* update to 0.6.1

* fixed forum move thread

CHANGELOG

@@ -1,3 +1,13 @@
+[0.6.1 - 17.10.2017]
+	- fixed signatures loading
+	- new configurable: session_prefix, to allow more websites on one machine (must be unique for every website on your dedicated server!)
+	- better error handling for monsters and spells loader (save errors to system/logs/error.log)
+	- check if file exist before loading (monsters and spells)
+	- (internal) Account::getAccess() = Account::getGroupId()
+	- (internal) moved account actions (pages) to account/ directory
+	- (internal) moved forum actions (pages) to forum/ directory
+	- (internal) moved forum.edit_post to twig templates
+
 [0.6.0 - 16.10.2017]
 	- added faq management - add/edit/move/hide/delete from website
 	- new account.login view for tibiacom template

common.php

@@ -21,13 +21,13 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 session_start();
 
 define('MYAAC', true);
-define('MYAAC_VERSION', '0.6.0');
+define('MYAAC_VERSION', '0.6.1');
 define('DATABASE_VERSION', 11);
 define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));
@@ -60,6 +60,7 @@ define('CACHE', SYSTEM . 'cache/');
 define('LOCALE', SYSTEM . 'locale/');
 define('LIBS', SYSTEM . 'libs/');
 define('LOGS', SYSTEM . 'logs/');
+define('PAGES', SYSTEM . 'pages/');
 define('PLUGINS', BASE . 'plugins/');
 define('TEMPLATES', BASE . 'templates/');
 define('TOOLS', BASE . 'tools/');

config.php

@@ -13,7 +13,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 
@@ -30,6 +30,7 @@ $config = array(
 	// used for the Downloads page and some templates aswell
 	'client' => 1098, // 954 = client 9.54
 
+	'session_prefix' => 'myaac_', // must be unique for every site on your server
 	'friendly_urls' => false, // mod_rewrite is required for this, it makes links looks more elegant to eye, and also are SEO friendly (example: http://my-aac.org/guilds/Testing instead of http://my-aac.org/?subtopic=guilds&name=Testing). Remember to rename .htaccess.dist to .htaccess
 	'gzip_output' => false, // gzip page content before sending it to the browser, uses less bandwidth but more cpu cycles
 

index.php

@@ -21,7 +21,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 
@@ -30,7 +30,7 @@
 // ini_set('display_startup_errors', 1);
 // error_reporting(E_ALL);
 
-if(preg_match("/^(.*)\.(gif|png|jpg|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz)$/i", $_SERVER['REQUEST_URI'])) {
+if(preg_match("/^(.*)\.(gif|jpg|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz)$/i", $_SERVER['REQUEST_URI'])) {
 	header("HTTP/1.0 404 Not Found");
 	exit;
 }
@@ -71,17 +71,17 @@ else {
 		'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
 		'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
 		'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
-		'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changepassword'),
+		'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
-		'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'registeraccount'),
+		'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
-		'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'registernew'),
+		'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
-		'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changeemail'),
+		'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
-		'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changeinfo'),
+		'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
-		'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'createcharacter'),
+		'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
-		'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changename'),
+		'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
-		'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changesex'),
+		'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
-		'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'deletecharacter'),
+		'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
-		'/^account\/character\/comment\/[A-Za-z]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changecomment', 'name' => '$3'),
+		'/^account\/character\/comment\/[A-Za-z]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
-		'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changecomment'),
+		'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
 		'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
 		'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
 		'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
@@ -114,7 +114,7 @@ else {
 		$_REQUEST['name'] = urldecode($tmp[0]);
 		
 		chdir(TOOLS . 'signature');
-		include('index.php');
+		include(TOOLS . 'signature/index.php');
 		exit();
 	}
 	

install/steps/finish.php

@@ -78,7 +78,7 @@ else {
 			else
 				$player_db->setAccountId($account_db->getId());
 			
-			$_SESSION['account'] = $account_db->getId();
+			setSession('account', $account_db->getId());
 		}
 		else {
 			$new_account = new OTS_Account();
@@ -108,12 +108,12 @@ else {
 			else
 				$player_db->setAccountId($new_account->getId());
 			
-			$_SESSION['account'] = $new_account->getId();
+			setSession('account', $new_account->getId());
 		}
 
 		success($locale['step_database_created_account']);
-		$_SESSION['password'] = encrypt($password);
+		setSession('password', encrypt($password));
-		$_SESSION['remember_me'] = true;
+		setSession('remember_me', true);
 
 		if($player_db->isLoaded()) {
 			$player_db->save();
@@ -143,31 +143,31 @@ INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `pl
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Rook Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Rook Sample', 4, " . $_SESSION['account'] . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 11, 2200, 1298, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Rook Sample', 4, " . getSession('account') . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 11, 2200, 1298, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Sorcerer Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Sorcerer Sample', 4, " . $_SESSION['account'] . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Sorcerer Sample', 4, " . getSession('account') . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Druid Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Druid Sample', 4, " . $_SESSION['account'] . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Druid Sample', 4, " . getSession('account') . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Paladin Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Paladin Sample', 4, " . $_SESSION['account'] . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Paladin Sample', 4, " . getSession('account') . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Knight Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Knight Sample', 4, " . $_SESSION['account'] . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Knight Sample', 4, " . getSession('account') . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 
@@ -175,13 +175,26 @@ INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `pl
 			success($locale['step_database_imported_players']);
 		}
 		
-		require LIBS . 'creatures.php';
+		require(LIBS . 'creatures.php');
-		if(Creatures::loadFromXML())
+		if(Creatures::loadFromXML()) {
-			success($locale['step_database_loaded_creatures']);
+			success($locale['step_database_loaded_monsters']);
 			
-		require LIBS . 'spells.php';
+			if(Creatures::getMonstersList()->hasErrors()) {
-		if(Spells::loadFromXML())
+				$locale['step_database_error_monsters'] = str_replace('$LOG$', 'system/logs/error.log', $locale['step_database_error_monsters']);
+				warning($locale['step_database_error_monsters']);
+			}
+		}
+		else {
+			error(Creatures::getLastError());
+		}
+		
+		require(LIBS . 'spells.php');
+		if(Spells::loadFromXML()) {
 			success($locale['step_database_loaded_spells']);
+		}
+		else {
+			error(Spells::getLastError());
+		}
 
 		$locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(ADMIN_URL, $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 		$locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(BASE_URL, $locale['step_finish_homepage'], true), $locale['step_finish_desc']);

system/compat_pages.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/counter.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/countries.conf.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/functions.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -676,7 +676,7 @@ function getSkillName($skillId, $suffix = true)
  */
 function hasFlag($flag) {
 	global $logged, $logged_flags;
-	return $logged && ($logged_flags & $flag) == $flag;
+	return ($logged && ($logged_flags & $flag) == $flag);
 }
 /**
  * Check if current logged user have got admin flag set.
@@ -943,6 +943,19 @@ function str_replace_first($search, $replace, $subject) {
 	return $subject;
 }
 
+function setSession($key, $data) {
+	global $config;
+	$_SESSION[$config['session_prefix'] . $key] = $data;
+}
+function getSession($key) {
+	global $config;
+	return (isset($_SESSION[$config['session_prefix'] . $key])) ? $_SESSION[$config['session_prefix'] . $key] : false;
+}
+function unsetSession($key) {
+	global $config;
+	unset($_SESSION[$config['session_prefix'] . $key]);
+}
+
 // validator functions
 require_once(LIBS . 'validator.php');
 ?>

system/hooks.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/init.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -15,6 +15,7 @@ if(file_exists(BASE . 'config.local.php')) // user customizations
 	require(BASE . 'config.local.php');
 
 if(!isset($config['installed']) || !$config['installed']) {
+	header('Location: ' . BASE_URL);
 	die('AAC has not been installed yet or there was error during installation. Please install again.');
 }
 

system/item.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache.php

@@ -6,7 +6,7 @@
  * @author    Slawkens <slawkens@gmail.com>
  * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache_apc.php

@@ -6,7 +6,7 @@
  * @author    Slawkens <slawkens@gmail.com>
  * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache_eaccelerator.php

@@ -6,7 +6,7 @@
  * @author    Slawkens <slawkens@gmail.com>
  * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache_file.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache_xcache.php

@@ -6,7 +6,7 @@
  * @author    Slawkens <slawkens@gmail.com>
  * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/creatures.php

@@ -6,12 +6,15 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
 class Creatures {
+	private static $monstersList = null;
+	private static $lastError = '';
+	
 	public static function loadFromXML($show = false) {
 		global $config, $db;
 		
@@ -22,15 +25,22 @@ class Creatures {
 			echo "<h2>All records deleted from table 'myaac_monsters' in database.</h2>";
 		}
 		
-		$allmonsters = new OTS_MonstersList($config['data_path'].'monster/');
+		try {
+			self::$monstersList = new OTS_MonstersList($config['data_path'].'monster/');
+		}
+		catch(Exception $e) {
+			self::$lastError = $e->getMessage();
+			return false;
+		}
+		
 		//$names_added must be an array
 		$names_added[] = '';
 		//add monsters
-		foreach($allmonsters as $lol) {
+		foreach(self::$monstersList as $lol) {
-			$monster = $allmonsters->current();
+			$monster = self::$monstersList->current();
 			if(!$monster->loaded()) {
 				if($show) {
-					warning('Error while adding monster: ' . $allmonsters->currentFile());
+					warning('Error while adding monster: ' . self::$monstersList->currentFile());
 				}
 				continue;
 			}
@@ -98,7 +108,7 @@ class Creatures {
 			
 			if(!in_array($name, $names_added)) {
 				try {
-					$db->query("INSERT INTO `myaac_monsters` (`hide_creature`, `name`, `mana`, `exp`, `health`, `speed_lvl`, `use_haste`, `voices`, `immunities`, `summonable`, `convinceable`, `race`, `gfx_name`, `file_path`) VALUES (0, " . $db->quote($name) . ", " . $db->quote(empty($mana) ? 0 : $mana) . ", " . $db->quote($exp) . ", " . $db->quote($health) . ", " . $db->quote($speed_lvl) . ", " . $db->quote($use_haste) . ", " . $db->quote($voices_string) . ", " . $db->quote($immunities_string) . ", " . $db->quote($flags['summonable'] > 0 ? 1 : 0) . ", " . $db->quote($flags['convinceable'] > 0 ? 1 : 0) . ", ".$db->quote($race).", ".$db->quote($gfx_name).", " . $db->quote($allmonsters->currentFile()) . ")");
+					$db->query("INSERT INTO `myaac_monsters` (`hide_creature`, `name`, `mana`, `exp`, `health`, `speed_lvl`, `use_haste`, `voices`, `immunities`, `summonable`, `convinceable`, `race`, `gfx_name`, `file_path`) VALUES (0, " . $db->quote($name) . ", " . $db->quote(empty($mana) ? 0 : $mana) . ", " . $db->quote($exp) . ", " . $db->quote($health) . ", " . $db->quote($speed_lvl) . ", " . $db->quote($use_haste) . ", " . $db->quote($voices_string) . ", " . $db->quote($immunities_string) . ", " . $db->quote($flags['summonable'] > 0 ? 1 : 0) . ", " . $db->quote($flags['convinceable'] > 0 ? 1 : 0) . ", ".$db->quote($race).", ".$db->quote($gfx_name).", " . $db->quote(self::$monstersList->currentFile()) . ")");
 					
 					if($show) {
 						success("Added: ".$name."<br/>");
@@ -116,4 +126,12 @@ class Creatures {
 		
 		return true;
 	}
+	
+	public static function getMonstersList() {
+		return self::$monstersList;
+	}
+	
+	public static function getLastError() {
+		return self::$lastError;
+	}
 }

system/libs/data.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/items.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/pot/OTS_Account.php

@@ -818,34 +818,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
  */
     public function getAccess()
     {
-		global $groups;
+		return $this->getGroupId();
-		if(!isset($groups))
-			$groups = new OTS_Groups_List();
-
-		// by default
-		$access = 0;
-		if(fieldExist('group_id', 'accounts')) {
-			$query = $this->db->query('SELECT `group_id` FROM `accounts` WHERE `id` = ' . (int) $this->getId())->fetch();
-			// if anything was found
-
-			$group = $groups->getGroup($query['group_id']);
-			if(!$group) return 0;
-			return $group->getAccess();
-		}
-
-        // finds groups of all characters
-        foreach( $this->getPlayersList() as $player)
-        {
-            $group = $player->getGroup();
-
-            // checks if group's access level is higher then previouls found highest
-            if( $group->getAccess() > $access)
-            {
-                $access = $group->getAccess();
-            }
-        }
-
-        return $access;
     }
 
 	public function getGroupId()
@@ -858,10 +831,12 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 				return $query['group_id'];
 		}
 
-		$db->query('SELECT `group_id` FROM `players` WHERE `account_id` = ' . $this->getId() . ' ORDER BY `group_id` DESC LIMIT 1')->fetch();
+		$query = $this->db->query('SELECT `group_id` FROM `players` WHERE `account_id` = ' . (int) $this->getId() .  ' ORDER BY `group_id` DESC LIMIT 1');
-		if(isset($query['group_id']))
+		if($query->rowCount() == 1)
+		{
+			$query = $query->fetch();
 			return $query['group_id'];
-
+		}
 		return 0;
 	}
 

system/libs/pot/OTS_MonstersList.php

@@ -36,6 +36,8 @@ class OTS_MonstersList implements Iterator, Countable, ArrayAccess
  */
     private $monsters = array();
 
+	private $lastMonsterFile = '';
+	private $hasErrors = false;
 /**
  * Loads monsters mapping file.
  * 
@@ -57,9 +59,18 @@ class OTS_MonstersList implements Iterator, Countable, ArrayAccess
             $this->monstersPath .= '/';
         }
 
+		// check if monsters.xml exist
+		if(!@file_exists($this->monstersPath . 'monsters.xml')) {
+			log_append('error.log', '[OTS_MonstersList.php] Fatal error: Cannot load monsters.xml. File does not exist. (' . $this->monstersPath . 'monsters.xml' . '). Error: ' . print_r(error_get_last(), true));
+			throw new Exception('Error: Cannot load monsters.xml. File not found. More info in system/logs/error.log file.');
+		}
+		
         // loads monsters mapping file
         $monsters = new DOMDocument();
-        $monsters->load($this->monstersPath . 'monsters.xml');
+        if(!@$monsters->load($this->monstersPath . 'monsters.xml')) {
+			log_append('error.log', '[OTS_MonstersList.php] Fatal error: Cannot load monsters.xml (' . $this->monstersPath . 'monsters.xml' . '). Error: ' . print_r(error_get_last(), true));
+			throw new Exception('Error: Cannot load monsters.xml. File is invalid. More info in system/logs/error.log file.');
+		}
 
         foreach( $monsters->getElementsByTagName('monster') as $monster)
         {
@@ -101,6 +112,16 @@ class OTS_MonstersList implements Iterator, Countable, ArrayAccess
         return isset($this->monsters[$name]);
     }
 
+	function xmlErrorHandler($errno, $errstr, $errfile, $errline)
+	{
+		if($errno==E_WARNING && (substr_count($errstr,"DOMDocument::loadXML()")>0)) {
+			//throw new DOMException($errstr);
+			log_append('error.log', '[OTS_MonstersList.php] Fatal error: Cannot load ' . $this->lastMonsterFile . ' - ' . $errstr);
+			$this->hasErrors = true;
+		}
+		else
+			return false;
+	}
 /**
  * Returns loaded data of given monster.
  * 
@@ -112,21 +133,31 @@ class OTS_MonstersList implements Iterator, Countable, ArrayAccess
  */
     public function getMonster($name)
     {
+		global $lastMonsterFile;
         // checks if monster exists
         if( isset($this->monsters[$name]) )
         {
             // loads file
             $monster = new OTS_Monster();
 			//echo $this->monstersPath . $this->monsters[$name];
+			
+			// check if monster file exist
            if(file_exists($this->monstersPath . $this->monsters[$name])) {
-				$monster->loadXML(trim(file_get_contents($this->monstersPath . $this->monsters[$name])));
+				set_error_handler(array($this, 'xmlErrorHandler')); 
+				$this->lastMonsterFile = $this->monstersPath . $this->monsters[$name];
+				@$monster->loadXML(trim(file_get_contents($this->monstersPath . $this->monsters[$name])));
+				restore_error_handler();
 			}
+
             return $monster;
         }
 
         throw new OutOfBoundsException();
     }
 
+	public function hasErrors() {
+		return $this->hasErrors;
+	}
 /**
  * Returns amount of monsters loaded.
  * 

system/libs/pot/OTS_SpellsList.php

@@ -93,9 +93,18 @@ class OTS_SpellsList implements IteratorAggregate, Countable
  */
     public function __construct($file)
     {
-        // loads DOM document
+		// check if spells.xml exist
+		if(!@file_exists($file)) {
+			log_append('error.log', '[OTS_SpellsList.php] Fatal error: Cannot load spells.xml. File does not exist. (' . $file . '). Error: ' . print_r(error_get_last(), true));
+			throw new Exception('Error: Cannot load spells.xml. File not found. More info in system/logs/error.log file.');
+		}
+		
+        // loads monsters mapping file
         $spells = new DOMDocument();
-        $spells->load($file);
+        if(!@$spells->load($file)) {
+			log_append('error.log', '[OTS_SpellsList.php] Fatal error: Cannot load spells.xml (' . $file . '). Error: ' . print_r(error_get_last(), true));
+			throw new Exception('Error: Cannot load spells.xml. File is invalid. More info in system/logs/error.log file.');
+		}
 
         // loads runes
         foreach( $spells->getElementsByTagName('rune') as $rune)

system/libs/spells.php

@@ -6,12 +6,15 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
 class Spells {
+	private static $spellsList = null;
+	private static $lastError = '';
+	
 	public static function loadFromXML($show = false) {
 		global $config, $db;
 		
@@ -26,15 +29,21 @@ class Spells {
 			$vocations_ids[$voc_name] = $voc_id;
 		}
 		
-		$allspells = new OTS_SpellsList($config['data_path'].'spells/spells.xml');
+		try {
+			self::$spellsList = new OTS_SpellsList($config['data_path'].'spells/spells.xml');
+		}
+		catch(Exception $e) {
+			self::$lastError = $e->getMessage();
+			return false;
+		}
 		//add conjure spells
-		$conjurelist = $allspells->getConjuresList();
+		$conjurelist = self::$spellsList->getConjuresList();
 		if($show) {
 			echo "<h3>Conjure:</h3>";
 		}
 		
 		foreach($conjurelist as $spellname) {
-			$spell = $allspells->getConjure($spellname);
+			$spell = self::$spellsList->getConjure($spellname);
 			$lvl = $spell->getLevel();
 			$mlvl = $spell->getMagicLevel();
 			$mana = $spell->getMana();
@@ -88,13 +97,13 @@ class Spells {
 		}
 		
 		//add instant spells
-		$instantlist = $allspells->getInstantsList();
+		$instantlist = self::$spellsList->getInstantsList();
 		if($show) {
 			echo "<h3>Instant:</h3>";
 		}
 		
 		foreach($instantlist as $spellname) {
-			$spell = $allspells->getInstant($spellname);
+			$spell = self::$spellsList->getInstant($spellname);
 			$lvl = $spell->getLevel();
 			$mlvl = $spell->getMagicLevel();
 			$mana = $spell->getMana();
@@ -151,4 +160,12 @@ class Spells {
 		
 		return true;
 	}
+	
+	public static function getSpellsList() {
+		return self::$spellsList;
+	}
+	
+	public static function getLastError() {
+		return self::$lastError;
+	}
 }

system/libs/timer.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/usage_statistics.php

