add mostdamage killer

Also change version to 0.7.13-dev

.gitattributes

@@ -0,0 +1,4 @@
+* text=auto
+.gitattributes export-ignore
+.gitignore export-ignore
+_config.yml export-ignore

.gitignore

@@ -1,3 +1,37 @@
 Thumbs.db
 .DS_Store
 .idea
+node_modules
+vendor
+composer.lock
+
+releases
+config.local.php
+PERSONAL_NOTES
+
+# all custom templates
+templates/*
+!templates/tibiacom
+!templates/kathrine
+
+# guild images
+images/guilds/*
+!images/guilds/default.gif
+
+# cache
+system/cache/*
+!system/cache/index.html
+!system/cache/twig/index.html
+!system/cache/signatures/index.html
+
+# logs
+system/logs/*
+!system/logs/index.html
+
+# plugins
+plugins/*
+!plugins/.htaccess
+!plugins/example.json
+!plugins/account-create-hint.json
+!plugins/account-create-hint
+landing

CHANGELOG.md

@@ -1,5 +1,42 @@
 # Changelog
 
+## [0.7.13 - not-release-yet]
+
+### Fixed
+* Ignore arrays in config.lua (fixes experienceStages loading)
+
+## [0.7.12 - 18.02.2020]
+### Fixed
+* change guild nick function causing crash on TFS 1.x because of invalid characters being accepted
+* PHP Mailer autoload function on newer PHP
+* gesior signature guild rank loading
+* leaking database password when cannot connect
+* config.last_kills_limit being ignored
+* monster.loot being cutted off cause of too short column (changed to TEXT)
+
+### Added
+* nginx-sample.conf
+
+## [0.7.11 - 04.05.2019]
+### Added:
+* support for some old servers, where arrays are used in config.lua
+* an additional text to the install page informing that user can reinstall MyAAC by deleting config.local.php
+
+### Fixed:
+* XSS in forum show_thread
+* guilds - "Add new rank" function
+* multiple mail recipients when using admin mailer function
+* Admin Panel - MyAAC logs not shown if servers logs directory doesn't exist (#47)
+* missing prefix for cache get() and delete() functions
+* add fatal error message when myaac tables in database do not exist
+* the mystical defect where "Create Account" button was not highlighted (on the account/manage page)
+* bug where server_config table does not exist (OTHire as an example)
+* database_name in Usage_Statistics
+* forgot to open <head> in install template
+
+### Changed:
+* do not display software version
+
 ## [0.7.10 - 03.03.2018]
 ### Added:
 * new configurable: smtp_secure

README.md

@@ -1,4 +1,10 @@
+# PLEASE DO NOT USE THIS BRANCH/VERSION
+## It is discontinued and won't receive any updates
+## Switch to master branch instead
+## It's keept only for archival purposes
+
 # myaac
+
 MyAAC is a free and open-source Automatic Account Creator (AAC) and Content Management System (CMS) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
 
 Official website: https://my-aac.org

TODO

@@ -1,37 +0,0 @@
-// MyAAC TODO
-
-0.*
-	* support duplicated vocation names with different ids
-	* plugins: option to define custom requirements check in json file, to check if system meets the requirement
-	* add support for defining max myaac version in plugin.json file
-	* cache Menus in templates
-	* don't show error indicators on first time load - createaccount page
-	* update Twig to the latest version from 1.x branch
-	* semantic versioning support for plugins (github.com/composer/semver)
-	* add some notice to the user that installing step "Import Schema" will take some time
-	* check user IP on installing to prevent install by random user
-
-1.0:
-	* i18n support (issue #1 on github)
-	* New Admin Panel layout and interface
-	* add changelog management interface
-	* remove tibiacom template, and include it as a plugin
-
-2.0
-	* remove compat functions
-	* folder restructure:
-		* var/ (for logs, cache and data), config/, bin, public/ (for index and images and other public content), system/ (for php files and classess)
-	* rename templates to layouts as templates is meant to be used for twig templates
-	* change gifts_system to shop_system configurable
-	* move most used options in system/templates dir to separate directories (more transparent)
-
-At any time between (version not specified):
-	* better news archive with search function (like on tibia.com)
-	* guild wars management (issue #13 on github)
-	* update account.management page to be more realistic (like on tibia.com)
-	* update guilds page to be more realistic (like on tibia.com)
-	* possibility to add extra cache engines with plugins
-	* preferably configurable (enable/disable) forum TinyMCE editor
-	* new cache engine - plain php, is good with pure php 7.0+ and opcache
-	* OTAdmin support in Admin Panel
-	* database towns table support for TFS 1.3

common.php

@@ -26,7 +26,7 @@
 session_start();
 
 define('MYAAC', true);
-define('MYAAC_VERSION', '0.7.10');
+define('MYAAC_VERSION', '0.7.13-dev');
 define('DATABASE_VERSION', 22);
 define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));

index.php

@@ -170,6 +170,11 @@ require_once(SYSTEM . 'status.php');
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
 
