* update to 0.7.5

* fixed template path finding
* fixed news adding when type != ARTICLE

CHANGELOG

@@ -1,246 +1,387 @@
+[0.7.5 - 04.01.2017]
+	* fixed bug on othire with config.account_premium_days
+	* fixed bug on TFS 1.x when online_afk is enabled
+	* warning about leaving news page with changes
+	* added player status to tibiacom top 5 highscores box
+	* save detected country on create account in session
+	* fixed getPremDays and isPremium functions (newest 11.x engines are bugged when it comes to PACC, its not fault of MyAAC)
+	* fix when there are no changelogs or highscores yet
+	* small fix regarding getTopPlayers function which was ignoring $limit variable
+	* fixed news adding when type != ARTICLE
+	* fixed template path finding
+	* fixed displaying article_text when it was empty saved
+
+[0.7.4 - 24.12.2017]
+	* fixed mysql fatal error on tibiacom template - top 5 box
+	* fixed displaying of level percent bar on tibian signature
+	* inform user about Twig cache failure on installation, instead of http 500 error
+	* when dir system/cache is not writable by the webserver, then show some nice notice to the user about it instead of http 500 error
+	* remember client version select and usage stats checkbox in session on install
+	* automatically update highscores_ids_hidden for users who installed myaac before (migration)
+
+[0.7.3 - 18.12.2017]
+	* auto generate myaac cache & session prefix on install to be unique across installations
+	* fixed hiding shop system menu on tibiacom template when disabled in config
+	* prevent adding duplicated newses with installation
+	* some changes to sample characters: chanced town_id to 1, posx: 1000, posy: 1000, posz: 1000 and default group_id to 1 so you can change in-game outfits and they will be used
+	* added version 772 constant to install client choose (OTHire)
+	* better solution for hidding samples (configurable) - highscores_ids_hidden
+	* fixed account.login redirect not working on tibiacom template
+	* installation: warn about wrong admin account name/id and password
+	* fixed last menu closing in tibiacom template
+	* updated polish locale (translation) on install 
+	* (internal) removed some duplicated code on install finish
+	* (internal) renamed installation step files to be in correct order
+	* added TODO file
+
+[0.7.1 - 13.12.2017]
+	* added changelog menu item to kathrine template
+	* fixed some php short tag in changelogs page
+	* fixed guild change description back button
+	* removed duplicated "Support List" menu item from tibiacom template
+	* changed some notice when version check is failed
+	* (internal) moved changelog to twig
+
+[0.7.0 - 20.11.2017]
+	* moved template menus to database, they're now dynamically loaded
+	* added anonymous usage statistics reporting (only if user agrees, first usage report will be send after 7 days)
+	* you can edit them in Admin Panel under 'Menus' option
+	* you can also add custom links, like http://google.pl
+	* added networks (facebook and twitter) and highscores (top 5) boxes to tibiacom template, configurable in templates/tibiacom/config.php
+	* added news ticker for kathrine template
+	* added featured article to tibiacom template (you can add them with add news button)
+	* added tinymce editor to 'Pages' in admin panel
+	* added links to edit/delete/hide custom page directly from page
+	* update forum post after editing news (when forum post has been created)
+	* enabled code plugin for tinymce which enabled raw html code editing
+	* removed videos pages, as it can be easily added using custom Menus and Pages with insert Media
+	* removed bug_report configurable, its now enabled by default
+	* log some error info when mail cannot be send on account create
+	* twig getLink function will now return with full url (BASE_URL included)
+	* verify install post values directly on config page and display error
+	* updated tinymce to version 4.7.2 (from 4.7.0)
+	* updated phpmailer to version 5.2.26 (from 5.2.23)
+	* (#30) (fix) recovering account on servers that doesn't support salts
+	* (fix) account email confirm function
+	* (fix) showing changelog with urls in Admin Panel
+	* (fix) uninstalling plugin
+	* (fix) polls box in tibiacom template
+	* (fix) remove hooks from db on plugin deinstall
+	* (fix) some weird include possibilities with forum and account actions (verify action name)
+	* (fix) loading hooks from plugin installed from command line
+	* (fix) some changelog PHP Notice warning
+	* (internal) moved uninstall logic to Plugins class
+	* (internal) moved tibiacom boxes to separate directory
+	* (internal) moved news tickers to twig template
+	* (internal) moved Forum class to separate file
+	* (internal) moved deprecated functions to compat.php
+	* (internal) added some compat functions that are used by shop system
+	* (internal) renamed constant TICKET -> TICKER
+	* (internal) shortened message functions
+	
+[0.6.6 - 22.10.2017]
+	* fixed some php fatal error on spells page
+	* changed spells.vocations field in db size to 300
+	* please reload your spells after this update!
+
+[0.6.5 - 21.10.2017]
+	* fixed displaying custom pages
+	* fixed adding new group forum board
+	
+[0.6.4 - 20.10.2017]
+	* reverted OTS_Account::getLastLogin() cause its used by tibia11-login plugin
+	
+[0.6.3 - 20.10.2017]
+	* fixed creating account
+	* fixed viewing thread without being logged 
+	* fixed showing premium account status
+	
+[0.6.2 - 20.10.2017]
+	* added forums for guilds and groups
+	* added nice looking menu for my account page in default template
+	* new command line tool: install_plugin.php - can be used to install plugins from command line. Usage: "php install_plugin.php path_to_file"
+	* added new tooltip to view characters equipment item name and monster loot
+	* added items.xml loader class and weapons.xml loader class
+	* minimum PHP version to install AAC is now 5.3.0 cause of Anonymous functions used by Twig
+	* Added 'Are you sure?' popup when uninstalling plugin
+	* added some warnings when plugin json file is incomplete
+	* fixed showing in characters ban expires when is unlimited
+	* fixed displaying monster loot when item.name in loot is used instead of item.id
+	* load also runes into spells table
+	* display plugin uninstall option only if its possible
+	* after changing template you will be redirected to latest viewed page
+	* display gallery add image form only on main gallery page
+	* (internal) moved most of guilds html-in-php code to twig
+	* (internal) moved spells page to twig template
+	* (internal) removed useless spells.spell column that was duplicate of spells.words
+	* (internal) save monster loot in database in json format instead loading it every time from xml file
+	* (internal) store monster voices and immunities in json format
+	* (internal) moved buttons to separate template
+	* (internal) moved online search form to twig
+	* (internal) added new function getItemNameById($id)
+	* (internal) Moved plugin install logic to a new class: Plugins
+	* (internal) changed spells.vocations database field to store json data instead of comma separated
+	* (internal) removed $hook_types array, using defined() and constant() functions now
+	* (internal) removed useless monsters.gfx_name field from database
+	* (internal) renamed database field monsters.hide_creature to hidden
+	* (internal) renamed existing Items class to Items_Images
+	* (internal) optimized Spells class
+	* (internal) new function: OTS_Guild::hasMember(OTS_Player $player)
+	* (internal) new function: Forum::hasAccess($board_id)
+	
+[0.6.1 - 17.10.2017]
+	* fixed signatures loading
+	* new configurable: session_prefix, to allow more websites on one machine (must be unique for every website on your dedicated server!)
+	* better error handling for monsters and spells loader (save errors to system/logs/error.log)
+	* check if file exist before loading (monsters and spells)
+	* (internal) Account::getAccess() = Account::getGroupId()
+	* (internal) moved account actions (pages) to account/ directory
+	* (internal) moved forum actions (pages) to forum/ directory
+	* (internal) moved forum.edit_post to twig templates
+
 [0.6.0 - 16.10.2017]
-	- added faq management - add/edit/move/hide/delete from website
-	- new account.login view for tibiacom template
-	- monsters and spells are now being loaded at the installation of the AAC
-	- fix for php versions under 5.5 where empty() function supported only variables
-	- added missing change email and change info buttons to account.management default template
-	- added new indicator icons for create account, create character and change character name
-	- fixed config loader when some inline comments are present
-	- fixed editing page in admin panel that contains some html code
-	- fixed forum new post on mac os and some specific mysql versions
-	- attempt to fix incorrect views counter behavior (its resetting to 0 in some cases)
-	- enabled cache http headers for signatures
-	- check if monster file exist before loading it
-	- fixed if plugin zip file name contains dot (.)
-	- renamed screenshots to gallery and movies to videos
-	- moved install pages to twig
-	- fixed Account::getGuildAccess function
-	- removed never used library from sources - dwoo
-	- moved check_* functions to class Validator
-	- from now all validators ajax requests will fire onblur instead of onkeyup
-	- ajax requests returns now json instead of xml
-	- added 404 response when file is not found
+	* added faq management - add/edit/move/hide/delete from website
+	* new account.login view for tibiacom template
+	* monsters and spells are now being loaded at the installation of the AAC
+	* fix for php versions under 5.5 where empty() function supported only variables
+	* added missing change email and change info buttons to account.management default template
+	* added new indicator icons for create account, create character and change character name
+	* fixed config loader when some inline comments are present
+	* fixed editing page in admin panel that contains some html code
+	* fixed forum new post on mac os and some specific mysql versions
+	* attempt to fix incorrect views counter behavior (its resetting to 0 in some cases)
+	* enabled cache http headers for signatures
+	* check if monster file exist before loading it
+	* fixed if plugin zip file name contains dot (.)
+	* renamed screenshots to gallery and movies to videos
+	* moved install pages to twig
+	* fixed Account::getGuildAccess function
+	* removed never used library from sources - dwoo
+	* moved check_* functions to class Validator
+	* from now all validators ajax requests will fire onblur instead of onkeyup
+	* ajax requests returns now json instead of xml
+	* added 404 response when file is not found
 
 [0.5.1 - 11.10.2017]
-	- fixed forum add/edit board
-	- new configurable: highscores_length, how much highscores to display
-	- fixed highscores links (ALL, previous and next page)
-	- update templates cache when installing/uninstalling plugin
-	- moved character deaths and frags table generation to twig
-	- fixed some bug when you uninstall plugin and then try to install again on the same page
-	- check if plugin exist before uninstalling
-	- fixed some warning in OTS_Base_DB
+	* fixed forum add/edit board
+	* new configurable: highscores_length, how much highscores to display
+	* fixed highscores links (ALL, previous and next page)
+	* update templates cache when installing/uninstalling plugin
+	* moved character deaths and frags table generation to twig
+	* fixed some bug when you uninstall plugin and then try to install again on the same page
+	* check if plugin exist before uninstalling
+	* fixed some warning in OTS_Base_DB
 
 [0.5.0 - 10.10.2017]
-	- moved .htaccess rules to plain php (index.php)
-	- updated tinymce to the latest (4.7.0) version, you can now embed code, for example youtube videos
-	- added option to uninstall plugin
-	- added option to require specified myaac, php or database version for plugins, without that plugin won't be installed
-	- change accountmanagement links to use friendly_urls
-	- fixed creating new forum thread
-	- sample characters are now assigned to admin account and have group_id 4 to not be shown on highscores
-	- added links loaded from database to admin panel - for future plugins
-	- print some info to error.log when can't find config.lua
-	- some fixes in account changecomment action
-	- show info when account name/number or password is empty on login
-	- fixed showing account login errors
-	- added few characters hooks
-	- fixed some kathrine template js bug when shop is disabled
-	- you can now use slash '/' in custom pages loaded from database
-	- added new twig function getLink that convert link taking into account config.friendly_urls
-	- internalLayoutLink -> getLink
+	* moved .htaccess rules to plain php (index.php)
+	* updated tinymce to the latest (4.7.0) version, you can now embed code, for example youtube videos
+	* added option to uninstall plugin
+	* added option to require specified myaac, php or database version for plugins, without that plugin won't be installed
+	* change accountmanagement links to use friendly_urls
+	* fixed creating new forum thread
+	* sample characters are now assigned to admin account and have group_id 4 to not be shown on highscores
+	* added links loaded from database to admin panel - for future plugins
+	* print some info to error.log when can't find config.lua
+	* some fixes in account changecomment action
+	* show info when account name/number or password is empty on login
+	* fixed showing account login errors
+	* added few characters hooks
+	* fixed some kathrine template js bug when shop is disabled
+	* you can now use slash '/' in custom pages loaded from database
+	* added new twig function getLink that convert link taking into account config.friendly_urls
+	* internalLayoutLink -> getLink
 
 [0.4.3 - 05.10.2017]
-	- better config loader taken from latest gesior, you can now include files in your config by doing dofile('config.local.lua')
-	- fixed country detection in create account
-	- fixed showing of character deaths and frags
-	- fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466303
-	- fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466313
-	- fixed rook sample, which will now have level 1, 150 health, 0 mana, and 400 cap.
-	- fixed samples being deleted by tfs 1.0+ cause of 'deletion' field set to 1
-	- pages loaded from database have higher priority than normal .php pages, so they will be loaded first if they exist
-	- moved many pages to twig templates
-	- change download client links from clients.halfaway.net to tibia-clients.com
-	- added bugtracker to kathrine template
-	- added CREDITS file
+	* better config loader taken from latest gesior, you can now include files in your config by doing dofile('config.local.lua')
+	* fixed country detection in create account
+	* fixed showing of character deaths and frags
+	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466303
+	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466313
+	* fixed rook sample, which will now have level 1, 150 health, 0 mana, and 400 cap.
+	* fixed samples being deleted by tfs 1.0+ cause of 'deletion' field set to 1
+	* pages loaded from database have higher priority than normal .php pages, so they will be loaded first if they exist
+	* moved many pages to twig templates
+	* change download client links from clients.halfaway.net to tibia-clients.com
+	* added bugtracker to kathrine template
+	* added CREDITS file
 
 [0.4.2 - 14.09.2017]
-	- updated version number
+	* updated version number
 
 [0.4.1 - 13.09.2017]
-	- fixed log in to admin panel
-	- fixed File is not .zip plugin upload error
+	* fixed log in to admin panel
+	* fixed File is not .zip plugin upload error
 
 [0.4.0 - 13.09.2017
-	- added option to add/edit/delete/hide/move forum boards
-	- moved some of HTML-in-PHP code to Twig templates
-	- added bug_report configurable which can enable/disable bug tracker
-	- log errors instead of showing them to users with system directories
-	- fix when $_SERVER['HTTP_ACCEPT_ENCODING'] is not set
-	- when it fails to load config.lua it will output error also to error.log
-	- automatically detect json file in .zip instead of basing on filename (admin panel - plugins)
-	- hopefully fixed the error with "The file you are trying to upload is not a .zip file. Please try again."
-	- fixed wrong name of table in bugtracker
-	- fixed some bugs in bugtracker
-	- added report bug link in templates
-	- fixed some rare error when user is logged in for longer than 15 minutes and tries to login again
-	- fixed some grammar errors
-	- some small improvements
-	- fixed some separators in kathrine template
+	* added option to add/edit/delete/hide/move forum boards
+	* moved some of HTML-in-PHP code to Twig templates
+	* added bug_report configurable which can enable/disable bug tracker
+	* log errors instead of showing them to users with system directories
+	* fix when $_SERVER['HTTP_ACCEPT_ENCODING'] is not set
+	* when it fails to load config.lua it will output error also to error.log
+	* automatically detect json file in .zip instead of basing on filename (admin panel - plugins)
+	* hopefully fixed the error with "The file you are trying to upload is not a .zip file. Please try again."
+	* fixed wrong name of table in bugtracker
+	* fixed some bugs in bugtracker
+	* added report bug link in templates
+	* fixed some rare error when user is logged in for longer than 15 minutes and tries to login again
+	* fixed some grammar errors
+	* some small improvements
+	* fixed some separators in kathrine template
 
 [0.3.0 - 28.08.2017]
-	- added administration panel for screenshots management with auto thumbnail generator and image auto-resizing
-	- added Twig template engine and moved some html-in-php code to it
-	- automatically detect player country based on user location (IP) on create account
-	- player sex (gender) is now configurable at $config['genders']
-	- fixed recovering account and changing password when salt is enabled
-	- fixed installing samples when for example Rook Sample already exist and other samples not
-	- fixed some mysql error when character you trying to create already exist
-	- fixed some warning when you select nonexistent country
-	- password change minimal/maximal length notice is now more precise
-	- added 'enabled' field in myaac_hooks table, which can enable or disable specified hook
-	- removed DEFAULT '' for TEXT field. It didn't worked under some systems like MAC OS X.
-	- minimum PHP version to install the MyAAC is now 5.2.0 cause of pathinfo (extension) function
-	- removed unused admin stylish template
-	- removed some unused cities field from myaac_spells table
-	- moved news adding at installation from schema.sql to finish.php
-	- some optimizations
+	* added administration panel for screenshots management with auto thumbnail generator and image auto-resizing
+	* added Twig template engine and moved some html-in-php code to it
+	* automatically detect player country based on user location (IP) on create account
+	* player sex (gender) is now configurable at $config['genders']
+	* fixed recovering account and changing password when salt is enabled
+	* fixed installing samples when for example Rook Sample already exist and other samples not
+	* fixed some mysql error when character you trying to create already exist
+	* fixed some warning when you select nonexistent country
+	* password change minimal/maximal length notice is now more precise
+	* added 'enabled' field in myaac_hooks table, which can enable or disable specified hook
+	* removed DEFAULT '' for TEXT field. It didn't worked under some systems like MAC OS X.
+	* minimum PHP version to install the MyAAC is now 5.2.0 cause of pathinfo (extension) function
+	* removed unused admin stylish template
+	* removed some unused cities field from myaac_spells table
+	* moved news adding at installation from schema.sql to finish.php
+	* some optimizations
 
 [0.2.4 - 09.06.2017]
-	- fixed invite to guild
-	- added id field on monsters, so you can delete them in phpmyadmin
-	- fixed adding some creatures with ' and "
-	- fixed when there are spaces at beginning of the file (creatures)
-	- fixed when file is unable to parse (creatures)
-	- fixed typo loss_items => loss_containers
-	- more elegant way of showing message on reload creatures and spells
+	* fixed invite to guild
+	* added id field on monsters, so you can delete them in phpmyadmin
+	* fixed adding some creatures with ' and "
+	* fixed when there are spaces at beginning of the file (creatures)
+	* fixed when file is unable to parse (creatures)
+	* fixed typo loss_items => loss_containers
+	* more elegant way of showing message on reload creatures and spells
 
 [0.2.3 - 31.05.2017]
-	- fixed guild management on OTHire 0.0.3
-	- set default skills to 10 when creating new character
-	- fixed displaying of "Create forum thread" in newses
-	- fixed deleting guild on servers that use players.rank_id field
-	- fixed phpmailer class loading (https://otland.net/threads/myaac-v0-0-1.251454/page-8#post-2445222)
-	- fixed displaying vocation amount on online page
-	- better support for custom vocations, you just need to set in config vocations_amount to yours.
-	- fixed huge space in player name (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444328)
-	- fixed Undefined variable (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444034)
-	- fixed Undefined offset (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444035)
+	* fixed guild management on OTHire 0.0.3
+	* set default skills to 10 when creating new character
+	* fixed displaying of "Create forum thread" in newses
+	* fixed deleting guild on servers that use players.rank_id field
+	* fixed phpmailer class loading (https://otland.net/threads/myaac-v0-0-1.251454/page-8#post-2445222)
+	* fixed displaying vocation amount on online page
+	* better support for custom vocations, you just need to set in config vocations_amount to yours.
+	* fixed huge space in player name (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444328)
+	* fixed Undefined variable (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444034)
+	* fixed Undefined offset (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444035)
 
 [0.2.2 - 22.05.2017]
-	- added missing cache/signature directory
-	- fixed https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2443868
+	* added missing cache/signature directory
+	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2443868
 
 [0.2.1 - 21.05.2017]
-	- added Swedish translation by Sizaro
-	- fixed some bugs with installlation & characters & houses
+	* added Swedish translation by Sizaro
+	* fixed some bugs with installlation & characters & houses
 
 [0.2.0 - 21.05.2017]
-	- added option to change character sex for premium points
-	- moved site_closed to database, now you can close your site through admin panel
-	- added option to admin panel: clear cache
-	- added experiencetable_rows configurable
-	- optimized OTS_Account->getGroupId(), now its using like 20 queries less
-	- optimized OTS_Player->load($id) function, should be much faster now
-	- fixed displaying on highscores special outfits
-	- fixed skull images displaying
-	- fixed displaying unlimited premium account
-	- fixed bug where players.lookaddons doesn't exist (OTHire etc.) (https://otland.net/threads/myaac-v0-0-1.251454/page-6#post-2442407)
-	- fixed signature tibian for OTHire and other servers that doesnt use accounts.premdays field
-	- fixed when player name in signature containst space
-	- don't show "Create forum thread" when editing
-	- fixed red color table after create account
-	- updated download links, as clients.halfaway.net isn't working anymore
-	- fixed some bugs while installing when field `email_next` or `hidden` already exist
-	- fixed movies unexpected comment
-	- added template_place_holder('center_top') to kathrine template
+	* added option to change character sex for premium points
+	* moved site_closed to database, now you can close your site through admin panel
+	* added option to admin panel: clear cache
+	* added experiencetable_rows configurable
+	* optimized OTS_Account->getGroupId(), now its using like 20 queries less
+	* optimized OTS_Player->load($id) function, should be much faster now
+	* fixed displaying on highscores special outfits
+	* fixed skull images displaying
+	* fixed displaying unlimited premium account
+	* fixed bug where players.lookaddons doesn't exist (OTHire etc.) (https://otland.net/threads/myaac-v0-0-1.251454/page-6#post-2442407)
+	* fixed signature tibian for OTHire and other servers that doesnt use accounts.premdays field
+	* fixed when player name in signature containst space
+	* don't show "Create forum thread" when editing
+	* fixed red color table after create account
+	* updated download links, as clients.halfaway.net isn't working anymore
+	* fixed some bugs while installing when field `email_next` or `hidden` already exist
+	* fixed movies unexpected comment
+	* added template_place_holder('center_top') to kathrine template
 
 [0.1.5 - 13.05.2017]
-	- fixed bug with "Integrity constraint violation: 1048 Column 'ip' cannot be null"
+	* fixed bug with "Integrity constraint violation: 1048 Column 'ip' cannot be null"
 
 [0.1.4 - 13.05.2017]
-	- added outfit shower, in characters, online, and highscores
-	- updated database to version 2
-	- fixed item images (now using item-images.ots.me host by default)
-	- fixed news ticket and posting long newses (https://otland.net/threads/myaac-v0-0-1.251454/page-5#post-2442026)
-	- news body limit increased to 65535 (mysql text field)
-	- removed some unused code from my old server
-	- added spells & monsters to kathrine template
+	* added outfit shower, in characters, online, and highscores
+	* updated database to version 2
+	* fixed item images (now using item-images.ots.me host by default)
+	* fixed news ticket and posting long newses (https://otland.net/threads/myaac-v0-0-1.251454/page-5#post-2442026)
+	* news body limit increased to 65535 (mysql text field)
+	* removed some unused code from my old server
+	* added spells & monsters to kathrine template
 
 [0.1.3 - 11.05.2017]
-	- this is just release to update version number
+	* this is just release to update version number
 
 [0.1.2 - 11.05.2017]
-	- forgot to update CHANGELOG and MYAAC_VERSION
+	* forgot to update CHANGELOG and MYAAC_VERSION
 
 [0.1.1 - 11.05.2017]
-	- fixed updating myaac_config with database_version to 1
-	- fixed database updater
+	* fixed updating myaac_config with database_version to 1
+	* fixed database updater
 
 [0.1.0 - 11.05.2017]
-	- added new feature: change character name for premium points (disabled by default, you can enable it in config under account_change_character_name in config.php)
-	- added automatic database updater (data migrations)
-	- renamed events to hooks
-	- moved hooks to database
-	- now you can use hooks in plugins
-	- set account.type field to 5 on install, if TFS 1.0+
-	- added example plugin
-	- new, latest google analytics code
-	- fixed bug with loading account.name that has numbers in it
-	- fixed many bugs in player editor in admin panel
-	- added error handling to plugin manager and some more verification in
-	- file has been correctly unpacked/uploaded
-	- fixed Statistics page in admin panel when using account.number
-	- fixed bug when creating/recovering account on servers with
-	- account.salt field (TFS 0.3 for example)
-	- fixed forum showing thread with html tags (added from news manager)
-	- new, latest code for youtube videos in movies page
-	- fixed showing vocation images when using $config['online_vocations_images']
-	- many fixes in polls (also importing proper schema)
-	- fixed hovering on buttons in kathrine template (on accountmanagement page)
-	- fixed signatures (many fixes)
-	- added missing gesior signature system
+	* added new feature: change character name for premium points (disabled by default, you can enable it in config under account_change_character_name in config.php)
+	* added automatic database updater (data migrations)
+	* renamed events to hooks
+	* moved hooks to database
+	* now you can use hooks in plugins
+	* set account.type field to 5 on install, if TFS 1.0+
+	* added example plugin
+	* new, latest google analytics code
+	* fixed bug with loading account.name that has numbers in it
+	* fixed many bugs in player editor in admin panel
+	* added error handling to plugin manager and some more verification in
+	* file has been correctly unpacked/uploaded
+	* fixed Statistics page in admin panel when using account.number
+	* fixed bug when creating/recovering account on servers with
+	* account.salt field (TFS 0.3 for example)
+	* fixed forum showing thread with html tags (added from news manager)
+	* new, latest code for youtube videos in movies page
+	* fixed showing vocation images when using $config['online_vocations_images']
+	* many fixes in polls (also importing proper schema)
+	* fixed hovering on buttons in kathrine template (on accountmanagement page)
+	* fixed signatures (many fixes)
+	* added missing gesior signature system
 
 [0.0.6 - 06.05.2017]
-	- fixed bug while installing (https://otland.net/threads/myaac-v0-0-1.251454/page-3#post-2440543)
-	- fixed bug when creating character (not showing errors) (one more time)
-	- fixed support for TFS 0.2 series
-	- added FAQ link
+	* fixed bug while installing (https://otland.net/threads/myaac-v0-0-1.251454/page-3#post-2440543)
+	* fixed bug when creating character (not showing errors) (one more time)
+	* fixed support for TFS 0.2 series
+	* added FAQ link
 	
 [0.0.5 - 05.05.2017]
-	- fixed bug when creating character (not showing errors)
-	- Fixed characters loading with names that has been created with other AAC
-	- fixed links to shop in default template
-	- fixed some weird PHP 7.1 warnings/notices
-	- Fixed config loading with some weird comments
-	- fixed bug with status info utf8 encoding (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440259)
-	- fixed when ip in log_action is NULL (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440357)
-	- fixed bug when guild doesn't exist on characters page (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440320)
-	- disabled friendly_urls by default
-	- fixes when $config['database_*'] is set
-	- added CHANGELOG
+	* fixed bug when creating character (not showing errors)
+	* Fixed characters loading with names that has been created with other AAC
+	* fixed links to shop in default template
+	* fixed some weird PHP 7.1 warnings/notices
+	* Fixed config loading with some weird comments
+	* fixed bug with status info utf8 encoding (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440259)
+	* fixed when ip in log_action is NULL (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440357)
+	* fixed bug when guild doesn't exist on characters page (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440320)
+	* disabled friendly_urls by default
+	* fixes when $config['database_*'] is set
+	* added CHANGELOG
 
 [0.0.3 - 03.05.2017]
-	- Full support for OTHire 0.0.3
-	- added support for otservers that doesn't use account.name field, instead just account number will be used
-	- fixed encryption detection on TFS 0.3
-	- fixed bug when server_config table doesn't exist
-	- (install) moved admin account creation to new step
-	- fixed news comment link
-	- by default, the installer creates now the Admin player, for admin account
-	- fixed installation errors
-	- fixed config.lua loading with some weird comments
+	* Full support for OTHire 0.0.3
+	* added support for otservers that doesn't use account.name field, instead just account number will be used
+	* fixed encryption detection on TFS 0.3
+	* fixed bug when server_config table doesn't exist
+	* (install) moved admin account creation to new step
+	* fixed news comment link
+	* by default, the installer creates now the Admin player, for admin account
+	* fixed installation errors
+	* fixed config.lua loading with some weird comments
 
 [0.0.2 - 02.05.2017]
-	- updated forum links to use friendly_urls
-	- some more info will be shown when cannot connect to database
-	- show more error infos when creating character
-	- fixed forum link on newses
-	- fixed spells loading when there's vocation name instead of id
-	- fixed bug when you have changed template but it doesn't exist anymore
-	- fixed vocations with promotion loading
-	- fixed support for gesior pages and templates
-	- added function OTS_Acount:getGroupId()
+	* updated forum links to use friendly_urls
+	* some more info will be shown when cannot connect to database
+	* show more error infos when creating character
+	* fixed forum link on newses
+	* fixed spells loading when there's vocation name instead of id
+	* fixed bug when you have changed template but it doesn't exist anymore
+	* fixed vocations with promotion loading
+	* fixed support for gesior pages and templates
+	* added function OTS_Acount:getGroupId()
 
 [0.0.1 - 01.05.2017]
 	This is first official release of MyAAC.

README.md

@@ -5,7 +5,7 @@ Official website: https://my-aac.org
 
 ### REQUIREMENTS
 
-	- PHP 5.2.0 or later
+	- PHP 5.3.0 or later
 	- MySQL database
 	- PDO PHP Extension
 	- XML PHP Extension

TODO

@@ -0,0 +1,37 @@
+// MyAAC TODO
+
+0.*
+	* support duplicated vocation names with different ids
+	* plugins: option to define custom requirements check in json file, to check if system meets the requirement
+	* add support for defining max myaac version in plugin.json file
+	* cache Menus in templates
+	* don't show error indicators on first time load - createaccount page
+	* update Twig to the latest version from 1.x branch
+	* semantic versioning support for plugins (github.com/composer/semver)
+	* add some notice to the user that installing step "Import Schema" will take some time
+	* check user IP on installing to prevent install by random user
+
+1.0:
+	* i18n support (issue #1 on github)
+	* New Admin Panel layout and interface
+	* add changelog management interface
+	* remove tibiacom template, and include it as a plugin
+
+2.0
+	* remove compat functions
+	* folder restructure:
+		* var/ (for logs, cache and data), config/, bin, public/ (for index and images and other public content), system/ (for php files and classess)
+	* rename templates to layouts as templates is meant to be used for twig templates
+	* change gifts_system to shop_system configurable
+	* move most used options in system/templates dir to separate directories (more transparent)
+
+At any time between (version not specified):
+	* better news archive with search function (like on tibia.com)
+	* guild wars management (issue #13 on github)
+	* update account.management page to be more realistic (like on tibia.com)
+	* update guilds page to be more realistic (like on tibia.com)
+	* possibility to add extra cache engines with plugins
+	* preferably configurable (enable/disable) forum TinyMCE editor
+	* new cache engine - plain php, is good with pure php 7.0+ and opcache
+	* OTAdmin support in Admin Panel
+	* database towns table support for TFS 1.3

admin/template/style.css

@@ -28,7 +28,7 @@ h1, h2, h3, h4, h5, h6 {color: #313334; font-weight: bold;}
 	margin-left:5px;
 }
 
-.button { background:#eee url(images/button.gif) repeat-x 0 0; border:solid 1px #b1a874; color:#7f7f7f; font-size:11px; padding:2px 6px 2px 6px; cursor:pointer; line-height:14px !important; }
+.button { background:#eee repeat-x 0 0; border:solid 1px #b1a874; color:#7f7f7f; font-size:11px; padding:2px 6px 2px 6px; cursor:pointer; line-height:14px !important; }
 .button:hover { color:#333; border-color:#857b42; }
 
 .field, .button { -moz-border-radius:4px; -webkit-border-radius:4px; }
@@ -126,7 +126,7 @@ a.ico:hover { color:#333;}
 	font-size: 12px;
 }
 #status .success {
-  margin: 0px:
+  margin: 0px;
 }
 #version {
 	position: absolute; top: 10px; right: 10px;

admin/template/template.php

@@ -39,10 +39,12 @@
 						'Dashboard' => 'dashboard',
 						'Mailer' => 'mailer',
 						'Pages' => 'pages',
+						'Menus' => 'menus',
 						'Plugins' => 'plugins',
 						'Statistics' => 'statistics',
 						'Visitors' => 'visitors',
 						'Players' => 'players',
+						'Items' => 'items',
 						'Tools' => array(
 							'phpinfo' => 'phpinfo'
 						),

common.php

@@ -21,14 +21,13 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 session_start();
 
 define('MYAAC', true);
-define('MYAAC_VERSION', '0.6.0');
-define('DATABASE_VERSION', 11);
+define('MYAAC_VERSION', '0.7.5');
+define('DATABASE_VERSION', 20);
 define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));
 define('MYAAC_OS', (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? 'WINDOWS' : (strtoupper(PHP_OS) == 'DARWIN' ? 'MAC' : 'LINUX'));
@@ -46,10 +45,11 @@ define('FLAG_CONTENT_MONSTERS', 256);
 define('FLAG_CONTENT_GALLERY', 512);
 define('FLAG_CONTENT_VIDEOS', 1024);
 define('FLAG_CONTENT_FAQ', 2048);
+define('FLAG_CONTENT_MENUS', 4096);
 
 // news
 define('NEWS', 1);
-define('TICKET', 2);
+define('TICKER', 2);
 define('ARTICLE', 3);
 
 // directories
@@ -60,10 +60,19 @@ define('CACHE', SYSTEM . 'cache/');
 define('LOCALE', SYSTEM . 'locale/');
 define('LIBS', SYSTEM . 'libs/');
 define('LOGS', SYSTEM . 'logs/');
+define('PAGES', SYSTEM . 'pages/');
 define('PLUGINS', BASE . 'plugins/');
 define('TEMPLATES', BASE . 'templates/');
 define('TOOLS', BASE . 'tools/');
 
+// menu categories
+define('MENU_CATEGORY_NEWS', 1);
+define('MENU_CATEGORY_ACCOUNT', 2);
+define('MENU_CATEGORY_COMMUNITY', 3);
+define('MENU_CATEGORY_FORUM', 4);
+define('MENU_CATEGORY_LIBRARY', 5);
+define('MENU_CATEGORY_SHOP', 6);
+
 // otserv versions
 define('OTSERV', 1);
 define('OTSERV_06', 2);
@@ -85,12 +94,15 @@ $basedir = str_replace('/admin', '', $basedir);
 $basedir = str_replace('/install', '', $basedir);
 define('BASE_DIR', $basedir);
 
-if(isset($_SERVER['HTTPS'][0]) && $_SERVER['HTTPS'] == 'on')
-	define('SERVER_URL', 'https://' . $_SERVER['HTTP_HOST']);
-else
-	define('SERVER_URL', 'http://' . $_SERVER['HTTP_HOST']);
-
-define('BASE_URL', SERVER_URL . BASE_DIR . '/');
-define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
-//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
+if(isset($_SERVER['HTTP_HOST'])) {
+	if (isset($_SERVER['HTTPS'][0]) && $_SERVER['HTTPS'] == 'on')
+		define('SERVER_URL', 'https://' . $_SERVER['HTTP_HOST']);
+	else
+		define('SERVER_URL', 'http://' . $_SERVER['HTTP_HOST']);
+	
+	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
+	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
+	
+	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
+}
 ?>

config.php

@@ -13,7 +13,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 
@@ -30,6 +29,7 @@ $config = array(
 	// used for the Downloads page and some templates aswell
 	'client' => 1098, // 954 = client 9.54
 
