* fixed installation (damn me..)

* otserv 0.6.3: fixed some warning (on the characters page) and fatal
mysql error (on the mango signature)

.gitignore

@@ -0,0 +1,2 @@
+Thumbs.db
+.DS_Store

CHANGELOG

@@ -1,3 +1,57 @@
+[0.7.9 - 13.01.2017]
+	* removed 6mb of trash (some useless things)
+	* (fix) TFS 1.x not showing promoted vocations in highscores
+	* otserv 0.6.x: fixed some warning (on the characters page) and fatal mysql error (on the mango signature)
+	* fixed default stamina on otserv 0.6.x engine (and some others perhaps)
+	* install: change permission check to is_writable
+	* changed highscores_groups_hidden to 3 (for TFS 1.x)
+	* updated background-artwork (tibiacom template) to the latest version, removed other ones
+
+[0.7.8 - 12.01.2017]
+	* fixed installation error " call to undefined method OTS_DB_MySQL::hasColumn()"
+	* updated tinymce to the latest (4.7.4) version
+	* enabled emoticons plugin in tinymce :)
+	* some security fixes
+
+[0.7.7 - 08.01.2018]
+	* important fix for servers with promotion column (caused player.vocation to be resetted when saving player, for example: on change name, accept invite to guild, leave guild)
+	* immediately reload config.lua when there's change in config.server_path detected
+	* added new forum option: "Enable HTML" (only for moderators)
+	* fixed othire default column value (#26)
+	* fixed saving custom vocations in admin panel (#36)
+	* fixed warning in highscores when vocation doesn't exist
+	* fixed characters page - config.characters.frags "Notice: Use of undefined constant"
+	* fixed getBoolean function when boolean is passed
+	* fixed empty success message on leave guild
+	* fixed displaying premium account days
+	* function OTS_Account:getPremDays will now return -1 if there's freePremium configurable enabled on the server
+	* fixed tr bgcolor in characters view (Frags) (#38)
+	* fixed some warning in guild show
+	* fixed PHP warning about country not existing on online and characters pages
+	* fixed forum bbcode parsing
+	* don't add extra <br/> to the TinyMCE news forum posts
+	* (internal) using $player->getVocationName() where possible instead of older method
+
+[0.7.6 - 05.01.2017]
+	* fixed othire account creating/installation
+	* fixed table name players -> players_online
+	* fixed unexpected error logging about email fail
+	* added max_execution_time to the install finish step
+	* some small fix regarding highscores vocation box
+
+[0.7.5 - 04.01.2017]
+	* fixed bug on othire with config.account_premium_days
+	* fixed bug on TFS 1.x when online_afk is enabled
+	* warning about leaving news page with changes
+	* added player status to tibiacom top 5 highscores box
+	* save detected country on create account in session
+	* fixed getPremDays and isPremium functions (newest 11.x engines are bugged when it comes to PACC, its not fault of MyAAC)
+	* fix when there are no changelogs or highscores yet
+	* small fix regarding getTopPlayers function which was ignoring $limit variable
+	* fixed news adding when type != ARTICLE
+	* fixed template path finding
+	* fixed displaying article_text when it was empty saved
+
 [0.7.4 - 24.12.2017]
 	* fixed mysql fatal error on tibiacom template - top 5 box
 	* fixed displaying of level percent bar on tibian signature

common.php

@@ -26,8 +26,8 @@
 session_start();
 
 define('MYAAC', true);
-define('MYAAC_VERSION', '0.7.4');
-define('DATABASE_VERSION', 20);
+define('MYAAC_VERSION', '0.7.9');
+define('DATABASE_VERSION', 21);
 define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));
 define('MYAAC_OS', (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? 'WINDOWS' : (strtoupper(PHP_OS) == 'DARWIN' ? 'MAC' : 'LINUX'));

config.php

@@ -75,7 +75,7 @@ $config = array(
 
 	// images
 	'outfit_images_url' => 'http://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
-	'item_images_url' => 'http://item-images.ots.me/960/', // set to images/items if you host your own items in images folder
+	'item_images_url' => 'http://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
 
 	// account
 	'account_management' => true, // disable if you're using other method to manage users (fe. tfs account manager)
@@ -185,7 +185,7 @@ $config = array(
 	'highscores_frags' => false, // show 'Frags' tab (best fraggers on the server)? Only 0.3
 	'highscores_outfit' => true, // show player outfit?
 	'highscores_country_box' => false, // doesnt work yet! (not implemented)
-	'highscores_groups_hidden' => 4, // this group id and higher won't be shown on the highscores
+	'highscores_groups_hidden' => 3, // this group id and higher won't be shown on the highscores
 	'highscores_ids_hidden' => array(0), // this ids of players will be hidden on the highscores (should be ids of samples)
 	'highscores_length' => 100, // how many records per page on highscores
 

index.php

@@ -51,7 +51,7 @@ if(preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
 	include(TOOLS . 'signature/index.php');
 	exit();
 }
-else if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz)$/i", $_SERVER['REQUEST_URI'])) {
+else if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
 	header("HTTP/1.0 404 Not Found");
 	exit;
 }
@@ -176,21 +176,17 @@ if(fetchDatabaseConfig('database_version', $tmp)) { // we got version
 	$tmp = (int)$tmp;
 	if($tmp < DATABASE_VERSION) { // import if older
 		for($i = $tmp + 1; $i <= DATABASE_VERSION; $i++) {
-			$file = SYSTEM . 'migrations/' . $i . '.php';
-			if(file_exists($file)) {
-				require($file);
+			require(SYSTEM . 'migrations/' . $i . '.php');
+			updateDatabaseConfig('database_version', $i);
 		}
 	}
-		
-		updateDatabaseConfig('database_version', DATABASE_VERSION);
-	}
 }
 else { // register first version
+	registerDatabaseConfig('database_version', 0);
 	for($i = 1; $i <= DATABASE_VERSION; $i++) {
 		require(SYSTEM . 'migrations/' . $i . '.php');
+		updateDatabaseConfig('database_version', $i);
 	}
-
-	registerDatabaseConfig('database_version', DATABASE_VERSION);
 }
 
 // event system

install/includes/schema.sql

@@ -109,6 +109,7 @@ CREATE TABLE `myaac_forum`
 	`post_text` text NOT NULL,
 	`post_topic` varchar(255) NOT NULL DEFAULT '',
 	`post_smile` tinyint(1) NOT NULL default '0',
+	`post_html` tinyint(1) NOT NULL default '0',
 	`post_date` int(20) NOT NULL default '0',
 	`last_edit_aid` int(20) NOT NULL default '0',
 	`edit_date` int(20) NOT NULL default '0',

install/steps/3-requirements.php

@@ -25,8 +25,8 @@ $failed = false;
 version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50300), PHP_VERSION);
 foreach(array('config.local.php', 'images/guilds', 'images/houses', 'images/gallery') as $value)
 {
-	$perms = (int) substr(decoct(fileperms(BASE . $value)), 2);
-	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $perms >= 660);
+	$is_writable = is_writable(BASE . $value);
+	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $is_writable);
 }
 
 $ini_register_globals = ini_get_bool('register_globals');

install/steps/5-database.php

@@ -219,6 +219,17 @@ if(!$error) {
 				if(query("ALTER TABLE `players` ADD `comment` TEXT NOT NULL;"))
 					success($locale['step_database_adding_field'] . ' players.comment...');
 			}
+			
+			if(fieldExist('rank_id', 'players')) {
+				if(query("ALTER TABLE players MODIFY `rank_id` INT(11) NOT NULL DEFAULT 0;"))
+					success($locale['step_database_modifying_field'] . ' players.rank_id...');
+			
+				if(fieldExist('guildnick', 'players')) {
+					if(query("ALTER TABLE players MODIFY `guildnick` VARCHAR(255) NOT NULL DEFAULT '';")) {
+						success($locale['step_database_modifying_field'] . ' players.guildnick...');
+					}
+				}
+			}
 		}
 		
 		if(!$error && (!isset($_SESSION['saved']))) {

install/steps/7-finish.php

@@ -1,6 +1,7 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
+ini_set('max_execution_time', 300);
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
 }

system/functions.php

@@ -156,6 +156,10 @@ function getFlagImage($country)
 	if(!isset($config['countries']))
 		require(SYSTEM . 'countries.conf.php');
 
+	if(!isset($config['countries'][$country])) {
+		return '';
+	}
+	
 	return '<img src="images/flags/' . $country . '.gif" title="' . $config['countries'][$country]. '"/>';
 }
 
@@ -167,7 +171,9 @@ function getFlagImage($country)
  */
 function getBoolean($v)
 {
-	if(!$v || !isset($v[0])) return false;
+	if(is_bool($v)) {
+		return $v;
+	}
 
 	if(is_numeric($v))
 		return intval($v) > 0;
@@ -573,7 +579,7 @@ function getCreatureName($killer, $showStatus = false, $extendedInfo = false)
 
 			$str .= '<font color="'.($player->isOnline() ? 'green' : 'red').'">' . $player->getName() . '</font></b></a>';
 			if($extendedInfo) {
-				$str .= '<br><small>'.$player->getLevel().' '.$config['vocations'][$player->getVocation()].'</small>';
+				$str .= '<br><small>'.$player->getLevel().' '.$player->getVocationName().'</small>';
 			}
 			return $str;
 		}
@@ -971,7 +977,15 @@ function getTopPlayers($limit = 5) {
 		if(fieldExist('deletion', 'players'))
 			$deleted = 'deletion';
 
