pull_request:
-    branches: [develop]
+    branches: [main]
   push:
-    branches: [develop]
+    branches: [main]
 
 jobs:
   tests:
@@ -36,9 +36,8 @@ jobs:
         with:
           path: ${{ steps.composer-cache.outputs.dir }}
           # Use composer.json for key, if composer.lock is not committed.
-          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
-          #key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
-          restore-keys: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
 
       - name: "Install composer dependencies"
         run: "composer install"

.gitignore

@@ -4,10 +4,10 @@ Thumbs.db
 
 #
 /.htaccess
+lua
 
 # composer
 composer.phar
-composer.lock
 vendor
 
 # npm
@@ -76,6 +76,3 @@ landing
 
 # system
 system/functions_custom.php
-
-# others/rest
-system/pages/downloads.php

CHANGELOG.md

@@ -1,6 +1,165 @@
 # Changelog
 
-## [1.0-beta - 02.02.2024]
+## [1.3.1 - 19.03.2025]
+
+### Fixed
+* Fixed migrate:run command (https://github.com/slawkens/myaac/commit/1a5771ad51e595fe13368a0721b059c4ecefb17d)
+
+### Changed
+* Small adjustments (https://github.com/slawkens/myaac/commit/6fac883659f581baac1361826d046410156f1e58, https://github.com/slawkens/myaac/commit/4a6896b4469968b9904292734cf6c14ba5eeef14)
+
+## [1.3 - 10.03.2025]
+
+### Changed
+* Use latest outfit-images host from @gesior (https://github.com/slawkens/myaac/commit/529bdcf016dd0f9dffbc34d81f99a046a9ddb70d)
+* Change monster link to $_GET ?name= (https://github.com/slawkens/myaac/commit/4c5cc8b573b2b3e7ec00a22b7ede30a68083a924)
+
+### Fixed
+* Fixed house links (https://github.com/slawkens/myaac/commit/887b5068ad11c4cdab614afd34525caba785ce13)
+* Fixed long title on headline.php (https://github.com/slawkens/myaac/commit/3e3f4bb5a514158ec8777684ca6c7f1c2a37bed5)
+* Fixed menu colors once again, plus add !important tag (https://github.com/slawkens/myaac/commit/aa52df6e2ec92cafc25b655ae907bf2e1746d9cc)
+* Fix: add possibility to remove all menu items in admin panel (https://github.com/slawkens/myaac/commit/00fe1adc15ea7646596d755f6e6e1f7854ffc1d5, https://github.com/slawkens/myaac/commit/9239a4f4198c3ad260802ac3b47e9c41b80b754e)
+
+## [1.2 - 09.02.2025]
+
+### Added
+* Twig session(key) function + reworked session functions to accept multi-array like in Laravel (https://github.com/slawkens/myaac/commit/b46ddb43d03ef7e5fc34e555e92e856bdc905691)
+* add template_name to twig variables (https://github.com/slawkens/myaac/commit/ae1161d77050bda181802b4496c9de920a7bb1bc)
+* add HOOK_INIT, executed just after $hooks are loaded (https://github.com/slawkens/myaac/commit/19686725dc810f63a07f049f82c66cf336d90ca6)
+
+### Changed
+* settings: password input hide/show, enable Save button only if changes has been made, save settings in transaction (https://github.com/slawkens/myaac/commit/4fda4f643b60a151179e5dd4f04912fb2618d98f, https://github.com/slawkens/myaac/commit/28fef952f857b79d64bc7495ffa5e1999e68e192, https://github.com/slawkens/myaac/commit/4b6024dc451accadb6c469fa282a9a764c1c0a81)
+* rework menus: Different categories can have different colors + Option to reset menus (https://github.com/slawkens/myaac/commit/73de93a561f6b13111e019075724357d8a617249, https://github.com/slawkens/myaac/commit/3da3e62c5b12390d75de9b3320729bcca6e0b458)
+
+### Fixed
+* highscores: Fix online status + vocation for TFS 0.x (https://github.com/slawkens/myaac/commit/ea51ad27c38be88d86514cb979bb394fcfbef1f0)
+* clear cache button in admin bar needed to be clicked twice until it worked (https://github.com/slawkens/myaac/commit/ea51ad27c38be88d86514cb979bb394fcfbef1f0)
+* HOOK_STARTUP location (https://github.com/slawkens/myaac/commit/a73fb1003ee3f812cf182d1834d65f08e6f60d1f)
+* if vocation name has more words (https://github.com/slawkens/myaac/commit/9d7fc98e1e0a96b59ecc1a7c39800a64445db364)
+
+### Updated
+* Bump twig/twig from 3.18.0 to 3.19.0 (#284)
+
+## [1.1 - 27.01.2025]
+
+### Changed
+* adjust mailer settings descriptions to latest gmail (https://github.com/slawkens/myaac/commit/c5d5bb80671db135e6b503f53684771c7272e05d)
+* optimize $player->isOnline() function, thanks @gesior (https://github.com/slawkens/myaac/commit/10dd818b139d5e1bb1ca9ec81edfb083ba9316b4)
+* make players.comment and guilds.description VARCHAR (https://github.com/slawkens/myaac/commit/a45ceab83a74bee2b89cdb72baceda75e577e3cf)
+* add lua/ folder to .gitignore (https://github.com/slawkens/myaac/commit/07012f786b1114cb6ab2f064f82c645b136a375a)
+
+### Fixed
+* general fixes in the tibiacom template menus, better support for custom menus
+* make functions_custom.php optional (https://github.com/slawkens/myaac/commit/dc2b5afd9980984e2b259c9fc99f2ade46f70a5a)
+* error in CLI, where BASE_URL is not defined (https://github.com/slawkens/myaac/commit/4d749b881582f64b5a46196dbbb5ee8097127f03)
+* hook ACCOUNT_LOGIN_BEFORE_ACCOUNT location (https://github.com/slawkens/myaac/commit/669c447fca8643ce56d9ef8c1374ec647c780998)
+
+## [1.0.1 - 14.01.2025]
+
+### Fixed
+* tibiacom account & news menu links not auto expanding
+
+### Updated (Thanks dependabot)
+* twig from ^2.0 to ^3.11
+* tinymce from ^6.8.3 to ^7.2.0
+* cypress from ^12.12.0 to ^13.17.0
+* nesbot/carbon from 2.72.5 to 2.72.6
+
+## [1.0 - 12.01.2025]
+
+First stable release in the v1.0 series.
+
+Minimum PHP 8.1 is required.
+
+Changes since RC.2:
+
+### Added
+* feature: migrations up/down. Allows to downgrade/upgrade database to specified version (https://github.com/slawkens/myaac/commit/3f6ff3a3326b0475d28d11ffd7fff51f362d799f)
+* new hooks for news management (https://github.com/slawkens/myaac/commit/011a85d8ae34283ded6999882833f9d4797028ec, https://github.com/slawkens/myaac/commit/36bd3eb846e829b45313e10f7568dc4e95841143)
+* None Vocation to highscores (can be changed to RookStayer in Admin Panel) (https://github.com/slawkens/myaac/commit/a4a248099521bb5b8b2aa5bd592138debd2f19d5)
+* support for button_color (green, red, blue) (https://github.com/slawkens/myaac/commit/d8b6b749ee62e88b6af4a05d3d7557f90b94d94e)
+* add $whoopsHandler as variable, can be used by plugins (https://github.com/slawkens/myaac/commit/b0c8cf2ecda23045d725aaf43cfb3852ed766a4b)
+* PlayerModel->outfit_url attribute (https://github.com/slawkens/myaac/commit/3b5be1a8db5dceecaa388e2925a5536d13b38881)
+* support for selecting plugin themes in Admin menus.php (https://github.com/slawkens/myaac/commit/77a2c1cec343ffe4be5c2c2503ee81bc32a14ca1)
+
+### Changed
+* schema: Change character set to utf8mb4 (support for Emojis in Menus/Pages/News/Forum etc.) (https://github.com/slawkens/myaac/commit/27c44f1bdfb6234cf0c9d5b4b491123bb205b08f)
+* prefer get_browser_real_ip() over REMOTE_ADDR (https://github.com/slawkens/myaac/commit/941846605c00cee83168d2f916410b8ba8d4b7b9)
+* automatically set selected current one on highscores filters (https://github.com/slawkens/myaac/commit/e96227fbe41ae281783b2d49edb169a603601813)
+* rewrite towns loading code, removed OTBM loader (was too slow) (https://github.com/slawkens/myaac/commit/c980a0914632e7b27f718464f669a200707d217e)
+* allow OTS_Player to be passed as object to getPlayerLink (https://github.com/slawkens/myaac/commit/84d37c5a8f2c4535a41c8aa8264752969d3f3a3d)
+* do not clear menus by default on install (https://github.com/slawkens/myaac/commit/12d8faa3eda5e798f97b71e941c035187daad96e)
+* display warning in admin panel - plugins - if zip extension is not installed (https://github.com/slawkens/myaac/commit/e3ffe5d9e11d78ab064a370d8541bac351c9bcd9)
+* set default_socket_timeout for ipinfo.io checkup to 5 seconds (https://github.com/slawkens/myaac/commit/783d96fc6568a607d3198b832fed3a0dd06c4ebb)
+* refactor getTopPlayers function (support for balance) (https://github.com/slawkens/myaac/commit/c769962e39fe8dfb72ecd5be1864e145696be794)
+
+### Fixed
+* XSS in forum (https://github.com/slawkens/myaac/commit/c2b7286d20d4b579171540f7a774e8a0995d5e8f, https://github.com/slawkens/myaac/commit/8fb643596f9586005976e7bdb484a541a9d8715e)
+* price deducted when changing sex (https://github.com/slawkens/myaac/commit/16671ea40b72dcf74037c359ad572f9eb825edf9)
+* move_thread by unauthorized user (https://github.com/slawkens/myaac/commit/d6c40c836a53cb1710f911f77f45f28b54ea1b54, thanks @anyeor)
+* TFS 1.4.2 where conditions is NULL (https://github.com/slawkens/myaac/commit/b8396d4c8482e951da538b13f2296123732c4545)
+* do not show forum new thread show button if not logged in (https://github.com/slawkens/myaac/commit/507402171ba3b6e7ee184bd7fa73e0d55e0cad7a, @anyeor)
+* login if limiter is disabled (https://github.com/slawkens/myaac/commit/a0f1971583f0f790013e2145fb5ac573c59fbdef)
+* fixes to installMenus function (https://github.com/slawkens/myaac/commit/a2fadc5945fe0a5e39f740827f6ffbda1bb501e2)
+* many PHP exceptions in different places
+* fixes to tibiacom menus ActiveSubmenuItem
+
+### Removed
+* bugtracker SQL table code as the page has been removed/moved to plugins (https://github.com/slawkens/myaac/commit/5782772b901b05fb814bc718d062f6e2cd71df8c)
+
+## [1.0-RC.2 - 25.10.2024]
+
+Still waiting for your reports about bugs found in this release. We are very close to stable release.
+
+### Added
+* feat: rate limit settings for blocking accounts login attempts (@gpedro, #266)
+* search by email in accounts editor (https://github.com/slawkens/myaac/commit/c2ec46824621468f2a1cb4046805c485ed13fea5)
+* New hooks in account manage + create (https://github.com/slawkens/myaac/commit/93641fc68ac9a5f1479329e2bd41380c19534d5d)
+
+### Changed
+* chore: drop raw queries + accounts - search by email + accounts - required min size for search by account number (@gpedro, #266)
+* Use https for outfit & item images (https://github.com/slawkens/myaac/commit/71c00aa5e01fbdfd88802912e200dd1025976231)
+* Do not require players & guilds tables on install (https://github.com/slawkens/myaac/commit/779aa152fa940261c9b161533946f44e288597a2)
+* Do not create player if there is no players table in db (https://github.com/slawkens/myaac/commit/201f95caa8b70e88fa651eac8c3c3aa7cd765bd0)
+
+### Fixed
+* Highscore frags fixed for TFS 0.3 (@Scrollog, #263)
+* Missing groups variable #262. thanks, @Scrollog for reporting (https://github.com/slawkens/myaac/commit/8d8bdb6dac6df21672ac77288fff2f2f8d6eb665)
+* Verified email for login.php (@gpedro, #265)
+* Warning if core.account_country is disabled (https://github.com/slawkens/myaac/commit/ab73d60c61e14a1cacdb6cfbf7f89f4bf3be0833)
+
+
+## [1.0-RC.1 - 23.07.2024]
+
+Changes since 1.0-beta:
+
+### Added
+* Feat: Hooks priority (https://github.com/slawkens/myaac/commit/dc17b701da053e04bfa64e21be9247a4f07505e1)
+* Make autoload of pages, commands and themes configurable (https://github.com/slawkens/myaac/commit/c1d4b4f80cd6bb85507ee9471e47013955a26a91)
+* Fraggers in characters page for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/42f99c3edc8de39cccc5632cb42e88b24579c5a6)
+* New hooks: HOOK_INSTALL_FINISH, HOOK_ACCOUNT_CREATE_CHARACTER_* (https://github.com/slawkens/myaac/commit/08ac8ebade106521a5c7396faa5ce7006e629f7c, https://github.com/slawkens/myaac/commit/45dda5e834ff2059faea6ef9be2efa76f1723cbd)
+
+### Changed
+* Allow account_create_character_create even if account_mail_verify is activated (https://github.com/slawkens/myaac/commit/203e411b626fe62401a4b74a48420769e512aa39)
+* Create guild_rank entries, in case MySQL trigger not loaded (https://github.com/slawkens/myaac/commit/d9c1b2507c81f306970642b35e4bf5f7cc04a6f2, https://github.com/slawkens/myaac/commit/47a19e85dd84e9f3b39a1b29cfc2c04b004832b9)
+* Set Admin Account verified by default (https://github.com/slawkens/myaac/commit/cd49dfc79942f3301ce9c0b8d899b9f39bda9a41)
+* Refactor account routes into sub folders (https://github.com/slawkens/myaac/commit/bdc0c43d3fd3a51030c3e916bdb9f008468f5ecd)
+* Order towns by id (https://github.com/slawkens/myaac/commit/9ea2a5067fc4b75de395f381577b18914132ad84)
+* Do not create news about myaac, if any news already exist (on installation (https://github.com/slawkens/myaac/commit/504242fb846b73b56b87bc1e39d070687ad7f5b4)
+
+### Fixed
+* Not working google recaptcha plugin (https://github.com/slawkens/myaac/commit/a1bcb217ecf4e21fd58da4ba491da1852029898a)
+* Not working account create if account_country is disabled (https://github.com/slawkens/myaac/commit/933b681a9fcdbb6283e0469b3806d2ded492d232)
+* Account verify - do not allow login without verified email (Thanks @anyeor, https://github.com/slawkens/myaac/commit/fcb13f3c0fb8ceafda0bd614a229a26a269432bd)
+* Detect tools/ext exists on install to prevent broken installs (https://github.com/slawkens/myaac/commit/10a739773c4f2911876bc802a0ee0537c3e00a92)
+* Cache reloading each time page refreshes (https://github.com/slawkens/myaac/commit/ec96985872057340112f65073efc0c4bf86dddb0)
+* Highscores frags for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/a04d186c22912915f0a7873dfe677ef3b5a23c79)
+* Monsters page: monster not found exception (https://github.com/slawkens/myaac/commit/ef79b99b8acc179f14b8475547347d9daca27512)
+* Fixed bug if \<flags\> are not present in monster.xml (https://github.com/slawkens/myaac/commit/57b47ab7983f625c7c0ef4f5303a4d07ef172786)
+* fastRoute duplicate errors (https://github.com/slawkens/myaac/commit/4c0739d3e93812dff0c33849ea3f38e4e49113ac)
+* useGuildNick displaying (https://github.com/slawkens/myaac/commit/0db0ec1aa47e044c26bc403ff5078a2115d086f8)
+
+## [1.0-beta - 18.05.2024]
 
 Minimum PHP version for this release is 8.1.
 
@@ -22,7 +181,7 @@ Minimum PHP version for this release is 8.1.
   * list of open source libraries used in project page
 * auto-loading of themes, commands & pages from plugins/ folder. You need just to place them in correct folder and they will be loaded automatically - this allows better customization, without interfering with core AAC folders. This will allow in the future automatic updates for plugins as well the AAC as whole.
 * config.php moved to Admin Panel -> Settings page
-* new console script: aac (comes from MyAAC) - using symfony/console
+* new console script: aac - using symfony/console
   * usage: `php aac` (will list all commands by default)
   * example: `php aac cache:clear`
   * example: `php aac plugin:install theme-example.zip`
@@ -35,7 +194,6 @@ Minimum PHP version for this release is 8.1.
 * support for login and create account only by email (configurable)
   * with no need for account name
 * Google ReCAPTCHA v3 support (available as plugin)
-* automatically load towns names from .OTBM file
 * support for Account Number
   * suggest account number option
 * many new functions, hooks and configurables
@@ -46,7 +204,7 @@ Minimum PHP version for this release is 8.1.
 * phpdebug bar (http://phpdebugbar.com/). Activated if env == 'dev', can be also activated in production by enabling "enable_debugbar" in local config
 
 ### Changed
-* Composer is now used for external libraries like: Twig, PHPMailer, fast-route etc.
+* Composer and NPM is now used for external libraries like: Twig, PHPMailer, fast-route, jQuery, Bootstrap etc.
 * mail support is disabled on fresh install, can be manually enabled by user
 * disable add php pages in admin panel for security. Option to disable plugins upload
 * visitors counter shows now user browser, and also if its bot
@@ -64,4 +222,4 @@ Minimum PHP version for this release is 8.1.
 * change_password email to be more informal
 
 ### Fixed
-* hundrets of bug fixes, mostly patched from 0.8, so it makes no sense writing them again here
+* hundreds of bug fixes, mostly patched from 0.8, so it makes no sense writing them again here

CREDITS

@@ -1,3 +1,3 @@
 * Gesior.pl (2007 - 2008)
-* Slawkens (2009 - 2023)
+* Slawkens (2009 - 2025)
 * Contributors listed in CONTRIBUTORS.txt

README.md

@@ -11,10 +11,10 @@ Official website: https://my-aac.org
 [![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
 
 | Version | Status                 | Branch | Requirements   |
-|:--------|:-----------------------|:--------|:---------------|
-| **1.x** | **Active development** | develop | **PHP >= 8.1** |
+|:--------|:-----------------------|:-------|:---------------|
+| **1.x** | **Active development** | master | **PHP >= 8.1** |
 | 0.9.x   | Not developed anymore  | 0.9    | PHP >= 7.2.5   |
-| 0.8.x   | Active support         | master  | PHP >= 7.2.5   |
+| 0.8.x   | Active support         | 0.8    | PHP >= 7.2.5   |
 | 0.7.x   | End Of Life            | 0.7    | PHP >= 5.3.3   |
 
 ### Requirements

aac

@@ -3,38 +3,5 @@
 
 require_once __DIR__ . '/common.php';
 
-if(!IS_CLI) {
-	echo 'This script can be run only in command line mode.';
-	exit(1);
-}
-
-require_once SYSTEM . 'functions.php';
-require_once SYSTEM . 'init.php';
-
-define('SELF_NAME', basename(__FILE__));
-
-use MyAAC\Plugins;
-use Symfony\Component\Console\Application;
-
-$application = new Application();
-
-$commandsGlob = glob(SYSTEM . 'src/Commands/*.php');
-foreach ($commandsGlob as $item) {
-	$name = pathinfo($item, PATHINFO_FILENAME);
-	if ($name == 'Command') { // ignore base Command class
-		continue;
-	}
-
-	$commandPre = '\\MyAAC\Commands\\';
-	$application->add(new ($commandPre . $name));
-}
-
-$pluginCommands = Plugins::getCommands();
-foreach ($pluginCommands as $item) {
-	$application->add(require $item);
-}
-
-$application->setName('MyAAC');
-$application->setVersion(MYAAC_VERSION);
-
-$application->run();
+$console = new \MyAAC\App\Console();
+$console->run();

admin/index.php

@@ -1,67 +1,8 @@
 <?php
+require_once '../common.php';
+require_once SYSTEM . 'functions.php';
 
-// few things we'll need
-require '../common.php';
-
-const ADMIN_PANEL = true;
 const MYAAC_ADMIN = true;
 
-if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed']))
-{
-	header('Location: ' . BASE_URL . 'install/');
-	throw new RuntimeException('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
-}
-
-$content = '';
-
-// validate page
-$page = $_GET['p'] ?? '';
-if(empty($page) || preg_match("/[^a-zA-Z0-9_\-\/.]/", $page))
-	$page = 'dashboard';
-
-$page = strtolower($page);
-define('PAGE', $page);
-
-require SYSTEM . 'functions.php';
-require SYSTEM . 'init.php';
-
-require __DIR__ . '/includes/debugbar.php';
-require SYSTEM . 'status.php';
-require SYSTEM . 'login.php';
-require __DIR__ . '/includes/functions.php';
-
-$twig->addGlobal('config', $config);
-$twig->addGlobal('status', $status);
-
-if (ACTION == 'logout') {
-	require SYSTEM . 'logout.php';
-}
-
-// if we're not logged in - show login box
-if(!$logged || !admin()) {
-	$page = 'login';
-}
-
-// include our page
-$file = __DIR__ . '/pages/' . $page . '.php';
-if(!@file_exists($file)) {
-	if (str_contains($page, 'plugins/')) {
-		$file = BASE . $page;
-	}
-	else {
-		$page = '404';
-		$file = SYSTEM . 'pages/404.php';
-	}
-}
-
-ob_start();
-if($hooks->trigger(HOOK_ADMIN_BEFORE_PAGE)) {
-	require $file;
-}
-
-$content .= ob_get_contents();
-ob_end_clean();
-
-// template
-$template_path = 'template/';
-require __DIR__ . '/' . $template_path . 'template.php';
+$admin = new \MyAAC\App\Admin();
+$admin->run();

admin/pages/accounts.php

@@ -8,6 +8,8 @@
  * @link      https://my-aac.org
  */
 
+use MyAAC\Models\Account as AccountModel;
+use MyAAC\Models\AccountAction;
 use MyAAC\Models\Player;
 
 defined('MYAAC') or die('Direct access not allowed!');
@@ -22,10 +24,7 @@ $use_datatable = true;
 if (setting('core.account_country'))
 	require SYSTEM . 'countries.conf.php';
 
-$nameOrNumberColumn = 'name';
-if (USE_ACCOUNT_NUMBER) {
-	$nameOrNumberColumn = 'number';
-}
+$nameOrNumberColumn = getAccountIdentityColumn();
 
 $hasSecretColumn = $db->hasColumn('accounts', 'secret');
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
@@ -51,36 +50,51 @@ $acc_type = setting('core.account_types');
 
 <?php
 $id = 0;
-$search_account = '';
+$search_account = $search_account_email = '';
 if (isset($_REQUEST['id']))
 	$id = (int)$_REQUEST['id'];
+else if (isset($_REQUEST['search_email'])) {
+	$search_account_email = $_REQUEST['search_email'];
+	$accountModel = AccountModel::where('email', $search_account_email)->limit(11)->get(['email', 'id']);
+	if (count($accountModel) == 0) {
+		echo_error('No entries found.');
+	} else if (count($accountModel) == 1) {
+		$id = $accountModel->first()->getKey();
+	} else if (count($accountModel) > 10) {
+		echo_error('Specified e-mail resulted with too many accounts.');
+	}
+}
 else if (isset($_REQUEST['search'])) {
 	$search_account = $_REQUEST['search'];
-	if (strlen($search_account) < 3 && !Validator::number($search_account)) {
-		echo_error('Player name is too short.');
+	$min_size = 3;
+	if (in_array($nameOrNumberColumn, ['id', 'number'])) {
+		$min_size = 1;
+	}
+
+	if (strlen($search_account) < $min_size && !Validator::number($search_account)) {
+		echo_error('Account ' . $nameOrNumberColumn . ' is too short.');
 	} else {
-		$query = $db->query('SELECT `id` FROM `accounts` WHERE `' . $nameOrNumberColumn . '` = ' . $db->quote($search_account));
-		if ($query->rowCount() == 1) {
-			$query = $query->fetch();
-			$id = (int)$query['id'];
+		$query = AccountModel::where($nameOrNumberColumn, '=', $search_account)->limit(11)->get(['id', $nameOrNumberColumn]);
+		if (count($query) == 0) {
+			echo_error('No entries found.');
+		} else if (count($query) == 1) {
+			$id = $query->first()->getKey();
+		} else if (count($query) > 10) {
+			echo_error('Specified name resulted with too many accounts.');
 		} else {
-			$query = $db->query('SELECT `id`, `' . $nameOrNumberColumn . '` FROM `accounts` WHERE `' . $nameOrNumberColumn . '` LIKE ' . $db->quote('%' . $search_account . '%'));
-			if ($query->rowCount() > 0 && $query->rowCount() <= 10) {
 			$str_construct = 'Do you mean?<ul class="mb-0">';
-				foreach ($query as $row)
-					$str_construct .= '<li><a href="' . $admin_base . '&id=' . $row['id'] . '">' . $row[$nameOrNumberColumn] . '</a></li>';
+			foreach ($query as $row) {
+				$str_construct .= '<li><a href="' . $admin_base . '&id=' . $row->getKey() . '">' . $row->attributes[$nameOrNumberColumn] . '</a></li>';
+			}
 			$str_construct .= '</ul>';
 			echo_error($str_construct);
-			} else if ($query->rowCount() > 10)
-				echo_error('Specified name resulted with too many accounts.');
-			else
-				echo_error('No entries found.');
 		}
 	}
 }
 ?>
 <div class="row">
 	<?php
+	$groups = app()->get('groups');
 	if ($id > 0) {
 		$account = new OTS_Account();
 		$account->load($id);
@@ -143,7 +157,9 @@ else if (isset($_REQUEST['search'])) {
 			$rl_loca = $_POST['rl_loca'];
 
