Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-09-14 12:33:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Digitalstack:v0.8.12
Branches Tags
Digitalstack:main Digitalstack:feature/2fa Digitalstack:feature/plugins-versions-check Digitalstack:0.8 Digitalstack:feature/pot-hook-filter Digitalstack:feature/highscores-customize Digitalstack:develop Digitalstack:feature/twig-hooks-filters Digitalstack:feature/app-rewrite Digitalstack:feature/account-actions-ip-rework Digitalstack:feature/docker Digitalstack:feature/refactor-account-lost Digitalstack:feature-tables-headline Digitalstack:feature/phpstan Digitalstack:feature/eloquent-db-dump Digitalstack:feature/debug-bar Digitalstack:feature/csrf Digitalstack:0.9 Digitalstack:feature/cronjob Digitalstack:feature/settings Digitalstack:feature/new-router Digitalstack:feature/recaptcha-v3-plus-login Digitalstack:0.7
Digitalstack:v1.8.1 Digitalstack:v1.8 Digitalstack:v1.7.1 Digitalstack:v1.7 Digitalstack:v1.6.1 Digitalstack:v0.8.24 Digitalstack:v1.6 Digitalstack:v1.5 Digitalstack:v0.8.23 Digitalstack:v1.4 Digitalstack:v1.3.3 Digitalstack:v1.3.2 Digitalstack:v1.3.1 Digitalstack:v1.3 Digitalstack:v1.2 Digitalstack:v1.1 Digitalstack:v0.8.22 Digitalstack:v1.0.1 Digitalstack:v1.0 Digitalstack:v0.8.21 Digitalstack:v0.8.20 Digitalstack:v0.8.19 Digitalstack:v1.0-RC Digitalstack:v0.8.18 Digitalstack:v1.0-beta Digitalstack:v0.8.17 Digitalstack:v0.8.16 Digitalstack:v0.8.15 Digitalstack:v0.8.14 Digitalstack:v0.8.13 Digitalstack:v0.8.12 Digitalstack:v0.8.11 Digitalstack:v0.9.0-alpha Digitalstack:v0.8.10 Digitalstack:v0.8.9 Digitalstack:v0.8.8 Digitalstack:v0.8.7 Digitalstack:v0.8.6 Digitalstack:v0.7.12a Digitalstack:v0.7.11 Digitalstack:v0.7.10 Digitalstack:v0.7.9 Digitalstack:v0.7.8 Digitalstack:v0.7.7 Digitalstack:v0.7.6 Digitalstack:v0.7.5 Digitalstack:v0.7.4 Digitalstack:v0.7.3 Digitalstack:v0.7.1 Digitalstack:v0.7.0 Digitalstack:v0.6.6 Digitalstack:v0.6.5 Digitalstack:v0.6.4 Digitalstack:v0.6.3 Digitalstack:v0.6.2 Digitalstack:v0.6.1 Digitalstack:v0.6.0 Digitalstack:v0.5.1 Digitalstack:v0.5.0 Digitalstack:v0.4.3 Digitalstack:v0.4.2 Digitalstack:v0.4.1 Digitalstack:v0.4.0 Digitalstack:v0.3.1 Digitalstack:v0.3.0 Digitalstack:v0.2.4 Digitalstack:v0.2.3 Digitalstack:v0.2.2 Digitalstack:v0.2.1 Digitalstack:v0.2.0 Digitalstack:v0.1.5 Digitalstack:v0.1.4 Digitalstack:v0.1.3 Digitalstack:v0.1.1 Digitalstack:v0.1.2 Digitalstack:v0.1.0 Digitalstack:v0.0.6 Digitalstack:v0.0.5 Digitalstack:v0.0.4 Digitalstack:v0.0.3 Digitalstack:v0.0.2 Digitalstack:v0.0.1
...
compare: Digitalstack:v0.8.16
Branches Tags
Digitalstack:feature/2fa Digitalstack:main Digitalstack:feature/plugins-versions-check Digitalstack:0.8 Digitalstack:feature/pot-hook-filter Digitalstack:feature/highscores-customize Digitalstack:develop Digitalstack:feature/twig-hooks-filters Digitalstack:feature/app-rewrite Digitalstack:feature/account-actions-ip-rework Digitalstack:feature/docker Digitalstack:feature/refactor-account-lost Digitalstack:feature-tables-headline Digitalstack:feature/phpstan Digitalstack:feature/eloquent-db-dump Digitalstack:feature/debug-bar Digitalstack:feature/csrf Digitalstack:0.9 Digitalstack:feature/cronjob Digitalstack:feature/settings Digitalstack:feature/new-router Digitalstack:feature/recaptcha-v3-plus-login Digitalstack:0.7
Digitalstack:v1.8.1 Digitalstack:v1.8 Digitalstack:v1.7.1 Digitalstack:v1.7 Digitalstack:v1.6.1 Digitalstack:v0.8.24 Digitalstack:v1.6 Digitalstack:v1.5 Digitalstack:v0.8.23 Digitalstack:v1.4 Digitalstack:v1.3.3 Digitalstack:v1.3.2 Digitalstack:v1.3.1 Digitalstack:v1.3 Digitalstack:v1.2 Digitalstack:v1.1 Digitalstack:v0.8.22 Digitalstack:v1.0.1 Digitalstack:v1.0 Digitalstack:v0.8.21 Digitalstack:v0.8.20 Digitalstack:v0.8.19 Digitalstack:v1.0-RC Digitalstack:v0.8.18 Digitalstack:v1.0-beta Digitalstack:v0.8.17 Digitalstack:v0.8.16 Digitalstack:v0.8.15 Digitalstack:v0.8.14 Digitalstack:v0.8.13 Digitalstack:v0.8.12 Digitalstack:v0.8.11 Digitalstack:v0.9.0-alpha Digitalstack:v0.8.10 Digitalstack:v0.8.9 Digitalstack:v0.8.8 Digitalstack:v0.8.7 Digitalstack:v0.8.6 Digitalstack:v0.7.12a Digitalstack:v0.7.11 Digitalstack:v0.7.10 Digitalstack:v0.7.9 Digitalstack:v0.7.8 Digitalstack:v0.7.7 Digitalstack:v0.7.6 Digitalstack:v0.7.5 Digitalstack:v0.7.4 Digitalstack:v0.7.3 Digitalstack:v0.7.1 Digitalstack:v0.7.0 Digitalstack:v0.6.6 Digitalstack:v0.6.5 Digitalstack:v0.6.4 Digitalstack:v0.6.3 Digitalstack:v0.6.2 Digitalstack:v0.6.1 Digitalstack:v0.6.0 Digitalstack:v0.5.1 Digitalstack:v0.5.0 Digitalstack:v0.4.3 Digitalstack:v0.4.2 Digitalstack:v0.4.1 Digitalstack:v0.4.0 Digitalstack:v0.3.1 Digitalstack:v0.3.0 Digitalstack:v0.2.4 Digitalstack:v0.2.3 Digitalstack:v0.2.2 Digitalstack:v0.2.1 Digitalstack:v0.2.0 Digitalstack:v0.1.5 Digitalstack:v0.1.4 Digitalstack:v0.1.3 Digitalstack:v0.1.1 Digitalstack:v0.1.2 Digitalstack:v0.1.0 Digitalstack:v0.0.6 Digitalstack:v0.0.5 Digitalstack:v0.0.4 Digitalstack:v0.0.3 Digitalstack:v0.0.2 Digitalstack:v0.0.1

