Release v0.8.24

HOOK_BEFORE_PAGE_CUSTOM,
HOOK_AFTER_PAGE_CUSTOM

.github/workflows/phplint.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: overtrue/phplint@7.4
+      - uses: overtrue/phplint@3.4.0
         with:
           path: .
           options: --exclude="system/libs/polyfill-mbstring/bootstrap80.php"

.gitignore

@@ -2,12 +2,22 @@ Thumbs.db
 .DS_Store
 .idea
 
+#
+/.htaccess
+lua
+
 # composer
 composer.lock
 vendor
 
 # npm
 node_modules
+tools/ext
+
+# cypress
+cypress.env.json
+cypress/e2e/2-advanced-examples
+cypress/screenshots
 
 # created by release.sh
 releases
@@ -28,6 +38,12 @@ images/guilds/*
 images/editor/*
 !images/editor/index.html
 
+# gallery images
+images/gallery/*
+!images/gallery/index.html
+!images/gallery/demon.jpg
+!images/gallery/demon_thumb.gif
+
 # cache
 system/cache/*
 !system/cache/index.html
@@ -37,7 +53,7 @@ system/cache/*
 
 # php sessions
 system/php_sessions/*
-!system/php_sessions//index.html
+!system/php_sessions/index.html
 
 # logs
 system/logs/*

CHANGELOG.md

@@ -1,5 +1,196 @@
 # Changelog
 
+## [0.8.24 - 03.06.2025]
+
+### Added
+* Add code to insert guild_ranks on guild create, in case guild trigger is missing (https://github.com/slawkens/myaac/commit/149e10261befab22a38246bd792e2e4d1c42ef1e)
+* Two new hooks for pages loaded from database (custom pages): HOOK_BEFORE_PAGE_CUSTOM + HOOK_AFTER_PAGE_CUSTOM (https://github.com/slawkens/myaac/commit/e542e8a7cebad2d4bd6984c62cd6f385363ba9eb)
+* Load hooks before twig, add new hooks: HOOK_TWIG + HOOK_INIT (https://github.com/slawkens/myaac/commit/5726c9fa94e6f5a198917f6bda9014c0cbb141fb)
+* New hooks for account characters change-comment page (https://github.com/slawkens/myaac/commit/76440a37d009b845db9157312f2807774e15de14)
+
+### Fixed
+* Do not allow access to tools/ folder after install (https://github.com/slawkens/myaac/commit/fcfe5b0dbd33fd628031fe60ae3f2acc5164eed8)
+
+### Changed
+* Do not return -1 in case of freePremium, makes things harder (https://github.com/slawkens/myaac/commit/335b7b3112b3f2ed87b46c5dbc5db70a33bbd953)
+
+## [0.8.23 - 22.04.2025]
+
+### Added
+* Add db->hasTableAndColumns(table, columns), credits to @opentibiabr Team (https://github.com/slawkens/myaac/commit/9c15c2fa6848d966457972fce0d04347ecbd4f2c)
+* Add noSubmit option to buttons.base (https://github.com/slawkens/myaac/commit/4b9a7eaf859f9d3dbc90deb03564fcddde2f90d3)
+
+### Changed
+* Display more info when error parsing config.lua value (https://github.com/slawkens/myaac/commit/29a198bfcedeb5d22e0d34c5c53098142acdf477)
+* Change logout button color to red in tibiacom template (https://github.com/slawkens/myaac/commit/1708a48186294e3eea0a79344fdf56ba93327c6d)
+
+### Fixed
+* Fix headline.php: change image format to .png cause of black background (https://github.com/slawkens/myaac/commit/68170e42cd8fac43c55654ba595f09425618f26e)
+* Fix long title on headline.php (https://github.com/slawkens/myaac/commit/727da8b0cc968d0cafc502dd9c8cebf17e46bf76)
+* getPremDays: returns -1 if freePremium (https://github.com/slawkens/myaac/commit/89f537c8c2646c748a14ee46539a6103fda88ec1)
+
+## [0.8.22 - 27.01.2025]
+
+### Changed
+* Better exception handler, which clears the whole html output, so the message is better visible + better style (https://github.com/slawkens/myaac/commit/c304a9ab43bf0bda41907db3e6f65293350640a2 + https://github.com/slawkens/myaac/commit/7abc3c78334d44fb64684b26d8a305d0fe676caa)
+* Optimize $player->isOnline() function, thanks @gesior (https://github.com/slawkens/myaac/commit/7c3ebf70fa4751af986be7b46ee3530d4875271e)
+* All $cache->set calls should have $ttl (https://github.com/slawkens/myaac/commit/37ba9c7366139778d09d1316d7cb49a255165778)
+
+### Fixed
+* exception in lostaccount.php - $account->getName() (https://github.com/slawkens/myaac/commit/d390ea325e2dbfd87a830cfe40991f58e07a87a1)
+
+## [0.8.21 - 09.01.2025]
+
+### Added
+* support for button_color (red, green, blue) (https://github.com/slawkens/myaac/commit/b2c9eb474513650a014352d820602b8007eb3bf3)
+
+### Changed
+* Set default_socket_timeout for ipinfo.io checkup (https://github.com/slawkens/myaac/commit/e09fe517747e4f462c72395ede39759bf308d171)
+
+### Fixed
+* XSS in forum (https://github.com/slawkens/myaac/commit/580b888b1dd1317d7ccf5f888536159c3bfe4324)
+* move_thread by unauthorized user (https://github.com/slawkens/myaac/commit/19d3e15c114de65ef6c379e4da66d32138a0e7c4)
+* change sex wrong price deducted (https://github.com/slawkens/myaac/commit/39b19ed4c8724385ee80f7d02219e84f6b3f5d95)
+* fix for TFS 1.4.2 exception on creating character, where conditions column is NULL (https://github.com/slawkens/myaac/commit/5a68d204bb24392d424efde4133b0a3222e788bb)
+
+## [0.8.20 - 26.11.2024]
+
+Small fix regarding the latest release and the linux system.
+
+Download this one, instead of the 0.8.19 if you are using linux.
+
+If you are using 0.8.19, make this update:
+
+The fix is to make this change in the system/libs/hooks.php
+
+Change
+```
+require_once LIBS . 'src/plugins.php';
+```
+
+Into:
+```
+require_once LIBS . 'src/Plugins.php';
+```
+
+Yeah, we just changed 'p' to 'P' - that's just case-sensitive nature of linux.
+
+## [0.8.19 - 19.11.2024]
+
+### Added
+* syntactic sugar for db structure changes (https://github.com/slawkens/myaac/commit/e0036a3e32e8c37c28665dd7ae18ac9b8fc167d9)
+* add "None" vocation to highscores (https://github.com/slawkens/myaac/commit/7f4737631dfcb6ec255c6d9301304d3bf222a033)
+* new hooks in account manage + create (https://github.com/slawkens/myaac/commit/d40178104b0f411b9672102c49a4b87ac16e1779)
+* new functions: getGuildNameById($id) + getGuildLogoById($id) + Plugins::installMenus($templateName, $menus, $clearOld = false) (https://github.com/slawkens/myaac/commit/de1bb37bcb6d111fbdf185ef9c2fec7e7f05053e + https://github.com/slawkens/myaac/commit/d1c5a189c3b182a36933ed507c6ae36b61fe1d45 + https://github.com/slawkens/myaac/commit/5a953ce901522d080aa16fcfcd268e9544bf6e1a)
+
+### Changed
+* set default encryption to sha1 (https://github.com/slawkens/myaac/commit/55b8645d3f38c47f4aafc1906625b676c429cdd5)
+* prefer get_browser_real_ip() over REMOTE_ADDR (cause of Cloudflare and similar services) (https://github.com/slawkens/myaac/commit/b5bbae62b09db50a73bfa3e288245ea718005aa9)
+* allow account_create_character_create even if account_mail_verify is activated (https://github.com/slawkens/myaac/commit/1edf8833c844b25372017e4affaf12aa02cdce7a)
+* better https detection (patched from develop) (https://github.com/slawkens/myaac/commit/d73aceb272d0615244fcfd0998d75e6c6c15d3fe)
+* require login before create new thread (#261, @anyeor)
+* better tables.headline.html.twig (patched from 1.0) (https://github.com/slawkens/myaac/commit/71ef30d35ecb2f876e9b861f211f737302bf408e)
+
+### Fixed
+* bans page fixed functions getPlayerNameByAccount + getPlayerNameById (https://github.com/slawkens/myaac/commit/d39386cfabfa13e5c916ead69e2f8f90fdc47f4f)
+* account verify - do not allow login without verified email (https://github.com/slawkens/myaac/commit/1edf8833c844b25372017e4affaf12aa02cdce7a, Thanks @anyeor)
+* if <flags> is not present in monster.xml (https://github.com/slawkens/myaac/commit/81b6652738a7b04be3980cbf55443a6fbe437b34)
+* $db->update when there is null value (https://github.com/slawkens/myaac/commit/1458b7a412ff6875cebba1b88d380f7f959ee6be)
+* error on $db __destruct saving current script name in CLI (https://github.com/slawkens/myaac/commit/01660bd2b4967315c0e16d2f83c6c39f0b78683d)
+
+## [0.8.18 - 29.05.2024]
+
+### Added
+* hook in guilds page to support guild wars (https://github.com/slawkens/myaac/commit/f875f3cd2059fac5c23a08ce73dd8621a66613e0)
+
+## [0.8.17 - 18.05.2024]
+
+### Added
+* TwigTypeCastingExtension (https://github.com/slawkens/myaac/commit/7181b988e9518320d57486670ca4e2d3b2fe1cfa)
+
+### Fixed
+* fix XSS in creatures.php (https://github.com/slawkens/myaac/commit/02eea950e4fd756e8d5c32e56181986d51f5ac70, @gesior)
+* don't allow redirect to external website (https://github.com/slawkens/myaac/commit/ef62b53cec5a479cc85aa15940ad9ebbcefde876)
+* change_info if account_country is disabled (https://github.com/slawkens/myaac/commit/62d3c198d567541a90900fe2d7ede070e7b1ff68)
+
+### Changed
+* use word-break: break-all in guilds description + character comment (https://github.com/slawkens/myaac/commit/191ad25eb2d4c1cec6f6668da7a345fec0ad2a7f)
+* set default status_ip to 127.0.0.1, most server are hosted locally anyway (https://github.com/slawkens/myaac/commit/2793c41655b47f7db295143a298ccda70f11462b)
+
+## [0.8.16 - 12.02.2024]
+
+### Fixed
+* broken installation
+* database and finish step warnings/errors (https://github.com/slawkens/myaac/pull/245, @danilopucci)
+* silently ignore if the hook does not exist
+
+## [0.8.15 - 09.12.2023]
+
+More security fixes, especially in bugtracker.
+
+## [0-8.14 - 27.11.2023]
+Security fixes.
+
+### Fixed
+* XSS vulnerability in bugtracker (https://github.com/slawkens/myaac/commit/83a91ec540072d319dd338abff45f8d5ebf48190)
+* XSS vulnerability in forum (https://github.com/slawkens/myaac/commit/d1bc63d07ad88a143358cacd2c417891eea74dcc + https://github.com/slawkens/myaac/commit/55dbade8d5280c5baed45e5f7ebc3613b8e9b9e8)
+* Session Fixation (https://github.com/slawkens/myaac/commit/483155cf4c1e3068aaee0d44541dfa61f6223379)
+* displaying ban info on account page (https://github.com/slawkens/myaac/commit/764db0c203d1826ffce3a5a78f83a97e56bd0685)
+
+### Changed
+* Clear some additional cache keys - like database cache (https://github.com/slawkens/myaac/commit/4327b66f915d06dce504211692173606b9ef3b4e)
+
+## [0.8.13 - 16.09.2023]
+
+### Added
+* latest client versions to config (https://github.com/slawkens/myaac/commit/765886f0c782807400c429577cde5e45bd7c308f)
+* patching from develop - twig context for hooks (https://github.com/slawkens/myaac/commit/f1670f4012cc7595433fe0b1937c1f9b15a60b07)
+
+### Fixed
+* fixed XSS vulnerability in some pages (https://github.com/slawkens/myaac/commit/5c3b01aca4f3cfe8abc86b8ce48194b2da87b808)
+
+Nothing more or less!
+
+## [0.8.12 - 07.08.2023]
+I've moved the repository back to my personal account. (Just so you know!)
+
+I will also try to add git commits pointed to each change, lets see if you like it or not - you can comment in discussion, that will be created just after releasing this version :)
+
+### Added
+* forum: better error messages (Suggested by @anyeor) (https://github.com/slawkens/myaac/commit/34725e0257684fe5fa43875cc3a8f587ba04642e)
+* more support for GesiorAAC classes, so some of them will work with MyAAC (https://github.com/slawkens/myaac/commit/a8172a518ff8939c4402349b16c064fcaf855d31)
+* word-break on forum thread & reply (Suggested by @anyeor) (https://github.com/slawkens/myaac/commit/ce4aed0f1719d2aadc749e5238e883e3c10e2686)
+
+### Fixed
+* not working pages/links from database, introduced in 0.8.10 (Thanks to OtLand user - https://otland.net/members/0lo.99657/ for report) (https://github.com/slawkens/myaac/commit/1e874c7027769bd09e772a1cdac75d7e37991256)
+* it was possible to create topic in board that was closed, ommiting the error check (Thanks to @anyeor for report) (https://github.com/slawkens/myaac/commit/0d52978d9fb99869500d35e7676f454ca5eaba14)
+* PHP 8.2 compatibility - removed deprecated functions utf8_encode & utf8_decode (https://github.com/slawkens/myaac/commit/a338fd967cdbcc89e86be4e6b66b2cad2ff23251)
+* guild description not being correctly shown (Reported by @anyeor)  (https://github.com/slawkens/myaac/commit/f2a3ec1185df64ad9084d4ff55790ae4a5b3e5fd, https://github.com/slawkens/myaac/commit/df321154f63d458a4bc7d83bac5e3447b67317a4)
+
+### Removed
+* Some old code for verifying messages length (Reported by @anyeor) (https://github.com/slawkens/myaac/commit/df48363ea4ced4350fd90ffddf57d464ba5afa8b)
+* some info about config failed to load, was never working (https://github.com/slawkens/myaac/commit/7a546e5a41036b0e9e926d337c6f2e3c41c591d2)
+
+## [0.8.11 - 30.06.2023]
+
+### Added
+* new function from 0.9 - Cache::remember($key, $ttl, $callback)
+* new characters page hooks
+* line number & file to exception handler, to easier localize exceptions
+
+### Changed
+* rename to .htaccess.dist, causes some problems on default setup
+* removing unneccessary PHP closing tags to prevent potential issues (by @SRNT-GG)
+* display warning if hook file does not exist
+
+### Fixed
+* important: Not allow create char if limit is exceeded (by @anyeor) could have been used to spam database
+* deleted chars: cannot change comment, name, gender, cannot create guild, cannot be invited, cannot accept invite, cannot be passed leadership to
+* forum: quote and edit post buttons not being shown
+* twig exception thrown when player does not exist, on character change comment (thanks @anyeor)
+* BASE_DIR when accessing /tools
+* do not display warning if HTTP_ACCEPT_LANGUAGE is not set
+
 ## [0.8.10 - 18.05.2023]
 
