add mostdamage killer

Update .gitignore
Ignore arrays in config.lua (fixes experienceStages loading)
2025-09-14 12:33:35 +02:00 · 2022-11-05 07:15:32 +01:00 · 2021-12-28 07:22:58 +01:00 · 2021-12-16 20:24:34 +01:00 · 2021-10-23 13:44:30 +02:00 · 2021-10-23 13:43:32 +02:00
586 changed files with 11220 additions and 7322 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,4 @@
 * text=auto
 .gitattributes export-ignore
 .gitignore export-ignore
 _config.yml export-ignore
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,37 @@
 Thumbs.db
 .DS_Store
 .idea
 node_modules
 vendor
 composer.lock
 releases
 config.local.php
 PERSONAL_NOTES
 # all custom templates
 templates/*
 !templates/tibiacom
 !templates/kathrine
 # guild images
 images/guilds/*
 !images/guilds/default.gif
 # cache
 system/cache/*
 !system/cache/index.html
 !system/cache/twig/index.html
 !system/cache/signatures/index.html
 # logs
 system/logs/*
 !system/logs/index.html
 # plugins
 plugins/*
 !plugins/.htaccess
 !plugins/example.json
 !plugins/account-create-hint.json
 !plugins/account-create-hint
 landing
--- a/249
+++ b/249
@@ -1,249 +0,0 @@
 [0.6.0 - 16.10.2017]
 	- added faq management - add/edit/move/hide/delete from website
 	- new account.login view for tibiacom template
 	- monsters and spells are now being loaded at the installation of the AAC
 	- fix for php versions under 5.5 where empty() function supported only variables
 	- added missing change email and change info buttons to account.management default template
 	- added new indicator icons for create account, create character and change character name
 	- fixed config loader when some inline comments are present
 	- fixed editing page in admin panel that contains some html code
 	- fixed forum new post on mac os and some specific mysql versions
 	- attempt to fix incorrect views counter behavior (its resetting to 0 in some cases)
 	- enabled cache http headers for signatures
 	- check if monster file exist before loading it
 	- fixed if plugin zip file name contains dot (.)
 	- renamed screenshots to gallery and movies to videos
 	- moved install pages to twig
 	- fixed Account::getGuildAccess function
 	- removed never used library from sources - dwoo
 	- moved check_* functions to class Validator
 	- from now all validators ajax requests will fire onblur instead of onkeyup
 	- ajax requests returns now json instead of xml
 	- added 404 response when file is not found
 [0.5.1 - 11.10.2017]
 	- fixed forum add/edit board
 	- new configurable: highscores_length, how much highscores to display
 	- fixed highscores links (ALL, previous and next page)
 	- update templates cache when installing/uninstalling plugin
 	- moved character deaths and frags table generation to twig
 	- fixed some bug when you uninstall plugin and then try to install again on the same page
 	- check if plugin exist before uninstalling
 	- fixed some warning in OTS_Base_DB
 [0.5.0 - 10.10.2017]
 	- moved .htaccess rules to plain php (index.php)
 	- updated tinymce to the latest (4.7.0) version, you can now embed code, for example youtube videos
 	- added option to uninstall plugin
 	- added option to require specified myaac, php or database version for plugins, without that plugin won't be installed
 	- change accountmanagement links to use friendly_urls
 	- fixed creating new forum thread
 	- sample characters are now assigned to admin account and have group_id 4 to not be shown on highscores
 	- added links loaded from database to admin panel - for future plugins
 	- print some info to error.log when can't find config.lua
 	- some fixes in account changecomment action
 	- show info when account name/number or password is empty on login
 	- fixed showing account login errors
 	- added few characters hooks
 	- fixed some kathrine template js bug when shop is disabled
 	- you can now use slash '/' in custom pages loaded from database
 	- added new twig function getLink that convert link taking into account config.friendly_urls
 	- internalLayoutLink -> getLink
 [0.4.3 - 05.10.2017]
 	- better config loader taken from latest gesior, you can now include files in your config by doing dofile('config.local.lua')
 	- fixed country detection in create account
 	- fixed showing of character deaths and frags
 	- fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466303
 	- fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466313
 	- fixed rook sample, which will now have level 1, 150 health, 0 mana, and 400 cap.
 	- fixed samples being deleted by tfs 1.0+ cause of 'deletion' field set to 1
 	- pages loaded from database have higher priority than normal .php pages, so they will be loaded first if they exist
 	- moved many pages to twig templates
 	- change download client links from clients.halfaway.net to tibia-clients.com
 	- added bugtracker to kathrine template
 	- added CREDITS file
 [0.4.2 - 14.09.2017]
 	- updated version number
 [0.4.1 - 13.09.2017]
 	- fixed log in to admin panel
 	- fixed File is not .zip plugin upload error
 [0.4.0 - 13.09.2017
 	- added option to add/edit/delete/hide/move forum boards
 	- moved some of HTML-in-PHP code to Twig templates
 	- added bug_report configurable which can enable/disable bug tracker
 	- log errors instead of showing them to users with system directories
 	- fix when $_SERVER['HTTP_ACCEPT_ENCODING'] is not set
 	- when it fails to load config.lua it will output error also to error.log
 	- automatically detect json file in .zip instead of basing on filename (admin panel - plugins)
 	- hopefully fixed the error with "The file you are trying to upload is not a .zip file. Please try again."
 	- fixed wrong name of table in bugtracker
 	- fixed some bugs in bugtracker
 	- added report bug link in templates
 	- fixed some rare error when user is logged in for longer than 15 minutes and tries to login again
 	- fixed some grammar errors
 	- some small improvements
 	- fixed some separators in kathrine template
 [0.3.0 - 28.08.2017]
 	- added administration panel for screenshots management with auto thumbnail generator and image auto-resizing
 	- added Twig template engine and moved some html-in-php code to it
 	- automatically detect player country based on user location (IP) on create account
 	- player sex (gender) is now configurable at $config['genders']
 	- fixed recovering account and changing password when salt is enabled
 	- fixed installing samples when for example Rook Sample already exist and other samples not
 	- fixed some mysql error when character you trying to create already exist
 	- fixed some warning when you select nonexistent country
 	- password change minimal/maximal length notice is now more precise
 	- added 'enabled' field in myaac_hooks table, which can enable or disable specified hook
 	- removed DEFAULT '' for TEXT field. It didn't worked under some systems like MAC OS X.
 	- minimum PHP version to install the MyAAC is now 5.2.0 cause of pathinfo (extension) function
 	- removed unused admin stylish template
 	- removed some unused cities field from myaac_spells table
 	- moved news adding at installation from schema.sql to finish.php
 	- some optimizations
 [0.2.4 - 09.06.2017]
 	- fixed invite to guild
 	- added id field on monsters, so you can delete them in phpmyadmin
 	- fixed adding some creatures with ' and "
 	- fixed when there are spaces at beginning of the file (creatures)
 	- fixed when file is unable to parse (creatures)
 	- fixed typo loss_items => loss_containers
 	- more elegant way of showing message on reload creatures and spells
 [0.2.3 - 31.05.2017]
 	- fixed guild management on OTHire 0.0.3
 	- set default skills to 10 when creating new character
 	- fixed displaying of "Create forum thread" in newses
 	- fixed deleting guild on servers that use players.rank_id field
 	- fixed phpmailer class loading (https://otland.net/threads/myaac-v0-0-1.251454/page-8#post-2445222)
 	- fixed displaying vocation amount on online page
 	- better support for custom vocations, you just need to set in config vocations_amount to yours.
 	- fixed huge space in player name (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444328)
 	- fixed Undefined variable (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444034)
 	- fixed Undefined offset (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444035)
 [0.2.2 - 22.05.2017]
 	- added missing cache/signature directory
 	- fixed https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2443868
 [0.2.1 - 21.05.2017]
 	- added Swedish translation by Sizaro
 	- fixed some bugs with installlation & characters & houses
 [0.2.0 - 21.05.2017]
 	- added option to change character sex for premium points
 	- moved site_closed to database, now you can close your site through admin panel
 	- added option to admin panel: clear cache
 	- added experiencetable_rows configurable
 	- optimized OTS_Account->getGroupId(), now its using like 20 queries less
 	- optimized OTS_Player->load($id) function, should be much faster now
 	- fixed displaying on highscores special outfits
 	- fixed skull images displaying
 	- fixed displaying unlimited premium account
 	- fixed bug where players.lookaddons doesn't exist (OTHire etc.) (https://otland.net/threads/myaac-v0-0-1.251454/page-6#post-2442407)
 	- fixed signature tibian for OTHire and other servers that doesnt use accounts.premdays field
 	- fixed when player name in signature containst space
 	- don't show "Create forum thread" when editing
 	- fixed red color table after create account
 	- updated download links, as clients.halfaway.net isn't working anymore
 	- fixed some bugs while installing when field `email_next` or `hidden` already exist
 	- fixed movies unexpected comment
 	- added template_place_holder('center_top') to kathrine template
 [0.1.5 - 13.05.2017]
 	- fixed bug with "Integrity constraint violation: 1048 Column 'ip' cannot be null"
 [0.1.4 - 13.05.2017]
 	- added outfit shower, in characters, online, and highscores
 	- updated database to version 2
 	- fixed item images (now using item-images.ots.me host by default)
 	- fixed news ticket and posting long newses (https://otland.net/threads/myaac-v0-0-1.251454/page-5#post-2442026)
 	- news body limit increased to 65535 (mysql text field)
 	- removed some unused code from my old server
 	- added spells & monsters to kathrine template
 [0.1.3 - 11.05.2017]
 	- this is just release to update version number
 [0.1.2 - 11.05.2017]
 	- forgot to update CHANGELOG and MYAAC_VERSION
 [0.1.1 - 11.05.2017]
 	- fixed updating myaac_config with database_version to 1
 	- fixed database updater
 [0.1.0 - 11.05.2017]
 	- added new feature: change character name for premium points (disabled by default, you can enable it in config under account_change_character_name in config.php)
 	- added automatic database updater (data migrations)
 	- renamed events to hooks
 	- moved hooks to database
 	- now you can use hooks in plugins
 	- set account.type field to 5 on install, if TFS 1.0+
 	- added example plugin
 	- new, latest google analytics code
 	- fixed bug with loading account.name that has numbers in it
 	- fixed many bugs in player editor in admin panel
 	- added error handling to plugin manager and some more verification in
 	- file has been correctly unpacked/uploaded
 	- fixed Statistics page in admin panel when using account.number
 	- fixed bug when creating/recovering account on servers with
 	- account.salt field (TFS 0.3 for example)
 	- fixed forum showing thread with html tags (added from news manager)
 	- new, latest code for youtube videos in movies page
 	- fixed showing vocation images when using $config['online_vocations_images']
 	- many fixes in polls (also importing proper schema)
 	- fixed hovering on buttons in kathrine template (on accountmanagement page)
 	- fixed signatures (many fixes)
 	- added missing gesior signature system
 [0.0.6 - 06.05.2017]
 	- fixed bug while installing (https://otland.net/threads/myaac-v0-0-1.251454/page-3#post-2440543)
 	- fixed bug when creating character (not showing errors) (one more time)
 	- fixed support for TFS 0.2 series
 	- added FAQ link
 [0.0.5 - 05.05.2017]
 	- fixed bug when creating character (not showing errors)
 	- Fixed characters loading with names that has been created with other AAC
 	- fixed links to shop in default template
 	- fixed some weird PHP 7.1 warnings/notices
 	- Fixed config loading with some weird comments
 	- fixed bug with status info utf8 encoding (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440259)
 	- fixed when ip in log_action is NULL (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440357)
 	- fixed bug when guild doesn't exist on characters page (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440320)
 	- disabled friendly_urls by default
 	- fixes when $config['database_*'] is set
 	- added CHANGELOG
 [0.0.3 - 03.05.2017]
 	- Full support for OTHire 0.0.3
 	- added support for otservers that doesn't use account.name field, instead just account number will be used
 	- fixed encryption detection on TFS 0.3
 	- fixed bug when server_config table doesn't exist
 	- (install) moved admin account creation to new step
 	- fixed news comment link
 	- by default, the installer creates now the Admin player, for admin account
 	- fixed installation errors
 	- fixed config.lua loading with some weird comments
 [0.0.2 - 02.05.2017]
 	- updated forum links to use friendly_urls
 	- some more info will be shown when cannot connect to database
 	- show more error infos when creating character
 	- fixed forum link on newses
 	- fixed spells loading when there's vocation name instead of id
 	- fixed bug when you have changed template but it doesn't exist anymore
 	- fixed vocations with promotion loading
 	- fixed support for gesior pages and templates
 	- added function OTS_Acount:getGroupId()
 [0.0.1 - 01.05.2017]
 	This is first official release of MyAAC.
 	Features are listed here
 	For more information, see the release announcement on OTLand: https://otland.net/threads/myaac-v0-0-1.251454/
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -0,0 +1,492 @@
 # Changelog
 ## [0.7.13 - not-release-yet]
 ### Fixed
 * Ignore arrays in config.lua (fixes experienceStages loading)
 ## [0.7.12 - 18.02.2020]
 ### Fixed
 * change guild nick function causing crash on TFS 1.x because of invalid characters being accepted
 * PHP Mailer autoload function on newer PHP
 * gesior signature guild rank loading
 * leaking database password when cannot connect
 * config.last_kills_limit being ignored
 * monster.loot being cutted off cause of too short column (changed to TEXT)
 ### Added
 * nginx-sample.conf
 ## [0.7.11 - 04.05.2019]
 ### Added:
 * support for some old servers, where arrays are used in config.lua
 * an additional text to the install page informing that user can reinstall MyAAC by deleting config.local.php
 ### Fixed:
 * XSS in forum show_thread
 * guilds - "Add new rank" function
 * multiple mail recipients when using admin mailer function
 * Admin Panel - MyAAC logs not shown if servers logs directory doesn't exist (#47)
 * missing prefix for cache get() and delete() functions
 * add fatal error message when myaac tables in database do not exist
 * the mystical defect where "Create Account" button was not highlighted (on the account/manage page)
 * bug where server_config table does not exist (OTHire as an example)
 * database_name in Usage_Statistics
 * forgot to open <head> in install template
 ### Changed:
 * do not display software version
 ## [0.7.10 - 03.03.2018]
 ### Added:
 * new configurable: smtp_secure
 * robots.txt
 ### Fixed:
 * editing an existing page that had php enabled
 * chrome bug on save (when editing page) ERR_BLOCKED_BY_XSS_AUDITOR
 * showing IP and Port in admin panel (#44, by miqueiaspenha)
 * deleting plugin showing "You don't have rights to delete"
 * some bug with PHPMailer not finding its language file
 * default accounts.vote value
 * saving some really high long ip addresses
 ### Changed:
 * update config.highscores_ids_hidden on install when there are samples already in database
 * auto add z_polls table on install
 ### Internal:
 * changed mb_strtolower functions to strtolower()
 * added new function: $hooks->exist($type)
 ## [0.7.9 - 13.01.2018]
 	* removed 6mb of trash (some useless things)
 	* (fix) TFS 1.x not showing promoted vocations in highscores
 	* otserv 0.6.x: fixed some warning (on the characters page) and fatal mysql error (on the mango signature)
 	* fixed default stamina on otserv 0.6.x engine (and some others perhaps)
 	* install: change permission check to is_writable
 	* changed highscores_groups_hidden to 3 (for TFS 1.x)
 	* updated background-artwork (tibiacom template) to the latest version, removed other ones
 ## [0.7.8 - 12.01.2018]
 	* fixed installation error " call to undefined method OTS_DB_MySQL::hasColumn()"
 	* updated tinymce to the latest (4.7.4) version
 	* enabled emoticons plugin in tinymce :)
 	* some security fixes
 ## [0.7.7 - 08.01.2018]
 	* important fix for servers with promotion column (caused player.vocation to be resetted when saving player, for example: on change name, accept invite to guild, leave guild)
 	* immediately reload config.lua when there's change in config.server_path detected
 	* added new forum option: "Enable HTML" (only for moderators)
 	* fixed othire default column value (#26)
 	* fixed saving custom vocations in admin panel (#36)
 	* fixed warning in highscores when vocation doesn't exist
 	* fixed characters page - config.characters.frags "Notice: Use of undefined constant"
 	* fixed getBoolean function when boolean is passed
 	* fixed empty success message on leave guild
 	* fixed displaying premium account days
 	* function OTS_Account:getPremDays will now return -1 if there's freePremium configurable enabled on the server
 	* fixed tr bgcolor in characters view (Frags) (#38)
 	* fixed some warning in guild show
 	* fixed PHP warning about country not existing on online and characters pages
 	* fixed forum bbcode parsing
 	* don't add extra <br/> to the TinyMCE news forum posts
 	* (internal) using $player->getVocationName() where possible instead of older method
 ## [0.7.6 - 05.01.2017]
 	* fixed othire account creating/installation
 	* fixed table name players -> players_online
 	* fixed unexpected error logging about email fail
 	* added max_execution_time to the install finish step
 	* some small fix regarding highscores vocation box
 ## [0.7.5 - 04.01.2017]
 	* fixed bug on othire with config.account_premium_days
 	* fixed bug on TFS 1.x when online_afk is enabled
 	* warning about leaving news page with changes
 	* added player status to tibiacom top 5 highscores box
 	* save detected country on create account in session
 	* fixed getPremDays and isPremium functions (newest 11.x engines are bugged when it comes to PACC, its not fault of MyAAC)
 	* fix when there are no changelogs or highscores yet
 	* small fix regarding getTopPlayers function which was ignoring $limit variable
 	* fixed news adding when type != ARTICLE
 	* fixed template path finding
 	* fixed displaying article_text when it was empty saved
 ## [0.7.4 - 24.12.2017]
 	* fixed mysql fatal error on tibiacom template - top 5 box
 	* fixed displaying of level percent bar on tibian signature
 	* inform user about Twig cache failure on installation, instead of http 500 error
 	* when dir system/cache is not writable by the webserver, then show some nice notice to the user about it instead of http 500 error
 	* remember client version select and usage stats checkbox in session on install
 	* automatically update highscores_ids_hidden for users who installed myaac before (migration)
 ## [0.7.3 - 18.12.2017]
 	* auto generate myaac cache & session prefix on install to be unique across installations
 	* fixed hiding shop system menu on tibiacom template when disabled in config
 	* prevent adding duplicated newses with installation
 	* some changes to sample characters: chanced town_id to 1, posx: 1000, posy: 1000, posz: 1000 and default group_id to 1 so you can change in-game outfits and they will be used
 	* added version 772 constant to install client choose (OTHire)
 	* better solution for hidding samples (configurable) - highscores_ids_hidden
 	* fixed account.login redirect not working on tibiacom template
 	* installation: warn about wrong admin account name/id and password
 	* fixed last menu closing in tibiacom template
 	* updated polish locale (translation) on install
 	* (internal) removed some duplicated code on install finish
 	* (internal) renamed installation step files to be in correct order
 	* added TODO file
 ## [0.7.1 - 13.12.2017]
 	* added changelog menu item to kathrine template
 	* fixed some php short tag in changelogs page
 	* fixed guild change description back button
 	* removed duplicated "Support List" menu item from tibiacom template
 	* changed some notice when version check is failed
 	* (internal) moved changelog to twig
 ## [0.7.0 - 20.11.2017]
 	* moved template menus to database, they're now dynamically loaded
 	* added anonymous usage statistics reporting (only if user agrees, first usage report will be send after 7 days)
 	* you can edit them in Admin Panel under 'Menus' option
 	* you can also add custom links, like http://google.pl
 	* added networks (facebook and twitter) and highscores (top 5) boxes to tibiacom template, configurable in templates/tibiacom/config.php
 	* added news ticker for kathrine template
 	* added featured article to tibiacom template (you can add them with add news button)
 	* added tinymce editor to 'Pages' in admin panel
 	* added links to edit/delete/hide custom page directly from page
 	* update forum post after editing news (when forum post has been created)
 	* enabled code plugin for tinymce which enabled raw html code editing
 	* removed videos pages, as it can be easily added using custom Menus and Pages with insert Media
 	* removed bug_report configurable, its now enabled by default
 	* log some error info when mail cannot be send on account create
 	* twig getLink function will now return with full url (BASE_URL included)
 	* verify install post values directly on config page and display error
 	* updated tinymce to version 4.7.2 (from 4.7.0)
 	* updated phpmailer to version 5.2.26 (from 5.2.23)
 	* (#30) (fix) recovering account on servers that doesn't support salts
 	* (fix) account email confirm function
 	* (fix) showing changelog with urls in Admin Panel
 	* (fix) uninstalling plugin
 	* (fix) polls box in tibiacom template
 	* (fix) remove hooks from db on plugin deinstall
 	* (fix) some weird include possibilities with forum and account actions (verify action name)
 	* (fix) loading hooks from plugin installed from command line
 	* (fix) some changelog PHP Notice warning
 	* (internal) moved uninstall logic to Plugins class
 	* (internal) moved tibiacom boxes to separate directory
 	* (internal) moved news tickers to twig template
 	* (internal) moved Forum class to separate file
 	* (internal) moved deprecated functions to compat.php
 	* (internal) added some compat functions that are used by shop system
 	* (internal) renamed constant TICKET -> TICKER
 	* (internal) shortened message functions
 ## [0.6.6 - 22.10.2017]
 	* fixed some php fatal error on spells page
 	* changed spells.vocations field in db size to 300
 	* please reload your spells after this update!
 ## [0.6.5 - 21.10.2017]
 	* fixed displaying custom pages
 	* fixed adding new group forum board
 ## [0.6.4 - 20.10.2017]
 	* reverted OTS_Account::getLastLogin() cause its used by tibia11-login plugin
 ## [0.6.3 - 20.10.2017]
 	* fixed creating account
 	* fixed viewing thread without being logged
 	* fixed showing premium account status
 ## [0.6.2 - 20.10.2017]
 	* added forums for guilds and groups
 	* added nice looking menu for my account page in default template
 	* new command line tool: install_plugin.php - can be used to install plugins from command line. Usage: "php install_plugin.php path_to_file"
 	* added new tooltip to view characters equipment item name and monster loot
 	* added items.xml loader class and weapons.xml loader class
 	* minimum PHP version to install AAC is now 5.3.0 cause of Anonymous functions used by Twig
 	* Added 'Are you sure?' popup when uninstalling plugin
 	* added some warnings when plugin json file is incomplete
 	* fixed showing in characters ban expires when is unlimited
 	* fixed displaying monster loot when item.name in loot is used instead of item.id
 	* load also runes into spells table
 	* display plugin uninstall option only if its possible
 	* after changing template you will be redirected to latest viewed page
 	* display gallery add image form only on main gallery page
 	* (internal) moved most of guilds html-in-php code to twig
 	* (internal) moved spells page to twig template
 	* (internal) removed useless spells.spell column that was duplicate of spells.words
 	* (internal) save monster loot in database in json format instead loading it every time from xml file
 	* (internal) store monster voices and immunities in json format
 	* (internal) moved buttons to separate template
 	* (internal) moved online search form to twig
 	* (internal) added new function getItemNameById($id)
 	* (internal) Moved plugin install logic to a new class: Plugins
 	* (internal) changed spells.vocations database field to store json data instead of comma separated
 	* (internal) removed $hook_types array, using defined() and constant() functions now
 	* (internal) removed useless monsters.gfx_name field from database
 	* (internal) renamed database field monsters.hide_creature to hidden
 	* (internal) renamed existing Items class to Items_Images
 	* (internal) optimized Spells class
 	* (internal) new function: OTS_Guild::hasMember(OTS_Player $player)
 	* (internal) new function: Forum::hasAccess($board_id)
 ## [0.6.1 - 17.10.2017]
 	* fixed signatures loading
 	* new configurable: session_prefix, to allow more websites on one machine (must be unique for every website on your dedicated server!)
 	* better error handling for monsters and spells loader (save errors to system/logs/error.log)
 	* check if file exist before loading (monsters and spells)
 	* (internal) Account::getAccess() = Account::getGroupId()
 	* (internal) moved account actions (pages) to account/ directory
 	* (internal) moved forum actions (pages) to forum/ directory
 	* (internal) moved forum.edit_post to twig templates
 ## [0.6.0 - 16.10.2017]
 	* added faq management - add/edit/move/hide/delete from website
 	* new account.login view for tibiacom template
 	* monsters and spells are now being loaded at the installation of the AAC
 	* fix for php versions under 5.5 where empty() function supported only variables
 	* added missing change email and change info buttons to account.management default template
 	* added new indicator icons for create account, create character and change character name
 	* fixed config loader when some inline comments are present
 	* fixed editing page in admin panel that contains some html code
 	* fixed forum new post on mac os and some specific mysql versions
 	* attempt to fix incorrect views counter behavior (its resetting to 0 in some cases)
 	* enabled cache http headers for signatures
 	* check if monster file exist before loading it
 	* fixed if plugin zip file name contains dot (.)
 	* renamed screenshots to gallery and movies to videos
 	* moved install pages to twig
 	* fixed Account::getGuildAccess function
 	* removed never used library from sources - dwoo
 	* moved check_* functions to class Validator
 	* from now all validators ajax requests will fire onblur instead of onkeyup
 	* ajax requests returns now json instead of xml
 	* added 404 response when file is not found
 ## [0.5.1 - 11.10.2017]
 	* fixed forum add/edit board
 	* new configurable: highscores_length, how much highscores to display
 	* fixed highscores links (ALL, previous and next page)
 	* update templates cache when installing/uninstalling plugin
 	* moved character deaths and frags table generation to twig
 	* fixed some bug when you uninstall plugin and then try to install again on the same page
 	* check if plugin exist before uninstalling
 	* fixed some warning in OTS_Base_DB
 ## [0.5.0 - 10.10.2017]
 	* moved .htaccess rules to plain php (index.php)
 	* updated tinymce to the latest (4.7.0) version, you can now embed code, for example youtube videos
 	* added option to uninstall plugin
 	* added option to require specified myaac, php or database version for plugins, without that plugin won't be installed
 	* change accountmanagement links to use friendly_urls
 	* fixed creating new forum thread
 	* sample characters are now assigned to admin account and have group_id 4 to not be shown on highscores
 	* added links loaded from database to admin panel - for future plugins
 	* print some info to error.log when can't find config.lua
 	* some fixes in account changecomment action
 	* show info when account name/number or password is empty on login
 	* fixed showing account login errors
 	* added few characters hooks
 	* fixed some kathrine template js bug when shop is disabled
 	* you can now use slash '/' in custom pages loaded from database
 	* added new twig function getLink that convert link taking into account config.friendly_urls
 	* internalLayoutLink -> getLink
 ## [0.4.3 - 05.10.2017]
 	* better config loader taken from latest gesior, you can now include files in your config by doing dofile('config.local.lua')
 	* fixed country detection in create account
 	* fixed showing of character deaths and frags
 	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466303
 	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466313
 	* fixed rook sample, which will now have level 1, 150 health, 0 mana, and 400 cap.
 	* fixed samples being deleted by tfs 1.0+ cause of 'deletion' field set to 1
 	* pages loaded from database have higher priority than normal .php pages, so they will be loaded first if they exist
 	* moved many pages to twig templates
 	* change download client links from clients.halfaway.net to tibia-clients.com
 	* added bugtracker to kathrine template
 	* added CREDITS file
 ## [0.4.2 - 14.09.2017]
 	* updated version number
 ## [0.4.1 - 13.09.2017]
 	* fixed log in to admin panel
 	* fixed File is not .zip plugin upload error
 ## [0.4.0 - 13.09.2017
 	* added option to add/edit/delete/hide/move forum boards
 	* moved some of HTML-in-PHP code to Twig templates
 	* added bug_report configurable which can enable/disable bug tracker
 	* log errors instead of showing them to users with system directories
 	* fix when $_SERVER['HTTP_ACCEPT_ENCODING'] is not set
 	* when it fails to load config.lua it will output error also to error.log
 	* automatically detect json file in .zip instead of basing on filename (admin panel - plugins)
 	* hopefully fixed the error with "The file you are trying to upload is not a .zip file. Please try again."
 	* fixed wrong name of table in bugtracker
 	* fixed some bugs in bugtracker
 	* added report bug link in templates
 	* fixed some rare error when user is logged in for longer than 15 minutes and tries to login again
 	* fixed some grammar errors
 	* some small improvements
 	* fixed some separators in kathrine template
 ## [0.3.0 - 28.08.2017]
 	* added administration panel for screenshots management with auto thumbnail generator and image auto-resizing
 	* added Twig template engine and moved some html-in-php code to it
 	* automatically detect player country based on user location (IP) on create account
 	* player sex (gender) is now configurable at $config['genders']
 	* fixed recovering account and changing password when salt is enabled
 	* fixed installing samples when for example Rook Sample already exist and other samples not
 	* fixed some mysql error when character you trying to create already exist
 	* fixed some warning when you select nonexistent country
 	* password change minimal/maximal length notice is now more precise
 	* added 'enabled' field in myaac_hooks table, which can enable or disable specified hook
 	* removed DEFAULT '' for TEXT field. It didn't worked under some systems like MAC OS X.
 	* minimum PHP version to install the MyAAC is now 5.2.0 cause of pathinfo (extension) function
 	* removed unused admin stylish template
 	* removed some unused cities field from myaac_spells table
 	* moved news adding at installation from schema.sql to finish.php
 	* some optimizations
 ## [0.2.4 - 09.06.2017]
 	* fixed invite to guild
 	* added id field on monsters, so you can delete them in phpmyadmin
 	* fixed adding some creatures with ' and "
 	* fixed when there are spaces at beginning of the file (creatures)
 	* fixed when file is unable to parse (creatures)
 	* fixed typo loss_items => loss_containers
 	* more elegant way of showing message on reload creatures and spells
 ## [0.2.3 - 31.05.2017]
 	* fixed guild management on OTHire 0.0.3
 	* set default skills to 10 when creating new character
 	* fixed displaying of "Create forum thread" in newses
 	* fixed deleting guild on servers that use players.rank_id field
 	* fixed phpmailer class loading (https://otland.net/threads/myaac-v0-0-1.251454/page-8#post-2445222)
 	* fixed displaying vocation amount on online page
 	* better support for custom vocations, you just need to set in config vocations_amount to yours.
 	* fixed huge space in player name (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444328)
 	* fixed Undefined variable (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444034)
 	* fixed Undefined offset (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444035)
 ## [0.2.2 - 22.05.2017]
 	* added missing cache/signature directory
 	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2443868
 ## [0.2.1 - 21.05.2017]
 	* added Swedish translation by Sizaro
 	* fixed some bugs with installlation & characters & houses
 ## [0.2.0 - 21.05.2017]
 	* added option to change character sex for premium points
 	* moved site_closed to database, now you can close your site through admin panel
 	* added option to admin panel: clear cache
 	* added experiencetable_rows configurable
 	* optimized OTS_Account->getGroupId(), now its using like 20 queries less
 	* optimized OTS_Player->load($id) function, should be much faster now
 	* fixed displaying on highscores special outfits
 	* fixed skull images displaying
 	* fixed displaying unlimited premium account
 	* fixed bug where players.lookaddons doesn't exist (OTHire etc.) (https://otland.net/threads/myaac-v0-0-1.251454/page-6#post-2442407)
 	* fixed signature tibian for OTHire and other servers that doesnt use accounts.premdays field
 	* fixed when player name in signature containst space
 	* don't show "Create forum thread" when editing
 	* fixed red color table after create account
 	* updated download links, as clients.halfaway.net isn't working anymore
 	* fixed some bugs while installing when field `email_next` or `hidden` already exist
 	* fixed movies unexpected comment
 	* added template_place_holder('center_top') to kathrine template
 ## [0.1.5 - 13.05.2017]
 	* fixed bug with "Integrity constraint violation: 1048 Column 'ip' cannot be null"
 ## [0.1.4 - 13.05.2017]
 	* added outfit shower, in characters, online, and highscores
 	* updated database to version 2
 	* fixed item images (now using item-images.ots.me host by default)
 	* fixed news ticket and posting long newses (https://otland.net/threads/myaac-v0-0-1.251454/page-5#post-2442026)
 	* news body limit increased to 65535 (mysql text field)
 	* removed some unused code from my old server
 	* added spells & monsters to kathrine template
 ## [0.1.3 - 11.05.2017]
 	* this is just release to update version number
 ## [0.1.2 - 11.05.2017]
 	* forgot to update CHANGELOG and MYAAC_VERSION
 ## [0.1.1 - 11.05.2017]
 	* fixed updating myaac_config with database_version to 1
 	* fixed database updater
 ## [0.1.0 - 11.05.2017]
 	* added new feature: change character name for premium points (disabled by default, you can enable it in config under account_change_character_name in config.php)
 	* added automatic database updater (data migrations)
 	* renamed events to hooks
 	* moved hooks to database
 	* now you can use hooks in plugins
 	* set account.type field to 5 on install, if TFS 1.0+
 	* added example plugin
 	* new, latest google analytics code
 	* fixed bug with loading account.name that has numbers in it
 	* fixed many bugs in player editor in admin panel
 	* added error handling to plugin manager and some more verification in
 	* file has been correctly unpacked/uploaded
 	* fixed Statistics page in admin panel when using account.number
 	* fixed bug when creating/recovering account on servers with
 	* account.salt field (TFS 0.3 for example)
 	* fixed forum showing thread with html tags (added from news manager)
 	* new, latest code for youtube videos in movies page
 	* fixed showing vocation images when using $config['online_vocations_images']
 	* many fixes in polls (also importing proper schema)
 	* fixed hovering on buttons in kathrine template (on accountmanagement page)
 	* fixed signatures (many fixes)
 	* added missing gesior signature system
 ## [0.0.6 - 06.05.2017]
 	* fixed bug while installing (https://otland.net/threads/myaac-v0-0-1.251454/page-3#post-2440543)
 	* fixed bug when creating character (not showing errors) (one more time)
 	* fixed support for TFS 0.2 series
 	* added FAQ link
 ## [0.0.5 - 05.05.2017]
 	* fixed bug when creating character (not showing errors)
 	* Fixed characters loading with names that has been created with other AAC
 	* fixed links to shop in default template
 	* fixed some weird PHP 7.1 warnings/notices
 	* Fixed config loading with some weird comments
 	* fixed bug with status info utf8 encoding (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440259)
 	* fixed when ip in log_action is NULL (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440357)
 	* fixed bug when guild doesn't exist on characters page (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440320)
 	* disabled friendly_urls by default
 	* fixes when $config['database_*'] is set
 	* added CHANGELOG
 ## [0.0.3 - 03.05.2017]
 	* Full support for OTHire 0.0.3
 	* added support for otservers that doesn't use account.name field, instead just account number will be used
 	* fixed encryption detection on TFS 0.3
 	* fixed bug when server_config table doesn't exist
 	* (install) moved admin account creation to new step
 	* fixed news comment link
 	* by default, the installer creates now the Admin player, for admin account
 	* fixed installation errors
 	* fixed config.lua loading with some weird comments
 ## [0.0.2 - 02.05.2017]
 	* updated forum links to use friendly_urls
 	* some more info will be shown when cannot connect to database
 	* show more error infos when creating character
 	* fixed forum link on newses
 	* fixed spells loading when there's vocation name instead of id
 	* fixed bug when you have changed template but it doesn't exist anymore
 	* fixed vocations with promotion loading
 	* fixed support for gesior pages and templates
 	* added function OTS_Acount:getGroupId()
 ## [0.0.1 - 01.05.2017]
 	This is first official release of MyAAC.
