Update to 0.8.6

This reverts commit ef2a408298.

.gitattributes

@@ -8,3 +8,4 @@ _config.yml export-ignore
 release.sh export-ignore
 
 *.sh text eol=lf
+VERSION text eol=lf

.gitignore

@@ -3,6 +3,10 @@ Thumbs.db
 .idea
 tmp
 
+# composer
+composer.lock
+vendor
+
 releases
 config.local.php
 PERSONAL_NOTES
@@ -27,6 +31,10 @@ system/cache/*
 system/logs/*
 !system/logs/index.html
 
+# data
+system/data/*
+!system/data/index.html
+
 # plugins
 plugins/*
 !plugins/.htaccess
@@ -34,6 +42,7 @@ plugins/*
 !plugins/account-create-hint.json
 !plugins/account-create-hint
 landing
+/login.php
 
 # others/rest
 system/pages/downloads.php

.travis.yml

@@ -7,13 +7,14 @@ php:
   - 7.2
   - 7.3
   - 7.4
+  - 8.0
 
 cache:
   directories:
     - $HOME/.composer/cache
 
 before_script:
-  - composer require jakub-onderka/php-parallel-lint --no-suggest --no-progress --no-interaction --no-ansi --quiet --optimize-autoloader
+  - composer require php-parallel-lint/php-parallel-lint --no-suggest --no-progress --no-interaction --no-ansi --quiet --optimize-autoloader
 
 script:
-  - php vendor/bin/parallel-lint --no-progress --no-colors --exclude vendor . 
+  - php vendor/bin/parallel-lint --no-progress --no-colors --exclude vendor --exclude "system/libs/pot/OTS_DB_PDOQuery_PHP71.php" .

CHANGELOG.md

@@ -1,19 +1,109 @@
 # Changelog
 
-## [0.8.2 - x.x.2020]
+## [0.8.6 - 10.07.2021]
+This update contains very important security fix.
+
+Please update your MyAAC instances to this version.
+
+## [0.8.5 - 08.06.2021]
+
+### Changed
+* bcmath module is not required anymore
+* Gratis premium account fixes (#156, by @czbadaro)
+* Update 404 response (#163, by @anyeor)
+
+### Fixed
+* compatibility with PHP 7.0 and lower
+* deleting ranks in guilds (#158, by @Misztrz)
+* guild back buttons (change logo & motd)
+* forum table style (boards & thread view)
+* guild list description new lines `<br>` being ignored (Thanks @anyeor for reporting)
+
+
+## [0.8.4 - 18.02.2021]
 
 ### Added
+* support for accounts.premium_ends_at (Latest TFS 1.x)
+* more clients to clients.conf.php
+
+### Changed
+* minimum PHP 5.6 is now required
+* password can now contain any characters
+* add SSL on external image requests of items and outfits (@fernandomatos)
+* Use local storage for saving menu items (tibiacom template) - fixes bug with some websites like wykop.pl (browser freeze)
+* increase size of myaac_visitors.page column to 2048 (Thanks to OtLand user kaleuui)
+
+### Fixed
+* compatibility with PHP 8.0 (latest XAMPP)
+* displaying PHP errors on env = "prod"
+* the Guildnick not showing in the guild pages (@leesneaks)
+* you cannot delete character more than twice (Thanks Okke)
+* ignore arrays in config.lua (fixes experienceStages loading)
+* parsing empty strings in config.lua (with comments)
+* headling.php cannot find font
+
+## [0.8.3 - 27.10.2020]
+
+### Added
+* pdo_mysql as required extension
+* some notice about Email validation in create account
+
+### Changed
+* Move register DATABASE_VERSION into schema.sql
+    * Caused migrations being fired when user manually imported database
+
+### Fixed
+* creating very uncommon (bugged) account names
+* XSS in character search
+* Admin menu news editing warning when leaving page without touching the inputs
+* Guild Invite not working on otservbr-global
+* two boxes being show on email_change_cancel
+* when adding poll = template tibiacom broken
+* houses: Unknown column 'guild' in 'where clause (https://github.com/slawkens/myaac/issues/131)
+* account create when account_mail_verify is enabled
+* CloudFlare IP detection
+* network_twitter link in tibiacom template
+
+## [0.8.2 - 03.06.2020]
+
+### Added
+* Log query time in database_log (can be used for benchmarking)
+* new PHP constant: IS_CLI
 * $_SERVER['REQUEST_URI'] to database.log
+* outfit to highscores box in tibiacom template
+* system/data to .gitignore
+* error_reporting in admin panel (when in dev mode), so it shows php notices and warnings
+* example quests in config.php
 
 ### Changed
 * account_login input type from password to text
 
 ### Fixed
-* Updating template menus on template change
+* Guild Invite not working on otservbr-global (#123)
+* news not updating after adding in admin panel
+* wrong mana of character samples (#125)
+* missing rules page on clean install
+* double space character name creation (@Lee, #121)
+* creatures page: Max count and chance not shown on hovered items
+* exception being thrown when characters.frags enabled on TFS 1.x
+* TFS 0.4 guilds creation (Where guilds.checkdata and motd doesn't have default value)
+* ERR_TOO_MANY_REDIRECTS browser error on template change
+* updating template menus on template change
 * Account change info when config.account_country is disabled
+* cancel change email request
+* config.character_name_min/max_length being ignored in change_name.php
+* some rare bugs when database is no up-to-date and someone enters admin panel
+* extra line that is added when using a newer version than official release (@Lee)
+* admin links in featured article
+* some PHP Notice when HTTP_HOST is not set (Can happen on some old versions of HTTP protocol)
 * Show character indicator in check_name.js
-* Houses list View button
-* Fix OTS_House houseid parameter
+* Houses list View button was wrong (was from bootstrap)
+* OTS_House __construct - not loading by houseid parameter
+* message() function when executed in CLI
+
+### Removed
+* unused myaac_commands table from schema
+* MyISAM engine from migration scripts (#128)
 
 ## [0.8.1 - 10.03.2020]
 

README.md

@@ -1,11 +1,19 @@
-# myaac
+# MyAAC
+
+[![Build Status Master](https://img.shields.io/travis/slawkens/myaac/master)](https://travis-ci.org/github/slawkens/myaac)
+[![License: GPL-3.0](https://img.shields.io/github/license/slawkens/myaac)](https://opensource.org/licenses/gpl-license)
+[![Downloads Count](https://img.shields.io/github/downloads/slawkens/myaac/total)](https://github.com/slawkens/myaac/releases)
+[![PHP Versions](https://img.shields.io/travis/php-v/slawkens/myaac/master)](https://github.com/slawkens/myaac/blob/d8b3b4135827ee17e3c6d41f08a925e718c587ed/.travis.yml#L3)
+[![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
+[![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
+
 MyAAC is a free and open-source Automatic Account Creator (AAC) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
 
 Official website: https://my-aac.org
 
 ### REQUIREMENTS
 
-	- PHP 5.5 or later
+	- PHP 5.6 or later
 	- MySQL database
 	- PDO PHP Extension
 	- XML PHP Extension

VERSION

@@ -1 +1 @@
-0.8.2-dev
+0.8.6

admin/index.php

@@ -27,6 +27,12 @@ define('PAGE', $page);
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
 
+if(config('env') === 'dev') {
+	ini_set('display_errors', 1);
+	ini_set('display_startup_errors', 1);
+	error_reporting(E_ALL);
+}
+
 // event system
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
@@ -34,6 +40,7 @@ $hooks->load();
 
 require SYSTEM . 'status.php';
 require SYSTEM . 'login.php';
+require SYSTEM . 'migrate.php';
 require ADMIN . 'includes/functions.php';
 
 $twig->addGlobal('config', $config);
@@ -45,7 +52,7 @@ if(!$logged || !admin()) {
 }
 
 // include our page
-$file = SYSTEM . 'pages/admin/' . $page . '.php';
+$file = ADMIN . 'pages/' . $page . '.php';
 if(!@file_exists($file)) {
 	$page = '404';
 	$file = SYSTEM . 'pages/404.php';

admin/pages/accounts.php

@@ -182,7 +182,7 @@ if ($id > 0) {
 			}
 
 			$lastDay = 0;
-			if($p_days != 0 && $p_days != PHP_INT_MAX ) {
+			if($p_days != 0 && $p_days != OTS_Account::GRATIS_PREMIUM_DAYS) {
 				$lastDay = time();
 			} else if ($lastDay != 0) {
 				$lastDay = 0;

admin/pages/players.php

@@ -885,11 +885,9 @@ else if ($id > 0 && isset($player) && $player->isLoaded())
             var look_feet = $('#look_feet').val();
             var look_type = $('#look_type').val();
 
+            var look_addons = '';
             <?php if($hasLookAddons): ?>
-                var look_addons = '&addons=' + $('#look_addons').val();
-	        <?php
-	        else: ?>
-	            var look_addons = '';
+                look_addons = '&addons=' + $('#look_addons').val();
 	        <?php endif; ?>
 
             new_outfit = '<?= $config['outfit_images_url']; ?>?id=' + look_type + look_addons + '&head=' + look_head + '&body=' + look_body + '&legs=' + look_legs + '&feet=' + look_feet;

admin/pages/version.php

@@ -26,7 +26,7 @@ if ($version_compare == 0) {
 	success('MyAAC latest version is ' . $myaac_version . '. You\'re using the latest version.
 	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=changelog', 'here'));
 } else if ($version_compare < 0) {
-	echo success('Woah, seems you\'re using newer version as latest released one! MyAAC latest released version is ' . $myaac_version . ', and you\'re using version ' . MYAAC_VERSION . '.
+	success('Woah, seems you\'re using newer version as latest released one! MyAAC latest released version is ' . $myaac_version . ', and you\'re using version ' . MYAAC_VERSION . '.
 	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=changelog', 'here'));
 } else {
 	warning('You\'re using outdated version.<br/>

common.php

@@ -23,15 +23,16 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
-if (version_compare(phpversion(), '5.5', '<')) die('PHP version 5.5 or higher is required.');
+if (version_compare(phpversion(), '5.6', '<')) die('PHP version 5.6 or higher is required.');
 session_start();
 
 define('MYAAC', true);
-define('MYAAC_VERSION', '0.8.2-dev');
-define('DATABASE_VERSION', 30);
+define('MYAAC_VERSION', '0.8.6');
+define('DATABASE_VERSION', 32);
 define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
+define('IS_CLI', in_array(php_sapi_name(), ['cli', 'phpdb']));
 
 // account flags
 define('FLAG_ADMIN', 1);
@@ -95,23 +96,23 @@ for($i = 1; $i < $size; $i++)
 $basedir = str_replace(array('/admin', '/install'), '', $basedir);
 define('BASE_DIR', $basedir);
 
