Merge branch 'develop' into feature/phpstan

[skip ci]

.editorconfig

@@ -15,5 +15,5 @@ trim_trailing_whitespace = false
 [{composer.json,package.json}]
 indent_style = space
 
-[package.json]
+[{package.json, *.yml}]
 indent_size = 2

.gitattributes

@@ -9,6 +9,5 @@ release.sh export-ignore
 # cypress
 cypress export-ignore
 cypress.config.js export-ignore
-cypress.env.json
 
 *.sh text eol=lf

.github/workflows/cypress.yml

@@ -22,8 +22,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php-versions: [ '7.4', '8.0', '8.1' ]
-    name: MyAAC on PHP ${{ matrix.php-versions }}
+        php-versions: [ '8.1', '8.2', '8.3' ]
+        ots: ['tfs-1.4', 'canary-3.1.2'] # TODO: add 'tfs-master' (actually doesn't work cause AAC doesn't support reading .env configuration)
+    name: Cypress (PHP ${{ matrix.php-versions }}, ${{ matrix.ots }})
     steps:
         - name: 📌 MySQL Start & init & show db
           run: |
@@ -32,47 +33,81 @@ jobs:
             mysql -e "SHOW DATABASES" -uroot -proot
 
         - name: Checkout MyAAC
-          uses: actions/checkout@v3
+          uses: actions/checkout@v4
           with:
-            ref: 0.9
+            ref: develop
+
+        - uses: actions/setup-node@v4
+          with:
+            node-version: 18
+        - run: npm ci
 
         - name: Checkout TFS
-          uses: actions/checkout@v3
+          uses: actions/checkout@v4
+          if: matrix.ots == 'tfs-1.4'
           with:
             repository: otland/forgottenserver
             ref: 1.4
-            path: tfs
+            path: ots
 
-        - name: Import TFS Schema
+        - name: Checkout TFS
+          uses: actions/checkout@v4
+          if: matrix.ots == 'tfs-master'
+          with:
+            repository: otland/forgottenserver
+            ref: master
+            path: ots
+
+        - name: Checkout Canary
+          uses: actions/checkout@v4
+          if: matrix.ots == 'canary-3.1.2'
+          with:
+            repository: opentibiabr/canary
+            ref: v3.1.2
+            path: ots
+
+        - name: Import OTS Schema
           run: |
-              mysql -uroot -proot myaac < tfs/schema.sql
+              mysql -uroot -proot myaac < ots/schema.sql
 
         - name: Rename config.lua
-          run: mv tfs/config.lua.dist tfs/config.lua
+          run: mv ots/config.lua.dist ots/config.lua
 
-        - name: Replace mysqlUser
-          uses: jacobtomlinson/gha-find-replace@v2
+        - name: Replace mysqlUser (TFS 1.4)
+          uses: jacobtomlinson/gha-find-replace@v3
+          if: matrix.ots == 'tfs-1.4'
           with:
             find: 'mysqlUser = "forgottenserver"'
             replace: 'mysqlUser = "root"'
             regex: false
-            include: 'tfs/config.lua'
+            include: 'ots/config.lua'
 
-        - name: Replace mysqlPass
-          uses: jacobtomlinson/gha-find-replace@v2
+        - name: Replace mysqlPass (TFS 1.4)
+          uses: jacobtomlinson/gha-find-replace@v3
+          if: matrix.ots == 'tfs-1.4'
           with:
               find: 'mysqlPass = ""'
               replace: 'mysqlPass = "root"'
               regex: false
-              include: 'tfs/config.lua'
+              include: 'ots/config.lua'
 
-        - name: Replace mysqlDatabase
-          uses: jacobtomlinson/gha-find-replace@v2
+        - name: Replace mysqlDatabase (TFS 1.4)
+          uses: jacobtomlinson/gha-find-replace@v3
+          if: matrix.ots == 'tfs-1.4'
           with:
               find: 'mysqlDatabase = "forgottenserver"'
               replace: 'mysqlDatabase = "myaac"'
               regex: false
-              include: 'tfs/config.lua'
+              include: 'ots/config.lua'
+
+        - name: Replace mysqlDatabase (Canary)
+          uses: jacobtomlinson/gha-find-replace@v3
+          if: matrix.ots == 'canary-3.1.2'
+          with:
+              find: 'mysqlDatabase = "otservbr-global"'
+              replace: 'mysqlDatabase = "myaac"'
+              regex: false
+              include: 'ots/config.lua'
 
         - name: Setup PHP
           uses: shivammathur/setup-php@v2
@@ -85,13 +120,13 @@ jobs:
           run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
         - name: Cache composer dependencies
-          uses: actions/cache@v3
+          uses: actions/cache@v4
           with:
             path: ${{ steps.composer-cache.outputs.dir }}
             # Use composer.json for key, if composer.lock is not committed.
-            # key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
-            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
-            restore-keys: ${{ runner.os }}-composer-
+            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+            #key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+            restore-keys: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
 
         - name: Install Composer dependencies
           run: composer install --no-progress --prefer-dist --optimize-autoloader
@@ -100,21 +135,28 @@ jobs:
           run: nohup php -S localhost:8080 > php.log 2>&1 &
 
         - name: Cypress Run
-          uses: cypress-io/github-action@v5
+          uses: cypress-io/github-action@v6
           env:
             CYPRESS_URL: http://localhost:8080
-            CYPRESS_SERVER_PATH: /home/runner/work/myaac/myaac/tfs
+            CYPRESS_SERVER_PATH: /home/runner/work/myaac/myaac/ots
 
         - name: Save screenshots
-          uses: actions/upload-artifact@v3
+          uses: actions/upload-artifact@v4
           if: always()
           with:
-            name: cypress-screenshots
+            name: cypress-screenshots-${{ matrix.php-versions }}-${{ matrix.ots }}
             path: cypress/screenshots
 
         - name: Upload Cypress Videos
-          uses: actions/upload-artifact@v3
+          uses: actions/upload-artifact@v4
           if: always()
           with:
-            name: cypress-videos
+            name: cypress-videos-${{ matrix.php-versions }}-${{ matrix.ots }}
             path: cypress/videos
+
+        - name: Upload PHP Logs
+          uses: actions/upload-artifact@v4
+          if: always()
+          with:
+            name: php-log-${{ matrix.php-versions }}-${{ matrix.ots }}
+            path: php.log

.github/workflows/phpstan.yml

@@ -0,0 +1,47 @@
+name: "PHPStan"
+
+on:
+  pull_request:
+    branches: [develop]
+  push:
+    branches: [develop]
+
+jobs:
+  tests:
+    name: PhpStan on PHP ${{ matrix.php-versions }}
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        php-versions: [ '8.1', '8.2', '8.3' ]
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v4"
+
+      - name: "Install PHP"
+        uses: "shivammathur/setup-php@v2"
+        with:
+          coverage: "none"
+          extensions: "intl, zip"
+          ini-values: "memory_limit=-1"
+          php-version: "${{ matrix.php-version }}"
+
+      - name: Get composer cache directory
+        id: composer-cache
+        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+
+      - name: Cache composer dependencies
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          # Use composer.json for key, if composer.lock is not committed.
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+          #key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+
+      - name: "Install composer dependencies"
+        run: "composer install"
+
+      - name: "Run PHPStan"
+        run: "/usr/bin/php vendor/bin/phpstan analyse"

.gitignore

@@ -6,15 +6,18 @@ Thumbs.db
 /.htaccess
 
 # composer
+composer.phar
 composer.lock
 vendor
 
 # npm
 node_modules
+tools/ext
 
 # cypress
 cypress.env.json
 cypress/e2e/2-advanced-examples
+cypress/screenshots
 
 # created by release.sh
 releases
@@ -35,12 +38,19 @@ images/guilds/*
 images/editor/*
 !images/editor/index.html
 
+# gallery images
+images/gallery/*
+!images/gallery/index.html
+!images/gallery/demon.jpg
+!images/gallery/demon_thumb.gif
+
 # cache
 system/cache/*
 !system/cache/index.html
 !system/cache/twig/index.html
 !system/cache/signatures/index.html
 !system/cache/plugins/index.html
+!system/cache/persistent/index.html
 
 # logs
 system/logs/*

CHANGELOG.md

@@ -1,8 +1,8 @@
 # Changelog
 
-## [0.9.0-alpha - 02.06.2023]
+## [1.0-beta - 02.02.2024]
 
-Minimum PHP version for this release is 7.2.5.
+Minimum PHP version for this release is 8.1.
 
 ### Added
 * reworked Admin Panel (@Leesneaks, @gpedro, @slawkens)
@@ -11,17 +11,26 @@ Minimum PHP version for this release is 7.2.5.
   * new Dashboard: statistics, server status
   * new Admin Bar showed on top when admin logged in
   * new page: Server Data, to reload server data
+    * Towns, NPCs & Items are stored in permanent cache
   * new pages: mass account & teleport tools
   * changelogs editor
   * revised Accounts & Players editors
-  * option to add/modify menus with plugins
+  * option to add/modify admin menus with plugins
   * option to enable/disable plugins
   * better, updated TinyMCE editor (v6.x)
     * with option to upload images
-  * list of open source libraries used in project
+  * list of open source libraries used in project page
+* auto-loading of themes, commands & pages from plugins/ folder. You need just to place them in correct folder and they will be loaded automatically - this allows better customization, without interfering with core AAC folders. This will allow in the future automatic updates for plugins as well the AAC as whole.
+* config.php moved to Admin Panel -> Settings page
+* new console script: aac (comes from MyAAC) - using symfony/console
+  * usage: `php aac` (will list all commands by default)
+  * example: `php aac cache:clear`
+  * example: `php aac plugin:install theme-example.zip`
+* replace POT Query Builder to Eloquent ORM. Not 100% yet - in some places there is still old $db approach used (@gpedro) (https://github.com/slawkens/myaac/pull/230)
 * brand new charming installation page (by @fernandomatos)
   * using Bootstrap
 * new pages router: nikic/fast-route, allowing for better customisation
+* Plugin cronjobs: central control of the cronjobs
 * Guild Wars support (available as plugin)
 * support for login and create account only by email (configurable)
   * with no need for account name
@@ -31,7 +40,10 @@ Minimum PHP version for this release is 7.2.5.
   * suggest account number option
 * many new functions, hooks and configurables
 * better Exception Handler (Whoops - https://github.com/filp/whoops)
-* add Cypress testing
+* automated website tests (using Cypress)
+* csrf protection (https://github.com/slawkens/myaac/pull/235)
+* option to restrict Page view to specified group of users (Not-Logged in, logged-in players, tutors, gamemasters etc.)
+* phpdebug bar (http://phpdebugbar.com/). Activated if env == 'dev', can be also activated in production by enabling "enable_debugbar" in local config
 
 ### Changed
 * Composer is now used for external libraries like: Twig, PHPMailer, fast-route etc.
@@ -45,7 +57,7 @@ Minimum PHP version for this release is 7.2.5.
 	* Highscores
 		* frags works for TFS 1.x
 		* cached
-	* creatures
+	* Monsters
 * moved pages to Twig:
   * experience stages
 * update player_deaths entries on name change

CONTRIBUTORS.txt

@@ -8,7 +8,11 @@ Fernando Matos <fernando@pixele.com.br>
 Lee <42119604+Leesneaks@users.noreply.github.com>
 caio <caio.zucoli@gmail.com>
 slawkens <slawkens@gmail.com>
-tobi132 <52947952+tobi132@users.noreply.github.com>
+tobi132 <tobi132@gmx.net>
 vankk <nwtr.otland@hotmail.com>
 whiteblXK <krzys16001@gmail.com>
 xitobuh <jonas.hockert92@gmail.com>
+Danilo Pucci <dnlps@hotmail.com>
+gpedro <gpedro831@gmail.com>
+Matheus Collier <matheuscollier@gmail.com>
+SRNT-GG <95472530+SRNT-GG@users.noreply.github.com>

README.md

@@ -1,24 +1,29 @@
 # [MyAAC](https://my-aac.org)
 
-[![Build Status Master](https://img.shields.io/travis/slawkens/myaac/master)](https://travis-ci.org/github/slawkens/myaac)
-[![License: GPL-3.0](https://img.shields.io/github/license/slawkens/myaac)](https://opensource.org/licenses/gpl-license)
-[![Downloads Count](https://img.shields.io/github/downloads/slawkens/myaac/total)](https://github.com/slawkens/myaac/releases)
-[![PHP Versions](https://img.shields.io/travis/php-v/slawkens/myaac/master)](https://github.com/slawkens/myaac/blob/d8b3b4135827ee17e3c6d41f08a925e718c587ed/.travis.yml#L3)
-[![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
-[![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
-
 MyAAC is a free and open-source Automatic Account Creator (AAC) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
 
 Official website: https://my-aac.org
 
+[![GitHub Workflow Status (with event)](https://img.shields.io/github/actions/workflow/status/slawkens/myaac/cypress.yml)](https://github.com/slawkens/myaac/actions)
+[![License: GPL-3.0](https://img.shields.io/github/license/slawkens/myaac)](https://opensource.org/licenses/gpl-license)
+[![Downloads Count](https://img.shields.io/github/downloads/slawkens/myaac/total)](https://github.com/slawkens/myaac/releases)
+[![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
+[![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
+
+| Version | Status                 | Branch  | Requirements   |
+|:--------|:-----------------------|:--------|:---------------|
+| **1.x** | **Active development** | develop | **PHP >= 8.1** |
+| 0.9.x   | Not developed anymore  | 0.9     | PHP >= 7.2.5   |
+| 0.8.x   | Active support         | master  | PHP >= 7.2.5   |
+| 0.7.x   | End Of Life            | 0.7     | PHP >= 5.3.3   |
+
 ### Requirements
 
-	- PHP 5.6 or later
 	- MySQL database
-	- PDO PHP Extension
-	- XML PHP Extension
-	- ZIP PHP Extension
-	- (optional) mod_rewrite to use friendly_urls
+	- PHP Extensions: pdo, xml, json
+	- (optional) apache2 mod_rewrite (to use friendly_urls)
+	- (optional) zip PHP Extension (to install plugins)
+	- (optional) gd PHP Extension (for generating signature images)
 
 ### Installation
 
@@ -42,7 +47,8 @@ Official website: https://my-aac.org
 
 ### Configuration
 
-Check *config.php* to get more informations.
+Check *config.php* to get more informations. (Notice: MyAAC 1.0+ doesn't use config.php anymore, it has been moved to Admin Panel - Settings page).
+
 Use *config.local.php* for your local configuration changes.
 
 ### Branches
@@ -71,7 +77,13 @@ Look: [Contributing](https://github.com/otsoft/myaac/wiki/Contributing) in our w
 
 ### Other Notes
 
-	If you have a great idea or want contribute to the project - visit our website at https://www.my-aac.org
+If you have a great idea or want contribute to the project - visit our website at https://www.my-aac.org
+
+## Project supported by JetBrains
+
+Many thanks to Jetbrains for kindly providing a license for me to work on this and other open-source projects.
+
+[![JetBrains](https://resources.jetbrains.com/storage/products/company/brand/logos/jb_beam.svg)](https://www.jetbrains.com/?from=https://github.com/slawkens)
 
 ### License
 

aac

@@ -0,0 +1,40 @@
+#!/usr/bin/env php
+<?php
+
+require_once __DIR__ . '/common.php';
+
+if(!IS_CLI) {
+	echo 'This script can be run only in command line mode.';
+	exit(1);
+}
+
+require_once SYSTEM . 'functions.php';
+require_once SYSTEM . 'init.php';
+
+define('SELF_NAME', basename(__FILE__));
+
+use MyAAC\Plugins;
+use Symfony\Component\Console\Application;
+
+$application = new Application();
+
+$commandsGlob = glob(SYSTEM . 'src/Commands/*.php');
+foreach ($commandsGlob as $item) {
+	$name = pathinfo($item, PATHINFO_FILENAME);
+	if ($name == 'Command') { // ignore base Command class
+		continue;
+	}
+
+	$commandPre = '\\MyAAC\Commands\\';
+	$application->add(new ($commandPre . $name));
+}
+
+$pluginCommands = Plugins::getCommands();
+foreach ($pluginCommands as $item) {
+	$application->add(require $item);
+}
+
+$application->setName('MyAAC');
+$application->setVersion(MYAAC_VERSION);
+
+$application->run();

admin/includes/debugbar.php

@@ -0,0 +1,22 @@
+<?php
+
+$hooks->register('debugbar_admin_head_end', HOOK_ADMIN_HEAD_END, function ($params) {
+	global $debugBar;
+
+	if (!isset($debugBar)) {
+		return;
+	}
+
+	$debugBarRenderer = $debugBar->getJavascriptRenderer();
+	echo $debugBarRenderer->renderHead();
+});
+$hooks->register('debugbar_admin_body_end', HOOK_ADMIN_BODY_END, function ($params) {
+	global $debugBar;
+
+	if (!isset($debugBar)) {
+		return;
+	}
+
+	$debugBarRenderer = $debugBar->getJavascriptRenderer();
+	echo $debugBarRenderer->render();
+});

admin/includes/settings_menus.php

@@ -1,5 +1,7 @@
 <?php
 
+use MyAAC\Plugins;
+
 $order = 10;
 
 $settingsMenu = [];

admin/index.php

@@ -25,16 +25,7 @@ define('PAGE', $page);
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
 
-// verify myaac tables exists in database
-if(!$db->hasTable('myaac_account_actions')) {
-	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
-}
-
-// event system
-require_once SYSTEM . 'hooks.php';
-$hooks = new Hooks();
-$hooks->load();
-
+require __DIR__ . '/includes/debugbar.php';
 require SYSTEM . 'status.php';
 require SYSTEM . 'login.php';
 require __DIR__ . '/includes/functions.php';
@@ -54,7 +45,7 @@ if(!$logged || !admin()) {
 // include our page
 $file = __DIR__ . '/pages/' . $page . '.php';
 if(!@file_exists($file)) {
-	if (strpos($page, 'plugins/') !== false) {
+	if (str_contains($page, 'plugins/')) {
 		$file = BASE . $page;
 	}
 	else {

admin/pages/accounts.php

@@ -7,13 +7,19 @@
  * @copyright 2020 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Models\Player;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Account editor';
+
+csrfProtect();
+
 $admin_base = ADMIN_URL . '?p=accounts';
 $use_datatable = true;
 
-if ($config['account_country'])
+if (setting('core.account_country'))
 	require SYSTEM . 'countries.conf.php';
 
 $nameOrNumberColumn = 'name';
@@ -27,7 +33,7 @@ $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $hasTypeColumn = $db->hasColumn('accounts', 'type');
 $hasGroupColumn = $db->hasColumn('accounts', 'group_id');
 
-if ($config['account_country']) {
+if (setting('core.account_country')) {
 	$countries = array();
 	foreach (array('pl', 'se', 'br', 'us', 'gb') as $c)
 		$countries[$c] = $config['countries'][$c];
@@ -79,7 +85,7 @@ else if (isset($_REQUEST['search'])) {
 		$account = new OTS_Account();
 		$account->load($id);
 
-		if (isset($account, $_POST['save']) && $account->isLoaded()) {
+		if (isset($_POST['save']) && $account->isLoaded()) {
 			$error = false;
 
 			$_error = '';
@@ -263,6 +269,9 @@ else if (isset($_REQUEST['search'])) {
 						<li class="nav-item">
 							<a class="nav-link active" id="accounts-acc-tab" data-toggle="pill" href="#accounts-acc">Account</a>
 						</li>
+						<li class="nav-item">
+							<a class="nav-link" id="accounts-logs-tab" data-toggle="pill" href="#accounts-logs">Logs</a>
+						</li>
 						<li class="nav-item">
 							<a class="nav-link" id="accounts-chars-tab" data-toggle="pill" href="#accounts-chars">Characters</a>
 						</li>
@@ -272,7 +281,7 @@ else if (isset($_REQUEST['search'])) {
 							</li>
 						<?php endif;
 
-						if ($db->hasTable('store_history')) : ?>
+						if ($db->hasTable('store_history') && $db->hasColumn('store_history', 'time')) : ?>
 							<li class="nav-item">
 								<a class="nav-link" id="accounts-store-tab" data-toggle="pill" href="#accounts-store">Store History</a>
 							</li>
@@ -282,7 +291,8 @@ else if (isset($_REQUEST['search'])) {
 				<div class="card-body">
 					<div class="tab-content" id="accounts-tabContent">
 						<div class="tab-pane fade active show" id="accounts-acc">
-							<form action="<?php echo $admin_base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post">
+							<form action="<?php echo $admin_base . ($id > 0 ? '&id=' . $id : ''); ?>" method="post">
+								<?php csrf(); ?>
 								<div class="form-group row">
 									<?php if (USE_ACCOUNT_NAME): ?>
 										<div class="col-12 col-sm-12 col-lg-4">
@@ -321,8 +331,8 @@ else if (isset($_REQUEST['search'])) {
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="group">Account Type:</label>
 											<select name="group" id="group" class="form-control">
-												<?php foreach ($acc_type as $id => $a_type): ?>
-													<option value="<?php echo($id); ?>" <?php echo($acc_group == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
+												<?php foreach ($acc_type as $_id => $a_type): ?>
+													<option value="<?php echo($_id); ?>" <?php echo($acc_group == ($_id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 												<?php endforeach; ?>
 											</select>
 										</div>
@@ -332,8 +342,8 @@ else if (isset($_REQUEST['search'])) {
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="group">Account Type:</label>
 											<select name="group" id="group" class="form-control">
-												<?php foreach ($groups->getGroups() as $id => $group): ?>
-													<option value="<?php echo $id; ?>" <?php echo($acc_group == $id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
+												<?php foreach ($groups->getGroups() as $_id => $group): ?>
+													<option value="<?php echo $_id; ?>" <?php echo($acc_group == $_id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
 												<?php endforeach; ?>
 											</select>
 										</div>
@@ -341,8 +351,8 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="web_flags">Website Access:</label>
 										<select name="web_flags" id="web_flags" class="form-control">
-											<?php foreach ($web_acc as $id => $a_type): ?>
-												<option value="<?php echo($id); ?>" <?php echo($account->getWebFlags() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
+											<?php foreach ($web_acc as $_id => $a_type): ?>
+												<option value="<?php echo($_id); ?>" <?php echo($account->getWebFlags() == ($_id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -397,8 +407,8 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-4">
 										<label for="rl_country">Country:</label>
 										<select name="rl_country" id="rl_country" class="form-control">
-											<?php foreach ($countries as $id => $a_type): ?>
-												<option value="<?php echo($id); ?>" <?php echo($account->getCountry() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
+											<?php foreach ($countries as $_id => $a_type): ?>
+												<option value="<?php echo($_id); ?>" <?php echo($account->getCountry() == ($_id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -420,12 +430,39 @@ else if (isset($_REQUEST['search'])) {
 								<a href="<?php echo ADMIN_URL; ?>?p=accounts" class="btn btn-danger float-right"><i class="fas fa-cancel"></i> Cancel</a>
 							</form>
 						</div>
+						<div class="tab-pane fade" id="accounts-logs">
+							<div class="row">
+								<table class="table table-striped table-condensed table-responsive d-md-table">
+									<thead>
+										<tr>
+											<th>#</th>
+											<th>Date</th>
+											<th>Action</th>
+											<th>IP</th>
+										</tr>
+									</thead>
+									<tbody>
+										<?php
+											$accountActions = \MyAAC\Models\AccountAction::where('account_id', $account->getId())->orderByDesc('date')->get();
+											foreach ($accountActions as $i => $log):
+												$log->ip = ($log->ip != 0 ? long2ip($log->ip) : inet_ntop($log->ipv6));
+												?>
+											<tr>
+												<td><?php echo $i + 1; ?></td>
+												<td><?= date("M d Y, H:i:s", $log->date); ?></td>
+												<td><?= $log->action; ?></td>
+												<td><?= $log->ip; ?></td>
+											</tr>
+											<?php endforeach; ?>
+									</tbody>
+								</table>
+							</div>
+						</div>
 						<div class="tab-pane fade" id="accounts-chars">
 							<div class="row">
 								<?php
 								if (isset($account) && $account->isLoaded()) {
-									$account_players = $account->getPlayersList();
-									$account_players->orderBy('id');
+									$account_players = Player::where('account_id', $account->getId())->orderBy('id')->get();
 									if (isset($account_players)) { ?>
 										<table class="table table-striped table-condensed table-responsive d-md-table">
 											<thead>
@@ -438,25 +475,13 @@ else if (isset($_REQUEST['search'])) {
 											</tr>
 											</thead>
 											<tbody>
-											<?php $i= 0;
-											foreach ($account_players as $i => $player):
-												$i++;
-												$player_vocation = $player->getVocation();
-												$player_promotion = $player->getPromotion();
-												if (isset($player_promotion)) {
-													if ((int)$player_promotion > 0)
-														$player_vocation += ($player_promotion * $config['vocations_amount']);
-												}
-
-												if (isset($config['vocations'][$player_vocation])) {
-													$vocation_name = $config['vocations'][$player_vocation];
-												} ?>
+											<?php foreach ($account_players as $i => $player): ?>
 												<tr>
-													<th><?php echo $i; ?></th>
-													<td><?php echo $player->getName(); ?></td>
-													<td><?php echo $player->getLevel(); ?></td>
-													<td><?php echo $vocation_name; ?></td>
-													<td><a href="?p=players&id=<?php echo $player->getId() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
+													<th><?php echo $i + 1; ?></th>
+													<td><?php echo $player->name; ?></td>
+													<td><?php echo $player->level; ?></td>
+													<td><?php echo $player->vocation_name; ?></td>
+													<td><a href="?p=players&id=<?php echo $player->getKey() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
 												</tr>
 											<?php endforeach ?>
 											</tbody>
@@ -523,7 +548,7 @@ else if (isset($_REQUEST['search'])) {
 								} ?>
 							</div>
 						<?php endif;
-						if ($db->hasTable('store_history')) { ?>
+						if ($db->hasTable('store_history') && $db->hasColumn('store_history', 'time')) { ?>
 							<div class="tab-pane fade" id="accounts-store">
 								<?php $store_history = $db->query('SELECT * FROM `store_history` WHERE `account_id` = "' . $account->getId() . '" ORDER BY `time` DESC')->fetchAll(); ?>
 								<table class="table table-striped table-condensed table-responsive d-md-table">
@@ -560,18 +585,20 @@ else if (isset($_REQUEST['search'])) {
 				<div class="row">
 					<div class="col-6 col-lg-12">
 						<form action="<?php echo $admin_base; ?>" method="post">
-							<label for="name">Account Name:</label>
+							<?php csrf(); ?>
+							<label for="search">Account Name:</label>
 							<div class="input-group input-group-sm">
-								<input type="text" class="form-control" name="search" value="<?php echo $search_account; ?>" maxlength="32" size="32">
+								<input type="text" class="form-control" id="search" name="search" value="<?= escapeHtml($search_account); ?>" maxlength="32" size="32">
 								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 							</div>
 						</form>
 					</div>
 					<div class="col-6 col-lg-12">
 						<form action="<?php echo $admin_base; ?>" method="post">
-							<label for="name">Account ID:</label>
+							<?php csrf(); ?>
+							<label for="id">Account ID:</label>
 							<div class="input-group input-group-sm">
-								<input type="text" class="form-control" name="id" value="" maxlength="32" size="32">
+								<input type="text" class="form-control" id="id" name="id" value="<?= $id; ?>" maxlength="32" size="32">
 								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 							</div>
 						</form>

admin/pages/changelog.php

@@ -8,32 +8,34 @@
  * @copyright 2020 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Changelog;
+use MyAAC\Models\Changelog as ModelsChangelog;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
+$title = 'Changelog';
+
+csrfProtect();
+
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
 }
 
-$title = 'Changelog';
 $use_datatable = true;
 const CL_LIMIT = 600; // maximum changelog body length
-?>
 
-<link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
-<script src="<?php echo BASE_URL; ?>tools/js/jquery.datetimepicker.js"></script>
-<?php
 $id = $_GET['id'] ?? 0;
-require_once LIBS . 'changelog.php';
 
-if(!empty($action))
+if(!empty($action) && isRequestMethod('post'))
 {
-	$id = $_REQUEST['id'] ?? null;
-	$body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null;
-	$create_date = isset($_REQUEST['createdate']) ? (int)strtotime($_REQUEST['createdate'] ): null;
-	$player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null;
-	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null;
-	$where = isset($_REQUEST['where']) ? (int)$_REQUEST['where'] : null;
+	$id = $_POST['id'] ?? null;
+	$body = isset($_POST['body']) ? stripslashes($_POST['body']) : null;
+	$create_date = isset($_POST['createdate']) ? (int)strtotime($_POST['createdate'] ): null;
+	$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : null;
+	$type = isset($_POST['type']) ? (int)$_POST['type'] : null;
+	$where = isset($_POST['where']) ? (int)$_POST['where'] : null;
 
 	$errors = array();
 
@@ -43,12 +45,13 @@ if(!empty($action))
 			$body = '';
 			$type = $where = $player_id = $create_date = 0;
 
-			success("Added successful.");
+			success('Added successful.');
 		}
 	}
 	else if($action == 'delete') {
-		Changelog::delete($id, $errors);
-		success("Deleted successful.");
+		if (Changelog::delete($id, $errors)) {
+			success('Deleted successful.');
+		}
 	}
 	else if($action == 'edit')
 	{
@@ -65,20 +68,21 @@ if(!empty($action))
 				$action = $body = '';
 				$type = $where = $player_id = $create_date = 0;
 
-				success("Updated successful.");
+				success('Updated successful.');
 			}
 		}
 	}
 	else if($action == 'hide') {
-		Changelog::toggleHidden($id, $errors, $status);
-		success(($status == 1 ? 'Show' : 'Hide') . " successful.");
+		if (Changelog::toggleHide($id, $errors, $status)) {
+			success(($status == 1 ? 'Hide' : 'Show') . ' successful.');
+		}
 	}
 
 	if(!empty($errors))
 		error(implode(", ", $errors));
 }
 
-$changelogs = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'changelog' . '` ORDER BY `id` DESC')->fetchAll();
+$changelogs = ModelsChangelog::orderBy('id')->get()->toArray();
 