 	Features are listed here
 	For more information, see the release announcement on OTLand: https://otland.net/threads/myaac-v0-0-1.251454/
--- a/README.md
+++ b/README.md
@@ -1,11 +1,17 @@
 # PLEASE DO NOT USE THIS BRANCH/VERSION
 ## It is discontinued and won't receive any updates
 ## Switch to master branch instead
 ## It's keept only for archival purposes
 # myaac
 MyAAC is a free and open-source Automatic Account Creator (AAC) and Content Management System (CMS) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
 Official website: https://my-aac.org
 ### REQUIREMENTS
-	- PHP 5.2.0 or later
+	- PHP 5.3.3 or later
 	- MySQL database
 	- PDO PHP Extension
 	- XML PHP Extension
@@ -28,6 +34,7 @@ Official website: https://my-aac.org
 			chmod 660 images/guilds
 			chmod 660 images/houses
 			chmod 660 images/gallery
 			chmod -R 770 system/cache
 	Visit http://your_domain/install (http://localhost/install) and follow instructions in the browser.
--- a/admin/template/style.css
+++ b/admin/template/style.css
@@ -28,7 +28,7 @@ h1, h2, h3, h4, h5, h6 {color: #313334; font-weight: bold;}
 	margin-left:5px;
 }
-.button { background:#eee url(images/button.gif) repeat-x 0 0; border:solid 1px #b1a874; color:#7f7f7f; font-size:11px; padding:2px 6px 2px 6px; cursor:pointer; line-height:14px !important; }
+.button { background:#eee repeat-x 0 0; border:solid 1px #b1a874; color:#7f7f7f; font-size:11px; padding:2px 6px 2px 6px; cursor:pointer; line-height:14px !important; }
 .button:hover { color:#333; border-color:#857b42; }
 .field, .button { -moz-border-radius:4px; -webkit-border-radius:4px; }
@@ -126,7 +126,7 @@ a.ico:hover { color:#333;}
 	font-size: 12px;
 }
 #status .success {
-  margin: 0px:
+  margin: 0px;
 }
 #version {
 	position: absolute; top: 10px; right: 10px;
--- a/admin/template/template.php
+++ b/admin/template/template.php
@@ -39,10 +39,12 @@
 						'Dashboard' => 'dashboard',
 						'Mailer' => 'mailer',
 						'Pages' => 'pages',
 						'Menus' => 'menus',
 						'Plugins' => 'plugins',
 						'Statistics' => 'statistics',
 						'Visitors' => 'visitors',
 						'Players' => 'players',
 						'Items' => 'items',
 						'Tools' => array(
 							'phpinfo' => 'phpinfo'
 						),
--- a/common.php
+++ b/common.php
@@ -21,14 +21,13 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 session_start();
 define('MYAAC', true);
-define('MYAAC_VERSION', '0.6.0');
+define('MYAAC_VERSION', '0.7.13-dev');
-define('DATABASE_VERSION', 11);
+define('DATABASE_VERSION', 22);
 define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));
 define('MYAAC_OS', (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? 'WINDOWS' : (strtoupper(PHP_OS) == 'DARWIN' ? 'MAC' : 'LINUX'));
@@ -46,10 +45,11 @@ define('FLAG_CONTENT_MONSTERS', 256);
 define('FLAG_CONTENT_GALLERY', 512);
 define('FLAG_CONTENT_VIDEOS', 1024);
 define('FLAG_CONTENT_FAQ', 2048);
 define('FLAG_CONTENT_MENUS', 4096);
 // news
 define('NEWS', 1);
-define('TICKET', 2);
+define('TICKER', 2);
 define('ARTICLE', 3);
 // directories
@@ -60,10 +60,19 @@ define('CACHE', SYSTEM . 'cache/');
 define('LOCALE', SYSTEM . 'locale/');
 define('LIBS', SYSTEM . 'libs/');
 define('LOGS', SYSTEM . 'logs/');
 define('PAGES', SYSTEM . 'pages/');
 define('PLUGINS', BASE . 'plugins/');
 define('TEMPLATES', BASE . 'templates/');
 define('TOOLS', BASE . 'tools/');
 // menu categories
 define('MENU_CATEGORY_NEWS', 1);
 define('MENU_CATEGORY_ACCOUNT', 2);
 define('MENU_CATEGORY_COMMUNITY', 3);
 define('MENU_CATEGORY_FORUM', 4);
 define('MENU_CATEGORY_LIBRARY', 5);
 define('MENU_CATEGORY_SHOP', 6);
 // otserv versions
 define('OTSERV', 1);
 define('OTSERV_06', 2);
@@ -85,12 +94,15 @@ $basedir = str_replace('/admin', '', $basedir);
 $basedir = str_replace('/install', '', $basedir);
 define('BASE_DIR', $basedir);
-if(isset($_SERVER['HTTPS'][0]) && $_SERVER['HTTPS'] == 'on')
+if(isset($_SERVER['HTTP_HOST'])) {
-	define('SERVER_URL', 'https://' . $_SERVER['HTTP_HOST']);
+	if (isset($_SERVER['HTTPS'][0]) && $_SERVER['HTTPS'] == 'on')
-else
+		define('SERVER_URL', 'https://' . $_SERVER['HTTP_HOST']);
-	define('SERVER_URL', 'http://' . $_SERVER['HTTP_HOST']);
+	else
 		define('SERVER_URL', 'http://' . $_SERVER['HTTP_HOST']);
-define('BASE_URL', SERVER_URL . BASE_DIR . '/');
+	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
-define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
+	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
-//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
+
 	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
 }
 ?>
--- a/config.php
+++ b/config.php
@@ -13,7 +13,6 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
@@ -30,6 +29,7 @@ $config = array(
 	// used for the Downloads page and some templates aswell
 	'client' => 1098, // 954 = client 9.54
 	'session_prefix' => 'myaac_', // must be unique for every site on your server
 	'friendly_urls' => false, // mod_rewrite is required for this, it makes links looks more elegant to eye, and also are SEO friendly (example: http://my-aac.org/guilds/Testing instead of http://my-aac.org/?subtopic=guilds&name=Testing). Remember to rename .htaccess.dist to .htaccess
 	'gzip_output' => false, // gzip page content before sending it to the browser, uses less bandwidth but more cpu cycles
@@ -73,9 +73,9 @@ $config = array(
 		//'2' => 'Your Second World Name'
 	),
-	// items
+	// images
 	'outfit_images_url' => 'http://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
-	'item_images_url' => 'http://item-images.ots.me/960/', // set to images/items if you host your own items in images folder
+	'item_images_url' => 'http://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
 	// account
 	'account_management' => true, // disable if you're using other method to manage users (fe. tfs account manager)
@@ -107,10 +107,11 @@ $config = array(
 	'smtp_auth' => true, // need authorization?
 	'smtp_user' => 'admin@example.org',
 	'smtp_pass' => '',
 	'smtp_secure' => '', // What kind of encryption to use on the SMTP connection. Options: '', 'ssl' or 'tls', use 'ssl' for gmail
 	// reCAPTCHA (prevent spam bots)
 	'recaptcha_enabled' => false, // enable recaptcha verification code
-	'recaptcha_site_key' => '', // get your own public and private keys at https://www.google.com/recaptcha
+	'recaptcha_site_key' => '', // get your own site and secret keys at https://www.google.com/recaptcha
 	'recaptcha_secret_key' => '',
 	'recaptcha_theme' => 'light', // light, dark
@@ -185,7 +186,8 @@ $config = array(
 	'highscores_frags' => false, // show 'Frags' tab (best fraggers on the server)? Only 0.3
 	'highscores_outfit' => true, // show player outfit?
 	'highscores_country_box' => false, // doesnt work yet! (not implemented)
-	'highscores_groups_hidden' => 4, // this group id and higher won't be shown on the highscores
+	'highscores_groups_hidden' => 3, // this group id and higher won't be shown on the highscores
 	'highscores_ids_hidden' => array(0), // this ids of players will be hidden on the highscores (should be ids of samples)
 	'highscores_length' => 100, // how many records per page on highscores
 	// characters page
@@ -213,7 +215,7 @@ $config = array(
 	'gifts_system' => false,
 	// support/system
-	'bug_report' => true,
+	'bug_report' => true, // this configurable has no effect, its always enabled
 	// forum
 	'forum' => 'site', // link to the server forum, set to "site" if you want to use build in forum system, otherwise leave empty if you aren't going to use any forum
@@ -230,6 +232,7 @@ $config = array(
 	'status_port' => '',
 	// other
 	'anonymous_usage_statistics' => true,
 	'email_lai_sec_interval' => 60, // time in seconds between e-mails to one account from lost account interface, block spam
 	'google_analytics_id' => '', // e.g.: UA-XXXXXXX-X
 	'experiencetable_columns' => 5, // how many columns to display in experience table page. * experiencetable_rows, 5 = 500 (will show up to 500 level)
--- a/images/changelog/unknown.png
+++ b/images/changelog/unknown.png
--- a/images/news/announcement.jpg
+++ b/images/news/announcement.jpg
--- a/images/plus.png
+++ b/images/plus.png
--- a/index.php
+++ b/index.php
@@ -21,7 +21,6 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
@@ -30,20 +29,7 @@
 // ini_set('display_startup_errors', 1);
 // error_reporting(E_ALL);
 if(preg_match("/^(.*)\.(gif|png|jpg|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz)$/i", $_SERVER['REQUEST_URI'])) {
 	header("HTTP/1.0 404 Not Found");
 	exit;
 }
 require_once('common.php');
 require_once(BASE . 'config.local.php');
 if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed']))
 {
 	header('Location: ' . BASE_URL . 'install/');
 	die('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
 }
 require_once(SYSTEM . 'functions.php');
 $uri = $_SERVER['REQUEST_URI'];
@@ -54,98 +40,121 @@ if(!empty($tmp))
 else
 	$uri = str_replace_first('/', '', $uri);
-$uri = strtolower(str_replace(array('index.php/', '?'), '', $uri));
+$uri = str_replace(array('index.php/', '?'), '', $uri);
 define('URI', $uri);
 if(preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
 	$tmp = explode('.', $uri);
 	$_REQUEST['name'] = urldecode($tmp[0]);
 	chdir(TOOLS . 'signature');
 	include(TOOLS . 'signature/index.php');
 	exit();
 }
 else if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
 	header("HTTP/1.0 404 Not Found");
 	exit;
 }
 require_once(BASE . 'config.local.php');
 if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed']))
 {
 	header('Location: ' . BASE_URL . 'install/');
 	die('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
 }
 $found = false;
 if(empty($uri) || isset($_REQUEST['template'])) {
 	$_REQUEST['p'] = 'news';
 	$found = true;
 }
 else if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $uri . '.php')) {
 	$_REQUEST['p'] = $uri;
 	$found = true;
 }
 else {
-	$rules = array(
+	$tmp = strtolower($uri);
-		'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
+	if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $tmp . '.php')) {
-		'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
+		$_REQUEST['p'] = $uri;
-		'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
+		$found = true;
 		'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
 		'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changepassword'),
 		'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'registeraccount'),
 		'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'registernew'),
 		'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changeemail'),
 		'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changeinfo'),
 		'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'createcharacter'),
 		'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changename'),
 		'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changesex'),
 		'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'deletecharacter'),
 		'/^account\/character\/comment\/[A-Za-z]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changecomment', 'name' => '$3'),
 		'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changecomment'),
 		'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
 		'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
 		'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
 		'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
 		'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
 		'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
 		'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
 		'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
 		'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
 		'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
 		'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
 		'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
 		'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
 		'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
 		'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
 		'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
 		'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
 		'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
 		'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
 		'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
 		'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
 		'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
 		'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
 		'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
 		'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1')
 	);
 	if (preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
 		$tmp = explode('.', $uri);
 		$_REQUEST['name'] = urldecode($tmp[0]);
 		chdir(TOOLS . 'signature');
 		include('index.php');
 		exit();
 	}
 	else {
 		$rules = array(
 			'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
 			'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
 			'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
 			'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
 			'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
 			'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
 			'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
 			'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
 			'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
 			'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
 			'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
 			'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
 			'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
 			'/^account\/character\/comment\/[A-Za-z0-9-_%+\']+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
 			'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
 			'/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
 			'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
 			'/^changelog\/[0-9]+\/?$/' => array('subtopic' => 'changelog', 'page' => '$1'),
 			'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
 			'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
 			'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
 			'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
 			'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
 			'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
 			'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
 			'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
 			'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
 			'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
 			'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
 			'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
 			'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
 			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
 			'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
 			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
 			'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
 			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
 			'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
 			'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
 			'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
 			'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
 			'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
 			'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
 			'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
 			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
 		);
-	foreach($rules as $rule => $redirect) {
+		foreach($rules as $rule => $redirect) {
-		if (preg_match($rule, $uri)) {
+			if (preg_match($rule, $uri)) {
-			$tmp = explode('/', $uri);
+				$tmp = explode('/', $uri);
-			foreach($redirect as $key => $value) {
+				foreach($redirect as $key => $value) {
-				if(strpos($value, '$') !== false) {
+
-					$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
+					if(strpos($value, '$') !== false) {
 						$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
 					}
 					$_REQUEST[$key] = $value;
 					$_GET[$key] = $value;
 				}
-				$_REQUEST[$key] = $value;
+				$found = true;
-				$_GET[$key] = $value;
+				break;
 			}
 			$found = true;
 			break;
 		}
 	}
 	if(!$found)
 		$_REQUEST['p'] = $uri;
 }
 // define page visited, so it can be used within events system
 $page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_REQUEST['p']) ? $_REQUEST['p'] : '');
-if(empty($page) || preg_match('/[^A-z0-9\/_\-]/', $page)) {
+if(empty($page) || !preg_match('/^[A-z0-9\_\-]+$/', $page)) {
-	if(!$found)
+	$tmp = URI;
-		$page = '404';
+	if(!empty($tmp)) {
-	else
+		$page = $tmp;
-		$page = 'news';
+	}
 	else {
 		if(!$found)
 			$page = '404';
 		else
 			$page = 'news';
 	}
 }
 $page = strtolower($page);
@@ -154,34 +163,35 @@ define('PAGE', $page);
 $template_place_holders = array();
 require_once(SYSTEM . 'init.php');
 require_once(SYSTEM . 'template.php');
 require_once(SYSTEM . 'login.php');
 require_once(SYSTEM . 'status.php');
 require_once(SYSTEM . 'template.php');
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
 // verify myaac tables exists in database
 if(!tableExist('myaac_account_actions')) {
 	die('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
 }
 // database migrations
 $tmp = '';
 if(fetchDatabaseConfig('database_version', $tmp)) { // we got version
 	$tmp = (int)$tmp;
 	if($tmp < DATABASE_VERSION) { // import if older
 		for($i = $tmp + 1; $i <= DATABASE_VERSION; $i++) {
-			$file = SYSTEM . 'migrations/' . $i . '.php';
+			require(SYSTEM . 'migrations/' . $i . '.php');
-			if(file_exists($file)) {
+			updateDatabaseConfig('database_version', $i);
 				require($file);
 			}
 		}
 		updateDatabaseConfig('database_version', DATABASE_VERSION);
 	}
 }
 else { // register first version
 	registerDatabaseConfig('database_version', 0);
 	for($i = 1; $i <= DATABASE_VERSION; $i++) {
 		require(SYSTEM . 'migrations/' . $i . '.php');
 		updateDatabaseConfig('database_version', $i);
 	}
 	registerDatabaseConfig('database_version', DATABASE_VERSION);
 }
 // event system
@@ -190,6 +200,41 @@ $hooks = new Hooks();
 $hooks->load();
 $hooks->trigger(HOOK_STARTUP);
 // anonymous usage statistics
 // sent only when user agrees
 if(isset($config['anonymous_usage_statistics']) && $config['anonymous_usage_statistics']) {
 	$report_time = 30 * 24 * 60 * 60; // report one time per 30 days
 	$should_report = true;
 	$value = '';
 	if($cache->enabled() && $cache->fetch('last_usage_report', $value)) {
 		$should_report = time() > (int)$value + $report_time;
 	}
 	else {
 		$value = '';
 		if(fetchDatabaseConfig('last_usage_report', $value)) {
 			$should_report = time() > (int)$value + $report_time;
 			if($cache->enabled()) {
 				$cache->set('last_usage_report', $value);
 			}
 		}
 		else {
 			registerDatabaseConfig('last_usage_report', time() - ($report_time - (7 * 24 * 60 * 60))); // first report after a week
 			$should_report = false;
 		}
 	}
 	if($should_report) {
 		require_once(LIBS . 'usage_statistics.php');
 		Usage_Statistics::report();
 		updateDatabaseConfig('last_usage_report', time());
 		if($cache->enabled()) {
 			$cache->set('last_usage_report', time());
 		}
 	}
 }
 if($config['views_counter'])
 	require_once(SYSTEM . 'counter.php');
@@ -235,6 +280,7 @@ if($config['backward_support']) {
 	$layout_header = template_header();
 	$layout_name = $template_path;
 	$news_content = '';
 	$tickers_content = '';
 	$subtopic = PAGE;
 	$main_content = '';
@@ -275,14 +321,14 @@ if($load_it)
 	$ignore = false;
-	$logged_access = 0;
+	$logged_access = 1;
 	if($logged && $account_logged && $account_logged->isLoaded()) {
 		$logged_access = $account_logged->getAccess();
 	}
 	$query =
 		$db->query(
-			'SELECT `title`, `body`, `php`' .
+			'SELECT `id`, `title`, `body`, `php`, `hidden`' .
 			' FROM `' . TABLE_PREFIX . 'pages`' .
 			' WHERE `name` LIKE ' . $db->quote($page) . ' AND `hidden` != 1 AND `access` <= ' . $db->quote($logged_access));
 	if($query->rowCount() > 0) // found page
@@ -322,11 +368,17 @@ if($load_it)
 		}
 		else
 			$content .= $query['body']; // plain html
 		if(hasFlag(FLAG_CONTENT_PAGES) || superAdmin()) {
 			$content = $twig->render('admin.pages.links.html.twig', array(
 				'page' => array('id' => $query['id'], 'hidden' => $query['hidden'])
 			)) . $content;
 		}
 	}
 	else
 	{
 		$file = SYSTEM . 'pages/' . $page . '.php';
-		if(!@file_exists($file) && !$found)
+		if(!@file_exists($file))
 		{
 			$page = '404';
 			$file = SYSTEM . 'pages/404.php';
@@ -370,7 +422,7 @@ else
 	die('ERROR: Cannot load template.');
 }
-echo '<!-- MyAAC ' . MYAAC_VERSION . ' :: http://www.my-aac.org/ -->' . "\n";
+echo base64_decode('PCEtLSBQb3dlcmVkIGJ5IE15QUFDIDo6IGh0dHBzOi8vd3d3Lm15LWFhYy5vcmcvIC0tPg==') . PHP_EOL;
 if(($config['debug_level'] & 1) == 1)
 	echo '<!-- Generated in :: ' . round(microtime(true) - START_TIME, 4) . ' -->';
--- a/install/includes/config.php
+++ b/install/includes/config.php
@@ -1,12 +1,17 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 if(!isset($_SESSION['var_server_path'])) {
 	error($locale['step_database_error_config']);
 	$error = true;
 }
 	$config['server_path'] = $_SESSION['var_server_path'];
 	// take care of trailing slash at the end
 	if($config['server_path'][strlen($config['server_path']) - 1] != '/')
 		$config['server_path'] .= '/';
-	if(!file_exists($config['server_path'] . 'config.lua')) {
+if((!isset($error) || !$error) && !file_exists($config['server_path'] . 'config.lua')) {
 		error($locale['step_database_error_config']);
 		$error = true;
 	}
--- a/install/includes/functions.php
+++ b/install/includes/functions.php
@@ -78,4 +78,23 @@ function next_form($previous = true, $next = true)
 	<input type="hidden" name="step" id="step" value="' . $step . '" />' . next_buttons($previous, $next) . '
 </form>';
 }
-?>
+
 function win_is_writable($path) {
 	if($path[strlen( $path ) - 1] == '/') { // if it looks like a directory, check a random file within the directory
 		return win_is_writable( $path . uniqid( mt_rand() ) . '.tmp');
 	} elseif(is_dir( $path )) { // If it's a directory (and not a file) check a random file within the directory
 		return win_is_writable( $path . '/' . uniqid( mt_rand() ) . '.tmp' );
 	}
 	// check tmp file for read/write capabilities
 	$should_delete_tmp_file = !file_exists( $path );
 	$f = @fopen( $path, 'a' );
 	if ( $f === false )
 		return false;
 	fclose( $f );
 	if($should_delete_tmp_file)
 		unlink($path);
 	return true;
 }
--- a/install/includes/schema.sql
+++ b/install/includes/schema.sql
@@ -1,7 +1,7 @@
 CREATE TABLE `myaac_account_actions`
 (
 	`account_id` INT(11) NOT NULL,
-	`ip` INT(11) NOT NULL DEFAULT 0,
+	`ip` INT(10) UNSIGNED NOT NULL DEFAULT 0,
 	`ipv6` BINARY(16) NOT NULL DEFAULT 0,
 	`date` INT(11) NOT NULL DEFAULT 0,
 	`action` VARCHAR(255) NOT NULL DEFAULT '',
@@ -84,6 +84,8 @@ CREATE TABLE `myaac_forum_boards`
 	`name` VARCHAR(32) NOT NULL,
 	`description` VARCHAR(255) NOT NULL DEFAULT '',
 	`ordering` INT(11) NOT NULL DEFAULT 0,
 	`guild` INT(11) NOT NULL DEFAULT 0,
 	`access` INT(11) NOT NULL DEFAULT 0,
 	`closed` TINYINT(1) NOT NULL DEFAULT 0,
 	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
@@ -105,8 +107,9 @@ CREATE TABLE `myaac_forum`
 	`author_aid` int(20) NOT NULL default '0',
 	`author_guid` int(20) NOT NULL default '0',
 	`post_text` text NOT NULL,
-	`post_topic` varchar(255) NOT NULL,
+	`post_topic` varchar(255) NOT NULL DEFAULT '',
 	`post_smile` tinyint(1) NOT NULL default '0',
 	`post_html` tinyint(1) NOT NULL default '0',
 	`post_date` int(20) NOT NULL default '0',
 	`last_edit_aid` int(20) NOT NULL default '0',
 	`edit_date` int(20) NOT NULL default '0',
@@ -128,22 +131,112 @@ CREATE TABLE `myaac_hooks`
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
 CREATE TABLE `myaac_items`
 (
 	`id` INT(11) NOT NULL,
 	`article` VARCHAR(5) NOT NULL DEFAULT '',
 	`name` VARCHAR(50) NOT NULL DEFAULT '',
 	`plural` VARCHAR(50) NOT NULL DEFAULT '',
 	`attributes` VARCHAR(500) NOT NULL DEFAULT '',
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
 CREATE TABLE `myaac_menu`
 (
 	`id` INT(11) NOT NULL AUTO_INCREMENT,
 	`template` VARCHAR(255) NOT NULL,
 	`name` VARCHAR(255) NOT NULL,
 	`link` VARCHAR(255) NOT NULL,
 	`category` INT(11) NOT NULL DEFAULT 1,
 	`ordering` INT(11) NOT NULL DEFAULT 0,
 	`enabled` INT(1) NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
 /* MENU_CATEGORY_NEWS kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Latest News', 'news', 1, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'News Archive', 'news/archive', 1, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Changelog', 'changelog', 1, 2);
 /* MENU_CATEGORY_ACCOUNT kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Account Management', 'account/manage', 2, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Create Account', 'account/create', 2, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Lost Account?', 'account/lost', 2, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Rules', 'rules', 2, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Downloads', 'downloads', 5, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Report Bug', 'bugtracker', 2, 5);
 /* MENU_CATEGORY_COMMUNITY kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Who is Online?', 'online', 3, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Characters', 'characters', 3, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Guilds', 'guilds', 3, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Highscores', 'highscores', 3, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Last Deaths', 'lastkills', 3, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Houses', 'houses', 3, 5);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Bans', 'bans', 3, 6);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Forum', 'forum', 3, 7);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Team', 'team', 3, 8);
 /* MENU_CATEGORY_LIBRARY kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Monsters', 'creatures', 5, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Spells', 'spells', 5, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Info', 'serverInfo', 5, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Commands', 'commands', 5, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Gallery', 'gallery', 5, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Experience Table', 'experienceTable', 5, 5);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'FAQ', 'faq', 5, 6);
 /* MENU_CATEGORY_SHOP kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Buy Points', 'points', 6, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop Offer', 'gifts', 6, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop History', 'gifts/history', 6, 2);
 /* MENU_CATEGORY_NEWS tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Latest News', 'news', 1, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'News Archive', 'news/archive', 1, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Changelog', 'changelog', 1, 2);
 /* MENU_CATEGORY_ACCOUNT tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Account Management', 'account/manage', 2, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Create Account', 'account/create', 2, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Lost Account?', 'account/lost', 2, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Rules', 'rules', 2, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Downloads', 'downloads', 2, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Report Bug', 'bugtracker', 2, 5);
 /* MENU_CATEGORY_COMMUNITY tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Characters', 'characters', 3, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Who Is Online?', 'online', 3, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Highscores', 'highscores', 3, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Last Kills', 'lastkills', 3, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Houses', 'houses', 3, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Guilds', 'guilds', 3, 5);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Polls', 'polls', 3, 6);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Bans', 'bans', 3, 7);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Support List', 'team', 3, 8);
 /* MENU_CATEGORY_FORUM tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Forum', 'forum', 4, 0);
 /* MENU_CATEGORY_LIBRARY tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Creatures', 'creatures', 5, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Spells', 'spells', 5, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Commands', 'commands', 5, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Exp Stages', 'experienceStages', 5, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Gallery', 'gallery', 5, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Info', 'serverInfo', 5, 5);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Experience Table', 'experienceTable', 5, 6);
 /* MENU_CATEGORY_SHOP tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Buy Points', 'points', 6, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop Offer', 'gifts', 6, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop History', 'gifts/history', 6, 2);
 CREATE TABLE `myaac_monsters` (
 	`id` int(11) NOT NULL AUTO_INCREMENT,
-	`hide_creature` tinyint(1) NOT NULL default '0',
+	`hidden` tinyint(1) NOT NULL default 0,
 	`name` varchar(255) NOT NULL,
-	`mana` int(11) NOT NULL,
+	`mana` int(11) NOT NULL DEFAULT 0,
 	`exp` int(11) NOT NULL,
 	`health` int(11) NOT NULL,
-	`speed_lvl` int(11) NOT NULL default '1',
+	`speed_lvl` int(11) NOT NULL default 1,
 	`use_haste` tinyint(1) NOT NULL,
 	`voices` text NOT NULL,
 	`immunities` varchar(255) NOT NULL,
 	`summonable` tinyint(1) NOT NULL,
 	`convinceable` tinyint(1) NOT NULL,
 	`race` varchar(255) NOT NULL,
-	`gfx_name` varchar(255) NOT NULL,
+	`loot` text NOT NULL,
 	`file_path` varchar(255) NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
@@ -163,13 +256,15 @@ CREATE TABLE `myaac_news`
 	`id` INT(11) NOT NULL AUTO_INCREMENT,
 	`title` VARCHAR(100) NOT NULL,
 	`body` TEXT NOT NULL,
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - news, 2 - ticket, 3 - article',
+	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - news, 2 - ticker, 3 - article',