41 Commits
v0.8.12 ... v0.8.16

Author SHA1 Message Date
slawkens
7469be6efb Fix date 2024-02-12 21:48:50 +01:00
slawkens
47a3bfd265 Release v0.8.16 2024-02-12 21:48:17 +01:00
slawkens
5ae0be2323 Revert "Fix installation" 
This reverts commit 9c318f9012.
 2024-02-12 21:43:55 +01:00
slawkens
42154d55a0 Fix broken installation I introduced in 0.8.15 2024-02-12 21:39:04 +01:00
slawkens
9dcc08ee6e Seems that this is better solution to the #245 (output buffering) 
This works for both, when output_buffering is enabled, and disabled
 2024-01-30 19:20:18 +01:00
slawkens
ba537b42bb Remove 31.php migration -> was for develop branch 2024-01-30 18:23:20 +01:00
slawkens
9c318f9012 Fix installation 2024-01-28 11:11:51 +01:00
Danilo Pucci
a88103a956 - adding check before flush buffer (#245) 2024-01-01 23:31:26 +01:00
slawkens
e26e6f3a1c Silently ignore if the hook does not exist 2023-12-28 19:12:47 +01:00
Slawomir Boczek
08d67a07e0 Create SECURITY.md 2023-12-15 20:56:06 +01:00
slawkens
6e9a89cb2e Update common.php 2023-12-14 16:34:44 +01:00
slawkens
e3aa3d4031 Release v 0.8.15 2023-12-09 00:14:16 +01:00
slawkens
156a68f8bd Update phplint.yml 2023-12-09 00:11:01 +01:00
slawkens
6a28da5d33 Update phplint.yml 2023-12-09 00:04:20 +01:00
slawkens
ee32384dca Seems there was more XSS in bugtracker 2023-12-08 23:45:13 +01:00
slawkens
19afd73e8a This is better 2023-11-29 15:48:03 +01:00
slawkens
eead6a2975 Fix exception showing 2023-11-28 17:11:04 +01:00
slawkens
11b11dd3ee Release v0.8.14 2023-11-27 23:31:45 +01:00
slawkens
483155cf4c Prevent session fixation 2023-11-27 23:16:51 +01:00
slawkens
55dbade8d5 Fix XSS in forum 2023-11-27 22:58:24 +01:00
slawkens
d1bc63d07a Fix forum XSS 2023-11-27 22:58:00 +01:00
slawkens
83a91ec540 Fix XSS in bugtracker.php 2023-11-27 20:28:43 +01:00
slawkens
7b43c972dd Fix missing query_string in nginx sample config 
Causes missing parameters in $_GET query
 2023-11-25 16:34:57 +01:00
slawkens
3fdf1d3f44 require_once is better 2023-11-05 20:13:31 +01:00
slawkens
764db0c203 Fix display ban info on account page 
https://otland.net/threads/myacc-bans-display-problem.286825/
 2023-11-02 22:06:07 +01:00
slawkens
538076bc45 My fault 2023-09-26 22:00:45 +02:00
slawkens
4327b66f91 Clear some additional cache keys 2023-09-26 20:45:50 +02:00
slawkens
3f27724569 Update common.php 2023-09-16 10:46:17 +02:00
slawkens
9c0c2bbece Update CHANGELOG.md 2023-09-16 10:45:54 +02:00
slawkens
946144016b Release v0.8.13 2023-09-16 10:35:10 +02:00
slawkens
5c3b01aca4 Fix XSS vulnerability 2023-09-16 10:31:33 +02:00
slawkens
50983a2b85 Fix error log when coins column does not exist 2023-09-14 16:29:31 +02:00
slawkens
765886f0c7 Add latest clients versions 2023-08-31 14:20:49 +02:00
slawkens
8ea78a5852 thanks @elsongabriel, seems str_contains is not available in php 7 2023-08-25 20:45:45 +02:00
slawkens
063cbab93e Allow hooks to be prefixed with HOOK_ 2023-08-23 12:00:03 +02:00
slawkens
f1670f4012 Patching from develop - twig context for hooks 2023-08-21 12:25:53 +02:00
slawkens
6fcf0f7117 Ignore gallery 2023-08-21 12:21:24 +02:00
slawkens
7a07763625 Update README.md 2023-08-11 22:21:54 +02:00
slawkens
8d2172a649 Added JetBrains logo + notice, thanks for support! 2023-08-11 22:17:17 +02:00
slawkens
b8f65207b6 Add version support table + fix badges 2023-08-11 22:11:29 +02:00
slawkens
ea675afe86 Start 0.8.13-dev 2023-08-07 22:53:02 +02:00
26 changed files with 171 additions and 55 deletions
Expand all files Collapse all files

