* update to 0.7.5

* fixed template path finding
* fixed news adding when type != ARTICLE

CHANGELOG

@@ -1,301 +1,387 @@
+[0.7.5 - 04.01.2017]
+	* fixed bug on othire with config.account_premium_days
+	* fixed bug on TFS 1.x when online_afk is enabled
+	* warning about leaving news page with changes
+	* added player status to tibiacom top 5 highscores box
+	* save detected country on create account in session
+	* fixed getPremDays and isPremium functions (newest 11.x engines are bugged when it comes to PACC, its not fault of MyAAC)
+	* fix when there are no changelogs or highscores yet
+	* small fix regarding getTopPlayers function which was ignoring $limit variable
+	* fixed news adding when type != ARTICLE
+	* fixed template path finding
+	* fixed displaying article_text when it was empty saved
+
+[0.7.4 - 24.12.2017]
+	* fixed mysql fatal error on tibiacom template - top 5 box
+	* fixed displaying of level percent bar on tibian signature
+	* inform user about Twig cache failure on installation, instead of http 500 error
+	* when dir system/cache is not writable by the webserver, then show some nice notice to the user about it instead of http 500 error
+	* remember client version select and usage stats checkbox in session on install
+	* automatically update highscores_ids_hidden for users who installed myaac before (migration)
+
+[0.7.3 - 18.12.2017]
+	* auto generate myaac cache & session prefix on install to be unique across installations
+	* fixed hiding shop system menu on tibiacom template when disabled in config
+	* prevent adding duplicated newses with installation
+	* some changes to sample characters: chanced town_id to 1, posx: 1000, posy: 1000, posz: 1000 and default group_id to 1 so you can change in-game outfits and they will be used
+	* added version 772 constant to install client choose (OTHire)
+	* better solution for hidding samples (configurable) - highscores_ids_hidden
+	* fixed account.login redirect not working on tibiacom template
+	* installation: warn about wrong admin account name/id and password
+	* fixed last menu closing in tibiacom template
+	* updated polish locale (translation) on install 
+	* (internal) removed some duplicated code on install finish
+	* (internal) renamed installation step files to be in correct order
+	* added TODO file
+
+[0.7.1 - 13.12.2017]
+	* added changelog menu item to kathrine template
+	* fixed some php short tag in changelogs page
+	* fixed guild change description back button
+	* removed duplicated "Support List" menu item from tibiacom template
+	* changed some notice when version check is failed
+	* (internal) moved changelog to twig
+
+[0.7.0 - 20.11.2017]
+	* moved template menus to database, they're now dynamically loaded
+	* added anonymous usage statistics reporting (only if user agrees, first usage report will be send after 7 days)
+	* you can edit them in Admin Panel under 'Menus' option
+	* you can also add custom links, like http://google.pl
+	* added networks (facebook and twitter) and highscores (top 5) boxes to tibiacom template, configurable in templates/tibiacom/config.php
+	* added news ticker for kathrine template
+	* added featured article to tibiacom template (you can add them with add news button)
+	* added tinymce editor to 'Pages' in admin panel
+	* added links to edit/delete/hide custom page directly from page
+	* update forum post after editing news (when forum post has been created)
+	* enabled code plugin for tinymce which enabled raw html code editing
+	* removed videos pages, as it can be easily added using custom Menus and Pages with insert Media
+	* removed bug_report configurable, its now enabled by default
+	* log some error info when mail cannot be send on account create
+	* twig getLink function will now return with full url (BASE_URL included)
+	* verify install post values directly on config page and display error
+	* updated tinymce to version 4.7.2 (from 4.7.0)
+	* updated phpmailer to version 5.2.26 (from 5.2.23)
+	* (#30) (fix) recovering account on servers that doesn't support salts
+	* (fix) account email confirm function
+	* (fix) showing changelog with urls in Admin Panel
+	* (fix) uninstalling plugin
+	* (fix) polls box in tibiacom template
+	* (fix) remove hooks from db on plugin deinstall
+	* (fix) some weird include possibilities with forum and account actions (verify action name)
+	* (fix) loading hooks from plugin installed from command line
+	* (fix) some changelog PHP Notice warning
+	* (internal) moved uninstall logic to Plugins class
+	* (internal) moved tibiacom boxes to separate directory
+	* (internal) moved news tickers to twig template
+	* (internal) moved Forum class to separate file
+	* (internal) moved deprecated functions to compat.php
+	* (internal) added some compat functions that are used by shop system
+	* (internal) renamed constant TICKET -> TICKER
+	* (internal) shortened message functions
+	
+[0.6.6 - 22.10.2017]
+	* fixed some php fatal error on spells page
+	* changed spells.vocations field in db size to 300
+	* please reload your spells after this update!
+
 [0.6.5 - 21.10.2017]
-	- fixed displaying custom pages
-	- fixed adding new group forum board
+	* fixed displaying custom pages
+	* fixed adding new group forum board
 	
 [0.6.4 - 20.10.2017]
-	- reverted OTS_Account::getLastLogin() cause its used by tibia11-login plugin
+	* reverted OTS_Account::getLastLogin() cause its used by tibia11-login plugin
 	
 [0.6.3 - 20.10.2017]
-	- fixed creating account
-	- fixed viewing thread without being logged 
-	- fixed showing premium account status
+	* fixed creating account
+	* fixed viewing thread without being logged 
+	* fixed showing premium account status
 	
 [0.6.2 - 20.10.2017]
-	- added forums for guilds and groups
-	- added nice looking menu for my account page in default template
-	- new command line tool: install_plugin.php - can be used to install plugins from command line. Usage: "php install_plugin.php path_to_file"
-	- added new tooltip to view characters equipment item name and monster loot
-	- added items.xml loader class and weapons.xml loader class
-	- minimum PHP version to install AAC is now 5.3.0 cause of Anonymous functions used by Twig
-	- Added 'Are you sure?' popup when uninstalling plugin
-	- added some warnings when plugin json file is incomplete
-	- fixed showing in characters ban expires when is unlimited
-	- fixed displaying monster loot when item.name in loot is used instead of item.id
-	- load also runes into spells table
-	- display plugin uninstall option only if its possible
-	- after changing template you will be redirected to latest viewed page
-	- display gallery add image form only on main gallery page
-	- (internal) moved most of guilds html-in-php code to twig
-	- (internal) moved spells page to twig template
-	- (internal) removed useless spells.spell column that was duplicate of spells.words
-	- (internal) save monster loot in database in json format instead loading it every time from xml file
-	- (internal) store monster voices and immunities in json format
-	- (internal) moved buttons to separate template
-	- (internal) moved online search form to twig
-	- (internal) added new function getItemNameById($id)
-	- (internal) Moved plugin install logic to a new class: Plugins
-	- (internal) changed spells.vocations database field to store json data instead of comma separated
-	- (internal) removed $hook_types array, using defined() and constant() functions now
-	- (internal) removed useless monsters.gfx_name field from database
-	- (internal) renamed database field monsters.hide_creature to hidden
-	- (internal) renamed existing Items class to Items_Images
-	- (internal) optimized Spells class
-	- (internal) new function: OTS_Guild::hasMember(OTS_Player $player)
-	- (internal) new function: Forum::hasAccess($board_id)
+	* added forums for guilds and groups
+	* added nice looking menu for my account page in default template
+	* new command line tool: install_plugin.php - can be used to install plugins from command line. Usage: "php install_plugin.php path_to_file"
+	* added new tooltip to view characters equipment item name and monster loot
+	* added items.xml loader class and weapons.xml loader class
+	* minimum PHP version to install AAC is now 5.3.0 cause of Anonymous functions used by Twig
+	* Added 'Are you sure?' popup when uninstalling plugin
+	* added some warnings when plugin json file is incomplete
+	* fixed showing in characters ban expires when is unlimited
+	* fixed displaying monster loot when item.name in loot is used instead of item.id
+	* load also runes into spells table
+	* display plugin uninstall option only if its possible
+	* after changing template you will be redirected to latest viewed page
+	* display gallery add image form only on main gallery page
+	* (internal) moved most of guilds html-in-php code to twig
+	* (internal) moved spells page to twig template
+	* (internal) removed useless spells.spell column that was duplicate of spells.words
+	* (internal) save monster loot in database in json format instead loading it every time from xml file
+	* (internal) store monster voices and immunities in json format
+	* (internal) moved buttons to separate template
+	* (internal) moved online search form to twig
+	* (internal) added new function getItemNameById($id)
+	* (internal) Moved plugin install logic to a new class: Plugins
+	* (internal) changed spells.vocations database field to store json data instead of comma separated
+	* (internal) removed $hook_types array, using defined() and constant() functions now
+	* (internal) removed useless monsters.gfx_name field from database
+	* (internal) renamed database field monsters.hide_creature to hidden
+	* (internal) renamed existing Items class to Items_Images
+	* (internal) optimized Spells class
+	* (internal) new function: OTS_Guild::hasMember(OTS_Player $player)
+	* (internal) new function: Forum::hasAccess($board_id)
 	
 [0.6.1 - 17.10.2017]
-	- fixed signatures loading
-	- new configurable: session_prefix, to allow more websites on one machine (must be unique for every website on your dedicated server!)
-	- better error handling for monsters and spells loader (save errors to system/logs/error.log)
-	- check if file exist before loading (monsters and spells)
-	- (internal) Account::getAccess() = Account::getGroupId()
-	- (internal) moved account actions (pages) to account/ directory
-	- (internal) moved forum actions (pages) to forum/ directory
-	- (internal) moved forum.edit_post to twig templates
+	* fixed signatures loading
+	* new configurable: session_prefix, to allow more websites on one machine (must be unique for every website on your dedicated server!)
+	* better error handling for monsters and spells loader (save errors to system/logs/error.log)
+	* check if file exist before loading (monsters and spells)
+	* (internal) Account::getAccess() = Account::getGroupId()
+	* (internal) moved account actions (pages) to account/ directory
+	* (internal) moved forum actions (pages) to forum/ directory
+	* (internal) moved forum.edit_post to twig templates
 
 [0.6.0 - 16.10.2017]
-	- added faq management - add/edit/move/hide/delete from website
-	- new account.login view for tibiacom template
-	- monsters and spells are now being loaded at the installation of the AAC
-	- fix for php versions under 5.5 where empty() function supported only variables
-	- added missing change email and change info buttons to account.management default template
-	- added new indicator icons for create account, create character and change character name
-	- fixed config loader when some inline comments are present
-	- fixed editing page in admin panel that contains some html code
-	- fixed forum new post on mac os and some specific mysql versions
-	- attempt to fix incorrect views counter behavior (its resetting to 0 in some cases)
-	- enabled cache http headers for signatures
-	- check if monster file exist before loading it
-	- fixed if plugin zip file name contains dot (.)
-	- renamed screenshots to gallery and movies to videos
-	- moved install pages to twig
-	- fixed Account::getGuildAccess function
-	- removed never used library from sources - dwoo
-	- moved check_* functions to class Validator
-	- from now all validators ajax requests will fire onblur instead of onkeyup
-	- ajax requests returns now json instead of xml
-	- added 404 response when file is not found
+	* added faq management - add/edit/move/hide/delete from website
+	* new account.login view for tibiacom template
+	* monsters and spells are now being loaded at the installation of the AAC
+	* fix for php versions under 5.5 where empty() function supported only variables
+	* added missing change email and change info buttons to account.management default template
+	* added new indicator icons for create account, create character and change character name
+	* fixed config loader when some inline comments are present
+	* fixed editing page in admin panel that contains some html code
+	* fixed forum new post on mac os and some specific mysql versions
+	* attempt to fix incorrect views counter behavior (its resetting to 0 in some cases)
+	* enabled cache http headers for signatures
+	* check if monster file exist before loading it
+	* fixed if plugin zip file name contains dot (.)
+	* renamed screenshots to gallery and movies to videos
+	* moved install pages to twig
+	* fixed Account::getGuildAccess function
+	* removed never used library from sources - dwoo
+	* moved check_* functions to class Validator
+	* from now all validators ajax requests will fire onblur instead of onkeyup
+	* ajax requests returns now json instead of xml
+	* added 404 response when file is not found
 
 [0.5.1 - 11.10.2017]
-	- fixed forum add/edit board
-	- new configurable: highscores_length, how much highscores to display
-	- fixed highscores links (ALL, previous and next page)
-	- update templates cache when installing/uninstalling plugin
-	- moved character deaths and frags table generation to twig
-	- fixed some bug when you uninstall plugin and then try to install again on the same page
-	- check if plugin exist before uninstalling
-	- fixed some warning in OTS_Base_DB
+	* fixed forum add/edit board
+	* new configurable: highscores_length, how much highscores to display
+	* fixed highscores links (ALL, previous and next page)
+	* update templates cache when installing/uninstalling plugin
+	* moved character deaths and frags table generation to twig
+	* fixed some bug when you uninstall plugin and then try to install again on the same page
+	* check if plugin exist before uninstalling
+	* fixed some warning in OTS_Base_DB
 
 [0.5.0 - 10.10.2017]
-	- moved .htaccess rules to plain php (index.php)
-	- updated tinymce to the latest (4.7.0) version, you can now embed code, for example youtube videos
-	- added option to uninstall plugin
-	- added option to require specified myaac, php or database version for plugins, without that plugin won't be installed
-	- change accountmanagement links to use friendly_urls
-	- fixed creating new forum thread
-	- sample characters are now assigned to admin account and have group_id 4 to not be shown on highscores
-	- added links loaded from database to admin panel - for future plugins
-	- print some info to error.log when can't find config.lua
-	- some fixes in account changecomment action
-	- show info when account name/number or password is empty on login
-	- fixed showing account login errors
-	- added few characters hooks
-	- fixed some kathrine template js bug when shop is disabled
-	- you can now use slash '/' in custom pages loaded from database
-	- added new twig function getLink that convert link taking into account config.friendly_urls
-	- internalLayoutLink -> getLink
+	* moved .htaccess rules to plain php (index.php)
+	* updated tinymce to the latest (4.7.0) version, you can now embed code, for example youtube videos
+	* added option to uninstall plugin
+	* added option to require specified myaac, php or database version for plugins, without that plugin won't be installed
+	* change accountmanagement links to use friendly_urls
+	* fixed creating new forum thread
+	* sample characters are now assigned to admin account and have group_id 4 to not be shown on highscores
+	* added links loaded from database to admin panel - for future plugins
+	* print some info to error.log when can't find config.lua
+	* some fixes in account changecomment action
+	* show info when account name/number or password is empty on login
+	* fixed showing account login errors
+	* added few characters hooks
+	* fixed some kathrine template js bug when shop is disabled
+	* you can now use slash '/' in custom pages loaded from database
+	* added new twig function getLink that convert link taking into account config.friendly_urls
+	* internalLayoutLink -> getLink
 
 [0.4.3 - 05.10.2017]
-	- better config loader taken from latest gesior, you can now include files in your config by doing dofile('config.local.lua')
-	- fixed country detection in create account
-	- fixed showing of character deaths and frags
-	- fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466303
-	- fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466313
-	- fixed rook sample, which will now have level 1, 150 health, 0 mana, and 400 cap.
-	- fixed samples being deleted by tfs 1.0+ cause of 'deletion' field set to 1
-	- pages loaded from database have higher priority than normal .php pages, so they will be loaded first if they exist
-	- moved many pages to twig templates
-	- change download client links from clients.halfaway.net to tibia-clients.com
-	- added bugtracker to kathrine template
-	- added CREDITS file
+	* better config loader taken from latest gesior, you can now include files in your config by doing dofile('config.local.lua')
+	* fixed country detection in create account
+	* fixed showing of character deaths and frags
+	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466303
+	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466313
+	* fixed rook sample, which will now have level 1, 150 health, 0 mana, and 400 cap.
+	* fixed samples being deleted by tfs 1.0+ cause of 'deletion' field set to 1
+	* pages loaded from database have higher priority than normal .php pages, so they will be loaded first if they exist
+	* moved many pages to twig templates
+	* change download client links from clients.halfaway.net to tibia-clients.com
+	* added bugtracker to kathrine template
+	* added CREDITS file
 
 [0.4.2 - 14.09.2017]
-	- updated version number
+	* updated version number
 
 [0.4.1 - 13.09.2017]
-	- fixed log in to admin panel
-	- fixed File is not .zip plugin upload error
+	* fixed log in to admin panel
+	* fixed File is not .zip plugin upload error
 
 [0.4.0 - 13.09.2017
-	- added option to add/edit/delete/hide/move forum boards
-	- moved some of HTML-in-PHP code to Twig templates
-	- added bug_report configurable which can enable/disable bug tracker
-	- log errors instead of showing them to users with system directories
-	- fix when $_SERVER['HTTP_ACCEPT_ENCODING'] is not set
-	- when it fails to load config.lua it will output error also to error.log
-	- automatically detect json file in .zip instead of basing on filename (admin panel - plugins)
-	- hopefully fixed the error with "The file you are trying to upload is not a .zip file. Please try again."
-	- fixed wrong name of table in bugtracker
-	- fixed some bugs in bugtracker
-	- added report bug link in templates
-	- fixed some rare error when user is logged in for longer than 15 minutes and tries to login again
-	- fixed some grammar errors
-	- some small improvements
-	- fixed some separators in kathrine template
+	* added option to add/edit/delete/hide/move forum boards
+	* moved some of HTML-in-PHP code to Twig templates
+	* added bug_report configurable which can enable/disable bug tracker
+	* log errors instead of showing them to users with system directories
+	* fix when $_SERVER['HTTP_ACCEPT_ENCODING'] is not set
+	* when it fails to load config.lua it will output error also to error.log
+	* automatically detect json file in .zip instead of basing on filename (admin panel - plugins)
+	* hopefully fixed the error with "The file you are trying to upload is not a .zip file. Please try again."
+	* fixed wrong name of table in bugtracker
+	* fixed some bugs in bugtracker
+	* added report bug link in templates
+	* fixed some rare error when user is logged in for longer than 15 minutes and tries to login again
+	* fixed some grammar errors
+	* some small improvements
+	* fixed some separators in kathrine template
 
 [0.3.0 - 28.08.2017]
-	- added administration panel for screenshots management with auto thumbnail generator and image auto-resizing
-	- added Twig template engine and moved some html-in-php code to it
-	- automatically detect player country based on user location (IP) on create account
-	- player sex (gender) is now configurable at $config['genders']
-	- fixed recovering account and changing password when salt is enabled
-	- fixed installing samples when for example Rook Sample already exist and other samples not
-	- fixed some mysql error when character you trying to create already exist
-	- fixed some warning when you select nonexistent country
-	- password change minimal/maximal length notice is now more precise
-	- added 'enabled' field in myaac_hooks table, which can enable or disable specified hook
-	- removed DEFAULT '' for TEXT field. It didn't worked under some systems like MAC OS X.
-	- minimum PHP version to install the MyAAC is now 5.2.0 cause of pathinfo (extension) function
-	- removed unused admin stylish template
-	- removed some unused cities field from myaac_spells table
-	- moved news adding at installation from schema.sql to finish.php
-	- some optimizations
+	* added administration panel for screenshots management with auto thumbnail generator and image auto-resizing
+	* added Twig template engine and moved some html-in-php code to it
+	* automatically detect player country based on user location (IP) on create account
+	* player sex (gender) is now configurable at $config['genders']
+	* fixed recovering account and changing password when salt is enabled
+	* fixed installing samples when for example Rook Sample already exist and other samples not
+	* fixed some mysql error when character you trying to create already exist
+	* fixed some warning when you select nonexistent country
+	* password change minimal/maximal length notice is now more precise
+	* added 'enabled' field in myaac_hooks table, which can enable or disable specified hook
+	* removed DEFAULT '' for TEXT field. It didn't worked under some systems like MAC OS X.
+	* minimum PHP version to install the MyAAC is now 5.2.0 cause of pathinfo (extension) function
+	* removed unused admin stylish template
+	* removed some unused cities field from myaac_spells table
+	* moved news adding at installation from schema.sql to finish.php
+	* some optimizations
 
