Update to 0.7.12

Fix Gesior signature double dollar $$
Add some missing <br/> to online page
Use  $config['last_kills_limit'] in lastkills.php
Fix save_ranks.php: getLastError();
Fix PHPMailer autoloader
Fix leaking sensitive informations on MySQL Connection Fail
Add nginx-sample.conf
Change myaac_monsters.loot to text
Add more files to ignore file

.gitignore

@@ -1,3 +1,34 @@
 Thumbs.db
 .DS_Store
-.idea
+.idea
+
+releases
+config.local.php
+PERSONAL_NOTES
+
+# all custom templates
+templates/*
+!templates/tibiacom
+!templates/kathrine
+
+# guild images
+images/guilds/*
+!images/guilds/default.gif
+
+# cache
+system/cache/*
+!system/cache/index.html
+!system/cache/twig/index.html
+!system/cache/signatures/index.html
+
+# logs
+system/logs/*
+!system/logs/index.html
+
+# plugins
+plugins/*
+!plugins/.htaccess
+!plugins/example.json
+!plugins/account-create-hint.json
+!plugins/account-create-hint
+landing

CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## [0.7.12 - 18.02.2020]
+### Fixed
+* change guild nick function causing crash on TFS 1.x because of invalid characters being accepted
+* PHP Mailer autoload function on newer PHP
+* gesior signature guild rank loading
+* leaking database password when cannot connect
+* config.last_kills_limit being ignored
+* monster.loot being cutted off cause of too short column (changed to TEXT)
+
+### Added
+* nginx-sample.conf
+
 ## [0.7.11 - 04.05.2019]
 ### Added:
 * support for some old servers, where arrays are used in config.lua

common.php

@@ -26,7 +26,7 @@
 session_start();
 
 define('MYAAC', true);
-define('MYAAC_VERSION', '0.7.11');
+define('MYAAC_VERSION', '0.7.12');
 define('DATABASE_VERSION', 22);
 define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));

install/includes/schema.sql

@@ -236,7 +236,7 @@ CREATE TABLE `myaac_monsters` (
 	`summonable` tinyint(1) NOT NULL,
 	`convinceable` tinyint(1) NOT NULL,
 	`race` varchar(255) NOT NULL,
-	`loot` varchar(500) NOT NULL,
+	`loot` text NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
 