 ### Changed

README.md

@@ -1,24 +1,36 @@
 # [MyAAC](https://my-aac.org)
 
-[![Build Status Master](https://img.shields.io/travis/slawkens/myaac/master)](https://travis-ci.org/github/slawkens/myaac)
-[![License: GPL-3.0](https://img.shields.io/github/license/slawkens/myaac)](https://opensource.org/licenses/gpl-license)
-[![Downloads Count](https://img.shields.io/github/downloads/slawkens/myaac/total)](https://github.com/slawkens/myaac/releases)
-[![PHP Versions](https://img.shields.io/travis/php-v/slawkens/myaac/master)](https://github.com/slawkens/myaac/blob/d8b3b4135827ee17e3c6d41f08a925e718c587ed/.travis.yml#L3)
-[![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
-[![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
-
 MyAAC is a free and open-source Automatic Account Creator (AAC) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
 
 Official website: https://my-aac.org
 
+[![GitHub Workflow Status (with event)](https://img.shields.io/github/actions/workflow/status/slawkens/myaac/cypress.yml)](https://github.com/slawkens/myaac/actions)
+[![License: GPL-3.0](https://img.shields.io/github/license/slawkens/myaac)](https://opensource.org/licenses/gpl-license)
+[![Downloads Count](https://img.shields.io/github/downloads/slawkens/myaac/total)](https://github.com/slawkens/myaac/releases)
+[![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
+[![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
+
+| Version | Status                 | Branch  | Requirements   |
+|:--------|:-----------------------|:--------|:---------------|
+| 2.x     | Experimental features  | develop | PHP >= 8.1     |
+| **1.x** | **Active development** | main    | **PHP >= 8.1** |
+| 0.9.x   | Not developed anymore  | 0.9     | PHP >= 7.2.5   |
+| 0.8.x   | Active support         | 0.8     | PHP >= 7.2.5   |
+| 0.7.x   | End Of Life            | 0.7     | PHP >= 5.3.3   |
+
+The recommended version to install is 1.x, which can be found at releases page - [https://github.com/slawkens/myaac/releases](https://github.com/slawkens/myaac/releases).
+
+### Documentation
+* [docs.my-aac.org](https://docs.my-aac.org)
+* [my-aac.org - FAQ](https://my-aac.org/faqs/)
+
 ### Requirements
 
-	- PHP 5.6 or later
 	- MySQL database
-	- PDO PHP Extension
-	- XML PHP Extension
-	- ZIP PHP Extension
-	- (optional) mod_rewrite to use friendly_urls
+	- PHP Extensions: pdo, xml, json
+	- (optional) apache2 mod_rewrite (to use friendly_urls)
+	- (optional) zip PHP Extension (to install plugins)
+	- (optional) gd PHP Extension (for generating signature images)
 
 ### Installation
 
@@ -42,22 +54,23 @@ Official website: https://my-aac.org
 
 ### Configuration
 
-Check *config.php* to get more informations.
+Check *config.php* to get more information. (Notice: MyAAC 1.0+ doesn't use config.php anymore, it has been moved to Admin Panel - Settings page).
+
 Use *config.local.php* for your local configuration changes.
 
 ### Branches
 
 This repository follows the Git Flow Workflow.
-Cheatsheet: [Git-Flow-Cheetsheet](https://danielkummer.github.io/git-flow-cheatsheet)
+Cheatsheet: [Git-Flow-Cheatsheet](https://danielkummer.github.io/git-flow-cheatsheet)
 
 That means, we use:
-* master branch, for current stable release
+* main branch, for current stable release
 * develop branch, for development version (next release)
 * feature branches, for features etc.
 
 ### Known Problems
 
-- Some compatibility issues with some exotical distibutions.
+- Some compatibility issues with some exotic distributions.
 
 ### Contributing
 
@@ -71,7 +84,13 @@ Look: [Contributing](https://github.com/otsoft/myaac/wiki/Contributing) in our w
 
 ### Other Notes
 
-If you have a great idea or want contribute to the project - visit our website at https://www.my-aac.org
+If you have a great idea or want to contribute to the project - visit our website at https://www.my-aac.org
+
+## Project supported by JetBrains
+
+Many thanks to Jetbrains for kindly providing a license for me to work on this and other open-source projects.
+
+[![JetBrains](https://resources.jetbrains.com/storage/products/company/brand/logos/jb_beam.svg)](https://www.jetbrains.com/?from=https://github.com/slawkens)
 
 ### License
 

SECURITY.md

@@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x.y   | :white_check_mark: |
+| 0.9.x   | :x:                |
+| 0.8.x   | :white_check_mark: |
+| < 0.7   | :x:                |
+
+## Reporting a Vulnerability
+
+If you found a security vulnerability, please write an email to security@my-aac.org
+
+All reports will be taken very seriously, and a fix will be posted as soon as possible.