 [0.2.4 - 09.06.2017]
-	- fixed invite to guild
-	- added id field on monsters, so you can delete them in phpmyadmin
-	- fixed adding some creatures with ' and "
-	- fixed when there are spaces at beginning of the file (creatures)
-	- fixed when file is unable to parse (creatures)
-	- fixed typo loss_items => loss_containers
-	- more elegant way of showing message on reload creatures and spells
+	* fixed invite to guild
+	* added id field on monsters, so you can delete them in phpmyadmin
+	* fixed adding some creatures with ' and "
+	* fixed when there are spaces at beginning of the file (creatures)
+	* fixed when file is unable to parse (creatures)
+	* fixed typo loss_items => loss_containers
+	* more elegant way of showing message on reload creatures and spells
 
 [0.2.3 - 31.05.2017]
-	- fixed guild management on OTHire 0.0.3
-	- set default skills to 10 when creating new character
-	- fixed displaying of "Create forum thread" in newses
-	- fixed deleting guild on servers that use players.rank_id field
-	- fixed phpmailer class loading (https://otland.net/threads/myaac-v0-0-1.251454/page-8#post-2445222)
-	- fixed displaying vocation amount on online page
-	- better support for custom vocations, you just need to set in config vocations_amount to yours.
-	- fixed huge space in player name (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444328)
-	- fixed Undefined variable (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444034)
-	- fixed Undefined offset (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444035)
+	* fixed guild management on OTHire 0.0.3
+	* set default skills to 10 when creating new character
+	* fixed displaying of "Create forum thread" in newses
+	* fixed deleting guild on servers that use players.rank_id field
+	* fixed phpmailer class loading (https://otland.net/threads/myaac-v0-0-1.251454/page-8#post-2445222)
+	* fixed displaying vocation amount on online page
+	* better support for custom vocations, you just need to set in config vocations_amount to yours.
+	* fixed huge space in player name (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444328)
+	* fixed Undefined variable (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444034)
+	* fixed Undefined offset (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444035)
 
 [0.2.2 - 22.05.2017]
-	- added missing cache/signature directory
-	- fixed https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2443868
+	* added missing cache/signature directory
+	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2443868
 
 [0.2.1 - 21.05.2017]
-	- added Swedish translation by Sizaro
-	- fixed some bugs with installlation & characters & houses
+	* added Swedish translation by Sizaro
+	* fixed some bugs with installlation & characters & houses
 
 [0.2.0 - 21.05.2017]
-	- added option to change character sex for premium points
-	- moved site_closed to database, now you can close your site through admin panel
-	- added option to admin panel: clear cache
-	- added experiencetable_rows configurable
-	- optimized OTS_Account->getGroupId(), now its using like 20 queries less
-	- optimized OTS_Player->load($id) function, should be much faster now
-	- fixed displaying on highscores special outfits
-	- fixed skull images displaying
-	- fixed displaying unlimited premium account
-	- fixed bug where players.lookaddons doesn't exist (OTHire etc.) (https://otland.net/threads/myaac-v0-0-1.251454/page-6#post-2442407)
-	- fixed signature tibian for OTHire and other servers that doesnt use accounts.premdays field
-	- fixed when player name in signature containst space
-	- don't show "Create forum thread" when editing
-	- fixed red color table after create account
-	- updated download links, as clients.halfaway.net isn't working anymore
-	- fixed some bugs while installing when field `email_next` or `hidden` already exist
-	- fixed movies unexpected comment
-	- added template_place_holder('center_top') to kathrine template
+	* added option to change character sex for premium points
+	* moved site_closed to database, now you can close your site through admin panel
+	* added option to admin panel: clear cache
+	* added experiencetable_rows configurable
+	* optimized OTS_Account->getGroupId(), now its using like 20 queries less
+	* optimized OTS_Player->load($id) function, should be much faster now
+	* fixed displaying on highscores special outfits
+	* fixed skull images displaying
+	* fixed displaying unlimited premium account
+	* fixed bug where players.lookaddons doesn't exist (OTHire etc.) (https://otland.net/threads/myaac-v0-0-1.251454/page-6#post-2442407)
+	* fixed signature tibian for OTHire and other servers that doesnt use accounts.premdays field
+	* fixed when player name in signature containst space
+	* don't show "Create forum thread" when editing
+	* fixed red color table after create account
+	* updated download links, as clients.halfaway.net isn't working anymore
+	* fixed some bugs while installing when field `email_next` or `hidden` already exist
+	* fixed movies unexpected comment
+	* added template_place_holder('center_top') to kathrine template
 
 [0.1.5 - 13.05.2017]
-	- fixed bug with "Integrity constraint violation: 1048 Column 'ip' cannot be null"
+	* fixed bug with "Integrity constraint violation: 1048 Column 'ip' cannot be null"
 
 [0.1.4 - 13.05.2017]
-	- added outfit shower, in characters, online, and highscores
-	- updated database to version 2
-	- fixed item images (now using item-images.ots.me host by default)
-	- fixed news ticket and posting long newses (https://otland.net/threads/myaac-v0-0-1.251454/page-5#post-2442026)
-	- news body limit increased to 65535 (mysql text field)
-	- removed some unused code from my old server
-	- added spells & monsters to kathrine template
+	* added outfit shower, in characters, online, and highscores
+	* updated database to version 2
+	* fixed item images (now using item-images.ots.me host by default)
+	* fixed news ticket and posting long newses (https://otland.net/threads/myaac-v0-0-1.251454/page-5#post-2442026)
+	* news body limit increased to 65535 (mysql text field)
+	* removed some unused code from my old server
+	* added spells & monsters to kathrine template
 
 [0.1.3 - 11.05.2017]
-	- this is just release to update version number
+	* this is just release to update version number
 
 [0.1.2 - 11.05.2017]
-	- forgot to update CHANGELOG and MYAAC_VERSION
+	* forgot to update CHANGELOG and MYAAC_VERSION
 
 [0.1.1 - 11.05.2017]
-	- fixed updating myaac_config with database_version to 1
-	- fixed database updater
+	* fixed updating myaac_config with database_version to 1
+	* fixed database updater
 
 [0.1.0 - 11.05.2017]
-	- added new feature: change character name for premium points (disabled by default, you can enable it in config under account_change_character_name in config.php)
-	- added automatic database updater (data migrations)
-	- renamed events to hooks
-	- moved hooks to database
-	- now you can use hooks in plugins
-	- set account.type field to 5 on install, if TFS 1.0+
-	- added example plugin
-	- new, latest google analytics code
-	- fixed bug with loading account.name that has numbers in it
-	- fixed many bugs in player editor in admin panel
-	- added error handling to plugin manager and some more verification in
-	- file has been correctly unpacked/uploaded
-	- fixed Statistics page in admin panel when using account.number
-	- fixed bug when creating/recovering account on servers with
-	- account.salt field (TFS 0.3 for example)
-	- fixed forum showing thread with html tags (added from news manager)
-	- new, latest code for youtube videos in movies page
-	- fixed showing vocation images when using $config['online_vocations_images']
-	- many fixes in polls (also importing proper schema)
-	- fixed hovering on buttons in kathrine template (on accountmanagement page)
-	- fixed signatures (many fixes)
-	- added missing gesior signature system
+	* added new feature: change character name for premium points (disabled by default, you can enable it in config under account_change_character_name in config.php)
+	* added automatic database updater (data migrations)
+	* renamed events to hooks
+	* moved hooks to database
+	* now you can use hooks in plugins
+	* set account.type field to 5 on install, if TFS 1.0+
+	* added example plugin
+	* new, latest google analytics code
+	* fixed bug with loading account.name that has numbers in it
+	* fixed many bugs in player editor in admin panel
+	* added error handling to plugin manager and some more verification in
+	* file has been correctly unpacked/uploaded
+	* fixed Statistics page in admin panel when using account.number
+	* fixed bug when creating/recovering account on servers with
+	* account.salt field (TFS 0.3 for example)
+	* fixed forum showing thread with html tags (added from news manager)
+	* new, latest code for youtube videos in movies page
+	* fixed showing vocation images when using $config['online_vocations_images']
+	* many fixes in polls (also importing proper schema)
+	* fixed hovering on buttons in kathrine template (on accountmanagement page)
+	* fixed signatures (many fixes)
+	* added missing gesior signature system
 
 [0.0.6 - 06.05.2017]
-	- fixed bug while installing (https://otland.net/threads/myaac-v0-0-1.251454/page-3#post-2440543)
-	- fixed bug when creating character (not showing errors) (one more time)
-	- fixed support for TFS 0.2 series
-	- added FAQ link
+	* fixed bug while installing (https://otland.net/threads/myaac-v0-0-1.251454/page-3#post-2440543)
+	* fixed bug when creating character (not showing errors) (one more time)
+	* fixed support for TFS 0.2 series
+	* added FAQ link
 	
 [0.0.5 - 05.05.2017]
-	- fixed bug when creating character (not showing errors)
-	- Fixed characters loading with names that has been created with other AAC
-	- fixed links to shop in default template
-	- fixed some weird PHP 7.1 warnings/notices
-	- Fixed config loading with some weird comments
-	- fixed bug with status info utf8 encoding (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440259)
-	- fixed when ip in log_action is NULL (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440357)
-	- fixed bug when guild doesn't exist on characters page (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440320)
-	- disabled friendly_urls by default
-	- fixes when $config['database_*'] is set
-	- added CHANGELOG
+	* fixed bug when creating character (not showing errors)
+	* Fixed characters loading with names that has been created with other AAC
+	* fixed links to shop in default template
+	* fixed some weird PHP 7.1 warnings/notices
+	* Fixed config loading with some weird comments
+	* fixed bug with status info utf8 encoding (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440259)
+	* fixed when ip in log_action is NULL (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440357)
+	* fixed bug when guild doesn't exist on characters page (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440320)
+	* disabled friendly_urls by default
+	* fixes when $config['database_*'] is set
+	* added CHANGELOG
 
 [0.0.3 - 03.05.2017]
-	- Full support for OTHire 0.0.3
-	- added support for otservers that doesn't use account.name field, instead just account number will be used
-	- fixed encryption detection on TFS 0.3
-	- fixed bug when server_config table doesn't exist
-	- (install) moved admin account creation to new step
-	- fixed news comment link
-	- by default, the installer creates now the Admin player, for admin account
-	- fixed installation errors
-	- fixed config.lua loading with some weird comments
+	* Full support for OTHire 0.0.3
+	* added support for otservers that doesn't use account.name field, instead just account number will be used
+	* fixed encryption detection on TFS 0.3
+	* fixed bug when server_config table doesn't exist
+	* (install) moved admin account creation to new step
+	* fixed news comment link
+	* by default, the installer creates now the Admin player, for admin account
+	* fixed installation errors
+	* fixed config.lua loading with some weird comments
 
 [0.0.2 - 02.05.2017]
-	- updated forum links to use friendly_urls
-	- some more info will be shown when cannot connect to database
-	- show more error infos when creating character
-	- fixed forum link on newses
-	- fixed spells loading when there's vocation name instead of id
-	- fixed bug when you have changed template but it doesn't exist anymore
-	- fixed vocations with promotion loading
-	- fixed support for gesior pages and templates
-	- added function OTS_Acount:getGroupId()
+	* updated forum links to use friendly_urls
+	* some more info will be shown when cannot connect to database
+	* show more error infos when creating character
+	* fixed forum link on newses
+	* fixed spells loading when there's vocation name instead of id
+	* fixed bug when you have changed template but it doesn't exist anymore
+	* fixed vocations with promotion loading
+	* fixed support for gesior pages and templates
+	* added function OTS_Acount:getGroupId()
 
 [0.0.1 - 01.05.2017]
 	This is first official release of MyAAC.

TODO

@@ -0,0 +1,37 @@
+// MyAAC TODO
+
+0.*
+	* support duplicated vocation names with different ids
+	* plugins: option to define custom requirements check in json file, to check if system meets the requirement
+	* add support for defining max myaac version in plugin.json file
+	* cache Menus in templates
+	* don't show error indicators on first time load - createaccount page
+	* update Twig to the latest version from 1.x branch
+	* semantic versioning support for plugins (github.com/composer/semver)
+	* add some notice to the user that installing step "Import Schema" will take some time
+	* check user IP on installing to prevent install by random user
+
+1.0:
+	* i18n support (issue #1 on github)
+	* New Admin Panel layout and interface
+	* add changelog management interface
+	* remove tibiacom template, and include it as a plugin
+
+2.0
+	* remove compat functions
+	* folder restructure:
+		* var/ (for logs, cache and data), config/, bin, public/ (for index and images and other public content), system/ (for php files and classess)
+	* rename templates to layouts as templates is meant to be used for twig templates
+	* change gifts_system to shop_system configurable
+	* move most used options in system/templates dir to separate directories (more transparent)
+
+At any time between (version not specified):
+	* better news archive with search function (like on tibia.com)
+	* guild wars management (issue #13 on github)
+	* update account.management page to be more realistic (like on tibia.com)
+	* update guilds page to be more realistic (like on tibia.com)
+	* possibility to add extra cache engines with plugins
+	* preferably configurable (enable/disable) forum TinyMCE editor
+	* new cache engine - plain php, is good with pure php 7.0+ and opcache
+	* OTAdmin support in Admin Panel
+	* database towns table support for TFS 1.3

admin/template/template.php

@@ -39,6 +39,7 @@
 						'Dashboard' => 'dashboard',
 						'Mailer' => 'mailer',
 						'Pages' => 'pages',
+						'Menus' => 'menus',
 						'Plugins' => 'plugins',
 						'Statistics' => 'statistics',
 						'Visitors' => 'visitors',

common.php

@@ -21,14 +21,13 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 session_start();
 
 define('MYAAC', true);
-define('MYAAC_VERSION', '0.6.5');
-define('DATABASE_VERSION', 15);
+define('MYAAC_VERSION', '0.7.5');
+define('DATABASE_VERSION', 20);
 define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));
 define('MYAAC_OS', (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? 'WINDOWS' : (strtoupper(PHP_OS) == 'DARWIN' ? 'MAC' : 'LINUX'));
@@ -46,10 +45,11 @@ define('FLAG_CONTENT_MONSTERS', 256);
 define('FLAG_CONTENT_GALLERY', 512);
 define('FLAG_CONTENT_VIDEOS', 1024);
 define('FLAG_CONTENT_FAQ', 2048);
+define('FLAG_CONTENT_MENUS', 4096);
 
 // news
 define('NEWS', 1);
-define('TICKET', 2);
+define('TICKER', 2);
 define('ARTICLE', 3);
 
 // directories
@@ -65,6 +65,14 @@ define('PLUGINS', BASE . 'plugins/');
 define('TEMPLATES', BASE . 'templates/');
 define('TOOLS', BASE . 'tools/');
 
+// menu categories
+define('MENU_CATEGORY_NEWS', 1);
+define('MENU_CATEGORY_ACCOUNT', 2);
+define('MENU_CATEGORY_COMMUNITY', 3);
+define('MENU_CATEGORY_FORUM', 4);
+define('MENU_CATEGORY_LIBRARY', 5);
+define('MENU_CATEGORY_SHOP', 6);
+
 // otserv versions
 define('OTSERV', 1);
 define('OTSERV_06', 2);

config.php

@@ -13,7 +13,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 
@@ -74,9 +73,9 @@ $config = array(
 		//'2' => 'Your Second World Name'
 	),
 
-	// items
+	// images
 	'outfit_images_url' => 'http://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
-	'item_images_url' => 'http://item-images.ots.me/960/', // set to images/items if you host your own items in images folder
+	'item_images_url' => 'http://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
 
 	// account
 	'account_management' => true, // disable if you're using other method to manage users (fe. tfs account manager)
@@ -111,7 +110,7 @@ $config = array(
 
 	// reCAPTCHA (prevent spam bots)
 	'recaptcha_enabled' => false, // enable recaptcha verification code
-	'recaptcha_site_key' => '', // get your own public and private keys at https://www.google.com/recaptcha
+	'recaptcha_site_key' => '', // get your own site and secret keys at https://www.google.com/recaptcha
 	'recaptcha_secret_key' => '',
 	'recaptcha_theme' => 'light', // light, dark
 
@@ -187,6 +186,7 @@ $config = array(
 	'highscores_outfit' => true, // show player outfit?
 	'highscores_country_box' => false, // doesnt work yet! (not implemented)
 	'highscores_groups_hidden' => 4, // this group id and higher won't be shown on the highscores
+	'highscores_ids_hidden' => array(0), // this ids of players will be hidden on the highscores (should be ids of samples)
 	'highscores_length' => 100, // how many records per page on highscores
 
 	// characters page
@@ -214,8 +214,8 @@ $config = array(
 	'gifts_system' => false,
 	
 	// support/system
-	'bug_report' => true,
-
+	'bug_report' => true, // this configurable has no effect, its always enabled
+	
 	// forum
 	'forum' => 'site', // link to the server forum, set to "site" if you want to use build in forum system, otherwise leave empty if you aren't going to use any forum
 	'forum_level_required' => 0, // level required to post, 0 to disable
@@ -231,6 +231,7 @@ $config = array(
 	'status_port' => '',
 
 	// other
+	'anonymous_usage_statistics' => true,
 	'email_lai_sec_interval' => 60, // time in seconds between e-mails to one account from lost account interface, block spam
 	'google_analytics_id' => '', // e.g.: UA-XXXXXXX-X
 	'experiencetable_columns' => 5, // how many columns to display in experience table page. * experiencetable_rows, 5 = 500 (will show up to 500 level)

index.php

@@ -21,7 +21,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 
@@ -30,20 +29,7 @@
 // ini_set('display_startup_errors', 1);
 // error_reporting(E_ALL);
 
-if(preg_match("/^(.*)\.(gif|jpg|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz)$/i", $_SERVER['REQUEST_URI'])) {
-	header("HTTP/1.0 404 Not Found");
-	exit;
-}
-
 require_once('common.php');
-require_once(BASE . 'config.local.php');
-
-if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed']))
-{
-	header('Location: ' . BASE_URL . 'install/');
-	die('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
-}
-
 require_once(SYSTEM . 'functions.php');
 
 $uri = $_SERVER['REQUEST_URI'];
@@ -55,13 +41,9 @@ else
 	$uri = str_replace_first('/', '', $uri);
 
 $uri = str_replace(array('index.php/', '?'), '', $uri);
+define('URI', $uri);
 
-$found = false;
-if(empty($uri) || isset($_REQUEST['template'])) {
-	$_REQUEST['p'] = 'news';
-	$found = true;
-}
-else if(preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
+if(preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
 	$tmp = explode('.', $uri);
 	$_REQUEST['name'] = urldecode($tmp[0]);
 	