 			//country
+			if(setting('core.account_country')) {
 				$rl_country = $_POST['rl_country'];
+			}
 
 			$web_flags = $_POST['web_flags'];
 			verify_number($web_flags, 'Web Flags', 1);
@@ -190,7 +206,11 @@ else if (isset($_REQUEST['search'])) {
 				}
 				$account->setRLName($rl_name);
 				$account->setLocation($rl_loca);
+
+				if(setting('core.account_country')) {
 					$account->setCountry($rl_country);
+				}
+
 				$account->setCustomField('created', $created);
 				$account->setWebFlags($web_flags);
 				$account->setCustomField('web_lastlogin', $web_lastlogin);
@@ -214,7 +234,7 @@ else if (isset($_REQUEST['search'])) {
 			}
 		}
 	} else if ($id == 0) {
-		$accounts_db = $db->query('SELECT `id`, `' . $nameOrNumberColumn . '`' . ($hasTypeColumn ? ',type' : ($hasGroupColumn ? ',group_id' : '')) . ' FROM `accounts` ORDER BY `id` ASC');
+		$accounts_db = $db->query('SELECT `id`, `' . $nameOrNumberColumn . '`' . ($hasTypeColumn ? ',type' : ($hasGroupColumn ? ',group_id' : '')) . ', email FROM `accounts` ORDER BY `id` ASC');
 		?>
 		<div class="col-12 col-sm-12 col-lg-10">
 			<div class="card card-info card-outline">
@@ -226,8 +246,9 @@ else if (isset($_REQUEST['search'])) {
 						<thead>
 						<tr>
 							<th>ID</th>
-							<th><?= ($nameOrNumberColumn == 'number' ? 'Number' : 'Name'); ?></th>
+							<th><?= ($nameOrNumberColumn == 'name' ? 'Name' : 'Number'); ?></th>
 							<?php if($hasTypeColumn || $hasGroupColumn): ?>
+							<th>E-Mail</th>
 							<th>Position</th>
 							<?php endif; ?>
 							<th style="width: 40px">Edit</th>
@@ -238,6 +259,7 @@ else if (isset($_REQUEST['search'])) {
 							<tr>
 								<th><?php echo $account_lst['id']; ?></th>
 								<td><?php echo $account_lst[$nameOrNumberColumn]; ?></a></td>
+								<td><?php echo $account_lst['email']; ?></td>
 								<?php if($hasTypeColumn || $hasGroupColumn): ?>
 								<td>
 									<?php if ($hasTypeColumn) {
@@ -404,6 +426,7 @@ else if (isset($_REQUEST['search'])) {
 											   autocomplete="off" maxlength="20"
 											   value="<?php echo $account->getLocation(); ?>"/>
 									</div>
+									<?php if(setting('core.account_country')): ?>
 									<div class="col-12 col-sm-12 col-lg-4">
 										<label for="rl_country">Country:</label>
 										<select name="rl_country" id="rl_country" class="form-control">
@@ -412,6 +435,7 @@ else if (isset($_REQUEST['search'])) {
 											<?php endforeach; ?>
 										</select>
 									</div>
+									<?php endif; ?>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
@@ -443,9 +467,8 @@ else if (isset($_REQUEST['search'])) {
 									</thead>
 									<tbody>
 										<?php
-											$accountActions = \MyAAC\Models\AccountAction::where('account_id', $account->getId())->orderByDesc('date')->get();
+											$accountActions = AccountAction::where('account_id', $account->getId())->orderByDesc('date')->get();
 											foreach ($accountActions as $i => $log):
-												$log->ip = ($log->ip != 0 ? long2ip($log->ip) : inet_ntop($log->ipv6));
 												?>
 											<tr>
 												<td><?php echo $i + 1; ?></td>
@@ -583,6 +606,16 @@ else if (isset($_REQUEST['search'])) {
 			</div>
 			<div class="card-body">
 				<div class="row">
+					<div class="col-6 col-lg-12">
+						<form action="<?php echo $admin_base; ?>" method="post">
+							<?php csrf(); ?>
+							<label for="search">Account E-Mail:</label>
+							<div class="input-group input-group-sm">
+								<input type="email" class="form-control" id="search_email" name="search_email" value="<?= escapeHtml($search_account_email); ?>" maxlength="255" size="255">
+								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
+							</div>
+						</form>
+					</div>
 					<div class="col-6 col-lg-12">
 						<form action="<?php echo $admin_base; ?>" method="post">
 							<?php csrf(); ?>

admin/pages/changelog.php

@@ -110,7 +110,7 @@ if($action == 'edit' || $action == 'new') {
 		$player->load($player_id);
 	}
 
-	$account_players = $account_logged->getPlayersList();
+	$account_players = accountLogged()->getPlayersList();
 	$account_players->orderBy('group_id', POT::ORDER_DESC);
 	$twig->display('admin.changelog.form.html.twig', array(
 		'action' => $action,

admin/pages/login.php

@@ -13,7 +13,7 @@ $title = 'Login';
 csrfProtect();
 
 require PAGES . 'account/login.php';
-if ($logged) {
+if (logged()) {
 	header('Location: ' . (admin() ? ADMIN_URL : BASE_URL));
 	return;
 }

admin/pages/mailer.php

@@ -7,6 +7,9 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Models\Account;
+
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Mailer';
 
@@ -61,15 +64,15 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
 		$add = ' AND `email_verified` = 1';
 	}
 
-	$query = $db->query('SELECT `email` FROM `accounts` WHERE `email` != ""' . $add);
+	$query = Account::where('email', '!=', '')->get(['email']);
 	foreach ($query as $email) {
-		if (_mail($email['email'], $mail_subject, $mail_content)) {
+		if (_mail($email->email, $mail_subject, $mail_content)) {
 			$success++;
 		}
 		else {
 			$failed++;
 			echo '<br />';
-			error('An error occorred while sending email to <b>' . $email['email'] . '</b>. For Admin: More info can be found in system/logs/mailer-error.log');
+			error('An error occorred while sending email to <b>' . $email->email . '</b>. For Admin: More info can be found in system/logs/mailer-error.log');
 		}
 	}
 

admin/pages/mass_account.php

@@ -24,20 +24,13 @@ $freePremium = $config['lua']['freePremium'];
 
 function admin_give_points($points)
 {
-	global $db, $hasPointsColumn;
+	global $hasPointsColumn;
 
 	if (!$hasPointsColumn) {
 		displayMessage('Points not supported.');
 		return;
 	}
 
-
-	$statement = $db->prepare('UPDATE `accounts` SET `premium_points` = `premium_points` + :points');
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return;
-	}
-
 	if (!Account::query()->increment('premium_points', $points)) {
 		displayMessage('Failed to add points.');
 		return;
@@ -47,7 +40,7 @@ function admin_give_points($points)
 
 function admin_give_coins($coins)
 {
-	global $db, $hasCoinsColumn;
+	global $hasCoinsColumn;
 
 	if (!$hasCoinsColumn) {
 		displayMessage('Coins not supported.');
@@ -62,41 +55,24 @@ function admin_give_coins($coins)
 	displayMessage($coins . ' coins added to all accounts.', true);
 }
 
-function query_add_premium($column, $value_query, $condition_query = '1=1', $params = [])
-{
-	global $db;
-
-	$statement = $db->prepare("UPDATE `accounts` SET `{$column}` = $value_query WHERE $condition_query");
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return false;
-	}
-
-	if (!$statement->execute($params)) {
-		displayMessage('Failed to add premium days.');
-		return false;
-	}
-
-	return true;
-}
-
 function admin_give_premdays($days)
 {
-	global $db, $freePremium;
+	global $freePremium;
 
 	if ($freePremium) {
 		displayMessage('Premium days not supported. Free Premium enabled.');
 		return;
 	}
 
+	$db = app()->get('database');
 	$value = $days * 86400;
 	$now = time();
 	// othire
 	if ($db->hasColumn('accounts', 'premend')) {
 		// append premend
-		if (query_add_premium('premend', '`premend` + :value', '`premend` > :now', ['value' => $value, 'now' => $now])) {
+		if (Account::where('premend', '>', $now)->increment('premend', $value)) {
 			// set premend
-			if (query_add_premium('premend', ':value', '`premend` <= :now', ['value' => $now + $value, 'now' => $now])) {
+			if (Account::where('premend', '<=', $now)->update(['premend' => $now + $value])) {
 				displayMessage($days . ' premium days added to all accounts.', true);
 				return;
 			} else {
@@ -114,11 +90,11 @@ function admin_give_premdays($days)
 	// tfs 0.x
 	if ($db->hasColumn('accounts', 'premdays')) {
 		// append premdays
-		if (query_add_premium('premdays', '`premdays` + :value', '1=1', ['value' => $days])) {
+		if (Account::query()->update(['premdays' => $days])) {
 			// append lastday
-			if (query_add_premium('lastday', '`lastday` + :value', '`lastday` > :now', ['value' => $value, 'now' => $now])) {
+			if (Account::where('lastday', '>', $now)->increment('lastday', $value)) {
 				// set lastday
-				if (query_add_premium('lastday', ':value', '`lastday` <= :now', ['value' => $now + $value, 'now' => $now])) {
+				if (Account::where('lastday', '<=', $now)->update(['lastday' => $now + $value])) {
 					displayMessage($days . ' premium days added to all accounts.', true);
 					return;
 				} else {
@@ -142,9 +118,9 @@ function admin_give_premdays($days)
 	// tfs 1.x
 	if ($db->hasColumn('accounts', 'premium_ends_at')) {
 		// append premium_ends_at
-		if (query_add_premium('premium_ends_at', '`premium_ends_at` + :value', '`premium_ends_at` > :now', ['value' => $value, 'now' => $now])) {
+		if (Account::where('premium_ends_at', '>', $now)->increment('premium_ends_at', $value)) {
 			// set premium_ends_at
-			if (query_add_premium('premium_ends_at', ':value', '`premium_ends_at` <= :now', ['value' => $now + $value, 'now' => $now])) {
+			if (Account::where('premium_ends_at', '<=', $now)->update(['premium_ends_at' => $now + $value])) {
 				displayMessage($days . ' premium days added to all accounts.', true);
 				return;
 			} else {
@@ -199,10 +175,12 @@ else {
 }
 
 function displayMessage($message, $success = false) {
-	global $twig, $hasCoinsColumn, $hasPointsColumn, $freePremium;
+	global $hasCoinsColumn, $hasPointsColumn, $freePremium;
 
 	$success ? success($message): error($message);
 
+	$twig = app()->get('twig');
+
 	$twig->display('admin.tools.account.html.twig', array(
 		'hasCoinsColumn' => $hasCoinsColumn,
 		'hasPointsColumn' => $hasPointsColumn,

admin/pages/mass_teleport.php

@@ -99,9 +99,9 @@ else {
 }
 
 
-function displayMessage($message, $success = false) {
-	global $twig;
-
+function displayMessage($message, $success = false)
+{
+	$twig = app()->get('twig');
 	$success ? success($message): error($message);
 	$twig->display('admin.tools.teleport.html.twig', array());
 }

admin/pages/menus.php

@@ -10,6 +10,7 @@
 
 use MyAAC\Cache\Cache;
 use MyAAC\Models\Menu;
+use MyAAC\Plugins;
 
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Menus';
@@ -21,14 +22,16 @@ if (!hasFlag(FLAG_CONTENT_MENUS) && !superAdmin()) {
 	return;
 }
 
+$pluginThemes = Plugins::getThemes();
+
 if (isset($_POST['template'])) {
 	$template = $_POST['template'];
 
-	if (isset($_POST['menu'])) {
-		$post_menu = $_POST['menu'];
-		$post_menu_link = $_POST['menu_link'];
-		$post_menu_blank = $_POST['menu_blank'];
-		$post_menu_color = $_POST['menu_color'];
+	if (isset($_POST['save'])) {
+		$post_menu = $_POST['menu'] ?? [];
+		$post_menu_link = $_POST['menu_link'] ?? [];
+		$post_menu_blank = $_POST['menu_blank'] ?? [];
+		$post_menu_color = $_POST['menu_color'] ?? [];
 		if (count($post_menu) != count($post_menu_link)) {
 			echo 'Menu count is not equal menu links. Something went wrong when sending form.';
 			return;
@@ -56,54 +59,67 @@ if (isset($_POST['template'])) {
 			}
 		}
 
-		$cache = Cache::getInstance();
-		if ($cache->enabled()) {
-			$cache->delete('template_menus');
-		}
-
+		onTemplateMenusChange();
 		success('Saved at ' . date('H:i'));
 	}
 
-	$file = TEMPLATES . $template . '/config.php';
-	if (file_exists($file)) {
-		require_once $file;
+	$path = TEMPLATES . $template;
+
+	if (isset($pluginThemes[$template])) {
+		$path = BASE . $pluginThemes[$template];
+	}
+
+	$path .= '/config.php';
+
+	if (file_exists($path)) {
+		require_once $path;
 	} else {
 		echo 'Cannot find template config.php file.';
 		return;
 	}
 
-	if (isset($_GET['reset_colors'])) {
-		if (isset($config['menu_default_color'])) {
-			Menu::where('template', $template)->update(['color' => str_replace('#', '', $config['menu_default_color'])]);
-			success('Colors has been reset.');
-		}
-		else {
-			warning('There is no default color defined, cannot reset colors.');
-		}
-	}
-
 	if (!isset($config['menu_categories'])) {
 		echo "No menu categories set in template config.php.<br/>This template doesn't support dynamic menus.";
 		return;
 	}
 
+	if (isset($_GET['reset_colors'])) {
+		foreach ($config['menu_categories'] as $id => $options) {
+			$color = $options['default_links_color'] ?? ($config['menu_default_links_color'] ?? ($config['menu_default_color'] ?? '#ffffff'));
+			Menu::where('template', $template)->where('category', $id)->update(['color' => str_replace('#', '', $color)]);
+		}
+
+		onTemplateMenusChange();
+		success('Colors has been reset at ' . date('H:i'));
+	}
+
+	if (isset($_GET['reset_menus'])) {
+		$configMenus = config('menus');
+		if (isset($configMenus)) {
+			Plugins::installMenus($template, config('menus'), true);
+
+			onTemplateMenusChange();
+			success('Menus has been reset at ' . date('H:i'));
+		}
+		else {
+			error("This template don't support reinstalling menus.");
+		}
+	}
+
 	$title = 'Menus - ' . $template;
+
+	$canResetColors = isset($config['menu_default_color']) || isset($config['menu_default_links_color']);
+	foreach ($config['menu_categories'] as $id => $options) {
+		if (isset($options['default_links_color'])) {
+			$canResetColors = true;
+		}
+	}
+
+	$twig->display('admin.menus.header.html.twig', [
+		'template' => $template,
+		'canResetColors' => $canResetColors
+	]);
 	?>
-	<div align="center" class="text-center">
-		<p class="note">You are editing: <?= $template ?><br/><br/>
-			Hint: You can drag menu items.<br/>
-			Hint: Add links to external sites using: <b>http://</b> or <b>https://</b> prefix.<br/>
-			Not all templates support blank and colorful links.
-		</p>
-		<?php if (isset($config['menu_default_color'])) {?>
-		<form method="post" action="?p=menus&reset_colors" onsubmit="return confirm('Do you really want to reset colors?');">
-			<?php csrf(); ?>
-			<input type="hidden" name="template" value="<?php echo $template ?>"/>
-			<button type="submit" class="btn btn-danger">Reset Colors to default</button>
-		</form>
-		<br/>
-		<?php } ?>
-	</div>
 	<?php
 	$menus = Menu::query()
 		->select('name', 'link', 'blank', 'color', 'category', 'ordering')
@@ -119,7 +135,7 @@ if (isset($_POST['template'])) {
 	<form method="post" id="menus-form" action="?p=menus">
 		<?php csrf(); ?>
 		<input type="hidden" name="template" value="<?php echo $template ?>"/>
-		<button type="submit" class="btn btn-info">Save</button><br/><br/>
+		<button type="submit" name="save" class="btn btn-info">Save</button><br/><br/>
 		<div class="row">
 			<?php foreach ($config['menu_categories'] as $id => $cat): ?>
 				<div class="col-md-12 col-lg-6">
@@ -133,12 +149,13 @@ if (isset($_POST['template'])) {
 								if (isset($menus[$id])) {
 									$i = 0;
 									foreach ($menus[$id] as $menu):
+										$color = (empty($menu['color']) ? ($cat['default_links_color'] ?? ($config['menu_default_links_color'] ?? ($config['menu_default_color'] ?? '#ffffff'))) : '#' . $menu['color']);
 										?>
 										<li class="ui-state-default" id="list-<?php echo $id ?>-<?php echo $i ?>"><label>Name:</label> <input type="text" name="menu[<?php echo $id ?>][]" value="<?php echo escapeHtml($menu['name']); ?>"/>
 											<label>Link:</label> <input type="text" name="menu_link[<?php echo $id ?>][]" value="<?php echo $menu['link'] ?>"/>
 											<input type="hidden" name="menu_blank[<?php echo $id ?>][]" value="0"/>
 											<label><input class="blank-checkbox" type="checkbox" <?php echo($menu['blank'] == 1 ? 'checked' : '') ?>/><span title="Open in New Window">New Window</span></label>
-											<input class="color-picker" type="text" name="menu_color[<?php echo $id ?>][]" value="<?php echo (empty($menu['color']) ? ($config['menu_default_color'] ?? '#ffffff') : $menu['color']); ?>"/>
+											<input class="color-picker" type="text" name="menu_color[<?php echo $id ?>][]" value="<?php echo $color; ?>"/>
 											<a class="remove-button" id="remove-button-<?php echo $id ?>-<?php echo $i ?>"><i class="fas fa-trash"></a></i></li>
 										<?php $i++; $last_id[$id] = $i;
 									endforeach;
@@ -151,7 +168,7 @@ if (isset($_POST['template'])) {
 		</div>
 		<div class="row pb-2">
 			<div class="col-md-12">
-				<button type="submit" class="btn btn-info">Save</button>
+				<button type="submit" name="save" class="btn btn-info">Save</button>
 				<?php
 				echo '<button type="button" class="btn btn-danger float-right" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus\';"><i class="fas fa-cancel"></i> Cancel</button>';
 				?>
@@ -162,15 +179,19 @@ if (isset($_POST['template'])) {
 	$twig->display('admin.menus.js.html.twig', array(
 		'menus' => $menus,
 		'last_id' => $last_id,
-		'menu_default_color' => $config['menu_default_color'] ?? '#ffffff'
 	));
 	?>
 	<?php
 } else {
 	$templates = Menu::select('template')->distinct()->get()->toArray();
 	foreach ($templates as $key => $value) {
-		$file = TEMPLATES . $value['template'] . '/config.php';
-		if (!file_exists($file)) {
+		$path = TEMPLATES . $value['template'];
+
+		if (isset($pluginThemes[$value['template']])) {
+			$path = BASE . $pluginThemes[$value['template']];
+		}
+
+		if (!file_exists($path . '/config.php')) {
 			unset($templates[$key]);
 		}
 	}
@@ -179,3 +200,11 @@ if (isset($_POST['template'])) {
 		'templates' => $templates
 	));
 }
+
+function onTemplateMenusChange(): void
+{
+	$cache = app()->get('cache');
+	if ($cache->enabled()) {
+		$cache->delete('template_menus');
+	}
+}

admin/pages/modules/created.php

@@ -7,7 +7,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 $accounts = 0;
 
 if ($db->hasColumn('accounts', 'created')) {
-	$accounts = Account::orderByDesc('created')->limit(10)->get(['created', (USE_ACCOUNT_NAME ? 'name' : 'id')])->toArray();
+	$accounts = Account::orderByDesc('created')->limit(10)->get(['id', 'created'])->toArray();
 }
 
 $twig->display('created.html.twig', array(

admin/pages/modules/statistics.php

@@ -7,6 +7,8 @@ use MyAAC\Models\Monster;
 use MyAAC\Models\Player;
 
 defined('MYAAC') or die('Direct access not allowed!');
+
+global $eloquentConnection;
 $count = $eloquentConnection->query()
 	->select([
 		'total_accounts' => Account::selectRaw('COUNT(id)'),

admin/pages/modules/templates/created.html.twig

@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=accounts&id={{ result.id }}">{{ result.id }}</a></td>
 							<td>{{ result.created|date("M d Y, H:i:s") }}</td>
 						</tr>
 					{% endfor %}

admin/pages/news.php

@@ -26,7 +26,7 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 
 header('X-XSS-Protection:0');
 
-// some constants, used mainly by database (cannot by modified without schema changes)
+// some constants, used mainly by database (cannot be modified without schema changes)
 const NEWS_TITLE_LIMIT = 100;
 const NEWS_BODY_LIMIT = 65535; // maximum news body length
 const ARTICLE_TEXT_LIMIT = 300;
@@ -50,7 +50,7 @@ if(!empty($action))
 	if (isRequestMethod('post')) {
 		if ($action == 'new') {
 			if (isset($forum_section) && $forum_section != '-1') {
-				$forum_add = Forum::add_thread($p_title, $body, $forum_section, $player_id, $account_logged->getId(), $errors);
+				$forum_add = Forum::add_thread($p_title, $body, $forum_section, $player_id, accountLogged()->getId(), $errors);
 			}
 
 			if (isset($p_title) && News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
@@ -113,7 +113,7 @@ if($action == 'edit' || $action == 'new') {
 		$player->load($player_id);
 	}
 
-	$account_players = $account_logged->getPlayersList();
+	$account_players = accountLogged()->getPlayersList();
 	$account_players->orderBy('group_id', POT::ORDER_DESC);
 	$twig->display('admin.news.form.html.twig', array(
 		'action' => $action,
@@ -136,9 +136,18 @@ if($action == 'edit' || $action == 'new') {
 
 $query = $db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'news'));
 $newses = array();
+
+$cachePlayers = [];
 foreach ($query as $_news) {
+	$playerId = $_news['player_id'];
+	if (isset($cachePlayers[$playerId])) {
+		$_player = $cachePlayers[$playerId];
+	}
+	else {
 		$_player = new OTS_Player();
-	$_player->load($_news['player_id']);
+		$_player->load($playerId);
+		$cachePlayers[$playerId] = $_player;
+	}
 
 	$newses[$_news['type']][] = array(
 		'id' => $_news['id'],
@@ -147,7 +156,7 @@ foreach ($query as $_news) {
 		'title' => $_news['title'],
 		'date' => $_news['date'],
 		'player_name' => $_player->isLoaded() ? $_player->getName() : '',
-		'player_link' => $_player->isLoaded() ? getPlayerLink($_player->getName(), false) : '',
+		'player_link' => $_player->isLoaded() ? getPlayerLink($_player, false) : '',
 	);
 }
 

admin/pages/notepad.php

@@ -15,21 +15,18 @@ $title = 'Notepad';
 
 csrfProtect();
 
-/**
- * @var OTS_Account $account_logged
- */
 $_content = '';
-$notepad = ModelsNotepad::where('account_id', $account_logged->getId())->first();
+$notepad = ModelsNotepad::where('account_id', accountLogged()->getId())->first();
 if (isset($_POST['content'])) {
 	$_content = html_entity_decode(stripslashes($_POST['content']));
 	if (!$notepad) {
 		ModelsNotepad::create([
-			'account_id' => $account_logged->getId(),
+			'account_id' => accountLogged()->getId(),
 			'content' => $_content
 		]);
 	}
 	else {
-		ModelsNotepad::where('account_id', $account_logged->getId())->update(['content' => $_content]);
+		ModelsNotepad::where('account_id', accountLogged()->getId())->update(['content' => $_content]);
 	}
 
 	success('Saved at ' . date('H:i'));

admin/pages/pages.php

@@ -25,7 +25,7 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 header('X-XSS-Protection:0');
 
 $name = $p_title = null;
-$groups = new OTS_Groups_List();
+$groups = app()->get('groups');
 
