* fixed installation (damn me..)

* otserv 0.6.3: fixed some warning (on the characters page) and fatal
mysql error (on the mango signature)

.gitignore

@@ -0,0 +1,2 @@
+Thumbs.db
+.DS_Store

CHANGELOG

@@ -1,6 +1,68 @@
+[0.7.9 - 13.01.2017]
+	* removed 6mb of trash (some useless things)
+	* (fix) TFS 1.x not showing promoted vocations in highscores
+	* otserv 0.6.x: fixed some warning (on the characters page) and fatal mysql error (on the mango signature)
+	* fixed default stamina on otserv 0.6.x engine (and some others perhaps)
+	* install: change permission check to is_writable
+	* changed highscores_groups_hidden to 3 (for TFS 1.x)
+	* updated background-artwork (tibiacom template) to the latest version, removed other ones
+
+[0.7.8 - 12.01.2017]
+	* fixed installation error " call to undefined method OTS_DB_MySQL::hasColumn()"
+	* updated tinymce to the latest (4.7.4) version
+	* enabled emoticons plugin in tinymce :)
+	* some security fixes
+
+[0.7.7 - 08.01.2018]
+	* important fix for servers with promotion column (caused player.vocation to be resetted when saving player, for example: on change name, accept invite to guild, leave guild)
+	* immediately reload config.lua when there's change in config.server_path detected
+	* added new forum option: "Enable HTML" (only for moderators)
+	* fixed othire default column value (#26)
+	* fixed saving custom vocations in admin panel (#36)
+	* fixed warning in highscores when vocation doesn't exist
+	* fixed characters page - config.characters.frags "Notice: Use of undefined constant"
+	* fixed getBoolean function when boolean is passed
+	* fixed empty success message on leave guild
+	* fixed displaying premium account days
+	* function OTS_Account:getPremDays will now return -1 if there's freePremium configurable enabled on the server
+	* fixed tr bgcolor in characters view (Frags) (#38)
+	* fixed some warning in guild show
+	* fixed PHP warning about country not existing on online and characters pages
+	* fixed forum bbcode parsing
+	* don't add extra <br/> to the TinyMCE news forum posts
+	* (internal) using $player->getVocationName() where possible instead of older method
+
+[0.7.6 - 05.01.2017]
+	* fixed othire account creating/installation
+	* fixed table name players -> players_online
+	* fixed unexpected error logging about email fail
+	* added max_execution_time to the install finish step
+	* some small fix regarding highscores vocation box
+
+[0.7.5 - 04.01.2017]
+	* fixed bug on othire with config.account_premium_days
+	* fixed bug on TFS 1.x when online_afk is enabled
+	* warning about leaving news page with changes
+	* added player status to tibiacom top 5 highscores box
+	* save detected country on create account in session
+	* fixed getPremDays and isPremium functions (newest 11.x engines are bugged when it comes to PACC, its not fault of MyAAC)
+	* fix when there are no changelogs or highscores yet
+	* small fix regarding getTopPlayers function which was ignoring $limit variable
+	* fixed news adding when type != ARTICLE
+	* fixed template path finding
+	* fixed displaying article_text when it was empty saved
+
+[0.7.4 - 24.12.2017]
+	* fixed mysql fatal error on tibiacom template - top 5 box
+	* fixed displaying of level percent bar on tibian signature
+	* inform user about Twig cache failure on installation, instead of http 500 error
+	* when dir system/cache is not writable by the webserver, then show some nice notice to the user about it instead of http 500 error
+	* remember client version select and usage stats checkbox in session on install
+	* automatically update highscores_ids_hidden for users who installed myaac before (migration)
+
 [0.7.3 - 18.12.2017]
-	* auto generate myaac cache & session prefix on install to be unique accross installations
-	* fixed hidding shop system menu on tibiacom template when disabled in config
+	* auto generate myaac cache & session prefix on install to be unique across installations
+	* fixed hiding shop system menu on tibiacom template when disabled in config
 	* prevent adding duplicated newses with installation
 	* some changes to sample characters: chanced town_id to 1, posx: 1000, posy: 1000, posz: 1000 and default group_id to 1 so you can change in-game outfits and they will be used
 	* added version 772 constant to install client choose (OTHire)

TODO

@@ -3,20 +3,19 @@
 0.*
 	* support duplicated vocation names with different ids
 	* plugins: option to define custom requirements check in json file, to check if system meets the requirement
-	* inform user about Twig cache failure on installation, instead of 500 error
 	* add support for defining max myaac version in plugin.json file
 	* cache Menus in templates
 	* don't show error indicators on first time load - createaccount page
 	* update Twig to the latest version from 1.x branch
 	* semantic versioning support for plugins (github.com/composer/semver)
-	* database towns table support for TFS 1.3
-	* players.is_sample is waste, better save in config.php array of ignored ids
 	* add some notice to the user that installing step "Import Schema" will take some time
-	* remember client version in session on install
+	* check user IP on installing to prevent install by random user
 
 1.0:
 	* i18n support (issue #1 on github)
 	* New Admin Panel layout and interface
+	* add changelog management interface
+	* remove tibiacom template, and include it as a plugin
 
 2.0
 	* remove compat functions
@@ -24,6 +23,7 @@
 		* var/ (for logs, cache and data), config/, bin, public/ (for index and images and other public content), system/ (for php files and classess)
 	* rename templates to layouts as templates is meant to be used for twig templates
 	* change gifts_system to shop_system configurable
+	* move most used options in system/templates dir to separate directories (more transparent)
 
 At any time between (version not specified):
 	* better news archive with search function (like on tibia.com)
@@ -33,4 +33,5 @@ At any time between (version not specified):
 	* possibility to add extra cache engines with plugins
 	* preferably configurable (enable/disable) forum TinyMCE editor
 	* new cache engine - plain php, is good with pure php 7.0+ and opcache
-	* OTAdmin support in Admin Panel
+	* OTAdmin support in Admin Panel
+	* database towns table support for TFS 1.3

common.php

@@ -26,8 +26,8 @@
 session_start();
 
 define('MYAAC', true);
-define('MYAAC_VERSION', '0.7.3');
-define('DATABASE_VERSION', 19);
+define('MYAAC_VERSION', '0.7.9');
+define('DATABASE_VERSION', 21);
 define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));
 define('MYAAC_OS', (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? 'WINDOWS' : (strtoupper(PHP_OS) == 'DARWIN' ? 'MAC' : 'LINUX'));

config.php

@@ -75,7 +75,7 @@ $config = array(
 
 	// images
 	'outfit_images_url' => 'http://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
-	'item_images_url' => 'http://item-images.ots.me/960/', // set to images/items if you host your own items in images folder
+	'item_images_url' => 'http://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
 
 	// account
 	'account_management' => true, // disable if you're using other method to manage users (fe. tfs account manager)
@@ -185,7 +185,8 @@ $config = array(
 	'highscores_frags' => false, // show 'Frags' tab (best fraggers on the server)? Only 0.3
 	'highscores_outfit' => true, // show player outfit?
 	'highscores_country_box' => false, // doesnt work yet! (not implemented)
-	'highscores_groups_hidden' => 4, // this group id and higher won't be shown on the highscores
+	'highscores_groups_hidden' => 3, // this group id and higher won't be shown on the highscores
+	'highscores_ids_hidden' => array(0), // this ids of players will be hidden on the highscores (should be ids of samples)
 	'highscores_length' => 100, // how many records per page on highscores
 
 	// characters page

index.php

@@ -51,7 +51,7 @@ if(preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
 	include(TOOLS . 'signature/index.php');
 	exit();
 }
-else if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz)$/i", $_SERVER['REQUEST_URI'])) {
+else if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
 	header("HTTP/1.0 404 Not Found");
 	exit;
 }
@@ -176,21 +176,17 @@ if(fetchDatabaseConfig('database_version', $tmp)) { // we got version
 	$tmp = (int)$tmp;
 	if($tmp < DATABASE_VERSION) { // import if older
 		for($i = $tmp + 1; $i <= DATABASE_VERSION; $i++) {
-			$file = SYSTEM . 'migrations/' . $i . '.php';
-			if(file_exists($file)) {
-				require($file);
-			}
+			require(SYSTEM . 'migrations/' . $i . '.php');
+			updateDatabaseConfig('database_version', $i);
 		}
-		
-		updateDatabaseConfig('database_version', DATABASE_VERSION);
 	}
 }
 else { // register first version
+	registerDatabaseConfig('database_version', 0);
 	for($i = 1; $i <= DATABASE_VERSION; $i++) {
 		require(SYSTEM . 'migrations/' . $i . '.php');
+		updateDatabaseConfig('database_version', $i);
 	}
-
-	registerDatabaseConfig('database_version', DATABASE_VERSION);
 }
 
 // event system

install/includes/functions.php

@@ -78,4 +78,23 @@ function next_form($previous = true, $next = true)
 	<input type="hidden" name="step" id="step" value="' . $step . '" />' . next_buttons($previous, $next) . '
 </form>';
 }
-?>
+
+function win_is_writable($path) {
+	if($path[strlen( $path ) - 1] == '/') { // if it looks like a directory, check a random file within the directory
+		return win_is_writable( $path . uniqid( mt_rand() ) . '.tmp');
+	} elseif(is_dir( $path )) { // If it's a directory (and not a file) check a random file within the directory
+		return win_is_writable( $path . '/' . uniqid( mt_rand() ) . '.tmp' );
+	}
+
+	// check tmp file for read/write capabilities
+	$should_delete_tmp_file = !file_exists( $path );
+	$f = @fopen( $path, 'a' );
+	if ( $f === false )
+		return false;
+
+	fclose( $f );
+	if($should_delete_tmp_file)
+		unlink($path);
+
+	return true;
+}

install/includes/schema.sql

@@ -109,6 +109,7 @@ CREATE TABLE `myaac_forum`
 	`post_text` text NOT NULL,
 	`post_topic` varchar(255) NOT NULL DEFAULT '',
 	`post_smile` tinyint(1) NOT NULL default '0',
+	`post_html` tinyint(1) NOT NULL default '0',
 	`post_date` int(20) NOT NULL default '0',
 	`last_edit_aid` int(20) NOT NULL default '0',
 	`edit_date` int(20) NOT NULL default '0',

install/includes/twig_error.html

@@ -0,0 +1,11 @@
+We have detected that you don't have access to write to the system/cache directory. Under linux you can fix it by using this two command, where first one should be enough (for apache):<br/><br/><span class="console">chown -R www-data.www-data /var/www/*</span><br/><span class="console">chmod -R 660 system/cache</span>
+
+<style type="text/css">
+.console {
+	font-family:Courier;
+	color: #CCCCCC;
+	background: #000000;
+	border: 3px double #CCCCCC;
+	padding: 0px;
+}
+</style>

install/index.php

@@ -91,16 +91,19 @@ else if($step == 'finish') {
 
 $error = false;
 