+	'session_prefix' => 'myaac_', // must be unique for every site on your server
 	'friendly_urls' => false, // mod_rewrite is required for this, it makes links looks more elegant to eye, and also are SEO friendly (example: http://my-aac.org/guilds/Testing instead of http://my-aac.org/?subtopic=guilds&name=Testing). Remember to rename .htaccess.dist to .htaccess
 	'gzip_output' => false, // gzip page content before sending it to the browser, uses less bandwidth but more cpu cycles
 
@@ -73,9 +73,9 @@ $config = array(
 		//'2' => 'Your Second World Name'
 	),
 
-	// items
+	// images
 	'outfit_images_url' => 'http://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
-	'item_images_url' => 'http://item-images.ots.me/960/', // set to images/items if you host your own items in images folder
+	'item_images_url' => 'http://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
 
 	// account
 	'account_management' => true, // disable if you're using other method to manage users (fe. tfs account manager)
@@ -110,7 +110,7 @@ $config = array(
 
 	// reCAPTCHA (prevent spam bots)
 	'recaptcha_enabled' => false, // enable recaptcha verification code
-	'recaptcha_site_key' => '', // get your own public and private keys at https://www.google.com/recaptcha
+	'recaptcha_site_key' => '', // get your own site and secret keys at https://www.google.com/recaptcha
 	'recaptcha_secret_key' => '',
 	'recaptcha_theme' => 'light', // light, dark
 
@@ -186,6 +186,7 @@ $config = array(
 	'highscores_outfit' => true, // show player outfit?
 	'highscores_country_box' => false, // doesnt work yet! (not implemented)
 	'highscores_groups_hidden' => 4, // this group id and higher won't be shown on the highscores
+	'highscores_ids_hidden' => array(0), // this ids of players will be hidden on the highscores (should be ids of samples)
 	'highscores_length' => 100, // how many records per page on highscores
 
 	// characters page
@@ -213,8 +214,8 @@ $config = array(
 	'gifts_system' => false,
 	
 	// support/system
-	'bug_report' => true,
-
+	'bug_report' => true, // this configurable has no effect, its always enabled
+	
 	// forum
 	'forum' => 'site', // link to the server forum, set to "site" if you want to use build in forum system, otherwise leave empty if you aren't going to use any forum
 	'forum_level_required' => 0, // level required to post, 0 to disable
@@ -230,6 +231,7 @@ $config = array(
 	'status_port' => '',
 
 	// other
+	'anonymous_usage_statistics' => true,
 	'email_lai_sec_interval' => 60, // time in seconds between e-mails to one account from lost account interface, block spam
 	'google_analytics_id' => '', // e.g.: UA-XXXXXXX-X
 	'experiencetable_columns' => 5, // how many columns to display in experience table page. * experiencetable_rows, 5 = 500 (will show up to 500 level)

index.php

@@ -21,7 +21,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 
@@ -30,20 +29,7 @@
 // ini_set('display_startup_errors', 1);
 // error_reporting(E_ALL);
 
-if(preg_match("/^(.*)\.(gif|png|jpg|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz)$/i", $_SERVER['REQUEST_URI'])) {
-	header("HTTP/1.0 404 Not Found");
-	exit;
-}
-
 require_once('common.php');
-require_once(BASE . 'config.local.php');
-
-if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed']))
-{
-	header('Location: ' . BASE_URL . 'install/');
-	die('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
-}
-
 require_once(SYSTEM . 'functions.php');
 
 $uri = $_SERVER['REQUEST_URI'];
@@ -54,98 +40,121 @@ if(!empty($tmp))
 else
 	$uri = str_replace_first('/', '', $uri);
 
-$uri = strtolower(str_replace(array('index.php/', '?'), '', $uri));
+$uri = str_replace(array('index.php/', '?'), '', $uri);
+define('URI', $uri);
+
+if(preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
+	$tmp = explode('.', $uri);
+	$_REQUEST['name'] = urldecode($tmp[0]);
+	
+	chdir(TOOLS . 'signature');
+	include(TOOLS . 'signature/index.php');
+	exit();
+}
+else if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
+	header("HTTP/1.0 404 Not Found");
+	exit;
+}
+
+require_once(BASE . 'config.local.php');
+if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed']))
+{
+	header('Location: ' . BASE_URL . 'install/');
+	die('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
+}
 
 $found = false;
 if(empty($uri) || isset($_REQUEST['template'])) {
 	$_REQUEST['p'] = 'news';
 	$found = true;
 }
-else if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $uri . '.php')) {
-	$_REQUEST['p'] = $uri;
-	$found = true;
-}
 else {
-	$rules = array(
-		'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
-		'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
-		'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
-		'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
-		'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changepassword'),
-		'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'registeraccount'),
-		'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'registernew'),
-		'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changeemail'),
-		'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changeinfo'),
-		'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'createcharacter'),
-		'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changename'),
-		'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changesex'),
-		'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'deletecharacter'),
-		'/^account\/character\/comment\/[A-Za-z]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changecomment', 'name' => '$3'),
-		'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'changecomment'),
-		'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
-		'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
-		'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
-		'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
-		'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
-		'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
-		'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
-		'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
-		'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
-		'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
-		'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
-		'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
-		'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
-		'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
-		'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
-		'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
-		'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
-		'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
-		'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
-		'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
-		'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
-		'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
-		'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
-		'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
-		'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1')
-	);
-	
-	if (preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
-		$tmp = explode('.', $uri);
-		$_REQUEST['name'] = urldecode($tmp[0]);
-		
-		chdir(TOOLS . 'signature');
-		include('index.php');
-		exit();
+	$tmp = strtolower($uri);
+	if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $tmp . '.php')) {
+		$_REQUEST['p'] = $uri;
+		$found = true;
 	}
-	
-	foreach($rules as $rule => $redirect) {
-		if (preg_match($rule, $uri)) {
-			$tmp = explode('/', $uri);
-			foreach($redirect as $key => $value) {
-				if(strpos($value, '$') !== false) {
-					$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
+	else {
+		$rules = array(
+			'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
+			'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
+			'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
+			'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
+			'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
+			'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
+			'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
+			'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
+			'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
+			'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
+			'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
+			'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
+			'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
+			'/^account\/character\/comment\/[A-Za-z0-9-_%+\']+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
+			'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
+			'/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
+			'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
+			'/^changelog\/[0-9]+\/?$/' => array('subtopic' => 'changelog', 'page' => '$1'),
+			'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
+			'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
+			'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
+			'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
+			'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
+			'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
+			'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
+			'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
+			'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
+			'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
+			'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
+			'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
+			'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
+			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
+			'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
+			'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
+			'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
+			'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
+			'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
+			'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
+			'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
+			'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
+			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
+		);
+		
+		foreach($rules as $rule => $redirect) {
+			if (preg_match($rule, $uri)) {
+				$tmp = explode('/', $uri);
+				foreach($redirect as $key => $value) {
+					
+					if(strpos($value, '$') !== false) {
+						$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
+					}
+					
+					$_REQUEST[$key] = $value;
+					$_GET[$key] = $value;
 				}
 				
-				$_REQUEST[$key] = $value;
-				$_GET[$key] = $value;
+				$found = true;
+				break;
 			}
-			
-			$found = true;
-			break;
 		}
 	}
-	
-	if(!$found)
-		$_REQUEST['p'] = $uri;
 }
 
 // define page visited, so it can be used within events system
 $page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_REQUEST['p']) ? $_REQUEST['p'] : '');
-if(empty($page) || preg_match('/[^A-z0-9\/_\-]/', $page)) {
-	if(!$found)
-		$page = '404';
-	else
-		$page = 'news';
+if(empty($page) || !preg_match('/^[A-z0-9\_\-]+$/', $page)) {
+	$tmp = URI;
+	if(!empty($tmp)) {
+		$page = $tmp;
+	}
+	else {
+		if(!$found)
+			$page = '404';
+		else
+			$page = 'news';
+	}
 }
 
 $page = strtolower($page);
@@ -154,9 +163,9 @@ define('PAGE', $page);
 $template_place_holders = array();
 
 require_once(SYSTEM . 'init.php');
+require_once(SYSTEM . 'template.php');
 require_once(SYSTEM . 'login.php');
 require_once(SYSTEM . 'status.php');
-require_once(SYSTEM . 'template.php');
 
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
@@ -190,6 +199,41 @@ $hooks = new Hooks();
 $hooks->load();
 $hooks->trigger(HOOK_STARTUP);
 
+// anonymous usage statistics
+// sent only when user agrees
+if(isset($config['anonymous_usage_statistics']) && $config['anonymous_usage_statistics']) {
+	$report_time = 30 * 24 * 60 * 60; // report one time per 30 days
+	$should_report = true;
+	
+	$value = '';
+	if($cache->enabled() && $cache->fetch('last_usage_report', $value)) {
+		$should_report = time() > (int)$value + $report_time;
+	}
+	else {
+		$value = '';
+		if(fetchDatabaseConfig('last_usage_report', $value)) {
+			$should_report = time() > (int)$value + $report_time;
+			if($cache->enabled()) {
+				$cache->set('last_usage_report', $value);
+			}
+		}
+		else {
+			registerDatabaseConfig('last_usage_report', time() - ($report_time - (7 * 24 * 60 * 60))); // first report after a week
+			$should_report = false;
+		}
+	}
+	
+	if($should_report) {
+		require_once(LIBS . 'usage_statistics.php');
+		Usage_Statistics::report();
+		
+		updateDatabaseConfig('last_usage_report', time());
+		if($cache->enabled()) {
+			$cache->set('last_usage_report', time());
+		}
+	}
+}
+
 if($config['views_counter'])
 	require_once(SYSTEM . 'counter.php');
 
@@ -235,6 +279,7 @@ if($config['backward_support']) {
 	$layout_header = template_header();
 	$layout_name = $template_path;
 	$news_content = '';
+	$tickers_content = '';
 	$subtopic = PAGE;
 	$main_content = '';
 	
@@ -275,14 +320,14 @@ if($load_it)
 
 	$ignore = false;
 
-	$logged_access = 0;
+	$logged_access = 1;
 	if($logged && $account_logged && $account_logged->isLoaded()) {
 		$logged_access = $account_logged->getAccess();
 	}
 
 	$query =
 		$db->query(
-			'SELECT `title`, `body`, `php`' .
+			'SELECT `id`, `title`, `body`, `php`, `hidden`' .
 			' FROM `' . TABLE_PREFIX . 'pages`' .
 			' WHERE `name` LIKE ' . $db->quote($page) . ' AND `hidden` != 1 AND `access` <= ' . $db->quote($logged_access));
 	if($query->rowCount() > 0) // found page
@@ -322,11 +367,17 @@ if($load_it)
 		}
 		else
 			$content .= $query['body']; // plain html
+		
+		if(hasFlag(FLAG_CONTENT_PAGES) || superAdmin()) {
+			$content = $twig->render('admin.pages.links.html.twig', array(
+				'page' => array('id' => $query['id'], 'hidden' => $query['hidden'])
+			)) . $content;
+		}
 	}
 	else
 	{
 		$file = SYSTEM . 'pages/' . $page . '.php';
-		if(!@file_exists($file) && !$found)
+		if(!@file_exists($file))
 		{
 			$page = '404';
 			$file = SYSTEM . 'pages/404.php';

install/includes/config.php

@@ -1,12 +1,17 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
+if(!isset($_SESSION['var_server_path'])) {
+	error($locale['step_database_error_config']);
+	$error = true;
+}
+
 	$config['server_path'] = $_SESSION['var_server_path'];
 	// take care of trailing slash at the end
 	if($config['server_path'][strlen($config['server_path']) - 1] != '/')
 		$config['server_path'] .= '/';
 
-	if(!file_exists($config['server_path'] . 'config.lua')) {
+if((!isset($error) || !$error) && !file_exists($config['server_path'] . 'config.lua')) {
 		error($locale['step_database_error_config']);
 		$error = true;
 	}

install/includes/functions.php

@@ -78,4 +78,23 @@ function next_form($previous = true, $next = true)
 	<input type="hidden" name="step" id="step" value="' . $step . '" />' . next_buttons($previous, $next) . '
 </form>';
 }
-?>
+
+function win_is_writable($path) {
+	if($path[strlen( $path ) - 1] == '/') { // if it looks like a directory, check a random file within the directory
+		return win_is_writable( $path . uniqid( mt_rand() ) . '.tmp');
+	} elseif(is_dir( $path )) { // If it's a directory (and not a file) check a random file within the directory
+		return win_is_writable( $path . '/' . uniqid( mt_rand() ) . '.tmp' );
+	}
+
+	// check tmp file for read/write capabilities
+	$should_delete_tmp_file = !file_exists( $path );
+	$f = @fopen( $path, 'a' );
+	if ( $f === false )
+		return false;
+
+	fclose( $f );
+	if($should_delete_tmp_file)
+		unlink($path);
+
+	return true;
+}

install/includes/schema.sql

@@ -84,6 +84,8 @@ CREATE TABLE `myaac_forum_boards`
 	`name` VARCHAR(32) NOT NULL,
 	`description` VARCHAR(255) NOT NULL DEFAULT '',
 	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`guild` INT(11) NOT NULL DEFAULT 0,
+	`access` INT(11) NOT NULL DEFAULT 0,
 	`closed` TINYINT(1) NOT NULL DEFAULT 0,
 	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
@@ -105,7 +107,7 @@ CREATE TABLE `myaac_forum`
 	`author_aid` int(20) NOT NULL default '0',
 	`author_guid` int(20) NOT NULL default '0',
 	`post_text` text NOT NULL,
-	`post_topic` varchar(255) NOT NULL,
+	`post_topic` varchar(255) NOT NULL DEFAULT '',
 	`post_smile` tinyint(1) NOT NULL default '0',
 	`post_date` int(20) NOT NULL default '0',
 	`last_edit_aid` int(20) NOT NULL default '0',
@@ -128,22 +130,112 @@ CREATE TABLE `myaac_hooks`
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
 
+CREATE TABLE `myaac_items`
+(
+	`id` INT(11) NOT NULL,
+	`article` VARCHAR(5) NOT NULL DEFAULT '',
+	`name` VARCHAR(50) NOT NULL DEFAULT '',
+	`plural` VARCHAR(50) NOT NULL DEFAULT '',
+	`attributes` VARCHAR(500) NOT NULL DEFAULT '',
+	PRIMARY KEY (`id`)
+) ENGINE = MyISAM;
+
+CREATE TABLE `myaac_menu`
+(
+	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`template` VARCHAR(255) NOT NULL,
+	`name` VARCHAR(255) NOT NULL,
+	`link` VARCHAR(255) NOT NULL,
+	`category` INT(11) NOT NULL DEFAULT 1,
+	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`enabled` INT(1) NOT NULL DEFAULT 1,
+	PRIMARY KEY (`id`)
+) ENGINE = MyISAM;
+
+/* MENU_CATEGORY_NEWS kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Latest News', 'news', 1, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'News Archive', 'news/archive', 1, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Changelog', 'changelog', 1, 2);
+/* MENU_CATEGORY_ACCOUNT kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Account Management', 'account/manage', 2, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Create Account', 'account/create', 2, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Lost Account?', 'account/lost', 2, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Rules', 'rules', 2, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Downloads', 'downloads', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Report Bug', 'bugtracker', 2, 5);
+/* MENU_CATEGORY_COMMUNITY kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Who is Online?', 'online', 3, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Characters', 'characters', 3, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Guilds', 'guilds', 3, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Highscores', 'highscores', 3, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Last Deaths', 'lastkills', 3, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Houses', 'houses', 3, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Bans', 'bans', 3, 6);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Forum', 'forum', 3, 7);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Team', 'team', 3, 8);
+/* MENU_CATEGORY_LIBRARY kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Monsters', 'creatures', 5, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Spells', 'spells', 5, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Info', 'serverInfo', 5, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Commands', 'commands', 5, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Gallery', 'gallery', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Experience Table', 'experienceTable', 5, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'FAQ', 'faq', 5, 6);
+/* MENU_CATEGORY_SHOP kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Buy Points', 'points', 6, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop Offer', 'gifts', 6, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop History', 'gifts/history', 6, 2);
+/* MENU_CATEGORY_NEWS tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Latest News', 'news', 1, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'News Archive', 'news/archive', 1, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Changelog', 'changelog', 1, 2);
+/* MENU_CATEGORY_ACCOUNT tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Account Management', 'account/manage', 2, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Create Account', 'account/create', 2, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Lost Account?', 'account/lost', 2, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Rules', 'rules', 2, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Downloads', 'downloads', 2, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Report Bug', 'bugtracker', 2, 5);
+/* MENU_CATEGORY_COMMUNITY tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Characters', 'characters', 3, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Who Is Online?', 'online', 3, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Highscores', 'highscores', 3, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Last Kills', 'lastkills', 3, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Houses', 'houses', 3, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Guilds', 'guilds', 3, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Polls', 'polls', 3, 6);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Bans', 'bans', 3, 7);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Support List', 'team', 3, 8);
+/* MENU_CATEGORY_FORUM tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Forum', 'forum', 4, 0);
+/* MENU_CATEGORY_LIBRARY tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Creatures', 'creatures', 5, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Spells', 'spells', 5, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Commands', 'commands', 5, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Exp Stages', 'experienceStages', 5, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Gallery', 'gallery', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Info', 'serverInfo', 5, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Experience Table', 'experienceTable', 5, 6);
+/* MENU_CATEGORY_SHOP tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Buy Points', 'points', 6, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop Offer', 'gifts', 6, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop History', 'gifts/history', 6, 2);
+
 CREATE TABLE `myaac_monsters` (
 	`id` int(11) NOT NULL AUTO_INCREMENT,
-	`hide_creature` tinyint(1) NOT NULL default '0',
+	`hidden` tinyint(1) NOT NULL default 0,
 	`name` varchar(255) NOT NULL,
-	`mana` int(11) NOT NULL,
+	`mana` int(11) NOT NULL DEFAULT 0,
 	`exp` int(11) NOT NULL,
 	`health` int(11) NOT NULL,
-	`speed_lvl` int(11) NOT NULL default '1',
+	`speed_lvl` int(11) NOT NULL default 1,
 	`use_haste` tinyint(1) NOT NULL,
 	`voices` text NOT NULL,
 	`immunities` varchar(255) NOT NULL,
 	`summonable` tinyint(1) NOT NULL,
 	`convinceable` tinyint(1) NOT NULL,
 	`race` varchar(255) NOT NULL,
-	`gfx_name` varchar(255) NOT NULL,
-	`file_path` varchar(255) NOT NULL,
+	`loot` varchar(500) NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
 
@@ -163,13 +255,15 @@ CREATE TABLE `myaac_news`
 	`id` INT(11) NOT NULL AUTO_INCREMENT,
 	`title` VARCHAR(100) NOT NULL,
 	`body` TEXT NOT NULL,
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - news, 2 - ticket, 3 - article',
+	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - news, 2 - ticker, 3 - article',
 	`date` INT(11) NOT NULL DEFAULT 0,
 	`category` TINYINT(1) NOT NULL DEFAULT 0,
 	`player_id` INT(11) NOT NULL DEFAULT 0,
 	`last_modified_by` INT(11) NOT NULL DEFAULT 0,
 	`last_modified_date` INT(11) NOT NULL DEFAULT 0,
-	`comments` VARCHAR(50) NOT NULL,
+	`comments` VARCHAR(50) NOT NULL DEFAULT '',
+	`article_text` VARCHAR(300) NOT NULL DEFAULT '',
+	`article_image` VARCHAR(100) NOT NULL DEFAULT '',
 	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
@@ -235,17 +329,18 @@ CREATE TABLE `myaac_spells`
 	`name` VARCHAR(255) NOT NULL,
 	`words` VARCHAR(255) NOT NULL,
 	`category` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - attack, 2 - healing, 3 - summon, 4 - supply, 5 - support',
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - rune',
+	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune',
 	`level` INT(11) NOT NULL DEFAULT 0,
 	`maglevel` INT(11) NOT NULL DEFAULT 0,
 	`mana` INT(11) NOT NULL DEFAULT 0,
 	`soul` TINYINT(3) NOT NULL DEFAULT 0,
 	`conjure_count` TINYINT(3) NOT NULL DEFAULT 0,
+	`item_id` INT(11) NOT NULL DEFAULT 0,
 	`premium` TINYINT(1) NOT NULL DEFAULT 0,
-	`vocations` VARCHAR(32) NOT NULL,
+	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
 	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
-	UNIQUE (`spell`)
+	UNIQUE (`name`)
 ) ENGINE = MyISAM;
 
 CREATE TABLE `myaac_visitors`
@@ -255,3 +350,12 @@ CREATE TABLE `myaac_visitors`
 	`page` VARCHAR(100) NOT NULL,
 	UNIQUE (`ip`)
 ) ENGINE = MyISAM;
+
+CREATE TABLE `myaac_weapons`
+(
+	`id` INT(11) NOT NULL,
+	`level` INT(11) NOT NULL DEFAULT 0,
+	`maglevel` INT(11) NOT NULL DEFAULT 0,
+	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
+	PRIMARY KEY (`id`)
+) ENGINE = MyISAM;

install/includes/twig_error.html

@@ -0,0 +1,11 @@
+We have detected that you don't have access to write to the system/cache directory. Under linux you can fix it by using this two command, where first one should be enough (for apache):<br/><br/><span class="console">chown -R www-data.www-data /var/www/*</span><br/><span class="console">chmod -R 660 system/cache</span>
+
+<style type="text/css">
+.console {
+	font-family:Courier;
+	color: #CCCCCC;
+	background: #000000;
+	border: 3px double #CCCCCC;
+	padding: 0px;
+}
+</style>

install/index.php

@@ -1,9 +1,6 @@
 <?php
 require('../common.php');
 
-// step
-$step = isset($_POST['step']) ? $_POST['step'] : 'welcome';
-
 // includes
 require(SYSTEM . 'functions.php');
 require(BASE . 'install/includes/functions.php');
@@ -26,33 +23,87 @@ if(isset($_POST['vars']))
 		$_SESSION['var_' . $key] = $value;
 }
 
+// step
+$step = isset($_POST['step']) ? $_POST['step'] : 'welcome';
+
 $steps = array(1 => 'welcome', 2 => 'license', 3 => 'requirements', 4 => 'config', 5 => 'database', 6 => 'admin', 7 => 'finish');
 if(!in_array($step, $steps)) // check if step is valid
 	die('ERROR: Unknown step.');
 
+$errors = array();
 if($step == 'database')
 {
 	foreach($_POST['vars'] as $key => $value)
 	{
-		if(empty($value))
+		if($key != 'usage' && empty($value))
 		{
-			$step = 'config';
-			$errors = '<p class="error">' . $locale['please_fill_all'] . '</p>';
+			$errors[] = $locale['please_fill_all'];
 			break;
 		}
+		else if($key == 'mail_admin' && !Validator::email($value))
+		{
+			$errors[] = $locale['step_config_mail_admin_error'];
+			break;
+		}
+		else if($key == 'mail_address' && !Validator::email($value))
+		{
+			$errors[] = $locale['step_config_mail_address_error'];
+			break;
+		}
+	}
+
+	if(!empty($errors)) {
+		$step = 'config';
+	}
+}
+else if($step == 'finish') {
+	// password
+	$password = $_SESSION['var_password'];
+
+	if(isset($_SESSION['var_account'])) {
+		if(!Validator::accountName($_SESSION['var_account'])) {
+			$errors[] = $locale['step_admin_account_error_format'];
+		}
+		else if(strtoupper($_SESSION['var_account']) == strtoupper($password)) {
+			$errors[] = $locale['step_admin_account_error_same'];
+		}
+	}
+	else if(isset($_SESSION['var_account_id'])) {
+		if(!Validator::accountId($_SESSION['var_account_id'])) {
+			$errors[] = $locale['step_admin_account_id_error_format'];
+		}
+		else if($_SESSION['var_account_id'] == $password) {
+			$errors[] = $locale['step_admin_account_id_error_same'];
+		}
+	}
+
+	if(empty($password)) {
+		$errors[] = $locale['step_admin_password_error_empty'];
+	}
+	else if(!Validator::password($password)) {
+		$errors[] = $locale['step_admin_password_error_format'];
+	}
+
+	if(!empty($errors)) {
+		$step = 'admin';
 	}
 }
 
 $error = false;
 
-// step include
-ob_start();
-require('steps/' . $step . '.php');
-$content = ob_get_contents();
-ob_end_clean();
+clearstatcache();
+if(is_writable(CACHE) && (MYAAC_OS != 'WINDOWS' || win_is_writable(CACHE))) {
+	ob_start();
+
+	$step_id = array_search($step, $steps);
+	require('steps/' . $step_id . '-' . $step . '.php');
+	$content = ob_get_contents();
+	ob_end_clean();
+}
+else {
+	$content = error(file_get_contents(BASE . 'install/includes/twig_error.html'), true);
+}
 
 // render
 require('template/template.php');
-//$_SESSION['laststep'] = $step;
-
-?>
+//$_SESSION['laststep'] = $step;

install/steps/3-requirements.php

@@ -22,7 +22,7 @@ function version_check($name, $ok, $info = '', $warning = false)
 $failed = false;
 
 // start validating
-version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50200), PHP_VERSION);
+version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50300), PHP_VERSION);
 foreach(array('config.local.php', 'images/guilds', 'images/houses', 'images/gallery') as $value)
 {
 	$perms = (int) substr(decoct(fileperms(BASE . $value)), 2);

install/steps/4-config.php

@@ -7,6 +7,7 @@ $clients_list = array(
 	750,
 	760,
 	770,
+	772,
 	780,
 	7920,
 	800,
@@ -79,6 +80,7 @@ echo $twig->render('install.config.html.twig', array(
 	'clients' => $clients,
 	'locale' => $locale,
 	'session' => $_SESSION,
+	'errors' => isset($errors) ? $errors : null,
 	'buttons' => next_buttons()
 ));
 ?>

install/steps/5-database.php

@@ -11,7 +11,8 @@ if(!isset($_SESSION['var_server_path'])) {
 }
 
 if(!$error) {
-	$content = "<?php\n";
+	$content = "<?php";
+	$content .= PHP_EOL;
 	foreach($_SESSION as $key => $value)
 	{
 		if(strpos($key, 'var_') !== false)
@@ -23,7 +24,11 @@ if(!$error) {
 					$value .= "/";
 			}
 
-			if($key != 'var_account' && $key != 'var_account_id' && $key != 'var_password') {
+			if($key == 'var_usage') {
+				$content .= '$config[\'anonymous_usage_statistics\'] = ' . ((int)$value == 1 ? 'true' : 'false') . ';';
+				$content .= PHP_EOL;
+			}
+			else if($key != 'var_account' && $key != 'var_account_id' && $key != 'var_password') {
 				$content .= '$config[\'' . str_replace('var_', '', $key) . '\'] = \'' . $value . '\';';
 				$content .= PHP_EOL;
 			}
@@ -85,7 +90,7 @@ if(!$error) {
 		
 			if(!fieldExist('blocked', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `blocked` TINYINT(1) NOT NULL DEFAULT FALSE COMMENT 'internal usage' AFTER `key`;"))
-					success($locale['step_database_adding_field'] . ' accounts.created...');
+					success($locale['step_database_adding_field'] . ' accounts.blocked...');
 			}
 	
 			if(!fieldExist('created', 'accounts')) {
@@ -235,9 +240,11 @@ if(!$error) {
 			$content .= PHP_EOL;
 			$content .= '$config[\'client_download_linux\'] = \'http://tibia-clients.com/clients/download/\'. $config[\'client\'] . \'/tar/linux\';';
 			$content .= PHP_EOL;
-			$content .= '// place for your configuration directives, so you can later easily update myaac';
+			$content .= '$config[\'session_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
 			$content .= PHP_EOL;
-			$content .= "?>";
+			$content .= '$config[\'cache_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
+			$content .= PHP_EOL;
+			
 			$file = fopen(BASE . 'config.local.php', 'a+');
 			if($file) {
 				if(!$error) {

install/steps/6-admin.php

@@ -8,6 +8,7 @@ if(!$error) {
 	echo $twig->render('install.admin.html.twig', array(
 		'locale' => $locale,
 		'session' => $_SESSION,
+		'errors' => isset($errors) ? $errors : null,
 		'buttons' => next_buttons(true, $error ? false : true)
 	));
 }

install/steps/7-finish.php

@@ -20,27 +20,7 @@ else {
 			$salt = generateRandomString(10, false, true, true);
 			$password = $salt . $password;
 		}
-/*
-		$account_db = new OTS_Account();
-		$account_db->load(1);
-		if($account_db->isLoaded()) {
-			if(USE_ACCOUNT_NAME)
-				$account_db->setName('dummy_account');
 
-			$account_db->setPassword('for sample characters. ' . generateRandomString(10));
-			$account_db->save();
-		}
-		else {
-			$new_account = new OTS_Account();
-			if(USE_ACCOUNT_NAME)
-				$new_account->create('dummy_account', 1);
-			else
-				$new_account->create(null, 1);
-
-			$new_account->setPassword('for sample characters. ' . generateRandomString(10));
-			$new_account->save();
-		}
-*/
 		$account_db = new OTS_Account();
 		if(isset($account))
 			$account_db->find($account);
@@ -55,34 +35,29 @@ else {
 			$player = new OTS_Player();
 			$player->setName('Admin');
 			
-			$player->setGroupId($groups->getHighestId());
+			$player_used = &$player;
 		}
+		else {
+			$player_used = &$player_db;
+		}
+
+		$player_used->setGroupId($groups->getHighestId());
 
 		if($account_db->isLoaded()) {
 			$account_db->setPassword(encrypt($password));
 			$account_db->setEMail($_SESSION['var_mail_admin']);
 			$account_db->save();
 			
-			if($config_salt_enabled)
-				$account_db->setCustomField('salt', $salt);
-			
-			$account_db->setCustomField('web_flags', 3);
-			$account_db->setCustomField('country', 'us');
-			if(fieldExist('group_id', 'accounts'))
-				$account_db->setCustomField('group_id', $groups->getHighestId());
-			if(fieldExist('type', 'accounts'))
-				$account_db->setCustomField('type', 5);
-
-			if(!$player_db->isLoaded())
-				$player->setAccountId($account_db->getId());
-			else
-				$player_db->setAccountId($account_db->getId());
-			
-			$_SESSION['account'] = $account_db->getId();
+			$account_used = &$account_db;
 		}
 		else {
 			$new_account = new OTS_Account();
-			$new_account->create($account);
+			if(USE_ACCOUNT_NAME) {
+				$new_account->create($account);
+			}
+			else {
+				$new_account->create(null, $account_id);
+			}
 			
 			$new_account->setPassword(encrypt($password));
 			$new_account->setEMail($_SESSION['var_mail_admin']);
@@ -90,30 +65,32 @@ else {
 			$new_account->unblock();
 			$new_account->save();
 			
-			if($config_salt_enabled)
-				$new_account->setCustomField('salt', $salt);
-			
 			$new_account->setCustomField('created', time());
-			$new_account->setCustomField('web_flags', 3);
-			$new_account->setCustomField('country', 'us');
-			if(fieldExist('group_id', 'accounts'))
-				$new_account->setCustomField('group_id', $groups->getHighestId());
-			if(fieldExist('type', 'accounts'))
-				$new_account->setCustomField('type', 5);
-
 			$new_account->logAction('Account created.');
 			
-			if(!$player_db->isLoaded())
-				$player->setAccountId($new_account->getId());
-			else
-				$player_db->setAccountId($new_account->getId());
-			
-			$_SESSION['account'] = $new_account->getId();
+			$account_used = &$new_account;
 		}
 
+		if($config_salt_enabled)
+			$account_used->setCustomField('salt', $salt);
+
+		$account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
+		$account_used->setCustomField('country', 'us');
+		if(fieldExist('group_id', 'accounts'))
+			$account_used->setCustomField('group_id', $groups->getHighestId());
+		if(fieldExist('type', 'accounts'))
+			$account_used->setCustomField('type', 5);
+
+		if(!$player_db->isLoaded())
+			$player->setAccountId($account_used->getId());
+		else
+			$player_db->setAccountId($account_used->getId());
+
 		success($locale['step_database_created_account']);
-		$_SESSION['password'] = encrypt($password);
-		$_SESSION['remember_me'] = true;
+
+		setSession('account', $account_used->getId());
+		setSession('password', encrypt($password));
+		setSession('remember_me', true);
 
 		if($player_db->isLoaded()) {
 			$player_db->save();
@@ -129,9 +106,12 @@ else {
 			$player_id = $query['id'];
 		}
 
-		if(query("INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '1', UNIX_TIMESTAMP(), '2', 'Hello!', 'MyAAC is just READY to use!', " . $player_id . ", 'http://my-aac.org', '0');
-INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '2', UNIX_TIMESTAMP(), '4', 'Hello tickets!', 'http://my-aac.org', " . $player_id . ", '', '0');")) {
-			success($locale['step_database_created_news']);
+		$query = $db->query("SELECT `id` FROM `" . TABLE_PREFIX ."news` WHERE `title` LIKE 'Hello!';");
+		if($query->rowCount() == 0) {
+			if(query("INSERT INTO `" . TABLE_PREFIX ."news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '1', UNIX_TIMESTAMP(), '2', 'Hello!', 'MyAAC is just READY to use!', " . $player_id . ", 'http://my-aac.org', '0');
+	INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '2', UNIX_TIMESTAMP(), '4', 'Hello tickets!', 'http://my-aac.org', " . $player_id . ", '', '0');")) {
+				success($locale['step_database_created_news']);
+			}
 		}
 
 		$deleted = 'deleted';
@@ -141,47 +121,90 @@ INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `pl
 		$insert_into_players = "INSERT INTO `players` (`id`, `name`, `group_id`, `account_id`, `level`, `vocation`, `health`, `healthmax`, `experience`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`, `maglevel`, `mana`, `manamax`, `manaspent`, `soul`, `town_id`, `posx`, `posy`, `posz`, `conditions`, `cap`, `sex`, `lastlogin`, `lastip`, `save`, `lastlogout`, `balance`, `$deleted`, `created`, `hidden`, `comment`) VALUES ";
 		$success = true;
 
+		$highscores_ignored_ids = array();
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Rook Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Rook Sample', 4, " . $_SESSION['account'] . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 11, 2200, 1298, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Rook Sample', 1, " . getSession('account') . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 1, 1000, 1000, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
+			else {
+				$highscores_ignored_ids[] = $db->lastInsertId();
+			}
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Sorcerer Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Sorcerer Sample', 4, " . $_SESSION['account'] . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Sorcerer Sample', 1, " . getSession('account') . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
+			else {
+				$highscores_ignored_ids[] = $db->lastInsertId();
+			}
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Druid Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Druid Sample', 4, " . $_SESSION['account'] . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Druid Sample', 1, " . getSession('account') . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
+			else {
+				$highscores_ignored_ids[] = $db->lastInsertId();
+			}
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Paladin Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Paladin Sample', 4, " . $_SESSION['account'] . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Paladin Sample', 1, " . getSession('account') . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
+			else {
+				$highscores_ignored_ids[] = $db->lastInsertId();
+			}
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Knight Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Knight Sample', 4, " . $_SESSION['account'] . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Knight Sample', 1, " . getSession('account') . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
+			else {
+				$highscores_ignored_ids[] = $db->lastInsertId();
+			}
 		}
 
 		if($success) {
 			success($locale['step_database_imported_players']);
 		}
 		
-		require LIBS . 'creatures.php';
-		if(Creatures::loadFromXML())
-			success($locale['step_database_loaded_creatures']);
+		require(LIBS . 'creatures.php');
+		if(Creatures::loadFromXML()) {
+			success($locale['step_database_loaded_monsters']);
+			
+			if(Creatures::getMonstersList()->hasErrors()) {
+				$locale['step_database_error_monsters'] = str_replace('$LOG$', 'system/logs/error.log', $locale['step_database_error_monsters']);
+				warning($locale['step_database_error_monsters']);
+			}
+		}
+		else {
+			error(Creatures::getLastError());
+		}
 		