-if(isset($_SERVER['HTTP_HOST'][0])) {
-	$baseHost = $_SERVER['HTTP_HOST'];
-}
-else {
-	if(isset($_SERVER['SERVER_NAME'][0])) {
-		$baseHost = $_SERVER['SERVER_NAME'];
-	}
-	else {
-		$baseHost = $_SERVER['SERVER_ADDR'];
+if(!IS_CLI) {
+	if (isset($_SERVER['HTTP_HOST'][0])) {
+		$baseHost = $_SERVER['HTTP_HOST'];
+	} else {
+		if (isset($_SERVER['SERVER_NAME'][0])) {
+			$baseHost = $_SERVER['SERVER_NAME'];
+		} else {
+			$baseHost = $_SERVER['SERVER_ADDR'];
+		}
 	}
+
+	define('SERVER_URL', 'http' . (isset($_SERVER['HTTPS'][0]) && strtolower($_SERVER['HTTPS']) === 'on' ? 's' : '') . '://' . $baseHost);
+	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
+	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
+
+	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
+
+	require SYSTEM . 'exception.php';
 }
-
-define('SERVER_URL', 'http' . (isset($_SERVER['HTTPS'][0]) && strtolower($_SERVER['HTTPS']) === 'on' ? 's' : '') . '://' . $baseHost);
-define('BASE_URL', SERVER_URL . BASE_DIR . '/');
-define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
-
-//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
-
-require SYSTEM . 'exception.php';
 require SYSTEM . 'autoload.php';

config.php

@@ -86,8 +86,8 @@ $config = array(
 	),
 
 	// images
-	'outfit_images_url' => 'http://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
-	'item_images_url' => 'http://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
+	'outfit_images_url' => 'https://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
+	'item_images_url' => 'https://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
 
 	// account
 	'account_management' => true, // disable if you're using other method to manage users (fe. tfs account manager)
@@ -151,12 +151,15 @@ $config = array(
 		4 => 'Knight Sample'
 	),
 
+	// it must show limited number of players after using search in character page
+	'characters_search_limit' => 15,
+
 	// town list used when creating character
 	// won't be displayed if there is only one item (rookgaard for example)
 	'character_towns' => array(1),
 
-	// characters lenght
-	// This is the minimum and the maximum length that a player can create a character. It is highly recommend the maximum lenght be 21.
+	// characters length
+	// This is the minimum and the maximum length that a player can create a character. It is highly recommend the maximum length to be 21.
 	'character_name_min_length' => 4,
 	'character_name_max_length' => 21,
 
@@ -221,7 +224,10 @@ $config = array(
 		'frags' => false,
 		'deleted' => false, // should deleted characters from same account be still listed on the list of characters? When enabled it will show that character is "[DELETED]"
 	),
-	'quests' => array(), // quests list (displayed in character view), name => storage
+	'quests' => array(
+		//'Some Quest' => 123,
+		//'Some Quest Two' => 456,
+	), // quests list (displayed in character view), name => storage
 	'signature_enabled' => true,
 	'signature_type' => 'tibian', // signature engine to use: tibian, mango, gesior
 	'signature_cache_time' => 5, // how long to store cached file (in minutes), default 5 minutes

index.php

@@ -38,7 +38,7 @@ else
 $uri = str_replace(array('index.php/', '?'), '', $uri);
 define('URI', $uri);
 
-if(preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
+if(preg_match("/^[A-Za-z0-9-_%'+]+\.png$/i", $uri)) {
 	$tmp = explode('.', $uri);
 	$_REQUEST['name'] = urldecode($tmp[0]);
 
@@ -48,7 +48,7 @@ if(preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
 }
 
 if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
-	header('HTTP/1.0 404 Not Found');
+	http_response_code(404);
 	exit;
 }
 
@@ -56,11 +56,17 @@ if(file_exists(BASE . 'config.local.php')) {
 	require_once BASE . 'config.local.php';
 }
 
+ini_set('log_errors', 1);
 if(config('env') === 'dev') {
 	ini_set('display_errors', 1);
 	ini_set('display_startup_errors', 1);
 	error_reporting(E_ALL);
 }
+else {
+	ini_set('display_errors', 0);
+	ini_set('display_startup_errors', 0);
+	error_reporting(E_ALL & ~E_DEPRECATED & ~E_STRICT);
+}
 
 if((!isset($config['installed']) || !$config['installed']) && file_exists(BASE . 'install'))
 {
@@ -186,26 +192,7 @@ if(!$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
 }
 
-// database migrations
-$tmp = '';
-if(fetchDatabaseConfig('database_version', $tmp)) { // we got version
-	$tmp = (int)$tmp;
-	if($tmp < DATABASE_VERSION) { // import if older
-		$db->revalidateCache();
-		for($i = $tmp + 1; $i <= DATABASE_VERSION; $i++) {
-			require SYSTEM . 'migrations/' . $i . '.php';
-			updateDatabaseConfig('database_version', $i);
-		}
-	}
-}
-else { // register first version
-	registerDatabaseConfig('database_version', 0);
-	$db->revalidateCache();
-	for($i = 1; $i <= DATABASE_VERSION; $i++) {
-		require SYSTEM . 'migrations/' . $i . '.php';
-		updateDatabaseConfig('database_version', $i);
-	}
-}
+require SYSTEM . 'migrate.php';
 
 $hooks->trigger(HOOK_STARTUP);
 
@@ -347,7 +334,7 @@ if($load_it)
 		}
 	} else {
 		$file = SYSTEM . 'pages/' . $page . '.php';
-		if(!@file_exists($file))
+		if(!@file_exists($file) || preg_match('/[^A-z0-9_\-]/', $page))
 		{
 			$page = '404';
 			$file = SYSTEM . 'pages/404.php';

install/includes/schema.sql

@@ -1,3 +1,5 @@
+SET @myaac_database_version = 32;
+
 CREATE TABLE `myaac_account_actions`
 (
 	`account_id` INT(11) NOT NULL,
@@ -57,6 +59,8 @@ CREATE TABLE `myaac_config`
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 
+INSERT INTO `myaac_config` (`name`, `value`) VALUES ('database_version', @myaac_database_version);
+
 CREATE TABLE `myaac_faq`
 (
 	`id` INT(11) NOT NULL AUTO_INCREMENT,
@@ -203,10 +207,24 @@ CREATE TABLE `myaac_monsters` (
 	`use_haste` tinyint(1) NOT NULL,
 	`voices` text NOT NULL,
 	`immunities` varchar(255) NOT NULL,
+	`elements` TEXT NOT NULL,
 	`summonable` tinyint(1) NOT NULL,
 	`convinceable` tinyint(1) NOT NULL,
+	`pushable` TINYINT(1) NOT NULL DEFAULT '0',
+	`canpushitems` TINYINT(1) NOT NULL DEFAULT '0',
+	`canwalkonenergy` TINYINT(1) NOT NULL DEFAULT '0',
+	`canwalkonpoison` TINYINT(1) NOT NULL DEFAULT '0',
+	`canwalkonfire` TINYINT(1) NOT NULL DEFAULT '0',
+	`runonhealth` TINYINT(1) NOT NULL DEFAULT '0',
+	`hostile` TINYINT(1) NOT NULL DEFAULT '0',
+	`attackable` TINYINT(1) NOT NULL DEFAULT '0',
+	`rewardboss` TINYINT(1) NOT NULL DEFAULT '0',
+	`defense` INT(11) NOT NULL DEFAULT '0',
+	`armor` INT(11) NOT NULL DEFAULT '0',
+	`canpushcreatures` TINYINT(1) NOT NULL DEFAULT '0',
 	`race` varchar(255) NOT NULL,
 	`loot` text NOT NULL,
+	`summons` TEXT NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 
@@ -322,7 +340,7 @@ CREATE TABLE `myaac_visitors`
 (
 	`ip` VARCHAR(16) NOT NULL,
 	`lastvisit` INT(11) NOT NULL DEFAULT 0,
-	`page` VARCHAR(100) NOT NULL,
+	`page` VARCHAR(2048) NOT NULL,
 	UNIQUE (`ip`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 

install/steps/3-requirements.php

@@ -1,6 +1,10 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
+// configuration
+$extensions_required = [
+	'pdo', 'pdo_mysql', 'xml', 'zip'
+];
 /*
  *
  * @param string $name
@@ -35,9 +39,11 @@ version_check('register_long_arrays', !$ini_register_globals, $ini_register_glob
 $ini_safe_mode = ini_get_bool('safe_mode');
 version_check('safe_mode', !$ini_safe_mode, $ini_safe_mode ? $locale['on'] : $locale['off'], true);
 
-version_check(str_replace('$EXTENSION$', 'PDO', $locale['step_requirements_extension']) , extension_loaded('pdo'), extension_loaded('pdo') ? $locale['loaded'] : $locale['not_loaded']);
-version_check(str_replace('$EXTENSION$', 'XML', $locale['step_requirements_extension']), extension_loaded('xml'), extension_loaded('xml') ? $locale['loaded'] : $locale['not_loaded']);
-version_check(str_replace('$EXTENSION$', 'ZIP', $locale['step_requirements_extension']), extension_loaded('zip'), extension_loaded('zip') ? $locale['loaded'] : $locale['not_loaded']);
+foreach ($extensions_required as $ext) {
+	$loaded = extension_loaded($ext);
+	version_check(str_replace('$EXTENSION$', strtoupper($ext), $locale['step_requirements_extension']) , $loaded, $loaded ? $locale['loaded'] : $locale['not_loaded']);
+}
+
 
 if($failed)
 {

install/tools/5-database.php

@@ -48,7 +48,6 @@ else {
 	try {
 		$db->query(file_get_contents(BASE . 'install/includes/schema.sql'));
 
-		registerDatabaseConfig('database_version', DATABASE_VERSION);
 		$locale['step_database_success_schema'] = str_replace('$PREFIX$', TABLE_PREFIX, $locale['step_database_success_schema']);
 		success($locale['step_database_success_schema']);
 	}

install/tools/7-finish.php

@@ -34,10 +34,10 @@ function insert_sample_if_not_exist($p) {
 
 $success = true;
 insert_sample_if_not_exist(array('name' => 'Rook Sample', 'level' => 1, 'vocation_id' => 0, 'health' => 150, 'healthmax' => 150, 'experience' => 0, 'looktype' => 130, 'mana' => 0, 'manamax' => 0, 'soul' => 100, 'cap' => 400));
-insert_sample_if_not_exist(array('name' => 'Sorcerer Sample', 'level' => 8, 'vocation_id' => 1, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 35, 'manamax' => 35, 'soul' => 100, 'cap' => 470));
-insert_sample_if_not_exist(array('name' => 'Druid Sample', 'level' => 8, 'vocation_id' => 2, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 35, 'manamax' => 35, 'soul' => 100, 'cap' => 470));
-insert_sample_if_not_exist(array('name' => 'Paladin Sample', 'level' => 8, 'vocation_id' => 3, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 129, 'mana' => 35, 'manamax' => 35, 'soul' => 100, 'cap' => 470));
-insert_sample_if_not_exist(array('name' => 'Knight Sample', 'level' => 8, 'vocation_id' => 4, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 131, 'mana' => 35, 'manamax' => 35, 'soul' => 100, 'cap' => 470));
+insert_sample_if_not_exist(array('name' => 'Sorcerer Sample', 'level' => 8, 'vocation_id' => 1, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
+insert_sample_if_not_exist(array('name' => 'Druid Sample', 'level' => 8, 'vocation_id' => 2, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
+insert_sample_if_not_exist(array('name' => 'Paladin Sample', 'level' => 8, 'vocation_id' => 3, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 129, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
+insert_sample_if_not_exist(array('name' => 'Knight Sample', 'level' => 8, 'vocation_id' => 4, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 131, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
 
 if($success) {
 	success($locale['step_database_imported_players']);
@@ -91,6 +91,7 @@ require_once SYSTEM . 'migrations/22.php';
 
 // add myaac_pages pages
 require_once SYSTEM . 'migrations/27.php';
+require_once SYSTEM . 'migrations/30.php';
 
 $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_replace('tools/', '',ADMIN_URL), $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(str_replace('tools/', '', BASE_URL), $locale['step_finish_homepage'], true), $locale['step_finish_desc']);

release.sh

@@ -17,12 +17,14 @@ if [ $1 = "prepare" ]; then
 
 	echo "Preparing to release version $version of the MyAAC Project!"
 