install/steps/5-database.php

@@ -34,13 +34,13 @@ if(!$error) {
 			}
 		}
 	}
-				
+
 	require(BASE . 'install/includes/config.php');
-		
+
 	if(!$error) {
 		success($locale['step_database_importing']);
 		require(BASE . 'install/includes/database.php');
-		
+
 		if(!tableExist('accounts')) {
 			$locale['step_database_error_table'] = str_replace('$TABLE$', 'accounts', $locale['step_database_error_table']);
 			error($locale['step_database_error_table']);
@@ -70,14 +70,14 @@ if(!$error) {
 				error($locale['step_database_error_schema'] . ' ' . $error_);
 				$error = true;
 			}
-			
+
 			if(!$error) {
 				registerDatabaseConfig('database_version', DATABASE_VERSION);
 				$locale['step_database_success_schema'] = str_replace('$PREFIX$', TABLE_PREFIX, $locale['step_database_success_schema']);
 				success($locale['step_database_success_schema']);
 			}
 		}
-		
+
 		if(!$error) {
 			if(fieldExist('key', 'accounts')) {
 				if(query("ALTER TABLE `accounts` MODIFY `key` VARCHAR(64) NOT NULL DEFAULT '';"))
@@ -87,32 +87,32 @@ if(!$error) {
 				if(query("ALTER TABLE `accounts` ADD `key` VARCHAR(64) NOT NULL DEFAULT '' AFTER `email`;"))
 					success($locale['step_database_adding_field'] . ' accounts.key...');
 			}
-		
+
 			if(!fieldExist('blocked', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `blocked` TINYINT(1) NOT NULL DEFAULT FALSE COMMENT 'internal usage' AFTER `key`;"))
 					success($locale['step_database_adding_field'] . ' accounts.blocked...');
 			}
-	
+
 			if(!fieldExist('created', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `created` INT(11) NOT NULL DEFAULT 0 AFTER `" . (fieldExist('group_id', 'accounts') ? 'group_id' : 'blocked') . "`;"))
 					success($locale['step_database_adding_field'] . ' accounts.created...');
 			}
-			
+
 			if(!fieldExist('rlname', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `rlname` VARCHAR(255) NOT NULL DEFAULT '' AFTER `created`;"))
 					success($locale['step_database_adding_field'] . ' accounts.rlname...');
 			}
-			
+
 			if(!fieldExist('location', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `location` VARCHAR(255) NOT NULL DEFAULT '' AFTER `rlname`;"))
 					success($locale['step_database_adding_field'] . ' accounts.location...');
 			}
-			
+
 			if(!fieldExist('country', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `country` VARCHAR(3) NOT NULL DEFAULT '' AFTER `location`;"))
 					success($locale['step_database_adding_field'] . ' accounts.country...');
 			}
-			
+
 			if(fieldExist('page_lastday', 'accounts')) {
 				if(query("ALTER TABLE `accounts` CHANGE `page_lastday` `web_lastlogin` INT(11) NOT NULL DEFAULT 0;")) {
 					$tmp = str_replace('$FIELD$', 'accounts.page_lastday', $locale['step_database_changing_field']);
@@ -124,32 +124,32 @@ if(!$error) {
 				if(query("ALTER TABLE `accounts` ADD `web_lastlogin` INT(11) NOT NULL DEFAULT 0 AFTER `country`;"))
 					success($locale['step_database_adding_field'] . ' accounts.web_lastlogin...');
 			}
-			
+
 			if(!fieldExist('web_flags', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `web_flags` INT(11) NOT NULL DEFAULT 0 AFTER `web_lastlogin`;"))
 					success($locale['step_database_adding_field'] . ' accounts.web_flags...');
 			}
-			
+
 			if(!fieldExist('email_hash', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `email_hash` VARCHAR(32) NOT NULL DEFAULT '' AFTER `web_flags`;"))
 					success($locale['step_database_adding_field'] . ' accounts.email_hash...');
 			}
-			
+
 			if(!fieldExist('email_verified', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `email_verified` TINYINT(1) NOT NULL DEFAULT 0 AFTER `email_hash`;"))
 					success($locale['step_database_adding_field'] . ' accounts.email_verified...');
 			}
-		
+
 			if(!fieldExist('email_new', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `email_new` VARCHAR(255) NOT NULL DEFAULT '' AFTER `email_hash`;"))
 					success($locale['step_database_adding_field'] . ' accounts.email_new...');
 			}
-			
+
 			if(!fieldExist('email_new_time', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `email_new_time` INT(11) NOT NULL DEFAULT 0 AFTER `email_new`;"))
 					success($locale['step_database_adding_field'] . ' accounts.email_new_time...');
 			}
-			
+
 			if(!fieldExist('email_code', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `email_code` VARCHAR(255) NOT NULL DEFAULT '' AFTER `email_new_time`;"))
 					success($locale['step_database_adding_field'] . ' accounts.email_code...');
@@ -168,7 +168,7 @@ if(!$error) {
 				if(query("ALTER TABLE `accounts` ADD `email_next` INT(11) NOT NULL DEFAULT 0 AFTER `email_code`;"))
 					success($locale['step_database_adding_field'] . ' accounts.email_next...');
 			}
-			
+
 			if(!fieldExist('premium_points', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `premium_points` INT(11) NOT NULL DEFAULT 0 AFTER `email_next`;"))
 					success($locale['step_database_adding_field'] . ' accounts.premium_points...');
@@ -183,7 +183,7 @@ if(!$error) {
 				if(query("ALTER TABLE `guilds` ADD `description` TEXT NOT NULL;"))
 					success($locale['step_database_adding_field'] . ' guilds.description...');
 			}
-			
+
 			if(fieldExist('logo_gfx_name', 'guilds')) {
 				if(query("ALTER TABLE `guilds` CHANGE `logo_gfx_name` `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';")) {
 					$tmp = str_replace('$FIELD$', 'guilds.logo_gfx_name', $locale['step_database_changing_field']);
@@ -195,15 +195,15 @@ if(!$error) {
 				if(query("ALTER TABLE `guilds` ADD `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';"))
 					success($locale['step_database_adding_field'] . ' guilds.logo_name...');
 			}
-		
+
 			if(!fieldExist('created', 'players')) {
 				if(query("ALTER TABLE `players` ADD `created` INT(11) NOT NULL DEFAULT 0;"))
 					success($locale['step_database_adding_field'] . ' players.created...');
 			}
-		
+
 			if(!fieldExist('deleted', 'players') && !fieldExist('deletion', 'players')) {
 				if(query("ALTER TABLE `players` ADD `deleted` TINYINT(1) NOT NULL DEFAULT 0;"))
-					success($locale['step_database_adding_field'] . ' players.comment...');
+					success($locale['step_database_adding_field'] . ' players.deleted...');
 			}
 
