* update to 0.7.0

* first usage report will be send after 7 days

CHANGELOG

@@ -1,3 +1,90 @@
+[0.7.0 - 20.11.2017]
+	- moved template menus to database, they're now dynamically loaded
+	- added anonymous usage statistics reporting (only if user agrees, first usage report will be send after 7 days)
+	- you can edit them in Admin Panel under 'Menus' option
+	- you can also add custom links, like http://google.pl
+	- added networks (facebook and twitter) and highscores (top 5) boxes to tibiacom template, configurable in templates/tibiacom/config.php
+	- added news ticker for kathrine template
+	- added featured article to tibiacom template (you can add them with add news button)
+	- added tinymce editor to 'Pages' in admin panel
+	- added links to edit/delete/hide custom page directly from page
+	- update forum post after editing news (when forum post has been created)
+	- enabled code plugin for tinymce which enabled raw html code editing
+	- removed videos pages, as it can be easily added using custom Menus and Pages with insert Media
+	- removed bug_report configurable, its now enabled by default
+	- log some error info when mail cannot be send on account create
+	- twig getLink function will now return with full url (BASE_URL included)
+	- verify install post values directly on config page and display error
+	- updated tinymce to version 4.7.2 (from 4.7.0)
+	- updated phpmailer to version 5.2.26 (from 5.2.23)
+	- (#30) (fix) recovering account on servers that doesn't support salts
+	- (fix) account email confirm function
+	- (fix) showing changelog with urls in Admin Panel
+	- (fix) uninstalling plugin
+	- (fix) polls box in tibiacom template
+	- (fix) remove hooks from db on plugin deinstall
+	- (fix) some weird include possibilities with forum and account actions (verify action name)
+	- (fix) loading hooks from plugin installed from command line
+	- (fix) some changelog PHP Notice warning
+	- (internal) moved uninstall logic to Plugins class
+	- (internal) moved tibiacom boxes to separate directory
+	- (internal) moved news tickers to twig template
+	- (internal) moved Forum class to separate file
+	- (internal) moved deprecated functions to compat.php
+	- (internal) added some compat functions that are used by shop system
+	- (internal) renamed constant TICKET -> TICKER
+	- (internal) shortened message functions
+	
+[0.6.6 - 22.10.2017]
+	- fixed some php fatal error on spells page
+	- changed spells.vocations field in db size to 300
+	- please reload your spells after this update!
+
+[0.6.5 - 21.10.2017]
+	- fixed displaying custom pages
+	- fixed adding new group forum board
+	
+[0.6.4 - 20.10.2017]
+	- reverted OTS_Account::getLastLogin() cause its used by tibia11-login plugin
+	
+[0.6.3 - 20.10.2017]
+	- fixed creating account
+	- fixed viewing thread without being logged 
+	- fixed showing premium account status
+	
+[0.6.2 - 20.10.2017]
+	- added forums for guilds and groups
+	- added nice looking menu for my account page in default template
+	- new command line tool: install_plugin.php - can be used to install plugins from command line. Usage: "php install_plugin.php path_to_file"
+	- added new tooltip to view characters equipment item name and monster loot
+	- added items.xml loader class and weapons.xml loader class
+	- minimum PHP version to install AAC is now 5.3.0 cause of Anonymous functions used by Twig
+	- Added 'Are you sure?' popup when uninstalling plugin
+	- added some warnings when plugin json file is incomplete
+	- fixed showing in characters ban expires when is unlimited
+	- fixed displaying monster loot when item.name in loot is used instead of item.id
+	- load also runes into spells table
+	- display plugin uninstall option only if its possible
+	- after changing template you will be redirected to latest viewed page
+	- display gallery add image form only on main gallery page
+	- (internal) moved most of guilds html-in-php code to twig
+	- (internal) moved spells page to twig template
+	- (internal) removed useless spells.spell column that was duplicate of spells.words
+	- (internal) save monster loot in database in json format instead loading it every time from xml file
+	- (internal) store monster voices and immunities in json format
+	- (internal) moved buttons to separate template
+	- (internal) moved online search form to twig
+	- (internal) added new function getItemNameById($id)
+	- (internal) Moved plugin install logic to a new class: Plugins
+	- (internal) changed spells.vocations database field to store json data instead of comma separated
+	- (internal) removed $hook_types array, using defined() and constant() functions now
+	- (internal) removed useless monsters.gfx_name field from database
+	- (internal) renamed database field monsters.hide_creature to hidden
+	- (internal) renamed existing Items class to Items_Images
+	- (internal) optimized Spells class
+	- (internal) new function: OTS_Guild::hasMember(OTS_Player $player)
+	- (internal) new function: Forum::hasAccess($board_id)
+	
 [0.6.1 - 17.10.2017]
 	- fixed signatures loading
 	- new configurable: session_prefix, to allow more websites on one machine (must be unique for every website on your dedicated server!)

README.md

@@ -5,7 +5,7 @@ Official website: https://my-aac.org
 
 ### REQUIREMENTS
 
-	- PHP 5.2.0 or later
+	- PHP 5.3.0 or later
 	- MySQL database
 	- PDO PHP Extension
 	- XML PHP Extension

admin/template/style.css

@@ -28,7 +28,7 @@ h1, h2, h3, h4, h5, h6 {color: #313334; font-weight: bold;}
 	margin-left:5px;
 }
 
-.button { background:#eee url(images/button.gif) repeat-x 0 0; border:solid 1px #b1a874; color:#7f7f7f; font-size:11px; padding:2px 6px 2px 6px; cursor:pointer; line-height:14px !important; }
+.button { background:#eee repeat-x 0 0; border:solid 1px #b1a874; color:#7f7f7f; font-size:11px; padding:2px 6px 2px 6px; cursor:pointer; line-height:14px !important; }
 .button:hover { color:#333; border-color:#857b42; }
 
 .field, .button { -moz-border-radius:4px; -webkit-border-radius:4px; }
@@ -126,7 +126,7 @@ a.ico:hover { color:#333;}
 	font-size: 12px;
 }
 #status .success {
-  margin: 0px:
+  margin: 0px;
 }
 #version {
 	position: absolute; top: 10px; right: 10px;

admin/template/template.php

@@ -39,10 +39,12 @@
 						'Dashboard' => 'dashboard',
 						'Mailer' => 'mailer',
 						'Pages' => 'pages',
+						'Menus' => 'menus',
 						'Plugins' => 'plugins',
 						'Statistics' => 'statistics',
 						'Visitors' => 'visitors',
 						'Players' => 'players',
+						'Items' => 'items',
 						'Tools' => array(
 							'phpinfo' => 'phpinfo'
 						),

common.php

@@ -21,14 +21,13 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 session_start();
 
 define('MYAAC', true);
-define('MYAAC_VERSION', '0.6.1');
-define('DATABASE_VERSION', 11);
+define('MYAAC_VERSION', '0.7.0');
+define('DATABASE_VERSION', 18);
 define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));
 define('MYAAC_OS', (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? 'WINDOWS' : (strtoupper(PHP_OS) == 'DARWIN' ? 'MAC' : 'LINUX'));
@@ -46,10 +45,11 @@ define('FLAG_CONTENT_MONSTERS', 256);
 define('FLAG_CONTENT_GALLERY', 512);
 define('FLAG_CONTENT_VIDEOS', 1024);
 define('FLAG_CONTENT_FAQ', 2048);
+define('FLAG_CONTENT_MENUS', 4096);
 
 // news
 define('NEWS', 1);
-define('TICKET', 2);
+define('TICKER', 2);
 define('ARTICLE', 3);
 
 // directories
@@ -65,6 +65,14 @@ define('PLUGINS', BASE . 'plugins/');
 define('TEMPLATES', BASE . 'templates/');
 define('TOOLS', BASE . 'tools/');
 
+// menu categories
+define('MENU_CATEGORY_NEWS', 1);
+define('MENU_CATEGORY_ACCOUNT', 2);
+define('MENU_CATEGORY_COMMUNITY', 3);
+define('MENU_CATEGORY_FORUM', 4);
+define('MENU_CATEGORY_LIBRARY', 5);
+define('MENU_CATEGORY_SHOP', 6);
+
 // otserv versions
 define('OTSERV', 1);
 define('OTSERV_06', 2);
@@ -86,12 +94,15 @@ $basedir = str_replace('/admin', '', $basedir);
 $basedir = str_replace('/install', '', $basedir);
 define('BASE_DIR', $basedir);
 
-if(isset($_SERVER['HTTPS'][0]) && $_SERVER['HTTPS'] == 'on')
-	define('SERVER_URL', 'https://' . $_SERVER['HTTP_HOST']);
-else
-	define('SERVER_URL', 'http://' . $_SERVER['HTTP_HOST']);
-
-define('BASE_URL', SERVER_URL . BASE_DIR . '/');
-define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
-//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
+if(isset($_SERVER['HTTP_HOST'])) {
+	if (isset($_SERVER['HTTPS'][0]) && $_SERVER['HTTPS'] == 'on')
+		define('SERVER_URL', 'https://' . $_SERVER['HTTP_HOST']);
+	else
+		define('SERVER_URL', 'http://' . $_SERVER['HTTP_HOST']);
+	
+	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
+	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
+	
+	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
+}
 ?>

config.php

@@ -13,7 +13,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 
@@ -74,7 +73,7 @@ $config = array(
 		//'2' => 'Your Second World Name'
 	),
 
-	// items
+	// images
 	'outfit_images_url' => 'http://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
 	'item_images_url' => 'http://item-images.ots.me/960/', // set to images/items if you host your own items in images folder
 
@@ -111,7 +110,7 @@ $config = array(
 
 	// reCAPTCHA (prevent spam bots)
 	'recaptcha_enabled' => false, // enable recaptcha verification code
-	'recaptcha_site_key' => '', // get your own public and private keys at https://www.google.com/recaptcha
+	'recaptcha_site_key' => '', // get your own site and secret keys at https://www.google.com/recaptcha
 	'recaptcha_secret_key' => '',
 	'recaptcha_theme' => 'light', // light, dark
 
@@ -214,8 +213,8 @@ $config = array(
 	'gifts_system' => false,
 	
 	// support/system
-	'bug_report' => true,
-
+	'bug_report' => true, // this configurable has no effect, its always enabled
+	
 	// forum
 	'forum' => 'site', // link to the server forum, set to "site" if you want to use build in forum system, otherwise leave empty if you aren't going to use any forum
 	'forum_level_required' => 0, // level required to post, 0 to disable
@@ -231,6 +230,7 @@ $config = array(
 	'status_port' => '',
 
 	// other
+	'anonymous_usage_statistics' => true,
 	'email_lai_sec_interval' => 60, // time in seconds between e-mails to one account from lost account interface, block spam
 	'google_analytics_id' => '', // e.g.: UA-XXXXXXX-X
 	'experiencetable_columns' => 5, // how many columns to display in experience table page. * experiencetable_rows, 5 = 500 (will show up to 500 level)

index.php

@@ -21,7 +21,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 
@@ -30,20 +29,7 @@
 // ini_set('display_startup_errors', 1);
 // error_reporting(E_ALL);
 
-if(preg_match("/^(.*)\.(gif|jpg|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz)$/i", $_SERVER['REQUEST_URI'])) {
-	header("HTTP/1.0 404 Not Found");
-	exit;
-}
-
 require_once('common.php');
-require_once(BASE . 'config.local.php');
-
-if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed']))
-{
-	header('Location: ' . BASE_URL . 'install/');
-	die('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
-}
-
 require_once(SYSTEM . 'functions.php');
 
 $uri = $_SERVER['REQUEST_URI'];
@@ -54,98 +40,120 @@ if(!empty($tmp))
 else
 	$uri = str_replace_first('/', '', $uri);
 
-$uri = strtolower(str_replace(array('index.php/', '?'), '', $uri));
+$uri = str_replace(array('index.php/', '?'), '', $uri);
+define('URI', $uri);
+
+if(preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
+	$tmp = explode('.', $uri);
+	$_REQUEST['name'] = urldecode($tmp[0]);
+	
+	chdir(TOOLS . 'signature');
+	include(TOOLS . 'signature/index.php');
+	exit();
+}
+else if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz)$/i", $_SERVER['REQUEST_URI'])) {
+	header("HTTP/1.0 404 Not Found");
+	exit;
+}
+
+require_once(BASE . 'config.local.php');
+if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed']))
+{
+	header('Location: ' . BASE_URL . 'install/');
+	die('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
+}
 
 $found = false;
 if(empty($uri) || isset($_REQUEST['template'])) {
 	$_REQUEST['p'] = 'news';
 	$found = true;
 }
-else if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $uri . '.php')) {
-	$_REQUEST['p'] = $uri;
-	$found = true;
-}
 else {
-	$rules = array(
-		'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
-		'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
-		'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
-		'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
-		'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
-		'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
-		'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
-		'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
-		'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
-		'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
-		'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
-		'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
-		'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
-		'/^account\/character\/comment\/[A-Za-z]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
-		'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
-		'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
-		'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
-		'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
-		'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
-		'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
-		'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
-		'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
-		'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
-		'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
-		'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
-		'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
-		'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
-		'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
-		'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
-		'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
-		'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
-		'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
-		'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
-		'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
-		'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
-		'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
-		'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
-		'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
-		'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
-		'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1')
-	);
-	
-	if (preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
-		$tmp = explode('.', $uri);
-		$_REQUEST['name'] = urldecode($tmp[0]);
-		
-		chdir(TOOLS . 'signature');
-		include(TOOLS . 'signature/index.php');
-		exit();
+	$tmp = strtolower($uri);
+	if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $tmp . '.php')) {
+		$_REQUEST['p'] = $uri;
+		$found = true;
 	}
-	
-	foreach($rules as $rule => $redirect) {
-		if (preg_match($rule, $uri)) {
-			$tmp = explode('/', $uri);
-			foreach($redirect as $key => $value) {
-				if(strpos($value, '$') !== false) {
-					$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
+	else {
+		$rules = array(
+			'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
+			'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
+			'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
+			'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
+			'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
+			'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
+			'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
+			'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
+			'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
+			'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
+			'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
+			'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
+			'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
+			'/^account\/character\/comment\/[A-Za-z0-9-_%+\']+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
+			'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
+			'/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
+			'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
+			'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
+			'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
+			'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
+			'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
+			'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
+			'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
+			'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
+			'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
+			'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
+			'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
+			'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
+			'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
+			'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
+			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
+			'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
+			'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
+			'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
+			'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
+			'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
+			'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
+			'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
+			'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
+			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
+		);
+		
+		foreach($rules as $rule => $redirect) {
+			if (preg_match($rule, $uri)) {
+				$tmp = explode('/', $uri);
+				foreach($redirect as $key => $value) {
+					
+					if(strpos($value, '$') !== false) {
+						$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
+					}
+					
+					$_REQUEST[$key] = $value;
+					$_GET[$key] = $value;
 				}
 				
-				$_REQUEST[$key] = $value;
-				$_GET[$key] = $value;
+				$found = true;
+				break;
 			}
-			
-			$found = true;
-			break;
 		}
 	}
-	
-	if(!$found)
-		$_REQUEST['p'] = $uri;
 }
 
 // define page visited, so it can be used within events system
 $page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_REQUEST['p']) ? $_REQUEST['p'] : '');
-if(empty($page) || preg_match('/[^A-z0-9\/_\-]/', $page)) {
-	if(!$found)
-		$page = '404';
-	else
-		$page = 'news';
+if(empty($page) || !preg_match('/^[A-z0-9\_\-]+$/', $page)) {
+	$tmp = URI;
+	if(!empty($tmp)) {
+		$page = $tmp;
+	}
+	else {
+		if(!$found)
+			$page = '404';
+		else
+			$page = 'news';
+	}
 }
 
 $page = strtolower($page);
@@ -154,9 +162,9 @@ define('PAGE', $page);
 $template_place_holders = array();
 
 require_once(SYSTEM . 'init.php');
+require_once(SYSTEM . 'template.php');
 require_once(SYSTEM . 'login.php');
 require_once(SYSTEM . 'status.php');
-require_once(SYSTEM . 'template.php');
 
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
@@ -190,6 +198,41 @@ $hooks = new Hooks();
 $hooks->load();
 $hooks->trigger(HOOK_STARTUP);
 
+// anonymous usage statistics
+// sent only when user agrees
+if(isset($config['anonymous_usage_statistics']) && $config['anonymous_usage_statistics']) {
+	$report_time = 30 * 24 * 60 * 60; // report one time per 30 days
+	$should_report = true;
+	
+	$value = '';
+	if($cache->enabled() && $cache->fetch('last_usage_report', $value)) {
+		$should_report = time() > (int)$value + $report_time;
+	}
+	else {
+		$value = '';
+		if(fetchDatabaseConfig('last_usage_report', $value)) {
+			$should_report = time() > (int)$value + $report_time;
+			if($cache->enabled()) {
+				$cache->set('last_usage_report', $value);
+			}
+		}
+		else {
+			registerDatabaseConfig('last_usage_report', time() - ($report_time - (7 * 24 * 60 * 60))); // first report after a week
+			$should_report = false;
+		}
+	}
+	
+	if($should_report) {
+		require_once(LIBS . 'usage_statistics.php');
+		Usage_Statistics::report();
+		
+		updateDatabaseConfig('last_usage_report', time());
+		if($cache->enabled()) {
+			$cache->set('last_usage_report', time());
+		}
+	}
+}
+
 if($config['views_counter'])
 	require_once(SYSTEM . 'counter.php');
 
@@ -235,6 +278,7 @@ if($config['backward_support']) {
 	$layout_header = template_header();
 	$layout_name = $template_path;
 	$news_content = '';
+	$tickers_content = '';
 	$subtopic = PAGE;
 	$main_content = '';
 	
@@ -275,14 +319,14 @@ if($load_it)
 
 	$ignore = false;
 
-	$logged_access = 0;
+	$logged_access = 1;
 	if($logged && $account_logged && $account_logged->isLoaded()) {
 		$logged_access = $account_logged->getAccess();
 	}
 
 	$query =
 		$db->query(
-			'SELECT `title`, `body`, `php`' .
+			'SELECT `id`, `title`, `body`, `php`, `hidden`' .
 			' FROM `' . TABLE_PREFIX . 'pages`' .
 			' WHERE `name` LIKE ' . $db->quote($page) . ' AND `hidden` != 1 AND `access` <= ' . $db->quote($logged_access));
 	if($query->rowCount() > 0) // found page
@@ -322,11 +366,17 @@ if($load_it)
 		}
 		else
 			$content .= $query['body']; // plain html
+		
+		if(hasFlag(FLAG_CONTENT_PAGES) || superAdmin()) {
+			$content = $twig->render('admin.pages.links.html.twig', array(
+				'page' => array('id' => $query['id'], 'hidden' => $query['hidden'])
+			)) . $content;
+		}
 	}
 	else
 	{
 		$file = SYSTEM . 'pages/' . $page . '.php';
-		if(!@file_exists($file) && !$found)
+		if(!@file_exists($file))
 		{
 			$page = '404';
 			$file = SYSTEM . 'pages/404.php';

install/includes/schema.sql

@@ -84,6 +84,8 @@ CREATE TABLE `myaac_forum_boards`
 	`name` VARCHAR(32) NOT NULL,
 	`description` VARCHAR(255) NOT NULL DEFAULT '',
 	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`guild` INT(11) NOT NULL DEFAULT 0,
+	`access` INT(11) NOT NULL DEFAULT 0,
 	`closed` TINYINT(1) NOT NULL DEFAULT 0,
 	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
@@ -105,7 +107,7 @@ CREATE TABLE `myaac_forum`
 	`author_aid` int(20) NOT NULL default '0',
 	`author_guid` int(20) NOT NULL default '0',
 	`post_text` text NOT NULL,
-	`post_topic` varchar(255) NOT NULL,
+	`post_topic` varchar(255) NOT NULL DEFAULT '',
 	`post_smile` tinyint(1) NOT NULL default '0',
 	`post_date` int(20) NOT NULL default '0',
 	`last_edit_aid` int(20) NOT NULL default '0',
@@ -128,22 +130,112 @@ CREATE TABLE `myaac_hooks`
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
 
