Use configurable API URI for plugin updates

Replaces hardcoded plugin API URI with a configurable value from config, defaulting to the official API. Also fixes a typo in the success message.

.github/workflows/cypress.yml

@@ -1,9 +1,9 @@
 name: Cypress
 on:
   pull_request:
-    branches: [master]
+    branches: [main]
   push:
-    branches: [master]
+    branches: [main]
 
 jobs:
   cypress:
@@ -22,7 +22,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php-versions: [ '8.1', '8.2', '8.3' ]
+        php-versions: [ '8.1', '8.2', '8.3', '8.4' ]
         ots: ['tfs-1.4', 'canary-3.1.2'] # TODO: add 'tfs-master' (actually doesn't work cause AAC doesn't support reading .env configuration)
     name: Cypress (PHP ${{ matrix.php-versions }}, ${{ matrix.ots }})
     steps:
@@ -35,7 +35,7 @@ jobs:
         - name: Checkout MyAAC
           uses: actions/checkout@v4
           with:
-            ref: master
+            ref: main
 
         - uses: actions/setup-node@v4
           with:
@@ -146,6 +146,7 @@ jobs:
           with:
             name: cypress-screenshots-${{ matrix.php-versions }}-${{ matrix.ots }}
             path: cypress/screenshots
+            if-no-files-found: ignore
 
         - name: Upload Cypress Videos
           uses: actions/upload-artifact@v4
@@ -153,6 +154,7 @@ jobs:
           with:
             name: cypress-videos-${{ matrix.php-versions }}-${{ matrix.ots }}
             path: cypress/videos
+            if-no-files-found: ignore
 
         - name: Upload PHP Logs
           uses: actions/upload-artifact@v4

.github/workflows/phplint.yml

@@ -1,9 +1,9 @@
 name: PHP Linting
 on:
   pull_request:
-    branches: [master]
+    branches: [main]
   push:
-    branches: [master]
+    branches: [main]
 
 jobs:
   phplint:

.github/workflows/phpstan.yml

@@ -2,9 +2,9 @@ name: "PHPStan"
 
 on:
   pull_request:
-    branches: [master]
+    branches: [main]
   push:
-    branches: [master]
+    branches: [main]
 
 jobs:
   tests:
@@ -14,7 +14,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php-versions: [ '8.1', '8.2', '8.3' ]
+        php-versions: [ '8.1', '8.2', '8.3', '8.4' ]
     steps:
       - name: "Checkout"
         uses: "actions/checkout@v4"

.gitignore

@@ -4,6 +4,7 @@ Thumbs.db
 
 #
 /.htaccess
+lua
 
 # composer
 composer.phar
@@ -75,6 +76,3 @@ landing
 
 # system
 system/functions_custom.php
-
-# others/rest
-system/pages/downloads.php

.htaccess.dist

@@ -6,7 +6,7 @@
 	Options -MultiViews
 </IfModule>
 
-<FilesMatch "^(CHANGELOG\.md|README\.md|composer\.json|composer\.lock|package\.json|package-lock\.json|cypress\.env\.json)$">
+<FilesMatch "^(.*\.md|.*\.json|.*\.dist|.*\.sql|CHANGELOG|README|composer\.lock)$">
 	Require all denied
 </FilesMatch>
 

