Updated CHANGELOG.md (format)

* added command to change permissions of system/cache directory

.gitignore

@@ -0,0 +1,3 @@
+Thumbs.db
+.DS_Store
+.idea

CHANGELOG.md

@@ -1,4 +1,82 @@
-[0.7.4 - 24.12.2017]
+# Changelog
+
+## [0.7.10 - 03.03.2018]
+### Added:
+* new configurable: smtp_secure
+* robots.txt
+
+### Fixed:
+* editing an existing page that had php enabled
+* chrome bug on save (when editing page) ERR_BLOCKED_BY_XSS_AUDITOR
+* showing IP and Port in admin panel (#44, by miqueiaspenha)
+* deleting plugin showing "You don't have rights to delete"
+* some bug with PHPMailer not finding its language file
+* default accounts.vote value
+* saving some really high long ip addresses
+
+### Changed:
+* update config.highscores_ids_hidden on install when there are samples already in database
+* auto add z_polls table on install
+
+### Internal:
+* changed mb_strtolower functions to strtolower()
+* added new function: $hooks->exist($type)
+
+## [0.7.9 - 13.01.2018]
+	* removed 6mb of trash (some useless things)
+	* (fix) TFS 1.x not showing promoted vocations in highscores
+	* otserv 0.6.x: fixed some warning (on the characters page) and fatal mysql error (on the mango signature)
+	* fixed default stamina on otserv 0.6.x engine (and some others perhaps)
+	* install: change permission check to is_writable
+	* changed highscores_groups_hidden to 3 (for TFS 1.x)
+	* updated background-artwork (tibiacom template) to the latest version, removed other ones
+
+## [0.7.8 - 12.01.2018]
+	* fixed installation error " call to undefined method OTS_DB_MySQL::hasColumn()"
+	* updated tinymce to the latest (4.7.4) version
+	* enabled emoticons plugin in tinymce :)
+	* some security fixes
+
+## [0.7.7 - 08.01.2018]
+	* important fix for servers with promotion column (caused player.vocation to be resetted when saving player, for example: on change name, accept invite to guild, leave guild)
+	* immediately reload config.lua when there's change in config.server_path detected
+	* added new forum option: "Enable HTML" (only for moderators)
+	* fixed othire default column value (#26)
+	* fixed saving custom vocations in admin panel (#36)
+	* fixed warning in highscores when vocation doesn't exist
+	* fixed characters page - config.characters.frags "Notice: Use of undefined constant"
+	* fixed getBoolean function when boolean is passed
+	* fixed empty success message on leave guild
+	* fixed displaying premium account days
+	* function OTS_Account:getPremDays will now return -1 if there's freePremium configurable enabled on the server
+	* fixed tr bgcolor in characters view (Frags) (#38)
+	* fixed some warning in guild show
+	* fixed PHP warning about country not existing on online and characters pages
+	* fixed forum bbcode parsing
+	* don't add extra <br/> to the TinyMCE news forum posts
+	* (internal) using $player->getVocationName() where possible instead of older method
+
+## [0.7.6 - 05.01.2017]
+	* fixed othire account creating/installation
+	* fixed table name players -> players_online
+	* fixed unexpected error logging about email fail
+	* added max_execution_time to the install finish step
+	* some small fix regarding highscores vocation box
+
+## [0.7.5 - 04.01.2017]
+	* fixed bug on othire with config.account_premium_days
+	* fixed bug on TFS 1.x when online_afk is enabled
+	* warning about leaving news page with changes
+	* added player status to tibiacom top 5 highscores box
+	* save detected country on create account in session
+	* fixed getPremDays and isPremium functions (newest 11.x engines are bugged when it comes to PACC, its not fault of MyAAC)
+	* fix when there are no changelogs or highscores yet
+	* small fix regarding getTopPlayers function which was ignoring $limit variable
+	* fixed news adding when type != ARTICLE
+	* fixed template path finding
+	* fixed displaying article_text when it was empty saved
+
+## [0.7.4 - 24.12.2017]
 	* fixed mysql fatal error on tibiacom template - top 5 box
 	* fixed displaying of level percent bar on tibian signature
 	* inform user about Twig cache failure on installation, instead of http 500 error
@@ -6,7 +84,7 @@
 	* remember client version select and usage stats checkbox in session on install
 	* automatically update highscores_ids_hidden for users who installed myaac before (migration)
 
-[0.7.3 - 18.12.2017]
+## [0.7.3 - 18.12.2017]
 	* auto generate myaac cache & session prefix on install to be unique across installations
 	* fixed hiding shop system menu on tibiacom template when disabled in config
 	* prevent adding duplicated newses with installation
@@ -21,7 +99,7 @@
 	* (internal) renamed installation step files to be in correct order
 	* added TODO file
 
-[0.7.1 - 13.12.2017]
+## [0.7.1 - 13.12.2017]
 	* added changelog menu item to kathrine template
 	* fixed some php short tag in changelogs page
 	* fixed guild change description back button
@@ -29,7 +107,7 @@
 	* changed some notice when version check is failed
 	* (internal) moved changelog to twig
 
-[0.7.0 - 20.11.2017]
+## [0.7.0 - 20.11.2017]
 	* moved template menus to database, they're now dynamically loaded
 	* added anonymous usage statistics reporting (only if user agrees, first usage report will be send after 7 days)
 	* you can edit them in Admin Panel under 'Menus' option
@@ -66,24 +144,24 @@
 	* (internal) renamed constant TICKET -> TICKER
 	* (internal) shortened message functions
 	
-[0.6.6 - 22.10.2017]
+## [0.6.6 - 22.10.2017]
 	* fixed some php fatal error on spells page
 	* changed spells.vocations field in db size to 300
 	* please reload your spells after this update!
 
-[0.6.5 - 21.10.2017]
+## [0.6.5 - 21.10.2017]
 	* fixed displaying custom pages
 	* fixed adding new group forum board
 	
-[0.6.4 - 20.10.2017]
+## [0.6.4 - 20.10.2017]
 	* reverted OTS_Account::getLastLogin() cause its used by tibia11-login plugin
 	
-[0.6.3 - 20.10.2017]
+## [0.6.3 - 20.10.2017]
 	* fixed creating account
 	* fixed viewing thread without being logged 
 	* fixed showing premium account status
 	
-[0.6.2 - 20.10.2017]
+## [0.6.2 - 20.10.2017]
 	* added forums for guilds and groups
 	* added nice looking menu for my account page in default template
 	* new command line tool: install_plugin.php - can be used to install plugins from command line. Usage: "php install_plugin.php path_to_file"
@@ -116,7 +194,7 @@
 	* (internal) new function: OTS_Guild::hasMember(OTS_Player $player)
 	* (internal) new function: Forum::hasAccess($board_id)
 	
-[0.6.1 - 17.10.2017]
+## [0.6.1 - 17.10.2017]
 	* fixed signatures loading
 	* new configurable: session_prefix, to allow more websites on one machine (must be unique for every website on your dedicated server!)
 	* better error handling for monsters and spells loader (save errors to system/logs/error.log)
@@ -126,7 +204,7 @@
 	* (internal) moved forum actions (pages) to forum/ directory
 	* (internal) moved forum.edit_post to twig templates
 
-[0.6.0 - 16.10.2017]
+## [0.6.0 - 16.10.2017]
 	* added faq management - add/edit/move/hide/delete from website
 	* new account.login view for tibiacom template
 	* monsters and spells are now being loaded at the installation of the AAC
@@ -149,7 +227,7 @@
 	* ajax requests returns now json instead of xml
 	* added 404 response when file is not found
 
-[0.5.1 - 11.10.2017]
+## [0.5.1 - 11.10.2017]
 	* fixed forum add/edit board
 	* new configurable: highscores_length, how much highscores to display
 	* fixed highscores links (ALL, previous and next page)
@@ -159,7 +237,7 @@
 	* check if plugin exist before uninstalling
 	* fixed some warning in OTS_Base_DB
 
-[0.5.0 - 10.10.2017]
+## [0.5.0 - 10.10.2017]
 	* moved .htaccess rules to plain php (index.php)
 	* updated tinymce to the latest (4.7.0) version, you can now embed code, for example youtube videos
 	* added option to uninstall plugin
@@ -178,7 +256,7 @@
 	* added new twig function getLink that convert link taking into account config.friendly_urls
 	* internalLayoutLink -> getLink
 
-[0.4.3 - 05.10.2017]
+## [0.4.3 - 05.10.2017]
 	* better config loader taken from latest gesior, you can now include files in your config by doing dofile('config.local.lua')
 	* fixed country detection in create account
 	* fixed showing of character deaths and frags
@@ -192,14 +270,14 @@
 	* added bugtracker to kathrine template
 	* added CREDITS file
 
-[0.4.2 - 14.09.2017]
+## [0.4.2 - 14.09.2017]
 	* updated version number
 
-[0.4.1 - 13.09.2017]
+## [0.4.1 - 13.09.2017]
 	* fixed log in to admin panel
 	* fixed File is not .zip plugin upload error
 
-[0.4.0 - 13.09.2017
+## [0.4.0 - 13.09.2017
 	* added option to add/edit/delete/hide/move forum boards
 	* moved some of HTML-in-PHP code to Twig templates
 	* added bug_report configurable which can enable/disable bug tracker
@@ -216,7 +294,7 @@
 	* some small improvements
 	* fixed some separators in kathrine template
 
-[0.3.0 - 28.08.2017]
+## [0.3.0 - 28.08.2017]
 	* added administration panel for screenshots management with auto thumbnail generator and image auto-resizing
 	* added Twig template engine and moved some html-in-php code to it
 	* automatically detect player country based on user location (IP) on create account
@@ -234,7 +312,7 @@
 	* moved news adding at installation from schema.sql to finish.php
 	* some optimizations
 
-[0.2.4 - 09.06.2017]
+## [0.2.4 - 09.06.2017]
 	* fixed invite to guild
 	* added id field on monsters, so you can delete them in phpmyadmin
 	* fixed adding some creatures with ' and "
@@ -243,7 +321,7 @@
 	* fixed typo loss_items => loss_containers
 	* more elegant way of showing message on reload creatures and spells
 
-[0.2.3 - 31.05.2017]
+## [0.2.3 - 31.05.2017]
 	* fixed guild management on OTHire 0.0.3
 	* set default skills to 10 when creating new character
 	* fixed displaying of "Create forum thread" in newses
@@ -255,15 +333,15 @@
 	* fixed Undefined variable (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444034)
 	* fixed Undefined offset (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444035)
 
-[0.2.2 - 22.05.2017]
+## [0.2.2 - 22.05.2017]
 	* added missing cache/signature directory
 	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2443868
 
-[0.2.1 - 21.05.2017]
+## [0.2.1 - 21.05.2017]
 	* added Swedish translation by Sizaro
 	* fixed some bugs with installlation & characters & houses
 
-[0.2.0 - 21.05.2017]
+## [0.2.0 - 21.05.2017]
 	* added option to change character sex for premium points
 	* moved site_closed to database, now you can close your site through admin panel
 	* added option to admin panel: clear cache
@@ -283,10 +361,10 @@
 	* fixed movies unexpected comment
 	* added template_place_holder('center_top') to kathrine template
 
-[0.1.5 - 13.05.2017]
+## [0.1.5 - 13.05.2017]
 	* fixed bug with "Integrity constraint violation: 1048 Column 'ip' cannot be null"
 
-[0.1.4 - 13.05.2017]
+## [0.1.4 - 13.05.2017]
 	* added outfit shower, in characters, online, and highscores
 	* updated database to version 2
 	* fixed item images (now using item-images.ots.me host by default)
@@ -295,17 +373,17 @@
 	* removed some unused code from my old server
 	* added spells & monsters to kathrine template
 
-[0.1.3 - 11.05.2017]
+## [0.1.3 - 11.05.2017]
 	* this is just release to update version number
 
-[0.1.2 - 11.05.2017]
+## [0.1.2 - 11.05.2017]
 	* forgot to update CHANGELOG and MYAAC_VERSION
 
-[0.1.1 - 11.05.2017]
+## [0.1.1 - 11.05.2017]
 	* fixed updating myaac_config with database_version to 1
 	* fixed database updater
 
-[0.1.0 - 11.05.2017]
+## [0.1.0 - 11.05.2017]
 	* added new feature: change character name for premium points (disabled by default, you can enable it in config under account_change_character_name in config.php)
 	* added automatic database updater (data migrations)
 	* renamed events to hooks
@@ -329,13 +407,13 @@
 	* fixed signatures (many fixes)
 	* added missing gesior signature system
 
-[0.0.6 - 06.05.2017]
+## [0.0.6 - 06.05.2017]
 	* fixed bug while installing (https://otland.net/threads/myaac-v0-0-1.251454/page-3#post-2440543)
 	* fixed bug when creating character (not showing errors) (one more time)
 	* fixed support for TFS 0.2 series
 	* added FAQ link
 	
-[0.0.5 - 05.05.2017]
+## [0.0.5 - 05.05.2017]
 	* fixed bug when creating character (not showing errors)
 	* Fixed characters loading with names that has been created with other AAC
 	* fixed links to shop in default template
@@ -348,7 +426,7 @@
 	* fixes when $config['database_*'] is set
 	* added CHANGELOG
 