2
.github/workflows/phplint.yml vendored
View File

@@ -10,7 +10,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: overtrue/phplint@7.4 - uses: overtrue/phplint@3.4.0
with: with:
path: . path: .
options: --exclude="system/libs/polyfill-mbstring/bootstrap80.php" options: --exclude="system/libs/polyfill-mbstring/bootstrap80.php"

6
.gitignore vendored
View File

@@ -35,6 +35,12 @@ images/guilds/*
images/editor/* images/editor/*
!images/editor/index.html !images/editor/index.html
# gallery images
images/gallery/*
!images/gallery/index.html
!images/gallery/demon.jpg
!images/gallery/demon_thumb.gif
# cache # cache
system/cache/* system/cache/*
!system/cache/index.html !system/cache/index.html

34
CHANGELOG.md
View File

@@ -1,5 +1,39 @@
# Changelog # Changelog
## [0.8.16 - 12.02.2024]
### Fixed
* broken installation
* database and finish step warnings/errors (https://github.com/slawkens/myaac/pull/245, @danilopucci)
* silently ignore if the hook does not exist
## [0.8.15 - 09.12.2023]
More security fixes, especially in bugtracker.
## [0-8.14 - 27.11.2023]
Security fixes.
### Fixed
* XSS vulnerability in bugtracker (https://github.com/slawkens/myaac/commit/83a91ec540072d319dd338abff45f8d5ebf48190)
* XSS vulnerability in forum (https://github.com/slawkens/myaac/commit/d1bc63d07ad88a143358cacd2c417891eea74dcc + https://github.com/slawkens/myaac/commit/55dbade8d5280c5baed45e5f7ebc3613b8e9b9e8)
* Session Fixation (https://github.com/slawkens/myaac/commit/483155cf4c1e3068aaee0d44541dfa61f6223379)
* displaying ban info on account page (https://github.com/slawkens/myaac/commit/764db0c203d1826ffce3a5a78f83a97e56bd0685)
### Changed
* Clear some additional cache keys - like database cache (https://github.com/slawkens/myaac/commit/4327b66f915d06dce504211692173606b9ef3b4e)
## [0.8.13 - 16.09.2023]
### Added
* latest client versions to config (https://github.com/slawkens/myaac/commit/765886f0c782807400c429577cde5e45bd7c308f)
* patching from develop - twig context for hooks (https://github.com/slawkens/myaac/commit/f1670f4012cc7595433fe0b1937c1f9b15a60b07)
### Fixed
* fixed XSS vulnerability in some pages (https://github.com/slawkens/myaac/commit/5c3b01aca4f3cfe8abc86b8ce48194b2da87b808)
Nothing more or less!
## [0.8.12 - 07.08.2023] ## [0.8.12 - 07.08.2023]
I've moved the repository back to my personal account. (Just so you know!) I've moved the repository back to my personal account. (Just so you know!)

