Update to v0.8.20

We have to login first to see new thread button.

CHANGELOG.md

@@ -1,5 +1,50 @@
 # Changelog
 
+## [0.8.20 - 26.11.2024]
+
+Small fix regarding the latest release and the linux system.
+
+Download this one, instead of the 0.8.19 if you are using linux.
+
+If you are using 0.8.19, make this update:
+
+The fix is to make this change in the system/libs/hooks.php
+
+Change
+```
+require_once LIBS . 'src/plugins.php';
+```
+
+Into:
+```
+require_once LIBS . 'src/Plugins.php';
+```
+
+Yeah, we just changed 'p' to 'P' - that's just case-sensitive nature of linux.
+
+## [0.8.19 - 19.11.2024]
+
+### Added
+* syntactic sugar for db structure changes (https://github.com/slawkens/myaac/commit/e0036a3e32e8c37c28665dd7ae18ac9b8fc167d9)
+* add "None" vocation to highscores (https://github.com/slawkens/myaac/commit/7f4737631dfcb6ec255c6d9301304d3bf222a033)
+* new hooks in account manage + create (https://github.com/slawkens/myaac/commit/d40178104b0f411b9672102c49a4b87ac16e1779)
+* new functions: getGuildNameById($id) + getGuildLogoById($id) + Plugins::installMenus($templateName, $menus, $clearOld = false) (https://github.com/slawkens/myaac/commit/de1bb37bcb6d111fbdf185ef9c2fec7e7f05053e + https://github.com/slawkens/myaac/commit/d1c5a189c3b182a36933ed507c6ae36b61fe1d45 + https://github.com/slawkens/myaac/commit/5a953ce901522d080aa16fcfcd268e9544bf6e1a)
+
+### Changed
+* set default encryption to sha1 (https://github.com/slawkens/myaac/commit/55b8645d3f38c47f4aafc1906625b676c429cdd5)
+* prefer get_browser_real_ip() over REMOTE_ADDR (cause of Cloudflare and similar services) (https://github.com/slawkens/myaac/commit/b5bbae62b09db50a73bfa3e288245ea718005aa9)
+* allow account_create_character_create even if account_mail_verify is activated (https://github.com/slawkens/myaac/commit/1edf8833c844b25372017e4affaf12aa02cdce7a)
+* better https detection (patched from develop) (https://github.com/slawkens/myaac/commit/d73aceb272d0615244fcfd0998d75e6c6c15d3fe)
+* require login before create new thread (#261, @anyeor)
+* better tables.headline.html.twig (patched from 1.0) (https://github.com/slawkens/myaac/commit/71ef30d35ecb2f876e9b861f211f737302bf408e)
+
+### Fixed
+* bans page fixed functions getPlayerNameByAccount + getPlayerNameById (https://github.com/slawkens/myaac/commit/d39386cfabfa13e5c916ead69e2f8f90fdc47f4f)
+* account verify - do not allow login without verified email (https://github.com/slawkens/myaac/commit/1edf8833c844b25372017e4affaf12aa02cdce7a, Thanks @anyeor)
+* if <flags> is not present in monster.xml (https://github.com/slawkens/myaac/commit/81b6652738a7b04be3980cbf55443a6fbe437b34)
+* $db->update when there is null value (https://github.com/slawkens/myaac/commit/1458b7a412ff6875cebba1b88d380f7f959ee6be)
+* error on $db __destruct saving current script name in CLI (https://github.com/slawkens/myaac/commit/01660bd2b4967315c0e16d2f83c6c39f0b78683d)
+
 ## [0.8.18 - 29.05.2024]
 
 ### Added

admin/pages/players.php

@@ -210,7 +210,7 @@ if ($id > 0) {
 
 		if ($hasBlessingsColumn) {
 			$blessings = $_POST['blessings'];
-			verify_number($blessings, 'Blessings', 2);
+			verify_number($blessings, 'Blessings', 3);
 		}
 
 		$balance = $_POST['balance'];

admin/pages/plugins.php

@@ -10,8 +10,6 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Plugin manager';
 
-require_once LIBS . 'plugins.php';
-
 $twig->display('admin.plugins.form.html.twig');
 
 if (isset($_REQUEST['uninstall'])) {

common.php

@@ -26,7 +26,7 @@
 if (version_compare(phpversion(), '7.2.5', '<')) die('PHP version 7.2.5 or higher is required.');
 
 define('MYAAC', true);
-define('MYAAC_VERSION', '0.8.18');
+define('MYAAC_VERSION', '0.8.20');
 define('DATABASE_VERSION', 33);
 define('TABLE_PREFIX', 'myaac_');
 define('START_TIME', microtime(true));
@@ -115,7 +115,7 @@ if(!IS_CLI) {
 		}
 	}
 
-	define('SERVER_URL', 'http' . (isset($_SERVER['HTTPS'][0]) && strtolower($_SERVER['HTTPS']) === 'on' ? 's' : '') . '://' . $baseHost);
+	define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
 	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
 	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
 
@@ -125,3 +125,11 @@ if(!IS_CLI) {
 	}
 }
 require SYSTEM . 'autoload.php';
+
+function isHttps(): bool
+{
+	return
+		(!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https')
+		|| (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
+		|| (isset($_SERVER['SERVER_PORT']) && (int) $_SERVER['SERVER_PORT'] === 443);
+}

config.php

@@ -77,6 +77,7 @@ $config = array(
 	'database_log' => false, // should database queries be logged and and saved into system/logs/database.log?
 	'database_socket' => '', // set if you want to connect to database through socket (example: /var/run/mysqld/mysqld.sock)
 	'database_persistent' => false, // use database permanent connection (like server), may speed up your site
+	'database_encryption' => 'sha1',
 
 	// multiworld system (only TFS 0.3)
 	'multiworld' => false, // use multiworld system?