-		require LIBS . 'spells.php';
-		if(Spells::loadFromXML())
+		require(LIBS . 'spells.php');
+		if(Spells::loadFromXML()) {
 			success($locale['step_database_loaded_spells']);
+		}
+		else {
+			error(Spells::getLastError());
+		}
+
+		$content = PHP_EOL;
+		$content .= '$config[\'highscores_ids_hidden\'] = array(' . implode(', ', $highscores_ignored_ids) . ');';
+		$content .= PHP_EOL;
+
+		$file = fopen(BASE . 'config.local.php', 'a+');
+		if($file) {
+			fwrite($file, $content);
+		}
+		else {
+			$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.local.php</b>', $locale['step_database_error_file']);
+			warning($locale['step_database_error_file'] . '<br/>
+				<textarea cols="70" rows="10">' . $content . '</textarea>');
+		}
 
 		$locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(ADMIN_URL, $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 		$locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(BASE_URL, $locale['step_finish_homepage'], true), $locale['step_finish_desc']);

system/bin/install_plugin.php

@@ -0,0 +1,39 @@
+<?php
+
+if(php_sapi_name() != "cli") {
+	die('This script can be run only in command line mode.');
+}
+
+require_once('../../common.php');
+require_once(SYSTEM . 'functions.php');
+require_once(SYSTEM . 'init.php');
+require_once(SYSTEM . 'hooks.php');
+require_once(LIBS . 'plugins.php');
+
+if($argc != 2) {
+	exit('This command expects one parameter: zip file name (plugin)' . PHP_EOL);
+}
+
+$path_to_file = $argv[1];
+$ext = strtolower(pathinfo($path_to_file, PATHINFO_EXTENSION));
+if($ext != 'zip') {// check if it is zipped/compressed file
+	exit('Please install only .zip files.' . PHP_EOL);
+}
+
+if(!file_exists($path_to_file)) {
+	exit('ERROR: File ' . $path_to_file . ' does not exist' . PHP_EOL);
+}
+
+if(Plugins::install($path_to_file)) {
+	foreach(Plugins::getWarnings() as $warning) {
+		echo 'WARNING: ' . $warning;
+	}
+	
+	$info = Plugins::getPluginInfo();
+	echo (isset($info['name']) ? $info['name'] . ' p' : 'P') . 'lugin has been successfully installed.';
+}
+else
+	echo 'ERROR: ' . Plugins::getError();
+
+echo PHP_EOL;
+?>

system/compat.php

@@ -0,0 +1,63 @@
+<?php
+/**
+ * Deprecated functions (compat)
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+function check_name($name, &$errors = '') {
+	if(Validator::characterName($name))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function check_account_id($id, &$errors = '') {
+	if(Validator::accountId($id))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function check_account_name($name, &$errors = '') {
+	if(Validator::accountName($name))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function check_name_new_char($name, &$errors = '') {
+	if(Validator::newCharacterName($name))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function check_rank_name($name, &$errors = '') {
+	if(Validator::rankName($name))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function check_guild_name($name, &$errors = '') {
+	if(Validator::guildName($name))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function news_place() {
+	return tickers();
+}
+?>

system/compat_pages.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/counter.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/countries.conf.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/database.php

@@ -1,4 +1,12 @@
 <?php
+/**
+ * Database connection
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
 defined('MYAAC') or die('Direct access not allowed!');
 
 	if(!isset($config['database_type'][0]) || !isset($config['database_user'][0]) || !isset($config['database_password'][0]) || !isset($config['database_name'][0]))

system/functions.php

@@ -5,27 +5,29 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
-function success($message, $return = false) {
+
+function message($message, $type, $return)
+{
 	if($return)
-		return '<p class="success">' . $message . '</p>';
+		return '<p class="' . $type . '">' . $message . '</p>';
 	
-	echo '<p class="success">' . $message . '</p>';
+	echo '<p class="' . $type . '">' . $message . '</p>';
+	return true;
+}
+function success($message, $return = false) {
+	return message($message, 'success', $return);
 }
 function warning($message, $return = false) {
-	if($return)
-		return '<p class="warning">' . $message . '</p>';
-	
-	echo '<p class="warning">' . $message . '</p>';
+	return message($message, 'warning', $return);
+}
+function note($message, $return = false) {
+	return message($message, 'note', $return);
 }
 function error($message, $return = false) {
-	if($return)
-		return '<p class="error">' . $message . '</p>';
-	
-	echo '<p class="error">' . $message . '</p>';
+	return message($message, 'error', $return);
 }
 
 function longToIp($ip)
@@ -117,14 +119,32 @@ function getGuildLink($name, $generate = true)
 	return generateLink($url, $name);
 }
 
+function getItemNameById($id) {
+	global $db;
+	$query = $db->query('SELECT `name` FROM `' . TABLE_PREFIX . 'items` WHERE `id` = ' . $db->quote($id) . ' LIMIT 1;');
+	if($query->rowCount() == 1) {
+		$item = $query->fetch();
+		return $item['name'];
+	}
+	
+	return '';
+}
+
 function getItemImage($id, $count = 1)
 {
+	$tooltip = '';
+	
+	$name = getItemNameById($id);
+	if(!empty($name)) {
+		$tooltip = ' class="tooltip" title="' . $name . '"';
+	}
+
 	$file_name = $id;
 	if($count > 1)
 		$file_name .= '-' . $count;
 
 	global $config;
-	return '<img src="' . $config['item_images_url'] . $file_name . '.gif" width="32" height="32" border="0" alt=" ' .$id . '" />';
+	return '<img src="' . $config['item_images_url'] . $file_name . '.gif"' . $tooltip . ' width="32" height="32" border="0" alt=" ' .$id . '" />';
 }
 
 function getFlagImage($country)
@@ -197,7 +217,7 @@ function generateRandomString($length, $lowCase = true, $upCase = false, $numeri
 function getForumBoards()
 {
 	global $db, $canEdit;
-	$sections = $db->query('SELECT `id`, `name`, `description`, `closed`' . ($canEdit ? ', `hidden`, `ordering`' : '') . ' FROM `' . TABLE_PREFIX . 'forum_boards` ' . (!$canEdit ? ' WHERE `hidden` != 1' : '') .
+	$sections = $db->query('SELECT `id`, `name`, `description`, `closed`, `guild`, `access`' . ($canEdit ? ', `hidden`, `ordering`' : '') . ' FROM `' . TABLE_PREFIX . 'forum_boards` ' . (!$canEdit ? ' WHERE `hidden` != 1' : '') .
 		' ORDER BY `ordering`;');
 	if($sections)
 		return $sections->fetchAll();
@@ -393,42 +413,16 @@ function short_text($text, $limit)
 	return $text;
 }
 
-function news_place()
+function tickers()
 {
-	global $template_path, $news_content;
-
-	$news = '';
-	if(PAGE == 'news')
-	{
-		//add tickers to site - without it tickers will not be showed
-		if(isset($news_content))
-			$news .= $news_content;
-
-		//featured article
-/*		$news .= '  <div id="featuredarticle" class="Box">
-			<div class="Corner-tl" style="background-image:url('.$template_path.'/images/content/corner-tl.gif);"></div>
-			<div class="Corner-tr" style="background-image:url('.$template_path.'/images/content/corner-tr.gif);"></div>
-			<div class="Border_1" style="background-image:url('.$template_path.'/images/content/border-1.gif);"></div>
-			<div class="BorderTitleText" style="background-image:url('.$template_path.'/images/content/title-background-green.gif);"></div>
-			<img class="Title" src="'.$template_path.'/images/strings/headline-featuredarticle.gif" alt="Contentbox headline" />
-			<div class="Border_2">
-			  <div class="Border_3">
-				<div class="BoxContent" style="background-image:url('.$template_path.'/images/content/scroll.gif);">
-		<div id=\'TeaserThumbnail\'><img src="'.$template_path.'/images/news/features.jpg" width=150 height=100 border=0 alt="" /></div><div id=\'TeaserText\'><div style="position: relative; top: -2px; margin-bottom: 2px;" >
-		<b>Tutaj wpisz tytul</b></div>
-		tutaj wpisz tresc newsa<br>
-		zdjecie laduje sie w <i>tibiacom/images/news/features.jpg</i><br>
-		skad sie laduje mozesz zmienic linijke ponad komentarzem
-		</div>        </div>
-			  </div>
-			</div>
-			<div class="Border_1" style="background-image:url('.$template_path.'/images/content/border-1.gif);"></div>
-			<div class="CornerWrapper-b"><div class="Corner-bl" style="background-image:url('.$template_path.'/images/content/corner-bl.gif);"></div></div>
-			<div class="CornerWrapper-b"><div class="Corner-br" style="background-image:url('.$template_path.'/images/content/corner-br.gif);"></div></div>
-		  </div>';*/
+	global $tickers_content, $featured_article;
+	
+	if(PAGE == 'news') {
+		if(isset($tickers_content))
+			return $tickers_content . $featured_article;
 	}
 
-	return $news;
+	return '';
 }
 
 /**
@@ -467,8 +461,8 @@ function template_header($is_admin = false)
 	<meta http-equiv="content-type" content="text/html; charset=' . $charset . '" />';
 	if(!$is_admin)
 		$ret .= '
-	<title>' . $title_full . '</title>
-	<base href="' . BASE_URL . '" />';
+	<base href="' . BASE_URL . '" />
+	<title>' . $title_full . '</title>';
 
 	$ret .= '
 	<meta name="description" content="' . $config['meta_description'] . '" />
@@ -676,7 +670,7 @@ function getSkillName($skillId, $suffix = true)
  */
 function hasFlag($flag) {
 	global $logged, $logged_flags;
-	return $logged && ($logged_flags & $flag) == $flag;
+	return ($logged && ($logged_flags & $flag) == $flag);
 }
 /**
  * Check if current logged user have got admin flag set.
@@ -940,9 +934,88 @@ function str_replace_first($search, $replace, $subject) {
 	if ($pos !== false) {
 		return substr_replace($subject, $replace, $pos, strlen($search));
 	}
+	
 	return $subject;
 }
 
+function setSession($key, $data) {
+	global $config;
+	$_SESSION[$config['session_prefix'] . $key] = $data;
+}
+function getSession($key) {
+	global $config;
+	return (isset($_SESSION[$config['session_prefix'] . $key])) ? $_SESSION[$config['session_prefix'] . $key] : false;
+}
+function unsetSession($key) {
+	global $config;
+	unset($_SESSION[$config['session_prefix'] . $key]);
+}
+
+function getTopPlayers($limit = 5) {
+	global $cache, $config, $db;
+	
+	$fetch_from_db = true;
+	if($cache->enabled())
+	{
+		$tmp = '';
+		if($cache->fetch('top_' . $limit . '_level', $tmp))
+		{
+			$players = unserialize($tmp);
+			$fetch_from_db = false;
+		}
+	}
+	
+	if($fetch_from_db)
+	{
+		$deleted = 'deleted';
+		if(fieldExist('deletion', 'players'))
+			$deleted = 'deletion';
+
+		$is_tfs10 = tableExist('players_online');
+		$players = $db->query('SELECT `id`, `name`, `level`, `experience`' . ($is_tfs10 ? '' : ', `online`') . ' FROM `players` WHERE `group_id` < ' . $config['highscores_groups_hidden'] . ' AND `id` NOT IN (' . implode(', ', $config['highscores_ids_hidden']) . ') AND `' . $deleted . '` = 0 AND `account_id` != 1 ORDER BY `experience` DESC LIMIT ' . (int)$limit)->fetchAll();
+
+		if($is_tfs10) {
+			foreach($players as &$player) {
+				$query = $db->query('SELECT `player_id` FROM `players_online` WHERE `player_id` = ' . $player['id']);
+				$player['online'] = ($query->rowCount() > 0 ? 1 : 0);
+			}
+		}
+
+		$i = 0;
+		foreach($players as &$player) {
+			$player['rank'] = ++$i;
+		}
+		
+		if($cache->enabled())
+			$cache->set('top_' . $limit . '_level', serialize($players), 120);
+	}
+	
+	return $players;
+}
+
+function deleteDirectory($dir) {
+	if(!file_exists($dir)) {
+		return true;
+	}
+	
+	if(!is_dir($dir)) {
+		return unlink($dir);
+	}
+	
+	foreach(scandir($dir) as $item) {
+		if($item == '.' || $item == '..') {
+			continue;
+		}
+		
+		if(!deleteDirectory($dir . DIRECTORY_SEPARATOR . $item)) {
+			return false;
+		}
+	}
+	
+	return rmdir($dir);
+}
+
 // validator functions
 require_once(LIBS . 'validator.php');
+require_once(SYSTEM . 'compat.php');
 ?>

system/hooks.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -25,21 +24,6 @@ define('HOOK_CHARACTERS_AFTER_CHARACTERS', 12);
 define('HOOK_FIRST', HOOK_STARTUP);
 define('HOOK_LAST', HOOK_CHARACTERS_AFTER_CHARACTERS);
 
-$hook_types = array(
-	'STARTUP' => HOOK_STARTUP,
-	'BEFORE_PAGE' => HOOK_BEFORE_PAGE,
-	'AFTER_PAGE' => HOOK_AFTER_PAGE,
-	'FINISH' => HOOK_FINISH,
-	'TIBIACOM_ARTICLE' => HOOK_TIBIACOM_ARTICLE,
-	'TIBIACOM_BORDER_3' => HOOK_TIBIACOM_BORDER_3,
-	'CHARACTERS_BEFORE_INFORMATIONS' => HOOK_CHARACTERS_BEFORE_INFORMATIONS,
-	'CHARACTERS_AFTER_INFORMATIONS' => HOOK_CHARACTERS_AFTER_INFORMATIONS,
-	'CHARACTERS_BEFORE_SIGNATURE' => HOOK_CHARACTERS_BEFORE_SIGNATURE,
-	'CHARACTERS_AFTER_SIGNATURE' => HOOK_CHARACTERS_AFTER_SIGNATURE,
-	'CHARACTERS_AFTER_ACCOUNT' => HOOK_CHARACTERS_AFTER_ACCOUNT,
-	'CHARACTERS_AFTER_CHARACTERS' => HOOK_CHARACTERS_AFTER_CHARACTERS
-);
-
 class Hook
 {
 	private $_name, $_type, $_file;

system/init.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -15,7 +14,7 @@ if(file_exists(BASE . 'config.local.php')) // user customizations
 	require(BASE . 'config.local.php');
 
 if(!isset($config['installed']) || !$config['installed']) {
-	die('AAC has not been installed yet or there was error during installation. Please install again.');
+	die('MyAAC has not been installed yet or there was error during installation. Please install again.');
 }
 
 date_default_timezone_set($config['date_timezone']);
@@ -47,11 +46,7 @@ $function = new Twig_SimpleFunction('getStyle', function ($i) {
 $twig->addFunction($function);
 
 $function = new Twig_SimpleFunction('getLink', function ($s) {
-	global $config;
-	if($config['friendly_urls'])
-		return $s;
-	
-	return '?' . $s;
+	return getLink($s);
 });
 $twig->addFunction($function);
 
@@ -61,6 +56,11 @@ $function = new Twig_SimpleFunction('hook', function ($hook) {
 });
 $twig->addFunction($function);
 
+$filter = new Twig_SimpleFilter('urlencode', function ($s) {
+	return urlencode($s);
+});
+$twig->addFilter($filter);
+
 // trim values we receive
 if(isset($_POST))
 {
@@ -147,6 +147,11 @@ else
 $config['data_path'] = $tmp;
 unset($tmp);
 
+// new config values for compability
+if(!isset($config['highscores_ids_hidden']) || count($config['highscores_ids_hidden']) == 0) {
+	$config['highscores_ids_hidden'] = array(0);
+}
+
 // POT
 require_once(SYSTEM . 'libs/pot/OTS.php');
 $ots = POT::getInstance();

system/item.php

@@ -5,21 +5,20 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
-require_once(SYSTEM . 'libs/items.php');
+require_once(SYSTEM . 'libs/items_images.php');
 
-Items::$files = array(
+Items_Images::$files = array(
 	'otb' => SYSTEM . 'data/items.otb',
 	'spr' => SYSTEM . 'data/Tibia.spr',
 	'dat' => SYSTEM . 'data/Tibia.dat'
 );
-Items::$outputDir = BASE . 'images/items/';
+Items_Images::$outputDir = BASE . 'images/items/';
 
 function generateItem($id = 100, $count = 1) {
-	Items::generate($id, $count);
+	Items_Images::generate($id, $count);
 }
 
 function itemImageExists($id, $count = 1)
@@ -31,7 +30,7 @@ function itemImageExists($id, $count = 1)
 	if($count > 1)
 		$file_name .= '-' . $count;
 
-	$file_name = Items::$outputDir . $file_name . '.gif';
+	$file_name = Items_Images::$outputDir . $file_name . '.gif';
 	return file_exists($file_name);
 }
 
@@ -43,7 +42,7 @@ function outputItem($id = 100, $count = 1)
 	if(!itemImageExists($id, $count))
 	{
 		//echo 'plik istnieje';
-		Items::generate($id, $count);
+		Items_Images::generate($id, $count);
 	}
 
 	$expires = 60 * 60 * 24 * 30; // 30 days
@@ -56,7 +55,7 @@ function outputItem($id = 100, $count = 1)
 	if($count > 1)
 		$file_name .= '-' . $count;
 
-	$file_name = Items::$outputDir . $file_name . '.gif';
+	$file_name = Items_Images::$outputDir . $file_name . '.gif';
 	readfile($file_name);
 }
 ?>

system/libs/cache.php

@@ -6,7 +6,6 @@
  * @author    Slawkens <slawkens@gmail.com>
  * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache_apc.php

@@ -6,7 +6,6 @@
  * @author    Slawkens <slawkens@gmail.com>
  * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache_eaccelerator.php

@@ -6,7 +6,6 @@
  * @author    Slawkens <slawkens@gmail.com>
  * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache_file.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache_xcache.php

@@ -6,7 +6,6 @@
  * @author    Slawkens <slawkens@gmail.com>
  * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/creatures.php

@@ -6,12 +6,14 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
 class Creatures {
+	private static $monstersList = null;
+	private static $lastError = '';
+	
 	public static function loadFromXML($show = false) {
 		global $config, $db;
 		
@@ -22,22 +24,35 @@ class Creatures {
 			echo "<h2>All records deleted from table 'myaac_monsters' in database.</h2>";
 		}
 		
-		$allmonsters = new OTS_MonstersList($config['data_path'].'monster/');
+		try {
+			self::$monstersList = new OTS_MonstersList($config['data_path'].'monster/');
+		}
+		catch(Exception $e) {
+			self::$lastError = $e->getMessage();
+			return false;
+		}
+		
+		$items = array();
+		$items_db = $db->query('SELECT `id`, `name` FROM `' . TABLE_PREFIX . 'items`;');
+		foreach($items_db->fetchAll() as $item) {
+			$items[$item['name']] = $item['id'];
+		}
+		
 		//$names_added must be an array
 		$names_added[] = '';
 		//add monsters
-		foreach($allmonsters as $lol) {
-			$monster = $allmonsters->current();
+		foreach(self::$monstersList as $lol) {
+			$monster = self::$monstersList->current();
 			if(!$monster->loaded()) {
 				if($show) {
-					warning('Error while adding monster: ' . $allmonsters->currentFile());
+					warning('Error while adding monster: ' . self::$monstersList->currentFile());
 				}
 				continue;
 			}
+			
 			//load monster mana needed to summon/convince
 			$mana = $monster->getManaCost();
-			//load monster experience
-			$exp = $monster->getExperience();
+
 			//load monster name
 			$name = $monster->getName();
 			//load monster health
@@ -57,51 +72,44 @@ class Creatures {
 					$use_haste = 1;
 				}
 			}
-			//load monster flags
-			$flags = $monster->getFlags();
-			//create string with immunities
-			$immunities = $monster->getImmunities();
-			$imu_nr = 0;
-			$imu_count = count($immunities);
-			$immunities_string = '';
-			foreach($immunities as $immunitie) {
-				$immunities_string .= $immunitie;
-				$imu_nr++;
-				if($imu_count != $imu_nr) {
-					$immunities_string .= ", ";
-				}
-			}
 			
-			//create string with voices
-			$voices = $monster->getVoices();
-			$voice_nr = 0;
-			$voice_count = count($voices);
-			$voices_string = '';
-			foreach($voices as $voice) {
-				$voices_string .= '"'.$voice.'"';
-				$voice_nr++;
-				if($voice_count != $voice_nr) {
-					$voices_string .= ", ";
-				}
-			}
 			//load race
 			$race = $monster->getRace();
-			//create monster gfx name
-			//$gfx_name =  str_replace(" ", "", trim(mb_strtolower($name))).".gif";
-			$gfx_name =  trim(mb_strtolower($name)).".gif";
-			//don't add 2 monsters with same name, like Butterfly
-			
+
+			//load monster flags
+			$flags = $monster->getFlags();
 			if(!isset($flags['summonable']))
 				$flags['summonable'] = '0';
 			if(!isset($flags['convinceable']))
 				$flags['convinceable'] = '0';
 			
+			$loot = $monster->getLoot();
+			foreach($loot as &$item) {
+				if(!Validator::number($item['id'])) {
+					if(isset($items[$item['id']])) {
+						$item['id'] = $items[$item['id']];
+					}
+				}
+			}
 			if(!in_array($name, $names_added)) {
 				try {
-					$db->query("INSERT INTO `myaac_monsters` (`hide_creature`, `name`, `mana`, `exp`, `health`, `speed_lvl`, `use_haste`, `voices`, `immunities`, `summonable`, `convinceable`, `race`, `gfx_name`, `file_path`) VALUES (0, " . $db->quote($name) . ", " . $db->quote(empty($mana) ? 0 : $mana) . ", " . $db->quote($exp) . ", " . $db->quote($health) . ", " . $db->quote($speed_lvl) . ", " . $db->quote($use_haste) . ", " . $db->quote($voices_string) . ", " . $db->quote($immunities_string) . ", " . $db->quote($flags['summonable'] > 0 ? 1 : 0) . ", " . $db->quote($flags['convinceable'] > 0 ? 1 : 0) . ", ".$db->quote($race).", ".$db->quote($gfx_name).", " . $db->quote($allmonsters->currentFile()) . ")");
+					$db->insert(TABLE_PREFIX . 'monsters', array(
+						'name' => $name,
+						'mana' => empty($mana) ? 0 : $mana,
+						'exp' => $monster->getExperience(),
+						'health' => $health,
+						'speed_lvl' => $speed_lvl,
+						'use_haste' => $use_haste,
+						'voices' => json_encode($monster->getVoices()),
+						'immunities' => json_encode($monster->getImmunities()),
+						'summonable' => $flags['summonable'] > 0 ? 1 : 0,
+						'convinceable' => $flags['convinceable'] > 0 ? 1 : 0,
+						'race' => $race,
+						'loot' => json_encode($loot)
+					));
 					
 					if($show) {
-						success("Added: ".$name."<br/>");
+						success('Added: ' . $name . '<br/>');
 					}
 				}
 				catch(PDOException $error) {
@@ -116,4 +124,12 @@ class Creatures {
 		
 		return true;
 	}
+	
+	public static function getMonstersList() {
+		return self::$monstersList;
+	}
+	
+	public static function getLastError() {
+		return self::$lastError;
+	}
 }

system/libs/data.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/forum.php

@@ -0,0 +1,285 @@
+<?php
+/**
+ * Forum class
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+class Forum
+{
+	static public function canPost($account)
+	{
+		global $db, $config;
+		
+		if(!$account->isLoaded() || $account->isBanned())
+			return false;
+		
+		if(self::isModerator())
+			return true;
+		
+		return
+			$db->query(
+				'SELECT `id` FROM `players` WHERE `account_id` = ' . $db->quote($account->getId()) .
+				' AND `level` >= ' . $db->quote($config['forum_level_required']) .
+				' LIMIT 1')->rowCount() > 0;
+	}
+	
+	static public function isModerator() {
+		return hasFlag(FLAG_CONTENT_FORUM) || superAdmin();
+	}
+	
+	static public function add_thread($title, $body, $section_id, $player_id, $account_id, &$errors)
+	{
+		global $db;
+		$thread_id = 0;
+		if($db->insert(TABLE_PREFIX . 'forum', array('first_post' => 0, 'last_post' => time(), 'section' => $section_id, 'replies' => 0, 'views' => 0, 'author_aid' => isset($account_id) ? $account_id : 0, 'author_guid' => isset($player_id) ? $player_id : 0, 'post_text' => $body, 'post_topic' => $title, 'post_smile' => 0, 'post_date' => time(), 'last_edit_aid' => 0, 'edit_date' => 0, 'post_ip' => $_SERVER['REMOTE_ADDR']))) {
+			$thread_id = $db->lastInsertId();
+			$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `first_post`=".(int) $thread_id." WHERE `id` = ".(int) $thread_id);
+		}
+		
+		return $thread_id;
+	}
+	
+	static public function add_post($thread_id, $section, $author_aid, $author_guid, $post_text, $post_topic, $smile)
+	{
+		global $db;
+		$db->insert(TABLE_PREFIX . 'forum', array(
+			'first_post' => $thread_id,
+			'section' => $section,
+			'author_aid' => $author_aid,
+			'author_guid' => $author_guid,
+			'post_text' => $post_text,
+			'post_topic' => $post_topic,
+			'post_smile' => $smile,
+			'post_date' => time(),
+			'post_ip' => $_SERVER['REMOTE_ADDR']
+		));
+	}
+	static public function add_board($name, $description, $access, $guild, &$errors)
+	{
+		global $db;
+		if(isset($name[0]) && isset($description[0]))
+		{
+			$query = $db->select(TABLE_PREFIX . 'forum_boards', array('name' => $name));
+			
+			if($query === false)
+			{
+				$query =
+					$db->query(
+						'SELECT ' . $db->fieldName('ordering') .
+						' FROM ' . $db->tableName(TABLE_PREFIX . 'forum_boards') .
+						' ORDER BY ' . $db->fieldName('ordering') . ' DESC LIMIT 1'
+					);
+				
+				$ordering = 0;
+				if($query->rowCount() > 0) {
+					$query = $query->fetch();
+					$ordering = $query['ordering'] + 1;
+				}
+				$db->insert(TABLE_PREFIX . 'forum_boards', array('name' => $name, 'description' => $description, 'access' => $access, 'guild' => $guild, 'ordering' => $ordering));
+			}
+			else
+				$errors[] = 'Forum board with this name already exists.';
+		}
+		else
+			$errors[] = 'Please fill all inputs.';
+		
+		return !count($errors);
+	}
+	
+	static public function get_board($id) {
+		global $db;
+		return $db->select(TABLE_PREFIX . 'forum_boards', array('id' => $id));
+	}
+	
+	static public function update_board($id, $name, $access, $guild, $description) {
+		global $db;
+		$db->update(TABLE_PREFIX . 'forum_boards', array('name' => $name, 'description' => $description, 'access' => $access, 'guild' => $guild), array('id' => $id));
+	}
+	
+	static public function delete_board($id, &$errors)
+	{
+		global $db;
+		if(isset($id))
+		{
+			if(self::get_board($id) !== false)
+				$db->delete(TABLE_PREFIX . 'forum_boards', array('id' => $id));
+			else
+				$errors[] = 'Forum board with id ' . $id . ' does not exists.';
+		}
+		else
+			$errors[] = 'id not set';
+		
+		return !count($errors);
+	}
+	
+	static public function toggleHidden_board($id, &$errors)
+	{
+		global $db;
+		if(isset($id))
+		{
+			$query = self::get_board($id);
+			if($query !== false)
+				$db->update(TABLE_PREFIX . 'forum_boards', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
+			else
+				$errors[] = 'Forum board with id ' . $id . ' does not exists.';
+		}
+		else
+			$errors[] = 'id not set';
+		
+		return !count($errors);
+	}
+	
+	static public function move_board($id, $i, &$errors)
+	{
+		global $db;
+		$query = self::get_board($id);
+		if($query !== false)
+		{
+			$ordering = $query['ordering'] + $i;
+			$old_record = $db->select(TABLE_PREFIX . 'forum_boards', array('ordering' => $ordering));
+			if($old_record !== false)
+				$db->update(TABLE_PREFIX . 'forum_boards', array('ordering' => $query['ordering']), array('ordering' => $ordering));
+			
+			$db->update(TABLE_PREFIX . 'forum_boards', array('ordering' => $ordering), array('id' => $id));
+		}
+		else
+			$errors[] = 'Forum board with id ' . $id . ' does not exists.';
+		
+		return !count($errors);
+	}
+	
+	public static function parseSmiles($text)
+	{
+		$smileys = array(
+			';D' => 1,
+			':D' => 1,
+			':cool:' => 2,
+			';cool;' => 2,
+			':ekk:' => 3,
+			';ekk;' => 3,
+			';o' => 4,
+			';O' => 4,
+			':o' => 4,
+			':O' => 4,
+			':(' => 5,
+			';(' => 5,
+			':mad:' => 6,
+			';mad;' => 6,
+			';rolleyes;' => 7,
+			':rolleyes:' => 7,
+			':)' => 8,
+			';d' => 9,
+			':d' => 9,
+			';)' => 10
+		);
+		
+		foreach($smileys as $search => $replace)
+			$text = str_replace($search, '<img src="images/forum/smile/'.$replace.'.gif" alt="'. $search .'" title="' . $search . '" />', $text);
+		
+		return $text;
+	}
+	
+	public static function parseBBCode($text, $smiles)
+	{
+		$rows = 0;
+		while(stripos($text, '[code]') !== false && stripos($text, '[/code]') !== false )
+		{
+			$code = substr($text, stripos($text, '[code]')+6, stripos($text, '[/code]') - stripos($text, '[code]') - 6);
+			if(!is_int($rows / 2)) { $bgcolor = 'ABED25'; } else { $bgcolor = '23ED25'; } $rows++;
+			$text = str_ireplace('[code]'.$code.'[/code]', '<i>Code:</i><br /><table cellpadding="0" style="background-color: #'.$bgcolor.'; width: 480px; border-style: dotted; border-color: #CCCCCC; border-width: 2px"><tr><td>'.$code.'</td></tr></table>', $text);
+		}
+		$rows = 0;
+		while(stripos($text, '[quote]') !== false && stripos($text, '[/quote]') !== false )
+		{
+			$quote = substr($text, stripos($text, '[quote]')+7, stripos($text, '[/quote]') - stripos($text, '[quote]') - 7);
+			if(!is_int($rows / 2)) { $bgcolor = 'AAAAAA'; } else { $bgcolor = 'CCCCCC'; } $rows++;
+			$text = str_ireplace('[quote]'.$quote.'[/quote]', '<table cellpadding="0" style="background-color: #'.$bgcolor.'; width: 480px; border-style: dotted; border-color: #007900; border-width: 2px"><tr><td>'.$quote.'</td></tr></table>', $text);
+		}
+		$rows = 0;
+		while(stripos($text, '[url]') !== false && stripos($text, '[/url]') !== false )
+		{
+			$url = substr($text, stripos($text, '[url]')+5, stripos($text, '[/url]') - stripos($text, '[url]') - 5);
+			$text = str_ireplace('[url]'.$url.'[/url]', '<a href="'.$url.'" target="_blank">'.$url.'</a>', $text);
+		}
+		
+		$xhtml = false;
+		$tags = array(
+			'#\[b\](.*?)\[/b\]#si' => ($xhtml ? '<strong>\\1</strong>' : '<b>\\1</b>'),
+			'#\[i\](.*?)\[/i\]#si' => ($xhtml ? '<em>\\1</em>' : '<i>\\1</i>'),
+			'#\[u\](.*?)\[/u\]#si' => ($xhtml ? '<span style="text-decoration: underline;">\\1</span>' : '<u>\\1</u>'),
+			'#\[s\](.*?)\[/s\]#si' => ($xhtml ? '<strike>\\1</strike>' : '<s>\\1</s>'),
+			
+			'#\[guild\](.*?)\[/guild\]#si' => urldecode(generateLink(getGuildLink('$1', false), '$1', true)),
+			'#\[house\](.*?)\[/house\]#si' => urldecode(generateLink(getHouseLink('$1', false), '$1', true)),
+			'#\[player\](.*?)\[/player\]#si' => urldecode(generateLink(getPlayerLink('$1', false), '$1', true)),
+			// TODO: [poll] tag
+			
+			'#\[color=(.*?)\](.*?)\[/color\]#si' => ($xhtml ? '<span style="color: \\1;">\\2</span>' : '<font color="\\1">\\2</font>'),
+			'#\[img\](.*?)\[/img\]#si' => ($xhtml ? '<img src="\\1" border="0" alt="" />' : '<img src="\\1" border="0" alt="">'),
+			'#\[url=(.*?)\](.*?)\[/url\]#si' => '<a href="\\1" title="\\2">\\2</a>',
+//		'#\[email\](.*?)\[/email\]#si' => '<a href="mailto:\\1" title="Email \\1">\\1</a>',
+			'#\[code\](.*?)\[/code\]#si' => '<code>\\1</code>',
+//		'#\[align=(.*?)\](.*?)\[/align\]#si' => ($xhtml ? '<div style="text-align: \\1;">\\2</div>' : '<div align="\\1">\\2</div>'),
+//		'#\[br\]#si' => ($xhtml ? '<br style="clear: both;" />' : '<br>'),
+		);
+		
+		foreach($tags as $search => $replace)
+			$text = preg_replace($search, $replace, $text);
+		
+		return ($smiles == 0 ? Forum::parseSmiles($text) : $text);
+	}
+	
+	public static function showPost($topic, $text, $smiles)
+	{
+		$text = nl2br($text);
+		$post = '';
+		if(!empty($topic))
+			$post .= '<b>'.($smiles == 0 ? self::parseSmiles($topic) : $topic).'</b><hr />';
+		$post .= self::parseBBCode($text, $smiles);
+		return $post;
+	}
+	
+	public static function hasAccess($board_id) {
+		global $sections, $logged, $account_logged, $logged_access;
+		if(!isset($sections[$board_id]))
+			return false;
+		
+		$hasAccess = true;
+		$section = $sections[$board_id];
+		if($section['guild'] > 0) {
+			if($logged) {
+				$guild = new OTS_Guild();
+				$guild->load($section['guild']);
+				$status = false;
+				if($guild->isLoaded()) {
+					$account_players = $account_logged->getPlayers();
+					foreach ($account_players as $player) {
+						if($guild->hasMember($player)) {
+							$status = true;
+						}
+					}
+				}
+				
+				if (!$status) $hasAccess = false;
+			}
+			else {
+				$hasAccess = false;
+			}
+		}
+		
+		if($section['access'] > 0) {
+			if($logged_access < $section['access']) {
+				$hasAccess = false;
+			}
+		}
+		
+		return $hasAccess;
+	}
+}
+?>

system/libs/items.php

@@ -3,264 +3,143 @@
  * Items class
  *
  * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-if ( !function_exists( 'stackId' ) )
-{
-	function stackId( $count )
-	{
-		if ( $count >= 50 )
-			$stack = 8;
-		elseif ( $count >= 25 )
-			$stack = 7;
-		elseif ( $count >= 10 )
-			$stack = 6;
-		elseif ( $count >= 5 )
-			$stack = 5;
-		elseif ( $count >= 4 )
-			$stack = 4;
-		elseif ( $count >= 3 )
-			$stack = 3;
-		elseif ( $count >= 2 )
-			$stack = 2;
-		else
-			$stack = 1;
-
-		return $stack;
-	}
-}
-
 class Items
 {
-	public static $outputDir = '';
-	public static $files = array();
+	private static $error = '';
 
