add mostdamage killer

Also change version to 0.7.13-dev

.gitattributes

@@ -0,0 +1,4 @@
+* text=auto
+.gitattributes export-ignore
+.gitignore export-ignore
+_config.yml export-ignore

.gitignore

@@ -1,2 +1,37 @@
 Thumbs.db
-.DS_Store
+.DS_Store
+.idea
+node_modules
+vendor
+composer.lock
+
+releases
+config.local.php
+PERSONAL_NOTES
+
+# all custom templates
+templates/*
+!templates/tibiacom
+!templates/kathrine
+
+# guild images
+images/guilds/*
+!images/guilds/default.gif
+
+# cache
+system/cache/*
+!system/cache/index.html
+!system/cache/twig/index.html
+!system/cache/signatures/index.html
+
+# logs
+system/logs/*
+!system/logs/index.html
+
+# plugins
+plugins/*
+!plugins/.htaccess
+!plugins/example.json
+!plugins/account-create-hint.json
+!plugins/account-create-hint
+landing

CHANGELOG.md

@@ -1,4 +1,65 @@
-[0.7.9 - 13.01.2017]
+# Changelog
+
+## [0.7.13 - not-release-yet]
+
+### Fixed
+* Ignore arrays in config.lua (fixes experienceStages loading)
+
+## [0.7.12 - 18.02.2020]
+### Fixed
+* change guild nick function causing crash on TFS 1.x because of invalid characters being accepted
+* PHP Mailer autoload function on newer PHP
+* gesior signature guild rank loading
+* leaking database password when cannot connect
+* config.last_kills_limit being ignored
+* monster.loot being cutted off cause of too short column (changed to TEXT)
+
+### Added
+* nginx-sample.conf
+
+## [0.7.11 - 04.05.2019]
+### Added:
+* support for some old servers, where arrays are used in config.lua
+* an additional text to the install page informing that user can reinstall MyAAC by deleting config.local.php
+
+### Fixed:
+* XSS in forum show_thread
+* guilds - "Add new rank" function
+* multiple mail recipients when using admin mailer function
+* Admin Panel - MyAAC logs not shown if servers logs directory doesn't exist (#47)
+* missing prefix for cache get() and delete() functions
+* add fatal error message when myaac tables in database do not exist
+* the mystical defect where "Create Account" button was not highlighted (on the account/manage page)
+* bug where server_config table does not exist (OTHire as an example)
+* database_name in Usage_Statistics
+* forgot to open <head> in install template
+
+### Changed:
+* do not display software version
+
+## [0.7.10 - 03.03.2018]
+### Added:
+* new configurable: smtp_secure
+* robots.txt
+
+### Fixed:
+* editing an existing page that had php enabled
+* chrome bug on save (when editing page) ERR_BLOCKED_BY_XSS_AUDITOR
+* showing IP and Port in admin panel (#44, by miqueiaspenha)
+* deleting plugin showing "You don't have rights to delete"
+* some bug with PHPMailer not finding its language file
+* default accounts.vote value
+* saving some really high long ip addresses
+
+### Changed:
+* update config.highscores_ids_hidden on install when there are samples already in database
+* auto add z_polls table on install
+
+### Internal:
+* changed mb_strtolower functions to strtolower()
+* added new function: $hooks->exist($type)
+
+## [0.7.9 - 13.01.2018]
 	* removed 6mb of trash (some useless things)
 	* (fix) TFS 1.x not showing promoted vocations in highscores
 	* otserv 0.6.x: fixed some warning (on the characters page) and fatal mysql error (on the mango signature)
@@ -7,13 +68,13 @@
 	* changed highscores_groups_hidden to 3 (for TFS 1.x)
 	* updated background-artwork (tibiacom template) to the latest version, removed other ones
 
-[0.7.8 - 12.01.2017]
+## [0.7.8 - 12.01.2018]
 	* fixed installation error " call to undefined method OTS_DB_MySQL::hasColumn()"
 	* updated tinymce to the latest (4.7.4) version
 	* enabled emoticons plugin in tinymce :)
 	* some security fixes
 
-[0.7.7 - 08.01.2018]
+## [0.7.7 - 08.01.2018]
 	* important fix for servers with promotion column (caused player.vocation to be resetted when saving player, for example: on change name, accept invite to guild, leave guild)
 	* immediately reload config.lua when there's change in config.server_path detected
 	* added new forum option: "Enable HTML" (only for moderators)
@@ -32,14 +93,14 @@
 	* don't add extra <br/> to the TinyMCE news forum posts
 	* (internal) using $player->getVocationName() where possible instead of older method
 
-[0.7.6 - 05.01.2017]
+## [0.7.6 - 05.01.2017]
 	* fixed othire account creating/installation
 	* fixed table name players -> players_online
 	* fixed unexpected error logging about email fail
 	* added max_execution_time to the install finish step
 	* some small fix regarding highscores vocation box
 
-[0.7.5 - 04.01.2017]
+## [0.7.5 - 04.01.2017]
 	* fixed bug on othire with config.account_premium_days
 	* fixed bug on TFS 1.x when online_afk is enabled
 	* warning about leaving news page with changes
@@ -52,7 +113,7 @@
 	* fixed template path finding
 	* fixed displaying article_text when it was empty saved
 
-[0.7.4 - 24.12.2017]
+## [0.7.4 - 24.12.2017]
 	* fixed mysql fatal error on tibiacom template - top 5 box
 	* fixed displaying of level percent bar on tibian signature
 	* inform user about Twig cache failure on installation, instead of http 500 error
@@ -60,7 +121,7 @@
 	* remember client version select and usage stats checkbox in session on install
 	* automatically update highscores_ids_hidden for users who installed myaac before (migration)
 
-[0.7.3 - 18.12.2017]
+## [0.7.3 - 18.12.2017]
 	* auto generate myaac cache & session prefix on install to be unique across installations
 	* fixed hiding shop system menu on tibiacom template when disabled in config
 	* prevent adding duplicated newses with installation
@@ -70,12 +131,12 @@
 	* fixed account.login redirect not working on tibiacom template
 	* installation: warn about wrong admin account name/id and password
 	* fixed last menu closing in tibiacom template
-	* updated polish locale (translation) on install 
+	* updated polish locale (translation) on install
 	* (internal) removed some duplicated code on install finish
 	* (internal) renamed installation step files to be in correct order
 	* added TODO file
 
-[0.7.1 - 13.12.2017]
+## [0.7.1 - 13.12.2017]
 	* added changelog menu item to kathrine template
 	* fixed some php short tag in changelogs page
 	* fixed guild change description back button
@@ -83,7 +144,7 @@
 	* changed some notice when version check is failed
 	* (internal) moved changelog to twig
 
-[0.7.0 - 20.11.2017]
+## [0.7.0 - 20.11.2017]
 	* moved template menus to database, they're now dynamically loaded
 	* added anonymous usage statistics reporting (only if user agrees, first usage report will be send after 7 days)
 	* you can edit them in Admin Panel under 'Menus' option
@@ -119,25 +180,25 @@
 	* (internal) added some compat functions that are used by shop system
 	* (internal) renamed constant TICKET -> TICKER
 	* (internal) shortened message functions
-	
-[0.6.6 - 22.10.2017]
+
+## [0.6.6 - 22.10.2017]
 	* fixed some php fatal error on spells page
 	* changed spells.vocations field in db size to 300
 	* please reload your spells after this update!
 
-[0.6.5 - 21.10.2017]
+## [0.6.5 - 21.10.2017]
 	* fixed displaying custom pages
 	* fixed adding new group forum board
-	
-[0.6.4 - 20.10.2017]
+
+## [0.6.4 - 20.10.2017]
 	* reverted OTS_Account::getLastLogin() cause its used by tibia11-login plugin
-	
-[0.6.3 - 20.10.2017]
+
+## [0.6.3 - 20.10.2017]
 	* fixed creating account
-	* fixed viewing thread without being logged 
+	* fixed viewing thread without being logged
 	* fixed showing premium account status
-	
-[0.6.2 - 20.10.2017]
+
+## [0.6.2 - 20.10.2017]
 	* added forums for guilds and groups
 	* added nice looking menu for my account page in default template
 	* new command line tool: install_plugin.php - can be used to install plugins from command line. Usage: "php install_plugin.php path_to_file"
@@ -169,8 +230,8 @@
 	* (internal) optimized Spells class
 	* (internal) new function: OTS_Guild::hasMember(OTS_Player $player)
 	* (internal) new function: Forum::hasAccess($board_id)
-	
-[0.6.1 - 17.10.2017]
+
+## [0.6.1 - 17.10.2017]
 	* fixed signatures loading
 	* new configurable: session_prefix, to allow more websites on one machine (must be unique for every website on your dedicated server!)
 	* better error handling for monsters and spells loader (save errors to system/logs/error.log)
@@ -180,7 +241,7 @@
 	* (internal) moved forum actions (pages) to forum/ directory
 	* (internal) moved forum.edit_post to twig templates
 
-[0.6.0 - 16.10.2017]
+## [0.6.0 - 16.10.2017]
 	* added faq management - add/edit/move/hide/delete from website
 	* new account.login view for tibiacom template
 	* monsters and spells are now being loaded at the installation of the AAC
@@ -203,7 +264,7 @@
 	* ajax requests returns now json instead of xml
 	* added 404 response when file is not found
 
-[0.5.1 - 11.10.2017]
+## [0.5.1 - 11.10.2017]
 	* fixed forum add/edit board
 	* new configurable: highscores_length, how much highscores to display
 	* fixed highscores links (ALL, previous and next page)
@@ -213,7 +274,7 @@
 	* check if plugin exist before uninstalling
 	* fixed some warning in OTS_Base_DB
 
-[0.5.0 - 10.10.2017]
+## [0.5.0 - 10.10.2017]
 	* moved .htaccess rules to plain php (index.php)
 	* updated tinymce to the latest (4.7.0) version, you can now embed code, for example youtube videos
 	* added option to uninstall plugin
@@ -232,7 +293,7 @@
 	* added new twig function getLink that convert link taking into account config.friendly_urls
 	* internalLayoutLink -> getLink
 
-[0.4.3 - 05.10.2017]
+## [0.4.3 - 05.10.2017]
 	* better config loader taken from latest gesior, you can now include files in your config by doing dofile('config.local.lua')
 	* fixed country detection in create account
 	* fixed showing of character deaths and frags
@@ -246,14 +307,14 @@
 	* added bugtracker to kathrine template
 	* added CREDITS file
 
-[0.4.2 - 14.09.2017]
+## [0.4.2 - 14.09.2017]
 	* updated version number
 
-[0.4.1 - 13.09.2017]
+## [0.4.1 - 13.09.2017]
 	* fixed log in to admin panel
 	* fixed File is not .zip plugin upload error
 
-[0.4.0 - 13.09.2017
+## [0.4.0 - 13.09.2017
 	* added option to add/edit/delete/hide/move forum boards
 	* moved some of HTML-in-PHP code to Twig templates
 	* added bug_report configurable which can enable/disable bug tracker
@@ -270,7 +331,7 @@
 	* some small improvements
 	* fixed some separators in kathrine template
 
-[0.3.0 - 28.08.2017]
+## [0.3.0 - 28.08.2017]
 	* added administration panel for screenshots management with auto thumbnail generator and image auto-resizing
 	* added Twig template engine and moved some html-in-php code to it
 	* automatically detect player country based on user location (IP) on create account
@@ -288,7 +349,7 @@
 	* moved news adding at installation from schema.sql to finish.php
 	* some optimizations
 
-[0.2.4 - 09.06.2017]
+## [0.2.4 - 09.06.2017]
 	* fixed invite to guild
 	* added id field on monsters, so you can delete them in phpmyadmin
 	* fixed adding some creatures with ' and "
@@ -297,7 +358,7 @@
 	* fixed typo loss_items => loss_containers
 	* more elegant way of showing message on reload creatures and spells
 
-[0.2.3 - 31.05.2017]
+## [0.2.3 - 31.05.2017]
 	* fixed guild management on OTHire 0.0.3
 	* set default skills to 10 when creating new character
 	* fixed displaying of "Create forum thread" in newses
@@ -309,15 +370,15 @@
 	* fixed Undefined variable (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444034)
 	* fixed Undefined offset (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444035)
 
-[0.2.2 - 22.05.2017]
+## [0.2.2 - 22.05.2017]
 	* added missing cache/signature directory
 	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2443868
 
-[0.2.1 - 21.05.2017]
+## [0.2.1 - 21.05.2017]
 	* added Swedish translation by Sizaro
 	* fixed some bugs with installlation & characters & houses
 
-[0.2.0 - 21.05.2017]
+## [0.2.0 - 21.05.2017]
 	* added option to change character sex for premium points
 	* moved site_closed to database, now you can close your site through admin panel
 	* added option to admin panel: clear cache
@@ -337,10 +398,10 @@
 	* fixed movies unexpected comment
 	* added template_place_holder('center_top') to kathrine template
 
-[0.1.5 - 13.05.2017]
+## [0.1.5 - 13.05.2017]
 	* fixed bug with "Integrity constraint violation: 1048 Column 'ip' cannot be null"
 
-[0.1.4 - 13.05.2017]
+## [0.1.4 - 13.05.2017]
 	* added outfit shower, in characters, online, and highscores
 	* updated database to version 2
 	* fixed item images (now using item-images.ots.me host by default)
@@ -349,17 +410,17 @@
 	* removed some unused code from my old server
 	* added spells & monsters to kathrine template
 
-[0.1.3 - 11.05.2017]
+## [0.1.3 - 11.05.2017]
 	* this is just release to update version number
 
-[0.1.2 - 11.05.2017]
+## [0.1.2 - 11.05.2017]
 	* forgot to update CHANGELOG and MYAAC_VERSION
 
-[0.1.1 - 11.05.2017]
+## [0.1.1 - 11.05.2017]
 	* fixed updating myaac_config with database_version to 1
 	* fixed database updater
 
-[0.1.0 - 11.05.2017]
+## [0.1.0 - 11.05.2017]
 	* added new feature: change character name for premium points (disabled by default, you can enable it in config under account_change_character_name in config.php)
 	* added automatic database updater (data migrations)
 	* renamed events to hooks
@@ -383,13 +444,13 @@
 	* fixed signatures (many fixes)
 	* added missing gesior signature system
 