install/index.php

@@ -189,14 +189,14 @@ clearstatcache();
 if(is_writable(CACHE) && (MYAAC_OS != 'WINDOWS' || win_is_writable(CACHE))) {
 	if(!file_exists(BASE . 'install/ip.txt')) {
 		$content = warning('AAC installation is disabled. To enable it make file <b>ip.txt</b> in install/ directory and put there your IP.<br/>
-		Your IP is:<br /><b>' . $_SERVER['REMOTE_ADDR'] . '</b>', true);
+		Your IP is:<br /><b>' . get_browser_real_ip() . '</b>', true);
 	}
 	else {
 		$file_content = trim(file_get_contents(BASE . 'install/ip.txt'));
 		$allow = false;
 		$listIP = preg_split('/\s+/', $file_content);
 		foreach($listIP as $ip) {
-			if($_SERVER['REMOTE_ADDR'] == $ip) {
+			if(get_browser_real_ip() == $ip) {
 				$allow = true;
 			}
 		}

install/steps/7-finish.php

@@ -79,6 +79,8 @@ else {
 
 		$account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
 		$account_used->setCustomField('country', 'us');
+		$account_used->setCustomField('email_verified', 1);
+
 		if($db->hasColumn('accounts', 'group_id'))
 			$account_used->setCustomField('group_id', $groups->getHighestId());
 		if($db->hasColumn('accounts', 'type'))

nginx-sample.conf

@@ -10,24 +10,20 @@ server {
 	# this is very important, be sure its in your nginx conf - it prevents access to logs etc.
 	location ~ /system {
 		deny all;
-		return 404;
 	}
 
 	location /vendor {
 		deny all;
-		return 404;
 	}
 
 	# block .htaccess, CHANGELOG.md, composer.json etc.
 	# this is to prevent finding software versions
 	location ~\.(ht|md|json|dist)$ {
 		deny all;
-		return 404;
 	}
 
 	# block git files and folders
 	location ~ /\.git {
-		return 404;
 		deny all;
 	}
 

system/bin/install_plugin.php

@@ -9,7 +9,6 @@ require_once __DIR__ . '/../../common.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
 require_once SYSTEM . 'hooks.php';
-require_once LIBS . 'plugins.php';
 
 if($argc !== 2) {
 	echo 'This command expects one parameter: zip file name (plugin)' . PHP_EOL;

system/clients.conf.php

@@ -105,4 +105,8 @@ $config['clients'] = [
 	1316,
 	1320,
 	1321,
+	1322,
+	1330,
+	1332,
+	1340,
 ];

system/functions.php

@@ -1268,6 +1268,39 @@ function escapeHtml($html) {
 	return htmlspecialchars($html);
 }
 
+function getGuildNameById($id)
+{
+	global $db;
+
+	$guild = $db->query('SELECT `name` FROM `guilds` WHERE `id` = ' . (int)$id);
+
+	if ($guild->rowCount() > 0) {
+		return $guild->fetchColumn();
+	}
+
+	return false;
+}
+
+function getGuildLogoById($id)
+{
+	global $db;
+
+	$logo = 'default.gif';
+
+	$query = $db->query('SELECT `logo_name` FROM `guilds` WHERE `id` = ' . (int)$id);
+	if ($query->rowCount() == 1) {
+
+		$query = $query->fetch(PDO::FETCH_ASSOC);
+		$guildLogo = $query['logo_name'];
+
+		if (!empty($guildLogo) && file_exists('images/guilds/' . $guildLogo)) {
+			$logo = $guildLogo;
+		}
+	}
+
+	return BASE_URL . 'images/guilds/' . $logo;
+}
+
 function displayErrorBoxWithBackButton($errors, $action = null) {
 	global $twig;
 	$twig->display('error_box.html.twig', ['errors' => $errors]);

system/hooks.php

@@ -48,13 +48,21 @@ define('HOOK_ACCOUNT_CREATE_AFTER_VOCATION', ++$i);
 define('HOOK_ACCOUNT_CREATE_AFTER_TOWNS', ++$i);
 define('HOOK_ACCOUNT_CREATE_BEFORE_SUBMIT_BUTTON', ++$i);
 define('HOOK_ACCOUNT_CREATE_AFTER_FORM', ++$i);
+define('HOOK_ACCOUNT_CREATE_POST', ++$i);
 define('HOOK_ACCOUNT_CREATE_AFTER_SUBMIT', ++$i);
+define('HOOK_ACCOUNT_CREATE_AFTER_SAVED', ++$i);
+define('HOOK_ACCOUNT_MANAGE_BEFORE_GENERAL_INFORMATION', ++$i);
+define('HOOK_ACCOUNT_MANAGE_BEFORE_PUBLIC_INFORMATION', ++$i);
+define('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS', ++$i);
+define('HOOK_ACCOUNT_MANAGE_BEFORE_CHARACTERS', ++$i);
 define('HOOK_EMAIL_CONFIRMED', ++$i);
 define('HOOK_GUILDS_AFTER_INVITED_CHARACTERS', ++$i);
 define('HOOK_FIRST', HOOK_STARTUP);
 define('HOOK_LAST', HOOK_EMAIL_CONFIRMED);
 
 require_once LIBS . 'plugins.php';
+require_once LIBS . 'src/Plugins.php';
+
 class Hook
 {
 	private $_name, $_type, $_file;

system/init.php

@@ -28,7 +28,8 @@ if($config['gzip_output'] && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && strpos($
 	ob_start('ob_gzhandler');
 
 // cache
-require_once SYSTEM . 'libs/cache.php';
+require_once LIBS . 'cache.php';
+require_once LIBS . 'src/Cache.php';
 $cache = Cache::getInstance();
 
 // trim values we receive
@@ -116,7 +117,7 @@ if(!isset($config['highscores_ids_hidden']) || count($config['highscores_ids_hid
 	$config['highscores_ids_hidden'] = array(0);
 }
 