-[0.0.3 - 03.05.2017]
+## [0.0.3 - 03.05.2017]
 	* Full support for OTHire 0.0.3
 	* added support for otservers that doesn't use account.name field, instead just account number will be used
 	* fixed encryption detection on TFS 0.3
@@ -359,7 +437,7 @@
 	* fixed installation errors
 	* fixed config.lua loading with some weird comments
 
-[0.0.2 - 02.05.2017]
+## [0.0.2 - 02.05.2017]
 	* updated forum links to use friendly_urls
 	* some more info will be shown when cannot connect to database
 	* show more error infos when creating character
@@ -370,8 +448,8 @@
 	* fixed support for gesior pages and templates
 	* added function OTS_Acount:getGroupId()
 
-[0.0.1 - 01.05.2017]
+## [0.0.1 - 01.05.2017]
 	This is first official release of MyAAC.
 	Features are listed here
 
-	For more information, see the release announcement on OTLand: https://otland.net/threads/myaac-v0-0-1.251454/
+	For more information, see the release announcement on OTLand: https://otland.net/threads/myaac-v0-0-1.251454/

README.md

@@ -5,7 +5,7 @@ Official website: https://my-aac.org
 
 ### REQUIREMENTS
 
-	- PHP 5.3.0 or later
+	- PHP 5.3.3 or later
 	- MySQL database
 	- PDO PHP Extension
 	- XML PHP Extension
@@ -28,6 +28,7 @@ Official website: https://my-aac.org
 			chmod 660 images/guilds
 			chmod 660 images/houses
 			chmod 660 images/gallery
+			chmod -R 770 system/cache
 
 	Visit http://your_domain/install (http://localhost/install) and follow instructions in the browser.
 

common.php

@@ -26,8 +26,8 @@
 session_start();
 
 define('MYAAC', true);
-define('MYAAC_VERSION', '0.7.4');
-define('DATABASE_VERSION', 20);
+define('MYAAC_VERSION', '0.7.10');
+define('DATABASE_VERSION', 22);
 define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));
 define('MYAAC_OS', (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? 'WINDOWS' : (strtoupper(PHP_OS) == 'DARWIN' ? 'MAC' : 'LINUX'));

config.php

@@ -75,7 +75,7 @@ $config = array(
 
 	// images
 	'outfit_images_url' => 'http://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
-	'item_images_url' => 'http://item-images.ots.me/960/', // set to images/items if you host your own items in images folder
+	'item_images_url' => 'http://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
 
 	// account
 	'account_management' => true, // disable if you're using other method to manage users (fe. tfs account manager)
@@ -107,6 +107,7 @@ $config = array(
 	'smtp_auth' => true, // need authorization?
 	'smtp_user' => 'admin@example.org',
 	'smtp_pass' => '',
+	'smtp_secure' => '', // What kind of encryption to use on the SMTP connection. Options: '', 'ssl' or 'tls', use 'ssl' for gmail
 
 	// reCAPTCHA (prevent spam bots)
 	'recaptcha_enabled' => false, // enable recaptcha verification code
@@ -185,7 +186,7 @@ $config = array(
 	'highscores_frags' => false, // show 'Frags' tab (best fraggers on the server)? Only 0.3
 	'highscores_outfit' => true, // show player outfit?
 	'highscores_country_box' => false, // doesnt work yet! (not implemented)
-	'highscores_groups_hidden' => 4, // this group id and higher won't be shown on the highscores
+	'highscores_groups_hidden' => 3, // this group id and higher won't be shown on the highscores
 	'highscores_ids_hidden' => array(0), // this ids of players will be hidden on the highscores (should be ids of samples)
 	'highscores_length' => 100, // how many records per page on highscores
 

index.php

@@ -51,7 +51,7 @@ if(preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
 	include(TOOLS . 'signature/index.php');
 	exit();
 }
-else if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz)$/i", $_SERVER['REQUEST_URI'])) {
+else if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
 	header("HTTP/1.0 404 Not Found");
 	exit;
 }
@@ -176,21 +176,17 @@ if(fetchDatabaseConfig('database_version', $tmp)) { // we got version
 	$tmp = (int)$tmp;
 	if($tmp < DATABASE_VERSION) { // import if older
 		for($i = $tmp + 1; $i <= DATABASE_VERSION; $i++) {
-			$file = SYSTEM . 'migrations/' . $i . '.php';
-			if(file_exists($file)) {
-				require($file);
-			}
+			require(SYSTEM . 'migrations/' . $i . '.php');
+			updateDatabaseConfig('database_version', $i);
 		}
-		
-		updateDatabaseConfig('database_version', DATABASE_VERSION);
 	}
 }
 else { // register first version
+	registerDatabaseConfig('database_version', 0);
 	for($i = 1; $i <= DATABASE_VERSION; $i++) {
 		require(SYSTEM . 'migrations/' . $i . '.php');
+		updateDatabaseConfig('database_version', $i);
 	}
-
-	registerDatabaseConfig('database_version', DATABASE_VERSION);
 }
 
 // event system

install/includes/schema.sql

@@ -1,7 +1,7 @@
 CREATE TABLE `myaac_account_actions`
 (
 	`account_id` INT(11) NOT NULL,
-	`ip` INT(11) NOT NULL DEFAULT 0,
+	`ip` INT(10) UNSIGNED NOT NULL DEFAULT 0,
 	`ipv6` BINARY(16) NOT NULL DEFAULT 0,
 	`date` INT(11) NOT NULL DEFAULT 0,
 	`action` VARCHAR(255) NOT NULL DEFAULT '',
@@ -109,6 +109,7 @@ CREATE TABLE `myaac_forum`
 	`post_text` text NOT NULL,
 	`post_topic` varchar(255) NOT NULL DEFAULT '',
 	`post_smile` tinyint(1) NOT NULL default '0',
+	`post_html` tinyint(1) NOT NULL default '0',
 	`post_date` int(20) NOT NULL default '0',
 	`last_edit_aid` int(20) NOT NULL default '0',
 	`edit_date` int(20) NOT NULL default '0',

install/steps/3-requirements.php

@@ -22,11 +22,11 @@ function version_check($name, $ok, $info = '', $warning = false)
 $failed = false;
 
 // start validating
-version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50300), PHP_VERSION);
+version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50303), PHP_VERSION);
 foreach(array('config.local.php', 'images/guilds', 'images/houses', 'images/gallery') as $value)
 {
-	$perms = (int) substr(decoct(fileperms(BASE . $value)), 2);
-	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $perms >= 660);
+	$is_writable = is_writable(BASE . $value);
+	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $is_writable);
 }
 
 $ini_register_globals = ini_get_bool('register_globals');

install/steps/5-database.php

@@ -219,6 +219,17 @@ if(!$error) {
 				if(query("ALTER TABLE `players` ADD `comment` TEXT NOT NULL;"))
 					success($locale['step_database_adding_field'] . ' players.comment...');
 			}
+			
+			if(fieldExist('rank_id', 'players')) {
+				if(query("ALTER TABLE players MODIFY `rank_id` INT(11) NOT NULL DEFAULT 0;"))
+					success($locale['step_database_modifying_field'] . ' players.rank_id...');
+			
+				if(fieldExist('guildnick', 'players')) {
+					if(query("ALTER TABLE players MODIFY `guildnick` VARCHAR(255) NOT NULL DEFAULT '';")) {
+						success($locale['step_database_modifying_field'] . ' players.guildnick...');
+					}
+				}
+			}
 		}
 		
 		if(!$error && (!isset($_SESSION['saved']))) {

install/steps/7-finish.php

@@ -1,6 +1,7 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
+ini_set('max_execution_time', 300);
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
 }
@@ -121,50 +122,34 @@ else {
 		$insert_into_players = "INSERT INTO `players` (`id`, `name`, `group_id`, `account_id`, `level`, `vocation`, `health`, `healthmax`, `experience`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`, `maglevel`, `mana`, `manamax`, `manaspent`, `soul`, `town_id`, `posx`, `posy`, `posz`, `conditions`, `cap`, `sex`, `lastlogin`, `lastip`, `save`, `lastlogout`, `balance`, `$deleted`, `created`, `hidden`, `comment`) VALUES ";
 		$success = true;
 
-		$highscores_ignored_ids = array();
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Rook Sample'));
 		if($query->rowCount() == 0) {
 			if(!query($insert_into_players . "(null, 'Rook Sample', 1, " . getSession('account') . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 1, 1000, 1000, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
-			else {
-				$highscores_ignored_ids[] = $db->lastInsertId();
-			}
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Sorcerer Sample'));
 		if($query->rowCount() == 0) {
 			if(!query($insert_into_players . "(null, 'Sorcerer Sample', 1, " . getSession('account') . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
-			else {
-				$highscores_ignored_ids[] = $db->lastInsertId();
-			}
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Druid Sample'));
 		if($query->rowCount() == 0) {
 			if(!query($insert_into_players . "(null, 'Druid Sample', 1, " . getSession('account') . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
-			else {
-				$highscores_ignored_ids[] = $db->lastInsertId();
-			}
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Paladin Sample'));
 		if($query->rowCount() == 0) {
 			if(!query($insert_into_players . "(null, 'Paladin Sample', 1, " . getSession('account') . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
-			else {
-				$highscores_ignored_ids[] = $db->lastInsertId();
-			}
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Knight Sample'));
 		if($query->rowCount() == 0) {
 			if(!query($insert_into_players . "(null, 'Knight Sample', 1, " . getSession('account') . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
-			else {
-				$highscores_ignored_ids[] = $db->lastInsertId();
-			}
 		}
 
 		if($success) {
@@ -192,19 +177,18 @@ else {
 			error(Spells::getLastError());
 		}
 
-		$content = PHP_EOL;
-		$content .= '$config[\'highscores_ids_hidden\'] = array(' . implode(', ', $highscores_ignored_ids) . ');';
-		$content .= PHP_EOL;
-
-		$file = fopen(BASE . 'config.local.php', 'a+');
-		if($file) {
-			fwrite($file, $content);
-		}
-		else {
+		// update config.highscores_ids_hidden
+		$database_migration_20 = true;
+		require_once(SYSTEM . 'migrations/20.php');
+		$content = '';
+		if(!databaseMigration20($content)) {
 			$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.local.php</b>', $locale['step_database_error_file']);
 			warning($locale['step_database_error_file'] . '<br/>
-				<textarea cols="70" rows="10">' . $content . '</textarea>');
+						<textarea cols="70" rows="10">' . $content . '</textarea>');
 		}
+		
+		// add z_polls tables
+		require_once(SYSTEM . 'migrations/22.php');
 
 		$locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(ADMIN_URL, $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 		$locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(BASE_URL, $locale['step_finish_homepage'], true), $locale['step_finish_desc']);

robots.txt

@@ -0,0 +1,2 @@
+User-agent: *
+Disallow:

system/functions.php

@@ -156,6 +156,10 @@ function getFlagImage($country)
 	if(!isset($config['countries']))
 		require(SYSTEM . 'countries.conf.php');
 
+	if(!isset($config['countries'][$country])) {
+		return '';
+	}
+	
 	return '<img src="images/flags/' . $country . '.gif" title="' . $config['countries'][$country]. '"/>';
 }
 
@@ -167,7 +171,9 @@ function getFlagImage($country)
  */
 function getBoolean($v)
 {
-	if(!$v || !isset($v[0])) return false;
+	if(is_bool($v)) {
+		return $v;
+	}
 
 	if(is_numeric($v))
 		return intval($v) > 0;
@@ -573,7 +579,7 @@ function getCreatureName($killer, $showStatus = false, $extendedInfo = false)
 
 			$str .= '<font color="'.($player->isOnline() ? 'green' : 'red').'">' . $player->getName() . '</font></b></a>';
 			if($extendedInfo) {
-				$str .= '<br><small>'.$player->getLevel().' '.$config['vocations'][$player->getVocation()].'</small>';
+				$str .= '<br><small>'.$player->getLevel().' '.$player->getVocationName().'</small>';
 			}
 			return $str;
 		}
@@ -809,6 +815,7 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 	{
 		require(SYSTEM . 'libs/phpmailer/PHPMailerAutoload.php');
 		$mailer = new PHPMailer();
+		$mailer->setLanguage('en', LIBS . 'phpmailer/language/');
 	}
 
 	$signature_html = '';
@@ -828,6 +835,7 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 		$mailer->SMTPAuth = $config['smtp_auth'];
 		$mailer->Username = $config['smtp_user'];
 		$mailer->Password = $config['smtp_pass'];
+		$mailer->SMTPSecure = isset($config['smtp_secure']) ? $config['smtp_secure'] : '';
 	}
 	else
 		$mailer->IsMail();
@@ -970,9 +978,17 @@ function getTopPlayers($limit = 5) {
 		$deleted = 'deleted';
 		if(fieldExist('deletion', 'players'))
 			$deleted = 'deletion';
-		
-		$players = $db->query('SELECT `name`, `level`, `experience` FROM `players` WHERE `group_id` < ' . $config['highscores_groups_hidden'] . ' AND `id` NOT IN (' . implode(', ', $config['highscores_ids_hidden']) . ') AND `' . $deleted . '` = 0 AND `account_id` != 1 ORDER BY `experience` DESC LIMIT 5')->fetchAll();
-		
+
+		$is_tfs10 = tableExist('players_online');
+		$players = $db->query('SELECT `id`, `name`, `level`, `experience`' . ($is_tfs10 ? '' : ', `online`') . ' FROM `players` WHERE `group_id` < ' . $config['highscores_groups_hidden'] . ' AND `id` NOT IN (' . implode(', ', $config['highscores_ids_hidden']) . ') AND `' . $deleted . '` = 0 AND `account_id` != 1 ORDER BY `experience` DESC LIMIT ' . (int)$limit)->fetchAll();
+
+		if($is_tfs10) {
+			foreach($players as &$player) {
+				$query = $db->query('SELECT `player_id` FROM `players_online` WHERE `player_id` = ' . $player['id']);
+				$player['online'] = ($query->rowCount() > 0 ? 1 : 0);
+			}
+		}
+
 		$i = 0;
 		foreach($players as &$player) {
 			$player['rank'] = ++$i;

system/hooks.php

@@ -42,12 +42,12 @@ class Hook
 			$ret = $tmp($params);
 		}*/
 		
-		global $db, $config, $template_path, $ots, $content;
+		global $db, $config, $template_path, $ots, $content, $twig;
 		if(file_exists(BASE . $this->_file)) {
-			require(BASE . $this->_file);
+			$ret = require(BASE . $this->_file);
 		}
 