 	`date` INT(11) NOT NULL DEFAULT 0,
 	`category` TINYINT(1) NOT NULL DEFAULT 0,
 	`player_id` INT(11) NOT NULL DEFAULT 0,
 	`last_modified_by` INT(11) NOT NULL DEFAULT 0,
 	`last_modified_date` INT(11) NOT NULL DEFAULT 0,
-	`comments` VARCHAR(50) NOT NULL,
+	`comments` VARCHAR(50) NOT NULL DEFAULT '',
 	`article_text` VARCHAR(300) NOT NULL DEFAULT '',
 	`article_image` VARCHAR(100) NOT NULL DEFAULT '',
 	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
@@ -235,17 +330,18 @@ CREATE TABLE `myaac_spells`
 	`name` VARCHAR(255) NOT NULL,
 	`words` VARCHAR(255) NOT NULL,
 	`category` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - attack, 2 - healing, 3 - summon, 4 - supply, 5 - support',
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - rune',
+	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune',
 	`level` INT(11) NOT NULL DEFAULT 0,
 	`maglevel` INT(11) NOT NULL DEFAULT 0,
 	`mana` INT(11) NOT NULL DEFAULT 0,
 	`soul` TINYINT(3) NOT NULL DEFAULT 0,
 	`conjure_count` TINYINT(3) NOT NULL DEFAULT 0,
 	`item_id` INT(11) NOT NULL DEFAULT 0,
 	`premium` TINYINT(1) NOT NULL DEFAULT 0,
-	`vocations` VARCHAR(32) NOT NULL,
+	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
 	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
-	UNIQUE (`spell`)
+	UNIQUE (`name`)
 ) ENGINE = MyISAM;
 CREATE TABLE `myaac_visitors`
@@ -255,3 +351,12 @@ CREATE TABLE `myaac_visitors`
 	`page` VARCHAR(100) NOT NULL,
 	UNIQUE (`ip`)
 ) ENGINE = MyISAM;
 CREATE TABLE `myaac_weapons`
 (
 	`id` INT(11) NOT NULL,
 	`level` INT(11) NOT NULL DEFAULT 0,
 	`maglevel` INT(11) NOT NULL DEFAULT 0,
 	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
--- a/install/includes/twig_error.html
+++ b/install/includes/twig_error.html
@@ -0,0 +1,11 @@
 We have detected that you don't have access to write to the system/cache directory. Under linux you can fix it by using this two command, where first one should be enough (for apache):<br/><br/><span class="console">chown -R www-data.www-data /var/www/*</span><br/><span class="console">chmod -R 660 system/cache</span>
 <style type="text/css">
 .console {
 	font-family:Courier;
 	color: #CCCCCC;
 	background: #000000;
 	border: 3px double #CCCCCC;
 	padding: 0px;
 }
 </style>
--- a/install/index.php
+++ b/install/index.php
@@ -1,9 +1,6 @@
 <?php
 require('../common.php');
 // step
 $step = isset($_POST['step']) ? $_POST['step'] : 'welcome';
 // includes
 require(SYSTEM . 'functions.php');
 require(BASE . 'install/includes/functions.php');
@@ -26,33 +23,87 @@ if(isset($_POST['vars']))
 		$_SESSION['var_' . $key] = $value;
 }
 // step
 $step = isset($_POST['step']) ? $_POST['step'] : 'welcome';
 $steps = array(1 => 'welcome', 2 => 'license', 3 => 'requirements', 4 => 'config', 5 => 'database', 6 => 'admin', 7 => 'finish');
 if(!in_array($step, $steps)) // check if step is valid
 	die('ERROR: Unknown step.');
 $errors = array();
 if($step == 'database')
 {
 	foreach($_POST['vars'] as $key => $value)
 	{
-		if(empty($value))
+		if($key != 'usage' && empty($value))
 		{
-			$step = 'config';
+			$errors[] = $locale['please_fill_all'];
 			$errors = '<p class="error">' . $locale['please_fill_all'] . '</p>';
 			break;
 		}
 		else if($key == 'mail_admin' && !Validator::email($value))
 		{
 			$errors[] = $locale['step_config_mail_admin_error'];
 			break;
 		}
 		else if($key == 'mail_address' && !Validator::email($value))
 		{
 			$errors[] = $locale['step_config_mail_address_error'];
 			break;
 		}
 	}
 	if(!empty($errors)) {
 		$step = 'config';
 	}
 }
 else if($step == 'finish') {
 	// password
 	$password = $_SESSION['var_password'];
 	if(isset($_SESSION['var_account'])) {
 		if(!Validator::accountName($_SESSION['var_account'])) {
 			$errors[] = $locale['step_admin_account_error_format'];
 		}
 		else if(strtoupper($_SESSION['var_account']) == strtoupper($password)) {
 			$errors[] = $locale['step_admin_account_error_same'];
 		}
 	}
 	else if(isset($_SESSION['var_account_id'])) {
 		if(!Validator::accountId($_SESSION['var_account_id'])) {
 			$errors[] = $locale['step_admin_account_id_error_format'];
 		}
 		else if($_SESSION['var_account_id'] == $password) {
 			$errors[] = $locale['step_admin_account_id_error_same'];
 		}
 	}
 	if(empty($password)) {
 		$errors[] = $locale['step_admin_password_error_empty'];
 	}
 	else if(!Validator::password($password)) {
 		$errors[] = $locale['step_admin_password_error_format'];
 	}
 	if(!empty($errors)) {
 		$step = 'admin';
 	}
 }
 $error = false;
-// step include
+clearstatcache();
-ob_start();
+if(is_writable(CACHE) && (MYAAC_OS != 'WINDOWS' || win_is_writable(CACHE))) {
-require('steps/' . $step . '.php');
+	ob_start();
-$content = ob_get_contents();
+
-ob_end_clean();
+	$step_id = array_search($step, $steps);
 	require('steps/' . $step_id . '-' . $step . '.php');
 	$content = ob_get_contents();
 	ob_end_clean();
 }
 else {
 	$content = error(file_get_contents(BASE . 'install/includes/twig_error.html'), true);
 }
 // render
 require('template/template.php');
 //$_SESSION['laststep'] = $step;
 ?>
--- a/install/steps/1-welcome.php
+++ b/install/steps/1-welcome.php
--- a/install/steps/2-license.php
+++ b/install/steps/2-license.php
--- a/install/steps/3-requirements.php
+++ b/install/steps/3-requirements.php
@@ -22,11 +22,11 @@ function version_check($name, $ok, $info = '', $warning = false)
 $failed = false;
 // start validating
-version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50200), PHP_VERSION);
+version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50303), PHP_VERSION);
 foreach(array('config.local.php', 'images/guilds', 'images/houses', 'images/gallery') as $value)
 {
-	$perms = (int) substr(decoct(fileperms(BASE . $value)), 2);
+	$is_writable = is_writable(BASE . $value);
-	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $perms >= 660);
+	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $is_writable);
 }
 $ini_register_globals = ini_get_bool('register_globals');
--- a/install/steps/4-config.php
+++ b/install/steps/4-config.php
@@ -7,6 +7,7 @@ $clients_list = array(
 	750,
 	760,
 	770,
 	772,
 	780,
 	7920,
 	800,
@@ -79,6 +80,7 @@ echo $twig->render('install.config.html.twig', array(
 	'clients' => $clients,
 	'locale' => $locale,
 	'session' => $_SESSION,
 	'errors' => isset($errors) ? $errors : null,
 	'buttons' => next_buttons()
 ));
 ?>
--- a/install/steps/5-database.php
+++ b/install/steps/5-database.php
@@ -11,7 +11,8 @@ if(!isset($_SESSION['var_server_path'])) {
 }
 if(!$error) {
-	$content = "<?php\n";
+	$content = "<?php";
 	$content .= PHP_EOL;
 	foreach($_SESSION as $key => $value)
 	{
 		if(strpos($key, 'var_') !== false)
@@ -23,7 +24,11 @@ if(!$error) {
 					$value .= "/";
 			}
-			if($key != 'var_account' && $key != 'var_account_id' && $key != 'var_password') {
+			if($key == 'var_usage') {
 				$content .= '$config[\'anonymous_usage_statistics\'] = ' . ((int)$value == 1 ? 'true' : 'false') . ';';
 				$content .= PHP_EOL;
 			}
 			else if($key != 'var_account' && $key != 'var_account_id' && $key != 'var_password') {
 				$content .= '$config[\'' . str_replace('var_', '', $key) . '\'] = \'' . $value . '\';';
 				$content .= PHP_EOL;
 			}
@@ -85,7 +90,7 @@ if(!$error) {
 			if(!fieldExist('blocked', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `blocked` TINYINT(1) NOT NULL DEFAULT FALSE COMMENT 'internal usage' AFTER `key`;"))
-					success($locale['step_database_adding_field'] . ' accounts.created...');
+					success($locale['step_database_adding_field'] . ' accounts.blocked...');
 			}
 			if(!fieldExist('created', 'accounts')) {
@@ -169,6 +174,11 @@ if(!$error) {
 					success($locale['step_database_adding_field'] . ' accounts.premium_points...');
 			}
 			if(fieldExist('motd', 'guilds')) {
 				if(query("ALTER TABLE `guilds` MODIFY `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
 					success($locale['step_database_modifying_field'] . ' guilds.motd...');
 			}
 			if(!fieldExist('description', 'guilds')) {
 				if(query("ALTER TABLE `guilds` ADD `description` TEXT NOT NULL;"))
 					success($locale['step_database_adding_field'] . ' guilds.description...');
@@ -193,7 +203,7 @@ if(!$error) {
 			if(!fieldExist('deleted', 'players') && !fieldExist('deletion', 'players')) {
 				if(query("ALTER TABLE `players` ADD `deleted` TINYINT(1) NOT NULL DEFAULT 0;"))
-					success($locale['step_database_adding_field'] . ' players.comment...');
+					success($locale['step_database_adding_field'] . ' players.deleted...');
 			}
 			if(fieldExist('hide_char', 'players')) {
@@ -214,6 +224,17 @@ if(!$error) {
 				if(query("ALTER TABLE `players` ADD `comment` TEXT NOT NULL;"))
 					success($locale['step_database_adding_field'] . ' players.comment...');
 			}
 			if(fieldExist('rank_id', 'players')) {
 				if(query("ALTER TABLE players MODIFY `rank_id` INT(11) NOT NULL DEFAULT 0;"))
 					success($locale['step_database_modifying_field'] . ' players.rank_id...');
 				if(fieldExist('guildnick', 'players')) {
 					if(query("ALTER TABLE players MODIFY `guildnick` VARCHAR(255) NOT NULL DEFAULT '';")) {
 						success($locale['step_database_modifying_field'] . ' players.guildnick...');
 					}
 				}
 			}
 		}
 		if(!$error && (!isset($_SESSION['saved']))) {
@@ -235,9 +256,11 @@ if(!$error) {
 			$content .= PHP_EOL;
 			$content .= '$config[\'client_download_linux\'] = \'http://tibia-clients.com/clients/download/\'. $config[\'client\'] . \'/tar/linux\';';
 			$content .= PHP_EOL;
-			$content .= '// place for your configuration directives, so you can later easily update myaac';
+			$content .= '$config[\'session_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
 			$content .= PHP_EOL;
-			$content .= "?>";
+			$content .= '$config[\'cache_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
 			$content .= PHP_EOL;
 			$file = fopen(BASE . 'config.local.php', 'a+');
 			if($file) {
 				if(!$error) {
--- a/install/steps/6-admin.php
+++ b/install/steps/6-admin.php
@@ -8,6 +8,7 @@ if(!$error) {
 	echo $twig->render('install.admin.html.twig', array(
 		'locale' => $locale,
 		'session' => $_SESSION,
 		'errors' => isset($errors) ? $errors : null,
 		'buttons' => next_buttons(true, $error ? false : true)
 	));
 }
--- a/install/steps/7-finish.php
+++ b/install/steps/7-finish.php
@@ -1,6 +1,7 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 ini_set('max_execution_time', 300);
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
 }
@@ -20,27 +21,7 @@ else {
 			$salt = generateRandomString(10, false, true, true);
 			$password = $salt . $password;
 		}
 /*
 		$account_db = new OTS_Account();
 		$account_db->load(1);
 		if($account_db->isLoaded()) {
 			if(USE_ACCOUNT_NAME)
 				$account_db->setName('dummy_account');
 			$account_db->setPassword('for sample characters. ' . generateRandomString(10));
 			$account_db->save();
 		}
 		else {
 			$new_account = new OTS_Account();
 			if(USE_ACCOUNT_NAME)
 				$new_account->create('dummy_account', 1);
 			else
 				$new_account->create(null, 1);
 			$new_account->setPassword('for sample characters. ' . generateRandomString(10));
 			$new_account->save();
 		}
 */
 		$account_db = new OTS_Account();
 		if(isset($account))
 			$account_db->find($account);
@@ -55,34 +36,29 @@ else {
 			$player = new OTS_Player();
 			$player->setName('Admin');
-			$player->setGroupId($groups->getHighestId());
+			$player_used = &$player;
 		}
 		else {
 			$player_used = &$player_db;
 		}
 		$player_used->setGroupId($groups->getHighestId());
 		if($account_db->isLoaded()) {
 			$account_db->setPassword(encrypt($password));
 			$account_db->setEMail($_SESSION['var_mail_admin']);
 			$account_db->save();
-			if($config_salt_enabled)
+			$account_used = &$account_db;
 				$account_db->setCustomField('salt', $salt);
 			$account_db->setCustomField('web_flags', 3);
 			$account_db->setCustomField('country', 'us');
 			if(fieldExist('group_id', 'accounts'))
 				$account_db->setCustomField('group_id', $groups->getHighestId());
 			if(fieldExist('type', 'accounts'))
 				$account_db->setCustomField('type', 5);
 			if(!$player_db->isLoaded())
 				$player->setAccountId($account_db->getId());
 			else
 				$player_db->setAccountId($account_db->getId());
 			$_SESSION['account'] = $account_db->getId();
 		}
 		else {
 			$new_account = new OTS_Account();
-			$new_account->create($account);
+			if(USE_ACCOUNT_NAME) {
 				$new_account->create($account);
 			}
 			else {
 				$new_account->create(null, $account_id);
 			}
 			$new_account->setPassword(encrypt($password));
 			$new_account->setEMail($_SESSION['var_mail_admin']);
@@ -90,30 +66,32 @@ else {
 			$new_account->unblock();
 			$new_account->save();
 			if($config_salt_enabled)
 				$new_account->setCustomField('salt', $salt);
 			$new_account->setCustomField('created', time());
 			$new_account->setCustomField('web_flags', 3);
 			$new_account->setCustomField('country', 'us');
 			if(fieldExist('group_id', 'accounts'))
 				$new_account->setCustomField('group_id', $groups->getHighestId());
 			if(fieldExist('type', 'accounts'))
 				$new_account->setCustomField('type', 5);
 			$new_account->logAction('Account created.');
-			if(!$player_db->isLoaded())
+			$account_used = &$new_account;
 				$player->setAccountId($new_account->getId());
 			else
 				$player_db->setAccountId($new_account->getId());
 			$_SESSION['account'] = $new_account->getId();
 		}
 		if($config_salt_enabled)
 			$account_used->setCustomField('salt', $salt);
 		$account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
 		$account_used->setCustomField('country', 'us');
 		if(fieldExist('group_id', 'accounts'))
 			$account_used->setCustomField('group_id', $groups->getHighestId());
 		if(fieldExist('type', 'accounts'))
 			$account_used->setCustomField('type', 5);
 		if(!$player_db->isLoaded())
 			$player->setAccountId($account_used->getId());
 		else
 			$player_db->setAccountId($account_used->getId());
 		success($locale['step_database_created_account']);
-		$_SESSION['password'] = encrypt($password);
+
-		$_SESSION['remember_me'] = true;
+		setSession('account', $account_used->getId());
 		setSession('password', encrypt($password));
 		setSession('remember_me', true);
 		if($player_db->isLoaded()) {
 			$player_db->save();
@@ -129,9 +107,12 @@ else {
 			$player_id = $query['id'];
 		}
-		if(query("INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '1', UNIX_TIMESTAMP(), '2', 'Hello!', 'MyAAC is just READY to use!', " . $player_id . ", 'http://my-aac.org', '0');
+		$query = $db->query("SELECT `id` FROM `" . TABLE_PREFIX ."news` WHERE `title` LIKE 'Hello!';");
-INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '2', UNIX_TIMESTAMP(), '4', 'Hello tickets!', 'http://my-aac.org', " . $player_id . ", '', '0');")) {
+		if($query->rowCount() == 0) {
-			success($locale['step_database_created_news']);
+			if(query("INSERT INTO `" . TABLE_PREFIX ."news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '1', UNIX_TIMESTAMP(), '2', 'Hello!', 'MyAAC is just READY to use!', " . $player_id . ", 'http://my-aac.org', '0');
 	INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '2', UNIX_TIMESTAMP(), '4', 'Hello tickets!', 'http://my-aac.org', " . $player_id . ", '', '0');")) {
 				success($locale['step_database_created_news']);
 			}
 		}
 		$deleted = 'deleted';
@@ -143,31 +124,31 @@ INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `pl
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Rook Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Rook Sample', 4, " . $_SESSION['account'] . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 11, 2200, 1298, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Rook Sample', 1, " . getSession('account') . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 1, 1000, 1000, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Sorcerer Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Sorcerer Sample', 4, " . $_SESSION['account'] . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Sorcerer Sample', 1, " . getSession('account') . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Druid Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Druid Sample', 4, " . $_SESSION['account'] . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Druid Sample', 1, " . getSession('account') . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Paladin Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Paladin Sample', 4, " . $_SESSION['account'] . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Paladin Sample', 1, " . getSession('account') . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Knight Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Knight Sample', 4, " . $_SESSION['account'] . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Knight Sample', 1, " . getSession('account') . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
@@ -175,13 +156,39 @@ INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `pl
 			success($locale['step_database_imported_players']);
 		}
-		require LIBS . 'creatures.php';
+		require(LIBS . 'creatures.php');
-		if(Creatures::loadFromXML())
+		if(Creatures::loadFromXML()) {
-			success($locale['step_database_loaded_creatures']);
+			success($locale['step_database_loaded_monsters']);
-		require LIBS . 'spells.php';
+			if(Creatures::getMonstersList()->hasErrors()) {
-		if(Spells::loadFromXML())
+				$locale['step_database_error_monsters'] = str_replace('$LOG$', 'system/logs/error.log', $locale['step_database_error_monsters']);
 				warning($locale['step_database_error_monsters']);
 			}
 		}
 		else {
 			error(Creatures::getLastError());
 		}
 		require(LIBS . 'spells.php');
 		if(Spells::loadFromXML()) {
 			success($locale['step_database_loaded_spells']);
 		}
 		else {
 			error(Spells::getLastError());
 		}
 		// update config.highscores_ids_hidden
 		$database_migration_20 = true;
 		require_once(SYSTEM . 'migrations/20.php');
 		$content = '';
 		if(!databaseMigration20($content)) {
 			$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.local.php</b>', $locale['step_database_error_file']);
 			warning($locale['step_database_error_file'] . '<br/>
 						<textarea cols="70" rows="10">' . $content . '</textarea>');
 		}
 		// add z_polls tables
 		require_once(SYSTEM . 'migrations/22.php');
 		$locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(ADMIN_URL, $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 		$locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(BASE_URL, $locale['step_finish_homepage'], true), $locale['step_finish_desc']);
--- a/install/template/template.php
+++ b/install/template/template.php
@@ -1,5 +1,6 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" dir="<?php echo $locale['direction']; ?>" lang="<?php echo $locale['lang']; ?>" xml:lang="<?php echo $locale['lang']; ?>">
 <head>
 	<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $locale['encoding']; ?>" />
 	<title>MyAAC - <?php echo $locale['installation']; ?></title>
 	<link rel="stylesheet" type="text/css" href="template/style.css" />
@@ -8,7 +9,7 @@
 	<div id="wrapper">
 		<!--div class="buffer"-->
 			<div id="header">
-				<h1>MyAAC v<?php echo MYAAC_VERSION . ' ' . $locale['installation']; ?></h1>
+				<h1>MyAAC <?php echo $locale['installation']; ?></h1>
 			</div>
 			<div id="body">
--- a/nginx-sample.conf
+++ b/nginx-sample.conf
@@ -0,0 +1,25 @@
 server {
        listen 80;
        root /home/otserv/www/public;
        index index.php;
        server_name your-domain.com;
        location / {
                try_files $uri $uri/ /index.php;
        }
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_read_timeout 240;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }
        location ~ /\.ht {
                deny all;
        }
        location /system {
           deny all;
           return 404;
        }
 }
--- a/robots.txt
+++ b/robots.txt
@@ -0,0 +1,2 @@
 User-agent: *
 Disallow:
--- a/system/bin/install_plugin.php
+++ b/system/bin/install_plugin.php
@@ -0,0 +1,39 @@
 <?php
 if(php_sapi_name() != "cli") {
 	die('This script can be run only in command line mode.');
 }
 require_once('../../common.php');
 require_once(SYSTEM . 'functions.php');
 require_once(SYSTEM . 'init.php');
 require_once(SYSTEM . 'hooks.php');
 require_once(LIBS . 'plugins.php');
 if($argc != 2) {
 	exit('This command expects one parameter: zip file name (plugin)' . PHP_EOL);
 }
 $path_to_file = $argv[1];
 $ext = strtolower(pathinfo($path_to_file, PATHINFO_EXTENSION));
 if($ext != 'zip') {// check if it is zipped/compressed file
 	exit('Please install only .zip files.' . PHP_EOL);
 }
 if(!file_exists($path_to_file)) {
 	exit('ERROR: File ' . $path_to_file . ' does not exist' . PHP_EOL);
 }
 if(Plugins::install($path_to_file)) {
 	foreach(Plugins::getWarnings() as $warning) {
 		echo 'WARNING: ' . $warning;
 	}
 	$info = Plugins::getPluginInfo();
 	echo (isset($info['name']) ? $info['name'] . ' p' : 'P') . 'lugin has been successfully installed.';
 }
 else
 	echo 'ERROR: ' . Plugins::getError();
 echo PHP_EOL;
 ?>
--- a/system/compat.php
+++ b/system/compat.php
@@ -0,0 +1,63 @@
 <?php
 /**
 * Deprecated functions (compat)
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 function check_name($name, &$errors = '') {
 	if(Validator::characterName($name))
 		return true;
 	$errors = Validator::getLastError();
 	return false;
 }
 function check_account_id($id, &$errors = '') {
 	if(Validator::accountId($id))
 		return true;
 	$errors = Validator::getLastError();
 	return false;
 }
 function check_account_name($name, &$errors = '') {
 	if(Validator::accountName($name))
 		return true;
 	$errors = Validator::getLastError();
 	return false;
 }
 function check_name_new_char($name, &$errors = '') {
 	if(Validator::newCharacterName($name))
 		return true;
 	$errors = Validator::getLastError();
 	return false;
 }
 function check_rank_name($name, &$errors = '') {
 	if(Validator::rankName($name))
 		return true;
 	$errors = Validator::getLastError();
 	return false;
 }
 function check_guild_name($name, &$errors = '') {
 	if(Validator::guildName($name))
 		return true;
 	$errors = Validator::getLastError();
 	return false;
 }
 function news_place() {
 	return tickers();
 }
 ?>
--- a/system/compat_pages.php
+++ b/system/compat_pages.php
@@ -5,7 +5,6 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
--- a/system/counter.php
+++ b/system/counter.php
@@ -5,7 +5,6 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
--- a/system/countries.conf.php
+++ b/system/countries.conf.php
@@ -5,7 +5,6 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
--- a/system/database.php
+++ b/system/database.php
@@ -1,4 +1,12 @@
 <?php
 /**
 * Database connection
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 	if(!isset($config['database_type'][0]) || !isset($config['database_user'][0]) || !isset($config['database_password'][0]) || !isset($config['database_name'][0]))
@@ -87,7 +95,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 			'<ul>' .
 				'<li>MySQL is not configured propertly in <i>config.lua</i>.</li>' .
 				'<li>MySQL server is not running.</li>' .
-			'</ul>' . $error);
+			'</ul>' . $error->getMessage());
 	}
 	$db = POT::getInstance()->getDBHandle();
--- a/system/functions.php
+++ b/system/functions.php
@@ -5,27 +5,29 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 function success($message, $return = false) {
 	if($return)
 		return '<p class="success">' . $message . '</p>';
-	echo '<p class="success">' . $message . '</p>';
+function message($message, $type, $return)
 {
 	if($return)
 		return '<p class="' . $type . '">' . $message . '</p>';
 	echo '<p class="' . $type . '">' . $message . '</p>';
 	return true;
 }
 function success($message, $return = false) {
 	return message($message, 'success', $return);
 }
 function warning($message, $return = false) {
-	if($return)
+	return message($message, 'warning', $return);
-		return '<p class="warning">' . $message . '</p>';
+}
-	
+function note($message, $return = false) {
-	echo '<p class="warning">' . $message . '</p>';
+	return message($message, 'note', $return);
 }
 function error($message, $return = false) {
-	if($return)
+	return message($message, 'error', $return);
 		return '<p class="error">' . $message . '</p>';
 	echo '<p class="error">' . $message . '</p>';
 }
 function longToIp($ip)
@@ -117,14 +119,32 @@ function getGuildLink($name, $generate = true)
 	return generateLink($url, $name);
 }
 function getItemNameById($id) {
 	global $db;
 	$query = $db->query('SELECT `name` FROM `' . TABLE_PREFIX . 'items` WHERE `id` = ' . $db->quote($id) . ' LIMIT 1;');
 	if($query->rowCount() == 1) {
 		$item = $query->fetch();
 		return $item['name'];
 	}
 	return '';
 }
 function getItemImage($id, $count = 1)
 {
 	$tooltip = '';
 	$name = getItemNameById($id);
 	if(!empty($name)) {
 		$tooltip = ' class="tooltip" title="' . $name . '"';
 	}
 	$file_name = $id;
 	if($count > 1)
 		$file_name .= '-' . $count;
 	global $config;
-	return '<img src="' . $config['item_images_url'] . $file_name . '.gif" width="32" height="32" border="0" alt=" ' .$id . '" />';
+	return '<img src="' . $config['item_images_url'] . $file_name . '.gif"' . $tooltip . ' width="32" height="32" border="0" alt=" ' .$id . '" />';
 }
 function getFlagImage($country)
@@ -136,6 +156,10 @@ function getFlagImage($country)
 	if(!isset($config['countries']))
 		require(SYSTEM . 'countries.conf.php');
 	if(!isset($config['countries'][$country])) {
 		return '';
 	}
 	return '<img src="images/flags/' . $country . '.gif" title="' . $config['countries'][$country]. '"/>';
 }
@@ -147,7 +171,9 @@ function getFlagImage($country)
 */
 function getBoolean($v)
 {
-	if(!$v || !isset($v[0])) return false;
+	if(is_bool($v)) {
 		return $v;
 	}
 	if(is_numeric($v))
 		return intval($v) > 0;
@@ -197,7 +223,7 @@ function generateRandomString($length, $lowCase = true, $upCase = false, $numeri
 function getForumBoards()
 {
 	global $db, $canEdit;
-	$sections = $db->query('SELECT `id`, `name`, `description`, `closed`' . ($canEdit ? ', `hidden`, `ordering`' : '') . ' FROM `' . TABLE_PREFIX . 'forum_boards` ' . (!$canEdit ? ' WHERE `hidden` != 1' : '') .
+	$sections = $db->query('SELECT `id`, `name`, `description`, `closed`, `guild`, `access`' . ($canEdit ? ', `hidden`, `ordering`' : '') . ' FROM `' . TABLE_PREFIX . 'forum_boards` ' . (!$canEdit ? ' WHERE `hidden` != 1' : '') .
 		' ORDER BY `ordering`;');
 	if($sections)
 		return $sections->fetchAll();
@@ -393,42 +419,16 @@ function short_text($text, $limit)
 	return $text;
 }
-function news_place()
+function tickers()
 {
-	global $template_path, $news_content;
+	global $tickers_content, $featured_article;
-	$news = '';
+	if(PAGE == 'news') {
-	if(PAGE == 'news')
+		if(isset($tickers_content))
-	{
+			return $tickers_content . $featured_article;
 		//add tickers to site - without it tickers will not be showed
 		if(isset($news_content))
 			$news .= $news_content;
 		//featured article
 /*		$news .= '  <div id="featuredarticle" class="Box">
 			<div class="Corner-tl" style="background-image:url('.$template_path.'/images/content/corner-tl.gif);"></div>
 			<div class="Corner-tr" style="background-image:url('.$template_path.'/images/content/corner-tr.gif);"></div>
 			<div class="Border_1" style="background-image:url('.$template_path.'/images/content/border-1.gif);"></div>
 			<div class="BorderTitleText" style="background-image:url('.$template_path.'/images/content/title-background-green.gif);"></div>
 			<img class="Title" src="'.$template_path.'/images/strings/headline-featuredarticle.gif" alt="Contentbox headline" />
 			<div class="Border_2">
 			  <div class="Border_3">
 				<div class="BoxContent" style="background-image:url('.$template_path.'/images/content/scroll.gif);">
 		<div id=\'TeaserThumbnail\'><img src="'.$template_path.'/images/news/features.jpg" width=150 height=100 border=0 alt="" /></div><div id=\'TeaserText\'><div style="position: relative; top: -2px; margin-bottom: 2px;" >
 		<b>Tutaj wpisz tytul</b></div>
 		tutaj wpisz tresc newsa<br>
 		zdjecie laduje sie w <i>tibiacom/images/news/features.jpg</i><br>
 		skad sie laduje mozesz zmienic linijke ponad komentarzem
 		</div>        </div>
 			  </div>
 			</div>
 			<div class="Border_1" style="background-image:url('.$template_path.'/images/content/border-1.gif);"></div>
 			<div class="CornerWrapper-b"><div class="Corner-bl" style="background-image:url('.$template_path.'/images/content/corner-bl.gif);"></div></div>
 			<div class="CornerWrapper-b"><div class="Corner-br" style="background-image:url('.$template_path.'/images/content/corner-br.gif);"></div></div>
 		  </div>';*/
 	}
-	return $news;
+	return '';
 }
 /**
@@ -467,13 +467,13 @@ function template_header($is_admin = false)
 	<meta http-equiv="content-type" content="text/html; charset=' . $charset . '" />';
 	if(!$is_admin)
 		$ret .= '
-	<title>' . $title_full . '</title>
+	<base href="' . BASE_URL . '" />
-	<base href="' . BASE_URL . '" />';
+	<title>' . $title_full . '</title>';
 	$ret .= '
 	<meta name="description" content="' . $config['meta_description'] . '" />
 	<meta name="keywords" content="' . $config['meta_keywords'] . ', myaac, wodzaac" />
-	<meta name="generator" content="MyAAC ' . MYAAC_VERSION . '" />
+	<meta name="generator" content="MyAAC" />
 	<link rel="stylesheet" type="text/css" href="' . BASE_URL . 'tools/messages.css" />
 	<script type="text/javascript" src="' . BASE_URL . 'tools/jquery.js"></script>
 	<noscript>
@@ -579,7 +579,7 @@ function getCreatureName($killer, $showStatus = false, $extendedInfo = false)
 			$str .= '<font color="'.($player->isOnline() ? 'green' : 'red').'">' . $player->getName() . '</font></b></a>';
 			if($extendedInfo) {
-				$str .= '<br><small>'.$player->getLevel().' '.$config['vocations'][$player->getVocation()].'</small>';
+				$str .= '<br><small>'.$player->getLevel().' '.$player->getVocationName().'</small>';
 			}
 			return $str;
 		}
@@ -676,7 +676,7 @@ function getSkillName($skillId, $suffix = true)
 */
 function hasFlag($flag) {
 	global $logged, $logged_flags;
-	return $logged && ($logged_flags & $flag) == $flag;
+	return ($logged && ($logged_flags & $flag) == $flag);
 }
 /**
 * Check if current logged user have got admin flag set.