+CREATE TABLE `myaac_items`
+(
+	`id` INT(11) NOT NULL,
+	`article` VARCHAR(5) NOT NULL DEFAULT '',
+	`name` VARCHAR(50) NOT NULL DEFAULT '',
+	`plural` VARCHAR(50) NOT NULL DEFAULT '',
+	`attributes` VARCHAR(500) NOT NULL DEFAULT '',
+	PRIMARY KEY (`id`)
+) ENGINE = MyISAM;
+
+CREATE TABLE `myaac_menu`
+(
+	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`template` VARCHAR(255) NOT NULL,
+	`name` VARCHAR(255) NOT NULL,
+	`link` VARCHAR(255) NOT NULL,
+	`category` INT(11) NOT NULL DEFAULT 1,
+	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`enabled` INT(1) NOT NULL DEFAULT 1,
+	PRIMARY KEY (`id`)
+) ENGINE = MyISAM;
+
+/* MENU_CATEGORY_NEWS kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Latest News', 'news', 1, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'News Archive', 'news/archive', 1, 1);
+/* MENU_CATEGORY_ACCOUNT kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Account Management', 'account/manage', 2, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Create Account', 'account/create', 2, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Lost Account?', 'account/lost', 2, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Rules', 'rules', 2, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Downloads', 'downloads', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Report Bug', 'bugtracker', 2, 5);
+/* MENU_CATEGORY_COMMUNITY kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Who is Online?', 'online', 3, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Characters', 'characters', 3, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Guilds', 'guilds', 3, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Highscores', 'highscores', 3, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Last Deaths', 'lastkills', 3, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Houses', 'houses', 3, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Bans', 'bans', 3, 6);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Forum', 'forum', 3, 7);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Team', 'team', 3, 8);
+/* MENU_CATEGORY_LIBRARY kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Monsters', 'creatures', 5, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Spells', 'spells', 5, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Info', 'serverInfo', 5, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Commands', 'commands', 5, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Gallery', 'gallery', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Experience Table', 'experienceTable', 5, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'FAQ', 'faq', 5, 6);
+/* MENU_CATEGORY_SHOP kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Buy Points', 'points', 6, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop Offer', 'gifts', 6, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop History', 'gifts/history', 6, 2);
+/* MENU_CATEGORY_NEWS tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Latest News', 'news', 1, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'News Archive', 'news/archive', 1, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Changelog', 'changelog', 1, 2);
+/* MENU_CATEGORY_ACCOUNT tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Account Management', 'account/manage', 2, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Create Account', 'account/create', 2, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Lost Account?', 'account/lost', 2, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Rules', 'rules', 2, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Downloads', 'downloads', 2, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Report Bug', 'bugtracker', 2, 5);
+/* MENU_CATEGORY_COMMUNITY tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Characters', 'characters', 3, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Who Is Online?', 'online', 3, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Highscores', 'highscores', 3, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Last Kills', 'lastkills', 3, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Houses', 'houses', 3, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Guilds', 'guilds', 3, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Polls', 'polls', 3, 6);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Bans', 'bans', 3, 7);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Support List', 'team', 3, 8);
+/* MENU_CATEGORY_FORUM tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Forum', 'forum', 4, 0);
+/* MENU_CATEGORY_LIBRARY tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Creatures', 'creatures', 5, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Spells', 'spells', 5, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Commands', 'commands', 5, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Exp Stages', 'experienceStages', 5, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Gallery', 'gallery', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Info', 'serverInfo', 5, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Experience Table', 'experienceTable', 5, 6);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Support List', 'team', 5, 7);
+/* MENU_CATEGORY_SHOP tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Buy Points', 'points', 6, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop Offer', 'gifts', 6, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop History', 'gifts/history', 6, 2);
+
 CREATE TABLE `myaac_monsters` (
 	`id` int(11) NOT NULL AUTO_INCREMENT,
-	`hide_creature` tinyint(1) NOT NULL default '0',
+	`hidden` tinyint(1) NOT NULL default 0,
 	`name` varchar(255) NOT NULL,
-	`mana` int(11) NOT NULL,
+	`mana` int(11) NOT NULL DEFAULT 0,
 	`exp` int(11) NOT NULL,
 	`health` int(11) NOT NULL,
-	`speed_lvl` int(11) NOT NULL default '1',
+	`speed_lvl` int(11) NOT NULL default 1,
 	`use_haste` tinyint(1) NOT NULL,
 	`voices` text NOT NULL,
 	`immunities` varchar(255) NOT NULL,
 	`summonable` tinyint(1) NOT NULL,
 	`convinceable` tinyint(1) NOT NULL,
 	`race` varchar(255) NOT NULL,
-	`gfx_name` varchar(255) NOT NULL,
-	`file_path` varchar(255) NOT NULL,
+	`loot` varchar(500) NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
 
@@ -163,13 +255,15 @@ CREATE TABLE `myaac_news`
 	`id` INT(11) NOT NULL AUTO_INCREMENT,
 	`title` VARCHAR(100) NOT NULL,
 	`body` TEXT NOT NULL,
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - news, 2 - ticket, 3 - article',
+	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - news, 2 - ticker, 3 - article',
 	`date` INT(11) NOT NULL DEFAULT 0,
 	`category` TINYINT(1) NOT NULL DEFAULT 0,
 	`player_id` INT(11) NOT NULL DEFAULT 0,
 	`last_modified_by` INT(11) NOT NULL DEFAULT 0,
 	`last_modified_date` INT(11) NOT NULL DEFAULT 0,
-	`comments` VARCHAR(50) NOT NULL,
+	`comments` VARCHAR(50) NOT NULL DEFAULT '',
+	`article_text` VARCHAR(300) NOT NULL DEFAULT '',
+	`article_image` VARCHAR(100) NOT NULL DEFAULT '',
 	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
@@ -235,17 +329,18 @@ CREATE TABLE `myaac_spells`
 	`name` VARCHAR(255) NOT NULL,
 	`words` VARCHAR(255) NOT NULL,
 	`category` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - attack, 2 - healing, 3 - summon, 4 - supply, 5 - support',
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - rune',
+	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune',
 	`level` INT(11) NOT NULL DEFAULT 0,
 	`maglevel` INT(11) NOT NULL DEFAULT 0,
 	`mana` INT(11) NOT NULL DEFAULT 0,
 	`soul` TINYINT(3) NOT NULL DEFAULT 0,
 	`conjure_count` TINYINT(3) NOT NULL DEFAULT 0,
+	`item_id` INT(11) NOT NULL DEFAULT 0,
 	`premium` TINYINT(1) NOT NULL DEFAULT 0,
-	`vocations` VARCHAR(32) NOT NULL,
+	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
 	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
-	UNIQUE (`spell`)
+	UNIQUE (`name`)
 ) ENGINE = MyISAM;
 
 CREATE TABLE `myaac_visitors`
@@ -255,3 +350,12 @@ CREATE TABLE `myaac_visitors`
 	`page` VARCHAR(100) NOT NULL,
 	UNIQUE (`ip`)
 ) ENGINE = MyISAM;
+
+CREATE TABLE `myaac_weapons`
+(
+	`id` INT(11) NOT NULL,
+	`level` INT(11) NOT NULL DEFAULT 0,
+	`maglevel` INT(11) NOT NULL DEFAULT 0,
+	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
+	PRIMARY KEY (`id`)
+) ENGINE = MyISAM;

install/index.php

@@ -30,16 +30,30 @@ $steps = array(1 => 'welcome', 2 => 'license', 3 => 'requirements', 4 => 'config
 if(!in_array($step, $steps)) // check if step is valid
 	die('ERROR: Unknown step.');
 
+$errors = array();
 if($step == 'database')
 {
 	foreach($_POST['vars'] as $key => $value)
 	{
-		if(empty($value))
+		if($key != 'usage' && empty($value))
 		{
-			$step = 'config';
-			$errors = '<p class="error">' . $locale['please_fill_all'] . '</p>';
+			$errors[] = $locale['please_fill_all'];
 			break;
 		}
+		else if($key == 'mail_admin' && !Validator::email($value))
+		{
+			$errors[] = $locale['step_config_mail_admin_error'];
+			break;
+		}
+		else if($key == 'mail_address' && !Validator::email($value))
+		{
+			$errors[] = $locale['step_config_mail_address_error'];
+			break;
+		}
+	}
+
+	if(!empty($errors)) {
+		$step = 'config';
 	}
 }
 

install/steps/config.php

@@ -79,6 +79,7 @@ echo $twig->render('install.config.html.twig', array(
 	'clients' => $clients,
 	'locale' => $locale,
 	'session' => $_SESSION,
+	'errors' => isset($errors) ? $errors : null,
 	'buttons' => next_buttons()
 ));
 ?>

install/steps/database.php

@@ -23,7 +23,11 @@ if(!$error) {
 					$value .= "/";
 			}
 
-			if($key != 'var_account' && $key != 'var_account_id' && $key != 'var_password') {
+			if($key == 'var_usage') {
+				$content .= '$config[\'anonymous_usage_statistics\'] = ' . ((int)$value == 1 ? 'true' : 'false') . ';';
+				$content .= PHP_EOL;
+			}
+			else if($key != 'var_account' && $key != 'var_account_id' && $key != 'var_password') {
 				$content .= '$config[\'' . str_replace('var_', '', $key) . '\'] = \'' . $value . '\';';
 				$content .= PHP_EOL;
 			}
@@ -85,7 +89,7 @@ if(!$error) {
 		
 			if(!fieldExist('blocked', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `blocked` TINYINT(1) NOT NULL DEFAULT FALSE COMMENT 'internal usage' AFTER `key`;"))
-					success($locale['step_database_adding_field'] . ' accounts.created...');
+					success($locale['step_database_adding_field'] . ' accounts.blocked...');
 			}
 	
 			if(!fieldExist('created', 'accounts')) {
@@ -238,6 +242,7 @@ if(!$error) {
 			$content .= '// place for your configuration directives, so you can later easily update myaac';
 			$content .= PHP_EOL;
 			$content .= "?>";
+			
 			$file = fopen(BASE . 'config.local.php', 'a+');
 			if($file) {
 				if(!$error) {

install/steps/requirements.php

@@ -22,7 +22,7 @@ function version_check($name, $ok, $info = '', $warning = false)
 $failed = false;
 
 // start validating
-version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50200), PHP_VERSION);
+version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50300), PHP_VERSION);
 foreach(array('config.local.php', 'images/guilds', 'images/houses', 'images/gallery') as $value)
 {
 	$perms = (int) substr(decoct(fileperms(BASE . $value)), 2);

system/bin/install_plugin.php

@@ -0,0 +1,39 @@
+<?php
+
+if(php_sapi_name() != "cli") {
+	die('This script can be run only in command line mode.');
+}
+
+require_once('../../common.php');
+require_once(SYSTEM . 'functions.php');
+require_once(SYSTEM . 'init.php');
+require_once(SYSTEM . 'hooks.php');
+require_once(LIBS . 'plugins.php');
+
+if($argc != 2) {
+	exit('This command expects one parameter: zip file name (plugin)' . PHP_EOL);
+}
+
+$path_to_file = $argv[1];
+$ext = strtolower(pathinfo($path_to_file, PATHINFO_EXTENSION));
+if($ext != 'zip') {// check if it is zipped/compressed file
+	exit('Please install only .zip files.' . PHP_EOL);
+}
+
+if(!file_exists($path_to_file)) {
+	exit('ERROR: File ' . $path_to_file . ' does not exist' . PHP_EOL);
+}
+
+if(Plugins::install($path_to_file)) {
+	foreach(Plugins::getWarnings() as $warning) {
+		echo 'WARNING: ' . $warning;
+	}
+	
+	$info = Plugins::getPluginInfo();
+	echo (isset($info['name']) ? $info['name'] . ' p' : 'P') . 'lugin has been successfully installed.';
+}
+else
+	echo 'ERROR: ' . Plugins::getError();
+
+echo PHP_EOL;
+?>

system/compat.php

@@ -0,0 +1,63 @@
+<?php
+/**
+ * Deprecated functions (compat)
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+function check_name($name, &$errors = '') {
+	if(Validator::characterName($name))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function check_account_id($id, &$errors = '') {
+	if(Validator::accountId($id))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function check_account_name($name, &$errors = '') {
+	if(Validator::accountName($name))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function check_name_new_char($name, &$errors = '') {
+	if(Validator::newCharacterName($name))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function check_rank_name($name, &$errors = '') {
+	if(Validator::rankName($name))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function check_guild_name($name, &$errors = '') {
+	if(Validator::guildName($name))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function news_place() {
+	return tickers();
+}
+?>

system/compat_pages.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/counter.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/countries.conf.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/database.php

@@ -1,4 +1,12 @@
 <?php
+/**
+ * Database connection
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
 defined('MYAAC') or die('Direct access not allowed!');
 
 	if(!isset($config['database_type'][0]) || !isset($config['database_user'][0]) || !isset($config['database_password'][0]) || !isset($config['database_name'][0]))

system/functions.php

@@ -5,27 +5,29 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
-function success($message, $return = false) {
+
+function message($message, $type, $return)
+{
 	if($return)
-		return '<p class="success">' . $message . '</p>';
+		return '<p class="' . $type . '">' . $message . '</p>';
 	
-	echo '<p class="success">' . $message . '</p>';
+	echo '<p class="' . $type . '">' . $message . '</p>';
+	return true;
+}
+function success($message, $return = false) {
+	return message($message, 'success', $return);
 }
 function warning($message, $return = false) {
-	if($return)
-		return '<p class="warning">' . $message . '</p>';
-	
-	echo '<p class="warning">' . $message . '</p>';
+	return message($message, 'warning', $return);
+}
+function note($message, $return = false) {
+	return message($message, 'note', $return);
 }
 function error($message, $return = false) {
-	if($return)
-		return '<p class="error">' . $message . '</p>';
-	
-	echo '<p class="error">' . $message . '</p>';
+	return message($message, 'error', $return);
 }
 
 function longToIp($ip)
@@ -117,14 +119,32 @@ function getGuildLink($name, $generate = true)
 	return generateLink($url, $name);
 }
 
+function getItemNameById($id) {
+	global $db;
+	$query = $db->query('SELECT `name` FROM `' . TABLE_PREFIX . 'items` WHERE `id` = ' . $db->quote($id) . ' LIMIT 1;');
+	if($query->rowCount() == 1) {
+		$item = $query->fetch();
+		return $item['name'];
+	}
+	
+	return '';
+}
+
 function getItemImage($id, $count = 1)
 {
+	$tooltip = '';
+	
+	$name = getItemNameById($id);
+	if(!empty($name)) {
+		$tooltip = ' class="tooltip" title="' . $name . '"';
+	}
+
 	$file_name = $id;
 	if($count > 1)
 		$file_name .= '-' . $count;
 
 	global $config;
-	return '<img src="' . $config['item_images_url'] . $file_name . '.gif" width="32" height="32" border="0" alt=" ' .$id . '" />';
+	return '<img src="' . $config['item_images_url'] . $file_name . '.gif"' . $tooltip . ' width="32" height="32" border="0" alt=" ' .$id . '" />';
 }
 
 function getFlagImage($country)
@@ -197,7 +217,7 @@ function generateRandomString($length, $lowCase = true, $upCase = false, $numeri
 function getForumBoards()
 {
 	global $db, $canEdit;
-	$sections = $db->query('SELECT `id`, `name`, `description`, `closed`' . ($canEdit ? ', `hidden`, `ordering`' : '') . ' FROM `' . TABLE_PREFIX . 'forum_boards` ' . (!$canEdit ? ' WHERE `hidden` != 1' : '') .
+	$sections = $db->query('SELECT `id`, `name`, `description`, `closed`, `guild`, `access`' . ($canEdit ? ', `hidden`, `ordering`' : '') . ' FROM `' . TABLE_PREFIX . 'forum_boards` ' . (!$canEdit ? ' WHERE `hidden` != 1' : '') .
 		' ORDER BY `ordering`;');
 	if($sections)
 		return $sections->fetchAll();
@@ -393,42 +413,16 @@ function short_text($text, $limit)
 	return $text;
 }
 
-function news_place()
+function tickers()
 {
-	global $template_path, $news_content;
-
-	$news = '';
-	if(PAGE == 'news')
-	{
-		//add tickers to site - without it tickers will not be showed
-		if(isset($news_content))
-			$news .= $news_content;
-
-		//featured article
-/*		$news .= '  <div id="featuredarticle" class="Box">
-			<div class="Corner-tl" style="background-image:url('.$template_path.'/images/content/corner-tl.gif);"></div>
-			<div class="Corner-tr" style="background-image:url('.$template_path.'/images/content/corner-tr.gif);"></div>
-			<div class="Border_1" style="background-image:url('.$template_path.'/images/content/border-1.gif);"></div>
-			<div class="BorderTitleText" style="background-image:url('.$template_path.'/images/content/title-background-green.gif);"></div>
-			<img class="Title" src="'.$template_path.'/images/strings/headline-featuredarticle.gif" alt="Contentbox headline" />
-			<div class="Border_2">
-			  <div class="Border_3">
-				<div class="BoxContent" style="background-image:url('.$template_path.'/images/content/scroll.gif);">
-		<div id=\'TeaserThumbnail\'><img src="'.$template_path.'/images/news/features.jpg" width=150 height=100 border=0 alt="" /></div><div id=\'TeaserText\'><div style="position: relative; top: -2px; margin-bottom: 2px;" >
-		<b>Tutaj wpisz tytul</b></div>
-		tutaj wpisz tresc newsa<br>
-		zdjecie laduje sie w <i>tibiacom/images/news/features.jpg</i><br>
-		skad sie laduje mozesz zmienic linijke ponad komentarzem
-		</div>        </div>
-			  </div>
-			</div>
-			<div class="Border_1" style="background-image:url('.$template_path.'/images/content/border-1.gif);"></div>
-			<div class="CornerWrapper-b"><div class="Corner-bl" style="background-image:url('.$template_path.'/images/content/corner-bl.gif);"></div></div>
-			<div class="CornerWrapper-b"><div class="Corner-br" style="background-image:url('.$template_path.'/images/content/corner-br.gif);"></div></div>
-		  </div>';*/
+	global $tickers_content, $featured_article;
+	
+	if(PAGE == 'news') {
+		if(isset($tickers_content))
+			return $tickers_content . $featured_article;
 	}
 
-	return $news;
+	return '';
 }
 
 /**
@@ -467,8 +461,8 @@ function template_header($is_admin = false)
 	<meta http-equiv="content-type" content="text/html; charset=' . $charset . '" />';
 	if(!$is_admin)
 		$ret .= '
-	<title>' . $title_full . '</title>
-	<base href="' . BASE_URL . '" />';
+	<base href="' . BASE_URL . '" />
+	<title>' . $title_full . '</title>';
 
 	$ret .= '
 	<meta name="description" content="' . $config['meta_description'] . '" />
@@ -940,6 +934,7 @@ function str_replace_first($search, $replace, $subject) {
 	if ($pos !== false) {
 		return substr_replace($subject, $replace, $pos, strlen($search));
 	}
+	
 	return $subject;
 }
 
@@ -956,6 +951,63 @@ function unsetSession($key) {
 	unset($_SESSION[$config['session_prefix'] . $key]);
 }
 
+function getTopPlayers($limit = 5) {
+	global $cache, $config, $db;
+	
+	$fetch_from_db = true;
+	if($cache->enabled())
+	{
+		$tmp = '';
+		if($cache->fetch('top_' . $limit . '_level', $tmp))
+		{
+			$players = unserialize($tmp);
+			$fetch_from_db = false;
+		}
+	}
+	
+	if($fetch_from_db)
+	{
+		$deleted = 'deleted';
+		if(fieldExist('deletion', 'players'))
+			$deleted = 'deletion';
+		
+		$players = $db->query('SELECT `name`, `level`, `experience` FROM `players` WHERE `group_id` < ' . $config['highscores_groups_hidden'] . ' AND `' . $deleted . '` = 0 AND account_id != 1 ORDER BY `experience` DESC LIMIT 5')->fetchAll();
+		
+		$i = 0;
+		foreach($players as &$player) {
+			$player['rank'] = ++$i;
+		}
+		
+		if($cache->enabled())
+			$cache->set('top_' . $limit . '_level', serialize($players), 120);
+	}
+	
+	return $players;
+}
+
+function deleteDirectory($dir) {
+	if(!file_exists($dir)) {
+		return true;
+	}
+	
+	if(!is_dir($dir)) {
+		return unlink($dir);
+	}
+	
+	foreach(scandir($dir) as $item) {
+		if($item == '.' || $item == '..') {
+			continue;
+		}
+		
+		if(!deleteDirectory($dir . DIRECTORY_SEPARATOR . $item)) {
+			return false;
+		}
+	}
+	
+	return rmdir($dir);
+}
+
 // validator functions
 require_once(LIBS . 'validator.php');
+require_once(SYSTEM . 'compat.php');
 ?>

system/hooks.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -25,21 +24,6 @@ define('HOOK_CHARACTERS_AFTER_CHARACTERS', 12);
 define('HOOK_FIRST', HOOK_STARTUP);
 define('HOOK_LAST', HOOK_CHARACTERS_AFTER_CHARACTERS);
 
-$hook_types = array(
-	'STARTUP' => HOOK_STARTUP,
-	'BEFORE_PAGE' => HOOK_BEFORE_PAGE,
-	'AFTER_PAGE' => HOOK_AFTER_PAGE,
-	'FINISH' => HOOK_FINISH,
-	'TIBIACOM_ARTICLE' => HOOK_TIBIACOM_ARTICLE,
-	'TIBIACOM_BORDER_3' => HOOK_TIBIACOM_BORDER_3,
-	'CHARACTERS_BEFORE_INFORMATIONS' => HOOK_CHARACTERS_BEFORE_INFORMATIONS,
-	'CHARACTERS_AFTER_INFORMATIONS' => HOOK_CHARACTERS_AFTER_INFORMATIONS,
-	'CHARACTERS_BEFORE_SIGNATURE' => HOOK_CHARACTERS_BEFORE_SIGNATURE,
-	'CHARACTERS_AFTER_SIGNATURE' => HOOK_CHARACTERS_AFTER_SIGNATURE,
-	'CHARACTERS_AFTER_ACCOUNT' => HOOK_CHARACTERS_AFTER_ACCOUNT,
-	'CHARACTERS_AFTER_CHARACTERS' => HOOK_CHARACTERS_AFTER_CHARACTERS
-);
-
 class Hook
 {
 	private $_name, $_type, $_file;

system/init.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -48,11 +47,7 @@ $function = new Twig_SimpleFunction('getStyle', function ($i) {
 $twig->addFunction($function);
 
 $function = new Twig_SimpleFunction('getLink', function ($s) {
-	global $config;
-	if($config['friendly_urls'])
-		return $s;
-	
-	return '?' . $s;
+	return getLink($s);
 });
 $twig->addFunction($function);
 
@@ -62,6 +57,11 @@ $function = new Twig_SimpleFunction('hook', function ($hook) {
 });
 $twig->addFunction($function);
 
+$filter = new Twig_SimpleFilter('urlencode', function ($s) {
+	return urlencode($s);
+});
+$twig->addFilter($filter);
+
 // trim values we receive
 if(isset($_POST))
 {

system/item.php

@@ -5,21 +5,20 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
-require_once(SYSTEM . 'libs/items.php');
+require_once(SYSTEM . 'libs/items_images.php');
 
-Items::$files = array(
+Items_Images::$files = array(
 	'otb' => SYSTEM . 'data/items.otb',
 	'spr' => SYSTEM . 'data/Tibia.spr',
 	'dat' => SYSTEM . 'data/Tibia.dat'
 );
-Items::$outputDir = BASE . 'images/items/';
+Items_Images::$outputDir = BASE . 'images/items/';
 
 function generateItem($id = 100, $count = 1) {
-	Items::generate($id, $count);
+	Items_Images::generate($id, $count);
 }
 
 function itemImageExists($id, $count = 1)
@@ -31,7 +30,7 @@ function itemImageExists($id, $count = 1)
 	if($count > 1)
 		$file_name .= '-' . $count;
 
