Add spomky-labs/otphp

Working two factor email authentication
Merge branch 'main' into feature/2fa
2025-09-14 20:43:34 +02:00 · 2025-09-14 13:01:51 +02:00 · 2025-09-14 11:38:01 +02:00 · 2025-09-14 09:53:34 +02:00 · 2025-08-12 14:36:29 +02:00 · 2025-07-05 08:20:58 +02:00
54 changed files with 1639 additions and 744 deletions
--- a/common.php
+++ b/common.php
@@ -27,7 +27,7 @@ if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is
 const MYAAC = true;
 const MYAAC_VERSION = '1.8.2-dev';
-const DATABASE_VERSION = 45;
+const DATABASE_VERSION = 46;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
--- a/composer.json
+++ b/composer.json
@@ -19,7 +19,8 @@
        "symfony/var-dumper": "^6.4",
        "filp/whoops": "^2.15",
        "maximebf/debugbar": "1.*",
-        "guzzlehttp/guzzle": "7.9.3"
+        "guzzlehttp/guzzle": "7.9.3",
        "spomky-labs/otphp": "^11.3"
    },
    "require-dev": {
        "phpstan/phpstan": "^1.10"
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "5317e97a5025ebc2a977214bd3fa964c",
+    "content-hash": "07419f6fe133f9bebc99557f3df843c8",
    "packages": [
        {
            "name": "brick/math",
@@ -1556,6 +1556,73 @@
            },
            "time": "2018-02-13T20:26:39+00:00"
        },
        {
            "name": "paragonie/constant_time_encoding",
            "version": "v3.0.0",
            "source": {
                "type": "git",
                "url": "https://github.com/paragonie/constant_time_encoding.git",
                "reference": "df1e7fde177501eee2037dd159cf04f5f301a512"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/paragonie/constant_time_encoding/zipball/df1e7fde177501eee2037dd159cf04f5f301a512",
                "reference": "df1e7fde177501eee2037dd159cf04f5f301a512",
                "shasum": ""
            },
            "require": {
                "php": "^8"
            },
            "require-dev": {
                "phpunit/phpunit": "^9",
                "vimeo/psalm": "^4|^5"
            },
            "type": "library",
            "autoload": {
                "psr-4": {
                    "ParagonIE\\ConstantTime\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Paragon Initiative Enterprises",
                    "email": "security@paragonie.com",
                    "homepage": "https://paragonie.com",
                    "role": "Maintainer"
                },
                {
                    "name": "Steve 'Sc00bz' Thomas",
                    "email": "steve@tobtu.com",
                    "homepage": "https://www.tobtu.com",
                    "role": "Original Developer"
                }
            ],
            "description": "Constant-time Implementations of RFC 4648 Encoding (Base-64, Base-32, Base-16)",
            "keywords": [
                "base16",
                "base32",
                "base32_decode",
                "base32_encode",
                "base64",
                "base64_decode",
                "base64_encode",
                "bin2hex",
                "encoding",
                "hex",
                "hex2bin",
                "rfc4648"
            ],
            "support": {
                "email": "info@paragonie.com",
                "issues": "https://github.com/paragonie/constant_time_encoding/issues",
                "source": "https://github.com/paragonie/constant_time_encoding"
            },
            "time": "2024-05-08T12:36:18+00:00"
        },
        {
            "name": "peppeocchi/php-cron-scheduler",
            "version": "v4.0",
@@ -2102,6 +2169,88 @@
            },
            "time": "2019-03-08T08:55:37+00:00"
        },
        {
            "name": "spomky-labs/otphp",
            "version": "11.3.0",
            "source": {
                "type": "git",
                "url": "https://github.com/Spomky-Labs/otphp.git",
                "reference": "2d8ccb5fc992b9cc65ef321fa4f00fefdb3f4b33"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/Spomky-Labs/otphp/zipball/2d8ccb5fc992b9cc65ef321fa4f00fefdb3f4b33",
                "reference": "2d8ccb5fc992b9cc65ef321fa4f00fefdb3f4b33",
                "shasum": ""
            },
            "require": {
                "ext-mbstring": "*",
                "paragonie/constant_time_encoding": "^2.0 || ^3.0",
                "php": ">=8.1",
                "psr/clock": "^1.0",
                "symfony/deprecation-contracts": "^3.2"
            },
            "require-dev": {
                "ekino/phpstan-banned-code": "^1.0",
                "infection/infection": "^0.26|^0.27|^0.28|^0.29",
                "php-parallel-lint/php-parallel-lint": "^1.3",
                "phpstan/phpstan": "^1.0",
                "phpstan/phpstan-deprecation-rules": "^1.0",
                "phpstan/phpstan-phpunit": "^1.0",
                "phpstan/phpstan-strict-rules": "^1.0",
                "phpunit/phpunit": "^9.5.26|^10.0|^11.0",
                "qossmic/deptrac-shim": "^1.0",
                "rector/rector": "^1.0",
                "symfony/phpunit-bridge": "^6.1|^7.0",
                "symplify/easy-coding-standard": "^12.0"
            },
            "type": "library",
            "autoload": {
                "psr-4": {
                    "OTPHP\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Florent Morselli",
                    "homepage": "https://github.com/Spomky"
                },
                {
                    "name": "All contributors",
                    "homepage": "https://github.com/Spomky-Labs/otphp/contributors"
                }
            ],
            "description": "A PHP library for generating one time passwords according to RFC 4226 (HOTP Algorithm) and the RFC 6238 (TOTP Algorithm) and compatible with Google Authenticator",
            "homepage": "https://github.com/Spomky-Labs/otphp",
            "keywords": [
                "FreeOTP",
                "RFC 4226",
                "RFC 6238",
                "google authenticator",
                "hotp",
                "otp",
                "totp"
            ],
            "support": {
                "issues": "https://github.com/Spomky-Labs/otphp/issues",
                "source": "https://github.com/Spomky-Labs/otphp/tree/11.3.0"
            },
            "funding": [
                {
                    "url": "https://github.com/Spomky",
                    "type": "github"
                },
                {
                    "url": "https://www.patreon.com/FlorentMorselli",
                    "type": "patreon"
                }
            ],
            "time": "2024-06-12T11:22:32+00:00"
        },
        {
            "name": "symfony/console",
            "version": "v6.4.17",
--- a/install/includes/schema.sql
+++ b/install/includes/schema.sql
@@ -10,6 +10,15 @@ CREATE TABLE `myaac_account_actions`
 	KEY (`account_id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_account_email_codes`
 (
 	`id` int(11) NOT NULL AUTO_INCREMENT,
 	`account_id` int NOT NULL,
 	`code` varchar(6) NOT NULL,
 	`created_at` int NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_admin_menu`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
--- a/system/migrations/46-account_email_codes.sql
+++ b/system/migrations/46-account_email_codes.sql
@@ -0,0 +1,8 @@
 CREATE TABLE `myaac_account_email_codes`
 (
 	`id` int(11) NOT NULL AUTO_INCREMENT,
 	`account_id` int NOT NULL,
 	`code` varchar(6) NOT NULL,
 	`created_at` int NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
--- a/system/migrations/46.php
+++ b/system/migrations/46.php
@@ -0,0 +1,27 @@
 <?php
 // add the myaac_account_email_codes
 /**
 * @var OTS_DB_MySQL $db
 */
 $up = function () use ($db) {
 	if (!$db->hasColumn('accounts', '2fa_type')) {
 		$db->addColumn('accounts', '2fa_type', "tinyint NOT NULL DEFAULT 0 AFTER `web_flags`");
 	}
 	// add myaac_account_email_codes table
 	if (!$db->hasTable(TABLE_PREFIX . 'account_email_codes')) {
 		$db->exec(file_get_contents(__DIR__ . '/46-account_email_codes.sql'));
 	}
 };
 $down = function () use ($db) {
 	if ($db->hasColumn('accounts', '2fa_type')) {
 		$db->dropColumn('accounts', '2fa_type');
 	}
 	//if ($db->hasTable(TABLE_PREFIX . 'account_email_codes')) {
 	//	$db->dropTable(TABLE_PREFIX . 'account_email_codes');
 	//}
 };
--- a/system/pages/account/2fa.php
+++ b/system/pages/account/2fa.php
@@ -0,0 +1,124 @@
 <?php
 /**
 * 2-factor authentication
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\TwoFactorAuth\TwoFactorAuth;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Two Factor Authentication';
 require __DIR__ . '/base.php';
 csrfProtect();
 /**
 * @var OTS_Account $account_logged
 */
 $step = $_REQUEST['step'] ?? '';
 $code = $_REQUEST['auth-code'] ?? '';
 if ((!setting('core.mail_enabled')) && ACTION == 'email-code') {
 	$twig->display('error_box.html.twig',  ['errors' => ['Account two-factor e-mail authentication disabled.']]);
 	return;
 }
 if (!isset($account_logged) || !$account_logged->isLoaded()) {
 	$current_session = getSession('account');
 	if($current_session) {
 		$account_logged = new OTS_Account();
 		$account_logged->load($current_session);
 	}
 }
 $twoFactorAuth = TwoFactorAuth::getInstance($account_logged);
 $twig->addGlobal('account_logged', $account_logged);
 if (ACTION == 'email-code') {
 	if ($step == 'resend') {
 		if ($twoFactorAuth->hasRecentEmailCode(15 * 60)) {
 			$errors = ['Sorry, one email per 15 minutes'];
 		}
 		else {
 			$twoFactorAuth->resendEmailCode();
 		}
 		if (!empty($errors)) {
 			$twig->display('error_box.html.twig',  ['errors' => $errors]);
 		}
 		$twig->display('account.2fa.email.login.html.twig');
 	}
 	else if ($step == 'activate') {
 		if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
 			$twoFactorAuth->resendEmailCode();
 		}
 		if (isset($_POST['save'])) {
 			if (!empty($code)) {
 				$twoFactorAuth->setAuthGateway(TwoFactorAuth::TYPE_EMAIL);
 				if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
 					$serverName = configLua('serverName');
 					$twoFactorAuth->enable(TwoFactorAuth::TYPE_EMAIL);
 					$twoFactorAuth->deleteOldCodes();
 					$twig->display('success.html.twig', [
 						'title' => 'Email Code Authentication Activated',
 						'description' => sprintf('You have successfully activated <b>email code authentication</b> for your account. This means an <b>email code</b> will be sent to the email address assigned to your account whenever you try to log in to the %s client or the %s website. In order to log in, you will need to enter the <b>most recent email code</b> you have received.', $serverName, $serverName)
 					]);
 					return;
 				}
 				else {
 					$errors[] = 'Invalid email code!';
 				}
 			}
 		}
 		if (!empty($errors)) {
 			$twig->display('error_box.html.twig', ['errors' => $errors]);
 		}
 		$twig->display('account.2fa.email_code.html.twig', ['wrongCode' => count($errors) > 0]);
 	}
 	else if ($step == 'deactivate') {
 		//if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
 		//	$twoFactorAuth->resendEmailCode();
 		//}
 		/*if (isset($_POST['save'])) {
 			if (!empty($code)) {
 				if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
 */
 					$twoFactorAuth->disable();
 					$twoFactorAuth->deleteOldCodes();
 					$twig->display('success.html.twig',
 						[
 							'title' => 'Email Code Authentication Deactivated',
 							'description' => 'You have successfully <b>deactivated</b> the <b>Email Code Authentication</b> for your account.'