-[0.0.6 - 06.05.2017]
+## [0.0.6 - 06.05.2017]
 	* fixed bug while installing (https://otland.net/threads/myaac-v0-0-1.251454/page-3#post-2440543)
 	* fixed bug when creating character (not showing errors) (one more time)
 	* fixed support for TFS 0.2 series
 	* added FAQ link
-	
-[0.0.5 - 05.05.2017]
+
+## [0.0.5 - 05.05.2017]
 	* fixed bug when creating character (not showing errors)
 	* Fixed characters loading with names that has been created with other AAC
 	* fixed links to shop in default template
@@ -402,7 +463,7 @@
 	* fixes when $config['database_*'] is set
 	* added CHANGELOG
 
-[0.0.3 - 03.05.2017]
+## [0.0.3 - 03.05.2017]
 	* Full support for OTHire 0.0.3
 	* added support for otservers that doesn't use account.name field, instead just account number will be used
 	* fixed encryption detection on TFS 0.3
@@ -413,7 +474,7 @@
 	* fixed installation errors
 	* fixed config.lua loading with some weird comments
 
-[0.0.2 - 02.05.2017]
+## [0.0.2 - 02.05.2017]
 	* updated forum links to use friendly_urls
 	* some more info will be shown when cannot connect to database
 	* show more error infos when creating character
@@ -424,8 +485,8 @@
 	* fixed support for gesior pages and templates
 	* added function OTS_Acount:getGroupId()
 
-[0.0.1 - 01.05.2017]
+## [0.0.1 - 01.05.2017]
 	This is first official release of MyAAC.
 	Features are listed here
 
-	For more information, see the release announcement on OTLand: https://otland.net/threads/myaac-v0-0-1.251454/
+	For more information, see the release announcement on OTLand: https://otland.net/threads/myaac-v0-0-1.251454/

README.md

@@ -1,11 +1,17 @@
+# PLEASE DO NOT USE THIS BRANCH/VERSION
+## It is discontinued and won't receive any updates
+## Switch to master branch instead
+## It's keept only for archival purposes
+
 # myaac
+
 MyAAC is a free and open-source Automatic Account Creator (AAC) and Content Management System (CMS) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
 
 Official website: https://my-aac.org
 
 ### REQUIREMENTS
 
-	- PHP 5.3.0 or later
+	- PHP 5.3.3 or later
 	- MySQL database
 	- PDO PHP Extension
 	- XML PHP Extension
@@ -28,6 +34,7 @@ Official website: https://my-aac.org
 			chmod 660 images/guilds
 			chmod 660 images/houses
 			chmod 660 images/gallery
+			chmod -R 770 system/cache
 
 	Visit http://your_domain/install (http://localhost/install) and follow instructions in the browser.
 

TODO

@@ -1,37 +0,0 @@
-// MyAAC TODO
-
-0.*
-	* support duplicated vocation names with different ids
-	* plugins: option to define custom requirements check in json file, to check if system meets the requirement
-	* add support for defining max myaac version in plugin.json file
-	* cache Menus in templates
-	* don't show error indicators on first time load - createaccount page
-	* update Twig to the latest version from 1.x branch
-	* semantic versioning support for plugins (github.com/composer/semver)
-	* add some notice to the user that installing step "Import Schema" will take some time
-	* check user IP on installing to prevent install by random user
-
-1.0:
-	* i18n support (issue #1 on github)
-	* New Admin Panel layout and interface
-	* add changelog management interface
-	* remove tibiacom template, and include it as a plugin
-
-2.0
-	* remove compat functions
-	* folder restructure:
-		* var/ (for logs, cache and data), config/, bin, public/ (for index and images and other public content), system/ (for php files and classess)
-	* rename templates to layouts as templates is meant to be used for twig templates
-	* change gifts_system to shop_system configurable
-	* move most used options in system/templates dir to separate directories (more transparent)
-
-At any time between (version not specified):
-	* better news archive with search function (like on tibia.com)
-	* guild wars management (issue #13 on github)
-	* update account.management page to be more realistic (like on tibia.com)
-	* update guilds page to be more realistic (like on tibia.com)
-	* possibility to add extra cache engines with plugins
-	* preferably configurable (enable/disable) forum TinyMCE editor
-	* new cache engine - plain php, is good with pure php 7.0+ and opcache
-	* OTAdmin support in Admin Panel
-	* database towns table support for TFS 1.3

common.php

@@ -26,8 +26,8 @@
 session_start();
 
 define('MYAAC', true);
-define('MYAAC_VERSION', '0.7.9');
-define('DATABASE_VERSION', 21);
+define('MYAAC_VERSION', '0.7.13-dev');
+define('DATABASE_VERSION', 22);
 define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));
 define('MYAAC_OS', (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? 'WINDOWS' : (strtoupper(PHP_OS) == 'DARWIN' ? 'MAC' : 'LINUX'));
@@ -99,10 +99,10 @@ if(isset($_SERVER['HTTP_HOST'])) {
 		define('SERVER_URL', 'https://' . $_SERVER['HTTP_HOST']);
 	else
 		define('SERVER_URL', 'http://' . $_SERVER['HTTP_HOST']);
-	
+
 	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
 	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
-	
+
 	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
 }
 ?>

config.php

@@ -107,6 +107,7 @@ $config = array(
 	'smtp_auth' => true, // need authorization?
 	'smtp_user' => 'admin@example.org',
 	'smtp_pass' => '',
+	'smtp_secure' => '', // What kind of encryption to use on the SMTP connection. Options: '', 'ssl' or 'tls', use 'ssl' for gmail
 
 	// reCAPTCHA (prevent spam bots)
 	'recaptcha_enabled' => false, // enable recaptcha verification code