 $i = 0;
 
@@ -110,7 +114,7 @@ if($action == 'edit' || $action == 'new') {
 	$account_players->orderBy('group_id', POT::ORDER_DESC);
 	$twig->display('admin.changelog.form.html.twig', array(
 		'action' => $action,
-		'cl_link_form' => constant('ADMIN_URL').'?p=changelog&action=' . ($action == 'edit' ? 'edit' : 'new'),
+		'cl_link_form' => constant('ADMIN_URL').'?p=changelog',
 		'cl_id' => $id ?? null,
 		'body' => isset($body) ? escapeHtml($body) : '',
 		'create_date' => $create_date ?? '',
@@ -125,15 +129,3 @@ if($action == 'edit' || $action == 'new') {
 $twig->display('admin.changelog.html.twig', array(
 	'changelogs' => $changelogs,
 ));
-
-?>
-<script>
-	$(document).ready(function () {
-		$('#createdate').datetimepicker({format: "M d Y, H:i:s",});
-
-		$('.tb_datatable').DataTable({
-			"order": [[0, "desc"]],
-			"columnDefs": [{targets: [1, 2,4,5],orderable: false}]
-		});
-	});
-</script>

admin/pages/dashboard.php

@@ -10,7 +10,9 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Dashboard';
 
-if (isset($_GET['clear_cache'])) {
+csrfProtect();
+
+if (isset($_POST['clear_cache'])) {
 	if (clearCache()) {
 		success('Cache cleared.');
 	} else {
@@ -18,7 +20,7 @@ if (isset($_GET['clear_cache'])) {
 	}
 }
 
-if (isset($_GET['maintenance'])) {
+if (isset($_POST['maintenance'])) {
 	$message = (!empty($_POST['message']) ? $_POST['message'] : null);
 	$_status = (isset($_POST['status']) && $_POST['status'] == 'true');
 	$_status = ($_status ? '0' : '1');

admin/pages/login.php

@@ -10,6 +10,8 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Login';
 
+csrfProtect();
+
 require PAGES . 'account/login.php';
 if ($logged) {
 	header('Location: ' . (admin() ? ADMIN_URL : BASE_URL));

admin/pages/mailer.php

@@ -10,6 +10,8 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Mailer';
 
+csrfProtect();
+
 if (!hasFlag(FLAG_CONTENT_MAILER) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
@@ -20,7 +22,7 @@ if (!setting('core.mail_enabled')) {
 	return;
 }
 
-$mail_to = isset($_REQUEST['mail_to']) ? stripslashes(trim($_REQUEST['mail_to'])) : null;
+$mail_to = isset($_POST['mail_to']) ? stripslashes(trim($_POST['mail_to'])) : null;
 $mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : null;
 $mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : null;
 
@@ -54,7 +56,7 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
 	$failed = 0;
 
 	$add = '';
-	if (config('account_mail_verify')) {
+	if (setting('core.account_mail_verify')) {
 		note('Note: Sending only to users with verified E-Mail.');
 		$add = ' AND `email_verified` = 1';
 	}

admin/pages/mass_account.php

@@ -9,10 +9,15 @@
  * @copyright 2020 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Models\Account;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Mass Account Actions';
 
+csrfProtect();
+
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $freePremium = $config['lua']['freePremium'];
@@ -26,15 +31,14 @@ function admin_give_points($points)
 		return;
 	}
 
+
 	$statement = $db->prepare('UPDATE `accounts` SET `premium_points` = `premium_points` + :points');
 	if (!$statement) {
 		displayMessage('Failed to prepare query statement.');
 		return;
 	}
 
-	if (!$statement->execute([
-		'points' => $points
-	])) {
+	if (!Account::query()->increment('premium_points', $points)) {
 		displayMessage('Failed to add points.');
 		return;
 	}
@@ -50,15 +54,7 @@ function admin_give_coins($coins)
 		return;
 	}
 
-	$statement = $db->prepare('UPDATE `accounts` SET `coins` = `coins` + :coins');
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return;
-	}
-
-	if (!$statement->execute([
-		'coins' => $coins
-	])) {
+	if (!Account::query()->increment('coins', $coins)) {
 		displayMessage('Failed to add coins.');
 		return;
 	}
@@ -166,9 +162,9 @@ function admin_give_premdays($days)
 	displayMessage('Premium Days not supported.');
 }
 
-if (isset($_POST['action']) && $_POST['action']) {
+if (!empty(ACTION) && isRequestMethod('post')) {
 
-	$action = $_POST['action'];
+	$action = ACTION;
 
 	if (preg_match("/[^A-z0-9_\-]/", $action)) {
 		displayMessage('Invalid action.');

admin/pages/mass_teleport.php

@@ -8,22 +8,21 @@
  * @copyright 2020 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Models\Player;
+use MyAAC\Models\PlayerOnline;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Mass Teleport Actions';
 
-function admin_teleport_position($x, $y, $z) {
-	global $db;
-	$statement = $db->prepare('UPDATE `players` SET `posx` = :x, `posy` = :y, `posz` = :z');
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return;
-	}
+csrfProtect();
 
-	if (!$statement->execute([
-		'x' => $x, 'y' => $y, 'z' => $z
+function admin_teleport_position($x, $y, $z) {
+	if (!Player::query()->update([
+		'posx' => $x, 'posy' => $y, 'posz' => $z
 	])) {
-		displayMessage('Failed to execute query.');
+		displayMessage('Failed to execute query. Probably already updated.');
 		return;
 	}
 
@@ -31,26 +30,19 @@ function admin_teleport_position($x, $y, $z) {
 }
 
 function admin_teleport_town($town_id) {
-	global $db;
-	$statement = $db->prepare('UPDATE `players` SET `town_id` = :town_id');
-	if (!$statement) {
-		displayMessage('Failed to prepare query statement.');
-		return;
-	}
-
-	if (!$statement->execute([
-		'town_id' => $town_id
+	if (!Player::query()->update([
+		'town_id' => $town_id,
 	])) {
-		displayMessage('Failed to execute query.');
+		displayMessage('Failed to execute query. Probably already updated.');
 		return;
 	}
 
 	displayMessage('Player\'s town updated.', true);
 }
 
-if (isset($_POST['action']) && $_POST['action'])    {
+if (!empty(ACTION) && isRequestMethod('post'))    {
 
-	$action = $_POST['action'];
+	$action = ACTION;
 
 	if (preg_match("/[^A-z0-9_\-]/", $action)) {
 		displayMessage('Invalid action.');
@@ -58,13 +50,12 @@ if (isset($_POST['action']) && $_POST['action'])    {
 
 		$playersOnline = 0;
 		if($db->hasTable('players_online')) {// tfs 1.0
-			$query = $db->query('SELECT count(*) AS `count` FROM `players_online`');
+			$playersOnline = PlayerOnline::count();
 		} else {
-			$query = $db->query('SELECT count(*) AS `count` FROM `players` WHERE `players`.`online` > 0');
+			$playersOnline = Player::online()->count();
 		}
 
-		$playersOnline = $query->fetch(PDO::FETCH_ASSOC);
-		if ($playersOnline['count'] > 0) {
+		if ($playersOnline > 0) {
 			displayMessage('Please, close the server before execute this action otherwise players will not be affected.');
 			return;
 		}

admin/pages/menus.php

@@ -7,35 +7,49 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Cache\Cache;
+use MyAAC\Models\Menu;
+
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Menus';
 
+csrfProtect();
+
 if (!hasFlag(FLAG_CONTENT_MENUS) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
 }
 
-if (isset($_REQUEST['template'])) {
-	$template = $_REQUEST['template'];
+if (isset($_POST['template'])) {
+	$template = $_POST['template'];
 
-	if (isset($_REQUEST['menu'])) {
-		$post_menu = $_REQUEST['menu'];
-		$post_menu_link = $_REQUEST['menu_link'];
-		$post_menu_blank = $_REQUEST['menu_blank'];
-		$post_menu_color = $_REQUEST['menu_color'];
+	if (isset($_POST['menu'])) {
+		$post_menu = $_POST['menu'];
+		$post_menu_link = $_POST['menu_link'];
+		$post_menu_blank = $_POST['menu_blank'];
+		$post_menu_color = $_POST['menu_color'];
 		if (count($post_menu) != count($post_menu_link)) {
 			echo 'Menu count is not equal menu links. Something went wrong when sending form.';
 			return;
 		}
 
-		$db->query('DELETE FROM `' . TABLE_PREFIX . 'menu` WHERE `template` = ' . $db->quote($template));
+		Menu::where('template', $template)->delete();
 		foreach ($post_menu as $category => $menus) {
 			foreach ($menus as $i => $menu) {
 				if (empty($menu)) // don't save empty menu item
 					continue;
 
 				try {
-					$db->insert(TABLE_PREFIX . 'menu', array('template' => $template, 'name' => $menu, 'link' => $post_menu_link[$category][$i], 'blank' => $post_menu_blank[$category][$i] == 'on' ? 1 : 0, 'color' => str_replace('#', '', $post_menu_color[$category][$i]), 'category' => $category, 'ordering' => $i));
+					Menu::create([
+						'template' => $template,
+						'name' => $menu,
+						'link' => $post_menu_link[$category][$i],
+						'blank' => $post_menu_blank[$category][$i] == 'on' ? 1 : 0,
+						'color' => str_replace('#', '', $post_menu_color[$category][$i]),
+						'category' => $category,
+						'ordering' => $i
+					]);
 				} catch (PDOException $error) {
 					warning('Error while adding menu item (' . $menu . '): ' . $error->getMessage());
 				}
@@ -58,6 +72,16 @@ if (isset($_REQUEST['template'])) {
 		return;
 	}
 
+	if (isset($_GET['reset_colors'])) {
+		if (isset($config['menu_default_color'])) {
+			Menu::where('template', $template)->update(['color' => str_replace('#', '', $config['menu_default_color'])]);
+			success('Colors has been reset.');
+		}
+		else {
+			warning('There is no default color defined, cannot reset colors.');
+		}
+	}
+
 	if (!isset($config['menu_categories'])) {
 		echo "No menu categories set in template config.php.<br/>This template doesn't support dynamic menus.";
 		return;
@@ -71,17 +95,31 @@ if (isset($_REQUEST['template'])) {
 			Hint: Add links to external sites using: <b>http://</b> or <b>https://</b> prefix.<br/>
 			Not all templates support blank and colorful links.
 		</p>
+		<?php if (isset($config['menu_default_color'])) {?>
+		<form method="post" action="?p=menus&reset_colors" onsubmit="return confirm('Do you really want to reset colors?');">
+			<?php csrf(); ?>
+			<input type="hidden" name="template" value="<?php echo $template ?>"/>
+			<button type="submit" class="btn btn-danger">Reset Colors to default</button>
+		</form>
+		<br/>
+		<?php } ?>
 	</div>
 	<?php
-	$menus = array();
-	$menus_db = $db->query('SELECT `name`, `link`, `blank`, `color`, `category`, `ordering` FROM `' . TABLE_PREFIX . 'menu` WHERE `enabled` = 1 AND `template` = ' . $db->quote($template) . ' ORDER BY `ordering` ASC;')->fetchAll();
-	foreach ($menus_db as $menu) {
-		$menus[$menu['category']][] = array('name' => $menu['name'], 'link' => $menu['link'], 'blank' => $menu['blank'], 'color' => $menu['color'], 'ordering' => $menu['ordering']);
-	}
+	$menus = Menu::query()
+		->select('name', 'link', 'blank', 'color', 'category', 'ordering')
+		->where('enabled', 1)
+		->where('template', $template)
+		->orderBy('ordering')
+		->get()
+		->groupBy('category')
+		->toArray();
+
 	$last_id = array();
 	?>
 	<form method="post" id="menus-form" action="?p=menus">
+		<?php csrf(); ?>
 		<input type="hidden" name="template" value="<?php echo $template ?>"/>
+		<button type="submit" class="btn btn-info">Save</button><br/><br/>
 		<div class="row">
 			<?php foreach ($config['menu_categories'] as $id => $cat): ?>
 				<div class="col-md-12 col-lg-6">
@@ -113,7 +151,7 @@ if (isset($_REQUEST['template'])) {
 		</div>
 		<div class="row pb-2">
 			<div class="col-md-12">
-				<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> Save</button>
+				<button type="submit" class="btn btn-info">Save</button>
 				<?php
 				echo '<button type="button" class="btn btn-danger float-right" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus\';"><i class="fas fa-cancel"></i> Cancel</button>';
 				?>
@@ -129,7 +167,7 @@ if (isset($_REQUEST['template'])) {
 	?>
 	<?php
 } else {
-	$templates = $db->query('SELECT `template` FROM `' . TABLE_PREFIX . 'menu` GROUP BY `template`;')->fetchAll();
+	$templates = Menu::select('template')->distinct()->get()->toArray();
 	foreach ($templates as $key => $value) {
 		$file = TEMPLATES . $value['template'] . '/config.php';
 		if (!file_exists($file)) {

admin/pages/modules/balance.php

@@ -1,7 +1,14 @@
 <?php
+
+use MyAAC\Models\Player;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
-$balance = ($db->hasColumn('players', 'balance') ? $db->query('SELECT `balance`, `id`, `name`,`level` FROM `players` ORDER BY `balance` DESC LIMIT 10;') : 0);
+$balance = 0;
+
+if ($db->hasColumn('players', 'balance')) {
+	$balance = Player::orderByDesc('balance')->limit(10)->get(['balance', 'id','name', 'level'])->toArray();
+}
 
 $twig->display('balance.html.twig', array(
 	'balance' => $balance

admin/pages/modules/coins.php

@@ -1,7 +1,14 @@
 <?php
+
+use MyAAC\Models\Account;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
-$coins = ($db->hasColumn('accounts', 'coins') ?  $db->query('SELECT `coins`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `coins` DESC LIMIT 10;') : 0);
+$coins = 0;
+
+if ($db->hasColumn('accounts', 'coins')) {
+	$coins = Account::orderByDesc('coins')->limit(10)->get(['coins', (USE_ACCOUNT_NAME ? 'name' : 'id')])->toArray();
+}
 
 $twig->display('coins.html.twig', array(
 	'coins' => $coins

admin/pages/modules/created.php

@@ -1,8 +1,15 @@
 <?php
+
+use MyAAC\Models\Account;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
-$players = ($db->hasColumn('accounts', 'created') ? $db->query('SELECT `created`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `created` DESC LIMIT 10;') : 0);
+$accounts = 0;
+
+if ($db->hasColumn('accounts', 'created')) {
+	$accounts = Account::orderByDesc('created')->limit(10)->get(['created', (USE_ACCOUNT_NAME ? 'name' : 'id')])->toArray();
+}
 
 $twig->display('created.html.twig', array(
-	'players' => $players,
+	'accounts' => $accounts,
 ));

admin/pages/modules/lastlogin.php

@@ -1,7 +1,15 @@
 <?php
+
+use MyAAC\Models\Player;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
-$players = ($db->hasColumn('players', 'lastlogin') ? $db->query('SELECT name, level, lastlogin FROM players ORDER BY lastlogin DESC LIMIT 10;') : 0);
+$players = 0;
+
+if ($db->hasColumn('players', 'lastlogin')) {
+	$players = Player::orderByDesc('lastlogin')->limit(10)->get(['name', 'level', 'lastlogin'])->toArray();
+}
+
 $twig->display('lastlogin.html.twig', array(
 	'players' => $players,
 ));

admin/pages/modules/points.php

@@ -1,7 +1,14 @@
 <?php
+
+use MyAAC\Models\Account;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
-$points = ($db->hasColumn('accounts', 'premium_points') ? $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;') : 0);
+$points = 0;
+
+if ($db->hasColumn('accounts', 'premium_points')) {
+	$coins = Account::orderByDesc('premium_points')->limit(10)->get(['premium_points', (USE_ACCOUNT_NAME ? 'name' : 'id')])->toArray();
+}
 
 $twig->display('points.html.twig', array(
 	'points' => $points,

admin/pages/modules/statistics.php

@@ -1,11 +1,20 @@
 <?php
+
+use MyAAC\Models\Account;
+use MyAAC\Models\Guild;
+use MyAAC\Models\House;
+use MyAAC\Models\Monster;
+use MyAAC\Models\Player;
+
 defined('MYAAC') or die('Direct access not allowed!');
-$count = $db->query('SELECT
-  (SELECT COUNT(*) FROM `accounts`) as total_accounts, 
-  (SELECT COUNT(*) FROM `players`) as total_players,
-  (SELECT COUNT(*) FROM `guilds`) as total_guilds,
-  (SELECT COUNT(*) FROM `' . TABLE_PREFIX . 'monsters`) as total_monsters,
-  (SELECT COUNT(*) FROM `houses`) as total_houses;')->fetch();
+$count = $eloquentConnection->query()
+	->select([
+		'total_accounts' => Account::selectRaw('COUNT(id)'),
+		'total_players' => Player::selectRaw('COUNT(id)'),
+		'total_guilds' => Guild::selectRaw('COUNT(id)'),
+		'total_monsters' => Monster::selectRaw('COUNT(id)'),
+		'total_houses' => House::selectRaw('COUNT(id)'),
+	])->first();
 
 $twig->display('statistics.html.twig', array(
 	'count' => $count,

admin/pages/modules/templates/created.html.twig

@@ -1,4 +1,4 @@
-{% if players is iterable %}
+{% if accounts is iterable %}
 	<div class=" col-md-6 col-lg-3">
 		<div class="card card-info card-outline">
 			<div class="card-header">
@@ -15,7 +15,7 @@
 					</thead>
 					<tbody>
 					{% set i = 0 %}
-					{% for result in players %}
+					{% for result in accounts %}
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>

admin/pages/modules/templates/web_status.twig

@@ -1,10 +1,9 @@
 <div class="col-12 col-md-6">
 	<div class="card card-warning card-outline">
-		<form action="?p=dashboard&maintenance" method="post" class="form-horizontal">
 		<div class="card-header">
 			<span class="m-0">Website Status<span class="float-right">
 			<div class="custom-control custom-switch custom-switch-off-danger custom-switch-on-success">
-					<input type="checkbox" class="custom-control-input" name="status" id="status" value="true" {% if not is_closed %} checked{% endif %}>
+				<input form="maintenance-form" type="checkbox" class="custom-control-input" name="status" id="status" value="true" {% if not is_closed %} checked{% endif %}>
 				<label id="status-label" class="custom-control-label" for="status"> {% if is_closed %}Closed{% else %}Open{% endif %}</label>
 			</div></span>
 			</span>
@@ -12,17 +11,22 @@
 		<div class="card-body p-2">
 			<div class="col-sm-12">
 				<label for="message" class="col-form-label">Maintenance Message</label>
-					<textarea name="message" class="form-control" cols="40" rows="3" maxlength="255" placeholder="Enter ...">{{ closed_message }}</textarea>
+				<textarea form="maintenance-form" name="message" class="form-control" cols="40" rows="3" maxlength="255" placeholder="Enter ...">{{ closed_message }}</textarea>
 				<small>(only visible if closed)</small>
 			</div>
 		</div>
 		<div class="card-footer">
+			<form id="maintenance-form" method="post" action="?p=dashboard" class="float-left">
+				{{ csrf() }}
+				<input type="hidden" name="maintenance" value="1" />
 				<button type="submit" class="btn btn-info"><i class="far fa-update"></i> Update</button>
-				<a href="?p=dashboard&clear_cache" onclick="return confirm('Are you sure?');" class="float-right">
-					<span class="btn btn-danger"><i class="fas fa-clear"></i>Clear cache</span>
-				</a>
-			</div>
 			</form>
+			<form method="post" action="?p=dashboard" class="float-right">
+				{{ csrf() }}
+				<input type="hidden" name="clear_cache" value="1" />
+				<button type="submit" onclick="return confirm('Are you sure that you want to clear cache?');" class="btn btn-danger" title="Clear Cache"><i class="fas fa-clear"></i>Clear cache</button>
+			</form>
+		</div>
 	</div>
 </div>
 

admin/pages/news.php

@@ -7,12 +7,16 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Forum;
+use MyAAC\News;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
-require_once LIBS . 'forum.php';
-require_once LIBS . 'news.php';
-
 $title = 'News Panel';
+
+csrfProtect();
+
 $use_datatable = true;
 
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
@@ -23,45 +27,44 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 header('X-XSS-Protection:0');
 
 // some constants, used mainly by database (cannot by modified without schema changes)
-define('NEWS_TITLE_LIMIT', 100);
-define('NEWS_BODY_LIMIT', 65535); // maximum news body length
-define('ARTICLE_TEXT_LIMIT', 300);
-define('ARTICLE_IMAGE_LIMIT', 100);
+const NEWS_TITLE_LIMIT = 100;
+const NEWS_BODY_LIMIT = 65535; // maximum news body length
+const ARTICLE_TEXT_LIMIT = 300;
+const ARTICLE_IMAGE_LIMIT = 100;
 
 $name = $p_title = '';
 if(!empty($action))
 {
-	$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : null;
-	$p_title = isset($_REQUEST['title']) ? $_REQUEST['title'] : null;
-	$body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null;
-	$comments = isset($_REQUEST['comments']) ? $_REQUEST['comments'] : null;
-	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null;
-	$category = isset($_REQUEST['category']) ? (int)$_REQUEST['category'] : null;
-	$player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null;
-	$article_text = isset($_REQUEST['article_text']) ? $_REQUEST['article_text'] : null;
-	$article_image = isset($_REQUEST['article_image']) ? $_REQUEST['article_image'] : null;
-	$forum_section = isset($_REQUEST['forum_section']) ? $_REQUEST['forum_section'] : null;
-	$errors = array();
+	$id = $_POST['id'] ?? null;
+	$p_title = $_POST['title'] ?? null;
+	$body = isset($_POST['body']) ? stripslashes($_POST['body']) : null;
+	$comments = $_POST['comments'] ?? null;
+	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : 1;
+	$category = isset($_POST['category']) ? (int)$_POST['category'] : null;
+	$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : null;
+	$article_text = $_POST['article_text'] ?? null;
+	$article_image = $_POST['article_image'] ?? null;
+	$forum_section = $_POST['forum_section'] ?? null;
+	$errors = [];
 
-	if($action == 'new') {
-		if(isset($forum_section) && $forum_section != '-1') {
+	if (isRequestMethod('post')) {
+		if ($action == 'new') {
+			if (isset($forum_section) && $forum_section != '-1') {
 				$forum_add = Forum::add_thread($p_title, $body, $forum_section, $player_id, $account_logged->getId(), $errors);
 			}
 
-		if(isset($p_title) && News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
+			if (isset($p_title) && News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
 				$p_title = $body = $comments = $article_text = $article_image = '';
 				$type = $category = $player_id = 0;
 
-			success("Added successful.");
+				success('Added successful.');
 			}
+		} else if ($action == 'delete') {
+			if (News::delete($id, $errors)) {
+				success('Deleted successful.');
 			}
-	else if($action == 'delete') {
-		News::delete($id, $errors);
-		success("Deleted successful.");
-	}
-	else if($action == 'edit')
-	{
-		if(isset($id) && !isset($p_title)) {
+		} else if ($action == 'edit') {
+			if (isset($id) && !isset($p_title)) {
 				$news = News::get($id);
 				$p_title = $news['title'];
 				$body = $news['body'];
@@ -71,24 +74,24 @@ if(!empty($action))
 				$player_id = $news['player_id'];
 				$article_text = $news['article_text'];
 				$article_image = $news['article_image'];
-		}
-		else {
-			if(News::update($id, $p_title, $body, $type, $category, $player_id, $forum_section, $article_text, $article_image, $errors)) {
+			} else {
+				if (News::update($id, $p_title, $body, $type, $category, $player_id, $forum_section, $article_text, $article_image, $errors)) {
 					// update forum thread if exists
-				if(isset($forum_section) && Validator::number($forum_section)) {
-					$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `author_guid` = ".(int) $player_id.", `post_text` = ".$db->quote($body).", `post_topic` = ".$db->quote($p_title).", `edit_date` = " . time() . " WHERE `id` = " . $db->quote($forum_section));
+					if (isset($forum_section) && Validator::number($forum_section)) {
+						$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `author_guid` = " . (int)$player_id . ", `post_text` = " . $db->quote($body) . ", `post_topic` = " . $db->quote($p_title) . ", `edit_date` = " . time() . " WHERE `id` = " . $db->quote($forum_section));
 					}
 
 					$action = $p_title = $body = $comments = $article_text = $article_image = '';
 					$type = $category = $player_id = 0;
 
-				success("Updated successful.");
+					success('Updated successful.');
 				}
 			}
+		} else if ($action == 'hide') {
+			if (News::toggleHide($id, $errors, $status)) {
+				success(($status == 1 ? 'Hide' : 'Show') . ' successful.');
+			}
 		}
-	else if($action == 'hide') {
-		News::toggleHidden($id, $errors, $status);
-		success(($status == 1 ? 'Show' : 'Hide') . " successful.");
 	}
 
 	if(!empty($errors))
@@ -96,7 +99,7 @@ if(!empty($action))
 }
 
 $categories = array();
-foreach($db->query('SELECT `id`, `name`, `icon_id` FROM `' . TABLE_PREFIX . 'news_categories` WHERE `hidden` != 1') as $cat)
+foreach($db->query('SELECT `id`, `name`, `icon_id` FROM `' . TABLE_PREFIX . 'news_categories` WHERE `hide` != 1') as $cat)
 {
 	$categories[$cat['id']] = array(
 		'name' => $cat['name'],
@@ -114,12 +117,10 @@ if($action == 'edit' || $action == 'new') {
 	$account_players->orderBy('group_id', POT::ORDER_DESC);
 	$twig->display('admin.news.form.html.twig', array(
 		'action' => $action,
-		'news_link' => getLink(PAGE),
-		'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'new'),
 		'news_id' => $id ?? null,
 		'title' => $p_title ?? '',
 		'body' => isset($body) ? escapeHtml($body) : '',
-		'type' => $type ?? null,
+		'type' => $type,
 		'player' => isset($player) && $player->isLoaded() ? $player : null,
 		'player_id' => $player_id ?? null,
 		'account_players' => $account_players,
@@ -141,12 +142,12 @@ foreach ($query as $_news) {
 
 	$newses[$_news['type']][] = array(
 		'id' => $_news['id'],
-		'hidden' => $_news['hidden'],
+		'hide' => $_news['hide'],
 		'archive_link' => getLink('news') . '/archive/' . $_news['id'],
 		'title' => $_news['title'],
 		'date' => $_news['date'],
-		'player_name' => isset($_player) && $_player->isLoaded() ? $_player->getName() : '',
-		'player_link' => isset($_player) && $_player->isLoaded() ? getPlayerLink($_player->getName(), false) : '',
+		'player_name' => $_player->isLoaded() ? $_player->getName() : '',
+		'player_link' => $_player->isLoaded() ? getPlayerLink($_player->getName(), false) : '',
 	);
 }
 

admin/pages/notepad.php

@@ -7,46 +7,35 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Models\Notepad as ModelsNotepad;
+
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Notepad';
 
-$notepad_content = Notepad::get($account_logged->getId());
+csrfProtect();
+
+/**
+ * @var OTS_Account $account_logged
+ */
+$_content = '';
+$notepad = ModelsNotepad::where('account_id', $account_logged->getId())->first();
 if (isset($_POST['content'])) {
 	$_content = html_entity_decode(stripslashes($_POST['content']));
-	if (!$notepad_content)
-		Notepad::create($account_logged->getId(), $_content);
-	else
-		Notepad::update($account_logged->getId(), $_content);
+	if (!$notepad) {
+		ModelsNotepad::create([
+			'account_id' => $account_logged->getId(),
+			'content' => $_content
+		]);
+	}
+	else {
+		ModelsNotepad::where('account_id', $account_logged->getId())->update(['content' => $_content]);
+	}
 
-	echo '<div class="success" style="text-align: center;">Saved at ' . date('H:i') . '</div>';
+	success('Saved at ' . date('H:i'));
 } else {
-	if ($notepad_content !== false)
-		$_content = $notepad_content;
+	if ($notepad)
+		$_content = $notepad->content;
 }
 
-$twig->display('admin.notepad.html.twig', array('content' => isset($_content) ? $_content : null));
-
-class Notepad
-{
-	static public function get($account_id)
-	{
-		global $db;
-		$query = $db->select(TABLE_PREFIX . 'notepad', array('account_id' => $account_id));
-		if ($query !== false)
-			return $query['content'];
-
-		return false;
-	}
-
-	static public function create($account_id, $content = '')
-	{
-		global $db;
-		$db->insert(TABLE_PREFIX . 'notepad', array('account_id' => $account_id, 'content' => $content));
-	}
-
-	static public function update($account_id, $content = '')
-	{
-		global $db;
-		$db->update(TABLE_PREFIX . 'notepad', array('content' => $content), array('account_id' => $account_id));
-	}
-}
+$twig->display('admin.notepad.html.twig', ['content' => $_content]);

admin/pages/pages.php

@@ -7,10 +7,16 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Models\Pages as ModelsPages;
+use MyAAC\Admin\Pages;
+
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Pages';
 $use_datatable = true;
 
+csrfProtect();
+
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
@@ -26,31 +32,36 @@ $enable_tinymce = true;
 $access = 0;
 
 // some constants, used mainly by database (cannot by modified without schema changes)
-define('PAGE_TITLE_LIMIT', 30);
-define('PAGE_NAME_LIMIT', 30);
-define('PAGE_BODY_LIMIT', 65535); // maximum page body length
+const PAGE_TITLE_LIMIT = 30;
+const PAGE_NAME_LIMIT = 30;
+const PAGE_BODY_LIMIT = 65535; // maximum page body length
 