admin/includes/functions.php

@@ -1 +1,2 @@
-<?php
+<?php
+// nothing yet here

admin/index.php

@@ -34,11 +34,6 @@ if(config('env') === 'dev') {
 	error_reporting(E_ALL);
 }
 
-// event system
-require_once SYSTEM . 'hooks.php';
-$hooks = new Hooks();
-$hooks->load();
-
 require SYSTEM . 'status.php';
 require SYSTEM . 'login.php';
 require SYSTEM . 'migrate.php';
@@ -68,4 +63,4 @@ ob_end_clean();
 // template
 $template_path = 'template/';
 require ADMIN . $template_path . 'template.php';
-?>
+

admin/pages/accounts.php

@@ -426,7 +426,7 @@ else if ($id > 0 && isset($account) && $account->isLoaded()) {
 		<div class="box-body">
 			<form action="<?php echo $base; ?>" method="post">
 				<div class="input-group input-group-sm">
-					<input type="text" class="form-control" name="search_name" value="<?php echo $search_account; ?>"
+					<input type="text" class="form-control" name="search_name" value="<?php echo escapeHtml($search_account); ?>"
 						   maxlength="32" size="32">
 					<span class="input-group-btn">
                           <button type="submit" type="button" class="btn btn-info btn-flat">Search</button>

admin/pages/items.php

@@ -10,8 +10,8 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Load items.xml';
 
-require LIBS . 'items.php';
-require LIBS . 'weapons.php';
+require_once LIBS . 'items.php';
+require_once LIBS . 'weapons.php';
 
 $twig->display('admin.items.html.twig');
 

admin/pages/pages.php

@@ -196,5 +196,3 @@ class Pages
 		return !count($errors);
 	}
 }
-
-?>

admin/pages/players.php

@@ -210,7 +210,7 @@ if ($id > 0) {
 
 		if ($hasBlessingsColumn) {
 			$blessings = $_POST['blessings'];
-			verify_number($blessings, 'Blessings', 2);
+			verify_number($blessings, 'Blessings', 3);
 		}
 
 		$balance = $_POST['balance'];
@@ -784,7 +784,7 @@ else if ($id > 0 && isset($player) && $player->isLoaded())
 			<div class="box-body">
 				<form action="<?php echo $base; ?>" method="post">
 					<div class="input-group input-group-sm">
-						<input type="text" class="form-control" name="search_name" value="<?php echo $search_name; ?>"
+						<input type="text" class="form-control" name="search_name" value="<?php echo escapeHtml($search_name); ?>"
 							   maxlength="32" size="32">
 						<span class="input-group-btn">
                           <button type="submit" type="button" class="btn btn-info btn-flat">Search</button>

admin/pages/plugins.php

@@ -10,8 +10,6 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Plugin manager';
 
-require_once LIBS . 'plugins.php';
-
 $twig->display('admin.plugins.form.html.twig');
 
 if (isset($_REQUEST['uninstall'])) {

admin/pages/statistics.php

@@ -36,4 +36,3 @@ $twig->display('admin.statistics.html.twig', array(
 	'account_type' => (USE_ACCOUNT_NAME ? 'name' : 'number'),
 	'points' => $points
 ));
-?>

admin/pages/version.php

@@ -47,4 +47,3 @@ function version_revert($version)
 	$release = $version;
 	return $major . '.' . $minor . '.' . $release;
 }*/
-?>

admin/tools/phpinfo.php

@@ -13,4 +13,3 @@ if(!function_exists('phpinfo'))
 	die('phpinfo() disabled on this web server.');
 
 phpinfo();
-?>

common.php

@@ -26,7 +26,7 @@
 if (version_compare(phpversion(), '7.2.5', '<')) die('PHP version 7.2.5 or higher is required.');
 
 define('MYAAC', true);
-define('MYAAC_VERSION', '0.8.10');
+define('MYAAC_VERSION', '0.8.24');
 define('DATABASE_VERSION', 33);
 define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));
@@ -97,9 +97,13 @@ $size = count($tmp) - 1;
 for($i = 1; $i < $size; $i++)
 	$basedir .= '/' . $tmp[$i];
 
-$basedir = str_replace(array('/admin', '/install'), '', $basedir);
+$basedir = str_replace(array('/admin', '/install', '/tools'), '', $basedir);
 define('BASE_DIR', $basedir);
 
+if (file_exists(BASE . 'config.local.php')) {
+	require BASE . 'config.local.php';
+}
+
 if(!IS_CLI) {
 	if (isset($_SERVER['HTTP_HOST'][0])) {
 		$baseHost = $_SERVER['HTTP_HOST'];
@@ -111,12 +115,21 @@ if(!IS_CLI) {
 		}
 	}
 
-	define('SERVER_URL', 'http' . (isset($_SERVER['HTTPS'][0]) && strtolower($_SERVER['HTTPS']) === 'on' ? 's' : '') . '://' . $baseHost);
+	define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
 	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
 	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
 
 	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
-
-	require SYSTEM . 'exception.php';
+	if(@$config['env'] === 'dev') {
+		require SYSTEM . 'exception.php';
+	}
 }
 require SYSTEM . 'autoload.php';
+
+function isHttps(): bool
+{
+	return
+		(!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https')
+		|| (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
+		|| (isset($_SERVER['SERVER_PORT']) && (int) $_SERVER['SERVER_PORT'] === 443);
+}

config.php

@@ -77,6 +77,7 @@ $config = array(
 	'database_log' => false, // should database queries be logged and and saved into system/logs/database.log?
 	'database_socket' => '', // set if you want to connect to database through socket (example: /var/run/mysqld/mysqld.sock)
 	'database_persistent' => false, // use database permanent connection (like server), may speed up your site
+	'database_encryption' => 'sha1',
 
 	// multiworld system (only TFS 0.3)
 	'multiworld' => false, // use multiworld system?
@@ -268,9 +269,9 @@ $config = array(
 
 	// status, took automatically from config file if empty
 	'status_enabled' => true, // you can disable status checking by settings this to "false"
-	'status_ip' => '',
+	'status_ip' => '127.0.0.1',
 	'status_port' => '',
-	'status_timeout' => 2, // how long to wait for the initial response from the server (default: 2 seconds)
+	'status_timeout' => 1.0, // how long to wait for the initial response from the server (default: 1 second)
 
 	// how often to connect to server and update status (default: every minute)
 	// if your status timeout in config.lua is bigger, that it will be used instead

index.php

@@ -24,6 +24,7 @@
  * @link      https://my-aac.org
  */
 
+ob_start();
 require_once 'common.php';
 require_once SYSTEM . 'functions.php';
 
@@ -167,7 +168,7 @@ else {
 }
 
 // handle ?fbclid=x, etc. (show news page)
-if (!$found && count($_GET) > 0 && !isset($_REQUEST['subtopic']) && !isset($_REQUEST['p'])) {
+if (!$found && count($_GET) > 0 && !isset($_REQUEST['subtopic']) && !isset($_REQUEST['p']) && !in_array($_SERVER['QUERY_STRING'], getDatabasePages())) {
 	$_REQUEST['p'] = $_REQUEST['subtopic'] = 'news';
 	$found = true;
 }
@@ -192,10 +193,6 @@ define('PAGE', $page);
 
 $template_place_holders = array();
 
-// event system
-require_once SYSTEM . 'hooks.php';
-$hooks = new Hooks();
-$hooks->load();
 require_once SYSTEM . 'login.php';
 require_once SYSTEM . 'status.php';
 
@@ -221,7 +218,7 @@ if(isset($config['anonymous_usage_statistics']) && $config['anonymous_usage_stat
 		if(fetchDatabaseConfig('last_usage_report', $value)) {
 			$should_report = time() > (int)$value + $report_time;
 			if($cache->enabled()) {
-				$cache->set('last_usage_report', $value);
+				$cache->set('last_usage_report', $value, 60 * 60);
 			}
 		}
 		else {
@@ -236,7 +233,7 @@ if(isset($config['anonymous_usage_statistics']) && $config['anonymous_usage_stat
 
 		updateDatabaseConfig('last_usage_report', time());
 		if($cache->enabled()) {
-			$cache->set('last_usage_report', time());
+			$cache->set('last_usage_report', time(), 60 * 60);
 		}
 	}
 }
@@ -298,6 +295,7 @@ if($config['backward_support']) {
 	$config['site'] = &$config;
 	$config['server'] = &$config['lua'];
 	$config['site']['shop_system'] = $config['gifts_system'];
+	$config['site']['gallery_page'] = true;
 
 	if(!isset($config['vdarkborder']))
 		$config['vdarkborder'] = '#505050';
@@ -336,7 +334,7 @@ if($load_it)
 
 	$success = false;
 	$tmp_content = getCustomPage($page, $success);
-	if($success) {
+	if($success && $hooks->trigger(HOOK_BEFORE_PAGE_CUSTOM)) {
 		$content .= $tmp_content;
 		if(hasFlag(FLAG_CONTENT_PAGES) || superAdmin()) {
 			$pageInfo = getCustomPageInfo($page);
@@ -344,13 +342,13 @@ if($load_it)
 					'page' => array('id' => $pageInfo !== null ? $pageInfo['id'] : 0, 'hidden' => $pageInfo !== null ? $pageInfo['hidden'] : '0')
 				)) . $content;
 		}
+
+		$hooks->trigger(HOOK_AFTER_PAGE_CUSTOM);
 	} else {
-		$file = TEMPLATES . $template_name . '/pages/' . $page . '.php';
-		if(!@file_exists($file) || preg_match('/[^A-z0-9_\-]/', $page))
-		{
-			$file = SYSTEM . 'pages/' . $page . '.php';
-			if(!@file_exists($file) || preg_match('/[^A-z0-9_\-]/', $page))
-			{
+		$file = TEMPLATES . "$template_name/pages/$page.php";
+		if(!@file_exists($file) || preg_match('/[^A-z0-9_\-]/', $page)) {
+			$file = SYSTEM . "pages/$page.php";
+			if(!@file_exists($file) || preg_match('/[^A-z0-9_\-]/', $page)) {
 				$page = '404';
 				$file = SYSTEM . 'pages/404.php';
 			}

install/includes/config.php

@@ -38,4 +38,3 @@ if(!isset($error) || !$error) {
 		$error = true;
 	}
 }
-?>

install/index.php

@@ -13,9 +13,6 @@ require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 require SYSTEM . 'clients.conf.php';
 
-if(file_exists(BASE . 'config.local.php'))
-	require BASE . 'config.local.php';
-
 // ignore undefined index from Twig autoloader
 $config['env'] = 'prod';
 
