Release v0.8.18

Closes #254

.editorconfig

@@ -0,0 +1,14 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# with a newline ending every file
+[*]
+indent_style = tab
+indent_size = 4
+insert_final_newline = true
+
+[*.md]
+trim_trailing_whitespace = false
+indent_style = tab

.gitattributes

@@ -1,4 +1,11 @@
 * text=auto
 .gitattributes export-ignore
 .gitignore export-ignore
-_config.yml export-ignore
+.github export-ignore
+.editorconfig export-ignore
+.travis.yml export-ignore
+_config.yml export-ignore
+release.sh export-ignore
+
+*.sh text eol=lf
+VERSION text eol=lf

.github/FUNDING.yml

@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: paypal.me/slawkens # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,29 @@
+<!--
+Please use this issue tracker only for reporting MyAAC bugs.
+
+If you need support, please use the discord server:
+
+- https://discord.gg/2J39Wus (we have an own channel named #my-aac there)
+
+or use otland support boards:
+
+- https://otland.net/forums/support.16/
+
+-->
+
+### Server configuration
+- Operating System: 
+- Web Server (+ version): 
+- PHP Version: 
+- Server name and version (for example: TFS 0.3): 
+- MyAAC Version: 
+
+### Client configuration (Your Computer)
+
+- Browser: 
+- Operating System: 
+
+### Description:
+
+
+### Steps To Reproduce:

.github/workflows/phplint.yml

@@ -0,0 +1,16 @@
+name: PHP Linting
+on:
+  pull_request:
+    branches: [master]
+  push:
+    branches: [master]
+
+jobs:
+  phplint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: overtrue/phplint@3.4.0
+        with:
+          path: .
+          options: --exclude="system/libs/polyfill-mbstring/bootstrap80.php"

.gitignore

@@ -1,3 +1,76 @@
 Thumbs.db
 .DS_Store
-.idea
+.idea
+
+#
+/.htaccess
+
+# composer
+composer.lock
+vendor
+
+# npm
+node_modules
+tools/ext
+
+# cypress
+cypress.env.json
+cypress/e2e/2-advanced-examples
+cypress/screenshots
+
+# created by release.sh
+releases
+tmp
+
+config.local.php
+
+# all custom templates
+templates/*
+!templates/tibiacom
+!templates/kathrine
+
+# guild images
+images/guilds/*
+!images/guilds/default.gif
+
+# editor images
+images/editor/*
+!images/editor/index.html
+
+# gallery images
+images/gallery/*
+!images/gallery/index.html
+!images/gallery/demon.jpg
+!images/gallery/demon_thumb.gif
+
+# cache
+system/cache/*
+!system/cache/index.html
+!system/cache/twig/index.html
+!system/cache/signatures/index.html
+!system/cache/plugins/index.html
+
+# php sessions
+system/php_sessions/*
+!system/php_sessions/index.html
+
+# logs
+system/logs/*
+!system/logs/index.html
+
+# data
+system/data/*
+!system/data/index.html
+
+# plugins
+plugins/*
+!plugins/.htaccess
+!plugins/example.json
+!plugins/account-create-hint.json
+!plugins/account-create-hint
+!plugins/email-confirmed-reward.json
+!plugins/email-confirmed-reward
+landing
+
+# others/rest
+system/pages/downloads.php

.htaccess.dist

@@ -1,7 +1,19 @@
-Options -Indexes -MultiViews
+<IfModule mod_autoindex.c>
+	Options -Indexes
+</IfModule>
 
-RewriteEngine On
+<IfModule mod_negotiation.c>
+	Options -MultiViews
+</IfModule>
 
-RewriteCond %{REQUEST_FILENAME} !-f
+<IfModule mod_rewrite.c>
-RewriteCond %{REQUEST_FILENAME} !-d
+	RewriteEngine On
-RewriteRule ^.*$ index.php [L]
+
+	# you can put here your myaac root folder
+	# path relative to web root
+    #RewriteBase /myaac/
+
+	RewriteCond %{REQUEST_FILENAME} !-f
+	RewriteCond %{REQUEST_FILENAME} !-d
+	RewriteRule ^.*$ index.php [L]
+</IfModule>

.travis.yml

@@ -0,0 +1,20 @@
+
+language: php
+php:
+  - 5.6
+  - 7.0
+  - 7.1
+  - 7.2
+  - 7.3
+  - 7.4
+  - 8.0
+
+cache:
+  directories:
+    - $HOME/.composer/cache
+
+before_script:
+  - composer require php-parallel-lint/php-parallel-lint --no-suggest --no-progress --no-interaction --no-ansi --quiet --optimize-autoloader
+
+script:
+  - php vendor/bin/parallel-lint --no-progress --no-colors --exclude vendor --exclude "system/libs/pot/OTS_DB_PDOQuery_PHP71.php" .

CHANGELOG.md

@@ -1,5 +1,451 @@
 # Changelog
 
+## [0.8.18 - 29.05.2024]
+
+### Added
+* hook in guilds page to support guild wars (https://github.com/slawkens/myaac/commit/f875f3cd2059fac5c23a08ce73dd8621a66613e0)
+
+## [0.8.17 - 18.05.2024]
+
+### Added
+* TwigTypeCastingExtension (https://github.com/slawkens/myaac/commit/7181b988e9518320d57486670ca4e2d3b2fe1cfa)
+
+### Fixed
+* fix XSS in creatures.php (https://github.com/slawkens/myaac/commit/02eea950e4fd756e8d5c32e56181986d51f5ac70, @gesior)
+* don't allow redirect to external website (https://github.com/slawkens/myaac/commit/ef62b53cec5a479cc85aa15940ad9ebbcefde876)
+* change_info if account_country is disabled (https://github.com/slawkens/myaac/commit/62d3c198d567541a90900fe2d7ede070e7b1ff68)
+
+### Changed
+* use word-break: break-all in guilds description + character comment (https://github.com/slawkens/myaac/commit/191ad25eb2d4c1cec6f6668da7a345fec0ad2a7f)
+* set default status_ip to 127.0.0.1, most server are hosted locally anyway (https://github.com/slawkens/myaac/commit/2793c41655b47f7db295143a298ccda70f11462b)
+
+## [0.8.16 - 12.02.2024]
+
+### Fixed
+* broken installation
+* database and finish step warnings/errors (https://github.com/slawkens/myaac/pull/245, @danilopucci)
+* silently ignore if the hook does not exist
+
+## [0.8.15 - 09.12.2023]
+
+More security fixes, especially in bugtracker.
+
+## [0-8.14 - 27.11.2023]
+Security fixes.
+
+### Fixed
+* XSS vulnerability in bugtracker (https://github.com/slawkens/myaac/commit/83a91ec540072d319dd338abff45f8d5ebf48190)
+* XSS vulnerability in forum (https://github.com/slawkens/myaac/commit/d1bc63d07ad88a143358cacd2c417891eea74dcc + https://github.com/slawkens/myaac/commit/55dbade8d5280c5baed45e5f7ebc3613b8e9b9e8)
+* Session Fixation (https://github.com/slawkens/myaac/commit/483155cf4c1e3068aaee0d44541dfa61f6223379)
+* displaying ban info on account page (https://github.com/slawkens/myaac/commit/764db0c203d1826ffce3a5a78f83a97e56bd0685)
+
+### Changed
+* Clear some additional cache keys - like database cache (https://github.com/slawkens/myaac/commit/4327b66f915d06dce504211692173606b9ef3b4e)
+
+## [0.8.13 - 16.09.2023]
+
+### Added
+* latest client versions to config (https://github.com/slawkens/myaac/commit/765886f0c782807400c429577cde5e45bd7c308f)
+* patching from develop - twig context for hooks (https://github.com/slawkens/myaac/commit/f1670f4012cc7595433fe0b1937c1f9b15a60b07)
+
+### Fixed
+* fixed XSS vulnerability in some pages (https://github.com/slawkens/myaac/commit/5c3b01aca4f3cfe8abc86b8ce48194b2da87b808)
+
+Nothing more or less!
+
+## [0.8.12 - 07.08.2023]
+I've moved the repository back to my personal account. (Just so you know!)
+
+I will also try to add git commits pointed to each change, lets see if you like it or not - you can comment in discussion, that will be created just after releasing this version :)
+
+### Added
+* forum: better error messages (Suggested by @anyeor) (https://github.com/slawkens/myaac/commit/34725e0257684fe5fa43875cc3a8f587ba04642e)
+* more support for GesiorAAC classes, so some of them will work with MyAAC (https://github.com/slawkens/myaac/commit/a8172a518ff8939c4402349b16c064fcaf855d31)
+* word-break on forum thread & reply (Suggested by @anyeor) (https://github.com/slawkens/myaac/commit/ce4aed0f1719d2aadc749e5238e883e3c10e2686)
+
+### Fixed
+* not working pages/links from database, introduced in 0.8.10 (Thanks to OtLand user - https://otland.net/members/0lo.99657/ for report) (https://github.com/slawkens/myaac/commit/1e874c7027769bd09e772a1cdac75d7e37991256)
+* it was possible to create topic in board that was closed, ommiting the error check (Thanks to @anyeor for report) (https://github.com/slawkens/myaac/commit/0d52978d9fb99869500d35e7676f454ca5eaba14)
+* PHP 8.2 compatibility - removed deprecated functions utf8_encode & utf8_decode (https://github.com/slawkens/myaac/commit/a338fd967cdbcc89e86be4e6b66b2cad2ff23251)
+* guild description not being correctly shown (Reported by @anyeor)  (https://github.com/slawkens/myaac/commit/f2a3ec1185df64ad9084d4ff55790ae4a5b3e5fd, https://github.com/slawkens/myaac/commit/df321154f63d458a4bc7d83bac5e3447b67317a4)
+
+### Removed
+* Some old code for verifying messages length (Reported by @anyeor) (https://github.com/slawkens/myaac/commit/df48363ea4ced4350fd90ffddf57d464ba5afa8b)
+* some info about config failed to load, was never working (https://github.com/slawkens/myaac/commit/7a546e5a41036b0e9e926d337c6f2e3c41c591d2)
+
+## [0.8.11 - 30.06.2023]
+
+### Added
+* new function from 0.9 - Cache::remember($key, $ttl, $callback)
+* new characters page hooks
+* line number & file to exception handler, to easier localize exceptions
+
+### Changed
+* rename to .htaccess.dist, causes some problems on default setup
+* removing unneccessary PHP closing tags to prevent potential issues (by @SRNT-GG)
+* display warning if hook file does not exist
+
+### Fixed
+* important: Not allow create char if limit is exceeded (by @anyeor) could have been used to spam database
+* deleted chars: cannot change comment, name, gender, cannot create guild, cannot be invited, cannot accept invite, cannot be passed leadership to
+* forum: quote and edit post buttons not being shown
+* twig exception thrown when player does not exist, on character change comment (thanks @anyeor)
+* BASE_DIR when accessing /tools
+* do not display warning if HTTP_ACCEPT_LANGUAGE is not set
+
+## [0.8.10 - 18.05.2023]
+
+### Changed
+* PHP 7.2.5 is now required, cause of Twig 2.x
+* allow pages to be placed in templates folder, under pages/ subfolder
+
+### Fixed
+* Twig error with global variable on create account
+* links/redirects from facebook, etc. like ?fbclid=x
+* do not allow to continue install when there is no server database imported
+* cannot go forward when config.local.php cannot be saved
+* when server uses another items serializer
+* small bug on install - please fill all input
+
+## [0.8.9 - 16.03.2023]
+
+### Added
+* You can now disable server status checking for testing purposes, useful for local testing when there is no server running
+  * with this, the page won't need 2 seconds to load
+  * set status_enabled to false in config.php
+* new buttons code for tibiacom template, can create button with any text
+* patched some small changes from develop branch
+
+### Changed
+* add .git to denied folders in nginx-sample.conf
+* plugins folder is now accessible from outside
+* add plugins folder to twig search paths
+
+### Fixed
+* player save on tfs 1.5 with new ipv6
+* more php 8.x compatibility
+* rel path for exception message, causing message to be not in red background
+
+## [0.8.8 - 18.02.2023]
+
+### Added
+* mail confirmed reward
+* support for latest group changes in TFS
+* new function: escapeHtml
+
+### Updated
+* TinyMCE to v4.9.1 (latest release in 4.x series)
+* Twig to v2.15.4
+
+### Changed
+* you can now place custom pages in your template directory under pages/ folder
+* HOOK_LOGOUT parameters, now only account_id is passed
+
+### Fixed
+* ipv6 introduced in latest TFS
+* config.account_premium_days for TFS 1.4+
+* better compatibility with GesiorAAC
+* PHP 8.1 compatibility
+* myaac_ db table detection failure
+* reload creatures error, when items cache has been cleared
+
+### Removed
+* accounts.blocked column, which is not used by AAC
+
+## [0.8.7 - 31.08.2022]
+
+### Added
+* login.php for client 12.x is now part of official repo
+* browsehappy code
+* config use character sample skill (#201, @gpedro)
+* custom words blocked (#190, @gpedro)
+
+### Changed
+* save php sessions in myaac dir
+* don't count deleted players when creating new character
+
+### Fixed
+* patch vulnerability in change_rank.php (#194, @gesior, @thatmichaelguy)
+* fix guild invite page (#196, @worthdavi)
+* players not showing on highscores page (#195)
+* highscores page bug with high pages
+* $player->getStorage() does not work at all (#169, @gesior)
+* copying sample character when it have items with quotes (#200, @gpedro)
+* IPv6 issue when env is set to dev (#171)
+* admin page changed feet to match body colour (#174, @silic0nalph4)
+* exception being thrown when creating duplicated character name (#191)
+* rules page formatting (#177, @silic0nalph4)
+* account character create if auto_login is enabled
+* undefined variable notice on database_log enabled
+* removed VERSION file
+
+## [0.8.6 - 10.07.2021]
+This update contains very important security fix.
+
+Please update your MyAAC instances to this version.
+
+## [0.8.5 - 08.06.2021]
+
+### Changed
+* bcmath module is not required anymore
+* Gratis premium account fixes (#156, by @czbadaro)
+* Update 404 response (#163, by @anyeor)
+
+### Fixed
+* compatibility with PHP 7.0 and lower
+* deleting ranks in guilds (#158, by @Misztrz)
+* guild back buttons (change logo & motd)
+* forum table style (boards & thread view)
+* guild list description new lines `<br>` being ignored (Thanks @anyeor for reporting)
+
+
+## [0.8.4 - 18.02.2021]
+
+### Added
+* support for accounts.premium_ends_at (Latest TFS 1.x)
+* more clients to clients.conf.php
+
+### Changed
+* minimum PHP 5.6 is now required
+* password can now contain any characters
+* add SSL on external image requests of items and outfits (@fernandomatos)
+* Use local storage for saving menu items (tibiacom template) - fixes bug with some websites like wykop.pl (browser freeze)
+* increase size of myaac_visitors.page column to 2048 (Thanks to OtLand user kaleuui)
+
+### Fixed
+* compatibility with PHP 8.0 (latest XAMPP)
+* displaying PHP errors on env = "prod"
+* the Guildnick not showing in the guild pages (@leesneaks)
+* you cannot delete character more than twice (Thanks Okke)
+* ignore arrays in config.lua (fixes experienceStages loading)
+* parsing empty strings in config.lua (with comments)
+* headling.php cannot find font
+
+## [0.8.3 - 27.10.2020]
+
+### Added
+* pdo_mysql as required extension
+* some notice about Email validation in create account
+
+### Changed
+* Move register DATABASE_VERSION into schema.sql
+    * Caused migrations being fired when user manually imported database
+
+### Fixed
+* creating very uncommon (bugged) account names
+* XSS in character search
+* Admin menu news editing warning when leaving page without touching the inputs
+* Guild Invite not working on otservbr-global
+* two boxes being show on email_change_cancel
+* when adding poll = template tibiacom broken
+* houses: Unknown column 'guild' in 'where clause (https://github.com/slawkens/myaac/issues/131)
+* account create when account_mail_verify is enabled
+* CloudFlare IP detection
+* network_twitter link in tibiacom template
+
+## [0.8.2 - 03.06.2020]
+
+### Added
+* Log query time in database_log (can be used for benchmarking)
+* new PHP constant: IS_CLI
+* $_SERVER['REQUEST_URI'] to database.log
+* outfit to highscores box in tibiacom template
+* system/data to .gitignore
+* error_reporting in admin panel (when in dev mode), so it shows php notices and warnings
+* example quests in config.php
+
+### Changed
+* account_login input type from password to text
+
+### Fixed
+* Guild Invite not working on otservbr-global (#123)
+* news not updating after adding in admin panel
+* wrong mana of character samples (#125)
+* missing rules page on clean install
+* double space character name creation (@Lee, #121)
+* creatures page: Max count and chance not shown on hovered items
+* exception being thrown when characters.frags enabled on TFS 1.x
+* TFS 0.4 guilds creation (Where guilds.checkdata and motd doesn't have default value)
+* ERR_TOO_MANY_REDIRECTS browser error on template change
+* updating template menus on template change
+* Account change info when config.account_country is disabled
+* cancel change email request
+* config.character_name_min/max_length being ignored in change_name.php
+* some rare bugs when database is no up-to-date and someone enters admin panel
+* extra line that is added when using a newer version than official release (@Lee)
+* admin links in featured article
+* some PHP Notice when HTTP_HOST is not set (Can happen on some old versions of HTTP protocol)
+* Show character indicator in check_name.js
+* Houses list View button was wrong (was from bootstrap)
+* OTS_House __construct - not loading by houseid parameter
+* message() function when executed in CLI
+
+### Removed
+* unused myaac_commands table from schema
+* MyISAM engine from migration scripts (#128)
+
+## [0.8.1 - 10.03.2020]
+
+### Added
+* Support for Nostalrius OTS
+
+### Changed
+* Move TODO to wiki
+* .tooltip css class to .item_image (bootstrap conflict)
+
+### Fixed
+* Reloading of creatures/monsters throwing an exception
+* Loading custom pages with old Gesior variables [#108](https://github.com/slawkens/myaac/issues/107)
+* Some weird behaviour with installation of plugins
+* CHANGELOG.md loading in Admin Panel
+* spells displaying when level = 0
+* Some PHP warnings and notices
+
+## [0.8.0 - 19.02.2020]
+
+### Added:
+* new Awesome Bootstrap Admin Panel by Lee (@Leesneaks)
+	* using Bootstrap 3
+	* all existing pages were adjusted 
+	* new editor: Accounts
+	* improved editor: Players
+	* new Reports View page
+	* Modules directory, which can be added using Plugins (@Leesneaks, @whiteblXK)
+	* move News Management here (@whiteblXK)
+	* interactive player outfit chooser (@tobi132)
+* added Highscores by balance
+* possibility to define colors and "Open in New Tab" on Template Menus (needs to be supported by Template)
+* support for database persistent and socket connections (performance boost)
+* Team page - display outfits of the players (configurable)
+* added clear_cache.php, send_email.php bin commands (@slawkens, @tobi132)
+* added locale pt_br (@ivenspontes)
+* added load time into items & weapons loading admin page
+* new, beautiful exception handler
+* added travisci to prevent mistype (@gpedro, #89)
+* added showing database name into installation script (@tobi132)
+* compatibility with old z_ gesior table (@tobi132, #46)
+* added nginx-sample.conf, .editorconfig, VERSION
+* database towns table support for TFS 1.3 (@tobi132)
+* added enable_tinymce option to Pages editor
+
+### Fixed:
+* account login redirect with special chars (like '&' and '?')
+* black skull info at serverInfo (@tornadia)
+* set correct limit at lastkills page from config (anyeor from OtLand)
+* myaac_monsters table column loot problem (#79)
+* players column deleted install description (@gpedro, #91)
+* experience table being to wide and buggy on some templates (@tobi132, #90)
+* fix errors with .htaccess files
+* added index.html to prevent indexing the folder by mod_index
+
+### Changed:
+* Environment is now configurable by env setting (Significantly better load times with 'prod')
+* replace spells, monsters tables with JavaScript Sortable Tables - DataTables (@Leesneaks)
+* change default MySQL Storage Engine to InnoDB and Default Character Set to utf8
+* updated OTS_House class to support latest TFS 1.x (new columns)
+* updated monster images to the original ones from tibia.com
+* increased the minimum length (3 -> 4) and decreased the maximum length (25 -> 21) of the New Character Name (by @vankk)
+* use $db->exec instead of $db->query optimisation
+* move items from database to Cache_PHP (Much more faster load time)
+* allow simultaneous loading of config.ini and config.php in templates
+* updated copyright year and SSL link (@EPuncker, #88)
+* move commands, rules and downloads pages into database (@tobi132)
+* better view of guilds (new buttons, table look and feel) (@tobi132)
+* remove stupid alerts on account create
+* remove .dist extension from .htaccess
+
+### New Configurables (config.php)
+* env (Environment)
+* account_create_auto_login (Auto Login after Create Account - Registration)
+* account_create_character_create (Create Character directly on Create Account page) (@tobi132)
+* footer_show_load_time (display load time of the page in the footer)
+* database_socket (Connection via Unix Socket)
+* database_persistent (Database Persistent Connection)
+* database_log (Logging of Database Queries)
+* admin_panel_modules (Modules displayed in Admin Panel Dashboard)
+* status_timeout, status_interval
+* smtp_debug (More info about SMTP errors in error.log)
+* team_display_outfit (Display outfit of the team members on teams page)
+* highscores_balance (Display highscores by balance)
+* character_name_min/max_length (Minimum and maximum length of character name)
+* characters.deleted (display deleted characters on characters page)
+
+### Forum:
+* show image in full screen on click
+* show user avatar (outfit) in posts
+* replaced forum actions links (move, remove, edit, quote) with images
+* redirect directly to the thread on user login (on new reply)
+
+### Installer:
+* AJAX loader for the important stuff
+* create admin account: ask for e-mail + character name
+* load items & weapons
+* check user IP on install to prevent install by random user
+* remember status of the installation
+* remember language on first step (welcome)
+* ask user for timezone
+* auto detected browser language in select language
+
+### Plugins
+* sandbox for plugins, don't install when requirements are not satisfied
+* allow comments inside plugin json file (php style)
+* new require options for plugins: (look into example.json)
+	* require database version, table or column of the MyAAC schema
+	* require php-extension
+	* require semantic-version (like in composer.json)
+* new hooks: LOGIN, LOGIN_ATTEMPT, LOGOUT, HOOK_ACCOUNT_CREATE_*
+
+### Cache
+* php 7.x APCu cache support (faster cache engine)
+* new cache engine: plain PHP (is good with pure php 7.0+ and opcache)
+* cache lastkills.php, $db->hasTable, $db->hasColumn, hooks and template menus
+* stop using global $cache variable, use Singleton pattern instead
+
+### Twig
+* move pages to Twig templates: team, lastkills, serverinfo, houses, guilds.list, guild.view, admin.logs, admin.reports (@whiteblXK, @tobi132)
+* replace "$twig->render()" with "$this->display"
+* move Twig functions to separate file
+* move tibiacom boxes to Twig templates
+* allow Pages to be loaded as Twig template (this allows using Twig variables in Pages) (@tobi132)
+* allow string to be passed to hook twig function
+
+### Functions
+* config($key), configLua($key)
+* clearCache()
+* OTS_Account:
+	* getCountry()
+	* setLastLogin($lastlogin) (@Leesneaks)
+	* setWebFlags(webflags) (@Leesneaks)
+* OTS_Player:
+	* getAccountId()
+	* countBlessings() (@Leesneaks)
+	* checkBlessings($count) (@Leesneaks)
+* is_sub_dir (in system/libs/plugins.php)
+* Twig:
+	* getPlayerLink($name, $generate = true)
+* removed SQLquote and SQLquery from OTS_Base_DB
+* Add optional $params param into log_append (will log arrays) (@tobi132)
+
+### Internal
+* moved clients list to the new file (clients.conf.php)
+* changed tableExist and fieldExist to $db->hasTable(table) + $db->hasColumn(table, column)
+* changed deprecated $ots->createObject() functions with their OTS_ equivalents
+* add global helper config($key) function + twig binding
+	* use config() instead of global $config
+* remove unnecessary parentheses in include/require PHP functions
+* use __DIR__ instead of dirname(__FILE__) - since PHP 5.3.0
+* change intval() function to (int) casting (up to 6x faster)
+* add release.sh script (for GitHub releases)
+* use curl as alternative option for reporting install
+
+### Libraries
+* updated Twig to version v1.35.0
+* updated TinyMCE to version v4.7.4
+
+### Deprecations
+* change deprecated HTML <center> tag to <div style="text-align:center">
+* replace deprecated HTML <font> tag with <span>
+
 ## [0.7.11 - 04.05.2019]
 ### Added:
 * support for some old servers, where arrays are used in config.lua

