Release v1.8

(for an example server with 2k players)

CHANGELOG-1.x.md

@@ -1,5 +1,100 @@
 # Changelog
 
+## [1.8 - 01.08.2025]
+
+### Added
+* Templates - Kathrine: Possibility to add custom menu categories (https://github.com/slawkens/myaac/commit/ec11c1402417c25980582467546d1c1e9bb8267f)
+* Admin Panel - Accounts Editor: Add Coins Transferable (https://github.com/slawkens/myaac/commit/45d6047031c9c3a0e7e512dc5d15c75629aec5a2, https://github.com/slawkens/myaac/commit/bb097b69ce106500a49686d6f4fe604348eaa310)
+* Highscores:
+  * Revamped: (https://github.com/slawkens/myaac/commit/d8132d4d76e03d5aa0c042be426320655a601392)
+    * Show real rank, if 2 or more players have the same skill, show them with same rank
+    * New setting: highscores_online_status
+    * Additional fields passed to twig: updatedAt, totalResults, page, baseLink
+  * Add new Setting: Display Skills Box (https://github.com/slawkens/myaac/commit/36ca755243ef1c83f6ac87465b426d4d8d3b0bb9)
+* Functions: Add getExperienceForLevel (level) (https://github.com/slawkens/myaac/commit/1566deb84a082176b8c683fda205d828bc38fbcc)
+* Commands - cache:clear : Add warning about APCu clear in CLI (https://github.com/slawkens/myaac/commit/83f84172e02e8ea2ccb6dca29bc033e44c35aebc)
+* Models - PlayerOnline: Add missing $fillable into model (https://github.com/slawkens/myaac/commit/43415cf35db1c1307f2684c1728693d65065ffff)
+* Twig: add cache variable (https://github.com/slawkens/myaac/commit/0efe47ce71c4b364a9e96bc5a55b1655326ae6da)
+
+### Changed
+* pages/online: add cache, resulting in 20x performance boost
+  * (for an example server with 2k players) (https://github.com/slawkens/myaac/commit/c8363086015cbb6e8786c398c7b9ac3959a26ec4)
+* Admin Bar: Move admin bar code into body_start place_holder (https://github.com/slawkens/myaac/commit/f17269e44ce9dd38447bd2e2a8e1bdb065d4161f)
+* Cache::remember: $ttl = 0 means no cache (https://github.com/slawkens/myaac/commit/3b47e9df2f4051807c5ff87892f7fa3d348f9c55)
+* Templates: Load config.ini with $process_sections set to true (https://github.com/slawkens/myaac/commit/a89f9a84847630eb75b4890fdcc8b7a7bfa6b8ac)
+* Twig: Allow for timestamp as integer in the timeago twig function
+  (https://github.com/slawkens/myaac/commit/34fead906ea13b9f09d7a3c41ed88109d34d386c)
+
+### Fixed
+* Settings: Fixed two exceptions (https://github.com/slawkens/myaac/commit/6e5a4ff8c78ff5373aba091baa66cae029557643, https://github.com/slawkens/myaac/commit/20d69a641c0a933d14889a89da6d32f6a4bc6c7d)
+* Models\Account + OTS_Account -> isPremium -> ignore config.freePremium (https://github.com/slawkens/myaac/commit/5271633bdbfbbfed0b1d59c403093ce6fc2b7d20)
+* Admin Panel - Mailer:
+  * Fix send to email link redirecting from accounts page (https://github.com/slawkens/myaac/commit/080cc2781f034c844af658229e495e9a47fd2298)
+  * Option to send only to verified accounts - only if setting('core.account_mail_verify') enabled (https://github.com/slawkens/myaac/commit/cf7fd20452e863980045bb5d6012ec86c6e8e01f)
+
+### Internal
+* Rewrite to use constants (account transferable coins) (https://github.com/slawkens/myaac/commit/bccf8e056df985bbe1bab5f7ab5492f714d6b62b)
+* Refactor to use HAS_ACCOUNT_COINS (https://github.com/slawkens/myaac/commit/caf326a6584a234775ebc6c8000ea02b3fecd160)
+
+## [1.7.1 - 27.06.2025]
+
+### Changed
+* Rename plugin:install:install to plugin:setup, also add alias to previous command (https://github.com/slawkens/myaac/commit/13d33822b59df349199e885a78a3d6beb0863d0b)
+
+### Fixed
+* Fix commands: setup + cache:clear (https://github.com/slawkens/myaac/commit/0da524fefe93b3028392e9014550eea3324d3a22, https://github.com/slawkens/myaac/commit/fe8281594e989f00280ba1adc734a9198c6b5cc1)
+* Fix polls link in tibiacom template (https://github.com/slawkens/myaac/commit/d90fa323d7c77d81768df60feeb1c374b1650a0c)
+
+## [1.7 - 22.06.2025]
+
+### Added
+* Feature: plugins versions check (#310)
+* New hooks: HOOK_ACCOUNT_MANAGE_AFTER_CHARACTERS, HOOK_GUILDS_AFTER_MANAGE_BUTTON (https://github.com/slawkens/myaac/commit/c074a48f245df55646b6705737f667b6a84149b2, https://github.com/slawkens/myaac/commit/e6100a1b72de8695bba1dae9ba4e28bfdce47b10)
+* Add OTS_Toolbox::getVocationName(id, promotion) + OTS_Player->isNameLocked() (https://github.com/slawkens/myaac/commit/e222957893c4a1de0dc8dbba55bce1a43418d275, https://github.com/slawkens/myaac/commit/522f6c11d835afd36fd07a07074d96d7e219b488)
+* Add missing csrf in more places, causing white page with error about Request (https://github.com/slawkens/myaac/commit/dca904e61d21d856bf809070e7652803a2df0f58, https://github.com/slawkens/myaac/commit/c720ccc451ff90ef40b2a1595468d061ffd7e1e4)
+
+### Changed
+* Revamped online page (https://github.com/slawkens/myaac/commit/9a90e4aae280e607430511c6727d9a714b11f4c5, https://github.com/slawkens/myaac/commit/4767120043b09141870383e249f3729638d53dc2)
+* Better $title inventing (https://github.com/slawkens/myaac/commit/0c95bcfd06b68b21512e477646ef7bd3a0d4912b)
+
+### Fixed
+* Use apcu cache clear (https://github.com/slawkens/myaac/commit/b329da52aae9d0e21120a6444d3caf442420ce50, https://github.com/slawkens/myaac/commit/566c2a9151ab6392286f74e26853faa19a1b4f24)
+* fix: boostedcreatures for 13.40 (by @GooseWithAKnife) (#307)
+
+## [1.6.1 - 11.06.2025]
+
+### Fixed
+* Fixed "Request has been cancelled due to security reasons", cause of missing csrf() in twig files (https://github.com/slawkens/myaac/commit/10cd71a6630ffec91b43a26a6d685b66c5836a6a)
+* Fix: Ignore duplicated route exception (https://github.com/slawkens/myaac/commit/9d8e9d27bd87167d8d4005942a6af62bfe4c0892)
+
+### Changed
+* Move counter & visitors code before router (In case someone wants to include that info on page) (https://github.com/slawkens/myaac/commit/f78285030708ad3c74ab048711f73bbf3ee5281e)
+* Set TinyMCE license key to gpl (Avoid warning message in browser console) (https://github.com/slawkens/myaac/commit/8d29fdb98b92dbc3d2853ef88a185c67036b4a77)
+
+### Removed
+* Remove deprecated TinyMCE plugin - template (https://github.com/slawkens/myaac/commit/309c1fb715b882e67cb673b1544a03befbf64a22)
+
+## [1.6 - 03.06.2025]
+
+### Added
+* Add new setting/configurable: site_url, prevents domain spoofing (https://github.com/slawkens/myaac/commit/d8a6090be382c35c19117cfef964b594ed02b8d4)
+* Add new account coins setting (https://github.com/slawkens/myaac/commit/28886551e86fe562172c4c7f2afb89a2e7672c2e)
+* autoload: settings/install/init.php (https://github.com/slawkens/myaac/commit/e5749437074c3b3556628a2aeb5bad2edf97bde0, https://github.com/slawkens/myaac/commit/7d213f479a7e40c6254069b5fc4e578dc32bf8d9, https://github.com/slawkens/myaac/commit/207d6bc69120aba1af2b51808f17e0059b571fed)
+* Protect against csrf in more places (accounts & guilds & forums pages) (https://github.com/slawkens/myaac/commit/6eda38603c8ed7e99b92a78a4600b1245377f74d, https://github.com/slawkens/myaac/commit/e776bd52beb3064a9e694efd1b9021ec972ee2f6, https://github.com/slawkens/myaac/commit/84d502bf105f2a789481fba1acc820d236b4de66)
+* Added two new hooks for pages loaded from database (custom pages): HOOK_BEFORE_PAGE_CUSTOM, HOOK_AFTER_PAGE_CUSTOM (https://github.com/slawkens/myaac/commit/c961a1ebf837f2ab1734a825ff2c57b4937610c9)
+* Add global variables into $hooks->executeFilter (https://github.com/slawkens/myaac/commit/8fdea943768b20193eede99d60313ee84511a0be)
+* Add getNPCsCount() to OTS_InfoRespond (https://github.com/slawkens/myaac/commit/7d435ff6433ef1fb2295ee79ed043ee10dc725e9)
+
+### Fixed
+* Allow [] in character name (https://github.com/slawkens/myaac/commit/de6603a51347b9e656c58637ed9971fffdd7cedd)
+* Do not allow access to tools/ folder after install (https://github.com/slawkens/myaac/commit/6e0f5913831f8dba69fd2d1505be3e2a303c6324)
+* Fix CHANGELOG-1.x.md loading in admin panel (https://github.com/slawkens/myaac/commit/4a30fb495dbfbe1d434e8d52419eaf44fe517aee)
+* Fix links not working in admin dashboard modules (https://github.com/slawkens/myaac/commit/be7b27c31aa3bbd6c0289c34d1e61139a3fe015c)
+* Fix twig variables: logged + account_logged being not set directly after login (https://github.com/slawkens/myaac/commit/1e9b10d6489c488cadf7f6ed17b42f1ea6c767a8)
+
+### Changed
+* OTS_ServerInfo -> move setTimeout out of class - Possibility to use the class without MyAAC (https://github.com/slawkens/myaac/commit/40d65a6613149fda51bdceb82c807e5301a3388b)
+
 ## [1.5 - 14.05.2025]
 
 ### Added

admin/pages/accounts.php

@@ -26,7 +26,6 @@ if (setting('core.account_country'))
 $nameOrNumberColumn = getAccountIdentityColumn();
 
 $hasSecretColumn = $db->hasColumn('accounts', 'secret');
-$hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $hasTypeColumn = $db->hasColumn('accounts', 'type');
 $hasGroupColumn = $db->hasColumn('accounts', 'group_id');
@@ -136,11 +135,18 @@ else if (isset($_REQUEST['search'])) {
 			if (!Validator::email($email))
 				$errors['email'] = Validator::getLastError();
 
-			//tibia coins
-			if ($hasCoinsColumn) {
+			// tibia coins
+			if (HAS_ACCOUNT_COINS) {
 				$t_coins = $_POST['t_coins'];
 				verify_number($t_coins, 'Tibia coins', 12);
 			}
+
+			// transferable tibia coins
+			if (HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS) {
+				$t_coins_transferable = $_POST['t_coins_transferable'];
+				verify_number($t_coins_transferable, 'Transferable Tibia coins', 12);
+			}
+
 			// prem days
 			$p_days = (int)$_POST['p_days'];
 			verify_number($p_days, 'Prem days', 11);
@@ -185,12 +191,18 @@ else if (isset($_REQUEST['search'])) {
 				if ($hasSecretColumn) {
 					$account->setCustomField('secret', $secret);
 				}
+
 				$account->setCustomField('key', $key);
 				$account->setEMail($email);
-				if ($hasCoinsColumn) {
+
+				if (HAS_ACCOUNT_COINS) {
 					$account->setCustomField('coins', $t_coins);
 				}
 
+				if (HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS) {
+					$account->setCustomField(ACCOUNT_COINS_TRANSFERABLE_COLUMN, $t_coins_transferable);
+				}
+
 				$lastDay = 0;
 				if($p_days != 0 && $p_days != OTS_Account::GRATIS_PREMIUM_DAYS) {
 					$lastDay = time();
@@ -223,9 +235,6 @@ else if (isset($_REQUEST['search'])) {
 
 					$password = encrypt($password);
 					$account->setPassword($password);
-
-					if (USE_ACCOUNT_SALT)
-						$account->setCustomField('salt', $salt);
 				}
 
 				$account->save();
@@ -395,12 +404,18 @@ else if (isset($_REQUEST['search'])) {
 										<label for="email">Email:</label><?php echo (setting('core.mail_enabled') ? ' (<a href="' . ADMIN_URL . '?p=mailer&mail_to=' . $account->getEMail() . '">Send Mail</a>)' : ''); ?>
 										<input type="text" class="form-control" id="email" name="email" autocomplete="off" value="<?php echo $account->getEMail(); ?>"/>
 									</div>
-									<?php if ($hasCoinsColumn): ?>
+									<?php if (HAS_ACCOUNT_COINS): ?>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="t_coins">Tibia Coins:</label>
 											<input type="text" class="form-control" id="t_coins" name="t_coins" autocomplete="off" maxlength="11" value="<?php echo $account->getCustomField('coins') ?>"/>
 										</div>
 									<?php endif; ?>
+									<?php if (HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS): ?>
+										<div class="col-12 col-sm-12 col-lg-6">
+											<label for="t_coins_transferable">Transferable Tibia Coins:</label>
+											<input type="text" class="form-control" id="t_coins_transferable" name="t_coins_transferable" autocomplete="off" maxlength="11" value="<?php echo $account->getCustomField(ACCOUNT_COINS_TRANSFERABLE_COLUMN) ?>"/>
+										</div>
+									<?php endif; ?>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="p_days">Premium Days:</label>
 										<input type="text" class="form-control" id="p_days" name="p_days" autocomplete="off" maxlength="11" value="<?php echo $account->getPremDays(); ?>"/>

admin/pages/mailer.php

@@ -25,9 +25,10 @@ if (!setting('core.mail_enabled')) {
 	return;
 }
 
-$mail_to = isset($_POST['mail_to']) ? stripslashes(trim($_POST['mail_to'])) : null;
+$mail_to = isset($_REQUEST['mail_to']) ? stripslashes(trim($_REQUEST['mail_to'])) : null;
 $mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : null;
 $mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : null;
+$mail_verified_only = $_POST['mail_verified_only'] ?? false;
 
 if (isset($_POST['submit'])) {
 	if (empty($mail_subject)) {
@@ -58,14 +59,14 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
 	$success = 0;
 	$failed = 0;
 
-	$add = '';
-	if (setting('core.account_mail_verify')) {
-		note('Note: Sending only to users with verified E-Mail.');
-		$add = ' AND `email_verified` = 1';
+	$query = Account::where('email', '!=', '');
+
+	if ($mail_verified_only) {
+		info('Note: Sending only to users with verified E-Mail.');
+		$query->where('email_verified', 1);
 	}
 
-	$query = Account::where('email', '!=', '')->get(['email']);
-	foreach ($query as $email) {
+	foreach ($query->get(['email']) as $email) {
 		if (_mail($email->email, $mail_subject, $mail_content)) {
 			$success++;
 		}
@@ -84,5 +85,6 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
 $twig->display('admin.mailer.html.twig', [
 	'mail_to' => $mail_to,
 	'mail_subject' => $mail_subject,
-	'mail_content' => $mail_content
+	'mail_content' => $mail_content,
+	'mail_verified_only' => $mail_verified_only,
 ]);

admin/pages/mass_account.php

@@ -18,7 +18,6 @@ $title = 'Mass Account Actions';
 
 csrfProtect();
 
-$hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $freePremium = $config['lua']['freePremium'];
 
@@ -40,9 +39,7 @@ function admin_give_points($points)
 
 function admin_give_coins($coins)
 {
-	global $hasCoinsColumn;
-
-	if (!$hasCoinsColumn) {
+	if (!HAS_ACCOUNT_COINS) {
 		displayMessage('Coins not supported.');
 		return;
 	}
@@ -167,19 +164,19 @@ if (!empty(ACTION) && isRequestMethod('post')) {
 }
 else {
 	$twig->display('admin.tools.account.html.twig', array(
-		'hasCoinsColumn' => $hasCoinsColumn,
+		'hasCoinsColumn' => HAS_ACCOUNT_COINS,
 		'hasPointsColumn' => $hasPointsColumn,
 		'freePremium' => $freePremium,
 	));
 }
 
 function displayMessage($message, $success = false) {
-	global $twig, $hasCoinsColumn, $hasPointsColumn, $freePremium;
+	global $twig, $hasPointsColumn, $freePremium;
 
 	$success ? success($message): error($message);
 
 	$twig->display('admin.tools.account.html.twig', array(
-		'hasCoinsColumn' => $hasCoinsColumn,
+		'hasCoinsColumn' => HAS_ACCOUNT_COINS,
 		'hasPointsColumn' => $hasPointsColumn,
 		'freePremium' => $freePremium,
 	));

admin/pages/modules/coins.php

@@ -6,7 +6,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 
 $coins = 0;
 
