Merge branch 'develop' into feature/settings

Remove config.php completely
Add new settings category: Game
Fix account_login_by_email
Min textarea size = 2 + adjusted automatically

.github/workflows/cypress.yml

@@ -34,7 +34,7 @@ jobs:
         - name: Checkout MyAAC
           uses: actions/checkout@v3
           with:
-            ref: develop
+            ref: 0.9
 
         - name: Checkout TFS
           uses: actions/checkout@v3

.gitignore

@@ -2,6 +2,9 @@ Thumbs.db
 .DS_Store
 .idea
 
+#
+/.htaccess
+
 # composer
 composer.lock
 vendor

admin/includes/functions.php

@@ -1 +1,2 @@
-<?php
+<?php
+// nothing yet here

admin/includes/settings_menus.php

@@ -0,0 +1,35 @@
+<?php
+
+$order = 10;
+
+$settingsMenu = [];
+
+$settingsMenu[] = [
+	'name' => 'MyAAC',
+	'link' => 'settings&plugin=core',
+	'icon' => 'list',
+	'order' => $order,
+];
+
+foreach (Plugins::getAllPluginsSettings() as $setting) {
+	$file = BASE . $setting['settingsFilename'];
+	if (!file_exists($file)) {
+		warning('Plugin setting: ' . $file . ' - cannot be loaded.');
+		continue;
+	}
+
+	$order += 10;
+
+	$settings = require $file;
+
+	$settingsMenu[] = [
+		'name' => $settings['name'],
+		'link' => 'settings&plugin=' . $setting['pluginFilename'],
+		'icon' => 'list',
+		'order' => $order,
+	];
+}
+
+unset($settings, $file, $order);
+
+return $settingsMenu;

admin/index.php

@@ -6,10 +6,6 @@ require '../common.php';
 const ADMIN_PANEL = true;
 const MYAAC_ADMIN = true;
 
-if(file_exists(BASE . 'config.local.php')) {
-	require_once BASE . 'config.local.php';
-}
-
 if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed']))
 {
 	header('Location: ' . BASE_URL . 'install/');
@@ -34,12 +30,6 @@ if(!$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
 }
 
-if(config('env') === 'dev') {
-	ini_set('display_errors', 1);
-	ini_set('display_startup_errors', 1);
-	error_reporting(E_ALL);
-}
-
 // event system
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
@@ -47,7 +37,6 @@ $hooks->load();
 
 require SYSTEM . 'status.php';
 require SYSTEM . 'login.php';
-require SYSTEM . 'migrate.php';
 require __DIR__ . '/includes/functions.php';
 
 $twig->addGlobal('config', $config);

admin/pages/accounts.php

@@ -37,7 +37,7 @@ if ($config['account_country']) {
 		$countries[$code] = $c;
 }
 $web_acc = ACCOUNT_WEB_FLAGS;
-$acc_type = config('account_types');
+$acc_type = setting('core.account_types');
 ?>
 
 <link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
@@ -361,7 +361,7 @@ else if (isset($_REQUEST['search'])) {
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
-										<label for="email">Email:</label><?php echo (config('mail_enabled') ? ' (<a href="' . ADMIN_URL . '?p=mailer&mail_to=' . $account->getEMail() . '">Send Mail</a>)' : ''); ?>
+										<label for="email">Email:</label><?php echo (setting('core.mail_enabled') ? ' (<a href="' . ADMIN_URL . '?p=mailer&mail_to=' . $account->getEMail() . '">Send Mail</a>)' : ''); ?>
 										<input type="text" class="form-control" id="email" name="email" autocomplete="off" value="<?php echo $account->getEMail(); ?>"/>
 									</div>
 									<?php if ($hasCoinsColumn): ?>

admin/pages/dashboard.php

@@ -47,12 +47,11 @@ $tmp = '';
 if (fetchDatabaseConfig('site_closed_message', $tmp))
 	$closed_message = $tmp;
 
-$configAdminPanelModules = config('admin_panel_modules');
-if (isset($configAdminPanelModules)) {
+$settingAdminPanelModules = setting('core.admin_panel_modules');
+if (count($settingAdminPanelModules) > 0) {
 	echo '<div class="row">';
-	$configAdminPanelModules = explode(',', $configAdminPanelModules);
 	$twig_loader->prependPath(__DIR__ . '/modules/templates');
-	foreach ($configAdminPanelModules as $box) {
+	foreach ($settingAdminPanelModules as $box) {
 		$file = __DIR__ . '/modules/' . $box . '.php';
 		if (file_exists($file)) {
 			include($file);

admin/pages/login.php

@@ -12,7 +12,7 @@ $title = 'Login';
 
 require PAGES . 'account/login.php';
 if ($logged) {
-	header('Location: ' . ADMIN_URL);
+	header('Location: ' . (admin() ? ADMIN_URL : BASE_URL));
 	return;
 }
 

admin/pages/mailer.php

@@ -15,7 +15,7 @@ if (!hasFlag(FLAG_CONTENT_MAILER) && !superAdmin()) {
 	return;
 }
 
-if (!config('mail_enabled')) {
+if (!setting('core.mail_enabled')) {
 	echo 'Mail support disabled in config.';
 	return;
 }

admin/pages/menus.php

@@ -46,6 +46,7 @@ if (isset($_REQUEST['template'])) {
 		if ($cache->enabled()) {
 			$cache->delete('template_menus');
 		}
+
 		success('Saved at ' . date('H:i'));
 	}
 
@@ -56,6 +57,7 @@ if (isset($_REQUEST['template'])) {
 		echo 'Cannot find template config.php file.';
 		return;
 	}
+
 	if (!isset($config['menu_categories'])) {
 		echo "No menu categories set in template config.php.<br/>This template doesn't support dynamic menus.";
 		return;
@@ -91,15 +93,16 @@ if (isset($_REQUEST['template'])) {
 							<ul class="sortable" id="sortable-<?php echo $id ?>">
 								<?php
 								if (isset($menus[$id])) {
-									foreach ($menus[$id] as $i => $menu):
+									$i = 0;
+									foreach ($menus[$id] as $menu):
 										?>
 										<li class="ui-state-default" id="list-<?php echo $id ?>-<?php echo $i ?>"><label>Name:</label> <input type="text" name="menu[<?php echo $id ?>][]" value="<?php echo escapeHtml($menu['name']); ?>"/>
 											<label>Link:</label> <input type="text" name="menu_link[<?php echo $id ?>][]" value="<?php echo $menu['link'] ?>"/>
 											<input type="hidden" name="menu_blank[<?php echo $id ?>][]" value="0"/>
 											<label><input class="blank-checkbox" type="checkbox" <?php echo($menu['blank'] == 1 ? 'checked' : '') ?>/><span title="Open in New Window">New Window</span></label>
-											<input class="color-picker" type="text" name="menu_color[<?php echo $id ?>][]" value="#<?php echo $menu['color'] ?>"/>
+											<input class="color-picker" type="text" name="menu_color[<?php echo $id ?>][]" value="<?php echo (empty($menu['color']) ? ($config['menu_default_color'] ?? '#ffffff') : $menu['color']); ?>"/>
 											<a class="remove-button" id="remove-button-<?php echo $id ?>-<?php echo $i ?>"><i class="fas fa-trash"></a></i></li>
-										<?php $last_id[$id] = $i;
+										<?php $i++; $last_id[$id] = $i;
 									endforeach;
 								} ?>
 							</ul>
@@ -120,7 +123,8 @@ if (isset($_REQUEST['template'])) {
 	<?php
 	$twig->display('admin.menus.js.html.twig', array(
 		'menus' => $menus,
-		'last_id' => $last_id
+		'last_id' => $last_id,
+		'menu_default_color' => $config['menu_default_color'] ?? '#ffffff'
 	));
 	?>
 	<?php

admin/pages/modules/balance.php

@@ -1,4 +1,6 @@
 <?php
+defined('MYAAC') or die('Direct access not allowed!');
+
 $balance = ($db->hasColumn('players', 'balance') ? $db->query('SELECT `balance`, `id`, `name`,`level` FROM `players` ORDER BY `balance` DESC LIMIT 10;') : 0);
 
 $twig->display('balance.html.twig', array(

admin/pages/modules/coins.php

@@ -1,4 +1,6 @@
 <?php
+defined('MYAAC') or die('Direct access not allowed!');
+
 $coins = ($db->hasColumn('accounts', 'coins') ?  $db->query('SELECT `coins`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `coins` DESC LIMIT 10;') : 0);
 
 $twig->display('coins.html.twig', array(

admin/pages/modules/created.php

@@ -1,4 +1,6 @@
 <?php
+defined('MYAAC') or die('Direct access not allowed!');
+
 $players = ($db->hasColumn('accounts', 'created') ? $db->query('SELECT `created`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `created` DESC LIMIT 10;') : 0);
 
 $twig->display('created.html.twig', array(

admin/pages/modules/lastlogin.php

@@ -1,4 +1,6 @@
 <?php
+defined('MYAAC') or die('Direct access not allowed!');
+
 $players = ($db->hasColumn('players', 'lastlogin') ? $db->query('SELECT name, level, lastlogin FROM players ORDER BY lastlogin DESC LIMIT 10;') : 0);
 $twig->display('lastlogin.html.twig', array(
 	'players' => $players,

admin/pages/modules/points.php

@@ -1,4 +1,6 @@
 <?php
+defined('MYAAC') or die('Direct access not allowed!');
+
 $points = ($db->hasColumn('accounts', 'premium_points') ? $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;') : 0);
 
 $twig->display('points.html.twig', array(

admin/pages/pages.php

@@ -152,8 +152,8 @@ class Pages
 			$errors[] = 'Enable PHP is wrong.';
 			return false;
 		}
-		if ($php == 1 && !getBoolean(config('admin_pages_php_enable'))) {
-			$errors[] = 'PHP pages disabled on this server. To enable go to config.php and change admin_pages_php_enable to "yes".';
+		if ($php == 1 && !getBoolean(setting('core.admin_pages_php_enable'))) {
+			$errors[] = 'PHP pages disabled on this server. To enable go to Settings in Admin Panel and enable <strong>Enable PHP Pages</strong>.';
 			return false;
 		}
 		if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) {
@@ -258,5 +258,3 @@ class Pages
 		return !count($errors);
 	}
 }
-
-?>

admin/pages/plugins.php

@@ -13,8 +13,8 @@ $use_datatable = true;
 
 require_once LIBS . 'plugins.php';
 
-if (!getBoolean(config('admin_plugins_manage_enable'))) {
-	warning('Plugin installation and management is disabled in config.<br/>If you wish to enable, go to config.php and change <b>admin_plugins_manage_enable</b> to "yes".');
+if (!getBoolean(setting('core.admin_plugins_manage_enable'))) {
+	warning('Plugin installation and management is disabled in Settings.<br/>If you wish to enable, go to Settings and enable <strong>Enable Plugins Manage</strong>.');
 }
 else {
 	$twig->display('admin.plugins.form.html.twig');

admin/pages/settings.php

@@ -0,0 +1,56 @@
+<?php
+/**
+ * Menus
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Settings';
+
+require_once SYSTEM . 'clients.conf.php';
+if (empty($_GET['plugin'])) {
+	error('Please select plugin from left Panel.');
+	return;
+}
+
+$plugin = $_GET['plugin'];
+
+if($plugin != 'core') {
+	$pluginSettings = Plugins::getPluginSettings($plugin);
+	if (!$pluginSettings) {
+		error('This plugin does not exist or does not have settings defined.');
+		return;
+	}
+
+	$settingsFilePath = BASE . $pluginSettings;
+}
+else {
+	$settingsFilePath = SYSTEM . 'settings.php';
+}
+
+if (!file_exists($settingsFilePath)) {
+	error("Plugin $plugin does not exist or does not have settings defined.");
+	return;
+}
+
+$settingsFile = require $settingsFilePath;
+if (!is_array($settingsFile)) {
+	error("Cannot load settings file for plugin $plugin");
+	return;
+}
+
+$settingsKeyName = ($plugin == 'core' ? $plugin : $settingsFile['key']);
+
+$title = ($plugin == 'core' ? 'Settings' : 'Plugin Settings - ' . $plugin);
+
+$settingsParsed = Settings::display($settingsKeyName, $settingsFile['settings']);
+
+$twig->display('admin.settings.html.twig', [
+	'settingsParsed' => $settingsParsed['content'],
+	'settings' => $settingsFile['settings'],
+	'script' => $settingsParsed['script'],
+	'settingsKeyName' => $settingsKeyName,
+]);

admin/pages/statistics.php

@@ -36,4 +36,3 @@ $twig->display('admin.statistics.html.twig', array(
 	'account_type' => (USE_ACCOUNT_NAME ? 'name' : 'number'),
 	'points' => $points
 ));
-?>

admin/pages/version.php

@@ -47,4 +47,3 @@ function version_revert($version)
 	$release = $version;
 	return $major . '.' . $minor . '.' . $release;
 }*/
-?>

admin/pages/visitors.php

@@ -16,7 +16,7 @@ use DeviceDetector\Parser\OperatingSystem;
 $title = 'Visitors';
 $use_datatable = true;
 
-if (!$config['visitors_counter']): ?>
+if (!setting('core.visitors_counter')): ?>
 	Visitors counter is disabled.<br/>
 	You can enable it by editing this configurable in <b>config.local.php</b> file:<br/>
 	<p style="margin-left: 3em;"><b>$config['visitors_counter'] = true;</b></p>
@@ -25,10 +25,9 @@ if (!$config['visitors_counter']): ?>
 endif;
 
 require SYSTEM . 'libs/visitors.php';
-$visitors = new Visitors($config['visitors_counter_ttl']);
+$visitors = new Visitors(setting('core.visitors_counter_ttl'));
 
-function compare($a, $b)
-{
+function compare($a, $b): int {
 	return $a['lastvisit'] > $b['lastvisit'] ? -1 : 1;
 }
 