 						]
 					);
 					/*
 				}
 				else {
 					$errors[] = 'Invalid email code!';
 				}
 			}
 		}*/
 		/*
 		if (!empty($errors)) {
 			$twig->display('error_box.html.twig', ['errors' => $errors]);
 		}
 		$twig->display('account.2fa.email.deactivate.html.twig', ['wrongCode' => count($errors) > 0]);
 		*/
 	}
 }
--- a/system/pages/account/base.php
+++ b/system/pages/account/base.php
@@ -17,6 +17,10 @@ if(!$logged)
 	if(!empty($errors))
 		$twig->display('error_box.html.twig', array('errors' => $errors));
 	if (defined('HIDE_LOGIN_BOX') && HIDE_LOGIN_BOX) {
 		return;
 	}
 	$twig->display('account.login.html.twig', array(
 		'redirect' => $_REQUEST['redirect'] ?? null,
 		'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
--- a/system/pages/account/login.php
+++ b/system/pages/account/login.php
@@ -10,6 +10,7 @@
 */
 use MyAAC\RateLimit;
 use MyAAC\TwoFactorAuth\TwoFactorAuth;
 defined('MYAAC') or die('Direct access not allowed!');
@@ -50,8 +51,14 @@ if(!empty($login_account) && !empty($login_password))
 		if (setting('core.account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) {
 			$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.';
 		} else {
 			session_regenerate_id();
 			setSession('account', $account_logged->getId());
 			$twoFactorAuth = TwoFactorAuth::getInstance($account_logged);
 			if (!$twoFactorAuth->process($login_account, $login_password, $remember_me, $_POST['auth-code'] ?? '')) {
 				return;
 			}
 			session_regenerate_id();
 			setSession('password', encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password));
 			if($remember_me) {
 				setSession('remember_me', true);
--- a/system/pages/account/lost.php
+++ b/system/pages/account/lost.php
@@ -9,11 +9,540 @@
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = 'Lost Account';
+$title = 'Lost Account Interface';
-if(!setting('core.mail_enabled')) {
+if(!setting('core.mail_enabled'))
-	echo "<b>Account maker is not configured to send e-mails, you can't use Lost Account Interface. Contact with admin to get help.</b>";
+{
 	echo '<b>Account maker is not configured to send e-mails, you can\'t use Lost Account Interface. Contact with admin to get help.</b>';
 	return;
 }
-$twig->display('account/lost/form.html.twig');
+$action_type = isset($_REQUEST['action_type']) ? $_REQUEST['action_type'] : '';
 if($action == '')
 {
 	$twig->display('account.lost.form.html.twig');
 }
 else if($action == 'step1' && $action_type == '') {
 	$twig->display('account.lost.noaction.html.twig');
 }
 elseif($action == 'step1' && $action_type == 'email')
 {
 	$nick = stripslashes($_REQUEST['nick']);
 	if(Validator::characterName($nick))
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($nick);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			if($account->getCustomField('email_next') < time())
 				echo 'Please enter e-mail to account with this character.<BR>
 				<form action="' . getLink('account/lost') . '?action=sendcode" method=post>
 				<input type=hidden name="character">
 				<table cellspacing=1 cellpadding=4 border=0 width=100%>
 				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter e-mail to account</B></TD></TR>
 				<TR><TD BGCOLOR="'.$config['darkborder'].'">
 				Character: <INPUT TYPE=text NAME="nick" VALUE="'.$nick.'" SIZE="40" readonly="readonly"><BR>
 				E-mail to account:<INPUT TYPE=text NAME="email" VALUE="" SIZE="40"><BR>
 				</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				' . $twig->render('buttons.submit.html.twig') . '</div>
 				</TD></TR></FORM></TABLE></TABLE>';
 			else
 			{
 				$insec = (int)$account->getCustomField('email_next') - time();
 				$minutesleft = floor($insec / 60);
 				$secondsleft = $insec - ($minutesleft * 60);
 				$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';
 				echo 'Account of selected character (<b>'.$nick.'</b>) received e-mail in last '.ceil(setting('core.mail_lost_account_interval') / 60).' minutes. You must wait '.$timeleft.' before you can use Lost Account Interface again.';
 			}
 		}
 		else
 			echo 'Player or account of player <b>' . $nick . '</b> doesn\'t exist.';
 	}
 	else
 		echo 'Invalid player name format. If you have other characters on account try with other name.';
 	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<a href="' . getLink('account/lost') . '" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'sendcode')
 {
 	$email = $_REQUEST['email'];
 	$nick = stripslashes($_REQUEST['nick']);
 	if(Validator::characterName($nick))
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($nick);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			if($account->getCustomField('email_next') < time())
 			{
 				if($account->getEMail() == $email)
 				{
 					$newcode = generateRandomString(30, true, false, true);
 					$mailBody = '
 					You asked to reset your ' . $config['lua']['serverName'] . ' password.<br/>
 					<p>Account name: '.$account->getName().'</p>
 					<br />
 					To do so, please click this link:
 					<p><a href="' . getLink('account/lost') . '?action=checkcode&code='.$newcode.'&character='.urlencode($nick).'">' . getLink('account/lost') . '?action=checkcode&code='.$newcode.'&character='.urlencode($nick).'</a></p>
 					<p>or open page: <i>' . getLink('account/lost') . '?action=checkcode</i> and in field "code" write <b>'.$newcode.'</b></p>
 					<br/>
 						<p>If you did not request a password change, you may ignore this message and your password will remain unchanged.';
 					$account_mail = $account->getCustomField('email');
 					if(_mail($account_mail, $config['lua']['serverName'].' - Recover your account', $mailBody))
 					{
 						$account->setCustomField('email_code', $newcode);
 						$account->setCustomField('email_next', (time() + setting('core.mail_lost_account_interval')));
 						echo '<br />Details about steps required to recover your account has been sent to <b>' . $account_mail . '</b>. You should receive this email within 15 minutes. Please check your inbox/spam directory.';
 					}
 					else
 					{
 						$account->setCustomField('email_next', (time() + 60));
 						echo '<br /><p class="error">An error occurred while sending email! Try again later or contact with admin. For Admin: More info can be found in system/logs/mailer-error.log</p>';
 					}
 				}
 				else
 					echo 'Invalid e-mail to account of character <b>'.$nick.'</b>. Try again.';
 			}
 			else
 			{
 				$insec = (int)$account->getCustomField('email_next') - time();
 				$minutesleft = floor($insec / 60);
 				$secondsleft = $insec - ($minutesleft * 60);
 				$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';
 				echo 'Account of selected character (<b>'.$nick.'</b>) received e-mail in last '.ceil(setting('core.mail_lost_account_interval') / 60).' minutes. You must wait '.$timeleft.' before you can use Lost Account Interface again.';
 			}
 		}
 		else
 			echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
 	}
 	else
 		echo 'Invalid player name format. If you have other characters on account try with other name.';
 	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<a href="' . getLink('account/lost') . '?action=step1&action_type=email&nick='.urlencode($nick).'" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'step1' && $action_type == 'reckey')
 {
 	$nick = stripslashes($_REQUEST['nick']);
 	if(Validator::characterName($nick))
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($nick);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			$account_key = $account->getCustomField('key');
 			if(!empty($account_key))
 			{
 						echo 'If you enter right recovery key you will see form to set new e-mail and password to account. To this e-mail will be send your new password and account name.<BR>
 						<FORM ACTION="' . getLink('account/lost') . '?action=step2" METHOD=post>
 						<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 						<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter your recovery key</B></TD></TR>
 						<TR><TD BGCOLOR="'.$config['darkborder'].'">
 						Character name:&nbsp;<INPUT TYPE=text NAME="nick" VALUE="'.$nick.'" SIZE="40" readonly="readonly"><BR />
 						Recovery key:&nbsp;&nbsp;&nbsp;&nbsp;<INPUT TYPE=text NAME="key" VALUE="" SIZE="40"><BR>
 						</TD></TR>
 						</TABLE>
 						<BR>
 						<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 						' . $twig->render('buttons.submit.html.twig') . '</div>
 						</TD></TR></FORM></TABLE></TABLE>';
 			}
 			else
 				echo 'Account of this character has no recovery key!';
 		}
 		else
 			echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
 	}
 	else
 		echo 'Invalid player name format. If you have other characters on account try with other name.';
 	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<a href="' . getLink('account/lost') . '" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'step2')
 {
 	$rec_key = trim($_REQUEST['key']);
 	$nick = stripslashes($_REQUEST['nick']);
 	if(Validator::characterName($nick))
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($nick);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			$account_key = $account->getCustomField('key');
 			if(!empty($account_key))
 			{
 				if($account_key == $rec_key)
 				{
 					echo '<script type="text/javascript">
 					function validate_required(field,alerttxt)
 					{
 					with (field)
 					{
 					if (value==null||value==""||value==" ")
 					  {alert(alerttxt);return false;}
 					else {return true}
 					}
 					}
 					function validate_email(field,alerttxt)
 					{
 					with (field)
 					{
 					apos=value.indexOf("@");
 					dotpos=value.lastIndexOf(".");
 					if (apos<1||dotpos-apos<2)
 					  {alert(alerttxt);return false;}
 					else {return true;}
 					}
 					}
 					function validate_form(thisform)
 					{
 					with (thisform)
 					{
 					if (validate_required(email,"Please enter your e-mail!")==false)
 					  {email.focus();return false;}
 					if (validate_email(email,"Invalid e-mail format!")==false)
 					  {email.focus();return false;}
 					if (validate_required(passor,"Please enter password!")==false)
 					  {passor.focus();return false;}
 					if (validate_required(passor2,"Please repeat password!")==false)
 					  {passor2.focus();return false;}
 					if (passor2.value!=passor.value)
 					  {alert(\'Repeated password is not equal to password!\');return false;}
 					}
 					}
 					</script>';
 					echo 'Set new password and e-mail to your account.<BR>
 					<FORM ACTION="' . getLink('account/lost') . '?action=step3" onsubmit="return validate_form(this)" METHOD=post>
 					<INPUT TYPE=hidden NAME="character" VALUE="">
 					<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 					<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter new password and e-mail</B></TD></TR>
 					<TR><TD BGCOLOR="'.$config['darkborder'].'">
 					Account of character:&nbsp;&nbsp;<INPUT TYPE=text NAME="nick" VALUE="'.$nick.'" SIZE="40" readonly="readonly"><BR />
 					New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<INPUT id="passor" TYPE=password NAME="passor" VALUE="" SIZE="40"><BR>
 					Repeat new password:&nbsp;&nbsp;<INPUT id="passor2" TYPE=password NAME="passor" VALUE="" SIZE="40"><BR>
 					New e-mail address:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<INPUT id="email" TYPE=text NAME="email" VALUE="" SIZE="40"><BR>
 					<INPUT TYPE=hidden NAME="key" VALUE="'.$rec_key.'">
 					</TD></TR>
 					</TABLE>
 					<BR>
 					<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 					' . $twig->render('buttons.submit.html.twig') . '</div>
 					</TD></TR></FORM></TABLE></TABLE>';
 				}
 				else
 					echo 'Wrong recovery key!';
 			}
 			else
 				echo 'Account of this character has no recovery key!';
 		}
 		else
 			echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
 	}
 	else
 		echo 'Invalid player name format. If you have other characters on account try with other name.';