+	# make required directories
+	mkdir -p releases
+	mkdir -p tmp
+
 	# get myaac from git archive
 	git archive --format zip --output tmp/myaac.zip master
 
-	# make required directories
-	mkdir -p releases
-	mkdir -p tmp && cd tmp
+	cd tmp/ || exit
 
 	dir="myaac-$version"
 	if [ -d "$dir" ] ; then
@@ -41,7 +43,7 @@ if [ $1 = "pack" ]; then
 	# define release version
 	version=`cat VERSION`
 
-	cd tmp
+	cd tmp || exit
 
 	# tar.gz
 	echo "Creating .tar.gz package.."
@@ -60,4 +62,4 @@ if [ $1 = "pack" ]; then
 	echo "Done. Released files can be found in 'releases' directory."
 
 	exit
-fi
+fi

system/clients.conf.php

@@ -9,7 +9,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$config['clients'] = array(
+$config['clients'] = [
 	710,
 	740,
 	750,
@@ -54,7 +54,9 @@ $config['clients'] = array(
 
 	1000,
 	1010,
+	1020,
 	1021,
+	1030,
 	1031,
 	1034,
 	1041,
@@ -62,6 +64,7 @@ $config['clients'] = array(
 	1053,
 	1054,
 	1058,
+	1070,
 	1075,
 	1077,
 	1079,
@@ -74,5 +77,16 @@ $config['clients'] = array(
 	1097,
 	1098,
 	1100,
-);
-?>
+	1102,
+	1140,
+	1150,
+	1180,
+	1200,
+	1202,
+	1215,
+	1220,
+	1230,
+	1240,
+	1251,
+	1260,
+];

system/functions.php

@@ -14,11 +14,20 @@ defined('MYAAC') or die('Direct access not allowed!');
 
 function message($message, $type, $return)
 {
-    if($return)
-        return '<div class="' . $type . '" style="margin-bottom:10px;">' . $message . '</div>';
+	if(IS_CLI) {
+		if($return) {
+			return $message;
+		}
 
-    echo '<div class="' . $type . '" style="margin-bottom:10px;">' . $message . '</div>';
-    return true;
+		echo $message;
+		return true;
+	}
+
+	if($return)
+		return '<div class="' . $type . '" style="margin-bottom:10px;">' . $message . '</div>';
+
+	echo '<div class="' . $type . '" style="margin-bottom:10px;">' . $message . '</div>';
+	return true;
 }
 function success($message, $return = false) {
     return message($message, 'success', $return);
@@ -922,6 +931,12 @@ function load_config_lua($filename)
 	if(count($lines) > 0) {
 		foreach($lines as $ln => $line)
 		{
+			$line = trim($line);
+			if(@$line[0] === '{' || @$line[0] === '}') {
+				// arrays are not supported yet
+				// just ignore the error
+				continue;
+			}
 			$tmp_exp = explode('=', $line, 2);
 			if(strpos($line, 'dofile') !== false)
 			{
@@ -948,16 +963,17 @@ function load_config_lua($filename)
 						$result[$key] = (string) substr(substr($value, 1), 0, -1);
 					elseif(in_array($value, array('true', 'false')))
 						$result[$key] = ($value === 'true') ? true : false;
-					elseif(@$value[0] === '{' && @$value[strlen($value) - 1] === '}') {
+					elseif(@$value[0] === '{') {
 						// arrays are not supported yet
 						// just ignore the error
+						continue;
 					}
 					else
 					{
 						foreach($result as $tmp_key => $tmp_value) // load values definied by other keys, like: dailyFragsToBlackSkull = dailyFragsToRedSkull
 							$value = str_replace($tmp_key, $tmp_value, $value);
 						$ret = @eval("return $value;");
-						if((string) $ret == '') // = parser error
+						if((string) $ret == '' && trim($value) !== '""') // = parser error
 						{
 							throw new RuntimeException('ERROR: Loading config.lua file. Line <b>' . ($ln + 1) . '</b> of LUA config file is not valid [key: <b>' . $key . '</b>]');
 						}
@@ -982,6 +998,10 @@ function str_replace_first($search, $replace, $subject) {
 }
 
 function get_browser_real_ip() {
+	if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
+		$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
+	}
+
 	if(isset($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['REMOTE_ADDR']))
 		return $_SERVER['REMOTE_ADDR'];
 	else if(isset($_SERVER['HTTP_CLIENT_IP']) && !empty($_SERVER['HTTP_CLIENT_IP']))

system/init.php

@@ -119,6 +119,8 @@ if(!isset($config['highscores_ids_hidden']) || count($config['highscores_ids_hid
 	$config['highscores_ids_hidden'] = array(0);
 }
 
+$config['account_create_character_create'] = config('account_create_character_create') && (!config('mail_enabled') || !config('account_mail_verify'));
+
 // POT
 require_once SYSTEM . 'libs/pot/OTS.php';
 $ots = POT::getInstance();
@@ -140,10 +142,8 @@ else {
 	if(!@file_exists($file))
 		$file = $config['data_path'] . 'vocations.xml';
 
-	$vocations->load($file);
-
-	if(!$vocations)
-		throw new RuntimeException('ERROR: Cannot load <i>vocations.xml</i> file.');
+	if(!$vocations->load($file))
+		throw new RuntimeException('ERROR: Cannot load <i>vocations.xml</i> - the file is malformed. Check the file with xml syntax validator.');
 
 	$config['vocations'] = array();
 	foreach($vocations->getElementsByTagName('vocation') as $vocation) {
@@ -180,7 +180,8 @@ else {
 // load towns from database (TFS 1.3) //
 ////////////////////////////////////////
 
-$towns = array();
+$tmp = '';
+$towns = [];
 if($cache->enabled() && $cache->fetch('towns', $tmp)) {
 	$towns = unserialize($tmp);
 }
@@ -193,20 +194,14 @@ else {
 		}
 
 		unset($query);
-		if($cache->enabled()) {
-			$cache->set('towns', serialize($towns), 600);
-		}
 	}
-	else if($cache->enabled()) {
-		$cache->set('towns', serialize(array()), 600);
+	else {
+		$towns = config('towns');
 	}
-}
 
-$configTowns = config('towns');
-if($configTowns !== null && (!isset($configTowns[1]) || $configTowns[1] !== 'Sample town')) {
-	$towns = array_replace(
-		$towns, $configTowns
-	);
+	if($cache->enabled()) {
+		$cache->set('towns', serialize($towns), 600);
+	}
 }
 
 config(['towns', $towns]);

system/libs/CreateCharacter.php

@@ -26,19 +26,13 @@ class CreateCharacter
 		if(empty($name))
 			$errors['name'] = 'Please enter a name for your character!';
 		else if(strlen($name) > $maxLength)
-			$errors['name'] = 'Name is too long. Max. lenght <b>'.$maxLength.'</b> letters.';
+			$errors['name'] = 'Name is too long. Max. length <b>'.$maxLength.'</b> letters.';
 		else if(strlen($name) < $minLength)
-			$errors['name'] = 'Name is too short. Min. lenght <b>'.$minLength.'</b> letters.';
+			$errors['name'] = 'Name is too short. Min. length <b>'.$minLength.'</b> letters.';
 		else {
 			if(!admin() && !Validator::newCharacterName($name)) {
 				$errors['name'] = Validator::getLastError();
 			}
-
-			$exist = new OTS_Player();
-			$exist->find($name);
-			if($exist->isLoaded()) {
-				$errors['name'] = 'Character with this name already exist.';
-			}
 		}
 
 		if(empty($sex) && $sex != "0")
@@ -120,7 +114,7 @@ class CreateCharacter
 			return false;
 		}
 
-		global $db, $twig;
+		global $db;
 
 		if($sex == "0")
 			$char_to_copy->setLookType(136);
@@ -186,7 +180,7 @@ class CreateCharacter
 		}
 
 		$player->save();
-		$player->setCustomField("created", time());
+		$player->setCustomField('created', time());
 
 		$player = new OTS_Player();
 		$player->find($name);
@@ -209,6 +203,7 @@ class CreateCharacter
 		foreach($loaded_items_to_copy as $save_item)
 			$db->query("INSERT INTO `player_items` (`player_id` ,`pid` ,`sid` ,`itemtype`, `count`, `attributes`) VALUES ('".$player->getId()."', '".$save_item['pid']."', '".$save_item['sid']."', '".$save_item['itemtype']."', '".$save_item['count']."', '".$save_item['attributes']."');");
 
+		global $twig;
 		$twig->display('success.html.twig', array(
 			'title' => 'Character Created',
 			'description' => 'The character <b>' . $name . '</b> has been created.<br/>

system/libs/pot/InvitesDriver.php

@@ -55,7 +55,12 @@ class InvitesDriver implements IOTS_GuildAction
     // invites player to current guild
     public function addRequest(OTS_Player $player)
     {
-        $this->db->query('INSERT INTO ' . $this->db->tableName('guild_invites') .' (' . $this->db->fieldName('player_id') . ', ' . $this->db->fieldName('guild_id') . ') VALUES ('.$this->db->quote($player->getId()).', '.$this->db->quote($this->guild->id).')');
+        $extra_keys = $extra_values = '';
+        if($this->db->hasColumn('guild_invites', 'date')) {
+            $extra_keys = ', `date`';
+            $extra_values = ', '.$this->db->quote(time());
+        }
+        $this->db->query('INSERT INTO `guild_invites` (`player_id`, `guild_id`' . $extra_keys . ') VALUES ('.$this->db->quote($player->getId()).', '.$this->db->quote($this->guild->id). $extra_values . ')');
     }
 
     // un-invites player

system/libs/pot/OTS_Account.php

@@ -42,6 +42,8 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
     private $data = array('email' => '', 'blocked' => false, 'rlname' => '','location' => '', 'country' => '','web_flags' => 0, 'lastday' => 0, 'premdays' => 0, 'created' => 0);
 
 	public static $cache = array();
+
+	const GRATIS_PREMIUM_DAYS = 65535;
 /**
  * Creates new account.
  *
@@ -185,7 +187,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		}
 