+// verify myaac tables exists in database
+if(!tableExist('myaac_account_actions')) {
+	die('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
+}
+
 // database migrations
 $tmp = '';
 if(fetchDatabaseConfig('database_version', $tmp)) { // we got version
@@ -417,7 +422,7 @@ else
 	die('ERROR: Cannot load template.');
 }
 
-echo '<!-- MyAAC ' . MYAAC_VERSION . ' :: http://www.my-aac.org/ -->' . "\n";
+echo base64_decode('PCEtLSBQb3dlcmVkIGJ5IE15QUFDIDo6IGh0dHBzOi8vd3d3Lm15LWFhYy5vcmcvIC0tPg==') . PHP_EOL;
 if(($config['debug_level'] & 1) == 1)
 	echo '<!-- Generated in :: ' . round(microtime(true) - START_TIME, 4) . ' -->';
 

install/includes/schema.sql

@@ -236,7 +236,7 @@ CREATE TABLE `myaac_monsters` (
 	`summonable` tinyint(1) NOT NULL,
 	`convinceable` tinyint(1) NOT NULL,
 	`race` varchar(255) NOT NULL,
-	`loot` varchar(500) NOT NULL,
+	`loot` text NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
 

install/steps/5-database.php

@@ -174,6 +174,11 @@ if(!$error) {
 					success($locale['step_database_adding_field'] . ' accounts.premium_points...');
 			}
 
+			if(fieldExist('motd', 'guilds')) {
+				if(query("ALTER TABLE `guilds` MODIFY `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
+					success($locale['step_database_modifying_field'] . ' guilds.motd...');
+			}
+
 			if(!fieldExist('description', 'guilds')) {
 				if(query("ALTER TABLE `guilds` ADD `description` TEXT NOT NULL;"))
 					success($locale['step_database_adding_field'] . ' guilds.description...');
@@ -198,7 +203,7 @@ if(!$error) {
 
 			if(!fieldExist('deleted', 'players') && !fieldExist('deletion', 'players')) {
 				if(query("ALTER TABLE `players` ADD `deleted` TINYINT(1) NOT NULL DEFAULT 0;"))
-					success($locale['step_database_adding_field'] . ' players.comment...');
+					success($locale['step_database_adding_field'] . ' players.deleted...');
 			}
 
 			if(fieldExist('hide_char', 'players')) {

install/template/template.php

@@ -1,5 +1,6 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" dir="<?php echo $locale['direction']; ?>" lang="<?php echo $locale['lang']; ?>" xml:lang="<?php echo $locale['lang']; ?>">
+<head>
 	<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $locale['encoding']; ?>" />
 	<title>MyAAC - <?php echo $locale['installation']; ?></title>
 	<link rel="stylesheet" type="text/css" href="template/style.css" />
@@ -8,7 +9,7 @@
 	<div id="wrapper">
 		<!--div class="buffer"-->
 			<div id="header">
-				<h1>MyAAC v<?php echo MYAAC_VERSION . ' ' . $locale['installation']; ?></h1>
+				<h1>MyAAC <?php echo $locale['installation']; ?></h1>
 			</div>
 
 			<div id="body">

nginx-sample.conf

@@ -0,0 +1,25 @@
+server {
+        listen 80;
+        root /home/otserv/www/public;
+        index index.php;
+        server_name your-domain.com;
+
+        location / {
+                try_files $uri $uri/ /index.php;
+        }
+
+        location ~ \.php$ {
+                include snippets/fastcgi-php.conf;
+                fastcgi_read_timeout 240;
+                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
+        }
+
+        location ~ /\.ht {
+                deny all;
+        }
+
+        location /system {
+           deny all;
+           return 404;
+        }
+}

system/database.php

@@ -95,7 +95,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 			'<ul>' .
 				'<li>MySQL is not configured propertly in <i>config.lua</i>.</li>' .
 				'<li>MySQL server is not running.</li>' .
-			'</ul>' . $error);
+			'</ul>' . $error->getMessage());
 