-if (!empty($action)) {
-	if ($action == 'delete' || $action == 'edit' || $action == 'hide')
-		$id = $_REQUEST['id'];
-
-	if (isset($_REQUEST['name']))
-		$name = $_REQUEST['name'];
-
-	if (isset($_REQUEST['title']))
-		$p_title = $_REQUEST['title'];
-
-	$php = isset($_REQUEST['php']) && $_REQUEST['php'] == 1;
-	$enable_tinymce = isset($_REQUEST['enable_tinymce']) && $_REQUEST['enable_tinymce'] == 1;
-	if ($php)
-		$body = $_REQUEST['body'];
-	else if (isset($_REQUEST['body'])) {
-		//$body = $_REQUEST['body'];
-		$body = html_entity_decode(stripslashes($_REQUEST['body']));
+if (!empty($action) && isRequestMethod('post')) {
+	if ($action == 'delete' || $action == 'edit' || $action == 'hide') {
+		$id = $_POST['id'];
 	}
 
-	if (isset($_REQUEST['access']))
-		$access = $_REQUEST['access'];
+	if (isset($_POST['name'])) {
+		$name = $_POST['name'];
+	}
+
+	if (isset($_POST['title'])) {
+		$p_title = $_POST['title'];
+	}
+
+	$php = isset($_POST['php']) && $_POST['php'] == 1;
+	$enable_tinymce = (isset($_POST['enable_tinymce']) && $_POST['enable_tinymce'] == 1) ?: $enable_tinymce;
+	if ($php) {
+		$body = $_POST['body'];
+	}
+	else if (isset($_POST['body'])) {
+		//$body = $_POST['body'];
+		$body = html_entity_decode(stripslashes($_POST['body']));
+	}
+
+	if (isset($_POST['access'])) {
+		$access = $_POST['access'];
+	}
 
 	$errors = array();
 	$player_id = 1;
@@ -67,7 +78,7 @@ if (!empty($action)) {
 		if (Pages::delete($id, $errors))
 			success('Page with id ' . $id . ' has been deleted');
 	} else if ($action == 'edit') {
-		if (isset($id) && !isset($_REQUEST['name'])) {
+		if (isset($id) && !isset($_POST['name'])) {
 			$_page = Pages::get($id);
 			$name = $_page['name'];
 			$p_title = $_page['title'];
@@ -86,29 +97,26 @@ if (!empty($action)) {
 			}
 		}
 	} else if ($action == 'hide') {
-		Pages::toggleHidden($id, $errors, $status);
-		success(($status == 1 ? 'Show' : 'Hide') . ' successful.');
+		if (Pages::toggleHide($id, $errors, $status)) {
+			success(($status == 0 ? 'Show' : 'Hide') . ' successful.');
+		}
 	}
 
 	if (!empty($errors))
 		error(implode(", ", $errors));
 }
 
-$query =
-	$db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'pages'));
+$pages = ModelsPages::all()->map(function ($e) {
+	return [
+		'link' => getFullLink($e->name, $e->name, true),
+		'title' => substr($e->title, 0, 20),
+		'php' => $e->php == '1',
+		'id' => $e->id,
+		'hide' => $e->hide
+	];
+})->toArray();
 
-$pages = array();
-foreach ($query as $_page) {
-	$pages[] = array(
-		'link' => getFullLink($_page['name'], $_page['name'], true),
-		'title' => substr($_page['title'], 0, 20),
-		'php' => $_page['php'] == '1',
-		'id' => $_page['id'],
-		'hidden' => $_page['hidden']
-	);
-}
-
-$twig->display('admin.pages.form.html.twig', array(
+$twig->display('admin.pages.form.html.twig', [
 	'action' => $action,
 	'id' => $action == 'edit' ? $id : null,
 	'name' => $name,
@@ -118,143 +126,8 @@ $twig->display('admin.pages.form.html.twig', array(
 	'body' => isset($body) ? escapeHtml($body) : '',
 	'groups' => $groups->getGroups(),
 	'access' => $access
-));
+]);
 
-$twig->display('admin.pages.html.twig', array(
+$twig->display('admin.pages.html.twig', [
 	'pages' => $pages
-));
-
-class Pages
-{
-	static public function verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
-	{
-		if(!isset($title[0]) || !isset($body[0])) {
-			$errors[] = 'Please fill all inputs.';
-			return false;
-		}
-		if(strlen($name) > PAGE_NAME_LIMIT) {
-			$errors[] = 'Page name cannot be longer than ' . PAGE_NAME_LIMIT . ' characters.';
-			return false;
-		}
-		if(strlen($title) > PAGE_TITLE_LIMIT) {
-			$errors[] = 'Page title cannot be longer than ' . PAGE_TITLE_LIMIT . ' characters.';
-			return false;
-		}
-		if(strlen($body) > PAGE_BODY_LIMIT) {
-			$errors[] = 'Page content cannot be longer than ' . PAGE_BODY_LIMIT . ' characters.';
-			return false;
-		}
-		if(!isset($player_id) || $player_id == 0) {
-			$errors[] = 'Player ID is wrong.';
-			return false;
-		}
-		if(!isset($php) || ($php != 0 && $php != 1)) {
-			$errors[] = 'Enable PHP is wrong.';
-			return false;
-		}
-		if ($php == 1 && !getBoolean(setting('core.admin_pages_php_enable'))) {
-			$errors[] = 'PHP pages disabled on this server. To enable go to Settings in Admin Panel and enable <strong>Enable PHP Pages</strong>.';
-			return false;
-		}
-		if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) {
-			$errors[] = 'Enable TinyMCE is wrong.';
-			return false;
-		}
-		if(!isset($access) || $access < 0 || $access > PHP_INT_MAX) {
-			$errors[] = 'Access is wrong.';
-			return false;
-		}
-
-		return true;
-	}
-
-	static public function get($id)
-	{
-		global $db;
-		$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
-		if ($query !== false)
-			return $query;
-
-		return false;
-	}
-
-	static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
-	{
-		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
-			return false;
-		}
-
-		global $db;
-		$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name));
-		if ($query === false)
-			$db->insert(TABLE_PREFIX . 'pages',
-				array(
-					'name' => $name,
-					'title' => $title,
-					'body' => $body,
-					'player_id' => $player_id,
-					'php' => $php ? '1' : '0',
-					'enable_tinymce' => $enable_tinymce ? '1' : '0',
-					'access' => $access
-				)
-			);
-		else
-			$errors[] = 'Page with this link already exists.';
-
-		return !count($errors);
-	}
-
-	static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
-	{
-		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
-			return false;
-		}
-
-		global $db;
-		$db->update(TABLE_PREFIX . 'pages',
-			array(
-				'name' => $name,
-				'title' => $title,
-				'body' => $body,
-				'player_id' => $player_id,
-				'php' => $php ? '1' : '0',
-				'enable_tinymce' => $enable_tinymce ? '1' : '0',
-				'access' => $access
-			),
-			array('id' => $id));
-
-		return true;
-	}
-
-	static public function delete($id, &$errors)
-	{
-		global $db;
-		if (isset($id)) {
-			if ($db->select(TABLE_PREFIX . 'pages', array('id' => $id)) !== false)
-				$db->delete(TABLE_PREFIX . 'pages', array('id' => $id));
-			else
-				$errors[] = 'Page with id ' . $id . ' does not exists.';
-		} else
-			$errors[] = 'id not set';
-
-		return !count($errors);
-	}
-
-	static public function toggleHidden($id, &$errors, &$status)
-	{
-		global $db;
-		if (isset($id)) {
-			$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
-			if ($query !== false) {
-				$db->update(TABLE_PREFIX . 'pages', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
-				$status = $query['hidden'];
-			}
-			else {
-				$errors[] = 'Page with id ' . $id . ' does not exists.';
-			}
-		} else
-			$errors[] = 'id not set';
-
-		return !count($errors);
-	}
-}
+]);

admin/pages/players.php

@@ -7,13 +7,19 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Forum;
+use MyAAC\Models\Player;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
 $title = 'Player editor';
+
+csrfProtect();
+
 $player_base = ADMIN_URL . '?p=players';
 
 $use_datatable = true;
-require_once LIBS . 'forum.php';
 
 $skills = array(
 	POT::SKILL_FIST => array('Fist fighting', 'fist'),
@@ -72,7 +78,7 @@ else if (isset($_REQUEST['search'])) {
 		$player = new OTS_Player();
 		$player->load($id);
 
-		if (isset($player) && $player->isLoaded() && isset($_POST['save'])) {// we want to save
+		if ($player->isLoaded() && isset($_POST['save'])) {// we want to save
 			$error = false;
 
 			if ($player->isOnline())
@@ -207,7 +213,7 @@ else if (isset($_REQUEST['search'])) {
 			}
 
 			$deleted = (isset($_POST['deleted']) && $_POST['deleted'] == 'true');
-			$hidden = (isset($_POST['hidden']) && $_POST['hidden'] == 'true');
+			$hide = (isset($_POST['hide']) && $_POST['hide'] == 'true');
 
 			$created = strtotime($_POST['created']);
 			verify_number($created, 'Created', 11);
@@ -284,7 +290,7 @@ else if (isset($_REQUEST['search'])) {
 					$player->setCustomField('deletion', $deleted ? '1' : '0');
 				else
 					$player->setCustomField('deleted', $deleted ? '1' : '0');
-				$player->setCustomField('hidden', $hidden ? '1' : '0');
+				$player->setCustomField('hide', $hide ? '1' : '0');
 				$player->setCustomField('created', $created);
 				if (isset($comment))
 					$player->setCustomField('comment', $comment);
@@ -369,7 +375,8 @@ else if (isset($_REQUEST['search'])) {
 						</li>
 					</ul>
 				</div>
-				<form action="<?php echo $player_base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post">
+				<form action="<?php echo $player_base . ($id > 0 ? '&id=' . $id : ''); ?>" method="post">
+					<?php csrf(); ?>
 					<div class="card-body">
 						<div class="tab-content" id="tabs-tabContent">
 							<div class="tab-pane fade active show" id="tabs-home">
@@ -387,8 +394,8 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="group">Group:</label>
 										<select name="group" id="group" class="form-control custom-select">
-											<?php foreach ($groups->getGroups() as $id => $group): ?>
-												<option value="<?php echo $id; ?>" <?php echo($player->getGroup()->getId() == $id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
+											<?php foreach ($groups->getGroups() as $_id => $group): ?>
+												<option value="<?php echo $_id; ?>" <?php echo($player->getGroup()->getId() == $_id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -396,8 +403,8 @@ else if (isset($_REQUEST['search'])) {
 										<label for="vocation">Vocation</label>
 										<select name="vocation" id="vocation" class="form-control custom-select">
 											<?php
-											foreach ($config['vocations'] as $id => $name) {
-												echo '<option value=' . $id . ($id == $player->getVocation() ? ' selected' : '') . '>' . $name . '</option>';
+											foreach ($config['vocations'] as $_id => $name) {
+												echo '<option value=' . $_id . ($_id == $player->getVocation() ? ' selected' : '') . '>' . $name . '</option>';
 											}
 											?>
 										</select>
@@ -407,8 +414,8 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="sex">Sex:</label>
 										<select name="sex" id="sex" class="form-control custom-select">>
-											<?php foreach ($config['genders'] as $id => $sex): ?>
-												<option value="<?php echo $id; ?>" <?php echo($player->getSex() == $id ? 'selected' : ''); ?>><?php echo strtolower($sex); ?></option>
+											<?php foreach ($config['genders'] as $_id => $sex): ?>
+												<option value="<?php echo $_id; ?>" <?php echo($player->getSex() == $_id ? 'selected' : ''); ?>><?php echo strtolower($sex); ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -421,8 +428,8 @@ else if (isset($_REQUEST['search'])) {
 												$configTowns[$player->getTownId()] = 'Unknown Town';
 											}
 
-											foreach ($configTowns as $id => $town): ?>
-												<option value="<?php echo $id; ?>" <?php echo($player->getTownId() == $id ? 'selected' : ''); ?>><?php echo $town; ?></option>
+											foreach ($configTowns as $_id => $town): ?>
+												<option value="<?php echo $_id; ?>" <?php echo($player->getTownId() == $_id ? 'selected' : ''); ?>><?php echo $town; ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -433,8 +440,8 @@ else if (isset($_REQUEST['search'])) {
 										<select name="skull" id="skull" class="form-control custom-select">
 											<?php
 
-											foreach ($skull_type as $id => $s_name) {
-												echo '<option value=' . $id . ($id == $player->getSkull() ? ' selected' : '') . '>' . $s_name . '</option>';
+											foreach ($skull_type as $_id => $s_name) {
+												echo '<option value=' . $_id . ($_id == $player->getSkull() ? ' selected' : '') . '>' . $s_name . '</option>';
 											}
 											?>
 										</select>
@@ -478,8 +485,8 @@ else if (isset($_REQUEST['search'])) {
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<div class="custom-control custom-switch custom-switch-on-success">
-											<input type="checkbox" class="custom-control-input" name="hidden" id="hidden" value="true" <?php echo($player->isHidden() ? ' checked' : ''); ?>>
-											<label class="custom-control-label" for="hidden">Hidden</label>
+											<input type="checkbox" class="custom-control-input" name="hide" id="hide" value="true" <?php echo($player->isHidden() ? ' checked' : ''); ?>>
+											<label class="custom-control-label" for="hide">Hidden</label>
 										</div>
 									</div>
 								</div>
@@ -551,22 +558,22 @@ else if (isset($_REQUEST['search'])) {
 							</div>
 							<div class="tab-pane fade" id="tabs-skills">
 								<?php
-								foreach ($skills as $id => $info) {
+								foreach ($skills as $_id => $info) {
 									?>
 									<div class="form-group row">
 										<div class="col-12 col-sm-12 col-lg-6">
-											<?php echo '<label for="skills[' . $id . ']" class="control-label">' . $info[0] . '</label>
-									<input type="text" class="form-control" id="skills[' . $id . ']" name="skills[' . $id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkill($id) . '"/>'; ?>
+											<?php echo '<label for="skills[' . $_id . ']" class="control-label">' . $info[0] . '</label>
+									<input type="text" class="form-control" id="skills[' . $_id . ']" name="skills[' . $_id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkill($_id) . '"/>'; ?>
 										</div>
 										<div class="col-12 col-sm-12 col-lg-6">
-											<?php echo '<label for="skills_tries[' . $id . ']" class="control-label">' . $info[0] . ' tries</label>
-									<input type="text" class="form-control" id="skills_tries[' . $id . ']" name="skills_tries[' . $id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkillTries($id) . '"/>'; ?>
+											<?php echo '<label for="skills_tries[' . $_id . ']" class="control-label">' . $info[0] . ' tries</label>
+									<input type="text" class="form-control" id="skills_tries[' . $_id . ']" name="skills_tries[' . $_id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkillTries($_id) . '"/>'; ?>
 										</div>
 									</div>
 								<?php } ?>
 							</div>
 							<div class="tab-pane fade" id="tabs-pos">
-								<?php $outfit = $config['outfit_images_url'] . '?id=' . $player->getLookType() . ($hasLookAddons ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet(); ?>
+								<?php $outfit = setting('core.outfit_images_url') . '?id=' . $player->getLookType() . ($hasLookAddons ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet(); ?>
 								<div id="imgchar" style="width:64px;height:64px;position:absolute; top:30px; right:30px">
 									<img id="player_outfit" style="margin-left:0;margin-top:0;width:64px;height:64px;" src="<?php echo $outfit; ?>" alt="player outfit"/>
 								</div>
@@ -619,7 +626,7 @@ else if (isset($_REQUEST['search'])) {
 										if ($outfitlist) { ?>
 											<select name="look_type" id="look_type" class="form-control custom-select">
 												<?php
-												foreach ($outfitlist as $id => $outfit) {
+												foreach ($outfitlist as $_id => $outfit) {
 													if ($outfit['enabled'] == 'yes') ;
 													echo '<option value=' . $outfit['id'] . ($outfit['id'] == $player->getLookType() ? ' selected' : '') . '>' . $outfit['name'] . ' - ' . ($outfit['type'] == 1 ? 'Male' : 'Female') . '</option>';
 												}
@@ -635,8 +642,8 @@ else if (isset($_REQUEST['search'])) {
 											<select name="look_addons" id="look_addons" class="form-control custom-select">
 												<?php
 												$addon_type = array("None", "First", "Second", "Both");
-												foreach ($addon_type as $id => $s_name) {
-													echo '<option value=' . $id . ($id == $player->getLookAddons() ? ' selected' : '') . '>' . $s_name . '</option>';
+												foreach ($addon_type as $_id => $s_name) {
+													echo '<option value=' . $_id . ($_id == $player->getLookAddons() ? ' selected' : '') . '>' . $s_name . '</option>';
 												}
 												?>
 											</select>
@@ -701,7 +708,7 @@ else if (isset($_REQUEST['search'])) {
 								<div class="form-group row">
 									<div class="col-12">
 										<label for="comment" class="control-label">Comment:</label>
-										<textarea class="form-control" name="comment" rows="10" cols="50" wrap="virtual"><?php echo $player->getCustomField("comment"); ?></textarea>
+										<textarea class="form-control" id="comment" name="comment" rows="10" cols="50" wrap="virtual"><?php echo $player->getCustomField("comment"); ?></textarea>
 										<small>[max. length: 2000 chars, 50 lines (ENTERs)]</small>
 									</div>
 								</div>
@@ -744,8 +751,7 @@ else if (isset($_REQUEST['search'])) {
 								<div class="row">
 									<?php
 									if (isset($account) && $account->isLoaded()) {
-										$account_players = $account->getPlayersList();
-										$account_players->orderBy('id');
+										$account_players = Player::where('account_id', $account->getId())->orderBy('id')->get();
 										if (isset($account_players)) { ?>
 											<table class="table table-striped table-condensed table-responsive d-md-table">
 												<thead>
@@ -758,23 +764,13 @@ else if (isset($_REQUEST['search'])) {
 												</tr>
 												</thead>
 												<tbody>
-												<?php foreach ($account_players as $i => $player):
-													$player_vocation = $player->getVocation();
-													$player_promotion = $player->getPromotion();
-													if (isset($player_promotion)) {
-														if ((int)$player_promotion > 0)
-															$player_vocation += ($player_promotion * $config['vocations_amount']);
-													}
-
-													if (isset($config['vocations'][$player_vocation])) {
-														$vocation_name = $config['vocations'][$player_vocation];
-													} ?>
+												<?php foreach ($account_players as $i => $player): ?>
 													<tr>
-														<th><?php echo $i; ?></th>
-														<td><?php echo $player->getName(); ?></td>
-														<td><?php echo $player->getLevel(); ?></td>
-														<td><?php echo $vocation_name; ?></td>
-														<td><a href="?p=players&id=<?php echo $player->getId() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
+														<th><?php echo $i + 1; ?></th>
+														<td><?php echo $player->name; ?></td>
+														<td><?php echo $player->level; ?></td>
+														<td><?php echo $player->vocation_name; ?></td>
+														<td><a href="?p=players&id=<?php echo $player->getKey() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
 													</tr>
 												<?php endforeach ?>
 												</tbody>
@@ -849,7 +845,7 @@ else if (isset($_REQUEST['search'])) {
 
 				<?php if($hasLookAddons): ?>
 				const $addonvalue = $('#look_addons');
-				$('#look_addons').on('change', () => {
+				$addonvalue.on('change', () => {
 					updateOutfit();
 				});
 				<?php endif; ?>
@@ -866,7 +862,7 @@ else if (isset($_REQUEST['search'])) {
 				<?php if($hasLookAddons): ?>
 				look_addons = '&addons=' + $('#look_addons').val();
 				<?php endif; ?>
-				$("#player_outfit").attr("src", '<?= $config['outfit_images_url']; ?>?id=' + look_type + look_addons + '&head=' + look_head + '&body=' + look_body + '&legs=' + look_legs + '&feet=' + look_feet);
+				$("#player_outfit").attr("src", '<?= setting('core.outfit_images_url'); ?>?id=' + look_type + look_addons + '&head=' + look_head + '&body=' + look_body + '&legs=' + look_legs + '&feet=' + look_feet);
 			}
 		</script>
 	<?php } ?>
@@ -878,18 +874,20 @@ else if (isset($_REQUEST['search'])) {
 			<div class="card-body row">
 				<div class="col-6 col-lg-12">
 					<form action="<?php echo $player_base; ?>" method="post">
-						<label for="name">Player Name:</label>
+						<?php csrf(); ?>
+						<label for="search">Player Name:</label>
 						<div class="input-group input-group-sm">
-							<input type="text" class="form-control" name="search" value="<?php echo $search_player; ?>" maxlength="32" size="32">
+							<input type="text" class="form-control" id="search" name="search" value="<?= escapeHtml($search_player); ?>" maxlength="32" size="32">
 							<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 						</div>
 					</form>
 				</div>
 				<div class="col-6 col-lg-12">
 					<form action="<?php echo $player_base; ?>" method="post">
-						<label for="name">Player ID:</label>
+						<?php csrf(); ?>
+						<label for="id">Player ID:</label>
 						<div class="input-group input-group-sm">
-							<input type="text" class="form-control" name="id" value="" maxlength="32" size="32">
+							<input type="text" class="form-control" id="id" name="id" value="<?= $id; ?>" maxlength="32" size="32">
 							<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 						</div>
 					</form>
@@ -900,7 +898,7 @@ else if (isset($_REQUEST['search'])) {
 </div>
 
 <script>
-	$(document).ready(function () {
+	$(function () {
 		$('.player_datatable').DataTable({
 			"order": [[0, "asc"]]
 		});

admin/pages/plugins.php

@@ -7,11 +7,15 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Plugins;
+
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Plugin manager';
-$use_datatable = true;
 
-require_once LIBS . 'plugins.php';
+csrfProtect();
+
+$use_datatable = true;
 
 if (!getBoolean(setting('core.admin_plugins_manage_enable'))) {
 	warning('Plugin installation and management is disabled in Settings.<br/>If you wish to enable, go to Settings and enable <strong>Enable Plugins Manage</strong>.');
@@ -19,23 +23,23 @@ if (!getBoolean(setting('core.admin_plugins_manage_enable'))) {
 else {
 	$twig->display('admin.plugins.form.html.twig');
 
-	if (isset($_REQUEST['uninstall'])) {
-		$uninstall = $_REQUEST['uninstall'];
+	if (isset($_POST['uninstall'])) {
+		$uninstall = $_POST['uninstall'];
 
 		if (Plugins::uninstall($uninstall)) {
 			success('Successfully uninstalled plugin ' . $uninstall);
 		} else {
 			error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
 		}
-	} else if (isset($_REQUEST['enable'])) {
-		$enable = $_REQUEST['enable'];
+	} else if (isset($_POST['enable'])) {
+		$enable = $_POST['enable'];
 		if (Plugins::enable($enable)) {
 			success('Successfully enabled plugin ' . $enable);
 		} else {
 			error('Error while enabling plugin ' . $enable . ': ' . Plugins::getError());
 		}
-	} else if (isset($_REQUEST['disable'])) {
-		$disable = $_REQUEST['disable'];
+	} else if (isset($_POST['disable'])) {
+		$disable = $_POST['disable'];
 		if (Plugins::disable($disable)) {
 			success('Successfully disabled plugin ' . $disable);
 		} else {
@@ -116,7 +120,7 @@ foreach (get_plugins(true) as $plugin) {
 	if (!$plugin_info) {
 		warning('Cannot load plugin info ' . $plugin . '.json');
 	} else {
-		$disabled = (strpos($plugin, 'disabled.') !== false);
+		$disabled = (str_contains($plugin, 'disabled.'));
 		$pluginOriginal = ($disabled ? str_replace('disabled.', '', $plugin) : $plugin);
 		$plugins[] = array(
 			'name' => $plugin_info['name'] ?? '',

admin/pages/settings.php

@@ -7,6 +7,10 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Plugins;
+use MyAAC\Settings;
+
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Settings';
 

admin/pages/statistics.php

@@ -7,26 +7,25 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Models\Account;
+use MyAAC\Models\Guild;
+use MyAAC\Models\House;
+use MyAAC\Models\Player;
+
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Statistics';
 
-$query = $db->query('SELECT count(*) as `how_much` FROM `accounts`;');
-$query = $query->fetch();
-$total_accounts = $query['how_much'];
+$total_accounts = Account::count();
+$total_players = Player::count();
+$total_guilds = Guild::count();
+$total_houses = House::count();
 
-$query = $db->query('SELECT count(*) as `how_much` FROM `players`;');
-$query = $query->fetch();
-$total_players = $query['how_much'];
-
-$query = $db->query('SELECT count(*) as `how_much` FROM `guilds`;');
-$query = $query->fetch();
-$total_guilds = $query['how_much'];
-
-$query = $db->query('SELECT count(*) as `how_much` FROM `houses`;');
-$query = $query->fetch();
-$total_houses = $query['how_much'];
-
-$points = $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;');
+$points = Account::select(['premium_points', (USE_ACCOUNT_NAME ? 'name' : 'id')])
+	->orderByDesc('premium_points')
+	->limit(10)
+	->get()
+	->toArray();
 
 $twig->display('admin.statistics.html.twig', array(
 	'total_accounts' => $total_accounts,

admin/pages/visitors.php

@@ -12,6 +12,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 use DeviceDetector\DeviceDetector;
 use DeviceDetector\Parser\Client\Browser;
 use DeviceDetector\Parser\OperatingSystem;
+use MyAAC\Visitors;
 
 $title = 'Visitors';
 $use_datatable = true;
@@ -24,7 +25,6 @@ if (!setting('core.visitors_counter')): ?>
 	return;
 endif;
 
-require SYSTEM . 'libs/visitors.php';
 $visitors = new Visitors(setting('core.visitors_counter_ttl'));
 
 function compare($a, $b): int {

admin/template/menus.php

@@ -1,6 +1,6 @@
 <?php
 
-return [
+$menus = [
 	['name' => 'Dashboard', 'icon' => 'tachometer-alt', 'order' => 10, 'link' => 'dashboard'],
 	['name' => 'Settings', 'icon' => 'edit', 'order' => 19, 'link' =>
 		require ADMIN . 'includes/settings_menus.php'

admin/template/style.css

@@ -8,3 +8,8 @@
 .sidebar-mini.sidebar-collapse .menu-text {
 	display: none;
 }
+
+.myaac-table tbody tr:nth-child(even) {background: #FFF} /* light border */
+.myaac-table tbody tr:nth-child(odd) {background: #CCC} /* dark border */
+.myaac-table thead td {background: #000000; color: #ffffff !important;} /* vdark border */
+.myaac-table tfoot td {background: #000000; color: #ffffff !important;} /* vdark border */

admin/template/template.php

@@ -6,7 +6,7 @@
 	<?php echo template_header(true); ?>
 	<title><?php echo (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];?></title>
 	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
-	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/adminlte.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/ext/admin-lte/css/adminlte.min.css">
 	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/font-awesome.min.css">
 	<?php if (isset($use_datatable)) { ?>
 	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/datatables.bs.min.css">
@@ -191,13 +191,13 @@ if ($logged && admin()) {
 	]);
 }
 ?>
-<script src="<?php echo BASE_URL; ?>tools/js/bootstrap.min.js"></script>
-<script src="<?php echo BASE_URL; ?>tools/js/jquery-ui.min.js"></script>
+<script src="<?php echo BASE_URL; ?>tools/ext/bootstrap/js/bootstrap.min.js"></script>
+<script src="<?php echo BASE_URL; ?>tools/ext/jquery-ui/jquery-ui.min.js"></script>
 <?php if (isset($use_datatable))  { ?>
 <script src="<?php echo BASE_URL; ?>tools/js/datatables.min.js"></script>
 <script src="<?php echo BASE_URL; ?>tools/js/datatables.bs.min.js"></script>
 <?php } ?>
-<script src="<?php echo BASE_URL; ?>tools/js/adminlte.min.js"></script>
+<script src="<?php echo BASE_URL; ?>tools/ext/admin-lte/js/adminlte.min.js"></script>
 <?php $hooks->trigger(HOOK_ADMIN_BODY_END); ?>
 </body>
 </html>

admin/tools/reload_data.php

@@ -22,7 +22,10 @@
  * @copyright 2020 MyAAC
  * @link      https://my-aac.org
  */
-define('MYAAC_ADMIN', true);
+
+use MyAAC\DataLoader;
+
+const MYAAC_ADMIN = true;
 
 require '../../common.php';
 require SYSTEM . 'functions.php';
@@ -34,11 +37,9 @@ if (!admin())
 
 ini_set('max_execution_time', 300);
 ob_implicit_flush();
-ob_end_flush();
+@ob_end_flush();
 header('X-Accel-Buffering: no');
 
-require LIBS . 'DataLoader.php';
-
 require LOCALE . 'en/main.php';
 require LOCALE . 'en/install.php';
 

admin/tools/settings_save.php

@@ -1,4 +1,8 @@
 <?php
+
+use MyAAC\Hooks;
+use MyAAC\Settings;
+
 const MYAAC_ADMIN = true;
 
 require '../../common.php';
@@ -11,6 +15,8 @@ if(!admin()) {
 	die('Access denied.');
 }
 
+csrfProtect();
+
 if (!isset($_REQUEST['plugin'])) {
 	http_response_code(500);
 	die('Please enter plugin name.');
@@ -23,7 +29,7 @@ if (!isset($_POST['settings'])) {
 
 $settings = Settings::getInstance();
 
-$settings->save($_REQUEST['plugin'], $_POST['settings']);
+$success = $settings->save($_REQUEST['plugin'], $_POST['settings']);
 
 $errors = $settings->getErrors();
 if (count($errors) > 0) {
@@ -31,4 +37,6 @@ if (count($errors) > 0) {
 	die(implode('<br/>', $errors));
 }
 
-echo 'Saved at ' . date('H:i');
+if ($success) {
+	echo 'Saved at ' . date('H:i');
+}

common.php

@@ -23,11 +23,11 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
-if (version_compare(phpversion(), '7.2.5', '<')) die('PHP version 7.2.5 or higher is required.');
+if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
 
 const MYAAC = true;
-const MYAAC_VERSION = '0.10.0-dev';
-const DATABASE_VERSION = 36;
+const MYAAC_VERSION = '1.0-beta';
+const DATABASE_VERSION = 40;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
@@ -108,6 +108,13 @@ const TFS_FIRST = TFS_02;
 const TFS_LAST = TFS_03;
 