-if ($db->hasColumn('accounts', 'coins')) {
+if (HAS_ACCOUNT_COINS) {
 	$whatToGet = ['id', 'coins'];
 	if (USE_ACCOUNT_NAME) {
 		$whatToGet[] = 'name';

admin/pages/modules/templates/coins.html.twig

@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=accounts&id={{ result.id }}">{{ result.name }}</a></td>
+							<td><a href="?p=accounts&id={{ result.id }}">{{ result.name ?? result.id }}</a></td>
 							<td>{{ result.coins }}</td>
 						</tr>
 					{% endfor %}

admin/pages/plugins.php

@@ -51,6 +51,56 @@ else {
 		} else {
 			error('Error while disabling plugin ' . $disable . ': ' . Plugins::getError());
 		}
+	}
+	else if (isset($_GET['check-updates'])) {
+		$repoUri = $config['admin_plugins_api_uri'] ?? 'https://plugins.my-aac.org/api/';
+		success("Fetching latest info from $repoUri..");
+
+		$adminPlugins = new \MyAAC\Admin\Plugins();
+
+		$adminPlugins->setApiBaseUri($repoUri);
+
+		try {
+			$plugins = $adminPlugins->getLatestVersions();
+		}
+		catch (Exception $e) {
+			error($e->getMessage());
+		}
+
+		if (isset($plugins) && count($plugins) > 0) {
+			$outdated = [];
+
+			foreach (get_plugins(true) as $plugin) {
+				$string = file_get_contents(BASE . 'plugins/' . $plugin . '.json');
+				$plugin_info = json_decode($string, true);
+
+				if (!$plugin_info) {
+					continue;
+				}
+
+				$disabled = (str_contains($plugin, 'disabled.'));
+				$pluginOriginal = ($disabled ? str_replace('disabled.', '', $plugin) : $plugin);
+
+				$info = $plugins[$pluginOriginal] ?? false;
+				if ($info && version_compare($info['version'], $plugin_info['version'], '>')) {
+					$outdated[] = [
+						'name' => $pluginOriginal,
+						'yourVersion' => $plugin_info['version'],
+						'latestVersion' => $info['version'],
+						'link' => $info['link'] ?? 'Unknown',
+						'download_link' => $info['download_link'] ?? 'Unknown',
+					];
+				}
+			}
+
+			if (count($outdated) > 0) {
+				info('Following updates have been found for your plugins:');
+				$twig->display('admin.plugins.outdated.html.twig', ['plugins' => $outdated]);
+			}
+			else {
+				success('All plugins up to date!');
+			}
+		}
 	} else if (isset($_FILES['plugin']['name'])) {
 		$file = $_FILES['plugin'];
 		$filename = $file['name'];

admin/pages/visitors.php

@@ -19,8 +19,7 @@ $use_datatable = true;
 
 if (!setting('core.visitors_counter')): ?>
 	Visitors counter is disabled.<br/>
-	You can enable it by editing this configurable in <b>config.local.php</b> file:<br/>
-	<p style="margin-left: 3em;"><b>$config['visitors_counter'] = true;</b></p>
+	You can enable it in Settings -> General -> Visitors Counter.<br/>
 	<?php
 	return;
 endif;
@@ -46,7 +45,7 @@ foreach ($tmp as &$visitor) {
 		if ($dd->isBot()) {
 			$bot = $dd->getBot();
 			$message = '(Bot) %s, <a href="%s" target="_blank">%s</a>';
-			$browser = sprintf($message, $bot['category'], $bot['url'], $bot['name']);
+			$browser = sprintf($message, $bot['category'] ?? 'Unknown', $bot['url'] ?? '', $bot['name'] ?? 'Unknown name');
 		}
 		else {
 			$osFamily = OperatingSystem::getOsFamily($dd->getOs('name'));

admin/tools/settings_save.php

@@ -1,6 +1,5 @@
 <?php
 
-use MyAAC\Hooks;
 use MyAAC\Settings;
 
 const MYAAC_ADMIN = true;

common.php

@@ -26,7 +26,7 @@
 if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
 
 const MYAAC = true;
-const MYAAC_VERSION = '1.5.1-dev';
+const MYAAC_VERSION = '1.8';
 const DATABASE_VERSION = 45;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
@@ -122,38 +122,30 @@ if (!IS_CLI) {
 	session_start();
 }
 
-// basedir
-$basedir = '';
-$tmp = explode('/', $_SERVER['SCRIPT_NAME']);
-$size = count($tmp) - 1;
-for($i = 1; $i < $size; $i++)
-	$basedir .= '/' . $tmp[$i];
-
-$basedir = str_replace(['/' . ADMIN_PANEL_FOLDER, '/install', '/tools'], '', $basedir);
-define('BASE_DIR', $basedir);
-
-if(!IS_CLI) {
-	if (isset($_SERVER['HTTP_HOST'][0])) {
-		$baseHost = $_SERVER['HTTP_HOST'];
-	} else {
-		if (isset($_SERVER['SERVER_NAME'][0])) {
-			$baseHost = $_SERVER['SERVER_NAME'];
-		} else {
-			$baseHost = $_SERVER['SERVER_ADDR'];
-		}
-	}
-
-	define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
-	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
-	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
-
-	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
-}
-
 if (file_exists(BASE . 'config.local.php')) {
 	require BASE . 'config.local.php';
 }
 
+require SYSTEM . 'base.php';
+define('BASE_DIR', $baseDir);
+
+if(!IS_CLI) {
+	if (isset($config['site_url'])) {
+		$hasSlashAtEnd = ($config['site_url'][strlen($config['site_url']) - 1] == '/');
+
+		define('SERVER_URL', $config['site_url']);
+		define('BASE_URL', SERVER_URL . ($hasSlashAtEnd ? '' : '/'));
+		define('ADMIN_URL', SERVER_URL . ($hasSlashAtEnd ? '' : '/') . ADMIN_PANEL_FOLDER . '/');
+	}
+	else {
+		define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
+		define('BASE_URL', SERVER_URL . BASE_DIR . '/');
+		define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
+
+		//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
+	}
+}
+
 /** @var array $config */
 ini_set('log_errors', 1);
 if(@$config['env'] === 'dev' || defined('MYAAC_INSTALL')) {

composer.json

@@ -18,7 +18,8 @@
         "symfony/string": "^6.4",
         "symfony/var-dumper": "^6.4",
         "filp/whoops": "^2.15",
-        "maximebf/debugbar": "1.*"
+        "maximebf/debugbar": "1.*",
+        "guzzlehttp/guzzle": "7.9.3"
     },
     "require-dev": {
         "phpstan/phpstan": "^1.10"

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "be4d1489a53a9cd8eec6bcaa7a096f30",
+    "content-hash": "5317e97a5025ebc2a977214bd3fa964c",
     "packages": [
         {
             "name": "brick/math",
@@ -493,6 +493,331 @@
             ],
             "time": "2024-09-25T12:00:00+00:00"
         },
+        {
+            "name": "guzzlehttp/guzzle",
+            "version": "7.9.3",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/guzzle/guzzle.git",
+                "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
+                "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
+                "shasum": ""
+            },
+            "require": {
+                "ext-json": "*",
+                "guzzlehttp/promises": "^1.5.3 || ^2.0.3",
+                "guzzlehttp/psr7": "^2.7.0",
+                "php": "^7.2.5 || ^8.0",
+                "psr/http-client": "^1.0",
+                "symfony/deprecation-contracts": "^2.2 || ^3.0"
+            },
+            "provide": {
+                "psr/http-client-implementation": "1.0"
+            },
+            "require-dev": {
+                "bamarni/composer-bin-plugin": "^1.8.2",
+                "ext-curl": "*",
+                "guzzle/client-integration-tests": "3.0.2",
+                "php-http/message-factory": "^1.1",
+                "phpunit/phpunit": "^8.5.39 || ^9.6.20",
+                "psr/log": "^1.1 || ^2.0 || ^3.0"
+            },
+            "suggest": {
+                "ext-curl": "Required for CURL handler support",
+                "ext-intl": "Required for Internationalized Domain Name (IDN) support",
+                "psr/log": "Required for using the Log middleware"
+            },
+            "type": "library",
+            "extra": {
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
+                }
+            },
+            "autoload": {
+                "files": [
+                    "src/functions_include.php"
+                ],
+                "psr-4": {
+                    "GuzzleHttp\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Graham Campbell",
+                    "email": "hello@gjcampbell.co.uk",
+                    "homepage": "https://github.com/GrahamCampbell"
+                },
+                {
+                    "name": "Michael Dowling",
+                    "email": "mtdowling@gmail.com",
+                    "homepage": "https://github.com/mtdowling"
+                },
+                {
+                    "name": "Jeremy Lindblom",
+                    "email": "jeremeamia@gmail.com",
+                    "homepage": "https://github.com/jeremeamia"
+                },
+                {
+                    "name": "George Mponos",
+                    "email": "gmponos@gmail.com",
+                    "homepage": "https://github.com/gmponos"
+                },
+                {
+                    "name": "Tobias Nyholm",
+                    "email": "tobias.nyholm@gmail.com",
+                    "homepage": "https://github.com/Nyholm"
+                },
+                {
+                    "name": "Márk Sági-Kazár",
+                    "email": "mark.sagikazar@gmail.com",
+                    "homepage": "https://github.com/sagikazarmark"
+                },
+                {
+                    "name": "Tobias Schultze",
+                    "email": "webmaster@tubo-world.de",
+                    "homepage": "https://github.com/Tobion"
+                }
+            ],
+            "description": "Guzzle is a PHP HTTP client library",
+            "keywords": [
+                "client",
+                "curl",
+                "framework",
+                "http",
+                "http client",
+                "psr-18",
+                "psr-7",
+                "rest",
+                "web service"
+            ],
+            "support": {
+                "issues": "https://github.com/guzzle/guzzle/issues",
+                "source": "https://github.com/guzzle/guzzle/tree/7.9.3"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/GrahamCampbell",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/Nyholm",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/guzzle",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2025-03-27T13:37:11+00:00"
+        },
+        {
+            "name": "guzzlehttp/promises",
+            "version": "2.2.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/guzzle/promises.git",
+                "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/7c69f28996b0a6920945dd20b3857e499d9ca96c",
+                "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.2.5 || ^8.0"
+            },
+            "require-dev": {
+                "bamarni/composer-bin-plugin": "^1.8.2",
+                "phpunit/phpunit": "^8.5.39 || ^9.6.20"
+            },
+            "type": "library",
+            "extra": {
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "GuzzleHttp\\Promise\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Graham Campbell",
+                    "email": "hello@gjcampbell.co.uk",
+                    "homepage": "https://github.com/GrahamCampbell"
+                },
+                {
+                    "name": "Michael Dowling",
+                    "email": "mtdowling@gmail.com",
+                    "homepage": "https://github.com/mtdowling"
+                },
+                {
+                    "name": "Tobias Nyholm",
+                    "email": "tobias.nyholm@gmail.com",
+                    "homepage": "https://github.com/Nyholm"
+                },
+                {
+                    "name": "Tobias Schultze",
+                    "email": "webmaster@tubo-world.de",
+                    "homepage": "https://github.com/Tobion"
+                }
+            ],
+            "description": "Guzzle promises library",
+            "keywords": [
+                "promise"
+            ],
+            "support": {
+                "issues": "https://github.com/guzzle/promises/issues",
+                "source": "https://github.com/guzzle/promises/tree/2.2.0"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/GrahamCampbell",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/Nyholm",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/promises",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2025-03-27T13:27:01+00:00"
+        },
+        {
+            "name": "guzzlehttp/psr7",
+            "version": "2.7.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/guzzle/psr7.git",
+                "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/c2270caaabe631b3b44c85f99e5a04bbb8060d16",
+                "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.2.5 || ^8.0",
+                "psr/http-factory": "^1.0",
+                "psr/http-message": "^1.1 || ^2.0",
+                "ralouphie/getallheaders": "^3.0"
+            },
+            "provide": {
+                "psr/http-factory-implementation": "1.0",
+                "psr/http-message-implementation": "1.0"
+            },
+            "require-dev": {
+                "bamarni/composer-bin-plugin": "^1.8.2",
+                "http-interop/http-factory-tests": "0.9.0",
+                "phpunit/phpunit": "^8.5.39 || ^9.6.20"
+            },
+            "suggest": {
+                "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
+            },
+            "type": "library",
+            "extra": {
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "GuzzleHttp\\Psr7\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Graham Campbell",
+                    "email": "hello@gjcampbell.co.uk",
+                    "homepage": "https://github.com/GrahamCampbell"
+                },
+                {
+                    "name": "Michael Dowling",
+                    "email": "mtdowling@gmail.com",
+                    "homepage": "https://github.com/mtdowling"
+                },
+                {
+                    "name": "George Mponos",
+                    "email": "gmponos@gmail.com",
+                    "homepage": "https://github.com/gmponos"
+                },
+                {
+                    "name": "Tobias Nyholm",
+                    "email": "tobias.nyholm@gmail.com",
+                    "homepage": "https://github.com/Nyholm"
+                },
+                {
+                    "name": "Márk Sági-Kazár",
+                    "email": "mark.sagikazar@gmail.com",
+                    "homepage": "https://github.com/sagikazarmark"
+                },
+                {
+                    "name": "Tobias Schultze",
+                    "email": "webmaster@tubo-world.de",
+                    "homepage": "https://github.com/Tobion"
+                },
+                {
+                    "name": "Márk Sági-Kazár",
+                    "email": "mark.sagikazar@gmail.com",
+                    "homepage": "https://sagikazarmark.hu"
+                }
+            ],
+            "description": "PSR-7 message implementation that also provides common utility methods",
+            "keywords": [
+                "http",
+                "message",
+                "psr-7",
+                "request",
+                "response",
+                "stream",
+                "uri",
+                "url"
+            ],
+            "support": {
+                "issues": "https://github.com/guzzle/psr7/issues",
+                "source": "https://github.com/guzzle/psr7/tree/2.7.1"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/GrahamCampbell",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/Nyholm",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/psr7",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2025-03-27T12:30:47+00:00"
+        },
         {
             "name": "illuminate/collections",
             "version": "v10.48.25",
@@ -1472,6 +1797,166 @@
             },
             "time": "2021-11-05T16:47:00+00:00"
         },
+        {
+            "name": "psr/http-client",
+            "version": "1.0.3",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/http-client.git",
+                "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/http-client/zipball/bb5906edc1c324c9a05aa0873d40117941e5fa90",
+                "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.0 || ^8.0",
+                "psr/http-message": "^1.0 || ^2.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Psr\\Http\\Client\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "https://www.php-fig.org/"
+                }
+            ],
+            "description": "Common interface for HTTP clients",
+            "homepage": "https://github.com/php-fig/http-client",
+            "keywords": [
+                "http",
+                "http-client",
+                "psr",
+                "psr-18"
+            ],
+            "support": {
+                "source": "https://github.com/php-fig/http-client"
+            },
+            "time": "2023-09-23T14:17:50+00:00"
+        },
+        {
+            "name": "psr/http-factory",
+            "version": "1.1.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/http-factory.git",
+                "reference": "2b4765fddfe3b508ac62f829e852b1501d3f6e8a"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/http-factory/zipball/2b4765fddfe3b508ac62f829e852b1501d3f6e8a",
+                "reference": "2b4765fddfe3b508ac62f829e852b1501d3f6e8a",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.1",
+                "psr/http-message": "^1.0 || ^2.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Psr\\Http\\Message\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "https://www.php-fig.org/"
+                }
+            ],
+            "description": "PSR-17: Common interfaces for PSR-7 HTTP message factories",
+            "keywords": [
+                "factory",
+                "http",
+                "message",
+                "psr",
+                "psr-17",
+                "psr-7",
+                "request",
+                "response"
+            ],
+            "support": {
+                "source": "https://github.com/php-fig/http-factory"
+            },
+            "time": "2024-04-15T12:06:14+00:00"
+        },
+        {
+            "name": "psr/http-message",
+            "version": "2.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/http-message.git",
+                "reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/http-message/zipball/402d35bcb92c70c026d1a6a9883f06b2ead23d71",
+                "reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.2 || ^8.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "2.0.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Psr\\Http\\Message\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "https://www.php-fig.org/"
+                }
+            ],
+            "description": "Common interface for HTTP messages",
+            "homepage": "https://github.com/php-fig/http-message",
+            "keywords": [
+                "http",
+                "http-message",
+                "psr",
+                "psr-7",
+                "request",
+                "response"
+            ],
+            "support": {
+                "source": "https://github.com/php-fig/http-message/tree/2.0"
+            },
+            "time": "2023-04-04T09:54:51+00:00"
+        },
         {
             "name": "psr/log",
             "version": "3.0.2",
@@ -1573,6 +2058,50 @@
             },
             "time": "2021-10-29T13:26:27+00:00"
         },
+        {
+            "name": "ralouphie/getallheaders",
+            "version": "3.0.3",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/ralouphie/getallheaders.git",
+                "reference": "120b605dfeb996808c31b6477290a714d356e822"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/ralouphie/getallheaders/zipball/120b605dfeb996808c31b6477290a714d356e822",
+                "reference": "120b605dfeb996808c31b6477290a714d356e822",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.6"
+            },
+            "require-dev": {
+                "php-coveralls/php-coveralls": "^2.1",
+                "phpunit/phpunit": "^5 || ^6.5"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "src/getallheaders.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Ralph Khattar",
+                    "email": "ralph.khattar@gmail.com"
+                }
+            ],
+            "description": "A polyfill for getallheaders.",
+            "support": {
+                "issues": "https://github.com/ralouphie/getallheaders/issues",
+                "source": "https://github.com/ralouphie/getallheaders/tree/develop"
+            },
+            "time": "2019-03-08T08:55:37+00:00"
+        },
         {
             "name": "symfony/console",
             "version": "v6.4.17",
@@ -2910,7 +3439,7 @@
     ],
     "aliases": [],
     "minimum-stability": "stable",
-    "stability-flags": [],
+    "stability-flags": {},
     "prefer-stable": false,
     "prefer-lowest": false,
     "platform": {
@@ -2921,6 +3450,6 @@
         "ext-xml": "*",
         "ext-dom": "*"
     },
-    "platform-dev": [],
-    "plugin-api-version": "2.3.0"
+    "platform-dev": {},
+    "plugin-api-version": "2.6.0"
 }

index.php

@@ -93,6 +93,7 @@ if(setting('core.backward_support')) {
 	if($logged && $account_logged)
 		$group_id_of_acc_logged = $account_logged->getGroupId();
 