@@ -810,11 +810,16 @@ function getWorldName($id)
 */
 function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 {
 	/** @var PHPMailer $mailer */
 	global $mailer, $config;
 	if(!$mailer)
 	{
 		require(SYSTEM . 'libs/phpmailer/PHPMailerAutoload.php');
 		$mailer = new PHPMailer();
 		$mailer->setLanguage('en', LIBS . 'phpmailer/language/');
 	}
 	else {
 		$mailer->clearAllRecipients();
 	}
 	$signature_html = '';
@@ -834,6 +839,7 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 		$mailer->SMTPAuth = $config['smtp_auth'];
 		$mailer->Username = $config['smtp_user'];
 		$mailer->Password = $config['smtp_pass'];
 		$mailer->SMTPSecure = isset($config['smtp_secure']) ? $config['smtp_secure'] : '';
 	}
 	else
 		$mailer->IsMail();
@@ -889,6 +895,13 @@ function load_config_lua($filename)
 	if(count($lines) > 0)
 		foreach($lines as $ln => $line)
 		{
 			$line = trim($line);
 			if(@$line[0] === '{' || @$line[0] === '}') {
 				// arrays are not supported yet
 				// just ignore the error
 				continue;
 			}
 			$tmp_exp = explode('=', $line, 2);
 			if(strpos($line, 'dofile') !== false)
 			{
@@ -915,6 +928,12 @@ function load_config_lua($filename)
 						$result[$key] = (string) substr(substr($value, 1), 0, -1);
 					elseif(in_array($value, array('true', 'false')))
 						$result[$key] = ($value == 'true') ? true : false;
 					//elseif(substr($value, 0 , 1) == '{' && substr($value, -1 , 1) == '}') {
 					elseif(@$value[0] === '{') {
 						// arrays are not supported yet
 						// just ignore the error
 						continue;
 					}
 					else
 					{
 						foreach($result as $tmp_key => $tmp_value) // load values definied by other keys, like: dailyFragsToBlackSkull = dailyFragsToRedSkull
@@ -940,9 +959,88 @@ function str_replace_first($search, $replace, $subject) {
 	if ($pos !== false) {
 		return substr_replace($subject, $replace, $pos, strlen($search));
 	}
 	return $subject;
 }
 function setSession($key, $data) {
 	global $config;
 	$_SESSION[$config['session_prefix'] . $key] = $data;
 }
 function getSession($key) {
 	global $config;
 	return (isset($_SESSION[$config['session_prefix'] . $key])) ? $_SESSION[$config['session_prefix'] . $key] : false;
 }
 function unsetSession($key) {
 	global $config;
 	unset($_SESSION[$config['session_prefix'] . $key]);
 }
 function getTopPlayers($limit = 5) {
 	global $cache, $config, $db;
 	$fetch_from_db = true;
 	if($cache->enabled())
 	{
 		$tmp = '';
 		if($cache->fetch('top_' . $limit . '_level', $tmp))
 		{
 			$players = unserialize($tmp);
 			$fetch_from_db = false;
 		}
 	}
 	if($fetch_from_db)
 	{
 		$deleted = 'deleted';
 		if(fieldExist('deletion', 'players'))
 			$deleted = 'deletion';
 		$is_tfs10 = tableExist('players_online');
 		$players = $db->query('SELECT `id`, `name`, `level`, `experience`' . ($is_tfs10 ? '' : ', `online`') . ' FROM `players` WHERE `group_id` < ' . $config['highscores_groups_hidden'] . ' AND `id` NOT IN (' . implode(', ', $config['highscores_ids_hidden']) . ') AND `' . $deleted . '` = 0 AND `account_id` != 1 ORDER BY `experience` DESC LIMIT ' . (int)$limit)->fetchAll();
 		if($is_tfs10) {
 			foreach($players as &$player) {
 				$query = $db->query('SELECT `player_id` FROM `players_online` WHERE `player_id` = ' . $player['id']);
 				$player['online'] = ($query->rowCount() > 0 ? 1 : 0);
 			}
 		}
 		$i = 0;
 		foreach($players as &$player) {
 			$player['rank'] = ++$i;
 		}
 		if($cache->enabled())
 			$cache->set('top_' . $limit . '_level', serialize($players), 120);
 	}
 	return $players;
 }
 function deleteDirectory($dir) {
 	if(!file_exists($dir)) {
 		return true;
 	}
 	if(!is_dir($dir)) {
 		return unlink($dir);
 	}
 	foreach(scandir($dir) as $item) {
 		if($item == '.' || $item == '..') {
 			continue;
 		}
 		if(!deleteDirectory($dir . DIRECTORY_SEPARATOR . $item)) {
 			return false;
 		}
 	}
 	return rmdir($dir);
 }
 // validator functions
 require_once(LIBS . 'validator.php');
 require_once(SYSTEM . 'compat.php');
 ?>
--- a/system/hooks.php
+++ b/system/hooks.php
@@ -5,7 +5,6 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -25,21 +24,6 @@ define('HOOK_CHARACTERS_AFTER_CHARACTERS', 12);
 define('HOOK_FIRST', HOOK_STARTUP);
 define('HOOK_LAST', HOOK_CHARACTERS_AFTER_CHARACTERS);
 $hook_types = array(
 	'STARTUP' => HOOK_STARTUP,
 	'BEFORE_PAGE' => HOOK_BEFORE_PAGE,
 	'AFTER_PAGE' => HOOK_AFTER_PAGE,
 	'FINISH' => HOOK_FINISH,
 	'TIBIACOM_ARTICLE' => HOOK_TIBIACOM_ARTICLE,
 	'TIBIACOM_BORDER_3' => HOOK_TIBIACOM_BORDER_3,
 	'CHARACTERS_BEFORE_INFORMATIONS' => HOOK_CHARACTERS_BEFORE_INFORMATIONS,
 	'CHARACTERS_AFTER_INFORMATIONS' => HOOK_CHARACTERS_AFTER_INFORMATIONS,
 	'CHARACTERS_BEFORE_SIGNATURE' => HOOK_CHARACTERS_BEFORE_SIGNATURE,
 	'CHARACTERS_AFTER_SIGNATURE' => HOOK_CHARACTERS_AFTER_SIGNATURE,
 	'CHARACTERS_AFTER_ACCOUNT' => HOOK_CHARACTERS_AFTER_ACCOUNT,
 	'CHARACTERS_AFTER_CHARACTERS' => HOOK_CHARACTERS_AFTER_CHARACTERS
 );
 class Hook
 {
 	private $_name, $_type, $_file;
@@ -58,12 +42,12 @@ class Hook
 			$ret = $tmp($params);
 		}*/
-		global $db, $config, $template_path, $ots, $content;
+		global $db, $config, $template_path, $ots, $content, $twig;
 		if(file_exists(BASE . $this->_file)) {
-			require(BASE . $this->_file);
+			$ret = require(BASE . $this->_file);
 		}
-		return true;
+		return $ret === null || $ret == 1 || $ret;
 	}
 	public function name() {return $this->_name;}
@@ -87,12 +71,18 @@ class Hooks
 		if(isset(self::$_hooks[$type]))
 		{
 			foreach(self::$_hooks[$type] as $name => $hook)
-				$ret = $hook->execute($params);
+				if(!$hook->execute($params)) {
 					$ret = false;
 				}
 		}
 		return $ret;
 	}
 	public function exist($type) {
 		return isset(self::$_hooks[$type]);
 	}
 	public function load()
 	{
 		global $db;
--- a/system/init.php
+++ b/system/init.php
@@ -5,17 +5,17 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 // load configuration
 require_once(BASE . 'config.php');
 if(file_exists(BASE . 'config.local.php')) // user customizations
 	require(BASE . 'config.local.php');
 if(!isset($config['installed']) || !$config['installed']) {
-	die('AAC has not been installed yet or there was error during installation. Please install again.');
+	die('MyAAC has not been installed yet or there was error during installation. Please install again.');
 }
 date_default_timezone_set($config['date_timezone']);
@@ -47,11 +47,7 @@ $function = new Twig_SimpleFunction('getStyle', function ($i) {
 $twig->addFunction($function);
 $function = new Twig_SimpleFunction('getLink', function ($s) {
-	global $config;
+	return getLink($s);
 	if($config['friendly_urls'])
 		return $s;
 	return '?' . $s;
 });
 $twig->addFunction($function);
@@ -61,6 +57,11 @@ $function = new Twig_SimpleFunction('hook', function ($hook) {
 });
 $twig->addFunction($function);
 $filter = new Twig_SimpleFilter('urlencode', function ($s) {
 	return urlencode($s);
 });
 $twig->addFilter($filter);
 // trim values we receive
 if(isset($_POST))
 {
@@ -86,21 +87,26 @@ if(isset($_REQUEST))
 }
 // load otserv config file
-$tmp = '';
+$config_lua_reload = true;
-if($cache->enabled() && $cache->fetch('config_lua', $tmp)) {
+if($cache->enabled()) {
-	$config['lua'] = unserialize($tmp);
+	$tmp = null;
-	/*if(isset($config['lua']['myaac'][0])) {
+	if($cache->fetch('server_path', $tmp) && $tmp == $config['server_path']) {
-		foreach($config['lua']['myaac'] as $key => $value)
+		$tmp = null;
-			$config[$key] = $value;
+		if($cache->fetch('config_lua', $tmp) && $tmp) {
-	}*/
+			$config['lua'] = unserialize($tmp);
 			$config_lua_reload = false;
 		}
 	}
 }
-else
+
-{
+if($config_lua_reload) {
 	$config['lua'] = load_config_lua($config['server_path'] . 'config.lua');
 	// cache config
-	if($cache->enabled())
+	if($cache->enabled()) {
 		$cache->set('config_lua', serialize($config['lua']), 120);
 		$cache->set('server_path', $config['server_path']);
 	}
 }
 unset($tmp);
@@ -147,6 +153,11 @@ else
 $config['data_path'] = $tmp;
 unset($tmp);
 // new config values for compability
 if(!isset($config['highscores_ids_hidden']) || count($config['highscores_ids_hidden']) == 0) {
 	$config['highscores_ids_hidden'] = array(0);
 }
 // POT
 require_once(SYSTEM . 'libs/pot/OTS.php');
 $ots = POT::getInstance();
--- a/system/item.php
+++ b/system/item.php
@@ -5,21 +5,20 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-require_once(SYSTEM . 'libs/items.php');
+require_once(SYSTEM . 'libs/items_images.php');
-Items::$files = array(
+Items_Images::$files = array(
 	'otb' => SYSTEM . 'data/items.otb',
 	'spr' => SYSTEM . 'data/Tibia.spr',
 	'dat' => SYSTEM . 'data/Tibia.dat'
 );
-Items::$outputDir = BASE . 'images/items/';
+Items_Images::$outputDir = BASE . 'images/items/';
 function generateItem($id = 100, $count = 1) {
-	Items::generate($id, $count);
+	Items_Images::generate($id, $count);
 }
 function itemImageExists($id, $count = 1)
@@ -31,7 +30,7 @@ function itemImageExists($id, $count = 1)
 	if($count > 1)
 		$file_name .= '-' . $count;
-	$file_name = Items::$outputDir . $file_name . '.gif';
+	$file_name = Items_Images::$outputDir . $file_name . '.gif';
 	return file_exists($file_name);
 }
@@ -43,7 +42,7 @@ function outputItem($id = 100, $count = 1)
 	if(!itemImageExists($id, $count))
 	{
 		//echo 'plik istnieje';
-		Items::generate($id, $count);
+		Items_Images::generate($id, $count);
 	}
 	$expires = 60 * 60 * 24 * 30; // 30 days
@@ -56,7 +55,7 @@ function outputItem($id = 100, $count = 1)
 	if($count > 1)
 		$file_name .= '-' . $count;
-	$file_name = Items::$outputDir . $file_name . '.gif';
+	$file_name = Items_Images::$outputDir . $file_name . '.gif';
 	readfile($file_name);
 }
 ?>
--- a/system/libs/cache.php
+++ b/system/libs/cache.php
@@ -6,7 +6,6 @@
 * @author    Slawkens <slawkens@gmail.com>
 * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
--- a/system/libs/cache_apc.php
+++ b/system/libs/cache_apc.php
@@ -6,7 +6,6 @@
 * @author    Slawkens <slawkens@gmail.com>
 * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -32,7 +31,7 @@ class Cache_APC
 	public function get($key)
 	{
 		$tmp = '';
-		if($this->fetch($key, $tmp))
+		if($this->fetch($this->prefix . $key, $tmp))
 			return $tmp;
 		return '';
@@ -43,7 +42,7 @@ class Cache_APC
 	}
 	public function delete($key) {
-		apc_delete($key);
+		apc_delete($this->prefix . $key);
 	}
 	public function enabled() {
--- a/system/libs/cache_eaccelerator.php
+++ b/system/libs/cache_eaccelerator.php
@@ -6,7 +6,6 @@
 * @author    Slawkens <slawkens@gmail.com>
 * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -31,7 +30,7 @@ class Cache_eAccelerator
 	public function get($key)
 	{
 		$tmp = '';
-		if($this->fetch($key, $tmp))
+		if($this->fetch($this->prefix . $key, $tmp))
 			return $tmp;
 		return '';
@@ -42,7 +41,7 @@ class Cache_eAccelerator
 	}
 	public function delete($key) {
-		eaccelerator_rm($key);
+		eaccelerator_rm($this->prefix . $key);
 	}
 	public function enabled() {
--- a/system/libs/cache_file.php
+++ b/system/libs/cache_file.php
@@ -5,7 +5,6 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
--- a/system/libs/cache_xcache.php
+++ b/system/libs/cache_xcache.php
@@ -6,7 +6,6 @@
 * @author    Slawkens <slawkens@gmail.com>
 * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -31,7 +30,7 @@ class Cache_XCache
 	public function get($key)
 	{
 		$tmp = '';
-		if($this->fetch($key, $tmp))
+		if($this->fetch($this->prefix . $key, $tmp))
 			return $tmp;
 		return '';
@@ -48,7 +47,7 @@ class Cache_XCache
 	}
 	public function delete($key) {
-		xcache_unset($key);
+		xcache_unset($this->prefix . $key);
 	}
 	public function enabled() {
--- a/system/libs/creatures.php
+++ b/system/libs/creatures.php
@@ -6,12 +6,14 @@
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 class Creatures {
 	private static $monstersList = null;
 	private static $lastError = '';
 	public static function loadFromXML($show = false) {
 		global $config, $db;
@@ -22,22 +24,35 @@ class Creatures {
 			echo "<h2>All records deleted from table 'myaac_monsters' in database.</h2>";
 		}
-		$allmonsters = new OTS_MonstersList($config['data_path'].'monster/');
+		try {
 			self::$monstersList = new OTS_MonstersList($config['data_path'].'monster/');
 		}
 		catch(Exception $e) {
 			self::$lastError = $e->getMessage();
 			return false;
 		}
 		$items = array();
 		$items_db = $db->query('SELECT `id`, `name` FROM `' . TABLE_PREFIX . 'items`;');
 		foreach($items_db->fetchAll() as $item) {
 			$items[$item['name']] = $item['id'];
 		}
 		//$names_added must be an array
 		$names_added[] = '';
 		//add monsters
-		foreach($allmonsters as $lol) {
+		foreach(self::$monstersList as $lol) {
-			$monster = $allmonsters->current();
+			$monster = self::$monstersList->current();
 			if(!$monster->loaded()) {
 				if($show) {
-					warning('Error while adding monster: ' . $allmonsters->currentFile());
+					warning('Error while adding monster: ' . self::$monstersList->currentFile());
 				}
 				continue;
 			}
 			//load monster mana needed to summon/convince
 			$mana = $monster->getManaCost();
-			//load monster experience
+
 			$exp = $monster->getExperience();
 			//load monster name
 			$name = $monster->getName();
 			//load monster health
@@ -57,51 +72,44 @@ class Creatures {
 					$use_haste = 1;
 				}
 			}
 			//load monster flags
 			$flags = $monster->getFlags();
 			//create string with immunities
 			$immunities = $monster->getImmunities();
 			$imu_nr = 0;
 			$imu_count = count($immunities);
 			$immunities_string = '';
 			foreach($immunities as $immunitie) {
 				$immunities_string .= $immunitie;
 				$imu_nr++;
 				if($imu_count != $imu_nr) {
 					$immunities_string .= ", ";
 				}
 			}
 			//create string with voices
 			$voices = $monster->getVoices();
 			$voice_nr = 0;
 			$voice_count = count($voices);
 			$voices_string = '';
 			foreach($voices as $voice) {
 				$voices_string .= '"'.$voice.'"';
 				$voice_nr++;
 				if($voice_count != $voice_nr) {
 					$voices_string .= ", ";
 				}
 			}
 			//load race
 			$race = $monster->getRace();
 			//create monster gfx name
 			//$gfx_name =  str_replace(" ", "", trim(mb_strtolower($name))).".gif";
 			$gfx_name =  trim(mb_strtolower($name)).".gif";
 			//don't add 2 monsters with same name, like Butterfly
 			//load monster flags
 			$flags = $monster->getFlags();
 			if(!isset($flags['summonable']))
 				$flags['summonable'] = '0';
 			if(!isset($flags['convinceable']))
 				$flags['convinceable'] = '0';
 			$loot = $monster->getLoot();
 			foreach($loot as &$item) {
 				if(!Validator::number($item['id'])) {
 					if(isset($items[$item['id']])) {
 						$item['id'] = $items[$item['id']];
 					}
 				}
 			}
 			if(!in_array($name, $names_added)) {
 				try {
-					$db->query("INSERT INTO `myaac_monsters` (`hide_creature`, `name`, `mana`, `exp`, `health`, `speed_lvl`, `use_haste`, `voices`, `immunities`, `summonable`, `convinceable`, `race`, `gfx_name`, `file_path`) VALUES (0, " . $db->quote($name) . ", " . $db->quote(empty($mana) ? 0 : $mana) . ", " . $db->quote($exp) . ", " . $db->quote($health) . ", " . $db->quote($speed_lvl) . ", " . $db->quote($use_haste) . ", " . $db->quote($voices_string) . ", " . $db->quote($immunities_string) . ", " . $db->quote($flags['summonable'] > 0 ? 1 : 0) . ", " . $db->quote($flags['convinceable'] > 0 ? 1 : 0) . ", ".$db->quote($race).", ".$db->quote($gfx_name).", " . $db->quote($allmonsters->currentFile()) . ")");
+					$db->insert(TABLE_PREFIX . 'monsters', array(
 						'name' => $name,
 						'mana' => empty($mana) ? 0 : $mana,
 						'exp' => $monster->getExperience(),
 						'health' => $health,
 						'speed_lvl' => $speed_lvl,
 						'use_haste' => $use_haste,
 						'voices' => json_encode($monster->getVoices()),
 						'immunities' => json_encode($monster->getImmunities()),
 						'summonable' => $flags['summonable'] > 0 ? 1 : 0,
 						'convinceable' => $flags['convinceable'] > 0 ? 1 : 0,
 						'race' => $race,
 						'loot' => json_encode($loot)
 					));
 					if($show) {
-						success("Added: ".$name."<br/>");
+						success('Added: ' . $name . '<br/>');
 					}
 				}
 				catch(PDOException $error) {
@@ -116,4 +124,12 @@ class Creatures {
 		return true;
 	}
 	public static function getMonstersList() {
 		return self::$monstersList;
 	}
 	public static function getLastError() {
 		return self::$lastError;
 	}
 }
--- a/system/libs/data.php
+++ b/system/libs/data.php
@@ -5,7 +5,6 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
--- a/system/libs/forum.php
+++ b/system/libs/forum.php
@@ -0,0 +1,303 @@
 <?php
 /**
 * Forum class
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 class Forum
 {
 	static public function canPost($account)
 	{
 		global $db, $config;
 		if(!$account->isLoaded() || $account->isBanned())
 			return false;
 		if(self::isModerator())
 			return true;
 		return
 			$db->query(
 				'SELECT `id` FROM `players` WHERE `account_id` = ' . $db->quote($account->getId()) .
 				' AND `level` >= ' . $db->quote($config['forum_level_required']) .
 				' LIMIT 1')->rowCount() > 0;
 	}
 	static public function isModerator() {
 		return hasFlag(FLAG_CONTENT_FORUM) || superAdmin();
 	}
 	static public function add_thread($title, $body, $section_id, $player_id, $account_id, &$errors)
 	{
 		global $db;
 		$thread_id = 0;
 		if($db->insert(TABLE_PREFIX . 'forum', array(
 			'first_post' => 0,
 			'last_post' => time(),
 			'section' => $section_id,
 			'replies' => 0,
 			'views' => 0,
 			'author_aid' => isset($account_id) ? $account_id : 0,
 			'author_guid' => isset($player_id) ? $player_id : 0,
 			'post_text' => $body, 'post_topic' => $title,
 			'post_smile' => 0, 'post_html' => 1,
 			'post_date' => time(),
 			'last_edit_aid' => 0, 'edit_date' => 0,
 			'post_ip' => $_SERVER['REMOTE_ADDR']
 		))) {
 			$thread_id = $db->lastInsertId();
 			$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `first_post`=".(int) $thread_id." WHERE `id` = ".(int) $thread_id);
 		}
 		return $thread_id;
 	}
 	static public function add_post($thread_id, $section, $author_aid, $author_guid, $post_text, $post_topic, $smile, $html)
 	{
 		global $db;
 		$db->insert(TABLE_PREFIX . 'forum', array(
 			'first_post' => $thread_id,
 			'section' => $section,
 			'author_aid' => $author_aid,
 			'author_guid' => $author_guid,
 			'post_text' => $post_text,
 			'post_topic' => $post_topic,
 			'post_smile' => $smile,
 			'post_html' => $html,
 			'post_date' => time(),
 			'post_ip' => $_SERVER['REMOTE_ADDR']
 		));
 	}
 	static public function add_board($name, $description, $access, $guild, &$errors)
 	{
 		global $db;
 		if(isset($name[0]) && isset($description[0]))
 		{
 			$query = $db->select(TABLE_PREFIX . 'forum_boards', array('name' => $name));
 			if($query === false)
 			{
 				$query =
 					$db->query(
 						'SELECT ' . $db->fieldName('ordering') .
 						' FROM ' . $db->tableName(TABLE_PREFIX . 'forum_boards') .
 						' ORDER BY ' . $db->fieldName('ordering') . ' DESC LIMIT 1'
 					);
 				$ordering = 0;
 				if($query->rowCount() > 0) {
 					$query = $query->fetch();
 					$ordering = $query['ordering'] + 1;
 				}
 				$db->insert(TABLE_PREFIX . 'forum_boards', array('name' => $name, 'description' => $description, 'access' => $access, 'guild' => $guild, 'ordering' => $ordering));
 			}
 			else
 				$errors[] = 'Forum board with this name already exists.';
 		}
 		else
 			$errors[] = 'Please fill all inputs.';
 		return !count($errors);
 	}
 	static public function get_board($id) {
 		global $db;
 		return $db->select(TABLE_PREFIX . 'forum_boards', array('id' => $id));
 	}
 	static public function update_board($id, $name, $access, $guild, $description) {
 		global $db;
 		$db->update(TABLE_PREFIX . 'forum_boards', array('name' => $name, 'description' => $description, 'access' => $access, 'guild' => $guild), array('id' => $id));
 	}
 	static public function delete_board($id, &$errors)
 	{
 		global $db;
 		if(isset($id))
 		{
 			if(self::get_board($id) !== false)
 				$db->delete(TABLE_PREFIX . 'forum_boards', array('id' => $id));
 			else
 				$errors[] = 'Forum board with id ' . $id . ' does not exists.';
 		}
 		else
 			$errors[] = 'id not set';
 		return !count($errors);
 	}
 	static public function toggleHidden_board($id, &$errors)
 	{
 		global $db;
 		if(isset($id))
 		{
 			$query = self::get_board($id);
 			if($query !== false)
 				$db->update(TABLE_PREFIX . 'forum_boards', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
 			else
 				$errors[] = 'Forum board with id ' . $id . ' does not exists.';
 		}
 		else
 			$errors[] = 'id not set';
 		return !count($errors);
 	}
 	static public function move_board($id, $i, &$errors)
 	{
 		global $db;
 		$query = self::get_board($id);
 		if($query !== false)
 		{
 			$ordering = $query['ordering'] + $i;
 			$old_record = $db->select(TABLE_PREFIX . 'forum_boards', array('ordering' => $ordering));
 			if($old_record !== false)
 				$db->update(TABLE_PREFIX . 'forum_boards', array('ordering' => $query['ordering']), array('ordering' => $ordering));
 			$db->update(TABLE_PREFIX . 'forum_boards', array('ordering' => $ordering), array('id' => $id));
 		}
 		else
 			$errors[] = 'Forum board with id ' . $id . ' does not exists.';
 		return !count($errors);
 	}
 	public static function parseSmiles($text)
 	{
 		$smileys = array(
 			';D' => 1,
 			':D' => 1,
 			':cool:' => 2,
 			';cool;' => 2,
 			':ekk:' => 3,
 			';ekk;' => 3,
 			';o' => 4,
 			';O' => 4,
 			':o' => 4,
 			':O' => 4,
 			':(' => 5,
 			';(' => 5,
 			':mad:' => 6,
 			';mad;' => 6,
 			';rolleyes;' => 7,
 			':rolleyes:' => 7,
 			':)' => 8,
 			';d' => 9,
 			':d' => 9,
 			';)' => 10
 		);
 		foreach($smileys as $search => $replace)
 			$text = str_replace($search, '<img src="images/forum/smile/'.$replace.'.gif" alt="'. $search .'" title="' . $search . '" />', $text);
 		return $text;
 	}
 	public static function parseBBCode($text, $smiles)
 	{
 		$rows = 0;
 		while(stripos($text, '[code]') !== false && stripos($text, '[/code]') !== false )
 		{
 			$code = substr($text, stripos($text, '[code]')+6, stripos($text, '[/code]') - stripos($text, '[code]') - 6);
 			if(!is_int($rows / 2)) { $bgcolor = 'ABED25'; } else { $bgcolor = '23ED25'; } $rows++;
 			$text = str_ireplace('[code]'.$code.'[/code]', '<i>Code:</i><br /><table cellpadding="0" style="background-color: #'.$bgcolor.'; width: 480px; border-style: dotted; border-color: #CCCCCC; border-width: 2px"><tr><td>'.$code.'</td></tr></table>', $text);
 		}
 		$rows = 0;
 		while(stripos($text, '[quote]') !== false && stripos($text, '[/quote]') !== false )
 		{
 			$quote = substr($text, stripos($text, '[quote]')+7, stripos($text, '[/quote]') - stripos($text, '[quote]') - 7);
 			if(!is_int($rows / 2)) { $bgcolor = 'AAAAAA'; } else { $bgcolor = 'CCCCCC'; } $rows++;
 			$text = str_ireplace('[quote]'.$quote.'[/quote]', '<table cellpadding="0" style="background-color: #'.$bgcolor.'; width: 480px; border-style: dotted; border-color: #007900; border-width: 2px"><tr><td>'.$quote.'</td></tr></table>', $text);
 		}
 		$rows = 0;
 		while(stripos($text, '[url]') !== false && stripos($text, '[/url]') !== false )
 		{
 			$url = substr($text, stripos($text, '[url]')+5, stripos($text, '[/url]') - stripos($text, '[url]') - 5);
 			$text = str_ireplace('[url]'.$url.'[/url]', '<a href="'.$url.'" target="_blank">'.$url.'</a>', $text);
 		}
 		$xhtml = false;
 		$tags = array(
 			'#\[b\](.*?)\[/b\]#si' => ($xhtml ? '<strong>\\1</strong>' : '<b>\\1</b>'),
 			'#\[i\](.*?)\[/i\]#si' => ($xhtml ? '<em>\\1</em>' : '<i>\\1</i>'),
 			'#\[u\](.*?)\[/u\]#si' => ($xhtml ? '<span style="text-decoration: underline;">\\1</span>' : '<u>\\1</u>'),
 			'#\[s\](.*?)\[/s\]#si' => ($xhtml ? '<strike>\\1</strike>' : '<s>\\1</s>'),
 			'#\[guild\](.*?)\[/guild\]#si' => urldecode(generateLink(getGuildLink('$1', false), '$1', true)),
 			'#\[house\](.*?)\[/house\]#si' => urldecode(generateLink(getHouseLink('$1', false), '$1', true)),
 			'#\[player\](.*?)\[/player\]#si' => urldecode(generateLink(getPlayerLink('$1', false), '$1', true)),
 			// TODO: [poll] tag
 			'#\[color=(.*?)\](.*?)\[/color\]#si' => ($xhtml ? '<span style="color: \\1;">\\2</span>' : '<font color="\\1">\\2</font>'),
 			'#\[img\](.*?)\[/img\]#si' => ($xhtml ? '<img src="\\1" border="0" alt="" />' : '<img src="\\1" border="0" alt="">'),
 			'#\[url=(.*?)\](.*?)\[/url\]#si' => '<a href="\\1" title="\\2">\\2</a>',
 //		'#\[email\](.*?)\[/email\]#si' => '<a href="mailto:\\1" title="Email \\1">\\1</a>',
 			'#\[code\](.*?)\[/code\]#si' => '<code>\\1</code>',
 //		'#\[align=(.*?)\](.*?)\[/align\]#si' => ($xhtml ? '<div style="text-align: \\1;">\\2</div>' : '<div align="\\1">\\2</div>'),
 //		'#\[br\]#si' => ($xhtml ? '<br style="clear: both;" />' : '<br>'),
 		);
 		foreach($tags as $search => $replace)
 			$text = preg_replace($search, $replace, $text);
 		return ($smiles ? Forum::parseSmiles($text) : $text);
 	}
 	public static function showPost($topic, $text, $smiles = true, $html = false)
 	{
 		if($html) {
 			return '<b>' . $topic . '</b><hr />' . $text;
 		}
 		$post = '';
 		if(!empty($topic))
 			$post .= '<b>'.($smiles ? self::parseSmiles($topic) : $topic).'</b><hr />';
 		$post .= self::parseBBCode(nl2br($text), $smiles);
 		return $post;
 	}
 	public static function hasAccess($board_id) {
 		global $sections, $logged, $account_logged, $logged_access;
 		if(!isset($sections[$board_id]))
 			return false;
 		$hasAccess = true;
 		$section = $sections[$board_id];
 		if($section['guild'] > 0) {
 			if($logged) {
 				$guild = new OTS_Guild();
 				$guild->load($section['guild']);
 				$status = false;
 				if($guild->isLoaded()) {
 					$account_players = $account_logged->getPlayers();
 					foreach ($account_players as $player) {
 						if($guild->hasMember($player)) {
 							$status = true;
 						}
 					}
 				}
 				if (!$status) $hasAccess = false;
 			}
 			else {
 				$hasAccess = false;
 			}
 		}
 		if($section['access'] > 0) {
 			if($logged_access < $section['access']) {
 				$hasAccess = false;
 			}
 		}
 		return $hasAccess;
 	}
 }
 ?>
--- a/system/libs/items.php
+++ b/system/libs/items.php
@@ -3,264 +3,143 @@
 * Items class
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 if ( !function_exists( 'stackId' ) )
 {
 	function stackId( $count )
 	{
 		if ( $count >= 50 )
 			$stack = 8;
 		elseif ( $count >= 25 )
 			$stack = 7;
 		elseif ( $count >= 10 )
 			$stack = 6;
 		elseif ( $count >= 5 )
 			$stack = 5;
 		elseif ( $count >= 4 )
 			$stack = 4;
 		elseif ( $count >= 3 )
 			$stack = 3;
 		elseif ( $count >= 2 )
 			$stack = 2;
 		else
 			$stack = 1;
 		return $stack;
 	}
 }
 class Items
 {
-	public static $outputDir = '';
+	private static $error = '';
 	public static $files = array();
-	private static $otb, $dat, $spr;
+	public static function loadFromXML($show = false)
 	private static $lastItem;
 	private static $loaded = false;
 	public function __destruct()
 	{
-		if(self::$otb)
+		global $config, $db;
-			fclose(self::$otb);
+		
-		if(self::$dat)
+		try {
-			fclose(self::$dat);
+			$db->query("DELETE FROM `myaac_items`;");
-		if(self::$spr)
+		} catch (PDOException $error) {
-			fclose(self::$spr);
+		}
 		$file_path = $config['data_path'] . 'items/items.xml';
 		if (!file_exists($file_path)) {
 			self::$error = 'Cannot load file ' . $file_path;
 			return false;
 		}
 		$xml = new DOMDocument;
 		$xml->load($file_path);
 		foreach ($xml->getElementsByTagName('item') as $item) {
 			if ($item->getAttribute('fromid')) {
 				for ($id = $item->getAttribute('fromid'); $id <= $item->getAttribute('toid'); $id++) {
 					self::parseNode($id, $item, $show);
 				}
 			} else
 				self::parseNode($item->getAttribute('id'), $item, $show);
 		}
 		return true;
 	}
-	public static function generate($id = 100, $count = 1)
+	public static function parseNode($id, $node, $show = false) {
-	{
+		global $db;
 		if(!self::$loaded)
 			self::load();
-		$originalId = $id;
+		$name = $node->getAttribute('name');
-		if($id < 100)
+		$article = $node->getAttribute('article');
-			return false;
+		$plural = $node->getAttribute('plural');
 			//die('ID cannot be lower than 100.');
-		rewind(self::$otb);
+		$attributes = array();
-		rewind(self::$dat);
+		foreach($node->getElementsByTagName('attribute') as $attr) {
-		rewind(self::$spr);
+			$attributes[strtolower($attr->getAttribute('key'))] = $attr->getAttribute('value');
 		$nostand = false;
 		$init = false;
 		$originalId = $id;
 		// parse info from otb
 		while( false !== ( $char = fgetc( self::$otb ) ) )
 		{
 			$byte = HEX_PREFIX.bin2hex( $char );
 			if ( $byte == 0xFE )
 				$init = true;
 			elseif ( $byte == 0x10 and $init ) {
 				extract( unpack( 'x2/Ssid', fread( self::$otb, 4 ) ) );
 				if ( $id == $sid ) {
 					if ( HEX_PREFIX.bin2hex( fread( self::$otb, 1 ) ) == 0x11 ) {
 						extract( unpack( 'x2/Sid', fread( self::$otb, 4 ) ) );
 						break;
 					}
 				}
 				$init = false;
 			}
 		}
-		self::$lastItem = array_sum( unpack( 'x4/S*', fread( self::$dat, 12 )));
+		$exist = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'items` WHERE `id` = ' . $id);
-		if($id > self::$lastItem)
+		if($exist->rowCount() > 0) {
-			return false;
+			if($show) {
-
+				warning('Duplicated item with id: ' . $id);
 		//ini_set('max_execution_time', 300); 
 		// parse info from dat
 		for( $i = 100; $i <= $id; $i++ ) {
 			while( ( $byte = HEX_PREFIX.bin2hex( fgetc( self::$dat ) ) ) != 0xFF ) {
 				$offset = 0;
 				switch( $byte ) {
 					case 0x00:
 					case 0x09:
 					case 0x0A:
 					case 0x1A:
 					case 0x1D:
 					case 0x1E:
 						$offset = 2;
 						break;
 					case 0x16:
 					case 0x19:
 						$offset = 4;
 						break;
 					case 0x01:
 					case 0x02:
 					case 0x03:
 					case 0x04:
 					case 0x05:
 					case 0x06:
 					case 0x07:
 					case 0x08:
 					case 0x0B:
 					case 0x0C:
 					case 0x0D:
 					case 0x0E:
 					case 0x0F:
 					case 0x10:
 					case 0x11:
 					case 0x12:
 					case 0x13:
 					case 0x14:
 					case 0x15:
 					case 0x17:
 					case 0x18:
 					case 0x1B:
 					case 0x1C:
 					case 0x1F:
 					case 0x20:
 						break;
 					default:
 						return false; #trigger_error( sprintf( 'Unknown .DAT byte %s (previous byte: %s; address %x)', $byte, $prev, ftell( $dat ), E_USER_ERROR ) );
 						break;
 				}
 				$prev = $byte;
 				fseek( self::$dat, $offset, SEEK_CUR );
 			}
 			extract( unpack( 'Cwidth/Cheight', fread( self::$dat, 2 ) ) );
 			if ( $width > 1 or $height > 1 ) {
 				fseek( self::$dat, 1, SEEK_CUR );
 				$nostand = true;
 			}
 			$sprites_c = array_product( unpack( 'C*', fread( self::$dat, 5 ) ) ) * $width * $height;
 			$sprites = unpack( 'S*', fread( self::$dat, 2 * $sprites_c ) );
 		}
 		if ( array_key_exists( stackId( $count ), $sprites ) ) {
 			$sprites = (array) $sprites[stackId( $count )];
 		}
 		else {
-			$sprites = (array) $sprites[array_rand( $sprites ) ];
+			$db->insert(TABLE_PREFIX . 'items', array('id' => $id, 'article' => $article, 'name' => $name, 'plural' => $plural, 'attributes' => json_encode($attributes)));
 		}
 		fseek( self::$spr, 6 );
 		$sprite = imagecreatetruecolor( 32 * $width, 32 * $height );
 		imagecolortransparent( $sprite, imagecolorallocate( $sprite, 0, 0, 0 ) );
 		foreach( $sprites as $key => $value ) {
 			fseek( self::$spr, 6 + ( $value - 1 ) * 4 );
 			extract( unpack( 'Laddress', fread( self::$spr, 4 ) ) );
 			fseek( self::$spr, $address + 3 );
 			extract( unpack( 'Ssize', fread( self::$spr, 2 ) ) );
 			list( $num, $bit ) = array( 0, 0 );
 			while( $bit < $size ) {
 				$pixels = unpack( 'Strans/Scolored', fread( self::$spr, 4 ) );
 				$num += $pixels['trans'];
 				for( $i = 0; $i < $pixels['colored']; $i++ )
 				{
 					extract( unpack( 'Cred/Cgreen/Cblue', fread( self::$spr, 3 ) ) );
 					$red = ( $red == 0 ? ( $green == 0 ? ( $blue == 0 ? 1 : $red ) : $red ) : $red );
 					imagesetpixel( $sprite,
 						$num % 32 + ( $key % 2 == 1 ? 32 : 0 ),
 						$num / 32 + ( $key % 4 != 1 and $key % 4 != 0 ? 32 : 0 ),
 						imagecolorallocate( $sprite, $red, $green, $blue ) );
 					$num++;
 				}
 				$bit += 4 + 3 * $pixels['colored'];
 			}
 		}
 		if ( $count >= 2 ) {
 			if ( $count > 100 )
 				$count = 100;
 			$font = 3;
 			$length = imagefontwidth( $font ) * strlen( $count );
 			$pos = array(
 				'x' => ( 32 * $width ) - ( $length + 1 ),
 				'y' => ( 32 * $height ) - 13
 			);
 			imagestring( $sprite, $font, $pos['x'] - 1, $pos['y'] - 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'], $pos['y'] - 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'] - 1, $pos['y'], $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'], $pos['y'] + 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'] + 1, $pos['y'], $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'] + 1, $pos['y'] + 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'], $pos['y'], $count, imagecolorallocate( $sprite, 219, 219, 219 ) );
 		}
 		$imagePath = self::$outputDir . ($count > 1 ? $originalId . '-' . $count : $originalId ) . '.gif';
 		// save image
 		imagegif($sprite, $imagePath);
 	}
-	public static function load()
+	public static function getError() {
-	{
+		return self::$error;
-		if(!defined( 'HEX_PREFIX'))
+	}
 			define('HEX_PREFIX', '0x');
-		self::$otb = fopen(self::$files['otb'], 'rb');
+	public static function getItem($id) {
-		self::$dat = fopen(self::$files['dat'], 'rb');
+		global $db;
 		self::$spr = fopen(self::$files['spr'], 'rb');
-		if(!self::$otb || !self::$dat || !self::$spr)
+		$item = $db->select(TABLE_PREFIX . 'items', array('id' => $id));
-			die('ERROR: Cannot load data files.');
+		$item['attributes'] = json_decode($item['attributes']);
-		/*
