Merge branch 'develop' into feature/cronjob

feature: plugin cronjobs
2025-10-31 16:06:24 +01:00 · 2023-08-29 11:39:30 +02:00 · 2023-02-07 19:38:18 +01:00
360 changed files with 8549 additions and 9051 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -15,5 +15,5 @@ trim_trailing_whitespace = false
 [{composer.json,package.json}]
 indent_style = space
-[{package.json, *.yml}]
+[package.json]
 indent_size = 2
--- a/.github/workflows/cypress.yml
+++ b/.github/workflows/cypress.yml
@@ -22,9 +22,8 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        php-versions: [ '8.1', '8.2', '8.3' ]
+        php-versions: [ '7.4', '8.0', '8.1' ]
-        ots: ['tfs-1.4', 'canary-3.1.2'] # TODO: add 'tfs-master' (actually doesn't work cause AAC doesn't support reading .env configuration)
+    name: MyAAC on PHP ${{ matrix.php-versions }}
    name: Cypress (PHP ${{ matrix.php-versions }}, ${{ matrix.ots }})
    steps:
        - name: 📌 MySQL Start & init & show db
          run: |
@@ -33,81 +32,47 @@ jobs:
            mysql -e "SHOW DATABASES" -uroot -proot
        - name: Checkout MyAAC
-          uses: actions/checkout@v4
+          uses: actions/checkout@v3
          with:
-            ref: develop
+            ref: 0.9
        - uses: actions/setup-node@v4
          with:
            node-version: 18
        - run: npm ci
        - name: Checkout TFS
-          uses: actions/checkout@v4
+          uses: actions/checkout@v3
          if: matrix.ots == 'tfs-1.4'
          with:
            repository: otland/forgottenserver
            ref: 1.4
-            path: ots
+            path: tfs
-        - name: Checkout TFS
+        - name: Import TFS Schema
          uses: actions/checkout@v4
          if: matrix.ots == 'tfs-master'
          with:
            repository: otland/forgottenserver
            ref: master
            path: ots
        - name: Checkout Canary
          uses: actions/checkout@v4
          if: matrix.ots == 'canary-3.1.2'
          with:
            repository: opentibiabr/canary
            ref: v3.1.2
            path: ots
        - name: Import OTS Schema
          run: |
-              mysql -uroot -proot myaac < ots/schema.sql
+              mysql -uroot -proot myaac < tfs/schema.sql
        - name: Rename config.lua
-          run: mv ots/config.lua.dist ots/config.lua
+          run: mv tfs/config.lua.dist tfs/config.lua
-        - name: Replace mysqlUser (TFS 1.4)
+        - name: Replace mysqlUser
-          uses: jacobtomlinson/gha-find-replace@v3
+          uses: jacobtomlinson/gha-find-replace@v2
          if: matrix.ots == 'tfs-1.4'
          with:
            find: 'mysqlUser = "forgottenserver"'
            replace: 'mysqlUser = "root"'
            regex: false
-            include: 'ots/config.lua'
+            include: 'tfs/config.lua'
-        - name: Replace mysqlPass (TFS 1.4)
+        - name: Replace mysqlPass
-          uses: jacobtomlinson/gha-find-replace@v3
+          uses: jacobtomlinson/gha-find-replace@v2
          if: matrix.ots == 'tfs-1.4'
          with:
              find: 'mysqlPass = ""'
              replace: 'mysqlPass = "root"'
              regex: false
-              include: 'ots/config.lua'
+              include: 'tfs/config.lua'
-        - name: Replace mysqlDatabase (TFS 1.4)
+        - name: Replace mysqlDatabase
-          uses: jacobtomlinson/gha-find-replace@v3
+          uses: jacobtomlinson/gha-find-replace@v2
          if: matrix.ots == 'tfs-1.4'
          with:
              find: 'mysqlDatabase = "forgottenserver"'
              replace: 'mysqlDatabase = "myaac"'
              regex: false
-              include: 'ots/config.lua'
+              include: 'tfs/config.lua'
        - name: Replace mysqlDatabase (Canary)
          uses: jacobtomlinson/gha-find-replace@v3
          if: matrix.ots == 'canary-3.1.2'
          with:
              find: 'mysqlDatabase = "otservbr-global"'
              replace: 'mysqlDatabase = "myaac"'
              regex: false
              include: 'ots/config.lua'
        - name: Setup PHP
          uses: shivammathur/setup-php@v2
@@ -120,13 +85,13 @@ jobs:
          run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
        - name: Cache composer dependencies
-          uses: actions/cache@v4
+          uses: actions/cache@v3
          with:
            path: ${{ steps.composer-cache.outputs.dir }}
            # Use composer.json for key, if composer.lock is not committed.
-            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+            # key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
-            #key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
-            restore-keys: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+            restore-keys: ${{ runner.os }}-composer-
        - name: Install Composer dependencies
          run: composer install --no-progress --prefer-dist --optimize-autoloader
@@ -135,28 +100,21 @@ jobs:
          run: nohup php -S localhost:8080 > php.log 2>&1 &
        - name: Cypress Run
-          uses: cypress-io/github-action@v6
+          uses: cypress-io/github-action@v5
          env:
            CYPRESS_URL: http://localhost:8080
-            CYPRESS_SERVER_PATH: /home/runner/work/myaac/myaac/ots
+            CYPRESS_SERVER_PATH: /home/runner/work/myaac/myaac/tfs
        - name: Save screenshots
-          uses: actions/upload-artifact@v4
+          uses: actions/upload-artifact@v3
          if: always()
          with:
-            name: cypress-screenshots-${{ matrix.php-versions }}-${{ matrix.ots }}
+            name: cypress-screenshots
            path: cypress/screenshots
        - name: Upload Cypress Videos
-          uses: actions/upload-artifact@v4
+          uses: actions/upload-artifact@v3
          if: always()
          with:
-            name: cypress-videos-${{ matrix.php-versions }}-${{ matrix.ots }}
+            name: cypress-videos
            path: cypress/videos
        - name: Upload PHP Logs
          uses: actions/upload-artifact@v4
          if: always()
          with:
            name: php-log-${{ matrix.php-versions }}-${{ matrix.ots }}
            path: php.log
--- a/.github/workflows/phpstan.yml
+++ b/.github/workflows/phpstan.yml
@@ -1,46 +0,0 @@
 name: "PHPStan"
 on:
  pull_request:
    branches: [develop]
  push:
    branches: [develop]
 jobs:
  tests:
    name: PhpStan on PHP ${{ matrix.php-versions }}
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        php-versions: [ '8.1', '8.2', '8.3' ]
    steps:
      - name: "Checkout"
        uses: "actions/checkout@v4"
      - name: "Install PHP"
        uses: "shivammathur/setup-php@v2"
        with:
          coverage: "none"
          extensions: "intl, zip"
          ini-values: "memory_limit=-1"
          php-version: "${{ matrix.php-version }}"
      - name: Get composer cache directory
        id: composer-cache
        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
      - name: Cache composer dependencies
        uses: actions/cache@v4
        with:
          path: ${{ steps.composer-cache.outputs.dir }}
          # Use composer.json for key, if composer.lock is not committed.
          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
          restore-keys: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
      - name: "Install composer dependencies"
        run: "composer install"
      - name: "Run PHPStan"
        run: "/usr/bin/php vendor/bin/phpstan analyse"
--- a/.gitignore
+++ b/.gitignore
@@ -6,17 +6,15 @@ Thumbs.db
 /.htaccess
 # composer
-composer.phar
+composer.lock
 vendor
 # npm
 node_modules
 tools/ext
 # cypress
 cypress.env.json
 cypress/e2e/2-advanced-examples
 cypress/screenshots
 # created by release.sh
 releases
@@ -49,7 +47,6 @@ system/cache/*
 !system/cache/twig/index.html
 !system/cache/signatures/index.html
 !system/cache/plugins/index.html
 !system/cache/persistent/index.html
 # logs
 system/logs/*
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,8 @@
 # Changelog
-## [1.0-beta - 18.05.2024]
+## [0.9.0-alpha - 02.06.2023]
-Minimum PHP version for this release is 8.1.
+Minimum PHP version for this release is 7.2.5.
 ### Added
 * reworked Admin Panel (@Leesneaks, @gpedro, @slawkens)
@@ -11,26 +11,17 @@ Minimum PHP version for this release is 8.1.
  * new Dashboard: statistics, server status
  * new Admin Bar showed on top when admin logged in
  * new page: Server Data, to reload server data
    * Towns, NPCs & Items are stored in permanent cache
  * new pages: mass account & teleport tools
  * changelogs editor
  * revised Accounts & Players editors
-  * option to add/modify admin menus with plugins
+  * option to add/modify menus with plugins
  * option to enable/disable plugins
  * better, updated TinyMCE editor (v6.x)
    * with option to upload images
-  * list of open source libraries used in project page
+  * list of open source libraries used in project
 * auto-loading of themes, commands & pages from plugins/ folder. You need just to place them in correct folder and they will be loaded automatically - this allows better customization, without interfering with core AAC folders. This will allow in the future automatic updates for plugins as well the AAC as whole.
 * config.php moved to Admin Panel -> Settings page
 * new console script: aac - using symfony/console
  * usage: `php aac` (will list all commands by default)
  * example: `php aac cache:clear`
  * example: `php aac plugin:install theme-example.zip`
 * replace POT Query Builder to Eloquent ORM. Not 100% yet - in some places there is still old $db approach used (@gpedro) (https://github.com/slawkens/myaac/pull/230)
 * brand new charming installation page (by @fernandomatos)
  * using Bootstrap
 * new pages router: nikic/fast-route, allowing for better customisation
 * Plugin cronjobs: central control of the cronjobs
 * Guild Wars support (available as plugin)
 * support for login and create account only by email (configurable)
  * with no need for account name
@@ -40,13 +31,10 @@ Minimum PHP version for this release is 8.1.
  * suggest account number option
 * many new functions, hooks and configurables
 * better Exception Handler (Whoops - https://github.com/filp/whoops)
-* automated website tests (using Cypress)
+* add Cypress testing
 * csrf protection (https://github.com/slawkens/myaac/pull/235)
 * option to restrict Page view to specified group of users (Not-Logged in, logged-in players, tutors, gamemasters etc.)
 * phpdebug bar (http://phpdebugbar.com/). Activated if env == 'dev', can be also activated in production by enabling "enable_debugbar" in local config
 ### Changed
-* Composer and NPM is now used for external libraries like: Twig, PHPMailer, fast-route, jQuery, Bootstrap etc.
+* Composer is now used for external libraries like: Twig, PHPMailer, fast-route etc.
 * mail support is disabled on fresh install, can be manually enabled by user
 * disable add php pages in admin panel for security. Option to disable plugins upload
 * visitors counter shows now user browser, and also if its bot
@@ -57,7 +45,7 @@ Minimum PHP version for this release is 8.1.
 	* Highscores
 		* frags works for TFS 1.x
 		* cached
-	* Monsters
+	* creatures
 * moved pages to Twig:
  * experience stages
 * update player_deaths entries on name change
--- a/CONTRIBUTORS.txt
+++ b/CONTRIBUTORS.txt
@@ -8,11 +8,7 @@ Fernando Matos <fernando@pixele.com.br>
 Lee <42119604+Leesneaks@users.noreply.github.com>
 caio <caio.zucoli@gmail.com>
 slawkens <slawkens@gmail.com>
-tobi132 <tobi132@gmx.net>
+tobi132 <52947952+tobi132@users.noreply.github.com>
 vankk <nwtr.otland@hotmail.com>
 whiteblXK <krzys16001@gmail.com>
 xitobuh <jonas.hockert92@gmail.com>
 Danilo Pucci <dnlps@hotmail.com>
 gpedro <gpedro831@gmail.com>
 Matheus Collier <matheuscollier@gmail.com>
 SRNT-GG <95472530+SRNT-GG@users.noreply.github.com>
--- a/README.md
+++ b/README.md
@@ -11,19 +11,20 @@ Official website: https://my-aac.org
 [![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
 | Version    | Status                                    | Branch  | Requirements   |
-|:--------|:-----------------------|:--------|:---------------|
+|:-----------|:------------------------------------------|:--------|:---------------|
-| **1.x** | **Active development** | develop | **PHP >= 8.1** |
+| **0.10.x** | **Active development**                    | develop | **PHP >= 8.0** |
-| 0.9.x   | Not developed anymore  | 0.9     | PHP >= 7.2.5   |
+| 0.9.x      | Active support                            | 0.9     | PHP >= 7.2.5   |
 | 0.8.x      | Active support                            | master  | PHP >= 7.2.5   |
 | 0.7.x      | End Of Life                               | 0.7     | PHP >= 5.3.3   |
 ### Requirements
 	- PHP 8.0 or later
 	- MySQL database
-	- PHP Extensions: pdo, xml, json
+	- PDO PHP Extension
-	- (optional) apache2 mod_rewrite (to use friendly_urls)
+	- XML PHP Extension
-	- (optional) zip PHP Extension (to install plugins)
+	- (optional) ZIP PHP Extension
-	- (optional) gd PHP Extension (for generating signature images)
+	- (optional) mod_rewrite to use friendly_urls
 ### Installation
@@ -47,8 +48,7 @@ Official website: https://my-aac.org
 ### Configuration
-Check *config.php* to get more informations. (Notice: MyAAC 1.0+ doesn't use config.php anymore, it has been moved to Admin Panel - Settings page).
+Check *config.php* to get more informations.
 Use *config.local.php* for your local configuration changes.
 ### Branches
--- a/40
+++ b/40
@@ -1,40 +0,0 @@
 #!/usr/bin/env php
 <?php
 require_once __DIR__ . '/common.php';
 if(!IS_CLI) {
 	echo 'This script can be run only in command line mode.';
 	exit(1);
 }
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
 define('SELF_NAME', basename(__FILE__));
 use MyAAC\Plugins;
 use Symfony\Component\Console\Application;
 $application = new Application();
 $commandsGlob = glob(SYSTEM . 'src/Commands/*.php');
 foreach ($commandsGlob as $item) {
 	$name = pathinfo($item, PATHINFO_FILENAME);
 	if ($name == 'Command') { // ignore base Command class
 		continue;
 	}
 	$commandPre = '\\MyAAC\Commands\\';
 	$application->add(new ($commandPre . $name));
 }
 $pluginCommands = Plugins::getCommands();
 foreach ($pluginCommands as $item) {
 	$application->add(require $item);
 }
 $application->setName('MyAAC');
 $application->setVersion(MYAAC_VERSION);
 $application->run();
--- a/admin/includes/debugbar.php
+++ b/admin/includes/debugbar.php
@@ -1,22 +0,0 @@
 <?php
 $hooks->register('debugbar_admin_head_end', HOOK_ADMIN_HEAD_END, function ($params) {
 	global $debugBar;
 	if (!isset($debugBar)) {
 		return;
 	}
 	$debugBarRenderer = $debugBar->getJavascriptRenderer();
 	echo $debugBarRenderer->renderHead();
 });
 $hooks->register('debugbar_admin_body_end', HOOK_ADMIN_BODY_END, function ($params) {
 	global $debugBar;
 	if (!isset($debugBar)) {
 		return;
 	}
 	$debugBarRenderer = $debugBar->getJavascriptRenderer();
 	echo $debugBarRenderer->render();
 });
--- a/admin/includes/settings_menus.php
+++ b/admin/includes/settings_menus.php
@@ -1,7 +1,5 @@
 <?php
 use MyAAC\Plugins;
 $order = 10;
 $settingsMenu = [];
--- a/admin/index.php
+++ b/admin/index.php
@@ -25,7 +25,16 @@ define('PAGE', $page);
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
-require __DIR__ . '/includes/debugbar.php';
+// verify myaac tables exists in database
 if(!$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
 }
 // event system
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
 $hooks->load();
 require SYSTEM . 'status.php';
 require SYSTEM . 'login.php';
 require __DIR__ . '/includes/functions.php';
@@ -45,7 +54,7 @@ if(!$logged || !admin()) {
 // include our page
 $file = __DIR__ . '/pages/' . $page . '.php';
 if(!@file_exists($file)) {
-	if (str_contains($page, 'plugins/')) {
+	if (strpos($page, 'plugins/') !== false) {
 		$file = BASE . $page;
 	}
 	else {
--- a/admin/pages/accounts.php
+++ b/admin/pages/accounts.php
@@ -13,9 +13,6 @@ use MyAAC\Models\Player;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Account editor';
 csrfProtect();
 $admin_base = ADMIN_URL . '?p=accounts';
 $use_datatable = true;
@@ -85,7 +82,7 @@ else if (isset($_REQUEST['search'])) {
 		$account = new OTS_Account();
 		$account->load($id);
-		if (isset($_POST['save']) && $account->isLoaded()) {
+		if (isset($account, $_POST['save']) && $account->isLoaded()) {
 			$error = false;
 			$_error = '';
@@ -269,9 +266,6 @@ else if (isset($_REQUEST['search'])) {
 						<li class="nav-item">
 							<a class="nav-link active" id="accounts-acc-tab" data-toggle="pill" href="#accounts-acc">Account</a>
 						</li>
 						<li class="nav-item">
 							<a class="nav-link" id="accounts-logs-tab" data-toggle="pill" href="#accounts-logs">Logs</a>
 						</li>
 						<li class="nav-item">
 							<a class="nav-link" id="accounts-chars-tab" data-toggle="pill" href="#accounts-chars">Characters</a>
 						</li>
@@ -291,8 +285,7 @@ else if (isset($_REQUEST['search'])) {
 				<div class="card-body">
 					<div class="tab-content" id="accounts-tabContent">
 						<div class="tab-pane fade active show" id="accounts-acc">
-							<form action="<?php echo $admin_base . ($id > 0 ? '&id=' . $id : ''); ?>" method="post">
+							<form action="<?php echo $admin_base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post">
 								<?php csrf(); ?>
 								<div class="form-group row">
 									<?php if (USE_ACCOUNT_NAME): ?>
 										<div class="col-12 col-sm-12 col-lg-4">
@@ -331,8 +324,8 @@ else if (isset($_REQUEST['search'])) {
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="group">Account Type:</label>
 											<select name="group" id="group" class="form-control">
-												<?php foreach ($acc_type as $_id => $a_type): ?>
+												<?php foreach ($acc_type as $id => $a_type): ?>
-													<option value="<?php echo($_id); ?>" <?php echo($acc_group == ($_id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
+													<option value="<?php echo($id); ?>" <?php echo($acc_group == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 												<?php endforeach; ?>
 											</select>
 										</div>
@@ -342,8 +335,8 @@ else if (isset($_REQUEST['search'])) {
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="group">Account Type:</label>
 											<select name="group" id="group" class="form-control">
-												<?php foreach ($groups->getGroups() as $_id => $group): ?>
+												<?php foreach ($groups->getGroups() as $id => $group): ?>
-													<option value="<?php echo $_id; ?>" <?php echo($acc_group == $_id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
+													<option value="<?php echo $id; ?>" <?php echo($acc_group == $id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
 												<?php endforeach; ?>
 											</select>
 										</div>
@@ -351,8 +344,8 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="web_flags">Website Access:</label>
 										<select name="web_flags" id="web_flags" class="form-control">
-											<?php foreach ($web_acc as $_id => $a_type): ?>
+											<?php foreach ($web_acc as $id => $a_type): ?>
-												<option value="<?php echo($_id); ?>" <?php echo($account->getWebFlags() == ($_id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
+												<option value="<?php echo($id); ?>" <?php echo($account->getWebFlags() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -404,16 +397,14 @@ else if (isset($_REQUEST['search'])) {
 											   autocomplete="off" maxlength="20"
 											   value="<?php echo $account->getLocation(); ?>"/>
 									</div>
 									<?php if(setting('core.account_country')): ?>
 									<div class="col-12 col-sm-12 col-lg-4">
 										<label for="rl_country">Country:</label>
 										<select name="rl_country" id="rl_country" class="form-control">
-											<?php foreach ($countries as $_id => $a_type): ?>
+											<?php foreach ($countries as $id => $a_type): ?>
-												<option value="<?php echo($_id); ?>" <?php echo($account->getCountry() == ($_id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
+												<option value="<?php echo($id); ?>" <?php echo($account->getCountry() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
 									<?php endif; ?>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
@@ -432,34 +423,6 @@ else if (isset($_REQUEST['search'])) {
 								<a href="<?php echo ADMIN_URL; ?>?p=accounts" class="btn btn-danger float-right"><i class="fas fa-cancel"></i> Cancel</a>
 							</form>
 						</div>
 						<div class="tab-pane fade" id="accounts-logs">
 							<div class="row">
 								<table class="table table-striped table-condensed table-responsive d-md-table">
 									<thead>
 										<tr>
 											<th>#</th>
 											<th>Date</th>
 											<th>Action</th>
 											<th>IP</th>
 										</tr>
 									</thead>
 									<tbody>
 										<?php
 											$accountActions = \MyAAC\Models\AccountAction::where('account_id', $account->getId())->orderByDesc('date')->get();
 											foreach ($accountActions as $i => $log):
 												$log->ip = ($log->ip != 0 ? long2ip($log->ip) : inet_ntop($log->ipv6));
 												?>
 											<tr>
 												<td><?php echo $i + 1; ?></td>
 												<td><?= date("M d Y, H:i:s", $log->date); ?></td>
 												<td><?= $log->action; ?></td>
 												<td><?= $log->ip; ?></td>
 											</tr>
 											<?php endforeach; ?>
 									</tbody>
 								</table>
 							</div>
 						</div>
 						<div class="tab-pane fade" id="accounts-chars">
 							<div class="row">
 								<?php
@@ -587,20 +550,18 @@ else if (isset($_REQUEST['search'])) {
 				<div class="row">
 					<div class="col-6 col-lg-12">
 						<form action="<?php echo $admin_base; ?>" method="post">
-							<?php csrf(); ?>
+							<label for="name">Account Name:</label>
 							<label for="search">Account Name:</label>
 							<div class="input-group input-group-sm">
-								<input type="text" class="form-control" id="search" name="search" value="<?= escapeHtml($search_account); ?>" maxlength="32" size="32">
+								<input type="text" class="form-control" name="search" value="<?php echo $search_account; ?>" maxlength="32" size="32">
 								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 							</div>
 						</form>
 					</div>
 					<div class="col-6 col-lg-12">
 						<form action="<?php echo $admin_base; ?>" method="post">
-							<?php csrf(); ?>
+							<label for="name">Account ID:</label>
 							<label for="id">Account ID:</label>
 							<div class="input-group input-group-sm">
-								<input type="text" class="form-control" id="id" name="id" value="<?= $id; ?>" maxlength="32" size="32">
+								<input type="text" class="form-control" name="id" value="" maxlength="32" size="32">
 								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 							</div>
 						</form>
--- a/admin/pages/changelog.php
+++ b/admin/pages/changelog.php
@@ -9,33 +9,34 @@
 * @link      https://my-aac.org
 */
 use MyAAC\Changelog;
 use MyAAC\Models\Changelog as ModelsChangelog;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Changelog';
 csrfProtect();
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
 }
 $title = 'Changelog';
 $use_datatable = true;
 const CL_LIMIT = 600; // maximum changelog body length
 ?>
 <link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
 <script src="<?php echo BASE_URL; ?>tools/js/jquery.datetimepicker.js"></script>
 <?php
 $id = $_GET['id'] ?? 0;
 require_once LIBS . 'changelog.php';
-if(!empty($action) && isRequestMethod('post'))
+if(!empty($action))
 {
-	$id = $_POST['id'] ?? null;
+	$id = $_REQUEST['id'] ?? null;
-	$body = isset($_POST['body']) ? stripslashes($_POST['body']) : null;
+	$body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null;
-	$create_date = isset($_POST['createdate']) ? (int)strtotime($_POST['createdate'] ): null;
+	$create_date = isset($_REQUEST['createdate']) ? (int)strtotime($_REQUEST['createdate'] ): null;
-	$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : null;
+	$player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null;
-	$type = isset($_POST['type']) ? (int)$_POST['type'] : null;
+	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null;
-	$where = isset($_POST['where']) ? (int)$_POST['where'] : null;