 $php = false;
 $enable_tinymce = true;

admin/pages/players.php

@@ -51,29 +51,27 @@ else if (isset($_REQUEST['search'])) {
 	if (strlen($search_player) < 3 && !Validator::number($search_player)) {
 		echo_error('Player name is too short.');
 	} else {
-		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote($search_player));
-		if ($query->rowCount() == 1) {
-			$query = $query->fetch();
-			$id = (int)$query['id'];
+		$query = Player::where('name', 'like', '%' . $search_player . '%')->orderBy('name')->limit(11)->get(['id', 'name']);
+		if (count($query) == 0) {
+			echo_error('No entries found.');
+		} else if (count($query) == 1) {
+			$id = $query->first()->getKey();
+		} else if (count($query) > 10) {
+			echo_error('Specified name resulted with too many players.');
 		} else {
-			$query = $db->query('SELECT `id`, `name` FROM `players` WHERE `name` LIKE ' . $db->quote('%' . $search_player . '%'));
-			if ($query->rowCount() > 0 && $query->rowCount() <= 10) {
 			$str_construct = 'Do you mean?<ul>';
-				foreach ($query as $row)
-					$str_construct .= '<li><a href="' . $player_base . '&id=' . $row['id'] . '">' . $row['name'] . '</a></li>';
+			foreach ($query as $row) {
+				$str_construct .= '<li><a href="' . $player_base . '&id=' . $row->getKey() . '">' . $row->name . '</a></li>';
+			}
 			$str_construct .= '</ul>';
 			echo_error($str_construct);
-			} else if ($query->rowCount() > 10)
-				echo_error('Specified name resulted with too many players.');
-			else
-				echo_error('No entries found.');
 		}
 	}
 }
 ?>
 <div class="row">
 	<?php
-	$groups = new OTS_Groups_List();
+	$groups = app()->get('groups');
 	if ($id > 0) {
 		$player = new OTS_Player();
 		$player->load($id);
@@ -202,7 +200,7 @@ else if (isset($_REQUEST['search'])) {
 
 			if ($hasBlessingsColumn) {
 				$blessings = $_POST['blessings'];
-				verify_number($blessings, 'Blessings', 2);
+				verify_number($blessings, 'Blessings', 3);
 			}
 
 			$balance = $_POST['balance'];
@@ -274,7 +272,7 @@ else if (isset($_REQUEST['search'])) {
 					$player->setLossContainers($loss_containers);
 					$player->setLossItems($loss_items);
 				}
-				if ($db->hasColumn('players', 'blessings'))
+				if ($hasBlessingsColumn)
 					$player->setBlessings($blessings);
 
 				if ($hasBlessingColumn) {
@@ -307,7 +305,7 @@ else if (isset($_REQUEST['search'])) {
 			}
 		}
 	} else if ($id == 0) {
-		$players_db = $db->query('SELECT `id`, `name`, `level` FROM `players` ORDER BY `id` asc');
+		$players_db = Player::orderBy('id')->get(['id','name', 'level']);
 		?>
 		<div class="col-12 col-sm-12 col-lg-10">
 			<div class="card card-info card-outline">
@@ -327,11 +325,11 @@ else if (isset($_REQUEST['search'])) {
 						<tbody>
 						<?php foreach ($players_db as $player_db): ?>
 							<tr>
-								<th><?php echo $player_db['id']; ?></th>
-								<td><?php echo $player_db['name']; ?></a></td>
-								<td><?php echo $player_db['level']; ?></a></td>
+								<th><?php echo $player_db->id; ?></th>
+								<td><?php echo $player_db->name; ?></a></td>
+								<td><?php echo $player_db->level; ?></a></td>
 
-								<td><a href="?p=players&id=<?php echo $player_db['id']; ?>" class="btn btn-success btn-sm" title="Edit">
+								<td><a href="?p=players&id=<?php echo $player_db->id; ?>" class="btn btn-success btn-sm" title="Edit">
 										<i class="fas fa-pencil-alt"></i>
 									</a>
 								</td>

admin/pages/plugins.php

@@ -21,7 +21,13 @@ if (!getBoolean(setting('core.admin_plugins_manage_enable'))) {
 	warning('Plugin installation and management is disabled in Settings.<br/>If you wish to enable, go to Settings and enable <strong>Enable Plugins Manage</strong>.');
 }
 else {
-	$twig->display('admin.plugins.form.html.twig');
+	$pluginUploadEnabled = true;
+	if(!\class_exists('\ZipArchive')) {
+		error('Please install PHP zip extension. Plugins upload disabled until then.');
+		$pluginUploadEnabled = false;
+	}
+
+	$twig->display('admin.plugins.form.html.twig', ['pluginUploadEnabled' => $pluginUploadEnabled]);
 
 	if (isset($_POST['uninstall'])) {
 		$uninstall = $_POST['uninstall'];

admin/pages/settings.php

@@ -48,7 +48,7 @@ if (!is_array($settingsFile)) {
 
 $settingsKeyName = ($plugin == 'core' ? $plugin : $settingsFile['key']);
 
-$title = ($plugin == 'core' ? 'Settings' : 'Plugin Settings - ' . $plugin);
+$title = ($plugin == 'core' ? 'Settings' : 'Plugin Settings - ' . $settingsFile['name']);
 
 $settingsParsed = Settings::display($settingsKeyName, $settingsFile['settings']);
 

admin/template/menus.php

@@ -1,5 +1,7 @@
 <?php
 
+global $menus;
+
 $menus = [
 	['name' => 'Dashboard', 'icon' => 'tachometer-alt', 'order' => 10, 'link' => 'dashboard'],
 	['name' => 'Settings', 'icon' => 'edit', 'order' => 19, 'link' =>

admin/template/template.php

@@ -6,7 +6,7 @@
 	<?php echo template_header(true); ?>
 	<title><?php echo (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];?></title>
 	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
-	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/ext/admin-lte/css/adminlte.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/adminlte.min.css">
 	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/font-awesome.min.css">
 	<?php if (isset($use_datatable)) { ?>
 	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/datatables.bs.min.css">
@@ -21,7 +21,7 @@
 </head>
 <body class="sidebar-mini ">
 <?php $hooks->trigger(HOOK_ADMIN_BODY_START); ?>
-<?php if ($logged && admin()) { ?>
+<?php if (admin()) { ?>
 	<div class="wrapper">
 		<nav class="main-header navbar navbar-expand navbar-white navbar-light">
 			<ul class="navbar-nav">
@@ -40,7 +40,7 @@
 		</nav>
 		<aside class="main-sidebar sidebar-dark-info elevation-4">
 			<a href="<?php echo ADMIN_URL; ?>" class="brand-link navbar-info">
-				<img src="<?php echo ADMIN_URL; ?>images/logo.png" class="brand-image img-circle elevation-3" style="opacity: .8">
+				<img src="<?php echo ADMIN_URL; ?>images/logo.png" class="brand-image img-circle elevation-3" style="opacity: .8" alt="MyAAC">
 				<span class="brand-text"><b>My</b>AAC</span>
 			</a>
 			<div class="sidebar">
@@ -97,20 +97,6 @@
 								<?php
 							}
 						}
-
-						$query = $db->query('SELECT `name`, `page`, `flags` FROM `' . TABLE_PREFIX . 'admin_menu` ORDER BY `ordering`');
-						$menu_db = $query->fetchAll();
-						foreach ($menu_db as $item) {
-							if ($item['flags'] == 0 || hasFlag($item['flags'])) { ?>
-								<li class="nav-item">
-									<a class="nav-link<?php echo($page == $item['page'] ? ' active' : '') ?>" href="?p=<?php echo $item['page'] ?>">
-										<i class="nav-icon fas fa-link"></i>
-										<p><?php echo $item['name'] ?></p>
-									</a>
-								</li>
-								<?php
-							}
-						}
 						?>
 					</ul>
 				</nav>
@@ -122,7 +108,7 @@
 				<div class="container-fluid">
 					<div class="row mb-2">
 						<div class="col-sm-6">
-							<h3 class="m-0 text-dark"><?php echo(isset($title) ? $title : ''); ?><small> - Admin Panel</small></h3>
+							<h3 class="m-0 text-dark"><?php echo($title ?? ''); ?><small> - Admin Panel</small></h3>
 						</div>
 						<div class="col-sm-6">
 							<div class="float-sm-right d-none d-sm-inline">
@@ -177,17 +163,14 @@
 		<div id="sidebar-overlay"></div>
 	</div>
 
-<?php } else if (!$logged && !admin()) {
+<?php } else if (!logged() && !admin()) {
 	echo $content;
 }
 ?>
 <?php
-/**
- * @var OTS_Account $account_logged
- */
-if ($logged && admin()) {
+if (admin()) {
 	$twig->display('admin-bar.html.twig', [
-		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
+		'username' => USE_ACCOUNT_NAME ? accountLogged()->getName() : accountLogged()->getId()
 	]);
 }
 ?>
@@ -197,7 +180,7 @@ if ($logged && admin()) {
 <script src="<?php echo BASE_URL; ?>tools/js/datatables.min.js"></script>
 <script src="<?php echo BASE_URL; ?>tools/js/datatables.bs.min.js"></script>
 <?php } ?>
-<script src="<?php echo BASE_URL; ?>tools/ext/admin-lte/js/adminlte.min.js"></script>
+<script src="<?php echo BASE_URL; ?>tools/js/adminlte.min.js"></script>
 <?php $hooks->trigger(HOOK_ADMIN_BODY_END); ?>
 </body>
 </html>

admin/tools/phpinfo.php

@@ -1,15 +1,22 @@
 <?php
+
+use MyAAC\Services\LoginService;
+
 define('MYAAC_ADMIN', true);
 
 require '../../common.php';
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
-require SYSTEM . 'login.php';
 
-if(!admin())
+$loginService = new LoginService();
+$loginService->checkLogin();
+
+if(!admin()) {
 	die('Access denied.');
+}
 
-if(!function_exists('phpinfo'))
+if(!function_exists('phpinfo')) {
 	die('phpinfo() disabled on this web server.');
+}
 
 phpinfo();

admin/tools/reload_data.php

@@ -24,16 +24,20 @@
  */
 
 use MyAAC\DataLoader;
+use MyAAC\Services\LoginService;
 
 const MYAAC_ADMIN = true;
 
 require '../../common.php';
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
-require SYSTEM . 'login.php';
 
-if (!admin())
+$loginService = new LoginService();
+$loginService->checkLogin();
+
+if (!admin()) {
 	die('Access denied.');
+}
 
 ini_set('max_execution_time', 300);
 ob_implicit_flush();

admin/tools/settings_save.php

@@ -1,6 +1,6 @@
 <?php
 
-use MyAAC\Hooks;
+use MyAAC\Services\LoginService;
 use MyAAC\Settings;
 
 const MYAAC_ADMIN = true;
@@ -8,7 +8,9 @@ const MYAAC_ADMIN = true;
 require '../../common.php';
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
-require SYSTEM . 'login.php';
+
+$loginService = new LoginService();
+$loginService->checkLogin();
 
 if(!admin()) {
 	http_response_code(500);
@@ -27,7 +29,7 @@ if (!isset($_POST['settings'])) {
 	die('Please enter settings.');
 }
 
-$settings = Settings::getInstance();
+$settings = app()->get('settings');
 
 $success = $settings->save($_REQUEST['plugin'], $_POST['settings']);
 

admin/tools/status.php

@@ -1,14 +1,20 @@
 <?php
+
+use MyAAC\Services\LoginService;
+
 define('MYAAC_ADMIN', true);
 
 require '../../common.php';
 require SYSTEM . 'init.php';
 require SYSTEM . 'functions.php';
 require SYSTEM . 'status.php';
-require SYSTEM . 'login.php';
 
-if(!admin())
+$loginService = new LoginService();
+$loginService->checkLogin();
+
+if(!admin()) {
 	die('Access denied.');
+}
 
 if(!$status['online'])
 	die('Offline');

admin/tools/upload_image.php

@@ -1,13 +1,19 @@
 <?php
+
+use MyAAC\Services\LoginService;
+
 define('MYAAC_ADMIN', true);
 
 require '../../common.php';
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
-require SYSTEM . 'login.php';
 
-if(!admin())
+$loginService = new LoginService();
+$loginService->checkLogin();
+
+if(!admin()) {
 	die('Access denied.');
+}
 
 // Don't attempt to process the upload on an OPTIONS request
 if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

common.php

@@ -20,14 +20,14 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
+ * @copyright 2024 MyAAC
  * @link      https://my-aac.org
  */
 if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
 
 const MYAAC = true;
-const MYAAC_VERSION = '1.0-beta';
-const DATABASE_VERSION = 40;
+const MYAAC_VERSION = '2.0-dev';
+const DATABASE_VERSION = 44;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
@@ -156,7 +156,7 @@ if (file_exists(BASE . 'config.local.php')) {
 
 /** @var array $config */
 ini_set('log_errors', 1);
-if(@$config['env'] === 'dev') {
+if(@$config['env'] === 'dev' || defined('MYAAC_INSTALL')) {
 	ini_set('display_errors', 1);
 	ini_set('display_startup_errors', 1);
 	error_reporting(E_ALL);

composer.json

@@ -1,6 +1,6 @@
 {
     "require": {
-        "php": "^8.0",
+        "php": "^8.1",
         "ext-pdo": "*",
         "ext-pdo_mysql": "*",
         "ext-json": "*",
@@ -8,18 +8,19 @@
         "ext-dom": "*",
         "phpmailer/phpmailer": "^6.1",
         "composer/semver": "^3.2",
-        "twig/twig": "^2.0",
+        "twig/twig": "^3.11",
         "erusev/parsedown": "^1.7",
         "nikic/fast-route": "^1.3",
         "matomo/device-detector": "^6.0",
         "illuminate/database": "^10.18",
         "peppeocchi/php-cron-scheduler": "4.*",
         "symfony/console": "^6.4",
-        "symfony/string": "^6.4"
+        "symfony/string": "^6.4",
+        "symfony/var-dumper": "^6.4",
+        "filp/whoops": "^2.15",
+        "maximebf/debugbar": "1.*"
     },
     "require-dev": {
-        "filp/whoops": "^2.15",
-        "maximebf/debugbar": "dev-master",
         "phpstan/phpstan": "^1.10"
     },
     "autoload": {

cypress/e2e/1-install.cy.js

@@ -67,7 +67,7 @@ describe('Install MyAAC', () => {
 
 		cy.get('form').submit()
 
-		cy.contains('[class="alert alert-success"]', 'Congratulations', { timeout: 30000 }).should('be.visible')
+		cy.contains('[class="alert alert-success"]', 'Congratulations', { timeout: 60000 }).should('be.visible')
 
 		cy.wait(2000);
 

cypress/e2e/3-check-public-pages.cy.js

@@ -116,9 +116,9 @@ describe('Check Public Pages', () => {
 	})
 
 	// library
-	it('Go to creatures page', () => {
+	it('Go to monsters page', () => {
 		cy.visit({
-			url: Cypress.env('URL') + '/creatures',
+			url: Cypress.env('URL') + '/monsters',
 			method: 'GET',
 		})
 	})

cypress/e2e/4-check-protected-pages.cy.js

@@ -4,7 +4,7 @@ const YOU_ARE_NOT_LOGGEDIN = 'You are not logged in.';
 describe('Check Protected Pages', () => {
 
 	// character actions
-	it('Go to accouht character creation page', () => {
+	it('Go to account character creation page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/character/create',
 			method: 'GET',
@@ -12,7 +12,7 @@ describe('Check Protected Pages', () => {
 		cy.contains(REQUIRED_LOGIN_MESSAGE)
 	})
 
-	it('Go to accouht character deletion page', () => {
+	it('Go to account character deletion page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/character/delete',
 			method: 'GET',
@@ -21,7 +21,7 @@ describe('Check Protected Pages', () => {
 	})
 
 	// account actions
-	it('Go to accouht email change page', () => {
+	it('Go to account email change page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/email',
 			method: 'GET',
@@ -29,7 +29,7 @@ describe('Check Protected Pages', () => {
 		cy.contains(REQUIRED_LOGIN_MESSAGE)
 	})
 
-	it('Go to accouht password change page', () => {
+	it('Go to account password change page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/password',
 			method: 'GET',
@@ -37,7 +37,7 @@ describe('Check Protected Pages', () => {
 		cy.contains(REQUIRED_LOGIN_MESSAGE)
 	})
 
-	it('Go to accouht info change page', () => {
+	it('Go to account info change page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/info',
 			method: 'GET',
@@ -45,7 +45,7 @@ describe('Check Protected Pages', () => {
 		cy.contains(REQUIRED_LOGIN_MESSAGE)
 	})
 
-	it('Go to accouht logout change page', () => {
+	it('Go to account logout change page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/logout',
 			method: 'GET',

index.php

@@ -24,160 +24,7 @@
  * @link      https://my-aac.org
  */
 
-use MyAAC\UsageStatistics;
-use MyAAC\Visitors;
-
 require_once 'common.php';
 require_once SYSTEM . 'functions.php';
 
-$uri = $_SERVER['REQUEST_URI'];
-if(false !== strpos($uri, 'index.php')) {
-	$uri = str_replace_first('/index.php', '', $uri);
-}
-
-if(0 === strpos($uri, '/')) {
-	$uri = str_replace_first('/', '', $uri);
-}
-
-if(preg_match("/^[A-Za-z0-9-_%'+\/]+\.png$/i", $uri)) {
-	if (!empty(BASE_DIR)) {
-		$tmp = explode('.', str_replace_first(str_replace_first('/', '', BASE_DIR) . '/', '', $uri));
-	}
-	else {
-		$tmp = explode('.', $uri);
-	}
-
-	$_REQUEST['name'] = urldecode($tmp[0]);
-
-	chdir(TOOLS . 'signature');
-	include TOOLS . 'signature/index.php';
-	exit();
-}
-
-if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
-	http_response_code(404);
-	exit;
-}
-
-if((!isset($config['installed']) || !$config['installed']) && file_exists(BASE . 'install'))
-{
-	header('Location: ' . BASE_URL . 'install/');
-	exit();
-}
-
-$template_place_holders = array();
-
-require_once SYSTEM . 'init.php';
-
-require_once SYSTEM . 'template.php';
-require_once SYSTEM . 'login.php';
-require_once SYSTEM . 'status.php';
-
-$twig->addGlobal('config', $config);
-$twig->addGlobal('status', $status);
-
-// backward support for gesior
-if(setting('core.backward_support')) {
-	define('INITIALIZED', true);
-	$SQL = $db;
-	$layout_header = template_header();
-	$layout_name = $template_path;
-	$news_content = '';
-	$tickers_content = '';
-	$main_content = '';
-
-	$config['access_admin_panel'] = 2;
-	$group_id_of_acc_logged = 0;
-	if($logged && $account_logged)
-		$group_id_of_acc_logged = $account_logged->getGroupId();
-
-	$config['site'] = &$config;
-	$config['server'] = &$config['lua'];
-	$config['site']['shop_system'] = setting('core.gifts_system');
-	$config['site']['gallery_page'] = true;
-
-	if(!isset($config['vdarkborder']))
-		$config['vdarkborder'] = '#505050';
-	if(!isset($config['darkborder']))
-		$config['darkborder'] = '#D4C0A1';
-	if(!isset($config['lightborder']))
-		$config['lightborder'] = '#F1E0C6';
-
-	$config['site']['download_page'] = true;
-	$config['site']['serverinfo_page'] = true;
-	$config['site']['screenshot_page'] = true;
-
-	$forumSetting = setting('core.forum');
-	if($forumSetting != '')
-		$config['forum_link'] = (strtolower($forumSetting) === 'site' ? getLink('forum') : $forumSetting);
-
-	foreach($status as $key => $value)
-		$config['status']['serverStatus_' . $key] = $value;
-}
-
-require_once SYSTEM . 'router.php';
-
-$hooks->trigger(HOOK_STARTUP);
-
-// anonymous usage statistics
-// sent only when user agrees
-if(setting('core.anonymous_usage_statistics')) {
-	$report_time = 30 * 24 * 60 * 60; // report one time per 30 days
-	$should_report = true;
-
-	$value = '';
-	if($cache->enabled() && $cache->fetch('last_usage_report', $value)) {
-		$should_report = time() > (int)$value + $report_time;
-	}
-	else {
-		$value = '';
-		if(fetchDatabaseConfig('last_usage_report', $value)) {
-			$should_report = time() > (int)$value + $report_time;
-			if($cache->enabled()) {
-				$cache->set('last_usage_report', $value);
-			}
-		}
-		else {
-			registerDatabaseConfig('last_usage_report', time() - ($report_time - (7 * 24 * 60 * 60))); // first report after a week
-			$should_report = false;
-		}
-	}
-
-	if($should_report) {
-		UsageStatistics::report();
-
-		updateDatabaseConfig('last_usage_report', time());
-		if($cache->enabled()) {
-			$cache->set('last_usage_report', time());
-		}
-	}
-}
-
-if(setting('core.views_counter'))
-	require_once SYSTEM . 'counter.php';
-
-if(setting('core.visitors_counter')) {
-	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
-}
-
-/**
- * @var OTS_Account $account_logged
- */
-if ($logged && admin()) {
-	$content .= $twig->render('admin-bar.html.twig', [
-		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
-	]);
-}
-$title_full =  (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];
-require $template_path . '/' . $template_index;
-
-echo base64_decode('PCEtLSBQb3dlcmVkIGJ5IE15QUFDIDo6IGh0dHBzOi8vd3d3Lm15LWFhYy5vcmcvIC0tPg==') . PHP_EOL;
-if(superAdmin()) {
-	echo '<!-- Generated in: ' . round(microtime(true) - START_TIME, 4) . 'ms -->';
-	echo PHP_EOL . '<!-- Queries done: ' . $db->queries() . ' -->';
-	if(function_exists('memory_get_peak_usage')) {
-		echo PHP_EOL . '<!-- Peak memory usage: ' . convert_bytes(memory_get_peak_usage(true)) . ' -->';
-	}
-}
-
-$hooks->trigger(HOOK_FINISH);
+app()->run();

install/includes/functions.php

@@ -2,7 +2,9 @@
 defined('MYAAC') or die('Direct access not allowed!');
 function query($query)
 {
-	global $db, $error;
+	global $error;
+
+	$db = app()->get('database');
 
 	try {
 		$db->query($query);

install/includes/schema.sql

@@ -1,14 +1,14 @@
-SET @myaac_database_version = 40;
+SET @myaac_database_version = 43;
 
 CREATE TABLE `myaac_account_actions`
 (
+	`id` INT(11) NOT NULL AUTO_INCREMENT,
 	`account_id` INT(11) NOT NULL,
-	`ip` INT(10) UNSIGNED NOT NULL DEFAULT 0,
-	`ipv6` BINARY(16) NOT NULL DEFAULT 0,
+	`ip` VARCHAR(45) NOT NULL DEFAULT '',
 	`date` INT(11) NOT NULL DEFAULT 0,
 	`action` VARCHAR(255) NOT NULL DEFAULT '',
-	KEY (`account_id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+	PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_admin_menu`
 (
@@ -19,22 +19,7 @@ CREATE TABLE `myaac_admin_menu`
 	`flags` INT(11) NOT NULL DEFAULT 0,
 	`enabled` INT(1) NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
-
-CREATE TABLE `myaac_bugtracker`
-(
-	`account` VARCHAR(255) NOT NULL,
-	`type` INT(11) NOT NULL DEFAULT 0,
-	`status` INT(11) NOT NULL DEFAULT 0,
-	`text` text NOT NULL,
-	`id` INT(11) NOT NULL DEFAULT 0,
-	`subject` VARCHAR(255) NOT NULL DEFAULT '',
-	`reply` INT(11) NOT NULL DEFAULT 0,
-	`who` INT(11) NOT NULL DEFAULT 0,
-	`uid` INT(11) NOT NULL AUTO_INCREMENT,
-	`tag` INT(11) NOT NULL DEFAULT 0,
-	PRIMARY KEY (`uid`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_changelog`
 (
@@ -46,7 +31,7 @@ CREATE TABLE `myaac_changelog`
 	`player_id` INT(11) NOT NULL DEFAULT 0,
 	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 INSERT INTO `myaac_changelog` (`id`, `type`, `where`, `date`, `body`, `hide`) VALUES (1, 3, 2, UNIX_TIMESTAMP(), 'MyAAC installed. (:', 0);
 
@@ -57,7 +42,7 @@ CREATE TABLE `myaac_config`
 	`value` VARCHAR(1000) NOT NULL,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 INSERT INTO `myaac_config` (`name`, `value`) VALUES ('database_version', @myaac_database_version);
 