-	$file_name = Items::$outputDir . $file_name . '.gif';
+	$file_name = Items_Images::$outputDir . $file_name . '.gif';
 	return file_exists($file_name);
 }
 
@@ -43,7 +42,7 @@ function outputItem($id = 100, $count = 1)
 	if(!itemImageExists($id, $count))
 	{
 		//echo 'plik istnieje';
-		Items::generate($id, $count);
+		Items_Images::generate($id, $count);
 	}
 
 	$expires = 60 * 60 * 24 * 30; // 30 days
@@ -56,7 +55,7 @@ function outputItem($id = 100, $count = 1)
 	if($count > 1)
 		$file_name .= '-' . $count;
 
-	$file_name = Items::$outputDir . $file_name . '.gif';
+	$file_name = Items_Images::$outputDir . $file_name . '.gif';
 	readfile($file_name);
 }
 ?>

system/libs/cache.php

@@ -6,7 +6,6 @@
  * @author    Slawkens <slawkens@gmail.com>
  * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache_apc.php

@@ -6,7 +6,6 @@
  * @author    Slawkens <slawkens@gmail.com>
  * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache_eaccelerator.php

@@ -6,7 +6,6 @@
  * @author    Slawkens <slawkens@gmail.com>
  * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache_file.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache_xcache.php

@@ -6,7 +6,6 @@
  * @author    Slawkens <slawkens@gmail.com>
  * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/creatures.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -33,6 +32,12 @@ class Creatures {
 			return false;
 		}
 		
+		$items = array();
+		$items_db = $db->query('SELECT `id`, `name` FROM `' . TABLE_PREFIX . 'items`;');
+		foreach($items_db->fetchAll() as $item) {
+			$items[$item['name']] = $item['id'];
+		}
+		
 		//$names_added must be an array
 		$names_added[] = '';
 		//add monsters
@@ -44,10 +49,10 @@ class Creatures {
 				}
 				continue;
 			}
+			
 			//load monster mana needed to summon/convince
 			$mana = $monster->getManaCost();
-			//load monster experience
-			$exp = $monster->getExperience();
+
 			//load monster name
 			$name = $monster->getName();
 			//load monster health
@@ -67,51 +72,44 @@ class Creatures {
 					$use_haste = 1;
 				}
 			}
-			//load monster flags
-			$flags = $monster->getFlags();
-			//create string with immunities
-			$immunities = $monster->getImmunities();
-			$imu_nr = 0;
-			$imu_count = count($immunities);
-			$immunities_string = '';
-			foreach($immunities as $immunitie) {
-				$immunities_string .= $immunitie;
-				$imu_nr++;
-				if($imu_count != $imu_nr) {
-					$immunities_string .= ", ";
-				}
-			}
 			
-			//create string with voices
-			$voices = $monster->getVoices();
-			$voice_nr = 0;
-			$voice_count = count($voices);
-			$voices_string = '';
-			foreach($voices as $voice) {
-				$voices_string .= '"'.$voice.'"';
-				$voice_nr++;
-				if($voice_count != $voice_nr) {
-					$voices_string .= ", ";
-				}
-			}
 			//load race
 			$race = $monster->getRace();
-			//create monster gfx name
-			//$gfx_name =  str_replace(" ", "", trim(mb_strtolower($name))).".gif";
-			$gfx_name =  trim(mb_strtolower($name)).".gif";
-			//don't add 2 monsters with same name, like Butterfly
-			
+
+			//load monster flags
+			$flags = $monster->getFlags();
 			if(!isset($flags['summonable']))
 				$flags['summonable'] = '0';
 			if(!isset($flags['convinceable']))
 				$flags['convinceable'] = '0';
 			
+			$loot = $monster->getLoot();
+			foreach($loot as &$item) {
+				if(!Validator::number($item['id'])) {
+					if(isset($items[$item['id']])) {
+						$item['id'] = $items[$item['id']];
+					}
+				}
+			}
 			if(!in_array($name, $names_added)) {
 				try {
-					$db->query("INSERT INTO `myaac_monsters` (`hide_creature`, `name`, `mana`, `exp`, `health`, `speed_lvl`, `use_haste`, `voices`, `immunities`, `summonable`, `convinceable`, `race`, `gfx_name`, `file_path`) VALUES (0, " . $db->quote($name) . ", " . $db->quote(empty($mana) ? 0 : $mana) . ", " . $db->quote($exp) . ", " . $db->quote($health) . ", " . $db->quote($speed_lvl) . ", " . $db->quote($use_haste) . ", " . $db->quote($voices_string) . ", " . $db->quote($immunities_string) . ", " . $db->quote($flags['summonable'] > 0 ? 1 : 0) . ", " . $db->quote($flags['convinceable'] > 0 ? 1 : 0) . ", ".$db->quote($race).", ".$db->quote($gfx_name).", " . $db->quote(self::$monstersList->currentFile()) . ")");
+					$db->insert(TABLE_PREFIX . 'monsters', array(
+						'name' => $name,
+						'mana' => empty($mana) ? 0 : $mana,
+						'exp' => $monster->getExperience(),
+						'health' => $health,
+						'speed_lvl' => $speed_lvl,
+						'use_haste' => $use_haste,
+						'voices' => json_encode($monster->getVoices()),
+						'immunities' => json_encode($monster->getImmunities()),
+						'summonable' => $flags['summonable'] > 0 ? 1 : 0,
+						'convinceable' => $flags['convinceable'] > 0 ? 1 : 0,
+						'race' => $race,
+						'loot' => json_encode($loot)
+					));
 					
 					if($show) {
-						success("Added: ".$name."<br/>");
+						success('Added: ' . $name . '<br/>');
 					}
 				}
 				catch(PDOException $error) {

system/libs/data.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/forum.php

@@ -0,0 +1,285 @@
+<?php
+/**
+ * Forum class
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+class Forum
+{
+	static public function canPost($account)
+	{
+		global $db, $config;
+		
+		if(!$account->isLoaded() || $account->isBanned())
+			return false;
+		
+		if(self::isModerator())
+			return true;
+		
+		return
+			$db->query(
+				'SELECT `id` FROM `players` WHERE `account_id` = ' . $db->quote($account->getId()) .
+				' AND `level` >= ' . $db->quote($config['forum_level_required']) .
+				' LIMIT 1')->rowCount() > 0;
+	}
+	
+	static public function isModerator() {
+		return hasFlag(FLAG_CONTENT_FORUM) || superAdmin();
+	}
+	
+	static public function add_thread($title, $body, $section_id, $player_id, $account_id, &$errors)
+	{
+		global $db;
+		$thread_id = 0;
+		if($db->insert(TABLE_PREFIX . 'forum', array('first_post' => 0, 'last_post' => time(), 'section' => $section_id, 'replies' => 0, 'views' => 0, 'author_aid' => isset($account_id) ? $account_id : 0, 'author_guid' => isset($player_id) ? $player_id : 0, 'post_text' => $body, 'post_topic' => $title, 'post_smile' => 0, 'post_date' => time(), 'last_edit_aid' => 0, 'edit_date' => 0, 'post_ip' => $_SERVER['REMOTE_ADDR']))) {
+			$thread_id = $db->lastInsertId();
+			$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `first_post`=".(int) $thread_id." WHERE `id` = ".(int) $thread_id);
+		}
+		
+		return $thread_id;
+	}
+	
+	static public function add_post($thread_id, $section, $author_aid, $author_guid, $post_text, $post_topic, $smile)
+	{
+		global $db;
+		$db->insert(TABLE_PREFIX . 'forum', array(
+			'first_post' => $thread_id,
+			'section' => $section,
+			'author_aid' => $author_aid,
+			'author_guid' => $author_guid,
+			'post_text' => $post_text,
+			'post_topic' => $post_topic,
+			'post_smile' => $smile,
+			'post_date' => time(),
+			'post_ip' => $_SERVER['REMOTE_ADDR']
+		));
+	}
+	static public function add_board($name, $description, $access, $guild, &$errors)
+	{
+		global $db;
+		if(isset($name[0]) && isset($description[0]))
+		{
+			$query = $db->select(TABLE_PREFIX . 'forum_boards', array('name' => $name));
+			
+			if($query === false)
+			{
+				$query =
+					$db->query(
+						'SELECT ' . $db->fieldName('ordering') .
+						' FROM ' . $db->tableName(TABLE_PREFIX . 'forum_boards') .
+						' ORDER BY ' . $db->fieldName('ordering') . ' DESC LIMIT 1'
+					);
+				
+				$ordering = 0;
+				if($query->rowCount() > 0) {
+					$query = $query->fetch();
+					$ordering = $query['ordering'] + 1;
+				}
+				$db->insert(TABLE_PREFIX . 'forum_boards', array('name' => $name, 'description' => $description, 'access' => $access, 'guild' => $guild, 'ordering' => $ordering));
+			}
+			else
+				$errors[] = 'Forum board with this name already exists.';
+		}
+		else
+			$errors[] = 'Please fill all inputs.';
+		
+		return !count($errors);
+	}
+	
+	static public function get_board($id) {
+		global $db;
+		return $db->select(TABLE_PREFIX . 'forum_boards', array('id' => $id));
+	}
+	
+	static public function update_board($id, $name, $access, $guild, $description) {
+		global $db;
+		$db->update(TABLE_PREFIX . 'forum_boards', array('name' => $name, 'description' => $description, 'access' => $access, 'guild' => $guild), array('id' => $id));
+	}
+	
+	static public function delete_board($id, &$errors)
+	{
+		global $db;
+		if(isset($id))
+		{
+			if(self::get_board($id) !== false)
+				$db->delete(TABLE_PREFIX . 'forum_boards', array('id' => $id));
+			else
+				$errors[] = 'Forum board with id ' . $id . ' does not exists.';
+		}
+		else
+			$errors[] = 'id not set';
+		
+		return !count($errors);
+	}
+	
+	static public function toggleHidden_board($id, &$errors)
+	{
+		global $db;
+		if(isset($id))
+		{
+			$query = self::get_board($id);
+			if($query !== false)
+				$db->update(TABLE_PREFIX . 'forum_boards', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
+			else
+				$errors[] = 'Forum board with id ' . $id . ' does not exists.';
+		}
+		else
+			$errors[] = 'id not set';
+		
+		return !count($errors);
+	}
+	
+	static public function move_board($id, $i, &$errors)
+	{
+		global $db;
+		$query = self::get_board($id);
+		if($query !== false)
+		{
+			$ordering = $query['ordering'] + $i;
+			$old_record = $db->select(TABLE_PREFIX . 'forum_boards', array('ordering' => $ordering));
+			if($old_record !== false)
+				$db->update(TABLE_PREFIX . 'forum_boards', array('ordering' => $query['ordering']), array('ordering' => $ordering));
+			
+			$db->update(TABLE_PREFIX . 'forum_boards', array('ordering' => $ordering), array('id' => $id));
+		}
+		else
+			$errors[] = 'Forum board with id ' . $id . ' does not exists.';
+		
+		return !count($errors);
+	}
+	
+	public static function parseSmiles($text)
+	{
+		$smileys = array(
+			';D' => 1,
+			':D' => 1,
+			':cool:' => 2,
+			';cool;' => 2,
+			':ekk:' => 3,
+			';ekk;' => 3,
+			';o' => 4,
+			';O' => 4,
+			':o' => 4,
+			':O' => 4,
+			':(' => 5,
+			';(' => 5,
+			':mad:' => 6,
+			';mad;' => 6,
+			';rolleyes;' => 7,
+			':rolleyes:' => 7,
+			':)' => 8,
+			';d' => 9,
+			':d' => 9,
+			';)' => 10
+		);
+		
+		foreach($smileys as $search => $replace)
+			$text = str_replace($search, '<img src="images/forum/smile/'.$replace.'.gif" alt="'. $search .'" title="' . $search . '" />', $text);
+		
+		return $text;
+	}
+	
+	public static function parseBBCode($text, $smiles)
+	{
+		$rows = 0;
+		while(stripos($text, '[code]') !== false && stripos($text, '[/code]') !== false )
+		{
+			$code = substr($text, stripos($text, '[code]')+6, stripos($text, '[/code]') - stripos($text, '[code]') - 6);
+			if(!is_int($rows / 2)) { $bgcolor = 'ABED25'; } else { $bgcolor = '23ED25'; } $rows++;
+			$text = str_ireplace('[code]'.$code.'[/code]', '<i>Code:</i><br /><table cellpadding="0" style="background-color: #'.$bgcolor.'; width: 480px; border-style: dotted; border-color: #CCCCCC; border-width: 2px"><tr><td>'.$code.'</td></tr></table>', $text);
+		}
+		$rows = 0;
+		while(stripos($text, '[quote]') !== false && stripos($text, '[/quote]') !== false )
+		{
+			$quote = substr($text, stripos($text, '[quote]')+7, stripos($text, '[/quote]') - stripos($text, '[quote]') - 7);
+			if(!is_int($rows / 2)) { $bgcolor = 'AAAAAA'; } else { $bgcolor = 'CCCCCC'; } $rows++;
+			$text = str_ireplace('[quote]'.$quote.'[/quote]', '<table cellpadding="0" style="background-color: #'.$bgcolor.'; width: 480px; border-style: dotted; border-color: #007900; border-width: 2px"><tr><td>'.$quote.'</td></tr></table>', $text);
+		}
+		$rows = 0;
+		while(stripos($text, '[url]') !== false && stripos($text, '[/url]') !== false )
+		{
+			$url = substr($text, stripos($text, '[url]')+5, stripos($text, '[/url]') - stripos($text, '[url]') - 5);
+			$text = str_ireplace('[url]'.$url.'[/url]', '<a href="'.$url.'" target="_blank">'.$url.'</a>', $text);
+		}
+		
+		$xhtml = false;
+		$tags = array(
+			'#\[b\](.*?)\[/b\]#si' => ($xhtml ? '<strong>\\1</strong>' : '<b>\\1</b>'),
+			'#\[i\](.*?)\[/i\]#si' => ($xhtml ? '<em>\\1</em>' : '<i>\\1</i>'),
+			'#\[u\](.*?)\[/u\]#si' => ($xhtml ? '<span style="text-decoration: underline;">\\1</span>' : '<u>\\1</u>'),
+			'#\[s\](.*?)\[/s\]#si' => ($xhtml ? '<strike>\\1</strike>' : '<s>\\1</s>'),
+			
+			'#\[guild\](.*?)\[/guild\]#si' => urldecode(generateLink(getGuildLink('$1', false), '$1', true)),
+			'#\[house\](.*?)\[/house\]#si' => urldecode(generateLink(getHouseLink('$1', false), '$1', true)),
+			'#\[player\](.*?)\[/player\]#si' => urldecode(generateLink(getPlayerLink('$1', false), '$1', true)),
+			// TODO: [poll] tag
+			
+			'#\[color=(.*?)\](.*?)\[/color\]#si' => ($xhtml ? '<span style="color: \\1;">\\2</span>' : '<font color="\\1">\\2</font>'),
+			'#\[img\](.*?)\[/img\]#si' => ($xhtml ? '<img src="\\1" border="0" alt="" />' : '<img src="\\1" border="0" alt="">'),
+			'#\[url=(.*?)\](.*?)\[/url\]#si' => '<a href="\\1" title="\\2">\\2</a>',
+//		'#\[email\](.*?)\[/email\]#si' => '<a href="mailto:\\1" title="Email \\1">\\1</a>',
+			'#\[code\](.*?)\[/code\]#si' => '<code>\\1</code>',
+//		'#\[align=(.*?)\](.*?)\[/align\]#si' => ($xhtml ? '<div style="text-align: \\1;">\\2</div>' : '<div align="\\1">\\2</div>'),
+//		'#\[br\]#si' => ($xhtml ? '<br style="clear: both;" />' : '<br>'),
+		);
+		
+		foreach($tags as $search => $replace)
+			$text = preg_replace($search, $replace, $text);
+		
+		return ($smiles == 0 ? Forum::parseSmiles($text) : $text);
+	}
+	
+	public static function showPost($topic, $text, $smiles)
+	{
+		$text = nl2br($text);
+		$post = '';
+		if(!empty($topic))
+			$post .= '<b>'.($smiles == 0 ? self::parseSmiles($topic) : $topic).'</b><hr />';
+		$post .= self::parseBBCode($text, $smiles);
+		return $post;
+	}
+	
+	public static function hasAccess($board_id) {
+		global $sections, $logged, $account_logged, $logged_access;
+		if(!isset($sections[$board_id]))
+			return false;
+		
+		$hasAccess = true;
+		$section = $sections[$board_id];
+		if($section['guild'] > 0) {
+			if($logged) {
+				$guild = new OTS_Guild();
+				$guild->load($section['guild']);
+				$status = false;
+				if($guild->isLoaded()) {
+					$account_players = $account_logged->getPlayers();
+					foreach ($account_players as $player) {
+						if($guild->hasMember($player)) {
+							$status = true;
+						}
+					}
+				}
+				
+				if (!$status) $hasAccess = false;
+			}
+			else {
+				$hasAccess = false;
+			}
+		}
+		
+		if($section['access'] > 0) {
+			if($logged_access < $section['access']) {
+				$hasAccess = false;
+			}
+		}
+		
+		return $hasAccess;
+	}
+}
+?>

system/libs/items.php

@@ -3,264 +3,143 @@
  * Items class
  *
  * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-if ( !function_exists( 'stackId' ) )
-{
-	function stackId( $count )
-	{
-		if ( $count >= 50 )
-			$stack = 8;
-		elseif ( $count >= 25 )
-			$stack = 7;
-		elseif ( $count >= 10 )
-			$stack = 6;
-		elseif ( $count >= 5 )
-			$stack = 5;
-		elseif ( $count >= 4 )
-			$stack = 4;
-		elseif ( $count >= 3 )
-			$stack = 3;
-		elseif ( $count >= 2 )
-			$stack = 2;
-		else
-			$stack = 1;
-
-		return $stack;
-	}
-}
-
 class Items
 {
-	public static $outputDir = '';
-	public static $files = array();
+	private static $error = '';
 
