Merge branch 'develop' into feature/debug-bar

1.0 will be our next release
we are starting to follow semantic versioning
2025-09-14 12:33:35 +02:00 · 2023-11-11 11:11:13 +01:00 · 2023-11-11 11:04:09 +01:00 · 2023-11-11 11:00:28 +01:00 · 2023-11-11 10:57:57 +01:00 · 2023-11-09 20:32:20 +01:00
226 changed files with 3483 additions and 2098 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -15,5 +15,5 @@ trim_trailing_whitespace = false
 [{composer.json,package.json}]
 indent_style = space
-[package.json]
+[{package.json, *.yml}]
 indent_size = 2
--- a/.gitattributes
+++ b/.gitattributes
@@ -9,6 +9,5 @@ release.sh export-ignore
 # cypress
 cypress export-ignore
 cypress.config.js export-ignore
 cypress.env.json
 *.sh text eol=lf
--- a/.gitignore
+++ b/.gitignore
@@ -35,6 +35,12 @@ images/guilds/*
 images/editor/*
 !images/editor/index.html
 # gallery images
 images/gallery/*
 !images/gallery/index.html
 !images/gallery/demon.jpg
 !images/gallery/demon_thumb.gif
 # cache
 system/cache/*
 !system/cache/index.html
--- a/README.md
+++ b/README.md
@@ -1,23 +1,29 @@
 # [MyAAC](https://my-aac.org)
 [![Build Status Master](https://img.shields.io/travis/slawkens/myaac/master)](https://travis-ci.org/github/slawkens/myaac)
 [![License: GPL-3.0](https://img.shields.io/github/license/slawkens/myaac)](https://opensource.org/licenses/gpl-license)
 [![Downloads Count](https://img.shields.io/github/downloads/slawkens/myaac/total)](https://github.com/slawkens/myaac/releases)
 [![PHP Versions](https://img.shields.io/travis/php-v/slawkens/myaac/master)](https://github.com/slawkens/myaac/blob/d8b3b4135827ee17e3c6d41f08a925e718c587ed/.travis.yml#L3)
 [![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
 [![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
 MyAAC is a free and open-source Automatic Account Creator (AAC) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
 Official website: https://my-aac.org
 [![GitHub Workflow Status (with event)](https://img.shields.io/github/actions/workflow/status/slawkens/myaac/cypress.yml)](https://github.com/slawkens/myaac/actions)
 [![License: GPL-3.0](https://img.shields.io/github/license/slawkens/myaac)](https://opensource.org/licenses/gpl-license)
 [![Downloads Count](https://img.shields.io/github/downloads/slawkens/myaac/total)](https://github.com/slawkens/myaac/releases)
 [![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
 [![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
 | Version    | Status                                    | Branch  | Requirements   |
 |:-----------|:------------------------------------------|:--------|:---------------|
 | **0.10.x** | **Active development**                    | develop | **PHP >= 8.0** |
 | 0.9.x      | Active support                            | 0.9     | PHP >= 7.2.5   |
 | 0.8.x      | Active support                            | master  | PHP >= 7.2.5   |
 | 0.7.x      | End Of Life                               | 0.7     | PHP >= 5.3.3   |
 ### Requirements
-	- PHP 5.6 or later
+	- PHP 8.0 or later
 	- MySQL database
 	- PDO PHP Extension
 	- XML PHP Extension
-	- ZIP PHP Extension
+	- (optional) ZIP PHP Extension
 	- (optional) mod_rewrite to use friendly_urls
 ### Installation
@@ -71,7 +77,13 @@ Look: [Contributing](https://github.com/otsoft/myaac/wiki/Contributing) in our w
 ### Other Notes
-	If you have a great idea or want contribute to the project - visit our website at https://www.my-aac.org
+If you have a great idea or want contribute to the project - visit our website at https://www.my-aac.org
 ## Project supported by JetBrains
 Many thanks to Jetbrains for kindly providing a license for me to work on this and other open-source projects.
 [![JetBrains](https://resources.jetbrains.com/storage/products/company/brand/logos/jb_beam.svg)](https://www.jetbrains.com/?from=https://github.com/slawkens)
 ### License
--- a/admin/index.php
+++ b/admin/index.php
@@ -30,10 +30,26 @@ if(!$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
 }
-// event system
+$hooks->register('debugbar_admin_head_end', HOOK_ADMIN_HEAD_END, function ($params) {
-require_once SYSTEM . 'hooks.php';
+	global $debugBar;
-$hooks = new Hooks();
+
-$hooks->load();
+	if (!isset($debugBar)) {
 		return;
 	}
 	$debugBarRenderer = $debugBar->getJavascriptRenderer();
 	echo $debugBarRenderer->renderHead();
 });
 $hooks->register('debugbar_admin_body_end', HOOK_ADMIN_BODY_END, function ($params) {
 	global $debugBar;
 	if (!isset($debugBar)) {
 		return;
 	}
 	$debugBarRenderer = $debugBar->getJavascriptRenderer();
 	echo $debugBarRenderer->render();
 });
 require SYSTEM . 'status.php';
 require SYSTEM . 'login.php';
--- a/admin/pages/accounts.php
+++ b/admin/pages/accounts.php
@@ -7,13 +7,19 @@
 * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Player;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Account editor';
 csrfProtect();
 $admin_base = ADMIN_URL . '?p=accounts';
 $use_datatable = true;
-if ($config['account_country'])
+if (setting('core.account_country'))
 	require SYSTEM . 'countries.conf.php';
 $nameOrNumberColumn = 'name';
@@ -27,7 +33,7 @@ $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $hasTypeColumn = $db->hasColumn('accounts', 'type');
 $hasGroupColumn = $db->hasColumn('accounts', 'group_id');
-if ($config['account_country']) {
+if (setting('core.account_country')) {
 	$countries = array();
 	foreach (array('pl', 'se', 'br', 'us', 'gb') as $c)
 		$countries[$c] = $config['countries'][$c];
@@ -79,7 +85,7 @@ else if (isset($_REQUEST['search'])) {
 		$account = new OTS_Account();
 		$account->load($id);
-		if (isset($account, $_POST['save']) && $account->isLoaded()) {
+		if (isset($_POST['save']) && $account->isLoaded()) {
 			$error = false;
 			$_error = '';
@@ -263,6 +269,9 @@ else if (isset($_REQUEST['search'])) {
 						<li class="nav-item">
 							<a class="nav-link active" id="accounts-acc-tab" data-toggle="pill" href="#accounts-acc">Account</a>
 						</li>
 						<li class="nav-item">
 							<a class="nav-link" id="accounts-logs-tab" data-toggle="pill" href="#accounts-logs">Logs</a>
 						</li>
 						<li class="nav-item">
 							<a class="nav-link" id="accounts-chars-tab" data-toggle="pill" href="#accounts-chars">Characters</a>
 						</li>
@@ -272,7 +281,7 @@ else if (isset($_REQUEST['search'])) {
 							</li>
 						<?php endif;
-						if ($db->hasTable('store_history')) : ?>
+						if ($db->hasTable('store_history') && $db->hasColumn('store_history', 'time')) : ?>
 							<li class="nav-item">
 								<a class="nav-link" id="accounts-store-tab" data-toggle="pill" href="#accounts-store">Store History</a>
 							</li>
@@ -283,6 +292,7 @@ else if (isset($_REQUEST['search'])) {
 					<div class="tab-content" id="accounts-tabContent">
 						<div class="tab-pane fade active show" id="accounts-acc">
 							<form action="<?php echo $admin_base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post">
 								<?php csrf(); ?>
 								<div class="form-group row">
 									<?php if (USE_ACCOUNT_NAME): ?>
 										<div class="col-12 col-sm-12 col-lg-4">
@@ -321,8 +331,8 @@ else if (isset($_REQUEST['search'])) {
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="group">Account Type:</label>
 											<select name="group" id="group" class="form-control">
-												<?php foreach ($acc_type as $id => $a_type): ?>
+												<?php foreach ($acc_type as $_id => $a_type): ?>
-													<option value="<?php echo($id); ?>" <?php echo($acc_group == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
+													<option value="<?php echo($_id); ?>" <?php echo($acc_group == ($_id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 												<?php endforeach; ?>
 											</select>
 										</div>
@@ -332,8 +342,8 @@ else if (isset($_REQUEST['search'])) {
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="group">Account Type:</label>
 											<select name="group" id="group" class="form-control">
-												<?php foreach ($groups->getGroups() as $id => $group): ?>
+												<?php foreach ($groups->getGroups() as $_id => $group): ?>
-													<option value="<?php echo $id; ?>" <?php echo($acc_group == $id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
+													<option value="<?php echo $_id; ?>" <?php echo($acc_group == $_id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
 												<?php endforeach; ?>
 											</select>
 										</div>
@@ -341,8 +351,8 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="web_flags">Website Access:</label>
 										<select name="web_flags" id="web_flags" class="form-control">
-											<?php foreach ($web_acc as $id => $a_type): ?>
+											<?php foreach ($web_acc as $_id => $a_type): ?>
-												<option value="<?php echo($id); ?>" <?php echo($account->getWebFlags() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
+												<option value="<?php echo($_id); ?>" <?php echo($account->getWebFlags() == ($_id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -397,8 +407,8 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-4">
 										<label for="rl_country">Country:</label>
 										<select name="rl_country" id="rl_country" class="form-control">
-											<?php foreach ($countries as $id => $a_type): ?>
+											<?php foreach ($countries as $_id => $a_type): ?>
-												<option value="<?php echo($id); ?>" <?php echo($account->getCountry() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
+												<option value="<?php echo($_id); ?>" <?php echo($account->getCountry() == ($_id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -420,12 +430,39 @@ else if (isset($_REQUEST['search'])) {
 								<a href="<?php echo ADMIN_URL; ?>?p=accounts" class="btn btn-danger float-right"><i class="fas fa-cancel"></i> Cancel</a>
 							</form>
 						</div>
 						<div class="tab-pane fade" id="accounts-logs">
 							<div class="row">
 								<table class="table table-striped table-condensed table-responsive d-md-table">
 									<thead>
 										<tr>
 											<th>#</th>
 											<th>Date</th>
 											<th>Action</th>
 											<th>IP</th>
 										</tr>
 									</thead>
 									<tbody>
 										<?php
 											$accountActions = \MyAAC\Models\AccountAction::where('account_id', $account->getId())->orderByDesc('date')->get();
 											foreach ($accountActions as $i => $log):
 												$log->ip = ($log->ip != 0 ? long2ip($log->ip) : inet_ntop($log->ipv6));
 												?>
 											<tr>
 												<td><?php echo $i + 1; ?></td>
 												<td><?= date("M d Y, H:i:s", $log->date); ?></td>
 												<td><?= $log->action; ?></td>
 												<td><?= $log->ip; ?></td>
 											</tr>
 											<?php endforeach; ?>
 									</tbody>
 								</table>
 							</div>
 						</div>
 						<div class="tab-pane fade" id="accounts-chars">
 							<div class="row">
 								<?php
 								if (isset($account) && $account->isLoaded()) {
-									$account_players = $account->getPlayersList();
+									$account_players = Player::where('account_id', $account->getId())->orderBy('id')->get();
 									$account_players->orderBy('id');
 									if (isset($account_players)) { ?>
 										<table class="table table-striped table-condensed table-responsive d-md-table">
 											<thead>
@@ -438,25 +475,13 @@ else if (isset($_REQUEST['search'])) {
 											</tr>
 											</thead>
 											<tbody>
-											<?php $i= 0;
+											<?php foreach ($account_players as $i => $player): ?>
 											foreach ($account_players as $i => $player):
 												$i++;
 												$player_vocation = $player->getVocation();
 												$player_promotion = $player->getPromotion();
 												if (isset($player_promotion)) {
 													if ((int)$player_promotion > 0)
 														$player_vocation += ($player_promotion * $config['vocations_amount']);
 												}
 												if (isset($config['vocations'][$player_vocation])) {
 													$vocation_name = $config['vocations'][$player_vocation];
 												} ?>
 												<tr>
-													<th><?php echo $i; ?></th>
+													<th><?php echo $i + 1; ?></th>
-													<td><?php echo $player->getName(); ?></td>
+													<td><?php echo $player->name; ?></td>
-													<td><?php echo $player->getLevel(); ?></td>
+													<td><?php echo $player->level; ?></td>
-													<td><?php echo $vocation_name; ?></td>
+													<td><?php echo $player->vocation_name; ?></td>
-													<td><a href="?p=players&id=<?php echo $player->getId() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
+													<td><a href="?p=players&id=<?php echo $player->getKey() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
 												</tr>
 											<?php endforeach ?>
 											</tbody>
@@ -523,7 +548,7 @@ else if (isset($_REQUEST['search'])) {
 								} ?>
 							</div>
 						<?php endif;
-						if ($db->hasTable('store_history')) { ?>
+						if ($db->hasTable('store_history') && $db->hasColumn('store_history', 'time')) { ?>
 							<div class="tab-pane fade" id="accounts-store">
 								<?php $store_history = $db->query('SELECT * FROM `store_history` WHERE `account_id` = "' . $account->getId() . '" ORDER BY `time` DESC')->fetchAll(); ?>
 								<table class="table table-striped table-condensed table-responsive d-md-table">
@@ -560,18 +585,20 @@ else if (isset($_REQUEST['search'])) {
 				<div class="row">
 					<div class="col-6 col-lg-12">
 						<form action="<?php echo $admin_base; ?>" method="post">
-							<label for="name">Account Name:</label>
+							<?php csrf(); ?>
 							<label for="search">Account Name:</label>
 							<div class="input-group input-group-sm">
-								<input type="text" class="form-control" name="search" value="<?php echo $search_account; ?>" maxlength="32" size="32">
+								<input type="text" class="form-control" id="search" name="search" value="<?= escapeHtml($search_account); ?>" maxlength="32" size="32">
 								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 							</div>
 						</form>
 					</div>
 					<div class="col-6 col-lg-12">
 						<form action="<?php echo $admin_base; ?>" method="post">
-							<label for="name">Account ID:</label>
+							<?php csrf(); ?>
 							<label for="id">Account ID:</label>
 							<div class="input-group input-group-sm">
-								<input type="text" class="form-control" name="id" value="" maxlength="32" size="32">
+								<input type="text" class="form-control" id="id" name="id" value="<?= $id; ?>" maxlength="32" size="32">
 								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 							</div>
 						</form>
--- a/admin/pages/changelog.php
+++ b/admin/pages/changelog.php
@@ -8,32 +8,34 @@
 * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Changelog as ModelsChangelog;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Changelog';
 csrfProtect();
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
 }
 $title = 'Changelog';
 $use_datatable = true;
 const CL_LIMIT = 600; // maximum changelog body length
 ?>
 <link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
 <script src="<?php echo BASE_URL; ?>tools/js/jquery.datetimepicker.js"></script>
 <?php
 $id = $_GET['id'] ?? 0;
 require_once LIBS . 'changelog.php';
 if(!empty($action))
 {
-	$id = $_REQUEST['id'] ?? null;
+	$id = $_POST['id'] ?? null;
-	$body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null;
+	$body = isset($_POST['body']) ? stripslashes($_POST['body']) : null;
-	$create_date = isset($_REQUEST['createdate']) ? (int)strtotime($_REQUEST['createdate'] ): null;
+	$create_date = isset($_POST['createdate']) ? (int)strtotime($_POST['createdate'] ): null;
-	$player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null;
+	$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : null;
-	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null;
+	$type = isset($_POST['type']) ? (int)$_POST['type'] : null;
-	$where = isset($_REQUEST['where']) ? (int)$_REQUEST['where'] : null;
+	$where = isset($_POST['where']) ? (int)$_POST['where'] : null;
 	$errors = array();
@@ -43,12 +45,13 @@ if(!empty($action))
 			$body = '';
 			$type = $where = $player_id = $create_date = 0;
-			success("Added successful.");
+			success('Added successful.');
 		}
 	}
 	else if($action == 'delete') {
-		Changelog::delete($id, $errors);
+		if (Changelog::delete($id, $errors)) {
-		success("Deleted successful.");
+			success('Deleted successful.');
 		}
 	}
 	else if($action == 'edit')
 	{
@@ -65,20 +68,21 @@ if(!empty($action))
 				$action = $body = '';
 				$type = $where = $player_id = $create_date = 0;
-				success("Updated successful.");
+				success('Updated successful.');
 			}
 		}
 	}
 	else if($action == 'hide') {
-		Changelog::toggleHidden($id, $errors, $status);
+		if (Changelog::toggleHidden($id, $errors, $status)) {
-		success(($status == 1 ? 'Show' : 'Hide') . " successful.");
+			success(($status == 1 ? 'Hide' : 'Show') . ' successful.');
 		}
 	}
 	if(!empty($errors))
 		error(implode(", ", $errors));
 }
-$changelogs = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'changelog' . '` ORDER BY `id` DESC')->fetchAll();
+$changelogs = ModelsChangelog::orderBy('id')->get()->toArray();
 $i = 0;
@@ -110,7 +114,7 @@ if($action == 'edit' || $action == 'new') {
 	$account_players->orderBy('group_id', POT::ORDER_DESC);
 	$twig->display('admin.changelog.form.html.twig', array(
 		'action' => $action,
-		'cl_link_form' => constant('ADMIN_URL').'?p=changelog&action=' . ($action == 'edit' ? 'edit' : 'new'),
+		'cl_link_form' => constant('ADMIN_URL').'?p=changelog',
 		'cl_id' => $id ?? null,
 		'body' => isset($body) ? escapeHtml($body) : '',
 		'create_date' => $create_date ?? '',
@@ -125,15 +129,3 @@ if($action == 'edit' || $action == 'new') {
 $twig->display('admin.changelog.html.twig', array(
 	'changelogs' => $changelogs,
 ));
 ?>
 <script>
 	$(document).ready(function () {
 		$('#createdate').datetimepicker({format: "M d Y, H:i:s",});
 		$('.tb_datatable').DataTable({
 			"order": [[0, "desc"]],
 			"columnDefs": [{targets: [1, 2,4,5],orderable: false}]
 		});
 	});
 </script>
--- a/admin/pages/dashboard.php
+++ b/admin/pages/dashboard.php
@@ -10,7 +10,9 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Dashboard';
-if (isset($_GET['clear_cache'])) {
+csrfProtect();
 if (isset($_POST['clear_cache'])) {
 	if (clearCache()) {
 		success('Cache cleared.');
 	} else {
@@ -18,7 +20,7 @@ if (isset($_GET['clear_cache'])) {
 	}
 }
-if (isset($_GET['maintenance'])) {
+if (isset($_POST['maintenance'])) {
 	$message = (!empty($_POST['message']) ? $_POST['message'] : null);
 	$_status = (isset($_POST['status']) && $_POST['status'] == 'true');
 	$_status = ($_status ? '0' : '1');
--- a/admin/pages/login.php
+++ b/admin/pages/login.php
@@ -10,6 +10,8 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Login';
 csrfProtect();
 require PAGES . 'account/login.php';
 if ($logged) {
 	header('Location: ' . (admin() ? ADMIN_URL : BASE_URL));
--- a/admin/pages/mailer.php
+++ b/admin/pages/mailer.php
@@ -10,6 +10,8 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Mailer';
 csrfProtect();
 if (!hasFlag(FLAG_CONTENT_MAILER) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
@@ -20,7 +22,7 @@ if (!setting('core.mail_enabled')) {
 	return;
 }
-$mail_to = isset($_REQUEST['mail_to']) ? stripslashes(trim($_REQUEST['mail_to'])) : null;
+$mail_to = isset($_POST['mail_to']) ? stripslashes(trim($_POST['mail_to'])) : null;
 $mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : null;
 $mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : null;
@@ -54,7 +56,7 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
 	$failed = 0;
 	$add = '';
-	if (config('account_mail_verify')) {
+	if (setting('core.account_mail_verify')) {
 		note('Note: Sending only to users with verified E-Mail.');
 		$add = ' AND `email_verified` = 1';
 	}
--- a/admin/pages/mass_account.php
+++ b/admin/pages/mass_account.php
@@ -9,10 +9,15 @@
 * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Account;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Mass Account Actions';
 csrfProtect();
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $freePremium = $config['lua']['freePremium'];
@@ -26,15 +31,14 @@ function admin_give_points($points)
 		return;
 	}
 	$statement = $db->prepare('UPDATE `accounts` SET `premium_points` = `premium_points` + :points');
 	if (!$statement) {
 		displayMessage('Failed to prepare query statement.');
 		return;
 	}
-	if (!$statement->execute([
+	if (!Account::query()->increment('premium_points', $points)) {
 		'points' => $points
 	])) {
 		displayMessage('Failed to add points.');
 		return;
 	}
@@ -50,15 +54,7 @@ function admin_give_coins($coins)
 		return;
 	}
-	$statement = $db->prepare('UPDATE `accounts` SET `coins` = `coins` + :coins');
+	if (!Account::query()->increment('coins', $coins)) {
 	if (!$statement) {
 		displayMessage('Failed to prepare query statement.');
 		return;
 	}
 	if (!$statement->execute([
 		'coins' => $coins
 	])) {
 		displayMessage('Failed to add coins.');
 		return;
 	}
--- a/admin/pages/mass_teleport.php
+++ b/admin/pages/mass_teleport.php
@@ -8,22 +8,21 @@
 * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Player;
 use MyAAC\Models\PlayerOnline;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Mass Teleport Actions';
-function admin_teleport_position($x, $y, $z) {
+csrfProtect();
 	global $db;
 	$statement = $db->prepare('UPDATE `players` SET `posx` = :x, `posy` = :y, `posz` = :z');
 	if (!$statement) {
 		displayMessage('Failed to prepare query statement.');
 		return;
 	}
-	if (!$statement->execute([
+function admin_teleport_position($x, $y, $z) {
-		'x' => $x, 'y' => $y, 'z' => $z
+	if (!Player::query()->update([
 		'posx' => $x, 'posy' => $y, 'posz' => $z
 	])) {
-		displayMessage('Failed to execute query.');
+		displayMessage('Failed to execute query. Probably already updated.');
 		return;
 	}
@@ -31,17 +30,10 @@ function admin_teleport_position($x, $y, $z) {
 }
 function admin_teleport_town($town_id) {
-	global $db;
+	if (!Player::query()->update([
-	$statement = $db->prepare('UPDATE `players` SET `town_id` = :town_id');
+		'town_id' => $town_id,
 	if (!$statement) {
 		displayMessage('Failed to prepare query statement.');
 		return;
 	}
 	if (!$statement->execute([
 		'town_id' => $town_id
 	])) {
-		displayMessage('Failed to execute query.');
+		displayMessage('Failed to execute query. Probably already updated.');
 		return;
 	}
@@ -58,13 +50,12 @@ if (isset($_POST['action']) && $_POST['action'])    {
 		$playersOnline = 0;
 		if($db->hasTable('players_online')) {// tfs 1.0
-			$query = $db->query('SELECT count(*) AS `count` FROM `players_online`');
+			$playersOnline = PlayerOnline::count();
 		} else {
-			$query = $db->query('SELECT count(*) AS `count` FROM `players` WHERE `players`.`online` > 0');
+			$playersOnline = Player::online()->count();
 		}
-		$playersOnline = $query->fetch(PDO::FETCH_ASSOC);
+		if ($playersOnline > 0) {
 		if ($playersOnline['count'] > 0) {
 			displayMessage('Please, close the server before execute this action otherwise players will not be affected.');
 			return;
 		}
--- a/admin/pages/menus.php
+++ b/admin/pages/menus.php
@@ -7,35 +7,48 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Menu;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Menus';
 csrfProtect();
 if (!hasFlag(FLAG_CONTENT_MENUS) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
 }
-if (isset($_REQUEST['template'])) {
+if (isset($_POST['template'])) {
-	$template = $_REQUEST['template'];
+	$template = $_POST['template'];
-	if (isset($_REQUEST['menu'])) {
+	if (isset($_POST['menu'])) {
-		$post_menu = $_REQUEST['menu'];
+		$post_menu = $_POST['menu'];
-		$post_menu_link = $_REQUEST['menu_link'];
+		$post_menu_link = $_POST['menu_link'];
-		$post_menu_blank = $_REQUEST['menu_blank'];
+		$post_menu_blank = $_POST['menu_blank'];
-		$post_menu_color = $_REQUEST['menu_color'];
+		$post_menu_color = $_POST['menu_color'];
 		if (count($post_menu) != count($post_menu_link)) {
 			echo 'Menu count is not equal menu links. Something went wrong when sending form.';
 			return;
 		}
-		$db->query('DELETE FROM `' . TABLE_PREFIX . 'menu` WHERE `template` = ' . $db->quote($template));
+		Menu::where('template', $template)->delete();
 		foreach ($post_menu as $category => $menus) {
 			foreach ($menus as $i => $menu) {
 				if (empty($menu)) // don't save empty menu item
 					continue;
 				try {
-					$db->insert(TABLE_PREFIX . 'menu', array('template' => $template, 'name' => $menu, 'link' => $post_menu_link[$category][$i], 'blank' => $post_menu_blank[$category][$i] == 'on' ? 1 : 0, 'color' => str_replace('#', '', $post_menu_color[$category][$i]), 'category' => $category, 'ordering' => $i));
+					Menu::create([
 						'template' => $template,
 						'name' => $menu,
 						'link' => $post_menu_link[$category][$i],
 						'blank' => $post_menu_blank[$category][$i] == 'on' ? 1 : 0,
 						'color' => str_replace('#', '', $post_menu_color[$category][$i]),
 						'category' => $category,
 						'ordering' => $i
 					]);
 				} catch (PDOException $error) {
 					warning('Error while adding menu item (' . $menu . '): ' . $error->getMessage());
 				}
@@ -58,6 +71,16 @@ if (isset($_REQUEST['template'])) {
 		return;
 	}
 	if (isset($_GET['reset_colors'])) {
 		if (isset($config['menu_default_color'])) {
 			Menu::where('template', $template)->update(['color' => str_replace('#', '', $config['menu_default_color'])]);
 			success('Colors has been reset.');
 		}
 		else {
 			warning('There is no default color defined, cannot reset colors.');
 		}
 	}
 	if (!isset($config['menu_categories'])) {
 		echo "No menu categories set in template config.php.<br/>This template doesn't support dynamic menus.";
 		return;
@@ -71,17 +94,31 @@ if (isset($_REQUEST['template'])) {
 			Hint: Add links to external sites using: <b>http://</b> or <b>https://</b> prefix.<br/>
 			Not all templates support blank and colorful links.