+		
-		if ( $nostand )
+		return $item;
-		{
+	}
-			for( $i = 0; $i < sizeof( $sprites ) / 4; $i++ )
+	
-			{
+	public static function getDescription($id, $count = 1) {
-				$sprites = array_merge( (array) $sprites, array_reverse( array_slice( $sprites, $i * 4, 4 ) ) );
+		global $config, $db;
 		$item = self::getItem($id);
 		$attr = $item['attributes'];
 		$s = '';
 		if(!empty($item['name'])) {
 			if($count > 1) {
 				if($attr['showcount']) {
 					$s .= $count . ' ';
 				}
 				if(!empty($item['plural'])) {
 					$s .= $item['plural'];
 				}
 				else if((int)$attr['showcount'] == 0) {
 					$s .= $item['name'];
 				}
 				else {
 					$s .= $item['name'] . 's';
 				}
 			}
 			else {
 				if(!empty($item['aticle'])) {
 					$s .= $item['article'] . ' ';
 				}
 				$s .= $item['name'];
 			}
 		}
 		else
-		{
+			$s .= 'an item of type ' . $item['id'];
-			$sprites = (array) $sprites[array_rand( $sprites ) ];
+		
 		if(strtolower($attr['type']) == 'rune') {
 			$query = $db->query('SELECT `level`, `maglevel`, `vocations` FROM `' . TABLE_PREFIX . 'spells` WHERE `item_id` = ' . $id);
 			if($query->rowCount() == 1) {
 				$query = $query->fetch();
 				if($query['level'] > 0 && $query['maglevel'] > 0) {
 					$s .= '. ' . ($count > 1 ? "They" : "It") . ' can only be used by ';
 				}
 				if(!empty(trim($query['vocations']))) {
 					$vocations = json_decode($query['vocations']);
 					if(count($vocations) > 0) {
 						foreach($vocations as $voc => $show) {
 							$vocations[$config['vocations'][$voc]] = $show;
 						}
 					}
 				}
 				else {
 					$s .= 'players';
 				}
 				$s .= ' with';
 			}
 		}
-		*/
+		return $s;
 		self::$loaded = true;
 	}
 	public static function loaded() {
 		return self::$loaded;
 	}
 }
--- a/system/libs/items_images.php
+++ b/system/libs/items_images.php
@@ -0,0 +1,265 @@
 <?php
 /**
 * Items_Images class
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 if ( !function_exists( 'stackId' ) )
 {
 	function stackId( $count )
 	{
 		if ( $count >= 50 )
 			$stack = 8;
 		elseif ( $count >= 25 )
 			$stack = 7;
 		elseif ( $count >= 10 )
 			$stack = 6;
 		elseif ( $count >= 5 )
 			$stack = 5;
 		elseif ( $count >= 4 )
 			$stack = 4;
 		elseif ( $count >= 3 )
 			$stack = 3;
 		elseif ( $count >= 2 )
 			$stack = 2;
 		else
 			$stack = 1;
 		return $stack;
 	}
 }
 class Items_Images
 {
 	public static $outputDir = '';
 	public static $files = array();
 	private static $otb, $dat, $spr;
 	private static $lastItem;
 	private static $loaded = false;
 	public function __destruct()
 	{
 		if(self::$otb)
 			fclose(self::$otb);
 		if(self::$dat)
 			fclose(self::$dat);
 		if(self::$spr)
 			fclose(self::$spr);
 	}
 	public static function generate($id = 100, $count = 1)
 	{
 		if(!self::$loaded)
 			self::load();
 		$originalId = $id;
 		if($id < 100)
 			return false;
 			//die('ID cannot be lower than 100.');
 		rewind(self::$otb);
 		rewind(self::$dat);
 		rewind(self::$spr);
 		$nostand = false;
 		$init = false;
 		$originalId = $id;
 		// parse info from otb
 		while( false !== ( $char = fgetc( self::$otb ) ) )
 		{
 			$byte = HEX_PREFIX.bin2hex( $char );
 			if ( $byte == 0xFE )
 				$init = true;
 			elseif ( $byte == 0x10 and $init ) {
 				extract( unpack( 'x2/Ssid', fread( self::$otb, 4 ) ) );
 				if ( $id == $sid ) {
 					if ( HEX_PREFIX.bin2hex( fread( self::$otb, 1 ) ) == 0x11 ) {
 						extract( unpack( 'x2/Sid', fread( self::$otb, 4 ) ) );
 						break;
 					}
 				}
 				$init = false;
 			}
 		}
 		self::$lastItem = array_sum( unpack( 'x4/S*', fread( self::$dat, 12 )));
 		if($id > self::$lastItem)
 			return false;
 		//ini_set('max_execution_time', 300); 
 		// parse info from dat
 		for( $i = 100; $i <= $id; $i++ ) {
 			while( ( $byte = HEX_PREFIX.bin2hex( fgetc( self::$dat ) ) ) != 0xFF ) {
 				$offset = 0;
 				switch( $byte ) {
 					case 0x00:
 					case 0x09:
 					case 0x0A:
 					case 0x1A:
 					case 0x1D:
 					case 0x1E:
 						$offset = 2;
 						break;
 					case 0x16:
 					case 0x19:
 						$offset = 4;
 						break;
 					case 0x01:
 					case 0x02:
 					case 0x03:
 					case 0x04:
 					case 0x05:
 					case 0x06:
 					case 0x07:
 					case 0x08:
 					case 0x0B:
 					case 0x0C:
 					case 0x0D:
 					case 0x0E:
 					case 0x0F:
 					case 0x10:
 					case 0x11:
 					case 0x12:
 					case 0x13:
 					case 0x14:
 					case 0x15:
 					case 0x17:
 					case 0x18:
 					case 0x1B:
 					case 0x1C:
 					case 0x1F:
 					case 0x20:
 						break;
 					default:
 						return false; #trigger_error( sprintf( 'Unknown .DAT byte %s (previous byte: %s; address %x)', $byte, $prev, ftell( $dat ), E_USER_ERROR ) );
 						break;
 				}
 				$prev = $byte;
 				fseek( self::$dat, $offset, SEEK_CUR );
 			}
 			extract( unpack( 'Cwidth/Cheight', fread( self::$dat, 2 ) ) );
 			if ( $width > 1 or $height > 1 ) {
 				fseek( self::$dat, 1, SEEK_CUR );
 				$nostand = true;
 			}
 			$sprites_c = array_product( unpack( 'C*', fread( self::$dat, 5 ) ) ) * $width * $height;
 			$sprites = unpack( 'S*', fread( self::$dat, 2 * $sprites_c ) );
 		}
 		if ( array_key_exists( stackId( $count ), $sprites ) ) {
 			$sprites = (array) $sprites[stackId( $count )];
 		}
 		else {
 			$sprites = (array) $sprites[array_rand( $sprites ) ];
 		}
 		fseek( self::$spr, 6 );
 		$sprite = imagecreatetruecolor( 32 * $width, 32 * $height );
 		imagecolortransparent( $sprite, imagecolorallocate( $sprite, 0, 0, 0 ) );
 		foreach( $sprites as $key => $value ) {
 			fseek( self::$spr, 6 + ( $value - 1 ) * 4 );
 			extract( unpack( 'Laddress', fread( self::$spr, 4 ) ) );
 			fseek( self::$spr, $address + 3 );
 			extract( unpack( 'Ssize', fread( self::$spr, 2 ) ) );
 			list( $num, $bit ) = array( 0, 0 );
 			while( $bit < $size ) {
 				$pixels = unpack( 'Strans/Scolored', fread( self::$spr, 4 ) );
 				$num += $pixels['trans'];
 				for( $i = 0; $i < $pixels['colored']; $i++ )
 				{
 					extract( unpack( 'Cred/Cgreen/Cblue', fread( self::$spr, 3 ) ) );
 					$red = ( $red == 0 ? ( $green == 0 ? ( $blue == 0 ? 1 : $red ) : $red ) : $red );
 					imagesetpixel( $sprite,
 						$num % 32 + ( $key % 2 == 1 ? 32 : 0 ),
 						$num / 32 + ( $key % 4 != 1 and $key % 4 != 0 ? 32 : 0 ),
 						imagecolorallocate( $sprite, $red, $green, $blue ) );
 					$num++;
 				}
 				$bit += 4 + 3 * $pixels['colored'];
 			}
 		}
 		if ( $count >= 2 ) {
 			if ( $count > 100 )
 				$count = 100;
 			$font = 3;
 			$length = imagefontwidth( $font ) * strlen( $count );
 			$pos = array(
 				'x' => ( 32 * $width ) - ( $length + 1 ),
 				'y' => ( 32 * $height ) - 13
 			);
 			imagestring( $sprite, $font, $pos['x'] - 1, $pos['y'] - 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'], $pos['y'] - 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'] - 1, $pos['y'], $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'], $pos['y'] + 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'] + 1, $pos['y'], $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'] + 1, $pos['y'] + 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
 			imagestring( $sprite, $font, $pos['x'], $pos['y'], $count, imagecolorallocate( $sprite, 219, 219, 219 ) );
 		}
 		$imagePath = self::$outputDir . ($count > 1 ? $originalId . '-' . $count : $originalId ) . '.gif';
 		// save image
 		imagegif($sprite, $imagePath);
 	}
 	public static function load()
 	{
 		if(!defined( 'HEX_PREFIX'))
 			define('HEX_PREFIX', '0x');
 		self::$otb = fopen(self::$files['otb'], 'rb');
 		self::$dat = fopen(self::$files['dat'], 'rb');
 		self::$spr = fopen(self::$files['spr'], 'rb');
 		if(!self::$otb || !self::$dat || !self::$spr)
 			die('ERROR: Cannot load data files.');
 		/*
 		if ( $nostand )
 		{
 			for( $i = 0; $i < sizeof( $sprites ) / 4; $i++ )
 			{
 				$sprites = array_merge( (array) $sprites, array_reverse( array_slice( $sprites, $i * 4, 4 ) ) );
 			}
 		}
 		else
 		{
 			$sprites = (array) $sprites[array_rand( $sprites ) ];
 		}
 		*/
 		self::$loaded = true;
 	}
 	public static function loaded() {
 		return self::$loaded;
 	}
 }
--- a/system/libs/phpmailer/PHPMailerAutoload.php
+++ b/system/libs/phpmailer/PHPMailerAutoload.php
@@ -30,20 +30,4 @@ function PHPMailerAutoload($classname)
    }
 }
 if (version_compare(PHP_VERSION, '5.1.2', '>=')) {
    //SPL autoloading was introduced in PHP 5.1.2
    if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
        spl_autoload_register('PHPMailerAutoload', true, true);
    } else {
        spl_autoload_register('PHPMailerAutoload');
    }
 } else {
    /**
     * Fall back to traditional autoload for old PHP versions
     * @param string $classname The name of the class to load
     */
    function __autoload($classname)
    {
        PHPMailerAutoload($classname);
    }
 }
--- a/system/libs/phpmailer/class.phpmailer.php
+++ b/system/libs/phpmailer/class.phpmailer.php
@@ -31,7 +31,7 @@ class PHPMailer
     * The PHPMailer Version number.
     * @var string
     */
-    public $Version = '5.2.23';
+    public $Version = '5.2.26';
    /**
     * Email priority.
@@ -440,9 +440,9 @@ class PHPMailer
     *
     * Parameters:
     *   boolean $result        result of the send action
-     *   string  $to            email address of the recipient
+     *   array   $to            email addresses of the recipients
-     *   string  $cc            cc email addresses
+     *   array   $cc            cc email addresses
-     *   string  $bcc           bcc email addresses
+     *   array   $bcc           bcc email addresses
     *   string  $subject       the subject
     *   string  $body          the email body
     *   string  $from          email address of sender
@@ -659,6 +659,8 @@ class PHPMailer
        if ($exceptions !== null) {
            $this->exceptions = (boolean)$exceptions;
        }
        //Pick an appropriate debug output format automatically
        $this->Debugoutput = (strpos(PHP_SAPI, 'cli') !== false ? 'echo' : 'html');
    }
    /**
@@ -1622,8 +1624,13 @@ class PHPMailer
        foreach ($hosts as $hostentry) {
            $hostinfo = array();
-            if (!preg_match('/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*):?([0-9]*)$/', trim($hostentry), $hostinfo)) {
+            if (!preg_match(
                '/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*|\[[a-fA-F0-9:]+\]):?([0-9]*)$/',
                trim($hostentry),
                $hostinfo
            )) {
                // Not a valid host entry
                $this->edebug('Ignoring invalid host: ' . $hostentry);
                continue;
            }
            // $hostinfo[2]: optional ssl or tls prefix
@@ -1742,6 +1749,7 @@ class PHPMailer
            'dk' => 'da',
            'no' => 'nb',
            'se' => 'sv',
            'sr' => 'rs'
        );
        if (isset($renamed_langcodes[$langcode])) {
@@ -2024,10 +2032,7 @@ class PHPMailer
    {
        $result = '';
-        if ($this->MessageDate == '') {
+        $result .= $this->headerLine('Date', $this->MessageDate == '' ? self::rfcDate() : $this->MessageDate);
            $this->MessageDate = self::rfcDate();
        }
        $result .= $this->headerLine('Date', $this->MessageDate);
        // To be created automatically by mail()
        if ($this->SingleTo) {
@@ -4033,7 +4038,7 @@ class phpmailerException extends Exception
     */
    public function errorMessage()
    {
-        $errorMsg = '<strong>' . $this->getMessage() . "</strong><br />\n";
+        $errorMsg = '<strong>' . htmlspecialchars($this->getMessage()) . "</strong><br />\n";
        return $errorMsg;
    }
 }
--- a/system/libs/phpmailer/class.pop3.php
+++ b/system/libs/phpmailer/class.pop3.php
@@ -34,7 +34,7 @@ class POP3
     * @var string
     * @access public
     */
-    public $Version = '5.2.23';
+    public $Version = '5.2.26';
    /**
     * Default POP3 port number.
--- a/system/libs/phpmailer/class.smtp.php
+++ b/system/libs/phpmailer/class.smtp.php
@@ -30,7 +30,7 @@ class SMTP
     * The PHPMailer SMTP version number.
     * @var string
     */
-    const VERSION = '5.2.23';
+    const VERSION = '5.2.26';
    /**
     * SMTP line break constant.
@@ -81,7 +81,7 @@ class SMTP
     * @deprecated Use the `VERSION` constant instead
     * @see SMTP::VERSION
     */
-    public $Version = '5.2.23';
+    public $Version = '5.2.26';
    /**
     * SMTP server port number.
@@ -151,9 +151,8 @@ class SMTP
    public $Timelimit = 300;
    /**
-     * @var array patterns to extract smtp transaction id from smtp reply
+     * @var array Patterns to extract an SMTP transaction id from reply to a DATA command.
-     * Only first capture group will be use, use non-capturing group to deal with it
+     * The first capture group in each regex will be used as the ID.
     * Extend this class to override this property to fulfil your needs.
     */
    protected $smtp_transaction_id_patterns = array(
        'exim' => '/[0-9]{3} OK id=(.*)/',
@@ -161,6 +160,12 @@ class SMTP
        'postfix' => '/[0-9]{3} 2.0.0 Ok: queued as (.*)/'
    );
    /**
     * @var string The last transaction ID issued in response to a DATA command,
     * if one was detected
     */
    protected $last_smtp_transaction_id;
    /**
     * The socket for the server connection.
     * @var resource
@@ -227,7 +232,7 @@ class SMTP
                break;
            case 'html':
                //Cleans up output a bit for a better looking, HTML-safe output
-                echo htmlentities(
+                echo gmdate('Y-m-d H:i:s') . ' ' . htmlentities(
                    preg_replace('/[\r\n]+/', '', $str),
                    ENT_QUOTES,
                    'UTF-8'
@@ -709,6 +714,7 @@ class SMTP
        $savetimelimit = $this->Timelimit;
        $this->Timelimit = $this->Timelimit * 2;
        $result = $this->sendCommand('DATA END', '.', 250);
        $this->recordLastTransactionID();
        //Restore timelimit
        $this->Timelimit = $savetimelimit;
        return $result;
@@ -989,7 +995,10 @@ class SMTP
    public function client_send($data)
    {
        $this->edebug("CLIENT -> SERVER: $data", self::DEBUG_CLIENT);
-        return fwrite($this->smtp_conn, $data);
+        set_error_handler(array($this, 'errorHandler'));
        $result = fwrite($this->smtp_conn, $data);
        restore_error_handler();
        return $result;
    }
    /**
@@ -1089,8 +1098,10 @@ class SMTP
            $this->edebug("SMTP -> get_lines(): \$data is \"$data\"", self::DEBUG_LOWLEVEL);
            $this->edebug("SMTP -> get_lines(): \$str is  \"$str\"", self::DEBUG_LOWLEVEL);
            $data .= $str;
-            // If 4th character is a space, we are done reading, break the loop, micro-optimisation over strlen
+            // If response is only 3 chars (not valid, but RFC5321 S4.2 says it must be handled),
-            if ((isset($str[3]) and $str[3] == ' ')) {
+            // or 4th character is a space, we are done reading, break the loop,
            // string array access is a micro-optimisation over strlen
            if (!isset($str[3]) or (isset($str[3]) and $str[3] == ' ')) {
                break;
            }
            // Timed-out? Log and break
@@ -1226,26 +1237,40 @@ class SMTP
    }
    /**
-     * Will return the ID of the last smtp transaction based on a list of patterns provided
+     * Extract and return the ID of the last SMTP transaction based on
-     * in SMTP::$smtp_transaction_id_patterns.
+     * a list of patterns provided in SMTP::$smtp_transaction_id_patterns.
     * Relies on the host providing the ID in response to a DATA command.
     * If no reply has been received yet, it will return null.
-     * If no pattern has been matched, it will return false.
+     * If no pattern was matched, it will return false.
     * @return bool|null|string
     */
-    public function getLastTransactionID()
+    protected function recordLastTransactionID()
    {
        $reply = $this->getLastReply();
        if (empty($reply)) {
-            return null;
+            $this->last_smtp_transaction_id = null;
-        }
+        } else {
-
+            $this->last_smtp_transaction_id = false;
-        foreach ($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) {
+            foreach ($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) {
-            if (preg_match($smtp_transaction_id_pattern, $reply, $matches)) {
+                if (preg_match($smtp_transaction_id_pattern, $reply, $matches)) {
-                return $matches[1];
+                    $this->last_smtp_transaction_id = $matches[1];
                }
            }
        }
-        return false;
+        return $this->last_smtp_transaction_id;
    }
    /**
     * Get the queue/transaction ID of the last SMTP transaction
     * If no reply has been received yet, it will return null.
     * If no pattern was matched, it will return false.
     * @return bool|null|string
     * @see recordLastTransactionID()
     */
    public function getLastTransactionID()
    {
        return $this->last_smtp_transaction_id;
    }
 }
--- a/system/libs/phpmailer/language/phpmailer.lang-ba.php
+++ b/system/libs/phpmailer/language/phpmailer.lang-ba.php
@@ -0,0 +1,26 @@
 <?php
 /**
 * Bosnian PHPMailer language file: refer to English translation for definitive list
 * @package PHPMailer
 * @author Ermin Islamagić <ermin@islamagic.com>
 */
 $PHPMAILER_LANG['authenticate']         = 'SMTP Greška: Neuspjela prijava.';
 $PHPMAILER_LANG['connect_host']         = 'SMTP Greška: Ne moguće se spojiti sa SMTP serverom.';
 $PHPMAILER_LANG['data_not_accepted']    = 'SMTP Greška: Podatci nisu prihvaćeni.';
 $PHPMAILER_LANG['empty_message']        = 'Sadržaj poruke je prazan.';
 $PHPMAILER_LANG['encoding']             = 'Nepoznata kriptografija: ';
 $PHPMAILER_LANG['execute']              = 'Nije moguće izvršiti naredbu: ';
 $PHPMAILER_LANG['file_access']          = 'Nije moguće pristupiti datoteci: ';
 $PHPMAILER_LANG['file_open']            = 'Nije moguće otvoriti datoteku: ';
 $PHPMAILER_LANG['from_failed']          = 'SMTP Greška: Slanje sa navedenih e-mail adresa nije uspjelo: ';
 $PHPMAILER_LANG['recipients_failed']    = 'SMTP Greška: Slanje na navedene e-mail adrese nije uspjelo: ';
 $PHPMAILER_LANG['instantiate']          = 'Ne mogu pokrenuti mail funkcionalnost.';
 $PHPMAILER_LANG['invalid_address']      = 'E-mail nije poslan. Neispravna e-mail adresa: ';
 $PHPMAILER_LANG['mailer_not_supported'] = ' mailer nije podržan.';
 $PHPMAILER_LANG['provide_address']      = 'Definišite barem jednu adresu primaoca.';
 $PHPMAILER_LANG['signing']              = 'Greška prilikom prijave: ';
 $PHPMAILER_LANG['smtp_connect_failed']  = 'Spajanje na SMTP server nije uspjelo.';
 $PHPMAILER_LANG['smtp_error']           = 'SMTP greška: ';
 $PHPMAILER_LANG['variable_set']         = 'Nije moguće postaviti varijablu ili je vratiti nazad: ';
 $PHPMAILER_LANG['extension_missing']    = 'Nedostaje ekstenzija: ';
--- a/system/libs/phpmailer/language/phpmailer.lang-nb.php
+++ b/system/libs/phpmailer/language/phpmailer.lang-nb.php
@@ -1,25 +1,25 @@
 <?php
 /**
- * Norwegian PHPMailer language file: refer to English translation for definitive list
+ * Norwegian Bokmål PHPMailer language file: refer to English translation for definitive list
 * @package PHPMailer
 */
 $PHPMAILER_LANG['authenticate']         = 'SMTP Feil: Kunne ikke autentisere.';
 $PHPMAILER_LANG['connect_host']         = 'SMTP Feil: Kunne ikke koble til SMTP tjener.';
-$PHPMAILER_LANG['data_not_accepted']    = 'SMTP Feil: Data ble ikke akseptert.';
+$PHPMAILER_LANG['data_not_accepted']    = 'SMTP Feil: Datainnhold ikke akseptert.';
-$PHPMAILER_LANG['empty_message']        = 'Meldingsinnholdet er tomt';
+$PHPMAILER_LANG['empty_message']        = 'Melding kropp tomt';
-$PHPMAILER_LANG['encoding']             = 'Ukjent tegnkoding: ';
+$PHPMAILER_LANG['encoding']             = 'Ukjent koding: ';
 $PHPMAILER_LANG['execute']              = 'Kunne ikke utføre: ';
 $PHPMAILER_LANG['file_access']          = 'Får ikke tilgang til filen: ';
-$PHPMAILER_LANG['file_open']            = 'Fil feil: Kunne ikke åpne filen: ';
+$PHPMAILER_LANG['file_open']            = 'Fil Feil: Kunne ikke åpne filen: ';
-$PHPMAILER_LANG['from_failed']          = 'Følgende avsenderadresse feilet: ';
+$PHPMAILER_LANG['from_failed']          = 'Følgende Frå adresse feilet: ';
-$PHPMAILER_LANG['instantiate']          = 'Kunne ikke initialisere mailfunksjonen.';
+$PHPMAILER_LANG['instantiate']          = 'Kunne ikke initialisere post funksjon.';
-$PHPMAILER_LANG['invalid_address']      = 'Meldingen ble ikke sendt, følgende adresse er ugyldig: ';
+$PHPMAILER_LANG['invalid_address']      = 'Ugyldig adresse: ';
-$PHPMAILER_LANG['provide_address']      = 'Du må angi minst en mottakeradresse.';
+$PHPMAILER_LANG['mailer_not_supported'] = ' sender er ikke støttet.';
-$PHPMAILER_LANG['mailer_not_supported'] = ' mailer er ikke supportert.';
+$PHPMAILER_LANG['provide_address']      = 'Du må opppgi minst en mottakeradresse.';
-$PHPMAILER_LANG['recipients_failed']    = 'SMTP Feil: Følgende mottagere feilet: ';
+$PHPMAILER_LANG['recipients_failed']    = 'SMTP Feil: Følgende mottakeradresse feilet: ';
-$PHPMAILER_LANG['signing']              = 'Signeringsfeil: ';
+$PHPMAILER_LANG['signing']              = 'Signering Feil: ';
-$PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP Connect() feilet.';
+$PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP connect() feilet.';
-$PHPMAILER_LANG['smtp_error']           = 'SMTP-serverfeil: ';
+$PHPMAILER_LANG['smtp_error']           = 'SMTP server feil: ';
-$PHPMAILER_LANG['variable_set']         = 'Kan ikke sette eller resette variabelen: ';
+$PHPMAILER_LANG['variable_set']         = 'Kan ikke skrive eller omskrive variabel: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = 'Utvidelse mangler: ';
--- a/system/libs/phpmailer/language/phpmailer.lang-pt_br.php
+++ b/system/libs/phpmailer/language/phpmailer.lang-pt_br.php
@@ -5,6 +5,7 @@
 * @author Paulo Henrique Garcia <paulo@controllerweb.com.br>
 * @author Lucas Guimarães <lucas@lucasguimaraes.com>
 * @author Phelipe Alves <phelipealvesdesouza@gmail.com>
 * @author Fabio Beneditto <fabiobeneditto@gmail.com>
 */
 $PHPMAILER_LANG['authenticate']         = 'Erro de SMTP: Não foi possível autenticar.';
@@ -15,7 +16,7 @@ $PHPMAILER_LANG['encoding']             = 'Codificação desconhecida: ';
 $PHPMAILER_LANG['execute']              = 'Não foi possível executar: ';
 $PHPMAILER_LANG['file_access']          = 'Não foi possível acessar o arquivo: ';
 $PHPMAILER_LANG['file_open']            = 'Erro de Arquivo: Não foi possível abrir o arquivo: ';
-$PHPMAILER_LANG['from_failed']          = 'Os seguintes remententes falharam: ';
+$PHPMAILER_LANG['from_failed']          = 'Os seguintes remetentes falharam: ';
 $PHPMAILER_LANG['instantiate']          = 'Não foi possível instanciar a função mail.';
 $PHPMAILER_LANG['invalid_address']      = 'Endereço de e-mail inválido: ';
 $PHPMAILER_LANG['mailer_not_supported'] = ' mailer não é suportado.';
--- a/system/libs/phpmailer/language/phpmailer.lang-rs.php
+++ b/system/libs/phpmailer/language/phpmailer.lang-rs.php
@@ -23,4 +23,4 @@ $PHPMAILER_LANG['signing']              = 'Грешка приликом при
 $PHPMAILER_LANG['smtp_connect_failed']  = 'Повезивање са SMTP сервером није успело.';
 $PHPMAILER_LANG['smtp_error']           = 'Грешка SMTP сервера: ';
 $PHPMAILER_LANG['variable_set']         = 'Није могуће задати променљиву, нити је вратити уназад: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = 'Недостаје проширење: ';
--- a/system/libs/phpmailer/language/phpmailer.lang-tr.php
+++ b/system/libs/phpmailer/language/phpmailer.lang-tr.php
@@ -6,6 +6,7 @@
 * @author Can Yılmaz
 * @author Mehmet Benlioğlu
 * @author @yasinaydin
 * @author Ogün Karakuş
 */
 $PHPMAILER_LANG['authenticate']         = 'SMTP Hatası: Oturum açılamadı.';
@@ -26,4 +27,4 @@ $PHPMAILER_LANG['signing']              = 'İmzalama hatası: ';
 $PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP connect() fonksiyonu başarısız.';
 $PHPMAILER_LANG['smtp_error']           = 'SMTP sunucu hatası: ';
 $PHPMAILER_LANG['variable_set']         = 'Değişken ayarlanamadı ya da sıfırlanamadı: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = 'Eklenti bulunamadı: ';
--- a/system/libs/phpmailer/language/phpmailer.lang-zh_cn.php
+++ b/system/libs/phpmailer/language/phpmailer.lang-zh_cn.php
@@ -4,13 +4,14 @@
 * @package PHPMailer
 * @author liqwei <liqwei@liqwei.com>
 * @author young <masxy@foxmail.com>
 * @author Teddysun <i@teddysun.com>
 */
 $PHPMAILER_LANG['authenticate']         = 'SMTP 错误：登录失败。';
 $PHPMAILER_LANG['connect_host']         = 'SMTP 错误：无法连接到 SMTP 主机。';
 $PHPMAILER_LANG['data_not_accepted']    = 'SMTP 错误：数据不被接受。';
 $PHPMAILER_LANG['empty_message']        = '邮件正文为空。';
-$PHPMAILER_LANG['encoding']             = '未知编码: ';
+$PHPMAILER_LANG['encoding']             = '未知编码：';
 $PHPMAILER_LANG['execute']              = '无法执行：';
 $PHPMAILER_LANG['file_access']          = '无法访问文件：';
 $PHPMAILER_LANG['file_open']            = '文件错误：无法打开文件：';
@@ -22,6 +23,6 @@ $PHPMAILER_LANG['provide_address']      = '必须提供至少一个收件人地
 $PHPMAILER_LANG['recipients_failed']    = 'SMTP 错误：收件人地址错误：';
 $PHPMAILER_LANG['signing']              = '登录失败：';
 $PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP服务器连接失败。';
-$PHPMAILER_LANG['smtp_error']           = 'SMTP服务器出错: ';
+$PHPMAILER_LANG['smtp_error']           = 'SMTP服务器出错：';
 $PHPMAILER_LANG['variable_set']         = '无法设置或重置变量：';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = '丢失模块 Extension：';
--- a/system/libs/plugins.php
+++ b/system/libs/plugins.php
@@ -0,0 +1,253 @@
 <?php
 /**
 * Plugins class
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 function is_sub_dir($path = NULL, $parent_folder = SITE_PATH) {
 	//Get directory path minus last folder
 	$dir = dirname($path);
 	$folder = substr($path, strlen($dir));
 	//Check the the base dir is valid
 	$dir = realpath($dir);
 	//Only allow valid filename characters
 	$folder = preg_replace('/[^a-z0-9\.\-_]/i', '', $folder);
 	//If this is a bad path or a bad end folder name
 	if( !$dir OR !$folder OR $folder === '.') {
 		return FALSE;
 	}
 	//Rebuild path
 	$path = $dir. '/' . $folder;
 	//If this path is higher than the parent folder
 	if( strcasecmp($path, $parent_folder) > 0 ) {
 		return $path;
 	}
 	return FALSE;
 }
 class Plugins {
 	private static $warnings = array();
 	private static $error = null;
 	private static $pluginInfo = array();
 	public static function install($file) {
 		global $db, $cache;
 		$zip = new ZipArchive();
 		if($zip->open($file)) {
 			for ($i = 0; $i < $zip->numFiles; $i++) {
 				$tmp = $zip->getNameIndex($i);
 				if(pathinfo($tmp, PATHINFO_DIRNAME) == 'plugins' && pathinfo($tmp, PATHINFO_EXTENSION) == 'json')
 					$json_file = $tmp;
 			}
 			if(!isset($json_file)) {
 				self::$error = 'Cannot find plugin info .json file. Installation is discontinued.';
 				return false;
 			}
 			if($zip->extractTo(BASE)) { // place in the directory with same name
 				$file_name = BASE . $json_file;
 				if(!file_exists($file_name)) {
 					self::$error = "Cannot load " . $file_name . ". File doesn't exist.";
 					return false;
 				}
 				else {
 					$string = file_get_contents($file_name);
 					$plugin = json_decode($string, true);
 					self::$pluginInfo = $plugin;
 					if ($plugin == null) {
 						self::$warnings[] = 'Cannot load ' . $file_name . '. File might be not a valid json code.';
 					}
 					else {
 						$continue = true;
 						if(!isset($plugin['name'])) {
 							self::$warnings[] = 'Plugin "name" tag is not set.';
 						}
 						if(!isset($plugin['description'])) {
 							self::$warnings[] = 'Plugin "description" tag is not set.';
 						}
 						if(!isset($plugin['version'])) {
 							self::$warnings[] = 'Plugin "version" tag is not set.';
 						}
 						if(!isset($plugin['author'])) {
 							self::$warnings[] = 'Plugin "author" tag is not set.';
 						}
 						if(!isset($plugin['contact'])) {
 							self::$warnings[] = 'Plugin "contact" tag is not set.';
 						}
 						if(isset($plugin['require'])) {
 							$require = $plugin['require'];
 							if(isset($require['myaac'])) {
 								$require_myaac = $require['myaac'];
 								if(version_compare(MYAAC_VERSION, $require_myaac, '<')) {
 									self::$warnings[] = "This plugin requires MyAAC version " . $require_myaac . ", you're using version " . MYAAC_VERSION . " - please update.";
 									$continue = false;
 								}
 							}
 							if(isset($require['php'])) {
 								$require_php = $require['php'];
 								if(version_compare(phpversion(), $require_php, '<')) {
 									self::$warnings[] = "This plugin requires PHP version " . $require_php . ", you're using version " . phpversion() . " - please update.";
 									$continue = false;
 								}
 							}
 							if(isset($require['database'])) {
 								$require_database = $require['database'];
 								if($require_database < DATABASE_VERSION) {
 									self::$warnings[] = "This plugin requires database version " . $require_database . ", you're using version " . DATABASE_VERSION . " - please update.";
 									$continue = false;
 								}
 							}
 						}
 						if($continue) {
 							if (isset($plugin['install'])) {
 								if (file_exists(BASE . $plugin['install']))
 									require(BASE . $plugin['install']);
 								else
 									self::$warnings[] = 'Cannot load install script. Your plugin might be not working correctly.';
 							}
 							if (isset($plugin['hooks'])) {
 								foreach ($plugin['hooks'] as $_name => $info) {
 									if (defined('HOOK_'. $info['type'])) {
 										$hook = constant('HOOK_'. $info['type']);
 										$query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'hooks` WHERE `name` = ' . $db->quote($_name) . ';');
 										if ($query->rowCount() == 1) { // found something
 											$query = $query->fetch();
 											$db->update(TABLE_PREFIX . 'hooks', array('type' => $hook, 'file' => $info['file']), array('id' => (int)$query['id']));
 										} else {
 											$db->insert(TABLE_PREFIX . 'hooks', array('id' => null, 'name' => $_name, 'type' => $hook, 'file' => $info['file']));
 										}
 									} else
 										self::$warnings[] = 'Unknown event type: ' . $info['type'];
 								}
 							}
 							if($cache->enabled()) {
 								$cache->delete('templates');
 							}
 							$zip->close();
 							return true;
 						}
 					}
 				}
 			}
 			else {
 				self::$error = 'There was a problem with extracting zip archive.';
 			}
 			$zip->close();
 		}
 		else {
 			self::$error = 'There was a problem with opening zip archive.';
 		}
 		return false;
 	}
 	public static function uninstall($plugin_name) {
 		global $cache, $db;
 		$filename = BASE . 'plugins/' . $plugin_name . '.json';
 		if(!file_exists($filename)) {
 			self::$error = 'Plugin ' . $plugin_name . ' does not exist.';
 			return false;
 		}
 		else {
 			$string = file_get_contents($filename);
 			$plugin_info = json_decode($string, true);
 			if($plugin_info == false) {
 				self::$error = 'Cannot load plugin info ' . $plugin_name . '.json';
 				return false;
 			}
 			else {
 				if(!isset($plugin_info['uninstall'])) {
 					self::$error = "Plugin doesn't have uninstall options defined. Skipping...";
 					return false;
 				}
 				else {
 					$success = true;
 					foreach($plugin_info['uninstall'] as $file) {
 						if(strpos($file, '/') === 0) {
 							$success = false;
 							self::$error = "You cannot use absolute paths (starting with slash - '/'): " . $file;
 							break;
 						}
 						$file = str_replace('\\', '/', BASE . $file);
 						$realpath = str_replace('\\', '/', realpath(dirname($file)));
 						if(!is_sub_dir($file, BASE) || $realpath != dirname($file)) {
 							$success = false;
 							self::$error = "You don't have rights to delete: " . $file;
 							break;
 						}
 					}
 					if($success) {
 						foreach($plugin_info['uninstall'] as $file) {
 							if(!deleteDirectory(BASE . $file)) {
 								self::$warnings[] = 'Cannot delete: ' . $$file;
 							}
 						}
 					}
 					if (isset($plugin_info['hooks'])) {
 						foreach ($plugin_info['hooks'] as $_name => $info) {
 							if (defined('HOOK_'. $info['type'])) {
 								//$hook = constant('HOOK_'. $info['type']);
 								$query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'hooks` WHERE `name` = ' . $db->quote($_name) . ';');
 								if ($query->rowCount() == 1) { // found something
 									$query = $query->fetch();
 									$db->delete(TABLE_PREFIX . 'hooks', array('id' => (int)$query['id']));
 								}
 							} else
 								self::$warnings[] = 'Unknown event type: ' . $info['type'];
 						}
 					}
 					if($success) {
 						if($cache->enabled()) {
 							$cache->delete('templates');
 						}
 						return true;
 					}
 				}
 			}
 		}
 		return false;
 	}
 	public static function getWarnings() {
 		return self::$warnings;
 	}
 	public static function getError() {
 		return self::$error;
 	}
 	public static function getPluginInfo() {
 		return self::$pluginInfo;
 	}
 }
--- a/system/libs/pot/OTS_Account.php
+++ b/system/libs/pot/OTS_Account.php
@@ -39,7 +39,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 * @var array
 * @version 0.1.5
 */
-    private $data = array('email' => '', 'blocked' => false, 'rlname' => '','location' => '','web_flags' => 0,'lastday' => 0,'premdays' => 0, 'created' => 0);
+    private $data = array('email' => '', 'blocked' => false, 'rlname' => '','location' => '','web_flags' => 0, 'lastday' => 0, 'premdays' => 0, 'created' => 0);
 /**
 * Creates new account.