-	private static $otb, $dat, $spr;
-	private static $lastItem;
-	private static $loaded = false;
-
-	public function __destruct()
+	public static function loadFromXML($show = false)
 	{
-		if(self::$otb)
-			fclose(self::$otb);
-		if(self::$dat)
-			fclose(self::$dat);
-		if(self::$spr)
-			fclose(self::$spr);
+		global $config, $db;
+		
+		try {
+			$db->query("DELETE FROM `myaac_items`;");
+		} catch (PDOException $error) {
+		}
+		
+		$file_path = $config['data_path'] . 'items/items.xml';
+		if (!file_exists($file_path)) {
+			self::$error = 'Cannot load file ' . $file_path;
+			return false;
+		}
+		
+		$xml = new DOMDocument;
+		$xml->load($file_path);
+		
+		foreach ($xml->getElementsByTagName('item') as $item) {
+			if ($item->getAttribute('fromid')) {
+				for ($id = $item->getAttribute('fromid'); $id <= $item->getAttribute('toid'); $id++) {
+					self::parseNode($id, $item, $show);
+				}
+			} else
+				self::parseNode($item->getAttribute('id'), $item, $show);
+			
+		}
+		
+		return true;
 	}
-
-	public static function generate($id = 100, $count = 1)
-	{
-		if(!self::$loaded)
-			self::load();
-
-		$originalId = $id;
-		if($id < 100)
-			return false;
-			//die('ID cannot be lower than 100.');
-
-		rewind(self::$otb);
-		rewind(self::$dat);
-		rewind(self::$spr);
-
-		$nostand = false;
-		$init = false;
-		$originalId = $id;
-
-		// parse info from otb
-		while( false !== ( $char = fgetc( self::$otb ) ) )
-		{
-			$byte = HEX_PREFIX.bin2hex( $char );
-
-			if ( $byte == 0xFE )
-				$init = true;
-			elseif ( $byte == 0x10 and $init ) {
-				extract( unpack( 'x2/Ssid', fread( self::$otb, 4 ) ) );
-
-				if ( $id == $sid ) {
-					if ( HEX_PREFIX.bin2hex( fread( self::$otb, 1 ) ) == 0x11 ) {
-						extract( unpack( 'x2/Sid', fread( self::$otb, 4 ) ) );
-						break;
-					}
-				}
-				$init = false;
-			}
+	
+	public static function parseNode($id, $node, $show = false) {
+		global $db;
+		
+		$name = $node->getAttribute('name');
+		$article = $node->getAttribute('article');
+		$plural = $node->getAttribute('plural');
+		
+		$attributes = array();
+		foreach($node->getElementsByTagName('attribute') as $attr) {
+			$attributes[strtolower($attr->getAttribute('key'))] = $attr->getAttribute('value');
 		}
-
-		self::$lastItem = array_sum( unpack( 'x4/S*', fread( self::$dat, 12 )));
-		if($id > self::$lastItem)
-			return false;
-
-		//ini_set('max_execution_time', 300); 
-		// parse info from dat
-		for( $i = 100; $i <= $id; $i++ ) {
-			while( ( $byte = HEX_PREFIX.bin2hex( fgetc( self::$dat ) ) ) != 0xFF ) {
-				$offset = 0;
-				switch( $byte ) {
-					case 0x00:
-					case 0x09:
-					case 0x0A:
-					case 0x1A:
-					case 0x1D:
-					case 0x1E:
-						$offset = 2;
-						break;
-
-					case 0x16:
-					case 0x19:
-						$offset = 4;
-						break;
-
-					case 0x01:
-					case 0x02:
-					case 0x03:
-					case 0x04:
-					case 0x05:
-					case 0x06:
-					case 0x07:
-					case 0x08:
-					case 0x0B:
-					case 0x0C:
-					case 0x0D:
-					case 0x0E:
-					case 0x0F:
-					case 0x10:
-					case 0x11:
-					case 0x12:
-					case 0x13:
-					case 0x14:
-					case 0x15:
-					case 0x17:
-					case 0x18:
-					case 0x1B:
-					case 0x1C:
-					case 0x1F:
-					case 0x20:
-						break;
-
-					default:
-						return false; #trigger_error( sprintf( 'Unknown .DAT byte %s (previous byte: %s; address %x)', $byte, $prev, ftell( $dat ), E_USER_ERROR ) );
-						break;
-				}
-
-				$prev = $byte;
-				fseek( self::$dat, $offset, SEEK_CUR );
+		
+		$exist = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'items` WHERE `id` = ' . $id);
+		if($exist->rowCount() > 0) {
+			if($show) {
+				warning('Duplicated item with id: ' . $id);
 			}
-			extract( unpack( 'Cwidth/Cheight', fread( self::$dat, 2 ) ) );
-
-			if ( $width > 1 or $height > 1 ) {
-				fseek( self::$dat, 1, SEEK_CUR );
-				$nostand = true;
-			}
-
-			$sprites_c = array_product( unpack( 'C*', fread( self::$dat, 5 ) ) ) * $width * $height;
-			$sprites = unpack( 'S*', fread( self::$dat, 2 * $sprites_c ) );
-		}
-
-		if ( array_key_exists( stackId( $count ), $sprites ) ) {
-			$sprites = (array) $sprites[stackId( $count )];
 		}
 		else {
-			$sprites = (array) $sprites[array_rand( $sprites ) ];
+			$db->insert(TABLE_PREFIX . 'items', array('id' => $id, 'article' => $article, 'name' => $name, 'plural' => $plural, 'attributes' => json_encode($attributes)));
 		}
-
-		fseek( self::$spr, 6 );
-
-		$sprite = imagecreatetruecolor( 32 * $width, 32 * $height );
-		imagecolortransparent( $sprite, imagecolorallocate( $sprite, 0, 0, 0 ) );
-
-		foreach( $sprites as $key => $value ) {
-			fseek( self::$spr, 6 + ( $value - 1 ) * 4 );
-			extract( unpack( 'Laddress', fread( self::$spr, 4 ) ) );
-
-			fseek( self::$spr, $address + 3 );
-			extract( unpack( 'Ssize', fread( self::$spr, 2 ) ) );
-
-			list( $num, $bit ) = array( 0, 0 );
-
-			while( $bit < $size ) {
-				$pixels = unpack( 'Strans/Scolored', fread( self::$spr, 4 ) );
-				$num += $pixels['trans'];
-				for( $i = 0; $i < $pixels['colored']; $i++ )
-				{
-					extract( unpack( 'Cred/Cgreen/Cblue', fread( self::$spr, 3 ) ) );
-
-					$red = ( $red == 0 ? ( $green == 0 ? ( $blue == 0 ? 1 : $red ) : $red ) : $red );
-
-					imagesetpixel( $sprite,
-						$num % 32 + ( $key % 2 == 1 ? 32 : 0 ),
-						$num / 32 + ( $key % 4 != 1 and $key % 4 != 0 ? 32 : 0 ),
-						imagecolorallocate( $sprite, $red, $green, $blue ) );
-
-					$num++;
-				}
-
-				$bit += 4 + 3 * $pixels['colored'];
-			}
-		}
-
-		if ( $count >= 2 ) {
-			if ( $count > 100 )
-				$count = 100;
-
-			$font = 3;
-			$length = imagefontwidth( $font ) * strlen( $count );
-
-			$pos = array(
-				'x' => ( 32 * $width ) - ( $length + 1 ),
-				'y' => ( 32 * $height ) - 13
-			);
-			imagestring( $sprite, $font, $pos['x'] - 1, $pos['y'] - 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-			imagestring( $sprite, $font, $pos['x'], $pos['y'] - 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-			imagestring( $sprite, $font, $pos['x'] - 1, $pos['y'], $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-
-			imagestring( $sprite, $font, $pos['x'], $pos['y'] + 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-			imagestring( $sprite, $font, $pos['x'] + 1, $pos['y'], $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-			imagestring( $sprite, $font, $pos['x'] + 1, $pos['y'] + 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
-
-			imagestring( $sprite, $font, $pos['x'], $pos['y'], $count, imagecolorallocate( $sprite, 219, 219, 219 ) );
-		}
-
-		$imagePath = self::$outputDir . ($count > 1 ? $originalId . '-' . $count : $originalId ) . '.gif';
-
-		// save image
-		imagegif($sprite, $imagePath);
 	}
-
-	public static function load()
-	{
-		if(!defined( 'HEX_PREFIX'))
-			define('HEX_PREFIX', '0x');
-
-		self::$otb = fopen(self::$files['otb'], 'rb');
-		self::$dat = fopen(self::$files['dat'], 'rb');
-		self::$spr = fopen(self::$files['spr'], 'rb');
-
-		if(!self::$otb || !self::$dat || !self::$spr)
-			die('ERROR: Cannot load data files.');
-		/*
-		if ( $nostand )
-		{
-			for( $i = 0; $i < sizeof( $sprites ) / 4; $i++ )
-			{
-				$sprites = array_merge( (array) $sprites, array_reverse( array_slice( $sprites, $i * 4, 4 ) ) );
+	
+	public static function getError() {
+		return self::$error;
+	}
+	
+	public static function getItem($id) {
+		global $db;
+		
+		$item = $db->select(TABLE_PREFIX . 'items', array('id' => $id));
+		$item['attributes'] = json_decode($item['attributes']);
+		
+		return $item;
+	}
+	
+	public static function getDescription($id, $count = 1) {
+		global $config, $db;
+		
+		$item = self::getItem($id);
+		
+		$attr = $item['attributes'];
+		$s = '';
+		if(!empty($item['name'])) {
+			if($count > 1) {
+				if($attr['showcount']) {
+					$s .= $count . ' ';
+				}
+				
+				if(!empty($item['plural'])) {
+					$s .= $item['plural'];
+				}
+				else if((int)$attr['showcount'] == 0) {
+					$s .= $item['name'];
+				}
+				else {
+					$s .= $item['name'] . 's';
+				}
+			}
+			else {
+				if(!empty($item['aticle'])) {
+					$s .= $item['article'] . ' ';
+				}
+				
+				$s .= $item['name'];
 			}
 		}
 		else
-		{
-			$sprites = (array) $sprites[array_rand( $sprites ) ];
+			$s .= 'an item of type ' . $item['id'];
+		
+		if(strtolower($attr['type']) == 'rune') {
+			$query = $db->query('SELECT `level`, `maglevel`, `vocations` FROM `' . TABLE_PREFIX . 'spells` WHERE `item_id` = ' . $id);
+			if($query->rowCount() == 1) {
+				$query = $query->fetch();
+				
+				if($query['level'] > 0 && $query['maglevel'] > 0) {
+					$s .= '. ' . ($count > 1 ? "They" : "It") . ' can only be used by ';
+				}
+				
+				if(!empty(trim($query['vocations']))) {
+					$vocations = json_decode($query['vocations']);
+					if(count($vocations) > 0) {
+						foreach($vocations as $voc => $show) {
+							$vocations[$config['vocations'][$voc]] = $show;
+						}
+					}
+				}
+				else {
+					$s .= 'players';
+				}
+			
+				$s .= ' with';
+				
+			}
 		}
-		*/
-
-		self::$loaded = true;
+		return $s;
 	}
-
-	public static function loaded() {
-		return self::$loaded;
-	}
-}
+}

system/libs/items_images.php

@@ -0,0 +1,265 @@
+<?php
+/**
+ * Items_Images class
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+if ( !function_exists( 'stackId' ) )
+{
+	function stackId( $count )
+	{
+		if ( $count >= 50 )
+			$stack = 8;
+		elseif ( $count >= 25 )
+			$stack = 7;
+		elseif ( $count >= 10 )
+			$stack = 6;
+		elseif ( $count >= 5 )
+			$stack = 5;
+		elseif ( $count >= 4 )
+			$stack = 4;
+		elseif ( $count >= 3 )
+			$stack = 3;
+		elseif ( $count >= 2 )
+			$stack = 2;
+		else
+			$stack = 1;
+
+		return $stack;
+	}
+}
+
+class Items_Images
+{
+	public static $outputDir = '';
+	public static $files = array();
+
+	private static $otb, $dat, $spr;
+	private static $lastItem;
+	private static $loaded = false;
+
+	public function __destruct()
+	{
+		if(self::$otb)
+			fclose(self::$otb);
+		if(self::$dat)
+			fclose(self::$dat);
+		if(self::$spr)
+			fclose(self::$spr);
+	}
+
+	public static function generate($id = 100, $count = 1)
+	{
+		if(!self::$loaded)
+			self::load();
+
+		$originalId = $id;
+		if($id < 100)
+			return false;
+			//die('ID cannot be lower than 100.');
+
+		rewind(self::$otb);
+		rewind(self::$dat);
+		rewind(self::$spr);
+
+		$nostand = false;
+		$init = false;
+		$originalId = $id;
+
+		// parse info from otb
+		while( false !== ( $char = fgetc( self::$otb ) ) )
+		{
+			$byte = HEX_PREFIX.bin2hex( $char );
+
+			if ( $byte == 0xFE )
+				$init = true;
+			elseif ( $byte == 0x10 and $init ) {
+				extract( unpack( 'x2/Ssid', fread( self::$otb, 4 ) ) );
+
+				if ( $id == $sid ) {
+					if ( HEX_PREFIX.bin2hex( fread( self::$otb, 1 ) ) == 0x11 ) {
+						extract( unpack( 'x2/Sid', fread( self::$otb, 4 ) ) );
+						break;
+					}
+				}
+				$init = false;
+			}
+		}
+
+		self::$lastItem = array_sum( unpack( 'x4/S*', fread( self::$dat, 12 )));
+		if($id > self::$lastItem)
+			return false;
+
+		//ini_set('max_execution_time', 300); 
+		// parse info from dat
+		for( $i = 100; $i <= $id; $i++ ) {
+			while( ( $byte = HEX_PREFIX.bin2hex( fgetc( self::$dat ) ) ) != 0xFF ) {
+				$offset = 0;
+				switch( $byte ) {
+					case 0x00:
+					case 0x09:
+					case 0x0A:
+					case 0x1A:
+					case 0x1D:
+					case 0x1E:
+						$offset = 2;
+						break;
+
+					case 0x16:
+					case 0x19:
+						$offset = 4;
+						break;
+
+					case 0x01:
+					case 0x02:
+					case 0x03:
+					case 0x04:
+					case 0x05:
+					case 0x06:
+					case 0x07:
+					case 0x08:
+					case 0x0B:
+					case 0x0C:
+					case 0x0D:
+					case 0x0E:
+					case 0x0F:
+					case 0x10:
+					case 0x11:
+					case 0x12:
+					case 0x13:
+					case 0x14:
+					case 0x15:
+					case 0x17:
+					case 0x18:
+					case 0x1B:
+					case 0x1C:
+					case 0x1F:
+					case 0x20:
+						break;
+
+					default:
+						return false; #trigger_error( sprintf( 'Unknown .DAT byte %s (previous byte: %s; address %x)', $byte, $prev, ftell( $dat ), E_USER_ERROR ) );
+						break;
+				}
+
+				$prev = $byte;
+				fseek( self::$dat, $offset, SEEK_CUR );
+			}
+			extract( unpack( 'Cwidth/Cheight', fread( self::$dat, 2 ) ) );
+
+			if ( $width > 1 or $height > 1 ) {
+				fseek( self::$dat, 1, SEEK_CUR );
+				$nostand = true;
+			}
+
+			$sprites_c = array_product( unpack( 'C*', fread( self::$dat, 5 ) ) ) * $width * $height;
+			$sprites = unpack( 'S*', fread( self::$dat, 2 * $sprites_c ) );
+		}
+
+		if ( array_key_exists( stackId( $count ), $sprites ) ) {
+			$sprites = (array) $sprites[stackId( $count )];
+		}
+		else {
+			$sprites = (array) $sprites[array_rand( $sprites ) ];
+		}
+
+		fseek( self::$spr, 6 );
+
+		$sprite = imagecreatetruecolor( 32 * $width, 32 * $height );
+		imagecolortransparent( $sprite, imagecolorallocate( $sprite, 0, 0, 0 ) );
+
+		foreach( $sprites as $key => $value ) {
+			fseek( self::$spr, 6 + ( $value - 1 ) * 4 );
+			extract( unpack( 'Laddress', fread( self::$spr, 4 ) ) );
+
+			fseek( self::$spr, $address + 3 );
+			extract( unpack( 'Ssize', fread( self::$spr, 2 ) ) );
+
+			list( $num, $bit ) = array( 0, 0 );
+
+			while( $bit < $size ) {
+				$pixels = unpack( 'Strans/Scolored', fread( self::$spr, 4 ) );
+				$num += $pixels['trans'];
+				for( $i = 0; $i < $pixels['colored']; $i++ )
+				{
+					extract( unpack( 'Cred/Cgreen/Cblue', fread( self::$spr, 3 ) ) );
+
+					$red = ( $red == 0 ? ( $green == 0 ? ( $blue == 0 ? 1 : $red ) : $red ) : $red );
+
+					imagesetpixel( $sprite,
+						$num % 32 + ( $key % 2 == 1 ? 32 : 0 ),
+						$num / 32 + ( $key % 4 != 1 and $key % 4 != 0 ? 32 : 0 ),
+						imagecolorallocate( $sprite, $red, $green, $blue ) );
+
+					$num++;
+				}
+
+				$bit += 4 + 3 * $pixels['colored'];
+			}
+		}
+
+		if ( $count >= 2 ) {
+			if ( $count > 100 )
+				$count = 100;
+
+			$font = 3;
+			$length = imagefontwidth( $font ) * strlen( $count );
+
+			$pos = array(
+				'x' => ( 32 * $width ) - ( $length + 1 ),
+				'y' => ( 32 * $height ) - 13
+			);
+			imagestring( $sprite, $font, $pos['x'] - 1, $pos['y'] - 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
+			imagestring( $sprite, $font, $pos['x'], $pos['y'] - 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
+			imagestring( $sprite, $font, $pos['x'] - 1, $pos['y'], $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
+
+			imagestring( $sprite, $font, $pos['x'], $pos['y'] + 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
+			imagestring( $sprite, $font, $pos['x'] + 1, $pos['y'], $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
+			imagestring( $sprite, $font, $pos['x'] + 1, $pos['y'] + 1, $count, imagecolorallocate( $sprite, 1, 1, 1 ) );
+
+			imagestring( $sprite, $font, $pos['x'], $pos['y'], $count, imagecolorallocate( $sprite, 219, 219, 219 ) );
+		}
+
+		$imagePath = self::$outputDir . ($count > 1 ? $originalId . '-' . $count : $originalId ) . '.gif';
+
+		// save image
+		imagegif($sprite, $imagePath);
+	}
+
+	public static function load()
+	{
+		if(!defined( 'HEX_PREFIX'))
+			define('HEX_PREFIX', '0x');
+
+		self::$otb = fopen(self::$files['otb'], 'rb');
+		self::$dat = fopen(self::$files['dat'], 'rb');
+		self::$spr = fopen(self::$files['spr'], 'rb');
+
+		if(!self::$otb || !self::$dat || !self::$spr)
+			die('ERROR: Cannot load data files.');
+		/*
+		if ( $nostand )
+		{
+			for( $i = 0; $i < sizeof( $sprites ) / 4; $i++ )
+			{
+				$sprites = array_merge( (array) $sprites, array_reverse( array_slice( $sprites, $i * 4, 4 ) ) );
+			}
+		}
+		else
+		{
+			$sprites = (array) $sprites[array_rand( $sprites ) ];
+		}
+		*/
+
+		self::$loaded = true;
+	}
+
+	public static function loaded() {
+		return self::$loaded;
+	}
+}

system/libs/phpmailer/class.phpmailer.php

@@ -31,7 +31,7 @@ class PHPMailer
      * The PHPMailer Version number.
      * @var string
      */
-    public $Version = '5.2.23';
+    public $Version = '5.2.26';
 
     /**
      * Email priority.
@@ -440,9 +440,9 @@ class PHPMailer
      *
      * Parameters:
      *   boolean $result        result of the send action
-     *   string  $to            email address of the recipient
-     *   string  $cc            cc email addresses
-     *   string  $bcc           bcc email addresses
+     *   array   $to            email addresses of the recipients
+     *   array   $cc            cc email addresses
+     *   array   $bcc           bcc email addresses
      *   string  $subject       the subject
      *   string  $body          the email body
      *   string  $from          email address of sender
@@ -659,6 +659,8 @@ class PHPMailer
         if ($exceptions !== null) {
             $this->exceptions = (boolean)$exceptions;
         }
+        //Pick an appropriate debug output format automatically
+        $this->Debugoutput = (strpos(PHP_SAPI, 'cli') !== false ? 'echo' : 'html');
     }
 
     /**
@@ -1622,8 +1624,13 @@ class PHPMailer
 
         foreach ($hosts as $hostentry) {
             $hostinfo = array();
-            if (!preg_match('/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*):?([0-9]*)$/', trim($hostentry), $hostinfo)) {
+            if (!preg_match(
+                '/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*|\[[a-fA-F0-9:]+\]):?([0-9]*)$/',
+                trim($hostentry),
+                $hostinfo
+            )) {
                 // Not a valid host entry
+                $this->edebug('Ignoring invalid host: ' . $hostentry);
                 continue;
             }
             // $hostinfo[2]: optional ssl or tls prefix
@@ -1742,6 +1749,7 @@ class PHPMailer
             'dk' => 'da',
             'no' => 'nb',
             'se' => 'sv',
+            'sr' => 'rs'
         );
 
         if (isset($renamed_langcodes[$langcode])) {
@@ -2024,10 +2032,7 @@ class PHPMailer
     {
         $result = '';
 
-        if ($this->MessageDate == '') {
-            $this->MessageDate = self::rfcDate();
-        }
-        $result .= $this->headerLine('Date', $this->MessageDate);
+        $result .= $this->headerLine('Date', $this->MessageDate == '' ? self::rfcDate() : $this->MessageDate);
 
         // To be created automatically by mail()
         if ($this->SingleTo) {
@@ -4033,7 +4038,7 @@ class phpmailerException extends Exception
      */
     public function errorMessage()
     {
-        $errorMsg = '<strong>' . $this->getMessage() . "</strong><br />\n";
+        $errorMsg = '<strong>' . htmlspecialchars($this->getMessage()) . "</strong><br />\n";
         return $errorMsg;
     }
 }

system/libs/phpmailer/class.pop3.php

@@ -34,7 +34,7 @@ class POP3
      * @var string
      * @access public
      */
-    public $Version = '5.2.23';
+    public $Version = '5.2.26';
 
     /**
      * Default POP3 port number.

system/libs/phpmailer/class.smtp.php

@@ -30,7 +30,7 @@ class SMTP
      * The PHPMailer SMTP version number.
      * @var string
      */
-    const VERSION = '5.2.23';
+    const VERSION = '5.2.26';
 
     /**
      * SMTP line break constant.
@@ -81,7 +81,7 @@ class SMTP
      * @deprecated Use the `VERSION` constant instead
      * @see SMTP::VERSION
      */
-    public $Version = '5.2.23';
+    public $Version = '5.2.26';
 
     /**
      * SMTP server port number.
@@ -151,9 +151,8 @@ class SMTP
     public $Timelimit = 300;
 
     /**
-     * @var array patterns to extract smtp transaction id from smtp reply
-     * Only first capture group will be use, use non-capturing group to deal with it
-     * Extend this class to override this property to fulfil your needs.
+     * @var array Patterns to extract an SMTP transaction id from reply to a DATA command.
+     * The first capture group in each regex will be used as the ID.
      */
     protected $smtp_transaction_id_patterns = array(
         'exim' => '/[0-9]{3} OK id=(.*)/',
@@ -161,6 +160,12 @@ class SMTP
         'postfix' => '/[0-9]{3} 2.0.0 Ok: queued as (.*)/'
     );
 
+    /**
+     * @var string The last transaction ID issued in response to a DATA command,
+     * if one was detected
+     */
+    protected $last_smtp_transaction_id;
+
     /**
      * The socket for the server connection.
      * @var resource
@@ -227,7 +232,7 @@ class SMTP
                 break;
             case 'html':
                 //Cleans up output a bit for a better looking, HTML-safe output
-                echo htmlentities(
+                echo gmdate('Y-m-d H:i:s') . ' ' . htmlentities(
                     preg_replace('/[\r\n]+/', '', $str),
                     ENT_QUOTES,
                     'UTF-8'
@@ -709,6 +714,7 @@ class SMTP
         $savetimelimit = $this->Timelimit;
         $this->Timelimit = $this->Timelimit * 2;
         $result = $this->sendCommand('DATA END', '.', 250);
+        $this->recordLastTransactionID();
         //Restore timelimit
         $this->Timelimit = $savetimelimit;
         return $result;
@@ -989,7 +995,10 @@ class SMTP
     public function client_send($data)
     {
         $this->edebug("CLIENT -> SERVER: $data", self::DEBUG_CLIENT);
-        return fwrite($this->smtp_conn, $data);
+        set_error_handler(array($this, 'errorHandler'));
+        $result = fwrite($this->smtp_conn, $data);
+        restore_error_handler();
+        return $result;
     }
 
     /**
@@ -1089,8 +1098,10 @@ class SMTP
             $this->edebug("SMTP -> get_lines(): \$data is \"$data\"", self::DEBUG_LOWLEVEL);
             $this->edebug("SMTP -> get_lines(): \$str is  \"$str\"", self::DEBUG_LOWLEVEL);
             $data .= $str;
-            // If 4th character is a space, we are done reading, break the loop, micro-optimisation over strlen
-            if ((isset($str[3]) and $str[3] == ' ')) {
+            // If response is only 3 chars (not valid, but RFC5321 S4.2 says it must be handled),
+            // or 4th character is a space, we are done reading, break the loop,
+            // string array access is a micro-optimisation over strlen
+            if (!isset($str[3]) or (isset($str[3]) and $str[3] == ' ')) {
                 break;
             }
             // Timed-out? Log and break
@@ -1226,26 +1237,40 @@ class SMTP
     }
 