-// step include
-ob_start();
+clearstatcache();
+if(is_writable(CACHE) && (MYAAC_OS != 'WINDOWS' || win_is_writable(CACHE))) {
+	ob_start();
 
-$step_id = array_search($step, $steps);
-require('steps/' . $step_id . '-' . $step . '.php');
-$content = ob_get_contents();
-ob_end_clean();
+	$step_id = array_search($step, $steps);
+	require('steps/' . $step_id . '-' . $step . '.php');
+	$content = ob_get_contents();
+	ob_end_clean();
+}
+else {
+	$content = error(file_get_contents(BASE . 'install/includes/twig_error.html'), true);
+}
 
 // render
 require('template/template.php');
-//$_SESSION['laststep'] = $step;
-
-?>
+//$_SESSION['laststep'] = $step;

install/steps/3-requirements.php

@@ -25,8 +25,8 @@ $failed = false;
 version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50300), PHP_VERSION);
 foreach(array('config.local.php', 'images/guilds', 'images/houses', 'images/gallery') as $value)
 {
-	$perms = (int) substr(decoct(fileperms(BASE . $value)), 2);
-	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $perms >= 660);
+	$is_writable = is_writable(BASE . $value);
+	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $is_writable);
 }
 
 $ini_register_globals = ini_get_bool('register_globals');

install/steps/5-database.php

@@ -219,6 +219,17 @@ if(!$error) {
 				if(query("ALTER TABLE `players` ADD `comment` TEXT NOT NULL;"))
 					success($locale['step_database_adding_field'] . ' players.comment...');
 			}
+			
+			if(fieldExist('rank_id', 'players')) {
+				if(query("ALTER TABLE players MODIFY `rank_id` INT(11) NOT NULL DEFAULT 0;"))
+					success($locale['step_database_modifying_field'] . ' players.rank_id...');
+			
+				if(fieldExist('guildnick', 'players')) {
+					if(query("ALTER TABLE players MODIFY `guildnick` VARCHAR(255) NOT NULL DEFAULT '';")) {
+						success($locale['step_database_modifying_field'] . ' players.guildnick...');
+					}
+				}
+			}
 		}
 		
 		if(!$error && (!isset($_SESSION['saved']))) {
@@ -240,9 +251,9 @@ if(!$error) {
 			$content .= PHP_EOL;
 			$content .= '$config[\'client_download_linux\'] = \'http://tibia-clients.com/clients/download/\'. $config[\'client\'] . \'/tar/linux\';';
 			$content .= PHP_EOL;
-			$content .= '$config[\'session_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '\';';
+			$content .= '$config[\'session_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
 			$content .= PHP_EOL;
-			$content .= '$config[\'cache_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '\';';
+			$content .= '$config[\'cache_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
 			$content .= PHP_EOL;
 			
 			$file = fopen(BASE . 'config.local.php', 'a+');

install/steps/7-finish.php

@@ -1,6 +1,7 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
+ini_set('max_execution_time', 300);
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
 }

system/functions.php

@@ -156,6 +156,10 @@ function getFlagImage($country)
 	if(!isset($config['countries']))
 		require(SYSTEM . 'countries.conf.php');
 
+	if(!isset($config['countries'][$country])) {
+		return '';
+	}
+	
 	return '<img src="images/flags/' . $country . '.gif" title="' . $config['countries'][$country]. '"/>';
 }
 
@@ -167,7 +171,9 @@ function getFlagImage($country)
  */
 function getBoolean($v)
 {
-	if(!$v || !isset($v[0])) return false;
+	if(is_bool($v)) {
+		return $v;
+	}
 
 	if(is_numeric($v))
 		return intval($v) > 0;
@@ -573,7 +579,7 @@ function getCreatureName($killer, $showStatus = false, $extendedInfo = false)
 
 			$str .= '<font color="'.($player->isOnline() ? 'green' : 'red').'">' . $player->getName() . '</font></b></a>';
 			if($extendedInfo) {
-				$str .= '<br><small>'.$player->getLevel().' '.$config['vocations'][$player->getVocation()].'</small>';
+				$str .= '<br><small>'.$player->getLevel().' '.$player->getVocationName().'</small>';
 			}
 			return $str;
 		}
@@ -970,9 +976,17 @@ function getTopPlayers($limit = 5) {
 		$deleted = 'deleted';
 		if(fieldExist('deletion', 'players'))
 			$deleted = 'deletion';
-		
-		$players = $db->query('SELECT `name`, `level`, `experience` FROM `players` WHERE `group_id` < ' . $config['highscores_groups_hidden'] . ' AND `id` NOT IN (' . implode(', ', $config['highscores_ids_hidden']) . ') AND `' . $deleted . '` = 0 AND `account_id` != 1 ORDER BY `experience` DESC LIMIT 5')->fetchAll();
-		
+
+		$is_tfs10 = tableExist('players_online');
+		$players = $db->query('SELECT `id`, `name`, `level`, `experience`' . ($is_tfs10 ? '' : ', `online`') . ' FROM `players` WHERE `group_id` < ' . $config['highscores_groups_hidden'] . ' AND `id` NOT IN (' . implode(', ', $config['highscores_ids_hidden']) . ') AND `' . $deleted . '` = 0 AND `account_id` != 1 ORDER BY `experience` DESC LIMIT ' . (int)$limit)->fetchAll();
+
+		if($is_tfs10) {
+			foreach($players as &$player) {
+				$query = $db->query('SELECT `player_id` FROM `players_online` WHERE `player_id` = ' . $player['id']);
+				$player['online'] = ($query->rowCount() > 0 ? 1 : 0);
+			}
+		}
+
 		$i = 0;
 		foreach($players as &$player) {
 			$player['rank'] = ++$i;

system/init.php

@@ -8,14 +8,14 @@
  * @link      http://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
+
 // load configuration
 require_once(BASE . 'config.php');
 if(file_exists(BASE . 'config.local.php')) // user customizations
 	require(BASE . 'config.local.php');
 
 if(!isset($config['installed']) || !$config['installed']) {
-	header('Location: ' . BASE_URL);
-	die('AAC has not been installed yet or there was error during installation. Please install again.');
+	die('MyAAC has not been installed yet or there was error during installation. Please install again.');
 }
 
 date_default_timezone_set($config['date_timezone']);
@@ -87,21 +87,26 @@ if(isset($_REQUEST))
 }
 
 // load otserv config file
-$tmp = '';
-if($cache->enabled() && $cache->fetch('config_lua', $tmp)) {
-	$config['lua'] = unserialize($tmp);
-	/*if(isset($config['lua']['myaac'][0])) {
-		foreach($config['lua']['myaac'] as $key => $value)
-			$config[$key] = $value;
-	}*/
+$config_lua_reload = true;
+if($cache->enabled()) {
+	$tmp = null;
+	if($cache->fetch('server_path', $tmp) && $tmp == $config['server_path']) {
+		$tmp = null;
+		if($cache->fetch('config_lua', $tmp) && $tmp) {
+			$config['lua'] = unserialize($tmp);
+			$config_lua_reload = false;
+		}
+	}
 }
-else
-{
+
+if($config_lua_reload) {
 	$config['lua'] = load_config_lua($config['server_path'] . 'config.lua');
 
 	// cache config
-	if($cache->enabled())
+	if($cache->enabled()) {
 		$cache->set('config_lua', serialize($config['lua']), 120);
+		$cache->set('server_path', $config['server_path']);
+	}
 }
 unset($tmp);
 
@@ -149,8 +154,8 @@ $config['data_path'] = $tmp;
 unset($tmp);
 
 // new config values for compability
-if($config['highscores_ids_hidden'] == null) {
-	$config['highscores_ids_hidden'] = array();
+if(!isset($config['highscores_ids_hidden']) || count($config['highscores_ids_hidden']) == 0) {
+	$config['highscores_ids_hidden'] = array(0);
 }
 
 // POT

system/libs/forum.php

@@ -37,7 +37,20 @@ class Forum
 	{
 		global $db;
 		$thread_id = 0;
-		if($db->insert(TABLE_PREFIX . 'forum', array('first_post' => 0, 'last_post' => time(), 'section' => $section_id, 'replies' => 0, 'views' => 0, 'author_aid' => isset($account_id) ? $account_id : 0, 'author_guid' => isset($player_id) ? $player_id : 0, 'post_text' => $body, 'post_topic' => $title, 'post_smile' => 0, 'post_date' => time(), 'last_edit_aid' => 0, 'edit_date' => 0, 'post_ip' => $_SERVER['REMOTE_ADDR']))) {
+		if($db->insert(TABLE_PREFIX . 'forum', array(
+			'first_post' => 0,
+			'last_post' => time(),
+			'section' => $section_id,
+			'replies' => 0,
+			'views' => 0,
+			'author_aid' => isset($account_id) ? $account_id : 0,
+			'author_guid' => isset($player_id) ? $player_id : 0,
+			'post_text' => $body, 'post_topic' => $title,
+			'post_smile' => 0, 'post_html' => 1,
+			'post_date' => time(),
+			'last_edit_aid' => 0, 'edit_date' => 0,
+			'post_ip' => $_SERVER['REMOTE_ADDR']
+		))) {
 			$thread_id = $db->lastInsertId();
 			$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `first_post`=".(int) $thread_id." WHERE `id` = ".(int) $thread_id);
 		}
@@ -45,7 +58,7 @@ class Forum
 		return $thread_id;
 	}
 	
-	static public function add_post($thread_id, $section, $author_aid, $author_guid, $post_text, $post_topic, $smile)
+	static public function add_post($thread_id, $section, $author_aid, $author_guid, $post_text, $post_topic, $smile, $html)
 	{
 		global $db;
 		$db->insert(TABLE_PREFIX . 'forum', array(
@@ -56,6 +69,7 @@ class Forum
 			'post_text' => $post_text,
 			'post_topic' => $post_topic,
 			'post_smile' => $smile,
+			'post_html' => $html,
 			'post_date' => time(),
 			'post_ip' => $_SERVER['REMOTE_ADDR']
 		));
@@ -232,16 +246,20 @@ class Forum
 		foreach($tags as $search => $replace)
 			$text = preg_replace($search, $replace, $text);
 		
-		return ($smiles == 0 ? Forum::parseSmiles($text) : $text);
+		return ($smiles ? Forum::parseSmiles($text) : $text);
 	}
 	