-		$players = $db->query('SELECT `name`, `level`, `experience` FROM `players` WHERE `group_id` < ' . $config['highscores_groups_hidden'] . ' AND `id` NOT IN (' . implode(', ', $config['highscores_ids_hidden']) . ') AND `' . $deleted . '` = 0 AND `account_id` != 1 ORDER BY `experience` DESC LIMIT 5')->fetchAll();
+		$is_tfs10 = tableExist('players_online');
+		$players = $db->query('SELECT `id`, `name`, `level`, `experience`' . ($is_tfs10 ? '' : ', `online`') . ' FROM `players` WHERE `group_id` < ' . $config['highscores_groups_hidden'] . ' AND `id` NOT IN (' . implode(', ', $config['highscores_ids_hidden']) . ') AND `' . $deleted . '` = 0 AND `account_id` != 1 ORDER BY `experience` DESC LIMIT ' . (int)$limit)->fetchAll();
+
+		if($is_tfs10) {
+			foreach($players as &$player) {
+				$query = $db->query('SELECT `player_id` FROM `players_online` WHERE `player_id` = ' . $player['id']);
+				$player['online'] = ($query->rowCount() > 0 ? 1 : 0);
+			}
+		}
 
 		$i = 0;
 		foreach($players as &$player) {

system/init.php

@@ -8,14 +8,14 @@
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
+
 // load configuration
 require_once(BASE . 'config.php');
 if(file_exists(BASE . 'config.local.php')) // user customizations
 	require(BASE . 'config.local.php');
 
 if(!isset($config['installed']) || !$config['installed']) {
-	header('Location: ' . BASE_URL);
-	die('AAC has not been installed yet or there was error during installation. Please install again.');
+	die('MyAAC has not been installed yet or there was error during installation. Please install again.');
 }
 
 date_default_timezone_set($config['date_timezone']);
@@ -87,21 +87,26 @@ if(isset($_REQUEST))
 }
 
 // load otserv config file
-$tmp = '';
-if($cache->enabled() && $cache->fetch('config_lua', $tmp)) {
+$config_lua_reload = true;
+if($cache->enabled()) {
+	$tmp = null;
+	if($cache->fetch('server_path', $tmp) && $tmp == $config['server_path']) {
+		$tmp = null;
+		if($cache->fetch('config_lua', $tmp) && $tmp) {
 			$config['lua'] = unserialize($tmp);
-	/*if(isset($config['lua']['myaac'][0])) {
-		foreach($config['lua']['myaac'] as $key => $value)
-			$config[$key] = $value;
-	}*/
+			$config_lua_reload = false;
+		}
+	}
 }
-else
-{
+
+if($config_lua_reload) {
 	$config['lua'] = load_config_lua($config['server_path'] . 'config.lua');
 
 	// cache config
-	if($cache->enabled())
+	if($cache->enabled()) {
 		$cache->set('config_lua', serialize($config['lua']), 120);
+		$cache->set('server_path', $config['server_path']);
+	}
 }
 unset($tmp);
 

system/libs/forum.php

@@ -37,7 +37,20 @@ class Forum
 	{
 		global $db;
 		$thread_id = 0;
-		if($db->insert(TABLE_PREFIX . 'forum', array('first_post' => 0, 'last_post' => time(), 'section' => $section_id, 'replies' => 0, 'views' => 0, 'author_aid' => isset($account_id) ? $account_id : 0, 'author_guid' => isset($player_id) ? $player_id : 0, 'post_text' => $body, 'post_topic' => $title, 'post_smile' => 0, 'post_date' => time(), 'last_edit_aid' => 0, 'edit_date' => 0, 'post_ip' => $_SERVER['REMOTE_ADDR']))) {
+		if($db->insert(TABLE_PREFIX . 'forum', array(
+			'first_post' => 0,
+			'last_post' => time(),
+			'section' => $section_id,
+			'replies' => 0,
+			'views' => 0,
+			'author_aid' => isset($account_id) ? $account_id : 0,
+			'author_guid' => isset($player_id) ? $player_id : 0,
+			'post_text' => $body, 'post_topic' => $title,
+			'post_smile' => 0, 'post_html' => 1,
+			'post_date' => time(),
+			'last_edit_aid' => 0, 'edit_date' => 0,
+			'post_ip' => $_SERVER['REMOTE_ADDR']
+		))) {
 			$thread_id = $db->lastInsertId();
 			$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `first_post`=".(int) $thread_id." WHERE `id` = ".(int) $thread_id);
 		}
@@ -45,7 +58,7 @@ class Forum
 		return $thread_id;
 	}
 	
-	static public function add_post($thread_id, $section, $author_aid, $author_guid, $post_text, $post_topic, $smile)
+	static public function add_post($thread_id, $section, $author_aid, $author_guid, $post_text, $post_topic, $smile, $html)
 	{
 		global $db;
 		$db->insert(TABLE_PREFIX . 'forum', array(
@@ -56,6 +69,7 @@ class Forum
 			'post_text' => $post_text,
 			'post_topic' => $post_topic,
 			'post_smile' => $smile,
+			'post_html' => $html,
 			'post_date' => time(),
 			'post_ip' => $_SERVER['REMOTE_ADDR']
 		));
@@ -232,16 +246,20 @@ class Forum
 		foreach($tags as $search => $replace)
 			$text = preg_replace($search, $replace, $text);
 		
-		return ($smiles == 0 ? Forum::parseSmiles($text) : $text);
+		return ($smiles ? Forum::parseSmiles($text) : $text);
 	}
 	
-	public static function showPost($topic, $text, $smiles)
+	public static function showPost($topic, $text, $smiles = true, $html = false)
 	{
-		$text = nl2br($text);
+		if($html) {
+			return '<b>' . $topic . '</b><hr />' . $text;
+		}
+
 		$post = '';
 		if(!empty($topic))
-			$post .= '<b>'.($smiles == 0 ? self::parseSmiles($topic) : $topic).'</b><hr />';
-		$post .= self::parseBBCode($text, $smiles);
+			$post .= '<b>'.($smiles ? self::parseSmiles($topic) : $topic).'</b><hr />';
+
+		$post .= self::parseBBCode(nl2br($text), $smiles);
 		return $post;
 	}
 	

system/libs/plugins.php

@@ -10,6 +10,34 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
+function is_sub_dir($path = NULL, $parent_folder = SITE_PATH) {
+	
+	//Get directory path minus last folder
+	$dir = dirname($path);
+	$folder = substr($path, strlen($dir));
+	
+	//Check the the base dir is valid
+	$dir = realpath($dir);
+	
+	//Only allow valid filename characters
+	$folder = preg_replace('/[^a-z0-9\.\-_]/i', '', $folder);
+	
+	//If this is a bad path or a bad end folder name
+	if( !$dir OR !$folder OR $folder === '.') {
+		return FALSE;
+	}
+	
+	//Rebuild path
+	$path = $dir. '/' . $folder;
+	
+	//If this path is higher than the parent folder
+	if( strcasecmp($path, $parent_folder) > 0 ) {
+		return $path;
+	}
+	
+	return FALSE;
+}
+
 class Plugins {
 	private static $warnings = array();
 	private static $error = null;
@@ -160,16 +188,32 @@ class Plugins {
 				else {
 					$success = true;
 					foreach($plugin_info['uninstall'] as $file) {
-						$file = BASE . $file;
-						if(!deleteDirectory($file)) {
+						if(strpos($file, '/') === 0) {
 							$success = false;
+							self::$error = "You cannot use absolute paths (starting with slash - '/'): " . $file;
+							break;
+						}
+						
+						$file = BASE . $file;
+						if(!is_sub_dir($file, BASE) || realpath(dirname($file)) != dirname($file)) {
+							$success = false;
+							self::$error = "You don't have rights to delete: " . $file;
+							break;
+						}
+					}
+
+					if($success) {
+						foreach($plugin_info['uninstall'] as $file) {
+							if(!deleteDirectory(BASE . $file)) {
+								self::$warnings[] = 'Cannot delete: ' . $$file;
+							}
 						}
 					}
 
 					if (isset($plugin_info['hooks'])) {
 						foreach ($plugin_info['hooks'] as $_name => $info) {
 							if (defined('HOOK_'. $info['type'])) {
-								$hook = constant('HOOK_'. $info['type']);
+								//$hook = constant('HOOK_'. $info['type']);
 								$query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'hooks` WHERE `name` = ' . $db->quote($_name) . ';');
 								if ($query->rowCount() == 1) { // found something
 									$query = $query->fetch();
@@ -187,9 +231,6 @@ class Plugins {
 						
 						return true;
 					}
-					else {
-						self::$error = error_get_last();
-					}
 				}
 			}
 		}

system/libs/pot/OTS_Account.php

@@ -39,7 +39,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
  * @var array
  * @version 0.1.5
  */
-    private $data = array('email' => '', 'blocked' => false, 'rlname' => '','location' => '','web_flags' => 0,'lastday' => 0,'premdays' => 0, 'created' => 0);
+    private $data = array('email' => '', 'blocked' => false, 'rlname' => '','location' => '','web_flags' => 0, 'lastday' => 0, 'premdays' => 0, 'created' => 0);
 