@@ -69,7 +54,7 @@ CREATE TABLE `myaac_faq`
 	`ordering` INT(11) NOT NULL DEFAULT 0,
 	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_forum_boards`
 (
@@ -82,7 +67,7 @@ CREATE TABLE `myaac_forum_boards`
 	`closed` TINYINT(1) NOT NULL DEFAULT 0,
 	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`, `closed`) VALUES (NULL, 'News', 'News commenting', 0, 1);
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`) VALUES (NULL, 'Trade', 'Trade offers.', 1);
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`) VALUES (NULL, 'Quests', 'Quest making.', 2);
@@ -106,12 +91,12 @@ CREATE TABLE `myaac_forum`
 	`post_date` int(20) NOT NULL default '0',
 	`last_edit_aid` int(20) NOT NULL default '0',
 	`edit_date` int(20) NOT NULL default '0',
-	`post_ip` varchar(32) NOT NULL default '0.0.0.0',
+	`post_ip` varchar(45) NOT NULL default '0.0.0.0',
 	`sticked` tinyint(1) NOT NULL DEFAULT '0',
 	`closed` tinyint(1) NOT NULL DEFAULT '0',
 	PRIMARY KEY (`id`),
 	KEY `section` (`section`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_menu`
 (
@@ -125,7 +110,7 @@ CREATE TABLE `myaac_menu`
 	`ordering` INT(11) NOT NULL DEFAULT 0,
 	`enabled` INT(1) NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_monsters` (
 	`id` int(11) NOT NULL AUTO_INCREMENT,
@@ -158,7 +143,7 @@ CREATE TABLE `myaac_monsters` (
 	`loot` text NOT NULL,
 	`summons` TEXT NOT NULL,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_news`
 (
@@ -176,7 +161,7 @@ CREATE TABLE `myaac_news`
 	`article_image` VARCHAR(100) NOT NULL DEFAULT '',
 	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_news_categories`
 (
@@ -186,7 +171,7 @@ CREATE TABLE `myaac_news_categories`
 	`icon_id` INT(2) NOT NULL DEFAULT 0,
 	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 INSERT INTO `myaac_news_categories` (`id`, `icon_id`) VALUES (NULL, 0);
 INSERT INTO `myaac_news_categories` (`id`, `icon_id`) VALUES (NULL, 1);
@@ -202,7 +187,7 @@ CREATE TABLE `myaac_notepad`
 	`content` TEXT NOT NULL,
 	/*`public` TINYINT(1) NOT NULL DEFAULT 0*/
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_pages`
 (
@@ -218,7 +203,7 @@ CREATE TABLE `myaac_pages`
 	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_gallery`
 (
@@ -230,7 +215,7 @@ CREATE TABLE `myaac_gallery`
 	`ordering` INT(11) NOT NULL DEFAULT 0,
 	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 INSERT INTO `myaac_gallery` (`id`, `ordering`, `comment`, `image`, `thumb`, `author`) VALUES (NULL, 1, 'Demon', 'images/gallery/demon.jpg', 'images/gallery/demon_thumb.gif', 'MyAAC');
 
@@ -242,7 +227,7 @@ CREATE TABLE `myaac_settings`
 	`value` TEXT NOT NULL,
 	PRIMARY KEY (`id`),
 	KEY `key` (`key`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_spells`
 (
@@ -265,7 +250,7 @@ CREATE TABLE `myaac_spells`
 	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_visitors`
 (
@@ -274,7 +259,7 @@ CREATE TABLE `myaac_visitors`
 	`page` VARCHAR(2048) NOT NULL,
 	`user_agent` VARCHAR(255) NOT NULL DEFAULT '',
 	UNIQUE (`ip`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_weapons`
 (
@@ -283,4 +268,4 @@ CREATE TABLE `myaac_weapons`
 	`maglevel` INT(11) NOT NULL DEFAULT 0,
 	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
 	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;

install/index.php

@@ -3,9 +3,9 @@
 use Twig\Environment as Twig_Environment;
 use Twig\Loader\FilesystemLoader as Twig_FilesystemLoader;
 
-require '../common.php';
+const MYAAC_INSTALL = true;
 
-define('MYAAC_INSTALL', true);
+require '../common.php';
 
 // includes
 require SYSTEM . 'functions.php';
@@ -114,7 +114,7 @@ else if($step == 'finish') {
 	$email = $_SESSION['var_email'];
 	$password = $_SESSION['var_password'];
 	$password_confirm = $_SESSION['var_password_confirm'];
-	$player_name = $_SESSION['var_player_name'];
+	$player_name = $_SESSION['var_player_name'] ?? null;
 
 	// email check
 	if(empty($email)) {
@@ -125,18 +125,7 @@ else if($step == 'finish') {
 	}
 
 	// account check
-	if(isset($_SESSION['var_account'])) {
-		if(empty($_SESSION['var_account'])) {
-			$errors[] = $locale['step_admin_account_error_empty'];
-		}
-		else if(!Validator::accountName($_SESSION['var_account'])) {
-			$errors[] = $locale['step_admin_account_error_format'];
-		}
-		else if(strtoupper($_SESSION['var_account']) == strtoupper($password)) {
-			$errors[] = $locale['step_admin_account_error_same'];
-		}
-	}
-	else if(isset($_SESSION['var_account_id'])) {
+	if(isset($_SESSION['var_account_id'])) {
 		if(empty($_SESSION['var_account_id'])) {
 			$errors[] = $locale['step_admin_account_id_error_empty'];
 		}
@@ -147,6 +136,17 @@ else if($step == 'finish') {
 			$errors[] = $locale['step_admin_account_id_error_same'];
 		}
 	}
+	else if(isset($_SESSION['var_account'])) {
+		if(empty($_SESSION['var_account'])) {
+			$errors[] = $locale['step_admin_account_error_empty'];
+		}
+		else if(!Validator::accountName($_SESSION['var_account'])) {
+			$errors[] = $locale['step_admin_account_error_format'];
+		}
+		else if(strtoupper($_SESSION['var_account']) == strtoupper($password)) {
+			$errors[] = $locale['step_admin_account_error_same'];
+		}
+	}
 
 	// password check
 	if(empty($password)) {
@@ -159,13 +159,14 @@ else if($step == 'finish') {
 		$errors[] = $locale['step_admin_password_confirm_error_not_same'];
 	}
 
+	if (isset($player_name)) {
 		// player name check
-	if(empty($player_name)) {
+		if (empty($player_name)) {
 			$errors[] = $locale['step_admin_player_name_error_empty'];
-	}
-	else if(!Validator::characterName($player_name)) {
+		} else if (!Validator::characterName($player_name)) {
 			$errors[] = $locale['step_admin_player_name_error_format'];
 		}
+	}
 
 	if(!empty($errors)) {
 		$step = 'admin';
@@ -182,14 +183,14 @@ clearstatcache();
 if(is_writable(CACHE) && (MYAAC_OS != 'WINDOWS' || win_is_writable(CACHE))) {
 	if(!file_exists(BASE . 'install/ip.txt')) {
 		$content = warning('AAC installation is disabled. To enable it make file <b>ip.txt</b> in install/ directory and put there your IP.<br/>
-		Your IP is:<br /><b>' . $_SERVER['REMOTE_ADDR'] . '</b>', true);
+		Your IP is:<br /><b>' . get_browser_real_ip() . '</b>', true);
 	}
 	else {
 		$file_content = trim(file_get_contents(BASE . 'install/ip.txt'));
 		$allow = false;
 		$listIP = preg_split('/\s+/', $file_content);
 		foreach($listIP as $ip) {
-			if($_SERVER['REMOTE_ADDR'] == $ip) {
+			if(get_browser_real_ip() == $ip) {
 				$allow = true;
 			}
 		}
@@ -198,7 +199,7 @@ if(is_writable(CACHE) && (MYAAC_OS != 'WINDOWS' || win_is_writable(CACHE))) {
 		{
 			$content = warning('In file <b>install/ip.txt</b> must be your IP!<br/>
 			In file is:<br /><b>' . nl2br($file_content) . '</b><br/>
-			Your IP is:<br /><b>' . $_SERVER['REMOTE_ADDR'] . '</b>', true);
+			Your IP is:<br /><b>' . get_browser_real_ip() . '</b>', true);
 		}
 		else {
 			ob_start();

install/steps/3-requirements.php

@@ -2,10 +2,15 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 // configuration
-$dirs_required = [
+$dirs_required_writable = [
 	'system/logs',
 	'system/cache',
 ];
+
+$dirs_required = [
+	'tools/ext' => $locale['step_requirements_folder_not_exists_tools_ext'],
+];
+
 $dirs_optional = [
 	GUILD_IMAGES_DIR => $locale['step_requirements_warning_images_guilds'],
 	GALLERY_DIR => $locale['step_requirements_warning_images_gallery'],
@@ -18,6 +23,7 @@ $extensions_optional = [
 	'gd' => $locale['step_requirements_warning_player_signatures'],
 	'zip' => $locale['step_requirements_warning_install_plugins'],
 ];
+
 /*
  *
  * @param string $name
@@ -41,7 +47,7 @@ $failed = false;
 // start validating
 version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50500), PHP_VERSION);
 
-foreach ($dirs_required as $value)
+foreach ($dirs_required_writable as $value)
 {
 	$is_writable = is_writable(BASE . $value) && (MYAAC_OS != 'WINDOWS' || win_is_writable(BASE . $value));
 	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $is_writable);
@@ -52,6 +58,12 @@ foreach ($dirs_optional as $dir => $errorMsg) {
 	version_check($locale['step_requirements_write_perms'] . ': ' . $dir, $is_writable, $is_writable ? '' : $errorMsg, true);
 }
 
+foreach ($dirs_required as $dir => $errorMsg)
+{
+	$exists = is_dir(BASE . $dir);
+	version_check($locale['step_requirements_folder_exists'] . ': ' . $dir, $exists, $exists ? '' : $errorMsg);
+}
+
 $ini_register_globals = ini_get_bool('register_globals');
 version_check('register_long_arrays', !$ini_register_globals, $ini_register_globals ? $locale['on'] : $locale['off']);
 
@@ -78,4 +90,3 @@ if($failed) {
 }
 
 echo '</div>';
-?>

install/steps/5-database.php

@@ -40,50 +40,40 @@ if(!$error) {
 	$configToSave['gzip_output'] = false;
 	$configToSave['cache_engine'] = 'auto';
 	$configToSave['cache_prefix'] = 'myaac_' . generateRandomString(8, true, false, true);
-
-	require BASE . 'install/includes/config.php';
+	$configToSave['database_auto_migrate'] = true;
 
 	if(!$error) {
+		$content = '';
+		$saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content);
+		if ($saved) {
+			success($locale['step_database_config_saved']);
+			$_SESSION['saved'] = true;
+
+			require BASE . 'config.local.php';
+			require BASE . 'install/includes/config.php';
+
+			if (!$error) {
 				require BASE . 'install/includes/database.php';
 
-		$locale['step_database_importing'] = str_replace('$DATABASE_NAME$', config('database_name'), $locale['step_database_importing']);
-		success($locale['step_database_importing']);
-
-		if(isset($database_error)) { // we failed connect to the database
+				if (isset($database_error)) { // we failed connect to the database
 					error($database_error);
 				}
 				else {
-			if(!$db->hasTable('accounts')) {
+					if (!$db->hasTable('accounts')) {
 						$tmp = str_replace('$TABLE$', 'accounts', $locale['step_database_error_table']);
 						error($tmp);
 						$error = true;
 					}
 
-			if(!$db->hasTable('players')) {
-				$tmp = str_replace('$TABLE$', 'players', $locale['step_database_error_table']);
-				error($tmp);
-				$error = true;
-			}
-
-			if(!$db->hasTable('guilds')) {
-				$tmp = str_replace('$TABLE$', 'guilds', $locale['step_database_error_table']);
-				error($tmp);
-				$error = true;
-			}
-
-			if(!$error) {
+					if (!$error) {
 						$twig->display('install.installer.html.twig', array(
 							'url' => 'tools/5-database.php',
 							'message' => $locale['loading_spinner']
 						));
-
-				$content = '';
-				$saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content);
-				if($saved) {
-					success($locale['step_database_config_saved']);
-					$_SESSION['saved'] = true;
 					}
-				else {
+				}
+			}
+		} else {
 			$_SESSION['config_content'] = $content;
 			unset($_SESSION['saved']);
 
@@ -92,8 +82,6 @@ if(!$error) {
 				<textarea cols="70" rows="10">' . $content . '</textarea>');
 		}
 	}
-		}
-	}
 }
 ?>
 

install/steps/6-admin.php

@@ -18,6 +18,7 @@ if(!$error) {
 		'locale' => $locale,
 		'session' => $_SESSION,
 		'account' => $account,
+		'hasTablePlayers' => $db->hasTable('players'),
 		'errors' => isset($errors) ? $errors : null,
 		'buttons' => next_buttons(true, $error ? false : true)
 	));

install/steps/7-finish.php

@@ -1,5 +1,7 @@
 <?php
 
+use MyAAC\Cache\Cache;
+use MyAAC\Models\News;
 use MyAAC\Settings;
 
 defined('MYAAC') or die('Direct access not allowed!');
@@ -7,29 +9,40 @@ defined('MYAAC') or die('Direct access not allowed!');
 ini_set('max_execution_time', 300);
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
+	return;
 }
-else {
-	require SYSTEM . 'init.php';
-	if(!$error) {
-		if(USE_ACCOUNT_NAME || USE_ACCOUNT_NUMBER)
-			$account = isset($_SESSION['var_account']) ? $_SESSION['var_account'] : null;
-		else
-			$account_id = isset($_SESSION['var_account_id']) ? $_SESSION['var_account_id'] : null;
 
-		$password = $_SESSION['var_password'];
+$cache = app()->get('cache');
+if ($cache->enabled()) {
+	// clear plugin_hooks to have fresh hooks
+	$cache->delete('plugins_hooks');
+}
 
-		if(USE_ACCOUNT_SALT)
-		{
+require SYSTEM . 'init.php';
+if($error) {
+	return;
+}
+
+if(USE_ACCOUNT_NAME || USE_ACCOUNT_NUMBER)
+	$account = $_SESSION['var_account'] ?? null;
+else
+	$account_id = $_SESSION['var_account_id'] ?? null;
+
+$password = $_SESSION['var_password'];
+
+if(USE_ACCOUNT_SALT)
+{
 	$salt = generateRandomString(10, false, true, true);
 	$password = $salt . $password;
-		}
+}
 
-		$account_db = new OTS_Account();
-		if(isset($account))
+$account_db = new OTS_Account();
+if(isset($account))
 	$account_db->find($account);
-		else
+else
 	$account_db->load($account_id);
 
+if ($db->hasTable('players')) {
 	$player_name = $_SESSION['var_player_name'];
 	$player_db = new OTS_Player();
 	$player_db->find($player_name);
@@ -45,18 +58,19 @@ else {
 		$player_used = &$player_db;
 	}
 
-		$groups = new OTS_Groups_List();
+	$groups = app()->get('groups');
 	$player_used->setGroupId($groups->getHighestId());
+}
 
-		$email = $_SESSION['var_email'];
-		if($account_db->isLoaded()) {
+$email = $_SESSION['var_email'];
+if($account_db->isLoaded()) {
 	$account_db->setPassword(encrypt($password));
 	$account_db->setEMail($email);
 	$account_db->save();
 
 	$account_used = &$account_db;
-		}
-		else {
+}
+else {
 	$new_account = new OTS_Account();
 	if(USE_ACCOUNT_NAME) {
 		$new_account->create($account);
@@ -74,53 +88,74 @@ else {
 	$new_account->logAction('Account created.');
 
 	$account_used = &$new_account;
-		}
+}
 
-		if(USE_ACCOUNT_SALT)
+if(USE_ACCOUNT_SALT)
 	$account_used->setCustomField('salt', $salt);
 
-		$account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
-		$account_used->setCustomField('country', 'us');
-		if($db->hasColumn('accounts', 'group_id'))
+$account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
+$account_used->setCustomField('country', 'us');
+$account_used->setCustomField('email_verified', 1);
+
+if($db->hasColumn('accounts', 'group_id'))
 	$account_used->setCustomField('group_id', $groups->getHighestId());
-		if($db->hasColumn('accounts', 'type'))
+if($db->hasColumn('accounts', 'type'))
 	$account_used->setCustomField('type', 6);
 
-		if(!$player_db->isLoaded())
+if ($db->hasTable('players')) {
+	if(!$player_db->isLoaded()) {
 		$player->setAccountId($account_used->getId());
-		else
-			$player_db->setAccountId($account_used->getId());
-
-		success($locale['step_database_created_account']);
-
-		setSession('account', $account_used->getId());
-		setSession('password', encrypt($password));
-		setSession('remember_me', true);
-
-		if($player_db->isLoaded()) {
-			$player_db->save();
-		}
-		else {
 		$player->save();
 	}
+	else {
+		$player_db->setAccountId($account_used->getId());
+		$player_db->save();
+	}
+}
 
+success($locale['step_database_created_account']);
+
+setSession('account', $account_used->getId());
+setSession('password', encrypt($password));
+setSession('remember_me', true);
+
+if(!News::all()->count()) {
 	$player_id = 0;
-		$query = $db->query("SELECT `id` FROM `players` WHERE `name` = " . $db->quote($player_name) . ";");
-		if($query->rowCount() == 1) {
-			$query = $query->fetch();
-			$player_id = $query['id'];
+
+	if ($db->hasTable('players')) {
+		$tmpNewsPlayer = \MyAAC\Models\Player::where('name', $player_name)->first();
+		if($tmpNewsPlayer) {
+			$player_id = $tmpNewsPlayer->id;
+		}
 	}
 
-		$query = $db->query("SELECT `id` FROM `" . TABLE_PREFIX ."news` WHERE `title` LIKE 'Hello!';");
-		if($query->rowCount() == 0) {
-			if(query("INSERT INTO `" . TABLE_PREFIX ."news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hide`) VALUES (NULL, '1', UNIX_TIMESTAMP(), '2', 'Hello!', 'MyAAC is just READY to use!', " . $player_id . ", 'https://my-aac.org', '0');
-	INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hide`) VALUES (NULL, '2', UNIX_TIMESTAMP(), '4', 'Hello tickets!', 'https://my-aac.org', " . $player_id . ", '', '0');")) {
+	News::create([
+		'type' => 1,
+		'date' => time(),
+		'category' => 2,
+		'title' => 'Hello!',
+		'body' => 'MyAAC is just READY to use!',
+		'player_id' => $player_id,
+		'comments' => 'https://my-aac.org',
+		'hide' => 0,
+	]);
+
+	News::create([
+		'type' => 2,
+		'date' => time(),
+		'category' => 4,
+		'title' => 'Hello tickers!',
+		'body' => 'https://my-aac.org',
+		'player_id' => $player_id,
+		'comments' => '',
+		'hide' => 0,
+	]);
+
 	success($locale['step_database_created_news']);
-			}
-		}
+}
 
-		$settings = Settings::getInstance();
-		foreach($_SESSION as $key => $value) {
+$settings = Settings::getInstance();
+foreach($_SESSION as $key => $value) {
 	if (in_array($key, ['var_usage', 'var_date_timezone', 'var_client'])) {
 		if ($key == 'var_usage') {
 			$key = 'anonymous_usage_statistics';
@@ -133,15 +168,15 @@ else {
 
 		$settings->updateInDatabase('core', $key, $value);
 	}
-		}
-		success('Settings saved.');
+}
+success('Settings saved.');
 
-		$twig->display('install.installer.html.twig', array(
+$twig->display('install.installer.html.twig', array(
 	'url' => 'tools/7-finish.php',
 	'message' => $locale['importing_spinner']
-		));
+));
 
-		if(!isset($_SESSION['installed'])) {
+if(!isset($_SESSION['installed'])) {
 	if (!array_key_exists('CI', getenv())) {
 		$report_url = 'https://my-aac.org/report_install.php?v=' . MYAAC_VERSION . '&b=' . urlencode(BASE_URL);
 		if (function_exists('curl_version'))
@@ -158,15 +193,15 @@ else {
 	}
 
 	$_SESSION['installed'] = true;
-		}
+}
 
-		foreach($_SESSION as $key => $value) {
+foreach($_SESSION as $key => $value) {
 	if(strpos($key, 'var_') !== false)
 		unset($_SESSION[$key]);
-		}
-		unset($_SESSION['saved']);
-		if(file_exists(CACHE . 'install.txt')) {
-			unlink(CACHE . 'install.txt');
-		}
-	}
 }
+unset($_SESSION['saved']);
+if(file_exists(CACHE . 'install.txt')) {
+	unlink(CACHE . 'install.txt');
+}
+
+$hooks->trigger(HOOK_INSTALL_FINISH_END);

install/template/template.php

@@ -1,3 +1,4 @@
+<?php defined('MYAAC') or die('Direct access not allowed!'); ?>
 <!DOCTYPE html>
 <html dir="<?php echo $locale['direction']; ?>" lang="<?php echo $locale['lang']; ?>" xml:lang="<?php echo $locale['lang']; ?>">
 <head>

install/tools/5-database.php

@@ -32,6 +32,9 @@ if($db->hasTable(TABLE_PREFIX . 'account_actions')) {
 else {
 	// import schema
 	try {
+		$locale['step_database_importing'] = str_replace('$DATABASE_NAME$', config('database_name'), $locale['step_database_importing']);
+		success($locale['step_database_importing']);
+
 		$db->query(file_get_contents(BASE . 'install/includes/schema.sql'));
 
 		$locale['step_database_success_schema'] = str_replace('$PREFIX$', TABLE_PREFIX, $locale['step_database_success_schema']);
@@ -138,75 +141,86 @@ if(!$db->hasColumn('accounts', 'premium_points')) {
 		success($locale['step_database_adding_field'] . ' accounts.premium_points...');
 }
 
-if($db->hasColumn('guilds', 'checkdata')) {
-	if(query("ALTER TABLE `guilds` MODIFY `checkdata` INT NOT NULL DEFAULT 0;"))
+if ($db->hasTable('guilds')) {
+	if ($db->hasColumn('guilds', 'checkdata')) {
+		if (query("ALTER TABLE `guilds` MODIFY `checkdata` INT NOT NULL DEFAULT 0;"))
 			success($locale['step_database_modifying_field'] . ' guilds.checkdata...');
-}
+	}
 
-if(!$db->hasColumn('guilds', 'motd')) {
-	if(query("ALTER TABLE `guilds` ADD `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
+	if (!$db->hasColumn('guilds', 'motd')) {
+		if (query("ALTER TABLE `guilds` ADD `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
 			success($locale['step_database_adding_field'] . ' guilds.motd...');
-}
-else {
-	if(query("ALTER TABLE `guilds` MODIFY `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
+	} else {
+		if (query("ALTER TABLE `guilds` MODIFY `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
 			success($locale['step_database_modifying_field'] . ' guilds.motd...');
-}
+	}
 
-if(!$db->hasColumn('guilds', 'description')) {
-	if(query("ALTER TABLE `guilds` ADD `description` TEXT NOT NULL;"))
+	if (!$db->hasColumn('guilds', 'description')) {
+		if (query("ALTER TABLE `guilds` ADD `description` VARCHAR(5000) NOT NULL DEFAULT '';"))
 			success($locale['step_database_adding_field'] . ' guilds.description...');
-}
+	}
+	else {
+		if (query("ALTER TABLE `guilds` MODIFY `description` VARCHAR(5000) NOT NULL DEFAULT '';")) {
+			success($locale['step_database_modifying_field'] . ' guilds.description...');
+		}
+	}
 
-if($db->hasColumn('guilds', 'logo_gfx_name')) {
-	if(query("ALTER TABLE `guilds` CHANGE `logo_gfx_name` `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';")) {
+	if ($db->hasColumn('guilds', 'logo_gfx_name')) {
+		if (query("ALTER TABLE `guilds` CHANGE `logo_gfx_name` `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';")) {
 			$tmp = str_replace('$FIELD$', 'guilds.logo_gfx_name', $locale['step_database_changing_field']);
 			$tmp = str_replace('$FIELD_NEW$', 'guilds.logo_name', $tmp);
 			success($tmp);
 		}
-}
-else if(!$db->hasColumn('guilds', 'logo_name')) {
-	if(query("ALTER TABLE `guilds` ADD `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';"))
+	} else if (!$db->hasColumn('guilds', 'logo_name')) {
+		if (query("ALTER TABLE `guilds` ADD `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';"))
 			success($locale['step_database_adding_field'] . ' guilds.logo_name...');
+	}
 }
 
-if(!$db->hasColumn('players', 'created')) {
-	if(query("ALTER TABLE `players` ADD `created` INT(11) NOT NULL DEFAULT 0;"))
+if ($db->hasTable('players')) {
+	if (!$db->hasColumn('players', 'created')) {
+		if (query("ALTER TABLE `players` ADD `created` INT(11) NOT NULL DEFAULT 0;"))
 			success($locale['step_database_adding_field'] . ' players.created...');
-}
+	}
 
-if(!$db->hasColumn('players', 'deleted') && !$db->hasColumn('players', 'deletion')) {
-	if(query("ALTER TABLE `players` ADD `deleted` TINYINT(1) NOT NULL DEFAULT 0;"))
+	if (!$db->hasColumn('players', 'deleted') && !$db->hasColumn('players', 'deletion')) {
+		if (query("ALTER TABLE `players` ADD `deleted` TINYINT(1) NOT NULL DEFAULT 0;"))
 			success($locale['step_database_adding_field'] . ' players.deleted...');
-}
+	}
 