 	}
 	$db = POT::getInstance()->getDBHandle();

system/functions.php

@@ -473,7 +473,7 @@ function template_header($is_admin = false)
 	$ret .= '
 	<meta name="description" content="' . $config['meta_description'] . '" />
 	<meta name="keywords" content="' . $config['meta_keywords'] . ', myaac, wodzaac" />
-	<meta name="generator" content="MyAAC ' . MYAAC_VERSION . '" />
+	<meta name="generator" content="MyAAC" />
 	<link rel="stylesheet" type="text/css" href="' . BASE_URL . 'tools/messages.css" />
 	<script type="text/javascript" src="' . BASE_URL . 'tools/jquery.js"></script>
 	<noscript>
@@ -810,6 +810,7 @@ function getWorldName($id)
  */
 function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 {
+	/** @var PHPMailer $mailer */
 	global $mailer, $config;
 	if(!$mailer)
 	{
@@ -817,6 +818,9 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 		$mailer = new PHPMailer();
 		$mailer->setLanguage('en', LIBS . 'phpmailer/language/');
 	}
+	else {
+		$mailer->clearAllRecipients();
+	}
 
 	$signature_html = '';
 	if(isset($config['mail_signature']['html']))
@@ -891,6 +895,13 @@ function load_config_lua($filename)
 	if(count($lines) > 0)
 		foreach($lines as $ln => $line)
 		{
+			$line = trim($line);
+			if(@$line[0] === '{' || @$line[0] === '}') {
+				// arrays are not supported yet
+				// just ignore the error
+				continue;
+			}
+
 			$tmp_exp = explode('=', $line, 2);
 			if(strpos($line, 'dofile') !== false)
 			{
@@ -917,6 +928,12 @@ function load_config_lua($filename)
 						$result[$key] = (string) substr(substr($value, 1), 0, -1);
 					elseif(in_array($value, array('true', 'false')))
 						$result[$key] = ($value == 'true') ? true : false;
+					//elseif(substr($value, 0 , 1) == '{' && substr($value, -1 , 1) == '}') {
+					elseif(@$value[0] === '{') {
+						// arrays are not supported yet
+						// just ignore the error
+						continue;
+					}
 					else
 					{
 						foreach($result as $tmp_key => $tmp_value) // load values definied by other keys, like: dailyFragsToBlackSkull = dailyFragsToRedSkull

system/libs/cache_apc.php

@@ -31,7 +31,7 @@ class Cache_APC
 	public function get($key)
 	{
 		$tmp = '';
-		if($this->fetch($key, $tmp))
+		if($this->fetch($this->prefix . $key, $tmp))
 			return $tmp;
 
 		return '';
@@ -42,7 +42,7 @@ class Cache_APC
 	}
 
 	public function delete($key) {
-		apc_delete($key);
+		apc_delete($this->prefix . $key);
 	}
 
 	public function enabled() {

system/libs/cache_eaccelerator.php

@@ -30,7 +30,7 @@ class Cache_eAccelerator
 	public function get($key)
 	{
 		$tmp = '';
-		if($this->fetch($key, $tmp))
+		if($this->fetch($this->prefix . $key, $tmp))
 			return $tmp;
 
 		return '';
@@ -41,7 +41,7 @@ class Cache_eAccelerator
 	}
 
 	public function delete($key) {
-		eaccelerator_rm($key);
+		eaccelerator_rm($this->prefix . $key);
 	}
 
 	public function enabled() {

system/libs/cache_xcache.php

@@ -30,7 +30,7 @@ class Cache_XCache
 	public function get($key)
 	{
 		$tmp = '';
-		if($this->fetch($key, $tmp))
+		if($this->fetch($this->prefix . $key, $tmp))
 			return $tmp;
 
 		return '';
@@ -47,7 +47,7 @@ class Cache_XCache
 	}
 
 	public function delete($key) {
-		xcache_unset($key);
+		xcache_unset($this->prefix . $key);
 	}
 
 	public function enabled() {

system/libs/phpmailer/PHPMailerAutoload.php

@@ -30,20 +30,4 @@ function PHPMailerAutoload($classname)
     }
 }
 
-if (version_compare(PHP_VERSION, '5.1.2', '>=')) {
-    //SPL autoloading was introduced in PHP 5.1.2
-    if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
         spl_autoload_register('PHPMailerAutoload', true, true);
-    } else {
-        spl_autoload_register('PHPMailerAutoload');
-    }
-} else {
-    /**
-     * Fall back to traditional autoload for old PHP versions
-     * @param string $classname The name of the class to load
-     */
-    function __autoload($classname)
-    {
-        PHPMailerAutoload($classname);
-    }
-}