 /**
  * Creates new account.
@@ -170,7 +170,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
     public function load($id)
     {
         // SELECT query on database
-        $this->data = $this->db->query('SELECT `id`, ' . (fieldExist('name', 'accounts') ? '`name`,' : '') . '`password`, `email`, ' . $this->db->fieldName('blocked') . ', ' . $this->db->fieldName('rlname') . ', ' . $this->db->fieldName('location') . ', ' . $this->db->fieldName('web_flags') . ', ' . (fieldExist('premdays', 'accounts') ? $this->db->fieldName('premdays') . ',' : '') . (fieldExist('lastday', 'accounts') ? $this->db->fieldName('lastday') . ',' : (fieldExist('premend', 'accounts') ?  $this->db->fieldName('premend') . ' as `lastday`,' : '')) . $this->db->fieldName('created') . ' FROM ' . $this->db->tableName('accounts') . ' WHERE ' . $this->db->fieldName('id') . ' = ' . (int) $id)->fetch();
+        $this->data = $this->db->query('SELECT `id`, ' . (fieldExist('name', 'accounts') ? '`name`,' : '') . '`password`, `email`, ' . $this->db->fieldName('blocked') . ', ' . $this->db->fieldName('rlname') . ', ' . $this->db->fieldName('location') . ', ' . $this->db->fieldName('web_flags') . ', ' . (fieldExist('premdays', 'accounts') ? $this->db->fieldName('premdays') . ',' : '') . (fieldExist('lastday', 'accounts') ? $this->db->fieldName('lastday') . ',' : (fieldExist('premend', 'accounts') ?  $this->db->fieldName('premend') . ',' : '')) . $this->db->fieldName('created') . ' FROM ' . $this->db->tableName('accounts') . ' WHERE ' . $this->db->fieldName('id') . ' = ' . (int) $id)->fetch();
     }
 
 /**
@@ -249,12 +249,16 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
             throw new E_OTS_NotLoaded();
         }
 
-		$lastday = 'lastday';
-		if(fieldExist('premend', 'accounts'))
-			$lastday = 'premend';
+	$field = 'lastday';
+	if(fieldExist('premend', 'accounts')) { // othire
+    		$field = 'premend';
+		if(!isset($this->data['premend'])) {
+			$this->data['premend'] = 0;
+		}
+	}
 
         // UPDATE query on database
-        $this->db->query('UPDATE `accounts` SET ' . (fieldExist('name', 'accounts') ? '`name` = ' . $this->db->quote($this->data['name']) . ',' : '') . '`password` = ' . $this->db->quote($this->data['password']) . ', `email` = ' . $this->db->quote($this->data['email']) . ', `blocked` = ' . (int) $this->data['blocked'] . ', `rlname` = ' . $this->db->quote($this->data['rlname']) . ', `location` = ' . $this->db->quote($this->data['location']) . ', `web_flags` = ' . (int) $this->data['web_flags'] . ', ' . (fieldExist('premdays', 'accounts') ? '`premdays` = ' . (int) $this->data['premdays'] . ',' : '') . '`' . $lastday . '` = ' . (int) $this->data['lastday'] . ' WHERE `id` = ' . $this->data['id']);
+        $this->db->query('UPDATE `accounts` SET ' . (fieldExist('name', 'accounts') ? '`name` = ' . $this->db->quote($this->data['name']) . ',' : '') . '`password` = ' . $this->db->quote($this->data['password']) . ', `email` = ' . $this->db->quote($this->data['email']) . ', `blocked` = ' . (int) $this->data['blocked'] . ', `rlname` = ' . $this->db->quote($this->data['rlname']) . ', `location` = ' . $this->db->quote($this->data['location']) . ', `web_flags` = ' . (int) $this->data['web_flags'] . ', ' . (fieldExist('premdays', 'accounts') ? '`premdays` = ' . (int) $this->data['premdays'] . ',' : '') . '`' . $field . '` = ' . (int) $this->data[$field] . ' WHERE `id` = ' . $this->data['id']);
     }
 
 /**
@@ -329,19 +333,21 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 
 	public function getPremDays()
 	{
-        if( !isset($this->data['lastday']) )
-        {
+		if(!isset($this->data['lastday']) && !isset($this->data['premend'])) {
 			throw new E_OTS_NotLoaded();
 		}
 
-		if(fieldExist('premdays', 'accounts'))
-			return $this->data['premdays'];
+		if(isset($this->data['premend'])) {
+			return round(($this->data['premend'] - time()) / (24 * 60 * 60), 2);
+		}
 
-        if($this->data['lastday'] == 0)
+		if($this->data['premdays'] == 0) {
 			return 0;
+		}
 
-		return round(($this->data['lastday'] - time()) / (24 * 60 * 60), 3);
-        //return $this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday']));
+		global $config;
+        if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return -1;
+		return $this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday']));
 	}
 
    public function getLastLogin()
@@ -358,11 +364,12 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
     {
 		global $config;
         if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return true;
-		if(fieldExist('premdays', 'accounts'))
-			return $this->data['premdays'] > 0;
 
-		return $this->data['lastday'] > time();
-        //return ($this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday'])) > 0);
+		if(isset($this->data['premend'])) {
+			return $this->data['premend'] > time();
+		}
+
+		return ($this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday'])) > 0);
 	}
 
     public function getCreated()

system/libs/pot/OTS_Player.php

@@ -216,11 +216,6 @@ class OTS_Player extends OTS_Row_DAO
 		if(!isset($this->data['rank_id']) || $this->data['rank_id'] == NULL)
 			$this->data['rank_id'] = 0;
 
-		if(isset($this->data['promotion'])) {
-			global $config;
-			if((int)$this->data['promotion'] > 0)
-				$this->data['vocation'] += ($this->data['promotion'] * $config['vocations_amount']);
-		}
         // loads skills
         if( $this->isLoaded() )
         {
@@ -820,6 +815,12 @@ class OTS_Player extends OTS_Row_DAO
             throw new E_OTS_NotLoaded();
         }
 
+		if(isset($this->data['promotion'])) {
+			global $config;
+			if((int)$this->data['promotion'] > 0)
+				return ($this->data['vocation'] + ($this->data['promotion'] * $config['vocations_amount']));
+		}
+
         return $this->data['vocation'];
     }
 
@@ -2895,7 +2896,12 @@ class OTS_Player extends OTS_Row_DAO
         }
 
 		global $config;
-		return $config['vocations'][$this->data['vocation']];
+		$voc = $this->getVocation();
+		if(!isset($config['vocations'][$voc])) {
+			return 'Unknown';
+		}
+
+		return $config['vocations'][$voc];
         //return POT::getInstance()->getVocationsList()->getVocationName($this->data['vocation']);
     }
 

system/migrations/21.php

@@ -0,0 +1,14 @@
+<?php
+
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "forum` ADD `post_html` TINYINT(1) NOT NULL DEFAULT 0 AFTER `post_smile`;");
+
+$query = $db->query("SELECT `id` FROM `" . TABLE_PREFIX . "forum_boards` WHERE `name` LIKE " . $db->quote('News') . " LIMIT 1;");
+if($query->rowCount() == 0) {
+	return; // don't make anything
+}
+
+$query = $query->fetch();
+$id = $query['id'];
+
+// update all forum threads with is_html = 1
+$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `post_html` = 1 WHERE `section` = " . $id . " AND `id` = `first_post`;");

system/pages/account/create_character.php

@@ -140,7 +140,11 @@ if($save) {
 		$player->setPosX(0);
 		$player->setPosY(0);
 		$player->setPosZ(0);
-		$player->setStamina($config['otserv_version'] == TFS_03 ? 151200000 : 2520);
+
+		if(fieldExist('stamina', 'players')) {
+			$player->setStamina($char_to_copy->getStamina());
+		}
+
 		if(fieldExist('loss_experience', 'players')) {
 			$player->setLossExperience($char_to_copy->getLossExperience());
 			$player->setLossMana($char_to_copy->getLossMana());

system/pages/admin/players.php

@@ -120,7 +120,11 @@ if($id > 0) {
 		verify_number($experience, 'Experience', 20);
 
 		$vocation = $_POST['vocation'];
-		verify_number($vocation, 'Vocation id', 1);
+		verify_number($vocation, 'Vocation id', 11);
+
+		if(!isset($config['vocations'][$vocation])) {
+			echo_error("Vocation with this id doesn't exist.");
+		}
 
 		// health
 		$health = $_POST['health'];
@@ -357,14 +361,12 @@ $account = $player->getAccount();
 		<td>
 			<select name="vocation">
 <?php
-			$i = 0;
-			foreach($config['vocations'] as $voc)
+			foreach($config['vocations'] as $id => $name)
 			{
-				echo '<option value=' . $i;
-				if($i == $player->getVocation())
+				echo '<option value=' . $id;
+				if($id == $player->getVocation())
 					echo ' selected="selected"';
-				echo '>' . $voc . '</option>';
-				$i++;
+				echo '>' . $name . '</option>';
 			}
 					