-	private static $otb, $dat, $spr;
-	private static $lastItem;
-	private static $loaded = false;
-
-	public function __destruct()
+	public static function loadFromXML($show = false)
 	{
-		if(self::$otb)
-			fclose(self::$otb);
-		if(self::$dat)
-			fclose(self::$dat);
-		if(self::$spr)
-			fclose(self::$spr);
+		global $config, $db;
+		
+		try {
+			$db->query("DELETE FROM `myaac_items`;");
+		} catch (PDOException $error) {
+		}
+		
+		$file_path = $config['data_path'] . 'items/items.xml';
+		if (!file_exists($file_path)) {
+			self::$error = 'Cannot load file ' . $file_path;
+			return false;
+		}
+		
+		$xml = new DOMDocument;
+		$xml->load($file_path);
+		
+		foreach ($xml->getElementsByTagName('item') as $item) {
+			if ($item->getAttribute('fromid')) {
+				for ($id = $item->getAttribute('fromid'); $id <= $item->getAttribute('toid'); $id++) {
+					self::parseNode($id, $item, $show);
+				}
+			} else
+				self::parseNode($item->getAttribute('id'), $item, $show);
+			
+		}
+		
+		return true;
 	}
-
-	public static function generate($id = 100, $count = 1)
-	{
-		if(!self::$loaded)
-			self::load();
-
-		$originalId = $id;
-		if($id < 100)
-			return false;
-			//die('ID cannot be lower than 100.');
-
-		rewind(self::$otb);
-		rewind(self::$dat);
-		rewind(self::$spr);
-
-		$nostand = false;
-		$init = false;
-		$originalId = $id;
-
-		// parse info from otb
-		while( false !== ( $char = fgetc( self::$otb ) ) )
-		{
-			$byte = HEX_PREFIX.bin2hex( $char );
-
-			if ( $byte == 0xFE )
-				$init = true;
-			elseif ( $byte == 0x10 and $init ) {
-				extract( unpack( 'x2/Ssid', fread( self::$otb, 4 ) ) );
-
-				if ( $id == $sid ) {
-					if ( HEX_PREFIX.bin2hex( fread( self::$otb, 1 ) ) == 0x11 ) {
-						extract( unpack( 'x2/Sid', fread( self::$otb, 4 ) ) );
-						break;
-					}
-				}
-				$init = false;
-			}
+	
+	public static function parseNode($id, $node, $show = false) {
+		global $db;
+		
+		$name = $node->getAttribute('name');
+		$article = $node->getAttribute('article');
+		$plural = $node->getAttribute('plural');
+		
+		$attributes = array();
+		foreach($node->getElementsByTagName('attribute') as $attr) {
+			$attributes[strtolower($attr->getAttribute('key'))] = $attr->getAttribute('value');
 		}
-
-		self::$lastItem = array_sum( unpack( 'x4/S*', fread( self::$dat, 12 )));
-		if($id > self::$lastItem)
-			return false;
-
-		//ini_set('max_execution_time', 300); 
-		// parse info from dat
-		for( $i = 100; $i <= $id; $i++ ) {
-			while( ( $byte = HEX_PREFIX.bin2hex( fgetc( self::$dat ) ) ) != 0xFF ) {
-				$offset = 0;
-				switch( $byte ) {
-					case 0x00:
-					case 0x09:
-					case 0x0A:
-					case 0x1A:
-					case 0x1D:
-					case 0x1E:
-						$offset = 2;
-						break;
-
-					case 0x16:
-					case 0x19:
-						$offset = 4;
-						break;
-
-					case 0x01:
-					case 0x02:
-					case 0x03:
-					case 0x04:
-					case 0x05:
-					case 0x06:
-					case 0x07:
-					case 0x08:
-					case 0x0B:
-					case 0x0C:
-					case 0x0D:
-					case 0x0E:
-					case 0x0F:
-					case 0x10:
-					case 0x11:
-					case 0x12:
-					case 0x13:
-					case 0x14:
-					case 0x15:
-					case 0x17:
-					case 0x18:
-					case 0x1B:
-					case 0x1C:
-					case 0x1F:
-					case 0x20:
-						break;
-
-					default:
-						return false; #trigger_error( sprintf( 'Unknown .DAT byte %s (previous byte: %s; address %x)', $byte, $prev, ftell( $dat ), E_USER_ERROR ) );
-						break;
-				}
-
-				$prev = $byte;
-				fseek( self::$dat, $offset, SEEK_CUR );
+		
+		$exist = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'items` WHERE `id` = ' . $id);
+		if($exist->rowCount() > 0) {
+			if($show) {
+				warning('Duplicated item with id: ' . $id);
 			}
-			extract( unpack( 'Cwidth/Cheight', fread( self::$dat, 2 ) ) );
-
-			if ( $width > 1 or $height > 1 ) {
-				fseek( self::$dat, 1, SEEK_CUR );
-				$nostand = true;
-			}
-
-			$sprites_c = array_product( unpack( 'C*', fread( self::$dat, 5 ) ) ) * $width * $height;
-			$sprites = unpack( 'S*', fread( self::$dat, 2 * $sprites_c ) );
-		}
-
-		if ( array_key_exists( stackId( $count ), $sprites ) ) {
-			$sprites = (array) $sprites[stackId( $count )];
 		}
 		else {
-			$sprites = (array) $sprites[array_rand( $sprites ) ];
+			$db->insert(TABLE_PREFIX . 'items', array('id' => $id, 'article' => $article, 'name' => $name, 'plural' => $plural, 'attributes' => json_encode($attributes)));
 		}
-
-		fseek( self::$spr, 6 );
-
-		$sprite = imagecreatetruecolor( 32 * $width, 32 * $height );
-		imagecolortransparent( $sprite, imagecolorallocate( $sprite, 0, 0, 0 ) );
-
-		foreach( $sprites as $key => $value ) {
-			fseek( self::$spr, 6 + ( $value - 1 ) * 4 );
-			extract( unpack( 'Laddress', fread( self::$spr, 4 ) ) );
-
-			fseek( self::$spr, $address + 3 );
-			extract( unpack( 'Ssize', fread( self::$spr, 2 ) ) );
-
-			list( $num, $bit ) = array( 0, 0 );
-
-			while( $bit < $size ) {
-				$pixels = unpack( 'Strans/Scolored', fread( self::$spr, 4 ) );
-				$num += $pixels['trans'];
-				for( $i = 0; $i < $pixels['colored']; $i++ )
-				{
-					extract( unpack( 'Cred/Cgreen/Cblue', fread( self::$spr, 3 ) ) );
-
-					$red = ( $red == 0 ? ( $green == 0 ? ( $blue == 0 ? 1 : $red ) : $red ) : $red );
-
-					imagesetpixel( $sprite,
-						$num % 32 + ( $key % 2 == 1 ? 32 : 0 ),
-						$num / 32 + ( $key % 4 != 1 and $key % 4 != 0 ? 32 : 0 ),
-						imagecolorallocate( $sprite, $red, $green, $blue ) );
-
-					$num++;
-				}
-
-				$bit += 4 + 3 * $pixels['colored'];
-			}
-		}
-
-		if ( $count >= 2 ) {
-			if ( $count > 100 )
-				$count = 100;
-
-			$font = 3;
-			$length = imagefontwidth( $font ) * strlen( $count );
-
-			$pos = array(
-				'x' => ( 32 * $width ) - ( $length + 1 ),
-				'y' => ( 32 * $height ) - 13
-			);
-			imagestring( $sprite, $font, $pos['x'] - 1, $pos['y'] - 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-			imagestring( $sprite, $font, $pos['x'], $pos['y'] - 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-			imagestring( $sprite, $font, $pos['x'] - 1, $pos['y'], $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-
-			imagestring( $sprite, $font, $pos['x'], $pos['y'] + 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-			imagestring( $sprite, $font, $pos['x'] + 1, $pos['y'], $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-			imagestring( $sprite, $font, $pos['x'] + 1, $pos['y'] + 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-
-			imagestring( $sprite, $font, $pos['x'], $pos['y'], $count, imagecolorallocate( $sprite, 219, 219, 219 ) );
-		}
-
-		$imagePath = self::$outputDir . ($count > 1 ? $originalId . '-' . $count : $originalId ) . '.gif';
-
-		// save image
-		imagegif($sprite, $imagePath);
 	}
-
-	public static function load()
-	{
-		if(!defined( 'HEX_PREFIX'))
-			define('HEX_PREFIX', '0x');
-
-		self::$otb = fopen(self::$files['otb'], 'rb');
-		self::$dat = fopen(self::$files['dat'], 'rb');
-		self::$spr = fopen(self::$files['spr'], 'rb');
-
-		if(!self::$otb || !self::$dat || !self::$spr)
-			die('ERROR: Cannot load data files.');
-		/*
-		if ( $nostand )
-		{
-			for( $i = 0; $i < sizeof( $sprites ) / 4; $i++ )
-			{
-				$sprites = array_merge( (array) $sprites, array_reverse( array_slice( $sprites, $i * 4, 4 ) ) );
+	
+	public static function getError() {
+		return self::$error;
+	}
+	
+	public static function getItem($id) {
+		global $db;
+		
+		$item = $db->select(TABLE_PREFIX . 'items', array('id' => $id));
+		$item['attributes'] = json_decode($item['attributes']);
+		
+		return $item;
+	}
+	
+	public static function getDescription($id, $count = 1) {
+		global $config, $db;
+		
+		$item = self::getItem($id);
+		
+		$attr = $item['attributes'];
+		$s = '';
+		if(!empty($item['name'])) {
+			if($count > 1) {
+				if($attr['showcount']) {
+					$s .= $count . ' ';
+				}
+				
+				if(!empty($item['plural'])) {
+					$s .= $item['plural'];
+				}
+				else if((int)$attr['showcount'] == 0) {
+					$s .= $item['name'];
+				}
+				else {
+					$s .= $item['name'] . 's';
+				}
+			}
+			else {
+				if(!empty($item['aticle'])) {
+					$s .= $item['article'] . ' ';
+				}
+				
+				$s .= $item['name'];
 			}
 		}
 		else
-		{
-			$sprites = (array) $sprites[array_rand( $sprites ) ];
+			$s .= 'an item of type ' . $item['id'];
+		
+		if(strtolower($attr['type']) == 'rune') {
+			$query = $db->query('SELECT `level`, `maglevel`, `vocations` FROM `' . TABLE_PREFIX . 'spells` WHERE `item_id` = ' . $id);
+			if($query->rowCount() == 1) {
+				$query = $query->fetch();
+				
+				if($query['level'] > 0 && $query['maglevel'] > 0) {
+					$s .= '. ' . ($count > 1 ? "They" : "It") . ' can only be used by ';
+				}
+				
+				if(!empty(trim($query['vocations']))) {
+					$vocations = json_decode($query['vocations']);
+					if(count($vocations) > 0) {
+						foreach($vocations as $voc => $show) {
+							$vocations[$config['vocations'][$voc]] = $show;
+						}
+					}
+				}
+				else {
+					$s .= 'players';
+				}
+			
+				$s .= ' with';
+				
+			}
 		}
-		*/
-
-		self::$loaded = true;
+		return $s;
 	}
-
-	public static function loaded() {
-		return self::$loaded;
-	}
-}
+}

system/libs/items_images.php

@@ -0,0 +1,265 @@
+<?php
+/**
+ * Items_Images class
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+if ( !function_exists( 'stackId' ) )
+{
+	function stackId( $count )
+	{
+		if ( $count >= 50 )
+			$stack = 8;
+		elseif ( $count >= 25 )
+			$stack = 7;
+		elseif ( $count >= 10 )
+			$stack = 6;
+		elseif ( $count >= 5 )
+			$stack = 5;
+		elseif ( $count >= 4 )
+			$stack = 4;
+		elseif ( $count >= 3 )
+			$stack = 3;
+		elseif ( $count >= 2 )
+			$stack = 2;
+		else
+			$stack = 1;
+
+		return $stack;
+	}
+}
+
+class Items_Images
+{
+	public static $outputDir = '';
+	public static $files = array();
+
+	private static $otb, $dat, $spr;
+	private static $lastItem;
+	private static $loaded = false;
+
+	public function __destruct()
+	{
+		if(self::$otb)
+			fclose(self::$otb);
+		if(self::$dat)
+			fclose(self::$dat);
+		if(self::$spr)
+			fclose(self::$spr);
+	}
+
+	public static function generate($id = 100, $count = 1)
+	{
+		if(!self::$loaded)
+			self::load();
+
+		$originalId = $id;
+		if($id < 100)
+			return false;
+			//die('ID cannot be lower than 100.');
+
+		rewind(self::$otb);
+		rewind(self::$dat);
+		rewind(self::$spr);
+
+		$nostand = false;
+		$init = false;
+		$originalId = $id;
+
+		// parse info from otb
+		while( false !== ( $char = fgetc( self::$otb ) ) )
+		{
+			$byte = HEX_PREFIX.bin2hex( $char );
+
+			if ( $byte == 0xFE )
+				$init = true;
+			elseif ( $byte == 0x10 and $init ) {
+				extract( unpack( 'x2/Ssid', fread( self::$otb, 4 ) ) );
+
+				if ( $id == $sid ) {
+					if ( HEX_PREFIX.bin2hex( fread( self::$otb, 1 ) ) == 0x11 ) {
+						extract( unpack( 'x2/Sid', fread( self::$otb, 4 ) ) );
+						break;
+					}
+				}
+				$init = false;
+			}
+		}
+
+		self::$lastItem = array_sum( unpack( 'x4/S*', fread( self::$dat, 12 )));
+		if($id > self::$lastItem)
+			return false;
+
+		//ini_set('max_execution_time', 300); 
+		// parse info from dat
+		for( $i = 100; $i <= $id; $i++ ) {
+			while( ( $byte = HEX_PREFIX.bin2hex( fgetc( self::$dat ) ) ) != 0xFF ) {
+				$offset = 0;
+				switch( $byte ) {
+					case 0x00:
+					case 0x09:
+					case 0x0A:
+					case 0x1A:
+					case 0x1D:
+					case 0x1E:
+						$offset = 2;
+						break;
+
+					case 0x16:
+					case 0x19:
+						$offset = 4;
+						break;
+
+					case 0x01:
+					case 0x02:
+					case 0x03:
+					case 0x04:
+					case 0x05:
+					case 0x06:
+					case 0x07:
+					case 0x08:
+					case 0x0B:
+					case 0x0C:
+					case 0x0D:
+					case 0x0E:
+					case 0x0F:
+					case 0x10:
+					case 0x11:
+					case 0x12:
+					case 0x13:
+					case 0x14:
+					case 0x15:
+					case 0x17:
+					case 0x18:
+					case 0x1B:
+					case 0x1C:
+					case 0x1F:
+					case 0x20:
+						break;
+
+					default:
+						return false; #trigger_error( sprintf( 'Unknown .DAT byte %s (previous byte: %s; address %x)', $byte, $prev, ftell( $dat ), E_USER_ERROR ) );
+						break;
+				}
+
+				$prev = $byte;
+				fseek( self::$dat, $offset, SEEK_CUR );
+			}
+			extract( unpack( 'Cwidth/Cheight', fread( self::$dat, 2 ) ) );
+
+			if ( $width > 1 or $height > 1 ) {
+				fseek( self::$dat, 1, SEEK_CUR );
+				$nostand = true;
+			}
+
+			$sprites_c = array_product( unpack( 'C*', fread( self::$dat, 5 ) ) ) * $width * $height;
+			$sprites = unpack( 'S*', fread( self::$dat, 2 * $sprites_c ) );
+		}
+
+		if ( array_key_exists( stackId( $count ), $sprites ) ) {
+			$sprites = (array) $sprites[stackId( $count )];
+		}
+		else {
+			$sprites = (array) $sprites[array_rand( $sprites ) ];
+		}
+
+		fseek( self::$spr, 6 );
+
+		$sprite = imagecreatetruecolor( 32 * $width, 32 * $height );
+		imagecolortransparent( $sprite, imagecolorallocate( $sprite, 0, 0, 0 ) );
+
+		foreach( $sprites as $key => $value ) {
+			fseek( self::$spr, 6 + ( $value - 1 ) * 4 );
+			extract( unpack( 'Laddress', fread( self::$spr, 4 ) ) );
+
+			fseek( self::$spr, $address + 3 );
+			extract( unpack( 'Ssize', fread( self::$spr, 2 ) ) );
+
+			list( $num, $bit ) = array( 0, 0 );
+
+			while( $bit < $size ) {
+				$pixels = unpack( 'Strans/Scolored', fread( self::$spr, 4 ) );
+				$num += $pixels['trans'];
+				for( $i = 0; $i < $pixels['colored']; $i++ )
+				{
+					extract( unpack( 'Cred/Cgreen/Cblue', fread( self::$spr, 3 ) ) );
+
+					$red = ( $red == 0 ? ( $green == 0 ? ( $blue == 0 ? 1 : $red ) : $red ) : $red );
+
+					imagesetpixel( $sprite,
+						$num % 32 + ( $key % 2 == 1 ? 32 : 0 ),
+						$num / 32 + ( $key % 4 != 1 and $key % 4 != 0 ? 32 : 0 ),
+						imagecolorallocate( $sprite, $red, $green, $blue ) );
+
+					$num++;
+				}
+
+				$bit += 4 + 3 * $pixels['colored'];
+			}
+		}
+
+		if ( $count >= 2 ) {
+			if ( $count > 100 )
+				$count = 100;
+
+			$font = 3;
+			$length = imagefontwidth( $font ) * strlen( $count );
+
+			$pos = array(
+				'x' => ( 32 * $width ) - ( $length + 1 ),
+				'y' => ( 32 * $height ) - 13
+			);
+			imagestring( $sprite, $font, $pos['x'] - 1, $pos['y'] - 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
+			imagestring( $sprite, $font, $pos['x'], $pos['y'] - 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
+			imagestring( $sprite, $font, $pos['x'] - 1, $pos['y'], $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
+
+			imagestring( $sprite, $font, $pos['x'], $pos['y'] + 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
+			imagestring( $sprite, $font, $pos['x'] + 1, $pos['y'], $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
+			imagestring( $sprite, $font, $pos['x'] + 1, $pos['y'] + 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
+
+			imagestring( $sprite, $font, $pos['x'], $pos['y'], $count, imagecolorallocate( $sprite, 219, 219, 219 ) );
+		}
+
+		$imagePath = self::$outputDir . ($count > 1 ? $originalId . '-' . $count : $originalId ) . '.gif';
+
+		// save image
+		imagegif($sprite, $imagePath);
+	}
+
+	public static function load()
+	{
+		if(!defined( 'HEX_PREFIX'))
+			define('HEX_PREFIX', '0x');
+
+		self::$otb = fopen(self::$files['otb'], 'rb');
+		self::$dat = fopen(self::$files['dat'], 'rb');
+		self::$spr = fopen(self::$files['spr'], 'rb');
+
+		if(!self::$otb || !self::$dat || !self::$spr)
+			die('ERROR: Cannot load data files.');
+		/*
+		if ( $nostand )
+		{
+			for( $i = 0; $i < sizeof( $sprites ) / 4; $i++ )
+			{
+				$sprites = array_merge( (array) $sprites, array_reverse( array_slice( $sprites, $i * 4, 4 ) ) );
+			}
+		}
+		else
+		{
+			$sprites = (array) $sprites[array_rand( $sprites ) ];
+		}
+		*/
+
+		self::$loaded = true;
+	}
+
+	public static function loaded() {
+		return self::$loaded;
+	}
+}

system/libs/phpmailer/class.phpmailer.php

@@ -31,7 +31,7 @@ class PHPMailer
      * The PHPMailer Version number.
      * @var string
      */
-    public $Version = '5.2.23';
+    public $Version = '5.2.26';
 
     /**
      * Email priority.
@@ -440,9 +440,9 @@ class PHPMailer
      *
      * Parameters:
      *   boolean $result        result of the send action
-     *   string  $to            email address of the recipient
-     *   string  $cc            cc email addresses
-     *   string  $bcc           bcc email addresses
+     *   array   $to            email addresses of the recipients
+     *   array   $cc            cc email addresses
+     *   array   $bcc           bcc email addresses
      *   string  $subject       the subject
      *   string  $body          the email body
      *   string  $from          email address of sender
@@ -659,6 +659,8 @@ class PHPMailer
         if ($exceptions !== null) {
             $this->exceptions = (boolean)$exceptions;
         }
+        //Pick an appropriate debug output format automatically
+        $this->Debugoutput = (strpos(PHP_SAPI, 'cli') !== false ? 'echo' : 'html');
     }
 
     /**
@@ -1622,8 +1624,13 @@ class PHPMailer
 
         foreach ($hosts as $hostentry) {
             $hostinfo = array();
-            if (!preg_match('/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*):?([0-9]*)$/', trim($hostentry), $hostinfo)) {
+            if (!preg_match(
+                '/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*|\[[a-fA-F0-9:]+\]):?([0-9]*)$/',
+                trim($hostentry),
+                $hostinfo
+            )) {
                 // Not a valid host entry
+                $this->edebug('Ignoring invalid host: ' . $hostentry);
                 continue;
             }
             // $hostinfo[2]: optional ssl or tls prefix
@@ -1742,6 +1749,7 @@ class PHPMailer
             'dk' => 'da',
             'no' => 'nb',
             'se' => 'sv',
+            'sr' => 'rs'
         );
 
         if (isset($renamed_langcodes[$langcode])) {
@@ -2024,10 +2032,7 @@ class PHPMailer
     {
         $result = '';
 
-        if ($this->MessageDate == '') {
-            $this->MessageDate = self::rfcDate();
-        }
-        $result .= $this->headerLine('Date', $this->MessageDate);
+        $result .= $this->headerLine('Date', $this->MessageDate == '' ? self::rfcDate() : $this->MessageDate);
 
         // To be created automatically by mail()
         if ($this->SingleTo) {
@@ -4033,7 +4038,7 @@ class phpmailerException extends Exception
      */
     public function errorMessage()
     {
-        $errorMsg = '<strong>' . $this->getMessage() . "</strong><br />\n";
+        $errorMsg = '<strong>' . htmlspecialchars($this->getMessage()) . "</strong><br />\n";
         return $errorMsg;
     }
 }

system/libs/phpmailer/class.pop3.php

@@ -34,7 +34,7 @@ class POP3
      * @var string
      * @access public
      */
-    public $Version = '5.2.23';
+    public $Version = '5.2.26';
 
     /**
      * Default POP3 port number.

system/libs/phpmailer/class.smtp.php

@@ -30,7 +30,7 @@ class SMTP
      * The PHPMailer SMTP version number.
      * @var string
      */
-    const VERSION = '5.2.23';
+    const VERSION = '5.2.26';
 
     /**
      * SMTP line break constant.
@@ -81,7 +81,7 @@ class SMTP
      * @deprecated Use the `VERSION` constant instead
      * @see SMTP::VERSION
      */
-    public $Version = '5.2.23';
+    public $Version = '5.2.26';
 
     /**
      * SMTP server port number.
@@ -151,9 +151,8 @@ class SMTP
     public $Timelimit = 300;
 
     /**
-     * @var array patterns to extract smtp transaction id from smtp reply
-     * Only first capture group will be use, use non-capturing group to deal with it
-     * Extend this class to override this property to fulfil your needs.
+     * @var array Patterns to extract an SMTP transaction id from reply to a DATA command.
+     * The first capture group in each regex will be used as the ID.
      */
     protected $smtp_transaction_id_patterns = array(
         'exim' => '/[0-9]{3} OK id=(.*)/',
@@ -161,6 +160,12 @@ class SMTP
         'postfix' => '/[0-9]{3} 2.0.0 Ok: queued as (.*)/'
     );
 
+    /**
+     * @var string The last transaction ID issued in response to a DATA command,
+     * if one was detected
+     */
+    protected $last_smtp_transaction_id;
+
     /**
      * The socket for the server connection.
      * @var resource
@@ -227,7 +232,7 @@ class SMTP
                 break;
             case 'html':
                 //Cleans up output a bit for a better looking, HTML-safe output
-                echo htmlentities(
+                echo gmdate('Y-m-d H:i:s') . ' ' . htmlentities(
                     preg_replace('/[\r\n]+/', '', $str),
                     ENT_QUOTES,
                     'UTF-8'
@@ -709,6 +714,7 @@ class SMTP
         $savetimelimit = $this->Timelimit;
         $this->Timelimit = $this->Timelimit * 2;
         $result = $this->sendCommand('DATA END', '.', 250);
+        $this->recordLastTransactionID();
         //Restore timelimit
         $this->Timelimit = $savetimelimit;
         return $result;
@@ -989,7 +995,10 @@ class SMTP
     public function client_send($data)
     {
         $this->edebug("CLIENT -> SERVER: $data", self::DEBUG_CLIENT);
-        return fwrite($this->smtp_conn, $data);
+        set_error_handler(array($this, 'errorHandler'));
+        $result = fwrite($this->smtp_conn, $data);
+        restore_error_handler();
+        return $result;
     }
 
     /**
@@ -1089,8 +1098,10 @@ class SMTP
             $this->edebug("SMTP -> get_lines(): \$data is \"$data\"", self::DEBUG_LOWLEVEL);
             $this->edebug("SMTP -> get_lines(): \$str is  \"$str\"", self::DEBUG_LOWLEVEL);
             $data .= $str;
-            // If 4th character is a space, we are done reading, break the loop, micro-optimisation over strlen
-            if ((isset($str[3]) and $str[3] == ' ')) {
+            // If response is only 3 chars (not valid, but RFC5321 S4.2 says it must be handled),
+            // or 4th character is a space, we are done reading, break the loop,
+            // string array access is a micro-optimisation over strlen
+            if (!isset($str[3]) or (isset($str[3]) and $str[3] == ' ')) {
                 break;
             }
             // Timed-out? Log and break
@@ -1226,26 +1237,40 @@ class SMTP
     }
 
     /**
-     * Will return the ID of the last smtp transaction based on a list of patterns provided
-     * in SMTP::$smtp_transaction_id_patterns.
+     * Extract and return the ID of the last SMTP transaction based on
+     * a list of patterns provided in SMTP::$smtp_transaction_id_patterns.
+     * Relies on the host providing the ID in response to a DATA command.
      * If no reply has been received yet, it will return null.
-     * If no pattern has been matched, it will return false.
+     * If no pattern was matched, it will return false.
      * @return bool|null|string
      */
-    public function getLastTransactionID()
+    protected function recordLastTransactionID()
     {
         $reply = $this->getLastReply();
 
         if (empty($reply)) {
-            return null;
-        }
-
-        foreach ($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) {
-            if (preg_match($smtp_transaction_id_pattern, $reply, $matches)) {
-                return $matches[1];
+            $this->last_smtp_transaction_id = null;
+        } else {
+            $this->last_smtp_transaction_id = false;
+            foreach ($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) {
+                if (preg_match($smtp_transaction_id_pattern, $reply, $matches)) {
+                    $this->last_smtp_transaction_id = $matches[1];
+                }
             }
         }
 
-        return false;
+        return $this->last_smtp_transaction_id;
+    }
+
+    /**
+     * Get the queue/transaction ID of the last SMTP transaction
+     * If no reply has been received yet, it will return null.
+     * If no pattern was matched, it will return false.
+     * @return bool|null|string
+     * @see recordLastTransactionID()
+     */
+    public function getLastTransactionID()
+    {
+        return $this->last_smtp_transaction_id;
     }
 }

system/libs/phpmailer/language/phpmailer.lang-ba.php

@@ -0,0 +1,26 @@
+<?php
+/**
+ * Bosnian PHPMailer language file: refer to English translation for definitive list
+ * @package PHPMailer
+ * @author Ermin Islamagić <ermin@islamagic.com>
+ */
+
+$PHPMAILER_LANG['authenticate']         = 'SMTP Greška: Neuspjela prijava.';
+$PHPMAILER_LANG['connect_host']         = 'SMTP Greška: Ne moguće se spojiti sa SMTP serverom.';
+$PHPMAILER_LANG['data_not_accepted']    = 'SMTP Greška: Podatci nisu prihvaćeni.';
+$PHPMAILER_LANG['empty_message']        = 'Sadržaj poruke je prazan.';
+$PHPMAILER_LANG['encoding']             = 'Nepoznata kriptografija: ';
+$PHPMAILER_LANG['execute']              = 'Nije moguće izvršiti naredbu: ';
+$PHPMAILER_LANG['file_access']          = 'Nije moguće pristupiti datoteci: ';
+$PHPMAILER_LANG['file_open']            = 'Nije moguće otvoriti datoteku: ';
+$PHPMAILER_LANG['from_failed']          = 'SMTP Greška: Slanje sa navedenih e-mail adresa nije uspjelo: ';
+$PHPMAILER_LANG['recipients_failed']    = 'SMTP Greška: Slanje na navedene e-mail adrese nije uspjelo: ';
+$PHPMAILER_LANG['instantiate']          = 'Ne mogu pokrenuti mail funkcionalnost.';
+$PHPMAILER_LANG['invalid_address']      = 'E-mail nije poslan. Neispravna e-mail adresa: ';
+$PHPMAILER_LANG['mailer_not_supported'] = ' mailer nije podržan.';
+$PHPMAILER_LANG['provide_address']      = 'Definišite barem jednu adresu primaoca.';
+$PHPMAILER_LANG['signing']              = 'Greška prilikom prijave: ';
+$PHPMAILER_LANG['smtp_connect_failed']  = 'Spajanje na SMTP server nije uspjelo.';
+$PHPMAILER_LANG['smtp_error']           = 'SMTP greška: ';
+$PHPMAILER_LANG['variable_set']         = 'Nije moguće postaviti varijablu ili je vratiti nazad: ';
+$PHPMAILER_LANG['extension_missing']    = 'Nedostaje ekstenzija: ';

system/libs/phpmailer/language/phpmailer.lang-nb.php

@@ -1,25 +1,25 @@
 <?php
 /**
- * Norwegian PHPMailer language file: refer to English translation for definitive list
+ * Norwegian Bokmål PHPMailer language file: refer to English translation for definitive list
  * @package PHPMailer
  */
 
 $PHPMAILER_LANG['authenticate']         = 'SMTP Feil: Kunne ikke autentisere.';
 $PHPMAILER_LANG['connect_host']         = 'SMTP Feil: Kunne ikke koble til SMTP tjener.';
-$PHPMAILER_LANG['data_not_accepted']    = 'SMTP Feil: Data ble ikke akseptert.';
-$PHPMAILER_LANG['empty_message']        = 'Meldingsinnholdet er tomt';
-$PHPMAILER_LANG['encoding']             = 'Ukjent tegnkoding: ';
+$PHPMAILER_LANG['data_not_accepted']    = 'SMTP Feil: Datainnhold ikke akseptert.';
+$PHPMAILER_LANG['empty_message']        = 'Melding kropp tomt';
+$PHPMAILER_LANG['encoding']             = 'Ukjent koding: ';
 $PHPMAILER_LANG['execute']              = 'Kunne ikke utføre: ';
 $PHPMAILER_LANG['file_access']          = 'Får ikke tilgang til filen: ';
-$PHPMAILER_LANG['file_open']            = 'Fil feil: Kunne ikke åpne filen: ';
-$PHPMAILER_LANG['from_failed']          = 'Følgende avsenderadresse feilet: ';
-$PHPMAILER_LANG['instantiate']          = 'Kunne ikke initialisere mailfunksjonen.';
-$PHPMAILER_LANG['invalid_address']      = 'Meldingen ble ikke sendt, følgende adresse er ugyldig: ';
-$PHPMAILER_LANG['provide_address']      = 'Du må angi minst en mottakeradresse.';
-$PHPMAILER_LANG['mailer_not_supported'] = ' mailer er ikke supportert.';
-$PHPMAILER_LANG['recipients_failed']    = 'SMTP Feil: Følgende mottagere feilet: ';
-$PHPMAILER_LANG['signing']              = 'Signeringsfeil: ';
-$PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP Connect() feilet.';
-$PHPMAILER_LANG['smtp_error']           = 'SMTP-serverfeil: ';
-$PHPMAILER_LANG['variable_set']         = 'Kan ikke sette eller resette variabelen: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['file_open']            = 'Fil Feil: Kunne ikke åpne filen: ';
+$PHPMAILER_LANG['from_failed']          = 'Følgende Frå adresse feilet: ';
+$PHPMAILER_LANG['instantiate']          = 'Kunne ikke initialisere post funksjon.';
+$PHPMAILER_LANG['invalid_address']      = 'Ugyldig adresse: ';
+$PHPMAILER_LANG['mailer_not_supported'] = ' sender er ikke støttet.';
+$PHPMAILER_LANG['provide_address']      = 'Du må opppgi minst en mottakeradresse.';
+$PHPMAILER_LANG['recipients_failed']    = 'SMTP Feil: Følgende mottakeradresse feilet: ';
+$PHPMAILER_LANG['signing']              = 'Signering Feil: ';
+$PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP connect() feilet.';
+$PHPMAILER_LANG['smtp_error']           = 'SMTP server feil: ';
+$PHPMAILER_LANG['variable_set']         = 'Kan ikke skrive eller omskrive variabel: ';
+$PHPMAILER_LANG['extension_missing']    = 'Utvidelse mangler: ';

system/libs/phpmailer/language/phpmailer.lang-pt_br.php

@@ -5,6 +5,7 @@
  * @author Paulo Henrique Garcia <paulo@controllerweb.com.br>
  * @author Lucas Guimarães <lucas@lucasguimaraes.com>
  * @author Phelipe Alves <phelipealvesdesouza@gmail.com>
+ * @author Fabio Beneditto <fabiobeneditto@gmail.com>
  */
 