@@ -189,14 +186,14 @@ clearstatcache();
 if(is_writable(CACHE) && (MYAAC_OS != 'WINDOWS' || win_is_writable(CACHE))) {
 	if(!file_exists(BASE . 'install/ip.txt')) {
 		$content = warning('AAC installation is disabled. To enable it make file <b>ip.txt</b> in install/ directory and put there your IP.<br/>
-		Your IP is:<br /><b>' . $_SERVER['REMOTE_ADDR'] . '</b>', true);
+		Your IP is:<br /><b>' . get_browser_real_ip() . '</b>', true);
 	}
 	else {
 		$file_content = trim(file_get_contents(BASE . 'install/ip.txt'));
 		$allow = false;
 		$listIP = preg_split('/\s+/', $file_content);
 		foreach($listIP as $ip) {
-			if($_SERVER['REMOTE_ADDR'] == $ip) {
+			if(get_browser_real_ip() == $ip) {
 				$allow = true;
 			}
 		}

install/steps/2-license.php

@@ -5,4 +5,3 @@ $twig->display('install.license.html.twig', array(
 	'license' => file_get_contents(BASE . 'LICENSE'),
 	'buttons' => next_buttons()
 ));
-?>

install/steps/4-config.php

@@ -18,4 +18,3 @@ $twig->display('install.config.html.twig', array(
 	'errors' => isset($errors) ? $errors : null,
 	'buttons' => next_buttons()
 ));
-?>

install/steps/7-finish.php

@@ -79,6 +79,8 @@ else {
 
 		$account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
 		$account_used->setCustomField('country', 'us');
+		$account_used->setCustomField('email_verified', 1);
+
 		if($db->hasColumn('accounts', 'group_id'))
 			$account_used->setCustomField('group_id', $groups->getHighestId());
 		if($db->hasColumn('accounts', 'type'))
@@ -137,14 +139,5 @@ else {
 			}
 			$_SESSION['installed'] = true;
 		}
-
-		foreach($_SESSION as $key => $value) {
-			if(strpos($key, 'var_') !== false)
-				unset($_SESSION[$key]);
-		}
-		unset($_SESSION['saved']);
-		if(file_exists(CACHE . 'install.txt')) {
-			unlink(CACHE . 'install.txt');
-		}
 	}
 }

install/template/template.php

@@ -1,3 +1,4 @@
+<?php defined('MYAAC') or die('Direct access not allowed!'); ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" dir="<?php echo $locale['direction']; ?>" lang="<?php echo $locale['lang']; ?>" xml:lang="<?php echo $locale['lang']; ?>">
 <head>

install/tools/5-database.php

@@ -7,12 +7,19 @@ require SYSTEM . 'functions.php';
 require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 
+if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
+	warning($locale['already_installed']);
+	return;
+}
+
 $error = false;
 require BASE . 'install/includes/config.php';
 
 ini_set('max_execution_time', 300);
+
+@ob_end_flush();
 ob_implicit_flush();
-ob_end_flush();
+
 header('X-Accel-Buffering: no');
 
 if(!$error) {

install/tools/7-finish.php

@@ -8,8 +8,10 @@ require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 
 ini_set('max_execution_time', 300);
+
+@ob_end_flush();
 ob_implicit_flush();
-ob_end_flush();
+
 header('X-Accel-Buffering: no');
 
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
@@ -95,6 +97,16 @@ require_once SYSTEM . 'migrations/22.php';
 require_once SYSTEM . 'migrations/27.php';
 require_once SYSTEM . 'migrations/30.php';
 
+// cleanup
+foreach($_SESSION as $key => $value) {
+	if(strpos($key, 'var_') !== false)
+		unset($_SESSION[$key]);
+}
+unset($_SESSION['saved']);
+if(file_exists(CACHE . 'install.txt')) {
+	unlink(CACHE . 'install.txt');
+}
+
 $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_replace('tools/', '',ADMIN_URL), $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(str_replace('tools/', '', BASE_URL), $locale['step_finish_homepage'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$LINK$', generateLink('https://my-aac.org', 'https://my-aac.org', true), $locale['step_finish_desc']);

nginx-sample.conf

@@ -10,28 +10,27 @@ server {
 	# this is very important, be sure its in your nginx conf - it prevents access to logs etc.
 	location ~ /system {
 		deny all;
-		return 404;
 	}
 
-	# block .htaccess
-	location ~ /\.ht {
+	# block .htaccess, CHANGELOG.md, composer.json etc.
+	# this is to prevent finding software versions
+	location ~\.(ht|md|json|dist)$ {
 		deny all;
 	}
 
 	# block git files and folders
 	location ~ /\.git {
-		return 404;
 		deny all;
 	}
 
 	location / {
-		try_files $uri $uri/ /index.php;
+		try_files $uri $uri/ /index.php?$query_string;;
 	}
 
 	location ~ \.php$ {
 		include snippets/fastcgi-php.conf;
 		fastcgi_read_timeout 240;
 		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
-		# for ubuntu 22.04+ it will be php8.1-fpm.-sock
+		# for ubuntu 22.04+ it will be php8.1-fpm.sock
 	}
 }

plugins/email-confirmed-reward/reward.php

@@ -4,12 +4,12 @@ defined('MYAAC') or die('Direct access not allowed!');
 $reward = config('account_mail_confirmed_reward');
 
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
-if ($reward['coins'] > 0 && $hasCoinsColumn) {
+if ($reward['coins'] > 0 && !$hasCoinsColumn) {
 	log_append('email_confirm_error.log', 'accounts.coins column does not exist.');
 }
 
 if (!isset($account) || !$account->isLoaded()) {
-	log_append('email_confirm_error.log', 'Account not loaded.');
+	//log_append('email_confirm_error.log', 'Account not loaded.');
 	return;
 }
 

release.sh

@@ -22,7 +22,7 @@ if [ $1 = "prepare" ]; then
 	mkdir -p tmp
 
 	# get myaac from git archive
-	git archive --format zip --output tmp/myaac.zip master
+	git archive --format zip --output tmp/myaac.zip 0.8
 
 	cd tmp/ || exit
 

system/bin/install_plugin.php

@@ -8,8 +8,6 @@ if(PHP_SAPI !== 'cli') {
 require_once __DIR__ . '/../../common.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
-require_once SYSTEM . 'hooks.php';
-require_once LIBS . 'plugins.php';
 
 if($argc !== 2) {
 	echo 'This command expects one parameter: zip file name (plugin)' . PHP_EOL;

system/clients.conf.php

@@ -99,4 +99,14 @@ $config['clients'] = [
 	1291,
 
 	1300,
+	1310,
+	1311,
+	1312,
+	1316,
+	1320,
+	1321,
+	1322,
+	1330,
+	1332,
+	1340,
 ];

system/compat/classes.php

@@ -9,7 +9,30 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-class Player extends OTS_Player {}
-class Guild extends OTS_Guild {}
+class Account extends OTS_Account {
+	public function loadById($id) {
+		$this->load($id);
+	}
+	public function loadByName($name) {
+		$this->find($name);
+	}
+}
+
+class Player extends OTS_Player {
+	public function loadById($id) {
+		$this->load($id);
+	}
+	public function loadByName($name) {
+		$this->find($name);
+	}
+}
+class Guild extends OTS_Guild {
+	public function loadById($id) {
+		$this->load($id);
+	}
+	public function loadByName($name) {
+		$this->find($name);
+	}
+}
 class GuildRank extends OTS_GuildRank {}
 class House extends OTS_House {}

system/compat/pages.php

@@ -10,6 +10,14 @@
 defined('MYAAC') or die('Direct access not allowed!');
 switch($page)
 {
+	case 'adminpanel':
+		header('Location: ' . ADMIN_URL);
+		die;
+
+	case 'archive':
+		$page = 'newsarchive';
+		break;
+
 	case 'whoisonline':
 		$page = 'online';
 		break;
@@ -37,4 +45,3 @@ switch($page)
 	default:
 		break;
 }
-?>

system/counter.php

@@ -51,4 +51,3 @@ else
 		updateDatabaseConfig('views_counter', $views_counter); // update counter
 	}
 }
-?>

system/database.php

@@ -116,5 +116,4 @@ defined('MYAAC') or die('Direct access not allowed!');
 				'<li>MySQL is not configured propertly in <i>config.lua</i>.</li>' .
 				'<li>MySQL server is not running.</li>' .
 			'</ul>' . $error->getMessage());
-
 	}

system/exception.php

@@ -23,6 +23,8 @@ function exception_handler($exception) {
 
 	$backtrace_formatted = nl2br($exception->getTraceAsString());
 
+	$message = $message . "<br/><br/>File: {$exception->getFile()}<br/>Line: {$exception->getLine()}";
+
 	// display basic error message without template
 	// template is missing, why? probably someone deleted templates dir, or it wasn't downloaded right
 	$template_file = SYSTEM . 'templates/exception.html.twig';
@@ -35,12 +37,14 @@ function exception_handler($exception) {
 	}
 
 	// display beautiful error message
-	// the file is .twig.html, but its not really parsed by Twig
+	// the file is .twig.html, but it's not really parsed by Twig
 	// we just replace some values manually
 	// cause in case Twig throws exception, we can show it too
 	$content = file_get_contents($template_file);
 	$content = str_replace(array('{{ BASE_URL }}', '{{ exceptionClass }}', '{{ message }}', '{{ backtrace }}', '{{ powered_by }}'), array(BASE_URL, get_class($exception), $message, $backtrace_formatted, base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4=')), $content);
 
+	@ob_clean();
+
 	echo $content;
 }
 

system/functions.php

@@ -7,11 +7,10 @@
  * @copyright 2019 MyAAC
  * @link      https://my-aac.org
  */
+defined('MYAAC') or die('Direct access not allowed!');
 
 use Twig\Loader\ArrayLoader as Twig_ArrayLoader;
 
-defined('MYAAC') or die('Direct access not allowed!');
-
 function message($message, $type, $return)
 {
 	if(IS_CLI) {
@@ -757,10 +756,10 @@ function get_browser_languages()
 {
 	$ret = array();
 
-	$acceptLang = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
-	if(!isset($acceptLang[0]))
+	if(empty($_SERVER['HTTP_ACCEPT_LANGUAGE']))
 		return $ret;
 
+	$acceptLang = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
 	$languages = strtolower($acceptLang);
 	// $languages = 'pl,en-us;q=0.7,en;q=0.3 ';
 	// need to remove spaces from strings to avoid error
@@ -798,7 +797,7 @@ function get_plugins()
 	$ret = array();
 