26
README.md
View File

@@ -1,16 +1,22 @@
# [MyAAC](https://my-aac.org) # [MyAAC](https://my-aac.org)
[![Build Status Master](https://img.shields.io/travis/slawkens/myaac/master)](https://travis-ci.org/github/slawkens/myaac)
[![License: GPL-3.0](https://img.shields.io/github/license/slawkens/myaac)](https://opensource.org/licenses/gpl-license)
[![Downloads Count](https://img.shields.io/github/downloads/slawkens/myaac/total)](https://github.com/slawkens/myaac/releases)
[![PHP Versions](https://img.shields.io/travis/php-v/slawkens/myaac/master)](https://github.com/slawkens/myaac/blob/d8b3b4135827ee17e3c6d41f08a925e718c587ed/.travis.yml#L3)
[![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
[![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
MyAAC is a free and open-source Automatic Account Creator (AAC) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases. MyAAC is a free and open-source Automatic Account Creator (AAC) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
Official website: https://my-aac.org Official website: https://my-aac.org
[![GitHub Workflow Status (with event)](https://img.shields.io/github/actions/workflow/status/slawkens/myaac/cypress.yml)](https://github.com/slawkens/myaac/actions)
[![License: GPL-3.0](https://img.shields.io/github/license/slawkens/myaac)](https://opensource.org/licenses/gpl-license)
[![Downloads Count](https://img.shields.io/github/downloads/slawkens/myaac/total)](https://github.com/slawkens/myaac/releases)
[![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
[![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
| Version | Status | Branch | Requirements |
|:-----------|:------------------------------------------|:--------|:---------------|
| **0.10.x** | **Active development** | develop | **PHP >= 8.0** |
| 0.9.x | Active support | 0.9 | PHP >= 7.2.5 |
| 0.8.x | Active support | master | PHP >= 7.2.5 |
| 0.7.x | End Of Life | 0.7 | PHP >= 5.3.3 |
### Requirements ### Requirements
- PHP 7.2.5 or later - PHP 7.2.5 or later
@@ -73,6 +79,12 @@ Look: [Contributing](https://github.com/otsoft/myaac/wiki/Contributing) in our w
If you have a great idea or want contribute to the project - visit our website at https://www.my-aac.org If you have a great idea or want contribute to the project - visit our website at https://www.my-aac.org
## Project supported by JetBrains
Many thanks to Jetbrains for kindly providing a license for me to work on this and other open-source projects.
[![JetBrains](https://resources.jetbrains.com/storage/products/company/brand/logos/jb_beam.svg)](https://www.jetbrains.com/?from=https://github.com/slawkens)
### License ### License
This program and all associated files are released under the GNU Public License. This program and all associated files are released under the GNU Public License.

16
SECURITY.md Normal file
View File

@@ -0,0 +1,16 @@
# Security Policy
## Supported Versions
| Version | Supported |
| ------- | ------------------ |
| 1.x.y | :white_check_mark: |
| 0.9.x | :x: |
| 0.8.x | :white_check_mark: |
| < 0.7 | :x: |
## Reporting a Vulnerability
If you found a security vulnerability, please write an email to security@my-aac.org
All reports will be taken very seriously, and a fix will be posted as soon as possible.

2
admin/pages/accounts.php
View File

@@ -426,7 +426,7 @@ else if ($id > 0 && isset($account) && $account->isLoaded()) {
<div class="box-body"> <div class="box-body">
<form action="<?php echo $base; ?>" method="post"> <form action="<?php echo $base; ?>" method="post">
<div class="input-group input-group-sm"> <div class="input-group input-group-sm">
<input type="text" class="form-control" name="search_name" value="<?php echo $search_account; ?>" <input type="text" class="form-control" name="search_name" value="<?php echo escapeHtml($search_account); ?>"
maxlength="32" size="32"> maxlength="32" size="32">
<span class="input-group-btn"> <span class="input-group-btn">
<button type="submit" type="button" class="btn btn-info btn-flat">Search</button> <button type="submit" type="button" class="btn btn-info btn-flat">Search</button>

4
admin/pages/items.php
View File

@@ -10,8 +10,8 @@
defined('MYAAC') or die('Direct access not allowed!'); defined('MYAAC') or die('Direct access not allowed!');
$title = 'Load items.xml'; $title = 'Load items.xml';
require LIBS . 'items.php'; require_once LIBS . 'items.php';
require LIBS . 'weapons.php'; require_once LIBS . 'weapons.php';
$twig->display('admin.items.html.twig'); $twig->display('admin.items.html.twig');

2
admin/pages/players.php
View File

@@ -784,7 +784,7 @@ else if ($id > 0 && isset($player) && $player->isLoaded())
<div class="box-body"> <div class="box-body">
<form action="<?php echo $base; ?>" method="post"> <form action="<?php echo $base; ?>" method="post">
<div class="input-group input-group-sm"> <div class="input-group input-group-sm">
<input type="text" class="form-control" name="search_name" value="<?php echo $search_name; ?>" <input type="text" class="form-control" name="search_name" value="<?php echo escapeHtml($search_name); ?>"
maxlength="32" size="32"> maxlength="32" size="32">
<span class="input-group-btn"> <span class="input-group-btn">
<button type="submit" type="button" class="btn btn-info btn-flat">Search</button> <button type="submit" type="button" class="btn btn-info btn-flat">Search</button>