@@ -61,7 +60,7 @@ foreach ($tmp as &$visitor) {
 }
 
 $twig->display('admin.visitors.html.twig', array(
-	'config_visitors_counter_ttl' => $config['visitors_counter_ttl'],
+	'config_visitors_counter_ttl' => setting('core.visitors_counter_ttl'),
 	'visitors' => $tmp
 ));
 ?>

admin/template/menus.php

@@ -1,8 +1,11 @@
 <?php
 
-$menus = [
+return [
 	['name' => 'Dashboard', 'icon' => 'tachometer-alt', 'order' => 10, 'link' => 'dashboard'],
-	['name' => 'News', 'icon' => 'newspaper', 'order' => 20, 'link' =>
+	['name' => 'Settings', 'icon' => 'edit', 'order' => 19, 'link' =>
+		require ADMIN . 'includes/settings_menus.php'
+	],
+	['name' => 'News', 'icon' => 'newspaper', 'order' => 20,  'link' =>
 		[
 			['name' => 'View', 'link' => 'news', 'icon' => 'list', 'order' => 10],
 			['name' => 'Add news', 'link' => 'news&action=new&type=1', 'icon' => 'plus', 'order' => 20],
@@ -16,7 +19,7 @@ $menus = [
 			['name' => 'Add', 'link' => 'changelog&action=new', 'icon' => 'plus', 'order' => 20],
 		],
 	],
-	['name' => 'Mailer', 'icon' => 'envelope', 'order' => 40, 'link' => 'mailer', 'disabled' => !config('mail_enabled')],
+	['name' => 'Mailer', 'icon' => 'envelope', 'order' => 40, 'link' => 'mailer', 'disabled' => !setting('core.mail_enabled')],
 	['name' => 'Pages', 'icon' => 'book', 'order' => 50, 'link' =>
 		[
 			['name' => 'View', 'link' => 'pages', 'icon' => 'list', 'order' => 10],

admin/template/template.php

@@ -68,7 +68,7 @@
 							if (!$has_child) { ?>
 								<li class="nav-item">
 									<a class="nav-link<?php echo(strpos($menu['link'], $page) !== false ? ' active' : '') ?>" href="?p=<?php echo $menu['link'] ?>">
-										<i class="nav-icon fas fa-<?php echo(isset($menu['icon']) ? $menu['icon'] : 'link') ?>"></i>
+										<i class="nav-icon fas fa-<?php echo($menu['icon'] ?? 'link') ?>"></i>
 										<p><?php echo $menu['name'] ?></p>
 									</a>
 								</li>
@@ -76,9 +76,9 @@
 							} else if ($has_child) {
 								$used_menu = null;
 								$nav_construct = '';
-								foreach ($menu['link'] as $category => $sub_menu) {
+								foreach ($menu['link'] as $sub_category => $sub_menu) {
 									$nav_construct .= '<li class="nav-item"><a href="?p=' . $sub_menu['link'] . '" class="nav-link';
-									if ($page == $sub_menu['link']) {
+									if ($_SERVER['QUERY_STRING'] == 'p=' . $sub_menu['link']) {
 										$nav_construct .= ' active';
 										$used_menu = true;
 									}

admin/tools/phpinfo.php

@@ -13,4 +13,3 @@ if(!function_exists('phpinfo'))
 	die('phpinfo() disabled on this web server.');
 
 phpinfo();
-?>

admin/tools/settings_save.php

@@ -0,0 +1,34 @@
+<?php
+const MYAAC_ADMIN = true;
+
+require '../../common.php';
+require SYSTEM . 'functions.php';
+require SYSTEM . 'init.php';
+require SYSTEM . 'login.php';
+
+if(!admin()) {
+	http_response_code(500);
+	die('Access denied.');
+}
+
+if (!isset($_REQUEST['plugin'])) {
+	http_response_code(500);
+	die('Please enter plugin name.');
+}
+
+if (!isset($_POST['settings'])) {
+	http_response_code(500);
+	die('Please enter settings.');
+}
+
+$settings = Settings::getInstance();
+
+$settings->save($_REQUEST['plugin'], $_POST['settings']);
+
+$errors = $settings->getErrors();
+if (count($errors) > 0) {
+	http_response_code(500);
+	die(implode('<br/>', $errors));
+}
+
+echo 'Saved at ' . date('H:i');

common.php

@@ -26,8 +26,8 @@
 if (version_compare(phpversion(), '7.2.5', '<')) die('PHP version 7.2.5 or higher is required.');
 
 const MYAAC = true;
-const MYAAC_VERSION = '0.9.0-alpha';
-const DATABASE_VERSION = 35;
+const MYAAC_VERSION = '0.10.0-dev';
+const DATABASE_VERSION = 36;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
@@ -143,6 +143,22 @@ if(!IS_CLI) {
 	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
 }
 
+if (file_exists(BASE . 'config.local.php')) {
+	require BASE . 'config.local.php';
+}
+
+ini_set('log_errors', 1);
+if(@$config['env'] === 'dev') {
+	ini_set('display_errors', 1);
+	ini_set('display_startup_errors', 1);
+	error_reporting(E_ALL);
+}
+else {
+	ini_set('display_errors', 0);
+	ini_set('display_startup_errors', 0);
+	error_reporting(E_ALL & ~E_DEPRECATED & ~E_STRICT);
+}
+
 $autoloadFile = VENDOR . 'autoload.php';
 if (!is_file($autoloadFile)) {
 	throw new RuntimeException('The vendor folder is missing. Please download Composer: <a href="https://getcomposer.org/download">https://getcomposer.org/download</a>, install it and execute in the main MyAAC directory this command: <b>composer install</b>. Or download MyAAC from <a href="https://github.com/slawkens/myaac/releases">GitHub releases</a>, which includes Vendor folder.');

config.php

@@ -1,318 +0,0 @@
-<?php
-/**
- * This is MyAAC's Main Configuration file
- *
- * All the default values are kept here, you should not modify it but use
- * a config.local.php file instead to override the settings from here.
- *
- * This is a piece of PHP code so PHP syntax applies!
- * For boolean values please use true/false.
- *
- * Minimally 'server_path' directive have to be filled, other options are optional.
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
- * @link      https://my-aac.org
- */
-
-$config = array(
-	// directories & files
-	'server_path' => '', // path to the server directory (same directory where config file is located)
-
-	/**
-	 * Environment Setting
-	 *
-	 * if you use this script on your live server - set to 'prod' (production)
-	 * if you want to test and debug the script locally, or develop plugins, set to 'dev' (development)
-	 * WARNING: on 'dev' cache is disabled, so site will be significantly slower !!!
-	 * WARNING2: on 'dev' all PHP errors/warnings are displayed
-	 * Recommended: 'prod' cause of speed (page load time is better)
-	 */
-	'env' => 'prod', // 'prod' for production and 'dev' for development
-
-	'template' => 'kathrine', // template used by website (kathrine, tibiacom)
-	'template_allow_change' => true, // allow users to choose their own template while browsing website?
-
-	'vocations_amount' => 4, // how much basic vocations your server got (without promotion)
-
-	// what client version are you using on this OT?
-	// used for the Downloads page and some templates aswell
-	'client' => 1098, // 954 = client 9.54
-
-	'session_prefix' => 'myaac_', // must be unique for every site on your server
-	'friendly_urls' => false, // mod_rewrite is required for this, it makes links looks more elegant to eye, and also are SEO friendly (example: https://my-aac.org/guilds/Testing instead of https://my-aac.org/?subtopic=guilds&name=Testing). Remember to rename .htaccess.dist to .htaccess
-	'gzip_output' => false, // gzip page content before sending it to the browser, uses less bandwidth but more cpu cycles
-
-	// gesior backward support (templates & pages)
-	// allows using gesior templates and pages with myaac
-	// might bring some performance when disabled
-	'backward_support' => true,
-
-	// head options (html)
-	'meta_description' => 'Tibia is a free massive multiplayer online role playing game (MMORPG).', // description of the site
-	'meta_keywords' => 'free online game, free multiplayer game, ots, open tibia server', // keywords list separated by commas
-
-	// footer
-	'footer' => ''/*'<br/>Your Server &copy; 2016. All rights reserved.'*/,
-
-	'language' => 'en', // default language (currently only 'en' available)
-	'language_allow_change' => false,
-
-	'visitors_counter' => true,
-	'visitors_counter_ttl' => 10, // how long visitor will be marked as online (in minutes)
-	'views_counter' => true,
-
-	// cache system. by default file cache is used
-	'cache_engine' => 'auto', // apc, apcu, eaccelerator, xcache, file, auto, or blank to disable.
-	'cache_prefix' => 'myaac_', // have to be unique if running more MyAAC instances on the same server (except file system cache)
-
-	// database details (leave blank for auto detect from config.lua)
-	'database_host' => '',
-	'database_port' => '', // leave blank to default 3306
-	'database_user' => '',
-	'database_password' => '',
-	'database_name' => '',
-	'database_log' => false, // should database queries be logged and saved into system/logs/database.log?
-	'database_socket' => '', // set if you want to connect to database through socket (example: /var/run/mysqld/mysqld.sock)
-	'database_persistent' => false, // use database permanent connection (like server), may speed up your site
-
-	// multiworld system (only TFS 0.3)
-	'multiworld' => false, // use multiworld system?
-	'worlds' => array( // list of worlds
-		//'1' => 'Your World Name',
-		//'2' => 'Your Second World Name'
-	),
-
-	// images
-	'outfit_images_url' => 'https://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
-	'outfit_images_wrong_looktypes' => [75, 126, 127, 266, 302], // this looktypes needs to have different margin-top and margin-left because they are wrong positioned
-	'item_images_url' => 'https://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
-	'item_images_extension' => '.gif',
-
-	// creatures
-	'creatures_images_url' => 'images/monsters/', // set to images/monsters if you host your own creatures in images folder
-	'creatures_images_extension' => '.gif',
-	'creatures_images_preview' => false,  // set to true to allow picture previews for creatures
-	'creatures_items_url' => 'https://tibia.fandom.com/wiki/', // set to website which shows details about items.
-	'creatures_loot_percentage' => true, // set to true to show the loot tooltip percent
-
-	// account
-	'account_management' => true, // disable if you're using other method to manage users (fe. tfs account manager)
-	'account_login_by_email' => false, // use email instead of Account Name like in latest Tibia
-	'account_login_by_email_fallback' => false, // allow also additionally login by Account Name/Number (for users that might forget their email)
-	'account_create_auto_login' => false, // auto login after creating account?
-	'account_create_character_create' => true, // allow directly to create character on create account page?
-	'account_mail_verify' => false, // force users to confirm their email addresses when registering
-	'account_mail_confirmed_reward' => [ // reward users for confirming their E-Mails
-		// account_mail_verify needs to be enabled too
-		'premium_days' => 0,
-		'premium_points' => 0,
-		'coins' => 0,
-		'message' => 'You received %d %s for confirming your E-Mail address.' // example: You received 20 premium points for confirming your E-Mail address.
-	],
-	'account_mail_unique' => true, // email addresses cannot be duplicated? (one account = one email)
-	'account_mail_block_plus_sign' => true, // block email with '+' signs like test+box@gmail.com (help protect against spamming accounts)
-	'account_premium_days' => 0, // default premium days on new account
-	'account_premium_points' => 0, // default premium points on new account
-	'account_welcome_mail' => true, // send welcome email when user registers
-	'account_mail_change' => 2, // how many days user need to change email to account - block hackers
-	'account_country' => true, // user will be able to set country of origin when registering account, this information will be viewable in others places aswell
-	'account_country_recognize' => true, // should country of user be automatically recognized by his IP? This makes an external API call to http://ipinfo.io
-	'account_change_character_name' => false, // can user change their character name for premium points?
-	'account_change_character_name_points' => 30, // cost of name change
-	'account_change_character_sex' => false, // can user change their character sex for premium points?
-	'account_change_character_sex_points' => 30, // cost of sex change
-	'characters_per_account' => 10,	// max. number of characters per account
-
-	// mail
-	'mail_enabled' => false, // is aac maker configured to send e-mails?
-	'mail_address' => 'no-reply@your-server.org', // server e-mail address (from:)
-	'mail_admin' => 'your-address@your-server.org', // admin email address, where mails from contact form will be sent
-	'mail_signature' => array( // signature that will be included at the end of every message sent using _mail function
-		'plain' => ""/*"--\nMy Server,\nhttp://www.myserver.com"*/,
-		'html' => ''/*'<br/>My Server,\n<a href="http://www.myserver.com">myserver.com</a>'*/
-	),
-	'smtp_enabled' => false, // send by smtp or mail function (set false if use mail function, set to true if you use GMail or Microsoft Outlook)
-	'smtp_host' => '', // mail host. smtp.gmail.com for GMail / smtp-mail.outlook.com for Microsoft Outlook
-	'smtp_port' => 25, // 25 (default) / 465 (ssl, GMail) / 587 (tls, Microsoft Outlook)
-	'smtp_auth' => true, // need authorization?
-	'smtp_user' => 'admin@example.org', // here your email username
-	'smtp_pass' => '',
-	'smtp_secure' => '', // What kind of encryption to use on the SMTP connection. Options: '', 'ssl' (GMail) or 'tls' (Microsoft Outlook)
-	'smtp_debug' => false, // set true to debug (you will see more info in error.log)
-
-	//
-	'generate_new_reckey' => true,				// let player generate new recovery key, he will receive e-mail with new rec key (not display on page, hacker can't generate rec key)
-	'generate_new_reckey_price' => 20,			// price for new recovery key
-	'send_mail_when_change_password' => true,	// send e-mail with new password when change password to account
-	'send_mail_when_generate_reckey' => true,	// send e-mail with rec key (key is displayed on page anyway when generate)
-
-	// you may need to adjust this for older tfs versions
-	// by removing Community Manager
-	'account_types' => [
-		'None',
-		'Normal',
-		'Tutor',
-		'Senior Tutor',
-		'Gamemaster',
-		'Community Manager',
-		'God',
-	],
-
-	// genders (aka sex)
-	'genders' => array(
-		0 => 'Female',
-		1 => 'Male'
-	),
-
-	// new character config
-	'character_samples' => array( // vocations, format: ID_of_vocation => 'Name of Character to copy'
-		//0 => 'Rook Sample',
-		1 => 'Sorcerer Sample',
-		2 => 'Druid Sample',
-		3 => 'Paladin Sample',
-		4 => 'Knight Sample'
-	),
-
-	'use_character_sample_skills' => false,
-
-	// it must show limited number of players after using search in character page
-	'characters_search_limit' => 15,
-
-	// town list used when creating character
-	// won't be displayed if there is only one item (rookgaard for example)
-	'character_towns' => array(1),
-
-	// characters length
-	// This is the minimum and the maximum length that a player can create a character. It is highly recommend the maximum length to be 21.
-	'character_name_min_length' => 4,
-	'character_name_max_length' => 21,
-	'character_name_npc_check' => true,
-
-	// list of towns
-	// if you use TFS 1.3 with support for 'towns' table in database, then you can ignore this - it will be configured automatically (from MySQL database - Table - towns)
-	// otherwise it will try to load from your .OTBM map file
-	// if you don't see towns on website, then you need to fill this out
-	'towns' => array(
-		0 => 'No town',
-		1 => 'Sample town'
-	),
-
-	// guilds
-	'guild_management' => true, // enable guild management system on the site?
-	'guild_need_level' => 1, // min. level to form a guild
-	'guild_need_premium' => true, // require premium account to form a guild?
-	'guild_image_size_kb' => 80, // maximum size of the guild logo image in KB (kilobytes)
-	'guild_description_default' => 'New guild. Leader must edit this text :)',
-	'guild_description_chars_limit' => 1000, // limit of guild description
-	'guild_description_lines_limit' => 6, // limit of lines, if description has more lines it will be showed as long text, without 'enters'
-	'guild_motd_chars_limit' => 150, // limit of MOTD (message of the day) that is shown later in the game on the guild channel
-
-	// online page
-	'online_record' => true, // display players record?
-	'online_vocations' => false, // display vocation statistics?
-	'online_vocations_images' => false, // display vocation images?
-	'online_skulls' => false, // display skull images
-	'online_outfit' => true,
-	'online_afk' => false,
-
-	// support list page
-	'team_style' => 2, // 1/2 (1 - normal table, 2 - in boxes, grouped by group id)
-	'team_display_status' => true,
-	'team_display_lastlogin' => true,
-	'team_display_world' => false,
-	'team_display_outfit' => true,
-
-	// bans page
-	'bans_per_page' => 20,
-
-	// highscores page
-	'highscores_vocation_box' => true, // show 'Choose a vocation' box on the highscores (allowing peoples to sort highscores by vocation)?
-	'highscores_vocation' => true, // show player vocation under his nickname?
-	'highscores_frags' => false, // show 'Frags' tab (best fraggers on the server)?
-	'highscores_balance' => false, // show 'Balance' tab (richest players on the server)
-	'highscores_outfit' => true, // show player outfit?
-	'highscores_country_box' => false, // doesnt work yet! (not implemented)
-	'highscores_groups_hidden' => 3, // this group id and higher won't be shown on the highscores
-	'highscores_ids_hidden' => array(0), // this ids of players will be hidden on the highscores (should be ids of samples)
-	'highscores_per_page' => 100, // how many records per page on highscores
-	'highscores_cache_ttl' => 15, // how often to update highscores from database in minutes (default 15 minutes)
-
-	// characters page
-	'characters' => array( // what things to display on character view page (true/false in each option)
-		'level' => true,
-		'experience' => false,
-		'magic_level' => false,
-		'balance' => false,
-		'marriage_info' => true, // only 0.3
-		'outfit' => true,
-		'creation_date' => true,
-		'quests' => true,
-		'skills' => true,
-		'equipment' => true,
-		'frags' => false,
-		'deleted' => false, // should deleted characters from same account be still listed on the list of characters? When enabled it will show that character is "[DELETED]"
-	),
-	'quests' => array(
-		//'Some Quest' => 123,
-		//'Some Quest Two' => 456,
-	), // quests list (displayed in character view), name => storage
-	'signature_enabled' => true,
-	'signature_type' => 'tibian', // signature engine to use: tibian, mango, gesior
-	'signature_cache_time' => 5, // how long to store cached file (in minutes), default 5 minutes
-	'signature_browser_cache' => 60, // how long to cache by browser (in minutes), default 1 hour
-
-	// news page
-	'news_limit' => 5, // limit of news on the latest news page
-	'news_ticker_limit' => 5, // limit of news in tickers (mini news) (0 to disable)
-	'news_date_format' => 'j.n.Y', // check php manual date() function for more info about this
-	'news_author' => true, // show author of the news
-
-	// gifts/shop system
-	'gifts_system' => false,
-
-	// support/system
-	'bug_report' => true, // this configurable has no effect, its always enabled
-
-	// forum
-	'forum' => 'site', // link to the server forum, set to "site" if you want to use build in forum system, otherwise leave empty if you aren't going to use any forum
-	'forum_level_required' => 0, // level required to post, 0 to disable
-	'forum_post_interval' => 30, // in seconds
-	'forum_posts_per_page' => 20,
-	'forum_threads_per_page' => 20,
-	// uncomment to force use table for forum
-	//'forum_table_prefix' => 'z_', // what forum mysql table to use, z_ (for gesior old forum) or myaac_ (for myaac)
-
-	// last kills
-	'last_kills_limit' => 50, // max. number of deaths shown on the last kills page
-
-	// status, took automatically from config file if empty
-	'status_enabled' => true, // you can disable status checking by settings this to "false"
-	'status_ip' => '',
-	'status_port' => '',
-	'status_timeout' => 2.0, // how long to wait for the initial response from the server (default: 2 seconds)
-
-	// how often to connect to server and update status (default: every minute)
-	// if your status timeout in config.lua is bigger, that it will be used instead
-	// when server is offline, it will be checked every time web refreshes, ignoring this variable
-	'status_interval' => 60,
-
-	// admin panel
-	'admin_plugins_manage_enable' => 'yes', // you can disable possibility to upload and uninstall plugins, for security
-	// enable support for plain php pages in admin panel, for security
-	// existing pages still will be working, so you need to delete them manually
-	'admin_pages_php_enable' => 'no',
-	'admin_panel_modules' => 'statistics,web_status,server_status,lastlogin,created,points,coins,balance',    // default - statistics,web_status,server_status,lastlogin,created,points,coins,balance
-
-	// other
-	'anonymous_usage_statistics' => true,
-	'email_lai_sec_interval' => 60, // time in seconds between e-mails to one account from lost account interface, block spam
-	'google_analytics_id' => '', // e.g.: UA-XXXXXXX-X
-	'experiencetable_columns' => 3, // how many columns to display in experience table page. * experiencetable_rows, 5 = 500 (will show up to 500 level)
-	'experiencetable_rows' => 200, // till how many levels in one column
-	'date_timezone' => 'Europe/Berlin', // more info at http://php.net/manual/en/timezones.php
-	'footer_show_load_time' => true, // display load time of the page in the footer
-
-	'npc' => array()
-);