+	$config['serverPath'] = $config['server_path'];
 	$config['site'] = &$config;
 	$config['server'] = &$config['lua'];
 	$config['site']['shop_system'] = setting('core.gifts_system');
@@ -117,6 +118,14 @@ if(setting('core.backward_support')) {
 		$config['status']['serverStatus_' . $key] = $value;
 }
 
+if(setting('core.views_counter')) {
+	require_once SYSTEM . 'counter.php';
+}
+
+if(setting('core.visitors_counter')) {
+	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
+}
+
 require_once SYSTEM . 'router.php';
 
 // anonymous usage statistics
@@ -153,22 +162,6 @@ if(setting('core.anonymous_usage_statistics')) {
 	}
 }
 
-if(setting('core.views_counter'))
-	require_once SYSTEM . 'counter.php';
-
-if(setting('core.visitors_counter')) {
-	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
-}
-
-/**
- * @var OTS_Account $account_logged
- */
-if ($logged && admin()) {
-	$content .= $twig->render('admin-bar.html.twig', [
-		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
-	]);
-}
-
 $title_full =  (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];
 require $template_path . '/' . $template_index;
 

install/steps/4-config.php

@@ -10,6 +10,14 @@ foreach($config['clients'] as $client) {
 	$clients[$client] = $client_version;
 }
 
+if (empty($_SESSION['var_site_url'])) {
+	//require SYSTEM . 'base.php';
+	$serverUrl = 'http' . (isHttps() ? 's' : '') . '://' . $baseHost;
+	$siteURL = $serverUrl . $baseDir;
+
+	$_SESSION['var_site_url'] = $siteURL;
+}
+
 $twig->display('install.config.html.twig', array(
 	'clients' => $clients,
 	'timezones' => DateTimeZone::listIdentifiers(),

install/steps/7-finish.php

@@ -195,13 +195,4 @@ if(!isset($_SESSION['installed'])) {
 	$_SESSION['installed'] = true;
 }
 
-foreach($_SESSION as $key => $value) {
-	if(strpos($key, 'var_') !== false)
-		unset($_SESSION[$key]);
-}
-unset($_SESSION['saved']);
-if(file_exists(CACHE . 'install.txt')) {
-	unlink(CACHE . 'install.txt');
-}
-
 $hooks->trigger(HOOK_INSTALL_FINISH_END);

install/tools/5-database.php

@@ -7,6 +7,11 @@ require SYSTEM . 'functions.php';
 require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 
+if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
+	warning($locale['already_installed']);
+	return;
+}
+
 $error = false;
 require BASE . 'install/includes/config.php';
 

install/tools/7-finish.php

@@ -17,11 +17,11 @@ ini_set('max_execution_time', 300);
 ob_implicit_flush();
 
 header('X-Accel-Buffering: no');
-/*
+
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
 	return;
-}*/
+}
 
 require SYSTEM . 'init.php';
 
@@ -94,6 +94,17 @@ $hooks->trigger(HOOK_INSTALL_FINISH);
 
 $db->setClearCacheAfter(true);
 
+// cleanup
+foreach($_SESSION as $key => $value) {
+	if(str_contains($key, 'var_')) {
+		unset($_SESSION[$key]);
+	}
+}
+unset($_SESSION['saved']);
+if(file_exists(CACHE . 'install.txt')) {
+	unlink(CACHE . 'install.txt');
+}
+
 $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_replace('tools/', '',ADMIN_URL), $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(str_replace('tools/', '', BASE_URL), $locale['step_finish_homepage'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$LINK$', generateLink('https://my-aac.org', 'https://my-aac.org', true), $locale['step_finish_desc']);

login.php

@@ -88,8 +88,8 @@ switch ($action) {
 	case 'boostedcreature':
 		$clientVersion = (int)setting('core.client');
 
-		// 14.00 and up
-		if ($clientVersion >= 1400) {
+		// 13.40 and up
+		if ($clientVersion >= 1340) {
 			$creatureBoost = $db->query("SELECT * FROM " . $db->tableName('boosted_creature'))->fetchAll();
 			$bossBoost     = $db->query("SELECT * FROM " . $db->tableName('boosted_boss'))->fetchAll();
 			die(json_encode([

phpstan.neon

@@ -28,10 +28,9 @@ parameters:
 		- '#Variable \$guild might not be defined#'
 		- '#Variable \$[a-zA-Z0-9\\_]+ might not be defined#'
 		# Eloquent models
+		- '#Call to an undefined method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+\(\)#'
 		- '#Call to an undefined static method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+\(\)#'
-		- '#Call to an undefined method object::toArray\(\)#'
 		# system/pages/highscores.php
-		- '#Call to an undefined method Illuminate\\Database\\Query\\Builder::withOnlineStatus\(\)#'
 		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$online_status#'
 		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$vocation_name#'
 		-

plugins/example.json

@@ -51,5 +51,8 @@
 		"themes": true,
 		"admin-pages": true,
 		"admin-pages-sub-folders": true,
+		"settings": true,
+		"install": true,
+		"init": false
 	}
  }

system/base.php

@@ -0,0 +1,21 @@
+<?php
+
+$baseDir = '';
+$tmp = explode('/', $_SERVER['SCRIPT_NAME']);
+$size = count($tmp) - 1;
+for($i = 1; $i < $size; $i++)
+	$baseDir .= '/' . $tmp[$i];
+
+$baseDir = str_replace(['/' . ADMIN_PANEL_FOLDER, '/install', '/tools'], '', $baseDir);
+
+if(!IS_CLI) {
+	if (isset($_SERVER['HTTP_HOST'][0])) {
+		$baseHost = $_SERVER['HTTP_HOST'];
+	} else {
+		if (isset($_SERVER['SERVER_NAME'][0])) {
+			$baseHost = $_SERVER['SERVER_NAME'];
+		} else {
+			$baseHost = $_SERVER['SERVER_ADDR'];
+		}
+	}
+}

system/functions.php

@@ -512,6 +512,13 @@ function template_place_holder($type): string
 	}
 	elseif ($type === 'body_start') {
 		$ret .= $twig->render('browsehappy.html.twig');
+
+		if (admin()) {
+			global $account_logged;
+			$ret .= $twig->render('admin-bar.html.twig', [
+				'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
+			]);
+		}
 	}
 	elseif($type === 'body_end') {
 		$ret .= template_ga_code();
@@ -767,6 +774,10 @@ function formatExperience($exp, $color = true)
 	return $ret;
 }
 
+function getExperienceForLevel($level): float|int {
+	return ( 50 / 3 ) * pow( $level, 3 ) - ( 100 * pow( $level, 2 ) ) + ( ( 850 / 3 ) * $level ) - 200;
+}
+
 function get_locales()
 {
 	$ret = array();
@@ -982,11 +993,12 @@ function load_config_lua($filename)
 		foreach($lines as $ln => $line)
 		{
 			$line = trim($line);
-			if(@$line[0] === '{' || @$line[0] === '}') {
+			if(isset($line[0]) && ($line[0] === '{' || $line[0] === '}')) {
 				// arrays are not supported yet
 				// just ignore the error
 				continue;
 			}
+
 			$tmp_exp = explode('=', $line, 2);
 			if(str_contains($line, 'dofile')) {
 				$delimiter = '"';
@@ -1216,7 +1228,8 @@ function setting($key)
 		return $settings[$key[0]] = $key[1];
 	}
 
-	return $settings[$key]['value'];
+	$ret = $settings[$key];
+	return isset($ret) ? $ret['value'] : null;
 }
 
 function clearCache()
@@ -1265,14 +1278,15 @@ function clearCache()
 		$db->setClearCacheAfter(true);
 	}
 
+	if (function_exists('apcu_clear_cache')) {
+		apcu_clear_cache();
+	}
+
 	deleteDirectory(CACHE . 'signatures', ['index.html'], true);
 	deleteDirectory(CACHE . 'twig', ['index.html'], true);
 	deleteDirectory(CACHE . 'plugins', ['index.html'], true);
 	deleteDirectory(CACHE, ['signatures', 'twig', 'plugins', 'index.html', 'persistent'], true);
 
-	// routes cache
-	clearRouteCache();
-
 	global $hooks;
 	$hooks->trigger(HOOK_CACHE_CLEAR, ['cache' => Cache::getInstance()]);
 

system/init.php

@@ -12,6 +12,7 @@ use DebugBar\StandardDebugBar;
 use MyAAC\Cache\Cache;
 use MyAAC\CsrfToken;
 use MyAAC\Hooks;
+use MyAAC\Plugins;
 use MyAAC\Models\Town;
 use MyAAC\Settings;
 
@@ -46,6 +47,11 @@ if(isset($config['gzip_output']) && $config['gzip_output'] && isset($_SERVER['HT
 global $cache;
 $cache = Cache::getInstance();
 
+// load plugins init.php
+foreach (Plugins::getInits() as $init) {
+	require $init;
+}
+
 // event system
 global $hooks;
 $hooks = new Hooks();
@@ -138,6 +144,15 @@ $ots = POT::getInstance();
 $eloquentConnection = null;
 require_once SYSTEM . 'database.php';
 
+define('USE_ACCOUNT_NAME', $db->hasColumn('accounts', 'name'));
+define('USE_ACCOUNT_NUMBER', $db->hasColumn('accounts', 'number'));
+define('USE_ACCOUNT_SALT', $db->hasColumn('accounts', 'salt'));
+
+define('HAS_ACCOUNT_COINS', $db->hasColumn('accounts', 'coins'));
+define('HAS_ACCOUNT_COINS_TRANSFERABLE', $db->hasColumn('accounts', 'coins_transferable'));
+define('HAS_ACCOUNT_TRANSFERABLE_COINS', $db->hasColumn('accounts', 'transferable_coins'));
+const ACCOUNT_COINS_TRANSFERABLE_COLUMN = (HAS_ACCOUNT_COINS_TRANSFERABLE ? 'coins_transferable' : 'transferable_coins');
+
 $twig->addGlobal('logged', false);
 $twig->addGlobal('account_logged', new \OTS_Account());
 
@@ -182,10 +197,6 @@ if($settingsItemImagesURL[strlen($settingsItemImagesURL) - 1] !== '/') {
 	setting(['core.item_images_url', $settingsItemImagesURL . '/']);
 }
 
-define('USE_ACCOUNT_NAME', $db->hasColumn('accounts', 'name'));
-define('USE_ACCOUNT_NUMBER', $db->hasColumn('accounts', 'number'));
-define('USE_ACCOUNT_SALT', $db->hasColumn('accounts', 'salt'));
-
 $towns = Cache::remember('towns', 10 * 60, function () use ($db) {
 	if ($db->hasTable('towns') && Town::count() > 0) {
 		return Town::orderBy('id', 'ASC')->pluck('name', 'id')->toArray();

system/libs/pot/OTS.php

@@ -311,18 +311,9 @@ class POT
  */
 	public function loadClass($class)
 	{
-		if( preg_match('/^(I|E_)?OTS_/', $class) > 0) {
-			global $hooks;
-			$include = $this->path . $class . '.php';
-
-			if (isset($hooks)) {
-				$args = ['include' => $include, 'class' => $class];
-				$hooks->triggerFilter(HOOK_FILTER_POT, $args);
-
-				$include = $args['include'];
-			}
-
-			include_once($include);
+		if( preg_match('/^(I|E_)?OTS_/', $class) > 0)
+		{
+			include_once($this->path . $class . '.php');
 		}
 	}
 

system/libs/pot/OTS_Account.php

@@ -473,12 +473,9 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 
     public function isPremium()
     {
-		global $config;
-        if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return true;
-
-	    if(isset($this->data['premium_ends_at'])) {
-		    return $this->data['premium_ends_at'] > time();
-	    }
+		if(isset($this->data['premium_ends_at'])) {
+			return $this->data['premium_ends_at'] > time();
+		}
 
 		if(isset($this->data['premend'])) {
 			return $this->data['premend'] > time();

system/libs/pot/OTS_Player.php

@@ -2919,6 +2919,32 @@ class OTS_Player extends OTS_Row_DAO
 		$this->data['banned'] = $ban['active'];
 		$this->data['banned_time'] = $ban['expires'];
 	}
+
+	public function isNameLocked(): bool
+	{
+		// nothing can't be banned
+		if( !$this->isLoaded() ) {
+			throw new E_OTS_NotLoaded();
+		}
+
+		if($this->db->hasTable('player_namelocks')) {
+			$ban = $this->db->query('SELECT 1 FROM `player_namelocks` WHERE `player_id` = ' . $this->data['id'])->fetch(PDO::FETCH_ASSOC);
+			return (isset($ban['1']));
+		}
+		else if($this->db->hasTable('bans')) {
+			if($this->db->hasColumn('bans', 'active')) {
+				$ban = $this->db->query('SELECT `active`, `expires` FROM `bans` WHERE `type` = 2 AND `active` = 1 AND `value` = ' . $this->data['id'] . ' AND (`expires` > ' . time() .' OR `expires` = -1) ORDER BY `expires` DESC')->fetch();
+				return isset($ban['active']);
+			}
+			else { // tfs 0.2
+				$ban = $this->db->query('SELECT `time` FROM `bans` WHERE `type` = 2 AND `account` = ' . $this->data['account_id'] . ' AND (`time` > ' . time() .' OR `time` = -1) ORDER BY `time` DESC')->fetch();
+
+				return isset($ban['time']) && ($ban['time'] == -1 || $ban['time'] > 0);
+			}
+		}
+
+		return false;
+	}
 /**
  * Deletes player.
  *
@@ -2953,21 +2979,14 @@ class OTS_Player extends OTS_Row_DAO
  * @return string Player proffesion name.
  * @throws E_OTS_NotLoaded If player is not loaded or global vocations list is not loaded.
  */
-	public function getVocationName()
+	public function getVocationName(): string
 	{
 		if( !isset($this->data['vocation']) )
 		{
 			throw new E_OTS_NotLoaded();
 		}
 
-		global $config;
-		$voc = $this->getVocation();
-		if(!isset($config['vocations'][$voc])) {
-			return 'Unknown';
-		}
-
-		return $config['vocations'][$voc];
-		//return POT::getInstance()->getVocationsList()->getVocationName($this->data['vocation']);
+		return OTS_Toolbox::getVocationName($this->data['vocation'], $this->data['promotion'] ?? 0);
 	}
 
 /**

system/libs/pot/OTS_Toolbox.php

@@ -15,7 +15,7 @@
 
 /**
  * Toolbox for common operations.
- * 
+ *
  * @package POT
  * @version 0.1.5
  */
@@ -23,41 +23,41 @@ class OTS_Toolbox
 {
 /**
  * Calculates experience points needed for given level.
- * 
+ *
  * @param int $level Level for which experience should be calculated.
  * @param int $experience Current experience points.
  * @return int Experience points for level.
  */
 	public static function experienceForLevel($level, $experience = 0)
-    {
-        //return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
+	{
+		//return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
 		$level = $level - 1;
 		return ((50 * $level * $level * $level) - (150 * $level * $level) + (400 * $level)) / 3;
-    }
+	}
 
 /**
  * Finds out which level user have basing on his/her experience.
- * 
+ *
  * <p>
  * PHP doesn't support complex numbers natively so solving third-level polynomials would be quite hard. Rather then doing this, this method iterates calculating experience for next levels until it finds one which requires enought experience we have. Because of that, for high experience values this function can take relatively long time to be executed.
  * </p>
- * 
+ *
  * @param int $experience Current experience points.
  * @return int Experience level.
  */
-    public static function levelForExperience($experience)
-    {
-        // default level
-        $level = 1;
+	public static function levelForExperience($experience)
+	{
+		// default level
+		$level = 1;
 
-        // until we will find level which requires more experience then we have we will step to next
-        while( self::experienceForLevel($level + 1) <= $experience)
-        {
-            $level++;
-        }
+		// until we will find level which requires more experience then we have we will step to next
+		while( self::experienceForLevel($level + 1) <= $experience)
+		{
+			$level++;
+		}
 
-        return $level;
-    }
+		return $level;
+	}
 
 /**
  * @version 0.1.5
@@ -65,25 +65,25 @@ class OTS_Toolbox
  * @return OTS_Players_List Filtered list.
  * @deprecated 0.1.5 Use OTS_PlayerBans_List.
  */
-    public static function bannedPlayers()
-    {
-        // creates filter
-        $filter = new OTS_SQLFilter();
-        $filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_PLAYER);
-        $filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
-        $filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'players') );
+	public static function bannedPlayers()
+	{
+		// creates filter
+		$filter = new OTS_SQLFilter();
+		$filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_PLAYER);
+		$filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
+		$filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'players') );
 
-        // selects only active bans
-        $actives = new OTS_SQLFilter();
-        $actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
-        $actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
-        $filter->addFilter($actives);
+		// selects only active bans
+		$actives = new OTS_SQLFilter();
+		$actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
+		$actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
+		$filter->addFilter($actives);
 
-        // creates list and aplies filter
-        $list = new OTS_Players_List();
-        $list->setFilter($filter);
-        return $list;
-    }
+		// creates list and aplies filter
+		$list = new OTS_Players_List();
+		$list->setFilter($filter);
+		return $list;
+	}
 
 /**
  * @version 0.1.5
@@ -91,25 +91,34 @@ class OTS_Toolbox
  * @return OTS_Accounts_List Filtered list.
  * @deprecated 0.1.5 Use OTS_AccountBans_List.
  */
-    public static function bannedAccounts()
-    {
-        // creates filter
-        $filter = new OTS_SQLFilter();
-        $filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_ACCOUNT);
-        $filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
-        $filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'accounts') );
+	public static function bannedAccounts()
+	{
+		// creates filter
+		$filter = new OTS_SQLFilter();
+		$filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_ACCOUNT);
+		$filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
+		$filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'accounts') );
 
-        // selects only active bans
-        $actives = new OTS_SQLFilter();
-        $actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
-        $actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
-        $filter->addFilter($actives);
+		// selects only active bans
+		$actives = new OTS_SQLFilter();
+		$actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
+		$actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
+		$filter->addFilter($actives);
 