 		</p>
 		<?php if (isset($config['menu_default_color'])) {?>
 		<form method="post" action="?p=menus&reset_colors" onsubmit="return confirm('Do you really want to reset colors?');">
 			<?php csrf(); ?>
 			<input type="hidden" name="template" value="<?php echo $template ?>"/>
 			<button type="submit" class="btn btn-danger">Reset Colors to default</button>
 		</form>
 		<br/>
 		<?php } ?>
 	</div>
 	<?php
-	$menus = array();
+	$menus = Menu::query()
-	$menus_db = $db->query('SELECT `name`, `link`, `blank`, `color`, `category`, `ordering` FROM `' . TABLE_PREFIX . 'menu` WHERE `enabled` = 1 AND `template` = ' . $db->quote($template) . ' ORDER BY `ordering` ASC;')->fetchAll();
+		->select('name', 'link', 'blank', 'color', 'category', 'ordering')
-	foreach ($menus_db as $menu) {
+		->where('enabled', 1)
-		$menus[$menu['category']][] = array('name' => $menu['name'], 'link' => $menu['link'], 'blank' => $menu['blank'], 'color' => $menu['color'], 'ordering' => $menu['ordering']);
+		->where('template', $template)
-	}
+		->orderBy('ordering')
 		->get()
 		->groupBy('category')
 		->toArray();
 	$last_id = array();
 	?>
 	<form method="post" id="menus-form" action="?p=menus">
 		<?php csrf(); ?>
 		<input type="hidden" name="template" value="<?php echo $template ?>"/>
 		<button type="submit" class="btn btn-info">Save</button><br/><br/>
 		<div class="row">
 			<?php foreach ($config['menu_categories'] as $id => $cat): ?>
 				<div class="col-md-12 col-lg-6">
@@ -113,7 +150,7 @@ if (isset($_REQUEST['template'])) {
 		</div>
 		<div class="row pb-2">
 			<div class="col-md-12">
-				<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> Save</button>
+				<button type="submit" class="btn btn-info">Save</button>
 				<?php
 				echo '<button type="button" class="btn btn-danger float-right" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus\';"><i class="fas fa-cancel"></i> Cancel</button>';
 				?>
@@ -129,7 +166,7 @@ if (isset($_REQUEST['template'])) {
 	?>
 	<?php
 } else {
-	$templates = $db->query('SELECT `template` FROM `' . TABLE_PREFIX . 'menu` GROUP BY `template`;')->fetchAll();
+	$templates = Menu::select('template')->distinct()->get()->toArray();
 	foreach ($templates as $key => $value) {
 		$file = TEMPLATES . $value['template'] . '/config.php';
 		if (!file_exists($file)) {
--- a/admin/pages/modules/balance.php
+++ b/admin/pages/modules/balance.php
@@ -1,7 +1,14 @@
 <?php
 use MyAAC\Models\Player;
 defined('MYAAC') or die('Direct access not allowed!');
-$balance = ($db->hasColumn('players', 'balance') ? $db->query('SELECT `balance`, `id`, `name`,`level` FROM `players` ORDER BY `balance` DESC LIMIT 10;') : 0);
+$balance = 0;
 if ($db->hasColumn('players', 'balance')) {
 	$balance = Player::orderByDesc('balance')->limit(10)->get(['balance', 'id','name', 'level'])->toArray();
 }
 $twig->display('balance.html.twig', array(
 	'balance' => $balance
--- a/admin/pages/modules/coins.php
+++ b/admin/pages/modules/coins.php
@@ -1,7 +1,14 @@
 <?php
 use MyAAC\Models\Account;
 defined('MYAAC') or die('Direct access not allowed!');
-$coins = ($db->hasColumn('accounts', 'coins') ?  $db->query('SELECT `coins`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `coins` DESC LIMIT 10;') : 0);
+$coins = 0;
 if ($db->hasColumn('accounts', 'coins')) {
 	$coins = Account::orderByDesc('coins')->limit(10)->get(['coins', (USE_ACCOUNT_NAME ? 'name' : 'id')])->toArray();
 }
 $twig->display('coins.html.twig', array(
 	'coins' => $coins
--- a/admin/pages/modules/created.php
+++ b/admin/pages/modules/created.php
@@ -1,8 +1,15 @@
 <?php
 use MyAAC\Models\Account;
 defined('MYAAC') or die('Direct access not allowed!');
-$players = ($db->hasColumn('accounts', 'created') ? $db->query('SELECT `created`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `created` DESC LIMIT 10;') : 0);
+$accounts = 0;
 if ($db->hasColumn('accounts', 'created')) {
 	$accounts = Account::orderByDesc('created')->limit(10)->get(['created', (USE_ACCOUNT_NAME ? 'name' : 'id')])->toArray();
 }
 $twig->display('created.html.twig', array(
-	'players' => $players,
+	'accounts' => $accounts,
 ));
--- a/admin/pages/modules/lastlogin.php
+++ b/admin/pages/modules/lastlogin.php
@@ -1,7 +1,15 @@
 <?php
 use MyAAC\Models\Player;
 defined('MYAAC') or die('Direct access not allowed!');
-$players = ($db->hasColumn('players', 'lastlogin') ? $db->query('SELECT name, level, lastlogin FROM players ORDER BY lastlogin DESC LIMIT 10;') : 0);
+$players = 0;
 if ($db->hasColumn('players', 'lastlogin')) {
 	$players = Player::orderByDesc('lastlogin')->limit(10)->get(['name', 'level', 'lastlogin'])->toArray();
 }
 $twig->display('lastlogin.html.twig', array(
 	'players' => $players,
 ));
--- a/admin/pages/modules/points.php
+++ b/admin/pages/modules/points.php
@@ -1,7 +1,14 @@
 <?php
 use MyAAC\Models\Account;
 defined('MYAAC') or die('Direct access not allowed!');
-$points = ($db->hasColumn('accounts', 'premium_points') ? $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;') : 0);
+$points = 0;
 if ($db->hasColumn('accounts', 'premium_points')) {
 	$coins = Account::orderByDesc('premium_points')->limit(10)->get(['premium_points', (USE_ACCOUNT_NAME ? 'name' : 'id')])->toArray();
 }
 $twig->display('points.html.twig', array(
 	'points' => $points,
--- a/admin/pages/modules/statistics.php
+++ b/admin/pages/modules/statistics.php
@@ -1,11 +1,20 @@
 <?php
 use MyAAC\Models\Account;
 use MyAAC\Models\Guild;
 use MyAAC\Models\House;
 use MyAAC\Models\Monster;
 use MyAAC\Models\Player;
 defined('MYAAC') or die('Direct access not allowed!');
-$count = $db->query('SELECT
+$count = $eloquentConnection->query()
-  (SELECT COUNT(*) FROM `accounts`) as total_accounts, 
+	->select([
-  (SELECT COUNT(*) FROM `players`) as total_players,
+		'total_accounts' => Account::selectRaw('COUNT(id)'),
-  (SELECT COUNT(*) FROM `guilds`) as total_guilds,
+		'total_players' => Player::selectRaw('COUNT(id)'),
-  (SELECT COUNT(*) FROM `' . TABLE_PREFIX . 'monsters`) as total_monsters,
+		'total_guilds' => Guild::selectRaw('COUNT(id)'),
-  (SELECT COUNT(*) FROM `houses`) as total_houses;')->fetch();
+		'total_monsters' => Monster::selectRaw('COUNT(id)'),
 		'total_houses' => House::selectRaw('COUNT(id)'),
 	])->first();
 $twig->display('statistics.html.twig', array(
 	'count' => $count,
--- a/admin/pages/modules/templates/created.html.twig
+++ b/admin/pages/modules/templates/created.html.twig
@@ -1,4 +1,4 @@
-{% if players is iterable %}
+{% if accounts is iterable %}
 	<div class=" col-md-6 col-lg-3">
 		<div class="card card-info card-outline">
 			<div class="card-header">
@@ -15,7 +15,7 @@
 					</thead>
 					<tbody>
 					{% set i = 0 %}
-					{% for result in players %}
+					{% for result in accounts %}
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
--- a/admin/pages/modules/templates/web_status.twig
+++ b/admin/pages/modules/templates/web_status.twig
@@ -1,28 +1,32 @@
 <div class="col-12 col-md-6">
 	<div class="card card-warning card-outline">
-		<form action="?p=dashboard&maintenance" method="post" class="form-horizontal">
+		<div class="card-header">
-			<div class="card-header">
+			<span class="m-0">Website Status<span class="float-right">
-				<span class="m-0">Website Status<span class="float-right">
+			<div class="custom-control custom-switch custom-switch-off-danger custom-switch-on-success">
-				<div class="custom-control custom-switch custom-switch-off-danger custom-switch-on-success">
+				<input form="maintenance-form" type="checkbox" class="custom-control-input" name="status" id="status" value="true" {% if not is_closed %} checked{% endif %}>
-					<input type="checkbox" class="custom-control-input" name="status" id="status" value="true" {% if not is_closed %} checked{% endif %}>
+				<label id="status-label" class="custom-control-label" for="status"> {% if is_closed %}Closed{% else %}Open{% endif %}</label>
-					<label id="status-label" class="custom-control-label" for="status"> {% if is_closed %}Closed{% else %}Open{% endif %}</label>
+			</div></span>
-				</div></span>
+			</span>
-				</span>
+		</div>
 		<div class="card-body p-2">
 			<div class="col-sm-12">
 				<label for="message" class="col-form-label">Maintenance Message</label>
 				<textarea form="maintenance-form" name="message" class="form-control" cols="40" rows="3" maxlength="255" placeholder="Enter ...">{{ closed_message }}</textarea>
 				<small>(only visible if closed)</small>
 			</div>
-			<div class="card-body p-2">
+		</div>
-				<div class="col-sm-12">
+		<div class="card-footer">
-					<label for="message" class="col-form-label">Maintenance Message</label>
+			<form id="maintenance-form" method="post" action="?p=dashboard" class="float-left">
-					<textarea name="message" class="form-control" cols="40" rows="3" maxlength="255" placeholder="Enter ...">{{ closed_message }}</textarea>
+				{{ csrf() }}
-					<small>(only visible if closed)</small>
+				<input type="hidden" name="maintenance" value="1" />
 				</div>
 			</div>
 			<div class="card-footer">
 				<button type="submit" class="btn btn-info"><i class="far fa-update"></i> Update</button>
-				<a href="?p=dashboard&clear_cache" onclick="return confirm('Are you sure?');" class="float-right">
+			</form>
-					<span class="btn btn-danger"><i class="fas fa-clear"></i>Clear cache</span>
+			<form method="post" action="?p=dashboard" class="float-right">
-				</a>
+				{{ csrf() }}
-			</div>
+				<input type="hidden" name="clear_cache" value="1" />
-		</form>
+				<button type="submit" onclick="return confirm('Are you sure that you want to clear cache?');" class="btn btn-danger" title="Clear Cache"><i class="fas fa-clear"></i>Clear cache</button>
 			</form>
 		</div>
 	</div>
 </div>
--- a/admin/pages/news.php
+++ b/admin/pages/news.php
@@ -9,12 +9,15 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'News Panel';
 csrfProtect();
 $use_datatable = true;
 require_once LIBS . 'forum.php';
 require_once LIBS . 'news.php';
 $title = 'News Panel';
 $use_datatable = true;
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
@@ -23,25 +26,25 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 header('X-XSS-Protection:0');
 // some constants, used mainly by database (cannot by modified without schema changes)
-define('NEWS_TITLE_LIMIT', 100);
+const NEWS_TITLE_LIMIT = 100;
-define('NEWS_BODY_LIMIT', 65535); // maximum news body length
+const NEWS_BODY_LIMIT = 65535; // maximum news body length
-define('ARTICLE_TEXT_LIMIT', 300);
+const ARTICLE_TEXT_LIMIT = 300;
-define('ARTICLE_IMAGE_LIMIT', 100);
+const ARTICLE_IMAGE_LIMIT = 100;
 $name = $p_title = '';
 if(!empty($action))
 {
-	$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : null;
+	$id = $_POST['id'] ?? null;
-	$p_title = isset($_REQUEST['title']) ? $_REQUEST['title'] : null;
+	$p_title = $_POST['title'] ?? null;
-	$body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null;
+	$body = isset($_POST['body']) ? stripslashes($_POST['body']) : null;
-	$comments = isset($_REQUEST['comments']) ? $_REQUEST['comments'] : null;
+	$comments = $_POST['comments'] ?? null;
-	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null;
+	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : 1;
-	$category = isset($_REQUEST['category']) ? (int)$_REQUEST['category'] : null;
+	$category = isset($_POST['category']) ? (int)$_POST['category'] : null;
-	$player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null;
+	$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : null;
-	$article_text = isset($_REQUEST['article_text']) ? $_REQUEST['article_text'] : null;
+	$article_text = $_POST['article_text'] ?? null;
-	$article_image = isset($_REQUEST['article_image']) ? $_REQUEST['article_image'] : null;
+	$article_image = $_POST['article_image'] ?? null;
-	$forum_section = isset($_REQUEST['forum_section']) ? $_REQUEST['forum_section'] : null;
+	$forum_section = $_POST['forum_section'] ?? null;
-	$errors = array();
+	$errors = [];
 	if($action == 'new') {
 		if(isset($forum_section) && $forum_section != '-1') {
@@ -52,12 +55,13 @@ if(!empty($action))
 			$p_title = $body = $comments = $article_text = $article_image = '';
 			$type = $category = $player_id = 0;
-			success("Added successful.");
+			success('Added successful.');
 		}
 	}
 	else if($action == 'delete') {
-		News::delete($id, $errors);
+		if (News::delete($id, $errors)) {
-		success("Deleted successful.");
+			success('Deleted successful.');
 		}
 	}
 	else if($action == 'edit')
 	{
@@ -82,13 +86,14 @@ if(!empty($action))
 				$action = $p_title = $body = $comments = $article_text = $article_image = '';
 				$type = $category = $player_id = 0;
-				success("Updated successful.");
+				success('Updated successful.');
 			}
 		}
 	}
 	else if($action == 'hide') {
-		News::toggleHidden($id, $errors, $status);
+		if (News::toggleHidden($id, $errors, $status)) {
-		success(($status == 1 ? 'Show' : 'Hide') . " successful.");
+			success(($status == 1 ? 'Hide' : 'Show') . ' successful.');
 		}
 	}
 	if(!empty($errors))
@@ -114,12 +119,10 @@ if($action == 'edit' || $action == 'new') {
 	$account_players->orderBy('group_id', POT::ORDER_DESC);
 	$twig->display('admin.news.form.html.twig', array(
 		'action' => $action,
 		'news_link' => getLink(PAGE),
 		'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'new'),
 		'news_id' => $id ?? null,
 		'title' => $p_title ?? '',
 		'body' => isset($body) ? escapeHtml($body) : '',
-		'type' => $type ?? null,
+		'type' => $type,
 		'player' => isset($player) && $player->isLoaded() ? $player : null,
 		'player_id' => $player_id ?? null,
 		'account_players' => $account_players,
--- a/admin/pages/notepad.php
+++ b/admin/pages/notepad.php
@@ -7,46 +7,35 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Notepad as ModelsNotepad;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Notepad';
-$notepad_content = Notepad::get($account_logged->getId());
+csrfProtect();
 /**
 * @var $account_logged OTS_Account
 */
 $_content = '';
 $notepad = ModelsNotepad::where('account_id', $account_logged->getId())->first();
 if (isset($_POST['content'])) {
 	$_content = html_entity_decode(stripslashes($_POST['content']));
-	if (!$notepad_content)
+	if (!$notepad) {
-		Notepad::create($account_logged->getId(), $_content);
+		ModelsNotepad::create([
-	else
+			'account_id' => $account_logged->getId(),
-		Notepad::update($account_logged->getId(), $_content);
+			'content' => $_content
 		]);
 	}
 	else {
 		ModelsNotepad::where('account_id', $account_logged->getId())->update(['content' => $_content]);
 	}
-	echo '<div class="success" style="text-align: center;">Saved at ' . date('H:i') . '</div>';
+	success('Saved at ' . date('H:i'));
 } else {
-	if ($notepad_content !== false)
+	if ($notepad)
-		$_content = $notepad_content;
+		$_content = $notepad->content;
 }
-$twig->display('admin.notepad.html.twig', array('content' => isset($_content) ? $_content : null));
+$twig->display('admin.notepad.html.twig', ['content' => $_content]);
 class Notepad
 {
 	static public function get($account_id)
 	{
 		global $db;
 		$query = $db->select(TABLE_PREFIX . 'notepad', array('account_id' => $account_id));
 		if ($query !== false)
 			return $query['content'];
 		return false;
 	}
 	static public function create($account_id, $content = '')
 	{
 		global $db;
 		$db->insert(TABLE_PREFIX . 'notepad', array('account_id' => $account_id, 'content' => $content));
 	}
 	static public function update($account_id, $content = '')
 	{
 		global $db;
 		$db->update(TABLE_PREFIX . 'notepad', array('content' => $content), array('account_id' => $account_id));
 	}
 }
--- a/admin/pages/pages.php
+++ b/admin/pages/pages.php
@@ -7,10 +7,16 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Pages as ModelsPages;
 use MyAAC\Admin\Pages;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Pages';
 $use_datatable = true;
 csrfProtect();
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
@@ -26,31 +32,36 @@ $enable_tinymce = true;
 $access = 0;
 // some constants, used mainly by database (cannot by modified without schema changes)
-define('PAGE_TITLE_LIMIT', 30);
+const PAGE_TITLE_LIMIT = 30;
-define('PAGE_NAME_LIMIT', 30);
+const PAGE_NAME_LIMIT = 30;
-define('PAGE_BODY_LIMIT', 65535); // maximum page body length
+const PAGE_BODY_LIMIT = 65535; // maximum page body length
 if (!empty($action)) {
-	if ($action == 'delete' || $action == 'edit' || $action == 'hide')
+	if ($action == 'delete' || $action == 'edit' || $action == 'hide') {
-		$id = $_REQUEST['id'];
+		$id = $_POST['id'];
 	if (isset($_REQUEST['name']))
 		$name = $_REQUEST['name'];
 	if (isset($_REQUEST['title']))
 		$p_title = $_REQUEST['title'];
 	$php = isset($_REQUEST['php']) && $_REQUEST['php'] == 1;
 	$enable_tinymce = isset($_REQUEST['enable_tinymce']) && $_REQUEST['enable_tinymce'] == 1;
 	if ($php)
 		$body = $_REQUEST['body'];
 	else if (isset($_REQUEST['body'])) {
 		//$body = $_REQUEST['body'];
 		$body = html_entity_decode(stripslashes($_REQUEST['body']));
 	}
-	if (isset($_REQUEST['access']))
+	if (isset($_POST['name'])) {
-		$access = $_REQUEST['access'];
+		$name = $_POST['name'];
 	}
 	if (isset($_POST['title'])) {
 		$p_title = $_POST['title'];
 	}
 	$php = isset($_POST['php']) && $_POST['php'] == 1;
 	$enable_tinymce = isset($_POST['enable_tinymce']) && $_POST['enable_tinymce'] == 1;
 	if ($php) {
 		$body = $_POST['body'];
 	}
 	else if (isset($_POST['body'])) {
 		//$body = $_POST['body'];
 		$body = html_entity_decode(stripslashes($_POST['body']));
 	}
 	if (isset($_POST['access'])) {
 		$access = $_POST['access'];
 	}
 	$errors = array();
 	$player_id = 1;
@@ -67,7 +78,7 @@ if (!empty($action)) {
 		if (Pages::delete($id, $errors))
 			success('Page with id ' . $id . ' has been deleted');
 	} else if ($action == 'edit') {
-		if (isset($id) && !isset($_REQUEST['name'])) {
+		if (isset($id) && !isset($_POST['name'])) {
 			$_page = Pages::get($id);
 			$name = $_page['name'];
 			$p_title = $_page['title'];
@@ -86,29 +97,26 @@ if (!empty($action)) {
 			}
 		}
 	} else if ($action == 'hide') {
-		Pages::toggleHidden($id, $errors, $status);
+		if (Pages::toggleHidden($id, $errors, $status)) {
-		success(($status == 1 ? 'Show' : 'Hide') . ' successful.');
+			success(($status == 0 ? 'Show' : 'Hide') . ' successful.');
 		}
 	}
 	if (!empty($errors))
 		error(implode(", ", $errors));
 }
-$query =
+$pages = ModelsPages::all()->map(function ($e) {
-	$db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'pages'));
+	return [
 		'link' => getFullLink($e->name, $e->name, true),
 		'title' => substr($e->title, 0, 20),
 		'php' => $e->php == '1',
 		'id' => $e->id,
 		'hidden' => $e->hidden
 	];
 })->toArray();
-$pages = array();
+$twig->display('admin.pages.form.html.twig', [
 foreach ($query as $_page) {
 	$pages[] = array(
 		'link' => getFullLink($_page['name'], $_page['name'], true),
 		'title' => substr($_page['title'], 0, 20),
 		'php' => $_page['php'] == '1',
 		'id' => $_page['id'],
 		'hidden' => $_page['hidden']
 	);
 }
 $twig->display('admin.pages.form.html.twig', array(
 	'action' => $action,
 	'id' => $action == 'edit' ? $id : null,
 	'name' => $name,
@@ -118,143 +126,8 @@ $twig->display('admin.pages.form.html.twig', array(
 	'body' => isset($body) ? escapeHtml($body) : '',
 	'groups' => $groups->getGroups(),
 	'access' => $access
-));
+]);
-$twig->display('admin.pages.html.twig', array(
+$twig->display('admin.pages.html.twig', [
 	'pages' => $pages
-));
+]);
 class Pages
 {
 	static public function verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
 	{
 		if(!isset($title[0]) || !isset($body[0])) {
 			$errors[] = 'Please fill all inputs.';
 			return false;
 		}
 		if(strlen($name) > PAGE_NAME_LIMIT) {
 			$errors[] = 'Page name cannot be longer than ' . PAGE_NAME_LIMIT . ' characters.';
 			return false;
 		}
 		if(strlen($title) > PAGE_TITLE_LIMIT) {
 			$errors[] = 'Page title cannot be longer than ' . PAGE_TITLE_LIMIT . ' characters.';
 			return false;
 		}
 		if(strlen($body) > PAGE_BODY_LIMIT) {
 			$errors[] = 'Page content cannot be longer than ' . PAGE_BODY_LIMIT . ' characters.';
 			return false;
 		}
 		if(!isset($player_id) || $player_id == 0) {
 			$errors[] = 'Player ID is wrong.';
 			return false;
 		}
 		if(!isset($php) || ($php != 0 && $php != 1)) {
 			$errors[] = 'Enable PHP is wrong.';
 			return false;
 		}
 		if ($php == 1 && !getBoolean(setting('core.admin_pages_php_enable'))) {
 			$errors[] = 'PHP pages disabled on this server. To enable go to Settings in Admin Panel and enable <strong>Enable PHP Pages</strong>.';
 			return false;
 		}
 		if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) {
 			$errors[] = 'Enable TinyMCE is wrong.';
 			return false;
 		}
 		if(!isset($access) || $access < 0 || $access > PHP_INT_MAX) {
 			$errors[] = 'Access is wrong.';
 			return false;
 		}
 		return true;
 	}
 	static public function get($id)
 	{
 		global $db;
 		$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
 		if ($query !== false)
 			return $query;
 		return false;
 	}
 	static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
 	{
 		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
 			return false;
 		}
 		global $db;
 		$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name));
 		if ($query === false)
 			$db->insert(TABLE_PREFIX . 'pages',
 				array(
 					'name' => $name,
 					'title' => $title,
 					'body' => $body,
 					'player_id' => $player_id,
 					'php' => $php ? '1' : '0',
 					'enable_tinymce' => $enable_tinymce ? '1' : '0',
 					'access' => $access
 				)
 			);
 		else
 			$errors[] = 'Page with this link already exists.';
 		return !count($errors);
 	}
 	static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
 	{
 		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
 			return false;
 		}
 		global $db;
 		$db->update(TABLE_PREFIX . 'pages',
 			array(
 				'name' => $name,
 				'title' => $title,
 				'body' => $body,
 				'player_id' => $player_id,
 				'php' => $php ? '1' : '0',
 				'enable_tinymce' => $enable_tinymce ? '1' : '0',
 				'access' => $access
 			),
 			array('id' => $id));
 		return true;
 	}
 	static public function delete($id, &$errors)
 	{
 		global $db;
 		if (isset($id)) {
 			if ($db->select(TABLE_PREFIX . 'pages', array('id' => $id)) !== false)
 				$db->delete(TABLE_PREFIX . 'pages', array('id' => $id));
 			else
 				$errors[] = 'Page with id ' . $id . ' does not exists.';
 		} else
 			$errors[] = 'id not set';
 		return !count($errors);
 	}
 	static public function toggleHidden($id, &$errors, &$status)
 	{
 		global $db;
 		if (isset($id)) {
 			$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
 			if ($query !== false) {
 				$db->update(TABLE_PREFIX . 'pages', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
 				$status = $query['hidden'];
 			}
 			else {
 				$errors[] = 'Page with id ' . $id . ' does not exists.';
 			}
 		} else
 			$errors[] = 'id not set';
 		return !count($errors);
 	}
 }
--- a/admin/pages/players.php
+++ b/admin/pages/players.php
@@ -7,9 +7,15 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Player;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Player editor';
 csrfProtect();
 $player_base = ADMIN_URL . '?p=players';
 $use_datatable = true;
@@ -72,7 +78,7 @@ else if (isset($_REQUEST['search'])) {
 		$player = new OTS_Player();
 		$player->load($id);
-		if (isset($player) && $player->isLoaded() && isset($_POST['save'])) {// we want to save
+		if ($player->isLoaded() && isset($_POST['save'])) {// we want to save
 			$error = false;
 			if ($player->isOnline())
@@ -370,6 +376,7 @@ else if (isset($_REQUEST['search'])) {
 					</ul>
 				</div>
 				<form action="<?php echo $player_base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post">
 					<?php csrf(); ?>
 					<div class="card-body">
 						<div class="tab-content" id="tabs-tabContent">
 							<div class="tab-pane fade active show" id="tabs-home">
@@ -387,8 +394,8 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="group">Group:</label>
 										<select name="group" id="group" class="form-control custom-select">
-											<?php foreach ($groups->getGroups() as $id => $group): ?>
+											<?php foreach ($groups->getGroups() as $_id => $group): ?>
-												<option value="<?php echo $id; ?>" <?php echo($player->getGroup()->getId() == $id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
+												<option value="<?php echo $_id; ?>" <?php echo($player->getGroup()->getId() == $_id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -396,8 +403,8 @@ else if (isset($_REQUEST['search'])) {
 										<label for="vocation">Vocation</label>
 										<select name="vocation" id="vocation" class="form-control custom-select">
 											<?php
-											foreach ($config['vocations'] as $id => $name) {
+											foreach ($config['vocations'] as $_id => $name) {
-												echo '<option value=' . $id . ($id == $player->getVocation() ? ' selected' : '') . '>' . $name . '</option>';
+												echo '<option value=' . $_id . ($_id == $player->getVocation() ? ' selected' : '') . '>' . $name . '</option>';
 											}
 											?>
 										</select>
@@ -407,8 +414,8 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="sex">Sex:</label>
 										<select name="sex" id="sex" class="form-control custom-select">>
-											<?php foreach ($config['genders'] as $id => $sex): ?>
+											<?php foreach ($config['genders'] as $_id => $sex): ?>
-												<option value="<?php echo $id; ?>" <?php echo($player->getSex() == $id ? 'selected' : ''); ?>><?php echo strtolower($sex); ?></option>
+												<option value="<?php echo $_id; ?>" <?php echo($player->getSex() == $_id ? 'selected' : ''); ?>><?php echo strtolower($sex); ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -421,8 +428,8 @@ else if (isset($_REQUEST['search'])) {
 												$configTowns[$player->getTownId()] = 'Unknown Town';
 											}
-											foreach ($configTowns as $id => $town): ?>
+											foreach ($configTowns as $_id => $town): ?>
-												<option value="<?php echo $id; ?>" <?php echo($player->getTownId() == $id ? 'selected' : ''); ?>><?php echo $town; ?></option>
+												<option value="<?php echo $_id; ?>" <?php echo($player->getTownId() == $_id ? 'selected' : ''); ?>><?php echo $town; ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -433,8 +440,8 @@ else if (isset($_REQUEST['search'])) {
 										<select name="skull" id="skull" class="form-control custom-select">
 											<?php
-											foreach ($skull_type as $id => $s_name) {
+											foreach ($skull_type as $_id => $s_name) {
-												echo '<option value=' . $id . ($id == $player->getSkull() ? ' selected' : '') . '>' . $s_name . '</option>';
+												echo '<option value=' . $_id . ($_id == $player->getSkull() ? ' selected' : '') . '>' . $s_name . '</option>';
 											}
 											?>
 										</select>
@@ -551,22 +558,22 @@ else if (isset($_REQUEST['search'])) {
 							</div>
 							<div class="tab-pane fade" id="tabs-skills">
 								<?php
-								foreach ($skills as $id => $info) {
+								foreach ($skills as $_id => $info) {
 									?>
 									<div class="form-group row">
 										<div class="col-12 col-sm-12 col-lg-6">
-											<?php echo '<label for="skills[' . $id . ']" class="control-label">' . $info[0] . '</label>
+											<?php echo '<label for="skills[' . $_id . ']" class="control-label">' . $info[0] . '</label>
-									<input type="text" class="form-control" id="skills[' . $id . ']" name="skills[' . $id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkill($id) . '"/>'; ?>
+									<input type="text" class="form-control" id="skills[' . $_id . ']" name="skills[' . $_id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkill($_id) . '"/>'; ?>
 										</div>
 										<div class="col-12 col-sm-12 col-lg-6">
-											<?php echo '<label for="skills_tries[' . $id . ']" class="control-label">' . $info[0] . ' tries</label>
+											<?php echo '<label for="skills_tries[' . $_id . ']" class="control-label">' . $info[0] . ' tries</label>
-									<input type="text" class="form-control" id="skills_tries[' . $id . ']" name="skills_tries[' . $id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkillTries($id) . '"/>'; ?>
+									<input type="text" class="form-control" id="skills_tries[' . $_id . ']" name="skills_tries[' . $_id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkillTries($_id) . '"/>'; ?>
 										</div>
 									</div>
 								<?php } ?>
 							</div>
 							<div class="tab-pane fade" id="tabs-pos">
-								<?php $outfit = $config['outfit_images_url'] . '?id=' . $player->getLookType() . ($hasLookAddons ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet(); ?>
+								<?php $outfit = setting('core.outfit_images_url') . '?id=' . $player->getLookType() . ($hasLookAddons ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet(); ?>
 								<div id="imgchar" style="width:64px;height:64px;position:absolute; top:30px; right:30px">
 									<img id="player_outfit" style="margin-left:0;margin-top:0;width:64px;height:64px;" src="<?php echo $outfit; ?>" alt="player outfit"/>
 								</div>
@@ -619,7 +626,7 @@ else if (isset($_REQUEST['search'])) {
 										if ($outfitlist) { ?>
 											<select name="look_type" id="look_type" class="form-control custom-select">
 												<?php
-												foreach ($outfitlist as $id => $outfit) {
+												foreach ($outfitlist as $_id => $outfit) {
 													if ($outfit['enabled'] == 'yes') ;
 													echo '<option value=' . $outfit['id'] . ($outfit['id'] == $player->getLookType() ? ' selected' : '') . '>' . $outfit['name'] . ' - ' . ($outfit['type'] == 1 ? 'Male' : 'Female') . '</option>';
 												}
@@ -635,8 +642,8 @@ else if (isset($_REQUEST['search'])) {
 											<select name="look_addons" id="look_addons" class="form-control custom-select">
 												<?php
 												$addon_type = array("None", "First", "Second", "Both");
-												foreach ($addon_type as $id => $s_name) {
+												foreach ($addon_type as $_id => $s_name) {
-													echo '<option value=' . $id . ($id == $player->getLookAddons() ? ' selected' : '') . '>' . $s_name . '</option>';
+													echo '<option value=' . $_id . ($_id == $player->getLookAddons() ? ' selected' : '') . '>' . $s_name . '</option>';
 												}
 												?>
 											</select>
@@ -701,7 +708,7 @@ else if (isset($_REQUEST['search'])) {
 								<div class="form-group row">
 									<div class="col-12">
 										<label for="comment" class="control-label">Comment:</label>
-										<textarea class="form-control" name="comment" rows="10" cols="50" wrap="virtual"><?php echo $player->getCustomField("comment"); ?></textarea>
+										<textarea class="form-control" id="comment" name="comment" rows="10" cols="50" wrap="virtual"><?php echo $player->getCustomField("comment"); ?></textarea>
 										<small>[max. length: 2000 chars, 50 lines (ENTERs)]</small>
 									</div>
 								</div>
@@ -744,8 +751,7 @@ else if (isset($_REQUEST['search'])) {
 								<div class="row">
 									<?php
 									if (isset($account) && $account->isLoaded()) {
-										$account_players = $account->getPlayersList();
+										$account_players = Player::where('account_id', $account->getId())->orderBy('id')->get();
 										$account_players->orderBy('id');
 										if (isset($account_players)) { ?>
 											<table class="table table-striped table-condensed table-responsive d-md-table">
 												<thead>
@@ -758,23 +764,13 @@ else if (isset($_REQUEST['search'])) {
 												</tr>
 												</thead>
 												<tbody>
-												<?php foreach ($account_players as $i => $player):
+												<?php foreach ($account_players as $i => $player): ?>
 													$player_vocation = $player->getVocation();
 													$player_promotion = $player->getPromotion();
 													if (isset($player_promotion)) {
 														if ((int)$player_promotion > 0)
 															$player_vocation += ($player_promotion * $config['vocations_amount']);
 													}
 													if (isset($config['vocations'][$player_vocation])) {
 														$vocation_name = $config['vocations'][$player_vocation];
 													} ?>
 													<tr>
-														<th><?php echo $i; ?></th>
+														<th><?php echo $i + 1; ?></th>
-														<td><?php echo $player->getName(); ?></td>
+														<td><?php echo $player->name; ?></td>
-														<td><?php echo $player->getLevel(); ?></td>
+														<td><?php echo $player->level; ?></td>
-														<td><?php echo $vocation_name; ?></td>
+														<td><?php echo $player->vocation_name; ?></td>
-														<td><a href="?p=players&id=<?php echo $player->getId() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
+														<td><a href="?p=players&id=<?php echo $player->getKey() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
 													</tr>
 												<?php endforeach ?>
 												</tbody>
@@ -849,7 +845,7 @@ else if (isset($_REQUEST['search'])) {
 				<?php if($hasLookAddons): ?>
 				const $addonvalue = $('#look_addons');
-				$('#look_addons').on('change', () => {
+				$addonvalue.on('change', () => {
 					updateOutfit();
 				});
 				<?php endif; ?>
@@ -866,7 +862,7 @@ else if (isset($_REQUEST['search'])) {
 				<?php if($hasLookAddons): ?>
 				look_addons = '&addons=' + $('#look_addons').val();
 				<?php endif; ?>
-				$("#player_outfit").attr("src", '<?= $config['outfit_images_url']; ?>?id=' + look_type + look_addons + '&head=' + look_head + '&body=' + look_body + '&legs=' + look_legs + '&feet=' + look_feet);
+				$("#player_outfit").attr("src", '<?= setting('core.outfit_images_url'); ?>?id=' + look_type + look_addons + '&head=' + look_head + '&body=' + look_body + '&legs=' + look_legs + '&feet=' + look_feet);
 			}
 		</script>
 	<?php } ?>
@@ -878,18 +874,20 @@ else if (isset($_REQUEST['search'])) {
 			<div class="card-body row">
 				<div class="col-6 col-lg-12">
 					<form action="<?php echo $player_base; ?>" method="post">
-						<label for="name">Player Name:</label>
+						<?php csrf(); ?>
 						<label for="search">Player Name:</label>
 						<div class="input-group input-group-sm">
-							<input type="text" class="form-control" name="search" value="<?php echo $search_player; ?>" maxlength="32" size="32">