     /**
-     * Will return the ID of the last smtp transaction based on a list of patterns provided
-     * in SMTP::$smtp_transaction_id_patterns.
+     * Extract and return the ID of the last SMTP transaction based on
+     * a list of patterns provided in SMTP::$smtp_transaction_id_patterns.
+     * Relies on the host providing the ID in response to a DATA command.
      * If no reply has been received yet, it will return null.
-     * If no pattern has been matched, it will return false.
+     * If no pattern was matched, it will return false.
      * @return bool|null|string
      */
-    public function getLastTransactionID()
+    protected function recordLastTransactionID()
     {
         $reply = $this->getLastReply();
 
         if (empty($reply)) {
-            return null;
-        }
-
-        foreach ($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) {
-            if (preg_match($smtp_transaction_id_pattern, $reply, $matches)) {
-                return $matches[1];
+            $this->last_smtp_transaction_id = null;
+        } else {
+            $this->last_smtp_transaction_id = false;
+            foreach ($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) {
+                if (preg_match($smtp_transaction_id_pattern, $reply, $matches)) {
+                    $this->last_smtp_transaction_id = $matches[1];
+                }
             }
         }
 
-        return false;
+        return $this->last_smtp_transaction_id;
+    }
+
+    /**
+     * Get the queue/transaction ID of the last SMTP transaction
+     * If no reply has been received yet, it will return null.
+     * If no pattern was matched, it will return false.
+     * @return bool|null|string
+     * @see recordLastTransactionID()
+     */
+    public function getLastTransactionID()
+    {
+        return $this->last_smtp_transaction_id;
     }
 }

system/libs/phpmailer/language/phpmailer.lang-ba.php

@@ -0,0 +1,26 @@
+<?php
+/**
+ * Bosnian PHPMailer language file: refer to English translation for definitive list
+ * @package PHPMailer
+ * @author Ermin Islamagić <ermin@islamagic.com>
+ */
+
+$PHPMAILER_LANG['authenticate']         = 'SMTP Greška: Neuspjela prijava.';
+$PHPMAILER_LANG['connect_host']         = 'SMTP Greška: Ne moguće se spojiti sa SMTP serverom.';
+$PHPMAILER_LANG['data_not_accepted']    = 'SMTP Greška: Podatci nisu prihvaćeni.';
+$PHPMAILER_LANG['empty_message']        = 'Sadržaj poruke je prazan.';
+$PHPMAILER_LANG['encoding']             = 'Nepoznata kriptografija: ';
+$PHPMAILER_LANG['execute']              = 'Nije moguće izvršiti naredbu: ';
+$PHPMAILER_LANG['file_access']          = 'Nije moguće pristupiti datoteci: ';
+$PHPMAILER_LANG['file_open']            = 'Nije moguće otvoriti datoteku: ';
+$PHPMAILER_LANG['from_failed']          = 'SMTP Greška: Slanje sa navedenih e-mail adresa nije uspjelo: ';
+$PHPMAILER_LANG['recipients_failed']    = 'SMTP Greška: Slanje na navedene e-mail adrese nije uspjelo: ';
+$PHPMAILER_LANG['instantiate']          = 'Ne mogu pokrenuti mail funkcionalnost.';
+$PHPMAILER_LANG['invalid_address']      = 'E-mail nije poslan. Neispravna e-mail adresa: ';
+$PHPMAILER_LANG['mailer_not_supported'] = ' mailer nije podržan.';
+$PHPMAILER_LANG['provide_address']      = 'Definišite barem jednu adresu primaoca.';
+$PHPMAILER_LANG['signing']              = 'Greška prilikom prijave: ';
+$PHPMAILER_LANG['smtp_connect_failed']  = 'Spajanje na SMTP server nije uspjelo.';
+$PHPMAILER_LANG['smtp_error']           = 'SMTP greška: ';
+$PHPMAILER_LANG['variable_set']         = 'Nije moguće postaviti varijablu ili je vratiti nazad: ';
+$PHPMAILER_LANG['extension_missing']    = 'Nedostaje ekstenzija: ';

system/libs/phpmailer/language/phpmailer.lang-nb.php

@@ -1,25 +1,25 @@
 <?php
 /**
- * Norwegian PHPMailer language file: refer to English translation for definitive list
+ * Norwegian Bokmål PHPMailer language file: refer to English translation for definitive list
  * @package PHPMailer
  */
 
 $PHPMAILER_LANG['authenticate']         = 'SMTP Feil: Kunne ikke autentisere.';
 $PHPMAILER_LANG['connect_host']         = 'SMTP Feil: Kunne ikke koble til SMTP tjener.';
-$PHPMAILER_LANG['data_not_accepted']    = 'SMTP Feil: Data ble ikke akseptert.';
-$PHPMAILER_LANG['empty_message']        = 'Meldingsinnholdet er tomt';
-$PHPMAILER_LANG['encoding']             = 'Ukjent tegnkoding: ';
+$PHPMAILER_LANG['data_not_accepted']    = 'SMTP Feil: Datainnhold ikke akseptert.';
+$PHPMAILER_LANG['empty_message']        = 'Melding kropp tomt';
+$PHPMAILER_LANG['encoding']             = 'Ukjent koding: ';
 $PHPMAILER_LANG['execute']              = 'Kunne ikke utføre: ';
 $PHPMAILER_LANG['file_access']          = 'Får ikke tilgang til filen: ';
-$PHPMAILER_LANG['file_open']            = 'Fil feil: Kunne ikke åpne filen: ';
-$PHPMAILER_LANG['from_failed']          = 'Følgende avsenderadresse feilet: ';
-$PHPMAILER_LANG['instantiate']          = 'Kunne ikke initialisere mailfunksjonen.';
-$PHPMAILER_LANG['invalid_address']      = 'Meldingen ble ikke sendt, følgende adresse er ugyldig: ';
-$PHPMAILER_LANG['provide_address']      = 'Du må angi minst en mottakeradresse.';
-$PHPMAILER_LANG['mailer_not_supported'] = ' mailer er ikke supportert.';
-$PHPMAILER_LANG['recipients_failed']    = 'SMTP Feil: Følgende mottagere feilet: ';
-$PHPMAILER_LANG['signing']              = 'Signeringsfeil: ';
-$PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP Connect() feilet.';
-$PHPMAILER_LANG['smtp_error']           = 'SMTP-serverfeil: ';
-$PHPMAILER_LANG['variable_set']         = 'Kan ikke sette eller resette variabelen: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['file_open']            = 'Fil Feil: Kunne ikke åpne filen: ';
+$PHPMAILER_LANG['from_failed']          = 'Følgende Frå adresse feilet: ';
+$PHPMAILER_LANG['instantiate']          = 'Kunne ikke initialisere post funksjon.';
+$PHPMAILER_LANG['invalid_address']      = 'Ugyldig adresse: ';
+$PHPMAILER_LANG['mailer_not_supported'] = ' sender er ikke støttet.';
+$PHPMAILER_LANG['provide_address']      = 'Du må opppgi minst en mottakeradresse.';
+$PHPMAILER_LANG['recipients_failed']    = 'SMTP Feil: Følgende mottakeradresse feilet: ';
+$PHPMAILER_LANG['signing']              = 'Signering Feil: ';
+$PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP connect() feilet.';
+$PHPMAILER_LANG['smtp_error']           = 'SMTP server feil: ';
+$PHPMAILER_LANG['variable_set']         = 'Kan ikke skrive eller omskrive variabel: ';
+$PHPMAILER_LANG['extension_missing']    = 'Utvidelse mangler: ';

system/libs/phpmailer/language/phpmailer.lang-pt_br.php

@@ -5,6 +5,7 @@
  * @author Paulo Henrique Garcia <paulo@controllerweb.com.br>
  * @author Lucas Guimarães <lucas@lucasguimaraes.com>
  * @author Phelipe Alves <phelipealvesdesouza@gmail.com>
+ * @author Fabio Beneditto <fabiobeneditto@gmail.com>
  */
 
 $PHPMAILER_LANG['authenticate']         = 'Erro de SMTP: Não foi possível autenticar.';
@@ -15,7 +16,7 @@ $PHPMAILER_LANG['encoding']             = 'Codificação desconhecida: ';
 $PHPMAILER_LANG['execute']              = 'Não foi possível executar: ';
 $PHPMAILER_LANG['file_access']          = 'Não foi possível acessar o arquivo: ';
 $PHPMAILER_LANG['file_open']            = 'Erro de Arquivo: Não foi possível abrir o arquivo: ';
-$PHPMAILER_LANG['from_failed']          = 'Os seguintes remententes falharam: ';
+$PHPMAILER_LANG['from_failed']          = 'Os seguintes remetentes falharam: ';
 $PHPMAILER_LANG['instantiate']          = 'Não foi possível instanciar a função mail.';
 $PHPMAILER_LANG['invalid_address']      = 'Endereço de e-mail inválido: ';
 $PHPMAILER_LANG['mailer_not_supported'] = ' mailer não é suportado.';

system/libs/phpmailer/language/phpmailer.lang-rs.php

@@ -23,4 +23,4 @@ $PHPMAILER_LANG['signing']              = 'Грешка приликом при
 $PHPMAILER_LANG['smtp_connect_failed']  = 'Повезивање са SMTP сервером није успело.';
 $PHPMAILER_LANG['smtp_error']           = 'Грешка SMTP сервера: ';
 $PHPMAILER_LANG['variable_set']         = 'Није могуће задати променљиву, нити је вратити уназад: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = 'Недостаје проширење: ';

system/libs/phpmailer/language/phpmailer.lang-tr.php

@@ -6,6 +6,7 @@
  * @author Can Yılmaz
  * @author Mehmet Benlioğlu
  * @author @yasinaydin
+ * @author Ogün Karakuş
  */
 
 $PHPMAILER_LANG['authenticate']         = 'SMTP Hatası: Oturum açılamadı.';
@@ -26,4 +27,4 @@ $PHPMAILER_LANG['signing']              = 'İmzalama hatası: ';
 $PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP connect() fonksiyonu başarısız.';
 $PHPMAILER_LANG['smtp_error']           = 'SMTP sunucu hatası: ';
 $PHPMAILER_LANG['variable_set']         = 'Değişken ayarlanamadı ya da sıfırlanamadı: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = 'Eklenti bulunamadı: ';

system/libs/phpmailer/language/phpmailer.lang-zh_cn.php

@@ -4,13 +4,14 @@
  * @package PHPMailer
  * @author liqwei <liqwei@liqwei.com>
  * @author young <masxy@foxmail.com>
+ * @author Teddysun <i@teddysun.com>
  */
 
 $PHPMAILER_LANG['authenticate']         = 'SMTP 错误：登录失败。';
 $PHPMAILER_LANG['connect_host']         = 'SMTP 错误：无法连接到 SMTP 主机。';
 $PHPMAILER_LANG['data_not_accepted']    = 'SMTP 错误：数据不被接受。';
 $PHPMAILER_LANG['empty_message']        = '邮件正文为空。';
-$PHPMAILER_LANG['encoding']             = '未知编码: ';
+$PHPMAILER_LANG['encoding']             = '未知编码：';
 $PHPMAILER_LANG['execute']              = '无法执行：';
 $PHPMAILER_LANG['file_access']          = '无法访问文件：';
 $PHPMAILER_LANG['file_open']            = '文件错误：无法打开文件：';
@@ -22,6 +23,6 @@ $PHPMAILER_LANG['provide_address']      = '必须提供至少一个收件人地
 $PHPMAILER_LANG['recipients_failed']    = 'SMTP 错误：收件人地址错误：';
 $PHPMAILER_LANG['signing']              = '登录失败：';
 $PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP服务器连接失败。';
-$PHPMAILER_LANG['smtp_error']           = 'SMTP服务器出错: ';
+$PHPMAILER_LANG['smtp_error']           = 'SMTP服务器出错：';
 $PHPMAILER_LANG['variable_set']         = '无法设置或重置变量：';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = '丢失模块 Extension：';

system/libs/plugins.php

@@ -0,0 +1,211 @@
+<?php
+/**
+ * Plugins class
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+class Plugins {
+	private static $warnings = array();
+	private static $error = null;
+	private static $pluginInfo = array();
+	
+	public static function install($file) {
+		global $db, $cache;
+		
+		$zip = new ZipArchive();
+		if($zip->open($file)) {
+			for ($i = 0; $i < $zip->numFiles; $i++) {
+				$tmp = $zip->getNameIndex($i);
+				if(pathinfo($tmp, PATHINFO_DIRNAME) == 'plugins' && pathinfo($tmp, PATHINFO_EXTENSION) == 'json')
+					$json_file = $tmp;
+			}
+			
+			if(!isset($json_file)) {
+				self::$error = 'Cannot find plugin info .json file. Installation is discontinued.';
+				return false;
+			}
+			
+			if($zip->extractTo(BASE)) { // place in the directory with same name
+				$file_name = BASE . $json_file;
+				if(!file_exists($file_name)) {
+					self::$error = "Cannot load " . $file_name . ". File doesn't exist.";
+					return false;
+				}
+				else {
+					$string = file_get_contents($file_name);
+					$plugin = json_decode($string, true);
+					self::$pluginInfo = $plugin;
+					if ($plugin == null) {
+						self::$warnings[] = 'Cannot load ' . $file_name . '. File might be not a valid json code.';
+					}
+					else {
+						$continue = true;
+						
+						if(!isset($plugin['name'])) {
+							self::$warnings[] = 'Plugin "name" tag is not set.';
+						}
+						if(!isset($plugin['description'])) {
+							self::$warnings[] = 'Plugin "description" tag is not set.';
+						}
+						if(!isset($plugin['version'])) {
+							self::$warnings[] = 'Plugin "version" tag is not set.';
+						}
+						if(!isset($plugin['author'])) {
+							self::$warnings[] = 'Plugin "author" tag is not set.';
+						}
+						if(!isset($plugin['contact'])) {
+							self::$warnings[] = 'Plugin "contact" tag is not set.';
+						}
+						
+						if(isset($plugin['require'])) {
+							$require = $plugin['require'];
+							if(isset($require['myaac'])) {
+								$require_myaac = $require['myaac'];
+								if(version_compare(MYAAC_VERSION, $require_myaac, '<')) {
+									self::$warnings[] = "This plugin requires MyAAC version " . $require_myaac . ", you're using version " . MYAAC_VERSION . " - please update.";
+									$continue = false;
+								}
+							}
+							
+							if(isset($require['php'])) {
+								$require_php = $require['php'];
+								if(version_compare(phpversion(), $require_php, '<')) {
+									self::$warnings[] = "This plugin requires PHP version " . $require_php . ", you're using version " . phpversion() . " - please update.";
+									$continue = false;
+								}
+							}
+							
+							if(isset($require['database'])) {
+								$require_database = $require['database'];
+								if($require_database < DATABASE_VERSION) {
+									self::$warnings[] = "This plugin requires database version " . $require_database . ", you're using version " . DATABASE_VERSION . " - please update.";
+									$continue = false;
+								}
+							}
+						}
+						
+						if($continue) {
+							if (isset($plugin['install'])) {
+								if (file_exists(BASE . $plugin['install']))
+									require(BASE . $plugin['install']);
+								else
+									self::$warnings[] = 'Cannot load install script. Your plugin might be not working correctly.';
+							}
+							
+							if (isset($plugin['hooks'])) {
+								foreach ($plugin['hooks'] as $_name => $info) {
+									if (defined('HOOK_'. $info['type'])) {
+										$hook = constant('HOOK_'. $info['type']);
+										$query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'hooks` WHERE `name` = ' . $db->quote($_name) . ';');
+										if ($query->rowCount() == 1) { // found something
+											$query = $query->fetch();
+											$db->update(TABLE_PREFIX . 'hooks', array('type' => $hook, 'file' => $info['file']), array('id' => (int)$query['id']));
+										} else {
+											$db->insert(TABLE_PREFIX . 'hooks', array('id' => null, 'name' => $_name, 'type' => $hook, 'file' => $info['file']));
+										}
+									} else
+										self::$warnings[] = 'Unknown event type: ' . $info['type'];
+								}
+							}
+							
+							if($cache->enabled()) {
+								$cache->delete('templates');
+							}
+							
+							$zip->close();
+							return true;
+						}
+					}
+				}
+			}
+			else {
+				self::$error = 'There was a problem with extracting zip archive.';
+			}
+			
+			$zip->close();
+		}
+		else {
+			self::$error = 'There was a problem with opening zip archive.';
+		}
+		
+		return false;
+	}
+	
+	public static function uninstall($plugin_name) {
+		global $cache, $db;
+		
+		$filename = BASE . 'plugins/' . $plugin_name . '.json';
+		if(!file_exists($filename)) {
+			self::$error = 'Plugin ' . $plugin_name . ' does not exist.';
+			return false;
+		}
+		else {
+			$string = file_get_contents($filename);
+			$plugin_info = json_decode($string, true);
+			if($plugin_info == false) {
+				self::$error = 'Cannot load plugin info ' . $plugin_name . '.json';
+				return false;
+			}
+			else {
+				if(!isset($plugin_info['uninstall'])) {
+					self::$error = "Plugin doesn't have uninstall options defined. Skipping...";
+					return false;
+				}
+				else {
+					$success = true;
+					foreach($plugin_info['uninstall'] as $file) {
+						$file = BASE . $file;
+						if(!deleteDirectory($file)) {
+							$success = false;
+						}
+					}
+					
+					if (isset($plugin_info['hooks'])) {
+						foreach ($plugin_info['hooks'] as $_name => $info) {
+							if (defined('HOOK_'. $info['type'])) {
+								$hook = constant('HOOK_'. $info['type']);
+								$query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'hooks` WHERE `name` = ' . $db->quote($_name) . ';');
+								if ($query->rowCount() == 1) { // found something
+									$query = $query->fetch();
+									$db->delete(TABLE_PREFIX . 'hooks', array('id' => (int)$query['id']));
+								}
+							} else
+								self::$warnings[] = 'Unknown event type: ' . $info['type'];
+						}
+					}
+					
+					if($success) {
+						if($cache->enabled()) {
+							$cache->delete('templates');
+						}
+						
+						return true;
+					}
+					else {
+						self::$error = error_get_last();
+					}
+				}
+			}
+		}
+		
+		return false;
+	}
+	
+	public static function getWarnings() {
+		return self::$warnings;
+	}
+	
+	public static function getError() {
+		return self::$error;
+	}
+	
+	public static function getPluginInfo() {
+		return self::$pluginInfo;
+	}
+}

system/libs/pot/OTS_Account.php

@@ -334,14 +334,17 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
             throw new E_OTS_NotLoaded();
         }
 
+		if(fieldExist('premdays', 'accounts'))
+			return $this->data['premdays'];
+		
         if($this->data['lastday'] == 0)
             return 0;
         
 		return round(($this->data['lastday'] - time()) / (24 * 60 * 60), 3);
         //return $this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday']));
     }
-
-    public function getLastLogin()
+	
+   public function getLastLogin()
     {
         if( !isset($this->data['lastday']) )
         {
@@ -350,11 +353,14 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 
         return $this->data['lastday'];
     }
-
+	
     public function isPremium()
     {
 		global $config;
         if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return true;
+		if(fieldExist('premdays', 'accounts'))
+			return $this->data['premdays'] > 0;
+	
 		return $this->data['lastday'] > time();
         //return ($this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday'])) > 0);
     }

system/libs/pot/OTS_Guild.php

@@ -74,6 +74,7 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
  * 
  * @version 0.1.3
  */
+/*
     public function __clone()
     {
         unset($this->data['id']);
@@ -90,7 +91,7 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
             $this->requests->__construct($this);
         }
     }
-
+*/
 /**
  * Assigns invites handler.
  * 
@@ -282,6 +283,26 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
         $this->data['ownerid'] = $owner->getId();
     }
 
+    public function hasMember(OTS_Player $player) {
+        global $db;
+	
+        if(!$player || !$player->isLoaded()) {
+            return false;
+        }
+        
+	    $player_rank = $player->getRank();
+	    if(!$player_rank->isLoaded()) {
+	        return false;
+	    }
+	    
+	    foreach($this->getGuildRanksList() as $rank) {
+		    if($rank->getId() == $player_rank->getId()) {
+		        return true;
+            }
+        }
+        
+        return false;
+    }
 /**
  * Guild creation data.
  * 

system/libs/pot/OTS_Monster.php

@@ -194,7 +194,6 @@ class OTS_Monster extends DOMDocument
 
 /**
  * @return array List of item IDs.
- * @deprecated 0.1.0 Use getItems().
  */
     public function getLoot()
     {
@@ -208,13 +207,25 @@ class OTS_Monster extends DOMDocument
             // adds all items
             foreach( $element->getElementsByTagName('item') as $item)
             {
-                $id = $item->getAttribute('id');
-
-                // avoid redundancy
-                if( !in_array($id, $loot) )
-                {
-                    $loot[] = $id;
+	            $chance = $item->getAttribute('chance');
+	            if(empty($chance)) {
+		            $chance = $item->getAttribute('chance1');
+		            if(empty($chance)) {
+		                $chance = 100000;
+                    }
                 }
+                
+                $count = $item->getAttribute('countmax');
+	            if(empty($count)) {
+	                $count = 1;
+                }
+                
+                $id = $item->getAttribute('id');
+                if(empty($id)) {
+                    $id = $item->getAttribute('name');
+                }
+                
+                $loot[] = array('id' => $id, 'count' => $count, 'chance' => $chance);
             }
         }
 

system/libs/pot/OTS_Spell.php

@@ -315,19 +315,50 @@ class OTS_Spell
  */
     public function getVocations()
     {
-        $vocations = array();
+	    global $config;
+	    if(!isset($config['vocation_ids']))
+		    $config['vocations_ids'] = array_flip($config['vocations']);
+	
+	    $vocations = array();
 
         foreach( $this->element->getElementsByTagName('vocation') as $vocation)
         {
-			if($vocation->getAttribute('id') != NULL)
-            	$vocations[] = $vocation->getAttribute('id');
-			else
-				$vocations[] = $vocation->getAttribute('name');
+	        if($vocation->getAttribute('id') != NULL) {
+		        $voc_id = $vocation->getAttribute('id');
+	        }
+	        else {
+		        $voc_id = $config['vocations_ids'][$vocation->getAttribute('name')];
+	        }
+	
+	        $vocations[] = $voc_id;
         }
 
         return $vocations;
     }
-
+	
+	public function getVocationsFull()
+	{
+	    global $config;
+	    if(!isset($config['vocation_ids']))
+	        $config['vocations_ids'] = array_flip($config['vocations']);
+	    
+		$vocations = array();
+		
+		foreach( $this->element->getElementsByTagName('vocation') as $vocation)
+		{
+		    $show = $vocation->getAttribute('showInDescription');
+            if($vocation->getAttribute('id') != NULL) {
+	            $voc_id = $vocation->getAttribute('id');
+            }
+            else {
+                $voc_id = $config['vocations_ids'][$vocation->getAttribute('name')];
+            }
+		    
+		    $vocations[$voc_id] = strlen($show) == 0 || $show != '0';
+		}
+		
+		return $vocations;
+	}
 /**
  * Creates conjure item.
  * 

system/libs/spells.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -25,10 +24,6 @@ class Spells {
 			echo '<h2>All records deleted from table <b>' . TABLE_PREFIX . 'spells</b> in database.</h2>';
 		}
 		