-	public static function showPost($topic, $text, $smiles)
+	public static function showPost($topic, $text, $smiles = true, $html = false)
 	{
-		$text = nl2br($text);
+		if($html) {
+			return '<b>' . $topic . '</b><hr />' . $text;
+		}
+
 		$post = '';
 		if(!empty($topic))
-			$post .= '<b>'.($smiles == 0 ? self::parseSmiles($topic) : $topic).'</b><hr />';
-		$post .= self::parseBBCode($text, $smiles);
+			$post .= '<b>'.($smiles ? self::parseSmiles($topic) : $topic).'</b><hr />';
+
+		$post .= self::parseBBCode(nl2br($text), $smiles);
 		return $post;
 	}
 	

system/libs/plugins.php

@@ -10,6 +10,34 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
+function is_sub_dir($path = NULL, $parent_folder = SITE_PATH) {
+	
+	//Get directory path minus last folder
+	$dir = dirname($path);
+	$folder = substr($path, strlen($dir));
+	
+	//Check the the base dir is valid
+	$dir = realpath($dir);
+	
+	//Only allow valid filename characters
+	$folder = preg_replace('/[^a-z0-9\.\-_]/i', '', $folder);
+	
+	//If this is a bad path or a bad end folder name
+	if( !$dir OR !$folder OR $folder === '.') {
+		return FALSE;
+	}
+	
+	//Rebuild path
+	$path = $dir. '/' . $folder;
+	
+	//If this path is higher than the parent folder
+	if( strcasecmp($path, $parent_folder) > 0 ) {
+		return $path;
+	}
+	
+	return FALSE;
+}
+
 class Plugins {
 	private static $warnings = array();
 	private static $error = null;
@@ -160,16 +188,32 @@ class Plugins {
 				else {
 					$success = true;
 					foreach($plugin_info['uninstall'] as $file) {
-						$file = BASE . $file;
-						if(!deleteDirectory($file)) {
+						if(strpos($file, '/') === 0) {
 							$success = false;
+							self::$error = "You cannot use absolute paths (starting with slash - '/'): " . $file;
+							break;
+						}
+						
+						$file = BASE . $file;
+						if(!is_sub_dir($file, BASE) || realpath(dirname($file)) != dirname($file)) {
+							$success = false;
+							self::$error = "You don't have rights to delete: " . $file;
+							break;
 						}
 					}
-					
+
+					if($success) {
+						foreach($plugin_info['uninstall'] as $file) {
+							if(!deleteDirectory(BASE . $file)) {
+								self::$warnings[] = 'Cannot delete: ' . $$file;
+							}
+						}
+					}
+
 					if (isset($plugin_info['hooks'])) {
 						foreach ($plugin_info['hooks'] as $_name => $info) {
 							if (defined('HOOK_'. $info['type'])) {
-								$hook = constant('HOOK_'. $info['type']);
+								//$hook = constant('HOOK_'. $info['type']);
 								$query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'hooks` WHERE `name` = ' . $db->quote($_name) . ';');
 								if ($query->rowCount() == 1) { // found something
 									$query = $query->fetch();
@@ -187,9 +231,6 @@ class Plugins {
 						
 						return true;
 					}
-					else {
-						self::$error = error_get_last();
-					}
 				}
 			}
 		}

system/libs/pot/OTS_Account.php

@@ -39,7 +39,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
  * @var array
  * @version 0.1.5
  */
-    private $data = array('email' => '', 'blocked' => false, 'rlname' => '','location' => '','web_flags' => 0,'lastday' => 0,'premdays' => 0, 'created' => 0);
+    private $data = array('email' => '', 'blocked' => false, 'rlname' => '','location' => '','web_flags' => 0, 'lastday' => 0, 'premdays' => 0, 'created' => 0);
 
 /**
  * Creates new account.
@@ -170,7 +170,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
     public function load($id)
     {
         // SELECT query on database
-        $this->data = $this->db->query('SELECT `id`, ' . (fieldExist('name', 'accounts') ? '`name`,' : '') . '`password`, `email`, ' . $this->db->fieldName('blocked') . ', ' . $this->db->fieldName('rlname') . ', ' . $this->db->fieldName('location') . ', ' . $this->db->fieldName('web_flags') . ', ' . (fieldExist('premdays', 'accounts') ? $this->db->fieldName('premdays') . ',' : '') . (fieldExist('lastday', 'accounts') ? $this->db->fieldName('lastday') . ',' : (fieldExist('premend', 'accounts') ?  $this->db->fieldName('premend') . ' as `lastday`,' : '')) . $this->db->fieldName('created') . ' FROM ' . $this->db->tableName('accounts') . ' WHERE ' . $this->db->fieldName('id') . ' = ' . (int) $id)->fetch();
+        $this->data = $this->db->query('SELECT `id`, ' . (fieldExist('name', 'accounts') ? '`name`,' : '') . '`password`, `email`, ' . $this->db->fieldName('blocked') . ', ' . $this->db->fieldName('rlname') . ', ' . $this->db->fieldName('location') . ', ' . $this->db->fieldName('web_flags') . ', ' . (fieldExist('premdays', 'accounts') ? $this->db->fieldName('premdays') . ',' : '') . (fieldExist('lastday', 'accounts') ? $this->db->fieldName('lastday') . ',' : (fieldExist('premend', 'accounts') ?  $this->db->fieldName('premend') . ',' : '')) . $this->db->fieldName('created') . ' FROM ' . $this->db->tableName('accounts') . ' WHERE ' . $this->db->fieldName('id') . ' = ' . (int) $id)->fetch();
     }
 
 /**
@@ -249,12 +249,16 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
             throw new E_OTS_NotLoaded();
         }
 
-		$lastday = 'lastday';
-		if(fieldExist('premend', 'accounts'))
-			$lastday = 'premend';
+	$field = 'lastday';
+	if(fieldExist('premend', 'accounts')) { // othire
+    		$field = 'premend';
+		if(!isset($this->data['premend'])) {
+			$this->data['premend'] = 0;
+		}
+	}
 
         // UPDATE query on database
-        $this->db->query('UPDATE `accounts` SET ' . (fieldExist('name', 'accounts') ? '`name` = ' . $this->db->quote($this->data['name']) . ',' : '') . '`password` = ' . $this->db->quote($this->data['password']) . ', `email` = ' . $this->db->quote($this->data['email']) . ', `blocked` = ' . (int) $this->data['blocked'] . ', `rlname` = ' . $this->db->quote($this->data['rlname']) . ', `location` = ' . $this->db->quote($this->data['location']) . ', `web_flags` = ' . (int) $this->data['web_flags'] . ', ' . (fieldExist('premdays', 'accounts') ? '`premdays` = ' . (int) $this->data['premdays'] . ',' : '') . '`' . $lastday . '` = ' . (int) $this->data['lastday'] . ' WHERE `id` = ' . $this->data['id']);
+        $this->db->query('UPDATE `accounts` SET ' . (fieldExist('name', 'accounts') ? '`name` = ' . $this->db->quote($this->data['name']) . ',' : '') . '`password` = ' . $this->db->quote($this->data['password']) . ', `email` = ' . $this->db->quote($this->data['email']) . ', `blocked` = ' . (int) $this->data['blocked'] . ', `rlname` = ' . $this->db->quote($this->data['rlname']) . ', `location` = ' . $this->db->quote($this->data['location']) . ', `web_flags` = ' . (int) $this->data['web_flags'] . ', ' . (fieldExist('premdays', 'accounts') ? '`premdays` = ' . (int) $this->data['premdays'] . ',' : '') . '`' . $field . '` = ' . (int) $this->data[$field] . ' WHERE `id` = ' . $this->data['id']);
     }
 
 /**
@@ -327,23 +331,25 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		return $this->hasFlag(FLAG_SUPER_ADMIN);
 	}
 
-    public function getPremDays()
-    {
-        if( !isset($this->data['lastday']) )
-        {
-            throw new E_OTS_NotLoaded();
-        }
+	public function getPremDays()
+	{
+		if(!isset($this->data['lastday']) && !isset($this->data['premend'])) {
+			throw new E_OTS_NotLoaded();
+		}
+
+		if(isset($this->data['premend'])) {
+			return round(($this->data['premend'] - time()) / (24 * 60 * 60), 2);
+		}
+
+		if($this->data['premdays'] == 0) {
+			return 0;
+		}
+
+		global $config;
+        if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return -1;
+		return $this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday']));
+	}
 
-		if(fieldExist('premdays', 'accounts'))
-			return $this->data['premdays'];
-		
-        if($this->data['lastday'] == 0)
-            return 0;
-        
-		return round(($this->data['lastday'] - time()) / (24 * 60 * 60), 3);
-        //return $this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday']));
-    }
-	
    public function getLastLogin()
     {
         if( !isset($this->data['lastday']) )
@@ -353,17 +359,18 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 
         return $this->data['lastday'];
     }
-	
+
     public function isPremium()
     {
 		global $config;
         if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return true;
-		if(fieldExist('premdays', 'accounts'))
-			return $this->data['premdays'] > 0;
-	
-		return $this->data['lastday'] > time();
-        //return ($this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday'])) > 0);
-    }
+
+		if(isset($this->data['premend'])) {
+			return $this->data['premend'] > time();
+		}
+
+		return ($this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday'])) > 0);
+	}
 
     public function getCreated()
     {

system/libs/pot/OTS_Player.php

@@ -216,11 +216,6 @@ class OTS_Player extends OTS_Row_DAO
 		if(!isset($this->data['rank_id']) || $this->data['rank_id'] == NULL)
 			$this->data['rank_id'] = 0;
 
-		if(isset($this->data['promotion'])) {
-			global $config;
-			if((int)$this->data['promotion'] > 0)
-				$this->data['vocation'] += ($this->data['promotion'] * $config['vocations_amount']);
-		}
         // loads skills
         if( $this->isLoaded() )
         {
@@ -820,6 +815,12 @@ class OTS_Player extends OTS_Row_DAO
             throw new E_OTS_NotLoaded();
         }
 
+		if(isset($this->data['promotion'])) {
+			global $config;
+			if((int)$this->data['promotion'] > 0)
+				return ($this->data['vocation'] + ($this->data['promotion'] * $config['vocations_amount']));
+		}
+
         return $this->data['vocation'];
     }
 
@@ -2895,7 +2896,12 @@ class OTS_Player extends OTS_Row_DAO
         }
 
 		global $config;
-		return $config['vocations'][$this->data['vocation']];
+		$voc = $this->getVocation();
+		if(!isset($config['vocations'][$voc])) {
+			return 'Unknown';
+		}
+
+		return $config['vocations'][$voc];
         //return POT::getInstance()->getVocationsList()->getVocationName($this->data['vocation']);
     }
 
@@ -3151,6 +3157,14 @@ class OTS_Player extends OTS_Row_DAO
 
         $this->db->query('DELETE FROM ' . $this->db->tableName('player_spells') . ' WHERE ' . $this->db->fieldName('player_id') . ' = ' . $this->data['id'] . ' AND ' . $this->db->fieldName('name') . ' = ' . $this->db->quote( $spell->getName() ) );
     }
+	
+	public static function getPercentLevel($count, $nextLevelCount)
+	{
+		if($nextLevelCount > 0)
+			return min(100, max(0, $count * 100 / $nextLevelCount));
+
+		return 0;
+	}
 
 /**
  * Magic PHP5 method.