CHANGELOG-1.x.md

@@ -0,0 +1,328 @@
+# Changelog
+
+## [1.6.1 - 11.06.2025]
+
+### Fixed
+* Fixed "Request has been cancelled due to security reasons", cause of missing csrf() in twig files (https://github.com/slawkens/myaac/commit/10cd71a6630ffec91b43a26a6d685b66c5836a6a)
+* Fix: Ignore duplicated route exception (https://github.com/slawkens/myaac/commit/9d8e9d27bd87167d8d4005942a6af62bfe4c0892)
+
+### Changed
+* Move counter & visitors code before router (In case someone wants to include that info on page) (https://github.com/slawkens/myaac/commit/f78285030708ad3c74ab048711f73bbf3ee5281e)
+* Set TinyMCE license key to gpl (Avoid warning message in browser console) (https://github.com/slawkens/myaac/commit/8d29fdb98b92dbc3d2853ef88a185c67036b4a77)
+
+### Removed
+* Remove deprecated TinyMCE plugin - template (https://github.com/slawkens/myaac/commit/309c1fb715b882e67cb673b1544a03befbf64a22)
+
+## [1.6 - 03.06.2025]
+
+### Added
+* Add new setting/configurable: site_url, prevents domain spoofing (https://github.com/slawkens/myaac/commit/d8a6090be382c35c19117cfef964b594ed02b8d4)
+* Add new account coins setting (https://github.com/slawkens/myaac/commit/28886551e86fe562172c4c7f2afb89a2e7672c2e)
+* autoload: settings/install/init.php (https://github.com/slawkens/myaac/commit/e5749437074c3b3556628a2aeb5bad2edf97bde0, https://github.com/slawkens/myaac/commit/7d213f479a7e40c6254069b5fc4e578dc32bf8d9, https://github.com/slawkens/myaac/commit/207d6bc69120aba1af2b51808f17e0059b571fed)
+* Protect against csrf in more places (accounts & guilds & forums pages) (https://github.com/slawkens/myaac/commit/6eda38603c8ed7e99b92a78a4600b1245377f74d, https://github.com/slawkens/myaac/commit/e776bd52beb3064a9e694efd1b9021ec972ee2f6, https://github.com/slawkens/myaac/commit/84d502bf105f2a789481fba1acc820d236b4de66)
+* Added two new hooks for pages loaded from database (custom pages): HOOK_BEFORE_PAGE_CUSTOM, HOOK_AFTER_PAGE_CUSTOM (https://github.com/slawkens/myaac/commit/c961a1ebf837f2ab1734a825ff2c57b4937610c9)
+* Add global variables into $hooks->executeFilter (https://github.com/slawkens/myaac/commit/8fdea943768b20193eede99d60313ee84511a0be)
+* Add getNPCsCount() to OTS_InfoRespond (https://github.com/slawkens/myaac/commit/7d435ff6433ef1fb2295ee79ed043ee10dc725e9)
+
+### Fixed
+* Allow [] in character name (https://github.com/slawkens/myaac/commit/de6603a51347b9e656c58637ed9971fffdd7cedd)
+* Do not allow access to tools/ folder after install (https://github.com/slawkens/myaac/commit/6e0f5913831f8dba69fd2d1505be3e2a303c6324)
+* Fix CHANGELOG-1.x.md loading in admin panel (https://github.com/slawkens/myaac/commit/4a30fb495dbfbe1d434e8d52419eaf44fe517aee)
+* Fix links not working in admin dashboard modules (https://github.com/slawkens/myaac/commit/be7b27c31aa3bbd6c0289c34d1e61139a3fe015c)
+* Fix twig variables: logged + account_logged being not set directly after login (https://github.com/slawkens/myaac/commit/1e9b10d6489c488cadf7f6ed17b42f1ea6c767a8)
+
+### Changed
+* OTS_ServerInfo -> move setTimeout out of class - Possibility to use the class without MyAAC (https://github.com/slawkens/myaac/commit/40d65a6613149fda51bdceb82c807e5301a3388b)
+
+## [1.5 - 14.05.2025]
+
+### Added
+* Feature/twig hooks filters (#258)
+* Add latest client versions (14.00 - 15.01) (https://github.com/slawkens/myaac/commit/5367df23812c6182863353c9a39fd7fb0b743f4b)
+* db variable to twig (https://github.com/slawkens/myaac/commit/5ed1aec28e146b871a75597411d12e42a067f4e6)
+* New filter: HOOK_FILTER_ROUTES (https://github.com/slawkens/myaac/commit/9b75011224f385db8b27e109bfeb28e75b9d779c)
+* Allow optionally separate folder for views (thanks @Scrollog for idea) (https://github.com/slawkens/myaac/commit/03e275213901a89edb0ebb8974b776a992ab391f)
+* Add float & double types to the Settings (https://github.com/slawkens/myaac/commit/67ab425bb9796d9d123296e3fda542fa8f7f05ee)
+* Add optional param _page_only for single-page apps etc. (https://github.com/slawkens/myaac/commit/113473f2560aab6d364c301cc14a8b5ba8f309f4)
+
+### Changed
+* Change OTS_Account->getPremDays to not return -1 in case of freePremium (https://github.com/slawkens/myaac/commit/3befde2a1e4d24a011311e785f15185db57e19b8)
+* Add note about highscores being updated x minutes + allow ttl 0 to disable cache (https://github.com/slawkens/myaac/commit/a161cff00329da6f970f3a70967fe8346fe92bbc)
+* Better monster images (no image not found anymore) + use cache (https://github.com/slawkens/myaac/commit/73a5829974ceca3f02d7925d5cfbd5fa50b1bbd2)
+* Rename server-info -> ots-info, changelog -> change-log (Due to conflict with apache2 server-info mod) (https://github.com/slawkens/myaac/commit/3949d84e5d7631f332111b6d00278bddbd0ad10a)
+* Move rules page to admin panel (https://github.com/slawkens/myaac/commit/3949d84e5d7631f332111b6d00278bddbd0ad10a)
+
+### Fixed
+* php 8.4 warnings
+* Visitors counter not working properly on dev mode (https://github.com/slawkens/myaac/commit/da151051186c913dd0dd091aabe893649c2b9ee7)
+* Fix login.php boosted creature & boss (not sure exact version, but should be 14.12 or around) (https://github.com/slawkens/myaac/commit/c48b8006319f6c3b5f082befd16785420bb98110)
+* Fix installMenus when theme/template was removed from disc (https://github.com/slawkens/myaac/commit/c24c580796bccd54bf9e95b864763f4642684d55)
+* Fix if user removes the menu category (https://github.com/slawkens/myaac/commit/dbea69f31478391dacfbbc02c8353c39b4245daf)
+
+### Updated:
+* Update cypress from version ^13.17.0 to ^14.3.3 (https://github.com/slawkens/myaac/commit/629fd18ea166860d5898a822f44f9277da6ce43d)
+
+## [1.4 - 22.04.2025]
+
+### Added
+* feat: admin-pages (can add admin pages through plugins) (https://github.com/slawkens/myaac/commit/ceaa0639e66d31e8177ff90791463470367aa45d)
+	* just place the page in admin-pages folder in the plugin
+	* Also, possibility to overwrite default myaac admin pages
+* Add db->hasTableAndColumns(table, columns), credits to @opentibiabr Team (https://github.com/slawkens/myaac/commit/82a533d88c8a342076891d132b4b409ed9a1fe72)
+* Add noSubmit option to buttons.base (https://github.com/slawkens/myaac/commit/64f6d3abcada3bf9fd7599f50d2fac0a1367f383)
+
+### Fixed
+* Fix: display 404 error instead of 500 when page has been removed from filesystem (https://github.com/slawkens/myaac/commit/c2bf94fb2370d2009a2eb907f818955132cf8611)
+* Fix headline.php: change image format to .png cause of black background (https://github.com/slawkens/myaac/commit/b618084d50918539d9a70abd97e764137b966067)
+* Clear cache on plugin enable/disable, fixes some issues with plugin pages being cached (https://github.com/slawkens/myaac/commit/1d0c173e7d000aecbd432800941fc3e38a0e50f2)
+* Do not autoload sub-folders if autoload pages is disabled (https://github.com/slawkens/myaac/commit/d47195a7878095336f9c9edc6f96244257f67eec)
+
+### Changed
+* SQL Syntax Standardization (by @JoaozinhoBrasil, #298)
+* Pages in theme/template folder will now have precedence over normal pages (https://github.com/slawkens/myaac/commit/6d8f4718a1d349fba8f0ebc39cfd3a1a84d104b0)
+* Small changes in account.login.html.twig (https://github.com/slawkens/myaac/commit/f40b986b59d4c8fa89ab4745731bf366f8619976)
+* Plugin name is required, version is optional (https://github.com/slawkens/myaac/commit/e6f05a2731c61d931be49e121c068e49c0ad5e01)
+
+## [1.3.3 - 04.04.2025]
+
+### Fixed
+* Fix uninstall plugin when plugin is disabled (https://github.com/slawkens/myaac/commit/6c568fd36a271270684fc412ccd556b230273a6d)
+
+### Changed
+* Display more useful info when error parsing config.lua (https://github.com/slawkens/myaac/commit/fa6b6aa153ffc131e0d1631a4dcd9012a5850c2e)
+
+### Other
+* Small adjustments (https://github.com/slawkens/myaac/commit/35e2483de86e295bdf089cceffa25842eeb2e34c, https://github.com/slawkens/myaac/commit/ae639d65b0bfa491e747e907e2ebc77f83f47981)
+
+## [1.3.2 - 01.04.2025]
+
+### Fixed
+* Fix debugBar/admin panel menu when using custom base_dir (https://github.com/slawkens/myaac/commit/65696f63e3aac02ff952ea81279e7cb2fa7570fb)
+
+### Changed
+* Settings: Show/hide IP Ban Protection options depending on the value (enabled/disabled) (https://github.com/slawkens/myaac/commit/dbf73d0b61b45601ae95e51b23c051c2704169c5)
+* Do not require init.php in cache:clear command (https://github.com/slawkens/myaac/commit/d25c71857f767834239bbffacd00fdc671adb157)
+
+## [1.3.1 - 19.03.2025]
+
+### Fixed
+* Fixed migrate:run command (https://github.com/slawkens/myaac/commit/1a5771ad51e595fe13368a0721b059c4ecefb17d)
+
+### Changed
+* Small adjustments (https://github.com/slawkens/myaac/commit/6fac883659f581baac1361826d046410156f1e58, https://github.com/slawkens/myaac/commit/4a6896b4469968b9904292734cf6c14ba5eeef14)
+
+## [1.3 - 10.03.2025]
+
+### Changed
+* Use latest outfit-images host from @gesior (https://github.com/slawkens/myaac/commit/529bdcf016dd0f9dffbc34d81f99a046a9ddb70d)
+* Change monster link to $_GET ?name= (https://github.com/slawkens/myaac/commit/4c5cc8b573b2b3e7ec00a22b7ede30a68083a924)
+
+### Fixed
+* Fixed house links (https://github.com/slawkens/myaac/commit/887b5068ad11c4cdab614afd34525caba785ce13)
+* Fixed long title on headline.php (https://github.com/slawkens/myaac/commit/3e3f4bb5a514158ec8777684ca6c7f1c2a37bed5)
+* Fixed menu colors once again, plus add !important tag (https://github.com/slawkens/myaac/commit/aa52df6e2ec92cafc25b655ae907bf2e1746d9cc)
+* Fix: add possibility to remove all menu items in admin panel (https://github.com/slawkens/myaac/commit/00fe1adc15ea7646596d755f6e6e1f7854ffc1d5, https://github.com/slawkens/myaac/commit/9239a4f4198c3ad260802ac3b47e9c41b80b754e)
+
+## [1.2 - 09.02.2025]
+
+### Added
+* Twig session(key) function + reworked session functions to accept multi-array like in Laravel (https://github.com/slawkens/myaac/commit/b46ddb43d03ef7e5fc34e555e92e856bdc905691)
+* add template_name to twig variables (https://github.com/slawkens/myaac/commit/ae1161d77050bda181802b4496c9de920a7bb1bc)
+* add HOOK_INIT, executed just after $hooks are loaded (https://github.com/slawkens/myaac/commit/19686725dc810f63a07f049f82c66cf336d90ca6)
+
+### Changed
+* settings: password input hide/show, enable Save button only if changes has been made, save settings in transaction (https://github.com/slawkens/myaac/commit/4fda4f643b60a151179e5dd4f04912fb2618d98f, https://github.com/slawkens/myaac/commit/28fef952f857b79d64bc7495ffa5e1999e68e192, https://github.com/slawkens/myaac/commit/4b6024dc451accadb6c469fa282a9a764c1c0a81)
+* rework menus: Different categories can have different colors + Option to reset menus (https://github.com/slawkens/myaac/commit/73de93a561f6b13111e019075724357d8a617249, https://github.com/slawkens/myaac/commit/3da3e62c5b12390d75de9b3320729bcca6e0b458)
+
+### Fixed
+* highscores: Fix online status + vocation for TFS 0.x (https://github.com/slawkens/myaac/commit/ea51ad27c38be88d86514cb979bb394fcfbef1f0)
+* clear cache button in admin bar needed to be clicked twice until it worked (https://github.com/slawkens/myaac/commit/ea51ad27c38be88d86514cb979bb394fcfbef1f0)
+* HOOK_STARTUP location (https://github.com/slawkens/myaac/commit/a73fb1003ee3f812cf182d1834d65f08e6f60d1f)
+* if vocation name has more words (https://github.com/slawkens/myaac/commit/9d7fc98e1e0a96b59ecc1a7c39800a64445db364)
+
+### Updated
+* Bump twig/twig from 3.18.0 to 3.19.0 (#284)
+
+## [1.1 - 27.01.2025]
+
+### Changed
+* adjust mailer settings descriptions to latest gmail (https://github.com/slawkens/myaac/commit/c5d5bb80671db135e6b503f53684771c7272e05d)
+* optimize $player->isOnline() function, thanks @gesior (https://github.com/slawkens/myaac/commit/10dd818b139d5e1bb1ca9ec81edfb083ba9316b4)
+* make players.comment and guilds.description VARCHAR (https://github.com/slawkens/myaac/commit/a45ceab83a74bee2b89cdb72baceda75e577e3cf)
+* add lua/ folder to .gitignore (https://github.com/slawkens/myaac/commit/07012f786b1114cb6ab2f064f82c645b136a375a)
+
+### Fixed
+* general fixes in the tibiacom template menus, better support for custom menus