-$config['account_create_character_create'] = config('account_create_character_create') && (!config('mail_enabled') || !config('account_mail_verify'));
+$config['account_mail_verify'] = config('account_mail_verify') && config('mail_enabled');
 
 // POT
 require_once SYSTEM . 'libs/pot/OTS.php';

system/libs/forum.php

@@ -71,7 +71,7 @@ class Forum
 			'post_smile' => 0, 'post_html' => 1,
 			'post_date' => time(),
 			'last_edit_aid' => 0, 'edit_date' => 0,
-			'post_ip' => $_SERVER['REMOTE_ADDR']
+			'post_ip' => get_browser_real_ip()
 		))) {
 			$thread_id = $db->lastInsertId();
 			$db->query("UPDATE `" . FORUM_TABLE_PREFIX . "forum` SET `first_post`=".(int) $thread_id." WHERE `id` = ".(int) $thread_id);
@@ -93,7 +93,7 @@ class Forum
 			'post_smile' => $smile,
 			'post_html' => $html,
 			'post_date' => time(),
-			'post_ip' => $_SERVER['REMOTE_ADDR']
+			'post_ip' => get_browser_real_ip()
 		));
 	}
 	public static function add_board($name, $description, $access, $guild, &$errors)

system/libs/plugins.php

@@ -405,4 +405,60 @@ class Plugins {
 
 		return $string;
 	}
+
+	/**
+	 * Install menus
+	 * Helper function for plugins
+	 *
+	 * @param string $templateName
+	 * @param array $menus
+	 */
+	public static function installMenus($templateName, $menus, $clearOld = false)
+	{
+		global $db;
+
+		if ($clearOld) {
+			$db->query('DELETE FROM `' . TABLE_PREFIX . 'menu` WHERE `template` = ' . $db->quote($templateName));
+		}
+
+		// check if menus already exist
+		$query = $db->query('SELECT `id` FROM `' . TABLE_PREFIX . 'menu` WHERE `template` = ' . $db->quote($templateName) . ' LIMIT 1;');
+		if ($query->rowCount() > 0) {
+			return;
+		}
+
+		foreach ($menus as $category => $_menus) {
+			$i = 0;
+			foreach ($_menus as $name => $link) {
+				$color = '';
+				$blank = 0;
+
+				if (is_array($link)) {
+					if (isset($link['name'])) {
+						$name = $link['name'];
+					}
+					if (isset($link['color'])) {
+						$color = $link['color'];
+					}
+					if (isset($link['blank'])) {
+						$blank = $link['blank'] ? 1 : 0;
+					}
+
+					$link = $link['link'];
+				}
+
+				$insert_array = [
+					'template' => $templateName,
+					'name' => $name,
+					'link' => $link,
+					'category' => $category,
+					'ordering' => $i++,
+					'blank' => $blank,
+					'color' => $color,
+				];
+
+				$db->insert(TABLE_PREFIX . 'menu', $insert_array);
+			}
+		}
+	}
 }

system/libs/pot/OTS_Base_DB.php

@@ -167,8 +167,14 @@ abstract class OTS_Base_DB extends PDO implements IOTS_DB
 		$query = 'UPDATE '.$this->tableName($table).' SET ';
 
 		$count = count($fields);
-		for ($i = 0; $i < $count; $i++)
-			$query.= $this->fieldName($fields[$i]).' = '.$this->quote($values[$i]).', ';
+		for ($i = 0; $i < $count; $i++) {
+			$value = 'NULL';
+			if ($values[$i] !== null) {
+				$value = $this->quote($values[$i]);
+			}
+
+			$query.= $this->fieldName($fields[$i]).' = '.$value.', ';
+		}
 
 		$query = substr($query, 0, -2);
 		$query.=' WHERE (';
@@ -212,6 +218,30 @@ abstract class OTS_Base_DB extends PDO implements IOTS_DB
 		$this->exec($query);
 		return true;
 	}
+
+	public function addColumn($table, $column, $definition): void {
+		$this->exec('ALTER TABLE ' . $this->tableName($table) . ' ADD ' . $this->fieldName($column) . ' ' . $definition . ';');
+	}
+
+	public function modifyColumn($table, $column, $definition): void {
+		$this->exec('ALTER TABLE ' . $this->tableName($table) . ' MODIFY ' . $this->fieldName($column) . ' ' . $definition . ';');
+	}
+
+	public function changeColumn($table, $from, $to, $definition): void {
+		$this->exec('ALTER TABLE ' . $this->tableName($table) . ' CHANGE ' . $this->fieldName($from) . ' ' . $this->fieldName($to) . ' ' . $definition . ';');
+	}
+
+	public function dropColumn($table, $column): void {
+		$this->exec('ALTER TABLE ' . $this->tableName($table) . ' DROP COLUMN ' . $this->fieldName($column) . ';');
+	}
+
+	public function renameTable($from, $to): void {
+		$this->exec('RENAME TABLE ' . $this->tableName($from) . ' TO ' . $this->tableName($to) . ';');
+	}
+
+	public function dropTable($table, $ifExists = true): void {
+		$this->exec('DROP TABLE ' . ($ifExists ? 'IF EXISTS' : '') . ' ' . $this->tableName($table) . ';');
+	}
 /**
  * LIMIT/OFFSET clause for queries.
  *

system/libs/pot/OTS_DB_MySQL.php

@@ -151,7 +151,8 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		}
 
 		if($this->logged) {
-			log_append('database.log', $_SERVER['REQUEST_URI'] . PHP_EOL . $this->getLog());
+			$currentScript = $_SERVER['REQUEST_URI'] ?? $_SERVER['SCRIPT_FILENAME'];
+			log_append('database.log', $currentScript . PHP_EOL . $this->getLog());
 		}
 	}
 

system/libs/pot/OTS_House.php

@@ -60,12 +60,7 @@ class OTS_House extends OTS_Row_DAO
     private $tiles = array();
 