+							<input type="text" class="form-control" id="search" name="search" value="<?= escapeHtml($search_player); ?>" maxlength="32" size="32">
 							<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 						</div>
 					</form>
 				</div>
 				<div class="col-6 col-lg-12">
 					<form action="<?php echo $player_base; ?>" method="post">
-						<label for="name">Player ID:</label>
+						<?php csrf(); ?>
 						<label for="id">Player ID:</label>
 						<div class="input-group input-group-sm">
-							<input type="text" class="form-control" name="id" value="" maxlength="32" size="32">
+							<input type="text" class="form-control" id="id" name="id" value="<?= $id; ?>" maxlength="32" size="32">
 							<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 						</div>
 					</form>
@@ -900,7 +898,7 @@ else if (isset($_REQUEST['search'])) {
 </div>
 <script>
-	$(document).ready(function () {
+	$(function () {
 		$('.player_datatable').DataTable({
 			"order": [[0, "asc"]]
 		});
--- a/admin/pages/plugins.php
+++ b/admin/pages/plugins.php
@@ -9,6 +9,9 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Plugin manager';
 csrfProtect();
 $use_datatable = true;
 require_once LIBS . 'plugins.php';
@@ -19,23 +22,23 @@ if (!getBoolean(setting('core.admin_plugins_manage_enable'))) {
 else {
 	$twig->display('admin.plugins.form.html.twig');
-	if (isset($_REQUEST['uninstall'])) {
+	if (isset($_POST['uninstall'])) {
-		$uninstall = $_REQUEST['uninstall'];
+		$uninstall = $_POST['uninstall'];
 		if (Plugins::uninstall($uninstall)) {
 			success('Successfully uninstalled plugin ' . $uninstall);
 		} else {
 			error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
 		}
-	} else if (isset($_REQUEST['enable'])) {
+	} else if (isset($_POST['enable'])) {
-		$enable = $_REQUEST['enable'];
+		$enable = $_POST['enable'];
 		if (Plugins::enable($enable)) {
 			success('Successfully enabled plugin ' . $enable);
 		} else {
 			error('Error while enabling plugin ' . $enable . ': ' . Plugins::getError());
 		}
-	} else if (isset($_REQUEST['disable'])) {
+	} else if (isset($_POST['disable'])) {
-		$disable = $_REQUEST['disable'];
+		$disable = $_POST['disable'];
 		if (Plugins::disable($disable)) {
 			success('Successfully disabled plugin ' . $disable);
 		} else {
@@ -116,7 +119,7 @@ foreach (get_plugins(true) as $plugin) {
 	if (!$plugin_info) {
 		warning('Cannot load plugin info ' . $plugin . '.json');
 	} else {
-		$disabled = (strpos($plugin, 'disabled.') !== false);
+		$disabled = (str_contains($plugin, 'disabled.'));
 		$pluginOriginal = ($disabled ? str_replace('disabled.', '', $plugin) : $plugin);
 		$plugins[] = array(
 			'name' => $plugin_info['name'] ?? '',
--- a/admin/pages/statistics.php
+++ b/admin/pages/statistics.php
@@ -7,26 +7,25 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Account;
 use MyAAC\Models\Guild;
 use MyAAC\Models\House;
 use MyAAC\Models\Player;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Statistics';
-$query = $db->query('SELECT count(*) as `how_much` FROM `accounts`;');
+$total_accounts = Account::count();
-$query = $query->fetch();
+$total_players = Player::count();
-$total_accounts = $query['how_much'];
+$total_guilds = Guild::count();
 $total_houses = House::count();
-$query = $db->query('SELECT count(*) as `how_much` FROM `players`;');
+$points = Account::select(['premium_points', (USE_ACCOUNT_NAME ? 'name' : 'id')])
-$query = $query->fetch();
+	->orderByDesc('premium_points')
-$total_players = $query['how_much'];
+	->limit(10)
-
+	->get()
-$query = $db->query('SELECT count(*) as `how_much` FROM `guilds`;');
+	->toArray();
 $query = $query->fetch();
 $total_guilds = $query['how_much'];
 $query = $db->query('SELECT count(*) as `how_much` FROM `houses`;');
 $query = $query->fetch();
 $total_houses = $query['how_much'];
 $points = $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;');
 $twig->display('admin.statistics.html.twig', array(
 	'total_accounts' => $total_accounts,
--- a/admin/tools/settings_save.php
+++ b/admin/tools/settings_save.php
@@ -6,11 +6,18 @@ require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
 require SYSTEM . 'login.php';
 // event system
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
 $hooks->load();
 if(!admin()) {
 	http_response_code(500);
 	die('Access denied.');
 }
 csrfProtect();
 if (!isset($_REQUEST['plugin'])) {
 	http_response_code(500);
 	die('Please enter plugin name.');
@@ -23,7 +30,7 @@ if (!isset($_POST['settings'])) {
 $settings = Settings::getInstance();
-$settings->save($_REQUEST['plugin'], $_POST['settings']);
+$success = $settings->save($_REQUEST['plugin'], $_POST['settings']);
 $errors = $settings->getErrors();
 if (count($errors) > 0) {
@@ -31,4 +38,6 @@ if (count($errors) > 0) {
 	die(implode('<br/>', $errors));
 }
-echo 'Saved at ' . date('H:i');
+if ($success) {
 	echo 'Saved at ' . date('H:i');
 }
--- a/common.php
+++ b/common.php
@@ -23,10 +23,10 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
-if (version_compare(phpversion(), '7.2.5', '<')) die('PHP version 7.2.5 or higher is required.');
+if (version_compare(phpversion(), '8.0', '<')) die('PHP version 8.0 or higher is required.');
 const MYAAC = true;
-const MYAAC_VERSION = '0.10.0-dev';
+const MYAAC_VERSION = '1.0-dev';
 const DATABASE_VERSION = 36;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
@@ -108,6 +108,13 @@ const TFS_FIRST = TFS_02;
 const TFS_LAST = TFS_03;
 // other definitions
 const MAIL_MAIL = 0;
 const MAIL_SMTP = 1;
 const SMTP_SECURITY_NONE = 0;
 const SMTP_SECURITY_SSL = 1;
 const SMTP_SECURITY_TLS = 2;
 const ACCOUNT_NUMBER_LENGTH = 8;
 if (!IS_CLI) {
@@ -136,7 +143,7 @@ if(!IS_CLI) {
 		}
 	}
-	define('SERVER_URL', 'http' . (isset($_SERVER['HTTPS'][0]) && strtolower($_SERVER['HTTPS']) === 'on' ? 's' : '') . '://' . $baseHost);
+	define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
 	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
 	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
@@ -147,6 +154,7 @@ if (file_exists(BASE . 'config.local.php')) {
 	require BASE . 'config.local.php';
 }
 /** @var array $config */
 ini_set('log_errors', 1);
 if(@$config['env'] === 'dev') {
 	ini_set('display_errors', 1);
@@ -165,3 +173,11 @@ if (!is_file($autoloadFile)) {
 }
 require $autoloadFile;
 function isHttps(): bool
 {
 	return
 		(!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https')
 		|| (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
 		|| (isset($_SERVER['SERVER_PORT']) && (int) $_SERVER['SERVER_PORT'] === 443);
 }
--- a/composer.json
+++ b/composer.json
@@ -1,6 +1,6 @@
 {
    "require": {
-        "php": "^7.2.5 || ^8.0",
+        "php": "^8.0",
        "ext-pdo": "*",
        "ext-pdo_mysql": "*",
        "ext-json": "*",
@@ -11,9 +11,17 @@
        "twig/twig": "^2.0",
        "erusev/parsedown": "^1.7",
        "nikic/fast-route": "^1.3",
-        "matomo/device-detector": "^6.0"
+        "matomo/device-detector": "^6.0",
        "illuminate/database": "^10.18",
        "peppeocchi/php-cron-scheduler": "4.*"
    },
    "require-dev": {
-        "filp/whoops": "^2.15"
+        "filp/whoops": "^2.15",
        "maximebf/debugbar": "dev-master"
    },
    "autoload": {
        "psr-4": {
            "MyAAC\\": "system/src"
        }
    }
 }
--- a/cypress/e2e/2-create-account.cy.js
+++ b/cypress/e2e/2-create-account.cy.js
@@ -14,7 +14,7 @@ describe('Create Account Page', () => {
 		cy.get('#email').type('tester@example.com')
 		cy.get('#password').type('test1234')
-		cy.get('#password2').type('test1234')
+		cy.get('#password_confirm').type('test1234')
 		cy.get('#character_name').type('Slaw')
--- a/cypress/e2e/3-check-public-pages.cy.js
+++ b/cypress/e2e/3-check-public-pages.cy.js
@@ -0,0 +1,174 @@
 describe('Check Public Pages', () => {
 	/// news
 	it('Go to news page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/news',
 			method: 'GET',
 		})
 	})
 	it('Go to news archive page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/news/archive',
 			method: 'GET',
 		})
 	})
 	it('Go to changelog page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/changelog',
 			method: 'GET',
 		})
 	})
 	/// account management
 	it('Go to account manage page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/manage',
 			method: 'GET',
 		})
 	})
 	it('Go to account create page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/create',
 			method: 'GET',
 		})
 	})
 	it('Go to account lost page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/lost',
 			method: 'GET',
 		})
 	})
 	it('Go to rules page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/rules',
 			method: 'GET',
 		})
 	})
 	// community
 	it('Go to online page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/online',
 			method: 'GET',
 		})
 	})
 	it('Go to characters list page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/characters',
 			method: 'GET',
 		})
 	})
 	it('Go to guilds page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/guilds',
 			method: 'GET',
 		})
 	})
 	it('Go to highscores page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/highscores',
 			method: 'GET',
 		})
 	})
 	it('Go to last kills page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/lastkills',
 			method: 'GET',
 		})
 	})
 	it('Go to houses page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/houses',
 			method: 'GET',
 		})
 	})
 	it('Go to bans page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/bans',
 			method: 'GET',
 		})
 	})
 	it('Go to forum page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/forum',
 			method: 'GET',
 		})
 	})
 	it('Go to team page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/team',
 			method: 'GET',
 		})
 	})
 	// library
 	it('Go to creatures page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/creatures',
 			method: 'GET',
 		})
 	})
 	it('Go to spells page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/spells',
 			method: 'GET',
 		})
 	})
 	it('Go to server info page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/serverInfo',
 			method: 'GET',
 		})
 	})
 	it('Go to commands page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/commands',
 			method: 'GET',
 		})
 	})
 	it('Go to downloads page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/downloads',
 			method: 'GET',
 		})
 	})
 	it('Go to gallery page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/gallery',
 			method: 'GET',
 		})
 	})
 	it('Go to experience table page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/experienceTable',
 			method: 'GET',
 		})
 	})
 	it('Go to faq page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/faq',
 			method: 'GET',
 		})
 	})
 })
--- a/cypress/e2e/4-check-protected-pages.cy.js
+++ b/cypress/e2e/4-check-protected-pages.cy.js
@@ -0,0 +1,81 @@
 const REQUIRED_LOGIN_MESSAGE = 'Please enter your account name and your password.';
 const YOU_ARE_NOT_LOGGEDIN = 'You are not logged in.';
 describe('Check Protected Pages', () => {
 	// character actions
 	it('Go to accouht character creation page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/character/create',
 			method: 'GET',
 		})
 		cy.contains(REQUIRED_LOGIN_MESSAGE)
 	})
 	it('Go to accouht character deletion page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/character/delete',
 			method: 'GET',
 		})
 		cy.contains(REQUIRED_LOGIN_MESSAGE)
 	})
 	// account actions
 	it('Go to accouht email change page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/email',
 			method: 'GET',
 		})
 		cy.contains(REQUIRED_LOGIN_MESSAGE)
 	})
 	it('Go to accouht password change page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/password',
 			method: 'GET',
 		})
 		cy.contains(REQUIRED_LOGIN_MESSAGE)
 	})
 	it('Go to accouht info change page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/info',
 			method: 'GET',
 		})
 		cy.contains(REQUIRED_LOGIN_MESSAGE)
 	})
 	it('Go to accouht logout change page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/account/logout',
 			method: 'GET',
 		})
 		cy.contains(REQUIRED_LOGIN_MESSAGE)
 	})
 	// guild actions
 	it('Go to guild creation page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/?subtopic=guilds&action=create',
 			method: 'GET',
 		})
 		cy.contains(YOU_ARE_NOT_LOGGEDIN)
 	})
 	it('Go to guilds cleanup players action page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/?subtopic=guilds&action=cleanup_players',
 			method: 'GET',
 		})
 		cy.contains(YOU_ARE_NOT_LOGGEDIN)
 	})
 	it('Go to guilds cleanup guilds action page', () => {
 		cy.visit({
 			url: Cypress.env('URL') + '/?subtopic=guilds&action=cleanup_guilds',
 			method: 'GET',
 		})
 		cy.contains(YOU_ARE_NOT_LOGGEDIN)
 	})
 })
--- a/images/gallery/index.html
+++ b/images/gallery/index.html
--- a/index.php
+++ b/index.php
@@ -71,10 +71,6 @@ if(!$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
 }
 // event system
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
 $hooks->load();
 require_once SYSTEM . 'template.php';
 require_once SYSTEM . 'login.php';
 require_once SYSTEM . 'status.php';
--- a/install/includes/schema.sql
+++ b/install/includes/schema.sql
@@ -127,75 +127,6 @@ CREATE TABLE `myaac_menu`
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 /* MENU_CATEGORY_NEWS kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Latest News', 'news', 1, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'News Archive', 'news/archive', 1, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Changelog', 'changelog', 1, 2);
 /* MENU_CATEGORY_ACCOUNT kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Account Management', 'account/manage', 2, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Create Account', 'account/create', 2, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Lost Account?', 'account/lost', 2, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Rules', 'rules', 2, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Downloads', 'downloads', 5, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Report Bug', 'bugtracker', 2, 5);
 /* MENU_CATEGORY_COMMUNITY kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Who is Online?', 'online', 3, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Characters', 'characters', 3, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Guilds', 'guilds', 3, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Highscores', 'highscores', 3, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Last Deaths', 'lastkills', 3, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Houses', 'houses', 3, 5);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Bans', 'bans', 3, 6);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Forum', 'forum', 3, 7);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Team', 'team', 3, 8);
 /* MENU_CATEGORY_LIBRARY kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Monsters', 'creatures', 5, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Spells', 'spells', 5, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Info', 'serverInfo', 5, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Commands', 'commands', 5, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Gallery', 'gallery', 5, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Experience Table', 'experienceTable', 5, 5);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'FAQ', 'faq', 5, 6);
 /* MENU_CATEGORY_SHOP kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Buy Points', 'points', 6, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop Offer', 'gifts', 6, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop History', 'gifts/history', 6, 2);
 /* MENU_CATEGORY_NEWS tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Latest News', 'news', 1, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'News Archive', 'news/archive', 1, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Changelog', 'changelog', 1, 2);
 /* MENU_CATEGORY_ACCOUNT tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Account Management', 'account/manage', 2, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Create Account', 'account/create', 2, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Lost Account?', 'account/lost', 2, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Rules', 'rules', 2, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Downloads', 'downloads', 2, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Report Bug', 'bugtracker', 2, 5);
 /* MENU_CATEGORY_COMMUNITY tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Characters', 'characters', 3, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Who Is Online?', 'online', 3, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Highscores', 'highscores', 3, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Last Kills', 'lastkills', 3, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Houses', 'houses', 3, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Guilds', 'guilds', 3, 5);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Polls', 'polls', 3, 6);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Bans', 'bans', 3, 7);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Support List', 'team', 3, 8);
 /* MENU_CATEGORY_FORUM tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Forum', 'forum', 4, 0);
 /* MENU_CATEGORY_LIBRARY tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Creatures', 'creatures', 5, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Spells', 'spells', 5, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Commands', 'commands', 5, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Exp Stages', 'experienceStages', 5, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Gallery', 'gallery', 5, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Info', 'serverInfo', 5, 5);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Experience Table', 'experienceTable', 5, 6);
 /* MENU_CATEGORY_SHOP tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Buy Points', 'points', 6, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop Offer', 'gifts', 6, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop History', 'gifts/history', 6, 2);
 CREATE TABLE `myaac_monsters` (
 	`id` int(11) NOT NULL AUTO_INCREMENT,
 	`hidden` tinyint(1) NOT NULL default 0,
--- a/install/index.php
+++ b/install/index.php
@@ -12,7 +12,7 @@ require SYSTEM . 'functions.php';
 require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 require SYSTEM . 'clients.conf.php';
-require LIBS . 'settings.php';
+require LIBS . 'Settings.php';
 // ignore undefined index from Twig autoloader
 $config['env'] = 'prod';
--- a/install/steps/5-database.php
+++ b/install/steps/5-database.php
@@ -34,6 +34,8 @@ if(!$error) {
 		}
 	}
 	$configToSave['gzip_output'] = false;
 	$configToSave['cache_engine'] = 'auto';
 	$configToSave['cache_prefix'] = 'myaac_' . generateRandomString(8, true, false, true);
 	require BASE . 'install/includes/config.php';
--- a/install/tools/7-finish.php
+++ b/install/tools/7-finish.php
@@ -45,6 +45,10 @@ if($success) {
 	success($locale['step_database_imported_players']);
 }
 require_once LIBS . 'plugins.php';
 Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php');
 Plugins::installMenus('tibiacom', require TEMPLATES . 'tibiacom/menus.php');
 require LIBS . 'DataLoader.php';
 DataLoader::setLocale($locale);
 DataLoader::load();
@@ -59,6 +63,14 @@ require_once SYSTEM . 'migrations/22.php';
 require_once SYSTEM . 'migrations/27.php';
 require_once SYSTEM . 'migrations/30.php';
 use MyAAC\Models\FAQ as ModelsFAQ;
 if(ModelsFAQ::count() == 0) {
 	ModelsFAQ::create([
 		'question' => 'What is this?',
 		'answer' => 'This is website for OTS powered by MyAAC.',
 	]);
 }
 $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_replace('tools/', '',ADMIN_URL), $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(str_replace('tools/', '', BASE_URL), $locale['step_finish_homepage'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$LINK$', generateLink('https://my-aac.org', 'https://my-aac.org', true), $locale['step_finish_desc']);
--- a/login.php
+++ b/login.php
@@ -1,4 +1,10 @@
 <?php
 use MyAAC\Models\BoostedCreature;
 use MyAAC\Models\PlayerOnline;
 use MyAAC\Models\Account;
 use MyAAC\Models\Player;
 require_once 'common.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
@@ -43,9 +49,9 @@ $action = $request->type ?? '';
 switch ($action) {
 	case 'cacheinfo':
-		$playersonline = $db->query("select count(*) from `players_online`")->fetchAll();
+		$playersonline = PlayerOnline::count();
 		die(json_encode([
-			'playersonline' => (intval($playersonline[0][0])),
+			'playersonline' => $playersonline,
 			'twitchstreams' => 0,
 			'twitchviewer' => 0,
 			'gamingyoutubestreams' => 0,
@@ -79,13 +85,11 @@ switch ($action) {
 		die(json_encode(['eventlist' => $eventlist, 'lastupdatetimestamp' => time()]));
 	case 'boostedcreature':
-		$boostDB = $db->query("select * from " . $db->tableName('boosted_creature'))->fetchAll();
+		$boostedCreature = BoostedCreature::latest();
 		foreach ($boostDB as $Tableboost) {
 		die(json_encode([
 			'boostedcreature' => true,
-			'raceid' => intval($Tableboost['raceid'])
+			'raceid' => $boostedCreature->raceid
 		]));
 		}
 	break;
 	case 'login':
@@ -112,29 +116,32 @@ switch ($action) {
 		];
 		$characters = [];
 		$account = new OTS_Account();
 		$inputEmail = $request->email ?? false;
 		$inputAccountName = $request->accountname ?? false;
 		$inputToken = $request->token ?? false;
 		$account = Account::query();
 		if ($inputEmail != false) { // login by email
-			$account->findByEmail($request->email);
+			$account->where('email', $inputEmail);
 		}
 		else if($inputAccountName != false) { // login by account name
-			$account->find($inputAccountName);
+			$account->where('name', $inputAccountName);
 		}
-		$current_password = encrypt((USE_ACCOUNT_SALT ? $account->getCustomField('salt') : '') . $request->password);
+		$account = $account->first();
-
+		if (!$account) {
-		if (!$account->isLoaded() || $account->getPassword() != $current_password) {
+			sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');
 		}
 		$current_password = encrypt((USE_ACCOUNT_SALT ? $account->salt : '') . $request->password);
 		if (!$account || $account->password != $current_password) {
 			sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');
 		}
 		//log_append('test.log', var_export($account->getCustomField('secret'), true));
 		$accountHasSecret = false;
 		if (fieldExist('secret', 'accounts')) {
-			$accountSecret = $account->getCustomField('secret');
+			$accountSecret = $account->secret;
 			if ($accountSecret != null && $accountSecret != '') {
 				$accountHasSecret = true;
 				if ($inputToken === false) {
@@ -159,18 +166,9 @@ switch ($action) {
 			$columns .= ', istutorial';
 		}
-		$players = $db->query("select {$columns} from players where account_id = " . $account->getId() . " AND deletion = 0");
+		$players = Player::where('account_id', $account->id)->notDeleted()->selectRaw($columns)->get();
-		if($players && $players->rowCount() > 0) {
+		if($players && $players->count()) {
-			$players = $players->fetchAll();
+			$highestLevelId = $players->sortByDesc('experience')->first()->getKey();
 			$highestLevelId = 0;
 			$highestLevel = 0;
 			foreach ($players as $player) {
 				if ($player['level'] >= $highestLevel) {
 					$highestLevel = $player['level'];
 					$highestLevelId = $player['id'];
 				}
 			}
 			foreach ($players as $player) {
 				$characters[] = create_char($player, $highestLevelId);
@@ -180,15 +178,10 @@ switch ($action) {
 		if (fieldExist('premdays', 'accounts') && fieldExist('lastday', 'accounts')) {
 			$save = false;
 			$timeNow = time();
-			$query = $db->query("select `premdays`, `lastday` from `accounts` where `id` = " . $account->getId());
+			$premDays = $account->premdays;
-			if ($query->rowCount() > 0) {
+			$lastDay = $account->lastday;
-				$query = $query->fetch();
+			$lastLogin = $lastDay;
-				$premDays = (int)$query['premdays'];
+
 				$lastDay = (int)$query['lastday'];
 				$lastLogin = $lastDay;
 			} else {
 				sendError("Error while fetching your account data. Please contact admin.");
 			}
 			if ($premDays != 0 && $premDays != PHP_INT_MAX) {
 				if ($lastDay == 0) {
 					$lastDay = $timeNow;
@@ -213,7 +206,9 @@ switch ($action) {
 				$save = true;
 			}
 			if ($save) {
-				$db->query("update `accounts` set `premdays` = " . $premDays . ", `lastday` = " . $lastDay . " where `id` = " . $account->getId());
+				$account->premdays = $premDays;
 				$account->lastday = $lastDay;
 				$account->save();
 			}
 		}
@@ -235,13 +230,11 @@ switch ($action) {
 			$sessionKey .= "\n".floor(time() / 30);
 		}
 		//log_append('slaw.log', $sessionKey);
 		$session = [
 			'sessionkey' => $sessionKey,
 			'lastlogintime' => 0,
-			'ispremium' => $config['lua']['freePremium'] || $account->isPremium(),
+			'ispremium' => $account->is_premium,
-			'premiumuntil' => ($account->getPremDays()) > 0 ? (time() + ($account->getPremDays() * 86400)) : 0,
+			'premiumuntil' => ($account->premium_days) > 0 ? (time() + ($account->premium_days * 86400)) : 0,
 			'status' => 'active', // active, frozen or suspended
 			'returnernotification' => false,
 			'showrewardnews' => true,
@@ -259,24 +252,23 @@ switch ($action) {
 }
 function create_char($player, $highestLevelId) {
 	global $config;
 	return [
 		'worldid' => 0,
-		'name' => $player['name'],
+		'name' => $player->name,
-		'ismale' => intval($player['sex']) === 1,
+		'ismale' => $player->sex === 1,
-		'tutorial' => isset($player['istutorial']) && $player['istutorial'],
+		'tutorial' => isset($player->istutorial) && $player->istutorial,
-		'level' => intval($player['level']),
+		'level' => $player->level,
-		'vocation' => $config['vocations'][$player['vocation']],
+		'vocation' => $player->vocation_name,
-		'outfitid' => intval($player['looktype']),
+		'outfitid' => $player->looktype,
-		'headcolor' => intval($player['lookhead']),
+		'headcolor' => $player->lookhead,
-		'torsocolor' => intval($player['lookbody']),
+		'torsocolor' => $player->lookbody,
-		'legscolor' => intval($player['looklegs']),
+		'legscolor' => $player->looklegs,
-		'detailcolor' => intval($player['lookfeet']),
+		'detailcolor' => $player->lookfeet,
-		'addonsflags' => intval($player['lookaddons']),
+		'addonsflags' => $player->lookaddons,
-		'ishidden' => isset($player['deletion']) && (int)$player['deletion'] === 1,
+		'ishidden' => $player->is_deleted,
 		'istournamentparticipant' => false,
-		'ismaincharacter' => $highestLevelId == $player['id'],
+		'ismaincharacter' => $highestLevelId === $player->getKey(),
-		'dailyrewardstate' => isset($player['isreward']) ? intval($player['isreward']) : 0,
+		'dailyrewardstate' => $player->isreward ?? 0,
 		'remainingdailytournamentplaytime' => 0
 	];
 }
--- a/package.json
+++ b/package.json
@@ -1,4 +1,7 @@
 {
  "scripts": {
    "cypress:open": "cypress open"
  },
  "devDependencies": {
    "cypress": "^12.12.0"
  }
--- a/plugins/account-create-hint/hint.html.twig
+++ b/plugins/account-create-hint/hint.html.twig
@@ -1,3 +1,3 @@
 To play on {{ config.lua.serverName }} you need an account.
-All you have to do to create your new account is to enter an account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %}, password{% if config.account_country %}, country{% endif %} and your email address.
+All you have to do to create your new account is to enter an account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %}, password{% if setting('core.account_country') %}, country{% endif %} and your email address.
 Also you have to agree to the terms presented below. If you have done so, your account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %} will be shown on the following page and your account password will be sent to your email address along with further instructions. If you do not receive the email with your password, please check your spam filter.<br/><br/>
--- a/plugins/email-confirmed-reward/reward.php
+++ b/plugins/email-confirmed-reward/reward.php
@@ -1,33 +1,37 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
-$reward = config('account_mail_confirmed_reward');
+$reward = setting('core.account_mail_confirmed_reward');
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
-if ($reward['coins'] > 0 && $hasCoinsColumn) {
+$rewardCoins = setting('core.account_mail_confirmed_reward_coins');
-	log_append('email_confirm_error.log', 'accounts.coins column does not exist.');
+if ($rewardCoins > 0 && !$hasCoinsColumn) {
 	log_append('error.log', 'email_confirm: accounts.coins column does not exist.');
 }
 if (!isset($account) || !$account->isLoaded()) {
 	log_append('email_confirm_error.log', 'Account not loaded.');
 	return;
 }
-if ($reward['premium_points'] > 0) {
+$rewardMessage = 'You received %d %s for confirming your E-Mail address.';
 	$account->setCustomField('premium_points', (int)$account->getCustomField('premium_points') + $reward['premium_points']);
-	success(sprintf($reward['message'], $reward['premium_points'], 'premium points'));
+$rewardPremiumPoints = setting('core.account_mail_confirmed_reward_premium_points');
 if ($rewardPremiumPoints > 0) {
 	$account->setCustomField('premium_points', (int)$account->getCustomField('premium_points') + $rewardPremiumPoints);
 	success(sprintf($rewardMessage, $rewardPremiumPoints, 'premium points'));
 }
-if ($reward['coins'] > 0 && $hasCoinsColumn) {
+if ($rewardCoins > 0 && $hasCoinsColumn) {
-	$account->setCustomField('coins', (int)$account->getCustomField('coins') + $reward['coins']);
+	$account->setCustomField('coins', (int)$account->getCustomField('coins') + $rewardCoins);
-	success(sprintf($reward['message'], $reward['coins'], 'coins'));
+	success(sprintf($rewardMessage, $rewardCoins, 'coins'));
 }
-if ($reward['premium_days'] > 0) {
+$rewardPremiumDays = setting('core.account_mail_confirmed_reward_premium_days');
-	$account->setPremDays($account->getPremDays() + $reward['premium_days']);
+if ($rewardPremiumDays > 0) {
 	$account->setPremDays($account->getPremDays() + $rewardPremiumDays);
 	$account->save();
-	success(sprintf($reward['message'], $reward['premium_days'], 'premium days'));
+	success(sprintf($rewardMessage, $rewardPremiumDays, 'premium days'));
 }
--- a/system/bin/cronjob.php
+++ b/system/bin/cronjob.php
@@ -0,0 +1,19 @@
 <?php
 require_once __DIR__ . '/../../common.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
 $hooks->load();
 use GO\Scheduler;
 // Create a new scheduler
 $scheduler = new Scheduler();
 $hooks->trigger(HOOK_CRONJOB, ['scheduler' => $scheduler]);
 // Let the scheduler execute jobs which are due.
 $scheduler->run();
--- a/system/bin/install_cronjob.php
+++ b/system/bin/install_cronjob.php
@@ -0,0 +1,50 @@
 <?php
 require_once __DIR__ . '/../../common.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
 if(!IS_CLI) {
 	echo 'This script can be run only in command line mode.' . PHP_EOL;
 	exit(1);
 }
 if (MYAAC_OS !== 'LINUX') {
 	echo 'This script can be run only on linux.' . PHP_EOL;
 	exit(1);
 }
 $job = '* * * * * /usr/bin/php ' . SYSTEM . 'bin/cronjob.php >> ' . SYSTEM . 'logs/cron.log 2>&1';
 if (cronjob_exists($job)) {
 	echo 'MyAAC cronjob already installed.' . PHP_EOL;
 	exit(0);
 }
 exec ('crontab -l', $content);
 $content = implode(' ', $content);
 $content .= PHP_EOL . $job;
 file_put_contents(CACHE . 'cronjob', $content . PHP_EOL);
 exec('crontab ' . CACHE. 'cronjob');
 echo 'Installed crontab successfully.' . PHP_EOL;
 function cronjob_exists($command)
 {
 	$cronjob_exists=false;
 	exec('crontab -l', $crontab);
 	if(isset($crontab)&&is_array($crontab)) {
 		$crontab = array_flip($crontab);
 		if(isset($crontab[$command])){
 			$cronjob_exists = true;
 		}
 	}
 	return $cronjob_exists;
 }
--- a/system/clients.conf.php
+++ b/system/clients.conf.php
@@ -99,4 +99,10 @@ $config['clients'] = [
 	1291,
 	1300,
 	1310,
 	1311,
 	1312,
 	1316,
 	1320,
 	1321,
 ];
--- a/system/compat/config.php
+++ b/system/compat/config.php
@@ -34,8 +34,18 @@ $deprecatedConfig = [
 	'news_limit',
 	'news_ticker_limit',
 	'news_date_format',
 	'guild_management',
 	'guild_need_level',
 	'guild_need_premium',
 	'guild_image_size_kb',
 	'guild_description_default',
 	'guild_description_chars_limit',
 	'guild_motd_chars_limit',
 	'highscores_groups_hidden',
 	'highscores_ids_hidden',
 	'highscores_vocation_box',
 	'highscores_vocation',
 	'highscores_outfit',
 	'online_record',
 	'online_vocations',
 	'online_vocations_images',
@@ -58,9 +68,14 @@ $deprecatedConfig = [
 	'status_ip',
 	'status_port',
 	'mail_enabled',
 	'mail_address',
 	'account_login_by_email',
 	'account_login_by_email_fallback',
 	'account_mail_verify',
 	'account_mail_unique',
 	'account_mail_change',
 	'account_premium_days',
 	'account_premium_points',
 	'account_create_character_create',
 	'account_change_character_name',
 	'account_change_character_name_points' => 'account_change_character_name_price',
--- a/system/database.php
+++ b/system/database.php
@@ -7,6 +7,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use Illuminate\Database\Capsule\Manager as Capsule;
 defined('MYAAC') or die('Direct access not allowed!');
 if (!isset($config['database_overwrite'])) {
@@ -91,21 +94,34 @@ if(!isset($config['database_socket'])) {
 	$config['database_socket'] = '';
 }
 try {
 	$ots->connect(array(
-			'host' => $config['database_host'],
+		'host' => $config['database_host'],
-			'user' => $config['database_user'],
+		'user' => $config['database_user'],
-			'password' => $config['database_password'],
+		'password' => $config['database_password'],
-			'database' => $config['database_name'],
+		'database' => $config['database_name'],
-			'log' => $config['database_log'],
+		'log' => $config['database_log'],
-			'socket' => @$config['database_socket'],
+		'socket' => @$config['database_socket'],
-			'persistent' => @$config['database_persistent']
+		'persistent' => @$config['database_persistent']
-		)
+	));
 	);
 	$db = POT::getInstance()->getDBHandle();
-}
+	$capsule = new Capsule;
-catch(PDOException $error) {
+	$capsule->addConnection([
 		'driver' => 'mysql',
 		'database' => $config['database_name'],
 	]);
 	$capsule->getConnection()->setPdo($db);
 	$capsule->getConnection()->setReadPdo($db);
 	$capsule->setAsGlobal();
 	$capsule->bootEloquent();
 	$eloquentConnection = $capsule->getConnection();
 } catch (Exception $e) {
 	if(isset($cache) && $cache->enabled()) {
 		$cache->delete('config_lua');
 	}
@@ -119,5 +135,5 @@ catch(PDOException $error) {
 		'<ul>' .