+* make functions_custom.php optional (https://github.com/slawkens/myaac/commit/dc2b5afd9980984e2b259c9fc99f2ade46f70a5a)
+* error in CLI, where BASE_URL is not defined (https://github.com/slawkens/myaac/commit/4d749b881582f64b5a46196dbbb5ee8097127f03)
+* hook ACCOUNT_LOGIN_BEFORE_ACCOUNT location (https://github.com/slawkens/myaac/commit/669c447fca8643ce56d9ef8c1374ec647c780998)
+
+## [1.0.1 - 14.01.2025]
+
+### Fixed
+* tibiacom account & news menu links not auto expanding
+
+### Updated (Thanks dependabot)
+* twig from ^2.0 to ^3.11
+* tinymce from ^6.8.3 to ^7.2.0
+* cypress from ^12.12.0 to ^13.17.0
+* nesbot/carbon from 2.72.5 to 2.72.6
+
+## [1.0 - 12.01.2025]
+
+First stable release in the v1.0 series.
+
+Minimum PHP 8.1 is required.
+
+Changes since RC.2:
+
+### Added
+* feature: migrations up/down. Allows to downgrade/upgrade database to specified version (https://github.com/slawkens/myaac/commit/3f6ff3a3326b0475d28d11ffd7fff51f362d799f)
+* new hooks for news management (https://github.com/slawkens/myaac/commit/011a85d8ae34283ded6999882833f9d4797028ec, https://github.com/slawkens/myaac/commit/36bd3eb846e829b45313e10f7568dc4e95841143)
+* None Vocation to highscores (can be changed to RookStayer in Admin Panel) (https://github.com/slawkens/myaac/commit/a4a248099521bb5b8b2aa5bd592138debd2f19d5)
+* support for button_color (green, red, blue) (https://github.com/slawkens/myaac/commit/d8b6b749ee62e88b6af4a05d3d7557f90b94d94e)
+* add $whoopsHandler as variable, can be used by plugins (https://github.com/slawkens/myaac/commit/b0c8cf2ecda23045d725aaf43cfb3852ed766a4b)
+* PlayerModel->outfit_url attribute (https://github.com/slawkens/myaac/commit/3b5be1a8db5dceecaa388e2925a5536d13b38881)
+* support for selecting plugin themes in Admin menus.php (https://github.com/slawkens/myaac/commit/77a2c1cec343ffe4be5c2c2503ee81bc32a14ca1)
+
+### Changed
+* schema: Change character set to utf8mb4 (support for Emojis in Menus/Pages/News/Forum etc.) (https://github.com/slawkens/myaac/commit/27c44f1bdfb6234cf0c9d5b4b491123bb205b08f)
+* prefer get_browser_real_ip() over REMOTE_ADDR (https://github.com/slawkens/myaac/commit/941846605c00cee83168d2f916410b8ba8d4b7b9)
+* automatically set selected current one on highscores filters (https://github.com/slawkens/myaac/commit/e96227fbe41ae281783b2d49edb169a603601813)
+* rewrite towns loading code, removed OTBM loader (was too slow) (https://github.com/slawkens/myaac/commit/c980a0914632e7b27f718464f669a200707d217e)
+* allow OTS_Player to be passed as object to getPlayerLink (https://github.com/slawkens/myaac/commit/84d37c5a8f2c4535a41c8aa8264752969d3f3a3d)
+* do not clear menus by default on install (https://github.com/slawkens/myaac/commit/12d8faa3eda5e798f97b71e941c035187daad96e)
+* display warning in admin panel - plugins - if zip extension is not installed (https://github.com/slawkens/myaac/commit/e3ffe5d9e11d78ab064a370d8541bac351c9bcd9)
+* set default_socket_timeout for ipinfo.io checkup to 5 seconds (https://github.com/slawkens/myaac/commit/783d96fc6568a607d3198b832fed3a0dd06c4ebb)
+* refactor getTopPlayers function (support for balance) (https://github.com/slawkens/myaac/commit/c769962e39fe8dfb72ecd5be1864e145696be794)
+
+### Fixed
+* XSS in forum (https://github.com/slawkens/myaac/commit/c2b7286d20d4b579171540f7a774e8a0995d5e8f, https://github.com/slawkens/myaac/commit/8fb643596f9586005976e7bdb484a541a9d8715e)
+* price deducted when changing sex (https://github.com/slawkens/myaac/commit/16671ea40b72dcf74037c359ad572f9eb825edf9)
+* move_thread by unauthorized user (https://github.com/slawkens/myaac/commit/d6c40c836a53cb1710f911f77f45f28b54ea1b54, thanks @anyeor)
+* TFS 1.4.2 where conditions is NULL (https://github.com/slawkens/myaac/commit/b8396d4c8482e951da538b13f2296123732c4545)
+* do not show forum new thread show button if not logged in (https://github.com/slawkens/myaac/commit/507402171ba3b6e7ee184bd7fa73e0d55e0cad7a, @anyeor)
+* login if limiter is disabled (https://github.com/slawkens/myaac/commit/a0f1971583f0f790013e2145fb5ac573c59fbdef)
+* fixes to installMenus function (https://github.com/slawkens/myaac/commit/a2fadc5945fe0a5e39f740827f6ffbda1bb501e2)
+* many PHP exceptions in different places
+* fixes to tibiacom menus ActiveSubmenuItem
+
+### Removed
+* bugtracker SQL table code as the page has been removed/moved to plugins (https://github.com/slawkens/myaac/commit/5782772b901b05fb814bc718d062f6e2cd71df8c)
+
+## [1.0-RC.2 - 25.10.2024]
+
+Still waiting for your reports about bugs found in this release. We are very close to stable release.
+
+### Added
+* feat: rate limit settings for blocking accounts login attempts (@gpedro, #266)
+* search by email in accounts editor (https://github.com/slawkens/myaac/commit/c2ec46824621468f2a1cb4046805c485ed13fea5)
+* New hooks in account manage + create (https://github.com/slawkens/myaac/commit/93641fc68ac9a5f1479329e2bd41380c19534d5d)
+
+### Changed
+* chore: drop raw queries + accounts - search by email + accounts - required min size for search by account number (@gpedro, #266)
+* Use https for outfit & item images (https://github.com/slawkens/myaac/commit/71c00aa5e01fbdfd88802912e200dd1025976231)
+* Do not require players & guilds tables on install (https://github.com/slawkens/myaac/commit/779aa152fa940261c9b161533946f44e288597a2)
+* Do not create player if there is no players table in db (https://github.com/slawkens/myaac/commit/201f95caa8b70e88fa651eac8c3c3aa7cd765bd0)
+
+### Fixed
+* Highscore frags fixed for TFS 0.3 (@Scrollog, #263)
+* Missing groups variable #262. thanks, @Scrollog for reporting (https://github.com/slawkens/myaac/commit/8d8bdb6dac6df21672ac77288fff2f2f8d6eb665)
+* Verified email for login.php (@gpedro, #265)
+* Warning if core.account_country is disabled (https://github.com/slawkens/myaac/commit/ab73d60c61e14a1cacdb6cfbf7f89f4bf3be0833)
+
+
+## [1.0-RC.1 - 23.07.2024]
+
+Changes since 1.0-beta:
+
+### Added
+* Feat: Hooks priority (https://github.com/slawkens/myaac/commit/dc17b701da053e04bfa64e21be9247a4f07505e1)
+* Make autoload of pages, commands and themes configurable (https://github.com/slawkens/myaac/commit/c1d4b4f80cd6bb85507ee9471e47013955a26a91)
+* Fraggers in characters page for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/42f99c3edc8de39cccc5632cb42e88b24579c5a6)
+* New hooks: HOOK_INSTALL_FINISH, HOOK_ACCOUNT_CREATE_CHARACTER_* (https://github.com/slawkens/myaac/commit/08ac8ebade106521a5c7396faa5ce7006e629f7c, https://github.com/slawkens/myaac/commit/45dda5e834ff2059faea6ef9be2efa76f1723cbd)
+
+### Changed
+* Allow account_create_character_create even if account_mail_verify is activated (https://github.com/slawkens/myaac/commit/203e411b626fe62401a4b74a48420769e512aa39)
+* Create guild_rank entries, in case MySQL trigger not loaded (https://github.com/slawkens/myaac/commit/d9c1b2507c81f306970642b35e4bf5f7cc04a6f2, https://github.com/slawkens/myaac/commit/47a19e85dd84e9f3b39a1b29cfc2c04b004832b9)
+* Set Admin Account verified by default (https://github.com/slawkens/myaac/commit/cd49dfc79942f3301ce9c0b8d899b9f39bda9a41)
+* Refactor account routes into sub folders (https://github.com/slawkens/myaac/commit/bdc0c43d3fd3a51030c3e916bdb9f008468f5ecd)
+* Order towns by id (https://github.com/slawkens/myaac/commit/9ea2a5067fc4b75de395f381577b18914132ad84)
+* Do not create news about myaac, if any news already exist (on installation (https://github.com/slawkens/myaac/commit/504242fb846b73b56b87bc1e39d070687ad7f5b4)
+
+### Fixed
+* Not working google recaptcha plugin (https://github.com/slawkens/myaac/commit/a1bcb217ecf4e21fd58da4ba491da1852029898a)
+* Not working account create if account_country is disabled (https://github.com/slawkens/myaac/commit/933b681a9fcdbb6283e0469b3806d2ded492d232)
+* Account verify - do not allow login without verified email (Thanks @anyeor, https://github.com/slawkens/myaac/commit/fcb13f3c0fb8ceafda0bd614a229a26a269432bd)
+* Detect tools/ext exists on install to prevent broken installs (https://github.com/slawkens/myaac/commit/10a739773c4f2911876bc802a0ee0537c3e00a92)
+* Cache reloading each time page refreshes (https://github.com/slawkens/myaac/commit/ec96985872057340112f65073efc0c4bf86dddb0)
+* Highscores frags for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/a04d186c22912915f0a7873dfe677ef3b5a23c79)
+* Monsters page: monster not found exception (https://github.com/slawkens/myaac/commit/ef79b99b8acc179f14b8475547347d9daca27512)
+* Fixed bug if \<flags\> are not present in monster.xml (https://github.com/slawkens/myaac/commit/57b47ab7983f625c7c0ef4f5303a4d07ef172786)
+* fastRoute duplicate errors (https://github.com/slawkens/myaac/commit/4c0739d3e93812dff0c33849ea3f38e4e49113ac)
+* useGuildNick displaying (https://github.com/slawkens/myaac/commit/0db0ec1aa47e044c26bc403ff5078a2115d086f8)
+
+## [1.0-beta - 18.05.2024]
+
+Minimum PHP version for this release is 8.1.
+
+### Added
+* reworked Admin Panel (@Leesneaks, @gpedro, @slawkens)
+  * updated to Bootstrap v4
+  * new Menu
+  * new Dashboard: statistics, server status
+  * new Admin Bar showed on top when admin logged in
+  * new page: Server Data, to reload server data
+    * Towns, NPCs & Items are stored in permanent cache
+  * new pages: mass account & teleport tools
+  * changelogs editor
+  * revised Accounts & Players editors
+  * option to add/modify admin menus with plugins
+  * option to enable/disable plugins
+  * better, updated TinyMCE editor (v6.x)
+    * with option to upload images
+  * list of open source libraries used in project page
+* auto-loading of themes, commands & pages from plugins/ folder. You need just to place them in correct folder and they will be loaded automatically - this allows better customization, without interfering with core AAC folders. This will allow in the future automatic updates for plugins as well the AAC as whole.
+* config.php moved to Admin Panel -> Settings page
+* new console script: aac - using symfony/console
+  * usage: `php aac` (will list all commands by default)
+  * example: `php aac cache:clear`
+  * example: `php aac plugin:install theme-example.zip`
+* replace POT Query Builder to Eloquent ORM. Not 100% yet - in some places there is still old $db approach used (@gpedro) (https://github.com/slawkens/myaac/pull/230)
+* brand new charming installation page (by @fernandomatos)
+  * using Bootstrap
+* new pages router: nikic/fast-route, allowing for better customisation
+* Plugin cronjobs: central control of the cronjobs
+* Guild Wars support (available as plugin)
+* support for login and create account only by email (configurable)
+  * with no need for account name
+* Google ReCAPTCHA v3 support (available as plugin)
+* support for Account Number
+  * suggest account number option
+* many new functions, hooks and configurables
+* better Exception Handler (Whoops - https://github.com/filp/whoops)
+* automated website tests (using Cypress)
+* csrf protection (https://github.com/slawkens/myaac/pull/235)
+* option to restrict Page view to specified group of users (Not-Logged in, logged-in players, tutors, gamemasters etc.)
+* phpdebug bar (http://phpdebugbar.com/). Activated if env == 'dev', can be also activated in production by enabling "enable_debugbar" in local config
+
+### Changed
+* Composer and NPM is now used for external libraries like: Twig, PHPMailer, fast-route, jQuery, Bootstrap etc.
+* mail support is disabled on fresh install, can be manually enabled by user
+* disable add php pages in admin panel for security. Option to disable plugins upload
+* visitors counter shows now user browser, and also if its bot
+* changes in required and optional PHP extensions
+* reworked Pages:
+	* Bans
+		* works now for TFS 1.x
+	* Highscores
+		* frags works for TFS 1.x
+		* cached
+	* Monsters
+* moved pages to Twig:
+  * experience stages
+* update player_deaths entries on name change
+* change_password email to be more informal
+
+### Fixed
+* hundreds of bug fixes, mostly patched from 0.8, so it makes no sense writing them again here