         // SELECT query on database
-		$this->data = $this->db->query('SELECT `id`, ' . ($this->db->hasColumn('accounts', 'name') ? '`name`,' : '') . '`password`, `email`, `blocked`, `rlname`, `location`, `country`, `web_flags`, ' . ($this->db->hasColumn('accounts', 'premdays') ? '`premdays`, ' : '') . ($this->db->hasColumn('accounts', 'lastday') ? '`lastday`, ' : ($this->db->hasColumn('accounts', 'premend') ? '`premend`,' : '')) . '`created` FROM `accounts` WHERE `id` = ' . (int) $id)->fetch();
+		$this->data = $this->db->query('SELECT `id`, ' . ($this->db->hasColumn('accounts', 'name') ? '`name`,' : '') . '`password`, `email`, `blocked`, `rlname`, `location`, `country`, `web_flags`, ' . ($this->db->hasColumn('accounts', 'premdays') ? '`premdays`, ' : '') . ($this->db->hasColumn('accounts', 'lastday') ? '`lastday`, ' : ($this->db->hasColumn('accounts', 'premend') ? '`premend`,' : ($this->db->hasColumn('accounts', 'premium_ends_at') ? '`premium_ends_at`,' : ''))) . '`created` FROM `accounts` WHERE `id` = ' . (int) $id)->fetch();
 		self::$cache[$id] = $this->data;
     }
 
@@ -272,6 +274,12 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 			$this->data['premend'] = 0;
 		}
 	}
+	else if($this->db->hasColumn('accounts', 'premium_ends_at')) {
+		$field = 'premium_ends_at';
+		if(!isset($this->data['premium_ends_at'])) {
+			$this->data['premium_ends_at'] = 0;
+		}
+	}
 
         // UPDATE query on database
         $this->db->exec('UPDATE `accounts` SET ' . ($this->db->hasColumn('accounts', 'name') ? '`name` = ' . $this->db->quote($this->data['name']) . ',' : '') . '`password` = ' . $this->db->quote($this->data['password']) . ', `email` = ' . $this->db->quote($this->data['email']) . ', `blocked` = ' . (int) $this->data['blocked'] . ', `rlname` = ' . $this->db->quote($this->data['rlname']) . ', `location` = ' . $this->db->quote($this->data['location']) . ', `country` = ' . $this->db->quote($this->data['country']) . ', `web_flags` = ' . (int) $this->data['web_flags'] . ', ' . ($this->db->hasColumn('accounts', 'premdays') ? '`premdays` = ' . (int) $this->data['premdays'] . ',' : '') . '`' . $field . '` = ' . (int) $this->data[$field] . ' WHERE `id` = ' . $this->data['id']);
@@ -359,12 +367,14 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 
 	public function getPremDays()
 	{
-		if(!isset($this->data['lastday']) && !isset($this->data['premend'])) {
+		if(!isset($this->data['lastday']) && !isset($this->data['premend']) && !isset($this->data['premium_ends_at'])) {
 			throw new E_OTS_NotLoaded();
 		}
 
-		if(isset($this->data['premend'])) {
-			return round(($this->data['premend'] - time()) / (24 * 60 * 60), 2);
+		if(isset($this->data['premium_ends_at']) || isset($this->data['premend'])) {
+			$col = isset($this->data['premium_ends_at']) ? 'premium_ends_at' : 'premend';
+			$ret = ceil(($this->data[$col] - time()) / (24 * 60 * 60));
+			return $ret > 0 ? $ret : 0;
 		}
 
 		if($this->data['premdays'] == 0) {
@@ -372,8 +382,14 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		}
 
 		global $config;
-        if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return -1;
-		return $this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday']));
+		if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return -1;
+
+		if($this->data['premdays'] == self::GRATIS_PREMIUM_DAYS){
+			return self::GRATIS_PREMIUM_DAYS;
+		}
+
+		$ret = ceil($this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday'])));
+		return $ret > 0 ? $ret : 0;
 	}
 
    public function getLastLogin()
@@ -391,6 +407,10 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		global $config;
         if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return true;
 
+	    if(isset($this->data['premium_ends_at'])) {
+		    return $this->data['premium_ends_at'] > time();
+	    }
+
 		if(isset($this->data['premend'])) {
 			return $this->data['premend'] > time();
 		}
@@ -419,6 +439,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
     {
 		$this->data['premdays'] = (int) $premdays;
 		$this->data['premend'] = time() + ($premdays * 24 * 60 * 60);
+		$this->data['premium_ends_at'] = time() + ($premdays * 24 * 60 * 60);
     }
 
     public function setRLName($name)

system/libs/pot/OTS_Base_DB.php

@@ -23,6 +23,7 @@
  */
 abstract class OTS_Base_DB extends PDO implements IOTS_DB
 {
+	use OTS_DB_PDOQuery;
 /**
  * Tables prefix.
  *
@@ -74,7 +75,7 @@ abstract class OTS_Base_DB extends PDO implements IOTS_DB
         return $this->fieldName($this->prefix . $name);
     }
 
-	public function query($query)
+	private function doQuery(...$args)
 	{
 		$this->queries++;
 
@@ -82,7 +83,7 @@ abstract class OTS_Base_DB extends PDO implements IOTS_DB
 			$startTime = microtime(true);
 		}
 
-		$ret = parent::query($query);
+		$ret = parent::query(...$args);;
 		if($this->logged) {
 			$totalTime = microtime(true) - $startTime;
 			$this->log .= round($totalTime, 4) . ' ms - ' . $query . PHP_EOL;

system/libs/pot/OTS_DB_PDOQuery.php

@@ -0,0 +1,16 @@
+<?php
+
+if (PHP_VERSION_ID >= 80000) {
+	require LIBS . 'pot/OTS_DB_PDOQuery_PHP71.php';
+} else {
+	trait OTS_DB_PDOQuery
+	{
+		/**
+		 * @return PDOStatement
+		 */
+		public function query()
+		{
+			return $this->doQuery(...func_get_args());
+		}
+	}
+}

system/libs/pot/OTS_DB_PDOQuery_PHP71.php

@@ -0,0 +1,12 @@
+<?php
+
+trait OTS_DB_PDOQuery
+{
+	/**
+	 * @return PDOStatement
+	 */
+	public function query(?string $query = null, ?int $fetchMode = null, mixed ...$fetchModeArgs)
+	{
+		return $this->doQuery($query, $fetchMode, ...$fetchModeArgs);
+	}
+}

system/libs/pot/OTS_HousesList.php

@@ -57,7 +57,7 @@ class OTS_HousesList implements IteratorAggregate, Countable, ArrayAccess
  * @param array $properties List of object properties.
  * @throws DOMException On DOM operation error.
  */
-    public function __set_state($properties)
+    public static function __set_state($properties)
     {
         $object = new self();
 

system/libs/pot/OTS_MonstersList.php

@@ -86,7 +86,7 @@ class OTS_MonstersList implements Iterator, Countable, ArrayAccess
  * 
  * @param array $properties List of object properties.
  */
-    public function __set_state($properties)
+    public static function __set_state($properties)
     {
         $object = new self();
 

system/libs/pot/OTS_Player.php

@@ -234,12 +234,6 @@ class OTS_Player extends OTS_Row_DAO
 			$this->data = $this->db->query('SELECT `id`, `name`, `account_id`, `group_id`, `sex`, `vocation`, `experience`, `level`, `maglevel`, `health`, `healthmax`, `mana`, `manamax`, `manaspent`, `soul`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`' . ($this->db->hasColumn('players', 'lookaddons') ? ', `lookaddons`' : '') . ', `posx`, `posy`, `posz`, `cap`, `lastlogin`, `lastlogout`, `lastip`, `save`, `conditions`, `' . $__load['skull_time'] . '` as `skulltime`, `' . $__load['skull_type'] . '` as `skull`' . $__load['guild_info'] . ', `town_id`' . $__load['loss_experience'] . $__load['loss_items'] . ', `balance`' . ($__load['blessings'] ? ', `blessings`' : '') . ($__load['direction'] ? ', `direction`' : '') . ($__load['stamina'] ? ', `stamina`' : '') . ($__load['world_id'] ? ', `world_id`' : '') . ($__load['online'] ? ', `online`' : '') . ', `' . ($__load['deletion'] ? 'deletion' : 'deleted') . '`' . ($__load['promotion'] ? ', `promotion`' : '') . ($__load['marriage'] ? ', `marriage`' : '') . ', `comment`, `created`, `hidden` FROM `players` WHERE `id` = ' . (int)$id)->fetch();
 		}
 
-		if(!isset($this->data['guildnick']))
-			$this->data['guildnick'] = '';
-
-		if(!isset($this->data['rank_id']))
-			$this->data['rank_id'] = 0;
-
         // loads skills
         if( $this->isLoaded() && $load_skills)
         {
@@ -1917,15 +1911,13 @@ class OTS_Player extends OTS_Row_DAO
  * @throws E_OTS_NotLoaded If player is not loaded.
  * @deprecated 0.0.4 Use getRank().
  */
-    public function getRankId()
-    {
-        if( !isset($this->data['rank_id']) )
-        {
-            throw new E_OTS_NotLoaded();
-        }
+	public function getRankId()
+	{
+		if(!isset($this->data['guildnick']) || !isset($this->data['rank_id']))
+			$this->loadRank();
 
-        return $this->data['rank_id'];
-    }
+		return $this->data['rank_id'];
+	}
 
 /**
  * Assigned guild rank.
@@ -3636,4 +3628,4 @@ class OTS_Player extends OTS_Row_DAO
 
 /**#@-*/
 
-?>
+?>

system/libs/pot/OTS_SpellsList.php

@@ -72,7 +72,7 @@ class OTS_SpellsList implements IteratorAggregate, Countable
  * 
  * @param array $properties List of object properties.
  */
-    public function __set_state($properties)
+    public static function __set_state($properties)
     {
         $object = new self();
 

system/libs/pot/OTS_VocationsList.php

@@ -59,7 +59,7 @@ class OTS_VocationsList implements IteratorAggregate, Countable, ArrayAccess
  * @param array $properties List of object properties.
  * @throws DOMException On DOM operation error.
  */
-    public function __set_state($properties)
+    public static function __set_state($properties)
     {
         $object = new self();
 

system/libs/pot/compat.php

@@ -1,85 +0,0 @@
-<?php
-
-/**#@+
- * @version 0.0.2
- * @since 0.0.2
- */
-
-/**
- * POT compatibility assurance package.
- * 
- * This package makes you sure that POT scripts won't cause FATAL errors on PHP older PHP 5.x versions. However remember that some PHP features won't be enabled with it. For example if you have PHP 5.0.x, this package will define Countable interface for you so PHP will know it, but it won't allow you to use count($countableObject) structure.
- * 
- * Note that you need to include this file before any other POT file or they will cause FATAL errors.
- * 
- * @package POT
- * @version 0.1.2
- * @subpackage compat
- * @author Wrzasq <wrzasq@gmail.com>
- * @copyright 2007 - 2008 (C) by Wrzasq
- * @license http://www.gnu.org/licenses/lgpl-3.0.txt GNU Lesser General Public License, Version 3
- * @tutorial POT/PHP_5.0.pkg
- */
-
-// OutOfBoundsException class for 5.0.x
-if( !class_exists('OutOfBoundsException') )
-{
-/**
- * @ignore
- * @version 0.1.0
- * @since 0.1.0
- */
-    class OutOfBoundsException extends Exception
-    {
-    }
-}
-
-// LogicException class for 5.0.x
-if( !class_exists('LogicException') )
-{
-/**
- * @ignore
- * @version 0.1.2
- * @since 0.1.2
- */
-    class LogicException extends Exception
-    {
-    }
-}
-
-// Countable for PHP 5.0.x
-if( !interface_exists('Countable') )
-{
-/**
- * @ignore
- */
-    interface Countable
-    {
-        public function count();
-    }
-}
-
-// spl_autoload_register() walkaround
-if( !function_exists('spl_autoload_register') )
-{
-/**
- * @ignore
- */
-    function spl_autoload_register($callback)
-    {
-        if( !function_exists('__autoload') )
-        {
-/**
- * @ignore
- */
-            function __autoload($class)
-            {
-                POT::getInstance()->loadClass($class);
-            }
-        }
-    }
-}
-
-/**#@-*/
-
-?>

system/libs/validator.php

@@ -85,7 +85,13 @@ class Validator
 			return false;
 		}
 
-		if(!preg_match("/[A-Z0-9]/i", $name))
+		if(preg_match('/ {2,}/', $name))
+		{
+			self::$lastError = 'Invalid account name format. Use only A-Z and numbers 0-9 and no double spaces.';
+			return false;
+		}
+
+		if(!preg_match("/^[A-Z0-9]+$/i", $name))
 		{
 			self::$lastError = 'Invalid account name format. Use only A-Z and numbers 0-9.';
 			return false;
@@ -133,18 +139,8 @@ class Validator
 			return false;
 		}
 