index.php

@@ -56,22 +56,6 @@ if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|zip|rar|g
 	exit;
 }
 
-if(file_exists(BASE . 'config.local.php')) {
-	require_once BASE . 'config.local.php';
-}
-
-ini_set('log_errors', 1);
-if(config('env') === 'dev') {
-	ini_set('display_errors', 1);
-	ini_set('display_startup_errors', 1);
-	error_reporting(E_ALL);
-}
-else {
-	ini_set('display_errors', 0);
-	ini_set('display_startup_errors', 0);
-	error_reporting(E_ALL & ~E_DEPRECATED & ~E_STRICT);
-}
-
 if((!isset($config['installed']) || !$config['installed']) && file_exists(BASE . 'install'))
 {
 	header('Location: ' . BASE_URL . 'install/');
@@ -100,13 +84,11 @@ $twig->addGlobal('status', $status);
 
 require_once SYSTEM . 'router.php';
 
-require SYSTEM . 'migrate.php';
-
 $hooks->trigger(HOOK_STARTUP);
 
 // anonymous usage statistics
 // sent only when user agrees
-if(isset($config['anonymous_usage_statistics']) && $config['anonymous_usage_statistics']) {
+if(setting('core.anonymous_usage_statistics')) {
 	$report_time = 30 * 24 * 60 * 60; // report one time per 30 days
 	$should_report = true;
 
@@ -139,17 +121,16 @@ if(isset($config['anonymous_usage_statistics']) && $config['anonymous_usage_stat
 	}
 }
 
-if($config['views_counter'])
+if(setting('core.views_counter'))
 	require_once SYSTEM . 'counter.php';
 
-if($config['visitors_counter'])
-{
+if(setting('core.visitors_counter')) {
 	require_once SYSTEM . 'libs/visitors.php';
-	$visitors = new Visitors($config['visitors_counter_ttl']);
+	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
 }
 
 // backward support for gesior
-if($config['backward_support']) {
+if(setting('core.backward_support')) {
 	define('INITIALIZED', true);
 	$SQL = $db;
 	$layout_header = template_header();
@@ -165,7 +146,8 @@ if($config['backward_support']) {
 
 	$config['site'] = &$config;
 	$config['server'] = &$config['lua'];
-	$config['site']['shop_system'] = $config['gifts_system'];
+	$config['site']['shop_system'] = setting('core.gifts_system');
+	$config['site']['gallery_page'] = true;
 
 	if(!isset($config['vdarkborder']))
 		$config['vdarkborder'] = '#505050';
@@ -178,8 +160,9 @@ if($config['backward_support']) {
 	$config['site']['serverinfo_page'] = true;
 	$config['site']['screenshot_page'] = true;
 
-	if($config['forum'] != '')
-		$config['forum_link'] = (strtolower($config['forum']) === 'site' ? getLink('forum') : $config['forum']);
+	$forumSetting = setting('core.forum');
+	if($forumSetting != '')
+		$config['forum_link'] = (strtolower($forumSetting) === 'site' ? getLink('forum') : $forumSetting);
 
 	foreach($status as $key => $value)
 		$config['status']['serverStatus_' . $key] = $value;

install/includes/config.php

@@ -38,4 +38,3 @@ if(!isset($error) || !$error) {
 		$error = true;
 	}
 }
-?>

install/includes/schema.sql

@@ -1,4 +1,4 @@
-SET @myaac_database_version = 35;
+SET @myaac_database_version = 36;
 
 CREATE TABLE `myaac_account_actions`
 (
@@ -303,6 +303,16 @@ CREATE TABLE `myaac_gallery`
 
 INSERT INTO `myaac_gallery` (`id`, `ordering`, `comment`, `image`, `thumb`, `author`) VALUES (NULL, 1, 'Demon', 'images/gallery/demon.jpg', 'images/gallery/demon_thumb.gif', 'MyAAC');
 
+CREATE TABLE `myaac_settings`
+(
+	`id` int(11) NOT NULL AUTO_INCREMENT,
+	`name` VARCHAR(255) NOT NULL DEFAULT '',
+	`key` VARCHAR(255) NOT NULL DEFAULT '',
+	`value` TEXT NOT NULL,
+	PRIMARY KEY (`id`),
+	KEY `key` (`key`)
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
+
 CREATE TABLE `myaac_spells`
 (
 	`id` INT(11) NOT NULL AUTO_INCREMENT,

install/index.php

@@ -12,9 +12,7 @@ require SYSTEM . 'functions.php';
 require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 require SYSTEM . 'clients.conf.php';
-
-if(file_exists(BASE . 'config.local.php'))
-	require BASE . 'config.local.php';
+require LIBS . 'settings.php';
 
 // ignore undefined index from Twig autoloader
 $config['env'] = 'prod';
@@ -91,10 +89,6 @@ if($step == 'database') {
 				break;
 			}
 		}
-		else if($key == 'mail_admin' && !Validator::email($value)) {
-			$errors[] = $locale['step_config_mail_admin_error'];
-			break;
-		}
 		else if($key == 'timezone' && !in_array($value, DateTimeZone::listIdentifiers())) {
 			$errors[] = $locale['step_config_timezone_error'];
 			break;

install/steps/2-license.php

@@ -5,4 +5,3 @@ $twig->display('install.license.html.twig', array(
 	'license' => file_get_contents(BASE . 'LICENSE'),
 	'buttons' => next_buttons()
 ));
-?>

install/steps/4-config.php

@@ -18,4 +18,3 @@ $twig->display('install.config.html.twig', array(
 	'errors' => isset($errors) ? $errors : null,
 	'buttons' => next_buttons()
 ));
-?>

install/steps/5-database.php

@@ -11,16 +11,12 @@ if(!isset($_SESSION['var_server_path'])) {
 }
 
 if(!$error) {
-	$content = "<?php";
-	$content .= PHP_EOL;
-	$content .= '// place for your configuration directives, so you can later easily update myaac';
-	$content .= PHP_EOL;
-	$content .= '$config[\'installed\'] = true;';
-	$content .= PHP_EOL;
-	// by default, set env to prod
-	// user can disable when he wants
-	$content .= '$config[\'env\'] = \'prod\'; // dev or prod';
-	$content .= PHP_EOL;
+	$configToSave = [
+		// by default, set env to prod
+		// user can disable when he wants
+		'env' => 'prod',
+	];
+
 	foreach($_SESSION as $key => $value)
 	{
 		if(strpos($key, 'var_') !== false)
@@ -32,17 +28,14 @@ if(!$error) {
 					$value .= '/';
 			}
 
-			if($key === 'var_usage') {
-				$content .= '$config[\'anonymous_usage_statistics\'] = ' . ((int)$value == 1 ? 'true' : 'false') . ';';
-				$content .= PHP_EOL;
-			}
-			else if(!in_array($key, array('var_account', 'var_account_id', 'var_password', 'var_step', 'var_email', 'var_player_name'), true)) {
-				$content .= '$config[\'' . str_replace('var_', '', $key) . '\'] = \'' . $value . '\';';
-				$content .= PHP_EOL;
+			if(!in_array($key, ['var_usage', 'var_date_timezone', 'var_client', 'var_account', 'var_account_id', 'var_password', 'var_password_confirm', 'var_step', 'var_email', 'var_player_name'], true)) {
+				$configToSave[str_replace('var_', '', $key)] = $value;
 			}
 		}
 	}
 
+	$configToSave['cache_prefix'] = 'myaac_' . generateRandomString(8, true, false, true);
+
 	require BASE . 'install/includes/config.php';
 
 	if(!$error) {
@@ -79,31 +72,17 @@ if(!$error) {
 					'message' => $locale['loading_spinner']
 				));
 
-				if(!Validator::email($_SESSION['var_mail_admin'])) {
-					error($locale['step_config_mail_admin_error']);
-					$error = true;
-				}
-
-				$content .= '$config[\'session_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
-				$content .= PHP_EOL;
-				$content .= '$config[\'cache_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
-
-				$saved = true;
-				if(!$error) {
-					$saved = file_put_contents(BASE . 'config.local.php', $content);
-				}
-
+				$content = '';
+				$saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content);
 				if($saved) {
 					success($locale['step_database_config_saved']);
-					if(!$error) {
-						$_SESSION['saved'] = true;
-					}
+					$_SESSION['saved'] = true;
 				}
 				else {
 					$_SESSION['config_content'] = $content;
 					unset($_SESSION['saved']);
 
-					$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.local.php</b>', $locale['step_database_error_file']);
+					$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.php</b>', $locale['step_database_error_file']);
 					error($locale['step_database_error_file'] . '<br/>
 						<textarea cols="70" rows="10">' . $content . '</textarea>');
 				}

install/steps/7-finish.php

@@ -116,24 +116,44 @@ else {
 			}
 		}
 
+		$settings = Settings::getInstance();
+		foreach($_SESSION as $key => $value) {
+			if (in_array($key, ['var_usage', 'var_date_timezone', 'var_client'])) {
+				if ($key == 'var_usage') {
+					$key = 'anonymous_usage_statistics';
+					$value = ((int)$value == 1 ? 'true' : 'false');
+				} elseif ($key == 'var_date_timezone') {
+					$key = 'date_timezone';
+				} elseif ($key == 'var_client') {
+					$key = 'client';
+				}
+
+				$settings->updateInDatabase('core', $key, $value);
+			}
+		}
+		success('Settings saved.');
+
 		$twig->display('install.installer.html.twig', array(
 			'url' => 'tools/7-finish.php',
 			'message' => $locale['importing_spinner']
 		));
 
 		if(!isset($_SESSION['installed'])) {
-			$report_url = 'https://my-aac.org/report_install.php?v=' . MYAAC_VERSION . '&b=' . urlencode(BASE_URL);
-			if (function_exists('curl_version'))
-			{
-				$curl = curl_init();
-				curl_setopt($curl, CURLOPT_URL, $report_url);
-				curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
-				curl_exec($curl);
-				curl_close($curl);
-			}
-			else if (ini_get('allow_url_fopen') ) {
-				file_get_contents($report_url);
+			if (!array_key_exists('CI', getenv())) {
+				$report_url = 'https://my-aac.org/report_install.php?v=' . MYAAC_VERSION . '&b=' . urlencode(BASE_URL);
+				if (function_exists('curl_version'))
+				{
+					$curl = curl_init();
+					curl_setopt($curl, CURLOPT_URL, $report_url);
+					curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+					curl_exec($curl);
+					curl_close($curl);
+				}
+				else if (ini_get('allow_url_fopen') ) {
+					file_get_contents($report_url);
+				}
 			}
+
 			$_SESSION['installed'] = true;
 		}
 

install/tools/7-finish.php

@@ -11,11 +11,11 @@ ini_set('max_execution_time', 300);
 ob_implicit_flush();
 ob_end_flush();
 header('X-Accel-Buffering: no');
-
+/*
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
 	return;
-}
+}*/
 
 require SYSTEM . 'init.php';
 
@@ -51,13 +51,6 @@ DataLoader::load();
 