index.php

@@ -1,431 +1,436 @@
-<?php
-/**
- * Project: MyAAC
- *     Automatic Account Creator for Open Tibia Servers
- * File: index.php
- *
- * This is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2017 MyAAC
- * @link      http://my-aac.org
- */
-
-// uncomment if your php.ini have display_errors disabled and you want to see errors
-// ini_set('display_errors', 1);
-// ini_set('display_startup_errors', 1);
-// error_reporting(E_ALL);
-
-require_once('common.php');
-require_once(SYSTEM . 'functions.php');
-
-$uri = $_SERVER['REQUEST_URI'];
-
-$tmp = BASE_DIR;
-if(!empty($tmp))
-	$uri = str_replace(BASE_DIR . '/', '', $uri);
-else
-	$uri = str_replace_first('/', '', $uri);
-
-$uri = str_replace(array('index.php/', '?'), '', $uri);
-define('URI', $uri);
-
-if(preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
-	$tmp = explode('.', $uri);
-	$_REQUEST['name'] = urldecode($tmp[0]);
-	
-	chdir(TOOLS . 'signature');
-	include(TOOLS . 'signature/index.php');
-	exit();
-}
-else if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
-	header("HTTP/1.0 404 Not Found");
-	exit;
-}
-
-require_once(BASE . 'config.local.php');
-if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed']))
-{
-	header('Location: ' . BASE_URL . 'install/');
-	die('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
-}
-
-$found = false;
-if(empty($uri) || isset($_REQUEST['template'])) {
-	$_REQUEST['p'] = 'news';
-	$found = true;
-}
-else {
-	$tmp = strtolower($uri);
-	if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $tmp . '.php')) {
-		$_REQUEST['p'] = $uri;
-		$found = true;
-	}
-	else {
-		$rules = array(
-			'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
-			'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
-			'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
-			'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
-			'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
-			'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
-			'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
-			'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
-			'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
-			'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
-			'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
-			'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
-			'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
-			'/^account\/character\/comment\/[A-Za-z0-9-_%+\']+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
-			'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
-			'/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
-			'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
-			'/^changelog\/[0-9]+\/?$/' => array('subtopic' => 'changelog', 'page' => '$1'),
-			'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
-			'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
-			'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
-			'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
-			'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
-			'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
-			'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
-			'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
-			'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
-			'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
-			'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
-			'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
-			'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
-			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
-			'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
-			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
-			'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
-			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
-			'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
-			'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
-			'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
-			'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
-			'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
-			'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
-			'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
-			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
-		);
-		
-		foreach($rules as $rule => $redirect) {
-			if (preg_match($rule, $uri)) {
-				$tmp = explode('/', $uri);
-				foreach($redirect as $key => $value) {
-					
-					if(strpos($value, '$') !== false) {
-						$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
-					}
-					
-					$_REQUEST[$key] = $value;
-					$_GET[$key] = $value;
-				}
-				
-				$found = true;
-				break;
-			}
-		}
-	}
-}
-
-// define page visited, so it can be used within events system
-$page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_REQUEST['p']) ? $_REQUEST['p'] : '');
-if(empty($page) || !preg_match('/^[A-z0-9\_\-]+$/', $page)) {
-	$tmp = URI;
-	if(!empty($tmp)) {
-		$page = $tmp;
-	}
-	else {
-		if(!$found)
-			$page = '404';
-		else
-			$page = 'news';
-	}
-}
-
-$page = strtolower($page);
-define('PAGE', $page);
-
-$template_place_holders = array();
-
-require_once(SYSTEM . 'init.php');
-require_once(SYSTEM . 'template.php');
-require_once(SYSTEM . 'login.php');
-require_once(SYSTEM . 'status.php');
-
-$twig->addGlobal('config', $config);
-$twig->addGlobal('status', $status);
-
-// database migrations
-$tmp = '';
-if(fetchDatabaseConfig('database_version', $tmp)) { // we got version
-	$tmp = (int)$tmp;
-	if($tmp < DATABASE_VERSION) { // import if older
-		for($i = $tmp + 1; $i <= DATABASE_VERSION; $i++) {
-			require(SYSTEM . 'migrations/' . $i . '.php');
-			updateDatabaseConfig('database_version', $i);
-		}
-	}
-}
-else { // register first version
-	registerDatabaseConfig('database_version', 0);
-	for($i = 1; $i <= DATABASE_VERSION; $i++) {
-		require(SYSTEM . 'migrations/' . $i . '.php');
-		updateDatabaseConfig('database_version', $i);
-	}
-}
-
-// event system
-require_once(SYSTEM . 'hooks.php');
-$hooks = new Hooks();
-$hooks->load();
-$hooks->trigger(HOOK_STARTUP);
-
-// anonymous usage statistics
-// sent only when user agrees
-if(isset($config['anonymous_usage_statistics']) && $config['anonymous_usage_statistics']) {
-	$report_time = 30 * 24 * 60 * 60; // report one time per 30 days
-	$should_report = true;
-	
-	$value = '';
-	if($cache->enabled() && $cache->fetch('last_usage_report', $value)) {
-		$should_report = time() > (int)$value + $report_time;
-	}
-	else {
-		$value = '';
-		if(fetchDatabaseConfig('last_usage_report', $value)) {
-			$should_report = time() > (int)$value + $report_time;
-			if($cache->enabled()) {
-				$cache->set('last_usage_report', $value);
-			}
-		}
-		else {
-			registerDatabaseConfig('last_usage_report', time() - ($report_time - (7 * 24 * 60 * 60))); // first report after a week
-			$should_report = false;
-		}
-	}
-	
-	if($should_report) {
-		require_once(LIBS . 'usage_statistics.php');
-		Usage_Statistics::report();
-		
-		updateDatabaseConfig('last_usage_report', time());
-		if($cache->enabled()) {
-			$cache->set('last_usage_report', time());
-		}
-	}
-}
-
-if($config['views_counter'])
-	require_once(SYSTEM . 'counter.php');
-
-if($config['visitors_counter'])
-{
-	require_once(SYSTEM . 'libs/visitors.php');
-	$visitors = new Visitors($config['visitors_counter_ttl']);
-}
-
-// page content loading
-if(!isset($content[0]))
-	$content = '';
-$load_it = true;
-
-// check if site has been closed
-$site_closed = false;
-if(fetchDatabaseConfig('site_closed', $site_closed)) {
-	$site_closed = ($site_closed == 1);
-	if($site_closed) {
-		if(!admin())
-		{
-			$title = getDatabaseConfig('site_closed_title');
-			$content .= '<p class="note">' . getDatabaseConfig('site_closed_message') . '</p><br/>';
-			$load_it = false;
-		}
-
-		if(!$logged)
-		{
-			ob_start();
-			require(SYSTEM . 'pages/accountmanagement.php');
-			$content .= ob_get_contents();
-			ob_end_clean();
-			$load_it = false;
-		}
-	}
-}
-define('SITE_CLOSED', $site_closed);
-
-// backward support for gesior
-if($config['backward_support']) {
-	define('INITIALIZED', true);
-	$SQL = $db;
-	$layout_header = template_header();
-	$layout_name = $template_path;
-	$news_content = '';
-	$tickers_content = '';
-	$subtopic = PAGE;
-	$main_content = '';
-	
-	$config['access_admin_panel'] = 2;
-	$group_id_of_acc_logged = 0;
-	if($logged && $account_logged)
-		$group_id_of_acc_logged = $account_logged->getGroupId();
-
-	$config['site'] = &$config;
-	$config['server'] = &$config['lua'];
-	$config['site']['shop_system'] = $config['gifts_system'];
-
-	if(!isset($config['vdarkborder']))
-		$config['vdarkborder'] = '#505050';
-	if(!isset($config['darkborder']))
-		$config['darkborder'] = '#D4C0A1';
-	if(!isset($config['lightborder']))
-		$config['lightborder'] = '#F1E0C6';
-
-	$config['site']['download_page'] = true;
-	$config['site']['serverinfo_page'] = true;
-	$config['site']['screenshot_page'] = true;
-	
-	if($config['forum'] != '')
-		$config['forum_link'] = (strtolower($config['forum']) == 'site' ? getLink('forum') : $config['forum']);
-
-	foreach($status as $key => $value)
-		$config['status']['serverStatus_' . $key] = $value;
-}
-
-if($load_it)
-{
-	if(SITE_CLOSED && admin())
-		$content .= '<p class="note">Site is under maintenance (closed mode). Only privileged users can see it.</p>';
-
-	if($config['backward_support'])
-		require(SYSTEM . 'compat_pages.php');
-
-	$ignore = false;
-
-	$logged_access = 1;
-	if($logged && $account_logged && $account_logged->isLoaded()) {
-		$logged_access = $account_logged->getAccess();
-	}
-
-	$query =
-		$db->query(
-			'SELECT `id`, `title`, `body`, `php`, `hidden`' .
-			' FROM `' . TABLE_PREFIX . 'pages`' .
-			' WHERE `name` LIKE ' . $db->quote($page) . ' AND `hidden` != 1 AND `access` <= ' . $db->quote($logged_access));
-	if($query->rowCount() > 0) // found page
-	{
-		$ignore = true;
-		$query = $query->fetch();
-		$title = $query['title'];
-
-		if($query['php'] == '1') // execute it as php code
-		{
-			$tmp = substr($query['body'], 0, 10);
-			if(($pos = strpos($tmp, '<?php')) !== false) {
-				$tmp = preg_replace('/<\?php/', '', $query['body'], 1);
-			}
-			else if(($pos = strpos($tmp, '<?')) !== false) {
-				$tmp = preg_replace('/<\?/', '', $query['body'], 1);
-			}
-			else
-				$tmp = $query['body'];
-
-			$php_errors = array();
-			function error_handler($errno, $errstr) {
-				global $php_errors;
-				$php_errors[] = array('errno' => $errno, 'errstr' => $errstr);
-			}
-			set_error_handler('error_handler');
-
-			ob_start();
-			eval($tmp);
-			$content .= ob_get_contents();
-			ob_end_clean();
-
-			restore_error_handler();
-			if(isset($php_errors[0]) && superAdmin()) {
-				var_dump($php_errors);
-			}
-		}
-		else
-			$content .= $query['body']; // plain html
-		
-		if(hasFlag(FLAG_CONTENT_PAGES) || superAdmin()) {
-			$content = $twig->render('admin.pages.links.html.twig', array(
-				'page' => array('id' => $query['id'], 'hidden' => $query['hidden'])
-			)) . $content;
-		}
-	}
-	else
-	{
-		$file = SYSTEM . 'pages/' . $page . '.php';
-		if(!@file_exists($file))
-		{
-			$page = '404';
-			$file = SYSTEM . 'pages/404.php';
-		}
-	}
-
-	ob_start();
-	if($hooks->trigger(HOOK_BEFORE_PAGE)) {
-		if(!$ignore)
-			require($file);
-	}
-
-	if($config['backward_support'] && isset($main_content[0]))
-		$content .= $main_content;
-
-	$content .= ob_get_contents();
-	ob_end_clean();
-	$hooks->trigger(HOOK_AFTER_PAGE);
-}
-
-if($config['backward_support']) {
-	$main_content = $content;
-	if(!isset($title))
-		$title = ucfirst($page);
-
-	$topic = $title;
-}
-
-$title_full =  (isset($title) ? $title . $config['title_separator'] : '') . $config['lua']['serverName'];
-if(file_exists($template_path . '/index.php'))
-	require($template_path . '/index.php');
-else if(file_exists($template_path . '/template.php')) // deprecated
-	require($template_path . '/template.php');
-else if($config['backward_support'] && file_exists($template_path . '/layout.php'))
-{
-	require($template_path . '/layout.php');
-}
-else
-{
-	// TODO: save more info to log file
-	die('ERROR: Cannot load template.');
-}
-
-echo '<!-- MyAAC ' . MYAAC_VERSION . ' :: http://www.my-aac.org/ -->' . "\n";
-if(($config['debug_level'] & 1) == 1)
-	echo '<!-- Generated in :: ' . round(microtime(true) - START_TIME, 4) . ' -->';
-
-if(($config['debug_level'] & 2) == 2)
-	echo "\n" . '<!-- Queries done :: ' . $db->queries() . ' -->';
-
-if(($config['debug_level'] & 4) == 4 && function_exists('memory_get_peak_usage'))
-	echo "\n" . '<!-- Peak memory usage: ' . convert_bytes(memory_get_peak_usage(true)) . ' -->';
-
-$hooks->trigger(HOOK_FINISH);
-?>
+<?php
+/**
+ * Project: MyAAC
+ *     Automatic Account Creator for Open Tibia Servers
+ * File: index.php
+ *
+ * This is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2017 MyAAC
+ * @link      http://my-aac.org
+ */
+
+// uncomment if your php.ini have display_errors disabled and you want to see errors
+// ini_set('display_errors', 1);
+// ini_set('display_startup_errors', 1);
+// error_reporting(E_ALL);
+
+require_once('common.php');
+require_once(SYSTEM . 'functions.php');
+
+$uri = $_SERVER['REQUEST_URI'];
+
+$tmp = BASE_DIR;
+if(!empty($tmp))
+	$uri = str_replace(BASE_DIR . '/', '', $uri);
+else
+	$uri = str_replace_first('/', '', $uri);
+
+$uri = str_replace(array('index.php/', '?'), '', $uri);
+define('URI', $uri);
+
+if(preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
+	$tmp = explode('.', $uri);
+	$_REQUEST['name'] = urldecode($tmp[0]);
+
+	chdir(TOOLS . 'signature');
+	include(TOOLS . 'signature/index.php');
+	exit();
+}
+else if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
+	header("HTTP/1.0 404 Not Found");
+	exit;
+}
+
+require_once(BASE . 'config.local.php');
+if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed']))
+{
+	header('Location: ' . BASE_URL . 'install/');
+	die('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
+}
+
+$found = false;
+if(empty($uri) || isset($_REQUEST['template'])) {
+	$_REQUEST['p'] = 'news';
+	$found = true;
+}
+else {
+	$tmp = strtolower($uri);
+	if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $tmp . '.php')) {
+		$_REQUEST['p'] = $uri;
+		$found = true;
+	}
+	else {
+		$rules = array(
+			'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
+			'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
+			'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
+			'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
+			'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
+			'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
+			'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
+			'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
+			'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
+			'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
+			'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
+			'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
+			'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
+			'/^account\/character\/comment\/[A-Za-z0-9-_%+\']+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
+			'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
+			'/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
+			'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
+			'/^changelog\/[0-9]+\/?$/' => array('subtopic' => 'changelog', 'page' => '$1'),
+			'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
+			'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
+			'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
+			'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
+			'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
+			'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
+			'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
+			'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
+			'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
+			'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
+			'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
+			'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
+			'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
+			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
+			'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
+			'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
+			'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
+			'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
+			'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
+			'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
+			'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
+			'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
+			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
+		);
+
+		foreach($rules as $rule => $redirect) {
+			if (preg_match($rule, $uri)) {
+				$tmp = explode('/', $uri);
+				foreach($redirect as $key => $value) {
+
+					if(strpos($value, '$') !== false) {
+						$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
+					}
+
+					$_REQUEST[$key] = $value;
+					$_GET[$key] = $value;
+				}
+
+				$found = true;
+				break;
+			}
+		}
+	}
+}
+
+// define page visited, so it can be used within events system
+$page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_REQUEST['p']) ? $_REQUEST['p'] : '');
+if(empty($page) || !preg_match('/^[A-z0-9\_\-]+$/', $page)) {
+	$tmp = URI;
+	if(!empty($tmp)) {
+		$page = $tmp;
+	}
+	else {
+		if(!$found)
+			$page = '404';
+		else
+			$page = 'news';
+	}
+}
+
+$page = strtolower($page);
+define('PAGE', $page);
+
+$template_place_holders = array();
+
+require_once(SYSTEM . 'init.php');
+require_once(SYSTEM . 'template.php');
+require_once(SYSTEM . 'login.php');
+require_once(SYSTEM . 'status.php');
+
+$twig->addGlobal('config', $config);
+$twig->addGlobal('status', $status);
+
+// verify myaac tables exists in database
+if(!tableExist('myaac_account_actions')) {
+	die('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
+}
+
+// database migrations
+$tmp = '';
+if(fetchDatabaseConfig('database_version', $tmp)) { // we got version
+	$tmp = (int)$tmp;
+	if($tmp < DATABASE_VERSION) { // import if older
+		for($i = $tmp + 1; $i <= DATABASE_VERSION; $i++) {
+			require(SYSTEM . 'migrations/' . $i . '.php');
+			updateDatabaseConfig('database_version', $i);
+		}
+	}
+}
+else { // register first version
+	registerDatabaseConfig('database_version', 0);
+	for($i = 1; $i <= DATABASE_VERSION; $i++) {
+		require(SYSTEM . 'migrations/' . $i . '.php');
+		updateDatabaseConfig('database_version', $i);
+	}
+}
+
+// event system
+require_once(SYSTEM . 'hooks.php');
+$hooks = new Hooks();
+$hooks->load();
+$hooks->trigger(HOOK_STARTUP);
+
+// anonymous usage statistics
+// sent only when user agrees
+if(isset($config['anonymous_usage_statistics']) && $config['anonymous_usage_statistics']) {
+	$report_time = 30 * 24 * 60 * 60; // report one time per 30 days
+	$should_report = true;
+
+	$value = '';
+	if($cache->enabled() && $cache->fetch('last_usage_report', $value)) {
+		$should_report = time() > (int)$value + $report_time;
+	}
+	else {
+		$value = '';
+		if(fetchDatabaseConfig('last_usage_report', $value)) {
+			$should_report = time() > (int)$value + $report_time;
+			if($cache->enabled()) {
+				$cache->set('last_usage_report', $value);
+			}
+		}
+		else {
+			registerDatabaseConfig('last_usage_report', time() - ($report_time - (7 * 24 * 60 * 60))); // first report after a week
+			$should_report = false;
+		}
+	}
+
+	if($should_report) {
+		require_once(LIBS . 'usage_statistics.php');
+		Usage_Statistics::report();
+
+		updateDatabaseConfig('last_usage_report', time());
+		if($cache->enabled()) {
+			$cache->set('last_usage_report', time());
+		}
+	}
+}
+
+if($config['views_counter'])
+	require_once(SYSTEM . 'counter.php');
+
+if($config['visitors_counter'])
+{
+	require_once(SYSTEM . 'libs/visitors.php');
+	$visitors = new Visitors($config['visitors_counter_ttl']);
+}
+
+// page content loading
+if(!isset($content[0]))
+	$content = '';
+$load_it = true;
+
+// check if site has been closed
+$site_closed = false;
+if(fetchDatabaseConfig('site_closed', $site_closed)) {
+	$site_closed = ($site_closed == 1);
+	if($site_closed) {
+		if(!admin())
+		{
+			$title = getDatabaseConfig('site_closed_title');
+			$content .= '<p class="note">' . getDatabaseConfig('site_closed_message') . '</p><br/>';
+			$load_it = false;
+		}
+
+		if(!$logged)
+		{
+			ob_start();
+			require(SYSTEM . 'pages/accountmanagement.php');
+			$content .= ob_get_contents();
+			ob_end_clean();
+			$load_it = false;
+		}
+	}
+}
+define('SITE_CLOSED', $site_closed);
+
+// backward support for gesior
+if($config['backward_support']) {
+	define('INITIALIZED', true);
+	$SQL = $db;
+	$layout_header = template_header();
+	$layout_name = $template_path;
+	$news_content = '';
+	$tickers_content = '';
+	$subtopic = PAGE;
+	$main_content = '';
+
+	$config['access_admin_panel'] = 2;
+	$group_id_of_acc_logged = 0;
+	if($logged && $account_logged)
+		$group_id_of_acc_logged = $account_logged->getGroupId();
+
+	$config['site'] = &$config;
+	$config['server'] = &$config['lua'];
+	$config['site']['shop_system'] = $config['gifts_system'];
+
+	if(!isset($config['vdarkborder']))
+		$config['vdarkborder'] = '#505050';
+	if(!isset($config['darkborder']))
+		$config['darkborder'] = '#D4C0A1';
+	if(!isset($config['lightborder']))
+		$config['lightborder'] = '#F1E0C6';
+
+	$config['site']['download_page'] = true;
+	$config['site']['serverinfo_page'] = true;
+	$config['site']['screenshot_page'] = true;
+
+	if($config['forum'] != '')
+		$config['forum_link'] = (strtolower($config['forum']) == 'site' ? getLink('forum') : $config['forum']);
+
+	foreach($status as $key => $value)
+		$config['status']['serverStatus_' . $key] = $value;
+}
+
+if($load_it)
+{
+	if(SITE_CLOSED && admin())
+		$content .= '<p class="note">Site is under maintenance (closed mode). Only privileged users can see it.</p>';
+
+	if($config['backward_support'])
+		require(SYSTEM . 'compat_pages.php');
+
+	$ignore = false;
+
+	$logged_access = 1;
+	if($logged && $account_logged && $account_logged->isLoaded()) {
+		$logged_access = $account_logged->getAccess();
+	}
+
+	$query =
+		$db->query(
+			'SELECT `id`, `title`, `body`, `php`, `hidden`' .
+			' FROM `' . TABLE_PREFIX . 'pages`' .
+			' WHERE `name` LIKE ' . $db->quote($page) . ' AND `hidden` != 1 AND `access` <= ' . $db->quote($logged_access));
+	if($query->rowCount() > 0) // found page
+	{
+		$ignore = true;
+		$query = $query->fetch();
+		$title = $query['title'];
+
+		if($query['php'] == '1') // execute it as php code
+		{
+			$tmp = substr($query['body'], 0, 10);
+			if(($pos = strpos($tmp, '<?php')) !== false) {
+				$tmp = preg_replace('/<\?php/', '', $query['body'], 1);
+			}
+			else if(($pos = strpos($tmp, '<?')) !== false) {
+				$tmp = preg_replace('/<\?/', '', $query['body'], 1);
+			}
+			else
+				$tmp = $query['body'];
+
+			$php_errors = array();
+			function error_handler($errno, $errstr) {
+				global $php_errors;
+				$php_errors[] = array('errno' => $errno, 'errstr' => $errstr);
+			}
+			set_error_handler('error_handler');
+
+			ob_start();
+			eval($tmp);
+			$content .= ob_get_contents();
+			ob_end_clean();
+
+			restore_error_handler();
+			if(isset($php_errors[0]) && superAdmin()) {
+				var_dump($php_errors);
+			}
+		}
+		else
+			$content .= $query['body']; // plain html
+
+		if(hasFlag(FLAG_CONTENT_PAGES) || superAdmin()) {
+			$content = $twig->render('admin.pages.links.html.twig', array(
+				'page' => array('id' => $query['id'], 'hidden' => $query['hidden'])
+			)) . $content;
+		}
+	}
+	else
+	{
+		$file = SYSTEM . 'pages/' . $page . '.php';
+		if(!@file_exists($file))
+		{
+			$page = '404';
+			$file = SYSTEM . 'pages/404.php';
+		}
+	}
+
+	ob_start();
+	if($hooks->trigger(HOOK_BEFORE_PAGE)) {
+		if(!$ignore)
+			require($file);
+	}
+
+	if($config['backward_support'] && isset($main_content[0]))
+		$content .= $main_content;
+
+	$content .= ob_get_contents();
+	ob_end_clean();
+	$hooks->trigger(HOOK_AFTER_PAGE);
+}
+
+if($config['backward_support']) {
+	$main_content = $content;
+	if(!isset($title))
+		$title = ucfirst($page);
+
+	$topic = $title;
+}
+
+$title_full =  (isset($title) ? $title . $config['title_separator'] : '') . $config['lua']['serverName'];
+if(file_exists($template_path . '/index.php'))
+	require($template_path . '/index.php');
+else if(file_exists($template_path . '/template.php')) // deprecated
+	require($template_path . '/template.php');
+else if($config['backward_support'] && file_exists($template_path . '/layout.php'))
+{
+	require($template_path . '/layout.php');
+}
+else
+{
+	// TODO: save more info to log file
+	die('ERROR: Cannot load template.');
+}
+
+echo base64_decode('PCEtLSBQb3dlcmVkIGJ5IE15QUFDIDo6IGh0dHBzOi8vd3d3Lm15LWFhYy5vcmcvIC0tPg==') . PHP_EOL;
+if(($config['debug_level'] & 1) == 1)
+	echo '<!-- Generated in :: ' . round(microtime(true) - START_TIME, 4) . ' -->';
+
+if(($config['debug_level'] & 2) == 2)
+	echo "\n" . '<!-- Queries done :: ' . $db->queries() . ' -->';
+
+if(($config['debug_level'] & 4) == 4 && function_exists('memory_get_peak_usage'))
+	echo "\n" . '<!-- Peak memory usage: ' . convert_bytes(memory_get_peak_usage(true)) . ' -->';
+
+$hooks->trigger(HOOK_FINISH);
+?>