system/libs/pot/OTS_Toolbox.php

@@ -28,13 +28,11 @@ class OTS_Toolbox
  * @param int $experience Current experience points.
  * @return int Experience points for level.
  */
-    public static function experienceForLevel($level, $experience = 0)
+	public static function experienceForLevel($level, $experience = 0)
     {
-        return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
-		/*
-			$level = $level - 1;
-	return ((50 * $level * $level * $level) - (150 * $level * $level) + (400 * $level)) / 3;
-	*/
+        //return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
+		$level = $level - 1;
+		return ((50 * $level * $level * $level) - (150 * $level * $level) + (400 * $level)) / 3;
     }
 
 /**

system/migrations/19.php

@@ -1,3 +1,3 @@
 <?php
-// this migrations has been removed, but file kept for compability
+// this migration has been removed, but file kept for compability
 ?>

system/migrations/20.php

@@ -0,0 +1,39 @@
+<?php
+
+$config_file = BASE . 'config.local.php';
+if(!is_writable($config_file)) { // we can't do anything, just ignore
+	return;
+}
+
+$content_of_file = trim(file_get_contents($config_file));
+if(strpos($content_of_file, 'highscores_ids_hidden') !== false) { // already present
+	return;
+}
+
+$query = $db->query("SELECT `id` FROM `players` WHERE (`name` = " . $db->quote("Rook Sample") . " OR `name` = " . $db->quote("Sorcerer Sample") . " OR `name` = " . $db->quote("Druid Sample") . " OR `name` = " . $db->quote("Paladin Sample") . " OR `name` = " . $db->quote("Knight Sample") . ") ORDER BY `id`;");
+
+$highscores_ignored_ids = array();
+if($query->rowCount() > 0) {
+	foreach($query->fetchAll() as $result)
+		$highscores_ignored_ids[] = $result['id'];
+}
+else {
+	$highscores_ignored_ids[] = 0;
+}
+
+$php_on_end = substr($content_of_file, -2, 2) == '?>';
+$content = PHP_EOL;
+if($php_on_end) {
+	$content .= '<?php';
+}
+
+$content .= PHP_EOL;
+$content .= '$config[\'highscores_ids_hidden\'] = array(' . implode(', ', $highscores_ignored_ids) . ');';
+$content .= PHP_EOL;
+
+if($php_on_end) {
+	$content .= '?>';
+}
+
+file_put_contents($config_file, $content, FILE_APPEND);
+?>

system/migrations/21.php

@@ -0,0 +1,14 @@
+<?php
+
+$db->query("ALTER TABLE `" . TABLE_PREFIX . "forum` ADD `post_html` TINYINT(1) NOT NULL DEFAULT 0 AFTER `post_smile`;");
+
+$query = $db->query("SELECT `id` FROM `" . TABLE_PREFIX . "forum_boards` WHERE `name` LIKE " . $db->quote('News') . " LIMIT 1;");
+if($query->rowCount() == 0) {
+	return; // don't make anything
+}
+
+$query = $query->fetch();
+$id = $query['id'];
+
+// update all forum threads with is_html = 1
+$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `post_html` = 1 WHERE `section` = " . $id . " AND `id` = `first_post`;");

system/pages/account/create_character.php

@@ -140,7 +140,11 @@ if($save) {
 		$player->setPosX(0);
 		$player->setPosY(0);
 		$player->setPosZ(0);
-		$player->setStamina($config['otserv_version'] == TFS_03 ? 151200000 : 2520);
+
+		if(fieldExist('stamina', 'players')) {
+			$player->setStamina($char_to_copy->getStamina());
+		}
+
 		if(fieldExist('loss_experience', 'players')) {
 			$player->setLossExperience($char_to_copy->getLossExperience());
 			$player->setLossMana($char_to_copy->getLossMana());

system/pages/accountmanagement.php

@@ -110,7 +110,7 @@ $errors = array();
 		$players = array();
 		$account_players = $account_logged->getPlayersList();
 		$account_players->orderBy('id');
-		
+
 		echo $twig->render('account.management.html.twig', array(
 			'welcome_message' => $welcome_message,
 			'recovery_key' => $recovery_key,

system/pages/admin/players.php

@@ -120,7 +120,11 @@ if($id > 0) {
 		verify_number($experience, 'Experience', 20);
 
 		$vocation = $_POST['vocation'];
-		verify_number($vocation, 'Vocation id', 1);
+		verify_number($vocation, 'Vocation id', 11);
+
+		if(!isset($config['vocations'][$vocation])) {
+			echo_error("Vocation with this id doesn't exist.");
+		}
 
 		// health
 		$health = $_POST['health'];
@@ -357,14 +361,12 @@ $account = $player->getAccount();
 		<td>
 			<select name="vocation">
 <?php
-			$i = 0;
-			foreach($config['vocations'] as $voc)
+			foreach($config['vocations'] as $id => $name)
 			{
-				echo '<option value=' . $i;
-				if($i == $player->getVocation())
+				echo '<option value=' . $id;
+				if($id == $player->getVocation())
 					echo ' selected="selected"';
-				echo '>' . $voc . '</option>';
-				$i++;
+				echo '>' . $name . '</option>';
 			}
 					
 

system/pages/admin/plugins.php

@@ -22,7 +22,7 @@ if(isset($_REQUEST['uninstall'])){
 		success('Successfully uninstalled plugin ' . $uninstall);
 	}
 	else {
-		error('Error while uninstalling plugin ' . $plugin_name . ': ' . Plugins::getError());
+		error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
 	}
 }
 else if(isset($_FILES["plugin"]["name"]))

system/pages/characters.php

@@ -231,7 +231,7 @@ if($player->isLoaded() && !$player->isDeleted())
 	$dead_add_content = '';
 	$deaths = array();
 	if(tableExist('killers')) {
-		$player_deaths = $db->query('SELECT `id`, `date`, `level` FROM `player_deaths` WHERE `player_id` = '.$player->getId().' ORDER BY `date` DESC LIMIT 0,10;');
+		$player_deaths = $db->query('SELECT `id`, `date`, `level` FROM `player_deaths` WHERE `player_id` = '.$player->getId().' ORDER BY `date` DESC LIMIT 0,10;')->fetchAll();
 		if(count($player_deaths))
 		{
 			$number_of_rows = 0;
@@ -289,7 +289,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 		$deaths_db = $db->query('SELECT
 				`player_id`, `time`, `level`, `killed_by`, `is_player`' . $mostdamage . '
 				FROM `player_deaths`
-				WHERE `player_id` = ' . $player->getId() . ' ORDER BY `time` DESC LIMIT 10;');
+				WHERE `player_id` = ' . $player->getId() . ' ORDER BY `time` DESC LIMIT 10;')->fetchAll();
 		
 		if(count($deaths_db))
 		{
@@ -328,13 +328,13 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 		//frags list by Xampy
 		$i = 0;
 		$frags_limit = 10; // frags limit to show? // default: 10
-		$player_frags = $db->query('SELECT `player_deaths`.*, `players`.`name`, `killers`.`unjustified` FROM `player_deaths` LEFT JOIN `killers` ON `killers`.`death_id` = `player_deaths`.`id` LEFT JOIN `player_killers` ON `player_killers`.`kill_id` = `killers`.`id` LEFT JOIN `players` ON `players`.`id` = `player_deaths`.`player_id` WHERE `player_killers`.`player_id` = '.$player->getId().' ORDER BY `date` DESC LIMIT 0,'.$frags_limit.';');
+		$player_frags = $db->query('SELECT `player_deaths`.*, `players`.`name`, `killers`.`unjustified` FROM `player_deaths` LEFT JOIN `killers` ON `killers`.`death_id` = `player_deaths`.`id` LEFT JOIN `player_killers` ON `player_killers`.`kill_id` = `killers`.`id` LEFT JOIN `players` ON `players`.`id` = `player_deaths`.`player_id` WHERE `player_killers`.`player_id` = '.$player->getId().' ORDER BY `date` DESC LIMIT 0,'.$frags_limit.';')->fetchAll();
 		if(count($player_frags))
 		{
 			$row_count = 0;
 			foreach($player_frags as $frag)
 			{
-				$description = 'Fragged <a href="' . getPlayerLink($frag[name], false) . '">' . $frag[name] . '</a> at level ' . $frag[level];
+				$description = 'Fragged <a href="' . getPlayerLink($frag['name'], false) . '">' . $frag['name'] . '</a> at level ' . $frag['level'];
 				$frags[] = array('time' => $frag['date'], 'description' => $description, 'unjustified' => $frag['unjustified'] != 0);
 			}
 		}
@@ -375,7 +375,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 		'sex' => $player_sex,
 		'marriage_enabled' => $config['characters']['marriage_info'] && fieldExist('marriage', 'players'),
 		'marital_status' => $marital_status,
-		'vocation' => $config['vocations'][$player->getVocation()],
+		'vocation' => $player->getVocationName(),
 		'frags_enabled' => $frags_enabled,
 		'frags_count' => $frags_count,
 		'town' => isset($config['towns'][$player->getTownId()]) ? $config['towns'][$player->getTownId()] : null,

system/pages/createaccount.php

@@ -144,8 +144,13 @@ if($save)
 		}
 
 		if($config['account_premium_days'] && $config['account_premium_days'] > 0) {
-			$new_account->setCustomField('premdays', $config['account_premium_days']);
-			$new_account->setCustomField('lastday', time());
+			if(fieldExist('premend', 'accounts')) { // othire
+				$new_account->setCustomField('premend', time() + $config['account_premium_days'] * 86400);
+			}
+			else { // rest
+				$new_account->setCustomField('premdays', $config['account_premium_days']);
+				$new_account->setCustomField('lastday', time());
+			}
 		}
 
 		if($config['account_premium_points']) {
@@ -198,9 +203,10 @@ if($save)
 
 				if(_mail($email, 'Your account on ' . $config['lua']['serverName'], $mailBody))
 					echo '<br /><small>These informations were send on email address <b>' . $email . '</b>.';
-				else
+				else {
 					error('An error occorred while sending email (<b>' . $email . '</b>)! Error:<br/>' . $mailer->ErrorInfo . '<br/>More info in system/logs/error.log');
 					log_append('error.log', '[createaccount.php] An error occorred while sending email: ' . $mailer->ErrorInfo . '. Error: ' . print_r(error_get_last(), true));
+				}
 			}
 		}
 
@@ -208,36 +214,43 @@ if($save)
 	}
 }
 
-	$country_recognized = null;
-	if($config['account_country_recognize']) {
+$country_recognized = null;
+if($config['account_country_recognize']) {
+	$country_session = getSession('country');
+	if($country_session !== false) { // get from session
+		$country_recognized = $country_session;
+	}
+	else {
 		$info = json_decode(@file_get_contents('http://ipinfo.io/' . $_SERVER['REMOTE_ADDR'] . '/geo'), true);
 		if(isset($info['country'])) {
 			$country_recognized = strtolower($info['country']);
+			setSession('country', $country_recognized);
 		}
 	}
+}
 
-	if(!empty($errors))
-		echo $twig->render('error_box.html.twig', array('errors' => $errors));
+if(!empty($errors))
+	echo $twig->render('error_box.html.twig', array('errors' => $errors));
 