 // update config.highscores_ids_hidden
 require_once SYSTEM . 'migrations/20.php';
-$database_migration_20 = true;
-$content = '';
-if(!databaseMigration20($content)) {
-	$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.local.php</b>', $locale['step_database_error_file']);
-	warning($locale['step_database_error_file'] . '<br/>
-				<textarea cols="70" rows="10">' . $content . '</textarea>');
-}
 
 // add z_polls tables
 require_once SYSTEM . 'migrations/22.php';

login.php

@@ -1,7 +1,5 @@
 <?php
 require_once 'common.php';
-require_once 'config.php';
-require_once 'config.local.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
 require_once SYSTEM . 'status.php';

nginx-sample.conf

@@ -32,6 +32,6 @@ server {
 		include snippets/fastcgi-php.conf;
 		fastcgi_read_timeout 240;
 		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
-		# for ubuntu 22.04+ it will be php8.1-fpm.-sock
+		# for ubuntu 22.04+ it will be php8.1-fpm.sock
 	}
 }

plugins/example.json

@@ -39,5 +39,6 @@
 			"redirect_from": "/redirectExample",
 			"redirect_to": "account/manage"
 		}
-	}
+	},
+	"settings": "plugins/your-plugin-folder/settings.php"
  }

release.sh

@@ -22,7 +22,7 @@ if [ $1 = "prepare" ]; then
 	mkdir -p tmp
 
 	# get myaac from git archive
-	git archive --format zip --output tmp/myaac.zip 0.9
+	git archive --format zip --output tmp/myaac.zip develop
 
 	cd tmp/ || exit
 
@@ -38,7 +38,7 @@ if [ $1 = "prepare" ]; then
 	cd $dir || exit
 
 	# dependencies
-	composer install
+	composer install --no-dev
 
 	echo "Now you can make changes to $dir. When you are ready, type 'release.sh pack'"
 	exit

system/compat/classes.php

@@ -9,7 +9,30 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-class Player extends OTS_Player {}
-class Guild extends OTS_Guild {}
+class Account extends OTS_Account {
+	public function loadById($id) {
+		$this->load($id);
+	}
+	public function loadByName($name) {
+		$this->find($name);
+	}
+}
+
+class Player extends OTS_Player {
+	public function loadById($id) {
+		$this->load($id);
+	}
+	public function loadByName($name) {
+		$this->find($name);
+	}
+}
+class Guild extends OTS_Guild {
+	public function loadById($id) {
+		$this->load($id);
+	}
+	public function loadByName($name) {
+		$this->find($name);
+	}
+}
 class GuildRank extends OTS_GuildRank {}
 class House extends OTS_House {}

system/compat/config.php

@@ -0,0 +1,103 @@
+<?php
+
+$deprecatedConfig = [
+	'date_timezone',
+	'genders',
+	'template',
+	'template_allow_change',
+	'vocations_amount',
+	'vocations',
+	'client',
+	'session_prefix',
+	'friendly_urls',
+	'backward_support',
+	'charset',
+	'meta_description',
+	'meta_keywords',
+	'footer',
+	'database_encryption' => 'database_hash',
+	//'language',
+	'visitors_counter',
+	'visitors_counter_ttl',
+	'views_counter',
+	'outfit_images_url',
+	'outfit_images_wrong_looktypes',
+	'item_images_url',
+	'account_country',
+	'towns',
+	'quests',
+	'character_samples',
+	'character_towns',
+	'characters_per_account',
+	'characters_search_limit',
+	'news_author',
+	'news_limit',
+	'news_ticker_limit',
+	'news_date_format',
+	'highscores_groups_hidden',
+	'highscores_ids_hidden',
+	'online_record',
+	'online_vocations',
+	'online_vocations_images',
+	'online_skulls',
+	'online_outfit',
+	'online_afk',
+	'team_display_outfit' => 'team_outfit',
+	'team_display_status' => 'team_status',
+	'team_display_world' => 'team_world',
+	'team_display_lastlogin' => 'team_lastlogin',
+	'last_kills_limit',
+	'multiworld',
+	'forum',
+	'signature_enabled',
+	'signature_type',
+	'signature_cache_time',
+	'signature_browser_cache',
+	'gifts_system',
+	'status_enabled',
+	'status_ip',
+	'status_port',
+	'mail_enabled',
+	'account_login_by_email',
+	'account_login_by_email_fallback',
+	'account_mail_verify',
+	'account_create_character_create',
+	'account_change_character_name',
+	'account_change_character_name_points' => 'account_change_character_name_price',
+	'account_change_character_sex',
+	'account_change_character_sex_points' => 'account_change_character_name_price',
+];
+
+foreach ($deprecatedConfig as $key => $value) {
+	config(
+		[
+			(is_string($key) ? $key : $value),
+			setting('core.'.$value)
+		]
+	);
+
+	//var_dump($settings['core.'.$value]['value']);
+}
+
+$deprecatedConfigCharacters = [
+	'level',
+	'experience',
+	'magic_level',
+	'balance',
+	'marriage_info' => 'marriage',
+	'outfit',
+	'creation_date',
+	'quests',
+	'skills',
+	'equipment',
+	'frags',
+	'deleted',
+];
+
+$tmp = [];
+foreach ($deprecatedConfigCharacters as $key => $value) {
+	$tmp[(is_string($key) ? $key : $value)] = setting('core.characters_'.$value);
+}
+
+config(['characters', $tmp]);
+unset($tmp);

system/compat/pages.php

@@ -10,6 +10,10 @@
 defined('MYAAC') or die('Direct access not allowed!');
 switch($page)
 {
+	case 'adminpanel':
+		header('Location: ' . ADMIN_URL);
+		die;
+
 	case 'createaccount':
 		$page = 'account/create';
 		break;
@@ -30,6 +34,7 @@ switch($page)
 		$page = 'news';
 		break;
 
+	case 'archive':
 	case 'newsarchive':
 		$page = 'news/archive';
 		break;

system/counter.php

@@ -51,4 +51,3 @@ else
 		updateDatabaseConfig('views_counter', $views_counter); // update counter
 	}
 }
-?>

system/database.php

@@ -9,7 +9,11 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-if(!isset($config['database_user'][0], $config['database_password'][0], $config['database_name'][0]))
+if (!isset($config['database_overwrite'])) {
+	$config['database_overwrite'] = false;
+}
+
+if(!$config['database_overwrite'] && !isset($config['database_user'][0], $config['database_password'][0], $config['database_name'][0]))
 {
 	if(isset($config['lua']['sqlType'])) {// tfs 0.3
 		if(isset($config['lua']['mysqlHost'])) {// tfs 0.2
@@ -116,4 +120,4 @@ catch(PDOException $error) {
 			'<li>MySQL is not configured propertly in <i>config.lua</i>.</li>' .
 			'<li>MySQL server is not running.</li>' .
 		'</ul>' . $error->getMessage());
-}
+}

system/functions.php

@@ -32,55 +32,49 @@ function message($message, $type, $return)
 	return true;
 }
 function success($message, $return = false) {
-    return message($message, 'success', $return);
+	return message($message, 'success', $return);
 }
 function warning($message, $return = false) {
-    return message($message, 'warning', $return);
+	return message($message, 'warning', $return);
 }
 function note($message, $return = false) {
-    return message($message, 'note', $return);
+	return message($message, 'note', $return);
 }
 function error($message, $return = false) {
-    return message($message, ((defined('MYAAC_INSTALL') || defined('MYAAC_ADMIN')) ? 'danger' : 'error'), $return);
+	return message($message, ((defined('MYAAC_INSTALL') || defined('MYAAC_ADMIN')) ? 'danger' : 'error'), $return);
 }
 
-function longToIp($ip)
+function longToIp($ip): string
 {
 	$exp = explode(".", long2ip($ip));
 	return $exp[3].".".$exp[2].".".$exp[1].".".$exp[0];
 }
 
-function generateLink($url, $name, $blank = false) {
+function generateLink($url, $name, $blank = false): string {
 	return '<a href="' . $url . '"' . ($blank ? ' target="_blank"' : '') . '>' . $name . '</a>';
 }
 
-function getFullLink($page, $name, $blank = false) {
+function getFullLink($page, $name, $blank = false): string {
 	return generateLink(getLink($page), $name, $blank);
 }
 
-function getLink($page, $action = null)
-{
-	global $config;
-	return BASE_URL . ($config['friendly_urls'] ? '' : 'index.php/') . $page . ($action ? '/' . $action : '');
+function getLink($page, $action = null): string {
+	return BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . $page . ($action ? '/' . $action : '');
 }
-function internalLayoutLink($page, $action = null) {return getLink($page, $action);}
-
-function getForumThreadLink($thread_id, $page = NULL)
-{
-	global $config;
-	return BASE_URL . ($config['friendly_urls'] ? '' : 'index.php/') . 'forum/thread/' . (int)$thread_id . (isset($page) ? '/' . $page : '');
+function internalLayoutLink($page, $action = null): string {
+	return getLink($page, $action);
 }
 
-function getForumBoardLink($board_id, $page = NULL)
-{
-	global $config;
-	return BASE_URL . ($config['friendly_urls'] ? '' : 'index.php/') . 'forum/board/' . (int)$board_id . (isset($page) ? '/' . $page : '');
+function getForumThreadLink($thread_id, $page = NULL): string {
+	return BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'forum/thread/' . (int)$thread_id . (isset($page) ? '/' . $page : '');
 }
 
-function getPlayerLink($name, $generate = true)
-{
-	global $config;
+function getForumBoardLink($board_id, $page = NULL): string {
+	return BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'forum/board/' . (int)$board_id . (isset($page) ? '/' . $page : '');
+}
 
+function getPlayerLink($name, $generate = true): string
+{
 	if(is_numeric($name))
 	{
 		$player = new OTS_Player();
@@ -89,25 +83,23 @@ function getPlayerLink($name, $generate = true)
 			$name = $player->getName();
 	}
 
-	$url = BASE_URL . ($config['friendly_urls'] ? '' : 'index.php/') . 'characters/' . urlencode($name);
+	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'characters/' . urlencode($name);
 
 	if(!$generate) return $url;
 	return generateLink($url, $name);
 }
 
-function getMonsterLink($name, $generate = true)
+function getMonsterLink($name, $generate = true): string
 {
-	global $config;
-
-	$url = BASE_URL . ($config['friendly_urls'] ? '' : 'index.php/') . 'creatures/' . urlencode($name);
+	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'creatures/' . urlencode($name);
 
 	if(!$generate) return $url;
 	return generateLink($url, $name);
 }
 
-function getHouseLink($name, $generate = true)
+function getHouseLink($name, $generate = true): string
 {
-	global $db, $config;
+	global $db;
 
 	if(is_numeric($name))
 	{
@@ -117,16 +109,14 @@ function getHouseLink($name, $generate = true)
 			$name = $house->fetchColumn();
 	}
 
-	$url = BASE_URL . ($config['friendly_urls'] ? '' : 'index.php/') . 'houses/' . urlencode($name);
+	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'houses/' . urlencode($name);
 
 	if(!$generate) return $url;
 	return generateLink($url, $name);
 }
 
-function getGuildLink($name, $generate = true)
+function getGuildLink($name, $generate = true): string
 {
-	global $config;
-
 	if(is_numeric($name)) {
 		$name = getGuildNameById($name);
 		if ($name === false) {
@@ -134,7 +124,7 @@ function getGuildLink($name, $generate = true)
 		}
 	}
 
-	$url = BASE_URL . ($config['friendly_urls'] ? '' : 'index.php/') . 'guilds/' . urlencode($name);
+	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'guilds/' . urlencode($name);
 
 	if(!$generate) return $url;
 	return generateLink($url, $name);
@@ -180,7 +170,7 @@ function getItemRarity($chance) {
 	return '';
 }
 
-function getFlagImage($country)
+function getFlagImage($country): string
 {
 	if(!isset($country[0]))
 		return '';
@@ -202,7 +192,7 @@ function getFlagImage($country)
  * @param mixed $v Variable to check.
  * @return bool Value boolean status.
  */
-function getBoolean($v)
+function getBoolean($v): bool
 {
 	if(is_bool($v)) {
 		return $v;
@@ -225,7 +215,7 @@ function getBoolean($v)
  * @param bool $special Should special characters by used?
  * @return string Generated string.
  */
-function generateRandomString($length, $lowCase = true, $upCase = false, $numeric = false, $special = false)
+function generateRandomString($length, $lowCase = true, $upCase = false, $numeric = false, $special = false): string
 {
 	$characters = '';
 	if($lowCase)
@@ -465,7 +455,7 @@ function tickers()
  * Types: head_start, head_end, body_start, body_end, center_top
  *
  */
-function template_place_holder($type)
+function template_place_holder($type): string
 {
 	global $twig, $template_place_holders;
 	$ret = '';
@@ -489,7 +479,7 @@ function template_place_holder($type)
 /**
  * Returns <head> content to be used by templates.
  */
-function template_header($is_admin = false)
+function template_header($is_admin = false): string
 {
 	global $title_full, $config, $twig;
 	$charset = isset($config['charset']) ? $config['charset'] : 'utf-8';
@@ -506,29 +496,32 @@ function template_header($is_admin = false)
 /**
  * Returns footer content to be used by templates.
  */
-function template_footer()
+function template_footer(): string
 {
-	global $config, $views_counter;
+	global $views_counter;
 	$ret = '';
-	if(admin())
+	if(admin()) {
 		$ret .= generateLink(ADMIN_URL, 'Admin Panel', true);
+	}
 
-	if($config['visitors_counter'])
-	{
+	if(setting('core.visitors_counter')) {
 		global $visitors;
 		$amount = $visitors->getAmountVisitors();
 		$ret .= '<br/>Currently there ' . ($amount > 1 ? 'are' : 'is') . ' ' . $amount . ' visitor' . ($amount > 1 ? 's' : '') . '.';
 	}
 
-	if($config['views_counter'])
+	if(setting('core.views_counter')) {
 		$ret .= '<br/>Page has been viewed ' . $views_counter . ' times.';
+	}
 
-	if(config('footer_show_load_time')) {
+	if(setting('core.footer_load_time')) {
 		$ret .= '<br/>Load time: ' . round(microtime(true) - START_TIME, 4) . ' seconds.';
 	}
 
-	if(isset($config['footer'][0]))
-		$ret .= '<br/>' . $config['footer'];
+	$settingFooter = setting('core.footer');
+	if(isset($settingFooter[0])) {
+		$ret .= '<br/>' . $settingFooter;
+	}
 
 	// please respect my work and help spreading the word, thanks!
 	return $ret . '<br/>' . base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4=');
@@ -536,8 +529,8 @@ function template_footer()
 
 function template_ga_code()
 {
-	global $config, $twig;
-	if(!isset($config['google_analytics_id'][0]))
+	global $twig;
+	if(!isset(setting('core.google_analytics_id')[0]))
 		return '';
 
 	return $twig->render('google_analytics.html.twig');
@@ -822,7 +815,7 @@ function getWorldName($id)
 
 /**
  * Mailing users.
- * $config['mail_enabled'] have to be enabled.
+ * Mailing has to be enabled in settings (in Admin Panel).
  *
  * @param string $to Recipient email address.
  * @param string $subject Subject of the message.
@@ -834,8 +827,9 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 {
 	global $mailer, $config;
 