CHANGELOG.md

@@ -1,172 +0,0 @@
-# Changelog
-
-## [1.0.1 - 14.01.2025]
-
-### Fixed
-* tibiacom account & news menu links not auto expanding
-
-### Updated (Thanks dependabot)
-* twig from ^2.0 to ^3.11
-* tinymce from ^6.8.3 to ^7.2.0
-* cypress from ^12.12.0 to ^13.17.0
-* nesbot/carbon from 2.72.5 to 2.72.6
-
-## [1.0 - 12.01.2025]
-
-First stable release in the v1.0 series.
-
-Minimum PHP 8.1 is required.
-
-Changes since RC.2:
-
-### Added
-* feature: migrations up/down. Allows to downgrade/upgrade database to specified version (https://github.com/slawkens/myaac/commit/3f6ff3a3326b0475d28d11ffd7fff51f362d799f)
-* new hooks for news management (https://github.com/slawkens/myaac/commit/011a85d8ae34283ded6999882833f9d4797028ec, https://github.com/slawkens/myaac/commit/36bd3eb846e829b45313e10f7568dc4e95841143)
-* None Vocation to highscores (can be changed to RookStayer in Admin Panel) (https://github.com/slawkens/myaac/commit/a4a248099521bb5b8b2aa5bd592138debd2f19d5)
-* support for button_color (green, red, blue) (https://github.com/slawkens/myaac/commit/d8b6b749ee62e88b6af4a05d3d7557f90b94d94e)
-* add $whoopsHandler as variable, can be used by plugins (https://github.com/slawkens/myaac/commit/b0c8cf2ecda23045d725aaf43cfb3852ed766a4b)
-* PlayerModel->outfit_url attribute (https://github.com/slawkens/myaac/commit/3b5be1a8db5dceecaa388e2925a5536d13b38881)
-* support for selecting plugin themes in Admin menus.php (https://github.com/slawkens/myaac/commit/77a2c1cec343ffe4be5c2c2503ee81bc32a14ca1)
-
-### Changed
-* schema: Change character set to utf8mb4 (support for Emojis in Menus/Pages/News/Forum etc.) (https://github.com/slawkens/myaac/commit/27c44f1bdfb6234cf0c9d5b4b491123bb205b08f)
-* prefer get_browser_real_ip() over REMOTE_ADDR (https://github.com/slawkens/myaac/commit/941846605c00cee83168d2f916410b8ba8d4b7b9)
-* automatically set selected current one on highscores filters (https://github.com/slawkens/myaac/commit/e96227fbe41ae281783b2d49edb169a603601813)
-* rewrite towns loading code, removed OTBM loader (was too slow) (https://github.com/slawkens/myaac/commit/c980a0914632e7b27f718464f669a200707d217e)
-* allow OTS_Player to be passed as object to getPlayerLink (https://github.com/slawkens/myaac/commit/84d37c5a8f2c4535a41c8aa8264752969d3f3a3d)
-* do not clear menus by default on install (https://github.com/slawkens/myaac/commit/12d8faa3eda5e798f97b71e941c035187daad96e)
-* display warning in admin panel - plugins - if zip extension is not installed (https://github.com/slawkens/myaac/commit/e3ffe5d9e11d78ab064a370d8541bac351c9bcd9)
-* set default_socket_timeout for ipinfo.io checkup to 5 seconds (https://github.com/slawkens/myaac/commit/783d96fc6568a607d3198b832fed3a0dd06c4ebb)
-* refactor getTopPlayers function (support for balance) (https://github.com/slawkens/myaac/commit/c769962e39fe8dfb72ecd5be1864e145696be794)
-
-### Fixed
-* XSS in forum (https://github.com/slawkens/myaac/commit/c2b7286d20d4b579171540f7a774e8a0995d5e8f, https://github.com/slawkens/myaac/commit/8fb643596f9586005976e7bdb484a541a9d8715e)
-* price deducted when changing sex (https://github.com/slawkens/myaac/commit/16671ea40b72dcf74037c359ad572f9eb825edf9)
-* move_thread by unauthorized user (https://github.com/slawkens/myaac/commit/d6c40c836a53cb1710f911f77f45f28b54ea1b54, thanks @anyeor)
-* TFS 1.4.2 where conditions is NULL (https://github.com/slawkens/myaac/commit/b8396d4c8482e951da538b13f2296123732c4545)
-* do not show forum new thread show button if not logged in (https://github.com/slawkens/myaac/commit/507402171ba3b6e7ee184bd7fa73e0d55e0cad7a, @anyeor)
-* login if limiter is disabled (https://github.com/slawkens/myaac/commit/a0f1971583f0f790013e2145fb5ac573c59fbdef)
-* fixes to installMenus function (https://github.com/slawkens/myaac/commit/a2fadc5945fe0a5e39f740827f6ffbda1bb501e2)
-* many PHP exceptions in different places
-* fixes to tibiacom menus ActiveSubmenuItem
-
-### Removed
-* bugtracker SQL table code as the page has been removed/moved to plugins (https://github.com/slawkens/myaac/commit/5782772b901b05fb814bc718d062f6e2cd71df8c)
-
-## [1.0-RC.2 - 25.10.2024]
-
-Still waiting for your reports about bugs found in this release. We are very close to stable release.
-
-### Added
-* feat: rate limit settings for blocking accounts login attempts (@gpedro, #266)
-* search by email in accounts editor (https://github.com/slawkens/myaac/commit/c2ec46824621468f2a1cb4046805c485ed13fea5)
-* New hooks in account manage + create (https://github.com/slawkens/myaac/commit/93641fc68ac9a5f1479329e2bd41380c19534d5d)
-
-### Changed
-* chore: drop raw queries + accounts - search by email + accounts - required min size for search by account number (@gpedro, #266)
-* Use https for outfit & item images (https://github.com/slawkens/myaac/commit/71c00aa5e01fbdfd88802912e200dd1025976231)
-* Do not require players & guilds tables on install (https://github.com/slawkens/myaac/commit/779aa152fa940261c9b161533946f44e288597a2)
-* Do not create player if there is no players table in db (https://github.com/slawkens/myaac/commit/201f95caa8b70e88fa651eac8c3c3aa7cd765bd0)
-
-### Fixed
-* Highscore frags fixed for TFS 0.3 (@Scrollog, #263)
-* Missing groups variable #262. thanks, @Scrollog for reporting (https://github.com/slawkens/myaac/commit/8d8bdb6dac6df21672ac77288fff2f2f8d6eb665)
-* Verified email for login.php (@gpedro, #265)
-* Warning if core.account_country is disabled (https://github.com/slawkens/myaac/commit/ab73d60c61e14a1cacdb6cfbf7f89f4bf3be0833)
-
-
-## [1.0-RC.1 - 23.07.2024]
-
-Changes since 1.0-beta:
-
-### Added
-* Feat: Hooks priority (https://github.com/slawkens/myaac/commit/dc17b701da053e04bfa64e21be9247a4f07505e1)
-* Make autoload of pages, commands and themes configurable (https://github.com/slawkens/myaac/commit/c1d4b4f80cd6bb85507ee9471e47013955a26a91)
-* Fraggers in characters page for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/42f99c3edc8de39cccc5632cb42e88b24579c5a6)
-* New hooks: HOOK_INSTALL_FINISH, HOOK_ACCOUNT_CREATE_CHARACTER_* (https://github.com/slawkens/myaac/commit/08ac8ebade106521a5c7396faa5ce7006e629f7c, https://github.com/slawkens/myaac/commit/45dda5e834ff2059faea6ef9be2efa76f1723cbd)
-
-### Changed
-* Allow account_create_character_create even if account_mail_verify is activated (https://github.com/slawkens/myaac/commit/203e411b626fe62401a4b74a48420769e512aa39)
-* Create guild_rank entries, in case MySQL trigger not loaded (https://github.com/slawkens/myaac/commit/d9c1b2507c81f306970642b35e4bf5f7cc04a6f2, https://github.com/slawkens/myaac/commit/47a19e85dd84e9f3b39a1b29cfc2c04b004832b9)
-* Set Admin Account verified by default (https://github.com/slawkens/myaac/commit/cd49dfc79942f3301ce9c0b8d899b9f39bda9a41)
-* Refactor account routes into sub folders (https://github.com/slawkens/myaac/commit/bdc0c43d3fd3a51030c3e916bdb9f008468f5ecd)
-* Order towns by id (https://github.com/slawkens/myaac/commit/9ea2a5067fc4b75de395f381577b18914132ad84)
-* Do not create news about myaac, if any news already exist (on installation (https://github.com/slawkens/myaac/commit/504242fb846b73b56b87bc1e39d070687ad7f5b4)
-
-### Fixed
-* Not working google recaptcha plugin (https://github.com/slawkens/myaac/commit/a1bcb217ecf4e21fd58da4ba491da1852029898a)
-* Not working account create if account_country is disabled (https://github.com/slawkens/myaac/commit/933b681a9fcdbb6283e0469b3806d2ded492d232)
-* Account verify - do not allow login without verified email (Thanks @anyeor, https://github.com/slawkens/myaac/commit/fcb13f3c0fb8ceafda0bd614a229a26a269432bd)
-* Detect tools/ext exists on install to prevent broken installs (https://github.com/slawkens/myaac/commit/10a739773c4f2911876bc802a0ee0537c3e00a92)
-* Cache reloading each time page refreshes (https://github.com/slawkens/myaac/commit/ec96985872057340112f65073efc0c4bf86dddb0)
-* Highscores frags for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/a04d186c22912915f0a7873dfe677ef3b5a23c79)
-* Monsters page: monster not found exception (https://github.com/slawkens/myaac/commit/ef79b99b8acc179f14b8475547347d9daca27512)
-* Fixed bug if \<flags\> are not present in monster.xml (https://github.com/slawkens/myaac/commit/57b47ab7983f625c7c0ef4f5303a4d07ef172786)
-* fastRoute duplicate errors (https://github.com/slawkens/myaac/commit/4c0739d3e93812dff0c33849ea3f38e4e49113ac)
-* useGuildNick displaying (https://github.com/slawkens/myaac/commit/0db0ec1aa47e044c26bc403ff5078a2115d086f8)
-
-## [1.0-beta - 18.05.2024]
-
-Minimum PHP version for this release is 8.1.
-
-### Added
-* reworked Admin Panel (@Leesneaks, @gpedro, @slawkens)
-  * updated to Bootstrap v4
-  * new Menu
-  * new Dashboard: statistics, server status
-  * new Admin Bar showed on top when admin logged in
-  * new page: Server Data, to reload server data
-    * Towns, NPCs & Items are stored in permanent cache
-  * new pages: mass account & teleport tools
-  * changelogs editor
-  * revised Accounts & Players editors
-  * option to add/modify admin menus with plugins
-  * option to enable/disable plugins
-  * better, updated TinyMCE editor (v6.x)
-    * with option to upload images
-  * list of open source libraries used in project page
-* auto-loading of themes, commands & pages from plugins/ folder. You need just to place them in correct folder and they will be loaded automatically - this allows better customization, without interfering with core AAC folders. This will allow in the future automatic updates for plugins as well the AAC as whole.
-* config.php moved to Admin Panel -> Settings page
-* new console script: aac - using symfony/console
-  * usage: `php aac` (will list all commands by default)
-  * example: `php aac cache:clear`
-  * example: `php aac plugin:install theme-example.zip`
-* replace POT Query Builder to Eloquent ORM. Not 100% yet - in some places there is still old $db approach used (@gpedro) (https://github.com/slawkens/myaac/pull/230)
-* brand new charming installation page (by @fernandomatos)
-  * using Bootstrap
-* new pages router: nikic/fast-route, allowing for better customisation
-* Plugin cronjobs: central control of the cronjobs
-* Guild Wars support (available as plugin)
-* support for login and create account only by email (configurable)
-  * with no need for account name
-* Google ReCAPTCHA v3 support (available as plugin)
-* automatically load towns names from .OTBM file
-* support for Account Number
-  * suggest account number option
-* many new functions, hooks and configurables
-* better Exception Handler (Whoops - https://github.com/filp/whoops)
-* automated website tests (using Cypress)
-* csrf protection (https://github.com/slawkens/myaac/pull/235)
-* option to restrict Page view to specified group of users (Not-Logged in, logged-in players, tutors, gamemasters etc.)
-* phpdebug bar (http://phpdebugbar.com/). Activated if env == 'dev', can be also activated in production by enabling "enable_debugbar" in local config
-
-### Changed
-* Composer and NPM is now used for external libraries like: Twig, PHPMailer, fast-route, jQuery, Bootstrap etc.
-* mail support is disabled on fresh install, can be manually enabled by user
-* disable add php pages in admin panel for security. Option to disable plugins upload
-* visitors counter shows now user browser, and also if its bot
-* changes in required and optional PHP extensions
-* reworked Pages:
-	* Bans
-		* works now for TFS 1.x
-	* Highscores
-		* frags works for TFS 1.x
-		* cached
-	* Monsters
-* moved pages to Twig:
-  * experience stages
-* update player_deaths entries on name change
-* change_password email to be more informal
-
-### Fixed
-* hundreds of bug fixes, mostly patched from 0.8, so it makes no sense writing them again here

CREDITS

@@ -1,3 +1,3 @@
 * Gesior.pl (2007 - 2008)
-* Slawkens (2009 - 2023)
+* Slawkens (2009 - 2025)
 * Contributors listed in CONTRIBUTORS.txt

README.md

@@ -1,6 +1,6 @@
 # [MyAAC](https://my-aac.org)
 
-MyAAC is a free and open-source Automatic Account Creator (AAC) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
+MyAAC is a free and open-source Automatic Account Creator (AAC) for Open Tibia Servers written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
 
 Official website: https://my-aac.org
 
@@ -12,11 +12,18 @@ Official website: https://my-aac.org
 
 | Version | Status                 | Branch  | Requirements   |
 |:--------|:-----------------------|:--------|:---------------|
-| **1.x** | **Active development** | develop | **PHP >= 8.1** |
+| 2.x     | Experimental features  | develop | PHP >= 8.1     |
+| **1.x** | **Active development** | main    | **PHP >= 8.1** |
 | 0.9.x   | Not developed anymore  | 0.9     | PHP >= 7.2.5   |
-| 0.8.x   | Active support         | master  | PHP >= 7.2.5   |
+| 0.8.x   | Active support         | 0.8     | PHP >= 7.2.5   |
 | 0.7.x   | End Of Life            | 0.7     | PHP >= 5.3.3   |
 
+The recommended version to install is 1.x, which can be found at releases page - [https://github.com/slawkens/myaac/releases](https://github.com/slawkens/myaac/releases).
+
+### Documentation
+* [docs.my-aac.org](https://docs.my-aac.org)
+* [my-aac.org - FAQ](https://my-aac.org/faqs/)
+
 ### Requirements
 
 	- MySQL database
@@ -47,23 +54,23 @@ Official website: https://my-aac.org
 
 ### Configuration
 
-Check *config.php* to get more informations. (Notice: MyAAC 1.0+ doesn't use config.php anymore, it has been moved to Admin Panel - Settings page).
+Check *config.php* to get more information. (Notice: MyAAC 1.0+ doesn't use config.php anymore, it has been moved to Admin Panel - Settings page).
 