 	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<a href="' . getLink('account/lost') . '?action=step1&action_type=reckey&nick='.urlencode($nick).'" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'step3')
 {
 	$rec_key = trim($_REQUEST['key']);
 	$nick = stripslashes($_REQUEST['nick']);
 	$new_pass = trim($_REQUEST['passor']);
 	$new_email = trim($_REQUEST['email']);
 	if(Validator::characterName($nick))
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($nick);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			$account_key = $account->getCustomField('key');
 			if(!empty($account_key))
 			{
 				if($account_key == $rec_key)
 				{
 					if(Validator::password($new_pass))
 					{
 						if(Validator::email($new_email))
 						{
 							$account->setEMail($new_email);
 							$tmp_new_pass = $new_pass;
 							if(USE_ACCOUNT_SALT)
 							{
 								$salt = generateRandomString(10, false, true, true);
 								$tmp_new_pass = $salt . $new_pass;
 							}
 							$account->setPassword(encrypt($tmp_new_pass));
 							$account->save();
 							if(USE_ACCOUNT_SALT)
 								$account->setCustomField('salt', $salt);
 							echo 'Your account name, new password and new e-mail.<BR>
 							<FORM ACTION="' . getLink('account/manage') . '" onsubmit="return validate_form(this)" METHOD=post>
 							<INPUT TYPE=hidden NAME="character" VALUE="">
 							<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 							<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Your account name, new password and new e-mail</B></TD></TR>
 							<TR><TD BGCOLOR="'.$config['darkborder'].'">
 							Account name:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>'.$account->getName().'</b><BR>
 							New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>'.$new_pass.'</b><BR>
 							New e-mail address:&nbsp;<b>'.$new_email.'</b><BR>';
 							if($account->getCustomField('email_next') < time())
 							{
 								$mailBody = '
 								<h3>Your account name and new password!</h3>
 								<p>Changed password and e-mail to your account in Lost Account Interface on server <a href="'.BASE_URL.'"><b>'.$config['lua']['serverName'].'</b></a></p>
 								<p>Account name: <b>'.$account->getName().'</b></p>
 								<p>New password: <b>'.$new_pass.'</b></p>
 								<p>E-mail: <b>'.$new_email.'</b> (this e-mail)</p>
 								<br />
 								<p><u>It\'s automatic e-mail from OTS Lost Account System. Do not reply!</u></p>';
 								if(_mail($account->getCustomField('email'), $config['lua']['serverName']." - New password to your account", $mailBody))
 								{
 									echo '<br /><small>Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!</small>';
 								}
 								else
 								{
 									echo '<br /><p class="error">An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
 								}
 							}
 							else
 							{
 								echo '<br /><small>You will not receive e-mail with this informations.</small>';
 							}
 							echo '<INPUT TYPE=hidden NAME="account_login" VALUE="'.$account->getId().'">
 							<INPUT TYPE=hidden NAME="password_login" VALUE="'.$new_pass.'">
 							</TD></TR></TABLE><BR>
 							<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 							<INPUT TYPE=image NAME="Login" ALT="Login" SRC="'.$template_path.'/images/global/buttons/sbutton_login.gif" BORDER=0 WIDTH=120 HEIGHT=18></div>
 							</TD></TR></FORM></TABLE></TABLE>';
 						}
 						else
 							echo Validator::getLastError();
 					}
 					else
 						echo Validator::getLastError();
 				}
 				else
 					echo 'Wrong recovery key!';
 			}
 			else
 				echo 'Account of this character has no recovery key!';
 		}
 		else
 			echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
 	}
 	else
 		echo 'Invalid player name format. If you have other characters on account try with other name.';
 	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<a href="' . getLink('account/lost') . '?action=step1&action_type=reckey&nick='.urlencode($nick).'" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'checkcode')
 {
 	$code = trim($_REQUEST['code']);
 	$character = stripslashes(trim($_REQUEST['character']));
 	if(empty($code) || empty($character))
 		echo 'Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
 				<FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
 				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & character name</B></TD></TR>
 				<TR><TD BGCOLOR="'.$config['darkborder'].'">
 				Your code:&nbsp;<INPUT TYPE=text NAME="code" VALUE="" SIZE="40")><BR />
 				Character:&nbsp;<INPUT TYPE=text NAME="character" VALUE="" SIZE="40")><BR />
 				</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				' . $twig->render('buttons.submit.html.twig') . '</div>
 				</TD></TR></FORM></TABLE></TABLE>';
 	else
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($character);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			if($account->getCustomField('email_code') == $code)
 			{
 				echo '<script type="text/javascript">
 				function validate_required(field,alerttxt)
 				{
 				with (field)
 				{
 				if (value==null||value==""||value==" ")
 				  {alert(alerttxt);return false;}
 				else {return true}
 				}
 				}
 				function validate_form(thisform)
 				{
 				with (thisform)
 				{
 				if (validate_required(passor,"Please enter password!")==false)
 				  {passor.focus();return false;}
 				if (validate_required(passor2,"Please repeat password!")==false)
 				  {passor2.focus();return false;}
 				if (passor2.value!=passor.value)
 				  {alert(\'Repeated password is not equal to password!\');return false;}
 				}
 				}
 				</script>
 				Please enter new password to your account and repeat to make sure you remember password.<BR>
 				<FORM ACTION="' . getLink('account/lost') . '?action=setnewpassword" onsubmit="return validate_form(this)" METHOD=post>
 				<INPUT TYPE=hidden NAME="character" VALUE="'.$character.'">
 				<INPUT TYPE=hidden NAME="code" VALUE="'.$code.'">
 				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & account name</B></TD></TR>
 				<TR><TD BGCOLOR="'.$config['darkborder'].'">
 				New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<INPUT TYPE=password ID="passor" NAME="passor" VALUE="" SIZE="40")><BR />
 				Repeat new password:&nbsp;<INPUT TYPE=password ID="passor2" NAME="passor2" VALUE="" SIZE="40")><BR />
 				</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				' . $twig->render('buttons.submit.html.twig') . '</div>
 				</TD></TR></FORM></TABLE></TABLE>';
 			}
 			else
 				$error= 'Wrong code to change password.';
 		}
 		else
 			$error = 'Account of this character or this character doesn\'t exist.';
 	}
 	if(!empty($error))
 				echo '<span style="color: red"><b>'.$error.'</b></span><br />Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
 				<FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
 				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & character name</B></TD></TR>
 				<TR><TD BGCOLOR="'.$config['darkborder'].'">
 				Your code:&nbsp;<INPUT TYPE=text NAME="code" VALUE="" SIZE="40")><BR />
 				Character:&nbsp;<INPUT TYPE=text NAME="character" VALUE="" SIZE="40")><BR />
 				</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				' . $twig->render('buttons.submit.html.twig') . '</div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'setnewpassword')
 {
 	$newpassword = $_REQUEST['passor'];
 	$code = $_REQUEST['code'];
 	$character = stripslashes($_REQUEST['character']);
 	echo '';
 	if(empty($code) || empty($character) || empty($newpassword))
 		echo '<span style="color: red"><b>Error. Try again.</b></span><br />Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
 				<BR><FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<INPUT TYPE=image NAME="Back" ALT="Back" SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" BORDER=0 WIDTH=120 HEIGHT=18></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 	else
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($character);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			if($account->getCustomField('email_code') == $code)
 			{
 				if(Validator::password($newpassword))
 				{
 					$tmp_new_pass = $newpassword;
 					if(USE_ACCOUNT_SALT)
 					{
 						$salt = generateRandomString(10, false, true, true);
 						$tmp_new_pass  = $salt . $newpassword;
 						$account->setCustomField('salt', $salt);
 					}
 					$account->setPassword(encrypt($tmp_new_pass ));
 					$account->save();
 					$account->setCustomField('email_code', '');
 					echo 'New password to your account is below. Now you can login.<BR>
 					<INPUT TYPE=hidden NAME="character" VALUE="'.$character.'">
 					<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 					<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Changed password</B></TD></TR>
 					<TR><TD BGCOLOR="'.$config['darkborder'].'">
 					New password:&nbsp;<b>'.$newpassword.'</b><BR />
 					Account name:&nbsp;&nbsp;&nbsp;<i>(Already on your e-mail)</i><BR />';
 					$mailBody = '
 					<h3>Your account name and password!</h3>
 					<p>Changed password to your account in Lost Account Interface on server <a href="'.BASE_URL.'"><b>'.$config['lua']['serverName'].'</b></a></p>
 					<p>Account name: <b>'.$account->getName().'</b></p>
 					<p>New password: <b>'.$newpassword.'</b></p>
 					<br />
 					<p><u>It\'s automatic e-mail from OTS Lost Account System. Do not reply!</u></p>';
 					if(_mail($account->getCustomField('email'), $config['lua']['serverName']." - Your new password", $mailBody))
 					{
 						echo '<br /><small>New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!';
 					}
 					else
 					{
 						echo '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
 					}
 				echo '</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<FORM ACTION="' . getLink('account/manage') . '" METHOD=post>
 				<INPUT TYPE=image NAME="Login" ALT="Login" SRC="'.$template_path.'/images/global/buttons/sbutton_login.gif" BORDER=0 WIDTH=120 HEIGHT=18></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 				}
 				else
 					$error= Validator::getLastError();
 			}
 			else
 				$error= 'Wrong code to change password.';
 		}
 		else
 			$error = 'Account of this character or this character doesn\'t exist.';
 	}
 	if(!empty($error))
 				echo '<span style="color: red"><b>'.$error.'</b></span><br />Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
 				<FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
 				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & character name</B></TD></TR>
 				<TR><TD BGCOLOR="'.$config['darkborder'].'">
 				Your code:&nbsp;<INPUT TYPE=text NAME="code" VALUE="" SIZE="40")><BR />
 				Character:&nbsp;<INPUT TYPE=text NAME="character" VALUE="" SIZE="40")><BR />
 				</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				' . $twig->render('buttons.submit.html.twig') . '</div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
--- a/system/pages/account/lost/check-code.php
+++ b/system/pages/account/lost/check-code.php
@@ -1,49 +0,0 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Lost Account';
 $code = isset($_REQUEST['code']) ? trim($_REQUEST['code']) : '';
 $character = isset($_REQUEST['character']) ? stripslashes(trim($_REQUEST['character'])) : '';
 if(empty($code) || empty($character))
 	$twig->display('account/lost/check-code.html.twig', [
 		'code' => $code,
 		'characters' => $character,
 	]);
 else
 {
 	$player = new OTS_Player();
 	$account = new OTS_Account();
 	$player->find($character);
 	if($player->isLoaded()) {
 		$account = $player->getAccount();
 	}
 	if($account->isLoaded()) {
 		if($account->getCustomField('email_code') == $code) {
 			$twig->display('account/lost/check-code.finish.html.twig', [
 				'character' => $character,
 				'code' => $code,
 			]);
 		}
 		else {
 			$error = 'Wrong code to change password.';
 		}
 	}
 	else {
 		$error = "Account of this character or this character doesn't exist.";
 	}
 }
 if(!empty($error)) {
 	$twig->display('error_box.html.twig', [
 		'errors' => [$error],
 	]);
 	echo '<br/>';