@@ -69,84 +51,110 @@ else if(preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
 	include(TOOLS . 'signature/index.php');
 	exit();
 }
-else if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $uri . '.php')) {
-	$_REQUEST['p'] = $uri;
+else if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
+	header("HTTP/1.0 404 Not Found");
+	exit;
+}
+
+require_once(BASE . 'config.local.php');
+if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed']))
+{
+	header('Location: ' . BASE_URL . 'install/');
+	die('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
+}
+
+$found = false;
+if(empty($uri) || isset($_REQUEST['template'])) {
+	$_REQUEST['p'] = 'news';
 	$found = true;
 }
 else {
-	$rules = array(
-		'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
-		'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
-		'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
-		'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
-		'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
-		'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
-		'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
-		'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
-		'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
-		'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
-		'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
-		'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
-		'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
-		'/^account\/character\/comment\/[A-Za-z]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
-		'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
-		'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
-		'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
-		'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
-		'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
-		'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
-		'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
-		'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
-		'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
-		'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
-		'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
-		'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
-		'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
-		'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
-		'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
-		'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
-		'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
-		'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
-		'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
-		'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
-		'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
-		'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
-		'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
-		'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
-		'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
-		'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
-		'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
-	);
-	
-	foreach($rules as $rule => $redirect) {
-		if (preg_match($rule, $uri)) {
-			$tmp = explode('/', $uri);
-			foreach($redirect as $key => $value) {
-				
-				if(strpos($value, '$') !== false) {
-					$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
+	$tmp = strtolower($uri);
+	if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $tmp . '.php')) {
+		$_REQUEST['p'] = $uri;
+		$found = true;
+	}
+	else {
+		$rules = array(
+			'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
+			'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
+			'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
+			'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
+			'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
+			'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
+			'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
+			'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
+			'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
+			'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
+			'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
+			'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
+			'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
+			'/^account\/character\/comment\/[A-Za-z0-9-_%+\']+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
+			'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
+			'/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
+			'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
+			'/^changelog\/[0-9]+\/?$/' => array('subtopic' => 'changelog', 'page' => '$1'),
+			'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
+			'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
+			'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
+			'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
+			'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
+			'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
+			'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
+			'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
+			'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
+			'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
+			'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
+			'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
+			'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
+			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
+			'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
+			'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
+			'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
+			'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
+			'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
+			'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
+			'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
+			'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
+			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
+		);
+		
+		foreach($rules as $rule => $redirect) {
+			if (preg_match($rule, $uri)) {
+				$tmp = explode('/', $uri);
+				foreach($redirect as $key => $value) {
+					
+					if(strpos($value, '$') !== false) {
+						$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
+					}
+					
+					$_REQUEST[$key] = $value;
+					$_GET[$key] = $value;
 				}
 				
-				$_REQUEST[$key] = $value;
-				$_GET[$key] = $value;
+				$found = true;
+				break;
 			}
-			
-			$found = true;
-			break;
 		}
 	}
-	
-	if(!$found)
-		$_REQUEST['p'] = $uri;
 }
 
 // define page visited, so it can be used within events system
 $page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_REQUEST['p']) ? $_REQUEST['p'] : '');
-if(empty($page) || preg_match('/[^A-z0-9\/_\-]/', $page)) {
-	if(!$found)
-		$page = '404';
-	else
-		$page = 'news';
+if(empty($page) || !preg_match('/^[A-z0-9\_\-]+$/', $page)) {
+	$tmp = URI;
+	if(!empty($tmp)) {
+		$page = $tmp;
+	}
+	else {
+		if(!$found)
+			$page = '404';
+		else
+			$page = 'news';
+	}
 }
 
 $page = strtolower($page);
@@ -191,6 +199,41 @@ $hooks = new Hooks();
 $hooks->load();
 $hooks->trigger(HOOK_STARTUP);
 
+// anonymous usage statistics
+// sent only when user agrees
+if(isset($config['anonymous_usage_statistics']) && $config['anonymous_usage_statistics']) {
+	$report_time = 30 * 24 * 60 * 60; // report one time per 30 days
+	$should_report = true;
+	
+	$value = '';
+	if($cache->enabled() && $cache->fetch('last_usage_report', $value)) {
+		$should_report = time() > (int)$value + $report_time;
+	}
+	else {
+		$value = '';
+		if(fetchDatabaseConfig('last_usage_report', $value)) {
+			$should_report = time() > (int)$value + $report_time;
+			if($cache->enabled()) {
+				$cache->set('last_usage_report', $value);
+			}
+		}
+		else {
+			registerDatabaseConfig('last_usage_report', time() - ($report_time - (7 * 24 * 60 * 60))); // first report after a week
+			$should_report = false;
+		}
+	}
+	
+	if($should_report) {
+		require_once(LIBS . 'usage_statistics.php');
+		Usage_Statistics::report();
+		
+		updateDatabaseConfig('last_usage_report', time());
+		if($cache->enabled()) {
+			$cache->set('last_usage_report', time());
+		}
+	}
+}
+
 if($config['views_counter'])
 	require_once(SYSTEM . 'counter.php');
 
@@ -236,6 +279,7 @@ if($config['backward_support']) {
 	$layout_header = template_header();
 	$layout_name = $template_path;
 	$news_content = '';
+	$tickers_content = '';
 	$subtopic = PAGE;
 	$main_content = '';
 	
@@ -283,7 +327,7 @@ if($load_it)
 
 	$query =
 		$db->query(
-			'SELECT `title`, `body`, `php`' .
+			'SELECT `id`, `title`, `body`, `php`, `hidden`' .
 			' FROM `' . TABLE_PREFIX . 'pages`' .
 			' WHERE `name` LIKE ' . $db->quote($page) . ' AND `hidden` != 1 AND `access` <= ' . $db->quote($logged_access));
 	if($query->rowCount() > 0) // found page
@@ -323,11 +367,17 @@ if($load_it)
 		}
 		else
 			$content .= $query['body']; // plain html
+		
+		if(hasFlag(FLAG_CONTENT_PAGES) || superAdmin()) {
+			$content = $twig->render('admin.pages.links.html.twig', array(
+				'page' => array('id' => $query['id'], 'hidden' => $query['hidden'])
+			)) . $content;
+		}
 	}
 	else
 	{
 		$file = SYSTEM . 'pages/' . $page . '.php';
-		if(!@file_exists($file) && !$found)
+		if(!@file_exists($file))
 		{
 			$page = '404';
 			$file = SYSTEM . 'pages/404.php';

install/includes/config.php

@@ -1,12 +1,17 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
+if(!isset($_SESSION['var_server_path'])) {
+	error($locale['step_database_error_config']);
+	$error = true;
+}
+
 	$config['server_path'] = $_SESSION['var_server_path'];
 	// take care of trailing slash at the end
 	if($config['server_path'][strlen($config['server_path']) - 1] != '/')
 		$config['server_path'] .= '/';
 
-	if(!file_exists($config['server_path'] . 'config.lua')) {
+if((!isset($error) || !$error) && !file_exists($config['server_path'] . 'config.lua')) {
 		error($locale['step_database_error_config']);
 		$error = true;
 	}

install/includes/functions.php

@@ -78,4 +78,23 @@ function next_form($previous = true, $next = true)
 	<input type="hidden" name="step" id="step" value="' . $step . '" />' . next_buttons($previous, $next) . '
 </form>';
 }
-?>
+
+function win_is_writable($path) {
+	if($path[strlen( $path ) - 1] == '/') { // if it looks like a directory, check a random file within the directory
+		return win_is_writable( $path . uniqid( mt_rand() ) . '.tmp');
+	} elseif(is_dir( $path )) { // If it's a directory (and not a file) check a random file within the directory
+		return win_is_writable( $path . '/' . uniqid( mt_rand() ) . '.tmp' );
+	}
+
+	// check tmp file for read/write capabilities
+	$should_delete_tmp_file = !file_exists( $path );
+	$f = @fopen( $path, 'a' );
+	if ( $f === false )
+		return false;
+
+	fclose( $f );
+	if($should_delete_tmp_file)
+		unlink($path);
+
+	return true;
+}

install/includes/schema.sql

@@ -84,9 +84,9 @@ CREATE TABLE `myaac_forum_boards`
 	`name` VARCHAR(32) NOT NULL,
 	`description` VARCHAR(255) NOT NULL DEFAULT '',
 	`ordering` INT(11) NOT NULL DEFAULT 0,
-	`closed` TINYINT(1) NOT NULL DEFAULT 0,
 	`guild` INT(11) NOT NULL DEFAULT 0,
 	`access` INT(11) NOT NULL DEFAULT 0,
+	`closed` TINYINT(1) NOT NULL DEFAULT 0,
 	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
@@ -107,7 +107,7 @@ CREATE TABLE `myaac_forum`
 	`author_aid` int(20) NOT NULL default '0',
 	`author_guid` int(20) NOT NULL default '0',
 	`post_text` text NOT NULL,
-	`post_topic` varchar(255) NOT NULL,
+	`post_topic` varchar(255) NOT NULL DEFAULT '',
 	`post_smile` tinyint(1) NOT NULL default '0',
 	`post_date` int(20) NOT NULL default '0',
 	`last_edit_aid` int(20) NOT NULL default '0',
@@ -140,6 +140,87 @@ CREATE TABLE `myaac_items`
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
 
+CREATE TABLE `myaac_menu`
+(
+	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`template` VARCHAR(255) NOT NULL,
+	`name` VARCHAR(255) NOT NULL,
+	`link` VARCHAR(255) NOT NULL,
+	`category` INT(11) NOT NULL DEFAULT 1,
+	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`enabled` INT(1) NOT NULL DEFAULT 1,
+	PRIMARY KEY (`id`)
+) ENGINE = MyISAM;
+
+/* MENU_CATEGORY_NEWS kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Latest News', 'news', 1, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'News Archive', 'news/archive', 1, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Changelog', 'changelog', 1, 2);
+/* MENU_CATEGORY_ACCOUNT kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Account Management', 'account/manage', 2, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Create Account', 'account/create', 2, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Lost Account?', 'account/lost', 2, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Rules', 'rules', 2, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Downloads', 'downloads', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Report Bug', 'bugtracker', 2, 5);
+/* MENU_CATEGORY_COMMUNITY kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Who is Online?', 'online', 3, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Characters', 'characters', 3, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Guilds', 'guilds', 3, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Highscores', 'highscores', 3, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Last Deaths', 'lastkills', 3, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Houses', 'houses', 3, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Bans', 'bans', 3, 6);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Forum', 'forum', 3, 7);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Team', 'team', 3, 8);
+/* MENU_CATEGORY_LIBRARY kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Monsters', 'creatures', 5, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Spells', 'spells', 5, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Info', 'serverInfo', 5, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Commands', 'commands', 5, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Gallery', 'gallery', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Experience Table', 'experienceTable', 5, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'FAQ', 'faq', 5, 6);
+/* MENU_CATEGORY_SHOP kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Buy Points', 'points', 6, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop Offer', 'gifts', 6, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop History', 'gifts/history', 6, 2);
+/* MENU_CATEGORY_NEWS tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Latest News', 'news', 1, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'News Archive', 'news/archive', 1, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Changelog', 'changelog', 1, 2);
+/* MENU_CATEGORY_ACCOUNT tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Account Management', 'account/manage', 2, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Create Account', 'account/create', 2, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Lost Account?', 'account/lost', 2, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Rules', 'rules', 2, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Downloads', 'downloads', 2, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Report Bug', 'bugtracker', 2, 5);
+/* MENU_CATEGORY_COMMUNITY tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Characters', 'characters', 3, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Who Is Online?', 'online', 3, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Highscores', 'highscores', 3, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Last Kills', 'lastkills', 3, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Houses', 'houses', 3, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Guilds', 'guilds', 3, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Polls', 'polls', 3, 6);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Bans', 'bans', 3, 7);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Support List', 'team', 3, 8);
+/* MENU_CATEGORY_FORUM tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Forum', 'forum', 4, 0);
+/* MENU_CATEGORY_LIBRARY tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Creatures', 'creatures', 5, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Spells', 'spells', 5, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Commands', 'commands', 5, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Exp Stages', 'experienceStages', 5, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Gallery', 'gallery', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Info', 'serverInfo', 5, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Experience Table', 'experienceTable', 5, 6);
+/* MENU_CATEGORY_SHOP tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Buy Points', 'points', 6, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop Offer', 'gifts', 6, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop History', 'gifts/history', 6, 2);
+
 CREATE TABLE `myaac_monsters` (
 	`id` int(11) NOT NULL AUTO_INCREMENT,
 	`hidden` tinyint(1) NOT NULL default 0,
@@ -174,13 +255,15 @@ CREATE TABLE `myaac_news`
 	`id` INT(11) NOT NULL AUTO_INCREMENT,
 	`title` VARCHAR(100) NOT NULL,
 	`body` TEXT NOT NULL,
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - news, 2 - ticket, 3 - article',
+	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - news, 2 - ticker, 3 - article',
 	`date` INT(11) NOT NULL DEFAULT 0,
 	`category` TINYINT(1) NOT NULL DEFAULT 0,
 	`player_id` INT(11) NOT NULL DEFAULT 0,
 	`last_modified_by` INT(11) NOT NULL DEFAULT 0,
 	`last_modified_date` INT(11) NOT NULL DEFAULT 0,
-	`comments` VARCHAR(50) NOT NULL,
+	`comments` VARCHAR(50) NOT NULL DEFAULT '',
+	`article_text` VARCHAR(300) NOT NULL DEFAULT '',
+	`article_image` VARCHAR(100) NOT NULL DEFAULT '',
 	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;

install/includes/twig_error.html

@@ -0,0 +1,11 @@
+We have detected that you don't have access to write to the system/cache directory. Under linux you can fix it by using this two command, where first one should be enough (for apache):<br/><br/><span class="console">chown -R www-data.www-data /var/www/*</span><br/><span class="console">chmod -R 660 system/cache</span>
+
+<style type="text/css">
+.console {
+	font-family:Courier;
+	color: #CCCCCC;
+	background: #000000;
+	border: 3px double #CCCCCC;
+	padding: 0px;
+}
+</style>

install/index.php

@@ -1,9 +1,6 @@
 <?php
 require('../common.php');
 
-// step
-$step = isset($_POST['step']) ? $_POST['step'] : 'welcome';
-
 // includes
 require(SYSTEM . 'functions.php');
 require(BASE . 'install/includes/functions.php');
@@ -26,33 +23,87 @@ if(isset($_POST['vars']))
 		$_SESSION['var_' . $key] = $value;
 }
 
+// step
+$step = isset($_POST['step']) ? $_POST['step'] : 'welcome';
+
 $steps = array(1 => 'welcome', 2 => 'license', 3 => 'requirements', 4 => 'config', 5 => 'database', 6 => 'admin', 7 => 'finish');
 if(!in_array($step, $steps)) // check if step is valid
 	die('ERROR: Unknown step.');
 
+$errors = array();
 if($step == 'database')
 {
 	foreach($_POST['vars'] as $key => $value)
 	{
-		if(empty($value))
+		if($key != 'usage' && empty($value))
 		{
-			$step = 'config';
-			$errors = '<p class="error">' . $locale['please_fill_all'] . '</p>';
+			$errors[] = $locale['please_fill_all'];
 			break;
 		}
+		else if($key == 'mail_admin' && !Validator::email($value))
+		{
+			$errors[] = $locale['step_config_mail_admin_error'];
+			break;
+		}
+		else if($key == 'mail_address' && !Validator::email($value))
+		{
+			$errors[] = $locale['step_config_mail_address_error'];
+			break;
+		}
+	}
+
+	if(!empty($errors)) {
+		$step = 'config';
+	}
+}
+else if($step == 'finish') {
+	// password
+	$password = $_SESSION['var_password'];
+
+	if(isset($_SESSION['var_account'])) {
+		if(!Validator::accountName($_SESSION['var_account'])) {
+			$errors[] = $locale['step_admin_account_error_format'];
+		}
+		else if(strtoupper($_SESSION['var_account']) == strtoupper($password)) {
+			$errors[] = $locale['step_admin_account_error_same'];
+		}
+	}
+	else if(isset($_SESSION['var_account_id'])) {
+		if(!Validator::accountId($_SESSION['var_account_id'])) {
+			$errors[] = $locale['step_admin_account_id_error_format'];
+		}
+		else if($_SESSION['var_account_id'] == $password) {
+			$errors[] = $locale['step_admin_account_id_error_same'];
+		}
+	}
+
+	if(empty($password)) {
+		$errors[] = $locale['step_admin_password_error_empty'];
+	}
+	else if(!Validator::password($password)) {
+		$errors[] = $locale['step_admin_password_error_format'];
+	}
+
+	if(!empty($errors)) {
+		$step = 'admin';
 	}
 }
 
 $error = false;
 
-// step include
-ob_start();
-require('steps/' . $step . '.php');
-$content = ob_get_contents();
-ob_end_clean();
+clearstatcache();
+if(is_writable(CACHE) && (MYAAC_OS != 'WINDOWS' || win_is_writable(CACHE))) {
+	ob_start();
+
+	$step_id = array_search($step, $steps);
+	require('steps/' . $step_id . '-' . $step . '.php');
+	$content = ob_get_contents();
+	ob_end_clean();
+}
+else {
+	$content = error(file_get_contents(BASE . 'install/includes/twig_error.html'), true);
+}
 
 // render
 require('template/template.php');
-//$_SESSION['laststep'] = $step;
-
-?>
+//$_SESSION['laststep'] = $step;

install/steps/4-config.php

@@ -7,6 +7,7 @@ $clients_list = array(
 	750,
 	760,
 	770,
+	772,
 	780,
 	7920,
 	800,
@@ -79,6 +80,7 @@ echo $twig->render('install.config.html.twig', array(
 	'clients' => $clients,
 	'locale' => $locale,
 	'session' => $_SESSION,
+	'errors' => isset($errors) ? $errors : null,
 	'buttons' => next_buttons()
 ));
 ?>

install/steps/5-database.php

@@ -11,7 +11,8 @@ if(!isset($_SESSION['var_server_path'])) {
 }
 
 if(!$error) {
-	$content = "<?php\n";
+	$content = "<?php";
+	$content .= PHP_EOL;
 	foreach($_SESSION as $key => $value)
 	{
 		if(strpos($key, 'var_') !== false)
@@ -23,7 +24,11 @@ if(!$error) {
 					$value .= "/";
 			}
 
-			if($key != 'var_account' && $key != 'var_account_id' && $key != 'var_password') {
+			if($key == 'var_usage') {
+				$content .= '$config[\'anonymous_usage_statistics\'] = ' . ((int)$value == 1 ? 'true' : 'false') . ';';
+				$content .= PHP_EOL;
+			}
+			else if($key != 'var_account' && $key != 'var_account_id' && $key != 'var_password') {
 				$content .= '$config[\'' . str_replace('var_', '', $key) . '\'] = \'' . $value . '\';';
 				$content .= PHP_EOL;
 			}
@@ -85,7 +90,7 @@ if(!$error) {
 		
 			if(!fieldExist('blocked', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `blocked` TINYINT(1) NOT NULL DEFAULT FALSE COMMENT 'internal usage' AFTER `key`;"))
-					success($locale['step_database_adding_field'] . ' accounts.created...');
+					success($locale['step_database_adding_field'] . ' accounts.blocked...');
 			}
 	
 			if(!fieldExist('created', 'accounts')) {
@@ -235,9 +240,11 @@ if(!$error) {
 			$content .= PHP_EOL;
 			$content .= '$config[\'client_download_linux\'] = \'http://tibia-clients.com/clients/download/\'. $config[\'client\'] . \'/tar/linux\';';
 			$content .= PHP_EOL;
-			$content .= '// place for your configuration directives, so you can later easily update myaac';
+			$content .= '$config[\'session_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
 			$content .= PHP_EOL;
-			$content .= "?>";
+			$content .= '$config[\'cache_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
+			$content .= PHP_EOL;
+			
 			$file = fopen(BASE . 'config.local.php', 'a+');
 			if($file) {
 				if(!$error) {

install/steps/6-admin.php

@@ -8,6 +8,7 @@ if(!$error) {
 	echo $twig->render('install.admin.html.twig', array(
 		'locale' => $locale,
 		'session' => $_SESSION,
+		'errors' => isset($errors) ? $errors : null,
 		'buttons' => next_buttons(true, $error ? false : true)
 	));
 }

install/steps/7-finish.php

@@ -20,27 +20,7 @@ else {
 			$salt = generateRandomString(10, false, true, true);
 			$password = $salt . $password;
 		}
-/*
-		$account_db = new OTS_Account();
-		$account_db->load(1);
-		if($account_db->isLoaded()) {
-			if(USE_ACCOUNT_NAME)
-				$account_db->setName('dummy_account');
 