-	if($config['account_country']) {
-		$countries = array();
-		foreach (array('pl', 'se', 'br', 'us', 'gb') as $c)
-			$countries[$c] = $config['countries'][$c];
-		
-		$countries['--'] = '----------';
-		foreach ($config['countries'] as $code => $c)
-			$countries[$code] = $c;
-	}
+if($config['account_country']) {
+	$countries = array();
+	foreach (array('pl', 'se', 'br', 'us', 'gb') as $c)
+		$countries[$c] = $config['countries'][$c];
+	
+	$countries['--'] = '----------';
+	foreach ($config['countries'] as $code => $c)
+		$countries[$code] = $c;
+}
 
-	echo $twig->render('account.create.js.html.twig');
-	echo $twig->render('account.create.html.twig', array(
-		'account' => isset($_POST['account']) ? $_POST['account'] : '',
-		'email' => isset($_POST['email']) ? $_POST['email'] : '',
-		'countries' => isset($countries) ? $countries : null,
-		'accept_rules' => isset($_POST['accept_rules']) ? $_POST['accept_rules'] : false,
-		'country_recognized' => $country_recognized,
-		'country' => isset($country) ? $country : null,
-		'errors' => $errors,
-		'save' => $save
-	));
+echo $twig->render('account.create.js.html.twig');
+echo $twig->render('account.create.html.twig', array(
+	'account' => isset($_POST['account']) ? $_POST['account'] : '',
+	'email' => isset($_POST['email']) ? $_POST['email'] : '',
+	'countries' => isset($countries) ? $countries : null,
+	'accept_rules' => isset($_POST['accept_rules']) ? $_POST['accept_rules'] : false,
+	'country_recognized' => $country_recognized,
+	'country' => isset($country) ? $country : null,
+	'errors' => $errors,
+	'save' => $save
+));
 ?>

system/pages/forum.php

@@ -28,7 +28,7 @@ if(!$logged)
 
 require_once(LIBS . 'forum.php');
 
-$canEdit = hasFlag(FLAG_CONTENT_FORUM) || superAdmin();
+$canEdit = Forum::isModerator();
 if($canEdit)
 {
 	$groups = new OTS_Groups_List();
@@ -172,7 +172,7 @@ if(empty($action))
 	return;
 }
 
-
+$errors = array();
 if($action == 'show_board' || $action == 'show_thread')
 {
 	require(PAGES . 'forum/' . $action . '.php');

system/pages/forum/edit_post.php

@@ -18,14 +18,14 @@ if(Forum::canPost($account_logged))
 		return;
 	}
 	
-	$thread = $db->query("SELECT `author_guid`, `author_aid`, `first_post`, `post_topic`, `post_date`, `post_text`, `post_smile`, `id`, `section` FROM `" . TABLE_PREFIX . "forum` WHERE `id` = ".$post_id." LIMIT 1")->fetch();
+	$thread = $db->query("SELECT `author_guid`, `author_aid`, `first_post`, `post_topic`, `post_date`, `post_text`, `post_smile`, `post_html`, `id`, `section` FROM `" . TABLE_PREFIX . "forum` WHERE `id` = ".$post_id." LIMIT 1")->fetch();
 	if(isset($thread['id']))
 	{
 		$first_post = $db->query("SELECT `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`id`, `" . TABLE_PREFIX . "forum`.`section` FROM `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`id` = ".(int) $thread['first_post']." LIMIT 1")->fetch();
 		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread['first_post']) . '">'.$first_post['post_topic'].'</a> >> <b>Edit post</b>';
 		if(Forum::hasAccess($thread['section'] && ($account_logged->getId() == $thread['author_aid'] || Forum::isModerator())))
 		{
-			$char_id = $post_topic = $text = $smile = null;
+			$char_id = $post_topic = $text = $smile = $html = null;
 			$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
 			$saved = false;
 			if(isset($_REQUEST['save']))
@@ -33,9 +33,10 @@ if(Forum::canPost($account_logged))
 				$text = stripslashes(trim($_REQUEST['text']));
 				$char_id = (int) $_REQUEST['char_id'];
 				$post_topic = stripslashes(trim($_REQUEST['topic']));
-				$smile = (int) $_REQUEST['smile'];
+				$smile = isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0;
+				$html = isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0;
 				$lenght = 0;
-				for($i = 0; $i <= strlen($post_topic); $i++)
+				for($i = 0; $i < strlen($post_topic); $i++)
 				{
 					if(ord($post_topic[$i]) >= 33 && ord($post_topic[$i]) <= 126)
 						$lenght++;
@@ -43,12 +44,11 @@ if(Forum::canPost($account_logged))
 				if(($lenght < 1 || strlen($post_topic) > 60) && $thread['id'] == $thread['first_post'])
 					$errors[] = 'Too short or too long topic (short: '.$lenght.' long: '.strlen($post_topic).' letters). Minimum 1 letter, maximum 60 letters.';
 				$lenght = 0;
-				for($i = 0; $i <= strlen($text); $i++)
+				for($i = 0; $i < strlen($text); $i++)
 				{
 					if(ord($text[$i]) >= 33 && ord($text[$i]) <= 126)
 						$lenght++;
 				}
-				
 				if($lenght < 1 || strlen($text) > 15000)
 					$errors[] = 'Too short or too long post (short: '.$lenght.' long: '.strlen($text).' letters). Minimum 1 letter, maximum 15000 letters.';
 				if($char_id == 0)
@@ -56,7 +56,7 @@ if(Forum::canPost($account_logged))
 				if(empty($post_topic) && $thread['id'] == $thread['first_post'])
 					$errors[] = 'Thread topic can\'t be empty.';
 				
-				$player_on_account == false;
+				$player_on_account = false;
 				
 				if(count($errors) == 0)
 				{
@@ -71,7 +71,7 @@ if(Forum::canPost($account_logged))
 					$saved = true;
 					if($account_logged->getId() != $thread['author_aid'])
 						$char_id = $thread['author_guid'];
-					$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `author_guid` = ".(int) $char_id.", `post_text` = ".$db->quote($text).", `post_topic` = ".$db->quote($post_topic).", `post_smile` = ".(int) $smile.", `last_edit_aid` = ".(int) $account_logged->getId().",`edit_date` = ".time()." WHERE `id` = ".(int) $thread['id']);
+					$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `author_guid` = ".(int) $char_id.", `post_text` = ".$db->quote($text).", `post_topic` = ".$db->quote($post_topic).", `post_smile` = ".$smile.", `post_html` = ".$html.", `last_edit_aid` = ".(int) $account_logged->getId().",`edit_date` = ".time()." WHERE `id` = ".(int) $thread['id']);
 					$post_page = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`post_date` <= ".$thread['post_date']." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['first_post'])->fetch();
 					$_page = (int) ceil($post_page['posts_count'] / $config['forum_threads_per_page']) - 1;
 					header('Location: ' . getForumThreadLink($thread['first_post'], $_page));
@@ -83,6 +83,7 @@ if(Forum::canPost($account_logged))
 				$char_id = (int) $thread['author_guid'];
 				$post_topic = $thread['post_topic'];
 				$smile = (int) $thread['post_smile'];
+				$html = (int) $thread['post_html'];
 			}
 			
 			if(!$saved)
@@ -94,9 +95,12 @@ if(Forum::canPost($account_logged))
 					'post_id' => $post_id,
 					'players' => $players_from_account,
 					'player_id' => $char_id,
-					'topic' => htmlspecialchars($post_topic),
-					'text' => htmlspecialchars($text),
-					'smile' => $smile
+					'post_topic' => $canEdit ? $post_topic : htmlspecialchars($post_topic),
+					'post_text' => $canEdit ? $text : htmlspecialchars($text),
+					'post_smile' => $smile > 0,
+					'post_html' => $html > 0,
+					'html' => $html,
+					'canEdit' => $canEdit
 				));
 			}
 		}

system/pages/forum/new_post.php

@@ -27,7 +27,8 @@ if(Forum::canPost($account_logged))
 		$text = isset($_REQUEST['text']) ? stripslashes(trim($_REQUEST['text'])) : NULL;
 		$char_id = (int) (isset($_REQUEST['char_id']) ? $_REQUEST['char_id'] : 0);
 		$post_topic = isset($_REQUEST['topic']) ? stripslashes(trim($_REQUEST['topic'])) : '';
-		$smile = (int) (isset($_REQUEST['smile']) ? $_REQUEST['smile'] : 0);
+		$smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0);
+		$html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0);
 		$saved = false;
 		if(isset($_REQUEST['quote']))
 		{
@@ -72,7 +73,7 @@ if(Forum::canPost($account_logged))
 			if(count($errors) == 0)
 			{
 				$saved = true;
-				Forum::add_post($thread['id'], $thread['section'], $account_logged->getId(), (int) $char_id, $text, $post_topic, (int) $smile, time(), $_SERVER['REMOTE_ADDR']);
+				Forum::add_post($thread['id'], $thread['section'], $account_logged->getId(), (int) $char_id, $text, $post_topic, $smile, $html, time(), $_SERVER['REMOTE_ADDR']);
 				$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `replies`=`replies`+1, `last_post`=".time()." WHERE `id` = ".(int) $thread_id);
 				$post_page = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`post_date` <= ".time()." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['id'])->fetch();
 				$_page = (int) ceil($post_page['posts_count'] / $config['forum_threads_per_page']) - 1;
@@ -85,11 +86,14 @@ if(Forum::canPost($account_logged))
 		{
 			if(!empty($errors))
 				echo $twig->render('error_box.html.twig', array('errors' => $errors));
-			
-			$threads = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_smile` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` DESC LIMIT 5")->fetchAll();
-			
+				
+			$threads = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`post_html`, `" . TABLE_PREFIX . "forum`.`author_aid` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` DESC LIMIT 5")->fetchAll();
 			foreach($threads as &$thread) {
-				$thread['post'] = Forum::showPost($thread['post_topic'], $thread['post_text'], $thread['post_smile']);
+				$player_account = new OTS_Account();
+				$player_account->load($thread['author_aid']);
+				if($player_account->isLoaded()) {
+					$thread['post'] = Forum::showPost(($thread['post_html'] > 0 ? $thread['post_topic'] : htmlspecialchars($thread['post_topic'])), ($thread['post_html'] > 0 ? $thread['post_text'] : htmlspecialchars($thread['post_text'])), $thread['post_smile'] == 0, $thread['post_html'] > 0);
+				}
 			}
 			
 			echo $twig->render('forum.new_post.html.twig', array(
@@ -98,9 +102,11 @@ if(Forum::canPost($account_logged))
 				'players' => $players_from_account,
 				'post_topic' => $post_topic,
 				'post_text' => $text,
-				'post_smile' => $smile,
+				'post_smile' => $smile > 0,
+				'post_html' => $html > 0,
 				'topic' => $thread['post_topic'],
-				'threads' => $threads
+				'threads' => $threads,
+				'canEdit' => $canEdit
 			));
 		}
 	}