-		return true;
+		return $ret === null || $ret == 1 || $ret;
 	}
 
 	public function name() {return $this->_name;}
@@ -71,11 +71,17 @@ class Hooks
 		if(isset(self::$_hooks[$type]))
 		{
 			foreach(self::$_hooks[$type] as $name => $hook)
-				$ret = $hook->execute($params);
+				if(!$hook->execute($params)) {
+					$ret = false;
+				}
 		}
 
 		return $ret;
 	}
+
+	public function exist($type) {
+		return isset(self::$_hooks[$type]);
+	}
 	
 	public function load()
 	{

system/init.php

@@ -8,14 +8,14 @@
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
+
 // load configuration
 require_once(BASE . 'config.php');
 if(file_exists(BASE . 'config.local.php')) // user customizations
 	require(BASE . 'config.local.php');
 
 if(!isset($config['installed']) || !$config['installed']) {
-	header('Location: ' . BASE_URL);
-	die('AAC has not been installed yet or there was error during installation. Please install again.');
+	die('MyAAC has not been installed yet or there was error during installation. Please install again.');
 }
 
 date_default_timezone_set($config['date_timezone']);
@@ -87,21 +87,26 @@ if(isset($_REQUEST))
 }
 
 // load otserv config file
-$tmp = '';
-if($cache->enabled() && $cache->fetch('config_lua', $tmp)) {
-	$config['lua'] = unserialize($tmp);
-	/*if(isset($config['lua']['myaac'][0])) {
-		foreach($config['lua']['myaac'] as $key => $value)
-			$config[$key] = $value;
-	}*/
+$config_lua_reload = true;
+if($cache->enabled()) {
+	$tmp = null;
+	if($cache->fetch('server_path', $tmp) && $tmp == $config['server_path']) {
+		$tmp = null;
+		if($cache->fetch('config_lua', $tmp) && $tmp) {
+			$config['lua'] = unserialize($tmp);
+			$config_lua_reload = false;
+		}
+	}
 }
-else
-{
+
+if($config_lua_reload) {
 	$config['lua'] = load_config_lua($config['server_path'] . 'config.lua');
 
 	// cache config
-	if($cache->enabled())
+	if($cache->enabled()) {
 		$cache->set('config_lua', serialize($config['lua']), 120);
+		$cache->set('server_path', $config['server_path']);
+	}
 }
 unset($tmp);
 

system/libs/forum.php

@@ -37,7 +37,20 @@ class Forum
 	{
 		global $db;
 		$thread_id = 0;
-		if($db->insert(TABLE_PREFIX . 'forum', array('first_post' => 0, 'last_post' => time(), 'section' => $section_id, 'replies' => 0, 'views' => 0, 'author_aid' => isset($account_id) ? $account_id : 0, 'author_guid' => isset($player_id) ? $player_id : 0, 'post_text' => $body, 'post_topic' => $title, 'post_smile' => 0, 'post_date' => time(), 'last_edit_aid' => 0, 'edit_date' => 0, 'post_ip' => $_SERVER['REMOTE_ADDR']))) {
+		if($db->insert(TABLE_PREFIX . 'forum', array(
+			'first_post' => 0,
+			'last_post' => time(),
+			'section' => $section_id,
+			'replies' => 0,
+			'views' => 0,
+			'author_aid' => isset($account_id) ? $account_id : 0,
+			'author_guid' => isset($player_id) ? $player_id : 0,
+			'post_text' => $body, 'post_topic' => $title,
+			'post_smile' => 0, 'post_html' => 1,
+			'post_date' => time(),
+			'last_edit_aid' => 0, 'edit_date' => 0,
+			'post_ip' => $_SERVER['REMOTE_ADDR']
+		))) {
 			$thread_id = $db->lastInsertId();
 			$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `first_post`=".(int) $thread_id." WHERE `id` = ".(int) $thread_id);
 		}
@@ -45,7 +58,7 @@ class Forum
 		return $thread_id;
 	}
 	
-	static public function add_post($thread_id, $section, $author_aid, $author_guid, $post_text, $post_topic, $smile)
+	static public function add_post($thread_id, $section, $author_aid, $author_guid, $post_text, $post_topic, $smile, $html)
 	{
 		global $db;
 		$db->insert(TABLE_PREFIX . 'forum', array(
@@ -56,6 +69,7 @@ class Forum
 			'post_text' => $post_text,
 			'post_topic' => $post_topic,
 			'post_smile' => $smile,
+			'post_html' => $html,
 			'post_date' => time(),
 			'post_ip' => $_SERVER['REMOTE_ADDR']
 		));
@@ -232,16 +246,20 @@ class Forum
 		foreach($tags as $search => $replace)
 			$text = preg_replace($search, $replace, $text);
 		
-		return ($smiles == 0 ? Forum::parseSmiles($text) : $text);
+		return ($smiles ? Forum::parseSmiles($text) : $text);
 	}
 	
-	public static function showPost($topic, $text, $smiles)
+	public static function showPost($topic, $text, $smiles = true, $html = false)
 	{
-		$text = nl2br($text);
+		if($html) {
+			return '<b>' . $topic . '</b><hr />' . $text;
+		}
+
 		$post = '';
 		if(!empty($topic))
-			$post .= '<b>'.($smiles == 0 ? self::parseSmiles($topic) : $topic).'</b><hr />';
-		$post .= self::parseBBCode($text, $smiles);
+			$post .= '<b>'.($smiles ? self::parseSmiles($topic) : $topic).'</b><hr />';
+
+		$post .= self::parseBBCode(nl2br($text), $smiles);
 		return $post;
 	}
 	

system/libs/plugins.php

@@ -10,6 +10,34 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
+function is_sub_dir($path = NULL, $parent_folder = SITE_PATH) {
+	
+	//Get directory path minus last folder
+	$dir = dirname($path);
+	$folder = substr($path, strlen($dir));
+	
+	//Check the the base dir is valid
+	$dir = realpath($dir);
+	
+	//Only allow valid filename characters
+	$folder = preg_replace('/[^a-z0-9\.\-_]/i', '', $folder);
+	
+	//If this is a bad path or a bad end folder name
+	if( !$dir OR !$folder OR $folder === '.') {
+		return FALSE;
+	}
+	
+	//Rebuild path
+	$path = $dir. '/' . $folder;
+	
+	//If this path is higher than the parent folder
+	if( strcasecmp($path, $parent_folder) > 0 ) {
+		return $path;
+	}
+	
+	return FALSE;
+}
+
 class Plugins {
 	private static $warnings = array();
 	private static $error = null;
@@ -160,16 +188,33 @@ class Plugins {
 				else {
 					$success = true;
 					foreach($plugin_info['uninstall'] as $file) {
-						$file = BASE . $file;
-						if(!deleteDirectory($file)) {
+						if(strpos($file, '/') === 0) {
 							$success = false;
+							self::$error = "You cannot use absolute paths (starting with slash - '/'): " . $file;
+							break;
+						}
+						
+						$file = str_replace('\\', '/', BASE . $file);
+						$realpath = str_replace('\\', '/', realpath(dirname($file)));
+						if(!is_sub_dir($file, BASE) || $realpath != dirname($file)) {
+							$success = false;
+							self::$error = "You don't have rights to delete: " . $file;
+							break;
 						}
 					}
-					
+
+					if($success) {
+						foreach($plugin_info['uninstall'] as $file) {
+							if(!deleteDirectory(BASE . $file)) {
+								self::$warnings[] = 'Cannot delete: ' . $$file;
+							}
+						}
+					}
+
 					if (isset($plugin_info['hooks'])) {
 						foreach ($plugin_info['hooks'] as $_name => $info) {
 							if (defined('HOOK_'. $info['type'])) {
-								$hook = constant('HOOK_'. $info['type']);
+								//$hook = constant('HOOK_'. $info['type']);
 								$query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'hooks` WHERE `name` = ' . $db->quote($_name) . ';');
 								if ($query->rowCount() == 1) { // found something
 									$query = $query->fetch();
@@ -187,9 +232,6 @@ class Plugins {
 						
 						return true;
 					}
-					else {
-						self::$error = error_get_last();
-					}
 				}
 			}
 		}

system/libs/pot/OTS_Account.php

@@ -39,7 +39,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
  * @var array
  * @version 0.1.5
  */
-    private $data = array('email' => '', 'blocked' => false, 'rlname' => '','location' => '','web_flags' => 0,'lastday' => 0,'premdays' => 0, 'created' => 0);
+    private $data = array('email' => '', 'blocked' => false, 'rlname' => '','location' => '','web_flags' => 0, 'lastday' => 0, 'premdays' => 0, 'created' => 0);
 
 /**
  * Creates new account.
@@ -170,7 +170,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
     public function load($id)
     {
         // SELECT query on database
-        $this->data = $this->db->query('SELECT `id`, ' . (fieldExist('name', 'accounts') ? '`name`,' : '') . '`password`, `email`, ' . $this->db->fieldName('blocked') . ', ' . $this->db->fieldName('rlname') . ', ' . $this->db->fieldName('location') . ', ' . $this->db->fieldName('web_flags') . ', ' . (fieldExist('premdays', 'accounts') ? $this->db->fieldName('premdays') . ',' : '') . (fieldExist('lastday', 'accounts') ? $this->db->fieldName('lastday') . ',' : (fieldExist('premend', 'accounts') ?  $this->db->fieldName('premend') . ' as `lastday`,' : '')) . $this->db->fieldName('created') . ' FROM ' . $this->db->tableName('accounts') . ' WHERE ' . $this->db->fieldName('id') . ' = ' . (int) $id)->fetch();
+        $this->data = $this->db->query('SELECT `id`, ' . (fieldExist('name', 'accounts') ? '`name`,' : '') . '`password`, `email`, ' . $this->db->fieldName('blocked') . ', ' . $this->db->fieldName('rlname') . ', ' . $this->db->fieldName('location') . ', ' . $this->db->fieldName('web_flags') . ', ' . (fieldExist('premdays', 'accounts') ? $this->db->fieldName('premdays') . ',' : '') . (fieldExist('lastday', 'accounts') ? $this->db->fieldName('lastday') . ',' : (fieldExist('premend', 'accounts') ?  $this->db->fieldName('premend') . ',' : '')) . $this->db->fieldName('created') . ' FROM ' . $this->db->tableName('accounts') . ' WHERE ' . $this->db->fieldName('id') . ' = ' . (int) $id)->fetch();
     }
 
 /**
@@ -249,12 +249,16 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
             throw new E_OTS_NotLoaded();
         }
 
-		$lastday = 'lastday';
-		if(fieldExist('premend', 'accounts'))
-			$lastday = 'premend';
+	$field = 'lastday';
+	if(fieldExist('premend', 'accounts')) { // othire
+    		$field = 'premend';
+		if(!isset($this->data['premend'])) {
+			$this->data['premend'] = 0;
+		}
+	}
 
         // UPDATE query on database
-        $this->db->query('UPDATE `accounts` SET ' . (fieldExist('name', 'accounts') ? '`name` = ' . $this->db->quote($this->data['name']) . ',' : '') . '`password` = ' . $this->db->quote($this->data['password']) . ', `email` = ' . $this->db->quote($this->data['email']) . ', `blocked` = ' . (int) $this->data['blocked'] . ', `rlname` = ' . $this->db->quote($this->data['rlname']) . ', `location` = ' . $this->db->quote($this->data['location']) . ', `web_flags` = ' . (int) $this->data['web_flags'] . ', ' . (fieldExist('premdays', 'accounts') ? '`premdays` = ' . (int) $this->data['premdays'] . ',' : '') . '`' . $lastday . '` = ' . (int) $this->data['lastday'] . ' WHERE `id` = ' . $this->data['id']);
+        $this->db->query('UPDATE `accounts` SET ' . (fieldExist('name', 'accounts') ? '`name` = ' . $this->db->quote($this->data['name']) . ',' : '') . '`password` = ' . $this->db->quote($this->data['password']) . ', `email` = ' . $this->db->quote($this->data['email']) . ', `blocked` = ' . (int) $this->data['blocked'] . ', `rlname` = ' . $this->db->quote($this->data['rlname']) . ', `location` = ' . $this->db->quote($this->data['location']) . ', `web_flags` = ' . (int) $this->data['web_flags'] . ', ' . (fieldExist('premdays', 'accounts') ? '`premdays` = ' . (int) $this->data['premdays'] . ',' : '') . '`' . $field . '` = ' . (int) $this->data[$field] . ' WHERE `id` = ' . $this->data['id']);
     }
 