@@ -0,0 +1,114 @@
+<?php
+/**
+ * Usage Statistics
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+class Usage_Statistics {
+	public static function report() {
+		$url = 'http://my-acc.org/report_usage.php';
+		//$url = BASE_URL . 'report_usage.php';
+		
+		$data = json_encode(self::getStats());
+		$options = array(
+			'http' => array(
+				'header'  => 'Content-type: application/json',
+				'method'  => 'POST',
+				'content' => $data
+			)
+		);
+		
+		$context  = stream_context_create($options);
+		$result = file_get_contents($url, false, $context);
+		if ($result === false) {
+			return false;
+		}
+		
+		return true;
+		//var_dump($result);
+	}
+	
+	public static function getStats() {
+		global $config, $db;
+		
+		$ret = array();
+		
+		$ret['unique_id'] = hash('sha1', $config['server_path']);
+		$ret['server_os'] = php_uname('s') . ' ' . php_uname('r');
+		
+		$ret['myaac_version'] = MYAAC_VERSION;
+		$ret['myaac_db_version'] = DATABASE_VERSION;
+		
+		$query = $db->query('SELECT `value` FROM `server_config` WHERE `config` = ' . $db->quote('database_version'));
+		if($query->rowCount() == 1) {
+			$query = $query->fetch();
+			$ret['otserv_db_version'] = $query['value'];
+		}
+		
+		$ret['client_version'] = $config['client'];
+		
+		$ret['php_version'] = phpversion();
+		
+		$query = $db->query('SELECT VERSION() as `version`;');
+		if($query->rowCount() == 1) {
+			$query = $query->fetch();
+			$ret['mysql_version'] = $query['version'];
+		}
+		
+		$query = $db->query('SELECT SUM(ROUND(((DATA_LENGTH + INDEX_LENGTH) / 1024 ), 0)) AS "size"
+FROM INFORMATION_SCHEMA.TABLES
+WHERE TABLE_SCHEMA = "forgottenserver";');
+		
+		if($query->rowCount() == 1) {
+			$query = $query->fetch();
+			$ret['database_size'] = $query['size'];
+		}
+		
+		$ret['views_counter'] = getDatabaseConfig('views_counter');
+		
+		$query = $db->query('SELECT COUNT(`id`) as `size` FROM `accounts`;');
+		if($query->rowCount() == 1) {
+			$query = $query->fetch();
+			$ret['accounts_size'] = $query['size'];
+		}
+		
+		$query = $db->query('SELECT COUNT(`id`) as `size` FROM `players`;');
+		if($query->rowCount() == 1) {
+			$query = $query->fetch();
+			$ret['players_size'] = $query['size'];
+		}
+		
+		$query = $db->query('SELECT COUNT(`id`) as `size` FROM `' . TABLE_PREFIX . 'monsters`;');
+		if($query->rowCount() == 1) {
+			$query = $query->fetch();
+			$ret['monsters_size'] = $query['size'];
+		}
+		
+		$query = $db->query('SELECT COUNT(`id`) as `size` FROM `' . TABLE_PREFIX . 'spells`;');
+		if($query->rowCount() == 1) {
+			$query = $query->fetch();
+			$ret['spells_size'] = $query['size'];
+		}
+		
+		$ret['locales'] = get_locales();
+		$ret['plugins'] = get_plugins();
+		$ret['templates'] = get_templates();
+		
+		$ret['date_timezone'] = $config['date_timezone'];
+		$ret['backward_support'] = $config['backward_support'];
+		
+		$cache_engine = strtolower($config['cache_engine']);
+		if($cache_engine == 'auto') {
+			$cache_engine = Cache::detect();
+		}
+		
+		$ret['cache_engine'] = $cache_engine;
+		return $ret;
+	}
+}

system/libs/validator.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/visitors.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/locale/en/install.php

@@ -69,7 +69,8 @@ $locale['step_database_adding_field'] = 'Adding field';
 $locale['step_database_modifying_field'] = 'Modifying field';
 $locale['step_database_changing_field'] = 'Changing $FIELD$ to $FIELD_NEW$...';
 $locale['step_database_imported_players'] = 'Imported player samples...';
-$locale['step_database_loaded_creatures'] = 'Loaded creatures...';
+$locale['step_database_loaded_monsters'] = 'Loaded monsters...';
+$locale['step_database_error_monsters'] = 'There were some problems loading your monsters.xml file. Please check $LOG$ for more info.';
 $locale['step_database_loaded_spells'] = 'Loaded spells...';
 $locale['step_database_created_account'] = 'Created admin account...';
 $locale['step_database_created_news'] = 'Created newses...';

system/login.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -15,9 +15,9 @@ $logged_flags = 0;
 $action = isset($_REQUEST['action']) ? strtolower($_REQUEST['action']) : '';
 if($action == 'logout' && !isset($_REQUEST['account_login']))
 {
-	unset($_SESSION['account']);
+	unsetSession('account');
-	unset($_SESSION['password']);
+	unsetSession('password');
-	unset($_SESSION['remember_me']);
+	unsetSession('remember_me');
 
 	if(isset($_REQUEST['redirect']))
 	{
@@ -68,19 +68,19 @@ else
 				&& (!isset($t) || $t['attempts'] < 5)
 				)
 			{
-				$_SESSION['account'] = $account_logged->getId();
+				setSession('account', $account_logged->getId());
-				$_SESSION['password'] = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password);
+				setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password));
 				if(isset($_POST['remember_me']))
-					$_SESSION['remember_me'] = true;
+					setSession('remember_me', true);
 
 				$logged = true;
 				$logged_flags = $account_logged->getWebFlags();
 				
 				if(isset($_POST['admin']) && !admin()) {
 					$errors[] = 'This account has no admin privileges.';
-					unset($_SESSION['account']);
+					unsetSession('account');
-					unset($_SESSION['password']);
+					unsetSession('password');
-					unset($_SESSION['remember_me']);
+					unsetSession('remember_me');
 					$logged = false;
 				}
 				else {
@@ -119,19 +119,20 @@ else
 	}
 
 	// stay-logged with sessions
-	if(isset($_SESSION['account']))
+	$current_session = getSession('account');
+	if($current_session !== false)
 	{
 		$account_logged = new OTS_Account();
-		$account_logged->load($_SESSION['account']);
+		$account_logged->load($current_session);
-		if($account_logged->isLoaded() && $account_logged->getPassword() == $_SESSION['password']
+		if($account_logged->isLoaded() && $account_logged->getPassword() == getSession('password')
 			//&& (!isset($_SESSION['admin']) || admin())
-			&& (isset($_SESSION['remember_me']) || $_SESSION['last_visit'] > time() - 15 * 60)) {  // login for 15 minutes if "remember me" is not used
+			&& (getSession('remember_me') !== false || getSession('last_visit') > time() - 15 * 60)) {  // login for 15 minutes if "remember me" is not used
 				$logged = true;
 		}
 		else
 		{
 			$logged = false;
-			unset($_SESSION['account']);
+			unsetSession('account');
 			unset($account_logged);
 		}
 	}
@@ -143,8 +144,9 @@ else
 	}
 }
 
-$_SESSION['last_visit'] = time();
+setSession('last_visit', time());
-if(defined('PAGE'))
+if(defined('PAGE')) {
-	$_SESSION['last_page'] = PAGE;
+	setSession('last_page', PAGE);
-$_SESSION['last_uri'] = $_SERVER['REQUEST_URI'];
+}
+setSession('last_uri', $_SERVER['REQUEST_URI']);
 ?>

system/pages/404.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account/change_comment.php

@@ -0,0 +1,60 @@
+<?php
+/**
+ * Change comment
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$player_name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
+$new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
+$new_hideacc = isset($_POST['accountvisible']) ? (int)$_POST['accountvisible'] : NULL;
+
+if($player_name != null) {
+	if (Validator::characterName($player_name)) {
+		$player = new OTS_Player();
+		$player->find($player_name);
+		if ($player->isLoaded()) {
+			$player_account = $player->getAccount();
+			if ($account_logged->getId() == $player_account->getId()) {
+				if (isset($_POST['changecommentsave']) && $_POST['changecommentsave'] == 1) {
+					$player->setCustomField("hidden", $new_hideacc);
+					$player->setCustomField("comment", $new_comment);
+					$account_logged->logAction('Changed comment for character <b>' . $player->getName() . '</b>.');
+					echo $twig->render('success.html.twig', array(
+						'title' => 'Character Information Changed',
+						'description' => 'The character information has been changed.'
+					));
+					$show_form = false;
+				}
+			} else {
+				$errors[] = 'Error. Character <b>' . $player_name . '</b> is not on your account.';
+			}
+		} else {
+			$errors[] = "Error. Character with this name doesn't exist.";
+		}
+	} else {
+		$errors[] = 'Error. Name contain illegal characters.';
+	}
+}
+else {
+	$errors[] = 'Please enter character name.';
+}
+
+if($show_form) {
+	if(!empty($errors)) {
+		echo $twig->render('error_box.html.twig', array('errors' => $errors));
+	}
+	
+	if(isset($player)) {
+		echo $twig->render('account.change_comment.html.twig', array(
+			'player' => $player
+		));
+	}
+}
+?>

system/pages/account/change_email.php

@@ -0,0 +1,166 @@
+<?php
+/**
+ * Change Email
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$email_new_time = $account_logged->getCustomField("email_new_time");
+
+if($email_new_time > 10) {
+	$email_new = $account_logged->getCustomField("email_new");
+}
+
+if($email_new_time < 10) {
+	if(isset($_POST['changeemailsave']) && $_POST['changeemailsave'] == 1) {
+		$email_new = $_POST['new_email'];
+		$post_password = $_POST['password'];
+		
+		if(!Validator::email($email_new)) {
+			$errors[] = Validator::getLastError();
+		}
+		
+		if(empty($post_password)) {
+			$errors[] = 'Please enter password to your account.';
+		}
+		else {
+			$post_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $post_password);
+			if($post_password != $account_logged->getPassword()) {
+				$errors[] = 'Wrong password to account.';
+			}
+		}
+		
+		if(empty($errors)) {
+			$email_new_time = time() + $config['account_mail_change'] * 24 * 3600;
+			$account_logged->setCustomField("email_new", $email_new);
+			$account_logged->setCustomField("email_new_time", $email_new_time);
+			echo $twig->render('success.html.twig', array(
+				'title' => 'New Email Address Requested',
+				'description' => 'You have requested to change your email address to <b>' . $email_new . '</b>. The actual change will take place after <b>' . date("j F Y, G:i:s", $email_new_time) . '</b>, during which you can cancel the request at any time.'
+			));
+		}
+		else
+		{
+			//show errors
+			echo $twig->render('error_box.html.twig', array('errors' => $errors));
+			
+			//show form
+			echo $twig->render('account.change_mail.html.twig', array(
+				'new_email' => isset($_POST['new_email']) ? $_POST['new_email'] : null
+			));
+		}
+	}
+	else
+	{
+		echo $twig->render('account.change_mail.html.twig', array(
+			'new_email' => isset($_POST['new_email']) ? $_POST['new_email'] : null
+		));
+	}
+	
+}
+else
+{
+	if($email_new_time < time()) {
+		if($_POST['changeemailsave'] == 1) {
+			$account_logged->setCustomField("email_new", "");
+			$account_logged->setCustomField("email_new_time", 0);
+			$account_logged->setEmail($email_new);
+			$account_logged->save();
+			$account_logged->logAction('Account email changed to <b>' . $email_new . '</b>');
+			
+			echo $twig->render('success.html.twig', array(
+				'title' => 'Email Address Change Accepted',
+				'description' => 'You have accepted <b>' . $account_logged->getEmail() . '</b> as your new email adress.'
+			));
+		}
+		else
+		{
+			$custom_buttons = '
+<table width="100%">
+	<tr>
+		<td width="30">&nbsp;</td>
+		<td align=left>
+			<form action="' . getLink('account/email') . '" method="post"><input type="hidden" name="changeemailsave" value=1 >
+				<INPUT TYPE=image NAME="I Agree" SRC="' . $template_path . '/images/buttons/sbutton_iagree.gif" BORDER=0 WIDTH=120 HEIGHT=17>
+			</form>
+		</td>
+		<td align=left>
+			<form action="' . getLink('account/email') . '" method="post">
+				<input type="hidden" name="emailchangecancel" value=1 >
+				<input type=image name="Cancel" src="' . $template_path . '/images/buttons/sbutton_cancel.gif" BORDER=0 WIDTH=120 HEIGHT=17>
+			</form>
+		</td>
+		<td align=right>
+			<form action="?subtopic=accountmanagement" method="post" >
+				<div class="BigButton" style="background-image:url(' . $template_path . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $template_path . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="' . $template_path . '/images/buttons/_sbutton_back.gif" ></div>
+				</div>
+			</form>
+		</td>
+		<td width="30">&nbsp;</td>
+	</tr>
+</table>';
+			echo $twig->render('success.html.twig', array(
+				'title' => 'Email Address Change Accepted',
+				'description' => 'Do you accept <b>'.$email_new.'</b> as your new email adress?',
+				'custom_buttons' => $custom_buttons
+			));
+		}
+	}
+	else
+	{
+		$custom_buttons = '
+<table style="width:100%;" >
+	<tr align="center">
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0" >
+				<form action="{{ ' .getLink('account/email') . ' }}" method="post" >
+					<tr>
+						<td style="border:0px;" >
+							<input type="hidden" name="emailchangecancel" value="1" >
+							<div class="BigButton" style="background-image:url(' . $template_path . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $template_path . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Cancel" alt="Cancel" src="'.$template_path.'/images/buttons/_sbutton_cancel.gif" ></div>
+							</div>
+						</td>
+					</tr>
+				</form>
+			</table>
+		</td>
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0" >
+				<form action="' . getLink('account/manage') . '" method="post" >
+					<tr>
+						<td style="border:0px;" >
+							<div class="BigButton" style="background-image:url(' . $template_path . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $template_path . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="' . $template_path . '/images/buttons/_sbutton_back.gif" ></div>
+							</div>
+						</td>
+					</tr>
+				</form>
+			</table>
+		</td>
+	</tr>
+</table>';
+		echo $twig->render('success.html.twig', array(
+			'title' => 'Change of Email Address',
+			'description' => 'A request has been submitted to change the email address of this account to <b>'.$email_new.'</b>.<br/>The actual change will take place on <b>'.date("j F Y, G:i:s", $email_new_time).'</b>.<br>If you do not want to change your email address, please click on "Cancel".',
+			'custom_buttons' => $custom_buttons
+		));
+	}
+}
+if(isset($_POST['emailchangecancel']) && $_POST['emailchangecancel'] == 1) {
+	$account_logged->setCustomField("email_new", "");
+	$account_logged->setCustomField("email_new_time", 0);
+	
+	$custom_buttons = '<center><table border="0" cellspacing="0" cellpadding="0" ><form action="?subtopic=accountmanagement" method="post" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url('.$template_path.'/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url('.$template_path.'/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="'.$template_path.'/images/buttons/_sbutton_back.gif" ></div></div></td></tr></form></table></center>';
+	
+	echo $twig->render('success.html.twig', array(
+		'title' => 'Email Address Change Cancelled',
+		'description' => 'Your request to change the email address of your account has been cancelled. The email address will not be changed.',
+		'custom_buttons' => $custom_buttons
+	));
+}
+?>

system/pages/account/change_info.php

@@ -0,0 +1,62 @@
+<?php
+/**
+ * Change info
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$show_form = true;
+$new_rlname = isset($_POST['info_rlname']) ? htmlspecialchars(stripslashes($_POST['info_rlname'])) : NULL;
+$new_location = isset($_POST['info_location']) ? htmlspecialchars(stripslashes($_POST['info_location'])) : NULL;
+$new_country = isset($_POST['info_country']) ? htmlspecialchars(stripslashes($_POST['info_country'])) : NULL;
+if(isset($_POST['changeinfosave']) && $_POST['changeinfosave'] == 1) {
+	if(!isset($config['countries'][$new_country]))
+		$errors[] = 'Country is not correct.';
+	
+	if(empty($errors)) {
+		//save data from form
+		$account_logged->setCustomField("rlname", $new_rlname);
+		$account_logged->setCustomField("location", $new_location);
+		$account_logged->setCustomField("country", $new_country);
+		$account_logged->logAction('Changed Real Name to <b>' . $new_rlname . '</b>, Location to <b>' . $new_location . '</b> and Country to <b>' . $config['countries'][$new_country] . '</b>.');
+		echo $twig->render('success.html.twig', array(
+			'title' => 'Public Information Changed',
+			'description' => 'Your public information has been changed.'
+		));
+		$show_form = false;
+	}
+	else {
+		echo $twig->render('error_box.html.twig', array('errors' => $errors));
+	}
+}
+
+//show form
+if($show_form) {
+	$account_rlname = $account_logged->getCustomField("rlname");
+	$account_location = $account_logged->getCustomField("location");
+	if ($config['account_country'])
+		$account_country = $account_logged->getCustomField("country");
+	
+	$countries = array();
+	foreach (array('pl', 'se', 'br', 'us', 'gb',) as $country)
+		$countries[$country] = $config['countries'][$country];
+	
+	$countries['--'] = '----------';
+	
+	foreach ($config['countries'] as $code => $country)
+		$countries[$code] = $country;
+	
+	echo $twig->render('account.change_info.html.twig', array(
+		'countries' => $countries,
+		'account_rlname' => $account_rlname,
+		'account_location' => $account_location,
+		'account_country' => $account_country
+	));
+}
+?>

system/pages/account/change_name.php

@@ -0,0 +1,93 @@
+<?php
+/**
+ * Change characters name
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+echo '<script type="text/javascript" src="tools/check_name.js"></script>';
+
+$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
+$name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : NULL;
+if((!$config['account_change_character_name']))
+	echo 'Changing character name for premium points is disabled on this server.';
+else
+{
+	$points = $account_logged->getCustomField('premium_points');
+	if(isset($_POST['changenamesave']) && $_POST['changenamesave'] == 1) {
+		if($points < $config['account_change_character_name_points'])
+			$errors[] = 'You need ' . $config['account_change_character_name_points'] . ' premium points to change name. You have <b>'.$points.'<b> premium points.';
+		
+		if(empty($errors) && empty($name))
+			$errors[] = 'Please enter a new name for your character!';
+		else if(strlen($name) > 25)
+			$errors[] = 'Name is too long. Max. lenght <b>25</b> letters.';
+		else if(strlen($name) < 3)
+			$errors[] = 'Name is too short. Min. lenght <b>3</b> letters.';
+		else {
+			$exist = new OTS_Player();
+			$exist->find($name);
+			if($exist->isLoaded()) {
+				$errors[] = 'Character with this name already exist.';
+			}
+		}
+		
+		if(empty($errors))
+		{
+			if(!admin() && !Validator::newCharacterName($name))
+				$errors[] = Validator::getLastError();
+		}
+		
+		if(empty($errors)) {
+			$player = new OTS_Player();
+			$player->load($player_id);
+			if($player->isLoaded()) {
+				$player_account = $player->getAccount();
+				if($account_logged->getId() == $player_account->getId()) {
+					if($player->isOnline()) {
+						$errors[] = 'This character is online.';
+					}
+					
+					if(empty($errors)) {
+						$show_form = false;
+						$old_name = $player->getName();
+						$player->setName($name);
+						$player->save();
+						$account_logged->setCustomField("premium_points", $points - $config['account_change_character_name_points']);
+						$account_logged->logAction('Changed name from <b>' . $old_name . '</b> to <b>' . $player->getName() . '</b>.');
+						echo $twig->render('success.html.twig', array(
+							'title' => 'Character Name Changed',
+							'description' => 'The character <b>'.$old_name.'</b> name has been changed to <b>' . $player->getName() . '</b>.'
+						));
+					}
+				}
+				else {
+					$errors[] = 'Character <b>' . $player_name . '</b> is not on your account.';
+				}
+			}
+			else {
+				$errors[] = "Character with this name doesn't exist.";
+			}
+		}
+	}
+	
+	if($show_form) {
+		if(!empty($errors)) {
+			echo $twig->render('error_box.html.twig', array('errors' => $errors));
+		}
+		
+		echo $twig->render('account.change_name.html.twig', array(
+			'points' => $points,
+			'errors' => $errors
+			//'account_players' => $account_logged->getPlayersList()
+		));
+	}
+}
+
+?>

system/pages/account/change_password.php

@@ -0,0 +1,84 @@
+<?php
+/**
+ * Change password
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$new_password = isset($_POST['newpassword']) ? $_POST['newpassword'] : NULL;
+$new_password2 = isset($_POST['newpassword2']) ? $_POST['newpassword2'] : NULL;
+$old_password = isset($_POST['oldpassword']) ? $_POST['oldpassword'] : NULL;
+if(empty($new_password) && empty($new_password2) && empty($old_password)) {
+	echo $twig->render('account.change_password.html.twig');
+}
+else
+{
+	if(empty($new_password) || empty($new_password2) || empty($old_password)){
+		$errors[] = "Please fill in form.";
+	}
+	$password_strlen = strlen($new_password);
+	if($new_password != $new_password2) {
+		$errors[] = "The new passwords do not match!";
+	}
+	
+	if(empty($errors)) {
+		if(!Validator::password($new_password)) {
+			$errors[] = Validator::getLastError();
+		}
+		
+		$old_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $old_password);
+		if($old_password != $account_logged->getPassword()) {
+			$errors[] = "Current password is incorrect!";
+		}
+	}
+	if(!empty($errors)){
+		//show errors
+		echo $twig->render('error_box.html.twig', array('errors' => $errors));
+		
+		//show form
+		echo $twig->render('account.change_password.html.twig');
+	}
+	else
+	{
+		$org_pass = $new_password;
+		
+		if($config_salt_enabled)
+		{
+			$salt = generateRandomString(10, false, true, true);
+			$new_password = $salt . $new_password;
+			$account_logged->setCustomField('salt', $salt);
+		}
+		
+		$new_password = encrypt($new_password);
+		$account_logged->setPassword($new_password);
+		$account_logged->save();
+		$account_logged->logAction('Account password changed.');
+		
+		$message = '';
+		if($config['mail_enabled'] && $config['send_mail_when_change_password'])
+		{
+			$mailBody = $twig->render('mail.password_changed.html.twig', array(
+				'new_password' => $org_pass
+			));
+			
+			if(_mail($account_logged->getEMail(), $config['lua']['serverName']." - Changed password", $mailBody))
+				$message = '<br/><small>Your new password were send on email address <b>'.$account_logged->getEMail().'</b>.</small>';
+			else
+				$message = '<br/><p class="error">An error occorred while sending email with password:<br/>' . $mailer->ErrorInfo . '</p>';
+		}
+		
+		echo $twig->render('success.html.twig', array(
+			'title' => 'Password Changed',
+			'description' => 'Your password has been changed.' . $message
+		));
+		setSession('password', $new_password);
+	}
+}
+
+?>