 

system/pages/admin/plugins.php

@@ -22,7 +22,7 @@ if(isset($_REQUEST['uninstall'])){
 		success('Successfully uninstalled plugin ' . $uninstall);
 	}
 	else {
-		error('Error while uninstalling plugin ' . $plugin_name . ': ' . Plugins::getError());
+		error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
 	}
 }
 else if(isset($_FILES["plugin"]["name"]))

system/pages/characters.php

@@ -231,7 +231,7 @@ if($player->isLoaded() && !$player->isDeleted())
 	$dead_add_content = '';
 	$deaths = array();
 	if(tableExist('killers')) {
-		$player_deaths = $db->query('SELECT `id`, `date`, `level` FROM `player_deaths` WHERE `player_id` = '.$player->getId().' ORDER BY `date` DESC LIMIT 0,10;');
+		$player_deaths = $db->query('SELECT `id`, `date`, `level` FROM `player_deaths` WHERE `player_id` = '.$player->getId().' ORDER BY `date` DESC LIMIT 0,10;')->fetchAll();
 		if(count($player_deaths))
 		{
 			$number_of_rows = 0;
@@ -289,7 +289,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 		$deaths_db = $db->query('SELECT
 				`player_id`, `time`, `level`, `killed_by`, `is_player`' . $mostdamage . '
 				FROM `player_deaths`
-				WHERE `player_id` = ' . $player->getId() . ' ORDER BY `time` DESC LIMIT 10;');
+				WHERE `player_id` = ' . $player->getId() . ' ORDER BY `time` DESC LIMIT 10;')->fetchAll();
 		
 		if(count($deaths_db))
 		{
@@ -328,13 +328,13 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 		//frags list by Xampy
 		$i = 0;
 		$frags_limit = 10; // frags limit to show? // default: 10
-		$player_frags = $db->query('SELECT `player_deaths`.*, `players`.`name`, `killers`.`unjustified` FROM `player_deaths` LEFT JOIN `killers` ON `killers`.`death_id` = `player_deaths`.`id` LEFT JOIN `player_killers` ON `player_killers`.`kill_id` = `killers`.`id` LEFT JOIN `players` ON `players`.`id` = `player_deaths`.`player_id` WHERE `player_killers`.`player_id` = '.$player->getId().' ORDER BY `date` DESC LIMIT 0,'.$frags_limit.';');
+		$player_frags = $db->query('SELECT `player_deaths`.*, `players`.`name`, `killers`.`unjustified` FROM `player_deaths` LEFT JOIN `killers` ON `killers`.`death_id` = `player_deaths`.`id` LEFT JOIN `player_killers` ON `player_killers`.`kill_id` = `killers`.`id` LEFT JOIN `players` ON `players`.`id` = `player_deaths`.`player_id` WHERE `player_killers`.`player_id` = '.$player->getId().' ORDER BY `date` DESC LIMIT 0,'.$frags_limit.';')->fetchAll();
 		if(count($player_frags))
 		{
 			$row_count = 0;
 			foreach($player_frags as $frag)
 			{
-				$description = 'Fragged <a href="' . getPlayerLink($frag[name], false) . '">' . $frag[name] . '</a> at level ' . $frag[level];
+				$description = 'Fragged <a href="' . getPlayerLink($frag['name'], false) . '">' . $frag['name'] . '</a> at level ' . $frag['level'];
 				$frags[] = array('time' => $frag['date'], 'description' => $description, 'unjustified' => $frag['unjustified'] != 0);
 			}
 		}
@@ -375,7 +375,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 		'sex' => $player_sex,
 		'marriage_enabled' => $config['characters']['marriage_info'] && fieldExist('marriage', 'players'),
 		'marital_status' => $marital_status,
-		'vocation' => $config['vocations'][$player->getVocation()],
+		'vocation' => $player->getVocationName(),
 		'frags_enabled' => $frags_enabled,
 		'frags_count' => $frags_count,
 		'town' => isset($config['towns'][$player->getTownId()]) ? $config['towns'][$player->getTownId()] : null,

system/pages/createaccount.php

@@ -144,9 +144,14 @@ if($save)
 		}
 
 		if($config['account_premium_days'] && $config['account_premium_days'] > 0) {
+			if(fieldExist('premend', 'accounts')) { // othire
+				$new_account->setCustomField('premend', time() + $config['account_premium_days'] * 86400);
+			}
+			else { // rest
 				$new_account->setCustomField('premdays', $config['account_premium_days']);
 				$new_account->setCustomField('lastday', time());
 			}
+		}
 
 		if($config['account_premium_points']) {
 			$new_account->setCustomField('premium_points', $config['account_premium_points']);
@@ -198,28 +203,36 @@ if($save)
 
 				if(_mail($email, 'Your account on ' . $config['lua']['serverName'], $mailBody))
 					echo '<br /><small>These informations were send on email address <b>' . $email . '</b>.';
-				else
+				else {
 					error('An error occorred while sending email (<b>' . $email . '</b>)! Error:<br/>' . $mailer->ErrorInfo . '<br/>More info in system/logs/error.log');
 					log_append('error.log', '[createaccount.php] An error occorred while sending email: ' . $mailer->ErrorInfo . '. Error: ' . print_r(error_get_last(), true));
 				}
 			}
+		}
 
 		return;
 	}
 }
 
-	$country_recognized = null;
-	if($config['account_country_recognize']) {
+$country_recognized = null;
+if($config['account_country_recognize']) {
+	$country_session = getSession('country');
+	if($country_session !== false) { // get from session
+		$country_recognized = $country_session;
+	}
+	else {
 		$info = json_decode(@file_get_contents('http://ipinfo.io/' . $_SERVER['REMOTE_ADDR'] . '/geo'), true);
 		if(isset($info['country'])) {
 			$country_recognized = strtolower($info['country']);
+			setSession('country', $country_recognized);
 		}
 	}
+}
 
-	if(!empty($errors))
+if(!empty($errors))
 	echo $twig->render('error_box.html.twig', array('errors' => $errors));
 
-	if($config['account_country']) {
+if($config['account_country']) {
 	$countries = array();
 	foreach (array('pl', 'se', 'br', 'us', 'gb') as $c)
 		$countries[$c] = $config['countries'][$c];
@@ -227,10 +240,10 @@ if($save)
 	$countries['--'] = '----------';
 	foreach ($config['countries'] as $code => $c)
 		$countries[$code] = $c;
-	}
+}
 
-	echo $twig->render('account.create.js.html.twig');
-	echo $twig->render('account.create.html.twig', array(
+echo $twig->render('account.create.js.html.twig');
+echo $twig->render('account.create.html.twig', array(
 	'account' => isset($_POST['account']) ? $_POST['account'] : '',
 	'email' => isset($_POST['email']) ? $_POST['email'] : '',
 	'countries' => isset($countries) ? $countries : null,
@@ -239,5 +252,5 @@ if($save)
 	'country' => isset($country) ? $country : null,
 	'errors' => $errors,
 	'save' => $save
-	));
+));
 ?>

system/pages/forum.php

@@ -28,7 +28,7 @@ if(!$logged)
 
 require_once(LIBS . 'forum.php');
 
-$canEdit = hasFlag(FLAG_CONTENT_FORUM) || superAdmin();
+$canEdit = Forum::isModerator();
 if($canEdit)
 {
 	$groups = new OTS_Groups_List();
@@ -172,7 +172,7 @@ if(empty($action))
 	return;
 }
 
-
+$errors = array();
 if($action == 'show_board' || $action == 'show_thread')
 {
 	require(PAGES . 'forum/' . $action . '.php');

system/pages/forum/edit_post.php

@@ -18,14 +18,14 @@ if(Forum::canPost($account_logged))
 		return;
 	}
 	
-	$thread = $db->query("SELECT `author_guid`, `author_aid`, `first_post`, `post_topic`, `post_date`, `post_text`, `post_smile`, `id`, `section` FROM `" . TABLE_PREFIX . "forum` WHERE `id` = ".$post_id." LIMIT 1")->fetch();
+	$thread = $db->query("SELECT `author_guid`, `author_aid`, `first_post`, `post_topic`, `post_date`, `post_text`, `post_smile`, `post_html`, `id`, `section` FROM `" . TABLE_PREFIX . "forum` WHERE `id` = ".$post_id." LIMIT 1")->fetch();
 	if(isset($thread['id']))
 	{
 		$first_post = $db->query("SELECT `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`id`, `" . TABLE_PREFIX . "forum`.`section` FROM `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`id` = ".(int) $thread['first_post']." LIMIT 1")->fetch();
 		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread['first_post']) . '">'.$first_post['post_topic'].'</a> >> <b>Edit post</b>';
 		if(Forum::hasAccess($thread['section'] && ($account_logged->getId() == $thread['author_aid'] || Forum::isModerator())))
 		{
-			$char_id = $post_topic = $text = $smile = null;
+			$char_id = $post_topic = $text = $smile = $html = null;
 			$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
 			$saved = false;
 			if(isset($_REQUEST['save']))
@@ -33,9 +33,10 @@ if(Forum::canPost($account_logged))
 				$text = stripslashes(trim($_REQUEST['text']));
 				$char_id = (int) $_REQUEST['char_id'];
 				$post_topic = stripslashes(trim($_REQUEST['topic']));
-				$smile = (int) $_REQUEST['smile'];
+				$smile = isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0;
+				$html = isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0;
 				$lenght = 0;
-				for($i = 0; $i <= strlen($post_topic); $i++)
+				for($i = 0; $i < strlen($post_topic); $i++)
 				{
 					if(ord($post_topic[$i]) >= 33 && ord($post_topic[$i]) <= 126)
 						$lenght++;
@@ -43,12 +44,11 @@ if(Forum::canPost($account_logged))
 				if(($lenght < 1 || strlen($post_topic) > 60) && $thread['id'] == $thread['first_post'])
 					$errors[] = 'Too short or too long topic (short: '.$lenght.' long: '.strlen($post_topic).' letters). Minimum 1 letter, maximum 60 letters.';
 				$lenght = 0;
-				for($i = 0; $i <= strlen($text); $i++)
+				for($i = 0; $i < strlen($text); $i++)
 				{
 					if(ord($text[$i]) >= 33 && ord($text[$i]) <= 126)
 						$lenght++;
 				}
-				
 				if($lenght < 1 || strlen($text) > 15000)
 					$errors[] = 'Too short or too long post (short: '.$lenght.' long: '.strlen($text).' letters). Minimum 1 letter, maximum 15000 letters.';
 				if($char_id == 0)
@@ -56,7 +56,7 @@ if(Forum::canPost($account_logged))
 				if(empty($post_topic) && $thread['id'] == $thread['first_post'])
 					$errors[] = 'Thread topic can\'t be empty.';
 				