+	$where = isset($_REQUEST['where']) ? (int)$_REQUEST['where'] : null;
 	$errors = array();
@@ -45,13 +46,12 @@ if(!empty($action) && isRequestMethod('post'))
 			$body = '';
 			$type = $where = $player_id = $create_date = 0;
-			success('Added successful.');
+			success("Added successful.");
 		}
 	}
 	else if($action == 'delete') {
-		if (Changelog::delete($id, $errors)) {
+		Changelog::delete($id, $errors);
-			success('Deleted successful.');
+		success("Deleted successful.");
 		}
 	}
 	else if($action == 'edit')
 	{
@@ -68,14 +68,13 @@ if(!empty($action) && isRequestMethod('post'))
 				$action = $body = '';
 				$type = $where = $player_id = $create_date = 0;
-				success('Updated successful.');
+				success("Updated successful.");
 			}
 		}
 	}
 	else if($action == 'hide') {
-		if (Changelog::toggleHide($id, $errors, $status)) {
+		Changelog::toggleHidden($id, $errors, $status);
-			success(($status == 1 ? 'Hide' : 'Show') . ' successful.');
+		success(($status == 1 ? 'Show' : 'Hide') . " successful.");
 		}
 	}
 	if(!empty($errors))
@@ -114,7 +113,7 @@ if($action == 'edit' || $action == 'new') {
 	$account_players->orderBy('group_id', POT::ORDER_DESC);
 	$twig->display('admin.changelog.form.html.twig', array(
 		'action' => $action,
-		'cl_link_form' => constant('ADMIN_URL').'?p=changelog',
+		'cl_link_form' => constant('ADMIN_URL').'?p=changelog&action=' . ($action == 'edit' ? 'edit' : 'new'),
 		'cl_id' => $id ?? null,
 		'body' => isset($body) ? escapeHtml($body) : '',
 		'create_date' => $create_date ?? '',
@@ -129,3 +128,15 @@ if($action == 'edit' || $action == 'new') {
 $twig->display('admin.changelog.html.twig', array(
 	'changelogs' => $changelogs,
 ));
 ?>
 <script>
 	$(document).ready(function () {
 		$('#createdate').datetimepicker({format: "M d Y, H:i:s",});
 		$('.tb_datatable').DataTable({
 			"order": [[0, "desc"]],
 			"columnDefs": [{targets: [1, 2,4,5],orderable: false}]
 		});
 	});
 </script>
--- a/admin/pages/dashboard.php
+++ b/admin/pages/dashboard.php
@@ -10,9 +10,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Dashboard';
-csrfProtect();
+if (isset($_GET['clear_cache'])) {
 if (isset($_POST['clear_cache'])) {
 	if (clearCache()) {
 		success('Cache cleared.');
 	} else {
@@ -20,7 +18,7 @@ if (isset($_POST['clear_cache'])) {
 	}
 }
-if (isset($_POST['maintenance'])) {
+if (isset($_GET['maintenance'])) {
 	$message = (!empty($_POST['message']) ? $_POST['message'] : null);
 	$_status = (isset($_POST['status']) && $_POST['status'] == 'true');
 	$_status = ($_status ? '0' : '1');
--- a/admin/pages/login.php
+++ b/admin/pages/login.php
@@ -10,8 +10,6 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Login';
 csrfProtect();
 require PAGES . 'account/login.php';
 if ($logged) {
 	header('Location: ' . (admin() ? ADMIN_URL : BASE_URL));
--- a/admin/pages/mailer.php
+++ b/admin/pages/mailer.php
@@ -10,8 +10,6 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Mailer';
 csrfProtect();
 if (!hasFlag(FLAG_CONTENT_MAILER) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
@@ -22,7 +20,7 @@ if (!setting('core.mail_enabled')) {
 	return;
 }
-$mail_to = isset($_POST['mail_to']) ? stripslashes(trim($_POST['mail_to'])) : null;
+$mail_to = isset($_REQUEST['mail_to']) ? stripslashes(trim($_REQUEST['mail_to'])) : null;
 $mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : null;
 $mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : null;
--- a/admin/pages/mass_account.php
+++ b/admin/pages/mass_account.php
@@ -16,8 +16,6 @@ defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Mass Account Actions';
 csrfProtect();
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $freePremium = $config['lua']['freePremium'];
@@ -162,9 +160,9 @@ function admin_give_premdays($days)
 	displayMessage('Premium Days not supported.');
 }
-if (!empty(ACTION) && isRequestMethod('post')) {
+if (isset($_POST['action']) && $_POST['action']) {
-	$action = ACTION;
+	$action = $_POST['action'];
 	if (preg_match("/[^A-z0-9_\-]/", $action)) {
 		displayMessage('Invalid action.');
--- a/admin/pages/mass_teleport.php
+++ b/admin/pages/mass_teleport.php
@@ -16,8 +16,6 @@ defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Mass Teleport Actions';
 csrfProtect();
 function admin_teleport_position($x, $y, $z) {
 	if (!Player::query()->update([
 		'posx' => $x, 'posy' => $y, 'posz' => $z
@@ -40,9 +38,9 @@ function admin_teleport_town($town_id) {
 	displayMessage('Player\'s town updated.', true);
 }
-if (!empty(ACTION) && isRequestMethod('post'))    {
+if (isset($_POST['action']) && $_POST['action'])    {
-	$action = ACTION;
+	$action = $_POST['action'];
 	if (preg_match("/[^A-z0-9_\-]/", $action)) {
 		displayMessage('Invalid action.');
--- a/admin/pages/menus.php
+++ b/admin/pages/menus.php
@@ -8,27 +8,24 @@
 * @link      https://my-aac.org
 */
 use MyAAC\Cache\Cache;
 use MyAAC\Models\Menu;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Menus';
 csrfProtect();
 if (!hasFlag(FLAG_CONTENT_MENUS) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
 }
-if (isset($_POST['template'])) {
+if (isset($_REQUEST['template'])) {
-	$template = $_POST['template'];
+	$template = $_REQUEST['template'];
-	if (isset($_POST['menu'])) {
+	if (isset($_REQUEST['menu'])) {
-		$post_menu = $_POST['menu'];
+		$post_menu = $_REQUEST['menu'];
-		$post_menu_link = $_POST['menu_link'];
+		$post_menu_link = $_REQUEST['menu_link'];
-		$post_menu_blank = $_POST['menu_blank'];
+		$post_menu_blank = $_REQUEST['menu_blank'];
-		$post_menu_color = $_POST['menu_color'];
+		$post_menu_color = $_REQUEST['menu_color'];
 		if (count($post_menu) != count($post_menu_link)) {
 			echo 'Menu count is not equal menu links. Something went wrong when sending form.';
 			return;
@@ -72,10 +69,9 @@ if (isset($_POST['template'])) {
 		return;
 	}
-	if (isset($_GET['reset_colors'])) {
+	if (isset($_REQUEST['reset_colors'])) {
 		if (isset($config['menu_default_color'])) {
 			Menu::where('template', $template)->update(['color' => str_replace('#', '', $config['menu_default_color'])]);
 			success('Colors has been reset.');
 		}
 		else {
 			warning('There is no default color defined, cannot reset colors.');
@@ -97,7 +93,6 @@ if (isset($_POST['template'])) {
 		</p>
 		<?php if (isset($config['menu_default_color'])) {?>
 		<form method="post" action="?p=menus&reset_colors" onsubmit="return confirm('Do you really want to reset colors?');">
 			<?php csrf(); ?>
 			<input type="hidden" name="template" value="<?php echo $template ?>"/>
 			<button type="submit" class="btn btn-danger">Reset Colors to default</button>
 		</form>
@@ -117,7 +112,6 @@ if (isset($_POST['template'])) {
 	$last_id = array();
 	?>
 	<form method="post" id="menus-form" action="?p=menus">
 		<?php csrf(); ?>
 		<input type="hidden" name="template" value="<?php echo $template ?>"/>
 		<button type="submit" class="btn btn-info">Save</button><br/><br/>
 		<div class="row">
--- a/admin/pages/modules/templates/web_status.twig
+++ b/admin/pages/modules/templates/web_status.twig
@@ -1,9 +1,10 @@
 <div class="col-12 col-md-6">
 	<div class="card card-warning card-outline">
 		<form action="?p=dashboard&maintenance" method="post" class="form-horizontal">
 			<div class="card-header">
 				<span class="m-0">Website Status<span class="float-right">
 				<div class="custom-control custom-switch custom-switch-off-danger custom-switch-on-success">
-				<input form="maintenance-form" type="checkbox" class="custom-control-input" name="status" id="status" value="true" {% if not is_closed %} checked{% endif %}>
+					<input type="checkbox" class="custom-control-input" name="status" id="status" value="true" {% if not is_closed %} checked{% endif %}>
 					<label id="status-label" class="custom-control-label" for="status"> {% if is_closed %}Closed{% else %}Open{% endif %}</label>
 				</div></span>
 				</span>
@@ -11,22 +12,17 @@
 			<div class="card-body p-2">
 				<div class="col-sm-12">
 					<label for="message" class="col-form-label">Maintenance Message</label>
-				<textarea form="maintenance-form" name="message" class="form-control" cols="40" rows="3" maxlength="255" placeholder="Enter ...">{{ closed_message }}</textarea>
+					<textarea name="message" class="form-control" cols="40" rows="3" maxlength="255" placeholder="Enter ...">{{ closed_message }}</textarea>
 					<small>(only visible if closed)</small>
 				</div>
 			</div>
 			<div class="card-footer">
 			<form id="maintenance-form" method="post" action="?p=dashboard" class="float-left">
 				{{ csrf() }}
 				<input type="hidden" name="maintenance" value="1" />
 				<button type="submit" class="btn btn-info"><i class="far fa-update"></i> Update</button>
-			</form>
+				<a href="?p=dashboard&clear_cache" onclick="return confirm('Are you sure?');" class="float-right">
-			<form method="post" action="?p=dashboard" class="float-right">
+					<span class="btn btn-danger"><i class="fas fa-clear"></i>Clear cache</span>
-				{{ csrf() }}
+				</a>
 				<input type="hidden" name="clear_cache" value="1" />
 				<button type="submit" onclick="return confirm('Are you sure that you want to clear cache?');" class="btn btn-danger" title="Clear Cache"><i class="fas fa-clear"></i>Clear cache</button>
 			</form>
 			</div>
 		</form>
 	</div>
 </div>
--- a/admin/pages/news.php
+++ b/admin/pages/news.php
@@ -7,16 +7,12 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Forum;
 use MyAAC\News;
 defined('MYAAC') or die('Direct access not allowed!');
 require_once LIBS . 'forum.php';
 require_once LIBS . 'news.php';
 $title = 'News Panel';
 csrfProtect();
 $use_datatable = true;
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
@@ -27,44 +23,45 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 header('X-XSS-Protection:0');
 // some constants, used mainly by database (cannot by modified without schema changes)
-const NEWS_TITLE_LIMIT = 100;
+define('NEWS_TITLE_LIMIT', 100);
-const NEWS_BODY_LIMIT = 65535; // maximum news body length
+define('NEWS_BODY_LIMIT', 65535); // maximum news body length
-const ARTICLE_TEXT_LIMIT = 300;
+define('ARTICLE_TEXT_LIMIT', 300);
-const ARTICLE_IMAGE_LIMIT = 100;
+define('ARTICLE_IMAGE_LIMIT', 100);
 $name = $p_title = '';
 if(!empty($action))
 {
-	$id = $_POST['id'] ?? null;
+	$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : null;
-	$p_title = $_POST['title'] ?? null;
+	$p_title = isset($_REQUEST['title']) ? $_REQUEST['title'] : null;
-	$body = isset($_POST['body']) ? stripslashes($_POST['body']) : null;
+	$body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null;
-	$comments = $_POST['comments'] ?? null;
+	$comments = isset($_REQUEST['comments']) ? $_REQUEST['comments'] : null;
-	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : 1;
+	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null;
-	$category = isset($_POST['category']) ? (int)$_POST['category'] : null;
+	$category = isset($_REQUEST['category']) ? (int)$_REQUEST['category'] : null;
-	$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : null;
+	$player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null;
-	$article_text = $_POST['article_text'] ?? null;
+	$article_text = isset($_REQUEST['article_text']) ? $_REQUEST['article_text'] : null;
-	$article_image = $_POST['article_image'] ?? null;
+	$article_image = isset($_REQUEST['article_image']) ? $_REQUEST['article_image'] : null;
-	$forum_section = $_POST['forum_section'] ?? null;
+	$forum_section = isset($_REQUEST['forum_section']) ? $_REQUEST['forum_section'] : null;
-	$errors = [];
+	$errors = array();
-	if (isRequestMethod('post')) {
+	if($action == 'new') {
-		if ($action == 'new') {
+		if(isset($forum_section) && $forum_section != '-1') {
 			if (isset($forum_section) && $forum_section != '-1') {
 			$forum_add = Forum::add_thread($p_title, $body, $forum_section, $player_id, $account_logged->getId(), $errors);
 		}
-			if (isset($p_title) && News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
+		if(isset($p_title) && News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
 			$p_title = $body = $comments = $article_text = $article_image = '';
 			$type = $category = $player_id = 0;
-				success('Added successful.');
+			success("Added successful.");
 		}
 		} else if ($action == 'delete') {
 			if (News::delete($id, $errors)) {
 				success('Deleted successful.');
 	}
-		} else if ($action == 'edit') {
+	else if($action == 'delete') {
-			if (isset($id) && !isset($p_title)) {
+		News::delete($id, $errors);
 		success("Deleted successful.");
 	}
 	else if($action == 'edit')
 	{
 		if(isset($id) && !isset($p_title)) {
 			$news = News::get($id);
 			$p_title = $news['title'];
 			$body = $news['body'];
@@ -74,24 +71,24 @@ if(!empty($action))
 			$player_id = $news['player_id'];
 			$article_text = $news['article_text'];
 			$article_image = $news['article_image'];
-			} else {
+		}
-				if (News::update($id, $p_title, $body, $type, $category, $player_id, $forum_section, $article_text, $article_image, $errors)) {
+		else {
 			if(News::update($id, $p_title, $body, $type, $category, $player_id, $forum_section, $article_text, $article_image, $errors)) {
 				// update forum thread if exists
-					if (isset($forum_section) && Validator::number($forum_section)) {
+				if(isset($forum_section) && Validator::number($forum_section)) {
-						$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `author_guid` = " . (int)$player_id . ", `post_text` = " . $db->quote($body) . ", `post_topic` = " . $db->quote($p_title) . ", `edit_date` = " . time() . " WHERE `id` = " . $db->quote($forum_section));
+					$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `author_guid` = ".(int) $player_id.", `post_text` = ".$db->quote($body).", `post_topic` = ".$db->quote($p_title).", `edit_date` = " . time() . " WHERE `id` = " . $db->quote($forum_section));
 				}
 				$action = $p_title = $body = $comments = $article_text = $article_image = '';
 				$type = $category = $player_id = 0;
-					success('Updated successful.');
+				success("Updated successful.");
 			}
 		}
 		} else if ($action == 'hide') {
 			if (News::toggleHide($id, $errors, $status)) {
 				success(($status == 1 ? 'Hide' : 'Show') . ' successful.');
 			}
 	}
 	else if($action == 'hide') {
 		News::toggleHidden($id, $errors, $status);
 		success(($status == 1 ? 'Show' : 'Hide') . " successful.");
 	}
 	if(!empty($errors))
@@ -99,7 +96,7 @@ if(!empty($action))
 }
 $categories = array();
-foreach($db->query('SELECT `id`, `name`, `icon_id` FROM `' . TABLE_PREFIX . 'news_categories` WHERE `hide` != 1') as $cat)
+foreach($db->query('SELECT `id`, `name`, `icon_id` FROM `' . TABLE_PREFIX . 'news_categories` WHERE `hidden` != 1') as $cat)
 {
 	$categories[$cat['id']] = array(
 		'name' => $cat['name'],
@@ -117,10 +114,12 @@ if($action == 'edit' || $action == 'new') {
 	$account_players->orderBy('group_id', POT::ORDER_DESC);
 	$twig->display('admin.news.form.html.twig', array(
 		'action' => $action,
 		'news_link' => getLink(PAGE),
 		'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'new'),
 		'news_id' => $id ?? null,
 		'title' => $p_title ?? '',
 		'body' => isset($body) ? escapeHtml($body) : '',
-		'type' => $type,
+		'type' => $type ?? null,
 		'player' => isset($player) && $player->isLoaded() ? $player : null,
 		'player_id' => $player_id ?? null,
 		'account_players' => $account_players,
@@ -142,12 +141,12 @@ foreach ($query as $_news) {
 	$newses[$_news['type']][] = array(
 		'id' => $_news['id'],
-		'hide' => $_news['hide'],
+		'hidden' => $_news['hidden'],
 		'archive_link' => getLink('news') . '/archive/' . $_news['id'],
 		'title' => $_news['title'],
 		'date' => $_news['date'],
-		'player_name' => $_player->isLoaded() ? $_player->getName() : '',
+		'player_name' => isset($_player) && $_player->isLoaded() ? $_player->getName() : '',
-		'player_link' => $_player->isLoaded() ? getPlayerLink($_player->getName(), false) : '',
+		'player_link' => isset($_player) && $_player->isLoaded() ? getPlayerLink($_player->getName(), false) : '',
 	);
 }
--- a/admin/pages/notepad.php
+++ b/admin/pages/notepad.php
@@ -13,10 +13,8 @@ use MyAAC\Models\Notepad as ModelsNotepad;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Notepad';
 csrfProtect();
 /**
- * @var OTS_Account $account_logged
+ * @var $account_logged OTS_Account
 */
 $_content = '';
 $notepad = ModelsNotepad::where('account_id', $account_logged->getId())->first();
--- a/admin/pages/pages.php
+++ b/admin/pages/pages.php
@@ -9,14 +9,11 @@
 */
 use MyAAC\Models\Pages as ModelsPages;
 use MyAAC\Admin\Pages;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Pages';
 $use_datatable = true;
 csrfProtect();
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
@@ -32,36 +29,31 @@ $enable_tinymce = true;
 $access = 0;
 // some constants, used mainly by database (cannot by modified without schema changes)
-const PAGE_TITLE_LIMIT = 30;
+define('PAGE_TITLE_LIMIT', 30);
-const PAGE_NAME_LIMIT = 30;
+define('PAGE_NAME_LIMIT', 30);
-const PAGE_BODY_LIMIT = 65535; // maximum page body length
+define('PAGE_BODY_LIMIT', 65535); // maximum page body length
-if (!empty($action) && isRequestMethod('post')) {
+if (!empty($action)) {
-	if ($action == 'delete' || $action == 'edit' || $action == 'hide') {
+	if ($action == 'delete' || $action == 'edit' || $action == 'hide')
-		$id = $_POST['id'];
+		$id = $_REQUEST['id'];
 	if (isset($_REQUEST['name']))
 		$name = $_REQUEST['name'];
 	if (isset($_REQUEST['title']))
 		$p_title = $_REQUEST['title'];
 	$php = isset($_REQUEST['php']) && $_REQUEST['php'] == 1;
 	$enable_tinymce = isset($_REQUEST['enable_tinymce']) && $_REQUEST['enable_tinymce'] == 1;
 	if ($php)
 		$body = $_REQUEST['body'];
 	else if (isset($_REQUEST['body'])) {
 		//$body = $_REQUEST['body'];
 		$body = html_entity_decode(stripslashes($_REQUEST['body']));
 	}
-	if (isset($_POST['name'])) {
+	if (isset($_REQUEST['access']))
-		$name = $_POST['name'];
+		$access = $_REQUEST['access'];
 	}
 	if (isset($_POST['title'])) {
 		$p_title = $_POST['title'];
 	}
 	$php = isset($_POST['php']) && $_POST['php'] == 1;
 	$enable_tinymce = (isset($_POST['enable_tinymce']) && $_POST['enable_tinymce'] == 1) ?: $enable_tinymce;
 	if ($php) {
 		$body = $_POST['body'];
 	}
 	else if (isset($_POST['body'])) {
 		//$body = $_POST['body'];
 		$body = html_entity_decode(stripslashes($_POST['body']));
 	}
 	if (isset($_POST['access'])) {
 		$access = $_POST['access'];
 	}
 	$errors = array();
 	$player_id = 1;
@@ -78,7 +70,7 @@ if (!empty($action) && isRequestMethod('post')) {
 		if (Pages::delete($id, $errors))
 			success('Page with id ' . $id . ' has been deleted');
 	} else if ($action == 'edit') {
-		if (isset($id) && !isset($_POST['name'])) {
+		if (isset($id) && !isset($_REQUEST['name'])) {
 			$_page = Pages::get($id);
 			$name = $_page['name'];
 			$p_title = $_page['title'];
@@ -97,9 +89,8 @@ if (!empty($action) && isRequestMethod('post')) {
 			}
 		}
 	} else if ($action == 'hide') {
-		if (Pages::toggleHide($id, $errors, $status)) {
+		Pages::toggleHidden($id, $errors, $status);
-			success(($status == 0 ? 'Show' : 'Hide') . ' successful.');
+		success(($status == 1 ? 'Show' : 'Hide') . ' successful.');
 		}
 	}
 	if (!empty($errors))
@@ -112,11 +103,11 @@ $pages = ModelsPages::all()->map(function ($e) {
 		'title' => substr($e->title, 0, 20),
 		'php' => $e->php == '1',
 		'id' => $e->id,
-		'hide' => $e->hide
+		'hidden' => $e->hidden
 	];
 })->toArray();
-$twig->display('admin.pages.form.html.twig', [
+$twig->display('admin.pages.form.html.twig', array(
 	'action' => $action,
 	'id' => $action == 'edit' ? $id : null,
 	'name' => $name,
@@ -126,8 +117,136 @@ $twig->display('admin.pages.form.html.twig', [
 	'body' => isset($body) ? escapeHtml($body) : '',
 	'groups' => $groups->getGroups(),
 	'access' => $access
-]);
+));
-$twig->display('admin.pages.html.twig', [
+$twig->display('admin.pages.html.twig', array(
 	'pages' => $pages
-]);
+));
 class Pages
 {
 	static public function verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
 	{
 		if(!isset($title[0]) || !isset($body[0])) {
 			$errors[] = 'Please fill all inputs.';
 			return false;
 		}
 		if(strlen($name) > PAGE_NAME_LIMIT) {
 			$errors[] = 'Page name cannot be longer than ' . PAGE_NAME_LIMIT . ' characters.';
 			return false;
 		}
 		if(strlen($title) > PAGE_TITLE_LIMIT) {
 			$errors[] = 'Page title cannot be longer than ' . PAGE_TITLE_LIMIT . ' characters.';
 			return false;
 		}
 		if(strlen($body) > PAGE_BODY_LIMIT) {
 			$errors[] = 'Page content cannot be longer than ' . PAGE_BODY_LIMIT . ' characters.';
 			return false;
 		}
 		if(!isset($player_id) || $player_id == 0) {
 			$errors[] = 'Player ID is wrong.';
 			return false;
 		}
 		if(!isset($php) || ($php != 0 && $php != 1)) {
 			$errors[] = 'Enable PHP is wrong.';
 			return false;
 		}
 		if ($php == 1 && !getBoolean(setting('core.admin_pages_php_enable'))) {
 			$errors[] = 'PHP pages disabled on this server. To enable go to Settings in Admin Panel and enable <strong>Enable PHP Pages</strong>.';
 			return false;
 		}
 		if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) {
 			$errors[] = 'Enable TinyMCE is wrong.';
 			return false;
 		}
 		if(!isset($access) || $access < 0 || $access > PHP_INT_MAX) {
 			$errors[] = 'Access is wrong.';
 			return false;
 		}
 		return true;
 	}
 	static public function get($id)
 	{
 		$row = ModelsPages::find($id);
 		if ($row) {
 			return $row->toArray();
 		}
 		return false;
 	}
 	static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
 	{
 		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
 			return false;
 		}
 		if (!ModelsPages::where('name', $name)->exists())
 			ModelsPages::create([
 				'name' => $name,
 				'title' => $title,
 				'body' => $body,
 				'player_id' => $player_id,
 				'php' => $php ? '1' : '0',
 				'enable_tinymce' => $enable_tinymce ? '1' : '0',
 				'access' => $access
 			]);
 		else
 			$errors[] = 'Page with this link already exists.';
 		return !count($errors);
 	}
 	static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
 	{
 		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
 			return false;
 		}
 		ModelsPages::where('id', $id)->update([
 			'name' => $name,
 			'title' => $title,
 			'body' => $body,
 			'player_id' => $player_id,
 			'php' => $php ? '1' : '0',
 			'enable_tinymce' => $enable_tinymce ? '1' : '0',
 			'access' => $access
 		]);
 		return true;
 	}
 	static public function delete($id, &$errors)
 	{
 		if (isset($id)) {
 			$row = ModelsPages::find($id);
 			if ($row) {
 				$row->delete();
 			}
 			else
 				$errors[] = 'Page with id ' . $id . ' does not exists.';
 		} else
 			$errors[] = 'id not set';
 		return !count($errors);
 	}
 	static public function toggleHidden($id, &$errors, &$status)
 	{
 		if (isset($id)) {
 			$row = ModelsPages::find($id);
 			if ($row) {
 				$row->hidden = $row->hidden == 1 ? 0 : 1;
 				$row->save();
 				$status = $row->hidden;
 			}
 			else {
 				$errors[] = 'Page with id ' . $id . ' does not exists.';
 			}
 		} else
 			$errors[] = 'id not set';
 		return !count($errors);
 	}
 }
--- a/admin/pages/players.php
+++ b/admin/pages/players.php
@@ -8,18 +8,15 @@
 * @link      https://my-aac.org
 */
 use MyAAC\Forum;
 use MyAAC\Models\Player;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Player editor';
 csrfProtect();
 $player_base = ADMIN_URL . '?p=players';
 $use_datatable = true;
 require_once LIBS . 'forum.php';
 $skills = array(
 	POT::SKILL_FIST => array('Fist fighting', 'fist'),
@@ -78,7 +75,7 @@ else if (isset($_REQUEST['search'])) {
 		$player = new OTS_Player();
 		$player->load($id);
-		if ($player->isLoaded() && isset($_POST['save'])) {// we want to save
+		if (isset($player) && $player->isLoaded() && isset($_POST['save'])) {// we want to save
 			$error = false;
 			if ($player->isOnline())
@@ -213,7 +210,7 @@ else if (isset($_REQUEST['search'])) {
 			}
 			$deleted = (isset($_POST['deleted']) && $_POST['deleted'] == 'true');
-			$hide = (isset($_POST['hide']) && $_POST['hide'] == 'true');
+			$hidden = (isset($_POST['hidden']) && $_POST['hidden'] == 'true');
 			$created = strtotime($_POST['created']);
 			verify_number($created, 'Created', 11);
@@ -290,7 +287,7 @@ else if (isset($_REQUEST['search'])) {
 					$player->setCustomField('deletion', $deleted ? '1' : '0');
 				else
 					$player->setCustomField('deleted', $deleted ? '1' : '0');