 	public function load($id) {
-		$this->data = $this->db->query('SELECT * FROM `houses` WHERE `id` = ' . $id )->fetch();
-		foreach($this->data as $key => $value) {
-			if(is_numeric($key)) {
-				unset($this->data[$key]);
-			}
-		}
+		$this->data = $this->db->query('SELECT * FROM `houses` WHERE `id` = ' . $id )->fetch(PDO::FETCH_ASSOC);
 	}
 
     public function find($name)

system/libs/pot/OTS_Monster.php

@@ -15,11 +15,11 @@
 
 /**
  * Wrapper for monsters files DOMDocument.
- * 
+ *
  * <p>
  * Note: as this class extends {@link http://www.php.net/manual/en/ref.dom.php DOMDocument class} and contains exacly file XML tree you can work on it as on normal DOM tree.
  * </p>
- * 
+ *
  * @package POT
  * @version 0.1.3
  * @property-read string $name Monster name.
@@ -44,14 +44,14 @@ class OTS_Monster extends DOMDocument
 	{
 		$this->loaded = parent::loadXML($source, $options);
 	}
-	
+
 	public function loaded()
 	{
 		return $this->loaded;
 	}
 /**
  * Returns monster name.
- * 
+ *
  * @return string Name.
  * @throws DOMException On DOM operation error.
  */
@@ -62,7 +62,7 @@ class OTS_Monster extends DOMDocument
 
 /**
  * Returns monster race.
- * 
+ *
  * @return string Race.
  * @throws DOMException On DOM operation error.
  */
@@ -73,7 +73,7 @@ class OTS_Monster extends DOMDocument
 
 /**
  * Returns amount of experience for killing this monster.
- * 
+ *
  * @return int Experience points.
  * @throws DOMException On DOM operation error.
  */
@@ -84,7 +84,7 @@ class OTS_Monster extends DOMDocument
 
 /**
  * Returns monster speed.
- * 
+ *
  * @return int Speed.
  * @throws DOMException On DOM operation error.
  */
@@ -95,7 +95,7 @@ class OTS_Monster extends DOMDocument
 
 /**
  * Returns amount of mana required to summon this monster.
- * 
+ *
  * @return int|bool Mana required (false if not possible).
  * @throws DOMException On DOM operation error.
  */
@@ -114,7 +114,7 @@ class OTS_Monster extends DOMDocument
 
 /**
  * Returns monster HP.
- * 
+ *
  * @return int Hit points.
  * @throws DOMException On DOM operation error.
  */
@@ -125,28 +125,29 @@ class OTS_Monster extends DOMDocument
 
 /**
  * Returns all monster flags (in format flagname => value).
- * 
+ *
  * @return array Flags.
  * @throws DOMException On DOM operation error.
  */
-    public function getFlags()
-    {
-        $flags = array();
+	public function getFlags()
+	{
+		$flags = array();
 
-        // read all flags
-        foreach( $this->documentElement->getElementsByTagName('flags')->item(0)->getElementsByTagName('flag') as $flag)
-        {
-            $flag = $flag->attributes->item(0);
+		if ($this->documentElement->getElementsByTagName('flags')->item(0)) {
+			foreach( $this->documentElement->getElementsByTagName('flags')->item(0)->getElementsByTagName('flag') as $flag)
+			{
+				$flag = $flag->attributes->item(0);
 
-            $flags[$flag->nodeName] = (int) $flag->nodeValue;
-        }
+				$flags[$flag->nodeName] = (int) $flag->nodeValue;
+			}
+		}
 
-        return $flags;
-    }
+		return $flags;
+	}
 
 /**
  * Returns specified flag value.
- * 
+ *
  * @param string $flag Flag.
  * @return int|bool Flag value (false if not set).
  * @throws DOMException On DOM operation error.
@@ -169,7 +170,7 @@ class OTS_Monster extends DOMDocument
 
 /**
  * Returns voices that monster can sound.
- * 
+ *
  * @return array List of voices.
  * @throws DOMException On DOM operation error.
  */
@@ -214,17 +215,17 @@ class OTS_Monster extends DOMDocument
 		                $chance = 100000;
                     }
                 }
-                
+
                 $count = $item->getAttribute('countmax');
 	            if(empty($count)) {
 	                $count = 1;
                 }
-                
+
                 $id = $item->getAttribute('id');
                 if(empty($id)) {
                     $id = $item->getAttribute('name');
                 }
-                
+
                 $loot[] = array('id' => $id, 'count' => $count, 'chance' => $chance);
             }
         }
@@ -234,11 +235,11 @@ class OTS_Monster extends DOMDocument
 
 /**
  * Returns all possible loot.
- * 
+ *
  * <p>
  * In order to use this method you have to have global items list loaded.
  * </p>
- * 
+ *
  * @version 0.1.0
  * @since 0.1.0
  * @return array List of item types.
@@ -275,7 +276,7 @@ class OTS_Monster extends DOMDocument
 
 /**
  * Returns all monster immunities.
- * 
+ *
  * @return array Immunities.
  * @throws DOMException On DOM operation error.
  */
@@ -306,7 +307,7 @@ class OTS_Monster extends DOMDocument
 
 /**
  * Checks if monster has given immunity.
- * 
+ *
  * @param string $name Immunity to check.
  * @return bool Immunity state.
  * @throws DOMException On DOM operation error.
@@ -334,7 +335,7 @@ class OTS_Monster extends DOMDocument
 
 /**
  * Returns monster defense rate.
- * 
+ *
  * @return int Defense rate.
  * @throws DOMException On DOM operation error.
  */
@@ -353,7 +354,7 @@ class OTS_Monster extends DOMDocument
 
 /**
  * Returns monster armor.
- * 
+ *
  * @return int Armor rate.
  * @throws DOMException On DOM operation error.
  */
@@ -372,7 +373,7 @@ class OTS_Monster extends DOMDocument
 