-				$player_on_account == false;
+				$player_on_account = false;
 				
 				if(count($errors) == 0)
 				{
@@ -71,7 +71,7 @@ if(Forum::canPost($account_logged))
 					$saved = true;
 					if($account_logged->getId() != $thread['author_aid'])
 						$char_id = $thread['author_guid'];
-					$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `author_guid` = ".(int) $char_id.", `post_text` = ".$db->quote($text).", `post_topic` = ".$db->quote($post_topic).", `post_smile` = ".(int) $smile.", `last_edit_aid` = ".(int) $account_logged->getId().",`edit_date` = ".time()." WHERE `id` = ".(int) $thread['id']);
+					$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `author_guid` = ".(int) $char_id.", `post_text` = ".$db->quote($text).", `post_topic` = ".$db->quote($post_topic).", `post_smile` = ".$smile.", `post_html` = ".$html.", `last_edit_aid` = ".(int) $account_logged->getId().",`edit_date` = ".time()." WHERE `id` = ".(int) $thread['id']);
 					$post_page = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`post_date` <= ".$thread['post_date']." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['first_post'])->fetch();
 					$_page = (int) ceil($post_page['posts_count'] / $config['forum_threads_per_page']) - 1;
 					header('Location: ' . getForumThreadLink($thread['first_post'], $_page));
@@ -83,6 +83,7 @@ if(Forum::canPost($account_logged))
 				$char_id = (int) $thread['author_guid'];
 				$post_topic = $thread['post_topic'];
 				$smile = (int) $thread['post_smile'];
+				$html = (int) $thread['post_html'];
 			}
 			
 			if(!$saved)
@@ -94,9 +95,12 @@ if(Forum::canPost($account_logged))
 					'post_id' => $post_id,
 					'players' => $players_from_account,
 					'player_id' => $char_id,
-					'topic' => htmlspecialchars($post_topic),
-					'text' => htmlspecialchars($text),
-					'smile' => $smile
+					'post_topic' => $canEdit ? $post_topic : htmlspecialchars($post_topic),
+					'post_text' => $canEdit ? $text : htmlspecialchars($text),
+					'post_smile' => $smile > 0,
+					'post_html' => $html > 0,
+					'html' => $html,
+					'canEdit' => $canEdit
 				));
 			}
 		}

system/pages/forum/new_post.php

@@ -27,7 +27,8 @@ if(Forum::canPost($account_logged))
 		$text = isset($_REQUEST['text']) ? stripslashes(trim($_REQUEST['text'])) : NULL;
 		$char_id = (int) (isset($_REQUEST['char_id']) ? $_REQUEST['char_id'] : 0);
 		$post_topic = isset($_REQUEST['topic']) ? stripslashes(trim($_REQUEST['topic'])) : '';
-		$smile = (int) (isset($_REQUEST['smile']) ? $_REQUEST['smile'] : 0);
+		$smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0);
+		$html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0);
 		$saved = false;
 		if(isset($_REQUEST['quote']))
 		{
@@ -72,7 +73,7 @@ if(Forum::canPost($account_logged))
 			if(count($errors) == 0)
 			{
 				$saved = true;
-				Forum::add_post($thread['id'], $thread['section'], $account_logged->getId(), (int) $char_id, $text, $post_topic, (int) $smile, time(), $_SERVER['REMOTE_ADDR']);
+				Forum::add_post($thread['id'], $thread['section'], $account_logged->getId(), (int) $char_id, $text, $post_topic, $smile, $html, time(), $_SERVER['REMOTE_ADDR']);
 				$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `replies`=`replies`+1, `last_post`=".time()." WHERE `id` = ".(int) $thread_id);
 				$post_page = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`post_date` <= ".time()." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['id'])->fetch();
 				$_page = (int) ceil($post_page['posts_count'] / $config['forum_threads_per_page']) - 1;
@@ -86,10 +87,13 @@ if(Forum::canPost($account_logged))
 			if(!empty($errors))
 				echo $twig->render('error_box.html.twig', array('errors' => $errors));
 				
-			$threads = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_smile` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` DESC LIMIT 5")->fetchAll();
-			
+			$threads = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`post_html`, `" . TABLE_PREFIX . "forum`.`author_aid` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` DESC LIMIT 5")->fetchAll();
 			foreach($threads as &$thread) {
-				$thread['post'] = Forum::showPost($thread['post_topic'], $thread['post_text'], $thread['post_smile']);
+				$player_account = new OTS_Account();
+				$player_account->load($thread['author_aid']);
+				if($player_account->isLoaded()) {
+					$thread['post'] = Forum::showPost(($thread['post_html'] > 0 ? $thread['post_topic'] : htmlspecialchars($thread['post_topic'])), ($thread['post_html'] > 0 ? $thread['post_text'] : htmlspecialchars($thread['post_text'])), $thread['post_smile'] == 0, $thread['post_html'] > 0);
+				}
 			}
 			
 			echo $twig->render('forum.new_post.html.twig', array(
@@ -98,9 +102,11 @@ if(Forum::canPost($account_logged))
 				'players' => $players_from_account,
 				'post_topic' => $post_topic,
 				'post_text' => $text,
-				'post_smile' => $smile,
+				'post_smile' => $smile > 0,
+				'post_html' => $html > 0,
 				'topic' => $thread['post_topic'],
-				'threads' => $threads
+				'threads' => $threads,
+				'canEdit' => $canEdit
 			));
 		}
 	}

system/pages/forum/new_thread.php

@@ -24,7 +24,8 @@ if(Forum::canPost($account_logged))
 			$text = isset($_REQUEST['text']) ? stripslashes($_REQUEST['text']) : '';
 			$char_id = (int)(isset($_REQUEST['char_id']) ? $_REQUEST['char_id'] : 0);
 			$post_topic = isset($_REQUEST['topic']) ? stripslashes($_REQUEST['topic']) : '';
-			$smile = (int)(isset($_REQUEST['smile']) ? $_REQUEST['smile'] : 0);
+			$smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0);
+			$html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0);
 			$saved = false;
 			if (isset($_REQUEST['save'])) {
 				$errors = array();
@@ -68,7 +69,7 @@ if(Forum::canPost($account_logged))
 				}
 				if (count($errors) == 0) {
 					$saved = true;
-					$db->query("INSERT INTO `" . TABLE_PREFIX . "forum` (`first_post` ,`last_post` ,`section` ,`replies` ,`views` ,`author_aid` ,`author_guid` ,`post_text` ,`post_topic` ,`post_smile` ,`post_date` ,`last_edit_aid` ,`edit_date`, `post_ip`) VALUES ('0', '" . time() . "', '" . (int)$section_id . "', '0', '0', '" . $account_logged->getId() . "', '" . (int)$char_id . "', " . $db->quote($text) . ", " . $db->quote($post_topic) . ", '" . (int)$smile . "', '" . time() . "', '0', '0', '" . $_SERVER['REMOTE_ADDR'] . "')");
+					$db->query("INSERT INTO `" . TABLE_PREFIX . "forum` (`first_post` ,`last_post` ,`section` ,`replies` ,`views` ,`author_aid` ,`author_guid` ,`post_text` ,`post_topic` ,`post_smile`, `post_html` ,`post_date` ,`last_edit_aid` ,`edit_date`, `post_ip`) VALUES ('0', '" . time() . "', '" . (int)$section_id . "', '0', '0', '" . $account_logged->getId() . "', '" . (int)$char_id . "', " . $db->quote($text) . ", " . $db->quote($post_topic) . ", '" . (int)$smile . "', '" . (int)$html . "', '" . time() . "', '0', '0', '" . $_SERVER['REMOTE_ADDR'] . "')");
 					$thread_id = $db->lastInsertId();
 					$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `first_post`=" . (int)$thread_id . " WHERE `id` = " . (int)$thread_id);
 					header('Location: ' . getForumThreadLink($thread_id));
@@ -85,8 +86,10 @@ if(Forum::canPost($account_logged))
 					'players' => $players_from_account,
 					'post_player_id' => $char_id,
 					'post_thread' => $post_topic,
-					'text' => $text,
-					'smiles_enabled' => $smile > 0
+					'post_text' => $text,
+					'post_smile' => $smile > 0,
+					'post_html' => $html > 0,
+					'canEdit' => $canEdit
 				));
 			}
 		}

system/pages/forum/show_thread.php

@@ -33,7 +33,7 @@ for($i = 0; $i < $posts_count['posts_count'] / $config['forum_threads_per_page']
 	else
 		$links_to_pages .= '<b>'.($i + 1).' </b>';
 }
-$threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `players`.`account_id`, `players`.`vocation`" . (fieldExist('promotion', 'players') ? ", `players`.`promotion`" : "") . ", `players`.`level`, `" . TABLE_PREFIX . "forum`.`id`,`" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`section`,`" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_date`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`last_edit_aid`, `" . TABLE_PREFIX . "forum`.`edit_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` LIMIT ".$config['forum_posts_per_page']." OFFSET ".($_page * $config['forum_posts_per_page']))->fetchAll();
+$threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `players`.`account_id`, `players`.`vocation`" . (fieldExist('promotion', 'players') ? ", `players`.`promotion`" : "") . ", `players`.`level`, `" . TABLE_PREFIX . "forum`.`id`,`" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`section`,`" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_date`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`post_html`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`last_edit_aid`, `" . TABLE_PREFIX . "forum`.`edit_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` LIMIT ".$config['forum_posts_per_page']." OFFSET ".($_page * $config['forum_posts_per_page']))->fetchAll();
 if(isset($threads[0]['name']))
 	$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `views`=`views`+1 WHERE `id` = ".(int) $thread_id);
 echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($threads[0]['section']) . '">'.$sections[$threads[0]['section']]['name'].'</a> >> <b>'.$thread_name['post_topic'].'</b>';
@@ -47,7 +47,7 @@ foreach($threads as $thread)
 		die();
 	}
 	