-				$player->setCustomField('hide', $hide ? '1' : '0');
+				$player->setCustomField('hidden', $hidden ? '1' : '0');
 				$player->setCustomField('created', $created);
 				if (isset($comment))
 					$player->setCustomField('comment', $comment);
@@ -375,8 +372,7 @@ else if (isset($_REQUEST['search'])) {
 						</li>
 					</ul>
 				</div>
-				<form action="<?php echo $player_base . ($id > 0 ? '&id=' . $id : ''); ?>" method="post">
+				<form action="<?php echo $player_base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post">
 					<?php csrf(); ?>
 					<div class="card-body">
 						<div class="tab-content" id="tabs-tabContent">
 							<div class="tab-pane fade active show" id="tabs-home">
@@ -394,8 +390,8 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="group">Group:</label>
 										<select name="group" id="group" class="form-control custom-select">
-											<?php foreach ($groups->getGroups() as $_id => $group): ?>
+											<?php foreach ($groups->getGroups() as $id => $group): ?>
-												<option value="<?php echo $_id; ?>" <?php echo($player->getGroup()->getId() == $_id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
+												<option value="<?php echo $id; ?>" <?php echo($player->getGroup()->getId() == $id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -403,8 +399,8 @@ else if (isset($_REQUEST['search'])) {
 										<label for="vocation">Vocation</label>
 										<select name="vocation" id="vocation" class="form-control custom-select">
 											<?php
-											foreach ($config['vocations'] as $_id => $name) {
+											foreach ($config['vocations'] as $id => $name) {
-												echo '<option value=' . $_id . ($_id == $player->getVocation() ? ' selected' : '') . '>' . $name . '</option>';
+												echo '<option value=' . $id . ($id == $player->getVocation() ? ' selected' : '') . '>' . $name . '</option>';
 											}
 											?>
 										</select>
@@ -414,8 +410,8 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="sex">Sex:</label>
 										<select name="sex" id="sex" class="form-control custom-select">>
-											<?php foreach ($config['genders'] as $_id => $sex): ?>
+											<?php foreach ($config['genders'] as $id => $sex): ?>
-												<option value="<?php echo $_id; ?>" <?php echo($player->getSex() == $_id ? 'selected' : ''); ?>><?php echo strtolower($sex); ?></option>
+												<option value="<?php echo $id; ?>" <?php echo($player->getSex() == $id ? 'selected' : ''); ?>><?php echo strtolower($sex); ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -428,8 +424,8 @@ else if (isset($_REQUEST['search'])) {
 												$configTowns[$player->getTownId()] = 'Unknown Town';
 											}
-											foreach ($configTowns as $_id => $town): ?>
+											foreach ($configTowns as $id => $town): ?>
-												<option value="<?php echo $_id; ?>" <?php echo($player->getTownId() == $_id ? 'selected' : ''); ?>><?php echo $town; ?></option>
+												<option value="<?php echo $id; ?>" <?php echo($player->getTownId() == $id ? 'selected' : ''); ?>><?php echo $town; ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
@@ -440,8 +436,8 @@ else if (isset($_REQUEST['search'])) {
 										<select name="skull" id="skull" class="form-control custom-select">
 											<?php
-											foreach ($skull_type as $_id => $s_name) {
+											foreach ($skull_type as $id => $s_name) {
-												echo '<option value=' . $_id . ($_id == $player->getSkull() ? ' selected' : '') . '>' . $s_name . '</option>';
+												echo '<option value=' . $id . ($id == $player->getSkull() ? ' selected' : '') . '>' . $s_name . '</option>';
 											}
 											?>
 										</select>
@@ -485,8 +481,8 @@ else if (isset($_REQUEST['search'])) {
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<div class="custom-control custom-switch custom-switch-on-success">
-											<input type="checkbox" class="custom-control-input" name="hide" id="hide" value="true" <?php echo($player->isHidden() ? ' checked' : ''); ?>>
+											<input type="checkbox" class="custom-control-input" name="hidden" id="hidden" value="true" <?php echo($player->isHidden() ? ' checked' : ''); ?>>
-											<label class="custom-control-label" for="hide">Hidden</label>
+											<label class="custom-control-label" for="hidden">Hidden</label>
 										</div>
 									</div>
 								</div>
@@ -558,16 +554,16 @@ else if (isset($_REQUEST['search'])) {
 							</div>
 							<div class="tab-pane fade" id="tabs-skills">
 								<?php
-								foreach ($skills as $_id => $info) {
+								foreach ($skills as $id => $info) {
 									?>
 									<div class="form-group row">
 										<div class="col-12 col-sm-12 col-lg-6">
-											<?php echo '<label for="skills[' . $_id . ']" class="control-label">' . $info[0] . '</label>
+											<?php echo '<label for="skills[' . $id . ']" class="control-label">' . $info[0] . '</label>
-									<input type="text" class="form-control" id="skills[' . $_id . ']" name="skills[' . $_id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkill($_id) . '"/>'; ?>
+									<input type="text" class="form-control" id="skills[' . $id . ']" name="skills[' . $id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkill($id) . '"/>'; ?>
 										</div>
 										<div class="col-12 col-sm-12 col-lg-6">
-											<?php echo '<label for="skills_tries[' . $_id . ']" class="control-label">' . $info[0] . ' tries</label>
+											<?php echo '<label for="skills_tries[' . $id . ']" class="control-label">' . $info[0] . ' tries</label>
-									<input type="text" class="form-control" id="skills_tries[' . $_id . ']" name="skills_tries[' . $_id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkillTries($_id) . '"/>'; ?>
+									<input type="text" class="form-control" id="skills_tries[' . $id . ']" name="skills_tries[' . $id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkillTries($id) . '"/>'; ?>
 										</div>
 									</div>
 								<?php } ?>
@@ -626,7 +622,7 @@ else if (isset($_REQUEST['search'])) {
 										if ($outfitlist) { ?>
 											<select name="look_type" id="look_type" class="form-control custom-select">
 												<?php
-												foreach ($outfitlist as $_id => $outfit) {
+												foreach ($outfitlist as $id => $outfit) {
 													if ($outfit['enabled'] == 'yes') ;
 													echo '<option value=' . $outfit['id'] . ($outfit['id'] == $player->getLookType() ? ' selected' : '') . '>' . $outfit['name'] . ' - ' . ($outfit['type'] == 1 ? 'Male' : 'Female') . '</option>';
 												}
@@ -642,8 +638,8 @@ else if (isset($_REQUEST['search'])) {
 											<select name="look_addons" id="look_addons" class="form-control custom-select">
 												<?php
 												$addon_type = array("None", "First", "Second", "Both");
-												foreach ($addon_type as $_id => $s_name) {
+												foreach ($addon_type as $id => $s_name) {
-													echo '<option value=' . $_id . ($_id == $player->getLookAddons() ? ' selected' : '') . '>' . $s_name . '</option>';
+													echo '<option value=' . $id . ($id == $player->getLookAddons() ? ' selected' : '') . '>' . $s_name . '</option>';
 												}
 												?>
 											</select>
@@ -708,7 +704,7 @@ else if (isset($_REQUEST['search'])) {
 								<div class="form-group row">
 									<div class="col-12">
 										<label for="comment" class="control-label">Comment:</label>
-										<textarea class="form-control" id="comment" name="comment" rows="10" cols="50" wrap="virtual"><?php echo $player->getCustomField("comment"); ?></textarea>
+										<textarea class="form-control" name="comment" rows="10" cols="50" wrap="virtual"><?php echo $player->getCustomField("comment"); ?></textarea>
 										<small>[max. length: 2000 chars, 50 lines (ENTERs)]</small>
 									</div>
 								</div>
@@ -845,7 +841,7 @@ else if (isset($_REQUEST['search'])) {
 				<?php if($hasLookAddons): ?>
 				const $addonvalue = $('#look_addons');
-				$addonvalue.on('change', () => {
+				$('#look_addons').on('change', () => {
 					updateOutfit();
 				});
 				<?php endif; ?>
@@ -874,20 +870,18 @@ else if (isset($_REQUEST['search'])) {
 			<div class="card-body row">
 				<div class="col-6 col-lg-12">
 					<form action="<?php echo $player_base; ?>" method="post">
-						<?php csrf(); ?>
+						<label for="name">Player Name:</label>
 						<label for="search">Player Name:</label>
 						<div class="input-group input-group-sm">
-							<input type="text" class="form-control" id="search" name="search" value="<?= escapeHtml($search_player); ?>" maxlength="32" size="32">
+							<input type="text" class="form-control" name="search" value="<?php echo $search_player; ?>" maxlength="32" size="32">
 							<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 						</div>
 					</form>
 				</div>
 				<div class="col-6 col-lg-12">
 					<form action="<?php echo $player_base; ?>" method="post">
-						<?php csrf(); ?>
+						<label for="name">Player ID:</label>
 						<label for="id">Player ID:</label>
 						<div class="input-group input-group-sm">
-							<input type="text" class="form-control" id="id" name="id" value="<?= $id; ?>" maxlength="32" size="32">
+							<input type="text" class="form-control" name="id" value="" maxlength="32" size="32">
 							<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 						</div>
 					</form>
@@ -898,7 +892,7 @@ else if (isset($_REQUEST['search'])) {
 </div>
 <script>
-	$(function () {
+	$(document).ready(function () {
 		$('.player_datatable').DataTable({
 			"order": [[0, "asc"]]
 		});
--- a/admin/pages/plugins.php
+++ b/admin/pages/plugins.php
@@ -7,39 +7,35 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Plugins;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Plugin manager';
 csrfProtect();
 $use_datatable = true;
 require_once LIBS . 'plugins.php';
 if (!getBoolean(setting('core.admin_plugins_manage_enable'))) {
 	warning('Plugin installation and management is disabled in Settings.<br/>If you wish to enable, go to Settings and enable <strong>Enable Plugins Manage</strong>.');
 }
 else {
 	$twig->display('admin.plugins.form.html.twig');
-	if (isset($_POST['uninstall'])) {
+	if (isset($_REQUEST['uninstall'])) {
-		$uninstall = $_POST['uninstall'];
+		$uninstall = $_REQUEST['uninstall'];
 		if (Plugins::uninstall($uninstall)) {
 			success('Successfully uninstalled plugin ' . $uninstall);
 		} else {
 			error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
 		}
-	} else if (isset($_POST['enable'])) {
+	} else if (isset($_REQUEST['enable'])) {
-		$enable = $_POST['enable'];
+		$enable = $_REQUEST['enable'];
 		if (Plugins::enable($enable)) {
 			success('Successfully enabled plugin ' . $enable);
 		} else {
 			error('Error while enabling plugin ' . $enable . ': ' . Plugins::getError());
 		}
-	} else if (isset($_POST['disable'])) {
+	} else if (isset($_REQUEST['disable'])) {
-		$disable = $_POST['disable'];
+		$disable = $_REQUEST['disable'];
 		if (Plugins::disable($disable)) {
 			success('Successfully disabled plugin ' . $disable);
 		} else {
@@ -120,7 +116,7 @@ foreach (get_plugins(true) as $plugin) {
 	if (!$plugin_info) {
 		warning('Cannot load plugin info ' . $plugin . '.json');
 	} else {
-		$disabled = (str_contains($plugin, 'disabled.'));
+		$disabled = (strpos($plugin, 'disabled.') !== false);
 		$pluginOriginal = ($disabled ? str_replace('disabled.', '', $plugin) : $plugin);
 		$plugins[] = array(
 			'name' => $plugin_info['name'] ?? '',
--- a/admin/pages/settings.php
+++ b/admin/pages/settings.php
@@ -7,10 +7,6 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Plugins;
 use MyAAC\Settings;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Settings';
--- a/admin/pages/visitors.php
+++ b/admin/pages/visitors.php
@@ -12,7 +12,6 @@ defined('MYAAC') or die('Direct access not allowed!');
 use DeviceDetector\DeviceDetector;
 use DeviceDetector\Parser\Client\Browser;
 use DeviceDetector\Parser\OperatingSystem;
 use MyAAC\Visitors;
 $title = 'Visitors';
 $use_datatable = true;
@@ -25,6 +24,7 @@ if (!setting('core.visitors_counter')): ?>
 	return;
 endif;
 require SYSTEM . 'libs/visitors.php';
 $visitors = new Visitors(setting('core.visitors_counter_ttl'));
 function compare($a, $b): int {
--- a/admin/template/menus.php
+++ b/admin/template/menus.php
@@ -1,6 +1,6 @@
 <?php
-$menus = [
+return [
 	['name' => 'Dashboard', 'icon' => 'tachometer-alt', 'order' => 10, 'link' => 'dashboard'],
 	['name' => 'Settings', 'icon' => 'edit', 'order' => 19, 'link' =>
 		require ADMIN . 'includes/settings_menus.php'
--- a/admin/template/style.css
+++ b/admin/template/style.css
@@ -8,8 +8,3 @@
 .sidebar-mini.sidebar-collapse .menu-text {
 	display: none;
 }
 .myaac-table tbody tr:nth-child(even) {background: #FFF} /* light border */
 .myaac-table tbody tr:nth-child(odd) {background: #CCC} /* dark border */
 .myaac-table thead td {background: #000000; color: #ffffff !important;} /* vdark border */
 .myaac-table tfoot td {background: #000000; color: #ffffff !important;} /* vdark border */
--- a/admin/template/template.php
+++ b/admin/template/template.php
@@ -191,8 +191,8 @@ if ($logged && admin()) {
 	]);
 }
 ?>
-<script src="<?php echo BASE_URL; ?>tools/ext/bootstrap/js/bootstrap.min.js"></script>
+<script src="<?php echo BASE_URL; ?>tools/js/bootstrap.min.js"></script>
-<script src="<?php echo BASE_URL; ?>tools/ext/jquery-ui/jquery-ui.min.js"></script>
+<script src="<?php echo BASE_URL; ?>tools/js/jquery-ui.min.js"></script>
 <?php if (isset($use_datatable))  { ?>
 <script src="<?php echo BASE_URL; ?>tools/js/datatables.min.js"></script>
 <script src="<?php echo BASE_URL; ?>tools/js/datatables.bs.min.js"></script>
--- a/admin/tools/reload_data.php
+++ b/admin/tools/reload_data.php
@@ -22,10 +22,7 @@
 * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
-
+define('MYAAC_ADMIN', true);
 use MyAAC\DataLoader;
 const MYAAC_ADMIN = true;
 require '../../common.php';
 require SYSTEM . 'functions.php';
@@ -37,9 +34,11 @@ if (!admin())
 ini_set('max_execution_time', 300);
 ob_implicit_flush();
-@ob_end_flush();
+ob_end_flush();
 header('X-Accel-Buffering: no');
 require LIBS . 'DataLoader.php';
 require LOCALE . 'en/main.php';
 require LOCALE . 'en/install.php';
--- a/admin/tools/settings_save.php
+++ b/admin/tools/settings_save.php
@@ -1,8 +1,4 @@
 <?php
 use MyAAC\Hooks;
 use MyAAC\Settings;
 const MYAAC_ADMIN = true;
 require '../../common.php';
@@ -10,13 +6,16 @@ require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
 require SYSTEM . 'login.php';
 // event system
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
 $hooks->load();
 if(!admin()) {
 	http_response_code(500);
 	die('Access denied.');
 }
 csrfProtect();
 if (!isset($_REQUEST['plugin'])) {
 	http_response_code(500);
 	die('Please enter plugin name.');
--- a/common.php
+++ b/common.php
@@ -23,11 +23,11 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
-if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
+if (version_compare(phpversion(), '8.0', '<')) die('PHP version 8.0 or higher is required.');
 const MYAAC = true;
-const MYAAC_VERSION = '1.0-beta';
+const MYAAC_VERSION = '0.10.0-dev';
-const DATABASE_VERSION = 40;
+const DATABASE_VERSION = 36;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
@@ -108,13 +108,6 @@ const TFS_FIRST = TFS_02;
 const TFS_LAST = TFS_03;
 // other definitions
 const MAIL_MAIL = 0;
 const MAIL_SMTP = 1;
 const SMTP_SECURITY_NONE = 0;
 const SMTP_SECURITY_SSL = 1;
 const SMTP_SECURITY_TLS = 2;
 const ACCOUNT_NUMBER_LENGTH = 8;
 if (!IS_CLI) {
@@ -143,7 +136,7 @@ if(!IS_CLI) {
 		}
 	}
-	define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
+	define('SERVER_URL', 'http' . (isset($_SERVER['HTTPS'][0]) && strtolower($_SERVER['HTTPS']) === 'on' ? 's' : '') . '://' . $baseHost);
 	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
 	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
@@ -154,7 +147,6 @@ if (file_exists(BASE . 'config.local.php')) {
 	require BASE . 'config.local.php';
 }
 /** @var array $config */
 ini_set('log_errors', 1);
 if(@$config['env'] === 'dev') {
 	ini_set('display_errors', 1);
@@ -173,11 +165,3 @@ if (!is_file($autoloadFile)) {
 }
 require $autoloadFile;
 function isHttps(): bool
 {
 	return
 		(!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https')
 		|| (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
 		|| (isset($_SERVER['SERVER_PORT']) && (int) $_SERVER['SERVER_PORT'] === 443);
 }
--- a/composer.json
+++ b/composer.json
@@ -13,20 +13,14 @@
        "nikic/fast-route": "^1.3",
        "matomo/device-detector": "^6.0",
        "illuminate/database": "^10.18",
-        "peppeocchi/php-cron-scheduler": "4.*",
+        "peppeocchi/php-cron-scheduler": "4.*"
        "symfony/console": "^6.4",
        "symfony/string": "^6.4",
        "symfony/var-dumper": "^6.4",
        "filp/whoops": "^2.15",
        "maximebf/debugbar": "dev-master"
    },
    "require-dev": {
-        "phpstan/phpstan": "^1.10"
+        "filp/whoops": "^2.15"
    },
    "autoload": {
        "psr-4": {
            "MyAAC\\": "system/src"
-        },
+        }
        "files": ["system/src/global.php"]
    }
 }
--- a/composer.lock
+++ b/composer.lock
--- a/cypress/e2e/1-install.cy.js
+++ b/cypress/e2e/1-install.cy.js
@@ -38,6 +38,7 @@ describe('Install MyAAC', () => {
 		cy.contains('Basic configuration');
 		cy.get('#vars_server_path').click().clear().type(Cypress.env('SERVER_PATH'))
 		cy.get('#vars_mail_admin').click().clear().type('noone@example.net')
 		cy.get('[type="checkbox"]').uncheck() // usage statistics uncheck
@@ -67,9 +68,7 @@ describe('Install MyAAC', () => {
 		cy.get('form').submit()
-		cy.contains('[class="alert alert-success"]', 'Congratulations', { timeout: 60000 }).should('be.visible')
+		cy.contains('[class="alert alert-success"]', 'Congratulations', { timeout: 30000 }).should('be.visible')
 		cy.wait(2000);
 		cy.screenshot('install-finish')
 	})
--- a/cypress/e2e/2-create-account.cy.js
+++ b/cypress/e2e/2-create-account.cy.js
@@ -14,7 +14,7 @@ describe('Create Account Page', () => {
 		cy.get('#email').type('tester@example.com')
 		cy.get('#password').type('test1234')
-		cy.get('#password_confirm').type('test1234')
+		cy.get('#password2').type('test1234')
 		cy.get('#character_name').type('Slaw')
@@ -22,7 +22,7 @@ describe('Create Account Page', () => {
 		cy.get('#vocation1').check()
 		cy.get('#accept_rules').check()
-		cy.get('#form').submit()
+		cy.get('#createaccount').submit()
 		// no errors please
 		cy.contains('The Following Errors Have Occurred:').should('not.exist')
--- a/cypress/e2e/3-check-public-pages.cy.js
+++ b/cypress/e2e/3-check-public-pages.cy.js
@@ -82,7 +82,7 @@ describe('Check Public Pages', () => {
 	it('Go to last kills page', () => {
 		cy.visit({
-			url: Cypress.env('URL') + '/last-kills',
+			url: Cypress.env('URL') + '/lastkills',
 			method: 'GET',
 		})
 	})
@@ -132,7 +132,7 @@ describe('Check Public Pages', () => {
 	it('Go to server info page', () => {
 		cy.visit({
-			url: Cypress.env('URL') + '/server-info',
+			url: Cypress.env('URL') + '/serverInfo',
 			method: 'GET',
 		})
 	})
@@ -160,7 +160,7 @@ describe('Check Public Pages', () => {
 	it('Go to experience table page', () => {
 		cy.visit({
-			url: Cypress.env('URL') + '/exp-table',
+			url: Cypress.env('URL') + '/experienceTable',
 			method: 'GET',
 		})
 	})
--- a/index.php
+++ b/index.php
@@ -24,9 +24,6 @@
 * @link      https://my-aac.org
 */
 use MyAAC\UsageStatistics;
 use MyAAC\Visitors;
 require_once 'common.php';
 require_once SYSTEM . 'functions.php';
@@ -62,13 +59,22 @@ if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|zip|rar|g
 if((!isset($config['installed']) || !$config['installed']) && file_exists(BASE . 'install'))
 {
 	header('Location: ' . BASE_URL . 'install/');
-	exit();
+	throw new RuntimeException('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
 }
 $template_place_holders = array();
 require_once SYSTEM . 'init.php';
 // verify myaac tables exists in database
 if(!$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
 }
 // event system
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
 $hooks->load();
 require_once SYSTEM . 'template.php';
 require_once SYSTEM . 'login.php';
 require_once SYSTEM . 'status.php';
@@ -76,6 +82,53 @@ require_once SYSTEM . 'status.php';
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
 require_once SYSTEM . 'router.php';
 $hooks->trigger(HOOK_STARTUP);
 // anonymous usage statistics
 // sent only when user agrees
 if(setting('core.anonymous_usage_statistics')) {
 	$report_time = 30 * 24 * 60 * 60; // report one time per 30 days
 	$should_report = true;
 	$value = '';
 	if($cache->enabled() && $cache->fetch('last_usage_report', $value)) {
 		$should_report = time() > (int)$value + $report_time;
 	}
 	else {
 		$value = '';
 		if(fetchDatabaseConfig('last_usage_report', $value)) {
 			$should_report = time() > (int)$value + $report_time;
 			if($cache->enabled()) {
 				$cache->set('last_usage_report', $value);
 			}
 		}
 		else {
 			registerDatabaseConfig('last_usage_report', time() - ($report_time - (7 * 24 * 60 * 60))); // first report after a week
 			$should_report = false;
 		}
 	}
 	if($should_report) {
 		require_once LIBS . 'usage_statistics.php';
 		Usage_Statistics::report();
 		updateDatabaseConfig('last_usage_report', time());
 		if($cache->enabled()) {
 			$cache->set('last_usage_report', time());
 		}
 	}
 }
 if(setting('core.views_counter'))
 	require_once SYSTEM . 'counter.php';
 if(setting('core.visitors_counter')) {
 	require_once SYSTEM . 'libs/visitors.php';
 	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
 }
 // backward support for gesior
 if(setting('core.backward_support')) {
 	define('INITIALIZED', true);
@@ -115,51 +168,6 @@ if(setting('core.backward_support')) {
 		$config['status']['serverStatus_' . $key] = $value;
 }
 require_once SYSTEM . 'router.php';
 $hooks->trigger(HOOK_STARTUP);
 // anonymous usage statistics
 // sent only when user agrees
 if(setting('core.anonymous_usage_statistics')) {
 	$report_time = 30 * 24 * 60 * 60; // report one time per 30 days
 	$should_report = true;
 	$value = '';
 	if($cache->enabled() && $cache->fetch('last_usage_report', $value)) {
 		$should_report = time() > (int)$value + $report_time;
 	}
 	else {
 		$value = '';
 		if(fetchDatabaseConfig('last_usage_report', $value)) {
 			$should_report = time() > (int)$value + $report_time;
 			if($cache->enabled()) {
 				$cache->set('last_usage_report', $value);
 			}
 		}
 		else {
 			registerDatabaseConfig('last_usage_report', time() - ($report_time - (7 * 24 * 60 * 60))); // first report after a week
 			$should_report = false;
 		}
 	}
 	if($should_report) {
 		UsageStatistics::report();
 		updateDatabaseConfig('last_usage_report', time());
 		if($cache->enabled()) {
 			$cache->set('last_usage_report', time());
 		}
 	}
 }
 if(setting('core.views_counter'))
 	require_once SYSTEM . 'counter.php';
 if(setting('core.visitors_counter')) {
 	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
 }
 /**
 * @var OTS_Account $account_logged
 */
--- a/install/includes/functions.php
+++ b/install/includes/functions.php
@@ -17,7 +17,7 @@ function query($query)
 // define php version id if its not already
 if(!defined('PHP_VERSION_ID')) {
-	$version = array_map('intval', explode('.', PHP_VERSION));
+	$version = explode('.', PHP_VERSION);
 	define('PHP_VERSION_ID', ($version[0] * 10000 + $version[1] * 100 + $version[2]));
 }
--- a/install/includes/schema.sql
+++ b/install/includes/schema.sql
@@ -1,4 +1,4 @@
-SET @myaac_database_version = 40;
+SET @myaac_database_version = 36;
 CREATE TABLE `myaac_account_actions`
 (
@@ -44,11 +44,11 @@ CREATE TABLE `myaac_changelog`
 	`where` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - server, 2 - site',
 	`date` INT(11) NOT NULL DEFAULT 0,
 	`player_id` INT(11) NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
-INSERT INTO `myaac_changelog` (`id`, `type`, `where`, `date`, `body`, `hide`) VALUES (1, 3, 2, UNIX_TIMESTAMP(), 'MyAAC installed. (:', 0);
+INSERT INTO `myaac_changelog` (`id`, `type`, `where`, `date`, `body`, `hidden`) VALUES (1, 3, 2, UNIX_TIMESTAMP(), 'MyAAC installed. (:', 0);
 CREATE TABLE `myaac_config`
 (
@@ -67,7 +67,7 @@ CREATE TABLE `myaac_faq`