CONTRIBUTORS.txt

@@ -0,0 +1,14 @@
+# automatically exported using this script:
+# git log --all --format='%cN <%cE>' | sort -u > contributors
+# in no particular order
+# cleaned for readability
+
+Evil Puncker <EPuncker@users.noreply.github.com>
+Fernando Matos <fernando@pixele.com.br>
+Lee <42119604+Leesneaks@users.noreply.github.com>
+caio <caio.zucoli@gmail.com>
+slawkens <slawkens@gmail.com>
+tobi132 <52947952+tobi132@users.noreply.github.com>
+vankk <nwtr.otland@hotmail.com>
+whiteblXK <krzys16001@gmail.com>
+xitobuh <jonas.hockert92@gmail.com>

CREDITS

@@ -1,2 +1,3 @@
 * Gesior.pl (2007 - 2008)
-* Slawkens (2009 - 2017)
+* Slawkens (2009 - 2023)
+* Contributors listed in CONTRIBUTORS.txt

README.md

@@ -1,18 +1,31 @@
-# myaac
+# [MyAAC](https://my-aac.org)
-MyAAC is a free and open-source Automatic Account Creator (AAC) and Content Management System (CMS) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
+
+MyAAC is a free and open-source Automatic Account Creator (AAC) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
 
 Official website: https://my-aac.org
 
-### REQUIREMENTS
+[![GitHub Workflow Status (with event)](https://img.shields.io/github/actions/workflow/status/slawkens/myaac/cypress.yml)](https://github.com/slawkens/myaac/actions)
+[![License: GPL-3.0](https://img.shields.io/github/license/slawkens/myaac)](https://opensource.org/licenses/gpl-license)
+[![Downloads Count](https://img.shields.io/github/downloads/slawkens/myaac/total)](https://github.com/slawkens/myaac/releases)
+[![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
+[![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
+
+| Version | Status                 | Branch  | Requirements   |
+|:--------|:-----------------------|:--------|:---------------|
+| **1.x** | **Active development** | develop | **PHP >= 8.1** |
+| 0.9.x   | Not developed anymore  | 0.9     | PHP >= 7.2.5   |
+| 0.8.x   | Active support         | master  | PHP >= 7.2.5   |
+| 0.7.x   | End Of Life            | 0.7     | PHP >= 5.3.3   |
+
+### Requirements
 
-	- PHP 5.3.3 or later
 	- MySQL database
-	- PDO PHP Extension
+	- PHP Extensions: pdo, xml, json
-	- XML PHP Extension
+	- (optional) apache2 mod_rewrite (to use friendly_urls)
-	- ZIP PHP Extension
+	- (optional) zip PHP Extension (to install plugins)
-	- (optional) mod_rewrite to use friendly_urls
+	- (optional) gd PHP Extension (for generating signature images)
 
-### INSTALLATION AND CONFIGURATION
+### Installation
 
 	Just decompress and untar the source (which you should have done by now,
 	if you're reading this), into your webserver's document root.
@@ -28,19 +41,51 @@ Official website: https://my-aac.org
 			chmod 660 images/guilds
 			chmod 660 images/houses
 			chmod 660 images/gallery
-			chmod -R 770 system/cache
+			chmod -R 760 system/cache
 
 	Visit http://your_domain/install (http://localhost/install) and follow instructions in the browser.
 
-### KNOWN PROBLEMS
+### Configuration
 
-	- none -
+Check *config.php* to get more informations. (Notice: MyAAC 1.0+ doesn't use config.php anymore, it has been moved to Admin Panel - Settings page).
 
-### OTHER NOTES
+Use *config.local.php* for your local configuration changes.
 
-	If you have a great idea or want contribute to the project - visit our website at http://www.my-aac.org
+### Branches
 
-### LICENSING
+This repository follows the Git Flow Workflow.
+Cheatsheet: [Git-Flow-Cheetsheet](https://danielkummer.github.io/git-flow-cheatsheet)
 
-	This program and all associated files are released under the GNU Public
+That means, we use:
-	License, see LICENSE for details.
+* master branch, for current stable release
+* develop branch, for development version (next release)
+* feature branches, for features etc.
+
+### Known Problems
+
+- Some compatibility issues with some exotical distibutions.
+
+### Contributing
+
+Contributions are more than welcome. 
+
+Pull requests should be made to the *develop* branch as that is the working branch, master is for release code.  
+
+Bug fixes to current release should be done to master branch.
+
+Look: [Contributing](https://github.com/otsoft/myaac/wiki/Contributing) in our wiki.
+
+### Other Notes
+
+If you have a great idea or want contribute to the project - visit our website at https://www.my-aac.org
+
+## Project supported by JetBrains
+
+Many thanks to Jetbrains for kindly providing a license for me to work on this and other open-source projects.
+
+[![JetBrains](https://resources.jetbrains.com/storage/products/company/brand/logos/jb_beam.svg)](https://www.jetbrains.com/?from=https://github.com/slawkens)
+
+### License
+
+This program and all associated files are released under the GNU Public License.  
+See [LICENSE](https://github.com/slawkens/myaac/blob/master/LICENSE) for details.

SECURITY.md

@@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x.y   | :white_check_mark: |
+| 0.9.x   | :x:                |
+| 0.8.x   | :white_check_mark: |
+| < 0.7   | :x:                |
+
+## Reporting a Vulnerability
+
+If you found a security vulnerability, please write an email to security@my-aac.org
+
+All reports will be taken very seriously, and a fix will be posted as soon as possible.

TODO

@@ -1,37 +0,0 @@
-// MyAAC TODO
-
-0.*
-	* support duplicated vocation names with different ids
-	* plugins: option to define custom requirements check in json file, to check if system meets the requirement
-	* add support for defining max myaac version in plugin.json file
-	* cache Menus in templates
-	* don't show error indicators on first time load - createaccount page
-	* update Twig to the latest version from 1.x branch
-	* semantic versioning support for plugins (github.com/composer/semver)
-	* add some notice to the user that installing step "Import Schema" will take some time
-	* check user IP on installing to prevent install by random user
-
-1.0:
-	* i18n support (issue #1 on github)
-	* New Admin Panel layout and interface
-	* add changelog management interface
-	* remove tibiacom template, and include it as a plugin
-
-2.0
-	* remove compat functions
-	* folder restructure:
-		* var/ (for logs, cache and data), config/, bin, public/ (for index and images and other public content), system/ (for php files and classess)
-	* rename templates to layouts as templates is meant to be used for twig templates
-	* change gifts_system to shop_system configurable
-	* move most used options in system/templates dir to separate directories (more transparent)
-
-At any time between (version not specified):
-	* better news archive with search function (like on tibia.com)
-	* guild wars management (issue #13 on github)
-	* update account.management page to be more realistic (like on tibia.com)
-	* update guilds page to be more realistic (like on tibia.com)
-	* possibility to add extra cache engines with plugins
-	* preferably configurable (enable/disable) forum TinyMCE editor
-	* new cache engine - plain php, is good with pure php 7.0+ and opcache
-	* OTAdmin support in Admin Panel
-	* database towns table support for TFS 1.3

_config.yml

@@ -0,0 +1 @@
+theme: jekyll-theme-slate

admin/includes/functions.php

@@ -1 +1,2 @@
-<?php
+<?php
+// nothing yet here

admin/index.php

@@ -1,16 +1,20 @@
 <?php
 // few things we'll need
-require('../common.php');
+require '../common.php';
-require_once(BASE . 'config.local.php');
+
+define('ADMIN_PANEL', true);
+define('MYAAC_ADMIN', true);
+
+if(file_exists(BASE . 'config.local.php')) {
+	require_once BASE . 'config.local.php';
+}
 
 if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed']))
 {
 	header('Location: ' . BASE_URL . 'install/');
-	die('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
+	throw new RuntimeException('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
 }
 
-define('ADMIN_PANEL', true);
-
 $content = '';
 
 // validate page
@@ -21,11 +25,24 @@ if(empty($page) || preg_match("/[^a-zA-Z0-9_\-]/", $page))
 $page = strtolower($page);
 define('PAGE', $page);
 
-require(SYSTEM . 'functions.php');
+require SYSTEM . 'functions.php';
-require(SYSTEM . 'init.php');
+require SYSTEM . 'init.php';
-require(SYSTEM . 'status.php');
+
-require(SYSTEM . 'login.php');
+if(config('env') === 'dev') {
-require(ADMIN . 'includes/functions.php');
+	ini_set('display_errors', 1);
+	ini_set('display_startup_errors', 1);
+	error_reporting(E_ALL);
+}
+
+// event system
+require_once SYSTEM . 'hooks.php';
+$hooks = new Hooks();
+$hooks->load();
+
+require SYSTEM . 'status.php';
+require SYSTEM . 'login.php';
+require SYSTEM . 'migrate.php';
+require ADMIN . 'includes/functions.php';
 
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
@@ -35,8 +52,8 @@ if(!$logged || !admin()) {
 	$page = 'login';
 }
 
-// include our page 
+// include our page
-$file = SYSTEM . 'pages/admin/' . $page . '.php';
+$file = ADMIN . 'pages/' . $page . '.php';
 if(!@file_exists($file)) {
 	$page = '404';
 	$file = SYSTEM . 'pages/404.php';
@@ -50,5 +67,5 @@ ob_end_clean();
 
 // template
 $template_path = 'template/';
-require(ADMIN . $template_path . 'template.php');
+require ADMIN . $template_path . 'template.php';
-?>
+