 /**
@@ -327,23 +331,25 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		return $this->hasFlag(FLAG_SUPER_ADMIN);
 	}
 
-    public function getPremDays()
-    {
-        if( !isset($this->data['lastday']) )
-        {
-            throw new E_OTS_NotLoaded();
-        }
+	public function getPremDays()
+	{
+		if(!isset($this->data['lastday']) && !isset($this->data['premend'])) {
+			throw new E_OTS_NotLoaded();
+		}
+
+		if(isset($this->data['premend'])) {
+			return round(($this->data['premend'] - time()) / (24 * 60 * 60), 2);
+		}
+
+		if($this->data['premdays'] == 0) {
+			return 0;
+		}
+
+		global $config;
+        if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return -1;
+		return $this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday']));
+	}
 
-		if(fieldExist('premdays', 'accounts'))
-			return $this->data['premdays'];
-		
-        if($this->data['lastday'] == 0)
-            return 0;
-        
-		return round(($this->data['lastday'] - time()) / (24 * 60 * 60), 3);
-        //return $this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday']));
-    }
-	
    public function getLastLogin()
     {
         if( !isset($this->data['lastday']) )
@@ -353,17 +359,18 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 
         return $this->data['lastday'];
     }
-	
+
     public function isPremium()
     {
 		global $config;
         if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return true;
-		if(fieldExist('premdays', 'accounts'))
-			return $this->data['premdays'] > 0;
-	
-		return $this->data['lastday'] > time();
-        //return ($this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday'])) > 0);
-    }
+
+		if(isset($this->data['premend'])) {
+			return $this->data['premend'] > time();
+		}
+
+		return ($this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday'])) > 0);
+	}
 
     public function getCreated()
     {

system/libs/pot/OTS_Player.php

@@ -216,11 +216,6 @@ class OTS_Player extends OTS_Row_DAO
 		if(!isset($this->data['rank_id']) || $this->data['rank_id'] == NULL)
 			$this->data['rank_id'] = 0;
 
-		if(isset($this->data['promotion'])) {
-			global $config;
-			if((int)$this->data['promotion'] > 0)
-				$this->data['vocation'] += ($this->data['promotion'] * $config['vocations_amount']);
-		}
         // loads skills
         if( $this->isLoaded() )
         {
@@ -820,6 +815,12 @@ class OTS_Player extends OTS_Row_DAO
             throw new E_OTS_NotLoaded();
         }
 
+		if(isset($this->data['promotion'])) {
+			global $config;
+			if((int)$this->data['promotion'] > 0)
+				return ($this->data['vocation'] + ($this->data['promotion'] * $config['vocations_amount']));
+		}
+
         return $this->data['vocation'];
     }
 
@@ -2895,7 +2896,12 @@ class OTS_Player extends OTS_Row_DAO
         }
 
 		global $config;
-		return $config['vocations'][$this->data['vocation']];
+		$voc = $this->getVocation();
+		if(!isset($config['vocations'][$voc])) {
+			return 'Unknown';
+		}
+
+		return $config['vocations'][$voc];
         //return POT::getInstance()->getVocationsList()->getVocationName($this->data['vocation']);
     }
 

system/migrations/20.php

@@ -1,39 +1,48 @@
 <?php
 
-$config_file = BASE . 'config.local.php';
-if(!is_writable($config_file)) { // we can't do anything, just ignore
-	return;
+if(!isset($database_migration_20)) {
+	databaseMigration20();
 }
 
-$content_of_file = trim(file_get_contents($config_file));
-if(strpos($content_of_file, 'highscores_ids_hidden') !== false) { // already present
-	return;
+function databaseMigration20(&$content = '') {
+	global $db;
+
+	$config_file = BASE . 'config.local.php';
+	if(!is_writable($config_file)) { // we can't do anything, just ignore
+		return false;
+	}
+
+	$content_of_file = trim(file_get_contents($config_file));
+	if(strpos($content_of_file, 'highscores_ids_hidden') !== false) { // already present
+		return true;
+	}
+
+	$query = $db->query("SELECT `id` FROM `players` WHERE (`name` = " . $db->quote("Rook Sample") . " OR `name` = " . $db->quote("Sorcerer Sample") . " OR `name` = " . $db->quote("Druid Sample") . " OR `name` = " . $db->quote("Paladin Sample") . " OR `name` = " . $db->quote("Knight Sample") . " OR `name` = " . $db->quote("Account Manager") . ") ORDER BY `id`;");
+
+	$highscores_ignored_ids = array();
+	if($query->rowCount() > 0) {
+		foreach($query->fetchAll() as $result)
+			$highscores_ignored_ids[] = $result['id'];
+	}
+	else {
+		$highscores_ignored_ids[] = 0;
+	}
+
+	$php_on_end = substr($content_of_file, -2, 2) == '?>';
+	$content = PHP_EOL;
+	if($php_on_end) {
+		$content .= '<?php';
+	}
+
+	$content .= PHP_EOL;
+	$content .= '$config[\'highscores_ids_hidden\'] = array(' . implode(', ', $highscores_ignored_ids) . ');';
+	$content .= PHP_EOL;
+
+	if($php_on_end) {
+		$content .= '?>';
+	}
+
+	file_put_contents($config_file, $content, FILE_APPEND);
+	return true;
 }
-
-$query = $db->query("SELECT `id` FROM `players` WHERE (`name` = " . $db->quote("Rook Sample") . " OR `name` = " . $db->quote("Sorcerer Sample") . " OR `name` = " . $db->quote("Druid Sample") . " OR `name` = " . $db->quote("Paladin Sample") . " OR `name` = " . $db->quote("Knight Sample") . ") ORDER BY `id`;");
-
-$highscores_ignored_ids = array();
-if($query->rowCount() > 0) {
-	foreach($query->fetchAll() as $result)
-		$highscores_ignored_ids[] = $result['id'];
-}
-else {
-	$highscores_ignored_ids[] = 0;
-}
-
-$php_on_end = substr($content_of_file, -2, 2) == '?>';
-$content = PHP_EOL;
-if($php_on_end) {
-	$content .= '<?php';
-}
-
-$content .= PHP_EOL;
-$content .= '$config[\'highscores_ids_hidden\'] = array(' . implode(', ', $highscores_ignored_ids) . ');';
-$content .= PHP_EOL;
-
-if($php_on_end) {
-	$content .= '?>';
-}
-
-file_put_contents($config_file, $content, FILE_APPEND);
 ?>

system/migrations/21.php

@@ -0,0 +1,14 @@
+<?php
+
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "forum` ADD `post_html` TINYINT(1) NOT NULL DEFAULT 0 AFTER `post_smile`;");
+
+$query = $db->query("SELECT `id` FROM `" . TABLE_PREFIX . "forum_boards` WHERE `name` LIKE " . $db->quote('News') . " LIMIT 1;");
+if($query->rowCount() == 0) {
+	return; // don't make anything
+}
+
+$query = $query->fetch();
+$id = $query['id'];
+
+// update all forum threads with is_html = 1
+$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `post_html` = 1 WHERE `section` = " . $id . " AND `id` = `first_post`;");

system/migrations/22.php

@@ -0,0 +1,29 @@
+<?php
+
+if(!tableExist('z_polls'))
+	$db->query('
+CREATE TABLE `z_polls` (
+  `id` int(11) NOT NULL auto_increment,
+  `question` varchar(255) NOT NULL,
+  `description` varchar(255) NOT NULL,
+  `end` int(11) NOT NULL DEFAULT 0,
+  `start` int(11) NOT NULL DEFAULT 0,
+  `answers` int(11) NOT NULL DEFAULT 0,
+  `votes_all` int(11) NOT NULL DEFAULT 0,
+  PRIMARY KEY  (`id`)
+) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;');
+
+if(!tableExist('z_polls_answers'))
+$db->query('
+	CREATE TABLE `z_polls_answers` (
+  `poll_id` int(11) NOT NULL,
+  `answer_id` int(11) NOT NULL,
+  `answer` varchar(255) NOT NULL,
+  `votes` int(11) NOT NULL DEFAULT 0
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;');
+
+if(!fieldExist('vote', 'accounts'))
+	$db->query('ALTER TABLE `accounts` ADD `vote` INT( 11 ) DEFAULT 0 NOT NULL ;');
+else {
+	$db->query('ALTER TABLE `accounts` MODIFY `vote` INT( 11 ) DEFAULT 0 NOT NULL ;');
+}

system/pages/account/create_character.php

@@ -140,7 +140,11 @@ if($save) {
 		$player->setPosX(0);
 		$player->setPosY(0);
 		$player->setPosZ(0);
-		$player->setStamina($config['otserv_version'] == TFS_03 ? 151200000 : 2520);
+
+		if(fieldExist('stamina', 'players')) {
+			$player->setStamina($char_to_copy->getStamina());
+		}
+
 		if(fieldExist('loss_experience', 'players')) {
 			$player->setLossExperience($char_to_copy->getLossExperience());
 			$player->setLossMana($char_to_copy->getLossMana());

system/pages/accountmanagement.php

@@ -110,7 +110,7 @@ $errors = array();
 		$players = array();
 		$account_players = $account_logged->getPlayersList();
 		$account_players->orderBy('id');
-		
+
 		echo $twig->render('account.management.html.twig', array(
 			'welcome_message' => $welcome_message,
 			'recovery_key' => $recovery_key,

system/pages/admin/pages.php

@@ -16,6 +16,8 @@ if(!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin())
 	return;
 }
 
+header('X-XSS-Protection:0');
+
 $name = $p_title = '';
 $groups = new OTS_Groups_List();
 

system/pages/admin/players.php

@@ -120,7 +120,11 @@ if($id > 0) {
 		verify_number($experience, 'Experience', 20);
 
 		$vocation = $_POST['vocation'];
-		verify_number($vocation, 'Vocation id', 1);
+		verify_number($vocation, 'Vocation id', 11);
+
+		if(!isset($config['vocations'][$vocation])) {
+			echo_error("Vocation with this id doesn't exist.");
+		}
 
 		// health
 		$health = $_POST['health'];
@@ -357,14 +361,12 @@ $account = $player->getAccount();
 		<td>
 			<select name="vocation">
 <?php
-			$i = 0;
-			foreach($config['vocations'] as $voc)
+			foreach($config['vocations'] as $id => $name)
 			{
-				echo '<option value=' . $i;
-				if($i == $player->getVocation())
+				echo '<option value=' . $id;
+				if($id == $player->getVocation())
 					echo ' selected="selected"';
-				echo '>' . $voc . '</option>';
-				$i++;
+				echo '>' . $name . '</option>';
 			}
 					
 

system/pages/admin/plugins.php

@@ -22,7 +22,7 @@ if(isset($_REQUEST['uninstall'])){
 		success('Successfully uninstalled plugin ' . $uninstall);
 	}
 	else {
-		error('Error while uninstalling plugin ' . $plugin_name . ': ' . Plugins::getError());
+		error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
 	}
 }
 else if(isset($_FILES["plugin"]["name"]))

system/pages/characters.php

@@ -231,7 +231,7 @@ if($player->isLoaded() && !$player->isDeleted())
 	$dead_add_content = '';
 	$deaths = array();
 	if(tableExist('killers')) {
-		$player_deaths = $db->query('SELECT `id`, `date`, `level` FROM `player_deaths` WHERE `player_id` = '.$player->getId().' ORDER BY `date` DESC LIMIT 0,10;');
+		$player_deaths = $db->query('SELECT `id`, `date`, `level` FROM `player_deaths` WHERE `player_id` = '.$player->getId().' ORDER BY `date` DESC LIMIT 0,10;')->fetchAll();
 		if(count($player_deaths))
 		{
 			$number_of_rows = 0;
@@ -289,7 +289,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 		$deaths_db = $db->query('SELECT
 				`player_id`, `time`, `level`, `killed_by`, `is_player`' . $mostdamage . '
 				FROM `player_deaths`
-				WHERE `player_id` = ' . $player->getId() . ' ORDER BY `time` DESC LIMIT 10;');
+				WHERE `player_id` = ' . $player->getId() . ' ORDER BY `time` DESC LIMIT 10;')->fetchAll();
 		
 		if(count($deaths_db))
 		{
@@ -328,13 +328,13 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 		//frags list by Xampy
 		$i = 0;
 		$frags_limit = 10; // frags limit to show? // default: 10
-		$player_frags = $db->query('SELECT `player_deaths`.*, `players`.`name`, `killers`.`unjustified` FROM `player_deaths` LEFT JOIN `killers` ON `killers`.`death_id` = `player_deaths`.`id` LEFT JOIN `player_killers` ON `player_killers`.`kill_id` = `killers`.`id` LEFT JOIN `players` ON `players`.`id` = `player_deaths`.`player_id` WHERE `player_killers`.`player_id` = '.$player->getId().' ORDER BY `date` DESC LIMIT 0,'.$frags_limit.';');
+		$player_frags = $db->query('SELECT `player_deaths`.*, `players`.`name`, `killers`.`unjustified` FROM `player_deaths` LEFT JOIN `killers` ON `killers`.`death_id` = `player_deaths`.`id` LEFT JOIN `player_killers` ON `player_killers`.`kill_id` = `killers`.`id` LEFT JOIN `players` ON `players`.`id` = `player_deaths`.`player_id` WHERE `player_killers`.`player_id` = '.$player->getId().' ORDER BY `date` DESC LIMIT 0,'.$frags_limit.';')->fetchAll();
 		if(count($player_frags))
 		{
 			$row_count = 0;
 			foreach($player_frags as $frag)
 			{
-				$description = 'Fragged <a href="' . getPlayerLink($frag[name], false) . '">' . $frag[name] . '</a> at level ' . $frag[level];
+				$description = 'Fragged <a href="' . getPlayerLink($frag['name'], false) . '">' . $frag['name'] . '</a> at level ' . $frag['level'];
 				$frags[] = array('time' => $frag['date'], 'description' => $description, 'unjustified' => $frag['unjustified'] != 0);
 			}
 		}
@@ -375,7 +375,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 		'sex' => $player_sex,
 		'marriage_enabled' => $config['characters']['marriage_info'] && fieldExist('marriage', 'players'),
 		'marital_status' => $marital_status,
-		'vocation' => $config['vocations'][$player->getVocation()],
+		'vocation' => $player->getVocationName(),
 		'frags_enabled' => $frags_enabled,
 		'frags_count' => $frags_count,
 		'town' => isset($config['towns'][$player->getTownId()]) ? $config['towns'][$player->getTownId()] : null,