-	if (!config('mail_enabled')) {
-		log_append('mailer-error.log', '_mail() function has been used, but config.mail_enabled is disabled.');
+	if (!setting('core.mail_enabled')) {
+		log_append('mailer-error.log', '_mail() function has been used, but Mail Support is disabled.');
+		return false;
 	}
 
 	if(!$mailer)
@@ -847,47 +841,60 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 		$mailer->clearAllRecipients();
 	}
 
-	$signature_html = '';
-	if(isset($config['mail_signature']['html']))
-		$signature_html = $config['mail_signature']['html'];
-
+	$signature_html = setting('core.mail_signature_html');
 	if($add_html_tags && isset($body[0]))
 		$tmp_body = '<html><head></head><body>' . $body . '<br/><br/>' . $signature_html . '</body></html>';
 	else
 		$tmp_body = $body . '<br/><br/>' . $signature_html;
 
-	if($config['smtp_enabled'])
+	define('MAIL_MAIL', 0);
+	define('MAIL_SMTP', 1);
+
+	$mailOption = setting('core.mail_option');
+	if($mailOption == MAIL_SMTP)
 	{
 		$mailer->isSMTP();
-		$mailer->Host = $config['smtp_host'];
-		$mailer->Port = (int)$config['smtp_port'];
-		$mailer->SMTPAuth = $config['smtp_auth'];
-		$mailer->Username = $config['smtp_user'];
-		$mailer->Password = $config['smtp_pass'];
-		$mailer->SMTPSecure = isset($config['smtp_secure']) ? $config['smtp_secure'] : '';
+		$mailer->Host = setting('core.smtp_host');
+		$mailer->Port = setting('core.smtp_port');
+		$mailer->SMTPAuth = setting('core.smtp_auth');
+		$mailer->Username = setting('core.smtp_user');
+		$mailer->Password = setting('core.smtp_pass');
+
+		define('SMTP_SECURITY_NONE', 0);
+		define('SMTP_SECURITY_SSL', 1);
+		define('SMTP_SECURITY_TLS', 2);
+
+		$security = setting('core.smtp_security');
+
+		$tmp = '';
+		if ($security === SMTP_SECURITY_SSL) {
+			$tmp = 'ssl';
+		}
+		else if ($security == SMTP_SECURITY_TLS) {
+			$tmp = 'tls';
+		}
+
+		$mailer->SMTPSecure = $tmp;
 	}
 	else {
 		$mailer->isMail();
 	}
 
 	$mailer->isHTML(isset($body[0]) > 0);
-	$mailer->From = $config['mail_address'];
-	$mailer->Sender = $config['mail_address'];
+	$mailer->From = setting('core.mail_address');
+	$mailer->Sender = setting('core.mail_address');
 	$mailer->CharSet = 'utf-8';
 	$mailer->FromName = $config['lua']['serverName'];
 	$mailer->Subject = $subject;
 	$mailer->addAddress($to);
 	$mailer->Body = $tmp_body;
 
-	if(config('smtp_debug')) {
+	if(setting('core.smtp_debug')) {
 		$mailer->SMTPDebug = 2;
 		$mailer->Debugoutput = 'echo';
 	}
 
-	$signature_plain = '';
-	if(isset($config['mail_signature']['plain']))
-		$signature_plain = $config['mail_signature']['plain'];
-
+	$signature_plain = setting('core.mail_signature_plain');
 	if(isset($altBody[0])) {
 		$mailer->AltBody = $altBody . $signature_plain;
 	}
@@ -929,8 +936,8 @@ function load_config_lua($filename)
 	$config_file = $filename;
 	if(!@file_exists($config_file))
 	{
-		log_append('error.log', '[load_config_file] Fatal error: Cannot load config.lua (' . $filename . '). Error: ' . print_r(error_get_last(), true));
-		throw new RuntimeException('ERROR: Cannot find ' . $filename . ' file. More info in system/logs/error.log');
+		log_append('error.log', '[load_config_file] Fatal error: Cannot load config.lua (' . $filename . ').');
+		throw new RuntimeException('ERROR: Cannot find ' . $filename . ' file.');
 	}
 
 	$result = array();
@@ -1047,7 +1054,7 @@ function getTopPlayers($limit = 5) {
 			$deleted = 'deletion';
 
 		$is_tfs10 = $db->hasTable('players_online');
-		$players = $db->query('SELECT `id`, `name`, `level`, `vocation`, `experience`, `looktype`' . ($db->hasColumn('players', 'lookaddons') ? ', `lookaddons`' : '') . ', `lookhead`, `lookbody`, `looklegs`, `lookfeet`' . ($is_tfs10 ? '' : ', `online`') . ' FROM `players` WHERE `group_id` < ' . config('highscores_groups_hidden') . ' AND `id` NOT IN (' . implode(', ', config('highscores_ids_hidden')) . ') AND `' . $deleted . '` = 0 AND `account_id` != 1 ORDER BY `experience` DESC LIMIT ' . (int)$limit)->fetchAll();
+		$players = $db->query('SELECT `id`, `name`, `level`, `vocation`, `experience`, `looktype`' . ($db->hasColumn('players', 'lookaddons') ? ', `lookaddons`' : '') . ', `lookhead`, `lookbody`, `looklegs`, `lookfeet`' . ($is_tfs10 ? '' : ', `online`') . ' FROM `players` WHERE `group_id` < ' . setting('core.highscores_groups_hidden') . ' AND `id` NOT IN (' . implode(', ', setting('core.highscores_ids_hidden')) . ') AND `' . $deleted . '` = 0 AND `account_id` != 1 ORDER BY `experience` DESC LIMIT ' . (int)$limit)->fetchAll();
 
 		if($is_tfs10) {
 			foreach($players as &$player) {
@@ -1100,6 +1107,9 @@ function deleteDirectory($dir, $ignore = array(), $contentOnly = false) {
 function config($key) {
 	global $config;
 	if (is_array($key)) {
+		if (is_null($key[1])) {
+			unset($config[$key[0]]);
+		}
 		return $config[$key[0]] = $key[1];
 	}
 
@@ -1115,6 +1125,21 @@ function configLua($key) {
 	return @$config['lua'][$key];
 }
 
+function setting($key)
+{
+	$settings = Settings::getInstance();
+
+	if (is_array($key)) {
+		if (is_null($key[1])) {
+			unset($settings[$key[0]]);
+		}
+
+		return $settings[$key[0]] = $key[1];
+	}
+
+	return $settings[$key]['value'];
+}
+
 function clearCache()
 {
 	require_once LIBS . 'news.php';
@@ -1483,8 +1508,8 @@ function right($str, $length) {
 }
 
 function getCreatureImgPath($creature){
-	$creature_path = config('creatures_images_url');
-	$creature_gfx_name = trim(strtolower($creature)) . config('creatures_images_extension');
+	$creature_path = config('monsters_images_url');
+	$creature_gfx_name = trim(strtolower($creature)) . config('monsters_images_extension');
 	if (!file_exists($creature_path . $creature_gfx_name)) {
 		$creature_gfx_name = str_replace(" ", "", $creature_gfx_name);
 		if (file_exists($creature_path . $creature_gfx_name)) {
@@ -1580,6 +1605,14 @@ function getGuildLogoById($id)
 	return BASE_URL . GUILD_IMAGES_DIR . $logo;
 }
 
+function displayErrorBoxWithBackButton($errors, $action = null) {
+	global $twig;
+	$twig->display('error_box.html.twig', ['errors' => $errors]);
+	$twig->display('account.back_button.html.twig', [
+		'action' => $action ?: getLink('')
+	]);
+}
+
 // validator functions
 require_once LIBS . 'validator.php';
 require_once SYSTEM . 'compat/base.php';

system/hooks.php

@@ -69,6 +69,10 @@ define('HOOK_ADMIN_LOGIN_AFTER_PASSWORD', ++$i);
 define('HOOK_ADMIN_LOGIN_AFTER_SIGN_IN', ++$i);
 define('HOOK_ADMIN_ACCOUNTS_SAVE_POST', ++$i);
 define('HOOK_EMAIL_CONFIRMED', ++$i);
+define('HOOK_GUILDS_BEFORE_GUILD_HEADER', ++$i);
+define('HOOK_GUILDS_AFTER_GUILD_HEADER', ++$i);
+define('HOOK_GUILDS_AFTER_GUILD_INFORMATION', ++$i);
+define('HOOK_GUILDS_AFTER_GUILD_MEMBERS', ++$i);
 define('HOOK_GUILDS_AFTER_INVITED_CHARACTERS', ++$i);
 
 const HOOK_FIRST = HOOK_STARTUP;

system/init.php

@@ -9,11 +9,6 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-// load configuration
-require_once BASE . 'config.php';
-if(file_exists(BASE . 'config.local.php')) // user customizations
-	require BASE . 'config.local.php';
-
 if(!isset($config['installed']) || !$config['installed']) {
 	throw new RuntimeException('MyAAC has not been installed yet or there was error during installation. Please install again.');
 }
@@ -22,13 +17,16 @@ if(config('env') === 'dev') {
 	require SYSTEM . 'exception.php';
 }
 
-date_default_timezone_set($config['date_timezone']);
+if(empty($config['server_path'])) {
+	throw new RuntimeException('Server Path has been not set. Go to config.php and set it.');
+}
+
 // take care of trailing slash at the end
 if($config['server_path'][strlen($config['server_path']) - 1] !== '/')
 	$config['server_path'] .= '/';
 
 // enable gzip compression if supported by the browser
-if($config['gzip_output'] && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false && function_exists('ob_gzhandler'))
+if(isset($config['gzip_output']) && $config['gzip_output'] && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false && function_exists('ob_gzhandler'))
 	ob_start('ob_gzhandler');
 
 // cache
@@ -96,9 +94,6 @@ if(isset($config['lua']['servername']))
 if(isset($config['lua']['houserentperiod']))
 	$config['lua']['houseRentPeriod'] = $config['lua']['houserentperiod'];
 
-if($config['item_images_url'][strlen($config['item_images_url']) - 1] !== '/')
-	$config['item_images_url'] .= '/';
-
 // localize data/ directory based on data directory set in config.lua
 foreach(array('dataDirectory', 'data_directory', 'datadir') as $key) {
 	if(!isset($config['lua'][$key][0])) {
@@ -122,51 +117,34 @@ if(!isset($foundValue)) {
 $config['data_path'] = $foundValue;
 unset($foundValue);
 
-// new config values for compability
-if(!isset($config['highscores_ids_hidden']) || count($config['highscores_ids_hidden']) == 0) {
-	$config['highscores_ids_hidden'] = array(0);
-}
-
-$config['account_create_character_create'] = config('account_create_character_create') && (!config('mail_enabled') || !config('account_mail_verify'));
-
 // POT
 require_once SYSTEM . 'libs/pot/OTS.php';
 $ots = POT::getInstance();
 require_once SYSTEM . 'database.php';
 
+// execute migrations
+require SYSTEM . 'migrate.php';
+
+// settings
+require_once LIBS . 'Settings.php';
+$settings = Settings::getInstance();
+$settings->load();
+
+// deprecated config values
+require_once SYSTEM . 'compat/config.php';
+
+date_default_timezone_set(setting('core.date_timezone'));
+
+$config['account_create_character_create'] = config('account_create_character_create') && (!setting('core.mail_enabled') || !config('account_mail_verify'));
+
+$settingsItemImagesURL = setting('core.item_images_url');
+if($settingsItemImagesURL[strlen($settingsItemImagesURL) - 1] !== '/') {
+	setting(['core.item_images_url', $settingsItemImagesURL . '/']);
+}
+
 define('USE_ACCOUNT_NAME', $db->hasColumn('accounts', 'name'));
 define('USE_ACCOUNT_NUMBER', $db->hasColumn('accounts', 'number'));
 define('USE_ACCOUNT_SALT', $db->hasColumn('accounts', 'salt'));
 
-// load vocation names
-$tmp = '';
-if($cache->enabled() && $cache->fetch('vocations', $tmp)) {
-	$config['vocations'] = unserialize($tmp);
-}
-else {
-	if(!class_exists('DOMDocument')) {
-		throw new RuntimeException('Please install PHP xml extension. MyAAC will not work without it.');
-	}
-
-	$vocations = new DOMDocument();
-	$file = $config['data_path'] . 'XML/vocations.xml';
-	if(!@file_exists($file))
-		$file = $config['data_path'] . 'vocations.xml';
-
-	if(!$vocations->load($file))
-		throw new RuntimeException('ERROR: Cannot load <i>vocations.xml</i> - the file is malformed. Check the file with xml syntax validator.');
-
-	$config['vocations'] = array();
-	foreach($vocations->getElementsByTagName('vocation') as $vocation) {
-		$id = $vocation->getAttribute('id');
-		$config['vocations'][$id] = $vocation->getAttribute('name');
-	}
-
-	if($cache->enabled()) {
-		$cache->set('vocations', serialize($config['vocations']), 120);
-	}
-}
-unset($tmp, $id, $vocation);
-
 require LIBS . 'Towns.php';
 Towns::load();

system/item.php

@@ -58,4 +58,3 @@ function outputItem($id = 100, $count = 1)
 	$file_name = Items_Images::$outputDir . $file_name . '.gif';
 	readfile($file_name);
 }
-?>

system/libs/CreateCharacter.php

@@ -18,8 +18,8 @@ class CreateCharacter
 	 */
 	public function checkName($name, &$errors)
 	{
-		$minLength = config('character_name_min_length');
-		$maxLength = config('character_name_max_length');
+		$minLength = setting('core.create_character_name_min_length');
+		$maxLength = setting('core.create_character_name_max_length');
 
 		if(empty($name)) {
 			$errors['name'] = 'Please enter a name for your character!';
@@ -138,7 +138,7 @@ class CreateCharacter
 
 		if(empty($errors))
 		{
-			$number_of_players_on_account = $account->getPlayersList(false)->count();
+			$number_of_players_on_account = $account->getPlayersList(true)->count();
 			if($number_of_players_on_account >= config('characters_per_account'))
 				$errors[] = 'You have too many characters on your account <b>('.$number_of_players_on_account.'/'.config('characters_per_account').')</b>!';
 		}
@@ -149,7 +149,7 @@ class CreateCharacter
 			$char_to_copy = new OTS_Player();
 			$char_to_copy->find($char_to_copy_name);
 			if(!$char_to_copy->isLoaded())
-				$errors[] = 'Wrong characters configuration. Try again or contact with admin. ADMIN: Edit file config.php and set valid characters to copy names. Character to copy: <b>'.$char_to_copy_name.'</b> doesn\'t exist.';
+				$errors[] = 'Wrong characters configuration. Try again or contact with admin. ADMIN: Go to Admin Panel -> Settings -> Create Character and set valid characters to copy names. Character to copy: <b>'.$char_to_copy_name.'</b> doesn\'t exist.';
 		}
 
 		if(!empty($errors)) {
@@ -195,7 +195,7 @@ class CreateCharacter
 
 		for($skill = POT::SKILL_FIRST; $skill <= POT::SKILL_LAST; $skill++) {
 			$value = 10;
-			if (config('use_character_sample_skills')) {
+			if (setting('core.use_character_sample_skills')) {
 				$value = $char_to_copy->getSkill($skill);
 			}
 
