<base> is not working properly, use full URL instead

was causing issues in other templates

.editorconfig

@@ -11,4 +11,9 @@ insert_final_newline = true
 
 [*.md]
 trim_trailing_whitespace = false
-indent_style = tab
+
+[{composer.json,package.json}]
+indent_style = space
+
+[package.json]
+indent_size = 2

.gitattributes

@@ -3,9 +3,12 @@
 .gitignore export-ignore
 .github export-ignore
 .editorconfig export-ignore
-.travis.yml export-ignore
 _config.yml export-ignore
 release.sh export-ignore
 
+# cypress
+cypress export-ignore
+cypress.config.js export-ignore
+cypress.env.json
+
 *.sh text eol=lf
-VERSION text eol=lf

.github/workflows/cypress.yml

@@ -0,0 +1,120 @@
+name: Cypress
+on:
+  pull_request:
+    branches: [develop]
+  push:
+    branches: [develop]
+
+jobs:
+  cypress:
+    runs-on: ubuntu-latest
+    services:
+      mysql:
+        image: mysql:8.0
+        env:
+          MYSQL_ROOT_PASSWORD: root
+          MYSQL_DATABASE: myaac
+          MYSQL_USER: myaac
+          MYSQL_PASSWORD: myaac
+        ports:
+          - 3306/tcp
+        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
+    strategy:
+      fail-fast: false
+      matrix:
+        php-versions: [ '7.4', '8.0', '8.1' ]
+    name: MyAAC on PHP ${{ matrix.php-versions }}
+    steps:
+        - name: 📌 MySQL Start & init & show db
+          run: |
+            sudo /etc/init.d/mysql start
+            mysql -e 'CREATE DATABASE myaac;' -uroot -proot
+            mysql -e "SHOW DATABASES" -uroot -proot
+
+        - name: Checkout MyAAC
+          uses: actions/checkout@v3
+          with:
+            ref: develop
+
+        - name: Checkout TFS
+          uses: actions/checkout@v3
+          with:
+            repository: otland/forgottenserver
+            ref: 1.4
+            path: tfs
+
+        - name: Import TFS Schema
+          run: |
+              mysql -uroot -proot myaac < tfs/schema.sql
+
+        - name: Rename config.lua
+          run: mv tfs/config.lua.dist tfs/config.lua
+
+        - name: Replace mysqlUser
+          uses: jacobtomlinson/gha-find-replace@v2
+          with:
+            find: 'mysqlUser = "forgottenserver"'
+            replace: 'mysqlUser = "root"'
+            regex: false
+            include: 'tfs/config.lua'
+
+        - name: Replace mysqlPass
+          uses: jacobtomlinson/gha-find-replace@v2
+          with:
+              find: 'mysqlPass = ""'
+              replace: 'mysqlPass = "root"'
+              regex: false
+              include: 'tfs/config.lua'
+
+        - name: Replace mysqlDatabase
+          uses: jacobtomlinson/gha-find-replace@v2
+          with:
+              find: 'mysqlDatabase = "forgottenserver"'
+              replace: 'mysqlDatabase = "myaac"'
+              regex: false
+              include: 'tfs/config.lua'
+
+        - name: Setup PHP
+          uses: shivammathur/setup-php@v2
+          with:
+            php-version: ${{ matrix.php-versions }}
+            extensions: mbstring, dom, fileinfo, mysql, json, xml, pdo, pdo_mysql
+
+        - name: Get composer cache directory
+          id: composer-cache
+          run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+
+        - name: Cache composer dependencies
+          uses: actions/cache@v3
+          with:
+            path: ${{ steps.composer-cache.outputs.dir }}
+            # Use composer.json for key, if composer.lock is not committed.
+            # key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+            restore-keys: ${{ runner.os }}-composer-
+
+        - name: Install Composer dependencies
+          run: composer install --no-progress --prefer-dist --optimize-autoloader
+
+        - name: Run PHP server
+          run: nohup php -S localhost:8080 > php.log 2>&1 &
+
+        - name: Cypress Run
+          uses: cypress-io/github-action@v5
+          env:
+            CYPRESS_URL: http://localhost:8080
+            CYPRESS_SERVER_PATH: /home/runner/work/myaac/myaac/tfs
+
+        - name: Save screenshots
+          uses: actions/upload-artifact@v3
+          if: always()
+          with:
+            name: cypress-screenshots
+            path: cypress/screenshots
+
+        - name: Upload Cypress Videos
+          uses: actions/upload-artifact@v3
+          if: always()
+          with:
+            name: cypress-videos
+            path: cypress/videos

.github/workflows/phplint.yml

@@ -1,16 +1,16 @@
 name: PHP Linting
 on:
   pull_request:
-    branches: [master]
+    branches: [develop]
   push:
-    branches: [master]
+    branches: [develop]
 
 jobs:
   phplint:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: overtrue/phplint@3.4.0
+      - uses: overtrue/phplint@8.2
         with:
           path: .
-          options: --exclude="system/libs/polyfill-mbstring/bootstrap80.php"
+          options: --exclude=*.log

.gitignore

@@ -2,21 +2,16 @@ Thumbs.db
 .DS_Store
 .idea
 
-#
-/.htaccess
-
 # composer
 composer.lock
 vendor
 
 # npm
 node_modules
-tools/ext
 
 # cypress
 cypress.env.json
 cypress/e2e/2-advanced-examples
-cypress/screenshots
 
 # created by release.sh
 releases
@@ -37,12 +32,6 @@ images/guilds/*
 images/editor/*
 !images/editor/index.html
 
-# gallery images
-images/gallery/*
-!images/gallery/index.html
-!images/gallery/demon.jpg
-!images/gallery/demon_thumb.gif
-
 # cache
 system/cache/*
 !system/cache/index.html
@@ -50,10 +39,6 @@ system/cache/*
 !system/cache/signatures/index.html
 !system/cache/plugins/index.html
 
-# php sessions
-system/php_sessions/*
-!system/php_sessions/index.html
-
 # logs
 system/logs/*
 !system/logs/index.html
@@ -62,6 +47,10 @@ system/logs/*
 system/data/*
 !system/data/index.html
 
+# php sessions
+system/php_sessions/*
+!system/php_sessions/index.html
+
 # plugins
 plugins/*
 !plugins/.htaccess
@@ -72,5 +61,8 @@ plugins/*
 !plugins/email-confirmed-reward
 landing
 
+# system
+system/functions_custom.php
+
 # others/rest
 system/pages/downloads.php

.htaccess

@@ -6,12 +6,14 @@
 	Options -MultiViews
 </IfModule>
 
+<FilesMatch "^(CHANGELOG\.md|README\.md|composer\.json|composer\.lock|package\.json|package-lock\.json|cypress\.env\.json)$">
+	Require all denied
+</FilesMatch>
+
 <IfModule mod_rewrite.c>
 	RewriteEngine On
 
-	# you can put here your myaac root folder
-	# path relative to web root
-    #RewriteBase /myaac/
+	#RewriteBase /myaac/
 
 	RewriteCond %{REQUEST_FILENAME} !-f
 	RewriteCond %{REQUEST_FILENAME} !-d

.travis.yml

@@ -1,20 +0,0 @@
-
-language: php
-php:
-  - 5.6
-  - 7.0
-  - 7.1
-  - 7.2
-  - 7.3
-  - 7.4
-  - 8.0
-
-cache:
-  directories:
-    - $HOME/.composer/cache
-
-before_script:
-  - composer require php-parallel-lint/php-parallel-lint --no-suggest --no-progress --no-interaction --no-ansi --quiet --optimize-autoloader
-
-script:
-  - php vendor/bin/parallel-lint --no-progress --no-colors --exclude vendor --exclude "system/libs/pot/OTS_DB_PDOQuery_PHP71.php" .

README.md

@@ -1,29 +1,24 @@
 # [MyAAC](https://my-aac.org)
 
+[![Build Status Master](https://img.shields.io/travis/slawkens/myaac/master)](https://travis-ci.org/github/slawkens/myaac)
+[![License: GPL-3.0](https://img.shields.io/github/license/slawkens/myaac)](https://opensource.org/licenses/gpl-license)
+[![Downloads Count](https://img.shields.io/github/downloads/slawkens/myaac/total)](https://github.com/slawkens/myaac/releases)
+[![PHP Versions](https://img.shields.io/travis/php-v/slawkens/myaac/master)](https://github.com/slawkens/myaac/blob/d8b3b4135827ee17e3c6d41f08a925e718c587ed/.travis.yml#L3)
+[![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
+[![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
+
 MyAAC is a free and open-source Automatic Account Creator (AAC) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
 
 Official website: https://my-aac.org
 
-[![GitHub Workflow Status (with event)](https://img.shields.io/github/actions/workflow/status/slawkens/myaac/cypress.yml)](https://github.com/slawkens/myaac/actions)
-[![License: GPL-3.0](https://img.shields.io/github/license/slawkens/myaac)](https://opensource.org/licenses/gpl-license)
-[![Downloads Count](https://img.shields.io/github/downloads/slawkens/myaac/total)](https://github.com/slawkens/myaac/releases)
-[![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
-[![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
-
-| Version | Status                 | Branch  | Requirements   |
-|:--------|:-----------------------|:--------|:---------------|
-| **1.x** | **Active development** | develop | **PHP >= 8.1** |
-| 0.9.x   | Not developed anymore  | 0.9     | PHP >= 7.2.5   |
-| 0.8.x   | Active support         | master  | PHP >= 7.2.5   |
-| 0.7.x   | End Of Life            | 0.7     | PHP >= 5.3.3   |
-
 ### Requirements
 
+	- PHP 5.6 or later
 	- MySQL database
-	- PHP Extensions: pdo, xml, json
-	- (optional) apache2 mod_rewrite (to use friendly_urls)
-	- (optional) zip PHP Extension (to install plugins)
-	- (optional) gd PHP Extension (for generating signature images)
+	- PDO PHP Extension
+	- XML PHP Extension
+	- ZIP PHP Extension
+	- (optional) mod_rewrite to use friendly_urls
 
 ### Installation
 
@@ -47,8 +42,7 @@ Official website: https://my-aac.org
 
 ### Configuration
 
-Check *config.php* to get more informations. (Notice: MyAAC 1.0+ doesn't use config.php anymore, it has been moved to Admin Panel - Settings page).
-
+Check *config.php* to get more informations.
 Use *config.local.php* for your local configuration changes.
 
 ### Branches
@@ -77,13 +71,7 @@ Look: [Contributing](https://github.com/otsoft/myaac/wiki/Contributing) in our w
 
 ### Other Notes
 
-If you have a great idea or want contribute to the project - visit our website at https://www.my-aac.org
-
-## Project supported by JetBrains
-
-Many thanks to Jetbrains for kindly providing a license for me to work on this and other open-source projects.
-
-[![JetBrains](https://resources.jetbrains.com/storage/products/company/brand/logos/jb_beam.svg)](https://www.jetbrains.com/?from=https://github.com/slawkens)
+	If you have a great idea or want contribute to the project - visit our website at https://www.my-aac.org
 
 ### License
 

SECURITY.md

@@ -1,16 +0,0 @@
-# Security Policy
-
-## Supported Versions
-
-| Version | Supported          |
-| ------- | ------------------ |
-| 1.x.y   | :white_check_mark: |
-| 0.9.x   | :x:                |
-| 0.8.x   | :white_check_mark: |
-| < 0.7   | :x:                |
-
-## Reporting a Vulnerability
-
-If you found a security vulnerability, please write an email to security@my-aac.org
-
-All reports will be taken very seriously, and a fix will be posted as soon as possible.

admin/includes/functions.php

@@ -1,2 +1 @@
-<?php
-// nothing yet here
+<?php

admin/index.php

@@ -1,9 +1,10 @@
 <?php
+
 // few things we'll need
 require '../common.php';
 
-define('ADMIN_PANEL', true);
-define('MYAAC_ADMIN', true);
+const ADMIN_PANEL = true;
+const MYAAC_ADMIN = true;
 
 if(file_exists(BASE . 'config.local.php')) {
 	require_once BASE . 'config.local.php';
@@ -18,8 +19,8 @@ if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['i
 $content = '';
 
 // validate page
-$page = isset($_GET['p']) ? $_GET['p'] : '';
-if(empty($page) || preg_match("/[^a-zA-Z0-9_\-]/", $page))
+$page = $_GET['p'] ?? '';
+if(empty($page) || preg_match("/[^a-zA-Z0-9_\-\/.]/", $page))
 	$page = 'dashboard';
 
 $page = strtolower($page);
@@ -28,6 +29,11 @@ define('PAGE', $page);
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
 
+// verify myaac tables exists in database
+if(!$db->hasTable('myaac_account_actions')) {
+	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
+}
+
 if(config('env') === 'dev') {
 	ini_set('display_errors', 1);
 	ini_set('display_startup_errors', 1);
@@ -42,30 +48,40 @@ $hooks->load();
 require SYSTEM . 'status.php';
 require SYSTEM . 'login.php';
 require SYSTEM . 'migrate.php';
-require ADMIN . 'includes/functions.php';
+require __DIR__ . '/includes/functions.php';
 
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
 
+if (ACTION == 'logout') {
+	require SYSTEM . 'logout.php';
+}
+
 // if we're not logged in - show login box
 if(!$logged || !admin()) {
 	$page = 'login';
 }
 
 // include our page
-$file = ADMIN . 'pages/' . $page . '.php';
+$file = __DIR__ . '/pages/' . $page . '.php';
 if(!@file_exists($file)) {
-	$page = '404';
-	$file = SYSTEM . 'pages/404.php';
+	if (strpos($page, 'plugins/') !== false) {
+		$file = BASE . $page;
+	}
+	else {
+		$page = '404';
+		$file = SYSTEM . 'pages/404.php';
+	}
 }
 
 ob_start();
-include($file);
+if($hooks->trigger(HOOK_ADMIN_BEFORE_PAGE)) {
+	require $file;
+}
 
 $content .= ob_get_contents();
 ob_end_clean();
 
 // template
 $template_path = 'template/';
-require ADMIN . $template_path . 'template.php';
-
+require __DIR__ . '/' . $template_path . 'template.php';

admin/pages/changelog.php

@@ -1,26 +1,139 @@
 <?php
 /**
- * CHANGELOG viewer
+ * CHANGELOG modifier
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
+ * @author    Lee
+ * @copyright 2020 MyAAC
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = 'MyAAC Changelog';
 
-if (!file_exists(BASE . 'CHANGELOG.md')) {
-	echo 'File CHANGELOG.md doesn\'t exist.';
+if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
+	echo 'Access denied.';
 	return;
 }
 
-require LIBS . 'Parsedown.php';
+$title = 'Changelog';
+$use_datatable = true;
+const CL_LIMIT = 600; // maximum changelog body length
+?>
 
-$changelog = file_get_contents(BASE . 'CHANGELOG.md');
+<link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
+<script src="<?php echo BASE_URL; ?>tools/js/jquery.datetimepicker.js"></script>
+<?php
+$id = $_GET['id'] ?? 0;
+require_once LIBS . 'changelog.php';
 
-$Parsedown = new Parsedown();
+if(!empty($action))
+{
+	$id = $_REQUEST['id'] ?? null;
+	$body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null;
+	$create_date = isset($_REQUEST['createdate']) ? (int)strtotime($_REQUEST['createdate'] ): null;
+	$player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null;
+	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null;
+	$where = isset($_REQUEST['where']) ? (int)$_REQUEST['where'] : null;
 
-$changelog = $Parsedown->text($changelog); # prints: <p>Hello <em>Parsedown</em>!</p>
+	$errors = array();
 
-echo '<div>' . $changelog . '</div>';
+	if($action == 'new') {
+
+		if(isset($body) && Changelog::add($body, $type, $where, $player_id, $create_date, $errors)) {
+			$body = '';
+			$type = $where = $player_id = $create_date = 0;
+
+			success("Added successful.");
+		}
+	}
+	else if($action == 'delete') {
+		Changelog::delete($id, $errors);
+		success("Deleted successful.");
+	}
+	else if($action == 'edit')
+	{
+		if(isset($id) && !isset($body)) {
+			$cl = Changelog::get($id);
+			$body = $cl['body'];
+			$type = $cl['type'];
+			$where = $cl['where'];
+			$create_date = $cl['date'];
+			$player_id = $cl['player_id'];
+		}
+		else {
+			if(Changelog::update($id, $body, $type, $where, $player_id, $create_date,$errors)) {
+				$action = $body = '';
+				$type = $where = $player_id = $create_date = 0;
+
+				success("Updated successful.");
+			}
+		}
+	}
+	else if($action == 'hide') {
+		Changelog::toggleHidden($id, $errors, $status);
+		success(($status == 1 ? 'Show' : 'Hide') . " successful.");
+	}
+
+	if(!empty($errors))
+		error(implode(", ", $errors));
+}
+
+$changelogs = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'changelog' . '` ORDER BY `id` DESC')->fetchAll();
+
+$i = 0;
+
+$log_type = [
+	['id' => 1, 'icon' => 'added'],
+	['id' => 2, 'icon' => 'removed'],
+	['id' => 3, 'icon' => 'changed'],
+	['id' => 4, 'icon' => 'fixed'],
+];
+
+$log_where = [
+	['id' => 1, 'icon' => 'server'],
+	['id' => 2, 'icon' => 'website'],
+];
+
+foreach($changelogs as $key => &$log)
+{
+	$log['type'] = getChangelogType($log['type']);
+	$log['where'] = getChangelogWhere($log['where']);
+}
+
+if($action == 'edit' || $action == 'new') {
+	if($action == 'edit') {
+		$player = new OTS_Player();
+		$player->load($player_id);
+	}
+
+	$account_players = $account_logged->getPlayersList();
+	$account_players->orderBy('group_id', POT::ORDER_DESC);
+	$twig->display('admin.changelog.form.html.twig', array(
+		'action' => $action,
+		'cl_link_form' => constant('ADMIN_URL').'?p=changelog&action=' . ($action == 'edit' ? 'edit' : 'new'),
+		'cl_id' => $id ?? null,
+		'body' => isset($body) ? escapeHtml($body) : '',
+		'create_date' => $create_date ?? '',
+		'player_id' => $player_id ?? null,
+		'account_players' => $account_players,
+		'type' => $type ?? 0,
+		'where' => $where ?? 0,
+		'log_type' => $log_type,
+		'log_where' => $log_where,
+	));
+}
+$twig->display('admin.changelog.html.twig', array(
+	'changelogs' => $changelogs,
+));
+
+?>
+<script>
+	$(document).ready(function () {
+		$('#createdate').datetimepicker({format: "M d Y, H:i:s",});
+
+		$('.tb_datatable').DataTable({
+			"order": [[0, "desc"]],
+			"columnDefs": [{targets: [1, 2,4,5],orderable: false}]
+		});
+	});
+</script>

admin/pages/clmd.php

@@ -0,0 +1,25 @@
+<?php
+/**
+ * CHANGELOG viewer
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @author    Lee
+ * @copyright 2020 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'MyAAC Changelog';
+
+if (!file_exists(BASE . 'CHANGELOG.md')) {
+	echo 'File CHANGELOG.md doesn\'t exist.';
+	return;
+}
+
+$changelog = file_get_contents(BASE . 'CHANGELOG.md');
+
+$Parsedown = new Parsedown();
+
+$changelog = $Parsedown->text($changelog); # prints: <p>Hello <em>Parsedown</em>!</p>
+
+echo '<div>' . $changelog . '</div>';

admin/pages/dashboard.php

@@ -19,8 +19,10 @@ if (isset($_GET['clear_cache'])) {
 }
 
 if (isset($_GET['maintenance'])) {
-	$_status = (int)$_POST['status'];
-	$message = $_POST['message'];
+	$message = (!empty($_POST['message']) ? $_POST['message'] : null);
+	$_status = (isset($_POST['status']) && $_POST['status'] == 'true');
+	$_status = ($_status ? '0' : '1');
+
 	if (empty($message)) {
 		error('Message cannot be empty.');
 	} else if (strlen($message) > 255) {
@@ -45,47 +47,16 @@ $tmp = '';
 if (fetchDatabaseConfig('site_closed_message', $tmp))
 	$closed_message = $tmp;
 