 // other definitions
+const MAIL_MAIL = 0;
+const MAIL_SMTP = 1;
+
+const SMTP_SECURITY_NONE = 0;
+const SMTP_SECURITY_SSL = 1;
+const SMTP_SECURITY_TLS = 2;
+
 const ACCOUNT_NUMBER_LENGTH = 8;
 
 if (!IS_CLI) {
@@ -136,7 +143,7 @@ if(!IS_CLI) {
 		}
 	}
 
-	define('SERVER_URL', 'http' . (isset($_SERVER['HTTPS'][0]) && strtolower($_SERVER['HTTPS']) === 'on' ? 's' : '') . '://' . $baseHost);
+	define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
 	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
 	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
 
@@ -147,6 +154,7 @@ if (file_exists(BASE . 'config.local.php')) {
 	require BASE . 'config.local.php';
 }
 
+/** @var array $config */
 ini_set('log_errors', 1);
 if(@$config['env'] === 'dev') {
 	ini_set('display_errors', 1);
@@ -165,3 +173,11 @@ if (!is_file($autoloadFile)) {
 }
 
 require $autoloadFile;
+
+function isHttps(): bool
+{
+	return
+		(!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https')
+		|| (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
+		|| (isset($_SERVER['SERVER_PORT']) && (int) $_SERVER['SERVER_PORT'] === 443);
+}

composer.json

@@ -1,6 +1,6 @@
 {
     "require": {
-        "php": "^7.2.5 || ^8.0",
+        "php": "^8.0",
         "ext-pdo": "*",
         "ext-pdo_mysql": "*",
         "ext-json": "*",
@@ -11,9 +11,21 @@
         "twig/twig": "^2.0",
         "erusev/parsedown": "^1.7",
         "nikic/fast-route": "^1.3",
-        "matomo/device-detector": "^6.0"
+        "matomo/device-detector": "^6.0",
+        "illuminate/database": "^10.18",
+        "peppeocchi/php-cron-scheduler": "4.*",
+        "symfony/console": "^6.4",
+        "symfony/string": "^6.4"
     },
     "require-dev": {
-        "filp/whoops": "^2.15"
+        "filp/whoops": "^2.15",
+        "maximebf/debugbar": "dev-master",
+        "phpstan/phpstan": "^1.10"
+    },
+    "autoload": {
+        "psr-4": {
+            "MyAAC\\": "system/src"
+        },
+        "files": ["system/src/global.php"]
     }
 }

cypress/e2e/1-install.cy.js

@@ -38,7 +38,6 @@ describe('Install MyAAC', () => {
 		cy.contains('Basic configuration');
 
 		cy.get('#vars_server_path').click().clear().type(Cypress.env('SERVER_PATH'))
-		cy.get('#vars_mail_admin').click().clear().type('noone@example.net')
 
 		cy.get('[type="checkbox"]').uncheck() // usage statistics uncheck
 
@@ -70,6 +69,8 @@ describe('Install MyAAC', () => {
 
 		cy.contains('[class="alert alert-success"]', 'Congratulations', { timeout: 30000 }).should('be.visible')
 
+		cy.wait(2000);
+
 		cy.screenshot('install-finish')
 	})
 })

cypress/e2e/2-create-account.cy.js

@@ -14,7 +14,7 @@ describe('Create Account Page', () => {
 		cy.get('#email').type('tester@example.com')
 
 		cy.get('#password').type('test1234')
-		cy.get('#password2').type('test1234')
+		cy.get('#password_confirm').type('test1234')
 
 		cy.get('#character_name').type('Slaw')
 

cypress/e2e/3-check-public-pages.cy.js

@@ -0,0 +1,174 @@
+describe('Check Public Pages', () => {
+
+	/// news
+	it('Go to news page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/news',
+			method: 'GET',
+		})
+	})
+
+	it('Go to news archive page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/news/archive',
+			method: 'GET',
+		})
+	})
+
+	it('Go to changelog page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/changelog',
+			method: 'GET',
+		})
+	})
+
+	/// account management
+	it('Go to account manage page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/manage',
+			method: 'GET',
+		})
+	})
+
+	it('Go to account create page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/create',
+			method: 'GET',
+		})
+	})
+
+	it('Go to account lost page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/lost',
+			method: 'GET',
+		})
+	})
+
+	it('Go to rules page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/rules',
+			method: 'GET',
+		})
+	})
+
+	// community
+	it('Go to online page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/online',
+			method: 'GET',
+		})
+	})
+
+	it('Go to characters list page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/characters',
+			method: 'GET',
+		})
+	})
+
+	it('Go to guilds page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/guilds',
+			method: 'GET',
+		})
+	})
+
+	it('Go to highscores page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/highscores',
+			method: 'GET',
+		})
+	})
+
+	it('Go to last kills page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/last-kills',
+			method: 'GET',
+		})
+	})
+
+	it('Go to houses page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/houses',
+			method: 'GET',
+		})
+	})
+
+	it('Go to bans page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/bans',
+			method: 'GET',
+		})
+	})
+
+	it('Go to forum page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/forum',
+			method: 'GET',
+		})
+	})
+
+	it('Go to team page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/team',
+			method: 'GET',
+		})
+	})
+
+	// library
+	it('Go to creatures page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/creatures',
+			method: 'GET',
+		})
+	})
+
+	it('Go to spells page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/spells',
+			method: 'GET',
+		})
+	})
+
+	it('Go to server info page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/server-info',
+			method: 'GET',
+		})
+	})
+
+	it('Go to commands page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/commands',
+			method: 'GET',
+		})
+	})
+
+	it('Go to downloads page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/downloads',
+			method: 'GET',
+		})
+	})
+
+	it('Go to gallery page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/gallery',
+			method: 'GET',
+		})
+	})
+
+	it('Go to experience table page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/exp-table',
+			method: 'GET',
+		})
+	})
+
+	it('Go to faq page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/faq',
+			method: 'GET',
+		})
+	})
+})

cypress/e2e/4-check-protected-pages.cy.js

@@ -0,0 +1,81 @@
+const REQUIRED_LOGIN_MESSAGE = 'Please enter your account name and your password.';
+const YOU_ARE_NOT_LOGGEDIN = 'You are not logged in.';
+
+describe('Check Protected Pages', () => {
+
+	// character actions
+	it('Go to accouht character creation page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/character/create',
+			method: 'GET',
+		})
+		cy.contains(REQUIRED_LOGIN_MESSAGE)
+	})
+
+	it('Go to accouht character deletion page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/character/delete',
+			method: 'GET',
+		})
+		cy.contains(REQUIRED_LOGIN_MESSAGE)
+	})
+
+	// account actions
+	it('Go to accouht email change page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/email',
+			method: 'GET',
+		})
+		cy.contains(REQUIRED_LOGIN_MESSAGE)
+	})
+
+	it('Go to accouht password change page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/password',
+			method: 'GET',
+		})
+		cy.contains(REQUIRED_LOGIN_MESSAGE)
+	})
+
+	it('Go to accouht info change page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/info',
+			method: 'GET',
+		})
+		cy.contains(REQUIRED_LOGIN_MESSAGE)
+	})
+
+	it('Go to accouht logout change page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/account/logout',
+			method: 'GET',
+		})
+		cy.contains(REQUIRED_LOGIN_MESSAGE)
+	})
+
+	// guild actions
+	it('Go to guild creation page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/?subtopic=guilds&action=create',
+			method: 'GET',
+		})
+		cy.contains(YOU_ARE_NOT_LOGGEDIN)
+	})
+
+	it('Go to guilds cleanup players action page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/?subtopic=guilds&action=cleanup_players',
+			method: 'GET',
+		})
+		cy.contains(YOU_ARE_NOT_LOGGEDIN)
+	})
+
+	it('Go to guilds cleanup guilds action page', () => {
+		cy.visit({
+			url: Cypress.env('URL') + '/?subtopic=guilds&action=cleanup_guilds',
+			method: 'GET',
+		})
+		cy.contains(YOU_ARE_NOT_LOGGEDIN)
+	})
+
+})

index.php

@@ -24,6 +24,9 @@
  * @link      https://my-aac.org
  */
 
+use MyAAC\UsageStatistics;
+use MyAAC\Visitors;
+
 require_once 'common.php';
 require_once SYSTEM . 'functions.php';
 
@@ -59,22 +62,13 @@ if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|zip|rar|g
 if((!isset($config['installed']) || !$config['installed']) && file_exists(BASE . 'install'))
 {
 	header('Location: ' . BASE_URL . 'install/');
-	throw new RuntimeException('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
+	exit();
 }
 
 $template_place_holders = array();
 
 require_once SYSTEM . 'init.php';
 
-// verify myaac tables exists in database
-if(!$db->hasTable('myaac_account_actions')) {
-	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
-}
-
-// event system
-require_once SYSTEM . 'hooks.php';
-$hooks = new Hooks();
-$hooks->load();
 require_once SYSTEM . 'template.php';
 require_once SYSTEM . 'login.php';
 require_once SYSTEM . 'status.php';
@@ -82,53 +76,6 @@ require_once SYSTEM . 'status.php';
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
 
-require_once SYSTEM . 'router.php';
-
-$hooks->trigger(HOOK_STARTUP);
-
-// anonymous usage statistics
-// sent only when user agrees
-if(setting('core.anonymous_usage_statistics')) {
-	$report_time = 30 * 24 * 60 * 60; // report one time per 30 days
-	$should_report = true;
-
-	$value = '';
-	if($cache->enabled() && $cache->fetch('last_usage_report', $value)) {
-		$should_report = time() > (int)$value + $report_time;
-	}
-	else {
-		$value = '';
-		if(fetchDatabaseConfig('last_usage_report', $value)) {
-			$should_report = time() > (int)$value + $report_time;
-			if($cache->enabled()) {
-				$cache->set('last_usage_report', $value);
-			}
-		}
-		else {
-			registerDatabaseConfig('last_usage_report', time() - ($report_time - (7 * 24 * 60 * 60))); // first report after a week
-			$should_report = false;
-		}
-	}
-
-	if($should_report) {
-		require_once LIBS . 'usage_statistics.php';
-		Usage_Statistics::report();
-
-		updateDatabaseConfig('last_usage_report', time());
-		if($cache->enabled()) {
-			$cache->set('last_usage_report', time());
-		}
-	}
-}
-
-if(setting('core.views_counter'))
-	require_once SYSTEM . 'counter.php';
-
-if(setting('core.visitors_counter')) {
-	require_once SYSTEM . 'libs/visitors.php';
-	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
-}
-
 // backward support for gesior
 if(setting('core.backward_support')) {
 	define('INITIALIZED', true);
@@ -168,6 +115,51 @@ if(setting('core.backward_support')) {
 		$config['status']['serverStatus_' . $key] = $value;
 }
 
+require_once SYSTEM . 'router.php';
+
+$hooks->trigger(HOOK_STARTUP);
+
+// anonymous usage statistics
+// sent only when user agrees
+if(setting('core.anonymous_usage_statistics')) {
+	$report_time = 30 * 24 * 60 * 60; // report one time per 30 days
+	$should_report = true;
+
+	$value = '';
+	if($cache->enabled() && $cache->fetch('last_usage_report', $value)) {
+		$should_report = time() > (int)$value + $report_time;
+	}
+	else {
+		$value = '';
+		if(fetchDatabaseConfig('last_usage_report', $value)) {
+			$should_report = time() > (int)$value + $report_time;
+			if($cache->enabled()) {
+				$cache->set('last_usage_report', $value);
+			}
+		}
+		else {
+			registerDatabaseConfig('last_usage_report', time() - ($report_time - (7 * 24 * 60 * 60))); // first report after a week
+			$should_report = false;
+		}
+	}
+
+	if($should_report) {
+		UsageStatistics::report();
+
+		updateDatabaseConfig('last_usage_report', time());
+		if($cache->enabled()) {
+			$cache->set('last_usage_report', time());
+		}
+	}
+}
+
+if(setting('core.views_counter'))
+	require_once SYSTEM . 'counter.php';
+
+if(setting('core.visitors_counter')) {
+	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
+}
+
 /**
  * @var OTS_Account $account_logged
  */

install/includes/functions.php

@@ -17,7 +17,7 @@ function query($query)
 
 // define php version id if its not already
 if(!defined('PHP_VERSION_ID')) {
-	$version = explode('.', PHP_VERSION);
+	$version = array_map('intval', explode('.', PHP_VERSION));
 
 	define('PHP_VERSION_ID', ($version[0] * 10000 + $version[1] * 100 + $version[2]));
 }

install/includes/schema.sql

@@ -1,4 +1,4 @@
-SET @myaac_database_version = 36;
+SET @myaac_database_version = 40;
 
 CREATE TABLE `myaac_account_actions`
 (
@@ -44,11 +44,11 @@ CREATE TABLE `myaac_changelog`
 	`where` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - server, 2 - site',
 	`date` INT(11) NOT NULL DEFAULT 0,
 	`player_id` INT(11) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 
-INSERT INTO `myaac_changelog` (`id`, `type`, `where`, `date`, `body`, `hidden`) VALUES (1, 3, 2, UNIX_TIMESTAMP(), 'MyAAC installed. (:', 0);
+INSERT INTO `myaac_changelog` (`id`, `type`, `where`, `date`, `body`, `hide`) VALUES (1, 3, 2, UNIX_TIMESTAMP(), 'MyAAC installed. (:', 0);
 
 CREATE TABLE `myaac_config`
 (
@@ -67,7 +67,7 @@ CREATE TABLE `myaac_faq`
 	`question` VARCHAR(255) NOT NULL DEFAULT '',
 	`answer` VARCHAR(1020) NOT NULL DEFAULT '',
 	`ordering` INT(11) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 
@@ -80,7 +80,7 @@ CREATE TABLE `myaac_forum_boards`
 	`guild` INT(11) NOT NULL DEFAULT 0,
 	`access` INT(11) NOT NULL DEFAULT 0,
 	`closed` TINYINT(1) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`, `closed`) VALUES (NULL, 'News', 'News commenting', 0, 1);
@@ -127,78 +127,9 @@ CREATE TABLE `myaac_menu`
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 
-/* MENU_CATEGORY_NEWS kathrine */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Latest News', 'news', 1, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'News Archive', 'news/archive', 1, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Changelog', 'changelog', 1, 2);
-/* MENU_CATEGORY_ACCOUNT kathrine */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Account Management', 'account/manage', 2, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Create Account', 'account/create', 2, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Lost Account?', 'account/lost', 2, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Rules', 'rules', 2, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Downloads', 'downloads', 5, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Report Bug', 'bugtracker', 2, 5);
-/* MENU_CATEGORY_COMMUNITY kathrine */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Who is Online?', 'online', 3, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Characters', 'characters', 3, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Guilds', 'guilds', 3, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Highscores', 'highscores', 3, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Last Deaths', 'lastkills', 3, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Houses', 'houses', 3, 5);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Bans', 'bans', 3, 6);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Forum', 'forum', 3, 7);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Team', 'team', 3, 8);
-/* MENU_CATEGORY_LIBRARY kathrine */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Monsters', 'creatures', 5, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Spells', 'spells', 5, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Info', 'serverInfo', 5, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Commands', 'commands', 5, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Gallery', 'gallery', 5, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Experience Table', 'experienceTable', 5, 5);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'FAQ', 'faq', 5, 6);
-/* MENU_CATEGORY_SHOP kathrine */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Buy Points', 'points', 6, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop Offer', 'gifts', 6, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop History', 'gifts/history', 6, 2);
-/* MENU_CATEGORY_NEWS tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Latest News', 'news', 1, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'News Archive', 'news/archive', 1, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Changelog', 'changelog', 1, 2);
-/* MENU_CATEGORY_ACCOUNT tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Account Management', 'account/manage', 2, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Create Account', 'account/create', 2, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Lost Account?', 'account/lost', 2, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Rules', 'rules', 2, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Downloads', 'downloads', 2, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Report Bug', 'bugtracker', 2, 5);
-/* MENU_CATEGORY_COMMUNITY tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Characters', 'characters', 3, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Who Is Online?', 'online', 3, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Highscores', 'highscores', 3, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Last Kills', 'lastkills', 3, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Houses', 'houses', 3, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Guilds', 'guilds', 3, 5);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Polls', 'polls', 3, 6);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Bans', 'bans', 3, 7);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Support List', 'team', 3, 8);
-/* MENU_CATEGORY_FORUM tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Forum', 'forum', 4, 0);
-/* MENU_CATEGORY_LIBRARY tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Creatures', 'creatures', 5, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Spells', 'spells', 5, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Commands', 'commands', 5, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Exp Stages', 'experienceStages', 5, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Gallery', 'gallery', 5, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Info', 'serverInfo', 5, 5);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Experience Table', 'experienceTable', 5, 6);
-/* MENU_CATEGORY_SHOP tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Buy Points', 'points', 6, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop Offer', 'gifts', 6, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop History', 'gifts/history', 6, 2);
-
 CREATE TABLE `myaac_monsters` (
 	`id` int(11) NOT NULL AUTO_INCREMENT,
-	`hidden` tinyint(1) NOT NULL default 0,
+	`hide` tinyint(1) NOT NULL default 0,
 	`name` varchar(255) NOT NULL,
 	`mana` int(11) NOT NULL DEFAULT 0,
 	`exp` int(11) NOT NULL,
@@ -243,7 +174,7 @@ CREATE TABLE `myaac_news`
 	`comments` VARCHAR(50) NOT NULL DEFAULT '',
 	`article_text` VARCHAR(300) NOT NULL DEFAULT '',
 	`article_image` VARCHAR(100) NOT NULL DEFAULT '',
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 
@@ -253,7 +184,7 @@ CREATE TABLE `myaac_news_categories`
 	`name` VARCHAR(50) NOT NULL DEFAULT "",
 	`description` VARCHAR(50) NOT NULL DEFAULT "",
 	`icon_id` INT(2) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 
@@ -284,7 +215,7 @@ CREATE TABLE `myaac_pages`
 	`php` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '0 - plain html, 1 - php',
 	`enable_tinymce` TINYINT(1) NOT NULL DEFAULT 1 COMMENT '1 - enabled, 0 - disabled',
 	`access` TINYINT(2) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
@@ -297,7 +228,7 @@ CREATE TABLE `myaac_gallery`
 	`thumb` VARCHAR(255) NOT NULL,
 	`author` VARCHAR(50) NOT NULL DEFAULT '',
 	`ordering` INT(11) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 
@@ -331,7 +262,7 @@ CREATE TABLE `myaac_spells`
 	`item_id` INT(11) NOT NULL DEFAULT 0,
 	`premium` TINYINT(1) NOT NULL DEFAULT 0,
 	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;

install/index.php

@@ -12,7 +12,6 @@ require SYSTEM . 'functions.php';
 require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 require SYSTEM . 'clients.conf.php';
-require LIBS . 'settings.php';
 
 // ignore undefined index from Twig autoloader
 $config['env'] = 'prod';

install/steps/5-database.php

@@ -1,4 +1,7 @@
 <?php
+
+use MyAAC\Settings;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
 //ini_set('display_errors', false);
@@ -34,6 +37,8 @@ if(!$error) {
 		}
 	}
 
+	$configToSave['gzip_output'] = false;
+	$configToSave['cache_engine'] = 'auto';
 	$configToSave['cache_prefix'] = 'myaac_' . generateRandomString(8, true, false, true);
 
 	require BASE . 'install/includes/config.php';

install/steps/7-finish.php

@@ -1,4 +1,7 @@
 <?php
+
+use MyAAC\Settings;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
 ini_set('max_execution_time', 300);
@@ -110,8 +113,8 @@ else {
 
 		$query = $db->query("SELECT `id` FROM `" . TABLE_PREFIX ."news` WHERE `title` LIKE 'Hello!';");
 		if($query->rowCount() == 0) {
-			if(query("INSERT INTO `" . TABLE_PREFIX ."news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '1', UNIX_TIMESTAMP(), '2', 'Hello!', 'MyAAC is just READY to use!', " . $player_id . ", 'https://my-aac.org', '0');
-	INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '2', UNIX_TIMESTAMP(), '4', 'Hello tickets!', 'https://my-aac.org', " . $player_id . ", '', '0');")) {
+			if(query("INSERT INTO `" . TABLE_PREFIX ."news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hide`) VALUES (NULL, '1', UNIX_TIMESTAMP(), '2', 'Hello!', 'MyAAC is just READY to use!', " . $player_id . ", 'https://my-aac.org', '0');
+	INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hide`) VALUES (NULL, '2', UNIX_TIMESTAMP(), '4', 'Hello tickets!', 'https://my-aac.org', " . $player_id . ", '', '0');")) {
 				success($locale['step_database_created_news']);
 			}
 		}

install/template/template.php

@@ -6,7 +6,7 @@
 	<title>MyAAC - <?php echo $locale['installation']; ?></title>
 	<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-rbsA2VBKQhggwzxH7pPCaAqO46MgnOM80zW1RWuH61DGLwZJEdK2Kadq2F9CUG65" crossorigin="anonymous">
 	<link rel="stylesheet" type="text/css" href="template/style.css" />
-	<script type="text/javascript" src="<?php echo BASE_URL; ?>tools/js/jquery.min.js"></script>
+	<script type="text/javascript" src="<?php echo BASE_URL; ?>tools/ext/jquery/jquery.min.js"></script>
 </head>
 <body>
 

install/tools/5-database.php

@@ -11,8 +11,10 @@ $error = false;
 require BASE . 'install/includes/config.php';
 
 ini_set('max_execution_time', 300);
+
+@ob_end_flush();
 ob_implicit_flush();
-ob_end_flush();
+
 header('X-Accel-Buffering: no');
 
 if(!$error) {
@@ -178,17 +180,17 @@ if(!$db->hasColumn('players', 'deleted') && !$db->hasColumn('players', 'deletion
 }
 
 if($db->hasColumn('players', 'hide_char')) {
-	if(!$db->hasColumn('players', 'hidden')) {
-		if(query("ALTER TABLE `players` CHANGE `hide_char` `hidden` TINYINT(1) NOT NULL DEFAULT 0;")) {
+	if(!$db->hasColumn('players', 'hide')) {
+		if(query("ALTER TABLE `players` CHANGE `hide_char` `hide` TINYINT(1) NOT NULL DEFAULT 0;")) {
 			$tmp = str_replace('$FIELD$', 'players.hide_char', $locale['step_database_changing_field']);
-			$tmp = str_replace('$FIELD_NEW$', 'players.hidden', $tmp);
+			$tmp = str_replace('$FIELD_NEW$', 'players.hide', $tmp);
 			success($tmp);
 		}
 	}
 }
-else if(!$db->hasColumn('players', 'hidden')) {
-	if(query("ALTER TABLE `players` ADD `hidden` TINYINT(1) NOT NULL DEFAULT 0;"))
-		success($locale['step_database_adding_field'] . ' players.hidden...');
+else if(!$db->hasColumn('players', 'hide')) {
+	if(query("ALTER TABLE `players` ADD `hide` TINYINT(1) NOT NULL DEFAULT 0;"))
+		success($locale['step_database_adding_field'] . ' players.hide...');
 }
 
 if(!$db->hasColumn('players', 'comment')) {

install/tools/7-finish.php

@@ -1,6 +1,10 @@
 <?php
 define('MYAAC_INSTALL', true);
 
+use MyAAC\DataLoader;
+use MyAAC\Models\FAQ as ModelsFAQ;
+use MyAAC\Plugins;
+
 require_once '../../common.php';
 
 require SYSTEM . 'functions.php';
@@ -8,8 +12,10 @@ require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 
 ini_set('max_execution_time', 300);
+
+@ob_end_flush();
 ob_implicit_flush();
-ob_end_flush();
+
 header('X-Accel-Buffering: no');
 /*
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
@@ -29,7 +35,7 @@ function insert_sample_if_not_exist($p) {
 
 	$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote($p['name']));
 	if($query->rowCount() == 0) {
-		if(!query("INSERT INTO `players` (`id`, `name`, `group_id`, `account_id`, `level`, `vocation`, `health`, `healthmax`, `experience`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`, `maglevel`, `mana`, `manamax`, `manaspent`, `soul`, `town_id`, `posx`, `posy`, `posz`, `conditions`, `cap`, `sex`, `lastlogin`, `lastip`, `save`, `lastlogout`, `balance`, `$deleted`, `created`, `hidden`, `comment`) VALUES (null, " . $db->quote($p['name']) . ", 1, " . getSession('account') . ", " . $p['level'] . ", " . $p['vocation_id'] . ", " . $p['health'] . ", " . $p['healthmax'] . ", " . $p['experience'] . ", 118, 114, 38, 57, " . $p['looktype'] . ", 0, " . $p['mana'] . ", " . $p['manamax'] . ", 0, " . $p['soul'] . ", 1, 1000, 1000, 7, '', " . $p['cap'] . ", 1, " . $time . ", 2130706433, 1, " . $time . ", 0, 0, " . $time . ", 1, '');"))
+		if(!query("INSERT INTO `players` (`id`, `name`, `group_id`, `account_id`, `level`, `vocation`, `health`, `healthmax`, `experience`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`, `maglevel`, `mana`, `manamax`, `manaspent`, `soul`, `town_id`, `posx`, `posy`, `posz`, `conditions`, `cap`, `sex`, `lastlogin`, `lastip`, `save`, `lastlogout`, `balance`, `$deleted`, `created`, `hide`, `comment`) VALUES (null, " . $db->quote($p['name']) . ", 1, " . getSession('account') . ", " . $p['level'] . ", " . $p['vocation_id'] . ", " . $p['health'] . ", " . $p['healthmax'] . ", " . $p['experience'] . ", 118, 114, 38, 57, " . $p['looktype'] . ", 0, " . $p['mana'] . ", " . $p['manamax'] . ", 0, " . $p['soul'] . ", 1, 1000, 1000, 7, '', " . $p['cap'] . ", 1, " . $time . ", 2130706433, 1, " . $time . ", 0, 0, " . $time . ", 1, '');"))
 			$success = false;
 	}
 }
@@ -45,7 +51,9 @@ if($success) {
 	success($locale['step_database_imported_players']);
 }
 
-require LIBS . 'DataLoader.php';
+Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php');
+Plugins::installMenus('tibiacom', require TEMPLATES . 'tibiacom/menus.php');
+
 DataLoader::setLocale($locale);
 DataLoader::load();
 
@@ -59,6 +67,18 @@ require_once SYSTEM . 'migrations/22.php';
 require_once SYSTEM . 'migrations/27.php';
 require_once SYSTEM . 'migrations/30.php';
 
+// new monster columns
+require_once SYSTEM . 'migrations/31.php';
+
+if(ModelsFAQ::count() == 0) {
+	ModelsFAQ::create([
+		'question' => 'What is this?',
+		'answer' => 'This is website for OTS powered by MyAAC.',
+	]);
+}
+
+$db->setClearCacheAfter(true);
+
 $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_replace('tools/', '',ADMIN_URL), $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(str_replace('tools/', '', BASE_URL), $locale['step_finish_homepage'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$LINK$', generateLink('https://my-aac.org', 'https://my-aac.org', true), $locale['step_finish_desc']);

login.php

@@ -1,4 +1,10 @@
 <?php
+
+use MyAAC\Models\BoostedCreature;
+use MyAAC\Models\PlayerOnline;
+use MyAAC\Models\Account;
+use MyAAC\Models\Player;
+
 require_once 'common.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
@@ -43,9 +49,9 @@ $action = $request->type ?? '';
 
 switch ($action) {
 	case 'cacheinfo':
-		$playersonline = $db->query("select count(*) from `players_online`")->fetchAll();
+		$playersonline = PlayerOnline::count();
 		die(json_encode([
-			'playersonline' => (intval($playersonline[0][0])),
+			'playersonline' => $playersonline,
 			'twitchstreams' => 0,
 			'twitchviewer' => 0,
 			'gamingyoutubestreams' => 0,
@@ -79,13 +85,11 @@ switch ($action) {
 		die(json_encode(['eventlist' => $eventlist, 'lastupdatetimestamp' => time()]));
 
 	case 'boostedcreature':
-		$boostDB = $db->query("select * from " . $db->tableName('boosted_creature'))->fetchAll();
-		foreach ($boostDB as $Tableboost) {
+		$boostedCreature = BoostedCreature::latest();
 		die(json_encode([
 			'boostedcreature' => true,
-			'raceid' => intval($Tableboost['raceid'])
+			'raceid' => $boostedCreature->raceid
 		]));
-		}
 	break;
 
 	case 'login':
@@ -112,29 +116,32 @@ switch ($action) {
 		];
 
 		$characters = [];
-		$account = new OTS_Account();
 
 		$inputEmail = $request->email ?? false;
 		$inputAccountName = $request->accountname ?? false;
 		$inputToken = $request->token ?? false;
 
+		$account = Account::query();
 		if ($inputEmail != false) { // login by email
-			$account->findByEmail($request->email);
+			$account->where('email', $inputEmail);
 		}
 		else if($inputAccountName != false) { // login by account name
-			$account->find($inputAccountName);
+			$account->where('name', $inputAccountName);
 		}
 
-		$current_password = encrypt((USE_ACCOUNT_SALT ? $account->getCustomField('salt') : '') . $request->password);
-
-		if (!$account->isLoaded() || $account->getPassword() != $current_password) {
+		$account = $account->first();
+		if (!$account) {
+			sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');
+		}
+
+		$current_password = encrypt((USE_ACCOUNT_SALT ? $account->salt : '') . $request->password);
+		if (!$account || $account->password != $current_password) {
 			sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');
 		}
 
-		//log_append('test.log', var_export($account->getCustomField('secret'), true));
 		$accountHasSecret = false;
 		if (fieldExist('secret', 'accounts')) {
-			$accountSecret = $account->getCustomField('secret');
+			$accountSecret = $account->secret;
 			if ($accountSecret != null && $accountSecret != '') {
 				$accountHasSecret = true;
 				if ($inputToken === false) {
@@ -159,18 +166,9 @@ switch ($action) {
 			$columns .= ', istutorial';
 		}
 