-	echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td valign="top">' . getPlayerLink($thread['name']) . '<br /><br /><font size="1">Profession: '.$config['vocations'][$player->getVocation()].'<br />Level: '.$thread['level'].'<br />';
+	echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td valign="top">' . getPlayerLink($thread['name']) . '<br /><br /><font size="1">Profession: '.$player->getVocationName().'<br />Level: '.$thread['level'].'<br />';
 
 	$rank = $player->getRank();
 	if($rank->isLoaded())
@@ -56,11 +56,9 @@ foreach($threads as $thread)
 		if($guild->isLoaded())
 			echo $rank->getName().' of <a href="'.getGuildLink($guild->getName(), false).'">'.$guild->getName().'</a><br />';
 	}
-	$player_account = $player->getAccount();
-	$canEditForum = $player_account->hasFlag(FLAG_CONTENT_FORUM) || $player_account->isAdmin();
 
 	$posts = $db->query("SELECT COUNT(`id`) AS 'posts' FROM `" . TABLE_PREFIX . "forum` WHERE `author_aid`=".(int) $thread['account_id'])->fetch();
-	echo '<br />Posts: '.(int) $posts['posts'].'<br /></font></td><td valign="top">'.Forum::showPost(($canEditForum ? $thread['post_topic'] : htmlspecialchars($thread['post_topic'])), ($canEditForum ? $thread['post_text'] : htmlspecialchars($thread['post_text'])), $thread['post_smile']).'</td></tr>
+	echo '<br />Posts: '.(int) $posts['posts'].'<br /></font></td><td valign="top">'.Forum::showPost(($thread['post_html'] > 0 ? $thread['post_topic'] : htmlspecialchars($thread['post_topic'])), ($thread['post_html'] > 0 ? $thread['post_text'] : htmlspecialchars($thread['post_text'])), $thread['post_smile'] == 0, $thread['post_html'] > 0).'</td></tr>
 		<tr bgcolor="'.getStyle($number_of_rows++).'"><td><font size="1">'.date('d.m.y H:i:s', $thread['post_date']);
 	if($thread['edit_date'] > 0)
 	{

system/pages/guilds/leave_guild.php

@@ -94,7 +94,7 @@ else
 {
 	if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
 		$player->setRank();
-		$twig->render('success.html.twig', array(
+		echo $twig->render('success.html.twig', array(
 			'title' => 'Leave guild',
 			'description' => 'Player with name <b>'.$player->getName().'</b> leaved guild <b>'.$guild->getName().'</b>.',
 			'custom_buttons' => $twig->render('guilds.back_button.html.twig', array(

system/pages/guilds/show.php

@@ -10,6 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
+$title = 'Guilds';
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 if(!Validator::guildName($guild_name))
 	$errors[] = Validator::getLastError();
@@ -41,6 +42,7 @@ else
 	$players_from_account_in_guild = array();
 	if($logged)
 	{
+		$players_from_account_ids = array();
 		$account_players = $account_logged->getPlayers();
 		foreach($account_players as $player)
 		{

system/pages/highscores.php

@@ -22,11 +22,17 @@ $add_sql = '';
 $config_vocations = $config['vocations'];
 if($config['highscores_vocation_box'] && isset($vocation))
 {
-	for($i = 1; $i < count($config_vocations) / 2; $i++)
-	{
-		if(strtolower($config_vocations[$i]) == $vocation)
-		{
-			$add_sql = 'AND ' . $db->fieldName('vocation') . ' = ' . $db->quote($i);
+	foreach($config['vocations'] as $id => $name) {
+		if(strtolower($name) == $vocation) {
+			$add_vocs = array($id);
+	
+			$i = $id + $config['vocations_amount'];
+			while(isset($config['vocations'][$i])) {
+				$add_vocs[] = $i;
+				$i += $config['vocations_amount'];
+			}
+	
+			$add_sql = 'AND `vocation` IN (' . implode(', ', $add_vocs) . ')';
 			break;
 		}
 	}
@@ -178,6 +184,7 @@ $i = 0;
 $online_exist = false;
 if(fieldExist('online', 'players'))
 	$online_exist = true;
+
 foreach($skills as $player)
 {
 	if(!$online_exist) {
@@ -211,7 +218,11 @@ echo '
 							$player['vocation'] += ($player['promotion'] * $config['vocations_amount']);
 					}
 
-					echo '<br/><small>' . $config['vocations'][$player['vocation']] . '</small>';
+					$tmp = 'Unknown';
+					if(isset($config['vocations'][$player['vocation']])) {
+						$tmp = $config['vocations'][$player['vocation']];
+					}
+					echo '<br/><small>' . $tmp . '</small>';
 				}
 echo '
 			</td>
@@ -228,8 +239,10 @@ echo '
 		$show_link_to_next_page = true;
 }
 
-if(!$i)
-	echo '<tr bgcolor="' . $config['darkborder'] . '"><td colspan="' . ($skill == POT::SKILL__LEVEL ? 5 : 4) . '">No records yet.</td></tr>';
+if(!$i) {
+	$extra = ($config['highscores_outfit'] ? 1 : 0);
+	echo '<tr bgcolor="' . $config['darkborder'] . '"><td colspan="' . ($skill == POT::SKILL__LEVEL ? 5 + $extra : 4 + $extra) . '">No records yet.</td></tr>';
+}
 
 ?>
 </table>

system/pages/news.php

@@ -387,7 +387,7 @@ class News
 		if(!self::verify($title, $body, $article_text, $article_image, $errors))
 			return false;
 
-		$db->insert(TABLE_PREFIX . 'news', array('title' => $title, 'body' => $body, 'type' => $type, 'date' => time(), 'category' => $category, 'player_id' => isset($player_id) ? $player_id : 0, 'comments' => $comments, 'article_text' => $article_text, 'article_image' => $article_image));
+		$db->insert(TABLE_PREFIX . 'news', array('title' => $title, 'body' => $body, 'type' => $type, 'date' => time(), 'category' => $category, 'player_id' => isset($player_id) ? $player_id : 0, 'comments' => $comments, 'article_text' => ($type == 3 ? $article_text : ''), 'article_image' => ($type == 3 ? $article_image : '')));
 		return true;
 	}
 

system/status.php

@@ -75,8 +75,13 @@ if(isset($config['lua']['statustimeout']))
 // get status timeout from server config
 $status_timeout = eval('return ' . $config['lua']['statusTimeout'] . ';') / 1000 + 1;
 
-if($status['lastCheck'] + $status_timeout < time())
-{
+if($status['lastCheck'] + $status_timeout < time()) {
+	updateStatus();
+}
+
+function updateStatus() {
+	global $db, $cache, $config, $status, $status_ip, $status_port;
+	
 	// get server status and save it to database
 	$serverInfo = new OTS_ServerInfo($status_ip, $status_port);
 	$serverStatus = $serverInfo->status();
@@ -98,9 +103,14 @@ if($status['lastCheck'] + $status_timeout < time())
 		if($config['online_afk'])
 		{
 			// get amount of players that are currently logged in-game, including disconnected clients (exited)
-			$query = $db->query('SELECT COUNT(' . $db->fieldName('id') . ') AS playersTotal FROM ' . $db->tableName('players') .
-				' WHERE ' . $db->fieldName('online') . ' > 0');
+			if(tableExist('players_online')) { // tfs 1.x
+				$query = $db->query('SELECT COUNT(`player_id`) AS `playersTotal` FROM `players_online`;');
+			}
+			else {
+				$query = $db->query('SELECT COUNT(`id`) AS `playersTotal` FROM `players` WHERE `online` > 0');
+			}
 			
+			$status['playersTotal'] = 0;
 			if($query->rowCount() > 0)
 			{
 				$query = $query->fetch();
@@ -133,4 +143,3 @@ if($status['lastCheck'] + $status_timeout < time())
 		updateDatabaseConfig('status_' . $key, $value);
 	}
 }
-?>

system/template.php

@@ -15,42 +15,38 @@ if($config['template_allow_change'])
 {
 	if(isset($_GET['template']))
 	{
-		$template_name = $_GET['template'];
 		if(!preg_match("/[^A-z0-9_\-]/", $template_name)) { // validate template
 			//setcookie('template', $template_name, 0, BASE_DIR . '/', $_SERVER["SERVER_NAME"]);
+			$template_name = $_GET['template'];
 			setSession('template', $template_name);
 			header('Location:' . getSession('last_uri'));
 		}
-		else
-			$template_name = $config['template'];
 	}
 	else {
 		$template_session = getSession('template');
 		if ($template_session !== false) {
 			if (!preg_match("/[^A-z0-9_\-]/", $template_session)) {
 				$template_name = $template_session;
-			} else {
-				$template_name = $config['template'];
 			}
 		}
 	}
 }
 $template_path = 'templates/' . $template_name;
 