system/libs/pot/OTS_Account.php

@@ -755,7 +755,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
         }
 		if( !isset($this->data['banned']) )
 			$this->loadBan();
-        return ($this->data['banned'] == 1);
+        return ($this->data['banned'] === true);
     }
 
     public function getBanTime()
@@ -781,20 +781,24 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		if(tableExist('account_bans')) {
 			$ban = $this->db->query('SELECT `expires_at` FROM `account_bans` WHERE `account_id` = ' . $this->data['id'] . ' AND (`expires_at` > ' . time() .' OR `expires_at` = -1) ORDER BY `expires_at` DESC')->fetch();
 			$this->data['banned'] = isset($ban['expires_at']);
-			$this->data['banned_time'] = $ban['expires_at'];
+			$this->data['banned_time'] = isset($ban['expires_at']) ? $ban['expires_at'] : 0;
 		}
 		else if(tableExist('bans')) {
 			if(fieldExist('active', 'bans')) {
 				$ban = $this->db->query('SELECT `active`, `expires` FROM `bans` WHERE (`type` = 3 OR `type` = 5) AND `active` = 1 AND `value` = ' . $this->data['id'] . ' AND (`expires` > ' . time() .' OR `expires` = -1) ORDER BY `expires` DESC')->fetch();
-				$this->data['banned'] = $ban['active'];
-				$this->data['banned_time'] = $ban['expires'];
+				$this->data['banned'] = isset($ban['active']);
+				$this->data['banned_time'] = isset($ban['expires']) ? $ban['expires'] : 0;
 			}
 			else { // tfs 0.2
 				$ban = $this->db->query('SELECT `time` FROM `bans` WHERE (`type` = 3 OR `type` = 5) AND `account` = ' . $this->data['id'] . ' AND (`time` > ' . time() .' OR `time` = -1) ORDER BY `time` DESC')->fetch();
-				$this->data['banned'] = $ban['time'] == -1 || $ban['time'] > 0;
-				$this->data['banned_time'] = $ban['time'];
+				$this->data['banned'] = isset($ban['time']) && ($ban['time'] == -1 || $ban['time'] > 0);
+				$this->data['banned_time'] = isset($ban['time']) ? $ban['time'] : 0;
 			}
 		}
+		else {
+			$this->data['banned'] = false;
+			$this->data['banned_time'] = 0;
+		}
     }
 
 /**

system/libs/usage_statistics.php

@@ -40,10 +40,12 @@ class Usage_Statistics {
 		$ret['myaac_version'] = MYAAC_VERSION;
 		$ret['myaac_db_version'] = DATABASE_VERSION;
 
-		$query = $db->query('SELECT `value` FROM `server_config` WHERE `config` = ' . $db->quote('database_version'));
-		if($query->rowCount() == 1) {
-			$query = $query->fetch();
-			$ret['otserv_db_version'] = $query['value'];
+		if(tableExist('server_config')) {
+			$query = $db->query('SELECT `value` FROM `server_config` WHERE `config` = ' . $db->quote('database_version'));
+			if($query->rowCount() == 1) {
+				$query = $query->fetch();
+				$ret['otserv_db_version'] = $query['value'];
+			}
 		}
 		
 		$ret['client_version'] = $config['client'];
@@ -58,7 +60,7 @@ class Usage_Statistics {
 		
 		$query = $db->query('SELECT SUM(ROUND(((DATA_LENGTH + INDEX_LENGTH) / 1024 ), 0)) AS "size"
 FROM INFORMATION_SCHEMA.TABLES
-WHERE TABLE_SCHEMA = "forgottenserver";');
+WHERE TABLE_SCHEMA = "' . $config['database_name'] . '";');
 
 		if($query->rowCount() == 1) {
 			$query = $query->fetch();

system/libs/validator.php

@@ -376,6 +376,33 @@ class Validator
 		return true;
 	}
 
+	/**
+	 * Validate guild nick
+	 * Nick lenght must be 3-40 chars
+	 *
+	 * @param  string $name Name to check
+	 * @return bool Is name valid?
+	 */
+	public static function guildNick($name)
+	{
+		if(empty($name)) {
+			self::$lastError = 'Please enter guild nick.';
+			return false;
+		}
+
+		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789- ") != strlen($name)) {
+			self::$lastError = 'Invalid guild nick format.';
+			return false;
+		}
+
+		if(!preg_match("/[A-z ]{3,40}/", $name)) {
+			self::$lastError = 'Invalid guild nick format.';
+			return false;
+		}
+
+		return true;
+	}
+
 	/**
 	 * Validate rank name
 	 * Rank lenght must be 1-32 chars

system/locale/en/install.php

@@ -18,7 +18,7 @@ $locale['loaded'] = 'Loaded';
 $locale['not_loaded'] = 'Not loaded';
 