 	$path = PLUGINS;
-	foreach(scandir($path, 0) as $file) {
+	foreach(scandir($path, SCANDIR_SORT_ASCENDING) as $file) {
 		$file_ext = pathinfo($file, PATHINFO_EXTENSION);
 		$file_name = pathinfo($file, PATHINFO_FILENAME);
 		if ($file === '.' || $file === '..' || $file === 'disabled' || $file === 'example.json' || $file_ext !== 'json' || is_dir($path . $file))
@@ -924,8 +923,8 @@ function load_config_lua($filename)
 	$config_file = $filename;
 	if(!@file_exists($config_file))
 	{
-		log_append('error.log', '[load_config_file] Fatal error: Cannot load config.lua (' . $filename . '). Error: ' . print_r(error_get_last(), true));
-		throw new RuntimeException('ERROR: Cannot find ' . $filename . ' file. More info in system/logs/error.log');
+		log_append('error.log', '[load_config_file] Fatal error: Cannot load config.lua (' . $filename . ').');
+		throw new RuntimeException('ERROR: Cannot find ' . $filename . ' file.');
 	}
 
 	$result = array();
@@ -973,12 +972,19 @@ function load_config_lua($filename)
 					}
 					else
 					{
-						foreach($result as $tmp_key => $tmp_value) // load values definied by other keys, like: dailyFragsToBlackSkull = dailyFragsToRedSkull
+						foreach($result as $tmp_key => $tmp_value) { // load values defined by other keys, like: dailyFragsToBlackSkull = dailyFragsToRedSkull
 							$value = str_replace($tmp_key, $tmp_value, $value);
-						$ret = @eval("return $value;");
-						if((string) $ret == '' && trim($value) !== '""') // = parser error
-						{
-							throw new RuntimeException('ERROR: Loading config.lua file. Line <b>' . ($ln + 1) . '</b> of LUA config file is not valid [key: <b>' . $key . '</b>]');
+						}
+
+						try {
+							$ret = eval("return $value;");
+						}
+						catch (Throwable $e) {
+							throw new RuntimeException('ERROR: Loading config.lua file. Line: ' . ($ln + 1) . ' - Unable to parse value "' . $value . '" - ' . $e->getMessage());
+						}
+
+						if((string) $ret == '' && trim($value) !== '""') {
+							throw new RuntimeException('ERROR: Loading config.lua file. Line ' . ($ln + 1) . ' is not valid [key: ' . $key . ']');
 						}
 						$result[$key] = $ret;
 					}
@@ -1147,9 +1153,30 @@ function clearCache()
 		if ($cache->fetch('failed_logins', $tmp))
 			$cache->delete('failed_logins');
 
-		global $template_name;
-		if ($cache->fetch('template_ini' . $template_name, $tmp))
-			$cache->delete('template_ini' . $template_name);
+		foreach (get_templates() as $template) {
+			if ($cache->fetch('template_ini_' . $template, $tmp)) {
+				$cache->delete('template_ini_' . $template);
+			}
+		}
+
+		if ($cache->fetch('template_menus', $tmp)) {
+			$cache->delete('template_menus');
+		}
+		if ($cache->fetch('database_tables', $tmp)) {
+			$cache->delete('database_tables');
+		}
+		if ($cache->fetch('database_columns', $tmp)) {
+			$cache->delete('database_columns');
+		}
+		if ($cache->fetch('database_checksum', $tmp)) {
+			$cache->delete('database_checksum');
+		}
+		if ($cache->fetch('hooks', $tmp)) {
+			$cache->delete('hooks');
+		}
+		if ($cache->fetch('last_kills', $tmp)) {
+			$cache->delete('last_kills');
+		}
 	}
 
 	deleteDirectory(CACHE . 'signatures', ['index.html'], true);
@@ -1245,7 +1272,70 @@ function getCustomPage($page, &$success)
 }
 
 function escapeHtml($html) {
-	return htmlentities($html, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
+	return htmlspecialchars($html);
+}
+
+function getGuildNameById($id)
+{
+	global $db;
+
+	$guild = $db->query('SELECT `name` FROM `guilds` WHERE `id` = ' . (int)$id);
+
+	if ($guild->rowCount() > 0) {
+		return $guild->fetchColumn();
+	}
+
+	return false;
+}
+
+function getGuildLogoById($id)
+{
+	global $db;
+
+	$logo = 'default.gif';
+
+	$query = $db->query('SELECT `logo_name` FROM `guilds` WHERE `id` = ' . (int)$id);
+	if ($query->rowCount() == 1) {
+
+		$query = $query->fetch(PDO::FETCH_ASSOC);
+		$guildLogo = $query['logo_name'];
+
+		if (!empty($guildLogo) && file_exists('images/guilds/' . $guildLogo)) {
+			$logo = $guildLogo;
+		}
+	}
+
+	return BASE_URL . 'images/guilds/' . $logo;
+}
+
+function displayErrorBoxWithBackButton($errors, $action = null) {
+	global $twig;
+	$twig->display('error_box.html.twig', ['errors' => $errors]);
+	$twig->display('account.back_button.html.twig', [
+		'action' => $action ?: getLink('')
+	]);
+}
+
+function getDatabasePages($withHidden = false): array
+{
+	global $db, $logged_access;
+
+	if (!isset($logged_access)) {
+		$logged_access = 1;
+	}
+
+	$pages = $db->query('SELECT `name` FROM ' . TABLE_PREFIX . 'pages WHERE ' . ($withHidden ? '' : '`hidden` != 1 AND ') . '`access` <= ' . $db->quote($logged_access));
+	$ret = [];
+
+	if ($pages->rowCount() < 1) {
+		return $ret;
+	}
+
+	foreach($pages->fetchAll() as $page) {
+		$ret[] = $page['name'];
+	}
+
+	return $ret;
 }
 
 // validator functions

system/hooks.php

@@ -9,45 +9,68 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-define('HOOK_STARTUP', 1);
-define('HOOK_BEFORE_PAGE', 2);
-define('HOOK_AFTER_PAGE', 3);
-define('HOOK_FINISH', 4);
-define('HOOK_TIBIACOM_ARTICLE', 5);
-define('HOOK_TIBIACOM_BORDER_3', 6);
-define('HOOK_CHARACTERS_BEFORE_INFORMATIONS', 7);
-define('HOOK_CHARACTERS_AFTER_INFORMATIONS', 8);
-define('HOOK_CHARACTERS_BEFORE_SIGNATURE', 9);
-define('HOOK_CHARACTERS_AFTER_SIGNATURE', 10);
-define('HOOK_CHARACTERS_AFTER_ACCOUNT', 11);
-define('HOOK_CHARACTERS_AFTER_CHARACTERS', 12);
-define('HOOK_LOGIN', 13);
-define('HOOK_LOGIN_ATTEMPT', 14);
-define('HOOK_LOGOUT', 15);
-define('HOOK_ACCOUNT_CREATE_BEFORE_FORM', 16);
-define('HOOK_ACCOUNT_CREATE_BEFORE_BOXES', 17);
-define('HOOK_ACCOUNT_CREATE_BETWEEN_BOXES_1', 18);
-define('HOOK_ACCOUNT_CREATE_BETWEEN_BOXES_2', 19);
-define('HOOK_ACCOUNT_CREATE_AFTER_BOXES', 20);
-define('HOOK_ACCOUNT_CREATE_BEFORE_ACCOUNT', 21);
-define('HOOK_ACCOUNT_CREATE_AFTER_ACCOUNT', 22);
-define('HOOK_ACCOUNT_CREATE_AFTER_EMAIL', 23);
-define('HOOK_ACCOUNT_CREATE_AFTER_COUNTRY', 24);
-define('HOOK_ACCOUNT_CREATE_AFTER_PASSWORDS', 25);
-define('HOOK_ACCOUNT_CREATE_AFTER_RECAPTCHA', 26);
-define('HOOK_ACCOUNT_CREATE_BEFORE_CHARACTER_NAME', 27);
-define('HOOK_ACCOUNT_CREATE_AFTER_CHARACTER_NAME', 28);
-define('HOOK_ACCOUNT_CREATE_AFTER_SEX', 29);
-define('HOOK_ACCOUNT_CREATE_AFTER_VOCATION', 30);
-define('HOOK_ACCOUNT_CREATE_AFTER_TOWNS', 31);
-define('HOOK_ACCOUNT_CREATE_BEFORE_SUBMIT_BUTTON', 32);
-define('HOOK_ACCOUNT_CREATE_AFTER_FORM', 33);
-define('HOOK_ACCOUNT_CREATE_AFTER_SUBMIT', 34);
-define('HOOK_EMAIL_CONFIRMED', 35);
+$i = 0;
+define('HOOK_INIT', ++$i);
+define('HOOK_STARTUP', ++$i);
+define('HOOK_BEFORE_PAGE', ++$i);
+define('HOOK_BEFORE_PAGE_CUSTOM', ++$i);
+define('HOOK_AFTER_PAGE', ++$i);
+define('HOOK_AFTER_PAGE_CUSTOM', ++$i);
+define('HOOK_FINISH', ++$i);
+define('HOOK_TIBIACOM_ARTICLE', ++$i);
+define('HOOK_TIBIACOM_BORDER_3', ++$i);
+define('HOOK_CHARACTERS_BEFORE_INFORMATIONS', ++$i);
+define('HOOK_CHARACTERS_AFTER_INFORMATIONS', ++$i);
+define('HOOK_CHARACTERS_BEFORE_SKILLS', ++$i);
+define('HOOK_CHARACTERS_AFTER_SKILLS', ++$i);
+define('HOOK_CHARACTERS_AFTER_QUESTS', ++$i);
+define('HOOK_CHARACTERS_AFTER_EQUIPMENT', ++$i);
+define('HOOK_CHARACTERS_BEFORE_DEATHS', ++$i);
+define('HOOK_CHARACTERS_BEFORE_SIGNATURE', ++$i);
+define('HOOK_CHARACTERS_AFTER_SIGNATURE', ++$i);
+define('HOOK_CHARACTERS_AFTER_ACCOUNT', ++$i);
+define('HOOK_CHARACTERS_AFTER_CHARACTERS', ++$i);
+define('HOOK_LOGIN', ++$i);
+define('HOOK_LOGIN_ATTEMPT', ++$i);
+define('HOOK_LOGOUT', ++$i);
+define('HOOK_ACCOUNT_CHARACTERS_CHANGE_COMMENT_AFTER_SUCCESS', ++$i);
+define('HOOK_ACCOUNT_CHARACTERS_CHANGE_COMMENT_AFTER_NAME', ++$i);
+define('HOOK_ACCOUNT_CHARACTERS_CHANGE_COMMENT_AFTER_HIDE_ACCOUNT', ++$i);
+define('HOOK_ACCOUNT_CHARACTERS_CHANGE_COMMENT_AFTER_COMMENT', ++$i);
+define('HOOK_ACCOUNT_CREATE_BEFORE_FORM', ++$i);
+define('HOOK_ACCOUNT_CREATE_BEFORE_BOXES', ++$i);
+define('HOOK_ACCOUNT_CREATE_BETWEEN_BOXES_1', ++$i);
+define('HOOK_ACCOUNT_CREATE_BETWEEN_BOXES_2', ++$i);
+define('HOOK_ACCOUNT_CREATE_AFTER_BOXES', ++$i);
+define('HOOK_ACCOUNT_CREATE_BEFORE_ACCOUNT', ++$i);
+define('HOOK_ACCOUNT_CREATE_AFTER_ACCOUNT', ++$i);
+define('HOOK_ACCOUNT_CREATE_AFTER_EMAIL', ++$i);
+define('HOOK_ACCOUNT_CREATE_AFTER_COUNTRY', ++$i);
+define('HOOK_ACCOUNT_CREATE_AFTER_PASSWORDS', ++$i);
+define('HOOK_ACCOUNT_CREATE_AFTER_RECAPTCHA', ++$i);
+define('HOOK_ACCOUNT_CREATE_BEFORE_CHARACTER_NAME', ++$i);
+define('HOOK_ACCOUNT_CREATE_AFTER_CHARACTER_NAME', ++$i);
+define('HOOK_ACCOUNT_CREATE_AFTER_SEX', ++$i);
+define('HOOK_ACCOUNT_CREATE_AFTER_VOCATION', ++$i);
+define('HOOK_ACCOUNT_CREATE_AFTER_TOWNS', ++$i);
+define('HOOK_ACCOUNT_CREATE_BEFORE_SUBMIT_BUTTON', ++$i);
+define('HOOK_ACCOUNT_CREATE_AFTER_FORM', ++$i);
+define('HOOK_ACCOUNT_CREATE_POST', ++$i);
+define('HOOK_ACCOUNT_CREATE_AFTER_SUBMIT', ++$i);
+define('HOOK_ACCOUNT_CREATE_AFTER_SAVED', ++$i);
+define('HOOK_ACCOUNT_MANAGE_BEFORE_GENERAL_INFORMATION', ++$i);
+define('HOOK_ACCOUNT_MANAGE_BEFORE_PUBLIC_INFORMATION', ++$i);
+define('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS', ++$i);
+define('HOOK_ACCOUNT_MANAGE_BEFORE_CHARACTERS', ++$i);
+define('HOOK_EMAIL_CONFIRMED', ++$i);
+define('HOOK_GUILDS_AFTER_INVITED_CHARACTERS', ++$i);
+define('HOOK_TWIG', ++$i);
 define('HOOK_FIRST', HOOK_STARTUP);
-define('HOOK_LAST', HOOK_EMAIL_CONFIRMED);
+define('HOOK_LAST', $i);
 