 			if(fieldExist('hide_char', 'players')) {
@@ -219,16 +219,16 @@ if(!$error) {
 				if(query("ALTER TABLE `players` ADD `hidden` TINYINT(1) NOT NULL DEFAULT 0;"))
 					success($locale['step_database_adding_field'] . ' players.hidden...');
 			}
-			
+
 			if(!fieldExist('comment', 'players')) {
 				if(query("ALTER TABLE `players` ADD `comment` TEXT NOT NULL;"))
 					success($locale['step_database_adding_field'] . ' players.comment...');
 			}
-			
+
 			if(fieldExist('rank_id', 'players')) {
 				if(query("ALTER TABLE players MODIFY `rank_id` INT(11) NOT NULL DEFAULT 0;"))
 					success($locale['step_database_modifying_field'] . ' players.rank_id...');
-			
+
 				if(fieldExist('guildnick', 'players')) {
 					if(query("ALTER TABLE players MODIFY `guildnick` VARCHAR(255) NOT NULL DEFAULT '';")) {
 						success($locale['step_database_modifying_field'] . ' players.guildnick...');
@@ -236,7 +236,7 @@ if(!$error) {
 				}
 			}
 		}
-		
+
 		if(!$error && (!isset($_SESSION['saved']))) {
 			$content .= '$config[\'installed\'] = true;';
 			$content .= PHP_EOL;
@@ -251,7 +251,7 @@ if(!$error) {
 				error($locale['step_config_mail_address_error']);
 				$error = true;
 			}
-			
+
 			$content .= '$config[\'client_download\'] = \'http://tibia-clients.com/clients/download/\'. $config[\'client\'] . \'/exe/windows\';';
 			$content .= PHP_EOL;
 			$content .= '$config[\'client_download_linux\'] = \'http://tibia-clients.com/clients/download/\'. $config[\'client\'] . \'/tar/linux\';';
@@ -260,7 +260,7 @@ if(!$error) {
 			$content .= PHP_EOL;
 			$content .= '$config[\'cache_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
 			$content .= PHP_EOL;
-			
+
 			$file = fopen(BASE . 'config.local.php', 'a+');
 			if($file) {
 				if(!$error) {

nginx-sample.conf

@@ -0,0 +1,25 @@
+server {
+        listen 80;
+        root /home/otserv/www/public;
+        index index.php;
+        server_name your-domain.com;
+
+        location / {
+                try_files $uri $uri/ /index.php;
+        }
+
+        location ~ \.php$ {
+                include snippets/fastcgi-php.conf;
+                fastcgi_read_timeout 240;
+                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
+        }
+
+        location ~ /\.ht {
+                deny all;
+        }
+
+        location /system {
+           deny all;
+           return 404;
+        }
+}

system/database.php

@@ -95,7 +95,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 			'<ul>' .
 				'<li>MySQL is not configured propertly in <i>config.lua</i>.</li>' .
 				'<li>MySQL server is not running.</li>' .
-			'</ul>' . $error);
+			'</ul>' . $error->getMessage());
 
 	}
 	$db = POT::getInstance()->getDBHandle();

system/libs/phpmailer/PHPMailerAutoload.php

@@ -30,20 +30,4 @@ function PHPMailerAutoload($classname)
     }
 }
 
-if (version_compare(PHP_VERSION, '5.1.2', '>=')) {
-    //SPL autoloading was introduced in PHP 5.1.2
-    if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
         spl_autoload_register('PHPMailerAutoload', true, true);
-    } else {
-        spl_autoload_register('PHPMailerAutoload');
-    }
-} else {
-    /**
-     * Fall back to traditional autoload for old PHP versions
-     * @param string $classname The name of the class to load
-     */
-    function __autoload($classname)
-    {
-        PHPMailerAutoload($classname);
-    }
-}

system/libs/pot/OTS_Account.php

@@ -755,7 +755,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
         }
 		if( !isset($this->data['banned']) )
 			$this->loadBan();
-        return ($this->data['banned'] == 1);
+        return ($this->data['banned'] === true);
     }
 