 	$twig->display('account/lost/check-code.html.twig', [
 	]);
 }
--- a/system/pages/account/lost/email/send-code.php
+++ b/system/pages/account/lost/email/send-code.php
@@ -1,61 +0,0 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Lost Account';
 $email = $_REQUEST['email'];
 $nick = stripslashes($_REQUEST['nick']);
 $player = new OTS_Player();
 $account = new OTS_Account();
 $player->find($nick);
 if($player->isLoaded()) {
 	$account = $player->getAccount();
 }
 if($account->isLoaded()) {
 	if($account->getCustomField('email_next') < time()) {
 		if($account->getEMail() == $email) {
 			$newCode = generateRandomString(30, true, false, true);
 			$mailBody = $twig->render('mail.account.lost.code.html.twig', [
 				'newCode' => $newCode,
 				'account' => $account,
 				'nick' => $nick,
 			]);
 			$accountEMail = $account->getCustomField('email');
 			if(_mail($accountEMail, configLua('serverName') . ' - Recover your account', $mailBody)) {
 				$account->setCustomField('email_code', $newCode);
 				$account->setCustomField('email_next', (time() + setting('core.mail_lost_account_interval')));
 				echo '<br />Details about steps required to recover your account has been sent to <b>' . $accountEMail . '</b>. You should receive this email within 15 minutes. Please check your inbox/spam directory.';
 			}
 			else {
 				$account->setCustomField('email_next', (time() + 60));
 				error('An error occurred while sending email! Try again later or contact with admin. For Admin: More info can be found in system/logs/mailer-error.log</p>');
 			}
 		}
 		else {
 			echo 'Invalid e-mail to account of character <b>' . htmlspecialchars($nick) . '</b>. Try again.';
 		}
 	}
 	else {
 		$inSec = (int)$account->getCustomField('email_next') - time();
 		$minutesLeft = floor($inSec / 60);
 		$secondsLeft = $inSec - ($minutesLeft * 60);
 		$timeLeft = $minutesLeft.' minutes '.$secondsLeft.' seconds';
 		$timeRounded = ceil(setting('core.mail_lost_account_interval') / 60);
 		echo "Account of selected character (<b>" . escapeHtml($nick) . "</b>) received e-mail in last $timeRounded minutes. You must wait $timeLeft before you can use Lost Account Interface again.";
 	}
 }
 else {
 	echo "Player or account of player <b>" . htmlspecialchars($nick) . "</b> doesn't exist.";
 }
 $twig->display('account.back_button.html.twig', [
 	'new_line' => true,
 	'center' => true,
 	'action' => getLink('account/lost') . '?action=step1&action_type=email&nick=' . urlencode($nick),
 ]);
--- a/system/pages/account/lost/email/set-new-password.php
+++ b/system/pages/account/lost/email/set-new-password.php
@@ -1,84 +0,0 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Lost Account';
 $newPassword = $_REQUEST['passor'];
 $code = $_REQUEST['code'];
 $character = stripslashes($_REQUEST['character']);
 if(empty($code) || empty($character) || empty($newPassword)) {
 	echo '<span style="color: red"><b>Error. Try again.</b></span><br/>Please enter code from e-mail and name of one character from account. Then press Submit.<br>';
 	$twig->display('account.back_button.html.twig', [
 		'new_line' => true,
 		'center' => true,
 		'action' => getLink('account/lost/check-code')
 	]);
 }
 else
 {
 	$player = new OTS_Player();
 	$account = new OTS_Account();
 	$player->find($character);
 	if($player->isLoaded()) {
 		$account = $player->getAccount();
 	}
 	if($account->isLoaded()) {
 		if($account->getCustomField('email_code') == $code) {
 			if(Validator::password($newPassword)) {
 				$tmp_new_pass = $newPassword;
 				if(USE_ACCOUNT_SALT) {
 					$salt = generateRandomString(10, false, true, true);
 					$tmp_new_pass  = $salt . $newPassword;
 					$account->setCustomField('salt', $salt);
 				}
 				$account->setPassword(encrypt($tmp_new_pass));
 				$account->save();
 				$account->setCustomField('email_code', '');
 				$mailBody = $twig->render('mail.account.lost.new-password.html.twig', [
 					'account' => $account,
 					'newPassword' => $newPassword,
 				]);
 				$statusMsg = '';
 				if(_mail($account->getCustomField('email'), configLua('serverName') . ' - Your new password', $mailBody)) {
 					$statusMsg = '<br /><small>New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!';
 				}
 				else {
 					$statusMsg = '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
 				}
 				$twig->display('account/lost/finish.new-password.html.twig', [
 					'statusMsg' => $statusMsg,
 					'newPassword' => $newPassword,
 				]);
 			}
 			else {
 				$error = Validator::getLastError();
 			}
 		}
 		else {
 			$error = 'Wrong code to change password.';
 		}
 	}
 	else {
 		$error = "Account of this character or this character doesn't exist.";
 	}
 }
 if(!empty($error)) {
 	$twig->display('error_box.html.twig', [
 		'errors' => [$error],
 	]);
 	echo '<br/>';
 	$twig->display('account/lost/check-code.html.twig', [
 		'code' => $code,
 		'character' => $character,
 	]);
 }
--- a/system/pages/account/lost/email/step-1.php
+++ b/system/pages/account/lost/email/step-1.php
@@ -1,30 +0,0 @@
 <?php
 $title = 'Lost Account';
 if($account->isLoaded()) {
 	if($account->getCustomField('email_next') < time()) {
 		$twig->display('account/lost/email.html.twig', [
 			'nick' => $nick,
 		]);
 	}
 	else {
 		$inSec = (int)$account->getCustomField('email_next') - time();
 		$minutesLeft = floor($inSec / 60);
 		$secondsLeft = $inSec - ($minutesLeft * 60);
 		$timeLeft = $minutesLeft.' minutes '.$secondsLeft.' seconds';
 		$timeRounded = ceil(setting('core.mail_lost_account_interval') / 60);
 		echo "Account of selected character (<b>" . escapeHtml($nick) . "</b>) received e-mail in last $timeRounded minutes. You must wait $timeLeft before you can use Lost Account Interface again.";
 	}
 }
 else {
 	echo "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
 }
 $twig->display('account.back_button.html.twig', [
 	'new_line' => true,
 	'center' => true,
 	'action' => getLink('account/lost'),
 ]);
--- a/system/pages/account/lost/recovery-key/step-1.php
+++ b/system/pages/account/lost/recovery-key/step-1.php
@@ -1,26 +0,0 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Lost Account';
 if($account->isLoaded()) {
 	$account_key = $account->getCustomField('key');
 	if(!empty($account_key)) {
 		$twig->display('account/lost/recovery-key.html.twig', [
 			'nick' => $nick,
 		]);
 	}
 	else {
 		echo 'Account of this character has no recovery key!';
 	}
 }
 else {
 	echo "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
 }
 $twig->display('account.back_button.html.twig', [
 	'new_line' => true,
 	'center' => true,
 	'action' => getLink('account/lost'),
 ]);
--- a/system/pages/account/lost/recovery-key/step-2.php
+++ b/system/pages/account/lost/recovery-key/step-2.php
@@ -1,40 +0,0 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Lost Account';
 $recKey = trim($_REQUEST['key']);
 $nick = stripslashes($_REQUEST['nick']);
 $player = new OTS_Player();
 $account = new OTS_Account();
 $player->find($nick);
 if($player->isLoaded()) {
 	$account = $player->getAccount();
 }
 if($account->isLoaded()) {
 	$accountKey = $account->getCustomField('key');
 	if(!empty($accountKey)) {
 		if($accountKey == $recKey) {
 			$twig->display('account/lost/step2.html.twig', [
 				'nick' => $nick,
 				'recKey' => $recKey,
 			]);
 		}
 		else {
 			echo 'Wrong recovery key!';
 		}
 	}
 	else {
 		echo 'Account of this character has no recovery key!';
 	}
 }
 else
 	echo "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
 $twig->display('account.back_button.html.twig', [
 	'new_line' => true,
 	'center' => true,
 	'action' => getLink('account/lost') . '?action=step1&action_type=reckey&nick=' . urlencode($nick),
 ]);
--- a/system/pages/account/lost/recovery-key/step-3.php
+++ b/system/pages/account/lost/recovery-key/step-3.php
@@ -1,91 +0,0 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Lost Account';
 $recKey = trim($_REQUEST['key']);
 $nick = stripslashes($_REQUEST['nick']);
 $newPassword = trim($_REQUEST['passor']);
 $newEmail = trim($_REQUEST['email']);
 $player = new OTS_Player();
 $account = new OTS_Account();
 $player->find($nick);
 if($player->isLoaded()) {
 	$account = $player->getAccount();
 }
 if($account->isLoaded()) {
 	$accountKey = $account->getCustomField('key');
 	if(!empty($accountKey)) {
 		if($accountKey == $recKey) {
 			if(Validator::password($newPassword)) {
 				if(Validator::email($newEmail)) {
 					$account->setEMail($newEmail);
 					$tmp_new_pass = $newPassword;
 					if(USE_ACCOUNT_SALT)
 					{
 						$salt = generateRandomString(10, false, true, true);
 						$tmp_new_pass = $salt . $newPassword;
 					}
 					$account->setPassword(encrypt($tmp_new_pass));
 					$account->save();
 					if(USE_ACCOUNT_SALT) {
 						$account->setCustomField('salt', $salt);
 					}
 					$statusMsg = '';
 					if($account->getCustomField('email_next') < time()) {
 						$mailBody = $twig->render('mail.account.lost.new-email.html.twig', [
 							'account' => $account,
 							'newPassword' => $newPassword,
 							'newEmail' => $newEmail,
 						]);
 						if(_mail($account->getCustomField('email'), $config['lua']['serverName']." - New password to your account", $mailBody)) {
 							$statusMsg = '<br /><small>Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!</small>';
 						}
 						else {
 							$statusMsg = '<br /><p class="error">An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
 						}
 					}
 					else {
 						$statusMsg = '<br /><small>You will not receive e-mail with this informations.</small>';
 					}
 					$twig->display('account/lost/finish.new-email.html.twig', [
 						'statusMsg' => $statusMsg,
 						'account' => $account,
 						'newPassword' => $newPassword,
 						'newEmail' => $newEmail,
 					]);
 				}
 				else {
 					echo Validator::getLastError();
 				}
 			}
 			else {
 				echo Validator::getLastError();
 			}
 		}
 		else {
 			echo 'Wrong recovery key!';
 		}
 	}
 	else {
 		echo 'Account of this character has no recovery key!';
 	}
 }
 else {
 	echo "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
 }
 $twig->display('account.back_button.html.twig', [
 	'new_line' => true,
 	'center' => true,
 	'action' => getLink('account/lost') . '?action=step1&action_type=reckey&nick=' . urlencode($nick),
 ]);
--- a/system/pages/account/lost/step-1.php
+++ b/system/pages/account/lost/step-1.php
@@ -1,24 +0,0 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Lost Account';
 $nick = stripslashes($_REQUEST['nick']);
 $player = new OTS_Player();
 $account = new OTS_Account();
 $player->find($nick);
 if($player->isLoaded()) {
 	$account = $player->getAccount();
 }
 if (ACTION == 'email') {
 	require __DIR__ . '/email/step-1.php';
 }
 else if (ACTION == 'recovery-key') {
 	require __DIR__ . '/recovery-key/step-1.php';
 }
 else {
 	$twig->display('account/lost/no-action.html.twig');
 }
--- a/system/pages/account/manage.php
+++ b/system/pages/account/manage.php
@@ -8,6 +8,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\TwoFactorAuth\TwoFactorAuth;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Account Management';
@@ -111,6 +114,8 @@ $twig->display('account.management.html.twig', array(
 	'account_registered' => $account_registered,
 	'account_rlname' => $account_rlname,
 	'account_location' => $account_location,
 	'twoFactorViews' => TwoFactorAuth::getInstance($account_logged)->getAccountManageViews(),
 	'actions' => $actions,
-	'players' => $account_players
+	'players' => $account_players,
 ));
--- a/system/src/Models/AccountEMailCode.php
+++ b/system/src/Models/AccountEMailCode.php
@@ -0,0 +1,14 @@
 <?php
 namespace MyAAC\Models;
 use Illuminate\Database\Eloquent\Model;
 class AccountEMailCode extends Model {
 	protected $table = TABLE_PREFIX . 'account_email_codes';
 	public $timestamps = false;
 	protected $fillable = ['account_id', 'code', 'created_at'];
 }
--- a/system/src/TwoFactorAuth/Gateway/AppAuthGateway.php
+++ b/system/src/TwoFactorAuth/Gateway/AppAuthGateway.php
@@ -0,0 +1,13 @@
 <?php