admin/pages/accounts.php

@@ -0,0 +1,490 @@
+<?php
+/**
+ * Account editor
+ *
+ * @package   MyAAC
+ * @author    Lee
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$title = 'Account editor';
+$base = BASE_URL . 'admin/?p=accounts';
+
+if ($config['account_country'])
+	require SYSTEM . 'countries.conf.php';
+
+function echo_success($message)
+{
+	echo '<p class="success">' . $message . '</p>';
+}
+
+function echo_error($message)
+{
+	global $error;
+	echo '<p class="error">' . $message . '</p>';
+	$error = true;
+}
+
+function verify_number($number, $name, $max_length)
+{
+	if (!Validator::number($number))
+		echo_error($name . ' can contain only numbers.');
+
+	$number_length = strlen($number);
+	if ($number_length <= 0 || $number_length > $max_length)
+		echo_error($name . ' cannot be longer than ' . $max_length . ' digits.');
+}
+
+$hasSecretColumn = $db->hasColumn('accounts', 'secret');
+$hasCoinsColumn = $db->hasColumn('accounts', 'coins');
+$hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
+$hasTypeColumn = $db->hasColumn('accounts', 'type');
+$hasGroupColumn = $db->hasColumn('accounts', 'group_id');
+
+if ($config['account_country']) {
+	$countries = array();
+	foreach (array('pl', 'se', 'br', 'us', 'gb') as $c)
+		$countries[$c] = $config['countries'][$c];
+
+	$countries['--'] = '----------';
+	foreach ($config['countries'] as $code => $c)
+		$countries[$code] = $c;
+}
+?>
+
+<link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
+<script src="<?php echo BASE_URL; ?>tools/js/jquery.datetimepicker.js"></script>
+
+<?php
+$id = 0;
+if (isset($_REQUEST['id']))
+	$id = (int)$_REQUEST['id'];
+else if (isset($_REQUEST['search_name'])) {
+	if (strlen($_REQUEST['search_name']) < 3 && !Validator::number($_REQUEST['search_name'])) {
+		echo 'Player name is too short.';
+	} else {
+		if (Validator::number($_REQUEST['search_name']))
+			$id = $_REQUEST['search_name'];
+		else {
+			$query = $db->query('SELECT `id` FROM `accounts` WHERE `name` = ' . $db->quote($_REQUEST['search_name']));
+			if ($query->rowCount() == 1) {
+				$query = $query->fetch();
+				$id = $query['id'];
+			} else {
+				$query = $db->query('SELECT `id`, `name` FROM `accounts` WHERE `name` LIKE ' . $db->quote('%' . $_REQUEST['search_name'] . '%'));
+				if ($query->rowCount() > 0 && $query->rowCount() <= 10) {
+					echo 'Do you mean?<ul>';
+					foreach ($query as $row)
+						echo '<li><a href="' . $base . '&id=' . $row['id'] . '">' . $row['name'] . '</a></li>';
+					echo '</ul>';
+				} else if ($query->rowCount() > 10)
+					echo 'Specified name resulted with too many accounts.';
+			}
+		}
+	}
+}
+$groups = new OTS_Groups_List();
+if ($id > 0) {
+	$account = new OTS_Account();
+	$account->load($id);
+
+	if (isset($account, $_POST['save']) && $account->isLoaded()) {// we want to save
+		$error = false;
+
+		$_error = '';
+		$account_db = new OTS_Account();
+		if(USE_ACCOUNT_NAME) {
+			$name = $_POST['name'];
+
+			$account_db->find($name);
+			if ($account_db->isLoaded() && $account->getName() != $name)
+				echo_error('This name is already used. Please choose another name!');
+		}
+
+		$account_db->load($id);
+		if (!$account_db->isLoaded())
+			echo_error('Account with this id doesn\'t exist.');
+
+		//type/group
+		if($hasTypeColumn || $hasGroupColumn) {
+			$group = $_POST['group'];
+		}
+
+		$password = ((!empty($_POST["pass"]) ? $_POST['pass'] : null));
+		if (!Validator::password($password)) {
+			$errors['password'] = Validator::getLastError();
+		}
+
+		//secret
+		if($hasSecretColumn) {
+			$secret = $_POST['secret'];
+		}
+
+		//key
+		$key = $_POST['key'];
+		$email = $_POST['email'];
+		if (!Validator::email($email))
+			$errors['email'] = Validator::getLastError();
+
+		//tibia coins
+		if ($hasCoinsColumn) {
+			$t_coins = $_POST['t_coins'];
+			verify_number($t_coins, 'Tibia coins', 12);
+		}
+		// prem days
+		$p_days = (int)$_POST['p_days'];
+		verify_number($p_days, 'Prem days', 11);
+
+		//prem points
+		$p_points = $_POST['p_points'];
+		verify_number($p_points, 'Prem Points', 11);
+
+		//rl name
+		$rl_name = $_POST['rl_name'];
+
+		//location
+		$rl_loca = $_POST['rl_loca'];
+
+		//country
+		$rl_country = $_POST['rl_country'];
+
+		$web_flags = $_POST['web_flags'];
+		verify_number($web_flags, 'Web Flags', 1);
+
+		//created
+		$created = $_POST['created'];
+		verify_number($created, 'Created', 11);
+
+		//web last login
+		$web_lastlogin = $_POST['web_lastlogin'];
+		verify_number($web_lastlogin, 'Web Last logout', 11);
+
+		if (!$error) {
+			if(USE_ACCOUNT_NAME) {
+				$account->setName($name);
+			}
+
+			if ($hasTypeColumn) {
+				$account->setCustomField('type', $group);
+			} elseif ($hasGroupColumn) {
+				$account->setCustomField('group_id', $group);
+			}
+
+			if($hasSecretColumn) {
+				$account->setCustomField('secret', $secret);
+			}
+			$account->setCustomField('key', $key);
+			$account->setEMail($email);
+			if ($hasCoinsColumn) {
+				$account->setCustomField('coins', $t_coins);
+			}
+
+			$lastDay = 0;
+			if($p_days != 0 && $p_days != OTS_Account::GRATIS_PREMIUM_DAYS) {
+				$lastDay = time();
+			} else if ($lastDay != 0) {
+				$lastDay = 0;
+			}
+
+			$account->setPremDays($p_days);
+			$account->setLastLogin($lastDay);
+			if ($hasPointsColumn) {
+				$account->setCustomField('premium_points', $p_points);
+			}
+			$account->setRLName($rl_name);
+			$account->setLocation($rl_loca);
+			$account->setCountry($rl_country);
+			$account->setCustomField('created', $created);
+			$account->setWebFlags($web_flags);
+			$account->setCustomField('web_lastlogin', $web_lastlogin);
+
+			if (isset($password)) {
+				$config_salt_enabled = $db->hasColumn('accounts', 'salt');
+				if ($config_salt_enabled) {
+					$salt = generateRandomString(10, false, true, true);
+					$password = $salt . $password;
+					$account_logged->setCustomField('salt', $salt);
+				}
+
+				$password = encrypt($password);
+				$account->setPassword($password);
+
+				if ($config_salt_enabled)
+					$account->setCustomField('salt', $salt);
+			}
+
+			$account->save();
+			echo_success('Account saved at: ' . date('G:i'));
+		}
+	}
+}
+
+$search_account = '';
+if (isset($_REQUEST['search_name']))
+	$search_account = $_REQUEST['search_name'];
+else if (isset($_REQUEST['search_account']))
+	$search_account = $_REQUEST['search_account'];
+else if ($id > 0 && isset($account) && $account->isLoaded()) {
+	if(USE_ACCOUNT_NAME) {
+		$search_account = $account->getName();
+	}
+	else {
+		$search_account = $account->getId();
+	}
+}
+
+?>
+<div class="row">
+	<?php if (isset($account) && $account->isLoaded()) { ?>
+
+	<form action="<?php echo $base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post"
+		  class="form-horizontal">
+		<div class="col-md-8">
+			<div class="box box-primary">
+				<div class="box-body">
+					<div class="row">
+						<?php if(USE_ACCOUNT_NAME): ?>
+						<div class="col-xs-4">
+							<label for="name" class="control-label">Account Name:</label>
+							<input type="text" class="form-control" id="name" name="name"
+								   autocomplete="off" style="cursor: auto;"
+								   value="<?php echo $account->getName(); ?>"/>
+						</div>
+						<?php endif; ?>
+						<div class="col-xs-5">
+							<label for="c_pass" class="control-label">Password: (check to change)</label>
+							<div class="input-group">
+                            <span class="input-group-addon">
+                              <input type="checkbox"
+									 name="c_pass"
+									 id="c_pass"
+									 value="false"
+									 class="input_control"/>
+                            </span>
+								<input type="text" class="form-control" id="pass" name="pass"
+									   autocomplete="off" maxlength="20"
+									   value=""/>
+							</div>
+						</div>
+						<div class="col-xs-3">
+							<label for="account_id" class="control-label">Account ID:</label>
+							<input type="text" class="form-control" id="account_id" name="account_id"
+								   autocomplete="off" style="cursor: auto;" size="8" maxlength="11" disabled
+								   value="<?php echo $account->getId(); ?>"/>
+						</div>
+					</div>
+					<div class="row">
+						<?php
+						$acc_group = $account->getAccGroupId();
+						if ($hasTypeColumn) {
+							$groups = new OTS_Groups_List();
+
+							$acc_type = array("Normal", "Tutor", "Senior Tutor", "Gamemaster", "God");
+							if ($groups->getHighestId() == 6) {
+								$acc_type = array("Normal", "Tutor", "Senior Tutor", "Gamemaster", "Community Manager", "God");
+							}
+						?>
+							<div class="col-xs-6">
+								<label for="group" class="control-label">Account Type:</label>
+								<select name="group" id="group" class="form-control">
+									<?php foreach ($acc_type as $id => $a_type): ?>
+										<option value="<?php echo($id + 1); ?>" <?php echo($acc_group == ($id + 1) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
+									<?php endforeach; ?>
+								</select>
+							</div>
+							<?php
+						} elseif ($hasGroupColumn) {
+							?>
+							<div class="col-xs-6">
+								<label for="group" class="control-label">Account Type:</label>
+								<select name="group" id="group" class="form-control">
+									<?php
+									foreach ($groups->getGroups() as $id => $group): ?>
+										<option value="<?php echo $id; ?>" <?php echo($acc_group == $id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
+									<?php endforeach; ?>
+								</select>
+							</div>
+						<?php } ?>
+						<div class="col-xs-6">
+							<label for="web_flags" class="control-label">Website Access:</label>
+							<select name="web_flags" id="web_flags" class="form-control">
+								<?php $web_acc = array("None", "Admin", "Super Admin", "(Admin + Super Admin)");
+								foreach ($web_acc as $id => $a_type): ?>
+									<option value="<?php echo($id); ?>" <?php echo($account->getWebFlags() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
+								<?php endforeach; ?>
+							</select>
+						</div>
+					</div>
+					<div class="row">
+						<?php if($hasSecretColumn): ?>
+						<div class="col-xs-6">
+							<label for="secret" class="control-label">Secret:</label>
+							<input type="text" class="form-control" id="secret" name="secret"
+								   autocomplete="off" style="cursor: auto;" size="8" maxlength="11"
+								   value="<?php echo $account->getCustomField('secret'); ?>"/>
+						</div>
+						<?php endif; ?>
+						<div class="col-xs-6">
+							<label for="key" class="control-label">Key:</label>
+							<input type="text" class="form-control" id="key" name="key"
+								   autocomplete="off" style="cursor: auto;" size="8" maxlength="11"
+								   value="<?php echo $account->getCustomField('key'); ?>"/>
+						</div>
+					</div>
+					<div class="row">
+						<div class="col-xs-6">
+							<label for="email" class="control-label">Email:</label>
+							<input type="text" class="form-control" id="email" name="email"
+								   autocomplete="off" maxlength="20"
+								   value="<?php echo $account->getEMail(); ?>"/>
+						</div>
+						<?php if ($hasCoinsColumn): ?>
+							<div class="col-xs-6">
+								<label for="t_coins" class="control-label">Tibia Coins:</label>
+								<input type="text" class="form-control" id="t_coins" name="t_coins"
+									   autocomplete="off" maxlength="8"
+									   value="<?php echo $account->getCustomField('coins') ?>"/>
+							</div>
+						<?php endif; ?>
+						<div class="col-xs-6">
+							<label for="p_days" class="control-label">Premium Days:</label>
+							<input type="text" class="form-control" id="p_days" name="p_days"
+								   autocomplete="off" maxlength="11"
+								   value="<?php echo $account->getPremDays(); ?>"/>
+						</div>
+						<?php if ($hasPointsColumn): ?>
+							<div class="col-xs-6">
+								<label for="p_points" class="control-label">Premium Points:</label>
+								<input type="text" class="form-control" id="p_points" name="p_points"
+									   autocomplete="off" maxlength="8"
+									   value="<?php echo $account->getCustomField('premium_points') ?>"/>
+							</div>
+						<?php endif; ?>
+					</div>
+					<div class="row">
+						<div class="col-xs-4">
+							<label for="rl_name" class="control-label">RL Name:</label>
+							<input type="text" class="form-control" id="rl_name" name="rl_name"
+								   autocomplete="off" maxlength="20"
+								   value="<?php echo $account->getRLName(); ?>"/>
+						</div>
+						<div class="col-xs-4">
+							<label for="rl_loca" class="control-label">Location:</label>
+							<input type="text" class="form-control" id="rl_loca" name="rl_loca"
+								   autocomplete="off" maxlength="20"
+								   value="<?php echo $account->getLocation(); ?>"/>
+						</div>
+						<div class="col-xs-4">
+							<label for="rl_country" class="control-label">Country:</label>
+							<select name="rl_country" id="rl_country" class="form-control">
+								<?php foreach ($countries as $id => $a_type): ?>
+									<option value="<?php echo($id); ?>" <?php echo($account->getCountry() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
+								<?php endforeach; ?>
+							</select>
+						</div>
+					</div>
+					<div class="row">
+						<div class="col-xs-4">
+							<label for="created" class="control-label">Created:</label>
+							<input type="text" class="form-control" id="created" name="created"
+								   autocomplete="off" maxlength="20"
+								   value="<?php echo $account->getCustomField('created'); ?>"/>
+						</div>
+						<div class="col-xs-4">
+							<label for="web_lastlogin" class="control-label">Web Last Login:</label>
+							<input type="text" class="form-control" id="web_lastlogin" name="web_lastlogin"
+								   autocomplete="off" maxlength="20"
+								   value="<?php echo $account->getCustomField('web_lastlogin'); ?>"/>
+						</div>
+					</div>
+
+					<input type="hidden" name="save" value="yes"/>
+					<div class="box-footer">
+						<a href="<?php echo ADMIN_URL; ?>?p=accounts"><span class="btn btn-danger">Cancel</span></a>
+						<div class="pull-right">
+							<input type="submit" class="btn btn-primary" value="Update">
+						</div>
+					</div>
+
+				</div>
+			</div>
+	</form>
+</div>
+<?php } ?>
+<div class="col-md-4">
+	<div class="box box-primary">
+		<div class="box-header with-border">
+			<h3 class="box-title">Search Account:</h3>
+			<div class="box-tools pull-right">
+				<button type="button" class="btn btn-box-tool" data-widget="collapse"><i class="fa fa-minus"></i>
+				</button>
+			</div>
+		</div>
+
+		<div class="box-body">
+			<form action="<?php echo $base; ?>" method="post">
+				<div class="input-group input-group-sm">
+					<input type="text" class="form-control" name="search_name" value="<?php echo escapeHtml($search_account); ?>"
+						   maxlength="32" size="32">
+					<span class="input-group-btn">
+                          <button type="submit" type="button" class="btn btn-info btn-flat">Search</button>
+                        </span>
+				</div>
+			</form>
+		</div>
+	</div>
+	<?php
+	if (isset($account) && $account->isLoaded()) {
+		$account_players = array();
+		$query = $db->query('SELECT `name`,`level`,`vocation`  FROM `players` WHERE `account_id` = ' . $account->getId() . ' ORDER BY `name`')->fetchAll();
+		if (isset($query)) {
+			?>
+			<div class="box">
+				<div class="box-header">
+					<h3 class="box-title">Character List:</h3>
+				</div>
+				<div class="box-body no-padding">
+					<table class="table table-striped">
+						<tbody>
+						<tr>
+							<th style="width: 10px">#</th>
+							<th>Name</th>
+							<th>Level</th>
+							<th style="width: 40px">Edit</th>
+						</tr>
+						<?php
+						$i = 1;
+						foreach ($query as $p) {
+							$account_players[] = $p;
+							echo '<tr>
+                            <td>' . $i . '.</td>
+                            <td>' . $p['name'] . '</td>
+                            <td>' . $p['level'] . '</td>
+                            <td><a href="?p=players&search_name=' . $p['name'] . '"><span class="btn btn-success btn-sm edit btn-flat"><i class="fa fa-edit"></i></span></a></span></td>
+                        </tr>';
+							$i++;
+						} ?>
+						</tbody>
+					</table>
+				</div>
+			</div>
+
+			<?php
+		};
+	};
+	?>
+</div>
+
+<script type="text/javascript">
+	$('#lastlogout').datetimepicker({format: 'unixtime'});
+	$('#created').datetimepicker({format: 'unixtime'});
+	$('#web_lastlogin').datetimepicker({format: 'unixtime'});
+	$(document).ready(function () {
+		$('.input_control').change(function () {
+			$('input[name=pass]')[0].disabled = !this.checked;
+			$('input[name=pass]')[0].value = '';
+		}).change();
+	});
+</script>

admin/pages/changelog.php

@@ -0,0 +1,26 @@
+<?php
+/**
+ * CHANGELOG viewer
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'MyAAC Changelog';
+
+if (!file_exists(BASE . 'CHANGELOG.md')) {
+	echo 'File CHANGELOG.md doesn\'t exist.';
+	return;
+}
+
+require LIBS . 'Parsedown.php';
+
+$changelog = file_get_contents(BASE . 'CHANGELOG.md');
+
+$Parsedown = new Parsedown();
+
+$changelog = $Parsedown->text($changelog); # prints: <p>Hello <em>Parsedown</em>!</p>
+
+echo '<div>' . $changelog . '</div>';

admin/pages/dashboard.php

@@ -0,0 +1,91 @@
+<?php
+/**
+ * Dashboard
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Dashboard';
+
+if (isset($_GET['clear_cache'])) {
+	if (clearCache()) {
+		success('Cache cleared.');
+	} else {
+		error('Error while clearing cache.');
+	}
+}
+
+if (isset($_GET['maintenance'])) {
+	$_status = (int)$_POST['status'];
+	$message = $_POST['message'];
+	if (empty($message)) {
+		error('Message cannot be empty.');
+	} else if (strlen($message) > 255) {
+		error('Message is too long. Maximum length allowed is 255 chars.');
+	} else {
+		$tmp = '';
+		if (fetchDatabaseConfig('site_closed', $tmp))
+			updateDatabaseConfig('site_closed', $_status);
+		else
+			registerDatabaseConfig('site_closed', $_status);
+
+		if (fetchDatabaseConfig('site_closed_message', $tmp))
+			updateDatabaseConfig('site_closed_message', $message);
+		else
+			registerDatabaseConfig('site_closed_message', $message);
+	}
+}
+$is_closed = getDatabaseConfig('site_closed') == '1';
+
+$closed_message = 'Server is under maintenance, please visit later.';
+$tmp = '';
+if (fetchDatabaseConfig('site_closed_message', $tmp))
+	$closed_message = $tmp;
+
+$query = $db->query('SELECT count(*) as `how_much` FROM `accounts`;');
+$query = $query->fetch();
+$total_accounts = $query['how_much'];
+
+$query = $db->query('SELECT count(*) as `how_much` FROM `players`;');
+$query = $query->fetch();
+$total_players = $query['how_much'];
+
+$query = $db->query('SELECT count(*) as `how_much` FROM `guilds`;');
+$query = $query->fetch();
+$total_guilds = $query['how_much'];
+
+$query = $db->query('SELECT count(*) as `how_much` FROM `houses`;');
+$query = $query->fetch();
+$total_houses = $query['how_much'];
+
+$twig->display('admin.statistics.html.twig', array(
+	'total_accounts' => $total_accounts,
+	'total_players' => $total_players,
+	'total_guilds' => $total_guilds,
+	'total_houses' => $total_houses
+));
+
+$twig->display('admin.dashboard.html.twig', array(
+	'is_closed' => $is_closed,
+	'closed_message' => $closed_message,
+	'status' => $status,
+	'account_type' => USE_ACCOUNT_NAME ? 'name' : 'number'
+));
+
+echo '<div class="row">';
+
+$configAdminPanelModules = config('admin_panel_modules');
+if(isset($configAdminPanelModules))
+	$configAdminPanelModules = explode(',', $configAdminPanelModules);
+
+$twig_loader->prependPath(__DIR__ . '/modules/templates');
+foreach($configAdminPanelModules as $box) {
+	$file = __DIR__ . '/modules/' . $box . '.php';
+	if(file_exists($file)) {
+		include($file);
+	}
+}
+echo '</div>';

admin/pages/items.php

@@ -0,0 +1,35 @@
+<?php
+/**
+ * Load items.xml
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Load items.xml';
+
+require_once LIBS . 'items.php';
+require_once LIBS . 'weapons.php';
+
+$twig->display('admin.items.html.twig');
+
+$reload = isset($_REQUEST['reload']) && (int)$_REQUEST['reload'] === 1;
+if ($reload) {
+	$items_start_time = microtime(true);
+	if (Items::loadFromXML(true)) {
+		success('Successfully loaded items (in ' . round(microtime(true) - $items_start_time, 4) . ' seconds).');
+	}
+	else {
+		error(Items::getError());
+	}
+
+	$weapons_start_time = microtime(true);
+	if (Weapons::loadFromXML(true)) {
+		success('Successfully loaded weapons (in ' . round(microtime(true) - $weapons_start_time, 4) . ' seconds).');
+	}
+	else {
+		error(Weapons::getError());
+	}
+}

admin/pages/login.php

@@ -0,0 +1,26 @@
+<?php
+/**
+ * Login
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Login';
+$logout = '';
+if ($action == 'logout') {
+	$logout = "You have  been logged out!";
+}
+
+if (isset($errors)) {
+	foreach ($errors as $error) {
+		error($error);
+	}
+}
+
+$twig->display('admin.login.html.twig', array(
+	'logout' => $logout,
+	'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
+));

admin/pages/logs.php

@@ -0,0 +1,81 @@
+<?php
+/**
+ * Logs
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Logs Viewer';
+
+$files = array();
+$aac_path_logs = BASE . 'system/logs/';
+foreach (scandir($aac_path_logs, SCANDIR_SORT_ASCENDING) as $f) {
+    if ($f[0] === '.' || is_dir($aac_path_logs . $f)) {
+	    continue;
+    }
+
+    $files[] = array($f, $aac_path_logs);
+}
+
+$server_path_logs = $config['server_path'] . 'logs/';
+if (!file_exists($server_path_logs)) {
+    $server_path_logs = $config['data_path'] . 'logs/';
+}
+
+if (file_exists($server_path_logs)) {
+    foreach (scandir($server_path_logs, SCANDIR_SORT_ASCENDING) as $f) {
+        if ($f[0] === '.') {
+	        continue;
+        }
+
+        if (is_dir($server_path_logs . $f)) {
+            foreach (scandir($server_path_logs . $f, SCANDIR_SORT_ASCENDING) as $f2) {
+                if ($f2[0] === '.') {
+	                continue;
+                }
+
+                $files[] = array($f . '/' . $f2, $server_path_logs);
+            }
+
+            continue;
+        }
+
+        $files[] = array($f, $server_path_logs);
+    }
+}
+
+foreach ($files as &$f) {
+    $f['mtime'] = filemtime($f[1] . $f[0]);
+    $f['name'] = $f[0];
+}
+unset($f);
+
+$twig->display('admin.logs.html.twig', array('files' => $files));
+
+define('EXIST_NONE', 0);
+define('EXIST_SERVER_LOG', 1);
+define('EXIST_AAC_LOG', 2);
+
+$exist = EXIST_NONE;
+$file = isset($_GET['file']) ? $_GET['file'] : null;
+if (!empty($file)) {
+	if (!preg_match('/[^A-z0-9\' _\/\-\.]/', $file)) {
+		if (file_exists($aac_path_logs . $file)) {
+			$exist = EXIST_AAC_LOG;
+		} else if (file_exists($server_path_logs . $file)) {
+			$exist = EXIST_SERVER_LOG;
+		} else {
+			echo 'Specified file does not exist.';
+		}
+
+		if ($exist !== EXIST_NONE) {
+			$content = nl2br(file_get_contents(($exist === EXIST_SERVER_LOG ? $server_path_logs : $aac_path_logs) . $file));
+			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $content));
+		}
+	} else {
+		echo 'Invalid file name specified.';
+	}
+}

admin/pages/mailer.php

@@ -4,20 +4,18 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2017 MyAAC
+ * @copyright 2019 MyAAC
- * @link      http://my-aac.org
+ * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Mailer';
 
-if(!hasFlag(FLAG_CONTENT_MAILER) && !superAdmin())
+if (!hasFlag(FLAG_CONTENT_MAILER) && !superAdmin()) {
-{
 	echo 'Access denied.';
 	return;
 }
 
-if(!$config['mail_enabled'])
+if (!$config['mail_enabled']) {
-{
 	echo 'Mail support disabled.';
 	return;
 }
@@ -27,45 +25,45 @@ $mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subjec
 $preview = isset($_REQUEST['preview']);
 
 $preview_done = false;
-if($preview) {
+if ($preview) {
-	if(!empty($mail_content) && !empty($mail_subject)) {
+	if (!empty($mail_content) && !empty($mail_subject)) {
 		$preview_done = _mail($account_logged->getCustomField('email'), $mail_subject, $mail_content);
-		
+
-		if(!$preview_done)
+		if (!$preview_done)
-			error('Error while sending preview mail: ' . $mailer->ErrorInfo);
+			error('Error while sending preview mail. More info can be found in system/logs/mailer-error.log');
 	}
 }
 
 
-echo $twig->render('admin.mailer.html.twig', array(
+$twig->display('admin.mailer.html.twig', array(
 	'mail_subject' => $mail_subject,
 	'mail_content' => $mail_content,
 	'preview_done' => $preview_done
 ));
 
-if(empty($mail_content) || empty($mail_subject) || $preview)
+if (empty($mail_content) || empty($mail_subject) || $preview)
 	return;
 
 $success = 0;
 $failed = 0;
 
 $add = '';
-if($config['account_mail_verify'])
+if ($config['account_mail_verify']) {
+	note('Note: Sending only to users with verified E-Mail.');
 	$add = ' AND ' . $db->fieldName('email_verified') . ' = 1';
+}
 