     public function getBanTime()
@@ -781,20 +781,24 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		if(tableExist('account_bans')) {
 			$ban = $this->db->query('SELECT `expires_at` FROM `account_bans` WHERE `account_id` = ' . $this->data['id'] . ' AND (`expires_at` > ' . time() .' OR `expires_at` = -1) ORDER BY `expires_at` DESC')->fetch();
 			$this->data['banned'] = isset($ban['expires_at']);
-			$this->data['banned_time'] = $ban['expires_at'];
+			$this->data['banned_time'] = isset($ban['expires_at']) ? $ban['expires_at'] : 0;
 		}
 		else if(tableExist('bans')) {
 			if(fieldExist('active', 'bans')) {
 				$ban = $this->db->query('SELECT `active`, `expires` FROM `bans` WHERE (`type` = 3 OR `type` = 5) AND `active` = 1 AND `value` = ' . $this->data['id'] . ' AND (`expires` > ' . time() .' OR `expires` = -1) ORDER BY `expires` DESC')->fetch();
-				$this->data['banned'] = $ban['active'];
-				$this->data['banned_time'] = $ban['expires'];
+				$this->data['banned'] = isset($ban['active']);
+				$this->data['banned_time'] = isset($ban['expires']) ? $ban['expires'] : 0;
 			}
 			else { // tfs 0.2
 				$ban = $this->db->query('SELECT `time` FROM `bans` WHERE (`type` = 3 OR `type` = 5) AND `account` = ' . $this->data['id'] . ' AND (`time` > ' . time() .' OR `time` = -1) ORDER BY `time` DESC')->fetch();
-				$this->data['banned'] = $ban['time'] == -1 || $ban['time'] > 0;
-				$this->data['banned_time'] = $ban['time'];
+				$this->data['banned'] = isset($ban['time']) && ($ban['time'] == -1 || $ban['time'] > 0);
+				$this->data['banned_time'] = isset($ban['time']) ? $ban['time'] : 0;
 			}
 		}
+		else {
+			$this->data['banned'] = false;
+			$this->data['banned_time'] = 0;
+		}
     }
 
 /**

system/libs/validator.php

@@ -17,10 +17,10 @@ class Validator
 			self::$lastError = 'Invalid number format.';
 			return false;
 		}
-		
+
 		return true;
 	}
-	
+
 	/**
 	 * Validate account id
 	 * Id lenght must be 6-10 chars
@@ -35,28 +35,28 @@ class Validator
 			self::$lastError = 'Please enter your account number!';
 			return false;
 		}
-		
+
 		if(!Validator::number($id)) {
 			self::$lastError = 'Invalid account number format. Please use only numbers 0-9.';
 			return false;
 		}
-		
+
 		$length = strlen($id);
 		if($length < 6)
 		{
 			self::$lastError = 'Account is too short (min. 6 chars).';
 			return false;
 		}
-		
+
 		if($length > 10)
 		{
 			self::$lastError = 'Account is too long (max. 10 chars).';
 			return false;
 		}
-		
+
 		return true;
 	}
-	
+
 	/**
 	 * Validate account name
 	 * Name lenght must be 3-32 chars
@@ -71,29 +71,29 @@ class Validator
 			self::$lastError = 'Please enter your account name!';
 			return false;
 		}
-		
+
 		$length = strlen($name);
 		if($length < 3)
 		{
 			self::$lastError = 'Account name is too short (min. 3 chars).';
 			return false;
 		}
-		
+
 		if($length > 32)
 		{
 			self::$lastError = 'Account name is too long (max. 32 chars).';
 			return false;
 		}
-		
+
 		if(!preg_match("/[A-Z0-9]/i", $name))
 		{
 			self::$lastError = 'Invalid account name format. Use only A-Z and numbers 0-9.';
 			return false;
 		}
-		
+
 		return true;
 	}
-	
+
 	/**
 	 * Advanced mail validator
 	 *
@@ -105,17 +105,17 @@ class Validator
 			self::$lastError = 'Please enter your new email address.';
 			return false;
 		}
-		
+
 		if(strlen($email) > 255) {
 			self::$lastError = 'E-mail is too long (max. 255 chars).';
 			return false;
 		}
-		
+
 		if(!preg_match('/^(?:[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+\.)*[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+@(?:(?:(?:[a-zA-Z0-9_](?:[A-z0-9_\-](?!\.)){0,61}[a-zA-Z0-9_]?\.)+[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!$)){0,61}[a-zA-Z0-9_]?)|(?:\[(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\]))$/', $email)) {
 			self::$lastError = 'Invalid e-mail format.';
 			return false;
 		}
-		
+
 		return true;
 	}
 