-        // creates list and aplies filter
-        $list = new OTS_Accounts_List();
-        $list->setFilter($filter);
-        return $list;
-    }
+		// creates list and aplies filter
+		$list = new OTS_Accounts_List();
+		$list->setFilter($filter);
+		return $list;
+	}
+
+	public static function getVocationName($id, $promotion = 0): string
+	{
+		if($promotion > 0) {
+			$id = ($id + ($promotion * config('vocations_amount')));
+		}
+
+		return config('vocations')[$id] ?? 'Unknown';
+	}
 }
 
 /**#@-*/

system/locale/de/install.php

@@ -48,6 +48,8 @@ $locale['step_config'] = 'Konfiguration';
 $locale['step_config_title'] = 'Grundkonfiguration';
 $locale['step_config_server_path'] = 'Serverpfad';
 $locale['step_config_server_path_desc'] = 'Pfad zu Ihrem TFS-Hauptverzeichnis, in dem sich die config.lua befinden.';
+$locale['step_config_site_url'] = 'Website URL';
+$locale['step_config_site_url_desc'] = 'Ihre Website-Adresse.';
 $locale['step_config_mail_admin'] = 'Admin E-Mail';
 $locale['step_config_mail_admin_desc'] = 'Adresse, an die E-Mails aus dem Kontaktformular gesendet werden, z. B. admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'Admin E-Mail ist nicht korrekt.';

system/locale/en/install.php

@@ -52,6 +52,8 @@ $locale['step_config'] = 'Configuration';
 $locale['step_config_title'] = 'Basic configuration';
 $locale['step_config_server_path'] = 'Server path';
 $locale['step_config_server_path_desc'] = 'Path to your TFS main directory, where you have config.lua located.';
+$locale['step_config_site_url'] = 'Website URL';
+$locale['step_config_site_url_desc'] = 'Your website address.';
 $locale['step_config_mail_admin'] = 'Admin Email';
 $locale['step_config_mail_admin_desc'] = 'Address where emails from contact form will be delivered, for example admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'Admin Email is not correct.';

system/locale/pl/install.php

@@ -52,6 +52,8 @@ $locale['step_config'] = 'Konfiguracja';
 $locale['step_config_title'] = 'Podstawowa konfiguracja';
 $locale['step_config_server_path'] = 'Ścieżka do serwera';
 $locale['step_config_server_path_desc'] = 'Ścieżka do Twojego folderu z TFS, gdzie znajduje się plik config.lua.';
+$locale['step_config_server_url'] = 'Adres strony';
+$locale['step_config_server_url_desc'] = 'Adres tej strony www.';
 $locale['step_config_mail_admin'] = 'E-Mail admina';
 $locale['step_config_mail_admin_desc'] = 'Na ten adres będą dostarczane E-Maile z formularza kontaktowego, przykładowo admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'E-Mail admina jest niepoprawny.';

system/pages/404.php

@@ -8,7 +8,7 @@
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = '404 Not Found';
+$title = 'Not Found';
 
 header('HTTP/1.0 404 Not Found');
 ?>

system/pages/405.php

@@ -8,7 +8,7 @@
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = '405 Method Not Allowed';
+$title = 'Method Not Allowed';
 
 header('HTTP/1.0 405 Method Not Allowed');
 ?>

system/pages/account/change-email.php

@@ -166,7 +166,7 @@ if(isset($_POST['emailchangecancel']) && $_POST['emailchangecancel'] == 1) {
 	$account_logged->setCustomField("email_new", "");
 	$account_logged->setCustomField("email_new_time", 0);
 
-	$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" ><tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';
+	$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" >' . csrf(true) . '<tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';
 
 	$twig->display('success.html.twig', array(
 		'title' => 'Email Address Change Cancelled',

system/pages/account/create.php

@@ -221,8 +221,19 @@ if($save)
 			}
 		}
 
-		if(setting('core.account_premium_points') && setting('core.account_premium_points') > 0) {
-			$new_account->setCustomField('premium_points', setting('core.account_premium_points'));
+		$accountDefaultPremiumPoints = setting('core.account_premium_points');
+		if($accountDefaultPremiumPoints > 0) {
+			$new_account->setCustomField('premium_points', $accountDefaultPremiumPoints);
+		}
+
+		$accountDefaultCoins = setting('core.account_coins');
+		if(HAS_ACCOUNT_COINS && $accountDefaultCoins > 0) {
+			$new_account->setCustomField('coins', $accountDefaultCoins);
+		}
+
+		$accountDefaultCoinsTransferable = setting('core.account_coins_transferable');
+		if((HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS) && $accountDefaultCoinsTransferable > 0) {
+			$new_account->setCustomField(ACCOUNT_COINS_TRANSFERABLE_COLUMN, $accountDefaultCoinsTransferable);
 		}
 
 		$tmp_account = $email;

system/pages/account/redirect.php

@@ -1,23 +0,0 @@
-<?php
-/**
- * Change comment
- *
- * @package   MyAAC
- * @author    Gesior <jerzyskalski@wp.pl>
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-
-$redirect = urldecode($_REQUEST['redirect']);
-
-// should never happen, unless hacker modify the URL
-if (!str_contains($redirect, BASE_URL)) {
-	error('Fatal error: Cannot redirect outside the website.');
-	return;
-}
-
-$twig->display('account.redirect.html.twig', array(
-	'redirect' => $redirect
-));

system/pages/guilds/list.php

@@ -36,10 +36,9 @@ if(count($guilds_list) > 0) {
 		$guildName = $guild->getName();
 		$guilds[] = array('name' => $guildName, 'logo' => $guild_logo, 'link' => getGuildLink($guildName, false), 'description' => $description);
 	}
-};
+}
 
 $twig->display('guilds.list.html.twig', array(
 	'guilds' => $guilds,
-	'logged' => $logged ?? false,
 	'isAdmin' => admin(),
 ));

system/pages/highscores.php

@@ -123,16 +123,10 @@ if($db->hasColumn('players', 'promotion'))
 	$promotion = ',players.promotion';
 
 $outfit_addons = false;
-$outfit = '';
-
-$settingHighscoresOutfit = setting('core.highscores_outfit');
-
-if($settingHighscoresOutfit) {
-	$outfit = ', lookbody, lookfeet, lookhead, looklegs, looktype';
-	if($db->hasColumn('players', 'lookaddons')) {
-		$outfit .= ', lookaddons';
-		$outfit_addons = true;
-	}
+$outfit = ', lookbody, lookfeet, lookhead, looklegs, looktype';
+if($db->hasColumn('players', 'lookaddons')) {
+	$outfit .= ', lookaddons';
+	$outfit_addons = true;
 }
 
 $configHighscoresPerPage = setting('core.highscores_per_page');
@@ -146,17 +140,24 @@ $cache = Cache::getInstance();
 if ($cache->enabled() && $highscoresTTL > 0) {
 	$tmp = '';
 	if ($cache->fetch($cacheKey, $tmp)) {
-		$highscores = unserialize($tmp);
+		$data = unserialize($tmp);
+		$totalResults = $data['totalResults'];
+		$highscores = $data['highscores'];
+		$updatedAt = $data['updatedAt'];
 		$needReCache = false;
 	}
 }
 
 $offset = ($page - 1) * $configHighscoresPerPage;
-$query->join('accounts', 'accounts.id', '=', 'players.account_id')
-	->withOnlineStatus()
+$query->withOnlineStatus()
 	->whereNotIn('players.id', setting('core.highscores_ids_hidden'))
 	->notDeleted()
-	->where('players.group_id', '<', setting('core.highscores_groups_hidden'))
+	->where('players.group_id', '<', setting('core.highscores_groups_hidden'));
+
+$totalResultsQuery = clone $query;
+
+$query
+	->join('accounts', 'accounts.id', '=', 'players.account_id')
 	->limit($limit)
 	->offset($offset)
 	->selectRaw('accounts.country, players.id, players.name, players.account_id, players.level, players.vocation' . $outfit . $promotion)
@@ -215,17 +216,24 @@ if (empty($highscores)) {
 
 		return $tmp;
 	})->toArray();
+
+	$updatedAt = time();
+	$totalResults = $totalResultsQuery->count();
 }
 
 if ($highscoresTTL > 0 && $cache->enabled() && $needReCache) {
-	$cache->set($cacheKey, serialize($highscores), $highscoresTTL * 60);
+	$cache->set($cacheKey, serialize(
+		[
+			'totalResults' => $totalResults,
+			'highscores' => $highscores,
+			'updatedAt' => $updatedAt,
+		]
+	), $highscoresTTL * 60);
 }
 
 $show_link_to_next_page = false;
 $i = 0;
 
-$settingHighscoresVocation = setting('core.highscores_vocation');
-
 foreach($highscores as $id => &$player)
 {
 	if(++$i <= $configHighscoresPerPage)
@@ -239,10 +247,22 @@ foreach($highscores as $id => &$player)
 
 		$player['link'] = getPlayerLink($player['name'], false);
 		$player['flag'] = getFlagImage($player['country']);
-		if($settingHighscoresOutfit) {
-			$player['outfit'] = '<img style="position:absolute;margin-top:' . (in_array($player['looktype'], setting('core.outfit_images_wrong_looktypes')) ? '-15px;margin-left:5px' : '-45px;margin-left:-25px') . ';" src="' . $player['outfit_url'] . '" alt="" />';
+		$player['outfit'] = '<img style="position:absolute;margin-top:' . (in_array($player['looktype'], setting('core.outfit_images_wrong_looktypes')) ? '-15px;margin-left:5px' : '-45px;margin-left:-25px') . ';" src="' . $player['outfit_url'] . '" alt="" />';
+
+		if ($skill != POT::SKILL__LEVEL) {
+			if (isset($lastValue) && $lastValue == $player['value']) {
+				$player['rank'] = $lastRank;
+			}
+			else {
+				$player['rank'] = $offset + $i;
+			}
+
+			$lastRank = $player['rank'] ;
+			$lastValue = $player['value'];
+		}
+		else {
+			$player['rank'] = $offset + $i;
 		}
-		$player['rank'] = $offset + $i;
 	}
 	else {
 		unset($highscores[$id]);
@@ -263,6 +283,8 @@ if($show_link_to_next_page) {
 	$linkNextPage = getLink('highscores') . '/' . $list . ($vocation !== 'all' ? '/' . $vocation : '') . '/' . ($page + 1);
 }
 
+$baseLink = getLink('highscores') . '/' . $list . ($vocation !== 'all' ? '/' . $vocation : '') . '/';
+
 $types = array(
 	'experience' => 'Experience',
 	'magic' => 'Magic',
@@ -297,4 +319,8 @@ $twig->display('highscores.html.twig', [
 	'types' => $types,
 	'linkPreviousPage' => $linkPreviousPage,
 	'linkNextPage' => $linkNextPage,
+	'totalResults' => $totalResults,
+	'page' => $page,
+	'baseLink' => $baseLink,
+	'updatedAt' => $updatedAt,
 ]);

system/pages/online.php

@@ -9,123 +9,131 @@
  * @link      https://my-aac.org
  */
 
+use MyAAC\Cache\Cache;
 use MyAAC\Models\ServerConfig;
 use MyAAC\Models\ServerRecord;
 
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Who is online?';
 
-if (setting('core.account_country'))
+if (setting('core.account_country')) {
 	require SYSTEM . 'countries.conf.php';
+}
 
 $promotion = '';
-if($db->hasColumn('players', 'promotion'))
+if($db->hasColumn('players', 'promotion')) {
 	$promotion = '`promotion`,';
-
-$order = $_GET['order'] ?? 'name';
-if(!in_array($order, array('country', 'name', 'level', 'vocation')))
-	$order = $db->fieldName('name');
-else if($order == 'country')
-	$order = $db->tableName('accounts') . '.' . $db->fieldName('country');
-else if($order == 'vocation')
-	$order = $promotion . 'vocation ASC';
-
-$skull_type = 'skull';
-if($db->hasColumn('players', 'skull_type')) {
-	$skull_type = 'skull_type';
 }
 
-$skull_time = 'skulltime';
-if($db->hasColumn('players', 'skull_time')) {
-	$skull_time = 'skull_time';
+$order = $_GET['order'] ?? 'name_asc';
+if(!in_array($order, ['country_asc', 'country_desc', 'name_asc', 'name_desc', 'level_asc', 'level_desc', 'vocation_asc', 'vocation_desc'])) {
+	$order = 'name_asc';
+}
+else if($order == 'vocation_asc' || $order == 'vocation_desc') {
+	$order = $promotion . 'vocation_' . (str_contains($order, 'asc') ? 'asc' : 'desc');
 }
 
-$outfit_addons = false;
-$outfit = '';
-if (setting('core.online_outfit')) {
+$cached = Cache::remember("online_$order", setting('core.online_cache_ttl') * 60, function() use($db, $promotion, $order) {
+	$orderExplode = explode('_', $order);
+	$orderSql = $orderExplode[0] . ' ' . $orderExplode[1];
+
+	$skull_type = 'skull';
+	if($db->hasColumn('players', 'skull_type')) {
+		$skull_type = 'skull_type';
+	}
+
+	$skull_time = 'skulltime';
+	if($db->hasColumn('players', 'skull_time')) {
+		$skull_time = 'skull_time';
+	}
+
+	$outfit_addons = false;
 	$outfit = ', lookbody, lookfeet, lookhead, looklegs, looktype';
 	if($db->hasColumn('players', 'lookaddons')) {
 		$outfit .= ', lookaddons';
 		$outfit_addons = true;
 	}
-}
 
-$vocs = [];
-if (setting('core.online_vocations')) {
-	foreach($config['vocations'] as $id => $name) {
-		$vocs[$id] = 0;
-	}
-}
+	$vocations = array_map(function ($name) {
+		return 0;
+	}, setting('core.vocations'));
 
-if($db->hasTable('players_online')) // tfs 1.0
-	$playersOnline = $db->query('SELECT `accounts`.`country`, `players`.`name`, `players`.`level`, `players`.`vocation`' . $outfit . ', `' . $skull_time . '` as `skulltime`, `' . $skull_type . '` as `skull` FROM `accounts`, `players`, `players_online` WHERE `players`.`id` = `players_online`.`player_id` AND `accounts`.`id` = `players`.`account_id`  ORDER BY ' . $order);
-else
-	$playersOnline = $db->query('SELECT `accounts`.`country`, `players`.`name`, `players`.`level`, `players`.`vocation`' . $outfit . ', ' . $promotion . ' `' . $skull_time . '` as `skulltime`, `' . $skull_type . '` as `skull` FROM `accounts`, `players` WHERE `players`.`online` > 0 AND `accounts`.`id` = `players`.`account_id`  ORDER BY ' . $order);
+	if($db->hasTable('players_online')) // tfs 1.0
+		$playersOnline = $db->query('SELECT `accounts`.`country`, `players`.`name`, `players`.`level`, `players`.`vocation`' . $outfit . ', `' . $skull_time . '` as `skulltime`, `' . $skull_type . '` as `skull` FROM `accounts`, `players`, `players_online` WHERE `players`.`id` = `players_online`.`player_id` AND `accounts`.`id` = `players`.`account_id`  ORDER BY ' . $orderSql);
+	else
+		$playersOnline = $db->query('SELECT `accounts`.`country`, `players`.`name`, `players`.`level`, `players`.`vocation`' . $outfit . ', ' . $promotion . ' `' . $skull_time . '` as `skulltime`, `' . $skull_type . '` as `skull` FROM `accounts`, `players` WHERE `players`.`online` > 0 AND `accounts`.`id` = `players`.`account_id`  ORDER BY ' . $orderSql);
 
-$players_data = array();
-$players = 0;
-$data = '';
-foreach($playersOnline as $player) {
-	$skull = '';
-	if (setting('core.online_skulls'))
-	{
-		if($player['skulltime'] > 0)
-		{
-			if($player['skull'] == 3)
+	$settingVocations = setting('core.vocations');
+	$settingVocationsAmount = setting('core.vocations_amount');
+
+	$players = [];
+	foreach($playersOnline as $player) {
+		$skull = '';
+		if($player['skulltime'] > 0) {
+			if($player['skull'] == 3) {
 				$skull = ' <img style="border: 0;" src="images/white_skull.gif"/>';
-			elseif($player['skull'] == 4)
+			}
+			elseif($player['skull'] == 4) {
 				$skull = ' <img style="border: 0;" src="images/red_skull.gif"/>';
-			elseif($player['skull'] == 5)
+			}
+			elseif($player['skull'] == 5) {
 				$skull = ' <img style="border: 0;" src="images/black_skull.gif"/>';
-		}
-	}
-
-	if(isset($player['promotion'])) {
-		if((int)$player['promotion'] > 0)
-			$player['vocation'] += ($player['promotion'] * $config['vocations_amount']);
-	}
-
-	$players_data[] = array(
-		'name' => getPlayerLink($player['name']),
-		'player' => $player,
-		'level' => $player['level'],
-		'vocation' => $config['vocations'][$player['vocation']],
-		'country_image' => setting('core.account_country') ? getFlagImage($player['country']) : null,
-		'outfit' => setting('core.online_outfit') ? setting('core.outfit_images_url') . '?id=' . $player['looktype'] . ($outfit_addons ? '&addons=' . $player['lookaddons'] : '') . '&head=' . $player['lookhead'] . '&body=' . $player['lookbody'] . '&legs=' . $player['looklegs'] . '&feet=' . $player['lookfeet'] : null
-	);
-
-	if (setting('core.online_vocations')) {
-		$vocs[($player['vocation'] > $config['vocations_amount'] ? $player['vocation'] - $config['vocations_amount'] : $player['vocation'])]++;
-	}
-}
-
-$record = '';
-if(count($players_data) > 0) {
-	if( setting('core.online_record')) {
-		$result = null;
-		$timestamp = false;
-		if($db->hasTable('server_record')) {
-			$timestamp = true;
-			$result = ServerRecord::where('world_id', $config['lua']['worldId'])->orderByDesc('record')->first()->toArray();
-		} else if($db->hasTable('server_config')) { // tfs 1.0
-			$row = ServerConfig::where('config', 'players_record')->first();
-			if ($row) {
-				$result = ['record' => $row->value];
 			}
 		}
 