 $locale['please_fill_all'] = 'Please fill all inputs!';
-$locale['already_installed'] = 'MyAAC has been already installed. Please delete <b>install/<b/> directory.';
+$locale['already_installed'] = 'MyAAC has been already installed. Please delete <b>install/<b/> directory. If you want to reinstall MyAAC - please delete <strong>config.local.php</strong> file from the main directory and refresh the page.';
 
 // welcome
 $locale['step_welcome'] = 'Welcome';

system/locale/pl/install.php

@@ -18,7 +18,7 @@ $locale['loaded'] = 'Załadowane';
 $locale['not_loaded'] = 'Nie załadowane';
 
 $locale['please_fill_all'] = 'Proszę wypełnić wszystkie pola!';
-$locale['already_installed'] = 'MyAAC został już zainstalowany. Proszę usunąć katalog <b>install/</b>.';
+$locale['already_installed'] = 'MyAAC został już zainstalowany. Proszę usunąć katalog <b>install/</b>. Jeśli chcesz zainstalować MyAAC od nowa - proszę usuń plik <strong>config.local.php</strong> z katalogu głównego i odśwież stronę.';
 
 // welcome
 $locale['step_welcome'] = 'Witamy';

system/locale/sv/install.php

@@ -18,7 +18,7 @@ $locale['loaded'] = 'Laddad';
 $locale['not_loaded'] = 'Inte Laddad';
 
 $locale['please_fill_all'] = 'Vänligen fyll i allt!';
-$locale['already_installed'] = 'MyAAC är redan installerat. Vänligen ta bort <b>install/<b/> mappen.';
+$locale['already_installed'] = 'MyAAC är redan installerat. Vänligen ta bort <b>install/<b/> mappen. Om du vill installera MyAAC igen - ta bort filen <strong>config.local.php</strong> från huvudkatalogen och uppdatera sidan.';
 
 // welcome
 $locale['step_welcome'] = 'Välkommen';

system/pages/admin/logs.php

@@ -28,29 +28,27 @@ foreach(scandir($aac_path_logs) as $f) {
 }
 
 $server_path_logs = $config['server_path'] . 'logs/';
-if(!file_exists($server_path_logs))
-$server_path_logs = $config['data_path'] . 'logs/';
-
 if(!file_exists($server_path_logs)) {
-	echo '</table>Logs are not available on this server.';
-	return;
+    $server_path_logs = $config['data_path'] . 'logs/';
 }
 
-foreach(scandir($server_path_logs) as $f) {
-	if($f[0] == '.' || $f == '..')
-		continue;
+if(file_exists($server_path_logs)) {
+	foreach(scandir($server_path_logs) as $f) {
+		if($f[0] == '.' || $f == '..')
+			continue;
 
-	if(is_dir($server_path_logs . $f)) {
-		foreach(scandir($server_path_logs . $f) as $f2) {
-			if($f2[0] == '.' || $f2 == '..')
-				continue;
-			$files[] = array($f . '/' . $f2, $server_path_logs);
+		if(is_dir($server_path_logs . $f)) {
+			foreach(scandir($server_path_logs . $f) as $f2) {
+				if($f2[0] == '.' || $f2 == '..')
+					continue;
+				$files[] = array($f . '/' . $f2, $server_path_logs);
+			}
+
+			continue;
 		}
 
-		continue;
+		$files[] = array($f, $server_path_logs);
 	}
-	
-	$files[] = array($f, $server_path_logs);
 }
 