 			'<li>MySQL is not configured propertly in <i>config.lua</i>.</li>' .
 			'<li>MySQL server is not running.</li>' .
-		'</ul>' . $error->getMessage());
+		'</ul>' . $e->getMessage());
 }
--- a/system/functions.php
+++ b/system/functions.php
@@ -9,6 +9,12 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
 use MyAAC\CsrfToken;
 use MyAAC\Models\Config;
 use MyAAC\Models\Guild;
 use MyAAC\Models\House;
 use MyAAC\Models\Pages;
 use MyAAC\Models\Player;
 use PHPMailer\PHPMailer\PHPMailer;
 use Twig\Loader\ArrayLoader as Twig_ArrayLoader;
@@ -38,7 +44,10 @@ function warning($message, $return = false) {
 	return message($message, 'warning', $return);
 }
 function note($message, $return = false) {
-	return message($message, 'note', $return);
+	return info($message, $return);
 }
 function info($message, $return = false) {
 	return message($message, 'info', $return);
 }
 function error($message, $return = false) {
 	return message($message, ((defined('MYAAC_INSTALL') || defined('MYAAC_ADMIN')) ? 'danger' : 'error'), $return);
@@ -99,16 +108,15 @@ function getMonsterLink($name, $generate = true): string
 function getHouseLink($name, $generate = true): string
 {
 	global $db;
 	if(is_numeric($name))
 	{
-		$house = $db->query(
+		$house = House::find(intval($name), ['name']);
-			'SELECT `name` FROM `houses` WHERE `id` = ' . (int)$name);
+		if ($house) {
-		if($house->rowCount() > 0)
+			$name = $house->name;
-			$name = $house->fetchColumn();
+		}
 	}
 	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'houses/' . urlencode($name);
 	if(!$generate) return $url;
@@ -118,10 +126,8 @@ function getHouseLink($name, $generate = true): string
 function getGuildLink($name, $generate = true): string
 {
 	if(is_numeric($name)) {
-		$name = getGuildNameById($name);
+		$guild = Guild::find(intval($name), ['name']);
-		if ($name === false) {
+		$name = $guild->name ?? 'Unknown';
 			$name = 'Unknown';
 		}
 	}
 	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'guilds/' . urlencode($name);
@@ -149,8 +155,7 @@ function getItemImage($id, $count = 1)
 	if($count > 1)
 		$file_name .= '-' . $count;
-	global $config;
+	return '<img src="' . setting('core.item_images_url') . $file_name . setting('core.item_images_extension') . '"' . $tooltip . ' width="32" height="32" border="0" alt="' .$id . '" />';
 	return '<img src="' . $config['item_images_url'] . $file_name . config('item_images_extension') . '"' . $tooltip . ' width="32" height="32" border="0" alt="' .$id . '" />';
 }
 function getItemRarity($chance) {
@@ -272,13 +277,12 @@ function getForumBoards()
 */
 function fetchDatabaseConfig($name, &$value)
 {
-	global $db;
+	$config = Config::select('value')->where('name', '=', $name)->first();
-
+	if (!$config) {
 	$query = $db->query('SELECT `value` FROM `' . TABLE_PREFIX . 'config` WHERE `name` = ' . $db->quote($name));
 	if($query->rowCount() <= 0)
 		return false;
 	}
-	$value = $query->fetchColumn();
+	$value = $config->value;
 	return true;
 }
@@ -303,8 +307,7 @@ function getDatabaseConfig($name)
 */
 function registerDatabaseConfig($name, $value)
 {
-	global $db;
+	Config::create(compact('name', 'value'));
 	$db->insert(TABLE_PREFIX . 'config', array('name' => $name, 'value' => $value));
 }
 /**
@@ -315,8 +318,9 @@ function registerDatabaseConfig($name, $value)
 */
 function updateDatabaseConfig($name, $value)
 {
-	global $db;
+	Config::where('name', '=', $name)->update([
-	$db->update(TABLE_PREFIX . 'config', array('value' => $value), array('name' => $name));
+		'value' => $value
 	]);
 }
 /**
@@ -343,47 +347,55 @@ function encrypt($str)
 //delete player with name
 function delete_player($name)
 {
-	global $db;
+	// DB::beginTransaction();
-	$player = new OTS_Player();
+	global $capsule;
-	$player->find($name);
+	$player = Player::where(compact('name'))->first();
-	if($player->isLoaded()) {
+	if (!$player) {
-		try { $db->exec("DELETE FROM player_skills WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
+		return false;
 		try { $db->exec("DELETE FROM guild_invites WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
 		try { $db->exec("DELETE FROM player_items WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
 		try { $db->exec("DELETE FROM player_depotitems WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
 		try { $db->exec("DELETE FROM player_spells WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
 		try { $db->exec("DELETE FROM player_storage WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
 		try { $db->exec("DELETE FROM player_viplist WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
 		try { $db->exec("DELETE FROM player_deaths WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
 		try { $db->exec("DELETE FROM player_deaths WHERE killed_by = '".$player->getId()."';"); } catch(PDOException $error) {}
 		$rank = $player->getRank();
 		if($rank->isLoaded()) {
 			$guild = $rank->getGuild();
 			if($guild->getOwner()->getId() == $player->getId()) {
 				$rank_list = $guild->getGuildRanksList();
 				if(count($rank_list) > 0) {
 					$rank_list->orderBy('level');
 					foreach($rank_list as $rank_in_guild) {
 						$players_with_rank = $rank_in_guild->getPlayersList();
 						$players_with_rank->orderBy('name');
 						$players_with_rank_number = count($players_with_rank);
 						if($players_with_rank_number > 0) {
 							foreach($players_with_rank as $player_in_guild) {
 								$player_in_guild->setRank();
 								$player_in_guild->save();
 							}
 						}
 						$rank_in_guild->delete();
 					}
 					$guild->delete();
 				}
 			}
 		}
 		$player->delete();
 		return true;
 	}
 	return false;
 	// global $db;
 	// $player = new OTS_Player();
 	// $player->find($name);
 	// if($player->isLoaded()) {
 	// 	try { $db->exec("DELETE FROM player_skills WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
 	// 	try { $db->exec("DELETE FROM guild_invites WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
 	// 	try { $db->exec("DELETE FROM player_items WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
 	// 	try { $db->exec("DELETE FROM player_depotitems WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
 	// 	try { $db->exec("DELETE FROM player_spells WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
 	// 	try { $db->exec("DELETE FROM player_storage WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
 	// 	try { $db->exec("DELETE FROM player_viplist WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
 	// 	try { $db->exec("DELETE FROM player_deaths WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
 	// 	try { $db->exec("DELETE FROM player_deaths WHERE killed_by = '".$player->getId()."';"); } catch(PDOException $error) {}
 	// 	$rank = $player->getRank();
 	// 	if($rank->isLoaded()) {
 	// 		$guild = $rank->getGuild();
 	// 		if($guild->getOwner()->getId() == $player->getId()) {
 	// 			$rank_list = $guild->getGuildRanksList();
 	// 			if(count($rank_list) > 0) {
 	// 				$rank_list->orderBy('level');
 	// 				foreach($rank_list as $rank_in_guild) {
 	// 					$players_with_rank = $rank_in_guild->getPlayersList();
 	// 					$players_with_rank->orderBy('name');
 	// 					$players_with_rank_number = count($players_with_rank);
 	// 					if($players_with_rank_number > 0) {
 	// 						foreach($players_with_rank as $player_in_guild) {
 	// 							$player_in_guild->setRank();
 	// 							$player_in_guild->save();
 	// 						}
 	// 					}
 	// 					$rank_in_guild->delete();
 	// 				}
 	// 				$guild->delete();
 	// 			}
 	// 		}
 	// 	}
 	// 	$player->delete();
 	// 	return true;
 	// }
 	// return false;
 }
 //delete guild with id
@@ -457,20 +469,30 @@ function tickers()
 */
 function template_place_holder($type): string
 {
-	global $twig, $template_place_holders;
+	global $twig, $template_place_holders, $debugBar;
 	$ret = '';
 	if (isset($debugBar)) {
 		$debugBarRenderer = $debugBar->getJavascriptRenderer();
 	}
 	if(array_key_exists($type, $template_place_holders) && is_array($template_place_holders[$type]))
 		$ret = implode($template_place_holders[$type]);
 	if($type === 'head_start') {
 		$ret .= template_header();
 		if (isset($debugBar)) {
 			$ret .= $debugBarRenderer->renderHead();
 		}
 	}
 	elseif ($type === 'body_start') {
 		$ret .= $twig->render('browsehappy.html.twig');
 	}
 	elseif($type === 'body_end') {
 		$ret .= template_ga_code();
 		if (isset($debugBar)) {
 			$ret .= $debugBarRenderer->render();
 		}
 	}
 	return $ret;
@@ -481,8 +503,8 @@ function template_place_holder($type): string
 */
 function template_header($is_admin = false): string
 {
-	global $title_full, $config, $twig;
+	global $title_full, $twig;
-	$charset = isset($config['charset']) ? $config['charset'] : 'utf-8';
+	$charset = setting('core.charset') ?? 'utf-8';
 	return $twig->render('templates.header.html.twig',
 		[
@@ -847,9 +869,6 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 	else
 		$tmp_body = $body . '<br/><br/>' . $signature_html;
 	define('MAIL_MAIL', 0);
 	define('MAIL_SMTP', 1);
 	$mailOption = setting('core.mail_option');
 	if($mailOption == MAIL_SMTP)
 	{
@@ -860,10 +879,6 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 		$mailer->Username = setting('core.smtp_user');
 		$mailer->Password = setting('core.smtp_pass');
 		define('SMTP_SECURITY_NONE', 0);
 		define('SMTP_SECURITY_SSL', 1);
 		define('SMTP_SECURITY_TLS', 2);
 		$security = setting('core.smtp_security');
 		$tmp = '';
@@ -1027,14 +1042,36 @@ function get_browser_real_ip() {
 	return '0';
 }
 function setSession($key, $data) {
-	$_SESSION[config('session_prefix') . $key] = $data;
+	$_SESSION[setting('core.session_prefix') . $key] = $data;
 }
 function getSession($key) {
-	$key = config('session_prefix') . $key;
+	$key = setting('core.session_prefix') . $key;
 	return isset($_SESSION[$key]) ? $_SESSION[$key] : false;
 }
 function unsetSession($key) {
-	unset($_SESSION[config('session_prefix') . $key]);
+	unset($_SESSION[setting('core.session_prefix') . $key]);
 }
 function csrf(): void {
 	CsrfToken::create();
 }
 function csrfToken(): string {
 	return CsrfToken::get();
 }
 function isValidToken(): bool {
 	$token = $_POST['csrf_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
 	return ($_SERVER['REQUEST_METHOD'] !== 'POST' || (isset($token) && CsrfToken::isValid($token)));
 }
 function csrfProtect(): void
 {
 	if (!isValidToken()) {
 		$lastUri = BASE_URL . str_replace_first('/', '', getSession('last_uri'));
 		echo 'Request has been cancelled due to security reasons - token is invalid. Go <a href="' . $lastUri . '">back</a>';
 		exit();
 	}
 }
 function getTopPlayers($limit = 5) {
@@ -1049,26 +1086,38 @@ function getTopPlayers($limit = 5) {
 	}
 	if (!isset($players)) {
-		$deleted = 'deleted';
+		$columns = [
-		if($db->hasColumn('players', 'deletion'))
+			'id', 'name', 'level', 'vocation', 'experience',
-			$deleted = 'deletion';
+			'looktype', 'lookhead', 'lookbody', 'looklegs', 'lookfeet'
 		];
-		$is_tfs10 = $db->hasTable('players_online');
+		if ($db->hasColumn('players', 'lookaddons')) {
-		$players = $db->query('SELECT `id`, `name`, `level`, `vocation`, `experience`, `looktype`' . ($db->hasColumn('players', 'lookaddons') ? ', `lookaddons`' : '') . ', `lookhead`, `lookbody`, `looklegs`, `lookfeet`' . ($is_tfs10 ? '' : ', `online`') . ' FROM `players` WHERE `group_id` < ' . setting('core.highscores_groups_hidden') . ' AND `id` NOT IN (' . implode(', ', setting('core.highscores_ids_hidden')) . ') AND `' . $deleted . '` = 0 AND `account_id` != 1 ORDER BY `experience` DESC LIMIT ' . (int)$limit)->fetchAll();
+			$columns[] = 'lookaddons';
 		if($is_tfs10) {
 			foreach($players as &$player) {
 				$query = $db->query('SELECT `player_id` FROM `players_online` WHERE `player_id` = ' . $player['id']);
 				$player['online'] = ($query->rowCount() > 0 ? 1 : 0);
 			}
 			unset($player);
 		}
-		$i = 0;
+		if ($db->hasColumn('players', 'online')) {
-		foreach($players as &$player) {
+			$columns[] = 'online';
 			$player['rank'] = ++$i;
 		}
-		unset($player);
+
 		$players = Player::query()
 			->select($columns)
 			->withOnlineStatus()
 			->notDeleted()
 			->where('group_id', '<', setting('core.highscores_groups_hidden'))
 			->whereNotIn('id', setting('core.highscores_ids_hidden'))
 			->where('account_id', '!=', 1)
 			->orderByDesc('experience')
 			->limit($limit)
 			->get()
 			->map(function ($e, $i) {
 				$row = $e->toArray();
 				$row['online'] = $e->online_status;
 				$row['rank'] = $i + 1;
 				unset($row['online_table']);
 				return $row;
 			})->toArray();
 		if($cache->enabled()) {
 			$cache->set('top_' . $limit . '_level', serialize($players), 120);
@@ -1177,15 +1226,37 @@ function clearCache()
 		if ($cache->fetch('failed_logins', $tmp))
 			$cache->delete('failed_logins');
-		global $template_name;
+		foreach (get_templates() as $template) {
-		if ($cache->fetch('template_ini' . $template_name, $tmp))
+			if ($cache->fetch('template_ini_' . $template, $tmp)) {
-			$cache->delete('template_ini' . $template_name);
+				$cache->delete('template_ini_' . $template);
 			}
 		}
-		if ($cache->fetch('plugins_hooks', $tmp))
+		if ($cache->fetch('template_menus', $tmp)) {
 			$cache->delete('template_menus');
 		}
 		if ($cache->fetch('database_tables', $tmp)) {
 			$cache->delete('database_tables');
 		}
 		if ($cache->fetch('database_columns', $tmp)) {
 			$cache->delete('database_columns');
 		}
 		if ($cache->fetch('database_checksum', $tmp)) {
 			$cache->delete('database_checksum');
 		}
 		if ($cache->fetch('last_kills', $tmp)) {
 			$cache->delete('last_kills');
 		}
 		if ($cache->fetch('hooks', $tmp)) {
 			$cache->delete('hooks');
 		}
 		if ($cache->fetch('plugins_hooks', $tmp)) {
 			$cache->delete('plugins_hooks');
-
+		}
-		if ($cache->fetch('plugins_routes', $tmp))
+		if ($cache->fetch('plugins_routes', $tmp)) {
 			$cache->delete('plugins_routes');
 		}
 	}
 	deleteDirectory(CACHE . 'signatures', ['index.html'], true);
@@ -1202,49 +1273,44 @@ function clearCache()
 	return true;
 }
-function getCustomPageInfo($page)
+function getCustomPageInfo($name)
 {
-	global $db, $logged_access;
+	global $logged_access;
-	$query =
+	$page = Pages::isPublic()
-		$db->query(
+		->where('name', 'LIKE', $name)
-			'SELECT `id`, `title`, `body`, `php`, `hidden`' .
+		->where('access', '<=', $logged_access)
-			' FROM `' . TABLE_PREFIX . 'pages`' .
+		->first();
-			' WHERE `name` LIKE ' . $db->quote($page) . ' AND `hidden` != 1 AND `access` <= ' . $db->quote($logged_access));
+
-	if($query->rowCount() > 0) // found page
+	if (!$page) {
-	{
+		return null;
 		return $query->fetch(PDO::FETCH_ASSOC);
 	}
-	return null;
+	return $page->toArray();
 }
-function getCustomPage($page, &$success): string
+function getCustomPage($name, &$success): string
 {
-	global $db, $twig, $title, $ignore, $logged_access;
+	global $twig, $title, $ignore;
 	$success = false;
 	$content = '';
-	$query =
+	$page = getCustomPageInfo($name);
-		$db->query(
+
-			'SELECT `id`, `title`, `body`, `php`, `hidden`' .
+	if($page) // found page
 			' FROM `' . TABLE_PREFIX . 'pages`' .
 			' WHERE `name` LIKE ' . $db->quote($page) . ' AND `hidden` != 1 AND `access` <= ' . $db->quote($logged_access));
 	if($query->rowCount() > 0) // found page
 	{
 		$success = $ignore = true;
-		$query = $query->fetch();
+		$title = $page['title'];
 		$title = $query['title'];
-		if($query['php'] == '1') // execute it as php code
+		if($page['php'] == '1') // execute it as php code
 		{
-			$tmp = substr($query['body'], 0, 10);
+			$tmp = substr($page['body'], 0, 10);
 			if(($pos = strpos($tmp, '<?php')) !== false) {
-				$tmp = preg_replace('/<\?php/', '', $query['body'], 1);
+				$tmp = preg_replace('/<\?php/', '', $page['body'], 1);
 			}
 			else if(($pos = strpos($tmp, '<?')) !== false) {
-				$tmp = preg_replace('/<\?/', '', $query['body'], 1);
+				$tmp = preg_replace('/<\?/', '', $page['body'], 1);
 			}
 			else
-				$tmp = $query['body'];
+				$tmp = $page['body'];
 			$php_errors = array();
 			function error_handler($errno, $errstr) {
@@ -1254,7 +1320,7 @@ function getCustomPage($page, &$success): string
 			set_error_handler('error_handler');
 			global $config;
-			if($config['backward_support']) {
+			if(setting('core.backward_support')) {
 				global $SQL, $main_content, $subtopic;
 			}
@@ -1272,7 +1338,7 @@ function getCustomPage($page, &$success): string
 			$oldLoader = $twig->getLoader();
 			$twig_loader_array = new Twig_ArrayLoader(array(
-				'content.html' => $query['body']
+				'content.html' => $page['body']
 			));
 			$twig->setLoader($twig_loader_array);
@@ -1387,39 +1453,42 @@ function getChangelogWhere($v)
 	return 'unknown';
 }
-function getPlayerNameByAccount($id)
+
 function getPlayerNameByAccountId($id)
 {
-	global $vowels, $ots, $db;
+	if (!is_numeric($id)) {
-	if(is_numeric($id))
+		return '';
-	{
+	}
 		$player = new OTS_Player();
 		$player->load($id);
 		if($player->isLoaded())
 			return $player->getName();
 		else
 		{
 			$playerQuery = $db->query('SELECT `id` FROM `players` WHERE `account_id` = ' . $id . ' ORDER BY `lastlogin` DESC LIMIT 1;')->fetch();
-			$tmp = "*Error*";
+	$account = \MyAAC\Models\Account::find(intval($id), ['id']);
-			/*
+	if ($account) {
-			$acco = new OTS_Account();
+		$player = \MyAAC\Models\Player::where('account_id', $account->id)->orderByDesc('lastlogin')->select('name')->first();
-			$acco->load($id);
+		if (!$player) {
-			if(!$acco->isLoaded())
+			return '';
 				return "Unknown name";
 			foreach($acco->getPlayersList() as $p)
 			{
 				$player= new OTS_Player();
 				$player->find($p);*/
 				$player->load($playerQuery['id']);
 				//echo 'id gracza = ' . $p . '<br/>';
 				if($player->isLoaded())
 					$tmp = $player->getName();
 			//	break;
 			//}
 			return $tmp;
 		}
 		return $player->name;
 	}
 	return '';
 }
 function getPlayerNameByAccount($account) {
 	if (is_numeric($account)) {
 		return getPlayerNameByAccountId($account);
 	}
 	return '';
 }
 function getPlayerNameById($id)
 {
 	if (!is_numeric($id)) {
 		return '';
 	}
 	$player = \MyAAC\Models\Player::find((int)$id, ['name']);
 	if ($player) {
 		return $player->name;
 	}
 	return '';
@@ -1427,13 +1496,13 @@ function getPlayerNameByAccount($id)
 function echo_success($message)
 {
-	echo '<div class="col-12 success mb-2">' . $message . '</div>';
+	echo '<div class="col-12 alert alert-success mb-2">' . $message . '</div>';
 }
 function echo_error($message)
 {
 	global $error;
-	echo '<div class="col-12 error mb-2">' . $message . '</div>';
+	echo '<div class="col-12 alert alert-danger mb-2">' . $message . '</div>';
 	$error = true;
 }
@@ -1508,8 +1577,8 @@ function right($str, $length) {
 }
 function getCreatureImgPath($creature){
-	$creature_path = config('monsters_images_url');
+	$creature_path = setting('core.monsters_images_url');
-	$creature_gfx_name = trim(strtolower($creature)) . config('monsters_images_extension');
+	$creature_gfx_name = trim(strtolower($creature)) . setting('core.monsters_images_extension');
 	if (!file_exists($creature_path . $creature_gfx_name)) {
 		$creature_gfx_name = str_replace(" ", "", $creature_gfx_name);
 		if (file_exists($creature_path . $creature_gfx_name)) {
@@ -1574,12 +1643,9 @@ function escapeHtml($html) {
 function getGuildNameById($id)
 {
-	global $db;
+	$guild = Guild::where('id', intval($id))->select('name')->first();
-
+	if ($guild) {
-	$guild = $db->query('SELECT `name` FROM `guilds` WHERE `id` = ' . (int)$id);
+		return $guild->name;
 	if($guild->rowCount() > 0) {
 		return $guild->fetchColumn();
 	}
 	return false;
@@ -1587,15 +1653,11 @@ function getGuildNameById($id)
 function getGuildLogoById($id)
 {
 	global $db;
 	$logo = 'default.gif';
-	$query = $db->query('SELECT `logo_name` FROM `guilds` WHERE `id` = ' . (int)$id);
+	$guild = Guild::where('id', intval($id))->select('logo_name')->first();
-	if ($query->rowCount() == 1) {
+	if ($guild) {
-
+		$guildLogo = $guild->logo_name;
 		$query = $query->fetch(PDO::FETCH_ASSOC);
 		$guildLogo = $query['logo_name'];
 		if (!empty($guildLogo) && file_exists(GUILD_IMAGES_DIR . $guildLogo)) {
 			$logo = $guildLogo;
--- a/system/hooks.php
+++ b/system/hooks.php
@@ -68,12 +68,15 @@ define('HOOK_ADMIN_LOGIN_AFTER_ACCOUNT', ++$i);
 define('HOOK_ADMIN_LOGIN_AFTER_PASSWORD', ++$i);
 define('HOOK_ADMIN_LOGIN_AFTER_SIGN_IN', ++$i);
 define('HOOK_ADMIN_ACCOUNTS_SAVE_POST', ++$i);
 define('HOOK_ADMIN_SETTINGS_BEFORE_SAVE', ++$i);
 define('HOOK_CRONJOB', ++$i);
 define('HOOK_EMAIL_CONFIRMED', ++$i);
 define('HOOK_GUILDS_BEFORE_GUILD_HEADER', ++$i);
 define('HOOK_GUILDS_AFTER_GUILD_HEADER', ++$i);
 define('HOOK_GUILDS_AFTER_GUILD_INFORMATION', ++$i);
 define('HOOK_GUILDS_AFTER_GUILD_MEMBERS', ++$i);
 define('HOOK_GUILDS_AFTER_INVITED_CHARACTERS', ++$i);
 define('HOOK_TWIG', ++$i);
 const HOOK_FIRST = HOOK_STARTUP;
 define('HOOK_LAST', $i);
@@ -91,15 +94,25 @@ class Hook
 	public function execute($params)
 	{
 		extract($params);
 		/*if(is_callable($this->_callback))
 		{
 			$tmp = $this->_callback;
 			$ret = $tmp($params);
 		}*/
 		global $db, $config, $template_path, $ots, $content, $twig;
-		$ret = include BASE . $this->_file;
+
 		if(is_callable($this->_file))
 		{
 			$params['db'] = $db;
 			$params['config'] = $config;
 			$params['template_path'] = $template_path;
 			$params['ots'] = $ots;
 			$params['content'] = $content;
 			$params['twig'] = $twig;
 			$tmp = $this->_file;
 			$ret = $tmp($params);
 		}
 		else {
 			extract($params);
 			$ret = include BASE . $this->_file;
 		}
 		return !isset($ret) || $ret == 1 || $ret;
 	}
--- a/system/init.php
+++ b/system/init.php
@@ -7,16 +7,25 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\CsrfToken;
 defined('MYAAC') or die('Direct access not allowed!');
 if(!isset($config['installed']) || !$config['installed']) {
 	throw new RuntimeException('MyAAC has not been installed yet or there was error during installation. Please install again.');
 }
 use DebugBar\StandardDebugBar;
 if(config('env') === 'dev') {
 	require SYSTEM . 'exception.php';
 }
 if (config('env') === 'dev' || getBoolean(config('enable_debugbar'))) {
 	$debugBar = new StandardDebugBar();
 }
 if(empty($config['server_path'])) {
 	throw new RuntimeException('Server Path has been not set. Go to config.php and set it.');
 }
@@ -33,6 +42,11 @@ if(isset($config['gzip_output']) && $config['gzip_output'] && isset($_SERVER['HT
 require_once SYSTEM . 'libs/cache.php';
 $cache = Cache::getInstance();
 // event system
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
 $hooks->load();
 // twig
 require_once SYSTEM . 'twig.php';
@@ -117,9 +131,11 @@ if(!isset($foundValue)) {
 $config['data_path'] = $foundValue;
 unset($foundValue);
 // POT
 require_once SYSTEM . 'libs/pot/OTS.php';
 $ots = POT::getInstance();
 $eloquentConnection = null;
 require_once SYSTEM . 'database.php';
 // execute migrations
@@ -130,12 +146,23 @@ require_once LIBS . 'Settings.php';
 $settings = Settings::getInstance();
 $settings->load();
 // csrf protection
 $token = getSession('csrf_token');
 if (!isset($token) || !$token) {
 	CsrfToken::generate();
 }
 // deprecated config values
 require_once SYSTEM . 'compat/config.php';
 date_default_timezone_set(setting('core.date_timezone'));
-$config['account_create_character_create'] = config('account_create_character_create') && (!setting('core.mail_enabled') || !config('account_mail_verify'));
+setting(
 	[
 		'core.account_create_character_create',
 		setting('core.account_create_character_create') && (!setting('core.mail_enabled') || !setting('core.account_mail_verify'))
 	]
 );
 $settingsItemImagesURL = setting('core.item_images_url');
 if($settingsItemImagesURL[strlen($settingsItemImagesURL) - 1] !== '/') {
--- a/system/item.php
+++ b/system/item.php
@@ -1,60 +0,0 @@
 <?php
 /**
 * Item parser
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 require_once SYSTEM . 'libs/items_images.php';
 Items_Images::$files = array(
 	'otb' => SYSTEM . 'data/items.otb',
 	'spr' => SYSTEM . 'data/Tibia.spr',
 	'dat' => SYSTEM . 'data/Tibia.dat'
 );
 Items_Images::$outputDir = BASE . 'images/items/';
 function generateItem($id = 100, $count = 1) {
 	Items_Images::generate($id, $count);
 }
 function itemImageExists($id, $count = 1)
 {
 	if(!isset($id))
 		throw new RuntimeException('ERROR - itemImageExists: id has been not set!');
 	$file_name = $id;
 	if($count > 1)
 		$file_name .= '-' . $count;
 	$file_name = Items_Images::$outputDir . $file_name . '.gif';
 	return file_exists($file_name);
 }
 function outputItem($id = 100, $count = 1)
 {
 	if(!(int)$count)
 		$count = 1;
 	if(!itemImageExists($id, $count))
 	{
 		//echo 'plik istnieje';
 		Items_Images::generate($id, $count);
 	}
 	$expires = 60 * 60 * 24 * 30; // 30 days
 	header('Content-type: image/gif');
 	header('Cache-Control: public');
 	header('Cache-Control: maxage=' . $expires);
 	header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $expires) . ' GMT');
 	$file_name = $id;
 	if($count > 1)
 		$file_name .= '-' . $count;
 	$file_name = Items_Images::$outputDir . $file_name . '.gif';
 	readfile($file_name);
 }
--- a/system/libs/CreateCharacter.php
+++ b/system/libs/CreateCharacter.php
@@ -1,4 +1,7 @@
 <?php
 use MyAAC\Models\Player;
 /**
 * CreateCharacter
 *
@@ -52,9 +55,7 @@ class CreateCharacter
 			return false;
 		}
-		$player = new OTS_Player();
+		if(Player::where('name', '=', $name)->exists()) {
 		$player->find($name);
 		if($player->isLoaded()) {
 			$errors['name'] = 'Character with this name already exist.';
 			return false;
 		}
@@ -139,8 +140,8 @@ class CreateCharacter
 		if(empty($errors))
 		{
 			$number_of_players_on_account = $account->getPlayersList(true)->count();
-			if($number_of_players_on_account >= config('characters_per_account'))
+			if($number_of_players_on_account >= setting('core.characters_per_account'))
-				$errors[] = 'You have too many characters on your account <b>('.$number_of_players_on_account.'/'.config('characters_per_account').')</b>!';
+				$errors[] = 'You have too many characters on your account <b>('.$number_of_players_on_account . '/' . setting('core.characters_per_account') . ')</b>!';
 		}
 		if(empty($errors))
--- a/system/libs/Settings.php
+++ b/system/libs/Settings.php
@@ -1,4 +1,7 @@
 <?php
 use MyAAC\Models\Settings as ModelsSettings;
 /**
 * CreateCharacter
 *
@@ -40,13 +43,10 @@ class Settings implements ArrayAccess
 			}
 		}
-		global $db;
+		$settings = ModelsSettings::all();
-		$settings = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'settings`');
+		foreach ($settings as $setting)
-
+		{
-		if($settings->rowCount() > 0) {
+			$this->settingsDatabase[$setting->name][$setting->key] = $setting->value;
 			foreach ($settings->fetchAll(PDO::FETCH_ASSOC) as $setting) {
 				$this->settingsDatabase[$setting['name']][$setting['key']] = $setting['value'];
 			}
 		}
 		if ($cache->enabled()) {
@@ -55,13 +55,21 @@ class Settings implements ArrayAccess
 	}
 	public function save($pluginName, $values) {
 		global $db;
 		if (!isset($this->settingsFile[$pluginName])) {
 			throw new RuntimeException('Error on save settings: plugin does not exist');
 		}
 		$settings = $this->settingsFile[$pluginName];
 		global $hooks;
 		if (!$hooks->trigger(HOOK_ADMIN_SETTINGS_BEFORE_SAVE, [
 			'name' => $pluginName,
 			'values' => $values,
 			'settings' => $settings,
 		])) {
 			return false;
 		}
 		if (isset($settings['callbacks']['beforeSave'])) {
 			if (!$settings['callbacks']['beforeSave']($settings, $values)) {
 				return false;
@@ -69,7 +77,7 @@ class Settings implements ArrayAccess
 		}
 		$this->errors = [];
-		$db->query('DELETE FROM `' . TABLE_PREFIX . 'settings` WHERE `name` = ' . $db->quote($pluginName) . ';');
+		ModelsSettings::where('name', $pluginName)->delete();
 		foreach ($values as $key => $value) {
 			$errorMessage = '';
 			if (isset($settings['settings'][$key]['callbacks']['beforeSave']) && !$settings['settings'][$key]['callbacks']['beforeSave']($key, $value, $errorMessage)) {
@@ -78,7 +86,11 @@ class Settings implements ArrayAccess
 			}
 			try {
-				$db->insert(TABLE_PREFIX . 'settings', ['name' => $pluginName, 'key' => $key, 'value' => $value]);
+				ModelsSettings::create([
 					'name' => $pluginName,
 					'key' => $key,
 					'value' => $value
 				]);
 			} catch (PDOException $error) {
 				$this->errors[] = 'Error while saving setting (' . $pluginName . ' - ' . $key . '): ' . $error->getMessage();
 			}
@@ -94,36 +106,22 @@ class Settings implements ArrayAccess
 	public function updateInDatabase($pluginName, $key, $value)
 	{
-		global $db;
+		ModelsSettings::where(['name' => $pluginName, 'key' => $key])->update(['value' => $value]);
 		$db->update(TABLE_PREFIX . 'settings', ['value' => $value], ['name' => $pluginName, 'key' => $key]);
 	}
 	public function deleteFromDatabase($pluginName, $key = null)
 	{
 		global $db;
 		if (!isset($key)) {
-			$db->delete(TABLE_PREFIX . 'settings', ['name' => $pluginName], -1);
+			ModelsSettings::where('name', $pluginName)->delete();
 		}
 		else {
-			$db->delete(TABLE_PREFIX . 'settings', ['name' => $pluginName, 'key' => $key]);
+			ModelsSettings::where('name', $pluginName)->where('key', $key)->delete();
 		}
 	}
 	public static function display($plugin, $settings): array
 	{
-		global $db;
+		$settingsDb = ModelsSettings::where('name', $plugin)->pluck('value', 'key')->toArray();
 		$query = 'SELECT `key`, `value` FROM `' . TABLE_PREFIX . 'settings` WHERE `name` = ' . $db->quote($plugin) . ';';
 		$query = $db->query($query);
 		$settingsDb = [];
 		if($query->rowCount() > 0) {
 			foreach($query->fetchAll(PDO::FETCH_ASSOC) as $value) {
 				$settingsDb[$value['key']] = $value['value'];
 			}
 		}
 		$config = [];
 		require BASE . 'config.local.php';
--- a/system/libs/Towns.php
+++ b/system/libs/Towns.php
@@ -23,6 +23,8 @@
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Town;
 /**
 * Class Towns
 */
@@ -124,15 +126,6 @@ class Towns
 	 */
 	public static function getFromDatabase()
 	{
-		global $db;
+		return Town::pluck('name', 'id')->toArray();
 		$query = $db->query('SELECT `id`, `name` FROM `towns`;')->fetchAll(PDO::FETCH_ASSOC);
 		$towns = [];
 		foreach($query as $town) {
 			$towns[$town['id']] = $town['name'];
 		}
 		return $towns;
 	}
 }
--- a/system/libs/changelog.php
+++ b/system/libs/changelog.php
@@ -1,5 +1,7 @@
 <?php
 use MyAAC\Models\Changelog as ModelsChangelog;
 class Changelog
 {
 	static public function verify($body,$date, &$errors)
@@ -19,43 +21,61 @@ class Changelog
 	static public function add($body, $type, $where, $player_id, $cdate, &$errors)
 	{
 		global $db;
 		if(!self::verify($body,$cdate, $errors))
 			return false;
-		$db->insert(TABLE_PREFIX . 'changelog', array('body' => $body, 'type' => $type, 'date' => $cdate, 'where' => $where, 'player_id' => isset($player_id) ? $player_id : 0));
+		$row = new ModelsChangelog;
-		self::clearCache();
+		$row->body = $body;
-		return true;
+		$row->type = $type;
 		$row->date = $cdate;
 		$row->where = $where;
 		$row->player_id = $player_id ?? 0;
 		if ($row->save()) {
 			self::clearCache();
 			return true;
 		}
 		return false;
 	}
 	static public function get($id) {
-		global $db;
+		return ModelsChangelog::find($id);
 		return $db->select(TABLE_PREFIX . 'changelog', array('id' => $id));
 	}
 	static public function update($id, $body, $type, $where, $player_id, $date,  &$errors)
 	{
 		global $db;
 		if(!self::verify($body,$date, $errors))
 			return false;