-$query = $db->query('SELECT count(*) as `how_much` FROM `accounts`;');
-$query = $query->fetch();
-$total_accounts = $query['how_much'];
-
-$query = $db->query('SELECT count(*) as `how_much` FROM `players`;');
-$query = $query->fetch();
-$total_players = $query['how_much'];
-
-$query = $db->query('SELECT count(*) as `how_much` FROM `guilds`;');
-$query = $query->fetch();
-$total_guilds = $query['how_much'];
-
-$query = $db->query('SELECT count(*) as `how_much` FROM `houses`;');
-$query = $query->fetch();
-$total_houses = $query['how_much'];
-
-$twig->display('admin.statistics.html.twig', array(
-	'total_accounts' => $total_accounts,
-	'total_players' => $total_players,
-	'total_guilds' => $total_guilds,
-	'total_houses' => $total_houses
-));
-
-$twig->display('admin.dashboard.html.twig', array(
-	'is_closed' => $is_closed,
-	'closed_message' => $closed_message,
-	'status' => $status,
-	'account_type' => USE_ACCOUNT_NAME ? 'name' : 'number'
-));
-
-echo '<div class="row">';
-
 $configAdminPanelModules = config('admin_panel_modules');
-if(isset($configAdminPanelModules))
+if (isset($configAdminPanelModules)) {
+	echo '<div class="row">';
 	$configAdminPanelModules = explode(',', $configAdminPanelModules);
-
-$twig_loader->prependPath(__DIR__ . '/modules/templates');
-foreach($configAdminPanelModules as $box) {
-	$file = __DIR__ . '/modules/' . $box . '.php';
-	if(file_exists($file)) {
-		include($file);
+	$twig_loader->prependPath(__DIR__ . '/modules/templates');
+	foreach ($configAdminPanelModules as $box) {
+		$file = __DIR__ . '/modules/' . $box . '.php';
+		if (file_exists($file)) {
+			include($file);
+		}
 	}
-}
 echo '</div>';
+}

admin/pages/data.php

@@ -1,7 +1,6 @@
 <?php
 /**
- * Account confirm mail
- * Keept for compatibility
+ * Load items.xml
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
@@ -9,7 +8,6 @@
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Server Data';
 
-if($action == 'confirm_email') {
-	require_once PAGES . 'account/confirm_email.php';
-}
+$twig->display('admin.data.html.twig');

admin/pages/items.php

@@ -1,35 +0,0 @@
-<?php
-/**
- * Load items.xml
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-$title = 'Load items.xml';
-
-require_once LIBS . 'items.php';
-require_once LIBS . 'weapons.php';
-
-$twig->display('admin.items.html.twig');
-
-$reload = isset($_REQUEST['reload']) && (int)$_REQUEST['reload'] === 1;
-if ($reload) {
-	$items_start_time = microtime(true);
-	if (Items::loadFromXML(true)) {
-		success('Successfully loaded items (in ' . round(microtime(true) - $items_start_time, 4) . ' seconds).');
-	}
-	else {
-		error(Items::getError());
-	}
-
-	$weapons_start_time = microtime(true);
-	if (Weapons::loadFromXML(true)) {
-		success('Successfully loaded weapons (in ' . round(microtime(true) - $weapons_start_time, 4) . ' seconds).');
-	}
-	else {
-		error(Weapons::getError());
-	}
-}

admin/pages/login.php

@@ -9,18 +9,16 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Login';
-$logout = '';
-if ($action == 'logout') {
-	$logout = "You have  been logged out!";
+
+require PAGES . 'account/login.php';
+if ($logged) {
+	header('Location: ' . ADMIN_URL);
+	return;
 }
 
-if (isset($errors)) {
-	foreach ($errors as $error) {
-		error($error);
-	}
-}
-
-$twig->display('admin.login.html.twig', array(
-	'logout' => $logout,
+$twig->display('admin.login.html.twig', [
+	'logout' => (ACTION == 'logout' ? 'You have  been logged out!'  : ''),
 	'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
-));
+	'account_login_by' => getAccountLoginByLabel(),
+	'errors' => $errors ?? ''
+]);

admin/pages/logs.php

@@ -4,56 +4,56 @@
  *
  * @package   MyAAC
  * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
+ * @copyright 2020 MyAAC
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Logs Viewer';
+$use_datatable = true;
 
 $files = array();
 $aac_path_logs = BASE . 'system/logs/';
 foreach (scandir($aac_path_logs, SCANDIR_SORT_ASCENDING) as $f) {
-    if ($f[0] === '.' || is_dir($aac_path_logs . $f)) {
-	    continue;
-    }
+	if ($f[0] === '.' || is_dir($aac_path_logs . $f) || $f === 'index.html') {
+		continue;
+	}
 
-    $files[] = array($f, $aac_path_logs);
+	$files[] = array($f, $aac_path_logs);
 }
 
 $server_path_logs = $config['server_path'] . 'logs/';
 if (!file_exists($server_path_logs)) {
-    $server_path_logs = $config['data_path'] . 'logs/';
+	$server_path_logs = $config['data_path'] . 'logs/';
 }
 
 if (file_exists($server_path_logs)) {
-    foreach (scandir($server_path_logs, SCANDIR_SORT_ASCENDING) as $f) {
-        if ($f[0] === '.') {
-	        continue;
-        }
+	foreach (scandir($server_path_logs, SCANDIR_SORT_ASCENDING) as $f) {
+		if ($f[0] === '.') {
+			continue;
+		}
 
-        if (is_dir($server_path_logs . $f)) {
-            foreach (scandir($server_path_logs . $f, SCANDIR_SORT_ASCENDING) as $f2) {
-                if ($f2[0] === '.') {
-	                continue;
-                }
+		if (is_dir($server_path_logs . $f)) {
+			foreach (scandir($server_path_logs . $f, SCANDIR_SORT_ASCENDING) as $f2) {
+				if ($f2[0] === '.') {
+					continue;
+				}
 
-                $files[] = array($f . '/' . $f2, $server_path_logs);
-            }
+				$files[] = array($f . '/' . $f2, $server_path_logs);
+			}
 
-            continue;
-        }
+			continue;
+		}
 
-        $files[] = array($f, $server_path_logs);
-    }
+		$files[] = array($f, $server_path_logs);
+	}
 }
 
 foreach ($files as &$f) {
-    $f['mtime'] = filemtime($f[1] . $f[0]);
-    $f['name'] = $f[0];
+	$f['mtime'] = filemtime($f[1] . $f[0]);
+	$f['name'] = $f[0];
 }
 unset($f);
 
-$twig->display('admin.logs.html.twig', array('files' => $files));
 
 define('EXIST_NONE', 0);
 define('EXIST_SERVER_LOG', 1);
@@ -72,10 +72,12 @@ if (!empty($file)) {
 		}
 
 		if ($exist !== EXIST_NONE) {
-			$content = nl2br(file_get_contents(($exist === EXIST_SERVER_LOG ? $server_path_logs : $aac_path_logs) . $file));
-			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $content));
+			$file_content = nl2br(file_get_contents(($exist === EXIST_SERVER_LOG ? $server_path_logs : $aac_path_logs) . $file));
+			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $file_content));
 		}
 	} else {
 		echo 'Invalid file name specified.';
 	}
-}
+}
+
+$twig->display('admin.logs.html.twig', array('files' => $files));

admin/pages/mailer.php

@@ -15,55 +15,69 @@ if (!hasFlag(FLAG_CONTENT_MAILER) && !superAdmin()) {
 	return;
 }
 
-if (!$config['mail_enabled']) {
-	echo 'Mail support disabled.';
+if (!config('mail_enabled')) {
+	echo 'Mail support disabled in config.';
 	return;
 }
 
-$mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : NULL;
-$mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : NULL;
-$preview = isset($_REQUEST['preview']);
+$mail_to = isset($_REQUEST['mail_to']) ? stripslashes(trim($_REQUEST['mail_to'])) : null;
+$mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : null;
+$mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : null;
 
-$preview_done = false;
-if ($preview) {
-	if (!empty($mail_content) && !empty($mail_subject)) {
-		$preview_done = _mail($account_logged->getCustomField('email'), $mail_subject, $mail_content);
+if (isset($_POST['submit'])) {
+	if (empty($mail_subject)) {
+		warning('Please enter subject of the message.');
+	}
 
-		if (!$preview_done)
-			error('Error while sending preview mail. More info can be found in system/logs/mailer-error.log');
+	if (empty($mail_content)) {
+		warning('Please enter content of the message.');
 	}
 }
-
-
-$twig->display('admin.mailer.html.twig', array(
-	'mail_subject' => $mail_subject,
-	'mail_content' => $mail_content,
-	'preview_done' => $preview_done
-));
-
-if (empty($mail_content) || empty($mail_subject) || $preview)
-	return;
-
-$success = 0;
-$failed = 0;
-
-$add = '';
-if ($config['account_mail_verify']) {
-	note('Note: Sending only to users with verified E-Mail.');
-	$add = ' AND ' . $db->fieldName('email_verified') . ' = 1';
-}
-
-$query = $db->query('SELECT ' . $db->fieldName('email') . ' FROM ' . $db->tableName('accounts') . ' WHERE ' . $db->fieldName('email') . ' != ""' . $add);
-foreach ($query as $email) {
-	if (_mail($email['email'], $mail_subject, $mail_content))
-		$success++;
+if (!empty($mail_to)) {
+	if(!Validator::email($mail_to)) {
+		warning('E-Mail is invalid.');
+	}
 	else {
-		$failed++;
-		echo '<br />';
-		error('An error occorred while sending email to <b>' . $email['email'] . '</b>. For Admin: More info can be found in system/logs/mailer-error.log');
+		if (!empty($mail_content) && !empty($mail_subject)) {
+			if (_mail($mail_to, $mail_subject, $mail_content)) {
+				success("Successfully mailed <strong>$mail_to</strong>");
+			}
+			else {
+				error("Error while sending mail to <strong>$mail_to</strong>. More info can be found in system/logs/mailer-error.log");
+			}
+		}
 	}
 }
 
-success('Mailing finished.');
-success("$success emails delivered.");
-warning("$failed emails failed.");
+if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
+	$success = 0;
+	$failed = 0;
+
+	$add = '';
+	if (config('account_mail_verify')) {
+		note('Note: Sending only to users with verified E-Mail.');
+		$add = ' AND `email_verified` = 1';
+	}
+
+	$query = $db->query('SELECT `email` FROM `accounts` WHERE `email` != ""' . $add);
+	foreach ($query as $email) {
+		if (_mail($email['email'], $mail_subject, $mail_content)) {
+			$success++;
+		}
+		else {
+			$failed++;
+			echo '<br />';
+			error('An error occorred while sending email to <b>' . $email['email'] . '</b>. For Admin: More info can be found in system/logs/mailer-error.log');
+		}
+	}
+
+	success('Mailing finished.');
+	success("$success emails delivered.");
+	warning("$failed emails failed.");
+}
+
+$twig->display('admin.mailer.html.twig', [
+	'mail_to' => $mail_to,
+	'mail_subject' => $mail_subject,
+	'mail_content' => $mail_content
+]);

admin/pages/mass_account.php

@@ -0,0 +1,215 @@
+<?php
+
+/**
+ * Account Admin Tool
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @author    Lee
+ * @copyright 2020 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$title = 'Mass Account Actions';
+
+$hasCoinsColumn = $db->hasColumn('accounts', 'coins');
+$hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
+$freePremium = $config['lua']['freePremium'];
+
+function admin_give_points($points)
+{
+	global $db, $hasPointsColumn;
+
+	if (!$hasPointsColumn) {
+		displayMessage('Points not supported.');
+		return;
+	}
+
+	$statement = $db->prepare('UPDATE `accounts` SET `premium_points` = `premium_points` + :points');
+	if (!$statement) {
+		displayMessage('Failed to prepare query statement.');
+		return;
+	}
+
+	if (!$statement->execute([
+		'points' => $points
+	])) {
+		displayMessage('Failed to add points.');
+		return;
+	}
+	displayMessage($points . ' points added to all accounts.', true);
+}
+
+function admin_give_coins($coins)
+{
+	global $db, $hasCoinsColumn;
+
+	if (!$hasCoinsColumn) {
+		displayMessage('Coins not supported.');
+		return;
+	}
+
+	$statement = $db->prepare('UPDATE `accounts` SET `coins` = `coins` + :coins');
+	if (!$statement) {
+		displayMessage('Failed to prepare query statement.');
+		return;
+	}
+
+	if (!$statement->execute([
+		'coins' => $coins
+	])) {
+		displayMessage('Failed to add coins.');
+		return;
+	}
+
+	displayMessage($coins . ' coins added to all accounts.', true);
+}
+
+function query_add_premium($column, $value_query, $condition_query = '1=1', $params = [])
+{
+	global $db;
+
+	$statement = $db->prepare("UPDATE `accounts` SET `{$column}` = $value_query WHERE $condition_query");
+	if (!$statement) {
+		displayMessage('Failed to prepare query statement.');
+		return false;
+	}
+
+	if (!$statement->execute($params)) {
+		displayMessage('Failed to add premium days.');
+		return false;
+	}
+
+	return true;
+}
+
+function admin_give_premdays($days)
+{
+	global $db, $freePremium;
+
+	if ($freePremium) {
+		displayMessage('Premium days not supported. Free Premium enabled.');
+		return;
+	}
+
+	$value = $days * 86400;
+	$now = time();
+	// othire
+	if ($db->hasColumn('accounts', 'premend')) {
+		// append premend
+		if (query_add_premium('premend', '`premend` + :value', '`premend` > :now', ['value' => $value, 'now' => $now])) {
+			// set premend
+			if (query_add_premium('premend', ':value', '`premend` <= :now', ['value' => $now + $value, 'now' => $now])) {
+				displayMessage($days . ' premium days added to all accounts.', true);
+				return;
+			} else {
+				displayMessage('Failed to execute set query.');
+				return;
+			}
+		} else {
+			displayMessage('Failed to execute append query.');
+			return;
+		}
+
+		return;
+	}
+
+	// tfs 0.x
+	if ($db->hasColumn('accounts', 'premdays')) {
+		// append premdays
+		if (query_add_premium('premdays', '`premdays` + :value', '1=1', ['value' => $days])) {
+			// append lastday
+			if (query_add_premium('lastday', '`lastday` + :value', '`lastday` > :now', ['value' => $value, 'now' => $now])) {
+				// set lastday
+				if (query_add_premium('lastday', ':value', '`lastday` <= :now', ['value' => $now + $value, 'now' => $now])) {
+					displayMessage($days . ' premium days added to all accounts.', true);
+					return;
+				} else {
+					displayMessage('Failed to execute set query.');
+					return;
+				}
+
+				return;
+			} else {
+				displayMessage('Failed to execute append query.');
+				return;
+			}
+		} else {
+			displayMessage('Failed to execute set days query.');
+			return;
+		}
+
+		return;
+	}
+
+	// tfs 1.x
+	if ($db->hasColumn('accounts', 'premium_ends_at')) {
+		// append premium_ends_at
+		if (query_add_premium('premium_ends_at', '`premium_ends_at` + :value', '`premium_ends_at` > :now', ['value' => $value, 'now' => $now])) {
+			// set premium_ends_at
+			if (query_add_premium('premium_ends_at', ':value', '`premium_ends_at` <= :now', ['value' => $now + $value, 'now' => $now])) {
+				displayMessage($days . ' premium days added to all accounts.', true);
+				return;
+			} else {
+				displayMessage('Failed to execute set query.');
+				return;
+			}
+		} else {
+			displayMessage('Failed to execute append query.');
+			return;
+		}
+
+		return;
+	}
+
+	displayMessage('Premium Days not supported.');
+}
+
+if (isset($_POST['action']) && $_POST['action']) {
+
+	$action = $_POST['action'];
+
+	if (preg_match("/[^A-z0-9_\-]/", $action)) {
+		displayMessage('Invalid action.');
+	} else {
+		$value = isset($_POST['value']) ? intval($_POST['value']) : 0;
+
+		if (!$value) {
+			displayMessage('Please fill all inputs');
+		} else {
+			switch ($action) {
+				case 'give-points':
+					admin_give_points($value);
+					break;
+				case 'give-coins':
+					admin_give_coins($value);
+					break;
+				case 'give-premdays':
+					admin_give_premdays($value);
+					break;
+				default:
+					displayMessage('Action ' . $action . 'not found.');
+			}
+		}
+	}
+}
+else {
+	$twig->display('admin.tools.account.html.twig', array(
+		'hasCoinsColumn' => $hasCoinsColumn,
+		'hasPointsColumn' => $hasPointsColumn,
+		'freePremium' => $freePremium,
+	));
+}
+
+function displayMessage($message, $success = false) {
+	global $twig, $hasCoinsColumn, $hasPointsColumn, $freePremium;
+
+	$success ? success($message): error($message);
+
+	$twig->display('admin.tools.account.html.twig', array(
+		'hasCoinsColumn' => $hasCoinsColumn,
+		'hasPointsColumn' => $hasPointsColumn,
+		'freePremium' => $freePremium,
+	));
+}

admin/pages/mass_teleport.php

@@ -0,0 +1,116 @@
+<?php
+/**
+ * Teleport Admin Tool
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @author    Lee
+ * @copyright 2020 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$title = 'Mass Teleport Actions';
+
+function admin_teleport_position($x, $y, $z) {
+	global $db;
+	$statement = $db->prepare('UPDATE `players` SET `posx` = :x, `posy` = :y, `posz` = :z');
+	if (!$statement) {
+		displayMessage('Failed to prepare query statement.');
+		return;
+	}
+
+	if (!$statement->execute([
+		'x' => $x, 'y' => $y, 'z' => $z
+	])) {
+		displayMessage('Failed to execute query.');
+		return;
+	}
+
+	displayMessage('Player\'s position updated.', true);
+}
+
+function admin_teleport_town($town_id) {
+	global $db;
+	$statement = $db->prepare('UPDATE `players` SET `town_id` = :town_id');
+	if (!$statement) {
+		displayMessage('Failed to prepare query statement.');
+		return;
+	}
+
+	if (!$statement->execute([
+		'town_id' => $town_id
+	])) {
+		displayMessage('Failed to execute query.');
+		return;
+	}
+
+	displayMessage('Player\'s town updated.', true);
+}
+
+if (isset($_POST['action']) && $_POST['action'])    {
+
+	$action = $_POST['action'];
+
+	if (preg_match("/[^A-z0-9_\-]/", $action)) {
+		displayMessage('Invalid action.');
+	} else {
+
+		$playersOnline = 0;
+		if($db->hasTable('players_online')) {// tfs 1.0
+			$query = $db->query('SELECT count(*) AS `count` FROM `players_online`');
+		} else {
+			$query = $db->query('SELECT count(*) AS `count` FROM `players` WHERE `players`.`online` > 0');
+		}
+
+		$playersOnline = $query->fetch(PDO::FETCH_ASSOC);
+		if ($playersOnline['count'] > 0) {
+			displayMessage('Please, close the server before execute this action otherwise players will not be affected.');
+			return;
+		}
+
+		$town_id = isset($_POST['town_id']) ? intval($_POST['town_id']) : null;
+		$posx = isset($_POST['posx']) ? intval($_POST['posx']) : null;
+		$posy = isset($_POST['posy']) ? intval($_POST['posy']) : null;
+		$posz = isset($_POST['posz']) ? intval($_POST['posz']) : null;
+		$to_temple = $_POST['to_temple'] ?? null;
+
+		switch ($action) {
+			case 'set-town':
+				if (!$town_id) {
+					displayMessage('Please fill all inputs');
+					return;
+				}
+
+				if (!isset($config['towns'][$town_id])) {
+					displayMessage('Specified town does not exist');
+					return;
+				}
+
+				admin_teleport_town($town_id);
+				break;
+			case 'set-position':
+				if (!$to_temple &&  ($posx < 0 || $posx > 65535 || $posy < 0 || $posy > 65535|| $posz < 0 || $posz > 16)) {
+					displayMessage('Invalid Position');
+					return;
+				}
+
+				admin_teleport_position($posx, $posy, $posz);
+				break;
+			default:
+				displayMessage('Action ' . $action . 'not found.');
+		}
+	}
+
+}
+else {
+	$twig->display('admin.tools.teleport.html.twig', array());
+}
+
+
+function displayMessage($message, $success = false) {
+	global $twig;
+
+	$success ? success($message): error($message);
+	$twig->display('admin.tools.teleport.html.twig', array());
+}

admin/pages/menus.php

@@ -46,7 +46,6 @@ if (isset($_REQUEST['template'])) {
 		if ($cache->enabled()) {
 			$cache->delete('template_menus');
 		}
-
 		success('Saved at ' . date('H:i'));
 	}
 
@@ -57,70 +56,73 @@ if (isset($_REQUEST['template'])) {
 		echo 'Cannot find template config.php file.';
 		return;
 	}
-
 	if (!isset($config['menu_categories'])) {
 		echo "No menu categories set in template config.php.<br/>This template doesn't support dynamic menus.";
 		return;
 	}
 