@@ -132,35 +132,35 @@ class Validator
 			self::$lastError = 'Please enter the password.';
 			return false;
 		}
-		
+
 		if (strlen($password) < 8 || strlen($password) > 30) {
 			self::$lastError = 'The password must have at least 8 and maximum 30 letters!';
 			return false;
 		}
-		
+
 		if(strspn($password, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") != strlen($password)) {
 			self::$lastError = 'Password contains illegal letters (a-z, A-Z and 0-9 only!).';
 			return false;
 		}
-		
+
 		if(!ctype_alnum($password)) {
 			self::$lastError = 'Password contains illegal letters (a-z, A-Z and 0-9 only!).';
 			return false;
 		}
-		
+
 		if(!preg_match('/[a-zA-Z]/', $password)) {
 			self::$lastError = 'The password must contain at least one letter A-Z or a-z!';
 			return false;
 		}
-		
+
 		if(!preg_match('/[0-9]/', $password)) {
 			self::$lastError = 'The password must contain at least one letter other than A-Z or a-z!';
 			return false;
 		}
-		
+
 		return true;
 	}
-	
+
 	/**
 	 * Validate character name.
 	 * Name lenght must be 3-25 chars
@@ -175,20 +175,20 @@ class Validator
 			self::$lastError = 'Please enter character name.';
 			return false;
 		}
-		
+
 		$length = strlen($name);
 		if($length < 3)
 		{
 			self::$lastError = 'Character name is too short. Min. lenght <b>3</b> characters.';
 			return false;
 		}
-		
+
 		if($length > 25)
 		{
 			self::$lastError = 'Character name is too long. Max. lenght <b>25</b> characters.';
 			return false;
 		}
-		
+
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM- [ ] '") != $length)
 		{
 			self::$lastError = "Invalid name format. Use only A-Z, spaces and '.";
@@ -199,10 +199,10 @@ class Validator
 			self::$lastError = "Invalid name format. Use only A-Z, spaces and '.";
 			return false;
 		}
-		
+
 		return true;
 	}
-	
+
 	/**
 	 * Validate new character name.
 	 * Name lenght must be 3-25 chars
@@ -213,9 +213,9 @@ class Validator
 	public static function newCharacterName($name)
 	{
 		global $db, $config;
-		
+
 		$name_lower = strtolower($name);
-		
+
 		$first_words_blocked = array('admin ', 'administrator ', 'gm ', 'cm ', 'god ','tutor ', "'", '-');
 		foreach($first_words_blocked as $word)
 		{
@@ -224,27 +224,27 @@ class Validator
 				return false;
 			}
 		}
-		
+
 		if(substr($name_lower, -1) == "'" || substr($name_lower, -1) == "-") {
 			self::$lastError = 'Your name contains illegal characters.';
 			return false;
 		}
-		
+
 		if(substr($name_lower, 1, 1) == ' ') {
 			self::$lastError = 'Your name contains illegal space.';
 			return false;
 		}
-		
+
 		if(substr($name_lower, -2, 1) == " ") {
 			self::$lastError = 'Your name contains illegal space.';
 			return false;
 		}
-		
+
 		if(strtolower($config['lua']['serverName']) == $name_lower) {
 			self::$lastError = 'Your name cannot be same as server name.';
 			return false;
 		}
-		
+
 		$names_blocked = array('admin', 'administrator', 'gm', 'cm', 'god', 'tutor');
 		foreach($names_blocked as $word)
 		{
@@ -253,7 +253,7 @@ class Validator
 				return false;
 			}
 		}
-		
+
 		$words_blocked = array('admin', 'administrator', 'gamemaster', 'game master', 'game-master', "game'master", '--', "''","' ", " '", '- ', ' -', "-'", "'-", 'fuck', 'sux', 'suck', 'noob', 'tutor');
 		foreach($words_blocked as $word)
 		{
@@ -262,7 +262,7 @@ class Validator
 				return false;
 			}
 		}
-		
+
 		$name_length = strlen($name_lower);
 		for($i = 0; $i < $name_length; $i++)
 		{
@@ -271,7 +271,7 @@ class Validator
 				return false;
 			}
 		}
-		
+
 		for($i = 0; $i < $name_length; $i++)
 		{
 			if(isset($name_lower[$i - 1]) && $name_lower[$i - 1] == ' ' && isset($name_lower[$i + 1]) && $name_lower[$i + 1] == ' ') {
@@ -279,7 +279,7 @@ class Validator
 				return false;
 			}
 		}
-		
+
 		if(isset($config['monsters']))
 		{
 			if(in_array($name_lower, $config['monsters'])) {
@@ -287,14 +287,14 @@ class Validator