9
common.php
View File

@@ -26,7 +26,7 @@
if (version_compare(phpversion(), '7.2.5', '<')) die('PHP version 7.2.5 or higher is required.'); if (version_compare(phpversion(), '7.2.5', '<')) die('PHP version 7.2.5 or higher is required.');
define('MYAAC', true); define('MYAAC', true);
define('MYAAC_VERSION', '0.8.12'); define('MYAAC_VERSION', '0.8.16');
define('DATABASE_VERSION', 33); define('DATABASE_VERSION', 33);
define('TABLE_PREFIX', 'myaac_'); define('TABLE_PREFIX', 'myaac_');
define('START_TIME', microtime(true)); define('START_TIME', microtime(true));
@@ -100,6 +100,10 @@ for($i = 1; $i < $size; $i++)
$basedir = str_replace(array('/admin', '/install', '/tools'), '', $basedir); $basedir = str_replace(array('/admin', '/install', '/tools'), '', $basedir);
define('BASE_DIR', $basedir); define('BASE_DIR', $basedir);
if (file_exists(BASE . 'config.local.php') && !defined('MYAAC_INSTALL')) {
require BASE . 'config.local.php';
}
if(!IS_CLI) { if(!IS_CLI) {
if (isset($_SERVER['HTTP_HOST'][0])) { if (isset($_SERVER['HTTP_HOST'][0])) {
$baseHost = $_SERVER['HTTP_HOST']; $baseHost = $_SERVER['HTTP_HOST'];
@@ -116,7 +120,8 @@ if(!IS_CLI) {
define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/'); define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']); //define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
if(@$config['env'] === 'dev') {
require SYSTEM . 'exception.php'; require SYSTEM . 'exception.php';
} }
}
require SYSTEM . 'autoload.php'; require SYSTEM . 'autoload.php';

0
images/gallery/index.html Normal file
View File

4
install/tools/5-database.php
View File

@@ -11,8 +11,10 @@ $error = false;
require BASE . 'install/includes/config.php'; require BASE . 'install/includes/config.php';
ini_set('max_execution_time', 300); ini_set('max_execution_time', 300);
@ob_end_flush();
ob_implicit_flush(); ob_implicit_flush();
ob_end_flush();
header('X-Accel-Buffering: no'); header('X-Accel-Buffering: no');
if(!$error) { if(!$error) {

4
install/tools/7-finish.php
View File

@@ -8,8 +8,10 @@ require BASE . 'install/includes/functions.php';
require BASE . 'install/includes/locale.php'; require BASE . 'install/includes/locale.php';
ini_set('max_execution_time', 300); ini_set('max_execution_time', 300);
@ob_end_flush();
ob_implicit_flush(); ob_implicit_flush();
ob_end_flush();
header('X-Accel-Buffering: no'); header('X-Accel-Buffering: no');
if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) { if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {

2
nginx-sample.conf
View File

@@ -25,7 +25,7 @@ server {
} }
location / { location / {
try_files $uri $uri/ /index.php; try_files $uri $uri/ /index.php?$query_string;;
} }
location ~ \.php$ { location ~ \.php$ {

4
plugins/email-confirmed-reward/reward.php
View File

@@ -4,12 +4,12 @@ defined('MYAAC') or die('Direct access not allowed!');
$reward = config('account_mail_confirmed_reward'); $reward = config('account_mail_confirmed_reward');
$hasCoinsColumn = $db->hasColumn('accounts', 'coins'); $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
if ($reward['coins'] > 0 && $hasCoinsColumn) { if ($reward['coins'] > 0 && !$hasCoinsColumn) {
log_append('email_confirm_error.log', 'accounts.coins column does not exist.'); log_append('email_confirm_error.log', 'accounts.coins column does not exist.');
} }
if (!isset($account) || !$account->isLoaded()) { if (!isset($account) || !$account->isLoaded()) {
log_append('email_confirm_error.log', 'Account not loaded.'); //log_append('email_confirm_error.log', 'Account not loaded.');
return; return;
} }

6
system/clients.conf.php
View File

@@ -99,4 +99,10 @@ $config['clients'] = [
1291, 1291,
1300, 1300,
1310,
1311,
1312,
1316,
1320,
1321,
]; ];

27
system/functions.php
View File

@@ -1146,9 +1146,30 @@ function clearCache()
if ($cache->fetch('failed_logins', $tmp)) if ($cache->fetch('failed_logins', $tmp))
$cache->delete('failed_logins'); $cache->delete('failed_logins');
global $template_name; foreach (get_templates() as $template) {
if ($cache->fetch('template_ini' . $template_name, $tmp)) if ($cache->fetch('template_ini_' . $template, $tmp)) {
$cache->delete('template_ini' . $template_name); $cache->delete('template_ini_' . $template);
}
}
if ($cache->fetch('template_menus', $tmp)) {
$cache->delete('template_menus');
}
if ($cache->fetch('database_tables', $tmp)) {
$cache->delete('database_tables');
}
if ($cache->fetch('database_columns', $tmp)) {
$cache->delete('database_columns');
}
if ($cache->fetch('database_checksum', $tmp)) {
$cache->delete('database_checksum');
}
if ($cache->fetch('hooks', $tmp)) {
$cache->delete('hooks');
}
if ($cache->fetch('last_kills', $tmp)) {
$cache->delete('last_kills');
}
} }
deleteDirectory(CACHE . 'signatures', ['index.html'], true); deleteDirectory(CACHE . 'signatures', ['index.html'], true);