-	echo 'Hint: You can drag menu items.<br/>
-	Hint: Add links to external sites using: <b>http://</b> or <b>https://</b> prefix.<br/>
-	Not all templates support blank and colorful links.<br/><br/>
-    <div class="row">';
+	$title = 'Menus - ' . $template;
+	?>
+	<div align="center" class="text-center">
+		<p class="note">You are editing: <?= $template ?><br/><br/>
+			Hint: You can drag menu items.<br/>
+			Hint: Add links to external sites using: <b>http://</b> or <b>https://</b> prefix.<br/>
+			Not all templates support blank and colorful links.
+		</p>
+	</div>
+	<?php
 	$menus = array();
 	$menus_db = $db->query('SELECT `name`, `link`, `blank`, `color`, `category`, `ordering` FROM `' . TABLE_PREFIX . 'menu` WHERE `enabled` = 1 AND `template` = ' . $db->quote($template) . ' ORDER BY `ordering` ASC;')->fetchAll();
 	foreach ($menus_db as $menu) {
 		$menus[$menu['category']][] = array('name' => $menu['name'], 'link' => $menu['link'], 'blank' => $menu['blank'], 'color' => $menu['color'], 'ordering' => $menu['ordering']);
 	}
-
 	$last_id = array();
-	echo '<form method="post" id="menus-form" action="?p=menus">';
-	echo '<input type="hidden" name="template" value="' . $template . '"/>';
-	foreach ($config['menu_categories'] as $id => $cat) {
-		echo '        <div class="col-md-12 col-lg-6">
-            <div class="box box-danger">
-                <div class="box-header with-border">
-                    <h3 class="box-title">' . $cat['name'] . ' <img class="add-button" id="add-button-' . $id . '" src="' . BASE_URL . 'images/plus.png" width="16" height="16"/></h3>
-                </div>
-                <div class="box-body">';
-
-
-		echo '<ul class="sortable" id="sortable-' . $id . '">';
-		if (isset($menus[$id])) {
-			$i = 0;
-			foreach ($menus[$id] as $menu) {
-				echo '<li class="ui-state-default" id="list-' . $id . '-' . $i . '"><label>Name:</label><input type="text" name="menu[' . $id . '][]" value="' . escapeHtml($menu['name']) . '"/>
-				<label>Link:</label><input type="text" name="menu_link[' . $id . '][]" value="' . $menu['link'] . '"/>
-				<input type="hidden" name="menu_blank[' . $id . '][]" value="0" />
-				<label><input class="blank-checkbox" type="checkbox" ' . ($menu['blank'] == 1 ? 'checked' : '') . '/><span title="Open in New Window">Open in New Window</span></label>
-				
-				<input class="color-picker" type="text" name="menu_color[' . $id . '][]" value="#' . $menu['color'] . '" />
-				
-				<a class="remove-button" id="remove-button-' . $id . '-' . $i . '"><img src="' . BASE_URL . 'images/del.png"/></a></li>';
-
-				$i++;
-				$last_id[$id] = $i;
-			}
-		}
-
-		echo '</ul>';
-		echo '                </div>
-            </div>
-        </div>
-';
-	}
-	echo ' </div><div class="row"><div class="col-md-6">';
-	echo '<input type="submit" class="btn btn-info" value="Save">';
-	echo '<input type="button" class="btn btn-default pull-right" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus&template=' . $template . '\';">';
-	echo '</div></div>';
-	echo '</form>';
-
+	?>
+	<form method="post" id="menus-form" action="?p=menus">
+		<input type="hidden" name="template" value="<?php echo $template ?>"/>
+		<div class="row">
+			<?php foreach ($config['menu_categories'] as $id => $cat): ?>
+				<div class="col-md-12 col-lg-6">
+					<div class="card card-info card-outline">
+						<div class="card-header">
+							<h5 class="m-0"><?php echo $cat['name'] ?> <i class="far fa-plus-square add-button" id="add-button-<?php echo $id ?>"></i></h5>
+						</div>
+						<div class="card-body">
+							<ul class="sortable" id="sortable-<?php echo $id ?>">
+								<?php
+								if (isset($menus[$id])) {
+									foreach ($menus[$id] as $i => $menu):
+										?>
+										<li class="ui-state-default" id="list-<?php echo $id ?>-<?php echo $i ?>"><label>Name:</label> <input type="text" name="menu[<?php echo $id ?>][]" value="<?php echo escapeHtml($menu['name']); ?>"/>
+											<label>Link:</label> <input type="text" name="menu_link[<?php echo $id ?>][]" value="<?php echo $menu['link'] ?>"/>
+											<input type="hidden" name="menu_blank[<?php echo $id ?>][]" value="0"/>
+											<label><input class="blank-checkbox" type="checkbox" <?php echo($menu['blank'] == 1 ? 'checked' : '') ?>/><span title="Open in New Window">New Window</span></label>
+											<input class="color-picker" type="text" name="menu_color[<?php echo $id ?>][]" value="#<?php echo $menu['color'] ?>"/>
+											<a class="remove-button" id="remove-button-<?php echo $id ?>-<?php echo $i ?>"><i class="fas fa-trash"></a></i></li>
+										<?php $last_id[$id] = $i;
+									endforeach;
+								} ?>
+							</ul>
+						</div>
+					</div>
+				</div>
+			<?php endforeach ?>
+		</div>
+		<div class="row pb-2">
+			<div class="col-md-12">
+				<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> Save</button>
+				<?php
+				echo '<button type="button" class="btn btn-danger float-right" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus\';"><i class="fas fa-cancel"></i> Cancel</button>';
+				?>
+			</div>
+		</div>
+	</form>
+	<?php
 	$twig->display('admin.menus.js.html.twig', array(
 		'menus' => $menus,
 		'last_id' => $last_id
 	));
 	?>
-
 	<?php
 } else {
 	$templates = $db->query('SELECT `template` FROM `' . TABLE_PREFIX . 'menu` GROUP BY `template`;')->fetchAll();

admin/pages/modules/balance.php

@@ -0,0 +1,6 @@
+<?php
+$balance = ($db->hasColumn('players', 'balance') ? $db->query('SELECT `balance`, `id`, `name`,`level` FROM `players` ORDER BY `balance` DESC LIMIT 10;') : 0);
+
+$twig->display('balance.html.twig', array(
+	'balance' => $balance
+));

admin/pages/modules/coins.php

@@ -1,11 +1,6 @@
 <?php
-
-if ($db->hasColumn('accounts', 'coins')) {
-	$coins = $db->query('SELECT `coins`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `coins` DESC LIMIT 10;');
-} else {
-	$coins = 0;
-}
+$coins = ($db->hasColumn('accounts', 'coins') ?  $db->query('SELECT `coins`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `coins` DESC LIMIT 10;') : 0);
 
 $twig->display('coins.html.twig', array(
 	'coins' => $coins
-));
+));

admin/pages/modules/created.php

@@ -0,0 +1,6 @@
+<?php
+$players = ($db->hasColumn('accounts', 'created') ? $db->query('SELECT `created`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `created` DESC LIMIT 10;') : 0);
+
+$twig->display('created.html.twig', array(
+	'players' => $players,
+));

admin/pages/modules/lastlogin.php

@@ -1,11 +1,5 @@
 <?php
-
-if ($db->hasColumn('players', 'lastlogin')) {
-	$players = $db->query('SELECT name, level, lastlogin FROM players ORDER BY lastlogin DESC LIMIT 10;');
-} else {
-	$players = 0;
-}
-
+$players = ($db->hasColumn('players', 'lastlogin') ? $db->query('SELECT name, level, lastlogin FROM players ORDER BY lastlogin DESC LIMIT 10;') : 0);
 $twig->display('lastlogin.html.twig', array(
 	'players' => $players,
-));
+));

admin/pages/modules/points.php

@@ -1,10 +1,6 @@
 <?php
-if ($db->hasColumn('accounts', 'premium_points')) {
-	$points = $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;');
-} else {
-	$points = 0;
-}
+$points = ($db->hasColumn('accounts', 'premium_points') ? $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;') : 0);
 
 $twig->display('points.html.twig', array(
 	'points' => $points,
-));
+));

admin/pages/modules/server_status.php

@@ -0,0 +1,46 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+if (isset($status)) {
+
+	$error_icon = '<i class="fas fa-exclamation-circle text-danger"></i>'; ?>
+	<div class=" col-md-6 col-lg-6">
+		<div class="card card-info card-outline">
+			<div class="card-header border-bottom-0">
+				<span class="font-weight-bold m-0">Server Status</span> <span class="float-right small"><b>Last checked</b>: <?php echo(isset($status['lastCheck']) ? date("l, d.m.Y H:i:s", $status['lastCheck']) : $error_icon); ?></span>
+			</div>
+			<div class="card-body p-0 ">
+				<table class="table">
+					<tbody>
+					<tr>
+						<th width="30%">Server</th>
+						<td><?php echo(isset($status['server']) & isset($status['serverVersion']) ? $status['server'] . ' x ' . $status['serverVersion'] : $error_icon) ?></td>
+
+					</tr>
+					<tr>
+						<th>Client</th>
+						<td><?php echo(isset($status['clientVersion']) ? $status['clientVersion'] : $error_icon) ?></td>
+					</tr>
+					<tr>
+						<th>Map</th>
+						<td>
+							<?php if (isset($status['mapName']) & isset($status['mapAuthor']) & isset($status['mapWidth']) & isset($status['mapHeight'])) {
+								echo $status['mapName'] . ' by <b>' . $status['mapAuthor'] . '</b><br/>' . $status['mapWidth'] . ' x ' . $status['mapHeight'];
+							} else {
+								echo $error_icon;
+							} ?>
+						</td>
+					</tr>
+					<tr>
+						<th>Monsters</th>
+						<td><?php echo (isset($status['monsters']) ? $status['monsters'] : $error_icon); ?></td>
+					</tr>
+					<tr>
+						<th>MOTD:</th>
+						<td><?php echo(isset($status['motd']) ? $status['motd'] : $error_icon); ?></td>
+					</tr>
+					</tbody>
+				</table>
+			</div>
+		</div>
+	</div>
+<?php } ?>

admin/pages/modules/statistics.php

@@ -0,0 +1,12 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+$count = $db->query('SELECT
+  (SELECT COUNT(*) FROM `accounts`) as total_accounts, 
+  (SELECT COUNT(*) FROM `players`) as total_players,
+  (SELECT COUNT(*) FROM `guilds`) as total_guilds,
+  (SELECT COUNT(*) FROM `' . TABLE_PREFIX . 'monsters`) as total_monsters,
+  (SELECT COUNT(*) FROM `houses`) as total_houses;')->fetch();
+
+$twig->display('statistics.html.twig', array(
+	'count' => $count,
+));

admin/pages/modules/templates/balance.html.twig

@@ -0,0 +1,31 @@
+{% if balance is iterable %}
+	<div class=" col-md-6 col-lg-3">
+		<div class="card card-info card-outline">
+			<div class="card-header">
+				<h5 class="m-0">Top 10 - Balance</h5>
+			</div>
+			<div class="card-body p-0">
+				<table class="table table-striped table-condensed">
+					<thead>
+					<tr>
+						<th>#</th>
+						<th>Player</th>
+						<th>Balance</th>
+					</tr>
+					</thead>
+					<tbody>
+					{% set i = 0 %}
+					{% for result in balance %}
+						{% set i = i + 1 %}
+						<tr>
+							<th>{{ i }}</th>
+							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td>{{ result.balance }}</td>
+						</tr>
+					{% endfor %}
+					</tbody>
+				</table>
+			</div>
+		</div>
+	</div>
+{% endif %}

admin/pages/modules/templates/coins.html.twig

@@ -1,23 +1,25 @@
 {% if coins is iterable %}
-	<div class="col-md-3">
-		<div class="box">
-			<div class="box-header">
-				<h3 class="box-title">Top 10 - Most coins</h3>
+	<div class=" col-md-6 col-lg-3">
+		<div class="card card-info card-outline">
+			<div class="card-header">
+				<h5 class="m-0">Top 10 - Most coins</h5>
 			</div>
-			<div class="box-body no-padding">
-				<table class="table table-condensed">
-					<tbody>
+			<div class="card-body p-0">
+				<table class="table table-striped table-condensed">
+					<thead>
 					<tr>
 						<th>#</th>
-						<th>Account {{ account_type }}</th>
+						<th>Account</th>
 						<th>Tibia coins</th>
 					</tr>
+					</thead>
+					<tbody>
 					{% set i = 0 %}
 					{% for result in coins %}
 						{% set i = i + 1 %}
 						<tr>
-							<td>{{ i }}</td>
-							<td>{{ result.name }}</td>
+							<th>{{ i }}</th>
+							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
 							<td>{{ result.coins }}</td>
 						</tr>
 					{% endfor %}
@@ -26,4 +28,4 @@
 			</div>
 		</div>
 	</div>
-{% endif %}
+{% endif %}

admin/pages/modules/templates/created.html.twig

@@ -0,0 +1,31 @@
+{% if players is iterable %}
+	<div class=" col-md-6 col-lg-3">
+		<div class="card card-info card-outline">
+			<div class="card-header">
+				<h5 class="m-0">Last 10 created</h5>
+			</div>
+			<div class="card-body p-0">
+				<table class="table table-striped table-condensed">
+					<thead>
+					<tr>
+						<th>#</th>
+						<th>Account</th>
+						<th>Creation Date</th>
+					</tr>
+					</thead>
+					<tbody>
+					{% set i = 0 %}
+					{% for result in players %}
+						{% set i = i + 1 %}
+						<tr>
+							<th>{{ i }}</th>
+							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td>{{ result.created|date("M d Y, H:i:s") }}</td>
+						</tr>
+					{% endfor %}
+					</tbody>
+				</table>
+			</div>
+		</div>
+	</div>
+{% endif %}

admin/pages/modules/templates/lastlogin.html.twig

@@ -1,23 +1,25 @@
 {% if players is iterable %}
-	<div class="col-md-3">
-		<div class="box">
-			<div class="box-header">
-				<h3 class="box-title">Last 10 Logins</h3>
+	<div class=" col-md-6 col-lg-3">
+		<div class="card card-info card-outline">
+			<div class="card-header">
+				<h5 class="m-0">Last 10 logins</h5>
 			</div>
-			<div class="box-body no-padding">
-				<table class="table table-condensed">
-					<tbody>
+			<div class="card-body p-0">
+				<table class="table table-striped table-condensed">
+					<thead>
 					<tr>
 						<th>#</th>
 						<th>Player</th>
 						<th>Login Date</th>
 					</tr>
+					</thead>
+					<tbody>
 					{% set i = 0 %}
 					{% for result in players %}
 						{% set i = i + 1 %}
 						<tr>
-							<td>{{ i }}</td>
-							<td>{{ result.name }}</td>
+							<th>{{ i }}</th>
+							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
 							<td>{{ result.lastlogin|date("M d Y, H:i:s") }}</td>
 						</tr>
 					{% endfor %}
@@ -26,4 +28,4 @@
 			</div>
 		</div>
 	</div>
-{% endif %}
+{% endif %}

admin/pages/modules/templates/points.html.twig

@@ -1,23 +1,25 @@
 {% if points is iterable %}
-	<div class="col-md-3">
-		<div class="box">
-			<div class="box-header">
-				<h3 class="box-title">Top 10 - Most premium points</h3>
+	<div class=" col-md-6 col-lg-3">
+		<div class="card card-info card-outline">
+			<div class="card-header">
+				<h5 class="m-0">Top 10 - Most premium points</h5>
 			</div>
-			<div class="box-body no-padding">
-				<table class="table table-condensed">
-					<tbody>
+			<div class="card-body p-0">
+				<table class="table table-striped table-condensed">
+					<thead>
 					<tr>
 						<th>#</th>
-						<th>Account {{ account_type }}</th>
+						<th>Account</th>
 						<th>Premium points</th>
 					</tr>
+					</thead>
+					<tbody>
 					{% set i = 0 %}
 					{% for result in points %}
 						{% set i = i + 1 %}
 						<tr>
-							<td>{{ i }}</td>
-							<td>{{ result.name }}</td>
+							<th>{{ i }}</th>
+							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
 							<td>{{ result.premium_points }}</td>
 						</tr>
 					{% endfor %}
@@ -26,4 +28,4 @@
 			</div>
 		</div>
 	</div>
-{% endif %}
+{% endif %}

admin/pages/modules/templates/statistics.html.twig

@@ -0,0 +1,45 @@
+<div class="col">
+	<div class="info-box">
+		<span class="info-box-icon bg-info elevation-1"><i class="fas fa-user-plus"></i></span>
+		<div class="info-box-content">
+			<span class="info-box-text">Accounts:</span>
+			<span class="info-box-number">{{ count.total_accounts }}</span>
+		</div>
+	</div>
+</div>
+<div class="col">
+	<div class="info-box">
+		<span class="info-box-icon bg-red elevation-1"><i class="fas fa-user-plus"></i></span>
+		<div class="info-box-content">
+			<span class="info-box-text">Players:</span>
+			<span class="info-box-number">{{ count.total_players }}</span>
+		</div>
+	</div>
+</div>
+<div class="col">
+	<div class="info-box">
+		<span class="info-box-icon bg-teal elevation-1"><i class="fas fa-pastafarianism"></i></span>
+		<div class="info-box-content">
+			<span class="info-box-text">Monsters:</span>
+			<span class="info-box-number">{{ count.total_monsters }}</span>
+		</div>
+	</div>
+</div>
+<div class="col">
+	<div class="info-box">
+		<span class="info-box-icon bg-green elevation-1"><i class="fas fa-chart-pie"></i></span>
+		<div class="info-box-content">
+			<span class="info-box-text">Guilds:</span>
+			<span class="info-box-number">{{ count.total_guilds }}</span>
+		</div>
+	</div>
+</div>
+<div class="col">
+	<div class="info-box">
+		<span class="info-box-icon bg-yellow elevation-1"><i class="fas fa-home"></i></span>
+		<div class="info-box-content">
+			<span class="info-box-text">Houses:</span>
+			<span class="info-box-number">{{ count.total_houses }}</span>
+		</div>
+	</div>
+</div>

admin/pages/modules/templates/web_status.twig

@@ -0,0 +1,39 @@
+<div class="col-12 col-md-6">
+	<div class="card card-warning card-outline">
+		<form action="?p=dashboard&maintenance" method="post" class="form-horizontal">
+			<div class="card-header">
+				<span class="m-0">Website Status<span class="float-right">
+				<div class="custom-control custom-switch custom-switch-off-danger custom-switch-on-success">
+					<input type="checkbox" class="custom-control-input" name="status" id="status" value="true" {% if not is_closed %} checked{% endif %}>
+					<label id="status-label" class="custom-control-label" for="status"> {% if is_closed %}Closed{% else %}Open{% endif %}</label>
+				</div></span>
+				</span>
+			</div>
+			<div class="card-body p-2">
+				<div class="col-sm-12">
+					<label for="message" class="col-form-label">Maintenance Message</label>
+					<textarea name="message" class="form-control" cols="40" rows="3" maxlength="255" placeholder="Enter ...">{{ closed_message }}</textarea>
+					<small>(only visible if closed)</small>
+				</div>
+			</div>
+			<div class="card-footer">
+				<button type="submit" class="btn btn-info"><i class="far fa-update"></i> Update</button>
+				<a href="?p=dashboard&clear_cache" onclick="return confirm('Are you sure?');" class="float-right">
+					<span class="btn btn-danger"><i class="fas fa-clear"></i>Clear cache</span>
+				</a>
+			</div>
+		</form>
+	</div>
+</div>
+
+<script>
+	$(function() {
+		$("#status").change(function() {
+			$statusLabel = $("#status-label");
+			$statusLabel.html("Closed");
+			if ($(this).is(':checked')) {
+				$statusLabel.html("Open");
+			}
+		});
+	});
+</script>

admin/pages/modules/web_status.php

@@ -0,0 +1,10 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+$twig->display('web_status.twig', array(
+	'is_closed' => $is_closed,
+	'closed_message' => $closed_message,
+	'status' => $status,
+	'account_type' => USE_ACCOUNT_NAME ? 'name' : 'number'
+));
+?>

admin/pages/news.php

@@ -13,6 +13,7 @@ require_once LIBS . 'forum.php';
 require_once LIBS . 'news.php';
 
 $title = 'News Panel';
+$use_datatable = true;
 
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
@@ -22,8 +23,8 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 header('X-XSS-Protection:0');
 
 // some constants, used mainly by database (cannot by modified without schema changes)
-define('TITLE_LIMIT', 100);
-define('BODY_LIMIT', 65535); // maximum news body length
+define('NEWS_TITLE_LIMIT', 100);
+define('NEWS_BODY_LIMIT', 65535); // maximum news body length
 define('ARTICLE_TEXT_LIMIT', 300);
 define('ARTICLE_IMAGE_LIMIT', 100);
 
@@ -42,12 +43,12 @@ if(!empty($action))
 	$forum_section = isset($_REQUEST['forum_section']) ? $_REQUEST['forum_section'] : null;
 	$errors = array();
 
-	if($action == 'add') {
+	if($action == 'new') {
 		if(isset($forum_section) && $forum_section != '-1') {
 			$forum_add = Forum::add_thread($p_title, $body, $forum_section, $player_id, $account_logged->getId(), $errors);
 		}
 
-		if(News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
+		if(isset($p_title) && News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
 			$p_title = $body = $comments = $article_text = $article_image = '';
 			$type = $category = $player_id = 0;
 
@@ -114,21 +115,21 @@ if($action == 'edit' || $action == 'new') {
 	$twig->display('admin.news.form.html.twig', array(
 		'action' => $action,
 		'news_link' => getLink(PAGE),
-		'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'add'),
-		'news_id' => isset($id) ? $id : null,
-		'title' => isset($p_title) ? $p_title : '',
+		'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'new'),
+		'news_id' => $id ?? null,
+		'title' => $p_title ?? '',
 		'body' => isset($body) ? escapeHtml($body) : '',
-		'type' => isset($type) ? $type : null,
+		'type' => $type ?? null,
 		'player' => isset($player) && $player->isLoaded() ? $player : null,
-		'player_id' => isset($player_id) ? $player_id : null,
+		'player_id' => $player_id ?? null,
 		'account_players' => $account_players,
-		'category' => isset($category) ? $category : 0,
+		'category' => $category ?? 0,
 		'categories' => $categories,
 		'forum_boards' => getForumBoards(),
-		'forum_section' => isset($forum_section) ? $forum_section : null,
-		'comments' => isset($comments) ? $comments : null,
-		'article_text' => isset($article_text) ? $article_text : null,
-		'article_image' => isset($article_image) ? $article_image : null
+		'forum_section' => $forum_section ?? null,
+		'comments' => $comments ?? null,
+		'article_text' => $article_text ?? null,
+		'article_image' => $article_image ?? null
 	));
 }
 

admin/pages/open_source.php

@@ -0,0 +1,14 @@
+<?php
+/**
+ * Open Source libraries
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2023 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$title = 'Open Source';
+
+$twig->display('admin.open_source.html.twig');

admin/pages/pages.php

@@ -9,6 +9,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Pages';
+$use_datatable = true;
 