system/pages/createaccount.php

@@ -144,8 +144,13 @@ if($save)
 		}
 
 		if($config['account_premium_days'] && $config['account_premium_days'] > 0) {
-			$new_account->setCustomField('premdays', $config['account_premium_days']);
-			$new_account->setCustomField('lastday', time());
+			if(fieldExist('premend', 'accounts')) { // othire
+				$new_account->setCustomField('premend', time() + $config['account_premium_days'] * 86400);
+			}
+			else { // rest
+				$new_account->setCustomField('premdays', $config['account_premium_days']);
+				$new_account->setCustomField('lastday', time());
+			}
 		}
 
 		if($config['account_premium_points']) {
@@ -198,9 +203,10 @@ if($save)
 
 				if(_mail($email, 'Your account on ' . $config['lua']['serverName'], $mailBody))
 					echo '<br /><small>These informations were send on email address <b>' . $email . '</b>.';
-				else
+				else {
 					error('An error occorred while sending email (<b>' . $email . '</b>)! Error:<br/>' . $mailer->ErrorInfo . '<br/>More info in system/logs/error.log');
 					log_append('error.log', '[createaccount.php] An error occorred while sending email: ' . $mailer->ErrorInfo . '. Error: ' . print_r(error_get_last(), true));
+				}
 			}
 		}
 
@@ -208,36 +214,43 @@ if($save)
 	}
 }
 
-	$country_recognized = null;
-	if($config['account_country_recognize']) {
+$country_recognized = null;
+if($config['account_country_recognize']) {
+	$country_session = getSession('country');
+	if($country_session !== false) { // get from session
+		$country_recognized = $country_session;
+	}
+	else {
 		$info = json_decode(@file_get_contents('http://ipinfo.io/' . $_SERVER['REMOTE_ADDR'] . '/geo'), true);
 		if(isset($info['country'])) {
 			$country_recognized = strtolower($info['country']);
+			setSession('country', $country_recognized);
 		}
 	}
+}
 
-	if(!empty($errors))
-		echo $twig->render('error_box.html.twig', array('errors' => $errors));
+if(!empty($errors))
+	echo $twig->render('error_box.html.twig', array('errors' => $errors));
 
-	if($config['account_country']) {
-		$countries = array();
-		foreach (array('pl', 'se', 'br', 'us', 'gb') as $c)
-			$countries[$c] = $config['countries'][$c];
-		
-		$countries['--'] = '----------';
-		foreach ($config['countries'] as $code => $c)
-			$countries[$code] = $c;
-	}
+if($config['account_country']) {
+	$countries = array();
+	foreach (array('pl', 'se', 'br', 'us', 'gb') as $c)
+		$countries[$c] = $config['countries'][$c];
+	
+	$countries['--'] = '----------';
+	foreach ($config['countries'] as $code => $c)
+		$countries[$code] = $c;
+}
 
-	echo $twig->render('account.create.js.html.twig');
-	echo $twig->render('account.create.html.twig', array(
-		'account' => isset($_POST['account']) ? $_POST['account'] : '',
-		'email' => isset($_POST['email']) ? $_POST['email'] : '',
-		'countries' => isset($countries) ? $countries : null,
-		'accept_rules' => isset($_POST['accept_rules']) ? $_POST['accept_rules'] : false,
-		'country_recognized' => $country_recognized,
-		'country' => isset($country) ? $country : null,
-		'errors' => $errors,
-		'save' => $save
-	));
+echo $twig->render('account.create.js.html.twig');
+echo $twig->render('account.create.html.twig', array(
+	'account' => isset($_POST['account']) ? $_POST['account'] : '',
+	'email' => isset($_POST['email']) ? $_POST['email'] : '',
+	'countries' => isset($countries) ? $countries : null,
+	'accept_rules' => isset($_POST['accept_rules']) ? $_POST['accept_rules'] : false,
+	'country_recognized' => $country_recognized,
+	'country' => isset($country) ? $country : null,
+	'errors' => $errors,
+	'save' => $save
+));
 ?>

system/pages/creatures.php

@@ -110,21 +110,21 @@ if(empty($_REQUEST['creature']))
 	$number_of_rows = 0;
 	foreach($monsters as $monster) {
 		echo '<TR BGCOLOR="' . getStyle($number_of_rows++) . '"><TD><a href="?subtopic=creatures&creature='.urlencode($monster['name']).'">'.$monster['name'].'</a></TD><TD>'.$monster['health'].'</TD><TD>'.$monster['exp'].'</TD>';
-		
+
 	if($monster['summonable']) {
 		echo '<TD>'.$monster['mana'].'</TD>';
 	}
 	else {
 		echo '<TD>---</TD>';
 	}
-		
+
 	if($monster['convinceable']) {
 		echo '<TD>'.$monster['mana'].'</TD>';
 	}
 	else {
 		echo '<TD>---</TD>';
 	}
-		
+
 	echo '<td>'.ucwords($monster['race']).'</td></tr>';
 	}
 
@@ -170,13 +170,13 @@ if(isset($monster['name']))
 	echo '</TABLE></td><td align=left>
 	<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=40%>
 	<tr><td align=left>';
-	$monster['gfx_name'] = trim(mb_strtolower($monster['name'])).".gif";
+	$monster['gfx_name'] = trim(strtolower($monster['name'])).".gif";
 	if(!file_exists('images/monsters/'.$monster['gfx_name'])) {
 		$gfx_name =  str_replace(" ", "", $monster['gfx_name']);
 		if(file_exists('images/monsters/' . $gfx_name))
 			echo '<img src="images/monsters/'.$gfx_name.'" height="128" width="128">';
-	else
-		echo '<img src="images/monsters/nophoto.png" height="128" width="128">';
+	    else
+		    echo '<img src="images/monsters/nophoto.png" height="128" width="128">';
 	}
 	else
 		echo '<img src="images/monsters/' . $monster['gfx_name'] . '" height="128" width="128">';
@@ -190,19 +190,19 @@ if(isset($monster['name']))
 		$number_of_rows++;
 		echo '<tr BGCOLOR="'.getStyle($number_of_rows).'"><td width="100"><b>Immunities: </b></td><td width="100%">'.implode(', ', $immunities).'</td></tr>';
 	}
-	
+
 	$voices = json_decode($monster['voices'], true);
 	if(count($voices) > 0)
 	{
 		foreach($voices as &$voice) {
 			$voice = '"' . $voice . '"';
 		}
-		
+
 		$number_of_rows++;
 		echo '<tr BGCOLOR="'.getStyle($number_of_rows).'"><td width="100"><b>Voices: </b></td><td width="100%">'.implode(', ', $voices).'</td></tr>';
 	}
 	echo '</TABLE></td></tr>';
-	
+
 	$loot = json_decode($monster['loot'], true);
 	if($loot)
 	{
@@ -214,18 +214,18 @@ if(isset($monster['name']))
 			}
 			return ($a['chance'] > $b['chance']) ? -1 : 1;
 		}
-		
+
 		usort($loot, 'sort_by_chance');
-		
+
 		$i = 0;
 		foreach($loot as $item) {
 			$name = getItemNameById($item['id']);
 			$tooltip = $name . '<br/>Chance: ' . round($item['chance'] / 1000, 2) . '%<br/>Max count: ' . $item['count'];
-			
+
 			echo '<img src="' . $config['item_images_url'] . $item['id'] . '.gif" class="tooltip" title="' . $tooltip . '" width="32" height="32" border="0" alt=" ' .$name . '" />';
 			$i++;
 		}
-		
+
 		echo '</td></tr></TABLE>';
 	}
 

system/pages/forum.php

@@ -28,7 +28,7 @@ if(!$logged)
 
 require_once(LIBS . 'forum.php');
 
-$canEdit = hasFlag(FLAG_CONTENT_FORUM) || superAdmin();
+$canEdit = Forum::isModerator();
 if($canEdit)
 {
 	$groups = new OTS_Groups_List();
@@ -172,7 +172,7 @@ if(empty($action))
 	return;
 }
 
-
+$errors = array();
 if($action == 'show_board' || $action == 'show_thread')
 {
 	require(PAGES . 'forum/' . $action . '.php');

system/pages/forum/edit_post.php

@@ -18,14 +18,14 @@ if(Forum::canPost($account_logged))
 		return;
 	}
 	
-	$thread = $db->query("SELECT `author_guid`, `author_aid`, `first_post`, `post_topic`, `post_date`, `post_text`, `post_smile`, `id`, `section` FROM `" . TABLE_PREFIX . "forum` WHERE `id` = ".$post_id." LIMIT 1")->fetch();
+	$thread = $db->query("SELECT `author_guid`, `author_aid`, `first_post`, `post_topic`, `post_date`, `post_text`, `post_smile`, `post_html`, `id`, `section` FROM `" . TABLE_PREFIX . "forum` WHERE `id` = ".$post_id." LIMIT 1")->fetch();
 	if(isset($thread['id']))
 	{
 		$first_post = $db->query("SELECT `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`id`, `" . TABLE_PREFIX . "forum`.`section` FROM `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`id` = ".(int) $thread['first_post']." LIMIT 1")->fetch();
 		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread['first_post']) . '">'.$first_post['post_topic'].'</a> >> <b>Edit post</b>';
 		if(Forum::hasAccess($thread['section'] && ($account_logged->getId() == $thread['author_aid'] || Forum::isModerator())))
 		{
-			$char_id = $post_topic = $text = $smile = null;
+			$char_id = $post_topic = $text = $smile = $html = null;
 			$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
 			$saved = false;
 			if(isset($_REQUEST['save']))
@@ -33,9 +33,10 @@ if(Forum::canPost($account_logged))
 				$text = stripslashes(trim($_REQUEST['text']));
 				$char_id = (int) $_REQUEST['char_id'];
 				$post_topic = stripslashes(trim($_REQUEST['topic']));
-				$smile = (int) $_REQUEST['smile'];
+				$smile = isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0;
+				$html = isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0;
 				$lenght = 0;
-				for($i = 0; $i <= strlen($post_topic); $i++)
+				for($i = 0; $i < strlen($post_topic); $i++)
 				{
 					if(ord($post_topic[$i]) >= 33 && ord($post_topic[$i]) <= 126)
 						$lenght++;
@@ -43,12 +44,11 @@ if(Forum::canPost($account_logged))
 				if(($lenght < 1 || strlen($post_topic) > 60) && $thread['id'] == $thread['first_post'])
 					$errors[] = 'Too short or too long topic (short: '.$lenght.' long: '.strlen($post_topic).' letters). Minimum 1 letter, maximum 60 letters.';
 				$lenght = 0;
-				for($i = 0; $i <= strlen($text); $i++)
+				for($i = 0; $i < strlen($text); $i++)
 				{
 					if(ord($text[$i]) >= 33 && ord($text[$i]) <= 126)
 						$lenght++;
 				}
-				
 				if($lenght < 1 || strlen($text) > 15000)
 					$errors[] = 'Too short or too long post (short: '.$lenght.' long: '.strlen($text).' letters). Minimum 1 letter, maximum 15000 letters.';
 				if($char_id == 0)
@@ -56,7 +56,7 @@ if(Forum::canPost($account_logged))
 				if(empty($post_topic) && $thread['id'] == $thread['first_post'])
 					$errors[] = 'Thread topic can\'t be empty.';
 				