-		if($result) {
-			$record = 'The maximum on this game world was ' . $result['record'] . ' players' . ($timestamp ? ' on ' . date("M d Y, H:i:s", $result['timestamp']) . '.' : '.');
+		if(isset($player['promotion'])) {
+			if((int)$player['promotion'] > 0)
+				$player['vocation'] += ($player['promotion'] * $settingVocationsAmount);
+		}
+
+		$players[] = array(
+			'name' => getPlayerLink($player['name']),
+			'player' => $player,
+			'level' => $player['level'],
+			'vocation' => $settingVocations[$player['vocation']],
+			'skull' => $skull,
+			'country_image' => getFlagImage($player['country']),
+			'outfit' => setting('core.outfit_images_url') . '?id=' . $player['looktype'] . ($outfit_addons ? '&addons=' . $player['lookaddons'] : '') . '&head=' . $player['lookhead'] . '&body=' . $player['lookbody'] . '&legs=' . $player['looklegs'] . '&feet=' . $player['lookfeet'],
+		);
+
+		$vocations[($player['vocation'] > $settingVocationsAmount ? $player['vocation'] - $settingVocationsAmount : $player['vocation'])]++;
+	}
+
+	$record = '';
+	if(count($players) > 0) {
+		if( setting('core.online_record')) {
+			$result = null;
+			$timestamp = false;
+			if($db->hasTable('server_record')) {
+				$timestamp = true;
+				$result = ServerRecord::where('world_id', configLua('worldId'))->orderByDesc('record')->first()->toArray();
+			} else if($db->hasTable('server_config')) { // tfs 1.0
+				$row = ServerConfig::where('config', 'players_record')->first();
+				if ($row) {
+					$result = ['record' => $row->value];
+				}
+			}
+
+			if($result) {
+				$record = $result['record'] . ' player' . ($result['record'] > 1 ? 's' : '') . ($timestamp ? ' (on ' . date("M d Y, H:i:s", $result['timestamp']) . ')' : '');
+			}
 		}
 	}
-}
+
+	return [
+		'players' => $players,
+		'record' => $record,
+		'vocations' => $vocations,
+	];
+});
 
 $twig->display('online.html.twig', array(
-	'players' => $players_data,
-	'record' => $record,
-	'vocs' => $vocs,
+	'players' => $cached['players'],
+	'record' => $cached['record'],
+	'vocations' => $cached['vocations'],
+	'vocs' => $cached['vocations'], // deprecated, to be removed
+	'order' => $order,
 ));
 
-//search bar
-$twig->display('online.form.html.twig');
-?>
+// search bar
+$twig->display('characters.form.html.twig');

system/router.php

@@ -129,14 +129,14 @@ $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r)
 		return ($a[3] < $b[3]) ? -1 : 1;
 	});
 
+	$aliases = [
+		[':int', ':string', ':alphanum'],
+		[':\d+', ':[A-Za-z0-9-_%+\' ]+', ':[A-Za-z0-9]+'],
+	];
+
 	// remove duplicates
 	// if same route pattern, but different priority
-	$routesFinal = array_filter($routesFinal, function ($a) {
-		$aliases = [
-			[':int', ':string', ':alphanum'],
-			[':\d+', ':[A-Za-z0-9-_%+\' ]+', ':[A-Za-z0-9]+'],
-		];
-
+	$routesFinal = array_filter($routesFinal, function ($a) use ($aliases) {
 		// apply aliases
 		$a[1] = str_replace($aliases[0], $aliases[1], $a[1]);
 
@@ -171,15 +171,15 @@ $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r)
 			$route[0] = array_map($toUpperCase, $route[0]);
 		}
 
-		$aliases = [
-			[':int', ':string', ':alphanum'],
-			[':\d+', ':[A-Za-z0-9-_%+\' ]+', ':[A-Za-z0-9]+'],
-		];
-
 		// apply aliases
 		$route[1] = str_replace($aliases[0], $aliases[1], $route[1]);
 
-		$r->addRoute($route[0], $route[1], $route[2]);
+		try {
+			$r->addRoute($route[0], $route[1], $route[2]);
+		}
+		catch (\Exception $e) {
+			// duplicated route, just ignore
+		}
 	}
 
 	if (config('env') === 'dev') {
@@ -252,7 +252,7 @@ else {
 
 				$success = false;
 				$tmp_content = getCustomPage($pageName, $success);
-				if ($success) {
+				if ($success && $hooks->trigger(HOOK_BEFORE_PAGE_CUSTOM)) {
 					$content .= $tmp_content;
 					if (hasFlag(FLAG_CONTENT_PAGES) || superAdmin()) {
 						$pageInfo = getCustomPageInfo($pageName);
@@ -260,6 +260,8 @@ else {
 							) . $content;
 					}
 
+					$hooks->trigger(HOOK_AFTER_PAGE_CUSTOM);
+
 					$page = $pageName;
 					$file = false;
 				}
@@ -324,7 +326,9 @@ if (isset($_REQUEST['_page_only'])) {
 
 if(!isset($title)) {
 	$title = str_replace('index.php/', '', $page);
-	$title = ucfirst($title);
+	$title = str_replace(['_', '-', '/'], ' ', $page);
+
+	$title = ucwords($title);
 }
 
 if(setting('core.backward_support')) {

system/routes.php

@@ -22,11 +22,11 @@ return [
 	['GET', 'account/confirm-email/{hash:alphanum}', 'account/confirm-email.php'],
 
 	['GET', 'bans/{page:int}', 'bans.php'],
-	[['GET', 'POST'], 'characters[/{name:string}]', 'characters.php'],
-	['GET', 'changelog[/{page:int}]', 'changelog.php'],
-	[['GET', 'POST'], 'monsters[/{name:string}]', 'monsters.php'],
+	[['GET', 'POST'], 'characters/{name:[A-Za-z0-9-_%+\' \[\]]+}', 'characters.php'],
+	['GET', 'changelog/{page:int}', 'changelog.php'],
+	[['GET', 'POST'], 'monsters/{name:string}', 'monsters.php'],
 
-	[['GET', 'POST'], 'faq[/{action:string}]', 'faq.php'],
+	[['GET', 'POST'], 'faq/{action:string}', 'faq.php'],
 
 	[['GET', 'POST'], 'forum/{action:string}', 'forum.php'],
 	['GET', 'forum/board/{id:int}', 'forum/show_board.php'],

system/settings.php

@@ -19,6 +19,15 @@ $templates = Cache::remember('templates', 5 * 60, function () {
 });
 $defaultTemplate = in_array('kathrine', $templates) ? 'kathrine' : $templates[0];
 
+global $db;
+
+if (!IS_CLI) {
+	require SYSTEM . 'base.php';
+
+	$serverUrl = 'http' . (isHttps() ? 's' : '') . '://' . $baseHost;
+	$siteURL = $serverUrl . $baseDir;
+}
+
 return [
 	'name' => 'MyAAC',
 	'settings' => [
@@ -30,6 +39,13 @@ return [
 			'type' => 'section',
 			'title' => 'General'
 		],
+		'site_url' => [
+			'name' => 'Website URL',
+			'type' => 'text',
+			'desc' => 'Website address of this MyAAC instance',
+			'default' => IS_CLI ? '' : $siteURL,
+			'is_config' => true,
+		],
 		'env' => [
 			'name' => 'App Environment',
 			'type' => 'options',
@@ -674,6 +690,20 @@ Sent by MyAAC,<br/>
 			'desc' => 'Default premium points on new account',
 			'default' => 0,
 		],
+		'account_coins' => [
+			'name' => 'Default Account Coins',
+			'type' => 'number',
+			'desc' => 'Default coins on new account',
+			'hidden' => ($db && !HAS_ACCOUNT_COINS),
+			'default' => 0,
+		],
+		'account_coins_transferable' => [
+			'name' => 'Default Account Transferable Coins',
+			'type' => 'number',
+			'desc' => 'Default transferable coins on new account',
+			'hidden' => ($db && !HAS_ACCOUNT_COINS_TRANSFERABLE && !HAS_ACCOUNT_TRANSFERABLE_COINS),
+			'default' => 0,
+		],
 		'account_mail_change' => [
 			'name' => 'Account Mail Change Days',
 			'type' => 'number',
@@ -1039,6 +1069,12 @@ Sent by MyAAC,<br/>
 			'desc' => 'How often to update highscores from database in minutes. Too low may slow down your website.<br/>0 to disable.',
 			'default' => 15,
 		],
+		'highscores_skills_box' => [
+			'name' => 'Display Skills Box',
+			'type' => 'boolean',
+			'desc' => 'show "Choose a skill" box on the highscores (allowing peoples to sort highscores by skill)?',
+			'default' => true,
+		],
 		'highscores_vocation_box' => [
 			'name' => 'Display Vocation Box',
 			'type' => 'boolean',
@@ -1051,6 +1087,12 @@ Sent by MyAAC,<br/>
 			'desc' => 'Show player vocation under his nickname?',
 			'default' => true,
 		],
+		'highscores_online_status' => [
+			'name' => 'Display Online Status',
+			'type' => 'boolean',
+			'desc' => 'Show player status as red (offline) or green (online)',
+			'default' => false,
+		],
 		'highscores_frags' => [
 			'name' => 'Display Top Frags',
 			'type' => 'boolean',
@@ -1205,6 +1247,14 @@ Sent by MyAAC,<br/>
 			'type' => 'section',
 			'title' => 'Online Page'
 		],
+		'online_cache_ttl' => [
+			'name' => 'Online Cache TTL (in minutes)',
+			'type' => 'number',
+			'min' => 0,
+			'desc' => 'How often to update online list from database in minutes. Too low may slow down your website.' . PHP_EOL .
+				'0 to disable.',
+			'default' => 15,
+		],
 		'online_record' => [
 			'name' => 'Display Players Record',
 			'type' => 'boolean',
@@ -1241,6 +1291,12 @@ Sent by MyAAC,<br/>
 			'desc' => '',
 			'default' => false,
 		],
+		'online_datacenter' => [
+			'name' => 'Data Center',
+			'type' => 'text',
+			'desc' => 'Server Location, will be shown on online page',
+			'default' => 'Frankfurt - Germany',
+		],
 		[
 			'type' => 'section',
 			'title' => 'Team Page'
@@ -1547,7 +1603,7 @@ Sent by MyAAC,<br/>
 			'callbacks' => [
 				'beforeSave' => function($key, $value, &$errorMessage) {
 					global $db;
-					if ($value == 'coins' && !$db->hasColumn('accounts', 'coins')) {
+					if ($value == 'coins' && !HAS_ACCOUNT_COINS) {
 						$errorMessage = "Shop: Donate Column: Cannot set column to coins, because it doesn't exist in database.";
 						return false;
 					}

system/src/Admin/Plugins.php

@@ -0,0 +1,49 @@
+<?php
+
+namespace MyAAC\Admin;
+
+use GuzzleHttp\Client;
+
+class Plugins
+{
+	private string $api_base_uri = 'https://plugins.my-aac.org/api/';
+
+	public function getLatestVersions(): array
+	{
+		$client = new Client([
+			// Base URI is used with relative requests
+			'base_uri' => $this->api_base_uri,
+			// You can set any number of default request options.
+			'timeout'  => 3.0,
+		]);
+
+		$plugins = get_plugins(true);
+		foreach ($plugins as &$plugin) {
+			if (str_contains($plugin, 'disabled.')) {
+				$plugin = str_replace('disabled.', '', $plugin);
+			}
+		}
+
+		try {
+			$response = $client->get('get-latest-versions', [
+				'json' => ['plugins' => $plugins],
+			]);
+		}
+		catch (\Exception $e) {
+			error('API Error. Please try again later.');
+			return [];
+		}
+
+		$statusCode = $response->getStatusCode();
+		if ($statusCode != 200) {
+			throw new \Exception('Error getting info from plugins repository. Please try again later.');
+		}
+
+		$data = $response->getBody();
+		return json_decode($data, true);
+	}
+
+	public function setApiBaseUri(string $uri): void {
+		$this->api_base_uri = $uri;
+	}
+}

system/src/Cache/Cache.php

@@ -106,7 +106,7 @@ class Cache
 	public static function remember($key, $ttl, $callback)
 	{
 		$cache = self::getInstance();
-		if (!$cache->enabled()) {
+		if (!$cache->enabled() || $ttl == 0) {
 			return $callback();
 		}
 

system/src/Commands/CacheClearCommand.php

@@ -2,6 +2,7 @@
 
 namespace MyAAC\Commands;
 
+use MyAAC\Cache\Cache;
 use MyAAC\Hooks;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Output\OutputInterface;
@@ -17,10 +18,7 @@ class CacheClearCommand extends Command
 
 	protected function execute(InputInterface $input, OutputInterface $output): int
 	{
-		global $hooks;
-		$hooks = new Hooks();
-		$hooks->load();
-		$hooks->trigger(HOOK_INIT);
+		require SYSTEM . 'init.php';
 
 		$io = new SymfonyStyle($input, $output);
 
@@ -29,6 +27,13 @@ class CacheClearCommand extends Command
 			return Command::FAILURE;
 		}
 
+		$cacheEngine = config('cache_engine') == 'auto' ?
+			Cache::detect() : config('cache_engine');
+
+		if (config('env') !== 'dev' && $cacheEngine == 'apcu') {
+			$io->warning('APCu cache cannot be cleared in CLI. Please visit the Admin Panel and clear there.');
+		}
+
 		$io->success('Cache cleared');
 		return Command::SUCCESS;
 	}

system/src/Commands/MailSendCommand.php

@@ -12,9 +12,10 @@ class MailSendCommand extends Command
 {
 	protected function configure(): void
 	{
-		$this->setName('mail:send')
+		$this->setName('email:send')
+			->setAliases(['mail:send'])
 			->setDescription('This command sends E-Mail to single user. Message can be provided as follows: ' . PHP_EOL
-				. '  echo "Hello World" | php sa email:send --subject="This is the subject" test@test.com')
+				. '  echo "Hello World" | php aac email:send --subject="This is the subject" test@test.com')
 			->addArgument('recipient', InputArgument::REQUIRED, 'Email, Account Name, Account id or Player Name')
 			->addOption('subject', 's', InputOption::VALUE_REQUIRED, 'Subject');
 	}

system/src/Commands/PluginInstallInstallCommand.php

@@ -12,7 +12,8 @@ class PluginInstallInstallCommand extends Command
 {
 	protected function configure(): void
 	{
-		$this->setName('plugin:install:install')
+		$this->setName('plugin:setup')
+			->setAliases(['plugin:install:install'])
 			->setDescription('This command executes the "install" part of the plugin')
 			->addArgument('plugin', InputArgument::REQUIRED, 'Plugin name');
 	}

system/src/Hook.php

@@ -38,6 +38,8 @@ class Hook
 	}
 
 	public function executeFilter(&$args) {
+		global $db, $config, $template_path, $ots, $content, $twig;
+
 		return include BASE . $this->_file;
 	}
 

system/src/Models/Account.php

@@ -53,12 +53,9 @@ class Account extends Model {
 
 	public function getIsPremiumAttribute()
 	{
-		global $config;
-        if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return true;
-
-	    if(isset($this->premium_ends_at)) {
-		    return $this->premium_ends_at > time();
-	    }
+		if(isset($this->premium_ends_at)) {
+			return $this->premium_ends_at > time();
+		}
 
 		if(isset($this->premend)) {
 			return $this->premend > time();

system/src/Models/PlayerOnline.php

@@ -9,6 +9,10 @@ class PlayerOnline extends Model {
 
 	public $timestamps = false;
 
+	protected $fillable = [
+		'player_id',
+	];
+
 	public function player()
 	{
 		return $this->belongsTo(Player::class);

system/src/Plugins.php

@@ -11,6 +11,25 @@ class Plugins {
 	private static $error = null;
 	private static $plugin_json = [];
 
+	public static function getInits()
+	{
+		return Cache::remember('plugins_inits', 10 * 60, function () {
+			$inits = [];
+			foreach(self::getAllPluginsJson() as $plugin) {
+				if (!self::getAutoLoadOption($plugin, 'init', false)) {
+					continue;
+				}
+
+				$pluginInits = glob(PLUGINS . $plugin['filename'] . '/init.php');
+				foreach ($pluginInits as $path) {
+					$inits[] = $path;
+				}
+			}
+
+			return $inits;
+		});
+	}
+
 	public static function getAdminPages()
 	{
 		return Cache::remember('plugins_admin_pages', 10 * 60, function () {
@@ -513,193 +532,192 @@ class Plugins {
 		self::$plugin_json = $plugin_json;
 		if ($plugin_json == null) {
 			self::$warnings[] = 'Cannot load ' . $file_name . '. File might be not a valid json code.';
+			return false;
 		}
-		else {
-			$continue = true;
 
-			if(!isset($plugin_json['name']) || empty(trim($plugin_json['name']))) {
-				self::$error = 'Plugin "name" tag is not set.';
+		$continue = true;
+
+		if(!isset($plugin_json['name']) || empty(trim($plugin_json['name']))) {
+			self::$error = 'Plugin "name" tag is not set.';
+			return false;
+		}
+
+		if(!isset($plugin_json['version']) || empty(trim($plugin_json['version']))) {
+			self::$warnings[] = 'Plugin "version" tag is not set.';
+		}
+
+		if(isset($plugin_json['require'])) {
+			$require = $plugin_json['require'];
+
+			$myaac_satified = true;
+			if(isset($require['myaac_'])) {
+				$require_myaac = $require['myaac_'];
+				if(!Semver::satisfies(MYAAC_VERSION, $require_myaac)) {
+					$myaac_satified = false;
+				}
+			}
+			else if(isset($require['myaac'])) {
+				$require_myaac = $require['myaac'];
+				if(version_compare(MYAAC_VERSION, $require_myaac, '<')) {
+					$myaac_satified = false;
+				}
+			}
+
+			if(!$myaac_satified) {
+				self::$error = "Your AAC version doesn't meet the requirement of this plugin. Required version is: " . $require_myaac . ", and you're using version " . MYAAC_VERSION . ".";
 				return false;
 			}
 