system/pages/account/change_sex.php

@@ -0,0 +1,89 @@
+<?php
+/**
+ * Change sex
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$sex_changed = false;
+$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
+$new_sex = isset($_POST['new_sex']) ? (int)$_POST['new_sex'] : NULL;
+if((!$config['account_change_character_sex']))
+	echo 'You cant change your character sex';
+else
+{
+	$points = $account_logged->getCustomField('premium_points');
+	if(isset($_POST['changesexsave']) && $_POST['changesexsave'] == 1) {
+		if($points < $config['account_change_character_sex_points'])
+			$errors[] = 'You need ' . $config['account_change_character_sex_points'] . ' premium points to change sex. You have <b>'.$points.'</b> premium points.';
+		
+		if(empty($errors) && !isset($config['genders'][$new_sex])) {
+			$errors[] = 'This sex is invalid.';
+		}
+		
+		if(empty($errors)) {
+			$player = new OTS_Player();
+			$player->load($player_id);
+			
+			if($player->isLoaded()) {
+				$player_account = $player->getAccount();
+				
+				if($account_logged->getId() == $player_account->getId()) {
+					if($player->isOnline()) {
+						$errors[] = 'This character is online.';
+					}
+					
+					if(empty($errors) && $player->getSex() == $new_sex)
+						$errors[] = 'Sex cannot be same';
+					
+					if(empty($errors)) {
+						$sex_changed = true;
+						$old_sex = $player->getSex();
+						$player->setSex($new_sex);
+						
+						$old_sex_str = 'Unknown';
+						if(isset($config['genders'][$old_sex]))
+							$old_sex_str = $config['genders'][$old_sex];
+						
+						$new_sex_str = 'Unknown';
+						if(isset($config['genders'][$new_sex]))
+							$new_sex_str = $config['genders'][$new_sex];
+						
+						$player->save();
+						$account_logged->setCustomField("premium_points", $points - $config['account_change_character_name_points']);
+						$account_logged->logAction('Changed sex on character <b>' . $player->getName() . '</b> from <b>' . $old_sex_str . '</b> to <b>' . $new_sex_str . '</b>.');
+						echo $twig->render('success.html.twig', array(
+							'title' => 'Character Sex Changed',
+							'description' => 'The character <b>' . $player->getName() . '</b> sex has been changed to <b>' . $new_sex_str . '</b>.'
+						));
+					}
+				}
+				else {
+					$errors[] = 'Character <b>'.$player_name.'</b> is not on your account.';
+				}
+			}
+			else {
+				$errors[] = "Character with this name doesn't exist.";
+			}
+		}
+	}
+	
+	if(!$sex_changed) {
+		if(!empty($errors)) {
+			echo $twig->render('error_box.html.twig', array('errors' => $errors));
+		}
+		echo $twig->render('account.change_sex.html.twig', array(
+			'players' => $account_logged->getPlayersList(),
+			'player_sex' => isset($player) ? $player->getSex() : -1,
+			'points' => $points
+		));
+	}
+}
+
+?>

system/pages/account/create_character.php

@@ -0,0 +1,208 @@
+<?php
+/**
+ * Create character
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+echo '<script type="text/javascript" src="tools/check_name.js"></script>';
+$newchar_name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : NULL;
+$newchar_sex = isset($_POST['sex']) ? $_POST['sex'] : NULL;
+$newchar_vocation = isset($_POST['vocation']) ? $_POST['vocation'] : NULL;
+$newchar_town = isset($_POST['town']) ? $_POST['town'] : NULL;
+
+$newchar_created = false;
+$save = isset($_POST['save']) && $_POST['save'] == 1;
+if($save) {
+	if(empty($newchar_name))
+		$errors['name'] = 'Please enter a name for your character!';
+	else if(strlen($newchar_name) > 25)
+		$errors['name'] = 'Name is too long. Max. lenght <b>25</b> letters.';
+	else if(strlen($newchar_name) < 3)
+		$errors['name'] = 'Name is too short. Min. lenght <b>3</b> letters.';
+	else {
+		if(!admin() && !Validator::newCharacterName($newchar_name)) {
+			$errors['name'] = Validator::getLastError();
+		}
+		
+		$exist = new OTS_Player();
+		$exist->find($newchar_name);
+		if($exist->isLoaded()) {
+			$errors['name'] = 'Character with this name already exist.';
+		}
+	}
+	
+	if(empty($newchar_sex) && $newchar_sex != "0")
+		$errors[] = 'Please select the sex for your character!';
+	
+	if(count($config['character_samples']) > 1)
+	{
+		if(!isset($newchar_vocation))
+			$errors[] = 'Please select a vocation for your character.';
+	}
+	else
+		$newchar_vocation = $config['character_samples'][0];
+	
+	if(count($config['character_towns']) > 1) {
+		if(!isset($newchar_town))
+			$errors[] = 'Please select a town for your character.';
+	}
+	else {
+		$newchar_town = $config['character_towns'][0];
+	}
+	
+	if(empty($errors)) {
+		if(!isset($config['genders'][$newchar_sex]))
+			$errors[] = 'Sex is invalid.';
+		if(!in_array($newchar_town, $config['character_towns']))
+			$errors[] = 'Please select valid town.';
+		if(count($config['character_samples']) > 1)
+		{
+			$newchar_vocation_check = false;
+			foreach($config['character_samples'] as $char_vocation_key => $sample_char)
+				if($newchar_vocation == $char_vocation_key)
+					$newchar_vocation_check = true;
+			if(!$newchar_vocation_check)
+				$errors[] = 'Unknown vocation. Please fill in form again.';
+		}
+		else
+			$newchar_vocation = 0;
+	}
+	
+	if(empty($errors))
+	{
+		$number_of_players_on_account = $account_logged->getPlayersList()->count();
+		if($number_of_players_on_account >= $config['characters_per_account'])
+			$errors[] = 'You have too many characters on your account <b>('.$number_of_players_on_account.'/'.$config['characters_per_account'].')</b>!';
+	}
+	
+	if(empty($errors))
+	{
+		$char_to_copy_name = $config['character_samples'][$newchar_vocation];
+		$char_to_copy = new OTS_Player();
+		$char_to_copy->find($char_to_copy_name);
+		if(!$char_to_copy->isLoaded())
+			$errors[] = 'Wrong characters configuration. Try again or contact with admin. ADMIN: Edit file config/config.php and set valid characters to copy names. Character to copy: <b>'.$char_to_copy_name.'</b> doesn\'t exist.';
+	}
+	
+	if(empty($errors))
+	{
+		if($newchar_sex == "0")
+			$char_to_copy->setLookType(136);
+		$player = $ots->createObject('Player');
+		$player->setName($newchar_name);
+		$player->setAccount($account_logged);
+		//$player->setGroupId($char_to_copy->getGroup()->getId());
+		$player->setGroupId(1);
+		$player->setSex($newchar_sex);
+		$player->setVocation($char_to_copy->getVocation());
+		if(fieldExist('promotion', 'players'))
+			$player->setPromotion($char_to_copy->getPromotion());
+		
+		if(fieldExist('direction', 'players'))
+			$player->setDirection($char_to_copy->getDirection());
+		
+		$player->setConditions($char_to_copy->getConditions());
+		$rank = $char_to_copy->getRank();
+		if($rank->isLoaded()) {
+			$player->setRank($char_to_copy->getRank());
+		}
+		
+		if(fieldExist('lookaddons', 'players'))
+			$player->setLookAddons($char_to_copy->getLookAddons());
+		
+		$player->setTownId($newchar_town);
+		$player->setExperience($char_to_copy->getExperience());
+		$player->setLevel($char_to_copy->getLevel());
+		$player->setMagLevel($char_to_copy->getMagLevel());
+		$player->setHealth($char_to_copy->getHealth());
+		$player->setHealthMax($char_to_copy->getHealthMax());
+		$player->setMana($char_to_copy->getMana());
+		$player->setManaMax($char_to_copy->getManaMax());
+		$player->setManaSpent($char_to_copy->getManaSpent());
+		$player->setSoul($char_to_copy->getSoul());
+		
+		for($skill = POT::SKILL_FIRST; $skill <= POT::SKILL_LAST; $skill++)
+			$player->setSkill($skill, 10);
+		
+		$player->setLookBody($char_to_copy->getLookBody());
+		$player->setLookFeet($char_to_copy->getLookFeet());
+		$player->setLookHead($char_to_copy->getLookHead());
+		$player->setLookLegs($char_to_copy->getLookLegs());
+		$player->setLookType($char_to_copy->getLookType());
+		$player->setCap($char_to_copy->getCap());
+		$player->setBalance(0);
+		$player->setPosX(0);
+		$player->setPosY(0);
+		$player->setPosZ(0);
+		$player->setStamina($config['otserv_version'] == TFS_03 ? 151200000 : 2520);
+		if(fieldExist('loss_experience', 'players')) {
+			$player->setLossExperience($char_to_copy->getLossExperience());
+			$player->setLossMana($char_to_copy->getLossMana());
+			$player->setLossSkills($char_to_copy->getLossSkills());
+		}
+		if(fieldExist('loss_items', 'players')) {
+			$player->setLossItems($char_to_copy->getLossItems());
+			$player->setLossContainers($char_to_copy->getLossContainers());
+		}
+		
+		$player->save();
+		$player->setCustomField("created", time());
+		
+		$newchar_created = true;
+		$account_logged->logAction('Created character <b>' . $player->getName() . '</b>.');
+		unset($player);
+		
+		$player = new OTS_Player();
+		$player->find($newchar_name);
+		
+		if($player->isLoaded()) {
+			if(tableExist('player_skills')) {
+				for($i=0; $i<7; $i++) {
+					$skillExists = $db->query('SELECT `skillid` FROM `player_skills` WHERE `player_id` = ' . $player->getId() . ' AND `skillid` = ' . $i);
+					if($skillExists->rowCount() <= 0) {
+						$db->query('INSERT INTO `player_skills` (`player_id`, `skillid`, `value`, `count`) VALUES ('.$player->getId().', '.$i.', 10, 0)');
+					}
+				}
+			}
+			
+			$loaded_items_to_copy = $db->query("SELECT * FROM player_items WHERE player_id = ".$char_to_copy->getId()."");
+			foreach($loaded_items_to_copy as $save_item)
+				$db->query("INSERT INTO `player_items` (`player_id` ,`pid` ,`sid` ,`itemtype`, `count`, `attributes`) VALUES ('".$player->getId()."', '".$save_item['pid']."', '".$save_item['sid']."', '".$save_item['itemtype']."', '".$save_item['count']."', '".$save_item['attributes']."');");
+			
+			echo $twig->render('success.html.twig', array(
+				'title' => 'Character Created',
+				'description' => 'The character <b>' . $newchar_name . '</b> has been created.<br/>
+							Please select the outfit when you log in for the first time.<br/><br/>
+							<b>See you on ' . $config['lua']['serverName'] . '!</b>'
+			));
+		}
+		else
+		{
+			error("Error. Can't create character. Probably problem with database. Please try again later or contact with admin.");
+			return;
+		}
+	}
+}
+
+if(count($errors) > 0) {
+	echo $twig->render('error_box.html.twig', array('errors' => $errors));
+}
+
+if(!$newchar_created) {
+	echo $twig->render('account.create_character.html.twig', array(
+		'name' => $newchar_name,
+		'sex' => $newchar_sex,
+		'vocation' => $newchar_vocation,
+		'town' => $newchar_town,
+		'save' => $save,
+		'errors' => $errors
+	));
+}
+?>

system/pages/account/delete_character.php

@@ -0,0 +1,70 @@
+<?php
+/**
+ * Delete character
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$player_name = isset($_POST['delete_name']) ? stripslashes($_POST['delete_name']) : NULL;
+$password_verify = isset($_POST['delete_password']) ? $_POST['delete_password'] : NULL;
+$password_verify = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $password_verify);
+if(isset($_POST['deletecharactersave']) && $_POST['deletecharactersave'] == 1) {
+	if(!empty($player_name) && !empty($password_verify)) {
+		if(Validator::characterName($player_name)) {
+			$player = new OTS_Player();
+			$player->find($player_name);
+			if($player->isLoaded()) {
+				$player_account = $player->getAccount();
+				if($account_logged->getId() == $player_account->getId()) {
+					if($password_verify == $account_logged->getPassword()) {
+						if(!$player->isOnline())
+						{
+							//dont show table "delete character" again
+							$show_form = false;
+							//delete player
+							if(fieldExist('deletion', 'players'))
+								$player->setCustomField('deletion', 1);
+							else
+								$player->setCustomField('deleted', 1);
+							$account_logged->logAction('Deleted character <b>' . $player->getName() . '</b>.');
+							echo $twig->render('success.html.twig', array(
+								'title' => 'Character Deleted',
+								'description' => 'The character <b>' . $player_name . '</b> has been deleted.'
+							));
+						}
+						else
+							$errors[] = 'This character is online.';
+					}
+					else {
+						$errors[] = 'Wrong password to account.';
+					}
+				}
+				else {
+					$errors[] = 'Character <b>'.$player_name.'</b> is not on your account.';
+				}
+			}
+			else {
+				$errors[] = 'Character with this name doesn\'t exist.';
+			}
+		}
+		else {
+			$errors[] = 'Name contain illegal characters.';
+		}
+	}
+	else {
+		$errors[] = 'Character name or/and password is empty. Please fill in form.';
+	}
+}
+if($show_form) {
+	if(!empty($errors)) {
+		echo $twig->render('error_box.html.twig', array('errors' => $errors));
+	}
+	echo $twig->render('account.delete_character.html.twig');
+}
+?>

system/pages/account/register.php

@@ -0,0 +1,59 @@
+<?php
+/**
+ * Register Account
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$_POST['reg_password'] = isset($_POST['reg_password']) ? $_POST['reg_password'] : '';
+$reg_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
+$old_key = $account_logged->getCustomField("key");
+
+if(isset($_POST['registeraccountsave']) && $_POST['registeraccountsave'] == "1") {
+	if($reg_password == $account_logged->getPassword()) {
+		if(empty($old_key)) {
+			$show_form = false;
+			$new_rec_key = generateRandomString(10, false, true, true);
+			
+			$account_logged->setCustomField("key", $new_rec_key);
+			$account_logged->logAction('Generated recovery key.');
+			
+			if($config['mail_enabled'] && $config['send_mail_when_generate_reckey'])
+			{
+				$mailBody = $twig->render('mail.account.register.html.twig', array(
+					'recovery_key' => $new_rec_key
+				));
+				if(_mail($account_logged->getEMail(), $config['lua']['serverName']." - Recovery Key", $mailBody))
+					$message = '<br /><small>Your recovery key were send on email address <b>'.$account_logged->getEMail().'</b>.</small>';
+				else
+					$message = '<br /><p class="error">An error occorred while sending email with recovery key! You will not receive e-mail with this key. Error:<br/>' . $mailer->ErrorInfo . '</p>';
+			}
+			echo $twig->render('success.html.twig', array(
+				'title' => 'Account Registered',
+				'description' => 'Thank you for registering your account! You can now recover your account if you have lost access to the assigned email address by using the following<br/><br/><font size="5">&nbsp;&nbsp;&nbsp;<b>Recovery Key: '.$new_rec_key.'</b></font><br/><br/><br/><b>Important:</b><ul><li>Write down this recovery key carefully.</li><li>Store it at a safe place!</li>' . $message . '</ul>'
+			));
+		}
+		else
+			$errors[] = 'Your account is already registered.';
+	}
+	else
+		$errors[] = 'Wrong password to account.';
+}
+
+if($show_form) {
+	if(!empty($errors)) {
+		//show errors
+		echo $twig->render('error_box.html.twig', array('errors' => $errors));
+	}
+	
+	//show form
+	echo $twig->render('account.generate_recovery_key.html.twig');
+}
+
+?>

system/pages/account/register_new.php

@@ -0,0 +1,72 @@
+<?php
+/**
+ * Register Account New
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+if(isset($_POST['reg_password']))
+	$reg_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
+
+$reckey = $account_logged->getCustomField('key');
+if((!$config['generate_new_reckey'] || !$config['mail_enabled']) || empty($reckey))
+	echo 'You cant get new rec key';
+else
+{
+	$points = $account_logged->getCustomField('premium_points');
+	if(isset($_POST['registeraccountsave']) && $_POST['registeraccountsave'] == '1')
+	{
+		if($reg_password == $account_logged->getPassword())
+		{
+			if($points >= $config['generate_new_reckey_price'])
+			{
+				$show_form = false;
+				$new_rec_key = generateRandomString(10, false, true, true);
+				
+				$mailBody = $twig->render('mail.account.register.html.twig', array(
+					'recovery_key' => $new_rec_key
+				));
+				
+				if(_mail($account_logged->getEMail(), $config['lua']['serverName']." - new recovery key", $mailBody))
+				{
+					$account_logged->setCustomField("key", $new_rec_key);
+					$account_logged->setCustomField("premium_points", $account_logged->getCustomField("premium_points") - $config['generate_new_reckey_price']);
+					$account_logged->logAction('Generated new recovery key for ' . $config['generate_new_reckey_price'] . ' premium points.');
+					$message = '<br />Your recovery key were send on email address <b>'.$account_logged->getEMail().'</b> for '.$config['generate_new_reckey_price'].' premium points.';
+				}
+				else
+					$message = '<br /><p class="error">An error occorred while sending email ( <b>'.$account_logged->getEMail().'</b> ) with recovery key! Recovery key not changed. Try again. Error:<br/>' . $mailer->ErrorInfo . '</p>';
+				
+				echo $twig->render('success.html.twig', array(
+					'title' => 'Account Registered',
+					'description' => '<ul>' . $message . '</ul>'
+				));
+			}
+			else
+				$errors[] = 'You need '.$config['generate_new_reckey_price'].' premium points to generate new recovery key. You have <b>'.$points.'<b> premium points.';
+		}
+		else
+			$errors[] = 'Wrong password to account.';
+	}
+	
+	//show errors if not empty
+	if(!empty($errors)) {
+		echo $twig->render('error_box.html.twig', array('errors' => $errors));
+	}
+	
+	if($show_form)
+	{
+		//show form
+		echo $twig->render('account.generate_new_recovery_key.html.twig', array(
+			'points' => $points
+		));
+	}
+}
+
+?>