 namespace MyAAC\TwoFactorAuth\Gateway;
 use MyAAC\TwoFactorAuth\Interface\AuthGatewayInterface;
 class AppAuthGateway extends BaseAuthGateway implements AuthGatewayInterface
 {
 	public function verifyCode(string $code): bool
 	{
 		return true;
 	}
 }
--- a/system/src/TwoFactorAuth/Gateway/BaseAuthGateway.php
+++ b/system/src/TwoFactorAuth/Gateway/BaseAuthGateway.php
@@ -0,0 +1,12 @@
 <?php
 namespace MyAAC\TwoFactorAuth\Gateway;
 class BaseAuthGateway
 {
 	protected \OTS_Account $account;
 	public function __construct(\OTS_Account $account) {
 		$this->account = $account;
 	}
 }
--- a/system/src/TwoFactorAuth/Gateway/EmailAuthGateway.php
+++ b/system/src/TwoFactorAuth/Gateway/EmailAuthGateway.php
@@ -0,0 +1,16 @@
 <?php
 namespace MyAAC\TwoFactorAuth\Gateway;
 use MyAAC\Models\AccountEMailCode;
 use MyAAC\TwoFactorAuth\Interface\AuthGatewayInterface;
 use MyAAC\TwoFactorAuth\TwoFactorAuth;
 class EmailAuthGateway extends BaseAuthGateway implements AuthGatewayInterface
 {
 	public function verifyCode(string $code): bool
 	{
 		return AccountEMailCode::where('account_id', '=', $this->account->getId())->where('code', $code)->where('created_at', '>', time() - TwoFactorAuth::EMAIL_CODE_VALID_UNTIL)->first() !== null;
 	}
 }
--- a/system/src/TwoFactorAuth/Interface/AuthGatewayInterface.php
+++ b/system/src/TwoFactorAuth/Interface/AuthGatewayInterface.php
@@ -0,0 +1,9 @@
 <?php
 namespace MyAAC\TwoFactorAuth\Interface;
 interface AuthGatewayInterface
 {
 	public function __construct(\OTS_Account $account);
 	public function verifyCode(string $code): bool;
 }
--- a/system/src/TwoFactorAuth/TwoFactorAuth.php
+++ b/system/src/TwoFactorAuth/TwoFactorAuth.php
@@ -0,0 +1,183 @@
 <?php
 namespace MyAAC\TwoFactorAuth;
 use MyAAC\Models\AccountEMailCode;
 use MyAAC\TwoFactorAuth\Gateway\AppAuthGateway;
 use MyAAC\TwoFactorAuth\Gateway\EmailAuthGateway;
 class TwoFactorAuth
 {
 	const TYPE_NONE = 0;
 	const TYPE_EMAIL = 1;
 	const TYPE_APP = 2;
 	// maybe later
 	//const TYPE_SMS = 3;
 	const EMAIL_CODE_VALID_UNTIL = 24 * 60 * 60;
 	private static self $instance;
 	private \OTS_Account $account;
 	private int $authType;
 	private EmailAuthGateway|AppAuthGateway $authGateway;
 	public function __construct(\OTS_Account|int $account) {
 		if (is_int($account)) {
 			$this->account = new \OTS_Account();
 			$this->account->load($account);
 		}
 		else {
 			$this->account = $account;
 		}
 		$this->authType = (int)$this->account->getCustomField('2fa_type');
 		$this->setAuthGateway($this->authType);
 	}
 	public static function getInstance($account = null): self
 	{
 		if (!isset(self::$instance)) {
 			self::$instance = new self($account);
 		}
 		return self::$instance;
 	}
 	public function process($login_account, $login_password, $remember_me, $code): bool
 	{
 		global $twig;
 		if (!$this->isActive()) {
 			return true;
 		}
 		if (empty($code)) {
 			if ($this->authType == self::TYPE_EMAIL) {
 				if (!$this->hasRecentEmailCode(15 * 60)) {
 					$this->resendEmailCode();
 					//success('Resent email.');
 				}
 				define('HIDE_LOGIN_BOX', true);
 				$twig->display('account.2fa.email.login.html.twig', [
 					'account_login' => $login_account,
 					'password_login' => $login_password,
 					'remember_me' => $remember_me,
 				]);
 			}
 			else {
 				echo 'Two Factor App Auth';
 			}
 			return false;
 		}
 		if ($this->getAuthGateway()->verifyCode($code)) {
 			if ($this->authType === self::TYPE_EMAIL) {
 				$this->deleteOldCodes();
 			}
 			return true;
 		}
 		if (setting('core.mail_enabled')) {
 			$mailBody = $twig->render('mail.account.2fa.email-code.wrong-attempt.html.twig');
 			if (!_mail($this->account->getEMail(), configLua('serverName') . ' - Failed Two-Factor Authentication Attempt', $mailBody)) {
 				error('An error occurred while sending email. For Admin: More info can be found in system/logs/mailer-error.log');
 			}
 		}
 		define('HIDE_LOGIN_BOX', true);
 		$errors[] = 'Invalid email code!';
 		$twig->display('error_box.html.twig', ['errors' => $errors]);
 		$twig->display('account.2fa.email.login.html.twig',
 			[
 				'account_login' => $login_account,
 				'password_login' => $login_password,
 				'remember_me' => $remember_me,
 				'wrongCode' => true,
 			]);
 		return false;
 	}
 	public function setAuthGateway(int $authType): void
 	{
 		if ($authType === self::TYPE_EMAIL) {
 			$this->authGateway = new EmailAuthGateway($this->account);
 		}
 		else if ($authType === self::TYPE_APP) {
 			$this->authGateway = new AppAuthGateway($this->account);
 		}
 	}
 	public function getAccountManageViews(): array
 	{
 		$twoFactorView = 'account.2fa.protected.html.twig';
 		if ($this->authType == self::TYPE_EMAIL) {
 			$twoFactorView2 = 'account.2fa.email.activated.html.twig';
 		}
 		elseif ($this->authType == self::TYPE_APP) {
 			$twoFactorView2 = 'account.2fa.app.activated.html.twig';
 		}
 		else {
 			$twoFactorView = 'account.2fa.connect.html.twig';
 			$twoFactorView2 = 'account.2fa.email.activate.html.twig';
 		}
 		return [$twoFactorView, $twoFactorView2];
 	}
 	public function enable(int $type): void {
 		$this->account->setCustomField('2fa_type', $type);
 	}
 	public function disable(): void {
 		$this->account->setCustomField('2fa_type', self::TYPE_NONE);
 	}
 	public function isActive(): bool {
 		return $this->authType != self::TYPE_NONE;
 	}
 	public function getAuthType(): int {
 		return $this->authType;
 	}
 	public function getAuthGateway(): AppAuthGateway|EmailAuthGateway  {
 		return $this->authGateway;
 	}
 	public function hasRecentEmailCode($since = self::EMAIL_CODE_VALID_UNTIL): bool {
 		return AccountEMailCode::where('account_id', '=', $this->account->getId())->where('created_at', '>', time() - $since)->first() !== null;
 	}
 	public function deleteOldCodes(): void {
 		AccountEMailCode::where('account_id', '=', $this->account->getId())->delete();
 	}
 	public function resendEmailCode(): void
 	{
 		global $twig;
 		$newCode = generateRandomString(6, true, false, true);
 		AccountEMailCode::create([
 			'account_id' => $this->account->getId(),
 			'code' => $newCode,
 			'created_at' => time(),
 		]);
 		$mailBody = $twig->render('mail.account.2fa.email-code.html.twig', [
 			'code' => $newCode,
 		]);
 		if (!_mail($this->account->getEMail(), configLua('serverName') . ' - Requested Authentication Email Code', $mailBody)) {
 			error('An error occurred while sending email. For Admin: More info can be found in system/logs/mailer-error.log');
 		}
 	}
 }
--- a/system/templates/account.2fa.connect.html.twig
+++ b/system/templates/account.2fa.connect.html.twig
@@ -0,0 +1,36 @@
 <tr>
 	<td>
 		<div class="TableShadowContainerRightTop">
 			<div class="TableShadowRightTop" style="background-image:url({{ template_path }}/images/global/content/table-shadow-rt.gif);"></div>
 		</div>
 		<div class="TableContentAndRightShadow" style="background-image:url({{ template_path }}/images/global/content/table-shadow-rm.gif);">
 			<div class="TableContentContainer">
 				<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 					<tbody><tr>
 						<td class="LabelV"><b>Connect your {{ config.lua.serverName }} account to an authenticator app!</b>
 							<div style="float: right; font-size: 1px;">
 								<form action="{{ getLink('account/2fa') }}?action=email-code" method="post" style="margin: 0px; padding: 0px;">
 									{{ csrf() }}
 									{% set button_name = 'Request' %}
 									{% include('buttons.base.html.twig') %}
 								</form>
 							</div>
 						</td>
 					</tr>
 					<tr>
 						<td>
 							<p>As a first step to connect an <b>authenticator app</b> to your account, click on "Request"! An email with a confirmation key will be sent to the email address assigned to your account.</p>
 						</td>
 					</tr>
 					</tbody>
 				</table>
 			</div>
 		</div>
 		<div class="TableShadowContainer">
 			<div class="TableBottomShadow" style="background-image:url({{ template_path }}/images/global/content/table-shadow-bm.gif);">
 				<div class="TableBottomLeftShadow" style="background-image:url({{ template_path }}/images/global/content/table-shadow-bl.gif);"></div>
 				<div class="TableBottomRightShadow" style="background-image:url({{ template_path }}/images/global/content/table-shadow-br.gif);"></div>
 			</div>
 		</div>
 	</td>
 </tr>
--- a/system/templates/account.2fa.email.activate.html.twig
+++ b/system/templates/account.2fa.email.activate.html.twig
@@ -0,0 +1,37 @@
 <tr>
 	<td>
 		<div class="TableShadowContainerRightTop">
 			<div class="TableShadowRightTop" style="background-image:url({{ template_path }}/images/global/content/table-shadow-rt.gif);"></div>
 		</div>
 		<div class="TableContentAndRightShadow" style="background-image:url({{ template_path }}/images/global/content/table-shadow-rm.gif);">
 			<div class="TableContentContainer">
 				<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 					<tbody>
 					<tr>
 						<td class="LabelV"><b>Activate email code authentication for your account!</b>
 							<div style="float: right; font-size: 1px;">
 								<form action="{{ getLink('account/2fa') }}?action=email-code&step=activate" method="post" style="margin: 0; padding: 0;">
 									{{ csrf() }}
 									{% set button_name = 'Request' %}
 									{% include('buttons.base.html.twig') %}
 								</form>
 							</div>
 						</td>
 					</tr>
 					<tr>
 						<td>
 							<p>As a first step to activate <b>email code authentication</b> for your account, click on "Request"! An <b>email code</b> will be sent to the email address assigned to your account. You will be asked to enter this <b>email code</b> on the next page within 24 hours.</p>
 						</td>
 					</tr>
 					</tbody>
 				</table>
 			</div>
 		</div>
 		<div class="TableShadowContainer">
 			<div class="TableBottomShadow" style="background-image:url({{ template_path }}/images/global/content/table-shadow-bm.gif);">
 				<div class="TableBottomLeftShadow" style="background-image:url({{ template_path }}/images/global/content/table-shadow-bl.gif);"></div>
 				<div class="TableBottomRightShadow" style="background-image:url({{ template_path }}/images/global/content/table-shadow-br.gif);"></div>
 			</div>
 		</div>
 	</td>
 </tr>
--- a/system/templates/account.2fa.email.activated.html.twig
+++ b/system/templates/account.2fa.email.activated.html.twig
@@ -0,0 +1,26 @@
 <tr>
 	<td>
 		<div class="TableContentContainer ">
 			<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 				<tbody>
 				<tr>
 					<td>
 						<div style="float: right; width: 135px;">
 							<form action="{{ getLink('account/2fa') }}?action=email-code" method="post" style="padding:0;margin:0;">
 								{{ csrf() }}
 								<input type="hidden" name="step" value="deactivate">
 								{% set button_name = 'Deactivate' %}
 								{{ include('buttons.base.html.twig') }}
 							</form>
 						</div>
 						<b>Two-Factor Email Code Authentication <span style="color: green">Activated</span>!</b>
 						<p>To deactivate <b>email code authentication</b>, click on the "Deactivate" button.</p>
 						<!--p>You will have to confirm the deactivation by entering an <b>email code</b> which will be sent
 							to the email address assigned to your account.</p-->
 					</td>
 				</tr>
 				</tbody>
 			</table>
 		</div>
 	</td>
 </tr>
--- a/system/templates/account.2fa.email.deactivate.html.twig
+++ b/system/templates/account.2fa.email.deactivate.html.twig
@@ -0,0 +1,109 @@
 {% set title = 'Deactivate Email Code Authentication' %}
 {% set content %}
 	<table style="width:100%;">
 		<tbody>
 		<tr>
 			<td>
 				<div class="TableContentContainer ">
 					<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 						<tbody>
 						<tr>
 							<td>To deactivate <b>two-factor email code authentication</b> for your account, enter the
 								received <b>email code</b> below. Note, however, that <b>email code authentication</b>
 								is an important security feature which helps to prevent any unauthorised access to your
 								Tibia account.