-		$players = $db->query("select {$columns} from players where account_id = " . $account->getId() . " AND deletion = 0");
-		if($players && $players->rowCount() > 0) {
-			$players = $players->fetchAll();
-
-			$highestLevelId = 0;
-			$highestLevel = 0;
-			foreach ($players as $player) {
-				if ($player['level'] >= $highestLevel) {
-					$highestLevel = $player['level'];
-					$highestLevelId = $player['id'];
-				}
-			}
+		$players = Player::where('account_id', $account->id)->notDeleted()->selectRaw($columns)->get();
+		if($players && $players->count()) {
+			$highestLevelId = $players->sortByDesc('experience')->first()->getKey();
 
 			foreach ($players as $player) {
 				$characters[] = create_char($player, $highestLevelId);
@@ -180,15 +178,10 @@ switch ($action) {
 		if (fieldExist('premdays', 'accounts') && fieldExist('lastday', 'accounts')) {
 			$save = false;
 			$timeNow = time();
-			$query = $db->query("select `premdays`, `lastday` from `accounts` where `id` = " . $account->getId());
-			if ($query->rowCount() > 0) {
-				$query = $query->fetch();
-				$premDays = (int)$query['premdays'];
-				$lastDay = (int)$query['lastday'];
+			$premDays = $account->premdays;
+			$lastDay = $account->lastday;
 			$lastLogin = $lastDay;
-			} else {
-				sendError("Error while fetching your account data. Please contact admin.");
-			}
+
 			if ($premDays != 0 && $premDays != PHP_INT_MAX) {
 				if ($lastDay == 0) {
 					$lastDay = $timeNow;
@@ -213,7 +206,9 @@ switch ($action) {
 				$save = true;
 			}
 			if ($save) {
-				$db->query("update `accounts` set `premdays` = " . $premDays . ", `lastday` = " . $lastDay . " where `id` = " . $account->getId());
+				$account->premdays = $premDays;
+				$account->lastday = $lastDay;
+				$account->save();
 			}
 		}
 
@@ -235,13 +230,11 @@ switch ($action) {
 			$sessionKey .= "\n".floor(time() / 30);
 		}
 
-		//log_append('slaw.log', $sessionKey);
-
 		$session = [
 			'sessionkey' => $sessionKey,
 			'lastlogintime' => 0,
-			'ispremium' => $config['lua']['freePremium'] || $account->isPremium(),
-			'premiumuntil' => ($account->getPremDays()) > 0 ? (time() + ($account->getPremDays() * 86400)) : 0,
+			'ispremium' => $account->is_premium,
+			'premiumuntil' => ($account->premium_days) > 0 ? (time() + ($account->premium_days * 86400)) : 0,
 			'status' => 'active', // active, frozen or suspended
 			'returnernotification' => false,
 			'showrewardnews' => true,
@@ -259,24 +252,23 @@ switch ($action) {
 }
 
 function create_char($player, $highestLevelId) {
-	global $config;
 	return [
 		'worldid' => 0,
-		'name' => $player['name'],
-		'ismale' => intval($player['sex']) === 1,
-		'tutorial' => isset($player['istutorial']) && $player['istutorial'],
-		'level' => intval($player['level']),
-		'vocation' => $config['vocations'][$player['vocation']],
-		'outfitid' => intval($player['looktype']),
-		'headcolor' => intval($player['lookhead']),
-		'torsocolor' => intval($player['lookbody']),
-		'legscolor' => intval($player['looklegs']),
-		'detailcolor' => intval($player['lookfeet']),
-		'addonsflags' => intval($player['lookaddons']),
-		'ishidden' => isset($player['deletion']) && (int)$player['deletion'] === 1,
+		'name' => $player->name,
+		'ismale' => $player->sex === 1,
+		'tutorial' => isset($player->istutorial) && $player->istutorial,
+		'level' => $player->level,
+		'vocation' => $player->vocation_name,
+		'outfitid' => $player->looktype,
+		'headcolor' => $player->lookhead,
+		'torsocolor' => $player->lookbody,
+		'legscolor' => $player->looklegs,
+		'detailcolor' => $player->lookfeet,
+		'addonsflags' => $player->lookaddons,
+		'ishidden' => $player->is_deleted,
 		'istournamentparticipant' => false,
-		'ismaincharacter' => $highestLevelId == $player['id'],
-		'dailyrewardstate' => isset($player['isreward']) ? intval($player['isreward']) : 0,
+		'ismaincharacter' => $highestLevelId === $player->getKey(),
+		'dailyrewardstate' => $player->isreward ?? 0,
 		'remainingdailytournamentplaytime' => 0
 	];
 }

nginx-sample.conf

@@ -25,7 +25,7 @@ server {
 	}
 
 	location / {
-		try_files $uri $uri/ /index.php;
+		try_files $uri $uri/ /index.php?$query_string;;
 	}
 
 	location ~ \.php$ {

npm-post-install.js

@@ -0,0 +1,16 @@
+const fse = require('fs-extra');
+const path = require('path');
+
+const nodeModulesDir = path.join(__dirname, 'node_modules');
+const publicDir = path.join(__dirname, 'tools/ext');
+
+fse.emptyDirSync(path.join(publicDir, 'jquery'));
+fse.emptyDirSync(path.join(publicDir, 'jquery-ui'));
+fse.emptyDirSync(path.join(publicDir, 'bootstrap'));
+fse.emptyDirSync(path.join(publicDir, 'tinymce'));
+fse.emptyDirSync(path.join(publicDir, 'tinymce-jquery'));
+fse.copySync(path.join(nodeModulesDir, 'jquery', 'dist'), path.join(publicDir, 'jquery'), { overwrite: true });
+fse.copySync(path.join(nodeModulesDir, 'jquery-ui', 'dist'), path.join(publicDir, 'jquery-ui'), { overwrite: true });
+fse.copySync(path.join(nodeModulesDir, 'bootstrap', 'dist'), path.join(publicDir, 'bootstrap'), { overwrite: true });
+fse.copySync(path.join(nodeModulesDir, 'tinymce'), path.join(publicDir, 'tinymce'), { overwrite: true });
+fse.copySync(path.join(nodeModulesDir, '@tinymce', 'tinymce-jquery', 'dist'), path.join(publicDir, 'tinymce-jquery'), { overwrite: true });

package-lock.json

@@ -4,6 +4,15 @@
   "requires": true,
   "packages": {
     "": {
+      "hasInstallScript": true,
+      "dependencies": {
+        "@tinymce/tinymce-jquery": "^2.1.0",
+        "bootstrap": "^4.6.2",
+        "fs-extra": "^11.2.0",
+        "jquery": "^3.7.1",
+        "jquery-ui": "^1.13.2",
+        "tinymce": "^6.8.3"
+      },
       "devDependencies": {
         "cypress": "^12.12.0"
       }
@@ -19,9 +28,9 @@
       }
     },
     "node_modules/@cypress/request": {
-      "version": "2.88.11",
-      "resolved": "https://registry.npmjs.org/@cypress/request/-/request-2.88.11.tgz",
-      "integrity": "sha512-M83/wfQ1EkspjkE2lNWNV5ui2Cv7UCv1swW1DqljahbzLVWltcsexQh8jYtuS/vzFXP+HySntGM83ZXA9fn17w==",
+      "version": "2.88.12",
+      "resolved": "https://registry.npmjs.org/@cypress/request/-/request-2.88.12.tgz",
+      "integrity": "sha512-tOn+0mDZxASFM+cuAP9szGUGPI1HwWVSvdzm7V4cCsPdFTx6qMj29CwaQmRAMIEhORIUBFBsYROYJcveK4uOjA==",
       "dev": true,
       "dependencies": {
         "aws-sign2": "~0.7.0",
@@ -39,7 +48,7 @@
         "performance-now": "^2.1.0",
         "qs": "~6.10.3",
         "safe-buffer": "^5.1.2",
-        "tough-cookie": "~2.5.0",
+        "tough-cookie": "^4.1.3",
         "tunnel-agent": "^0.6.0",
         "uuid": "^8.3.2"
       },
@@ -66,10 +75,15 @@
         "ms": "^2.1.1"
       }
     },
+    "node_modules/@tinymce/tinymce-jquery": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/@tinymce/tinymce-jquery/-/tinymce-jquery-2.1.0.tgz",
+      "integrity": "sha512-ynfgfL/n5/Us7h3AnJL3mAwsShuE/USvAJFOdilJDkZuVCypWSwVVo3E3wIqSzDGvqyU+293ok1+sD+jxraT8w=="
+    },
     "node_modules/@types/node": {
-      "version": "14.18.47",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.47.tgz",
-      "integrity": "sha512-OuJi8bIng4wYHHA3YpKauL58dZrPxro3d0tabPHyiNF8rKfGKuVfr83oFlPLmKri1cX+Z3cJP39GXmnqkP11Gw==",
+      "version": "16.18.82",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.82.tgz",
+      "integrity": "sha512-pcDZtkx9z8XYV+ius2P3Ot2VVrcYOfXffBQUBuiszrlUzKSmoDYqo+mV+IoL8iIiIjjtOMvNSmH1hwJ+Q+f96Q==",
       "dev": true
     },
     "node_modules/@types/sinonjs__fake-timers": {
@@ -79,15 +93,15 @@
       "dev": true
     },
     "node_modules/@types/sizzle": {
-      "version": "2.3.3",
-      "resolved": "https://registry.npmjs.org/@types/sizzle/-/sizzle-2.3.3.tgz",
-      "integrity": "sha512-JYM8x9EGF163bEyhdJBpR2QX1R5naCJHC8ucJylJ3w9/CVBaskdQ8WqBf8MmQrd1kRvp/a4TS8HJ+bxzR7ZJYQ==",
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/@types/sizzle/-/sizzle-2.3.8.tgz",
+      "integrity": "sha512-0vWLNK2D5MT9dg0iOo8GlKguPAU02QjmZitPEsXRuJXU/OGIOt9vT9Fc26wtYuavLxtO45v9PGleoL9Z0k1LHg==",
       "dev": true
     },
     "node_modules/@types/yauzl": {
-      "version": "2.10.0",
-      "resolved": "https://registry.npmjs.org/@types/yauzl/-/yauzl-2.10.0.tgz",
-      "integrity": "sha512-Cn6WYCm0tXv8p6k+A8PvbDG763EDpBoTzHdA+Q/MF6H3sapGjCm9NzoaJncJS9tUKSuCoDs9XHxYYsQDgxR6kw==",
+      "version": "2.10.3",
+      "resolved": "https://registry.npmjs.org/@types/yauzl/-/yauzl-2.10.3.tgz",
+      "integrity": "sha512-oJoftv0LSuaDZE3Le4DbKX+KS9G36NzOeSap90UIK0yMA/NhKJhqlSGtNDORNRaIbQfzjXDrQa0ytJ6mNRGz/Q==",
       "dev": true,
       "optional": true,
       "dependencies": {
@@ -203,9 +217,9 @@
       }
     },
     "node_modules/async": {
-      "version": "3.2.4",
-      "resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz",
-      "integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==",
+      "version": "3.2.5",
+      "resolved": "https://registry.npmjs.org/async/-/async-3.2.5.tgz",
+      "integrity": "sha512-baNZyqaaLhyLVKm/DlvdW051MSgO6b8eVfIezl9E5PqWxFgzLm/wQntEW4zOytVburDEr0JlALEpdOFwvErLsg==",
       "dev": true
     },
     "node_modules/asynckit": {
@@ -285,6 +299,25 @@
       "integrity": "sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==",
       "dev": true
     },
+    "node_modules/bootstrap": {
+      "version": "4.6.2",
+      "resolved": "https://registry.npmjs.org/bootstrap/-/bootstrap-4.6.2.tgz",
+      "integrity": "sha512-51Bbp/Uxr9aTuy6ca/8FbFloBUJZLHwnhTcnjIeRn2suQWsWzcuJhGjKDB5eppVte/8oCdOL3VuwxvZDUggwGQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/twbs"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/bootstrap"
+        }
+      ],
+      "peerDependencies": {
+        "jquery": "1.9.1 - 3",
+        "popper.js": "^1.16.1"
+      }
+    },
     "node_modules/brace-expansion": {
       "version": "1.1.11",
       "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
@@ -329,22 +362,28 @@
       }
     },
     "node_modules/cachedir": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/cachedir/-/cachedir-2.3.0.tgz",
-      "integrity": "sha512-A+Fezp4zxnit6FanDmv9EqXNAi3vt9DWp51/71UEhXukb7QUuvtv9344h91dyAxuTLoSYJFU299qzR3tzwPAhw==",
+      "version": "2.4.0",
+      "resolved": "https://registry.npmjs.org/cachedir/-/cachedir-2.4.0.tgz",
+      "integrity": "sha512-9EtFOZR8g22CL7BWjJ9BUx1+A/djkofnyW3aOXZORNW2kxoUpx2h+uN2cOqwPmFhnpVmxg+KW2OjOSgChTEvsQ==",
       "dev": true,
       "engines": {
         "node": ">=6"
       }
     },
     "node_modules/call-bind": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz",
-      "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==",
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz",
+      "integrity": "sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==",
       "dev": true,
       "dependencies": {
-        "function-bind": "^1.1.1",
-        "get-intrinsic": "^1.0.2"
+        "es-define-property": "^1.0.0",
+        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.2",
+        "get-intrinsic": "^1.2.4",
+        "set-function-length": "^1.2.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
       },
       "funding": {
         "url": "https://github.com/sponsors/ljharb"
@@ -394,9 +433,9 @@
       }
     },
     "node_modules/ci-info": {
-      "version": "3.8.0",
-      "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.8.0.tgz",
-      "integrity": "sha512-eXTggHWSooYhq49F2opQhuHWgzucfF2YgODK4e1566GQs5BIfP30B0oenwBJHfWxAs2fyPB1s7Mg949zLf61Yw==",
+      "version": "3.9.0",
+      "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz",
+      "integrity": "sha512-NIxF55hv4nSqQswkAeiOi1r83xy8JldOFDTWiug55KBu9Jnblncd2U6ViHmYgHf01TPZS77NJBhBMKdWj9HQMQ==",
       "dev": true,
       "funding": [
         {
@@ -541,15 +580,15 @@
       }
     },
     "node_modules/cypress": {
-      "version": "12.12.0",
-      "resolved": "https://registry.npmjs.org/cypress/-/cypress-12.12.0.tgz",
-      "integrity": "sha512-UU5wFQ7SMVCR/hyKok/KmzG6fpZgBHHfrXcHzDmPHWrT+UUetxFzQgt7cxCszlwfozckzwkd22dxMwl/vNkWRw==",
+      "version": "12.17.4",
+      "resolved": "https://registry.npmjs.org/cypress/-/cypress-12.17.4.tgz",
+      "integrity": "sha512-gAN8Pmns9MA5eCDFSDJXWKUpaL3IDd89N9TtIupjYnzLSmlpVr+ZR+vb4U/qaMp+lB6tBvAmt7504c3Z4RU5KQ==",
       "dev": true,
       "hasInstallScript": true,
       "dependencies": {
-        "@cypress/request": "^2.88.10",
+        "@cypress/request": "2.88.12",
         "@cypress/xvfb": "^1.2.4",
-        "@types/node": "^14.14.31",
+        "@types/node": "^16.18.39",
         "@types/sinonjs__fake-timers": "8.1.1",
         "@types/sizzle": "^2.3.2",
         "arch": "^2.2.0",
@@ -582,9 +621,10 @@
         "minimist": "^1.2.8",
         "ospath": "^1.2.2",
         "pretty-bytes": "^5.6.0",
+        "process": "^0.11.10",
         "proxy-from-env": "1.0.0",
         "request-progress": "^3.0.0",
-        "semver": "^7.3.2",
+        "semver": "^7.5.3",
         "supports-color": "^8.1.1",
         "tmp": "~0.2.1",
         "untildify": "^4.0.0",
@@ -597,6 +637,21 @@
         "node": "^14.0.0 || ^16.0.0 || >=18.0.0"
       }
     },
+    "node_modules/cypress/node_modules/fs-extra": {
+      "version": "9.1.0",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz",
+      "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==",
+      "dev": true,
+      "dependencies": {
+        "at-least-node": "^1.0.0",
+        "graceful-fs": "^4.2.0",
+        "jsonfile": "^6.0.1",
+        "universalify": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/dashdash": {
       "version": "1.14.1",
       "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz",
@@ -610,9 +665,9 @@
       }
     },
     "node_modules/dayjs": {
-      "version": "1.11.7",
-      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.7.tgz",
-      "integrity": "sha512-+Yw9U6YO5TQohxLcIkrXBeY73WP3ejHWVvx8XCk3gxvQDCTEmS48ZrSZCKciI7Bhl/uCMyxYtE9UqRILmFphkQ==",
+      "version": "1.11.10",
+      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.10.tgz",
+      "integrity": "sha512-vjAczensTgRcqDERK0SR2XMwsF/tSvnvlv6VcF2GIhg6Sx4yOIt/irsr1RDJsKiIyBzJDpCoXiWWq28MqH2cnQ==",
       "dev": true
     },
     "node_modules/debug": {
@@ -632,6 +687,23 @@
         }
       }
     },
+    "node_modules/define-data-property": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz",
+      "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==",
+      "dev": true,
+      "dependencies": {
+        "es-define-property": "^1.0.0",
+        "es-errors": "^1.3.0",
+        "gopd": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
     "node_modules/delayed-stream": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
@@ -667,17 +739,39 @@
       }
     },
     "node_modules/enquirer": {
-      "version": "2.3.6",
-      "resolved": "https://registry.npmjs.org/enquirer/-/enquirer-2.3.6.tgz",
-      "integrity": "sha512-yjNnPr315/FjS4zIsUxYguYUPP2e1NK4d7E7ZOLiyYCcbFBiTMyID+2wvm2w6+pZ/odMA7cRkjhsPbltwBOrLg==",
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz",
+      "integrity": "sha512-rRqJg/6gd538VHvR3PSrdRBb/1Vy2YfzHqzvbhGIQpDRKIa4FgV/54b5Q1xYSxOOwKvjXweS26E0Q+nAMwp2pQ==",
       "dev": true,
       "dependencies": {
-        "ansi-colors": "^4.1.1"
+        "ansi-colors": "^4.1.1",
+        "strip-ansi": "^6.0.1"
       },
       "engines": {
         "node": ">=8.6"
       }
     },
+    "node_modules/es-define-property": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz",
+      "integrity": "sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==",
+      "dev": true,
+      "dependencies": {
+        "get-intrinsic": "^1.2.4"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-errors": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
+      "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
+      "dev": true,
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
     "node_modules/escape-string-regexp": {
       "version": "1.0.5",
       "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
@@ -811,18 +905,16 @@
       }
     },
     "node_modules/fs-extra": {
-      "version": "9.1.0",
-      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz",
-      "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==",
-      "dev": true,
+      "version": "11.2.0",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz",
+      "integrity": "sha512-PmDi3uwK5nFuXh7XDTlVnS17xJS7vW36is2+w3xcv8SVxiB4NyATf4ctkVY5bkSjX0Y4nbvZCq1/EjtEyr9ktw==",
       "dependencies": {
-        "at-least-node": "^1.0.0",
         "graceful-fs": "^4.2.0",
         "jsonfile": "^6.0.1",
         "universalify": "^2.0.0"
       },
       "engines": {
-        "node": ">=10"
+        "node": ">=14.14"
       }
     },
     "node_modules/fs.realpath": {
@@ -832,21 +924,28 @@
       "dev": true
     },
     "node_modules/function-bind": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
-      "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==",
-      "dev": true
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
+      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
+      "dev": true,
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
     },
     "node_modules/get-intrinsic": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.1.tgz",
-      "integrity": "sha512-2DcsyfABl+gVHEfCOaTrWgyt+tb6MSEGmKq+kI5HwLbIYgjgmMcV8KQ41uaKz1xxUcn9tJtgFbQUEVcEbd0FYw==",
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz",
+      "integrity": "sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==",
       "dev": true,
       "dependencies": {
-        "function-bind": "^1.1.1",
-        "has": "^1.0.3",
+        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.2",
         "has-proto": "^1.0.1",
-        "has-symbols": "^1.0.3"
+        "has-symbols": "^1.0.3",
+        "hasown": "^2.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
       },
       "funding": {
         "url": "https://github.com/sponsors/ljharb"
@@ -920,23 +1019,22 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/gopd": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz",
+      "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==",
+      "dev": true,
+      "dependencies": {
+        "get-intrinsic": "^1.1.3"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
     "node_modules/graceful-fs": {
       "version": "4.2.11",
       "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz",
-      "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==",
-      "dev": true
-    },
-    "node_modules/has": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz",
-      "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==",
-      "dev": true,
-      "dependencies": {
-        "function-bind": "^1.1.1"
-      },
-      "engines": {
-        "node": ">= 0.4.0"
-      }
+      "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ=="
     },
     "node_modules/has-flag": {
       "version": "4.0.0",
@@ -947,6 +1045,18 @@
         "node": ">=8"
       }
     },
+    "node_modules/has-property-descriptors": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz",
+      "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==",
+      "dev": true,
+      "dependencies": {
+        "es-define-property": "^1.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
     "node_modules/has-proto": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.1.tgz",
@@ -971,6 +1081,18 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/hasown": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.1.tgz",
+      "integrity": "sha512-1/th4MHjnwncwXsIW6QMzlvYL9kG5e/CpVvLRZe4XPa8TOUNbCELqmvhDmnkNsAjwaG4+I8gJJL0JBvTTLO9qA==",
+      "dev": true,
+      "dependencies": {
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
     "node_modules/http-signature": {
       "version": "1.3.6",
       "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.3.6.tgz",
@@ -1136,6 +1258,19 @@
       "integrity": "sha512-Yljz7ffyPbrLpLngrMtZ7NduUgVvi6wG9RJ9IUcyCd59YQ911PBJphODUcbOVbqYfxe1wuYf/LJ8PauMRwsM/g==",
       "dev": true
     },
+    "node_modules/jquery": {
+      "version": "3.7.1",
+      "resolved": "https://registry.npmjs.org/jquery/-/jquery-3.7.1.tgz",
+      "integrity": "sha512-m4avr8yL8kmFN8psrbFFFmB/If14iN5o9nw/NgnnM+kybDJpRsAynV2BsfpTYrTRysYUdADVD7CkUUizgkpLfg=="
+    },
+    "node_modules/jquery-ui": {
+      "version": "1.13.2",
+      "resolved": "https://registry.npmjs.org/jquery-ui/-/jquery-ui-1.13.2.tgz",
+      "integrity": "sha512-wBZPnqWs5GaYJmo1Jj0k/mrSkzdQzKDwhXNtHKcBdAcKVxMM3KNYFq+iJ2i1rwiG53Z8M4mTn3Qxrm17uH1D4Q==",
+      "dependencies": {
+        "jquery": ">=1.8.0 <4.0.0"
+      }
+    },
     "node_modules/jsbn": {
       "version": "0.1.1",
       "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz",
@@ -1158,7 +1293,6 @@
       "version": "6.1.0",
       "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz",
       "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==",
-      "dev": true,
       "dependencies": {
         "universalify": "^2.0.0"
       },
@@ -1382,9 +1516,9 @@
       }
     },
     "node_modules/object-inspect": {
-      "version": "1.12.3",
-      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz",
-      "integrity": "sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g==",
+      "version": "1.13.1",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz",
+      "integrity": "sha512-5qoj1RUiKOMsCCNLV1CBiPYE10sziTsnmNxkAI/rZhiD63CF7IqdFGC/XzjWjpSgLf0LxXX3bDFIh0E18f6UhQ==",
       "dev": true,
       "funding": {
         "url": "https://github.com/sponsors/ljharb"
@@ -1474,6 +1608,17 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/popper.js": {
+      "version": "1.16.1",
+      "resolved": "https://registry.npmjs.org/popper.js/-/popper.js-1.16.1.tgz",
+      "integrity": "sha512-Wb4p1J4zyFTbM+u6WuO4XstYx4Ky9Cewe4DWrel7B0w6VVICvPwdOpotjzcf6eD8TsckVnIMNONQyPIUFOUbCQ==",
+      "deprecated": "You can find the new Popper v2 at @popperjs/core, this package is dedicated to the legacy v1",
+      "peer": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/popperjs"
+      }
+    },
     "node_modules/pretty-bytes": {
       "version": "5.6.0",
       "resolved": "https://registry.npmjs.org/pretty-bytes/-/pretty-bytes-5.6.0.tgz",
@@ -1486,6 +1631,15 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/process": {
+      "version": "0.11.10",
+      "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz",
+      "integrity": "sha512-cdGef/drWFoydD1JsMzuFf8100nZl+GT+yacc2bEced5f9Rjk4z+WtFUTBu9PhOi9j/jfmBPu0mMEY4wIdAF8A==",
+      "dev": true,
+      "engines": {
+        "node": ">= 0.6.0"
+      }
+    },
     "node_modules/proxy-from-env": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.0.0.tgz",
@@ -1509,9 +1663,9 @@
       }
     },
     "node_modules/punycode": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.0.tgz",
-      "integrity": "sha512-rRV+zQD8tVFys26lAGR9WUuS4iUAngJScM+ZRSKtvl5tKeZ2t5bvdNFdNHBW9FWR4guGHlgmsZ1G7BSm2wTbuA==",
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
+      "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==",
       "dev": true,
       "engines": {
         "node": ">=6"
@@ -1532,6 +1686,12 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/querystringify": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz",
+      "integrity": "sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==",
+      "dev": true
+    },
     "node_modules/request-progress": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/request-progress/-/request-progress-3.0.0.tgz",
@@ -1541,6 +1701,12 @@
         "throttleit": "^1.0.0"
       }
     },
+    "node_modules/requires-port": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz",
+      "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==",
+      "dev": true
+    },
     "node_modules/restore-cursor": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz",
@@ -1555,9 +1721,9 @@
       }
     },
     "node_modules/rfdc": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.3.0.tgz",
-      "integrity": "sha512-V2hovdzFbOi77/WajaSMXk2OLm+xNIeQdMMuB7icj7bk6zi2F8GGAxigcnDFpJHbNyNcgyJDiP+8nOrY5cZGrA==",
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.3.1.tgz",
+      "integrity": "sha512-r5a3l5HzYlIC68TpmYKlxWjmOP6wiPJ1vWv2HeLhNsRZMrCkxeqxiHlQ21oXmQ4F3SiryXBHhAD7JZqvOJjFmg==",
       "dev": true
     },
     "node_modules/rimraf": {
@@ -1611,9 +1777,9 @@
       "dev": true
     },
     "node_modules/semver": {
-      "version": "7.5.1",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.1.tgz",
-      "integrity": "sha512-Wvss5ivl8TMRZXXESstBA4uR5iXgEN/VC5/sOcuXdVLzcdkz4HWetIoRfG5gb5X+ij/G9rw9YoGn3QoQ8OCSpw==",
+      "version": "7.6.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.0.tgz",
+      "integrity": "sha512-EnwXhrlwXMk9gKu5/flx5sv/an57AkRplG3hTK68W7FRDN+k+OWBj65M7719OkA82XLBxrcX0KSHj+X5COhOVg==",
       "dev": true,
       "dependencies": {
         "lru-cache": "^6.0.0"
@@ -1625,6 +1791,23 @@
         "node": ">=10"
       }
     },
+    "node_modules/set-function-length": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.1.tgz",
+      "integrity": "sha512-j4t6ccc+VsKwYHso+kElc5neZpjtq9EnRICFZtWyBsLojhmeF/ZBd/elqm22WJh/BziDe/SBiOeAt0m2mfLD0g==",
+      "dev": true,
+      "dependencies": {
+        "define-data-property": "^1.1.2",
+        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.2",
+        "get-intrinsic": "^1.2.3",
+        "gopd": "^1.0.1",
+        "has-property-descriptors": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
     "node_modules/shebang-command": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
@@ -1647,14 +1830,18 @@
       }
     },
     "node_modules/side-channel": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz",
-      "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==",
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.5.tgz",
+      "integrity": "sha512-QcgiIWV4WV7qWExbN5llt6frQB/lBven9pqliLXfGPB+K9ZYXxDozp0wLkHS24kWCm+6YXH/f0HhnObZnZOBnQ==",
       "dev": true,
       "dependencies": {
-        "call-bind": "^1.0.0",
-        "get-intrinsic": "^1.0.2",
-        "object-inspect": "^1.9.0"
+        "call-bind": "^1.0.6",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.4",
+        "object-inspect": "^1.13.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
       },
       "funding": {
         "url": "https://github.com/sponsors/ljharb"
@@ -1681,9 +1868,9 @@
       }
     },
     "node_modules/sshpk": {
-      "version": "1.17.0",
-      "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.17.0.tgz",
-      "integrity": "sha512-/9HIEs1ZXGhSPE8X6Ccm7Nam1z8KcoCqPdI7ecm1N33EzAetWahvQWVqLZtaZQ+IDKX4IyA2o0gBzqIMkAagHQ==",
+      "version": "1.18.0",
+      "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.18.0.tgz",
+      "integrity": "sha512-2p2KJZTSqQ/I3+HX42EpYOa2l3f8Erv8MWKsy2I9uf4wA7yFIkXRffYdsx86y6z4vHtV8u7g+pPlr8/4ouAxsQ==",
       "dev": true,
       "dependencies": {
         "asn1": "~0.2.3",
@@ -1756,10 +1943,13 @@
       }
     },
     "node_modules/throttleit": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/throttleit/-/throttleit-1.0.0.tgz",
-      "integrity": "sha512-rkTVqu6IjfQ/6+uNuuc3sZek4CEYxTJom3IktzgdSxcZqdARuebbA/f4QmAxMQIxqq9ZLEUkSYqvuk1I6VKq4g==",
-      "dev": true
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/throttleit/-/throttleit-1.0.1.tgz",
+      "integrity": "sha512-vDZpf9Chs9mAdfY046mcPt8fg5QSZr37hEH4TXYBnDF+izxgrbRGUAAaBvIk/fJm9aOFCGFd1EsNg5AZCbnQCQ==",
+      "dev": true,
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
     },
     "node_modules/through": {
       "version": "2.3.8",
@@ -1767,6 +1957,11 @@
       "integrity": "sha512-w89qg7PI8wAdvX60bMDP+bFoD5Dvhm9oLheFp5O4a2QF0cSBGsBX4qZmadPMvVqlLJBBci+WqGGOAPvcDeNSVg==",
       "dev": true
     },
+    "node_modules/tinymce": {
+      "version": "6.8.3",
+      "resolved": "https://registry.npmjs.org/tinymce/-/tinymce-6.8.3.tgz",
+      "integrity": "sha512-3fCHKAeqT+xNwBVESf6iDbDV0VNwZNmfrkx9c/6Gz5iB8piMfaO6s7FvoiTrj1hf1gVbfyLTnz1DooI6DhgINQ=="
+    },
     "node_modules/tmp": {
       "version": "0.2.1",
       "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.1.tgz",
@@ -1780,22 +1975,33 @@
       }
     },
     "node_modules/tough-cookie": {
-      "version": "2.5.0",
-      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz",
-      "integrity": "sha512-nlLsUzgm1kfLXSXfRZMc1KLAugd4hqJHDTvc2hDIwS3mZAfMEuMbc03SujMF+GEcpaX/qboeycw6iO8JwVv2+g==",
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.3.tgz",
+      "integrity": "sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==",
       "dev": true,
       "dependencies": {
-        "psl": "^1.1.28",
-        "punycode": "^2.1.1"
+        "psl": "^1.1.33",
+        "punycode": "^2.1.1",
+        "universalify": "^0.2.0",
+        "url-parse": "^1.5.3"
       },
       "engines": {
-        "node": ">=0.8"
+        "node": ">=6"
+      }
+    },
+    "node_modules/tough-cookie/node_modules/universalify": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.2.0.tgz",
+      "integrity": "sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==",
+      "dev": true,
+      "engines": {
+        "node": ">= 4.0.0"
       }
     },
     "node_modules/tslib": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.1.tgz",
-      "integrity": "sha512-KaI6gPil5m9vF7DKaoXxx1ia9fxS4qG5YveErRRVknPDXXriu5M8h48YRjB6h5ZUOKuAKlSJYb0GaDe8I39fRw==",
+      "version": "2.6.2",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz",
+      "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==",
       "dev": true
     },
     "node_modules/tunnel-agent": {
@@ -1829,10 +2035,9 @@
       }
     },
     "node_modules/universalify": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz",
-      "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==",
-      "dev": true,
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz",
+      "integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==",
       "engines": {
         "node": ">= 10.0.0"
       }
@@ -1846,6 +2051,16 @@
         "node": ">=8"
       }
     },
+    "node_modules/url-parse": {
+      "version": "1.5.10",
+      "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz",
+      "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==",
+      "dev": true,
+      "dependencies": {
+        "querystringify": "^2.1.1",
+        "requires-port": "^1.0.0"
+      }
+    },
     "node_modules/uuid": {
       "version": "8.3.2",
       "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",