 	`question` VARCHAR(255) NOT NULL DEFAULT '',
 	`answer` VARCHAR(1020) NOT NULL DEFAULT '',
 	`ordering` INT(11) NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
@@ -80,7 +80,7 @@ CREATE TABLE `myaac_forum_boards`
 	`guild` INT(11) NOT NULL DEFAULT 0,
 	`access` INT(11) NOT NULL DEFAULT 0,
 	`closed` TINYINT(1) NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`, `closed`) VALUES (NULL, 'News', 'News commenting', 0, 1);
@@ -127,9 +127,14 @@ CREATE TABLE `myaac_menu`
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 /* MENU_CATEGORY_SHOP tibiacom */
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Buy Points', 'points', 6, 0);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop Offer', 'gifts', 6, 1);
 INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop History', 'gifts/history', 6, 2);
 CREATE TABLE `myaac_monsters` (
 	`id` int(11) NOT NULL AUTO_INCREMENT,
-	`hide` tinyint(1) NOT NULL default 0,
+	`hidden` tinyint(1) NOT NULL default 0,
 	`name` varchar(255) NOT NULL,
 	`mana` int(11) NOT NULL DEFAULT 0,
 	`exp` int(11) NOT NULL,
@@ -174,7 +179,7 @@ CREATE TABLE `myaac_news`
 	`comments` VARCHAR(50) NOT NULL DEFAULT '',
 	`article_text` VARCHAR(300) NOT NULL DEFAULT '',
 	`article_image` VARCHAR(100) NOT NULL DEFAULT '',
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
@@ -184,7 +189,7 @@ CREATE TABLE `myaac_news_categories`
 	`name` VARCHAR(50) NOT NULL DEFAULT "",
 	`description` VARCHAR(50) NOT NULL DEFAULT "",
 	`icon_id` INT(2) NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
@@ -215,7 +220,7 @@ CREATE TABLE `myaac_pages`
 	`php` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '0 - plain html, 1 - php',
 	`enable_tinymce` TINYINT(1) NOT NULL DEFAULT 1 COMMENT '1 - enabled, 0 - disabled',
 	`access` TINYINT(2) NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
@@ -228,7 +233,7 @@ CREATE TABLE `myaac_gallery`
 	`thumb` VARCHAR(255) NOT NULL,
 	`author` VARCHAR(50) NOT NULL DEFAULT '',
 	`ordering` INT(11) NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
@@ -262,7 +267,7 @@ CREATE TABLE `myaac_spells`
 	`item_id` INT(11) NOT NULL DEFAULT 0,
 	`premium` TINYINT(1) NOT NULL DEFAULT 0,
 	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
--- a/install/index.php
+++ b/install/index.php
@@ -12,6 +12,7 @@ require SYSTEM . 'functions.php';
 require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 require SYSTEM . 'clients.conf.php';
 require LIBS . 'settings.php';
 // ignore undefined index from Twig autoloader
 $config['env'] = 'prod';
--- a/install/steps/5-database.php
+++ b/install/steps/5-database.php
@@ -1,7 +1,4 @@
 <?php
 use MyAAC\Settings;
 defined('MYAAC') or die('Direct access not allowed!');
 //ini_set('display_errors', false);
--- a/install/steps/7-finish.php
+++ b/install/steps/7-finish.php
@@ -1,7 +1,4 @@
 <?php
 use MyAAC\Settings;
 defined('MYAAC') or die('Direct access not allowed!');
 ini_set('max_execution_time', 300);
@@ -113,8 +110,8 @@ else {
 		$query = $db->query("SELECT `id` FROM `" . TABLE_PREFIX ."news` WHERE `title` LIKE 'Hello!';");
 		if($query->rowCount() == 0) {
-			if(query("INSERT INTO `" . TABLE_PREFIX ."news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hide`) VALUES (NULL, '1', UNIX_TIMESTAMP(), '2', 'Hello!', 'MyAAC is just READY to use!', " . $player_id . ", 'https://my-aac.org', '0');
+			if(query("INSERT INTO `" . TABLE_PREFIX ."news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '1', UNIX_TIMESTAMP(), '2', 'Hello!', 'MyAAC is just READY to use!', " . $player_id . ", 'https://my-aac.org', '0');
-	INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hide`) VALUES (NULL, '2', UNIX_TIMESTAMP(), '4', 'Hello tickets!', 'https://my-aac.org', " . $player_id . ", '', '0');")) {
+	INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `player_id`, `comments`, `hidden`) VALUES (NULL, '2', UNIX_TIMESTAMP(), '4', 'Hello tickets!', 'https://my-aac.org', " . $player_id . ", '', '0');")) {
 				success($locale['step_database_created_news']);
 			}
 		}
--- a/install/template/template.php
+++ b/install/template/template.php
@@ -6,7 +6,7 @@
 	<title>MyAAC - <?php echo $locale['installation']; ?></title>
 	<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-rbsA2VBKQhggwzxH7pPCaAqO46MgnOM80zW1RWuH61DGLwZJEdK2Kadq2F9CUG65" crossorigin="anonymous">
 	<link rel="stylesheet" type="text/css" href="template/style.css" />
-	<script type="text/javascript" src="<?php echo BASE_URL; ?>tools/ext/jquery/jquery.min.js"></script>
+	<script type="text/javascript" src="<?php echo BASE_URL; ?>tools/js/jquery.min.js"></script>
 </head>
 <body>
--- a/install/tools/5-database.php
+++ b/install/tools/5-database.php
@@ -11,10 +11,8 @@ $error = false;
 require BASE . 'install/includes/config.php';
 ini_set('max_execution_time', 300);
@ob_end_flush();
 ob_implicit_flush();
-
+ob_end_flush();
 header('X-Accel-Buffering: no');
 if(!$error) {
@@ -180,17 +178,17 @@ if(!$db->hasColumn('players', 'deleted') && !$db->hasColumn('players', 'deletion
 }
 if($db->hasColumn('players', 'hide_char')) {
-	if(!$db->hasColumn('players', 'hide')) {
+	if(!$db->hasColumn('players', 'hidden')) {
-		if(query("ALTER TABLE `players` CHANGE `hide_char` `hide` TINYINT(1) NOT NULL DEFAULT 0;")) {
+		if(query("ALTER TABLE `players` CHANGE `hide_char` `hidden` TINYINT(1) NOT NULL DEFAULT 0;")) {
 			$tmp = str_replace('$FIELD$', 'players.hide_char', $locale['step_database_changing_field']);
-			$tmp = str_replace('$FIELD_NEW$', 'players.hide', $tmp);
+			$tmp = str_replace('$FIELD_NEW$', 'players.hidden', $tmp);
 			success($tmp);
 		}
 	}
 }
-else if(!$db->hasColumn('players', 'hide')) {
+else if(!$db->hasColumn('players', 'hidden')) {
-	if(query("ALTER TABLE `players` ADD `hide` TINYINT(1) NOT NULL DEFAULT 0;"))
+	if(query("ALTER TABLE `players` ADD `hidden` TINYINT(1) NOT NULL DEFAULT 0;"))
-		success($locale['step_database_adding_field'] . ' players.hide...');
+		success($locale['step_database_adding_field'] . ' players.hidden...');
 }
 if(!$db->hasColumn('players', 'comment')) {
--- a/install/tools/7-finish.php
+++ b/install/tools/7-finish.php
@@ -1,10 +1,6 @@
 <?php
 define('MYAAC_INSTALL', true);
 use MyAAC\DataLoader;
 use MyAAC\Models\FAQ as ModelsFAQ;
 use MyAAC\Plugins;
 require_once '../../common.php';
 require SYSTEM . 'functions.php';
@@ -12,10 +8,8 @@ require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 ini_set('max_execution_time', 300);
@ob_end_flush();
 ob_implicit_flush();
-
+ob_end_flush();
 header('X-Accel-Buffering: no');
 /*
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
@@ -35,7 +29,7 @@ function insert_sample_if_not_exist($p) {
 	$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote($p['name']));
 	if($query->rowCount() == 0) {
-		if(!query("INSERT INTO `players` (`id`, `name`, `group_id`, `account_id`, `level`, `vocation`, `health`, `healthmax`, `experience`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`, `maglevel`, `mana`, `manamax`, `manaspent`, `soul`, `town_id`, `posx`, `posy`, `posz`, `conditions`, `cap`, `sex`, `lastlogin`, `lastip`, `save`, `lastlogout`, `balance`, `$deleted`, `created`, `hide`, `comment`) VALUES (null, " . $db->quote($p['name']) . ", 1, " . getSession('account') . ", " . $p['level'] . ", " . $p['vocation_id'] . ", " . $p['health'] . ", " . $p['healthmax'] . ", " . $p['experience'] . ", 118, 114, 38, 57, " . $p['looktype'] . ", 0, " . $p['mana'] . ", " . $p['manamax'] . ", 0, " . $p['soul'] . ", 1, 1000, 1000, 7, '', " . $p['cap'] . ", 1, " . $time . ", 2130706433, 1, " . $time . ", 0, 0, " . $time . ", 1, '');"))
+		if(!query("INSERT INTO `players` (`id`, `name`, `group_id`, `account_id`, `level`, `vocation`, `health`, `healthmax`, `experience`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`, `maglevel`, `mana`, `manamax`, `manaspent`, `soul`, `town_id`, `posx`, `posy`, `posz`, `conditions`, `cap`, `sex`, `lastlogin`, `lastip`, `save`, `lastlogout`, `balance`, `$deleted`, `created`, `hidden`, `comment`) VALUES (null, " . $db->quote($p['name']) . ", 1, " . getSession('account') . ", " . $p['level'] . ", " . $p['vocation_id'] . ", " . $p['health'] . ", " . $p['healthmax'] . ", " . $p['experience'] . ", 118, 114, 38, 57, " . $p['looktype'] . ", 0, " . $p['mana'] . ", " . $p['manamax'] . ", 0, " . $p['soul'] . ", 1, 1000, 1000, 7, '', " . $p['cap'] . ", 1, " . $time . ", 2130706433, 1, " . $time . ", 0, 0, " . $time . ", 1, '');"))
 			$success = false;
 	}
 }
@@ -51,9 +45,11 @@ if($success) {
 	success($locale['step_database_imported_players']);
 }
 require_once LIBS . 'plugins.php';
 Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php');
 Plugins::installMenus('tibiacom', require TEMPLATES . 'tibiacom/menus.php');
 require LIBS . 'DataLoader.php';
 DataLoader::setLocale($locale);
 DataLoader::load();
@@ -67,9 +63,7 @@ require_once SYSTEM . 'migrations/22.php';
 require_once SYSTEM . 'migrations/27.php';
 require_once SYSTEM . 'migrations/30.php';
-// new monster columns
+use MyAAC\Models\FAQ as ModelsFAQ;
 require_once SYSTEM . 'migrations/31.php';
 if(ModelsFAQ::count() == 0) {
 	ModelsFAQ::create([
 		'question' => 'What is this?',
@@ -77,8 +71,6 @@ if(ModelsFAQ::count() == 0) {
 	]);
 }
 $db->setClearCacheAfter(true);
 $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_replace('tools/', '',ADMIN_URL), $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(str_replace('tools/', '', BASE_URL), $locale['step_finish_homepage'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$LINK$', generateLink('https://my-aac.org', 'https://my-aac.org', true), $locale['step_finish_desc']);
--- a/login.php
+++ b/login.php
@@ -2,8 +2,6 @@
 use MyAAC\Models\BoostedCreature;
 use MyAAC\Models\PlayerOnline;
 use MyAAC\Models\Account;
 use MyAAC\Models\Player;
 require_once 'common.php';
 require_once SYSTEM . 'functions.php';
--- a/nginx-sample.conf
+++ b/nginx-sample.conf
@@ -13,16 +13,9 @@ server {
 		return 404;
 	}
-	location /vendor {
+	# block .htaccess
 	location ~ /\.ht {
 		deny all;
 		return 404;
 	}
 	# block .htaccess, CHANGELOG.md, composer.json etc.
 	# this is to prevent finding software versions
 	location ~\.(ht|md|json|dist)$ {
 		deny all;
 		return 404;
 	}
 	# block git files and folders
@@ -32,7 +25,7 @@ server {
 	}
 	location / {
-		try_files $uri $uri/ /index.php?$query_string;;
+		try_files $uri $uri/ /index.php;
 	}
 	location ~ \.php$ {
--- a/npm-post-install.js
+++ b/npm-post-install.js
@@ -1,16 +0,0 @@
 const fse = require('fs-extra');
 const path = require('path');
 const nodeModulesDir = path.join(__dirname, 'node_modules');
 const publicDir = path.join(__dirname, 'tools/ext');
 fse.emptyDirSync(path.join(publicDir, 'jquery'));
 fse.emptyDirSync(path.join(publicDir, 'jquery-ui'));
 fse.emptyDirSync(path.join(publicDir, 'bootstrap'));
 fse.emptyDirSync(path.join(publicDir, 'tinymce'));
 fse.emptyDirSync(path.join(publicDir, 'tinymce-jquery'));
 fse.copySync(path.join(nodeModulesDir, 'jquery', 'dist'), path.join(publicDir, 'jquery'), { overwrite: true });
 fse.copySync(path.join(nodeModulesDir, 'jquery-ui', 'dist'), path.join(publicDir, 'jquery-ui'), { overwrite: true });
 fse.copySync(path.join(nodeModulesDir, 'bootstrap', 'dist'), path.join(publicDir, 'bootstrap'), { overwrite: true });
 fse.copySync(path.join(nodeModulesDir, 'tinymce'), path.join(publicDir, 'tinymce'), { overwrite: true });
 fse.copySync(path.join(nodeModulesDir, '@tinymce', 'tinymce-jquery', 'dist'), path.join(publicDir, 'tinymce-jquery'), { overwrite: true });
--- a/package-lock.json
+++ b/package-lock.json
@@ -4,15 +4,6 @@
  "requires": true,
  "packages": {
    "": {
      "hasInstallScript": true,
      "dependencies": {
        "@tinymce/tinymce-jquery": "^2.1.0",
        "bootstrap": "^4.6.2",
        "fs-extra": "^11.2.0",
        "jquery": "^3.7.1",
        "jquery-ui": "^1.13.2",
        "tinymce": "^6.8.3"
      },
      "devDependencies": {
        "cypress": "^12.12.0"
      }
@@ -28,9 +19,9 @@
      }
    },
    "node_modules/@cypress/request": {
-      "version": "2.88.12",
+      "version": "2.88.11",
-      "resolved": "https://registry.npmjs.org/@cypress/request/-/request-2.88.12.tgz",
+      "resolved": "https://registry.npmjs.org/@cypress/request/-/request-2.88.11.tgz",
-      "integrity": "sha512-tOn+0mDZxASFM+cuAP9szGUGPI1HwWVSvdzm7V4cCsPdFTx6qMj29CwaQmRAMIEhORIUBFBsYROYJcveK4uOjA==",
+      "integrity": "sha512-M83/wfQ1EkspjkE2lNWNV5ui2Cv7UCv1swW1DqljahbzLVWltcsexQh8jYtuS/vzFXP+HySntGM83ZXA9fn17w==",
      "dev": true,
      "dependencies": {
        "aws-sign2": "~0.7.0",
@@ -48,7 +39,7 @@
        "performance-now": "^2.1.0",
        "qs": "~6.10.3",
        "safe-buffer": "^5.1.2",
-        "tough-cookie": "^4.1.3",
+        "tough-cookie": "~2.5.0",
        "tunnel-agent": "^0.6.0",
        "uuid": "^8.3.2"
      },
@@ -75,15 +66,10 @@
        "ms": "^2.1.1"
      }
    },
    "node_modules/@tinymce/tinymce-jquery": {
      "version": "2.1.0",
      "resolved": "https://registry.npmjs.org/@tinymce/tinymce-jquery/-/tinymce-jquery-2.1.0.tgz",
      "integrity": "sha512-ynfgfL/n5/Us7h3AnJL3mAwsShuE/USvAJFOdilJDkZuVCypWSwVVo3E3wIqSzDGvqyU+293ok1+sD+jxraT8w=="
    },
    "node_modules/@types/node": {
-      "version": "16.18.82",
+      "version": "14.18.47",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.82.tgz",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.47.tgz",
-      "integrity": "sha512-pcDZtkx9z8XYV+ius2P3Ot2VVrcYOfXffBQUBuiszrlUzKSmoDYqo+mV+IoL8iIiIjjtOMvNSmH1hwJ+Q+f96Q==",
+      "integrity": "sha512-OuJi8bIng4wYHHA3YpKauL58dZrPxro3d0tabPHyiNF8rKfGKuVfr83oFlPLmKri1cX+Z3cJP39GXmnqkP11Gw==",
      "dev": true
    },
    "node_modules/@types/sinonjs__fake-timers": {
@@ -93,15 +79,15 @@
      "dev": true
    },
    "node_modules/@types/sizzle": {
-      "version": "2.3.8",
+      "version": "2.3.3",
-      "resolved": "https://registry.npmjs.org/@types/sizzle/-/sizzle-2.3.8.tgz",
+      "resolved": "https://registry.npmjs.org/@types/sizzle/-/sizzle-2.3.3.tgz",
-      "integrity": "sha512-0vWLNK2D5MT9dg0iOo8GlKguPAU02QjmZitPEsXRuJXU/OGIOt9vT9Fc26wtYuavLxtO45v9PGleoL9Z0k1LHg==",
+      "integrity": "sha512-JYM8x9EGF163bEyhdJBpR2QX1R5naCJHC8ucJylJ3w9/CVBaskdQ8WqBf8MmQrd1kRvp/a4TS8HJ+bxzR7ZJYQ==",
      "dev": true
    },
    "node_modules/@types/yauzl": {
-      "version": "2.10.3",
+      "version": "2.10.0",
-      "resolved": "https://registry.npmjs.org/@types/yauzl/-/yauzl-2.10.3.tgz",
+      "resolved": "https://registry.npmjs.org/@types/yauzl/-/yauzl-2.10.0.tgz",
-      "integrity": "sha512-oJoftv0LSuaDZE3Le4DbKX+KS9G36NzOeSap90UIK0yMA/NhKJhqlSGtNDORNRaIbQfzjXDrQa0ytJ6mNRGz/Q==",
+      "integrity": "sha512-Cn6WYCm0tXv8p6k+A8PvbDG763EDpBoTzHdA+Q/MF6H3sapGjCm9NzoaJncJS9tUKSuCoDs9XHxYYsQDgxR6kw==",
      "dev": true,
      "optional": true,
      "dependencies": {
@@ -217,9 +203,9 @@
      }
    },
    "node_modules/async": {
-      "version": "3.2.5",
+      "version": "3.2.4",
-      "resolved": "https://registry.npmjs.org/async/-/async-3.2.5.tgz",
+      "resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz",
-      "integrity": "sha512-baNZyqaaLhyLVKm/DlvdW051MSgO6b8eVfIezl9E5PqWxFgzLm/wQntEW4zOytVburDEr0JlALEpdOFwvErLsg==",
+      "integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==",
      "dev": true
    },
    "node_modules/asynckit": {
@@ -299,25 +285,6 @@
      "integrity": "sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==",
      "dev": true
    },
    "node_modules/bootstrap": {
      "version": "4.6.2",
      "resolved": "https://registry.npmjs.org/bootstrap/-/bootstrap-4.6.2.tgz",
      "integrity": "sha512-51Bbp/Uxr9aTuy6ca/8FbFloBUJZLHwnhTcnjIeRn2suQWsWzcuJhGjKDB5eppVte/8oCdOL3VuwxvZDUggwGQ==",
      "funding": [
        {
          "type": "github",
          "url": "https://github.com/sponsors/twbs"
        },
        {
          "type": "opencollective",
          "url": "https://opencollective.com/bootstrap"
        }
      ],
      "peerDependencies": {
        "jquery": "1.9.1 - 3",
        "popper.js": "^1.16.1"
      }
    },
    "node_modules/brace-expansion": {
      "version": "1.1.11",
      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
@@ -362,28 +329,22 @@
      }
    },
    "node_modules/cachedir": {
-      "version": "2.4.0",
+      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/cachedir/-/cachedir-2.4.0.tgz",
+      "resolved": "https://registry.npmjs.org/cachedir/-/cachedir-2.3.0.tgz",
-      "integrity": "sha512-9EtFOZR8g22CL7BWjJ9BUx1+A/djkofnyW3aOXZORNW2kxoUpx2h+uN2cOqwPmFhnpVmxg+KW2OjOSgChTEvsQ==",
+      "integrity": "sha512-A+Fezp4zxnit6FanDmv9EqXNAi3vt9DWp51/71UEhXukb7QUuvtv9344h91dyAxuTLoSYJFU299qzR3tzwPAhw==",
      "dev": true,
      "engines": {
        "node": ">=6"
      }
    },
    "node_modules/call-bind": {
-      "version": "1.0.7",
+      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz",
+      "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz",
-      "integrity": "sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==",
+      "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==",
      "dev": true,
      "dependencies": {
-        "es-define-property": "^1.0.0",
+        "function-bind": "^1.1.1",
-        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.0.2"
        "function-bind": "^1.1.2",
        "get-intrinsic": "^1.2.4",
        "set-function-length": "^1.2.1"
      },
      "engines": {
        "node": ">= 0.4"
      },
      "funding": {
        "url": "https://github.com/sponsors/ljharb"
@@ -433,9 +394,9 @@
      }
    },
    "node_modules/ci-info": {
-      "version": "3.9.0",
+      "version": "3.8.0",
-      "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz",
+      "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.8.0.tgz",
-      "integrity": "sha512-NIxF55hv4nSqQswkAeiOi1r83xy8JldOFDTWiug55KBu9Jnblncd2U6ViHmYgHf01TPZS77NJBhBMKdWj9HQMQ==",
+      "integrity": "sha512-eXTggHWSooYhq49F2opQhuHWgzucfF2YgODK4e1566GQs5BIfP30B0oenwBJHfWxAs2fyPB1s7Mg949zLf61Yw==",
      "dev": true,
      "funding": [
        {
@@ -580,15 +541,15 @@
      }
    },
    "node_modules/cypress": {
-      "version": "12.17.4",
+      "version": "12.12.0",
-      "resolved": "https://registry.npmjs.org/cypress/-/cypress-12.17.4.tgz",
+      "resolved": "https://registry.npmjs.org/cypress/-/cypress-12.12.0.tgz",
-      "integrity": "sha512-gAN8Pmns9MA5eCDFSDJXWKUpaL3IDd89N9TtIupjYnzLSmlpVr+ZR+vb4U/qaMp+lB6tBvAmt7504c3Z4RU5KQ==",
+      "integrity": "sha512-UU5wFQ7SMVCR/hyKok/KmzG6fpZgBHHfrXcHzDmPHWrT+UUetxFzQgt7cxCszlwfozckzwkd22dxMwl/vNkWRw==",
      "dev": true,
      "hasInstallScript": true,
      "dependencies": {
-        "@cypress/request": "2.88.12",
+        "@cypress/request": "^2.88.10",
        "@cypress/xvfb": "^1.2.4",
-        "@types/node": "^16.18.39",
+        "@types/node": "^14.14.31",
        "@types/sinonjs__fake-timers": "8.1.1",
        "@types/sizzle": "^2.3.2",
        "arch": "^2.2.0",
@@ -621,10 +582,9 @@
        "minimist": "^1.2.8",
        "ospath": "^1.2.2",
        "pretty-bytes": "^5.6.0",
        "process": "^0.11.10",
        "proxy-from-env": "1.0.0",
        "request-progress": "^3.0.0",
-        "semver": "^7.5.3",
+        "semver": "^7.3.2",
        "supports-color": "^8.1.1",
        "tmp": "~0.2.1",
        "untildify": "^4.0.0",
@@ -637,21 +597,6 @@
        "node": "^14.0.0 || ^16.0.0 || >=18.0.0"
      }
    },
    "node_modules/cypress/node_modules/fs-extra": {
      "version": "9.1.0",
      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz",
      "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==",
      "dev": true,
      "dependencies": {
        "at-least-node": "^1.0.0",
        "graceful-fs": "^4.2.0",
        "jsonfile": "^6.0.1",
        "universalify": "^2.0.0"
      },
      "engines": {
        "node": ">=10"
      }
    },
    "node_modules/dashdash": {
      "version": "1.14.1",
      "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz",
@@ -665,9 +610,9 @@
      }
    },
    "node_modules/dayjs": {
-      "version": "1.11.10",
+      "version": "1.11.7",
-      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.10.tgz",
+      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.7.tgz",
-      "integrity": "sha512-vjAczensTgRcqDERK0SR2XMwsF/tSvnvlv6VcF2GIhg6Sx4yOIt/irsr1RDJsKiIyBzJDpCoXiWWq28MqH2cnQ==",
+      "integrity": "sha512-+Yw9U6YO5TQohxLcIkrXBeY73WP3ejHWVvx8XCk3gxvQDCTEmS48ZrSZCKciI7Bhl/uCMyxYtE9UqRILmFphkQ==",
      "dev": true
    },
    "node_modules/debug": {
@@ -687,23 +632,6 @@
        }
      }
    },
    "node_modules/define-data-property": {
      "version": "1.1.4",
      "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz",
      "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==",
      "dev": true,
      "dependencies": {
        "es-define-property": "^1.0.0",
        "es-errors": "^1.3.0",
        "gopd": "^1.0.1"
      },
      "engines": {
        "node": ">= 0.4"
      },
      "funding": {
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/delayed-stream": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
@@ -739,39 +667,17 @@
      }
    },
    "node_modules/enquirer": {
-      "version": "2.4.1",
+      "version": "2.3.6",
-      "resolved": "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz",
+      "resolved": "https://registry.npmjs.org/enquirer/-/enquirer-2.3.6.tgz",
-      "integrity": "sha512-rRqJg/6gd538VHvR3PSrdRBb/1Vy2YfzHqzvbhGIQpDRKIa4FgV/54b5Q1xYSxOOwKvjXweS26E0Q+nAMwp2pQ==",
+      "integrity": "sha512-yjNnPr315/FjS4zIsUxYguYUPP2e1NK4d7E7ZOLiyYCcbFBiTMyID+2wvm2w6+pZ/odMA7cRkjhsPbltwBOrLg==",
      "dev": true,
      "dependencies": {
-        "ansi-colors": "^4.1.1",
+        "ansi-colors": "^4.1.1"
        "strip-ansi": "^6.0.1"
      },
      "engines": {
        "node": ">=8.6"
      }
    },
    "node_modules/es-define-property": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz",
      "integrity": "sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==",
      "dev": true,
      "dependencies": {
        "get-intrinsic": "^1.2.4"
      },
      "engines": {
        "node": ">= 0.4"
      }
    },
    "node_modules/es-errors": {
      "version": "1.3.0",
      "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
      "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
      "dev": true,
      "engines": {
        "node": ">= 0.4"
      }
    },
    "node_modules/escape-string-regexp": {
      "version": "1.0.5",
      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
@@ -905,16 +811,18 @@
      }
    },
    "node_modules/fs-extra": {
-      "version": "11.2.0",
+      "version": "9.1.0",
-      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz",
-      "integrity": "sha512-PmDi3uwK5nFuXh7XDTlVnS17xJS7vW36is2+w3xcv8SVxiB4NyATf4ctkVY5bkSjX0Y4nbvZCq1/EjtEyr9ktw==",
+      "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==",
      "dev": true,
      "dependencies": {
        "at-least-node": "^1.0.0",
        "graceful-fs": "^4.2.0",
        "jsonfile": "^6.0.1",
        "universalify": "^2.0.0"
      },
      "engines": {
-        "node": ">=14.14"
+        "node": ">=10"
      }
    },
    "node_modules/fs.realpath": {
@@ -924,28 +832,21 @@
      "dev": true
    },
    "node_modules/function-bind": {
-      "version": "1.1.2",
+      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
-      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
+      "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==",
-      "dev": true,
+      "dev": true
      "funding": {
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/get-intrinsic": {
-      "version": "1.2.4",
+      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.1.tgz",
-      "integrity": "sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==",
+      "integrity": "sha512-2DcsyfABl+gVHEfCOaTrWgyt+tb6MSEGmKq+kI5HwLbIYgjgmMcV8KQ41uaKz1xxUcn9tJtgFbQUEVcEbd0FYw==",
      "dev": true,
      "dependencies": {
-        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.1",
-        "function-bind": "^1.1.2",
+        "has": "^1.0.3",
        "has-proto": "^1.0.1",
-        "has-symbols": "^1.0.3",
+        "has-symbols": "^1.0.3"
        "hasown": "^2.0.0"
      },
      "engines": {
        "node": ">= 0.4"
      },
      "funding": {
        "url": "https://github.com/sponsors/ljharb"
@@ -1019,22 +920,23 @@