install/includes/schema.sql

@@ -1,7 +1,7 @@
 CREATE TABLE `myaac_account_actions`
 (
 	`account_id` INT(11) NOT NULL,
-	`ip` INT(11) NOT NULL DEFAULT 0,
+	`ip` INT(10) UNSIGNED NOT NULL DEFAULT 0,
 	`ipv6` BINARY(16) NOT NULL DEFAULT 0,
 	`date` INT(11) NOT NULL DEFAULT 0,
 	`action` VARCHAR(255) NOT NULL DEFAULT '',
@@ -236,7 +236,7 @@ CREATE TABLE `myaac_monsters` (
 	`summonable` tinyint(1) NOT NULL,
 	`convinceable` tinyint(1) NOT NULL,
 	`race` varchar(255) NOT NULL,
-	`loot` varchar(500) NOT NULL,
+	`loot` text NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE = MyISAM;
 

install/steps/3-requirements.php

@@ -22,7 +22,7 @@ function version_check($name, $ok, $info = '', $warning = false)
 $failed = false;
 
 // start validating
-version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50300), PHP_VERSION);
+version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50303), PHP_VERSION);
 foreach(array('config.local.php', 'images/guilds', 'images/houses', 'images/gallery') as $value)
 {
 	$is_writable = is_writable(BASE . $value);

install/steps/5-database.php

@@ -34,13 +34,13 @@ if(!$error) {
 			}
 		}
 	}
-				
+
 	require(BASE . 'install/includes/config.php');
-		
+
 	if(!$error) {
 		success($locale['step_database_importing']);
 		require(BASE . 'install/includes/database.php');
-		
+
 		if(!tableExist('accounts')) {
 			$locale['step_database_error_table'] = str_replace('$TABLE$', 'accounts', $locale['step_database_error_table']);
 			error($locale['step_database_error_table']);
@@ -70,14 +70,14 @@ if(!$error) {
 				error($locale['step_database_error_schema'] . ' ' . $error_);
 				$error = true;
 			}
-			
+
 			if(!$error) {
 				registerDatabaseConfig('database_version', DATABASE_VERSION);
 				$locale['step_database_success_schema'] = str_replace('$PREFIX$', TABLE_PREFIX, $locale['step_database_success_schema']);
 				success($locale['step_database_success_schema']);
 			}
 		}
-		
+
 		if(!$error) {
 			if(fieldExist('key', 'accounts')) {
 				if(query("ALTER TABLE `accounts` MODIFY `key` VARCHAR(64) NOT NULL DEFAULT '';"))
@@ -87,32 +87,32 @@ if(!$error) {
 				if(query("ALTER TABLE `accounts` ADD `key` VARCHAR(64) NOT NULL DEFAULT '' AFTER `email`;"))
 					success($locale['step_database_adding_field'] . ' accounts.key...');
 			}
-		
+
 			if(!fieldExist('blocked', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `blocked` TINYINT(1) NOT NULL DEFAULT FALSE COMMENT 'internal usage' AFTER `key`;"))
 					success($locale['step_database_adding_field'] . ' accounts.blocked...');
 			}
-	
+
 			if(!fieldExist('created', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `created` INT(11) NOT NULL DEFAULT 0 AFTER `" . (fieldExist('group_id', 'accounts') ? 'group_id' : 'blocked') . "`;"))
 					success($locale['step_database_adding_field'] . ' accounts.created...');
 			}
-			
+
 			if(!fieldExist('rlname', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `rlname` VARCHAR(255) NOT NULL DEFAULT '' AFTER `created`;"))
 					success($locale['step_database_adding_field'] . ' accounts.rlname...');
 			}
-			
+
 			if(!fieldExist('location', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `location` VARCHAR(255) NOT NULL DEFAULT '' AFTER `rlname`;"))
 					success($locale['step_database_adding_field'] . ' accounts.location...');
 			}
-			
+
 			if(!fieldExist('country', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `country` VARCHAR(3) NOT NULL DEFAULT '' AFTER `location`;"))
 					success($locale['step_database_adding_field'] . ' accounts.country...');
 			}
-			
+
 			if(fieldExist('page_lastday', 'accounts')) {
 				if(query("ALTER TABLE `accounts` CHANGE `page_lastday` `web_lastlogin` INT(11) NOT NULL DEFAULT 0;")) {
 					$tmp = str_replace('$FIELD$', 'accounts.page_lastday', $locale['step_database_changing_field']);
@@ -124,32 +124,32 @@ if(!$error) {
 				if(query("ALTER TABLE `accounts` ADD `web_lastlogin` INT(11) NOT NULL DEFAULT 0 AFTER `country`;"))
 					success($locale['step_database_adding_field'] . ' accounts.web_lastlogin...');
 			}
-			
+
 			if(!fieldExist('web_flags', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `web_flags` INT(11) NOT NULL DEFAULT 0 AFTER `web_lastlogin`;"))
 					success($locale['step_database_adding_field'] . ' accounts.web_flags...');
 			}
-			
+
 			if(!fieldExist('email_hash', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `email_hash` VARCHAR(32) NOT NULL DEFAULT '' AFTER `web_flags`;"))
 					success($locale['step_database_adding_field'] . ' accounts.email_hash...');
 			}
-			
+
 			if(!fieldExist('email_verified', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `email_verified` TINYINT(1) NOT NULL DEFAULT 0 AFTER `email_hash`;"))
 					success($locale['step_database_adding_field'] . ' accounts.email_verified...');
 			}
-		
+
 			if(!fieldExist('email_new', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `email_new` VARCHAR(255) NOT NULL DEFAULT '' AFTER `email_hash`;"))
 					success($locale['step_database_adding_field'] . ' accounts.email_new...');
 			}
-			
+
 			if(!fieldExist('email_new_time', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `email_new_time` INT(11) NOT NULL DEFAULT 0 AFTER `email_new`;"))
 					success($locale['step_database_adding_field'] . ' accounts.email_new_time...');
 			}
-			
+
 			if(!fieldExist('email_code', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `email_code` VARCHAR(255) NOT NULL DEFAULT '' AFTER `email_new_time`;"))
 					success($locale['step_database_adding_field'] . ' accounts.email_code...');
@@ -168,17 +168,22 @@ if(!$error) {
 				if(query("ALTER TABLE `accounts` ADD `email_next` INT(11) NOT NULL DEFAULT 0 AFTER `email_code`;"))
 					success($locale['step_database_adding_field'] . ' accounts.email_next...');
 			}
-			
+
 			if(!fieldExist('premium_points', 'accounts')) {
 				if(query("ALTER TABLE `accounts` ADD `premium_points` INT(11) NOT NULL DEFAULT 0 AFTER `email_next`;"))
 					success($locale['step_database_adding_field'] . ' accounts.premium_points...');
 			}
 
+			if(fieldExist('motd', 'guilds')) {
+				if(query("ALTER TABLE `guilds` MODIFY `motd` VARCHAR(255) NOT NULL DEFAULT '';"))
+					success($locale['step_database_modifying_field'] . ' guilds.motd...');
+			}
+
 			if(!fieldExist('description', 'guilds')) {
 				if(query("ALTER TABLE `guilds` ADD `description` TEXT NOT NULL;"))
 					success($locale['step_database_adding_field'] . ' guilds.description...');
 			}
-			
+
 			if(fieldExist('logo_gfx_name', 'guilds')) {
 				if(query("ALTER TABLE `guilds` CHANGE `logo_gfx_name` `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';")) {
 					$tmp = str_replace('$FIELD$', 'guilds.logo_gfx_name', $locale['step_database_changing_field']);
@@ -190,15 +195,15 @@ if(!$error) {
 				if(query("ALTER TABLE `guilds` ADD `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';"))
 					success($locale['step_database_adding_field'] . ' guilds.logo_name...');
 			}
-		
+
 			if(!fieldExist('created', 'players')) {
 				if(query("ALTER TABLE `players` ADD `created` INT(11) NOT NULL DEFAULT 0;"))
 					success($locale['step_database_adding_field'] . ' players.created...');
 			}
-		
+
 			if(!fieldExist('deleted', 'players') && !fieldExist('deletion', 'players')) {
 				if(query("ALTER TABLE `players` ADD `deleted` TINYINT(1) NOT NULL DEFAULT 0;"))
-					success($locale['step_database_adding_field'] . ' players.comment...');
+					success($locale['step_database_adding_field'] . ' players.deleted...');
 			}
 
 			if(fieldExist('hide_char', 'players')) {
@@ -214,16 +219,16 @@ if(!$error) {
 				if(query("ALTER TABLE `players` ADD `hidden` TINYINT(1) NOT NULL DEFAULT 0;"))
 					success($locale['step_database_adding_field'] . ' players.hidden...');
 			}
-			
+
 			if(!fieldExist('comment', 'players')) {
 				if(query("ALTER TABLE `players` ADD `comment` TEXT NOT NULL;"))
 					success($locale['step_database_adding_field'] . ' players.comment...');
 			}
-			
+
 			if(fieldExist('rank_id', 'players')) {
 				if(query("ALTER TABLE players MODIFY `rank_id` INT(11) NOT NULL DEFAULT 0;"))
 					success($locale['step_database_modifying_field'] . ' players.rank_id...');
-			
+
 				if(fieldExist('guildnick', 'players')) {
 					if(query("ALTER TABLE players MODIFY `guildnick` VARCHAR(255) NOT NULL DEFAULT '';")) {
 						success($locale['step_database_modifying_field'] . ' players.guildnick...');
@@ -231,7 +236,7 @@ if(!$error) {
 				}
 			}
 		}
-		
+
 		if(!$error && (!isset($_SESSION['saved']))) {
 			$content .= '$config[\'installed\'] = true;';
 			$content .= PHP_EOL;
@@ -246,7 +251,7 @@ if(!$error) {
 				error($locale['step_config_mail_address_error']);
 				$error = true;
 			}
-			
+
 			$content .= '$config[\'client_download\'] = \'http://tibia-clients.com/clients/download/\'. $config[\'client\'] . \'/exe/windows\';';
 			$content .= PHP_EOL;
 			$content .= '$config[\'client_download_linux\'] = \'http://tibia-clients.com/clients/download/\'. $config[\'client\'] . \'/tar/linux\';';
@@ -255,7 +260,7 @@ if(!$error) {
 			$content .= PHP_EOL;
 			$content .= '$config[\'cache_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
 			$content .= PHP_EOL;
-			
+
 			$file = fopen(BASE . 'config.local.php', 'a+');
 			if($file) {
 				if(!$error) {

install/steps/7-finish.php

@@ -122,50 +122,34 @@ else {
 		$insert_into_players = "INSERT INTO `players` (`id`, `name`, `group_id`, `account_id`, `level`, `vocation`, `health`, `healthmax`, `experience`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`, `maglevel`, `mana`, `manamax`, `manaspent`, `soul`, `town_id`, `posx`, `posy`, `posz`, `conditions`, `cap`, `sex`, `lastlogin`, `lastip`, `save`, `lastlogout`, `balance`, `$deleted`, `created`, `hidden`, `comment`) VALUES ";
 		$success = true;
 
-		$highscores_ignored_ids = array();
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Rook Sample'));
 		if($query->rowCount() == 0) {
 			if(!query($insert_into_players . "(null, 'Rook Sample', 1, " . getSession('account') . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 1, 1000, 1000, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
-			else {
-				$highscores_ignored_ids[] = $db->lastInsertId();
-			}
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Sorcerer Sample'));
 		if($query->rowCount() == 0) {
 			if(!query($insert_into_players . "(null, 'Sorcerer Sample', 1, " . getSession('account') . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
-			else {
-				$highscores_ignored_ids[] = $db->lastInsertId();
-			}
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Druid Sample'));
 		if($query->rowCount() == 0) {
 			if(!query($insert_into_players . "(null, 'Druid Sample', 1, " . getSession('account') . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
-			else {
-				$highscores_ignored_ids[] = $db->lastInsertId();
-			}
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Paladin Sample'));
 		if($query->rowCount() == 0) {
 			if(!query($insert_into_players . "(null, 'Paladin Sample', 1, " . getSession('account') . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
-			else {
-				$highscores_ignored_ids[] = $db->lastInsertId();
-			}
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Knight Sample'));
 		if($query->rowCount() == 0) {
 			if(!query($insert_into_players . "(null, 'Knight Sample', 1, " . getSession('account') . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 1, 1000, 1000, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
-			else {
-				$highscores_ignored_ids[] = $db->lastInsertId();
-			}
 		}
 
 		if($success) {
@@ -193,19 +177,18 @@ else {
 			error(Spells::getLastError());
 		}
 