-		$db->update(TABLE_PREFIX . 'changelog', array('body' => $body, 'type' => $type, 'where' => $where, 'player_id' => isset($player_id) ? $player_id : 0, 'date' => $date), array('id' => $id));
+		if (ModelsChangelog::where('id', '=', $id)->update([
-		self::clearCache();
+			'body' => $body,
-		return true;
+			'type' => $type,
 			'where' => $where,
 			'player_id' => $player_id ?? 0,
 			'date' => $date
 		])) {
 			self::clearCache();
 			return true;
 		}
 		return false;
 	}
 	static public function delete($id, &$errors)
 	{
 		global $db;
 		if(isset($id))
 		{
-			if($db->select(TABLE_PREFIX . 'changelog', array('id' => $id)) !== false)
+			$row = ModelsChangelog::find($id);
-				$db->delete(TABLE_PREFIX . 'changelog', array('id' => $id));
+			if ($row) {
-			else
+				if (!$row->delete()) {
 					$errors[] = 'Fail during delete Changelog.';
 				}
 			} else {
 				$errors[] = 'Changelog with id ' . $id . ' does not exist.';
-		}
+			}
-		else
+		} else {
 			$errors[] = 'Changelog id not set.';
 		}
 		if(count($errors)) {
 			return false;
@@ -67,17 +87,19 @@ class Changelog
 	static public function toggleHidden($id, &$errors, &$status)
 	{
 		global $db;
 		if(isset($id))
 		{
-			$query = $db->select(TABLE_PREFIX . 'changelog', array('id' => $id));
+			$row = ModelsChangelog::find($id);
-			if($query !== false)
+			if ($row) {
-			{
+				$row->hidden = $row->hidden == 1 ? 0 : 1;
-				$db->update(TABLE_PREFIX . 'changelog', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
+				if (!$row->save()) {
-				$status = $query['hidden'];
+					$errors[] = 'Fail during toggle hidden Changelog.';
-			}
+				}
-			else
+				$status = $row->hidden;
 			} else {
 				$errors[] = 'Changelog with id ' . $id . ' does not exists.';
 			}
 		}
 		else
 			$errors[] = 'Changelog id not set.';
--- a/system/libs/creatures.php
+++ b/system/libs/creatures.php
@@ -8,6 +8,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Monster;
 defined('MYAAC') or die('Direct access not allowed!');
 require_once LIBS . 'items.php';
@@ -19,9 +22,9 @@ class Creatures {
 	private static $lastError = '';
 	public static function loadFromXML($show = false) {
-		global $db;
+		try {
-
+			Monster::query()->delete();
-		try { $db->exec('DELETE FROM `' . TABLE_PREFIX . 'monsters`;'); } catch(PDOException $error) {}
+		} catch(Exception $error) {}
 		if($show) {
 			echo '<h2>Reload monsters.</h2>';
@@ -124,7 +127,7 @@ class Creatures {
 			}
 			if(!in_array($name, $names_added)) {
 				try {
-					$db->insert(TABLE_PREFIX . 'monsters', array(
+					Monster::create(array(
 						'name' => $name,
 						'mana' => empty($mana) ? 0 : $mana,
 						'exp' => $monster->getExperience(),
@@ -158,7 +161,7 @@ class Creatures {
 						success('Added: ' . $name . '<br/>');
 					}
 				}
-				catch(PDOException $error) {
+				catch(Exception $error) {
 					if($show) {
 						warning('Error while adding monster (' . $name . '): ' . $error->getMessage());
 					}
--- a/system/libs/forum.php
+++ b/system/libs/forum.php
@@ -10,13 +10,13 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$configForumTablePrefix = setting('core.forum_table_prefix');
+$settingForumTablePrefix = setting('core.forum_table_prefix');
-if(null !== $configForumTablePrefix && !empty(trim($configForumTablePrefix))) {
+if(null !== $settingForumTablePrefix && !empty(trim($settingForumTablePrefix))) {
-	if(!in_array($configForumTablePrefix, array('myaac_', 'z_'))) {
+	if(!in_array($settingForumTablePrefix, array('myaac_', 'z_'))) {
 		throw new RuntimeException('Invalid value for forum_table_prefix in config.php. Can be only: "myaac_" or "z_".');
 	}
-	define('FORUM_TABLE_PREFIX', $configForumTablePrefix);
+	define('FORUM_TABLE_PREFIX', $settingForumTablePrefix);
 }
 else {
 	if($db->hasTable('z_forum')) {
--- a/system/libs/items.php
+++ b/system/libs/items.php
@@ -78,8 +78,6 @@ class Items
 	}
 	public static function getDescription($id, $count = 1) {
 		global $db;
 		$item = self::get($id);
 		$attr = $item['attributes'];
@@ -112,17 +110,15 @@ class Items
 			$s .= 'an item of type ' . $item['id'];
 		if(isset($attr['type']) && strtolower($attr['type']) == 'rune') {
-			$query = $db->query('SELECT `level`, `maglevel`, `vocations` FROM `' . TABLE_PREFIX . 'spells` WHERE `item_id` = ' . $id);
+			$item = Spells::where('item_id', $id)->first();
-			if($query->rowCount() == 1) {
+			if($item) {
-				$query = $query->fetch();
+				if($item->level > 0 && $item->maglevel > 0) {
 				if($query['level'] > 0 && $query['maglevel'] > 0) {
 					$s .= '. ' . ($count > 1 ? "They" : "It") . ' can only be used by ';
 				}
 				$configVocations = config('vocations');
-				if(!empty(trim($query['vocations']))) {
+				if(!empty(trim($item->vocations))) {
-					$vocations = json_decode($query['vocations']);
+					$vocations = json_decode($item->vocations);
 					if(count($vocations) > 0) {
 						foreach($vocations as $voc => $show) {
 							$vocations[$configVocations[$voc]] = $show;
--- a/system/libs/items_images.php
+++ b/system/libs/items_images.php
@@ -1,265 +0,0 @@
 <?php
 /**
 * Items_Images class
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 if ( !function_exists( 'stackId' ) )
 {
 	function stackId( $count )
 	{
 		if ( $count >= 50 )
 			$stack = 8;
 		elseif ( $count >= 25 )
 			$stack = 7;
 		elseif ( $count >= 10 )
 			$stack = 6;
 		elseif ( $count >= 5 )
 			$stack = 5;
 		elseif ( $count >= 4 )
 			$stack = 4;
 		elseif ( $count >= 3 )
 			$stack = 3;
 		elseif ( $count >= 2 )
 			$stack = 2;
 		else
 			$stack = 1;
 		return $stack;
 	}
 }
 class Items_Images
 {
 	public static $outputDir = '';
 	public static $files = array();
 	private static $otb, $dat, $spr;
 	private static $lastItem;
 	private static $loaded = false;
 	public function __destruct()
 	{
 		if(self::$otb)
 			fclose(self::$otb);
 		if(self::$dat)
 			fclose(self::$dat);
 		if(self::$spr)
 			fclose(self::$spr);
 	}
 	public static function generate($id = 100, $count = 1)
 	{
 		if(!self::$loaded)
 			self::load();
 		$originalId = $id;
 		if($id < 100)
 			return false;
 			//die('ID cannot be lower than 100.');
 		rewind(self::$otb);
 		rewind(self::$dat);
 		rewind(self::$spr);
 		$nostand = false;
 		$init = false;
 		$originalId = $id;
 		// parse info from otb
 		while( false !== ( $char = fgetc( self::$otb ) ) )
 		{
 			$byte = HEX_PREFIX.bin2hex( $char );
 			if ( $byte == 0xFE )
 				$init = true;
 			elseif ( $byte == 0x10 and $init ) {
 				extract( unpack( 'x2/Ssid', fread( self::$otb, 4 ) ) );
 				if ( $id == $sid ) {
 					if ( HEX_PREFIX.bin2hex( fread( self::$otb, 1 ) ) == 0x11 ) {
 						extract( unpack( 'x2/Sid', fread( self::$otb, 4 ) ) );
 						break;
 					}
 				}
 				$init = false;
 			}
 		}
 		self::$lastItem = array_sum( unpack( 'x4/S*', fread( self::$dat, 12 )));
 		if($id > self::$lastItem)
 			return false;
 		//ini_set('max_execution_time', 300);
 		// parse info from dat
 		for( $i = 100; $i <= $id; $i++ ) {
 			while( ( $byte = HEX_PREFIX.bin2hex( fgetc( self::$dat ) ) ) != 0xFF ) {
 				$offset = 0;
 				switch( $byte ) {
 					case 0x00:
 					case 0x09:
 					case 0x0A:
 					case 0x1A:
 					case 0x1D:
 					case 0x1E:
 						$offset = 2;
 						break;
 					case 0x16:
 					case 0x19:
 						$offset = 4;
 						break;
 					case 0x01:
 					case 0x02:
 					case 0x03:
 					case 0x04:
 					case 0x05:
 					case 0x06:
 					case 0x07:
 					case 0x08:
 					case 0x0B:
 					case 0x0C:
 					case 0x0D:
 					case 0x0E:
 					case 0x0F:
 					case 0x10:
 					case 0x11:
 					case 0x12:
 					case 0x13:
 					case 0x14:
 					case 0x15:
 					case 0x17:
 					case 0x18:
 					case 0x1B:
 					case 0x1C:
 					case 0x1F:
 					case 0x20:
 						break;
 					default:
 						return false; #trigger_error( sprintf( 'Unknown .DAT byte %s (previous byte: %s; address %x)', $byte, $prev, ftell( $dat ), E_USER_ERROR ) );
 						break;
 				}
 				$prev = $byte;
 				fseek( self::$dat, $offset, SEEK_CUR );
 			}
 			extract( unpack( 'Cwidth/Cheight', fread( self::$dat, 2 ) ) );
 			if ( $width > 1 or $height > 1 ) {
 				fseek( self::$dat, 1, SEEK_CUR );
 				$nostand = true;
 			}
 			$sprites_c = array_product( unpack( 'C*', fread( self::$dat, 5 ) ) ) * $width * $height;
 			$sprites = unpack( 'S*', fread( self::$dat, 2 * $sprites_c ) );
 		}
 		if ( array_key_exists( stackId( $count ), $sprites ) ) {
 			$sprites = (array) $sprites[stackId( $count )];
 		}
 		else {
 			$sprites = (array) $sprites[array_rand( $sprites ) ];
 		}
 		fseek( self::$spr, 6 );
 		$sprite = imagecreatetruecolor( 32 * $width, 32 * $height );
 		imagecolortransparent( $sprite, imagecolorallocate( $sprite, 0, 0, 0 ) );
 		foreach( $sprites as $key => $value ) {
 			fseek( self::$spr, 6 + ( $value - 1 ) * 4 );
 			extract( unpack( 'Laddress', fread( self::$spr, 4 ) ) );
 			fseek( self::$spr, $address + 3 );
 			extract( unpack( 'Ssize', fread( self::$spr, 2 ) ) );
 			list( $num, $bit ) = array( 0, 0 );
 			while( $bit < $size ) {
 				$pixels = unpack( 'Strans/Scolored', fread( self::$spr, 4 ) );
 				$num += $pixels['trans'];
 				for( $i = 0; $i < $pixels['colored']; $i++ )
 				{
 					extract( unpack( 'Cred/Cgreen/Cblue', fread( self::$spr, 3 ) ) );
 					$red = ( $red == 0 ? ( $green == 0 ? ( $blue == 0 ? 1 : $red ) : $red ) : $red );
 					imagesetpixel( $sprite,
 						$num % 32 + ( $key % 2 == 1 ? 32 : 0 ),
 						$num / 32 + ( $key % 4 != 1 and $key % 4 != 0 ? 32 : 0 ),
 						imagecolorallocate( $sprite, $red, $green, $blue ) );
 					$num++;
 				}
 				$bit += 4 + 3 * $pixels['colored'];
 			}
 		}
 		if ( $count >= 2 ) {
 			if ( $count > 100 )
 				$count = 100;
 			$font = 3;
 			$length = imagefontwidth( $font ) * strlen( $count );
 			$pos = array(
 				'x' => ( 32 * $width ) - ( $length + 1 ),
 				'y' => ( 32 * $height ) - 13
 			);
 			imagestring( $sprite, $font, $pos['x'] - 1, $pos['y'] - 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'], $pos['y'] - 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'] - 1, $pos['y'], $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'], $pos['y'] + 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'] + 1, $pos['y'], $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'] + 1, $pos['y'] + 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'], $pos['y'], $count, imagecolorallocate( $sprite, 219, 219, 219 ) );
 		}
 		$imagePath = self::$outputDir . ($count > 1 ? $originalId . '-' . $count : $originalId ) . '.gif';
 		// save image
 		imagegif($sprite, $imagePath);
 	}
 	public static function load()
 	{
 		if(!defined( 'HEX_PREFIX'))
 			define('HEX_PREFIX', '0x');
 		self::$otb = fopen(self::$files['otb'], 'rb');
 		self::$dat = fopen(self::$files['dat'], 'rb');
 		self::$spr = fopen(self::$files['spr'], 'rb');
 		if(!self::$otb || !self::$dat || !self::$spr)
 			throw new RuntimeException('ERROR: Cannot load data files.');
 		/*
 		if ( $nostand )
 		{
 			for( $i = 0; $i < count( $sprites ) / 4; $i++ )
 			{
 				$sprites = array_merge( (array) $sprites, array_reverse( array_slice( $sprites, $i * 4, 4 ) ) );
 			}
 		}
 		else
 		{
 			$sprites = (array) $sprites[array_rand( $sprites ) ];
 		}
 		*/
 		self::$loaded = true;
 	}
 	public static function loaded() {
 		return self::$loaded;
 	}
 }
--- a/system/libs/news.php
+++ b/system/libs/news.php
@@ -1,5 +1,7 @@
 <?php
 use MyAAC\Models\News as ModelsNews;
 class News
 {
 	static public function verify($title, $body, $article_text, $article_image, &$errors)
@@ -29,43 +31,64 @@ class News
 	static public function add($title, $body, $type, $category, $player_id, $comments, $article_text, $article_image, &$errors)
 	{
 		global $db;
 		if(!self::verify($title, $body, $article_text, $article_image, $errors))
 			return false;
-		$db->insert(TABLE_PREFIX . 'news', array('title' => $title, 'body' => $body, 'type' => $type, 'date' => time(), 'category' => $category, 'player_id' => isset($player_id) ? $player_id : 0, 'comments' => $comments, 'article_text' => ($type == 3 ? $article_text : ''), 'article_image' => ($type == 3 ? $article_image : '')));
+		ModelsNews::create([
 			'title' => $title,
 			'body' => $body,
 			'type' => $type,
 			'date' => time(),
 			'category' => $category,
 			'player_id' => isset($player_id) ? $player_id : 0,
 			'comments' => $comments,
 			'article_text' => ($type == 3 ? $article_text : ''),
 			'article_image' => ($type == 3 ? $article_image : '')
 		]);
 		self::clearCache();
 		return true;
 	}
 	static public function get($id) {
-		global $db;
+		return ModelsNews::find($id)->toArray();
 		return $db->select(TABLE_PREFIX . 'news', array('id' => $id));
 	}
 	static public function update($id, $title, $body, $type, $category, $player_id, $comments, $article_text, $article_image, &$errors)
 	{
 		global $db;
 		if(!self::verify($title, $body, $article_text, $article_image, $errors))
 			return false;
-		$db->update(TABLE_PREFIX . 'news', array('title' => $title, 'body' => $body, 'type' => $type, 'category' => $category, 'last_modified_by' => isset($player_id) ? $player_id : 0, 'last_modified_date' => time(), 'comments' => $comments, 'article_text' => $article_text, 'article_image' => $article_image), array('id' => $id));
+		ModelsNews::where('id', $id)->update([
 			'title' => $title,
 			'body' => $body,
 			'type' => $type,
 			'category' => $category,
 			'last_modified_by' => isset($player_id) ? $player_id : 0,
 			'last_modified_date' => time(),
 			'comments' => $comments,
 			'article_text' => $article_text,
 			'article_image' => $article_image
 		]);
 		self::clearCache();
 		return true;
 	}
 	static public function delete($id, &$errors)
 	{
-		global $db;
+		if(isset($id)) {
-		if(isset($id))
+			$row = ModelsNews::find($id);
-		{
+			if($row) {
-			if($db->select(TABLE_PREFIX . 'news', array('id' => $id)) !== false)
+				if (!$row->delete()) {
-				$db->delete(TABLE_PREFIX . 'news', array('id' => $id));
+					$errors[] = 'Fail during delete News.';
-			else
+				}
 			}
 			else {
 				$errors[] = 'News with id ' . $id . ' does not exists.';
 			}
 		}
-		else
+		else {
 			$errors[] = 'News id not set.';
 		}
 		if(count($errors)) {
 			return false;
@@ -77,14 +100,16 @@ class News
 	static public function toggleHidden($id, &$errors, &$status)
 	{
 		global $db;
 		if(isset($id))
 		{
-			$query = $db->select(TABLE_PREFIX . 'news', array('id' => $id));
+			$row = ModelsNews::find($id);
-			if($query !== false)
+			if($row)
 			{
-				$db->update(TABLE_PREFIX . 'news', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
+				$row->hidden = $row->hidden == 1 ? 0 : 1;
-				$status = $query['hidden'];
+				if (!$row->save()) {
 					$errors[] = 'Fail during toggle hidden News.';
 				}
 				$status = $row->hidden;
 			}
 			else
 				$errors[] = 'News with id ' . $id . ' does not exists.';
--- a/system/libs/plugins.php
+++ b/system/libs/plugins.php
@@ -39,6 +39,7 @@ function is_sub_dir($path = NULL, $parent_folder = BASE) {
 }
 use Composer\Semver\Semver;
 use MyAAC\Models\Menu;
 class Plugins {
 	private static $warnings = [];
@@ -151,6 +152,10 @@ class Plugins {
 		foreach(self::getAllPluginsJson() as $plugin) {
 			if (isset($plugin['hooks'])) {
 				foreach ($plugin['hooks'] as $_name => $info) {
 					if (str_contains($info['type'], 'HOOK_')) {
 						$info['type'] = str_replace('HOOK_', '', $info['type']);
 					}
 					if (defined('HOOK_'. $info['type'])) {
 						$hook = constant('HOOK_'. $info['type']);
 						$hooks[] = ['name' => $_name, 'type' => $hook, 'file' => $info['file']];
@@ -649,11 +654,9 @@ class Plugins {
 	 */
 	public static function installMenus($templateName, $categories)
 	{
 		global $db;
 		// check if menus already exist
-		$query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'menu` WHERE `template` = ' . $db->quote($templateName) . ' LIMIT 1;');
+		$menuInstalled = Menu::where('template', $templateName)->select('id')->first();
-		if ($query->rowCount() > 0) {
+		if ($menuInstalled) {
 			return;
 		}
@@ -687,7 +690,7 @@ class Plugins {
 					'color' => $color,
 				];
-				$db->insert(TABLE_PREFIX . 'menu', $insert_array);
+				Menu::create($insert_array);
 			}
 		}
 	}
--- a/system/libs/pot/OTS.php
+++ b/system/libs/pot/OTS.php
@@ -370,7 +370,14 @@ class POT
            throw new RuntimeException('Please install PHP pdo extension. MyAAC will not work without it.');
        }
-        $this->db = new OTS_DB_MySQL($params);
+	    global $debugBar;
 		if (isset($debugBar)) {
 			$this->db = new DebugBar\DataCollector\PDO\TraceablePDO(new OTS_DB_MySQL($params));
 			$debugBar->addCollector(new DebugBar\DataCollector\PDO\PDOCollector($this->db));
 		}
 		else {
 			$this->db = new OTS_DB_MySQL($params);
 		}
        $this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    }
--- a/system/libs/pot/OTS_Monster.php
+++ b/system/libs/pot/OTS_Monster.php
@@ -286,6 +286,10 @@ class OTS_Monster extends DOMDocument
        $element = $this->documentElement->getElementsByTagName('look')->item(0);
        if (!$element) {
            return $look;
        }
        $look['type'] = $element->getAttribute('type');
        $look['typeex'] = $element->getAttribute('typeex');
        $look['head'] = $element->getAttribute('head');
--- a/system/libs/spells.php
+++ b/system/libs/spells.php
@@ -8,6 +8,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Spell;
 defined('MYAAC') or die('Direct access not allowed!');
 class Spells {
@@ -31,9 +34,11 @@ class Spells {
 	}
 		public static function loadFromXML($show = false) {
-		global $config, $db;
+		global $config;
-		try { $db->exec('DELETE FROM `' . TABLE_PREFIX . 'spells`;'); } catch(PDOException $error) {}
+		try {
 			Spell::query()->delete();
 		} catch(Exception $error) {}
 		if($show) {
 			echo '<h2>Reload spells.</h2>';
@@ -63,7 +68,7 @@ class Spells {
 				continue;
 			try {
-				$db->insert(TABLE_PREFIX . 'spells', array(
+				Spell::create(array(
 					'name' => $name,
 					'words' => $words,
 					'type' => 2,
@@ -105,7 +110,7 @@ class Spells {
 				continue;
 			try {
-				$db->insert(TABLE_PREFIX . 'spells', array(
+				Spell::create(array(
 					'name' => $name,
 					'words' => $words,
 					'type' => 1,
@@ -142,7 +147,7 @@ class Spells {
 			$name = $spell->getName() . ' Rune';
 			try {
-				$db->insert(TABLE_PREFIX . 'spells', array(
+				Spell::create(array(
 					'name' => $name,
 					'words' => $spell->getWords(),
 					'type' => 3,
--- a/system/libs/usage_statistics.php
+++ b/system/libs/usage_statistics.php
@@ -106,8 +106,8 @@ WHERE TABLE_SCHEMA = "' . $config['database_name'] . '";');
 		}
 		$ret['templates'] = get_templates();
-		$ret['date_timezone'] = $config['date_timezone'];
+		$ret['date_timezone'] = setting('core.date_timezone');
-		$ret['backward_support'] = $config['backward_support'];
+		$ret['backward_support'] = setting('core.backward_support');
 		$cache_engine = strtolower($config['cache_engine']);
 		if($cache_engine == 'auto') {
--- a/system/libs/validator.php
+++ b/system/libs/validator.php
@@ -7,6 +7,10 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Monster;
 use MyAAC\Models\Spell;
 defined('MYAAC') or die('Direct access not allowed!');
 class Validator
@@ -307,8 +311,7 @@ class Validator
 		$monstersCheck = setting('core.create_character_name_monsters_check');
 		if ($monstersCheck) {
-			$monsters = $db->query('SELECT `name` FROM `' . TABLE_PREFIX . 'monsters` WHERE `name` LIKE ' . $db->quote($name_lower));
+			if (Monster::where('name', 'like', $name_lower)->exists()) {
 			if ($monsters->rowCount() > 0) {
 				self::$lastError = 'Your name cannot contains monster name.';
 				return false;
 			}
@@ -316,14 +319,12 @@ class Validator
 		$spellsCheck = setting('core.create_character_name_spells_check');
 		if ($spellsCheck) {
-			$spells_name = $db->query('SELECT `name` FROM `' . TABLE_PREFIX . 'spells` WHERE `name` LIKE ' . $db->quote($name_lower));
+			if (Spell::where('name', 'like', $name_lower)->exists()) {
 			if ($spells_name->rowCount() > 0) {
 				self::$lastError = 'Your name cannot contains spell name.';
 				return false;
 			}
-			$spells_words = $db->query('SELECT `words` FROM `' . TABLE_PREFIX . 'spells` WHERE `words` = ' . $db->quote($name_lower));
+			if (Spell::where('words', $name_lower)->exists()) {
 			if ($spells_words->rowCount() > 0) {
 				self::$lastError = 'Your name cannot contains spell name.';
 				return false;
 			}
--- a/system/libs/visitors.php
+++ b/system/libs/visitors.php
@@ -7,6 +7,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Visitor;
 defined('MYAAC') or die('Direct access not allowed!');
 class Visitors
@@ -54,9 +57,7 @@ class Visitors
 			return isset($this->data[$ip]);
 		}
-		global $db;
+		return Visitor::where('ip', $ip)->exists();
 		$users = $db->query('SELECT COUNT(`ip`) as count FROM `' . TABLE_PREFIX . 'visitors' . '` WHERE ' . $db->fieldName('ip') . ' = ' . $db->quote($ip))->fetch();
 		return ($users['count'] > 0);
 	}
 	private function cleanVisitors()
@@ -73,8 +74,7 @@ class Visitors
 			return;
 		}
-		global $db;
+		Visitor::where('lastvisit', '<', (time() - $this->sessionTime * 60))->delete();
 		$db->exec('DELETE FROM ' . $db->tableName(TABLE_PREFIX . 'visitors') . ' WHERE ' . $db->fieldName('lastvisit') . ' < ' . (time() - $this->sessionTime * 60));
 	}
 	private function updateVisitor($ip, $page, $userAgent)
@@ -84,8 +84,7 @@ class Visitors
 			return;
 		}
-		global $db;
+		Visitor::where('ip', $ip)->update(['lastvisit' => time(), 'page' => $page, 'user_agent' => $userAgent]);
 		$db->update(TABLE_PREFIX . 'visitors', ['lastvisit' => time(), 'page' => $page, 'user_agent' => $userAgent], ['ip' => $ip]);
 	}
 	private function addVisitor($ip, $page, $userAgent)
@@ -95,8 +94,7 @@ class Visitors
 			return;
 		}
-		global $db;
+		Visitor::create(['ip' => $ip, 'lastvisit' => time(), 'page' => $page, 'user_agent' => $userAgent]);
 		$db->insert(TABLE_PREFIX . 'visitors', ['ip' => $ip, 'lastvisit' => time(), 'page' => $page, 'user_agent' => $userAgent]);
 	}
 	public function getVisitors()
@@ -108,8 +106,7 @@ class Visitors
 			return $this->data;
 		}
-		global $db;
+		return Visitor::orderByDesc('lastvisit')->get()->toArray();
 		return $db->query('SELECT ' . $db->fieldName('ip') . ', ' . $db->fieldName('lastvisit') . ', ' . $db->fieldName('page') . ', ' . $db->fieldName('user_agent') . ' FROM ' . $db->tableName(TABLE_PREFIX . 'visitors') . ' ORDER BY ' . $db->fieldName('lastvisit') . ' DESC')->fetchAll();
 	}
 	public function getAmountVisitors()
@@ -118,9 +115,7 @@ class Visitors
 			return count($this->data);
 		}
-		global $db;
+		return Visitor::count();
 		$users = $db->query('SELECT COUNT(`ip`) as count FROM `' . TABLE_PREFIX . 'visitors`')->fetch();
 		return $users['count'];
 	}
 	public function show() {
--- a/system/libs/weapons.php
+++ b/system/libs/weapons.php
@@ -8,6 +8,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Weapon;
 defined('MYAAC') or die('Direct access not allowed!');
 class Weapons {
@@ -15,10 +18,10 @@ class Weapons {
 	public static function loadFromXML($show = false)
 	{
-		global $config, $db;
+		global $config;
 		try {
-			$db->exec("DELETE FROM `myaac_weapons`;");
+			Weapon::query()->delete();
 		} catch (PDOException $error) {
 		}
@@ -45,7 +48,7 @@ class Weapons {
 	}
 	public static function parseNode($node, $show = false) {
-		global $config, $db;
+		global $config;
 		$id = (int)$node->getAttribute('id');
 		$vocations_ids = array_flip($config['vocations']);
@@ -64,14 +67,15 @@ class Weapons {
 			$vocations[$voc_id] = strlen($show) == 0 || $show != '0';
 		}
-		$exist = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'weapons` WHERE `id` = ' . $id);
+		if(Weapon::find($id)) {
 		if($exist->rowCount() > 0) {
 			if($show) {
 				warning('Duplicated weapon with id: ' . $id);
 			}
 		}
 		else {
-			$db->insert(TABLE_PREFIX . 'weapons', array('id' => $id, 'level' => $level, 'maglevel' => $maglevel, 'vocations' => json_encode($vocations)));
+			Weapon::create([
 				'id' => $id, 'level' => $level, 'maglevel' => $maglevel, 'vocations' => json_encode($vocations)
 			]);
 		}
 	}
--- a/system/logout.php
+++ b/system/logout.php
@@ -7,6 +7,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\CsrfToken;
 defined('MYAAC') or die('Direct access not allowed!');
 if(isset($account_logged) && $account_logged->isLoaded()) {
@@ -15,6 +18,8 @@ if(isset($account_logged) && $account_logged->isLoaded()) {
 		unsetSession('password');
 		unsetSession('remember_me');
 		CsrfToken::generate();
 		$logged = false;
 		unset($account_logged);
--- a/system/migrations/17.php
+++ b/system/migrations/17.php
@@ -14,75 +14,9 @@ CREATE TABLE `myaac_menu`
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 ");
 	$db->query("
 /* MENU_CATEGORY_NEWS kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Latest News', 'news', 1, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'News Archive', 'news/archive', 1, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Changelog', 'changelog', 1, 2);
 /* MENU_CATEGORY_ACCOUNT kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Account Management', 'account/manage', 2, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Create Account', 'account/create', 2, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Lost Account?', 'account/lost', 2, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Rules', 'rules', 2, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Downloads', 'downloads', 5, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Report Bug', 'bugtracker', 2, 5);
 /* MENU_CATEGORY_COMMUNITY kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Who is Online?', 'online', 3, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Characters', 'characters', 3, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Guilds', 'guilds', 3, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Highscores', 'highscores', 3, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Last Deaths', 'lastkills', 3, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Houses', 'houses', 3, 5);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Bans', 'bans', 3, 6);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Forum', 'forum', 3, 7);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Team', 'team', 3, 8);
 /* MENU_CATEGORY_LIBRARY kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Monsters', 'creatures', 5, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Spells', 'spells', 5, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Info', 'serverInfo', 5, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Commands', 'commands', 5, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Gallery', 'gallery', 5, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Experience Table', 'experienceTable', 5, 5);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'FAQ', 'faq', 5, 6);
 /* MENU_CATEGORY_SHOP kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Buy Points', 'points', 6, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop Offer', 'gifts', 6, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop History', 'gifts/history', 6, 2);
 /* MENU_CATEGORY_NEWS tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Latest News', 'news', 1, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'News Archive', 'news/archive', 1, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Changelog', 'changelog', 1, 2);
 /* MENU_CATEGORY_ACCOUNT tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Account Management', 'account/manage', 2, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Create Account', 'account/create', 2, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Lost Account?', 'account/lost', 2, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Rules', 'rules', 2, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Downloads', 'downloads', 2, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Report Bug', 'bugtracker', 2, 5);
 /* MENU_CATEGORY_COMMUNITY tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Characters', 'characters', 3, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Who Is Online?', 'online', 3, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Highscores', 'highscores', 3, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Last Kills', 'lastkills', 3, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Houses', 'houses', 3, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Guilds', 'guilds', 3, 5);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Polls', 'polls', 3, 6);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Bans', 'bans', 3, 7);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Support List', 'team', 3, 8);
 /* MENU_CATEGORY_FORUM tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Forum', 'forum', 4, 0);
 /* MENU_CATEGORY_LIBRARY tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Creatures', 'creatures', 5, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Spells', 'spells', 5, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Commands', 'commands', 5, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Exp Stages', 'experienceStages', 5, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Gallery', 'gallery', 5, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Info', 'serverInfo', 5, 5);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Experience Table', 'experienceTable', 5, 6);
 /* MENU_CATEGORY_SHOP tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Buy Points', 'points', 6, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop Offer', 'gifts', 6, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop History', 'gifts/history', 6, 2);
 	");
 }
 require_once LIBS . 'plugins.php';
 Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php');
 Plugins::installMenus('tibiacom', require TEMPLATES . 'tibiacom/menus.php');
--- a/system/pages/account/change_comment.php
+++ b/system/pages/account/change_comment.php
@@ -8,6 +8,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Player;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Change Comment';
@@ -17,36 +20,36 @@ if(!$logged) {
 	return;
 }
 $player = null;
 $player_name = isset($_REQUEST['name']) ? stripslashes(urldecode($_REQUEST['name'])) : null;
 $new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
 $new_hideacc = isset($_POST['accountvisible']) ? (int)$_POST['accountvisible'] : NULL;
 if($player_name != null) {
 	if (Validator::characterName($player_name)) {
-		$player = new OTS_Player();
+		$player = Player::query()
-		$player->find($player_name);
+			->where('name', $player_name)
-		if ($player->isLoaded()) {
+			->where('account_id', $account_logged->getId())
-			$player_account = $player->getAccount();
+			->first();
 			if ($account_logged->getId() == $player_account->getId()) {
 				if ($player->isDeleted()) {
 					$errors[] = 'This character is deleted.';
 					$player = null;
 				}
-				if (isset($_POST['changecommentsave']) && $_POST['changecommentsave'] == 1) {
+		if ($player) {
-					if(empty($errors)) {
+			if ($player->is_deleted) {
-						$player->setCustomField("hidden", $new_hideacc);
+				$errors[] = 'This character is deleted.';
-						$player->setCustomField("comment", $new_comment);
+				$player = null;
-						$account_logged->logAction('Changed comment for character <b>' . $player->getName() . '</b>.');
+			}
-						$twig->display('success.html.twig', array(
+
-							'title' => 'Character Information Changed',
+			if (isset($_POST['changecommentsave']) && $_POST['changecommentsave'] == 1) {
-							'description' => 'The character information has been changed.'