-if(!file_exists($template_path . '/index.php') &&
-	!file_exists($template_path . '/template.php') &&
-	!file_exists($template_path . '/layout.php'))
+if(!file_exists(BASE . $template_path . '/index.php') &&
+	!file_exists(BASE . $template_path . '/template.php') &&
+	!file_exists(BASE . $template_path . '/layout.php'))
 {
 	$template_name = 'kathrine';
-	$template_path = TEMPLATES . $template_name;
+	$template_path = 'templates/' . $template_name;
 }
 
-$file = $template_path . '/config.ini';
+$file = BASE . $template_path . '/config.ini';
 $exists = file_exists($file);
-if($exists || ($config['backward_support'] && file_exists($template_path . '/layout_config.ini')))
+if($exists || ($config['backward_support'] && file_exists(BASE . $template_path . '/layout_config.ini')))
 {
 	if(!$exists)
-		$file = $template_path . '/layout_config.ini';
+		$file = BASE . $template_path . '/layout_config.ini';
 
 	if($cache->enabled())
 	{
@@ -69,8 +65,8 @@ if($exists || ($config['backward_support'] && file_exists($template_path . '/lay
 	foreach($template_ini as $key => $value)
 		$config[$key] = $value;
 }
-else if(file_exists($template_path . '/config.php'))
-	require($template_path . '/config.php');
+else if(file_exists(BASE . $template_path . '/config.php'))
+	require(BASE . $template_path . '/config.php');
 
 $template = array();
 $template['link_account_manage'] = getLink('account/manage');

system/templates/account.management.html.twig

@@ -51,7 +51,17 @@
 	<div id="two">
 		<h1>My account</h1>
 		<p>Welcome to your account page, {{ account }}<br>
-			You have {{ account_logged.getPremDays() }} days remaining premium account.</p>
+			{% if config.lua.freePremium %}
+			You have unlimited Premium Account.
+			{% else %}
+				{% set premiumDays = account_logged.getPremDays() %}
+				{% if premiumDays == 0 %}
+				You don't have Premium Account
+				{% else %}
+				You have {{ premiumDays }} days remaining Premium Account.
+				{% endif %}
+			{% endif %}
+		</p>
 
 		{# if account dont have recovery key show hint #}
 		{% if recovery_key is empty %}
@@ -150,7 +160,7 @@
 			{% for player in players %}
 				{% set i = i + 1 %}
 				<tr bgcolor="{{ getStyle(i) }}">
-					<td><a href="{{ getLink('characters/' ~ player.getName()|urlencode) }}">{{ player.getName() }}</a></td><td>{{ player.getLevel() }}</td><td>{{ config.vocations[player.getVocation()] }}</td><td>{{ config.towns[player.getTownId()] }}</td><td>{% if player.getLastLogin() > 0 %}{{ player.getLastLogin|date('d F Y (H:i)') }}{% else %}Never.{% endif %}</td><td>{%  if player.isOnline() %}<font color="green">ONLINE</font>{% else %}<font color="red">Offline</font>{% endif %}</td><td>{% if player.isHidden() %}Hidden{% else %}Visible{% endif %}</td><td>[<a href="{{ getLink('account/character/comment/' ~ player.getName|urlencode) }}" >Edit</a>]</td>
+					<td><a href="{{ getLink('characters/' ~ player.getName()|urlencode) }}">{{ player.getName() }}</a></td><td>{{ player.getLevel() }}</td><td>{{ player.getVocationName() }}</td><td>{{ config.towns[player.getTownId()] }}</td><td>{% if player.getLastLogin() > 0 %}{{ player.getLastLogin|date('d F Y (H:i)') }}{% else %}Never.{% endif %}</td><td>{%  if player.isOnline() %}<font color="green">ONLINE</font>{% else %}<font color="red">Offline</font>{% endif %}</td><td>{% if player.isHidden() %}Hidden{% else %}Visible{% endif %}</td><td>[<a href="{{ getLink('account/character/comment/' ~ player.getName|urlencode) }}" >Edit</a>]</td>
 				</tr>
 			{% endfor %}
 		</table>

system/templates/admin.mailer.html.twig

@@ -3,8 +3,8 @@
 	tinymce.init({
 		selector : "textarea",
 		theme : "modern",
-        plugins: 'print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help code',
-        toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
+        plugins: 'print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help code emoticons',
+        toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | emoticons link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
 		image_advtab: true,
 		relative_urls : false,
 		remove_script_host : false,

system/templates/admin.pages.form.html.twig

@@ -74,8 +74,8 @@
 			tinymce.init({
 				selector : "#body",
 				theme : "modern",
-				plugins: 'code print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help',
-				toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
+				plugins: 'code print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help emoticons',
+				toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | emoticons link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
 				image_advtab: true,
 				relative_urls : false,
 				remove_script_host : false,

system/templates/changelog.html.twig

@@ -23,7 +23,7 @@
 		{% endfor %}
 	{% else %}
 	<tr>
-		<td bgcolor="{{ config.lightborder }}">There are no change logs for the moment.</td>
+		<td colspan="4" bgcolor="{{ config.darkborder }}">There are no changelogs for the moment.</td>
 	</tr>
 	{% endif %}
 	

system/templates/characters.html.twig

@@ -256,10 +256,11 @@
 			</tr>
 			{% set i = 0 %}
 			{% for frag in frags %}
-			<tr bgcolor="'{{ getStyle(i) }}">
+			<tr bgcolor="{{ getStyle(i) }}">
 				<td width="20%" align="center">{{ frag.time|date("j M Y, H:i") }}</td>
 				<td>{{ frag.description|raw }}({% if frag.unjustified %}<font size="1" color="red">Unjustified</font>{% else %}<font size="1" color="green">Justified</font>{% endif %})</td>
 			</tr>
+			{% set i = i + 1 %}
 			{% endfor %}
 		</table>
 		<!-- FRAGS_END -->
@@ -380,12 +381,8 @@
 				<td>
 					<nobr>{{ i }}.&#160;{{ player.getName() }}{% if player.isDeleted() %}<font color="red"> [DELETED]</font>{% endif %}</nobr>
 				</td>
-				{% set vocation = 'Unknown' %}
-				{% if config.vocations[player.getVocation()] is defined %}
-					{% set vocation = config.vocations[player.getVocation()] %}
-				{% endif %}
 
-				<td>{{ player.getLevel() }} {{ vocation }}</td>
+				<td>{{ player.getLevel() }} {{ player.getVocationName() }}</td>
 				<td>{% if player.isOnline() %}<b><font color="green">Online</font></b>{% endif %}</td>
 				<td>
 					<table border="0" cellspacing="0" cellpadding="0">

system/templates/faq.html.twig

@@ -17,9 +17,9 @@
 		{% set i = i + 1 %}
 	<tr bgcolor="{{ getStyle(i) }}">
 		<td colspan="2" style="cursor: pointer;" onclick="toggleVisibility('faq_{{ i }}'); return false;">
-			<b>{{ faq.question }}</b>
+			<b>{{ faq.question|raw }}</b>
 
-			<div id="faq_{{ i }}" style="display: none;">{{ faq.answer }}</div>
+			<div id="faq_{{ i }}" style="display: none;">{{ faq.answer|raw }}</div>
 		</td>
 		{% if canEdit %}
 			<td>

system/templates/forum.edit_post.html.twig

@@ -22,21 +22,27 @@
 		</tr>
 		<tr bgcolor="{{ config.lightborder }}">
 			<td><b>Topic:</b></td>
-			<td><input type="text" value="{{ topic|raw }}" name="topic" size="40" maxlength="60" /> (Optional)</td>
+			<td><input type="text" value="{{ post_topic|raw }}" name="topic" size="40" maxlength="60" /> (Optional)</td>
 		</tr>
 		<tr bgcolor="{{ config.darkborder }}">
 			<td valign="top"><b>Message:</b><font size="1"><br/>You can use:<br/>[player]Nick[/player]<br />[url]http://address.com/[/url]<br />[img]http://images.com/images3.gif[/img]<br />[code]Code[/code]<br />[b]<b>Text</b>[/b]<br />[i]<i>Text</i>[/i]<br/>[u]<u>Text</u>[/u]<br />and smileys:<br />;) , :) , :D , :( , :rolleyes:<br />:cool: , :eek: , :o , :p</font>
 			</td>
 			<td>
-				<textarea rows="10" cols="60" name="text">{{ text|raw }}</textarea><br />(Max. 15,000 letters)
+				<textarea rows="10" cols="60" name="text">{{ post_text|raw }}</textarea><br />(Max. 15,000 letters)
 			</td>
 		</tr>
 		<tr bgcolor="{{ config.lightborder }}">
 			<td valign="top">Options:</td>
 			<td>
 				<label>
-					<input type="checkbox" name="smile" value="1"{% if smile == 1 %} checked="checked"{% endif %}/>Disable Smileys in This Post
+					<input type="checkbox" name="smile" value="1"{% if post_smile %} checked="checked"{% endif %}/>Disable Smileys in This Post
 				</label>
+				{% if canEdit %}
+					<br/>
+					<label>
+						<input type="checkbox" name="html" value="1"{% if post_html %} checked="checked"{% endif %}/>Enable HTML in this post (moderator only)
+					</label>
+				{% endif %}
 			</td>
 		</tr>
 	</table>