 $query = $db->query('SELECT ' . $db->fieldName('email') . ' FROM ' . $db->tableName('accounts') . ' WHERE ' . $db->fieldName('email') . ' != ""' . $add);
-foreach($query  as $email)
+foreach ($query as $email) {
-{
+	if (_mail($email['email'], $mail_subject, $mail_content))
-	if(_mail($email['email'], $mail_subject, $mail_content))
 		$success++;
-	else
+	else {
-	{
 		$failed++;
 		echo '<br />';
-		error('An error occorred while sending email to <b>' . $email['email'] . '</b>. Error: ' . $mailer->ErrorInfo);
+		error('An error occorred while sending email to <b>' . $email['email'] . '</b>. For Admin: More info can be found in system/logs/mailer-error.log');
 	}
 }
-?>
+
-	Mailing finished.<br/>
+success('Mailing finished.');
-	<p class="success"><?php echo $success; ?> emails delivered.</p><br/>
+success("$success emails delivered.");
-	<p class="warning"><?php echo $failed; ?> emails failed.</p></br>
+warning("$failed emails failed.");

admin/pages/menus.php

@@ -0,0 +1,137 @@
+<?php
+/**
+ * Menus
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Menus';
+
+if (!hasFlag(FLAG_CONTENT_MENUS) && !superAdmin()) {
+	echo 'Access denied.';
+	return;
+}
+
+if (isset($_REQUEST['template'])) {
+	$template = $_REQUEST['template'];
+
+	if (isset($_REQUEST['menu'])) {
+		$post_menu = $_REQUEST['menu'];
+		$post_menu_link = $_REQUEST['menu_link'];
+		$post_menu_blank = $_REQUEST['menu_blank'];
+		$post_menu_color = $_REQUEST['menu_color'];
+		if (count($post_menu) != count($post_menu_link)) {
+			echo 'Menu count is not equal menu links. Something went wrong when sending form.';
+			return;
+		}
+
+		$db->query('DELETE FROM `' . TABLE_PREFIX . 'menu` WHERE `template` = ' . $db->quote($template));
+		foreach ($post_menu as $category => $menus) {
+			foreach ($menus as $i => $menu) {
+				if (empty($menu)) // don't save empty menu item
+					continue;
+
+				try {
+					$db->insert(TABLE_PREFIX . 'menu', array('template' => $template, 'name' => $menu, 'link' => $post_menu_link[$category][$i], 'blank' => $post_menu_blank[$category][$i] == 'on' ? 1 : 0, 'color' => str_replace('#', '', $post_menu_color[$category][$i]), 'category' => $category, 'ordering' => $i));
+				} catch (PDOException $error) {
+					warning('Error while adding menu item (' . $menu . '): ' . $error->getMessage());
+				}
+			}
+		}
+
+		$cache = Cache::getInstance();
+		if ($cache->enabled()) {
+			$cache->delete('template_menus');
+		}
+
+		success('Saved at ' . date('H:i'));
+	}
+
+	$file = TEMPLATES . $template . '/config.php';
+	if (file_exists($file)) {
+		require_once $file;
+	} else {
+		echo 'Cannot find template config.php file.';
+		return;
+	}
+
+	if (!isset($config['menu_categories'])) {
+		echo "No menu categories set in template config.php.<br/>This template doesn't support dynamic menus.";
+		return;
+	}
+
+	echo 'Hint: You can drag menu items.<br/>
+	Hint: Add links to external sites using: <b>http://</b> or <b>https://</b> prefix.<br/>
+	Not all templates support blank and colorful links.<br/><br/>
+    <div class="row">';
+	$menus = array();
+	$menus_db = $db->query('SELECT `name`, `link`, `blank`, `color`, `category`, `ordering` FROM `' . TABLE_PREFIX . 'menu` WHERE `enabled` = 1 AND `template` = ' . $db->quote($template) . ' ORDER BY `ordering` ASC;')->fetchAll();
+	foreach ($menus_db as $menu) {
+		$menus[$menu['category']][] = array('name' => $menu['name'], 'link' => $menu['link'], 'blank' => $menu['blank'], 'color' => $menu['color'], 'ordering' => $menu['ordering']);
+	}
+
+	$last_id = array();
+	echo '<form method="post" id="menus-form" action="?p=menus">';
+	echo '<input type="hidden" name="template" value="' . $template . '"/>';
+	foreach ($config['menu_categories'] as $id => $cat) {
+		echo '        <div class="col-md-12 col-lg-6">
+            <div class="box box-danger">
+                <div class="box-header with-border">
+                    <h3 class="box-title">' . $cat['name'] . ' <img class="add-button" id="add-button-' . $id . '" src="' . BASE_URL . 'images/plus.png" width="16" height="16"/></h3>
+                </div>
+                <div class="box-body">';
+
+
+		echo '<ul class="sortable" id="sortable-' . $id . '">';
+		if (isset($menus[$id])) {
+			$i = 0;
+			foreach ($menus[$id] as $menu) {
+				echo '<li class="ui-state-default" id="list-' . $id . '-' . $i . '"><label>Name:</label><input type="text" name="menu[' . $id . '][]" value="' . escapeHtml($menu['name']) . '"/>
+				<label>Link:</label><input type="text" name="menu_link[' . $id . '][]" value="' . $menu['link'] . '"/>
+				<input type="hidden" name="menu_blank[' . $id . '][]" value="0" />
+				<label><input class="blank-checkbox" type="checkbox" ' . ($menu['blank'] == 1 ? 'checked' : '') . '/><span title="Open in New Window">Open in New Window</span></label>
+				
+				<input class="color-picker" type="text" name="menu_color[' . $id . '][]" value="#' . $menu['color'] . '" />
+				
+				<a class="remove-button" id="remove-button-' . $id . '-' . $i . '"><img src="' . BASE_URL . 'images/del.png"/></a></li>';
+
+				$i++;
+				$last_id[$id] = $i;
+			}
+		}
+
+		echo '</ul>';
+		echo '                </div>
+            </div>
+        </div>
+';
+	}
+	echo ' </div><div class="row"><div class="col-md-6">';
+	echo '<input type="submit" class="btn btn-info" value="Save">';
+	echo '<input type="button" class="btn btn-default pull-right" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus&template=' . $template . '\';">';
+	echo '</div></div>';
+	echo '</form>';
+
+	$twig->display('admin.menus.js.html.twig', array(
+		'menus' => $menus,
+		'last_id' => $last_id
+	));
+	?>
+
+	<?php
+} else {
+	$templates = $db->query('SELECT `template` FROM `' . TABLE_PREFIX . 'menu` GROUP BY `template`;')->fetchAll();
+	foreach ($templates as $key => $value) {
+		$file = TEMPLATES . $value['template'] . '/config.php';
+		if (!file_exists($file)) {
+			unset($templates[$key]);
+		}
+	}
+
+	$twig->display('admin.menus.form.html.twig', array(
+		'templates' => $templates
+	));
+}

admin/pages/modules/coins.php

@@ -0,0 +1,11 @@
+<?php
+
+if ($db->hasColumn('accounts', 'coins')) {
+	$coins = $db->query('SELECT `coins`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `coins` DESC LIMIT 10;');
+} else {
+	$coins = 0;
+}
+
+$twig->display('coins.html.twig', array(
+	'coins' => $coins
+));

admin/pages/modules/lastlogin.php

@@ -0,0 +1,11 @@
+<?php
+
+if ($db->hasColumn('players', 'lastlogin')) {
+	$players = $db->query('SELECT name, level, lastlogin FROM players ORDER BY lastlogin DESC LIMIT 10;');
+} else {
+	$players = 0;
+}
+
+$twig->display('lastlogin.html.twig', array(
+	'players' => $players,
+));

admin/pages/modules/points.php

@@ -0,0 +1,10 @@
+<?php
+if ($db->hasColumn('accounts', 'premium_points')) {
+	$points = $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;');
+} else {
+	$points = 0;
+}
+
+$twig->display('points.html.twig', array(
+	'points' => $points,
+));

admin/pages/modules/templates/coins.html.twig

@@ -0,0 +1,29 @@
+{% if coins is iterable %}
+	<div class="col-md-3">
+		<div class="box">
+			<div class="box-header">
+				<h3 class="box-title">Top 10 - Most coins</h3>
+			</div>
+			<div class="box-body no-padding">
+				<table class="table table-condensed">
+					<tbody>
+					<tr>
+						<th>#</th>
+						<th>Account {{ account_type }}</th>
+						<th>Tibia coins</th>
+					</tr>
+					{% set i = 0 %}
+					{% for result in coins %}
+						{% set i = i + 1 %}
+						<tr>
+							<td>{{ i }}</td>
+							<td>{{ result.name }}</td>
+							<td>{{ result.coins }}</td>
+						</tr>
+					{% endfor %}
+					</tbody>
+				</table>
+			</div>
+		</div>
+	</div>
+{% endif %}

admin/pages/modules/templates/lastlogin.html.twig

@@ -0,0 +1,29 @@
+{% if players is iterable %}
+	<div class="col-md-3">
+		<div class="box">
+			<div class="box-header">
+				<h3 class="box-title">Last 10 Logins</h3>
+			</div>
+			<div class="box-body no-padding">
+				<table class="table table-condensed">
+					<tbody>
+					<tr>
+						<th>#</th>
+						<th>Player</th>
+						<th>Login Date</th>
+					</tr>
+					{% set i = 0 %}
+					{% for result in players %}
+						{% set i = i + 1 %}
+						<tr>
+							<td>{{ i }}</td>
+							<td>{{ result.name }}</td>
+							<td>{{ result.lastlogin|date("M d Y, H:i:s") }}</td>
+						</tr>
+					{% endfor %}
+					</tbody>
+				</table>
+			</div>
+		</div>
+	</div>
+{% endif %}

admin/pages/modules/templates/points.html.twig

@@ -0,0 +1,29 @@
+{% if points is iterable %}
+	<div class="col-md-3">
+		<div class="box">
+			<div class="box-header">
+				<h3 class="box-title">Top 10 - Most premium points</h3>
+			</div>
+			<div class="box-body no-padding">
+				<table class="table table-condensed">
+					<tbody>
+					<tr>
+						<th>#</th>
+						<th>Account {{ account_type }}</th>
+						<th>Premium points</th>
+					</tr>
+					{% set i = 0 %}
+					{% for result in points %}
+						{% set i = i + 1 %}
+						<tr>
+							<td>{{ i }}</td>
+							<td>{{ result.name }}</td>
+							<td>{{ result.premium_points }}</td>
+						</tr>
+					{% endfor %}
+					</tbody>
+				</table>
+			</div>
+		</div>
+	</div>
+{% endif %}

admin/pages/news.php

@@ -0,0 +1,154 @@
+<?php
+/**
+ * Pages
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+require_once LIBS . 'forum.php';
+require_once LIBS . 'news.php';
+
+$title = 'News Panel';
+
+if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
+	echo 'Access denied.';
+	return;
+}
+
+header('X-XSS-Protection:0');
+
+// some constants, used mainly by database (cannot by modified without schema changes)
+define('TITLE_LIMIT', 100);
+define('BODY_LIMIT', 65535); // maximum news body length
+define('ARTICLE_TEXT_LIMIT', 300);
+define('ARTICLE_IMAGE_LIMIT', 100);
+
+$name = $p_title = '';
+if(!empty($action))
+{
+	$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : null;
+	$p_title = isset($_REQUEST['title']) ? $_REQUEST['title'] : null;
+	$body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null;
+	$comments = isset($_REQUEST['comments']) ? $_REQUEST['comments'] : null;
+	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null;
+	$category = isset($_REQUEST['category']) ? (int)$_REQUEST['category'] : null;
+	$player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null;
+	$article_text = isset($_REQUEST['article_text']) ? $_REQUEST['article_text'] : null;
+	$article_image = isset($_REQUEST['article_image']) ? $_REQUEST['article_image'] : null;
+	$forum_section = isset($_REQUEST['forum_section']) ? $_REQUEST['forum_section'] : null;
+	$errors = array();
+
+	if($action == 'add') {
+		if(isset($forum_section) && $forum_section != '-1') {
+			$forum_add = Forum::add_thread($p_title, $body, $forum_section, $player_id, $account_logged->getId(), $errors);
+		}
+
+		if(News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
+			$p_title = $body = $comments = $article_text = $article_image = '';
+			$type = $category = $player_id = 0;
+
+			success("Added successful.");
+		}
+	}
+	else if($action == 'delete') {
+		News::delete($id, $errors);
+		success("Deleted successful.");
+	}
+	else if($action == 'edit')
+	{
+		if(isset($id) && !isset($p_title)) {
+			$news = News::get($id);
+			$p_title = $news['title'];
+			$body = $news['body'];
+			$comments = $news['comments'];
+			$type = $news['type'];
+			$category = $news['category'];
+			$player_id = $news['player_id'];
+			$article_text = $news['article_text'];
+			$article_image = $news['article_image'];
+		}
+		else {
+			if(News::update($id, $p_title, $body, $type, $category, $player_id, $forum_section, $article_text, $article_image, $errors)) {
+				// update forum thread if exists
+				if(isset($forum_section) && Validator::number($forum_section)) {
+					$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `author_guid` = ".(int) $player_id.", `post_text` = ".$db->quote($body).", `post_topic` = ".$db->quote($p_title).", `edit_date` = " . time() . " WHERE `id` = " . $db->quote($forum_section));
+				}
+
+				$action = $p_title = $body = $comments = $article_text = $article_image = '';
+				$type = $category = $player_id = 0;
+
+				success("Updated successful.");
+			}
+		}
+	}
+	else if($action == 'hide') {
+		News::toggleHidden($id, $errors, $status);
+		success(($status == 1 ? 'Show' : 'Hide') . " successful.");
+	}
+
+	if(!empty($errors))
+		error(implode(", ", $errors));
+}
+
+$categories = array();
+foreach($db->query('SELECT `id`, `name`, `icon_id` FROM `' . TABLE_PREFIX . 'news_categories` WHERE `hidden` != 1') as $cat)
+{
+	$categories[$cat['id']] = array(
+		'name' => $cat['name'],
+		'icon_id' => $cat['icon_id']
+	);
+}
+
+if($action == 'edit' || $action == 'new') {
+	if($action == 'edit') {
+		$player = new OTS_Player();
+		$player->load($player_id);
+	}
+
+	$account_players = $account_logged->getPlayersList();
+	$account_players->orderBy('group_id', POT::ORDER_DESC);
+	$twig->display('admin.news.form.html.twig', array(
+		'action' => $action,
+		'news_link' => getLink(PAGE),
+		'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'add'),
+		'news_id' => isset($id) ? $id : null,
+		'title' => isset($p_title) ? $p_title : '',
+		'body' => isset($body) ? escapeHtml($body) : '',
+		'type' => isset($type) ? $type : null,
+		'player' => isset($player) && $player->isLoaded() ? $player : null,
+		'player_id' => isset($player_id) ? $player_id : null,
+		'account_players' => $account_players,
+		'category' => isset($category) ? $category : 0,
+		'categories' => $categories,
+		'forum_boards' => getForumBoards(),
+		'forum_section' => isset($forum_section) ? $forum_section : null,
+		'comments' => isset($comments) ? $comments : null,
+		'article_text' => isset($article_text) ? $article_text : null,
+		'article_image' => isset($article_image) ? $article_image : null
+	));
+}
+
+$query = $db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'news'));
+$newses = array();
+foreach ($query as $_news) {
+	$_player = new OTS_Player();
+	$_player->load($_news['player_id']);
+
+	$newses[$_news['type']][] = array(
+		'id' => $_news['id'],
+		'hidden' => $_news['hidden'],
+		'archive_link' => getLink('news') . '/archive/' . $_news['id'],
+		'title' => $_news['title'],
+		'date' => $_news['date'],
+		'player_name' => isset($_player) && $_player->isLoaded() ? $_player->getName() : '',
+		'player_link' => isset($_player) && $_player->isLoaded() ? getPlayerLink($_player->getName(), false) : '',
+	);
+}
+
+$twig->display('admin.news.html.twig', array(
+	'newses' => $newses
+));

admin/pages/notepad.php

@@ -4,30 +4,27 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2017 MyAAC
+ * @copyright 2019 MyAAC
- * @link      http://my-aac.org
+ * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Notepad';
 
 $notepad_content = Notepad::get($account_logged->getId());
-if(isset($_POST['content']))
+if (isset($_POST['content'])) {
-{
 	$_content = html_entity_decode(stripslashes($_POST['content']));
-	if(!$notepad_content)
+	if (!$notepad_content)
 		Notepad::create($account_logged->getId(), $_content);
 	else
 		Notepad::update($account_logged->getId(), $_content);
 
 	echo '<div class="success" style="text-align: center;">Saved at ' . date('H:i') . '</div>';
-}
+} else {
-else
+	if ($notepad_content !== false)
-{
-	if($notepad_content !== false)
 		$_content = $notepad_content;
 }
 
-echo $twig->render('admin.notepad.html.twig', array('content' => isset($_content) ? $_content : null));
+$twig->display('admin.notepad.html.twig', array('content' => isset($_content) ? $_content : null));
 
 class Notepad
 {
@@ -35,7 +32,7 @@ class Notepad
 	{
 		global $db;
 		$query = $db->select(TABLE_PREFIX . 'notepad', array('account_id' => $account_id));
-		if($query !== false)
+		if ($query !== false)
 			return $query['content'];
 
 		return false;
@@ -52,4 +49,4 @@ class Notepad
 		global $db;
 		$db->update(TABLE_PREFIX . 'notepad', array('content' => $content), array('account_id' => $account_id));
 	}
-}
+}

admin/pages/pages.php

@@ -4,14 +4,13 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2017 MyAAC
+ * @copyright 2019 MyAAC
- * @link      http://my-aac.org
+ * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Pages';
 
-if(!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin())
+if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
-{
 	echo 'Access denied.';
 	return;
 }
@@ -22,96 +21,96 @@ $name = $p_title = '';
 $groups = new OTS_Groups_List();
 
 $php = false;
+$enable_tinymce = true;
 $access = 0;
 
-if(!empty($action))
+if (!empty($action)) {
-{
+	if ($action == 'delete' || $action == 'edit' || $action == 'hide')
-	if($action == 'delete' || $action == 'edit' || $action == 'hide')
 		$id = $_REQUEST['id'];
 
-	if(isset($_REQUEST['name']))
+	if (isset($_REQUEST['name']))
 		$name = $_REQUEST['name'];
 
-	if(isset($_REQUEST['title']))
+	if (isset($_REQUEST['title']))
 		$p_title = $_REQUEST['title'];
 
 	$php = isset($_REQUEST['php']) && $_REQUEST['php'] == 1;
-	if($php)
+	$enable_tinymce = isset($_REQUEST['enable_tinymce']) && $_REQUEST['enable_tinymce'] == 1;
+	if ($php)
 		$body = $_REQUEST['body'];
-	else if(isset($_REQUEST['body'])) {
+	else if (isset($_REQUEST['body'])) {
 		//$body = $_REQUEST['body'];
 		$body = html_entity_decode(stripslashes($_REQUEST['body']));
 	}
 
-	if(isset($_REQUEST['access']))
+	if (isset($_REQUEST['access']))
 		$access = $_REQUEST['access'];
 
 	$errors = array();
 	$player_id = 1;
 
-	if($action == 'add') {
+	if ($action == 'add') {
-		if(Pages::add($name, $p_title, $body, $player_id, $php, $access, $errors))
+		if (Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
-		{
 			$name = $p_title = $body = '';
 			$player_id = $access = 0;
 			$php = false;
+			$enable_tinymce = true;
 		}
-	}
+	} else if ($action == 'delete') {
-	else if($action == 'delete') {
+		if (Pages::delete($id, $errors))
-		if(Pages::delete($id, $errors))
 			success('Page with id ' . $id . ' has been deleted');
-	}
+	} else if ($action == 'edit') {
-	else if($action == 'edit')
+		if (isset($id) && !isset($_REQUEST['name'])) {
-	{
-		if(isset($id) && !isset($_REQUEST['name'])) {
 			$_page = Pages::get($id);
 			$name = $_page['name'];
 			$p_title = $_page['title'];
 			$body = $_page['body'];
 			$php = $_page['php'] == '1';
+			$enable_tinymce = $_page['enable_tinymce'] == '1';
 			$access = $_page['access'];
-		}
+		} else {
-		else {
+			Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access);
-			Pages::update($id, $name, $p_title, $body, $player_id, $php, $access);
 			$action = $name = $p_title = $body = '';
 			$player_id = 1;
 			$access = 0;
 			$php = false;
+			$enable_tinymce = true;
 		}
-	}
+	} else if ($action == 'hide') {
-	else if($action == 'hide') {
 		Pages::toggleHidden($id, $errors);
 	}
 
-	if(!empty($errors))
+	if (!empty($errors))
-		echo $twig->render('error_box.html.twig', array('errors' => $errors));
+		error(implode(", ", $errors));
 }
 
 $query =
 	$db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'pages'));
 
 $pages = array();
-foreach($query as $_page) {
+foreach ($query as $_page) {
 	$pages[] = array(
 		'link' => getFullLink($_page['name'], $_page['name'], true),
 		'title' => substr($_page['title'], 0, 20),
+		'php' => $_page['php'] == '1',
 		'id' => $_page['id'],
 		'hidden' => $_page['hidden']
 	);
 }
 
-echo $twig->render('admin.pages.form.html.twig', array(
+$twig->display('admin.pages.form.html.twig', array(
 	'action' => $action,
 	'id' => $action == 'edit' ? $id : null,
 	'name' => $name,
 	'title' => $p_title,
 	'php' => $php,
-	'body' => isset($body) ? htmlentities($body, ENT_COMPAT, 'UTF-8') : '',
+	'enable_tinymce' => $enable_tinymce,
+	'body' => isset($body) ? escapeHtml($body) : '',
 	'groups' => $groups->getGroups(),
 	'access' => $access
 ));
 
-echo $twig->render('admin.pages.html.twig', array(
+$twig->display('admin.pages.html.twig', array(
 	'pages' => $pages
 ));
 