+				if(empty($errors)) {
-						));
+					$player->hidden = $new_hideacc;
-						$show_form = false;
+					$player->comment = $new_comment;
-					}
+					$player->save();
 					$account_logged->logAction('Changed comment for character <b>' . $player->name . '</b>.');
 					$twig->display('success.html.twig', array(
 						'title' => 'Character Information Changed',
 						'description' => 'The character information has been changed.'
 					));
 					$show_form = false;
 				}
 			} else {
 				$errors[] = 'Error. Character <b>' . $player_name . '</b> is not on your account.';
 			}
 		} else {
 			$errors[] = "Error. Character with this name doesn't exist.";
@@ -64,9 +67,9 @@ if($show_form) {
 		$twig->display('error_box.html.twig', array('errors' => $errors));
 	}
-	if(isset($player) && $player->isLoaded()) {
+	if(isset($player) && $player) {
 		$twig->display('account.change_comment.html.twig', array(
-			'player' => $player
+			'player' => $player->toArray()
 		));
 	}
 }
--- a/system/pages/account/change_email.php
+++ b/system/pages/account/change_email.php
@@ -43,7 +43,7 @@ if($email_new_time < 10) {
 		}
 		if(empty($errors)) {
-			$email_new_time = time() + $config['account_mail_change'] * 24 * 3600;
+			$email_new_time = time() + setting('core.account_mail_change') * 24 * 3600;
 			$account_logged->setCustomField("email_new", $email_new);
 			$account_logged->setCustomField("email_new_time", $email_new_time);
 			$twig->display('success.html.twig', array(
@@ -92,18 +92,22 @@ else
 	<tr>
 		<td width="30">&nbsp;</td>
 		<td align=left>
-			<form action="' . getLink('account/email') . '" method="post"><input type="hidden" name="changeemailsave" value=1 >
+			<form action="' . getLink('account/email') . '" method="post">
 				' . csrf() . '
 				<input type="hidden" name="changeemailsave" value=1 >
 				<INPUT TYPE=image NAME="I Agree" SRC="' . $template_path . '/images/global/buttons/sbutton_iagree.gif" BORDER=0 WIDTH=120 HEIGHT=17>
 			</form>
 		</td>
 		<td align=left>
 			<form action="' . getLink('account/email') . '" method="post">
 				' . csrf() . '
 				<input type="hidden" name="emailchangecancel" value=1 >
 				' . $twig->render('buttons.cancel.html.twig') . '
 			</form>
 		</td>
 		<td align=right>
 			<form action="?subtopic=accountmanagement" method="post" >
 				' . csrf() . '
 				' . $twig->render('buttons.back.html.twig') . '
 			</form>
 		</td>
@@ -125,6 +129,7 @@ else
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0" >
 				<form action="' .getLink('account/email') . '" method="post" >
 					' . csrf() . '
 					<tr>
 						<td style="border:0px;" >
 							<input type="hidden" name="emailchangecancel" value="1" >
@@ -137,6 +142,7 @@ else
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0" >
 				<form action="' . getLink('account/manage') . '" method="post" >
 					' . csrf() . '
 					<tr>
 						<td style="border:0px;" >
 							' . $twig->render('buttons.back.html.twig') . '
--- a/system/pages/account/change_info.php
+++ b/system/pages/account/change_info.php
@@ -8,6 +8,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Account;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Change Info';
@@ -17,9 +20,11 @@ if(!$logged) {
 	return;
 }
-if($config['account_country'])
+if(setting('core.account_country'))
 	require SYSTEM . 'countries.conf.php';
 $account = Account::find($account_logged->getId());
 $show_form = true;
 $new_rlname = isset($_POST['info_rlname']) ? htmlspecialchars(stripslashes($_POST['info_rlname'])) : NULL;
 $new_location = isset($_POST['info_location']) ? htmlspecialchars(stripslashes($_POST['info_location'])) : NULL;
@@ -30,9 +35,10 @@ if(isset($_POST['changeinfosave']) && $_POST['changeinfosave'] == 1) {
 	if(empty($errors)) {
 		//save data from form
-		$account_logged->setCustomField("rlname", $new_rlname);
+		$account->rlname = $new_rlname;
-		$account_logged->setCustomField("location", $new_location);
+		$account->location = $new_location;
-		$account_logged->setCustomField("country", $new_country);
+		$account->country = $new_country;
 		$account->save();
 		$account_logged->logAction('Changed Real Name to <b>' . $new_rlname . '</b>, Location to <b>' . $new_location . '</b> and Country to <b>' . $config['countries'][$new_country] . '</b>.');
 		$twig->display('success.html.twig', array(
 			'title' => 'Public Information Changed',
@@ -47,10 +53,10 @@ if(isset($_POST['changeinfosave']) && $_POST['changeinfosave'] == 1) {
 //show form
 if($show_form) {
-	$account_rlname = $account_logged->getCustomField("rlname");
+	$account_rlname = $account->rlname;
-	$account_location = $account_logged->getCustomField("location");
+	$account_location = $account->location;
-	if ($config['account_country']) {
+	if (setting('core.account_country')) {
-		$account_country = $account_logged->getCustomField("country");
+		$account_country = $account->country;
 		$countries = array();
 		foreach (array('pl', 'se', 'br', 'us', 'gb',) as $country)
--- a/system/pages/account/change_password.php
+++ b/system/pages/account/change_password.php
@@ -18,18 +18,18 @@ if(!$logged) {
 }
 $new_password = $_POST['newpassword'] ?? NULL;
-$new_password2 = $_POST['newpassword2'] ?? NULL;
+$new_password_confirm = $_POST['newpassword_confirm'] ?? NULL;
 $old_password = $_POST['oldpassword'] ?? NULL;
-if(empty($new_password) && empty($new_password2) && empty($old_password)) {
+if(empty($new_password) && empty($new_password_confirm) && empty($old_password)) {
 	$twig->display('account.change_password.html.twig');
 }
 else
 {
-	if(empty($new_password) || empty($new_password2) || empty($old_password)){
+	if(empty($new_password) || empty($new_password_confirm) || empty($old_password)){
 		$errors[] = 'Please fill in form.';
 	}
 	$password_strlen = strlen($new_password);
-	if($new_password != $new_password2) {
+	if($new_password != $new_password_confirm) {
 		$errors[] = 'The new passwords do not match!';
 	}
--- a/system/pages/account/confirm_email.php
+++ b/system/pages/account/confirm_email.php
@@ -7,6 +7,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Account;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Confirm Email';
@@ -17,14 +20,12 @@ if(empty($hash)) {
 	return;
 }
-$res = $db->query('SELECT `email_hash` FROM `accounts` WHERE `email_hash` = ' . $db->quote($hash));
+if(!Account::where('email_hash', $hash)->exists()) {
 if(!$res->rowCount()) {
 	note("Your email couldn't be verified. Please contact staff to do it manually.");
 }
 else
 {
-	$query = $db->query('SELECT id FROM accounts WHERE email_hash = ' . $db->quote($hash) . ' AND email_verified = 0');
+	if (Account::where('email_hash', $hash)->where('email_verified', 0)->exists()) {
 	if ($query->rowCount() == 1) {
 		$query = $query->fetch(PDO::FETCH_ASSOC);
 		$account = new OTS_Account();
 		$account->load($query['id']);
@@ -33,7 +34,7 @@ else
 		}
 	}
-	$db->update('accounts', array('email_verified' => '1'), array('email_hash' => $hash));
+	Account::where('email_hash', $hash)->update('email_verified', 1);
 	success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.');
 }
 ?>
--- a/system/pages/account/create.php
+++ b/system/pages/account/create.php
@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Create Account';
-if($config['account_country'])
+if (setting('core.account_country'))
 	require SYSTEM . 'countries.conf.php';
 if($logged)
@@ -20,7 +20,7 @@ if($logged)
 	return;
 }
-if(config('account_create_character_create')) {
+if(setting('core.account_create_character_create')) {
 	require_once LIBS . 'CreateCharacter.php';
 	$createCharacter = new CreateCharacter();
 }
@@ -50,7 +50,7 @@ if($save)
 	$email = $_POST['email'];
 	$password = $_POST['password'];
-	$password2 = $_POST['password2'];
+	$password_confirm = $_POST['password_confirm'];
 	// account
 	if(!config('account_login_by_email')) {
@@ -68,7 +68,7 @@ if($save)
 	// country
 	$country = '';
-	if($config['account_country'])
+	if (setting('core.account_country'))
 	{
 		$country = $_POST['country'];
 		if(!isset($country))
@@ -81,7 +81,7 @@ if($save)
 	if(empty($password)) {
 		$errors['password'] = 'Please enter the password for your new account.';
 	}
-	elseif($password != $password2) {
+	elseif($password != $password_confirm) {
 		$errors['password'] = 'Passwords are not the same.';
 	}
 	else if(!Validator::password($password)) {
@@ -93,7 +93,7 @@ if($save)
 		$errors['password'] = 'Password may not be the same as account name.';
 	}
-	if($config['account_mail_unique'])
+	if(setting('core.account_mail_unique'))
 	{
 		$test_email_account = new OTS_Account();
 		$test_email_account->findByEMail($email);
@@ -115,7 +115,7 @@ if($save)
 	}
 	if($account_db->isLoaded()) {
-		if (config('account_login_by_email') && !config('account_mail_unique')) {
+		if (config('account_login_by_email') && !setting('core.account_mail_unique')) {
 			$errors['account'] = 'Account with this email already exist.';
 		}
 		else if (!config('account_login_by_email')) {
@@ -134,7 +134,7 @@ if($save)
 		'email' => $email,
 		'country' => $country,
 		'password' => $password,
-		'password2' => $password2,
+		'password_confirm' => $password_confirm,
 		'accept_rules' => isset($_POST['accept_rules']) ? $_POST['accept_rules'] === 'true' : false,
 	);
@@ -150,7 +150,7 @@ if($save)
 		return;
 	}
-	if(config('account_create_character_create')) {
+	if(setting('core.account_create_character_create')) {
 		$character_name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : null;
 		$character_sex = isset($_POST['sex']) ? (int)$_POST['sex'] : null;
 		$character_vocation = isset($_POST['vocation']) ? (int)$_POST['vocation'] : null;
@@ -191,27 +191,28 @@ if($save)
 		$new_account->setCustomField('created', time());
 		$new_account->logAction('Account created.');
-		if($config['account_country']) {
+		if(setting('core.account_country')) {
 			$new_account->setCustomField('country', $country);
 		}
-		if($config['account_premium_days'] && $config['account_premium_days'] > 0) {
+		$settingAccountPremiumDays = setting('core.account_premium_days');
 		if($settingAccountPremiumDays && $settingAccountPremiumDays > 0) {
 			if($db->hasColumn('accounts', 'premend')) { // othire
-				$new_account->setCustomField('premend', time() + $config['account_premium_days'] * 86400);
+				$new_account->setCustomField('premend', time() + $settingAccountPremiumDays * 86400);
 			}
 			else { // rest
 				if ($db->hasColumn('accounts', 'premium_ends_at')) { // TFS 1.4+
-					$new_account->setCustomField('premium_ends_at', time() + $config['account_premium_days'] * (60 * 60 * 24));
+					$new_account->setCustomField('premium_ends_at', time() + $settingAccountPremiumDays * (60 * 60 * 24));
 				}
 				else {
-					$new_account->setCustomField('premdays', $config['account_premium_days']);
+					$new_account->setCustomField('premdays', $settingAccountPremiumDays);
 					$new_account->setCustomField('lastday', time());
 				}
 			}
 		}
-		if($config['account_premium_points']) {
+		if(setting('core.account_premium_points') && setting('core.account_premium_points') > 0) {
-			$new_account->setCustomField('premium_points', $config['account_premium_points']);
+			$new_account->setCustomField('premium_points', setting('core.account_premium_points'));
 		}
 		$tmp_account = $email;
@@ -219,7 +220,7 @@ if($save)
 			$tmp_account = (USE_ACCOUNT_NAME ? $account_name : $account_id);
 		}
-		if(setting('core.mail_enabled') && $config['account_mail_verify'])
+		if(setting('core.mail_enabled') && setting('core.account_mail_verify'))
 		{
 			$hash = md5(generateRandomString(16, true, true) . $email);
 			$new_account->setCustomField('email_hash', $hash);
@@ -238,7 +239,7 @@ if($save)
 					'description' => 'Your account ' . $account_type . ' is <b>' . $tmp_account . '</b><br/>You will need the account ' . $account_type . ' and your password to play on ' . configLua('serverName') . '.
 						Please keep your account ' . $account_type . ' and password in a safe place and
 						never give your account ' . $account_type . ' or password to anybody.',
-					'custom_buttons' => config('account_create_character_create') ? '' : null
+					'custom_buttons' => setting('core.account_create_character_create') ? '' : null
 				));
 			}
 			else
@@ -249,7 +250,7 @@ if($save)
 		}
 		else
 		{
-			if(config('account_create_character_create')) {
+			if(setting('core.account_create_character_create')) {
 				// character creation
 				$character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors);
 				if (!$character_created) {
@@ -258,7 +259,7 @@ if($save)
 				}
 			}
-			if(config('account_create_auto_login')) {
+			if(setting('core.account_create_auto_login')) {
 				if ($hasBeenCreatedByEMail) {
 					$_POST['account_login'] = $email;
 				}
@@ -266,14 +267,14 @@ if($save)
 					$_POST['account_login'] = USE_ACCOUNT_NAME ? $account_name : $account_id;
 				}
-				$_POST['password_login'] = $password2;
+				$_POST['password_login'] = $password_confirm;
 				require PAGES . 'account/login.php';
 				header('Location: ' . getLink('account/manage'));
 			}
 			echo 'Your account';
-			if(config('account_create_character_create')) {
+			if(setting('core.account_create_character_create')) {
 				echo ' and character have';
 			}
 			else {
@@ -281,7 +282,7 @@ if($save)
 			}
 			echo ' been created.';
-			if(!config('account_create_character_create')) {
+			if(!setting('core.account_create_character_create')) {
 				echo ' Now you can login and create your first character.';
 			}
@@ -291,10 +292,10 @@ if($save)
 				'description' => 'Your account ' . $account_type . ' is <b>' . $tmp_account . '</b><br/>You will need the account ' . $account_type . ' and your password to play on ' . configLua('serverName') . '.
 						Please keep your account ' . $account_type . ' and password in a safe place and
 						never give your account ' . $account_type . ' or password to anybody.',
-				'custom_buttons' => config('account_create_character_create') ? '' : null
+				'custom_buttons' => setting('core.account_create_character_create') ? '' : null
 			));
-			if(setting('core.mail_enabled') && $config['account_welcome_mail'])
+			if(setting('core.mail_enabled') && setting('core.account_welcome_mail'))
 			{
 				$mailBody = $twig->render('account.welcome_mail.html.twig', array(
 					'account' => $tmp_account
@@ -330,7 +331,7 @@ if(setting('core.account_country_recognize')) {
 if(!empty($errors))
 	$twig->display('error_box.html.twig', array('errors' => $errors));
-if($config['account_country']) {
+if (setting('core.account_country')) {
 	$countries = array();
 	foreach (array('pl', 'se', 'br', 'us', 'gb') as $c)
 		$countries[$c] = $config['countries'][$c];
@@ -353,7 +354,7 @@ $params = array(
 	'save' => $save
 );
-if($save && config('account_create_character_create')) {
+if($save && setting('core.account_create_character_create')) {
 	$params = array_merge($params, array(
 		'name' => $character_name,
 		'sex' => $character_sex,
--- a/system/pages/bans.php
+++ b/system/pages/bans.php
@@ -11,8 +11,8 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Bans list';
-$configBansPerPage = config('bans_per_page');
+$configBansPerPage = setting('core.bans_per_page');
-$_page = isset($_GET['page']) ? $_GET['page'] : 1;
+$_page = $_GET['page'] ?? 1;
 if(!is_numeric($_page) || $_page < 1 || $_page > PHP_INT_MAX) {
 	$_page = 1;
@@ -50,7 +50,8 @@ if(!$bansQuery->rowCount())
 $nextPage = false;
 $i = 0;
-$bans = $bansQuery->fetchAll();
+$bans = $bansQuery->fetchAll(PDO::FETCH_ASSOC);
 foreach ($bans as $id => &$ban)
 {
 	if(++$i > $configBansPerPage)
@@ -69,11 +70,22 @@ foreach ($bans as $id => &$ban)
 		$accountId = $ban['account_id'];
 	}
-	$ban['player'] = getPlayerLink(getPlayerNameByAccount($accountId));
+	$playerName = 'Unknown';
 	if ($configBans['hasType']) {
 		$ban['type'] = getBanType($ban['type']);
 		if ($ban['type'] == 2) { // namelock
 			$playerName = getPlayerNameById($accountId);
 		}
 		else {
 			$playerName = getPlayerNameByAccount($accountId);
 		}
 	}
 	else {
 		$playerName = getPlayerNameByAccount($accountId);
 	}
 	$ban['player'] = getPlayerLink($playerName);
 	$expiresColumn = 'expires_at';
 	if ($db->hasColumn('bans', 'expires')) {
@@ -104,7 +116,7 @@ foreach ($bans as $id => &$ban)
 		}
 	}
 	else {
-		$addedBy = getPlayerLink(getPlayerNameByAccount($ban['banned_by']));
+		$addedBy = getPlayerLink(getPlayerNameById($ban['banned_by']));
 	}
 	if ($db->hasColumn('bans', 'added')) {
--- a/system/pages/bugtracker.php
+++ b/system/pages/bugtracker.php
@@ -8,6 +8,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\BugTracker;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Bug tracker';
@@ -29,10 +32,10 @@ $showed = $post = $reply = false;
    if(admin() and isset($_REQUEST['control']) && $_REQUEST['control'] == "true")
    {
        if(empty($_REQUEST['id']) and empty($_REQUEST['acc']) or !is_numeric($_REQUEST['acc']) or !is_numeric($_REQUEST['id']) )
-            $bug[1] = $db->query('SELECT * FROM '.$db->tableName(TABLE_PREFIX . 'bugtracker').' where `type` = 1 order by `uid` desc');
+            $bug[1] = BugTracker::where('type', 1)->orderByDesc('uid')->get()->toArray();
        if(!empty($_REQUEST['id']) and is_numeric($_REQUEST['id']) and !empty($_REQUEST['acc']) and is_numeric($_REQUEST['acc']))
-            $bug[2] = $db->query('SELECT * FROM '.$db->tableName(TABLE_PREFIX . 'bugtracker').' where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].' and `type` = 1')->fetch();
+			$bug[2] = BugTracker::where('type', 1)->where('account', $_REQUEST['acc'])->where('id', $_REQUEST['id'])->get()->toArray();
        if(!empty($_REQUEST['id']) and is_numeric($_REQUEST['id']) and !empty($_REQUEST['acc']) and is_numeric($_REQUEST['acc']))
        {
@@ -67,7 +70,7 @@ $showed = $post = $reply = false;
                echo '<TR BGCOLOR="'.$light.'"><td colspan=2>'.nl2br($bug[2]['text']).'</td></tr>';
                echo '</TABLE>';
-                $answers = $db->query('SELECT * FROM '.$db->tableName(TABLE_PREFIX . 'bugtracker').' where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].' and `type` = 2 order by `reply`');
+                $answers = BugTracker::where('account', $_REQUEST['acc'])->where('id', $_REQUEST['id'])->where('type', 2)->orderBy('reply')->get()->toArray();
                foreach($answers as $answer)
                {
                    if($answer['who'] == 1)
@@ -88,9 +91,9 @@ $showed = $post = $reply = false;
            {
                if($bug[2]['status'] != 3)
                {
-                    $reply = $db->query('SELECT MAX(reply) FROM `' . TABLE_PREFIX . 'bugtracker` where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].' and `type` = 2')->fetch();
+                    $reply = BugTracker::where('account', $_REQUEST['acc'])->where('id', $_REQUEST['id'])->where('type', 2)->max('reply');
-                    $reply = $reply[0] + 1;
+                    $reply = $reply + 1;
-                    $iswho = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'bugtracker` where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].' and `type` = 2 order by `reply` desc limit 1')->fetch();
+                    $iswho =  BugTracker::where('account', $_REQUEST['acc'])->where('id', $_REQUEST['id'])->where('type', 2)->orderByDesc('reply')->first()->toArray();
                    if(isset($_POST['finish']))
                    {
@@ -109,8 +112,17 @@ $showed = $post = $reply = false;
                        else
                        {
                            $type = 2;
-                            $INSERT = $db->query('INSERT INTO `' . TABLE_PREFIX . 'bugtracker` (`account`,`id`,`text`,`reply`,`type`, `who`) VALUES ('.$db->quote($_REQUEST['acc']).','.$db->quote($_REQUEST['id']).','.$db->quote($_POST['text']).','.$db->quote($reply).','.$db->quote($type).','.$db->quote(1).')');
+                            $INSERT =  BugTracker::create([
-                            $UPDATE = $db->query('UPDATE `' . TABLE_PREFIX . 'bugtracker` SET `status` = '.$_POST['status'].' where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].'');
+								'account' => $_REQUEST['aac'],
 								'id' => $_REQUEST['id'],
 								'text' => $_POST['text'],
 								'reply' => $reply,
 								'type' => $type,
 								'who' => 1,
 							]);
                            $UPDATE = Bugtracker::where('id', $_REQUEST['id'])->where('account', $_REQUEST['acc'])->update([
 								'status' => $_POST['status']
 							]);
                            header('Location: ?subtopic=bugtracker&control=true&id='.$_REQUEST['id'].'&acc='.$_REQUEST['acc'].'');
                        }
                    }
@@ -159,10 +171,10 @@ $showed = $post = $reply = false;
            $id = addslashes(htmlspecialchars(trim($_REQUEST['id'])));
        if(empty($_REQUEST['id']))
-            $bug[1] = $db->query('SELECT * FROM '.$db->tableName(TABLE_PREFIX . 'bugtracker').' where `account` = '.$account_logged->getId().' and `type` = 1 order by `id` desc');
+            $bug[1] = BugTracker::where('account', $account_logged->getId())->where('type', 1)->orderBy('id')->get()->toArray();
        if(!empty($_REQUEST['id']) and is_numeric($_REQUEST['id']))
-            $bug[2] = $db->query('SELECT * FROM '.$db->tableName(TABLE_PREFIX . 'bugtracker').' where `account` = '.$account_logged->getId().' and `id` = '.$id.' and `type` = 1')->fetch();
+            $bug[2] = BugTracker::where('account', $account_logged->getId())->where('type', 1)->where('id', $id)->get()->toArray();
        else
            $bug[2] = NULL;
@@ -186,7 +198,7 @@ $showed = $post = $reply = false;
                echo '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br($bug[2]['text']).'</td></tr>';
                echo '</TABLE>';
-                $answers = $db->query('SELECT * FROM '.$db->tableName('myaac_bugtracker').' where `account` = '.$account_logged->getId().' and `id` = '.$id.' and `type` = 2 order by `reply`');
+                $answers = Bugtracker::where('account', $account_logged->getId())->where('id', $id)->where('type', 2)->orderBy('reply')->get()->toArray();
                foreach($answers as $answer)
                {
                    if($answer['who'] == 1)
@@ -207,9 +219,9 @@ $showed = $post = $reply = false;
            {
                if($bug[2]['status'] != 3)
                {
-                    $reply = $db->query('SELECT MAX(reply) FROM `' . TABLE_PREFIX . 'bugtracker` where `account` = '.$acc.' and `id` = '.$id.' and `type` = 2')->fetch();
+                    $reply = BugTracker::where('account', $aac)->where('id', $id)->where('type', 2)->max('reply');
-                    $reply = $reply[0] + 1;
+                    $reply = $reply + 1;
-                    $iswho = $db->query('SELECT * FROM `myaac_bugtracker` where `account` = '.$acc.' and `id` = '.$id.' and `type` = 2 order by `reply` desc limit 1')->fetch();
+                    $iswho = BugTracker::where('account', $acc)->where('id', $id)->where('type', 2)->orderByDesc('reply')->first()->toArray();
                    if(isset($_POST['finish']))
                    {
@@ -228,8 +240,16 @@ $showed = $post = $reply = false;
                        else
                        {
                            $type = 2;
-                            $INSERT = $db->query('INSERT INTO `myaac_bugtracker` (`account`,`id`,`text`,`reply`,`type`) VALUES ('.$db->quote($acc).','.$db->quote($id).','.$db->quote($_POST['text']).','.$db->quote($reply).','.$db->quote($type).')');
+                            $INSERT = BugTracker::create([
-                            $UPDATE = $db->query('UPDATE `myaac_bugtracker` SET `status` = 1 where `account` = '.$acc.' and `id` = '.$id.'');
+								'account' => $acc,
 								'id' => $id,
 								'text' => $_POST['text'],
 								'reply' => $reply,
 								'type' => $type
 							]);
                            $UPDATE = BugTracker::where('id', $id)->where('account', $acc)->update([
 								'status' => 1
 							]);
                            header('Location: ?subtopic=bugtracker&id='.$id.'');
                        }
                    }
@@ -289,9 +309,9 @@ $showed = $post = $reply = false;
            }
            elseif(isset($_REQUEST['add']) && $_REQUEST['add'] == TRUE)
            {
-                $thread = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'bugtracker` where `account` = '.$acc.' and `type` = 1 order by `id` desc')->fetch();
+                $thread = BugTracker::where('account', $acc)->where('type', 1)->orderByDesc('id')->get()->toArray();
-                $id_next = $db->query('SELECT MAX(id) FROM `' . TABLE_PREFIX . 'bugtracker` where `account` = '.$acc.' and `type` = 1')->fetch();
+                $id_next = BugTracker::where('account', $acc)->where('type', 1)->max('id');
-                $id_next = $id_next[0] + 1;
+                $id_next = $id_next + 1;
                if(empty($thread))
                    $thread['status'] = 3;
@@ -318,7 +338,16 @@ $showed = $post = $reply = false;
                    {
                        $type = 1;
                        $status = 1;
-                        $INSERT = $db->query('INSERT INTO `' . TABLE_PREFIX . 'bugtracker` (`account`,`id`,`text`,`type`,`subject`, `reply`,`status`,`tag`) VALUES ('.$db->quote($acc).','.$db->quote($id_next).','.$db->quote($_POST['text']).','.$db->quote($type).','.$db->quote($_POST['subject']).', 0,'.$db->quote($status).','.$db->quote($_POST['tags']).')');
+                        $INSERT = BugTracker::create([
 							'account' => $acc,
 							'id' => $id_next,
 							'text' => $_POST['text'],
 							'type' => $type,
 							'subject' => $_POST['subject'],
 							'reply' => 0,
 							'status' => $status,
 							'tag' => $_POST['tags']
 						]);
                        header('Location: ?subtopic=bugtracker&id='.$id_next.'');
                    }
--- a/system/pages/changelog.php
+++ b/system/pages/changelog.php
@@ -10,6 +10,8 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Changelog';
 use MyAAC\Models\Changelog;
 $_page = isset($_GET['page']) ? (int)$_GET['page'] : 0;
 $limit = 30;
 $offset = $_page * $limit;
@@ -17,7 +19,7 @@ $next_page = false;
 $canEdit = hasFlag(FLAG_CONTENT_NEWS) || superAdmin();
-$changelogs = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'changelog` ' . ($canEdit ? '' : 'WHERE `hidden` = 0').' ORDER BY `id` DESC LIMIT ' . ($limit + 1) . ' OFFSET ' . $offset)->fetchAll();
+$changelogs = Changelog::isPublic()->orderByDesc('id')->limit($limit + 1)->offset($offset)->get()->toArray();
 $i = 0;
 foreach($changelogs as $key => &$log)
--- a/system/pages/characters.php
+++ b/system/pages/characters.php
@@ -11,8 +11,6 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Characters';
 require_once SYSTEM . 'item.php';
 $groups = new OTS_Groups_List();
 function generate_search_form($autofocus = false)
 {
@@ -79,10 +77,10 @@ if($player->isLoaded() && !$player->isDeleted())
 	$rows = 0;
 	if($config['characters']['outfit'])
-		$outfit = $config['outfit_images_url'] . '?id=' . $player->getLookType() . ($db->hasColumn('players', 'lookaddons') ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet();
+		$outfit = setting('core.outfit_images_url') . '?id=' . $player->getLookType() . ($db->hasColumn('players', 'lookaddons') ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet();
 	$flag = '';
-	if($config['account_country']) {
+	if(setting('core.account_country')) {
 		$flag = getFlagImage($account->getCountry());
 	}
@@ -425,7 +423,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 	if($db->hasColumn('players', 'deletion'))
 		$deleted = 'deletion';
-	$query = $db->query('SELECT `name`, `level`, `vocation`' . $promotion . ' FROM `players` WHERE `name` LIKE  ' . $db->quote('%' . $name . '%') . ' AND ' . $deleted . ' != 1 LIMIT ' . (int)config('characters_search_limit') . ';');
+	$query = $db->query('SELECT `name`, `level`, `vocation`' . $promotion . ' FROM `players` WHERE `name` LIKE  ' . $db->quote('%' . $name . '%') . ' AND ' . $deleted . ' != 1 LIMIT ' . (int)setting('core.characters_search_limit') . ';');
 	if($query->rowCount() > 0) {
 		echo 'Did you mean:<ul>';
 		foreach($query as $player) {
--- a/system/pages/creatures.php
+++ b/system/pages/creatures.php
@@ -9,13 +9,18 @@
 * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Monster;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Creatures';
 if (empty($_REQUEST['name'])) {
 	// display list of monsters
-	$preview = config('monsters_images_preview');
+	$preview = setting('core.monsters_images_preview');
-	$creatures = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'monsters` WHERE `hidden` != 1 '.(empty($_REQUEST['boss']) ? '': 'AND `rewardboss` = 1').' ORDER BY name asc')->fetchAll();
+	$creatures = Monster::where('hidden', '!=', 1)->when(!empty($_REQUEST['boss']), function ($query) {
 		$query->where('rewardboss', 1);
 	})->get()->toArray();
 	if ($preview) {
 		foreach($creatures as $key => &$creature)
@@ -34,9 +39,7 @@ if (empty($_REQUEST['name'])) {
 // display monster
 $creature_name = urldecode(stripslashes(ucwords(strtolower($_REQUEST['name']))));
-$prep = $db->prepare('SELECT * FROM `' . TABLE_PREFIX . 'monsters` WHERE `hidden` != 1 AND `name` = ? LIMIT 1;');
+$creature = Monster::where('hidden', '!=', 1)->where('name', $creature_name)->first()->toArray();
 $prep->execute([$creature_name]);
 $creature = $prep->fetch();
 if (isset($creature['name'])) {
 	function sort_by_chance($a, $b)
@@ -62,7 +65,7 @@ if (isset($creature['name'])) {
 		$item['name'] = getItemNameById($item['id']);
 		$item['rarity_chance'] = round($item['chance'] / 1000, 2);
 		$item['rarity'] = getItemRarity($item['chance']);
-		$item['tooltip'] = ucfirst($item['name']) . '<br/>Chance: ' . $item['rarity'] . (config('monsters_loot_percentage') ? ' ('. $item['rarity_chance'] .'%)' : '') . '<br/>Max count: ' . $item['count'];
+		$item['tooltip'] = ucfirst($item['name']) . '<br/>Chance: ' . $item['rarity'] . (setting('core.monsters_loot_percentage') ? ' ('. $item['rarity_chance'] .'%)' : '') . '<br/>Max count: ' . $item['count'];
 	}
 	$creature['loot'] = isset($loot) ? $loot : null;
--- a/system/pages/faq.php
+++ b/system/pages/faq.php
@@ -7,6 +7,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\FAQ as ModelsFAQ;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Frequently Asked Questions';
@@ -68,21 +71,23 @@ if($canEdit)
 	));
 }
-$faqs =
+$faqs = ModelsFAQ::select('id', 'question', 'answer')->when(!$canEdit, function ($query) {
-	$db->query('SELECT `id`, `question`, `answer`' .