-		if (strlen($password) < 8 || strlen($password) > 30) {
-			self::$lastError = 'The password must have at least 8 and maximum 30 letters!';
-			return false;
-		}
-
-		if(strspn($password, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") != strlen($password)) {
-			self::$lastError = 'Password contains illegal letters (a-z, A-Z and 0-9 only!).';
-			return false;
-		}
-
-		if(!ctype_alnum($password)) {
-			self::$lastError = 'Password contains illegal letters (a-z, A-Z and 0-9 only!).';
+		if (strlen($password) < 8 || strlen($password) > 29) {
+			self::$lastError = 'The password must have at least 8 and maximum 29 letters!';
 			return false;
 		}
 
@@ -154,7 +150,7 @@ class Validator
 		}
 
 		if(!preg_match('/[0-9]/', $password)) {
-			self::$lastError = 'The password must contain at least one letter other than A-Z or a-z!';
+			self::$lastError = 'The password must contain at least one number!';
 			return false;
 		}
 
@@ -179,13 +175,13 @@ class Validator
 		$length = strlen($name);
 		if($length < 3)
 		{
-			self::$lastError = 'Character name is too short. Min. lenght <b>3</b> characters.';
+			self::$lastError = 'Character name is too short. Min. length <b>3</b> characters.';
 			return false;
 		}
 
 		if($length > 25)
 		{
-			self::$lastError = 'Character name is too long. Max. lenght <b>25</b> characters.';
+			self::$lastError = 'Character name is too long. Max. length <b>25</b> characters.';
 			return false;
 		}
 
@@ -194,6 +190,13 @@ class Validator
 			self::$lastError = "Invalid name format. Use only A-Z, spaces and '.";
 			return false;
 		}
+
+		if(preg_match('/ {2,}/', $name))
+		{
+			self::$lastError = 'Invalid character name format. Use only A-Z and numbers 0-9 and no double spaces.';
+			return false;
+		}
+
 		if(!preg_match("/[A-z ']/", $name))
 		{
 			self::$lastError = "Invalid name format. Use only A-Z, spaces and '.";
@@ -240,6 +243,12 @@ class Validator
 			return false;
 		}
 
+		if(preg_match('/ {2,}/', $name))
+		{
+			self::$lastError = 'Invalid character name format. Use only A-Z and numbers 0-9 and no double spaces.';
+			return false;
+		}
+
 		if(strtolower($config['lua']['serverName']) == $name_lower) {
 			self::$lastError = 'Your name cannot be same as server name.';
 			return false;
@@ -272,14 +281,6 @@ class Validator
 			}
 		}
 
-		for($i = 0; $i < $name_length; $i++)
-		{
-			if(isset($name_lower[$i - 1]) && $name_lower[$i - 1] == ' ' && isset($name_lower[$i + 1]) && $name_lower[$i + 1] == ' ') {
-				self::$lastError = 'Your name contains too many spaces.';
-				return false;
-			}
-		}
-
 		$player = new OTS_Player();
 		$player->find($name);
 		if($player->isLoaded()) {
@@ -327,13 +328,7 @@ class Validator
 			return false;
 		}
 
-		if($name_length < 3 || $name_length  > 28) {
-			self::$lastError = 'Your name cannot be shorter than 3 characters and longer than 28 characters.';
-			return false;
-		}
-
-
-		if(!preg_match("/[A-z ']{3,28}/", $name)) {
+		if(!preg_match("/[A-z ']/", $name)) {
 			self::$lastError = 'Your name containst illegal characters.';
 			return false;
 		}

system/migrate.php

@@ -0,0 +1,22 @@
+<?php
+
+// database migrations
+$tmp = '';
+if(fetchDatabaseConfig('database_version', $tmp)) { // we got version
+	$tmp = (int)$tmp;
+	if($tmp < DATABASE_VERSION) { // import if older
+		$db->revalidateCache();
+		for($i = $tmp + 1; $i <= DATABASE_VERSION; $i++) {
+			require SYSTEM . 'migrations/' . $i . '.php';
+			updateDatabaseConfig('database_version', $i);
+		}
+	}
+}
+else { // register first version
+	registerDatabaseConfig('database_version', 0);
+	$db->revalidateCache();
+	for($i = 1; $i <= DATABASE_VERSION; $i++) {
+		require SYSTEM . 'migrations/' . $i . '.php';
+		updateDatabaseConfig('database_version', $i);
+	}
+}

system/migrations/1.php

@@ -10,7 +10,7 @@
 	`type` INT(2) NOT NULL DEFAULT 0,
 	`file` VARCHAR(100) NOT NULL,
 	PRIMARY KEY (`id`)
-) ENGINE = MyISAM;
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 ");
 
 ?>

system/migrations/10.php

@@ -1,7 +1,7 @@
 <?php
 	if(!$db->hasColumn(TABLE_PREFIX . 'hooks', 'ordering'))
 		$db->query("ALTER TABLE `" . TABLE_PREFIX . "hooks` ADD `ordering` INT(11) NOT NULL DEFAULT 0 AFTER `file`;");
-	
+
 	if(!$db->hasTable(TABLE_PREFIX . 'admin_menu'))
 		$db->query("
 CREATE TABLE `myaac_admin_menu`
@@ -13,5 +13,5 @@ CREATE TABLE `myaac_admin_menu`
 	`flags` INT(11) NOT NULL DEFAULT 0,
 	`enabled` INT(1) NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
-) ENGINE = MyISAM;");
-?>
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+");

system/migrations/12.php

@@ -22,7 +22,8 @@ CREATE TABLE `" . TABLE_PREFIX . "items`
 	`plural` VARCHAR(50) NOT NULL DEFAULT '',
 	`attributes` VARCHAR(500) NOT NULL DEFAULT '',
 	PRIMARY KEY (`id`)
-) ENGINE = MyISAM;");
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+");
 
 // new weapons table
 if(!$db->hasTable(TABLE_PREFIX . 'weapons'))
@@ -34,7 +35,8 @@ CREATE TABLE `" . TABLE_PREFIX . "weapons`
 	`maglevel` INT(11) NOT NULL DEFAULT 0,
 	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
 	PRIMARY KEY (`id`)
-) ENGINE = MyISAM;");
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+");
 
 // modify vocations to support json data
 $db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` MODIFY `vocations` VARCHAR(100) NOT NULL DEFAULT '';");

system/migrations/17.php

@@ -12,8 +12,9 @@ CREATE TABLE `myaac_menu`
 	`ordering` INT(11) NOT NULL DEFAULT 0,
 	`enabled` INT(1) NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
-) ENGINE = MyISAM;");
-	
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+");
+
 	$db->query("
 /* MENU_CATEGORY_NEWS kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Latest News', 'news', 1, 0);

system/migrations/22.php

@@ -11,7 +11,8 @@ CREATE TABLE `z_polls` (
   `answers` int(11) NOT NULL DEFAULT 0,
   `votes_all` int(11) NOT NULL DEFAULT 0,
   PRIMARY KEY  (`id`)
-) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;');
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+');
 
 if(!$db->hasTable('z_polls_answers'))
 $db->query('
@@ -20,7 +21,8 @@ $db->query('
   `answer_id` int(11) NOT NULL,
   `answer` varchar(255) NOT NULL,
   `votes` int(11) NOT NULL DEFAULT 0
-) ENGINE=MyISAM DEFAULT CHARSET=latin1;');
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+');
 
 if(!$db->hasColumn('accounts', 'vote'))
 	$db->query('ALTER TABLE `accounts` ADD `vote` INT( 11 ) DEFAULT 0 NOT NULL ;');

system/migrations/31.php

@@ -0,0 +1,18 @@
+<?php
+
+if(!$db->hasColumn(TABLE_PREFIX . 'monsters', 'elements')) {
+	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `elements` TEXT NOT NULL AFTER `immunities`;");
+	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `pushable` TINYINT(1) NOT NULL DEFAULT '0' AFTER `convinceable`;");
+	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `canpushitems` TINYINT(1) NOT NULL DEFAULT '0' AFTER `pushable`;");
+	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `canpushcreatures` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canpushitems`;");
+	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `canwalkonenergy` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canpushitems`;");
+	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `canwalkonpoison` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canwalkonenergy`;");
+	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `canwalkonfire` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canwalkonpoison`;");
+	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `runonhealth` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canwalkonfire`;");
+	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `hostile` TINYINT(1) NOT NULL DEFAULT '0' AFTER `runonhealth`;");
+	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `attackable` TINYINT(1) NOT NULL DEFAULT '0' AFTER `hostile`;");
+	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `rewardboss` TINYINT(1) NOT NULL DEFAULT '0' AFTER `attackable`;");
+	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `defense` INT(11) NOT NULL DEFAULT '0' AFTER `rewardboss`;");
+	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `armor` INT(11) NOT NULL DEFAULT '0' AFTER `defense`;");
+	$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters`  ADD `summons` TEXT NOT NULL AFTER `loot`;");
+}

system/migrations/32.php

@@ -0,0 +1,4 @@
+<?php
+// Increase size of page in myaac_visitors table
+
+$db->exec('ALTER TABLE `' . TABLE_PREFIX . "visitors` MODIFY `page` VARCHAR(2048) NOT NULL;");

system/pages/account/change_email.php

@@ -66,7 +66,7 @@ if($email_new_time < 10) {
 else
 {
 	if($email_new_time < time()) {
-		if($_POST['changeemailsave'] == 1) {
+		if (isset($_POST['changeemailsave']) && $_POST['changeemailsave'] == 1) {
 			$account_logged->setCustomField("email_new", "");
 			$account_logged->setCustomField("email_new_time", 0);
 			$account_logged->setEmail($email_new);
@@ -110,14 +110,14 @@ else
 			));
 		}
 	}
-	else
+	else if(!isset($_POST['emailchangecancel']) || $_POST['emailchangecancel'] != 1)
 	{
 		$custom_buttons = '
 <table style="width:100%;" >
 	<tr align="center">
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0" >
-				<form action="{{ ' .getLink('account/email') . ' }}" method="post" >
+				<form action="' .getLink('account/email') . '" method="post" >
 					<tr>
 						<td style="border:0px;" >
 							<input type="hidden" name="emailchangecancel" value="1" >

system/pages/account/change_name.php

@@ -21,19 +21,15 @@ else
 		if($points < $config['account_change_character_name_points'])
 			$errors[] = 'You need ' . $config['account_change_character_name_points'] . ' premium points to change name. You have <b>'.$points.'<b> premium points.';
 