-			$account_db->setPassword('for sample characters. ' . generateRandomString(10));
-			$account_db->save();
-		}
-		else {
-			$new_account = new OTS_Account();
-			if(USE_ACCOUNT_NAME)
-				$new_account->create('dummy_account', 1);
-			else
-				$new_account->create(null, 1);
-
-			$new_account->setPassword('for sample characters. ' . generateRandomString(10));
-			$new_account->save();
-		}
-*/
 		$account_db = new OTS_Account();
 		if(isset($account))
 			$account_db->find($account);
@@ -55,34 +35,29 @@ else {
 			$player = new OTS_Player();
 			$player->setName('Admin');
 			
-			$player->setGroupId($groups->getHighestId());
+			$player_used = &$player;
 		}
+		else {
+			$player_used = &$player_db;
+		}
+
+		$player_used->setGroupId($groups->getHighestId());
 
 		if($account_db->isLoaded()) {
 			$account_db->setPassword(encrypt($password));
 			$account_db->setEMail($_SESSION['var_mail_admin']);
 			$account_db->save();
 			
-			if($config_salt_enabled)
-				$account_db->setCustomField('salt', $salt);
-			
-			$account_db->setCustomField('web_flags', 3);
-			$account_db->setCustomField('country', 'us');
-			if(fieldExist('group_id', 'accounts'))
-				$account_db->setCustomField('group_id', $groups->getHighestId());
-			if(fieldExist('type', 'accounts'))
-				$account_db->setCustomField('type', 5);
-
-			if(!$player_db->isLoaded())
-				$player->setAccountId($account_db->getId());
-			else
-				$player_db->setAccountId($account_db->getId());
-			
-			setSession('account', $account_db->getId());
+			$account_used = &$account_db;
 		}
 		else {
 			$new_account = new OTS_Account();
-			$new_account->create($account);
+			if(USE_ACCOUNT_NAME) {
+				$new_account->create($account);
+			}
+			else {
+				$new_account->create(null, $account_id);
+			}
 			
 			$new_account->setPassword(encrypt($password));
 			$new_account->setEMail($_SESSION['var_mail_admin']);
@@ -90,28 +65,30 @@ else {
 			$new_account->unblock();
 			$new_account->save();
 			
-			if($config_salt_enabled)
-				$new_account->setCustomField('salt', $salt);
-			
 			$new_account->setCustomField('created', time());
-			$new_account->setCustomField('web_flags', 3);
-			$new_account->setCustomField('country', 'us');
-			if(fieldExist('group_id', 'accounts'))
-				$new_account->setCustomField('group_id', $groups->getHighestId());
-			if(fieldExist('type', 'accounts'))
-				$new_account->setCustomField('type', 5);
-
 			$new_account->logAction('Account created.');
 			
-			if(!$player_db->isLoaded())
-				$player->setAccountId($new_account->getId());
-			else
-				$player_db->setAccountId($new_account->getId());
-			
-			setSession('account', $new_account->getId());
+			$account_used = &$new_account;
 		}
 
+		if($config_salt_enabled)
+			$account_used->setCustomField('salt', $salt);
+
+		$account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
+		$account_used->setCustomField('country', 'us');
+		if(fieldExist('group_id', 'accounts'))
+			$account_used->setCustomField('group_id', $groups->getHighestId());
+		if(fieldExist('type', 'accounts'))
+			$account_used->setCustomField('type', 5);
+
+		if(!$player_db->isLoaded())
+			$player->setAccountId($account_used->getId());
+		else
+			$player_db->setAccountId($account_used->getId());
+
 		success($locale['step_database_created_account']);
+
+		setSession('account', $account_used->getId());
 		setSession('password', encrypt($password));
 		setSession('remember_me', true);
 
@@ -129,9 +106,12 @@ else {
 			$player_id = $query['id'];
 		}
 
-		if(query("INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '1', UNIX_TIMESTAMP(), '2', 'Hello!', 'MyAAC is just READY to use!', " . $player_id . ", 'http://my-aac.org', '0');
-INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '2', UNIX_TIMESTAMP(), '4', 'Hello tickets!', 'http://my-aac.org', " . $player_id . ", '', '0');")) {
-			success($locale['step_database_created_news']);
+		$query = $db->query("SELECT `id` FROM `" . TABLE_PREFIX ."news` WHERE `title` LIKE 'Hello!';");
+		if($query->rowCount() == 0) {
+			if(query("INSERT INTO `" . TABLE_PREFIX ."news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '1', UNIX_TIMESTAMP(), '2', 'Hello!', 'MyAAC is just READY to use!', " . $player_id . ", 'http://my-aac.org', '0');
+	INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '2', UNIX_TIMESTAMP(), '4', 'Hello tickets!', 'http://my-aac.org', " . $player_id . ", '', '0');")) {
+				success($locale['step_database_created_news']);
+			}
 		}
 
 		$deleted = 'deleted';
@@ -141,34 +121,50 @@ INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `pl
 		$insert_into_players = "INSERT INTO `players` (`id`, `name`, `group_id`, `account_id`, `level`, `vocation`, `health`, `healthmax`, `experience`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`, `maglevel`, `mana`, `manamax`, `manaspent`, `soul`, `town_id`, `posx`, `posy`, `posz`, `conditions`, `cap`, `sex`, `lastlogin`, `lastip`, `save`, `lastlogout`, `balance`, `$deleted`, `created`, `hidden`, `comment`) VALUES ";
 		$success = true;
 
+		$highscores_ignored_ids = array();
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Rook Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Rook Sample', 4, " . getSession('account') . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 11, 2200, 1298, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Rook Sample', 1, " . getSession('account') . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 1, 1000, 1000, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
+			else {
+				$highscores_ignored_ids[] = $db->lastInsertId();
+			}
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Sorcerer Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Sorcerer Sample', 4, " . getSession('account') . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Sorcerer Sample', 1, " . getSession('account') . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
+			else {
+				$highscores_ignored_ids[] = $db->lastInsertId();
+			}
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Druid Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Druid Sample', 4, " . getSession('account') . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Druid Sample', 1, " . getSession('account') . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
+			else {
+				$highscores_ignored_ids[] = $db->lastInsertId();
+			}
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Paladin Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Paladin Sample', 4, " . getSession('account') . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Paladin Sample', 1, " . getSession('account') . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
+			else {
+				$highscores_ignored_ids[] = $db->lastInsertId();
+			}
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Knight Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Knight Sample', 4, " . getSession('account') . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Knight Sample', 1, " . getSession('account') . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
+			else {
+				$highscores_ignored_ids[] = $db->lastInsertId();
+			}
 		}
 
 		if($success) {
@@ -196,6 +192,20 @@ INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `pl
 			error(Spells::getLastError());
 		}
 
+		$content = PHP_EOL;
+		$content .= '$config[\'highscores_ids_hidden\'] = array(' . implode(', ', $highscores_ignored_ids) . ');';
+		$content .= PHP_EOL;
+
+		$file = fopen(BASE . 'config.local.php', 'a+');
+		if($file) {
+			fwrite($file, $content);
+		}
+		else {
+			$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.local.php</b>', $locale['step_database_error_file']);
+			warning($locale['step_database_error_file'] . '<br/>
+				<textarea cols="70" rows="10">' . $content . '</textarea>');
+		}
+
 		$locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(ADMIN_URL, $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 		$locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(BASE_URL, $locale['step_finish_homepage'], true), $locale['step_finish_desc']);
 		$locale['step_finish_desc'] = str_replace('$LINK$', generateLink('http://my-aac.org', 'http://my-aac.org', true), $locale['step_finish_desc']);

system/bin/install_plugin.php

@@ -7,6 +7,7 @@ if(php_sapi_name() != "cli") {
 require_once('../../common.php');
 require_once(SYSTEM . 'functions.php');
 require_once(SYSTEM . 'init.php');
+require_once(SYSTEM . 'hooks.php');
 require_once(LIBS . 'plugins.php');
 
 if($argc != 2) {

system/compat.php

@@ -0,0 +1,63 @@
+<?php
+/**
+ * Deprecated functions (compat)
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+function check_name($name, &$errors = '') {
+	if(Validator::characterName($name))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function check_account_id($id, &$errors = '') {
+	if(Validator::accountId($id))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function check_account_name($name, &$errors = '') {
+	if(Validator::accountName($name))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function check_name_new_char($name, &$errors = '') {
+	if(Validator::newCharacterName($name))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function check_rank_name($name, &$errors = '') {
+	if(Validator::rankName($name))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function check_guild_name($name, &$errors = '') {
+	if(Validator::guildName($name))
+		return true;
+	
+	$errors = Validator::getLastError();
+	return false;
+}
+
+function news_place() {
+	return tickers();
+}
+?>

system/compat_pages.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/counter.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/countries.conf.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/database.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/functions.php

@@ -5,27 +5,29 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
-function success($message, $return = false) {
+
+function message($message, $type, $return)
+{
 	if($return)
-		return '<p class="success">' . $message . '</p>';
+		return '<p class="' . $type . '">' . $message . '</p>';
 	
-	echo '<p class="success">' . $message . '</p>';
+	echo '<p class="' . $type . '">' . $message . '</p>';
+	return true;
+}
+function success($message, $return = false) {
+	return message($message, 'success', $return);
 }
 function warning($message, $return = false) {
-	if($return)
-		return '<p class="warning">' . $message . '</p>';
-	
-	echo '<p class="warning">' . $message . '</p>';
+	return message($message, 'warning', $return);
+}
+function note($message, $return = false) {
+	return message($message, 'note', $return);
 }
 function error($message, $return = false) {
-	if($return)
-		return '<p class="error">' . $message . '</p>';
-	
-	echo '<p class="error">' . $message . '</p>';
+	return message($message, 'error', $return);
 }
 
 function longToIp($ip)
@@ -411,42 +413,16 @@ function short_text($text, $limit)
 	return $text;
 }
 
-function news_place()
+function tickers()
 {
-	global $template_path, $news_content;
-
-	$news = '';
-	if(PAGE == 'news')
-	{
-		//add tickers to site - without it tickers will not be showed
-		if(isset($news_content))
-			$news .= $news_content;
-
-		//featured article
-/*		$news .= '  <div id="featuredarticle" class="Box">
-			<div class="Corner-tl" style="background-image:url('.$template_path.'/images/content/corner-tl.gif);"></div>
-			<div class="Corner-tr" style="background-image:url('.$template_path.'/images/content/corner-tr.gif);"></div>
-			<div class="Border_1" style="background-image:url('.$template_path.'/images/content/border-1.gif);"></div>
-			<div class="BorderTitleText" style="background-image:url('.$template_path.'/images/content/title-background-green.gif);"></div>
-			<img class="Title" src="'.$template_path.'/images/strings/headline-featuredarticle.gif" alt="Contentbox headline" />
-			<div class="Border_2">
-			  <div class="Border_3">
-				<div class="BoxContent" style="background-image:url('.$template_path.'/images/content/scroll.gif);">
-		<div id=\'TeaserThumbnail\'><img src="'.$template_path.'/images/news/features.jpg" width=150 height=100 border=0 alt="" /></div><div id=\'TeaserText\'><div style="position: relative; top: -2px; margin-bottom: 2px;" >
-		<b>Tutaj wpisz tytul</b></div>
-		tutaj wpisz tresc newsa<br>
-		zdjecie laduje sie w <i>tibiacom/images/news/features.jpg</i><br>
-		skad sie laduje mozesz zmienic linijke ponad komentarzem
-		</div>        </div>
-			  </div>
-			</div>
-			<div class="Border_1" style="background-image:url('.$template_path.'/images/content/border-1.gif);"></div>
-			<div class="CornerWrapper-b"><div class="Corner-bl" style="background-image:url('.$template_path.'/images/content/corner-bl.gif);"></div></div>
-			<div class="CornerWrapper-b"><div class="Corner-br" style="background-image:url('.$template_path.'/images/content/corner-br.gif);"></div></div>
-		  </div>';*/
+	global $tickers_content, $featured_article;
+	
+	if(PAGE == 'news') {
+		if(isset($tickers_content))
+			return $tickers_content . $featured_article;
 	}
 
-	return $news;
+	return '';
 }
 
 /**
@@ -485,8 +461,8 @@ function template_header($is_admin = false)
 	<meta http-equiv="content-type" content="text/html; charset=' . $charset . '" />';
 	if(!$is_admin)
 		$ret .= '
-	<title>' . $title_full . '</title>
-	<base href="' . BASE_URL . '" />';
+	<base href="' . BASE_URL . '" />
+	<title>' . $title_full . '</title>';
 
 	$ret .= '
 	<meta name="description" content="' . $config['meta_description'] . '" />
@@ -958,6 +934,7 @@ function str_replace_first($search, $replace, $subject) {
 	if ($pos !== false) {
 		return substr_replace($subject, $replace, $pos, strlen($search));
 	}
+	
 	return $subject;
 }
 
@@ -974,6 +951,71 @@ function unsetSession($key) {
 	unset($_SESSION[$config['session_prefix'] . $key]);
 }
 
+function getTopPlayers($limit = 5) {
+	global $cache, $config, $db;
+	
+	$fetch_from_db = true;
+	if($cache->enabled())
+	{
+		$tmp = '';
+		if($cache->fetch('top_' . $limit . '_level', $tmp))
+		{
+			$players = unserialize($tmp);
+			$fetch_from_db = false;
+		}
+	}
+	
+	if($fetch_from_db)
+	{
+		$deleted = 'deleted';
+		if(fieldExist('deletion', 'players'))
+			$deleted = 'deletion';
+
+		$is_tfs10 = tableExist('players_online');
+		$players = $db->query('SELECT `id`, `name`, `level`, `experience`' . ($is_tfs10 ? '' : ', `online`') . ' FROM `players` WHERE `group_id` < ' . $config['highscores_groups_hidden'] . ' AND `id` NOT IN (' . implode(', ', $config['highscores_ids_hidden']) . ') AND `' . $deleted . '` = 0 AND `account_id` != 1 ORDER BY `experience` DESC LIMIT ' . (int)$limit)->fetchAll();
+
+		if($is_tfs10) {
+			foreach($players as &$player) {
+				$query = $db->query('SELECT `player_id` FROM `players_online` WHERE `player_id` = ' . $player['id']);
+				$player['online'] = ($query->rowCount() > 0 ? 1 : 0);
+			}
+		}
+
+		$i = 0;
+		foreach($players as &$player) {
+			$player['rank'] = ++$i;
+		}
+		
+		if($cache->enabled())
+			$cache->set('top_' . $limit . '_level', serialize($players), 120);
+	}
+	
+	return $players;
+}
+
+function deleteDirectory($dir) {
+	if(!file_exists($dir)) {
+		return true;
+	}
+	
+	if(!is_dir($dir)) {
+		return unlink($dir);
+	}
+	
+	foreach(scandir($dir) as $item) {
+		if($item == '.' || $item == '..') {
+			continue;
+		}
+		
+		if(!deleteDirectory($dir . DIRECTORY_SEPARATOR . $item)) {
+			return false;
+		}
+	}
+	
+	return rmdir($dir);
+}
+
 // validator functions
 require_once(LIBS . 'validator.php');
+require_once(SYSTEM . 'compat.php');
 ?>

system/hooks.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/init.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -15,8 +14,7 @@ if(file_exists(BASE . 'config.local.php')) // user customizations
 	require(BASE . 'config.local.php');
 
 if(!isset($config['installed']) || !$config['installed']) {
-	header('Location: ' . BASE_URL);
-	die('AAC has not been installed yet or there was error during installation. Please install again.');
+	die('MyAAC has not been installed yet or there was error during installation. Please install again.');
 }
 
 date_default_timezone_set($config['date_timezone']);
@@ -48,11 +46,7 @@ $function = new Twig_SimpleFunction('getStyle', function ($i) {
 $twig->addFunction($function);
 
 $function = new Twig_SimpleFunction('getLink', function ($s) {
-	global $config;
-	if($config['friendly_urls'])
-		return $s;
-	
-	return '?' . $s;
+	return getLink($s);
 });
 $twig->addFunction($function);
 
@@ -62,6 +56,11 @@ $function = new Twig_SimpleFunction('hook', function ($hook) {
 });
 $twig->addFunction($function);
 
+$filter = new Twig_SimpleFilter('urlencode', function ($s) {
+	return urlencode($s);
+});
+$twig->addFilter($filter);
+
 // trim values we receive
 if(isset($_POST))
 {
@@ -148,6 +147,11 @@ else
 $config['data_path'] = $tmp;
 unset($tmp);
 
+// new config values for compability
+if(!isset($config['highscores_ids_hidden']) || count($config['highscores_ids_hidden']) == 0) {
+	$config['highscores_ids_hidden'] = array(0);
+}
+
 // POT
 require_once(SYSTEM . 'libs/pot/OTS.php');
 $ots = POT::getInstance();

system/item.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache.php

@@ -6,7 +6,6 @@
  * @author    Slawkens <slawkens@gmail.com>
  * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache_apc.php

@@ -6,7 +6,6 @@
  * @author    Slawkens <slawkens@gmail.com>
  * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache_eaccelerator.php

@@ -6,7 +6,6 @@
  * @author    Slawkens <slawkens@gmail.com>
  * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache_file.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/cache_xcache.php

@@ -6,7 +6,6 @@
  * @author    Slawkens <slawkens@gmail.com>
  * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/creatures.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/data.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/forum.php