 require_once LIBS . 'plugins.php';
+require_once LIBS . 'src/Plugins.php';
+
 class Hook
 {
 	private $_name, $_type, $_file;
@@ -68,9 +91,7 @@ class Hook
 		}*/
 
 		global $db, $config, $template_path, $ots, $content, $twig;
-		if(file_exists(BASE . $this->_file)) {
-			$ret = require BASE . $this->_file;
-		}
+		$ret = include BASE . $this->_file;
 
 		return !isset($ret) || $ret == 1 || $ret;
 	}

system/init.php

@@ -28,7 +28,8 @@ if($config['gzip_output'] && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && strpos($
 	ob_start('ob_gzhandler');
 
 // cache
-require_once SYSTEM . 'libs/cache.php';
+require_once LIBS . 'cache.php';
+require_once LIBS . 'src/Cache.php';
 $cache = Cache::getInstance();
 
 // trim values we receive
@@ -73,8 +74,8 @@ if($config_lua_reload) {
 
 	// cache config
 	if($cache->enabled()) {
-		$cache->set('config_lua', serialize($config['lua']), 120);
-		$cache->set('server_path', $config['server_path']);
+		$cache->set('config_lua', serialize($config['lua']), 2 * 60);
+		$cache->set('server_path', $config['server_path'], 10 * 60);
 	}
 }
 unset($tmp);
@@ -111,18 +112,24 @@ if(!isset($foundValue)) {
 $config['data_path'] = $foundValue;
 unset($foundValue);
 
-// new config values for compability
+// new config values for compatibility
 if(!isset($config['highscores_ids_hidden']) || count($config['highscores_ids_hidden']) == 0) {
 	$config['highscores_ids_hidden'] = array(0);
 }
 
-$config['account_create_character_create'] = config('account_create_character_create') && (!config('mail_enabled') || !config('account_mail_verify'));
+$config['account_mail_verify'] = config('account_mail_verify') && config('mail_enabled');
 
 // POT
 require_once SYSTEM . 'libs/pot/OTS.php';
 $ots = POT::getInstance();
 require_once SYSTEM . 'database.php';
 
+// event system
+require_once SYSTEM . 'hooks.php';
+$hooks = new Hooks();
+$hooks->load();
+$hooks->trigger(HOOK_INIT);
+
 // twig
 require_once SYSTEM . 'twig.php';
 

system/item.php

@@ -58,4 +58,3 @@ function outputItem($id = 100, $count = 1)
 	$file_name = Items_Images::$outputDir . $file_name . '.gif';
 	readfile($file_name);
 }
-?>

system/libs/CreateCharacter.php

@@ -138,7 +138,7 @@ class CreateCharacter
 
 		if(empty($errors))
 		{
-			$number_of_players_on_account = $account->getPlayersList(false)->count();
+			$number_of_players_on_account = $account->getPlayersList(true)->count();
 			if($number_of_players_on_account >= config('characters_per_account'))
 				$errors[] = 'You have too many characters on your account <b>('.$number_of_players_on_account.'/'.config('characters_per_account').')</b>!';
 		}

system/libs/TwigTypeCastingExtension.php

@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace MyAAC\Twig\Extension;
+
+use Twig\Extension\AbstractExtension;
+use Twig\TwigFilter;
+
+final class TwigTypeCastingExtension extends AbstractExtension
+{
+	/** @return array<int, TwigFilter> */
+	public function getFilters(): array
+	{
+		return [
+			new TwigFilter('int', function ($value) {
+				return (int)$value;
+			}),
+			new TwigFilter('float', function ($value) {
+				return (float)$value;
+			}),
+			new TwigFilter('string', function ($value) {
+				return (string)$value;
+			}),
+			new TwigFilter('bool', function ($value) {
+				return (bool)$value;
+			}),
+			new TwigFilter('array', function (object $value) {
+				return (array)$value;
+			}),
+			new TwigFilter('object', function (array $value) {
+				return (object)$value;
+			}),
+		];
+	}
+}

system/libs/cache.php

@@ -110,4 +110,21 @@ class Cache
 	 * @return bool
 	 */
 	public function enabled() {return false;}
+
+	public static function remember($key, $ttl, $callback)
+	{
+		$cache = self::getInstance();
+		if(!$cache->enabled()) {
+			return $callback();
+		}
+
+		$value = null;
+		if ($cache->fetch($key, $value)) {
+			return unserialize($value);
+		}
+
+		$value = $callback();
+		$cache->set($key, serialize($value),$ttl);
+		return $value;
+	}
 }

system/libs/data.php

@@ -41,4 +41,3 @@ class Data
 		return $db->update($this->table, $data, $where);
 	}
 }
-?>

system/libs/forum.php

@@ -71,7 +71,7 @@ class Forum
 			'post_smile' => 0, 'post_html' => 1,
 			'post_date' => time(),
 			'last_edit_aid' => 0, 'edit_date' => 0,
-			'post_ip' => $_SERVER['REMOTE_ADDR']
+			'post_ip' => get_browser_real_ip()
 		))) {
 			$thread_id = $db->lastInsertId();
 			$db->query("UPDATE `" . FORUM_TABLE_PREFIX . "forum` SET `first_post`=".(int) $thread_id." WHERE `id` = ".(int) $thread_id);
@@ -93,7 +93,7 @@ class Forum
 			'post_smile' => $smile,
 			'post_html' => $html,
 			'post_date' => time(),
-			'post_ip' => $_SERVER['REMOTE_ADDR']
+			'post_ip' => get_browser_real_ip()
 		));
 	}
 	public static function add_board($name, $description, $access, $guild, &$errors)

system/libs/plugins.php

@@ -74,6 +74,10 @@ class Plugins {
 			if (isset($plugin['hooks'])) {
 				foreach ($plugin['hooks'] as $_name => $info) {
 					if (defined('HOOK_'. $info['type'])) {
+						if (strpos($info['type'], 'HOOK_') !== false) {
+							$info['type'] = str_replace('HOOK_', '', $info['type']);
+						}
+
 						$hook = constant('HOOK_'. $info['type']);
 						$hooks[] = ['name' => $_name, 'type' => $hook, 'file' => $info['file']];
 					} else {
@@ -140,20 +144,13 @@ class Plugins {
 			$continue = true;
 
 			if(!isset($plugin_json['name']) || empty(trim($plugin_json['name']))) {
-				self::$warnings[] = 'Plugin "name" tag is not set.';
-			}
-			if(!isset($plugin_json['description']) || empty(trim($plugin_json['description']))) {
-				self::$warnings[] = 'Plugin "description" tag is not set.';
+				self::$error = 'Plugin "name" tag is not set.';
+				return false;
 			}
+
 			if(!isset($plugin_json['version']) || empty(trim($plugin_json['version']))) {
 				self::$warnings[] = 'Plugin "version" tag is not set.';
 			}
-			if(!isset($plugin_json['author']) || empty(trim($plugin_json['author']))) {
-				self::$warnings[] = 'Plugin "author" tag is not set.';
-			}
-			if(!isset($plugin_json['contact']) || empty(trim($plugin_json['contact']))) {
-				self::$warnings[] = 'Plugin "contact" tag is not set.';
-			}
 
 			if(isset($plugin_json['require'])) {
 				$require = $plugin_json['require'];
@@ -401,4 +398,60 @@ class Plugins {
 