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
@@ -17,13 +18,18 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 
 header('X-XSS-Protection:0');
 
-$name = $p_title = '';
+$name = $p_title = null;
 $groups = new OTS_Groups_List();
 
 $php = false;
 $enable_tinymce = true;
 $access = 0;
 
+// some constants, used mainly by database (cannot by modified without schema changes)
+define('PAGE_TITLE_LIMIT', 30);
+define('PAGE_NAME_LIMIT', 30);
+define('PAGE_BODY_LIMIT', 65535); // maximum page body length
+
 if (!empty($action)) {
 	if ($action == 'delete' || $action == 'edit' || $action == 'hide')
 		$id = $_REQUEST['id'];
@@ -49,12 +55,13 @@ if (!empty($action)) {
 	$errors = array();
 	$player_id = 1;
 
-	if ($action == 'add') {
-		if (Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
+	if ($action == 'new') {
+		if (isset($p_title) && Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
 			$name = $p_title = $body = '';
 			$player_id = $access = 0;
 			$php = false;
 			$enable_tinymce = true;
+			success('Added successful.');
 		}
 	} else if ($action == 'delete') {
 		if (Pages::delete($id, $errors))
@@ -69,15 +76,18 @@ if (!empty($action)) {
 			$enable_tinymce = $_page['enable_tinymce'] == '1';
 			$access = $_page['access'];
 		} else {
-			Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access);
-			$action = $name = $p_title = $body = '';
-			$player_id = 1;
-			$access = 0;
-			$php = false;
-			$enable_tinymce = true;
+			if(Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
+				$action = $name = $p_title = $body = '';
+				$player_id = 1;
+				$access = 0;
+				$php = false;
+				$enable_tinymce = true;
+				success('Updated successful.');
+			}
 		}
 	} else if ($action == 'hide') {
-		Pages::toggleHidden($id, $errors);
+		Pages::toggleHidden($id, $errors, $status);
+		success(($status == 1 ? 'Show' : 'Hide') . ' successful.');
 	}
 
 	if (!empty($errors))
@@ -116,6 +126,48 @@ $twig->display('admin.pages.html.twig', array(
 
 class Pages
 {
+	static public function verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
+	{
+		if(!isset($title[0]) || !isset($body[0])) {
+			$errors[] = 'Please fill all inputs.';
+			return false;
+		}
+		if(strlen($name) > PAGE_NAME_LIMIT) {
+			$errors[] = 'Page name cannot be longer than ' . PAGE_NAME_LIMIT . ' characters.';
+			return false;
+		}
+		if(strlen($title) > PAGE_TITLE_LIMIT) {
+			$errors[] = 'Page title cannot be longer than ' . PAGE_TITLE_LIMIT . ' characters.';
+			return false;
+		}
+		if(strlen($body) > PAGE_BODY_LIMIT) {
+			$errors[] = 'Page content cannot be longer than ' . PAGE_BODY_LIMIT . ' characters.';
+			return false;
+		}
+		if(!isset($player_id) || $player_id == 0) {
+			$errors[] = 'Player ID is wrong.';
+			return false;
+		}
+		if(!isset($php) || ($php != 0 && $php != 1)) {
+			$errors[] = 'Enable PHP is wrong.';
+			return false;
+		}
+		if ($php == 1 && !getBoolean(config('admin_pages_php_enable'))) {
+			$errors[] = 'PHP pages disabled on this server. To enable go to config.php and change admin_pages_php_enable to "yes".';
+			return false;
+		}
+		if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) {
+			$errors[] = 'Enable TinyMCE is wrong.';
+			return false;
+		}
+		if(!isset($access) || $access < 0 || $access > PHP_INT_MAX) {
+			$errors[] = 'Access is wrong.';
+			return false;
+		}
+
+		return true;
+	}
+
 	static public function get($id)
 	{
 		global $db;
@@ -128,31 +180,36 @@ class Pages
 
 	static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
 	{
+		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
+			return false;
+		}
+
 		global $db;
-		if (isset($name[0]) && isset($title[0]) && isset($body[0]) && $player_id != 0) {
-			$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name));
-			if ($query === false)
-				$db->insert(TABLE_PREFIX . 'pages',
-					array(
-						'name' => $name,
-						'title' => $title,
-						'body' => $body,
-						'player_id' => $player_id,
-						'php' => $php ? '1' : '0',
-						'enable_tinymce' => $enable_tinymce ? '1' : '0',
-						'access' => $access
-					)
-				);
-			else
-				$errors[] = 'Page with this link already exists.';
-		} else
-			$errors[] = 'Please fill all inputs.';
+		$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name));
+		if ($query === false)
+			$db->insert(TABLE_PREFIX . 'pages',
+				array(
+					'name' => $name,
+					'title' => $title,
+					'body' => $body,
+					'player_id' => $player_id,
+					'php' => $php ? '1' : '0',
+					'enable_tinymce' => $enable_tinymce ? '1' : '0',
+					'access' => $access
+				)
+			);
+		else
+			$errors[] = 'Page with this link already exists.';
 
 		return !count($errors);
 	}
 
-	static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access)
+	static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
 	{
+		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
+			return false;
+		}
+
 		global $db;
 		$db->update(TABLE_PREFIX . 'pages',
 			array(
@@ -165,6 +222,8 @@ class Pages
 				'access' => $access
 			),
 			array('id' => $id));
+
+		return true;
 	}
 
 	static public function delete($id, &$errors)
@@ -181,18 +240,23 @@ class Pages
 		return !count($errors);
 	}
 
-	static public function toggleHidden($id, &$errors)
+	static public function toggleHidden($id, &$errors, &$status)
 	{
 		global $db;
 		if (isset($id)) {
 			$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
-			if ($query !== false)
+			if ($query !== false) {
 				$db->update(TABLE_PREFIX . 'pages', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
-			else
+				$status = $query['hidden'];
+			}
+			else {
 				$errors[] = 'Page with id ' . $id . ' does not exists.';
+			}
 		} else
 			$errors[] = 'id not set';
 
 		return !count($errors);
 	}
 }
+
+?>

admin/pages/phpinfo.php

@@ -16,4 +16,4 @@ if (!function_exists('phpinfo')) { ?>
 	<?php return;
 }
 ?>
-<iframe src="<?php echo BASE_URL; ?>admin/tools/phpinfo.php" width="1024" height="550"/>
+<iframe src="<?php echo ADMIN_URL; ?>tools/phpinfo.php" width="1024" height="550"></iframe>

admin/pages/plugins.php

@@ -9,99 +9,123 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Plugin manager';
+$use_datatable = true;
 
-$twig->display('admin.plugins.form.html.twig');
+require_once LIBS . 'plugins.php';
 
-if (isset($_REQUEST['uninstall'])) {
-	$uninstall = $_REQUEST['uninstall'];
+if (!getBoolean(config('admin_plugins_manage_enable'))) {
+	warning('Plugin installation and management is disabled in config.<br/>If you wish to enable, go to config.php and change <b>admin_plugins_manage_enable</b> to "yes".');
+}
+else {
+	$twig->display('admin.plugins.form.html.twig');
 
-	if (Plugins::uninstall($uninstall)) {
-		success('Successfully uninstalled plugin ' . $uninstall);
-	} else {
-		error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
-	}
-} else if (isset($_FILES["plugin"]["name"])) {
-	$file = $_FILES["plugin"];
-	$filename = $file["name"];
-	$tmp_name = $file["tmp_name"];
-	$type = $file["type"];
+	if (isset($_REQUEST['uninstall'])) {
+		$uninstall = $_REQUEST['uninstall'];
 
-	$name = explode(".", $filename);
-	$accepted_types = array('application/zip', 'application/x-zip-compressed', 'multipart/x-zip', 'application/x-compressed', 'application/octet-stream', 'application/zip-compressed');
-
-	if (isset($file['error'])) {
-		$error = 'Error uploading file';
-		switch ($file['error']) {
-			case UPLOAD_ERR_OK:
-				$error = false;
-				break;
-			case UPLOAD_ERR_INI_SIZE:
-			case UPLOAD_ERR_FORM_SIZE:
-				$error .= ' - file too large (limit of ' . ini_get('upload_max_filesize') . ' bytes). You can enlarge the limits by changing "upload_max_filesize" in php.ini';
-				break;
-			case UPLOAD_ERR_PARTIAL:
-				$error .= ' - file upload was not completed.';
-				break;
-			case UPLOAD_ERR_NO_FILE:
-				$error .= ' - zero-length file uploaded.';
-				break;
-			default:
-				$error .= ' - internal error #' . $file['error'];
-				break;
+		if (Plugins::uninstall($uninstall)) {
+			success('Successfully uninstalled plugin ' . $uninstall);
+		} else {
+			error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
 		}
-	}
+	} else if (isset($_REQUEST['enable'])) {
+		$enable = $_REQUEST['enable'];
+		if (Plugins::enable($enable)) {
+			success('Successfully enabled plugin ' . $enable);
+		} else {
+			error('Error while enabling plugin ' . $enable . ': ' . Plugins::getError());
+		}
+	} else if (isset($_REQUEST['disable'])) {
+		$disable = $_REQUEST['disable'];
+		if (Plugins::disable($disable)) {
+			success('Successfully disabled plugin ' . $disable);
+		} else {
+			error('Error while disabling plugin ' . $disable . ': ' . Plugins::getError());
+		}
+	} else if (isset($_FILES['plugin']['name'])) {
+		$file = $_FILES['plugin'];
+		$filename = $file['name'];
+		$tmp_name = $file['tmp_name'];
+		$type = $file['type'];
 
-	if (isset($error) && $error != false) {
-		error($error);
-	} else {
-		if (is_uploaded_file($file['tmp_name'])) {
-			$filetype = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
-			if ($filetype == 'zip') // check if it is zipped/compressed file
-			{
-				$tmp_filename = pathinfo($filename, PATHINFO_FILENAME);
-				$targetzip = BASE . 'plugins/' . $tmp_filename . '.zip';
+		$name = explode('.', $filename);
+		$accepted_types = array('application/zip', 'application/x-zip-compressed', 'multipart/x-zip', 'application/x-compressed', 'application/octet-stream', 'application/zip-compressed');
 
-				if (move_uploaded_file($tmp_name, $targetzip)) { // move uploaded file
-					if (Plugins::install($targetzip)) {
-						foreach (Plugins::getWarnings() as $warning) {
-							warning($warning);
+		if (isset($file['error'])) {
+			$error = 'Error uploading file';
+			switch ($file['error']) {
+				case UPLOAD_ERR_OK:
+					$error = false;
+					break;
+				case UPLOAD_ERR_INI_SIZE:
+				case UPLOAD_ERR_FORM_SIZE:
+					$error .= ' - file too large (limit of ' . ini_get('upload_max_filesize') . ' bytes). You can enlarge the limits by changing "upload_max_filesize" in php.ini';
+					break;
+				case UPLOAD_ERR_PARTIAL:
+					$error .= ' - file upload was not completed.';
+					break;
+				case UPLOAD_ERR_NO_FILE:
+					$error .= ' - zero-length file uploaded.';
+					break;
+				default:
+					$error .= ' - internal error #' . $file['error'];
+					break;
+			}
+		}
+
+		if (isset($error) && $error != false) {
+			error($error);
+		} else {
+			if (is_uploaded_file($file['tmp_name'])) {
+				$filetype = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
+				if ($filetype == 'zip') // check if it is zipped/compressed file
+				{
+					$tmp_filename = pathinfo($filename, PATHINFO_FILENAME);
+					$targetzip = BASE . 'plugins/' . $tmp_filename . '.zip';
+
+					if (move_uploaded_file($tmp_name, $targetzip)) { // move uploaded file
+						if (Plugins::install($targetzip)) {
+							foreach (Plugins::getWarnings() as $warning) {
+								warning($warning);
+							}
+
+							$info = Plugins::getPluginJson();
+							success((isset($info['name']) ? '<strong>' . $info['name'] . '</strong> p' : 'P') . 'lugin has been successfully installed.');
+						} else {
+							$error = Plugins::getError();
+							error(!empty($error) ? $error : 'Unexpected error happened while installing plugin. Please try again later.');
 						}
 
-						$info = Plugins::getPluginJson();
-						success((isset($info['name']) ? '<strong>' . $info['name'] . '</strong> p' : 'P') . 'lugin has been successfully installed.');
-					} else {
-						$error = Plugins::getError();
-						error(!empty($error) ? $error : 'Unexpected error happened while installing plugin. Please try again later.');
-					}
-
-					unlink($targetzip); // delete the Zipped file
-				} else
-					error('There was a problem with the upload. Please try again.');
+						unlink($targetzip); // delete the Zipped file
+					} else
+						error('There was a problem with the upload. Please try again.');
+				} else {
+					error('The file you are trying to upload is not a .zip file. Please try again.');
+				}
 			} else {
-				error('The file you are trying to upload is not a .zip file. Please try again.');
+				error('Error uploading file - unknown error.');
 			}
-		} else {
-			error('Error uploading file - unknown error.');
 		}
 	}
 }
 
 $plugins = array();
-foreach (get_plugins() as $plugin) {
+foreach (get_plugins(true) as $plugin) {
 	$string = file_get_contents(BASE . 'plugins/' . $plugin . '.json');
-	$string = Plugins::removeComments($string);
 	$plugin_info = json_decode($string, true);
 
-	if ($plugin_info == false) {
+	if (!$plugin_info) {
 		warning('Cannot load plugin info ' . $plugin . '.json');
 	} else {
+		$disabled = (strpos($plugin, 'disabled.') !== false);
+		$pluginOriginal = ($disabled ? str_replace('disabled.', '', $plugin) : $plugin);
 		$plugins[] = array(
-			'name' => isset($plugin_info['name']) ? $plugin_info['name'] : '',
-			'description' => isset($plugin_info['description']) ? $plugin_info['description'] : '',
-			'version' => isset($plugin_info['version']) ? $plugin_info['version'] : '',
-			'author' => isset($plugin_info['author']) ? $plugin_info['author'] : '',
-			'contact' => isset($plugin_info['contact']) ? $plugin_info['contact'] : '',
-			'file' => $plugin,
+			'name' => $plugin_info['name'] ?? '',
+			'description' => $plugin_info['description'] ?? '',
+			'version' => $plugin_info['version'] ?? '',
+			'author' => $plugin_info['author'] ?? '',
+			'contact' => $plugin_info['contact'] ?? '',
+			'file' => $pluginOriginal,
+			'enabled' => !$disabled,
 			'uninstall' => isset($plugin_info['uninstall'])
 		);
 	}

admin/pages/reports.php

@@ -4,35 +4,36 @@
  *
  * @package   MyAAC
  * @author    Lee
- * @copyright 2019 MyAAC
+ * @copyright 2020 MyAAC
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Report Viewer';
+$use_datatable = true;
 
 $files = array();
 $server_path_reports = $config['data_path'] . 'reports/';
 
 if (file_exists($server_path_reports)) {
-    foreach (scandir($server_path_reports, SCANDIR_SORT_ASCENDING) as $f) {
-        if ($f[0] === '.') {
-	        continue;
-        }
+	foreach (scandir($server_path_reports, SCANDIR_SORT_ASCENDING) as $f) {
+		if ($f[0] === '.') {
+			continue;
+		}
 
-        if (is_dir($server_path_reports . $f)) {
-            foreach (scandir($server_path_reports . $f, SCANDIR_SORT_ASCENDING) as $f2) {
-                if ($f2[0] === '.') {
-	                continue;
-                }
+		if (is_dir($server_path_reports . $f)) {
+			foreach (scandir($server_path_reports . $f, SCANDIR_SORT_ASCENDING) as $f2) {
+				if ($f2[0] === '.') {
+					continue;
+				}
 
-                $files[] = array($f . '/' . $f2, $server_path_reports);
-            }
+				$files[] = array($f . '/' . $f2, $server_path_reports);
+			}
 
-            continue;
-        }
+			continue;
+		}
 
-        $files[] = array($f, $server_path_reports);
-    }
+		$files[] = array($f, $server_path_reports);
+	}
 }
 
 foreach ($files as &$f) {
@@ -42,20 +43,19 @@ foreach ($files as &$f) {
 
 unset($f);
 
-$twig->display('admin.reports.html.twig', array('files' => $files));
-
-
 $file = isset($_GET['file']) ? $_GET['file'] : NULL;
 if (!empty($file)) {
 	if (!preg_match('/[^A-z0-9\' _\/\-\.]/', $file)) {
 		if (file_exists($server_path_reports . $file)) {
-			$content = nl2br(file_get_contents($server_path_reports . $file));
+			$file_content = nl2br(file_get_contents($server_path_reports . $file));
 
-			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $content));
+			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $file_content));
 		} else {
 			echo 'Specified file does not exist.';
 		}
 	} else {
 		echo 'Invalid file name specified.';
 	}
-}
+}
+
+$twig->display('admin.reports.html.twig', array('files' => $files));

admin/pages/statistics.php

@@ -36,3 +36,4 @@ $twig->display('admin.statistics.html.twig', array(
 	'account_type' => (USE_ACCOUNT_NAME ? 'name' : 'number'),
 	'points' => $points
 ));
+?>

admin/pages/tools.php

@@ -10,18 +10,24 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Tools';
 
-$tool = $_GET['tool'];
-if (!isset($tool)) {
+if (!isset($_GET['tool'])) {
 	echo 'Tool not set.';
 	return;
 }
 
+$tool = $_GET['tool'];
 if (preg_match("/[^A-z0-9_\-]/", $tool)) {
 	echo 'Invalid tool.';
 	return;
 }
 
-$file = BASE . 'admin/pages/tools/' . $tool . '.php';
-if (!@file_exists($file))
+$file = ADMIN . 'tools/' . $tool . '.php';
+
+if (@file_exists($file)) {
 	require $file;
+	return;
+}
+
+echo 'Tool <strong>' . $tool . '</strong> not found.';
+
 ?>

admin/pages/version.php

@@ -24,10 +24,10 @@ if (!$myaac_version) {
 $version_compare = version_compare($myaac_version, MYAAC_VERSION);
 if ($version_compare == 0) {
 	success('MyAAC latest version is ' . $myaac_version . '. You\'re using the latest version.
-	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=changelog', 'here'));
+	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=clmd', 'here'));
 } else if ($version_compare < 0) {
 	success('Woah, seems you\'re using newer version as latest released one! MyAAC latest released version is ' . $myaac_version . ', and you\'re using version ' . MYAAC_VERSION . '.
-	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=changelog', 'here'));
+	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=clmd', 'here'));
 } else {
 	warning('You\'re using outdated version.<br/>
 		Your version: <b>' . MYAAC_VERSION . '</b><br/>
@@ -47,3 +47,4 @@ function version_revert($version)
 	$release = $version;
 	return $major . '.' . $minor . '.' . $release;
 }*/
+?>

admin/pages/visitors.php

@@ -8,7 +8,13 @@
  * @link      https://my-aac.org
  */
 defined('MYAAC') or die('Direct access not allowed!');
+
+use DeviceDetector\DeviceDetector;
+use DeviceDetector\Parser\Client\Browser;
+use DeviceDetector\Parser\OperatingSystem;
+
 $title = 'Visitors';
+$use_datatable = true;
 
 if (!$config['visitors_counter']): ?>
 	Visitors counter is disabled.<br/>
@@ -29,6 +35,31 @@ function compare($a, $b)
 $tmp = $visitors->getVisitors();
 usort($tmp, 'compare');
 