@@ -0,0 +1,285 @@
+<?php
+/**
+ * Forum class
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+class Forum
+{
+	static public function canPost($account)
+	{
+		global $db, $config;
+		
+		if(!$account->isLoaded() || $account->isBanned())
+			return false;
+		
+		if(self::isModerator())
+			return true;
+		
+		return
+			$db->query(
+				'SELECT `id` FROM `players` WHERE `account_id` = ' . $db->quote($account->getId()) .
+				' AND `level` >= ' . $db->quote($config['forum_level_required']) .
+				' LIMIT 1')->rowCount() > 0;
+	}
+	
+	static public function isModerator() {
+		return hasFlag(FLAG_CONTENT_FORUM) || superAdmin();
+	}
+	
+	static public function add_thread($title, $body, $section_id, $player_id, $account_id, &$errors)
+	{
+		global $db;
+		$thread_id = 0;
+		if($db->insert(TABLE_PREFIX . 'forum', array('first_post' => 0, 'last_post' => time(), 'section' => $section_id, 'replies' => 0, 'views' => 0, 'author_aid' => isset($account_id) ? $account_id : 0, 'author_guid' => isset($player_id) ? $player_id : 0, 'post_text' => $body, 'post_topic' => $title, 'post_smile' => 0, 'post_date' => time(), 'last_edit_aid' => 0, 'edit_date' => 0, 'post_ip' => $_SERVER['REMOTE_ADDR']))) {
+			$thread_id = $db->lastInsertId();
+			$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `first_post`=".(int) $thread_id." WHERE `id` = ".(int) $thread_id);
+		}
+		
+		return $thread_id;
+	}
+	
+	static public function add_post($thread_id, $section, $author_aid, $author_guid, $post_text, $post_topic, $smile)
+	{
+		global $db;
+		$db->insert(TABLE_PREFIX . 'forum', array(
+			'first_post' => $thread_id,
+			'section' => $section,
+			'author_aid' => $author_aid,
+			'author_guid' => $author_guid,
+			'post_text' => $post_text,
+			'post_topic' => $post_topic,
+			'post_smile' => $smile,
+			'post_date' => time(),
+			'post_ip' => $_SERVER['REMOTE_ADDR']
+		));
+	}
+	static public function add_board($name, $description, $access, $guild, &$errors)
+	{
+		global $db;
+		if(isset($name[0]) && isset($description[0]))
+		{
+			$query = $db->select(TABLE_PREFIX . 'forum_boards', array('name' => $name));
+			
+			if($query === false)
+			{
+				$query =
+					$db->query(
+						'SELECT ' . $db->fieldName('ordering') .
+						' FROM ' . $db->tableName(TABLE_PREFIX . 'forum_boards') .
+						' ORDER BY ' . $db->fieldName('ordering') . ' DESC LIMIT 1'
+					);
+				
+				$ordering = 0;
+				if($query->rowCount() > 0) {
+					$query = $query->fetch();
+					$ordering = $query['ordering'] + 1;
+				}
+				$db->insert(TABLE_PREFIX . 'forum_boards', array('name' => $name, 'description' => $description, 'access' => $access, 'guild' => $guild, 'ordering' => $ordering));
+			}
+			else
+				$errors[] = 'Forum board with this name already exists.';
+		}
+		else
+			$errors[] = 'Please fill all inputs.';
+		
+		return !count($errors);
+	}
+	
+	static public function get_board($id) {
+		global $db;
+		return $db->select(TABLE_PREFIX . 'forum_boards', array('id' => $id));
+	}
+	
+	static public function update_board($id, $name, $access, $guild, $description) {
+		global $db;
+		$db->update(TABLE_PREFIX . 'forum_boards', array('name' => $name, 'description' => $description, 'access' => $access, 'guild' => $guild), array('id' => $id));
+	}
+	
+	static public function delete_board($id, &$errors)
+	{
+		global $db;
+		if(isset($id))
+		{
+			if(self::get_board($id) !== false)
+				$db->delete(TABLE_PREFIX . 'forum_boards', array('id' => $id));
+			else
+				$errors[] = 'Forum board with id ' . $id . ' does not exists.';
+		}
+		else
+			$errors[] = 'id not set';
+		
+		return !count($errors);
+	}
+	
+	static public function toggleHidden_board($id, &$errors)
+	{
+		global $db;
+		if(isset($id))
+		{
+			$query = self::get_board($id);
+			if($query !== false)
+				$db->update(TABLE_PREFIX . 'forum_boards', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
+			else
+				$errors[] = 'Forum board with id ' . $id . ' does not exists.';
+		}
+		else
+			$errors[] = 'id not set';
+		
+		return !count($errors);
+	}
+	
+	static public function move_board($id, $i, &$errors)
+	{
+		global $db;
+		$query = self::get_board($id);
+		if($query !== false)
+		{
+			$ordering = $query['ordering'] + $i;
+			$old_record = $db->select(TABLE_PREFIX . 'forum_boards', array('ordering' => $ordering));
+			if($old_record !== false)
+				$db->update(TABLE_PREFIX . 'forum_boards', array('ordering' => $query['ordering']), array('ordering' => $ordering));
+			
+			$db->update(TABLE_PREFIX . 'forum_boards', array('ordering' => $ordering), array('id' => $id));
+		}
+		else
+			$errors[] = 'Forum board with id ' . $id . ' does not exists.';
+		
+		return !count($errors);
+	}
+	
+	public static function parseSmiles($text)
+	{
+		$smileys = array(
+			';D' => 1,
+			':D' => 1,
+			':cool:' => 2,
+			';cool;' => 2,
+			':ekk:' => 3,
+			';ekk;' => 3,
+			';o' => 4,
+			';O' => 4,
+			':o' => 4,
+			':O' => 4,
+			':(' => 5,
+			';(' => 5,
+			':mad:' => 6,
+			';mad;' => 6,
+			';rolleyes;' => 7,
+			':rolleyes:' => 7,
+			':)' => 8,
+			';d' => 9,
+			':d' => 9,
+			';)' => 10
+		);
+		
+		foreach($smileys as $search => $replace)
+			$text = str_replace($search, '<img src="images/forum/smile/'.$replace.'.gif" alt="'. $search .'" title="' . $search . '" />', $text);
+		
+		return $text;
+	}
+	
+	public static function parseBBCode($text, $smiles)
+	{
+		$rows = 0;
+		while(stripos($text, '[code]') !== false && stripos($text, '[/code]') !== false )
+		{
+			$code = substr($text, stripos($text, '[code]')+6, stripos($text, '[/code]') - stripos($text, '[code]') - 6);
+			if(!is_int($rows / 2)) { $bgcolor = 'ABED25'; } else { $bgcolor = '23ED25'; } $rows++;
+			$text = str_ireplace('[code]'.$code.'[/code]', '<i>Code:</i><br /><table cellpadding="0" style="background-color: #'.$bgcolor.'; width: 480px; border-style: dotted; border-color: #CCCCCC; border-width: 2px"><tr><td>'.$code.'</td></tr></table>', $text);
+		}
+		$rows = 0;
+		while(stripos($text, '[quote]') !== false && stripos($text, '[/quote]') !== false )
+		{
+			$quote = substr($text, stripos($text, '[quote]')+7, stripos($text, '[/quote]') - stripos($text, '[quote]') - 7);
+			if(!is_int($rows / 2)) { $bgcolor = 'AAAAAA'; } else { $bgcolor = 'CCCCCC'; } $rows++;
+			$text = str_ireplace('[quote]'.$quote.'[/quote]', '<table cellpadding="0" style="background-color: #'.$bgcolor.'; width: 480px; border-style: dotted; border-color: #007900; border-width: 2px"><tr><td>'.$quote.'</td></tr></table>', $text);
+		}
+		$rows = 0;
+		while(stripos($text, '[url]') !== false && stripos($text, '[/url]') !== false )
+		{
+			$url = substr($text, stripos($text, '[url]')+5, stripos($text, '[/url]') - stripos($text, '[url]') - 5);
+			$text = str_ireplace('[url]'.$url.'[/url]', '<a href="'.$url.'" target="_blank">'.$url.'</a>', $text);
+		}
+		
+		$xhtml = false;
+		$tags = array(
+			'#\[b\](.*?)\[/b\]#si' => ($xhtml ? '<strong>\\1</strong>' : '<b>\\1</b>'),
+			'#\[i\](.*?)\[/i\]#si' => ($xhtml ? '<em>\\1</em>' : '<i>\\1</i>'),
+			'#\[u\](.*?)\[/u\]#si' => ($xhtml ? '<span style="text-decoration: underline;">\\1</span>' : '<u>\\1</u>'),
+			'#\[s\](.*?)\[/s\]#si' => ($xhtml ? '<strike>\\1</strike>' : '<s>\\1</s>'),
+			
+			'#\[guild\](.*?)\[/guild\]#si' => urldecode(generateLink(getGuildLink('$1', false), '$1', true)),
+			'#\[house\](.*?)\[/house\]#si' => urldecode(generateLink(getHouseLink('$1', false), '$1', true)),
+			'#\[player\](.*?)\[/player\]#si' => urldecode(generateLink(getPlayerLink('$1', false), '$1', true)),
+			// TODO: [poll] tag
+			
+			'#\[color=(.*?)\](.*?)\[/color\]#si' => ($xhtml ? '<span style="color: \\1;">\\2</span>' : '<font color="\\1">\\2</font>'),
+			'#\[img\](.*?)\[/img\]#si' => ($xhtml ? '<img src="\\1" border="0" alt="" />' : '<img src="\\1" border="0" alt="">'),
+			'#\[url=(.*?)\](.*?)\[/url\]#si' => '<a href="\\1" title="\\2">\\2</a>',
+//		'#\[email\](.*?)\[/email\]#si' => '<a href="mailto:\\1" title="Email \\1">\\1</a>',
+			'#\[code\](.*?)\[/code\]#si' => '<code>\\1</code>',
+//		'#\[align=(.*?)\](.*?)\[/align\]#si' => ($xhtml ? '<div style="text-align: \\1;">\\2</div>' : '<div align="\\1">\\2</div>'),
+//		'#\[br\]#si' => ($xhtml ? '<br style="clear: both;" />' : '<br>'),
+		);
+		
+		foreach($tags as $search => $replace)
+			$text = preg_replace($search, $replace, $text);
+		
+		return ($smiles == 0 ? Forum::parseSmiles($text) : $text);
+	}
+	
+	public static function showPost($topic, $text, $smiles)
+	{
+		$text = nl2br($text);
+		$post = '';
+		if(!empty($topic))
+			$post .= '<b>'.($smiles == 0 ? self::parseSmiles($topic) : $topic).'</b><hr />';
+		$post .= self::parseBBCode($text, $smiles);
+		return $post;
+	}
+	
+	public static function hasAccess($board_id) {
+		global $sections, $logged, $account_logged, $logged_access;
+		if(!isset($sections[$board_id]))
+			return false;
+		
+		$hasAccess = true;
+		$section = $sections[$board_id];
+		if($section['guild'] > 0) {
+			if($logged) {
+				$guild = new OTS_Guild();
+				$guild->load($section['guild']);
+				$status = false;
+				if($guild->isLoaded()) {
+					$account_players = $account_logged->getPlayers();
+					foreach ($account_players as $player) {
+						if($guild->hasMember($player)) {
+							$status = true;
+						}
+					}
+				}
+				
+				if (!$status) $hasAccess = false;
+			}
+			else {
+				$hasAccess = false;
+			}
+		}
+		
+		if($section['access'] > 0) {
+			if($logged_access < $section['access']) {
+				$hasAccess = false;
+			}
+		}
+		
+		return $hasAccess;
+	}
+}
+?>

system/libs/items.php

@@ -6,12 +6,12 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-class Items {
+class Items
+{
 	private static $error = '';
 
 	public static function loadFromXML($show = false)

system/libs/items_images.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/phpmailer/class.phpmailer.php

@@ -31,7 +31,7 @@ class PHPMailer
      * The PHPMailer Version number.
      * @var string
      */
-    public $Version = '5.2.23';
+    public $Version = '5.2.26';
 
     /**
      * Email priority.
@@ -440,9 +440,9 @@ class PHPMailer
      *
      * Parameters:
      *   boolean $result        result of the send action
-     *   string  $to            email address of the recipient
-     *   string  $cc            cc email addresses
-     *   string  $bcc           bcc email addresses
+     *   array   $to            email addresses of the recipients
+     *   array   $cc            cc email addresses
+     *   array   $bcc           bcc email addresses
      *   string  $subject       the subject
      *   string  $body          the email body
      *   string  $from          email address of sender
@@ -659,6 +659,8 @@ class PHPMailer
         if ($exceptions !== null) {
             $this->exceptions = (boolean)$exceptions;
         }
+        //Pick an appropriate debug output format automatically
+        $this->Debugoutput = (strpos(PHP_SAPI, 'cli') !== false ? 'echo' : 'html');
     }
 
     /**
@@ -1622,8 +1624,13 @@ class PHPMailer
 
         foreach ($hosts as $hostentry) {
             $hostinfo = array();
-            if (!preg_match('/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*):?([0-9]*)$/', trim($hostentry), $hostinfo)) {
+            if (!preg_match(
+                '/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*|\[[a-fA-F0-9:]+\]):?([0-9]*)$/',
+                trim($hostentry),
+                $hostinfo
+            )) {
                 // Not a valid host entry
+                $this->edebug('Ignoring invalid host: ' . $hostentry);
                 continue;
             }
             // $hostinfo[2]: optional ssl or tls prefix
@@ -1742,6 +1749,7 @@ class PHPMailer
             'dk' => 'da',
             'no' => 'nb',
             'se' => 'sv',
+            'sr' => 'rs'
         );
 
         if (isset($renamed_langcodes[$langcode])) {
@@ -2024,10 +2032,7 @@ class PHPMailer
     {
         $result = '';
 
-        if ($this->MessageDate == '') {
-            $this->MessageDate = self::rfcDate();
-        }
-        $result .= $this->headerLine('Date', $this->MessageDate);
+        $result .= $this->headerLine('Date', $this->MessageDate == '' ? self::rfcDate() : $this->MessageDate);
 
         // To be created automatically by mail()
         if ($this->SingleTo) {
@@ -4033,7 +4038,7 @@ class phpmailerException extends Exception
      */
     public function errorMessage()
     {
-        $errorMsg = '<strong>' . $this->getMessage() . "</strong><br />\n";
+        $errorMsg = '<strong>' . htmlspecialchars($this->getMessage()) . "</strong><br />\n";
         return $errorMsg;
     }
 }

system/libs/phpmailer/class.pop3.php

@@ -34,7 +34,7 @@ class POP3
      * @var string
      * @access public
      */
-    public $Version = '5.2.23';
+    public $Version = '5.2.26';
 
     /**
      * Default POP3 port number.

system/libs/phpmailer/class.smtp.php

@@ -30,7 +30,7 @@ class SMTP
      * The PHPMailer SMTP version number.
      * @var string
      */
-    const VERSION = '5.2.23';
+    const VERSION = '5.2.26';
 
     /**
      * SMTP line break constant.
@@ -81,7 +81,7 @@ class SMTP
      * @deprecated Use the `VERSION` constant instead
      * @see SMTP::VERSION
      */
-    public $Version = '5.2.23';
+    public $Version = '5.2.26';
 
     /**
      * SMTP server port number.
@@ -151,9 +151,8 @@ class SMTP
     public $Timelimit = 300;
 
     /**
-     * @var array patterns to extract smtp transaction id from smtp reply
-     * Only first capture group will be use, use non-capturing group to deal with it
-     * Extend this class to override this property to fulfil your needs.
+     * @var array Patterns to extract an SMTP transaction id from reply to a DATA command.
+     * The first capture group in each regex will be used as the ID.
      */
     protected $smtp_transaction_id_patterns = array(
         'exim' => '/[0-9]{3} OK id=(.*)/',
@@ -161,6 +160,12 @@ class SMTP
         'postfix' => '/[0-9]{3} 2.0.0 Ok: queued as (.*)/'
     );
 
+    /**
+     * @var string The last transaction ID issued in response to a DATA command,
+     * if one was detected
+     */
+    protected $last_smtp_transaction_id;
+
     /**
      * The socket for the server connection.
      * @var resource
@@ -227,7 +232,7 @@ class SMTP
                 break;
             case 'html':
                 //Cleans up output a bit for a better looking, HTML-safe output
-                echo htmlentities(
+                echo gmdate('Y-m-d H:i:s') . ' ' . htmlentities(
                     preg_replace('/[\r\n]+/', '', $str),
                     ENT_QUOTES,
                     'UTF-8'
@@ -709,6 +714,7 @@ class SMTP
         $savetimelimit = $this->Timelimit;
         $this->Timelimit = $this->Timelimit * 2;
         $result = $this->sendCommand('DATA END', '.', 250);
+        $this->recordLastTransactionID();
         //Restore timelimit
         $this->Timelimit = $savetimelimit;
         return $result;
@@ -989,7 +995,10 @@ class SMTP
     public function client_send($data)
     {
         $this->edebug("CLIENT -> SERVER: $data", self::DEBUG_CLIENT);
-        return fwrite($this->smtp_conn, $data);
+        set_error_handler(array($this, 'errorHandler'));
+        $result = fwrite($this->smtp_conn, $data);
+        restore_error_handler();
+        return $result;
     }
 
     /**
@@ -1089,8 +1098,10 @@ class SMTP
             $this->edebug("SMTP -> get_lines(): \$data is \"$data\"", self::DEBUG_LOWLEVEL);
             $this->edebug("SMTP -> get_lines(): \$str is  \"$str\"", self::DEBUG_LOWLEVEL);
             $data .= $str;
-            // If 4th character is a space, we are done reading, break the loop, micro-optimisation over strlen
-            if ((isset($str[3]) and $str[3] == ' ')) {
+            // If response is only 3 chars (not valid, but RFC5321 S4.2 says it must be handled),
+            // or 4th character is a space, we are done reading, break the loop,
+            // string array access is a micro-optimisation over strlen
+            if (!isset($str[3]) or (isset($str[3]) and $str[3] == ' ')) {
                 break;
             }
             // Timed-out? Log and break
@@ -1226,26 +1237,40 @@ class SMTP
     }
 
     /**
-     * Will return the ID of the last smtp transaction based on a list of patterns provided
-     * in SMTP::$smtp_transaction_id_patterns.
+     * Extract and return the ID of the last SMTP transaction based on
+     * a list of patterns provided in SMTP::$smtp_transaction_id_patterns.
+     * Relies on the host providing the ID in response to a DATA command.
      * If no reply has been received yet, it will return null.
-     * If no pattern has been matched, it will return false.
+     * If no pattern was matched, it will return false.
      * @return bool|null|string
      */
-    public function getLastTransactionID()
+    protected function recordLastTransactionID()
     {
         $reply = $this->getLastReply();
 
         if (empty($reply)) {
-            return null;
-        }
-
-        foreach ($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) {
-            if (preg_match($smtp_transaction_id_pattern, $reply, $matches)) {
-                return $matches[1];
+            $this->last_smtp_transaction_id = null;
+        } else {
+            $this->last_smtp_transaction_id = false;
+            foreach ($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) {
+                if (preg_match($smtp_transaction_id_pattern, $reply, $matches)) {
+                    $this->last_smtp_transaction_id = $matches[1];
+                }
             }
         }
 