 		return $string;
 	}
+
+	/**
+	 * Install menus
+	 * Helper function for plugins
+	 *
+	 * @param string $templateName
+	 * @param array $menus
+	 */
+	public static function installMenus($templateName, $menus, $clearOld = false)
+	{
+		global $db;
+
+		if ($clearOld) {
+			$db->query('DELETE FROM `' . TABLE_PREFIX . 'menu` WHERE `template` = ' . $db->quote($templateName));
+		}
+
+		// check if menus already exist
+		$query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'menu` WHERE `template` = ' . $db->quote($templateName) . ' LIMIT 1;');
+		if ($query->rowCount() > 0) {
+			return;
+		}
+
+		foreach ($menus as $category => $_menus) {
+			$i = 0;
+			foreach ($_menus as $name => $link) {
+				$color = '';
+				$blank = 0;
+
+				if (is_array($link)) {
+					if (isset($link['name'])) {
+						$name = $link['name'];
+					}
+					if (isset($link['color'])) {
+						$color = $link['color'];
+					}
+					if (isset($link['blank'])) {
+						$blank = $link['blank'] ? 1 : 0;
+					}
+
+					$link = $link['link'];
+				}
+
+				$insert_array = [
+					'template' => $templateName,
+					'name' => $name,
+					'link' => $link,
+					'category' => $category,
+					'ordering' => $i++,
+					'blank' => $blank,
+					'color' => $color,
+				];
+
+				$db->insert(TABLE_PREFIX . 'menu', $insert_array);
+			}
+		}
+	}
 }

system/libs/pot/E_OTS_ErrorCode.php

@@ -32,5 +32,3 @@ class E_OTS_ErrorCode extends Exception
 }
 
 /**#@-*/
-
-?>

system/libs/pot/E_OTS_Generic.php

@@ -36,5 +36,3 @@ class E_OTS_Generic extends E_OTS_ErrorCode
 }
 
 /**#@-*/
-
-?>

system/libs/pot/E_OTS_NotAContainer.php

@@ -22,5 +22,3 @@ class E_OTS_NotAContainer extends Exception
 }
 
 /**#@-*/
-
-?>

system/libs/pot/E_OTS_OTBMError.php

@@ -32,5 +32,3 @@ class E_OTS_OTBMError extends E_OTS_ErrorCode
 }
 
 /**#@-*/
-
-?>

system/libs/pot/E_OTS_ReadOnly.php

@@ -22,5 +22,3 @@ class E_OTS_ReadOnly extends Exception
 }
 
 /**#@-*/
-
-?>

system/libs/pot/IOTS_Cipher.php

@@ -37,5 +37,3 @@ interface IOTS_Cipher
 }
 
 /**#@-*/
-
-?>

system/libs/pot/IOTS_DataDisplay.php

@@ -89,5 +89,3 @@ interface IOTS_DataDisplay
 }
 
 /**#@-*/
-
-?>

system/libs/pot/IOTS_Display.php

@@ -96,5 +96,3 @@ interface IOTS_Display
 }
 
 /**#@-*/
-
-?>

system/libs/pot/IOTS_GuildAction.php

@@ -67,5 +67,3 @@ interface IOTS_GuildAction
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_Account.php

@@ -374,16 +374,13 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		if(isset($this->data['premium_ends_at']) || isset($this->data['premend'])) {
 			$col = isset($this->data['premium_ends_at']) ? 'premium_ends_at' : 'premend';
 			$ret = ceil(($this->data[$col] - time()) / (24 * 60 * 60));
-			return $ret > 0 ? $ret : 0;
+			return max($ret, 0);
 		}
 
 		if($this->data['premdays'] == 0) {
 			return 0;
 		}
 
-		global $config;
-		if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return -1;
-
 		if($this->data['premdays'] == self::GRATIS_PREMIUM_DAYS){
 			return self::GRATIS_PREMIUM_DAYS;
 		}
@@ -922,7 +919,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
         $access = 0;
 
         // finds ranks of all characters
-        foreach($this->getPlayersList() as $player)
+        foreach($this->getPlayersList(false) as $player)
         {
             $rank = $player->getRank();
 
@@ -1126,5 +1123,3 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_AccountBans_List.php

@@ -34,5 +34,3 @@ class OTS_AccountBans_List extends OTS_Bans_List
         $this->setFilter($filter);
     }
 }
-
-?>

system/libs/pot/OTS_Admin.php

@@ -735,5 +735,3 @@ class OTS_Admin
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_Bans_List.php

@@ -100,5 +100,3 @@ class OTS_Bans_List extends OTS_Base_List
         }
     }
 }
-
-?>

system/libs/pot/OTS_Base_DB.php

@@ -167,8 +167,14 @@ abstract class OTS_Base_DB extends PDO implements IOTS_DB
 		$query = 'UPDATE '.$this->tableName($table).' SET ';
 
 		$count = count($fields);
-		for ($i = 0; $i < $count; $i++)
-			$query.= $this->fieldName($fields[$i]).' = '.$this->quote($values[$i]).', ';
+		for ($i = 0; $i < $count; $i++) {
+			$value = 'NULL';
+			if ($values[$i] !== null) {
+				$value = $this->quote($values[$i]);
+			}
+
+			$query.= $this->fieldName($fields[$i]).' = '.$value.', ';
+		}
 
 		$query = substr($query, 0, -2);
 		$query.=' WHERE (';
@@ -212,6 +218,30 @@ abstract class OTS_Base_DB extends PDO implements IOTS_DB
 		$this->exec($query);
 		return true;
 	}
+
+	public function addColumn($table, $column, $definition): void {
+		$this->exec('ALTER TABLE ' . $this->tableName($table) . ' ADD ' . $this->fieldName($column) . ' ' . $definition . ';');
+	}
+
+	public function modifyColumn($table, $column, $definition): void {
+		$this->exec('ALTER TABLE ' . $this->tableName($table) . ' MODIFY ' . $this->fieldName($column) . ' ' . $definition . ';');
+	}
+
+	public function changeColumn($table, $from, $to, $definition): void {
+		$this->exec('ALTER TABLE ' . $this->tableName($table) . ' CHANGE ' . $this->fieldName($from) . ' ' . $this->fieldName($to) . ' ' . $definition . ';');
+	}
+
+	public function dropColumn($table, $column): void {
+		$this->exec('ALTER TABLE ' . $this->tableName($table) . ' DROP COLUMN ' . $this->fieldName($column) . ';');
+	}
+
+	public function renameTable($from, $to): void {
+		$this->exec('RENAME TABLE ' . $this->tableName($from) . ' TO ' . $this->tableName($to) . ';');
+	}
+
+	public function dropTable($table, $ifExists = true): void {
+		$this->exec('DROP TABLE ' . ($ifExists ? 'IF EXISTS' : '') . ' ' . $this->tableName($table) . ';');
+	}
 /**
  * LIMIT/OFFSET clause for queries.
  *
@@ -248,5 +278,3 @@ abstract class OTS_Base_DB extends PDO implements IOTS_DB
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_BinaryTools.php

@@ -146,5 +146,3 @@ class OTS_BinaryTools
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_Container.php

@@ -149,5 +149,3 @@ class OTS_Container extends OTS_Item implements IteratorAggregate
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_DB_MySQL.php

@@ -151,7 +151,8 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		}
 
 		if($this->logged) {
-			log_append('database.log', $_SERVER['REQUEST_URI'] . PHP_EOL . $this->getLog());
+			$currentScript = $_SERVER['REQUEST_URI'] ?? $_SERVER['SCRIPT_FILENAME'];
+			log_append('database.log', $currentScript . PHP_EOL . $this->getLog());
 		}
 	}
 
@@ -219,6 +220,19 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return $this->hasTable($table) && ($this->has_column_cache[$table . '.' . $column] = count($this->query('SHOW COLUMNS FROM `' . $table . "` LIKE '" . $column . "'")->fetchAll()) > 0);
 	}
 
+	public function hasTableAndColumns(string $table, array $columns = []): bool
+	{
+		if (!$this->hasTable($table)) return false;
+
+		foreach ($columns as $column) {
+			if (!$this->hasColumn($table, $column)) {
+				return false;
+			}
+		}
+
+		return true;
+	}
+
 	public function revalidateCache() {
 		foreach($this->has_table_cache as $key => $value) {
 			$this->hasTableInternal($key);

system/libs/pot/OTS_FileLoader.php

@@ -357,5 +357,3 @@ class OTS_FileLoader
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_Group.php

@@ -671,5 +671,3 @@ class OTS_Group extends OTS_Row_DAO implements IteratorAggregate, Countable
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_Guild.php

@@ -837,5 +837,3 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_GuildRanks_List.php

@@ -72,5 +72,3 @@ class OTS_GuildRanks_List extends OTS_Base_List
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_House.php

@@ -60,12 +60,7 @@ class OTS_House extends OTS_Row_DAO
     private $tiles = array();
 
 	public function load($id) {
-		$this->data = $this->db->query('SELECT * FROM `houses` WHERE `id` = ' . $id )->fetch();
-		foreach($this->data as $key => $value) {
-			if(is_numeric($key)) {
-				unset($this->data[$key]);
-			}
-		}
+		$this->data = $this->db->query('SELECT * FROM `houses` WHERE `id` = ' . $id )->fetch(PDO::FETCH_ASSOC);
 	}
 
     public function find($name)
@@ -529,5 +524,3 @@ class OTS_House extends OTS_Row_DAO
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_IPBans_List.php

@@ -34,5 +34,3 @@ class OTS_IPBans_List extends OTS_Bans_List
         $this->setFilter($filter);
     }
 }
-
-?>

system/libs/pot/OTS_InfoRespond.php

@@ -387,5 +387,3 @@ class OTS_InfoRespond extends DOMDocument
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_ItemsList.php

@@ -676,5 +676,3 @@ class OTS_ItemsList extends OTS_FileLoader implements IteratorAggregate, Countab
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_MapCoords.php

@@ -130,5 +130,3 @@ class OTS_MapCoords
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_Monster.php

@@ -129,20 +129,21 @@ class OTS_Monster extends DOMDocument
  * @return array Flags.
  * @throws DOMException On DOM operation error.
  */
-    public function getFlags()
-    {
-        $flags = array();
+	public function getFlags()
+	{
+		$flags = array();
 
-        // read all flags
-        foreach( $this->documentElement->getElementsByTagName('flags')->item(0)->getElementsByTagName('flag') as $flag)
-        {
-            $flag = $flag->attributes->item(0);
+		if ($this->documentElement->getElementsByTagName('flags')->item(0)) {
+			foreach( $this->documentElement->getElementsByTagName('flags')->item(0)->getElementsByTagName('flag') as $flag)
+			{
+				$flag = $flag->attributes->item(0);
 