+		$minLength = config('character_name_min_length');
+		$maxLength = config('character_name_max_length');
+
 		if(empty($errors) && empty($name))
 			$errors[] = 'Please enter a new name for your character!';
-		else if(strlen($name) > 25)
-			$errors[] = 'Name is too long. Max. lenght <b>25</b> letters.';
-		else if(strlen($name) < 3)
-			$errors[] = 'Name is too short. Min. lenght <b>3</b> letters.';
-		else {
-			$exist = new OTS_Player();
-			$exist->find($name);
-			if($exist->isLoaded()) {
-				$errors[] = 'Character with this name already exist.';
-			}
-		}
+		else if(strlen($name) > $maxLength)
+			$errors['name'] = 'Name is too long. Max. length <b>'.$maxLength.'</b> letters.';
+		else if(strlen($name) < $minLength)
+			$errors['name'] = 'Name is too short. Min. length <b>'.$minLength.'</b> letters.';
 
 		if(empty($errors))
 		{

system/pages/account/delete_character.php

@@ -22,23 +22,37 @@ if(isset($_POST['deletecharactersave']) && $_POST['deletecharactersave'] == 1) {
 				$player_account = $player->getAccount();
 				if($account_logged->getId() == $player_account->getId()) {
 					if($password_verify == $account_logged->getPassword()) {
-						if(!$player->isOnline())
-						{
-							//dont show table "delete character" again
-							$show_form = false;
-							//delete player
-							if($db->hasColumn('players', 'deletion'))
-								$player->setCustomField('deletion', 1);
-							else
-								$player->setCustomField('deleted', 1);
-							$account_logged->logAction('Deleted character <b>' . $player->getName() . '</b>.');
-							$twig->display('success.html.twig', array(
-								'title' => 'Character Deleted',
-								'description' => 'The character <b>' . $player_name . '</b> has been deleted.'
-							));
+						if(!$player->isOnline()) {
+							if(!$player->isDeleted()) {
+								if(fieldExist('id', 'houses')) {
+									$house = $db->query('SELECT `id` FROM `houses` WHERE `owner` = '.$player->getId());
+									if($house->rowCount() > 0) {
+										$errors[] = 'You cannot delete a character when they own a home.';
+									}
+								}
+
+								if(empty($errors)) {
+									//dont show table "delete character" again
+									$show_form = false;
+									//delete player
+									if ($db->hasColumn('players', 'deletion'))
+										$player->setCustomField('deletion', 1);
+									else
+										$player->setCustomField('deleted', 1);
+									$account_logged->logAction('Deleted character <b>' . $player->getName() . '</b>.');
+									$twig->display('success.html.twig', array(
+										'title' => 'Character Deleted',
+										'description' => 'The character <b>' . $player_name . '</b> has been deleted.'
+									));
+								}
+							}
+							else {
+								$errors[] = 'This player has been already deleted.';
+							}
 						}
-						else
+						else {
 							$errors[] = 'This character is online.';
+						}
 					}
 					else {
 						$errors[] = 'Wrong password to account.';
@@ -66,4 +80,4 @@ if($show_form) {
 	}
 	$twig->display('account.delete_character.html.twig');
 }
-?>
+?>

system/pages/accountmanagement.php

@@ -60,7 +60,8 @@ $errors = array();
 
 	if($action == '')
 	{
-		$freePremium = isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium']);
+		$freePremium = isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium']) || $account_logged->getPremDays() == OTS_Account::GRATIS_PREMIUM_DAYS;
+		$dayOrDays = $account_logged->getPremDays() == 1 ? 'day' : 'days';
 		/**
 		 * @var OTS_Account $account_logged
 		 */
@@ -68,7 +69,7 @@ $errors = array();
 		if(!$account_logged->isPremium())
 			$account_status = '<b><span style="color: red">Free Account</span></b>';
 		else
-			$account_status = '<b><span style="color: green">Premium Account, ' . ($freePremium ? 'Unlimited' : $account_logged->getPremDays() . ' days left') . '</span></b>';
+			$account_status = '<b><span style="color: green">' . ($freePremium ? 'Gratis Premium Account' : 'Premium Account, ' . $account_logged->getPremDays() . ' '.$dayOrDays.' left') . '</span></b>';
 
 		if(empty($recovery_key))
 			$account_registered = '<b><span style="color: red">No</span></b>';

system/pages/characters.php

@@ -197,6 +197,7 @@ if($player->isLoaded() && !$player->isDeleted())
 		foreach($quests as &$storage) {
 			$storage = isset($player_storage[$storage]) && $player_storage[$storage] > 0;
 		}
+		unset($storage);
 	}
 
 	if($config['characters']['equipment'])
@@ -326,7 +327,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 
 	$frags = array();
 	$frag_add_content = '';
-	if($config['characters']['frags'])
+	if($config['characters']['frags'] && $db->hasTable('killers'))
 	{
 		//frags list by Xampy
 		$i = 0;
@@ -371,7 +372,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 			$_player = new OTS_Player();
 			$fields = array('id', 'name', 'vocation', 'level', 'online', 'deleted', 'hidden');
 			$_player->load($p['id'], $fields, false);
-			if($_player->isLoaded()) {
+			if($_player->isLoaded() && !$_player->isHidden()) {
 				$account_players[] = $_player;
 			}
 		}
@@ -432,7 +433,7 @@ else
 	if($db->hasColumn('players', 'deletion'))
 		$deleted = 'deletion';
 
-	$query = $db->query('SELECT `name`, `level`, `vocation`' . $promotion . ' FROM `players` WHERE `name` LIKE  ' . $db->quote('%' . $name . '%') . ' AND ' . $deleted . ' != 1;');
+	$query = $db->query('SELECT `name`, `level`, `vocation`' . $promotion . ' FROM `players` WHERE `name` LIKE  ' . $db->quote('%' . $name . '%') . ' AND ' . $deleted . ' != 1 LIMIT ' . (int)config('characters_search_limit') . ';');
 	if($query->rowCount() > 0)
 	{
 		echo 'Did you mean:<ul>';
@@ -450,4 +451,4 @@ else
 }
 
 if(!empty($search_errors))
-	$twig->display('error_box.html.twig', array('errors' => $search_errors));
+	$twig->display('error_box.html.twig', array('errors' => $search_errors));

system/pages/creatures.php

@@ -62,7 +62,8 @@ if (empty($_REQUEST['creature'])) {
 	echo '</tbody></table>';
 
 } else {
-	$monster_name = stripslashes(trim(ucwords($_REQUEST['creature'])));
+	$monster_name = urldecode(stripslashes(trim(ucwords($_REQUEST['creature']))));
+
 	$monster = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'monsters` WHERE `hidden` != 1 AND `name` = ' . $db->quote($monster_name) . ';')->fetch();
 	if (isset($monster['name'])) {
 		$title = $monster['name'] . " - Creatures";
@@ -146,7 +147,7 @@ if (empty($_REQUEST['creature'])) {
 				$name = getItemNameById($item['id']);
 				$tooltip = $name . '<br/>Chance: ' . round($item['chance'] / 1000, 2) . '%<br/>Max count: ' . $item['count'];
 
-				echo getItemImage($item['id']);
+				echo '<img src="' . $config['item_images_url'] . $item['id'] . '.gif" class="item_image" title="' . $tooltip . '" width="32" height="32" border="0" alt=" ' . $name . '" />';
 				$i++;
 			}
 
@@ -170,4 +171,4 @@ if (empty($_REQUEST['creature'])) {
 
 </script>
 
-<script src="<?php echo BASE_URL; ?>tools/js/jquery.dataTables.min.js"></script>
+<script src="<?php echo BASE_URL; ?>tools/js/jquery.dataTables.min.js"></script>

system/pages/forum/show_board.php

@@ -43,7 +43,15 @@ echo '<br /><br />Page: '.$links_to_pages.'<br />';
 $last_threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`last_post`, `" . FORUM_TABLE_PREFIX . "forum`.`replies`, `" . FORUM_TABLE_PREFIX . "forum`.`views`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`section` = ".(int) $section_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = `" . FORUM_TABLE_PREFIX . "forum`.`id` ORDER BY `" . FORUM_TABLE_PREFIX . "forum`.`last_post` DESC LIMIT ".$config['forum_threads_per_page']." OFFSET ".($_page * $config['forum_threads_per_page']))->fetchAll();
 if(isset($last_threads[0]))
 {
-	echo '<table width="100%"><tr bgcolor="'.$config['vdarkborder'].'" align="center"><td><span style="color: white; font-size: 10px"><b>Thread</b></span></td><td><span style="color: white; font-size: 10px"><b>Thread Starter</b></span></td><td><span style="color: white; font-size: 10px"><b>Replies</b></span></td><td><span style="color: white; font-size: 10px"><b>Views</b></span></td><td><span style="color: white; font-size: 10px"><b>Last Post</b></span></td></tr>';
+	echo '<table width="100%">
+<tr bgcolor="'.$config['vdarkborder'].'" align="center">
+<td class="white">
+<span style="font-size: 10px"><b>Thread</b></span></td>
+<td><span style="font-size: 10px"><b>Thread Starter</b></span></td>
+<td><span style="font-size: 10px"><b>Replies</b></span></td>
+<td><span style="font-size: 10px"><b>Views</b></span></td>
+<td><span style="font-size: 10px"><b>Last Post</b></span></td>
+</tr>';
 
 	$player = new OTS_Player();
 	foreach($last_threads as $thread)
@@ -83,4 +91,4 @@ if(isset($last_threads[0]))
 else
 	echo '<h3>No threads in this board.</h3>';
 
-?>
+?>

system/pages/guilds/change_description.php

@@ -51,8 +51,7 @@ if(empty($errors)) {
 			}
 
 			$twig->display('guilds.change_description.html.twig', array(
-				'guild' => $guild,
-				'rows' => bcsub($config['guild_description_lines_limit'],1)
+				'guild' => $guild
 			));
 		}
 		else {
@@ -72,4 +71,4 @@ if(!empty($errors)) {
 	));
 }
 