-        return false;
+        return $this->last_smtp_transaction_id;
+    }
+
+    /**
+     * Get the queue/transaction ID of the last SMTP transaction
+     * If no reply has been received yet, it will return null.
+     * If no pattern was matched, it will return false.
+     * @return bool|null|string
+     * @see recordLastTransactionID()
+     */
+    public function getLastTransactionID()
+    {
+        return $this->last_smtp_transaction_id;
     }
 }

system/libs/phpmailer/language/phpmailer.lang-ba.php

@@ -0,0 +1,26 @@
+<?php
+/**
+ * Bosnian PHPMailer language file: refer to English translation for definitive list
+ * @package PHPMailer
+ * @author Ermin Islamagić <ermin@islamagic.com>
+ */
+
+$PHPMAILER_LANG['authenticate']         = 'SMTP Greška: Neuspjela prijava.';
+$PHPMAILER_LANG['connect_host']         = 'SMTP Greška: Ne moguće se spojiti sa SMTP serverom.';
+$PHPMAILER_LANG['data_not_accepted']    = 'SMTP Greška: Podatci nisu prihvaćeni.';
+$PHPMAILER_LANG['empty_message']        = 'Sadržaj poruke je prazan.';
+$PHPMAILER_LANG['encoding']             = 'Nepoznata kriptografija: ';
+$PHPMAILER_LANG['execute']              = 'Nije moguće izvršiti naredbu: ';
+$PHPMAILER_LANG['file_access']          = 'Nije moguće pristupiti datoteci: ';
+$PHPMAILER_LANG['file_open']            = 'Nije moguće otvoriti datoteku: ';
+$PHPMAILER_LANG['from_failed']          = 'SMTP Greška: Slanje sa navedenih e-mail adresa nije uspjelo: ';
+$PHPMAILER_LANG['recipients_failed']    = 'SMTP Greška: Slanje na navedene e-mail adrese nije uspjelo: ';
+$PHPMAILER_LANG['instantiate']          = 'Ne mogu pokrenuti mail funkcionalnost.';
+$PHPMAILER_LANG['invalid_address']      = 'E-mail nije poslan. Neispravna e-mail adresa: ';
+$PHPMAILER_LANG['mailer_not_supported'] = ' mailer nije podržan.';
+$PHPMAILER_LANG['provide_address']      = 'Definišite barem jednu adresu primaoca.';
+$PHPMAILER_LANG['signing']              = 'Greška prilikom prijave: ';
+$PHPMAILER_LANG['smtp_connect_failed']  = 'Spajanje na SMTP server nije uspjelo.';
+$PHPMAILER_LANG['smtp_error']           = 'SMTP greška: ';
+$PHPMAILER_LANG['variable_set']         = 'Nije moguće postaviti varijablu ili je vratiti nazad: ';
+$PHPMAILER_LANG['extension_missing']    = 'Nedostaje ekstenzija: ';

system/libs/phpmailer/language/phpmailer.lang-nb.php

@@ -1,25 +1,25 @@
 <?php
 /**
- * Norwegian PHPMailer language file: refer to English translation for definitive list
+ * Norwegian Bokmål PHPMailer language file: refer to English translation for definitive list
  * @package PHPMailer
  */
 
 $PHPMAILER_LANG['authenticate']         = 'SMTP Feil: Kunne ikke autentisere.';
 $PHPMAILER_LANG['connect_host']         = 'SMTP Feil: Kunne ikke koble til SMTP tjener.';
-$PHPMAILER_LANG['data_not_accepted']    = 'SMTP Feil: Data ble ikke akseptert.';
-$PHPMAILER_LANG['empty_message']        = 'Meldingsinnholdet er tomt';
-$PHPMAILER_LANG['encoding']             = 'Ukjent tegnkoding: ';
+$PHPMAILER_LANG['data_not_accepted']    = 'SMTP Feil: Datainnhold ikke akseptert.';
+$PHPMAILER_LANG['empty_message']        = 'Melding kropp tomt';
+$PHPMAILER_LANG['encoding']             = 'Ukjent koding: ';
 $PHPMAILER_LANG['execute']              = 'Kunne ikke utføre: ';
 $PHPMAILER_LANG['file_access']          = 'Får ikke tilgang til filen: ';
-$PHPMAILER_LANG['file_open']            = 'Fil feil: Kunne ikke åpne filen: ';
-$PHPMAILER_LANG['from_failed']          = 'Følgende avsenderadresse feilet: ';
-$PHPMAILER_LANG['instantiate']          = 'Kunne ikke initialisere mailfunksjonen.';
-$PHPMAILER_LANG['invalid_address']      = 'Meldingen ble ikke sendt, følgende adresse er ugyldig: ';
-$PHPMAILER_LANG['provide_address']      = 'Du må angi minst en mottakeradresse.';
-$PHPMAILER_LANG['mailer_not_supported'] = ' mailer er ikke supportert.';
-$PHPMAILER_LANG['recipients_failed']    = 'SMTP Feil: Følgende mottagere feilet: ';
-$PHPMAILER_LANG['signing']              = 'Signeringsfeil: ';
-$PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP Connect() feilet.';
-$PHPMAILER_LANG['smtp_error']           = 'SMTP-serverfeil: ';
-$PHPMAILER_LANG['variable_set']         = 'Kan ikke sette eller resette variabelen: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['file_open']            = 'Fil Feil: Kunne ikke åpne filen: ';
+$PHPMAILER_LANG['from_failed']          = 'Følgende Frå adresse feilet: ';
+$PHPMAILER_LANG['instantiate']          = 'Kunne ikke initialisere post funksjon.';
+$PHPMAILER_LANG['invalid_address']      = 'Ugyldig adresse: ';
+$PHPMAILER_LANG['mailer_not_supported'] = ' sender er ikke støttet.';
+$PHPMAILER_LANG['provide_address']      = 'Du må opppgi minst en mottakeradresse.';
+$PHPMAILER_LANG['recipients_failed']    = 'SMTP Feil: Følgende mottakeradresse feilet: ';
+$PHPMAILER_LANG['signing']              = 'Signering Feil: ';
+$PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP connect() feilet.';
+$PHPMAILER_LANG['smtp_error']           = 'SMTP server feil: ';
+$PHPMAILER_LANG['variable_set']         = 'Kan ikke skrive eller omskrive variabel: ';
+$PHPMAILER_LANG['extension_missing']    = 'Utvidelse mangler: ';

system/libs/phpmailer/language/phpmailer.lang-pt_br.php

@@ -5,6 +5,7 @@
  * @author Paulo Henrique Garcia <paulo@controllerweb.com.br>
  * @author Lucas Guimarães <lucas@lucasguimaraes.com>
  * @author Phelipe Alves <phelipealvesdesouza@gmail.com>
+ * @author Fabio Beneditto <fabiobeneditto@gmail.com>
  */
 
 $PHPMAILER_LANG['authenticate']         = 'Erro de SMTP: Não foi possível autenticar.';
@@ -15,7 +16,7 @@ $PHPMAILER_LANG['encoding']             = 'Codificação desconhecida: ';
 $PHPMAILER_LANG['execute']              = 'Não foi possível executar: ';
 $PHPMAILER_LANG['file_access']          = 'Não foi possível acessar o arquivo: ';
 $PHPMAILER_LANG['file_open']            = 'Erro de Arquivo: Não foi possível abrir o arquivo: ';
-$PHPMAILER_LANG['from_failed']          = 'Os seguintes remententes falharam: ';
+$PHPMAILER_LANG['from_failed']          = 'Os seguintes remetentes falharam: ';
 $PHPMAILER_LANG['instantiate']          = 'Não foi possível instanciar a função mail.';
 $PHPMAILER_LANG['invalid_address']      = 'Endereço de e-mail inválido: ';
 $PHPMAILER_LANG['mailer_not_supported'] = ' mailer não é suportado.';

system/libs/phpmailer/language/phpmailer.lang-rs.php

@@ -23,4 +23,4 @@ $PHPMAILER_LANG['signing']              = 'Грешка приликом при
 $PHPMAILER_LANG['smtp_connect_failed']  = 'Повезивање са SMTP сервером није успело.';
 $PHPMAILER_LANG['smtp_error']           = 'Грешка SMTP сервера: ';
 $PHPMAILER_LANG['variable_set']         = 'Није могуће задати променљиву, нити је вратити уназад: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = 'Недостаје проширење: ';

system/libs/phpmailer/language/phpmailer.lang-tr.php

@@ -6,6 +6,7 @@
  * @author Can Yılmaz
  * @author Mehmet Benlioğlu
  * @author @yasinaydin
+ * @author Ogün Karakuş
  */
 
 $PHPMAILER_LANG['authenticate']         = 'SMTP Hatası: Oturum açılamadı.';
@@ -26,4 +27,4 @@ $PHPMAILER_LANG['signing']              = 'İmzalama hatası: ';
 $PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP connect() fonksiyonu başarısız.';
 $PHPMAILER_LANG['smtp_error']           = 'SMTP sunucu hatası: ';
 $PHPMAILER_LANG['variable_set']         = 'Değişken ayarlanamadı ya da sıfırlanamadı: ';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = 'Eklenti bulunamadı: ';

system/libs/phpmailer/language/phpmailer.lang-zh_cn.php

@@ -4,13 +4,14 @@
  * @package PHPMailer
  * @author liqwei <liqwei@liqwei.com>
  * @author young <masxy@foxmail.com>
+ * @author Teddysun <i@teddysun.com>
  */
 
 $PHPMAILER_LANG['authenticate']         = 'SMTP 错误：登录失败。';
 $PHPMAILER_LANG['connect_host']         = 'SMTP 错误：无法连接到 SMTP 主机。';
 $PHPMAILER_LANG['data_not_accepted']    = 'SMTP 错误：数据不被接受。';
 $PHPMAILER_LANG['empty_message']        = '邮件正文为空。';
-$PHPMAILER_LANG['encoding']             = '未知编码: ';
+$PHPMAILER_LANG['encoding']             = '未知编码：';
 $PHPMAILER_LANG['execute']              = '无法执行：';
 $PHPMAILER_LANG['file_access']          = '无法访问文件：';
 $PHPMAILER_LANG['file_open']            = '文件错误：无法打开文件：';
@@ -22,6 +23,6 @@ $PHPMAILER_LANG['provide_address']      = '必须提供至少一个收件人地
 $PHPMAILER_LANG['recipients_failed']    = 'SMTP 错误：收件人地址错误：';
 $PHPMAILER_LANG['signing']              = '登录失败：';
 $PHPMAILER_LANG['smtp_connect_failed']  = 'SMTP服务器连接失败。';
-$PHPMAILER_LANG['smtp_error']           = 'SMTP服务器出错: ';
+$PHPMAILER_LANG['smtp_error']           = 'SMTP服务器出错：';
 $PHPMAILER_LANG['variable_set']         = '无法设置或重置变量：';
-//$PHPMAILER_LANG['extension_missing']    = 'Extension missing: ';
+$PHPMAILER_LANG['extension_missing']    = '丢失模块 Extension：';

system/libs/plugins.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -108,7 +107,7 @@ class Plugins {
 											$query = $query->fetch();
 											$db->update(TABLE_PREFIX . 'hooks', array('type' => $hook, 'file' => $info['file']), array('id' => (int)$query['id']));
 										} else {
-											$db->insert(TABLE_PREFIX . 'hooks', array('id' => 'NULL', 'name' => $_name, 'type' => $hook, 'file' => $info['file']));
+											$db->insert(TABLE_PREFIX . 'hooks', array('id' => null, 'name' => $_name, 'type' => $hook, 'file' => $info['file']));
 										}
 									} else
 										self::$warnings[] = 'Unknown event type: ' . $info['type'];
@@ -138,6 +137,66 @@ class Plugins {
 		return false;
 	}
 	
+	public static function uninstall($plugin_name) {
+		global $cache, $db;
+		
+		$filename = BASE . 'plugins/' . $plugin_name . '.json';
+		if(!file_exists($filename)) {
+			self::$error = 'Plugin ' . $plugin_name . ' does not exist.';
+			return false;
+		}
+		else {
+			$string = file_get_contents($filename);
+			$plugin_info = json_decode($string, true);
+			if($plugin_info == false) {
+				self::$error = 'Cannot load plugin info ' . $plugin_name . '.json';
+				return false;
+			}
+			else {
+				if(!isset($plugin_info['uninstall'])) {
+					self::$error = "Plugin doesn't have uninstall options defined. Skipping...";
+					return false;
+				}
+				else {
+					$success = true;
+					foreach($plugin_info['uninstall'] as $file) {
+						$file = BASE . $file;
+						if(!deleteDirectory($file)) {
+							$success = false;
+						}
+					}
+					
+					if (isset($plugin_info['hooks'])) {
+						foreach ($plugin_info['hooks'] as $_name => $info) {
+							if (defined('HOOK_'. $info['type'])) {
+								$hook = constant('HOOK_'. $info['type']);
+								$query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'hooks` WHERE `name` = ' . $db->quote($_name) . ';');
+								if ($query->rowCount() == 1) { // found something
+									$query = $query->fetch();
+									$db->delete(TABLE_PREFIX . 'hooks', array('id' => (int)$query['id']));
+								}
+							} else
+								self::$warnings[] = 'Unknown event type: ' . $info['type'];
+						}
+					}
+					
+					if($success) {
+						if($cache->enabled()) {
+							$cache->delete('templates');
+						}
+						
+						return true;
+					}
+					else {
+						self::$error = error_get_last();
+					}
+				}
+			}
+		}
+		
+		return false;
+	}
+	
 	public static function getWarnings() {
 		return self::$warnings;
 	}

system/libs/pot/OTS_Account.php

@@ -170,7 +170,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
     public function load($id)
     {
         // SELECT query on database
-        $this->data = $this->db->query('SELECT `id`, ' . (fieldExist('name', 'accounts') ? '`name`,' : '') . '`password`, `email`, ' . $this->db->fieldName('blocked') . ', ' . $this->db->fieldName('rlname') . ', ' . $this->db->fieldName('location') . ', ' . $this->db->fieldName('web_flags') . ', ' . (fieldExist('premdays', 'accounts') ? $this->db->fieldName('premdays') . ',' : '') . (fieldExist('lastday', 'accounts') ? $this->db->fieldName('lastday') . ',' : (fieldExist('premend', 'accounts') ?  $this->db->fieldName('premend') . ' as `lastday`,' : '')) . $this->db->fieldName('created') . ' FROM ' . $this->db->tableName('accounts') . ' WHERE ' . $this->db->fieldName('id') . ' = ' . (int) $id)->fetch();
+        $this->data = $this->db->query('SELECT `id`, ' . (fieldExist('name', 'accounts') ? '`name`,' : '') . '`password`, `email`, ' . $this->db->fieldName('blocked') . ', ' . $this->db->fieldName('rlname') . ', ' . $this->db->fieldName('location') . ', ' . $this->db->fieldName('web_flags') . ', ' . (fieldExist('premdays', 'accounts') ? $this->db->fieldName('premdays') . ',' : '') . (fieldExist('lastday', 'accounts') ? $this->db->fieldName('lastday') . ',' : (fieldExist('premend', 'accounts') ?  $this->db->fieldName('premend') . ',' : '')) . $this->db->fieldName('created') . ' FROM ' . $this->db->tableName('accounts') . ' WHERE ' . $this->db->fieldName('id') . ' = ' . (int) $id)->fetch();
     }
 
 /**
@@ -252,9 +252,14 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		$lastday = 'lastday';
 		if(fieldExist('premend', 'accounts'))
 			$lastday = 'premend';
+		
+		$field = 'lastday';
+		if(isset($this->data['premend'])) { // othire
+			$field = 'premend';
+		}
 
         // UPDATE query on database
-        $this->db->query('UPDATE `accounts` SET ' . (fieldExist('name', 'accounts') ? '`name` = ' . $this->db->quote($this->data['name']) . ',' : '') . '`password` = ' . $this->db->quote($this->data['password']) . ', `email` = ' . $this->db->quote($this->data['email']) . ', `blocked` = ' . (int) $this->data['blocked'] . ', `rlname` = ' . $this->db->quote($this->data['rlname']) . ', `location` = ' . $this->db->quote($this->data['location']) . ', `web_flags` = ' . (int) $this->data['web_flags'] . ', ' . (fieldExist('premdays', 'accounts') ? '`premdays` = ' . (int) $this->data['premdays'] . ',' : '') . '`' . $lastday . '` = ' . (int) $this->data['lastday'] . ' WHERE `id` = ' . $this->data['id']);
+        $this->db->query('UPDATE `accounts` SET ' . (fieldExist('name', 'accounts') ? '`name` = ' . $this->db->quote($this->data['name']) . ',' : '') . '`password` = ' . $this->db->quote($this->data['password']) . ', `email` = ' . $this->db->quote($this->data['email']) . ', `blocked` = ' . (int) $this->data['blocked'] . ', `rlname` = ' . $this->db->quote($this->data['rlname']) . ', `location` = ' . $this->db->quote($this->data['location']) . ', `web_flags` = ' . (int) $this->data['web_flags'] . ', ' . (fieldExist('premdays', 'accounts') ? '`premdays` = ' . (int) $this->data['premdays'] . ',' : '') . '`' . $field . '` = ' . (int) $this->data[$field] . ' WHERE `id` = ' . $this->data['id']);
     }
 
 /**
@@ -327,22 +332,18 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		return $this->hasFlag(FLAG_SUPER_ADMIN);
 	}
 
-    public function getPremDays()
-    {
-        if( !isset($this->data['lastday']) )
-        {
-            throw new E_OTS_NotLoaded();
-        }
+	public function getPremDays()
+	{
+		if(!isset($this->data['lastday']) && !isset($this->data['premend'])) {
+			throw new E_OTS_NotLoaded();
+		}
 
-		if(fieldExist('premdays', 'accounts'))
-			return $this->data['premdays'];
-		
-        if($this->data['lastday'] == 0)
-            return 0;
-        
-		return round(($this->data['lastday'] - time()) / (24 * 60 * 60), 3);
-        //return $this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday']));
-    }
+		if(isset($this->data['premend'])) {
+			return round(($this->data['premend'] - time()) / (24 * 60 * 60), 2);
+		}
+
+		return $this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday']));
+	}
 	
    public function getLastLogin()
     {
@@ -358,12 +359,13 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
     {
 		global $config;
         if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return true;
-		if(fieldExist('premdays', 'accounts'))
-			return $this->data['premdays'] > 0;
-	
-		return $this->data['lastday'] > time();
-        //return ($this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday'])) > 0);
-    }
+
+		if(isset($this->data['premend'])) {
+			return $this->data['premend'] > time();
+		}
+
+		return ($this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday'])) > 0);
+	}
 
     public function getCreated()
     {

system/libs/pot/OTS_Player.php

@@ -3151,6 +3151,14 @@ class OTS_Player extends OTS_Row_DAO
 
         $this->db->query('DELETE FROM ' . $this->db->tableName('player_spells') . ' WHERE ' . $this->db->fieldName('player_id') . ' = ' . $this->data['id'] . ' AND ' . $this->db->fieldName('name') . ' = ' . $this->db->quote( $spell->getName() ) );
     }
+	
+	public static function getPercentLevel($count, $nextLevelCount)
+	{
+		if($nextLevelCount > 0)
+			return min(100, max(0, $count * 100 / $nextLevelCount));
+
+		return 0;
+	}
 
 /**
  * Magic PHP5 method.

system/libs/pot/OTS_Toolbox.php

@@ -28,13 +28,11 @@ class OTS_Toolbox
  * @param int $experience Current experience points.
  * @return int Experience points for level.
  */
-    public static function experienceForLevel($level, $experience = 0)
+	public static function experienceForLevel($level, $experience = 0)
     {
-        return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
-		/*
-			$level = $level - 1;
-	return ((50 * $level * $level * $level) - (150 * $level * $level) + (400 * $level)) / 3;
-	*/
+        //return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
+		$level = $level - 1;
+		return ((50 * $level * $level * $level) - (150 * $level * $level) + (400 * $level)) / 3;
     }
 
 /**

system/libs/spells.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/timer.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/libs/usage_statistics.php

@@ -5,35 +5,30 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
 class Usage_Statistics {
+	private static $report_url = 'https://my-aac.org/report_usage.php';
+	
 	public static function report() {
-		$url = 'http://my-acc.org/report_usage.php';
-		//$url = BASE_URL . 'report_usage.php';
-		
 		$data = json_encode(self::getStats());
+		
 		$options = array(
 			'http' => array(
-				'header'  => 'Content-type: application/json',
-				'method'  => 'POST',
+				'header'  => 'Content-type: application/json' . "\r\n"
+				. 'Content-Length: ' . strlen($data) . "\r\n",
 				'content' => $data
 			)
 		);
 		