 $i = 0;

system/pages/admin/plugins.php

@@ -43,7 +43,7 @@ else if(isset($_FILES["plugin"]["name"]))
 				break;
 			case UPLOAD_ERR_INI_SIZE:
 			case UPLOAD_ERR_FORM_SIZE:
-				$error .= ' - file too large (limit of '.ini_get('upload_max_filesize').' bytes).';
+				$error .= ' - file too large (limit of '.ini_get('upload_max_filesize').' bytes). You can enlarge the limits by changing "upload_max_filesize" in php.ini';
 				break;
 			case UPLOAD_ERR_PARTIAL:
 				$error .= ' - file upload was not completed.';

system/pages/forum/show_thread.php

@@ -13,7 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 $links_to_pages = '';
 $thread_id = (int) $_REQUEST['id'];
 $_page = (int) (isset($_REQUEST['page']) ? $_REQUEST['page'] : 0);
-$thread_name = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`section` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." AND `" . TABLE_PREFIX . "forum`.`id` = `" . TABLE_PREFIX . "forum`.`first_post` AND `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` LIMIT 1")->fetch();
+$thread_name = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`section`, `" . TABLE_PREFIX . "forum`.`post_html` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." AND `" . TABLE_PREFIX . "forum`.`id` = `" . TABLE_PREFIX . "forum`.`first_post` AND `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` LIMIT 1")->fetch();
 
 if(empty($thread_name['name'])) {
 	echo 'Thread with this ID does not exits.';
@@ -36,8 +36,8 @@ for($i = 0; $i < $posts_count['posts_count'] / $config['forum_threads_per_page']
 $threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `players`.`account_id`, `players`.`vocation`" . (fieldExist('promotion', 'players') ? ", `players`.`promotion`" : "") . ", `players`.`level`, `" . TABLE_PREFIX . "forum`.`id`,`" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`section`,`" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_date`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`post_html`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`last_edit_aid`, `" . TABLE_PREFIX . "forum`.`edit_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` LIMIT ".$config['forum_posts_per_page']." OFFSET ".($_page * $config['forum_posts_per_page']))->fetchAll();
 if(isset($threads[0]['name']))
 	$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `views`=`views`+1 WHERE `id` = ".(int) $thread_id);
-echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($threads[0]['section']) . '">'.$sections[$threads[0]['section']]['name'].'</a> >> <b>'.$thread_name['post_topic'].'</b>';
-echo '<br /><br /><a href="?subtopic=forum&action=new_post&thread_id='.$thread_id.'"><img src="images/forum/post.gif" border="0" /></a><br /><br />Page: '.$links_to_pages.'<br /><table width="100%"><tr bgcolor="'.$config['lightborder'].'" width="100%"><td colspan="2"><font size="4"><b>'.htmlspecialchars($thread_name['post_topic']).'</b></font><font size="1"><br />by ' . getPlayerLink($thread_name['name']) . '</font></td></tr><tr bgcolor="'.$config['vdarkborder'].'"><td width="200"><font color="white" size="1"><b>Author</b></font></td><td>&nbsp;</td></tr>';
+echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($threads[0]['section']) . '">'.$sections[$threads[0]['section']]['name'].'</a> >> <b>'.($thread_name['post_html'] ? $thread_name['post_topic'] : htmlspecialchars($thread_name['post_topic'])).'</b>';
+echo '<br /><br /><a href="?subtopic=forum&action=new_post&thread_id='.$thread_id.'"><img src="images/forum/post.gif" border="0" /></a><br /><br />Page: '.$links_to_pages.'<br /><table width="100%"><tr bgcolor="'.$config['lightborder'].'" width="100%"><td colspan="2"><font size="4"><b>'.($thread_name['post_html'] ? $thread_name['post_topic'] : htmlspecialchars($thread_name['post_topic'])).'</b></font><font size="1"><br />by ' . getPlayerLink($thread_name['name']) . '</font></td></tr><tr bgcolor="'.$config['vdarkborder'].'"><td width="200"><font color="white" size="1"><b>Author</b></font></td><td>&nbsp;</td></tr>';
 $player = $ots->createObject('Player');
 foreach($threads as $thread)
 {

system/pages/guilds/add_rank.php

@@ -11,13 +11,13 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
-$new_rank = isset($_REQUEST['rank_name']) ? $_REQUEST['rank_name'] : null;
+$rank_name = isset($_REQUEST['rank_name']) ? $_REQUEST['rank_name'] : null;
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
 
 if(empty($errors)) {
-	if(!Validator::rankName($new_rank)) {
+	if(!Validator::rankName($rank_name)) {
 		$errors[] = 'Invalid rank name format.';
 	}
 	if(!$logged) {
@@ -45,7 +45,7 @@ if(empty($errors)) {
 			$new_rank = new OTS_GuildRank();
 			$new_rank->setGuild($guild);
 			$new_rank->setLevel(1);
-			$new_rank->setName($new_rank);
+			$new_rank->setName($rank_name);
 			$new_rank->save();
 			header("Location: ?subtopic=guilds&guild=".$guild->getName()."&action=manager");
 			echo 'New rank added. Redirecting...';