-if($db->hasColumn('players', 'hide_char')) {
-	if(!$db->hasColumn('players', 'hide')) {
-		if(query("ALTER TABLE `players` CHANGE `hide_char` `hide` TINYINT(1) NOT NULL DEFAULT 0;")) {
+	if ($db->hasColumn('players', 'hide_char')) {
+		if (!$db->hasColumn('players', 'hide')) {
+			if (query("ALTER TABLE `players` CHANGE `hide_char` `hide` TINYINT(1) NOT NULL DEFAULT 0;")) {
 				$tmp = str_replace('$FIELD$', 'players.hide_char', $locale['step_database_changing_field']);
 				$tmp = str_replace('$FIELD_NEW$', 'players.hide', $tmp);
 				success($tmp);
 			}
 		}
-}
-else if(!$db->hasColumn('players', 'hide')) {
-	if(query("ALTER TABLE `players` ADD `hide` TINYINT(1) NOT NULL DEFAULT 0;"))
+	} else if (!$db->hasColumn('players', 'hide')) {
+		if (query("ALTER TABLE `players` ADD `hide` TINYINT(1) NOT NULL DEFAULT 0;"))
 			success($locale['step_database_adding_field'] . ' players.hide...');
-}
+	}
 
-if(!$db->hasColumn('players', 'comment')) {
-	if(query("ALTER TABLE `players` ADD `comment` TEXT NOT NULL;"))
+	if (!$db->hasColumn('players', 'comment')) {
+		if (query("ALTER TABLE `players` ADD `comment` VARCHAR(5000) NOT NULL DEFAULT '';"))
 			success($locale['step_database_adding_field'] . ' players.comment...');
-}
+	}
+	else {
+		if (query("ALTER TABLE `players` MODIFY `comment` VARCHAR(5000) NOT NULL DEFAULT '';")) {
+			success($locale['step_database_modifying_field'] . ' players.comment...');
+		}
+	}
 
-if($db->hasColumn('players', 'rank_id')) {
-	if(query("ALTER TABLE players MODIFY `rank_id` INT(11) NOT NULL DEFAULT 0;"))
+	if ($db->hasColumn('players', 'rank_id')) {
+		if (query("ALTER TABLE players MODIFY `rank_id` INT(11) NOT NULL DEFAULT 0;"))
 			success($locale['step_database_modifying_field'] . ' players.rank_id...');
 
-	if($db->hasColumn('players', 'guildnick')) {
-		if(query("ALTER TABLE players MODIFY `guildnick` VARCHAR(255) NOT NULL DEFAULT '';")) {
+		if ($db->hasColumn('players', 'guildnick')) {
+			if (query("ALTER TABLE players MODIFY `guildnick` VARCHAR(255) NOT NULL DEFAULT '';")) {
 				success($locale['step_database_modifying_field'] . ' players.guildnick...');
 			}
 		}
+	}
 }
 
 if($db->hasTable('z_forum')) {

install/tools/7-finish.php

@@ -25,30 +25,35 @@ if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['save
 
 require SYSTEM . 'init.php';
 
-$deleted = 'deleted';
-if($db->hasColumn('players', 'deletion'))
+if ($db->hasTable('players')) {
+	$deleted = 'deleted';
+	if ($db->hasColumn('players', 'deletion'))
 		$deleted = 'deletion';
 
-$time = time();
-function insert_sample_if_not_exist($p) {
-	global $db, $success, $deleted, $time;
+	$time = time();
+	function insert_sample_if_not_exist($p)
+	{
+		global $success, $deleted, $time;
+
+		$db = app()->get('database');
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote($p['name']));
-	if($query->rowCount() == 0) {
-		if(!query("INSERT INTO `players` (`id`, `name`, `group_id`, `account_id`, `level`, `vocation`, `health`, `healthmax`, `experience`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`, `maglevel`, `mana`, `manamax`, `manaspent`, `soul`, `town_id`, `posx`, `posy`, `posz`, `conditions`, `cap`, `sex`, `lastlogin`, `lastip`, `save`, `lastlogout`, `balance`, `$deleted`, `created`, `hide`, `comment`) VALUES (null, " . $db->quote($p['name']) . ", 1, " . getSession('account') . ", " . $p['level'] . ", " . $p['vocation_id'] . ", " . $p['health'] . ", " . $p['healthmax'] . ", " . $p['experience'] . ", 118, 114, 38, 57, " . $p['looktype'] . ", 0, " . $p['mana'] . ", " . $p['manamax'] . ", 0, " . $p['soul'] . ", 1, 1000, 1000, 7, '', " . $p['cap'] . ", 1, " . $time . ", 2130706433, 1, " . $time . ", 0, 0, " . $time . ", 1, '');"))
+		if ($query->rowCount() == 0) {
+			if (!query("INSERT INTO `players` (`id`, `name`, `group_id`, `account_id`, `level`, `vocation`, `health`, `healthmax`, `experience`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`, `maglevel`, `mana`, `manamax`, `manaspent`, `soul`, `town_id`, `posx`, `posy`, `posz`, `conditions`, `cap`, `sex`, `lastlogin`, `lastip`, `save`, `lastlogout`, `balance`, `$deleted`, `created`, `hide`, `comment`) VALUES (null, " . $db->quote($p['name']) . ", 1, " . getSession('account') . ", " . $p['level'] . ", " . $p['vocation_id'] . ", " . $p['health'] . ", " . $p['healthmax'] . ", " . $p['experience'] . ", 118, 114, 38, 57, " . $p['looktype'] . ", 0, " . $p['mana'] . ", " . $p['manamax'] . ", 0, " . $p['soul'] . ", 1, 1000, 1000, 7, '', " . $p['cap'] . ", 1, " . $time . ", 2130706433, 1, " . $time . ", 0, 0, " . $time . ", 1, '');"))
 				$success = false;
 		}
-}
+	}
 
-$success = true;
-insert_sample_if_not_exist(array('name' => 'Rook Sample', 'level' => 1, 'vocation_id' => 0, 'health' => 150, 'healthmax' => 150, 'experience' => 0, 'looktype' => 130, 'mana' => 0, 'manamax' => 0, 'soul' => 100, 'cap' => 400));
-insert_sample_if_not_exist(array('name' => 'Sorcerer Sample', 'level' => 8, 'vocation_id' => 1, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
-insert_sample_if_not_exist(array('name' => 'Druid Sample', 'level' => 8, 'vocation_id' => 2, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
-insert_sample_if_not_exist(array('name' => 'Paladin Sample', 'level' => 8, 'vocation_id' => 3, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 129, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
-insert_sample_if_not_exist(array('name' => 'Knight Sample', 'level' => 8, 'vocation_id' => 4, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 131, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
+	$success = true;
+	insert_sample_if_not_exist(array('name' => 'Rook Sample', 'level' => 1, 'vocation_id' => 0, 'health' => 150, 'healthmax' => 150, 'experience' => 0, 'looktype' => 130, 'mana' => 0, 'manamax' => 0, 'soul' => 100, 'cap' => 400));
+	insert_sample_if_not_exist(array('name' => 'Sorcerer Sample', 'level' => 8, 'vocation_id' => 1, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
+	insert_sample_if_not_exist(array('name' => 'Druid Sample', 'level' => 8, 'vocation_id' => 2, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
+	insert_sample_if_not_exist(array('name' => 'Paladin Sample', 'level' => 8, 'vocation_id' => 3, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 129, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
+	insert_sample_if_not_exist(array('name' => 'Knight Sample', 'level' => 8, 'vocation_id' => 4, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 131, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
 
-if($success) {
+	if ($success) {
 		success($locale['step_database_imported_players']);
+	}
 }
 
 Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php');
@@ -59,16 +64,21 @@ DataLoader::load();
 
 // update config.highscores_ids_hidden
 require_once SYSTEM . 'migrations/20.php';
+$up();
 
 // add z_polls tables
 require_once SYSTEM . 'migrations/22.php';
+$up();
 
 // add myaac_pages pages
 require_once SYSTEM . 'migrations/27.php';
+$up();
 require_once SYSTEM . 'migrations/30.php';
+$up();
 
 // new monster columns
 require_once SYSTEM . 'migrations/31.php';
+$up();
 
 if(ModelsFAQ::count() == 0) {
 	ModelsFAQ::create([
@@ -77,6 +87,8 @@ if(ModelsFAQ::count() == 0) {
 	]);
 }
 
+$hooks->trigger(HOOK_INSTALL_FINISH);
+
 $db->setClearCacheAfter(true);
 
 $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_replace('tools/', '',ADMIN_URL), $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);

login.php

@@ -4,6 +4,7 @@ use MyAAC\Models\BoostedCreature;
 use MyAAC\Models\PlayerOnline;
 use MyAAC\Models\Account;
 use MyAAC\Models\Player;
+use MyAAC\RateLimit;
 
 require_once 'common.php';
 require_once SYSTEM . 'functions.php';
@@ -130,12 +131,29 @@ switch ($action) {
 		}
 
 		$account = $account->first();
+
+		$ip = get_browser_real_ip();
+		$limiter = new RateLimit('failed_logins', setting('core.account_login_attempts_limit'), setting('core.account_login_ban_time'));
+		$limiter->enabled = setting('core.account_login_ipban_protection');
+		$limiter->load();
+
+		$ban_msg = 'A wrong account, password or secret has been entered ' . setting('core.account_login_attempts_limit') . ' times in a row. You are unable to log into your account for the next ' . setting('core.account_login_ban_time') . ' minutes. Please wait.';
 		if (!$account) {
+			$limiter->increment($ip);
+			if ($limiter->exceeded($ip)) {
+				sendError($ban_msg);
+			}
+			
 			sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');
 		}
 
 		$current_password = encrypt((USE_ACCOUNT_SALT ? $account->salt : '') . $request->password);
 		if (!$account || $account->password != $current_password) {
+			$limiter->increment($ip);
+			if ($limiter->exceeded($ip)) {
+				sendError($ban_msg);
+			}
+
 			sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');
 		}
 
@@ -145,16 +163,30 @@ switch ($action) {
 			if ($accountSecret != null && $accountSecret != '') {
 				$accountHasSecret = true;
 				if ($inputToken === false) {
+					$limiter->increment($ip);
+					if ($limiter->exceeded($ip)) {
+						sendError($ban_msg);
+					}
 					sendError('Submit a valid two-factor authentication token.', 6);
 				} else {
 					require_once LIBS . 'rfc6238.php';
 					if (TokenAuth6238::verify($accountSecret, $inputToken) !== true) {
+						$limiter->increment($ip);
+						if ($limiter->exceeded($ip)) {
+							sendError($ban_msg);
+						}
+
 						sendError('Two-factor authentication failed, token is wrong.', 6);
 					}
 				}
 			}
 		}
 
+		$limiter->reset($ip);
+		if (setting('core.account_mail_verify') && $account->email_verified !== 1) {
+			sendError('You need to verify your account, enter in our site and resend verify e-mail!');
+		}
+
 		// common columns
 		$columns = 'id, name, level, sex, vocation, looktype, lookhead, lookbody, looklegs, lookfeet, lookaddons';
 

nginx-sample.conf

@@ -10,22 +10,21 @@ server {
 	# this is very important, be sure its in your nginx conf - it prevents access to logs etc.
 	location ~ /system {
 		deny all;
-		return 404;
 	}
 
-	# block .htaccess
-	location ~ /\.ht {
+	# block .htaccess, CHANGELOG.md, composer.json etc.
+	# this is to prevent finding software versions
+	location ~\.(ht|md|json|dist)$ {
 		deny all;
 	}
 
 	# block git files and folders
 	location ~ /\.git {
-		return 404;
 		deny all;
 	}
 
 	location / {
-		try_files $uri $uri/ /index.php?$query_string;;
+		try_files $uri $uri/ /index.php?$query_string;
 	}
 
 	location ~ \.php$ {

package.json

@@ -4,7 +4,7 @@
     "postinstall": "node ./npm-post-install.js"
   },
   "devDependencies": {
-    "cypress": "^12.12.0"
+    "cypress": "^13.17.0"
   },
   "dependencies": {
     "@tinymce/tinymce-jquery": "^2.1.0",
@@ -12,6 +12,6 @@
     "fs-extra": "^11.2.0",
     "jquery": "^3.7.1",
     "jquery-ui": "^1.13.2",
-    "tinymce": "^6.8.3"
+    "tinymce": "^7.2.0"
   }
 }

phpstan.neon

@@ -28,7 +28,8 @@ parameters:
 		- '#Variable \$guild might not be defined#'
 		- '#Variable \$[a-zA-Z0-9\\_]+ might not be defined#'
 		# Eloquent models
-		- '#Call to an undefined static method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+()#'
+		- '#Call to an undefined static method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+\(\)#'
+		- '#Call to an undefined method object::toArray\(\)#'
 		# system/pages/highscores.php
 		- '#Call to an undefined method Illuminate\\Database\\Query\\Builder::withOnlineStatus\(\)#'
 		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$online_status#'

plugins/account-create-hint.json

@@ -1,6 +1,6 @@
 {
 	"name": "create-account-hint",
-	"description": "This plugin display text 'To play on Forgotten you need an account.  All you have to do to create your new account is to enter an account name, password, country and your email address. Also you have to agree to the terms presented below. If you have done so, your account name will be shown on the following page and your account password will be sent to your email address along with further instructions. If you do not receive the email with your password, please check your spam filter.' on the create account page. <strong>Be careful when uninstalling this!</strong>",
+	"description": "This plugin display text 'To play on Forgotten you need an account.  All you have to do to create your new account is to enter an account name, password, country and your email address. Also you have to agree to the terms presented below. If you have done so, your account name will be shown on the following page and your account password will be sent to your email address along with further instructions. If you do not receive the email with your password, please check your spam filter.' on the create account page.",
 	"version": "1.0",
 	"author": "slawkens",
 	"contact": "slawkens@gmail.com",

plugins/account-create-hint/hint.php

@@ -9,7 +9,4 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-global $twig_loader;
-$twig_loader->prependPath(BASE . 'plugins/account-create-hint');
-
-$twig->display('hint.html.twig');
+$twig->display('account-create-hint/hint.html.twig');

plugins/email-confirmed-reward/reward.php

@@ -1,8 +1,6 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
-$reward = setting('core.account_mail_confirmed_reward');
-
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $rewardCoins = setting('core.account_mail_confirmed_reward_coins');
 if ($rewardCoins > 0 && !$hasCoinsColumn) {

plugins/example.json

@@ -25,7 +25,8 @@
 	"hooks": {
 		"Example Hook": {
 			"type": "BEFORE_PAGE",
-			"file": "plugins/example/before.php"
+			"file": "plugins/example/before.php",
+			"priority": 1000
 		}
 	},
 	"routes": {
@@ -33,12 +34,20 @@
 			"pattern": "/YourAwesomePage/{name:string}/{page:int}",
 			"file": "plugins/your-plugin/your-awesome-page.php",
 			"method": "GET",
-			"priority": "130"
+			"priority": 130
 		},
 		"Redirect Example": {
 			"redirect_from": "/redirectExample",
 			"redirect_to": "account/manage"
 		}
 	},
-	"settings": "plugins/your-plugin-folder/settings.php"
+	"routes-default-priority": 1000,
+	"pages-default-priority": 1000,
+	"settings": "plugins/your-plugin-folder/settings.php",
+	"autoload": {
+		"pages": true,
+		"pagesSubFolders": false,
+		"commands": true,
+		"themes": true
+	}
  }

release.sh

@@ -22,7 +22,7 @@ if [ $1 = "prepare" ]; then
 	mkdir -p tmp
 
 	# get myaac from git archive
-	git archive --format zip --output tmp/myaac.zip develop
+	git archive --format zip --output tmp/myaac.zip main
 
 	cd tmp/ || exit
 
@@ -38,7 +38,11 @@ if [ $1 = "prepare" ]; then
 	cd $dir || exit
 
 	# dependencies
-	composer install --prefer-dist --optimize-autoloader
+	composer install --no-dev --prefer-dist --optimize-autoloader
+	npm install
+
+	# node_modules is useless, we already have copy in tools/ext
+	rm -R node_modules
 
 	echo "Now you can make changes to $dir. When you are ready, type 'release.sh pack'"
 	exit

system/clients.conf.php

@@ -105,4 +105,8 @@ $config['clients'] = [
 	1316,
 	1320,
 	1321,
+	1322,
+	1330,
+	1332,
+	1340,
 ];

system/compat/base.php

@@ -9,72 +9,6 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-class Validator extends \MyAAC\Validator {}
-
-function check_name($name, &$errors = '') {
-	if(Validator::characterName($name))
-		return true;
-
-	$errors = Validator::getLastError();
-	return false;
-}
-
-function check_account_id($id, &$errors = '') {
-	if(Validator::accountId($id))
-		return true;
-
-	$errors = Validator::getLastError();
-	return false;
-}
-
-function check_account_name($name, &$errors = '') {
-	if(Validator::accountName($name))
-		return true;
-
-	$errors = Validator::getLastError();
-	return false;
-}
-
-function check_name_new_char($name, &$errors = '') {
-	if(Validator::newCharacterName($name))
-		return true;
-
-	$errors = Validator::getLastError();
-	return false;
-}
-
-function check_rank_name($name, &$errors = '') {
-	if(Validator::rankName($name))
-		return true;
-
-	$errors = Validator::getLastError();
-	return false;
-}
-
-function check_guild_name($name, &$errors = '') {
-	if(Validator::guildName($name))
-		return true;
-
-	$errors = Validator::getLastError();
-	return false;
-}
-
-function news_place() {
-	return tickers();
-}
-
-function tableExist($table)
-{
-	global $db;
-	return $db->hasTable($table);
-}
-
-function fieldExist($field, $table)
-{
-	global $db;
-	return $db->hasColumn($table, $field);
-}
-
 function getCreatureImgPath($creature): string {
 	return getMonsterImgPath($creature);
 }

system/compat/classes.php

@@ -36,3 +36,6 @@ class Guild extends OTS_Guild {
 }
 class GuildRank extends OTS_GuildRank {}
 class House extends OTS_House {}
+
+class Cache extends \MyAAC\Cache\Cache {}
+class Validator extends \MyAAC\Validator {}

system/compat/pages.php

@@ -1,60 +0,0 @@
-<?php
-/**
- * Compat pages (backward support for Gesior AAC)
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-switch($page)
-{
-	case 'adminpanel':
-		header('Location: ' . ADMIN_URL);
-		die;
-
-	case 'createaccount':
-		$page = 'account/create';
-		break;
-
-	case 'accountmanagement':
-		$page = 'account/manage';
-		break;
-
-	case 'lostaccount':
-		$page = 'account/lost';
-		break;
-
-	case 'whoisonline':
-		$page = 'online';
-		break;
-
-	case 'latestnews':
-		$page = 'news';
-		break;
-
-	case 'archive':
-	case 'newsarchive':
-		$page = 'news/archive';
-		break;
-
-	case 'tibiarules':
-		$page = 'rules';
-		break;
-
-	case 'killstatistics':
-		$page = 'last-kills';
-		break;
-
-	case 'buypoints':
-		$page = 'points';
-		break;
-
-	case 'shopsystem':
-		$page = 'gifts';
-		break;
-
-	default:
-		break;
-}

system/counter.php

@@ -15,7 +15,7 @@ define('COUNTER_SYNC', 10); // how often counter is synchronized with database (
 
 $views_counter = 1; // default value, must be here!
 
-$cache = Cache::getInstance();
+$cache = app()->get('cache');
 if($cache->enabled())
 {
 	$value = 0;

system/database.php

@@ -1,139 +0,0 @@
-<?php
-/**
- * Database connection
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
- * @link      https://my-aac.org
- */
-
-use Illuminate\Database\Capsule\Manager as Capsule;
-
-defined('MYAAC') or die('Direct access not allowed!');
-
-if (!isset($config['database_overwrite'])) {
-	$config['database_overwrite'] = false;
-}
-
-if(!$config['database_overwrite'] && !isset($config['database_user'][0], $config['database_password'][0], $config['database_name'][0]))
-{
-	if(isset($config['lua']['sqlType'])) {// tfs 0.3
-		if(isset($config['lua']['mysqlHost'])) {// tfs 0.2
-			$config['otserv_version'] = TFS_02;
-			$config['database_type'] = 'mysql';
-			$config['database_host'] = $config['lua']['mysqlHost'];
-			$config['database_port'] = $config['lua']['mysqlPort'];
-			$config['database_user'] = $config['lua']['mysqlUser'];
-			$config['database_password'] = $config['lua']['mysqlPass'];
-			$config['database_name'] = $config['lua']['mysqlDatabase'];
-			$config['database_encryption'] = $config['lua']['passwordType'];
-		}
-		else {
-			$config['otserv_version'] = TFS_03;
-			$config['database_type'] = $config['lua']['sqlType'];
-			$config['database_host'] = $config['lua']['sqlHost'];
-			$config['database_port'] = $config['lua']['sqlPort'];
-			$config['database_user'] = $config['lua']['sqlUser'];
-			$config['database_password'] = $config['lua']['sqlPass'];
-			$config['database_name'] = $config['lua']['sqlDatabase'];
-
-			$config['database_encryption'] = $config['lua']['encryptionType'];
-			if(!isset($config['database_encryption']) || empty($config['database_encryption'])) // before 0.3.6
-				$config['database_encryption'] = $config['lua']['passwordType'];
-		}
-	}
-	else if(isset($config['lua']['mysqlHost'])) // tfs 1.0
-	{
-		$config['otserv_version'] = TFS_02;
-		$config['database_type'] = 'mysql';
-		$config['database_host'] = $config['lua']['mysqlHost'];
-		$config['database_port'] = $config['lua']['mysqlPort'];
-		$config['database_user'] = $config['lua']['mysqlUser'];
-		$config['database_password'] = $config['lua']['mysqlPass'];
-		$config['database_name'] = $config['lua']['mysqlDatabase'];
-		if(!isset($config['database_socket'][0])) {
-			$config['database_socket'] = isset($config['lua']['mysqlSock']) ? trim($config['lua']['mysqlSock']) : '';
-		}
-		$config['database_encryption'] = 'sha1';
-	}
-	else if(isset($config['lua']['database_type'])) // otserv
-	{
-		$config['otserv_version'] = OTSERV;
-		$config['database_type'] = $config['lua']['database_type'];
-		$config['database_host'] = $config['lua']['database_host'];
-		$config['database_port'] = $config['lua']['database_port'];
-		$config['database_user'] = $config['lua']['database_username'];
-		$config['database_password'] = $config['lua']['database_password'];
-		$config['database_name'] = $config['lua']['database_schema'];
-		$config['database_encryption'] = isset($config['lua']['passwordtype']) ? $config['lua']['passwordtype'] : $config['lua']['password_type'];
-		$config['database_salt'] = isset($config['lua']['passwordsalt']) ? $config['lua']['passwordsalt'] : $config['lua']['password_salt'];
-	}
-	else if(isset($config['lua']['sql_host'])) // otserv 0.6.3 / 0.6.4
-	{
-		$config['otserv_version'] = OTSERV_06;
-		$config['database_type'] = $config['lua']['sql_type'];
-		$config['database_host'] = $config['lua']['sql_host'];
-		$config['database_port'] = $config['lua']['sql_port'];
-		$config['database_user'] = $config['lua']['sql_user'];
-		$config['database_password'] = $config['lua']['sql_pass'];
-		$config['database_name'] = $config['lua']['sql_db'];
-		$config['database_encryption'] = isset($config['lua']['passwordtype']) ? $config['lua']['passwordtype'] : $config['lua']['password_type'];
-		$config['database_salt'] = isset($config['lua']['passwordsalt']) ? $config['lua']['passwordsalt'] : $config['lua']['password_salt'];
-	}
-}
-
-if(isset($config['lua']['useMD5Passwords']) && getBoolean($config['lua']['useMD5Passwords']))
-	$config['database_encryption'] = 'md5';
-
-if(!isset($config['database_log'])) {
-	$config['database_log'] = false;
-}
-
-if(!isset($config['database_socket'])) {
-	$config['database_socket'] = '';
-}
-
-
-try {
-	$ots->connect(array(
-		'host' => $config['database_host'],
-		'user' => $config['database_user'],
-		'password' => $config['database_password'],
-		'database' => $config['database_name'],
-		'log' => $config['database_log'],
-		'socket' => @$config['database_socket'],
-		'persistent' => @$config['database_persistent']
-	));
-
-	$db = POT::getInstance()->getDBHandle();
-	$capsule = new Capsule;
-	$capsule->addConnection([
-		'driver' => 'mysql',
-		'database' => $config['database_name'],
-	]);
-
-	$capsule->getConnection()->setPdo($db);
-	$capsule->getConnection()->setReadPdo($db);
-
-	$capsule->setAsGlobal();
-	$capsule->bootEloquent();
-
-	$eloquentConnection = $capsule->getConnection();
-
-} catch (Exception $e) {
-	if(isset($cache) && $cache->enabled()) {
-		$cache->delete('config_lua');
-	}
-
-	if(defined('MYAAC_INSTALL')) {
-		return; // installer will take care of this
-	}
-
-	throw new RuntimeException('ERROR: Cannot connect to MySQL database.<br/>' .
-		'Possible reasons:' .
-		'<ul>' .
-			'<li>MySQL is not configured propertly in <i>config.lua</i>.</li>' .
-			'<li>MySQL server is not running.</li>' .
-		'</ul>' . $e->getMessage());
-}

system/exception.php

@@ -9,16 +9,16 @@
  */
 
 use MyAAC\Exceptions\SensitiveException;
+use Whoops\Handler\PlainTextHandler;
+use Whoops\Handler\PrettyPageHandler;
+use Whoops\Run;
 