 /**
  * Returns list of special defenses.
- * 
+ *
  * @return array List of defense effects.
  * @throws DOMException On DOM operation error.
  */
@@ -396,7 +397,7 @@ class OTS_Monster extends DOMDocument
 
 /**
  * Returns list of monster attacks.
- * 
+ *
  * @return array List of attafck effects.
  * @throws DOMException On DOM operation error.
  */
@@ -420,7 +421,7 @@ class OTS_Monster extends DOMDocument
 
 /**
  * Magic PHP5 method.
- * 
+ *
  * @version 0.1.0
  * @since 0.1.0
  * @param string $name Property name.
@@ -481,11 +482,11 @@ class OTS_Monster extends DOMDocument
 
 /**
  * Returns string representation of XML.
- * 
+ *
  * <p>
  * If any display driver is currently loaded then it uses it's method. Otherwise just returns monster XML content.
  * </p>
- * 
+ *
  * @version 0.1.3
  * @since 0.1.0
  * @return string String representation of object.

system/libs/src/Cache.php

@@ -0,0 +1,5 @@
+<?php
+
+namespace MyAAC;
+
+class Cache extends \Cache {}

system/libs/src/Plugins.php

@@ -0,0 +1,5 @@
+<?php
+
+namespace MyAAC;
+
+class Plugins extends \Plugins {}

system/libs/visitors.php

@@ -33,7 +33,7 @@ class Visitors
 		$this->sessionTime = $sessionTime;
 		$this->cleanVisitors();
 
-		$ip = $_SERVER['REMOTE_ADDR'];
+		$ip = get_browser_real_ip();
 		if($this->visitorExists($ip))
 			$this->updateVisitor($ip, $_SERVER['REQUEST_URI']);
 		else

system/login.php

@@ -74,7 +74,7 @@ else
 				else
 					$tmp = array();
 
-				$ip = $_SERVER['REMOTE_ADDR'];
+				$ip = get_browser_real_ip();
 				$t = isset($tmp[$ip]) ? $tmp[$ip] : NULL;
 			}
 
@@ -88,28 +88,32 @@ else
 				&& (!isset($t) || $t['attempts'] < 5)
 				)
 			{
-				session_regenerate_id();
-				setSession('account', $account_logged->getId());
-				setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password));
-				if($remember_me) {
-					setSession('remember_me', true);
-				}
-
-				$logged = true;
-				$logged_flags = $account_logged->getWebFlags();
-
-				if(isset($_POST['admin']) && !admin()) {
-					$errors[] = 'This account has no admin privileges.';
-					unsetSession('account');
-					unsetSession('password');
-					unsetSession('remember_me');
-					$logged = false;
+				if (config('mail_enabled') && config('account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) {
+					$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.';
 				}
 				else {
-					$account_logged->setCustomField('web_lastlogin', time());
-				}
+					session_regenerate_id();
+					setSession('account', $account_logged->getId());
+					setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password));
+					if ($remember_me) {
+						setSession('remember_me', true);
+					}
 
-				$hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me));
+					$logged = true;
+					$logged_flags = $account_logged->getWebFlags();
+
+					if (isset($_POST['admin']) && !admin()) {
+						$errors[] = 'This account has no admin privileges.';
+						unsetSession('account');
+						unsetSession('password');
+						unsetSession('remember_me');
+						$logged = false;
+					} else {
+						$account_logged->setCustomField('web_lastlogin', time());
+					}
+
+					$hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me));
+				}
 			}
 			else
 			{

system/pages/account/change_name.php

@@ -33,6 +33,10 @@ else
 
 		if(empty($errors))
 		{
+			if(!Validator::characterName($name)) {
+				$errors[] = Validator::getLastError();
+			}
+
 			if(!admin() && !Validator::newCharacterName($name))
 				$errors[] = Validator::getLastError();
 		}

system/pages/account/confirm_email.php

@@ -29,11 +29,13 @@ else
 		$account = new OTS_Account();
 		$account->load($query['id']);
 		if ($account->isLoaded()) {
+			$db->update('accounts', ['email_verified' => '1'], ['email_hash' => $hash]);
+			success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this. You can now <a href=' . getLink('account/manage') . '>log in</a>.');
+
 			$hooks->trigger(HOOK_EMAIL_CONFIRMED, ['account' => $account]);
 		}
 	}
-
-	$db->update('accounts', array('email_verified' => '1'), array('email_hash' => $hash));
-	success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.');
+	else {
+		error('Link has expired.');
+	}
 }
-?>

system/pages/bans.php

@@ -167,37 +167,31 @@ function getBanType($typeId)
 
 function getPlayerNameByAccount($id)
 {
-	global $vowels, $ots, $db;
-	if(is_numeric($id))
-	{
-		$player = new OTS_Player();
-		$player->load($id);
-		if($player->isLoaded())
-			return $player->getName();
-		else
-		{
-			$playerQuery = $db->query('SELECT `id` FROM `players` WHERE `account_id` = ' . $id . ' ORDER BY `lastlogin` DESC LIMIT 1;')->fetch();
+	global $db;
+	if(!is_numeric($id)) {
+		return '';
+	}
 
-			$tmp = "*Error*";
-			/*
-			$acco = new OTS_Account();
-			$acco->load($id);
-			if(!$acco->isLoaded())
-				return "Unknown name";
+	$playerQuery = $db->query('SELECT `name` FROM `players` WHERE `account_id` = ' . $id . ' ORDER BY `lastlogin` DESC LIMIT 1;');
+	if ($playerQuery->rowCount() == 0) {
+		return "*Error*";
+	}
 