-		$content = PHP_EOL;
-		$content .= '$config[\'highscores_ids_hidden\'] = array(' . implode(', ', $highscores_ignored_ids) . ');';
-		$content .= PHP_EOL;
-
-		$file = fopen(BASE . 'config.local.php', 'a+');
-		if($file) {
-			fwrite($file, $content);
-		}
-		else {
+		// update config.highscores_ids_hidden
+		$database_migration_20 = true;
+		require_once(SYSTEM . 'migrations/20.php');
+		$content = '';
+		if(!databaseMigration20($content)) {
 			$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.local.php</b>', $locale['step_database_error_file']);
 			warning($locale['step_database_error_file'] . '<br/>
-				<textarea cols="70" rows="10">' . $content . '</textarea>');
+						<textarea cols="70" rows="10">' . $content . '</textarea>');
 		}
+		
+		// add z_polls tables
+		require_once(SYSTEM . 'migrations/22.php');
 
 		$locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(ADMIN_URL, $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 		$locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(BASE_URL, $locale['step_finish_homepage'], true), $locale['step_finish_desc']);

install/template/template.php

@@ -1,5 +1,6 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" dir="<?php echo $locale['direction']; ?>" lang="<?php echo $locale['lang']; ?>" xml:lang="<?php echo $locale['lang']; ?>">
+<head>
 	<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $locale['encoding']; ?>" />
 	<title>MyAAC - <?php echo $locale['installation']; ?></title>
 	<link rel="stylesheet" type="text/css" href="template/style.css" />
@@ -8,7 +9,7 @@
 	<div id="wrapper">
 		<!--div class="buffer"-->
 			<div id="header">
-				<h1>MyAAC v<?php echo MYAAC_VERSION . ' ' . $locale['installation']; ?></h1>
+				<h1>MyAAC <?php echo $locale['installation']; ?></h1>
 			</div>
 
 			<div id="body">

nginx-sample.conf

@@ -0,0 +1,25 @@
+server {
+        listen 80;
+        root /home/otserv/www/public;
+        index index.php;
+        server_name your-domain.com;
+
+        location / {
+                try_files $uri $uri/ /index.php;
+        }
+
+        location ~ \.php$ {
+                include snippets/fastcgi-php.conf;
+                fastcgi_read_timeout 240;
+                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
+        }
+
+        location ~ /\.ht {
+                deny all;
+        }
+
+        location /system {
+           deny all;
+           return 404;
+        }
+}

robots.txt

@@ -0,0 +1,2 @@
+User-agent: *
+Disallow:

system/database.php

@@ -95,7 +95,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 			'<ul>' .
 				'<li>MySQL is not configured propertly in <i>config.lua</i>.</li>' .
 				'<li>MySQL server is not running.</li>' .
-			'</ul>' . $error);
+			'</ul>' . $error->getMessage());
 
 	}
 	$db = POT::getInstance()->getDBHandle();

system/functions.php

@@ -473,7 +473,7 @@ function template_header($is_admin = false)
 	$ret .= '
 	<meta name="description" content="' . $config['meta_description'] . '" />
 	<meta name="keywords" content="' . $config['meta_keywords'] . ', myaac, wodzaac" />
-	<meta name="generator" content="MyAAC ' . MYAAC_VERSION . '" />
+	<meta name="generator" content="MyAAC" />
 	<link rel="stylesheet" type="text/css" href="' . BASE_URL . 'tools/messages.css" />
 	<script type="text/javascript" src="' . BASE_URL . 'tools/jquery.js"></script>
 	<noscript>
@@ -810,11 +810,16 @@ function getWorldName($id)
  */
 function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 {
+	/** @var PHPMailer $mailer */
 	global $mailer, $config;
 	if(!$mailer)
 	{
 		require(SYSTEM . 'libs/phpmailer/PHPMailerAutoload.php');
 		$mailer = new PHPMailer();
+		$mailer->setLanguage('en', LIBS . 'phpmailer/language/');
+	}
+	else {
+		$mailer->clearAllRecipients();
 	}
 
 	$signature_html = '';
@@ -834,6 +839,7 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 		$mailer->SMTPAuth = $config['smtp_auth'];
 		$mailer->Username = $config['smtp_user'];
 		$mailer->Password = $config['smtp_pass'];
+		$mailer->SMTPSecure = isset($config['smtp_secure']) ? $config['smtp_secure'] : '';
 	}
 	else
 		$mailer->IsMail();
@@ -889,6 +895,13 @@ function load_config_lua($filename)
 	if(count($lines) > 0)
 		foreach($lines as $ln => $line)
 		{
+			$line = trim($line);
+			if(@$line[0] === '{' || @$line[0] === '}') {
+				// arrays are not supported yet
+				// just ignore the error
+				continue;
+			}
+
 			$tmp_exp = explode('=', $line, 2);
 			if(strpos($line, 'dofile') !== false)
 			{
@@ -915,6 +928,12 @@ function load_config_lua($filename)
 						$result[$key] = (string) substr(substr($value, 1), 0, -1);
 					elseif(in_array($value, array('true', 'false')))
 						$result[$key] = ($value == 'true') ? true : false;
+					//elseif(substr($value, 0 , 1) == '{' && substr($value, -1 , 1) == '}') {
+					elseif(@$value[0] === '{') {
+						// arrays are not supported yet
+						// just ignore the error
+						continue;
+					}
 					else
 					{
 						foreach($result as $tmp_key => $tmp_value) // load values definied by other keys, like: dailyFragsToBlackSkull = dailyFragsToRedSkull

system/hooks.php

@@ -42,12 +42,12 @@ class Hook
 			$ret = $tmp($params);
 		}*/
 		
-		global $db, $config, $template_path, $ots, $content;
+		global $db, $config, $template_path, $ots, $content, $twig;
 		if(file_exists(BASE . $this->_file)) {
-			require(BASE . $this->_file);
+			$ret = require(BASE . $this->_file);
 		}
 
-		return true;
+		return $ret === null || $ret == 1 || $ret;
 	}
 
 	public function name() {return $this->_name;}
@@ -71,11 +71,17 @@ class Hooks
 		if(isset(self::$_hooks[$type]))
 		{
 			foreach(self::$_hooks[$type] as $name => $hook)
-				$ret = $hook->execute($params);
+				if(!$hook->execute($params)) {
+					$ret = false;
+				}
 		}
 
 		return $ret;
 	}
+
+	public function exist($type) {
+		return isset(self::$_hooks[$type]);
+	}
 	
 	public function load()
 	{

system/libs/cache_apc.php

@@ -31,7 +31,7 @@ class Cache_APC
 	public function get($key)
 	{
 		$tmp = '';
-		if($this->fetch($key, $tmp))
+		if($this->fetch($this->prefix . $key, $tmp))
 			return $tmp;
 
 		return '';
@@ -42,7 +42,7 @@ class Cache_APC
 	}
 
 	public function delete($key) {
-		apc_delete($key);
+		apc_delete($this->prefix . $key);
 	}
 
 	public function enabled() {

system/libs/cache_eaccelerator.php

@@ -30,7 +30,7 @@ class Cache_eAccelerator
 	public function get($key)
 	{
 		$tmp = '';
-		if($this->fetch($key, $tmp))
+		if($this->fetch($this->prefix . $key, $tmp))
 			return $tmp;
 
 		return '';
@@ -41,7 +41,7 @@ class Cache_eAccelerator
 	}
 
 	public function delete($key) {
-		eaccelerator_rm($key);
+		eaccelerator_rm($this->prefix . $key);
 	}
 
 	public function enabled() {

system/libs/cache_xcache.php

@@ -30,7 +30,7 @@ class Cache_XCache
 	public function get($key)
 	{
 		$tmp = '';
-		if($this->fetch($key, $tmp))
+		if($this->fetch($this->prefix . $key, $tmp))
 			return $tmp;
 
 		return '';
@@ -47,7 +47,7 @@ class Cache_XCache
 	}
 
 	public function delete($key) {
-		xcache_unset($key);
+		xcache_unset($this->prefix . $key);
 	}
 
 	public function enabled() {

system/libs/phpmailer/PHPMailerAutoload.php

@@ -30,20 +30,4 @@ function PHPMailerAutoload($classname)
     }
 }
 
-if (version_compare(PHP_VERSION, '5.1.2', '>=')) {
-    //SPL autoloading was introduced in PHP 5.1.2
-    if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
         spl_autoload_register('PHPMailerAutoload', true, true);
-    } else {
-        spl_autoload_register('PHPMailerAutoload');
-    }
-} else {
-    /**
-     * Fall back to traditional autoload for old PHP versions
-     * @param string $classname The name of the class to load
-     */
-    function __autoload($classname)
-    {
-        PHPMailerAutoload($classname);
-    }
-}

system/libs/plugins.php

@@ -194,8 +194,9 @@ class Plugins {
 							break;
 						}
 						
-						$file = BASE . $file;
-						if(!is_sub_dir($file, BASE) || realpath(dirname($file)) != dirname($file)) {
+						$file = str_replace('\\', '/', BASE . $file);
+						$realpath = str_replace('\\', '/', realpath(dirname($file)));
+						if(!is_sub_dir($file, BASE) || $realpath != dirname($file)) {
 							$success = false;
 							self::$error = "You don't have rights to delete: " . $file;
 							break;

system/libs/pot/OTS_Account.php

@@ -755,7 +755,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
         }
 		if( !isset($this->data['banned']) )
 			$this->loadBan();
-        return ($this->data['banned'] == 1);
+        return ($this->data['banned'] === true);
     }
 
     public function getBanTime()
@@ -781,20 +781,24 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		if(tableExist('account_bans')) {
 			$ban = $this->db->query('SELECT `expires_at` FROM `account_bans` WHERE `account_id` = ' . $this->data['id'] . ' AND (`expires_at` > ' . time() .' OR `expires_at` = -1) ORDER BY `expires_at` DESC')->fetch();
 			$this->data['banned'] = isset($ban['expires_at']);
-			$this->data['banned_time'] = $ban['expires_at'];
+			$this->data['banned_time'] = isset($ban['expires_at']) ? $ban['expires_at'] : 0;
 		}
 		else if(tableExist('bans')) {
 			if(fieldExist('active', 'bans')) {
 				$ban = $this->db->query('SELECT `active`, `expires` FROM `bans` WHERE (`type` = 3 OR `type` = 5) AND `active` = 1 AND `value` = ' . $this->data['id'] . ' AND (`expires` > ' . time() .' OR `expires` = -1) ORDER BY `expires` DESC')->fetch();
-				$this->data['banned'] = $ban['active'];
-				$this->data['banned_time'] = $ban['expires'];
+				$this->data['banned'] = isset($ban['active']);
+				$this->data['banned_time'] = isset($ban['expires']) ? $ban['expires'] : 0;
 			}
 			else { // tfs 0.2
 				$ban = $this->db->query('SELECT `time` FROM `bans` WHERE (`type` = 3 OR `type` = 5) AND `account` = ' . $this->data['id'] . ' AND (`time` > ' . time() .' OR `time` = -1) ORDER BY `time` DESC')->fetch();
-				$this->data['banned'] = $ban['time'] == -1 || $ban['time'] > 0;
-				$this->data['banned_time'] = $ban['time'];
+				$this->data['banned'] = isset($ban['time']) && ($ban['time'] == -1 || $ban['time'] > 0);
+				$this->data['banned_time'] = isset($ban['time']) ? $ban['time'] : 0;
 			}
 		}
+		else {
+			$this->data['banned'] = false;
+			$this->data['banned_time'] = 0;
+		}
     }
 
 /**

system/libs/usage_statistics.php

@@ -39,11 +39,13 @@ class Usage_Statistics {
 		
 		$ret['myaac_version'] = MYAAC_VERSION;
 		$ret['myaac_db_version'] = DATABASE_VERSION;
-		
-		$query = $db->query('SELECT `value` FROM `server_config` WHERE `config` = ' . $db->quote('database_version'));
-		if($query->rowCount() == 1) {
-			$query = $query->fetch();
-			$ret['otserv_db_version'] = $query['value'];
+
+		if(tableExist('server_config')) {
+			$query = $db->query('SELECT `value` FROM `server_config` WHERE `config` = ' . $db->quote('database_version'));
+			if($query->rowCount() == 1) {
+				$query = $query->fetch();
+				$ret['otserv_db_version'] = $query['value'];
+			}
 		}
 		
 		$ret['client_version'] = $config['client'];
@@ -58,8 +60,8 @@ class Usage_Statistics {
 		