 Use *config.local.php* for your local configuration changes.
 
 ### Branches
 
 This repository follows the Git Flow Workflow.
-Cheatsheet: [Git-Flow-Cheetsheet](https://danielkummer.github.io/git-flow-cheatsheet)
+Cheatsheet: [Git-Flow-Cheatsheet](https://danielkummer.github.io/git-flow-cheatsheet)
 
 That means, we use:
-* master branch, for current stable release
+* main branch, for current stable release
 * develop branch, for development version (next release)
 * feature branches, for features etc.
 
 ### Known Problems
 
-- Some compatibility issues with some exotical distibutions.
+- Some compatibility issues with some exotic distributions.
 
 ### Contributing
 
@@ -73,11 +80,11 @@ Pull requests should be made to the *develop* branch as that is the working bran
 
 Bug fixes to current release should be done to master branch.
 
-Look: [Contributing](https://github.com/otsoft/myaac/wiki/Contributing) in our wiki.
+Look: [Contributing](https://docs.my-aac.org/misc/contributing) in our wiki.
 
 ### Other Notes
 
-If you have a great idea or want contribute to the project - visit our website at https://www.my-aac.org
+If you have a great idea or want to contribute to the project - visit our website at https://www.my-aac.org
 
 ## Project supported by JetBrains
 
@@ -88,4 +95,4 @@ Many thanks to Jetbrains for kindly providing a license for me to work on this a
 ### License
 
 This program and all associated files are released under the GNU Public License.  
-See [LICENSE](https://github.com/slawkens/myaac/blob/master/LICENSE) for details.
+See [LICENSE](https://github.com/slawkens/myaac/blob/main/LICENSE) for details.

admin/includes/debugbar.php

@@ -7,7 +7,7 @@ $hooks->register('debugbar_admin_head_end', HOOK_ADMIN_HEAD_END, function ($para
 		return;
 	}
 
-	$debugBarRenderer = $debugBar->getJavascriptRenderer();
+	$debugBarRenderer = $debugBar->getJavascriptRenderer(BASE_URL . 'vendor/maximebf/debugbar/src/DebugBar/Resources/');
 	echo $debugBarRenderer->renderHead();
 });
 $hooks->register('debugbar_admin_body_end', HOOK_ADMIN_BODY_END, function ($params) {
@@ -17,6 +17,6 @@ $hooks->register('debugbar_admin_body_end', HOOK_ADMIN_BODY_END, function ($para
 		return;
 	}
 
-	$debugBarRenderer = $debugBar->getJavascriptRenderer();
+	$debugBarRenderer = $debugBar->getJavascriptRenderer(BASE_URL . 'vendor/maximebf/debugbar/src/DebugBar/Resources/');
 	echo $debugBarRenderer->render();
 });

admin/index.php

@@ -1,6 +1,8 @@
 <?php
 
 // few things we'll need
+use MyAAC\Plugins;
+
 require '../common.php';
 
 const ADMIN_PANEL = true;
@@ -42,15 +44,21 @@ if(!$logged || !admin()) {
 	$page = 'login';
 }
 
-// include our page
+$pluginsAdminPages = Plugins::getAdminPages();
-$file = __DIR__ . '/pages/' . $page . '.php';
+if(isset($pluginsAdminPages[$page]) && file_exists(BASE . $pluginsAdminPages[$page])) {
-if(!@file_exists($file)) {
+	$file = BASE . $pluginsAdminPages[$page];
-	if (str_contains($page, 'plugins/')) {
+}
-		$file = BASE . $page;
+else {
-	}
+	// include our page
-	else {
+	$file = __DIR__ . '/pages/' . $page . '.php';
-		$page = '404';
+	if(!@file_exists($file)) {
-		$file = SYSTEM . 'pages/404.php';
+		if (str_contains($page, 'plugins/')) {
+			$file = BASE . $page;
+		}
+		else {
+			$page = '404';
+			$file = SYSTEM . 'pages/404.php';
+		}
 	}
 }
 

admin/pages/clmd.php

@@ -11,12 +11,12 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'MyAAC Changelog';
 
-if (!file_exists(BASE . 'CHANGELOG.md')) {
+if (!file_exists(BASE . 'CHANGELOG-1.x.md')) {
 	echo 'File CHANGELOG.md doesn\'t exist.';
 	return;
 }
 
-$changelog = file_get_contents(BASE . 'CHANGELOG.md');
+$changelog = file_get_contents(BASE . 'CHANGELOG-1.x.md');
 
 $Parsedown = new Parsedown();
 

admin/pages/menus.php

@@ -27,11 +27,11 @@ $pluginThemes = Plugins::getThemes();
 if (isset($_POST['template'])) {
 	$template = $_POST['template'];
 
-	if (isset($_POST['menu'])) {
+	if (isset($_POST['save'])) {
-		$post_menu = $_POST['menu'];
+		$post_menu = $_POST['menu'] ?? [];
-		$post_menu_link = $_POST['menu_link'];
+		$post_menu_link = $_POST['menu_link'] ?? [];
-		$post_menu_blank = $_POST['menu_blank'];
+		$post_menu_blank = $_POST['menu_blank'] ?? [];
-		$post_menu_color = $_POST['menu_color'];
+		$post_menu_color = $_POST['menu_color'] ?? [];
 		if (count($post_menu) != count($post_menu_link)) {
 			echo 'Menu count is not equal menu links. Something went wrong when sending form.';
 			return;
@@ -59,11 +59,7 @@ if (isset($_POST['template'])) {
 			}
 		}
 
-		$cache = Cache::getInstance();
+		onTemplateMenusChange();
-		if ($cache->enabled()) {
-			$cache->delete('template_menus');
-		}
-
 		success('Saved at ' . date('H:i'));
 	}
 
@@ -82,38 +78,48 @@ if (isset($_POST['template'])) {
 		return;
 	}
 
-	if (isset($_GET['reset_colors'])) {
-		if (isset($config['menu_default_color'])) {
-			Menu::where('template', $template)->update(['color' => str_replace('#', '', $config['menu_default_color'])]);
-			success('Colors has been reset.');
-		}
-		else {
-			warning('There is no default color defined, cannot reset colors.');
-		}
-	}
-
 	if (!isset($config['menu_categories'])) {
 		echo "No menu categories set in template config.php.<br/>This template doesn't support dynamic menus.";
 		return;
 	}
 
+	if (isset($_GET['reset_colors'])) {
+		foreach ($config['menu_categories'] as $id => $options) {
+			$color = $options['default_links_color'] ?? ($config['menu_default_links_color'] ?? ($config['menu_default_color'] ?? '#ffffff'));
+			Menu::where('template', $template)->where('category', $id)->update(['color' => str_replace('#', '', $color)]);
+		}
+
+		onTemplateMenusChange();
+		success('Colors has been reset at ' . date('H:i'));
+	}
+
+	if (isset($_GET['reset_menus'])) {
+		$configMenus = config('menus');
+		if (isset($configMenus)) {
+			Plugins::installMenus($template, config('menus'), true);
+
+			onTemplateMenusChange();
+			success('Menus has been reset at ' . date('H:i'));
+		}
+		else {
+			error("This template don't support reinstalling menus.");
+		}
+	}
+
 	$title = 'Menus - ' . $template;
+
+	$canResetColors = isset($config['menu_default_color']) || isset($config['menu_default_links_color']);
+	foreach ($config['menu_categories'] as $id => $options) {
+		if (isset($options['default_links_color'])) {
+			$canResetColors = true;
+		}
+	}
+
+	$twig->display('admin.menus.header.html.twig', [
+		'template' => $template,
+		'canResetColors' => $canResetColors
+	]);
 	?>
-	<div align="center" class="text-center">
-		<p class="note">You are editing: <?= $template ?><br/><br/>
-			Hint: You can drag menu items.<br/>
-			Hint: Add links to external sites using: <b>http://</b> or <b>https://</b> prefix.<br/>
-			Not all templates support blank and colorful links.
-		</p>
-		<?php if (isset($config['menu_default_color'])) {?>
-		<form method="post" action="?p=menus&reset_colors" onsubmit="return confirm('Do you really want to reset colors?');">
-			<?php csrf(); ?>
-			<input type="hidden" name="template" value="<?php echo $template ?>"/>
-			<button type="submit" class="btn btn-danger">Reset Colors to default</button>
-		</form>
-		<br/>
-		<?php } ?>
-	</div>
 	<?php
 	$menus = Menu::query()
 		->select('name', 'link', 'blank', 'color', 'category', 'ordering')
@@ -129,7 +135,7 @@ if (isset($_POST['template'])) {
 	<form method="post" id="menus-form" action="?p=menus">
 		<?php csrf(); ?>
 		<input type="hidden" name="template" value="<?php echo $template ?>"/>
-		<button type="submit" class="btn btn-info">Save</button><br/><br/>
+		<button type="submit" name="save" class="btn btn-info">Save</button><br/><br/>
 		<div class="row">
 			<?php foreach ($config['menu_categories'] as $id => $cat): ?>
 				<div class="col-md-12 col-lg-6">
@@ -143,12 +149,13 @@ if (isset($_POST['template'])) {
 								if (isset($menus[$id])) {
 									$i = 0;
 									foreach ($menus[$id] as $menu):
+										$color = (empty($menu['color']) ? ($cat['default_links_color'] ?? ($config['menu_default_links_color'] ?? ($config['menu_default_color'] ?? '#ffffff'))) : '#' . $menu['color']);
 										?>
 										<li class="ui-state-default" id="list-<?php echo $id ?>-<?php echo $i ?>"><label>Name:</label> <input type="text" name="menu[<?php echo $id ?>][]" value="<?php echo escapeHtml($menu['name']); ?>"/>
 											<label>Link:</label> <input type="text" name="menu_link[<?php echo $id ?>][]" value="<?php echo $menu['link'] ?>"/>
 											<input type="hidden" name="menu_blank[<?php echo $id ?>][]" value="0"/>
 											<label><input class="blank-checkbox" type="checkbox" <?php echo($menu['blank'] == 1 ? 'checked' : '') ?>/><span title="Open in New Window">New Window</span></label>
-											<input class="color-picker" type="text" name="menu_color[<?php echo $id ?>][]" value="<?php echo (empty($menu['color']) ? ($config['menu_default_color'] ?? '#ffffff') : $menu['color']); ?>"/>
+											<input class="color-picker" type="text" name="menu_color[<?php echo $id ?>][]" value="<?php echo $color; ?>"/>
 											<a class="remove-button" id="remove-button-<?php echo $id ?>-<?php echo $i ?>"><i class="fas fa-trash"></a></i></li>
 										<?php $i++; $last_id[$id] = $i;
 									endforeach;
@@ -161,7 +168,7 @@ if (isset($_POST['template'])) {
 		</div>
 		<div class="row pb-2">
 			<div class="col-md-12">
-				<button type="submit" class="btn btn-info">Save</button>
+				<button type="submit" name="save" class="btn btn-info">Save</button>
 				<?php
 				echo '<button type="button" class="btn btn-danger float-right" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus\';"><i class="fas fa-cancel"></i> Cancel</button>';
 				?>
@@ -172,7 +179,6 @@ if (isset($_POST['template'])) {
 	$twig->display('admin.menus.js.html.twig', array(
 		'menus' => $menus,
 		'last_id' => $last_id,
-		'menu_default_color' => $config['menu_default_color'] ?? '#ffffff'
 	));
 	?>
 	<?php
@@ -194,3 +200,11 @@ if (isset($_POST['template'])) {
 		'templates' => $templates
 	));
 }
+
+function onTemplateMenusChange(): void
+{
+	$cache = Cache::getInstance();
+	if ($cache->enabled()) {
+		$cache->delete('template_menus');
+	}
+}

admin/pages/modules/balance.php

@@ -7,7 +7,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 $balance = 0;
 
 if ($db->hasColumn('players', 'balance')) {
-	$balance = Player::orderByDesc('balance')->limit(10)->get(['balance', 'id','name', 'level'])->toArray();
+	$balance = Player::orderByDesc('balance')->limit(10)->get(['id', 'name', 'balance'])->toArray();
 }
 