-			if(!isset($plugin_json['version']) || empty(trim($plugin_json['version']))) {
-				self::$warnings[] = 'Plugin "version" tag is not set.';
+			$php_satisfied = true;
+			if(isset($require['php_'])) {
+				$require_php = $require['php_'];
+				if(!Semver::satisfies(phpversion(), $require_php)) {
+					$php_satisfied = false;
+				}
+			}
+			else if(isset($require['php'])) {
+				$require_php = $require['php'];
+				if(version_compare(phpversion(), $require_php, '<')) {
+					$php_satisfied = false;
+				}
 			}
 
-			if(isset($plugin_json['require'])) {
-				$require = $plugin_json['require'];
+			if(!$php_satisfied) {
+				self::$error = "Your PHP version doesn't meet the requirement of this plugin. Required version is: " . $require_php . ", and you're using version " . phpversion() . ".";
+				$continue = false;
+			}
 
-				$myaac_satified = true;
-				if(isset($require['myaac_'])) {
-					$require_myaac = $require['myaac_'];
-					if(!Semver::satisfies(MYAAC_VERSION, $require_myaac)) {
-						$myaac_satified = false;
+			$database_satisfied = true;
+			if(isset($require['database_'])) {
+				$require_database = $require['database_'];
+				if(!Semver::satisfies(DATABASE_VERSION, $require_database)) {
+					$database_satisfied = false;
+				}
+			}
+			else if(isset($require['database'])) {
+				$require_database = $require['database'];
+				if(version_compare(DATABASE_VERSION, $require_database, '<')) {
+					$database_satisfied = false;
+				}
+			}
+
+			if(!$database_satisfied) {
+				self::$error = "Your database version doesn't meet the requirement of this plugin. Required version is: " . $require_database . ", and you're using version " . DATABASE_VERSION . ".";
+				$continue = false;
+			}
+
+			if($continue) {
+				foreach($require as $req => $version) {
+					$req = strtolower(trim($req));
+					$version = trim($version);
+
+					if(in_array($req, array('myaac', 'myaac_', 'php', 'php_', 'database', 'database_'))) {
+						continue;
 					}
-				}
-				else if(isset($require['myaac'])) {
-					$require_myaac = $require['myaac'];
-					if(version_compare(MYAAC_VERSION, $require_myaac, '<')) {
-						$myaac_satified = false;
-					}
-				}
 
-				if(!$myaac_satified) {
-					self::$error = "Your AAC version doesn't meet the requirement of this plugin. Required version is: " . $require_myaac . ", and you're using version " . MYAAC_VERSION . ".";
-					return false;
-				}
+					if(in_array($req, array('php-ext', 'php-extension'))) { // require php extension
+						$tmpDisplayError = false;
+						$explode = explode(',', $version);
 
-				$php_satisfied = true;
-				if(isset($require['php_'])) {
-					$require_php = $require['php_'];
-					if(!Semver::satisfies(phpversion(), $require_php)) {
-						$php_satisfied = false;
-					}
-				}
-				else if(isset($require['php'])) {
-					$require_php = $require['php'];
-					if(version_compare(phpversion(), $require_php, '<')) {
-						$php_satisfied = false;
-					}
-				}
-
-				if(!$php_satisfied) {
-					self::$error = "Your PHP version doesn't meet the requirement of this plugin. Required version is: " . $require_php . ", and you're using version " . phpversion() . ".";
-					$continue = false;
-				}
-
-				$database_satisfied = true;
-				if(isset($require['database_'])) {
-					$require_database = $require['database_'];
-					if(!Semver::satisfies(DATABASE_VERSION, $require_database)) {
-						$database_satisfied = false;
-					}
-				}
-				else if(isset($require['database'])) {
-					$require_database = $require['database'];
-					if(version_compare(DATABASE_VERSION, $require_database, '<')) {
-						$database_satisfied = false;
-					}
-				}
-
-				if(!$database_satisfied) {
-					self::$error = "Your database version doesn't meet the requirement of this plugin. Required version is: " . $require_database . ", and you're using version " . DATABASE_VERSION . ".";
-					$continue = false;
-				}
-
-				if($continue) {
-					foreach($require as $req => $version) {
-						$req = strtolower(trim($req));
-						$version = trim($version);
-
-						if(in_array($req, array('myaac', 'myaac_', 'php', 'php_', 'database', 'database_'))) {
-							continue;
+						foreach ($explode as $item) {
+							if(!extension_loaded($item)) {
+								$errors[] = "This plugin requires php extension: " . $item . " to be installed.";
+								$tmpDisplayError = true;
+							}
 						}
 
-						if(in_array($req, array('php-ext', 'php-extension'))) { // require php extension
-							$tmpDisplayError = false;
-							$explode = explode(',', $version);
-
-							foreach ($explode as $item) {
-								if(!extension_loaded($item)) {
-									$errors[] = "This plugin requires php extension: " . $item . " to be installed.";
-									$tmpDisplayError = true;
-								}
-							}
-
-							if ($tmpDisplayError) {
-								self::$error = implode('<br/>', $errors);
-								$continue = false;
-								break;
-							}
-						}
-						else if($req == 'table') {
-							$tmpDisplayError = false;
-							$explode = explode(',', $version);
-							foreach ($explode as $item) {
-								if(!$db->hasTable($item)) {
-									$errors[] = "This plugin requires table: " . $item . " to exist in the database.";
-									$tmpDisplayError = true;
-								}
-							}
-
-							if ($tmpDisplayError) {
-								self::$error = implode('<br/>', $errors);
-								$continue = false;
-								break;
-							}
-						}
-						else if($req == 'column') {
-							$tmpDisplayError = false;
-							$explode = explode(',', $version);
-							foreach ($explode as $item) {
-								$tmp = explode('.', $item);
-
-								if(count($tmp) == 2) {
-									if(!$db->hasColumn($tmp[0], $tmp[1])) {
-										$errors[] = "This plugin requires database column: " . $tmp[0] . "." . $tmp[1] . " to exist in database.";
-										$tmpDisplayError = true;
-									}
-								}
-								else {
-									self::$warnings[] = "Invalid plugin require column: " . $item;
-								}
-							}
-
-							if ($tmpDisplayError) {
-								self::$error = implode('<br/>', $errors);
-								$continue = false;
-								break;
-							}
-						}
-						else if(strpos($req, 'ext-') !== false) {
-							$tmp = explode('-', $req);
-							if(count($tmp) == 2) {
-								if(!extension_loaded($tmp[1]) || !Semver::satisfies(phpversion($tmp[1]), $version)) {
-									self::$error = "This plugin requires php extension: " . $tmp[1] . ", version " . $version . " to be installed.";
-									$continue = false;
-									break;
-								}
-							}
-						}
-						else if(!self::is_installed($req, $version)) {
-							self::$error = "This plugin requires another plugin to run correctly. The another plugin is: " . $req . ", with version " . $version . ".";
+						if ($tmpDisplayError) {
+							self::$error = implode('<br/>', $errors);
 							$continue = false;
 							break;
 						}
 					}
-				}
-			}
+					else if($req == 'table') {
+						$tmpDisplayError = false;
+						$explode = explode(',', $version);
+						foreach ($explode as $item) {
+							if(!$db->hasTable($item)) {
+								$errors[] = "This plugin requires table: " . $item . " to exist in the database.";
+								$tmpDisplayError = true;
+							}
+						}
 
-			if($continue) {
-				if(!$zip->extractTo(BASE)) { // "Real" Install
-					self::$error = 'There was a problem with extracting zip archive to base directory.';
-					$zip->close();
-					return false;
-				}
-
-				$install = $plugin_json['install'] ?? '';
-				if (self::getAutoLoadOption($plugin_json, 'install', true) && is_file(PLUGINS . $pluginFilename . '/install.php')) {
-					$install = 'plugins/' . $pluginFilename . '/install.php';
-				}
-
-				if (!empty($install)) {
-					if (file_exists(BASE . $install)) {
-						$db->revalidateCache();
-						require BASE . $install;
-						$db->revalidateCache();
+						if ($tmpDisplayError) {
+							self::$error = implode('<br/>', $errors);
+							$continue = false;
+							break;
+						}
 					}
-					else {
-						self::$warnings[] = 'Cannot load install script. Your plugin might be not working correctly.';
+					else if($req == 'column') {
+						$tmpDisplayError = false;
+						$explode = explode(',', $version);
+						foreach ($explode as $item) {
+							$tmp = explode('.', $item);
+
+							if(count($tmp) == 2) {
+								if(!$db->hasColumn($tmp[0], $tmp[1])) {
+									$errors[] = "This plugin requires database column: " . $tmp[0] . "." . $tmp[1] . " to exist in database.";
+									$tmpDisplayError = true;
+								}
+							}
+							else {
+								self::$warnings[] = "Invalid plugin require column: " . $item;
+							}
+						}
+
+						if ($tmpDisplayError) {
+							self::$error = implode('<br/>', $errors);
+							$continue = false;
+							break;
+						}
+					}
+					else if(strpos($req, 'ext-') !== false) {
+						$tmp = explode('-', $req);
+						if(count($tmp) == 2) {
+							if(!extension_loaded($tmp[1]) || !Semver::satisfies(phpversion($tmp[1]), $version)) {
+								self::$error = "This plugin requires php extension: " . $tmp[1] . ", version " . $version . " to be installed.";
+								$continue = false;
+								break;
+							}
+						}
+					}
+					else if(!self::is_installed($req, $version)) {
+						self::$error = "This plugin requires another plugin to run correctly. The another plugin is: " . $req . ", with version " . $version . ".";
+						$continue = false;
+						break;
 					}
 				}
-
-				clearCache();
-
-				return true;
 			}
 		}
 
-		return false;
+		if(!$continue) {
+			return false;
+		}
+
+		if(!$zip->extractTo(BASE)) { // "Real" Install
+			self::$error = 'There was a problem with extracting zip archive to base directory.';
+			$zip->close();
+			return false;
+		}
+
+		$install = $plugin_json['install'] ?? '';
+		if (self::getAutoLoadOption($plugin_json, 'install', true) && is_file(PLUGINS . $pluginFilename . '/install.php')) {
+			$install = 'plugins/' . $pluginFilename . '/install.php';
+		}
+
+		if (!empty($install)) {
+			if (file_exists(BASE . $install)) {
+				$db->revalidateCache();
+				require BASE . $install;
+				$db->revalidateCache();
+			}
+			else {
+				self::$warnings[] = 'Cannot load install script. Your plugin might be not working correctly.';
+			}
+		}
+
+		clearCache();
+		return true;
 	}
 
 	public static function isEnabled($pluginFileName): bool
@@ -762,15 +780,20 @@ class Plugins {
 			return false;
 		}
 
-		if(!isset($plugin_json['install'])) {
-			self::$error = "Plugin doesn't have install options defined. Skipping...";
+		$install = $plugin_json['install'] ?? '';
+		if (self::getAutoLoadOption($plugin_json, 'install', true) && is_file(PLUGINS . $plugin_name . '/install.php')) {
+			$install = 'plugins/' . $plugin_name . '/install.php';
+		}
+
+		if (empty($install)) {
+			self::$error = "This plugin doesn't seem to have install script defined.";
 			return false;
 		}
 
 		global $db;
-		if (file_exists(BASE . $plugin_json['install'])) {
+		if (file_exists(BASE . $install)) {
 			$db->revalidateCache();
-			require BASE . $plugin_json['install'];
+			require BASE . $install;
 			$db->revalidateCache();
 		}
 		else {

system/src/Settings.php

@@ -472,24 +472,22 @@ class Settings implements \ArrayAccess
 			if (!isset($this->settingsFile[$pluginKeyName]['settings'])) {
 				throw new \RuntimeException('Unknown plugin settings: ' . $pluginKeyName);
 			}
+
 			return $this->settingsFile[$pluginKeyName]['settings'];
 		}
 
-		$ret = [];
-		if(isset($this->settingsFile[$pluginKeyName]['settings'][$key])) {
-			$ret = $this->settingsFile[$pluginKeyName]['settings'][$key];
+		if (!isset($this->settingsFile[$pluginKeyName]['settings'][$key])) {
+			return null;
 		}
 
+		$ret = $this->settingsFile[$pluginKeyName]['settings'][$key];
+
 		if(isset($this->settingsDatabase[$pluginKeyName][$key])) {
 			$value = $this->settingsDatabase[$pluginKeyName][$key];
 
 			$ret['value'] = $value;
 		}
 		else {
-			if (!isset($this->settingsFile[$pluginKeyName]['settings'][$key])) {
-				return null;
-			}
-
 			$ret['value'] = $this->settingsFile[$pluginKeyName]['settings'][$key]['default'];
 		}
 

system/src/global.php

@@ -8,7 +8,9 @@ $i = 0;
 define('HOOK_INIT', ++$i);
 define('HOOK_STARTUP', ++$i);
 define('HOOK_BEFORE_PAGE', ++$i);
+define('HOOK_BEFORE_PAGE_CUSTOM', ++$i);
 define('HOOK_AFTER_PAGE', ++$i);
+define('HOOK_AFTER_PAGE_CUSTOM', ++$i);
 define('HOOK_FINISH', ++$i);
 define('HOOK_TIBIACOM_ARTICLE', ++$i);
 define('HOOK_TIBIACOM_BORDER_3', ++$i);
@@ -52,6 +54,7 @@ define('HOOK_ACCOUNT_MANAGE_BEFORE_GENERAL_INFORMATION', ++$i);
 define('HOOK_ACCOUNT_MANAGE_BEFORE_PUBLIC_INFORMATION', ++$i);
 define('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS', ++$i);
 define('HOOK_ACCOUNT_MANAGE_BEFORE_CHARACTERS', ++$i);
+define('HOOK_ACCOUNT_MANAGE_AFTER_CHARACTERS', ++$i);
 define('HOOK_ACCOUNT_LOGIN_BEFORE_PAGE', ++$i);
 define('HOOK_ACCOUNT_LOGIN_BEFORE_ACCOUNT', ++$i);
 define('HOOK_ACCOUNT_LOGIN_AFTER_ACCOUNT', ++$i);
@@ -90,6 +93,7 @@ define('HOOK_EMAIL_CONFIRMED', ++$i);
 define('HOOK_GUILDS_BEFORE_GUILD_HEADER', ++$i);
 define('HOOK_GUILDS_AFTER_GUILD_HEADER', ++$i);
 define('HOOK_GUILDS_AFTER_GUILD_INFORMATION', ++$i);
+define('HOOK_GUILDS_AFTER_MANAGE_BUTTON', ++$i);
 define('HOOK_GUILDS_AFTER_GUILD_MEMBERS', ++$i);
 define('HOOK_GUILDS_AFTER_INVITED_CHARACTERS', ++$i);
 define('HOOK_TWIG', ++$i);
@@ -102,7 +106,6 @@ define('HOOK_FILTER_ROUTES', ++$i);
 define('HOOK_FILTER_TWIG_DISPLAY', ++$i);
 define('HOOK_FILTER_TWIG_RENDER', ++$i);
 define('HOOK_FILTER_THEME_FOOTER', ++$i);
-define('HOOK_FILTER_POT', ++$i);
 
 const HOOK_FIRST = HOOK_INIT;
 define('HOOK_LAST', $i);

system/template.php

@@ -91,7 +91,7 @@ else {
 			$file = BASE . $template_path . '/layout_config.ini';
 		}
 
-		$template_ini = parse_ini_file($file);
+		$template_ini = parse_ini_file($file, true);
 		unset($file);
 
 		if ($cache->enabled()) {

system/templates/account.change-email.html.twig

@@ -28,7 +28,7 @@ Please enter your password and the new email address. Make sure that you enter a
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0">
 				<tr>
-					<td style="border:0px;">
+					<td style="border:0;">
 						<form id="form" action="{{ getLink('account/change-email') }}" method="post">
 							{{ csrf() }}
 							<input type="hidden" name="changeemailsave" value="1"/>
@@ -40,14 +40,14 @@ Please enter your password and the new email address. Make sure that you enter a
 		</td>
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0">
-				<form action="{{ getLink('account/manage') }}" method="post">
-					{{ csrf() }}
-					<tr>
-						<td style="border:0px;">
+				<tr>
+					<td style="border:0;">
+						<form action="{{ getLink('account/manage') }}" method="post">
+							{{ csrf() }}
 							{{ include('buttons.back.html.twig') }}
-						</td>
-					</tr>
-				</form>
+						</form>
+					</td>
+				</tr>
 			</table>
 		</td>
 	</tr>

system/templates/account.characters.change-comment.html.twig

@@ -88,7 +88,7 @@ If you do not want to specify a certain field, just leave it blank.<br/><br/>
 			<td>
 				<table border="0" cellspacing="0" cellpadding="0">
 					<tr>
-						<td style="border:0px;">
+						<td style="border:0;">
 							<input type="hidden" name="name" value="{{ player.name }}">
 							<input type="hidden" name="changecommentsave" value="1">
 							{{ include('buttons.submit.html.twig') }}
@@ -99,15 +99,15 @@ If you do not want to specify a certain field, just leave it blank.<br/><br/>
 			</td>
 			<td>
 				<table border="0" cellspacing="0" cellpadding="0">
-					<form action="{{ getLink('account/manage') }}" method="post">
-						{{ csrf() }}
-						<tr>
-							<td style="border:0px;">
+					<tr>
+						<td style="border:0;">
+							<form action="{{ getLink('account/manage') }}" method="post">
+								{{ csrf() }}
 								{{ include('buttons.back.html.twig') }}
-							</td>
-						</tr>
-					</form>
-				</table>
+							</form>
+						</td>
+					</tr>
+			</table>
 			</td>
 		</tr>
 	</table>

system/templates/account.characters.delete.html.twig

@@ -24,7 +24,7 @@ To delete a character enter the name of the character and your password.<br/><br
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0">
 				<tr>
-					<td style="border:0px;">
+					<td style="border:0;">
 						<form id="form" action="{{ getLink('account/characters/delete') }}" method="post">
 							{{ csrf() }}
 							<input type="hidden" name="deletecharactersave" value="1"/>
@@ -36,14 +36,14 @@ To delete a character enter the name of the character and your password.<br/><br
 		</td>
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0">
-				<form action="{{ getLink('account/manage') }}" method="post">
-					{{ csrf() }}
-					<tr>
-						<td style="border:0px;">
+				<tr>
+					<td style="border:0;">
+						<form action="{{ getLink('account/manage') }}" method="post">
+							{{ csrf() }}
 							{{ include('buttons.back.html.twig') }}
-						</td>
-					</tr>
-				</form>
+						</form>
+					</td>
+				</tr>
 			</table>
 		</td>
 	</tr>

system/templates/account.generate_recovery_key.html.twig

@@ -32,14 +32,14 @@ To generate recovery key for your account please enter your password.<br/><br/>
 		</td>
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0">
-				<form action="{{ getLink('account/manage') }}" method="post">
-					{{ csrf() }}
-					<tr>
-						<td style="border: 0;">
+				<tr>
+					<td style="border: 0;">
+						<form action="{{ getLink('account/manage') }}" method="post">
+							{{ csrf() }}
 							{{ include('buttons.back.html.twig') }}
-						</td>
-					</tr>
-				</form>
+						</form>
+					</td>
+				</tr>
 			</table>
 		</td>
 	</tr>

system/templates/account.management.html.twig

@@ -228,5 +228,7 @@
 				</td>
 			</tr>
 		</table>
+		<br/>
+		{{ hook('HOOK_ACCOUNT_MANAGE_AFTER_CHARACTERS') }}
 	</div>
 </div>

system/templates/admin.mailer.html.twig

@@ -16,6 +16,13 @@
 				<input class="form-control" type="text" id="mail_to" name="mail_to" value="{{ mail_to }}"/>
 			</div>
 