package.json

@@ -1,5 +1,17 @@
 {
+  "scripts": {
+    "cypress:open": "cypress open",
+    "postinstall": "node ./npm-post-install.js"
+  },
   "devDependencies": {
     "cypress": "^12.12.0"
+  },
+  "dependencies": {
+    "@tinymce/tinymce-jquery": "^2.1.0",
+    "bootstrap": "^4.6.2",
+    "fs-extra": "^11.2.0",
+    "jquery": "^3.7.1",
+    "jquery-ui": "^1.13.2",
+    "tinymce": "^6.8.3"
   }
 }

phpstan-bootstrap.php

@@ -0,0 +1,13 @@
+<?php
+
+require __DIR__ . '/system/libs/pot/OTS.php';
+$ots = POT::getInstance();
+
+require __DIR__ . '/system/libs/pot/InvitesDriver.php';
+require __DIR__ . '/system/libs/rfc6238.php';
+require __DIR__ . '/common.php';
+
+const ACTION = '';
+const PAGE = '';
+const URI = '';
+define('SELF_NAME', basename(__FILE__));

phpstan.neon

@@ -0,0 +1,38 @@
+parameters:
+	level: 3
+	paths:
+		- .
+		- templates/tibiacom
+		- templates/kathrine
+	excludePaths:
+		- system/cache/*
+		- vendor/*
+		- plugins/*
+		- system/libs
+		- tools/signature/mango.php
+		- tools/signature/gd.class.php
+	bootstrapFiles:
+		- phpstan-bootstrap.php
+	ignoreErrors:
+		- '#Variable \$db might not be defined#'
+		- '#Variable \$twig might not be defined#'
+		- '#Variable \$hooks might not be defined#'
+		- '#Variable \$account_logged might not be defined#'
+		- '#Variable \$logged might not be defined#'
+		- '#Variable \$config might not be defined#'
+		- '#Variable \$action might not be defined#'
+		- '#Variable \$errors might not be defined#'
+		- '#Variable \$cache might not be defined#'
+		- '#Variable \$status might not be defined#'
+		- '#Variable \$player might not be defined#'
+		- '#Variable \$guild might not be defined#'
+		- '#Variable \$[a-zA-Z0-9\\_]+ might not be defined#'
+		# Eloquent models
+		- '#Call to an undefined static method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+()#'
+		# system/pages/highscores.php
+		- '#Call to an undefined method Illuminate\\Database\\Query\\Builder::withOnlineStatus\(\)#'
+		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$online_status#'
+		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$vocation_name#'
+		-
+			message: '#Variable \$tmp in empty\(\) always exists and is always falsy#'
+			path: templates\kathrine\javascript.php

plugins/account-create-hint/hint.html.twig

@@ -1,3 +1,3 @@
 To play on {{ config.lua.serverName }} you need an account.
-All you have to do to create your new account is to enter an account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %}, password{% if config.account_country %}, country{% endif %} and your email address.
+All you have to do to create your new account is to enter an account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %}, password{% if setting('core.account_country') %}, country{% endif %} and your email address.
 Also you have to agree to the terms presented below. If you have done so, your account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %} will be shown on the following page and your account password will be sent to your email address along with further instructions. If you do not receive the email with your password, please check your spam filter.<br/><br/>

plugins/email-confirmed-reward/reward.php

@@ -1,33 +1,37 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
-$reward = config('account_mail_confirmed_reward');
+$reward = setting('core.account_mail_confirmed_reward');
 
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
-if ($reward['coins'] > 0 && $hasCoinsColumn) {
-	log_append('email_confirm_error.log', 'accounts.coins column does not exist.');
+$rewardCoins = setting('core.account_mail_confirmed_reward_coins');
+if ($rewardCoins > 0 && !$hasCoinsColumn) {
+	log_append('error.log', 'email_confirm: accounts.coins column does not exist.');
 }
 
 if (!isset($account) || !$account->isLoaded()) {
-	log_append('email_confirm_error.log', 'Account not loaded.');
 	return;
 }
 
-if ($reward['premium_points'] > 0) {
-	$account->setCustomField('premium_points', (int)$account->getCustomField('premium_points') + $reward['premium_points']);
+$rewardMessage = 'You received %d %s for confirming your E-Mail address.';
 
-	success(sprintf($reward['message'], $reward['premium_points'], 'premium points'));
+$rewardPremiumPoints = setting('core.account_mail_confirmed_reward_premium_points');
+if ($rewardPremiumPoints > 0) {
+	$account->setCustomField('premium_points', (int)$account->getCustomField('premium_points') + $rewardPremiumPoints);
+
+	success(sprintf($rewardMessage, $rewardPremiumPoints, 'premium points'));
 }
 
-if ($reward['coins'] > 0 && $hasCoinsColumn) {
-	$account->setCustomField('coins', (int)$account->getCustomField('coins') + $reward['coins']);
+if ($rewardCoins > 0 && $hasCoinsColumn) {
+	$account->setCustomField('coins', (int)$account->getCustomField('coins') + $rewardCoins);
 
-	success(sprintf($reward['message'], $reward['coins'], 'coins'));
+	success(sprintf($rewardMessage, $rewardCoins, 'coins'));
 }
 
-if ($reward['premium_days'] > 0) {
-	$account->setPremDays($account->getPremDays() + $reward['premium_days']);
+$rewardPremiumDays = setting('core.account_mail_confirmed_reward_premium_days');
+if ($rewardPremiumDays > 0) {
+	$account->setPremDays($account->getPremDays() + $rewardPremiumDays);
 	$account->save();
 
-	success(sprintf($reward['message'], $reward['premium_days'], 'premium days'));
+	success(sprintf($rewardMessage, $rewardPremiumDays, 'premium days'));
 }

release.sh

@@ -38,7 +38,7 @@ if [ $1 = "prepare" ]; then
 	cd $dir || exit
 
 	# dependencies
-	composer install --no-dev
+	composer install --prefer-dist --optimize-autoloader
 
 	echo "Now you can make changes to $dir. When you are ready, type 'release.sh pack'"
 	exit

system/bin/clear_cache.php

@@ -1,18 +0,0 @@
-<?php
-
-if(PHP_SAPI !== 'cli') {
-	echo 'This script can be run only in command line mode.';
-	exit(1);
-}
-
-require_once __DIR__ . '/../../common.php';
-require_once SYSTEM . 'functions.php';
-require_once SYSTEM . 'init.php';
-
-if(clearCache()) {
-	echo 'Cache cleared.' . PHP_EOL;
-}
-else {
-	echo 'Unexpected error.' . PHP_EOL;
-	exit(2);
-}

system/bin/install_plugin.php

@@ -1,42 +0,0 @@
-<?php
-
-if(PHP_SAPI !== 'cli') {
-	echo 'This script can be run only in command line mode.';
-	exit(1);
-}
-
-require_once __DIR__ . '/../../common.php';
-require_once SYSTEM . 'functions.php';
-require_once SYSTEM . 'init.php';
-require_once SYSTEM . 'hooks.php';
-require_once LIBS . 'plugins.php';
-
-if($argc !== 2) {
-	echo 'This command expects one parameter: zip file name (plugin)' . PHP_EOL;
-	exit(2);
-}
-
-$path_to_file = $argv[1];
-$ext = strtolower(pathinfo($path_to_file, PATHINFO_EXTENSION));
-if($ext !== 'zip') {// check if it is zipped/compressed file
-	echo 'Please install only .zip files.' . PHP_EOL;
-	exit(3);
-}
-
-if(!file_exists($path_to_file)) {
-	echo 'ERROR: File ' . $path_to_file . ' does not exist' . PHP_EOL;
-	exit(4);
-}
-
-if(Plugins::install($path_to_file)) {
-	foreach(Plugins::getWarnings() as $warning) {
-		echo 'WARNING: ' . $warning;
-	}
-
-	$info = Plugins::getPluginJson();
-	echo (isset($info['name']) ? $info['name'] . ' p' : 'P') . 'lugin has been successfully installed.' . PHP_EOL;
-}
-else {
-	echo 'ERROR: ' . Plugins::getError() . PHP_EOL;
-	exit(5);
-}

system/bin/send_email.php

@@ -1,61 +0,0 @@
-<?php
-
-if(PHP_SAPI !== 'cli') {
-	echo 'This script can be run only in command line mode.';
-	exit(1);
-}
-
-require_once __DIR__ . '/../../common.php';
-require_once SYSTEM . 'functions.php';
-require_once SYSTEM . 'init.php';
-
-if($argc !== 3) {
-	echo 'This command expects two parameters: account_name_or_id|player_name|email address, subject.' . PHP_EOL;
-	exit(2);
-}
-
-$email_account_name = $argv[1];
-$subject = $argv[2];
-$message = file_get_contents('php://stdin');
-
-if(strpos($email_account_name, '@') === false) {
-	$account = new OTS_Account();
-	if(USE_ACCOUNT_NAME) {
-		$account->find($email_account_name);
-	}
-	else {
-		$account->load($email_account_name);
-	}
-
-	if($account->isLoaded()) {
-		$email_account_name = $account->getEMail();
-	}
-	else {
-		$player = new OTS_Player();
-		$player->find($email_account_name);
-		if($player->isLoaded()) {
-			$email_account_name = $player->getAccount()->getEMail();
-		}
-		else {
-			echo 'Cannot find player or account with name: ' . $email_account_name . '.' . PHP_EOL;
-			exit(3);
-		}
-	}
-}
-
-if(!Validator::email($email_account_name)) {
-	echo 'Invalid E-Mail format.' . PHP_EOL;
-	exit(4);
-}
-
-if(strlen($subject) > 255) {
-	echo 'Subject max length is 255 characters.' . PHP_EOL;
-	exit(5);
-}
-
-if(!_mail($email_account_name, $subject, $message)) {
-	echo 'An error occurred while sending email. More info can be found in system/logs/mailer-error.log';
-	exit(6);
-}
-
-echo 'Mail sent to ' . $email_account_name . '.' . PHP_EOL;

system/clients.conf.php

@@ -99,4 +99,10 @@ $config['clients'] = [
 	1291,
 
 	1300,
+	1310,
+	1311,
+	1312,
+	1316,
+	1320,
+	1321,
 ];

system/compat/base.php

@@ -9,6 +9,8 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
+class Validator extends \MyAAC\Validator {}
+
 function check_name($name, &$errors = '') {
 	if(Validator::characterName($name))
 		return true;
@@ -72,4 +74,7 @@ function fieldExist($field, $table)
 	global $db;
 	return $db->hasColumn($table, $field);
 }
-?>
+
+function getCreatureImgPath($creature): string {
+	return getMonsterImgPath($creature);
+}

system/compat/config.php

@@ -34,8 +34,18 @@ $deprecatedConfig = [
 	'news_limit',
 	'news_ticker_limit',
 	'news_date_format',
+	'guild_management',
+	'guild_need_level',
+	'guild_need_premium',
+	'guild_image_size_kb',
+	'guild_description_default',
+	'guild_description_chars_limit',
+	'guild_motd_chars_limit',
 	'highscores_groups_hidden',
 	'highscores_ids_hidden',
+	'highscores_vocation_box',
+	'highscores_vocation',
+	'highscores_outfit',
 	'online_record',
 	'online_vocations',
 	'online_vocations_images',
@@ -58,9 +68,14 @@ $deprecatedConfig = [
 	'status_ip',
 	'status_port',
 	'mail_enabled',
+	'mail_address',
 	'account_login_by_email',
 	'account_login_by_email_fallback',
 	'account_mail_verify',
+	'account_mail_unique',
+	'account_mail_change',
+	'account_premium_days',
+	'account_premium_points',
 	'account_create_character_create',
 	'account_change_character_name',
 	'account_change_character_name_points' => 'account_change_character_name_price',

system/compat/pages.php

@@ -44,7 +44,7 @@ switch($page)
 		break;
 
 	case 'killstatistics':
-		$page = 'lastkills';
+		$page = 'last-kills';
 		break;
 
 	case 'buypoints':

system/counter.php

@@ -7,6 +7,9 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\Cache\Cache;
+
 defined('MYAAC') or die('Direct access not allowed!');
 define('COUNTER_SYNC', 10); // how often counter is synchronized with database (each x site refreshes)
 

system/database.php

@@ -7,6 +7,9 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use Illuminate\Database\Capsule\Manager as Capsule;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
 if (!isset($config['database_overwrite'])) {
@@ -91,6 +94,7 @@ if(!isset($config['database_socket'])) {
 	$config['database_socket'] = '';
 }
 
+
 try {
 	$ots->connect(array(
 		'host' => $config['database_host'],
@@ -100,12 +104,24 @@ try {
 		'log' => $config['database_log'],
 		'socket' => @$config['database_socket'],
 		'persistent' => @$config['database_persistent']
-		)
-	);
+	));
 
 	$db = POT::getInstance()->getDBHandle();
-}
-catch(PDOException $error) {
+	$capsule = new Capsule;
+	$capsule->addConnection([
+		'driver' => 'mysql',
+		'database' => $config['database_name'],
+	]);
+
+	$capsule->getConnection()->setPdo($db);
+	$capsule->getConnection()->setReadPdo($db);
+
+	$capsule->setAsGlobal();
+	$capsule->bootEloquent();
+
+	$eloquentConnection = $capsule->getConnection();
+
+} catch (Exception $e) {
 	if(isset($cache) && $cache->enabled()) {
 		$cache->delete('config_lua');
 	}
@@ -119,5 +135,5 @@ catch(PDOException $error) {
 		'<ul>' .
 			'<li>MySQL is not configured propertly in <i>config.lua</i>.</li>' .
 			'<li>MySQL server is not running.</li>' .
-		'</ul>' . $error->getMessage());
+		'</ul>' . $e->getMessage());
 }

system/exception.php

@@ -8,6 +8,8 @@
  * @link      https://my-aac.org
  */
 
+use MyAAC\Exceptions\SensitiveException;
+
 if (class_exists(\Whoops\Run::class)) {
 	$whoops = new \Whoops\Run;
 	if(IS_CLI) {
@@ -21,8 +23,6 @@ if (class_exists(\Whoops\Run::class)) {
 	return;
 }
 
-require LIBS . 'SensitiveException.php';
-
 /**
  * @param Exception $exception
  */

system/functions.php

@@ -9,6 +9,17 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
+use MyAAC\Cache\Cache;
+use MyAAC\CsrfToken;
+use MyAAC\Items;
+use MyAAC\Models\Config;
+use MyAAC\Models\Guild;
+use MyAAC\Models\House;
+use MyAAC\Models\Pages;
+use MyAAC\Models\Player;
+use MyAAC\News;
+use MyAAC\Plugins;
+use MyAAC\Settings;
 use PHPMailer\PHPMailer\PHPMailer;
 use Twig\Loader\ArrayLoader as Twig_ArrayLoader;
 
@@ -38,7 +49,10 @@ function warning($message, $return = false) {
 	return message($message, 'warning', $return);
 }
 function note($message, $return = false) {
-	return message($message, 'note', $return);
+	return info($message, $return);
+}
+function info($message, $return = false) {
+	return message($message, 'info', $return);
 }
 function error($message, $return = false) {
 	return message($message, ((defined('MYAAC_INSTALL') || defined('MYAAC_ADMIN')) ? 'danger' : 'error'), $return);
@@ -91,7 +105,7 @@ function getPlayerLink($name, $generate = true): string
 
 function getMonsterLink($name, $generate = true): string
 {
-	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'creatures/' . urlencode($name);
+	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'monsters/' . urlencode($name);
 
 	if(!$generate) return $url;
 	return generateLink($url, $name);
@@ -99,15 +113,14 @@ function getMonsterLink($name, $generate = true): string
 
 function getHouseLink($name, $generate = true): string
 {
-	global $db;
-
 	if(is_numeric($name))
 	{
-		$house = $db->query(
-			'SELECT `name` FROM `houses` WHERE `id` = ' . (int)$name);
-		if($house->rowCount() > 0)
-			$name = $house->fetchColumn();
+		$house = House::find(intval($name), ['name']);
+		if ($house) {
+			$name = $house->name;
 		}
+	}
+
 
 	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'houses/' . urlencode($name);
 
@@ -118,10 +131,8 @@ function getHouseLink($name, $generate = true): string
 function getGuildLink($name, $generate = true): string
 {
 	if(is_numeric($name)) {
-		$name = getGuildNameById($name);
-		if ($name === false) {
-			$name = 'Unknown';
-		}
+		$guild = Guild::find(intval($name), ['name']);
+		$name = $guild->name ?? 'Unknown';
 	}
 
 	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'guilds/' . urlencode($name);
@@ -131,7 +142,6 @@ function getGuildLink($name, $generate = true): string
 }
 
 function getItemNameById($id) {
-	require_once LIBS . 'items.php';
 	$item = Items::get($id);
 	return !empty($item['name']) ? $item['name'] : '';
 }
@@ -149,8 +159,7 @@ function getItemImage($id, $count = 1)
 	if($count > 1)
 		$file_name .= '-' . $count;
 
-	global $config;
-	return '<img src="' . $config['item_images_url'] . $file_name . config('item_images_extension') . '"' . $tooltip . ' width="32" height="32" border="0" alt="' .$id . '" />';
+	return '<img src="' . setting('core.item_images_url') . $file_name . setting('core.item_images_extension') . '"' . $tooltip . ' width="32" height="32" border="0" alt="' .$id . '" />';
 }
 
 function getItemRarity($chance) {
@@ -192,7 +201,7 @@ function getFlagImage($country): string
  * @param mixed $v Variable to check.
  * @return bool Value boolean status.
  */
-function getBoolean($v): bool
+function getBoolean(mixed $v): bool
 {
 	if(is_bool($v)) {
 		return $v;
@@ -201,6 +210,10 @@ function getBoolean($v): bool
 	if(is_numeric($v))
 		return (int)$v > 0;
 
+	if (is_null($v)) {
+		return false;
+	}
+
 	$v = strtolower($v);
 	return $v === 'yes' || $v === 'true';
 }
@@ -248,7 +261,7 @@ function generateRandomString($length, $lowCase = true, $upCase = false, $numeri
 function getForumBoards()
 {
 	global $db, $canEdit;
-	$sections = $db->query('SELECT `id`, `name`, `description`, `closed`, `guild`, `access`' . ($canEdit ? ', `hidden`, `ordering`' : '') . ' FROM `' . TABLE_PREFIX . 'forum_boards` ' . (!$canEdit ? ' WHERE `hidden` != 1' : '') .
+	$sections = $db->query('SELECT `id`, `name`, `description`, `closed`, `guild`, `access`' . ($canEdit ? ', `hide`, `ordering`' : '') . ' FROM `' . TABLE_PREFIX . 'forum_boards` ' . (!$canEdit ? ' WHERE `hide` != 1' : '') .
 		' ORDER BY `ordering`;');
 	if($sections)
 		return $sections->fetchAll();
@@ -272,13 +285,12 @@ function getForumBoards()
  */
 function fetchDatabaseConfig($name, &$value)
 {
-	global $db;
-
-	$query = $db->query('SELECT `value` FROM `' . TABLE_PREFIX . 'config` WHERE `name` = ' . $db->quote($name));
-	if($query->rowCount() <= 0)
+	$config = Config::select('value')->where('name', '=', $name)->first();
+	if (!$config) {
 		return false;
+	}
 
-	$value = $query->fetchColumn();
+	$value = $config->value;
 	return true;
 }
 
@@ -303,8 +315,7 @@ function getDatabaseConfig($name)
  */
 function registerDatabaseConfig($name, $value)
 {
-	global $db;
-	$db->insert(TABLE_PREFIX . 'config', array('name' => $name, 'value' => $value));
+	Config::create(compact('name', 'value'));
 }
 
 /**
@@ -315,8 +326,9 @@ function registerDatabaseConfig($name, $value)
  */
 function updateDatabaseConfig($name, $value)
 {
-	global $db;
-	$db->update(TABLE_PREFIX . 'config', array('value' => $value), array('name' => $name));
+	Config::where('name', '=', $name)->update([
+		'value' => $value
+	]);
 }
 
 /**
@@ -343,47 +355,55 @@ function encrypt($str)
 //delete player with name
 function delete_player($name)
 {
-	global $db;
-	$player = new OTS_Player();
-	$player->find($name);
-	if($player->isLoaded()) {
-		try { $db->exec("DELETE FROM player_skills WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
-		try { $db->exec("DELETE FROM guild_invites WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
-		try { $db->exec("DELETE FROM player_items WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
-		try { $db->exec("DELETE FROM player_depotitems WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
-		try { $db->exec("DELETE FROM player_spells WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
-		try { $db->exec("DELETE FROM player_storage WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
-		try { $db->exec("DELETE FROM player_viplist WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
-		try { $db->exec("DELETE FROM player_deaths WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
-		try { $db->exec("DELETE FROM player_deaths WHERE killed_by = '".$player->getId()."';"); } catch(PDOException $error) {}
-		$rank = $player->getRank();
-		if($rank->isLoaded()) {
-			$guild = $rank->getGuild();
-			if($guild->getOwner()->getId() == $player->getId()) {
-				$rank_list = $guild->getGuildRanksList();
-				if(count($rank_list) > 0) {
-					$rank_list->orderBy('level');
-					foreach($rank_list as $rank_in_guild) {
-						$players_with_rank = $rank_in_guild->getPlayersList();
-						$players_with_rank->orderBy('name');
-						$players_with_rank_number = count($players_with_rank);
-						if($players_with_rank_number > 0) {
-							foreach($players_with_rank as $player_in_guild) {
-								$player_in_guild->setRank();
-								$player_in_guild->save();
-							}
-						}
-						$rank_in_guild->delete();
-					}
-					$guild->delete();
-				}
-			}
-		}
-		$player->delete();
-		return true;
+	// DB::beginTransaction();
+	global $capsule;
+	$player = Player::where(compact('name'))->first();
+	if (!$player) {
+		return false;
 	}
 
 	return false;
+	// global $db;
+	// $player = new OTS_Player();
+	// $player->find($name);
+	// if($player->isLoaded()) {
+	// 	try { $db->exec("DELETE FROM player_skills WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
+	// 	try { $db->exec("DELETE FROM guild_invites WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
+	// 	try { $db->exec("DELETE FROM player_items WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
+	// 	try { $db->exec("DELETE FROM player_depotitems WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
+	// 	try { $db->exec("DELETE FROM player_spells WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
+	// 	try { $db->exec("DELETE FROM player_storage WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
+	// 	try { $db->exec("DELETE FROM player_viplist WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
+	// 	try { $db->exec("DELETE FROM player_deaths WHERE player_id = '".$player->getId()."';"); } catch(PDOException $error) {}
+	// 	try { $db->exec("DELETE FROM player_deaths WHERE killed_by = '".$player->getId()."';"); } catch(PDOException $error) {}
+	// 	$rank = $player->getRank();
+	// 	if($rank->isLoaded()) {
+	// 		$guild = $rank->getGuild();
+	// 		if($guild->getOwner()->getId() == $player->getId()) {
+	// 			$rank_list = $guild->getGuildRanksList();
+	// 			if(count($rank_list) > 0) {
+	// 				$rank_list->orderBy('level');
+	// 				foreach($rank_list as $rank_in_guild) {
+	// 					$players_with_rank = $rank_in_guild->getPlayersList();
+	// 					$players_with_rank->orderBy('name');
+	// 					$players_with_rank_number = count($players_with_rank);
+	// 					if($players_with_rank_number > 0) {
+	// 						foreach($players_with_rank as $player_in_guild) {
+	// 							$player_in_guild->setRank();
+	// 							$player_in_guild->save();
+	// 						}
+	// 					}
+	// 					$rank_in_guild->delete();
+	// 				}
+	// 				$guild->delete();
+	// 			}
+	// 		}
+	// 	}
+	// 	$player->delete();
+	// 	return true;
+	// }
+
+	// return false;
 }
 
 //delete guild with id
@@ -398,7 +418,10 @@ function delete_guild($id)
 	if(count($rank_list) > 0) {
 		$rank_list->orderBy('level');
 
-		global $db, $ots;
+		global $db;
+		/**
+		 * @var OTS_GuildRank $rank_in_guild
+		 */
 		foreach($rank_list as $rank_in_guild) {
 			if($db->hasTable('guild_members'))
 				$players_with_rank = $db->query('SELECT `players`.`id` as `id`, `guild_members`.`rank_id` as `rank_id` FROM `players`, `guild_members` WHERE `guild_members`.`rank_id` = ' . $rank_in_guild->getId() . ' AND `players`.`id` = `guild_members`.`player_id` ORDER BY `name`;');
@@ -457,20 +480,30 @@ function tickers()
  */
 function template_place_holder($type): string
 {
-	global $twig, $template_place_holders;
+	global $twig, $template_place_holders, $debugBar;
 	$ret = '';
 
+	if (isset($debugBar)) {
+		$debugBarRenderer = $debugBar->getJavascriptRenderer();
+	}
+
 	if(array_key_exists($type, $template_place_holders) && is_array($template_place_holders[$type]))
 		$ret = implode($template_place_holders[$type]);
 
 	if($type === 'head_start') {
 		$ret .= template_header();
+		if (isset($debugBar)) {
+			$ret .= $debugBarRenderer->renderHead();
+		}
 	}
 	elseif ($type === 'body_start') {
 		$ret .= $twig->render('browsehappy.html.twig');
 	}
 	elseif($type === 'body_end') {
 		$ret .= template_ga_code();
+		if (isset($debugBar)) {
+			$ret .= $debugBarRenderer->render();
+		}
 	}
 
 	return $ret;
@@ -481,8 +514,8 @@ function template_place_holder($type): string
  */
 function template_header($is_admin = false): string
 {
-	global $title_full, $config, $twig;
-	$charset = isset($config['charset']) ? $config['charset'] : 'utf-8';
+	global $title_full, $twig;
+	$charset = setting('core.charset') ?? 'utf-8';
 
 	return $twig->render('templates.header.html.twig',
 		[
@@ -680,11 +713,8 @@ function getSkillName($skillId, $suffix = true)
 /**
  * Performs flag check on the current logged in user.
  * Table in database: accounts, field: website_flags
- *
- * @param int @flag Flag to be verified.
- * @return bool If user got flag.
  */
-function hasFlag($flag) {
+function hasFlag(int $flag): bool {
 	global $logged, $logged_flags;
 	return ($logged && ($logged_flags & $flag) == $flag);
 }
@@ -757,7 +787,7 @@ function get_browser_languages()
 	$languages = str_replace(' ', '', $languages);
 
 	foreach(explode(',', $languages) as $language_list)
-		$ret[] .= substr($language_list, 0, 2);
+		$ret[] = substr($language_list, 0, 2);
 
 	return $ret;
 }
@@ -776,6 +806,10 @@ function get_templates()
 			$ret[] = $file;
 	}
 
+	foreach (Plugins::getThemes() as $name => $path) {
+		$ret[] = $name;
+	}
+
 	return $ret;
 }
 
@@ -847,9 +881,6 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 	else
 		$tmp_body = $body . '<br/><br/>' . $signature_html;
 