 $PHPMAILER_LANG['authenticate']         = 'Erro de SMTP: Não foi possível autenticar.';
@@ -15,7 +16,7 @@ $PHPMAILER_LANG['encoding']             = 'Codificação desconhecida: ';
 $PHPMAILER_LANG['execute']              = 'Não foi possível executar: ';
 $PHPMAILER_LANG['file_access']          = 'Não foi possível acessar o arquivo: ';
 $PHPMAILER_LANG['file_open']            = 'Erro de Arquivo: Não foi possível abrir o arquivo: ';
-$PHPMAILER_LANG['from_failed']          = 'Os seguintes remententes falharam: ';
+$PHPMAILER_LANG['from_failed']          = 'Os seguintes remetentes falharam: ';
 $PHPMAILER_LANG['instantiate']          = 'Não foi possível instanciar a função mail.';
 $PHPMAILER_LANG['invalid_address']      = 'Endereço de e-mail inválido: ';
 $PHPMAILER_LANG['mailer_not_supported'] = ' mailer não é suportado.';

system/libs/phpmailer/language/phpmailer.lang-rs.php

@@ -23,4 +23,4 @@ $PHPMAILER_LANG['signing']              = 'Грешка приликом при
 $PHPMAILER_LANG['smtp_connect_failed']  = 'Повезивање са SMTP сервером није успело.';
 $PHPMAILER_LANG['smtp_error']           = 'Грешка SMTP сервера: ';
 $PHPMAILER_LANG['variable_set']         = 'Није могуће задати променљиву, нити је вратити уназад: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = 'Недостаје проширење: ';

system/libs/phpmailer/language/phpmailer.lang-tr.php

@@ -6,6 +6,7 @@
  * @author Can Yılmaz
  * @author Mehmet Benlioğlu
  * @author @yasinaydin
+ * @author Ogün Karakuş
  */
 
 $PHPMAILER_LANG['authenticate']         = 'SMTP Hatası: Oturum açılamadı.';
@@ -26,4 +27,4 @@ $PHPMAILER_LANG['signing']              = 'İmzalama hatası: ';
 $PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP connect() fonksiyonu başarısız.';
 $PHPMAILER_LANG['smtp_error']           = 'SMTP sunucu hatası: ';
 $PHPMAILER_LANG['variable_set']         = 'Değişken ayarlanamadı ya da sıfırlanamadı: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = 'Eklenti bulunamadı: ';

system/libs/phpmailer/language/phpmailer.lang-zh_cn.php

@@ -4,13 +4,14 @@
  * @package PHPMailer
  * @author liqwei <liqwei@liqwei.com>
  * @author young <masxy@foxmail.com>
+ * @author Teddysun <i@teddysun.com>
  */
 
 $PHPMAILER_LANG['authenticate']         = 'SMTP 错误：登录失败。';
 $PHPMAILER_LANG['connect_host']         = 'SMTP 错误：无法连接到 SMTP 主机。';
 $PHPMAILER_LANG['data_not_accepted']    = 'SMTP 错误：数据不被接受。';
 $PHPMAILER_LANG['empty_message']        = '邮件正文为空。';
-$PHPMAILER_LANG['encoding']             = '未知编码: ';
+$PHPMAILER_LANG['encoding']             = '未知编码：';
 $PHPMAILER_LANG['execute']              = '无法执行：';
 $PHPMAILER_LANG['file_access']          = '无法访问文件：';
 $PHPMAILER_LANG['file_open']            = '文件错误：无法打开文件：';
@@ -22,6 +23,6 @@ $PHPMAILER_LANG['provide_address']      = '必须提供至少一个收件人地
 $PHPMAILER_LANG['recipients_failed']    = 'SMTP 错误：收件人地址错误：';
 $PHPMAILER_LANG['signing']              = '登录失败：';
 $PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP服务器连接失败。';
-$PHPMAILER_LANG['smtp_error']           = 'SMTP服务器出错: ';
+$PHPMAILER_LANG['smtp_error']           = 'SMTP服务器出错：';
 $PHPMAILER_LANG['variable_set']         = '无法设置或重置变量：';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = '丢失模块 Extension：';

system/libs/plugins.php

@@ -0,0 +1,211 @@
+<?php
+/**
+ * Plugins class
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+class Plugins {
+	private static $warnings = array();
+	private static $error = null;
+	private static $pluginInfo = array();
+	
+	public static function install($file) {
+		global $db, $cache;
+		
+		$zip = new ZipArchive();
+		if($zip->open($file)) {
+			for ($i = 0; $i < $zip->numFiles; $i++) {
+				$tmp = $zip->getNameIndex($i);
+				if(pathinfo($tmp, PATHINFO_DIRNAME) == 'plugins' && pathinfo($tmp, PATHINFO_EXTENSION) == 'json')
+					$json_file = $tmp;
+			}
+			
+			if(!isset($json_file)) {
+				self::$error = 'Cannot find plugin info .json file. Installation is discontinued.';
+				return false;
+			}
+			
+			if($zip->extractTo(BASE)) { // place in the directory with same name
+				$file_name = BASE . $json_file;
+				if(!file_exists($file_name)) {
+					self::$error = "Cannot load " . $file_name . ". File doesn't exist.";
+					return false;
+				}
+				else {
+					$string = file_get_contents($file_name);
+					$plugin = json_decode($string, true);
+					self::$pluginInfo = $plugin;
+					if ($plugin == null) {
+						self::$warnings[] = 'Cannot load ' . $file_name . '. File might be not a valid json code.';
+					}
+					else {
+						$continue = true;
+						
+						if(!isset($plugin['name'])) {
+							self::$warnings[] = 'Plugin "name" tag is not set.';
+						}
+						if(!isset($plugin['description'])) {
+							self::$warnings[] = 'Plugin "description" tag is not set.';
+						}
+						if(!isset($plugin['version'])) {
+							self::$warnings[] = 'Plugin "version" tag is not set.';
+						}
+						if(!isset($plugin['author'])) {
+							self::$warnings[] = 'Plugin "author" tag is not set.';
+						}
+						if(!isset($plugin['contact'])) {
+							self::$warnings[] = 'Plugin "contact" tag is not set.';
+						}
+						
+						if(isset($plugin['require'])) {
+							$require = $plugin['require'];
+							if(isset($require['myaac'])) {
+								$require_myaac = $require['myaac'];
+								if(version_compare(MYAAC_VERSION, $require_myaac, '<')) {
+									self::$warnings[] = "This plugin requires MyAAC version " . $require_myaac . ", you're using version " . MYAAC_VERSION . " - please update.";
+									$continue = false;
+								}
+							}
+							
+							if(isset($require['php'])) {
+								$require_php = $require['php'];
+								if(version_compare(phpversion(), $require_php, '<')) {
+									self::$warnings[] = "This plugin requires PHP version " . $require_php . ", you're using version " . phpversion() . " - please update.";
+									$continue = false;
+								}
+							}
+							
+							if(isset($require['database'])) {
+								$require_database = $require['database'];
+								if($require_database < DATABASE_VERSION) {
+									self::$warnings[] = "This plugin requires database version " . $require_database . ", you're using version " . DATABASE_VERSION . " - please update.";
+									$continue = false;
+								}
+							}
+						}
+						
+						if($continue) {
+							if (isset($plugin['install'])) {
+								if (file_exists(BASE . $plugin['install']))
+									require(BASE . $plugin['install']);
+								else
+									self::$warnings[] = 'Cannot load install script. Your plugin might be not working correctly.';
+							}
+							
+							if (isset($plugin['hooks'])) {
+								foreach ($plugin['hooks'] as $_name => $info) {
+									if (defined('HOOK_'. $info['type'])) {
+										$hook = constant('HOOK_'. $info['type']);
+										$query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'hooks` WHERE `name` = ' . $db->quote($_name) . ';');
+										if ($query->rowCount() == 1) { // found something
+											$query = $query->fetch();
+											$db->update(TABLE_PREFIX . 'hooks', array('type' => $hook, 'file' => $info['file']), array('id' => (int)$query['id']));
+										} else {
+											$db->insert(TABLE_PREFIX . 'hooks', array('id' => null, 'name' => $_name, 'type' => $hook, 'file' => $info['file']));
+										}
+									} else
+										self::$warnings[] = 'Unknown event type: ' . $info['type'];
+								}
+							}
+							
+							if($cache->enabled()) {
+								$cache->delete('templates');
+							}
+							
+							$zip->close();
+							return true;
+						}
+					}
+				}
+			}
+			else {
+				self::$error = 'There was a problem with extracting zip archive.';
+			}
+			
+			$zip->close();
+		}
+		else {
+			self::$error = 'There was a problem with opening zip archive.';
+		}
+		
+		return false;
+	}
+	
+	public static function uninstall($plugin_name) {
+		global $cache, $db;
+		
+		$filename = BASE . 'plugins/' . $plugin_name . '.json';
+		if(!file_exists($filename)) {
+			self::$error = 'Plugin ' . $plugin_name . ' does not exist.';
+			return false;
+		}
+		else {
+			$string = file_get_contents($filename);
+			$plugin_info = json_decode($string, true);
+			if($plugin_info == false) {
+				self::$error = 'Cannot load plugin info ' . $plugin_name . '.json';
+				return false;
+			}
+			else {
+				if(!isset($plugin_info['uninstall'])) {
+					self::$error = "Plugin doesn't have uninstall options defined. Skipping...";
+					return false;
+				}
+				else {
+					$success = true;
+					foreach($plugin_info['uninstall'] as $file) {
+						$file = BASE . $file;
+						if(!deleteDirectory($file)) {
+							$success = false;
+						}
+					}
+					
+					if (isset($plugin_info['hooks'])) {
+						foreach ($plugin_info['hooks'] as $_name => $info) {
+							if (defined('HOOK_'. $info['type'])) {
+								$hook = constant('HOOK_'. $info['type']);
+								$query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'hooks` WHERE `name` = ' . $db->quote($_name) . ';');
+								if ($query->rowCount() == 1) { // found something
+									$query = $query->fetch();
+									$db->delete(TABLE_PREFIX . 'hooks', array('id' => (int)$query['id']));
+								}
+							} else
+								self::$warnings[] = 'Unknown event type: ' . $info['type'];
+						}
+					}
+					
+					if($success) {
+						if($cache->enabled()) {
+							$cache->delete('templates');
+						}
+						
+						return true;
+					}
+					else {
+						self::$error = error_get_last();
+					}
+				}
+			}
+		}
+		
+		return false;
+	}
+	
+	public static function getWarnings() {
+		return self::$warnings;
+	}
+	
+	public static function getError() {
+		return self::$error;
+	}
+	
+	public static function getPluginInfo() {
+		return self::$pluginInfo;
+	}
+}

system/libs/pot/OTS_Account.php

@@ -170,7 +170,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
     public function load($id)
     {
         // SELECT query on database
-        $this->data = $this->db->query('SELECT `id`, ' . (fieldExist('name', 'accounts') ? '`name`,' : '') . '`password`, `email`, ' . $this->db->fieldName('blocked') . ', ' . $this->db->fieldName('rlname') . ', ' . $this->db->fieldName('location') . ', ' . $this->db->fieldName('web_flags') . ', ' . (fieldExist('premdays', 'accounts') ? $this->db->fieldName('premdays') . ',' : '') . (fieldExist('lastday', 'accounts') ? $this->db->fieldName('lastday') . ',' : (fieldExist('premend', 'accounts') ?  $this->db->fieldName('premend') . ' as `lastday`,' : '')) . $this->db->fieldName('created') . ' FROM ' . $this->db->tableName('accounts') . ' WHERE ' . $this->db->fieldName('id') . ' = ' . (int) $id)->fetch();
+        $this->data = $this->db->query('SELECT `id`, ' . (fieldExist('name', 'accounts') ? '`name`,' : '') . '`password`, `email`, ' . $this->db->fieldName('blocked') . ', ' . $this->db->fieldName('rlname') . ', ' . $this->db->fieldName('location') . ', ' . $this->db->fieldName('web_flags') . ', ' . (fieldExist('premdays', 'accounts') ? $this->db->fieldName('premdays') . ',' : '') . (fieldExist('lastday', 'accounts') ? $this->db->fieldName('lastday') . ',' : (fieldExist('premend', 'accounts') ?  $this->db->fieldName('premend') . ',' : '')) . $this->db->fieldName('created') . ' FROM ' . $this->db->tableName('accounts') . ' WHERE ' . $this->db->fieldName('id') . ' = ' . (int) $id)->fetch();
     }
 
 /**
@@ -252,9 +252,14 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		$lastday = 'lastday';
 		if(fieldExist('premend', 'accounts'))
 			$lastday = 'premend';
+		
+		$field = 'lastday';
+		if(isset($this->data['premend'])) { // othire
+			$field = 'premend';
+		}
 
         // UPDATE query on database
-        $this->db->query('UPDATE `accounts` SET ' . (fieldExist('name', 'accounts') ? '`name` = ' . $this->db->quote($this->data['name']) . ',' : '') . '`password` = ' . $this->db->quote($this->data['password']) . ', `email` = ' . $this->db->quote($this->data['email']) . ', `blocked` = ' . (int) $this->data['blocked'] . ', `rlname` = ' . $this->db->quote($this->data['rlname']) . ', `location` = ' . $this->db->quote($this->data['location']) . ', `web_flags` = ' . (int) $this->data['web_flags'] . ', ' . (fieldExist('premdays', 'accounts') ? '`premdays` = ' . (int) $this->data['premdays'] . ',' : '') . '`' . $lastday . '` = ' . (int) $this->data['lastday'] . ' WHERE `id` = ' . $this->data['id']);
+        $this->db->query('UPDATE `accounts` SET ' . (fieldExist('name', 'accounts') ? '`name` = ' . $this->db->quote($this->data['name']) . ',' : '') . '`password` = ' . $this->db->quote($this->data['password']) . ', `email` = ' . $this->db->quote($this->data['email']) . ', `blocked` = ' . (int) $this->data['blocked'] . ', `rlname` = ' . $this->db->quote($this->data['rlname']) . ', `location` = ' . $this->db->quote($this->data['location']) . ', `web_flags` = ' . (int) $this->data['web_flags'] . ', ' . (fieldExist('premdays', 'accounts') ? '`premdays` = ' . (int) $this->data['premdays'] . ',' : '') . '`' . $field . '` = ' . (int) $this->data[$field] . ' WHERE `id` = ' . $this->data['id']);
     }
 
 /**
@@ -327,21 +332,20 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		return $this->hasFlag(FLAG_SUPER_ADMIN);
 	}
 
-    public function getPremDays()
-    {
-        if( !isset($this->data['lastday']) )
-        {
-            throw new E_OTS_NotLoaded();
-        }
+	public function getPremDays()
+	{
+		if(!isset($this->data['lastday']) && !isset($this->data['premend'])) {
+			throw new E_OTS_NotLoaded();
+		}
 
-        if($this->data['lastday'] == 0)
-            return 0;
-        
-		return round(($this->data['lastday'] - time()) / (24 * 60 * 60), 3);
-        //return $this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday']));
-    }
+		if(isset($this->data['premend'])) {
+			return round(($this->data['premend'] - time()) / (24 * 60 * 60), 2);
+		}
 
-    public function getLastLogin()
+		return $this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday']));
+	}
+	
+   public function getLastLogin()
     {
         if( !isset($this->data['lastday']) )
         {
@@ -350,14 +354,18 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 
         return $this->data['lastday'];
     }
-
+	
     public function isPremium()
     {
 		global $config;
         if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return true;
-		return $this->data['lastday'] > time();
-        //return ($this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday'])) > 0);
-    }
+
+		if(isset($this->data['premend'])) {
+			return $this->data['premend'] > time();
+		}
+
+		return ($this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday'])) > 0);
+	}
 
     public function getCreated()
     {
@@ -818,34 +826,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
  */
     public function getAccess()
     {
-		global $groups;
-		if(!isset($groups))
-			$groups = new OTS_Groups_List();
-
-		// by default
-		$access = 0;
-		if(fieldExist('group_id', 'accounts')) {
-			$query = $this->db->query('SELECT `group_id` FROM `accounts` WHERE `id` = ' . (int) $this->getId())->fetch();
-			// if anything was found
-
-			$group = $groups->getGroup($query['group_id']);
-			if(!$group) return 0;
-			return $group->getAccess();
-		}
-
-        // finds groups of all characters
-        foreach( $this->getPlayersList() as $player)
-        {
-            $group = $player->getGroup();
-
-            // checks if group's access level is higher then previouls found highest
-            if( $group->getAccess() > $access)
-            {
-                $access = $group->getAccess();
-            }
-        }
-
-        return $access;
+		return $this->getGroupId();
     }
 
 	public function getGroupId()
@@ -858,10 +839,12 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 				return $query['group_id'];
 		}
 
-		$db->query('SELECT `group_id` FROM `players` WHERE `account_id` = ' . $this->getId() . ' ORDER BY `group_id` DESC LIMIT 1')->fetch();
-		if(isset($query['group_id']))
+		$query = $this->db->query('SELECT `group_id` FROM `players` WHERE `account_id` = ' . (int) $this->getId() .  ' ORDER BY `group_id` DESC LIMIT 1');
+		if($query->rowCount() == 1)
+		{
+			$query = $query->fetch();
 			return $query['group_id'];
-
+		}
 		return 0;
 	}
 

system/libs/pot/OTS_Guild.php

@@ -74,6 +74,7 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
  * 
  * @version 0.1.3
  */
+/*
     public function __clone()
     {
         unset($this->data['id']);
@@ -90,7 +91,7 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
             $this->requests->__construct($this);
         }
     }
-
+*/
 /**
  * Assigns invites handler.
  * 
@@ -282,6 +283,26 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
         $this->data['ownerid'] = $owner->getId();
     }
 
+    public function hasMember(OTS_Player $player) {
+        global $db;
+	
+        if(!$player || !$player->isLoaded()) {
+            return false;
+        }
+        
+	    $player_rank = $player->getRank();
+	    if(!$player_rank->isLoaded()) {
+	        return false;
+	    }
+	    
+	    foreach($this->getGuildRanksList() as $rank) {
+		    if($rank->getId() == $player_rank->getId()) {
+		        return true;
+            }
+        }
+        
+        return false;
+    }
 /**
  * Guild creation data.
  * 

system/libs/pot/OTS_Monster.php

@@ -194,7 +194,6 @@ class OTS_Monster extends DOMDocument
 
 /**
  * @return array List of item IDs.
- * @deprecated 0.1.0 Use getItems().
  */
     public function getLoot()
     {
@@ -208,13 +207,25 @@ class OTS_Monster extends DOMDocument
             // adds all items
             foreach( $element->getElementsByTagName('item') as $item)
             {
-                $id = $item->getAttribute('id');
-
-                // avoid redundancy
-                if( !in_array($id, $loot) )
-                {
-                    $loot[] = $id;
+	            $chance = $item->getAttribute('chance');
+	            if(empty($chance)) {
+		            $chance = $item->getAttribute('chance1');
+		            if(empty($chance)) {
+		                $chance = 100000;
+                    }
                 }
+                
+                $count = $item->getAttribute('countmax');
+	            if(empty($count)) {
+	                $count = 1;
+                }
+                
+                $id = $item->getAttribute('id');
+                if(empty($id)) {
+                    $id = $item->getAttribute('name');
+                }
+                
+                $loot[] = array('id' => $id, 'count' => $count, 'chance' => $chance);
             }
         }
 

system/libs/pot/OTS_MonstersList.php

@@ -36,6 +36,8 @@ class OTS_MonstersList implements Iterator, Countable, ArrayAccess
  */
     private $monsters = array();
 
+	private $lastMonsterFile = '';
+	private $hasErrors = false;
 /**
  * Loads monsters mapping file.
  * 
@@ -57,9 +59,18 @@ class OTS_MonstersList implements Iterator, Countable, ArrayAccess
             $this->monstersPath .= '/';
         }
 
+		// check if monsters.xml exist
+		if(!@file_exists($this->monstersPath . 'monsters.xml')) {
+			log_append('error.log', '[OTS_MonstersList.php] Fatal error: Cannot load monsters.xml. File does not exist. (' . $this->monstersPath . 'monsters.xml' . '). Error: ' . print_r(error_get_last(), true));
+			throw new Exception('Error: Cannot load monsters.xml. File not found. More info in system/logs/error.log file.');
+		}
+		
         // loads monsters mapping file
         $monsters = new DOMDocument();
-        $monsters->load($this->monstersPath . 'monsters.xml');
+        if(!@$monsters->load($this->monstersPath . 'monsters.xml')) {
+			log_append('error.log', '[OTS_MonstersList.php] Fatal error: Cannot load monsters.xml (' . $this->monstersPath . 'monsters.xml' . '). Error: ' . print_r(error_get_last(), true));
+			throw new Exception('Error: Cannot load monsters.xml. File is invalid. More info in system/logs/error.log file.');
+		}
 
         foreach( $monsters->getElementsByTagName('monster') as $monster)
         {
@@ -101,6 +112,16 @@ class OTS_MonstersList implements Iterator, Countable, ArrayAccess
         return isset($this->monsters[$name]);
     }
 
+	function xmlErrorHandler($errno, $errstr, $errfile, $errline)
+	{
+		if($errno==E_WARNING && (substr_count($errstr,"DOMDocument::loadXML()")>0)) {
+			//throw new DOMException($errstr);
+			log_append('error.log', '[OTS_MonstersList.php] Fatal error: Cannot load ' . $this->lastMonsterFile . ' - ' . $errstr);
+			$this->hasErrors = true;
+		}
+		else
+			return false;
+	}
 /**
  * Returns loaded data of given monster.
  * 
@@ -112,21 +133,31 @@ class OTS_MonstersList implements Iterator, Countable, ArrayAccess
  */
     public function getMonster($name)
     {
+		global $lastMonsterFile;
         // checks if monster exists
         if( isset($this->monsters[$name]) )
         {
             // loads file
             $monster = new OTS_Monster();
 			//echo $this->monstersPath . $this->monsters[$name];
+			
+			// check if monster file exist
            if(file_exists($this->monstersPath . $this->monsters[$name])) {
-				$monster->loadXML(trim(file_get_contents($this->monstersPath . $this->monsters[$name])));
+				set_error_handler(array($this, 'xmlErrorHandler')); 
+				$this->lastMonsterFile = $this->monstersPath . $this->monsters[$name];
+				@$monster->loadXML(trim(file_get_contents($this->monstersPath . $this->monsters[$name])));
+				restore_error_handler();
 			}
+
             return $monster;
         }
 
         throw new OutOfBoundsException();
     }
 
+	public function hasErrors() {
+		return $this->hasErrors;
+	}
 /**
  * Returns amount of monsters loaded.
  * 

system/libs/pot/OTS_Player.php

@@ -3151,6 +3151,14 @@ class OTS_Player extends OTS_Row_DAO
 
         $this->db->query('DELETE FROM ' . $this->db->tableName('player_spells') . ' WHERE ' . $this->db->fieldName('player_id') . ' = ' . $this->data['id'] . ' AND ' . $this->db->fieldName('name') . ' = ' . $this->db->quote( $spell->getName() ) );
     }
+	
+	public static function getPercentLevel($count, $nextLevelCount)
+	{
+		if($nextLevelCount > 0)
+			return min(100, max(0, $count * 100 / $nextLevelCount));
+
+		return 0;
+	}
 
 /**
  * Magic PHP5 method.

system/libs/pot/OTS_Spell.php

@@ -315,19 +315,50 @@ class OTS_Spell
  */
     public function getVocations()
     {
-        $vocations = array();
+	    global $config;
+	    if(!isset($config['vocation_ids']))
+		    $config['vocations_ids'] = array_flip($config['vocations']);
+	
+	    $vocations = array();
 
         foreach( $this->element->getElementsByTagName('vocation') as $vocation)
         {
-			if($vocation->getAttribute('id') != NULL)
-            	$vocations[] = $vocation->getAttribute('id');
-			else
-				$vocations[] = $vocation->getAttribute('name');
+	        if($vocation->getAttribute('id') != NULL) {
+		        $voc_id = $vocation->getAttribute('id');
+	        }
+	        else {
+		        $voc_id = $config['vocations_ids'][$vocation->getAttribute('name')];
+	        }
+	
+	        $vocations[] = $voc_id;
         }
 
         return $vocations;
     }
-
+	
+	public function getVocationsFull()
+	{
+	    global $config;
+	    if(!isset($config['vocation_ids']))
+	        $config['vocations_ids'] = array_flip($config['vocations']);
+	    
+		$vocations = array();
+		
+		foreach( $this->element->getElementsByTagName('vocation') as $vocation)
+		{
+		    $show = $vocation->getAttribute('showInDescription');
+            if($vocation->getAttribute('id') != NULL) {
+	            $voc_id = $vocation->getAttribute('id');
+            }
+            else {
+                $voc_id = $config['vocations_ids'][$vocation->getAttribute('name')];
+            }
+		    
+		    $vocations[$voc_id] = strlen($show) == 0 || $show != '0';
+		}
+		
+		return $vocations;
+	}
 /**
  * Creates conjure item.
  * 

system/libs/pot/OTS_SpellsList.php

@@ -93,9 +93,18 @@ class OTS_SpellsList implements IteratorAggregate, Countable
  */
     public function __construct($file)
     {
-        // loads DOM document
+		// check if spells.xml exist
+		if(!@file_exists($file)) {
+			log_append('error.log', '[OTS_SpellsList.php] Fatal error: Cannot load spells.xml. File does not exist. (' . $file . '). Error: ' . print_r(error_get_last(), true));
+			throw new Exception('Error: Cannot load spells.xml. File not found. More info in system/logs/error.log file.');
+		}
+		
+        // loads monsters mapping file
         $spells = new DOMDocument();
-        $spells->load($file);
+        if(!@$spells->load($file)) {
+			log_append('error.log', '[OTS_SpellsList.php] Fatal error: Cannot load spells.xml (' . $file . '). Error: ' . print_r(error_get_last(), true));
+			throw new Exception('Error: Cannot load spells.xml. File is invalid. More info in system/logs/error.log file.');
+		}
 
         // loads runes
         foreach( $spells->getElementsByTagName('rune') as $rune)

system/libs/pot/OTS_Toolbox.php

@@ -28,13 +28,11 @@ class OTS_Toolbox
  * @param int $experience Current experience points.
  * @return int Experience points for level.
  */
-    public static function experienceForLevel($level, $experience = 0)
+	public static function experienceForLevel($level, $experience = 0)
     {
-        return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
-		/*
-			$level = $level - 1;
-	return ((50 * $level * $level * $level) - (150 * $level * $level) + (400 * $level)) / 3;
-	*/
+        //return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
+		$level = $level - 1;
+		return ((50 * $level * $level * $level) - (150 * $level * $level) + (400 * $level)) / 3;
     }
 
 /**

system/libs/spells.php

@@ -6,12 +6,14 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
 class Spells {
+	private static $spellsList = null;
+	private static $lastError = '';
+	
 	public static function loadFromXML($show = false) {
 		global $config, $db;
 		
@@ -22,62 +24,45 @@ class Spells {
 			echo '<h2>All records deleted from table <b>' . TABLE_PREFIX . 'spells</b> in database.</h2>';
 		}
 		
-		foreach($config['vocations'] as $voc_id => $voc_name) {
-			$vocations_ids[$voc_name] = $voc_id;
+		try {
+			self::$spellsList = new OTS_SpellsList($config['data_path'].'spells/spells.xml');
+		}
+		catch(Exception $e) {
+			self::$lastError = $e->getMessage();
+			return false;
 		}
 		
-		$allspells = new OTS_SpellsList($config['data_path'].'spells/spells.xml');
 		//add conjure spells
-		$conjurelist = $allspells->getConjuresList();
+		$conjurelist = self::$spellsList->getConjuresList();
 		if($show) {
 			echo "<h3>Conjure:</h3>";
 		}
 		
 		foreach($conjurelist as $spellname) {
-			$spell = $allspells->getConjure($spellname);
-			$lvl = $spell->getLevel();
-			$mlvl = $spell->getMagicLevel();
-			$mana = $spell->getMana();
+			$spell = self::$spellsList->getConjure($spellname);
 			$name = $spell->getName();
-			$soul = $spell->getSoul();
-			$spell_txt = $spell->getWords();
-			$vocations = $spell->getVocations();
-			$nr_of_vocations = count($vocations);
-			$vocations_to_db = "";
-			$voc_nr = 0;
-			foreach($vocations as $vocation_to_add) {
-				if(Validator::number($vocation_to_add)) {
-					$vocations_to_db .= $vocation_to_add;
-				}
-				else
-					$vocations_to_db .= $vocations_ids[$vocation_to_add];
-				$voc_nr++;
-				
-				if($voc_nr != $nr_of_vocations) {
-					$vocations_to_db .= ',';
-				}
-			}
 			
-			$enabled = $spell->isEnabled();
-			if($enabled) {
-				$hide_spell = 0;
-			}
-			else {
-				$hide_spell = 1;
-			}
-			$pacc = $spell->isPremium();
-			if($pacc) {
-				$pacc = '1';
-			}
-			else {
-				$pacc = '0';
-			}
-			$type = 2;
-			$count = $spell->getConjureCount();
+			$words = $spell->getWords();
+			if(strpos($words, '#') !== false)
+				continue;
+			
 			try {
-				$db->query('INSERT INTO myaac_spells (spell, name, words, type, mana, level, maglevel, soul, premium, vocations, conjure_count, hidden) VALUES (' . $db->quote($spell_txt) . ', ' . $db->quote($name) . ', ' . $db->quote($spell_txt) . ', ' . $db->quote($type) . ', ' . $db->quote($mana) . ', ' . $db->quote($lvl) . ', ' . $db->quote($mlvl) . ', ' . $db->quote($soul) . ', ' . $db->quote($pacc) . ', ' . $db->quote($vocations_to_db) . ', ' . $db->quote($count) . ', ' . $db->quote($hide_spell) . ')');
+				$db->insert(TABLE_PREFIX . 'spells', array(
+					'name' => $name,
+					'words' => $words,
+					'type' => 2,
+					'mana' => $spell->getMana(),
+					'level' => $spell->getLevel(),
+					'maglevel' => $spell->getMagicLevel(),
+					'soul' => $spell->getSoul(),
+					'premium' => $spell->isPremium() ? 1 : 0,
+					'vocations' => json_encode($spell->getVocations()),
+					'conjure_count' => $spell->getConjureCount(),
+					'hidden' => $spell->isEnabled() ? 0 : 1
+				));
+
 				if($show) {
-					success("Added: " . $name . "<br>");
+					success('Added: ' . $name . '<br/>');
 				}
 			}
 			catch(PDOException $error) {
@@ -87,59 +72,75 @@ class Spells {
 			}
 		}
 		
-		//add instant spells
-		$instantlist = $allspells->getInstantsList();
+		// add instant spells
+		$instantlist = self::$spellsList->getInstantsList();
 		if($show) {
 			echo "<h3>Instant:</h3>";
 		}
 		
 		foreach($instantlist as $spellname) {
-			$spell = $allspells->getInstant($spellname);
-			$lvl = $spell->getLevel();
-			$mlvl = $spell->getMagicLevel();
-			$mana = $spell->getMana();
+			$spell = self::$spellsList->getInstant($spellname);
 			$name = $spell->getName();
-			$soul = $spell->getSoul();
-			$spell_txt = $spell->getWords();
-			if(strpos($spell_txt, '###') !== false)
+			
+			$words = $spell->getWords();
+			if(strpos($words, '#') !== false)
 				continue;
 			
-			$vocations = $spell->getVocations();
-			$nr_of_vocations = count($vocations);
-			$vocations_to_db = "";
-			$voc_nr = 0;
-			foreach($vocations as $vocation_to_add) {
-				if(Validator::number($vocation_to_add)) {
-					$vocations_to_db .= $vocation_to_add;
-				}
-				else
-					$vocations_to_db .= $vocations_ids[$vocation_to_add];
-				$voc_nr++;
-				
-				if($voc_nr != $nr_of_vocations) {
-					$vocations_to_db .= ',';
-				}
-			}
-			$enabled = $spell->isEnabled();
-			if($enabled) {
-				$hide_spell = 0;
-			}
-			else {
-				$hide_spell = 1;
-			}
-			$pacc = $spell->isPremium();
-			if($pacc) {
-				$pacc = '1';
-			}
-			else {
-				$pacc = '0';
-			}
-			$type = 1;
-			$count = 0;
 			try {
-				$db->query("INSERT INTO myaac_spells (spell, name, words, type, mana, level, maglevel, soul, premium, vocations, conjure_count, hidden) VALUES (".$db->quote($spell_txt).", ".$db->quote($name).", ".$db->quote($spell_txt).", '".$type."', '".$mana."', '".$lvl."', '".$mlvl."', '".$soul."', '".$pacc."', '".$vocations_to_db."', '".$count."', '".$hide_spell."')");
+				$db->insert(TABLE_PREFIX . 'spells', array(
+					'name' => $name,
+					'words' => $words,
+					'type' => 1,
+					'mana' => $spell->getMana(),
+					'level' => $spell->getLevel(),
+					'maglevel' => $spell->getMagicLevel(),
+					'soul' => $spell->getSoul(),
+					'premium' => $spell->isPremium() ? 1 : 0,
+					'vocations' => json_encode($spell->getVocations()),
+					'conjure_count' => 0,
+					'hidden' => $spell->isEnabled() ? 0 : 1
+				));
+				
 				if($show) {
-					success("Added: ".$name."<br/>");
+					success('Added: ' . $name . '<br/>');
+				}
+			}
+			catch(PDOException $error) {
+				if($show) {
+					warning('Error while adding spell (' . $name . '): ' . $error->getMessage());
+				}
+			}
+		}
+		
+		// add runes
+		$runeslist = self::$spellsList->getRunesList();
+		if($show) {
+			echo "<h3>Runes:</h3>";
+		}
+		
+		foreach($runeslist as $spellname) {
+			$spell = self::$spellsList->getRune($spellname);
+
+			$name = $spell->getName() . ' (rune)';
+
+			try {
+				$db->insert(TABLE_PREFIX . 'spells', array(
+					'name' => $name,
+					'words' => $spell->getWords(),
+					'type' => 3,
+					'mana' => $spell->getMana(),
+					'level' => $spell->getLevel(),
+					'maglevel' => $spell->getMagicLevel(),
+					'soul' => $spell->getSoul(),
+					'premium' => $spell->isPremium() ? 1 : 0,
+					'vocations' => json_encode($spell->getVocations()),
+					'conjure_count' => 0,
+					'item_id' => $spell->getID(),
+					'hidden' => $spell->isEnabled() ? 0 : 1
+				));
+				
+				if($show) {
+					success('Added: ' . $name . '<br/>');
 				}
 			}
 			catch(PDOException $error) {
@@ -151,4 +152,12 @@ class Spells {
 		
 		return true;
 	}
+	
+	public static function getSpellsList() {
+		return self::$spellsList;
+	}
+	
+	public static function getLastError() {
+		return self::$lastError;
+	}
 }

system/libs/timer.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/usage_statistics.php