+			{% if setting('core.account_mail_verify') %}
+				<div class="form-check">
+					<input type="checkbox" class="form-check-input" id="mail_verified_only" name="mail_verified_only" {% if mail_verified_only %}checked{% endif %}>
+					<label class="form-check-label" for="mail_verified_only">Mail only verified users</label>
+				</div>
+			{% endif %}
+
 			<div class="form-group row">
 				<label for="mail_subject">Subject:</label>
 				<input class="form-control" type="text" id="mail_subject" name="mail_subject" value="{{ mail_subject }}" maxlength="30"/>

system/templates/admin.plugins.form.html.twig

@@ -1,7 +1,9 @@
 <div id="install_plugin">
 	<div class="card card-info card-outline">
 		<div class="card-header">
-			<h5 class="m-0">Install plugin</h5>
+			<h5 class="m-0">Install plugin
+				<a href="?p=plugins&check-updates" class="btn btn-primary float-right">Check for updates</a>
+			</h5>
 		</div>
 		<form enctype="multipart/form-data" method="post" action="{{ constant('ADMIN_URL') }}?p=plugins">
 			{{ csrf() }}

system/templates/admin.plugins.outdated.html.twig

@@ -0,0 +1,18 @@
+<table class="table table-bordered table-striped">
+	<thead>
+	<tr>
+		<th>Plugin Name</th>
+		<th>Your Version</th>
+		<th>Latest Version</th>
+		<th>Download Link</th>
+	</tr>
+	</thead>
+	{% for plugin in plugins %}
+		<tr>
+			<td>{{ plugin.name }}</td>
+			<td>{{ plugin.yourVersion }}</td>
+			<td>{{ plugin.latestVersion }}</td>
+			<td><a href="{{ plugin.download_link }}" target="_blank">{{ plugin.download_link }}</a></td>
+		</tr>
+	{% endfor %}
+</table>

system/templates/characters.form.html.twig

@@ -1,17 +1,23 @@
-<form action="{{ link }}" method="post">
-	<table width="100%" border="0" cellspacing="1" cellpadding="4">
-		<tr><td bgcolor="{{ config.vdarkborder }}" class="white"><B>Search Character</B></TD></TR>
-		<tr>
-			<td bgcolor="{{ config.darkborder }}">
-				<table border="0" cellpadding="1">
-					<tr>
-						<td>Name:</td><td><input name="name" value="" size="29" maxlength="29"{% if autofocus %} autofocus{% endif %}></TD>
-						<td>
-							{{ include('buttons.submit.html.twig') }}
-						</td>
-					</tr>
-				</table>
-			</td>
-		</tr>
-	</table>
-</form>
+<br/>
+<form action="{{ getLink('characters') }}" method="post">
+	{% set title = 'Search Character' %}
+	{% set tableClass = 'Table1' %}
+	{% set background = config('darkborder') %}
+	{% set content %}
+		<table width="100%">
+			<tr>
+				<td style="vertical-align:middle" class="LabelV150">
+					Character Name:
+				</td>
+				<td style="width:170px">
+					<input style="width:165px" name="name" value="" size="29" maxlength="29"/>
+				</td>
+				<td>
+					{% set button_name = 'Submit' %}
+					{{ include('buttons.base.html.twig') }}
+				</td>
+			</tr>
+		</table>
+	{% endset %}
+	{{ include('tables.headline.html.twig') }}
+</form>

system/templates/guilds.view.html.twig

@@ -49,6 +49,7 @@
 									{% include('buttons.base.html.twig') %}
 								</a>
 							{% endif %}
+							{{ hook('HOOK_GUILDS_AFTER_MANAGE_BUTTON') }}
 						</div>
 					</td>
 				</tr>
@@ -61,6 +62,7 @@
 			{{ hook('HOOK_GUILDS_AFTER_GUILD_INFORMATION') }}
 
 			{% set title = 'Guild Members' %}
+			{% set background = config('lightborder') %}
 			{% set content %}
 			<table style="width:100%;">
 				<tbody>
@@ -151,6 +153,7 @@
 
 			{{ hook('HOOK_GUILDS_AFTER_GUILD_MEMBERS') }}
 			{% set title = 'Invited Characters' %}
+			{% set background = config('lightborder') %}
 			{% set content %}
 			<table style="width:100%;">
 				<tbody>

system/templates/highscores.html.twig

@@ -66,7 +66,7 @@
 
 						<td>
 							<a href="{{ player.link }}">
-								<span style="color: {% if player.online > 0 %}green{% else %}red{% endif %}">{{ player.name }}</span>
+								<span {% if setting('core.highscores_online_status') %}style="color: {% if player.online > 0 %}green{% else %}red{% endif %}"{% endif %}>{{ player.name }}</span>
 							</a>
 							{% if setting('core.highscores_vocation') %}
 							<br/><small>{{ player.vocation }}</small>
@@ -94,8 +94,10 @@
 				{% endif %}
 			</table>
 		</td>
+		{% if setting('core.highscores_skills_box') or setting('core.highscores_vocation_box') %}
 		<td width="5%"></td>
 		<td width="15%" valign="top" align="right">
+			{% if setting('core.highscores_skills_box') %}
 			<table style="border: 0; width: 100%" cellpadding="4" cellspacing="1">
 				<tr bgcolor="{{ config.vdarkborder }}">
 					<td class="white"><B>Choose a skill</B></TD>
@@ -109,7 +111,8 @@
 				</tr>
 			</table>
 			<br/>
-			{% if config.highscores_vocation_box %}
+			{% endif %}
+			{% if setting('core.highscores_vocation_box') %}
 			<table border="0" width="100%" cellpadding="4" cellspacing="1">
 				<tr bgcolor="{{ config.vdarkborder }}">
 					<td class="white"><b>Choose a vocation</b></td>
@@ -126,5 +129,6 @@
 			{% endif %}
 		</td>
 		<td style="width: 18px"></td>
+		{% endif %}
 	</tr>
 </table>

system/templates/install.config.html.twig

@@ -9,7 +9,7 @@
 <form action="{{ constant('BASE_URL') }}install/" method="post" autocomplete="off">
 	<input type="hidden" name="step" id="step" value="database" />
 
-	{% for value in ['server_path'] %}
+	{% for value in ['site_url', 'server_path'] %}
 	<div class="form-group mb-2">
 		<label for="vars_{{ value }}">{{ locale['step_config_' ~ value]  }}</label>
 		<input class="form-control" type="{% if value == 'mail_admin' %}email{% else %}text{% endif %}" name="vars[{{ value }}]" id="vars_{{ value }}"{% if session['var_' ~ value] is not null %} value="{{ session['var_' ~ value] }}"{% endif %}/>

system/templates/online.form.html.twig

@@ -1,25 +0,0 @@
-<br/>
-<form action="{{ getLink('characters') }}" method=post>
-	<table width="100%" border="0" cellspacing="1" cellpadding="4">
-		<tr>
-			<td bgcolor="{{ config.vdarkborder }}" class="white">
-				<b>Search Character</b>
-			</td>
-		</tr>
-		<tr>
-			<td bgcolor="{{ config.darkborder }}">
-				<table border="0" cellpadding="1">
-					<tr>
-						<td>Name:</td>
-						<td>
-							<input name="name" value=""size=29 maxlength=29>
-						</td>
-						<td>
-							{{ include('buttons.submit.html.twig') }}
-						</td>
-					</tr>
-				</table>
-			</td>
-		</tr>
-	</table>
-</form>

system/templates/online.html.twig

@@ -1,39 +1,13 @@
-<table border="0" cellspacing="1" cellpadding="4" width="100%">
-	<tr bgcolor="{{ config.vdarkborder }}">
-		<td class="white"><b>Server Status</b></td>
-	</tr>
-{% if players|length == 0 %}
-	<tr bgcolor="{{ config.darkborder }}"><td>Currently no one is playing on {{ config.lua.serverName }}.</td></tr></table>
-{% else %}
-	<tr bgcolor="{{ config.darkborder }}">
-		<td>
-			{% if not status.online %}
-			Server is offline.<br/>
-			{% else %}
-				{% if setting('core.online_afk') %}
-					{% set players_count = players|length %}
-					{% set afk = players_count - status.players %}
-					{% if afk < 0 %}
-						{% set players_count = players_count + afk|abs %}
-						{% set afk = 0 %}
-					{% endif %}
-					Currently there are <b>{{ status.players }}</b> active and <b>{{ afk }}</b> AFK players.<br/>
-					Total number of players: <b>{{ players_count }}</b>.<br/>
-				{% else %}
-					Currently {{ players|length }} players are online.<br/>
-				{% endif %}
-			{% endif %}
-			{% if setting('core.online_record') %}
-				{{ record }}
-			{% endif %}
-		</td>
-	</tr>
-</table>
+{% set onlineTTL = setting('core.online_cache_ttl') %}
+{% if onlineTTL > 0 and cache.enabled() %}
+<small>*Note: Online List is updated every {{ onlineTTL > 1 ? ' ' ~ onlineTTL : '' }} minute{{ onlineTTL > 1 ? 's' : '' }}.</small>
 <br/>
-	{# vocation statistics #}
-	{% if setting('core.online_vocations') %}
+{% endif %}
+
+{# vocation statistics #}
+{% if setting('core.online_vocations') %}
 <br/>
-		{% if setting('core.online_vocations_images') %}
+	{% if setting('core.online_vocations_images') %}
 	<table width="200" cellspacing="1" cellpadding="0" border="0" align="center">
 		<tr bgcolor="{{ config.darkborder }}">
 			<td><img src="images/sorcerer.png" /></td>
@@ -69,11 +43,13 @@
 		{% endfor %}
 	</table>
 <br/>
-		{% endif %}
 	{% endif %}
+{% endif %}
 
-	{# show skulls #}
-	{% if setting('core.online_skulls') %}
+<br/>
+
+{# show skulls #}
+{% if setting('core.online_skulls') %}
 <table width="100%" cellspacing="1">
 	<tr>
 		<td style="background: {{ config.darkborder }};" align="center">
@@ -83,34 +59,114 @@
 		</td>
 	</tr>
 </table>
+{% endif %}
+
+<br/>
+
+{% set title = 'World Information' %}
+{% set tableClass = 'Table3' %}
+{% set background = config('darkborder') %}
+{% set content %}
+<table width="100%">
+	<tr>
+		<td class="LabelV150"><b>Status:</b></td>
+		<td>{% if not status.online %}Offline{% else %}Online{% endif %}</td>
+	</tr>
+	<tr>
+		<td class="LabelV150"><b>Players Online:</b></td>
+		<td>
+			{% if setting('core.online_afk') %}
+				{% set players_count = players|length %}
+				{% set afk = players_count - status.players %}
+				{% if afk < 0 %}
+					{% set players_count = players_count + afk|abs %}
+					{% set afk = 0 %}
+				{% endif %}
+				Currently there are <b>{{ status.players }}</b> active and <b>{{ afk }}</b> AFK players.<br/>
+				Total number of players: <b>{{ players_count }}</b>.<br/>
+			{% else %}
+				{{ players|length }}
+			{% endif %}
+		</td>
+	</tr>
+
+	{% if setting('core.online_record') %}
+	<tr>
+		<td class="LabelV150"><b>Online Record:</b></td>
+		<td>
+			{{ record }}
+		</td>
+	</tr>
 	{% endif %}
 
-<table border="0" cellspacing="1" cellpadding="4" width="100%">
-	<tr bgcolor="{{ config.vdarkborder }}">
+	<tr>
+		<td class="LabelV150"><b>Location Datacenter:</b></td>
+		<td>{{ setting('core.online_datacenter') }} <small>(Server date & time: - {{ "now"|date("d/m/Y H:i:s") }})</small></td>
+	</tr>
+	<tr>
+		<td class="LabelV150"><b>PvP Type:</b></td>
+		<td>
+			{% set worldType = config('lua')['worldType']|lower %}
+			{% if worldType in ['pvp','2','normal','open','openpvp'] %}
+			Open PvP
+			{% elseif worldType in ['no-pvp','nopvp','non-pvp','nonpvp','1','safe','optional','optionalpvp'] %}
+			Optional PvP
+			{% elseif worldType in ['pvp-enforced','pvpenforced','pvp-enfo','pvpenfo','pvpe','enforced','enfo','3','war','hardcore','hardcorepvp'] %}
+			Hardcore PvP
+			{% endif %}
+		</td>
+	</tr>
+</table>
+{% endset %}
+{% include 'tables.headline.html.twig' %}
+<br/>
+<br/>
+
+{% set title = 'Players Online' %}
+{% set tableClass = 'Table2' %}
+{% set content %}
+<table width="100%">
+	<tr class="LabelH" style="position: relative; z-index: 20;">
 		{% if setting('core.account_country') %}
-		<td width="11px"><a href="{{ getLink('online?order=country') }}" class="white">#</A></td>
+			<td width="11px"><a href="{{ getLink('online')}}?order=country_{{ order == 'country_asc' ? 'desc' : 'asc' }}">#&#160;&#160;</a>
+			</td>
 		{% endif %}
 		{% if setting('core.online_outfit') %}
-		<td class="white"><b>Outfit</b></td>
+			<td><b>Outfit</b></td>
 		{% endif %}
-		<td width="60%"><a href="{{ getLink('online?order=name') }}" class="white">Name</A></td>
-		<td width="20%"><a href="{{ getLink('online?order=level') }}" class="white">Level</A></td>
-		<td width="20%"><a href="{{ getLink('online?order=vocation') }}" class="white">Vocation</td>
+		<td style="text-align:left; width:50%">Name&#160;&#160;
+			<small style="font-weight:normal">[<a href="{{ getLink('online')}}?order=name_{{ order == 'name_asc' ? 'desc' : 'asc' }}">sort</a>]</small>
+			<img class="sortarrow" src="images/{{ order == 'name_asc' ? 'order_desc' : (order == 'name_desc' ? 'order_asc' : 'news/blank') }}.gif"/></td>
+		<td style="text-align:left;width:30%">Level&#160;&#160;
+			<small style="font-weight:normal">[<a href="{{ getLink('online')}}?order=level_{{ order == 'level_asc' ? 'desc' : 'asc' }}">sort</a>]</small>
+			<img class="sortarrow" src="images/{{ order == 'level_asc' ? 'order_desc' : (order == 'level_desc' ? 'order_asc' : 'news/blank') }}.gif"/>
+		</td>
+		<td style="text-align:left;width:50%">Vocation&#160;&#160;
+			<small style="font-weight:normal">[<a href="{{ getLink('online')}}?order=vocation_{{ order == 'vocation_asc' ? 'desc' : 'asc' }}">sort</a>]</small>
+			<img class="sortarrow" src="images/{{ order == 'vocation_asc' ? 'order_desc' : (order == 'vocation_desc' ? 'order_asc' : 'news/blank') }}.gif"/>
+		</td>
 	</tr>
+
 	{% set i = 0 %}
 	{% for player in players %}
 		{% set i = i + 1 %}
-		<tr bgcolor="{{ getStyle(i) }}">
-		{% if setting('core.account_country') %}
-			<td>{{ player.country_image|raw }}</td>
-		{% endif %}
-		{% if setting('core.online_outfit') %}
-			<td width="5%"><img style="position:absolute;margin-top:{% if player.player.looktype in setting('core.outfit_images_wrong_looktypes') %}-20px;margin-left:-0px;{% else %}-45px;margin-left:-25px;{%  endif %}" src="{{ player.outfit }}" alt="player outfit"/></td>
-		{% endif %}
-			<td>{{ player.name|raw }}{{ player.skull }}</td>
-			<td>{{ player.level }}</td>
-			<td>{{ player.vocation }}</td>
+
+		<tr style="background: {{ getStyle(i) }}; text-align: right; height: 40px;">
+			{% if setting('core.account_country') %}
+				<td>{{ player.country_image|raw }}</td>
+			{% endif %}
+
+			{% if setting('core.online_outfit') %}
+				<td width="5%"><img style="position:absolute;margin-top:-48px;margin-left:-70px;" src="{{ player.outfit }}" alt="player outfit"/></td>
+			{% endif %}
+
+			<td style="width:70%; text-align:left">
+				{{ player.name|raw }}{{ player.skull }}
+			</td>
+			<td style="width:10%">{{ player.level }}</td>
+			<td style="width:20%">{{ player.vocation }}</td>
 		</tr>
 	{% endfor %}
 </table>
-{% endif %}
+{% endset %}
+{{ include('tables.headline.html.twig') }}

system/templates/success.html.twig

@@ -18,13 +18,14 @@
 {% else %}
 <div style="text-align:center">
 	<table border="0" cellspacing="0" cellpadding="0">
-		<form action="{{ getLink('account/manage') }}" method="post">
-			<tr>
-				<td style="border:0px;">
+		<tr>
+			<td style="border:0;">
+				<form action="{{ getLink('account/manage') }}" method="post">
+					{{ csrf() }}
 					{{ include('buttons.back.html.twig') }}
-				</td>
-			</tr>
-		</form>
+				</form>
+			</td>
+		</tr>
 	</table>
 </div>
 {% endif %}

system/templates/tinymce.html.twig

@@ -8,7 +8,7 @@
 			selector: "#editor",
 			content_css: '{{ constant('ADMIN_URL') }}template/style.css',
 			theme: "silver",
-			plugins: 'preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap pagebreak nonbreaking anchor insertdatetime advlist lists wordcount help code emoticons',
+			plugins: 'preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media codesample table charmap pagebreak nonbreaking anchor insertdatetime advlist lists wordcount help code emoticons',
 			toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | emoticons link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
 			resize: 'both',
 			image_advtab: true,
@@ -23,6 +23,8 @@
 				{title: 'Colored Table', value: 'myaac-table'},
 			],
 