 				return false;
 			}
 		}
-		
+
 		$player = new OTS_Player();
 		$player->find($name);
 		if($player->isLoaded()) {
 			self::$lastError = 'Character with this name already exist.';
 			return false;
 		}
-		
+
 		//check if was namelocked previously
 		if(tableExist('player_namelocks') && fieldExist('name', 'player_namelocks')) {
 			$namelock = $db->query('SELECT `player_id` FROM `player_namelocks` WHERE `name` = ' . $db->quote($name));
@@ -303,25 +303,25 @@ class Validator
 				return false;
 			}
 		}
-		
+
 		$monsters = $db->query('SELECT `name` FROM `' . TABLE_PREFIX . 'monsters` WHERE `name` LIKE ' . $db->quote($name_lower));
 		if($monsters->rowCount() > 0) {
 			self::$lastError = 'Your name cannot contains monster name.';
 			return false;
 		}
-		
+
 		$spells_name = $db->query('SELECT `name` FROM `' . TABLE_PREFIX . 'spells` WHERE `name` LIKE ' . $db->quote($name_lower));
 		if($spells_name->rowCount() > 0) {
 			self::$lastError = 'Your name cannot contains spell name.';
 			return false;
 		}
-		
+
 		$spells_words = $db->query('SELECT `words` FROM `' . TABLE_PREFIX . 'spells` WHERE `words` = ' . $db->quote($name_lower));
 		if($spells_words->rowCount() > 0) {
 			self::$lastError = 'Your name cannot contains spell name.';
 			return false;
 		}
-		
+
 		if(isset($config['npc']))
 		{
 			if(in_array($name_lower, $config['npc'])) {
@@ -329,26 +329,26 @@ class Validator
 				return false;
 			}
 		}
-		
+
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM- '") != $name_length) {
 			self::$lastError = 'This name contains invalid letters, words or format. Please use only a-Z, - , \' and space.';
 			return false;
 		}
-		
+
 		if($name_length < 3 || $name_length  > 28) {
 			self::$lastError = 'Your name cannot be shorter than 3 characters and longer than 28 characters.';
 			return false;
 		}
-		
-		
+
+
 		if(!preg_match("/[A-z ']{3,28}/", $name)) {
 			self::$lastError = 'Your name containst illegal characters.';
 			return false;
 		}
-		
+
 		return true;
 	}
-	
+
 	/**
 	 * Validate guild name
 	 * Name lenght must be 3-32 chars
@@ -362,20 +362,47 @@ class Validator
 			self::$lastError = 'Please enter guild name.';
 			return false;
 		}
-		
+
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789- ") != strlen($name)) {
 			self::$lastError = 'Invalid guild name format.';
 			return false;
 		}
-		
+
 		if(!preg_match("/[A-z ]{3,32}/", $name)) {
 			self::$lastError = 'Invalid guild name format.';
 			return false;
 		}
-		
+
 		return true;
 	}
-	
+
+	/**
+	 * Validate guild nick
+	 * Nick lenght must be 3-40 chars
+	 *
+	 * @param  string $name Name to check
+	 * @return bool Is name valid?
+	 */
+	public static function guildNick($name)
+	{
+		if(empty($name)) {
+			self::$lastError = 'Please enter guild nick.';
+			return false;
+		}
+
+		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789- ") != strlen($name)) {
+			self::$lastError = 'Invalid guild nick format.';
+			return false;
+		}
+
+		if(!preg_match("/[A-z ]{3,40}/", $name)) {
+			self::$lastError = 'Invalid guild nick format.';
+			return false;
+		}
+
+		return true;
+	}
+
 	/**
 	 * Validate rank name
 	 * Rank lenght must be 1-32 chars
@@ -389,17 +416,17 @@ class Validator
 			self::$lastError = 'Please enter rank name.';
 			return false;
 		}
-		
+
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789-[ ] ") != strlen($name)) {
 			self::$lastError = 'Invalid rank name. Please use only a-Z, 0-9 and spaces.';
 			return false;
 		}
-		
+
 		if(!preg_match("/[A-z ]{1,32}/", $name)) {
 			self::$lastError = 'Invalid rank name. Please use only a-Z, 0-9 and spaces.';
 			return false;
 		}
-		
+
 		return true;
 	}
 	/**
@@ -411,7 +438,7 @@ class Validator
 	public static function str($str, $numbers = false) {
 		return preg_match('/^[a-z0-9\ ]*$/i', $str);
 	}
-	
+
 	public static function getLastError() {
 		return self::$lastError;
 	}