system/pages/guilds/change_nick.php

@@ -32,6 +32,12 @@ if(!$new_nick) {
 $player = new OTS_Player();
 $player->find($name);
 $player_from_account = false;
+
+if(!Validator::guildNick($new_nick)) {
+    echo Validator::getLastError();
+    return;
+}
+
 if(strlen($new_nick) <= 40)
 {
 	if($player->isLoaded())

system/pages/guilds/save_ranks.php

@@ -12,7 +12,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 if(!Validator::guildName($guild_name)) {
-	$errors[] = Validator::get;
+	$errors[] = Validator::getLastError();
 }
 
 if(empty($errors)) {

system/pages/highscores.php

@@ -268,7 +268,7 @@ if($config['highscores_country_box'])
 	echo
 	'<TABLE BORDER=0 width="100%" CELLPADDING=4 CELLSPACING=1>
 		<TR BGCOLOR="' . $config['vdarkborder'] . '">
-			<TD CLASS=whites><B>Choose a country</B></TD>
+			<TD CLASS=white><B>Choose a country</B></TD>
 		</TR>
 		<TR BGCOLOR="'.$config['lightborder'].'">
 			<TD>
@@ -284,7 +284,7 @@ if($config['highscores_country_box'])
 echo '
 <TABLE BORDER=0 width="100%" CELLPADDING=4 CELLSPACING=1>
 	<TR BGCOLOR="'.$config['vdarkborder'].'">
-		<TD CLASS=whites><B>Choose a skill</B></TD>
+		<TD CLASS=white><B>Choose a skill</B></TD>
 	</TR>
 	<TR BGCOLOR="'.$config['lightborder'].'">
 		<TD>';
@@ -315,7 +315,7 @@ if($config['highscores_vocation_box'])
 	echo
 	'<table border="0" width="100%" cellpadding="4" cellspacing="1">
 		<tr bgcolor="' . $config['vdarkborder'] . '">
-			<td class=whites><b>Choose a vocation</b></td>
+			<td class="white"><b>Choose a vocation</b></td>
 		</tr>
 		<tr bgcolor="'.$config['lightborder'].'">
 			<td>

system/pages/lastkills.php

@@ -84,7 +84,7 @@ if(tableExist('player_killers')) // tfs 0.3
 else {
 	//$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `player_deaths`.`killed_by` as `killed_by`, `player_deaths`.`time` as `time`, `player_deaths`.`is_player` as `is_player`, `player_deaths`.`level` as `level` FROM `player_deaths`, `players` as `d` INNER JOIN `players` as `p` ON player_deaths.player_id = p.id WHERE player_deaths.`is_player`='1' ORDER BY `time` DESC LIMIT " . $config['last_kills_limit'] . ";");
 
-$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `d`.`killed_by` as `killed_by`, `d`.`time` as `time`, `d`.`level`, `d`.`is_player` FROM `player_deaths` as `d` INNER JOIN `players` as `p` ON d.player_id = p.id ORDER BY `time` DESC LIMIT 20;");
+	$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `d`.`killed_by` as `killed_by`, `d`.`time` as `time`, `d`.`level`, `d`.`is_player`, `d`.`mostdamage_by` as `mostdamage_by`, `d`.`mostdamage_is_player` as `mostdamage_is_player` FROM `player_deaths` as `d` INNER JOIN `players` as `p` ON d.player_id = p.id ORDER BY `time` DESC LIMIT " . $config['last_kills_limit'] . ";");
 
 	if(!empty($players_deaths))
 	{
@@ -96,6 +96,14 @@ $players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `d`.`killed_by` as
 			else
 				$players_rows .= $death['killed_by'];
 
+			if (!empty($death['mostdamage_by'])) {
+				$player_rows .= ' and ';
+				if($death['mostdamage_is_player'] == '1')
+					$players_rows .= getPlayerLink($death['mostdamage_by']);
+				else
+					$players_rows .= $death['mostdamage_by'];
+			}
+
 			$players_rows .= '.</TR>';
 		}
 	}

system/templates/online.html.twig

@@ -3,7 +3,7 @@
 		<td class="white"><b>Server Status</b></td>
 	</tr>
 {% if players|length == 0 %}
-	<tr bgcolor="{{ config.darkborder }}"><td>Currently no one is playing on {{ config.lua.serverName }}.</td></tr></table>
+	<tr bgcolor="{{ config.darkborder }}"><td>Currently no one is playing on&nbsp;{{ config.lua.serverName }}.</td></tr></table>
 {% else %}
 	<tr bgcolor="{{ config.darkborder }}">
 		<td>
@@ -26,6 +26,7 @@
 		</td>
 	</tr>
 </table>
+<br/>
 	{# vocation statistics #}
 	{% if config.online_vocations %}
 <br/>