system/pages/accountmanagement.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -124,862 +124,7 @@ $errors = array();
 			'players' => $account_players
 		));
 	}
-//########### CHANGE PASSWORD ##########
+	else if(file_exists(PAGES . 'account/' . $action . '.php')) {
-	if($action == "changepassword") {
+		require(PAGES . 'account/' . $action . '.php');
-		$new_password = isset($_POST['newpassword']) ? $_POST['newpassword'] : NULL;
-		$new_password2 = isset($_POST['newpassword2']) ? $_POST['newpassword2'] : NULL;
-		$old_password = isset($_POST['oldpassword']) ? $_POST['oldpassword'] : NULL;
-		if(empty($new_password) && empty($new_password2) && empty($old_password)) {
-			echo $twig->render('account.change_password.html.twig');
-		}
-		else
-		{
-			if(empty($new_password) || empty($new_password2) || empty($old_password)){
-				$errors[] = "Please fill in form.";
-			}
-			$password_strlen = strlen($new_password);
-			if($new_password != $new_password2) {
-				$errors[] = "The new passwords do not match!";
-			}
-			
-			if(empty($errors)) {
-				if(!Validator::password($new_password)) {
-					$errors[] = Validator::getLastError();
-				}
-				
-				$old_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $old_password);
-				if($old_password != $account_logged->getPassword()) {
-					$errors[] = "Current password is incorrect!";
-				}
-			}
-			if(!empty($errors)){
-				//show errors
-				echo $twig->render('error_box.html.twig', array('errors' => $errors));
-				
-				//show form
-				echo $twig->render('account.change_password.html.twig');
-			}
-			else
-			{
-				$org_pass = $new_password;
-				
-				if($config_salt_enabled)
-				{
-					$salt = generateRandomString(10, false, true, true);
-					$new_password = $salt . $new_password;
-					$account_logged->setCustomField('salt', $salt);
-				}
-		
-				$new_password = encrypt($new_password);
-				$account_logged->setPassword($new_password);
-				$account_logged->save();
-				$account_logged->logAction('Account password changed.');
-				
-				$message = '';
-				if($config['mail_enabled'] && $config['send_mail_when_change_password'])
-				{
-					$mailBody = $twig->render('mail.password_changed.html.twig', array(
-						'new_password' => $org_pass
-					));
-					
-					if(_mail($account_logged->getEMail(), $config['lua']['serverName']." - Changed password", $mailBody))
-						$message = '<br/><small>Your new password were send on email address <b>'.$account_logged->getEMail().'</b>.</small>';
-					else
-						$message = '<br/><p class="error">An error occorred while sending email with password:<br/>' . $mailer->ErrorInfo . '</p>';
-				}
-				
-				echo $twig->render('success.html.twig', array(
-					'title' => 'Password Changed',
-					'description' => 'Your password has been changed.' . $message
-				));
-				$_SESSION['password'] = $new_password;
-			}
-		}
-	}
-
-//############# CHANGE E-MAIL ###################
-if($action == "changeemail") {
-	$email_new_time = $account_logged->getCustomField("email_new_time");
-	
-	if($email_new_time > 10) {
-		$email_new = $account_logged->getCustomField("email_new");
-	}
-	
-	if($email_new_time < 10) {
-		if(isset($_POST['changeemailsave']) && $_POST['changeemailsave'] == 1) {
-			$email_new = $_POST['new_email'];
-			$post_password = $_POST['password'];
-			
-			if(!Validator::email($email_new)) {
-				$errors[] = Validator::getLastError();
-			}
-			
-			if(empty($post_password)) {
-				$errors[] = 'Please enter password to your account.';
-			}
-			else {
-				$post_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $post_password);
-				if($post_password != $account_logged->getPassword()) {
-					$errors[] = 'Wrong password to account.';
-				}
-			}
-			
-			if(empty($errors)) {
-				$email_new_time = time() + $config['account_mail_change'] * 24 * 3600;
-				$account_logged->setCustomField("email_new", $email_new);
-				$account_logged->setCustomField("email_new_time", $email_new_time);
-				echo $twig->render('success.html.twig', array(
-					'title' => 'New Email Address Requested',
-					'description' => 'You have requested to change your email address to <b>' . $email_new . '</b>. The actual change will take place after <b>' . date("j F Y, G:i:s", $email_new_time) . '</b>, during which you can cancel the request at any time.'
-				));
-			}
-			else
-			{
-				//show errors
-				echo $twig->render('error_box.html.twig', array('errors' => $errors));
-				
-				//show form
-				echo $twig->render('account.change_mail.html.twig', array(
-					'new_email' => isset($_POST['new_email']) ? $_POST['new_email'] : null
-				));
-			}
-		}
-		else
-		{
-			echo $twig->render('account.change_mail.html.twig', array(
-				'new_email' => isset($_POST['new_email']) ? $_POST['new_email'] : null
-			));
-		}
-	
-	}
-	else
-	{
-		if($email_new_time < time()) {
-			if($_POST['changeemailsave'] == 1) {
-				$account_logged->setCustomField("email_new", "");
-				$account_logged->setCustomField("email_new_time", 0);
-				$account_logged->setEmail($email_new);
-				$account_logged->save();
-				$account_logged->logAction('Account email changed to <b>' . $email_new . '</b>');
-				
-				echo $twig->render('success.html.twig', array(
-					'title' => 'Email Address Change Accepted',
-					'description' => 'You have accepted <b>' . $account_logged->getEmail() . '</b> as your new email adress.'
-				));
-			}
-			else
-			{
-				$custom_buttons = '
-<table width="100%">
-	<tr>
-		<td width="30">&nbsp;</td>
-		<td align=left>
-			<form action="?subtopic=accountmanagement&action=changeemail" method="post"><input type="hidden" name="changeemailsave" value=1 >
-				<INPUT TYPE=image NAME="I Agree" SRC="' . $template_path . '/images/buttons/sbutton_iagree.gif" BORDER=0 WIDTH=120 HEIGHT=17>
-			</form>
-		</td>
-		<td align=left>
-			<form action="?subtopic=accountmanagement&action=changeemail" method="post">
-				<input type="hidden" name="emailchangecancel" value=1 >
-				<input type=image name="Cancel" src="' . $template_path . '/images/buttons/sbutton_cancel.gif" BORDER=0 WIDTH=120 HEIGHT=17>
-			</form>
-		</td>
-		<td align=right>
-			<form action="?subtopic=accountmanagement" method="post" >
-				<div class="BigButton" style="background-image:url(' . $template_path . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $template_path . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="' . $template_path . '/images/buttons/_sbutton_back.gif" ></div>
-				</div>
-			</form>
-		</td>
-		<td width="30">&nbsp;</td>
-	</tr>
-</table>';
-				echo $twig->render('success.html.twig', array(
-					'title' => 'Email Address Change Accepted',
-					'description' => 'Do you accept <b>'.$email_new.'</b> as your new email adress?',
-					'custom_buttons' => $custom_buttons
-				));
-			}
-		}
-		else
-		{
-			$custom_buttons = '
-<table style="width:100%;" >
-	<tr align="center">
-		<td>
-			<table border="0" cellspacing="0" cellpadding="0" >
-				<form action="?subtopic=accountmanagement&action=changeemail" method="post" >
-					<tr>
-						<td style="border:0px;" >
-							<input type="hidden" name="emailchangecancel" value="1" >
-							<div class="BigButton" style="background-image:url(' . $template_path . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $template_path . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Cancel" alt="Cancel" src="'.$template_path.'/images/buttons/_sbutton_cancel.gif" ></div>
-							</div>
-						</td>
-					</tr>
-				</form>
-			</table>
-		</td>
-		<td>
-			<table border="0" cellspacing="0" cellpadding="0" >
-				<form action="?subtopic=accountmanagement" method="post" >
-					<tr>
-						<td style="border:0px;" >
-							<div class="BigButton" style="background-image:url(' . $template_path . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $template_path . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="' . $template_path . '/images/buttons/_sbutton_back.gif" ></div>
-							</div>
-						</td>
-					</tr>
-				</form>
-			</table>
-		</td>
-	</tr>
-</table>';
-			echo $twig->render('success.html.twig', array(
-				'title' => 'Change of Email Address',
-				'description' => 'A request has been submitted to change the email address of this account to <b>'.$email_new.'</b>.<br/>The actual change will take place on <b>'.date("j F Y, G:i:s", $email_new_time).'</b>.<br>If you do not want to change your email address, please click on "Cancel".',
-				'custom_buttons' => $custom_buttons
-			));
-		}
-	}
-	if(isset($_POST['emailchangecancel']) && $_POST['emailchangecancel'] == 1) {
-		$account_logged->setCustomField("email_new", "");
-		$account_logged->setCustomField("email_new_time", 0);
-		
-		$custom_buttons = '<center><table border="0" cellspacing="0" cellpadding="0" ><form action="?subtopic=accountmanagement" method="post" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url('.$template_path.'/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url('.$template_path.'/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="'.$template_path.'/images/buttons/_sbutton_back.gif" ></div></div></td></tr></form></table></center>';
-		
-		echo $twig->render('success.html.twig', array(
-			'title' => 'Email Address Change Cancelled',
-			'description' => 'Your request to change the email address of your account has been cancelled. The email address will not be changed.',
-			'custom_buttons' => $custom_buttons
-		));
-	}
-}
-
-//########### CHANGE PUBLIC INFORMATION (about account owner) ######################
-	if($action == "changeinfo") {
-		$show_form = true;
-		$new_rlname = isset($_POST['info_rlname']) ? htmlspecialchars(stripslashes($_POST['info_rlname'])) : NULL;
-		$new_location = isset($_POST['info_location']) ? htmlspecialchars(stripslashes($_POST['info_location'])) : NULL;
-		$new_country = isset($_POST['info_country']) ? htmlspecialchars(stripslashes($_POST['info_country'])) : NULL;
-		if(isset($_POST['changeinfosave']) && $_POST['changeinfosave'] == 1) {
-			if(!isset($config['countries'][$new_country]))
-				$errors[] = 'Country is not correct.';
-			
-			if(empty($errors)) {
-				//save data from form
-				$account_logged->setCustomField("rlname", $new_rlname);
-				$account_logged->setCustomField("location", $new_location);
-				$account_logged->setCustomField("country", $new_country);
-				$account_logged->logAction('Changed Real Name to <b>' . $new_rlname . '</b>, Location to <b>' . $new_location . '</b> and Country to <b>' . $config['countries'][$new_country] . '</b>.');
-				echo $twig->render('success.html.twig', array(
-					'title' => 'Public Information Changed',
-					'description' => 'Your public information has been changed.'
-				));
-				$show_form = false;
-			}
-			else {
-				echo $twig->render('error_box.html.twig', array('errors' => $errors));
-			}
-		}
-		
-		//show form
-		if($show_form) {
-			$account_rlname = $account_logged->getCustomField("rlname");
-			$account_location = $account_logged->getCustomField("location");
-			if ($config['account_country'])
-				$account_country = $account_logged->getCustomField("country");
-			
-			$countries = array();
-			foreach (array('pl', 'se', 'br', 'us', 'gb',) as $country)
-				$countries[$country] = $config['countries'][$country];
-			
-			$countries['--'] = '----------';
-			
-			foreach ($config['countries'] as $code => $country)
-				$countries[$code] = $country;
-			
-			echo $twig->render('account.change_info.html.twig', array(
-				'countries' => $countries,
-				'account_rlname' => $account_rlname,
-				'account_location' => $account_location,
-				'account_country' => $account_country
-			));
-		}
-	}
-
-//############## GENERATE RECOVERY KEY ###########
-	if($action == "registeraccount")
-	{
-		$_POST['reg_password'] = isset($_POST['reg_password']) ? $_POST['reg_password'] : '';
-		$reg_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
-		$old_key = $account_logged->getCustomField("key");
-		
-		if(isset($_POST['registeraccountsave']) && $_POST['registeraccountsave'] == "1") {
-			if($reg_password == $account_logged->getPassword()) {
-				if(empty($old_key)) {
-					$show_form = false;
-					$new_rec_key = generateRandomString(10, false, true, true);
-
-					$account_logged->setCustomField("key", $new_rec_key);
-					$account_logged->logAction('Generated recovery key.');
-					
-					if($config['mail_enabled'] && $config['send_mail_when_generate_reckey'])
-					{
-						$mailBody = $twig->render('mail.account.register.html.twig', array(
-							'recovery_key' => $new_rec_key
-						));
-						if(_mail($account_logged->getEMail(), $config['lua']['serverName']." - Recovery Key", $mailBody))
-							$message = '<br /><small>Your recovery key were send on email address <b>'.$account_logged->getEMail().'</b>.</small>';
-						else
-							$message = '<br /><p class="error">An error occorred while sending email with recovery key! You will not receive e-mail with this key. Error:<br/>' . $mailer->ErrorInfo . '</p>';
-					}
-					echo $twig->render('success.html.twig', array(
-						'title' => 'Account Registered',
-						'description' => 'Thank you for registering your account! You can now recover your account if you have lost access to the assigned email address by using the following<br/><br/><font size="5">&nbsp;&nbsp;&nbsp;<b>Recovery Key: '.$new_rec_key.'</b></font><br/><br/><br/><b>Important:</b><ul><li>Write down this recovery key carefully.</li><li>Store it at a safe place!</li>' . $message . '</ul>'
-					));
-				}
-				else
-					$errors[] = 'Your account is already registered.';
-			}
-			else
-				$errors[] = 'Wrong password to account.';
-		}
-		
-		if($show_form) {
-			if(!empty($errors)) {
-				//show errors
-				echo $twig->render('error_box.html.twig', array('errors' => $errors));
-			}
-			
-			//show form
-			echo $twig->render('account.generate_recovery_key.html.twig');
-		}
-	}
-
-//############## GENERATE NEW RECOVERY KEY ###########
-	if($action == "registernew")
-	{
-		if(isset($_POST['reg_password']))
-			$reg_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
-		
-		$reckey = $account_logged->getCustomField('key');
-		if((!$config['generate_new_reckey'] || !$config['mail_enabled']) || empty($reckey))
-			echo 'You cant get new rec key';
-		else
-		{
-			$points = $account_logged->getCustomField('premium_points');
-			if(isset($_POST['registeraccountsave']) && $_POST['registeraccountsave'] == '1')
-			{
-				if($reg_password == $account_logged->getPassword())
-				{
-					if($points >= $config['generate_new_reckey_price'])
-					{
-						$show_form = false;
-						$new_rec_key = generateRandomString(10, false, true, true);
-						
-						$mailBody = $twig->render('mail.account.register.html.twig', array(
-							'recovery_key' => $new_rec_key
-						));
-						
-						if(_mail($account_logged->getEMail(), $config['lua']['serverName']." - new recovery key", $mailBody))
-						{
-							$account_logged->setCustomField("key", $new_rec_key);
-							$account_logged->setCustomField("premium_points", $account_logged->getCustomField("premium_points") - $config['generate_new_reckey_price']);
-							$account_logged->logAction('Generated new recovery key for ' . $config['generate_new_reckey_price'] . ' premium points.');
-							$message = '<br />Your recovery key were send on email address <b>'.$account_logged->getEMail().'</b> for '.$config['generate_new_reckey_price'].' premium points.';
-						}
-						else
-							$message = '<br /><p class="error">An error occorred while sending email ( <b>'.$account_logged->getEMail().'</b> ) with recovery key! Recovery key not changed. Try again. Error:<br/>' . $mailer->ErrorInfo . '</p>';
-						
-						echo $twig->render('success.html.twig', array(
-							'title' => 'Account Registered',
-							'description' => '<ul>' . $message . '</ul>'
-						));
-					}
-					else
-						$errors[] = 'You need '.$config['generate_new_reckey_price'].' premium points to generate new recovery key. You have <b>'.$points.'<b> premium points.';
-				}
-				else
-					$errors[] = 'Wrong password to account.';
-			}
-			
-			//show errors if not empty
-			if(!empty($errors)) {
-				echo $twig->render('error_box.html.twig', array('errors' => $errors));
-			}
-			
-			if($show_form)
-			{
-				//show form
-				echo $twig->render('account.generate_new_recovery_key.html.twig', array(
-					'points' => $points
-				));
-			}
-		}
-	}
-
-
-
-//###### CHANGE CHARACTER COMMENT ######
-	if($action == "changecomment") {
-		$player_name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
-		$new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
-		$new_hideacc = isset($_POST['accountvisible']) ? (int)$_POST['accountvisible'] : NULL;
-		
-		if($player_name != null) {
-			if (Validator::characterName($player_name)) {
-				$player = new OTS_Player();
-				$player->find($player_name);
-				if ($player->isLoaded()) {
-					$player_account = $player->getAccount();
-					if ($account_logged->getId() == $player_account->getId()) {
-						if (isset($_POST['changecommentsave']) && $_POST['changecommentsave'] == 1) {
-							$player->setCustomField("hidden", $new_hideacc);
-							$player->setCustomField("comment", $new_comment);
-							$account_logged->logAction('Changed comment for character <b>' . $player->getName() . '</b>.');
-							echo $twig->render('success.html.twig', array(
-								'title' => 'Character Information Changed',
-								'description' => 'The character information has been changed.'
-							));
-							$show_form = false;
-						}
-					} else {
-						$errors[] = 'Error. Character <b>' . $player_name . '</b> is not on your account.';
-					}
-				} else {
-					$errors[] = "Error. Character with this name doesn't exist.";
-				}
-			} else {
-				$errors[] = 'Error. Name contain illegal characters.';
-			}
-		}
-		else {
-			$errors[] = 'Please enter character name.';
-		}
-		
-		if($show_form) {
-			if(!empty($errors)) {
-				echo $twig->render('error_box.html.twig', array('errors' => $errors));
-			}
-			
-			if(isset($player)) {
-				echo $twig->render('account.change_comment.html.twig', array(
-					'player' => $player
-				));
-			}
-		}
-	}
-
-	if($action == "changename") {
-		echo '<script type="text/javascript" src="tools/check_name.js"></script>';
-		
-		$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
-		$name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : NULL;
-		if((!$config['account_change_character_name']))
-			echo 'Changing character name for premium points is disabled on this server.';
-		else
-		{
-			$points = $account_logged->getCustomField('premium_points');
-			if(isset($_POST['changenamesave']) && $_POST['changenamesave'] == 1) {
-				if($points < $config['account_change_character_name_points'])
-					$errors[] = 'You need ' . $config['account_change_character_name_points'] . ' premium points to change name. You have <b>'.$points.'<b> premium points.';
-	
-				if(empty($errors) && empty($name))
-					$errors[] = 'Please enter a new name for your character!';
-				else if(strlen($name) > 25)
-					$errors[] = 'Name is too long. Max. lenght <b>25</b> letters.';
-				else if(strlen($name) < 3)
-					$errors[] = 'Name is too short. Min. lenght <b>3</b> letters.';
-				else {
-					$exist = new OTS_Player();
-					$exist->find($name);
-					if($exist->isLoaded()) {
-						$errors[] = 'Character with this name already exist.';
-					}
-				}
-				
-				if(empty($errors))
-				{
-					if(!admin() && !Validator::newCharacterName($name))
-						$errors[] = Validator::getLastError();
-				}
-				
-				if(empty($errors)) {
-					$player = new OTS_Player();
-					$player->load($player_id);
-					if($player->isLoaded()) {
-						$player_account = $player->getAccount();
-						if($account_logged->getId() == $player_account->getId()) {
-							if($player->isOnline()) {
-								$errors[] = 'This character is online.';
-							}
-							
-							if(empty($errors)) {
-								$show_form = false;
-								$old_name = $player->getName();
-								$player->setName($name);
-								$player->save();
-								$account_logged->setCustomField("premium_points", $points - $config['account_change_character_name_points']);
-								$account_logged->logAction('Changed name from <b>' . $old_name . '</b> to <b>' . $player->getName() . '</b>.');
-								echo $twig->render('success.html.twig', array(
-									'title' => 'Character Name Changed',
-									'description' => 'The character <b>'.$old_name.'</b> name has been changed to <b>' . $player->getName() . '</b>.'
-								));
-							}
-						}
-						else {
-							$errors[] = 'Character <b>' . $player_name . '</b> is not on your account.';
-						}
-					}
-					else {
-						$errors[] = "Character with this name doesn't exist.";
-					}
-				}
-			}
-
-			if($show_form) {
-				if(!empty($errors)) {
-					echo $twig->render('error_box.html.twig', array('errors' => $errors));
-				}
-				
-				echo $twig->render('account.change_name.html.twig', array(
-					'points' => $points,
-					'errors' => $errors
-					//'account_players' => $account_logged->getPlayersList()
-				));
-			}
-		}
-	}
-
-	if($action == "changesex") {
-		$sex_changed = false;
-		$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
-		$new_sex = isset($_POST['new_sex']) ? (int)$_POST['new_sex'] : NULL;
-		if((!$config['account_change_character_sex']))
-			echo 'You cant change your character sex';
-		else
-		{
-			$points = $account_logged->getCustomField('premium_points');
-			if(isset($_POST['changesexsave']) && $_POST['changesexsave'] == 1) {
-				if($points < $config['account_change_character_sex_points'])
-					$errors[] = 'You need ' . $config['account_change_character_sex_points'] . ' premium points to change sex. You have <b>'.$points.'</b> premium points.';
-	
-				if(empty($errors) && !isset($config['genders'][$new_sex])) {
-					$errors[] = 'This sex is invalid.';
-				}
-				
-				if(empty($errors)) {
-					$player = new OTS_Player();
-					$player->load($player_id);
-					
-					if($player->isLoaded()) {
-						$player_account = $player->getAccount();
-						
-						if($account_logged->getId() == $player_account->getId()) {
-							if($player->isOnline()) {
-								$errors[] = 'This character is online.';
-							}
-							
-							if(empty($errors) && $player->getSex() == $new_sex)
-								$errors[] = 'Sex cannot be same';
-							
-							if(empty($errors)) {
-								$sex_changed = true;
-								$old_sex = $player->getSex();
-								$player->setSex($new_sex);
-								
-								$old_sex_str = 'Unknown';
-								if(isset($config['genders'][$old_sex]))
-									$old_sex_str = $config['genders'][$old_sex];
-								
-								$new_sex_str = 'Unknown';
-								if(isset($config['genders'][$new_sex]))
-									$new_sex_str = $config['genders'][$new_sex];
-								
-								$player->save();
-								$account_logged->setCustomField("premium_points", $points - $config['account_change_character_name_points']);
-								$account_logged->logAction('Changed sex on character <b>' . $player->getName() . '</b> from <b>' . $old_sex_str . '</b> to <b>' . $new_sex_str . '</b>.');
-								echo $twig->render('success.html.twig', array(
-									'title' => 'Character Sex Changed',
-									'description' => 'The character <b>' . $player->getName() . '</b> sex has been changed to <b>' . $new_sex_str . '</b>.'
-								));
-							}
-						}
-						else {
-							$errors[] = 'Character <b>'.$player_name.'</b> is not on your account.';
-						}
-					}
-					else {
-						$errors[] = "Character with this name doesn't exist.";
-					}
-				}
-			}
-
-			if(!$sex_changed) {
-				if(!empty($errors)) {
-					echo $twig->render('error_box.html.twig', array('errors' => $errors));
-				}
-				echo $twig->render('account.change_sex.html.twig', array(
-					'players' => $account_logged->getPlayersList(),
-					'player_sex' => isset($player) ? $player->getSex() : -1,
-					'points' => $points
-				));
-			}
-		}
-	}
-//### DELETE character from account ###
-	if($action == "deletecharacter") {
-		$player_name = isset($_POST['delete_name']) ? stripslashes($_POST['delete_name']) : NULL;
-		$password_verify = isset($_POST['delete_password']) ? $_POST['delete_password'] : NULL;
-		$password_verify = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $password_verify);
-		if(isset($_POST['deletecharactersave']) && $_POST['deletecharactersave'] == 1) {
-			if(!empty($player_name) && !empty($password_verify)) {
-				if(Validator::characterName($player_name)) {
-					$player = new OTS_Player();
-					$player->find($player_name);
-					if($player->isLoaded()) {
-						$player_account = $player->getAccount();
-						if($account_logged->getId() == $player_account->getId()) {
-							if($password_verify == $account_logged->getPassword()) {
-								if(!$player->isOnline())
-								{
-								//dont show table "delete character" again
-								$show_form = false;
-								//delete player
-								if(fieldExist('deletion', 'players'))
-									$player->setCustomField('deletion', 1);
-								else
-									$player->setCustomField('deleted', 1);
-								$account_logged->logAction('Deleted character <b>' . $player->getName() . '</b>.');
-								echo $twig->render('success.html.twig', array(
-									'title' => 'Character Deleted',
-									'description' => 'The character <b>' . $player_name . '</b> has been deleted.'
-								));
-								}
-								else
-									$errors[] = 'This character is online.';
-							}
-							else {
-								$errors[] = 'Wrong password to account.';
-							}
-						}
-						else {
-							$errors[] = 'Character <b>'.$player_name.'</b> is not on your account.';
-						}
-					}
-					else {
-						$errors[] = 'Character with this name doesn\'t exist.';
-					}
-				}
-				else {
-					$errors[] = 'Name contain illegal characters.';
-				}
-			}
-			else {
-				$errors[] = 'Character name or/and password is empty. Please fill in form.';
-			}
-		}
-		if($show_form) {
-			if(!empty($errors)) {
-				echo $twig->render('error_box.html.twig', array('errors' => $errors));
-			}
-			echo $twig->render('account.delete_character.html.twig');
-		}
-	}
-
-//## CREATE CHARACTER on account ###
-	if($action == "createcharacter") {
-		echo '<script type="text/javascript" src="tools/check_name.js"></script>';
-		$newchar_name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : NULL;
-		$newchar_sex = isset($_POST['sex']) ? $_POST['sex'] : NULL;
-		$newchar_vocation = isset($_POST['vocation']) ? $_POST['vocation'] : NULL;
-		$newchar_town = isset($_POST['town']) ? $_POST['town'] : NULL;
-
-		$newchar_created = false;
-		$save = isset($_POST['save']) && $_POST['save'] == 1;
-		if($save) {
-			if(empty($newchar_name))
-				$errors['name'] = 'Please enter a name for your character!';
-			else if(strlen($newchar_name) > 25)
-				$errors['name'] = 'Name is too long. Max. lenght <b>25</b> letters.';
-			else if(strlen($newchar_name) < 3)
-				$errors['name'] = 'Name is too short. Min. lenght <b>3</b> letters.';
-			else {
-				if(!admin() && !Validator::newCharacterName($newchar_name)) {
-					$errors['name'] = Validator::getLastError();
-				}
-				
-				$exist = new OTS_Player();
-				$exist->find($newchar_name);
-				if($exist->isLoaded()) {
-					$errors['name'] = 'Character with this name already exist.';
-				}
-			}
-			
-			if(empty($newchar_sex) && $newchar_sex != "0")
-				$errors[] = 'Please select the sex for your character!';
-
-			if(count($config['character_samples']) > 1)
-			{
-				if(!isset($newchar_vocation))
-					$errors[] = 'Please select a vocation for your character.';
-			}
-			else
-				$newchar_vocation = $config['character_samples'][0];
-
-			if(count($config['character_towns']) > 1) {
-				if(!isset($newchar_town))
-					$errors[] = 'Please select a town for your character.';
-			}
-			else {
-				$newchar_town = $config['character_towns'][0];
-			}
-
-			if(empty($errors)) {
-				if(!isset($config['genders'][$newchar_sex]))
-					$errors[] = 'Sex is invalid.';
-				if(!in_array($newchar_town, $config['character_towns']))
-					$errors[] = 'Please select valid town.';
-				if(count($config['character_samples']) > 1)
-				{
-					$newchar_vocation_check = false;
-					foreach($config['character_samples'] as $char_vocation_key => $sample_char)
-						if($newchar_vocation == $char_vocation_key)
-							$newchar_vocation_check = true;
-					if(!$newchar_vocation_check)
-						$errors[] = 'Unknown vocation. Please fill in form again.';
-				}
-				else
-					$newchar_vocation = 0;
-			}
-
-			if(empty($errors))
-			{
-				$number_of_players_on_account = $account_logged->getPlayersList()->count();
-				if($number_of_players_on_account >= $config['characters_per_account'])
-					$errors[] = 'You have too many characters on your account <b>('.$number_of_players_on_account.'/'.$config['characters_per_account'].')</b>!';
-			}
-
-			if(empty($errors))
-			{
-				$char_to_copy_name = $config['character_samples'][$newchar_vocation];
-				$char_to_copy = new OTS_Player();
-				$char_to_copy->find($char_to_copy_name);
-				if(!$char_to_copy->isLoaded())
-					$errors[] = 'Wrong characters configuration. Try again or contact with admin. ADMIN: Edit file config/config.php and set valid characters to copy names. Character to copy: <b>'.$char_to_copy_name.'</b> doesn\'t exist.';
-			}
-
-			if(empty($errors))
-			{
-				if($newchar_sex == "0")
-					$char_to_copy->setLookType(136);
-				$player = $ots->createObject('Player');
-				$player->setName($newchar_name);
-				$player->setAccount($account_logged);
-				//$player->setGroupId($char_to_copy->getGroup()->getId());
-				$player->setGroupId(1);
-				$player->setSex($newchar_sex);
-				$player->setVocation($char_to_copy->getVocation());
-				if(fieldExist('promotion', 'players'))
-					$player->setPromotion($char_to_copy->getPromotion());
-			
-				if(fieldExist('direction', 'players'))
-					$player->setDirection($char_to_copy->getDirection());
-				
-				$player->setConditions($char_to_copy->getConditions());
-				$rank = $char_to_copy->getRank();
-				if($rank->isLoaded()) {
-					$player->setRank($char_to_copy->getRank());
-				}
-				
-				if(fieldExist('lookaddons', 'players'))
-					$player->setLookAddons($char_to_copy->getLookAddons());
-	
-				$player->setTownId($newchar_town);
-				$player->setExperience($char_to_copy->getExperience());
-				$player->setLevel($char_to_copy->getLevel());
-				$player->setMagLevel($char_to_copy->getMagLevel());
-				$player->setHealth($char_to_copy->getHealth());
-				$player->setHealthMax($char_to_copy->getHealthMax());
-				$player->setMana($char_to_copy->getMana());
-				$player->setManaMax($char_to_copy->getManaMax());
-				$player->setManaSpent($char_to_copy->getManaSpent());
-				$player->setSoul($char_to_copy->getSoul());
-
-				for($skill = POT::SKILL_FIRST; $skill <= POT::SKILL_LAST; $skill++)
-					$player->setSkill($skill, 10);
-
-				$player->setLookBody($char_to_copy->getLookBody());
-				$player->setLookFeet($char_to_copy->getLookFeet());
-				$player->setLookHead($char_to_copy->getLookHead());
-				$player->setLookLegs($char_to_copy->getLookLegs());
-				$player->setLookType($char_to_copy->getLookType());
-				$player->setCap($char_to_copy->getCap());
-				$player->setBalance(0);
-				$player->setPosX(0);
-				$player->setPosY(0);
-				$player->setPosZ(0);
-				$player->setStamina($config['otserv_version'] == TFS_03 ? 151200000 : 2520);
-				if(fieldExist('loss_experience', 'players')) {
-					$player->setLossExperience($char_to_copy->getLossExperience());
-					$player->setLossMana($char_to_copy->getLossMana());
-					$player->setLossSkills($char_to_copy->getLossSkills());
-				}
-				if(fieldExist('loss_items', 'players')) {
-					$player->setLossItems($char_to_copy->getLossItems());
-					$player->setLossContainers($char_to_copy->getLossContainers());
-				}
-					
-				$player->save();
-				$player->setCustomField("created", time());
-				
-				$newchar_created = true;
-				$account_logged->logAction('Created character <b>' . $player->getName() . '</b>.');
-				unset($player);
-				
-				$player = new OTS_Player();
-				$player->find($newchar_name);
-				
-				if($player->isLoaded()) {
-					if(tableExist('player_skills')) {
-						for($i=0; $i<7; $i++) {
-							$skillExists = $db->query('SELECT `skillid` FROM `player_skills` WHERE `player_id` = ' . $player->getId() . ' AND `skillid` = ' . $i);
-							if($skillExists->rowCount() <= 0) {
-								$db->query('INSERT INTO `player_skills` (`player_id`, `skillid`, `value`, `count`) VALUES ('.$player->getId().', '.$i.', 10, 0)');
-							}
-						}
-					}
-
-					$loaded_items_to_copy = $db->query("SELECT * FROM player_items WHERE player_id = ".$char_to_copy->getId()."");
-					foreach($loaded_items_to_copy as $save_item)
-						$db->query("INSERT INTO `player_items` (`player_id` ,`pid` ,`sid` ,`itemtype`, `count`, `attributes`) VALUES ('".$player->getId()."', '".$save_item['pid']."', '".$save_item['sid']."', '".$save_item['itemtype']."', '".$save_item['count']."', '".$save_item['attributes']."');");
-					
-					echo $twig->render('success.html.twig', array(
-						'title' => 'Character Created',
-						'description' => 'The character <b>' . $newchar_name . '</b> has been created.<br/>
-							Please select the outfit when you log in for the first time.<br/><br/>
-							<b>See you on ' . $config['lua']['serverName'] . '!</b>'
-					));
-				}
-				else
-				{
-					error("Error. Can't create character. Probably problem with database. Please try again later or contact with admin.");
-					return;
-				}
-			}
-		}
-
-		if(count($errors) > 0) {
-			echo $twig->render('error_box.html.twig', array('errors' => $errors));
-		}
-		
-		if(!$newchar_created) {
-			echo $twig->render('account.create_character.html.twig', array(
-				'name' => $newchar_name,
-				'sex' => $newchar_sex,
-				'vocation' => $newchar_vocation,
-				'town' => $newchar_town,
-				'save' => $save,
-				'errors' => $errors
-			));
-		}
 	}
 ?>