-if (class_exists(\Whoops\Run::class)) {
-	$whoops = new \Whoops\Run;
-	if(IS_CLI) {
-		$whoops->pushHandler(new \Whoops\Handler\PlainTextHandler);
-	}
-	else {
-		$whoops->pushHandler(new \Whoops\Handler\PrettyPageHandler);
-	}
+if (class_exists(Run::class)) {
+	$whoops = new Run;
 
+	$whoopsHandler = IS_CLI ? (new PlainTextHandler()) : (new PrettyPageHandler());
+
+	$whoops->pushHandler($whoopsHandler);
 	$whoops->register();
 	return;
 }

system/functions.php

@@ -9,6 +9,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
+use MyAAC\App\App;
 use MyAAC\Cache\Cache;
 use MyAAC\CsrfToken;
 use MyAAC\Items;
@@ -49,7 +50,7 @@ function warning($message, $return = false) {
 	return message($message, 'warning', $return);
 }
 function note($message, $return = false) {
-	return info($message, $return);
+	return message($message, 'note', $return);
 }
 function info($message, $return = false) {
 	return message($message, 'info', $return);
@@ -87,25 +88,41 @@ function getForumBoardLink($board_id, $page = NULL): string {
 	return BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'forum/board/' . (int)$board_id . (isset($page) ? '/' . $page : '');
 }
 
-function getPlayerLink($name, $generate = true): string
+function getPlayerLink($name, $generate = true, bool $colored = false): string
 {
-	if(is_numeric($name))
-	{
+	if (is_object($name) and $name instanceof OTS_Player) {
+		$player = $name;
+	}
+	else {
 		$player = new OTS_Player();
+
+		if(is_numeric($name)) {
 			$player->load((int)$name);
-		if($player->isLoaded())
-			$name = $player->getName();
+		}
+		else {
+			$player->find($name);
+		}
 	}
 
+	if (!$player->isLoaded()) {
+		return '(error)';
+	}
+
+	$name = $player->getName();
+
 	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'characters/' . urlencode($name);
 
+	if ($colored) {
+		$name = '<span style="color: ' . ($player->isOnline() ? 'green' : 'red') . ';">' . $name . '</span>';
+	}
+
 	if(!$generate) return $url;
 	return generateLink($url, $name);
 }
 
 function getMonsterLink($name, $generate = true): string
 {
-	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'monsters/' . urlencode($name);
+	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'monsters?name=' . urlencode($name);
 
 	if(!$generate) return $url;
 	return generateLink($url, $name);
@@ -113,16 +130,14 @@ function getMonsterLink($name, $generate = true): string
 
 function getHouseLink($name, $generate = true): string
 {
-	if(is_numeric($name))
-	{
+	if(is_numeric($name)) {
 		$house = House::find(intval($name), ['name']);
 		if ($house) {
 			$name = $house->name;
 		}
 	}
 
-
-	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'houses/' . urlencode($name);
+	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'houses?name=' . urlencode($name);
 
 	if(!$generate) return $url;
 	return generateLink($url, $name);
@@ -260,7 +275,10 @@ function generateRandomString($length, $lowCase = true, $upCase = false, $numeri
  */
 function getForumBoards()
 {
-	global $db, $canEdit;
+	global $canEdit;
+
+	$db = app()->get('database');
+
 	$sections = $db->query('SELECT `id`, `name`, `description`, `closed`, `guild`, `access`' . ($canEdit ? ', `hide`, `ordering`' : '') . ' FROM `' . TABLE_PREFIX . 'forum_boards` ' . (!$canEdit ? ' WHERE `hide` != 1' : '') .
 		' ORDER BY `ordering`;');
 	if($sections)
@@ -336,13 +354,12 @@ function updateDatabaseConfig($name, $value)
  */
 function encrypt($str)
 {
-	global $config;
-	if(isset($config['database_salt'])) // otserv
-		$str .= $config['database_salt'];
+	$configDatabaseSalt = config('database_salt');
+	if(isset($configDatabaseSalt)) // otserv
+		$str .= $configDatabaseSalt;
 
-	$encryptionType = $config['database_encryption'];
-	if(isset($encryptionType) && strtolower($encryptionType) !== 'plain')
-	{
+	$encryptionType = config('database_encryption');
+	if(isset($encryptionType) && strtolower($encryptionType) !== 'plain') {
 		if($encryptionType === 'vahash')
 			return base64_encode(hash('sha256', $str));
 
@@ -418,7 +435,7 @@ function delete_guild($id)
 	if(count($rank_list) > 0) {
 		$rank_list->orderBy('level');
 
-		global $db;
+		$db = app()->get('database');
 		/**
 		 * @var OTS_GuildRank $rank_in_guild
 		 */
@@ -480,9 +497,11 @@ function tickers()
  */
 function template_place_holder($type): string
 {
-	global $twig, $template_place_holders, $debugBar;
+	global $template_place_holders, $debugBar;
 	$ret = '';
 
+	$twig = app()->get('twig');
+
 	if (isset($debugBar)) {
 		$debugBarRenderer = $debugBar->getJavascriptRenderer();
 	}
@@ -514,9 +533,11 @@ function template_place_holder($type): string
  */
 function template_header($is_admin = false): string
 {
-	global $title_full, $twig;
+	global $title_full;
 	$charset = setting('core.charset') ?? 'utf-8';
 
+	$twig = app()->get('twig');
+
 	return $twig->render('templates.header.html.twig',
 		[
 			'charset' => $charset,
@@ -531,38 +552,44 @@ function template_header($is_admin = false): string
  */
 function template_footer(): string
 {
-	global $views_counter;
-	$ret = '';
+	$footer = [];
+
 	if(admin()) {
-		$ret .= generateLink(ADMIN_URL, 'Admin Panel', true);
+		$footer[] = generateLink(ADMIN_URL, 'Admin Panel', true);
 	}
 
 	if(setting('core.visitors_counter')) {
 		global $visitors;
 		$amount = $visitors->getAmountVisitors();
-		$ret .= '<br/>Currently there ' . ($amount > 1 ? 'are' : 'is') . ' ' . $amount . ' visitor' . ($amount > 1 ? 's' : '') . '.';
+		$footer[] = 'Currently there ' . ($amount > 1 ? 'are' : 'is') . ' ' . $amount . ' visitor' . ($amount > 1 ? 's' : '') . '.';
 	}
 
 	if(setting('core.views_counter')) {
-		$ret .= '<br/>Page has been viewed ' . $views_counter . ' times.';
+		global $views_counter;
+		$footer[] = 'Page has been viewed ' . $views_counter . ' times.';
 	}
 
 	if(setting('core.footer_load_time')) {
-		$ret .= '<br/>Load time: ' . round(microtime(true) - START_TIME, 4) . ' seconds.';
+		$footer[] = 'Load time: ' . round(microtime(true) - START_TIME, 4) . ' seconds.';
 	}
 
 	$settingFooter = setting('core.footer');
 	if(isset($settingFooter[0])) {
-		$ret .= '<br/>' . $settingFooter;
+		$footer[] = '' . $settingFooter;
 	}
 
 	// please respect my work and help spreading the word, thanks!
-	return $ret . '<br/>' . base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4=');
+	$footer[] = base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4=');
+
+	$hooks = app()->get('hooks');
+	$footer = $hooks->triggerFilter(HOOK_FILTER_THEME_FOOTER, $footer);
+
+	return implode('<br/>', $footer);
 }
 
 function template_ga_code()
 {
-	global $twig;
+	$twig = app()->get('twig');
 	if(!isset(setting('core.google_analytics_id')[0]))
 		return '';
 
@@ -573,34 +600,20 @@ function template_form()
 {
 	global $template_name;
 
-	$cache = Cache::getInstance();
-	if($cache->enabled())
-	{
-		$tmp = '';
-		if($cache->fetch('templates', $tmp)) {
-			$templates = unserialize($tmp);
-		}
-		else
-		{
-			$templates = get_templates();
-			$cache->set('templates', serialize($templates), 30);
-		}
-	}
-	else
-		$templates = get_templates();
+	$templates = Cache::remember('templates', 5 * 60, function() {
+		return get_templates();
+	});
 
 	$options = '';
-	foreach($templates as $key => $value)
+	foreach($templates as $value)
 		$options .= '<option ' . ($template_name == $value ? 'SELECTED' : '') . '>' . $value . '</option>';
 
-	global $twig;
+	$twig = app()->get('twig');
 	return $twig->render('forms.change_template.html.twig', ['options' => $options]);
 }
 
-function getStyle($i)
-{
-	global $config;
-	return is_int($i / 2) ? $config['darkborder'] : $config['lightborder'];
+function getStyle($i) {
+	return is_int($i / 2) ? config('darkborder') : config('lightborder');
 }
 
 $vowels = array('e', 'y', 'u', 'i', 'o', 'a');
@@ -710,13 +723,20 @@ function getSkillName($skillId, $suffix = true)
 	return 'unknown';
 }
 
+function logged(): bool {
+	return app()->isLoggedIn();
+}
+
+function accountLogged(): OTS_Account {
+	$loggedAccount = app()->getAccountLogged();
+	return $loggedAccount ?? new OTS_Account();
+}
 /**
  * Performs flag check on the current logged in user.
  * Table in database: accounts, field: website_flags
  */
 function hasFlag(int $flag): bool {
-	global $logged, $logged_flags;
-	return ($logged && ($logged_flags & $flag) == $flag);
+	return (logged() && (accountLogged()->getWebFlags() & $flag) == $flag);
 }
 /**
  * Check if current logged user have got admin flag set.
@@ -859,7 +879,7 @@ function getWorldName($id)
  */
 function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 {
-	global $mailer, $config;
+	global $mailer;
 
 	if (!setting('core.mail_enabled')) {
 		log_append('mailer-error.log', '_mail() function has been used, but Mail Support is disabled.');
@@ -911,7 +931,7 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 	$mailer->From = setting('core.mail_address');
 	$mailer->Sender = setting('core.mail_address');
 	$mailer->CharSet = 'utf-8';
-	$mailer->FromName = $config['lua']['serverName'];
+	$mailer->FromName = configLua('serverName');
 	$mailer->Subject = $subject;
 	$mailer->addAddress($to);
 	$mailer->Body = $tmp_body;
@@ -980,31 +1000,29 @@ function load_config_lua($filename)
 				continue;
 			}
 			$tmp_exp = explode('=', $line, 2);
-			if(strpos($line, 'dofile') !== false)
-			{
+			if(str_contains($line, 'dofile')) {
 				$delimiter = '"';
-				if(strpos($line, $delimiter) === false)
+				if(!str_contains($line, $delimiter)) {
 					$delimiter = "'";
+				}
 
 				$tmp = explode($delimiter, $line);
 				$result = array_merge($result, load_config_lua($config['server_path'] . $tmp[1]));
 			}
-			else if(count($tmp_exp) >= 2)
-			{
+			else if(count($tmp_exp) >= 2) {
 				$key = trim($tmp_exp[0]);
-				if(0 !== strpos($key, '--'))
-				{
+				if(!str_starts_with($key, '--')) {
 					$value = trim($tmp_exp[1]);
-					if(strpos($value, '--') !== false) {// found some deep comment
+					if(str_contains($value, '--')) {// found some deep comment
 						$value = preg_replace('/--.*$/i', '', $value);
 					}
 
 					if(is_numeric($value))
 						$result[$key] = (float) $value;
 					elseif(in_array(@$value[0], array("'", '"')) && in_array(@$value[strlen($value) - 1], array("'", '"')))
-						$result[$key] = (string) substr(substr($value, 1), 0, -1);
+						$result[$key] = substr(substr($value, 1), 0, -1);
 					elseif(in_array($value, array('true', 'false')))
-						$result[$key] = ($value === 'true') ? true : false;
+						$result[$key] = $value === 'true';
 					elseif(@$value[0] === '{') {
 						// arrays are not supported yet
 						// just ignore the error
@@ -1012,7 +1030,7 @@ function load_config_lua($filename)
 					}
 					else
 					{
-						foreach($result as $tmp_key => $tmp_value) // load values definied by other keys, like: dailyFragsToBlackSkull = dailyFragsToRedSkull
+						foreach($result as $tmp_key => $tmp_value) // load values defined by other keys, like: dailyFragsToBlackSkull = dailyFragsToRedSkull
 							$value = str_replace($tmp_key, $tmp_value, $value);
 						$ret = @eval("return $value;");
 						if((string) $ret == '' && trim($value) !== '""') // = parser error
@@ -1026,11 +1044,10 @@ function load_config_lua($filename)
 		}
 	}
 
-	$result = array_merge($result, isset($config['lua']) ? $config['lua'] : array());
-	return $result;
+	return array_merge($result, $config['lua'] ?? []);
 }
 
-function str_replace_first($search, $replace, $subject) {
+function str_replace_first($search,$replace, $subject) {
 	$pos = strpos($subject, $search);
 	if ($pos !== false) {
 		return substr_replace($subject, $replace, $pos, strlen($search));
@@ -1053,17 +1070,36 @@ function get_browser_real_ip() {
 
 	return '0';
 }
-function setSession($key, $data) {
-	$_SESSION[setting('core.session_prefix') . $key] = $data;
+function setSession($key, $value = null): void {
+	if (!is_array($key)) {
+		$key = [$key => $value];
+	}
+
+	foreach ($key as $arrayKey => $arrayValue) {
+		if (is_null($arrayValue)) {
+			unsetSession($arrayKey);
+		}
+		else {
+			$_SESSION[setting('core.session_prefix') . $arrayKey] = $arrayValue;
+		}
+	}
 }
 function getSession($key) {
-	$key = setting('core.session_prefix') . $key;
-	return isset($_SESSION[$key]) ? $_SESSION[$key] : false;
+	return $_SESSION[setting('core.session_prefix') . $key] ?? null;
 }
-function unsetSession($key) {
+function unsetSession($key): void {
 	unset($_SESSION[setting('core.session_prefix') . $key]);
 }
 
+function session($key): mixed {
+	if (is_array($key)) {
+		setSession($key);
+		return null;
+	}
+
+	return getSession($key);
+}
+
 function csrf(bool $return = false): string {
 	return CsrfToken::create($return);
 }
@@ -1086,20 +1122,16 @@ function csrfProtect(): void
 	}
 }
 
-function getTopPlayers($limit = 5) {
-	global $db;
+function getTopPlayers($limit = 5, $skill = 'level') {
+	$db = app()->get('database');
 
-	$cache = Cache::getInstance();
-	if($cache->enabled()) {
-		$tmp = '';
-		if($cache->fetch('top_' . $limit . '_level', $tmp)) {
-			$players = unserialize($tmp);
-		}
+	if ($skill === 'level') {
+		$skill = 'experience';
 	}
 
-	if (!isset($players)) {
+	return Cache::remember("top_{$limit}_{$skill}", 2 * 60, function () use ($db, $limit, $skill) {
 		$columns = [
-			'id', 'name', 'level', 'vocation', 'experience',
+			'id', 'name', 'level', 'vocation', 'experience', 'balance',
 			'looktype', 'lookhead', 'lookbody', 'looklegs', 'lookfeet'
 		];
 
@@ -1107,36 +1139,27 @@ function getTopPlayers($limit = 5) {
 			$columns[] = 'lookaddons';
 		}
 
-		if ($db->hasColumn('players', 'online')) {
-			$columns[] = 'online';
-		}
-
-		$players = Player::query()
+		return Player::query()
 			->select($columns)
 			->withOnlineStatus()
 			->notDeleted()
 			->where('group_id', '<', setting('core.highscores_groups_hidden'))
 			->whereNotIn('id', setting('core.highscores_ids_hidden'))
 			->where('account_id', '!=', 1)
-			->orderByDesc('experience')
+			->orderByDesc($skill)
 			->limit($limit)
 			->get()
 			->map(function ($e, $i) {
 				$row = $e->toArray();
 				$row['online'] = $e->online_status;
 				$row['rank'] = $i + 1;
+				$row['outfit_url'] = $e->outfit_url;
 
 				unset($row['online_table']);
 
 				return $row;
 			})->toArray();
-
-		if($cache->enabled()) {
-			$cache->set('top_' . $limit . '_level', serialize($players), 120);
-		}
-	}
-
-	return $players;
+	});
 }
 
 function deleteDirectory($dir, $ignore = array(), $contentOnly = false) {
@@ -1205,7 +1228,7 @@ function clearCache()
 {
 	News::clearCache();
 
-	$cache = Cache::getInstance();
+	$cache = app()->get('cache');
 	if($cache->enabled()) {
 		$keysToClear = [
 			'status', 'templates',
@@ -1243,7 +1266,7 @@ function clearCache()
 			}
 		}
 
-		global $db;
+		$db = app()->get('database');
 		$db->setClearCacheAfter(true);
 	}
 
@@ -1255,7 +1278,7 @@ function clearCache()
 	// routes cache
 	clearRouteCache();
 
-	global $hooks;
+	$hooks = app()->get('hooks');
 	$hooks->trigger(HOOK_CACHE_CLEAR, ['cache' => Cache::getInstance()]);
 
 	return true;
@@ -1271,7 +1294,8 @@ function clearRouteCache(): void
 
 function getCustomPageInfo($name)
 {
-	global $logged_access;
+	$logged_access = logged() ? accountLogged()->getAccess() : 0;
+
 	$page = Pages::isPublic()
 		->where('name', 'LIKE', $name)
 		->where('access', '<=', $logged_access)
@@ -1285,7 +1309,9 @@ function getCustomPageInfo($name)
 }
 function getCustomPage($name, &$success): string
 {
-	global $twig, $title, $ignore;
+	global $title, $ignore;
+
+	$twig = app()->get('twig');
 
 	$success = false;
 	$content = '';
@@ -1309,9 +1335,6 @@ function getCustomPage($name, &$success): string
 				$tmp = $page['body'];
 
 			global $config;
-			if(setting('core.backward_support')) {
-				global $SQL, $main_content, $subtopic;
-			}
 
 			ob_start();
 			eval($tmp);
@@ -1502,8 +1525,7 @@ function verify_number($number, $name, $max_length)
 
 function Outfits_loadfromXML()
 {
-	global $config;
-	$file_path = $config['data_path'] . 'XML/outfits.xml';
+	$file_path = config('data_path') . 'XML/outfits.xml';
 	if (!file_exists($file_path)) {	return null; }
 
 	$xml = new DOMDocument;
@@ -1528,8 +1550,7 @@ function Outfits_loadfromXML()
 
 function Mounts_loadfromXML()
 {
-	global $config;
-	$file_path = $config['data_path'] . 'XML/mounts.xml';
+	$file_path = config('data_path') . 'XML/mounts.xml';
 	if (!file_exists($file_path)) {	return null; }
 
 	$xml = new DOMDocument;
@@ -1623,7 +1644,7 @@ function removeIfFirstSlash(&$text) {
 };
 
 function escapeHtml($html) {
-	return htmlentities($html, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
+	return htmlspecialchars($html);
 }
 
 function getGuildNameById($id)
@@ -1652,8 +1673,10 @@ function getGuildLogoById($id)
 	return BASE_URL . GUILD_IMAGES_DIR . $logo;
 }
 
-function displayErrorBoxWithBackButton($errors, $action = null) {
-	global $twig;
+function displayErrorBoxWithBackButton($errors, $action = null)
+{
+	$twig = app()->get('twig');
+
 	$twig->display('error_box.html.twig', ['errors' => $errors]);
 	$twig->display('account.back_button.html.twig', [
 		'action' => $action ?: getLink('')
@@ -1668,8 +1691,32 @@ function isRequestMethod(string $method): bool {
 	return strtolower($_SERVER['REQUEST_METHOD']) == strtolower($method);
 }
 
+function getAccountIdentityColumn(): string
+{
+	if (USE_ACCOUNT_NAME) {
+		return 'name';
+	}
+	elseif (USE_ACCOUNT_NUMBER) {
+		return 'number';
+	}
+
+	return 'id';
+}
+
+function app() {
+	static $__app;
+	if (!isset($__app)) {
+		$__app = new App();
+	}
+
+	return $__app;
+}
+
 // validator functions
 require_once SYSTEM . 'compat/base.php';
 
 // custom functions
-require SYSTEM . 'functions_custom.php';
+$customFunctions = SYSTEM . 'functions_custom.php';
+if (is_file($customFunctions)) {
+	require $customFunctions;
+}

system/init.php

@@ -12,12 +12,13 @@ use DebugBar\StandardDebugBar;
 use MyAAC\Cache\Cache;
 use MyAAC\CsrfToken;
 use MyAAC\Hooks;
+use MyAAC\Models\Town;
 use MyAAC\Settings;
-use MyAAC\Towns;
 
 defined('MYAAC') or die('Direct access not allowed!');
 
-if(!isset($config['installed']) || !$config['installed']) {
+$configInstalled = config('installed');
+if(!isset($configInstalled) || !$configInstalled) {
 	throw new RuntimeException('MyAAC has not been installed yet or there was error during installation. Please install again.');
 }
 
@@ -29,29 +30,28 @@ if (config('env') === 'dev' || getBoolean(config('enable_debugbar'))) {
 	$debugBar = new StandardDebugBar();
 }
 
-if(empty($config['server_path'])) {
+$configServerPath = config('server_path');
+if(empty($configServerPath)) {
 	throw new RuntimeException('Server Path has been not set. Go to config.php and set it.');
 }
 
 // take care of trailing slash at the end
-if($config['server_path'][strlen($config['server_path']) - 1] !== '/')
-	$config['server_path'] .= '/';
+if($configServerPath[strlen($configServerPath) - 1] !== '/') {
+	config(['server_path', $configServerPath . '/']);
+}
 
 // enable gzip compression if supported by the browser
-if(isset($config['gzip_output']) && $config['gzip_output'] && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false && function_exists('ob_gzhandler'))
+if(isset($config['gzip_output']) && $config['gzip_output'] && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && str_contains($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('ob_gzhandler'))
 	ob_start('ob_gzhandler');
 
-// cache
-$cache = Cache::getInstance();
-
 // event system
-$hooks = new Hooks();
-$hooks->load();
+$hooks = app()->get('hooks');
 
 // twig
 require_once SYSTEM . 'twig.php';
 
 // action, used by many pages
+global $action;
 $action = $_REQUEST['action'] ?? '';
 define('ACTION', $action);
 
@@ -77,9 +77,11 @@ foreach($_REQUEST as $var => $value) {
 
 // load otserv config file
 $config_lua_reload = true;
+global $cache;
+$cache = app()->get('cache');
 if($cache->enabled()) {
 	$tmp = null;
-	if($cache->fetch('server_path', $tmp) && $tmp == $config['server_path']) {
+	if($cache->fetch('server_path', $tmp) && $tmp == config('server_path')) {
 		$tmp = null;
 		if($cache->fetch('config_lua', $tmp) && $tmp) {
 			$config['lua'] = unserialize($tmp);
@@ -89,31 +91,33 @@ if($cache->enabled()) {
 }
 
 if($config_lua_reload) {
-	$config['lua'] = load_config_lua($config['server_path'] . 'config.lua');
+	config(['lua', load_config_lua(config('server_path') . 'config.lua')]);
 
 	// cache config
 	if($cache->enabled()) {
-		$cache->set('config_lua', serialize($config['lua']), 120);
-		$cache->set('server_path', $config['server_path']);
+		$cache->set('config_lua', serialize(config('lua')), 2 * 60);
+		$cache->set('server_path', config('server_path'), 10 * 60);
 	}
 }
 unset($tmp);
 
-if(isset($config['lua']['servername']))
-	$config['lua']['serverName'] = $config['lua']['servername'];
+if(configLua('servername') !== null) {
+	$config['lua']['serverName'] = configLua('servername');
+}
 
-if(isset($config['lua']['houserentperiod']))
-	$config['lua']['houseRentPeriod'] = $config['lua']['houserentperiod'];
+if(configLua('houserentperiod') !== null) {
+	$config['lua']['houseRentPeriod'] = configLua('houserentperiod');
+}
 
 // localize data/ directory based on data directory set in config.lua
 foreach(array('dataDirectory', 'data_directory', 'datadir') as $key) {
-	if(!isset($config['lua'][$key][0])) {
+	if(!isset(configLua($key)[0])) {
 		break;
 	}
 
-	$foundValue = $config['lua'][$key];
+	$foundValue = configLua('lua')[$key];
 	if($foundValue[0] !== '/') {
-		$foundValue = $config['server_path'] . $foundValue;
+		$foundValue = config('server_path') . $foundValue;
 	}
 
 	if($foundValue[strlen($foundValue) - 1] !== '/') {// do not forget about trailing slash
@@ -122,33 +126,31 @@ foreach(array('dataDirectory', 'data_directory', 'datadir') as $key) {
 }
 
 if(!isset($foundValue)) {
-	$foundValue = $config['server_path'] . 'data/';
+	$foundValue = config('server_path') . 'data/';
 }
 
-$config['data_path'] = $foundValue;
+config(['data_path', $foundValue]);
 unset($foundValue);
 
 // POT
 require_once SYSTEM . 'libs/pot/OTS.php';
-$ots = POT::getInstance();
 $eloquentConnection = null;
-require_once SYSTEM . 'database.php';
-
-if ($config_lua_reload) {
-	clearCache();
-}
+global $db;
+$db = app()->get('db');
 