 $twig->display('balance.html.twig', array(

admin/pages/modules/coins.php

@@ -7,7 +7,12 @@ defined('MYAAC') or die('Direct access not allowed!');
 $coins = 0;
 
 if ($db->hasColumn('accounts', 'coins')) {
-	$coins = Account::orderByDesc('coins')->limit(10)->get(['coins', (USE_ACCOUNT_NAME ? 'name' : 'id')])->toArray();
+	$whatToGet = ['id', 'coins'];
+	if (USE_ACCOUNT_NAME) {
+		$whatToGet[] = 'name';
+	}
+
+	$coins = Account::orderByDesc('coins')->limit(10)->get($whatToGet)->toArray();
 }
 
 $twig->display('coins.html.twig', array(

admin/pages/modules/lastlogin.php

@@ -7,7 +7,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 $players = 0;
 
 if ($db->hasColumn('players', 'lastlogin')) {
-	$players = Player::orderByDesc('lastlogin')->limit(10)->get(['name', 'level', 'lastlogin'])->toArray();
+	$players = Player::orderByDesc('lastlogin')->limit(10)->get(['id', 'name', 'level', 'lastlogin'])->toArray();
 }
 
 $twig->display('lastlogin.html.twig', array(

admin/pages/modules/templates/balance.html.twig

@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=players&id={{ result.id }}">{{ result.name }}</a></td>
 							<td>{{ result.balance }}</td>
 						</tr>
 					{% endfor %}

admin/pages/modules/templates/coins.html.twig

@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=accounts&id={{ result.id }}">{{ result.name ?? result.id }}</a></td>
 							<td>{{ result.coins }}</td>
 						</tr>
 					{% endfor %}

admin/pages/modules/templates/lastlogin.html.twig

@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=players&id={{ result.id }}">{{ result.name }}</a></td>
 							<td>{{ result.lastlogin|date("M d Y, H:i:s") }}</td>
 						</tr>
 					{% endfor %}

admin/pages/modules/templates/points.html.twig

@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=accounts&id={{ result.id }}">{{ result.name }}</a></td>
 							<td>{{ result.premium_points }}</td>
 						</tr>
 					{% endfor %}

admin/pages/plugins.php

@@ -17,7 +17,7 @@ csrfProtect();
 
 $use_datatable = true;
 
-if (!getBoolean(setting('core.admin_plugins_manage_enable'))) {
+if (!setting('core.admin_plugins_manage_enable')) {
 	warning('Plugin installation and management is disabled in Settings.<br/>If you wish to enable, go to Settings and enable <strong>Enable Plugins Manage</strong>.');
 }
 else {
@@ -51,6 +51,56 @@ else {
 		} else {
 			error('Error while disabling plugin ' . $disable . ': ' . Plugins::getError());
 		}
+	}
+	else if (isset($_GET['check-updates'])) {
+		$repoUri = $config['admin_plugins_api_uri'] ?? 'https://plugins.my-aac.org/api/';
+		success("Fetching latest info from $repoUri..");
+
+		$adminPlugins = new \MyAAC\Admin\Plugins();
+
+		$adminPlugins->setApiBaseUri($repoUri);
+
+		try {
+			$plugins = $adminPlugins->getLatestVersions();
+		}
+		catch (Exception $e) {
+			error($e->getMessage());
+		}
+
+		if (isset($plugins) && count($plugins) > 0) {
+			$outdated = [];
+
+			foreach (get_plugins(true) as $plugin) {
+				$string = file_get_contents(BASE . 'plugins/' . $plugin . '.json');
+				$plugin_info = json_decode($string, true);
+
+				if (!$plugin_info) {
+					continue;
+				}
+
+				$disabled = (str_contains($plugin, 'disabled.'));
+				$pluginOriginal = ($disabled ? str_replace('disabled.', '', $plugin) : $plugin);
+
+				$info = $plugins[$pluginOriginal] ?? false;
+				if ($info && version_compare($info['version'], $plugin_info['version'], '>')) {
+					$outdated[] = [
+						'name' => $pluginOriginal,
+						'yourVersion' => $plugin_info['version'],
+						'latestVersion' => $info['version'],
+						'link' => $info['link'] ?? 'Unknown',
+						'download_link' => $info['download_link'] ?? 'Unknown',
+					];
+				}
+			}
+
+			if (count($outdated) > 0) {
+				info('Following updates have been found for your plugins:');
+				$twig->display('admin.plugins.outdated.html.twig', ['plugins' => $outdated]);
+			}
+			else {
+				success('All plugins up to date!');
+			}
+		}
 	} else if (isset($_FILES['plugin']['name'])) {
 		$file = $_FILES['plugin'];
 		$filename = $file['name'];

admin/pages/visitors.php

@@ -19,8 +19,7 @@ $use_datatable = true;
 
 if (!setting('core.visitors_counter')): ?>
 	Visitors counter is disabled.<br/>
-	You can enable it by editing this configurable in <b>config.local.php</b> file:<br/>
+	You can enable it in Settings -> General -> Visitors Counter.<br/>
-	<p style="margin-left: 3em;"><b>$config['visitors_counter'] = true;</b></p>
 	<?php
 	return;
 endif;
@@ -46,7 +45,7 @@ foreach ($tmp as &$visitor) {
 		if ($dd->isBot()) {
 			$bot = $dd->getBot();
 			$message = '(Bot) %s, <a href="%s" target="_blank">%s</a>';
-			$browser = sprintf($message, $bot['category'], $bot['url'], $bot['name']);
+			$browser = sprintf($message, $bot['category'] ?? 'Unknown', $bot['url'] ?? '', $bot['name'] ?? 'Unknown name');
 		}
 		else {
 			$osFamily = OperatingSystem::getOsFamily($dd->getOs('name'));

admin/tools/settings_save.php

@@ -1,6 +1,5 @@
 <?php
 
-use MyAAC\Hooks;
 use MyAAC\Settings;
 
 const MYAAC_ADMIN = true;

common.php

@@ -26,8 +26,8 @@
 if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
 
 const MYAAC = true;
-const MYAAC_VERSION = '1.0.1';
+const MYAAC_VERSION = '1.6.1';
-const DATABASE_VERSION = 42;
+const DATABASE_VERSION = 45;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
@@ -122,38 +122,30 @@ if (!IS_CLI) {
 	session_start();
 }
 
-// basedir
-$basedir = '';
-$tmp = explode('/', $_SERVER['SCRIPT_NAME']);
-$size = count($tmp) - 1;
-for($i = 1; $i < $size; $i++)
-	$basedir .= '/' . $tmp[$i];
-
-$basedir = str_replace(['/' . ADMIN_PANEL_FOLDER, '/install', '/tools'], '', $basedir);
-define('BASE_DIR', $basedir);
-
-if(!IS_CLI) {
-	if (isset($_SERVER['HTTP_HOST'][0])) {
-		$baseHost = $_SERVER['HTTP_HOST'];
-	} else {
-		if (isset($_SERVER['SERVER_NAME'][0])) {
-			$baseHost = $_SERVER['SERVER_NAME'];
-		} else {
-			$baseHost = $_SERVER['SERVER_ADDR'];
-		}
-	}
-
-	define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
-	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
-	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
-
-	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
-}
-
 if (file_exists(BASE . 'config.local.php')) {
 	require BASE . 'config.local.php';
 }
 
+require SYSTEM . 'base.php';
+define('BASE_DIR', $baseDir);
+
+if(!IS_CLI) {
+	if (isset($config['site_url'])) {
+		$hasSlashAtEnd = ($config['site_url'][strlen($config['site_url']) - 1] == '/');
+
+		define('SERVER_URL', $config['site_url']);
+		define('BASE_URL', SERVER_URL . ($hasSlashAtEnd ? '' : '/'));
+		define('ADMIN_URL', SERVER_URL . ($hasSlashAtEnd ? '' : '/') . ADMIN_PANEL_FOLDER . '/');
+	}
+	else {
+		define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
+		define('BASE_URL', SERVER_URL . BASE_DIR . '/');
+		define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
+
+		//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
+	}
+}
+
 /** @var array $config */
 ini_set('log_errors', 1);
 if(@$config['env'] === 'dev' || defined('MYAAC_INSTALL')) {

composer.json

@@ -18,7 +18,8 @@
         "symfony/string": "^6.4",
         "symfony/var-dumper": "^6.4",
         "filp/whoops": "^2.15",
-        "maximebf/debugbar": "1.*"
+        "maximebf/debugbar": "1.*",
+        "guzzlehttp/guzzle": "7.9.3"
     },
     "require-dev": {
         "phpstan/phpstan": "^1.10"