system/pages/admin/changelog.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/dashboard.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/login.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/logs.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/mailer.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/notepad.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/pages.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/phpinfo.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/players.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/plugins.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/statistics.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/tools.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/version.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/visitors.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/bans.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/bugtracker.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/changelog.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/characters.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/commands.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/createaccount.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/creatures.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -65,7 +65,12 @@ $canEdit = hasFlag(FLAG_CONTENT_MONSTERS) || admin();
 if(isset($_POST['reload_monsters']) && $canEdit)
 {
 	require LIBS . 'creatures.php';
-	Creatures::loadFromXML(true);
+	if(Creatures::loadFromXML(true))
+		if(Creatures::getMonstersList()->hasErrors())
+			error('There were some problems loading your monsters.xml file. Please check system/logs/error.log for more info.');
+	else {
+		error(Creatures::getLastError());
+	}
 }
 
 if($canEdit)

system/pages/downloads.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 $title = 'Downloads';

system/pages/experiencestages.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/experiencetable.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/faq.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/forum.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -240,144 +240,10 @@ if(empty($action))
 	return;
 }
 
-$links_to_pages = '';
+
-if($action == 'show_board')
+if($action == 'show_board' || $action == 'show_thread')
 {
-	$section_id = (int) $_REQUEST['id'];
+	require(PAGES . 'forum/' . $action . '.php');
-	$_page = (int) (isset($_REQUEST['page']) ? $_REQUEST['page'] : 0);
-	$threads_count = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS threads_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`section` = ".(int) $section_id." AND `" . TABLE_PREFIX . "forum`.`first_post` = `" . TABLE_PREFIX . "forum`.`id`")->fetch();
-	for($i = 0; $i < $threads_count['threads_count'] / $config['forum_threads_per_page']; $i++)
-	{
-		if($i != $_page)
-			$links_to_pages .= '<a href="' . getForumBoardLink($section_id, $i) . '">'.($i + 1).'</a> ';
-		else
-			$links_to_pages .= '<b>'.($i + 1).' </b>';
-	}
-	echo '<a href="' . getLink('forum') . '">Boards</a> >> <b>'.$sections[$section_id]['name'].'</b>';
-	if(!$sections[$section_id]['closed'] || Forum::isModerator())
-	{
-		echo '<br /><br />
-		<a href="?subtopic=forum&action=new_thread&section_id='.$section_id.'"><img src="images/forum/topic.gif" border="0" /></a>';
-	}
-
-	echo '<br /><br />Page: '.$links_to_pages.'<br />';
-	$last_threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`id`, `" . TABLE_PREFIX . "forum`.`last_post`, `" . TABLE_PREFIX . "forum`.`replies`, `" . TABLE_PREFIX . "forum`.`views`, `" . TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`section` = ".(int) $section_id." AND `" . TABLE_PREFIX . "forum`.`first_post` = `" . TABLE_PREFIX . "forum`.`id` ORDER BY `" . TABLE_PREFIX . "forum`.`last_post` DESC LIMIT ".$config['forum_threads_per_page']." OFFSET ".($_page * $config['forum_threads_per_page']))->fetchAll();
-	if(isset($last_threads[0]))
-	{
-		echo '<table width="100%"><tr bgcolor="'.$config['vdarkborder'].'" align="center"><td><font color="white" size="1"><b>Thread</b></font></td><td><font color="white" size="1"><b>Thread Starter</b></font></td><td><font color="white" size="1"><b>Replies</b></font></td><td><font color="white" size="1"><b>Views</b></font></td><td><font color="white" size="1"><b>Last Post</b></font></td></tr>';
-		
-		$player = new OTS_Player();
-		foreach($last_threads as $thread)
-		{
-			echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td>';
-			if(Forum::isModerator())
-			{
-				echo '<a href="?subtopic=forum&action=move_thread&id='.$thread['id'].'"\')"><span style="color:darkgreen">[MOVE]</span></a>';
-				echo '<a href="?subtopic=forum&action=remove_post&id='.$thread['id'].'" onclick="return confirm(\'Are you sure you want remove thread > '.$thread['post_topic'].' <?\')"><font color="red">[REMOVE]</font></a>  ';
-			}
-			
-			$player->load($thread['player_id']);
-			if(!$player->isLoaded()) {
-				error('Forum error: Player not loaded.');
-				die();
-			}
-
-			$player_account = $player->getAccount();
-			$canEditForum = $player_account->hasFlag(FLAG_CONTENT_FORUM) || $player_account->isAdmin();
-			
-			echo '<a href="' . getForumThreadLink($thread['id']) . '">'.($canEditForum ? $thread['post_topic'] : htmlspecialchars($thread['post_topic'])) . '</a><br /><small>'.($canEditForum ? substr(strip_tags($thread['post_text']), 0, 50) : htmlspecialchars(substr($thread['post_text'], 0, 50))).'...</small></td><td>' . getPlayerLink($thread['name']) . '</td><td>'.(int) $thread['replies'].'</td><td>'.(int) $thread['views'].'</td><td>';
-			if($thread['last_post'] > 0)
-			{
-				$last_post = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['id']." AND `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` ORDER BY `post_date` DESC LIMIT 1")->fetch();
-				if(isset($last_post['name']))
-					echo date('d.m.y H:i:s', $last_post['post_date']).'<br />by ' . getPlayerLink($last_post['name']);
-				else
-					echo 'No posts.';
-			}
-			else
-				echo date('d.m.y H:i:s', $thread['post_date']).'<br />by ' . getPlayerLink($thread['name']);
-			echo '</td></tr>';
-		}
-		echo '</table>';
-		if(!$sections[$section_id]['closed'] || Forum::isModerator())
-			echo '<br /><a href="?subtopic=forum&action=new_thread&section_id='.$section_id.'"><img src="images/forum/topic.gif" border="0" /></a>';
-	}
-	else
-		echo '<h3>No threads in this board.</h3>';
-	return;
-}
-if($action == 'show_thread')
-{
-	$thread_id = (int) $_REQUEST['id'];
-	$_page = (int) (isset($_REQUEST['page']) ? $_REQUEST['page'] : 0);
-	$thread_name = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_topic` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." AND `" . TABLE_PREFIX . "forum`.`id` = `" . TABLE_PREFIX . "forum`.`first_post` AND `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` LIMIT 1")->fetch();
-	if(!empty($thread_name['name']))
-	{
-		$posts_count = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id)->fetch();
-		for($i = 0; $i < $posts_count['posts_count'] / $config['forum_threads_per_page']; $i++)
-		{
-			if($i != $_page)
-				$links_to_pages .= '<a href="' . getForumThreadLink($thread_id, $i) . '">'.($i + 1).'</a> ';
-			else
-				$links_to_pages .= '<b>'.($i + 1).' </b>';
-		}
-		$threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `players`.`account_id`, `players`.`vocation`" . (fieldExist('promotion', 'players') ? ", `players`.`promotion`" : "") . ", `players`.`level`, `" . TABLE_PREFIX . "forum`.`id`,`" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`section`,`" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_date`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`last_edit_aid`, `" . TABLE_PREFIX . "forum`.`edit_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` LIMIT ".$config['forum_posts_per_page']." OFFSET ".($_page * $config['forum_posts_per_page']))->fetchAll();
-		if(isset($threads[0]['name']))
-			$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `views`=`views`+1 WHERE `id` = ".(int) $thread_id);
-		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($threads[0]['section']) . '">'.$sections[$threads[0]['section']]['name'].'</a> >> <b>'.$thread_name['post_topic'].'</b>';
-		echo '<br /><br /><a href="?subtopic=forum&action=new_post&thread_id='.$thread_id.'"><img src="images/forum/post.gif" border="0" /></a><br /><br />Page: '.$links_to_pages.'<br /><table width="100%"><tr bgcolor="'.$config['lightborder'].'" width="100%"><td colspan="2"><font size="4"><b>'.htmlspecialchars($thread_name['post_topic']).'</b></font><font size="1"><br />by ' . getPlayerLink($thread_name['name']) . '</font></td></tr><tr bgcolor="'.$config['vdarkborder'].'"><td width="200"><font color="white" size="1"><b>Author</b></font></td><td>&nbsp;</td></tr>';
-		$player = $ots->createObject('Player');
-		foreach($threads as $thread)
-		{
-			$player->load($thread['player_id']);
-			if(!$player->isLoaded()) {
-				error('Forum error: Player not loaded.');
-				die();
-			}
-		
-			echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td valign="top">' . getPlayerLink($thread['name']) . '<br /><br /><font size="1">Profession: '.$config['vocations'][$player->getVocation()].'<br />Level: '.$thread['level'].'<br />';
-	
-			$rank = $player->getRank();
-			if($rank->isLoaded())
-			{
-				$guild = $rank->getGuild();
-				if($guild->isLoaded())
-					echo $rank->getName().' of <a href="'.getGuildLink($guild->getName(), false).'">'.$guild->getName().'</a><br />';
-			}
-			$player_account = $player->getAccount();
-			$canEditForum = $player_account->hasFlag(FLAG_CONTENT_FORUM) || $player_account->isAdmin();
-			
-			$posts = $db->query("SELECT COUNT(`id`) AS 'posts' FROM `" . TABLE_PREFIX . "forum` WHERE `author_aid`=".(int) $thread['account_id'])->fetch();
-			echo '<br />Posts: '.(int) $posts['posts'].'<br /></font></td><td valign="top">'.showPost(($canEditForum ? $thread['post_topic'] : htmlspecialchars($thread['post_topic'])), ($canEditForum ? $thread['post_text'] : htmlspecialchars($thread['post_text'])), $thread['post_smile']).'</td></tr>
-			<tr bgcolor="'.getStyle($number_of_rows++).'"><td><font size="1">'.date('d.m.y H:i:s', $thread['post_date']);
-			if($thread['edit_date'] > 0)
-			{
-				if($thread['last_edit_aid'] != $thread['author_aid'])
-					echo '<br />Edited by moderator';
-				else
-					echo '<br />Edited by '.$thread['name'];
-				echo '<br />on '.date('d.m.y H:i:s', $thread['edit_date']);
-			}
-			echo '</font></td><td>';
-			if(Forum::isModerator())
-				if($thread['first_post'] != $thread['id'])
-					echo '<a href="?subtopic=forum&action=remove_post&id='.$thread['id'].'" onclick="return confirm(\'Are you sure you want remove post of '.$thread['name'].'?\')"><font color="red">REMOVE POST</font></a>';
-				else
-				{
-					echo '<a href="?subtopic=forum&action=move_thread&id='.$thread['id'].'"\')"><span style="color:darkgreen">[MOVE]</span></a>';
-					echo '<br/><a href="?subtopic=forum&action=remove_post&id='.$thread['id'].'" onclick="return confirm(\'Are you sure you want remove thread > '.$thread['post_topic'].' <?\')"><font color="red">REMOVE THREAD</font></a>';
-				}
-			if($logged && ($thread['account_id'] == $account_logged->getId() || Forum::isModerator()))
-				echo '<br/><a href="?subtopic=forum&action=edit_post&id='.$thread['id'].'">EDIT POST</a>';
-			if($logged)
-				echo '<br/><a href="?subtopic=forum&action=new_post&thread_id='.$thread_id.'&quote='.$thread['id'].'">Quote</a>';
-			echo '</td></tr>';
-		}
-		echo '</table><br /><a href="?subtopic=forum&action=new_post&thread_id='.$thread_id.'"><img src="images/forum/post.gif" border="0" /></a>';
-	}
-	else
-		echo 'Thread with this ID does not exits.';
-
 	return;
 }
 