+foreach ($tmp as &$visitor) {
+	$userAgent = $visitor['user_agent'] ?? '';
+	if (!strlen($userAgent) || $userAgent == 'unknown') {
+		$browser = 'Unknown';
+	}
+	else {
+		$dd = new DeviceDetector($userAgent);
+		$dd->parse();
+
+		if ($dd->isBot()) {
+			$bot = $dd->getBot();
+			$message = '(Bot) %s, <a href="%s" target="_blank">%s</a>';
+			$browser = sprintf($message, $bot['category'], $bot['url'], $bot['name']);
+		}
+		else {
+			$osFamily = OperatingSystem::getOsFamily($dd->getOs('name'));
+			$browserFamily = Browser::getBrowserFamily($dd->getClient('name'));
+
+			$browser = $osFamily . ', ' . $browserFamily;
+		}
+	}
+
+	$visitor['browser'] = $browser;
+}
+
 $twig->display('admin.visitors.html.twig', array(
 	'config_visitors_counter_ttl' => $config['visitors_counter_ttl'],
 	'visitors' => $tmp

admin/template/menus.php

@@ -0,0 +1,66 @@
+<?php
+
+$menus = [
+	['name' => 'Dashboard', 'icon' => 'tachometer-alt', 'order' => 10, 'link' => 'dashboard'],
+	['name' => 'News', 'icon' => 'newspaper', 'order' => 20, 'link' =>
+		[
+			['name' => 'View', 'link' => 'news', 'icon' => 'list', 'order' => 10],
+			['name' => 'Add news', 'link' => 'news&action=new&type=1', 'icon' => 'plus', 'order' => 20],
+			['name' => 'Add ticker', 'link' => 'news&action=new&type=2', 'icon' => 'plus', 'order' => 30],
+			['name' => 'Add article', 'link' => 'news&action=new&type=3', 'icon' => 'plus', 'order' => 40],
+		],
+	],
+	['name' => 'Changelogs', 'icon' => 'newspaper', 'order' => 30, 'link' =>
+		[
+			['name' => 'View', 'link' => 'changelog', 'icon' => 'list', 'order' => 10],
+			['name' => 'Add', 'link' => 'changelog&action=new', 'icon' => 'plus', 'order' => 20],
+		],
+	],
+	['name' => 'Mailer', 'icon' => 'envelope', 'order' => 40, 'link' => 'mailer', 'disabled' => !config('mail_enabled')],
+	['name' => 'Pages', 'icon' => 'book', 'order' => 50, 'link' =>
+		[
+			['name' => 'View', 'link' => 'pages', 'icon' => 'list', 'order' => 10],
+			['name' => 'Add', 'link' => 'pages&action=new', 'icon' => 'plus', 'order' => 20],
+		],
+	],
+	['name' => 'Menus', 'icon' => 'list', 'order' => 60, 'link' => 'menus'],
+	['name' => 'Plugins', 'icon' => 'plug', 'order' => 70, 'link' => 'plugins'],
+	['name' => 'Server Data', 'icon' => 'gavel', 'order' => 80, 'link' => 'data'],
+	['name' => 'Editor', 'icon' => 'edit', 'order' => 90, 'link' =>
+		[
+			['name' => 'Accounts', 'link' => 'accounts', 'icon' => 'users', 'order' => 10],
+			['name' => 'Players', 'link' => 'players', 'icon' => 'user-astronaut', 'order' => 20],
+		],
+	],
+	['name' => 'Tools', 'icon' => 'tools', 'order' => 100, 'link' =>
+		[
+			['name' => 'Mass Account Actions', 'link' => 'mass_account', 'icon' => 'globe', 'order' => 10],
+			['name' => 'Mass Teleport Actions', 'link' => 'mass_teleport', 'icon' => 'globe', 'order' => 20],
+			['name' => 'Notepad', 'link' => 'notepad', 'icon' => 'marker', 'order' => 30],
+			['name' => 'phpinfo', 'link' => 'phpinfo', 'icon' => 'server', 'order' => 40],
+		],
+	],
+	['name' => 'Logs', 'icon' => 'bug', 'order' => 110, 'link' =>
+		[
+			['name' => 'Logs', 'link' => 'logs', 'icon' => 'book', 'order' => 10],
+			['name' => 'Reports', 'link' => 'reports', 'icon' => 'book', 'order' => 20],
+			['name' => 'Visitors', 'link' => 'visitors', 'icon' => 'user', 'order' => 30],
+		],
+	],
+];
+
+$hooks->trigger(HOOK_ADMIN_MENU);
+
+usort($menus, function ($a, $b) {
+	return $a['order'] - $b['order'];
+});
+
+foreach ($menus as $i => $menu) {
+	if (isset($menu['link']) && is_array($menu['link'])) {
+		usort($menus[$i]['link'], function ($a, $b) {
+			return $a['order'] - $b['order'];
+		});
+	}
+}
+
+return $menus;

admin/template/style.css

@@ -1,44 +1,10 @@
-.slidecontainer {
-	width: 100%;
+.menu-text-li {color: #4b646f; background: #1a2226;}
+.menu-text {
+	display: block;
+	padding: .5rem 1rem;
+	white-space: nowrap;
 }
 
-.slider {
-	-webkit-appearance: none;
-	width: 100%;
-
-	outline: none;
-	opacity: 0.7;
-	-webkit-transition: .2s;
-	transition: opacity .2s;
-}
-
-.slider:hover {
-	opacity: 1;
-}
-
-.slider::-webkit-slider-thumb {
-	-webkit-appearance: none;
-	appearance: none;
-	width: 15px;
-	height: 25px;
-	background: #3c8dbc;
-	cursor: pointer;
-}
-
-.slider::-moz-range-thumb {
-	width: 25px;
-	height: 25px;
-	background: #3c8dbc;
-	cursor: pointer;
-}
-
-td.details-control {
-	text-align: center;
-	color: forestgreen;
-	cursor: pointer;
-}
-
-tr.shown td.details-control {
-	text-align: center;
-	color: red;
+.sidebar-mini.sidebar-collapse .menu-text {
+	display: none;
 }

admin/template/template.php

@@ -1,229 +1,203 @@
 <?php defined('MYAAC') or die('Direct access not allowed!'); ?>
-<!DOCTYPE html>
-<html>
+<!doctype html>
+<html lang="en">
 <head>
-	<?php echo template_header(true);
-	$title_full =  (isset($title) ? $title . $config['title_separator'] : '') . $config['lua']['serverName'];
-	?>
-
-	<title><?php echo $title_full ?></title>
-	<link rel="shortcut icon" href="<?php echo BASE_URL; ?>images/favicon.ico" type="image/x-icon" />
-	<link rel="icon" href="<?php echo BASE_URL; ?>images/favicon.ico" type="image/x-icon" />
-	<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
-
-	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/bootstrap.min.css">
-	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/AdminLTE.min.css">
-	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/skins/skin-blue.min.css">
+	<?php $hooks->trigger(HOOK_ADMIN_HEAD_START); ?>
+	<?php echo template_header(true); ?>
+	<title><?php echo (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];?></title>
+	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/adminlte.min.css">
 	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/font-awesome.min.css">
-	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/ionicons.min.css">
-	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/jquery.dataTables.min.css">
+	<?php if (isset($use_datatable)) { ?>
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/datatables.bs.min.css">
+	<?php } ?>
 	<link rel="stylesheet" type="text/css" href="<?php echo $template_path; ?>style.css"/>
 	<!--[if lt IE 9]>
-	<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
-	<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
+	<script src="<?php echo BASE_URL; ?>tools/js/html5shiv.min.js"></script>
+	<script src="<?php echo BASE_URL; ?>tools/js/respond.min.js"></script>
 	<![endif]-->
-	<link rel="stylesheet"
-		  href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
+	<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
+	<?php $hooks->trigger(HOOK_ADMIN_HEAD_END); ?>
 </head>
-<body class="hold-transition skin-blue sidebar-mini">
-<div class="wrapper">
-	<?php
-	if ($logged && admin()) {
-	?>
-	<header class="main-header">
-		<a href="." class="logo">
-			<span class="logo-mini"><b>M</b>A</span>
-			<span class="logo-lg"><b>My</b>AAC</span>
-		</a>
-
-		<nav class="navbar navbar-static-top" role="navigation">
-			<a href="#" class="sidebar-toggle" data-toggle="push-menu" role="button">
-				<span class="sr-only">Toggle navigation</span>
-			</a>
-			<div class="navbar-custom-menu">
-				<ul class="nav navbar-nav">
-					<li>
-						<a href="#" data-toggle="control-sidebar"><i class="fa fa-gears"></i></a>
-					</li>
-				</ul>
-			</div>
+<body class="sidebar-mini ">
+<?php $hooks->trigger(HOOK_ADMIN_BODY_START); ?>
+<?php if ($logged && admin()) { ?>
+	<div class="wrapper">
+		<nav class="main-header navbar navbar-expand navbar-white navbar-light">
+			<ul class="navbar-nav">
+				<li class="nav-item">
+					<a class="nav-link" data-widget="pushmenu" href="#"><i class="fas fa-bars"></i></a>
+				</li>
+				<li class="nav-item d-none d-sm-inline-block">
+					<a href="<?php echo ADMIN_URL; ?>" class="nav-link">Home</a>
+				</li>
+			</ul>
+			<ul class="navbar-nav ml-auto">
+				<li class="nav-item">
+					<a class="nav-link" data-widget="control-sidebar" data-slide="true" href="#"><i class="fas fa-th-large"></i></a>
+				</li>
+			</ul>
 		</nav>
-	</header>
-	<aside class="main-sidebar">
-		<section class="sidebar">
-			<ul class="sidebar-menu" data-widget="tree">
-				<li class="header">MyAAC</li>
+		<aside class="main-sidebar sidebar-dark-info elevation-4">
+			<a href="<?php echo ADMIN_URL; ?>" class="brand-link navbar-info">
+				<img src="<?php echo ADMIN_URL; ?>images/logo.png" class="brand-image img-circle elevation-3" style="opacity: .8">
+				<span class="brand-text"><b>My</b>AAC</span>
+			</a>
+			<div class="sidebar">
+				<nav class="mt-1">
+					<ul class="nav nav-pills nav-sidebar flex-column nav-legacy nav-child-indent" data-widget="treeview" data-accordion="false">
+						<li class="menu-text-li">
+							<span class="menu-text">
+								<a class="text-info" href="<?php echo BASE_URL; ?>" target="_blank">
+									<?php echo $config['lua']['serverName'] ?>
+								</a>
+							</span>
+						</li>
+						<?php
+						// name = Display name of link
+						// icon = fontawesome icon name without "fas fa-"
+						// link = Page link or use as array for sub items
+						$menus = require __DIR__ . '/menus.php';
 
-				<?php
-				$icons_a = array(
-                    'dashboard','newspaper-o', 'envelope',
-                    'book', 'list',
-                    'plug', 'user',
-                    'edit', 'gavel',
-                    'wrench', 'edit', 'book', 'book',
-                );
-
-				$menus = array(
-					'Dashboard' => 'dashboard',
-					'News' => 'news',
-					'Mailer' => 'mailer',
-					'Pages' => 'pages',
-					'Menus' => 'menus',
-					'Plugins' => 'plugins',
-					'Visitors' => 'visitors',
-					'Editor' => array(
-						'Accounts' => 'accounts',
-						'Players' => 'players',
-					),
-					'Items' => 'items',
-					'Tools' => array(
-						'Notepad' => 'notepad',
-						'phpinfo' => 'phpinfo',
-					),
-					'Logs' => array(
-						'Logs' => 'logs',
-						'Reports' => 'reports',
-					),
-				);
-
-				$i = 0;
-				foreach ($menus as $_name => $_page) {
-					$has_child = is_array($_page);
-					if (!$has_child) {
-						echo '<li ';
-						if ($page == $_page) echo ' class="active"';
-						echo ">";
-						echo '<a href="?p=' . $_page . '"><i class="fa fa-' . (isset($icons_a[$i]) ? $icons_a[$i] : 'link') . '"></i> <span>' . $_name . '</span></a></li>';
-					}
-
-					if ($has_child) {
-						$used_menu = "";
-						$nav_construct = '';
-						foreach ($_page as $__name => $__page) {
-							$nav_construct = $nav_construct . '<li';
-
-							if ($page == $__page) {
-								$nav_construct = $nav_construct . ' class="active"';
-								$used_menu = true;
+						foreach ($menus as $category => $menu) {
+							if (isset($menu['disabled']) && $menu['disabled']) {
+								continue;
+							}
+
+							$has_child = is_array($menu['link']);
+							if (!$has_child) { ?>
+								<li class="nav-item">
+									<a class="nav-link<?php echo(strpos($menu['link'], $page) !== false ? ' active' : '') ?>" href="?p=<?php echo $menu['link'] ?>">
+										<i class="nav-icon fas fa-<?php echo(isset($menu['icon']) ? $menu['icon'] : 'link') ?>"></i>
+										<p><?php echo $menu['name'] ?></p>
+									</a>
+								</li>
+								<?php
+							} else if ($has_child) {
+								$used_menu = null;
+								$nav_construct = '';
+								foreach ($menu['link'] as $category => $sub_menu) {
+									$nav_construct .= '<li class="nav-item"><a href="?p=' . $sub_menu['link'] . '" class="nav-link';
+									if ($page == $sub_menu['link']) {
+										$nav_construct .= ' active';
+										$used_menu = true;
+									}
+									$nav_construct .= '"><i class="fas fa-' . ($sub_menu['icon'] ?? 'circle') . ' nav-icon"></i><p>' . $sub_menu['name'] . '</p></a></li>';
+								}
+								?>
+								<li class="nav-item has-treeview<?php echo($used_menu ? ' menu-open' : '') ?>">
+									<a href="#" class="nav-link<?php echo($used_menu ? ' active' : '') ?>">
+										<i class="nav-icon fas fa-<?php echo($menu['icon'] ?? 'link') ?>"></i>
+										<p><?php echo $menu['name'] ?></p><i class="right fas fa-angle-left"></i>
+									</a>
+									<ul class="nav nav-treeview">
+										<?php echo $nav_construct; ?>
+									</ul>
+								</li>
+								<?php
 							}
-							$nav_construct = $nav_construct . '><a href="?p=' . $__page . '"><i class="fa fa-circle-o"></i> ' . $__name . '</a></li>';
 						}
 
-						echo '<li class="treeview' . (($used_menu) ? ' menu-open' : '') . '">
-                                      <a href="#"><i class="fa fa-' . (isset($icons_a[$i]) ? $icons_a[$i] : 'link') . '"></i> <span>' . $_name . '</span>
-						              <span class="pull-right-container"><i class="fa fa-angle-left pull-right"></i></span></a>
-						              <ul class="treeview-menu" style="' . (($used_menu) ? '  display: block' : ' display: none') . '">';
-						echo $nav_construct;
-						echo '</ul>
-                                </li>';
-					}
-					$i++;
-				}
+						$query = $db->query('SELECT `name`, `page`, `flags` FROM `' . TABLE_PREFIX . 'admin_menu` ORDER BY `ordering`');
+						$menu_db = $query->fetchAll();
+						foreach ($menu_db as $item) {
+							if ($item['flags'] == 0 || hasFlag($item['flags'])) { ?>
+								<li class="nav-item">
+									<a class="nav-link<?php echo($page == $item['page'] ? ' active' : '') ?>" href="?p=<?php echo $item['page'] ?>">
+										<i class="nav-icon fas fa-link"></i>
+										<p><?php echo $item['name'] ?></p>
+									</a>
+								</li>
+								<?php
+							}
+						}
+						?>
+					</ul>
+				</nav>
+			</div>
+		</aside>
 
-				$query = $db->query('SELECT `name`, `page`, `flags` FROM `' . TABLE_PREFIX . 'admin_menu` ORDER BY `ordering`');
-				$menu_db = $query->fetchAll();
-				foreach ($menu_db as $item) {
-					if ($item['flags'] == 0 || hasFlag($item['flags'])) {
-						echo '<li ';
-						if ($page == $item['page']) echo ' class="active"';
-						echo ">";
-						echo '<a href="?p=' . $item['page'] . '"><i class="fa fa-link"></i> <span>' . $item['name'] . '</span></a></li>';
-					}
-				}
-				?>
-			</ul>
-		</section>
-	</aside>
-
-	<div class="content-wrapper">
-		<section class="content-header">
-			<h1><?php echo(isset($title) ? $title : ''); ?>
-				<small> - Admin Panel</small>
-				<div class="pull-right">
-					<span class="label label-<?php echo(($status['online']) ? 'success' : 'danger'); ?>"><?php echo $config['lua']['serverName'] ?></span>
+		<div class="content-wrapper" style="min-height: 823px;">
+			<div class="content-header">
+				<div class="container-fluid">
+					<div class="row mb-2">
+						<div class="col-sm-6">
+							<h3 class="m-0 text-dark"><?php echo(isset($title) ? $title : ''); ?><small> - Admin Panel</small></h3>
+						</div>
+						<div class="col-sm-6">
+							<div class="float-sm-right d-none d-sm-inline">
+								<span class="p-2 right badge badge-<?php echo((isset($status['online']) and $status['online']) ? 'success' : 'danger'); ?>"><?php echo $config['lua']['serverName'] ?></span>
+							</div>
+						</div>
+					</div>
 				</div>
-			</h1>
-		</section>
-		<section class="content">
-			<?php echo $content; ?>
-		</section>
+			</div>
+			<div class="content">
+				<div class="container-fluid">
+					<?php echo $content; ?>
+				</div>
+			</div>
+		</div>
 
+		<aside class="control-sidebar control-sidebar-dark">
+			<div class="p-3">
+				<h4>Account:</h4>
+				<p><h5><a href="?action=logout"><i class="fas fa-sign-out-alt text-danger"></i> Log out</h5></a>
+				<small>This will log you out</small></p>
+			</div>
+			<div class="p-3">
+				<h4>Site:</h4>
+				<p><h5><a href="<?php echo BASE_URL; ?>" target="_blank"><i class="far fa-eye text-blue"></i> Preview</a></h5>
+				<small>This will open a new tab</small></p>
+			</div>
+			<div class="p-3">
+				<h4>Version:</h4>
+				<p><h5><a href="?p=version"><i class="fas fa-code-branch"></i> <?php echo MYAAC_VERSION; ?></a></h5>
+				<small>Check for updates</small></p>
+			</div>
+			<div class="p-3">
+				<h4>Site:</h4>
+				<p><h5><a href="https://github.com/slawkens/myaac" target="_blank"><i class="fab fa-github"></i> Github</a></h5>
+				<small>Goto GitHub Page</small></p>
+
+				<p><h5><a href="http://my-aac.org/" target="_blank"><i class="fas fa-shoe-prints"></i> MyAAC Official</a></h5>
+				<small>Goto MyAAC Official Website</small></p>
+
+				<p><h5><a href="?p=open_source"><i class="fas fa-wrench"></i> Open Source</a></h5>
+				<small>View Open Source Software MyAAC is using</small></p>
+			</div>
+		</aside>
+
+		<footer class="main-footer">
+			<div class="float-sm-right d-none d-sm-inline">
+				<span class="p-2 right badge badge-<?php echo((isset($status['online']) and $status['online']) ? 'success' : 'danger'); ?>"><?php echo $config['lua']['serverName'] ?></span>
+			</div>
+			<?php echo base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4='); ?>
+		</footer>
+		<div id="sidebar-overlay"></div>
 	</div>
 