-				$player_on_account == false;
+				$player_on_account = false;
 				
 				if(count($errors) == 0)
 				{
@@ -71,7 +71,7 @@ if(Forum::canPost($account_logged))
 					$saved = true;
 					if($account_logged->getId() != $thread['author_aid'])
 						$char_id = $thread['author_guid'];
-					$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `author_guid` = ".(int) $char_id.", `post_text` = ".$db->quote($text).", `post_topic` = ".$db->quote($post_topic).", `post_smile` = ".(int) $smile.", `last_edit_aid` = ".(int) $account_logged->getId().",`edit_date` = ".time()." WHERE `id` = ".(int) $thread['id']);
+					$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `author_guid` = ".(int) $char_id.", `post_text` = ".$db->quote($text).", `post_topic` = ".$db->quote($post_topic).", `post_smile` = ".$smile.", `post_html` = ".$html.", `last_edit_aid` = ".(int) $account_logged->getId().",`edit_date` = ".time()." WHERE `id` = ".(int) $thread['id']);
 					$post_page = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`post_date` <= ".$thread['post_date']." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['first_post'])->fetch();
 					$_page = (int) ceil($post_page['posts_count'] / $config['forum_threads_per_page']) - 1;
 					header('Location: ' . getForumThreadLink($thread['first_post'], $_page));
@@ -83,6 +83,7 @@ if(Forum::canPost($account_logged))
 				$char_id = (int) $thread['author_guid'];
 				$post_topic = $thread['post_topic'];
 				$smile = (int) $thread['post_smile'];
+				$html = (int) $thread['post_html'];
 			}
 			
 			if(!$saved)
@@ -94,9 +95,12 @@ if(Forum::canPost($account_logged))
 					'post_id' => $post_id,
 					'players' => $players_from_account,
 					'player_id' => $char_id,
-					'topic' => htmlspecialchars($post_topic),
-					'text' => htmlspecialchars($text),
-					'smile' => $smile
+					'post_topic' => $canEdit ? $post_topic : htmlspecialchars($post_topic),
+					'post_text' => $canEdit ? $text : htmlspecialchars($text),
+					'post_smile' => $smile > 0,
+					'post_html' => $html > 0,
+					'html' => $html,
+					'canEdit' => $canEdit
 				));
 			}
 		}

system/pages/forum/new_post.php

@@ -27,7 +27,8 @@ if(Forum::canPost($account_logged))
 		$text = isset($_REQUEST['text']) ? stripslashes(trim($_REQUEST['text'])) : NULL;
 		$char_id = (int) (isset($_REQUEST['char_id']) ? $_REQUEST['char_id'] : 0);
 		$post_topic = isset($_REQUEST['topic']) ? stripslashes(trim($_REQUEST['topic'])) : '';
-		$smile = (int) (isset($_REQUEST['smile']) ? $_REQUEST['smile'] : 0);
+		$smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0);
+		$html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0);
 		$saved = false;
 		if(isset($_REQUEST['quote']))
 		{
@@ -72,7 +73,7 @@ if(Forum::canPost($account_logged))
 			if(count($errors) == 0)
 			{
 				$saved = true;
-				Forum::add_post($thread['id'], $thread['section'], $account_logged->getId(), (int) $char_id, $text, $post_topic, (int) $smile, time(), $_SERVER['REMOTE_ADDR']);
+				Forum::add_post($thread['id'], $thread['section'], $account_logged->getId(), (int) $char_id, $text, $post_topic, $smile, $html, time(), $_SERVER['REMOTE_ADDR']);
 				$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `replies`=`replies`+1, `last_post`=".time()." WHERE `id` = ".(int) $thread_id);
 				$post_page = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`post_date` <= ".time()." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['id'])->fetch();
 				$_page = (int) ceil($post_page['posts_count'] / $config['forum_threads_per_page']) - 1;
@@ -85,11 +86,14 @@ if(Forum::canPost($account_logged))
 		{
 			if(!empty($errors))
 				echo $twig->render('error_box.html.twig', array('errors' => $errors));
-			
-			$threads = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_smile` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` DESC LIMIT 5")->fetchAll();
-			
+				
+			$threads = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`post_html`, `" . TABLE_PREFIX . "forum`.`author_aid` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` DESC LIMIT 5")->fetchAll();
 			foreach($threads as &$thread) {
-				$thread['post'] = Forum::showPost($thread['post_topic'], $thread['post_text'], $thread['post_smile']);
+				$player_account = new OTS_Account();
+				$player_account->load($thread['author_aid']);
+				if($player_account->isLoaded()) {
+					$thread['post'] = Forum::showPost(($thread['post_html'] > 0 ? $thread['post_topic'] : htmlspecialchars($thread['post_topic'])), ($thread['post_html'] > 0 ? $thread['post_text'] : htmlspecialchars($thread['post_text'])), $thread['post_smile'] == 0, $thread['post_html'] > 0);
+				}
 			}
 			
 			echo $twig->render('forum.new_post.html.twig', array(
@@ -98,9 +102,11 @@ if(Forum::canPost($account_logged))
 				'players' => $players_from_account,
 				'post_topic' => $post_topic,
 				'post_text' => $text,
-				'post_smile' => $smile,
+				'post_smile' => $smile > 0,
+				'post_html' => $html > 0,
 				'topic' => $thread['post_topic'],
-				'threads' => $threads
+				'threads' => $threads,
+				'canEdit' => $canEdit
 			));
 		}
 	}

system/pages/forum/new_thread.php

@@ -24,7 +24,8 @@ if(Forum::canPost($account_logged))
 			$text = isset($_REQUEST['text']) ? stripslashes($_REQUEST['text']) : '';
 			$char_id = (int)(isset($_REQUEST['char_id']) ? $_REQUEST['char_id'] : 0);
 			$post_topic = isset($_REQUEST['topic']) ? stripslashes($_REQUEST['topic']) : '';
-			$smile = (int)(isset($_REQUEST['smile']) ? $_REQUEST['smile'] : 0);
+			$smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0);
+			$html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0);
 			$saved = false;
 			if (isset($_REQUEST['save'])) {
 				$errors = array();
@@ -68,7 +69,7 @@ if(Forum::canPost($account_logged))
 				}
 				if (count($errors) == 0) {
 					$saved = true;
-					$db->query("INSERT INTO `" . TABLE_PREFIX . "forum` (`first_post` ,`last_post` ,`section` ,`replies` ,`views` ,`author_aid` ,`author_guid` ,`post_text` ,`post_topic` ,`post_smile` ,`post_date` ,`last_edit_aid` ,`edit_date`, `post_ip`) VALUES ('0', '" . time() . "', '" . (int)$section_id . "', '0', '0', '" . $account_logged->getId() . "', '" . (int)$char_id . "', " . $db->quote($text) . ", " . $db->quote($post_topic) . ", '" . (int)$smile . "', '" . time() . "', '0', '0', '" . $_SERVER['REMOTE_ADDR'] . "')");
+					$db->query("INSERT INTO `" . TABLE_PREFIX . "forum` (`first_post` ,`last_post` ,`section` ,`replies` ,`views` ,`author_aid` ,`author_guid` ,`post_text` ,`post_topic` ,`post_smile`, `post_html` ,`post_date` ,`last_edit_aid` ,`edit_date`, `post_ip`) VALUES ('0', '" . time() . "', '" . (int)$section_id . "', '0', '0', '" . $account_logged->getId() . "', '" . (int)$char_id . "', " . $db->quote($text) . ", " . $db->quote($post_topic) . ", '" . (int)$smile . "', '" . (int)$html . "', '" . time() . "', '0', '0', '" . $_SERVER['REMOTE_ADDR'] . "')");
 					$thread_id = $db->lastInsertId();
 					$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `first_post`=" . (int)$thread_id . " WHERE `id` = " . (int)$thread_id);
 					header('Location: ' . getForumThreadLink($thread_id));
@@ -85,8 +86,10 @@ if(Forum::canPost($account_logged))
 					'players' => $players_from_account,
 					'post_player_id' => $char_id,
 					'post_thread' => $post_topic,
-					'text' => $text,
-					'smiles_enabled' => $smile > 0
+					'post_text' => $text,
+					'post_smile' => $smile > 0,
+					'post_html' => $html > 0,
+					'canEdit' => $canEdit
 				));
 			}
 		}

system/pages/forum/show_thread.php

@@ -33,7 +33,7 @@ for($i = 0; $i < $posts_count['posts_count'] / $config['forum_threads_per_page']
 	else
 		$links_to_pages .= '<b>'.($i + 1).' </b>';
 }
-$threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `players`.`account_id`, `players`.`vocation`" . (fieldExist('promotion', 'players') ? ", `players`.`promotion`" : "") . ", `players`.`level`, `" . TABLE_PREFIX . "forum`.`id`,`" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`section`,`" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_date`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`last_edit_aid`, `" . TABLE_PREFIX . "forum`.`edit_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` LIMIT ".$config['forum_posts_per_page']." OFFSET ".($_page * $config['forum_posts_per_page']))->fetchAll();
+$threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `players`.`account_id`, `players`.`vocation`" . (fieldExist('promotion', 'players') ? ", `players`.`promotion`" : "") . ", `players`.`level`, `" . TABLE_PREFIX . "forum`.`id`,`" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`section`,`" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_date`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`post_html`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`last_edit_aid`, `" . TABLE_PREFIX . "forum`.`edit_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` LIMIT ".$config['forum_posts_per_page']." OFFSET ".($_page * $config['forum_posts_per_page']))->fetchAll();
 if(isset($threads[0]['name']))
 	$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `views`=`views`+1 WHERE `id` = ".(int) $thread_id);
 echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($threads[0]['section']) . '">'.$sections[$threads[0]['section']]['name'].'</a> >> <b>'.$thread_name['post_topic'].'</b>';
@@ -47,8 +47,8 @@ foreach($threads as $thread)
 		die();
 	}
 	
-	echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td valign="top">' . getPlayerLink($thread['name']) . '<br /><br /><font size="1">Profession: '.$config['vocations'][$player->getVocation()].'<br />Level: '.$thread['level'].'<br />';
-	
+	echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td valign="top">' . getPlayerLink($thread['name']) . '<br /><br /><font size="1">Profession: '.$player->getVocationName().'<br />Level: '.$thread['level'].'<br />';
+
 	$rank = $player->getRank();
 	if($rank->isLoaded())
 	{
@@ -56,11 +56,9 @@ foreach($threads as $thread)
 		if($guild->isLoaded())
 			echo $rank->getName().' of <a href="'.getGuildLink($guild->getName(), false).'">'.$guild->getName().'</a><br />';
 	}
-	$player_account = $player->getAccount();
-	$canEditForum = $player_account->hasFlag(FLAG_CONTENT_FORUM) || $player_account->isAdmin();
-	
+
 	$posts = $db->query("SELECT COUNT(`id`) AS 'posts' FROM `" . TABLE_PREFIX . "forum` WHERE `author_aid`=".(int) $thread['account_id'])->fetch();
-	echo '<br />Posts: '.(int) $posts['posts'].'<br /></font></td><td valign="top">'.Forum::showPost(($canEditForum ? $thread['post_topic'] : htmlspecialchars($thread['post_topic'])), ($canEditForum ? $thread['post_text'] : htmlspecialchars($thread['post_text'])), $thread['post_smile']).'</td></tr>
+	echo '<br />Posts: '.(int) $posts['posts'].'<br /></font></td><td valign="top">'.Forum::showPost(($thread['post_html'] > 0 ? $thread['post_topic'] : htmlspecialchars($thread['post_topic'])), ($thread['post_html'] > 0 ? $thread['post_text'] : htmlspecialchars($thread['post_text'])), $thread['post_smile'] == 0, $thread['post_html'] > 0).'</td></tr>
 		<tr bgcolor="'.getStyle($number_of_rows++).'"><td><font size="1">'.date('d.m.y H:i:s', $thread['post_date']);
 	if($thread['edit_date'] > 0)
 	{

system/pages/guilds/leave_guild.php

@@ -94,7 +94,7 @@ else
 {
 	if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
 		$player->setRank();
-		$twig->render('success.html.twig', array(
+		echo $twig->render('success.html.twig', array(
 			'title' => 'Leave guild',
 			'description' => 'Player with name <b>'.$player->getName().'</b> leaved guild <b>'.$guild->getName().'</b>.',
 			'custom_buttons' => $twig->render('guilds.back_button.html.twig', array(

system/pages/guilds/show.php

@@ -10,6 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
+$title = 'Guilds';
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 if(!Validator::guildName($guild_name))
 	$errors[] = Validator::getLastError();
@@ -41,6 +42,7 @@ else
 	$players_from_account_in_guild = array();
 	if($logged)
 	{
+		$players_from_account_ids = array();
 		$account_players = $account_logged->getPlayers();
 		foreach($account_players as $player)
 		{

system/pages/highscores.php

@@ -22,11 +22,17 @@ $add_sql = '';
 $config_vocations = $config['vocations'];
 if($config['highscores_vocation_box'] && isset($vocation))
 {
-	for($i = 1; $i < count($config_vocations) / 2; $i++)
-	{
-		if(strtolower($config_vocations[$i]) == $vocation)
-		{
-			$add_sql = 'AND ' . $db->fieldName('vocation') . ' = ' . $db->quote($i);
+	foreach($config['vocations'] as $id => $name) {
+		if(strtolower($name) == $vocation) {
+			$add_vocs = array($id);
+	
+			$i = $id + $config['vocations_amount'];
+			while(isset($config['vocations'][$i])) {
+				$add_vocs[] = $i;
+				$i += $config['vocations_amount'];
+			}
+	
+			$add_sql = 'AND `vocation` IN (' . implode(', ', $add_vocs) . ')';
 			break;
 		}
 	}
@@ -178,6 +184,7 @@ $i = 0;
 $online_exist = false;
 if(fieldExist('online', 'players'))
 	$online_exist = true;
+
 foreach($skills as $player)
 {
 	if(!$online_exist) {
@@ -211,7 +218,11 @@ echo '
 							$player['vocation'] += ($player['promotion'] * $config['vocations_amount']);
 					}
 
-					echo '<br/><small>' . $config['vocations'][$player['vocation']] . '</small>';
+					$tmp = 'Unknown';
+					if(isset($config['vocations'][$player['vocation']])) {
+						$tmp = $config['vocations'][$player['vocation']];
+					}
+					echo '<br/><small>' . $tmp . '</small>';
 				}
 echo '
 			</td>
@@ -228,8 +239,10 @@ echo '
 		$show_link_to_next_page = true;
 }
 