@@ -387,387 +253,8 @@ if(!$logged)
 	return;
 }
 
-if($action == 'remove_post')
+if(file_exists(PAGES . 'forum/' . $action . '.php')) {
-{
+	require(PAGES . 'forum/' . $action . '.php');
-	if(Forum::isModerator())
-	{
-		$id = (int) $_REQUEST['id'];
-		$post = $db->query("SELECT `id`, `first_post`, `section` FROM `" . TABLE_PREFIX . "forum` WHERE `id` = ".$id." LIMIT 1")->fetch();
-		if($post['id'] == $id)
-		{
-			if($post['id'] == $post['first_post'])
-			{
-				$db->query("DELETE FROM `" . TABLE_PREFIX . "forum` WHERE `first_post` = ".$post['id']);
-				header('Location: ' . getForumBoardLink($post['section']));
-			}
-			else
-			{
-				$post_page = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`id` < ".$id." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $post['first_post'])->fetch();
-				$_page = (int) ceil($post_page['posts_count'] / $config['forum_threads_per_page']) - 1;
-				$db->query("DELETE FROM `" . TABLE_PREFIX . "forum` WHERE `id` = ".$post['id']);
-				header('Location: ' . getForumThreadLink($post['first_post'], (int) $_page));
-			}
-		}
-		else
-			echo 'Post with ID ' . $id . ' does not exist.';
-	}
-	else
-		echo 'You are not logged in or you are not moderator.';
-}
-if($action == 'new_post')
-{
-	if(Forum::canPost($account_logged))
-	{
-		$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
-		$thread_id = (int) $_REQUEST['thread_id'];
-		$thread = $db->query("SELECT `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`id`, `" . TABLE_PREFIX . "forum`.`section` FROM `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`id` = ".(int) $thread_id." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." LIMIT 1")->fetch();
-		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread_id) . '">'.$thread['post_topic'].'</a> >> <b>Post new reply</b><br /><h3>'.$thread['post_topic'].'</h3>';
-		if(isset($thread['id']))
-		{
-			$quote = isset($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : NULL;
-			$text = isset($_REQUEST['text']) ? stripslashes(trim($_REQUEST['text'])) : NULL;
-			$char_id = (int) (isset($_REQUEST['char_id']) ? $_REQUEST['char_id'] : 0);
-			$post_topic = isset($_REQUEST['topic']) ? stripslashes(trim($_REQUEST['topic'])) : '';
-			$smile = (int) (isset($_REQUEST['smile']) ? $_REQUEST['smile'] : 0);
-			$saved = false;
-			if(isset($_REQUEST['quote']))
-			{
-				$quoted_post = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`id` = ".(int) $quote)->fetchAll();
-				if(isset($quoted_post[0]['name']))
-					$text = '[i]Originally posted by '.$quoted_post[0]['name'].' on '.date('d.m.y H:i:s', $quoted_post[0]['post_date']).':[/i][quote]'.$quoted_post[0]['post_text'].'[/quote]';
-			}
-			elseif(isset($_REQUEST['save']))
-			{
-				$lenght = 0;
-				for($i = 0; $i < strlen($text); $i++)
-				{
-					if(ord($text[$i]) >= 33 && ord($text[$i]) <= 126)
-						$lenght++;
-				}
-				if($lenght < 1 || strlen($text) > 15000)
-					$errors[] = 'Too short or too long post (short: '.$lenght.' long: '.strlen($text).' letters). Minimum 1 letter, maximum 15000 letters.';
-				if($char_id == 0)
-					$errors[] = 'Please select a character.';
-				$player_on_account = false;
-				if(count($errors) == 0)
-				{
-					foreach($players_from_account as $player)
-						if($char_id == $player['id'])
-							$player_on_account = true;
-					if(!$player_on_account)
-						$errors[] = 'Player with selected ID '.$char_id.' doesn\'t exist or isn\'t on your account';
-				}
-				if(count($errors) == 0)
-				{
-					$last_post = 0;
-					$query = $db->query('SELECT post_date FROM ' . TABLE_PREFIX . 'forum ORDER BY post_date DESC LIMIT 1');
-					if($query->rowCount() > 0)
-					{
-						$query = $query->fetch();
-						$last_post = $query['post_date'];
-					}
-					if($last_post+$config['forum_post_interval']-time() > 0 && !Forum::isModerator())
-						$errors[] = 'You can post one time per '.$config['forum_post_interval'].' seconds. Next post after '.($last_post+$config['forum_post_interval']-time()).' second(s).';
-				}
-				if(count($errors) == 0)
-				{
-					$saved = true;
-					$db->query("INSERT INTO `" . TABLE_PREFIX . "forum` (`id` ,`first_post` ,`last_post` ,`section` ,`replies` ,`views` ,`author_aid` ,`author_guid` ,`post_text` ,`post_topic` ,`post_smile` ,`post_date` ,`last_edit_aid` ,`edit_date`, `post_ip`) VALUES (NULL, '".$thread['id']."', '0', '".$thread['section']."', '0', '0', '".$account_logged->getId()."', '".(int) $char_id."', ".$db->quote($text).", ".$db->quote($post_topic).", '".(int) $smile."', '".time()."', '0', '0', '".$_SERVER['REMOTE_ADDR']."')");
-					$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `replies`=`replies`+1, `last_post`=".time()." WHERE `id` = ".(int) $thread_id);
-					$post_page = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`post_date` <= ".time()." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['id'])->fetch();
-					$_page = (int) ceil($post_page['posts_count'] / $config['forum_threads_per_page']) - 1;
-					header('Location: ' . getForumThreadLink($thread_id, $_page));
-					echo '<br />Thank you for posting.<br /><a href="' . getForumThreadLink($thread_id, $_page) . '">GO BACK TO LAST THREAD</a>';
-				}
-			}
-			if(!$saved)
-			{
-				if(!empty($errors))
-					echo $twig->render('error_box.html.twig', array('errors' => $errors));
-
-				echo '<form action="?" method="POST">
-					<input type="hidden" name="action" value="new_post" />
-					<input type="hidden" name="thread_id" value="'.$thread_id.'" />
-					<input type="hidden" name="subtopic" value="forum" />
-					<input type="hidden" name="save" value="save" />
-					<table width="100%">
-						<tr bgcolor="'.$config['vdarkborder'].'">
-							<td colspan="2"><font color="white"><b>Post New Reply</b></font></td>
-						</tr>
-						<tr bgcolor="'.$config['darkborder'].'">
-							<td width="180"><b>Character:</b></td>
-							<td>
-								<select name="char_id">
-									<option value="0">(Choose character)</option>';
-				foreach($players_from_account as $player)
-				{
-					echo '<option value="'.$player['id'].'"';
-					if($player['id'] == $char_id)
-						echo ' selected="selected"';
-					echo '>'.$player['name'].'</option>';
-				}
-				echo '</select></td></tr><tr bgcolor="'.$config['lightborder'].'"><td><b>Topic:</b></td><td><input type="text" name="topic" value="'.htmlspecialchars($post_topic).'" size="40" maxlength="60" /> (Optional)</td></tr>
-				<tr bgcolor="'.$config['darkborder'].'"><td valign="top"><b>Message:</b><font size="1"><br />You can use:<br />[player]Nick[/player]<br />[url]http://address.com/[/url]<br />[img]http://images.com/images3.gif[/img]<br />[code]Code[/code]<br />[b]<b>Text</b>[/b]<br />[i]<i>Text</i>[/i]<br />[u]<u>Text</u>[/u]<br />and smileys:<br />;) , :) , :D , :( , :rolleyes:<br />:cool: , :eek: , :o , :p</font></td><td><textarea rows="10" cols="60" name="text">'.htmlspecialchars($text).'</textarea><br />(Max. 15,000 letters)</td></tr>
-				<tr bgcolor="'.$config['lightborder'].'"><td valign="top">Options:</td><td><label><input type="checkbox" name="smile" value="1"';
-				if($smile == 1)
-					echo ' checked="checked"';
-				echo '/>Disable Smileys in This Post </label></td></tr></table><center><input type="submit" value="Post Reply" /></center></form>';
-				$threads = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_smile` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` DESC LIMIT 10")->fetchAll();
-				echo '<table width="100%"><tr bgcolor="'.$config['vdarkborder'].'"><td colspan="2"><font color="white"><b>Last 5 posts from thread: '.$thread['post_topic'].'</b></font></td></tr>';
-				foreach($threads as $thread)
-				{
-					echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td>'.$thread['name'].'</td><td>'.showPost($thread['post_topic'], $thread['post_text'], $thread['post_smile']).'</td></tr>';
-				}
-				echo '</table>';
-			}
-		}
-		else
-			echo 'Thread with ID '.$thread_id.' doesn\'t exist.';
-	}
-	else
-		echo "Your account is banned, deleted or you don't have any player with level " . $config['forum_level_required'] . " on your account. You can't post.";
-}
-
-if($action == 'edit_post')
-{
-	if(Forum::canPost($account_logged))
-	{
-		$post_id = (int) $_REQUEST['id'];
-		$thread = $db->query("SELECT `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_date`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`id`, `" . TABLE_PREFIX . "forum`.`section` FROM `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`id` = ".(int) $post_id." LIMIT 1")->fetch();
-		if(isset($thread['id']))
-		{
-			$first_post = $db->query("SELECT `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`id`, `" . TABLE_PREFIX . "forum`.`section` FROM `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`id` = ".(int) $thread['first_post']." LIMIT 1")->fetch();
-			echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread['first_post']) . '">'.$first_post['post_topic'].'</a> >> <b>Edit post</b>';
-			if($account_logged->getId() == $thread['author_aid'] || Forum::isModerator())
-			{
-				$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
-				$saved = false;
-				if(isset($_REQUEST['save']))
-				{
-					$text = stripslashes(trim($_REQUEST['text']));
-					$char_id = (int) $_REQUEST['char_id'];
-					$post_topic = stripslashes(trim($_REQUEST['topic']));
-					$smile = (int) $_REQUEST['smile'];
-					$lenght = 0;
-					for($i = 0; $i <= strlen($post_topic); $i++)
-					{
-						if(ord($post_topic[$i]) >= 33 && ord($post_topic[$i]) <= 126)
-							$lenght++;
-					}
-					if(($lenght < 1 || strlen($post_topic) > 60) && $thread['id'] == $thread['first_post'])
-						$errors[] = 'Too short or too long topic (short: '.$lenght.' long: '.strlen($post_topic).' letters). Minimum 1 letter, maximum 60 letters.';
-					$lenght = 0;
-					for($i = 0; $i <= strlen($text); $i++)
-					{
-						if(ord($text[$i]) >= 33 && ord($text[$i]) <= 126)
-							$lenght++;
-					}
-					if($lenght < 1 || strlen($text) > 15000)
-						$errors[] = 'Too short or too long post (short: '.$lenght.' long: '.strlen($text).' letters). Minimum 1 letter, maximum 15000 letters.';
-					if($char_id == 0)
-						$errors[] = 'Please select a character.';
-					if(empty($post_topic) && $thread['id'] == $thread['first_post'])
-						$errors[] = 'Thread topic can\'t be empty.';
-					$player_on_account == false;
-					if(count($errors) == 0)
-					{
-						foreach($players_from_account as $player)
-							if($char_id == $player['id'])
-								$player_on_account = true;
-						if(!$player_on_account)
-							$errors[] = 'Player with selected ID '.$char_id.' doesn\'t exist or isn\'t on your account';
-					}
-					if(count($errors) == 0)
-					{
-						$saved = true;
-						if($account_logged->getId() != $thread['author_aid'])
-							$char_id = $thread['author_guid'];
-						$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `author_guid` = ".(int) $char_id.", `post_text` = ".$db->quote($text).", `post_topic` = ".$db->quote($post_topic).", `post_smile` = ".(int) $smile.", `last_edit_aid` = ".(int) $account_logged->getId().",`edit_date` = ".time()." WHERE `id` = ".(int) $thread['id']);
-						$post_page = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`post_date` <= ".$thread['post_date']." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['first_post'])->fetch();
-						$_page = (int) ceil($post_page['posts_count'] / $config['forum_threads_per_page']) - 1;
-						header('Location: ' . getForumThreadLink($thread['first_post'], $_page));
-						echo '<br />Thank you for editing post.<br /><a href="' . getForumThreadLink($thread['first_post'], $_page) . '">GO BACK TO LAST THREAD</a>';
-					}
-				}
-				else
-				{
-					$text = $thread['post_text'];
-					$char_id = (int) $thread['author_guid'];
-					$post_topic = $thread['post_topic'];
-					$smile = (int) $thread['post_smile'];
-				}
-				if(!$saved)
-				{
-					if(!empty($errors))
-						echo $twig->render('error_box.html.twig', array('errors' => $errors));
-
-					echo '<br /><form action="?" method="POST"><input type="hidden" name="action" value="edit_post" /><input type="hidden" name="id" value="'.$post_id.'" /><input type="hidden" name="subtopic" value="forum" /><input type="hidden" name="save" value="save" /><table width="100%"><tr bgcolor="'.$config['vdarkborder'].'"><td colspan="2"><font color="white"><b>Edit Post</b></font></td></tr><tr bgcolor="'.$config['darkborder'].'"><td width="180"><b>Character:</b></td><td><select name="char_id"><option value="0">(Choose character)</option>';
-					foreach($players_from_account as $player)
-					{
-						echo '<option value="'.$player['id'].'"';
-						if($player['id'] == $char_id)
-							echo ' selected="selected"';
-						echo '>'.$player['name'].'</option>';
-					}
-					echo '</select></td></tr><tr bgcolor="'.$config['lightborder'].'"><td><b>Topic:</b></td><td><input type="text" value="'.htmlspecialchars($post_topic).'" name="topic" size="40" maxlength="60" /> (Optional)</td></tr>
-					<tr bgcolor="'.$config['darkborder'].'"><td valign="top"><b>Message:</b><font size="1"><br />You can use:<br />[player]Nick[/player]<br />[url]http://address.com/[/url]<br />[img]http://images.com/images3.gif[/img]<br />[code]Code[/code]<br />[b]<b>Text</b>[/b]<br />[i]<i>Text</i>[/i]<br />[u]<u>Text</u>[/u]<br />and smileys:<br />;) , :) , :D , :( , :rolleyes:<br />:cool: , :eek: , :o , :p</font></td><td><textarea rows="10" cols="60" name="text">'.htmlspecialchars($text).'</textarea><br />(Max. 15,000 letters)</td></tr>
-					<tr bgcolor="'.$config['lightborder'].'"><td valign="top">Options:</td><td><label><input type="checkbox" name="smile" value="1"';
-					if($smile == 1)
-						echo ' checked="checked"';
-					echo '/>Disable Smileys in This Post </label></td></tr></table><center><input type="submit" value="Save Post" /></center></form>';
-				}
-			}
-			else
-				echo '<br />You are not an author of this post.';
-		}
-		else
-			echo '<br />Post with ID '.$post_id.' doesn\'t exist.';
-	}
-	else
-		echo '<br />Your account is banned, deleted or you don\'t have any player with level '.$config['forum_level_required'].' on your account. You can\'t post.';
-}
-
-if($action == 'new_thread')
-{
-	if(Forum::canPost($account_logged))
-	{
-		$players_from_account = $db->query('SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = '.(int) $account_logged->getId())->fetchAll();
-		$section_id = isset($_REQUEST['section_id']) ? $_REQUEST['section_id'] : null;
-		if($section_id !== null) {
-			echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($section_id) . '">' . $sections[$section_id]['name'] . '</a> >> <b>Post new thread</b><br />';
-			if (isset($sections[$section_id]['name'])) {
-				if ($sections[$section_id]['closed'] && !Forum::isModerator())
-					$errors[] = 'You cannot create topic on this board.';
-				
-				$quote = (int)(isset($_REQUEST['quote']) ? $_REQUEST['quote'] : 0);
-				$text = isset($_REQUEST['text']) ? stripslashes($_REQUEST['text']) : '';
-				$char_id = (int)(isset($_REQUEST['char_id']) ? $_REQUEST['char_id'] : 0);
-				$post_topic = isset($_REQUEST['topic']) ? stripslashes($_REQUEST['topic']) : '';
-				$smile = (int)(isset($_REQUEST['smile']) ? $_REQUEST['smile'] : 0);
-				$saved = false;
-				if (isset($_REQUEST['save'])) {
-					$errors = array();
-					
-					$lenght = 0;
-					for ($i = 0; $i < strlen($post_topic); $i++) {
-						if (ord($post_topic[$i]) >= 33 && ord($post_topic[$i]) <= 126)
-							$lenght++;
-					}
-					if ($lenght < 1 || strlen($post_topic) > 60)
-						$errors[] = 'Too short or too long topic (short: ' . $lenght . ' long: ' . strlen($post_topic) . ' letters). Minimum 1 letter, maximum 60 letters.';
-					$lenght = 0;
-					for ($i = 0; $i < strlen($text); $i++) {
-						if (ord($text[$i]) >= 33 && ord($text[$i]) <= 126)
-							$lenght++;
-					}
-					if ($lenght < 1 || strlen($text) > 15000)
-						$errors[] = 'Too short or too long post (short: ' . $lenght . ' long: ' . strlen($text) . ' letters). Minimum 1 letter, maximum 15000 letters.';
-					
-					if ($char_id == 0)
-						$errors[] = 'Please select a character.';
-					$player_on_account = false;
-					
-					if (count($errors) == 0) {
-						foreach ($players_from_account as $player)
-							if ($char_id == $player['id'])
-								$player_on_account = true;
-						if (!$player_on_account)
-							$errors[] = 'Player with selected ID ' . $char_id . ' doesn\'t exist or isn\'t on your account';
-					}
-					
-					if (count($errors) == 0) {
-						$last_post = 0;
-						$query = $db->query('SELECT `post_date` FROM `' . TABLE_PREFIX . 'forum` ORDER BY `post_date` DESC LIMIT 1');
-						if ($query->rowCount() > 0) {
-							$query = $query->fetch();
-							$last_post = $query['post_date'];
-						}
-						if ($last_post + $config['forum_post_interval'] - time() > 0 && !Forum::isModerator())
-							$errors[] = 'You can post one time per ' . $config['forum_post_interval'] . ' seconds. Next post after ' . ($last_post + $config['forum_post_interval'] - time()) . ' second(s).';
-					}
-					if (count($errors) == 0) {
-						$saved = true;
-						$db->query("INSERT INTO `" . TABLE_PREFIX . "forum` (`first_post` ,`last_post` ,`section` ,`replies` ,`views` ,`author_aid` ,`author_guid` ,`post_text` ,`post_topic` ,`post_smile` ,`post_date` ,`last_edit_aid` ,`edit_date`, `post_ip`) VALUES ('0', '" . time() . "', '" . (int)$section_id . "', '0', '0', '" . $account_logged->getId() . "', '" . (int)$char_id . "', " . $db->quote($text) . ", " . $db->quote($post_topic) . ", '" . (int)$smile . "', '" . time() . "', '0', '0', '" . $_SERVER['REMOTE_ADDR'] . "')");
-						$thread_id = $db->lastInsertId();
-						$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `first_post`=" . (int)$thread_id . " WHERE `id` = " . (int)$thread_id);
-						header('Location: ' . getForumThreadLink($thread_id));
-						echo '<br />Thank you for posting.<br /><a href="' . getForumThreadLink($thread_id) . '">GO BACK TO LAST THREAD</a>';
-					}
-				}
-				if (!$saved) {
-					if (!empty($errors))
-						echo $twig->render('error_box.html.twig', array('errors' => $errors));
-					
-					echo $twig->render('forum.new_thread.html.twig', array(
-						'section_id' => $section_id,
-						'players' => $players_from_account,
-						'post_player_id' => $char_id,
-						'post_thread' => $post_topic,
-						'text' => $text,
-						'smiles_enabled' => $smile > 0
-					));
-				}
-			}
-			else
-				echo 'Board with ID ' . $board_id . ' doesn\'t exist.';
-		}
-		else
-			echo 'Please enter section_id.';
-	}
-	else
-		echo 'Your account is banned, deleted or you don\'t have any player with level '.$config['forum_level_required'].' on your account. You can\'t post.';
-}
-
-//Board Change Function. Scripted by Cybermaster and Absolute Mango
-if($action == 'move_thread')
-{
-	if(Forum::isModerator())
-	{
-		$id = (int) $_REQUEST['id'];
-		$post = $db->query("SELECT `id`, `section`, `first_post`, `post_topic`, `author_guid` FROM `" . TABLE_PREFIX . "forum` WHERE `id` = ".$id." LIMIT 1")->fetch();
-		$name= $db->query("SELECT `name` FROM `players` WHERE `id` = ".$post['author_guid']." ")->fetch();
-		if($post['id'] == $id)
-		{
-			if($post['id'] == $post['first_post'])
-			{
-				echo $twig->render('forum.move_thread.html.twig', array(
-					'thread' => $post['post_topic'],
-					'author' => $name[0],
-					'board' => $sections[$post['section']]['name'],
-					'post_id' => $post['id'],
-					'sections' => $sections,
-					'section_link' => getForumBoardLink($post['section']),
-				));
-			}
-		}
-		else
-			echo 'Post with ID '.$id.' does not exist.';
-	}
-	else
-		echo 'You are not logged in or you are not moderator.';
-}
-
-if($action == 'moved_thread')
-{
-	if(Forum::isModerator())
-	{
-		$id = (int) $_REQUEST['id'];
-		$board = (int) $_REQUEST['section'];
-		$post = $db->query("SELECT `id`, `first_post`, `section` FROM `" . TABLE_PREFIX . "forum` WHERE `id` = ".$id." LIMIT 1")->fetch();
-		if($post['id'] == $id)
-		{
-			if($post['id'] == $post['first_post'])
-			{
-				$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `section` = ".$board." WHERE `id` = ".$post['id']."") or die(mysql_error());
-				$nPost = $db->query( 'SELECT `section` FROM `' . TABLE_PREFIX . 'forum` WHERE `id` = \''.$id.'\' LIMIT 1;' )->fetch();
-				header('Location: ' . getForumBoardLink($nPost['section']));
-			}
-		}
-		else
-			echo 'Post with ID ' . $id . ' does not exist.';
-	}
-	else
-		echo 'You are not logged in or you are not moderator.';
 }
 