+	$query->where('hidden', '!=', 1);
-		($canEdit ? ', `hidden`, `ordering`' : '') .
+})->orderBy('ordering');
 		' FROM `' . TABLE_PREFIX . 'faq`' .
 		(!$canEdit ? ' WHERE `hidden` != 1' : '') .
 		' ORDER BY `ordering`;');
-if(!$faqs->rowCount())
+if ($canEdit) {
 	$faqs->addSelect(['hidden', 'ordering']);
 }
 $faqs = $faqs->get()->toArray();
 if(!count($faqs))
 {
 	?>
 	There are no questions added yet.
 	<?php
 }
-$last = $faqs->rowCount();
+$last = count($faqs);
 $twig->display('faq.html.twig', array(
 	'faqs' => $faqs,
 	'last' => $last,
@@ -93,26 +98,17 @@ class FAQ
 {
 	static public function add($question, $answer, &$errors)
 	{
 		global $db;
 		if(isset($question[0]) && isset($answer[0]))
 		{
-			$query = $db->select(TABLE_PREFIX . 'faq', array('question' => $question));
+			$row = ModelsFAQ::where('question', $question)->first();
-
+			if(!$row)
 			if($query === false)
 			{
-				$query =
+				$ordering = ModelsFAQ::max('ordering') ?? 0;
-					$db->query(
+				ModelsFAQ::create([
-						'SELECT ' . $db->fieldName('ordering') .
+					'question' => $question,
-						' FROM ' . $db->tableName(TABLE_PREFIX . 'faq') .
+					'answer' => $answer,
-						' ORDER BY ' . $db->fieldName('ordering') . ' DESC LIMIT 1'
+					'ordering' => $ordering
-					);
+				]);
 				$ordering = 0;
 				if($query->rowCount() > 0) {
 					$query = $query->fetch();
 					$ordering = $query['ordering'] + 1;
 				}
 				$db->insert(TABLE_PREFIX . 'faq', array('question' => $question, 'answer' => $answer, 'ordering' => $ordering));
 			}
 			else
 				$errors[] = 'FAQ with this question already exists.';
@@ -124,22 +120,23 @@ class FAQ
 	}
 	static public function get($id) {
-		global $db;
+		return ModelsFAQ::find($id)->toArray();
 		return $db->select(TABLE_PREFIX . 'faq', array('id' => $id));
 	}
 	static public function update($id, $question, $answer) {
-		global $db;
+		ModelsFAQ::where('id', $id)->update([
-		$db->update(TABLE_PREFIX . 'faq', array('question' => $question, 'answer' => $answer), array('id' => $id));
+			'question' => $question,
 			'answer' => $answer
 		]);
 	}
 	static public function delete($id, &$errors)
 	{
 		global $db;
 		if(isset($id))
 		{
-			if(self::get($id) !== false)
+			$row = ModelsFAQ::find($id);
-				$db->delete(TABLE_PREFIX . 'faq', array('id' => $id));
+			if($row)
 				$row->delete();
 			else
 				$errors[] = 'FAQ with id ' . $id . ' does not exists.';
 		}
@@ -151,14 +148,17 @@ class FAQ
 	static public function toggleHidden($id, &$errors)
 	{
 		global $db;
 		if(isset($id))
 		{
-			$query = self::get($id);
+			$row = ModelsFAQ::find($id);
-			if($query !== false)
+			if ($row) {
-				$db->update(TABLE_PREFIX . 'faq', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
+				$row->hidden = ($row->hidden == 1 ? 0 : 1);
-			else
+				if (!$row->save()) {
 					$errors[] = 'Fail during toggle hidden FAQ.';
 				}
 			} else {
 				$errors[] = 'FAQ with id ' . $id . ' does not exists.';
 			}
 		}
 		else
 			$errors[] = 'id not set';
@@ -169,15 +169,18 @@ class FAQ
 	static public function move($id, $i, &$errors)
 	{
 		global $db;
-		$query = self::get($id);
+		$row = ModelsFAQ::find($id);
-		if($query !== false)
+		if($row)
 		{
-			$ordering = $query['ordering'] + $i;
+			$ordering = $row->ordering + $i;
-			$old_record = $db->select(TABLE_PREFIX . 'faq', array('ordering' => $ordering));
+			$old_record = ModelsFAQ::where('ordering', $ordering)->first();
-			if($old_record !== false)
+			if($old_record) {
-				$db->update(TABLE_PREFIX . 'faq', array('ordering' => $query['ordering']), array('ordering' => $ordering));
+				$old_record->ordering = $row->ordering;
 				$old_record->save();
 			}
-			$db->update(TABLE_PREFIX . 'faq', array('ordering' => $ordering), array('id' => $id));
+			$row->ordering = $ordering;
 			$row->save();
 		}
 		else
 			$errors[] = 'FAQ with id ' . $id . ' does not exists.';
--- a/system/pages/forum/show_thread.php
+++ b/system/pages/forum/show_thread.php
@@ -57,7 +57,7 @@ foreach($posts as &$post) {
 	}
 	if($config['characters']['outfit']) {
-		$post['outfit'] = $config['outfit_images_url'] . '?id=' . $player->getLookType() . ($lookaddons ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet();
+		$post['outfit'] = setting('core.outfit_images_url') . '?id=' . $player->getLookType() . ($lookaddons ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet();
 	}
 	$groupName = '';
--- a/system/pages/gallery.php
+++ b/system/pages/gallery.php
@@ -7,6 +7,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Gallery as ModelsGallery;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Gallery';
@@ -164,22 +167,19 @@ class Gallery
 	}
 	static public function get($id) {
-		global $db;
+		return ModelsGallery::find($id)->toArray();
 		return $db->select(TABLE_PREFIX . 'gallery', array('id' => $id));
 	}
 	static public function update($id, $comment, $image, $author) {
 		global $db;
 		$pathinfo = pathinfo($image);
 		$extension = strtolower($pathinfo['extension']);
 		$filename = GALLERY_DIR . $pathinfo['filename'] . '.' . $extension;
-		if($db->update(TABLE_PREFIX . 'gallery', array(
+		if(ModelsGallery::where('id', $id)->update([
 			'comment' => $comment,
-			'image' => $filename, 'author' => $author),
+			'image' => $filename,
-			array('id' => $id)
+			'author' => $author
-		)) {
+		])) {
 			if(self::generateThumb($id, $image, $errors))
 				self::resize($image, 650, 500, $filename, $errors);
 		}
@@ -187,11 +187,13 @@ class Gallery
 	static public function delete($id, &$errors)
 	{
 		global $db;
 		if(isset($id))
 		{
-			if(self::get($id) !== false)
+			$row = ModelsGallery::find($id);
-				$db->delete(TABLE_PREFIX . 'gallery', array('id' => $id));
+			if($row)
 				if (!$row->delete()) {
 					$errors[] = 'Fail during delete Gallery';
 				}
 			else
 				$errors[] = 'Image with id ' . $id . ' does not exists.';
 		}
@@ -203,13 +205,15 @@ class Gallery
 	static public function toggleHidden($id, &$errors)
 	{
 		global $db;
 		if(isset($id))
 		{
-			$query = self::get($id);
+			$row = ModelsGallery::find($id);
-			if($query !== false)
+			if($row) {
-				$db->update(TABLE_PREFIX . 'gallery', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
+				$row->hidden = $row->hidden == 1 ? 0 : 1;
-			else
+				if (!$row->save()) {
 					$errors[] = 'Fail during toggle hidden Gallery';
 				}
 			} else
 				$errors[] = 'Image with id ' . $id . ' does not exists.';
 		}
 		else
@@ -226,10 +230,15 @@ class Gallery
 		{
 			$ordering = $query['ordering'] + $i;
 			$old_record = $db->select(TABLE_PREFIX . 'gallery', array('ordering' => $ordering));
-			if($old_record !== false)
+			if($old_record !== false) {
-				$db->update(TABLE_PREFIX . 'gallery', array('ordering' => $query['ordering']), array('ordering' => $ordering));
+				ModelsGallery::where('ordering', $ordering)->update([
 					'ordering' => $query['ordering'],
 				]);
 			}
-			$db->update(TABLE_PREFIX . 'gallery', array('ordering' => $ordering), array('id' => $id));
+			ModelsGallery::where('id', $id)->update([
 				'ordering' => $ordering,
 			]);
 		}
 		else
 			$errors[] = 'Image with id ' . $id . ' does not exists.';
@@ -297,13 +306,13 @@ class Gallery
 		if(!self::resize($file, 170, 110, $thumb_filename, $errors))
 			return false;
 		global $db;
 		if(isset($id))
 		{
-			$query = self::get($id);
+			$row = ModelsGallery::find($id);
-			if($query !== false)
+			if($row) {
-				$db->update(TABLE_PREFIX . 'gallery', array('thumb' => $thumb_filename), array('id' => $id));
+				$row->thumb = $thumb_filename;
-			else
+				$row->save();
 			} else
 				$errors[] = 'Image with id ' . $id . ' does not exists.';
 		}
 		else
--- a/system/pages/guilds/change_description.php
+++ b/system/pages/guilds/change_description.php
@@ -43,7 +43,7 @@ if(empty($errors)) {
 		$saved = false;
 		if($guild_leader) {
 			if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
-				$description = htmlspecialchars(stripslashes(substr(trim($_REQUEST['description']),0,$config['guild_description_chars_limit'])));
+				$description = htmlspecialchars(stripslashes(substr(trim($_REQUEST['description']),0, setting('core.guild_description_chars_limit'))));
 				$guild->setCustomField('description', $description);
 				$saved = true;
 			}
--- a/system/pages/guilds/change_logo.php
+++ b/system/pages/guilds/change_logo.php
@@ -42,7 +42,7 @@ if(empty($errors)) {
 		if($guild_leader)
 		{
-			$max_image_size_b = $config['guild_image_size_kb'] * 1024;
+			$max_image_size_b = setting('core.guild_image_size_kb') * 1024;
 			$allowed_ext = array('image/gif', 'image/jpg', 'image/pjpeg', 'image/jpeg', 'image/bmp', 'image/png', 'image/x-png');
 			$ext_name = array('image/gif' => 'gif', 'image/jpg' => 'jpg', 'image/jpeg' => 'jpg', 'image/pjpeg' => 'jpg', 'image/bmp' => 'bmp', 'image/png' => 'png', 'image/x-png' => 'png');
 			$save_file_name = str_replace(' ', '_', strtolower($guild->getName()));
@@ -62,7 +62,7 @@ if(empty($errors)) {
 					}
 				}
 				else {
-					$upload_errors[] = 'You didn\'t send file or file is too big. Limit: <b>'.$config['guild_image_size_kb'].' KB</b>.';
+					$upload_errors[] = 'You didn\'t send file or file is too big. Limit: <b>'.setting('core.guild_image_size_kb').' KB</b>.';
 				}
 				if(empty($upload_errors)) {
--- a/system/pages/guilds/change_motd.php
+++ b/system/pages/guilds/change_motd.php
@@ -46,7 +46,7 @@ if(empty($errors)) {
 		$saved = false;
 		if($guild_leader) {
 			if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
-				$motd = htmlspecialchars(stripslashes(substr($_REQUEST['motd'],0, $config['guild_motd_chars_limit'])));
+				$motd = htmlspecialchars(stripslashes(substr($_REQUEST['motd'],0, setting('core.guild_motd_chars_limit'))));
 				$guild->setCustomField('motd', $motd);
 				$saved = true;
 			}
--- a/system/pages/guilds/create.php
+++ b/system/pages/guilds/create.php
@@ -28,8 +28,8 @@ if(empty($guild_errors))
 		$player_rank = $player->getRank();
 		if(!$player_rank->isLoaded())
 		{
-			if($player->getLevel() >= $config['guild_need_level']) {
+			if($player->getLevel() >= setting('core.guild_need_level')) {
-				if(!$config['guild_need_premium'] || $account_logged->isPremium()) {
+				if(!setting('core.guild_need_premium') || $account_logged->isPremium()) {
 					$array_of_player_nig[] = $player->getName();
 				}
 			}
@@ -39,7 +39,7 @@ if(empty($guild_errors))
 if(empty($todo)) {
 	if(count($array_of_player_nig) == 0) {
-		$guild_errors[] = 'On your account all characters are in guilds, have too low level to create new guild' . ($config['guild_need_premium'] ? ' or you don\' have a premium account' : '') . '.';
+		$guild_errors[] = 'On your account all characters are in guilds, have too low level to create new guild' . (setting('core.guild_need_premium') ? ' or you don\' have a premium account' : '') . '.';
 	}
 }
@@ -91,10 +91,10 @@ if($todo == 'save')
 	}
 	if(empty($guild_errors)) {
-		if($player->getLevel() < $config['guild_need_level']) {
+		if($player->getLevel() < setting('core.guild_need_level')) {
-			$guild_errors[] = 'Character <b>'.$name.'</b> has too low level. To create guild you need character with level <b>'.$config['guild_need_level'].'</b>.';
+			$guild_errors[] = 'Character <b>'.$name.'</b> has too low level. To create guild you need character with level <b>' . setting('core.guild_need_level') . '</b>.';
 		}
-		if($config['guild_need_premium'] && !$account_logged->isPremium()) {
+		if(setting('core.guild_need_premium') && !$account_logged->isPremium()) {
 			$guild_errors[] = 'Character <b>'.$name.'</b> is on FREE account. To create guild you need PREMIUM account.';
 		}
 	}
@@ -112,7 +112,7 @@ if(isset($todo) && $todo == 'save')
 	$new_guild->setName($guild_name);
 	$new_guild->setOwner($player);
 	$new_guild->save();
-	$new_guild->setCustomField('description', config('guild_description_default'));
+	$new_guild->setCustomField('description', setting('core.guild_description_default'));
 	//$new_guild->setCustomField('creationdata', time());
 	$ranks = $new_guild->getGuildRanksList();
 	$ranks->orderBy('level', POT::ORDER_DESC);
--- a/system/pages/guilds/list.php
+++ b/system/pages/guilds/list.php
@@ -26,7 +26,7 @@ if(count($guilds_list) > 0)
 		$description = $guild->getCustomField('description');
 		$description_with_lines = str_replace(array("\r\n", "\n", "\r"), '<br />', $description, $count);
-		if ($count < $config['guild_description_lines_limit'])
+		if ($count < setting('core.guild_description_lines_limit'))
 			$description = nl2br($description);
 		$guildName = $guild->getName();
--- a/system/pages/guilds/show.php
+++ b/system/pages/guilds/show.php
@@ -85,7 +85,7 @@ if(empty($guild_logo) || !file_exists(GUILD_IMAGES_DIR . $guild_logo))
 $description = $guild->getCustomField('description');
 $description_with_lines = str_replace(array("\r\n", "\n", "\r"), '<br />', $description, $count);
-if($count < $config['guild_description_lines_limit'])
+if($count < setting('core.guild_description_lines_limit'))
 	$description = nl2br($description);
 //$description = $description_with_lines;
--- a/system/pages/highscores.php
+++ b/system/pages/highscores.php
@@ -8,6 +8,11 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Player;
 use MyAAC\Models\PlayerDeath;
 use MyAAC\Models\PlayerKillers;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Highscores';
@@ -23,7 +28,7 @@ if(!is_numeric($page) || $page < 1 || $page > PHP_INT_MAX) {
 	$page = 1;
 }
-$add_sql = '';
+$query = Player::query();
 $settingHighscoresVocationBox = setting('core.highscores_vocation_box');
 $configVocations = config('vocations');
@@ -41,7 +46,7 @@ if($settingHighscoresVocationBox && $vocation !== 'all')
 				$i += $configVocationsAmount;
 			}
-			$add_sql = 'AND `vocation` IN (' . implode(', ', $add_vocs) . ')';
+			$query->whereIn('players.vocation', $add_vocs);
 			break;
 		}
 	}
@@ -112,15 +117,7 @@ else
 $promotion = '';
 if($db->hasColumn('players', 'promotion'))
-	$promotion = ',promotion';
+	$promotion = ',players.promotion';
 $online = '';
 if($db->hasColumn('players', 'online'))
 	$online = ',online';
 $deleted = 'deleted';
 if($db->hasColumn('players', 'deletion'))
 	$deleted = 'deletion';
 $outfit_addons = false;
 $outfit = '';
@@ -138,6 +135,7 @@ if($settingHighscoresOutfit) {
 $configHighscoresPerPage = setting('core.highscores_per_page');
 $limit = $configHighscoresPerPage + 1;
 $highscores = [];
 $needReCache = true;
 $cacheKey = 'highscores_' . $skill . '_' . $vocation . '_' . $page . '_' . $configHighscoresPerPage;
@@ -151,7 +149,17 @@ if ($cache->enabled()) {
 }
 $offset = ($page - 1) * $configHighscoresPerPage;
-if (!isset($highscores) || empty($highscores)) {
+$query->join('accounts', 'accounts.id', '=', 'players.account_id')
 	->withOnlineStatus()
 	->whereNotIn('players.id', setting('core.highscores_ids_hidden'))
 	->notDeleted()
 	->where('players.group_id', '<', setting('core.highscores_groups_hidden'))
 	->limit($limit)
 	->offset($offset)
 	->selectRaw('accounts.country, players.id, players.name, players.account_id, players.level, players.vocation' . $outfit . $promotion)
 	->orderByDesc('value');
 if (empty($highscores)) {
 	if ($skill >= POT::SKILL_FIRST && $skill <= POT::SKILL_LAST) { // skills
 		if ($db->hasColumn('players', 'skill_fist')) {// tfs 1.0
 			$skill_ids = array(
@@ -164,66 +172,51 @@ if (!isset($highscores) || empty($highscores)) {
 				POT::SKILL_FISH => 'skill_fishing',
 			);
-			$highscores = $db->query('SELECT accounts.country, players.id,players.name' . $online . ',level,vocation' . $promotion . $outfit . ', ' . $skill_ids[$skill] . ' as value FROM accounts,players WHERE players.id NOT IN (' . implode(', ', setting('core.highscores_ids_hidden')) . ') AND players.' . $deleted . ' = 0 AND players.group_id < ' . setting('core.highscores_groups_hidden') . ' ' . $add_sql . ' AND accounts.id = players.account_id ORDER BY ' . $skill_ids[$skill] . ' DESC LIMIT ' . $limit . ' OFFSET ' . $offset)->fetchAll();
+			$query->addSelect($skill_ids[$skill] . ' as value');
-		} else
+		} else {
-			$highscores = $db->query('SELECT accounts.country, players.id,players.name' . $online . ',value,level,vocation' . $promotion . $outfit . ' FROM accounts,players,player_skills WHERE players.id NOT IN (' . implode(', ', setting('core.highscores_ids_hidden')) . ') AND players.' . $deleted . ' = 0 AND players.group_id < ' . setting('core.highscores_groups_hidden') . ' ' . $add_sql . ' AND players.id = player_skills.player_id AND player_skills.skillid = ' . $skill . ' AND accounts.id = players.account_id ORDER BY value DESC, count DESC LIMIT ' . $limit . ' OFFSET ' . $offset)->fetchAll();
+			$query
 				->join('player_skills', 'player_skills.player_id', '=', 'players.id')
 				->where('skillid', $skill)
 				->addSelect('player_skills.skillid as value');
 		}
 	} else if ($skill == SKILL_FRAGS) // frags
 	{
 		if ($db->hasTable('player_killers')) {
-			$highscores = $db->query('SELECT accounts.country, players.id, players.name' . $online . ',level, vocation' . $promotion . $outfit . ', COUNT(`player_killers`.`player_id`) as value' .
+			$query->addSelect(['value' => PlayerKillers::where('player_killers.player_id', 'players.id')->selectRaw('COUNT(*)')]);
 				' FROM `accounts`, `players`, `player_killers` ' .
 				' WHERE players.id NOT IN (' . implode(', ', setting('core.highscores_ids_hidden')) . ') AND players.' . $deleted . ' = 0 AND players.group_id < ' . setting('core.highscores_groups_hidden') . ' ' . $add_sql . ' AND players.id = player_killers.player_id AND accounts.id = players.account_id' .
 				' GROUP BY `player_id`' .
 				' ORDER BY value DESC' .