-	<footer class="main-footer">
-
-		<div class="pull-right hidden-xs">
-			<div id="status">
-				<?php if ($status['online']): ?>
-					<p class="success" style="width: 120px; text-align: center;">Server Online</p>
-				<?php else: ?>
-					<p class="error" style="width: 120px; text-align: center;">Server Offline</p>
-				<?php endif; ?>
-			</div>
-		</div>
-		<?php echo base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4='); ?>
-	</footer>
-
-	<aside class="control-sidebar control-sidebar-dark">
-		<ul class="nav nav-tabs nav-justified control-sidebar-tabs">
-			<li class="active"><a href="#control-sidebar-home-tab" data-toggle="tab"><i class="fa fa-home"></i></a></li>
-			<li><a href="#control-sidebar-settings-tab" data-toggle="tab"><i class="fa fa-gears"></i></a></li>
-		</ul>
-		<div class="tab-content">
-			<div class="tab-pane active" id="control-sidebar-home-tab">
-				<h3 class="control-sidebar-heading">Account</h3>
-				<ul class="control-sidebar-menu">
-					<li>
-						<a href="?action=logout">
-							<i class="menu-icon fa  fa-sign-out bg-red"></i>
-							<div class="menu-info">
-								<h4 class="control-sidebar-subheading">Log out</h4>
-								<p>This will log you out
-									of <?php echo(USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()); ?></p>
-							</div>
-						</a>
-					</li>
-				</ul>
-				<h3 class="control-sidebar-heading">Site</h3>
-				<ul class="control-sidebar-menu">
-					<li>
-						<a href="<?php echo BASE_URL; ?>" target="_blank">
-							<i class="menu-icon fa  fa-eye bg-blue"></i>
-							<div class="menu-info">
-								<h4 class="control-sidebar-subheading">Preview</h4>
-								<p>This will open a new tab</p>
-							</div>
-						</a>
-					</li>
-				</ul>
-			</div>
-			<div class="tab-pane" id="control-sidebar-settings-tab">
-				<form method="post">
-					<h3 class="control-sidebar-heading">Version</h3>
-
-					<div class="form-group">
-						<label class="control-sidebar-subheading">
-							<?php echo MYAAC_VERSION; ?> (<a href="?p=version">Check for updates</a>)<br/>
-						</label>
-						<label class="control-sidebar-subheading">
-							<p><a href="https://github.com/slawkens/myaac" target="_blank">Github</a></p>
-					</div>
-				</form>
-			</div>
-		</div>
-	</aside>
-	<div class="control-sidebar-bg"></div>
-</div>
-
-<?php }
-if (!$logged && !admin()) {
+<?php } else if (!$logged && !admin()) {
 	echo $content;
 }
 ?>
-
+<?php
+/**
+ * @var OTS_Account $account_logged
+ */
+if ($logged && admin()) {
+	$twig->display('admin-bar.html.twig', [
+		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
+	]);
+}
+?>
 <script src="<?php echo BASE_URL; ?>tools/js/bootstrap.min.js"></script>
 <script src="<?php echo BASE_URL; ?>tools/js/jquery-ui.min.js"></script>
-<script src="<?php echo BASE_URL; ?>tools/js/jquery.dataTables.min.js"></script>
+<?php if (isset($use_datatable))  { ?>
+<script src="<?php echo BASE_URL; ?>tools/js/datatables.min.js"></script>
+<script src="<?php echo BASE_URL; ?>tools/js/datatables.bs.min.js"></script>
+<?php } ?>
 <script src="<?php echo BASE_URL; ?>tools/js/adminlte.min.js"></script>
+<?php $hooks->trigger(HOOK_ADMIN_BODY_END); ?>
 </body>
-</html>
+</html>

admin/tools/phpinfo.php

@@ -13,3 +13,4 @@ if(!function_exists('phpinfo'))
 	die('phpinfo() disabled on this web server.');
 
 phpinfo();
+?>

admin/tools/reload_data.php

@@ -0,0 +1,46 @@
+<?php
+/**
+ * Project: MyAAC
+ *     Automatic Account Creator for Open Tibia Servers
+ *
+ * This is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2020 MyAAC
+ * @link      https://my-aac.org
+ */
+define('MYAAC_ADMIN', true);
+
+require '../../common.php';
+require SYSTEM . 'functions.php';
+require SYSTEM . 'init.php';
+require SYSTEM . 'login.php';
+
+if (!admin())
+	die('Access denied.');
+
+ini_set('max_execution_time', 300);
+ob_implicit_flush();
+ob_end_flush();
+header('X-Accel-Buffering: no');
+
+require LIBS . 'DataLoader.php';
+
+require LOCALE . 'en/main.php';
+require LOCALE . 'en/install.php';
+
+DataLoader::setLocale($locale);
+DataLoader::load();

admin/tools/upload_image.php

@@ -0,0 +1,53 @@
+<?php
+define('MYAAC_ADMIN', true);
+
+require '../../common.php';
+require SYSTEM . 'functions.php';
+require SYSTEM . 'init.php';
+require SYSTEM . 'login.php';
+
+if(!admin())
+	die('Access denied.');
+
+// Don't attempt to process the upload on an OPTIONS request
+if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
+	header('Access-Control-Allow-Methods: POST, OPTIONS');
+	return;
+}
+
+$imageFolder = BASE . EDITOR_IMAGES_DIR;
+
+reset ($_FILES);
+$temp = current($_FILES);
+if (is_uploaded_file($temp['tmp_name'])) {
+	header('Access-Control-Allow-Credentials: true');
+	header('P3P: CP="There is no P3P policy."');
+
+	// Sanitize input
+	if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) {
+		header('HTTP/1.1 400 Invalid file name.');
+		return;
+	}
+
+	// Verify extension
+	$ext = strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION));
+	if (!in_array($ext, ['gif', 'jpg', 'png'])) {
+		header('HTTP/1.1 400 Invalid extension.');
+		return;
+	}
+
+	do {
+		$randomName = generateRandomString(8). ".$ext";
+		$fileToWrite = $imageFolder . $randomName;
+	} while (file_exists($fileToWrite));
+
+	move_uploaded_file($temp['tmp_name'], $fileToWrite);
+
+	$returnPathToImage = BASE_URL . EDITOR_IMAGES_DIR . $randomName;
+	echo json_encode(['location' => $returnPathToImage]);
+} else {
+	// Notify editor that the upload failed
+	header('HTTP/1.1 500 Server Error');
+}
+
+

common.php

@@ -25,68 +25,93 @@
  */
 if (version_compare(phpversion(), '7.2.5', '<')) die('PHP version 7.2.5 or higher is required.');
 
-define('MYAAC', true);
-define('MYAAC_VERSION', '0.8.21');
-define('DATABASE_VERSION', 33);
-define('TABLE_PREFIX', 'myaac_');
+const MYAAC = true;
+const MYAAC_VERSION = '0.9.0-alpha';
+const DATABASE_VERSION = 35;
+const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
 define('IS_CLI', in_array(php_sapi_name(), ['cli', 'phpdb']));
 
 // account flags
-define('FLAG_ADMIN', 1);
-define('FLAG_SUPER_ADMIN', 2);
-define('FLAG_CONTENT_PAGES', 4);
-define('FLAG_CONTENT_MAILER', 8);
-define('FLAG_CONTENT_NEWS', 16);
-define('FLAG_CONTENT_FORUM', 32);
-define('FLAG_CONTENT_COMMANDS', 64);
-define('FLAG_CONTENT_SPELLS', 128);
-define('FLAG_CONTENT_MONSTERS', 256);
-define('FLAG_CONTENT_GALLERY', 512);
-define('FLAG_CONTENT_VIDEOS', 1024);
-define('FLAG_CONTENT_FAQ', 2048);
-define('FLAG_CONTENT_MENUS', 4096);
-define('FLAG_CONTENT_PLAYERS', 8192);
+const FLAG_NONE = 0;
+const FLAG_ADMIN = 1;
+const FLAG_SUPER_ADMIN = 2;
+const FLAG_SUPER_BOTH = 3;
+const FLAG_CONTENT_PAGES = 4;
+const FLAG_CONTENT_MAILER = 8;
+const FLAG_CONTENT_NEWS = 16;
+const FLAG_CONTENT_FORUM = 32;
+const FLAG_CONTENT_COMMANDS = 64;
+const FLAG_CONTENT_SPELLS = 128;
+const FLAG_CONTENT_MONSTERS = 256;
+const FLAG_CONTENT_GALLERY = 512;
+const FLAG_CONTENT_VIDEOS = 1024;
+const FLAG_CONTENT_FAQ = 2048;
+const FLAG_CONTENT_MENUS = 4096;
+const FLAG_CONTENT_PLAYERS = 8192;
+
+// account access types
+const ACCOUNT_WEB_FLAGS = [
+	FLAG_NONE => 'None',
+	FLAG_ADMIN =>'Admin',
+	FLAG_SUPER_ADMIN => 'Super Admin',
+	FLAG_SUPER_BOTH =>'(Admin + Super Admin)',
+];
 
 // news
-define('NEWS', 1);
-define('TICKER', 2);
-define('ARTICLE', 3);
+const NEWS = 1;
+const TICKER = 2;
+const ARTICLE = 3;
+
+// here you can change location of admin panel
+// you need also to rename folder "admin"
+// this may improve security
+const ADMIN_PANEL_FOLDER = 'admin';
 
 // directories
-define('BASE', __DIR__ . '/');
-define('ADMIN', BASE . 'admin/');
-define('SYSTEM', BASE . 'system/');
-define('CACHE', SYSTEM . 'cache/');
-define('LOCALE', SYSTEM . 'locale/');
-define('LIBS', SYSTEM . 'libs/');
-define('LOGS', SYSTEM . 'logs/');
-define('PAGES', SYSTEM . 'pages/');
-define('PLUGINS', BASE . 'plugins/');
-define('TEMPLATES', BASE . 'templates/');
-define('TOOLS', BASE . 'tools/');
+const BASE = __DIR__ . '/';
+const ADMIN = BASE . ADMIN_PANEL_FOLDER . '/';
+const SYSTEM = BASE . 'system/';
+const CACHE = SYSTEM . 'cache/';
+const LOCALE = SYSTEM . 'locale/';
+const LIBS = SYSTEM . 'libs/';
+const LOGS = SYSTEM . 'logs/';
+const PAGES = SYSTEM . 'pages/';
+const PLUGINS = BASE . 'plugins/';
+const TEMPLATES = BASE . 'templates/';
+const TOOLS = BASE . 'tools/';
+const VENDOR = BASE . 'vendor/';
+
+// other dirs
+const SESSIONS_DIR = SYSTEM . 'php_sessions';
+const GUILD_IMAGES_DIR = 'images/guilds/';
+const EDITOR_IMAGES_DIR = 'images/editor/';
+const GALLERY_DIR = 'images/gallery/';
 
 // menu categories
-define('MENU_CATEGORY_NEWS', 1);
-define('MENU_CATEGORY_ACCOUNT', 2);
-define('MENU_CATEGORY_COMMUNITY', 3);
-define('MENU_CATEGORY_FORUM', 4);
-define('MENU_CATEGORY_LIBRARY', 5);
-define('MENU_CATEGORY_SHOP', 6);
+const MENU_CATEGORY_NEWS = 1;
+const MENU_CATEGORY_ACCOUNT = 2;
+const MENU_CATEGORY_COMMUNITY = 3;
+const MENU_CATEGORY_FORUM = 4;
+const MENU_CATEGORY_LIBRARY = 5;
+const MENU_CATEGORY_SHOP = 6;
 
 // otserv versions
-define('OTSERV', 1);
-define('OTSERV_06', 2);
-define('OTSERV_FIRST', OTSERV);
-define('OTSERV_LAST', OTSERV_06);
-define('TFS_02', 3);
-define('TFS_03', 4);
-define('TFS_FIRST', TFS_02);
-define('TFS_LAST', TFS_03);
+const OTSERV = 1;
+const OTSERV_06 = 2;
+const OTSERV_FIRST = OTSERV;
+const OTSERV_LAST = OTSERV_06;
+const TFS_02 = 3;
+const TFS_03 = 4;
+const TFS_FIRST = TFS_02;
+const TFS_LAST = TFS_03;
+
+// other definitions
+const ACCOUNT_NUMBER_LENGTH = 8;
 
 if (!IS_CLI) {
-	session_save_path(SYSTEM . 'php_sessions');
+	session_save_path(SESSIONS_DIR);
 	session_start();
 }
 
@@ -97,13 +122,9 @@ $size = count($tmp) - 1;
 for($i = 1; $i < $size; $i++)
 	$basedir .= '/' . $tmp[$i];
 
-$basedir = str_replace(array('/admin', '/install', '/tools'), '', $basedir);
+$basedir = str_replace(['/' . ADMIN_PANEL_FOLDER, '/install', '/tools'], '', $basedir);
 define('BASE_DIR', $basedir);
 
-if (file_exists(BASE . 'config.local.php') && !defined('MYAAC_INSTALL')) {
-	require BASE . 'config.local.php';
-}
-
 if(!IS_CLI) {
 	if (isset($_SERVER['HTTP_HOST'][0])) {
 		$baseHost = $_SERVER['HTTP_HOST'];
@@ -115,21 +136,16 @@ if(!IS_CLI) {
 		}
 	}
 
-	define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
+	define('SERVER_URL', 'http' . (isset($_SERVER['HTTPS'][0]) && strtolower($_SERVER['HTTPS']) === 'on' ? 's' : '') . '://' . $baseHost);
 	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
-	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
+	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
 
 	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
-	if(@$config['env'] === 'dev') {
-		require SYSTEM . 'exception.php';
-	}
 }
-require SYSTEM . 'autoload.php';
 
-function isHttps(): bool
-{
-	return
-		(!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https')
-		|| (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
-		|| (isset($_SERVER['SERVER_PORT']) && (int) $_SERVER['SERVER_PORT'] === 443);
+$autoloadFile = VENDOR . 'autoload.php';
+if (!is_file($autoloadFile)) {
+	throw new RuntimeException('The vendor folder is missing. Please download Composer: <a href="https://getcomposer.org/download">https://getcomposer.org/download</a>, install it and execute in the main MyAAC directory this command: <b>composer install</b>. Or download MyAAC from <a href="https://github.com/slawkens/myaac/releases">GitHub releases</a>, which includes Vendor folder.');
 }
+
+require $autoloadFile;

composer.json

@@ -0,0 +1,19 @@
+{
+    "require": {
+        "php": "^7.2.5 || ^8.0",
+        "ext-pdo": "*",
+        "ext-pdo_mysql": "*",
+        "ext-json": "*",
+        "ext-xml": "*",
+        "ext-dom": "*",
+        "phpmailer/phpmailer": "^6.1",
+        "composer/semver": "^3.2",
+        "twig/twig": "^2.0",
+        "erusev/parsedown": "^1.7",
+        "nikic/fast-route": "^1.3",
+        "matomo/device-detector": "^6.0"
+    },
+    "require-dev": {
+        "filp/whoops": "^2.15"
+    }
+}

config.php

@@ -52,7 +52,6 @@ $config = array(
 	// head options (html)
 	'meta_description' => 'Tibia is a free massive multiplayer online role playing game (MMORPG).', // description of the site
 	'meta_keywords' => 'free online game, free multiplayer game, ots, open tibia server', // keywords list separated by commas
-	'title_separator' => ' - ',
 
 	// footer
 	'footer' => ''/*'<br/>Your Server &copy; 2016. All rights reserved.'*/,
@@ -74,10 +73,9 @@ $config = array(
 	'database_user' => '',
 	'database_password' => '',
 	'database_name' => '',
-	'database_log' => false, // should database queries be logged and and saved into system/logs/database.log?
+	'database_log' => false, // should database queries be logged and saved into system/logs/database.log?
 	'database_socket' => '', // set if you want to connect to database through socket (example: /var/run/mysqld/mysqld.sock)
 	'database_persistent' => false, // use database permanent connection (like server), may speed up your site
-	'database_encryption' => 'sha1',
 
 	// multiworld system (only TFS 0.3)
 	'multiworld' => false, // use multiworld system?
@@ -88,10 +86,21 @@ $config = array(
 
 	// images
 	'outfit_images_url' => 'https://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
+	'outfit_images_wrong_looktypes' => [75, 126, 127, 266, 302], // this looktypes needs to have different margin-top and margin-left because they are wrong positioned
 	'item_images_url' => 'https://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
+	'item_images_extension' => '.gif',
+
+	// creatures
+	'creatures_images_url' => 'images/monsters/', // set to images/monsters if you host your own creatures in images folder
+	'creatures_images_extension' => '.gif',
+	'creatures_images_preview' => false,  // set to true to allow picture previews for creatures
+	'creatures_items_url' => 'https://tibia.fandom.com/wiki/', // set to website which shows details about items.
+	'creatures_loot_percentage' => true, // set to true to show the loot tooltip percent
 
 	// account
 	'account_management' => true, // disable if you're using other method to manage users (fe. tfs account manager)
+	'account_login_by_email' => false, // use email instead of Account Name like in latest Tibia
+	'account_login_by_email_fallback' => false, // allow also additionally login by Account Name/Number (for users that might forget their email)
 	'account_create_auto_login' => false, // auto login after creating account?
 	'account_create_character_create' => true, // allow directly to create character on create account page?
 	'account_mail_verify' => false, // force users to confirm their email addresses when registering
@@ -103,6 +112,7 @@ $config = array(
 		'message' => 'You received %d %s for confirming your E-Mail address.' // example: You received 20 premium points for confirming your E-Mail address.
 	],
 	'account_mail_unique' => true, // email addresses cannot be duplicated? (one account = one email)
+	'account_mail_block_plus_sign' => true, // block email with '+' signs like test+box@gmail.com (help protect against spamming accounts)
 	'account_premium_days' => 0, // default premium days on new account
 	'account_premium_points' => 0, // default premium points on new account
 	'account_welcome_mail' => true, // send welcome email when user registers
@@ -132,18 +142,24 @@ $config = array(
 	'smtp_secure' => '', // What kind of encryption to use on the SMTP connection. Options: '', 'ssl' (GMail) or 'tls' (Microsoft Outlook)
 	'smtp_debug' => false, // set true to debug (you will see more info in error.log)
 
-	// reCAPTCHA (prevent spam bots)
-	'recaptcha_enabled' => false, // enable recaptcha verification code
-	'recaptcha_site_key' => '', // get your own site and secret keys at https://www.google.com/recaptcha
-	'recaptcha_secret_key' => '',
-	'recaptcha_theme' => 'light', // light, dark
-
 	//
 	'generate_new_reckey' => true,				// let player generate new recovery key, he will receive e-mail with new rec key (not display on page, hacker can't generate rec key)
 	'generate_new_reckey_price' => 20,			// price for new recovery key
 	'send_mail_when_change_password' => true,	// send e-mail with new password when change password to account
 	'send_mail_when_generate_reckey' => true,	// send e-mail with rec key (key is displayed on page anyway when generate)
 
+	// you may need to adjust this for older tfs versions
+	// by removing Community Manager
+	'account_types' => [
+		'None',
+		'Normal',
+		'Tutor',
+		'Senior Tutor',
+		'Gamemaster',
+		'Community Manager',
+		'God',
+	],
+
 	// genders (aka sex)
 	'genders' => array(
 		0 => 'Female',
@@ -172,9 +188,12 @@ $config = array(
 	// This is the minimum and the maximum length that a player can create a character. It is highly recommend the maximum length to be 21.
 	'character_name_min_length' => 4,
 	'character_name_max_length' => 21,
+	'character_name_npc_check' => true,
 
 	// list of towns
-	// if you use TFS 1.3 with support for 'towns' table in database, then you can ignore this - it will be configured automatically (generated from your .OTBM map)
+	// if you use TFS 1.3 with support for 'towns' table in database, then you can ignore this - it will be configured automatically (from MySQL database - Table - towns)
+	// otherwise it will try to load from your .OTBM map file
+	// if you don't see towns on website, then you need to fill this out
 	'towns' => array(
 		0 => 'No town',
 		1 => 'Sample town'
@@ -185,6 +204,7 @@ $config = array(
 	'guild_need_level' => 1, // min. level to form a guild
 	'guild_need_premium' => true, // require premium account to form a guild?
 	'guild_image_size_kb' => 80, // maximum size of the guild logo image in KB (kilobytes)
+	'guild_description_default' => 'New guild. Leader must edit this text :)',
 	'guild_description_chars_limit' => 1000, // limit of guild description
 	'guild_description_lines_limit' => 6, // limit of lines, if description has more lines it will be showed as long text, without 'enters'
 	'guild_motd_chars_limit' => 150, // limit of MOTD (message of the day) that is shown later in the game on the guild channel
@@ -205,19 +225,19 @@ $config = array(
 	'team_display_outfit' => true,
 
 	// bans page
-	'bans_limit' => 50,
-	'bans_display_all' => true, // should all bans be displayed? (sorted page by page)
+	'bans_per_page' => 20,
 
 	// highscores page
 	'highscores_vocation_box' => true, // show 'Choose a vocation' box on the highscores (allowing peoples to sort highscores by vocation)?
 	'highscores_vocation' => true, // show player vocation under his nickname?
-	'highscores_frags' => false, // show 'Frags' tab (best fraggers on the server)? Only 0.3
+	'highscores_frags' => false, // show 'Frags' tab (best fraggers on the server)?
 	'highscores_balance' => false, // show 'Balance' tab (richest players on the server)
 	'highscores_outfit' => true, // show player outfit?
 	'highscores_country_box' => false, // doesnt work yet! (not implemented)
 	'highscores_groups_hidden' => 3, // this group id and higher won't be shown on the highscores
 	'highscores_ids_hidden' => array(0), // this ids of players will be hidden on the highscores (should be ids of samples)
-	'highscores_length' => 100, // how many records per page on highscores
+	'highscores_per_page' => 100, // how many records per page on highscores
+	'highscores_cache_ttl' => 15, // how often to update highscores from database in minutes (default 15 minutes)
 
 	// characters page
 	'characters' => array( // what things to display on character view page (true/false in each option)
@@ -269,9 +289,9 @@ $config = array(
 
 	// status, took automatically from config file if empty
 	'status_enabled' => true, // you can disable status checking by settings this to "false"
-	'status_ip' => '127.0.0.1',
+	'status_ip' => '',
 	'status_port' => '',
-	'status_timeout' => 1.0, // how long to wait for the initial response from the server (default: 1 second)
+	'status_timeout' => 2.0, // how long to wait for the initial response from the server (default: 2 seconds)
 
 	// how often to connect to server and update status (default: every minute)
 	// if your status timeout in config.lua is bigger, that it will be used instead
@@ -279,7 +299,11 @@ $config = array(
 	'status_interval' => 60,
 
 	// admin panel
-	'admin_panel_modules' => 'lastlogin,points,coins',
+	'admin_plugins_manage_enable' => 'yes', // you can disable possibility to upload and uninstall plugins, for security
+	// enable support for plain php pages in admin panel, for security
+	// existing pages still will be working, so you need to delete them manually
+	'admin_pages_php_enable' => 'no',
+	'admin_panel_modules' => 'statistics,web_status,server_status,lastlogin,created,points,coins,balance',    // default - statistics,web_status,server_status,lastlogin,created,points,coins,balance
 
 	// other
 	'anonymous_usage_statistics' => true,
@@ -290,13 +314,5 @@ $config = array(
 	'date_timezone' => 'Europe/Berlin', // more info at http://php.net/manual/en/timezones.php
 	'footer_show_load_time' => true, // display load time of the page in the footer
 