4
system/libs/plugins.php
View File

@@ -74,6 +74,10 @@ class Plugins {
if (isset($plugin['hooks'])) { if (isset($plugin['hooks'])) {
foreach ($plugin['hooks'] as $_name => $info) { foreach ($plugin['hooks'] as $_name => $info) {
if (defined('HOOK_'. $info['type'])) { if (defined('HOOK_'. $info['type'])) {
if (strpos($info['type'], 'HOOK_') !== false) {
$info['type'] = str_replace('HOOK_', '', $info['type']);
}
$hook = constant('HOOK_'. $info['type']); $hook = constant('HOOK_'. $info['type']);
$hooks[] = ['name' => $_name, 'type' => $hook, 'file' => $info['file']]; $hooks[] = ['name' => $_name, 'type' => $hook, 'file' => $info['file']];
} else { } else {

1
system/login.php
View File

@@ -94,6 +94,7 @@ else
&& (!isset($t) || $t['attempts'] < 5) && (!isset($t) || $t['attempts'] < 5)
) )
{ {
session_regenerate_id();
setSession('account', $account_logged->getId()); setSession('account', $account_logged->getId());
setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password)); setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password));
if($remember_me) { if($remember_me) {

17
system/migrations/31.php
View File

@@ -1,18 +1,3 @@
<?php <?php
if(!$db->hasColumn(TABLE_PREFIX . 'monsters', 'elements')) { // removed, but kept for compatibility
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `elements` TEXT NOT NULL AFTER `immunities`;");
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `pushable` TINYINT(1) NOT NULL DEFAULT '0' AFTER `convinceable`;");
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `canpushitems` TINYINT(1) NOT NULL DEFAULT '0' AFTER `pushable`;");
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `canpushcreatures` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canpushitems`;");
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `canwalkonenergy` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canpushitems`;");
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `canwalkonpoison` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canwalkonenergy`;");
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `canwalkonfire` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canwalkonpoison`;");
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `runonhealth` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canwalkonfire`;");
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `hostile` TINYINT(1) NOT NULL DEFAULT '0' AFTER `runonhealth`;");
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `attackable` TINYINT(1) NOT NULL DEFAULT '0' AFTER `hostile`;");
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `rewardboss` TINYINT(1) NOT NULL DEFAULT '0' AFTER `attackable`;");
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `defense` INT(11) NOT NULL DEFAULT '0' AFTER `rewardboss`;");
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `armor` INT(11) NOT NULL DEFAULT '0' AFTER `defense`;");
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `summons` TEXT NOT NULL AFTER `loot`;");
}