-if(!$i)
-	echo '<tr bgcolor="' . $config['darkborder'] . '"><td colspan="' . ($skill == POT::SKILL__LEVEL ? 5 : 4) . '">No records yet.</td></tr>';
+if(!$i) {
+	$extra = ($config['highscores_outfit'] ? 1 : 0);
+	echo '<tr bgcolor="' . $config['darkborder'] . '"><td colspan="' . ($skill == POT::SKILL__LEVEL ? 5 + $extra : 4 + $extra) . '">No records yet.</td></tr>';
+}
 
 ?>
 </table>

system/pages/news.php

@@ -387,7 +387,7 @@ class News
 		if(!self::verify($title, $body, $article_text, $article_image, $errors))
 			return false;
 
-		$db->insert(TABLE_PREFIX . 'news', array('title' => $title, 'body' => $body, 'type' => $type, 'date' => time(), 'category' => $category, 'player_id' => isset($player_id) ? $player_id : 0, 'comments' => $comments, 'article_text' => $article_text, 'article_image' => $article_image));
+		$db->insert(TABLE_PREFIX . 'news', array('title' => $title, 'body' => $body, 'type' => $type, 'date' => time(), 'category' => $category, 'player_id' => isset($player_id) ? $player_id : 0, 'comments' => $comments, 'article_text' => ($type == 3 ? $article_text : ''), 'article_image' => ($type == 3 ? $article_image : '')));
 		return true;
 	}
 

system/pages/polls.php

@@ -13,31 +13,6 @@ $title = 'Polls';
 
 /* Polls System By Averatec from pervera.pl & otland.net */
 
-if(!tableExist('z_polls'))
-	$db->query('
-CREATE TABLE `z_polls` (
-  `id` int(11) NOT NULL auto_increment,
-  `question` varchar(255) NOT NULL,
-  `description` varchar(255) NOT NULL,
-  `end` int(11) NOT NULL DEFAULT 0,
-  `start` int(11) NOT NULL DEFAULT 0,
-  `answers` int(11) NOT NULL DEFAULT 0,
-  `votes_all` int(11) NOT NULL DEFAULT 0,
-  PRIMARY KEY  (`id`)
-) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;');
-
-if(!tableExist('z_polls_answers'))
-$db->query('
-	CREATE TABLE `z_polls_answers` (
-  `poll_id` int(11) NOT NULL,
-  `answer_id` int(11) NOT NULL,
-  `answer` varchar(255) NOT NULL,
-  `votes` int(11) NOT NULL DEFAULT 0
-) ENGINE=MyISAM DEFAULT CHARSET=latin1;');
-
-if(!fieldExist('vote', 'accounts'))
-	$db->query('ALTER TABLE `accounts` ADD `vote` INT( 11 ) NOT NULL ;');
-
 function getColorByPercent($percent)
 {
 	if($percent < 15)

system/status.php

@@ -75,8 +75,13 @@ if(isset($config['lua']['statustimeout']))
 // get status timeout from server config
 $status_timeout = eval('return ' . $config['lua']['statusTimeout'] . ';') / 1000 + 1;
 
-if($status['lastCheck'] + $status_timeout < time())
-{
+if($status['lastCheck'] + $status_timeout < time()) {
+	updateStatus();
+}
+
+function updateStatus() {
+	global $db, $cache, $config, $status, $status_ip, $status_port;
+	
 	// get server status and save it to database
 	$serverInfo = new OTS_ServerInfo($status_ip, $status_port);
 	$serverStatus = $serverInfo->status();
@@ -98,9 +103,14 @@ if($status['lastCheck'] + $status_timeout < time())
 		if($config['online_afk'])
 		{
 			// get amount of players that are currently logged in-game, including disconnected clients (exited)
-			$query = $db->query('SELECT COUNT(' . $db->fieldName('id') . ') AS playersTotal FROM ' . $db->tableName('players') .
-				' WHERE ' . $db->fieldName('online') . ' > 0');
-
+			if(tableExist('players_online')) { // tfs 1.x
+				$query = $db->query('SELECT COUNT(`player_id`) AS `playersTotal` FROM `players_online`;');
+			}
+			else {
+				$query = $db->query('SELECT COUNT(`id`) AS `playersTotal` FROM `players` WHERE `online` > 0');
+			}
+			
+			$status['playersTotal'] = 0;
 			if($query->rowCount() > 0)
 			{
 				$query = $query->fetch();
@@ -132,5 +142,4 @@ if($status['lastCheck'] + $status_timeout < time())
 	foreach($status as $key => $value) {
 		updateDatabaseConfig('status_' . $key, $value);
 	}
-}
-?>
+}

system/template.php

@@ -15,42 +15,38 @@ if($config['template_allow_change'])
 {
 	if(isset($_GET['template']))
 	{
-		$template_name = $_GET['template'];
 		if(!preg_match("/[^A-z0-9_\-]/", $template_name)) { // validate template
 			//setcookie('template', $template_name, 0, BASE_DIR . '/', $_SERVER["SERVER_NAME"]);
+			$template_name = $_GET['template'];
 			setSession('template', $template_name);
 			header('Location:' . getSession('last_uri'));
 		}
-		else
-			$template_name = $config['template'];
 	}
 	else {
 		$template_session = getSession('template');
 		if ($template_session !== false) {
 			if (!preg_match("/[^A-z0-9_\-]/", $template_session)) {
 				$template_name = $template_session;
-			} else {
-				$template_name = $config['template'];
 			}
 		}
 	}
 }
 $template_path = 'templates/' . $template_name;
 
-if(!file_exists($template_path . '/index.php') &&
-	!file_exists($template_path . '/template.php') &&
-	!file_exists($template_path . '/layout.php'))
+if(!file_exists(BASE . $template_path . '/index.php') &&
+	!file_exists(BASE . $template_path . '/template.php') &&
+	!file_exists(BASE . $template_path . '/layout.php'))
 {
 	$template_name = 'kathrine';
-	$template_path = TEMPLATES . $template_name;
+	$template_path = 'templates/' . $template_name;
 }
 
-$file = $template_path . '/config.ini';
+$file = BASE . $template_path . '/config.ini';
 $exists = file_exists($file);
-if($exists || ($config['backward_support'] && file_exists($template_path . '/layout_config.ini')))
+if($exists || ($config['backward_support'] && file_exists(BASE . $template_path . '/layout_config.ini')))
 {
 	if(!$exists)
-		$file = $template_path . '/layout_config.ini';
+		$file = BASE . $template_path . '/layout_config.ini';
 
 	if($cache->enabled())
 	{
@@ -69,8 +65,8 @@ if($exists || ($config['backward_support'] && file_exists($template_path . '/lay
 	foreach($template_ini as $key => $value)
 		$config[$key] = $value;
 }
-else if(file_exists($template_path . '/config.php'))
-	require($template_path . '/config.php');
+else if(file_exists(BASE . $template_path . '/config.php'))
+	require(BASE . $template_path . '/config.php');
 
 $template = array();
 $template['link_account_manage'] = getLink('account/manage');

system/templates/account.management.html.twig

@@ -51,7 +51,17 @@
 	<div id="two">
 		<h1>My account</h1>
 		<p>Welcome to your account page, {{ account }}<br>
-			You have {{ account_logged.getPremDays() }} days remaining premium account.</p>
+			{% if config.lua.freePremium %}
+			You have unlimited Premium Account.
+			{% else %}
+				{% set premiumDays = account_logged.getPremDays() %}
+				{% if premiumDays == 0 %}
+				You don't have Premium Account
+				{% else %}
+				You have {{ premiumDays }} days remaining Premium Account.
+				{% endif %}
+			{% endif %}
+		</p>
 
 		{# if account dont have recovery key show hint #}
 		{% if recovery_key is empty %}
@@ -74,6 +84,7 @@
 			</div>
 		<br/><br/>
 		{% endif %}
+		<a name="General+Information"></a>
 		<h2>General Information</h2>
 		<table width="100%">
 			<tr style="background-color: {{ config.lightborder }};" >
@@ -108,6 +119,7 @@
 			{% endautoescape %}
 		</table>
 		<br/>
+		<a name="Public+Information"></a>
 		<h2>Public Information</h2>
 		<table width="100%">
 			<tr style="background-color: {{ config.lightborder }};" >
@@ -123,6 +135,7 @@
 			<input type="submit" value="Change Info" />
 		</form>
 		<br/>
+		<a name="Account+Logs" ></a>
 		<h2>Action Log</h2>
 		<table>
 			<tr bgcolor="{{ config.vdarkborder }}" class="white">
@@ -141,6 +154,7 @@
 			{% endautoescape %}
 		</table>
 		<br/>
+		<a name="Characters" ></a>
 		<h2>Character list: {{ players|length }} characters.</h2>
 		<table>
 			<tr bgcolor="{{ config.vdarkborder }}" class="white">
@@ -150,7 +164,7 @@
 			{% for player in players %}
 				{% set i = i + 1 %}
 				<tr bgcolor="{{ getStyle(i) }}">
-					<td><a href="{{ getLink('characters/' ~ player.getName()|urlencode) }}">{{ player.getName() }}</a></td><td>{{ player.getLevel() }}</td><td>{{ config.vocations[player.getVocation()] }}</td><td>{{ config.towns[player.getTownId()] }}</td><td>{% if player.getLastLogin() > 0 %}{{ player.getLastLogin|date('d F Y (H:i)') }}{% else %}Never.{% endif %}</td><td>{%  if player.isOnline() %}<font color="green">ONLINE</font>{% else %}<font color="red">Offline</font>{% endif %}</td><td>{% if player.isHidden() %}Hidden{% else %}Visible{% endif %}</td><td>[<a href="{{ getLink('account/character/comment/' ~ player.getName|urlencode) }}" >Edit</a>]</td>
+					<td><a href="{{ getLink('characters/' ~ player.getName()|urlencode) }}">{{ player.getName() }}</a></td><td>{{ player.getLevel() }}</td><td>{{ player.getVocationName() }}</td><td>{{ config.towns[player.getTownId()] }}</td><td>{% if player.getLastLogin() > 0 %}{{ player.getLastLogin|date('d F Y (H:i)') }}{% else %}Never.{% endif %}</td><td>{%  if player.isOnline() %}<font color="green">ONLINE</font>{% else %}<font color="red">Offline</font>{% endif %}</td><td>{% if player.isHidden() %}Hidden{% else %}Visible{% endif %}</td><td>[<a href="{{ getLink('account/character/comment/' ~ player.getName|urlencode) }}" >Edit</a>]</td>
 				</tr>
 			{% endfor %}
 		</table>

system/templates/admin.dashboard.html.twig

@@ -35,7 +35,7 @@
 	{% if status.online %}
 	<p class="success" style="width: 150px; text-align: center;">Status: Online<br/>
 		{{ status.uptimeReadable }}, {{ status.players }}/{{ status.playersMax }}<br/>
-		{{ status.lua.ip }} : {{ status.lua.loginPort }}
+		{{ config.lua.ip }} : {{ config.lua.loginPort }}
 		<br/><br/><u><a id="more-button" href="#"></a></u>
 
 		<span id="status-more">
@@ -74,4 +74,4 @@
         return false;
     });
 </script>
-{% endif %}
+{% endif %}

system/templates/admin.mailer.html.twig

@@ -3,8 +3,8 @@
 	tinymce.init({
 		selector : "textarea",
 		theme : "modern",
-        plugins: 'print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help code',
-        toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
+        plugins: 'print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help code emoticons',
+        toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | emoticons link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
 		image_advtab: true,
 		relative_urls : false,
 		remove_script_host : false,

system/templates/admin.pages.form.html.twig

@@ -19,7 +19,12 @@
 					</tr>
 					<tr>
 						<td>PHP:</td>
-						<td><input type="checkbox" id="php" name="php" title="Check if page should be executed as PHP" value="1"{% if php %} checked="true"{% endif %}{% if action == 'edit' %} disabled{% endif %}/></td>
+						<td>
+							<input type="checkbox" id="php" name="php" title="Check if page should be executed as PHP" value="1"{% if php %} checked="true"{% endif %}{% if action == 'edit' %} disabled{% endif %}/>
+							{% if action == 'edit' %}
+								<input type="hidden" name="php" value="{% if php %}1{% else %}0{% endif %}"/>
+							{% endif %}
+						</td>
 					</tr>
 					<tr>
 						<td>Content:</td>
@@ -74,8 +79,8 @@
 			tinymce.init({
 				selector : "#body",
 				theme : "modern",
-				plugins: 'code print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help',
-				toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
+				plugins: 'code print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help emoticons',
+				toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | emoticons link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
 				image_advtab: true,
 				relative_urls : false,
 				remove_script_host : false,

system/templates/changelog.html.twig

@@ -23,7 +23,7 @@
 		{% endfor %}
 	{% else %}
 	<tr>
-		<td bgcolor="{{ config.lightborder }}">There are no change logs for the moment.</td>
+		<td colspan="4" bgcolor="{{ config.darkborder }}">There are no changelogs for the moment.</td>
 	</tr>
 	{% endif %}
 	

system/templates/characters.html.twig

@@ -256,10 +256,11 @@
 			</tr>
 			{% set i = 0 %}
 			{% for frag in frags %}
-			<tr bgcolor="'{{ getStyle(i) }}">
+			<tr bgcolor="{{ getStyle(i) }}">
 				<td width="20%" align="center">{{ frag.time|date("j M Y, H:i") }}</td>
 				<td>{{ frag.description|raw }}({% if frag.unjustified %}<font size="1" color="red">Unjustified</font>{% else %}<font size="1" color="green">Justified</font>{% endif %})</td>
 			</tr>
+			{% set i = i + 1 %}
 			{% endfor %}
 		</table>
 		<!-- FRAGS_END -->
@@ -380,12 +381,8 @@
 				<td>
 					<nobr>{{ i }}.&#160;{{ player.getName() }}{% if player.isDeleted() %}<font color="red"> [DELETED]</font>{% endif %}</nobr>
 				</td>
-				{% set vocation = 'Unknown' %}
-				{% if config.vocations[player.getVocation()] is defined %}
-					{% set vocation = config.vocations[player.getVocation()] %}
-				{% endif %}
 