-	define('MAIL_MAIL', 0);
-	define('MAIL_SMTP', 1);
-
 	$mailOption = setting('core.mail_option');
 	if($mailOption == MAIL_SMTP)
 	{
@@ -860,10 +891,6 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 		$mailer->Username = setting('core.smtp_user');
 		$mailer->Password = setting('core.smtp_pass');
 
-		define('SMTP_SECURITY_NONE', 0);
-		define('SMTP_SECURITY_SSL', 1);
-		define('SMTP_SECURITY_TLS', 2);
-
 		$security = setting('core.smtp_security');
 
 		$tmp = '';
@@ -1027,14 +1054,36 @@ function get_browser_real_ip() {
 	return '0';
 }
 function setSession($key, $data) {
-	$_SESSION[config('session_prefix') . $key] = $data;
+	$_SESSION[setting('core.session_prefix') . $key] = $data;
 }
 function getSession($key) {
-	$key = config('session_prefix') . $key;
+	$key = setting('core.session_prefix') . $key;
 	return isset($_SESSION[$key]) ? $_SESSION[$key] : false;
 }
 function unsetSession($key) {
-	unset($_SESSION[config('session_prefix') . $key]);
+	unset($_SESSION[setting('core.session_prefix') . $key]);
+}
+
+function csrf(bool $return = false): string {
+	return CsrfToken::create($return);
+}
+
+function csrfToken(): string {
+	return CsrfToken::get();
+}
+
+function isValidToken(): bool {
+	$token = $_POST['csrf_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
+	return (!isRequestMethod('post') || (isset($token) && CsrfToken::isValid($token)));
+}
+
+function csrfProtect(): void
+{
+	if (!isValidToken()) {
+		$lastUri = BASE_URL . str_replace_first('/', '', getSession('last_uri'));
+		echo 'Request has been cancelled due to security reasons - token is invalid. Go <a href="' . $lastUri . '">back</a>';
+		exit();
+	}
 }
 
 function getTopPlayers($limit = 5) {
@@ -1049,26 +1098,38 @@ function getTopPlayers($limit = 5) {
 	}
 
 	if (!isset($players)) {
-		$deleted = 'deleted';
-		if($db->hasColumn('players', 'deletion'))
-			$deleted = 'deletion';
+		$columns = [
+			'id', 'name', 'level', 'vocation', 'experience',
+			'looktype', 'lookhead', 'lookbody', 'looklegs', 'lookfeet'
+		];
 
-		$is_tfs10 = $db->hasTable('players_online');
-		$players = $db->query('SELECT `id`, `name`, `level`, `vocation`, `experience`, `looktype`' . ($db->hasColumn('players', 'lookaddons') ? ', `lookaddons`' : '') . ', `lookhead`, `lookbody`, `looklegs`, `lookfeet`' . ($is_tfs10 ? '' : ', `online`') . ' FROM `players` WHERE `group_id` < ' . setting('core.highscores_groups_hidden') . ' AND `id` NOT IN (' . implode(', ', setting('core.highscores_ids_hidden')) . ') AND `' . $deleted . '` = 0 AND `account_id` != 1 ORDER BY `experience` DESC LIMIT ' . (int)$limit)->fetchAll();
-
-		if($is_tfs10) {
-			foreach($players as &$player) {
-				$query = $db->query('SELECT `player_id` FROM `players_online` WHERE `player_id` = ' . $player['id']);
-				$player['online'] = ($query->rowCount() > 0 ? 1 : 0);
-			}
-			unset($player);
+		if ($db->hasColumn('players', 'lookaddons')) {
+			$columns[] = 'lookaddons';
 		}
 
-		$i = 0;
-		foreach($players as &$player) {
-			$player['rank'] = ++$i;
+		if ($db->hasColumn('players', 'online')) {
+			$columns[] = 'online';
 		}
-		unset($player);
+
+		$players = Player::query()
+			->select($columns)
+			->withOnlineStatus()
+			->notDeleted()
+			->where('group_id', '<', setting('core.highscores_groups_hidden'))
+			->whereNotIn('id', setting('core.highscores_ids_hidden'))
+			->where('account_id', '!=', 1)
+			->orderByDesc('experience')
+			->limit($limit)
+			->get()
+			->map(function ($e, $i) {
+				$row = $e->toArray();
+				$row['online'] = $e->online_status;
+				$row['rank'] = $i + 1;
+
+				unset($row['online_table']);
+
+				return $row;
+			})->toArray();
 
 		if($cache->enabled()) {
 			$cache->set('top_' . $limit . '_level', serialize($players), 120);
@@ -1142,119 +1203,113 @@ function setting($key)
 
 function clearCache()
 {
-	require_once LIBS . 'news.php';
 	News::clearCache();
 
 	$cache = Cache::getInstance();
-
 	if($cache->enabled()) {
+		$keysToClear = [
+			'status', 'templates',
+			'config_lua',
+			'towns', 'groups', 'vocations',
+			'visitors', 'views_counter', 'failed_logins',
+			'template_menus',
+			'last_kills',
+			'hooks', 'plugins_hooks', 'plugins_routes', 'plugins_settings', 'plugins_themes', 'plugins_commands',
+			'settings',
+		];
+
+		foreach (get_templates() as $template) {
+			$keysToClear[] = 'template_ini_' . $template;
+		}
+
+		// highscores cache
+		$configHighscoresPerPage = setting('core.highscores_per_page');
+		$skills = [POT::SKILL_FIST, POT::SKILL_CLUB, POT::SKILL_SWORD, POT::SKILL_AXE, POT::SKILL_DIST, POT::SKILL_SHIELD, POT::SKILL_FISH, POT::SKILL_LEVEL, POT::SKILL__MAGLEVEL, SKILL_FRAGS, SKILL_BALANCE];
+		foreach ($skills as $skill) {
+			// config('vocations') may be empty after previous cache clear
+			$vocations = (config('vocations') ?? []) + ['all'];
+			foreach ($vocations as $vocation) {
+				for($page = 0; $page < 10; $page++) {
+					$cacheKey = 'highscores_' . $skill . '_' . strtolower($vocation) . '_' . $page . '_' . $configHighscoresPerPage;
+					$keysToClear[] = $cacheKey;
+				}
+			}
+		}
+
+		foreach ($keysToClear as $item) {
 			$tmp = '';
+			if ($cache->fetch($item, $tmp)) {
+				$cache->delete($item);
+			}
+		}
 
-		if ($cache->fetch('status', $tmp))
-			$cache->delete('status');
-
-		if ($cache->fetch('templates', $tmp))
-			$cache->delete('templates');
-
-		if ($cache->fetch('config_lua', $tmp))
-			$cache->delete('config_lua');
-
-		if ($cache->fetch('vocations', $tmp))
-			$cache->delete('vocations');
-
-		if ($cache->fetch('towns', $tmp))
-			$cache->delete('towns');
-
-		if ($cache->fetch('groups', $tmp))
-			$cache->delete('groups');
-
-		if ($cache->fetch('visitors', $tmp))
-			$cache->delete('visitors');
-
-		if ($cache->fetch('views_counter', $tmp))
-			$cache->delete('views_counter');
-
-		if ($cache->fetch('failed_logins', $tmp))
-			$cache->delete('failed_logins');
-
-		global $template_name;
-		if ($cache->fetch('template_ini' . $template_name, $tmp))
-			$cache->delete('template_ini' . $template_name);
-
-		if ($cache->fetch('plugins_hooks', $tmp))
-			$cache->delete('plugins_hooks');
-
-		if ($cache->fetch('plugins_routes', $tmp))
-			$cache->delete('plugins_routes');
+		global $db;
+		$db->setClearCacheAfter(true);
 	}
 
 	deleteDirectory(CACHE . 'signatures', ['index.html'], true);
 	deleteDirectory(CACHE . 'twig', ['index.html'], true);
 	deleteDirectory(CACHE . 'plugins', ['index.html'], true);
-	deleteDirectory(CACHE, ['signatures', 'twig', 'plugins', 'index.html'], true);
+	deleteDirectory(CACHE, ['signatures', 'twig', 'plugins', 'index.html', 'persistent'], true);
 
 	// routes cache
-	$routeCacheFile = CACHE . 'route.cache';
-	if (file_exists($routeCacheFile)) {
-		unlink($routeCacheFile);
-	}
+	clearRouteCache();
+
+	global $hooks;
+	$hooks->trigger(HOOK_CACHE_CLEAR, ['cache' => Cache::getInstance()]);
 
 	return true;
 }
 
-function getCustomPageInfo($page)
+function clearRouteCache(): void
 {
-	global $db, $logged_access;
-	$query =
-		$db->query(
-			'SELECT `id`, `title`, `body`, `php`, `hidden`' .
-			' FROM `' . TABLE_PREFIX . 'pages`' .
-			' WHERE `name` LIKE ' . $db->quote($page) . ' AND `hidden` != 1 AND `access` <= ' . $db->quote($logged_access));
-	if($query->rowCount() > 0) // found page
-	{
-		return $query->fetch(PDO::FETCH_ASSOC);
+	$routeCacheFile = CACHE . 'route.cache';
+	if (file_exists($routeCacheFile)) {
+		unlink($routeCacheFile);
+	}
+}
+
+function getCustomPageInfo($name)
+{
+	global $logged_access;
+	$page = Pages::isPublic()
+		->where('name', 'LIKE', $name)
+		->where('access', '<=', $logged_access)
+		->first();
+
+	if (!$page) {
+		return null;
 	}
 
-	return null;
+	return $page->toArray();
 }
-function getCustomPage($page, &$success): string
+function getCustomPage($name, &$success): string
 {
-	global $db, $twig, $title, $ignore, $logged_access;
+	global $twig, $title, $ignore;
 
 	$success = false;
 	$content = '';
-	$query =
-		$db->query(
-			'SELECT `id`, `title`, `body`, `php`, `hidden`' .
-			' FROM `' . TABLE_PREFIX . 'pages`' .
-			' WHERE `name` LIKE ' . $db->quote($page) . ' AND `hidden` != 1 AND `access` <= ' . $db->quote($logged_access));
-	if($query->rowCount() > 0) // found page
+	$page = getCustomPageInfo($name);
+
+	if($page) // found page
 	{
 		$success = $ignore = true;
-		$query = $query->fetch();
-		$title = $query['title'];
+		$title = $page['title'];
 
-		if($query['php'] == '1') // execute it as php code
+		if($page['php'] == '1') // execute it as php code
 		{
-			$tmp = substr($query['body'], 0, 10);
+			$tmp = substr($page['body'], 0, 10);
 			if(($pos = strpos($tmp, '<?php')) !== false) {
-				$tmp = preg_replace('/<\?php/', '', $query['body'], 1);
+				$tmp = preg_replace('/<\?php/', '', $page['body'], 1);
 			}
 			else if(($pos = strpos($tmp, '<?')) !== false) {
-				$tmp = preg_replace('/<\?/', '', $query['body'], 1);
+				$tmp = preg_replace('/<\?/', '', $page['body'], 1);
 			}
 			else
-				$tmp = $query['body'];
-
-			$php_errors = array();
-			function error_handler($errno, $errstr) {
-				global $php_errors;
-				$php_errors[] = array('errno' => $errno, 'errstr' => $errstr);
-			}
-			set_error_handler('error_handler');
+				$tmp = $page['body'];
 
 			global $config;
-			if($config['backward_support']) {
+			if(setting('core.backward_support')) {
 				global $SQL, $main_content, $subtopic;
 			}
 
@@ -1262,17 +1317,12 @@ function getCustomPage($page, &$success): string
 			eval($tmp);
 			$content .= ob_get_contents();
 			ob_end_clean();
-
-			restore_error_handler();
-			if(isset($php_errors[0]) && superAdmin()) {
-				var_dump($php_errors);
-			}
 		}
 		else {
 			$oldLoader = $twig->getLoader();
 
 			$twig_loader_array = new Twig_ArrayLoader(array(
-				'content.html' => $query['body']
+				'content.html' => $page['body']
 			));
 
 			$twig->setLoader($twig_loader_array);
@@ -1387,39 +1437,42 @@ function getChangelogWhere($v)
 
 	return 'unknown';
 }
-function getPlayerNameByAccount($id)
+
+function getPlayerNameByAccountId($id)
 {
-	global $vowels, $ots, $db;
-	if(is_numeric($id))
-	{
-		$player = new OTS_Player();
-		$player->load($id);
-		if($player->isLoaded())
-			return $player->getName();
-		else
-		{
-			$playerQuery = $db->query('SELECT `id` FROM `players` WHERE `account_id` = ' . $id . ' ORDER BY `lastlogin` DESC LIMIT 1;')->fetch();
-
-			$tmp = "*Error*";
-			/*
-			$acco = new OTS_Account();
-			$acco->load($id);
-			if(!$acco->isLoaded())
-				return "Unknown name";
-
-			foreach($acco->getPlayersList() as $p)
-			{
-				$player= new OTS_Player();
-				$player->find($p);*/
-				$player->load($playerQuery['id']);
-				//echo 'id gracza = ' . $p . '<br/>';
-				if($player->isLoaded())
-					$tmp = $player->getName();
-			//	break;
-			//}
-
-			return $tmp;
+	if (!is_numeric($id)) {
+		return '';
 	}
+
+	$account = \MyAAC\Models\Account::find(intval($id), ['id']);
+	if ($account) {
+		$player = \MyAAC\Models\Player::where('account_id', $account->id)->orderByDesc('lastlogin')->select('name')->first();
+		if (!$player) {
+			return '';
+		}
+		return $player->name;
+	}
+
+	return '';
+}
+
+function getPlayerNameByAccount($account) {
+	if (is_numeric($account)) {
+		return getPlayerNameByAccountId($account);
+	}
+
+	return '';
+}
+
+function getPlayerNameById($id)
+{
+	if (!is_numeric($id)) {
+		return '';
+	}
+
+	$player = \MyAAC\Models\Player::find((int)$id, ['name']);
+	if ($player) {
+		return $player->name;
 	}
 
 	return '';
@@ -1427,13 +1480,13 @@ function getPlayerNameByAccount($id)
 
 function echo_success($message)
 {
-	echo '<div class="col-12 success mb-2">' . $message . '</div>';
+	echo '<div class="col-12 alert alert-success mb-2">' . $message . '</div>';
 }
 
 function echo_error($message)
 {
 	global $error;
-	echo '<div class="col-12 error mb-2">' . $message . '</div>';
+	echo '<div class="col-12 alert alert-danger mb-2">' . $message . '</div>';
 	$error = true;
 }
 
@@ -1507,18 +1560,19 @@ function right($str, $length) {
 	return substr($str, -$length);
 }
 
-function getCreatureImgPath($creature){
-	$creature_path = config('monsters_images_url');
-	$creature_gfx_name = trim(strtolower($creature)) . config('monsters_images_extension');
-	if (!file_exists($creature_path . $creature_gfx_name)) {
-		$creature_gfx_name = str_replace(" ", "", $creature_gfx_name);
-		if (file_exists($creature_path . $creature_gfx_name)) {
-			return $creature_path . $creature_gfx_name;
+function getMonsterImgPath($monster): string
+{
+	$monster_path = setting('core.monsters_images_url');
+	$monster_gfx_name = trim(strtolower($monster)) . setting('core.monsters_images_extension');
+	if (!file_exists($monster_path . $monster_gfx_name)) {
+		$monster_gfx_name = str_replace(" ", "", $monster_gfx_name);
+		if (file_exists($monster_path . $monster_gfx_name)) {
+			return $monster_path . $monster_gfx_name;
 		} else {
-			return $creature_path . 'nophoto.png';
+			return $monster_path . 'nophoto.png';
 		}
 	} else {
-		return $creature_path . $creature_gfx_name;
+		return $monster_path . $monster_gfx_name;
 	}
 }
 
@@ -1574,12 +1628,9 @@ function escapeHtml($html) {
 
 function getGuildNameById($id)
 {
-	global $db;
-
-	$guild = $db->query('SELECT `name` FROM `guilds` WHERE `id` = ' . (int)$id);
-
-	if($guild->rowCount() > 0) {
-		return $guild->fetchColumn();
+	$guild = Guild::where('id', intval($id))->select('name')->first();
+	if ($guild) {
+		return $guild->name;
 	}
 
 	return false;
@@ -1587,15 +1638,11 @@ function getGuildNameById($id)
 
 function getGuildLogoById($id)
 {
-	global $db;
-
 	$logo = 'default.gif';
 
-	$query = $db->query('SELECT `logo_name` FROM `guilds` WHERE `id` = ' . (int)$id);
-	if ($query->rowCount() == 1) {
-
-		$query = $query->fetch(PDO::FETCH_ASSOC);
-		$guildLogo = $query['logo_name'];
+	$guild = Guild::where('id', intval($id))->select('logo_name')->first();
+	if ($guild) {
+		$guildLogo = $guild->logo_name;
 
 		if (!empty($guildLogo) && file_exists(GUILD_IMAGES_DIR . $guildLogo)) {
 			$logo = $guildLogo;
@@ -1613,8 +1660,15 @@ function displayErrorBoxWithBackButton($errors, $action = null) {
 	]);
 }
 
+function makeLinksClickable($text, $blank = true) {
+	return preg_replace('!(((f|ht)tp(s)?://)[-a-zA-Zа-яА-Я()0-9@:%_+.~#?&;//=]+)!i', '<a href="$1"' . (!$blank ?: ' target="_blank"') . '>$1</a>', $text);
+}
+
+function isRequestMethod(string $method): bool {
+	return strtolower($_SERVER['REQUEST_METHOD']) == strtolower($method);
+}
+
 // validator functions
-require_once LIBS . 'validator.php';
 require_once SYSTEM . 'compat/base.php';
 
 // custom functions

system/init.php

@@ -7,6 +7,14 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use DebugBar\StandardDebugBar;
+use MyAAC\Cache\Cache;
+use MyAAC\CsrfToken;
+use MyAAC\Hooks;
+use MyAAC\Settings;
+use MyAAC\Towns;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
 if(!isset($config['installed']) || !$config['installed']) {
@@ -17,6 +25,10 @@ if(config('env') === 'dev') {
 	require SYSTEM . 'exception.php';
 }
 
+if (config('env') === 'dev' || getBoolean(config('enable_debugbar'))) {
+	$debugBar = new StandardDebugBar();
+}
+
 if(empty($config['server_path'])) {
 	throw new RuntimeException('Server Path has been not set. Go to config.php and set it.');
 }
@@ -30,9 +42,12 @@ if(isset($config['gzip_output']) && $config['gzip_output'] && isset($_SERVER['HT
 	ob_start('ob_gzhandler');
 
 // cache
-require_once SYSTEM . 'libs/cache.php';
 $cache = Cache::getInstance();
 
+// event system
+$hooks = new Hooks();
+$hooks->load();
+
 // twig
 require_once SYSTEM . 'twig.php';
 
@@ -40,28 +55,24 @@ require_once SYSTEM . 'twig.php';
 $action = $_REQUEST['action'] ?? '';
 define('ACTION', $action);
 
+// errors, is also often used
+$errors = [];
+
 // trim values we receive
-if(isset($_POST))
-{
-	foreach($_POST as $var => $value) {
+foreach($_POST as $var => $value) {
 	if(is_string($value)) {
 		$_POST[$var] = trim($value);
 	}
-	}
 }
-if(isset($_GET))
-{
-	foreach($_GET as $var => $value) {
+
+foreach($_GET as $var => $value) {
 	if(is_string($value))
 		$_GET[$var] = trim($value);
-	}
 }
-if(isset($_REQUEST))
-{
-	foreach($_REQUEST as $var => $value) {
+
+foreach($_REQUEST as $var => $value) {
 	if(is_string($value))
 		$_REQUEST[$var] = trim($value);
-	}
 }
 
 // load otserv config file
@@ -120,22 +131,42 @@ unset($foundValue);
 // POT
 require_once SYSTEM . 'libs/pot/OTS.php';
 $ots = POT::getInstance();
+$eloquentConnection = null;
 require_once SYSTEM . 'database.php';
 
+if ($config_lua_reload) {
+	clearCache();
+}
+
+// verify myaac tables exists in database
+if(!defined('MYAAC_INSTALL') && !$db->hasTable('myaac_account_actions')) {
+	throw new RuntimeException('Seems that the table myaac_account_actions of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting ' . BASE_URL . 'install');
+}
+
 // execute migrations
 require SYSTEM . 'migrate.php';
 
 // settings
-require_once LIBS . 'Settings.php';
 $settings = Settings::getInstance();
 $settings->load();
 
+// csrf protection
+$token = getSession('csrf_token');
+if (!isset($token) || !$token) {
+	CsrfToken::generate();
+}
+
 // deprecated config values
 require_once SYSTEM . 'compat/config.php';
 
 date_default_timezone_set(setting('core.date_timezone'));
 
-$config['account_create_character_create'] = config('account_create_character_create') && (!setting('core.mail_enabled') || !config('account_mail_verify'));
+setting(
+	[
+		'core.account_create_character_create',
+		setting('core.account_create_character_create') && (!setting('core.mail_enabled') || !setting('core.account_mail_verify'))
+	]
+);
 
 $settingsItemImagesURL = setting('core.item_images_url');
 if($settingsItemImagesURL[strlen($settingsItemImagesURL) - 1] !== '/') {
@@ -146,5 +177,4 @@ define('USE_ACCOUNT_NAME', $db->hasColumn('accounts', 'name'));
 define('USE_ACCOUNT_NUMBER', $db->hasColumn('accounts', 'number'));
 define('USE_ACCOUNT_SALT', $db->hasColumn('accounts', 'salt'));
 
-require LIBS . 'Towns.php';
 Towns::load();

system/item.php

@@ -1,60 +0,0 @@
-<?php
-/**
- * Item parser
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-require_once SYSTEM . 'libs/items_images.php';
-
-Items_Images::$files = array(
-	'otb' => SYSTEM . 'data/items.otb',
-	'spr' => SYSTEM . 'data/Tibia.spr',
-	'dat' => SYSTEM . 'data/Tibia.dat'
-);
-Items_Images::$outputDir = BASE . 'images/items/';
-
-function generateItem($id = 100, $count = 1) {
-	Items_Images::generate($id, $count);
-}
-
-function itemImageExists($id, $count = 1)
-{
-	if(!isset($id))
-		throw new RuntimeException('ERROR - itemImageExists: id has been not set!');
-
-	$file_name = $id;
-	if($count > 1)
-		$file_name .= '-' . $count;
-
-	$file_name = Items_Images::$outputDir . $file_name . '.gif';
-	return file_exists($file_name);
-}
-
-function outputItem($id = 100, $count = 1)
-{
-	if(!(int)$count)
-		$count = 1;
-
-	if(!itemImageExists($id, $count))
-	{
-		//echo 'plik istnieje';
-		Items_Images::generate($id, $count);
-	}
-
-	$expires = 60 * 60 * 24 * 30; // 30 days
-	header('Content-type: image/gif');
-	header('Cache-Control: public');
-	header('Cache-Control: maxage=' . $expires);
-	header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $expires) . ' GMT');
-
-	$file_name = $id;
-	if($count > 1)
-		$file_name .= '-' . $count;
-
-	$file_name = Items_Images::$outputDir . $file_name . '.gif';
-	readfile($file_name);
-}

system/libs/SensitiveException.php

@@ -1,3 +0,0 @@
-<?php
-
-class SensitiveException extends Exception {}

system/libs/cache_eaccelerator.php

@@ -1,51 +0,0 @@
-<?php
-/**
- * Cache eAccelerator class
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
- * @copyright 2019 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-
-class Cache_eAccelerator
-{
-	private $prefix;
-	private $enabled;
-
-	public function __construct($prefix = '') {
-		$this->prefix = $prefix;
-		$this->enabled = function_exists('eaccelerator_get');
-	}
-
-	public function set($key, $var, $ttl = 0)
-	{
-		$key = $this->prefix . $key;
-		eaccelerator_rm($key);
-		eaccelerator_put($key, $var, $ttl);
-	}
-
-	public function get($key)
-	{
-		$tmp = '';
-		if($this->fetch($this->prefix . $key, $tmp)) {
-			return $tmp;
-		}
-
-		return '';
-	}
-
-	public function fetch($key, &$var) {
-		return ($var = eaccelerator_get($this->prefix . $key)) !== null;
-	}
-
-	public function delete($key) {
-		eaccelerator_rm($this->prefix . $key);
-	}
-
-	public function enabled() {
-		return $this->enabled;
-	}
-}

system/libs/items_images.php

@@ -1,265 +0,0 @@
-<?php
-/**
- * Items_Images class
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-
-if ( !function_exists( 'stackId' ) )
-{
-	function stackId( $count )
-	{
-		if ( $count >= 50 )
-			$stack = 8;
-		elseif ( $count >= 25 )
-			$stack = 7;
-		elseif ( $count >= 10 )
-			$stack = 6;
-		elseif ( $count >= 5 )
-			$stack = 5;
-		elseif ( $count >= 4 )
-			$stack = 4;
-		elseif ( $count >= 3 )
-			$stack = 3;
-		elseif ( $count >= 2 )
-			$stack = 2;
-		else
-			$stack = 1;
-
-		return $stack;
-	}
-}
-
-class Items_Images
-{
-	public static $outputDir = '';
-	public static $files = array();
-
-	private static $otb, $dat, $spr;
-	private static $lastItem;
-	private static $loaded = false;
-
-	public function __destruct()
-	{
-		if(self::$otb)
-			fclose(self::$otb);
-		if(self::$dat)
-			fclose(self::$dat);
-		if(self::$spr)
-			fclose(self::$spr);
-	}
-
-	public static function generate($id = 100, $count = 1)
-	{
-		if(!self::$loaded)
-			self::load();
-
-		$originalId = $id;
-		if($id < 100)
-			return false;
-			//die('ID cannot be lower than 100.');
-
-		rewind(self::$otb);
-		rewind(self::$dat);
-		rewind(self::$spr);
-
-		$nostand = false;
-		$init = false;
-		$originalId = $id;
-
-		// parse info from otb
-		while( false !== ( $char = fgetc( self::$otb ) ) )
-		{
-			$byte = HEX_PREFIX.bin2hex( $char );
-
-			if ( $byte == 0xFE )
-				$init = true;
-			elseif ( $byte == 0x10 and $init ) {
-				extract( unpack( 'x2/Ssid', fread( self::$otb, 4 ) ) );
-
-				if ( $id == $sid ) {
-					if ( HEX_PREFIX.bin2hex( fread( self::$otb, 1 ) ) == 0x11 ) {
-						extract( unpack( 'x2/Sid', fread( self::$otb, 4 ) ) );
-						break;
-					}
-				}
-				$init = false;
-			}
-		}
-
-		self::$lastItem = array_sum( unpack( 'x4/S*', fread( self::$dat, 12 )));
-		if($id > self::$lastItem)
-			return false;
-
-		//ini_set('max_execution_time', 300);
-		// parse info from dat
-		for( $i = 100; $i <= $id; $i++ ) {
-			while( ( $byte = HEX_PREFIX.bin2hex( fgetc( self::$dat ) ) ) != 0xFF ) {
-				$offset = 0;
-				switch( $byte ) {
-					case 0x00:
-					case 0x09:
-					case 0x0A:
-					case 0x1A:
-					case 0x1D:
-					case 0x1E:
-						$offset = 2;
-						break;
-
-					case 0x16:
-					case 0x19:
-						$offset = 4;
-						break;
-
-					case 0x01:
-					case 0x02:
-					case 0x03:
-					case 0x04:
-					case 0x05:
-					case 0x06:
-					case 0x07:
-					case 0x08:
-					case 0x0B:
-					case 0x0C:
-					case 0x0D:
-					case 0x0E:
-					case 0x0F:
-					case 0x10:
-					case 0x11:
-					case 0x12:
-					case 0x13:
-					case 0x14:
-					case 0x15:
-					case 0x17:
-					case 0x18:
-					case 0x1B:
-					case 0x1C:
-					case 0x1F:
-					case 0x20:
-						break;
-
-					default:
-						return false; #trigger_error( sprintf( 'Unknown .DAT byte %s (previous byte: %s; address %x)', $byte, $prev, ftell( $dat ), E_USER_ERROR ) );
-						break;
-				}
-
-				$prev = $byte;
-				fseek( self::$dat, $offset, SEEK_CUR );
-			}
-			extract( unpack( 'Cwidth/Cheight', fread( self::$dat, 2 ) ) );
-
-			if ( $width > 1 or $height > 1 ) {
-				fseek( self::$dat, 1, SEEK_CUR );
-				$nostand = true;
-			}
-
-			$sprites_c = array_product( unpack( 'C*', fread( self::$dat, 5 ) ) ) * $width * $height;
-			$sprites = unpack( 'S*', fread( self::$dat, 2 * $sprites_c ) );
-		}
-
-		if ( array_key_exists( stackId( $count ), $sprites ) ) {
-			$sprites = (array) $sprites[stackId( $count )];
-		}
-		else {
-			$sprites = (array) $sprites[array_rand( $sprites ) ];
-		}
-
-		fseek( self::$spr, 6 );
-
-		$sprite = imagecreatetruecolor( 32 * $width, 32 * $height );
-		imagecolortransparent( $sprite, imagecolorallocate( $sprite, 0, 0, 0 ) );
-
-		foreach( $sprites as $key => $value ) {
-			fseek( self::$spr, 6 + ( $value - 1 ) * 4 );
-			extract( unpack( 'Laddress', fread( self::$spr, 4 ) ) );
-
-			fseek( self::$spr, $address + 3 );
-			extract( unpack( 'Ssize', fread( self::$spr, 2 ) ) );
-
-			list( $num, $bit ) = array( 0, 0 );
-
-			while( $bit < $size ) {
-				$pixels = unpack( 'Strans/Scolored', fread( self::$spr, 4 ) );
-				$num += $pixels['trans'];
-				for( $i = 0; $i < $pixels['colored']; $i++ )
-				{
-					extract( unpack( 'Cred/Cgreen/Cblue', fread( self::$spr, 3 ) ) );
-
-					$red = ( $red == 0 ? ( $green == 0 ? ( $blue == 0 ? 1 : $red ) : $red ) : $red );
-
-					imagesetpixel( $sprite,
-						$num % 32 + ( $key % 2 == 1 ? 32 : 0 ),
-						$num / 32 + ( $key % 4 != 1 and $key % 4 != 0 ? 32 : 0 ),
-						imagecolorallocate( $sprite, $red, $green, $blue ) );
-
-					$num++;
-				}
-
-				$bit += 4 + 3 * $pixels['colored'];
-			}
-		}
-
-		if ( $count >= 2 ) {
-			if ( $count > 100 )
-				$count = 100;
-
-			$font = 3;
-			$length = imagefontwidth( $font ) * strlen( $count );
-
-			$pos = array(
-				'x' => ( 32 * $width ) - ( $length + 1 ),
-				'y' => ( 32 * $height ) - 13
-			);
-			imagestring( $sprite, $font, $pos['x'] - 1, $pos['y'] - 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-			imagestring( $sprite, $font, $pos['x'], $pos['y'] - 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-			imagestring( $sprite, $font, $pos['x'] - 1, $pos['y'], $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-
-			imagestring( $sprite, $font, $pos['x'], $pos['y'] + 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-			imagestring( $sprite, $font, $pos['x'] + 1, $pos['y'], $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-			imagestring( $sprite, $font, $pos['x'] + 1, $pos['y'] + 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-
-			imagestring( $sprite, $font, $pos['x'], $pos['y'], $count, imagecolorallocate( $sprite, 219, 219, 219 ) );
-		}
-
-		$imagePath = self::$outputDir . ($count > 1 ? $originalId . '-' . $count : $originalId ) . '.gif';
-
-		// save image
-		imagegif($sprite, $imagePath);
-	}
-
-	public static function load()
-	{
-		if(!defined( 'HEX_PREFIX'))
-			define('HEX_PREFIX', '0x');
-
-		self::$otb = fopen(self::$files['otb'], 'rb');
-		self::$dat = fopen(self::$files['dat'], 'rb');
-		self::$spr = fopen(self::$files['spr'], 'rb');
-
-		if(!self::$otb || !self::$dat || !self::$spr)
-			throw new RuntimeException('ERROR: Cannot load data files.');
-		/*
-		if ( $nostand )
-		{
-			for( $i = 0; $i < count( $sprites ) / 4; $i++ )
-			{
-				$sprites = array_merge( (array) $sprites, array_reverse( array_slice( $sprites, $i * 4, 4 ) ) );
-			}
-		}
-		else
-		{
-			$sprites = (array) $sprites[array_rand( $sprites ) ];
-		}
-		*/
-
-		self::$loaded = true;
-	}
-
-	public static function loaded() {
-		return self::$loaded;
-	}
-}

system/libs/pot/OTS.php

@@ -370,7 +370,14 @@ class POT
             throw new RuntimeException('Please install PHP pdo extension. MyAAC will not work without it.');
         }
 