 							</td>
 						</tr>
 						</tbody>
 					</table>
 				</div>
 			</td>
 		</tr>
 		<tr>
 			<td>
 				<div class="TableContentContainer">
 					<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 						<tbody>
 						<tr>
 							<td>
 								<div style="float: right;">
 									<form
 										action="{{ getLink('account/2fa') }}?action=email-code&step=resend"
 										method="post"
 										style="padding:0;margin:0;"
 									>
 										{{ csrf() }}
 										{% set button_name = 'Resend Email Code' %}
 										{{ include('buttons.base.html.twig') }}
 									</form>
 								</div>
 								An <b>email code</b> has already been sent to the email address assigned to your
 								account.
 								Please check your email account's spam/junk filter and make sure that your mailbox is
 								not
 								full.<br>In case you need a new email code, you can request one by clicking on "Resend
 								Email
 								Code".
 							</td>
 						</tr>
 						</tbody>
 					</table>
 				</div>
 			</td>
 		</tr>
 		<tr>
 			<td>
 				<div class="TableContentContainer">
 					<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 						<tbody>
 						<tr>
 							<td>To complete the deactivation of <b>email code authentication</b>, please enter the <b>email
 									code</b> you received at the email address assigned to your account.
 								<div style="margin-top: 15px; margin-bottom: 15px;">
 									<div class="LabelV150 {{ wrongCode ? 'red' : '' }}" style="float:left;"><label
 											for="email-code">Email Code:</label></div>
 									<input form="form-code" id="auth-code" name="email-code" maxlength="15"
 										   autocomplete="off">
 									{% if wrongCode %}
 										<br/>
 										<div class="LabelV150" style="float:left;">&nbsp; </div>
 										<div class="FormFieldError">Invalid email code!</div>
 									{% endif %}
 								</div>
 							</td>
 						</tr>
 						</tbody>
 					</table>
 				</div>
 			</td>
 		</tr>
 		</tbody>
 	</table>
 {% endset %}
 {% include 'tables.headline.html.twig' %}
 <table style="width: 100%;">
 	<tbody>
 	<tr align="center" valign="top">
 		<td>
 			<form id="form-code" method="post" action="{{ getLink('account/2fa') }}?action=email-code">
 				{{ csrf() }}
 				<input type="hidden" name="step" value="deactivate">
 				<input type="hidden" name="save" value="1">
 				{% set button_name = 'Continue' %}
 				{% set button_color = 'green' %}
 				{{ include('buttons.submit.html.twig') }}
 			</form>
 		</td>
 		<td>
 			<form action="{{ getLink('account/manage') }}" method="post" style="padding:0;margin:0;">
 				{{ csrf() }}
 				{% set button_color = 'blue' %}
 				{{ include('buttons.back.html.twig') }}
 			</form>
 		</td>
 	</tr>
 	</tbody>
 </table>
--- a/system/templates/account.2fa.email.login.html.twig
+++ b/system/templates/account.2fa.email.login.html.twig
@@ -0,0 +1,92 @@
 {% set title = 'Enter Email Code' %}
 {% set content %}
 <table style="width:100%;">
 	<tbody>
 	<tr>
 		<td>
 			<div class="TableContentContainer">
 				<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 					<tbody>
 					<tr>
 						<td>
 							<div style="float: right;">
 								<form
 										action="{{ getLink('account/2fa') }}?action=email-code&step=resend"
 										method="post"
 										style="padding:0;margin:0;"
 								>
 									{{ csrf() }}
 									{% set button_name = 'Resend Email Code' %}
 									{{ include('buttons.base.html.twig') }}
 								</form>
 							</div>
 							An <b>email code</b> has already been sent to the email address assigned to your account.
 							Please check your email account's spam/junk filter and make sure that your mailbox is not
 							full.<br>In case you need a new email code, you can request one by clicking on "Resend Email
 							Code".
 						</td>
 					</tr>
 					</tbody>
 				</table>
 			</div>
 		</td>
 	</tr>
 	<tr>
 		<td>
 			<div class="TableContentContainer">
 				<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 					<tbody>
 					<tr>
 						<td><b>Email code authentication is activated for your account.</b><br><br>Please enter the <b>most
 								recent email code</b> you have received in order to log in.<br>
 							<div style="margin-top: 15px; margin-bottom: 15px;">
 								<div class="LabelV150 {{ wrongCode ? 'red' : '' }}" style="float:left;"><label for="email-code">Email Code:</label></div>
 								<input form="form-code" id="auth-code" name="auth-code" maxlength="15" autocomplete="off">
 								{% if wrongCode %}
 									<br/>
 									<div class="LabelV150" style="float:left;">&nbsp; </div>
 									<div class="FormFieldError">Invalid email code!</div>
 								{% endif %}
 							</div>
 						</td>
 					</tr>
 					</tbody>
 				</table>
 			</div>
 		</td>
 	</tr>
 	</tbody>
 </table>
 {% endset %}
 {% include 'tables.headline.html.twig' %}
 <table style="width: 100%;">
 	<tbody>
 	<tr align="center" valign="top">
 		<td>
 			<form id="form-code" method="post" action="{{ getLink('account/manage') }}">
 				{{ csrf() }}
 				<input type="hidden" name="account_login" value="{{ account_login ?? '' }}" />
 				<input type="hidden" name="password_login" value="{{ password_login ?? '' }}" />
 				{% if remember_me %}
 					<input type="hidden" name="remember_me" value="true" />
 				{% endif %}
 				<input type="hidden" name="step" value="verify">
 				{% set button_name = 'Continue' %}
 				{% set button_color = 'green' %}
 				{{ include('buttons.submit.html.twig') }}
 			</form>
 		</td>
 		<td>
 			<form action="{{ getLink('account/manage') }}" method="post" style="padding:0;margin:0;">
 				{{ csrf() }}
 				{% set button_color = 'blue' %}
 				{{ include('buttons.back.html.twig') }}
 			</form>
 		</td>
 	</tr>
 	</tbody>
 </table>
--- a/system/templates/account.2fa.email_code.html.twig
+++ b/system/templates/account.2fa.email_code.html.twig
@@ -0,0 +1,110 @@
 {% set title = 'Activate Email Code Authentication' %}
 {% set content %}
 <table style="width:100%;">
 	<tbody>
 	<tr>
 		<td>
 			<div class="TableContentContainer">
 				<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 					<tbody>
 					<tr>
 						<td>Enter the email code below to activate <b>two-factor email code authentication</b>. Note
 							that this code is only valid for 24 hours.<br><br>
 							<div class="AttentionSign"><img src="{{ template_path }}/images/global/content/attentionsign.gif"></div>
 							<b>Note:</b> Once you have email code authentication activated, an <b>email code</b> will be
 							sent to the email address assigned to your account whenever you try to log in to the Tibia
 							client or the {{ config.lua.serverName }} website. In order to log in, you will need to enter the <b>most recent
 								email code</b> you have received.
 						</td>
 					</tr>
 					</tbody>
 				</table>
 			</div>
 		</td>
 	</tr>
 	<tr>
 		<td>
 			<div class="TableContentContainer">
 				<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 					<tbody>
 					<tr>
 						<td>
 							<div style="float: right;">
 								<form action="{{ getLink('account/2fa') }}?action=email-code"
 									method="post" style="padding:0;margin:0;">
 									{{ csrf() }}
 									{% if account_logged is defined %}
 										<input type="hidden" name="account_logged" value="{{ account_logged.getId() }}">
 									{% endif %}
 									<input type="hidden" name="step" value="resend">
 									{% set button_name = 'Resend Email Code' %}
 									{% include('buttons.base.html.twig') %}
 								</form>
 							</div>
 							An <b>email code</b> has already been sent to the email address assigned to your account.
 							Please check your email account's spam/junk filter and make sure that your mailbox is not
 							full.<br>In case you need a new email code, you can request one by clicking on "Resend Email
 							Code".
 						</td>
 					</tr>
 					</tbody>
 				</table>
 			</div>
 		</td>
 	</tr>
 	<tr>
 		<td>
 			<div class="TableContentContainer">
 				<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 					<tbody>
 					<tr>
 						<td>To complete the activation of email code authentication for your Tibia account, please enter
 							the email code you received at the email address assigned to your account.