 class Forum

system/pages/forum/edit_post.php

@@ -0,0 +1,113 @@
+<?php
+/**
+ * Edit forum post
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+if(Forum::canPost($account_logged))
+{
+	$post_id = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : false;
+	if(!$post_id) {
+		echo 'Please enter post id.';
+		return;
+	}
+	
+	$thread = $db->query("SELECT `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_date`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`id`, `" . TABLE_PREFIX . "forum`.`section` FROM `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`id` = ".$post_id." LIMIT 1")->fetch();
+	if(isset($thread['id']))
+	{
+		$first_post = $db->query("SELECT `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`id`, `" . TABLE_PREFIX . "forum`.`section` FROM `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`id` = ".(int) $thread['first_post']." LIMIT 1")->fetch();
+		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread['first_post']) . '">'.$first_post['post_topic'].'</a> >> <b>Edit post</b>';
+		if($account_logged->getId() == $thread['author_aid'] || Forum::isModerator())
+		{
+			$char_id = $post_topic = $text = $smile = null;
+			$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
+			$saved = false;
+			if(isset($_REQUEST['save']))
+			{
+				$text = stripslashes(trim($_REQUEST['text']));
+				$char_id = (int) $_REQUEST['char_id'];
+				$post_topic = stripslashes(trim($_REQUEST['topic']));
+				$smile = (int) $_REQUEST['smile'];
+				$lenght = 0;
+				for($i = 0; $i <= strlen($post_topic); $i++)
+				{
+					if(ord($post_topic[$i]) >= 33 && ord($post_topic[$i]) <= 126)
+						$lenght++;
+				}
+				if(($lenght < 1 || strlen($post_topic) > 60) && $thread['id'] == $thread['first_post'])
+					$errors[] = 'Too short or too long topic (short: '.$lenght.' long: '.strlen($post_topic).' letters). Minimum 1 letter, maximum 60 letters.';
+				$lenght = 0;
+				for($i = 0; $i <= strlen($text); $i++)
+				{
+					if(ord($text[$i]) >= 33 && ord($text[$i]) <= 126)
+						$lenght++;
+				}
+				
+				if($lenght < 1 || strlen($text) > 15000)
+					$errors[] = 'Too short or too long post (short: '.$lenght.' long: '.strlen($text).' letters). Minimum 1 letter, maximum 15000 letters.';
+				if($char_id == 0)
+					$errors[] = 'Please select a character.';
+				if(empty($post_topic) && $thread['id'] == $thread['first_post'])
+					$errors[] = 'Thread topic can\'t be empty.';
+				
+				$player_on_account == false;
+				
+				if(count($errors) == 0)
+				{
+					foreach($players_from_account as $player)
+						if($char_id == $player['id'])
+							$player_on_account = true;
+					if(!$player_on_account)
+						$errors[] = 'Player with selected ID '.$char_id.' doesn\'t exist or isn\'t on your account';
+				}
+				
+				if(count($errors) == 0) {
+					$saved = true;
+					if($account_logged->getId() != $thread['author_aid'])
+						$char_id = $thread['author_guid'];
+					$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `author_guid` = ".(int) $char_id.", `post_text` = ".$db->quote($text).", `post_topic` = ".$db->quote($post_topic).", `post_smile` = ".(int) $smile.", `last_edit_aid` = ".(int) $account_logged->getId().",`edit_date` = ".time()." WHERE `id` = ".(int) $thread['id']);
+					$post_page = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`post_date` <= ".$thread['post_date']." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['first_post'])->fetch();
+					$_page = (int) ceil($post_page['posts_count'] / $config['forum_threads_per_page']) - 1;
+					header('Location: ' . getForumThreadLink($thread['first_post'], $_page));
+					echo '<br />Thank you for editing post.<br /><a href="' . getForumThreadLink($thread['first_post'], $_page) . '">GO BACK TO LAST THREAD</a>';
+				}
+			}
+			else {
+				$text = $thread['post_text'];
+				$char_id = (int) $thread['author_guid'];
+				$post_topic = $thread['post_topic'];
+				$smile = (int) $thread['post_smile'];
+			}
+			
+			if(!$saved)
+			{
+				if(!empty($errors))
+					echo $twig->render('error_box.html.twig', array('errors' => $errors));
+				
+				echo $twig->render('forum.edit_post.html.twig', array(
+					'post_id' => $post_id,
+					'players' => $players_from_account,
+					'player_id' => $char_id,
+					'topic' => htmlspecialchars($post_topic),
+					'text' => htmlspecialchars($text),
+					'smile' => $smile
+				));
+			}
+		}
+		else
+			echo '<br/>You are not an author of this post.';
+	}
+	else
+		echo '<br/>Post with ID '.$post_id.' doesn\'t exist.';
+}
+else
+	echo '<br/>Your account is banned, deleted or you don\'t have any player with level '.$config['forum_level_required'].' on your account. You can\'t post.';
+
+?>

system/pages/forum/move_thread.php

@@ -0,0 +1,52 @@
+<?php
+/**
+ * Move forum thread (for moderator)
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$save = isset($_REQUEST['save']) ? (int)$_REQUEST['save'] == 1 : false;
+if($save) {
+	if (Forum::isModerator()) {
+		$id = (int)$_REQUEST['id'];
+		$board = (int)$_REQUEST['section'];
+		$post = $db->query("SELECT `id`, `first_post`, `section` FROM `" . TABLE_PREFIX . "forum` WHERE `id` = " . $id . " LIMIT 1")->fetch();
+		if ($post['id'] == $id) {
+			if ($post['id'] == $post['first_post']) {
+				$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `section` = " . $board . " WHERE `id` = " . $post['id'] . "") or die(mysql_error());
+				$nPost = $db->query('SELECT `section` FROM `' . TABLE_PREFIX . 'forum` WHERE `id` = \'' . $id . '\' LIMIT 1;')->fetch();
+				header('Location: ' . getForumBoardLink($nPost['section']));
+			}
+		} else
+			echo 'Post with ID ' . $id . ' does not exist.';
+	} else
+		echo 'You are not logged in or you are not moderator.';
+}
+else {
+	if (Forum::isModerator()) {
+		$id = (int)$_REQUEST['id'];
+		$post = $db->query("SELECT `id`, `section`, `first_post`, `post_topic`, `author_guid` FROM `" . TABLE_PREFIX . "forum` WHERE `id` = " . $id . " LIMIT 1")->fetch();
+		$name = $db->query("SELECT `name` FROM `players` WHERE `id` = " . $post['author_guid'] . " ")->fetch();
+		if ($post['id'] == $id) {
+			if ($post['id'] == $post['first_post']) {
+				echo $twig->render('forum.move_thread.html.twig', array(
+					'thread' => $post['post_topic'],
+					'author' => $name[0],
+					'board' => $sections[$post['section']]['name'],
+					'post_id' => $post['id'],
+					'sections' => $sections,
+					'section_link' => getForumBoardLink($post['section']),
+				));
+			}
+		} else
+			echo 'Post with ID ' . $id . ' does not exist.';
+	} else
+		echo 'You are not logged in or you are not moderator.';
+}
+?>

system/pages/forum/new_post.php

@@ -0,0 +1,125 @@
+<?php
+/**
+ * New forum post
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+if(Forum::canPost($account_logged))
+{
+	$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
+	$thread_id = (int) $_REQUEST['thread_id'];
+	$thread = $db->query("SELECT `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`id`, `" . TABLE_PREFIX . "forum`.`section` FROM `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`id` = ".(int) $thread_id." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." LIMIT 1")->fetch();
+	echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread_id) . '">'.$thread['post_topic'].'</a> >> <b>Post new reply</b><br /><h3>'.$thread['post_topic'].'</h3>';
+	if(isset($thread['id']))
+	{
+		$quote = isset($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : NULL;
+		$text = isset($_REQUEST['text']) ? stripslashes(trim($_REQUEST['text'])) : NULL;
+		$char_id = (int) (isset($_REQUEST['char_id']) ? $_REQUEST['char_id'] : 0);
+		$post_topic = isset($_REQUEST['topic']) ? stripslashes(trim($_REQUEST['topic'])) : '';
+		$smile = (int) (isset($_REQUEST['smile']) ? $_REQUEST['smile'] : 0);
+		$saved = false;
+		if(isset($_REQUEST['quote']))
+		{
+			$quoted_post = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`id` = ".(int) $quote)->fetchAll();
+			if(isset($quoted_post[0]['name']))
+				$text = '[i]Originally posted by '.$quoted_post[0]['name'].' on '.date('d.m.y H:i:s', $quoted_post[0]['post_date']).':[/i][quote]'.$quoted_post[0]['post_text'].'[/quote]';
+		}
+		elseif(isset($_REQUEST['save']))
+		{
+			$lenght = 0;
+			for($i = 0; $i < strlen($text); $i++)
+			{
+				if(ord($text[$i]) >= 33 && ord($text[$i]) <= 126)
+					$lenght++;
+			}
+			if($lenght < 1 || strlen($text) > 15000)
+				$errors[] = 'Too short or too long post (short: '.$lenght.' long: '.strlen($text).' letters). Minimum 1 letter, maximum 15000 letters.';
+			if($char_id == 0)
+				$errors[] = 'Please select a character.';
+			$player_on_account = false;
+			if(count($errors) == 0)
+			{
+				foreach($players_from_account as $player)
+					if($char_id == $player['id'])
+						$player_on_account = true;
+				if(!$player_on_account)
+					$errors[] = 'Player with selected ID '.$char_id.' doesn\'t exist or isn\'t on your account';
+			}
+			if(count($errors) == 0)
+			{
+				$last_post = 0;
+				$query = $db->query('SELECT post_date FROM ' . TABLE_PREFIX . 'forum ORDER BY post_date DESC LIMIT 1');
+				if($query->rowCount() > 0)
+				{
+					$query = $query->fetch();
+					$last_post = $query['post_date'];
+				}
+				if($last_post+$config['forum_post_interval']-time() > 0 && !Forum::isModerator())
+					$errors[] = 'You can post one time per '.$config['forum_post_interval'].' seconds. Next post after '.($last_post+$config['forum_post_interval']-time()).' second(s).';
+			}
+			if(count($errors) == 0)
+			{
+				$saved = true;
+				$db->query("INSERT INTO `" . TABLE_PREFIX . "forum` (`id` ,`first_post` ,`last_post` ,`section` ,`replies` ,`views` ,`author_aid` ,`author_guid` ,`post_text` ,`post_topic` ,`post_smile` ,`post_date` ,`last_edit_aid` ,`edit_date`, `post_ip`) VALUES (NULL, '".$thread['id']."', '0', '".$thread['section']."', '0', '0', '".$account_logged->getId()."', '".(int) $char_id."', ".$db->quote($text).", ".$db->quote($post_topic).", '".(int) $smile."', '".time()."', '0', '0', '".$_SERVER['REMOTE_ADDR']."')");
+				$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `replies`=`replies`+1, `last_post`=".time()." WHERE `id` = ".(int) $thread_id);
+				$post_page = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`post_date` <= ".time()." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['id'])->fetch();
+				$_page = (int) ceil($post_page['posts_count'] / $config['forum_threads_per_page']) - 1;
+				header('Location: ' . getForumThreadLink($thread_id, $_page));
+				echo '<br />Thank you for posting.<br /><a href="' . getForumThreadLink($thread_id, $_page) . '">GO BACK TO LAST THREAD</a>';
+			}
+		}
+		if(!$saved)
+		{
+			if(!empty($errors))
+				echo $twig->render('error_box.html.twig', array('errors' => $errors));
+			
+			echo '<form action="?" method="POST">
+					<input type="hidden" name="action" value="new_post" />
+					<input type="hidden" name="thread_id" value="'.$thread_id.'" />
+					<input type="hidden" name="subtopic" value="forum" />
+					<input type="hidden" name="save" value="save" />
+					<table width="100%">
+						<tr bgcolor="'.$config['vdarkborder'].'">
+							<td colspan="2"><font color="white"><b>Post New Reply</b></font></td>
+						</tr>
+						<tr bgcolor="'.$config['darkborder'].'">
+							<td width="180"><b>Character:</b></td>
+							<td>
+								<select name="char_id">
+									<option value="0">(Choose character)</option>';
+			foreach($players_from_account as $player)
+			{
+				echo '<option value="'.$player['id'].'"';
+				if($player['id'] == $char_id)
+					echo ' selected="selected"';
+				echo '>'.$player['name'].'</option>';
+			}
+			echo '</select></td></tr><tr bgcolor="'.$config['lightborder'].'"><td><b>Topic:</b></td><td><input type="text" name="topic" value="'.htmlspecialchars($post_topic).'" size="40" maxlength="60" /> (Optional)</td></tr>
+				<tr bgcolor="'.$config['darkborder'].'"><td valign="top"><b>Message:</b><font size="1"><br />You can use:<br />[player]Nick[/player]<br />[url]http://address.com/[/url]<br />[img]http://images.com/images3.gif[/img]<br />[code]Code[/code]<br />[b]<b>Text</b>[/b]<br />[i]<i>Text</i>[/i]<br />[u]<u>Text</u>[/u]<br />and smileys:<br />;) , :) , :D , :( , :rolleyes:<br />:cool: , :eek: , :o , :p</font></td><td><textarea rows="10" cols="60" name="text">'.htmlspecialchars($text).'</textarea><br />(Max. 15,000 letters)</td></tr>
+				<tr bgcolor="'.$config['lightborder'].'"><td valign="top">Options:</td><td><label><input type="checkbox" name="smile" value="1"';
+			if($smile == 1)
+				echo ' checked="checked"';
+			echo '/>Disable Smileys in This Post </label></td></tr></table><center><input type="submit" value="Post Reply" /></center></form>';
+			$threads = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_smile` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` DESC LIMIT 10")->fetchAll();
+			echo '<table width="100%"><tr bgcolor="'.$config['vdarkborder'].'"><td colspan="2"><font color="white"><b>Last 5 posts from thread: '.$thread['post_topic'].'</b></font></td></tr>';
+			foreach($threads as $thread)
+			{
+				echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td>'.$thread['name'].'</td><td>'.showPost($thread['post_topic'], $thread['post_text'], $thread['post_smile']).'</td></tr>';
+			}
+			echo '</table>';
+		}
+	}
+	else
+		echo 'Thread with ID '.$thread_id.' doesn\'t exist.';
+}
+else
+	echo "Your account is banned, deleted or you don't have any player with level " . $config['forum_level_required'] . " on your account. You can't post.";
+
+?>

system/pages/forum/new_thread.php

@@ -0,0 +1,102 @@
+<?php
+/**
+ * New forum thread
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+if(Forum::canPost($account_logged))
+{
+	$players_from_account = $db->query('SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = '.(int) $account_logged->getId())->fetchAll();
+	$section_id = isset($_REQUEST['section_id']) ? $_REQUEST['section_id'] : null;
+	if($section_id !== null) {
+		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($section_id) . '">' . $sections[$section_id]['name'] . '</a> >> <b>Post new thread</b><br />';
+		if (isset($sections[$section_id]['name'])) {
+			if ($sections[$section_id]['closed'] && !Forum::isModerator())
+				$errors[] = 'You cannot create topic on this board.';
+			
+			$quote = (int)(isset($_REQUEST['quote']) ? $_REQUEST['quote'] : 0);
+			$text = isset($_REQUEST['text']) ? stripslashes($_REQUEST['text']) : '';
+			$char_id = (int)(isset($_REQUEST['char_id']) ? $_REQUEST['char_id'] : 0);
+			$post_topic = isset($_REQUEST['topic']) ? stripslashes($_REQUEST['topic']) : '';
+			$smile = (int)(isset($_REQUEST['smile']) ? $_REQUEST['smile'] : 0);
+			$saved = false;
+			if (isset($_REQUEST['save'])) {
+				$errors = array();
+				
+				$lenght = 0;
+				for ($i = 0; $i < strlen($post_topic); $i++) {
+					if (ord($post_topic[$i]) >= 33 && ord($post_topic[$i]) <= 126)
+						$lenght++;
+				}
+				if ($lenght < 1 || strlen($post_topic) > 60)
+					$errors[] = 'Too short or too long topic (short: ' . $lenght . ' long: ' . strlen($post_topic) . ' letters). Minimum 1 letter, maximum 60 letters.';
+				$lenght = 0;
+				for ($i = 0; $i < strlen($text); $i++) {
+					if (ord($text[$i]) >= 33 && ord($text[$i]) <= 126)
+						$lenght++;
+				}
+				if ($lenght < 1 || strlen($text) > 15000)
+					$errors[] = 'Too short or too long post (short: ' . $lenght . ' long: ' . strlen($text) . ' letters). Minimum 1 letter, maximum 15000 letters.';
+				
+				if ($char_id == 0)
+					$errors[] = 'Please select a character.';
+				$player_on_account = false;
+				
+				if (count($errors) == 0) {
+					foreach ($players_from_account as $player)
+						if ($char_id == $player['id'])
+							$player_on_account = true;
+					if (!$player_on_account)
+						$errors[] = 'Player with selected ID ' . $char_id . ' doesn\'t exist or isn\'t on your account';
+				}
+				
+				if (count($errors) == 0) {
+					$last_post = 0;
+					$query = $db->query('SELECT `post_date` FROM `' . TABLE_PREFIX . 'forum` ORDER BY `post_date` DESC LIMIT 1');
+					if ($query->rowCount() > 0) {
+						$query = $query->fetch();
+						$last_post = $query['post_date'];
+					}
+					if ($last_post + $config['forum_post_interval'] - time() > 0 && !Forum::isModerator())
+						$errors[] = 'You can post one time per ' . $config['forum_post_interval'] . ' seconds. Next post after ' . ($last_post + $config['forum_post_interval'] - time()) . ' second(s).';
+				}
+				if (count($errors) == 0) {
+					$saved = true;
+					$db->query("INSERT INTO `" . TABLE_PREFIX . "forum` (`first_post` ,`last_post` ,`section` ,`replies` ,`views` ,`author_aid` ,`author_guid` ,`post_text` ,`post_topic` ,`post_smile` ,`post_date` ,`last_edit_aid` ,`edit_date`, `post_ip`) VALUES ('0', '" . time() . "', '" . (int)$section_id . "', '0', '0', '" . $account_logged->getId() . "', '" . (int)$char_id . "', " . $db->quote($text) . ", " . $db->quote($post_topic) . ", '" . (int)$smile . "', '" . time() . "', '0', '0', '" . $_SERVER['REMOTE_ADDR'] . "')");
+					$thread_id = $db->lastInsertId();
+					$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `first_post`=" . (int)$thread_id . " WHERE `id` = " . (int)$thread_id);
+					header('Location: ' . getForumThreadLink($thread_id));
+					echo '<br />Thank you for posting.<br /><a href="' . getForumThreadLink($thread_id) . '">GO BACK TO LAST THREAD</a>';
+				}
+			}
+			if (!$saved) {
+				if (!empty($errors))
+					echo $twig->render('error_box.html.twig', array('errors' => $errors));
+				
+				echo $twig->render('forum.new_thread.html.twig', array(
+					'section_id' => $section_id,
+					'players' => $players_from_account,
+					'post_player_id' => $char_id,
+					'post_thread' => $post_topic,
+					'text' => $text,
+					'smiles_enabled' => $smile > 0
+				));
+			}
+		}
+		else
+			echo 'Board with ID ' . $board_id . ' doesn\'t exist.';
+	}
+	else
+		echo 'Please enter section_id.';
+}
+else
+	echo 'Your account is banned, deleted or you don\'t have any player with level '.$config['forum_level_required'].' on your account. You can\'t post.';
+
+?>