+	    global $debugBar;
+		if (isset($debugBar)) {
+			$this->db = new DebugBar\DataCollector\PDO\TraceablePDO(new OTS_DB_MySQL($params));
+			$debugBar->addCollector(new DebugBar\DataCollector\PDO\PDOCollector($this->db));
+		}
+		else {
 			$this->db = new OTS_DB_MySQL($params);
+		}
 
         $this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
     }

system/libs/pot/OTS_Account.php

@@ -952,7 +952,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 			return $query['group_id'];
 		}
 
-		return 0;
+		return 1;
 	}
 
 	public function getAccGroupId()

system/libs/pot/OTS_DB_MySQL.php

@@ -12,6 +12,8 @@
  * @license http://www.gnu.org/licenses/lgpl-3.0.txt GNU Lesser General Public License, Version 3
  */
 
+use MyAAC\Cache\Cache;
+
 /**
  * MySQL connection interface.
  *
@@ -26,6 +28,8 @@ class OTS_DB_MySQL extends OTS_Base_DB
 {
 	private $has_table_cache = array();
 	private $has_column_cache = array();
+
+	private $clearCacheAfter = false;
 /**
  * Creates database connection.
  *
@@ -94,7 +98,8 @@ class OTS_DB_MySQL extends OTS_Base_DB
         }
 
 		global $config;
-		if(class_exists('Cache') && ($cache = Cache::getInstance()) && $cache->enabled()) {
+		$cache = Cache::getInstance();
+		if($cache->enabled()) {
 			$tmp = null;
 			$need_revalidation = true;
 			if($cache->fetch('database_checksum', $tmp) && $tmp) {
@@ -117,12 +122,15 @@ class OTS_DB_MySQL extends OTS_Base_DB
 			}
 		}
 
+		$driverAttributes = []; // debugbar dont like persistent connection
+		if (config('env') !== 'dev' && !getBoolean(config('enable_debugbar'))) {
+			$driverAttributes[PDO::ATTR_PERSISTENT] = $params['persistent'];
+		}
+
 		if(isset($params['socket'][0])) {
 			$dns[] = 'unix_socket=' . $params['socket'];
 
-			parent::__construct('mysql:' . implode(';', $dns), $user, $password, array(
-				PDO::ATTR_PERSISTENT => $params['persistent']
-			));
+			parent::__construct('mysql:' . implode(';', $dns), $user, $password, $driverAttributes);
 
 			return;
 		}
@@ -135,20 +143,26 @@ class OTS_DB_MySQL extends OTS_Base_DB
 			$dns[] = 'port=' . $params['port'];
 		}
 
-		parent::__construct('mysql:' . implode(';', $dns), $user, $password, array(
-			PDO::ATTR_PERSISTENT => $params['persistent']
-		));
+		parent::__construct('mysql:' . implode(';', $dns), $user, $password, $driverAttributes);
     }
 
 	public function __destruct()
     {
 		global $config;
 
-	    if(class_exists('Cache') && ($cache = Cache::getInstance()) && $cache->enabled()) {
+		$cache = Cache::getInstance();
+		if($cache->enabled()) {
+			if ($this->clearCacheAfter) {
+				$cache->delete('database_tables');
+				$cache->delete('database_columns');
+				$cache->delete('database_checksum');
+			}
+			else {
 				$cache->set('database_tables', serialize($this->has_table_cache), 3600);
 				$cache->set('database_columns', serialize($this->has_column_cache), 3600);
 				$cache->set('database_checksum', serialize(sha1($config['database_host'] . '.' . $config['database_name'])), 3600);
 			}
+		}
 
 		if($this->logged) {
 			log_append('database.log', $_SERVER['REQUEST_URI'] . PHP_EOL . $this->getLog());
@@ -235,6 +249,11 @@ class OTS_DB_MySQL extends OTS_Base_DB
 			}
 		}
 	}
+
+	public function setClearCacheAfter($clearCache)
+	{
+		$this->clearCacheAfter = $clearCache;
+	}
 }
 
 /**#@-*/

system/libs/pot/OTS_Groups_List.php

@@ -8,6 +8,8 @@
  * @license http://www.gnu.org/licenses/lgpl-3.0.txt GNU Lesser General Public License, Version 3
  */
 
+use MyAAC\Cache\Cache;
+
 /**
  * List of groups.
  *

system/libs/pot/OTS_Monster.php

@@ -41,9 +41,10 @@
 class OTS_Monster extends DOMDocument
 {
 	private $loaded = false;
-	public function loadXML($source , $options = 0)
+	public function loadXML(string $source , int $options = 0): bool
 	{
 		$this->loaded = parent::loadXML($source, $options);
+		return $this->loaded;
 	}
 
 	public function loaded()
@@ -286,6 +287,10 @@ class OTS_Monster extends DOMDocument
 
         $element = $this->documentElement->getElementsByTagName('look')->item(0);
 
+        if (!$element) {
+            return $look;
+        }
+
         $look['type'] = $element->getAttribute('type');
         $look['typeex'] = $element->getAttribute('typeex');
         $look['head'] = $element->getAttribute('head');

system/libs/pot/OTS_Player.php

@@ -90,7 +90,7 @@ class OTS_Player extends OTS_Row_DAO
  * @version 0.1.2
  * @var array
  */
-    private $data = array('sex' => 0, 'vocation' => 0, 'experience' => 0, 'level' => 1, 'maglevel' => 0, 'health' => 100, 'healthmax' => 100, 'mana' => 100, 'manamax' => 100, 'manaspent' => 0, 'soul' => 0, 'lookbody' => 10, 'lookfeet' => 10, 'lookhead' => 10, 'looklegs' => 10, 'looktype' => 136, 'lookaddons' => 0, 'posx' => 0, 'posy' => 0, 'posz' => 0, 'cap' => 0, 'lastlogin' => 0, 'lastip' => 0, 'save' => true, 'skulltime' => 0, 'skull' => 0, 'balance' => 0, 'lastlogout' => 0, 'blessings' => 0, 'stamina' => 0, 'online' => 0, 'comment' => '', 'created' => 0, 'hidden' => 0);
+    private $data = array('sex' => 0, 'vocation' => 0, 'experience' => 0, 'level' => 1, 'maglevel' => 0, 'health' => 100, 'healthmax' => 100, 'mana' => 100, 'manamax' => 100, 'manaspent' => 0, 'soul' => 0, 'lookbody' => 10, 'lookfeet' => 10, 'lookhead' => 10, 'looklegs' => 10, 'looktype' => 136, 'lookaddons' => 0, 'posx' => 0, 'posy' => 0, 'posz' => 0, 'cap' => 0, 'lastlogin' => 0, 'lastip' => 0, 'save' => true, 'skulltime' => 0, 'skull' => 0, 'balance' => 0, 'lastlogout' => 0, 'blessings' => 0, 'stamina' => 0, 'online' => 0, 'comment' => '', 'created' => 0, 'hide' => 0);
 
 /**
  * Player skills.
@@ -231,7 +231,7 @@ class OTS_Player extends OTS_Row_DAO
 		}
 		else {
 			// SELECT query on database
-			$this->data = $this->db->query('SELECT `id`, `name`, `account_id`, `group_id`, `sex`, `vocation`, `experience`, `level`, `maglevel`, `health`, `healthmax`, `mana`, `manamax`, `manaspent`, `soul`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`' . ($this->db->hasColumn('players', 'lookaddons') ? ', `lookaddons`' : '') . ', `posx`, `posy`, `posz`, `cap`, `lastlogin`, `lastlogout`, `lastip`, `save`, `conditions`, `' . $__load['skull_time'] . '` as `skulltime`, `' . $__load['skull_type'] . '` as `skull`' . $__load['guild_info'] . ', `town_id`' . $__load['loss_experience'] . $__load['loss_items'] . ', `balance`' . ($__load['blessings'] ? ', `blessings`' : '') . ($__load['direction'] ? ', `direction`' : '') . ($__load['stamina'] ? ', `stamina`' : '') . ($__load['world_id'] ? ', `world_id`' : '') . ($__load['online'] ? ', `online`' : '') . ', `' . ($__load['deletion'] ? 'deletion' : 'deleted') . '`' . ($__load['promotion'] ? ', `promotion`' : '') . ($__load['marriage'] ? ', `marriage`' : '') . ', `comment`, `created`, `hidden` FROM `players` WHERE `id` = ' . (int)$id)->fetch();
+			$this->data = $this->db->query('SELECT `id`, `name`, `account_id`, `group_id`, `sex`, `vocation`, `experience`, `level`, `maglevel`, `health`, `healthmax`, `mana`, `manamax`, `manaspent`, `soul`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`' . ($this->db->hasColumn('players', 'lookaddons') ? ', `lookaddons`' : '') . ', `posx`, `posy`, `posz`, `cap`, `lastlogin`, `lastlogout`, `lastip`, `save`, `conditions`, `' . $__load['skull_time'] . '` as `skulltime`, `' . $__load['skull_type'] . '` as `skull`' . $__load['guild_info'] . ', `town_id`' . $__load['loss_experience'] . $__load['loss_items'] . ', `balance`' . ($__load['blessings'] ? ', `blessings`' : '') . ($__load['direction'] ? ', `direction`' : '') . ($__load['stamina'] ? ', `stamina`' : '') . ($__load['world_id'] ? ', `world_id`' : '') . ($__load['online'] ? ', `online`' : '') . ', `' . ($__load['deletion'] ? 'deletion' : 'deleted') . '`' . ($__load['promotion'] ? ', `promotion`' : '') . ($__load['marriage'] ? ', `marriage`' : '') . ', `comment`, `created`, `hide` FROM `players` WHERE `id` = ' . (int)$id)->fetch();
 		}
 
         // loads skills
@@ -521,17 +521,17 @@ class OTS_Player extends OTS_Row_DAO
 
     public function isHidden()
     {
-        if( !isset($this->data['hidden']) )
+        if( !isset($this->data['hide']) )
         {
             throw new E_OTS_NotLoaded();
         }
 
-        return $this->data['hidden'] == 1;
+        return $this->data['hide'] == 1;
     }
 
     public function setHidden($hidden)
     {
-        $this->data['hidden'] = (int) $hidden;
+        $this->data['hide'] = (int) $hidden;
     }
 
     public function getMarriage()

system/logout.php

@@ -7,6 +7,9 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+
+use MyAAC\CsrfToken;
+
 defined('MYAAC') or die('Direct access not allowed!');
 
 if(isset($account_logged) && $account_logged->isLoaded()) {
@@ -15,6 +18,8 @@ if(isset($account_logged) && $account_logged->isLoaded()) {
 		unsetSession('password');
 		unsetSession('remember_me');
 
+		CsrfToken::generate();
+
 		$logged = false;
 		unset($account_logged);
 

system/migrations/17.php

@@ -1,5 +1,7 @@
 <?php
 
+use MyAAC\Plugins;
+
 if(!$db->hasTable('myaac_menu')) {
 	$db->query("
 CREATE TABLE `myaac_menu`
@@ -14,75 +16,8 @@ CREATE TABLE `myaac_menu`
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 ");
-
-	$db->query("
-/* MENU_CATEGORY_NEWS kathrine */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Latest News', 'news', 1, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'News Archive', 'news/archive', 1, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Changelog', 'changelog', 1, 2);
-/* MENU_CATEGORY_ACCOUNT kathrine */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Account Management', 'account/manage', 2, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Create Account', 'account/create', 2, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Lost Account?', 'account/lost', 2, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Rules', 'rules', 2, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Downloads', 'downloads', 5, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Report Bug', 'bugtracker', 2, 5);
-/* MENU_CATEGORY_COMMUNITY kathrine */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Who is Online?', 'online', 3, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Characters', 'characters', 3, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Guilds', 'guilds', 3, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Highscores', 'highscores', 3, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Last Deaths', 'lastkills', 3, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Houses', 'houses', 3, 5);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Bans', 'bans', 3, 6);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Forum', 'forum', 3, 7);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Team', 'team', 3, 8);
-/* MENU_CATEGORY_LIBRARY kathrine */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Monsters', 'creatures', 5, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Spells', 'spells', 5, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Info', 'serverInfo', 5, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Commands', 'commands', 5, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Gallery', 'gallery', 5, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Experience Table', 'experienceTable', 5, 5);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'FAQ', 'faq', 5, 6);
-/* MENU_CATEGORY_SHOP kathrine */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Buy Points', 'points', 6, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop Offer', 'gifts', 6, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop History', 'gifts/history', 6, 2);
-/* MENU_CATEGORY_NEWS tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Latest News', 'news', 1, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'News Archive', 'news/archive', 1, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Changelog', 'changelog', 1, 2);
-/* MENU_CATEGORY_ACCOUNT tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Account Management', 'account/manage', 2, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Create Account', 'account/create', 2, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Lost Account?', 'account/lost', 2, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Rules', 'rules', 2, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Downloads', 'downloads', 2, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Report Bug', 'bugtracker', 2, 5);
-/* MENU_CATEGORY_COMMUNITY tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Characters', 'characters', 3, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Who Is Online?', 'online', 3, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Highscores', 'highscores', 3, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Last Kills', 'lastkills', 3, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Houses', 'houses', 3, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Guilds', 'guilds', 3, 5);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Polls', 'polls', 3, 6);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Bans', 'bans', 3, 7);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Support List', 'team', 3, 8);
-/* MENU_CATEGORY_FORUM tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Forum', 'forum', 4, 0);
-/* MENU_CATEGORY_LIBRARY tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Creatures', 'creatures', 5, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Spells', 'spells', 5, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Commands', 'commands', 5, 2);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Exp Stages', 'experienceStages', 5, 3);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Gallery', 'gallery', 5, 4);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Info', 'serverInfo', 5, 5);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Experience Table', 'experienceTable', 5, 6);
-/* MENU_CATEGORY_SHOP tibiacom */
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Buy Points', 'points', 6, 0);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop Offer', 'gifts', 6, 1);
-INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop History', 'gifts/history', 6, 2);
-	");
 }
+
+Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php');
+Plugins::installMenus('tibiacom', require TEMPLATES . 'tibiacom/menus.php');
+

system/migrations/20.php

@@ -1,5 +1,7 @@
 <?php
 
+use MyAAC\Settings;
+
 $query = $db->query("SELECT `id` FROM `players` WHERE (`name` = " . $db->quote("Rook Sample") . " OR `name` = " . $db->quote("Sorcerer Sample") . " OR `name` = " . $db->quote("Druid Sample") . " OR `name` = " . $db->quote("Paladin Sample") . " OR `name` = " . $db->quote("Knight Sample") . " OR `name` = " . $db->quote("Account Manager") . ") ORDER BY `id`;");
 
 $highscores_ignored_ids = array();

system/migrations/27.php

@@ -1,37 +1,47 @@
 <?php
 
+$downloadsPage = <<<HTML
+<p>&nbsp;</p>
+<p>&nbsp;</p>
+<div style="text-align: center;">We're using official Tibia Client <strong>{{ config.client / 100 }}</strong><br>
+<p>Download Tibia Client <strong>{{ config.client / 100 }}</strong>&nbsp;for Windows <a href="https://drive.google.com/drive/folders/0B2-sMQkWYzhGSFhGVlY2WGk5czQ" target="_blank" rel="noopener">HERE</a>.</p>
+<h2>IP Changer:</h2>
+<a href="https://static.otland.net/ipchanger.exe" target="_blank" rel="noopener">HERE</a></div>
+HTML;
+
 $query = $db->query("SELECT `id` FROM `" . TABLE_PREFIX . "pages` WHERE `name` LIKE " . $db->quote('downloads') . " LIMIT 1;");
 if($query->rowCount() === 0) {
-	$db->exec("INSERT INTO `myaac_pages` (`id`, `name`, `title`, `body`, `date`, `player_id`, `php`, `access`, `hidden`) VALUES
-	(null, 'downloads', 'Downloads', '<p>&nbsp;</p>
-<p>&nbsp;</p>
-<div style=\"text-align: center;\">We''re using official Tibia Client <strong>{{ config.client / 100 }}</strong><br />
-<p>Download Tibia Client <strong>{{ config.client / 100 }}</strong>&nbsp;for Windows <a href=\"https://drive.google.com/drive/folders/0B2-sMQkWYzhGSFhGVlY2WGk5czQ\" target=\"_blank\" rel=\"noopener\">HERE</a>.</p>
-<h2>IP Changer:</h2>
-<a href=\"https://static.otland.net/ipchanger.exe\" target=\"_blank\" rel=\"noopener\">HERE</a></div>', 0, 1, 0, 1, 0);");
+	$db->exec("INSERT INTO `myaac_pages` (`id`, `name`, `title`, `body`, `date`, `player_id`, `php`, `access`, `hide`) VALUES
+	(null, 'downloads', 'Downloads', {$db->quote($downloadsPage)}, 0, 1, 0, 0, 0);");
 }
 
+$commandsPage = <<<HTML
+<table class="myaac-table" style="border-collapse: collapse; width: 100%; height: 72px; border-width: 1px;" border="1"><colgroup><col style="width: 50%;"><col style="width: 50%;"></colgroup>
+<thead>
+<tr style="height: 18px;">
+<td style="height: 18px; border-width: 1px; text-align: center;"><span style="color: #ffffff;"><strong>Words</strong></span></td>
+<td style="height: 18px; border-width: 1px; text-align: center;"><strong>Description</strong></td>
+</tr>
+</thead>
+<tbody>
+<tr style="height: 18px;">
+<td style="height: 18px; border-width: 1px;">!example</td>
+<td style="height: 18px; border-width: 1px;">This is just an example</td>
+</tr>
+<tr style="height: 18px;">
+<td style="height: 18px; border-width: 1px;">!buyhouse</td>
+<td style="height: 18px; border-width: 1px;">Buy house you are looking at</td>
+</tr>
+<tr style="height: 18px;">
+<td style="height: 18px; border-width: 1px;"><em>!aol</em></td>
+<td style="height: 18px; border-width: 1px;">Buy AoL</td>
+</tr>
+</tbody>
+</table>
+HTML;
+
 $query = $db->query("SELECT `id` FROM `" . TABLE_PREFIX . "pages` WHERE `name` LIKE " . $db->quote('commands') . " LIMIT 1;");
 if($query->rowCount() === 0) {
-	$db->exec("INSERT INTO `myaac_pages` (`id`, `name`, `title`, `body`, `date`, `player_id`, `php`, `access`, `hidden`) VALUES
-(null, 'commands', 'Commands', '<table style=\"border-collapse: collapse; width: 87.8471%; height: 57px;\" border=\"1\">
-<tbody>
-<tr style=\"height: 18px;\">
-<td style=\"width: 33.3333%; background-color: #505050; height: 18px;\"><span style=\"color: #ffffff;\"><strong>Words</strong></span></td>
-<td style=\"width: 33.3333%; background-color: #505050; height: 18px;\"><span style=\"color: #ffffff;\"><strong>Description</strong></span></td>
-</tr>
-<tr style=\"height: 18px; background-color: #f1e0c6;\">
-<td style=\"width: 33.3333%; height: 18px;\"><em>!example</em></td>
-<td style=\"width: 33.3333%; height: 18px;\">This is just an example</td>
-</tr>
-<tr style=\"height: 18px; background-color: #d4c0a1;\">
-<td style=\"width: 33.3333%; height: 18px;\"><em>!buyhouse</em></td>
-<td style=\"width: 33.3333%; height: 18px;\">Buy house you are looking at</td>
-</tr>
-<tr style=\"height: 18px; background-color: #f1e0c6;\">
-<td style=\"width: 33.3333%; height: 18px;\"><em>!aol</em></td>
-<td style=\"width: 33.3333%; height: 18px;\">Buy AoL</td>
-</tr>
-</tbody>
-</table>', 0, 1, 0, 1, 0);");
+	$db->exec("INSERT INTO `myaac_pages` (`id`, `name`, `title`, `body`, `date`, `player_id`, `php`, `access`, `hide`) VALUES
+(null, 'commands', 'Commands', {$db->quote($commandsPage)}, 0, 1, 0, 0, 0);");
 }

system/migrations/28.php

@@ -1,5 +1,7 @@
 <?php
 
+use MyAAC\Cache\Cache;
+
 $db->exec('DROP TABLE IF EXISTS `' . TABLE_PREFIX . 'hooks`;');
 
 $cache = Cache::getInstance();

system/migrations/30.php

@@ -2,7 +2,7 @@
 
 $query = $db->query("SELECT `id` FROM `" . TABLE_PREFIX . "pages` WHERE `name` LIKE " . $db->quote('rules_on_the_page') . " LIMIT 1;");
 if($query->rowCount() === 0) {
-	$db->exec("INSERT INTO `myaac_pages` (`id`, `name`, `title`, `body`, `date`, `player_id`, `php`, `enable_tinymce`, `access`, `hidden`) VALUES
+	$db->exec("INSERT INTO `myaac_pages` (`id`, `name`, `title`, `body`, `date`, `player_id`, `php`, `enable_tinymce`, `access`, `hide`) VALUES
 	(null, 'rules_on_the_page', 'Rules', '1. Names
 a) Names which contain insulting (e.g. \"Bastard\"), racist (e.g. \"Nigger\"), extremely right-wing (e.g. \"Hitler\"), sexist (e.g. \"Bitch\") or offensive (e.g. \"Copkiller\") language.
 b) Names containing parts of sentences (e.g. \"Mike returns\"), nonsensical combinations of letters (e.g. \"Fgfshdsfg\") or invalid formattings (e.g. \"Thegreatknight\").
@@ -27,5 +27,5 @@ a) Excessive killing of characters who are not marked with a \"skull\" on worlds
 
 A violation of the Tibia Rules may lead to temporary banishment of characters and accounts. In severe cases removal or modification of character skills, attributes and belongings, as well as the permanent removal of accounts without any compensation may be considered. The sanction is based on the seriousness of the rule violation and the previous record of the player. It is determined by the gamemaster imposing the banishment.
 
-These rules may be changed at any time. All changes will be announced on the official website.', 0, 1, 0, 0, 1, 0);");
+These rules may be changed at any time. All changes will be announced on the official website.', 0, 1, 0, 0, 0, 0);");
 }

system/migrations/31.php

@@ -2,17 +2,56 @@
 
 if(!$db->hasColumn(TABLE_PREFIX . 'monsters', 'elements')) {
 	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `elements` TEXT NOT NULL AFTER `immunities`;");
+}
+
+if(!$db->hasColumn(TABLE_PREFIX . 'monsters', 'pushable')) {
 	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `pushable` TINYINT(1) NOT NULL DEFAULT '0' AFTER `convinceable`;");
+}
+
+if(!$db->hasColumn(TABLE_PREFIX . 'monsters', 'canpushitems')) {
 	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `canpushitems` TINYINT(1) NOT NULL DEFAULT '0' AFTER `pushable`;");
+}
+
+if(!$db->hasColumn(TABLE_PREFIX . 'monsters', 'canpushcreatures')) {
 	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `canpushcreatures` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canpushitems`;");
+}
+
+if(!$db->hasColumn(TABLE_PREFIX . 'monsters', 'canwalkonenergy')) {
 	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `canwalkonenergy` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canpushitems`;");
+}
+
+if(!$db->hasColumn(TABLE_PREFIX . 'monsters', 'canwalkonpoison')) {
 	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `canwalkonpoison` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canwalkonenergy`;");
+}
+
+if(!$db->hasColumn(TABLE_PREFIX . 'monsters', 'canwalkonfire')) {
 	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `canwalkonfire` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canwalkonpoison`;");
+}
+
+if(!$db->hasColumn(TABLE_PREFIX . 'monsters', 'runonhealth')) {
 	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `runonhealth` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canwalkonfire`;");
+}
+
+if(!$db->hasColumn(TABLE_PREFIX . 'monsters', 'hostile')) {
 	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `hostile` TINYINT(1) NOT NULL DEFAULT '0' AFTER `runonhealth`;");
+}
+
+if(!$db->hasColumn(TABLE_PREFIX . 'monsters', 'attackable')) {
 	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `attackable` TINYINT(1) NOT NULL DEFAULT '0' AFTER `hostile`;");
+}
+
+if(!$db->hasColumn(TABLE_PREFIX . 'monsters', 'rewardboss')) {
 	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `rewardboss` TINYINT(1) NOT NULL DEFAULT '0' AFTER `attackable`;");
+}
+
+if(!$db->hasColumn(TABLE_PREFIX . 'monsters', 'defense')) {
 	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `defense` INT(11) NOT NULL DEFAULT '0' AFTER `rewardboss`;");
+}
+
+if(!$db->hasColumn(TABLE_PREFIX . 'monsters', 'armor')) {
 	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `armor` INT(11) NOT NULL DEFAULT '0' AFTER `defense`;");
+}
+
+if(!$db->hasColumn(TABLE_PREFIX . 'monsters', 'summons')) {
 	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `summons` TEXT NOT NULL AFTER `loot`;");
 }

system/migrations/37.php

@@ -0,0 +1,8 @@
+<?php
+
+// 2023-11-11
+// Add Guest page access
+
+use MyAAC\Models\Pages;
+
+Pages::query()->where('access', 1)->update(['access' => 0]);

system/migrations/38.php

@@ -0,0 +1,5 @@
+<?php
+
+// 2023-11-11
+// execute highscores_ids_hidden once again, cause of settings
+require __DIR__ . '/20.php';

system/migrations/39.php

@@ -0,0 +1,18 @@
+<?php
+
+// 2024-01-27
+// change hidden to hide (Eloquent model reserved keyword)
+
+if (!$db->hasColumn('players', 'hide')) {
+	$db->exec("ALTER TABLE `players` CHANGE `hidden` `hide` TINYINT(1) NOT NULL DEFAULT 0;");
+}
+
+$db->exec("ALTER TABLE `" . TABLE_PREFIX . "changelog` CHANGE `hidden` `hide` TINYINT(1) NOT NULL DEFAULT 0;");
+$db->exec("ALTER TABLE `" . TABLE_PREFIX . "faq` CHANGE `hidden` `hide` TINYINT(1) NOT NULL DEFAULT 0;");
+$db->exec("ALTER TABLE `" . TABLE_PREFIX . "forum_boards` CHANGE `hidden` `hide` TINYINT(1) NOT NULL DEFAULT 0;");
+$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` CHANGE `hidden` `hide` TINYINT(1) NOT NULL DEFAULT 0;");
+$db->exec("ALTER TABLE `" . TABLE_PREFIX . "news` CHANGE `hidden` `hide` TINYINT(1) NOT NULL DEFAULT 0;");
+$db->exec("ALTER TABLE `" . TABLE_PREFIX . "news_categories` CHANGE `hidden` `hide` TINYINT(1) NOT NULL DEFAULT 0;");
+$db->exec("ALTER TABLE `" . TABLE_PREFIX . "pages` CHANGE `hidden` `hide` TINYINT(1) NOT NULL DEFAULT 0;");
+$db->exec("ALTER TABLE `" . TABLE_PREFIX . "gallery` CHANGE `hidden` `hide` TINYINT(1) NOT NULL DEFAULT 0;");
+$db->exec("ALTER TABLE `" . TABLE_PREFIX . "spells` CHANGE `hidden` `hide` TINYINT(1) NOT NULL DEFAULT 0;");