@@ -170,7 +170,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
    public function load($id)
    {
        // SELECT query on database
-        $this->data = $this->db->query('SELECT `id`, ' . (fieldExist('name', 'accounts') ? '`name`,' : '') . '`password`, `email`, ' . $this->db->fieldName('blocked') . ', ' . $this->db->fieldName('rlname') . ', ' . $this->db->fieldName('location') . ', ' . $this->db->fieldName('web_flags') . ', ' . (fieldExist('premdays', 'accounts') ? $this->db->fieldName('premdays') . ',' : '') . (fieldExist('lastday', 'accounts') ? $this->db->fieldName('lastday') . ',' : (fieldExist('premend', 'accounts') ?  $this->db->fieldName('premend') . ' as `lastday`,' : '')) . $this->db->fieldName('created') . ' FROM ' . $this->db->tableName('accounts') . ' WHERE ' . $this->db->fieldName('id') . ' = ' . (int) $id)->fetch();
+        $this->data = $this->db->query('SELECT `id`, ' . (fieldExist('name', 'accounts') ? '`name`,' : '') . '`password`, `email`, ' . $this->db->fieldName('blocked') . ', ' . $this->db->fieldName('rlname') . ', ' . $this->db->fieldName('location') . ', ' . $this->db->fieldName('web_flags') . ', ' . (fieldExist('premdays', 'accounts') ? $this->db->fieldName('premdays') . ',' : '') . (fieldExist('lastday', 'accounts') ? $this->db->fieldName('lastday') . ',' : (fieldExist('premend', 'accounts') ?  $this->db->fieldName('premend') . ',' : '')) . $this->db->fieldName('created') . ' FROM ' . $this->db->tableName('accounts') . ' WHERE ' . $this->db->fieldName('id') . ' = ' . (int) $id)->fetch();
    }
 /**
@@ -249,12 +249,16 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
            throw new E_OTS_NotLoaded();
        }
-		$lastday = 'lastday';
+	$field = 'lastday';
-		if(fieldExist('premend', 'accounts'))
+	if(fieldExist('premend', 'accounts')) { // othire
-			$lastday = 'premend';
+    		$field = 'premend';
 		if(!isset($this->data['premend'])) {
 			$this->data['premend'] = 0;
 		}
 	}
        // UPDATE query on database
-        $this->db->query('UPDATE `accounts` SET ' . (fieldExist('name', 'accounts') ? '`name` = ' . $this->db->quote($this->data['name']) . ',' : '') . '`password` = ' . $this->db->quote($this->data['password']) . ', `email` = ' . $this->db->quote($this->data['email']) . ', `blocked` = ' . (int) $this->data['blocked'] . ', `rlname` = ' . $this->db->quote($this->data['rlname']) . ', `location` = ' . $this->db->quote($this->data['location']) . ', `web_flags` = ' . (int) $this->data['web_flags'] . ', ' . (fieldExist('premdays', 'accounts') ? '`premdays` = ' . (int) $this->data['premdays'] . ',' : '') . '`' . $lastday . '` = ' . (int) $this->data['lastday'] . ' WHERE `id` = ' . $this->data['id']);
+        $this->db->query('UPDATE `accounts` SET ' . (fieldExist('name', 'accounts') ? '`name` = ' . $this->db->quote($this->data['name']) . ',' : '') . '`password` = ' . $this->db->quote($this->data['password']) . ', `email` = ' . $this->db->quote($this->data['email']) . ', `blocked` = ' . (int) $this->data['blocked'] . ', `rlname` = ' . $this->db->quote($this->data['rlname']) . ', `location` = ' . $this->db->quote($this->data['location']) . ', `web_flags` = ' . (int) $this->data['web_flags'] . ', ' . (fieldExist('premdays', 'accounts') ? '`premdays` = ' . (int) $this->data['premdays'] . ',' : '') . '`' . $field . '` = ' . (int) $this->data[$field] . ' WHERE `id` = ' . $this->data['id']);
    }
 /**
@@ -327,21 +331,26 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		return $this->hasFlag(FLAG_SUPER_ADMIN);
 	}
-    public function getPremDays()
+	public function getPremDays()
-    {
+	{
-        if( !isset($this->data['lastday']) )
+		if(!isset($this->data['lastday']) && !isset($this->data['premend'])) {
-        {
+			throw new E_OTS_NotLoaded();
-            throw new E_OTS_NotLoaded();
+		}
        }
-        if($this->data['lastday'] == 0)
+		if(isset($this->data['premend'])) {
-            return 0;
+			return round(($this->data['premend'] - time()) / (24 * 60 * 60), 2);
 		}
-		return round(($this->data['lastday'] - time()) / (24 * 60 * 60), 3);
+		if($this->data['premdays'] == 0) {
-        //return $this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday']));
+			return 0;
-    }
+		}
-    public function getLastLogin()
+		global $config;
        if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return -1;
 		return $this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday']));
 	}
   public function getLastLogin()
    {
        if( !isset($this->data['lastday']) )
        {
@@ -355,9 +364,13 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
    {
 		global $config;
        if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return true;
-		return $this->data['lastday'] > time();
+
-        //return ($this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday'])) > 0);
+		if(isset($this->data['premend'])) {
-    }
+			return $this->data['premend'] > time();
 		}
 		return ($this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday'])) > 0);
 	}
    public function getCreated()
    {
@@ -742,7 +755,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
        }
 		if( !isset($this->data['banned']) )
 			$this->loadBan();
-        return ($this->data['banned'] == 1);
+        return ($this->data['banned'] === true);
    }
    public function getBanTime()
@@ -768,20 +781,24 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		if(tableExist('account_bans')) {
 			$ban = $this->db->query('SELECT `expires_at` FROM `account_bans` WHERE `account_id` = ' . $this->data['id'] . ' AND (`expires_at` > ' . time() .' OR `expires_at` = -1) ORDER BY `expires_at` DESC')->fetch();
 			$this->data['banned'] = isset($ban['expires_at']);
-			$this->data['banned_time'] = $ban['expires_at'];
+			$this->data['banned_time'] = isset($ban['expires_at']) ? $ban['expires_at'] : 0;
 		}
 		else if(tableExist('bans')) {
 			if(fieldExist('active', 'bans')) {
 				$ban = $this->db->query('SELECT `active`, `expires` FROM `bans` WHERE (`type` = 3 OR `type` = 5) AND `active` = 1 AND `value` = ' . $this->data['id'] . ' AND (`expires` > ' . time() .' OR `expires` = -1) ORDER BY `expires` DESC')->fetch();
-				$this->data['banned'] = $ban['active'];
+				$this->data['banned'] = isset($ban['active']);
-				$this->data['banned_time'] = $ban['expires'];
+				$this->data['banned_time'] = isset($ban['expires']) ? $ban['expires'] : 0;
 			}
 			else { // tfs 0.2
 				$ban = $this->db->query('SELECT `time` FROM `bans` WHERE (`type` = 3 OR `type` = 5) AND `account` = ' . $this->data['id'] . ' AND (`time` > ' . time() .' OR `time` = -1) ORDER BY `time` DESC')->fetch();
-				$this->data['banned'] = $ban['time'] == -1 || $ban['time'] > 0;
+				$this->data['banned'] = isset($ban['time']) && ($ban['time'] == -1 || $ban['time'] > 0);
-				$this->data['banned_time'] = $ban['time'];
+				$this->data['banned_time'] = isset($ban['time']) ? $ban['time'] : 0;
 			}
 		}
 		else {
 			$this->data['banned'] = false;
 			$this->data['banned_time'] = 0;
 		}
    }
 /**
@@ -818,34 +835,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 */
    public function getAccess()
    {
-		global $groups;
+		return $this->getGroupId();
 		if(!isset($groups))
 			$groups = new OTS_Groups_List();
 		// by default
 		$access = 0;
 		if(fieldExist('group_id', 'accounts')) {
 			$query = $this->db->query('SELECT `group_id` FROM `accounts` WHERE `id` = ' . (int) $this->getId())->fetch();
 			// if anything was found
 			$group = $groups->getGroup($query['group_id']);
 			if(!$group) return 0;
 			return $group->getAccess();
 		}
        // finds groups of all characters
        foreach( $this->getPlayersList() as $player)
        {
            $group = $player->getGroup();
            // checks if group's access level is higher then previouls found highest
            if( $group->getAccess() > $access)
            {
                $access = $group->getAccess();
            }
        }
        return $access;
    }
 	public function getGroupId()
@@ -858,10 +848,12 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 				return $query['group_id'];
 		}
-		$db->query('SELECT `group_id` FROM `players` WHERE `account_id` = ' . $this->getId() . ' ORDER BY `group_id` DESC LIMIT 1')->fetch();
+		$query = $this->db->query('SELECT `group_id` FROM `players` WHERE `account_id` = ' . (int) $this->getId() .  ' ORDER BY `group_id` DESC LIMIT 1');
-		if(isset($query['group_id']))
+		if($query->rowCount() == 1)
 		{
 			$query = $query->fetch();
 			return $query['group_id'];
-
+		}
 		return 0;
 	}
--- a/system/libs/pot/OTS_Guild.php
+++ b/system/libs/pot/OTS_Guild.php
@@ -74,6 +74,7 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
 * 
 * @version 0.1.3
 */
 /*
    public function __clone()
    {
        unset($this->data['id']);
@@ -90,7 +91,7 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
            $this->requests->__construct($this);
        }
    }
-
+*/
 /**
 * Assigns invites handler.
 * 
@@ -282,6 +283,26 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
        $this->data['ownerid'] = $owner->getId();
    }
    public function hasMember(OTS_Player $player) {
        global $db;
        if(!$player || !$player->isLoaded()) {
            return false;
        }
 	    $player_rank = $player->getRank();
 	    if(!$player_rank->isLoaded()) {
 	        return false;
 	    }
 	    foreach($this->getGuildRanksList() as $rank) {
 		    if($rank->getId() == $player_rank->getId()) {
 		        return true;
            }
        }
        return false;
    }
 /**
 * Guild creation data.
 * 
--- a/system/libs/pot/OTS_Monster.php
+++ b/system/libs/pot/OTS_Monster.php
@@ -194,7 +194,6 @@ class OTS_Monster extends DOMDocument
 /**
 * @return array List of item IDs.
 * @deprecated 0.1.0 Use getItems().
 */
    public function getLoot()
    {
@@ -208,13 +207,25 @@ class OTS_Monster extends DOMDocument
            // adds all items
            foreach( $element->getElementsByTagName('item') as $item)
            {
-                $id = $item->getAttribute('id');
+	            $chance = $item->getAttribute('chance');
-
+	            if(empty($chance)) {
-                // avoid redundancy
+		            $chance = $item->getAttribute('chance1');
-                if( !in_array($id, $loot) )
+		            if(empty($chance)) {
-                {
+		                $chance = 100000;
-                    $loot[] = $id;
+                    }
                }
                $count = $item->getAttribute('countmax');
 	            if(empty($count)) {
 	                $count = 1;
                }
                $id = $item->getAttribute('id');
                if(empty($id)) {
                    $id = $item->getAttribute('name');
                }
                $loot[] = array('id' => $id, 'count' => $count, 'chance' => $chance);
            }
        }
--- a/system/libs/pot/OTS_MonstersList.php
+++ b/system/libs/pot/OTS_MonstersList.php
@@ -36,6 +36,8 @@ class OTS_MonstersList implements Iterator, Countable, ArrayAccess
 */
    private $monsters = array();
 	private $lastMonsterFile = '';
 	private $hasErrors = false;
 /**
 * Loads monsters mapping file.
 * 
@@ -57,9 +59,18 @@ class OTS_MonstersList implements Iterator, Countable, ArrayAccess
            $this->monstersPath .= '/';
        }
 		// check if monsters.xml exist
 		if(!@file_exists($this->monstersPath . 'monsters.xml')) {
 			log_append('error.log', '[OTS_MonstersList.php] Fatal error: Cannot load monsters.xml. File does not exist. (' . $this->monstersPath . 'monsters.xml' . '). Error: ' . print_r(error_get_last(), true));
 			throw new Exception('Error: Cannot load monsters.xml. File not found. More info in system/logs/error.log file.');
 		}
        // loads monsters mapping file
        $monsters = new DOMDocument();
-        $monsters->load($this->monstersPath . 'monsters.xml');
+        if(!@$monsters->load($this->monstersPath . 'monsters.xml')) {
 			log_append('error.log', '[OTS_MonstersList.php] Fatal error: Cannot load monsters.xml (' . $this->monstersPath . 'monsters.xml' . '). Error: ' . print_r(error_get_last(), true));
 			throw new Exception('Error: Cannot load monsters.xml. File is invalid. More info in system/logs/error.log file.');
 		}
        foreach( $monsters->getElementsByTagName('monster') as $monster)
        {
@@ -101,6 +112,16 @@ class OTS_MonstersList implements Iterator, Countable, ArrayAccess
        return isset($this->monsters[$name]);
    }
 	function xmlErrorHandler($errno, $errstr, $errfile, $errline)
 	{
 		if($errno==E_WARNING && (substr_count($errstr,"DOMDocument::loadXML()")>0)) {
 			//throw new DOMException($errstr);
 			log_append('error.log', '[OTS_MonstersList.php] Fatal error: Cannot load ' . $this->lastMonsterFile . ' - ' . $errstr);
 			$this->hasErrors = true;
 		}
 		else
 			return false;
 	}
 /**
 * Returns loaded data of given monster.
 * 
@@ -112,21 +133,31 @@ class OTS_MonstersList implements Iterator, Countable, ArrayAccess
 */
    public function getMonster($name)
    {
 		global $lastMonsterFile;
        // checks if monster exists
        if( isset($this->monsters[$name]) )
        {
            // loads file
            $monster = new OTS_Monster();
 			//echo $this->monstersPath . $this->monsters[$name];
 			// check if monster file exist
           if(file_exists($this->monstersPath . $this->monsters[$name])) {
-				$monster->loadXML(trim(file_get_contents($this->monstersPath . $this->monsters[$name])));
+				set_error_handler(array($this, 'xmlErrorHandler')); 
 				$this->lastMonsterFile = $this->monstersPath . $this->monsters[$name];
 				@$monster->loadXML(trim(file_get_contents($this->monstersPath . $this->monsters[$name])));
 				restore_error_handler();
 			}
            return $monster;
        }
        throw new OutOfBoundsException();
    }
 	public function hasErrors() {
 		return $this->hasErrors;
 	}
 /**
 * Returns amount of monsters loaded.
 * 
--- a/system/libs/pot/OTS_Player.php
+++ b/system/libs/pot/OTS_Player.php
@@ -216,11 +216,6 @@ class OTS_Player extends OTS_Row_DAO
 		if(!isset($this->data['rank_id']) || $this->data['rank_id'] == NULL)
 			$this->data['rank_id'] = 0;
 		if(isset($this->data['promotion'])) {
 			global $config;
 			if((int)$this->data['promotion'] > 0)
 				$this->data['vocation'] += ($this->data['promotion'] * $config['vocations_amount']);
 		}
        // loads skills
        if( $this->isLoaded() )
        {
@@ -820,6 +815,12 @@ class OTS_Player extends OTS_Row_DAO
            throw new E_OTS_NotLoaded();
        }
 		if(isset($this->data['promotion'])) {
 			global $config;
 			if((int)$this->data['promotion'] > 0)
 				return ($this->data['vocation'] + ($this->data['promotion'] * $config['vocations_amount']));
 		}
        return $this->data['vocation'];
    }
@@ -2895,7 +2896,12 @@ class OTS_Player extends OTS_Row_DAO
        }
 		global $config;
-		return $config['vocations'][$this->data['vocation']];
+		$voc = $this->getVocation();
 		if(!isset($config['vocations'][$voc])) {
 			return 'Unknown';
 		}
 		return $config['vocations'][$voc];
        //return POT::getInstance()->getVocationsList()->getVocationName($this->data['vocation']);
    }
@@ -3152,6 +3158,14 @@ class OTS_Player extends OTS_Row_DAO
        $this->db->query('DELETE FROM ' . $this->db->tableName('player_spells') . ' WHERE ' . $this->db->fieldName('player_id') . ' = ' . $this->data['id'] . ' AND ' . $this->db->fieldName('name') . ' = ' . $this->db->quote( $spell->getName() ) );
    }
 	public static function getPercentLevel($count, $nextLevelCount)
 	{
 		if($nextLevelCount > 0)
 			return min(100, max(0, $count * 100 / $nextLevelCount));
 		return 0;
 	}
 /**
 * Magic PHP5 method.
 *
--- a/system/libs/pot/OTS_Spell.php
+++ b/system/libs/pot/OTS_Spell.php
@@ -315,19 +315,50 @@ class OTS_Spell
 */
    public function getVocations()
    {
-        $vocations = array();
+	    global $config;
 	    if(!isset($config['vocation_ids']))
 		    $config['vocations_ids'] = array_flip($config['vocations']);
 	    $vocations = array();
        foreach( $this->element->getElementsByTagName('vocation') as $vocation)
        {
-			if($vocation->getAttribute('id') != NULL)
+	        if($vocation->getAttribute('id') != NULL) {
-            	$vocations[] = $vocation->getAttribute('id');
+		        $voc_id = $vocation->getAttribute('id');
-			else
+	        }
-				$vocations[] = $vocation->getAttribute('name');
+	        else {
 		        $voc_id = $config['vocations_ids'][$vocation->getAttribute('name')];
 	        }
 	        $vocations[] = $voc_id;
        }
        return $vocations;
    }
 	public function getVocationsFull()
 	{
 	    global $config;
 	    if(!isset($config['vocation_ids']))
 	        $config['vocations_ids'] = array_flip($config['vocations']);
 		$vocations = array();
 		foreach( $this->element->getElementsByTagName('vocation') as $vocation)
 		{
 		    $show = $vocation->getAttribute('showInDescription');
            if($vocation->getAttribute('id') != NULL) {
 	            $voc_id = $vocation->getAttribute('id');
            }
            else {
                $voc_id = $config['vocations_ids'][$vocation->getAttribute('name')];
            }
 		    $vocations[$voc_id] = strlen($show) == 0 || $show != '0';
 		}
 		return $vocations;
 	}
 /**
 * Creates conjure item.
 * 
--- a/system/libs/pot/OTS_SpellsList.php
+++ b/system/libs/pot/OTS_SpellsList.php
@@ -93,9 +93,18 @@ class OTS_SpellsList implements IteratorAggregate, Countable
 */
    public function __construct($file)
    {
-        // loads DOM document
+		// check if spells.xml exist
 		if(!@file_exists($file)) {
 			log_append('error.log', '[OTS_SpellsList.php] Fatal error: Cannot load spells.xml. File does not exist. (' . $file . '). Error: ' . print_r(error_get_last(), true));
 			throw new Exception('Error: Cannot load spells.xml. File not found. More info in system/logs/error.log file.');
 		}
        // loads monsters mapping file
        $spells = new DOMDocument();
-        $spells->load($file);
+        if(!@$spells->load($file)) {
 			log_append('error.log', '[OTS_SpellsList.php] Fatal error: Cannot load spells.xml (' . $file . '). Error: ' . print_r(error_get_last(), true));
 			throw new Exception('Error: Cannot load spells.xml. File is invalid. More info in system/logs/error.log file.');
 		}
        // loads runes
        foreach( $spells->getElementsByTagName('rune') as $rune)
--- a/system/libs/pot/OTS_Toolbox.php
+++ b/system/libs/pot/OTS_Toolbox.php
@@ -28,13 +28,11 @@ class OTS_Toolbox
 * @param int $experience Current experience points.
 * @return int Experience points for level.
 */
-    public static function experienceForLevel($level, $experience = 0)
+	public static function experienceForLevel($level, $experience = 0)
    {
-        return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
+        //return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
-		/*
+		$level = $level - 1;
-			$level = $level - 1;
+		return ((50 * $level * $level * $level) - (150 * $level * $level) + (400 * $level)) / 3;
 	return ((50 * $level * $level * $level) - (150 * $level * $level) + (400 * $level)) / 3;
 	*/
    }
 /**
--- a/system/libs/spells.php
+++ b/system/libs/spells.php
@@ -6,12 +6,14 @@
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 class Spells {
 	private static $spellsList = null;
 	private static $lastError = '';
 	public static function loadFromXML($show = false) {
 		global $config, $db;
@@ -22,62 +24,45 @@ class Spells {
 			echo '<h2>All records deleted from table <b>' . TABLE_PREFIX . 'spells</b> in database.</h2>';
 		}
-		foreach($config['vocations'] as $voc_id => $voc_name) {
+		try {
-			$vocations_ids[$voc_name] = $voc_id;
+			self::$spellsList = new OTS_SpellsList($config['data_path'].'spells/spells.xml');
 		}
 		catch(Exception $e) {
 			self::$lastError = $e->getMessage();
 			return false;
 		}
 		$allspells = new OTS_SpellsList($config['data_path'].'spells/spells.xml');
 		//add conjure spells
-		$conjurelist = $allspells->getConjuresList();
+		$conjurelist = self::$spellsList->getConjuresList();
 		if($show) {
 			echo "<h3>Conjure:</h3>";
 		}
 		foreach($conjurelist as $spellname) {
-			$spell = $allspells->getConjure($spellname);
+			$spell = self::$spellsList->getConjure($spellname);
 			$lvl = $spell->getLevel();
 			$mlvl = $spell->getMagicLevel();
 			$mana = $spell->getMana();
 			$name = $spell->getName();
 			$soul = $spell->getSoul();
 			$spell_txt = $spell->getWords();
 			$vocations = $spell->getVocations();
 			$nr_of_vocations = count($vocations);
 			$vocations_to_db = "";
 			$voc_nr = 0;
 			foreach($vocations as $vocation_to_add) {
 				if(Validator::number($vocation_to_add)) {
 					$vocations_to_db .= $vocation_to_add;
 				}
 				else
 					$vocations_to_db .= $vocations_ids[$vocation_to_add];
 				$voc_nr++;
-				if($voc_nr != $nr_of_vocations) {
+			$words = $spell->getWords();
-					$vocations_to_db .= ',';
+			if(strpos($words, '#') !== false)
-				}
+				continue;
 			}
 			$enabled = $spell->isEnabled();
 			if($enabled) {
 				$hide_spell = 0;
 			}
 			else {
 				$hide_spell = 1;
 			}
 			$pacc = $spell->isPremium();
 			if($pacc) {
 				$pacc = '1';
 			}
 			else {
 				$pacc = '0';
 			}
 			$type = 2;
 			$count = $spell->getConjureCount();
 			try {
-				$db->query('INSERT INTO myaac_spells (spell, name, words, type, mana, level, maglevel, soul, premium, vocations, conjure_count, hidden) VALUES (' . $db->quote($spell_txt) . ', ' . $db->quote($name) . ', ' . $db->quote($spell_txt) . ', ' . $db->quote($type) . ', ' . $db->quote($mana) . ', ' . $db->quote($lvl) . ', ' . $db->quote($mlvl) . ', ' . $db->quote($soul) . ', ' . $db->quote($pacc) . ', ' . $db->quote($vocations_to_db) . ', ' . $db->quote($count) . ', ' . $db->quote($hide_spell) . ')');
+				$db->insert(TABLE_PREFIX . 'spells', array(
 					'name' => $name,
 					'words' => $words,
 					'type' => 2,
 					'mana' => $spell->getMana(),
 					'level' => $spell->getLevel(),
 					'maglevel' => $spell->getMagicLevel(),
 					'soul' => $spell->getSoul(),
 					'premium' => $spell->isPremium() ? 1 : 0,
 					'vocations' => json_encode($spell->getVocations()),
 					'conjure_count' => $spell->getConjureCount(),
 					'hidden' => $spell->isEnabled() ? 0 : 1
 				));
 				if($show) {
-					success("Added: " . $name . "<br>");
+					success('Added: ' . $name . '<br/>');
 				}
 			}
 			catch(PDOException $error) {
@@ -87,59 +72,75 @@ class Spells {
 			}
 		}
-		//add instant spells
+		// add instant spells
-		$instantlist = $allspells->getInstantsList();
+		$instantlist = self::$spellsList->getInstantsList();
 		if($show) {
 			echo "<h3>Instant:</h3>";
 		}
 		foreach($instantlist as $spellname) {
-			$spell = $allspells->getInstant($spellname);
+			$spell = self::$spellsList->getInstant($spellname);
 			$lvl = $spell->getLevel();
 			$mlvl = $spell->getMagicLevel();
 			$mana = $spell->getMana();
 			$name = $spell->getName();
-			$soul = $spell->getSoul();
+			
-			$spell_txt = $spell->getWords();
+			$words = $spell->getWords();
-			if(strpos($spell_txt, '###') !== false)
+			if(strpos($words, '#') !== false)
 				continue;
 			$vocations = $spell->getVocations();
 			$nr_of_vocations = count($vocations);
 			$vocations_to_db = "";
 			$voc_nr = 0;
 			foreach($vocations as $vocation_to_add) {
 				if(Validator::number($vocation_to_add)) {
 					$vocations_to_db .= $vocation_to_add;
 				}
 				else
 					$vocations_to_db .= $vocations_ids[$vocation_to_add];
 				$voc_nr++;
 				if($voc_nr != $nr_of_vocations) {
 					$vocations_to_db .= ',';
 				}
 			}
 			$enabled = $spell->isEnabled();
 			if($enabled) {
 				$hide_spell = 0;
 			}
 			else {
 				$hide_spell = 1;
 			}
 			$pacc = $spell->isPremium();
 			if($pacc) {
 				$pacc = '1';
 			}
 			else {
 				$pacc = '0';
 			}
 			$type = 1;
 			$count = 0;
 			try {
-				$db->query("INSERT INTO myaac_spells (spell, name, words, type, mana, level, maglevel, soul, premium, vocations, conjure_count, hidden) VALUES (".$db->quote($spell_txt).", ".$db->quote($name).", ".$db->quote($spell_txt).", '".$type."', '".$mana."', '".$lvl."', '".$mlvl."', '".$soul."', '".$pacc."', '".$vocations_to_db."', '".$count."', '".$hide_spell."')");
+				$db->insert(TABLE_PREFIX . 'spells', array(
 					'name' => $name,
 					'words' => $words,
 					'type' => 1,
 					'mana' => $spell->getMana(),
 					'level' => $spell->getLevel(),
 					'maglevel' => $spell->getMagicLevel(),
 					'soul' => $spell->getSoul(),
 					'premium' => $spell->isPremium() ? 1 : 0,
 					'vocations' => json_encode($spell->getVocations()),
 					'conjure_count' => 0,
 					'hidden' => $spell->isEnabled() ? 0 : 1
 				));
 				if($show) {
-					success("Added: ".$name."<br/>");
+					success('Added: ' . $name . '<br/>');
 				}
 			}
 			catch(PDOException $error) {
 				if($show) {
 					warning('Error while adding spell (' . $name . '): ' . $error->getMessage());
 				}
 			}
 		}
 		// add runes
 		$runeslist = self::$spellsList->getRunesList();
 		if($show) {
 			echo "<h3>Runes:</h3>";
 		}
 		foreach($runeslist as $spellname) {
 			$spell = self::$spellsList->getRune($spellname);
 			$name = $spell->getName() . ' (rune)';
 			try {
 				$db->insert(TABLE_PREFIX . 'spells', array(
 					'name' => $name,
 					'words' => $spell->getWords(),
 					'type' => 3,
 					'mana' => $spell->getMana(),
 					'level' => $spell->getLevel(),
 					'maglevel' => $spell->getMagicLevel(),
 					'soul' => $spell->getSoul(),
 					'premium' => $spell->isPremium() ? 1 : 0,
 					'vocations' => json_encode($spell->getVocations()),
 					'conjure_count' => 0,
 					'item_id' => $spell->getID(),
 					'hidden' => $spell->isEnabled() ? 0 : 1
 				));
 				if($show) {
 					success('Added: ' . $name . '<br/>');
 				}
 			}
 			catch(PDOException $error) {
@@ -151,4 +152,12 @@ class Spells {
 		return true;
 	}
 	public static function getSpellsList() {
 		return self::$spellsList;
 	}
 	public static function getLastError() {
 		return self::$lastError;
 	}
 }
--- a/system/libs/timer.php
+++ b/system/libs/timer.php
@@ -5,7 +5,6 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
--- a/system/libs/usage_statistics.php
+++ b/system/libs/usage_statistics.php
@@ -0,0 +1,120 @@
 <?php
 /**
 * Usage Statistics
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 class Usage_Statistics {
 	private static $report_url = 'https://my-aac.org/report_usage.php';
 	public static function report() {
 		$data = json_encode(self::getStats());
 		$options = array(
 			'http' => array(
 				'header'  => 'Content-type: application/json' . "\r\n"
 				. 'Content-Length: ' . strlen($data) . "\r\n",
 				'content' => $data
 			)
 		);
 		$context  = stream_context_create($options);
 		$result = file_get_contents(self::$report_url, false, $context);
 		return $result !== false;
 	}
 	public static function getStats() {
 		global $config, $db;
 		$ret = array();
 		$ret['unique_id'] = hash('sha1', $config['server_path']);
 		$ret['server_os'] = php_uname('s') . ' ' . php_uname('r');
 		$ret['myaac_version'] = MYAAC_VERSION;
 		$ret['myaac_db_version'] = DATABASE_VERSION;
 		if(tableExist('server_config')) {
 			$query = $db->query('SELECT `value` FROM `server_config` WHERE `config` = ' . $db->quote('database_version'));
 			if($query->rowCount() == 1) {
 				$query = $query->fetch();
 				$ret['otserv_db_version'] = $query['value'];
 			}
 		}
 		$ret['client_version'] = $config['client'];
 		$ret['php_version'] = phpversion();
 		$query = $db->query('SELECT VERSION() as `version`;');
 		if($query->rowCount() == 1) {
 			$query = $query->fetch();
 			$ret['mysql_version'] = $query['version'];
 		}
 		$query = $db->query('SELECT SUM(ROUND(((DATA_LENGTH + INDEX_LENGTH) / 1024 ), 0)) AS "size"
 FROM INFORMATION_SCHEMA.TABLES
 WHERE TABLE_SCHEMA = "' . $config['database_name'] . '";');
 		if($query->rowCount() == 1) {
 			$query = $query->fetch();
 			$ret['database_size'] = $query['size'];
 		}
 		$ret['views_counter'] = getDatabaseConfig('views_counter');
 		$query = $db->query('SELECT COUNT(`id`) as `size` FROM `accounts`;');
 		if($query->rowCount() == 1) {
 			$query = $query->fetch();
 			$ret['accounts_size'] = $query['size'];
 		}
 		$query = $db->query('SELECT COUNT(`id`) as `size` FROM `players`;');
 		if($query->rowCount() == 1) {
 			$query = $query->fetch();
 			$ret['players_size'] = $query['size'];
 		}
 		$query = $db->query('SELECT COUNT(`id`) as `size` FROM `' . TABLE_PREFIX . 'monsters`;');
 		if($query->rowCount() == 1) {
 			$query = $query->fetch();
 			$ret['monsters_size'] = $query['size'];
 		}
 		$query = $db->query('SELECT COUNT(`id`) as `size` FROM `' . TABLE_PREFIX . 'spells`;');
 		if($query->rowCount() == 1) {
 			$query = $query->fetch();
 			$ret['spells_size'] = $query['size'];
 		}
 		$ret['locales'] = get_locales();
 		$ret['plugins'] = array();
 		foreach(get_plugins() as $plugin) {
 			$string = file_get_contents(BASE . 'plugins/' . $plugin . '.json');
 			$plugin_info = json_decode($string, true);
 			if($plugin_info != false) {
 				if(isset($plugin_info['version'])) {
 					$ret['plugins'][$plugin] = $plugin_info['version'];
 				}
 			}
 		}
 		$ret['templates'] = get_templates();
 		$ret['date_timezone'] = $config['date_timezone'];
 		$ret['backward_support'] = $config['backward_support'];
 		$cache_engine = strtolower($config['cache_engine']);
 		if($cache_engine == 'auto') {
 			$cache_engine = Cache::detect();
 		}
 		$ret['cache_engine'] = $cache_engine;
 		return $ret;
 	}
 }
--- a/system/libs/validator.php
+++ b/system/libs/validator.php
@@ -5,7 +5,6 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -86,13 +85,7 @@ class Validator
 			return false;
 		}
-		if(strspn($name, "QWERTYUIOPASDFGHJKLZXCVBNM0123456789") != $length)
+		if(!preg_match("/[A-Z0-9]/i", $name))
 		{
 			self::$lastError = 'Invalid account name format. Use only A-Z and numbers 0-9.';
 			return false;
 		}
 		if(!preg_match("/[A-Z0-9]/", $name))
 		{
 			self::$lastError = 'Invalid account name format. Use only A-Z and numbers 0-9.';
 			return false;
@@ -365,6 +358,11 @@ class Validator
 	 */
 	public static function guildName($name)
 	{
 		if(empty($name)) {
 			self::$lastError = 'Please enter guild name.';
 			return false;
 		}
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789- ") != strlen($name)) {
 			self::$lastError = 'Invalid guild name format.';
 			return false;
@@ -378,6 +376,33 @@ class Validator
 		return true;
 	}
 	/**
 	 * Validate guild nick
 	 * Nick lenght must be 3-40 chars
 	 *
 	 * @param  string $name Name to check
 	 * @return bool Is name valid?