 							<div style="margin-top: 15px; margin-bottom: 15px;">
 								<div class="LabelV150 {{ wrongCode ? 'red' : '' }}" style="float:left;">Email Code:</div>
 								<input form="confirmActivateForm" name="auth-code" maxlength="6">
 								{% if wrongCode %}
 									<br/>
 									<div class="LabelV150" style="float:left;">&nbsp; </div>
 									<div class="FormFieldError">Invalid email code!</div>
 								{% endif %}
 							</div>
 						</td>
 					</tr>
 					</tbody>
 				</table>
 			</div>
 		</td>
 	</tr>
 	</tbody>
 </table>
 {% endset %}
 {% include 'tables.headline.html.twig' %}
 <br/>
 <table style="width: 100%;">
 	<tbody>
 	<tr align="center" valign="top">
 		<td>
 			<form id="confirmActivateForm" action="{{ getLink('account/2fa') }}?action=email-code" method="post" style="padding:0;margin:0;">
 				{{ csrf() }}
 				<input type="hidden" name="step" value="activate">
 				<input type="hidden" name="save" value="1">
 				{% set button_color = 'green' %}
 				{{ include('buttons.submit.html.twig') }}
 			</form>
 		</td>
 		<td>
 			<form action="{{ getLink('account/manage') }}" method="post" style="padding:0;margin:0;">
 				{{ csrf() }}
 				{% set button_color = 'blue' %}
 				{{ include('buttons.back.html.twig') }}
 			</form>
 		</td>
 	</tr>
 	</tbody>
 </table>
--- a/system/templates/account.2fa.main.html.twig
+++ b/system/templates/account.2fa.main.html.twig
@@ -0,0 +1,12 @@
 {% set title = 'Two-Factor Authentication' %}
 {% set content %}
 <table style="width:100%;">
 	<tbody>
 	{{ include(twoFactorViews[0]) }}
 	{{ include(twoFactorViews[1]) }}
 	</tbody>
 </table>
 {% endset %}
 {% include('tables.headline.html.twig') %}
 <br/>
--- a/system/templates/account.2fa.protected.html.twig
+++ b/system/templates/account.2fa.protected.html.twig
@@ -0,0 +1,18 @@
 <tr>
 	<td>
 		<div class="TableContentContainer ">
 			<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 				<tbody>
 				<tr>
 					<td>
 						<div class="InTableRightButtonContainer"></div>
 						<b>Two-Factor Authenticator App</b>
 						<p>Your account is currently protected by email code authentication. If you prefer to use a <b>two-factor
 								authentication app</b>, you have to "Deactivate" email code authentication first.</p>
 					</td>
 				</tr>
 				</tbody>
 			</table>
 		</div>
 	</td>
 </tr>
--- a/system/templates/account.back_button.html.twig
+++ b/system/templates/account.back_button.html.twig
@@ -1,26 +1,7 @@
 {% if new_line is defined and new_line %}
 	<br/>
 {% endif %}
-
+<form action="{% if action is not defined %}{{ getLink('account/manage') }}{% else %}{{ action }}{% endif %}" method="post">
-{% set _center = false %}
+	{{ csrf() }}
-
+	{{ include('buttons.back.html.twig') }}
-{% if center is defined and center %}
+</form>
 {% set _center = true %}
 {% endif %}
 {% if _center %}
 <table border="0" cellspacing="1" cellpadding="4" width="100%">
 	<tbody>
 	<tr>
 		<td align="center">
 {% endif %}
 			<form action="{% if action is not defined %}{{ getLink('account/manage') }}{% else %}{{ action }}{% endif %}" method="post">
 				{{ csrf() }}
 				{{ include('buttons.back.html.twig') }}
 			</form>
 {% if _center %}
 		</td>
 	</tr>
 	</tbody>
 </table>
 {% endif %}
--- a/system/templates/account.lost.form.html.twig
+++ b/system/templates/account.lost.form.html.twig
@@ -0,0 +1,36 @@
 The Lost Account Interface can help you to get back your account name and password. Please enter your character name and select what you want to do.<br/>
 <form action="{{ getLink('account/lost') }}?action=step1" method="post">
 	{{ csrf() }}
 	<input type="hidden" name="character" value="">
 	<table cellspacing="1" cellpadding="4" border="0" width="100%">
 		<tr>
 			<td bgcolor="{{ config.vdarkborder }}" class="white"><b>Please enter your character name</b></td>
 		</tr>
 		<tr>
 			<td bgcolor="{{ config.darkborder }}">
 				<input type="text" name="nick" size="40" autofocus/><br>
 			</td>
 		</tr>
 	</table>
 	<table cellspacing="1" cellpadding="4" border="0" width="100%">
 		<tr>
 			<td bgcolor="{{ config.vdarkborder }}" class="white"><b>What do you want?</b></td>
 		</tr>
 		<tr>
 			<td bgcolor="{{ config.darkborder }}">
 				<input type="radio" name="action_type" id="action_type_email" value="email">
 				<label for="action_type_email"> Send me new password and my account name to account e-mail adress.</label><br/>
 				<input type=radio name="action_type" id="action_type_key" value="reckey">
 				<label for="action_type_key"> I got <b>recovery key</b> and want set new password and e-mail adress to my account.</label><br/>
 			</td>
 		</tr>
 	</table>
 	<br/>
 	<table cellspacing="0" cellpadding="0" border="0" width="100%">
 		<tr>
 			<td align="center">
 				{{ include('buttons.submit.html.twig') }}
 			</td>
 		</tr>
 	</table>
 </form>
--- a/system/templates/account.lost.noaction.html.twig
+++ b/system/templates/account.lost.noaction.html.twig
@@ -0,0 +1,10 @@
 Please select action.<br/>
 <table cellspacing="0" cellpadding="0" border="0" width="100%">
 	<tr>
 		<td align="center">
 			<a href="{{ getLink('account/lost') }}" border="0">
 				{{ include('buttons.back.html.twig') }}
 			</a>
 		</td>
 	</tr>
 </table>
--- a/system/templates/account.management.html.twig
+++ b/system/templates/account.management.html.twig
@@ -147,6 +147,9 @@
 			{% include('buttons.base.html.twig') %}
 		</form>
 		<br/>
 		{{ include('account.2fa.main.html.twig') }}
 		{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS') }}
 		<a name="Account+Logs" ></a>
 		<h2>Account Logs</h2>
--- a/system/templates/account/lost/check-code.finish.html.twig
+++ b/system/templates/account/lost/check-code.finish.html.twig
@@ -1,33 +0,0 @@
 Please enter new password to your account and repeat to make sure you remember password.<BR>
 <form action="{{ getLink('account/lost/email/set-new-password') }}" method="post">
 	<input type="hidden" name="character" value="{{ character }}">
 	<input type="hidden" name="code" value="{{ code }}">
 	<table class="myaac-table" style="width: 100%;">
 		<thead>
 		<tr>
 			<th class="white"><B>Passwords</B></th>
 		</tr>
 		</thead>
 		<tbody>
 		<tr>
 			<td>
 				New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="password" ID="passor" name="passor" value="" size="40"><br/>
 				Repeat new password:&nbsp;<input TYPE="password" ID="passor2" name="passor2" value="" size="40"><br/>
 			</td>
 		</tr>
 		</tbody>
 	</table>
 	<br/>
 	<table style="width: 100%">
 		<tr>
 			<td>
 				<div style="text-align: center">
 					{% set button_name = 'Submit' %}
 					{% include('buttons.base.html.twig') %}
 				</div>
 			</td>
 		</tr>
 	</table>
 </form>
--- a/system/templates/account/lost/check-code.html.twig
+++ b/system/templates/account/lost/check-code.html.twig
@@ -1,30 +0,0 @@
 Please enter code from e-mail and name of one character from account. Then press Submit.<br/>
 <form action="{{ getLink('account/lost/check-code') }}" method="post">
 	<table class="myaac-table" style="width: 100%;">
 		<thead>
 		<tr>
 			<th class="white">
 				<b>Code & character name</b>
 			</th>
 		</tr>
 		</thead>
 		<tbody>
 		<tr>
 			<td>
 				Your code:&nbsp;<input type="text" name="code" value="{{ code }}" size="40"><br/>
 				Character:&nbsp;<input type="text" name="character" value="{{ character }}" size="40"><br/>
 			</td>
 		</tr>
 		</tbody>
 	</table>
 	<br>
 	<table style="width: 100%">
 		<tr>
 			<td align="center">
 				{% set button_name = 'Submit' %}
 				{% include('buttons.base.html.twig') %}
 			</td>
 		</tr>
 	</table>
 </form>
--- a/system/templates/account/lost/email.html.twig
+++ b/system/templates/account/lost/email.html.twig
@@ -1,33 +0,0 @@
 Please enter e-mail to account with this character.<br/>
 <form action="{{ getLink('account/lost/email/send-code') }}" method="post">
 	<input type=hidden name="character">
 	<table class="myaac-table" style="width: 100%;">
 		<thead>
 		<tr>
 			<th class="white"><b>Please enter e-mail to account</b></th>
 		</tr>
 		</thead>
 		<tbody>
 		<tr>
 			<td>
 				Character: <input type=text name="nick" value="{{ nick }}" size="40" readonly="readonly"><br/>
 				E-mail to account: <input type=text name="email" value="" size="40"><br/>
 			</td>
 		</tr>
 		</tbody>
 	</table>
 	<br>
 	<table style="width: 100%">
 		<tr>
 			<td>
 				<div style="text-align:center">
 					{% set button_name = 'Submit' %}
 					{% include('buttons.base.html.twig') %}
 				</div>
 			</td>
 		</tr>
 	</table>
 </form>
--- a/system/templates/account/lost/finish.new-email.html.twig
+++ b/system/templates/account/lost/finish.new-email.html.twig
@@ -1,33 +0,0 @@
 Your account name, new password and new e-mail.<br/>
 <table class="myaac-table" style="width: 100%;">
 	<thead>
 	<tr>
 		<th class="white">
 			<b>Your account name, new password and new e-mail</b>
 		</th>
 	</tr>
 	</thead>
 	<tbody>
 	<tr>
 		<td>
 			Account name:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>{{ account.getName() }}</b><br/>
 			New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>{{ newPassword }}</b><br/>
 			New e-mail address:&nbsp;<b>{{ newEmail }}</b><br/>
 			{{ statusMsg|raw }}
 		</td>
 	</tr>
 	</tbody>
 </table>
 <br>
 <table style="width: 100%">
 	<tr>
 		<td align="center">
 			<form action="{{ getLink('account/manage') }}" method="post">
 				{{ include('buttons.login.html.twig') }}
 			</form>
 		</td>
 	</tr>
 </table>
--- a/system/templates/account/lost/finish.new-password.html.twig
+++ b/system/templates/account/lost/finish.new-password.html.twig
@@ -1,30 +0,0 @@
 New password to your account is below. Now you can log in.<BR>
 <table class="myaac-table" style="width: 100%;">
 	<thead>
 	<tr>
 		<th class="white"><b>Changed password</b></th>
 	</tr>
 	</thead>
 	<tbody>
 	<tr>
 		<td>
 			New password:&nbsp;<b>{{ newPassword }}</b><br/>
 			Account name:&nbsp;&nbsp;&nbsp;<i>(Already on your e-mail)</i><br/>
 			{{ statusMsg|raw }}
 		</td>