system/pages/forum/new_thread.php

@@ -24,7 +24,8 @@ if(Forum::canPost($account_logged))
 			$text = isset($_REQUEST['text']) ? stripslashes($_REQUEST['text']) : '';
 			$char_id = (int)(isset($_REQUEST['char_id']) ? $_REQUEST['char_id'] : 0);
 			$post_topic = isset($_REQUEST['topic']) ? stripslashes($_REQUEST['topic']) : '';
-			$smile = (int)(isset($_REQUEST['smile']) ? $_REQUEST['smile'] : 0);
+			$smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0);
+			$html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0);
 			$saved = false;
 			if (isset($_REQUEST['save'])) {
 				$errors = array();
@@ -68,7 +69,7 @@ if(Forum::canPost($account_logged))
 				}
 				if (count($errors) == 0) {
 					$saved = true;
-					$db->query("INSERT INTO `" . TABLE_PREFIX . "forum` (`first_post` ,`last_post` ,`section` ,`replies` ,`views` ,`author_aid` ,`author_guid` ,`post_text` ,`post_topic` ,`post_smile` ,`post_date` ,`last_edit_aid` ,`edit_date`, `post_ip`) VALUES ('0', '" . time() . "', '" . (int)$section_id . "', '0', '0', '" . $account_logged->getId() . "', '" . (int)$char_id . "', " . $db->quote($text) . ", " . $db->quote($post_topic) . ", '" . (int)$smile . "', '" . time() . "', '0', '0', '" . $_SERVER['REMOTE_ADDR'] . "')");
+					$db->query("INSERT INTO `" . TABLE_PREFIX . "forum` (`first_post` ,`last_post` ,`section` ,`replies` ,`views` ,`author_aid` ,`author_guid` ,`post_text` ,`post_topic` ,`post_smile`, `post_html` ,`post_date` ,`last_edit_aid` ,`edit_date`, `post_ip`) VALUES ('0', '" . time() . "', '" . (int)$section_id . "', '0', '0', '" . $account_logged->getId() . "', '" . (int)$char_id . "', " . $db->quote($text) . ", " . $db->quote($post_topic) . ", '" . (int)$smile . "', '" . (int)$html . "', '" . time() . "', '0', '0', '" . $_SERVER['REMOTE_ADDR'] . "')");
 					$thread_id = $db->lastInsertId();
 					$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `first_post`=" . (int)$thread_id . " WHERE `id` = " . (int)$thread_id);
 					header('Location: ' . getForumThreadLink($thread_id));
@@ -85,8 +86,10 @@ if(Forum::canPost($account_logged))
 					'players' => $players_from_account,
 					'post_player_id' => $char_id,
 					'post_thread' => $post_topic,
-					'text' => $text,
-					'smiles_enabled' => $smile > 0
+					'post_text' => $text,
+					'post_smile' => $smile > 0,
+					'post_html' => $html > 0,
+					'canEdit' => $canEdit
 				));
 			}
 		}

system/pages/forum/show_thread.php

@@ -33,7 +33,7 @@ for($i = 0; $i < $posts_count['posts_count'] / $config['forum_threads_per_page']
 	else
 		$links_to_pages .= '<b>'.($i + 1).' </b>';
 }
-$threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `players`.`account_id`, `players`.`vocation`" . (fieldExist('promotion', 'players') ? ", `players`.`promotion`" : "") . ", `players`.`level`, `" . TABLE_PREFIX . "forum`.`id`,`" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`section`,`" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_date`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`last_edit_aid`, `" . TABLE_PREFIX . "forum`.`edit_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` LIMIT ".$config['forum_posts_per_page']." OFFSET ".($_page * $config['forum_posts_per_page']))->fetchAll();
+$threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `players`.`account_id`, `players`.`vocation`" . (fieldExist('promotion', 'players') ? ", `players`.`promotion`" : "") . ", `players`.`level`, `" . TABLE_PREFIX . "forum`.`id`,`" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`section`,`" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_date`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`post_html`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`last_edit_aid`, `" . TABLE_PREFIX . "forum`.`edit_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` LIMIT ".$config['forum_posts_per_page']." OFFSET ".($_page * $config['forum_posts_per_page']))->fetchAll();
 if(isset($threads[0]['name']))
 	$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `views`=`views`+1 WHERE `id` = ".(int) $thread_id);
 echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($threads[0]['section']) . '">'.$sections[$threads[0]['section']]['name'].'</a> >> <b>'.$thread_name['post_topic'].'</b>';
@@ -47,8 +47,8 @@ foreach($threads as $thread)
 		die();
 	}
 	
-	echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td valign="top">' . getPlayerLink($thread['name']) . '<br /><br /><font size="1">Profession: '.$config['vocations'][$player->getVocation()].'<br />Level: '.$thread['level'].'<br />';
-	
+	echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td valign="top">' . getPlayerLink($thread['name']) . '<br /><br /><font size="1">Profession: '.$player->getVocationName().'<br />Level: '.$thread['level'].'<br />';
+
 	$rank = $player->getRank();
 	if($rank->isLoaded())
 	{
@@ -56,11 +56,9 @@ foreach($threads as $thread)
 		if($guild->isLoaded())
 			echo $rank->getName().' of <a href="'.getGuildLink($guild->getName(), false).'">'.$guild->getName().'</a><br />';
 	}
-	$player_account = $player->getAccount();
-	$canEditForum = $player_account->hasFlag(FLAG_CONTENT_FORUM) || $player_account->isAdmin();
-	
+
 	$posts = $db->query("SELECT COUNT(`id`) AS 'posts' FROM `" . TABLE_PREFIX . "forum` WHERE `author_aid`=".(int) $thread['account_id'])->fetch();
-	echo '<br />Posts: '.(int) $posts['posts'].'<br /></font></td><td valign="top">'.Forum::showPost(($canEditForum ? $thread['post_topic'] : htmlspecialchars($thread['post_topic'])), ($canEditForum ? $thread['post_text'] : htmlspecialchars($thread['post_text'])), $thread['post_smile']).'</td></tr>
+	echo '<br />Posts: '.(int) $posts['posts'].'<br /></font></td><td valign="top">'.Forum::showPost(($thread['post_html'] > 0 ? $thread['post_topic'] : htmlspecialchars($thread['post_topic'])), ($thread['post_html'] > 0 ? $thread['post_text'] : htmlspecialchars($thread['post_text'])), $thread['post_smile'] == 0, $thread['post_html'] > 0).'</td></tr>
 		<tr bgcolor="'.getStyle($number_of_rows++).'"><td><font size="1">'.date('d.m.y H:i:s', $thread['post_date']);
 	if($thread['edit_date'] > 0)
 	{

system/pages/guilds/leave_guild.php

@@ -94,7 +94,7 @@ else
 {
 	if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
 		$player->setRank();
-		$twig->render('success.html.twig', array(
+		echo $twig->render('success.html.twig', array(
 			'title' => 'Leave guild',
 			'description' => 'Player with name <b>'.$player->getName().'</b> leaved guild <b>'.$guild->getName().'</b>.',
 			'custom_buttons' => $twig->render('guilds.back_button.html.twig', array(

system/pages/guilds/show.php

@@ -10,6 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
+$title = 'Guilds';
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 if(!Validator::guildName($guild_name))
 	$errors[] = Validator::getLastError();
@@ -41,6 +42,7 @@ else
 	$players_from_account_in_guild = array();
 	if($logged)
 	{
+		$players_from_account_ids = array();
 		$account_players = $account_logged->getPlayers();
 		foreach($account_players as $player)
 		{

system/pages/highscores.php

@@ -22,11 +22,17 @@ $add_sql = '';
 $config_vocations = $config['vocations'];
 if($config['highscores_vocation_box'] && isset($vocation))
 {
-	for($i = 1; $i < count($config_vocations) / 2; $i++)
-	{
-		if(strtolower($config_vocations[$i]) == $vocation)
-		{
-			$add_sql = 'AND ' . $db->fieldName('vocation') . ' = ' . $db->quote($i);
+	foreach($config['vocations'] as $id => $name) {
+		if(strtolower($name) == $vocation) {
+			$add_vocs = array($id);
+	
+			$i = $id + $config['vocations_amount'];
+			while(isset($config['vocations'][$i])) {
+				$add_vocs[] = $i;
+				$i += $config['vocations_amount'];
+			}
+	
+			$add_sql = 'AND `vocation` IN (' . implode(', ', $add_vocs) . ')';
 			break;
 		}
 	}
@@ -178,6 +184,7 @@ $i = 0;
 $online_exist = false;
 if(fieldExist('online', 'players'))
 	$online_exist = true;
+
 foreach($skills as $player)
 {
 	if(!$online_exist) {
@@ -211,7 +218,11 @@ echo '
 							$player['vocation'] += ($player['promotion'] * $config['vocations_amount']);
 					}
 
-					echo '<br/><small>' . $config['vocations'][$player['vocation']] . '</small>';
+					$tmp = 'Unknown';
+					if(isset($config['vocations'][$player['vocation']])) {
+						$tmp = $config['vocations'][$player['vocation']];
+					}
+					echo '<br/><small>' . $tmp . '</small>';
 				}
 echo '
 			</td>
@@ -228,8 +239,10 @@ echo '
 		$show_link_to_next_page = true;
 }
 
-if(!$i)
-	echo '<tr bgcolor="' . $config['darkborder'] . '"><td colspan="' . ($skill == POT::SKILL__LEVEL ? 5 : 4) . '">No records yet.</td></tr>';
+if(!$i) {
+	$extra = ($config['highscores_outfit'] ? 1 : 0);
+	echo '<tr bgcolor="' . $config['darkborder'] . '"><td colspan="' . ($skill == POT::SKILL__LEVEL ? 5 + $extra : 4 + $extra) . '">No records yet.</td></tr>';
+}
 
 ?>
 </table>

system/pages/news.php

@@ -387,7 +387,7 @@ class News
 		if(!self::verify($title, $body, $article_text, $article_image, $errors))
 			return false;
 
-		$db->insert(TABLE_PREFIX . 'news', array('title' => $title, 'body' => $body, 'type' => $type, 'date' => time(), 'category' => $category, 'player_id' => isset($player_id) ? $player_id : 0, 'comments' => $comments, 'article_text' => $article_text, 'article_image' => $article_image));
+		$db->insert(TABLE_PREFIX . 'news', array('title' => $title, 'body' => $body, 'type' => $type, 'date' => time(), 'category' => $category, 'player_id' => isset($player_id) ? $player_id : 0, 'comments' => $comments, 'article_text' => ($type == 3 ? $article_text : ''), 'article_image' => ($type == 3 ? $article_image : '')));
 		return true;
 	}
 

system/status.php

@@ -75,8 +75,13 @@ if(isset($config['lua']['statustimeout']))
 // get status timeout from server config
 $status_timeout = eval('return ' . $config['lua']['statusTimeout'] . ';') / 1000 + 1;
 