-?>
+?>

system/pages/guilds/delete_rank.php

@@ -77,8 +77,12 @@ if(empty($guild_errors)) {
 								$new_rank->setName('New Rank level '.$rank->getLevel());
 								$new_rank->save();
 							}
+
 							foreach($players_with_rank as $player_in_guild) {
-								$player_in_guild->setRank($new_rank);
+								$player = new OTS_Player();
+								$player->load($player_in_guild['id']);
+								if ($player->isLoaded())
+									$player->setRank($new_rank);
 							}
 						}
 						$rank->delete();
@@ -120,4 +124,4 @@ if(!empty($guild_errors)) {
 	));
 }
 
-?>
+?>

system/pages/highscores.php

@@ -45,7 +45,7 @@ $skill = POT::SKILL__LEVEL;
 if(is_numeric($list))
 {
 	$list = (int) $list;
-	if($list >= POT::SKILL_FIRST && $list <= SKILL__LAST)
+	if($list >= POT::SKILL_FIRST && $list <= POT::SKILL__LAST)
 		$skill = $list;
 }
 else

system/pages/houses.php

@@ -143,8 +143,20 @@ if(isset($_POST['town']) && isset($_POST['state']) && isset($_POST['order']) &&
     if($type == 'guildhalls' && !$db->hasColumn('houses', 'guild'))
         $type = 'all';
 
-    if(!empty($type) && $type != 'all')
-        $whereby .= ' AND `guild` ' . ($type == 'guildhalls' ? '!' : '') . '= 0';
+	if (!empty($type) && $type != 'all')
+	{
+		$guildColumn = '';
+		if ($db->hasColumn('houses', 'guild')) {
+			$guildColumn = 'guild';
+		}
+		else if ($db->hasColumn('houses', 'guildid')) {
+			$guildColumn = 'guildid';
+		}
+
+		if($guildColumn !== '') {
+			$whereby .= ' AND `' . $guildColumn . '` ' . ($type == 'guildhalls' ? '!' : '') . '= 0';
+		}
+	}
 
     $houses_info = $db->query('SELECT * FROM `houses` WHERE ' . $whereby. ' ORDER BY ' . $orderby);
 
@@ -179,7 +191,7 @@ if(isset($_POST['town']) && isset($_POST['state']) && isset($_POST['order']) &&
     $housesSearch = true;
 }
 
-$guild = $db->hasTable('houses', 'guild') ? ' or guildhall' : '';
+$guild = $db->hasColumn('houses', 'guild') ? ' or guildhall' : '';
 $twig->display('houses.html.twig', array(
     'state' => $state,
     'order' => $order,

system/template.php

@@ -25,7 +25,13 @@ if($config['template_allow_change'])
 			}
 
 			setSession('template', $template_name);
-			header('Location:' . getSession('last_uri'));
+
+			$newLocation = $lastUri = getSession('last_uri');
+			if($lastUri === $_SERVER['REQUEST_URI']) { // avoid ERR_TOO_MANY_REDIRECTS error in browsers
+				$newLocation = SERVER_URL;
+			}
+
+			header('Location:' . $newLocation);
 		}
 	}
 	else {

system/templates/account.create.html.twig

@@ -54,6 +54,10 @@
 													<td></td><td><span id="email_error" class="FormFieldError">{% if errors.email is defined %}{{ errors.email }}{% endif %}</span></td>
 												</tr>
 
+												{% if config.mail_enabled and config.account_mail_verify %}
+													<tr><td></td><td><span><strong>Please use real address!<br/>We will send a link to validate your Email.</strong></span></td></tr>
+												{% endif %}
+
 												{{ hook('HOOK_ACCOUNT_CREATE_AFTER_EMAIL') }}
 
                                                 {% if config.account_country %}
@@ -82,7 +86,7 @@
 														<span{% if errors.password is defined %} class="red"{% endif %}>Password:</span>
 													</td>
 													<td>
-														<input type="password" name="password" id="password" value="" size="30" maxlength="50" />
+														<input type="password" name="password" id="password" value="" size="30" maxlength="29" />
 														<img id="password_indicator" src="images/global/general/{% if not save or errors.password is defined %}n{% endif %}ok.gif" style="display: none;" />
 													</td>
 												</tr>
@@ -92,7 +96,7 @@
 														<span{% if errors.password is defined %} class="red"{% endif %}>Repeat password:</span>
 													</td>
 													<td>
-														<input type="password" name="password2" id="password2" value="" size="30" maxlength="50" />
+														<input type="password" name="password2" id="password2" value="" size="30" maxlength="29" />
 														<img id="password2_indicator" src="images/global/general/{% if not save or errors.password is defined %}n{% endif %}ok.gif" style="display: none;" />
 													</td>
 												</tr>

system/templates/admin.news.form.html.twig

@@ -25,7 +25,7 @@
 							<div class="col-sm-10" id="body-parent">
                                 <textarea class="form-control" id="body" name="body" maxlength="65000" cols="50" rows="5">{{ body|raw }}</textarea>
 							</div>
-						</div>						
+						</div>
 
 						<div class="form-group">
 							<label for="select-type" class="col-sm-2 control-label">Type</label>
@@ -37,7 +37,7 @@
 									<option value="{{ constant('ARTICLE') }}" {% if type is defined and type == constant('ARTICLE') %}selected="yes"{% endif %}{% if action == 'edit' and type != constant('ARTICLE') %} disabled{% endif %}>Article</option>
 								</select>
 							</div>
-						</div>						
+						</div>
 
 						<div id="article-text" class="form-group"{% if type is not defined or type != constant('ARTICLE') %} style="display: none;"{% endif %}>
 							<label for="article_text" class="col-sm-2 control-label">Article short text</label>
@@ -65,8 +65,8 @@
 										<option value="{{ player.getId() }}">{{ player.getName() }}</option>
 									</select>
 								</div>
-							</div>		
-							{% endif %}			
+							</div>
+							{% endif %}
 						{% endif %}
 
 						<div class="form-group">
@@ -79,7 +79,7 @@
 									{% endfor %}
 								</select>
 							</div>
-						</div>								
+						</div>
 
 						{% if action != 'edit' %}
 						<div class="form-group">
@@ -95,19 +95,19 @@
 							</div>
 						</div>
 						{% elseif comments is not null %}
-							<input type="hidden" name="forum_section" id="forum_section" value="{{ comments }}" />					
+							<input type="hidden" name="forum_section" id="forum_section" value="{{ comments }}" />
 						{% endif %}
 
 						<div class="form-group">
 							<label for="category" class="col-sm-2 control-label">Category</label>
-							
+
 							<div class="col-sm-10">
 								{% for id, cat in categories %}
-									<input type="radio" name="category" id="category" value="{{ id }}" {% if (category == 0 and id == 1) or (category == id) %}checked="yes"{% endif %}/> 
+									<input type="radio" name="category" id="category" value="{{ id }}" {% if (category == 0 and id == 1) or (category == id) %}checked="yes"{% endif %}/>
 									<img src="{{ constant('BASE_URL') }}/images/news/icon_{{ cat.icon_id }}_small.gif" />
 								{% endfor %}
-							</div>	
-						</div>										
+							</div>
+						</div>
 					</div>
 
 					<div class="box-footer">
@@ -158,7 +158,7 @@
 			toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | emoticons link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
 			image_advtab: true,
 			setup: function(ed){
-				ed.on('NodeChange', function(e) {
+				ed.on('Change', function(e) {
 					if(ed.getContent() != lastContent) {
 						unsaved = true;
 					}
@@ -170,20 +170,20 @@
 			$(":input").change(function(){ //trigers change in all input fields including text type
 				unsaved = true;
 			});
-					
+
 			$("#news-edit-form").submit(function( event ) {
 				unsaved = false;
 			});
 
 			lastContent = $("#body").val();
 		});
-		
-		function unloadPage(){ 
+
+		function unloadPage(){
 			if(unsaved){
 				return "You have unsaved changes on this page. Do you want to leave this page and discard your changes or stay on this page?";
 			}
 		}
 
-		window.onbeforeunload = unloadPage; 
-	</script>	
+		window.onbeforeunload = unloadPage;
+	</script>
 {% endif %}

system/templates/admin.plugins.form.html.twig

@@ -14,7 +14,7 @@
 					<div class="box-body">
 						<div class="form-group">
 							<label for="exampleInputFile">File input</label>
-							<input type="file" name="plugin">
+							<input type="file" name="plugin" accept=".zip">
 						</div>
 					</div>
 					<div class="box-footer">

system/templates/admin.plugins.html.twig

@@ -11,7 +11,7 @@
 							<thead>
 							<tr>
 								<th>Name</th>
-								<th>Description</th>
+								<th>Version</th>
 								<th>Author</th>
 								<th>Filename</th>
 								<th style="width: 55px;">Options</th>

system/templates/error_box.html.twig

@@ -9,7 +9,7 @@
 			<div class="AttentionSign" style="background-image:url({{ template_path }}/images/content/attentionsign.gif);"></div>
 			<b>The Following Errors Have Occurred:</b><br/>
 			{% for error in errors %}
-			<li>{{ error|raw }}</li>
+			<li>{{ error|striptags('<b>')|raw }}</li>
 			{% endfor %}
 		</div>
 		<div class="BoxFrameHorizontal" style="background-image:url({{ template_path }}/images/content/box-frame-horizontal.gif);"></div>

system/templates/forum.boards.html.twig

@@ -1,21 +1,21 @@
 <b>Boards</b>
 <table width="100%">
-	<tr bgcolor="{{ config.vdarkborder }}">
+	<tr bgcolor="{{ config.vdarkborder }}" class="white">
 		<td>
-			<span style="color: white; font-size: 10px"><b>Board</b></span>
+			<span style="font-size: 10px"><b>Board</b></span>
 		</td>
 		<td>
-			<span style="color: white; font-size: 10px"><b>Posts</b></span>
+			<span style="font-size: 10px"><b>Posts</b></span>
 		</td>
 		<td>
-			<span style="color: white; font-size: 10px"><b>Threads</b></span>
+			<span style="font-size: 10px"><b>Threads</b></span>
 		</td>
 		<td align="center">
-			<span style="color: white; font-size: 10px"><b>Last Post</b></span>
+			<span style="font-size: 10px"><b>Last Post</b></span>
 		</td>
 		{% if canEdit %}
 			<td>
-				<span style="color: white; font-size: 10px"><b>Options</b></span>
+				<span style="font-size: 10px"><b>Options</b></span>
 			</td>
 		{% endif %}
 	</tr>

system/templates/forum.show_thread.html.twig

@@ -12,8 +12,8 @@ Page: {{ links_to_pages|raw }}<br/>
 		</td>
 	</tr>
 	<tr bgcolor="{{ config.vdarkborder }}">
-		<td width="200">
-			<span style="color: white; font-size: 10px"><b>Author</b></span>
+		<td width="200" class="white">
+			<span style="font-size: 10px"><b>Author</b></span>
 		</td>
 		<td>&nbsp;</td>
 	</tr>