-            $flags[$flag->nodeName] = (int) $flag->nodeValue;
-        }
+				$flags[$flag->nodeName] = (int) $flag->nodeValue;
+			}
+		}
 
-        return $flags;
-    }
+		return $flags;
+	}
 
 /**
  * Returns specified flag value.

system/libs/pot/OTS_MonstersList.php

@@ -299,5 +299,3 @@ class OTS_MonstersList implements Iterator, Countable, ArrayAccess
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_Player.php

@@ -108,6 +108,8 @@ class OTS_Player extends OTS_Row_DAO
 		POT::SKILL_SHIELD => array('value' => 0, 'tries' => 0),
 		POT::SKILL_FISH => array('value' => 0, 'tries' => 0)
 	);
+
+	private static array $playersOnline;
 /**
  * Magic PHP5 method.
  *
@@ -763,21 +765,29 @@ class OTS_Player extends OTS_Row_DAO
         $this->data['deleted'] = (int) $deleted;
     }
 
-    public function isOnline()
-    {
-		if($this->db->hasTable('players_online')) // tfs 1.0
-		{
-			$query = $this->db->query('SELECT `player_id` FROM `players_online` WHERE `player_id` = ' . $this->data['id']);
-			return $query->rowCount() > 0;
+	public function isOnline()
+	{
+		if($this->db->hasTable('players_online')) {// tfs 1.0
+			if (!isset(self::$playersOnline)) {
+				self::$playersOnline = [];
+
+				$query = $this->db->query('SELECT `player_id` FROM `players_online`');
+
+				foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $item) {
+					self::$playersOnline[$item['player_id']] = true;
+				}
+			}
+
+			return isset(self::$playersOnline[$this->data['id']]);
 		}
 
-        if( !isset($this->data['online']) )
-        {
-            throw new E_OTS_NotLoaded();
-        }
+		if( !isset($this->data['online']) )
+		{
+			throw new E_OTS_NotLoaded();
+		}
 
-        return $this->data['online'] == 1;
-    }
+		return $this->data['online'] == 1;
+	}
 
     public function getCreated()
     {
@@ -1745,11 +1755,6 @@ class OTS_Player extends OTS_Row_DAO
  */
     public function getConditions()
     {
-        if( !isset($this->data['conditions']) )
-        {
-            throw new E_OTS_NotLoaded();
-        }
-
         return $this->data['conditions'];
     }
 
@@ -3627,5 +3632,3 @@ class OTS_Player extends OTS_Row_DAO
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_PlayerBans_List.php

@@ -34,5 +34,3 @@ class OTS_PlayerBans_List extends OTS_Bans_List
         $this->setFilter($filter);
     }
 }
-
-?>

system/libs/pot/OTS_Row_DAO.php

@@ -75,5 +75,3 @@ abstract class OTS_Row_DAO extends OTS_Base_DAO
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_SQLField.php

@@ -121,5 +121,3 @@ class OTS_SQLField
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_ServerInfo.php

@@ -123,7 +123,7 @@ class OTS_ServerInfo
         {
             // loads respond XML
             $info = new OTS_InfoRespond();
-            if(!$info->loadXML( utf8_encode($status->getBuffer())))
+            if(!$info->loadXML( $status->getBuffer()))
 				return false;
 
             return $info;
@@ -227,5 +227,3 @@ class OTS_ServerInfo
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_Spell.php

@@ -482,5 +482,3 @@ class OTS_Spell
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_Toolbox.php

@@ -113,5 +113,3 @@ class OTS_Toolbox
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_XTEA.php

@@ -151,5 +151,3 @@ class OTS_XTEA implements IOTS_Cipher
 }
 
 /**#@-*/
-
-?>

system/libs/rfc6238.php

@@ -282,4 +282,3 @@ class TokenAuth6238 {
 		return $result;
 	}
 }
-?>

system/libs/src/Cache.php

@@ -0,0 +1,5 @@
+<?php
+
+namespace MyAAC;
+
+class Cache extends \Cache {}

system/libs/src/Plugins.php

@@ -0,0 +1,5 @@
+<?php
+
+namespace MyAAC;
+
+class Plugins extends \Plugins {}

system/libs/validator.php

@@ -432,4 +432,3 @@ class Validator
 		return self::$lastError;
 	}
 }
-?>

system/libs/visitors.php

@@ -33,7 +33,7 @@ class Visitors
 		$this->sessionTime = $sessionTime;
 		$this->cleanVisitors();
 
-		$ip = $_SERVER['REMOTE_ADDR'];
+		$ip = get_browser_real_ip();
 		if($this->visitorExists($ip))
 			$this->updateVisitor($ip, $_SERVER['REQUEST_URI']);
 		else

system/locale/de/admin.php

@@ -6,4 +6,3 @@
  * @author Slawkens <slawkens@gmail.com>
  */
 $locale['title'] = 'MyAAC Admin';
-?>

system/locale/de/main.php

@@ -12,4 +12,3 @@ $locale['direction']= 'ltr';
 
 $locale['error404'] = 'Diese Seite konnte nicht gefunden werden.';
 $locale['news'] = 'Neuesten Nachrichten';
-?>

system/locale/en/install.php

@@ -123,4 +123,3 @@ $locale['step_finish_title'] = 'Installation finished!';
 $locale['step_finish_desc'] = 'Congratulations! <b>MyAAC</b> is ready to use!<br/>You can now login to $ADMIN_PANEL$, or visit $HOMEPAGE$.<br/><br/>
 <span style="color: red">Please delete install/ directory.</span><br/><br/>
 Post bugs and suggestions at $LINK$, thanks!';
-?>

system/locale/pl/admin.php

@@ -6,4 +6,3 @@
  * @author Slawkens <slawkens@gmail.com>
  */
 $locale['title'] = 'MyAAC Admin';
-?>

system/locale/pl/main.php

@@ -12,4 +12,3 @@ $locale['direction']= 'ltr';
 
 $locale['error404'] = 'Strona nie została odnaleziona.';
 $locale['news'] = 'Ostatnie newsy';
-?>

system/locale/pt_br/install.php

@@ -121,4 +121,3 @@ $locale['step_finish'] = 'Finalizar';
 $locale['step_finish_title'] = 'Instalação terminada!';
 $locale['step_finish_desc'] = 'Parabéns! <b>MyAAC</b> está pronto para uso!<br/>Agora você pode fazer login em $ADMIN_PANEL$ ou visitar $HOMEPAGE$.<br/><br/>
 <span style = "color: red">Por favor remova a pasta install/.</span><br/><br/>Postar bugs e sugestões em $LINK$, obrigado!';
-?>

system/locale/sv/admin.php

@@ -6,4 +6,3 @@
  * @author Sizaro <sizaro@live.se>
  */
 $locale['title'] = 'MyAAC Admin';
-?>

system/locale/sv/main.php

@@ -12,4 +12,3 @@ $locale['direction']= 'ltr';
 
 $locale['error404'] = 'Sidan kunde inte hittas.';
 $locale['news'] = 'Senaste nyheterna';
-?>

system/login.php

@@ -10,6 +10,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $logged = false;
 $logged_flags = 0;
+$account_logged = new OTS_Account();
 
 $action = isset($_REQUEST['action']) ? strtolower($_REQUEST['action']) : '';
 if(!defined('ACTION')) {
@@ -20,7 +21,6 @@ if(!defined('ACTION')) {
 $current_session = getSession('account');
 if($current_session !== false)
 {
-	$account_logged = new OTS_Account();
 	$account_logged->load($current_session);
 	if($account_logged->isLoaded() && $account_logged->getPassword() == getSession('password')
 		//&& (!isset($_SESSION['admin']) || admin())
@@ -42,12 +42,6 @@ if(ACTION === 'logout' && !isset($_REQUEST['account_login'])) {
 
 			$logged = false;
 			unset($account_logged);
-
-			if(isset($_REQUEST['redirect']))
-			{
-				header('Location: ' . urldecode($_REQUEST['redirect']));
-				exit;
-			}
 		}
 	}
 }
@@ -80,11 +74,10 @@ else
 				else
 					$tmp = array();
 
-				$ip = $_SERVER['REMOTE_ADDR'];
+				$ip = get_browser_real_ip();
 				$t = isset($tmp[$ip]) ? $tmp[$ip] : NULL;
 			}
 
-			$account_logged = new OTS_Account();
 			if(USE_ACCOUNT_NAME)
 				$account_logged->find($login_account);
 			else
@@ -95,27 +88,32 @@ else
 				&& (!isset($t) || $t['attempts'] < 5)
 				)
 			{
-				setSession('account', $account_logged->getId());
-				setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password));
-				if($remember_me) {
-					setSession('remember_me', true);
-				}
-
-				$logged = true;
-				$logged_flags = $account_logged->getWebFlags();
-
-				if(isset($_POST['admin']) && !admin()) {
-					$errors[] = 'This account has no admin privileges.';
-					unsetSession('account');
-					unsetSession('password');
-					unsetSession('remember_me');
-					$logged = false;
+				if (config('mail_enabled') && config('account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) {
+					$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.';
 				}
 				else {
-					$account_logged->setCustomField('web_lastlogin', time());
-				}
+					session_regenerate_id();
+					setSession('account', $account_logged->getId());
+					setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password));
+					if ($remember_me) {
+						setSession('remember_me', true);
+					}
 
-				$hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me));
+					$logged = true;
+					$logged_flags = $account_logged->getWebFlags();
+
+					if (isset($_POST['admin']) && !admin()) {
+						$errors[] = 'This account has no admin privileges.';
+						unsetSession('account');
+						unsetSession('password');
+						unsetSession('remember_me');
+						$logged = false;
+					} else {
+						$account_logged->setCustomField('web_lastlogin', time());
+					}
+
+					$hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me));
+				}
 			}
 			else
 			{

system/migrations/11.php

@@ -17,4 +17,3 @@
 			'thumb' => str_replace('/screenshots/', '/gallery/', $item['thumb']),
 		), array('id' => $item['id']));
 	}
-?>

system/migrations/13.php

@@ -1,4 +1,3 @@
 <?php
 	if($db->hasColumn(TABLE_PREFIX . 'spells', 'spell'))
 		$db->query("ALTER TABLE `" . TABLE_PREFIX . "spells` DROP COLUMN `spell`;");
-?>