-		foreach($config['vocations'] as $voc_id => $voc_name) {
-			$vocations_ids[$voc_name] = $voc_id;
-		}
-		
 		try {
 			self::$spellsList = new OTS_SpellsList($config['data_path'].'spells/spells.xml');
 		}
@@ -36,6 +31,7 @@ class Spells {
 			self::$lastError = $e->getMessage();
 			return false;
 		}
+		
 		//add conjure spells
 		$conjurelist = self::$spellsList->getConjuresList();
 		if($show) {
@@ -44,49 +40,29 @@ class Spells {
 		
 		foreach($conjurelist as $spellname) {
 			$spell = self::$spellsList->getConjure($spellname);
-			$lvl = $spell->getLevel();
-			$mlvl = $spell->getMagicLevel();
-			$mana = $spell->getMana();
 			$name = $spell->getName();
-			$soul = $spell->getSoul();
-			$spell_txt = $spell->getWords();
-			$vocations = $spell->getVocations();
-			$nr_of_vocations = count($vocations);
-			$vocations_to_db = "";
-			$voc_nr = 0;
-			foreach($vocations as $vocation_to_add) {
-				if(Validator::number($vocation_to_add)) {
-					$vocations_to_db .= $vocation_to_add;
-				}
-				else
-					$vocations_to_db .= $vocations_ids[$vocation_to_add];
-				$voc_nr++;
-				
-				if($voc_nr != $nr_of_vocations) {
-					$vocations_to_db .= ',';
-				}
-			}
 			
-			$enabled = $spell->isEnabled();
-			if($enabled) {
-				$hide_spell = 0;
-			}
-			else {
-				$hide_spell = 1;
-			}
-			$pacc = $spell->isPremium();
-			if($pacc) {
-				$pacc = '1';
-			}
-			else {
-				$pacc = '0';
-			}
-			$type = 2;
-			$count = $spell->getConjureCount();
+			$words = $spell->getWords();
+			if(strpos($words, '#') !== false)
+				continue;
+			
 			try {
-				$db->query('INSERT INTO myaac_spells (spell, name, words, type, mana, level, maglevel, soul, premium, vocations, conjure_count, hidden) VALUES (' . $db->quote($spell_txt) . ', ' . $db->quote($name) . ', ' . $db->quote($spell_txt) . ', ' . $db->quote($type) . ', ' . $db->quote($mana) . ', ' . $db->quote($lvl) . ', ' . $db->quote($mlvl) . ', ' . $db->quote($soul) . ', ' . $db->quote($pacc) . ', ' . $db->quote($vocations_to_db) . ', ' . $db->quote($count) . ', ' . $db->quote($hide_spell) . ')');
+				$db->insert(TABLE_PREFIX . 'spells', array(
+					'name' => $name,
+					'words' => $words,
+					'type' => 2,
+					'mana' => $spell->getMana(),
+					'level' => $spell->getLevel(),
+					'maglevel' => $spell->getMagicLevel(),
+					'soul' => $spell->getSoul(),
+					'premium' => $spell->isPremium() ? 1 : 0,
+					'vocations' => json_encode($spell->getVocations()),
+					'conjure_count' => $spell->getConjureCount(),
+					'hidden' => $spell->isEnabled() ? 0 : 1
+				));
+
 				if($show) {
-					success("Added: " . $name . "<br>");
+					success('Added: ' . $name . '<br/>');
 				}
 			}
 			catch(PDOException $error) {
@@ -96,7 +72,7 @@ class Spells {
 			}
 		}
 		
-		//add instant spells
+		// add instant spells
 		$instantlist = self::$spellsList->getInstantsList();
 		if($show) {
 			echo "<h3>Instant:</h3>";
@@ -104,51 +80,67 @@ class Spells {
 		
 		foreach($instantlist as $spellname) {
 			$spell = self::$spellsList->getInstant($spellname);
-			$lvl = $spell->getLevel();
-			$mlvl = $spell->getMagicLevel();
-			$mana = $spell->getMana();
 			$name = $spell->getName();
-			$soul = $spell->getSoul();
-			$spell_txt = $spell->getWords();
-			if(strpos($spell_txt, '###') !== false)
+			
+			$words = $spell->getWords();
+			if(strpos($words, '#') !== false)
 				continue;
 			
-			$vocations = $spell->getVocations();
-			$nr_of_vocations = count($vocations);
-			$vocations_to_db = "";
-			$voc_nr = 0;
-			foreach($vocations as $vocation_to_add) {
-				if(Validator::number($vocation_to_add)) {
-					$vocations_to_db .= $vocation_to_add;
-				}
-				else
-					$vocations_to_db .= $vocations_ids[$vocation_to_add];
-				$voc_nr++;
-				
-				if($voc_nr != $nr_of_vocations) {
-					$vocations_to_db .= ',';
-				}
-			}
-			$enabled = $spell->isEnabled();
-			if($enabled) {
-				$hide_spell = 0;
-			}
-			else {
-				$hide_spell = 1;
-			}
-			$pacc = $spell->isPremium();
-			if($pacc) {
-				$pacc = '1';
-			}
-			else {
-				$pacc = '0';
-			}
-			$type = 1;
-			$count = 0;
 			try {
-				$db->query("INSERT INTO myaac_spells (spell, name, words, type, mana, level, maglevel, soul, premium, vocations, conjure_count, hidden) VALUES (".$db->quote($spell_txt).", ".$db->quote($name).", ".$db->quote($spell_txt).", '".$type."', '".$mana."', '".$lvl."', '".$mlvl."', '".$soul."', '".$pacc."', '".$vocations_to_db."', '".$count."', '".$hide_spell."')");
+				$db->insert(TABLE_PREFIX . 'spells', array(
+					'name' => $name,
+					'words' => $words,
+					'type' => 1,
+					'mana' => $spell->getMana(),
+					'level' => $spell->getLevel(),
+					'maglevel' => $spell->getMagicLevel(),
+					'soul' => $spell->getSoul(),
+					'premium' => $spell->isPremium() ? 1 : 0,
+					'vocations' => json_encode($spell->getVocations()),
+					'conjure_count' => 0,
+					'hidden' => $spell->isEnabled() ? 0 : 1
+				));
+				
 				if($show) {
-					success("Added: ".$name."<br/>");
+					success('Added: ' . $name . '<br/>');
+				}
+			}
+			catch(PDOException $error) {
+				if($show) {
+					warning('Error while adding spell (' . $name . '): ' . $error->getMessage());
+				}
+			}
+		}
+		
+		// add runes
+		$runeslist = self::$spellsList->getRunesList();
+		if($show) {
+			echo "<h3>Runes:</h3>";
+		}
+		
+		foreach($runeslist as $spellname) {
+			$spell = self::$spellsList->getRune($spellname);
+
+			$name = $spell->getName() . ' (rune)';
+
+			try {
+				$db->insert(TABLE_PREFIX . 'spells', array(
+					'name' => $name,
+					'words' => $spell->getWords(),
+					'type' => 3,
+					'mana' => $spell->getMana(),
+					'level' => $spell->getLevel(),
+					'maglevel' => $spell->getMagicLevel(),
+					'soul' => $spell->getSoul(),
+					'premium' => $spell->isPremium() ? 1 : 0,
+					'vocations' => json_encode($spell->getVocations()),
+					'conjure_count' => 0,
+					'item_id' => $spell->getID(),
+					'hidden' => $spell->isEnabled() ? 0 : 1
+				));
+				
+				if($show) {
+					success('Added: ' . $name . '<br/>');
 				}
 			}
 			catch(PDOException $error) {

system/libs/timer.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/usage_statistics.php

@@ -5,35 +5,30 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
 class Usage_Statistics {
+	private static $report_url = 'https://my-aac.org/report_usage.php';
+	
 	public static function report() {
-		$url = 'http://my-acc.org/report_usage.php';
-		//$url = BASE_URL . 'report_usage.php';
-		
 		$data = json_encode(self::getStats());
+		
 		$options = array(
 			'http' => array(
-				'header'  => 'Content-type: application/json',
-				'method'  => 'POST',
+				'header'  => 'Content-type: application/json' . "\r\n"
+				. 'Content-Length: ' . strlen($data) . "\r\n",
 				'content' => $data
 			)
 		);
 		
 		$context  = stream_context_create($options);
-		$result = file_get_contents($url, false, $context);
-		if ($result === false) {
-			return false;
-		}
-		
-		return true;
-		//var_dump($result);
+		$result = file_get_contents(self::$report_url, false, $context);
+
+		return $result !== false;
 	}
-	
+
 	public static function getStats() {
 		global $config, $db;
 		
@@ -97,7 +92,16 @@ WHERE TABLE_SCHEMA = "forgottenserver";');
 		}
 		
 		$ret['locales'] = get_locales();
-		$ret['plugins'] = get_plugins();
+		$ret['plugins'] = array();
+		foreach(get_plugins() as $plugin) {
+			$string = file_get_contents(BASE . 'plugins/' . $plugin . '.json');
+			$plugin_info = json_decode($string, true);
+			if($plugin_info != false) {
+				if(isset($plugin_info['version'])) {
+					$ret['plugins'][$plugin] = $plugin_info['version'];
+				}
+			}
+		}
 		$ret['templates'] = get_templates();
 		
 		$ret['date_timezone'] = $config['date_timezone'];

system/libs/validator.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -365,6 +364,11 @@ class Validator
 	 */
 	public static function guildName($name)
 	{
+		if(empty($name)) {
+			self::$lastError = 'Please enter guild name.';
+			return false;
+		}
+		
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789- ") != strlen($name)) {
 			self::$lastError = 'Invalid guild name format.';
 			return false;
@@ -387,6 +391,11 @@ class Validator
 	 */
 	public static function rankName($name)
 	{
+		if(empty($name)) {
+			self::$lastError = 'Please enter rank name.';
+			return false;
+		}
+		
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789-[ ] ") != strlen($name)) {
 			self::$lastError = 'Invalid rank name. Please use only a-Z, 0-9 and spaces.';
 			return false;

system/libs/visitors.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -102,12 +101,12 @@ class Visitors
 		if($this->cacheEnabled) {
 			foreach($this->data as $ip => &$details)
 				$details['ip'] = $ip;
-
+			
 			return $this->data;
 		}
-
+		
 		global $db;
-		return $db->query('SELECT ' . $db->fieldName('ip') . ', ' . $db->fieldName('lastvisit') . ', ' . $db->fieldName('page') . ' FROM ' . $db->tableName(TABLE_PREFIX . 'visitors') . ' ORDER BY ' . $db->fieldName('lastvisit') . ' DESC')->fetch();
+		return $db->query('SELECT ' . $db->fieldName('ip') . ', ' . $db->fieldName('lastvisit') . ', ' . $db->fieldName('page') . ' FROM ' . $db->tableName(TABLE_PREFIX . 'visitors') . ' ORDER BY ' . $db->fieldName('lastvisit') . ' DESC')->fetchAll();
 	}
 
 	public function getAmountVisitors()

system/libs/weapons.php

@@ -0,0 +1,81 @@
+<?php
+/**
+ * Weapons class
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+class Weapons {
+	private static $error = '';
+
+	public static function loadFromXML($show = false)
+	{
+		global $config, $db;
+		
+		try {
+			$db->query("DELETE FROM `myaac_weapons`;");
+		} catch (PDOException $error) {
+		}
+		
+		$file_path = $config['data_path'] . 'weapons/weapons.xml';
+		if (!file_exists($file_path)) {
+			self::$error = 'Cannot load file ' . $file_path;
+			return false;
+		}
+		
+		$xml = new DOMDocument;
+		$xml->load($file_path);
+		
+		foreach ($xml->getElementsByTagName('wand') as $weapon) {
+			self::parseNode($weapon, $show);
+		}
+		foreach ($xml->getElementsByTagName('melee') as $weapon) {
+			self::parseNode($weapon, $show);
+		}
+		foreach ($xml->getElementsByTagName('distance') as $weapon) {
+			self::parseNode($weapon, $show);
+		}
+		
+		return true;
+	}
+	
+	public static function parseNode($node, $show = false) {
+		global $config, $db;
+		
+		$id = (int)$node->getAttribute('id');
+		$vocations_ids = array_flip($config['vocations']);
+		$level = (int)$node->getAttribute('level');
+		$maglevel = (int)$node->getAttribute('maglevel');
+		
+		$vocations = array();
+		foreach($node->getElementsByTagName('vocation') as $vocation) {
+			$show = $vocation->getAttribute('showInDescription');
+			if(!empty($vocation->getAttribute('id')))
+				$voc_id = $vocation->getAttribute('id');
+			else {
+				$voc_id = $vocations_ids[$vocation->getAttribute('name')];
+			}
+			
+			$vocations[$voc_id] = strlen($show) == 0 || $show != '0';
+		}
+		
+		$exist = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'weapons` WHERE `id` = ' . $id);
+		if($exist->rowCount() > 0) {
+			if($show) {
+				warning('Duplicated weapon with id: ' . $id);
+			}
+		}
+		else {
+			$db->insert(TABLE_PREFIX . 'weapons', array('id' => $id, 'level' => $level, 'maglevel' => $maglevel, 'vocations' => json_encode($vocations)));
+		}
+	}
+	
+	public static function getError() {
+		return self::$error;
+	}
+}

system/locale/en/install.php

@@ -51,6 +51,8 @@ $locale['step_config_mail_address_desc'] = 'Address which will be used for outgo
 $locale['step_config_mail_address_error'] = 'Server E-Mail is not correct.';
 $locale['step_config_client'] = 'Client version';
 $locale['step_config_client_desc'] = 'Used for download page and some templates';
+$locale['step_config_usage'] = 'Usage Statistics';
+$locale['step_config_usage_desc'] = 'Allow MyAAC to report anonymous usage statistics? The data is sent only once per 30 days and is fully confidential.';
 
 // database
 $locale['step_database'] = 'Import schema';
@@ -63,7 +65,7 @@ $locale['step_database_error_only_mysql'] = 'This AAC supports only MySQL. From
 $locale['step_database_error_table'] = 'Table $TABLE$ doesn\'t exist. Please import your OTS database schema first.';
 $locale['step_database_error_table_exist'] = 'Table $TABLE$ already exist. Seems AAC is already installed. Skipping importing MySQL schema..';
 $locale['step_database_error_schema'] = 'Error while importing schema:';
-$locale['step_database_success_schema'] = 'Succesfully installed $PREFIX$ tables.';
+$locale['step_database_success_schema'] = 'Successfully installed $PREFIX$ tables.';
 $locale['step_database_error_file'] = '$FILE$ couldn\'t be opened. Please copy this content and paste there:';
 $locale['step_database_adding_field'] = 'Adding field';
 $locale['step_database_modifying_field'] = 'Modifying field';

system/login.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -13,7 +12,9 @@ $logged = false;
 $logged_flags = 0;
 
 $action = isset($_REQUEST['action']) ? strtolower($_REQUEST['action']) : '';
-if($action == 'logout' && !isset($_REQUEST['account_login']))
+define('ACTION', $action);
+
+if(ACTION == 'logout' && !isset($_REQUEST['account_login']))
 {
 	unsetSession('account');
 	unsetSession('password');

system/migrations/12.php

@@ -0,0 +1,49 @@
+<?php
+
+// add new item_id field for runes
+if(!fieldExist('item_id', TABLE_PREFIX . 'spells'))
+	$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` ADD `item_id` INT(11) NOT NULL DEFAULT 0 AFTER `conjure_count`;");
+
+// change unique index from spell to name
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` DROP INDEX `spell`;");
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` ADD UNIQUE INDEX (`name`);");
+
+// change comment of spells.type
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` MODIFY `type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune';");
+
+// new items table
+if(!tableExist(TABLE_PREFIX . 'items'))
+$db->query("
+CREATE TABLE `" . TABLE_PREFIX . "items`
+(
+	`id` INT(11) NOT NULL,
+	`article` VARCHAR(5) NOT NULL DEFAULT '',
+	`name` VARCHAR(50) NOT NULL DEFAULT '',
+	`plural` VARCHAR(50) NOT NULL DEFAULT '',
+	`attributes` VARCHAR(500) NOT NULL DEFAULT '',
+	PRIMARY KEY (`id`)
+) ENGINE = MyISAM;");
+
+// new weapons table
+if(!tableExist(TABLE_PREFIX . 'weapons'))
+$db->query("
+CREATE TABLE `" . TABLE_PREFIX . "weapons`
+(
+	`id` INT(11) NOT NULL,
+	`level` INT(11) NOT NULL DEFAULT 0,
+	`maglevel` INT(11) NOT NULL DEFAULT 0,
+	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
+	PRIMARY KEY (`id`)
+) ENGINE = MyISAM;");
+
+// modify vocations to support json data
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` MODIFY `vocations` VARCHAR(100) NOT NULL DEFAULT '';");
+$query = $db->query('SELECT `id`, `vocations` FROM `' . TABLE_PREFIX . 'spells`');
+foreach($query->fetchAll() as $spell) {
+	$tmp = explode(',', $spell['vocations']);
+	foreach($tmp as &$v) {
+		$v = (int)$v;
+	}
+	$db->update(TABLE_PREFIX . 'spells', array('vocations' => json_encode($tmp)), array('id' => $spell['id']));
+}
+?>

system/migrations/13.php

@@ -0,0 +1,4 @@
+<?php
+	if(fieldExist('spell', TABLE_PREFIX . 'spells'))
+		$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` DROP COLUMN `spell`;");
+?>

system/migrations/14.php

@@ -0,0 +1,18 @@
+<?php
+
+// change monsters.file_path field to loot
+if(fieldExist('file_path', TABLE_PREFIX . 'monsters')) {
+	$db->query("ALTER TABLE `" . TABLE_PREFIX . "monsters` CHANGE `file_path` `loot` VARCHAR(5000);");
+}
+
+// update loot to empty string
+$db->query("UPDATE `" . TABLE_PREFIX . "monsters` SET `loot` = '';");
+
+// drop monsters.gfx_name field
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "monsters` DROP COLUMN `gfx_name`;");
+
+// rename hide_creature to hidden
+if(fieldExist('hide_creature', TABLE_PREFIX . 'monsters')) {
+	$db->query("ALTER TABLE `" . TABLE_PREFIX . "monsters` CHANGE `hide_creature` `hidden` TINYINT(1) NOT NULL DEFAULT 0;");
+}
+?>

system/migrations/15.php

@@ -0,0 +1,11 @@
+<?php
+
+// add new forum.guild and forum.access fields
+if(!fieldExist('guild', TABLE_PREFIX . 'forum_boards')) {
+	$db->query("ALTER TABLE `" . TABLE_PREFIX . "forum_boards` ADD `guild` TINYINT(1) NOT NULL DEFAULT 0 AFTER `closed`;");
+}
+
+if(!fieldExist('access', TABLE_PREFIX . 'forum_boards')) {
+	$db->query("ALTER TABLE `" . TABLE_PREFIX . "forum_boards` ADD `access` TINYINT(1) NOT NULL DEFAULT 0 AFTER `guild`;");
+}
+?>

system/migrations/16.php

@@ -0,0 +1,5 @@
+<?php
+
+// change size of spells.vocations
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` MODIFY `vocations` VARCHAR(300) NOT NULL DEFAULT '';");
+?>

system/migrations/17.php

@@ -0,0 +1,88 @@
+<?php
+
+if(!tableExist('myaac_menu')) {
+	$db->query("
+CREATE TABLE `myaac_menu`
+(
+	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`template` VARCHAR(255) NOT NULL,
+	`name` VARCHAR(255) NOT NULL,
+	`link` VARCHAR(255) NOT NULL,
+	`category` INT(11) NOT NULL DEFAULT 1,
+	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`enabled` INT(1) NOT NULL DEFAULT 1,
+	PRIMARY KEY (`id`)
+) ENGINE = MyISAM;");
+	
+	$db->query("
+/* MENU_CATEGORY_NEWS kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Latest News', 'news', 1, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'News Archive', 'news/archive', 1, 1);
+/* MENU_CATEGORY_ACCOUNT kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Account Management', 'account/manage', 2, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Create Account', 'account/create', 2, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Lost Account?', 'account/lost', 2, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Rules', 'rules', 2, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Downloads', 'downloads', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Report Bug', 'bugtracker', 2, 5);
+/* MENU_CATEGORY_COMMUNITY kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Who is Online?', 'online', 3, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Characters', 'characters', 3, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Guilds', 'guilds', 3, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Highscores', 'highscores', 3, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Last Deaths', 'lastkills', 3, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Houses', 'houses', 3, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Bans', 'bans', 3, 6);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Forum', 'forum', 3, 7);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Team', 'team', 3, 8);
+/* MENU_CATEGORY_LIBRARY kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Monsters', 'creatures', 5, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Spells', 'spells', 5, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Info', 'serverInfo', 5, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Commands', 'commands', 5, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Gallery', 'gallery', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Experience Table', 'experienceTable', 5, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'FAQ', 'faq', 5, 6);
+/* MENU_CATEGORY_SHOP kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Buy Points', 'points', 6, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop Offer', 'gifts', 6, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop History', 'gifts/history', 6, 2);
+/* MENU_CATEGORY_NEWS tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Latest News', 'news', 1, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'News Archive', 'news/archive', 1, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Changelog', 'changelog', 1, 2);
+/* MENU_CATEGORY_ACCOUNT tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Account Management', 'account/manage', 2, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Create Account', 'account/create', 2, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Lost Account?', 'account/lost', 2, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Rules', 'rules', 2, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Downloads', 'downloads', 2, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Report Bug', 'bugtracker', 2, 5);
+/* MENU_CATEGORY_COMMUNITY tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Characters', 'characters', 3, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Who Is Online?', 'online', 3, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Highscores', 'highscores', 3, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Last Kills', 'lastkills', 3, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Houses', 'houses', 3, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Guilds', 'guilds', 3, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Polls', 'polls', 3, 6);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Bans', 'bans', 3, 7);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Support List', 'team', 3, 8);
+/* MENU_CATEGORY_FORUM tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Forum', 'forum', 4, 0);
+/* MENU_CATEGORY_LIBRARY tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Creatures', 'creatures', 5, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Spells', 'spells', 5, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Commands', 'commands', 5, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Exp Stages', 'experienceStages', 5, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Gallery', 'gallery', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Info', 'serverInfo', 5, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Experience Table', 'experienceTable', 5, 6);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Support List', 'team', 5, 7);
+/* MENU_CATEGORY_SHOP tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Buy Points', 'points', 6, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop Offer', 'gifts', 6, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop History', 'gifts/history', 6, 2);
+	");
+}
+?>

system/migrations/18.php

@@ -0,0 +1,6 @@
+<?php
+
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "news` ADD `article_text` VARCHAR(300) NOT NULL DEFAULT '' AFTER `comments`;");
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "news` ADD `article_image` VARCHAR(100) NOT NULL DEFAULT '' AFTER `article_text`;");
+
+?>

system/pages/404.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account.php