 		$query = $db->query('SELECT SUM(ROUND(((DATA_LENGTH + INDEX_LENGTH) / 1024 ), 0)) AS "size"
 FROM INFORMATION_SCHEMA.TABLES
-WHERE TABLE_SCHEMA = "forgottenserver";');
-		
+WHERE TABLE_SCHEMA = "' . $config['database_name'] . '";');
+
 		if($query->rowCount() == 1) {
 			$query = $query->fetch();
 			$ret['database_size'] = $query['size'];

system/libs/validator.php

@@ -17,10 +17,10 @@ class Validator
 			self::$lastError = 'Invalid number format.';
 			return false;
 		}
-		
+
 		return true;
 	}
-	
+
 	/**
 	 * Validate account id
 	 * Id lenght must be 6-10 chars
@@ -35,28 +35,28 @@ class Validator
 			self::$lastError = 'Please enter your account number!';
 			return false;
 		}
-		
+
 		if(!Validator::number($id)) {
 			self::$lastError = 'Invalid account number format. Please use only numbers 0-9.';
 			return false;
 		}
-		
+
 		$length = strlen($id);
 		if($length < 6)
 		{
 			self::$lastError = 'Account is too short (min. 6 chars).';
 			return false;
 		}
-		
+
 		if($length > 10)
 		{
 			self::$lastError = 'Account is too long (max. 10 chars).';
 			return false;
 		}
-		
+
 		return true;
 	}
-	
+
 	/**
 	 * Validate account name
 	 * Name lenght must be 3-32 chars
@@ -71,29 +71,29 @@ class Validator
 			self::$lastError = 'Please enter your account name!';
 			return false;
 		}
-		
+
 		$length = strlen($name);
 		if($length < 3)
 		{
 			self::$lastError = 'Account name is too short (min. 3 chars).';
 			return false;
 		}
-		
+
 		if($length > 32)
 		{
 			self::$lastError = 'Account name is too long (max. 32 chars).';
 			return false;
 		}
-		
+
 		if(!preg_match("/[A-Z0-9]/i", $name))
 		{
 			self::$lastError = 'Invalid account name format. Use only A-Z and numbers 0-9.';
 			return false;
 		}
-		
+
 		return true;
 	}
-	
+
 	/**
 	 * Advanced mail validator
 	 *
@@ -105,17 +105,17 @@ class Validator
 			self::$lastError = 'Please enter your new email address.';
 			return false;
 		}
-		
+
 		if(strlen($email) > 255) {
 			self::$lastError = 'E-mail is too long (max. 255 chars).';
 			return false;
 		}
-		
+
 		if(!preg_match('/^(?:[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+\.)*[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+@(?:(?:(?:[a-zA-Z0-9_](?:[A-z0-9_\-](?!\.)){0,61}[a-zA-Z0-9_]?\.)+[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!$)){0,61}[a-zA-Z0-9_]?)|(?:\[(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\]))$/', $email)) {
 			self::$lastError = 'Invalid e-mail format.';
 			return false;
 		}
-		
+
 		return true;
 	}
 
@@ -132,35 +132,35 @@ class Validator
 			self::$lastError = 'Please enter the password.';
 			return false;
 		}
-		
+
 		if (strlen($password) < 8 || strlen($password) > 30) {
 			self::$lastError = 'The password must have at least 8 and maximum 30 letters!';
 			return false;
 		}
-		
+
 		if(strspn($password, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") != strlen($password)) {
 			self::$lastError = 'Password contains illegal letters (a-z, A-Z and 0-9 only!).';
 			return false;
 		}
-		
+
 		if(!ctype_alnum($password)) {
 			self::$lastError = 'Password contains illegal letters (a-z, A-Z and 0-9 only!).';
 			return false;
 		}
-		
+
 		if(!preg_match('/[a-zA-Z]/', $password)) {
 			self::$lastError = 'The password must contain at least one letter A-Z or a-z!';
 			return false;
 		}
-		
+
 		if(!preg_match('/[0-9]/', $password)) {
 			self::$lastError = 'The password must contain at least one letter other than A-Z or a-z!';
 			return false;
 		}
-		
+
 		return true;
 	}
-	
+
 	/**
 	 * Validate character name.
 	 * Name lenght must be 3-25 chars
@@ -175,20 +175,20 @@ class Validator
 			self::$lastError = 'Please enter character name.';
 			return false;
 		}
-		
+
 		$length = strlen($name);
 		if($length < 3)
 		{
 			self::$lastError = 'Character name is too short. Min. lenght <b>3</b> characters.';
 			return false;
 		}
-		
+
 		if($length > 25)
 		{
 			self::$lastError = 'Character name is too long. Max. lenght <b>25</b> characters.';
 			return false;
 		}
-		
+
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM- [ ] '") != $length)
 		{
 			self::$lastError = "Invalid name format. Use only A-Z, spaces and '.";
@@ -199,10 +199,10 @@ class Validator
 			self::$lastError = "Invalid name format. Use only A-Z, spaces and '.";
 			return false;
 		}
-		
+
 		return true;
 	}
-	
+
 	/**
 	 * Validate new character name.
 	 * Name lenght must be 3-25 chars
@@ -213,9 +213,9 @@ class Validator
 	public static function newCharacterName($name)
 	{
 		global $db, $config;
-		
+
 		$name_lower = strtolower($name);
-		
+
 		$first_words_blocked = array('admin ', 'administrator ', 'gm ', 'cm ', 'god ','tutor ', "'", '-');
 		foreach($first_words_blocked as $word)
 		{
@@ -224,27 +224,27 @@ class Validator
 				return false;
 			}
 		}
-		
+
 		if(substr($name_lower, -1) == "'" || substr($name_lower, -1) == "-") {
 			self::$lastError = 'Your name contains illegal characters.';
 			return false;
 		}
-		
+
 		if(substr($name_lower, 1, 1) == ' ') {
 			self::$lastError = 'Your name contains illegal space.';
 			return false;
 		}
-		
+
 		if(substr($name_lower, -2, 1) == " ") {
 			self::$lastError = 'Your name contains illegal space.';
 			return false;
 		}
-		
+
 		if(strtolower($config['lua']['serverName']) == $name_lower) {
 			self::$lastError = 'Your name cannot be same as server name.';
 			return false;
 		}
-		
+
 		$names_blocked = array('admin', 'administrator', 'gm', 'cm', 'god', 'tutor');
 		foreach($names_blocked as $word)
 		{
@@ -253,7 +253,7 @@ class Validator
 				return false;
 			}
 		}
-		
+
 		$words_blocked = array('admin', 'administrator', 'gamemaster', 'game master', 'game-master', "game'master", '--', "''","' ", " '", '- ', ' -', "-'", "'-", 'fuck', 'sux', 'suck', 'noob', 'tutor');
 		foreach($words_blocked as $word)
 		{
@@ -262,7 +262,7 @@ class Validator
 				return false;
 			}
 		}
-		
+
 		$name_length = strlen($name_lower);
 		for($i = 0; $i < $name_length; $i++)
 		{
@@ -271,7 +271,7 @@ class Validator
 				return false;
 			}
 		}
-		
+
 		for($i = 0; $i < $name_length; $i++)
 		{
 			if(isset($name_lower[$i - 1]) && $name_lower[$i - 1] == ' ' && isset($name_lower[$i + 1]) && $name_lower[$i + 1] == ' ') {
@@ -279,7 +279,7 @@ class Validator
 				return false;
 			}
 		}
-		
+
 		if(isset($config['monsters']))
 		{
 			if(in_array($name_lower, $config['monsters'])) {
@@ -287,14 +287,14 @@ class Validator
 				return false;
 			}
 		}
-		
+
 		$player = new OTS_Player();
 		$player->find($name);
 		if($player->isLoaded()) {
 			self::$lastError = 'Character with this name already exist.';
 			return false;
 		}
-		
+
 		//check if was namelocked previously
 		if(tableExist('player_namelocks') && fieldExist('name', 'player_namelocks')) {
 			$namelock = $db->query('SELECT `player_id` FROM `player_namelocks` WHERE `name` = ' . $db->quote($name));
@@ -303,25 +303,25 @@ class Validator
 				return false;
 			}
 		}
-		
+
 		$monsters = $db->query('SELECT `name` FROM `' . TABLE_PREFIX . 'monsters` WHERE `name` LIKE ' . $db->quote($name_lower));
 		if($monsters->rowCount() > 0) {
 			self::$lastError = 'Your name cannot contains monster name.';
 			return false;
 		}
-		
+
 		$spells_name = $db->query('SELECT `name` FROM `' . TABLE_PREFIX . 'spells` WHERE `name` LIKE ' . $db->quote($name_lower));
 		if($spells_name->rowCount() > 0) {
 			self::$lastError = 'Your name cannot contains spell name.';
 			return false;
 		}
-		
+
 		$spells_words = $db->query('SELECT `words` FROM `' . TABLE_PREFIX . 'spells` WHERE `words` = ' . $db->quote($name_lower));
 		if($spells_words->rowCount() > 0) {
 			self::$lastError = 'Your name cannot contains spell name.';
 			return false;
 		}
-		
+
 		if(isset($config['npc']))
 		{
 			if(in_array($name_lower, $config['npc'])) {
@@ -329,26 +329,26 @@ class Validator
 				return false;
 			}
 		}
-		
+
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM- '") != $name_length) {
 			self::$lastError = 'This name contains invalid letters, words or format. Please use only a-Z, - , \' and space.';
 			return false;
 		}
-		
+
 		if($name_length < 3 || $name_length  > 28) {
 			self::$lastError = 'Your name cannot be shorter than 3 characters and longer than 28 characters.';
 			return false;
 		}
-		
-		
+
+
 		if(!preg_match("/[A-z ']{3,28}/", $name)) {
 			self::$lastError = 'Your name containst illegal characters.';
 			return false;
 		}
-		
+
 		return true;
 	}
-	
+
 	/**
 	 * Validate guild name
 	 * Name lenght must be 3-32 chars
@@ -362,20 +362,47 @@ class Validator
 			self::$lastError = 'Please enter guild name.';
 			return false;
 		}
-		
+
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789- ") != strlen($name)) {
 			self::$lastError = 'Invalid guild name format.';
 			return false;
 		}
-		
+
 		if(!preg_match("/[A-z ]{3,32}/", $name)) {
 			self::$lastError = 'Invalid guild name format.';
 			return false;
 		}
-		
+
 		return true;
 	}
-	
+
+	/**
+	 * Validate guild nick
+	 * Nick lenght must be 3-40 chars
+	 *
+	 * @param  string $name Name to check
+	 * @return bool Is name valid?
+	 */
+	public static function guildNick($name)
+	{
+		if(empty($name)) {
+			self::$lastError = 'Please enter guild nick.';
+			return false;
+		}
+
+		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789- ") != strlen($name)) {
+			self::$lastError = 'Invalid guild nick format.';
+			return false;
+		}
+
+		if(!preg_match("/[A-z ]{3,40}/", $name)) {
+			self::$lastError = 'Invalid guild nick format.';
+			return false;
+		}
+
+		return true;
+	}
+
 	/**
 	 * Validate rank name
 	 * Rank lenght must be 1-32 chars
@@ -389,17 +416,17 @@ class Validator
 			self::$lastError = 'Please enter rank name.';
 			return false;
 		}
-		
+
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789-[ ] ") != strlen($name)) {
 			self::$lastError = 'Invalid rank name. Please use only a-Z, 0-9 and spaces.';
 			return false;
 		}
-		
+
 		if(!preg_match("/[A-z ]{1,32}/", $name)) {
 			self::$lastError = 'Invalid rank name. Please use only a-Z, 0-9 and spaces.';
 			return false;
 		}
-		
+
 		return true;
 	}
 	/**
@@ -411,7 +438,7 @@ class Validator
 	public static function str($str, $numbers = false) {
 		return preg_match('/^[a-z0-9\ ]*$/i', $str);
 	}
-	
+
 	public static function getLastError() {
 		return self::$lastError;
 	}

system/locale/en/install.php

@@ -18,7 +18,7 @@ $locale['loaded'] = 'Loaded';
 $locale['not_loaded'] = 'Not loaded';
 
 $locale['please_fill_all'] = 'Please fill all inputs!';
-$locale['already_installed'] = 'MyAAC has been already installed. Please delete <b>install/<b/> directory.';
+$locale['already_installed'] = 'MyAAC has been already installed. Please delete <b>install/<b/> directory. If you want to reinstall MyAAC - please delete <strong>config.local.php</strong> file from the main directory and refresh the page.';
 
 // welcome
 $locale['step_welcome'] = 'Welcome';

system/locale/pl/install.php

@@ -18,7 +18,7 @@ $locale['loaded'] = 'Załadowane';
 $locale['not_loaded'] = 'Nie załadowane';
 
 $locale['please_fill_all'] = 'Proszę wypełnić wszystkie pola!';
-$locale['already_installed'] = 'MyAAC został już zainstalowany. Proszę usunąć katalog <b>install/</b>.';
+$locale['already_installed'] = 'MyAAC został już zainstalowany. Proszę usunąć katalog <b>install/</b>. Jeśli chcesz zainstalować MyAAC od nowa - proszę usuń plik <strong>config.local.php</strong> z katalogu głównego i odśwież stronę.';
 
 // welcome
 $locale['step_welcome'] = 'Witamy';

system/locale/sv/install.php

@@ -18,7 +18,7 @@ $locale['loaded'] = 'Laddad';
 $locale['not_loaded'] = 'Inte Laddad';
 
 $locale['please_fill_all'] = 'Vänligen fyll i allt!';
-$locale['already_installed'] = 'MyAAC är redan installerat. Vänligen ta bort <b>install/<b/> mappen.';
+$locale['already_installed'] = 'MyAAC är redan installerat. Vänligen ta bort <b>install/<b/> mappen. Om du vill installera MyAAC igen - ta bort filen <strong>config.local.php</strong> från huvudkatalogen och uppdatera sidan.';
 
 // welcome
 $locale['step_welcome'] = 'Välkommen';

system/migrations/20.php

@@ -1,39 +1,48 @@
 <?php
 
-$config_file = BASE . 'config.local.php';
-if(!is_writable($config_file)) { // we can't do anything, just ignore
-	return;
+if(!isset($database_migration_20)) {
+	databaseMigration20();
 }
 