@@ -239,14 +239,14 @@ class CreateCharacter
 		}
 
 		if($db->hasTable('player_skills')) {
-			for($i=0; $i<7; $i++) {
+			for($skill = POT::SKILL_FIRST; $skill <= POT::SKILL_LAST; $skill++) {
 				$value = 10;
-				if (config('use_character_sample_skills')) {
-					$value = $char_to_copy->getSkill($i);
+				if (setting('core.use_character_sample_skills')) {
+					$value = $char_to_copy->getSkill($skill);
 				}
-				$skillExists = $db->query('SELECT `skillid` FROM `player_skills` WHERE `player_id` = ' . $player->getId() . ' AND `skillid` = ' . $i);
+				$skillExists = $db->query('SELECT `skillid` FROM `player_skills` WHERE `player_id` = ' . $player->getId() . ' AND `skillid` = ' . $skill);
 				if($skillExists->rowCount() <= 0) {
-					$db->query('INSERT INTO `player_skills` (`player_id`, `skillid`, `value`, `count`) VALUES ('.$player->getId().', '.$i.', ' . $value . ', 0)');
+					$db->query('INSERT INTO `player_skills` (`player_id`, `skillid`, `value`, `count`) VALUES ('.$player->getId().', '.$skill.', ' . $value . ', 0)');
 				}
 			}
 		}

system/libs/Settings.php

@@ -0,0 +1,598 @@
+<?php
+/**
+ * CreateCharacter
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2020 MyAAC
+ * @link      https://my-aac.org
+ */
+
+class Settings implements ArrayAccess
+{
+	static private $instance;
+	private $settingsFile = [];
+	private $settingsDatabase = [];
+	private $cache = [];
+	private $valuesAsked = [];
+	private $errors = [];
+
+	/**
+	 * @return Settings
+	 */
+	public static function getInstance(): Settings
+	{
+		if (!self::$instance) {
+			self::$instance = new self();
+		}
+
+		return self::$instance;
+	}
+
+	public function load()
+	{
+		$cache = Cache::getInstance();
+		if ($cache->enabled()) {
+			$tmp = '';
+			if ($cache->fetch('settings', $tmp)) {
+				$this->settingsDatabase = unserialize($tmp);
+				return;
+			}
+		}
+
+		global $db;
+		$settings = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'settings`');
+
+		if($settings->rowCount() > 0) {
+			foreach ($settings->fetchAll(PDO::FETCH_ASSOC) as $setting) {
+				$this->settingsDatabase[$setting['name']][$setting['key']] = $setting['value'];
+			}
+		}
+
+		if ($cache->enabled()) {
+			$cache->set('settings', serialize($this->settingsDatabase), 600);
+		}
+	}
+
+	public function save($pluginName, $values) {
+		global $db;
+
+		if (!isset($this->settingsFile[$pluginName])) {
+			throw new RuntimeException('Error on save settings: plugin does not exist');
+		}
+
+		$settings = $this->settingsFile[$pluginName];
+		if (isset($settings['callbacks']['beforeSave'])) {
+			if (!$settings['callbacks']['beforeSave']($settings, $values)) {
+				return false;
+			}
+		}
+
+		$this->errors = [];
+		$db->query('DELETE FROM `' . TABLE_PREFIX . 'settings` WHERE `name` = ' . $db->quote($pluginName) . ';');
+		foreach ($values as $key => $value) {
+			$errorMessage = '';
+			if (isset($settings['settings'][$key]['callbacks']['beforeSave']) && !$settings['settings'][$key]['callbacks']['beforeSave']($key, $value, $errorMessage)) {
+				$this->errors[] = $errorMessage;
+				continue;
+			}
+
+			try {
+				$db->insert(TABLE_PREFIX . 'settings', ['name' => $pluginName, 'key' => $key, 'value' => $value]);
+			} catch (PDOException $error) {
+				$this->errors[] = 'Error while saving setting (' . $pluginName . ' - ' . $key . '): ' . $error->getMessage();
+			}
+		}
+
+		$cache = Cache::getInstance();
+		if ($cache->enabled()) {
+			$cache->delete('settings');
+		}
+
+		return true;
+	}
+
+	public function updateInDatabase($pluginName, $key, $value)
+	{
+		global $db;
+		$db->update(TABLE_PREFIX . 'settings', ['value' => $value], ['name' => $pluginName, 'key' => $key]);
+	}
+
+	public function deleteFromDatabase($pluginName, $key = null)
+	{
+		global $db;
+
+		if (!isset($key)) {
+			$db->delete(TABLE_PREFIX . 'settings', ['name' => $pluginName], -1);
+		}
+		else {
+			$db->delete(TABLE_PREFIX . 'settings', ['name' => $pluginName, 'key' => $key]);
+		}
+	}
+
+	public static function display($plugin, $settings): array
+	{
+		global $db;
+
+		$query = 'SELECT `key`, `value` FROM `' . TABLE_PREFIX . 'settings` WHERE `name` = ' . $db->quote($plugin) . ';';
+		$query = $db->query($query);
+
+		$settingsDb = [];
+		if($query->rowCount() > 0) {
+			foreach($query->fetchAll(PDO::FETCH_ASSOC) as $value) {
+				$settingsDb[$value['key']] = $value['value'];
+			}
+		}
+
+		$config = [];
+		require BASE . 'config.local.php';
+
+		foreach ($config as $key => $value) {
+			if (is_bool($value)) {
+				$settingsDb[$key] = $value ? 'true' : 'false';
+			}
+			else {
+				$settingsDb[$key] = (string)$value;
+			}
+		}
+
+		$javascript = '';
+		ob_start();
+		?>
+		<ul class="nav nav-tabs" id="myTab">
+			<?php
+			$i = 0;
+			foreach($settings as $setting) {
+				if (isset($setting['script'])) {
+					$javascript .= $setting['script'] . PHP_EOL;
+				}
+
+				if ($setting['type'] === 'category') {
+					?>
+					<li class="nav-item">
+						<a class="nav-link<?= ($i === 0 ? ' active' : ''); ?>" id="home-tab-<?= $i++; ?>" data-toggle="tab" href="#tab-<?= str_replace(' ', '', $setting['title']); ?>" type="button"><?= $setting['title']; ?></a>
+					</li>
+					<?php
+				}
+			}
+			?>
+		</ul>
+		<div class="tab-content" id="tab-content">
+			<?php
+
+			$checkbox = function ($key, $type, $value) {
+				echo '<label><input type="radio" id="' . $key . '_' . ($type ? 'yes' : 'no') . '" name="settings[' . $key . ']" value="' . ($type ? 'true' : 'false') . '" ' . ($value === $type ? 'checked' : '') . '/>' . ($type ? 'Yes' : 'No') . '</label> ';
+			};
+
+			$i = 0;
+			$j = 0;
+			foreach($settings as $key => $setting) {
+				if ($setting['type'] === 'category') {
+					if ($j++ !== 0) { // close previous category
+						echo '</tbody></table></div>';
+					}
+				?>
+				<div class="tab-pane fade show<?= ($j === 1 ? ' active' : ''); ?>" id="tab-<?= str_replace(' ', '', $setting['title']); ?>">
+					<?php
+					continue;
+				}
+
+				if ($setting['type'] === 'section') {
+					if ($i++ !== 0) { // close previous section
+						echo '</tbody></table>';
+					}
+					?>
+					<h3 id="row_<?= $key ?>" style="text-align: center"><strong><?= $setting['title']; ?></strong></h3>
+					<table class="table table-bordered table-striped">
+						<thead>
+							<tr>
+								<th style="width: 13%">Name</th>
+								<th style="width: 30%">Value</th>
+								<th>Description</th>
+							</tr>
+						</thead>
+						<tbody>
+						<?php
+					continue;
+				}
+
+				if (!isset($setting['hidden']) || !$setting['hidden']) {
+				?>
+					<tr id="row_<?= $key ?>">
+						<td><label for="<?= $key ?>" class="control-label"><?= $setting['name'] ?></label></td>
+						<td>
+							<?php
+				}
+				if (isset($setting['hidden']) && $setting['hidden']) {
+					$value = '';
+					if ($setting['type'] === 'boolean') {
+						$value = ($setting['default'] ? 'true' : 'false');
+					}
+					else if (in_array($setting['type'], ['text', 'number', 'email', 'password', 'textarea'])) {
+						$value = $setting['default'];
+					}
+					else if ($setting['type'] === 'options') {
+						$value = $setting['options'][$setting['default']];
+					}
+
+					echo '<input type="hidden" name="settings[' . $key . ']" value="' . $value . '" id="' . $key . '"';
+				}
+				else if ($setting['type'] === 'boolean') {
+					if(isset($settingsDb[$key])) {
+						if($settingsDb[$key] === 'true') {
+							$value = true;
+						}
+						else {
+							$value = false;
+						}
+					}
+					else {
+						$value = ($setting['default'] ?? false);
+					}
+
+					$checkbox($key, true, $value);
+					$checkbox($key, false, $value);
+				}
+
+				else if (in_array($setting['type'], ['text', 'number', 'email', 'password'])) {
+					if ($setting['type'] === 'number') {
+						$min = (isset($setting['min']) ? ' min="' . $setting['min'] . '"' : '');
+						$max = (isset($setting['max']) ? ' max="' . $setting['max'] . '"' : '');
+						$step = (isset($setting['step']) ? ' step="' . $setting['step'] . '"' : '');
+					}
+					else {
+						$min = $max = $step = '';
+					}
+
+					echo '<input class="form-control" type="' . $setting['type'] . '" name="settings[' . $key . ']" value="' . ($settingsDb[$key] ?? ($setting['default'] ?? '')) . '" id="' . $key . '"' . $min . $max . $step . '/>';
+				}
+
+				else if($setting['type'] === 'textarea') {
+					$value = ($settingsDb[$key] ?? ($setting['default'] ?? ''));
+					$valueWithSpaces = array_map('trim', preg_split('/\r\n|\r|\n/', trim($value)));
+					$rows = count($valueWithSpaces);
+					if ($rows < 2) {
+						$rows = 2; // always min 2 rows for textarea
+					}
+					echo '<textarea class="form-control" rows="' . $rows . '" name="settings[' . $key . ']" id="' . $key . '">' . $value . '</textarea>';
+				}
+
+				else if ($setting['type'] === 'options') {
+					if ($setting['options'] === '$templates') {
+						$templates = [];
+						foreach (get_templates() as $value) {
+							$templates[$value] = $value;
+						}
+
+						$setting['options'] = $templates;
+					}
+
+					else if($setting['options'] === '$clients') {
+						$clients = [];
+						foreach((array)config('clients') as $client) {
+
+							$client_version = (string)($client / 100);
+							if(strpos($client_version, '.') === false)
+								$client_version .= '.0';
+
+							$clients[$client] = $client_version;
+						}
+
+						$setting['options'] = $clients;
+					}
+					else if ($setting['options'] == '$timezones') {
+						$timezones = [];
+						foreach (DateTimeZone::listIdentifiers() as $value) {
+							$timezones[$value] = $value;
+						}
+
+						$setting['options'] = $timezones;
+					}
+
+					else {
+						if (is_string($setting['options'])) {
+							$setting['options'] = explode(',', $setting['options']);
+							foreach ($setting['options'] as &$option) {
+								$option = trim($option);
+							}
+						}
+					}
+
+					echo '<select class="form-control" name="settings[' . $key . ']" id="' . $key . '">';
+					foreach ($setting['options'] as $value => $option) {
+						$compareTo = ($settingsDb[$key] ?? ($setting['default'] ?? ''));
+						if($value === 'true') {
+							$selected = $compareTo === true;
+						}
+						else if($value === 'false') {
+							$selected = $compareTo === false;
+						}
+						else {
+							$selected = $compareTo == $value;
+						}
+
+						echo '<option value="' . $value . '" ' . ($selected ? 'selected' : '') . '>' . $option . '</option>';
+					}
+					echo '</select>';
+				}
+
+				if (!isset($setting['hidden']) || !$setting['hidden']) {
+				?>
+						</td>
+						<td>
+							<div class="well setting-default"><?php
+								echo ($setting['desc'] ?? '');
+								echo '<br/>';
+								echo '<strong>Default:</strong> ';
+
+								if ($setting['type'] === 'boolean') {
+									echo ($setting['default'] ? 'Yes' : 'No');
+								}
+								else if (in_array($setting['type'], ['text', 'number', 'email', 'password', 'textarea'])) {
+									echo $setting['default'];
+								}
+								else if ($setting['type'] === 'options') {
+									if (!empty($setting['default'])) {
+										echo $setting['options'][$setting['default']];
+									}
+								}
+								?></div>
+						</td>
+					</tr>
+					<?php
+				}
+			}
+					?>
+					</tbody>
+				</table>
+			</div>
+		</div>
+		<div class="box-footer">
+			<button name="save" type="submit" class="btn btn-primary">Save</button>
+		</div>
+		<?php
+
+		return ['content' => ob_get_clean(), 'script' => $javascript];
+	}
+
+	#[\ReturnTypeWillChange]
+	public function offsetSet($offset, $value)
+	{
+		if (is_null($offset)) {
+			throw new \RuntimeException("Settings: You cannot set empty offset with value: $value!");
+		}
+
+		$this->loadPlugin($offset);
+
+		$pluginKeyName = $this->valuesAsked['pluginKeyName'];
+		$key = $this->valuesAsked['key'];
+
+		// remove whole plugin settings
+		if (!isset($value)) {
+			$this->offsetUnset($offset);
+			$this->deleteFromDatabase($pluginKeyName, $key);
+			return;
+		}
+
+		$this->settingsDatabase[$pluginKeyName][$key] = $value;
+		$this->updateInDatabase($pluginKeyName, $key, $value);
+	}
+
+	#[\ReturnTypeWillChange]
+	public function offsetExists($offset): bool
+	{
+		$this->loadPlugin($offset);
+
+		$pluginKeyName = $this->valuesAsked['pluginKeyName'];
+		$key = $this->valuesAsked['key'];
+
+		// remove specified plugin settings (all)
+		if(is_null($key)) {
+			return isset($this->settingsDatabase[$offset]);
+		}
+
+		return isset($this->settingsDatabase[$pluginKeyName][$key]);
+	}
+
+	#[\ReturnTypeWillChange]
+	public function offsetUnset($offset)
+	{
+		$this->loadPlugin($offset);
+
+		$pluginKeyName = $this->valuesAsked['pluginKeyName'];
+		$key = $this->valuesAsked['key'];
+
+		if (isset($this->cache[$offset])) {
+			unset($this->cache[$offset]);
+		}
+
+		// remove specified plugin settings (all)
+		if(!isset($key)) {
+			unset($this->settingsFile[$pluginKeyName]);
+			unset($this->settingsDatabase[$pluginKeyName]);
+			$this->deleteFromDatabase($pluginKeyName);
+			return;
+		}
+
+		unset($this->settingsFile[$pluginKeyName]['settings'][$key]);
+		unset($this->settingsDatabase[$pluginKeyName][$key]);
+		$this->deleteFromDatabase($pluginKeyName, $key);
+	}
+
+	/**
+	 * Get settings
+	 * Usage: $setting['plugin_name.key']
+	 * Example: $settings['shop_system.paypal_email']
+	 *
+	 * @param mixed $offset
+	 * @return array|mixed
+	 */
+	#[\ReturnTypeWillChange]
+	public function offsetGet($offset)
+	{
+		// try cache hit
+		if(isset($this->cache[$offset])) {
+			return $this->cache[$offset];
+		}
+
+		$this->loadPlugin($offset);
+
+		$pluginKeyName = $this->valuesAsked['pluginKeyName'];
+		$key = $this->valuesAsked['key'];
+
+		// return specified plugin settings (all)
+		if(!isset($key)) {
+			if (!isset($this->settingsFile[$pluginKeyName]['settings'])) {
+				throw new RuntimeException('Unknown plugin settings: ' . $pluginKeyName);
+			}
+			return $this->settingsFile[$pluginKeyName]['settings'];
+		}
+
+		$ret = [];
+		if(isset($this->settingsFile[$pluginKeyName]['settings'][$key])) {
+			$ret = $this->settingsFile[$pluginKeyName]['settings'][$key];
+		}
+
+		if(isset($this->settingsDatabase[$pluginKeyName][$key])) {
+			$value = $this->settingsDatabase[$pluginKeyName][$key];
+
+			$ret['value'] = $value;
+		}
+		else {
+			$ret['value'] = $this->settingsFile[$pluginKeyName]['settings'][$key]['default'];
+		}
+
+		if(isset($ret['type'])) {
+			switch($ret['type']) {
+				case 'boolean':
+					$ret['value'] = getBoolean($ret['value']);
+					break;
+
+				case 'number':
+					if (!isset($ret['step']) || (int)$ret['step'] == 1) {
+						$ret['value'] = (int)$ret['value'];
+					}
+					break;
+
+				default:
+					break;
+			}
+		}
+
+		if (isset($ret['callbacks']['get'])) {
+			$ret['value'] = $ret['callbacks']['get']($ret['value']);
+		}
+
+		$this->cache[$offset] = $ret;
+		return $ret;
+	}
+
+	private function updateValuesAsked($offset)
+	{
+		$pluginKeyName = $offset;
+		if (strpos($offset, '.')) {
+			$explode = explode('.', $offset, 2);
+
+			$pluginKeyName = $explode[0];
+			$key = $explode[1];
+
+			$this->valuesAsked = ['pluginKeyName' => $pluginKeyName, 'key' => $key];
+		}
+		else {
+			$this->valuesAsked = ['pluginKeyName' => $pluginKeyName, 'key' => null];
+		}
+	}
+
+	private function loadPlugin($offset)
+	{
+		$this->updateValuesAsked($offset);
+
+		$pluginKeyName = $this->valuesAsked['pluginKeyName'];
+		$key = $this->valuesAsked['key'];
+
+		if (!isset($this->settingsFile[$pluginKeyName])) {
+			if ($pluginKeyName === 'core') {
+				$settingsFilePath = SYSTEM . 'settings.php';
+			} else {
+				//$pluginSettings = Plugins::getPluginSettings($pluginKeyName);
+				$settings = Plugins::getAllPluginsSettings();
+				if (!isset($settings[$pluginKeyName])) {
+					warning("Setting $pluginKeyName does not exist or does not have settings defined.");
+					return;
+				}
+
+				$settingsFilePath = BASE . $settings[$pluginKeyName]['settingsFilename'];
+			}
+
+			if (!file_exists($settingsFilePath)) {
+				throw new \RuntimeException('Failed to load settings file for plugin: ' . $pluginKeyName);
+			}
+
+			$this->settingsFile[$pluginKeyName] = require $settingsFilePath;
+		}
+	}
+
+	public static function saveConfig($config, $filename, &$content = '')
+	{
+		$content = "<?php" . PHP_EOL .
+			"\$config['installed'] = true;" . PHP_EOL;
+
+		foreach ($config as $key => $value) {
+			$content .= "\$config['$key'] = ";
+			$content .= var_export($value, true);
+			$content .= ';' . PHP_EOL;
+		}
+
+		$success = file_put_contents($filename, $content);
+
+		// we saved new config.php, need to revalidate cache (only if opcache is enabled)
+		if (function_exists('opcache_invalidate')) {
+			opcache_invalidate($filename);
+		}
+
+		return $success;
+	}
+
+	public static function testDatabaseConnection($config): bool
+	{
+		$user = null;
+		$password = null;
+		$dns = [];
+
+		if( isset($config['database_name']) ) {
+			$dns[] = 'dbname=' . $config['database_name'];
+		}
+
+		if( isset($config['database_user']) ) {
+			$user = $config['database_user'];
+		}
+
+		if( isset($config['database_password']) ) {
+			$password = $config['database_password'];
+		}
+
+		if( isset($config['database_host']) ) {
+			$dns[] = 'host=' . $config['database_host'];
+		}
+
+		if( isset($config['database_port']) ) {
+			$dns[] = 'port=' . $config['database_port'];
+		}
+
+		try {
+			$connectionTest = new PDO('mysql:' . implode(';', $dns), $user, $password);
+			$connectionTest->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+		}
+		catch(PDOException $error) {
+			error('MySQL connection failed. Settings has been reverted.');
+			error($error->getMessage());
+			return false;
+		}
+
+		return true;
+	}
+
+	public function getErrors() {
+		return $this->errors;
+	}
+}