        "url": "https://github.com/sponsors/sindresorhus"
      }
    },
    "node_modules/gopd": {
      "version": "1.0.1",
      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz",
      "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==",
      "dev": true,
      "dependencies": {
        "get-intrinsic": "^1.1.3"
      },
      "funding": {
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/graceful-fs": {
      "version": "4.2.11",
      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz",
-      "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ=="
+      "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==",
      "dev": true
    },
    "node_modules/has": {
      "version": "1.0.3",
      "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz",
      "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==",
      "dev": true,
      "dependencies": {
        "function-bind": "^1.1.1"
      },
      "engines": {
        "node": ">= 0.4.0"
      }
    },
    "node_modules/has-flag": {
      "version": "4.0.0",
@@ -1045,18 +947,6 @@
        "node": ">=8"
      }
    },
    "node_modules/has-property-descriptors": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz",
      "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==",
      "dev": true,
      "dependencies": {
        "es-define-property": "^1.0.0"
      },
      "funding": {
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/has-proto": {
      "version": "1.0.1",
      "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.1.tgz",
@@ -1081,18 +971,6 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/hasown": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.1.tgz",
      "integrity": "sha512-1/th4MHjnwncwXsIW6QMzlvYL9kG5e/CpVvLRZe4XPa8TOUNbCELqmvhDmnkNsAjwaG4+I8gJJL0JBvTTLO9qA==",
      "dev": true,
      "dependencies": {
        "function-bind": "^1.1.2"
      },
      "engines": {
        "node": ">= 0.4"
      }
    },
    "node_modules/http-signature": {
      "version": "1.3.6",
      "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.3.6.tgz",
@@ -1258,19 +1136,6 @@
      "integrity": "sha512-Yljz7ffyPbrLpLngrMtZ7NduUgVvi6wG9RJ9IUcyCd59YQ911PBJphODUcbOVbqYfxe1wuYf/LJ8PauMRwsM/g==",
      "dev": true
    },
    "node_modules/jquery": {
      "version": "3.7.1",
      "resolved": "https://registry.npmjs.org/jquery/-/jquery-3.7.1.tgz",
      "integrity": "sha512-m4avr8yL8kmFN8psrbFFFmB/If14iN5o9nw/NgnnM+kybDJpRsAynV2BsfpTYrTRysYUdADVD7CkUUizgkpLfg=="
    },
    "node_modules/jquery-ui": {
      "version": "1.13.2",
      "resolved": "https://registry.npmjs.org/jquery-ui/-/jquery-ui-1.13.2.tgz",
      "integrity": "sha512-wBZPnqWs5GaYJmo1Jj0k/mrSkzdQzKDwhXNtHKcBdAcKVxMM3KNYFq+iJ2i1rwiG53Z8M4mTn3Qxrm17uH1D4Q==",
      "dependencies": {
        "jquery": ">=1.8.0 <4.0.0"
      }
    },
    "node_modules/jsbn": {
      "version": "0.1.1",
      "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz",
@@ -1293,6 +1158,7 @@
      "version": "6.1.0",
      "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz",
      "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==",
      "dev": true,
      "dependencies": {
        "universalify": "^2.0.0"
      },
@@ -1516,9 +1382,9 @@
      }
    },
    "node_modules/object-inspect": {
-      "version": "1.13.1",
+      "version": "1.12.3",
-      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz",
-      "integrity": "sha512-5qoj1RUiKOMsCCNLV1CBiPYE10sziTsnmNxkAI/rZhiD63CF7IqdFGC/XzjWjpSgLf0LxXX3bDFIh0E18f6UhQ==",
+      "integrity": "sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g==",
      "dev": true,
      "funding": {
        "url": "https://github.com/sponsors/ljharb"
@@ -1608,17 +1474,6 @@
        "node": ">=0.10.0"
      }
    },
    "node_modules/popper.js": {
      "version": "1.16.1",
      "resolved": "https://registry.npmjs.org/popper.js/-/popper.js-1.16.1.tgz",
      "integrity": "sha512-Wb4p1J4zyFTbM+u6WuO4XstYx4Ky9Cewe4DWrel7B0w6VVICvPwdOpotjzcf6eD8TsckVnIMNONQyPIUFOUbCQ==",
      "deprecated": "You can find the new Popper v2 at @popperjs/core, this package is dedicated to the legacy v1",
      "peer": true,
      "funding": {
        "type": "opencollective",
        "url": "https://opencollective.com/popperjs"
      }
    },
    "node_modules/pretty-bytes": {
      "version": "5.6.0",
      "resolved": "https://registry.npmjs.org/pretty-bytes/-/pretty-bytes-5.6.0.tgz",
@@ -1631,15 +1486,6 @@
        "url": "https://github.com/sponsors/sindresorhus"
      }
    },
    "node_modules/process": {
      "version": "0.11.10",
      "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz",
      "integrity": "sha512-cdGef/drWFoydD1JsMzuFf8100nZl+GT+yacc2bEced5f9Rjk4z+WtFUTBu9PhOi9j/jfmBPu0mMEY4wIdAF8A==",
      "dev": true,
      "engines": {
        "node": ">= 0.6.0"
      }
    },
    "node_modules/proxy-from-env": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.0.0.tgz",
@@ -1663,9 +1509,9 @@
      }
    },
    "node_modules/punycode": {
-      "version": "2.3.1",
+      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.0.tgz",
-      "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==",
+      "integrity": "sha512-rRV+zQD8tVFys26lAGR9WUuS4iUAngJScM+ZRSKtvl5tKeZ2t5bvdNFdNHBW9FWR4guGHlgmsZ1G7BSm2wTbuA==",
      "dev": true,
      "engines": {
        "node": ">=6"
@@ -1686,12 +1532,6 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/querystringify": {
      "version": "2.2.0",
      "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz",
      "integrity": "sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==",
      "dev": true
    },
    "node_modules/request-progress": {
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/request-progress/-/request-progress-3.0.0.tgz",
@@ -1701,12 +1541,6 @@
        "throttleit": "^1.0.0"
      }
    },
    "node_modules/requires-port": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz",
      "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==",
      "dev": true
    },
    "node_modules/restore-cursor": {
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz",
@@ -1721,9 +1555,9 @@
      }
    },
    "node_modules/rfdc": {
-      "version": "1.3.1",
+      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.3.1.tgz",
+      "resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.3.0.tgz",
-      "integrity": "sha512-r5a3l5HzYlIC68TpmYKlxWjmOP6wiPJ1vWv2HeLhNsRZMrCkxeqxiHlQ21oXmQ4F3SiryXBHhAD7JZqvOJjFmg==",
+      "integrity": "sha512-V2hovdzFbOi77/WajaSMXk2OLm+xNIeQdMMuB7icj7bk6zi2F8GGAxigcnDFpJHbNyNcgyJDiP+8nOrY5cZGrA==",
      "dev": true
    },
    "node_modules/rimraf": {
@@ -1777,9 +1611,9 @@
      "dev": true
    },
    "node_modules/semver": {
-      "version": "7.6.0",
+      "version": "7.5.1",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.0.tgz",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.1.tgz",
-      "integrity": "sha512-EnwXhrlwXMk9gKu5/flx5sv/an57AkRplG3hTK68W7FRDN+k+OWBj65M7719OkA82XLBxrcX0KSHj+X5COhOVg==",
+      "integrity": "sha512-Wvss5ivl8TMRZXXESstBA4uR5iXgEN/VC5/sOcuXdVLzcdkz4HWetIoRfG5gb5X+ij/G9rw9YoGn3QoQ8OCSpw==",
      "dev": true,
      "dependencies": {
        "lru-cache": "^6.0.0"
@@ -1791,23 +1625,6 @@
        "node": ">=10"
      }
    },
    "node_modules/set-function-length": {
      "version": "1.2.1",
      "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.1.tgz",
      "integrity": "sha512-j4t6ccc+VsKwYHso+kElc5neZpjtq9EnRICFZtWyBsLojhmeF/ZBd/elqm22WJh/BziDe/SBiOeAt0m2mfLD0g==",
      "dev": true,
      "dependencies": {
        "define-data-property": "^1.1.2",
        "es-errors": "^1.3.0",
        "function-bind": "^1.1.2",
        "get-intrinsic": "^1.2.3",
        "gopd": "^1.0.1",
        "has-property-descriptors": "^1.0.1"
      },
      "engines": {
        "node": ">= 0.4"
      }
    },
    "node_modules/shebang-command": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
@@ -1830,18 +1647,14 @@
      }
    },
    "node_modules/side-channel": {
-      "version": "1.0.5",
+      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.5.tgz",
+      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz",
-      "integrity": "sha512-QcgiIWV4WV7qWExbN5llt6frQB/lBven9pqliLXfGPB+K9ZYXxDozp0wLkHS24kWCm+6YXH/f0HhnObZnZOBnQ==",
+      "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==",
      "dev": true,
      "dependencies": {
-        "call-bind": "^1.0.6",
+        "call-bind": "^1.0.0",
-        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.0.2",
-        "get-intrinsic": "^1.2.4",
+        "object-inspect": "^1.9.0"
        "object-inspect": "^1.13.1"
      },
      "engines": {
        "node": ">= 0.4"
      },
      "funding": {
        "url": "https://github.com/sponsors/ljharb"
@@ -1868,9 +1681,9 @@
      }
    },
    "node_modules/sshpk": {
-      "version": "1.18.0",
+      "version": "1.17.0",
-      "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.18.0.tgz",
+      "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.17.0.tgz",
-      "integrity": "sha512-2p2KJZTSqQ/I3+HX42EpYOa2l3f8Erv8MWKsy2I9uf4wA7yFIkXRffYdsx86y6z4vHtV8u7g+pPlr8/4ouAxsQ==",
+      "integrity": "sha512-/9HIEs1ZXGhSPE8X6Ccm7Nam1z8KcoCqPdI7ecm1N33EzAetWahvQWVqLZtaZQ+IDKX4IyA2o0gBzqIMkAagHQ==",
      "dev": true,
      "dependencies": {
        "asn1": "~0.2.3",
@@ -1943,13 +1756,10 @@
      }
    },
    "node_modules/throttleit": {
-      "version": "1.0.1",
+      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/throttleit/-/throttleit-1.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/throttleit/-/throttleit-1.0.0.tgz",
-      "integrity": "sha512-vDZpf9Chs9mAdfY046mcPt8fg5QSZr37hEH4TXYBnDF+izxgrbRGUAAaBvIk/fJm9aOFCGFd1EsNg5AZCbnQCQ==",
+      "integrity": "sha512-rkTVqu6IjfQ/6+uNuuc3sZek4CEYxTJom3IktzgdSxcZqdARuebbA/f4QmAxMQIxqq9ZLEUkSYqvuk1I6VKq4g==",
-      "dev": true,
+      "dev": true
      "funding": {
        "url": "https://github.com/sponsors/sindresorhus"
      }
    },
    "node_modules/through": {
      "version": "2.3.8",
@@ -1957,11 +1767,6 @@
      "integrity": "sha512-w89qg7PI8wAdvX60bMDP+bFoD5Dvhm9oLheFp5O4a2QF0cSBGsBX4qZmadPMvVqlLJBBci+WqGGOAPvcDeNSVg==",
      "dev": true
    },
    "node_modules/tinymce": {
      "version": "6.8.3",
      "resolved": "https://registry.npmjs.org/tinymce/-/tinymce-6.8.3.tgz",
      "integrity": "sha512-3fCHKAeqT+xNwBVESf6iDbDV0VNwZNmfrkx9c/6Gz5iB8piMfaO6s7FvoiTrj1hf1gVbfyLTnz1DooI6DhgINQ=="
    },
    "node_modules/tmp": {
      "version": "0.2.1",
      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.1.tgz",
@@ -1975,33 +1780,22 @@
      }
    },
    "node_modules/tough-cookie": {
-      "version": "4.1.3",
+      "version": "2.5.0",
-      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz",
-      "integrity": "sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==",
+      "integrity": "sha512-nlLsUzgm1kfLXSXfRZMc1KLAugd4hqJHDTvc2hDIwS3mZAfMEuMbc03SujMF+GEcpaX/qboeycw6iO8JwVv2+g==",
      "dev": true,
      "dependencies": {
-        "psl": "^1.1.33",
+        "psl": "^1.1.28",
-        "punycode": "^2.1.1",
+        "punycode": "^2.1.1"
        "universalify": "^0.2.0",
        "url-parse": "^1.5.3"
      },
      "engines": {
-        "node": ">=6"
+        "node": ">=0.8"
      }
    },
    "node_modules/tough-cookie/node_modules/universalify": {
      "version": "0.2.0",
      "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.2.0.tgz",
      "integrity": "sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==",
      "dev": true,
      "engines": {
        "node": ">= 4.0.0"
      }
    },
    "node_modules/tslib": {
-      "version": "2.6.2",
+      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.1.tgz",
-      "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==",
+      "integrity": "sha512-KaI6gPil5m9vF7DKaoXxx1ia9fxS4qG5YveErRRVknPDXXriu5M8h48YRjB6h5ZUOKuAKlSJYb0GaDe8I39fRw==",
      "dev": true
    },
    "node_modules/tunnel-agent": {
@@ -2035,9 +1829,10 @@
      }
    },
    "node_modules/universalify": {
-      "version": "2.0.1",
+      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz",
-      "integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==",
+      "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==",
      "dev": true,
      "engines": {
        "node": ">= 10.0.0"
      }
@@ -2051,16 +1846,6 @@
        "node": ">=8"
      }
    },
    "node_modules/url-parse": {
      "version": "1.5.10",
      "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz",
      "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==",
      "dev": true,
      "dependencies": {
        "querystringify": "^2.1.1",
        "requires-port": "^1.0.0"
      }
    },
    "node_modules/uuid": {
      "version": "8.3.2",
      "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
--- a/package.json
+++ b/package.json
@@ -1,17 +1,8 @@
 {
  "scripts": {
-    "cypress:open": "cypress open",
+    "cypress:open": "cypress open"
    "postinstall": "node ./npm-post-install.js"
  },
  "devDependencies": {
    "cypress": "^12.12.0"
  },
  "dependencies": {
    "@tinymce/tinymce-jquery": "^2.1.0",
    "bootstrap": "^4.6.2",
    "fs-extra": "^11.2.0",
    "jquery": "^3.7.1",
    "jquery-ui": "^1.13.2",
    "tinymce": "^6.8.3"
  }
 }
--- a/phpstan-bootstrap.php
+++ b/phpstan-bootstrap.php
@@ -1,13 +0,0 @@
 <?php
 require __DIR__ . '/system/libs/pot/OTS.php';
 $ots = POT::getInstance();
 require __DIR__ . '/system/libs/pot/InvitesDriver.php';
 require __DIR__ . '/system/libs/rfc6238.php';
 require __DIR__ . '/common.php';
 const ACTION = '';
 const PAGE = '';
 const URI = '';
 define('SELF_NAME', basename(__FILE__));
--- a/phpstan.neon
+++ b/phpstan.neon
@@ -1,38 +0,0 @@
 parameters:
 	level: 3
 	paths:
 		- .
 		- templates/tibiacom
 		- templates/kathrine
 	excludePaths:
 		- system/cache/*
 		- vendor/*
 		- plugins/*
 		- system/libs
 		- tools/signature/mango.php
 		- tools/signature/gd.class.php
 	bootstrapFiles:
 		- phpstan-bootstrap.php
 	ignoreErrors:
 		- '#Variable \$db might not be defined#'
 		- '#Variable \$twig might not be defined#'
 		- '#Variable \$hooks might not be defined#'
 		- '#Variable \$account_logged might not be defined#'
 		- '#Variable \$logged might not be defined#'
 		- '#Variable \$config might not be defined#'
 		- '#Variable \$action might not be defined#'
 		- '#Variable \$errors might not be defined#'
 		- '#Variable \$cache might not be defined#'
 		- '#Variable \$status might not be defined#'
 		- '#Variable \$player might not be defined#'
 		- '#Variable \$guild might not be defined#'
 		- '#Variable \$[a-zA-Z0-9\\_]+ might not be defined#'
 		# Eloquent models
 		- '#Call to an undefined static method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+()#'
 		# system/pages/highscores.php
 		- '#Call to an undefined method Illuminate\\Database\\Query\\Builder::withOnlineStatus\(\)#'
 		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$online_status#'
 		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$vocation_name#'
 		-
 			message: '#Variable \$tmp in empty\(\) always exists and is always falsy#'
 			path: templates\kathrine\javascript.php
--- a/release.sh
+++ b/release.sh
@@ -38,11 +38,7 @@ if [ $1 = "prepare" ]; then
 	cd $dir || exit
 	# dependencies
-	composer install --no-dev --prefer-dist --optimize-autoloader
+	composer install --no-dev
 	npm install
 	# node_modules is useless, we already have copy in tools/ext
 	rm -R node_modules
 	echo "Now you can make changes to $dir. When you are ready, type 'release.sh pack'"
 	exit
--- a/system/bin/clear_cache.php
+++ b/system/bin/clear_cache.php
@@ -0,0 +1,18 @@
 <?php
 if(PHP_SAPI !== 'cli') {
 	echo 'This script can be run only in command line mode.';
 	exit(1);
 }
 require_once __DIR__ . '/../../common.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
 if(clearCache()) {
 	echo 'Cache cleared.' . PHP_EOL;
 }
 else {
 	echo 'Unexpected error.' . PHP_EOL;
 	exit(2);
 }
--- a/system/bin/cronjob.php
+++ b/system/bin/cronjob.php
@@ -0,0 +1,19 @@
 <?php
 require_once __DIR__ . '/../../common.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
 $hooks->load();
 use GO\Scheduler;
 // Create a new scheduler
 $scheduler = new Scheduler();
 $hooks->trigger(HOOK_CRONJOB, ['scheduler' => $scheduler]);
 // Let the scheduler execute jobs which are due.
 $scheduler->run();
--- a/system/cache/persistent/index.html
+++ b/system/cache/persistent/index.html
--- a/system/bin/install_cronjob.php
+++ b/system/bin/install_cronjob.php
@@ -0,0 +1,50 @@
 <?php
 require_once __DIR__ . '/../../common.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
 if(!IS_CLI) {
 	echo 'This script can be run only in command line mode.' . PHP_EOL;
 	exit(1);
 }
 if (MYAAC_OS !== 'LINUX') {
 	echo 'This script can be run only on linux.' . PHP_EOL;
 	exit(1);
 }
 $job = '* * * * * /usr/bin/php ' . SYSTEM . 'bin/cronjob.php >> ' . SYSTEM . 'logs/cron.log 2>&1';
 if (cronjob_exists($job)) {
 	echo 'MyAAC cronjob already installed.' . PHP_EOL;
 	exit(0);
 }
 exec ('crontab -l', $content);
 $content = implode(' ', $content);
 $content .= PHP_EOL . $job;
 file_put_contents(CACHE . 'cronjob', $content . PHP_EOL);
 exec('crontab ' . CACHE. 'cronjob');
 echo 'Installed crontab successfully.' . PHP_EOL;
 function cronjob_exists($command)
 {
 	$cronjob_exists=false;
 	exec('crontab -l', $crontab);
 	if(isset($crontab)&&is_array($crontab)) {
 		$crontab = array_flip($crontab);
 		if(isset($crontab[$command])){
 			$cronjob_exists = true;
 		}
 	}
 	return $cronjob_exists;
 }
--- a/system/bin/install_plugin.php
+++ b/system/bin/install_plugin.php
@@ -0,0 +1,42 @@
 <?php
 if(PHP_SAPI !== 'cli') {
 	echo 'This script can be run only in command line mode.';
 	exit(1);
 }
 require_once __DIR__ . '/../../common.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
 require_once SYSTEM . 'hooks.php';
 require_once LIBS . 'plugins.php';
 if($argc !== 2) {
 	echo 'This command expects one parameter: zip file name (plugin)' . PHP_EOL;
 	exit(2);
 }
 $path_to_file = $argv[1];
 $ext = strtolower(pathinfo($path_to_file, PATHINFO_EXTENSION));
 if($ext !== 'zip') {// check if it is zipped/compressed file
 	echo 'Please install only .zip files.' . PHP_EOL;
 	exit(3);
 }
 if(!file_exists($path_to_file)) {
 	echo 'ERROR: File ' . $path_to_file . ' does not exist' . PHP_EOL;
 	exit(4);
 }
 if(Plugins::install($path_to_file)) {
 	foreach(Plugins::getWarnings() as $warning) {
 		echo 'WARNING: ' . $warning;
 	}
 	$info = Plugins::getPluginJson();
 	echo (isset($info['name']) ? $info['name'] . ' p' : 'P') . 'lugin has been successfully installed.' . PHP_EOL;
 }
 else {
 	echo 'ERROR: ' . Plugins::getError() . PHP_EOL;
 	exit(5);
 }
--- a/system/bin/send_email.php
+++ b/system/bin/send_email.php
@@ -0,0 +1,61 @@
 <?php
 if(PHP_SAPI !== 'cli') {
 	echo 'This script can be run only in command line mode.';
 	exit(1);
 }
 require_once __DIR__ . '/../../common.php';
 require_once SYSTEM . 'functions.php';
 require_once SYSTEM . 'init.php';
 if($argc !== 3) {
 	echo 'This command expects two parameters: account_name_or_id|player_name|email address, subject.' . PHP_EOL;
 	exit(2);
 }
 $email_account_name = $argv[1];
 $subject = $argv[2];
 $message = file_get_contents('php://stdin');
 if(strpos($email_account_name, '@') === false) {
 	$account = new OTS_Account();
 	if(USE_ACCOUNT_NAME) {
 		$account->find($email_account_name);
 	}
 	else {
 		$account->load($email_account_name);
 	}
 	if($account->isLoaded()) {
 		$email_account_name = $account->getEMail();
 	}
 	else {
 		$player = new OTS_Player();
 		$player->find($email_account_name);
 		if($player->isLoaded()) {
 			$email_account_name = $player->getAccount()->getEMail();
 		}
 		else {
 			echo 'Cannot find player or account with name: ' . $email_account_name . '.' . PHP_EOL;
 			exit(3);
 		}
 	}
 }
 if(!Validator::email($email_account_name)) {
 	echo 'Invalid E-Mail format.' . PHP_EOL;
 	exit(4);
 }
 if(strlen($subject) > 255) {
 	echo 'Subject max length is 255 characters.' . PHP_EOL;
 	exit(5);
 }
 if(!_mail($email_account_name, $subject, $message)) {
 	echo 'An error occurred while sending email. More info can be found in system/logs/mailer-error.log';
 	exit(6);
 }
 echo 'Mail sent to ' . $email_account_name . '.' . PHP_EOL;
--- a/system/clients.conf.php
+++ b/system/clients.conf.php
@@ -99,10 +99,4 @@ $config['clients'] = [
 	1291,
 	1300,
 	1310,
 	1311,
 	1312,
 	1316,
 	1320,
 	1321,
 ];
--- a/system/compat/base.php
+++ b/system/compat/base.php
@@ -9,8 +9,6 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
 class Validator extends \MyAAC\Validator {}
 function check_name($name, &$errors = '') {
 	if(Validator::characterName($name))
 		return true;
@@ -74,7 +72,4 @@ function fieldExist($field, $table)
 	global $db;
 	return $db->hasColumn($table, $field);
 }
-
+?>
 function getCreatureImgPath($creature): string {
 	return getMonsterImgPath($creature);
 }
--- a/system/compat/pages.php
+++ b/system/compat/pages.php
@@ -44,7 +44,7 @@ switch($page)
 		break;
 	case 'killstatistics':
-		$page = 'last-kills';
+		$page = 'lastkills';
 		break;
 	case 'buypoints':
--- a/system/counter.php
+++ b/system/counter.php
@@ -7,9 +7,6 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\Cache\Cache;
 defined('MYAAC') or die('Direct access not allowed!');
 define('COUNTER_SYNC', 10); // how often counter is synchronized with database (each x site refreshes)
--- a/system/exception.php
+++ b/system/exception.php
@@ -8,8 +8,6 @@
 * @link      https://my-aac.org
 */
 use MyAAC\Exceptions\SensitiveException;
 if (class_exists(\Whoops\Run::class)) {
 	$whoops = new \Whoops\Run;
 	if(IS_CLI) {
@@ -23,6 +21,8 @@ if (class_exists(\Whoops\Run::class)) {
 	return;
 }
 require LIBS . 'SensitiveException.php';
 /**
 * @param Exception $exception
 */
--- a/system/functions.php
+++ b/system/functions.php
@@ -9,17 +9,11 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
 use MyAAC\Cache\Cache;
 use MyAAC\CsrfToken;
 use MyAAC\Items;
 use MyAAC\Models\Config;
 use MyAAC\Models\Guild;
 use MyAAC\Models\House;
 use MyAAC\Models\Pages;
 use MyAAC\Models\Player;
 use MyAAC\News;
 use MyAAC\Plugins;
 use MyAAC\Settings;
 use PHPMailer\PHPMailer\PHPMailer;
 use Twig\Loader\ArrayLoader as Twig_ArrayLoader;
@@ -49,10 +43,7 @@ function warning($message, $return = false) {
 	return message($message, 'warning', $return);
 }
 function note($message, $return = false) {
-	return info($message, $return);
+	return message($message, 'note', $return);
 }
 function info($message, $return = false) {
 	return message($message, 'info', $return);
 }
 function error($message, $return = false) {
 	return message($message, ((defined('MYAAC_INSTALL') || defined('MYAAC_ADMIN')) ? 'danger' : 'error'), $return);
@@ -87,36 +78,25 @@ function getForumBoardLink($board_id, $page = NULL): string {
 	return BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'forum/board/' . (int)$board_id . (isset($page) ? '/' . $page : '');
 }
-function getPlayerLink($name, $generate = true, bool $colored = false): string
+function getPlayerLink($name, $generate = true): string
 {
 	if(is_numeric($name))
 	{
 		$player = new OTS_Player();
 	if(is_numeric($name)) {
 		$player->load((int)$name);
-	}
+		if($player->isLoaded())
 	else {
 		$player->find($name);
 	}
 	if (!$player->isLoaded()) {
 		return '(error)';
 	}
 			$name = $player->getName();
 	}
 	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'characters/' . urlencode($name);
 	if ($colored) {
 		$name = '<span style="color: ' . ($player->isOnline() ? 'green' : 'red') . ';">' . $name . '</span>';
 	}
 	if(!$generate) return $url;
 	return generateLink($url, $name);
 }
 function getMonsterLink($name, $generate = true): string
 {
-	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'monsters/' . urlencode($name);
+	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'creatures/' . urlencode($name);
 	if(!$generate) return $url;
 	return generateLink($url, $name);
@@ -153,6 +133,7 @@ function getGuildLink($name, $generate = true): string
 }
 function getItemNameById($id) {
 	require_once LIBS . 'items.php';
 	$item = Items::get($id);
 	return !empty($item['name']) ? $item['name'] : '';
 }
@@ -212,7 +193,7 @@ function getFlagImage($country): string
 * @param mixed $v Variable to check.
 * @return bool Value boolean status.