 	</tr>
 	</tbody>
 </table>
 <br/>
 <table style="width: 100%">
 	<tr>
 		<td align="center">
 			<form action="{{ getLink('account/manage') }}">
 				{% set button_name = 'Login' %}
 				{% include('buttons.base.html.twig') %}
 			</form>
 		</td>
 	</tr>
 </table>
--- a/system/templates/account/lost/form.html.twig
+++ b/system/templates/account/lost/form.html.twig
@@ -1,41 +0,0 @@
 The Lost Account Interface can help you to get back your account name and password. Please enter your character name and select what you want to do.<br/>
 <form action="{{ getLink('account/lost/step-1') }}" method="post">
 	{{ csrf() }}
 	<input type="hidden" name="character" value="">
 	<table class="myaac-table" style="width: 100%">
 		<thead>
 		<tr>
 			<th class="white"><b>Please enter your character name</b></th>
 		</tr>
 		</thead>
 		<tbody>
 			<tr>
 				<td>
 					<input type="text" name="nick" size="40" autofocus/><br>
 				</td>
 			</tr>
 		</tbody>
 	</table>
 	<table style="width: 100%; border-spacing: 1px">
 		<tr>
 			<td style="padding: 4px; background: {{ config('vdarkborder') }}" class="white"><b>What do you want?</b></td>
 		</tr>
 		<tr>
 			<td style="padding: 4px; background: {{ config('darkborder') }}">
 				<input type="radio" name="action" id="action_type_email" value="email">
 				<label for="action_type_email"> Send me new password and my account name to account e-mail address.</label><br/>
 				<input type=radio name="action" id="action_type_key" value="recovery-key">
 				<label for="action_type_key"> I got <b>recovery key</b> and want set new password and e-mail address to my account.</label><br/>
 			</td>
 		</tr>
 	</table>
 	<br/>
 	<table style="width: 100%">
 		<tr>
 			<td align="center">
 				{% set button_name = 'Submit' %}
 				{% include('buttons.base.html.twig') %}
 			</td>
 		</tr>
 	</table>
 </form>
--- a/system/templates/account/lost/no-action.html.twig
+++ b/system/templates/account/lost/no-action.html.twig
@@ -1,10 +0,0 @@
 Please select action.<br/>
 <table style="width: 100%">
 	<tr>
 		<td align="center">
 			<a href="{{ getLink('account/lost') }}">
 				{{ include('buttons.back.html.twig') }}
 			</a>
 		</td>
 	</tr>
 </table>
--- a/system/templates/account/lost/recovery-key.html.twig
+++ b/system/templates/account/lost/recovery-key.html.twig
@@ -1,34 +0,0 @@
 If you enter right recovery key you will see form to set new e-mail and password to account. To this e-mail will be send your new password and account name.<BR>
 <form action="{{ getLink('account/lost/recovery-key/step-2') }}" method="post">
 	<table class="myaac-table" style="width: 100%;">
 		<thead>
 		<tr>
 			<th class="white">
 				<b>Please enter your recovery key</b>
 			</th>
 		</tr>
 		</thead>
 		<tbody>
 		<tr>
 			<td>
 				Character name:&nbsp;<input type=text name="nick" value="{{ nick }}" size="40" readonly="readonly"><br/>
 				Recovery key:&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="key" value="" size="40"><br/>
 			</td>
 		</tr>
 		</tbody>
 	</table>
 	<br>
 	<table style="width: 100%">
 		<tr>
 			<td>
 				<div style="text-align:center">
 					{% set button_name = 'Submit' %}
 					{% include('buttons.base.html.twig') %}
 				</div>
 			</td>
 		</tr>
 	</table>
 </form>
--- a/system/templates/account/lost/step2.html.twig
+++ b/system/templates/account/lost/step2.html.twig
@@ -1,35 +0,0 @@
 Set new password and e-mail to your account.<br>
 <form action="{{ getLink('account/lost/step-3') }}" method="post">
 	<input type="hidden" name="character" value="">
 	<table class="myaac-table" style="width: 100%">
 		<thead>
 		<tr>
 			<th class="white">
 				<b>Please enter new password and e-mail</b>
 			</th>
 		</tr>
 		</thead>
 		<tbody>
 		<tr>
 			<td>
 				Account of character:&nbsp;&nbsp;<input type="text" name="nick" value="{{ nick }}" size="40" readonly="readonly"><br/>
 				New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input id="passor" type="password" name="passor" value="" size="40"><br/>
 				Repeat new password:&nbsp;&nbsp;<input id="passor2" type="password" name="passor" value="" size="40"><br/>
 				New e-mail address:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input id="email" type="text" name="email" value="" size="40"><br/>
 				<input type="hidden" name="key" VALUE="{{ recKey }}">
 			</td>
 		</tr>
 		</tbody>
 	</table>
 	<br>
 	<table style="width: 100%">
 		<tr>
 			<td align="center">
 				{% set button_name = 'Submit' %}
 				{% include('buttons.base.html.twig') %}
 			</td>
 		</tr>
 </table>
 </form>
--- a/system/templates/mail.account.2fa.email-code.html.twig
+++ b/system/templates/mail.account.2fa.email-code.html.twig
@@ -0,0 +1,9 @@
 Dear {{ config.lua.serverName}} player,
 <br/><br/>
 Your account is protected by email code authentication, and you requested a new email code:
 <br/><br/>
 <p>{{ code }}</p>
 <br/>
 Note that the code is only valid for 24 hours.
 <br/><br/>
 Kind Regards,
--- a/system/templates/mail.account.2fa.email-code.wrong-attempt.html.twig
+++ b/system/templates/mail.account.2fa.email-code.wrong-attempt.html.twig
@@ -0,0 +1,5 @@
 Dear {{ config.lua.serverName}} player,<br/>
 <br/>
 A <strong>wrong two-factor authentication code</strong> was entered for your {{ config.lua.serverName}} account. If you simply mistyped the code, please try again.<br/>
 <br/>
 However, if this was <strong>not you</strong>, someone else may be trying to access your account. Since they already know your password, we strongly recommend that you <strong>change your password immediately</strong>.
--- a/system/templates/mail.account.lost.code.html.twig
+++ b/system/templates/mail.account.lost.code.html.twig
@@ -1,10 +0,0 @@
 You asked to reset your {{ config('lua')['serverName'] }} password.<br/>
 <p>Account name: {{ account.getName() }}</p>
 <br/>
 To do so, please click this link:
 <p>
 	<a href="{{ getLink('account/lost/check-code') }}?code={{ newCode }}&character={{ nick|urlencode }}">{{ getLink('account/lost/check-code') }}?code={{ newCode }}&character={{ nick|urlencode }}</a>
 </p>
 <p>or open page: <i>{{ getLink('account/lost/check-code') }}</i> and in field "code" write <b>{{ newCode }}</b></p>
 <br/>
 <p>If you did not request a password change, you may ignore this message and your password will remain unchanged.
--- a/system/templates/mail.account.lost.new-email.html.twig
+++ b/system/templates/mail.account.lost.new-email.html.twig
@@ -1,7 +0,0 @@
 <h3>Your account name and new password!</h3>
 <p>Changed password and e-mail to your account in Lost Account Interface on server <a href="{{ constant('BASE_URL') }}"><b>{{ config('lua')['serverName'] }}</b></a></p>
 <p>Account name: <b>{{ account.getName() }}</b></p>
 <p>New password: <b>{{ newPassword }}</b></p>
 <p>E-mail: <b>{{ $newEmail }}</b> (this e-mail)</p>
 <br/>
 <p><u>It's automatic e-mail from OTS Lost Account System. Do not reply!</u></p>
--- a/system/templates/mail.account.lost.new-password.html.twig
+++ b/system/templates/mail.account.lost.new-password.html.twig
@@ -1,6 +0,0 @@
 <h3>Your account name and password!</h3>
 <p>Changed password to your account in Lost Account Interface on server <a href="{{ constant('BASE_URL') }}"><b>{{ config('lua')['serverName'] }}</b></a></p>
 <p>Account name: <b>{{ account.getName() }}</b></p>
 <p>New password: <b>{{ newPassword }}</b></p>
 <br/>
 <p><u>It's automatic e-mail from OTS Lost Account System. Do not reply!</u></p>
--- a/system/templates/tables.style.html.twig
+++ b/system/templates/tables.style.html.twig
@@ -1,9 +1,6 @@
 <style>
 	.myaac-table {border-spacing: 1px;}
 	.myaac-table tbody tr:nth-child(even) {background: {{ config.lightborder }}}
 	.myaac-table tbody tr:nth-child(odd) {background:  {{ config.darkborder }}}
-	.myaac-table tbody td {padding: 4px; }
+	.myaac-table thead td {background: {{ config.vdarkborder }}; color: #ffffff !important;}
-	.myaac-table thead td {padding: 4px; background: {{ config.vdarkborder }}; color: #ffffff !important;}
+	.myaac-table tfoot td {background: {{ config.vdarkborder }}; color: #ffffff !important;}
 	.myaac-table thead th {padding: 4px; background: {{ config.vdarkborder }}; color: #ffffff !important;}
 	.myaac-table tfoot td {padding: 4px; background: {{ config.vdarkborder }}; color: #ffffff !important;}
 </style>
--- a/templates/tibiacom/account.management.html.twig
+++ b/templates/tibiacom/account.management.html.twig
@@ -290,6 +290,9 @@
 {% endset %}
 {% include 'tables.headline.html.twig' %}
 <br/>
 {{ include('account.2fa.main.html.twig') }}
 {{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS') }}
 <a name="Account+Logs" ></a>
 <div class="TopButtonContainer">
--- a/templates/tibiacom/basic.css
+++ b/templates/tibiacom/basic.css
@@ -943,6 +943,14 @@ img {
  font-size: 8pt;
  color: red;
 }
 .AttentionSign img {
 	float: left;
 	top: 3px;
 	left: 8px;
 	width: 15px;
 	height: 13px;
 	margin-right: 5px;
 }
 .SmallBox {
  position: relative;
  font-size: 1px;
Author	SHA1	Message	Date
slawkens	abee4b3962	Add spomky-labs/otphp	2025-09-14 13:01:51 +02:00
slawkens	fbdb6890b9	Working two factor email authentication	2025-09-14 11:38:01 +02:00
slawkens	041f58ed11	Merge branch 'main' into feature/2fa	2025-09-14 09:53:34 +02:00
slawkens	03c7dd0002	Merge branch 'main' into feature/2fa	2025-08-12 14:36:29 +02:00
slawkens	e435062025	[WIP] 2fa	2025-07-05 08:20:58 +02:00
slawkens	ecc9bd4042	Merge branch 'main' into feature/2fa	2025-07-01 14:18:38 +02:00
slawkens	797377e428	Replace TwoFactorAuth with self	2025-06-22 22:34:36 +02:00
slawkens	96b5df9d74	Merge branch 'main' into feature/2fa	2025-06-22 18:51:32 +02:00
slawkens	b3dfc56c96	[WIP] Working 2fa email auth	2025-06-22 18:50:54 +02:00
slawkens	96d6e04bd2	Update 46-account_email_codes.sql	2025-06-22 13:19:29 +02:00
slawkens	9146eee327	Move	2025-06-22 11:55:34 +02:00
slawkens	3d97fa0719	Merge branch 'main' into feature/2fa	2025-06-22 11:45:21 +02:00
slawkens	a66cafceab	2fa: first draft	2025-06-22 08:34:30 +02:00