-$content_of_file = trim(file_get_contents($config_file));
-if(strpos($content_of_file, 'highscores_ids_hidden') !== false) { // already present
-	return;
+function databaseMigration20(&$content = '') {
+	global $db;
+
+	$config_file = BASE . 'config.local.php';
+	if(!is_writable($config_file)) { // we can't do anything, just ignore
+		return false;
+	}
+
+	$content_of_file = trim(file_get_contents($config_file));
+	if(strpos($content_of_file, 'highscores_ids_hidden') !== false) { // already present
+		return true;
+	}
+
+	$query = $db->query("SELECT `id` FROM `players` WHERE (`name` = " . $db->quote("Rook Sample") . " OR `name` = " . $db->quote("Sorcerer Sample") . " OR `name` = " . $db->quote("Druid Sample") . " OR `name` = " . $db->quote("Paladin Sample") . " OR `name` = " . $db->quote("Knight Sample") . " OR `name` = " . $db->quote("Account Manager") . ") ORDER BY `id`;");
+
+	$highscores_ignored_ids = array();
+	if($query->rowCount() > 0) {
+		foreach($query->fetchAll() as $result)
+			$highscores_ignored_ids[] = $result['id'];
+	}
+	else {
+		$highscores_ignored_ids[] = 0;
+	}
+
+	$php_on_end = substr($content_of_file, -2, 2) == '?>';
+	$content = PHP_EOL;
+	if($php_on_end) {
+		$content .= '<?php';
+	}
+
+	$content .= PHP_EOL;
+	$content .= '$config[\'highscores_ids_hidden\'] = array(' . implode(', ', $highscores_ignored_ids) . ');';
+	$content .= PHP_EOL;
+
+	if($php_on_end) {
+		$content .= '?>';
+	}
+
+	file_put_contents($config_file, $content, FILE_APPEND);
+	return true;
 }
-
-$query = $db->query("SELECT `id` FROM `players` WHERE (`name` = " . $db->quote("Rook Sample") . " OR `name` = " . $db->quote("Sorcerer Sample") . " OR `name` = " . $db->quote("Druid Sample") . " OR `name` = " . $db->quote("Paladin Sample") . " OR `name` = " . $db->quote("Knight Sample") . ") ORDER BY `id`;");
-
-$highscores_ignored_ids = array();
-if($query->rowCount() > 0) {
-	foreach($query->fetchAll() as $result)
-		$highscores_ignored_ids[] = $result['id'];
-}
-else {
-	$highscores_ignored_ids[] = 0;
-}
-
-$php_on_end = substr($content_of_file, -2, 2) == '?>';
-$content = PHP_EOL;
-if($php_on_end) {
-	$content .= '<?php';
-}
-
-$content .= PHP_EOL;
-$content .= '$config[\'highscores_ids_hidden\'] = array(' . implode(', ', $highscores_ignored_ids) . ');';
-$content .= PHP_EOL;
-
-if($php_on_end) {
-	$content .= '?>';
-}
-
-file_put_contents($config_file, $content, FILE_APPEND);
 ?>

system/migrations/22.php

@@ -0,0 +1,29 @@
+<?php
+
+if(!tableExist('z_polls'))
+	$db->query('
+CREATE TABLE `z_polls` (
+  `id` int(11) NOT NULL auto_increment,
+  `question` varchar(255) NOT NULL,
+  `description` varchar(255) NOT NULL,
+  `end` int(11) NOT NULL DEFAULT 0,
+  `start` int(11) NOT NULL DEFAULT 0,
+  `answers` int(11) NOT NULL DEFAULT 0,
+  `votes_all` int(11) NOT NULL DEFAULT 0,
+  PRIMARY KEY  (`id`)
+) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;');
+
+if(!tableExist('z_polls_answers'))
+$db->query('
+	CREATE TABLE `z_polls_answers` (
+  `poll_id` int(11) NOT NULL,
+  `answer_id` int(11) NOT NULL,
+  `answer` varchar(255) NOT NULL,
+  `votes` int(11) NOT NULL DEFAULT 0
+) ENGINE=MyISAM DEFAULT CHARSET=latin1;');
+
+if(!fieldExist('vote', 'accounts'))
+	$db->query('ALTER TABLE `accounts` ADD `vote` INT( 11 ) DEFAULT 0 NOT NULL ;');
+else {
+	$db->query('ALTER TABLE `accounts` MODIFY `vote` INT( 11 ) DEFAULT 0 NOT NULL ;');
+}

system/pages/admin/logs.php

@@ -28,29 +28,27 @@ foreach(scandir($aac_path_logs) as $f) {
 }
 
 $server_path_logs = $config['server_path'] . 'logs/';
-if(!file_exists($server_path_logs))
-$server_path_logs = $config['data_path'] . 'logs/';
-
 if(!file_exists($server_path_logs)) {
-	echo '</table>Logs are not available on this server.';
-	return;
+    $server_path_logs = $config['data_path'] . 'logs/';
 }
 
-foreach(scandir($server_path_logs) as $f) {
-	if($f[0] == '.' || $f == '..')
-		continue;
+if(file_exists($server_path_logs)) {
+	foreach(scandir($server_path_logs) as $f) {
+		if($f[0] == '.' || $f == '..')
+			continue;
 
-	if(is_dir($server_path_logs . $f)) {
-		foreach(scandir($server_path_logs . $f) as $f2) {
-			if($f2[0] == '.' || $f2 == '..')
-				continue;
-			$files[] = array($f . '/' . $f2, $server_path_logs);
+		if(is_dir($server_path_logs . $f)) {
+			foreach(scandir($server_path_logs . $f) as $f2) {
+				if($f2[0] == '.' || $f2 == '..')
+					continue;
+				$files[] = array($f . '/' . $f2, $server_path_logs);
+			}
+
+			continue;
 		}
 
-		continue;
+		$files[] = array($f, $server_path_logs);
 	}
-	
-	$files[] = array($f, $server_path_logs);
 }
 
 $i = 0;

system/pages/admin/pages.php

@@ -16,6 +16,8 @@ if(!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin())
 	return;
 }
 
+header('X-XSS-Protection:0');
+
 $name = $p_title = '';
 $groups = new OTS_Groups_List();
 

system/pages/admin/plugins.php

@@ -17,7 +17,7 @@ echo $twig->render('admin.plugins.form.html.twig');
 
 if(isset($_REQUEST['uninstall'])){
 	$uninstall = $_REQUEST['uninstall'];
-	
+
 	if(Plugins::uninstall($uninstall)) {
 		success('Successfully uninstalled plugin ' . $uninstall);
 	}
@@ -43,7 +43,7 @@ else if(isset($_FILES["plugin"]["name"]))
 				break;
 			case UPLOAD_ERR_INI_SIZE:
 			case UPLOAD_ERR_FORM_SIZE:
-				$error .= ' - file too large (limit of '.ini_get('upload_max_filesize').' bytes).';
+				$error .= ' - file too large (limit of '.ini_get('upload_max_filesize').' bytes). You can enlarge the limits by changing "upload_max_filesize" in php.ini';
 				break;
 			case UPLOAD_ERR_PARTIAL:
 				$error .= ' - file upload was not completed.';
@@ -78,7 +78,7 @@ else if(isset($_FILES["plugin"]["name"]))
 					}
 					else
 						error(Plugins::getError());
-					
+
 					unlink($targetzip); // delete the Zipped file
 				}
 				else

system/pages/creatures.php

@@ -110,21 +110,21 @@ if(empty($_REQUEST['creature']))
 	$number_of_rows = 0;
 	foreach($monsters as $monster) {
 		echo '<TR BGCOLOR="' . getStyle($number_of_rows++) . '"><TD><a href="?subtopic=creatures&creature='.urlencode($monster['name']).'">'.$monster['name'].'</a></TD><TD>'.$monster['health'].'</TD><TD>'.$monster['exp'].'</TD>';
-		
+
 	if($monster['summonable']) {
 		echo '<TD>'.$monster['mana'].'</TD>';
 	}
 	else {
 		echo '<TD>---</TD>';
 	}
-		
+
 	if($monster['convinceable']) {
 		echo '<TD>'.$monster['mana'].'</TD>';
 	}
 	else {
 		echo '<TD>---</TD>';
 	}
-		
+
 	echo '<td>'.ucwords($monster['race']).'</td></tr>';
 	}
 
@@ -170,13 +170,13 @@ if(isset($monster['name']))
 	echo '</TABLE></td><td align=left>
 	<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=40%>
 	<tr><td align=left>';
-	$monster['gfx_name'] = trim(mb_strtolower($monster['name'])).".gif";
+	$monster['gfx_name'] = trim(strtolower($monster['name'])).".gif";
 	if(!file_exists('images/monsters/'.$monster['gfx_name'])) {
 		$gfx_name =  str_replace(" ", "", $monster['gfx_name']);
 		if(file_exists('images/monsters/' . $gfx_name))
 			echo '<img src="images/monsters/'.$gfx_name.'" height="128" width="128">';
-	else
-		echo '<img src="images/monsters/nophoto.png" height="128" width="128">';
+	    else
+		    echo '<img src="images/monsters/nophoto.png" height="128" width="128">';
 	}
 	else
 		echo '<img src="images/monsters/' . $monster['gfx_name'] . '" height="128" width="128">';
@@ -190,19 +190,19 @@ if(isset($monster['name']))
 		$number_of_rows++;
 		echo '<tr BGCOLOR="'.getStyle($number_of_rows).'"><td width="100"><b>Immunities: </b></td><td width="100%">'.implode(', ', $immunities).'</td></tr>';
 	}
-	
+
 	$voices = json_decode($monster['voices'], true);
 	if(count($voices) > 0)
 	{
 		foreach($voices as &$voice) {
 			$voice = '"' . $voice . '"';
 		}
-		
+
 		$number_of_rows++;
 		echo '<tr BGCOLOR="'.getStyle($number_of_rows).'"><td width="100"><b>Voices: </b></td><td width="100%">'.implode(', ', $voices).'</td></tr>';
 	}
 	echo '</TABLE></td></tr>';
-	
+
 	$loot = json_decode($monster['loot'], true);
 	if($loot)
 	{
@@ -214,18 +214,18 @@ if(isset($monster['name']))
 			}
 			return ($a['chance'] > $b['chance']) ? -1 : 1;
 		}
-		
+
 		usort($loot, 'sort_by_chance');
-		
+
 		$i = 0;
 		foreach($loot as $item) {
 			$name = getItemNameById($item['id']);
 			$tooltip = $name . '<br/>Chance: ' . round($item['chance'] / 1000, 2) . '%<br/>Max count: ' . $item['count'];
-			
+
 			echo '<img src="' . $config['item_images_url'] . $item['id'] . '.gif" class="tooltip" title="' . $tooltip . '" width="32" height="32" border="0" alt=" ' .$name . '" />';
 			$i++;
 		}
-		
+
 		echo '</td></tr></TABLE>';
 	}
 

system/pages/forum/show_thread.php

@@ -13,7 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 $links_to_pages = '';
 $thread_id = (int) $_REQUEST['id'];
 $_page = (int) (isset($_REQUEST['page']) ? $_REQUEST['page'] : 0);
-$thread_name = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`section` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." AND `" . TABLE_PREFIX . "forum`.`id` = `" . TABLE_PREFIX . "forum`.`first_post` AND `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` LIMIT 1")->fetch();
+$thread_name = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`section`, `" . TABLE_PREFIX . "forum`.`post_html` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." AND `" . TABLE_PREFIX . "forum`.`id` = `" . TABLE_PREFIX . "forum`.`first_post` AND `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` LIMIT 1")->fetch();
 
 if(empty($thread_name['name'])) {
 	echo 'Thread with this ID does not exits.';
@@ -36,8 +36,8 @@ for($i = 0; $i < $posts_count['posts_count'] / $config['forum_threads_per_page']
 $threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `players`.`account_id`, `players`.`vocation`" . (fieldExist('promotion', 'players') ? ", `players`.`promotion`" : "") . ", `players`.`level`, `" . TABLE_PREFIX . "forum`.`id`,`" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`section`,`" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_date`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`post_html`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`last_edit_aid`, `" . TABLE_PREFIX . "forum`.`edit_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` LIMIT ".$config['forum_posts_per_page']." OFFSET ".($_page * $config['forum_posts_per_page']))->fetchAll();
 if(isset($threads[0]['name']))
 	$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `views`=`views`+1 WHERE `id` = ".(int) $thread_id);
-echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($threads[0]['section']) . '">'.$sections[$threads[0]['section']]['name'].'</a> >> <b>'.$thread_name['post_topic'].'</b>';
-echo '<br /><br /><a href="?subtopic=forum&action=new_post&thread_id='.$thread_id.'"><img src="images/forum/post.gif" border="0" /></a><br /><br />Page: '.$links_to_pages.'<br /><table width="100%"><tr bgcolor="'.$config['lightborder'].'" width="100%"><td colspan="2"><font size="4"><b>'.htmlspecialchars($thread_name['post_topic']).'</b></font><font size="1"><br />by ' . getPlayerLink($thread_name['name']) . '</font></td></tr><tr bgcolor="'.$config['vdarkborder'].'"><td width="200"><font color="white" size="1"><b>Author</b></font></td><td>&nbsp;</td></tr>';
+echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($threads[0]['section']) . '">'.$sections[$threads[0]['section']]['name'].'</a> >> <b>'.($thread_name['post_html'] ? $thread_name['post_topic'] : htmlspecialchars($thread_name['post_topic'])).'</b>';
+echo '<br /><br /><a href="?subtopic=forum&action=new_post&thread_id='.$thread_id.'"><img src="images/forum/post.gif" border="0" /></a><br /><br />Page: '.$links_to_pages.'<br /><table width="100%"><tr bgcolor="'.$config['lightborder'].'" width="100%"><td colspan="2"><font size="4"><b>'.($thread_name['post_html'] ? $thread_name['post_topic'] : htmlspecialchars($thread_name['post_topic'])).'</b></font><font size="1"><br />by ' . getPlayerLink($thread_name['name']) . '</font></td></tr><tr bgcolor="'.$config['vdarkborder'].'"><td width="200"><font color="white" size="1"><b>Author</b></font></td><td>&nbsp;</td></tr>';
 $player = $ots->createObject('Player');
 foreach($threads as $thread)
 {

system/pages/guilds/add_rank.php

@@ -11,13 +11,13 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
-$new_rank = isset($_REQUEST['rank_name']) ? $_REQUEST['rank_name'] : null;
+$rank_name = isset($_REQUEST['rank_name']) ? $_REQUEST['rank_name'] : null;
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
 
 if(empty($errors)) {
-	if(!Validator::rankName($new_rank)) {
+	if(!Validator::rankName($rank_name)) {
 		$errors[] = 'Invalid rank name format.';
 	}
 	if(!$logged) {
@@ -45,7 +45,7 @@ if(empty($errors)) {
 			$new_rank = new OTS_GuildRank();
 			$new_rank->setGuild($guild);
 			$new_rank->setLevel(1);
-			$new_rank->setName($new_rank);
+			$new_rank->setName($rank_name);
 			$new_rank->save();
 			header("Location: ?subtopic=guilds&guild=".$guild->getName()."&action=manager");
 			echo 'New rank added. Redirecting...';

system/pages/guilds/change_nick.php

@@ -32,6 +32,12 @@ if(!$new_nick) {
 $player = new OTS_Player();
 $player->find($name);
 $player_from_account = false;
+
+if(!Validator::guildNick($new_nick)) {
+    echo Validator::getLastError();
+    return;
+}
+
 if(strlen($new_nick) <= 40)
 {
 	if($player->isLoaded())

system/pages/guilds/save_ranks.php

@@ -12,7 +12,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 if(!Validator::guildName($guild_name)) {
-	$errors[] = Validator::get;
+	$errors[] = Validator::getLastError();
 }
 