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "be4d1489a53a9cd8eec6bcaa7a096f30",
+    "content-hash": "5317e97a5025ebc2a977214bd3fa964c",
     "packages": [
         {
             "name": "brick/math",
@@ -493,6 +493,331 @@
             ],
             "time": "2024-09-25T12:00:00+00:00"
         },
+        {
+            "name": "guzzlehttp/guzzle",
+            "version": "7.9.3",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/guzzle/guzzle.git",
+                "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
+                "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
+                "shasum": ""
+            },
+            "require": {
+                "ext-json": "*",
+                "guzzlehttp/promises": "^1.5.3 || ^2.0.3",
+                "guzzlehttp/psr7": "^2.7.0",
+                "php": "^7.2.5 || ^8.0",
+                "psr/http-client": "^1.0",
+                "symfony/deprecation-contracts": "^2.2 || ^3.0"
+            },
+            "provide": {
+                "psr/http-client-implementation": "1.0"
+            },
+            "require-dev": {
+                "bamarni/composer-bin-plugin": "^1.8.2",
+                "ext-curl": "*",
+                "guzzle/client-integration-tests": "3.0.2",
+                "php-http/message-factory": "^1.1",
+                "phpunit/phpunit": "^8.5.39 || ^9.6.20",
+                "psr/log": "^1.1 || ^2.0 || ^3.0"
+            },
+            "suggest": {
+                "ext-curl": "Required for CURL handler support",
+                "ext-intl": "Required for Internationalized Domain Name (IDN) support",
+                "psr/log": "Required for using the Log middleware"
+            },
+            "type": "library",
+            "extra": {
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
+                }
+            },
+            "autoload": {
+                "files": [
+                    "src/functions_include.php"
+                ],
+                "psr-4": {
+                    "GuzzleHttp\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Graham Campbell",
+                    "email": "hello@gjcampbell.co.uk",
+                    "homepage": "https://github.com/GrahamCampbell"
+                },
+                {
+                    "name": "Michael Dowling",
+                    "email": "mtdowling@gmail.com",
+                    "homepage": "https://github.com/mtdowling"
+                },
+                {
+                    "name": "Jeremy Lindblom",
+                    "email": "jeremeamia@gmail.com",
+                    "homepage": "https://github.com/jeremeamia"
+                },
+                {
+                    "name": "George Mponos",
+                    "email": "gmponos@gmail.com",
+                    "homepage": "https://github.com/gmponos"
+                },
+                {
+                    "name": "Tobias Nyholm",
+                    "email": "tobias.nyholm@gmail.com",
+                    "homepage": "https://github.com/Nyholm"
+                },
+                {
+                    "name": "Márk Sági-Kazár",
+                    "email": "mark.sagikazar@gmail.com",
+                    "homepage": "https://github.com/sagikazarmark"
+                },
+                {
+                    "name": "Tobias Schultze",
+                    "email": "webmaster@tubo-world.de",
+                    "homepage": "https://github.com/Tobion"
+                }
+            ],
+            "description": "Guzzle is a PHP HTTP client library",
+            "keywords": [
+                "client",
+                "curl",
+                "framework",
+                "http",
+                "http client",
+                "psr-18",
+                "psr-7",
+                "rest",
+                "web service"
+            ],
+            "support": {
+                "issues": "https://github.com/guzzle/guzzle/issues",
+                "source": "https://github.com/guzzle/guzzle/tree/7.9.3"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/GrahamCampbell",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/Nyholm",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/guzzle",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2025-03-27T13:37:11+00:00"
+        },
+        {
+            "name": "guzzlehttp/promises",
+            "version": "2.2.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/guzzle/promises.git",
+                "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/7c69f28996b0a6920945dd20b3857e499d9ca96c",
+                "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.2.5 || ^8.0"
+            },
+            "require-dev": {
+                "bamarni/composer-bin-plugin": "^1.8.2",
+                "phpunit/phpunit": "^8.5.39 || ^9.6.20"
+            },
+            "type": "library",
+            "extra": {
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "GuzzleHttp\\Promise\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Graham Campbell",
+                    "email": "hello@gjcampbell.co.uk",
+                    "homepage": "https://github.com/GrahamCampbell"
+                },
+                {
+                    "name": "Michael Dowling",
+                    "email": "mtdowling@gmail.com",
+                    "homepage": "https://github.com/mtdowling"
+                },
+                {
+                    "name": "Tobias Nyholm",
+                    "email": "tobias.nyholm@gmail.com",
+                    "homepage": "https://github.com/Nyholm"
+                },
+                {
+                    "name": "Tobias Schultze",
+                    "email": "webmaster@tubo-world.de",
+                    "homepage": "https://github.com/Tobion"
+                }
+            ],
+            "description": "Guzzle promises library",
+            "keywords": [
+                "promise"
+            ],
+            "support": {
+                "issues": "https://github.com/guzzle/promises/issues",
+                "source": "https://github.com/guzzle/promises/tree/2.2.0"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/GrahamCampbell",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/Nyholm",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/promises",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2025-03-27T13:27:01+00:00"
+        },
+        {
+            "name": "guzzlehttp/psr7",
+            "version": "2.7.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/guzzle/psr7.git",
+                "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/c2270caaabe631b3b44c85f99e5a04bbb8060d16",
+                "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.2.5 || ^8.0",
+                "psr/http-factory": "^1.0",
+                "psr/http-message": "^1.1 || ^2.0",
+                "ralouphie/getallheaders": "^3.0"
+            },
+            "provide": {
+                "psr/http-factory-implementation": "1.0",
+                "psr/http-message-implementation": "1.0"
+            },
+            "require-dev": {
+                "bamarni/composer-bin-plugin": "^1.8.2",
+                "http-interop/http-factory-tests": "0.9.0",
+                "phpunit/phpunit": "^8.5.39 || ^9.6.20"
+            },
+            "suggest": {
+                "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
+            },
+            "type": "library",
+            "extra": {
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "GuzzleHttp\\Psr7\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Graham Campbell",
+                    "email": "hello@gjcampbell.co.uk",
+                    "homepage": "https://github.com/GrahamCampbell"
+                },
+                {
+                    "name": "Michael Dowling",
+                    "email": "mtdowling@gmail.com",
+                    "homepage": "https://github.com/mtdowling"
+                },
+                {
+                    "name": "George Mponos",
+                    "email": "gmponos@gmail.com",
+                    "homepage": "https://github.com/gmponos"
+                },
+                {
+                    "name": "Tobias Nyholm",
+                    "email": "tobias.nyholm@gmail.com",
+                    "homepage": "https://github.com/Nyholm"
+                },
+                {
+                    "name": "Márk Sági-Kazár",
+                    "email": "mark.sagikazar@gmail.com",
+                    "homepage": "https://github.com/sagikazarmark"
+                },
+                {
+                    "name": "Tobias Schultze",
+                    "email": "webmaster@tubo-world.de",
+                    "homepage": "https://github.com/Tobion"
+                },
+                {
+                    "name": "Márk Sági-Kazár",
+                    "email": "mark.sagikazar@gmail.com",
+                    "homepage": "https://sagikazarmark.hu"
+                }
+            ],
+            "description": "PSR-7 message implementation that also provides common utility methods",
+            "keywords": [
+                "http",
+                "message",
+                "psr-7",
+                "request",
+                "response",
+                "stream",
+                "uri",
+                "url"
+            ],
+            "support": {
+                "issues": "https://github.com/guzzle/psr7/issues",
+                "source": "https://github.com/guzzle/psr7/tree/2.7.1"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/GrahamCampbell",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/Nyholm",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/psr7",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2025-03-27T12:30:47+00:00"
+        },
         {
             "name": "illuminate/collections",
             "version": "v10.48.25",
@@ -1472,6 +1797,166 @@
             },
             "time": "2021-11-05T16:47:00+00:00"
         },
+        {
+            "name": "psr/http-client",
+            "version": "1.0.3",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/http-client.git",
+                "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/http-client/zipball/bb5906edc1c324c9a05aa0873d40117941e5fa90",
+                "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.0 || ^8.0",
+                "psr/http-message": "^1.0 || ^2.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Psr\\Http\\Client\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "https://www.php-fig.org/"
+                }
+            ],
+            "description": "Common interface for HTTP clients",
+            "homepage": "https://github.com/php-fig/http-client",
+            "keywords": [
+                "http",
+                "http-client",
+                "psr",
+                "psr-18"
+            ],
+            "support": {
+                "source": "https://github.com/php-fig/http-client"
+            },
+            "time": "2023-09-23T14:17:50+00:00"
+        },
+        {
+            "name": "psr/http-factory",
+            "version": "1.1.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/http-factory.git",
+                "reference": "2b4765fddfe3b508ac62f829e852b1501d3f6e8a"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/http-factory/zipball/2b4765fddfe3b508ac62f829e852b1501d3f6e8a",
+                "reference": "2b4765fddfe3b508ac62f829e852b1501d3f6e8a",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.1",
+                "psr/http-message": "^1.0 || ^2.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Psr\\Http\\Message\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "https://www.php-fig.org/"
+                }
+            ],
+            "description": "PSR-17: Common interfaces for PSR-7 HTTP message factories",
+            "keywords": [
+                "factory",
+                "http",
+                "message",
+                "psr",
+                "psr-17",
+                "psr-7",
+                "request",
+                "response"
+            ],
+            "support": {
+                "source": "https://github.com/php-fig/http-factory"
+            },
+            "time": "2024-04-15T12:06:14+00:00"
+        },
+        {
+            "name": "psr/http-message",
+            "version": "2.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/http-message.git",
+                "reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/http-message/zipball/402d35bcb92c70c026d1a6a9883f06b2ead23d71",
+                "reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.2 || ^8.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "2.0.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Psr\\Http\\Message\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "https://www.php-fig.org/"
+                }
+            ],
+            "description": "Common interface for HTTP messages",
+            "homepage": "https://github.com/php-fig/http-message",
+            "keywords": [
+                "http",
+                "http-message",
+                "psr",
+                "psr-7",
+                "request",
+                "response"
+            ],
+            "support": {
+                "source": "https://github.com/php-fig/http-message/tree/2.0"
+            },
+            "time": "2023-04-04T09:54:51+00:00"
+        },
         {
             "name": "psr/log",
             "version": "3.0.2",
@@ -1573,6 +2058,50 @@
             },
             "time": "2021-10-29T13:26:27+00:00"
         },
+        {
+            "name": "ralouphie/getallheaders",
+            "version": "3.0.3",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/ralouphie/getallheaders.git",
+                "reference": "120b605dfeb996808c31b6477290a714d356e822"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/ralouphie/getallheaders/zipball/120b605dfeb996808c31b6477290a714d356e822",
+                "reference": "120b605dfeb996808c31b6477290a714d356e822",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.6"
+            },
+            "require-dev": {
+                "php-coveralls/php-coveralls": "^2.1",
+                "phpunit/phpunit": "^5 || ^6.5"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "src/getallheaders.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Ralph Khattar",
+                    "email": "ralph.khattar@gmail.com"
+                }
+            ],
+            "description": "A polyfill for getallheaders.",
+            "support": {
+                "issues": "https://github.com/ralouphie/getallheaders/issues",
+                "source": "https://github.com/ralouphie/getallheaders/tree/develop"
+            },
+            "time": "2019-03-08T08:55:37+00:00"
+        },
         {
             "name": "symfony/console",
             "version": "v6.4.17",
@@ -2637,16 +3166,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.18.0",
+            "version": "v3.19.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "acffa88cc2b40dbe42eaf3a5025d6c0d4600cc50"
+                "reference": "d4f8c2b86374f08efc859323dbcd95c590f7124e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/acffa88cc2b40dbe42eaf3a5025d6c0d4600cc50",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/d4f8c2b86374f08efc859323dbcd95c590f7124e",
-                "reference": "acffa88cc2b40dbe42eaf3a5025d6c0d4600cc50",
+                "reference": "d4f8c2b86374f08efc859323dbcd95c590f7124e",
                 "shasum": ""
             },
             "require": {
@@ -2701,7 +3230,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.18.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.19.0"
             },
             "funding": [
                 {
@@ -2713,7 +3242,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-12-29T10:51:50+00:00"
+            "time": "2025-01-29T07:06:14+00:00"
         },
         {
             "name": "voku/portable-ascii",

cypress/e2e/3-check-public-pages.cy.js

@@ -17,7 +17,7 @@ describe('Check Public Pages', () => {
 
 	it('Go to changelog page', () => {
 		cy.visit({
-			url: Cypress.env('URL') + '/changelog',
+			url: Cypress.env('URL') + '/change-log',
 			method: 'GET',
 		})
 	})
@@ -132,7 +132,7 @@ describe('Check Public Pages', () => {
 
 	it('Go to server info page', () => {
 		cy.visit({
-			url: Cypress.env('URL') + '/server-info',
+			url: Cypress.env('URL') + '/ots-info',
 			method: 'GET',
 		})
 	})

index.php

@@ -31,11 +31,11 @@ require_once 'common.php';
 require_once SYSTEM . 'functions.php';
 
 $uri = $_SERVER['REQUEST_URI'];
-if(false !== strpos($uri, 'index.php')) {
+if(str_contains($uri, 'index.php')) {
 	$uri = str_replace_first('/index.php', '', $uri);
 }
 
-if(0 === strpos($uri, '/')) {
+if(str_starts_with($uri, '/')) {
 	$uri = str_replace_first('/', '', $uri);
 }
 
@@ -76,6 +76,8 @@ require_once SYSTEM . 'status.php';
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
 
+$hooks->trigger(HOOK_STARTUP);
+
 // backward support for gesior
 if(setting('core.backward_support')) {
 	define('INITIALIZED', true);
@@ -91,6 +93,7 @@ if(setting('core.backward_support')) {
 	if($logged && $account_logged)
 		$group_id_of_acc_logged = $account_logged->getGroupId();
 