templates/tibiacom/account.login.html.twig

@@ -108,11 +108,14 @@
 											<tr>
 												<td >
 													<div style="float: right; margin-top: 20px;" >
+														{% spaceless %}
 														<form class="MediumButtonForm" action="{{ getLink('account/create') }}" method="post" >
-															<div class="MediumButtonBackground" style="background-image:url({{ template_path }}/images/global/buttons/mediumbutton.gif)" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="MediumButtonOver" style="background-image:url({{ template_path }}/images/global/buttons/mediumbutton-over.gif)" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ></div>
+															<div class="MediumButtonBackground" style="background-image:url({{ template_path }}/images/global/buttons/mediumbutton.gif)" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);">
+																<div class="MediumButtonOver" style="background-image:url({{ template_path }}/images/global/buttons/mediumbutton-over.gif)" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);"></div>
 																<input class="MediumButtonText" type="image" name="Create Account" alt="Create Account" src="{{ template_path }}/images/global/buttons/mediumbutton_createaccount.png" />
 															</div>
 														</form>
+														{% endspaceless %}
 													</div>
 													<div id="LoginCreateAccountBox" >
 														<p><b>{{ config.lua.serverName }}...</b></p>

templates/tibiacom/basic.css

@@ -1785,6 +1785,37 @@ img {
   color: white;
 }
 
+/* BUTTONS */
+.MediumButtonText {
+  position: absolute;
+  top: 0;
+  left: 0;
+  height: 37px;
+  width: 150px;
+  z-index: 20;
+}
+.MediumButtonBackground {
+  position: relative;
+  top: 0;
+  left: 0;
+  width: 150px;
+  height: 37px;
+  z-index: 10;
+}
+.MediumButtonOver {
+  position: relative;
+  top: 0;
+  left: 0;
+  width: 150px;
+  height: 37px;
+  visibility: hidden;
+  z-index: 15;
+}
+.MediumButtonForm {
+  margin: 0;
+  padding: 0;
+}
+
 .moduleRow { }
 
 .moduleRowOver {

templates/tibiacom/index.php

@@ -279,7 +279,7 @@ if(isset($config['boxes']))
             <img id="TibiaLogoArtworkTop" src="<?php echo $template_path; ?>/images/header/<?php echo $config['logo_image']; ?>" onClick="window.location = '<?php echo getLink('news')?>';" alt="logoartwork" />
             <img id="TibiaLogoArtworkBottom" src="<?php echo $template_path; ?>/images/header/tibia-logo-artwork-bottom.gif" alt="logoartwork" />
             <img id="Statue_2" src="<?php echo $template_path; ?>/images/header/animated-statue.gif" alt="logoartwork" />
-            <img id="LogoLink" src="<?php echo $template_path; ?>/images/header/tibia-logo-artwork-string.gif" onClick="window.location = 'mailto:<?php echo $config['lua']['ownerEmail']; ?>';" alt="logoartwork" />
+            <img id="LogoLink" src="<?php echo $template_path; ?>/images/header/tibia-logo-artwork-string.gif" onClick="window.location = 'mailto:<?php echo $config['mail_address']; ?>';" alt="logoartwork" />
           </div>
 
   <div id="Loginbox" >

tools/signature/gesior.php

@@ -20,7 +20,7 @@
 	if($rank->isLoaded())
 	{
 		imagettftext($image , $fontsize, 0, 20, 75, $color, $font, 'Guild:');
-		imagettftext($image , $fontsize, 0, 70, 75, $color, $font, $player->getRank()->getName() . ' of the ' . $$rank->getGuild()->getName());
+		imagettftext($image , $fontsize, 0, 70, 75, $color, $font, $player->getRank()->getName() . ' of the ' . $rank->getGuild()->getName());
 	}
 	imagettftext($image , $fontsize, 0, 20, 95, $color, $font, 'Last Login:');
 	imagettftext($image , $fontsize, 0, 100, 95, $color, $font, (($player->getLastLogin() > 0) ? date("j F Y, g:i a", $player->getLastLogin()) : 'Never logged in.'));

tools/validate.php

@@ -1,7 +1,7 @@
 <?php
 /**
  * Ajax validator
- * Returns xml file with result
+ * Returns json with result
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>