-	'npc' => array(),
-
-	// character name blocked
-	'character_name_blocked' => array(
-		'prefix' => array(),
-		'names' => array(),
-		'words' => array(),
-	),
-
+	'npc' => array()
 );

cypress.config.js

@@ -0,0 +1,9 @@
+const { defineConfig } = require("cypress");
+
+module.exports = defineConfig({
+  e2e: {
+    setupNodeEvents(on, config) {
+      // implement node event listeners here
+    },
+  },
+});

cypress/e2e/1-install.cy.js

@@ -0,0 +1,75 @@
+describe('Install MyAAC', () => {
+	beforeEach(() => {
+		// Cypress starts out with a blank slate for each test
+		// so we must tell it to visit our website with the `cy.visit()` command.
+		// Since we want to visit the same URL at the start of all our tests,
+		// we include it in our beforeEach function so that it runs before each test
+		cy.visit(Cypress.env('URL'))
+	})
+
+	it('Go through installer', () => {
+		cy.visit(Cypress.env('URL') + '/install/?step=welcome')
+		cy.wait(1000)
+
+		cy.screenshot('install-welcome')
+
+		// step 1 - Welcome
+		cy.get('select[name="lang"]').select('en')
+
+		//cy.get('input[type=button]').contains('Next »').click()
+
+		cy.get('form').submit()
+
+		// step 2 - License
+		// just skip
+		cy.contains('GNU/GPL License');
+		cy.get('form').submit()
+
+		// step 3 - Requirements
+		cy.contains('Requirements check');
+
+		cy.get('#step').then(elem => {
+			elem.val('config');
+		});
+
+		cy.get('form').submit()
+
+		// step 4 - Configuration
+		cy.contains('Basic configuration');
+
+		cy.get('#vars_server_path').click().clear().type(Cypress.env('SERVER_PATH'))
+		cy.get('#vars_mail_admin').click().clear().type('noone@example.net')
+
+		cy.get('[type="checkbox"]').uncheck() // usage statistics uncheck
+
+		cy.wait(1000)
+
+		cy.get('form').submit()
+
+		// check if there is any error
+
+
+		// step 5 - Import Schema
+		cy.contains('Import MySQL schema');
+
+		// AAC is not installed yet, this message should not come
+		cy.contains('Seems AAC is already installed. Skipping importing MySQL schema..').should('not.exist')
+
+		cy.contains('[class="alert alert-success"]', 'Local configuration has been saved into file: config.local.php').should('be.visible')
+
+		cy.get('form').submit()
+
+		// step 6 - Admin Account
+		cy.get('#vars_email').click().clear().type('admin@my-aac.org')
+		cy.get('#vars_account').click().clear().type('admin')
+		cy.get('#vars_password').click().clear().type('test1234')
+		cy.get('#vars_password_confirm').click().clear().type('test1234')
+		cy.get('#vars_player_name').click().clear().type('Admin')
+
+		cy.get('form').submit()
+
+		cy.contains('[class="alert alert-success"]', 'Congratulations', { timeout: 30000 }).should('be.visible')
+
+		cy.screenshot('install-finish')
+	})
+})

cypress/e2e/2-create-account.cy.js

@@ -0,0 +1,33 @@
+describe('Create Account Page', () => {
+	beforeEach(() => {
+		// Cypress starts out with a blank slate for each test
+		// so we must tell it to visit our website with the `cy.visit()` command.
+		// Since we want to visit the same URL at the start of all our tests,
+		// we include it in our beforeEach function so that it runs before each test
+		cy.visit(Cypress.env('URL') + '/index.php/account/create')
+	})
+
+	it('Create Test Account', () => {
+		cy.screenshot('create-account-page')
+
+		cy.get('#account_input').type('tester')
+		cy.get('#email').type('tester@example.com')
+
+		cy.get('#password').type('test1234')
+		cy.get('#password2').type('test1234')
+
+		cy.get('#character_name').type('Slaw')
+
+		cy.get('#sex1').check()
+		cy.get('#vocation1').check()
+		cy.get('#accept_rules').check()
+
+		cy.get('#createaccount').submit()
+
+		// no errors please
+		cy.contains('The Following Errors Have Occurred:').should('not.exist')
+
+		// ss of post page
+		cy.screenshot('create-account-page-post')
+	})
+})

cypress/fixtures/example.json

@@ -0,0 +1,5 @@
+{
+  "name": "Using fixtures to represent data",
+  "email": "hello@cypress.io",
+  "body": "Fixtures are a great way to mock data for responses to routes"
+}

cypress/support/commands.js

@@ -0,0 +1,25 @@
+// ***********************************************
+// This example commands.js shows you how to
+// create various custom commands and overwrite
+// existing commands.
+//
+// For more comprehensive examples of custom
+// commands please read more here:
+// https://on.cypress.io/custom-commands
+// ***********************************************
+//
+//
+// -- This is a parent command --
+// Cypress.Commands.add('login', (email, password) => { ... })
+//
+//
+// -- This is a child command --
+// Cypress.Commands.add('drag', { prevSubject: 'element'}, (subject, options) => { ... })
+//
+//
+// -- This is a dual command --
+// Cypress.Commands.add('dismiss', { prevSubject: 'optional'}, (subject, options) => { ... })
+//
+//
+// -- This will overwrite an existing command --
+// Cypress.Commands.overwrite('visit', (originalFn, url, options) => { ... })

cypress/support/e2e.js

@@ -0,0 +1,20 @@
+// ***********************************************************
+// This example support/e2e.js is processed and
+// loaded automatically before your test files.
+//
+// This is a great place to put global configuration and
+// behavior that modifies Cypress.
+//
+// You can change the location of this file or turn off
+// automatically serving support files with the
+// 'supportFile' configuration option.
+//
+// You can read more here:
+// https://on.cypress.io/configuration
+// ***********************************************************
+
+// Import commands.js using ES2015 syntax:
+import './commands'
+
+// Alternatively you can use CommonJS syntax:
+// require('./commands')

index.php

@@ -28,18 +28,22 @@ require_once 'common.php';
 require_once SYSTEM . 'functions.php';
 
 $uri = $_SERVER['REQUEST_URI'];
+if(false !== strpos($uri, 'index.php')) {
+	$uri = str_replace_first('/index.php', '', $uri);
+}
 
-$tmp = BASE_DIR;
-if(!empty($tmp))
-	$uri = str_replace(BASE_DIR . '/', '', $uri);
-else
+if(0 === strpos($uri, '/')) {
 	$uri = str_replace_first('/', '', $uri);
+}
 
-$uri = str_replace(array('index.php/', '?'), '', $uri);
-define('URI', $uri);
+if(preg_match("/^[A-Za-z0-9-_%'+\/]+\.png$/i", $uri)) {
+	if (!empty(BASE_DIR)) {
+		$tmp = explode('.', str_replace_first(str_replace_first('/', '', BASE_DIR) . '/', '', $uri));
+	}
+	else {
+		$tmp = explode('.', $uri);
+	}
 
-if(preg_match("/^[A-Za-z0-9-_%'+]+\.png$/i", $uri)) {
-	$tmp = explode('.', $uri);
 	$_REQUEST['name'] = urldecode($tmp[0]);
 
 	chdir(TOOLS . 'signature');
@@ -47,7 +51,7 @@ if(preg_match("/^[A-Za-z0-9-_%'+]+\.png$/i", $uri)) {
 	exit();
 }
 
-if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
+if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
 	http_response_code(404);
 	exit;
 }
@@ -74,134 +78,28 @@ if((!isset($config['installed']) || !$config['installed']) && file_exists(BASE .
 	throw new RuntimeException('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
 }
 
+$template_place_holders = array();
+
 require_once SYSTEM . 'init.php';
-require_once SYSTEM . 'template.php';
 
 // verify myaac tables exists in database
 if(!$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
 }
 
-$found = false;
-if(empty($uri) || isset($_REQUEST['template'])) {
-	$_REQUEST['p'] = 'news';
-	$found = true;
-}
-else {
-	$tmp = strtolower($uri);
-	if (!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(TEMPLATES . $template_name . '/pages/' . $tmp . '.php')) {
-		$_REQUEST['p'] = $uri;
-		$found = true;
-	}
-	else if (!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $tmp . '.php')) {
-		$_REQUEST['p'] = $uri;
-		$found = true;
-	}
-	else {
-		$rules = array(
-			'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
-			'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
-			'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
-			'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
-			'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
-			'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
-			'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
-			'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
-			'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
-			'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
-			'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
-			'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
-			'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
-			'/^account\/character\/comment\/[A-Za-z0-9-_%+\']+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
-			'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
-			'/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
-			'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
-			'/^changelog\/[0-9]+\/?$/' => array('subtopic' => 'changelog', 'page' => '$1'),
-			'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
-			'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
-			'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
-			'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
-			'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
-			'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
-			'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
-			'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
-			'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
-			'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
-			'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
-			'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
-			'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
-			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
-			'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
-			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
-			'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
-			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
-			'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
-			'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
-			'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
-			'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
-			'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
-			'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
-			'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
-			'/^houses\/view\/?$/' => array('subtopic' => 'houses', 'page' => 'view')
-		);
-
-		foreach ($rules as $rule => $redirect) {
-			if (preg_match($rule, $uri)) {
-				$tmp = explode('/', $uri);
-				/* @var $redirect array */
-				foreach ($redirect as $key => $value) {
-
-					if (strpos($value, '$') !== false) {
-						$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
-					}
-
-					$_REQUEST[$key] = $value;
-					$_GET[$key] = $value;
-				}
-
-				$found = true;
-				break;
-			}
-		}
-	}
-}
-
-// handle ?fbclid=x, etc. (show news page)
-if (!$found && count($_GET) > 0 && !isset($_REQUEST['subtopic']) && !isset($_REQUEST['p']) && !in_array($_SERVER['QUERY_STRING'], getDatabasePages())) {
-	$_REQUEST['p'] = $_REQUEST['subtopic'] = 'news';
-	$found = true;
-}
-
-// define page visited, so it can be used within events system
-$page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_REQUEST['p']) ? $_REQUEST['p'] : '');
-if(empty($page) || !preg_match('/^[A-z0-9\_\-]+$/', $page)) {
-	$tmp = URI;
-	if(!empty($tmp)) {
-		$page = $tmp;
-	}
-	else {
-		if(!$found)
-			$page = '404';
-		else
-			$page = 'news';
-	}
-}
-
-$page = strtolower($page);
-define('PAGE', $page);
-
-$template_place_holders = array();
-
 // event system
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
 $hooks->load();
+require_once SYSTEM . 'template.php';
 require_once SYSTEM . 'login.php';
 require_once SYSTEM . 'status.php';
 
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
 
+require_once SYSTEM . 'router.php';
+
 require SYSTEM . 'migrate.php';
 
 $hooks->trigger(HOOK_STARTUP);
@@ -250,35 +148,6 @@ if($config['visitors_counter'])
 	$visitors = new Visitors($config['visitors_counter_ttl']);
 }
 
-// page content loading
-if(!isset($content[0]))
-	$content = '';
-$load_it = true;
-
-// check if site has been closed
-$site_closed = false;
-if(fetchDatabaseConfig('site_closed', $site_closed)) {
-	$site_closed = ($site_closed == 1);
-	if($site_closed) {
-		if(!admin())
-		{
-			$title = getDatabaseConfig('site_closed_title');
-			$content .= '<p class="note">' . getDatabaseConfig('site_closed_message') . '</p><br/>';
-			$load_it = false;
-		}
-
-		if(!$logged)
-		{
-			ob_start();
-			require SYSTEM . 'pages/accountmanagement.php';
-			$content .= ob_get_contents();
-			ob_end_clean();
-			$load_it = false;
-		}
-	}
-}
-define('SITE_CLOSED', $site_closed);
-
 // backward support for gesior
 if($config['backward_support']) {
 	define('INITIALIZED', true);
@@ -287,7 +156,6 @@ if($config['backward_support']) {
 	$layout_name = $template_path;
 	$news_content = '';
 	$tickers_content = '';
-	$subtopic = PAGE;
 	$main_content = '';
 
 	$config['access_admin_panel'] = 2;
@@ -298,7 +166,6 @@ if($config['backward_support']) {
 	$config['site'] = &$config;
 	$config['server'] = &$config['lua'];
 	$config['site']['shop_system'] = $config['gifts_system'];
-	$config['site']['gallery_page'] = true;
 
 	if(!isset($config['vdarkborder']))
 		$config['vdarkborder'] = '#505050';
@@ -318,67 +185,15 @@ if($config['backward_support']) {
 		$config['status']['serverStatus_' . $key] = $value;
 }
 
-if($load_it)
-{
-	if(SITE_CLOSED && admin())
-		$content .= '<p class="note">Site is under maintenance (closed mode). Only privileged users can see it.</p>';
-
-	if($config['backward_support']) {
-		require SYSTEM . 'compat/pages.php';
-		require SYSTEM . 'compat/classes.php';
-	}
-
-	$ignore = false;
-
-	$logged_access = 1;
-	if($logged && $account_logged && $account_logged->isLoaded()) {
-		$logged_access = $account_logged->getAccess();
-	}
-
-	$success = false;
-	$tmp_content = getCustomPage($page, $success);
-	if($success) {
-		$content .= $tmp_content;
-		if(hasFlag(FLAG_CONTENT_PAGES) || superAdmin()) {
-			$pageInfo = getCustomPageInfo($page);
-			$content = $twig->render('admin.pages.links.html.twig', array(
-					'page' => array('id' => $pageInfo !== null ? $pageInfo['id'] : 0, 'hidden' => $pageInfo !== null ? $pageInfo['hidden'] : '0')
-				)) . $content;
-		}
-	} else {
-		$file = TEMPLATES . "$template_name/pages/$page.php";
-		if(!@file_exists($file) || preg_match('/[^A-z0-9_\-]/', $page)) {
-			$file = SYSTEM . "pages/$page.php";
-			if(!@file_exists($file) || preg_match('/[^A-z0-9_\-]/', $page)) {
-				$page = '404';
-				$file = SYSTEM . 'pages/404.php';
-			}
-		}
-	}
-
-	ob_start();
-	if($hooks->trigger(HOOK_BEFORE_PAGE)) {
-		if(!$ignore)
-			require $file;
-	}
-
-	if($config['backward_support'] && isset($main_content[0]))
-		$content .= $main_content;
-
-	$content .= ob_get_contents();
-	ob_end_clean();
-	$hooks->trigger(HOOK_AFTER_PAGE);
+/**
+ * @var OTS_Account $account_logged
+ */
+if ($logged && admin()) {
+	$content .= $twig->render('admin-bar.html.twig', [
+		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
+	]);
 }
-
-if($config['backward_support']) {
-	$main_content = $content;
-	if(!isset($title))
-		$title = ucfirst($page);
-
-	$topic = $title;
-}
-
-$title_full =  (isset($title) ? $title . $config['title_separator'] : '') . $config['lua']['serverName'];
+$title_full =  (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];
 require $template_path . '/' . $template_index;
 
 echo base64_decode('PCEtLSBQb3dlcmVkIGJ5IE15QUFDIDo6IGh0dHBzOi8vd3d3Lm15LWFhYy5vcmcvIC0tPg==') . PHP_EOL;

install/includes/config.php

@@ -38,3 +38,4 @@ if(!isset($error) || !$error) {
 		$error = true;
 	}
 }
+?>

install/includes/database.php

@@ -6,12 +6,18 @@ $ots = POT::getInstance();
 require SYSTEM . 'database.php';
 
 if(!isset($db)) {
-	$database_error = $locale['step_database_error_mysql_connect'] . '<br/>' .
-			$locale['step_database_error_mysql_connect_2'] .
-			'<ul>' .
-				'<li>' . $locale['step_database_error_mysql_connect_3'] . '</li>' .
-				'<li>' . $locale['step_database_error_mysql_connect_4'] . '</li>' .
-			'</ul>' . '<br/>' . $error;
+	$database_error = '<p class="lead">' . $locale['step_database_error_mysql_connect'] . '</p>';
+	
+	$database_error .= '<p>' . $locale['step_database_error_mysql_connect_2'] . '</p>';
+
+	$database_error .= '<ul class="list-group">' .
+							'<li class="list-group-item list-group-item-warning">' . $locale['step_database_error_mysql_connect_3'] . '</li>' .
+							'<li class="list-group-item list-group-item-warning">' . $locale['step_database_error_mysql_connect_4'] . '</li>' .
+						'</ul>';
+
+	$database_error .= '<div class="alert alert-danger mt-4">
+							<span>' . $error . '</span>
+						</div>';
 }
 else {
 	if($db->hasTable('accounts'))

install/includes/functions.php

@@ -62,9 +62,9 @@ function next_buttons($previous = true, $next = true)
 		$ret .= '<input class="button" type="submit" onclick="document.getElementById(\'step\').value=\'' . $steps[$i + 1] . '\';" value="' . $locale['next'] . '" />';
 */
 	if($previous)
-		$ret .= '<input type="button" class="button" onclick="document.getElementById(\'step\').value=\'' . $steps[$i - 1] . '\'; this.form.submit();" value="&laquo; ' . $locale['previous'] . '" />';
+		$ret .= '<input type="button" class="button btn btn-primary m-2" onclick="document.getElementById(\'step\').value=\'' . $steps[$i - 1] . '\'; this.form.submit();" value="&laquo; ' . $locale['previous'] . '" />';
 	if($next)
-		$ret .= '<input type="button" class="button" onclick="document.getElementById(\'step\').value=\'' . $steps[$i + 1] . '\'; this.form.submit(); " value="' . $locale['next'] . ' &raquo;" />';
+		$ret .= '<input type="button" class="button btn btn-primary m-2" onclick="document.getElementById(\'step\').value=\'' . $steps[$i + 1] . '\'; this.form.submit(); " value="' . $locale['next'] . ' &raquo;" />';
 
 	$ret .= '</div>';
 	return $ret;

install/includes/schema.sql

@@ -1,4 +1,4 @@
-SET @myaac_database_version = 33;
+SET @myaac_database_version = 35;
 
 CREATE TABLE `myaac_account_actions`
 (
@@ -203,25 +203,29 @@ CREATE TABLE `myaac_monsters` (
 	`mana` int(11) NOT NULL DEFAULT 0,
 	`exp` int(11) NOT NULL,
 	`health` int(11) NOT NULL,
+	`look` VARCHAR(255) NOT NULL DEFAULT '',
 	`speed_lvl` int(11) NOT NULL default 1,
 	`use_haste` tinyint(1) NOT NULL,
 	`voices` text NOT NULL,
 	`immunities` varchar(255) NOT NULL,
+	`elements` TEXT NOT NULL,
 	`summonable` tinyint(1) NOT NULL,
 	`convinceable` tinyint(1) NOT NULL,
+	`pushable` TINYINT(1) NOT NULL DEFAULT '0',
+	`canpushitems` TINYINT(1) NOT NULL DEFAULT '0',
+	`canwalkonenergy` TINYINT(1) NOT NULL DEFAULT '0',
+	`canwalkonpoison` TINYINT(1) NOT NULL DEFAULT '0',
+	`canwalkonfire` TINYINT(1) NOT NULL DEFAULT '0',
+	`runonhealth` TINYINT(1) NOT NULL DEFAULT '0',
+	`hostile` TINYINT(1) NOT NULL DEFAULT '0',
+	`attackable` TINYINT(1) NOT NULL DEFAULT '0',
+	`rewardboss` TINYINT(1) NOT NULL DEFAULT '0',
+	`defense` INT(11) NOT NULL DEFAULT '0',
+	`armor` INT(11) NOT NULL DEFAULT '0',
+	`canpushcreatures` TINYINT(1) NOT NULL DEFAULT '0',
 	`race` varchar(255) NOT NULL,
 	`loot` text NOT NULL,
-	PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
-
-CREATE TABLE `myaac_videos`
-(
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
-	`title` VARCHAR(100) NOT NULL DEFAULT '',
-	`youtube_id` VARCHAR(20) NOT NULL,
-	`author` VARCHAR(50) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
-	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
+	`summons` TEXT NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 
@@ -327,6 +331,7 @@ CREATE TABLE `myaac_visitors`
 	`ip` VARCHAR(45) NOT NULL,
 	`lastvisit` INT(11) NOT NULL DEFAULT 0,
 	`page` VARCHAR(2048) NOT NULL,
+	`user_agent` VARCHAR(255) NOT NULL DEFAULT '',
 	UNIQUE (`ip`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 

install/includes/twig_error.html

@@ -8,4 +8,4 @@ We have detected that you don't have access to write to the system/cache directo
 	border: 3px double #CCCCCC;
 	padding: 0;
 }
-</style>
+</style>

install/index.php

@@ -26,13 +26,13 @@ $twig = new Twig_Environment($twig_loader, array(
 ));
 
 // load installation status
-$step = isset($_POST['step']) ? $_POST['step'] : 'welcome';
+$step = $_REQUEST['step'] ?? 'welcome';
 
 $install_status = array();
 if(file_exists(CACHE . 'install.txt')) {
 	$install_status = unserialize(file_get_contents(CACHE . 'install.txt'));
 
-	if(!isset($_POST['step'])) {
+	if(!isset($_REQUEST['step'])) {
 		$step = isset($install_status['step']) ? $install_status['step'] : '';
 	}
 }
@@ -70,7 +70,7 @@ if($step == 'database') {
 
 		$key = str_replace('var_', '', $key);
 
-		if(in_array($key, array('account', 'account_id', 'password', 'email', 'player_name'))) {
+		if(in_array($key, array('account', 'account_id', 'password', 'password_confirm', 'email', 'player_name'))) {
 			continue;
 		}
 