system/pages/forum/remove_post.php

@@ -0,0 +1,37 @@
+<?php
+/**
+ * Remove forum post
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+if(Forum::isModerator())
+{
+	$id = (int) $_REQUEST['id'];
+	$post = $db->query("SELECT `id`, `first_post`, `section` FROM `" . TABLE_PREFIX . "forum` WHERE `id` = ".$id." LIMIT 1")->fetch();
+	if($post['id'] == $id)
+	{
+		if($post['id'] == $post['first_post'])
+		{
+			$db->query("DELETE FROM `" . TABLE_PREFIX . "forum` WHERE `first_post` = ".$post['id']);
+			header('Location: ' . getForumBoardLink($post['section']));
+		}
+		else
+		{
+			$post_page = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`id` < ".$id." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $post['first_post'])->fetch();
+			$_page = (int) ceil($post_page['posts_count'] / $config['forum_threads_per_page']) - 1;
+			$db->query("DELETE FROM `" . TABLE_PREFIX . "forum` WHERE `id` = ".$post['id']);
+			header('Location: ' . getForumThreadLink($post['first_post'], (int) $_page));
+		}
+	}
+	else
+		echo 'Post with ID ' . $id . ' does not exist.';
+}
+else
+	echo 'You are not logged in or you are not moderator.';

system/pages/forum/show_board.php

@@ -0,0 +1,77 @@
+<?php
+/**
+ * Show forum board
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$links_to_pages = '';
+$section_id = (int) $_REQUEST['id'];
+$_page = (int) (isset($_REQUEST['page']) ? $_REQUEST['page'] : 0);
+$threads_count = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS threads_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`section` = ".(int) $section_id." AND `" . TABLE_PREFIX . "forum`.`first_post` = `" . TABLE_PREFIX . "forum`.`id`")->fetch();
+for($i = 0; $i < $threads_count['threads_count'] / $config['forum_threads_per_page']; $i++)
+{
+	if($i != $_page)
+		$links_to_pages .= '<a href="' . getForumBoardLink($section_id, $i) . '">'.($i + 1).'</a> ';
+	else
+		$links_to_pages .= '<b>'.($i + 1).' </b>';
+}
+echo '<a href="' . getLink('forum') . '">Boards</a> >> <b>'.$sections[$section_id]['name'].'</b>';
+if(!$sections[$section_id]['closed'] || Forum::isModerator())
+{
+	echo '<br /><br />
+		<a href="?subtopic=forum&action=new_thread&section_id='.$section_id.'"><img src="images/forum/topic.gif" border="0" /></a>';
+}
+
+echo '<br /><br />Page: '.$links_to_pages.'<br />';
+$last_threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`id`, `" . TABLE_PREFIX . "forum`.`last_post`, `" . TABLE_PREFIX . "forum`.`replies`, `" . TABLE_PREFIX . "forum`.`views`, `" . TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`section` = ".(int) $section_id." AND `" . TABLE_PREFIX . "forum`.`first_post` = `" . TABLE_PREFIX . "forum`.`id` ORDER BY `" . TABLE_PREFIX . "forum`.`last_post` DESC LIMIT ".$config['forum_threads_per_page']." OFFSET ".($_page * $config['forum_threads_per_page']))->fetchAll();
+if(isset($last_threads[0]))
+{
+	echo '<table width="100%"><tr bgcolor="'.$config['vdarkborder'].'" align="center"><td><font color="white" size="1"><b>Thread</b></font></td><td><font color="white" size="1"><b>Thread Starter</b></font></td><td><font color="white" size="1"><b>Replies</b></font></td><td><font color="white" size="1"><b>Views</b></font></td><td><font color="white" size="1"><b>Last Post</b></font></td></tr>';
+	
+	$player = new OTS_Player();
+	foreach($last_threads as $thread)
+	{
+		echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td>';
+		if(Forum::isModerator())
+		{
+			echo '<a href="?subtopic=forum&action=move_thread&id='.$thread['id'].'"\')"><span style="color:darkgreen">[MOVE]</span></a>';
+			echo '<a href="?subtopic=forum&action=remove_post&id='.$thread['id'].'" onclick="return confirm(\'Are you sure you want remove thread > '.$thread['post_topic'].' <?\')"><font color="red">[REMOVE]</font></a>  ';
+		}
+		
+		$player->load($thread['player_id']);
+		if(!$player->isLoaded()) {
+			error('Forum error: Player not loaded.');
+			die();
+		}
+		
+		$player_account = $player->getAccount();
+		$canEditForum = $player_account->hasFlag(FLAG_CONTENT_FORUM) || $player_account->isAdmin();
+		
+		echo '<a href="' . getForumThreadLink($thread['id']) . '">'.($canEditForum ? $thread['post_topic'] : htmlspecialchars($thread['post_topic'])) . '</a><br /><small>'.($canEditForum ? substr(strip_tags($thread['post_text']), 0, 50) : htmlspecialchars(substr($thread['post_text'], 0, 50))).'...</small></td><td>' . getPlayerLink($thread['name']) . '</td><td>'.(int) $thread['replies'].'</td><td>'.(int) $thread['views'].'</td><td>';
+		if($thread['last_post'] > 0)
+		{
+			$last_post = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['id']." AND `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` ORDER BY `post_date` DESC LIMIT 1")->fetch();
+			if(isset($last_post['name']))
+				echo date('d.m.y H:i:s', $last_post['post_date']).'<br />by ' . getPlayerLink($last_post['name']);
+			else
+				echo 'No posts.';
+		}
+		else
+			echo date('d.m.y H:i:s', $thread['post_date']).'<br />by ' . getPlayerLink($thread['name']);
+		echo '</td></tr>';
+	}
+	echo '</table>';
+	if(!$sections[$section_id]['closed'] || Forum::isModerator())
+		echo '<br /><a href="?subtopic=forum&action=new_thread&section_id='.$section_id.'"><img src="images/forum/topic.gif" border="0" /></a>';
+}
+else
+	echo '<h3>No threads in this board.</h3>';
+
+?>

system/pages/forum/show_thread.php

@@ -0,0 +1,85 @@
+<?php
+/**
+ * Show forum thread
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @version   0.6.1
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$links_to_pages = '';
+$thread_id = (int) $_REQUEST['id'];
+$_page = (int) (isset($_REQUEST['page']) ? $_REQUEST['page'] : 0);
+$thread_name = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_topic` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." AND `" . TABLE_PREFIX . "forum`.`id` = `" . TABLE_PREFIX . "forum`.`first_post` AND `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` LIMIT 1")->fetch();
+if(!empty($thread_name['name']))
+{
+	$posts_count = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id)->fetch();
+	for($i = 0; $i < $posts_count['posts_count'] / $config['forum_threads_per_page']; $i++)
+	{
+		if($i != $_page)
+			$links_to_pages .= '<a href="' . getForumThreadLink($thread_id, $i) . '">'.($i + 1).'</a> ';
+		else
+			$links_to_pages .= '<b>'.($i + 1).' </b>';
+	}
+	$threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `players`.`account_id`, `players`.`vocation`" . (fieldExist('promotion', 'players') ? ", `players`.`promotion`" : "") . ", `players`.`level`, `" . TABLE_PREFIX . "forum`.`id`,`" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`section`,`" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_date`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`last_edit_aid`, `" . TABLE_PREFIX . "forum`.`edit_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` LIMIT ".$config['forum_posts_per_page']." OFFSET ".($_page * $config['forum_posts_per_page']))->fetchAll();
+	if(isset($threads[0]['name']))
+		$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `views`=`views`+1 WHERE `id` = ".(int) $thread_id);
+	echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($threads[0]['section']) . '">'.$sections[$threads[0]['section']]['name'].'</a> >> <b>'.$thread_name['post_topic'].'</b>';
+	echo '<br /><br /><a href="?subtopic=forum&action=new_post&thread_id='.$thread_id.'"><img src="images/forum/post.gif" border="0" /></a><br /><br />Page: '.$links_to_pages.'<br /><table width="100%"><tr bgcolor="'.$config['lightborder'].'" width="100%"><td colspan="2"><font size="4"><b>'.htmlspecialchars($thread_name['post_topic']).'</b></font><font size="1"><br />by ' . getPlayerLink($thread_name['name']) . '</font></td></tr><tr bgcolor="'.$config['vdarkborder'].'"><td width="200"><font color="white" size="1"><b>Author</b></font></td><td>&nbsp;</td></tr>';
+	$player = $ots->createObject('Player');
+	foreach($threads as $thread)
+	{
+		$player->load($thread['player_id']);
+		if(!$player->isLoaded()) {
+			error('Forum error: Player not loaded.');
+			die();
+		}
+		
+		echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td valign="top">' . getPlayerLink($thread['name']) . '<br /><br /><font size="1">Profession: '.$config['vocations'][$player->getVocation()].'<br />Level: '.$thread['level'].'<br />';
+		
+		$rank = $player->getRank();
+		if($rank->isLoaded())
+		{
+			$guild = $rank->getGuild();
+			if($guild->isLoaded())
+				echo $rank->getName().' of <a href="'.getGuildLink($guild->getName(), false).'">'.$guild->getName().'</a><br />';
+		}
+		$player_account = $player->getAccount();
+		$canEditForum = $player_account->hasFlag(FLAG_CONTENT_FORUM) || $player_account->isAdmin();
+		
+		$posts = $db->query("SELECT COUNT(`id`) AS 'posts' FROM `" . TABLE_PREFIX . "forum` WHERE `author_aid`=".(int) $thread['account_id'])->fetch();
+		echo '<br />Posts: '.(int) $posts['posts'].'<br /></font></td><td valign="top">'.showPost(($canEditForum ? $thread['post_topic'] : htmlspecialchars($thread['post_topic'])), ($canEditForum ? $thread['post_text'] : htmlspecialchars($thread['post_text'])), $thread['post_smile']).'</td></tr>
+			<tr bgcolor="'.getStyle($number_of_rows++).'"><td><font size="1">'.date('d.m.y H:i:s', $thread['post_date']);
+		if($thread['edit_date'] > 0)
+		{
+			if($thread['last_edit_aid'] != $thread['author_aid'])
+				echo '<br />Edited by moderator';
+			else
+				echo '<br />Edited by '.$thread['name'];
+			echo '<br />on '.date('d.m.y H:i:s', $thread['edit_date']);
+		}
+		echo '</font></td><td>';
+		if(Forum::isModerator())
+			if($thread['first_post'] != $thread['id'])
+				echo '<a href="?subtopic=forum&action=remove_post&id='.$thread['id'].'" onclick="return confirm(\'Are you sure you want remove post of '.$thread['name'].'?\')"><font color="red">REMOVE POST</font></a>';
+			else
+			{
+				echo '<a href="?subtopic=forum&action=move_thread&id='.$thread['id'].'"\')"><span style="color:darkgreen">[MOVE]</span></a>';
+				echo '<br/><a href="?subtopic=forum&action=remove_post&id='.$thread['id'].'" onclick="return confirm(\'Are you sure you want remove thread > '.$thread['post_topic'].' <?\')"><font color="red">REMOVE THREAD</font></a>';
+			}
+		if($logged && ($thread['account_id'] == $account_logged->getId() || Forum::isModerator()))
+			echo '<br/><a href="?subtopic=forum&action=edit_post&id='.$thread['id'].'">EDIT POST</a>';
+		if($logged)
+			echo '<br/><a href="?subtopic=forum&action=new_post&thread_id='.$thread_id.'&quote='.$thread['id'].'">Quote</a>';
+		echo '</td></tr>';
+	}
+	echo '</table><br /><a href="?subtopic=forum&action=new_post&thread_id='.$thread_id.'"><img src="images/forum/post.gif" border="0" /></a>';
+}
+else
+	echo 'Thread with this ID does not exits.';
+
+?>

system/pages/gallery.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/guilds.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/highscores.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/houses.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/lastkills.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/lostaccount.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/news.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/newsarchive.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 $_GET['archive'] = true;

system/pages/online.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/polls.php

@@ -6,7 +6,7 @@
  * @author    Averatec <pervera.pl & otland.net>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -325,13 +325,13 @@ function getColorByPercent($percent)
 		$show = false;
         if(isset($_POST['submit']))
         {
-            $_SESSION['answers'] = $_POST['answers'];
+            setSession('answers', $_POST['answers']);
             echo '<form method="post" action=""><b><font size=3>Adding Poll</font></b><br><br>
             <input type=text name=question value="" /> Question<br>
             <input type=text name=description value="" /> Description<br>
             <input type=text name=end value="" /> Time to end, in days<br>';
 
-            for( $x = 1; $x <= $_SESSION['answers']; $x++ )
+            for( $x = 1; $x <= getSession('answers'); $x++ )
             {
                 echo '<input type=text name='.$x.' value="" /> Answer no. '.$x.'<br>';
             }
@@ -344,12 +344,12 @@ function getColorByPercent($percent)
                 $id = $db->query('SELECT MAX(id) FROM `z_polls`')->fetch();
                 $id_next = $id[0] + 1;
 
-                for( $x = 1; $x <= $_SESSION['answers']; $x++ )
+                for( $x = 1; $x <= getSession('answers'); $x++ )
                 {
                     $INSERT_answer = $db->query('INSERT INTO `z_polls_answers` (`poll_id`,`answer_id`,`answer`) VALUES ('.$db->quote($id_next).','.$db->quote($x).','.$db->quote($_POST[$x]).')');
                 }
                 $end = $time+24*60*60*$_POST['end'];
-                $INSERT_poll = $db->query('INSERT INTO `z_polls` (`id`,`question`, `description`,`end`,`answers`,`start`) VALUES ('.$db->quote($id_next).','.$db->quote($_POST['question']).','.$db->quote($_POST['description']).','.$db->quote($end).','.$db->quote($_SESSION['answers']).','.$db->quote($time).')');
+                $INSERT_poll = $db->query('INSERT INTO `z_polls` (`id`,`question`, `description`,`end`,`answers`,`start`) VALUES ('.$db->quote($id_next).','.$db->quote($_POST['question']).','.$db->quote($_POST['description']).','.$db->quote($end).','.$db->quote(getSession('answers')).','.$db->quote($time).')');
         }
 
         $POLLS_check = $db->query('SELECT MAX(end) FROM '.$db->tableName('z_polls').'');

system/pages/records.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/rules.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/serverinfo.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/spells.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -16,7 +16,9 @@ $canEdit = hasFlag(FLAG_CONTENT_SPELLS) || admin();
 if(isset($_POST['reload_spells']) && $canEdit)
 {
 	require LIBS . 'spells.php';
-	Spells::loadFromXML(true);
+	if(!Spells::loadFromXML(true)) {
+		error(Spells::getLastError());
+	}
 }
 
 if($canEdit)

system/pages/team.php

@@ -6,7 +6,7 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/videos.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/status.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/template.php

@@ -5,7 +5,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -19,20 +19,21 @@ if($config['template_allow_change'])
 		$template_name = $_GET['template'];
 		if(!preg_match("/[^A-z0-9_\-]/", $template_name)) { // validate template
 			//setcookie('template', $template_name, 0, BASE_DIR . '/', $_SERVER["SERVER_NAME"]);
-			$_SESSION['template'] = $template_name;
+			setSession('template', $template_name);
 		}
 		else
 			$template_name = $config['template'];
 	}
-	else if(isset($_SESSION['template']))
-	{
-		if(!preg_match("/[^A-z0-9_\-]/", $_SESSION['template'])) {
-			$template_name = $_SESSION['template'];
-		}
 	else {
+		$template_session = getSession('template');
+		if ($template_session !== false) {
+			if (!preg_match("/[^A-z0-9_\-]/", $template_session)) {
+				$template_name = $template_session;
+			} else {
 				$template_name = $config['template'];
 			}
 		}
+	}
 }
 $template_path = 'templates/' . $template_name;
 

system/templates/forum.edit_post.html.twig

@@ -0,0 +1,46 @@
+<br/>
+<form action="{{ getLink('forum') }}" method="post">
+	<input type="hidden" name="action" value="edit_post" />
+	<input type="hidden" name="id" value="{{ post_id }}" />
+	<input type="hidden" name="save" value="save" />
+	<table width="100%">
+		<tr bgcolor="{{ config.vdarkborder }}">
+			<td colspan="2">
+				<font color="white"><b>Edit Post</b></font>
+			</td>
+		</tr>
+		<tr bgcolor="{{ config.darkborder }}">
+			<td width="180"><b>Character:</b></td>
+			<td>
+				<select name="char_id">
+					<option value="0">(Choose character)</option>
+					{% for player in players %}
+					<option value="{{ player.id }}"{% if player.id == player_id %} selected="selected"{% endif %}>{{ player.name }}</option>
+					{% endfor %}
+					</select>
+			</td>
+		</tr>
+		<tr bgcolor="{{ config.lightborder }}">
+			<td><b>Topic:</b></td>
+			<td><input type="text" value="{{ topic|raw }}" name="topic" size="40" maxlength="60" /> (Optional)</td>
+		</tr>
+		<tr bgcolor="{{ config.darkborder }}">
+			<td valign="top"><b>Message:</b><font size="1"><br/>You can use:<br/>[player]Nick[/player]<br />[url]http://address.com/[/url]<br />[img]http://images.com/images3.gif[/img]<br />[code]Code[/code]<br />[b]<b>Text</b>[/b]<br />[i]<i>Text</i>[/i]<br/>[u]<u>Text</u>[/u]<br />and smileys:<br />;) , :) , :D , :( , :rolleyes:<br />:cool: , :eek: , :o , :p</font>
+			</td>
+			<td>
+				<textarea rows="10" cols="60" name="text">{{ text|raw }}</textarea><br />(Max. 15,000 letters)
+			</td>
+		</tr>
+		<tr bgcolor="{{ config.lightborder }}">
+			<td valign="top">Options:</td>
+			<td>
+				<label>
+					<input type="checkbox" name="smile" value="1"{% if smile == 1 %} checked="checked"{% endif %}/>Disable Smileys in This Post
+				</label>
+			</td>
+		</tr>
+	</table>
+	<center>
+		<input type="submit" value="Save Post" />
+	</center>
+</form>

system/templates/forum.move_thread.html.twig

@@ -10,7 +10,8 @@
 					<td>
 						<form action="" method="get">
 							<input type="hidden" name="subtopic" value="forum" />
-							<input type="hidden" name="action" value="moved_thread" />
+							<input type="hidden" name="action" value="move_thread" />
+							<input type="hidden" name="save" value="1" />
 							<input type="hidden" name="id" value="{{ post_id }}" />
 							<strong>THREAD:</strong> {{ thread }}<br/>
 							<strong>AUTHOR:</strong> {{ author }}<br/>

tools/validate.php

@@ -6,7 +6,7 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
+ * @version   0.6.1
  * @link      http://my-aac.org
  */