@@ -1,25 +1,16 @@
 <?php
 /**
  * Account confirm mail
+ * Keept for compability
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = 'Account';
 
-if($action == 'confirm_email')
-{
-	$res = $db->query('SELECT email_hash FROM accounts WHERE email_hash = ' . $db->quote($_GET['v']));
-	if(!$res->rowCount())
-		echo '<div class="note">Your email couldn\'t be verified. Please contact staff to do it manually.</div>';
-	else
-	{
-		$db->update('accounts', array('email_verified' => '1'), array('email_hash' => $_GET['v']));
-		echo '<div class="success">You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.</div>';
-	}
+if($action == 'confirm_email') {
+	require_once(PAGES . 'account/confirm_email.php');
 }
 ?>

system/pages/account/change_comment.php

@@ -6,12 +6,11 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$player_name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
+$player_name = isset($_REQUEST['name']) ? stripslashes(urldecode($_REQUEST['name'])) : null;
 $new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
 $new_hideacc = isset($_POST['accountvisible']) ? (int)$_POST['accountvisible'] : NULL;
 

system/pages/account/change_email.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -87,19 +86,18 @@ else
 		<td width="30">&nbsp;</td>
 		<td align=left>
 			<form action="' . getLink('account/email') . '" method="post"><input type="hidden" name="changeemailsave" value=1 >
-				<INPUT TYPE=image NAME="I Agree" SRC="' . $template_path . '/images/buttons/sbutton_iagree.gif" BORDER=0 WIDTH=120 HEIGHT=17>
+				<INPUT TYPE=image NAME="I Agree" SRC="' . $template_path . '/images/global/buttons/sbutton_iagree.gif" BORDER=0 WIDTH=120 HEIGHT=17>
 			</form>
 		</td>
 		<td align=left>
 			<form action="' . getLink('account/email') . '" method="post">
 				<input type="hidden" name="emailchangecancel" value=1 >
-				<input type=image name="Cancel" src="' . $template_path . '/images/buttons/sbutton_cancel.gif" BORDER=0 WIDTH=120 HEIGHT=17>
+				' . $twig->render('buttons.cancel.html.twig') . '
 			</form>
 		</td>
 		<td align=right>
 			<form action="?subtopic=accountmanagement" method="post" >
-				<div class="BigButton" style="background-image:url(' . $template_path . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $template_path . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="' . $template_path . '/images/buttons/_sbutton_back.gif" ></div>
-				</div>
+				' . $twig->render('buttons.back.html.twig') . '
 			</form>
 		</td>
 		<td width="30">&nbsp;</td>
@@ -123,8 +121,7 @@ else
 					<tr>
 						<td style="border:0px;" >
 							<input type="hidden" name="emailchangecancel" value="1" >
-							<div class="BigButton" style="background-image:url(' . $template_path . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $template_path . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Cancel" alt="Cancel" src="'.$template_path.'/images/buttons/_sbutton_cancel.gif" ></div>
-							</div>
+							' . $twig->render('buttons.cancel.html.twig') . '
 						</td>
 					</tr>
 				</form>
@@ -135,8 +132,7 @@ else
 				<form action="' . getLink('account/manage') . '" method="post" >
 					<tr>
 						<td style="border:0px;" >
-							<div class="BigButton" style="background-image:url(' . $template_path . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $template_path . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="' . $template_path . '/images/buttons/_sbutton_back.gif" ></div>
-							</div>
+							' . $twig->render('buttons.back.html.twig') . '
 						</td>
 					</tr>
 				</form>
@@ -155,7 +151,7 @@ if(isset($_POST['emailchangecancel']) && $_POST['emailchangecancel'] == 1) {
 	$account_logged->setCustomField("email_new", "");
 	$account_logged->setCustomField("email_new_time", 0);
 	
-	$custom_buttons = '<center><table border="0" cellspacing="0" cellpadding="0" ><form action="?subtopic=accountmanagement" method="post" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url('.$template_path.'/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url('.$template_path.'/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="'.$template_path.'/images/buttons/_sbutton_back.gif" ></div></div></td></tr></form></table></center>';
+	$custom_buttons = '<center><table border="0" cellspacing="0" cellpadding="0" ><form action="?subtopic=accountmanagement" method="post" ><tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></center>';
 	
 	echo $twig->render('success.html.twig', array(
 		'title' => 'Email Address Change Cancelled',

system/pages/account/change_info.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account/change_name.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account/change_password.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account/change_sex.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account/confirm_email.php

@@ -0,0 +1,29 @@
+<?php
+/**
+ * Account confirm mail
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$title = 'Confirm Email';
+
+$hash = isset($_GET['v']) ? $_GET['v'] : '';
+if(empty($hash)) {
+	warning('Please enter email hash code.<br/>If you copied the link, please try again with full link.');
+	return;
+}
+
+$res = $db->query('SELECT `email_hash` FROM `accounts` WHERE `email_hash` = ' . $db->quote($hash));
+if(!$res->rowCount()) {
+	note("Your email couldn't be verified. Please contact staff to do it manually.");
+}
+else
+{
+	$db->update('accounts', array('email_verified' => '1'), array('email_hash' => $hash));
+	success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.');
+}
+?>

system/pages/account/create_character.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account/delete_character.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account/register.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account/register_new.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/accountmanagement.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -26,6 +25,11 @@ if(!$logged)
 	}
 	else
 	{
+		if($action == 'confirm_email') {
+			require(PAGES . 'account/' . $action . '.php');
+			return;
+		}
+		
 		if(!empty($errors))
 			echo $twig->render('error_box.html.twig', array('errors' => $errors));
 		
@@ -34,8 +38,9 @@ if(!$logged)
 			'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
 			'error' => isset($errors[0]) ? $errors[0] : null
 		));
-	return;
 	}
+
+	return;
 }
 
 $errors = array();
@@ -124,7 +129,15 @@ $errors = array();
 			'players' => $account_players
 		));
 	}
-	else if(file_exists(PAGES . 'account/' . $action . '.php')) {
-		require(PAGES . 'account/' . $action . '.php');
+	else {
+		if(!ctype_alnum(str_replace(array('-', '_'), '', $action))) {
+			error('Error: Action contains illegal characters.');
+		}
+		else if(file_exists(PAGES . 'account/' . $action . '.php')) {
+			require(PAGES . 'account/' . $action . '.php');
+		}
+		else {
+			error('This page does not exists.');
+		}
 	}
 ?>

system/pages/admin/changelog.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -17,10 +16,12 @@ if(!file_exists(BASE . 'CHANGELOG')) {
 }
 
 $changelog = file_get_contents(BASE . 'CHANGELOG');
-$changelog = nl2br(htmlspecialchars($changelog));
+$changelog = htmlspecialchars($changelog);
 
 // replace URLs with <a href...> elements
 $changelog = preg_replace('/\s(\w+:\/\/)(\S+)/', ' <a href="\\1\\2" target="_blank">\\1\\2</a>', $changelog);
 
+$changelog = nl2br($changelog);
+
 echo '<div>' . $changelog . '</div>';
 ?>

system/pages/admin/dashboard.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -89,12 +88,9 @@ function clearCache()
 	if($cache->fetch('news' . $template_name . '_' . NEWS, $tmp))
 		$cache->delete('news' . $template_name . '_' . NEWS);
 
-	if($cache->fetch('news' . $template_name . '_' . TICKET, $tmp))
-		$cache->delete('news' . $template_name . '_' . TICKET);
-
-	if($cache->fetch('news' . $template_name . '_' . ARTICLE, $tmp))
-		$cache->delete('news' . $template_name . '_' . ARTICLE);
-
+	if($cache->fetch('news' . $template_name . '_' . TICKER, $tmp))
+		$cache->delete('news' . $template_name . '_' . TICKER);
+	
 	if($cache->fetch('template_ini' . $template_name, $tmp))
 		$cache->delete('template_ini' . $template_name);
 

system/pages/admin/items.php

@@ -0,0 +1,30 @@
+<?php
+/**
+ * Load items.xml
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Load items.xml';
+
+require(LIBS . 'items.php');
+require(LIBS . 'weapons.php');
+
+echo $twig->render('admin.items.html.twig');
+
+$reload = isset($_REQUEST['reload']) && (int)$_REQUEST['reload'] == 1;
+if($reload) {
+	if(Items::loadFromXML(true))
+		success('Successfully loaded items.');
+	else
+		error(Items::getError());
+	
+	if(Weapons::loadFromXML(true))
+		success('Successfully loaded weapons.');
+	else
+		error(Weapons::getError());
+	
+}

system/pages/admin/login.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/logs.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/mailer.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/menus.php

@@ -0,0 +1,110 @@
+<?php
+/**
+ * Menus
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Menus';
+
+if(!hasFlag(FLAG_CONTENT_MENUS) && !superAdmin())
+{
+	echo 'Access denied.';
+	return;
+}
+
+if(isset($_REQUEST['template'])) {
+	$template = $_REQUEST['template'];
+	
+	if(isset($_REQUEST['menu'])) {
+		$post_menu = $_REQUEST['menu'];
+		$post_menu_link = $_REQUEST['menu_link'];
+		if(count($post_menu) != count($post_menu_link)) {
+			echo 'Menu count is not equal menu links. Something went wrong when sending form.';
+			return;
+		}
+		
+		$db->query('DELETE FROM `' . TABLE_PREFIX . 'menu` WHERE `template` = ' . $db->quote($template));
+		foreach($post_menu as $category => $menus) {
+			foreach($menus as $i => $menu) {
+				if(empty($menu)) // don't save empty menu item
+					continue;
+				
+				try {
+					$db->insert(TABLE_PREFIX . 'menu', array('template' => $template, 'name' => $menu, 'link' => $post_menu_link[$category][$i], 'category' => $category, 'ordering' => $i));
+				}
+				catch(PDOException $error) {
+					warning('Error while adding menu item (' . $menu . '): ' . $error->getMessage());
+				}
+			}
+		}
+		
+		success('Saved at ' . date('H:i'));
+	}
+	
+	$file = TEMPLATES . $template . '/config.php';
+	if(file_exists($file)) {
+		require_once($file);
+	}
+	else {
+		echo 'Cannot find template config.php file.';
+		return;
+	}
+	
+	if(!isset($config['menu_categories'])) {
+		echo "No menu categories set in template config.php.<br/>This template doesn't support dynamic menus.";
+		return;
+	}
+	
+	echo 'Hint: You can drag menu items.<br/>Editing: ' . $template . ' template.';
+	$menus = array();
+	$menus_db = $db->query('SELECT `name`, `link`, `category`, `ordering` FROM `' . TABLE_PREFIX . 'menu` WHERE `enabled` = 1 AND `template` = ' . $db->quote($template) . ' ORDER BY `ordering` ASC;')->fetchAll();
+	foreach($menus_db as $menu) {
+		$menus[$menu['category']][] = array('name' => $menu['name'], 'link' => $menu['link'], 'ordering' => $menu['ordering']);
+	}
+	
+	$last_id = array();
+	echo '<form method="post" action="?p=menus">';
+	echo '<input type="hidden" name="template" value="' . $template . '"/>';
+	foreach($config['menu_categories'] as $id => $cat) {
+		echo '<h2>' . $cat['name'] . '<img class="add-button" id="add-button-' . $id . '" src="' . BASE_URL . 'images/plus.png" width="16" height="16"/></h2>';
+		echo '<ul class="sortable" id="sortable-' . $id . '">';
+		if(isset($menus[$id])) {
+			$i = 0;
+			foreach($menus[$id] as $menu) {
+				echo '<li class="ui-state-default" id="list-' . $id . '-' . $i . '"><input type="text" name="menu[' . $id . '][]" value="' . $menu['name'] . '"/><input type="text" name="menu_link[' . $id . '][]" value="' . $menu['link'] . '"/><a class="remove-button" id="remove-button-' . $id . '-' . $i . '"><img src="' . BASE_URL . 'images/del.png"/></a></li>';
+				
+				$i++;
+				$last_id[$id] = $i;
+			}
+		}
+			
+		echo '</ul>';
+	}
+	
+	echo '<input type="submit" class="button" value="Update">';
+	echo '<input type="button" class="button" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus&template=' . $template . '\';">';
+	echo '</form>';
+	
+	echo $twig->render('admin.menus.js.html.twig', array(
+		'menus' => $menus,
+		'last_id' => $last_id
+	));
+}
+else {
+	$templates = $db->query('SELECT `template` FROM `' . TABLE_PREFIX . 'menu` GROUP BY `template`;')->fetchAll();
+	foreach($templates as $key => $value) {
+		$file = TEMPLATES . $value['template'] . '/config.php';
+		if(!file_exists($file)) {
+			unset($templates[$key]);
+		}
+	}
+	
+	echo $twig->render('admin.menus.form.html.twig', array(
+		'templates' => $templates
+	));
+}
+?>

system/pages/admin/notepad.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -20,7 +19,7 @@ if(isset($_POST['content']))
 	else
 		Notepad::update($account_logged->getId(), $_content);
 
-	echo '<div class="success" style="text-align: center;">Saved at ' . date('g:i A') . '</div>';
+	echo '<div class="success" style="text-align: center;">Saved at ' . date('H:i') . '</div>';
 }
 else
 {

system/pages/admin/pages.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -34,12 +33,13 @@ if(!empty($action))
 	if(isset($_REQUEST['title']))
 		$p_title = $_REQUEST['title'];
 
-	$php = isset($_REQUEST['php']);
-	//if($php)
-	//	$body = $_REQUEST['body'];
-	//else
-	if(isset($_REQUEST['body']))
+	$php = isset($_REQUEST['php']) && $_REQUEST['php'] == 1;
+	if($php)
+		$body = $_REQUEST['body'];
+	else if(isset($_REQUEST['body'])) {
+		//$body = $_REQUEST['body'];
 		$body = html_entity_decode(stripslashes($_REQUEST['body']));
+	}
 
 	if(isset($_REQUEST['access']))
 		$access = $_REQUEST['access'];
@@ -56,7 +56,8 @@ if(!empty($action))
 		}
 	}
 	else if($action == 'delete') {
-		Pages::delete($id, $errors);
+		if(Pages::delete($id, $errors))
+			success('Page with id ' . $id . ' has been deleted');
 	}
 	else if($action == 'edit')
 	{
@@ -90,7 +91,7 @@ $query =
 $pages = array();
 foreach($query as $_page) {
 	$pages[] = array(
-		'link' => getFullLink($_page['name'], $_page['name']),
+		'link' => getFullLink($_page['name'], $_page['name'], true),
 		'title' => substr($_page['title'], 0, 20),
 		'id' => $_page['id'],
 		'hidden' => $_page['hidden']
@@ -133,7 +134,7 @@ class Pages
 			if($query === false)
 				$db->insert(TABLE_PREFIX . 'pages', array('name' => $name, 'title' => $title, 'body' => $body, 'player_id' => $player_id, 'php' => $php ? '1' : '0', 'access' => $access));
 			else
-				$errors[] = 'Page with this words already exists.';
+				$errors[] = 'Page with this link already exists.';
 		}
 		else
 			$errors[] = 'Please fill all inputs.';

system/pages/admin/phpinfo.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/players.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/plugins.php

@@ -5,70 +5,24 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Plugin manager';
 
 require(SYSTEM . 'hooks.php');
-
-function deleteDirectory($dir) {
-	if(!file_exists($dir)) {
-		return true;
-	}
-	
-	if(!is_dir($dir)) {
-		return unlink($dir);
-	}
-	
-	foreach(scandir($dir) as $item) {
-		if($item == '.' || $item == '..') {
-			continue;
-		}
-		
-		if(!deleteDirectory($dir . DIRECTORY_SEPARATOR . $item)) {
-			return false;
-		}
-	}
-	
-	return rmdir($dir);
-}
+require(LIBS . 'plugins.php');
 
 echo $twig->render('admin.plugins.form.html.twig');
 
 if(isset($_REQUEST['uninstall'])){
 	$uninstall = $_REQUEST['uninstall'];
 	
-	$filename = BASE . 'plugins/' . $uninstall . '.json';
-	if(!file_exists($filename)) {
-		error('Plugin ' . $uninstall . ' does not exist.');
+	if(Plugins::uninstall($uninstall)) {
+		success('Successfully uninstalled plugin ' . $uninstall);
 	}
 	else {
-		$string = file_get_contents($filename);
-		$plugin_info = json_decode($string, true);
-		if($plugin_info == false) {
-			warning('Cannot load plugin info ' . $uninstall . '.json');
-		}
-		else {
-			$success = true;
-			foreach($plugin_info['uninstall'] as $file) {
-				$file = BASE . $file;
-				if(!deleteDirectory($file)) {
-					$success = false;
-				}
-			}
-			
-			if($success) {
-				if($cache->enabled()) {
-					$cache->delete('templates');
-				}
-				success('Successfully uninstalled plugin ' . $uninstall);
-			}
-			else {
-				error('Error while uninstalling plugin ' . $uninstall . ': ' . error_get_last());
-			}
-		}
+		error('Error while uninstalling plugin ' . $plugin_name . ': ' . Plugins::getError());
 	}
 }
 else if(isset($_FILES["plugin"]["name"]))
@@ -115,98 +69,17 @@ else if(isset($_FILES["plugin"]["name"]))
 				$targetzip = BASE . 'plugins/' . $tmp_filename . '.zip';
 