system/libs/data.php

@@ -41,4 +41,3 @@ class Data
 		return $db->update($this->table, $data, $where);
 	}
 }
-?>

system/libs/forum.php

@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$configForumTablePrefix = config('forum_table_prefix');
+$configForumTablePrefix = setting('core.forum_table_prefix');
 if(null !== $configForumTablePrefix && !empty(trim($configForumTablePrefix))) {
 	if(!in_array($configForumTablePrefix, array('myaac_', 'z_'))) {
 		throw new RuntimeException('Invalid value for forum_table_prefix in config.php. Can be only: "myaac_" or "z_".');
@@ -47,7 +47,7 @@ class Forum
 		return
 			$db->query(
 				'SELECT `id` FROM `players` WHERE `account_id` = ' . $db->quote($account->getId()) .
-				' AND `level` >= ' . $db->quote($config['forum_level_required']) .
+				' AND `level` >= ' . $db->quote(setting('core.forum_level_required')) .
 				' LIMIT 1')->rowCount() > 0;
 	}
 

system/libs/plugins.php

@@ -168,6 +168,36 @@ class Plugins {
 		return $hooks;
 	}
 
+	public static function getAllPluginsSettings()
+	{
+		$cache = Cache::getInstance();
+		if ($cache->enabled()) {
+			$tmp = '';
+			if ($cache->fetch('plugins_settings', $tmp)) {
+				return unserialize($tmp);
+			}
+		}
+
+		$settings = [];
+		foreach (self::getAllPluginsJson() as $plugin) {
+			if (isset($plugin['settings'])) {
+				$settingsFile = require BASE . $plugin['settings'];
+				if (!isset($settingsFile['key'])) {
+					warning("Settings file for plugin - {$plugin['name']} does not contain 'key' field");
+					continue;
+				}
+
+				$settings[$settingsFile['key']] = ['pluginFilename' => $plugin['filename'], 'settingsFilename' => $plugin['settings']];
+			}
+		}
+
+		if ($cache->enabled()) {
+			$cache->set('plugins_settings', serialize($settings), 600); // cache for 10 minutes
+		}
+
+		return $settings;
+	}
+
 	public static function getAllPluginsJson($disabled = false)
 	{
 		$cache = Cache::getInstance();
@@ -180,30 +210,66 @@ class Plugins {
 
 		$plugins = [];
 		foreach (get_plugins($disabled) as $filename) {
-			$string = file_get_contents(PLUGINS . $filename . '.json');
-			$plugin = json_decode($string, true);
-			self::$plugin_json = $plugin;
-			if ($plugin == null) {
-				self::$warnings[] = 'Cannot load ' . $filename . '.json. File might be not a valid json code.';
-				continue;
-			}
-
-			if (isset($plugin['enabled']) && !getBoolean($plugin['enabled'])) {
-				self::$warnings[] = 'Skipping ' . $filename . '... The plugin is disabled.';
+			$plugin = self::getPluginJson($filename);
+
+			if (!$plugin) {
 				continue;
 			}
 
+			$plugin['filename'] = $filename;
 			$plugins[] = $plugin;
 		}
 
 		if ($cache->enabled()) {
-			$cache->set('plugins', serialize($plugins), 600);
+			$cache->set('plugins', serialize($plugins), 600); // cache for 10 minutes
 		}
 
 		return $plugins;
 	}
 
-	public static function install($file) {
+	public static function getPluginSettings($filename)
+	{
+		$plugin_json = self::getPluginJson($filename);
+		if (!$plugin_json) {
+			return false;
+		}
+
+		if (!isset($plugin_json['settings']) || !file_exists(BASE . $plugin_json['settings'])) {
+			return false;
+		}
+
+		return $plugin_json['settings'];
+	}
+
+	public static function getPluginJson($filename = null)
+	{
+		if(!isset($filename)) {
+			return self::$plugin_json;
+		}
+
+		$pathToPlugin = PLUGINS . $filename . '.json';
+		if (!file_exists($pathToPlugin)) {
+			self::$warnings[] = "Cannot load $filename.json. File doesn't exist.";
+			return false;
+		}
+
+		$string = file_get_contents($pathToPlugin);
+		$plugin_json = json_decode($string, true);
+		if ($plugin_json == null) {
+			self::$warnings[] = "Cannot load $filename.json. File might be not a valid json code.";
+			return false;
+		}
+
+		if (isset($plugin_json['enabled']) && !getBoolean($plugin_json['enabled'])) {
+			self::$warnings[] = 'Skipping ' . $filename . '... The plugin is disabled.';
+			return false;
+		}
+
+		return $plugin_json;
+	}
+
+	public static function install($file): bool
+	{
 		global $db;
 
 		if(!\class_exists('ZipArchive')) {
@@ -242,6 +308,12 @@ class Plugins {
 			return false;
 		}
 
+		$pluginFilename = str_replace('.json', '', basename($json_file));
+		if (self::existDisabled($pluginFilename)) {
+			success('The plugin already existed, but was disabled. It has been enabled again and will be now reinstalled.');
+			self::enable($pluginFilename);
+		}
+
 		$string = file_get_contents($file_name);
 		$plugin_json = json_decode($string, true);
 		self::$plugin_json = $plugin_json;
@@ -442,13 +514,23 @@ class Plugins {
 		return false;
 	}
 
-	public static function enable($pluginFileName): bool
+	public static function isEnabled($pluginFileName): bool
 	{
+		$filenameJson = $pluginFileName . '.json';
+		return !is_file(PLUGINS . 'disabled.' . $filenameJson) && is_file(PLUGINS . $filenameJson);
+	}
+
+	public static function existDisabled($pluginFileName): bool
+	{
+		$filenameJson = $pluginFileName . '.json';
+		return is_file(PLUGINS . 'disabled.' . $filenameJson);
+	}
+
+	public static function enable($pluginFileName): bool {
 		return self::enableDisable($pluginFileName, true);
 	}
 
-	public static function disable($pluginFileName): bool
-	{
+	public static function disable($pluginFileName): bool {
 		return self::enableDisable($pluginFileName, false);
 	}
 
@@ -526,7 +608,8 @@ class Plugins {
 		return false;
 	}
 
-	public static function is_installed($plugin_name, $version) {
+	public static function is_installed($plugin_name, $version): bool
+	{
 		$filename = BASE . 'plugins/' . $plugin_name . '.json';
 		if(!file_exists($filename)) {
 			return false;
@@ -534,7 +617,7 @@ class Plugins {
 
 		$string = file_get_contents($filename);
 		$plugin_info = json_decode($string, true);
-		if($plugin_info == false) {
+		if(!$plugin_info) {
 			return false;
 		}
 
@@ -557,10 +640,6 @@ class Plugins {
 		return self::$error;
 	}
 
-	public static function getPluginJson() {
-		return self::$plugin_json;
-	}
-
 	/**
 	 * Install menus
 	 * Helper function for plugins

system/libs/pot/E_OTS_ErrorCode.php

@@ -32,5 +32,3 @@ class E_OTS_ErrorCode extends Exception
 }
 
 /**#@-*/
-
-?>

system/libs/pot/E_OTS_Generic.php

@@ -36,5 +36,3 @@ class E_OTS_Generic extends E_OTS_ErrorCode
 }
 
 /**#@-*/
-
-?>

system/libs/pot/E_OTS_NotAContainer.php

@@ -22,5 +22,3 @@ class E_OTS_NotAContainer extends Exception
 }
 
 /**#@-*/
-
-?>

system/libs/pot/E_OTS_OTBMError.php

@@ -32,5 +32,3 @@ class E_OTS_OTBMError extends E_OTS_ErrorCode
 }
 
 /**#@-*/
-
-?>

system/libs/pot/E_OTS_ReadOnly.php

@@ -22,5 +22,3 @@ class E_OTS_ReadOnly extends Exception
 }
 
 /**#@-*/
-
-?>

system/libs/pot/IOTS_Cipher.php

@@ -37,5 +37,3 @@ interface IOTS_Cipher
 }
 
 /**#@-*/
-
-?>

system/libs/pot/IOTS_DataDisplay.php

@@ -89,5 +89,3 @@ interface IOTS_DataDisplay
 }
 
 /**#@-*/
-
-?>

system/libs/pot/IOTS_Display.php

@@ -96,5 +96,3 @@ interface IOTS_Display
 }
 
 /**#@-*/
-
-?>

system/libs/pot/IOTS_GuildAction.php

@@ -67,5 +67,3 @@ interface IOTS_GuildAction
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_Account.php

@@ -994,7 +994,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
         $access = 0;
 
         // finds ranks of all characters
-        foreach($this->getPlayersList() as $player)
+        foreach($this->getPlayersList(false) as $player)
         {
             $rank = $player->getRank();
 
@@ -1198,5 +1198,3 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_AccountBans_List.php

@@ -34,5 +34,3 @@ class OTS_AccountBans_List extends OTS_Bans_List
         $this->setFilter($filter);
     }
 }
-
-?>

system/libs/pot/OTS_Admin.php

@@ -735,5 +735,3 @@ class OTS_Admin
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_Bans_List.php

@@ -100,5 +100,3 @@ class OTS_Bans_List extends OTS_Base_List
         }
     }
 }
-
-?>

system/libs/pot/OTS_Base_DB.php

@@ -265,5 +265,3 @@ abstract class OTS_Base_DB extends PDO implements IOTS_DB
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_BinaryTools.php

@@ -146,5 +146,3 @@ class OTS_BinaryTools
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_Container.php

@@ -149,5 +149,3 @@ class OTS_Container extends OTS_Item implements IteratorAggregate
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_FileLoader.php

@@ -357,5 +357,3 @@ class OTS_FileLoader
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_Group.php

@@ -671,5 +671,3 @@ class OTS_Group extends OTS_Row_DAO implements IteratorAggregate, Countable
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_Guild.php

@@ -837,5 +837,3 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_GuildRanks_List.php

@@ -72,5 +72,3 @@ class OTS_GuildRanks_List extends OTS_Base_List
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_House.php

@@ -529,5 +529,3 @@ class OTS_House extends OTS_Row_DAO
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_IPBans_List.php

@@ -34,5 +34,3 @@ class OTS_IPBans_List extends OTS_Bans_List
         $this->setFilter($filter);
     }
 }
-
-?>

system/libs/pot/OTS_InfoRespond.php

@@ -387,5 +387,3 @@ class OTS_InfoRespond extends DOMDocument
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_ItemsList.php