 		$context  = stream_context_create($options);
-		$result = file_get_contents($url, false, $context);
-		if ($result === false) {
-			return false;
-		}
-		
-		return true;
-		//var_dump($result);
+		$result = file_get_contents(self::$report_url, false, $context);
+
+		return $result !== false;
 	}
-	
+
 	public static function getStats() {
 		global $config, $db;
 		

system/libs/validator.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -86,13 +85,7 @@ class Validator
 			return false;
 		}
 		
-		if(strspn($name, "QWERTYUIOPASDFGHJKLZXCVBNM0123456789") != $length)
-		{
-			self::$lastError = 'Invalid account name format. Use only A-Z and numbers 0-9.';
-			return false;
-		}
-		
-		if(!preg_match("/[A-Z0-9]/", $name))
+		if(!preg_match("/[A-Z0-9]/i", $name))
 		{
 			self::$lastError = 'Invalid account name format. Use only A-Z and numbers 0-9.';
 			return false;
@@ -365,6 +358,11 @@ class Validator
 	 */
 	public static function guildName($name)
 	{
+		if(empty($name)) {
+			self::$lastError = 'Please enter guild name.';
+			return false;
+		}
+		
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789- ") != strlen($name)) {
 			self::$lastError = 'Invalid guild name format.';
 			return false;
@@ -387,6 +385,11 @@ class Validator
 	 */
 	public static function rankName($name)
 	{
+		if(empty($name)) {
+			self::$lastError = 'Please enter rank name.';
+			return false;
+		}
+		
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789-[ ] ") != strlen($name)) {
 			self::$lastError = 'Invalid rank name. Please use only a-Z, 0-9 and spaces.';
 			return false;

system/libs/visitors.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -102,12 +101,12 @@ class Visitors
 		if($this->cacheEnabled) {
 			foreach($this->data as $ip => &$details)
 				$details['ip'] = $ip;
-
+			
 			return $this->data;
 		}
-
+		
 		global $db;
-		return $db->query('SELECT ' . $db->fieldName('ip') . ', ' . $db->fieldName('lastvisit') . ', ' . $db->fieldName('page') . ' FROM ' . $db->tableName(TABLE_PREFIX . 'visitors') . ' ORDER BY ' . $db->fieldName('lastvisit') . ' DESC')->fetch();
+		return $db->query('SELECT ' . $db->fieldName('ip') . ', ' . $db->fieldName('lastvisit') . ', ' . $db->fieldName('page') . ' FROM ' . $db->tableName(TABLE_PREFIX . 'visitors') . ' ORDER BY ' . $db->fieldName('lastvisit') . ' DESC')->fetchAll();
 	}
 
 	public function getAmountVisitors()

system/libs/weapons.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/locale/en/install.php

@@ -42,7 +42,6 @@ $locale['step_config'] = 'Configuration';
 $locale['step_config_title'] = 'Basic configuration';
 $locale['step_config_server_path'] = 'Server path';
 $locale['step_config_server_path_desc'] = 'Path to your TFS main directory, where you have config.lua located.';
-
 $locale['step_config_mail_admin'] = 'Admin E-Mail';
 $locale['step_config_mail_admin_desc'] = 'Address where emails from contact form will be delivered, for example admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'Admin E-Mail is not correct.';
@@ -51,6 +50,8 @@ $locale['step_config_mail_address_desc'] = 'Address which will be used for outgo
 $locale['step_config_mail_address_error'] = 'Server E-Mail is not correct.';
 $locale['step_config_client'] = 'Client version';
 $locale['step_config_client_desc'] = 'Used for download page and some templates';
+$locale['step_config_usage'] = 'Usage Statistics';
+$locale['step_config_usage_desc'] = 'Allow MyAAC to report anonymous usage statistics? The data is sent only once per 30 days and is fully confidential.';
 
 // database
 $locale['step_database'] = 'Import schema';
@@ -63,7 +64,7 @@ $locale['step_database_error_only_mysql'] = 'This AAC supports only MySQL. From
 $locale['step_database_error_table'] = 'Table $TABLE$ doesn\'t exist. Please import your OTS database schema first.';
 $locale['step_database_error_table_exist'] = 'Table $TABLE$ already exist. Seems AAC is already installed. Skipping importing MySQL schema..';
 $locale['step_database_error_schema'] = 'Error while importing schema:';
-$locale['step_database_success_schema'] = 'Succesfully installed $PREFIX$ tables.';
+$locale['step_database_success_schema'] = 'Successfully installed $PREFIX$ tables.';
 $locale['step_database_error_file'] = '$FILE$ couldn\'t be opened. Please copy this content and paste there:';
 $locale['step_database_adding_field'] = 'Adding field';
 $locale['step_database_modifying_field'] = 'Modifying field';
@@ -80,10 +81,16 @@ $locale['step_admin'] = 'Admin Account';
 $locale['step_admin_title'] = 'Create Admin Account';
 $locale['step_admin_account'] = 'Admin account name';
 $locale['step_admin_account_desc'] = 'Name of your admin account, which will be used to login to website and server.';
-$locale['step_admin_account_id'] = 'Admin account id';
-$locale['step_admin_account_id_desc'] = 'ID of your admin account, which will be used to login to website and server.';
+$locale['step_admin_account_error_format'] = 'Invalid account name format. Use only a-Z and numbers 0-9. Minimum 3, maximum 32 characters.';
+$locale['step_admin_account_error_same'] = 'Password may not be the same as account name.';
+$locale['step_admin_account_id'] = 'Admin account number';
+$locale['step_admin_account_id_desc'] = 'Number of your admin account, which will be used to login to website and server.';
+$locale['step_admin_account_id_error_format'] = 'Invalid account number format. Please use only numbers 0-9. Minimum 6, maximum 10 characters.';
+$locale['step_admin_account_id_error_same'] = 'Password may not be the same as account number.';
 $locale['step_admin_password'] = 'Admin account password';
 $locale['step_admin_password_desc'] = 'Password to your admin account.';
+$locale['step_admin_password_error_empty'] = 'Please enter the password for your new account.';
+$locale['step_admin_password_error_format'] = 'Invalid password format. Use only a-Z and numbers 0-9. Minimum 8, maximum 30 characters.';
 
 // finish
 $locale['step_finish_admin_panel'] = 'Admin Panel';

system/locale/pl/install.php

@@ -42,11 +42,6 @@ $locale['step_config'] = 'Konfiguracja';
 $locale['step_config_title'] = 'Podstawowa konfiguracja';
 $locale['step_config_server_path'] = 'Ścieżka do serwera';
 $locale['step_config_server_path_desc'] = 'Ścieżka do Twojego folderu z TFS, gdzie znajduje się plik config.lua.';
-$locale['step_config_account'] = 'Konto administratora';
-$locale['step_config_account_desc'] = 'Nazwa twojego konta admina, która będzie używana do logowania na stronę i do serwera.';
-$locale['step_config_password'] = 'Hasło do konta admina';
-$locale['step_config_password_desc'] = 'Hasło do Twojego konta administratora.';
-
 $locale['step_config_mail_admin'] = 'E-Mail admina';
 $locale['step_config_mail_admin_desc'] = 'Na ten adres będą dostarczane E-Maile z formularza kontaktowego , przykładowo admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'E-Mail admina jest niepoprawny.';
@@ -55,13 +50,16 @@ $locale['step_config_mail_address_desc'] = 'Ten adres będzie używany do wysył
 $locale['step_config_mail_address_error'] = 'E-Mail serwera jest niepoprawny.';
 $locale['step_config_client'] = 'Wersja klienta';
 $locale['step_config_client_desc'] = 'Używana do strony pobieranie klienta oraz kilku szablonów';
+$locale['step_config_usage'] = 'Raportowanie Statystyk';
+$locale['step_config_usage_desc'] = 'Zezwalaj MyAAC na raportowanie anonimowych statystyk? Dane są wysyłane raz na 30 dni i są w pełni anonimowe.';
 
 // database
-$locale['step_database'] = 'Baza';
+$locale['step_database'] = 'Baza Danych';
 $locale['step_database_title'] = 'Baza MySQL';
 $locale['step_database_importing'] = 'Twoja baza to MySQL. Importowanie schematu...';
 $locale['step_database_error_path'] = 'Proszę podać ścieżkę do serwera.';
 $locale['step_database_error_config'] = 'Nie można znaleźć pliku config. Jest Twoja ścieżka do katalogu serwera poprawna? Wróć się i sprawdź ponownie.';
+$locale['step_database_error_database_empty'] = 'Nie można wykryć typu bazy danych z pliku config.lua. Prawdopodobnie Twój OTS nie jest wspierany przez ten AAC.';
 $locale['step_database_error_only_mysql'] = 'Ten AAC wspiera tylko bazy danych MySQL. Z Twojego pliku config wynika, że Twój serwera używa bazy: $DATABASE_TYPE$. Proszę zmienić typ bazy na MySQL i ponownie przystąpić do instalacji.';
 $locale['step_database_error_table'] = 'Tabela $TABLE$ nie istnieje. Proszę najpierw zaimportować schemat bazy danych serwera OTS.';
 $locale['step_database_error_table_exist'] = 'Tabela $TABLE$ już istnieje. Wygląda na to, że AAC został już zainstalowany. Schemat MySQL nie zostanie zaimportowany..';
@@ -72,9 +70,28 @@ $locale['step_database_adding_field'] = 'Dodawanie pola';
 $locale['step_database_modifying_field'] = 'Modyfikacja pola';
 $locale['step_database_changing_field'] = 'Zmiana $FIELD$ na $FIELD_NEW$...';
 $locale['step_database_imported_players'] = 'Importowanie schematów graczy...';
+$locale['step_database_loaded_monsters'] = 'Załadowano potworki (monsters)...';
+$locale['step_database_error_monsters'] = 'Wystąpiły problemy podczas ładowania pliku monsters.xml. Zobacz $LOG$ po więcej informacji.';
+$locale['step_database_loaded_spells'] = 'Załadowano czary (spells)...';
 $locale['step_database_created_account'] = 'Utworzono konto admina...';
 $locale['step_database_created_news'] = 'Utworzono newsy...';
 
+// admin account
+$locale['step_admin'] = 'Konto Admina';
+$locale['step_admin_title'] = 'Tworzenie Konta Admina';
+$locale['step_admin_account'] = 'Nazwa Konta Admina';
+$locale['step_admin_account_desc'] = 'Nazwa Twojego konta admina, która będzie używana do logowania na stronę i do serwera.';
+$locale['step_admin_account_error_format'] = 'Nieprawidłowy format nazwy konta. Używaj tylko znaków a-Z oraz liczb 0-9. Minimum 3, maksimum 32 znaków.';
+$locale['step_admin_account_error_same'] = 'Hasło nie może być takie same jak nazwa konta.';
+$locale['step_admin_account_id'] = 'Numer Konta Admina';
+$locale['step_admin_account_id_desc'] = 'Numer Twojego Konta Admina, który będzie używany do logowania do strony i na serwer.';
+$locale['step_admin_account_id_error_format'] = 'Nieprawidłowy format numeru konta. Używaj tylko liczb 0-9. Minimum 6, maksimum 10 znaków.';
+$locale['step_admin_account_id_error_same'] = 'Hasło nie może być takie same jak numer konta.';
+$locale['step_admin_password'] = 'Hasło Konta Admina';
+$locale['step_admin_password_desc'] = 'Hasło do Twojego Konta Admina.';
+$locale['step_admin_password_error_empty'] = 'Proszę podać hasło do Twojego nowego konta.';
+$locale['step_admin_password_error_format'] = 'Nieprawidłowy format hasła. Używaj tylko znaków a-Z oraz liczb 0-9. Minimum 8, maksimum 30 characters.';
+
 // finish
 $locale['step_finish_admin_panel'] = 'Panelu Admina';
 $locale['step_finish_homepage'] = 'stronę główną';

system/login.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -13,7 +12,9 @@ $logged = false;
 $logged_flags = 0;
 
 $action = isset($_REQUEST['action']) ? strtolower($_REQUEST['action']) : '';
-if($action == 'logout' && !isset($_REQUEST['account_login']))
+define('ACTION', $action);
+
+if(ACTION == 'logout' && !isset($_REQUEST['account_login']))
 {
 	unsetSession('account');
 	unsetSession('password');

system/migrations/16.php

@@ -0,0 +1,5 @@
+<?php
+
+// change size of spells.vocations
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` MODIFY `vocations` VARCHAR(300) NOT NULL DEFAULT '';");
+?>

system/migrations/17.php

@@ -0,0 +1,88 @@
+<?php
+
+if(!tableExist('myaac_menu')) {
+	$db->query("
+CREATE TABLE `myaac_menu`
+(
+	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`template` VARCHAR(255) NOT NULL,
+	`name` VARCHAR(255) NOT NULL,
+	`link` VARCHAR(255) NOT NULL,
+	`category` INT(11) NOT NULL DEFAULT 1,
+	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`enabled` INT(1) NOT NULL DEFAULT 1,
+	PRIMARY KEY (`id`)
+) ENGINE = MyISAM;");
+	
+	$db->query("
+/* MENU_CATEGORY_NEWS kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Latest News', 'news', 1, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'News Archive', 'news/archive', 1, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Changelog', 'changelog', 1, 2);
+/* MENU_CATEGORY_ACCOUNT kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Account Management', 'account/manage', 2, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Create Account', 'account/create', 2, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Lost Account?', 'account/lost', 2, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Rules', 'rules', 2, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Downloads', 'downloads', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Report Bug', 'bugtracker', 2, 5);
+/* MENU_CATEGORY_COMMUNITY kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Who is Online?', 'online', 3, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Characters', 'characters', 3, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Guilds', 'guilds', 3, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Highscores', 'highscores', 3, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Last Deaths', 'lastkills', 3, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Houses', 'houses', 3, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Bans', 'bans', 3, 6);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Forum', 'forum', 3, 7);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Team', 'team', 3, 8);
+/* MENU_CATEGORY_LIBRARY kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Monsters', 'creatures', 5, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Spells', 'spells', 5, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Server Info', 'serverInfo', 5, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Commands', 'commands', 5, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Gallery', 'gallery', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Experience Table', 'experienceTable', 5, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'FAQ', 'faq', 5, 6);
+/* MENU_CATEGORY_SHOP kathrine */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Buy Points', 'points', 6, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop Offer', 'gifts', 6, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('kathrine', 'Shop History', 'gifts/history', 6, 2);
+/* MENU_CATEGORY_NEWS tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Latest News', 'news', 1, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'News Archive', 'news/archive', 1, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Changelog', 'changelog', 1, 2);
+/* MENU_CATEGORY_ACCOUNT tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Account Management', 'account/manage', 2, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Create Account', 'account/create', 2, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Lost Account?', 'account/lost', 2, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Rules', 'rules', 2, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Downloads', 'downloads', 2, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Report Bug', 'bugtracker', 2, 5);
+/* MENU_CATEGORY_COMMUNITY tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Characters', 'characters', 3, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Who Is Online?', 'online', 3, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Highscores', 'highscores', 3, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Last Kills', 'lastkills', 3, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Houses', 'houses', 3, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Guilds', 'guilds', 3, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Polls', 'polls', 3, 6);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Bans', 'bans', 3, 7);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Support List', 'team', 3, 8);
+/* MENU_CATEGORY_FORUM tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Forum', 'forum', 4, 0);
+/* MENU_CATEGORY_LIBRARY tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Creatures', 'creatures', 5, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Spells', 'spells', 5, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Commands', 'commands', 5, 2);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Exp Stages', 'experienceStages', 5, 3);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Gallery', 'gallery', 5, 4);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Server Info', 'serverInfo', 5, 5);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Experience Table', 'experienceTable', 5, 6);
+/* MENU_CATEGORY_SHOP tibiacom */
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Buy Points', 'points', 6, 0);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop Offer', 'gifts', 6, 1);
+INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop History', 'gifts/history', 6, 2);
+	");
+}
+?>

system/migrations/18.php

@@ -0,0 +1,6 @@
+<?php
+
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "news` ADD `article_text` VARCHAR(300) NOT NULL DEFAULT '' AFTER `comments`;");
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "news` ADD `article_image` VARCHAR(100) NOT NULL DEFAULT '' AFTER `article_text`;");
+
+?>

system/migrations/19.php

@@ -0,0 +1,3 @@
+<?php
+// this migration has been removed, but file kept for compability
+?>

system/migrations/20.php

@@ -0,0 +1,39 @@
+<?php
+
+$config_file = BASE . 'config.local.php';
+if(!is_writable($config_file)) { // we can't do anything, just ignore
+	return;
+}
+
+$content_of_file = trim(file_get_contents($config_file));
+if(strpos($content_of_file, 'highscores_ids_hidden') !== false) { // already present
+	return;
+}
+
+$query = $db->query("SELECT `id` FROM `players` WHERE (`name` = " . $db->quote("Rook Sample") . " OR `name` = " . $db->quote("Sorcerer Sample") . " OR `name` = " . $db->quote("Druid Sample") . " OR `name` = " . $db->quote("Paladin Sample") . " OR `name` = " . $db->quote("Knight Sample") . ") ORDER BY `id`;");
+
+$highscores_ignored_ids = array();
+if($query->rowCount() > 0) {
+	foreach($query->fetchAll() as $result)
+		$highscores_ignored_ids[] = $result['id'];
+}
+else {
+	$highscores_ignored_ids[] = 0;
+}
+
+$php_on_end = substr($content_of_file, -2, 2) == '?>';
+$content = PHP_EOL;
+if($php_on_end) {
+	$content .= '<?php';
+}
+
+$content .= PHP_EOL;
+$content .= '$config[\'highscores_ids_hidden\'] = array(' . implode(', ', $highscores_ignored_ids) . ');';
+$content .= PHP_EOL;
+
+if($php_on_end) {
+	$content .= '?>';
+}
+
+file_put_contents($config_file, $content, FILE_APPEND);
+?>

system/pages/404.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account.php

@@ -1,25 +1,16 @@
 <?php
 /**
  * Account confirm mail
+ * Keept for compability
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = 'Account';
 
-if($action == 'confirm_email')
-{
-	$res = $db->query('SELECT email_hash FROM accounts WHERE email_hash = ' . $db->quote($_GET['v']));
-	if(!$res->rowCount())
-		echo '<div class="note">Your email couldn\'t be verified. Please contact staff to do it manually.</div>';
-	else
-	{
-		$db->update('accounts', array('email_verified' => '1'), array('email_hash' => $_GET['v']));
-		echo '<div class="success">You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.</div>';
-	}
+if($action == 'confirm_email') {
+	require_once(PAGES . 'account/confirm_email.php');
 }
 ?>

system/pages/account/change_comment.php

@@ -6,12 +6,11 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$player_name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
+$player_name = isset($_REQUEST['name']) ? stripslashes(urldecode($_REQUEST['name'])) : null;
 $new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
 $new_hideacc = isset($_POST['accountvisible']) ? (int)$_POST['accountvisible'] : NULL;
 

system/pages/account/change_email.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account/change_info.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account/change_name.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account/change_password.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account/change_sex.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account/confirm_email.php