-				<td>{{ player.getLevel() }} {{ vocation }}</td>
+				<td>{{ player.getLevel() }} {{ player.getVocationName() }}</td>
 				<td>{% if player.isOnline() %}<b><font color="green">Online</font></b>{% endif %}</td>
 				<td>
 					<table border="0" cellspacing="0" cellpadding="0">

system/templates/faq.html.twig

@@ -17,9 +17,9 @@
 		{% set i = i + 1 %}
 	<tr bgcolor="{{ getStyle(i) }}">
 		<td colspan="2" style="cursor: pointer;" onclick="toggleVisibility('faq_{{ i }}'); return false;">
-			<b>{{ faq.question }}</b>
+			<b>{{ faq.question|raw }}</b>
 
-			<div id="faq_{{ i }}" style="display: none;">{{ faq.answer }}</div>
+			<div id="faq_{{ i }}" style="display: none;">{{ faq.answer|raw }}</div>
 		</td>
 		{% if canEdit %}
 			<td>

system/templates/forum.edit_post.html.twig

@@ -22,21 +22,27 @@
 		</tr>
 		<tr bgcolor="{{ config.lightborder }}">
 			<td><b>Topic:</b></td>
-			<td><input type="text" value="{{ topic|raw }}" name="topic" size="40" maxlength="60" /> (Optional)</td>
+			<td><input type="text" value="{{ post_topic|raw }}" name="topic" size="40" maxlength="60" /> (Optional)</td>
 		</tr>
 		<tr bgcolor="{{ config.darkborder }}">
 			<td valign="top"><b>Message:</b><font size="1"><br/>You can use:<br/>[player]Nick[/player]<br />[url]http://address.com/[/url]<br />[img]http://images.com/images3.gif[/img]<br />[code]Code[/code]<br />[b]<b>Text</b>[/b]<br />[i]<i>Text</i>[/i]<br/>[u]<u>Text</u>[/u]<br />and smileys:<br />;) , :) , :D , :( , :rolleyes:<br />:cool: , :eek: , :o , :p</font>
 			</td>
 			<td>
-				<textarea rows="10" cols="60" name="text">{{ text|raw }}</textarea><br />(Max. 15,000 letters)
+				<textarea rows="10" cols="60" name="text">{{ post_text|raw }}</textarea><br />(Max. 15,000 letters)
 			</td>
 		</tr>
 		<tr bgcolor="{{ config.lightborder }}">
 			<td valign="top">Options:</td>
 			<td>
 				<label>
-					<input type="checkbox" name="smile" value="1"{% if smile == 1 %} checked="checked"{% endif %}/>Disable Smileys in This Post
+					<input type="checkbox" name="smile" value="1"{% if post_smile %} checked="checked"{% endif %}/>Disable Smileys in This Post
 				</label>
+				{% if canEdit %}
+					<br/>
+					<label>
+						<input type="checkbox" name="html" value="1"{% if post_html %} checked="checked"{% endif %}/>Enable HTML in this post (moderator only)
+					</label>
+				{% endif %}
 			</td>
 		</tr>
 	</table>

system/templates/forum.new_post.html.twig

@@ -28,7 +28,17 @@
 		</tr>
 		<tr bgcolor="{{ config.lightborder }}">
 			<td valign="top">Options:</td>
-			<td><label><input type="checkbox" name="smile" value="1"{% if post_smile == 1 %} checked="checked"{% endif %}/>Disable Smileys in This Post </label></td>
+			<td>
+				<label>
+					<input type="checkbox" name="smile" value="1"{% if post_smile %} checked="checked"{% endif %}/>Disable Smileys in This Post
+				</label>
+				{% if canEdit %}
+					<br/>
+					<label>
+						<input type="checkbox" name="html" value="1"{% if post_html %} checked="checked"{% endif %}/>Enable HTML in this post (moderator only)
+					</label>
+				{% endif %}
+			</td>
 		</tr>
 	</table>
 	<center>

system/templates/forum.new_thread.html.twig

@@ -25,11 +25,21 @@
 		</tr>
 		<tr bgcolor="{{ config.darkborder }}">
 			<td valign="top"><b>Message:</b><font size="1"><br />You can use:<br />[player]Nick[/player]<br />[url]http://address.com/[/url]<br />[img]http://images.com/images3.gif[/img]<br />[code]Code[/code]<br />[b]<b>Text</b>[/b]<br />[i]<i>Text</i>[/i]<br />[u]<u>Text</u>[/u]<br />and smileys:<br />;) , :) , :D , :( , :rolleyes:<br />:cool: , :eek: , :o , :p</font></td>
-			<td><textarea rows="10" cols="60" name="text">{{ text|escape }}</textarea><br />(Max. 15,000 letters)</td>
+			<td><textarea rows="10" cols="60" name="text">{{ post_text|escape }}</textarea><br />(Max. 15,000 letters)</td>
 		</tr>
 		<tr bgcolor="{{ config.lightborder }}">
 			<td valign="top">Options:</td>
-			<td><label><input type="checkbox" name="smile" value="1"{% if smiles_enabled %} checked="checked"{% endif %}/>Disable Smileys in This Post </label></td>
+			<td>
+				<label>
+					<input type="checkbox" name="smile" value="1"{% if post_smile %} checked="checked"{% endif %}/>Disable Smileys in This Post
+				</label>
+				{% if canEdit %}
+				<br/>
+				<label>
+					<input type="checkbox" name="html" value="1"{% if post_html %} checked="checked"{% endif %}/>Enable HTML in this post (moderator only)
+				</label>
+			{% endif %}
+			</td>
 		</tr>
 	</table>
 	<center>

system/templates/news.add.html.twig

@@ -1,17 +1,7 @@
-<script type="text/javascript" src="{{ constant('BASE_URL') }}tools/tinymce/tinymce.min.js"></script>
-<script type="text/javascript">
-	tinymce.init({
-		selector : "#body",
-		theme : "modern",
-		plugins: 'print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help code',
-		toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
-		image_advtab: true
-	});
-</script>
 {% if action != 'edit' %}
 <a id="news-button" href="#">Add news</a>
 {% endif %}
-<form method="post" action="{{ news_link_form }}">
+<form method="post" action="{{ news_link_form }}" id="news-edit-form">
 	{% if action == 'edit' %}
 	<input type="hidden" name="id" value="{{ news_id }}" />
 	{% endif %}
@@ -47,7 +37,7 @@
 		</tr>
 
 		{% set rows = rows + 1 %}
-		<tr id="article-text" bgcolor="{{ getStyle(rows) }}"{% if article_text is empty %} style="display: none;"{% endif %}>
+		<tr id="article-text" bgcolor="{{ getStyle(rows) }}"{% if type is not defined or type != constant('ARTICLE') %} style="display: none;"{% endif %}>
 			<td><b>Article short text:<br/>This will be displayed on news page.<br/>Rest will be available on "read more" page.</b></td>
 			<td>
 				<textarea name="article_text">{% if article_text is not empty %}{{ article_text }}{% endif %}</textarea>
@@ -55,7 +45,7 @@
 		</tr>
 
 		{% set rows = rows + 1 %}
-		<tr id="article-image" bgcolor="{{ getStyle(rows) }}"{% if article_image is empty %} style="display: none;"{% endif %}>
+		<tr id="article-image" bgcolor="{{ getStyle(rows) }}"{% if type is not defined or type != constant('ARTICLE') %} style="display: none;"{% endif %}>
 			<td><b>Article image:</b></td>
 			<td>
 				<input type="text" name="article_image" value="{% if article_image is not empty %}{{ article_image }}{% else %}images/news/announcement.jpg{% endif %}" />
@@ -121,7 +111,7 @@
 				<input type="submit" value="Submit"/>
 			</td>
 			<td align="left">
-				<input type="button" onclick="window.location = '{{ news_link }}';" value="Cancel"/>
+				<input id="cancel" type="button" value="Cancel"/>
 			</td>
 		</tr>
 	</table>
@@ -150,4 +140,49 @@
 		});
 	});
 </script>
-{% endif %}
+{% endif %}
+<script type="text/javascript" src="{{ constant('BASE_URL') }}tools/tinymce/tinymce.min.js"></script>
+<script type="text/javascript">
+	var unsaved = false;
+	var lastContent = '';
+
+	tinymce.init({
+		selector : "#body",
+		theme : "modern",
+		plugins: 'print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help code emoticons',
+		toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | emoticons link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
+		image_advtab: true,
+		setup: function(ed){
+			ed.on('NodeChange', function(e) {
+				if(ed.getContent() != lastContent) {
+					unsaved = true;
+				}
+			});
+		}
+	});
+
+	$(document).ready(function() {
+		$(":input").change(function(){ //trigers change in all input fields including text type
+			unsaved = true;
+		});
+		
+		$("#cancel").click(function( event ) {
+			unsaved = false;
+			window.location = '{{ news_link }}';
+		});
+
+		$("#news-edit-form").submit(function( event ) {
+			unsaved = false;
+		});
+
+		lastContent = $("#body").val();
+	});
+	
+	function unloadPage(){ 
+		if(unsaved){
+			return "You have unsaved changes on this page. Do you want to leave this page and discard your changes or stay on this page?";
+		}
+	}
+
+	window.onbeforeunload = unloadPage;
+</script>

system/templates/online.html.twig

@@ -14,7 +14,7 @@
 					{% set players_count = players|length %}
 					{% set afk = players_count - status.players %}
 					{% if afk < 0 %}
-						{% set players = players + afk|abs %}
+						{% set players_count = players_count + afk|abs %}
 						{% set afk = 0 %}
 					{% endif %}
 					Currently there are <b>{{ status.players }}</b> active and <b>{{ afk }}</b> AFK players.<br/>
@@ -101,7 +101,7 @@
 			<td>{{ player.country_image|raw }}</td>
 		{% endif %}
 		{% if config.online_outfit %}
-			<td width="5%"><img style="position:absolute;margin-top:{% if player.looktype in  [75, 266, 302] %}-20px;margin-left:-0px;{% else %}-45px;margin-left:-25px;{%  endif %}" src="{{ player.outfit }}" alt="player outfit"/></td>
+			<td width="5%"><img style="position:absolute;margin-top:{% if player.player.looktype in [75, 266, 302] %}-20px;margin-left:-0px;{% else %}-45px;margin-left:-25px;{%  endif %}" src="{{ player.outfit }}" alt="player outfit"/></td>
 		{% endif %}
 			<td>{{ player.name|raw }}{{ player.skull }}</td>
 			<td>{{ player.level }}</td>

templates/kathrine/style.css

@@ -3,7 +3,7 @@
 
 body
 {
-	background: #a7a597 url('images/background.png') no-repeat top left;
+	background: #a7a597 url('images/background.jpg') no-repeat top left;
 	margin: 0px;
 	padding: 0px;
 	font-family: Verdana, Arial, Helvetica, sans-serif;

templates/tibiacom/boxes/highscores.php

@@ -26,12 +26,17 @@
 
   #Topbar a {
   text-decoration: none;
-  cursor: auto;
+  }
+  .online {
+	  color: #008000;
+  }
+  
+  .offline {
+	  color: #FF0000;
   }
   a.topfont {
 	font-family: Verdana, Arial, Helvetica; 
     font-size: 11px; 
-        color: #FF0000;
     text-decoration: none
   }
   a:hover.topfont {
@@ -47,7 +52,7 @@
     <?php
     
     foreach(getTopPlayers(5) as $player) {
-	    echo '<div align="left"><a href="'.getPlayerLink($player['name'], false).'" class="topfont">
+	    echo '<div align="left"><a href="'.getPlayerLink($player['name'], false).'" class="topfont ' . ($player['online'] == 1 ? 'online' : 'offline') . '">
         <font color="#CCC">&nbsp;&nbsp;&nbsp;&nbsp;'.$player['rank'].' - </font>'.$player['name'].'
         <br>
         <small><font color="white">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Level: ('.$player['level'].')</font></small>

templates/tibiacom/config.php

@@ -10,7 +10,7 @@ $config['boxes'] = "highscores,newcomer,gallery,networks,poll";
 $config['network_facebook'] = 'tibia'; // leave empty to disable
 $config['network_twitter'] = 'tibia'; // leave empty to disable
 
-$config['background_image'] = "background-artwork-860.jpg";
+$config['background_image'] = "background-artwork.jpg";
 $config['logo_image'] = "tibia-logo-artwork-top.gif";
 $config['gallery_image'] = 1;
 $config['menu_categories'] = array(