system/pages/guilds/change_nick.php

@@ -32,6 +32,12 @@ if(!$new_nick) {
 $player = new OTS_Player();
 $player->find($name);
 $player_from_account = false;
+
+if(!Validator::guildNick($new_nick)) {
+    echo Validator::getLastError();
+    return;
+}
+
 if(strlen($new_nick) <= 40)
 {
 	if($player->isLoaded())

system/pages/guilds/save_ranks.php

@@ -12,7 +12,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 if(!Validator::guildName($guild_name)) {
-	$errors[] = Validator::get;
+	$errors[] = Validator::getLastError();
 }
 
 if(empty($errors)) {

system/pages/lastkills.php

@@ -84,7 +84,7 @@ if(tableExist('player_killers')) // tfs 0.3
 else {
 	//$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `player_deaths`.`killed_by` as `killed_by`, `player_deaths`.`time` as `time`, `player_deaths`.`is_player` as `is_player`, `player_deaths`.`level` as `level` FROM `player_deaths`, `players` as `d` INNER JOIN `players` as `p` ON player_deaths.player_id = p.id WHERE player_deaths.`is_player`='1' ORDER BY `time` DESC LIMIT " . $config['last_kills_limit'] . ";");
 	
-$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `d`.`killed_by` as `killed_by`, `d`.`time` as `time`, `d`.`level`, `d`.`is_player` FROM `player_deaths` as `d` INNER JOIN `players` as `p` ON d.player_id = p.id ORDER BY `time` DESC LIMIT 20;");
+$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `d`.`killed_by` as `killed_by`, `d`.`time` as `time`, `d`.`level`, `d`.`is_player` FROM `player_deaths` as `d` INNER JOIN `players` as `p` ON d.player_id = p.id ORDER BY `time` DESC LIMIT " . $config['last_kills_limit'] . ";");
 
 	if(!empty($players_deaths))
 	{

system/templates/online.html.twig

@@ -3,7 +3,7 @@
 		<td class="white"><b>Server Status</b></td>
 	</tr>
 {% if players|length == 0 %}
-	<tr bgcolor="{{ config.darkborder }}"><td>Currently no one is playing on {{ config.lua.serverName }}.</td></tr></table>
+	<tr bgcolor="{{ config.darkborder }}"><td>Currently no one is playing on&nbsp;{{ config.lua.serverName }}.</td></tr></table>
 {% else %}
 	<tr bgcolor="{{ config.darkborder }}">
 		<td>
@@ -26,6 +26,7 @@
 		</td>
 	</tr>
 </table>
+<br/>
 	{# vocation statistics #}
 	{% if config.online_vocations %}
 <br/>

tools/signature/gesior.php

@@ -20,7 +20,7 @@
 	if($rank->isLoaded())
 	{
 		imagettftext($image , $fontsize, 0, 20, 75, $color, $font, 'Guild:');
-		imagettftext($image , $fontsize, 0, 70, 75, $color, $font, $player->getRank()->getName() . ' of the ' . $$rank->getGuild()->getName());
+		imagettftext($image , $fontsize, 0, 70, 75, $color, $font, $player->getRank()->getName() . ' of the ' . $rank->getGuild()->getName());
 	}
 	imagettftext($image , $fontsize, 0, 20, 95, $color, $font, 'Last Login:');
 	imagettftext($image , $fontsize, 0, 100, 95, $color, $font, (($player->getLastLogin() > 0) ? date("j F Y, g:i a", $player->getLastLogin()) : 'Never logged in.'));

tools/validate.php

@@ -1,7 +1,7 @@
 <?php
 /**
  * Ajax validator
- * Returns xml file with result
+ * Returns json with result
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>