20
system/pages/bugtracker.php
View File

@@ -54,7 +54,7 @@ $showed = $post = $reply = false;
$value = '<span style="color: blue">[NEW ANSWER]</span>'; $value = '<span style="color: blue">[NEW ANSWER]</span>';
echo '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Bug Tracker</B></TD></TR>'; echo '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Bug Tracker</B></TD></TR>';
echo '<TR BGCOLOR="'.$dark.'"><td width=40%><i><b>Subject</b></i></td><td>'.$tags[$bug[2]['tag']].' '.$bug[2]['subject'].' '.$value.'</td></tr>'; echo '<TR BGCOLOR="'.$dark.'"><td width=40%><i><b>Subject</b></i></td><td>'.$tags[$bug[2]['tag']].' '.escapeHtml($bug[2]['subject']).' '.$value.'</td></tr>';
echo '<TR BGCOLOR="'.$light.'"><td><i><b>Posted by</b></i></td><td>'; echo '<TR BGCOLOR="'.$light.'"><td><i><b>Posted by</b></i></td><td>';
foreach($players as $player) foreach($players as $player)
@@ -64,7 +64,7 @@ $showed = $post = $reply = false;
echo '</td></tr>'; echo '</td></tr>';
echo '<TR BGCOLOR="'.$dark.'"><td colspan=2><i><b>Description</b></i></td></tr>'; echo '<TR BGCOLOR="'.$dark.'"><td colspan=2><i><b>Description</b></i></td></tr>';
echo '<TR BGCOLOR="'.$light.'"><td colspan=2>'.nl2br($bug[2]['text']).'</td></tr>'; echo '<TR BGCOLOR="'.$light.'"><td colspan=2>'.nl2br(escapeHtml($bug[2]['text'])).'</td></tr>';
echo '</TABLE>'; echo '</TABLE>';
$answers = $db->query('SELECT * FROM '.$db->tableName(TABLE_PREFIX . 'bugtracker').' where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].' and `type` = 2 order by `reply`'); $answers = $db->query('SELECT * FROM '.$db->tableName(TABLE_PREFIX . 'bugtracker').' where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].' and `type` = 2 order by `reply`');
@@ -75,10 +75,10 @@ $showed = $post = $reply = false;
else else
$who = '<span style="color: green">[PLAYER]</span>'; $who = '<span style="color: green">[PLAYER]</span>';
echo '<br><TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Answer #'.$answer['reply'].'</B></TD></TR>'; echo '<br><TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Answer #'.escapeHtml($answer['reply']).'</B></TD></TR>';
echo '<TR BGCOLOR="'.$dark.'"><td width=70%><i><b>Posted by</b></i></td><td>'.$who.'</td></tr>'; echo '<TR BGCOLOR="'.$dark.'"><td width=70%><i><b>Posted by</b></i></td><td>'.$who.'</td></tr>';
echo '<TR BGCOLOR="'.$light.'"><td colspan=2><i><b>Description</b></i></td></tr>'; echo '<TR BGCOLOR="'.$light.'"><td colspan=2><i><b>Description</b></i></td></tr>';
echo '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br($answer['text']).'</td></tr>'; echo '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br(escapeHtml($answer['text'])).'</td></tr>';
echo '</TABLE>'; echo '</TABLE>';
} }
if($bug[2]['status'] != 3) if($bug[2]['status'] != 3)
@@ -137,7 +137,7 @@ $showed = $post = $reply = false;
elseif($report['status'] == 1) elseif($report['status'] == 1)
$value = '<span style="color: blue">[NEW ANSWER]</span>'; $value = '<span style="color: blue">[NEW ANSWER]</span>';
echo '<TR BGCOLOR="' . getStyle($i) . '"><td width=75%><a href="?subtopic=bugtracker&control=true&id='.$report['id'].'&acc='.$report['account'].'">'.$tags[$report['tag']].' '.$report['subject'].'</a></td><td>'.$value.'</td></tr>'; echo '<TR BGCOLOR="' . getStyle($i) . '"><td width=75%><a href="?subtopic=bugtracker&control=true&id='.$report['id'].'&acc='.$report['account'].'">'.$tags[$report['tag']].' '.escapeHtml($report['subject']).'</a></td><td>'.$value.'</td></tr>';
$showed=true; $showed=true;
$i++; $i++;
@@ -181,9 +181,9 @@ $showed = $post = $reply = false;
$value = '<span style="color: red">[CLOSED]</span>'; $value = '<span style="color: red">[CLOSED]</span>';
echo '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Bug Tracker</B></TD></TR>'; echo '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Bug Tracker</B></TD></TR>';
echo '<TR BGCOLOR="'.$dark.'"><td width=40%><i><b>Subject</b></i></td><td>'.$tags[$bug[2]['tag']].' '.$bug[2]['subject'].' '.$value.'</td></tr>'; echo '<TR BGCOLOR="'.$dark.'"><td width=40%><i><b>Subject</b></i></td><td>'.$tags[$bug[2]['tag']].' '.escapeHtml($bug[2]['subject']).' '.$value.'</td></tr>';
echo '<TR BGCOLOR="'.$light.'"><td colspan=2><i><b>Description</b></i></td></tr>'; echo '<TR BGCOLOR="'.$light.'"><td colspan=2><i><b>Description</b></i></td></tr>';
echo '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br($bug[2]['text']).'</td></tr>'; echo '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br(escapeHtml($bug[2]['text'])).'</td></tr>';
echo '</TABLE>'; echo '</TABLE>';
$answers = $db->query('SELECT * FROM '.$db->tableName('myaac_bugtracker').' where `account` = '.$account_logged->getId().' and `id` = '.$id.' and `type` = 2 order by `reply`'); $answers = $db->query('SELECT * FROM '.$db->tableName('myaac_bugtracker').' where `account` = '.$account_logged->getId().' and `id` = '.$id.' and `type` = 2 order by `reply`');
@@ -194,10 +194,10 @@ $showed = $post = $reply = false;
else else
$who = '<span style="color: green">[YOU]</span>'; $who = '<span style="color: green">[YOU]</span>';
echo '<br><TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Answer #'.$answer['reply'].'</B></TD></TR>'; echo '<br><TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Answer #'.escapeHtml($answer['reply']).'</B></TD></TR>';
echo '<TR BGCOLOR="'.$dark.'"><td width=70%><i><b>Posted by</b></i></td><td>'.$who.'</td></tr>'; echo '<TR BGCOLOR="'.$dark.'"><td width=70%><i><b>Posted by</b></i></td><td>'.$who.'</td></tr>';
echo '<TR BGCOLOR="'.$light.'"><td colspan=2><i><b>Description</b></i></td></tr>'; echo '<TR BGCOLOR="'.$light.'"><td colspan=2><i><b>Description</b></i></td></tr>';
echo '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br($answer['text']).'</td></tr>'; echo '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br(escapeHtml($answer['text'])).'</td></tr>';
echo '</TABLE>'; echo '</TABLE>';
} }
if($bug[2]['status'] != 3) if($bug[2]['status'] != 3)
@@ -274,7 +274,7 @@ $showed = $post = $reply = false;
$bgcolor = $light; $bgcolor = $light;
} }
echo '<TR BGCOLOR="'.$bgcolor.'"><td width=75%><a href="?subtopic=bugtracker&id='.$report['id'].'">'.$tags[$report['tag']].' '.$report['subject'].'</a></td><td>'.$value.'</td></tr>'; echo '<TR BGCOLOR="'.$bgcolor.'"><td width=75%><a href="?subtopic=bugtracker&id='.$report['id'].'">'.$tags[$report['tag']].' '.escapeHtml($report['subject']).'</a></td><td>'.$value.'</td></tr>';
$showed=true; $showed=true;
} }