 				' LIMIT ' . $limit . ' OFFSET ' . $offset)->fetchAll();
 		} else {
-			$db->query("SET SESSION sql_mode=(SELECT REPLACE(@@sql_mode,'ONLY_FULL_GROUP_BY',''));");
+			$query->addSelect(['value' => PlayerDeath::unjustified()->where('player_deaths.killed_by', 'players.name')->selectRaw('COUNT(*)')]);
 			$highscores = $db->query('SELECT `a`.country, `p`.id, `p`.name' . $online . ',`p`.level, vocation' . $promotion . $outfit . ', COUNT(`pd`.`killed_by`) as value
 			FROM `players` p
 			LEFT JOIN `accounts` a ON `a`.`id` = `p`.`account_id`
 			LEFT JOIN `player_deaths` pd ON `pd`.`killed_by` = `p`.`name`
 			WHERE `p`.id NOT IN (' . implode(', ', setting('core.highscores_ids_hidden')) . ')
 			AND `p`.' . $deleted . ' = 0
 			AND `p`.group_id < ' . setting('core.highscores_groups_hidden') . ' ' . $add_sql . '
 			AND `pd`.`unjustified` = 1
 			GROUP BY `killed_by`
 			ORDER BY value DESC
 			LIMIT ' . $limit . ' OFFSET ' . $offset)->fetchAll();
 		}
 	} else if ($skill == SKILL_BALANCE) // balance
 	{
-		$highscores = $db->query('SELECT accounts.country, players.id,players.name' . $online . ',level,balance as value,vocation' . $promotion . $outfit . ' FROM accounts,players WHERE players.id NOT IN (' . implode(', ', setting('core.highscores_ids_hidden')) . ') AND players.' . $deleted . ' = 0 AND players.group_id < ' . setting('core.highscores_groups_hidden') . ' ' . $add_sql . ' AND accounts.id = players.account_id ORDER BY value DESC LIMIT ' . $limit . ' OFFSET ' . $offset)->fetchAll();
+		$query
 			->addSelect('players.balance as value');
 	} else {
 		if ($skill == POT::SKILL__MAGLEVEL) {
-			$highscores = $db->query('SELECT accounts.country, players.id,players.name' . $online . ',maglevel,level,vocation' . $promotion . $outfit . ' FROM accounts, players WHERE players.id NOT IN (' . implode(', ', setting('core.highscores_ids_hidden')) . ') AND players.' . $deleted . ' = 0 ' . $add_sql . ' AND players.group_id < ' . setting('core.highscores_groups_hidden') . ' AND accounts.id = players.account_id ORDER BY maglevel DESC, manaspent DESC LIMIT ' . $limit . ' OFFSET ' . $offset)->fetchAll();
+			$query
 				->addSelect('players.maglevel as value', 'players.maglevel')
 				->orderBy('manaspent');
 		} else { // level
-			$highscores = $db->query('SELECT accounts.country, players.id,players.name' . $online . ',level,experience,vocation' . $promotion . $outfit . ' FROM accounts, players WHERE players.id NOT IN (' . implode(', ', setting('core.highscores_ids_hidden')) . ') AND players.' . $deleted . ' = 0 ' . $add_sql . ' AND players.group_id < ' . setting('core.highscores_groups_hidden') . ' AND accounts.id = players.account_id ORDER BY level DESC, experience DESC LIMIT ' . $limit . ' OFFSET ' . $offset)->fetchAll();
+			$query
 				->addSelect('players.level as value', 'players.experience')
 				->orderBy('experience');
 			$list = 'experience';
 		}
 	}
 	$highscores = $query->get()->map(function($row) {
 		$tmp = $row->toArray();
 		$tmp['online'] = $row->online_status;
 		$tmp['vocation'] = $row->vocation_name;
 		unset($tmp['online_table']);
 		return $tmp;
 	})->toArray();
 }
 if ($cache->enabled() && $needReCache) {
 	$cache->set($cacheKey, serialize($highscores), setting('core.highscores_cache_ttl') * 60);
 }
 $online_exist = false;
 if($db->hasColumn('players', 'online'))
 	$online_exist = true;
 $players = array();
 foreach($highscores as $player) {
 	$players[] = $player['id'];
 }
 if($db->hasTable('players_online') && count($players) > 0) {
 	$query = $db->query('SELECT `player_id`, 1 FROM `players_online` WHERE `player_id` IN (' . implode(', ', $players) . ')')->fetchAll();
 	foreach($query as $t) {
 		$is_online[$t['player_id']] = true;
 	}
 }
 $show_link_to_next_page = false;
 $i = 0;
@@ -231,14 +224,6 @@ $settingHighscoresVocation = setting('core.highscores_vocation');
 foreach($highscores as $id => &$player)
 {
 	if(isset($is_online)) {
 		$player['online'] = (isset($is_online[$player['id']]) ? 1 : 0);
 	} else {
 		if(!isset($player['online'])) {
 			$player['online'] = 0;
 		}
 	}
 	if(++$i <= $configHighscoresPerPage)
 	{
 		if($skill == POT::SKILL__MAGIC)
@@ -248,26 +233,14 @@ foreach($highscores as $id => &$player)
 			$player['experience'] = number_format($player['experience']);
 		}
-		if($settingHighscoresVocation) {
+		if(!$settingHighscoresVocation) {
-			if(isset($player['promotion'])) {
+			unset($player['vocation']);
 				if((int)$player['promotion'] > 0) {
 					$player['vocation'] += ($player['promotion'] * $configVocationsAmount);
 				}
 			}
 			$tmp = 'Unknown';
 			if(isset($configVocations[$player['vocation']])) {
 				$tmp = $configVocations[$player['vocation']];
 			}
 			$player['vocation'] = $tmp;
 		}
 		$player['link'] = getPlayerLink($player['name'], false);
 		$player['flag'] = getFlagImage($player['country']);
 		if($settingHighscoresOutfit) {
-			$player['outfit'] = '<img style="position:absolute;margin-top:' . (in_array($player['looktype'], config('outfit_images_wrong_looktypes')) ? '-15px;margin-left:5px' : '-45px;margin-left:-25px') . ';" src="' . config('outfit_images_url') . '?id=' . $player['looktype'] . ($outfit_addons ? '&addons=' . $player['lookaddons'] : '') . '&head=' . $player['lookhead'] . '&body=' . $player['lookbody'] . '&legs=' . $player['looklegs'] . '&feet=' . $player['lookfeet'] . '" alt="" />';
+			$player['outfit'] = '<img style="position:absolute;margin-top:' . (in_array($player['looktype'], setting('core.outfit_images_wrong_looktypes')) ? '-15px;margin-left:5px' : '-45px;margin-left:-25px') . ';" src="' . setting('core.outfit_images_url') . '?id=' . $player['looktype'] . ($outfit_addons ? '&addons=' . $player['lookaddons'] : '') . '&head=' . $player['lookhead'] . '&body=' . $player['lookbody'] . '&legs=' . $player['looklegs'] . '&feet=' . $player['lookfeet'] . '" alt="" />';
 		}
 		$player['rank'] = $offset + $i;
 	}
--- a/system/pages/lastkills.php
+++ b/system/pages/lastkills.php
@@ -21,7 +21,7 @@ if($cache->enabled() && $cache->fetch('last_kills', $tmp)) {
 else {
 	if($db->hasTable('player_killers')) // tfs 0.3
 	{
-		$players_deaths = $db->query('SELECT `player_deaths`.`id`, `player_deaths`.`date`, `player_deaths`.`level`, `players`.`name`' . ($db->hasColumn('players', 'world_id') ? ', `players`.`world_id`' : '') . ' FROM `player_deaths` LEFT JOIN `players` ON `player_deaths`.`player_id` = `players`.`id` ORDER BY `date` DESC LIMIT 0, ' . $config['last_kills_limit']);
+		$players_deaths = $db->query('SELECT `player_deaths`.`id`, `player_deaths`.`date`, `player_deaths`.`level`, `players`.`name`' . ($db->hasColumn('players', 'world_id') ? ', `players`.`world_id`' : '') . ' FROM `player_deaths` LEFT JOIN `players` ON `player_deaths`.`player_id` = `players`.`id` ORDER BY `date` DESC LIMIT 0, ' . setting('core.last_kills_limit'));
 		if(!empty($players_deaths)) {
 			foreach($players_deaths as $death) {
@@ -82,9 +82,9 @@ else {
 			}
 		}
 	} else {
-		//$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `player_deaths`.`killed_by` as `killed_by`, `player_deaths`.`time` as `time`, `player_deaths`.`is_player` as `is_player`, `player_deaths`.`level` as `level` FROM `player_deaths`, `players` as `d` INNER JOIN `players` as `p` ON player_deaths.player_id = p.id WHERE player_deaths.`is_player`='1' ORDER BY `time` DESC LIMIT " . $config['last_kills_limit'] . ";");
+		//$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `player_deaths`.`killed_by` as `killed_by`, `player_deaths`.`time` as `time`, `player_deaths`.`is_player` as `is_player`, `player_deaths`.`level` as `level` FROM `player_deaths`, `players` as `d` INNER JOIN `players` as `p` ON player_deaths.player_id = p.id WHERE player_deaths.`is_player`='1' ORDER BY `time` DESC LIMIT " . setting('core.last_kills_limit') . ";");
-		$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `d`.`killed_by` as `killed_by`, `d`.`time` as `time`, `d`.`level`, `d`.`is_player` FROM `player_deaths` as `d` INNER JOIN `players` as `p` ON d.player_id = p.id ORDER BY `time` DESC LIMIT " . $config['last_kills_limit'] . ";");
+		$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `d`.`killed_by` as `killed_by`, `d`.`time` as `time`, `d`.`level`, `d`.`is_player` FROM `player_deaths` as `d` INNER JOIN `players` as `p` ON d.player_id = p.id ORDER BY `time` DESC LIMIT " . setting('core.last_kills_limit') . ";");
 		if(!empty($players_deaths)) {
 			foreach($players_deaths as $death) {
 				$players_deaths_count++;
--- a/system/pages/news.php
+++ b/system/pages/news.php
@@ -13,6 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 require_once LIBS . 'forum.php';
 require_once LIBS . 'news.php';
 $canEdit = hasFlag(FLAG_CONTENT_NEWS) || superAdmin();
 if(isset($_GET['archive']))
 {
 	$title = 'News Archive';
@@ -57,12 +58,17 @@ if(isset($_GET['archive']))
 				}
 			}
 			$admin_options = '';
 			if($canEdit) {
 				$admin_options = $twig->render('admin.links.html.twig', ['page' => 'news', 'id' => $news['id'], 'hidden' => $news['hidden']]);
 			}
 			$twig->display('news.html.twig', array(
 				'title' => stripslashes($news['title']),
-				'content' => $content_,
+				'content' => $content_ . $admin_options,
 				'date' => $news['date'],
 				'icon' => $categories[$news['category']]['icon_id'],
-				'author' => $config['news_author'] ? $author : '',
+				'author' => setting('core.news_author') ? $author : '',
 				'comments' => $news['comments'] != 0 ? getForumThreadLink($news['comments']) : null,
 			));
 		}
@@ -81,7 +87,7 @@ if(isset($_GET['archive']))
 	foreach($news_DB as $news)
 	{
 		$newses[] = array(
-			'link' => getLink('news') . '/archive/' . $news['id'],
+			'link' => getLink('news') . '/' . $news['id'],
 			'icon_id' => $categories[$news['category']]['icon_id'],
 			'title' => stripslashes($news['title']),
 			'date' => $news['date']
@@ -99,7 +105,6 @@ header('X-XSS-Protection: 0');
 $title = 'Latest News';
 $cache = Cache::getInstance();
 $canEdit = hasFlag(FLAG_CONTENT_NEWS) || superAdmin();
 $news_cached = false;
 if($cache->enabled())
@@ -116,7 +121,7 @@ if(!$news_cached)
 		);
 	}
-	$tickers_db = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'news` WHERE `type` = ' . TICKER .($canEdit ? '' : ' AND `hidden` != 1') .' ORDER BY `date` DESC LIMIT ' . $config['news_ticker_limit']);
+	$tickers_db = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'news` WHERE `type` = ' . TICKER .($canEdit ? '' : ' AND `hidden` != 1') .' ORDER BY `date` DESC LIMIT ' . setting('core.news_ticker_limit'));
 	$tickers_content = '';
 	if($tickers_db->rowCount() > 0)
 	{
@@ -167,7 +172,7 @@ else {
 if(!$news_cached)
 {
 	ob_start();
-	$newses = $db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'news') . ' WHERE type = ' . NEWS . ($canEdit ? '' : ' AND hidden != 1') . ' ORDER BY date' . ' DESC LIMIT ' . $config['news_limit']);
+	$newses = $db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'news') . ' WHERE type = ' . NEWS . ($canEdit ? '' : ' AND hidden != 1') . ' ORDER BY date' . ' DESC LIMIT ' . setting('core.news_limit'));
 	if($newses->rowCount() > 0)
 	{
 		foreach($newses as $news)
@@ -180,18 +185,8 @@ if(!$news_cached)
 			}
 			$admin_options = '';
-			if($canEdit)
+			if($canEdit) {
-			{
+				$admin_options = $twig->render('admin.links.html.twig', ['page' => 'news', 'id' => $news['id'], 'hidden' => $news['hidden']]);
 				$admin_options = '<br/><br/><a target="_blank" rel="noopener noreferrer" href="' . ADMIN_URL . '?p=news&action=edit&id=' . $news['id'] . '" title="Edit">
 					<img src="images/edit.png"/>Edit
 				</a>
 				<a id="delete" target="_blank" rel="noopener noreferrer" href="' . ADMIN_URL . '?p=news&action=delete&id=' . $news['id'] . '" onclick="return confirm(\'Are you sure?\');" title="Delete">
 					<img src="images/del.png"/>Delete
 				</a>
 				<a target="_blank" rel="noopener noreferrer" href="' . ADMIN_URL . '?p=news&action=hide&id=' . $news['id'] . '" title="' . ($news['hidden'] != 1 ? 'Hide' : 'Show') . '">
 					<img src="images/' . ($news['hidden'] != 1 ? 'success' : 'error') . '.png"/>
 					' . ($news['hidden'] != 1 ? 'Hide' : 'Show') . '
 				</a>';
 			}
 			$content_ = $news['body'];
@@ -211,7 +206,7 @@ if(!$news_cached)
 				'content' => $content_ . $admin_options,
 				'date' => $news['date'],
 				'icon' => $categories[$news['category']]['icon_id'],
-				'author' => $config['news_author'] ? $author : '',
+				'author' => setting('core.news_author') ? $author : '',
 				'comments' => $news['comments'] != 0 ? getForumThreadLink($news['comments']) : null,
 				'hidden'=> $news['hidden']
 			));
--- a/system/pages/online.php
+++ b/system/pages/online.php
@@ -8,10 +8,14 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\ServerConfig;
 use MyAAC\Models\ServerRecord;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Who is online?';
-if($config['account_country'])
+if (setting('core.account_country'))
 	require SYSTEM . 'countries.conf.php';
 $promotion = '';
@@ -38,7 +42,7 @@ if($db->hasColumn('players', 'skull_time')) {
 $outfit_addons = false;
 $outfit = '';
-if($config['online_outfit']) {
+if (setting('core.online_outfit')) {
 	$outfit = ', lookbody, lookfeet, lookhead, looklegs, looktype';
 	if($db->hasColumn('players', 'lookaddons')) {
 		$outfit .= ', lookaddons';
@@ -46,7 +50,7 @@ if($config['online_outfit']) {
 	}
 }
-if($config['online_vocations']) {
+if (setting('core.online_vocations')) {
 	$vocs = array();
 	foreach($config['vocations'] as $id => $name) {
 		$vocs[$id] = 0;
@@ -63,7 +67,7 @@ $players = 0;
 $data = '';
 foreach($playersOnline as $player) {
 	$skull = '';
-	if($config['online_skulls'])
+	if (setting('core.online_skulls'))
 	{
 		if($player['skulltime'] > 0)
 		{
@@ -86,33 +90,31 @@ foreach($playersOnline as $player) {
 		'player' => $player,
 		'level' => $player['level'],
 		'vocation' => $config['vocations'][$player['vocation']],
-		'country_image' => $config['account_country'] ? getFlagImage($player['country']) : null,
+		'country_image' => setting('core.account_country') ? getFlagImage($player['country']) : null,
-		'outfit' => $config['online_outfit'] ? $config['outfit_images_url'] . '?id=' . $player['looktype'] . ($outfit_addons ? '&addons=' . $player['lookaddons'] : '') . '&head=' . $player['lookhead'] . '&body=' . $player['lookbody'] . '&legs=' . $player['looklegs'] . '&feet=' . $player['lookfeet'] : null
+		'outfit' => setting('core.online_outfit') ? setting('core.outfit_images_url') . '?id=' . $player['looktype'] . ($outfit_addons ? '&addons=' . $player['lookaddons'] : '') . '&head=' . $player['lookhead'] . '&body=' . $player['lookbody'] . '&legs=' . $player['looklegs'] . '&feet=' . $player['lookfeet'] : null
 	);
-	if($config['online_vocations']) {
+	if (setting('core.online_vocations')) {
 		$vocs[($player['vocation'] > $config['vocations_amount'] ? $player['vocation'] - $config['vocations_amount'] : $player['vocation'])]++;
 	}
 }
 $record = '';
 if($players > 0) {
-	if($config['online_record']) {
+	if( setting('core.online_record')) {
 		$result = null;
 		$timestamp = false;
 		if($db->hasTable('server_record')) {
 			$query =
 				$db->query(
 					'SELECT `record`, `timestamp` FROM `server_record` WHERE `world_id` = ' . (int)$config['lua']['worldId'] .
 					' ORDER BY `record` DESC LIMIT 1');
 			$timestamp = true;
 			$result = ServerRecord::where('world_id', $config['lua']['worldId'])->orderByDesc('record')->first()->toArray();
 		} else if($db->hasTable('server_config')) { // tfs 1.0
-			$query = $db->query('SELECT `value` as `record` FROM `server_config` WHERE `config` = ' . $db->quote('players_record'));
+			$row = ServerConfig::where('config', 'players_record')->first();
-		} else {
+			if ($row) {
-			$query = NULL;
+				$result = ['record' => $row->value];
 			}
 		}
-		if(isset($query) && $query->rowCount() > 0) {
+		if($record) {
 			$result = $query->fetch();
 			$record = 'The maximum on this game world was ' . $result['record'] . ' players' . ($timestamp ? ' on ' . date("M d Y, H:i:s", $result['timestamp']) . '.' : '.');
 		}
 	}
--- a/system/pages/records.php
+++ b/system/pages/records.php
@@ -8,10 +8,18 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\ServerRecord;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = "Players Online Records";
 if(!$db->hasTable('server_record')) {
 	echo 'Record History is not supported in your distribution.';
 	return;
 }
 echo '
 <b><div style="text-align:center">Players online records on '.$config['lua']['serverName'].'</div></b>
 <TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%>
@@ -21,7 +29,7 @@ echo '
 	</TR>';
 	$i = 0;
-	$records_query = $db->query('SELECT * FROM `server_record` ORDER BY `record` DESC LIMIT 50;');
+	$records_query = ServerRecord::limit(50)->orderByDesc('record')->get();
 	foreach($records_query as $data)
 	{
 		echo '<TR BGCOLOR=' . getStyle(++$i) . '>
--- a/system/pages/spells.php
+++ b/system/pages/spells.php
@@ -8,6 +8,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Spell;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Spells';
@@ -34,10 +37,10 @@ else {
 $order = 'name';
 $spells = array();
-$spells_db = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'spells` WHERE `hidden` != 1 AND `type` < 4 ORDER BY ' . $order . '');
+$spells_db = Spell::where('hidden', '!=', 1)->where('type', '<', 4)->orderBy($order)->get();
 if((string)$vocation_id != 'all') {
-	foreach($spells_db->fetchAll() as $spell) {
+	foreach($spells_db as $spell) {
 		$spell_vocations = json_decode($spell['vocations'], true);
 		if(in_array($vocation_id, $spell_vocations) || count($spell_vocations) == 0) {
 			$spell['vocations'] = null;
@@ -46,7 +49,7 @@ if((string)$vocation_id != 'all') {
 	}
 }
 else {
-	foreach($spells_db->fetchAll() as $spell) {
+	foreach($spells_db as $spell) {
 		$vocations = json_decode($spell['vocations'], true);
 		foreach($vocations as &$tmp_vocation) {
@@ -68,7 +71,7 @@ $twig->display('spells.html.twig', array(
 	'post_vocation_id' => $vocation_id,
 	'post_vocation' => $vocation,
 	'spells' => $spells,
-	'item_path' => $config['item_images_url'],
+	'item_path' => setting('core.item_images_url'),
 ));
 ?>
--- a/system/pages/team.php
+++ b/system/pages/team.php
@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Support in game';
-if($config['account_country'])
+if(setting('core.account_country'))
 	require SYSTEM . 'countries.conf.php';
 $groups = new OTS_Groups_List();
--- a/system/router.php
+++ b/system/router.php
@@ -7,6 +7,9 @@
 * @copyright 2023 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Pages;
 defined('MYAAC') or die('Direct access not allowed!');
 if(!isset($content[0]))
@@ -167,7 +170,7 @@ if(!empty($page) && preg_match('/^[A-z0-9\-]+$/', $page)) {
 		$_REQUEST['subtopic'] = $_REQUEST['p'];
 	}
-	if (config('backward_support')) {
+	if (setting('core.backward_support')) {
 		require SYSTEM . 'compat/pages.php';
 	}
@@ -206,6 +209,7 @@ else {
 			$_REQUEST = array_merge($_REQUEST, $vars);
 			$_GET = array_merge($_GET, $vars);
 			extract($vars);
 			if (strpos($path, '__database__/') !== false) {
 				$pageName = str_replace('__database__/', '', $path);
@@ -216,9 +220,8 @@ else {
 					$content .= $tmp_content;
 					if (hasFlag(FLAG_CONTENT_PAGES) || superAdmin()) {
 						$pageInfo = getCustomPageInfo($pageName);
-						$content = $twig->render('admin.pages.links.html.twig', array(
+						$content = $twig->render('admin.links.html.twig', ['page' => 'pages', 'id' => $pageInfo !== null ? $pageInfo['id'] : 0, 'hidden' => $pageInfo !== null ? $pageInfo['hidden'] : '0']
-								'page' => array('id' => $pageInfo !== null ? $pageInfo['id'] : 0, 'hidden' => $pageInfo !== null ? $pageInfo['hidden'] : '0')
+							) . $content;
 							)) . $content;
 					}
 					$page = $pageName;
@@ -267,7 +270,7 @@ if($hooks->trigger(HOOK_BEFORE_PAGE)) {
 unset($file);
-if(config('backward_support') && isset($main_content[0]))
+if(setting('core.backward_support') && isset($main_content[0]))
 	$content .= $main_content;
 $content .= ob_get_contents();
@@ -278,7 +281,7 @@ if(!isset($title)) {
 	$title = ucfirst($page);
 }
-if(config('backward_support')) {
+if(setting('core.backward_support')) {
 	$main_content = $content;
 	$topic = $title;
 }
@@ -287,16 +290,13 @@ unset($page);
 function getDatabasePages($withHidden = false): array
 {
-	global $db, $logged_access;
+	global $logged_access;
-	$pages = $db->query('SELECT `name` FROM ' . TABLE_PREFIX . 'pages WHERE ' . ($withHidden ? '' : '`hidden` != 1 AND ') . '`access` <= ' . $db->quote($logged_access));
+	$pages = Pages::where('access', '<=', $logged_access)->when(!$withHidden, function ($q) {
-	$ret = [];
+		$q->isPublic();
 	})->get('name');
-	if ($pages->rowCount() < 1) {
+	foreach($pages as $page) {
-		return $ret;
+		$ret[] = $page->name;
 	}
 	foreach($pages->fetchAll() as $page) {
 		$ret [] = $page['name'];
 	}
 	return $ret;
--- a/system/routes.php
+++ b/system/routes.php
@@ -12,6 +12,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 return [
 	['GET', '', 'news.php'], // empty URL = show news
 	['GET', 'news/archive/{id:int}[/]', 'news/archive.php'],
 	['GET', 'news/{id:int}[/]', 'news/archive.php'],
 	// block access to some files
 	['*', 'account/base[/]', '404.php'], // this is to block account/base.php
@@ -34,7 +35,7 @@ return [
 	['GET', 'changelog[/{page:int}]', 'changelog.php'],
 	[['GET', 'POST'], 'creatures[/{name:string}]', 'creatures.php'],
-	['GET', 'faq[/{action:string}]', 'faq.php'],
+	[['GET', 'POST'], 'faq[/{action:string}]', 'faq.php'],
 	[['GET', 'POST'], 'forum/{action:string}[/]', 'forum.php'],
 	['GET', 'forum/board/{id:int}[/]', 'forum/show_board.php'],
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
slawkens	94a61f32ae	Merge branch 'develop' into feature/debug-bar	2023-11-11 11:11:13 +01:00
slawkens	8227303b89	1.0 will be our next release we are starting to follow semantic versioning	2023-11-11 11:04:09 +01:00
slawkens	7a402ec0e0	fix #225	2023-11-11 11:00:28 +01:00
Slawomir Boczek	790d85a88a	CSRF Protection (#235 ) * Fix alert class name * feature: csrf protection * Cosmetics * Fix token generate * Admin Panel: changelogs csrf protection * news/id route * Refactor admin newses + add csrf * Use admin.links instead * Admin panel: Pages csrf * Menus: better csrf + add success message on reset colors * Plugins csrf * Move definitions * add info function, same as note($message) * Update mailer.php * Fix new page/news links * clear_cache & maintenance csrf * Formatting * Fix news type * Fix changelog link * Add new changelog link * More info to confirm dialog * This is always true	2023-11-11 10:57:57 +01:00
slawkens	a04fbde607	Fix highscores error	2023-11-09 20:32:20 +01:00
slawkens	9d119b6279	This is more error tolerant	2023-11-07 22:15:23 +01:00
slawkens	7dd9b7764a	Update common.php	2023-11-07 22:01:47 +01:00
slawkens	3297a7c51a	Better https detection	2023-11-07 22:01:43 +01:00
slawkens	4a430ae9db	Fix display ban info on account page https://otland.net/threads/myacc-bans-display-problem.286825/	2023-11-02 22:06:14 +01:00
Kamil Grzechulski	26a80e0741	fix: password2 variable refactor to correct name (#237 )	2023-10-06 07:52:21 +02:00
slawkens	3b9feaf3bd	My fault	2023-09-26 22:03:30 +02:00
slawkens	21bff97137	Add additional cache keys to clear function	2023-09-26 21:52:05 +02:00
slawkens	a2a273cde2	Twig_SimpleFilter is deprecated	2023-09-22 16:21:52 +02:00
slawkens	fc5635bad3	spaceless twig tag is deprecated as well	2023-09-22 16:19:56 +02:00
slawkens	e01a44f352	Update .editorconfig	2023-09-16 14:40:19 +02:00
slawkens	855b05b15f	Fix class names	2023-09-16 11:45:40 +02:00
slawkens	b3991a8e78	Add HOOK_TWIG. Also moved Hooks loading to init.php For adding twig functions & filters by plugins	2023-09-16 11:07:38 +02:00
slawkens	0ac0f4e7a8	Fixes	2023-09-16 10:22:10 +02:00
slawkens	e9f155fb49	Fix XSS in players editor	2023-09-16 10:21:18 +02:00
slawkens	55b5e3b600	Fix XSS in accounts editor	2023-09-16 10:21:18 +02:00
slawkens	08339fe8b6	Fix XSS in tibiacom template - subtopic	2023-09-16 10:21:17 +02:00
slawkens	89c2e84bff	Fix alert class name	2023-09-16 09:24:10 +02:00
slawkens	f76615e59b	Fix getGuildLogoById	2023-09-16 05:54:41 +02:00
slawkens	4c4089a155	Quotes & const	2023-09-12 12:11:49 +02:00
slawkens	2d02d8d8b3	Fix news delete message part 2	2023-09-12 12:09:39 +02:00
slawkens	95b1460b13	Fix news delete message	2023-09-12 12:08:09 +02:00
slawkens	673e40350a	Small adjustment to menus install	2023-09-12 11:42:03 +02:00
slawkens	f7cbe5170d	set display quest default to false	2023-09-11 16:16:38 +02:00
slawkens	619b8ba4a0	Fix creatures datatable	2023-09-03 21:33:41 +02:00
slawkens	8c3b73ca9e	Add account logs to admin panel accounts editor	2023-09-03 21:18:58 +02:00
slawkens	d90810cf84	Add latest clients versions	2023-08-31 14:20:24 +02:00
slawkens	fd25e6e881	Fix highscores country box to be hidden	2023-08-31 14:08:02 +02:00
slawkens	63e69c97b7	Fix login.php @gpedro <3	2023-08-31 14:01:30 +02:00
slawkens	574e35ba35	Fix: forgot to remove those menu items	2023-08-31 13:49:32 +02:00
slawkens	09627bdb1e	Linux is case-sensitive!	2023-08-31 11:03:36 +02:00
Slawomir Boczek	5f10773189	feature: plugin cronjobs (#215 )	2023-08-31 08:33:32 +02:00
slawkens	8a3986932d	My fault was commenting this	2023-08-25 17:13:21 +02:00
slawkens	9e2a87f448	Add forgotten prefix for some settings	2023-08-25 17:09:31 +02:00
slawkens	0746708743	Reviewed some settings again, fixing many glitches	2023-08-24 17:20:32 +02:00
slawkens	3ef53aff6c	Allow hooks to be prefixed with HOOK_	2023-08-23 11:58:03 +02:00
slawkens	f43a5d1221	Option to disable settings saving with hooks for next.my-aac.org	2023-08-23 11:57:37 +02:00
slawkens	43353b4f53	Update .gitattributes	2023-08-22 13:19:03 +02:00
slawkens	577725690d	Add option to enable debugbar, even if dev mode is disabled	2023-08-21 11:08:12 +02:00
slawkens	c227fd4e96	Merge branch 'develop' into feature/debug-bar	2023-08-21 10:20:04 +02:00
Gabriel Pedro	a692607c5e	feat: replace POT Query Builder to Eloquent ORM (#230 ) * wip * wip * wip * wip * wip * fix: reusing pdo connection from pot * wip * wip * wip * wip * move files In future, all classes will be in src/ folder * Replace namespace name, for future * Remove duplicated exception * Fix towns from db * Fix spells page * Add default FAQ question + FAQ model * feat: reset colors in menus * Add confirm + save button at the top (menus) * Do not insert duplicated FAQ on install * Refactor install menus * Fix changelogs showing * Fix menu update, only with specified template name * Fix account create -> missing compat * Fix bans_per_page * banned_by is player_id. type = 2 is namelock in tfs 0.3 * Add getPlayerNameById, fix getPlayerNameByAccount * Change link name * Order by lastlogin * fix: query optimize * wip * wip * wip * wip * wip * wip * wip * Refactor notepad.php, class was useless * This is showing error, if the updated rows = 0 * Fix success & error class (bootstrap) * Uncomment require migrate.php * Some distro have owner_id * Update Player.php --------- Co-authored-by: slawkens <slawkens@gmail.com>	2023-08-21 10:16:58 +02:00
slawkens	b72e7a3d96	Merge branch '0.9' into develop	2023-08-21 09:43:52 +02:00
slawkens	e15b57f967	Ignore gallery	2023-08-21 09:43:44 +02:00
slawkens	c3a161e2ee	Merge branch '0.9' into develop	2023-08-21 09:38:31 +02:00
slawkens	30fe42939d	Fix FAQ actions	2023-08-21 09:38:23 +02:00
slawkens	627369bbde	Add some variable to config.local.php on install	2023-08-21 09:01:50 +02:00
slawkens	7cea023965	Remove item.php include (was removed in last commits)	2023-08-15 22:33:37 +02:00
slawkens	eb416e18cc	Add missing guild_ settings to config compat	2023-08-15 22:28:52 +02:00
slawkens	fc0d13437a	Fix highscores show vocation	2023-08-15 22:17:34 +02:00
slawkens	14c8160020	Merge branch '0.9' into develop	2023-08-15 22:06:18 +02:00
slawkens	1f95a415aa	Fix tabs	2023-08-15 22:06:09 +02:00
slawkens	370cc554ad	Fix success & error class (bootstrap)	2023-08-15 22:04:43 +02:00
slawkens	2991696a60	typo	2023-08-12 13:34:53 +02:00
slawkens	a1ecdd228d	Fixes in getPlayerNameByAccountId + add getPlayerNameById	2023-08-12 13:34:25 +02:00
slawkens	6c8961638e	Merge branch '0.9' into develop	2023-08-12 13:28:07 +02:00
slawkens	3dd493b790	banned_by is player_id. type = 2 is namelock in tfs 0.3	2023-08-12 13:23:53 +02:00
slawkens	b49c247162	Remove items generator, there are better ones made in JS This one wasn't working with newer files anyways	2023-08-12 12:23:03 +02:00
slawkens	cfbcabbfdb	Fix accounts editor store_history column not found	2023-08-12 08:13:29 +02:00
slawkens	0f38a677b1	Require PHP min 8.0, older versions are EOL	2023-08-11 22:20:00 +02:00
slawkens	0835b69a93	Merge branch '0.9' into develop	2023-08-11 22:17:27 +02:00
slawkens	538723c405	Added JetBrains logo + notice, thanks for support!	2023-08-11 22:16:07 +02:00
slawkens	4f2e410a71	Merge branch '0.9' into develop	2023-08-11 22:11:47 +02:00
slawkens	a70daa8830	Add version support table + fix badges	2023-08-11 22:11:10 +02:00
slawkens	ae600da28b	Merge branch '0.9' into develop	2023-08-11 21:41:18 +02:00
slawkens	d8f1bf0a50	Fix exception when monster doesn't have look defined	2023-08-11 18:52:11 +02:00
Gabriel Pedro	cfc4f3601b	feat: add more tests (#229 )	2023-08-11 06:40:53 +02:00
slawkens	1a533388e7	Merge branch 'develop' of https://github.com/slawkens/myaac into develop	2023-08-11 06:40:20 +02:00
slawkens	9fef84bffe	Fix debugBar mysql logs (Thanks @gpedro)	2023-08-11 06:39:50 +02:00
Gabriel Pedro	98335b8cc0	feat: add more tests (#229 )	2023-08-11 06:39:17 +02:00
slawkens	dedd54286f	Log PDO queries, as stated in docs, but doesn't work yet (don't know the reason)	2023-08-10 13:21:36 +02:00
slawkens	7403a24030	Use dev-master, cause of some bugs appearing	2023-08-10 13:21:20 +02:00
slawkens	16ebc1f577	Update functions.php	2023-08-10 13:05:17 +02:00
slawkens	cc7aec8e28	Init debugBar	2023-08-10 13:05:02 +02:00
slawkens	7bab8f033c	Allow hook file to be callable	2023-08-10 13:00:18 +02:00
slawkens	42d97721bf	Merge branch '0.9' into develop	2023-08-10 12:02:54 +02:00
slawkens	23266e05ed	Update README.md	2023-08-10 12:02:43 +02:00
Slawomir Boczek	a72d1a3c9f	Feature: settings (#216 ) * New admin panel Pages: Options + Config [WIP] * Forgot the plugin example of options * Rename to settings.php * Add Settings Class * New myaac_settings table * Add $limit parameter to $db->select method * Add $member var annotation * Remove useless title_separator from config * Move $menus to menus.php Also fix active link when menu item has subpage * Settings [WIP] New Settings class New Plugins::load() method Move config.php to settings.php MyAAC Settings will have plugin_name = 'core' Add compat_config.php * Change options.php to settings.php * Change name to settings * Add Settings menu * Add Sections + Add setting($key) function Reorganisation * Add email + password fields as type * Update 33.php * add settings migration * php 8 compatibility * add missing hook * Add categories in tabs, move more settings, revert back getPluginSettings Categories and sections are now not numbered Remove example settings plugin * fix typo * Update .gitignore * Add 36th migration for settings table * Execute migrations just after db connect * Update plugins.php * [WIP] Some work on settings Add hidden settings New method: parse, to parse settings from array Move base html to twig template Remove vocation loading from .xml, instead use predefined voc names * Rename * Fix path * [WIP] More work on settings Move more config to settings (mainly mail_* + some other) Remove mail_admin, wasnt used anywhere Add return type to some functions Add Twig settings(key) function Possibility to save setting to db * Add min, max, step to number field option * Re-enable plugin if disabled and already installed * Add Settings menu, including all plugins with settings One change included in previous commit, due to missclick * Nothing important * Better boolean detection * More detailed error message in settings * Lets call it settings.name instead * Add new function: only_if, to hide fields when they are not enabled [WIP] Not fully finished yet * guild_management: show_if * Hide section title on show_if * Fix: check on page load if radio button is checked * Add: show_if - account_mail_verify * nothing important * Rename team_* variables + add to deprecated * Change variable name * Extract Settings:save function * Add settings.callbacks.get * Move forum config to settings * Move status config to settings * Remove whitespaces * More config to settings: account_types, genders, highscores, admin * Move signature config to settings * Move news config to settings * Rename variable * Save config.php in Settings Egg and hen problem solved :) * Test database connection on save settings -> prevents from making website unusable if connection is wrong * Test server_path -> same There is no config.php anymore, just config.local.php, which can be edited manually and also from admin panel * Remove configs from previous commit * Fix create account, if account_create_character_create is enabled * Add more deprecated configs * Add more info into comment * Update 5-database.php * Fix menu highlighting & opening * Update template.php * Enable script option * Reword email settings + move two new settings * add last_kills_limit + move shop * google_analytics_id * add mail_lost_account_interval * Create character blocked words (by @gpedro), just moved to settings * Fix google_analytics * create character name config moved to settings * Fix for install warning - min/max length * New create character checks configurable: block monsters & spells names * fixes * Improve character npc name check * New setting: donate_column + move donate config to settings * Add super fancy No Refresh saving with a toast * Add new possibility: to deny saving setting if condition is not met * Move database settings to separate category * Fix default value displaying * Add database_hash setting * add last_kills_limit to compat config * Move create character blocked names down * Every setting needs to have default * Move rest of config to settings Remove config.php completely Add new settings category: Game Fix account_login_by_email Min textarea size = 2 + adjusted automatically	2023-08-05 21:00:45 +02:00
 ,
 ,
+,
+,
+,
+,
+,
+,
 ];