 */
-function getBoolean(mixed $v): bool
+function getBoolean($v): bool
 {
 	if(is_bool($v)) {
 		return $v;
@@ -221,10 +202,6 @@ function getBoolean(mixed $v): bool
 	if(is_numeric($v))
 		return (int)$v > 0;
 	if (is_null($v)) {
 		return false;
 	}
 	$v = strtolower($v);
 	return $v === 'yes' || $v === 'true';
 }
@@ -272,7 +249,7 @@ function generateRandomString($length, $lowCase = true, $upCase = false, $numeri
 function getForumBoards()
 {
 	global $db, $canEdit;
-	$sections = $db->query('SELECT `id`, `name`, `description`, `closed`, `guild`, `access`' . ($canEdit ? ', `hide`, `ordering`' : '') . ' FROM `' . TABLE_PREFIX . 'forum_boards` ' . (!$canEdit ? ' WHERE `hide` != 1' : '') .
+	$sections = $db->query('SELECT `id`, `name`, `description`, `closed`, `guild`, `access`' . ($canEdit ? ', `hidden`, `ordering`' : '') . ' FROM `' . TABLE_PREFIX . 'forum_boards` ' . (!$canEdit ? ' WHERE `hidden` != 1' : '') .
 		' ORDER BY `ordering`;');
 	if($sections)
 		return $sections->fetchAll();
@@ -429,10 +406,7 @@ function delete_guild($id)
 	if(count($rank_list) > 0) {
 		$rank_list->orderBy('level');
-		global $db;
+		global $db, $ots;
 		/**
 		 * @var OTS_GuildRank $rank_in_guild
 		 */
 		foreach($rank_list as $rank_in_guild) {
 			if($db->hasTable('guild_members'))
 				$players_with_rank = $db->query('SELECT `players`.`id` as `id`, `guild_members`.`rank_id` as `rank_id` FROM `players`, `guild_members` WHERE `guild_members`.`rank_id` = ' . $rank_in_guild->getId() . ' AND `players`.`id` = `guild_members`.`player_id` ORDER BY `name`;');
@@ -491,30 +465,20 @@ function tickers()
 */
 function template_place_holder($type): string
 {
-	global $twig, $template_place_holders, $debugBar;
+	global $twig, $template_place_holders;
 	$ret = '';
 	if (isset($debugBar)) {
 		$debugBarRenderer = $debugBar->getJavascriptRenderer();
 	}
 	if(array_key_exists($type, $template_place_holders) && is_array($template_place_holders[$type]))
 		$ret = implode($template_place_holders[$type]);
 	if($type === 'head_start') {
 		$ret .= template_header();
 		if (isset($debugBar)) {
 			$ret .= $debugBarRenderer->renderHead();
 		}
 	}
 	elseif ($type === 'body_start') {
 		$ret .= $twig->render('browsehappy.html.twig');
 	}
 	elseif($type === 'body_end') {
 		$ret .= template_ga_code();
 		if (isset($debugBar)) {
 			$ret .= $debugBarRenderer->render();
 		}
 	}
 	return $ret;
@@ -724,8 +688,11 @@ function getSkillName($skillId, $suffix = true)
 /**
 * Performs flag check on the current logged in user.
 * Table in database: accounts, field: website_flags
 *
 * @param int @flag Flag to be verified.
 * @return bool If user got flag.
 */
-function hasFlag(int $flag): bool {
+function hasFlag($flag) {
 	global $logged, $logged_flags;
 	return ($logged && ($logged_flags & $flag) == $flag);
 }
@@ -798,7 +765,7 @@ function get_browser_languages()
 	$languages = str_replace(' ', '', $languages);
 	foreach(explode(',', $languages) as $language_list)
-		$ret[] = substr($language_list, 0, 2);
+		$ret[] .= substr($language_list, 0, 2);
 	return $ret;
 }
@@ -817,10 +784,6 @@ function get_templates()
 			$ret[] = $file;
 	}
 	foreach (Plugins::getThemes() as $name => $path) {
 		$ret[] = $name;
 	}
 	return $ret;
 }
@@ -892,6 +855,9 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 	else
 		$tmp_body = $body . '<br/><br/>' . $signature_html;
 	define('MAIL_MAIL', 0);
 	define('MAIL_SMTP', 1);
 	$mailOption = setting('core.mail_option');
 	if($mailOption == MAIL_SMTP)
 	{
@@ -902,6 +868,10 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 		$mailer->Username = setting('core.smtp_user');
 		$mailer->Password = setting('core.smtp_pass');
 		define('SMTP_SECURITY_NONE', 0);
 		define('SMTP_SECURITY_SSL', 1);
 		define('SMTP_SECURITY_TLS', 2);
 		$security = setting('core.smtp_security');
 		$tmp = '';
@@ -1075,28 +1045,6 @@ function unsetSession($key) {
 	unset($_SESSION[setting('core.session_prefix') . $key]);
 }
 function csrf(bool $return = false): string {
 	return CsrfToken::create($return);
 }
 function csrfToken(): string {
 	return CsrfToken::get();
 }
 function isValidToken(): bool {
 	$token = $_POST['csrf_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
 	return (!isRequestMethod('post') || (isset($token) && CsrfToken::isValid($token)));
 }
 function csrfProtect(): void
 {
 	if (!isValidToken()) {
 		$lastUri = BASE_URL . str_replace_first('/', '', getSession('last_uri'));
 		echo 'Request has been cancelled due to security reasons - token is invalid. Go <a href="' . $lastUri . '">back</a>';
 		exit();
 	}
 }
 function getTopPlayers($limit = 5) {
 	global $db;
@@ -1214,70 +1162,64 @@ function setting($key)
 function clearCache()
 {
 	require_once LIBS . 'news.php';
 	News::clearCache();
 	$cache = Cache::getInstance();
 	if($cache->enabled()) {
 		$keysToClear = [
 			'status', 'templates',
 			'config_lua',
 			'towns', 'groups', 'vocations',
 			'visitors', 'views_counter', 'failed_logins',
 			'template_menus',
 			'last_kills',
 			'hooks', 'plugins_hooks', 'plugins_routes', 'plugins_settings', 'plugins_themes', 'plugins_commands',
 			'settings',
 		];
 		foreach (get_templates() as $template) {
 			$keysToClear[] = 'template_ini_' . $template;
 		}
 		// highscores cache
 		$configHighscoresPerPage = setting('core.highscores_per_page');
 		$skills = [POT::SKILL_FIST, POT::SKILL_CLUB, POT::SKILL_SWORD, POT::SKILL_AXE, POT::SKILL_DIST, POT::SKILL_SHIELD, POT::SKILL_FISH, POT::SKILL_LEVEL, POT::SKILL__MAGLEVEL, SKILL_FRAGS, SKILL_BALANCE];
 		foreach ($skills as $skill) {
 			// config('vocations') may be empty after previous cache clear
 			$vocations = (config('vocations') ?? []) + ['all'];
 			foreach ($vocations as $vocation) {
 				for($page = 0; $page < 10; $page++) {
 					$cacheKey = 'highscores_' . $skill . '_' . strtolower($vocation) . '_' . $page . '_' . $configHighscoresPerPage;
 					$keysToClear[] = $cacheKey;
 				}
 			}
 		}
 		foreach ($keysToClear as $item) {
 		$tmp = '';
 			if ($cache->fetch($item, $tmp)) {
 				$cache->delete($item);
 			}
 		}
-		global $db;
+		if ($cache->fetch('status', $tmp))
-		$db->setClearCacheAfter(true);
+			$cache->delete('status');
 		if ($cache->fetch('templates', $tmp))
 			$cache->delete('templates');
 		if ($cache->fetch('config_lua', $tmp))
 			$cache->delete('config_lua');
 		if ($cache->fetch('vocations', $tmp))
 			$cache->delete('vocations');
 		if ($cache->fetch('towns', $tmp))
 			$cache->delete('towns');
 		if ($cache->fetch('groups', $tmp))
 			$cache->delete('groups');
 		if ($cache->fetch('visitors', $tmp))
 			$cache->delete('visitors');
 		if ($cache->fetch('views_counter', $tmp))
 			$cache->delete('views_counter');
 		if ($cache->fetch('failed_logins', $tmp))
 			$cache->delete('failed_logins');
 		global $template_name;
 		if ($cache->fetch('template_ini' . $template_name, $tmp))
 			$cache->delete('template_ini' . $template_name);
 		if ($cache->fetch('plugins_hooks', $tmp))
 			$cache->delete('plugins_hooks');
 		if ($cache->fetch('plugins_routes', $tmp))
 			$cache->delete('plugins_routes');
 	}
 	deleteDirectory(CACHE . 'signatures', ['index.html'], true);
 	deleteDirectory(CACHE . 'twig', ['index.html'], true);
 	deleteDirectory(CACHE . 'plugins', ['index.html'], true);
-	deleteDirectory(CACHE, ['signatures', 'twig', 'plugins', 'index.html', 'persistent'], true);
+	deleteDirectory(CACHE, ['signatures', 'twig', 'plugins', 'index.html'], true);
 	// routes cache
 	clearRouteCache();
 	global $hooks;
 	$hooks->trigger(HOOK_CACHE_CLEAR, ['cache' => Cache::getInstance()]);
 	return true;
 }
 function clearRouteCache(): void
 {
 	$routeCacheFile = CACHE . 'route.cache';
 	if (file_exists($routeCacheFile)) {
 		unlink($routeCacheFile);
 	}
 	return true;
 }
 function getCustomPageInfo($name)
@@ -1319,6 +1261,13 @@ function getCustomPage($name, &$success): string
 			else
 				$tmp = $page['body'];
 			$php_errors = array();
 			function error_handler($errno, $errstr) {
 				global $php_errors;
 				$php_errors[] = array('errno' => $errno, 'errstr' => $errstr);
 			}
 			set_error_handler('error_handler');
 			global $config;
 			if(setting('core.backward_support')) {
 				global $SQL, $main_content, $subtopic;
@@ -1328,6 +1277,11 @@ function getCustomPage($name, &$success): string
 			eval($tmp);
 			$content .= ob_get_contents();
 			ob_end_clean();
 			restore_error_handler();
 			if(isset($php_errors[0]) && superAdmin()) {
 				var_dump($php_errors);
 			}
 		}
 		else {
 			$oldLoader = $twig->getLoader();
@@ -1497,7 +1451,7 @@ function echo_success($message)
 function echo_error($message)
 {
 	global $error;
-	echo '<div class="col-12 alert alert-danger mb-2">' . $message . '</div>';
+	echo '<div class="col-12 alert alert-error mb-2">' . $message . '</div>';
 	$error = true;
 }
@@ -1571,19 +1525,18 @@ function right($str, $length) {
 	return substr($str, -$length);
 }
-function getMonsterImgPath($monster): string
+function getCreatureImgPath($creature){
-{
+	$creature_path = setting('core.monsters_images_url');
-	$monster_path = setting('core.monsters_images_url');
+	$creature_gfx_name = trim(strtolower($creature)) . setting('core.monsters_images_extension');
-	$monster_gfx_name = trim(strtolower($monster)) . setting('core.monsters_images_extension');
+	if (!file_exists($creature_path . $creature_gfx_name)) {
-	if (!file_exists($monster_path . $monster_gfx_name)) {
+		$creature_gfx_name = str_replace(" ", "", $creature_gfx_name);
-		$monster_gfx_name = str_replace(" ", "", $monster_gfx_name);
+		if (file_exists($creature_path . $creature_gfx_name)) {
-		if (file_exists($monster_path . $monster_gfx_name)) {
+			return $creature_path . $creature_gfx_name;
 			return $monster_path . $monster_gfx_name;
 		} else {
-			return $monster_path . 'nophoto.png';
+			return $creature_path . 'nophoto.png';
 		}
 	} else {
-		return $monster_path . $monster_gfx_name;
+		return $creature_path . $creature_gfx_name;
 	}
 }
@@ -1634,7 +1587,7 @@ function removeIfFirstSlash(&$text) {
 };
 function escapeHtml($html) {
-	return htmlspecialchars($html);
+	return htmlentities($html, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
 }
 function getGuildNameById($id)
@@ -1653,7 +1606,7 @@ function getGuildLogoById($id)
 	$guild = Guild::where('id', intval($id))->select('logo_name')->first();
 	if ($guild) {
-		$guildLogo = $guild->logo_name;
+		$guildLogo = $query->logo_name;
 		if (!empty($guildLogo) && file_exists(GUILD_IMAGES_DIR . $guildLogo)) {
 			$logo = $guildLogo;
@@ -1671,15 +1624,8 @@ function displayErrorBoxWithBackButton($errors, $action = null) {
 	]);
 }
 function makeLinksClickable($text, $blank = true) {
 	return preg_replace('!(((f|ht)tp(s)?://)[-a-zA-Zа-яА-Я()0-9@:%_+.~#?&;//=]+)!i', '<a href="$1"' . (!$blank ?: ' target="_blank"') . '>$1</a>', $text);
 }
 function isRequestMethod(string $method): bool {
 	return strtolower($_SERVER['REQUEST_METHOD']) == strtolower($method);
 }
 // validator functions
 require_once LIBS . 'validator.php';
 require_once SYSTEM . 'compat/base.php';
 // custom functions
--- a/system/src/global.php
+++ b/system/src/global.php
@@ -1,10 +1,15 @@
 <?php
-
+/**
-const SKILL_FRAGS = -1;
+ * Events system
-const SKILL_BALANCE = -2;
+ *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $i = 0;
 define('HOOK_STARTUP', ++$i);
 define('HOOK_BEFORE_PAGE', ++$i);
 define('HOOK_AFTER_PAGE', ++$i);
@@ -53,7 +58,6 @@ define('HOOK_ACCOUNT_LOGIN_AFTER_PASSWORD', ++$i);
 define('HOOK_ACCOUNT_LOGIN_AFTER_REMEMBER_ME', ++$i);
 define('HOOK_ACCOUNT_LOGIN_AFTER_PAGE', ++$i);
 define('HOOK_ACCOUNT_LOGIN_POST', ++$i);
 define('HOOK_ACCOUNT_CREATE_CHARACTER_AFTER', ++$i);
 define('HOOK_ADMIN_HEAD_END', ++$i);
 define('HOOK_ADMIN_HEAD_START', ++$i);
 define('HOOK_ADMIN_BODY_START', ++$i);
@@ -72,36 +76,87 @@ define('HOOK_GUILDS_AFTER_GUILD_HEADER', ++$i);
 define('HOOK_GUILDS_AFTER_GUILD_INFORMATION', ++$i);
 define('HOOK_GUILDS_AFTER_GUILD_MEMBERS', ++$i);
 define('HOOK_GUILDS_AFTER_INVITED_CHARACTERS', ++$i);
 define('HOOK_TWIG', ++$i);
 define('HOOK_CACHE_CLEAR', ++$i);
 const HOOK_FIRST = HOOK_STARTUP;
 define('HOOK_LAST', $i);
-function is_sub_dir($path = NULL, $parent_folder = BASE): bool|string
+require_once LIBS . 'plugins.php';
 class Hook
 {
-	//Get directory path minus last folder
+	private $_name, $_type, $_file;
 	$dir = dirname($path);
 	$folder = substr($path, strlen($dir));
-	//Check the base dir is valid
+	public function __construct($name, $type, $file) {
-	$dir = realpath($dir);
+		$this->_name = $name;
-
+		$this->_type = $type;
-	//Only allow valid filename characters
+		$this->_file = $file;
 	$folder = preg_replace('/[^a-z0-9\.\-_]/i', '', $folder);
 	//If this is a bad path or a bad end folder name
 	if( !$dir OR !$folder OR $folder === '.') {
 		return false;
 	}
-	//Rebuild path
+	public function execute($params)
-	$path = $dir. '/' . $folder;
+	{
 		global $db, $config, $template_path, $ots, $content, $twig;
-	//If this path is higher than the parent folder
+		if(is_callable($this->_file))
-	if( strcasecmp($path, $parent_folder) > 0 ) {
+		{
-		return $path;
+			$params['db'] = $db;
 			$params['config'] = $config;
 			$params['template_path'] = $template_path;
 			$params['ots'] = $ots;
 			$params['content'] = $content;
 			$params['twig'] = $twig;
 			$tmp = $this->_file;
 			$ret = $tmp($params);
 		}
 		else {
 			extract($params);
 			$ret = include BASE . $this->_file;
 		}
-	return false;
+		return !isset($ret) || $ret == 1 || $ret;
 	}
 	public function name() {return $this->_name;}
 	public function type() {return $this->_type;}
 }
 class Hooks
 {
 	private static $_hooks = array();
 	public function register($hook, $type = '', $file = null) {
 		if(!($hook instanceof Hook))
 			$hook = new Hook($hook, $type, $file);
 		self::$_hooks[$hook->type()][] = $hook;
 	}
 	public function trigger($type, $params = array())
 	{
 		$ret = true;
 		if(isset(self::$_hooks[$type]))
 		{
 			foreach(self::$_hooks[$type] as $name => $hook) {
 				/** @var $hook Hook */
 				if (!$hook->execute($params)) {
 					$ret = false;
 				}
 			}
 		}
 		return $ret;
 	}
 	public function exist($type) {
 		return isset(self::$_hooks[$type]);
 	}
 	public function load()
 	{
 		foreach(Plugins::getHooks() as $hook) {
 			$this->register($hook['name'], $hook['type'], $hook['file']);
 		}
 		Plugins::clearWarnings();
 	}
 }
--- a/system/init.php
+++ b/system/init.php
@@ -7,14 +7,6 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use DebugBar\StandardDebugBar;
 use MyAAC\Cache\Cache;
 use MyAAC\CsrfToken;
 use MyAAC\Hooks;
 use MyAAC\Settings;
 use MyAAC\Towns;
 defined('MYAAC') or die('Direct access not allowed!');
 if(!isset($config['installed']) || !$config['installed']) {
@@ -25,10 +17,6 @@ if(config('env') === 'dev') {
 	require SYSTEM . 'exception.php';
 }
 if (config('env') === 'dev' || getBoolean(config('enable_debugbar'))) {
 	$debugBar = new StandardDebugBar();
 }
 if(empty($config['server_path'])) {
 	throw new RuntimeException('Server Path has been not set. Go to config.php and set it.');
 }
@@ -42,12 +30,9 @@ if(isset($config['gzip_output']) && $config['gzip_output'] && isset($_SERVER['HT
 	ob_start('ob_gzhandler');
 // cache
 require_once SYSTEM . 'libs/cache.php';
 $cache = Cache::getInstance();
 // event system
 $hooks = new Hooks();
 $hooks->load();
 // twig
 require_once SYSTEM . 'twig.php';
@@ -55,24 +40,28 @@ require_once SYSTEM . 'twig.php';
 $action = $_REQUEST['action'] ?? '';
 define('ACTION', $action);
 // errors, is also often used
 $errors = [];
 // trim values we receive
-foreach($_POST as $var => $value) {
+if(isset($_POST))
 {
 	foreach($_POST as $var => $value) {
 		if(is_string($value)) {
 			$_POST[$var] = trim($value);
 		}
 	}
 }
-
+if(isset($_GET))
-foreach($_GET as $var => $value) {
+{
 	foreach($_GET as $var => $value) {
 		if(is_string($value))
 			$_GET[$var] = trim($value);
 	}
 }
-
+if(isset($_REQUEST))
-foreach($_REQUEST as $var => $value) {
+{
 	foreach($_REQUEST as $var => $value) {
 		if(is_string($value))
 			$_REQUEST[$var] = trim($value);
 	}
 }
 // load otserv config file
@@ -128,34 +117,21 @@ if(!isset($foundValue)) {
 $config['data_path'] = $foundValue;
 unset($foundValue);
 // POT
 require_once SYSTEM . 'libs/pot/OTS.php';
 $ots = POT::getInstance();
 $eloquentConnection = null;
 require_once SYSTEM . 'database.php';
 if ($config_lua_reload) {
 	clearCache();
 }
 // verify myaac tables exists in database
 if(!defined('MYAAC_INSTALL') && !$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table myaac_account_actions of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting ' . BASE_URL . 'install');
 }
 // execute migrations
 require SYSTEM . 'migrate.php';
 // settings
 require_once LIBS . 'Settings.php';
 $settings = Settings::getInstance();
 $settings->load();
 // csrf protection
 $token = getSession('csrf_token');
 if (!isset($token) || !$token) {
 	CsrfToken::generate();
 }
 // deprecated config values
 require_once SYSTEM . 'compat/config.php';
@@ -177,4 +153,5 @@ define('USE_ACCOUNT_NAME', $db->hasColumn('accounts', 'name'));
 define('USE_ACCOUNT_NUMBER', $db->hasColumn('accounts', 'number'));
 define('USE_ACCOUNT_SALT', $db->hasColumn('accounts', 'salt'));
 require LIBS . 'Towns.php';
 Towns::load();
--- a/system/libs/CreateCharacter.php
+++ b/system/libs/CreateCharacter.php
@@ -1,7 +1,5 @@
 <?php
 namespace MyAAC;
 use MyAAC\Models\Player;
 /**
@@ -52,8 +50,8 @@ class CreateCharacter
 			return false;
 		}
-		if(!admin() && !\Validator::newCharacterName($name)) {
+		if(!admin() && !Validator::newCharacterName($name)) {
-			$errors['name'] = \Validator::getLastError();
+			$errors['name'] = Validator::getLastError();
 			return false;
 		}
@@ -73,7 +71,7 @@ class CreateCharacter
 	 * @param array $errors
 	 * @return bool
 	 */
-	public function check($name, $sex, ?int &$vocation, ?int &$town, &$errors)
+	public function check($name, $sex, &$vocation, &$town, &$errors)
 	{
 		$this->checkName($name, $errors);
@@ -125,13 +123,13 @@ class CreateCharacter
 	 * @param int $sex
 	 * @param int $vocation
 	 * @param int $town
-	 * @param \OTS_Account $account
+	 * @param OTS_Account $account
 	 * @param array $errors
 	 * @return bool
-	 * @throws \E_OTS_NotLoaded
+	 * @throws E_OTS_NotLoaded
-	 * @throws \Twig_Error_Loader
+	 * @throws Twig_Error_Loader
-	 * @throws \Twig_Error_Runtime
+	 * @throws Twig_Error_Runtime
-	 * @throws \Twig_Error_Syntax
+	 * @throws Twig_Error_Syntax
 	 */
 	public function doCreate($name, $sex, $vocation, $town, $account, &$errors)
 	{
@@ -149,7 +147,7 @@ class CreateCharacter
 		if(empty($errors))
 		{
 			$char_to_copy_name = config('character_samples')[$vocation];
-			$char_to_copy = new \OTS_Player();
+			$char_to_copy = new OTS_Player();
 			$char_to_copy->find($char_to_copy_name);
 			if(!$char_to_copy->isLoaded())
 				$errors[] = 'Wrong characters configuration. Try again or contact with admin. ADMIN: Go to Admin Panel -> Settings -> Create Character and set valid characters to copy names. Character to copy: <b>'.$char_to_copy_name.'</b> doesn\'t exist.';
@@ -164,7 +162,7 @@ class CreateCharacter
 		if($sex == "0")
 			$char_to_copy->setLookType(136);
-		$player = new \OTS_Player();
+		$player = new OTS_Player();
 		$player->setName($name);
 		$player->setAccount($account);
 		$player->setGroupId(1);
@@ -196,7 +194,7 @@ class CreateCharacter
 		$player->setManaSpent($char_to_copy->getManaSpent());
 		$player->setSoul($char_to_copy->getSoul());
-		for($skill = \POT::SKILL_FIRST; $skill <= \POT::SKILL_LAST; $skill++) {
+		for($skill = POT::SKILL_FIRST; $skill <= POT::SKILL_LAST; $skill++) {
 			$value = 10;
 			if (setting('core.use_character_sample_skills')) {
 				$value = $char_to_copy->getSkill($skill);
@@ -233,7 +231,7 @@ class CreateCharacter
 		$player->save();
 		$player->setCustomField('created', time());
-		$player = new \OTS_Player();
+		$player = new OTS_Player();
 		$player->find($name);
 		if(!$player->isLoaded()) {
@@ -242,7 +240,7 @@ class CreateCharacter
 		}
 		if($db->hasTable('player_skills')) {
-			for($skill = \POT::SKILL_FIRST; $skill <= \POT::SKILL_LAST; $skill++) {
+			for($skill = POT::SKILL_FIRST; $skill <= POT::SKILL_LAST; $skill++) {
 				$value = 10;
 				if (setting('core.use_character_sample_skills')) {
 					$value = $char_to_copy->getSkill($skill);
@@ -262,20 +260,6 @@ class CreateCharacter
 			}
 		}
 		global $hooks;
 		if (!$hooks->trigger(HOOK_ACCOUNT_CREATE_CHARACTER_AFTER,
 			[
 				'account' => $account,
 				'player' => $player,
 				'name' => $name,
 				'sex' => $sex,
 				'vocation' => $vocation,
 				'town' => $town,
 			]
 		)) {
 			return false;
 		}
 		global $twig;
 		$twig->display('success.html.twig', array(
 			'title' => 'Character Created',
--- a/system/libs/DataLoader.php
+++ b/system/libs/DataLoader.php
@@ -23,8 +23,9 @@
 * @link      https://my-aac.org
 */
-namespace MyAAC;
+/**
-
+ * Class DataLoader
 */
 class DataLoader
 {
 	private static $locale;
@@ -37,6 +38,7 @@ class DataLoader
 	{
 		self::$startTime = microtime(true);
 		require LIBS . 'items.php';
 		if(Items::loadFromXML()) {
 			success(self::$locale['step_database_loaded_items'] . self::getLoadedTime());
 		}
@@ -46,20 +48,22 @@ class DataLoader
 		self::$startTime = microtime(true);
-		if(Monsters::loadFromXML()) {
+		require LIBS . 'creatures.php';
 		if(Creatures::loadFromXML()) {
 			success(self::$locale['step_database_loaded_monsters'] . self::getLoadedTime());
-			if(Monsters::getMonstersList()->hasErrors()) {
+			if(Creatures::getMonstersList()->hasErrors()) {
 				self::$locale['step_database_error_monsters'] = str_replace('$LOG$', 'system/logs/error.log', self::$locale['step_database_error_monsters']);
 				warning(self::$locale['step_database_error_monsters']);
 			}
 		}
 		else {
-			error(Monsters::getLastError());
+			error(Creatures::getLastError());
 		}
 		self::$startTime = microtime(true);
 		require_once LIBS . 'npc.php';
 		if(NPCs::loadFromXML()) {
 			success(self::$locale['step_database_loaded_npcs'] . self::getLoadedTime());
 		}
@@ -69,6 +73,7 @@ class DataLoader
 		self::$startTime = microtime(true);
 		require LIBS . 'spells.php';
 		if(Spells::loadFromXML()) {
 			success(self::$locale['step_database_loaded_spells'] . self::getLoadedTime());
 		}
@@ -87,6 +92,7 @@ class DataLoader
 		self::$startTime = microtime(true);
 		require LIBS . 'weapons.php';
 		if(Weapons::loadFromXML()) {
 			success(self::$locale['step_database_loaded_weapons'] . self::getLoadedTime());
 		}
--- a/system/libs/SensitiveException.php
+++ b/system/libs/SensitiveException.php
@@ -0,0 +1,3 @@
 <?php
 class SensitiveException extends Exception {}
--- a/system/libs/Settings.php
+++ b/system/libs/Settings.php
@@ -1,11 +1,17 @@
 <?php
 namespace MyAAC;
 use MyAAC\Cache\Cache;
 use MyAAC\Models\Settings as ModelsSettings;
-class Settings implements \ArrayAccess
+/**
 * CreateCharacter
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
 class Settings implements ArrayAccess
 {
 	static private $instance;
 	private $settingsFile = [];
@@ -38,7 +44,8 @@ class Settings implements \ArrayAccess
 		}
 		$settings = ModelsSettings::all();
-		foreach ($settings as $setting) {
+		foreach ($settings as $setting)
 		{
 			$this->settingsDatabase[$setting->name][$setting->key] = $setting->value;
 		}
@@ -47,12 +54,9 @@ class Settings implements \ArrayAccess
 		}
 	}
-	public function save($pluginName, $values)
+	public function save($pluginName, $values) {
 	{
 		$this->loadPlugin($pluginName);
 		if (!isset($this->settingsFile[$pluginName])) {
-			throw new \RuntimeException("Error on save settings: plugin $pluginName does not exist");
+			throw new RuntimeException('Error on save settings: plugin does not exist');
 		}
 		$settings = $this->settingsFile[$pluginName];
@@ -87,27 +91,23 @@ class Settings implements \ArrayAccess
 					'key' => $key,
 					'value' => $value
 				]);
-			} catch (\PDOException $error) {
+			} catch (PDOException $error) {
 				$this->errors[] = 'Error while saving setting (' . $pluginName . ' - ' . $key . '): ' . $error->getMessage();
 			}
 		}
-		$this->clearCache();
+		$cache = Cache::getInstance();
 		if ($cache->enabled()) {
 			$cache->delete('settings');
 		}
 		return true;
 	}
 	public function updateInDatabase($pluginName, $key, $value)
 	{
 		if (ModelsSettings::where(['name' => $pluginName, 'key' => $key])->exists()) {
 		ModelsSettings::where(['name' => $pluginName, 'key' => $key])->update(['value' => $value]);
 	}
 		else {
 			// insert new
 			ModelsSettings::create(['name' => $pluginName, 'key' => $key, 'value' => $value]);
 		}
 		$this->clearCache();
 	}
 	public function deleteFromDatabase($pluginName, $key = null)
 	{
@@ -117,8 +117,6 @@ class Settings implements \ArrayAccess
 		else {
 			ModelsSettings::where('name', $pluginName)->where('key', $key)->delete();
 		}
 		$this->clearCache();
 	}
 	public static function display($plugin, $settings): array
@@ -131,9 +129,6 @@ class Settings implements \ArrayAccess
 			if (is_bool($value)) {
 				$settingsDb[$key] = $value ? 'true' : 'false';
 			}
 			elseif (is_array($value)) {
 				$settingsDb[$key] = $value;
 			}
 			else {
 				$settingsDb[$key] = (string)$value;
 			}
@@ -251,10 +246,6 @@ class Settings implements \ArrayAccess
 				}
 				else if($setting['type'] === 'textarea') {
 					if (isset($settingsDb[$key]) && is_array($settingsDb[$key])) {
 						$settingsDb[$key] = implode(',', $settingsDb[$key]);
 					}
 					$value = ($settingsDb[$key] ?? ($setting['default'] ?? ''));
 					$valueWithSpaces = array_map('trim', preg_split('/\r\n|\r|\n/', trim($value)));
 					$rows = count($valueWithSpaces);
@@ -289,7 +280,7 @@ class Settings implements \ArrayAccess
 					}
 					else if ($setting['options'] == '$timezones') {
 						$timezones = [];
-						foreach (\DateTimeZone::listIdentifiers() as $value) {
+						foreach (DateTimeZone::listIdentifiers() as $value) {
 							$timezones[$value] = $value;
 						}
@@ -328,7 +319,7 @@ class Settings implements \ArrayAccess
 						</td>
 						<td>
 							<div class="well setting-default"><?php
-								echo (isset($setting['desc']) ? makeLinksClickable($setting['desc']) : '');
+								echo ($setting['desc'] ?? '');
 								echo '<br/>';
 								echo '<strong>Default:</strong> ';
@@ -339,7 +330,7 @@ class Settings implements \ArrayAccess
 									echo $setting['default'];
 								}
 								else if ($setting['type'] === 'options') {
-									if (is_int($setting['default']) || !empty($setting['default'])) {
+									if (!empty($setting['default'])) {
 										echo $setting['options'][$setting['default']];
 									}
 								}
@@ -382,6 +373,7 @@ class Settings implements \ArrayAccess
 		}
 		$this->settingsDatabase[$pluginKeyName][$key] = $value;
 		$this->updateInDatabase($pluginKeyName, $key, $value);
 	}
 	#[\ReturnTypeWillChange]
@@ -422,6 +414,7 @@ class Settings implements \ArrayAccess
 		unset($this->settingsFile[$pluginKeyName]['settings'][$key]);
 		unset($this->settingsDatabase[$pluginKeyName][$key]);
 		$this->deleteFromDatabase($pluginKeyName, $key);
 	}
 	/**
@@ -448,7 +441,7 @@ class Settings implements \ArrayAccess
 		// return specified plugin settings (all)
 		if(!isset($key)) {
 			if (!isset($this->settingsFile[$pluginKeyName]['settings'])) {
-				throw new \RuntimeException('Unknown plugin settings: ' . $pluginKeyName);
+				throw new RuntimeException('Unknown plugin settings: ' . $pluginKeyName);
 			}
 			return $this->settingsFile[$pluginKeyName]['settings'];
 		}
@@ -464,15 +457,9 @@ class Settings implements \ArrayAccess
 			$ret['value'] = $value;
 		}
 		else {
 			if (!isset($this->settingsFile[$pluginKeyName]['settings'][$key])) {
 				return null;
 			}
 			$ret['value'] = $this->settingsFile[$pluginKeyName]['settings'][$key]['default'];
 		}
 		$ret['key'] = $key;
 		if(isset($ret['type'])) {
 			switch($ret['type']) {
 				case 'boolean':
@@ -545,11 +532,8 @@ class Settings implements \ArrayAccess
 	public static function saveConfig($config, $filename, &$content = '')
 	{
-		$content = "<?php" . PHP_EOL;
+		$content = "<?php" . PHP_EOL .