system/templates/guilds.change_description.html.twig

@@ -2,11 +2,11 @@
 Here you can change description of your guild.<br/>
 <form enctype="multipart/form-data" action="?subtopic=guilds&guild={{ guild.getName() }}&action=change_description" method="post">
 	<input type="hidden" name="todo" value="save"/>
-	<textarea name="description" cols="60" rows="{{ rows }}">{{ guild.getCustomField('description')|raw }}</textarea><br>
+	<textarea name="description" cols="60" rows="{{ config.guild_description_lines_limit - 1 }}">{{ guild.getCustomField('description')|raw }}</textarea><br>
 	(max. {{ config.guild_description_lines_limit }} lines, max. {{ config.guild_description_chars_limit }} chars) <input type="submit" value="Save description"/></form><br/>
 <br/>
 <div style="text-align:center">
 	<form action="?subtopic=guilds&guild={{ guild.getName() }}&action=manager" method="post">
 		{{ include('buttons.back.html.twig') }}
 	</form>
-</div>
+</div>

system/templates/guilds.change_logo.html.twig

@@ -8,15 +8,11 @@ Here you can change logo of your guild.<br/>Actuall logo: <img src="images/guild
 </form>
 Only <b>jpg, gif, png, bmp</b> pictures. Max. size: <b>{{ config.guild_image_size_kb }} KB</b><br>
 <br/>
-{% spaceless %}
 <div style="text-align:center">
 	<form action="?subtopic=guilds&guild={{ guild.getName() }}&action=manager" method="post">
-		<div class="BigButton" style="background-image:url({{ template_path }}/images/global/buttons/sbutton.gif)">
-			{{ include('buttons.back.html.twig') }}
-		</div>
+		{{ include('buttons.back.html.twig') }}
 	</form>
 </div>
-{% endspaceless %}
 <script type="text/javascript">
 	$(function() {
 		$('#upload_form').submit(function (event) {
@@ -34,4 +30,4 @@ Only <b>jpg, gif, png, bmp</b> pictures. Max. size: <b>{{ config.guild_image_siz
 			return true;
 		});
 	});
-</script>
+</script>

system/templates/guilds.change_motd.html.twig

@@ -5,12 +5,8 @@ Here you can change MOTD (Message of the Day, showed in game!) of your guild.<br
 	<textarea name="motd" cols="60" rows="3">{{ guild.getCustomField('motd')|raw }}</textarea><br/>
 	(max. {{ config.guild_motd_chars_limit }} chars) <input type="submit" value="Save MOTD" /></form><br/>
 <br/>
-{% spaceless %}
 <div style="text-align:center">
 	<form action="?subtopic=guilds&guild={{ guild.getName() }}&action=manager" method="post">
-		<div class="BigButton" style="background-image:url({{ template_path }}/images/global/buttons/sbutton.gif)">
-			{{ include('buttons.back.html.twig') }}
-		</div>
+		{{ include('buttons.back.html.twig') }}
 	</form>
 </div>
-{% endspaceless %}

system/templates/guilds.list.html.twig

@@ -51,7 +51,7 @@
 
                                                                     {% if guild.description is not empty %}
                                                                     <br>
-                                                                    <span>{{ guild.description }}</span>
+                                                                    <span>{{ guild.description|raw }}</span>
                                                                     {% endif %}
                                                                 </td>
 

system/templates/mail.password_changed.html.twig

@@ -1,3 +1,3 @@
 <h3>Password to account changed!</h3>
 <p>You or someone else changed password to your account on server <a href="{{ constant('BASE_URL') }}"><b>{{ config.lua.serverName }}</b></a>.</p>
-<p>New password: <b>{{ new_password }}</b></p>'
+<p>New password: <b>{{ new_password }}</b></p>

templates/tibiacom/account.login.html.twig

@@ -34,7 +34,7 @@
 														<table style="float: left; width: 370px;" cellpadding="0" cellspacing="0" >
 															<tr>
 																<td class="LabelV" ><span{% if error is not null %} class="red"{% endif %}>Account {{ account }}:</span></td>
-																<td><input type="password" name="account_login" size="35" maxlength="30" autofocus /></td>
+																<td><input type="text" name="account_login" size="35" maxlength="30" autofocus /></td>
 															</tr>
 															<tr>
 																<td class="LabelV" ><span{% if error is not null %} class="red"{% endif %}>Password:</span></td>

templates/tibiacom/boxes/poll.php

@@ -6,7 +6,7 @@ if(PAGE !== 'news') {
 
 $poll = $db->query('SELECT `id`, `question` FROM `z_polls` WHERE end > ' . time() . ' ORDER BY `end` LIMIT 1');
 if($poll->rowCount() > 0) {
-	$poll = $poll->fetch();
+	$poll = $poll->fetch(PDO::FETCH_ASSOC);
 	$twig->display('poll.html.twig', array(
 		'poll' => $poll
 	));

templates/tibiacom/boxes/templates/networks.html.twig

@@ -23,7 +23,7 @@
 	{% endif %}
 	{% if config['network_twitter'] is not empty %}
 	<div id="TwitterBlock">
-		<a href="https://twitter.com/<?php echo $config['network_twitter']; ?>" class="twitter-follow-button" data-show-count="false">Follow @<?php echo $config['network_twitter']; ?></a>
+		<a href="https://twitter.com/{{ config['network_twitter'] }}" class="twitter-follow-button" data-show-count="false">Follow @{{ config['network_twitter'] }}</a>
 		<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script>
 	</div>
 	{% endif %}

templates/tibiacom/boxes/templates/poll.html.twig

@@ -1,7 +1,6 @@
-<div id="CurrentPollBox" class="Themebox"
-     style="background-image:url({{ template_path }}/images/themeboxes/current-poll/currentpollbox.gif);">
-	<div id="CurrentPollText">{{ poll['question'] }}</div>
-	<a class="ThemeboxButton" href="{{ getLink('polls') . '/' . poll['id'] }}" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" style="background-image:url({{ template_path }}/images/global/buttons/sbutton.gif);"><div class="BigButtonOver" style="background-image:url({{ template_path }}/images/global/buttons/sbutton_over.gif);"></div><div class="ButtonText" style="background-image:url({{ template_path }}/images/global/buttons/_sbutton_votenow.gif);"></div>
+<div id="CurrentPollBox" class="Themebox" style="background-image:url({{ template_path }}/images/themeboxes/current-poll/currentpollbox.gif);">
+	<div id="CurrentPollText">{{ poll.question }}</div>
+	<a class="ThemeboxButton" href="{{ getLink('polls') }}/{{ poll.id }}" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" style="background-image:url({{ template_path }}/images/global/buttons/sbutton.gif);"><div class="BigButtonOver" style="background-image:url({{ template_path }}/images/global/buttons/sbutton_over.gif);"></div><div class="ButtonText" style="background-image:url({{ template_path }}/images/global/buttons/_sbutton_votenow.gif);"></div>
 	</a>
 	<div class="Bottom" style="background-image:url({{ template_path }}/images/general/box-bottom.gif);"></div>
 </div>

templates/tibiacom/headline.php

@@ -27,7 +27,8 @@ if(!@file_exists($page_file))
 	imagecolortransparent($image, imagecolorallocate($image, 0, 0, 0));
 
 	// set text
-	imagettftext($image, 18, 0, 4, 20, imagecolorallocate($image, 240, 209, 164), 'martel.ttf', utf8_decode($_GET['t']));
+	$font = getenv('GDFONTPATH') . DIRECTORY_SEPARATOR . 'martel.ttf';
+	imagettftext($image, 18, 0, 4, 20, imagecolorallocate($image, 240, 209, 164), $font, utf8_decode($_GET['t']));
 
 	// header mime type
 	header('Content-type: image/gif');

templates/tibiacom/index.php

@@ -13,9 +13,10 @@ if(isset($config['boxes']))
 	<script type="text/javascript" src="tools/basic.js"></script>
 	<script type="text/javascript" src="<?php echo $template_path; ?>/ticker.js"></script>
 	<script id="twitter-wjs" src="<?php echo $template_path; ?>/js/twitter.js"></script>
-	<script id="facebook-jssdk" async src="<?php echo $template_path; ?>/js/facebook.js"></script>
+	<script id="facebook-jssdk" async src="https://connect.facebook.net/en_US/all.js"></script>
 	<link href="<?php echo $template_path; ?>/css/facebook.css" rel="stylesheet" type="text/css">
 	<script type="text/javascript">
+		var menus = '';
 		var loginStatus="<?php echo ($logged ? 'true' : 'false'); ?>";
 		<?php
 			if(PAGE !== 'news') {
@@ -105,8 +106,8 @@ if(isset($config['boxes']))
 		  }
 		}
 
-		var menu = new Array();
-		menu[0] = new Object();
+		var menu = [];
+		menu[0] = {};
 		var unloadhelper = false;
 
 		// load the menu and set the active submenu item by using the variable 'activeSubmenuItem'
@@ -114,8 +115,9 @@ if(isset($config['boxes']))
 		{
 		  document.getElementById("submenu_"+activeSubmenuItem).style.color = "white";
 		  document.getElementById("ActiveSubmenuItemIcon_"+activeSubmenuItem).style.visibility = "visible";
-		  if(self.name.lastIndexOf("&") == -1) {
-			self.name = "news=1&account=0&community=0&library=0&forum=0<?php if($config['gifts_system']) echo '&shops=0'; ?>&";
+		  menus = localStorage.getItem('menus');
+		  if(menus.lastIndexOf("&") === -1) {
+			  menus = "news=1&account=0&community=0&library=0&forum=0<?php if($config['gifts_system']) echo '&shops=0'; ?>&";
 		  }
 		  FillMenuArray();
 		  InitializeMenu();
@@ -132,13 +134,13 @@ if(isset($config['boxes']))
 		// store the values of the variable 'self.name' in the array menu
 		function FillMenuArray()
 		{
-		  while(self.name.length > 0 ){
-			var mark1 = self.name.indexOf("=");
-			var mark2 = self.name.indexOf("&");
-			var menuItemName = self.name.substr(0, mark1);
-			menu[0][menuItemName] = self.name.substring(mark1 + 1, mark2);
-			self.name = self.name.substr(mark2 + 1, self.name.length);
-		  }
+			while(menus.length > 0 ){
+				var mark1 = menus.indexOf("=");
+				var mark2 = menus.indexOf("&");
+				var menuItemName = menus.substr(0, mark1);
+				menu[0][menuItemName] = menus.substring(mark1 + 1, mark2);
+				menus = menus.substr(mark2 + 1, menus.length);
+			}
 		}
 
 		// hide or show the corresponding submenus
@@ -160,16 +162,17 @@ if(isset($config['boxes']))
 		  }
 		}
 
-		// reconstruct the variable "self.name" out of the array menu
 		function SaveMenuArray()
 		{
-		  var stringSlices = "";
-		  var temp = "";
-		  for(menuItemName in menu[0]) {
-			stringSlices = menuItemName + "=" + menu[0][menuItemName] + "&";
-			temp = temp + stringSlices;
-		  }
-		  self.name = temp;
+			var stringSlices = "";
+			var temp = "";
+
+			for(menuItemName in menu[0]) {
+				stringSlices = menuItemName + "=" + menu[0][menuItemName] + "&";
+				temp = temp + stringSlices;
+			}
+
+			localStorage.setItem('menus', temp);
 		}
 
 		// onClick open or close submenus