4
system/pages/forum/edit_post.php
View File

@@ -37,6 +37,10 @@ if(Forum::canPost($account_logged))
$smile = isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0; $smile = isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0;
$html = isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0; $html = isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0;
if (!superAdmin()) {
$html = 0;
}
$length = strlen($post_topic); $length = strlen($post_topic);
if(($length < 1 || $length > 60) && $thread['id'] == $thread['first_post']) if(($length < 1 || $length > 60) && $thread['id'] == $thread['first_post'])
$errors[] = "Too short or too long topic (Length: $length letters). Minimum 1 letter, maximum 60 letters."; $errors[] = "Too short or too long topic (Length: $length letters). Minimum 1 letter, maximum 60 letters.";

5
system/pages/forum/new_post.php
View File

@@ -33,6 +33,11 @@ if(Forum::canPost($account_logged))
$smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0); $smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0);
$html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0); $html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0);
$saved = false; $saved = false;
if (!superAdmin()) {
$html = 0;
}
if(isset($_REQUEST['quote'])) if(isset($_REQUEST['quote']))
{ {
$quoted_post = $db->query("SELECT `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`id` = ".(int) $quote)->fetchAll(); $quoted_post = $db->query("SELECT `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`id` = ".(int) $quote)->fetchAll();

5
system/pages/forum/new_thread.php
View File

@@ -26,6 +26,11 @@ if(Forum::canPost($account_logged))
$post_topic = isset($_REQUEST['topic']) ? stripslashes($_REQUEST['topic']) : ''; $post_topic = isset($_REQUEST['topic']) ? stripslashes($_REQUEST['topic']) : '';
$smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0); $smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0);
$html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0); $html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0);
if (!superAdmin()) {
$html = 0;
}
$saved = false; $saved = false;
if (isset($_REQUEST['save'])) { if (isset($_REQUEST['save'])) {
$length = strlen($post_topic); $length = strlen($post_topic);

14
system/twig.php
View File

@@ -44,15 +44,23 @@ $function = new TwigFunction('getGuildLink', function ($s, $p) {
}); });
$twig->addFunction($function); $twig->addFunction($function);
$function = new TwigFunction('hook', function ($hook) { $function = new TwigFunction('hook', function ($context, $hook, array $params = []) {
global $hooks; global $hooks;
if(is_string($hook)) { if(is_string($hook)) {
if (defined($hook)) {
$hook = constant($hook); $hook = constant($hook);
} }
else {
// plugin/template has a hook that this version of myaac does not support
// just silently return
return;
}
}
$hooks->trigger($hook); $params['context'] = $context;
}); $hooks->trigger($hook, $params);
}, ['needs_context' => true]);
$twig->addFunction($function); $twig->addFunction($function);
$function = new TwigFunction('config', function ($key) { $function = new TwigFunction('config', function ($key) {

2
templates/tibiacom/account.management.html.twig
View File

@@ -35,7 +35,7 @@
<td> <td>
<img src="{{ template_path }}/images/content/headline-bracer-left.gif" /> <img src="{{ template_path }}/images/content/headline-bracer-left.gif" />
</td> </td>
<td style="text-align:center;vertical-align:middle;horizontal-align:center;font-size:17px;font-weight:bold;" >{{ welcome_message }}<br/></td> <td style="text-align:center;vertical-align:middle;horizontal-align:center;font-size:17px;font-weight:bold;" >{{ welcome_message|raw }}<br/></td>
<td><img src="{{ template_path }}/images/content/headline-bracer-right.gif" /></td> <td><img src="{{ template_path }}/images/content/headline-bracer-right.gif" /></td>
</tr> </tr>
</table> </table>

2
templates/tibiacom/index.php
View File

@@ -21,7 +21,7 @@ if(isset($config['boxes']))
<?php <?php
if(PAGE !== 'news') { if(PAGE !== 'news') {
if(strpos(URI, 'subtopic=') !== false) { if(strpos(URI, 'subtopic=') !== false) {
$tmp = $_REQUEST['subtopic']; $tmp = escapeHtml($_REQUEST['subtopic']);
if($tmp === 'accountmanagement') { if($tmp === 'accountmanagement') {
$tmp = 'accountmanage'; $tmp = 'accountmanage';
} }