-			foreach($acco->getPlayersList() as $p)
-			{
-				$player= new OTS_Player();
-				$player->find($p);*/
-				$player->load($playerQuery['id']);
-				//echo 'id gracza = ' . $p . '<br/>';
-				if($player->isLoaded())
-					$tmp = $player->getName();
-			//	break;
-			//}
+	$playerQuery = $playerQuery->fetch();
+	return $playerQuery['name'];
+}
 
-			return $tmp;
-		}
+function getPlayerNameById($id)
+{
+	if (!is_numeric($id)) {
+		return '';
+	}
+
+	global $db;
+	$playerQuery = $db->query('SELECT `name` FROM `players` WHERE `id` = ' . $id);
+	if ($playerQuery->rowCount()) {
+		$player = $playerQuery->fetch(PDO::FETCH_ASSOC);
+		return $player['name'];
 	}
 
 	return '';

system/pages/createaccount.php

@@ -137,7 +137,13 @@ if($save)
 		$params['account_id'] = $_POST['account'];
 	}
 
+	/**
+	 * two hooks for compatibility
+	 */
 	$hooks->trigger(HOOK_ACCOUNT_CREATE_AFTER_SUBMIT, $params);
+	if (!$hooks->trigger(HOOK_ACCOUNT_CREATE_POST, $params)) {
+		return;
+	}
 
 	if(config('account_create_character_create')) {
 		$character_name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : null;
@@ -167,6 +173,8 @@ if($save)
 		$new_account->setEMail($email);
 		$new_account->save();
 
+		$hooks->trigger(HOOK_ACCOUNT_CREATE_AFTER_SAVED, ['account' => $new_account]);
+
 		if($config_salt_enabled)
 			$new_account->setCustomField('salt', $salt);
 
@@ -211,6 +219,9 @@ if($save)
 			if(_mail($email, 'New account on ' . $config['lua']['serverName'], $body_html))
 			{
 				echo 'Your account has been created.<br/><br/>';
+
+				warning("Before you can login - you need to verify your E-Mail. The verification link has been sent to $email. If the message is not coming - remember to check the SPAM folder.");
+
 				$twig->display('success.html.twig', array(
 					'title' => 'Account Created',
 					'description' => 'Your account ' . $account_type . ' is <b>' . $tmp_account . '</b><br/>You will need the account ' . $account_type . ' and your password to play on ' . configLua('serverName') . '.
@@ -227,15 +238,6 @@ if($save)
 		}
 		else
 		{
-			if(config('account_create_character_create')) {
-				// character creation
-				$character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors);
-				if (!$character_created) {
-					error('There was an error creating your character. Please create your character later in account management page.');
-					error(implode(' ', $errors));
-				}
-			}
-
 			if($config['account_create_auto_login']) {
 				$_POST['account_login'] = USE_ACCOUNT_NAME ? $account_name : $account_id;
 				$_POST['password_login'] = $password2;
@@ -280,6 +282,15 @@ if($save)
 			}
 		}
 
+		if(config('account_create_character_create')) {
+			// character creation
+			$character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors);
+			if (!$character_created) {
+				error('There was an error creating your character. Please create your character later in account management page.');
+				error(implode(' ', $errors));
+			}
+		}
+
 		return;
 	}
 }
@@ -291,7 +302,7 @@ if($config['account_country_recognize']) {
 		$country_recognized = $country_session;
 	}
 	else {
-		$info = json_decode(@file_get_contents('http://ipinfo.io/' . $_SERVER['REMOTE_ADDR'] . '/geo'), true);
+		$info = json_decode(@file_get_contents('http://ipinfo.io/' . get_browser_real_ip() . '/geo'), true);
 		if(isset($info['country'])) {
 			$country_recognized = strtolower($info['country']);
 			setSession('country', $country_recognized);

system/pages/forum/new_thread.php

@@ -65,7 +65,7 @@ if(Forum::canPost($account_logged))
 				}
 				if (count($errors) == 0) {
 					$saved = true;
-					$db->query("INSERT INTO `" . FORUM_TABLE_PREFIX . "forum` (`first_post` ,`last_post` ,`section` ,`replies` ,`views` ,`author_aid` ,`author_guid` ,`post_text` ,`post_topic` ,`post_smile`, `post_html` ,`post_date` ,`last_edit_aid` ,`edit_date`, `post_ip`) VALUES ('0', '" . time() . "', '" . (int)$section_id . "', '0', '0', '" . $account_logged->getId() . "', '" . (int)$char_id . "', " . $db->quote($text) . ", " . $db->quote($post_topic) . ", '" . (int)$smile . "', '" . (int)$html . "', '" . time() . "', '0', '0', '" . $_SERVER['REMOTE_ADDR'] . "')");
+					$db->query("INSERT INTO `" . FORUM_TABLE_PREFIX . "forum` (`first_post` ,`last_post` ,`section` ,`replies` ,`views` ,`author_aid` ,`author_guid` ,`post_text` ,`post_topic` ,`post_smile`, `post_html` ,`post_date` ,`last_edit_aid` ,`edit_date`, `post_ip`) VALUES ('0', '" . time() . "', '" . (int)$section_id . "', '0', '0', '" . $account_logged->getId() . "', '" . (int)$char_id . "', " . $db->quote($text) . ", " . $db->quote($post_topic) . ", '" . (int)$smile . "', '" . (int)$html . "', '" . time() . "', '0', '0', '" . get_browser_real_ip() . "')");
 					$thread_id = $db->lastInsertId();
 					$db->query("UPDATE `" . FORUM_TABLE_PREFIX . "forum` SET `first_post`=" . (int)$thread_id . " WHERE `id` = " . (int)$thread_id);
 					header('Location: ' . getForumThreadLink($thread_id));