 				if(move_uploaded_file($tmp_name, $targetzip)) { // move uploaded file
-					$zip = new ZipArchive();
-					if ($zip->open($targetzip)) {
-						for ($i = 0; $i < $zip->numFiles; $i++) {
-							$tmp = $zip->getNameIndex($i);
-							if(pathinfo($tmp, PATHINFO_DIRNAME) == 'plugins' && pathinfo($tmp, PATHINFO_EXTENSION) == 'json')
-								$json_file = $tmp;
+					if(Plugins::install($targetzip)) {
+						foreach(Plugins::getWarnings() as $warning) {
+							warning($warning);
 						}
-						
-						if(!isset($json_file)) {
-							error('Cannot find plugin info .json file. Installation is discontinued.');
-						}
-						else if($zip->extractTo(BASE)) { // place in the directory with same name
-							$file_name = BASE . $json_file;
-							if(!file_exists($file_name))
-								warning("Cannot load " . $file_name . ". File doesn't exist.");
-							else {
-								$string = file_get_contents($file_name);
-								$plugin = json_decode($string, true);
-								if ($plugin == null) {
-									warning('Cannot load ' . $file_name . '. File might be not a valid json code.');
-								}
-								else {
-									$continue = true;
-									
-									if(isset($plugin['require'])) {
-										$require = $plugin['require'];
-										if(isset($require['myaac'])) {
-											$require_myaac = $require['myaac'];
-											if(version_compare(MYAAC_VERSION, $require_myaac, '<')) {
-												warning("This plugin requires MyAAC version " . $require_myaac . ", you're using version " . MYAAC_VERSION . " - please update.");
-												$continue = false;
-											}
-										}
-										
-										if(isset($require['php'])) {
-											$require_php = $require['php'];
-											if(version_compare(phpversion(), $require_php, '<')) {
-												warning("This plugin requires PHP version " . $require_php . ", you're using version " . phpversion() . " - please update.");
-												$continue = false;
-											}
-										}
-										
-										if(isset($require['database'])) {
-											$require_database = $require['database'];
-											if($require_database < DATABASE_VERSION) {
-												warning("This plugin requires database version " . $require_database . ", you're using version " . DATABASE_VERSION . " - please update.");
-												$continue = false;
-											}
-										}
-									}
-									
-									if($continue) {
-										if (isset($plugin['install'])) {
-											if (file_exists(BASE . $plugin['install']))
-												require(BASE . $plugin['install']);
-											else
-												warning('Cannot load install script. Your plugin might be not working correctly.');
-										}
-										
-										if (isset($plugin['hooks'])) {
-											foreach ($plugin['hooks'] as $_name => $info) {
-												if (isset($hook_types[$info['type']])) {
-													$query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'hooks` WHERE `name` = ' . $db->quote($_name) . ';');
-													if ($query->rowCount() == 1) { // found something
-														$query = $query->fetch();
-														$db->query('UPDATE `' . TABLE_PREFIX . 'hooks` SET `type` = ' . $hook_types[$info['type']] . ', `file` = ' . $db->quote($info['file']) . ' WHERE `id` = ' . (int)$query['id'] . ';');
-													} else {
-														$db->query('INSERT INTO `' . TABLE_PREFIX . 'hooks` (`id`, `name`, `type`, `file`) VALUES (NULL, ' . $db->quote($_name) . ', ' . $hook_types[$info['type']] . ', ' . $db->quote($info['file']) . ');');
-													}
-												} else
-													warning('Unknown event type: ' . $info['type']);
-											}
-										}
-										
-										if($cache->enabled()) {
-											$cache->delete('templates');
-										}
-										success('<strong>' . $plugin['name'] . '</strong> plugin has been successfully installed.');
-									}
-								}
-							}
-						}
-						else {
-							error('There was a problem with extracting zip archive.');
-						}
-						
-						$zip->close();
-						unlink($targetzip); // delete the Zipped file
-					}
-					else {
-						error('There was a problem with opening zip archive.');
+						$info = Plugins::getPluginInfo();
+						success((isset($info['name']) ? '<strong>' . $info['name'] . '</strong> p' : 'P') . 'lugin has been successfully installed.');
 					}
+					else
+						error(Plugins::getError());
+					
+					unlink($targetzip); // delete the Zipped file
 				}
 				else
 					error('There was a problem with the upload. Please try again.');
@@ -231,11 +104,11 @@ foreach(get_plugins() as $plugin)
 	}
 	else {
 		$plugins[] = array(
-			'name' => $plugin_info['name'],
-			'description' => $plugin_info['description'],
-			'version' => $plugin_info['version'],
-			'author' => $plugin_info['author'],
-			'contact' => $plugin_info['contact'],
+			'name' => isset($plugin_info['name']) ? $plugin_info['name'] : '',
+			'description' => isset($plugin_info['description']) ? $plugin_info['description'] : '',
+			'version' => isset($plugin_info['version']) ? $plugin_info['version'] : '',
+			'author' => isset($plugin_info['author']) ? $plugin_info['author'] : '',
+			'contact' => isset($plugin_info['contact']) ? $plugin_info['contact'] : '',
 			'file' => $plugin,
 			'uninstall' => isset($plugin_info['uninstall'])
 		);

system/pages/admin/statistics.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/tools.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/version.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/visitors.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/bans.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/bugtracker.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -83,7 +82,7 @@ $showed = $post = $reply = false;
                     echo '</TABLE>';
                 }
                 if($bug[2]['status'] != 3)
-                    echo '<br><a href="index.php?subtopic=bugtracker&control=true&id='.$_REQUEST['id'].'&acc='.$_REQUEST['acc'].'&reply=true"><b>[REPLY]</b></a>';
+                    echo '<br><a href="?subtopic=bugtracker&control=true&id='.$_REQUEST['id'].'&acc='.$_REQUEST['acc'].'&reply=true"><b>[REPLY]</b></a>';
             }
             else
             {
@@ -112,7 +111,7 @@ $showed = $post = $reply = false;
                             $type = 2;
                             $INSERT = $db->query('INSERT INTO `' . TABLE_PREFIX . 'bugtracker` (`account`,`id`,`text`,`reply`,`type`, `who`) VALUES ('.$db->quote($_REQUEST['acc']).','.$db->quote($_REQUEST['id']).','.$db->quote($_POST['text']).','.$db->quote($reply).','.$db->quote($type).','.$db->quote(1).')');
                             $UPDATE = $db->query('UPDATE `' . TABLE_PREFIX . 'bugtracker` SET `status` = '.$_POST['status'].' where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].'');
-                            header('Location: index.php?subtopic=bugtracker&control=true&id='.$_REQUEST['id'].'&acc='.$_REQUEST['acc'].'');
+                            header('Location: ?subtopic=bugtracker&control=true&id='.$_REQUEST['id'].'&acc='.$_REQUEST['acc'].'');
                         }
                     }
                     echo '<br><form method="post" action=""><table><tr><td><i>Description</i></td><td><textarea name="text" rows="15" cols="35"></textarea></td></tr><tr><td>Status[OPEN]</td><td><input type=radio name=status value=2></td></tr><tr><td>Status[CLOSED]</td><td><input type=radio name=status value=3></td></tr></table><br><input type="submit" name="finish" value="Submit" class="input2"/></form>';
@@ -138,7 +137,7 @@ $showed = $post = $reply = false;
                 elseif($report['status'] == 1)
                     $value = "<font color=blue>[NEW ANSWER]</font>";
                             
-                echo '<TR BGCOLOR="' . getStyle($i) . '"><td width=75%><a href="index.php?subtopic=bugtracker&control=true&id='.$report['id'].'&acc='.$report['account'].'">'.$tags[$report['tag']].' '.$report['subject'].'</a></td><td>'.$value.'</td></tr>';            
+                echo '<TR BGCOLOR="' . getStyle($i) . '"><td width=75%><a href="?subtopic=bugtracker&control=true&id='.$report['id'].'&acc='.$report['account'].'">'.$tags[$report['tag']].' '.$report['subject'].'</a></td><td>'.$value.'</td></tr>';
                         
                 $showed=true;
                 $i++;
@@ -202,7 +201,7 @@ $showed = $post = $reply = false;
                     echo '</TABLE>';
                 }
                 if($bug[2]['status'] != 3)
-                    echo '<br><a href="index.php?subtopic=bugtracker&id='.$id.'&reply=true"><b>[REPLY]</b></a>';
+                    echo '<br><a href="?subtopic=bugtracker&id='.$id.'&reply=true"><b>[REPLY]</b></a>';
             }
             else
             {
@@ -231,7 +230,7 @@ $showed = $post = $reply = false;
                             $type = 2;
                             $INSERT = $db->query('INSERT INTO `myaac_bugtracker` (`account`,`id`,`text`,`reply`,`type`) VALUES ('.$db->quote($acc).','.$db->quote($id).','.$db->quote($_POST['text']).','.$db->quote($reply).','.$db->quote($type).')');
                             $UPDATE = $db->query('UPDATE `myaac_bugtracker` SET `status` = 1 where `account` = '.$acc.' and `id` = '.$id.'');
-                            header('Location: index.php?subtopic=bugtracker&id='.$id.'');
+                            header('Location: ?subtopic=bugtracker&id='.$id.'');
                         }
                     }
                     echo '<br><form method="post" action=""><table><tr><td><i>Description</i></td><td><textarea name="text" rows="15" cols="35"></textarea></td></tr></table><br><input type="submit" name="finish" value="Submit" class="input2"/></form>';
@@ -275,7 +274,7 @@ $showed = $post = $reply = false;
                         $bgcolor = $light;
                     }
 
-                    echo '<TR BGCOLOR="'.$bgcolor.'"><td width=75%><a href="index.php?subtopic=bugtracker&id='.$report['id'].'">'.$tags[$report['tag']].' '.$report['subject'].'</a></td><td>'.$value.'</td></tr>';            
+                    echo '<TR BGCOLOR="'.$bgcolor.'"><td width=75%><a href="?subtopic=bugtracker&id='.$report['id'].'">'.$tags[$report['tag']].' '.$report['subject'].'</a></td><td>'.$value.'</td></tr>';
                     
                     $showed=true;
                 }
@@ -286,7 +285,7 @@ $showed = $post = $reply = false;
                 }
                 echo '</TABLE>';
                 
-                echo '<br><a href="index.php?subtopic=bugtracker&add=true"><b>[ADD REPORT]</b></a>';
+                echo '<br><a href="?subtopic=bugtracker&add=true"><b>[ADD REPORT]</b></a>';
             }
             elseif(isset($_REQUEST['add']) && $_REQUEST['add'] == TRUE)
             {
@@ -320,7 +319,7 @@ $showed = $post = $reply = false;
                         $type = 1;
                         $status = 1;
                         $INSERT = $db->query('INSERT INTO `' . TABLE_PREFIX . 'bugtracker` (`account`,`id`,`text`,`type`,`subject`, `reply`,`status`,`tag`) VALUES ('.$db->quote($acc).','.$db->quote($id_next).','.$db->quote($_POST['text']).','.$db->quote($type).','.$db->quote($_POST['subject']).', 0,'.$db->quote($status).','.$db->quote($_POST['tags']).')');
-                        header('Location: index.php?subtopic=bugtracker&id='.$id_next.'');
+                        header('Location: ?subtopic=bugtracker&id='.$id_next.'');
                     }
                         
                 }
@@ -338,6 +337,6 @@ $showed = $post = $reply = false;
     
     if(admin() and empty($_REQUEST['control']))
     {
-        echo '<br><br><a href="index.php?subtopic=bugtracker&control=true">[ADMIN PANEL]</a>';
+        echo '<br><br><a href="?subtopic=bugtracker&control=true">[ADMIN PANEL]</a>';
     }
 ?> 

system/pages/changelog.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -15,6 +14,7 @@ $_page = isset($_GET['page']) ? $_GET['page'] : 0;
 $id = isset($_GET['id']) ? $_GET['id'] : 0;
 $limit = 30;
 $offset = $_page * $limit;
+$next_page = false;
 ?>
 
 <br/>

system/pages/characters.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -351,16 +350,16 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 		// check if account has been banned
 		$bannedUntil = '';
 		$banned = array();
-		if (tableExist('account_bans'))
-			$banned = $db->query('SELECT `expires_at` as `expires` FROM `account_bans` WHERE `account_id` = ' . $account->getId() . ' and `expires_at` > ' . time());
+		if(tableExist('account_bans'))
+			$banned = $db->query('SELECT `expires_at` as `expires` FROM `account_bans` WHERE `account_id` = ' . $account->getId() . ' and (`expires_at` > ' . time() . ' OR `expires_at` = -1);');
 		else if (tableExist('bans')) {
 			if (fieldExist('expires', 'bans'))
-				$banned = $db->query('SELECT `expires` FROM `bans` WHERE (`value` = ' . $account->getId() . ' or `value` = ' . $player->getId() . ') and `active` = 1 and `type` != 2 and `type` != 4 and `expires` > ' . time());
+				$banned = $db->query('SELECT `expires` FROM `bans` WHERE (`value` = ' . $account->getId() . ' or `value` = ' . $player->getId() . ') and `active` = 1 and `type` != 2 and `type` != 4 and (`expires` > ' . time() . ' OR `expires` = -1);');
 			else
-				$banned = $db->query('SELECT `time` as `time` FROM `bans` WHERE (`account` = ' . $account->getId() . ' or `player` = ' . $player->getId() . ') and `type` != 2 and `type` != 4 and `time` > ' . time());
+				$banned = $db->query('SELECT `time` as `time` FROM `bans` WHERE (`account` = ' . $account->getId() . ' or `player` = ' . $player->getId() . ') and `type` != 2 and `type` != 4 and (`time` > ' . time() . ' OR `time` = -1);');
 		}
-		foreach ($banned as $ban) {
-			$bannedUntil = ' <font color="red">[Banished ' . ($ban['expires'] == "-1" ? 'forever' : 'until ' . date("d F Y, h:s", $ban['expires'])) . ']</font>';
+		foreach($banned as $ban) {
+			$bannedUntil = $ban['expires'];
 		}
 		
 		$account_players = $account->getPlayersList();

system/pages/commands.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/createaccount.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -161,7 +160,7 @@ if($save)
 			$hash = md5(generateRandomString(16, true, true) . $email);
 			$new_account->setCustomField('email_hash', $hash);
 
-			$verify_url = BASE_URL . '?p=account&action=confirm_email&v=' . $hash;
+			$verify_url = getLink('account/confirm_email/' . $hash);
 			$server_name = $config['lua']['serverName'];
 			
 			$body_plain = $twig->render('mail.account.verify.plain.html.twig', array(
@@ -182,7 +181,8 @@ if($save)
 			}
 			else
 			{
-				echo '<br /><p class="error">An error occorred while sending email! Account not created. Try again. Error:<br/>' . $mailer->ErrorInfo . '</p>';
+				error('An error occorred while sending email! Account not created. Try again. Error:<br/>' . $mailer->ErrorInfo . '<br/>More info in system/logs/error.log');
+				log_append('error.log', '[createaccount.php] An error occorred while sending email: ' . $mailer->ErrorInfo . '. Error: ' . print_r(error_get_last(), true));
 				$new_account->delete();
 			}
 		}
@@ -201,7 +201,8 @@ if($save)
 				if(_mail($email, 'Your account on ' . $config['lua']['serverName'], $mailBody))
 					echo '<br /><small>These informations were send on email address <b>' . $email . '</b>.';
 				else
-					echo '<br /><p class="error">An error occorred while sending email (<b>' . $email . '</b>)! Error:<br/>' . $mailer->ErrorInfo . '</p>';
+					error('An error occorred while sending email (<b>' . $email . '</b>)! Error:<br/>' . $mailer->ErrorInfo . '<br/>More info in system/logs/error.log');
+					log_append('error.log', '[createaccount.php] An error occorred while sending email: ' . $mailer->ErrorInfo . '. Error: ' . print_r(error_get_last(), true));
 			}
 		}
 

system/pages/creatures.php

@@ -6,68 +6,29 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.1
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = "Creatures";
 
-$rarity = array( 
-    'Not Rare'    => 7, 
-    'Semi Rare'    => 2, 
-    'Rare'        => 0.5, 
-    'Very Rare' => 0 
-); 
-
-function addLoot($loot, $level=1)
-{ 
-	foreach($loot as $test) { 
-		$chance = $test['chance']; 
-		if(!$chance) 
-			$chance = $test['chance1']; 
-
-		printLoot($level, $test['id'], $test['countmax'], $chance); 
-		foreach($test as $k => $v) 
-			addLoot($v->item, $level + 1); 
-	} 
-} 
- 
- $i = 0;
-function printLoot($level, $itemid, $count, $chance)
-{ 
-	global $itemList, $rarity, $i; 
-
-	$chance /= 1000; 
-	if(isset($_GET['lootrate'])) { 
-		global $lootRate; 
-		$chance *= $lootRate; 
-	} 
-
-	foreach($rarity as $lootRarity => $percent) {
-		if($chance >= $percent) {
-			if(isset($itemid))
-			echo str_repeat("... ", $level) . '<u>' . ($count ? $count : 1) . '</u> <span style="color: #7878FF; font-weight: bold;">' . $itemList[(int)$itemid] . '</span> ' . $itemid . ' <span style="color: #C45; font-weight: bold;">' . $lootRarity . '</span> (<span style="color: #FF9A9A;">' . $chance . '%</span>)<br />';
-			
-			if($i % 6 == 0)
-			{
-				if($i != 0)
-					echo '</td></tr>';
-				echo '<tr bgcolor="'.getStyle(0).'"><td width="100">';
-			}
-			echo getItemImage($itemid);
-			$i++;
-			break; 
-		} 
-	} 
-}
+?>
+<script type="text/javascript" src="tools/tipped.js"></script>
+<link rel="stylesheet" type="text/css" href="tools/tipped.css"/>
+<script>
+	$(document).ready(function() {
+		Tipped.create('.tooltip');
+	});
+</script>
 
+<?php
 $canEdit = hasFlag(FLAG_CONTENT_MONSTERS) || admin();
 if(isset($_POST['reload_monsters']) && $canEdit)
 {
 	require LIBS . 'creatures.php';
-	if(Creatures::loadFromXML(true))
-		if(Creatures::getMonstersList()->hasErrors())
+	if(Creatures::loadFromXML(true)) {
+		if (Creatures::getMonstersList()->hasErrors())
 			error('There were some problems loading your monsters.xml file. Please check system/logs/error.log for more info.');
+	}
 	else {
 		error(Creatures::getLastError());
 	}
@@ -76,7 +37,7 @@ if(isset($_POST['reload_monsters']) && $canEdit)
 if($canEdit)
 {
 ?>
-	<form method="post" action="index.php?subtopic=creatures">
+	<form method="post" action="<?php echo getLink('creatures'); ?>">
 		<input type="hidden" name="reload_monsters" value="yes"/>
 		<input type="submit" value="(admin) Reload monsters"/>
 	</form>
@@ -114,7 +75,7 @@ if(empty($_REQUEST['creature']))
 		$whereandorder = ' ORDER BY name';
 	}
 	//send query to database
-	$monsters = $db->query('SELECT * FROM '.$db->tableName(TABLE_PREFIX . 'monsters').' WHERE hide_creature != 1'.$whereandorder);
+	$monsters = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'monsters` WHERE `hidden` != 1'.$whereandorder);
 	echo '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['vdarkborder'].'>';
 	if($order == 'name' && !isset($_REQUEST['desc'])) {
 	echo '<TD class="white" width="200"><B><a href="?subtopic=creatures&order=name&desc=1"><font class="white">Name DESC</a></B></TD>';
@@ -173,7 +134,7 @@ if(empty($_REQUEST['creature']))
 
 
 $monster_name = stripslashes(trim(ucwords($_REQUEST['creature'])));
-$monster = $db->query('SELECT * FROM '.$db->tableName(TABLE_PREFIX . 'monsters').' WHERE '.$db->fieldName('hide_creature').' != 1 AND '.$db->fieldName('name').' = '.$db->quote($monster_name).';')->fetch();
+$monster = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'monsters` WHERE `hidden` != 1 AND `name` = '.$db->quote($monster_name).';')->fetch();
 if(isset($monster['name']))
 {
 	$title = $monster['name'] . " - Creatures";
@@ -209,6 +170,7 @@ if(isset($monster['name']))
 	echo '</TABLE></td><td align=left>
 	<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=40%>
 	<tr><td align=left>';
+	$monster['gfx_name'] = trim(mb_strtolower($monster['name'])).".gif";
 	if(!file_exists('images/monsters/'.$monster['gfx_name'])) {
 		$gfx_name =  str_replace(" ", "", $monster['gfx_name']);
 		if(file_exists('images/monsters/' . $gfx_name))
@@ -222,33 +184,59 @@ if(isset($monster['name']))
 	echo '</td></tr>
 	</TABLE></td></tr><tr><td>
 	<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%>';
-	if(!empty($monster['immunities']))
+	$immunities = json_decode($monster['immunities'], true);
+	if(count($immunities) > 0)
 	{
 		$number_of_rows++;
-		echo '<tr BGCOLOR="'.getStyle($number_of_rows).'"><td width="100"><b>Immunities: </b></td><td width="100%">'.$monster['immunities'].'</td></tr>';
+		echo '<tr BGCOLOR="'.getStyle($number_of_rows).'"><td width="100"><b>Immunities: </b></td><td width="100%">'.implode(', ', $immunities).'</td></tr>';
 	}
-	if(!empty($monster['voices']))
+	
+	$voices = json_decode($monster['voices'], true);
+	if(count($voices) > 0)
 	{
+		foreach($voices as &$voice) {
+			$voice = '"' . $voice . '"';
+		}
+		
 		$number_of_rows++;
-		echo '<tr BGCOLOR="'.getStyle($number_of_rows).'"><td width="100"><b>Voices: </b></td><td width="100%">'.$monster['voices'].'</td></tr>';
+		echo '<tr BGCOLOR="'.getStyle($number_of_rows).'"><td width="100"><b>Voices: </b></td><td width="100%">'.implode(', ', $voices).'</td></tr>';
 	}
 	echo '</TABLE></td></tr>';
-
-	echo '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%>';
-	$loot = simplexml_load_file($config['data_path'] . 'monster/' . $monster['file_path']); 
+	
+	$loot = json_decode($monster['loot'], true);
 	if($loot)
-	{ 
-		if($item = $loot->loot->item)
-			addLoot($item);
+	{
+		echo '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><tr><td style="display: block;">';
+		function sort_by_chance($a, $b)
+		{
+			if($a['chance'] == $b['chance']) {
+				return 0;
+			}
+			return ($a['chance'] > $b['chance']) ? -1 : 1;
+		}
+		
+		usort($loot, 'sort_by_chance');
+		
+		$i = 0;
+		foreach($loot as $item) {
+			$name = getItemNameById($item['id']);
+			$tooltip = $name . '<br/>Chance: ' . round($item['chance'] / 1000, 2) . '%<br/>Max count: ' . $item['count'];
+			
+			echo '<img src="' . $config['item_images_url'] . $item['id'] . '.gif" class="tooltip" title="' . $tooltip . '" width="32" height="32" border="0" alt=" ' .$name . '" />';
+			$i++;
+		}
+		
+		echo '</td></tr></TABLE>';
 	}
 
-	echo '</TABLE></td></tr>';
+	echo '</td></tr>';
 	echo '</TABLE>';
 }
 else
 {
-	echo 'Monster with name <b>'.$monster_name.'</b> doesn\'t exist.';
+	echo "Monster with name <b>" . $monster_name . "</b> doesn't exist.";
 }
+
 //back button
-echo '<br/></br><center><form action="?subtopic=creatures" METHOD=post><div class="BigButton" style="background-image:url('.$template_path.'/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url('.$template_path.'/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="'.$template_path.'/images/buttons/_sbutton_back.gif" ></div></div></form></center>';
+echo $twig->render('creatures.back_button.html.twig');
 ?>