 if(empty($errors)) {

system/pages/highscores.php

@@ -268,7 +268,7 @@ if($config['highscores_country_box'])
 	echo
 	'<TABLE BORDER=0 width="100%" CELLPADDING=4 CELLSPACING=1>
 		<TR BGCOLOR="' . $config['vdarkborder'] . '">
-			<TD CLASS=whites><B>Choose a country</B></TD>
+			<TD CLASS=white><B>Choose a country</B></TD>
 		</TR>
 		<TR BGCOLOR="'.$config['lightborder'].'">
 			<TD>
@@ -284,7 +284,7 @@ if($config['highscores_country_box'])
 echo '
 <TABLE BORDER=0 width="100%" CELLPADDING=4 CELLSPACING=1>
 	<TR BGCOLOR="'.$config['vdarkborder'].'">
-		<TD CLASS=whites><B>Choose a skill</B></TD>
+		<TD CLASS=white><B>Choose a skill</B></TD>
 	</TR>
 	<TR BGCOLOR="'.$config['lightborder'].'">
 		<TD>';
@@ -315,7 +315,7 @@ if($config['highscores_vocation_box'])
 	echo
 	'<table border="0" width="100%" cellpadding="4" cellspacing="1">
 		<tr bgcolor="' . $config['vdarkborder'] . '">
-			<td class=whites><b>Choose a vocation</b></td>
+			<td class="white"><b>Choose a vocation</b></td>
 		</tr>
 		<tr bgcolor="'.$config['lightborder'].'">
 			<td>

system/pages/lastkills.php

@@ -45,7 +45,7 @@ if(tableExist('player_killers')) // tfs 0.3
 							$players_rows .= 'eliminated';
 						elseif($count > 19)
 							$players_rows .= 'annihilated';
-							
+
 						 $players_rows .= 'at level <b>' . $death['level'] . '</b> by ';
 					}
 					else if($i == $count)
@@ -76,15 +76,15 @@ if(tableExist('player_killers')) // tfs 0.3
 			$players_rows .= '.</TD>';
 			if($config['multiworld'])
 				$player_rows .= '<TD>'.$config['worlds'][(int)$death['world_id']].'</TD>';
-			
+
 			$players_rows .= '</TR>';
 		}
 	}
 }
 else {
 	//$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `player_deaths`.`killed_by` as `killed_by`, `player_deaths`.`time` as `time`, `player_deaths`.`is_player` as `is_player`, `player_deaths`.`level` as `level` FROM `player_deaths`, `players` as `d` INNER JOIN `players` as `p` ON player_deaths.player_id = p.id WHERE player_deaths.`is_player`='1' ORDER BY `time` DESC LIMIT " . $config['last_kills_limit'] . ";");
-	
-$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `d`.`killed_by` as `killed_by`, `d`.`time` as `time`, `d`.`level`, `d`.`is_player` FROM `player_deaths` as `d` INNER JOIN `players` as `p` ON d.player_id = p.id ORDER BY `time` DESC LIMIT 20;");
+
+	$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `d`.`killed_by` as `killed_by`, `d`.`time` as `time`, `d`.`level`, `d`.`is_player`, `d`.`mostdamage_by` as `mostdamage_by`, `d`.`mostdamage_is_player` as `mostdamage_is_player` FROM `player_deaths` as `d` INNER JOIN `players` as `p` ON d.player_id = p.id ORDER BY `time` DESC LIMIT " . $config['last_kills_limit'] . ";");
 
 	if(!empty($players_deaths))
 	{
@@ -95,7 +95,15 @@ $players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `d`.`killed_by` as
 				$players_rows .= getPlayerLink($death['killed_by']);
 			else
 				$players_rows .= $death['killed_by'];
-			
+
+			if (!empty($death['mostdamage_by'])) {
+				$player_rows .= ' and ';
+				if($death['mostdamage_is_player'] == '1')
+					$players_rows .= getPlayerLink($death['mostdamage_by']);
+				else
+					$players_rows .= $death['mostdamage_by'];
+			}
+
 			$players_rows .= '.</TR>';
 		}
 	}

system/pages/polls.php

@@ -13,31 +13,6 @@ $title = 'Polls';
 
 /* Polls System By Averatec from pervera.pl & otland.net */
 
-if(!tableExist('z_polls'))
-	$db->query('
-CREATE TABLE `z_polls` (
-  `id` int(11) NOT NULL auto_increment,
-  `question` varchar(255) NOT NULL,
-  `description` varchar(255) NOT NULL,
-  `end` int(11) NOT NULL DEFAULT 0,
-  `start` int(11) NOT NULL DEFAULT 0,
-  `answers` int(11) NOT NULL DEFAULT 0,
-  `votes_all` int(11) NOT NULL DEFAULT 0,
-  PRIMARY KEY  (`id`)
-) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;');
-
-if(!tableExist('z_polls_answers'))
-$db->query('
-	CREATE TABLE `z_polls_answers` (
-  `poll_id` int(11) NOT NULL,
-  `answer_id` int(11) NOT NULL,
-  `answer` varchar(255) NOT NULL,
-  `votes` int(11) NOT NULL DEFAULT 0
-) ENGINE=MyISAM DEFAULT CHARSET=latin1;');
-
-if(!fieldExist('vote', 'accounts'))
-	$db->query('ALTER TABLE `accounts` ADD `vote` INT( 11 ) NOT NULL ;');
-
 function getColorByPercent($percent)
 {
 	if($percent < 15)

system/templates/account.management.html.twig

@@ -84,6 +84,7 @@
 			</div>
 		<br/><br/>
 		{% endif %}
+		<a name="General+Information"></a>
 		<h2>General Information</h2>
 		<table width="100%">
 			<tr style="background-color: {{ config.lightborder }};" >
@@ -118,6 +119,7 @@
 			{% endautoescape %}
 		</table>
 		<br/>
+		<a name="Public+Information"></a>
 		<h2>Public Information</h2>
 		<table width="100%">
 			<tr style="background-color: {{ config.lightborder }};" >
@@ -133,6 +135,7 @@
 			<input type="submit" value="Change Info" />
 		</form>
 		<br/>
+		<a name="Account+Logs" ></a>
 		<h2>Action Log</h2>
 		<table>
 			<tr bgcolor="{{ config.vdarkborder }}" class="white">
@@ -151,6 +154,7 @@
 			{% endautoescape %}
 		</table>
 		<br/>
+		<a name="Characters" ></a>
 		<h2>Character list: {{ players|length }} characters.</h2>
 		<table>
 			<tr bgcolor="{{ config.vdarkborder }}" class="white">

system/templates/admin.dashboard.html.twig

@@ -35,7 +35,7 @@
 	{% if status.online %}
 	<p class="success" style="width: 150px; text-align: center;">Status: Online<br/>
 		{{ status.uptimeReadable }}, {{ status.players }}/{{ status.playersMax }}<br/>
-		{{ status.lua.ip }} : {{ status.lua.loginPort }}
+		{{ config.lua.ip }} : {{ config.lua.loginPort }}
 		<br/><br/><u><a id="more-button" href="#"></a></u>
 
 		<span id="status-more">
@@ -74,4 +74,4 @@
         return false;
     });
 </script>
-{% endif %}
+{% endif %}

system/templates/admin.pages.form.html.twig

@@ -19,7 +19,12 @@
 					</tr>
 					<tr>
 						<td>PHP:</td>
-						<td><input type="checkbox" id="php" name="php" title="Check if page should be executed as PHP" value="1"{% if php %} checked="true"{% endif %}{% if action == 'edit' %} disabled{% endif %}/></td>
+						<td>
+							<input type="checkbox" id="php" name="php" title="Check if page should be executed as PHP" value="1"{% if php %} checked="true"{% endif %}{% if action == 'edit' %} disabled{% endif %}/>
+							{% if action == 'edit' %}
+								<input type="hidden" name="php" value="{% if php %}1{% else %}0{% endif %}"/>
+							{% endif %}
+						</td>
 					</tr>
 					<tr>
 						<td>Content:</td>

system/templates/online.html.twig

@@ -3,7 +3,7 @@
 		<td class="white"><b>Server Status</b></td>
 	</tr>
 {% if players|length == 0 %}
-	<tr bgcolor="{{ config.darkborder }}"><td>Currently no one is playing on {{ config.lua.serverName }}.</td></tr></table>
+	<tr bgcolor="{{ config.darkborder }}"><td>Currently no one is playing on&nbsp;{{ config.lua.serverName }}.</td></tr></table>
 {% else %}
 	<tr bgcolor="{{ config.darkborder }}">
 		<td>
@@ -14,7 +14,7 @@
 					{% set players_count = players|length %}
 					{% set afk = players_count - status.players %}
 					{% if afk < 0 %}
-						{% set players = players + afk|abs %}
+						{% set players_count = players_count + afk|abs %}
 						{% set afk = 0 %}
 					{% endif %}
 					Currently there are <b>{{ status.players }}</b> active and <b>{{ afk }}</b> AFK players.<br/>
@@ -26,6 +26,7 @@
 		</td>
 	</tr>
 </table>
+<br/>
 	{# vocation statistics #}
 	{% if config.online_vocations %}
 <br/>

templates/tibiacom/account.login.html.twig

@@ -108,11 +108,14 @@
 											<tr>
 												<td >
 													<div style="float: right; margin-top: 20px;" >
+														{% spaceless %}
 														<form class="MediumButtonForm" action="{{ getLink('account/create') }}" method="post" >
-															<div class="MediumButtonBackground" style="background-image:url({{ template_path }}/images/global/buttons/mediumbutton.gif)" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="MediumButtonOver" style="background-image:url({{ template_path }}/images/global/buttons/mediumbutton-over.gif)" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ></div>
+															<div class="MediumButtonBackground" style="background-image:url({{ template_path }}/images/global/buttons/mediumbutton.gif)" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);">
+																<div class="MediumButtonOver" style="background-image:url({{ template_path }}/images/global/buttons/mediumbutton-over.gif)" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);"></div>
 																<input class="MediumButtonText" type="image" name="Create Account" alt="Create Account" src="{{ template_path }}/images/global/buttons/mediumbutton_createaccount.png" />
 															</div>
 														</form>
+														{% endspaceless %}
 													</div>
 													<div id="LoginCreateAccountBox" >
 														<p><b>{{ config.lua.serverName }}...</b></p>

templates/tibiacom/basic.css

@@ -1785,6 +1785,37 @@ img {
   color: white;
 }
 
+/* BUTTONS */
+.MediumButtonText {
+  position: absolute;
+  top: 0;
+  left: 0;
+  height: 37px;
+  width: 150px;
+  z-index: 20;
+}
+.MediumButtonBackground {
+  position: relative;
+  top: 0;
+  left: 0;
+  width: 150px;
+  height: 37px;
+  z-index: 10;
+}
+.MediumButtonOver {
+  position: relative;
+  top: 0;
+  left: 0;
+  width: 150px;
+  height: 37px;
+  visibility: hidden;
+  z-index: 15;
+}
+.MediumButtonForm {
+  margin: 0;
+  padding: 0;
+}
+
 .moduleRow { }
 
 .moduleRowOver {

templates/tibiacom/index.php

@@ -46,7 +46,7 @@ if(isset($config['boxes']))
 		var activeSubmenuItem="<?php echo $tmp; ?>";
 		var IMAGES="<?php echo $template_path; ?>/images";
 		var LINK_ACCOUNT="<?php echo BASE_URL; ?>";
-		
+
 		function rowOverEffect(object) {
 			if (object.className == 'moduleRow') object.className = 'moduleRowOver';
 		}
@@ -54,7 +54,7 @@ if(isset($config['boxes']))
 		function rowOutEffect(object) {
 			if (object.className == 'moduleRowOver') object.className = 'moduleRow';
 		}
-		
+
 		function InitializePage() {
 		  LoadLoginBox();
 		  LoadMenu();
@@ -279,7 +279,7 @@ if(isset($config['boxes']))
             <img id="TibiaLogoArtworkTop" src="<?php echo $template_path; ?>/images/header/<?php echo $config['logo_image']; ?>" onClick="window.location = '<?php echo getLink('news')?>';" alt="logoartwork" />
             <img id="TibiaLogoArtworkBottom" src="<?php echo $template_path; ?>/images/header/tibia-logo-artwork-bottom.gif" alt="logoartwork" />
             <img id="Statue_2" src="<?php echo $template_path; ?>/images/header/animated-statue.gif" alt="logoartwork" />
-            <img id="LogoLink" src="<?php echo $template_path; ?>/images/header/tibia-logo-artwork-string.gif" onClick="window.location = 'mailto:<?php echo $config['lua']['ownerEmail']; ?>';" alt="logoartwork" />
+            <img id="LogoLink" src="<?php echo $template_path; ?>/images/header/tibia-logo-artwork-string.gif" onClick="window.location = 'mailto:<?php echo $config['mail_address']; ?>';" alt="logoartwork" />
           </div>
 
   <div id="Loginbox" >
@@ -442,6 +442,6 @@ foreach($config['menu_categories'] as $id => $cat) {
 function logo_monster()
 {
 	global $config;
-	return str_replace(" ", "", trim(mb_strtolower($config['logo_monster'])));
+	return str_replace(" ", "", trim(strtolower($config['logo_monster'])));
 }
 ?>

tools/signature/gesior.php

@@ -20,7 +20,7 @@
 	if($rank->isLoaded())
 	{
 		imagettftext($image , $fontsize, 0, 20, 75, $color, $font, 'Guild:');
-		imagettftext($image , $fontsize, 0, 70, 75, $color, $font, $player->getRank()->getName() . ' of the ' . $$rank->getGuild()->getName());
+		imagettftext($image , $fontsize, 0, 70, 75, $color, $font, $player->getRank()->getName() . ' of the ' . $rank->getGuild()->getName());
 	}
 	imagettftext($image , $fontsize, 0, 20, 95, $color, $font, 'Last Login:');
 	imagettftext($image , $fontsize, 0, 100, 95, $color, $font, (($player->getLastLogin() > 0) ? date("j F Y, g:i a", $player->getLastLogin()) : 'Never logged in.'));

tools/validate.php

@@ -1,7 +1,7 @@
 <?php
 /**
  * Ajax validator
- * Returns xml file with result
+ * Returns json with result
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>