system/templates/forum.new_post.html.twig

@@ -28,7 +28,17 @@
 		</tr>
 		<tr bgcolor="{{ config.lightborder }}">
 			<td valign="top">Options:</td>
-			<td><label><input type="checkbox" name="smile" value="1"{% if post_smile == 1 %} checked="checked"{% endif %}/>Disable Smileys in This Post </label></td>
+			<td>
+				<label>
+					<input type="checkbox" name="smile" value="1"{% if post_smile %} checked="checked"{% endif %}/>Disable Smileys in This Post
+				</label>
+				{% if canEdit %}
+					<br/>
+					<label>
+						<input type="checkbox" name="html" value="1"{% if post_html %} checked="checked"{% endif %}/>Enable HTML in this post (moderator only)
+					</label>
+				{% endif %}
+			</td>
 		</tr>
 	</table>
 	<center>

system/templates/forum.new_thread.html.twig

@@ -25,11 +25,21 @@
 		</tr>
 		<tr bgcolor="{{ config.darkborder }}">
 			<td valign="top"><b>Message:</b><font size="1"><br />You can use:<br />[player]Nick[/player]<br />[url]http://address.com/[/url]<br />[img]http://images.com/images3.gif[/img]<br />[code]Code[/code]<br />[b]<b>Text</b>[/b]<br />[i]<i>Text</i>[/i]<br />[u]<u>Text</u>[/u]<br />and smileys:<br />;) , :) , :D , :( , :rolleyes:<br />:cool: , :eek: , :o , :p</font></td>
-			<td><textarea rows="10" cols="60" name="text">{{ text|escape }}</textarea><br />(Max. 15,000 letters)</td>
+			<td><textarea rows="10" cols="60" name="text">{{ post_text|escape }}</textarea><br />(Max. 15,000 letters)</td>
 		</tr>
 		<tr bgcolor="{{ config.lightborder }}">
 			<td valign="top">Options:</td>
-			<td><label><input type="checkbox" name="smile" value="1"{% if smiles_enabled %} checked="checked"{% endif %}/>Disable Smileys in This Post </label></td>
+			<td>
+				<label>
+					<input type="checkbox" name="smile" value="1"{% if post_smile %} checked="checked"{% endif %}/>Disable Smileys in This Post
+				</label>
+				{% if canEdit %}
+				<br/>
+				<label>
+					<input type="checkbox" name="html" value="1"{% if post_html %} checked="checked"{% endif %}/>Enable HTML in this post (moderator only)
+				</label>
+			{% endif %}
+			</td>
 		</tr>
 	</table>
 	<center>

system/templates/news.add.html.twig

@@ -1,17 +1,7 @@
-<script type="text/javascript" src="{{ constant('BASE_URL') }}tools/tinymce/tinymce.min.js"></script>
-<script type="text/javascript">
-	tinymce.init({
-		selector : "#body",
-		theme : "modern",
-		plugins: 'print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help code',
-		toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
-		image_advtab: true
-	});
-</script>
 {% if action != 'edit' %}
 <a id="news-button" href="#">Add news</a>
 {% endif %}
-<form method="post" action="{{ news_link_form }}">
+<form method="post" action="{{ news_link_form }}" id="news-edit-form">
 	{% if action == 'edit' %}
 	<input type="hidden" name="id" value="{{ news_id }}" />
 	{% endif %}
@@ -47,7 +37,7 @@
 		</tr>
 
 		{% set rows = rows + 1 %}
-		<tr id="article-text" bgcolor="{{ getStyle(rows) }}"{% if article_text is empty %} style="display: none;"{% endif %}>
+		<tr id="article-text" bgcolor="{{ getStyle(rows) }}"{% if type is not defined or type != constant('ARTICLE') %} style="display: none;"{% endif %}>
 			<td><b>Article short text:<br/>This will be displayed on news page.<br/>Rest will be available on "read more" page.</b></td>
 			<td>
 				<textarea name="article_text">{% if article_text is not empty %}{{ article_text }}{% endif %}</textarea>
@@ -55,7 +45,7 @@
 		</tr>
 
 		{% set rows = rows + 1 %}
-		<tr id="article-image" bgcolor="{{ getStyle(rows) }}"{% if article_image is empty %} style="display: none;"{% endif %}>
+		<tr id="article-image" bgcolor="{{ getStyle(rows) }}"{% if type is not defined or type != constant('ARTICLE') %} style="display: none;"{% endif %}>
 			<td><b>Article image:</b></td>
 			<td>
 				<input type="text" name="article_image" value="{% if article_image is not empty %}{{ article_image }}{% else %}images/news/announcement.jpg{% endif %}" />
@@ -121,7 +111,7 @@
 				<input type="submit" value="Submit"/>
 			</td>
 			<td align="left">
-				<input type="button" onclick="window.location = '{{ news_link }}';" value="Cancel"/>
+				<input id="cancel" type="button" value="Cancel"/>
 			</td>
 		</tr>
 	</table>
@@ -151,3 +141,48 @@
 	});
 </script>
 {% endif %}
+<script type="text/javascript" src="{{ constant('BASE_URL') }}tools/tinymce/tinymce.min.js"></script>
+<script type="text/javascript">
+	var unsaved = false;
+	var lastContent = '';
+
+	tinymce.init({
+		selector : "#body",
+		theme : "modern",
+		plugins: 'print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help code emoticons',
+		toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | emoticons link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
+		image_advtab: true,
+		setup: function(ed){
+			ed.on('NodeChange', function(e) {
+				if(ed.getContent() != lastContent) {
+					unsaved = true;
+				}
+			});
+		}
+	});
+
+	$(document).ready(function() {
+		$(":input").change(function(){ //trigers change in all input fields including text type
+			unsaved = true;
+		});
+		
+		$("#cancel").click(function( event ) {
+			unsaved = false;
+			window.location = '{{ news_link }}';
+		});
+
+		$("#news-edit-form").submit(function( event ) {
+			unsaved = false;
+		});
+
+		lastContent = $("#body").val();
+	});
+	
+	function unloadPage(){ 
+		if(unsaved){
+			return "You have unsaved changes on this page. Do you want to leave this page and discard your changes or stay on this page?";
+		}
+	}
+
+	window.onbeforeunload = unloadPage;
+</script>

system/templates/online.html.twig

@@ -101,7 +101,7 @@
 			<td>{{ player.country_image|raw }}</td>
 		{% endif %}
 		{% if config.online_outfit %}
-			<td width="5%"><img style="position:absolute;margin-top:{% if player.looktype in  [75, 266, 302] %}-20px;margin-left:-0px;{% else %}-45px;margin-left:-25px;{%  endif %}" src="{{ player.outfit }}" alt="player outfit"/></td>
+			<td width="5%"><img style="position:absolute;margin-top:{% if player.player.looktype in [75, 266, 302] %}-20px;margin-left:-0px;{% else %}-45px;margin-left:-25px;{%  endif %}" src="{{ player.outfit }}" alt="player outfit"/></td>
 		{% endif %}
 			<td>{{ player.name|raw }}{{ player.skull }}</td>
 			<td>{{ player.level }}</td>

templates/kathrine/style.css

@@ -3,7 +3,7 @@
 
 body
 {
-	background: #a7a597 url('images/background.png') no-repeat top left;
+	background: #a7a597 url('images/background.jpg') no-repeat top left;
 	margin: 0px;
 	padding: 0px;
 	font-family: Verdana, Arial, Helvetica, sans-serif;

templates/tibiacom/boxes/highscores.php

@@ -26,12 +26,17 @@
 
   #Topbar a {
   text-decoration: none;
-  cursor: auto;
+  }
+  .online {
+	  color: #008000;
+  }
+  
+  .offline {
+	  color: #FF0000;
   }
   a.topfont {
 	font-family: Verdana, Arial, Helvetica; 
     font-size: 11px; 
-        color: #FF0000;
     text-decoration: none
   }
   a:hover.topfont {
@@ -47,7 +52,7 @@
     <?php
     
     foreach(getTopPlayers(5) as $player) {
-	    echo '<div align="left"><a href="'.getPlayerLink($player['name'], false).'" class="topfont">
+	    echo '<div align="left"><a href="'.getPlayerLink($player['name'], false).'" class="topfont ' . ($player['online'] == 1 ? 'online' : 'offline') . '">
         <font color="#CCC">&nbsp;&nbsp;&nbsp;&nbsp;'.$player['rank'].' - </font>'.$player['name'].'
         <br>
         <small><font color="white">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Level: ('.$player['level'].')</font></small>

templates/tibiacom/config.php

@@ -10,7 +10,7 @@ $config['boxes'] = "highscores,newcomer,gallery,networks,poll";
 $config['network_facebook'] = 'tibia'; // leave empty to disable
 $config['network_twitter'] = 'tibia'; // leave empty to disable
 
-$config['background_image'] = "background-artwork-860.jpg";
+$config['background_image'] = "background-artwork.jpg";
 $config['logo_image'] = "tibia-logo-artwork-top.gif";
 $config['gallery_image'] = 1;
 $config['menu_categories'] = array(