 // verify myaac tables exists in database
 if(!defined('MYAAC_INSTALL') && !$db->hasTable('myaac_account_actions')) {
-	throw new RuntimeException('Seems that the table myaac_account_actions of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting ' . BASE_URL . 'install');
+	throw new RuntimeException('Seems that the table myaac_account_actions of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting ' . (IS_CLI ? 'http://your-ip.com/' : BASE_URL) . 'install');
 }
 
 // execute migrations
-require SYSTEM . 'migrate.php';
+$configDatabaseAutoMigrate = config('database_auto_migrate');
+if (!isset($configDatabaseAutoMigrate) || $configDatabaseAutoMigrate) {
+	require SYSTEM . 'migrate.php';
+}
 
 // settings
-$settings = Settings::getInstance();
-$settings->load();
+$settings = app()->get('settings');
 
 // csrf protection
 $token = getSession('csrf_token');
@@ -159,12 +161,15 @@ if (!isset($token) || !$token) {
 // deprecated config values
 require_once SYSTEM . 'compat/config.php';
 
+// deprecated classes
+require_once SYSTEM . 'compat/classes.php';
+
 date_default_timezone_set(setting('core.date_timezone'));
 
 setting(
 	[
-		'core.account_create_character_create',
-		setting('core.account_create_character_create') && (!setting('core.mail_enabled') || !setting('core.account_mail_verify'))
+		'core.account_mail_verify',
+		setting('core.account_mail_verify') && setting('core.mail_enabled')
 	]
 );
 
@@ -177,4 +182,17 @@ define('USE_ACCOUNT_NAME', $db->hasColumn('accounts', 'name'));
 define('USE_ACCOUNT_NUMBER', $db->hasColumn('accounts', 'number'));
 define('USE_ACCOUNT_SALT', $db->hasColumn('accounts', 'salt'));
 
-Towns::load();
+$towns = Cache::remember('towns', 10 * 60, function () use ($db) {
+	if ($db->hasTable('towns') && Town::count() > 0) {
+		return Town::orderBy('id', 'ASC')->pluck('name', 'id')->toArray();
+	}
+
+	return [];
+});
+
+if (count($towns) <= 0) {
+	$towns = setting('core.towns');
+}
+
+config(['towns', $towns]);
+unset($towns);

system/libs/pot/OTS_Account.php

@@ -12,6 +12,8 @@
  * @license http://www.gnu.org/licenses/lgpl-3.0.txt GNU Lesser General Public License, Version 3
  */
 
+use MyAAC\Models\AccountAction;
+
 /**
  * OTServ account abstraction.
  *
@@ -443,19 +445,19 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 			throw new E_OTS_NotLoaded();
 		}
 
+		$configFreePremium = configLua('freePremium');
+		if(isset($configFreePremium) && getBoolean($configFreePremium)) {return -1;}
+
 		if(isset($this->data['premium_ends_at']) || isset($this->data['premend'])) {
 			$col = isset($this->data['premium_ends_at']) ? 'premium_ends_at' : 'premend';
 			$ret = ceil(($this->data[$col] - time()) / (24 * 60 * 60));
-			return $ret > 0 ? $ret : 0;
+			return max($ret, 0);
 		}
 
 		if($this->data['premdays'] == 0) {
 			return 0;
 		}
 
-		global $config;
-		if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return -1;
-
 		if($this->data['premdays'] == self::GRATIS_PREMIUM_DAYS){
 			return self::GRATIS_PREMIUM_DAYS;
 		}
@@ -476,8 +478,8 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 
     public function isPremium()
     {
-		global $config;
-        if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return true;
+		$configFreePremium = configLua('freePremium');
+		if(isset($configFreePremium) && getBoolean($configFreePremium)) return true;
 
 		if(isset($this->data['premium_ends_at'])) {
 			return $this->data['premium_ends_at'] > time();
@@ -770,7 +772,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
         $filter->compareField('account_id', (int) $this->data['id']);
 
 		if(!$withDeleted) {
-			global $db;
+			$db = app()->get('database');
 			if($db->hasColumn('players', 'deletion')) {
 				$filter->compareField('deletion', 0);
 			} else {
@@ -934,7 +936,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 			return $this->data['group_id'];
 		}
 
-		global $db;
+		$db = app()->get('database');
 		if($db->hasColumn('accounts', 'group_id')) {
 			$query = $this->db->query('SELECT `group_id` FROM `accounts` WHERE `id` = ' . (int) $this->getId())->fetch();
 			// if anything was found
@@ -961,7 +963,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 			return $this->data['group_id'];
 		}
 
-		global $db;
+		$db = app()->get('database');
 		if($db->hasColumn('accounts', 'group_id')) {
 			$query = $this->db->query('SELECT `group_id` FROM `accounts` WHERE `id` = ' . (int) $this->getId())->fetch();
 			// if anything was found
@@ -1010,26 +1012,16 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 
 	public function logAction($action)
 	{
-		$ip = get_browser_real_ip();
-		if(strpos($ip, ":") === false) {
-			$ipv6 = '0';
-		}
-		else {
-			$ipv6 = $ip;
-			$ip = '';
+		AccountAction::create([
+			'account_id' => $this->getId(),
+			'ip' => get_browser_real_ip(),
+			'date' => time(),
+			'action' => $action,
+		]);
 	}
 
-		return $this->db->exec('INSERT INTO `' . TABLE_PREFIX . 'account_actions` (`account_id`, `ip`, `ipv6`, `date`, `action`) VALUES (' . $this->db->quote($this->getId()).', ' . ($ip == '' ? '0' : $this->db->quote(ip2long($ip))) . ', (' . ($ipv6 == '0' ? $this->db->quote('') : $this->db->quote(inet_pton($ipv6))) . '), UNIX_TIMESTAMP(NOW()), ' . $this->db->quote($action).')');
-	}
-
-	public function getActionsLog($limit1, $limit2)
-	{
-		$actions = array();
-
-		foreach($this->db->query('SELECT `ip`, `ipv6`, `date`, `action` FROM `' . TABLE_PREFIX . 'account_actions` WHERE `account_id` = ' . $this->data['id'] . ' ORDER by `date` DESC LIMIT ' . $limit1 . ', ' . $limit2 . '')->fetchAll() as $a)
-			$actions[] = array('ip' => $a['ip'], 'ipv6' => $a['ipv6'], 'date' => $a['date'], 'action' => $a['action']);
-
-		return $actions;
+	public function getActionsLog($limit) {
+		return AccountAction::where('account_id', $this->data['id'])->orderByDesc('date')->limit($limit)->get()->toArray();
 	}
 /**
  * Returns players iterator.

system/libs/pot/OTS_Base_DAO.php

@@ -83,38 +83,4 @@ abstract class OTS_Base_DAO implements IOTS_DAO
     {
         unset($this->data['id']);
     }
-
-/**
- * Magic PHP5 method.
- * 
- * <p>
- * Allows object importing from {@link http://www.php.net/manual/en/function.var-export.php var_export()}.
- * </p>
- * 
- * @version 0.1.0
- * @param array $properties List of object properties.
- */
-    public static function __set_state($properties)
-    {
-        // deletes database handle
-        if( isset($properties['db']) )
-        {
-            unset($properties['db']);
-        }
-
-        // initializes new object with current database connection
-        $object = new self();
-
-        // loads properties
-        foreach($properties as $name => $value)
-        {
-            $object->$name = $value;
-        }
-
-        return $object;
-    }
 }
-
-/**#@-*/
-
-?>

system/libs/pot/OTS_Base_DB.php

@@ -184,8 +184,14 @@ abstract class OTS_Base_DB extends PDO implements IOTS_DB
 		$query = 'UPDATE '.$this->tableName($table).' SET ';
 
 		$count = count($fields);
-		for ($i = 0; $i < $count; $i++)
-			$query.= $this->fieldName($fields[$i]).' = '.$this->quote($values[$i]).', ';
+		for ($i = 0; $i < $count; $i++) {
+			$value = 'NULL';
+			if ($values[$i] !== null) {
+				$value = $this->quote($values[$i]);
+			}
+
+			$query.= $this->fieldName($fields[$i]).' = '.$value.', ';
+		}
 
 		$query = substr($query, 0, -2);
 		$query.=' WHERE (';
@@ -229,6 +235,30 @@ abstract class OTS_Base_DB extends PDO implements IOTS_DB
 		$this->exec($query);
 		return true;
 	}
+
+	public function addColumn($table, $column, $definition): void {
+		$this->exec('ALTER TABLE ' . $this->tableName($table) . ' ADD ' . $this->fieldName($column) . ' ' . $definition . ';');
+	}
+
+	public function modifyColumn($table, $column, $definition): void {
+		$this->exec('ALTER TABLE ' . $this->tableName($table) . ' MODIFY ' . $this->fieldName($column) . ' ' . $definition . ';');
+	}
+
+	public function changeColumn($table, $from, $to, $definition): void {
+		$this->exec('ALTER TABLE ' . $this->tableName($table) . ' CHANGE ' . $this->fieldName($from) . ' ' . $this->fieldName($to) . ' ' . $definition . ';');
+	}
+
+	public function dropColumn($table, $column): void {
+		$this->exec('ALTER TABLE ' . $this->tableName($table) . ' DROP COLUMN ' . $this->fieldName($column) . ';');
+	}
+
+	public function renameTable($from, $to): void {
+		$this->exec('RENAME TABLE ' . $this->tableName($from) . ' TO ' . $this->tableName($to) . ';');
+	}
+
+	public function dropTable($table, $ifExists = true): void {
+		$this->exec('DROP TABLE ' . ($ifExists ? 'IF EXISTS' : '') . ' ' . $this->tableName($table) . ';');
+	}
 /**
  * LIMIT/OFFSET clause for queries.
  *

system/libs/pot/OTS_Buffer.php

@@ -196,6 +196,16 @@ class OTS_Buffer
 		return $value[1];
 	}
 
+	public function getLongLong()
+	{
+		// checks buffer size
+		$this->check(8);
+
+		$value = unpack('P', substr($this->buffer, $this->pos, 8) );
+		$this->pos += 8;
+		return $value[1];
+	}
+
 /**
  * Appends quater byte to buffer.
  *

system/libs/pot/OTS_DB_MySQL.php

@@ -97,14 +97,13 @@ class OTS_DB_MySQL extends OTS_Base_DB
 			$params['persistent'] = false;
 		}
 
-		global $config;
-		$cache = Cache::getInstance();
+		$cache = app()->get('cache');
 		if($cache->enabled()) {
 			$tmp = null;
 			$need_revalidation = true;
 			if($cache->fetch('database_checksum', $tmp) && $tmp) {
 				$tmp = unserialize($tmp);
-				if(sha1($config['database_host'] . '.' . $config['database_name']) === $tmp) {
+				if(sha1(config('database_host') . '.' . config('database_name')) === $tmp) {
 					$need_revalidation = false;
 				}
 			}
@@ -148,9 +147,7 @@ class OTS_DB_MySQL extends OTS_Base_DB
 
 	public function __destruct()
 	{
-		global $config;
-
-		$cache = Cache::getInstance();
+		$cache = app()->get('cache');
 		if($cache->enabled()) {
 			if ($this->clearCacheAfter) {
 				$cache->delete('database_tables');
@@ -160,12 +157,13 @@ class OTS_DB_MySQL extends OTS_Base_DB
 			else {
 				$cache->set('database_tables', serialize($this->has_table_cache), 3600);
 				$cache->set('database_columns', serialize($this->has_column_cache), 3600);
-				$cache->set('database_checksum', serialize(sha1($config['database_host'] . '.' . $config['database_name'])), 3600);
+				$cache->set('database_checksum', serialize(sha1(config('database_host') . '.' . config('database_name'))), 3600);
 			}
 		}
 
 		if($this->logged) {
-			log_append('database.log', $_SERVER['REQUEST_URI'] . PHP_EOL . $this->getLog());
+			$currentScript = $_SERVER['REQUEST_URI'] ?? $_SERVER['SCRIPT_FILENAME'];
+			log_append('database.log', $currentScript . PHP_EOL . $this->getLog());
 		}
 	}
 
@@ -217,8 +215,7 @@ class OTS_DB_MySQL extends OTS_Base_DB
 	}
 
 	private function hasTableInternal($name) {
-		global $config;
-		return ($this->has_table_cache[$name] = $this->query('SELECT `TABLE_NAME` FROM `information_schema`.`tables` WHERE `TABLE_SCHEMA` = ' . $this->quote($config['database_name']) . ' AND `TABLE_NAME` = ' . $this->quote($name) . ' LIMIT 1;')->rowCount() > 0);
+		return ($this->has_table_cache[$name] = $this->query('SELECT `TABLE_NAME` FROM `information_schema`.`tables` WHERE `TABLE_SCHEMA` = ' . $this->quote(config('database_name')) . ' AND `TABLE_NAME` = ' . $this->quote($name) . ' LIMIT 1;')->rowCount() > 0);
 	}
 
 	public function hasColumn($table, $column) {

system/libs/pot/OTS_Group.php

@@ -490,7 +490,9 @@ class OTS_Group extends OTS_Row_DAO implements IteratorAggregate, Countable
         // creates filter
         $filter = new OTS_SQLFilter();
         $filter->compareField('group_id', (int) $this->data['id']);
-		global $db;
+
+	    $db = app()->get('database');
+
 		if($db->hasColumn('players', 'deletion'))
 			$filter->compareField('deletion', 0);
 		else

system/libs/pot/OTS_Groups_List.php

@@ -33,7 +33,7 @@ class OTS_Groups_List implements IteratorAggregate, Countable
  */
     public function __construct($file = '')
     {
-		global $db;
+		$db = app()->get('db');
 		if($db->hasTable('groups')) { // read groups from database
 			foreach($db->query('SELECT `id`, `name`, `access` FROM `groups`;') as $group)
 			{
@@ -47,10 +47,8 @@ class OTS_Groups_List implements IteratorAggregate, Countable
 			return;
 		}
 
-		if(!isset($file[0]))
-		{
-			global $config;
-			$file = $config['data_path'] . 'XML/groups.xml';
+		if(!isset($file[0])) {
+			$file = config('data_path') . 'XML/groups.xml';
 		}
 
 		if(!@file_exists($file)) {
@@ -59,7 +57,7 @@ class OTS_Groups_List implements IteratorAggregate, Countable
 			return;
 		}
 
-		$cache = Cache::getInstance();
+		$cache = app()->get('cache');
 
 		$data = array();
 		if($cache->enabled())

system/libs/pot/OTS_Guild.php

@@ -284,8 +284,6 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
     }
 
     public function hasMember(OTS_Player $player) {
-        global $db;
-
         if(!$player || !$player->isLoaded()) {
             return false;
         }

system/libs/pot/OTS_House.php

@@ -60,12 +60,7 @@ class OTS_House extends OTS_Row_DAO
     private $tiles = array();
 
 	public function load($id) {
-		$this->data = $this->db->query('SELECT * FROM `houses` WHERE `id` = ' . $id )->fetch();
-		foreach($this->data as $key => $value) {
-			if(is_numeric($key)) {
-				unset($this->data[$key]);
-			}
-		}
+		$this->data = $this->db->query('SELECT * FROM `houses` WHERE `id` = ' . $id )->fetch(PDO::FETCH_ASSOC);
 	}
 
     public function find($name)

system/libs/pot/OTS_Monster.php

@@ -135,13 +135,14 @@ class OTS_Monster extends DOMDocument
 	{
 		$flags = array();
 
-        // read all flags
+		if ($this->documentElement->getElementsByTagName('flags')->item(0)) {
 			foreach( $this->documentElement->getElementsByTagName('flags')->item(0)->getElementsByTagName('flag') as $flag)
 			{
 				$flag = $flag->attributes->item(0);
 
 				$flags[$flag->nodeName] = (int) $flag->nodeValue;
 			}
+		}
 
 		return $flags;
 	}

system/libs/pot/OTS_Player.php

@@ -90,7 +90,7 @@ class OTS_Player extends OTS_Row_DAO
  * @version 0.1.2
  * @var array
  */
-    private $data = array('sex' => 0, 'vocation' => 0, 'experience' => 0, 'level' => 1, 'maglevel' => 0, 'health' => 100, 'healthmax' => 100, 'mana' => 100, 'manamax' => 100, 'manaspent' => 0, 'soul' => 0, 'lookbody' => 10, 'lookfeet' => 10, 'lookhead' => 10, 'looklegs' => 10, 'looktype' => 136, 'lookaddons' => 0, 'posx' => 0, 'posy' => 0, 'posz' => 0, 'cap' => 0, 'lastlogin' => 0, 'lastip' => 0, 'save' => true, 'skulltime' => 0, 'skull' => 0, 'balance' => 0, 'lastlogout' => 0, 'blessings' => 0, 'stamina' => 0, 'online' => 0, 'comment' => '', 'created' => 0, 'hide' => 0);
+	private $data = array('group_id' => 1, 'sex' => 0, 'vocation' => 0, 'experience' => 0, 'level' => 1, 'maglevel' => 0, 'health' => 100, 'healthmax' => 100, 'mana' => 100, 'manamax' => 100, 'manaspent' => 0, 'soul' => 0, 'lookbody' => 10, 'lookfeet' => 10, 'lookhead' => 10, 'looklegs' => 10, 'looktype' => 136, 'lookaddons' => 0, 'posx' => 0, 'posy' => 0, 'posz' => 0, 'cap' => 0, 'lastlogin' => 0, 'lastip' => 0, 'save' => true, 'skulltime' => 0, 'skull' => 0, 'balance' => 0, 'lastlogout' => 0, 'blessings' => 0, 'stamina' => 0, 'online' => 0, 'comment' => '', 'created' => 0, 'hide' => 0);
 
 /**
  * Player skills.
@@ -108,6 +108,8 @@ class OTS_Player extends OTS_Row_DAO
 		POT::SKILL_SHIELD => array('value' => 0, 'tries' => 0),
 		POT::SKILL_FISH => array('value' => 0, 'tries' => 0)
 	);
+
+	private static array $playersOnline;
 /**
  * Magic PHP5 method.
  *
@@ -653,18 +655,19 @@ class OTS_Player extends OTS_Row_DAO
 		//if($path == '')
 		//	$path = $config['data_path'].'XML/groups.xml';
 
-        if( !isset($this->data['group_id']) )
-        {
+		if(!isset($this->data['group_id'])) {
 			throw new E_OTS_NotLoaded();
 		}
 
 		//$groups = new DOMDocument();
 		//$groups->load($path);
 
-		global $groups;
+		$groups = app()->get('groups');
 		$tmp = $groups->getGroup($this->data['group_id']);
-		if($tmp)
+
+		if($tmp) {
 			return $tmp;
+		}
 
 		return new OTS_Group();
 			// echo 'error while loading group..';
@@ -765,10 +768,18 @@ class OTS_Player extends OTS_Row_DAO
 
 	public function isOnline()
 	{
-		if($this->db->hasTable('players_online')) // tfs 1.0
-		{
-			$query = $this->db->query('SELECT `player_id` FROM `players_online` WHERE `player_id` = ' . $this->data['id']);
-			return $query->rowCount() > 0;
+		if($this->db->hasTable('players_online')) {// tfs 1.0
+			if (!isset(self::$playersOnline)) {
+				self::$playersOnline = [];
+
+				$query = $this->db->query('SELECT `player_id` FROM `players_online`');
+
+				foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $item) {
+					self::$playersOnline[$item['player_id']] = true;
+				}
+			}
+
+			return isset(self::$playersOnline[$this->data['id']]);
 		}
 
 		if( !isset($this->data['online']) )
@@ -843,9 +854,8 @@ class OTS_Player extends OTS_Row_DAO
 		}
 
 		if(isset($this->data['promotion'])) {
-			global $config;
 			if((int)$this->data['promotion'] > 0)
-				return ($this->data['vocation'] + ($this->data['promotion'] * $config['vocations_amount']));
+				return ($this->data['vocation'] + ($this->data['promotion'] * config('vocations_amount')));
 		}
 
 		return $this->data['vocation'];
@@ -1229,6 +1239,13 @@ class OTS_Player extends OTS_Row_DAO
 		$this->data['direction'] = (int) $direction;
 	}
 
+	public function getOutfit(): string
+	{
+		$hasLookAddons = $this->db->hasColumn('players', 'lookaddons');
+
+		return setting('core.outfit_images_url') . '?id=' . $this->getLookType() . ($hasLookAddons ? '&addons=' . $this->getLookAddons() : '') . '&head=' . $this->getLookHead() . '&body=' . $this->getLookBody() . '&legs=' . $this->getLookLegs() . '&feet=' . $this->getLookFeet();
+	}
+
 /**
  * Body color.
  *
@@ -1745,11 +1762,6 @@ class OTS_Player extends OTS_Row_DAO
  */
 	public function getConditions()
 	{
-        if( !isset($this->data['conditions']) )
-        {
-            throw new E_OTS_NotLoaded();
-        }
-
 		return $this->data['conditions'];
 	}
 

system/locale/de/install.php

@@ -36,6 +36,10 @@ $locale['step_requirements'] = 'Anforderungen';
 $locale['step_requirements_title'] = 'Anforderungen überprüfen';
 $locale['step_requirements_php_version'] = 'PHP Version';
 $locale['step_requirements_write_perms'] = 'Schreibberechtigungen';
+$locale['step_requirements_folder_exists'] = 'Ordner ist vorhanden';
+$locale['step_requirements_folder_not_exists_tools_ext'] = 'NPM Package Manager wird verwendet für externe JavaScript/CSS Bibliotheken.'
+	. ' Es sollte via Command Line installiert werden: <a href="https://docs.npmjs.com/downloading-and-installing-node-js-and-npm">https://docs.npmjs.com/downloading-and-installing-node-js-and-npm</a>'
+	. ' Nachdem das Tool installiert wurde, folgende Befehl sollte ausgeführt in dem Hauptordner des MyAACs: "npm install".';
 $locale['step_requirements_failed'] = 'Die Installation wird deaktiviert, bis diese Anforderungen erfüllt sind.</b><br/>Für weitere Informationen siehe <b>README</b> Datei.';
 $locale['step_requirements_extension'] = '$EXTENSION$ PHP Erweiterung';
 

system/locale/en/install.php

@@ -36,6 +36,10 @@ $locale['step_requirements'] = 'Requirements';
 $locale['step_requirements_title'] = 'Requirements check';
 $locale['step_requirements_php_version'] = 'PHP Version';
 $locale['step_requirements_write_perms'] = 'Write permissions';
+$locale['step_requirements_folder_exists'] = 'Directory exists';
+$locale['step_requirements_folder_not_exists_tools_ext'] = 'NPM Package Manager is used for external JavaScript/CSS libraries.'
+	. ' You need to install it through Command Line: <a href="https://docs.npmjs.com/downloading-and-installing-node-js-and-npm">https://docs.npmjs.com/downloading-and-installing-node-js-and-npm</a>'
+	. ' When you done with installing that tool, execute: "npm install" in the main MyAAC folder.';
 $locale['step_requirements_failed'] = 'Installation will be disabled until these requirements will be passed.</b><br/>For more informations see <b>README</b> file.';
 $locale['step_requirements_extension'] = '$EXTENSION$ PHP extension';
 $locale['step_requirements_warning_images_guilds'] = 'Guild logo upload will not work';
@@ -90,7 +94,7 @@ $locale['step_database_loaded_npcs'] = 'NPCs has been loaded...';
 $locale['step_database_error_npcs'] = 'There were some problems loading your NPCs';
 $locale['step_database_loaded_spells'] = 'Spells has been loaded...';
 $locale['step_database_loaded_towns'] = 'Towns has been loaded...';
-$locale['step_database_error_towns'] = 'There were some problems loading your towns. You will need to configure them manually in config.';
+$locale['step_database_error_towns'] = 'There were some problems loading your towns. You will need to configure them manually in Settings.';
 $locale['step_database_created_account'] = 'Created admin account...';
 $locale['step_database_created_news'] = 'Newses has been created...';
 

system/locale/pl/install.php

@@ -36,6 +36,10 @@ $locale['step_requirements'] = 'Wymagania';
 $locale['step_requirements_title'] = 'Sprawdzanie wymagań';
 $locale['step_requirements_php_version'] = 'Wersja PHP';
 $locale['step_requirements_write_perms'] = 'Uprawnienia do zapisu';
+$locale['step_requirements_folder_exists'] = 'Folder istnieje';
+$locale['step_requirements_folder_not_exists_tools_ext'] = 'Manadżer Pakietów NPM jest używany do zewnętrznych bibliotek JavaScript/CSS.'
+	. ' Trzeba go zainstalować poprzez wiersz poleceń: <a href="https://docs.npmjs.com/downloading-and-installing-node-js-and-npm">https://docs.npmjs.com/downloading-and-installing-node-js-and-npm</a>'
+	. ' Po instalacji narzędzia, wywołaj następujące polecenie w głownym katalogu MyAAC: "npm install".';
 $locale['step_requirements_failed'] = 'Instalacja zostanie zablokowana dopóki te wymagania nie zostaną spełnione.</b><br/>Po więcej informacji zasięgnij do pliku <b>README</b>.';
 $locale['step_requirements_extension'] = 'Rozszerzenie PHP - $EXTENSION$';
 $locale['step_requirements_warning_images_guilds'] = 'Nie będzie możliwości uploadu obrazków gildii';
@@ -89,7 +93,7 @@ $locale['step_database_loaded_npcs'] = 'Załadowano NPCs...';
 $locale['step_database_error_npcs'] = 'Wystąpił problem podczas ładowania NPCs';
 $locale['step_database_loaded_spells'] = 'Załadowano czary (spells)...';
 $locale['step_database_loaded_towns'] = 'Załadowano miasta (towns)...';
-$locale['step_database_error_towns'] = 'Wystąpił problem podczas ładowania miast. Trzeba będzie je skonfigurować manualnie.';
+$locale['step_database_error_towns'] = 'Wystąpił problem podczas ładowania miast. Trzeba będzie je skonfigurować manualnie w ustawieniach.';
 $locale['step_database_created_account'] = 'Utworzono konto admina...';
 $locale['step_database_created_news'] = 'Utworzono newsy...';
 

system/login.php

@@ -1,41 +0,0 @@
-<?php
-/**
- * Login manager
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-$logged = false;
-$logged_flags = 0;
-$account_logged = new OTS_Account();
-
-// stay-logged with sessions
-$current_session = getSession('account');
-if($current_session !== false)
-{
-	$account_logged->load($current_session);
-	if($account_logged->isLoaded() && $account_logged->getPassword() == getSession('password')
-		//&& (!isset($_SESSION['admin']) || admin())
-		&& (getSession('remember_me') !== false || getSession('last_visit') > time() - 15 * 60)) {  // login for 15 minutes if "remember me" is not used
-			$logged = true;
-	}
-	else {
-		unsetSession('account');
-		unset($account_logged);
-	}
-}
-
-if($logged) {
-	$logged_flags = $account_logged->getWebFlags();
-	$twig->addGlobal('logged', true);
-	$twig->addGlobal('account_logged', $account_logged);
-}
-
-setSession('last_visit', time());
-if(defined('PAGE')) {
-	setSession('last_page', PAGE);
-}
-setSession('last_uri', $_SERVER['REQUEST_URI']);

system/logout.php

@@ -12,7 +12,10 @@ use MyAAC\CsrfToken;
 
 defined('MYAAC') or die('Direct access not allowed!');
 