-if($status['lastCheck'] + $status_timeout < time())
-{
+if($status['lastCheck'] + $status_timeout < time()) {
+	updateStatus();
+}
+
+function updateStatus() {
+	global $db, $cache, $config, $status, $status_ip, $status_port;
+	
 	// get server status and save it to database
 	$serverInfo = new OTS_ServerInfo($status_ip, $status_port);
 	$serverStatus = $serverInfo->status();
@@ -98,9 +103,14 @@ if($status['lastCheck'] + $status_timeout < time())
 		if($config['online_afk'])
 		{
 			// get amount of players that are currently logged in-game, including disconnected clients (exited)
-			$query = $db->query('SELECT COUNT(' . $db->fieldName('id') . ') AS playersTotal FROM ' . $db->tableName('players') .
-				' WHERE ' . $db->fieldName('online') . ' > 0');
-
+			if(tableExist('players_online')) { // tfs 1.x
+				$query = $db->query('SELECT COUNT(`player_id`) AS `playersTotal` FROM `players_online`;');
+			}
+			else {
+				$query = $db->query('SELECT COUNT(`id`) AS `playersTotal` FROM `players` WHERE `online` > 0');
+			}
+			
+			$status['playersTotal'] = 0;
 			if($query->rowCount() > 0)
 			{
 				$query = $query->fetch();
@@ -132,5 +142,4 @@ if($status['lastCheck'] + $status_timeout < time())
 	foreach($status as $key => $value) {
 		updateDatabaseConfig('status_' . $key, $value);
 	}
-}
-?>
+}

system/template.php

@@ -15,42 +15,38 @@ if($config['template_allow_change'])
 {
 	if(isset($_GET['template']))
 	{
-		$template_name = $_GET['template'];
 		if(!preg_match("/[^A-z0-9_\-]/", $template_name)) { // validate template
 			//setcookie('template', $template_name, 0, BASE_DIR . '/', $_SERVER["SERVER_NAME"]);
+			$template_name = $_GET['template'];
 			setSession('template', $template_name);
 			header('Location:' . getSession('last_uri'));
 		}
-		else
-			$template_name = $config['template'];
 	}
 	else {
 		$template_session = getSession('template');
 		if ($template_session !== false) {
 			if (!preg_match("/[^A-z0-9_\-]/", $template_session)) {
 				$template_name = $template_session;
-			} else {
-				$template_name = $config['template'];
 			}
 		}
 	}
 }
 $template_path = 'templates/' . $template_name;
 
-if(!file_exists($template_path . '/index.php') &&
-	!file_exists($template_path . '/template.php') &&
-	!file_exists($template_path . '/layout.php'))
+if(!file_exists(BASE . $template_path . '/index.php') &&
+	!file_exists(BASE . $template_path . '/template.php') &&
+	!file_exists(BASE . $template_path . '/layout.php'))
 {
 	$template_name = 'kathrine';
-	$template_path = TEMPLATES . $template_name;
+	$template_path = 'templates/' . $template_name;
 }
 
-$file = $template_path . '/config.ini';
+$file = BASE . $template_path . '/config.ini';
 $exists = file_exists($file);
-if($exists || ($config['backward_support'] && file_exists($template_path . '/layout_config.ini')))
+if($exists || ($config['backward_support'] && file_exists(BASE . $template_path . '/layout_config.ini')))
 {
 	if(!$exists)
-		$file = $template_path . '/layout_config.ini';
+		$file = BASE . $template_path . '/layout_config.ini';
 
 	if($cache->enabled())
 	{
@@ -69,8 +65,8 @@ if($exists || ($config['backward_support'] && file_exists($template_path . '/lay
 	foreach($template_ini as $key => $value)
 		$config[$key] = $value;
 }
-else if(file_exists($template_path . '/config.php'))
-	require($template_path . '/config.php');
+else if(file_exists(BASE . $template_path . '/config.php'))
+	require(BASE . $template_path . '/config.php');
 
 $template = array();
 $template['link_account_manage'] = getLink('account/manage');

system/templates/account.management.html.twig

@@ -51,7 +51,17 @@
 	<div id="two">
 		<h1>My account</h1>
 		<p>Welcome to your account page, {{ account }}<br>
-			You have {{ account_logged.getPremDays() }} days remaining premium account.</p>
+			{% if config.lua.freePremium %}
+			You have unlimited Premium Account.
+			{% else %}
+				{% set premiumDays = account_logged.getPremDays() %}
+				{% if premiumDays == 0 %}
+				You don't have Premium Account
+				{% else %}
+				You have {{ premiumDays }} days remaining Premium Account.
+				{% endif %}
+			{% endif %}
+		</p>
 
 		{# if account dont have recovery key show hint #}
 		{% if recovery_key is empty %}
@@ -150,7 +160,7 @@
 			{% for player in players %}
 				{% set i = i + 1 %}
 				<tr bgcolor="{{ getStyle(i) }}">
-					<td><a href="{{ getLink('characters/' ~ player.getName()|urlencode) }}">{{ player.getName() }}</a></td><td>{{ player.getLevel() }}</td><td>{{ config.vocations[player.getVocation()] }}</td><td>{{ config.towns[player.getTownId()] }}</td><td>{% if player.getLastLogin() > 0 %}{{ player.getLastLogin|date('d F Y (H:i)') }}{% else %}Never.{% endif %}</td><td>{%  if player.isOnline() %}<font color="green">ONLINE</font>{% else %}<font color="red">Offline</font>{% endif %}</td><td>{% if player.isHidden() %}Hidden{% else %}Visible{% endif %}</td><td>[<a href="{{ getLink('account/character/comment/' ~ player.getName|urlencode) }}" >Edit</a>]</td>
+					<td><a href="{{ getLink('characters/' ~ player.getName()|urlencode) }}">{{ player.getName() }}</a></td><td>{{ player.getLevel() }}</td><td>{{ player.getVocationName() }}</td><td>{{ config.towns[player.getTownId()] }}</td><td>{% if player.getLastLogin() > 0 %}{{ player.getLastLogin|date('d F Y (H:i)') }}{% else %}Never.{% endif %}</td><td>{%  if player.isOnline() %}<font color="green">ONLINE</font>{% else %}<font color="red">Offline</font>{% endif %}</td><td>{% if player.isHidden() %}Hidden{% else %}Visible{% endif %}</td><td>[<a href="{{ getLink('account/character/comment/' ~ player.getName|urlencode) }}" >Edit</a>]</td>
 				</tr>
 			{% endfor %}
 		</table>

system/templates/admin.mailer.html.twig

@@ -3,8 +3,8 @@
 	tinymce.init({
 		selector : "textarea",
 		theme : "modern",
-        plugins: 'print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help code',
-        toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
+        plugins: 'print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help code emoticons',
+        toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | emoticons link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
 		image_advtab: true,
 		relative_urls : false,
 		remove_script_host : false,

system/templates/admin.pages.form.html.twig

@@ -74,8 +74,8 @@
 			tinymce.init({
 				selector : "#body",
 				theme : "modern",
-				plugins: 'code print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help',
-				toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
+				plugins: 'code print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help emoticons',
+				toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | emoticons link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
 				image_advtab: true,
 				relative_urls : false,
 				remove_script_host : false,

system/templates/changelog.html.twig

@@ -23,7 +23,7 @@
 		{% endfor %}
 	{% else %}
 	<tr>
-		<td bgcolor="{{ config.lightborder }}">There are no change logs for the moment.</td>
+		<td colspan="4" bgcolor="{{ config.darkborder }}">There are no changelogs for the moment.</td>
 	</tr>
 	{% endif %}
 	

system/templates/characters.html.twig

@@ -256,10 +256,11 @@
 			</tr>
 			{% set i = 0 %}
 			{% for frag in frags %}
-			<tr bgcolor="'{{ getStyle(i) }}">
+			<tr bgcolor="{{ getStyle(i) }}">
 				<td width="20%" align="center">{{ frag.time|date("j M Y, H:i") }}</td>
 				<td>{{ frag.description|raw }}({% if frag.unjustified %}<font size="1" color="red">Unjustified</font>{% else %}<font size="1" color="green">Justified</font>{% endif %})</td>
 			</tr>
+			{% set i = i + 1 %}
 			{% endfor %}
 		</table>
 		<!-- FRAGS_END -->
@@ -380,12 +381,8 @@
 				<td>
 					<nobr>{{ i }}.&#160;{{ player.getName() }}{% if player.isDeleted() %}<font color="red"> [DELETED]</font>{% endif %}</nobr>
 				</td>
-				{% set vocation = 'Unknown' %}
-				{% if config.vocations[player.getVocation()] is defined %}
-					{% set vocation = config.vocations[player.getVocation()] %}
-				{% endif %}
 
-				<td>{{ player.getLevel() }} {{ vocation }}</td>
+				<td>{{ player.getLevel() }} {{ player.getVocationName() }}</td>
 				<td>{% if player.isOnline() %}<b><font color="green">Online</font></b>{% endif %}</td>
 				<td>
 					<table border="0" cellspacing="0" cellpadding="0">

system/templates/faq.html.twig

@@ -17,9 +17,9 @@
 		{% set i = i + 1 %}
 	<tr bgcolor="{{ getStyle(i) }}">
 		<td colspan="2" style="cursor: pointer;" onclick="toggleVisibility('faq_{{ i }}'); return false;">
-			<b>{{ faq.question }}</b>
+			<b>{{ faq.question|raw }}</b>
 