-
+			"\$config['installed'] = true;" . PHP_EOL;
 		unset($config['installed']);
 		$content .= "\$config['installed'] = true;" . PHP_EOL;
 		foreach ($config as $key => $value) {
 			$content .= "\$config['$key'] = ";
@@ -557,10 +541,10 @@ class Settings implements \ArrayAccess
 			$content .= ';' . PHP_EOL;
 		}
-		$success = @file_put_contents($filename, $content);
+		$success = file_put_contents($filename, $content);
 		// we saved new config.php, need to revalidate cache (only if opcache is enabled)
-		if ($success && function_exists('opcache_invalidate')) {
+		if (function_exists('opcache_invalidate')) {
 			opcache_invalidate($filename);
 		}
@@ -594,10 +578,10 @@ class Settings implements \ArrayAccess
 		}
 		try {
-			$connectionTest = new \PDO('mysql:' . implode(';', $dns), $user, $password);
+			$connectionTest = new PDO('mysql:' . implode(';', $dns), $user, $password);
-			$connectionTest->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
+			$connectionTest->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 		}
-		catch(\PDOException $error) {
+		catch(PDOException $error) {
 			error('MySQL connection failed. Settings has been reverted.');
 			error($error->getMessage());
 			return false;
@@ -606,15 +590,7 @@ class Settings implements \ArrayAccess
 		return true;
 	}
-	public function getErrors(): array {
+	public function getErrors() {
 		return $this->errors;
 	}
 	public function clearCache(): void
 	{
 		$cache = Cache::getInstance();
 		if ($cache->enabled()) {
 			$cache->delete('settings');
 		}
 	}
 }
--- a/system/libs/Towns.php
+++ b/system/libs/Towns.php
@@ -23,16 +23,17 @@
 * @link      https://my-aac.org
 */
 namespace MyAAC;
 use MyAAC\Models\Town;
 /**
 * Class Towns
 */
 class Towns
 {
 	/**
 	 * @var string
 	 */
-	private static $filename = CACHE . 'persistent/' . 'towns.php';
+	private static $filename = CACHE . 'towns.php';
 	/**
 	 * Determine towns
@@ -108,6 +109,7 @@ class Towns
 		if (file_exists($mapFile)) {
 			ini_set('memory_limit', '-1');
 			require LIBS . 'TownsReader.php';
 			$townsReader = new TownsReader($mapFile);
 			$townsReader->load();
--- a/system/libs/TownsReader.php
+++ b/system/libs/TownsReader.php
@@ -19,10 +19,8 @@
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */
 namespace MyAAC;
 /*
-    This code bases on original OTServ code for .otbm files - file iomapotbm.cpp rev.2141
+    This code bases on oryginal OTServ code for .otbm files - file iomapotbm.cpp rev.2141
 */
 class TownsReader
 {
--- a/system/src/Cache/Cache.php
+++ b/system/src/Cache/Cache.php
@@ -8,8 +8,7 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
-
+defined('MYAAC') or die('Direct access not allowed!');
 namespace MyAAC\Cache;
 /**
 * Class Cache
@@ -42,30 +41,40 @@ class Cache
 	 */
 	public static function generateInstance($engine = '', $prefix = '')
 	{
-		if (config('env') === 'dev') {
+		if(config('env') === 'dev') {
 			self::$instance = new self();
 			return self::$instance;
 		}
-		switch (strtolower($engine)) {
+		switch(strtolower($engine)) {
 			case 'apc':
-				self::$instance = new APC($prefix);
+				require 'cache_apc.php';
 				self::$instance = new Cache_APC($prefix);
 				break;
 			case 'apcu':
-				self::$instance = new APCu($prefix);
+				require 'cache_apcu.php';
 				self::$instance = new Cache_APCu($prefix);
 				break;
 			case 'eaccelerator':
 				require 'cache_eaccelerator.php';
 				self::$instance = new Cache_eAccelerator($prefix);
 				break;
 			case 'xcache':
-				self::$instance = new XCache($prefix);
+				require 'cache_xcache.php';
 				self::$instance = new Cache_XCache($prefix);
 				break;
 			case 'file':
-				self::$instance = new File($prefix, CACHE);
+				require 'cache_file.php';
 				self::$instance = new Cache_File($prefix, CACHE);
 				break;
 			case 'php':
-				self::$instance = new PHP($prefix, CACHE);
+				require 'cache_php.php';
 				self::$instance = new Cache_PHP($prefix, CACHE);
 				break;
 			case 'auto':
@@ -85,11 +94,13 @@ class Cache
 	 */
 	public static function detect()
 	{
-		if (function_exists('apc_fetch'))
+		if(function_exists('apc_fetch'))
 			return 'apc';
-		else if (function_exists('apcu_fetch'))
+		else if(function_exists('apcu_fetch'))
 			return 'apcu';
-		else if (function_exists('xcache_get') && ini_get('xcache.var_size'))
+		else if(function_exists('eaccelerator_get'))
 			return 'eaccelerator';
 		else if(function_exists('xcache_get') && ini_get('xcache.var_size'))
 			return 'xcache';
 		return 'file';
@@ -98,15 +109,12 @@ class Cache
 	/**
 	 * @return bool
 	 */
-	public function enabled()
+	public function enabled() {return false;}
 	{
 		return false;
 	}
 	public static function remember($key, $ttl, $callback)
 	{
 		$cache = self::getInstance();
-		if (!$cache->enabled()) {
+		if(!$cache->enabled()) {
 			return $callback();
 		}
@@ -116,7 +124,7 @@ class Cache
 		}
 		$value = $callback();
-		$cache->set($key, serialize($value), $ttl);
+		$cache->set($key, serialize($value),$ttl);
 		return $value;
 	}
 }
--- a/system/libs/cache_apc.php
+++ b/system/libs/cache_apc.php
@@ -8,10 +8,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-namespace MyAAC\Cache;
+class Cache_APC
 class APC
 {
 	private $prefix;
 	private $enabled;
@@ -32,25 +31,22 @@ class APC
 	public function get($key)
 	{
 		$tmp = '';
-		if ($this->fetch($this->prefix . $key, $tmp)) {
+		if($this->fetch($this->prefix . $key, $tmp)) {
 			return $tmp;
 		}
 		return '';
 	}
-	public function fetch($key, &$var)
+	public function fetch($key, &$var) {
 	{
 		return ($var = apc_fetch($this->prefix . $key)) !== false;
 	}
-	public function delete($key)
+	public function delete($key) {
 	{
 		apc_delete($this->prefix . $key);
 	}
-	public function enabled()
+	public function enabled() {
 	{
 		return $this->enabled;
 	}
 }
--- a/system/libs/cache_apcu.php
+++ b/system/libs/cache_apcu.php
@@ -8,10 +8,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-namespace MyAAC\Cache;
+class Cache_APCu
 class APCu
 {
 	private $prefix;
 	private $enabled;
@@ -32,25 +31,22 @@ class APCu
 	public function get($key)
 	{
 		$tmp = '';
-		if ($this->fetch($this->prefix . $key, $tmp)) {
+		if($this->fetch($this->prefix . $key, $tmp)) {
 			return $tmp;
 		}
 		return '';
 	}
-	public function fetch($key, &$var)
+	public function fetch($key, &$var) {
 	{
 		return ($var = apcu_fetch($this->prefix . $key)) !== false;
 	}
-	public function delete($key)
+	public function delete($key) {
 	{
 		apcu_delete($this->prefix . $key);
 	}
-	public function enabled()
+	public function enabled() {
 	{
 		return $this->enabled;
 	}
 }
--- a/system/libs/cache_eaccelerator.php
+++ b/system/libs/cache_eaccelerator.php
@@ -0,0 +1,51 @@
 <?php
 /**
 * Cache eAccelerator class
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @author    Mark Samman (Talaturen) <marksamman@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 class Cache_eAccelerator
 {
 	private $prefix;
 	private $enabled;
 	public function __construct($prefix = '') {
 		$this->prefix = $prefix;
 		$this->enabled = function_exists('eaccelerator_get');
 	}
 	public function set($key, $var, $ttl = 0)
 	{
 		$key = $this->prefix . $key;
 		eaccelerator_rm($key);
 		eaccelerator_put($key, $var, $ttl);
 	}
 	public function get($key)
 	{
 		$tmp = '';
 		if($this->fetch($this->prefix . $key, $tmp)) {
 			return $tmp;
 		}
 		return '';
 	}
 	public function fetch($key, &$var) {
 		return ($var = eaccelerator_get($this->prefix . $key)) !== null;
 	}
 	public function delete($key) {
 		eaccelerator_rm($this->prefix . $key);
 	}
 	public function enabled() {
 		return $this->enabled;
 	}
 }
--- a/system/libs/cache_file.php
+++ b/system/libs/cache_file.php
@@ -7,17 +7,15 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-namespace MyAAC\Cache;
+class Cache_File
 class File
 {
 	private $prefix;
 	private $dir;
 	private $enabled;
-	public function __construct($prefix = '', $dir = '')
+	public function __construct($prefix = '', $dir = '') {
 	{
 		$this->prefix = $prefix;
 		$this->dir = $dir;
 		$this->enabled = (file_exists($this->dir) && is_dir($this->dir) && is_writable($this->dir));
@@ -38,7 +36,7 @@ class File
 	public function get($key)
 	{
 		$tmp = '';
-		if ($this->fetch($key, $tmp)) {
+		if($this->fetch($key, $tmp)) {
 			return $tmp;
 		}
@@ -48,7 +46,7 @@ class File
 	public function fetch($key, &$var)
 	{
 		$file = $this->_name($key);
-		if (!file_exists($file) || filemtime($file) < time()) {
+		if(!file_exists($file) || filemtime($file) < time()) {
 			return false;
 		}
@@ -59,18 +57,16 @@ class File
 	public function delete($key)
 	{
 		$file = $this->_name($key);
-		if (file_exists($file)) {
+		if(file_exists($file)) {
 			unlink($file);
 		}
 	}
-	public function enabled()
+	public function enabled() {
 	{
 		return $this->enabled;
 	}
-	private function _name($key)
+	private function _name($key) {
 	{
 		return sprintf('%s%s%s', $this->dir, $this->prefix, sha1($key));
 	}
 }
--- a/system/libs/cache_php.php
+++ b/system/libs/cache_php.php
@@ -7,17 +7,15 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-namespace MyAAC\Cache;
+class Cache_PHP
 class PHP
 {
 	private $prefix;
 	private $dir;
 	private $enabled;
-	public function __construct($prefix = '', $dir = '')
+	public function __construct($prefix = '', $dir = '') {
 	{
 		$this->prefix = $prefix;
 		$this->dir = $dir;
 		$this->enabled = (file_exists($this->dir) && is_dir($this->dir) && is_writable($this->dir));
@@ -44,7 +42,7 @@ class PHP
 	public function get($key)
 	{
 		$tmp = '';
-		if ($this->fetch($key, $tmp)) {
+		if($this->fetch($key, $tmp)) {
 			return $tmp;
 		}
@@ -54,7 +52,7 @@ class PHP
 	public function fetch($key, &$var)
 	{
 		$file = $this->_name($key);
-		if (!file_exists($file) || filemtime($file) < time()) {
+		if(!file_exists($file) || filemtime($file) < time()) {
 			return false;
 		}
@@ -66,18 +64,16 @@ class PHP
 	public function delete($key)
 	{
 		$file = $this->_name($key);
-		if (file_exists($file)) {
+		if(file_exists($file)) {
 			unlink($file);
 		}
 	}
-	public function enabled()
+	public function enabled() {
 	{
 		return $this->enabled;
 	}
-	private function _name($key)
+	private function _name($key) {
 	{
 		return sprintf('%s%s%s', $this->dir, $this->prefix, sha1($key) . '.php');
 	}
 }
--- a/system/libs/cache_xcache.php
+++ b/system/libs/cache_xcache.php
@@ -8,16 +8,14 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-namespace MyAAC\Cache;
+class Cache_XCache
 class XCache
 {
 	private $prefix;
 	private $enabled;
-	public function __construct($prefix = '')
+	public function __construct($prefix = '') {
 	{
 		$this->prefix = $prefix;
 		$this->enabled = function_exists('xcache_get') && ini_get('xcache.var_size');
 	}
@@ -32,7 +30,7 @@ class XCache
 	public function get($key)
 	{
 		$tmp = '';
-		if ($this->fetch($this->prefix . $key, $tmp)) {
+		if($this->fetch($this->prefix . $key, $tmp)) {
 			return $tmp;
 		}
@@ -42,7 +40,7 @@ class XCache
 	public function fetch($key, &$var)
 	{
 		$key = $this->prefix . $key;
-		if (!xcache_isset($key)) {
+		if(!xcache_isset($key)) {
 			return false;
 		}
@@ -50,13 +48,11 @@ class XCache
 		return true;
 	}
-	public function delete($key)
+	public function delete($key) {
 	{
 		xcache_unset($this->prefix . $key);
 	}
-	public function enabled()
+	public function enabled() {
 	{
 		return $this->enabled;
 	}
 }
--- a/system/libs/changelog.php
+++ b/system/libs/changelog.php
@@ -1,8 +1,5 @@
 <?php
 namespace MyAAC;
 use MyAAC\Cache\Cache;
 use MyAAC\Models\Changelog as ModelsChangelog;
 class Changelog
@@ -88,17 +85,16 @@ class Changelog
 		return true;
 	}
-	static public function toggleHide($id, &$errors, &$status)
+	static public function toggleHidden($id, &$errors, &$status)
 	{
 		if(isset($id))
 		{
 			$row = ModelsChangelog::find($id);
 			if ($row) {
-				$row->hide = $row->hide == 1 ? 0 : 1;
+				$row->hidden = $row->hidden == 1 ? 0 : 1;
 				if (!$row->save()) {
-					$errors[] = 'Fail during toggle hide Changelog.';
+					$errors[] = 'Fail during toggle hidden Changelog.';
 				}
 				$status = $row->hide;
 			} else {
 				$errors[] = 'Changelog with id ' . $id . ' does not exists.';
 			}
--- a/system/libs/creatures.php
+++ b/system/libs/creatures.php
@@ -9,13 +9,14 @@
 * @link      https://my-aac.org
 */
 namespace MyAAC;
 use MyAAC\Models\Monster;
-class Monsters {
+defined('MYAAC') or die('Direct access not allowed!');
 require_once LIBS . 'items.php';
 class Creatures {
 	/**
-	 * @var \OTS_MonstersList
+	 * @var OTS_MonstersList
 	 */
 	private static $monstersList;
 	private static $lastError = '';
@@ -23,7 +24,7 @@ class Monsters {
 	public static function loadFromXML($show = false) {
 		try {
 			Monster::query()->delete();
-		} catch(\Exception $error) {}
+		} catch(Exception $error) {}
 		if($show) {
 			echo '<h2>Reload monsters.</h2>';
@@ -31,9 +32,9 @@ class Monsters {
 		}
 		try {
-			self::$monstersList = new \OTS_MonstersList(config('data_path') . 'monster/');
+			self::$monstersList = new OTS_MonstersList(config('data_path') . 'monster/');
 		}
-		catch(\Exception $e) {
+		catch(Exception $e) {
 			self::$lastError = $e->getMessage();
 			return false;
 		}
@@ -118,7 +119,7 @@ class Monsters {
 			$summons = $monster->getSummons();
 			$loot = $monster->getLoot();
 			foreach($loot as &$item) {
-				if(!\Validator::number($item['id'])) {
+				if(!Validator::number($item['id'])) {
 					if(isset($items[$item['id']])) {
 						$item['id'] = $items[$item['id']];
 					}
@@ -160,7 +161,7 @@ class Monsters {
 						success('Added: ' . $name . '<br/>');
 					}
 				}
-				catch(\Exception $error) {
+				catch(Exception $error) {
 					if($show) {
 						warning('Error while adding monster (' . $name . '): ' . $error->getMessage());
 					}
--- a/system/libs/data.php
+++ b/system/libs/data.php
@@ -7,8 +7,7 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
-
+defined('MYAAC') or die('Direct access not allowed!');
 namespace MyAAC;
 class Data
 {
--- a/system/libs/forum.php
+++ b/system/libs/forum.php
@@ -8,13 +8,12 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
-
+defined('MYAAC') or die('Direct access not allowed!');
 namespace MyAAC;
 $settingForumTablePrefix = setting('core.forum_table_prefix');
 if(null !== $settingForumTablePrefix && !empty(trim($settingForumTablePrefix))) {
 	if(!in_array($settingForumTablePrefix, array('myaac_', 'z_'))) {
-		throw new \RuntimeException('Invalid value for forum_table_prefix in config.php. Can be only: "myaac_" or "z_".');
+		throw new RuntimeException('Invalid value for forum_table_prefix in config.php. Can be only: "myaac_" or "z_".');
 	}
 	define('FORUM_TABLE_PREFIX', $settingForumTablePrefix);
@@ -31,9 +30,9 @@ else {
 class Forum
 {
 	/**
-	 * @param \OTS_Account $account
+	 * @param OTS_Account $account
 	 * @return bool
-	 * @throws \E_OTS_NotLoaded
+	 * @throws E_OTS_NotLoaded
 	 */
 	public static function canPost($account)
 	{
@@ -155,14 +154,14 @@ class Forum
 		return !count($errors);
 	}
-	public static function toggleHide_board($id, &$errors)
+	public static function toggleHidden_board($id, &$errors)
 	{
 		global $db;
 		if(isset($id))
 		{
 			$query = self::get_board($id);
 			if($query !== false)
-				$db->update(TABLE_PREFIX . 'forum_boards', array('hide' => ($query['hide'] == 1 ? 0 : 1)), array('id' => $id));
+				$db->update(TABLE_PREFIX . 'forum_boards', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
 			else
 				$errors[] = 'Forum board with id ' . $id . ' does not exists.';
 		}
@@ -295,7 +294,7 @@ class Forum
 		$section = $sections[$board_id];
 		if($section['guild'] > 0) {
 			if($logged) {
-				$guild = new \OTS_Guild();
+				$guild = new OTS_Guild();
 				$guild->load($section['guild']);
 				$status = false;
 				if($guild->isLoaded()) {
@@ -323,3 +322,4 @@ class Forum
 		return $hasAccess;
 	}
 }
 ?>
--- a/system/libs/items.php
+++ b/system/libs/items.php
@@ -8,11 +8,7 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
-
+defined('MYAAC') or die('Direct access not allowed!');
 namespace MyAAC;
 use MyAAC\Cache\PHP as CachePHP;
 use MyAAC\Models\Spell;
 class Items
 {
@@ -27,7 +23,7 @@ class Items
 			return false;
 		}
-		$xml = new \DOMDocument;
+		$xml = new DOMDocument;
 		$xml->load($file_path);
 		$items = array();
@@ -43,7 +39,8 @@ class Items
 			}
 		}
-		$cache_php = new CachePHP(config('cache_prefix'), CACHE . 'persistent/');
+		require_once LIBS . 'cache_php.php';
 		$cache_php = new Cache_PHP(config('cache_prefix'), CACHE);
 		$cache_php->set('items', $items, 5 * 365 * 24 * 60 * 60);
 		return true;
 	}
@@ -70,7 +67,8 @@ class Items
 			return;
 		}
-		$cache_php = new CachePHP(config('cache_prefix'), CACHE . 'persistent/');
+		require_once LIBS . 'cache_php.php';
 		$cache_php = new Cache_PHP(config('cache_prefix'), CACHE);
 		self::$items = $cache_php->get('items');
 	}
@@ -112,7 +110,7 @@ class Items
 			$s .= 'an item of type ' . $item['id'];
 		if(isset($attr['type']) && strtolower($attr['type']) == 'rune') {
-			$item = Spell::where('item_id', $id)->first();
+			$item = Spells::where('item_id', $id)->first();
 			if($item) {
 				if($item->level > 0 && $item->maglevel > 0) {
 					$s .= '. ' . ($count > 1 ? "They" : "It") . ' can only be used by ';
--- a/system/libs/news.php
+++ b/system/libs/news.php
@@ -1,8 +1,5 @@
 <?php
 namespace MyAAC;
 use MyAAC\Cache\Cache;
 use MyAAC\Models\News as ModelsNews;
 class News
@@ -78,20 +75,18 @@ class News
 	static public function delete($id, &$errors)
 	{
-		if(isset($id)) {
+		if(isset($id))
 		{
 			$row = ModelsNews::find($id);
-			if($row) {
+			if($row)
 				if (!$row->delete()) {
 					$errors[] = 'Fail during delete News.';
 				}
-			}
+			else
 			else {
 				$errors[] = 'News with id ' . $id . ' does not exists.';
 		}
-		}
+		else
 		else {
 			$errors[] = 'News id not set.';
 		}
 		if(count($errors)) {
 			return false;
@@ -101,18 +96,18 @@ class News
 		return true;
 	}
-	static public function toggleHide($id, &$errors, &$status)
+	static public function toggleHidden($id, &$errors, &$status)
 	{
 		if(isset($id))
 		{
 			$row = ModelsNews::find($id);
 			if($row)
 			{
-				$row->hide = $row->hide == 1 ? 0 : 1;
+				$row->hidden = $row->hidden == 1 ? 0 : 1;
 				if (!$row->save()) {
-					$errors[] = 'Fail during toggle hide News.';
+					$errors[] = 'Fail during toggle hidden News.';
 				}
-				$status = $row->hide;
+				$status = $row->hidden;
 			}
 			else
 				$errors[] = 'News with id ' . $id . ' does not exists.';
--- a/system/libs/npc.php
+++ b/system/libs/npc.php
@@ -9,10 +9,7 @@
 * @copyright 2021 MyAAC
 * @link      https://my-aac.org
 */
-
+defined('MYAAC') or die('Direct access not allowed!');
 namespace MyAAC;
 use MyAAC\Cache\PHP as CachePHP;
 class NPCs
 {
@@ -25,7 +22,7 @@ class NPCs
 			return false;
 		$npcs = [];
-		$xml = new \DOMDocument();
+		$xml = new DOMDocument();
 		foreach (preg_grep('~\.(xml)$~i', scandir($npc_path)) as $npc) {
 			$xml->load($npc_path . $npc);
 			if ($xml) {
@@ -43,7 +40,8 @@ class NPCs
 			return false;
 		}
-		$cache_php = new CachePHP(config('cache_prefix'), CACHE . 'persistent/');
+		require_once LIBS . 'cache_php.php';
 		$cache_php = new Cache_PHP(config('cache_prefix'), CACHE);
 		$cache_php->set('npcs', $npcs, 5 * 365 * 24 * 60 * 60);
 		return true;
 	}
@@ -54,7 +52,8 @@ class NPCs
 			return;
 		}
-		$cache_php = new CachePHP(config('cache_prefix'), CACHE . 'persistent/');
+		require_once LIBS . 'cache_php.php';
 		$cache_php = new Cache_PHP(config('cache_prefix'), CACHE);
 		self::$npcs = $cache_php->get('npcs');
 	}
 }
--- a/system/libs/plugins.php
+++ b/system/libs/plugins.php
@@ -1,9 +1,44 @@
 <?php
 /**
 * Plugins class
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-namespace MyAAC;