@@ -0,0 +1,118 @@
+<?php
+/**
+ * Usage Statistics
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+class Usage_Statistics {
+	private static $report_url = 'https://my-aac.org/report_usage.php';
+	
+	public static function report() {
+		$data = json_encode(self::getStats());
+		
+		$options = array(
+			'http' => array(
+				'header'  => 'Content-type: application/json' . "\r\n"
+				. 'Content-Length: ' . strlen($data) . "\r\n",
+				'content' => $data
+			)
+		);
+		
+		$context  = stream_context_create($options);
+		$result = file_get_contents(self::$report_url, false, $context);
+
+		return $result !== false;
+	}
+
+	public static function getStats() {
+		global $config, $db;
+		
+		$ret = array();
+		
+		$ret['unique_id'] = hash('sha1', $config['server_path']);
+		$ret['server_os'] = php_uname('s') . ' ' . php_uname('r');
+		
+		$ret['myaac_version'] = MYAAC_VERSION;
+		$ret['myaac_db_version'] = DATABASE_VERSION;
+		
+		$query = $db->query('SELECT `value` FROM `server_config` WHERE `config` = ' . $db->quote('database_version'));
+		if($query->rowCount() == 1) {
+			$query = $query->fetch();
+			$ret['otserv_db_version'] = $query['value'];
+		}
+		
+		$ret['client_version'] = $config['client'];
+		
+		$ret['php_version'] = phpversion();
+		
+		$query = $db->query('SELECT VERSION() as `version`;');
+		if($query->rowCount() == 1) {
+			$query = $query->fetch();
+			$ret['mysql_version'] = $query['version'];
+		}
+		
+		$query = $db->query('SELECT SUM(ROUND(((DATA_LENGTH + INDEX_LENGTH) / 1024 ), 0)) AS "size"
+FROM INFORMATION_SCHEMA.TABLES
+WHERE TABLE_SCHEMA = "forgottenserver";');
+		
+		if($query->rowCount() == 1) {
+			$query = $query->fetch();
+			$ret['database_size'] = $query['size'];
+		}
+		
+		$ret['views_counter'] = getDatabaseConfig('views_counter');
+		
+		$query = $db->query('SELECT COUNT(`id`) as `size` FROM `accounts`;');
+		if($query->rowCount() == 1) {
+			$query = $query->fetch();
+			$ret['accounts_size'] = $query['size'];
+		}
+		
+		$query = $db->query('SELECT COUNT(`id`) as `size` FROM `players`;');
+		if($query->rowCount() == 1) {
+			$query = $query->fetch();
+			$ret['players_size'] = $query['size'];
+		}
+		
+		$query = $db->query('SELECT COUNT(`id`) as `size` FROM `' . TABLE_PREFIX . 'monsters`;');
+		if($query->rowCount() == 1) {
+			$query = $query->fetch();
+			$ret['monsters_size'] = $query['size'];
+		}
+		
+		$query = $db->query('SELECT COUNT(`id`) as `size` FROM `' . TABLE_PREFIX . 'spells`;');
+		if($query->rowCount() == 1) {
+			$query = $query->fetch();
+			$ret['spells_size'] = $query['size'];
+		}
+		
+		$ret['locales'] = get_locales();
+		$ret['plugins'] = array();
+		foreach(get_plugins() as $plugin) {
+			$string = file_get_contents(BASE . 'plugins/' . $plugin . '.json');
+			$plugin_info = json_decode($string, true);
+			if($plugin_info != false) {
+				if(isset($plugin_info['version'])) {
+					$ret['plugins'][$plugin] = $plugin_info['version'];
+				}
+			}
+		}
+		$ret['templates'] = get_templates();
+		
+		$ret['date_timezone'] = $config['date_timezone'];
+		$ret['backward_support'] = $config['backward_support'];
+		
+		$cache_engine = strtolower($config['cache_engine']);
+		if($cache_engine == 'auto') {
+			$cache_engine = Cache::detect();
+		}
+		
+		$ret['cache_engine'] = $cache_engine;
+		return $ret;
+	}
+}

system/libs/validator.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -86,13 +85,7 @@ class Validator
 			return false;
 		}
 		
-		if(strspn($name, "QWERTYUIOPASDFGHJKLZXCVBNM0123456789") != $length)
-		{
-			self::$lastError = 'Invalid account name format. Use only A-Z and numbers 0-9.';
-			return false;
-		}
-		
-		if(!preg_match("/[A-Z0-9]/", $name))
+		if(!preg_match("/[A-Z0-9]/i", $name))
 		{
 			self::$lastError = 'Invalid account name format. Use only A-Z and numbers 0-9.';
 			return false;
@@ -365,6 +358,11 @@ class Validator
 	 */
 	public static function guildName($name)
 	{
+		if(empty($name)) {
+			self::$lastError = 'Please enter guild name.';
+			return false;
+		}
+		
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789- ") != strlen($name)) {
 			self::$lastError = 'Invalid guild name format.';
 			return false;
@@ -387,6 +385,11 @@ class Validator
 	 */
 	public static function rankName($name)
 	{
+		if(empty($name)) {
+			self::$lastError = 'Please enter rank name.';
+			return false;
+		}
+		
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789-[ ] ") != strlen($name)) {
 			self::$lastError = 'Invalid rank name. Please use only a-Z, 0-9 and spaces.';
 			return false;

system/libs/visitors.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -102,12 +101,12 @@ class Visitors
 		if($this->cacheEnabled) {
 			foreach($this->data as $ip => &$details)
 				$details['ip'] = $ip;
-
+			
 			return $this->data;
 		}
-
+		
 		global $db;
-		return $db->query('SELECT ' . $db->fieldName('ip') . ', ' . $db->fieldName('lastvisit') . ', ' . $db->fieldName('page') . ' FROM ' . $db->tableName(TABLE_PREFIX . 'visitors') . ' ORDER BY ' . $db->fieldName('lastvisit') . ' DESC')->fetch();
+		return $db->query('SELECT ' . $db->fieldName('ip') . ', ' . $db->fieldName('lastvisit') . ', ' . $db->fieldName('page') . ' FROM ' . $db->tableName(TABLE_PREFIX . 'visitors') . ' ORDER BY ' . $db->fieldName('lastvisit') . ' DESC')->fetchAll();
 	}
 
 	public function getAmountVisitors()

system/libs/weapons.php

@@ -0,0 +1,81 @@
+<?php
+/**
+ * Weapons class
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+class Weapons {
+	private static $error = '';
+
+	public static function loadFromXML($show = false)
+	{
+		global $config, $db;
+		
+		try {
+			$db->query("DELETE FROM `myaac_weapons`;");
+		} catch (PDOException $error) {
+		}
+		
+		$file_path = $config['data_path'] . 'weapons/weapons.xml';
+		if (!file_exists($file_path)) {
+			self::$error = 'Cannot load file ' . $file_path;
+			return false;
+		}
+		
+		$xml = new DOMDocument;
+		$xml->load($file_path);
+		
+		foreach ($xml->getElementsByTagName('wand') as $weapon) {
+			self::parseNode($weapon, $show);
+		}
+		foreach ($xml->getElementsByTagName('melee') as $weapon) {
+			self::parseNode($weapon, $show);
+		}
+		foreach ($xml->getElementsByTagName('distance') as $weapon) {
+			self::parseNode($weapon, $show);
+		}
+		
+		return true;
+	}
+	
+	public static function parseNode($node, $show = false) {
+		global $config, $db;
+		
+		$id = (int)$node->getAttribute('id');
+		$vocations_ids = array_flip($config['vocations']);
+		$level = (int)$node->getAttribute('level');
+		$maglevel = (int)$node->getAttribute('maglevel');
+		
+		$vocations = array();
+		foreach($node->getElementsByTagName('vocation') as $vocation) {
+			$show = $vocation->getAttribute('showInDescription');
+			if(!empty($vocation->getAttribute('id')))
+				$voc_id = $vocation->getAttribute('id');
+			else {
+				$voc_id = $vocations_ids[$vocation->getAttribute('name')];
+			}
+			
+			$vocations[$voc_id] = strlen($show) == 0 || $show != '0';
+		}
+		
+		$exist = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'weapons` WHERE `id` = ' . $id);
+		if($exist->rowCount() > 0) {
+			if($show) {
+				warning('Duplicated weapon with id: ' . $id);
+			}
+		}
+		else {
+			$db->insert(TABLE_PREFIX . 'weapons', array('id' => $id, 'level' => $level, 'maglevel' => $maglevel, 'vocations' => json_encode($vocations)));
+		}
+	}
+	
+	public static function getError() {
+		return self::$error;
+	}
+}

system/locale/en/install.php

@@ -42,7 +42,6 @@ $locale['step_config'] = 'Configuration';
 $locale['step_config_title'] = 'Basic configuration';
 $locale['step_config_server_path'] = 'Server path';
 $locale['step_config_server_path_desc'] = 'Path to your TFS main directory, where you have config.lua located.';
-
 $locale['step_config_mail_admin'] = 'Admin E-Mail';
 $locale['step_config_mail_admin_desc'] = 'Address where emails from contact form will be delivered, for example admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'Admin E-Mail is not correct.';
@@ -51,6 +50,8 @@ $locale['step_config_mail_address_desc'] = 'Address which will be used for outgo
 $locale['step_config_mail_address_error'] = 'Server E-Mail is not correct.';
 $locale['step_config_client'] = 'Client version';
 $locale['step_config_client_desc'] = 'Used for download page and some templates';
+$locale['step_config_usage'] = 'Usage Statistics';
+$locale['step_config_usage_desc'] = 'Allow MyAAC to report anonymous usage statistics? The data is sent only once per 30 days and is fully confidential.';
 
 // database
 $locale['step_database'] = 'Import schema';
@@ -63,13 +64,14 @@ $locale['step_database_error_only_mysql'] = 'This AAC supports only MySQL. From
 $locale['step_database_error_table'] = 'Table $TABLE$ doesn\'t exist. Please import your OTS database schema first.';
 $locale['step_database_error_table_exist'] = 'Table $TABLE$ already exist. Seems AAC is already installed. Skipping importing MySQL schema..';
 $locale['step_database_error_schema'] = 'Error while importing schema:';
-$locale['step_database_success_schema'] = 'Succesfully installed $PREFIX$ tables.';
+$locale['step_database_success_schema'] = 'Successfully installed $PREFIX$ tables.';
 $locale['step_database_error_file'] = '$FILE$ couldn\'t be opened. Please copy this content and paste there:';
 $locale['step_database_adding_field'] = 'Adding field';
 $locale['step_database_modifying_field'] = 'Modifying field';
 $locale['step_database_changing_field'] = 'Changing $FIELD$ to $FIELD_NEW$...';
 $locale['step_database_imported_players'] = 'Imported player samples...';
-$locale['step_database_loaded_creatures'] = 'Loaded creatures...';
+$locale['step_database_loaded_monsters'] = 'Loaded monsters...';
+$locale['step_database_error_monsters'] = 'There were some problems loading your monsters.xml file. Please check $LOG$ for more info.';
 $locale['step_database_loaded_spells'] = 'Loaded spells...';
 $locale['step_database_created_account'] = 'Created admin account...';
 $locale['step_database_created_news'] = 'Created newses...';
@@ -79,10 +81,16 @@ $locale['step_admin'] = 'Admin Account';
 $locale['step_admin_title'] = 'Create Admin Account';
 $locale['step_admin_account'] = 'Admin account name';
 $locale['step_admin_account_desc'] = 'Name of your admin account, which will be used to login to website and server.';
-$locale['step_admin_account_id'] = 'Admin account id';
-$locale['step_admin_account_id_desc'] = 'ID of your admin account, which will be used to login to website and server.';
+$locale['step_admin_account_error_format'] = 'Invalid account name format. Use only a-Z and numbers 0-9. Minimum 3, maximum 32 characters.';
+$locale['step_admin_account_error_same'] = 'Password may not be the same as account name.';
+$locale['step_admin_account_id'] = 'Admin account number';
+$locale['step_admin_account_id_desc'] = 'Number of your admin account, which will be used to login to website and server.';
+$locale['step_admin_account_id_error_format'] = 'Invalid account number format. Please use only numbers 0-9. Minimum 6, maximum 10 characters.';
+$locale['step_admin_account_id_error_same'] = 'Password may not be the same as account number.';
 $locale['step_admin_password'] = 'Admin account password';
 $locale['step_admin_password_desc'] = 'Password to your admin account.';
+$locale['step_admin_password_error_empty'] = 'Please enter the password for your new account.';
+$locale['step_admin_password_error_format'] = 'Invalid password format. Use only a-Z and numbers 0-9. Minimum 8, maximum 30 characters.';
 
 // finish
 $locale['step_finish_admin_panel'] = 'Admin Panel';

system/locale/pl/install.php

@@ -42,11 +42,6 @@ $locale['step_config'] = 'Konfiguracja';
 $locale['step_config_title'] = 'Podstawowa konfiguracja';
 $locale['step_config_server_path'] = 'Ścieżka do serwera';
 $locale['step_config_server_path_desc'] = 'Ścieżka do Twojego folderu z TFS, gdzie znajduje się plik config.lua.';
-$locale['step_config_account'] = 'Konto administratora';
-$locale['step_config_account_desc'] = 'Nazwa twojego konta admina, która będzie używana do logowania na stronę i do serwera.';
-$locale['step_config_password'] = 'Hasło do konta admina';
-$locale['step_config_password_desc'] = 'Hasło do Twojego konta administratora.';
-
 $locale['step_config_mail_admin'] = 'E-Mail admina';
 $locale['step_config_mail_admin_desc'] = 'Na ten adres będą dostarczane E-Maile z formularza kontaktowego , przykładowo admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'E-Mail admina jest niepoprawny.';
@@ -55,13 +50,16 @@ $locale['step_config_mail_address_desc'] = 'Ten adres będzie używany do wysył
 $locale['step_config_mail_address_error'] = 'E-Mail serwera jest niepoprawny.';
 $locale['step_config_client'] = 'Wersja klienta';
 $locale['step_config_client_desc'] = 'Używana do strony pobieranie klienta oraz kilku szablonów';
+$locale['step_config_usage'] = 'Raportowanie Statystyk';
+$locale['step_config_usage_desc'] = 'Zezwalaj MyAAC na raportowanie anonimowych statystyk? Dane są wysyłane raz na 30 dni i są w pełni anonimowe.';
 
 // database
-$locale['step_database'] = 'Baza';
+$locale['step_database'] = 'Baza Danych';
 $locale['step_database_title'] = 'Baza MySQL';
 $locale['step_database_importing'] = 'Twoja baza to MySQL. Importowanie schematu...';
 $locale['step_database_error_path'] = 'Proszę podać ścieżkę do serwera.';
 $locale['step_database_error_config'] = 'Nie można znaleźć pliku config. Jest Twoja ścieżka do katalogu serwera poprawna? Wróć się i sprawdź ponownie.';
+$locale['step_database_error_database_empty'] = 'Nie można wykryć typu bazy danych z pliku config.lua. Prawdopodobnie Twój OTS nie jest wspierany przez ten AAC.';
 $locale['step_database_error_only_mysql'] = 'Ten AAC wspiera tylko bazy danych MySQL. Z Twojego pliku config wynika, że Twój serwera używa bazy: $DATABASE_TYPE$. Proszę zmienić typ bazy na MySQL i ponownie przystąpić do instalacji.';
 $locale['step_database_error_table'] = 'Tabela $TABLE$ nie istnieje. Proszę najpierw zaimportować schemat bazy danych serwera OTS.';
 $locale['step_database_error_table_exist'] = 'Tabela $TABLE$ już istnieje. Wygląda na to, że AAC został już zainstalowany. Schemat MySQL nie zostanie zaimportowany..';
@@ -72,9 +70,28 @@ $locale['step_database_adding_field'] = 'Dodawanie pola';
 $locale['step_database_modifying_field'] = 'Modyfikacja pola';
 $locale['step_database_changing_field'] = 'Zmiana $FIELD$ na $FIELD_NEW$...';
 $locale['step_database_imported_players'] = 'Importowanie schematów graczy...';
+$locale['step_database_loaded_monsters'] = 'Załadowano potworki (monsters)...';
+$locale['step_database_error_monsters'] = 'Wystąpiły problemy podczas ładowania pliku monsters.xml. Zobacz $LOG$ po więcej informacji.';
+$locale['step_database_loaded_spells'] = 'Załadowano czary (spells)...';
 $locale['step_database_created_account'] = 'Utworzono konto admina...';
 $locale['step_database_created_news'] = 'Utworzono newsy...';
 
+// admin account
+$locale['step_admin'] = 'Konto Admina';
+$locale['step_admin_title'] = 'Tworzenie Konta Admina';
+$locale['step_admin_account'] = 'Nazwa Konta Admina';
+$locale['step_admin_account_desc'] = 'Nazwa Twojego konta admina, która będzie używana do logowania na stronę i do serwera.';
+$locale['step_admin_account_error_format'] = 'Nieprawidłowy format nazwy konta. Używaj tylko znaków a-Z oraz liczb 0-9. Minimum 3, maksimum 32 znaków.';
+$locale['step_admin_account_error_same'] = 'Hasło nie może być takie same jak nazwa konta.';
+$locale['step_admin_account_id'] = 'Numer Konta Admina';
+$locale['step_admin_account_id_desc'] = 'Numer Twojego Konta Admina, który będzie używany do logowania do strony i na serwer.';
+$locale['step_admin_account_id_error_format'] = 'Nieprawidłowy format numeru konta. Używaj tylko liczb 0-9. Minimum 6, maksimum 10 znaków.';
+$locale['step_admin_account_id_error_same'] = 'Hasło nie może być takie same jak numer konta.';
+$locale['step_admin_password'] = 'Hasło Konta Admina';
+$locale['step_admin_password_desc'] = 'Hasło do Twojego Konta Admina.';
+$locale['step_admin_password_error_empty'] = 'Proszę podać hasło do Twojego nowego konta.';
+$locale['step_admin_password_error_format'] = 'Nieprawidłowy format hasła. Używaj tylko znaków a-Z oraz liczb 0-9. Minimum 8, maksimum 30 characters.';
+
 // finish
 $locale['step_finish_admin_panel'] = 'Panelu Admina';
 $locale['step_finish_homepage'] = 'stronę główną';

system/login.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -13,11 +12,13 @@ $logged = false;
 $logged_flags = 0;
 
 $action = isset($_REQUEST['action']) ? strtolower($_REQUEST['action']) : '';
-if($action == 'logout' && !isset($_REQUEST['account_login']))
+define('ACTION', $action);
+
+if(ACTION == 'logout' && !isset($_REQUEST['account_login']))
 {
-	unset($_SESSION['account']);
-	unset($_SESSION['password']);
-	unset($_SESSION['remember_me']);
+	unsetSession('account');
+	unsetSession('password');
+	unsetSession('remember_me');
 
 	if(isset($_REQUEST['redirect']))
 	{
@@ -68,19 +69,19 @@ else
 				&& (!isset($t) || $t['attempts'] < 5)
 				)
 			{
-				$_SESSION['account'] = $account_logged->getId();
-				$_SESSION['password'] = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password);
+				setSession('account', $account_logged->getId());
+				setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password));
 				if(isset($_POST['remember_me']))
-					$_SESSION['remember_me'] = true;
+					setSession('remember_me', true);
 
 				$logged = true;
 				$logged_flags = $account_logged->getWebFlags();
 				
 				if(isset($_POST['admin']) && !admin()) {
 					$errors[] = 'This account has no admin privileges.';
-					unset($_SESSION['account']);
-					unset($_SESSION['password']);
-					unset($_SESSION['remember_me']);
+					unsetSession('account');
+					unsetSession('password');
+					unsetSession('remember_me');
 					$logged = false;
 				}
 				else {
@@ -119,19 +120,20 @@ else
 	}
 
 	// stay-logged with sessions
-	if(isset($_SESSION['account']))
+	$current_session = getSession('account');
+	if($current_session !== false)
 	{
 		$account_logged = new OTS_Account();
-		$account_logged->load($_SESSION['account']);
-		if($account_logged->isLoaded() && $account_logged->getPassword() == $_SESSION['password']
+		$account_logged->load($current_session);
+		if($account_logged->isLoaded() && $account_logged->getPassword() == getSession('password')
 			//&& (!isset($_SESSION['admin']) || admin())
-			&& (isset($_SESSION['remember_me']) || $_SESSION['last_visit'] > time() - 15 * 60)) {  // login for 15 minutes if "remember me" is not used
+			&& (getSession('remember_me') !== false || getSession('last_visit') > time() - 15 * 60)) {  // login for 15 minutes if "remember me" is not used
 				$logged = true;
 		}
 		else
 		{
 			$logged = false;
-			unset($_SESSION['account']);
+			unsetSession('account');
 			unset($account_logged);
 		}
 	}
@@ -143,8 +145,9 @@ else
 	}
 }
 
-$_SESSION['last_visit'] = time();
-if(defined('PAGE'))
-	$_SESSION['last_page'] = PAGE;
-$_SESSION['last_uri'] = $_SERVER['REQUEST_URI'];
+setSession('last_visit', time());
+if(defined('PAGE')) {
+	setSession('last_page', PAGE);
+}
+setSession('last_uri', $_SERVER['REQUEST_URI']);
 ?>

system/migrations/12.php

@@ -0,0 +1,49 @@
+<?php
+
+// add new item_id field for runes
+if(!fieldExist('item_id', TABLE_PREFIX . 'spells'))
+	$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` ADD `item_id` INT(11) NOT NULL DEFAULT 0 AFTER `conjure_count`;");
+
+// change unique index from spell to name
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` DROP INDEX `spell`;");
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` ADD UNIQUE INDEX (`name`);");
+
+// change comment of spells.type
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` MODIFY `type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune';");
+
+// new items table
+if(!tableExist(TABLE_PREFIX . 'items'))
+$db->query("
+CREATE TABLE `" . TABLE_PREFIX . "items`
+(
+	`id` INT(11) NOT NULL,
+	`article` VARCHAR(5) NOT NULL DEFAULT '',
+	`name` VARCHAR(50) NOT NULL DEFAULT '',
+	`plural` VARCHAR(50) NOT NULL DEFAULT '',
+	`attributes` VARCHAR(500) NOT NULL DEFAULT '',
+	PRIMARY KEY (`id`)
+) ENGINE = MyISAM;");
+
+// new weapons table
+if(!tableExist(TABLE_PREFIX . 'weapons'))
+$db->query("
+CREATE TABLE `" . TABLE_PREFIX . "weapons`
+(
+	`id` INT(11) NOT NULL,
+	`level` INT(11) NOT NULL DEFAULT 0,
+	`maglevel` INT(11) NOT NULL DEFAULT 0,
+	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
+	PRIMARY KEY (`id`)
+) ENGINE = MyISAM;");
+
+// modify vocations to support json data
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` MODIFY `vocations` VARCHAR(100) NOT NULL DEFAULT '';");
+$query = $db->query('SELECT `id`, `vocations` FROM `' . TABLE_PREFIX . 'spells`');
+foreach($query->fetchAll() as $spell) {
+	$tmp = explode(',', $spell['vocations']);
+	foreach($tmp as &$v) {
+		$v = (int)$v;
+	}
+	$db->update(TABLE_PREFIX . 'spells', array('vocations' => json_encode($tmp)), array('id' => $spell['id']));
+}
+?>

system/migrations/13.php

@@ -0,0 +1,4 @@
+<?php
+	if(fieldExist('spell', TABLE_PREFIX . 'spells'))
+		$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` DROP COLUMN `spell`;");
+?>

system/migrations/14.php

@@ -0,0 +1,18 @@
+<?php
+
+// change monsters.file_path field to loot
+if(fieldExist('file_path', TABLE_PREFIX . 'monsters')) {
+	$db->query("ALTER TABLE `" . TABLE_PREFIX . "monsters` CHANGE `file_path` `loot` VARCHAR(5000);");
+}
+
+// update loot to empty string
+$db->query("UPDATE `" . TABLE_PREFIX . "monsters` SET `loot` = '';");
+
+// drop monsters.gfx_name field
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "monsters` DROP COLUMN `gfx_name`;");
+
+// rename hide_creature to hidden
+if(fieldExist('hide_creature', TABLE_PREFIX . 'monsters')) {
+	$db->query("ALTER TABLE `" . TABLE_PREFIX . "monsters` CHANGE `hide_creature` `hidden` TINYINT(1) NOT NULL DEFAULT 0;");
+}
+?>

system/migrations/15.php

@@ -0,0 +1,11 @@
+<?php
+
+// add new forum.guild and forum.access fields
+if(!fieldExist('guild', TABLE_PREFIX . 'forum_boards')) {
+	$db->query("ALTER TABLE `" . TABLE_PREFIX . "forum_boards` ADD `guild` TINYINT(1) NOT NULL DEFAULT 0 AFTER `closed`;");
+}
+
+if(!fieldExist('access', TABLE_PREFIX . 'forum_boards')) {
+	$db->query("ALTER TABLE `" . TABLE_PREFIX . "forum_boards` ADD `access` TINYINT(1) NOT NULL DEFAULT 0 AFTER `guild`;");
+}
+?>

system/migrations/16.php

@@ -0,0 +1,5 @@
+<?php
+
+// change size of spells.vocations
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` MODIFY `vocations` VARCHAR(300) NOT NULL DEFAULT '';");
+?>

system/migrations/17.php

@@ -0,0 +1,88 @@
+<?php
+
+if(!tableExist('myaac_menu')) {
+	$db->query("
+CREATE TABLE `myaac_menu`
+(
+	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`template` VARCHAR(255) NOT NULL,
+	`name` VARCHAR(255) NOT NULL,
+	`link` VARCHAR(255) NOT NULL,
+	`category` INT(11) NOT NULL DEFAULT 1,
+	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`enabled` INT(1) NOT NULL DEFAULT 1,
+	PRIMARY KEY (`id`)
+) ENGINE = MyISAM;");
+	
+	$db->query("
+/* MENU_CATEGORY_NEWS kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Latest News', 'news', 1, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'News Archive', 'news/archive', 1, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Changelog', 'changelog', 1, 2);
+/* MENU_CATEGORY_ACCOUNT kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Account Management', 'account/manage', 2, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Create Account', 'account/create', 2, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Lost Account?', 'account/lost', 2, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Rules', 'rules', 2, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Downloads', 'downloads', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Report Bug', 'bugtracker', 2, 5);
+/* MENU_CATEGORY_COMMUNITY kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Who is Online?', 'online', 3, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Characters', 'characters', 3, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Guilds', 'guilds', 3, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Highscores', 'highscores', 3, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Last Deaths', 'lastkills', 3, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Houses', 'houses', 3, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Bans', 'bans', 3, 6);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Forum', 'forum', 3, 7);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Team', 'team', 3, 8);
+/* MENU_CATEGORY_LIBRARY kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Monsters', 'creatures', 5, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Spells', 'spells', 5, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Info', 'serverInfo', 5, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Commands', 'commands', 5, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Gallery', 'gallery', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Experience Table', 'experienceTable', 5, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'FAQ', 'faq', 5, 6);
+/* MENU_CATEGORY_SHOP kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Buy Points', 'points', 6, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop Offer', 'gifts', 6, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop History', 'gifts/history', 6, 2);
+/* MENU_CATEGORY_NEWS tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Latest News', 'news', 1, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'News Archive', 'news/archive', 1, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Changelog', 'changelog', 1, 2);
+/* MENU_CATEGORY_ACCOUNT tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Account Management', 'account/manage', 2, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Create Account', 'account/create', 2, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Lost Account?', 'account/lost', 2, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Rules', 'rules', 2, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Downloads', 'downloads', 2, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Report Bug', 'bugtracker', 2, 5);
+/* MENU_CATEGORY_COMMUNITY tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Characters', 'characters', 3, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Who Is Online?', 'online', 3, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Highscores', 'highscores', 3, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Last Kills', 'lastkills', 3, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Houses', 'houses', 3, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Guilds', 'guilds', 3, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Polls', 'polls', 3, 6);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Bans', 'bans', 3, 7);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Support List', 'team', 3, 8);
+/* MENU_CATEGORY_FORUM tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Forum', 'forum', 4, 0);
+/* MENU_CATEGORY_LIBRARY tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Creatures', 'creatures', 5, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Spells', 'spells', 5, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Commands', 'commands', 5, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Exp Stages', 'experienceStages', 5, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Gallery', 'gallery', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Info', 'serverInfo', 5, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Experience Table', 'experienceTable', 5, 6);
+/* MENU_CATEGORY_SHOP tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Buy Points', 'points', 6, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop Offer', 'gifts', 6, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop History', 'gifts/history', 6, 2);
+	");
+}
+?>

system/migrations/18.php

@@ -0,0 +1,6 @@
+<?php
+
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "news` ADD `article_text` VARCHAR(300) NOT NULL DEFAULT '' AFTER `comments`;");
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "news` ADD `article_image` VARCHAR(100) NOT NULL DEFAULT '' AFTER `article_text`;");
+
+?>

system/migrations/19.php

@@ -0,0 +1,3 @@
+<?php
+// this migration has been removed, but file kept for compability
+?>

system/migrations/20.php

@@ -0,0 +1,39 @@
+<?php
+
+$config_file = BASE . 'config.local.php';
+if(!is_writable($config_file)) { // we can't do anything, just ignore
+	return;
+}
+
+$content_of_file = trim(file_get_contents($config_file));
+if(strpos($content_of_file, 'highscores_ids_hidden') !== false) { // already present
+	return;
+}
+
+$query = $db->query("SELECT `id` FROM `players` WHERE (`name` = " . $db->quote("Rook Sample") . " OR `name` = " . $db->quote("Sorcerer Sample") . " OR `name` = " . $db->quote("Druid Sample") . " OR `name` = " . $db->quote("Paladin Sample") . " OR `name` = " . $db->quote("Knight Sample") . ") ORDER BY `id`;");
+
+$highscores_ignored_ids = array();
+if($query->rowCount() > 0) {
+	foreach($query->fetchAll() as $result)
+		$highscores_ignored_ids[] = $result['id'];
+}
+else {
+	$highscores_ignored_ids[] = 0;
+}
+
+$php_on_end = substr($content_of_file, -2, 2) == '?>';
+$content = PHP_EOL;
+if($php_on_end) {
+	$content .= '<?php';
+}
+
+$content .= PHP_EOL;
+$content .= '$config[\'highscores_ids_hidden\'] = array(' . implode(', ', $highscores_ignored_ids) . ');';
+$content .= PHP_EOL;
+
+if($php_on_end) {
+	$content .= '?>';
+}
+
+file_put_contents($config_file, $content, FILE_APPEND);
+?>

system/pages/404.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account.php

@@ -1,25 +1,16 @@
 <?php
 /**
  * Account confirm mail
+ * Keept for compability
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = 'Account';
 