@@ -121,45 +120,62 @@ class Pages
 	{
 		global $db;
 		$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
-		if($query !== false)
+		if ($query !== false)
 			return $query;
 
 		return false;
 	}
 
-	static public function add($name, $title, $body, $player_id, $php, $access, &$errors)
+	static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
 	{
 		global $db;
-		if(isset($name[0]) && isset($title[0]) && isset($body[0]) && $player_id != 0)
+		if (isset($name[0]) && isset($title[0]) && isset($body[0]) && $player_id != 0) {
-		{
 			$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name));
-			if($query === false)
+			if ($query === false)
-				$db->insert(TABLE_PREFIX . 'pages', array('name' => $name, 'title' => $title, 'body' => $body, 'player_id' => $player_id, 'php' => $php ? '1' : '0', 'access' => $access));
+				$db->insert(TABLE_PREFIX . 'pages',
+					array(
+						'name' => $name,
+						'title' => $title,
+						'body' => $body,
+						'player_id' => $player_id,
+						'php' => $php ? '1' : '0',
+						'enable_tinymce' => $enable_tinymce ? '1' : '0',
+						'access' => $access
+					)
+				);
 			else
 				$errors[] = 'Page with this link already exists.';
-		}
+		} else
-		else
 			$errors[] = 'Please fill all inputs.';
 
 		return !count($errors);
 	}
 
-	static public function update($id, $name, $title, $body, $player_id, $php, $access) {
+	static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access)
+	{
 		global $db;
-		$db->update(TABLE_PREFIX . 'pages', array('name' => $name, 'title' => $title, 'body' => $body, 'player_id' => $player_id, 'php' => $php ? '1' : '0', 'access' => $access), array('id' => $id));
+		$db->update(TABLE_PREFIX . 'pages',
+			array(
+				'name' => $name,
+				'title' => $title,
+				'body' => $body,
+				'player_id' => $player_id,
+				'php' => $php ? '1' : '0',
+				'enable_tinymce' => $enable_tinymce ? '1' : '0',
+				'access' => $access
+			),
+			array('id' => $id));
 	}
 
 	static public function delete($id, &$errors)
 	{
 		global $db;
-		if(isset($id))
+		if (isset($id)) {
-		{
+			if ($db->select(TABLE_PREFIX . 'pages', array('id' => $id)) !== false)
-			if($db->select(TABLE_PREFIX . 'pages', array('id' => $id)) !== false)
 				$db->delete(TABLE_PREFIX . 'pages', array('id' => $id));
 			else
 				$errors[] = 'Page with id ' . $id . ' does not exists.';
-		}
+		} else
-		else
 			$errors[] = 'id not set';
 
 		return !count($errors);
@@ -168,18 +184,15 @@ class Pages
 	static public function toggleHidden($id, &$errors)
 	{
 		global $db;
-		if(isset($id))
+		if (isset($id)) {
-		{
 			$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
-			if($query !== false)
+			if ($query !== false)
 				$db->update(TABLE_PREFIX . 'pages', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
 			else
 				$errors[] = 'Page with id ' . $id . ' does not exists.';
-		}
+		} else
-		else
 			$errors[] = 'id not set';
 
 		return !count($errors);
 	}
 }
-?>

admin/pages/phpinfo.php

@@ -0,0 +1,19 @@
+<?php
+/**
+ * PHP Info
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'PHP Info';
+
+if (!function_exists('phpinfo')) { ?>
+	<b>phpinfo()</b> function is disabled in your webserver config.<br/>
+	You can enable it by editing <b>php.ini</b> file.
+	<?php return;
+}
+?>
+<iframe src="<?php echo BASE_URL; ?>admin/tools/phpinfo.php" width="1024" height="550"/>

admin/pages/players.php

@@ -0,0 +1,904 @@
+<?php
+/**
+ * Players editor
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$title = 'Player editor';
+$base = BASE_URL . 'admin/?p=players';
+
+function echo_success($message)
+{
+	echo '<p class="success">' . $message . '</p>';
+}
+
+function echo_error($message)
+{
+	global $error;
+	echo '<p class="error">' . $message . '</p>';
+	$error = true;
+}
+
+function verify_number($number, $name, $max_length)
+{
+	if (!Validator::number($number))
+		echo_error($name . ' can contain only numbers.');
+
+	$number_length = strlen($number);
+	if ($number_length <= 0 || $number_length > $max_length)
+		echo_error($name . ' cannot be longer than ' . $max_length . ' digits.');
+}
+
+$skills = array(
+	POT::SKILL_FIST => array('Fist fighting', 'fist'),
+	POT::SKILL_CLUB => array('Club fighting', 'club'),
+	POT::SKILL_SWORD => array('Sword fighting', 'sword'),
+	POT::SKILL_AXE => array('Axe fighting', 'axe'),
+	POT::SKILL_DIST => array('Distance fighting', 'dist'),
+	POT::SKILL_SHIELD => array('Shielding', 'shield'),
+	POT::SKILL_FISH => array('Fishing', 'fish')
+);
+
+
+$hasBlessingsColumn = $db->hasColumn('players', 'blessings');
+$hasBlessingColumn = $db->hasColumn('players', 'blessings1');
+$hasLookAddons = $db->hasColumn('players', 'lookaddons');
+?>
+
+<link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
+<script src="<?php echo BASE_URL; ?>tools/js/jquery.datetimepicker.js"></script>
+
+<?php
+$id = 0;
+if (isset($_REQUEST['id']))
+	$id = (int)$_REQUEST['id'];
+else if (isset($_REQUEST['search_name'])) {
+	if (strlen($_REQUEST['search_name']) < 3 && !Validator::number($_REQUEST['search_name'])) {
+		echo 'Player name is too short.';
+	} else {
+		if (Validator::number($_REQUEST['search_name']))
+			$id = $_REQUEST['search_name'];
+		else {
+			$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote($_REQUEST['search_name']));
+			if ($query->rowCount() == 1) {
+				$query = $query->fetch();
+				$id = $query['id'];
+			} else {
+				$query = $db->query('SELECT `id`, `name` FROM `players` WHERE `name` LIKE ' . $db->quote('%' . $_REQUEST['search_name'] . '%'));
+				if ($query->rowCount() > 0 && $query->rowCount() <= 10) {
+					echo 'Do you mean?<ul>';
+					foreach ($query as $row)
+						echo '<li><a href="' . $base . '&id=' . $row['id'] . '">' . $row['name'] . '</a></li>';
+					echo '</ul>';
+				} else if ($query->rowCount() > 10)
+					echo 'Specified name resulted with too many players.';
+			}
+		}
+	}
+}
+
+$groups = new OTS_Groups_List();
+if ($id > 0) {
+	$player = new OTS_Player();
+	$player->load($id);
+
+	if (isset($player) && $player->isLoaded() && isset($_POST['save'])) {// we want to save
+		$error = false;
+
+		if ($player->isOnline())
+			echo_error('This player is actually online. You can\'t edit online players.');
+
+		$name = $_POST['name'];
+		$_error = '';
+		if (!Validator::characterName($name))
+			echo_error(Validator::getLastError());
+
+		//if(!Validator::newCharacterName($name)
+		//	echo_error(Validator::getLastError());
+
+		$player_db = new OTS_Player();
+		$player_db->find($name);
+		if ($player_db->isLoaded() && $player->getName() != $name)
+			echo_error('This name is already used. Please choose another name!');
+
+		$account_id = $_POST['account_id'];
+		verify_number($account_id, 'Account id', 11);
+
+		$account_db = new OTS_Account();
+		$account_db->load($account_id);
+		if (!$account_db->isLoaded())
+			echo_error('Account with this id doesn\'t exist.');
+
+		$group = $_POST['group'];
+		if ($groups->getGroup($group) == false)
+			echo_error('Group with this id doesn\'t exist');
+
+		$level = $_POST['level'];
+		verify_number($level, 'Level', 11);
+
+		$experience = $_POST['experience'];
+		verify_number($experience, 'Experience', 20);
+
+		$vocation = $_POST['vocation'];
+		verify_number($vocation, 'Vocation id', 11);
+
+		if (!isset($config['vocations'][$vocation])) {
+			echo_error("Vocation with this id doesn't exist.");
+		}
+
+		// health
+		$health = $_POST['health'];
+		verify_number($health, 'Health', 11);
+		$health_max = $_POST['health_max'];
+		verify_number($health_max, 'Health max', 11);
+
+		// mana
+		$magic_level = $_POST['magic_level'];
+		verify_number($magic_level, 'Magic_level', 11);
+		$mana = $_POST['mana'];
+		verify_number($mana, 'Mana', 11);
+		$mana_max = $_POST['mana_max'];
+		verify_number($mana_max, 'Mana max', 11);
+		$mana_spent = $_POST['mana_spent'];
+		verify_number($mana_spent, 'Mana spent', 11);
+
+		// look
+		$look_body = $_POST['look_body'];
+		verify_number($look_body, 'Look body', 11);
+		$look_feet = $_POST['look_feet'];
+		verify_number($look_feet, 'Look feet', 11);
+		$look_head = $_POST['look_head'];
+		verify_number($look_head, 'Look head', 11);
+		$look_legs = $_POST['look_legs'];
+		verify_number($look_legs, 'Look legs', 11);
+		$look_type = $_POST['look_type'];
+		verify_number($look_type, 'Look type', 11);
+		if ($hasLookAddons) {
+			$look_addons = $_POST['look_addons'];
+			verify_number($look_addons, 'Look addons', 11);
+		}
+
+		// pos
+		$pos_x = $_POST['pos_x'];
+		verify_number($pos_x, 'Position x', 11);
+		$pos_y = $_POST['pos_y'];
+		verify_number($pos_y, 'Position y', 11);
+		$pos_z = $_POST['pos_z'];
+		verify_number($pos_z, 'Position z', 11);
+
+		$soul = $_POST['soul'];
+		verify_number($soul, 'Soul', 10);
+		$town = $_POST['town'];
+		verify_number($town, 'Town', 11);
+
+		$capacity = $_POST['capacity'];
+		verify_number($capacity, 'Capacity', 11);
+		$sex = $_POST['sex'];
+		verify_number($sex, 'Sex', 1);
+
+		$lastlogin = $_POST['lastlogin'];
+		verify_number($lastlogin, 'Last login', 20);
+		$lastlogout = $_POST['lastlogout'];
+		verify_number($lastlogout, 'Last logout', 20);
+
+		$skull = $_POST['skull'];
+		verify_number($skull, 'Skull', 1);
+		$skull_time = $_POST['skull_time'];
+		verify_number($skull_time, 'Skull time', 11);
+
+		if ($db->hasColumn('players', 'loss_experience')) {
+			$loss_experience = $_POST['loss_experience'];
+			verify_number($loss_experience, 'Loss experience', 11);
+			$loss_mana = $_POST['loss_mana'];
+			verify_number($loss_mana, 'Loss mana', 11);
+			$loss_skills = $_POST['loss_skills'];
+			verify_number($loss_skills, 'Loss skills', 11);
+			$loss_containers = $_POST['loss_containers'];
+			verify_number($loss_containers, 'Loss loss_containers', 11);
+			$loss_items = $_POST['loss_items'];
+			verify_number($loss_items, 'Loss items', 11);
+		}
+		if ($db->hasColumn('players', 'offlinetraining_time')) {
+			$offlinetraining = $_POST['offlinetraining'];
+			verify_number($offlinetraining, 'Offline Training time', 11);
+		}
+
+		if ($hasBlessingsColumn) {
+			$blessings = $_POST['blessings'];
+			verify_number($blessings, 'Blessings', 2);
+		}
+
+		$balance = $_POST['balance'];
+		verify_number($balance, 'Balance', 20);
+		if ($db->hasColumn('players', 'stamina')) {
+			$stamina = $_POST['stamina'];
+			verify_number($stamina, 'Stamina', 20);
+		}
+
+		$deleted = (isset($_POST['deleted']) && $_POST['deleted'] == 'true');
+		$hidden = (isset($_POST['hidden']) && $_POST['hidden'] == 'true');
+
+		$created = $_POST['created'];
+		verify_number($created, 'Created', 11);
+
+		$comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'], 0, 2000))) : NULL;
+
+		foreach ($_POST['skills'] as $skill => $value)
+			verify_number($value, $skills[$skill][0], 10);
+		foreach ($_POST['skills_tries'] as $skill => $value)
+			verify_number($value, $skills[$skill][0] . ' tries', 10);
+
+		if ($hasBlessingColumn) {
+		$bless_count = $_POST['blesscount'];
+			for ($i = 1; $i <= $bless_count; $i++) {
+				$a = 'blessing' . $i;
+				${'blessing' . $i} = (isset($_POST[$a]) && $_POST[$a] == 'true');
+			}
+		}
+
+		if (!$error) {
+			$player->setName($name);
+			$player->setAccount($account_db);
+			$player->setGroup($groups->getGroup($group));
+			$player->setLevel($level);
+			$player->setExperience($experience);
+			$player->setVocation($vocation);
+			$player->setHealth($health);
+			$player->setHealthMax($health_max);
+			$player->setMagLevel($magic_level);
+			$player->setMana($mana);
+			$player->setManaMax($mana_max);
+			$player->setManaSpent($mana_spent);
+			$player->setLookBody($look_body);
+			$player->setLookFeet($look_feet);
+			$player->setLookHead($look_head);
+			$player->setLookLegs($look_legs);
+			$player->setLookType($look_type);
+			if ($hasLookAddons)
+				$player->setLookAddons($look_addons);
+			if ($db->hasColumn('players', 'offlinetraining_time'))
+				$player->setCustomField('offlinetraining_time', $offlinetraining);
+			$player->setPosX($pos_x);
+			$player->setPosY($pos_y);
+			$player->setPosZ($pos_z);
+			$player->setSoul($soul);
+			$player->setTownId($town);
+			$player->setCap($capacity);
+			$player->setSex($sex);
+			$player->setLastLogin($lastlogin);
+			$player->setLastLogout($lastlogout);
+			//$player->setLastIP(ip2long($lastip));
+			$player->setSkull($skull);
+			$player->setSkullTime($skull_time);
+			if ($db->hasColumn('players', 'loss_experience')) {
+				$player->setLossExperience($loss_experience);
+				$player->setLossMana($loss_mana);
+				$player->setLossSkills($loss_skills);
+				$player->setLossContainers($loss_containers);
+				$player->setLossItems($loss_items);
+			}
+			if ($db->hasColumn('players', 'blessings'))
+				$player->setBlessings($blessings);
+
+			if ($hasBlessingColumn) {
+				for ($i = 1; $i <= $bless_count; $i++) {
+					$a = 'blessing' . $i;
+					$player->setCustomField('blessings' . $i, ${'blessing' . $i} ? '1' : '0');
+				}
+			}
+			$player->setBalance($balance);
+			if ($db->hasColumn('players', 'stamina'))
+				$player->setStamina($stamina);
+			if ($db->hasColumn('players', 'deletion'))
+				$player->setCustomField('deletion', $deleted ? '1' : '0');
+			else
+				$player->setCustomField('deleted', $deleted ? '1' : '0');
+			$player->setCustomField('hidden', $hidden ? '1' : '0');
+			$player->setCustomField('created', $created);
+			if (isset($comment))
+				$player->setCustomField('comment', $comment);
+
+			foreach ($_POST['skills'] as $skill => $value) {
+				$player->setSkill($skill, $value);
+			}
+			foreach ($_POST['skills_tries'] as $skill => $value) {
+				$player->setSkillTries($skill, $value);
+			}
+			$player->save();
+			echo_success('Player saved at: ' . date('G:i'));
+		}
+	}
+}
+
+$search_name = '';
+if (isset($_REQUEST['search_name']))
+	$search_name = $_REQUEST['search_name'];
+else if ($id > 0 && isset($player) && $player->isLoaded())
+	$search_name = $player->getName();
+
+?>
+<div class="row">
+
+	<?php
+	if (isset($player) && $player->isLoaded()) {
+		$account = $player->getAccount();
+		?>
+
+		<form action="<?php echo $base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post"
+			  class="form-horizontal">
+			<div class="col-md-8">
+				<div class="box box-primary">
+					<div class="box-body">
+						<div class="nav-tabs-custom">
+							<ul class="nav nav-tabs">
+								<li class="active"><a href="#tab_1" data-toggle="tab" aria-expanded="true">Player</a>
+								</li>
+								<li class=""><a href="#tab_2" data-toggle="tab" aria-expanded="false">Stats</a></li>
+								<li class=""><a href="#tab_3" data-toggle="tab" aria-expanded="false">Skills</a></li>
+								<li class=""><a href="#tab_4" data-toggle="tab" aria-expanded="false">Pos/Look</a></li>
+								<li class=""><a href="#tab_5" data-toggle="tab" aria-expanded="false">Misc</a></li>
+								<li class="pull-right"><a
+											href="<?php echo ADMIN_URL; ?>?p=accounts&search_name=<?php echo $account->getId(); ?>"
+											class="text-muted"><i class="fa fa-gear" title="Edit Account"></i></a></li>
+							</ul>
+							<div class="tab-content">
+								<div class="tab-pane active" id="tab_1">
+									<div class="row">
+										<div class="col-xs-6">
+											<label for="name" class="control-label">Name</label>
+											<input type="text" class="form-control" id="name" name="name"
+												   autocomplete="off" style="cursor: auto;"
+												   value="<?php echo $player->getName(); ?>"/>
+										</div>
+										<div class="col-xs-6">
+											<label for="account_id" class="control-label">Account id:</label>
+											<input type="text" class="form-control" id="account_id" name="account_id"
+												   autocomplete="off" style="cursor: auto;" size="8" maxlength="11"
+												   value="<?php echo $account->getId(); ?>"/>
+										</div>
+									</div>
+									<div class="row">
+										<div class="col-xs-6 ">
+											<label for="group" class="control-label">Group:</label>
+											<select name="group" id="group" class="form-control">
+												<?php foreach ($groups->getGroups() as $id => $group): ?>
+													<option value="<?php echo $id; ?>" <?php echo($player->getGroup()->getId() == $id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
+												<?php endforeach; ?>
+											</select>
+										</div>
+										<div class="col-xs-6">
+											<label for="vocation" class="control-label">Vocation</label>
+											<select name="vocation" id="vocation" class="form-control">
+												<?php
+												foreach ($config['vocations'] as $id => $name) {
+													echo '<option value=' . $id . ($id == $player->getVocation() ? ' selected' : '') . '>' . $name . '</option>';
+												}
+												?>
+											</select>
+										</div>
+									</div>
+
+									<div class="row">
+										<div class="col-xs-6">
+											<label for="sex" class="control-label">Sex:</label>
+											<select name="sex" id="sex" class="form-control">>
+												<?php foreach ($config['genders'] as $id => $sex): ?>
+													<option value="<?php echo $id; ?>" <?php echo($player->getSex() == $id ? 'selected' : ''); ?>><?php echo strtolower($sex); ?></option>
+												<?php endforeach; ?>
+											</select>
+										</div>
+										<div class="col-xs-6">
+											<label for="town" class="control-label">Town:</label>
+											<select name="town" id="town" class="form-control">
+												<?php foreach ($config['towns'] as $id => $town): ?>
+													<option value="<?php echo $id; ?>" <?php echo($player->getTownId() == $id ? 'selected' : ''); ?>><?php echo $town; ?></option>
+												<?php endforeach; ?>
+											</select>
+										</div>
+									</div>
+
+									<div class="row">
+										<div class="col-xs-6">
+											<label for="skull" class="control-label">Skull:</label>
+											<select name="skull" id="skull" class="form-control">
+												<?php
+												$skull_type = array("None", "Yellow", "Green", "White", "Red", "Black", "Orange");
+												foreach ($skull_type as $id => $s_name) {
+													echo '<option value=' . $id . ($id == $player->getSkull() ? ' selected' : '') . '>' . $s_name . '</option>';
+												}
+												?>
+											</select>
+										</div>
+										<div class="col-xs-6">
+											<label for="skull_time" class="control-label">Skull time:</label>
+											<input type="text" class="form-control" id="skull_time" name="skull_time"
+												   autocomplete="off" maxlength="11"
+												   value="<?php echo $player->getSkullTime(); ?>"/>
+										</div>
+									</div>
+									<div class="row">
+										<?php if ($hasBlessingColumn):
+											$blesscount = $player->countBlessings();
+											$bless = $player->checkBlessings($blesscount);
+											?>
+											<input type="hidden" name="blesscount" value="<?php echo $blesscount; ?>"/>
+											<div class="col-xs-6">
+												<label for="blessings" class="control-label">Blessings:</label>
+												<div class="checkbox">
+													<?php
+													for ($i = 1; $i <= $blesscount; $i++) {
+														echo '<label><input style="margin-left: -16px;" type="checkbox" name="blessing' . $i . '" id="blessing' . $i . '"
+																  value="true" ' . (($bless[$i - 1] == 1) ? ' checked' : '') . '/>' . $i . '</label>';
+													}
+													?>
+												</div>
+											</div>
+										<?php endif; ?>
+										<?php if ($hasBlessingsColumn): ?>
+											<div class="col-xs-6">
+												<label for="blessings" class="control-label">Blessings:</label>
+												<input type="text" class="form-control" id="blessings" name="blessings"
+													   autocomplete="off" maxlength="11"
+													   value="<?php echo $player->getBlessings(); ?>"/>
+											</div>
+										<?php endif; ?>
+
+										<div class="col-xs-6">
+											<label for="balance" class="control-label">Bank Balance:</label>
+											<input type="text" class="form-control" id="balance" name="balance"
+												   autocomplete="off" maxlength="20"
+												   value="<?php echo $player->getBalance(); ?>"/>
+										</div>
+									</div>
+									<div class="row">
+										<div class="col-xs-6">
+											<label for="deleted" class="control-label">Deleted:</label>
+											<input type="checkbox" name="deleted" id="deleted"
+												   value="true" <?php echo($player->getCustomField($db->hasColumn('players', 'deletion') ? 'deletion' : 'deleted') == '1' ? ' checked' : ''); ?>/>
+										</div>
+										<div class="col-xs-6">
+											<label for="hidden" class="control-label">Hidden:</label>
+											<input type="checkbox" name="hidden" id="hidden"
+												   value="true" <?php echo($player->isHidden() ? ' checked' : ''); ?>/>
+										</div>
+
+									</div>
+								</div>
+								<div class="tab-pane" id="tab_2">
+									<div class="row">
+										<div class="col-xs-6 ">
+											<label for="level" class="control-label">Level:</label>
+
+											<input type="text" class="form-control" id="level" name="level"
+												   autocomplete="off"
+												   style="cursor: auto;" value="<?php echo $player->getLevel(); ?>"/>
+										</div>
+										<div class="col-xs-6">
+											<label for="magic_level" class="control-label">Magic level:</label>
+											<input type="text" class="form-control" id="magic_level" name="magic_level"
+												   autocomplete="off" size="8" maxlength="11" style="cursor: auto;"
+												   value="<?php echo $player->getMagLevel(); ?>"/>
+										</div>
+									</div>
+									<div class="row">
+										<div class="col-xs-6 ">
+											<label for="experience" class="control-label">Experience:</label>
+											<input type="text" class="form-control" id="experience" name="experience"
+												   autocomplete="off"
+												   style="cursor: auto;"
+												   value="<?php echo $player->getExperience(); ?>"/>
+										</div>
+										<div class="col-xs-6">
+											<label for="mana_spent" class="control-label">Mana spent:</label>
+											<input type="text" class="form-control" id="mana_spent" name="mana_spent"
+												   autocomplete="off"
+												   size="3" maxlength="11" style="cursor: auto;"
+												   value="<?php echo $player->getManaSpent(); ?>"/>
+										</div>
+									</div>
+									<div class="row">
+										<div class="col-xs-6 ">
+											<label for="health" class="control-label">Health:</label>
+											<input type="text" class="form-control" id="health" name="health"
+												   autocomplete="off"
+												   size="5" maxlength="11" style="cursor: auto;"
+												   value="<?php echo $player->getHealth(); ?>"/>
+										</div>
+										<div class="col-xs-6">
+											<label for="health_max" class="control-label">Health max:</label>
+											<input type="text" class="form-control" id="health_max" name="health_max"
+												   autocomplete="off"
+												   size="5" maxlength="11" style="cursor: auto;"
+												   value="<?php echo $player->getHealthMax(); ?>"/>
+										</div>
+									</div>
+									<div class="row">
+										<div class="col-xs-6 ">
+											<label for="mana" class="control-label">Mana:</label>
+											<input type="text" class="form-control" id="mana" name="mana"
+												   autocomplete="off" size="3"
+												   maxlength="11" style="cursor: auto;"
+												   value="<?php echo $player->getMana(); ?>"/>
+										</div>
+										<div class="col-xs-6">
+											<label for="mana_max" class="control-label">Mana max:</label>
+											<input type="text" class="form-control" id="mana_max" name="mana_max"
+												   autocomplete="off"
+												   size="3" maxlength="11" style="cursor: auto;"
+												   value="<?php echo $player->getManaMax(); ?>"/>
+										</div>
+									</div>
+									<div class="row">
+										<div class="col-xs-6">
+											<label for="capacity" class="control-label">Capacity:</label>
+											<input type="text" class="form-control" id="capacity" name="capacity"
+												   autocomplete="off"
+												   size="3" maxlength="11" style="cursor: auto;"
+												   value="<?php echo $player->getCap(); ?>"/>
+										</div>
+										<div class="col-xs-6 ">
+											<label for="soul" class="control-label">Soul:</label>
+											<input type="text" class="form-control" id="soul" name="soul"
+												   autocomplete="off" size="3"
+												   maxlength="10" style="cursor: auto;"
+												   value="<?php echo $player->getSoul(); ?>"/>
+										</div>
+										<?php if ($db->hasColumn('players', 'stamina')): ?>
+											<div class="col-xs-6">
+												<label for="stamina" class="control-label">Stamina:</label>
+												<input type="text" class="form-control" id="stamina" name="stamina"
+													   autocomplete="off"
+													   maxlength="20" style="cursor: auto;"
+													   value="<?php echo $player->getStamina(); ?>"/>
+
+											</div>
+										<?php endif; ?>
+										<?php if ($db->hasColumn('players', 'offlinetraining_time')): ?>
+											<div class="col-xs-6">
+												<label for="offlinetraining" class="control-label">Offline Training
+													Time:</label>
+												<input type="text" class="form-control" id="offlinetraining"
+													   name="offlinetraining" autocomplete="off"
+													   maxlength="11"
+													   value="<?php echo $player->getCustomField('offlinetraining_time'); ?>"/>
+											</div>
+										<?php endif; ?>
+									</div>
+								</div>
+								<div class="tab-pane" id="tab_3">
+									<?php
+									$i = 0;
+									foreach ($skills as $id => $info) {
+										if ($i == 0 || $i++ == 2) {
+											$i = 0;
+										}
+										echo '
+                <div class="row">
+                    <div class="col-xs-6 ">
+                        <label for="skills[' . $id . ']" class="control-label">' . $info[0] . '</label>
+                        <input type="text" class="form-control" id="skills[' . $id . ']" name="skills[' . $id . ']" maxlength="10" autocomplete="off" style="cursor: auto;" value="' . $player->getSkill($id) . '"/>
+                    </div>
+                    <div class="col-xs-6">
+                      <label for="skills_tries[' . $id . ']" class="control-label">' . $info[0] . ' tries</label>
+                        <input type="text" class="form-control" id="skills_tries[' . $id . ']" name="skills_tries[' . $id . ']" maxlength="10" autocomplete="off" style="cursor: auto;" value="' . $player->getSkillTries($id) . '"/>
+                    </div>
+                </div>';
+										if ($i == 0)
+											echo '';
+									}
+									?>
+								</div>
+								<div class="tab-pane" id="tab_4">
+									<?php $outfit = $config['outfit_images_url'] . '?id=' . $player->getLookType() . ($hasLookAddons ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet(); ?>
+									<div id="imgchar"
+										 style="width:64px;height:64px;position:absolute; top:30px; right:30px"><img id="player_outfit"
+												style="margin-left:0;margin-top:0px;width:64px;height:64px;"
+												src="<?php echo $outfit; ?>"
+												alt="player outfit"/></div>
+									<?php ?>
+									<td>Position:</td>
+									<div class="row">
+										<div class="col-xs-4">
+											<label for="pos_x" class="control-label">X:</label>
+											<input type="text" class="form-control" id="pos_x" name="pos_x"
+												   autocomplete="off"
+												   maxlength="11" style="cursor: auto;"
+												   value="<?php echo $player->getPosX(); ?>"/>
+										</div>
+										<div class="col-xs-4">
+											<label for="pos_y" class="control-label">Y:</label>
+											<input type="text" class="form-control" id="pos_y" name="pos_y"
+												   autocomplete="off"
+												   maxlength="11" value="<?php echo $player->getPosY(); ?>"/>
+										</div>
+										<div class="col-xs-4">
+											<label for="pos_z" class="control-label">Z:</label>
+											<input type="text" class="form-control" id="pos_z" name="pos_z"
+												   autocomplete="off"
+												   maxlength="11" value="<?php echo $player->getPosZ(); ?>"/>
+										</div>
+									</div>
+									<td>Look:</td>
+									<div class="row">
+										<div class="col-xs-3">
+											<label for="look_head" class="control-label">Head: <span
+														id="look_head_val"></span></label>
+											<input type="range" min="0" max="132"
+												   value="<?php echo $player->getLookHead(); ?>"
+												   class="slider form-control" id="look_head" name="look_head">
+										</div>
+										<div class="col-xs-3">
+											<label for="look_body" class="control-label">Body: <span
+														id="look_body_val"></span></label>
+											<input type="range" min="0" max="132"
+												   value="<?php echo $player->getLookBody(); ?>"
+												   class="slider form-control" id="look_body" name="look_body">
+										</div>
+										<div class="col-xs-3">
+											<label for="look_legs" class="control-label">Legs: <span
+														id="look_legs_val"></span></label>
+											<input type="range" min="0" max="132"
+												   value="<?php echo $player->getLookLegs(); ?>"
+												   class="slider form-control" id="look_legs" name="look_legs">
+										</div>
+										<div class="col-xs-3">
+											<label for="look_feet" class="control-label">Feet: <span
+														id="look_feet_val"></span></label>
+											<input type="range" min="0" max="132"
+												   value="<?php echo $player->getLookFeet(); ?>"
+												   class="slider form-control" id="look_feet" name="look_feet">
+										</div>
+									</div>
+									<div class="row">
+										<div class="col-xs-6">
+											<label for="look_type" class="control-label">Type:</label>
+											<input type="text" class="form-control" id="look_type" name="look_type"
+												   autocomplete="off"
+												   maxlength="11" style="cursor: auto;"
+												   value="<?php echo $player->getLookType(); ?>"/>
+										</div>
+										<?php if ($hasLookAddons): ?>
+											<div class="col-xs-6">
+												<label for="look_addons" class="control-label">Addons:</label>
+												<input type="text" class="form-control" id="look_addons"
+													   name="look_addons" autocomplete="off"
+													   maxlength="11" value="<?php echo $player->getLookAddons(); ?>"/>
+											</div>
+										<?php endif; ?>
+									</div>
+								</div>
+								<div class="tab-pane" id="tab_5">
+									<div class="row">
+										<div class="col-xs-6">
+											<label for="created" class="control-label">Created:</label>
+											<input type="text" class="form-control" id="created" name="created"
+												   autocomplete="off"
+												   maxlength="10"
+												   value="<?php echo $player->getCustomField('created'); ?>"/>
+										</div>
+										<div class="col-xs-6">
+											<label for="lastlogin" class="control-label">Last login:</label>
+											<input type="text" class="form-control" id="lastlogin" name="lastlogin"
+												   autocomplete="off"
+												   maxlength="20" value="<?php echo $player->getLastLogin(); ?>"/>
+										</div>
+										<div class="col-xs-6">
+											<label for="lastlogout" class="control-label">Last logout:</label>
+											<input type="text" class="form-control" id="lastlogout" name="lastlogout"
+												   autocomplete="off"
+												   maxlength="20" value="<?php echo $player->getLastLogout(); ?>"/>
+										</div>
+										<div class="col-xs-6">
+											<label for="lastip" class="control-label">Last IP:</label>
+											<input type="text" class="form-control" id="lastip" name="lastip"
+												   autocomplete="off"
+												   maxlength="10" value="<?php
+													if (strlen($player->getLastIP()) > 11) {
+														echo inet_ntop($player->getLastIP());
+													}
+													else {
+														echo longToIp($player->getLastIP());
+													}
+													?>"
+												   readonly/>
+										</div>
+									</div>
+									<?php if ($db->hasColumn('players', 'loss_experience')): ?>
+										<div class="row">
+											<div class="col-xs-6">
+												<label for="loss_experience" class="control-label">Experience
+													Loss:</label>
+												<input type="text" class="form-control" id="loss_experience"
+													   name="loss_experience" autocomplete="off"
+													   maxlength="11"
+													   value="<?php echo $player->getLossExperience(); ?>"/>
+											</div>
+											<div class="col-xs-6">
+												<label for="loss_mana" class="control-label">Mana Loss:</label>
+												<input type="text" class="form-control" id="loss_mana"
+													   name="loss_mana" autocomplete="off"
+													   maxlength="11" value="<?php echo $player->getLossMana(); ?>"/>
+											</div>
+											<div class="col-xs-6">
+												<label for="loss_skills" class="control-label">Skills Loss:</label>
+												<input type="text" class="form-control" id="loss_skills"
+													   name="loss_skills" autocomplete="off"
+													   maxlength="11" value="<?php echo $player->getLossSkills(); ?>"/>
+											</div>
+											<div class="col-xs-6">
+												<label for="loss_containers" class="control-label">Containers
+													Loss:</label>
+												<input type="text" class="form-control" id="loss_containers"
+													   name="loss_containers" autocomplete="off"
+													   maxlength="11"
+													   value="<?php echo $player->getLossContainers(); ?>"/>
+											</div>
+											<div class="col-xs-6">
+												<label for="loss_items" class="control-label">Items Loss:</label>
+												<input type="text" class="form-control" id="loss_items"
+													   name="loss_items" autocomplete="off"
+													   maxlength="11" value="<?php echo $player->getLossItems(); ?>"/>
+											</div>
+										</div>
+									<?php endif; ?>
+									<div class="row">
+										<div class="col-xs-12">
+											<label for="comment" class="control-label">Comment:</label>
+											<textarea class="form-control" name="comment" rows="10" cols="50"
+													  wrap="virtual"><?php echo $player->getCustomField("comment"); ?></textarea>
+											<small>[max.
+												length: 2000 chars, 50 lines (ENTERs)]
+											</small>
+										</div>
+									</div>
+								</div>
+							</div>
+						</div>
+					</div>
+					<input type="hidden" name="save" value="yes"/>
+					<div class="box-footer">
+						<a href="<?php echo ADMIN_URL; ?>?p=players"><span class="btn btn-danger">Cancel</span></a>
+						<div class="pull-right">
+							<input type="submit" class="btn btn-primary" value="Update">
+						</div>
+					</div>
+				</div>
+			</div>
+		</form>
+	<?php } ?>
+	<div class="col-md-4">
+		<div class="box box-primary">
+			<div class="box-header with-border">
+				<h3 class="box-title">Search Player:</h3>
+				<div class="box-tools pull-right">
+					<button type="button" class="btn btn-box-tool" data-widget="collapse"><i class="fa fa-minus"></i>
+					</button>
+				</div>
+			</div>
+
+			<div class="box-body">
+				<form action="<?php echo $base; ?>" method="post">
+					<div class="input-group input-group-sm">
+						<input type="text" class="form-control" name="search_name" value="<?php echo escapeHtml($search_name); ?>"
+							   maxlength="32" size="32">
+						<span class="input-group-btn">
+                          <button type="submit" type="button" class="btn btn-info btn-flat">Search</button>
+                        </span>
+					</div>
+				</form>
+			</div>
+		</div>
+		<?php
+		if (isset($account) && $account->isLoaded()) {
+			$account_players = array();
+			$query = $db->query('SELECT `name`,`level`,`vocation`  FROM `players` WHERE `account_id` = ' . $account->getId() . ' ORDER BY `name`')->fetchAll();
+			if (isset($query)) {
+				?>
+				<div class="box">
+					<div class="box-header">
+						<h3 class="box-title">Character List:</h3>
+					</div>
+					<div class="box-body no-padding">
+						<table class="table table-striped">
+							<tbody>
+							<tr>
+								<th style="width: 10px">#</th>
+								<th>Name</th>
+								<th>Level</th>
+								<th style="width: 40px">Edit</th>
+							</tr>
+							<?php
+							$i = 1;
+							foreach ($query as $p) {
+								$account_players[] = $p;
+								echo '<tr>
+                            <td>' . $i . '.</td>
+                            <td>' . $p['name'] . '</td>
+                            <td>' . $p['level'] . '</td>
+                            <td><a href="?p=players&search_name=' . $p['name'] . '"><span class="btn btn-success btn-sm edit btn-flat"><i class="fa fa-edit"></i></span></a></span></td>
+                        </tr>';
+								$i++;
+							} ?>
+							</tbody>
+						</table>
+					</div>
+				</div>
+				<?php
+			};
+		};
+		?>
+	</div>
+
+
+	<script type="text/javascript">
+		$('#lastlogin').datetimepicker({
+			format: 'unixtime'
+		});
+		$('#lastlogout').datetimepicker({
+			format: 'unixtime'
+		});
+		$('#created').datetimepicker({
+			format: 'unixtime'
+		});
+
+		var slider_head = document.getElementById("look_head");
+		var output_head = document.getElementById("look_head_val");
+
+		var slider_body = document.getElementById("look_body");
+		var output_body = document.getElementById("look_body_val");
+
+		var slider_legs = document.getElementById("look_legs");
+		var output_legs = document.getElementById("look_legs_val");
+
+		var slider_feet = document.getElementById("look_feet");
+		var output_feet = document.getElementById("look_feet_val");
+		output_head.innerHTML = slider_head.value;
+		output_body.innerHTML = slider_body.value;
+		output_legs.innerHTML = slider_legs.value;
+		output_feet.innerHTML = slider_feet.value;
+
+		slider_head.oninput = function () {
+			output_head.innerHTML = this.value;
+		}
+		slider_body.oninput = function () {
+			output_body.innerHTML = this.value;
+		}
+		slider_legs.oninput = function () {
+			output_legs.innerHTML = this.value;
+		}
+		slider_feet.oninput = function () {
+			output_feet.innerHTML = this.value;
+		}
+
+        $('#look_head').change(function() {updateOutfit()});
+        $('#look_body').change(function() {updateOutfit()});
+        $('#look_legs').change(function() {updateOutfit()});
+        $('#look_feet').change(function() {updateOutfit()});
+        $('#look_type').change(function() {updateOutfit()});
+		<?php if($hasLookAddons): ?>
+        $('#look_addons').change(function() {updateOutfit()});
+		<?php endif; ?>
+
+        function updateOutfit()
+        {
+            var look_head = $('#look_head').val();
+            var look_body = $('#look_body').val();
+            var look_legs = $('#look_legs').val();
+            var look_feet = $('#look_feet').val();
+            var look_type = $('#look_type').val();
+
+            var look_addons = '';
+            <?php if($hasLookAddons): ?>
+                look_addons = '&addons=' + $('#look_addons').val();
+	        <?php endif; ?>
+
+            new_outfit = '<?= $config['outfit_images_url']; ?>?id=' + look_type + look_addons + '&head=' + look_head + '&body=' + look_body + '&legs=' + look_legs + '&feet=' + look_feet;
+            $("#player_outfit").attr("src", new_outfit);
+            console.log(new_outfit);
+        }
+	</script>