@@ -676,5 +676,3 @@ class OTS_ItemsList extends OTS_FileLoader implements IteratorAggregate, Countab
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_MapCoords.php

@@ -130,5 +130,3 @@ class OTS_MapCoords
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_MonstersList.php

@@ -299,5 +299,3 @@ class OTS_MonstersList implements Iterator, Countable, ArrayAccess
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_Player.php

@@ -3627,5 +3627,3 @@ class OTS_Player extends OTS_Row_DAO
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_PlayerBans_List.php

@@ -34,5 +34,3 @@ class OTS_PlayerBans_List extends OTS_Bans_List
         $this->setFilter($filter);
     }
 }
-
-?>

system/libs/pot/OTS_Row_DAO.php

@@ -75,5 +75,3 @@ abstract class OTS_Row_DAO extends OTS_Base_DAO
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_SQLField.php

@@ -121,5 +121,3 @@ class OTS_SQLField
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_ServerInfo.php

@@ -14,7 +14,7 @@
 
 /**
  * Various server status querying methods.
- * 
+ *
  * @package POT
  * @property-read OTS_InfoRespond|bool $status status() method wrapper.
  * @property-read OTS_ServerStatus|bool $info Full info() method wrapper.
@@ -23,21 +23,21 @@ class OTS_ServerInfo
 {
 /**
  * Server address.
- * 
+ *
  * @var string
  */
     private $server;
 
 /**
  * Connection port.
- * 
+ *
  * @var int
  */
     private $port;
 
 /**
  * Creates handler for new server.
- * 
+ *
  * @param string $server Server IP/domain.
  * @param int $port OTServ port.
  */
@@ -49,7 +49,7 @@ class OTS_ServerInfo
 
 /**
  * Sends packet to server.
- * 
+ *
  * @param OTS_Buffer|string $packet Buffer to send.
  * @return OTS_Buffer|null Respond buffer (null if server is offline).
  * @throws E_OTS_OutOfBuffer When there is read attemp after end of packet stream.
@@ -57,7 +57,7 @@ class OTS_ServerInfo
     private function send(OTS_Buffer $packet)
     {
         // connects to server
-        $socket = @fsockopen($this->server, $this->port, $error, $message, config('status_timeout'));
+        $socket = @fsockopen($this->server, $this->port, $error, $message, setting('core.status_timeout'));
 
         // if connected then checking statistics
         if($socket)
@@ -75,7 +75,7 @@ class OTS_ServerInfo
 
             // reads respond
             //$data = stream_get_contents($socket);
-			$data = ''; 
+			$data = '';
 			while (!feof($socket))
 				$data .= fgets($socket, 1024);
 
@@ -97,11 +97,11 @@ class OTS_ServerInfo
 
 /**
  * Queries server status.
- * 
+ *
  * <p>
  * Sends 'info' packet to OTS server and return output. Returns {@link OTS_InfoRespond OTS_InfoRespond} (wrapper for XML data) with results or <var>false</var> if server is online.
  * </p>
- * 
+ *
  * @return OTS_InfoRespond|bool Respond content document (false when server is offline).
  * @throws DOMException On DOM operation error.
  * @throws E_OTS_OutOfBuffer When there is read attemp after end of packet stream.
@@ -123,7 +123,7 @@ class OTS_ServerInfo
         {
             // loads respond XML
             $info = new OTS_InfoRespond();
-            if(!$info->loadXML( utf8_encode($status->getBuffer())))
+            if(!$info->loadXML( $status->getBuffer()))
 				return false;
 
             return $info;
@@ -135,11 +135,11 @@ class OTS_ServerInfo
 
 /**
  * Queries server information.
- * 
+ *
  * <p>
  * This method uses binary info protocol. It provides more infromation then {@link OTS_Toolbox::serverStatus() XML way}.
  * </p>
- * 
+ *
  * @param int $flags Requested info flags.
  * @return OTS_ServerStatus|bool Respond content document (false when server is offline).
  * @throws E_OTS_OutOfBuffer When there is read attemp after end of packet stream.
@@ -169,11 +169,11 @@ class OTS_ServerInfo
 
 /**
  * Checks player online status.
- * 
+ *
  * <p>
  * This method uses binary info protocol.
  * </p>
- * 
+ *
  * @param string $name Player name.
  * @return bool True if player is online, false if player or server is online.
  * @throws E_OTS_OutOfBuffer When there is read attemp after end of packet stream.
@@ -204,7 +204,7 @@ class OTS_ServerInfo
 
 /**
  * Magic PHP5 method.
- * 
+ *
  * @param string $name Property name.
  * @param mixed $value Property value.
  * @throws OutOfBoundsException For non-supported properties.
@@ -227,5 +227,3 @@ class OTS_ServerInfo
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_Spell.php

@@ -482,5 +482,3 @@ class OTS_Spell
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_Toolbox.php

@@ -113,5 +113,3 @@ class OTS_Toolbox
 }
 
 /**#@-*/
-
-?>

system/libs/pot/OTS_XTEA.php

@@ -151,5 +151,3 @@ class OTS_XTEA implements IOTS_Cipher
 }
 
 /**#@-*/
-
-?>

system/libs/rfc6238.php

@@ -282,4 +282,3 @@ class TokenAuth6238 {
 		return $result;
 	}
 }
-?>

system/libs/validator.php

@@ -117,7 +117,7 @@ class Validator
 			return false;
 		}
 
-		if(config('account_mail_block_plus_sign')) {
+		if(setting('core.account_mail_block_plus_sign')) {
 			$explode = explode('@', $email);
 			if(isset($explode[0]) && (strpos($explode[0],'+') !== false)) {
 				self::$lastError = 'Please do not use plus (+) sign in your e-mail.';
@@ -180,15 +180,16 @@ class Validator
 			return false;
 		}
 
-		$minLength = config('character_name_min_length');
-		$maxLength = config('character_name_max_length');
-
 		// installer doesn't know config.php yet
 		// that's why we need to ignore the nulls
-		if(is_null($minLength) || is_null($maxLength)) {
+		if(defined('MYAAC_INSTALL')) {
 			$minLength = 4;
 			$maxLength = 21;
 		}
+		else {
+			$minLength = setting('core.create_character_name_min_length');
+			$maxLength = setting('core.create_character_name_max_length');
+		}
 
 		$length = strlen($name);
 		if($length < $minLength)
@@ -221,16 +222,6 @@ class Validator
 			return false;
 		}
 
-		$npcCheck = config('character_name_npc_check');
-		if ($npcCheck) {
-			require_once LIBS . 'npc.php';
-			NPCS::load();
-			if(NPCS::$npcs && in_array(strtolower($name), NPCS::$npcs)) {
-				self::$lastError = "Invalid name format. Do not use NPC Names";
-				return false;
-			}
-		}
-
 		return true;
 	}
 
@@ -247,9 +238,8 @@ class Validator
 
 		$name_lower = strtolower($name);
 
-		$first_words_blocked = array('admin ', 'administrator ', 'gm ', 'cm ', 'god ','tutor ', "'", '-');
-		foreach($first_words_blocked as $word)
-		{
+		$first_words_blocked = array_merge(["'", '-'], setting('core.create_character_name_blocked_prefix'));
+		foreach($first_words_blocked as $word) {
 			if($word == substr($name_lower, 0, strlen($word))) {
 				self::$lastError = 'Your name contains blocked words.';
 				return false;
@@ -271,8 +261,7 @@ class Validator
 			return false;
 		}
 
-		if(preg_match('/ {2,}/', $name))
-		{
+		if(preg_match('/ {2,}/', $name)) {
 			self::$lastError = 'Invalid character name format. Use only A-Z and numbers 0-9 and no double spaces.';
 			return false;
 		}
@@ -282,18 +271,16 @@ class Validator
 			return false;
 		}
 
-		$names_blocked = array('admin', 'administrator', 'gm', 'cm', 'god', 'tutor');
-		foreach($names_blocked as $word)
-		{
+		$names_blocked = setting('core.create_character_name_blocked_names');
+		foreach($names_blocked as $word) {
 			if($word == $name_lower) {
 				self::$lastError = 'Your name contains blocked words.';
 				return false;
 			}
 		}
 
-		$words_blocked = array('admin', 'administrator', 'gamemaster', 'game master', 'game-master', "game'master", '--', "''","' ", " '", '- ', ' -', "-'", "'-", 'fuck', 'sux', 'suck', 'noob', 'tutor');
-		foreach($words_blocked as $word)
-		{
+		$words_blocked = array_merge(['--', "''","' ", " '", '- ', ' -', "-'", "'-"], setting('core.create_character_name_blocked_words'));
+		foreach($words_blocked as $word) {
 			if(!(strpos($name_lower, $word) === false)) {
 				self::$lastError = 'Your name contains illegal words.';
 				return false;
@@ -309,7 +296,7 @@ class Validator
 			}
 		}
 
-		//check if was namelocked previously
+		// check if was namelocked previously
 		if($db->hasTable('player_namelocks') && $db->hasColumn('player_namelocks', 'name')) {
 			$namelock = $db->query('SELECT `player_id` FROM `player_namelocks` WHERE `name` = ' . $db->quote($name));
 			if($namelock->rowCount() > 0) {
@@ -318,39 +305,41 @@ class Validator
 			}
 		}
 
-		$monsters = $db->query('SELECT `name` FROM `' . TABLE_PREFIX . 'monsters` WHERE `name` LIKE ' . $db->quote($name_lower));
-		if($monsters->rowCount() > 0) {
-			self::$lastError = 'Your name cannot contains monster name.';
-			return false;
-		}
-
-		$spells_name = $db->query('SELECT `name` FROM `' . TABLE_PREFIX . 'spells` WHERE `name` LIKE ' . $db->quote($name_lower));
-		if($spells_name->rowCount() > 0) {
-			self::$lastError = 'Your name cannot contains spell name.';
-			return false;
-		}
-
-		$spells_words = $db->query('SELECT `words` FROM `' . TABLE_PREFIX . 'spells` WHERE `words` = ' . $db->quote($name_lower));
-		if($spells_words->rowCount() > 0) {
-			self::$lastError = 'Your name cannot contains spell name.';
-			return false;
-		}
-
-		if(isset($config['npc']))
-		{
-			if(in_array($name_lower, $config['npc'])) {
-				self::$lastError = 'Your name cannot contains NPC name.';
+		$monstersCheck = setting('core.create_character_name_monsters_check');
+		if ($monstersCheck) {
+			$monsters = $db->query('SELECT `name` FROM `' . TABLE_PREFIX . 'monsters` WHERE `name` LIKE ' . $db->quote($name_lower));
+			if ($monsters->rowCount() > 0) {
+				self::$lastError = 'Your name cannot contains monster name.';
 				return false;
 			}
 		}
 
-		$npcCheck = config('character_name_npc_check');
+		$spellsCheck = setting('core.create_character_name_spells_check');
+		if ($spellsCheck) {
+			$spells_name = $db->query('SELECT `name` FROM `' . TABLE_PREFIX . 'spells` WHERE `name` LIKE ' . $db->quote($name_lower));
+			if ($spells_name->rowCount() > 0) {
+				self::$lastError = 'Your name cannot contains spell name.';
+				return false;
+			}
+
+			$spells_words = $db->query('SELECT `words` FROM `' . TABLE_PREFIX . 'spells` WHERE `words` = ' . $db->quote($name_lower));
+			if ($spells_words->rowCount() > 0) {
+				self::$lastError = 'Your name cannot contains spell name.';
+				return false;
+			}
+		}
+
+		$npcCheck = setting('core.create_character_name_npc_check');
 		if ($npcCheck) {
 			require_once LIBS . 'npc.php';
 			NPCS::load();
-			if(NPCS::$npcs && in_array($name_lower, NPCS::$npcs)) {
-				self::$lastError = "Invalid name format. Do not use NPC Names";
-				return false;
+			if(NPCS::$npcs) {
+				foreach (NPCs::$npcs as $npc) {
+					if(strpos($name_lower, $npc) !== false) {
+						self::$lastError = 'Your name cannot contains NPC name.';
+						return false;
+					}
+				}
 			}
 		}
 
@@ -451,4 +440,3 @@ class Validator
 		return self::$lastError;
 	}
 }
-?>

system/locale/de/admin.php

@@ -6,4 +6,3 @@
  * @author Slawkens <slawkens@gmail.com>
  */
 $locale['title'] = 'MyAAC Admin';
-?>

system/locale/de/main.php

@@ -11,5 +11,4 @@ $locale['encoding'] = 'utf-8';
 $locale['direction']= 'ltr';
 
 $locale['error404'] = 'Diese Seite konnte nicht gefunden werden.';
-$locale['news'] = 'Neuesten Nachrichten';
-?>
+$locale['news'] = 'Neuesten Nachrichten';

system/locale/en/install.php

@@ -131,4 +131,3 @@ $locale['step_finish_title'] = 'Installation finished!';
 $locale['step_finish_desc'] = 'Congratulations! <b>MyAAC</b> is ready to use!<br/>You can now login to $ADMIN_PANEL$, or visit $HOMEPAGE$.<br/><br/>
 <span style="color: red">Please delete install/ directory.</span><br/><br/>
 Post bugs and suggestions at $LINK$, thanks!';
-?>

system/locale/pl/admin.php

@@ -6,4 +6,3 @@
  * @author Slawkens <slawkens@gmail.com>
  */
 $locale['title'] = 'MyAAC Admin';
-?>

system/locale/pl/main.php

@@ -12,4 +12,4 @@ $locale['direction']= 'ltr';
 
 $locale['error404'] = 'Strona nie została odnaleziona.';
 $locale['news'] = 'Ostatnie newsy';
-$locale['loaded_in_ms'] = 'w $TIME$ ms';
+$locale['loaded_in_ms'] = 'w $TIME$ ms';

system/locale/pt_br/install.php

@@ -118,4 +118,3 @@ $locale['step_finish'] = 'Finalizar';
 $locale['step_finish_title'] = 'Instalação terminada!';
 $locale['step_finish_desc'] = 'Parabéns! <b>MyAAC</b> está pronto para uso!<br/>Agora você pode fazer login em $ADMIN_PANEL$ ou visitar $HOMEPAGE$.<br/><br/>
 <span style = "color: red">Por favor remova a pasta install/.</span><br/><br/>Postar bugs e sugestões em $LINK$, obrigado!';
-?>

system/locale/sv/admin.php

@@ -6,4 +6,3 @@
  * @author Sizaro <sizaro@live.se>
  */
 $locale['title'] = 'MyAAC Admin';
-?>

system/locale/sv/main.php

@@ -12,4 +12,3 @@ $locale['direction']= 'ltr';
 
 $locale['error404'] = 'Sidan kunde inte hittas.';
 $locale['news'] = 'Senaste nyheterna';
-?>

system/login.php

@@ -10,12 +10,12 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $logged = false;
 $logged_flags = 0;
+$account_logged = new OTS_Account();
 
 // stay-logged with sessions
 $current_session = getSession('account');
 if($current_session !== false)
 {
-	$account_logged = new OTS_Account();
 	$account_logged->load($current_session);
 	if($account_logged->isLoaded() && $account_logged->getPassword() == getSession('password')
 		//&& (!isset($_SESSION['admin']) || admin())