 	 */
 	public static function guildNick($name)
 	{
 		if(empty($name)) {
 			self::$lastError = 'Please enter guild nick.';
 			return false;
 		}
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789- ") != strlen($name)) {
 			self::$lastError = 'Invalid guild nick format.';
 			return false;
 		}
 		if(!preg_match("/[A-z ]{3,40}/", $name)) {
 			self::$lastError = 'Invalid guild nick format.';
 			return false;
 		}
 		return true;
 	}
 	/**
 	 * Validate rank name
 	 * Rank lenght must be 1-32 chars
@@ -387,6 +412,11 @@ class Validator
 	 */
 	public static function rankName($name)
 	{
 		if(empty($name)) {
 			self::$lastError = 'Please enter rank name.';
 			return false;
 		}
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789-[ ] ") != strlen($name)) {
 			self::$lastError = 'Invalid rank name. Please use only a-Z, 0-9 and spaces.';
 			return false;
--- a/system/libs/visitors.php
+++ b/system/libs/visitors.php
@@ -5,7 +5,6 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -107,7 +106,7 @@ class Visitors
 		}
 		global $db;
-		return $db->query('SELECT ' . $db->fieldName('ip') . ', ' . $db->fieldName('lastvisit') . ', ' . $db->fieldName('page') . ' FROM ' . $db->tableName(TABLE_PREFIX . 'visitors') . ' ORDER BY ' . $db->fieldName('lastvisit') . ' DESC')->fetch();
+		return $db->query('SELECT ' . $db->fieldName('ip') . ', ' . $db->fieldName('lastvisit') . ', ' . $db->fieldName('page') . ' FROM ' . $db->tableName(TABLE_PREFIX . 'visitors') . ' ORDER BY ' . $db->fieldName('lastvisit') . ' DESC')->fetchAll();
 	}
 	public function getAmountVisitors()
--- a/system/libs/weapons.php
+++ b/system/libs/weapons.php
@@ -0,0 +1,81 @@
 <?php
 /**
 * Weapons class
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 class Weapons {
 	private static $error = '';
 	public static function loadFromXML($show = false)
 	{
 		global $config, $db;
 		try {
 			$db->query("DELETE FROM `myaac_weapons`;");
 		} catch (PDOException $error) {
 		}
 		$file_path = $config['data_path'] . 'weapons/weapons.xml';
 		if (!file_exists($file_path)) {
 			self::$error = 'Cannot load file ' . $file_path;
 			return false;
 		}
 		$xml = new DOMDocument;
 		$xml->load($file_path);
 		foreach ($xml->getElementsByTagName('wand') as $weapon) {
 			self::parseNode($weapon, $show);
 		}
 		foreach ($xml->getElementsByTagName('melee') as $weapon) {
 			self::parseNode($weapon, $show);
 		}
 		foreach ($xml->getElementsByTagName('distance') as $weapon) {
 			self::parseNode($weapon, $show);
 		}
 		return true;
 	}
 	public static function parseNode($node, $show = false) {
 		global $config, $db;
 		$id = (int)$node->getAttribute('id');
 		$vocations_ids = array_flip($config['vocations']);
 		$level = (int)$node->getAttribute('level');
 		$maglevel = (int)$node->getAttribute('maglevel');
 		$vocations = array();
 		foreach($node->getElementsByTagName('vocation') as $vocation) {
 			$show = $vocation->getAttribute('showInDescription');
 			if(!empty($vocation->getAttribute('id')))
 				$voc_id = $vocation->getAttribute('id');
 			else {
 				$voc_id = $vocations_ids[$vocation->getAttribute('name')];
 			}
 			$vocations[$voc_id] = strlen($show) == 0 || $show != '0';
 		}
 		$exist = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'weapons` WHERE `id` = ' . $id);
 		if($exist->rowCount() > 0) {
 			if($show) {
 				warning('Duplicated weapon with id: ' . $id);
 			}
 		}
 		else {
 			$db->insert(TABLE_PREFIX . 'weapons', array('id' => $id, 'level' => $level, 'maglevel' => $maglevel, 'vocations' => json_encode($vocations)));
 		}
 	}
 	public static function getError() {
 		return self::$error;
 	}
 }
--- a/system/locale/en/install.php
+++ b/system/locale/en/install.php
@@ -18,7 +18,7 @@ $locale['loaded'] = 'Loaded';
 $locale['not_loaded'] = 'Not loaded';
 $locale['please_fill_all'] = 'Please fill all inputs!';
-$locale['already_installed'] = 'MyAAC has been already installed. Please delete <b>install/<b/> directory.';
+$locale['already_installed'] = 'MyAAC has been already installed. Please delete <b>install/<b/> directory. If you want to reinstall MyAAC - please delete <strong>config.local.php</strong> file from the main directory and refresh the page.';
 // welcome
 $locale['step_welcome'] = 'Welcome';
@@ -42,7 +42,6 @@ $locale['step_config'] = 'Configuration';
 $locale['step_config_title'] = 'Basic configuration';
 $locale['step_config_server_path'] = 'Server path';
 $locale['step_config_server_path_desc'] = 'Path to your TFS main directory, where you have config.lua located.';
 $locale['step_config_mail_admin'] = 'Admin E-Mail';
 $locale['step_config_mail_admin_desc'] = 'Address where emails from contact form will be delivered, for example admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'Admin E-Mail is not correct.';
@@ -51,6 +50,8 @@ $locale['step_config_mail_address_desc'] = 'Address which will be used for outgo
 $locale['step_config_mail_address_error'] = 'Server E-Mail is not correct.';
 $locale['step_config_client'] = 'Client version';
 $locale['step_config_client_desc'] = 'Used for download page and some templates';
 $locale['step_config_usage'] = 'Usage Statistics';
 $locale['step_config_usage_desc'] = 'Allow MyAAC to report anonymous usage statistics? The data is sent only once per 30 days and is fully confidential.';
 // database
 $locale['step_database'] = 'Import schema';
@@ -63,13 +64,14 @@ $locale['step_database_error_only_mysql'] = 'This AAC supports only MySQL. From
 $locale['step_database_error_table'] = 'Table $TABLE$ doesn\'t exist. Please import your OTS database schema first.';
 $locale['step_database_error_table_exist'] = 'Table $TABLE$ already exist. Seems AAC is already installed. Skipping importing MySQL schema..';
 $locale['step_database_error_schema'] = 'Error while importing schema:';
-$locale['step_database_success_schema'] = 'Succesfully installed $PREFIX$ tables.';
+$locale['step_database_success_schema'] = 'Successfully installed $PREFIX$ tables.';
 $locale['step_database_error_file'] = '$FILE$ couldn\'t be opened. Please copy this content and paste there:';
 $locale['step_database_adding_field'] = 'Adding field';
 $locale['step_database_modifying_field'] = 'Modifying field';
 $locale['step_database_changing_field'] = 'Changing $FIELD$ to $FIELD_NEW$...';
 $locale['step_database_imported_players'] = 'Imported player samples...';
-$locale['step_database_loaded_creatures'] = 'Loaded creatures...';
+$locale['step_database_loaded_monsters'] = 'Loaded monsters...';
 $locale['step_database_error_monsters'] = 'There were some problems loading your monsters.xml file. Please check $LOG$ for more info.';
 $locale['step_database_loaded_spells'] = 'Loaded spells...';
 $locale['step_database_created_account'] = 'Created admin account...';
 $locale['step_database_created_news'] = 'Created newses...';
@@ -79,10 +81,16 @@ $locale['step_admin'] = 'Admin Account';
 $locale['step_admin_title'] = 'Create Admin Account';
 $locale['step_admin_account'] = 'Admin account name';
 $locale['step_admin_account_desc'] = 'Name of your admin account, which will be used to login to website and server.';
-$locale['step_admin_account_id'] = 'Admin account id';
+$locale['step_admin_account_error_format'] = 'Invalid account name format. Use only a-Z and numbers 0-9. Minimum 3, maximum 32 characters.';
-$locale['step_admin_account_id_desc'] = 'ID of your admin account, which will be used to login to website and server.';
+$locale['step_admin_account_error_same'] = 'Password may not be the same as account name.';
 $locale['step_admin_account_id'] = 'Admin account number';
 $locale['step_admin_account_id_desc'] = 'Number of your admin account, which will be used to login to website and server.';
 $locale['step_admin_account_id_error_format'] = 'Invalid account number format. Please use only numbers 0-9. Minimum 6, maximum 10 characters.';
 $locale['step_admin_account_id_error_same'] = 'Password may not be the same as account number.';
 $locale['step_admin_password'] = 'Admin account password';
 $locale['step_admin_password_desc'] = 'Password to your admin account.';
 $locale['step_admin_password_error_empty'] = 'Please enter the password for your new account.';
 $locale['step_admin_password_error_format'] = 'Invalid password format. Use only a-Z and numbers 0-9. Minimum 8, maximum 30 characters.';
 // finish
 $locale['step_finish_admin_panel'] = 'Admin Panel';
--- a/system/locale/pl/install.php
+++ b/system/locale/pl/install.php
@@ -18,7 +18,7 @@ $locale['loaded'] = 'Załadowane';
 $locale['not_loaded'] = 'Nie załadowane';
 $locale['please_fill_all'] = 'Proszę wypełnić wszystkie pola!';
-$locale['already_installed'] = 'MyAAC został już zainstalowany. Proszę usunąć katalog <b>install/</b>.';
+$locale['already_installed'] = 'MyAAC został już zainstalowany. Proszę usunąć katalog <b>install/</b>. Jeśli chcesz zainstalować MyAAC od nowa - proszę usuń plik <strong>config.local.php</strong> z katalogu głównego i odśwież stronę.';
 // welcome
 $locale['step_welcome'] = 'Witamy';
@@ -42,11 +42,6 @@ $locale['step_config'] = 'Konfiguracja';
 $locale['step_config_title'] = 'Podstawowa konfiguracja';
 $locale['step_config_server_path'] = 'Ścieżka do serwera';
 $locale['step_config_server_path_desc'] = 'Ścieżka do Twojego folderu z TFS, gdzie znajduje się plik config.lua.';
 $locale['step_config_account'] = 'Konto administratora';
 $locale['step_config_account_desc'] = 'Nazwa twojego konta admina, która będzie używana do logowania na stronę i do serwera.';
 $locale['step_config_password'] = 'Hasło do konta admina';
 $locale['step_config_password_desc'] = 'Hasło do Twojego konta administratora.';
 $locale['step_config_mail_admin'] = 'E-Mail admina';
 $locale['step_config_mail_admin_desc'] = 'Na ten adres będą dostarczane E-Maile z formularza kontaktowego , przykładowo admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'E-Mail admina jest niepoprawny.';
@@ -55,13 +50,16 @@ $locale['step_config_mail_address_desc'] = 'Ten adres będzie używany do wysył
 $locale['step_config_mail_address_error'] = 'E-Mail serwera jest niepoprawny.';
 $locale['step_config_client'] = 'Wersja klienta';
 $locale['step_config_client_desc'] = 'Używana do strony pobieranie klienta oraz kilku szablonów';
 $locale['step_config_usage'] = 'Raportowanie Statystyk';
 $locale['step_config_usage_desc'] = 'Zezwalaj MyAAC na raportowanie anonimowych statystyk? Dane są wysyłane raz na 30 dni i są w pełni anonimowe.';
 // database
-$locale['step_database'] = 'Baza';
+$locale['step_database'] = 'Baza Danych';
 $locale['step_database_title'] = 'Baza MySQL';
 $locale['step_database_importing'] = 'Twoja baza to MySQL. Importowanie schematu...';
 $locale['step_database_error_path'] = 'Proszę podać ścieżkę do serwera.';
 $locale['step_database_error_config'] = 'Nie można znaleźć pliku config. Jest Twoja ścieżka do katalogu serwera poprawna? Wróć się i sprawdź ponownie.';
 $locale['step_database_error_database_empty'] = 'Nie można wykryć typu bazy danych z pliku config.lua. Prawdopodobnie Twój OTS nie jest wspierany przez ten AAC.';
 $locale['step_database_error_only_mysql'] = 'Ten AAC wspiera tylko bazy danych MySQL. Z Twojego pliku config wynika, że Twój serwera używa bazy: $DATABASE_TYPE$. Proszę zmienić typ bazy na MySQL i ponownie przystąpić do instalacji.';
 $locale['step_database_error_table'] = 'Tabela $TABLE$ nie istnieje. Proszę najpierw zaimportować schemat bazy danych serwera OTS.';
 $locale['step_database_error_table_exist'] = 'Tabela $TABLE$ już istnieje. Wygląda na to, że AAC został już zainstalowany. Schemat MySQL nie zostanie zaimportowany..';
@@ -72,9 +70,28 @@ $locale['step_database_adding_field'] = 'Dodawanie pola';
 $locale['step_database_modifying_field'] = 'Modyfikacja pola';
 $locale['step_database_changing_field'] = 'Zmiana $FIELD$ na $FIELD_NEW$...';
 $locale['step_database_imported_players'] = 'Importowanie schematów graczy...';
 $locale['step_database_loaded_monsters'] = 'Załadowano potworki (monsters)...';
 $locale['step_database_error_monsters'] = 'Wystąpiły problemy podczas ładowania pliku monsters.xml. Zobacz $LOG$ po więcej informacji.';
 $locale['step_database_loaded_spells'] = 'Załadowano czary (spells)...';
 $locale['step_database_created_account'] = 'Utworzono konto admina...';
 $locale['step_database_created_news'] = 'Utworzono newsy...';
 // admin account
 $locale['step_admin'] = 'Konto Admina';
 $locale['step_admin_title'] = 'Tworzenie Konta Admina';
 $locale['step_admin_account'] = 'Nazwa Konta Admina';
 $locale['step_admin_account_desc'] = 'Nazwa Twojego konta admina, która będzie używana do logowania na stronę i do serwera.';
 $locale['step_admin_account_error_format'] = 'Nieprawidłowy format nazwy konta. Używaj tylko znaków a-Z oraz liczb 0-9. Minimum 3, maksimum 32 znaków.';
 $locale['step_admin_account_error_same'] = 'Hasło nie może być takie same jak nazwa konta.';
 $locale['step_admin_account_id'] = 'Numer Konta Admina';
 $locale['step_admin_account_id_desc'] = 'Numer Twojego Konta Admina, który będzie używany do logowania do strony i na serwer.';
 $locale['step_admin_account_id_error_format'] = 'Nieprawidłowy format numeru konta. Używaj tylko liczb 0-9. Minimum 6, maksimum 10 znaków.';
 $locale['step_admin_account_id_error_same'] = 'Hasło nie może być takie same jak numer konta.';
 $locale['step_admin_password'] = 'Hasło Konta Admina';
 $locale['step_admin_password_desc'] = 'Hasło do Twojego Konta Admina.';
 $locale['step_admin_password_error_empty'] = 'Proszę podać hasło do Twojego nowego konta.';
 $locale['step_admin_password_error_format'] = 'Nieprawidłowy format hasła. Używaj tylko znaków a-Z oraz liczb 0-9. Minimum 8, maksimum 30 characters.';
 // finish
 $locale['step_finish_admin_panel'] = 'Panelu Admina';
 $locale['step_finish_homepage'] = 'stronę główną';
--- a/system/locale/sv/install.php
+++ b/system/locale/sv/install.php
@@ -18,7 +18,7 @@ $locale['loaded'] = 'Laddad';
 $locale['not_loaded'] = 'Inte Laddad';
 $locale['please_fill_all'] = 'Vänligen fyll i allt!';
-$locale['already_installed'] = 'MyAAC är redan installerat. Vänligen ta bort <b>install/<b/> mappen.';
+$locale['already_installed'] = 'MyAAC är redan installerat. Vänligen ta bort <b>install/<b/> mappen. Om du vill installera MyAAC igen - ta bort filen <strong>config.local.php</strong> från huvudkatalogen och uppdatera sidan.';
 // welcome
 $locale['step_welcome'] = 'Välkommen';
--- a/system/login.php
+++ b/system/login.php
@@ -5,7 +5,6 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -13,11 +12,13 @@ $logged = false;
 $logged_flags = 0;
 $action = isset($_REQUEST['action']) ? strtolower($_REQUEST['action']) : '';
-if($action == 'logout' && !isset($_REQUEST['account_login']))
+define('ACTION', $action);
 if(ACTION == 'logout' && !isset($_REQUEST['account_login']))
 {
-	unset($_SESSION['account']);
+	unsetSession('account');
-	unset($_SESSION['password']);
+	unsetSession('password');
-	unset($_SESSION['remember_me']);
+	unsetSession('remember_me');
 	if(isset($_REQUEST['redirect']))
 	{
@@ -68,19 +69,19 @@ else
 				&& (!isset($t) || $t['attempts'] < 5)
 				)
 			{
-				$_SESSION['account'] = $account_logged->getId();
+				setSession('account', $account_logged->getId());
-				$_SESSION['password'] = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password);
+				setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password));
 				if(isset($_POST['remember_me']))
-					$_SESSION['remember_me'] = true;
+					setSession('remember_me', true);
 				$logged = true;
 				$logged_flags = $account_logged->getWebFlags();
 				if(isset($_POST['admin']) && !admin()) {
 					$errors[] = 'This account has no admin privileges.';
-					unset($_SESSION['account']);
+					unsetSession('account');
-					unset($_SESSION['password']);
+					unsetSession('password');
-					unset($_SESSION['remember_me']);
+					unsetSession('remember_me');
 					$logged = false;
 				}
 				else {
@@ -119,19 +120,20 @@ else
 	}
 	// stay-logged with sessions
-	if(isset($_SESSION['account']))
+	$current_session = getSession('account');
 	if($current_session !== false)
 	{
 		$account_logged = new OTS_Account();
-		$account_logged->load($_SESSION['account']);
+		$account_logged->load($current_session);
-		if($account_logged->isLoaded() && $account_logged->getPassword() == $_SESSION['password']
+		if($account_logged->isLoaded() && $account_logged->getPassword() == getSession('password')
 			//&& (!isset($_SESSION['admin']) || admin())
-			&& (isset($_SESSION['remember_me']) || $_SESSION['last_visit'] > time() - 15 * 60)) {  // login for 15 minutes if "remember me" is not used
+			&& (getSession('remember_me') !== false || getSession('last_visit') > time() - 15 * 60)) {  // login for 15 minutes if "remember me" is not used
 				$logged = true;
 		}
 		else
 		{
 			$logged = false;
-			unset($_SESSION['account']);
+			unsetSession('account');
 			unset($account_logged);
 		}
 	}
@@ -143,8 +145,9 @@ else
 	}
 }
-$_SESSION['last_visit'] = time();
+setSession('last_visit', time());
-if(defined('PAGE'))
+if(defined('PAGE')) {
-	$_SESSION['last_page'] = PAGE;
+	setSession('last_page', PAGE);
-$_SESSION['last_uri'] = $_SERVER['REQUEST_URI'];
+}
 setSession('last_uri', $_SERVER['REQUEST_URI']);
 ?>
--- a/system/migrations/12.php
+++ b/system/migrations/12.php
@@ -0,0 +1,49 @@
 <?php
 // add new item_id field for runes
 if(!fieldExist('item_id', TABLE_PREFIX . 'spells'))
 	$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` ADD `item_id` INT(11) NOT NULL DEFAULT 0 AFTER `conjure_count`;");
 // change unique index from spell to name
 $db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` DROP INDEX `spell`;");
 $db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` ADD UNIQUE INDEX (`name`);");
 // change comment of spells.type
 $db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` MODIFY `type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune';");
 // new items table
 if(!tableExist(TABLE_PREFIX . 'items'))
 $db->query("
 CREATE TABLE `" . TABLE_PREFIX . "items`
 (
 	`id` INT(11) NOT NULL,
 	`article` VARCHAR(5) NOT NULL DEFAULT '',
 	`name` VARCHAR(50) NOT NULL DEFAULT '',
 	`plural` VARCHAR(50) NOT NULL DEFAULT '',
 	`attributes` VARCHAR(500) NOT NULL DEFAULT '',
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;");
 // new weapons table
 if(!tableExist(TABLE_PREFIX . 'weapons'))
 $db->query("
 CREATE TABLE `" . TABLE_PREFIX . "weapons`
 (
 	`id` INT(11) NOT NULL,
 	`level` INT(11) NOT NULL DEFAULT 0,
 	`maglevel` INT(11) NOT NULL DEFAULT 0,
 	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;");
 // modify vocations to support json data
 $db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` MODIFY `vocations` VARCHAR(100) NOT NULL DEFAULT '';");
 $query = $db->query('SELECT `id`, `vocations` FROM `' . TABLE_PREFIX . 'spells`');
 foreach($query->fetchAll() as $spell) {
 	$tmp = explode(',', $spell['vocations']);
 	foreach($tmp as &$v) {
 		$v = (int)$v;
 	}
 	$db->update(TABLE_PREFIX . 'spells', array('vocations' => json_encode($tmp)), array('id' => $spell['id']));
 }
 ?>
--- a/system/migrations/13.php
+++ b/system/migrations/13.php
@@ -0,0 +1,4 @@
 <?php
 	if(fieldExist('spell', TABLE_PREFIX . 'spells'))
 		$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` DROP COLUMN `spell`;");
 ?>
--- a/system/migrations/14.php
+++ b/system/migrations/14.php
@@ -0,0 +1,18 @@
 <?php
 // change monsters.file_path field to loot
 if(fieldExist('file_path', TABLE_PREFIX . 'monsters')) {
 	$db->query("ALTER TABLE `" . TABLE_PREFIX . "monsters` CHANGE `file_path` `loot` VARCHAR(5000);");
 }
 // update loot to empty string
 $db->query("UPDATE `" . TABLE_PREFIX . "monsters` SET `loot` = '';");
 // drop monsters.gfx_name field
 $db->query("ALTER TABLE `" . TABLE_PREFIX . "monsters` DROP COLUMN `gfx_name`;");
 // rename hide_creature to hidden
 if(fieldExist('hide_creature', TABLE_PREFIX . 'monsters')) {
 	$db->query("ALTER TABLE `" . TABLE_PREFIX . "monsters` CHANGE `hide_creature` `hidden` TINYINT(1) NOT NULL DEFAULT 0;");
 }
 ?>
--- a/system/migrations/15.php
+++ b/system/migrations/15.php
@@ -0,0 +1,11 @@
 <?php
 // add new forum.guild and forum.access fields
 if(!fieldExist('guild', TABLE_PREFIX . 'forum_boards')) {
 	$db->query("ALTER TABLE `" . TABLE_PREFIX . "forum_boards` ADD `guild` TINYINT(1) NOT NULL DEFAULT 0 AFTER `closed`;");
 }
 if(!fieldExist('access', TABLE_PREFIX . 'forum_boards')) {
 	$db->query("ALTER TABLE `" . TABLE_PREFIX . "forum_boards` ADD `access` TINYINT(1) NOT NULL DEFAULT 0 AFTER `guild`;");
 }
 ?>
--- a/system/migrations/16.php
+++ b/system/migrations/16.php
@@ -0,0 +1,5 @@
 <?php
 // change size of spells.vocations
 $db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` MODIFY `vocations` VARCHAR(300) NOT NULL DEFAULT '';");
 ?>
--- a/system/migrations/17.php
+++ b/system/migrations/17.php
@@ -0,0 +1,88 @@
 <?php
 if(!tableExist('myaac_menu')) {
 	$db->query("
 CREATE TABLE `myaac_menu`
 (
 	`id` INT(11) NOT NULL AUTO_INCREMENT,
 	`template` VARCHAR(255) NOT NULL,
 	`name` VARCHAR(255) NOT NULL,
 	`link` VARCHAR(255) NOT NULL,
 	`category` INT(11) NOT NULL DEFAULT 1,
 	`ordering` INT(11) NOT NULL DEFAULT 0,
 	`enabled` INT(1) NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;");
 	$db->query("
 /* MENU_CATEGORY_NEWS kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Latest News', 'news', 1, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'News Archive', 'news/archive', 1, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Changelog', 'changelog', 1, 2);
 /* MENU_CATEGORY_ACCOUNT kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Account Management', 'account/manage', 2, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Create Account', 'account/create', 2, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Lost Account?', 'account/lost', 2, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Rules', 'rules', 2, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Downloads', 'downloads', 5, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Report Bug', 'bugtracker', 2, 5);
 /* MENU_CATEGORY_COMMUNITY kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Who is Online?', 'online', 3, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Characters', 'characters', 3, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Guilds', 'guilds', 3, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Highscores', 'highscores', 3, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Last Deaths', 'lastkills', 3, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Houses', 'houses', 3, 5);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Bans', 'bans', 3, 6);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Forum', 'forum', 3, 7);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Team', 'team', 3, 8);
 /* MENU_CATEGORY_LIBRARY kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Monsters', 'creatures', 5, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Spells', 'spells', 5, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Info', 'serverInfo', 5, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Commands', 'commands', 5, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Gallery', 'gallery', 5, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Experience Table', 'experienceTable', 5, 5);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'FAQ', 'faq', 5, 6);
 /* MENU_CATEGORY_SHOP kathrine */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Buy Points', 'points', 6, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop Offer', 'gifts', 6, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop History', 'gifts/history', 6, 2);
 /* MENU_CATEGORY_NEWS tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Latest News', 'news', 1, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'News Archive', 'news/archive', 1, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Changelog', 'changelog', 1, 2);
 /* MENU_CATEGORY_ACCOUNT tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Account Management', 'account/manage', 2, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Create Account', 'account/create', 2, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Lost Account?', 'account/lost', 2, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Rules', 'rules', 2, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Downloads', 'downloads', 2, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Report Bug', 'bugtracker', 2, 5);
 /* MENU_CATEGORY_COMMUNITY tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Characters', 'characters', 3, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Who Is Online?', 'online', 3, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Highscores', 'highscores', 3, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Last Kills', 'lastkills', 3, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Houses', 'houses', 3, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Guilds', 'guilds', 3, 5);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Polls', 'polls', 3, 6);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Bans', 'bans', 3, 7);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Support List', 'team', 3, 8);
 /* MENU_CATEGORY_FORUM tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Forum', 'forum', 4, 0);
 /* MENU_CATEGORY_LIBRARY tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Creatures', 'creatures', 5, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Spells', 'spells', 5, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Commands', 'commands', 5, 2);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Exp Stages', 'experienceStages', 5, 3);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Gallery', 'gallery', 5, 4);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Info', 'serverInfo', 5, 5);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Experience Table', 'experienceTable', 5, 6);
 /* MENU_CATEGORY_SHOP tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Buy Points', 'points', 6, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop Offer', 'gifts', 6, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop History', 'gifts/history', 6, 2);
 	");
 }
 ?>
--- a/system/migrations/18.php
+++ b/system/migrations/18.php
@@ -0,0 +1,6 @@
 <?php
 $db->query("ALTER TABLE `" . TABLE_PREFIX . "news` ADD `article_text` VARCHAR(300) NOT NULL DEFAULT '' AFTER `comments`;");
 $db->query("ALTER TABLE `" . TABLE_PREFIX . "news` ADD `article_image` VARCHAR(100) NOT NULL DEFAULT '' AFTER `article_text`;");
 ?>
--- a/system/migrations/19.php
+++ b/system/migrations/19.php
@@ -0,0 +1,3 @@
 <?php
 // this migration has been removed, but file kept for compability
 ?>
--- a/system/migrations/20.php
+++ b/system/migrations/20.php
@@ -0,0 +1,48 @@
 <?php
 if(!isset($database_migration_20)) {
 	databaseMigration20();
 }
 function databaseMigration20(&$content = '') {
 	global $db;
 	$config_file = BASE . 'config.local.php';
 	if(!is_writable($config_file)) { // we can't do anything, just ignore
 		return false;
 	}
 	$content_of_file = trim(file_get_contents($config_file));
 	if(strpos($content_of_file, 'highscores_ids_hidden') !== false) { // already present
 		return true;
 	}
 	$query = $db->query("SELECT `id` FROM `players` WHERE (`name` = " . $db->quote("Rook Sample") . " OR `name` = " . $db->quote("Sorcerer Sample") . " OR `name` = " . $db->quote("Druid Sample") . " OR `name` = " . $db->quote("Paladin Sample") . " OR `name` = " . $db->quote("Knight Sample") . " OR `name` = " . $db->quote("Account Manager") . ") ORDER BY `id`;");
 	$highscores_ignored_ids = array();
 	if($query->rowCount() > 0) {
 		foreach($query->fetchAll() as $result)
 			$highscores_ignored_ids[] = $result['id'];
 	}
 	else {
 		$highscores_ignored_ids[] = 0;
 	}
 	$php_on_end = substr($content_of_file, -2, 2) == '?>';
 	$content = PHP_EOL;
 	if($php_on_end) {
 		$content .= '<?php';
 	}
 	$content .= PHP_EOL;
 	$content .= '$config[\'highscores_ids_hidden\'] = array(' . implode(', ', $highscores_ignored_ids) . ');';
 	$content .= PHP_EOL;
 	if($php_on_end) {
 		$content .= '?>';
 	}
 	file_put_contents($config_file, $content, FILE_APPEND);
 	return true;
 }
 ?>
--- a/system/migrations/21.php
+++ b/system/migrations/21.php
@@ -0,0 +1,14 @@
 <?php
 $db->query("ALTER TABLE `" . TABLE_PREFIX . "forum` ADD `post_html` TINYINT(1) NOT NULL DEFAULT 0 AFTER `post_smile`;");
 $query = $db->query("SELECT `id` FROM `" . TABLE_PREFIX . "forum_boards` WHERE `name` LIKE " . $db->quote('News') . " LIMIT 1;");
 if($query->rowCount() == 0) {
 	return; // don't make anything
 }
 $query = $query->fetch();
 $id = $query['id'];
 // update all forum threads with is_html = 1
 $db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `post_html` = 1 WHERE `section` = " . $id . " AND `id` = `first_post`;");
--- a/system/migrations/22.php
+++ b/system/migrations/22.php
@@ -0,0 +1,29 @@
 <?php
 if(!tableExist('z_polls'))
 	$db->query('
 CREATE TABLE `z_polls` (
  `id` int(11) NOT NULL auto_increment,
  `question` varchar(255) NOT NULL,
  `description` varchar(255) NOT NULL,
  `end` int(11) NOT NULL DEFAULT 0,
  `start` int(11) NOT NULL DEFAULT 0,
  `answers` int(11) NOT NULL DEFAULT 0,
  `votes_all` int(11) NOT NULL DEFAULT 0,
  PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;');
 if(!tableExist('z_polls_answers'))
 $db->query('
 	CREATE TABLE `z_polls_answers` (
  `poll_id` int(11) NOT NULL,
  `answer_id` int(11) NOT NULL,
  `answer` varchar(255) NOT NULL,
  `votes` int(11) NOT NULL DEFAULT 0
 ) ENGINE=MyISAM DEFAULT CHARSET=latin1;');
 if(!fieldExist('vote', 'accounts'))
 	$db->query('ALTER TABLE `accounts` ADD `vote` INT( 11 ) DEFAULT 0 NOT NULL ;');
 else {
 	$db->query('ALTER TABLE `accounts` MODIFY `vote` INT( 11 ) DEFAULT 0 NOT NULL ;');
 }
--- a/system/pages/404.php
+++ b/system/pages/404.php
@@ -5,7 +5,6 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
--- a/system/pages/account.php
+++ b/system/pages/account.php
@@ -1,25 +1,16 @@
 <?php
 /**
 * Account confirm mail
 * Keept for compability
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.0
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Account';
-if($action == 'confirm_email')
+if($action == 'confirm_email') {
-{
+	require_once(PAGES . 'account/confirm_email.php');
 	$res = $db->query('SELECT email_hash FROM accounts WHERE email_hash = ' . $db->quote($_GET['v']));
 	if(!$res->rowCount())
 		echo '<div class="note">Your email couldn\'t be verified. Please contact staff to do it manually.</div>';
 	else
 	{
 		$db->update('accounts', array('email_verified' => '1'), array('email_hash' => $_GET['v']));
 		echo '<div class="success">You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.</div>';
 	}
 }
 ?>
--- a/system/pages/account/change_comment.php
+++ b/system/pages/account/change_comment.php
@@ -0,0 +1,59 @@
 <?php
 /**
 * Change comment
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $player_name = isset($_REQUEST['name']) ? stripslashes(urldecode($_REQUEST['name'])) : null;
 $new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
 $new_hideacc = isset($_POST['accountvisible']) ? (int)$_POST['accountvisible'] : NULL;
 if($player_name != null) {
 	if (Validator::characterName($player_name)) {
 		$player = new OTS_Player();
 		$player->find($player_name);
 		if ($player->isLoaded()) {
 			$player_account = $player->getAccount();
 			if ($account_logged->getId() == $player_account->getId()) {
 				if (isset($_POST['changecommentsave']) && $_POST['changecommentsave'] == 1) {
 					$player->setCustomField("hidden", $new_hideacc);
 					$player->setCustomField("comment", $new_comment);
 					$account_logged->logAction('Changed comment for character <b>' . $player->getName() . '</b>.');
 					echo $twig->render('success.html.twig', array(
 						'title' => 'Character Information Changed',
 						'description' => 'The character information has been changed.'