system/pages/forum/show_board.php

@@ -35,7 +35,7 @@ for($i = 0; $i < $threads_count['threads_count'] / $config['forum_threads_per_pa
 		$links_to_pages .= '<b>'.($i + 1).' </b>';
 }
 echo '<a href="' . getLink('forum') . '">Boards</a> >> <b>'.$sections[$section_id]['name'].'</b>';
-if(!$sections[$section_id]['closed'] || Forum::isModerator())
+if($logged && (!$sections[$section_id]['closed'] || Forum::isModerator()))
 {
 	echo '<br /><br />
 		<a href="?subtopic=forum&action=new_thread&section_id='.$section_id.'"><img src="images/forum/topic.gif" border="0" /></a>';
@@ -87,7 +87,7 @@ if(isset($last_threads[0]))
 		echo '</td></tr>';
 	}
 	echo '</table>';
-	if(!$sections[$section_id]['closed'] || Forum::isModerator())
+	if($logged && (!$sections[$section_id]['closed'] || Forum::isModerator()))
 		echo '<br /><a href="?subtopic=forum&action=new_thread&section_id='.$section_id.'"><img src="images/forum/topic.gif" border="0" /></a>';
 }
 else

system/pages/highscores.php

@@ -30,10 +30,12 @@ if($config['highscores_vocation_box'] && isset($vocation))
 		if(strtolower($name) == $vocation) {
 			$add_vocs = array($id);
 
-			$i = $id + $config['vocations_amount'];
-			while(isset($config['vocations'][$i])) {
-				$add_vocs[] = $i;
-				$i += $config['vocations_amount'];
+			if ($id !== 0) {
+				$i = $id + $config['vocations_amount'];
+				while(isset($config['vocations'][$i])) {
+					$add_vocs[] = $i;
+					$i += $config['vocations_amount'];
+				}
 			}
 
 			$add_sql = 'AND `vocation` IN (' . implode(', ', $add_vocs) . ')';
@@ -355,7 +357,7 @@ if($config['highscores_vocation_box'])
 		<tr bgcolor="'.$config['lightborder'].'">
 			<td>
 				<a href="' . getLink('highscores') . '/' . $list . '" class="size_xs">[ALL]</A><BR>';
-				for($i = 1; $i <= $config['vocations_amount']; $i++) {
+				for($i = 0; $i <= $config['vocations_amount']; $i++) {
 					echo '<a href="' . getLink('highscores') . '/' . $list . '/' . strtolower($config_vocations[$i]) . '" class="size_xs">' . $config_vocations[$i] . '</a><br/>';
 				}
 		echo '

system/status.php

@@ -142,10 +142,14 @@ function updateStatus() {
 			}
 		}
 
-		$status['uptime'] = $serverStatus->getUptime();
-		$h = floor($status['uptime'] / 3600);
-		$m = floor(($status['uptime'] - $h * 3600) / 60);
-		$status['uptimeReadable'] = $h . 'h ' . $m . 'm';
+		$uptime = $status['uptime'] = $serverStatus->getUptime();
+		$m = date('m', $uptime);
+		$m = $m > 1 ? "$m months, " : ($m == 1 ? 'month, ' : '');
+		$d = date('d', $uptime);
+		$d = $d > 1 ? "$d days, " : ($d == 1 ? 'day, ' : '');
+		$h = date('H', $uptime);
+		$min = date('i', $uptime);
+		$status['uptimeReadable'] = "{$m}{$d}{$h}h {$min}m";
 
 		$status['monsters'] = $serverStatus->getMonstersCount();
 		$status['motd'] = $serverStatus->getMOTD();

system/template.php

@@ -147,7 +147,7 @@ function get_template_menus() {
 	$menus = array();
 	foreach($result as $menu) {
 		$link_full = strpos(trim($menu['link']), 'http') === 0 ? $menu['link'] : getLink($menu['link']);
-		$menus[$menu['category']][] = array('name' => $menu['name'], 'link' => $menu['link'], 'link_full' => $link_full, 'blank' => $menu['blank'] == 1, 'color' => $menu['color']);
+		$menus[$menu['category']][] = array('name' => $menu['name'], 'link' => $menu['link'], 'link_full' => $link_full, 'blank' => $menu['blank'] == 1, 'target_blank' => ($menu['blank'] == 1 ? ' target="blank"' : ''), 'color' => $menu['color']);
 	}
 
 	$new_menus = array();

system/templates/account.create.html.twig

@@ -130,7 +130,7 @@
 
 							{{ hook('HOOK_ACCOUNT_CREATE_BETWEEN_BOXES_1') }}
 
-							{% if (not config.mail_enabled or not config.account_mail_verify) and config.account_create_character_create %}
+							{% if config.account_create_character_create %}
 							<tr>
 								<td>
 									<div class="TableShadowContainerRightTop">

system/templates/account.management.html.twig

@@ -86,6 +86,7 @@
 			</div>
 		<br/><br/>
 		{% endif %}
+		{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_GENERAL_INFORMATION') }}
 		<a name="General+Information"></a>
 		<h2>General Information</h2>
 		<table width="100%">
@@ -122,6 +123,7 @@
 			{% endautoescape %}
 		</table>
 		<br/>
+		{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_PUBLIC_INFORMATION') }}
 		<a name="Public+Information"></a>
 		<h2>Public Information</h2>
 		<table width="100%">
@@ -139,8 +141,9 @@
 			{% include('buttons.base.html.twig') %}
 		</form>
 		<br/>
+		{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS') }}
 		<a name="Account+Logs" ></a>
-		<h2>Action Log</h2>
+		<h2>Account Logs</h2>
 		<table>
 			<tr bgcolor="{{ config.vdarkborder }}" class="white">
 				<th>Action</th><th>Date</th><th>IP</th>
@@ -158,6 +161,7 @@
 			{% endautoescape %}
 		</table>
 		<br/>
+		{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_CHARACTERS') }}
 		<a name="Characters" ></a>
 		<h2>Character list: {{ players|length }} characters.</h2>
 		<table>