admin/pages/plugins.php

@@ -4,29 +4,25 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2017 MyAAC
+ * @copyright 2019 MyAAC
- * @link      http://my-aac.org
+ * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Plugin manager';
 
-require(SYSTEM . 'hooks.php');
+require_once LIBS . 'plugins.php';
-require(LIBS . 'plugins.php');
 
-echo $twig->render('admin.plugins.form.html.twig');
+$twig->display('admin.plugins.form.html.twig');
 
-if(isset($_REQUEST['uninstall'])){
+if (isset($_REQUEST['uninstall'])) {
 	$uninstall = $_REQUEST['uninstall'];
-	
+
-	if(Plugins::uninstall($uninstall)) {
+	if (Plugins::uninstall($uninstall)) {
 		success('Successfully uninstalled plugin ' . $uninstall);
-	}
+	} else {
-	else {
 		error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
 	}
-}
+} else if (isset($_FILES["plugin"]["name"])) {
-else if(isset($_FILES["plugin"]["name"]))
-{
 	$file = $_FILES["plugin"];
 	$filename = $file["name"];
 	$tmp_name = $file["tmp_name"];
@@ -35,15 +31,15 @@ else if(isset($_FILES["plugin"]["name"]))
 	$name = explode(".", $filename);
 	$accepted_types = array('application/zip', 'application/x-zip-compressed', 'multipart/x-zip', 'application/x-compressed', 'application/octet-stream', 'application/zip-compressed');
 
-	if(isset($file['error'])) {
+	if (isset($file['error'])) {
 		$error = 'Error uploading file';
-		switch($file['error']) {
+		switch ($file['error']) {
 			case UPLOAD_ERR_OK:
 				$error = false;
 				break;
 			case UPLOAD_ERR_INI_SIZE:
 			case UPLOAD_ERR_FORM_SIZE:
-				$error .= ' - file too large (limit of '.ini_get('upload_max_filesize').' bytes).';
+				$error .= ' - file too large (limit of ' . ini_get('upload_max_filesize') . ' bytes). You can enlarge the limits by changing "upload_max_filesize" in php.ini';
 				break;
 			case UPLOAD_ERR_PARTIAL:
 				$error .= ' - file upload was not completed.';
@@ -57,52 +53,50 @@ else if(isset($_FILES["plugin"]["name"]))
 		}
 	}
 
-	if(isset($error) && $error != false) {
+	if (isset($error) && $error != false) {
 		error($error);
-	}
+	} else {
-	else {
+		if (is_uploaded_file($file['tmp_name'])) {
-		if(is_uploaded_file($file['tmp_name']) ) {
 			$filetype = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
-			if($filetype == 'zip') // check if it is zipped/compressed file
+			if ($filetype == 'zip') // check if it is zipped/compressed file
 			{
 				$tmp_filename = pathinfo($filename, PATHINFO_FILENAME);
 				$targetzip = BASE . 'plugins/' . $tmp_filename . '.zip';
 
-				if(move_uploaded_file($tmp_name, $targetzip)) { // move uploaded file
+				if (move_uploaded_file($tmp_name, $targetzip)) { // move uploaded file
-					if(Plugins::install($targetzip)) {
+					if (Plugins::install($targetzip)) {
-						foreach(Plugins::getWarnings() as $warning) {
+						foreach (Plugins::getWarnings() as $warning) {
 							warning($warning);
 						}
-						$info = Plugins::getPluginInfo();
+
+						$info = Plugins::getPluginJson();
 						success((isset($info['name']) ? '<strong>' . $info['name'] . '</strong> p' : 'P') . 'lugin has been successfully installed.');
+					} else {
+						$error = Plugins::getError();
+						error(!empty($error) ? $error : 'Unexpected error happened while installing plugin. Please try again later.');
 					}
-					else
+
-						error(Plugins::getError());
-					
 					unlink($targetzip); // delete the Zipped file
-				}
+				} else
-				else
 					error('There was a problem with the upload. Please try again.');
-			}
+			} else {
-			else {
 				error('The file you are trying to upload is not a .zip file. Please try again.');
 			}
-		}
+		} else {
-		else {
 			error('Error uploading file - unknown error.');
 		}
 	}
 }
 
 $plugins = array();
-foreach(get_plugins() as $plugin)
+foreach (get_plugins() as $plugin) {
-{
 	$string = file_get_contents(BASE . 'plugins/' . $plugin . '.json');
+	$string = Plugins::removeComments($string);
 	$plugin_info = json_decode($string, true);
-	if($plugin_info == false) {
+
+	if ($plugin_info == false) {
 		warning('Cannot load plugin info ' . $plugin . '.json');
-	}
+	} else {
-	else {
 		$plugins[] = array(
 			'name' => isset($plugin_info['name']) ? $plugin_info['name'] : '',
 			'description' => isset($plugin_info['description']) ? $plugin_info['description'] : '',
@@ -115,7 +109,6 @@ foreach(get_plugins() as $plugin)
 	}
 }
 