-			<div id="faq_{{ i }}" style="display: none;">{{ faq.answer }}</div>
+			<div id="faq_{{ i }}" style="display: none;">{{ faq.answer|raw }}</div>
 		</td>
 		{% if canEdit %}
 			<td>

system/templates/forum.edit_post.html.twig

@@ -22,21 +22,27 @@
 		</tr>
 		<tr bgcolor="{{ config.lightborder }}">
 			<td><b>Topic:</b></td>
-			<td><input type="text" value="{{ topic|raw }}" name="topic" size="40" maxlength="60" /> (Optional)</td>
+			<td><input type="text" value="{{ post_topic|raw }}" name="topic" size="40" maxlength="60" /> (Optional)</td>
 		</tr>
 		<tr bgcolor="{{ config.darkborder }}">
 			<td valign="top"><b>Message:</b><font size="1"><br/>You can use:<br/>[player]Nick[/player]<br />[url]http://address.com/[/url]<br />[img]http://images.com/images3.gif[/img]<br />[code]Code[/code]<br />[b]<b>Text</b>[/b]<br />[i]<i>Text</i>[/i]<br/>[u]<u>Text</u>[/u]<br />and smileys:<br />;) , :) , :D , :( , :rolleyes:<br />:cool: , :eek: , :o , :p</font>
 			</td>
 			<td>
-				<textarea rows="10" cols="60" name="text">{{ text|raw }}</textarea><br />(Max. 15,000 letters)
+				<textarea rows="10" cols="60" name="text">{{ post_text|raw }}</textarea><br />(Max. 15,000 letters)
 			</td>
 		</tr>
 		<tr bgcolor="{{ config.lightborder }}">
 			<td valign="top">Options:</td>
 			<td>
 				<label>
-					<input type="checkbox" name="smile" value="1"{% if smile == 1 %} checked="checked"{% endif %}/>Disable Smileys in This Post
+					<input type="checkbox" name="smile" value="1"{% if post_smile %} checked="checked"{% endif %}/>Disable Smileys in This Post
 				</label>
+				{% if canEdit %}
+					<br/>
+					<label>
+						<input type="checkbox" name="html" value="1"{% if post_html %} checked="checked"{% endif %}/>Enable HTML in this post (moderator only)
+					</label>
+				{% endif %}
 			</td>
 		</tr>
 	</table>

system/templates/forum.new_post.html.twig

@@ -28,7 +28,17 @@
 		</tr>
 		<tr bgcolor="{{ config.lightborder }}">
 			<td valign="top">Options:</td>
-			<td><label><input type="checkbox" name="smile" value="1"{% if post_smile == 1 %} checked="checked"{% endif %}/>Disable Smileys in This Post </label></td>
+			<td>
+				<label>
+					<input type="checkbox" name="smile" value="1"{% if post_smile %} checked="checked"{% endif %}/>Disable Smileys in This Post
+				</label>
+				{% if canEdit %}
+					<br/>
+					<label>
+						<input type="checkbox" name="html" value="1"{% if post_html %} checked="checked"{% endif %}/>Enable HTML in this post (moderator only)
+					</label>
+				{% endif %}
+			</td>
 		</tr>
 	</table>
 	<center>

system/templates/forum.new_thread.html.twig

@@ -25,11 +25,21 @@
 		</tr>
 		<tr bgcolor="{{ config.darkborder }}">
 			<td valign="top"><b>Message:</b><font size="1"><br />You can use:<br />[player]Nick[/player]<br />[url]http://address.com/[/url]<br />[img]http://images.com/images3.gif[/img]<br />[code]Code[/code]<br />[b]<b>Text</b>[/b]<br />[i]<i>Text</i>[/i]<br />[u]<u>Text</u>[/u]<br />and smileys:<br />;) , :) , :D , :( , :rolleyes:<br />:cool: , :eek: , :o , :p</font></td>
-			<td><textarea rows="10" cols="60" name="text">{{ text|escape }}</textarea><br />(Max. 15,000 letters)</td>
+			<td><textarea rows="10" cols="60" name="text">{{ post_text|escape }}</textarea><br />(Max. 15,000 letters)</td>
 		</tr>
 		<tr bgcolor="{{ config.lightborder }}">
 			<td valign="top">Options:</td>
-			<td><label><input type="checkbox" name="smile" value="1"{% if smiles_enabled %} checked="checked"{% endif %}/>Disable Smileys in This Post </label></td>
+			<td>
+				<label>
+					<input type="checkbox" name="smile" value="1"{% if post_smile %} checked="checked"{% endif %}/>Disable Smileys in This Post
+				</label>
+				{% if canEdit %}
+				<br/>
+				<label>
+					<input type="checkbox" name="html" value="1"{% if post_html %} checked="checked"{% endif %}/>Enable HTML in this post (moderator only)
+				</label>
+			{% endif %}
+			</td>
 		</tr>
 	</table>
 	<center>

system/templates/install.config.html.twig

@@ -23,7 +23,7 @@
 				<br/>
 				<select name="vars[client]" id="vars_client">
 					{% for id, version in clients %}
-					<option value="{{ id }}">{{ version }}</option>
+					<option value="{{ id }}"{% if session['var_client'] is not null and session['var_client'] == id %} selected{% endif %}>{{ version }}</option>
 					{% endfor %}
 				</select>
 			</td>
@@ -38,7 +38,7 @@
 				</label>
 				<br/>
 				<input type="hidden" value="0" name="vars[usage]">
-				<input type="checkbox" name="vars[usage]" id="vars_usage" value="1" checked/>
+				<input type="checkbox" name="vars[usage]" id="vars_usage" value="1"{% if session['var_usage'] is null or session['var_usage'] == 1 %} checked{% endif %}/>
 			</td>
 			<td>
 				<em>{{ locale.step_config_usage_desc }}</em>

system/templates/news.add.html.twig

@@ -1,17 +1,7 @@
-<script type="text/javascript" src="{{ constant('BASE_URL') }}tools/tinymce/tinymce.min.js"></script>
-<script type="text/javascript">
-	tinymce.init({
-		selector : "#body",
-		theme : "modern",
-		plugins: 'print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help code',
-		toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
-		image_advtab: true
-	});
-</script>
 {% if action != 'edit' %}
 <a id="news-button" href="#">Add news</a>
 {% endif %}
-<form method="post" action="{{ news_link_form }}">
+<form method="post" action="{{ news_link_form }}" id="news-edit-form">
 	{% if action == 'edit' %}
 	<input type="hidden" name="id" value="{{ news_id }}" />
 	{% endif %}
@@ -47,7 +37,7 @@
 		</tr>
 
 		{% set rows = rows + 1 %}
-		<tr id="article-text" bgcolor="{{ getStyle(rows) }}"{% if article_text is empty %} style="display: none;"{% endif %}>
+		<tr id="article-text" bgcolor="{{ getStyle(rows) }}"{% if type is not defined or type != constant('ARTICLE') %} style="display: none;"{% endif %}>
 			<td><b>Article short text:<br/>This will be displayed on news page.<br/>Rest will be available on "read more" page.</b></td>
 			<td>
 				<textarea name="article_text">{% if article_text is not empty %}{{ article_text }}{% endif %}</textarea>
@@ -55,7 +45,7 @@
 		</tr>
 
 		{% set rows = rows + 1 %}
-		<tr id="article-image" bgcolor="{{ getStyle(rows) }}"{% if article_image is empty %} style="display: none;"{% endif %}>
+		<tr id="article-image" bgcolor="{{ getStyle(rows) }}"{% if type is not defined or type != constant('ARTICLE') %} style="display: none;"{% endif %}>
 			<td><b>Article image:</b></td>
 			<td>
 				<input type="text" name="article_image" value="{% if article_image is not empty %}{{ article_image }}{% else %}images/news/announcement.jpg{% endif %}" />
@@ -121,7 +111,7 @@
 				<input type="submit" value="Submit"/>
 			</td>
 			<td align="left">
-				<input type="button" onclick="window.location = '{{ news_link }}';" value="Cancel"/>
+				<input id="cancel" type="button" value="Cancel"/>
 			</td>
 		</tr>
 	</table>
@@ -150,4 +140,49 @@
 		});
 	});
 </script>
-{% endif %}
+{% endif %}
+<script type="text/javascript" src="{{ constant('BASE_URL') }}tools/tinymce/tinymce.min.js"></script>
+<script type="text/javascript">
+	var unsaved = false;
+	var lastContent = '';
+
+	tinymce.init({
+		selector : "#body",
+		theme : "modern",
+		plugins: 'print preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap hr pagebreak nonbreaking anchor toc insertdatetime advlist lists textcolor wordcount spellchecker imagetools contextmenu colorpicker textpattern help code emoticons',
+		toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | emoticons link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
+		image_advtab: true,
+		setup: function(ed){
+			ed.on('NodeChange', function(e) {
+				if(ed.getContent() != lastContent) {
+					unsaved = true;
+				}
+			});
+		}
+	});
+
+	$(document).ready(function() {
+		$(":input").change(function(){ //trigers change in all input fields including text type
+			unsaved = true;
+		});
+		
+		$("#cancel").click(function( event ) {
+			unsaved = false;
+			window.location = '{{ news_link }}';
+		});
+
+		$("#news-edit-form").submit(function( event ) {
+			unsaved = false;
+		});
+
+		lastContent = $("#body").val();
+	});
+	
+	function unloadPage(){ 
+		if(unsaved){
+			return "You have unsaved changes on this page. Do you want to leave this page and discard your changes or stay on this page?";
+		}
+	}
+
+	window.onbeforeunload = unloadPage;
+</script>

system/templates/online.html.twig

@@ -101,7 +101,7 @@
 			<td>{{ player.country_image|raw }}</td>
 		{% endif %}
 		{% if config.online_outfit %}
-			<td width="5%"><img style="position:absolute;margin-top:{% if player.looktype in  [75, 266, 302] %}-20px;margin-left:-0px;{% else %}-45px;margin-left:-25px;{%  endif %}" src="{{ player.outfit }}" alt="player outfit"/></td>
+			<td width="5%"><img style="position:absolute;margin-top:{% if player.player.looktype in [75, 266, 302] %}-20px;margin-left:-0px;{% else %}-45px;margin-left:-25px;{%  endif %}" src="{{ player.outfit }}" alt="player outfit"/></td>
 		{% endif %}
 			<td>{{ player.name|raw }}{{ player.skull }}</td>
 			<td>{{ player.level }}</td>

templates/kathrine/style.css

@@ -3,7 +3,7 @@
 
 body
 {
-	background: #a7a597 url('images/background.png') no-repeat top left;
+	background: #a7a597 url('images/background.jpg') no-repeat top left;
 	margin: 0px;
 	padding: 0px;
 	font-family: Verdana, Arial, Helvetica, sans-serif;

templates/tibiacom/boxes/highscores.php

@@ -26,12 +26,17 @@
 
   #Topbar a {
   text-decoration: none;
-  cursor: auto;
+  }
+  .online {
+	  color: #008000;
+  }
+  
+  .offline {
+	  color: #FF0000;
   }
   a.topfont {
 	font-family: Verdana, Arial, Helvetica; 
     font-size: 11px; 
-        color: #FF0000;
     text-decoration: none
   }
   a:hover.topfont {
@@ -47,7 +52,7 @@
     <?php
     
     foreach(getTopPlayers(5) as $player) {
-	    echo '<div align="left"><a href="'.getPlayerLink($player['name'], false).'" class="topfont">
+	    echo '<div align="left"><a href="'.getPlayerLink($player['name'], false).'" class="topfont ' . ($player['online'] == 1 ? 'online' : 'offline') . '">
         <font color="#CCC">&nbsp;&nbsp;&nbsp;&nbsp;'.$player['rank'].' - </font>'.$player['name'].'
         <br>
         <small><font color="white">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Level: ('.$player['level'].')</font></small>

templates/tibiacom/config.php

@@ -10,7 +10,7 @@ $config['boxes'] = "highscores,newcomer,gallery,networks,poll";
 $config['network_facebook'] = 'tibia'; // leave empty to disable
 $config['network_twitter'] = 'tibia'; // leave empty to disable
 
-$config['background_image'] = "background-artwork-860.jpg";
+$config['background_image'] = "background-artwork.jpg";
 $config['logo_image'] = "tibia-logo-artwork-top.gif";
 $config['gallery_image'] = 1;
 $config['menu_categories'] = array(