system/templates/news.html.twig

@@ -1,6 +1,6 @@
 <div class="NewsHeadline">
 	<div class="NewsHeadlineBackground" style="background-image:url({{ template_path }}/images/news/newsheadline_background.gif)">
-		<img src="{{ template_path }}/images/news/icon_{{ icon }}.gif" class="NewsHeadlineIcon" />
+		<img src="{{ constant('BASE_URL') }}images/news/icon_{{ icon }}.gif" class="NewsHeadlineIcon" />
 		<div class="NewsHeadlineDate">{{ date|date(config.news_date_format) }} - </div>
 		<div class="NewsHeadlineText">{{ title }}</div>
 		{% if config.news_author and author is not empty %}
@@ -20,4 +20,4 @@
 	</tr>
 	{% endif %}
 </table>
-<br/>
+<br/>

system/templates/news.tickers.html.twig

@@ -5,11 +5,11 @@
 	{% set i = 0 %}
 	{% for ticker in tickers %}
 	<tr bgcolor="{{ getStyle(i) }}">
-		<td style="width: 16px;"><img src="{{ template_path }}/images/news/icon_{{ ticker.icon }}_small.gif"/></td>
+		<td style="width: 16px;"><img src="{{ constant('BASE_URL') }}images/news/icon_{{ ticker.icon }}_small.gif"/></td>
 		<td style="width: 80px;">{{ ticker.date|date("j M Y") }}</td>
 		<td>{{ ticker.body|raw }}</td>
 	</tr>
 	{% set i = i + 1 %}
 	{% endfor %}
 </table>
-<br/>
+<br/>

system/templates/tables.headline.html.twig

@@ -1,24 +1,14 @@
-<div class="TableContainer">
-	<div class="CaptionContainer">
-		<div class="CaptionInnerContainer">
-			<span class="CaptionEdgeLeftTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-			<span class="CaptionEdgeRightTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-			<span class="CaptionBorderTop" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);"></span>
-			<span class="CaptionVerticalLeft" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
-			<div class="Text" >{{ title|raw }}</div>
-			<span class="CaptionVerticalRight" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
-			<span class="CaptionBorderBottom" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);"></span>
-			<span class="CaptionEdgeLeftBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-			<span class="CaptionEdgeRightBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
-		</div>
-	</div>
-	<table class="Table5" cellpadding="0" cellspacing="0" style="background-color: {{ config.lightborder }}">
-		<tr>
-			<td>
-				<div class="InnerTableContainer">
-					{{ content|raw }}
-				</div>
-			</td>
-		</tr>
-	</table>
-</div>
+<table border="0" cellspacing="1" cellpadding="4" width="100%">
+	<thead>
+	<tr bgcolor="{{ config.vdarkborder }}">
+		<td colspan="3" class="white"><b>{{ title|raw }}</b></td>
+	</tr>
+	</thead>
+	<tbody>
+	<tr style="background-color: {% if background is not null %}{{ background }}{% else %}{{ config.lightborder }}{% endif %}">
+		<td>
+			{{ content|raw }}
+		</td>
+	</tr>
+	</tbody>
+</table>

templates/tibiacom/account.management.html.twig

@@ -111,6 +111,7 @@
 </div>
 <br/><br/>
 {% endif %}
+{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_GENERAL_INFORMATION') }}
 <a name="General+Information" ></a>
 <div class="TopButtonContainer">
 	<div class="TopButton">
@@ -236,6 +237,7 @@
 	</table>
 </div>
 <br/>
+{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_PUBLIC_INFORMATION') }}
 <a name="Public+Information"></a>
 <div class="TopButtonContainer">
 	<div class="TopButton">
@@ -313,6 +315,7 @@
 	</table>
 </div>
 <br/>
+{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS') }}
 <a name="Account+Logs" ></a>
 <div class="TopButtonContainer">
 	<div class="TopButton">
@@ -384,6 +387,7 @@
 	</table>
 </div>
 <br/>
+{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_CHARACTERS') }}
 <a name="Characters" ></a>
 <div class="TopButtonContainer">
 	<div class="TopButton" >
@@ -516,4 +520,4 @@
 		</tr>
 	</table>
 </div>
-<br/><br/>
+<br/><br/>

templates/tibiacom/tables.headline.html.twig

@@ -0,0 +1,24 @@
+<div class="TableContainer">
+	<div class="CaptionContainer">
+		<div class="CaptionInnerContainer">
+			<span class="CaptionEdgeLeftTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
+			<span class="CaptionEdgeRightTop" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
+			<span class="CaptionBorderTop" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);"></span>
+			<span class="CaptionVerticalLeft" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
+			<div class="Text" >{{ title|raw }}</div>
+			<span class="CaptionVerticalRight" style="background-image:url({{ template_path }}/images/content/box-frame-vertical.gif);"></span>
+			<span class="CaptionBorderBottom" style="background-image:url({{ template_path }}/images/content/table-headline-border.gif);"></span>
+			<span class="CaptionEdgeLeftBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
+			<span class="CaptionEdgeRightBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></span>
+		</div>
+	</div>
+	<table class="{% if tableClass is not null %}{{ tableClass }}{% else %}Table3{% endif %}" cellpadding="0" cellspacing="0" style="background-color: {% if background is not null %}{{ background }}{% else %}{{ config.lightborder }}{% endif %}">
+		<tr>
+			<td>
+				<div class="InnerTableContainer">
+					{{ content|raw }}
+				</div>
+			</td>
+		</tr>
+	</table>
+</div>

tools/basic.js

@@ -1,9 +1,13 @@
 function MouseOverBigButton(source) {
-  source.firstChild.style.visibility = "visible";
+	if (source?.firstChild?.style) {
+		source.firstChild.style.visibility = "visible";
+	}
 }
 function MouseOutBigButton(source) {
-  source.firstChild.style.visibility = "hidden";
+	if (source?.firstChild?.style) {
+		source.firstChild.style.visibility = "hidden";
+	}
 }
 function BigButtonAction(path) {
   window.location = path;
-}
+}