@@ -95,10 +95,6 @@ if($step == 'database') {
 			$errors[] = $locale['step_config_mail_admin_error'];
 			break;
 		}
-		else if($key == 'mail_address' && !Validator::email($value)) {
-			$errors[] = $locale['step_config_mail_address_error'];
-			break;
-		}
 		else if($key == 'timezone' && !in_array($value, DateTimeZone::listIdentifiers())) {
 			$errors[] = $locale['step_config_timezone_error'];
 			break;
@@ -124,6 +120,7 @@ else if($step == 'admin') {
 else if($step == 'finish') {
 	$email = $_SESSION['var_email'];
 	$password = $_SESSION['var_password'];
+	$password_confirm = $_SESSION['var_password_confirm'];
 	$player_name = $_SESSION['var_player_name'];
 
 	// email check
@@ -165,6 +162,9 @@ else if($step == 'finish') {
 	else if(!Validator::password($password)) {
 		$errors[] = $locale['step_admin_password_error_format'];
 	}
+	else if($password != $password_confirm) {
+		$errors[] = $locale['step_admin_password_confirm_error_not_same'];
+	}
 
 	// player name check
 	if(empty($player_name)) {
@@ -189,14 +189,14 @@ clearstatcache();
 if(is_writable(CACHE) && (MYAAC_OS != 'WINDOWS' || win_is_writable(CACHE))) {
 	if(!file_exists(BASE . 'install/ip.txt')) {
 		$content = warning('AAC installation is disabled. To enable it make file <b>ip.txt</b> in install/ directory and put there your IP.<br/>
-		Your IP is:<br /><b>' . get_browser_real_ip() . '</b>', true);
+		Your IP is:<br /><b>' . $_SERVER['REMOTE_ADDR'] . '</b>', true);
 	}
 	else {
 		$file_content = trim(file_get_contents(BASE . 'install/ip.txt'));
 		$allow = false;
 		$listIP = preg_split('/\s+/', $file_content);
 		foreach($listIP as $ip) {
-			if(get_browser_real_ip() == $ip) {
+			if($_SERVER['REMOTE_ADDR'] == $ip) {
 				$allow = true;
 			}
 		}

install/steps/1-welcome.php

@@ -1,7 +1,7 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
-	echo '<p class="warning">' . $locale['already_installed'] . '</p>';
+	echo '<div class="alert alert-warning"><span>' . $locale['already_installed'] . '</span></div>';
 }
 else {
 	unset($_SESSION['saved']);

install/steps/2-license.php

@@ -5,3 +5,4 @@ $twig->display('install.license.html.twig', array(
 	'license' => file_get_contents(BASE . 'LICENSE'),
 	'buttons' => next_buttons()
 ));
+?>

install/steps/3-requirements.php

@@ -2,8 +2,21 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 // configuration
+$dirs_required = [
+	'system/logs',
+	'system/cache',
+];
+$dirs_optional = [
+	GUILD_IMAGES_DIR => $locale['step_requirements_warning_images_guilds'],
+	GALLERY_DIR => $locale['step_requirements_warning_images_gallery'],
+];
+
 $extensions_required = [
-	'pdo', 'pdo_mysql', 'xml', 'zip'
+	'pdo', 'pdo_mysql', 'json', 'xml'
+];
+$extensions_optional = [
+	'gd' => $locale['step_requirements_warning_player_signatures'],
+	'zip' => $locale['step_requirements_warning_install_plugins'],
 ];
 /*
  *
@@ -14,11 +27,11 @@ $extensions_required = [
 function version_check($name, $ok, $info = '', $warning = false)
 {
 	global $failed;
-	echo '<p class="' . ($ok ? 'success' : ($warning ? 'warning' : 'error')) . '">' . $name;
+	echo '<div class="alert alert-' . ($ok ? 'success' : ($warning ? 'warning' : 'danger')) . '">' . $name;
 	if(!empty($info))
 		echo ': <b>' . $info . '</b>';
 
-	echo '</p>';
+	echo '</div>';
 	if(!$ok && !$warning)
 		$failed = true;
 }
@@ -27,12 +40,18 @@ $failed = false;
 
 // start validating
 version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50500), PHP_VERSION);
-foreach(array('images/guilds', 'images/houses', 'images/gallery') as $value)
+
+foreach ($dirs_required as $value)
 {
-	$is_writable = is_writable(BASE . $value);
+	$is_writable = is_writable(BASE . $value) && (MYAAC_OS != 'WINDOWS' || win_is_writable(BASE . $value));
 	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $is_writable);
 }
 
+foreach ($dirs_optional as $dir => $errorMsg) {
+	$is_writable = is_writable(BASE . $dir) && (MYAAC_OS != 'WINDOWS' || win_is_writable(BASE . $dir));
+	version_check($locale['step_requirements_write_perms'] . ': ' . $dir, $is_writable, $is_writable ? '' : $errorMsg, true);
+}
+
 $ini_register_globals = ini_get_bool('register_globals');
 version_check('register_long_arrays', !$ini_register_globals, $ini_register_globals ? $locale['on'] : $locale['off']);
 
@@ -44,12 +63,19 @@ foreach ($extensions_required as $ext) {
 	version_check(str_replace('$EXTENSION$', strtoupper($ext), $locale['step_requirements_extension']) , $loaded, $loaded ? $locale['loaded'] : $locale['not_loaded']);
 }
 
-
-if($failed)
-{
-	echo '<br/><b>' . $locale['step_requirements_failed'];
-	echo next_form(true, false);
+foreach ($extensions_optional as $ext => $errorMsg) {
+	$loaded = extension_loaded($ext);
+	version_check(str_replace('$EXTENSION$', strtoupper($ext), $locale['step_requirements_extension']) , $loaded, $loaded ? $locale['loaded'] : $locale['not_loaded'] . '. ' . $errorMsg, true);
 }
-else
+
+echo '<div class="text-center m-3">';
+
+if($failed) {
+	echo '<div class="alert alert-warning"><span>' . $locale['step_requirements_failed'] . '</span></div>';
+	echo next_form(true, false);
+}else {
 	echo next_form(true, true);
-?>
+}
+
+echo '</div>';
+?>

install/steps/4-config.php

@@ -18,3 +18,4 @@ $twig->display('install.config.html.twig', array(
 	'errors' => isset($errors) ? $errors : null,
 	'buttons' => next_buttons()
 ));
+?>

install/steps/5-database.php

@@ -21,8 +21,6 @@ if(!$error) {
 	// user can disable when he wants
 	$content .= '$config[\'env\'] = \'prod\'; // dev or prod';
 	$content .= PHP_EOL;
-	$content .= '$config[\'mail_enabled\'] = true;';
-	$content .= PHP_EOL;
 	foreach($_SESSION as $key => $value)
 	{
 		if(strpos($key, 'var_') !== false)
@@ -86,11 +84,6 @@ if(!$error) {
 					$error = true;
 				}
 
-				if(!Validator::email($_SESSION['var_mail_address'])) {
-					error($locale['step_config_mail_address_error']);
-					$error = true;
-				}
-
 				$content .= '$config[\'session_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
 				$content .= PHP_EOL;
 				$content .= '$config[\'cache_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
@@ -120,8 +113,10 @@ if(!$error) {
 }
 ?>
 
-<form action="<?php echo BASE_URL; ?>install/" method="post">
-	<input type="hidden" name="step" id="step" value="admin" />
-	<?php echo next_buttons(true, !$error);
-	?>
-</form>
+<div class="text-center m-3">
+	<form action="<?php echo BASE_URL; ?>install/" method="post">
+		<input type="hidden" name="step" id="step" value="admin" />
+		<?php echo next_buttons(true, !$error);
+		?>
+	</form>
+</div>

install/steps/7-finish.php

@@ -8,15 +8,14 @@ if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['save
 else {
 	require SYSTEM . 'init.php';
 	if(!$error) {
-		if(USE_ACCOUNT_NAME)
+		if(USE_ACCOUNT_NAME || USE_ACCOUNT_NUMBER)
 			$account = isset($_SESSION['var_account']) ? $_SESSION['var_account'] : null;
 		else
 			$account_id = isset($_SESSION['var_account_id']) ? $_SESSION['var_account_id'] : null;
 
 		$password = $_SESSION['var_password'];
 
-		$config_salt_enabled = $db->hasColumn('accounts', 'salt');
-		if($config_salt_enabled)
+		if(USE_ACCOUNT_SALT)
 		{
 			$salt = generateRandomString(10, false, true, true);
 			$password = $salt . $password;
@@ -74,13 +73,11 @@ else {
 			$account_used = &$new_account;
 		}
 
-		if($config_salt_enabled)
+		if(USE_ACCOUNT_SALT)
 			$account_used->setCustomField('salt', $salt);
 
 		$account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
 		$account_used->setCustomField('country', 'us');
-		$account_used->setCustomField('email_verified', 1);
-
 		if($db->hasColumn('accounts', 'group_id'))
 			$account_used->setCustomField('group_id', $groups->getHighestId());
 		if($db->hasColumn('accounts', 'type'))

install/template/style.css

@@ -1,299 +1,13 @@
-* {
-	margin: 0; padding: 0;
-}
+@import url('https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400&display=swap');
+
 body {
-	text-align: center;
-	font: 12px Verdana;
-	color: #000000;
-	background-color: #000000;
-}
-img {
-	border: 0;
+    font-family: 'Roboto', sans-serif;
 }
 
-.break {
-	font-size: 0;
-	width: 0; height: 0;
-	clear: both;
-}
-.alignleft {
-	float: left;
-	margin: 4px 10px 5px 0;
-}
-.alignright {
-	float: right;
-	margin: 4px 0 5px 10px;
-}
-.aligncenter {
-	text-align: center;
+h1{
+    font-weight: 100 !important;
 }
 
-/** BEGIN wrapper **/
-#wrapper {
-	background: #ffffff url(images/background.jpg) repeat-x 0 0;
-	width: 980px;
-}
-
-#header {
-	margin-bottom: 10px;
-	border-bottom: 1px solid #eee;
-	padding-bottom: 15px;
-}
-
-#footer {
-	padding-top: 15px;
-	border-top: 1px solid #eee;
-	margin-top: 10px;
-	text-align: right;
-	color: #555;
-}
-
-#header h1 {
-	font-weight: bold;
-	margin: 0;
-	padding: 0;
-}
-
-#header span {
-	font-size: 25px;
-	color: #000;
-	font-weight: bold;
-	padding-left: 40px;
-	line-height: 80px;
-}
-
-#version {
-	float: right;
-	color: #000;
-	font-size: 17px;
-	padding-top: 25px;
-	padding-right: 5px;
-}
-
-/** BEGIN body **/
-#body {
-	background: url(images/wrapper.gif) repeat-y 0 0;
-}
-/** END body **/
-
-/** BEGIN content **/
-#content {
-	width: 642px;
-	float: left;
-	padding: 20px 18px 20px 20px;
-	color: #434242;
-}
-
-	/** begin headers **/
-	h1, h2, h3, h4, h5, h6 {
-		font-family: Tahoma;
-		margin-bottom: 10px;
-	}
-	h2, h3, h4, h5, h6 {
-		margin-top: 30px;
-	}
-	h1 { font-size: 2em; }
-	h2 { font-size: 1.6em; }
-	h3 { font-size: 1.3em; }
-	h4, h5, h6 { font-size: 1em; }
-	/** end headers **/
-	
-	/** begin messages **/
-	.error, .success, .note, .warning {
-		font-weight: bold;
-		font-size: 0.9em;
-		padding: 4px 10px 4px 24px;
-		background-repeat: no-repeat;
-		background-position: 5px 6px;
-		border-style: solid;
-		border-width: 1px;
-		line-height: 1.6em;
-		margin-bottom: 10px;
-	}
-	.error {
-		background-color: #FDD9D9;
-		background-image: url(images/error.gif);
-		border-color: #FBA3A3;
-		color: #D80303;
-	}
-	.success {
-		background-color: #E4FCD9;
-		background-image: url(images/success.gif);
-		border-color: #BFFDA3;
-		color: #35A502;
-	}
-	.note {
-		background-color: #DDEAFA;
-		background-image: url(images/note.gif);
-		border-color: #A3D8FD;
-		color: #026DA5;
-	}
-	.warning {
-		background-color: #FBF0B3;
-		background-image: url(images/warning.gif);
-		border-color: #FBBB95;
-		color: #FD6002;
-	}
-	/** end messages **/
-	
-	/** begin form **/
-	form {
-		border: 1px solid #DDDDDD;
-		padding: 16px;
-	}
-		form .input {
-			padding-top: 12px;
-			clear: both;
-		}
-		form .first { 
-			padding-top: 0;
-		}
-		form .input p {
-			margin-bottom: 7px !important;
-		}
-		form input {
-			margin-right: 5px;
-		}
-		form label {
-			margin-right: 10px;
-			color: #8B8B8B;
-		}
-		form input.text, form textarea {
-			border: 1px solid #BEBDBD;
-			font-size: 1em;
-			font-family: Verdana;
-			background-color: #F3F3F3;
-			color: #808080;
-			padding: 2px;
-			max-width: 100%;
-		}
-		.positive, .negative {
-			font-size: 0.9em;
-			font-weight: bold;
-			padding: 1px 0 0 20px;
-			background-repeat: no-repeat;
-			background-position: 0 0;
-			display: inline;
-			margin-top: 2px;
-		}
-		.positive {
-			background-image: url(images/positive.gif);
-			color: #35A502;
-		}
-		.negative {
-			background-image: url(images/negative.gif);
-			color: #D80303;
-		}
-		form textarea {
-			line-height: 1.6em;
-		}
-		form button, form input.button {
-			font-size: 0.9em;
-			font-family: Verdana;
-			font-weight: bold;
-			color: #ffffff;
-			background: #B6B4B4 url(images/button.gif) repeat-x 0 0;
-			border: 1px solid #B6B4B4;
-			padding: 5px 10px;
-		}
-	/** end form **/
-	
-	/** begin table **/
-	table {
-		
-	}
-		table th {
-			font-size: 0.9em;
-			color: #ffffff;
-			background-color: #679BC5;
-			padding: 2px 4px;
-			line-height: 1.6em;
-		}
-		table td {
-			line-height: 1.6em;
-			padding: 2px 4px;
-		}
-		table tr.odd td { background-color: #EEEEEE; }
-		table tr.even td { background-color: #E5E5E5; }
-		
-	/** end table **/
-	
-	/** begin paragraphs, lists, etc. **/
-	#content p {
-		line-height: 1.6em;
-		margin-bottom: 10px;
-	}
-	#content ul, #content ol {
-		list-style-position: inside;
-	}
-	#content li {
-		line-height: 1.6em;
-		padding: 2px 0 2px 0;
-	}
-	a {
-		color: #679BC5;
-	}
-	a:hover {
-		color: #ff0000;
-		text-decoration: none;
-	}
-	blockquote {
-		padding: 10px;
-		background-color: #eeeeee;
-		line-height: 1.6em;
-		border-width: 2px 0 1px;
-		border-style: solid;
-		border-color: #e0e0e0;
-	}
-	/** end paragraphs, lists, etc. **/
-
-/** END content **/
-
-/** BEGIN sidebar **/
-#sidebar {
-	width: 300px;
-	float: right;
-	padding: 10px 0;
-}
-	#sidebar h2 {
-		background: green url(images/sidehead.gif) no-repeat 0 0;
-		margin: 0 10px;
-		font-size: 1em;
-		color: #ffffff;
-		padding: 7px 10px;
-	}
-	#sidebar ul {
-		list-style-type: none;
-		background: #E0E0E0 url(images/sidebody.gif) no-repeat 0 bottom;
-		padding: 10px;
-		margin: 0 10px 10px;
-	}
-	#sidebar ul li {
-		padding: 4px 0 4px 14px;
-		background: none;
-		line-height: 1.6em;
-		font-size: 0.9em;
-		font-weight: bold;
-	}
-	#sidebar ul li a {
-		color: #000000;
-		text-decoration: none;
-	}
-	#sidebar ul li a:hover {
-		text-decoration: none;
-		color: #ff0000;
-	}
-	
-	#sidebar ul li a:active {
-		text-decoration: none;
-		color: #ff0000;
-	}
-	
-	#sidebar ul li current {
-		text-decoration: none;
-		color: #ff0000;
-	}
-	.current {
-		text-decoration: none;
-		color: #ff0000;
-	}
+h3 {
+    font-weight: 300 !important;
+}

install/template/template.php

@@ -1,48 +1,74 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" dir="<?php echo $locale['direction']; ?>" lang="<?php echo $locale['lang']; ?>" xml:lang="<?php echo $locale['lang']; ?>">
+<!DOCTYPE html>
+<html dir="<?php echo $locale['direction']; ?>" lang="<?php echo $locale['lang']; ?>" xml:lang="<?php echo $locale['lang']; ?>">
 <head>
 	<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $locale['encoding']; ?>" />
+	<meta name="viewport" content="width=device-width, initial-scale=1">
 	<title>MyAAC - <?php echo $locale['installation']; ?></title>
+	<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-rbsA2VBKQhggwzxH7pPCaAqO46MgnOM80zW1RWuH61DGLwZJEdK2Kadq2F9CUG65" crossorigin="anonymous">
 	<link rel="stylesheet" type="text/css" href="template/style.css" />
 	<script type="text/javascript" src="<?php echo BASE_URL; ?>tools/js/jquery.min.js"></script>
 </head>
 <body>
-	<div id="wrapper">
-		<!--div class="buffer"-->
-			<div id="header">
-				<h1>MyAAC <?php echo $locale['installation']; ?></h1>
-			</div>
 
-			<div id="body">
+	<div id="body" class="container">
 
-				<div id="sidebar">
-					<h2><?php echo $locale['steps']; ?></h2>
-					<ul>
-						<?php
-							$i = 0;
-							foreach($steps as $key => $value)
-								echo '<li' . ($step == $value ? ' class="current"' : '') . '>' . ++$i . '. ' . $locale['step_' . $value] . '</li>';
-						?>
-					</ul>
-				</div>
+		<header id="header" class="pt-5 pb-4 pb-sm-5">
+			<h1>MyAAC <?php echo $locale['installation']; ?></h1>
+		</header>
 
-				<div id="content">
+		<div class="row">
+
+			<div id="sidebar" class="col-md-3">
+				<h3><?php echo $locale['steps']; ?></h3>
+				<ul class="list-group mt-4">
 					<?php
-						if(isset($locale['step_' . $step . '_title']))
-							echo '<h1>' . $locale['step_' . $step . '_title'] . '</h1>';
-						else
-							echo '<h1>' . $locale['step_' . $step] . '</h1>';
-						echo $content;
+						$i = 0;
+						foreach($steps as $key => $value){
+
+							if ($step == $value) {
+								$progress = ($i == 6) ? 100 : $i * 16;
+							}
+
+							echo '<li class="list-group-item' . ($step == $value ? ' active' : '') . '">' . ++$i . '. ' . $locale['step_' . $value] . '</li>';
+						}
+
 					?>
-				</div>
-
-				<div class="break"></div>
+				</ul>
 			</div>
-		<!--/div-->
+
+			<div id="content" class="col-md-9">
+
+				<?php
+					if(isset($locale['step_' . $step . '_title']))
+						echo '<h3 class="mb-4 mt-4 mt-md-0">' . $locale['step_' . $step . '_title'] . '</h3>';
+					else
+						echo '<h3 class="mb-4 mt-4 mt-md-0">' . $locale['step_' . $step] . '</h3>';
+				?>
+
+				<?php
+				if(!isset($config['installed'])):
+				?>
+				<div class="row">
+					<div class="col-md-12">
+						<div class="progress mb-2">
+							<div class="progress-bar progress-bar-striped progress-bar-animated" style="width: <?php echo $progress; ?>%" role="progressbar" aria-valuenow="<?php echo $progress; ?>" aria-valuemin="0" aria-valuemax="100"></div>
+						</div>
+					</div>
+				</div>
+				<?php endif; ?>
+
+				<?php echo $content; ?>
+
+			</div>
+
+		</div>
+
+		<hr />
+
 	</div>
 
-	<div id="footer">
+	<footer id="footer" class="p-4">
 		<p style="text-align: center;"><?php echo base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4='); ?></p>
-	</div>
+	</footer>
 </body>
-</html>
+</html>

install/tools/5-database.php

@@ -11,10 +11,8 @@ $error = false;
 require BASE . 'install/includes/config.php';
 
 ini_set('max_execution_time', 300);
-
-@ob_end_flush();
 ob_implicit_flush();
-
+ob_end_flush();
 header('X-Accel-Buffering: no');
 
 if(!$error) {
@@ -58,7 +56,7 @@ else {
 }
 
 if(!$db->hasColumn('accounts', 'created')) {
-	if(query("ALTER TABLE `accounts` ADD `created` INT(11) NOT NULL DEFAULT 0 AFTER `" . ($db->hasColumn('accounts', 'group_id') ? 'group_id' : 'email') . "`;"))
+	if(query("ALTER TABLE `accounts` ADD `created` INT(11) NOT NULL DEFAULT 0 AFTER `" . ($db->hasColumn('accounts', 'group_id') ? 'group_id' : 'key') . "`;"))
 		success($locale['step_database_adding_field'] . ' accounts.created...');
 }