-if($action == 'confirm_email')
-{
-	$res = $db->query('SELECT email_hash FROM accounts WHERE email_hash = ' . $db->quote($_GET['v']));
-	if(!$res->rowCount())
-		echo '<div class="note">Your email couldn\'t be verified. Please contact staff to do it manually.</div>';
-	else
-	{
-		$db->update('accounts', array('email_verified' => '1'), array('email_hash' => $_GET['v']));
-		echo '<div class="success">You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.</div>';
-	}
+if($action == 'confirm_email') {
+	require_once(PAGES . 'account/confirm_email.php');
 }
 ?>

system/pages/account/change_comment.php

@@ -0,0 +1,59 @@
+<?php
+/**
+ * Change comment
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$player_name = isset($_REQUEST['name']) ? stripslashes(urldecode($_REQUEST['name'])) : null;
+$new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
+$new_hideacc = isset($_POST['accountvisible']) ? (int)$_POST['accountvisible'] : NULL;
+
+if($player_name != null) {
+	if (Validator::characterName($player_name)) {
+		$player = new OTS_Player();
+		$player->find($player_name);
+		if ($player->isLoaded()) {
+			$player_account = $player->getAccount();
+			if ($account_logged->getId() == $player_account->getId()) {
+				if (isset($_POST['changecommentsave']) && $_POST['changecommentsave'] == 1) {
+					$player->setCustomField("hidden", $new_hideacc);
+					$player->setCustomField("comment", $new_comment);
+					$account_logged->logAction('Changed comment for character <b>' . $player->getName() . '</b>.');
+					echo $twig->render('success.html.twig', array(
+						'title' => 'Character Information Changed',
+						'description' => 'The character information has been changed.'
+					));
+					$show_form = false;
+				}
+			} else {
+				$errors[] = 'Error. Character <b>' . $player_name . '</b> is not on your account.';
+			}
+		} else {
+			$errors[] = "Error. Character with this name doesn't exist.";
+		}
+	} else {
+		$errors[] = 'Error. Name contain illegal characters.';
+	}
+}
+else {
+	$errors[] = 'Please enter character name.';
+}
+
+if($show_form) {
+	if(!empty($errors)) {
+		echo $twig->render('error_box.html.twig', array('errors' => $errors));
+	}
+	
+	if(isset($player)) {
+		echo $twig->render('account.change_comment.html.twig', array(
+			'player' => $player
+		));
+	}
+}
+?>

system/pages/account/change_email.php

@@ -0,0 +1,162 @@
+<?php
+/**
+ * Change Email
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$email_new_time = $account_logged->getCustomField("email_new_time");
+
+if($email_new_time > 10) {
+	$email_new = $account_logged->getCustomField("email_new");
+}
+
+if($email_new_time < 10) {
+	if(isset($_POST['changeemailsave']) && $_POST['changeemailsave'] == 1) {
+		$email_new = $_POST['new_email'];
+		$post_password = $_POST['password'];
+		
+		if(!Validator::email($email_new)) {
+			$errors[] = Validator::getLastError();
+		}
+		
+		if(empty($post_password)) {
+			$errors[] = 'Please enter password to your account.';
+		}
+		else {
+			$post_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $post_password);
+			if($post_password != $account_logged->getPassword()) {
+				$errors[] = 'Wrong password to account.';
+			}
+		}
+		
+		if(empty($errors)) {
+			$email_new_time = time() + $config['account_mail_change'] * 24 * 3600;
+			$account_logged->setCustomField("email_new", $email_new);
+			$account_logged->setCustomField("email_new_time", $email_new_time);
+			echo $twig->render('success.html.twig', array(
+				'title' => 'New Email Address Requested',
+				'description' => 'You have requested to change your email address to <b>' . $email_new . '</b>. The actual change will take place after <b>' . date("j F Y, G:i:s", $email_new_time) . '</b>, during which you can cancel the request at any time.'
+			));
+		}
+		else
+		{
+			//show errors
+			echo $twig->render('error_box.html.twig', array('errors' => $errors));
+			
+			//show form
+			echo $twig->render('account.change_mail.html.twig', array(
+				'new_email' => isset($_POST['new_email']) ? $_POST['new_email'] : null
+			));
+		}
+	}
+	else
+	{
+		echo $twig->render('account.change_mail.html.twig', array(
+			'new_email' => isset($_POST['new_email']) ? $_POST['new_email'] : null
+		));
+	}
+	
+}
+else
+{
+	if($email_new_time < time()) {
+		if($_POST['changeemailsave'] == 1) {
+			$account_logged->setCustomField("email_new", "");
+			$account_logged->setCustomField("email_new_time", 0);
+			$account_logged->setEmail($email_new);
+			$account_logged->save();
+			$account_logged->logAction('Account email changed to <b>' . $email_new . '</b>');
+			
+			echo $twig->render('success.html.twig', array(
+				'title' => 'Email Address Change Accepted',
+				'description' => 'You have accepted <b>' . $account_logged->getEmail() . '</b> as your new email adress.'
+			));
+		}
+		else
+		{
+			$custom_buttons = '
+<table width="100%">
+	<tr>
+		<td width="30">&nbsp;</td>
+		<td align=left>
+			<form action="' . getLink('account/email') . '" method="post"><input type="hidden" name="changeemailsave" value=1 >
+				<INPUT TYPE=image NAME="I Agree" SRC="' . $template_path . '/images/global/buttons/sbutton_iagree.gif" BORDER=0 WIDTH=120 HEIGHT=17>
+			</form>
+		</td>
+		<td align=left>
+			<form action="' . getLink('account/email') . '" method="post">
+				<input type="hidden" name="emailchangecancel" value=1 >
+				' . $twig->render('buttons.cancel.html.twig') . '
+			</form>
+		</td>
+		<td align=right>
+			<form action="?subtopic=accountmanagement" method="post" >
+				' . $twig->render('buttons.back.html.twig') . '
+			</form>
+		</td>
+		<td width="30">&nbsp;</td>
+	</tr>
+</table>';
+			echo $twig->render('success.html.twig', array(
+				'title' => 'Email Address Change Accepted',
+				'description' => 'Do you accept <b>'.$email_new.'</b> as your new email adress?',
+				'custom_buttons' => $custom_buttons
+			));
+		}
+	}
+	else
+	{
+		$custom_buttons = '
+<table style="width:100%;" >
+	<tr align="center">
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0" >
+				<form action="{{ ' .getLink('account/email') . ' }}" method="post" >
+					<tr>
+						<td style="border:0px;" >
+							<input type="hidden" name="emailchangecancel" value="1" >
+							' . $twig->render('buttons.cancel.html.twig') . '
+						</td>
+					</tr>
+				</form>
+			</table>
+		</td>
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0" >
+				<form action="' . getLink('account/manage') . '" method="post" >
+					<tr>
+						<td style="border:0px;" >
+							' . $twig->render('buttons.back.html.twig') . '
+						</td>
+					</tr>
+				</form>
+			</table>
+		</td>
+	</tr>
+</table>';
+		echo $twig->render('success.html.twig', array(
+			'title' => 'Change of Email Address',
+			'description' => 'A request has been submitted to change the email address of this account to <b>'.$email_new.'</b>.<br/>The actual change will take place on <b>'.date("j F Y, G:i:s", $email_new_time).'</b>.<br>If you do not want to change your email address, please click on "Cancel".',
+			'custom_buttons' => $custom_buttons
+		));
+	}
+}
+if(isset($_POST['emailchangecancel']) && $_POST['emailchangecancel'] == 1) {
+	$account_logged->setCustomField("email_new", "");
+	$account_logged->setCustomField("email_new_time", 0);
+	
+	$custom_buttons = '<center><table border="0" cellspacing="0" cellpadding="0" ><form action="?subtopic=accountmanagement" method="post" ><tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></center>';
+	
+	echo $twig->render('success.html.twig', array(
+		'title' => 'Email Address Change Cancelled',
+		'description' => 'Your request to change the email address of your account has been cancelled. The email address will not be changed.',
+		'custom_buttons' => $custom_buttons
+	));
+}
+?>

system/pages/account/change_info.php

@@ -0,0 +1,61 @@
+<?php
+/**
+ * Change info
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$show_form = true;
+$new_rlname = isset($_POST['info_rlname']) ? htmlspecialchars(stripslashes($_POST['info_rlname'])) : NULL;
+$new_location = isset($_POST['info_location']) ? htmlspecialchars(stripslashes($_POST['info_location'])) : NULL;
+$new_country = isset($_POST['info_country']) ? htmlspecialchars(stripslashes($_POST['info_country'])) : NULL;
+if(isset($_POST['changeinfosave']) && $_POST['changeinfosave'] == 1) {
+	if(!isset($config['countries'][$new_country]))
+		$errors[] = 'Country is not correct.';
+	
+	if(empty($errors)) {
+		//save data from form
+		$account_logged->setCustomField("rlname", $new_rlname);
+		$account_logged->setCustomField("location", $new_location);
+		$account_logged->setCustomField("country", $new_country);
+		$account_logged->logAction('Changed Real Name to <b>' . $new_rlname . '</b>, Location to <b>' . $new_location . '</b> and Country to <b>' . $config['countries'][$new_country] . '</b>.');
+		echo $twig->render('success.html.twig', array(
+			'title' => 'Public Information Changed',
+			'description' => 'Your public information has been changed.'
+		));
+		$show_form = false;
+	}
+	else {
+		echo $twig->render('error_box.html.twig', array('errors' => $errors));
+	}
+}
+
+//show form
+if($show_form) {
+	$account_rlname = $account_logged->getCustomField("rlname");
+	$account_location = $account_logged->getCustomField("location");
+	if ($config['account_country'])
+		$account_country = $account_logged->getCustomField("country");
+	
+	$countries = array();
+	foreach (array('pl', 'se', 'br', 'us', 'gb',) as $country)
+		$countries[$country] = $config['countries'][$country];
+	
+	$countries['--'] = '----------';
+	
+	foreach ($config['countries'] as $code => $country)
+		$countries[$code] = $country;
+	
+	echo $twig->render('account.change_info.html.twig', array(
+		'countries' => $countries,
+		'account_rlname' => $account_rlname,
+		'account_location' => $account_location,
+		'account_country' => $account_country
+	));
+}
+?>

system/pages/account/change_name.php

@@ -0,0 +1,92 @@
+<?php
+/**
+ * Change characters name
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+echo '<script type="text/javascript" src="tools/check_name.js"></script>';
+
+$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
+$name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : NULL;
+if((!$config['account_change_character_name']))
+	echo 'Changing character name for premium points is disabled on this server.';
+else
+{
+	$points = $account_logged->getCustomField('premium_points');
+	if(isset($_POST['changenamesave']) && $_POST['changenamesave'] == 1) {
+		if($points < $config['account_change_character_name_points'])
+			$errors[] = 'You need ' . $config['account_change_character_name_points'] . ' premium points to change name. You have <b>'.$points.'<b> premium points.';
+		
+		if(empty($errors) && empty($name))
+			$errors[] = 'Please enter a new name for your character!';
+		else if(strlen($name) > 25)
+			$errors[] = 'Name is too long. Max. lenght <b>25</b> letters.';
+		else if(strlen($name) < 3)
+			$errors[] = 'Name is too short. Min. lenght <b>3</b> letters.';
+		else {
+			$exist = new OTS_Player();
+			$exist->find($name);
+			if($exist->isLoaded()) {
+				$errors[] = 'Character with this name already exist.';
+			}
+		}
+		
+		if(empty($errors))
+		{
+			if(!admin() && !Validator::newCharacterName($name))
+				$errors[] = Validator::getLastError();
+		}
+		
+		if(empty($errors)) {
+			$player = new OTS_Player();
+			$player->load($player_id);
+			if($player->isLoaded()) {
+				$player_account = $player->getAccount();
+				if($account_logged->getId() == $player_account->getId()) {
+					if($player->isOnline()) {
+						$errors[] = 'This character is online.';
+					}
+					
+					if(empty($errors)) {
+						$show_form = false;
+						$old_name = $player->getName();
+						$player->setName($name);
+						$player->save();
+						$account_logged->setCustomField("premium_points", $points - $config['account_change_character_name_points']);
+						$account_logged->logAction('Changed name from <b>' . $old_name . '</b> to <b>' . $player->getName() . '</b>.');
+						echo $twig->render('success.html.twig', array(
+							'title' => 'Character Name Changed',
+							'description' => 'The character <b>'.$old_name.'</b> name has been changed to <b>' . $player->getName() . '</b>.'
+						));
+					}
+				}
+				else {
+					$errors[] = 'Character <b>' . $player_name . '</b> is not on your account.';
+				}
+			}
+			else {
+				$errors[] = "Character with this name doesn't exist.";
+			}
+		}
+	}
+	
+	if($show_form) {
+		if(!empty($errors)) {
+			echo $twig->render('error_box.html.twig', array('errors' => $errors));
+		}
+		
+		echo $twig->render('account.change_name.html.twig', array(
+			'points' => $points,
+			'errors' => $errors
+			//'account_players' => $account_logged->getPlayersList()
+		));
+	}
+}
+
+?>

system/pages/account/change_password.php

@@ -0,0 +1,83 @@
+<?php
+/**
+ * Change password
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$new_password = isset($_POST['newpassword']) ? $_POST['newpassword'] : NULL;
+$new_password2 = isset($_POST['newpassword2']) ? $_POST['newpassword2'] : NULL;
+$old_password = isset($_POST['oldpassword']) ? $_POST['oldpassword'] : NULL;
+if(empty($new_password) && empty($new_password2) && empty($old_password)) {
+	echo $twig->render('account.change_password.html.twig');
+}
+else
+{
+	if(empty($new_password) || empty($new_password2) || empty($old_password)){
+		$errors[] = "Please fill in form.";
+	}
+	$password_strlen = strlen($new_password);
+	if($new_password != $new_password2) {
+		$errors[] = "The new passwords do not match!";
+	}
+	
+	if(empty($errors)) {
+		if(!Validator::password($new_password)) {
+			$errors[] = Validator::getLastError();
+		}
+		
+		$old_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $old_password);
+		if($old_password != $account_logged->getPassword()) {
+			$errors[] = "Current password is incorrect!";
+		}
+	}
+	if(!empty($errors)){
+		//show errors
+		echo $twig->render('error_box.html.twig', array('errors' => $errors));
+		
+		//show form
+		echo $twig->render('account.change_password.html.twig');
+	}
+	else
+	{
+		$org_pass = $new_password;
+		
+		if($config_salt_enabled)
+		{
+			$salt = generateRandomString(10, false, true, true);
+			$new_password = $salt . $new_password;
+			$account_logged->setCustomField('salt', $salt);
+		}
+		
+		$new_password = encrypt($new_password);
+		$account_logged->setPassword($new_password);
+		$account_logged->save();
+		$account_logged->logAction('Account password changed.');
+		
+		$message = '';
+		if($config['mail_enabled'] && $config['send_mail_when_change_password'])
+		{
+			$mailBody = $twig->render('mail.password_changed.html.twig', array(
+				'new_password' => $org_pass
+			));
+			
+			if(_mail($account_logged->getEMail(), $config['lua']['serverName']." - Changed password", $mailBody))
+				$message = '<br/><small>Your new password were send on email address <b>'.$account_logged->getEMail().'</b>.</small>';
+			else
+				$message = '<br/><p class="error">An error occorred while sending email with password:<br/>' . $mailer->ErrorInfo . '</p>';
+		}
+		
+		echo $twig->render('success.html.twig', array(
+			'title' => 'Password Changed',
+			'description' => 'Your password has been changed.' . $message
+		));
+		setSession('password', $new_password);
+	}
+}
+
+?>

system/pages/account/change_sex.php

@@ -0,0 +1,88 @@
+<?php
+/**
+ * Change sex
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$sex_changed = false;
+$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
+$new_sex = isset($_POST['new_sex']) ? (int)$_POST['new_sex'] : NULL;
+if((!$config['account_change_character_sex']))
+	echo 'You cant change your character sex';
+else
+{
+	$points = $account_logged->getCustomField('premium_points');
+	if(isset($_POST['changesexsave']) && $_POST['changesexsave'] == 1) {
+		if($points < $config['account_change_character_sex_points'])
+			$errors[] = 'You need ' . $config['account_change_character_sex_points'] . ' premium points to change sex. You have <b>'.$points.'</b> premium points.';
+		
+		if(empty($errors) && !isset($config['genders'][$new_sex])) {
+			$errors[] = 'This sex is invalid.';
+		}
+		
+		if(empty($errors)) {
+			$player = new OTS_Player();
+			$player->load($player_id);
+			
+			if($player->isLoaded()) {
+				$player_account = $player->getAccount();
+				
+				if($account_logged->getId() == $player_account->getId()) {
+					if($player->isOnline()) {
+						$errors[] = 'This character is online.';
+					}
+					
+					if(empty($errors) && $player->getSex() == $new_sex)
+						$errors[] = 'Sex cannot be same';
+					
+					if(empty($errors)) {
+						$sex_changed = true;
+						$old_sex = $player->getSex();
+						$player->setSex($new_sex);
+						
+						$old_sex_str = 'Unknown';
+						if(isset($config['genders'][$old_sex]))
+							$old_sex_str = $config['genders'][$old_sex];
+						
+						$new_sex_str = 'Unknown';
+						if(isset($config['genders'][$new_sex]))
+							$new_sex_str = $config['genders'][$new_sex];
+						
+						$player->save();
+						$account_logged->setCustomField("premium_points", $points - $config['account_change_character_name_points']);
+						$account_logged->logAction('Changed sex on character <b>' . $player->getName() . '</b> from <b>' . $old_sex_str . '</b> to <b>' . $new_sex_str . '</b>.');
+						echo $twig->render('success.html.twig', array(
+							'title' => 'Character Sex Changed',
+							'description' => 'The character <b>' . $player->getName() . '</b> sex has been changed to <b>' . $new_sex_str . '</b>.'
+						));
+					}
+				}
+				else {
+					$errors[] = 'Character <b>'.$player_name.'</b> is not on your account.';
+				}
+			}
+			else {
+				$errors[] = "Character with this name doesn't exist.";
+			}
+		}
+	}
+	
+	if(!$sex_changed) {
+		if(!empty($errors)) {
+			echo $twig->render('error_box.html.twig', array('errors' => $errors));
+		}
+		echo $twig->render('account.change_sex.html.twig', array(
+			'players' => $account_logged->getPlayersList(),
+			'player_sex' => isset($player) ? $player->getSex() : -1,
+			'points' => $points
+		));
+	}
+}
+
+?>

system/pages/account/confirm_email.php

@@ -0,0 +1,29 @@
+<?php
+/**
+ * Account confirm mail
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$title = 'Confirm Email';
+
+$hash = isset($_GET['v']) ? $_GET['v'] : '';
+if(empty($hash)) {
+	warning('Please enter email hash code.<br/>If you copied the link, please try again with full link.');
+	return;
+}
+
+$res = $db->query('SELECT `email_hash` FROM `accounts` WHERE `email_hash` = ' . $db->quote($hash));
+if(!$res->rowCount()) {
+	note("Your email couldn't be verified. Please contact staff to do it manually.");
+}
+else
+{
+	$db->update('accounts', array('email_verified' => '1'), array('email_hash' => $hash));
+	success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.');
+}
+?>

system/pages/account/create_character.php

@@ -0,0 +1,207 @@
+<?php
+/**
+ * Create character
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+echo '<script type="text/javascript" src="tools/check_name.js"></script>';
+$newchar_name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : NULL;
+$newchar_sex = isset($_POST['sex']) ? $_POST['sex'] : NULL;
+$newchar_vocation = isset($_POST['vocation']) ? $_POST['vocation'] : NULL;
+$newchar_town = isset($_POST['town']) ? $_POST['town'] : NULL;
+
+$newchar_created = false;
+$save = isset($_POST['save']) && $_POST['save'] == 1;
+if($save) {
+	if(empty($newchar_name))
+		$errors['name'] = 'Please enter a name for your character!';
+	else if(strlen($newchar_name) > 25)
+		$errors['name'] = 'Name is too long. Max. lenght <b>25</b> letters.';
+	else if(strlen($newchar_name) < 3)
+		$errors['name'] = 'Name is too short. Min. lenght <b>3</b> letters.';
+	else {
+		if(!admin() && !Validator::newCharacterName($newchar_name)) {
+			$errors['name'] = Validator::getLastError();
+		}
+		
+		$exist = new OTS_Player();
+		$exist->find($newchar_name);
+		if($exist->isLoaded()) {
+			$errors['name'] = 'Character with this name already exist.';
+		}
+	}
+	
+	if(empty($newchar_sex) && $newchar_sex != "0")
+		$errors[] = 'Please select the sex for your character!';
+	
+	if(count($config['character_samples']) > 1)
+	{
+		if(!isset($newchar_vocation))
+			$errors[] = 'Please select a vocation for your character.';
+	}
+	else
+		$newchar_vocation = $config['character_samples'][0];
+	
+	if(count($config['character_towns']) > 1) {
+		if(!isset($newchar_town))
+			$errors[] = 'Please select a town for your character.';
+	}
+	else {
+		$newchar_town = $config['character_towns'][0];
+	}
+	
+	if(empty($errors)) {
+		if(!isset($config['genders'][$newchar_sex]))
+			$errors[] = 'Sex is invalid.';
+		if(!in_array($newchar_town, $config['character_towns']))
+			$errors[] = 'Please select valid town.';
+		if(count($config['character_samples']) > 1)
+		{
+			$newchar_vocation_check = false;
+			foreach($config['character_samples'] as $char_vocation_key => $sample_char)
+				if($newchar_vocation == $char_vocation_key)
+					$newchar_vocation_check = true;
+			if(!$newchar_vocation_check)
+				$errors[] = 'Unknown vocation. Please fill in form again.';
+		}
+		else
+			$newchar_vocation = 0;
+	}
+	
+	if(empty($errors))
+	{
+		$number_of_players_on_account = $account_logged->getPlayersList()->count();
+		if($number_of_players_on_account >= $config['characters_per_account'])
+			$errors[] = 'You have too many characters on your account <b>('.$number_of_players_on_account.'/'.$config['characters_per_account'].')</b>!';
+	}
+	
+	if(empty($errors))
+	{
+		$char_to_copy_name = $config['character_samples'][$newchar_vocation];
+		$char_to_copy = new OTS_Player();
+		$char_to_copy->find($char_to_copy_name);
+		if(!$char_to_copy->isLoaded())
+			$errors[] = 'Wrong characters configuration. Try again or contact with admin. ADMIN: Edit file config/config.php and set valid characters to copy names. Character to copy: <b>'.$char_to_copy_name.'</b> doesn\'t exist.';
+	}
+	
+	if(empty($errors))
+	{
+		if($newchar_sex == "0")
+			$char_to_copy->setLookType(136);
+		$player = $ots->createObject('Player');
+		$player->setName($newchar_name);
+		$player->setAccount($account_logged);
+		//$player->setGroupId($char_to_copy->getGroup()->getId());
+		$player->setGroupId(1);
+		$player->setSex($newchar_sex);
+		$player->setVocation($char_to_copy->getVocation());
+		if(fieldExist('promotion', 'players'))
+			$player->setPromotion($char_to_copy->getPromotion());
+		
+		if(fieldExist('direction', 'players'))
+			$player->setDirection($char_to_copy->getDirection());
+		
+		$player->setConditions($char_to_copy->getConditions());
+		$rank = $char_to_copy->getRank();
+		if($rank->isLoaded()) {
+			$player->setRank($char_to_copy->getRank());
+		}
+		
+		if(fieldExist('lookaddons', 'players'))
+			$player->setLookAddons($char_to_copy->getLookAddons());
+		
+		$player->setTownId($newchar_town);
+		$player->setExperience($char_to_copy->getExperience());
+		$player->setLevel($char_to_copy->getLevel());
+		$player->setMagLevel($char_to_copy->getMagLevel());
+		$player->setHealth($char_to_copy->getHealth());
+		$player->setHealthMax($char_to_copy->getHealthMax());
+		$player->setMana($char_to_copy->getMana());
+		$player->setManaMax($char_to_copy->getManaMax());
+		$player->setManaSpent($char_to_copy->getManaSpent());
+		$player->setSoul($char_to_copy->getSoul());
+		
+		for($skill = POT::SKILL_FIRST; $skill <= POT::SKILL_LAST; $skill++)
+			$player->setSkill($skill, 10);
+		
+		$player->setLookBody($char_to_copy->getLookBody());
+		$player->setLookFeet($char_to_copy->getLookFeet());
+		$player->setLookHead($char_to_copy->getLookHead());
+		$player->setLookLegs($char_to_copy->getLookLegs());
+		$player->setLookType($char_to_copy->getLookType());
+		$player->setCap($char_to_copy->getCap());
+		$player->setBalance(0);
+		$player->setPosX(0);
+		$player->setPosY(0);
+		$player->setPosZ(0);
+		$player->setStamina($config['otserv_version'] == TFS_03 ? 151200000 : 2520);
+		if(fieldExist('loss_experience', 'players')) {
+			$player->setLossExperience($char_to_copy->getLossExperience());
+			$player->setLossMana($char_to_copy->getLossMana());
+			$player->setLossSkills($char_to_copy->getLossSkills());
+		}
+		if(fieldExist('loss_items', 'players')) {
+			$player->setLossItems($char_to_copy->getLossItems());
+			$player->setLossContainers($char_to_copy->getLossContainers());
+		}
+		
+		$player->save();
+		$player->setCustomField("created", time());
+		
+		$newchar_created = true;
+		$account_logged->logAction('Created character <b>' . $player->getName() . '</b>.');
+		unset($player);
+		
+		$player = new OTS_Player();
+		$player->find($newchar_name);
+		
+		if($player->isLoaded()) {
+			if(tableExist('player_skills')) {
+				for($i=0; $i<7; $i++) {
+					$skillExists = $db->query('SELECT `skillid` FROM `player_skills` WHERE `player_id` = ' . $player->getId() . ' AND `skillid` = ' . $i);
+					if($skillExists->rowCount() <= 0) {
+						$db->query('INSERT INTO `player_skills` (`player_id`, `skillid`, `value`, `count`) VALUES ('.$player->getId().', '.$i.', 10, 0)');
+					}
+				}
+			}
+			
+			$loaded_items_to_copy = $db->query("SELECT * FROM player_items WHERE player_id = ".$char_to_copy->getId()."");
+			foreach($loaded_items_to_copy as $save_item)
+				$db->query("INSERT INTO `player_items` (`player_id` ,`pid` ,`sid` ,`itemtype`, `count`, `attributes`) VALUES ('".$player->getId()."', '".$save_item['pid']."', '".$save_item['sid']."', '".$save_item['itemtype']."', '".$save_item['count']."', '".$save_item['attributes']."');");
+			
+			echo $twig->render('success.html.twig', array(
+				'title' => 'Character Created',
+				'description' => 'The character <b>' . $newchar_name . '</b> has been created.<br/>
+							Please select the outfit when you log in for the first time.<br/><br/>
+							<b>See you on ' . $config['lua']['serverName'] . '!</b>'
+			));
+		}
+		else
+		{
+			error("Error. Can't create character. Probably problem with database. Please try again later or contact with admin.");
+			return;
+		}
+	}
+}
+
+if(count($errors) > 0) {
+	echo $twig->render('error_box.html.twig', array('errors' => $errors));
+}
+
+if(!$newchar_created) {
+	echo $twig->render('account.create_character.html.twig', array(
+		'name' => $newchar_name,
+		'sex' => $newchar_sex,
+		'vocation' => $newchar_vocation,
+		'town' => $newchar_town,
+		'save' => $save,
+		'errors' => $errors
+	));
+}
+?>

system/pages/account/delete_character.php

@@ -0,0 +1,69 @@
+<?php
+/**
+ * Delete character
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$player_name = isset($_POST['delete_name']) ? stripslashes($_POST['delete_name']) : NULL;
+$password_verify = isset($_POST['delete_password']) ? $_POST['delete_password'] : NULL;
+$password_verify = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $password_verify);
+if(isset($_POST['deletecharactersave']) && $_POST['deletecharactersave'] == 1) {
+	if(!empty($player_name) && !empty($password_verify)) {
+		if(Validator::characterName($player_name)) {
+			$player = new OTS_Player();
+			$player->find($player_name);
+			if($player->isLoaded()) {
+				$player_account = $player->getAccount();
+				if($account_logged->getId() == $player_account->getId()) {
+					if($password_verify == $account_logged->getPassword()) {
+						if(!$player->isOnline())
+						{
+							//dont show table "delete character" again
+							$show_form = false;
+							//delete player
+							if(fieldExist('deletion', 'players'))
+								$player->setCustomField('deletion', 1);
+							else
+								$player->setCustomField('deleted', 1);
+							$account_logged->logAction('Deleted character <b>' . $player->getName() . '</b>.');
+							echo $twig->render('success.html.twig', array(
+								'title' => 'Character Deleted',
+								'description' => 'The character <b>' . $player_name . '</b> has been deleted.'
+							));
+						}
+						else
+							$errors[] = 'This character is online.';
+					}
+					else {
+						$errors[] = 'Wrong password to account.';
+					}
+				}
+				else {
+					$errors[] = 'Character <b>'.$player_name.'</b> is not on your account.';
+				}
+			}
+			else {
+				$errors[] = 'Character with this name doesn\'t exist.';
+			}
+		}
+		else {
+			$errors[] = 'Name contain illegal characters.';
+		}
+	}
+	else {
+		$errors[] = 'Character name or/and password is empty. Please fill in form.';
+	}
+}
+if($show_form) {
+	if(!empty($errors)) {
+		echo $twig->render('error_box.html.twig', array('errors' => $errors));
+	}
+	echo $twig->render('account.delete_character.html.twig');
+}
+?>

system/pages/account/register.php

@@ -0,0 +1,58 @@
+<?php
+/**
+ * Register Account
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$_POST['reg_password'] = isset($_POST['reg_password']) ? $_POST['reg_password'] : '';
+$reg_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
+$old_key = $account_logged->getCustomField("key");
+
+if(isset($_POST['registeraccountsave']) && $_POST['registeraccountsave'] == "1") {
+	if($reg_password == $account_logged->getPassword()) {
+		if(empty($old_key)) {
+			$show_form = false;
+			$new_rec_key = generateRandomString(10, false, true, true);
+			
+			$account_logged->setCustomField("key", $new_rec_key);
+			$account_logged->logAction('Generated recovery key.');
+			
+			if($config['mail_enabled'] && $config['send_mail_when_generate_reckey'])
+			{
+				$mailBody = $twig->render('mail.account.register.html.twig', array(
+					'recovery_key' => $new_rec_key
+				));
+				if(_mail($account_logged->getEMail(), $config['lua']['serverName']." - Recovery Key", $mailBody))
+					$message = '<br /><small>Your recovery key were send on email address <b>'.$account_logged->getEMail().'</b>.</small>';
+				else
+					$message = '<br /><p class="error">An error occorred while sending email with recovery key! You will not receive e-mail with this key. Error:<br/>' . $mailer->ErrorInfo . '</p>';
+			}
+			echo $twig->render('success.html.twig', array(
+				'title' => 'Account Registered',
+				'description' => 'Thank you for registering your account! You can now recover your account if you have lost access to the assigned email address by using the following<br/><br/><font size="5">&nbsp;&nbsp;&nbsp;<b>Recovery Key: '.$new_rec_key.'</b></font><br/><br/><br/><b>Important:</b><ul><li>Write down this recovery key carefully.</li><li>Store it at a safe place!</li>' . $message . '</ul>'
+			));
+		}
+		else
+			$errors[] = 'Your account is already registered.';
+	}
+	else
+		$errors[] = 'Wrong password to account.';
+}
+
+if($show_form) {
+	if(!empty($errors)) {
+		//show errors
+		echo $twig->render('error_box.html.twig', array('errors' => $errors));
+	}
+	
+	//show form
+	echo $twig->render('account.generate_recovery_key.html.twig');
+}
+
+?>

system/pages/account/register_new.php

@@ -0,0 +1,71 @@
+<?php
+/**
+ * Register Account New
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+if(isset($_POST['reg_password']))
+	$reg_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
+
+$reckey = $account_logged->getCustomField('key');
+if((!$config['generate_new_reckey'] || !$config['mail_enabled']) || empty($reckey))
+	echo 'You cant get new rec key';
+else
+{
+	$points = $account_logged->getCustomField('premium_points');
+	if(isset($_POST['registeraccountsave']) && $_POST['registeraccountsave'] == '1')
+	{
+		if($reg_password == $account_logged->getPassword())
+		{
+			if($points >= $config['generate_new_reckey_price'])
+			{
+				$show_form = false;
+				$new_rec_key = generateRandomString(10, false, true, true);
+				
+				$mailBody = $twig->render('mail.account.register.html.twig', array(
+					'recovery_key' => $new_rec_key
+				));
+				
+				if(_mail($account_logged->getEMail(), $config['lua']['serverName']." - new recovery key", $mailBody))
+				{
+					$account_logged->setCustomField("key", $new_rec_key);
+					$account_logged->setCustomField("premium_points", $account_logged->getCustomField("premium_points") - $config['generate_new_reckey_price']);
+					$account_logged->logAction('Generated new recovery key for ' . $config['generate_new_reckey_price'] . ' premium points.');
+					$message = '<br />Your recovery key were send on email address <b>'.$account_logged->getEMail().'</b> for '.$config['generate_new_reckey_price'].' premium points.';
+				}
+				else
+					$message = '<br /><p class="error">An error occorred while sending email ( <b>'.$account_logged->getEMail().'</b> ) with recovery key! Recovery key not changed. Try again. Error:<br/>' . $mailer->ErrorInfo . '</p>';
+				
+				echo $twig->render('success.html.twig', array(
+					'title' => 'Account Registered',
+					'description' => '<ul>' . $message . '</ul>'
+				));
+			}
+			else
+				$errors[] = 'You need '.$config['generate_new_reckey_price'].' premium points to generate new recovery key. You have <b>'.$points.'<b> premium points.';
+		}
+		else
+			$errors[] = 'Wrong password to account.';
+	}
+	
+	//show errors if not empty
+	if(!empty($errors)) {
+		echo $twig->render('error_box.html.twig', array('errors' => $errors));
+	}
+	
+	if($show_form)
+	{
+		//show form
+		echo $twig->render('account.generate_new_recovery_key.html.twig', array(
+			'points' => $points
+		));
+	}
+}
+
+?>

system/pages/accountmanagement.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -26,6 +25,11 @@ if(!$logged)
 	}
 	else
 	{
+		if($action == 'confirm_email') {
+			require(PAGES . 'account/' . $action . '.php');
+			return;
+		}
+		
 		if(!empty($errors))
 			echo $twig->render('error_box.html.twig', array('errors' => $errors));
 		
@@ -34,8 +38,9 @@ if(!$logged)
 			'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
 			'error' => isset($errors[0]) ? $errors[0] : null
 		));
-	return;
 	}
+
+	return;
 }
 