 					));
 					$show_form = false;
 				}
 			} else {
 				$errors[] = 'Error. Character <b>' . $player_name . '</b> is not on your account.';
 			}
 		} else {
 			$errors[] = "Error. Character with this name doesn't exist.";
 		}
 	} else {
 		$errors[] = 'Error. Name contain illegal characters.';
 	}
 }
 else {
 	$errors[] = 'Please enter character name.';
 }
 if($show_form) {
 	if(!empty($errors)) {
 		echo $twig->render('error_box.html.twig', array('errors' => $errors));
 	}
 	if(isset($player)) {
 		echo $twig->render('account.change_comment.html.twig', array(
 			'player' => $player
 		));
 	}
 }
 ?>
--- a/system/pages/account/change_email.php
+++ b/system/pages/account/change_email.php
@@ -0,0 +1,162 @@
 <?php
 /**
 * Change Email
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $email_new_time = $account_logged->getCustomField("email_new_time");
 if($email_new_time > 10) {
 	$email_new = $account_logged->getCustomField("email_new");
 }
 if($email_new_time < 10) {
 	if(isset($_POST['changeemailsave']) && $_POST['changeemailsave'] == 1) {
 		$email_new = $_POST['new_email'];
 		$post_password = $_POST['password'];
 		if(!Validator::email($email_new)) {
 			$errors[] = Validator::getLastError();
 		}
 		if(empty($post_password)) {
 			$errors[] = 'Please enter password to your account.';
 		}
 		else {
 			$post_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $post_password);
 			if($post_password != $account_logged->getPassword()) {
 				$errors[] = 'Wrong password to account.';
 			}
 		}
 		if(empty($errors)) {
 			$email_new_time = time() + $config['account_mail_change'] * 24 * 3600;
 			$account_logged->setCustomField("email_new", $email_new);
 			$account_logged->setCustomField("email_new_time", $email_new_time);
 			echo $twig->render('success.html.twig', array(
 				'title' => 'New Email Address Requested',
 				'description' => 'You have requested to change your email address to <b>' . $email_new . '</b>. The actual change will take place after <b>' . date("j F Y, G:i:s", $email_new_time) . '</b>, during which you can cancel the request at any time.'
 			));
 		}
 		else
 		{
 			//show errors
 			echo $twig->render('error_box.html.twig', array('errors' => $errors));
 			//show form
 			echo $twig->render('account.change_mail.html.twig', array(
 				'new_email' => isset($_POST['new_email']) ? $_POST['new_email'] : null
 			));
 		}
 	}
 	else
 	{
 		echo $twig->render('account.change_mail.html.twig', array(
 			'new_email' => isset($_POST['new_email']) ? $_POST['new_email'] : null
 		));
 	}
 }
 else
 {
 	if($email_new_time < time()) {
 		if($_POST['changeemailsave'] == 1) {
 			$account_logged->setCustomField("email_new", "");
 			$account_logged->setCustomField("email_new_time", 0);
 			$account_logged->setEmail($email_new);
 			$account_logged->save();
 			$account_logged->logAction('Account email changed to <b>' . $email_new . '</b>');
 			echo $twig->render('success.html.twig', array(
 				'title' => 'Email Address Change Accepted',
 				'description' => 'You have accepted <b>' . $account_logged->getEmail() . '</b> as your new email adress.'
 			));
 		}
 		else
 		{
 			$custom_buttons = '
 <table width="100%">
 	<tr>
 		<td width="30">&nbsp;</td>
 		<td align=left>
 			<form action="' . getLink('account/email') . '" method="post"><input type="hidden" name="changeemailsave" value=1 >
 				<INPUT TYPE=image NAME="I Agree" SRC="' . $template_path . '/images/global/buttons/sbutton_iagree.gif" BORDER=0 WIDTH=120 HEIGHT=17>
 			</form>
 		</td>
 		<td align=left>
 			<form action="' . getLink('account/email') . '" method="post">
 				<input type="hidden" name="emailchangecancel" value=1 >
 				' . $twig->render('buttons.cancel.html.twig') . '
 			</form>
 		</td>
 		<td align=right>
 			<form action="?subtopic=accountmanagement" method="post" >
 				' . $twig->render('buttons.back.html.twig') . '
 			</form>
 		</td>
 		<td width="30">&nbsp;</td>
 	</tr>
 </table>';
 			echo $twig->render('success.html.twig', array(
 				'title' => 'Email Address Change Accepted',
 				'description' => 'Do you accept <b>'.$email_new.'</b> as your new email adress?',
 				'custom_buttons' => $custom_buttons
 			));
 		}
 	}
 	else
 	{
 		$custom_buttons = '
 <table style="width:100%;" >
 	<tr align="center">
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0" >
 				<form action="{{ ' .getLink('account/email') . ' }}" method="post" >
 					<tr>
 						<td style="border:0px;" >
 							<input type="hidden" name="emailchangecancel" value="1" >
 							' . $twig->render('buttons.cancel.html.twig') . '
 						</td>
 					</tr>
 				</form>
 			</table>
 		</td>
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0" >
 				<form action="' . getLink('account/manage') . '" method="post" >
 					<tr>
 						<td style="border:0px;" >
 							' . $twig->render('buttons.back.html.twig') . '
 						</td>
 					</tr>
 				</form>
 			</table>
 		</td>
 	</tr>
 </table>';
 		echo $twig->render('success.html.twig', array(
 			'title' => 'Change of Email Address',
 			'description' => 'A request has been submitted to change the email address of this account to <b>'.$email_new.'</b>.<br/>The actual change will take place on <b>'.date("j F Y, G:i:s", $email_new_time).'</b>.<br>If you do not want to change your email address, please click on "Cancel".',
 			'custom_buttons' => $custom_buttons
 		));
 	}
 }
 if(isset($_POST['emailchangecancel']) && $_POST['emailchangecancel'] == 1) {
 	$account_logged->setCustomField("email_new", "");
 	$account_logged->setCustomField("email_new_time", 0);
 	$custom_buttons = '<center><table border="0" cellspacing="0" cellpadding="0" ><form action="?subtopic=accountmanagement" method="post" ><tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></center>';
 	echo $twig->render('success.html.twig', array(
 		'title' => 'Email Address Change Cancelled',
 		'description' => 'Your request to change the email address of your account has been cancelled. The email address will not be changed.',
 		'custom_buttons' => $custom_buttons
 	));
 }
 ?>
--- a/system/pages/account/change_info.php
+++ b/system/pages/account/change_info.php
@@ -0,0 +1,61 @@
 <?php
 /**
 * Change info
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $show_form = true;
 $new_rlname = isset($_POST['info_rlname']) ? htmlspecialchars(stripslashes($_POST['info_rlname'])) : NULL;
 $new_location = isset($_POST['info_location']) ? htmlspecialchars(stripslashes($_POST['info_location'])) : NULL;
 $new_country = isset($_POST['info_country']) ? htmlspecialchars(stripslashes($_POST['info_country'])) : NULL;
 if(isset($_POST['changeinfosave']) && $_POST['changeinfosave'] == 1) {
 	if(!isset($config['countries'][$new_country]))
 		$errors[] = 'Country is not correct.';
 	if(empty($errors)) {
 		//save data from form
 		$account_logged->setCustomField("rlname", $new_rlname);
 		$account_logged->setCustomField("location", $new_location);
 		$account_logged->setCustomField("country", $new_country);
 		$account_logged->logAction('Changed Real Name to <b>' . $new_rlname . '</b>, Location to <b>' . $new_location . '</b> and Country to <b>' . $config['countries'][$new_country] . '</b>.');
 		echo $twig->render('success.html.twig', array(
 			'title' => 'Public Information Changed',
 			'description' => 'Your public information has been changed.'
 		));
 		$show_form = false;
 	}
 	else {
 		echo $twig->render('error_box.html.twig', array('errors' => $errors));
 	}
 }
 //show form
 if($show_form) {
 	$account_rlname = $account_logged->getCustomField("rlname");
 	$account_location = $account_logged->getCustomField("location");
 	if ($config['account_country'])
 		$account_country = $account_logged->getCustomField("country");
 	$countries = array();
 	foreach (array('pl', 'se', 'br', 'us', 'gb',) as $country)
 		$countries[$country] = $config['countries'][$country];
 	$countries['--'] = '----------';
 	foreach ($config['countries'] as $code => $country)
 		$countries[$code] = $country;
 	echo $twig->render('account.change_info.html.twig', array(
 		'countries' => $countries,
 		'account_rlname' => $account_rlname,
 		'account_location' => $account_location,
 		'account_country' => $account_country
 	));
 }
 ?>
--- a/system/pages/account/change_name.php
+++ b/system/pages/account/change_name.php
@@ -0,0 +1,92 @@
 <?php
 /**
 * Change characters name
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 echo '<script type="text/javascript" src="tools/check_name.js"></script>';
 $player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
 $name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : NULL;
 if((!$config['account_change_character_name']))
 	echo 'Changing character name for premium points is disabled on this server.';
 else
 {
 	$points = $account_logged->getCustomField('premium_points');
 	if(isset($_POST['changenamesave']) && $_POST['changenamesave'] == 1) {
 		if($points < $config['account_change_character_name_points'])
 			$errors[] = 'You need ' . $config['account_change_character_name_points'] . ' premium points to change name. You have <b>'.$points.'<b> premium points.';
 		if(empty($errors) && empty($name))
 			$errors[] = 'Please enter a new name for your character!';
 		else if(strlen($name) > 25)
 			$errors[] = 'Name is too long. Max. lenght <b>25</b> letters.';
 		else if(strlen($name) < 3)
 			$errors[] = 'Name is too short. Min. lenght <b>3</b> letters.';
 		else {
 			$exist = new OTS_Player();
 			$exist->find($name);
 			if($exist->isLoaded()) {
 				$errors[] = 'Character with this name already exist.';
 			}
 		}
 		if(empty($errors))
 		{
 			if(!admin() && !Validator::newCharacterName($name))
 				$errors[] = Validator::getLastError();
 		}
 		if(empty($errors)) {
 			$player = new OTS_Player();
 			$player->load($player_id);
 			if($player->isLoaded()) {
 				$player_account = $player->getAccount();
 				if($account_logged->getId() == $player_account->getId()) {
 					if($player->isOnline()) {
 						$errors[] = 'This character is online.';
 					}
 					if(empty($errors)) {
 						$show_form = false;
 						$old_name = $player->getName();
 						$player->setName($name);
 						$player->save();
 						$account_logged->setCustomField("premium_points", $points - $config['account_change_character_name_points']);
 						$account_logged->logAction('Changed name from <b>' . $old_name . '</b> to <b>' . $player->getName() . '</b>.');
 						echo $twig->render('success.html.twig', array(
 							'title' => 'Character Name Changed',
 							'description' => 'The character <b>'.$old_name.'</b> name has been changed to <b>' . $player->getName() . '</b>.'
 						));
 					}
 				}
 				else {
 					$errors[] = 'Character <b>' . $player_name . '</b> is not on your account.';
 				}
 			}
 			else {
 				$errors[] = "Character with this name doesn't exist.";
 			}
 		}
 	}
 	if($show_form) {
 		if(!empty($errors)) {
 			echo $twig->render('error_box.html.twig', array('errors' => $errors));
 		}
 		echo $twig->render('account.change_name.html.twig', array(
 			'points' => $points,
 			'errors' => $errors
 			//'account_players' => $account_logged->getPlayersList()
 		));
 	}
 }
 ?>
--- a/system/pages/account/change_password.php
+++ b/system/pages/account/change_password.php
@@ -0,0 +1,83 @@
 <?php
 /**
 * Change password
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $new_password = isset($_POST['newpassword']) ? $_POST['newpassword'] : NULL;
 $new_password2 = isset($_POST['newpassword2']) ? $_POST['newpassword2'] : NULL;
 $old_password = isset($_POST['oldpassword']) ? $_POST['oldpassword'] : NULL;
 if(empty($new_password) && empty($new_password2) && empty($old_password)) {
 	echo $twig->render('account.change_password.html.twig');
 }
 else
 {
 	if(empty($new_password) || empty($new_password2) || empty($old_password)){
 		$errors[] = "Please fill in form.";
 	}
 	$password_strlen = strlen($new_password);
 	if($new_password != $new_password2) {
 		$errors[] = "The new passwords do not match!";
 	}
 	if(empty($errors)) {
 		if(!Validator::password($new_password)) {
 			$errors[] = Validator::getLastError();
 		}
 		$old_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $old_password);
 		if($old_password != $account_logged->getPassword()) {
 			$errors[] = "Current password is incorrect!";
 		}
 	}
 	if(!empty($errors)){
 		//show errors
 		echo $twig->render('error_box.html.twig', array('errors' => $errors));
 		//show form
 		echo $twig->render('account.change_password.html.twig');
 	}
 	else
 	{
 		$org_pass = $new_password;
 		if($config_salt_enabled)
 		{
 			$salt = generateRandomString(10, false, true, true);
 			$new_password = $salt . $new_password;
 			$account_logged->setCustomField('salt', $salt);
 		}
 		$new_password = encrypt($new_password);
 		$account_logged->setPassword($new_password);
 		$account_logged->save();
 		$account_logged->logAction('Account password changed.');
 		$message = '';
 		if($config['mail_enabled'] && $config['send_mail_when_change_password'])
 		{
 			$mailBody = $twig->render('mail.password_changed.html.twig', array(
 				'new_password' => $org_pass
 			));
 			if(_mail($account_logged->getEMail(), $config['lua']['serverName']." - Changed password", $mailBody))
 				$message = '<br/><small>Your new password were send on email address <b>'.$account_logged->getEMail().'</b>.</small>';
 			else
 				$message = '<br/><p class="error">An error occorred while sending email with password:<br/>' . $mailer->ErrorInfo . '</p>';
 		}
 		echo $twig->render('success.html.twig', array(
 			'title' => 'Password Changed',
 			'description' => 'Your password has been changed.' . $message
 		));
 		setSession('password', $new_password);
 	}
 }
 ?>
--- a/system/pages/account/change_sex.php
+++ b/system/pages/account/change_sex.php
@@ -0,0 +1,88 @@
 <?php
 /**
 * Change sex
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $sex_changed = false;
 $player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
 $new_sex = isset($_POST['new_sex']) ? (int)$_POST['new_sex'] : NULL;
 if((!$config['account_change_character_sex']))
 	echo 'You cant change your character sex';
 else
 {
 	$points = $account_logged->getCustomField('premium_points');
 	if(isset($_POST['changesexsave']) && $_POST['changesexsave'] == 1) {
 		if($points < $config['account_change_character_sex_points'])
 			$errors[] = 'You need ' . $config['account_change_character_sex_points'] . ' premium points to change sex. You have <b>'.$points.'</b> premium points.';
 		if(empty($errors) && !isset($config['genders'][$new_sex])) {
 			$errors[] = 'This sex is invalid.';
 		}
 		if(empty($errors)) {
 			$player = new OTS_Player();
 			$player->load($player_id);
 			if($player->isLoaded()) {
 				$player_account = $player->getAccount();
 				if($account_logged->getId() == $player_account->getId()) {
 					if($player->isOnline()) {
 						$errors[] = 'This character is online.';
 					}
 					if(empty($errors) && $player->getSex() == $new_sex)
 						$errors[] = 'Sex cannot be same';
 					if(empty($errors)) {
 						$sex_changed = true;
 						$old_sex = $player->getSex();
 						$player->setSex($new_sex);
 						$old_sex_str = 'Unknown';
 						if(isset($config['genders'][$old_sex]))
 							$old_sex_str = $config['genders'][$old_sex];
 						$new_sex_str = 'Unknown';
 						if(isset($config['genders'][$new_sex]))
 							$new_sex_str = $config['genders'][$new_sex];
 						$player->save();
 						$account_logged->setCustomField("premium_points", $points - $config['account_change_character_name_points']);
 						$account_logged->logAction('Changed sex on character <b>' . $player->getName() . '</b> from <b>' . $old_sex_str . '</b> to <b>' . $new_sex_str . '</b>.');
 						echo $twig->render('success.html.twig', array(
 							'title' => 'Character Sex Changed',
 							'description' => 'The character <b>' . $player->getName() . '</b> sex has been changed to <b>' . $new_sex_str . '</b>.'
 						));
 					}
 				}
 				else {
 					$errors[] = 'Character <b>'.$player_name.'</b> is not on your account.';
 				}
 			}
 			else {
 				$errors[] = "Character with this name doesn't exist.";
 			}
 		}
 	}
 	if(!$sex_changed) {
 		if(!empty($errors)) {
 			echo $twig->render('error_box.html.twig', array('errors' => $errors));
 		}
 		echo $twig->render('account.change_sex.html.twig', array(
 			'players' => $account_logged->getPlayersList(),
 			'player_sex' => isset($player) ? $player->getSex() : -1,
 			'points' => $points
 		));
 	}
 }
 ?>
--- a/system/pages/account/confirm_email.php
+++ b/system/pages/account/confirm_email.php
@@ -0,0 +1,29 @@
 <?php
 /**
 * Account confirm mail
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Confirm Email';
 $hash = isset($_GET['v']) ? $_GET['v'] : '';
 if(empty($hash)) {
 	warning('Please enter email hash code.<br/>If you copied the link, please try again with full link.');
 	return;
 }
 $res = $db->query('SELECT `email_hash` FROM `accounts` WHERE `email_hash` = ' . $db->quote($hash));
 if(!$res->rowCount()) {
 	note("Your email couldn't be verified. Please contact staff to do it manually.");
 }
 else
 {
 	$db->update('accounts', array('email_verified' => '1'), array('email_hash' => $hash));
 	success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.');
 }
 ?>
--- a/system/pages/account/create_character.php
+++ b/system/pages/account/create_character.php
@@ -0,0 +1,211 @@
 <?php
 /**
 * Create character
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 echo '<script type="text/javascript" src="tools/check_name.js"></script>';
 $newchar_name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : NULL;
 $newchar_sex = isset($_POST['sex']) ? $_POST['sex'] : NULL;
 $newchar_vocation = isset($_POST['vocation']) ? $_POST['vocation'] : NULL;
 $newchar_town = isset($_POST['town']) ? $_POST['town'] : NULL;
 $newchar_created = false;
 $save = isset($_POST['save']) && $_POST['save'] == 1;
 if($save) {
 	if(empty($newchar_name))
 		$errors['name'] = 'Please enter a name for your character!';
 	else if(strlen($newchar_name) > 25)
 		$errors['name'] = 'Name is too long. Max. lenght <b>25</b> letters.';
 	else if(strlen($newchar_name) < 3)
 		$errors['name'] = 'Name is too short. Min. lenght <b>3</b> letters.';
 	else {
 		if(!admin() && !Validator::newCharacterName($newchar_name)) {
 			$errors['name'] = Validator::getLastError();
 		}
 		$exist = new OTS_Player();
 		$exist->find($newchar_name);
 		if($exist->isLoaded()) {
 			$errors['name'] = 'Character with this name already exist.';
 		}
 	}
 	if(empty($newchar_sex) && $newchar_sex != "0")
 		$errors[] = 'Please select the sex for your character!';
 	if(count($config['character_samples']) > 1)
 	{
 		if(!isset($newchar_vocation))
 			$errors[] = 'Please select a vocation for your character.';
 	}
 	else
 		$newchar_vocation = $config['character_samples'][0];
 	if(count($config['character_towns']) > 1) {
 		if(!isset($newchar_town))
 			$errors[] = 'Please select a town for your character.';
 	}
 	else {
 		$newchar_town = $config['character_towns'][0];
 	}
 	if(empty($errors)) {
 		if(!isset($config['genders'][$newchar_sex]))
 			$errors[] = 'Sex is invalid.';
 		if(!in_array($newchar_town, $config['character_towns']))
 			$errors[] = 'Please select valid town.';
 		if(count($config['character_samples']) > 1)
 		{
 			$newchar_vocation_check = false;
 			foreach($config['character_samples'] as $char_vocation_key => $sample_char)
 				if($newchar_vocation == $char_vocation_key)
 					$newchar_vocation_check = true;
 			if(!$newchar_vocation_check)
 				$errors[] = 'Unknown vocation. Please fill in form again.';
 		}
 		else
 			$newchar_vocation = 0;
 	}
 	if(empty($errors))
 	{
 		$number_of_players_on_account = $account_logged->getPlayersList()->count();
 		if($number_of_players_on_account >= $config['characters_per_account'])
 			$errors[] = 'You have too many characters on your account <b>('.$number_of_players_on_account.'/'.$config['characters_per_account'].')</b>!';
 	}
 	if(empty($errors))
 	{
 		$char_to_copy_name = $config['character_samples'][$newchar_vocation];
 		$char_to_copy = new OTS_Player();
 		$char_to_copy->find($char_to_copy_name);
 		if(!$char_to_copy->isLoaded())
 			$errors[] = 'Wrong characters configuration. Try again or contact with admin. ADMIN: Edit file config/config.php and set valid characters to copy names. Character to copy: <b>'.$char_to_copy_name.'</b> doesn\'t exist.';
 	}
 	if(empty($errors))
 	{
 		if($newchar_sex == "0")
 			$char_to_copy->setLookType(136);
 		$player = $ots->createObject('Player');
 		$player->setName($newchar_name);
 		$player->setAccount($account_logged);
 		//$player->setGroupId($char_to_copy->getGroup()->getId());
 		$player->setGroupId(1);
 		$player->setSex($newchar_sex);
 		$player->setVocation($char_to_copy->getVocation());
 		if(fieldExist('promotion', 'players'))
 			$player->setPromotion($char_to_copy->getPromotion());
 		if(fieldExist('direction', 'players'))
 			$player->setDirection($char_to_copy->getDirection());
 		$player->setConditions($char_to_copy->getConditions());
 		$rank = $char_to_copy->getRank();
 		if($rank->isLoaded()) {
 			$player->setRank($char_to_copy->getRank());
 		}
 		if(fieldExist('lookaddons', 'players'))
 			$player->setLookAddons($char_to_copy->getLookAddons());
 		$player->setTownId($newchar_town);
 		$player->setExperience($char_to_copy->getExperience());
 		$player->setLevel($char_to_copy->getLevel());
 		$player->setMagLevel($char_to_copy->getMagLevel());
 		$player->setHealth($char_to_copy->getHealth());
 		$player->setHealthMax($char_to_copy->getHealthMax());
 		$player->setMana($char_to_copy->getMana());
 		$player->setManaMax($char_to_copy->getManaMax());
 		$player->setManaSpent($char_to_copy->getManaSpent());
 		$player->setSoul($char_to_copy->getSoul());
 		for($skill = POT::SKILL_FIRST; $skill <= POT::SKILL_LAST; $skill++)
 			$player->setSkill($skill, 10);
 		$player->setLookBody($char_to_copy->getLookBody());
 		$player->setLookFeet($char_to_copy->getLookFeet());
 		$player->setLookHead($char_to_copy->getLookHead());
 		$player->setLookLegs($char_to_copy->getLookLegs());
 		$player->setLookType($char_to_copy->getLookType());
 		$player->setCap($char_to_copy->getCap());
 		$player->setBalance(0);
 		$player->setPosX(0);
 		$player->setPosY(0);
 		$player->setPosZ(0);
 		if(fieldExist('stamina', 'players')) {
 			$player->setStamina($char_to_copy->getStamina());
 		}
 		if(fieldExist('loss_experience', 'players')) {
 			$player->setLossExperience($char_to_copy->getLossExperience());
 			$player->setLossMana($char_to_copy->getLossMana());
 			$player->setLossSkills($char_to_copy->getLossSkills());
 		}
 		if(fieldExist('loss_items', 'players')) {
 			$player->setLossItems($char_to_copy->getLossItems());
 			$player->setLossContainers($char_to_copy->getLossContainers());
 		}
 		$player->save();
 		$player->setCustomField("created", time());
 		$newchar_created = true;
 		$account_logged->logAction('Created character <b>' . $player->getName() . '</b>.');
 		unset($player);
 		$player = new OTS_Player();
 		$player->find($newchar_name);
 		if($player->isLoaded()) {
 			if(tableExist('player_skills')) {
 				for($i=0; $i<7; $i++) {
 					$skillExists = $db->query('SELECT `skillid` FROM `player_skills` WHERE `player_id` = ' . $player->getId() . ' AND `skillid` = ' . $i);
 					if($skillExists->rowCount() <= 0) {
 						$db->query('INSERT INTO `player_skills` (`player_id`, `skillid`, `value`, `count`) VALUES ('.$player->getId().', '.$i.', 10, 0)');
 					}
 				}
 			}
 			$loaded_items_to_copy = $db->query("SELECT * FROM player_items WHERE player_id = ".$char_to_copy->getId()."");
 			foreach($loaded_items_to_copy as $save_item)
 				$db->query("INSERT INTO `player_items` (`player_id` ,`pid` ,`sid` ,`itemtype`, `count`, `attributes`) VALUES ('".$player->getId()."', '".$save_item['pid']."', '".$save_item['sid']."', '".$save_item['itemtype']."', '".$save_item['count']."', '".$save_item['attributes']."');");
 			echo $twig->render('success.html.twig', array(
 				'title' => 'Character Created',
 				'description' => 'The character <b>' . $newchar_name . '</b> has been created.<br/>
 							Please select the outfit when you log in for the first time.<br/><br/>
 							<b>See you on ' . $config['lua']['serverName'] . '!</b>'
 			));
 		}
 		else
 		{
 			error("Error. Can't create character. Probably problem with database. Please try again later or contact with admin.");
 			return;
 		}
 	}
 }
 if(count($errors) > 0) {
 	echo $twig->render('error_box.html.twig', array('errors' => $errors));
 }
 if(!$newchar_created) {
 	echo $twig->render('account.create_character.html.twig', array(
 		'name' => $newchar_name,
 		'sex' => $newchar_sex,
 		'vocation' => $newchar_vocation,
 		'town' => $newchar_town,
 		'save' => $save,
 		'errors' => $errors
 	));
 }
 ?>
--- a/system/pages/account/delete_character.php
+++ b/system/pages/account/delete_character.php
@@ -0,0 +1,69 @@
 <?php
 /**
 * Delete character
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $player_name = isset($_POST['delete_name']) ? stripslashes($_POST['delete_name']) : NULL;
 $password_verify = isset($_POST['delete_password']) ? $_POST['delete_password'] : NULL;
 $password_verify = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $password_verify);
 if(isset($_POST['deletecharactersave']) && $_POST['deletecharactersave'] == 1) {
 	if(!empty($player_name) && !empty($password_verify)) {
 		if(Validator::characterName($player_name)) {
 			$player = new OTS_Player();
 			$player->find($player_name);
 			if($player->isLoaded()) {
 				$player_account = $player->getAccount();
 				if($account_logged->getId() == $player_account->getId()) {
 					if($password_verify == $account_logged->getPassword()) {
 						if(!$player->isOnline())
 						{
 							//dont show table "delete character" again
 							$show_form = false;
 							//delete player
 							if(fieldExist('deletion', 'players'))
 								$player->setCustomField('deletion', 1);
 							else
 								$player->setCustomField('deleted', 1);
 							$account_logged->logAction('Deleted character <b>' . $player->getName() . '</b>.');
 							echo $twig->render('success.html.twig', array(
 								'title' => 'Character Deleted',
 								'description' => 'The character <b>' . $player_name . '</b> has been deleted.'
 							));
 						}
 						else
 							$errors[] = 'This character is online.';
 					}
 					else {
 						$errors[] = 'Wrong password to account.';
 					}
 				}
 				else {
 					$errors[] = 'Character <b>'.$player_name.'</b> is not on your account.';
 				}
 			}
 			else {
 				$errors[] = 'Character with this name doesn\'t exist.';
 			}
 		}
 		else {
 			$errors[] = 'Name contain illegal characters.';
 		}
 	}
 	else {
 		$errors[] = 'Character name or/and password is empty. Please fill in form.';
 	}
 }
 if($show_form) {
 	if(!empty($errors)) {
 		echo $twig->render('error_box.html.twig', array('errors' => $errors));
 	}
 	echo $twig->render('account.delete_character.html.twig');
 }
 ?>
--- a/system/pages/account/register.php
+++ b/system/pages/account/register.php
@@ -0,0 +1,58 @@
 <?php
 /**
 * Register Account
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @link      http://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $_POST['reg_password'] = isset($_POST['reg_password']) ? $_POST['reg_password'] : '';
 $reg_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
 $old_key = $account_logged->getCustomField("key");
 if(isset($_POST['registeraccountsave']) && $_POST['registeraccountsave'] == "1") {
 	if($reg_password == $account_logged->getPassword()) {
 		if(empty($old_key)) {
 			$show_form = false;
 			$new_rec_key = generateRandomString(10, false, true, true);
 			$account_logged->setCustomField("key", $new_rec_key);
 			$account_logged->logAction('Generated recovery key.');
 			if($config['mail_enabled'] && $config['send_mail_when_generate_reckey'])
 			{
 				$mailBody = $twig->render('mail.account.register.html.twig', array(
 					'recovery_key' => $new_rec_key
 				));
 				if(_mail($account_logged->getEMail(), $config['lua']['serverName']." - Recovery Key", $mailBody))
 					$message = '<br /><small>Your recovery key were send on email address <b>'.$account_logged->getEMail().'</b>.</small>';
 				else
 					$message = '<br /><p class="error">An error occorred while sending email with recovery key! You will not receive e-mail with this key. Error:<br/>' . $mailer->ErrorInfo . '</p>';
 			}
 			echo $twig->render('success.html.twig', array(
 				'title' => 'Account Registered',
 				'description' => 'Thank you for registering your account! You can now recover your account if you have lost access to the assigned email address by using the following<br/><br/><font size="5">&nbsp;&nbsp;&nbsp;<b>Recovery Key: '.$new_rec_key.'</b></font><br/><br/><br/><b>Important:</b><ul><li>Write down this recovery key carefully.</li><li>Store it at a safe place!</li>' . $message . '</ul>'
 			));
 		}
 		else
 			$errors[] = 'Your account is already registered.';
 	}
 	else
 		$errors[] = 'Wrong password to account.';
 }
 if($show_form) {
 	if(!empty($errors)) {
 		//show errors
 		echo $twig->render('error_box.html.twig', array('errors' => $errors));
 	}
 	//show form
 	echo $twig->render('account.generate_recovery_key.html.twig');
 }
 ?>
--- a/Show More
+++ b/Show More