@@ -0,0 +1,29 @@
+<?php
+/**
+ * Account confirm mail
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$title = 'Confirm Email';
+
+$hash = isset($_GET['v']) ? $_GET['v'] : '';
+if(empty($hash)) {
+	warning('Please enter email hash code.<br/>If you copied the link, please try again with full link.');
+	return;
+}
+
+$res = $db->query('SELECT `email_hash` FROM `accounts` WHERE `email_hash` = ' . $db->quote($hash));
+if(!$res->rowCount()) {
+	note("Your email couldn't be verified. Please contact staff to do it manually.");
+}
+else
+{
+	$db->update('accounts', array('email_verified' => '1'), array('email_hash' => $hash));
+	success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.');
+}
+?>

system/pages/account/create_character.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account/delete_character.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account/register.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/account/register_new.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/accountmanagement.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -26,6 +25,11 @@ if(!$logged)
 	}
 	else
 	{
+		if($action == 'confirm_email') {
+			require(PAGES . 'account/' . $action . '.php');
+			return;
+		}
+		
 		if(!empty($errors))
 			echo $twig->render('error_box.html.twig', array('errors' => $errors));
 		
@@ -34,8 +38,9 @@ if(!$logged)
 			'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
 			'error' => isset($errors[0]) ? $errors[0] : null
 		));
-	return;
 	}
+
+	return;
 }
 
 $errors = array();
@@ -105,7 +110,7 @@ $errors = array();
 		$players = array();
 		$account_players = $account_logged->getPlayersList();
 		$account_players->orderBy('id');
-		
+
 		echo $twig->render('account.management.html.twig', array(
 			'welcome_message' => $welcome_message,
 			'recovery_key' => $recovery_key,
@@ -124,7 +129,15 @@ $errors = array();
 			'players' => $account_players
 		));
 	}
-	else if(file_exists(PAGES . 'account/' . $action . '.php')) {
-		require(PAGES . 'account/' . $action . '.php');
+	else {
+		if(!ctype_alnum(str_replace(array('-', '_'), '', $action))) {
+			error('Error: Action contains illegal characters.');
+		}
+		else if(file_exists(PAGES . 'account/' . $action . '.php')) {
+			require(PAGES . 'account/' . $action . '.php');
+		}
+		else {
+			error('This page does not exists.');
+		}
 	}
 ?>

system/pages/admin/changelog.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -17,10 +16,12 @@ if(!file_exists(BASE . 'CHANGELOG')) {
 }
 
 $changelog = file_get_contents(BASE . 'CHANGELOG');
-$changelog = nl2br(htmlspecialchars($changelog));
+$changelog = htmlspecialchars($changelog);
 
 // replace URLs with <a href...> elements
 $changelog = preg_replace('/\s(\w+:\/\/)(\S+)/', ' <a href="\\1\\2" target="_blank">\\1\\2</a>', $changelog);
 
+$changelog = nl2br($changelog);
+
 echo '<div>' . $changelog . '</div>';
 ?>

system/pages/admin/dashboard.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -89,12 +88,9 @@ function clearCache()
 	if($cache->fetch('news' . $template_name . '_' . NEWS, $tmp))
 		$cache->delete('news' . $template_name . '_' . NEWS);
 
-	if($cache->fetch('news' . $template_name . '_' . TICKET, $tmp))
-		$cache->delete('news' . $template_name . '_' . TICKET);
-
-	if($cache->fetch('news' . $template_name . '_' . ARTICLE, $tmp))
-		$cache->delete('news' . $template_name . '_' . ARTICLE);
-
+	if($cache->fetch('news' . $template_name . '_' . TICKER, $tmp))
+		$cache->delete('news' . $template_name . '_' . TICKER);
+	
 	if($cache->fetch('template_ini' . $template_name, $tmp))
 		$cache->delete('template_ini' . $template_name);
 

system/pages/admin/items.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/login.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/logs.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/mailer.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/menus.php

@@ -0,0 +1,110 @@
+<?php
+/**
+ * Menus
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Menus';
+
+if(!hasFlag(FLAG_CONTENT_MENUS) && !superAdmin())
+{
+	echo 'Access denied.';
+	return;
+}
+
+if(isset($_REQUEST['template'])) {
+	$template = $_REQUEST['template'];
+	
+	if(isset($_REQUEST['menu'])) {
+		$post_menu = $_REQUEST['menu'];
+		$post_menu_link = $_REQUEST['menu_link'];
+		if(count($post_menu) != count($post_menu_link)) {
+			echo 'Menu count is not equal menu links. Something went wrong when sending form.';
+			return;
+		}
+		
+		$db->query('DELETE FROM `' . TABLE_PREFIX . 'menu` WHERE `template` = ' . $db->quote($template));
+		foreach($post_menu as $category => $menus) {
+			foreach($menus as $i => $menu) {
+				if(empty($menu)) // don't save empty menu item
+					continue;
+				
+				try {
+					$db->insert(TABLE_PREFIX . 'menu', array('template' => $template, 'name' => $menu, 'link' => $post_menu_link[$category][$i], 'category' => $category, 'ordering' => $i));
+				}
+				catch(PDOException $error) {
+					warning('Error while adding menu item (' . $menu . '): ' . $error->getMessage());
+				}
+			}
+		}
+		
+		success('Saved at ' . date('H:i'));
+	}
+	
+	$file = TEMPLATES . $template . '/config.php';
+	if(file_exists($file)) {
+		require_once($file);
+	}
+	else {
+		echo 'Cannot find template config.php file.';
+		return;
+	}
+	
+	if(!isset($config['menu_categories'])) {
+		echo "No menu categories set in template config.php.<br/>This template doesn't support dynamic menus.";
+		return;
+	}
+	
+	echo 'Hint: You can drag menu items.<br/>Editing: ' . $template . ' template.';
+	$menus = array();
+	$menus_db = $db->query('SELECT `name`, `link`, `category`, `ordering` FROM `' . TABLE_PREFIX . 'menu` WHERE `enabled` = 1 AND `template` = ' . $db->quote($template) . ' ORDER BY `ordering` ASC;')->fetchAll();
+	foreach($menus_db as $menu) {
+		$menus[$menu['category']][] = array('name' => $menu['name'], 'link' => $menu['link'], 'ordering' => $menu['ordering']);
+	}
+	
+	$last_id = array();
+	echo '<form method="post" action="?p=menus">';
+	echo '<input type="hidden" name="template" value="' . $template . '"/>';
+	foreach($config['menu_categories'] as $id => $cat) {
+		echo '<h2>' . $cat['name'] . '<img class="add-button" id="add-button-' . $id . '" src="' . BASE_URL . 'images/plus.png" width="16" height="16"/></h2>';
+		echo '<ul class="sortable" id="sortable-' . $id . '">';
+		if(isset($menus[$id])) {
+			$i = 0;
+			foreach($menus[$id] as $menu) {
+				echo '<li class="ui-state-default" id="list-' . $id . '-' . $i . '"><input type="text" name="menu[' . $id . '][]" value="' . $menu['name'] . '"/><input type="text" name="menu_link[' . $id . '][]" value="' . $menu['link'] . '"/><a class="remove-button" id="remove-button-' . $id . '-' . $i . '"><img src="' . BASE_URL . 'images/del.png"/></a></li>';
+				
+				$i++;
+				$last_id[$id] = $i;
+			}
+		}
+			
+		echo '</ul>';
+	}
+	
+	echo '<input type="submit" class="button" value="Update">';
+	echo '<input type="button" class="button" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus&template=' . $template . '\';">';
+	echo '</form>';
+	
+	echo $twig->render('admin.menus.js.html.twig', array(
+		'menus' => $menus,
+		'last_id' => $last_id
+	));
+}
+else {
+	$templates = $db->query('SELECT `template` FROM `' . TABLE_PREFIX . 'menu` GROUP BY `template`;')->fetchAll();
+	foreach($templates as $key => $value) {
+		$file = TEMPLATES . $value['template'] . '/config.php';
+		if(!file_exists($file)) {
+			unset($templates[$key]);
+		}
+	}
+	
+	echo $twig->render('admin.menus.form.html.twig', array(
+		'templates' => $templates
+	));
+}
+?>

system/pages/admin/notepad.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -20,7 +19,7 @@ if(isset($_POST['content']))
 	else
 		Notepad::update($account_logged->getId(), $_content);
 
-	echo '<div class="success" style="text-align: center;">Saved at ' . date('g:i A') . '</div>';
+	echo '<div class="success" style="text-align: center;">Saved at ' . date('H:i') . '</div>';
 }
 else
 {

system/pages/admin/pages.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -34,12 +33,13 @@ if(!empty($action))
 	if(isset($_REQUEST['title']))
 		$p_title = $_REQUEST['title'];
 
-	$php = isset($_REQUEST['php']);
-	//if($php)
-	//	$body = $_REQUEST['body'];
-	//else
-	if(isset($_REQUEST['body']))
+	$php = isset($_REQUEST['php']) && $_REQUEST['php'] == 1;
+	if($php)
+		$body = $_REQUEST['body'];
+	else if(isset($_REQUEST['body'])) {
+		//$body = $_REQUEST['body'];
 		$body = html_entity_decode(stripslashes($_REQUEST['body']));
+	}
 
 	if(isset($_REQUEST['access']))
 		$access = $_REQUEST['access'];
@@ -56,7 +56,8 @@ if(!empty($action))
 		}
 	}
 	else if($action == 'delete') {
-		Pages::delete($id, $errors);
+		if(Pages::delete($id, $errors))
+			success('Page with id ' . $id . ' has been deleted');
 	}
 	else if($action == 'edit')
 	{
@@ -90,7 +91,7 @@ $query =
 $pages = array();
 foreach($query as $_page) {
 	$pages[] = array(
-		'link' => getFullLink($_page['name'], $_page['name']),
+		'link' => getFullLink($_page['name'], $_page['name'], true),
 		'title' => substr($_page['title'], 0, 20),
 		'id' => $_page['id'],
 		'hidden' => $_page['hidden']
@@ -133,7 +134,7 @@ class Pages
 			if($query === false)
 				$db->insert(TABLE_PREFIX . 'pages', array('name' => $name, 'title' => $title, 'body' => $body, 'player_id' => $player_id, 'php' => $php ? '1' : '0', 'access' => $access));
 			else
-				$errors[] = 'Page with this words already exists.';
+				$errors[] = 'Page with this link already exists.';
 		}
 		else
 			$errors[] = 'Please fill all inputs.';

system/pages/admin/phpinfo.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/players.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/plugins.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -14,67 +13,16 @@ $title = 'Plugin manager';
 require(SYSTEM . 'hooks.php');
 require(LIBS . 'plugins.php');
 
-function deleteDirectory($dir) {
-	if(!file_exists($dir)) {
-		return true;
-	}
-	
-	if(!is_dir($dir)) {
-		return unlink($dir);
-	}
-	
-	foreach(scandir($dir) as $item) {
-		if($item == '.' || $item == '..') {
-			continue;
-		}
-		
-		if(!deleteDirectory($dir . DIRECTORY_SEPARATOR . $item)) {
-			return false;
-		}
-	}
-	
-	return rmdir($dir);
-}
-
 echo $twig->render('admin.plugins.form.html.twig');
 
 if(isset($_REQUEST['uninstall'])){
 	$uninstall = $_REQUEST['uninstall'];
 	
-	$filename = BASE . 'plugins/' . $uninstall . '.json';
-	if(!file_exists($filename)) {
-		error('Plugin ' . $uninstall . ' does not exist.');
+	if(Plugins::uninstall($uninstall)) {
+		success('Successfully uninstalled plugin ' . $uninstall);
 	}
 	else {
-		if(!isset($plugin_info['uninstall'])) {
-			error("Plugin doesn't have uninstall options defined. Skipping...");
-		}
-		else {
-			$string = file_get_contents($filename);
-			$plugin_info = json_decode($string, true);
-			if($plugin_info == false) {
-				error('Cannot load plugin info ' . $uninstall . '.json');
-			}
-			else {
-				$success = true;
-				foreach($plugin_info['uninstall'] as $file) {
-					$file = BASE . $file;
-					if(!deleteDirectory($file)) {
-						$success = false;
-					}
-				}
-				
-				if($success) {
-					if($cache->enabled()) {
-						$cache->delete('templates');
-					}
-					success('Successfully uninstalled plugin ' . $uninstall);
-				}
-				else {
-					error('Error while uninstalling plugin ' . $uninstall . ': ' . error_get_last());
-				}
-			}
-		}
+		error('Error while uninstalling plugin ' . $plugin_name . ': ' . Plugins::getError());
 	}
 }
 else if(isset($_FILES["plugin"]["name"]))

system/pages/admin/statistics.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/tools.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/admin/version.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -16,7 +15,8 @@ $title = 'Version check';
 //$myaac_version = fgets($file);
 $myaac_version = @file_get_contents('http://my-aac.org/VERSION');
 if(!$myaac_version) {
-	warning('Error while fetching version info from http://my-aac.org. Site might be offline.');
+	warning('Error while fetching version info from http://my-aac.org<br/>
+	Please try again later.');
 	return;
 }
 

system/pages/admin/visitors.php

@@ -5,7 +5,6 @@
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/bans.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');

system/pages/bugtracker.php

@@ -6,7 +6,6 @@
  * @author    Gesior <jerzyskalski@wp.pl>
  * @author    Slawkens <slawkens@gmail.com>
  * @copyright 2017 MyAAC
- * @version   0.6.5
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -83,7 +82,7 @@ $showed = $post = $reply = false;
                     echo '</TABLE>';
                 }
                 if($bug[2]['status'] != 3)
-                    echo '<br><a href="index.php?subtopic=bugtracker&control=true&id='.$_REQUEST['id'].'&acc='.$_REQUEST['acc'].'&reply=true"><b>[REPLY]</b></a>';
+                    echo '<br><a href="?subtopic=bugtracker&control=true&id='.$_REQUEST['id'].'&acc='.$_REQUEST['acc'].'&reply=true"><b>[REPLY]</b></a>';
             }
             else
             {
@@ -112,7 +111,7 @@ $showed = $post = $reply = false;
                             $type = 2;
                             $INSERT = $db->query('INSERT INTO `' . TABLE_PREFIX . 'bugtracker` (`account`,`id`,`text`,`reply`,`type`, `who`) VALUES ('.$db->quote($_REQUEST['acc']).','.$db->quote($_REQUEST['id']).','.$db->quote($_POST['text']).','.$db->quote($reply).','.$db->quote($type).','.$db->quote(1).')');
                             $UPDATE = $db->query('UPDATE `' . TABLE_PREFIX . 'bugtracker` SET `status` = '.$_POST['status'].' where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].'');
-                            header('Location: index.php?subtopic=bugtracker&control=true&id='.$_REQUEST['id'].'&acc='.$_REQUEST['acc'].'');
+                            header('Location: ?subtopic=bugtracker&control=true&id='.$_REQUEST['id'].'&acc='.$_REQUEST['acc'].'');
                         }
                     }
                     echo '<br><form method="post" action=""><table><tr><td><i>Description</i></td><td><textarea name="text" rows="15" cols="35"></textarea></td></tr><tr><td>Status[OPEN]</td><td><input type=radio name=status value=2></td></tr><tr><td>Status[CLOSED]</td><td><input type=radio name=status value=3></td></tr></table><br><input type="submit" name="finish" value="Submit" class="input2"/></form>';
@@ -138,7 +137,7 @@ $showed = $post = $reply = false;
                 elseif($report['status'] == 1)
                     $value = "<font color=blue>[NEW ANSWER]</font>";
                             
-                echo '<TR BGCOLOR="' . getStyle($i) . '"><td width=75%><a href="index.php?subtopic=bugtracker&control=true&id='.$report['id'].'&acc='.$report['account'].'">'.$tags[$report['tag']].' '.$report['subject'].'</a></td><td>'.$value.'</td></tr>';            
+                echo '<TR BGCOLOR="' . getStyle($i) . '"><td width=75%><a href="?subtopic=bugtracker&control=true&id='.$report['id'].'&acc='.$report['account'].'">'.$tags[$report['tag']].' '.$report['subject'].'</a></td><td>'.$value.'</td></tr>';
                         
                 $showed=true;
                 $i++;
@@ -202,7 +201,7 @@ $showed = $post = $reply = false;
                     echo '</TABLE>';
                 }
                 if($bug[2]['status'] != 3)
-                    echo '<br><a href="index.php?subtopic=bugtracker&id='.$id.'&reply=true"><b>[REPLY]</b></a>';
+                    echo '<br><a href="?subtopic=bugtracker&id='.$id.'&reply=true"><b>[REPLY]</b></a>';
             }
             else
             {
@@ -231,7 +230,7 @@ $showed = $post = $reply = false;
                             $type = 2;
                             $INSERT = $db->query('INSERT INTO `myaac_bugtracker` (`account`,`id`,`text`,`reply`,`type`) VALUES ('.$db->quote($acc).','.$db->quote($id).','.$db->quote($_POST['text']).','.$db->quote($reply).','.$db->quote($type).')');
                             $UPDATE = $db->query('UPDATE `myaac_bugtracker` SET `status` = 1 where `account` = '.$acc.' and `id` = '.$id.'');
-                            header('Location: index.php?subtopic=bugtracker&id='.$id.'');
+                            header('Location: ?subtopic=bugtracker&id='.$id.'');
                         }
                     }
                     echo '<br><form method="post" action=""><table><tr><td><i>Description</i></td><td><textarea name="text" rows="15" cols="35"></textarea></td></tr></table><br><input type="submit" name="finish" value="Submit" class="input2"/></form>';
@@ -275,7 +274,7 @@ $showed = $post = $reply = false;
                         $bgcolor = $light;
                     }
 
-                    echo '<TR BGCOLOR="'.$bgcolor.'"><td width=75%><a href="index.php?subtopic=bugtracker&id='.$report['id'].'">'.$tags[$report['tag']].' '.$report['subject'].'</a></td><td>'.$value.'</td></tr>';            
+                    echo '<TR BGCOLOR="'.$bgcolor.'"><td width=75%><a href="?subtopic=bugtracker&id='.$report['id'].'">'.$tags[$report['tag']].' '.$report['subject'].'</a></td><td>'.$value.'</td></tr>';
                     
                     $showed=true;
                 }
@@ -286,7 +285,7 @@ $showed = $post = $reply = false;
                 }
                 echo '</TABLE>';
                 
-                echo '<br><a href="index.php?subtopic=bugtracker&add=true"><b>[ADD REPORT]</b></a>';
+                echo '<br><a href="?subtopic=bugtracker&add=true"><b>[ADD REPORT]</b></a>';
             }
             elseif(isset($_REQUEST['add']) && $_REQUEST['add'] == TRUE)
             {
@@ -320,7 +319,7 @@ $showed = $post = $reply = false;
                         $type = 1;
                         $status = 1;
                         $INSERT = $db->query('INSERT INTO `' . TABLE_PREFIX . 'bugtracker` (`account`,`id`,`text`,`type`,`subject`, `reply`,`status`,`tag`) VALUES ('.$db->quote($acc).','.$db->quote($id_next).','.$db->quote($_POST['text']).','.$db->quote($type).','.$db->quote($_POST['subject']).', 0,'.$db->quote($status).','.$db->quote($_POST['tags']).')');
-                        header('Location: index.php?subtopic=bugtracker&id='.$id_next.'');
+                        header('Location: ?subtopic=bugtracker&id='.$id_next.'');
                     }
                         
                 }
@@ -338,6 +337,6 @@ $showed = $post = $reply = false;
     
     if(admin() and empty($_REQUEST['control']))
     {
-        echo '<br><br><a href="index.php?subtopic=bugtracker&control=true">[ADMIN PANEL]</a>';
+        echo '<br><br><a href="?subtopic=bugtracker&control=true">[ADMIN PANEL]</a>';
     }
 ?>