 $errors = array();
@@ -105,7 +110,7 @@ $errors = array();
 		$players = array();
 		$account_players = $account_logged->getPlayersList();
 		$account_players->orderBy('id');
-		
+
 		echo $twig->render('account.management.html.twig', array(
 			'welcome_message' => $welcome_message,
 			'recovery_key' => $recovery_key,
@@ -124,862 +129,15 @@ $errors = array();
 			'players' => $account_players
 		));
 	}
-//########### CHANGE PASSWORD ##########
-	if($action == "changepassword") {
-		$new_password = isset($_POST['newpassword']) ? $_POST['newpassword'] : NULL;
-		$new_password2 = isset($_POST['newpassword2']) ? $_POST['newpassword2'] : NULL;
-		$old_password = isset($_POST['oldpassword']) ? $_POST['oldpassword'] : NULL;
-		if(empty($new_password) && empty($new_password2) && empty($old_password)) {
-			echo $twig->render('account.change_password.html.twig');
+	else {
+		if(!ctype_alnum(str_replace(array('-', '_'), '', $action))) {
+			error('Error: Action contains illegal characters.');
 		}
-		else
-		{
-			if(empty($new_password) || empty($new_password2) || empty($old_password)){
-				$errors[] = "Please fill in form.";
-			}
-			$password_strlen = strlen($new_password);
-			if($new_password != $new_password2) {
-				$errors[] = "The new passwords do not match!";
-			}
-			
-			if(empty($errors)) {
-				if(!Validator::password($new_password)) {
-					$errors[] = Validator::getLastError();
-				}
-				
-				$old_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $old_password);
-				if($old_password != $account_logged->getPassword()) {
-					$errors[] = "Current password is incorrect!";
-				}
-			}
-			if(!empty($errors)){
-				//show errors
-				echo $twig->render('error_box.html.twig', array('errors' => $errors));
-				
-				//show form
-				echo $twig->render('account.change_password.html.twig');
-			}
-			else
-			{
-				$org_pass = $new_password;
-				
-				if($config_salt_enabled)
-				{
-					$salt = generateRandomString(10, false, true, true);
-					$new_password = $salt . $new_password;
-					$account_logged->setCustomField('salt', $salt);
-				}
-		
-				$new_password = encrypt($new_password);
-				$account_logged->setPassword($new_password);
-				$account_logged->save();
-				$account_logged->logAction('Account password changed.');
-				
-				$message = '';
-				if($config['mail_enabled'] && $config['send_mail_when_change_password'])
-				{
-					$mailBody = $twig->render('mail.password_changed.html.twig', array(
-						'new_password' => $org_pass
-					));
-					
-					if(_mail($account_logged->getEMail(), $config['lua']['serverName']." - Changed password", $mailBody))
-						$message = '<br/><small>Your new password were send on email address <b>'.$account_logged->getEMail().'</b>.</small>';
-					else
-						$message = '<br/><p class="error">An error occorred while sending email with password:<br/>' . $mailer->ErrorInfo . '</p>';
-				}
-				
-				echo $twig->render('success.html.twig', array(
-					'title' => 'Password Changed',
-					'description' => 'Your password has been changed.' . $message
-				));
-				$_SESSION['password'] = $new_password;
-			}
-		}
-	}
-
-//############# CHANGE E-MAIL ###################
-if($action == "changeemail") {
-	$email_new_time = $account_logged->getCustomField("email_new_time");
-	
-	if($email_new_time > 10) {
-		$email_new = $account_logged->getCustomField("email_new");
-	}
-	
-	if($email_new_time < 10) {
-		if(isset($_POST['changeemailsave']) && $_POST['changeemailsave'] == 1) {
-			$email_new = $_POST['new_email'];
-			$post_password = $_POST['password'];
-			
-			if(!Validator::email($email_new)) {
-				$errors[] = Validator::getLastError();
-			}
-			
-			if(empty($post_password)) {
-				$errors[] = 'Please enter password to your account.';
-			}
-			else {
-				$post_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $post_password);
-				if($post_password != $account_logged->getPassword()) {
-					$errors[] = 'Wrong password to account.';
-				}
-			}
-			
-			if(empty($errors)) {
-				$email_new_time = time() + $config['account_mail_change'] * 24 * 3600;
-				$account_logged->setCustomField("email_new", $email_new);
-				$account_logged->setCustomField("email_new_time", $email_new_time);
-				echo $twig->render('success.html.twig', array(
-					'title' => 'New Email Address Requested',
-					'description' => 'You have requested to change your email address to <b>' . $email_new . '</b>. The actual change will take place after <b>' . date("j F Y, G:i:s", $email_new_time) . '</b>, during which you can cancel the request at any time.'
-				));
-			}
-			else
-			{
-				//show errors
-				echo $twig->render('error_box.html.twig', array('errors' => $errors));
-				
-				//show form
-				echo $twig->render('account.change_mail.html.twig', array(
-					'new_email' => isset($_POST['new_email']) ? $_POST['new_email'] : null
-				));
-			}
-		}
-		else
-		{
-			echo $twig->render('account.change_mail.html.twig', array(
-				'new_email' => isset($_POST['new_email']) ? $_POST['new_email'] : null
-			));
-		}
-	
-	}
-	else
-	{
-		if($email_new_time < time()) {
-			if($_POST['changeemailsave'] == 1) {
-				$account_logged->setCustomField("email_new", "");
-				$account_logged->setCustomField("email_new_time", 0);
-				$account_logged->setEmail($email_new);
-				$account_logged->save();
-				$account_logged->logAction('Account email changed to <b>' . $email_new . '</b>');
-				
-				echo $twig->render('success.html.twig', array(
-					'title' => 'Email Address Change Accepted',
-					'description' => 'You have accepted <b>' . $account_logged->getEmail() . '</b> as your new email adress.'
-				));
-			}
-			else
-			{
-				$custom_buttons = '
-<table width="100%">
-	<tr>
-		<td width="30">&nbsp;</td>
-		<td align=left>
-			<form action="?subtopic=accountmanagement&action=changeemail" method="post"><input type="hidden" name="changeemailsave" value=1 >
-				<INPUT TYPE=image NAME="I Agree" SRC="' . $template_path . '/images/buttons/sbutton_iagree.gif" BORDER=0 WIDTH=120 HEIGHT=17>
-			</form>
-		</td>
-		<td align=left>
-			<form action="?subtopic=accountmanagement&action=changeemail" method="post">
-				<input type="hidden" name="emailchangecancel" value=1 >
-				<input type=image name="Cancel" src="' . $template_path . '/images/buttons/sbutton_cancel.gif" BORDER=0 WIDTH=120 HEIGHT=17>
-			</form>
-		</td>
-		<td align=right>
-			<form action="?subtopic=accountmanagement" method="post" >
-				<div class="BigButton" style="background-image:url(' . $template_path . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $template_path . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="' . $template_path . '/images/buttons/_sbutton_back.gif" ></div>
-				</div>
-			</form>
-		</td>
-		<td width="30">&nbsp;</td>
-	</tr>
-</table>';
-				echo $twig->render('success.html.twig', array(
-					'title' => 'Email Address Change Accepted',
-					'description' => 'Do you accept <b>'.$email_new.'</b> as your new email adress?',
-					'custom_buttons' => $custom_buttons
-				));
-			}
-		}
-		else
-		{
-			$custom_buttons = '
-<table style="width:100%;" >
-	<tr align="center">
-		<td>
-			<table border="0" cellspacing="0" cellpadding="0" >
-				<form action="?subtopic=accountmanagement&action=changeemail" method="post" >
-					<tr>
-						<td style="border:0px;" >
-							<input type="hidden" name="emailchangecancel" value="1" >
-							<div class="BigButton" style="background-image:url(' . $template_path . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $template_path . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Cancel" alt="Cancel" src="'.$template_path.'/images/buttons/_sbutton_cancel.gif" ></div>
-							</div>
-						</td>
-					</tr>
-				</form>
-			</table>
-		</td>
-		<td>
-			<table border="0" cellspacing="0" cellpadding="0" >
-				<form action="?subtopic=accountmanagement" method="post" >
-					<tr>
-						<td style="border:0px;" >
-							<div class="BigButton" style="background-image:url(' . $template_path . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $template_path . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="' . $template_path . '/images/buttons/_sbutton_back.gif" ></div>
-							</div>
-						</td>
-					</tr>
-				</form>
-			</table>
-		</td>
-	</tr>
-</table>';
-			echo $twig->render('success.html.twig', array(
-				'title' => 'Change of Email Address',
-				'description' => 'A request has been submitted to change the email address of this account to <b>'.$email_new.'</b>.<br/>The actual change will take place on <b>'.date("j F Y, G:i:s", $email_new_time).'</b>.<br>If you do not want to change your email address, please click on "Cancel".',
-				'custom_buttons' => $custom_buttons
-			));
-		}
-	}
-	if(isset($_POST['emailchangecancel']) && $_POST['emailchangecancel'] == 1) {
-		$account_logged->setCustomField("email_new", "");
-		$account_logged->setCustomField("email_new_time", 0);
-		
-		$custom_buttons = '<center><table border="0" cellspacing="0" cellpadding="0" ><form action="?subtopic=accountmanagement" method="post" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url('.$template_path.'/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url('.$template_path.'/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="'.$template_path.'/images/buttons/_sbutton_back.gif" ></div></div></td></tr></form></table></center>';
-		
-		echo $twig->render('success.html.twig', array(
-			'title' => 'Email Address Change Cancelled',
-			'description' => 'Your request to change the email address of your account has been cancelled. The email address will not be changed.',
-			'custom_buttons' => $custom_buttons
-		));
-	}
-}
-
-//########### CHANGE PUBLIC INFORMATION (about account owner) ######################
-	if($action == "changeinfo") {
-		$show_form = true;
-		$new_rlname = isset($_POST['info_rlname']) ? htmlspecialchars(stripslashes($_POST['info_rlname'])) : NULL;
-		$new_location = isset($_POST['info_location']) ? htmlspecialchars(stripslashes($_POST['info_location'])) : NULL;
-		$new_country = isset($_POST['info_country']) ? htmlspecialchars(stripslashes($_POST['info_country'])) : NULL;
-		if(isset($_POST['changeinfosave']) && $_POST['changeinfosave'] == 1) {
-			if(!isset($config['countries'][$new_country]))
-				$errors[] = 'Country is not correct.';
-			
-			if(empty($errors)) {
-				//save data from form
-				$account_logged->setCustomField("rlname", $new_rlname);
-				$account_logged->setCustomField("location", $new_location);
-				$account_logged->setCustomField("country", $new_country);
-				$account_logged->logAction('Changed Real Name to <b>' . $new_rlname . '</b>, Location to <b>' . $new_location . '</b> and Country to <b>' . $config['countries'][$new_country] . '</b>.');
-				echo $twig->render('success.html.twig', array(
-					'title' => 'Public Information Changed',
-					'description' => 'Your public information has been changed.'
-				));
-				$show_form = false;
-			}
-			else {
-				echo $twig->render('error_box.html.twig', array('errors' => $errors));
-			}
-		}
-		
-		//show form
-		if($show_form) {
-			$account_rlname = $account_logged->getCustomField("rlname");
-			$account_location = $account_logged->getCustomField("location");
-			if ($config['account_country'])
-				$account_country = $account_logged->getCustomField("country");
-			
-			$countries = array();
-			foreach (array('pl', 'se', 'br', 'us', 'gb',) as $country)
-				$countries[$country] = $config['countries'][$country];
-			
-			$countries['--'] = '----------';
-			
-			foreach ($config['countries'] as $code => $country)
-				$countries[$code] = $country;
-			
-			echo $twig->render('account.change_info.html.twig', array(
-				'countries' => $countries,
-				'account_rlname' => $account_rlname,
-				'account_location' => $account_location,
-				'account_country' => $account_country
-			));
-		}
-	}
-
-//############## GENERATE RECOVERY KEY ###########
-	if($action == "registeraccount")
-	{
-		$_POST['reg_password'] = isset($_POST['reg_password']) ? $_POST['reg_password'] : '';
-		$reg_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
-		$old_key = $account_logged->getCustomField("key");
-		
-		if(isset($_POST['registeraccountsave']) && $_POST['registeraccountsave'] == "1") {
-			if($reg_password == $account_logged->getPassword()) {
-				if(empty($old_key)) {
-					$show_form = false;
-					$new_rec_key = generateRandomString(10, false, true, true);
-
-					$account_logged->setCustomField("key", $new_rec_key);
-					$account_logged->logAction('Generated recovery key.');
-					
-					if($config['mail_enabled'] && $config['send_mail_when_generate_reckey'])
-					{
-						$mailBody = $twig->render('mail.account.register.html.twig', array(
-							'recovery_key' => $new_rec_key
-						));
-						if(_mail($account_logged->getEMail(), $config['lua']['serverName']." - Recovery Key", $mailBody))
-							$message = '<br /><small>Your recovery key were send on email address <b>'.$account_logged->getEMail().'</b>.</small>';
-						else
-							$message = '<br /><p class="error">An error occorred while sending email with recovery key! You will not receive e-mail with this key. Error:<br/>' . $mailer->ErrorInfo . '</p>';
-					}
-					echo $twig->render('success.html.twig', array(
-						'title' => 'Account Registered',
-						'description' => 'Thank you for registering your account! You can now recover your account if you have lost access to the assigned email address by using the following<br/><br/><font size="5">&nbsp;&nbsp;&nbsp;<b>Recovery Key: '.$new_rec_key.'</b></font><br/><br/><br/><b>Important:</b><ul><li>Write down this recovery key carefully.</li><li>Store it at a safe place!</li>' . $message . '</ul>'
-					));
-				}
-				else
-					$errors[] = 'Your account is already registered.';
-			}
-			else
-				$errors[] = 'Wrong password to account.';
-		}
-		
-		if($show_form) {
-			if(!empty($errors)) {
-				//show errors
-				echo $twig->render('error_box.html.twig', array('errors' => $errors));
-			}
-			
-			//show form
-			echo $twig->render('account.generate_recovery_key.html.twig');
-		}
-	}
-
-//############## GENERATE NEW RECOVERY KEY ###########
-	if($action == "registernew")
-	{
-		if(isset($_POST['reg_password']))
-			$reg_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
-		
-		$reckey = $account_logged->getCustomField('key');
-		if((!$config['generate_new_reckey'] || !$config['mail_enabled']) || empty($reckey))
-			echo 'You cant get new rec key';
-		else
-		{
-			$points = $account_logged->getCustomField('premium_points');
-			if(isset($_POST['registeraccountsave']) && $_POST['registeraccountsave'] == '1')
-			{
-				if($reg_password == $account_logged->getPassword())
-				{
-					if($points >= $config['generate_new_reckey_price'])
-					{
-						$show_form = false;
-						$new_rec_key = generateRandomString(10, false, true, true);
-						
-						$mailBody = $twig->render('mail.account.register.html.twig', array(
-							'recovery_key' => $new_rec_key
-						));
-						
-						if(_mail($account_logged->getEMail(), $config['lua']['serverName']." - new recovery key", $mailBody))
-						{
-							$account_logged->setCustomField("key", $new_rec_key);
-							$account_logged->setCustomField("premium_points", $account_logged->getCustomField("premium_points") - $config['generate_new_reckey_price']);
-							$account_logged->logAction('Generated new recovery key for ' . $config['generate_new_reckey_price'] . ' premium points.');
-							$message = '<br />Your recovery key were send on email address <b>'.$account_logged->getEMail().'</b> for '.$config['generate_new_reckey_price'].' premium points.';
-						}
-						else
-							$message = '<br /><p class="error">An error occorred while sending email ( <b>'.$account_logged->getEMail().'</b> ) with recovery key! Recovery key not changed. Try again. Error:<br/>' . $mailer->ErrorInfo . '</p>';
-						
-						echo $twig->render('success.html.twig', array(
-							'title' => 'Account Registered',
-							'description' => '<ul>' . $message . '</ul>'
-						));
-					}
-					else
-						$errors[] = 'You need '.$config['generate_new_reckey_price'].' premium points to generate new recovery key. You have <b>'.$points.'<b> premium points.';
-				}
-				else
-					$errors[] = 'Wrong password to account.';
-			}
-			
-			//show errors if not empty
-			if(!empty($errors)) {
-				echo $twig->render('error_box.html.twig', array('errors' => $errors));
-			}
-			
-			if($show_form)
-			{
-				//show form
-				echo $twig->render('account.generate_new_recovery_key.html.twig', array(
-					'points' => $points
-				));
-			}
-		}
-	}
-
-
-
-//###### CHANGE CHARACTER COMMENT ######
-	if($action == "changecomment") {
-		$player_name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
-		$new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
-		$new_hideacc = isset($_POST['accountvisible']) ? (int)$_POST['accountvisible'] : NULL;
-		
-		if($player_name != null) {
-			if (Validator::characterName($player_name)) {
-				$player = new OTS_Player();
-				$player->find($player_name);
-				if ($player->isLoaded()) {
-					$player_account = $player->getAccount();
-					if ($account_logged->getId() == $player_account->getId()) {
-						if (isset($_POST['changecommentsave']) && $_POST['changecommentsave'] == 1) {
-							$player->setCustomField("hidden", $new_hideacc);
-							$player->setCustomField("comment", $new_comment);
-							$account_logged->logAction('Changed comment for character <b>' . $player->getName() . '</b>.');
-							echo $twig->render('success.html.twig', array(
-								'title' => 'Character Information Changed',
-								'description' => 'The character information has been changed.'
-							));
-							$show_form = false;
-						}
-					} else {
-						$errors[] = 'Error. Character <b>' . $player_name . '</b> is not on your account.';
-					}
-				} else {
-					$errors[] = "Error. Character with this name doesn't exist.";
-				}
-			} else {
-				$errors[] = 'Error. Name contain illegal characters.';
-			}
+		else if(file_exists(PAGES . 'account/' . $action . '.php')) {
+			require(PAGES . 'account/' . $action . '.php');
 		}
 		else {
-			$errors[] = 'Please enter character name.';
-		}
-		
-		if($show_form) {
-			if(!empty($errors)) {
-				echo $twig->render('error_box.html.twig', array('errors' => $errors));
-			}
-			
-			if(isset($player)) {
-				echo $twig->render('account.change_comment.html.twig', array(
-					'player' => $player
-				));
-			}
-		}
-	}
-
-	if($action == "changename") {
-		echo '<script type="text/javascript" src="tools/check_name.js"></script>';
-		
-		$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
-		$name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : NULL;
-		if((!$config['account_change_character_name']))
-			echo 'Changing character name for premium points is disabled on this server.';
-		else
-		{
-			$points = $account_logged->getCustomField('premium_points');
-			if(isset($_POST['changenamesave']) && $_POST['changenamesave'] == 1) {
-				if($points < $config['account_change_character_name_points'])
-					$errors[] = 'You need ' . $config['account_change_character_name_points'] . ' premium points to change name. You have <b>'.$points.'<b> premium points.';
-	
-				if(empty($errors) && empty($name))
-					$errors[] = 'Please enter a new name for your character!';
-				else if(strlen($name) > 25)
-					$errors[] = 'Name is too long. Max. lenght <b>25</b> letters.';
-				else if(strlen($name) < 3)
-					$errors[] = 'Name is too short. Min. lenght <b>3</b> letters.';
-				else {
-					$exist = new OTS_Player();
-					$exist->find($name);
-					if($exist->isLoaded()) {
-						$errors[] = 'Character with this name already exist.';
-					}
-				}
-				
-				if(empty($errors))
-				{
-					if(!admin() && !Validator::newCharacterName($name))
-						$errors[] = Validator::getLastError();
-				}
-				
-				if(empty($errors)) {
-					$player = new OTS_Player();
-					$player->load($player_id);
-					if($player->isLoaded()) {
-						$player_account = $player->getAccount();
-						if($account_logged->getId() == $player_account->getId()) {
-							if($player->isOnline()) {
-								$errors[] = 'This character is online.';
-							}
-							
-							if(empty($errors)) {
-								$show_form = false;
-								$old_name = $player->getName();
-								$player->setName($name);
-								$player->save();
-								$account_logged->setCustomField("premium_points", $points - $config['account_change_character_name_points']);
-								$account_logged->logAction('Changed name from <b>' . $old_name . '</b> to <b>' . $player->getName() . '</b>.');
-								echo $twig->render('success.html.twig', array(
-									'title' => 'Character Name Changed',
-									'description' => 'The character <b>'.$old_name.'</b> name has been changed to <b>' . $player->getName() . '</b>.'
-								));
-							}
-						}
-						else {
-							$errors[] = 'Character <b>' . $player_name . '</b> is not on your account.';
-						}
-					}
-					else {
-						$errors[] = "Character with this name doesn't exist.";
-					}
-				}
-			}
-
-			if($show_form) {
-				if(!empty($errors)) {
-					echo $twig->render('error_box.html.twig', array('errors' => $errors));
-				}
-				
-				echo $twig->render('account.change_name.html.twig', array(
-					'points' => $points,
-					'errors' => $errors
-					//'account_players' => $account_logged->getPlayersList()
-				));
-			}
-		}
-	}
-
-	if($action == "changesex") {
-		$sex_changed = false;
-		$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
-		$new_sex = isset($_POST['new_sex']) ? (int)$_POST['new_sex'] : NULL;
-		if((!$config['account_change_character_sex']))
-			echo 'You cant change your character sex';
-		else
-		{
-			$points = $account_logged->getCustomField('premium_points');
-			if(isset($_POST['changesexsave']) && $_POST['changesexsave'] == 1) {
-				if($points < $config['account_change_character_sex_points'])
-					$errors[] = 'You need ' . $config['account_change_character_sex_points'] . ' premium points to change sex. You have <b>'.$points.'</b> premium points.';
-	
-				if(empty($errors) && !isset($config['genders'][$new_sex])) {
-					$errors[] = 'This sex is invalid.';
-				}
-				
-				if(empty($errors)) {
-					$player = new OTS_Player();
-					$player->load($player_id);
-					
-					if($player->isLoaded()) {
-						$player_account = $player->getAccount();
-						
-						if($account_logged->getId() == $player_account->getId()) {
-							if($player->isOnline()) {
-								$errors[] = 'This character is online.';
-							}
-							
-							if(empty($errors) && $player->getSex() == $new_sex)
-								$errors[] = 'Sex cannot be same';
-							
-							if(empty($errors)) {
-								$sex_changed = true;
-								$old_sex = $player->getSex();
-								$player->setSex($new_sex);
-								
-								$old_sex_str = 'Unknown';
-								if(isset($config['genders'][$old_sex]))
-									$old_sex_str = $config['genders'][$old_sex];
-								
-								$new_sex_str = 'Unknown';
-								if(isset($config['genders'][$new_sex]))
-									$new_sex_str = $config['genders'][$new_sex];
-								
-								$player->save();
-								$account_logged->setCustomField("premium_points", $points - $config['account_change_character_name_points']);
-								$account_logged->logAction('Changed sex on character <b>' . $player->getName() . '</b> from <b>' . $old_sex_str . '</b> to <b>' . $new_sex_str . '</b>.');
-								echo $twig->render('success.html.twig', array(
-									'title' => 'Character Sex Changed',
-									'description' => 'The character <b>' . $player->getName() . '</b> sex has been changed to <b>' . $new_sex_str . '</b>.'
-								));
-							}
-						}
-						else {
-							$errors[] = 'Character <b>'.$player_name.'</b> is not on your account.';
-						}
-					}
-					else {
-						$errors[] = "Character with this name doesn't exist.";
-					}
-				}
-			}
-
-			if(!$sex_changed) {
-				if(!empty($errors)) {
-					echo $twig->render('error_box.html.twig', array('errors' => $errors));
-				}
-				echo $twig->render('account.change_sex.html.twig', array(
-					'players' => $account_logged->getPlayersList(),
-					'player_sex' => isset($player) ? $player->getSex() : -1,
-					'points' => $points
-				));
-			}
-		}
-	}
-//### DELETE character from account ###
-	if($action == "deletecharacter") {
-		$player_name = isset($_POST['delete_name']) ? stripslashes($_POST['delete_name']) : NULL;
-		$password_verify = isset($_POST['delete_password']) ? $_POST['delete_password'] : NULL;
-		$password_verify = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $password_verify);
-		if(isset($_POST['deletecharactersave']) && $_POST['deletecharactersave'] == 1) {
-			if(!empty($player_name) && !empty($password_verify)) {
-				if(Validator::characterName($player_name)) {
-					$player = new OTS_Player();
-					$player->find($player_name);
-					if($player->isLoaded()) {
-						$player_account = $player->getAccount();
-						if($account_logged->getId() == $player_account->getId()) {
-							if($password_verify == $account_logged->getPassword()) {
-								if(!$player->isOnline())
-								{
-								//dont show table "delete character" again
-								$show_form = false;
-								//delete player
-								if(fieldExist('deletion', 'players'))
-									$player->setCustomField('deletion', 1);
-								else
-									$player->setCustomField('deleted', 1);
-								$account_logged->logAction('Deleted character <b>' . $player->getName() . '</b>.');
-								echo $twig->render('success.html.twig', array(
-									'title' => 'Character Deleted',
-									'description' => 'The character <b>' . $player_name . '</b> has been deleted.'
-								));
-								}
-								else
-									$errors[] = 'This character is online.';
-							}
-							else {
-								$errors[] = 'Wrong password to account.';
-							}
-						}
-						else {
-							$errors[] = 'Character <b>'.$player_name.'</b> is not on your account.';
-						}
-					}
-					else {
-						$errors[] = 'Character with this name doesn\'t exist.';
-					}
-				}
-				else {
-					$errors[] = 'Name contain illegal characters.';
-				}
-			}
-			else {
-				$errors[] = 'Character name or/and password is empty. Please fill in form.';
-			}
-		}
-		if($show_form) {
-			if(!empty($errors)) {
-				echo $twig->render('error_box.html.twig', array('errors' => $errors));
-			}
-			echo $twig->render('account.delete_character.html.twig');
-		}
-	}
-
-//## CREATE CHARACTER on account ###
-	if($action == "createcharacter") {
-		echo '<script type="text/javascript" src="tools/check_name.js"></script>';
-		$newchar_name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : NULL;
-		$newchar_sex = isset($_POST['sex']) ? $_POST['sex'] : NULL;
-		$newchar_vocation = isset($_POST['vocation']) ? $_POST['vocation'] : NULL;
-		$newchar_town = isset($_POST['town']) ? $_POST['town'] : NULL;
-
-		$newchar_created = false;
-		$save = isset($_POST['save']) && $_POST['save'] == 1;
-		if($save) {
-			if(empty($newchar_name))
-				$errors['name'] = 'Please enter a name for your character!';
-			else if(strlen($newchar_name) > 25)
-				$errors['name'] = 'Name is too long. Max. lenght <b>25</b> letters.';
-			else if(strlen($newchar_name) < 3)
-				$errors['name'] = 'Name is too short. Min. lenght <b>3</b> letters.';
-			else {
-				if(!admin() && !Validator::newCharacterName($newchar_name)) {
-					$errors['name'] = Validator::getLastError();
-				}
-				
-				$exist = new OTS_Player();
-				$exist->find($newchar_name);
-				if($exist->isLoaded()) {
-					$errors['name'] = 'Character with this name already exist.';
-				}
-			}
-			
-			if(empty($newchar_sex) && $newchar_sex != "0")
-				$errors[] = 'Please select the sex for your character!';
-
-			if(count($config['character_samples']) > 1)
-			{
-				if(!isset($newchar_vocation))
-					$errors[] = 'Please select a vocation for your character.';
-			}
-			else
-				$newchar_vocation = $config['character_samples'][0];
-
-			if(count($config['character_towns']) > 1) {
-				if(!isset($newchar_town))
-					$errors[] = 'Please select a town for your character.';
-			}
-			else {
-				$newchar_town = $config['character_towns'][0];
-			}
-
-			if(empty($errors)) {
-				if(!isset($config['genders'][$newchar_sex]))
-					$errors[] = 'Sex is invalid.';
-				if(!in_array($newchar_town, $config['character_towns']))
-					$errors[] = 'Please select valid town.';
-				if(count($config['character_samples']) > 1)
-				{
-					$newchar_vocation_check = false;
-					foreach($config['character_samples'] as $char_vocation_key => $sample_char)
-						if($newchar_vocation == $char_vocation_key)
-							$newchar_vocation_check = true;
-					if(!$newchar_vocation_check)
-						$errors[] = 'Unknown vocation. Please fill in form again.';
-				}
-				else
-					$newchar_vocation = 0;
-			}
-
-			if(empty($errors))
-			{
-				$number_of_players_on_account = $account_logged->getPlayersList()->count();
-				if($number_of_players_on_account >= $config['characters_per_account'])
-					$errors[] = 'You have too many characters on your account <b>('.$number_of_players_on_account.'/'.$config['characters_per_account'].')</b>!';
-			}
-
-			if(empty($errors))
-			{
-				$char_to_copy_name = $config['character_samples'][$newchar_vocation];
-				$char_to_copy = new OTS_Player();
-				$char_to_copy->find($char_to_copy_name);
-				if(!$char_to_copy->isLoaded())
-					$errors[] = 'Wrong characters configuration. Try again or contact with admin. ADMIN: Edit file config/config.php and set valid characters to copy names. Character to copy: <b>'.$char_to_copy_name.'</b> doesn\'t exist.';
-			}
-
-			if(empty($errors))
-			{
-				if($newchar_sex == "0")
-					$char_to_copy->setLookType(136);
-				$player = $ots->createObject('Player');
-				$player->setName($newchar_name);
-				$player->setAccount($account_logged);
-				//$player->setGroupId($char_to_copy->getGroup()->getId());
-				$player->setGroupId(1);
-				$player->setSex($newchar_sex);
-				$player->setVocation($char_to_copy->getVocation());
-				if(fieldExist('promotion', 'players'))
-					$player->setPromotion($char_to_copy->getPromotion());
-			
-				if(fieldExist('direction', 'players'))
-					$player->setDirection($char_to_copy->getDirection());
-				
-				$player->setConditions($char_to_copy->getConditions());
-				$rank = $char_to_copy->getRank();
-				if($rank->isLoaded()) {
-					$player->setRank($char_to_copy->getRank());
-				}
-				
-				if(fieldExist('lookaddons', 'players'))
-					$player->setLookAddons($char_to_copy->getLookAddons());
-	
-				$player->setTownId($newchar_town);
-				$player->setExperience($char_to_copy->getExperience());
-				$player->setLevel($char_to_copy->getLevel());
-				$player->setMagLevel($char_to_copy->getMagLevel());
-				$player->setHealth($char_to_copy->getHealth());
-				$player->setHealthMax($char_to_copy->getHealthMax());
-				$player->setMana($char_to_copy->getMana());
-				$player->setManaMax($char_to_copy->getManaMax());
-				$player->setManaSpent($char_to_copy->getManaSpent());
-				$player->setSoul($char_to_copy->getSoul());
-
-				for($skill = POT::SKILL_FIRST; $skill <= POT::SKILL_LAST; $skill++)
-					$player->setSkill($skill, 10);
-
-				$player->setLookBody($char_to_copy->getLookBody());
-				$player->setLookFeet($char_to_copy->getLookFeet());
-				$player->setLookHead($char_to_copy->getLookHead());
-				$player->setLookLegs($char_to_copy->getLookLegs());
-				$player->setLookType($char_to_copy->getLookType());
-				$player->setCap($char_to_copy->getCap());
-				$player->setBalance(0);
-				$player->setPosX(0);
-				$player->setPosY(0);
-				$player->setPosZ(0);
-				$player->setStamina($config['otserv_version'] == TFS_03 ? 151200000 : 2520);
-				if(fieldExist('loss_experience', 'players')) {
-					$player->setLossExperience($char_to_copy->getLossExperience());
-					$player->setLossMana($char_to_copy->getLossMana());
-					$player->setLossSkills($char_to_copy->getLossSkills());
-				}
-				if(fieldExist('loss_items', 'players')) {
-					$player->setLossItems($char_to_copy->getLossItems());
-					$player->setLossContainers($char_to_copy->getLossContainers());
-				}
-					
-				$player->save();
-				$player->setCustomField("created", time());
-				
-				$newchar_created = true;
-				$account_logged->logAction('Created character <b>' . $player->getName() . '</b>.');
-				unset($player);
-				
-				$player = new OTS_Player();
-				$player->find($newchar_name);
-				
-				if($player->isLoaded()) {
-					if(tableExist('player_skills')) {
-						for($i=0; $i<7; $i++) {
-							$skillExists = $db->query('SELECT `skillid` FROM `player_skills` WHERE `player_id` = ' . $player->getId() . ' AND `skillid` = ' . $i);
-							if($skillExists->rowCount() <= 0) {
-								$db->query('INSERT INTO `player_skills` (`player_id`, `skillid`, `value`, `count`) VALUES ('.$player->getId().', '.$i.', 10, 0)');
-							}
-						}
-					}
-
-					$loaded_items_to_copy = $db->query("SELECT * FROM player_items WHERE player_id = ".$char_to_copy->getId()."");
-					foreach($loaded_items_to_copy as $save_item)
-						$db->query("INSERT INTO `player_items` (`player_id` ,`pid` ,`sid` ,`itemtype`, `count`, `attributes`) VALUES ('".$player->getId()."', '".$save_item['pid']."', '".$save_item['sid']."', '".$save_item['itemtype']."', '".$save_item['count']."', '".$save_item['attributes']."');");
-					
-					echo $twig->render('success.html.twig', array(
-						'title' => 'Character Created',
-						'description' => 'The character <b>' . $newchar_name . '</b> has been created.<br/>
-							Please select the outfit when you log in for the first time.<br/><br/>
-							<b>See you on ' . $config['lua']['serverName'] . '!</b>'
-					));
-				}
-				else
-				{
-					error("Error. Can't create character. Probably problem with database. Please try again later or contact with admin.");
-					return;
-				}
-			}
-		}
-
-		if(count($errors) > 0) {
-			echo $twig->render('error_box.html.twig', array('errors' => $errors));
-		}
-		
-		if(!$newchar_created) {
-			echo $twig->render('account.create_character.html.twig', array(
-				'name' => $newchar_name,
-				'sex' => $newchar_sex,
-				'vocation' => $newchar_vocation,
-				'town' => $newchar_town,
-				'save' => $save,
-				'errors' => $errors
-			));
+			error('This page does not exists.');
 		}
 	}
 ?>

system/pages/admin/changelog.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -17,10 +16,12 @@ if(!file_exists(BASE . 'CHANGELOG')) {
 }
 
 $changelog = file_get_contents(BASE . 'CHANGELOG');
-$changelog = nl2br(htmlspecialchars($changelog));
+$changelog = htmlspecialchars($changelog);
 
 // replace URLs with <a href...> elements
 $changelog = preg_replace('/\s(\w+:\/\/)(\S+)/', ' <a href="\\1\\2" target="_blank">\\1\\2</a>', $changelog);
 
+$changelog = nl2br($changelog);
+
 echo '<div>' . $changelog . '</div>';
 ?>

system/pages/admin/dashboard.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -89,12 +88,9 @@ function clearCache()
 	if($cache->fetch('news' . $template_name . '_' . NEWS, $tmp))
 		$cache->delete('news' . $template_name . '_' . NEWS);
 
-	if($cache->fetch('news' . $template_name . '_' . TICKET, $tmp))
-		$cache->delete('news' . $template_name . '_' . TICKET);
-
-	if($cache->fetch('news' . $template_name . '_' . ARTICLE, $tmp))
-		$cache->delete('news' . $template_name . '_' . ARTICLE);
-
+	if($cache->fetch('news' . $template_name . '_' . TICKER, $tmp))
+		$cache->delete('news' . $template_name . '_' . TICKER);
+	
 	if($cache->fetch('template_ini' . $template_name, $tmp))
 		$cache->delete('template_ini' . $template_name);
 

system/pages/admin/items.php

@@ -0,0 +1,30 @@
+<?php
+/**
+ * Load items.xml
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Load items.xml';
+
+require(LIBS . 'items.php');
+require(LIBS . 'weapons.php');
+
+echo $twig->render('admin.items.html.twig');
+
+$reload = isset($_REQUEST['reload']) && (int)$_REQUEST['reload'] == 1;
+if($reload) {
+	if(Items::loadFromXML(true))
+		success('Successfully loaded items.');
+	else
+		error(Items::getError());
+	
+	if(Weapons::loadFromXML(true))
+		success('Successfully loaded weapons.');
+	else
+		error(Weapons::getError());
+	
+}

system/pages/admin/login.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/logs.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/mailer.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.0
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/menus.php

@@ -0,0 +1,110 @@
+<?php
+/**
+ * Menus
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Menus';
+
+if(!hasFlag(FLAG_CONTENT_MENUS) && !superAdmin())
+{
+	echo 'Access denied.';
+	return;
+}
+
+if(isset($_REQUEST['template'])) {
+	$template = $_REQUEST['template'];
+	
+	if(isset($_REQUEST['menu'])) {
+		$post_menu = $_REQUEST['menu'];
+		$post_menu_link = $_REQUEST['menu_link'];
+		if(count($post_menu) != count($post_menu_link)) {
+			echo 'Menu count is not equal menu links. Something went wrong when sending form.';
+			return;
+		}
+		
+		$db->query('DELETE FROM `' . TABLE_PREFIX . 'menu` WHERE `template` = ' . $db->quote($template));
+		foreach($post_menu as $category => $menus) {
+			foreach($menus as $i => $menu) {
+				if(empty($menu)) // don't save empty menu item
+					continue;
+				
+				try {
+					$db->insert(TABLE_PREFIX . 'menu', array('template' => $template, 'name' => $menu, 'link' => $post_menu_link[$category][$i], 'category' => $category, 'ordering' => $i));
+				}
+				catch(PDOException $error) {
+					warning('Error while adding menu item (' . $menu . '): ' . $error->getMessage());
+				}
+			}
+		}
+		
+		success('Saved at ' . date('H:i'));
+	}
+	
+	$file = TEMPLATES . $template . '/config.php';
+	if(file_exists($file)) {
+		require_once($file);
+	}
+	else {
+		echo 'Cannot find template config.php file.';
+		return;
+	}
+	
+	if(!isset($config['menu_categories'])) {
+		echo "No menu categories set in template config.php.<br/>This template doesn't support dynamic menus.";
+		return;
+	}
+	
+	echo 'Hint: You can drag menu items.<br/>Editing: ' . $template . ' template.';
+	$menus = array();
+	$menus_db = $db->query('SELECT `name`, `link`, `category`, `ordering` FROM `' . TABLE_PREFIX . 'menu` WHERE `enabled` = 1 AND `template` = ' . $db->quote($template) . ' ORDER BY `ordering` ASC;')->fetchAll();
+	foreach($menus_db as $menu) {
+		$menus[$menu['category']][] = array('name' => $menu['name'], 'link' => $menu['link'], 'ordering' => $menu['ordering']);
+	}
+	
+	$last_id = array();
+	echo '<form method="post" action="?p=menus">';
+	echo '<input type="hidden" name="template" value="' . $template . '"/>';
+	foreach($config['menu_categories'] as $id => $cat) {
+		echo '<h2>' . $cat['name'] . '<img class="add-button" id="add-button-' . $id . '" src="' . BASE_URL . 'images/plus.png" width="16" height="16"/></h2>';
+		echo '<ul class="sortable" id="sortable-' . $id . '">';
+		if(isset($menus[$id])) {
+			$i = 0;
+			foreach($menus[$id] as $menu) {
+				echo '<li class="ui-state-default" id="list-' . $id . '-' . $i . '"><input type="text" name="menu[' . $id . '][]" value="' . $menu['name'] . '"/><input type="text" name="menu_link[' . $id . '][]" value="' . $menu['link'] . '"/><a class="remove-button" id="remove-button-' . $id . '-' . $i . '"><img src="' . BASE_URL . 'images/del.png"/></a></li>';
+				
+				$i++;
+				$last_id[$id] = $i;
+			}
+		}
+			
+		echo '</ul>';
+	}
+	
+	echo '<input type="submit" class="button" value="Update">';
+	echo '<input type="button" class="button" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus&template=' . $template . '\';">';
+	echo '</form>';
+	
+	echo $twig->render('admin.menus.js.html.twig', array(
+		'menus' => $menus,
+		'last_id' => $last_id
+	));
+}
+else {
+	$templates = $db->query('SELECT `template` FROM `' . TABLE_PREFIX . 'menu` GROUP BY `template`;')->fetchAll();
+	foreach($templates as $key => $value) {
+		$file = TEMPLATES . $value['template'] . '/config.php';
+		if(!file_exists($file)) {
+			unset($templates[$key]);
+		}
+	}
+	
+	echo $twig->render('admin.menus.form.html.twig', array(
+		'templates' => $templates
+	));
+}
+?>