+			license_key: 'gpl',
+
 			setup: function (ed) {
 				ed.on('NodeChange', function (e) {
 					if (ed.getContent() !== lastContent) {

system/twig.php

@@ -36,7 +36,11 @@ $twig->addExtension(new MyAAC\Twig\Extension\TypeCastingExtension());
 
 $filter = new TwigFilter('timeago', function ($datetime) {
 
-	$time = time() - strtotime($datetime);
+	if (!is_int($datetime)) {
+		$datetime = strtotime($datetime);
+	}
+
+	$time = time() - $datetime;
 
 	$units = array (
 		31536000 => 'year',
@@ -152,3 +156,5 @@ $twig->addFilter($filter);
 unset($function, $filter);
 
 $hooks->trigger(HOOK_TWIG, ['twig' => $twig, 'twig_loader' => $twig_loader]);
+
+$twig->addGlobal('cache', $cache);

templates/kathrine/config.php

@@ -1,12 +1,18 @@
 <?php
 $config['menu_default_links_color'] = '#ffffff';
 
-$config['menu_categories'] = array(
-	MENU_CATEGORY_NEWS => array('id' => 'news', 'name' => 'Latest News'),
-	MENU_CATEGORY_ACCOUNT => array('id' => 'account', 'name' => 'Account'),
-	MENU_CATEGORY_COMMUNITY => array('id' => 'community', 'name' => 'Community'),
-	MENU_CATEGORY_LIBRARY => array('id' => 'library', 'name' => 'Library'),
-	MENU_CATEGORY_SHOP => array('id' => 'shops', 'name' => 'Shop')
-);
+// max 7 menus for kathrine
+$config['menu_categories'] = [
+	MENU_CATEGORY_NEWS => ['id' => 'news', 'name' => 'Latest News'],
+	// you can add custom menu by uncommenting this
+	// after doing it, go to admin panel -> Menus and add your entries for this category
+	// tip: you can move it up/down to show it on specific position
+	//7 => array('id' => 'testing', 'name' => 'Test Menu 1'),
+	//8 => array('id' => 'testing2', 'name' => 'Test Menu 2'),
+	MENU_CATEGORY_ACCOUNT => ['id' => 'account', 'name' => 'Account'],
+	MENU_CATEGORY_COMMUNITY => ['id' => 'community', 'name' => 'Community'],
+	MENU_CATEGORY_LIBRARY => ['id' => 'library', 'name' => 'Library'],
+	MENU_CATEGORY_SHOP => ['id' => 'shops', 'name' => 'Shop']
+];
 
 $config['menus'] = require __DIR__ . '/menus.php';

templates/kathrine/javascript.php

@@ -1,42 +1,40 @@
 <?php
-$menus = get_template_menus();
-
-function get_template_pages($category) {
+function get_template_pages($category): array
+{
 	global $menus;
 
 	$ret = array();
-	foreach($menus[$category] as $menu) {
+	foreach($menus[$category] ?? [] as $menu) {
 		$ret[] = $menu['link'];
 	}
 
 	return $ret;
 }
 ?>
-var category = '<?php
-if(strpos(URI, 'subtopic=') !== false) {
-	$tmp = array($_REQUEST['subtopic']);
+let category = '<?php
+if(str_contains(URI, 'subtopic=')) {
+	$tmp = [$_REQUEST['subtopic']];
 }
 else {
 	$tmp = URI;
 	if(empty($tmp)) {
-		$tmp = array('news');
+		$tmp = ['news'];
 	}
 	else {
 		$tmp = explode('/', URI);
 	}
 }
 
-if(in_array($tmp[0], get_template_pages(MENU_CATEGORY_NEWS)))
-	echo 'news';
-elseif(in_array($tmp[0], get_template_pages(MENU_CATEGORY_LIBRARY)))
-	echo 'library';
-elseif(in_array($tmp[0], get_template_pages(MENU_CATEGORY_COMMUNITY)))
-	echo 'community';
-elseif(in_array($tmp[0], array_merge(get_template_pages(MENU_CATEGORY_ACCOUNT), array('account'))))
-	echo 'account';
-elseif(in_array($tmp[0], get_template_pages(MENU_CATEGORY_SHOP)))
-	echo 'shops';
-else {
-	echo 'news';
+foreach (config('menu_categories') as $id => $info) {
+	$templatePages = get_template_pages($id);
+
+	if ($id == MENU_CATEGORY_ACCOUNT) {
+		$templatePages = array_merge($templatePages, ['account']);
+	}
+
+	if (in_array($tmp[0], $templatePages)) {
+		echo $info['id'];
+		break;
+	}
 }
 ?>';

templates/kathrine/menu.js.html.twig

@@ -1,10 +1,10 @@
 var list = new Array();
 {% set i = 0 %}
-{% for cat in categories %}
-	{% if cat.id != 'shops' or setting('core.gifts_system') %}
-	list[{{ i }}] = '{{ cat.id }}';
+{% for id, cat in config('menu_categories') %}
+	{% if (cat.id != 'shops' or setting('core.gifts_system')) and menus[id]|length > 0 %}
+		list[{{ i }}] = '{{ cat.id }}';
+		{% set i = i + 1 %}
 	{% endif %}
-{% set i = i + 1 %}
 {% endfor %}
 
 function initMenu()

templates/kathrine/style.css

@@ -27,11 +27,13 @@ body
 
 #tabs
 {
-	width: 580px;
+	width: 99%;
 	height: 32px;
 	background: url('images/tabs-bg.png') no-repeat;
-	float: left;
 	padding-left: 200px;
+	position: relative;
+	display: inline-flex;
+	right: 0;
 }
 
 	#tabs .tab
@@ -453,6 +455,27 @@ a:hover
   white-space: nowrap;
   vertical-align: top;
 }
+.LabelV120 {
+	font-weight: bold;
+	padding-right: 10px;
+	white-space: nowrap;
+	vertical-align: top;
+	width: 120px;
+}
+.LabelV150 {
+	font-weight: bold;
+	padding-right: 10px;
+	white-space: nowrap;
+	vertical-align: top;
+	width: 150px;
+}
+.LabelV200 {
+	font-weight: bold;
+	padding-right: 10px;
+	white-space: nowrap;
+	vertical-align: top;
+	width: 200px;
+}
 .LabelH {
   font-weight: bold;
   padding-right: 10px;

templates/kathrine/template.php

@@ -8,7 +8,9 @@ defined('MYAAC') or die('Direct access not allowed!');
 		<link rel="stylesheet" href="<?php echo $template_path; ?>/style.css" type="text/css" />
 		<script type="text/javascript">
 			<?php
-				$twig->display('menu.js.html.twig', array('categories' => $config['menu_categories']));
+				$menus = get_template_menus();
+
+				$twig->display('menu.js.html.twig', ['menus' => $menus]);
 			?>
 		</script>
 		<script type="text/javascript" src="tools/basic.js"></script>
@@ -28,11 +30,24 @@ defined('MYAAC') or die('Direct access not allowed!');
 			<div id="header"></div>
 			<!-- End -->
 
+			<!-- Custom Style for #tabs -->
+			<?php
+			$menusCount = count($menus);
+			$tabsStyle = '';
+			if ($menusCount > 6) {
+				$tabsStyle .= 'padding-left: 4px;';
+				$tabsStyle .= 'padding-right: 12px;';
+			}
+			elseif ($menusCount > 5) {
+				$tabsStyle .= 'padding-left: 90px;';
+			}
+			?>
+
 			<!-- Menu Section -->
-			<div id="tabs">
+			<div id="tabs" style="<?= $tabsStyle; ?>">
 				<?php
 				foreach($config['menu_categories'] as $id => $cat) {
-					if($id != MENU_CATEGORY_SHOP || $config['gifts_system']) { ?>
+					if (($id != MENU_CATEGORY_SHOP || $config['gifts_system']) && isset($menus[$id])) { ?>
 				<span id="<?php echo $cat['id']; ?>" onclick="menuSwitch('<?php echo $cat['id']; ?>');"><?php echo $cat['name']; ?></span>
 				<?php
 					}

templates/tibiacom/account.management.html.twig

@@ -11,13 +11,14 @@
 					<td width="100%"></td>
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0" >
-							<form action="{{ getLink('account/logout') }}" method="post" >
-								<tr>
-									<td style="border:0px;">
+							<tr>
+								<td style="border:0;">
+									<form action="{{ getLink('account/logout') }}" method="post" >
+										{{ csrf() }}
 										{{ include('buttons.logout.html.twig') }}
-									</td>
-								</tr>
-							</form>
+									</form>
+								</td>
+							</tr>
 						</table>
 					</td>
 				</tr>
@@ -59,13 +60,14 @@
 			</table>
 			<div style="text-align:center">
 				<table border="0" cellspacing="0" cellpadding="0" style="margin-left: auto; margin-right: auto;">
-					<form action="{{ getLink('account/register') }}" method="post">
-						<tr>
-							<td style="border:0;">
+					<tr>
+						<td style="border:0;">
+							<form action="{{ getLink('account/register') }}" method="post">
+								{{ csrf() }}
 								{{ include('buttons.register_account.html.twig') }}
-							</td>
-						</tr>
-					</form>
+							</form>
+						</td>
+					</tr>
 				</table>
 			</div>
 		</div>
@@ -94,13 +96,14 @@
 			</table>
 			<div style="text-align:center">
 				<table border="0" cellspacing="0" cellpadding="0">
-					<form action="{{ getLink('account/change-email') }}" method="post">
-						<tr>
-							<td style="border:0px;">
+					<tr>
+						<td style="border:0;">
+							<form action="{{ getLink('account/change-email') }}" method="post">
+								{{ csrf() }}
 								{{ include('buttons.edit.html.twig') }}
-							</td>
-						</tr>
-					</form>
+							</form>
+						</td>
+					</tr>
 				</table>
 			</div>
 		</div>
@@ -177,26 +180,29 @@
 				<tr>
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
-							<form action="{{ getLink('account/change-password') }}" method="post">
-								<tr>
-									<td style="border:0px;" >
+							<tr>
+								<td style="border:0;" >
+									<form action="{{ getLink('account/change-password') }}" method="post">
+										{{ csrf() }}
 										{{ include('buttons.change_password.html.twig') }}
-									</td>
-								</tr>
-							</form>
+									</form>
+								</td>
+							</tr>
 						</table>
 					</td>
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
-							<form action="{{ getLink('account/change-email') }}" method="post">
-								<tr>
-									<td style="border:0px;">
+							<tr>
+								<td style="border:0;">
+									<form action="{{ getLink('account/change-email') }}" method="post">
+										{{ csrf() }}
+
 										<input type="hidden" name="newemail" value=""/>
 										<input type="hidden" name="newemaildate" value="0">
 										{{ include('buttons.change_email.html.twig') }}
-									</td>
-								</tr>
-							</form>
+									</form>
+								</td>
+							</tr>
 						</table>
 					</td>
 					<td width="100%"></td>
@@ -204,13 +210,14 @@
 					{% if recovery_key is empty %}
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
-							<form action="{{ getLink('account/register') }}" method="post">
-								<tr>
-									<td style="border:0px;">
+							<tr>
+								<td style="border:0;">
+									<form action="{{ getLink('account/register') }}" method="post">
+										{{ csrf() }}
 										{{ include('buttons.register_account.html.twig') }}
-									</td>
-								</tr>
-							</form>
+									</form>
+								</td>
+							</tr>
 						</table>
 					</td>
 					{% endif %}
@@ -258,13 +265,14 @@
 							</td>
 							<td align=right>
 								<table border="0" cellspacing="0" cellpadding="0">
-									<form action="{{ getLink('account/change-info') }}" method="post">
-										<tr>
-											<td style="border:0px;">
+									<tr>
+										<td style="border:0;">
+											<form action="{{ getLink('account/change-info') }}" method="post">
+												{{ csrf() }}
 												{{ include('buttons.edit.html.twig') }}
-											</td>
-										</tr>
-									</form>
+											</form>
+										</td>
+									</tr>
 								</table>
 							</td>
 						</tr>
@@ -398,8 +406,9 @@
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0" >
 							<tr>
-								<td style="border:0px;">
+								<td style="border:0;">
 									<form action="{{ getLink('account/characters/create') }}" method="post" >
+										{{ csrf() }}
 										{{ include('buttons.create_character.html.twig') }}
 									</form>
 								</td>
@@ -410,8 +419,9 @@
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0" >
 							<tr>
-								<td style="border:0px;">
+								<td style="border:0;">
 									<form action="{{ getLink('account/characters/change-name') }}" method="post" >
+										{{ csrf() }}
 										{{ include('buttons.change_name.html.twig') }}
 									</form>
 								</td>
@@ -423,8 +433,9 @@
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0" >
 							<tr>
-								<td style="border:0px;">
+								<td style="border:0;">
 									<form action="{{ getLink('account/characters/change-sex') }}" method="post">
+										{{ csrf() }}
 										{{ include('buttons.change_sex.html.twig') }}
 									</form>
 								</td>
@@ -436,8 +447,9 @@
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
 							<tr>
-								<td style="border: 0px;">
+								<td style="border: 0;">
 									<form action="{{ getLink('account/characters/delete') }}" method="post">
+										{{ csrf() }}
 										{{ include('buttons.delete_character.html.twig') }}
 									</form>
 								</td>
@@ -451,4 +463,7 @@
 </table>
 {% endset %}
 {% include 'tables.headline.html.twig' %}
-<br/><br/>
+<br/>
+{{ hook('HOOK_ACCOUNT_MANAGE_AFTER_CHARACTERS') }}
+
+<br/>

templates/tibiacom/basic.css

@@ -1446,6 +1446,27 @@ img {
   white-space: nowrap;
   vertical-align: top;
 }
+.LabelV120 {
+	font-weight: bold;
+	padding-right: 10px;
+	white-space: nowrap;
+	vertical-align: top;
+	width: 120px;
+}
+.LabelV150 {
+	font-weight: bold;
+	padding-right: 10px;
+	white-space: nowrap;
+	vertical-align: top;
+	width: 150px;
+}
+.LabelV200 {
+	font-weight: bold;
+	padding-right: 10px;
+	white-space: nowrap;
+	vertical-align: top;
+	width: 200px;
+}
 .LabelH {
   font-weight: bold;
   padding-right: 10px;

templates/tibiacom/boxes/templates/poll.html.twig

@@ -1,6 +1,6 @@
 <div id="CurrentPollBox" class="Themebox" style="background-image:url({{ template_path }}/images/themeboxes/current-poll/currentpollbox.gif);">
 	<div id="CurrentPollText">{{ poll.question }}</div>
-	<a class="ThemeboxButton" href="{{ getLink('polls') }}/{{ poll.id }}" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" style="background-image:url({{ template_path }}/images/global/buttons/sbutton.gif);"><div class="BigButtonOver" style="background-image:url({{ template_path }}/images/global/buttons/sbutton_over.gif);"></div><div class="ButtonText" style="background-image:url({{ template_path }}/images/global/buttons/_sbutton_votenow.gif);"></div>
+	<a class="ThemeboxButton" href="{{ getLink('polls') }}?ìd={{ poll.id }}" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" style="background-image:url({{ template_path }}/images/global/buttons/sbutton.gif);"><div class="BigButtonOver" style="background-image:url({{ template_path }}/images/global/buttons/sbutton_over.gif);"></div><div class="ButtonText" style="background-image:url({{ template_path }}/images/global/buttons/_sbutton_votenow.gif);"></div>
 	</a>
 	<div class="Bottom" style="background-image:url({{ template_path }}/images/general/box-bottom.gif);"></div>
 </div>

templates/tibiacom/index.php

@@ -454,7 +454,7 @@ foreach($config['menu_categories'] as $id => $cat) {
 
 			foreach($config['boxes'] as $box) {
 				/** @var string $template_name */
-				$file = TEMPLATES . $template_name . '/boxes/' . $box . '.php';
+				$file = __DIR__ . '/boxes/' . $box . '.php';
 				if(file_exists($file)) {
 					include($file); ?>
 				<?php

templates/tibiacom/success.html.twig

@@ -35,6 +35,7 @@
 		<tr>
 			<td style="border:0;">
 				<form action="{{ getLink('account/manage') }}" method="post">
+					{{ csrf() }}
 					{{ include('buttons.back.html.twig') }}
 				</form>
 			</td>