-echo $twig->render('admin.plugins.html.twig', array(
+$twig->display('admin.plugins.html.twig', array(
 	'plugins' => $plugins
 ));
-?>

admin/pages/reports.php

@@ -0,0 +1,61 @@
+<?php
+/**
+ * Reports
+ *
+ * @package   MyAAC
+ * @author    Lee
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Report Viewer';
+
+$files = array();
+$server_path_reports = $config['data_path'] . 'reports/';
+
+if (file_exists($server_path_reports)) {
+    foreach (scandir($server_path_reports, SCANDIR_SORT_ASCENDING) as $f) {
+        if ($f[0] === '.') {
+	        continue;
+        }
+
+        if (is_dir($server_path_reports . $f)) {
+            foreach (scandir($server_path_reports . $f, SCANDIR_SORT_ASCENDING) as $f2) {
+                if ($f2[0] === '.') {
+	                continue;
+                }
+
+                $files[] = array($f . '/' . $f2, $server_path_reports);
+            }
+
+            continue;
+        }
+
+        $files[] = array($f, $server_path_reports);
+    }
+}
+
+foreach ($files as &$f) {
+	$f['mtime'] = filemtime($f[1] . $f[0]);
+	$f['name'] = $f[0];
+}
+
+unset($f);
+
+$twig->display('admin.reports.html.twig', array('files' => $files));
+
+
+$file = isset($_GET['file']) ? $_GET['file'] : NULL;
+if (!empty($file)) {
+	if (!preg_match('/[^A-z0-9\' _\/\-\.]/', $file)) {
+		if (file_exists($server_path_reports . $file)) {
+			$content = nl2br(file_get_contents($server_path_reports . $file));
+
+			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $content));
+		} else {
+			echo 'Specified file does not exist.';
+		}
+	} else {
+		echo 'Invalid file name specified.';
+	}
+}

admin/pages/statistics.php

@@ -4,8 +4,8 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2017 MyAAC
+ * @copyright 2019 MyAAC
- * @link      http://my-aac.org
+ * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Statistics';
@@ -28,7 +28,7 @@ $total_houses = $query['how_much'];
 
 $points = $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;');
 
-echo $twig->render('admin.statistics.html.twig', array(
+$twig->display('admin.statistics.html.twig', array(
 	'total_accounts' => $total_accounts,
 	'total_players' => $total_players,
 	'total_guilds' => $total_guilds,
@@ -36,4 +36,3 @@ echo $twig->render('admin.statistics.html.twig', array(
 	'account_type' => (USE_ACCOUNT_NAME ? 'name' : 'number'),
 	'points' => $points
 ));
-?>

admin/pages/tools.php

@@ -4,26 +4,24 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2017 MyAAC
+ * @copyright 2019 MyAAC
- * @link      http://my-aac.org
+ * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Tools';
 
 $tool = $_GET['tool'];
-if(!isset($tool))
+if (!isset($tool)) {
-{
 	echo 'Tool not set.';
 	return;
 }
 
-if(preg_match("/[^A-z0-9_\-]/", $tool))
+if (preg_match("/[^A-z0-9_\-]/", $tool)) {
-{
 	echo 'Invalid tool.';
 	return;
 }
 
 $file = BASE . 'admin/pages/tools/' . $tool . '.php';
-if(!@file_exists($file))
+if (!@file_exists($file))
-	require($file);
+	require $file;
 ?>

admin/pages/version.php

@@ -4,37 +4,35 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2017 MyAAC
+ * @copyright 2019 MyAAC
- * @link      http://my-aac.org
+ * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Version check';
 
 // fetch version
-//$file = @fopen('http://my-aac.org/VERSION', 'r') or die('Error while fetching version.');
+//$file = @fopen('https://my-aac.org/VERSION', 'r') or die('Error while fetching version.');
 //$myaac_version = fgets($file);
-$myaac_version = @file_get_contents('http://my-aac.org/VERSION');
+$myaac_version = @file_get_contents('https://my-aac.org/VERSION');
-if(!$myaac_version) {
+if (!$myaac_version) {
-	warning('Error while fetching version info from http://my-aac.org<br/>
+	warning('Error while fetching version info from https://my-aac.org<br/>
 	Please try again later.');
 	return;
 }
 
 // compare them
 $version_compare = version_compare($myaac_version, MYAAC_VERSION);
-if($version_compare == 0) {
+if ($version_compare == 0) {
 	success('MyAAC latest version is ' . $myaac_version . '. You\'re using the latest version.
 	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=changelog', 'here'));
-}
+} else if ($version_compare < 0) {
-else if($version_compare < 0) {
+	success('Woah, seems you\'re using newer version as latest released one! MyAAC latest released version is ' . $myaac_version . ', and you\'re using version ' . MYAAC_VERSION . '.
-	echo success('Woah, seems you\'re using newer version as latest released one! MyAAC latest released version is ' . $myaac_version . ', and you\'re using version ' . MYAAC_VERSION . '.
 	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=changelog', 'here'));
-}
+} else {
-else {
 	warning('You\'re using outdated version.<br/>
 		Your version: <b>' . MYAAC_VERSION . '</b><br/>
 		Latest version: <b>' . $myaac_version . '</b><br/>
-		Download available at: <a href="http://my-aac.org" target="_blank">www.my-aac.org</a>');
+		Download available at: <a href="https://my-aac.org" target="_blank">www.my-aac.org</a>');
 }
 
 /*
@@ -49,4 +47,3 @@ function version_revert($version)
 	$release = $version;
 	return $major . '.' . $minor . '.' . $release;
 }*/
-?>

admin/pages/visitors.php

@@ -4,31 +4,32 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2017 MyAAC
+ * @copyright 2019 MyAAC
- * @link      http://my-aac.org
+ * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Visitors';
 
-if(!$config['visitors_counter']): ?>
+if (!$config['visitors_counter']): ?>
-Visitors counter is disabled.<br/>
+	Visitors counter is disabled.<br/>
-You can enable it by editing this configurable in <b>config.local.php</b> file:<br/>
+	You can enable it by editing this configurable in <b>config.local.php</b> file:<br/>
-<p style="margin-left: 3em;"><b>$config['visitors_counter'] = true;</b></p>
+	<p style="margin-left: 3em;"><b>$config['visitors_counter'] = true;</b></p>
-<?php
+	<?php
-return;
+	return;
 endif;
 
-require(SYSTEM . 'libs/visitors.php');
+require SYSTEM . 'libs/visitors.php';
 $visitors = new Visitors($config['visitors_counter_ttl']);
 
-function compare($a, $b) {
+function compare($a, $b)
+{
 	return $a['lastvisit'] > $b['lastvisit'] ? -1 : 1;
 }
 
 $tmp = $visitors->getVisitors();
 usort($tmp, 'compare');
 
-echo $twig->render('admin.visitors.html.twig', array(
+$twig->display('admin.visitors.html.twig', array(
 	'config_visitors_counter_ttl' => $config['visitors_counter_ttl'],
 	'visitors' => $tmp
 ));

admin/template/style.css

@@ -1,147 +1,44 @@
-*{
+.slidecontainer {
-	margin:0;
+	width: 100%;
-	padding:0;
-}
-body {
-	font-family: Helvetica;
-	color: #313334;
-	background: /*#f9f9f9 #EEEEEE*/#F7F6F1;
 }
 
-img {border: none;}
+.slider {
+	-webkit-appearance: none;
+	width: 100%;
 
-a:link		{color: #000; text-decoration: none;}
+	outline: none;
-a:visited	{color: #000; text-decoration: none;}
+	opacity: 0.7;
-a:focus		{color: #000; text-decoration: none;}
+	-webkit-transition: .2s;
-a:active	{color: #000; text-decoration: underline;}
+	transition: opacity .2s;
-a:hover		{color: #000; text-decoration: underline;}
-a.current	{font-weight: bold;}
-
-h5.blue		{color: #6b7b95;}
-h5.red		{color: #c17878;}
-h5.green	{color: #78ba91;}
-h5.purple	{color: #a87aad;}
-
-h1, h2, h3, h4, h5, h6 {color: #313334; font-weight: bold;}
-.separator {color:#BCE}
-.margin-left{
-	margin-left:5px;
 }
 
-.button { background:#eee repeat-x 0 0; border:solid 1px #b1a874; color:#7f7f7f; font-size:11px; padding:2px 6px 2px 6px; cursor:pointer; line-height:14px !important; }
+.slider:hover {
-.button:hover { color:#333; border-color:#857b42; }
+	opacity: 1;
-
-.field, .button { -moz-border-radius:4px; -webkit-border-radius:4px; }
-.small-field, .button, .pagging a { -moz-border-radius:3px; -webkit-border-radius:3px; }
-
-.table th {
-    background-color: #4CAF50;
-    color: white;
-	text-align: left;
 }
 
-.table, .table td, .table th{
+.slider::-webkit-slider-thumb {
-	border: 1px solid #ddd;
+	-webkit-appearance: none;
+	appearance: none;
+	width: 15px;
+	height: 25px;
+	background: #3c8dbc;
+	cursor: pointer;
 }
 
-.table th a:link {color: white; text-decoration: none;}
+.slider::-moz-range-thumb {
-.table th a:link		{color: white; text-decoration: none;}
+	width: 25px;
-.table th a:visited	{color: white; text-decoration: none;}
+	height: 25px;
-.table th a:focus		{color: white; text-decoration: none;}
+	background: #3c8dbc;
-.table th a:active	{color: white; text-decoration: underline;}
+	cursor: pointer;
-.table th a:hover		{color: white; text-decoration: underline;}
-
-.table tr:nth-child(odd) {background-color: #d1d1d1}
-
-a.ico { color:#9d9c9a; font-size:10px; text-decoration: none; padding:0 0 0 14px; background-repeat:no-repeat; background-position:0 0; }
-a.ico:hover { color:#333;}
-
-#container{
-	width:960px;
-	margin-left:auto;
-	margin-right:auto;
 }
-#header {
+
-	/*width: 960px;*/
+td.details-control {
-	padding-left: auto;
-	padding-right: auto;
-	border-bottom: 1px dotted black;
-	margin-top: 40px;
-}
-#header h1 {
-	margin: 0;
-	padding-top: 20px;
 	text-align: center;
+	color: forestgreen;
+	cursor: pointer;
 }
-#sidebar{
+
-	background: #FFF;
+tr.shown td.details-control {
-	width: 170px;
-	float: left;
-	margin: 10px 0 10px 0;
-	padding: 10px;
-	border: 1px solid #CCC;
-}
-#content {
-	width: 740px;
-	float: right;
-	margin: 20px 0 10px 0;
-	padding: 10px;
-}
-#footer {
-	margin-top: 20px;
-	border-top: 1px dotted black;
 	text-align: center;
-	clear: both;
+	color: red;
-}
-/*********************
-	Sidebar
-*********************/
-#sidebar ul{
-	list-style:none;
-	line-height:22px;
-}
-#sidebar ul li a,#sidebar ul li a:visited{
-	padding-left:19px;
-	text-decoration:none;
-	margin:0 3px;
-	display:block;
-}
-#sidebar ul li a:hover{
-	text-decoration:underline;
-}
-#sidebar ul li ul{
-	margin-left:10px;
-}
-#sidebar h3{
-	padding:2px;
-	font-size:14px;
-}
-/*********************
-	Status & version boxes
-*********************/
-#status {
-	position: absolute; top: 10px; left: 10px;
-	margin: 0px;
-	float: right;
-	font-size: 12px;
-}
-#status .success {
-  margin: 0px;
-}
-#version {
-	position: absolute; top: 10px; right: 10px;
-	float: right;
-	text-align: right;
-	font-size: 12px;
-}
-/*********************
-	Infobox
-*********************/
-#infobox{
-	border:1px solid #e9e8e3;
-}
-#infobox h3{
-	background:#f7f6f1;
-	border-bottom:1px solid #e9e8e3;
-	color:#654322;
 }

admin/template/template.php

@@ -1,110 +1,229 @@
 <?php defined('MYAAC') or die('Direct access not allowed!'); ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<html>
 <head>
-	<?php echo template_header(true); ?>
+	<?php echo template_header(true);
-	<title><?php echo $title . $config['title_separator'] . $config['lua']['serverName']; ?> - Powered by MyAAC</title>
+	$title_full =  (isset($title) ? $title . $config['title_separator'] : '') . $config['lua']['serverName'];
-	<link rel="stylesheet" type="text/css" href="<?php echo $template_path; ?>style.css" />
+	?>
+
+	<title><?php echo $title_full ?></title>
+	<link rel="shortcut icon" href="<?php echo BASE_URL; ?>images/favicon.ico" type="image/x-icon" />
+	<link rel="icon" href="<?php echo BASE_URL; ?>images/favicon.ico" type="image/x-icon" />
+	<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
+
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/bootstrap.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/AdminLTE.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/skins/skin-blue.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/font-awesome.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/ionicons.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/jquery.dataTables.min.css">
+	<link rel="stylesheet" type="text/css" href="<?php echo $template_path; ?>style.css"/>
+	<!--[if lt IE 9]>
+	<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
+	<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
+	<![endif]-->
+	<link rel="stylesheet"
+		  href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
 </head>
-<body>
+<body class="hold-transition skin-blue sidebar-mini">
-<?php if($page != 'tools'): ?>
+<div class="wrapper">
-	<div id="container">
+	<?php
-		<div id="header">
+	if ($logged && admin()) {
-			<?php if($logged && admin()): ?>
+	?>
-			<div id="status">
+	<header class="main-header">
-				<?php if($status['online']): ?>
+		<a href="." class="logo">
-				<p class="success" style="width: 120px; text-align: center;">Status: Online<br/>
+			<span class="logo-mini"><b>M</b>A</span>
-					<?php echo $status['uptimeReadable'] . ', ' . $status['players'] . '/' . $status['playersMax']; ?><br/>
+			<span class="logo-lg"><b>My</b>AAC</span>
-					<?php echo $config['lua']['ip'] . ' : ' . $config['lua']['loginPort']; ?>
+		</a>
-				</p>
-				<?php else: ?>
-				<p class="error" style="width: 120px; text-align: center;">Status: Offline</p>
-				<?php endif; ?>
-			</div>
-			<div id="version">Version: <?php echo MYAAC_VERSION; ?> (<a id="update" href="?p=version">Check for updates</a>)<br/>
-				Logged in as: <b><?php echo (USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()); ?></b><br/>
-				<a href="<?php echo BASE_URL; ?>" target="_blank">Preview</a> <span class="separator">|</span> <a href="?action=logout">Log out<img src="<?php echo BASE_URL; ?>images/icons/logout.png" alt="" title="Log out" /></a>
-			</div>
-			<?php endif; ?>
-			<h1><?php echo $config['lua']['serverName'] . (isset($title) ? ' - ' . $title : ''); ?> - Admin Panel</h1>
-		</div>
-		<div id="wrapper">
-			<?php
-			if($logged && admin()) {
-			?>
-			<div id="sidebar">
-				<ul>
-				<?php
-					$menus = array(
-						'Dashboard' => 'dashboard',
-						'Mailer' => 'mailer',
-						'Pages' => 'pages',
-						'Menus' => 'menus',
-						'Plugins' => 'plugins',
-						'Statistics' => 'statistics',
-						'Visitors' => 'visitors',
-						'Players' => 'players',
-						'Items' => 'items',
-						'Tools' => array(
-							'phpinfo' => 'phpinfo'
-						),
-						'Notepad' => 'notepad',
-						'Logs' => 'logs'
-					);
 
-					$i = 0;
+		<nav class="navbar navbar-static-top" role="navigation">
-					foreach($menus as $_name => $_page) {
+			<a href="#" class="sidebar-toggle" data-toggle="push-menu" role="button">
-						//echo '<a ' . ($page == $_page ? ' class="current"' : '') . 'href="?p=' . $_page . '">' . $_name . '</a>';
+				<span class="sr-only">Toggle navigation</span>
-						echo '<li><h3>';
+			</a>
-						$has_child = is_array($_page);
+			<div class="navbar-custom-menu">
-						if(!$has_child) {
+				<ul class="nav navbar-nav">
-							echo '<a href="?p=' . $_page . '">';
+					<li>
-							if($page == $_page) echo '<u>';
+						<a href="#" data-toggle="control-sidebar"><i class="fa fa-gears"></i></a>
-								echo $_name;
+					</li>
-							if($page == $_page) echo '</u>';
-							echo '</a>';
-						}
-						else
-							echo $_name;
-
-						echo '</h3>';
-						if($has_child) {
-							echo '<ul>';
-							foreach($_page as $__name => $__page)
-								echo '<li><a href="?p=' . $__page . '">';
-								if($page == $__page) echo '<u>';
-									echo $__name;
-								if($page == $__page) echo '</u>';
-								echo '</a></li>';
-							echo '</ul>';
-						}
-						echo '</li>';
-					}
-				
-					$query = $db->query('SELECT `name`, `page`, `flags` FROM `' . TABLE_PREFIX . 'admin_menu` ORDER BY `ordering`');
-					$menu_db = $query->fetchAll();
-					foreach($menu_db as $item) {
-						if($item['flags'] == 0 || hasFlag($item['flags'])) {
-							echo '<li><h3>
-							<a href="?p=' . $item['page'] . '">';
-							if($page == $item['page']) echo '<u>';
-							echo $item['name'];
-							if($page == $item['page']) echo '</u>';
-							echo '</a></h3></li>';
-						}
-					}
-				?>
 				</ul>
 			</div>
-			<?php
+		</nav>
-			}
+	</header>
-			?>
+	<aside class="main-sidebar">
-			<div id="content"><?php echo $content; ?></div>
+		<section class="sidebar">
-		</div>
+			<ul class="sidebar-menu" data-widget="tree">
-		<div id="footer">
+				<li class="header">MyAAC</li>
-			<?php echo base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4='); ?>
+
-		</div>
+				<?php
+				$icons_a = array(
+                    'dashboard','newspaper-o', 'envelope',
+                    'book', 'list',
+                    'plug', 'user',
+                    'edit', 'gavel',
+                    'wrench', 'edit', 'book', 'book',
+                );
+
+				$menus = array(
+					'Dashboard' => 'dashboard',
+					'News' => 'news',
+					'Mailer' => 'mailer',
+					'Pages' => 'pages',
+					'Menus' => 'menus',
+					'Plugins' => 'plugins',
+					'Visitors' => 'visitors',
+					'Editor' => array(
+						'Accounts' => 'accounts',
+						'Players' => 'players',
+					),
+					'Items' => 'items',
+					'Tools' => array(
+						'Notepad' => 'notepad',
+						'phpinfo' => 'phpinfo',
+					),
+					'Logs' => array(
+						'Logs' => 'logs',
+						'Reports' => 'reports',
+					),
+				);
+
+				$i = 0;
+				foreach ($menus as $_name => $_page) {
+					$has_child = is_array($_page);
+					if (!$has_child) {
+						echo '<li ';
+						if ($page == $_page) echo ' class="active"';
+						echo ">";
+						echo '<a href="?p=' . $_page . '"><i class="fa fa-' . (isset($icons_a[$i]) ? $icons_a[$i] : 'link') . '"></i> <span>' . $_name . '</span></a></li>';
+					}
+
+					if ($has_child) {
+						$used_menu = "";
+						$nav_construct = '';
+						foreach ($_page as $__name => $__page) {
+							$nav_construct = $nav_construct . '<li';
+
+							if ($page == $__page) {
+								$nav_construct = $nav_construct . ' class="active"';
+								$used_menu = true;
+							}
+							$nav_construct = $nav_construct . '><a href="?p=' . $__page . '"><i class="fa fa-circle-o"></i> ' . $__name . '</a></li>';
+						}
+
+						echo '<li class="treeview' . (($used_menu) ? ' menu-open' : '') . '">
+                                      <a href="#"><i class="fa fa-' . (isset($icons_a[$i]) ? $icons_a[$i] : 'link') . '"></i> <span>' . $_name . '</span>
+						              <span class="pull-right-container"><i class="fa fa-angle-left pull-right"></i></span></a>
+						              <ul class="treeview-menu" style="' . (($used_menu) ? '  display: block' : ' display: none') . '">';
+						echo $nav_construct;
+						echo '</ul>
+                                </li>';
+					}
+					$i++;
+				}
+
+				$query = $db->query('SELECT `name`, `page`, `flags` FROM `' . TABLE_PREFIX . 'admin_menu` ORDER BY `ordering`');
+				$menu_db = $query->fetchAll();
+				foreach ($menu_db as $item) {
+					if ($item['flags'] == 0 || hasFlag($item['flags'])) {
+						echo '<li ';
+						if ($page == $item['page']) echo ' class="active"';
+						echo ">";
+						echo '<a href="?p=' . $item['page'] . '"><i class="fa fa-link"></i> <span>' . $item['name'] . '</span></a></li>';
+					}
+				}
+				?>
+			</ul>
+		</section>
+	</aside>
+
+	<div class="content-wrapper">
+		<section class="content-header">
+			<h1><?php echo(isset($title) ? $title : ''); ?>
+				<small> - Admin Panel</small>
+				<div class="pull-right">
+					<span class="label label-<?php echo(($status['online']) ? 'success' : 'danger'); ?>"><?php echo $config['lua']['serverName'] ?></span>
+				</div>
+			</h1>
+		</section>
+		<section class="content">
+			<?php echo $content; ?>
+		</section>
+
 	</div>
-<?php endif; ?>
+
+	<footer class="main-footer">
+
+		<div class="pull-right hidden-xs">
+			<div id="status">
+				<?php if ($status['online']): ?>
+					<p class="success" style="width: 120px; text-align: center;">Server Online</p>
+				<?php else: ?>
+					<p class="error" style="width: 120px; text-align: center;">Server Offline</p>
+				<?php endif; ?>
+			</div>
+		</div>
+		<?php echo base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4='); ?>
+	</footer>
+
+	<aside class="control-sidebar control-sidebar-dark">
+		<ul class="nav nav-tabs nav-justified control-sidebar-tabs">
+			<li class="active"><a href="#control-sidebar-home-tab" data-toggle="tab"><i class="fa fa-home"></i></a></li>
+			<li><a href="#control-sidebar-settings-tab" data-toggle="tab"><i class="fa fa-gears"></i></a></li>
+		</ul>
+		<div class="tab-content">
+			<div class="tab-pane active" id="control-sidebar-home-tab">
+				<h3 class="control-sidebar-heading">Account</h3>
+				<ul class="control-sidebar-menu">
+					<li>
+						<a href="?action=logout">
+							<i class="menu-icon fa  fa-sign-out bg-red"></i>
+							<div class="menu-info">
+								<h4 class="control-sidebar-subheading">Log out</h4>
+								<p>This will log you out
+									of <?php echo(USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()); ?></p>
+							</div>
+						</a>
+					</li>
+				</ul>
+				<h3 class="control-sidebar-heading">Site</h3>
+				<ul class="control-sidebar-menu">
+					<li>
+						<a href="<?php echo BASE_URL; ?>" target="_blank">
+							<i class="menu-icon fa  fa-eye bg-blue"></i>
+							<div class="menu-info">
+								<h4 class="control-sidebar-subheading">Preview</h4>
+								<p>This will open a new tab</p>
+							</div>
+						</a>
+					</li>
+				</ul>
+			</div>
+			<div class="tab-pane" id="control-sidebar-settings-tab">
+				<form method="post">
+					<h3 class="control-sidebar-heading">Version</h3>
+
+					<div class="form-group">
+						<label class="control-sidebar-subheading">
+							<?php echo MYAAC_VERSION; ?> (<a href="?p=version">Check for updates</a>)<br/>
+						</label>
+						<label class="control-sidebar-subheading">
+							<p><a href="https://github.com/slawkens/myaac" target="_blank">Github</a></p>
+					</div>
+				</form>
+			</div>
+		</div>
+	</aside>
+	<div class="control-sidebar-bg"></div>
+</div>
+
+<?php }
+if (!$logged && !admin()) {
+	echo $content;
+}
+?>
+
+<script src="<?php echo BASE_URL; ?>tools/js/bootstrap.min.js"></script>
+<script src="<?php echo BASE_URL; ?>tools/js/jquery-ui.min.js"></script>
+<script src="<?php echo BASE_URL; ?>tools/js/jquery.dataTables.min.js"></script>
+<script src="<?php echo BASE_URL; ?>tools/js/adminlte.min.js"></script>
 </body>
-</html>
+</html>