+function is_sub_dir($path = NULL, $parent_folder = BASE) {
 	//Get directory path minus last folder
 	$dir = dirname($path);
 	$folder = substr($path, strlen($dir));
 	//Check the the base dir is valid
 	$dir = realpath($dir);
 	//Only allow valid filename characters
 	$folder = preg_replace('/[^a-z0-9\.\-_]/i', '', $folder);
 	//If this is a bad path or a bad end folder name
 	if( !$dir OR !$folder OR $folder === '.') {
 		return FALSE;
 	}
 	//Rebuild path
 	$path = $dir. '/' . $folder;
 	//If this path is higher than the parent folder
 	if( strcasecmp($path, $parent_folder) > 0 ) {
 		return $path;
 	}
 	return FALSE;
 }
 use Composer\Semver\Semver;
 use MyAAC\Cache\Cache;
 use MyAAC\Models\Menu;
 class Plugins {
@@ -23,33 +58,6 @@ class Plugins {
 		$routes = [];
 		foreach(self::getAllPluginsJson() as $plugin) {
 			//
 			// Get all plugins/*/pages/*.php pages
 			//
 			$pluginPages = glob(PLUGINS . $plugin['filename'] . '/pages/*.php');
 			foreach ($pluginPages as $file) {
 				$file = str_replace(PLUGINS, 'plugins/', $file);
 				$name = pathinfo($file, PATHINFO_FILENAME);
 				$routes[] = [['get', 'post'], $name, $file, 1000];
 			}
 			//
 			// Get all plugins/*/pages/subFolder/*.php pages
 			//
 			$pluginPagesSubFolders = glob(PLUGINS . $plugin['filename'] . '/pages/*', GLOB_ONLYDIR);
 			foreach ($pluginPagesSubFolders as $folder) {
 				$folderName = pathinfo($folder, PATHINFO_FILENAME);
 				$subFiles = glob(PLUGINS . $plugin['filename'] . '/pages/' . $folderName . '/*.php');
 				foreach ($subFiles as $file) {
 					$file = str_replace(PLUGINS, 'plugins/', $file);
 					$name = $folderName . '/' . pathinfo($file, PATHINFO_FILENAME);
 					$routes[] = [['get', 'post'], $name, $file, 1000];
 				}
 			}
 			$warningPreTitle = 'Plugin: ' . $plugin['name'] . ' - ';
 			if (isset($plugin['routes'])) {
@@ -86,7 +94,7 @@ class Plugins {
 						}
 					}
-					// replace first occurrence of / in pattern if found (will be auto-added later)
+					// replace first occurence of / in pattern if found (will be auto-added later)
 					removeIfFirstSlash($info['pattern']);
 					foreach ($routes as $id => &$route) {
@@ -106,7 +114,7 @@ class Plugins {
 				}
 			}
 		}
-		/*
+/*
 		usort($routes, function ($a, $b)
 		{
 			// key 3 is priority
@@ -116,7 +124,7 @@ class Plugins {
 			return ($a[3] > $b[3]) ? -1 : 1;
 		});
-		*/
+*/
 		// cleanup before passing back
 		// priority is not needed anymore
 		foreach ($routes as &$route) {
@@ -130,59 +138,6 @@ class Plugins {
 		return $routes;
 	}
 	public static function getThemes()
 	{
 		$cache = Cache::getInstance();
 		if ($cache->enabled()) {
 			$tmp = '';
 			if ($cache->fetch('plugins_themes', $tmp)) {
 				return unserialize($tmp);
 			}
 		}
 		$themes = [];
 		foreach(self::getAllPluginsJson() as $plugin) {
 			$pluginThemes = glob(PLUGINS . $plugin['filename'] . '/themes/*', GLOB_ONLYDIR);
 			foreach ($pluginThemes as $path) {
 				$path = str_replace(PLUGINS, 'plugins/', $path);
 				$name = pathinfo($path, PATHINFO_FILENAME);
 				$themes[$name] = $path;
 			}
 		}
 		if ($cache->enabled()) {
 			$cache->set('plugins_themes', serialize($themes), 600);
 		}
 		return $themes;
 	}
 	public static function getCommands()
 	{
 		$cache = Cache::getInstance();
 		if ($cache->enabled()) {
 			$tmp = '';
 			if ($cache->fetch('plugins_commands', $tmp)) {
 				return unserialize($tmp);
 			}
 		}
 		$commands = [];
 		foreach(self::getAllPluginsJson() as $plugin) {
 			$pluginCommands = glob(PLUGINS . $plugin['filename'] . '/commands/*.php');
 			foreach ($pluginCommands as $path) {
 				$commands[] = $path;
 			}
 		}
 		if ($cache->enabled()) {
 			$cache->set('plugins_commands', serialize($commands), 600);
 		}
 		return $commands;
 	}
 	public static function getHooks()
 	{
 		$cache = Cache::getInstance();
@@ -322,11 +277,11 @@ class Plugins {
 	{
 		global $db;
-		if(!\class_exists('\ZipArchive')) {
+		if(!\class_exists('ZipArchive')) {
-			throw new \RuntimeException('Please install PHP zip extension. Plugins upload disabled until then.');
+			throw new RuntimeException('Please install PHP zip extension. Plugins upload disabled until then.');
 		}
-		$zip = new \ZipArchive();
+		$zip = new ZipArchive();
 		if($zip->open($file) !== true) {
 			self::$error = 'There was a problem with opening zip archive.';
 			return false;
@@ -550,7 +505,12 @@ class Plugins {
 						self::$warnings[] = 'Cannot load install script. Your plugin might be not working correctly.';
 				}
-				clearCache();
+				$cache = Cache::getInstance();
 				if($cache->enabled()) {
 					$cache->delete('templates');
 					$cache->delete('hooks');
 					$cache->delete('template_menus');
 				}
 				return true;
 			}
@@ -597,45 +557,6 @@ class Plugins {
 		return true;
 	}
 	/**
 	 * This function is to execute the "install" part of the plugin
 	 *
 	 * @param $plugin_name
 	 * @return bool
 	 */
 	public static function executeInstall($plugin_name): bool
 	{
 		$filename = BASE . 'plugins/' . $plugin_name . '.json';
 		if(!file_exists($filename)) {
 			self::$error = 'Plugin ' . $plugin_name . ' does not exist.';
 			return false;
 		}
 		$string = file_get_contents($filename);
 		$plugin_json = json_decode($string, true);
 		if(!$plugin_json) {
 			self::$error = 'Cannot load plugin info ' . $plugin_name . '.json';
 			return false;
 		}
 		if(!isset($plugin_json['install'])) {
 			self::$error = "Plugin doesn't have install options defined. Skipping...";
 			return false;
 		}
 		global $db;
 		if (file_exists(BASE . $plugin_json['install'])) {
 			$db->revalidateCache();
 			require BASE . $plugin_json['install'];
 			$db->revalidateCache();
 		}
 		else {
 			self::$warnings[] = 'Cannot load install script. Your plugin might be not working correctly.';
 		}
 		return true;
 	}
 	public static function uninstall($plugin_name): bool
 	{
 		$filename = BASE . 'plugins/' . $plugin_name . '.json';
@@ -731,17 +652,14 @@ class Plugins {
 	 * @param string $templateName
 	 * @param array $categories
 	 */
-	public static function installMenus($templateName, $categories, $clearOld = true)
+	public static function installMenus($templateName, $categories)
 	{
-		global $db;
+		// check if menus already exist
-		if (!$db->hasTable(TABLE_PREFIX . 'menu')) {
+		$menuInstalled = Menu::where('template', $templateName)->select('id')->first();
 		if ($menuInstalled) {
 			return;
 		}
 		if ($clearOld) {
 			Menu::where('template', $templateName)->delete();
 		}
 		foreach ($categories as $category => $menus) {
 			$i = 0;
 			foreach ($menus as $name => $link) {
--- a/system/libs/pot/OTS.php
+++ b/system/libs/pot/OTS.php
@@ -370,14 +370,7 @@ class POT
            throw new RuntimeException('Please install PHP pdo extension. MyAAC will not work without it.');
        }
 	    global $debugBar;
 		if (isset($debugBar)) {
 			$this->db = new DebugBar\DataCollector\PDO\TraceablePDO(new OTS_DB_MySQL($params));
 			$debugBar->addCollector(new DebugBar\DataCollector\PDO\PDOCollector($this->db));
 		}
 		else {
        $this->db = new OTS_DB_MySQL($params);
 		}
        $this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    }
--- a/system/libs/pot/OTS_Account.php
+++ b/system/libs/pot/OTS_Account.php
@@ -952,7 +952,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 			return $query['group_id'];
 		}
-		return 1;
+		return 0;
 	}
 	public function getAccGroupId()
--- a/system/libs/pot/OTS_DB_MySQL.php
+++ b/system/libs/pot/OTS_DB_MySQL.php
@@ -12,8 +12,6 @@
 * @license http://www.gnu.org/licenses/lgpl-3.0.txt GNU Lesser General Public License, Version 3
 */
 use MyAAC\Cache\Cache;
 /**
 * MySQL connection interface.
 *
@@ -28,8 +26,6 @@ class OTS_DB_MySQL extends OTS_Base_DB
 {
 	private $has_table_cache = array();
 	private $has_column_cache = array();
 	private $clearCacheAfter = false;
 /**
 * Creates database connection.
 *
@@ -98,8 +94,7 @@ class OTS_DB_MySQL extends OTS_Base_DB
        }
 		global $config;
-		$cache = Cache::getInstance();
+		if(class_exists('Cache') && ($cache = Cache::getInstance()) && $cache->enabled()) {
 		if($cache->enabled()) {
 			$tmp = null;
 			$need_revalidation = true;
 			if($cache->fetch('database_checksum', $tmp) && $tmp) {
@@ -122,15 +117,12 @@ class OTS_DB_MySQL extends OTS_Base_DB
 			}
 		}
 		$driverAttributes = []; // debugbar dont like persistent connection
 		if (config('env') !== 'dev' && !getBoolean(config('enable_debugbar'))) {
 			$driverAttributes[PDO::ATTR_PERSISTENT] = $params['persistent'];
 		}
 		if(isset($params['socket'][0])) {
 			$dns[] = 'unix_socket=' . $params['socket'];
-			parent::__construct('mysql:' . implode(';', $dns), $user, $password, $driverAttributes);
+			parent::__construct('mysql:' . implode(';', $dns), $user, $password, array(
 				PDO::ATTR_PERSISTENT => $params['persistent']
 			));
 			return;
 		}
@@ -143,26 +135,20 @@ class OTS_DB_MySQL extends OTS_Base_DB
 			$dns[] = 'port=' . $params['port'];
 		}
-		parent::__construct('mysql:' . implode(';', $dns), $user, $password, $driverAttributes);
+		parent::__construct('mysql:' . implode(';', $dns), $user, $password, array(
 			PDO::ATTR_PERSISTENT => $params['persistent']
 		));
    }
 	public function __destruct()
    {
 		global $config;
-		$cache = Cache::getInstance();
+	    if(class_exists('Cache') && ($cache = Cache::getInstance()) && $cache->enabled()) {
 		if($cache->enabled()) {
 			if ($this->clearCacheAfter) {
 				$cache->delete('database_tables');
 				$cache->delete('database_columns');
 				$cache->delete('database_checksum');
 			}
 			else {
 			$cache->set('database_tables', serialize($this->has_table_cache), 3600);
 			$cache->set('database_columns', serialize($this->has_column_cache), 3600);
 			$cache->set('database_checksum', serialize(sha1($config['database_host'] . '.' . $config['database_name'])), 3600);
 		}
 		}
 		if($this->logged) {
 			log_append('database.log', $_SERVER['REQUEST_URI'] . PHP_EOL . $this->getLog());
@@ -249,11 +235,6 @@ class OTS_DB_MySQL extends OTS_Base_DB
 			}
 		}
 	}
 	public function setClearCacheAfter($clearCache)
 	{
 		$this->clearCacheAfter = $clearCache;
 	}
 }
 /**#@-*/
--- a/system/libs/pot/OTS_Groups_List.php
+++ b/system/libs/pot/OTS_Groups_List.php
@@ -8,8 +8,6 @@
 * @license http://www.gnu.org/licenses/lgpl-3.0.txt GNU Lesser General Public License, Version 3
 */
 use MyAAC\Cache\Cache;
 /**
 * List of groups.
 *
--- a/system/libs/pot/OTS_Monster.php
+++ b/system/libs/pot/OTS_Monster.php
@@ -41,10 +41,9 @@
 class OTS_Monster extends DOMDocument
 {
 	private $loaded = false;
-	public function loadXML(string $source , int $options = 0): bool
+	public function loadXML($source , $options = 0)
 	{
 		$this->loaded = parent::loadXML($source, $options);
 		return $this->loaded;
 	}
 	public function loaded()
--- a/system/libs/pot/OTS_Player.php
+++ b/system/libs/pot/OTS_Player.php
@@ -90,7 +90,7 @@ class OTS_Player extends OTS_Row_DAO
 * @version 0.1.2
 * @var array
 */
-    private $data = array('sex' => 0, 'vocation' => 0, 'experience' => 0, 'level' => 1, 'maglevel' => 0, 'health' => 100, 'healthmax' => 100, 'mana' => 100, 'manamax' => 100, 'manaspent' => 0, 'soul' => 0, 'lookbody' => 10, 'lookfeet' => 10, 'lookhead' => 10, 'looklegs' => 10, 'looktype' => 136, 'lookaddons' => 0, 'posx' => 0, 'posy' => 0, 'posz' => 0, 'cap' => 0, 'lastlogin' => 0, 'lastip' => 0, 'save' => true, 'skulltime' => 0, 'skull' => 0, 'balance' => 0, 'lastlogout' => 0, 'blessings' => 0, 'stamina' => 0, 'online' => 0, 'comment' => '', 'created' => 0, 'hide' => 0);
+    private $data = array('sex' => 0, 'vocation' => 0, 'experience' => 0, 'level' => 1, 'maglevel' => 0, 'health' => 100, 'healthmax' => 100, 'mana' => 100, 'manamax' => 100, 'manaspent' => 0, 'soul' => 0, 'lookbody' => 10, 'lookfeet' => 10, 'lookhead' => 10, 'looklegs' => 10, 'looktype' => 136, 'lookaddons' => 0, 'posx' => 0, 'posy' => 0, 'posz' => 0, 'cap' => 0, 'lastlogin' => 0, 'lastip' => 0, 'save' => true, 'skulltime' => 0, 'skull' => 0, 'balance' => 0, 'lastlogout' => 0, 'blessings' => 0, 'stamina' => 0, 'online' => 0, 'comment' => '', 'created' => 0, 'hidden' => 0);
 /**
 * Player skills.
@@ -231,7 +231,7 @@ class OTS_Player extends OTS_Row_DAO
 		}
 		else {
 			// SELECT query on database
-			$this->data = $this->db->query('SELECT `id`, `name`, `account_id`, `group_id`, `sex`, `vocation`, `experience`, `level`, `maglevel`, `health`, `healthmax`, `mana`, `manamax`, `manaspent`, `soul`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`' . ($this->db->hasColumn('players', 'lookaddons') ? ', `lookaddons`' : '') . ', `posx`, `posy`, `posz`, `cap`, `lastlogin`, `lastlogout`, `lastip`, `save`, `conditions`, `' . $__load['skull_time'] . '` as `skulltime`, `' . $__load['skull_type'] . '` as `skull`' . $__load['guild_info'] . ', `town_id`' . $__load['loss_experience'] . $__load['loss_items'] . ', `balance`' . ($__load['blessings'] ? ', `blessings`' : '') . ($__load['direction'] ? ', `direction`' : '') . ($__load['stamina'] ? ', `stamina`' : '') . ($__load['world_id'] ? ', `world_id`' : '') . ($__load['online'] ? ', `online`' : '') . ', `' . ($__load['deletion'] ? 'deletion' : 'deleted') . '`' . ($__load['promotion'] ? ', `promotion`' : '') . ($__load['marriage'] ? ', `marriage`' : '') . ', `comment`, `created`, `hide` FROM `players` WHERE `id` = ' . (int)$id)->fetch();
+			$this->data = $this->db->query('SELECT `id`, `name`, `account_id`, `group_id`, `sex`, `vocation`, `experience`, `level`, `maglevel`, `health`, `healthmax`, `mana`, `manamax`, `manaspent`, `soul`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`' . ($this->db->hasColumn('players', 'lookaddons') ? ', `lookaddons`' : '') . ', `posx`, `posy`, `posz`, `cap`, `lastlogin`, `lastlogout`, `lastip`, `save`, `conditions`, `' . $__load['skull_time'] . '` as `skulltime`, `' . $__load['skull_type'] . '` as `skull`' . $__load['guild_info'] . ', `town_id`' . $__load['loss_experience'] . $__load['loss_items'] . ', `balance`' . ($__load['blessings'] ? ', `blessings`' : '') . ($__load['direction'] ? ', `direction`' : '') . ($__load['stamina'] ? ', `stamina`' : '') . ($__load['world_id'] ? ', `world_id`' : '') . ($__load['online'] ? ', `online`' : '') . ', `' . ($__load['deletion'] ? 'deletion' : 'deleted') . '`' . ($__load['promotion'] ? ', `promotion`' : '') . ($__load['marriage'] ? ', `marriage`' : '') . ', `comment`, `created`, `hidden` FROM `players` WHERE `id` = ' . (int)$id)->fetch();
 		}
        // loads skills
@@ -521,17 +521,17 @@ class OTS_Player extends OTS_Row_DAO
    public function isHidden()
    {
-        if( !isset($this->data['hide']) )
+        if( !isset($this->data['hidden']) )
        {
            throw new E_OTS_NotLoaded();
        }
-        return $this->data['hide'] == 1;
+        return $this->data['hidden'] == 1;
    }
    public function setHidden($hidden)
    {
-        $this->data['hide'] = (int) $hidden;
+        $this->data['hidden'] = (int) $hidden;
    }
    public function getMarriage()
@@ -1229,13 +1229,6 @@ class OTS_Player extends OTS_Row_DAO
        $this->data['direction'] = (int) $direction;
    }
 	public function getOutfit(): string
 	{
 		$hasLookAddons = $this->db->hasColumn('players', 'lookaddons');
 		return setting('core.outfit_images_url') . '?id=' . $this->getLookType() . ($hasLookAddons ? '&addons=' . $this->getLookAddons() : '') . '&head=' . $this->getLookHead() . '&body=' . $this->getLookBody() . '&legs=' . $this->getLookLegs() . '&feet=' . $this->getLookFeet();
 	}
 /**
 * Body color.
 *
--- a/system/libs/spells.php
+++ b/system/libs/spells.php
@@ -9,10 +9,10 @@
 * @link      https://my-aac.org
 */
 namespace MyAAC;
 use MyAAC\Models\Spell;
 defined('MYAAC') or die('Direct access not allowed!');
 class Spells {
 	private static $spellsList = null;
 	private static $lastError = '';
@@ -38,7 +38,7 @@ class Spells {
 		try {
 			Spell::query()->delete();
-		} catch(\Exception $error) {}
+		} catch(Exception $error) {}
 		if($show) {
 			echo '<h2>Reload spells.</h2>';
@@ -46,9 +46,9 @@ class Spells {
 		}
 		try {
-			self::$spellsList = new \OTS_SpellsList($config['data_path'].'spells/spells.xml');
+			self::$spellsList = new OTS_SpellsList($config['data_path'].'spells/spells.xml');
 		}
-		catch(\Exception $e) {
+		catch(Exception $e) {
 			self::$lastError = $e->getMessage();
 			return false;
 		}
@@ -81,14 +81,14 @@ class Spells {
 					'conjure_count' => $spell->getConjureCount(),
 					'conjure_id' => $spell->getConjureId(),
 					'reagent' => $spell->getReagentId(),
-					'hide' => $spell->isEnabled() ? 0 : 1
+					'hidden' => $spell->isEnabled() ? 0 : 1
 				));
 				if($show) {
 					success('Added: ' . $name . '<br/>');
 				}
 			}
-			catch(\PDOException $error) {
+			catch(PDOException $error) {
 				if($show) {
 					warning('Error while adding spell (' . $name . '): ' . $error->getMessage());
 				}
@@ -121,14 +121,14 @@ class Spells {
 					'premium' => $spell->isPremium() ? 1 : 0,
 					'vocations' => json_encode($spell->getVocations()),
 					'conjure_count' => 0,
-					'hide' => $spell->isEnabled() ? 0 : 1
+					'hidden' => $spell->isEnabled() ? 0 : 1
 				));
 				if($show) {
 					success('Added: ' . $name . '<br/>');
 				}
 			}
-			catch(\PDOException $error) {
+			catch(PDOException $error) {
 				if($show) {
 					warning('Error while adding spell (' . $name . '): ' . $error->getMessage());
 				}
@@ -159,14 +159,14 @@ class Spells {
 					'vocations' => json_encode($spell->getVocations()),
 					'conjure_count' => 0,
 					'item_id' => $spell->getID(),
-					'hide' => $spell->isEnabled() ? 0 : 1
+					'hidden' => $spell->isEnabled() ? 0 : 1
 				));
 				if($show) {
 					success('Added: ' . $name . '<br/>');
 				}
 			}
-			catch(\PDOException $error) {
+			catch(PDOException $error) {
 				if($show) {
 					warning('Error while adding spell (' . $name . '): ' . $error->getMessage());
 				}
--- a/system/libs/timer.php
+++ b/system/libs/timer.php
@@ -7,8 +7,7 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
-
+defined('MYAAC') or die('Direct access not allowed!');
 namespace MyAAC;
 class Timer
 {
--- a/system/libs/usage_statistics.php
+++ b/system/libs/usage_statistics.php
@@ -7,12 +7,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-namespace MyAAC;
+class Usage_Statistics {
 use MyAAC\Cache\Cache;
 class UsageStatistics {
 	private static $report_url = 'https://my-aac.org/report_usage.php';
 	public static function report() {
--- a/system/libs/validator.php
+++ b/system/libs/validator.php
@@ -8,11 +8,11 @@
 * @link      https://my-aac.org
 */
 namespace MyAAC;
 use MyAAC\Models\Monster;
 use MyAAC\Models\Spell;
 defined('MYAAC') or die('Direct access not allowed!');
 class Validator
 {
 	private static $lastError = '';
@@ -141,8 +141,8 @@ class Validator
 	 * Validate account password
 	 * Name lenght must be 3-32 chars
 	 *
-	 * @param string $password Password to check
+	 * @param string $name Account name to check
-	 * @return bool Is password valid?
+	 * @return bool Is account name valid?
 	 */
 	public static function password($password)
 	{
@@ -332,8 +332,9 @@ class Validator
 		$npcCheck = setting('core.create_character_name_npc_check');
 		if ($npcCheck) {
-			NPCs::load();
+			require_once LIBS . 'npc.php';
-			if(NPCs::$npcs) {
+			NPCS::load();
 			if(NPCS::$npcs) {
 				foreach (NPCs::$npcs as $npc) {
 					if(strpos($name_lower, $npc) !== false) {
 						self::$lastError = 'Your name cannot contains NPC name.';
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
slawkens	ce2d3fa669	Merge branch 'develop' into feature/cronjob	2023-08-29 11:39:30 +02:00
slawkens	d382916418	feature: plugin cronjobs	2023-02-07 19:38:18 +01:00
 ,
 ,
-,
-,
-,
-,
-,
-,
 ];
		`@@ -0,0 +1,3 @@`
							`<?php`

							`class SensitiveException extends Exception {}`