-if(isset($account_logged) && $account_logged->isLoaded()) {
+$account_logged = accountLogged();
+$hooks = app()->get('hooks');
+
+if($account_logged !== null && $account_logged->isLoaded()) {
 	if($hooks->trigger(HOOK_LOGOUT, ['account_id' => $account_logged->getId()])) {
 		unsetSession('account');
 		unsetSession('password');
@@ -20,13 +23,11 @@ if(isset($account_logged) && $account_logged->isLoaded()) {
 
 		CsrfToken::generate();
 
+		global $logged, $account_logged;
 		$logged = false;
-		unset($account_logged);
+		$account_logged = new OTS_Account();
 
-		if(isset($_REQUEST['redirect']))
-		{
-			header('Location: ' . urldecode($_REQUEST['redirect']));
-			exit;
-		}
+		app()->setLoggedIn($logged);
+		app()->setAccountLogged($account_logged);
 	}
 }

system/migrate.php

@@ -17,6 +17,12 @@ if(fetchDatabaseConfig('database_version', $tmp)) { // we got version
 		$db->revalidateCache();
 		for($i = $tmp + 1; $i <= DATABASE_VERSION; $i++) {
 			require SYSTEM . 'migrations/' . $i . '.php';
+
+			if (isset($up)) {
+				$up();
+				unset($up);
+			}
+
 			updateDatabaseConfig('database_version', $i);
 		}
 	}
@@ -26,6 +32,12 @@ else { // register first version
 	$db->revalidateCache();
 	for($i = 1; $i <= DATABASE_VERSION; $i++) {
 		require SYSTEM . 'migrations/' . $i . '.php';
+
+		if (isset($up)) {
+			$up();
+			unset($up);
+		}
+
 		updateDatabaseConfig('database_version', $i);
 	}
 }

system/migrations/1-hooks.sql

@@ -0,0 +1,8 @@
+CREATE TABLE `myaac_hooks`
+(
+	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`name` VARCHAR(30) NOT NULL DEFAULT '',
+	`type` INT(2) NOT NULL DEFAULT 0,
+	`file` VARCHAR(100) NOT NULL,
+	PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;

system/migrations/1.php

@@ -1,16 +1,16 @@
 <?php
-	$db->query("ALTER TABLE `" . TABLE_PREFIX . "account_actions` MODIFY `ip` INT(11) NOT NULL DEFAULT 0;");
-	$db->query("ALTER TABLE `" . TABLE_PREFIX . "account_actions` MODIFY `date` INT(11) NOT NULL DEFAULT 0;");
-	$db->query("ALTER TABLE `" . TABLE_PREFIX . "account_actions` MODIFY `action` VARCHAR(255) NOT NULL DEFAULT '';");
-	$db->query("
-	CREATE TABLE `myaac_hooks`
-(
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(30) NOT NULL DEFAULT '',
-	`type` INT(2) NOT NULL DEFAULT 0,
-	`file` VARCHAR(100) NOT NULL,
-	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
-");
+/**
+ * @var OTS_DB_MySQL $db
+ */
 
-?>
+$up = function () use ($db) {
+	$db->modifyColumn(TABLE_PREFIX . 'account_actions', 'ip', "INT(11) NOT NULL DEFAULT 0");
+	$db->modifyColumn(TABLE_PREFIX . 'account_actions', 'date', "INT(11) NOT NULL DEFAULT 0");
+	$db->modifyColumn(TABLE_PREFIX . 'account_actions', 'action', "VARCHAR(255) NOT NULL DEFAULT ''");
+
+	$db->query(file_get_contents(__DIR__ . '/1-hooks.sql'));
+};
+
+$down = function () use ($db) {
+	$db->dropTable(TABLE_PREFIX . 'hooks');
+};

system/migrations/10-admin_menu.sql

@@ -0,0 +1,10 @@
+CREATE TABLE `myaac_admin_menu`
+(
+	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`name` VARCHAR(255) NOT NULL DEFAULT '',
+	`page` VARCHAR(255) NOT NULL DEFAULT '',
+	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`flags` INT(11) NOT NULL DEFAULT 0,
+	`enabled` INT(1) NOT NULL DEFAULT 1,
+	PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;

system/migrations/10.php

@@ -1,17 +1,24 @@
 <?php
-	if(!$db->hasColumn(TABLE_PREFIX . 'hooks', 'ordering'))
-		$db->query("ALTER TABLE `" . TABLE_PREFIX . "hooks` ADD `ordering` INT(11) NOT NULL DEFAULT 0 AFTER `file`;");
+/**
+ * @var OTS_DB_MySQL $db
+ */
 
-	if(!$db->hasTable(TABLE_PREFIX . 'admin_menu'))
-		$db->query("
-CREATE TABLE `myaac_admin_menu`
-(
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(255) NOT NULL DEFAULT '',
-	`page` VARCHAR(255) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
-	`flags` INT(11) NOT NULL DEFAULT 0,
-	`enabled` INT(1) NOT NULL DEFAULT 1,
-	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
-");
+$up = function () use ($db) {
+	if (!$db->hasColumn(TABLE_PREFIX . 'hooks', 'ordering')) {
+		$db->addColumn(TABLE_PREFIX . 'hooks', 'ordering', "INT(11) NOT NULL DEFAULT 0 AFTER `file`");
+	}
+
+	if (!$db->hasTable(TABLE_PREFIX . 'admin_menu')) {
+		$db->query(file_get_contents(__DIR__ . '/10-admin_menu.sql'));
+	}
+};
+
+$down = function () use ($db) {
+	if ($db->hasColumn(TABLE_PREFIX . 'hooks', 'ordering')) {
+		$db->dropColumn(TABLE_PREFIX . 'hooks', 'ordering');
+	}
+
+	if ($db->hasTable(TABLE_PREFIX . 'admin_menu')) {
+		$db->dropTable(TABLE_PREFIX . 'admin_menu');
+	}
+};

system/migrations/11.php

@@ -1,19 +1,44 @@
 <?php
+/**
+ * @var OTS_DB_MySQL $db
+ */
+
+$up = function () use ($db) {
 	// rename database tables
-	$db->query("RENAME TABLE
-		" . TABLE_PREFIX . "screenshots TO " . TABLE_PREFIX . "gallery,
-		" . TABLE_PREFIX . "movies TO " . TABLE_PREFIX . "videos;");
+	$db->renameTable(TABLE_PREFIX . 'screenshots', TABLE_PREFIX . 'gallery');
+	$db->renameTable(TABLE_PREFIX . 'movies', TABLE_PREFIX . 'videos');
 
 	// rename images dir
-	if(file_exists(BASE . 'images/screenshots') && !file_exists(BASE . GALLERY_DIR)) {
+	if (file_exists(BASE . 'images/screenshots') && !file_exists(BASE . GALLERY_DIR)) {
 		rename(BASE . 'images/screenshots', BASE . GALLERY_DIR);
 	}
 
 	// convert old database screenshots images to gallery
 	$query = $db->query('SELECT `id`, `image`, `thumb` FROM `' . TABLE_PREFIX . 'gallery`;');
-	foreach($query->fetchAll() as $item) {
+	foreach ($query->fetchAll() as $item) {
 		$db->update(TABLE_PREFIX . 'gallery', array(
 			'image' => str_replace('/screenshots/', '/gallery/', $item['image']),
 			'thumb' => str_replace('/screenshots/', '/gallery/', $item['thumb']),
 		), array('id' => $item['id']));
 	}
+};
+
+$down = function () use ($db) {
+	// rename database tables
+	$db->renameTable(TABLE_PREFIX . 'gallery', TABLE_PREFIX . 'screenshots');
+	$db->renameTable(TABLE_PREFIX . 'videos', TABLE_PREFIX . 'movies');
+
+	// rename images dir
+	if (file_exists(BASE . GALLERY_DIR) && !file_exists(BASE . 'images/screenshots')) {
+		rename(BASE . GALLERY_DIR, BASE . 'images/screenshots');
+	}
+
+	// convert new database gallery images to screenshots
+	$query = $db->query('SELECT `id`, `image`, `thumb` FROM `' . TABLE_PREFIX . 'screenshots`;');
+	foreach ($query->fetchAll() as $item) {
+		$db->update(TABLE_PREFIX . 'screenshots', [
+			'image' => str_replace('/gallery/', '/screenshots/', $item['image']),
+			'thumb' => str_replace('/gallery/', '/screenshots/', $item['thumb']),
+		], ['id' => $item['id']]);
+	}
+};

system/migrations/12-items.sql

@@ -0,0 +1,9 @@
+CREATE TABLE `myaac_items`
+(
+	`id` INT(11) NOT NULL,
+	`article` VARCHAR(5) NOT NULL DEFAULT '',
+	`name` VARCHAR(50) NOT NULL DEFAULT '',
+	`plural` VARCHAR(50) NOT NULL DEFAULT '',
+	`attributes` VARCHAR(500) NOT NULL DEFAULT '',
+	PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;

system/migrations/12-weapons.sql

@@ -0,0 +1,8 @@
+CREATE TABLE `myaac_weapons`
+(
+	`id` INT(11) NOT NULL,
+	`level` INT(11) NOT NULL DEFAULT 0,
+	`maglevel` INT(11) NOT NULL DEFAULT 0,
+	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
+	PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;

system/migrations/12.php

@@ -1,51 +1,65 @@
 <?php
+/**
+ * @var OTS_DB_MySQL $db
+ */
 
-// add new item_id field for runes
-if(!$db->hasColumn(TABLE_PREFIX . 'spells', 'item_id'))
-	$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` ADD `item_id` INT(11) NOT NULL DEFAULT 0 AFTER `conjure_count`;");
+use MyAAC\Models\Spell;
 
-// change unique index from spell to name
-$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` DROP INDEX `spell`;");
-$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` ADD UNIQUE INDEX (`name`);");
+$up = function () use ($db) {
+	// add new item_id field for runes
+	if (!$db->hasColumn(TABLE_PREFIX . 'spells', 'item_id')) {
+		$db->addColumn(TABLE_PREFIX . 'spells', 'item_id', 'INT(11) NOT NULL DEFAULT 0 AFTER `conjure_count`');
+	}
 
-// change comment of spells.type
-$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` MODIFY `type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune';");
+	// change unique index from spell to name
+	$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` DROP INDEX `spell`;");
+	$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` ADD UNIQUE INDEX (`name`);");
 
-// new items table
-if(!$db->hasTable(TABLE_PREFIX . 'items'))
-$db->query("
-CREATE TABLE `" . TABLE_PREFIX . "items`
-(
-	`id` INT(11) NOT NULL,
-	`article` VARCHAR(5) NOT NULL DEFAULT '',
-	`name` VARCHAR(50) NOT NULL DEFAULT '',
-	`plural` VARCHAR(50) NOT NULL DEFAULT '',
-	`attributes` VARCHAR(500) NOT NULL DEFAULT '',
-	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
-");
+	// change comment of spells.type
+	$db->modifyColumn(TABLE_PREFIX . 'spells', 'type', "TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune'");
 
-// new weapons table
-if(!$db->hasTable(TABLE_PREFIX . 'weapons'))
-$db->query("
-CREATE TABLE `" . TABLE_PREFIX . "weapons`
-(
-	`id` INT(11) NOT NULL,
-	`level` INT(11) NOT NULL DEFAULT 0,
-	`maglevel` INT(11) NOT NULL DEFAULT 0,
-	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
-	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
-");
+	// new items table
+	if (!$db->hasTable(TABLE_PREFIX . 'items')) {
+		$db->query(file_get_contents(__DIR__ . '/12-items.sql'));
+	}
 
-// modify vocations to support json data
-$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` MODIFY `vocations` VARCHAR(100) NOT NULL DEFAULT '';");
-$query = $db->query('SELECT `id`, `vocations` FROM `' . TABLE_PREFIX . 'spells`');
-foreach($query->fetchAll() as $spell) {
-	$tmp = explode(',', $spell['vocations']);
-	foreach($tmp as &$v) {
+	// new weapons table
+	if (!$db->hasTable(TABLE_PREFIX . 'weapons')) {
+		$db->query(file_get_contents(__DIR__ . '/12-weapons.sql'));
+	}
+
+	// modify vocations to support json data
+	$db->modifyColumn(TABLE_PREFIX . 'spells', 'vocations', "VARCHAR(100) NOT NULL DEFAULT ''");
+
+	$spells = Spell::select('id', 'vocations')->get();
+	foreach ($spells as $spell) {
+		$tmp = explode(',', $spell->vocations);
+		foreach ($tmp as &$v) {
 			$v = (int)$v;
 		}
-	$db->update(TABLE_PREFIX . 'spells', array('vocations' => json_encode($tmp)), array('id' => $spell['id']));
-}
-?>
+
+		Spell::where('id', $spell->id)->update(['vocations' => json_encode($tmp)]);
+	}
+};
+
+$down = function () use ($db) {
+	// remove item_id field for runes
+	if ($db->hasColumn(TABLE_PREFIX . 'spells', 'item_id')) {
+		$db->dropColumn(TABLE_PREFIX . 'spells', 'item_id');
+	}
+
+	// change unique index from spell to name
+	$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` DROP INDEX `name`;");
+	$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` ADD INDEX (`spell`);");
+
+	$db->dropTable(TABLE_PREFIX . 'items');
+	$db->dropTable(TABLE_PREFIX . 'weapons');
+
+	$spells = Spell::select('id', 'vocations')->get();
+	// modify vocations to use vocation separated by comma
+	foreach ($spells as $spell) {
+		$vocations = empty($spell->vocations) ? [] : json_decode($spell->vocations);
+
+		Spell::where('id', $spell->id)->update(['vocations' => implode(',', $vocations)]);
+	}
+};

system/migrations/13.php

@@ -1,3 +1,16 @@
 <?php
-	if($db->hasColumn(TABLE_PREFIX . 'spells', 'spell'))
-		$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` DROP COLUMN `spell`;");
+/**
+ * @var OTS_DB_MySQL $db
+ */
+
+$up = function () use ($db) {
+	if ($db->hasColumn(TABLE_PREFIX . 'spells', 'spell')) {
+		$db->dropColumn(TABLE_PREFIX . 'spells', 'spell');
+	}
+};
+
+$down = function () use ($db) {
+	if (!$db->hasColumn(TABLE_PREFIX . 'spells', 'spell')) {
+		$db->addColumn(TABLE_PREFIX . 'spells', 'spell', "VARCHAR(255) NOT NULL DEFAULT ''");
+	}
+};

system/migrations/14.php

@@ -1,18 +1,39 @@
 <?php
+/**
+ * @var OTS_DB_MySQL $db
+ */
 
-// change monsters.file_path field to loot
-if($db->hasColumn(TABLE_PREFIX . 'monsters', 'file_path')) {
-	$db->query("ALTER TABLE `" . TABLE_PREFIX . "monsters` CHANGE `file_path` `loot` VARCHAR(5000);");
-}
+$up = function () use ($db) {
+	// change monsters.file_path field to loot
+	if ($db->hasColumn(TABLE_PREFIX . 'monsters', 'file_path')) {
+		$db->changeColumn(TABLE_PREFIX . 'monsters', 'file_path', 'loot', 'VARCHAR(5000)');
+	}
 
-// update loot to empty string
-$db->query("UPDATE `" . TABLE_PREFIX . "monsters` SET `loot` = '';");
+	// update loot to empty string
+	$db->query("UPDATE `" . TABLE_PREFIX . "monsters` SET `loot` = '';");
 
-// drop monsters.gfx_name field
-$db->query("ALTER TABLE `" . TABLE_PREFIX . "monsters` DROP COLUMN `gfx_name`;");
+	// drop monsters.gfx_name field
+	$db->dropColumn(TABLE_PREFIX . 'monsters', 'gfx_name');
 
-// rename hide_creature to hidden
-if($db->hasColumn(TABLE_PREFIX . 'monsters', 'hide_creature')) {
-	$db->query("ALTER TABLE `" . TABLE_PREFIX . "monsters` CHANGE `hide_creature` `hidden` TINYINT(1) NOT NULL DEFAULT 0;");
-}
-?>
+	// rename hide_creature to hidden
+	if ($db->hasColumn(TABLE_PREFIX . 'monsters', 'hide_creature')) {
+		$db->changeColumn(TABLE_PREFIX . 'monsters', 'hide_creature', 'hidden', "TINYINT(1) NOT NULL DEFAULT 0");
+	}
+};
+
+$down = function () use ($db) {
+	if ($db->hasColumn(TABLE_PREFIX . 'monsters', 'loot')) {
+		$db->changeColumn(TABLE_PREFIX . 'monsters', 'loot', 'file_path', 'VARCHAR(5000)');
+	}
+
+	// update file_path to empty string
+	$db->query("UPDATE `" . TABLE_PREFIX . "monsters` SET `file_path` = '';");
+
+	// add monsters.gfx_name field
+	$db->addColumn(TABLE_PREFIX . 'monsters', 'gfx_name', 'varchar(255) NOT NULL AFTER `race`');
+
+	// rename hidden to hide_creature
+	if ($db->hasColumn(TABLE_PREFIX . 'monsters', 'hidden')) {
+		$db->changeColumn(TABLE_PREFIX . 'monsters', 'hidden', 'hide_creature', 'TINYINT(1) NOT NULL DEFAULT 0');
+	}
+};

system/migrations/15.php

@@ -1,10 +1,26 @@
 <?php
+/**
+ * @var OTS_DB_MySQL $db
+ */
 
 // add new forum.guild and forum.access fields
-if(!$db->hasColumn(TABLE_PREFIX . 'forum_boards', 'guild')) {
-	$db->query("ALTER TABLE `" . TABLE_PREFIX . "forum_boards` ADD `guild` TINYINT(1) NOT NULL DEFAULT 0 AFTER `closed`;");
-}
 
-if(!$db->hasColumn(TABLE_PREFIX . 'forum_boards', 'access')) {
-	$db->query("ALTER TABLE `" . TABLE_PREFIX . "forum_boards` ADD `access` TINYINT(1) NOT NULL DEFAULT 0 AFTER `guild`;");
-}
+$up = function () use ($db) {
+	if (!$db->hasColumn(TABLE_PREFIX . 'forum_boards', 'guild')) {
+		$db->addColumn(TABLE_PREFIX . 'forum_boards', 'guild', 'TINYINT(1) NOT NULL DEFAULT 0 AFTER `closed`');
+	}
+
+	if (!$db->hasColumn(TABLE_PREFIX . 'forum_boards', 'access')) {
+		$db->addColumn(TABLE_PREFIX . 'forum_boards', 'access', 'TINYINT(1) NOT NULL DEFAULT 0 AFTER `guild`');
+	}
+};
+
+$down = function () use ($db) {
+	if ($db->hasColumn(TABLE_PREFIX . 'forum_boards', 'guild')) {
+		$db->dropColumn(TABLE_PREFIX . 'forum_boards', 'guild');
+	}
+
+	if ($db->hasColumn(TABLE_PREFIX . 'forum_boards', 'access')) {
+		$db->dropColumn(TABLE_PREFIX . 'forum_boards', 'access');
+	}
+};

system/migrations/16.php

@@ -1,5 +1,14 @@
 <?php
+/**
+ * @var OTS_DB_MySQL $db
+ */
 
 // change size of spells.vocations
-$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` MODIFY `vocations` VARCHAR(300) NOT NULL DEFAULT '';");
-?>
+
+$up = function () use ($db) {
+	$db->modifyColumn(TABLE_PREFIX . 'spells', 'vocations', "VARCHAR(300) NOT NULL DEFAULT ''");
+};
+
+$down = function () {
+	// nothing to do here
+};

system/migrations/17-menu.sql

@@ -0,0 +1,11 @@
+CREATE TABLE `myaac_menu`
+(
+	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`template` VARCHAR(255) NOT NULL,
+	`name` VARCHAR(255) NOT NULL,
+	`link` VARCHAR(255) NOT NULL,
+	`category` INT(11) NOT NULL DEFAULT 1,
+	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`enabled` INT(1) NOT NULL DEFAULT 1,
+	PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;

system/migrations/17.php

@@ -1,23 +1,20 @@
 <?php
+/**
+ * @var OTS_DB_MySQL $db
+ */
 
 use MyAAC\Plugins;
 
-if(!$db->hasTable('myaac_menu')) {
-	$db->query("
-CREATE TABLE `myaac_menu`
-(
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
-	`template` VARCHAR(255) NOT NULL,
-	`name` VARCHAR(255) NOT NULL,
-	`link` VARCHAR(255) NOT NULL,
-	`category` INT(11) NOT NULL DEFAULT 1,
-	`ordering` INT(11) NOT NULL DEFAULT 0,
-	`enabled` INT(1) NOT NULL DEFAULT 1,
-	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
-");
-}
+$up = function () use ($db) {
+	if (!$db->hasTable(TABLE_PREFIX . 'menu')) {
+		$db->exec(file_get_contents(__DIR__ . '/17-menu.sql'));
+	}
 
-Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php');
-Plugins::installMenus('tibiacom', require TEMPLATES . 'tibiacom/menus.php');
+	Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php');
+	Plugins::installMenus('tibiacom', require TEMPLATES . 'tibiacom/menus.php');
+};
+
+$down = function () use ($db) {
+	$db->dropTable(TABLE_PREFIX . 'menu');
+};
 

system/migrations/18.php

@@ -1,6 +1,24 @@
 <?php
+/**
+ * @var OTS_DB_MySQL $db
+ */
 
-$db->query("ALTER TABLE `" . TABLE_PREFIX . "news` ADD `article_text` VARCHAR(300) NOT NULL DEFAULT '' AFTER `comments`;");
-$db->query("ALTER TABLE `" . TABLE_PREFIX . "news` ADD `article_image` VARCHAR(100) NOT NULL DEFAULT '' AFTER `article_text`;");
+$up = function () use ($db) {
+	if (!$db->hasColumn(TABLE_PREFIX . 'news', 'article_text')) {
+		$db->addColumn(TABLE_PREFIX . 'news', 'article_text', "VARCHAR(300) NOT NULL DEFAULT '' AFTER `comments`");
+	}
 
-?>
+	if (!$db->hasColumn(TABLE_PREFIX . 'news', 'article_image')) {
+		$db->addColumn(TABLE_PREFIX . 'news', 'article_image', "VARCHAR(100) NOT NULL DEFAULT '' AFTER `article_text`");
+	}
+};
+
+$down = function () use ($db) {
+	if ($db->hasColumn(TABLE_PREFIX . 'news', 'article_text')) {
+		$db->dropColumn(TABLE_PREFIX . 'news', 'article_text');
+	}
+
+	if ($db->hasColumn(TABLE_PREFIX . 'news', 'article_image')) {
+		$db->dropColumn(TABLE_PREFIX . 'news', 'article_image');
+	}
+};