admin/tools/phpinfo.php

@@ -1,8 +1,10 @@
 <?php
-require('../../common.php');
+define('MYAAC_ADMIN', true);
-require(SYSTEM . 'functions.php');
+
-require(SYSTEM . 'init.php');
+require '../../common.php';
-require(SYSTEM . 'login.php');
+require SYSTEM . 'functions.php';
+require SYSTEM . 'init.php';
+require SYSTEM . 'login.php';
 
 if(!admin())
 	die('Access denied.');
@@ -11,4 +13,3 @@ if(!function_exists('phpinfo'))
 	die('phpinfo() disabled on this web server.');
 
 phpinfo();
-?>

admin/tools/status.php

@@ -1,9 +1,11 @@
 <?php
-require('../../common.php');
+define('MYAAC_ADMIN', true);
-require(SYSTEM . 'init.php');
+
-require(SYSTEM . 'functions.php');
+require '../../common.php';
-require(SYSTEM . 'status.php');
+require SYSTEM . 'init.php';
-require(SYSTEM . 'login.php');
+require SYSTEM . 'functions.php';
+require SYSTEM . 'status.php';
+require SYSTEM . 'login.php';
 
 if(!admin())
 	die('Access denied.');

common.php

@@ -20,17 +20,18 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2017 MyAAC
+ * @copyright 2019 MyAAC
- * @link      http://my-aac.org
+ * @link      https://my-aac.org
  */
-session_start();
+if (version_compare(phpversion(), '7.2.5', '<')) die('PHP version 7.2.5 or higher is required.');
 
 define('MYAAC', true);
-define('MYAAC_VERSION', '0.7.11');
+define('MYAAC_VERSION', '0.8.18');
-define('DATABASE_VERSION', 22);
+define('DATABASE_VERSION', 33);
 define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));
-define('MYAAC_OS', (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? 'WINDOWS' : (strtoupper(PHP_OS) == 'DARWIN' ? 'MAC' : 'LINUX'));
+define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
+define('IS_CLI', in_array(php_sapi_name(), ['cli', 'phpdb']));
 
 // account flags
 define('FLAG_ADMIN', 1);
@@ -46,6 +47,7 @@ define('FLAG_CONTENT_GALLERY', 512);
 define('FLAG_CONTENT_VIDEOS', 1024);
 define('FLAG_CONTENT_FAQ', 2048);
 define('FLAG_CONTENT_MENUS', 4096);
+define('FLAG_CONTENT_PLAYERS', 8192);
 
 // news
 define('NEWS', 1);
@@ -53,7 +55,7 @@ define('TICKER', 2);
 define('ARTICLE', 3);
 
 // directories
-define('BASE', dirname(__FILE__) . '/');
+define('BASE', __DIR__ . '/');
 define('ADMIN', BASE . 'admin/');
 define('SYSTEM', BASE . 'system/');
 define('CACHE', SYSTEM . 'cache/');
@@ -83,26 +85,43 @@ define('TFS_03', 4);
 define('TFS_FIRST', TFS_02);
 define('TFS_LAST', TFS_03);
 
+if (!IS_CLI) {
+	session_save_path(SYSTEM . 'php_sessions');
+	session_start();
+}
+
 // basedir
 $basedir = '';
 $tmp = explode('/', $_SERVER['SCRIPT_NAME']);
-$size = sizeof($tmp) - 1;
+$size = count($tmp) - 1;
 for($i = 1; $i < $size; $i++)
 	$basedir .= '/' . $tmp[$i];
 
-$basedir = str_replace('/admin', '', $basedir);
+$basedir = str_replace(array('/admin', '/install', '/tools'), '', $basedir);
-$basedir = str_replace('/install', '', $basedir);
 define('BASE_DIR', $basedir);
 
-if(isset($_SERVER['HTTP_HOST'])) {
+if (file_exists(BASE . 'config.local.php') && !defined('MYAAC_INSTALL')) {
-	if (isset($_SERVER['HTTPS'][0]) && $_SERVER['HTTPS'] == 'on')
+	require BASE . 'config.local.php';
-		define('SERVER_URL', 'https://' . $_SERVER['HTTP_HOST']);
+}
-	else
-		define('SERVER_URL', 'http://' . $_SERVER['HTTP_HOST']);
 
+if(!IS_CLI) {
+	if (isset($_SERVER['HTTP_HOST'][0])) {
+		$baseHost = $_SERVER['HTTP_HOST'];
+	} else {
+		if (isset($_SERVER['SERVER_NAME'][0])) {
+			$baseHost = $_SERVER['SERVER_NAME'];
+		} else {
+			$baseHost = $_SERVER['SERVER_ADDR'];
+		}
+	}
+
+	define('SERVER_URL', 'http' . (isset($_SERVER['HTTPS'][0]) && strtolower($_SERVER['HTTPS']) === 'on' ? 's' : '') . '://' . $baseHost);
 	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
 	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
 
 	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
+	if(@$config['env'] === 'dev') {
+		require SYSTEM . 'exception.php';
+	}
 }
-?>
+require SYSTEM . 'autoload.php';

config.local.php

@@ -1,3 +0,0 @@
-<?php
-	// place for your configuration directives, so you can later easily update myaac
-?>

config.php

@@ -12,14 +12,25 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2017 MyAAC
+ * @copyright 2019 MyAAC
- * @link      http://my-aac.org
+ * @link      https://my-aac.org
  */
 
 $config = array(
 	// directories & files
 	'server_path' => '', // path to the server directory (same directory where config file is located)
 
+	/**
+	 * Environment Setting
+	 *
+	 * if you use this script on your live server - set to 'prod' (production)
+	 * if you want to test and debug the script locally, or develop plugins, set to 'dev' (development)
+	 * WARNING: on 'dev' cache is disabled, so site will be significantly slower !!!
+	 * WARNING2: on 'dev' all PHP errors/warnings are displayed
+	 * Recommended: 'prod' cause of speed (page load time is better)
+	 */
+	'env' => 'prod', // 'prod' for production and 'dev' for development
+
 	'template' => 'kathrine', // template used by website (kathrine, tibiacom)
 	'template_allow_change' => true, // allow users to choose their own template while browsing website?
 
@@ -30,7 +41,7 @@ $config = array(
 	'client' => 1098, // 954 = client 9.54
 
 	'session_prefix' => 'myaac_', // must be unique for every site on your server
-	'friendly_urls' => false, // mod_rewrite is required for this, it makes links looks more elegant to eye, and also are SEO friendly (example: http://my-aac.org/guilds/Testing instead of http://my-aac.org/?subtopic=guilds&name=Testing). Remember to rename .htaccess.dist to .htaccess
+	'friendly_urls' => false, // mod_rewrite is required for this, it makes links looks more elegant to eye, and also are SEO friendly (example: https://my-aac.org/guilds/Testing instead of https://my-aac.org/?subtopic=guilds&name=Testing). Remember to rename .htaccess.dist to .htaccess
 	'gzip_output' => false, // gzip page content before sending it to the browser, uses less bandwidth but more cpu cycles
 
 	// gesior backward support (templates & pages)
@@ -46,8 +57,6 @@ $config = array(
 	// footer
 	'footer' => ''/*'<br/>Your Server &copy; 2016. All rights reserved.'*/,
 
-	'debug_level' => 0, // 0 - disabled, 1 - show load time, 2 - show db query counter, 3 - both, 4 - memory usage, 5 - load time & memory usage, 6 - queries & memory usage, 7 - all
-
 	'language' => 'en', // default language (currently only 'en' available)
 	'language_allow_change' => false,
 
@@ -56,7 +65,7 @@ $config = array(
 	'views_counter' => true,
 
 	// cache system. by default file cache is used
-	'cache_engine' => 'auto', // apc, eaccelerator, xcache, file, auto, or blank to disable.
+	'cache_engine' => 'auto', // apc, apcu, eaccelerator, xcache, file, auto, or blank to disable.
 	'cache_prefix' => 'myaac_', // have to be unique if running more MyAAC instances on the same server (except file system cache)
 
 	// database details (leave blank for auto detect from config.lua)
@@ -65,6 +74,9 @@ $config = array(
 	'database_user' => '',
 	'database_password' => '',
 	'database_name' => '',
+	'database_log' => false, // should database queries be logged and and saved into system/logs/database.log?
+	'database_socket' => '', // set if you want to connect to database through socket (example: /var/run/mysqld/mysqld.sock)
+	'database_persistent' => false, // use database permanent connection (like server), may speed up your site
 
 	// multiworld system (only TFS 0.3)
 	'multiworld' => false, // use multiworld system?
@@ -74,12 +86,21 @@ $config = array(
 	),
 
 	// images
-	'outfit_images_url' => 'http://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
+	'outfit_images_url' => 'https://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
-	'item_images_url' => 'http://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
+	'item_images_url' => 'https://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
 
 	// account
 	'account_management' => true, // disable if you're using other method to manage users (fe. tfs account manager)
-	'account_mail_verify' => false, // force users to confirm their email addresses when registering account
+	'account_create_auto_login' => false, // auto login after creating account?
+	'account_create_character_create' => true, // allow directly to create character on create account page?
+	'account_mail_verify' => false, // force users to confirm their email addresses when registering
+	'account_mail_confirmed_reward' => [ // reward users for confirming their E-Mails
+		// account_mail_verify needs to be enabled too
+		'premium_days' => 0,
+		'premium_points' => 0,
+		'coins' => 0,
+		'message' => 'You received %d %s for confirming your E-Mail address.' // example: You received 20 premium points for confirming your E-Mail address.
+	],
 	'account_mail_unique' => true, // email addresses cannot be duplicated? (one account = one email)
 	'account_premium_days' => 0, // default premium days on new account
 	'account_premium_points' => 0, // default premium points on new account
@@ -98,16 +119,17 @@ $config = array(
 	'mail_address' => 'no-reply@your-server.org', // server e-mail address (from:)
 	'mail_admin' => 'your-address@your-server.org', // admin email address, where mails from contact form will be sent
 	'mail_signature' => array( // signature that will be included at the end of every message sent using _mail function
-		'plain' => ''/*'--\nMy Server,\nhttp://www.myserver.com'*/,
+		'plain' => ""/*"--\nMy Server,\nhttp://www.myserver.com"*/,
 		'html' => ''/*'<br/>My Server,\n<a href="http://www.myserver.com">myserver.com</a>'*/
 	),
-	'smtp_enabled' => false, // send by smtp or mail function (set false if use mail function)
+	'smtp_enabled' => false, // send by smtp or mail function (set false if use mail function, set to true if you use GMail or Microsoft Outlook)
-	'smtp_host' => '', // mail host
+	'smtp_host' => '', // mail host. smtp.gmail.com for GMail / smtp-mail.outlook.com for Microsoft Outlook
-	'smtp_port' => 25, // 25 (default) / 465 (ssl, e.g. gmail)
+	'smtp_port' => 25, // 25 (default) / 465 (ssl, GMail) / 587 (tls, Microsoft Outlook)
 	'smtp_auth' => true, // need authorization?
-	'smtp_user' => 'admin@example.org',
+	'smtp_user' => 'admin@example.org', // here your email username
 	'smtp_pass' => '',
-	'smtp_secure' => '', // What kind of encryption to use on the SMTP connection. Options: '', 'ssl' or 'tls', use 'ssl' for gmail
+	'smtp_secure' => '', // What kind of encryption to use on the SMTP connection. Options: '', 'ssl' (GMail) or 'tls' (Microsoft Outlook)
+	'smtp_debug' => false, // set true to debug (you will see more info in error.log)
 
 	// reCAPTCHA (prevent spam bots)
 	'recaptcha_enabled' => false, // enable recaptcha verification code
@@ -126,7 +148,7 @@ $config = array(
 		0 => 'Female',
 		1 => 'Male'
 	),
-	
+
 	// new character config
 	'character_samples' => array( // vocations, format: ID_of_vocation => 'Name of Character to copy'
 		//0 => 'Rook Sample',
@@ -136,11 +158,22 @@ $config = array(
 		4 => 'Knight Sample'
 	),
 
+	'use_character_sample_skills' => false,
+
+	// it must show limited number of players after using search in character page
+	'characters_search_limit' => 15,
+
 	// town list used when creating character
 	// won't be displayed if there is only one item (rookgaard for example)
 	'character_towns' => array(1),
 
+	// characters length
+	// This is the minimum and the maximum length that a player can create a character. It is highly recommend the maximum length to be 21.
+	'character_name_min_length' => 4,
+	'character_name_max_length' => 21,
+
 	// list of towns
+	// if you use TFS 1.3 with support for 'towns' table in database, then you can ignore this - it will be configured automatically (generated from your .OTBM map)
 	'towns' => array(
 		0 => 'No town',
 		1 => 'Sample town'
@@ -155,13 +188,6 @@ $config = array(
 	'guild_description_lines_limit' => 6, // limit of lines, if description has more lines it will be showed as long text, without 'enters'
 	'guild_motd_chars_limit' => 150, // limit of MOTD (message of the day) that is shown later in the game on the guild channel
 
-	'quests' => array(), // quests list (displayed in character view), name => storage
-
-	'signature_enabled' => true,
-	'signature_type' => 'tibian', // signature engine to use: tibian, mango, gesior
-	'signature_cache_time' => 5, // how long to store cached file (in minutes), default 5 minutes
-	'signature_browser_cache' => 60, // how long to cache by browser (in minutes), default 1 hour
-
 	// online page
 	'online_record' => true, // display players record?
 	'online_vocations' => false, // display vocation statistics?
@@ -175,6 +201,7 @@ $config = array(
 	'team_display_status' => true,
 	'team_display_lastlogin' => true,
 	'team_display_world' => false,
+	'team_display_outfit' => true,
 
 	// bans page
 	'bans_limit' => 50,
@@ -184,6 +211,7 @@ $config = array(
 	'highscores_vocation_box' => true, // show 'Choose a vocation' box on the highscores (allowing peoples to sort highscores by vocation)?
 	'highscores_vocation' => true, // show player vocation under his nickname?
 	'highscores_frags' => false, // show 'Frags' tab (best fraggers on the server)? Only 0.3
+	'highscores_balance' => false, // show 'Balance' tab (richest players on the server)
 	'highscores_outfit' => true, // show player outfit?
 	'highscores_country_box' => false, // doesnt work yet! (not implemented)
 	'highscores_groups_hidden' => 3, // this group id and higher won't be shown on the highscores
@@ -202,8 +230,17 @@ $config = array(
 		'quests' => true,
 		'skills' => true,
 		'equipment' => true,
-		'frags' => false
+		'frags' => false,
+		'deleted' => false, // should deleted characters from same account be still listed on the list of characters? When enabled it will show that character is "[DELETED]"
 	),
+	'quests' => array(
+		//'Some Quest' => 123,
+		//'Some Quest Two' => 456,
+	), // quests list (displayed in character view), name => storage
+	'signature_enabled' => true,
+	'signature_type' => 'tibian', // signature engine to use: tibian, mango, gesior
+	'signature_cache_time' => 5, // how long to store cached file (in minutes), default 5 minutes
+	'signature_browser_cache' => 60, // how long to cache by browser (in minutes), default 1 hour
 
 	// news page
 	'news_limit' => 5, // limit of news on the latest news page
@@ -213,38 +250,52 @@ $config = array(
 
 	// gifts/shop system
 	'gifts_system' => false,
-	
+
 	// support/system
 	'bug_report' => true, // this configurable has no effect, its always enabled
-	
+
 	// forum
 	'forum' => 'site', // link to the server forum, set to "site" if you want to use build in forum system, otherwise leave empty if you aren't going to use any forum
 	'forum_level_required' => 0, // level required to post, 0 to disable
 	'forum_post_interval' => 30, // in seconds
 	'forum_posts_per_page' => 20,
 	'forum_threads_per_page' => 20,
+	// uncomment to force use table for forum
+	//'forum_table_prefix' => 'z_', // what forum mysql table to use, z_ (for gesior old forum) or myaac_ (for myaac)
 
 	// last kills
 	'last_kills_limit' => 50, // max. number of deaths shown on the last kills page
 
 	// status, took automatically from config file if empty
-	'status_ip' => '',
+	'status_enabled' => true, // you can disable status checking by settings this to "false"
+	'status_ip' => '127.0.0.1',
 	'status_port' => '',
+	'status_timeout' => 1.0, // how long to wait for the initial response from the server (default: 1 second)
+
+	// how often to connect to server and update status (default: every minute)
+	// if your status timeout in config.lua is bigger, that it will be used instead
+	// when server is offline, it will be checked every time web refreshes, ignoring this variable
+	'status_interval' => 60,
+
+	// admin panel
+	'admin_panel_modules' => 'lastlogin,points,coins',
 
 	// other
 	'anonymous_usage_statistics' => true,
 	'email_lai_sec_interval' => 60, // time in seconds between e-mails to one account from lost account interface, block spam
 	'google_analytics_id' => '', // e.g.: UA-XXXXXXX-X
-	'experiencetable_columns' => 5, // how many columns to display in experience table page. * experiencetable_rows, 5 = 500 (will show up to 500 level)
+	'experiencetable_columns' => 3, // how many columns to display in experience table page. * experiencetable_rows, 5 = 500 (will show up to 500 level)
-	'experiencetable_rows' => 100, // till how many levels in one column
+	'experiencetable_rows' => 200, // till how many levels in one column
 	'date_timezone' => 'Europe/Berlin', // more info at http://php.net/manual/en/timezones.php
-	
+	'footer_show_load_time' => true, // display load time of the page in the footer
-	'monsters' => array(),
+
-	'npc' => array()
+	'npc' => array(),
+
+	// character name blocked
+	'character_name_blocked' => array(
+		'prefix' => array(),
+		'names' => array(),
+		'words' => array(),
+	),
+
 );
-
-// download link to client.
-$config['client_download'] = 'http://tibia-clients.com/clients/download/'. $config['client'] .'/exe/windows';
-$config['client_download_linux'] = 'http://tibia-clients.com/clients/download/'. $config['client'] .'/tar/linux';
-
-?>