+	$config['serverPath'] = $config['server_path'];
 	$config['site'] = &$config;
 	$config['server'] = &$config['lua'];
 	$config['site']['shop_system'] = setting('core.gifts_system');
@@ -115,9 +118,15 @@ if(setting('core.backward_support')) {
 		$config['status']['serverStatus_' . $key] = $value;
 }
 
-require_once SYSTEM . 'router.php';
+if(setting('core.views_counter')) {
+	require_once SYSTEM . 'counter.php';
+}
 
-$hooks->trigger(HOOK_STARTUP);
+if(setting('core.visitors_counter')) {
+	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
+}
+
+require_once SYSTEM . 'router.php';
 
 // anonymous usage statistics
 // sent only when user agrees
@@ -153,13 +162,6 @@ if(setting('core.anonymous_usage_statistics')) {
 	}
 }
 
-if(setting('core.views_counter'))
-	require_once SYSTEM . 'counter.php';
-
-if(setting('core.visitors_counter')) {
-	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
-}
-
 /**
  * @var OTS_Account $account_logged
  */
@@ -168,6 +170,7 @@ if ($logged && admin()) {
 		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
 	]);
 }
+
 $title_full =  (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];
 require $template_path . '/' . $template_index;
 

install/includes/config.php

@@ -26,6 +26,9 @@ if(!isset($error) || !$error) {
 		$config['database_type'] = $config['lua']['database_type'];
 	else if(isset($config['lua']['sql_type'])) // otserv
 		$config['database_type'] = $config['lua']['sql_type'];
+	else {
+		$config['database_type'] = '';
+	}
 
 	$config['database_type'] = strtolower($config['database_type']);
 	if(empty($config['database_type'])) {

install/includes/schema.sql

@@ -1,35 +1,35 @@
-SET @myaac_database_version = 42;
+SET @myaac_database_version = 45;
 
 CREATE TABLE `myaac_account_actions`
 (
-	`account_id` INT(11) NOT NULL,
+	`account_id` int NOT NULL,
-	`ip` INT(10) UNSIGNED NOT NULL DEFAULT 0,
+	`ip` int unsigned NOT NULL DEFAULT 0,
-	`ipv6` BINARY(16) NOT NULL DEFAULT 0,
+	`ipv6` binary(16) NOT NULL DEFAULT 0,
-	`date` INT(11) NOT NULL DEFAULT 0,
+	`date` int NOT NULL DEFAULT 0,
-	`action` VARCHAR(255) NOT NULL DEFAULT '',
+	`action` varchar(255) NOT NULL DEFAULT '',
 	KEY (`account_id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_admin_menu`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(255) NOT NULL DEFAULT '',
+	`name` varchar(255) NOT NULL DEFAULT '',
-	`page` VARCHAR(255) NOT NULL DEFAULT '',
+	`page` varchar(255) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`ordering` int NOT NULL DEFAULT 0,
-	`flags` INT(11) NOT NULL DEFAULT 0,
+	`flags` int NOT NULL DEFAULT 0,
-	`enabled` INT(1) NOT NULL DEFAULT 1,
+	`enabled` int NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_changelog`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`body` VARCHAR(500) NOT NULL DEFAULT '',
+	`body` varchar(500) NOT NULL DEFAULT '',
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - added, 2 - removed, 3 - changed, 4 - fixed',
+	`type` tinyint NOT NULL DEFAULT 0 COMMENT '1 - added, 2 - removed, 3 - changed, 4 - fixed',
-	`where` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - server, 2 - site',
+	`where` tinyint NOT NULL DEFAULT 0 COMMENT '1 - server, 2 - site',
-	`date` INT(11) NOT NULL DEFAULT 0,
+	`date` int NOT NULL DEFAULT 0,
-	`player_id` INT(11) NOT NULL DEFAULT 0,
+	`player_id` int NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
@@ -37,9 +37,9 @@ INSERT INTO `myaac_changelog` (`id`, `type`, `where`, `date`, `body`, `hide`) VA
 
 CREATE TABLE `myaac_config`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(30) NOT NULL,
+	`name` varchar(30) NOT NULL,
-	`value` VARCHAR(1000) NOT NULL,
+	`value` varchar(1000) NOT NULL,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
@@ -48,24 +48,24 @@ INSERT INTO `myaac_config` (`name`, `value`) VALUES ('database_version', @myaac_
 
 CREATE TABLE `myaac_faq`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`question` VARCHAR(255) NOT NULL DEFAULT '',
+	`question` varchar(255) NOT NULL DEFAULT '',
-	`answer` VARCHAR(1020) NOT NULL DEFAULT '',
+	`answer` varchar(1020) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`ordering` int NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_forum_boards`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(32) NOT NULL,
+	`name` varchar(32) NOT NULL,
-	`description` VARCHAR(255) NOT NULL DEFAULT '',
+	`description` varchar(255) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`ordering` int NOT NULL DEFAULT 0,
-	`guild` INT(11) NOT NULL DEFAULT 0,
+	`guild` int NOT NULL DEFAULT 0,
-	`access` INT(11) NOT NULL DEFAULT 0,
+	`access` int NOT NULL DEFAULT 0,
-	`closed` TINYINT(1) NOT NULL DEFAULT 0,
+	`closed` tinyint NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`, `closed`) VALUES (NULL, 'News', 'News commenting', 0, 1);
@@ -76,100 +76,100 @@ INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`) VALUE
 
 CREATE TABLE `myaac_forum`
 (
-	`id` int(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`first_post` int(11) NOT NULL default '0',
+	`first_post` int NOT NULL DEFAULT 0,
-	`last_post` int(11) NOT NULL default '0',
+	`last_post` int NOT NULL DEFAULT 0,
-	`section` int(3) NOT NULL default '0',
+	`section` int NOT NULL DEFAULT 0,
-	`replies` int(20) NOT NULL default '0',
+	`replies` int NOT NULL DEFAULT 0,
-	`views` int(20) NOT NULL default '0',
+	`views` int NOT NULL DEFAULT 0,
-	`author_aid` int(20) NOT NULL default '0',
+	`author_aid` int NOT NULL DEFAULT 0,
-	`author_guid` int(20) NOT NULL default '0',
+	`author_guid` int NOT NULL DEFAULT 0,
 	`post_text` text NOT NULL,
 	`post_topic` varchar(255) NOT NULL DEFAULT '',
-	`post_smile` tinyint(1) NOT NULL default '0',
+	`post_smile` tinyint NOT NULL DEFAULT 0,
-	`post_html` tinyint(1) NOT NULL default '0',
+	`post_html` tinyint NOT NULL DEFAULT 0,
-	`post_date` int(20) NOT NULL default '0',
+	`post_date` int NOT NULL DEFAULT 0,
-	`last_edit_aid` int(20) NOT NULL default '0',
+	`last_edit_aid` int NOT NULL DEFAULT 0,
-	`edit_date` int(20) NOT NULL default '0',
+	`edit_date` int NOT NULL DEFAULT 0,
-	`post_ip` varchar(45) NOT NULL default '0.0.0.0',
+	`post_ip` varchar(45) NOT NULL DEFAULT '0.0.0.0',
-	`sticked` tinyint(1) NOT NULL DEFAULT '0',
+	`sticked` tinyint NOT NULL DEFAULT 0,
-	`closed` tinyint(1) NOT NULL DEFAULT '0',
+	`closed` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	KEY `section` (`section`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_menu`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`template` VARCHAR(255) NOT NULL,
+	`template` varchar(255) NOT NULL,
-	`name` VARCHAR(255) NOT NULL,
+	`name` varchar(255) NOT NULL,
-	`link` VARCHAR(255) NOT NULL,
+	`link` varchar(255) NOT NULL,
-	`blank` TINYINT(1) NOT NULL DEFAULT 0,
+	`blank` tinyint NOT NULL DEFAULT 0,
-	`color` VARCHAR(6) NOT NULL DEFAULT '',
+	`color` varchar(6) NOT NULL DEFAULT '',
-	`category` INT(11) NOT NULL DEFAULT 1,
+	`category` int NOT NULL DEFAULT 1,
-	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`ordering` int NOT NULL DEFAULT 0,
-	`enabled` INT(1) NOT NULL DEFAULT 1,
+	`enabled` int NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_monsters` (
-	`id` int(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`hide` tinyint(1) NOT NULL default 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	`name` varchar(255) NOT NULL,
-	`mana` int(11) NOT NULL DEFAULT 0,
+	`mana` int NOT NULL DEFAULT 0,
-	`exp` int(11) NOT NULL,
+	`exp` int NOT NULL,
-	`health` int(11) NOT NULL,
+	`health` int NOT NULL,
-	`look` VARCHAR(255) NOT NULL DEFAULT '',
+	`look` varchar(255) NOT NULL DEFAULT '',
-	`speed_lvl` int(11) NOT NULL default 1,
+	`speed_lvl` int NOT NULL DEFAULT 1,
-	`use_haste` tinyint(1) NOT NULL,
+	`use_haste` tinyint NOT NULL,
 	`voices` text NOT NULL,
 	`immunities` varchar(255) NOT NULL,
-	`elements` TEXT NOT NULL,
+	`elements` text NOT NULL,
-	`summonable` tinyint(1) NOT NULL,
+	`summonable` tinyint NOT NULL,
-	`convinceable` tinyint(1) NOT NULL,
+	`convinceable` tinyint NOT NULL,
-	`pushable` TINYINT(1) NOT NULL DEFAULT '0',
+	`pushable` tinyint NOT NULL DEFAULT 0,
-	`canpushitems` TINYINT(1) NOT NULL DEFAULT '0',
+	`canpushitems` tinyint NOT NULL DEFAULT 0,
-	`canwalkonenergy` TINYINT(1) NOT NULL DEFAULT '0',
+	`canwalkonenergy` tinyint NOT NULL DEFAULT 0,
-	`canwalkonpoison` TINYINT(1) NOT NULL DEFAULT '0',
+	`canwalkonpoison` tinyint NOT NULL DEFAULT 0,
-	`canwalkonfire` TINYINT(1) NOT NULL DEFAULT '0',
+	`canwalkonfire` tinyint NOT NULL DEFAULT 0,
-	`runonhealth` TINYINT(1) NOT NULL DEFAULT '0',
+	`runonhealth` tinyint NOT NULL DEFAULT 0,
-	`hostile` TINYINT(1) NOT NULL DEFAULT '0',
+	`hostile` tinyint NOT NULL DEFAULT 0,
-	`attackable` TINYINT(1) NOT NULL DEFAULT '0',
+	`attackable` tinyint NOT NULL DEFAULT 0,
-	`rewardboss` TINYINT(1) NOT NULL DEFAULT '0',
+	`rewardboss` tinyint NOT NULL DEFAULT 0,
-	`defense` INT(11) NOT NULL DEFAULT '0',
+	`defense` int NOT NULL DEFAULT 0,
-	`armor` INT(11) NOT NULL DEFAULT '0',
+	`armor` int NOT NULL DEFAULT 0,
-	`canpushcreatures` TINYINT(1) NOT NULL DEFAULT '0',
+	`canpushcreatures` tinyint NOT NULL DEFAULT 0,
 	`race` varchar(255) NOT NULL,
 	`loot` text NOT NULL,
-	`summons` TEXT NOT NULL,
+	`summons` text NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_news`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`title` VARCHAR(100) NOT NULL,
+	`title` varchar(100) NOT NULL,
-	`body` TEXT NOT NULL,
+	`body` text NOT NULL,
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - news, 2 - ticker, 3 - article',
+	`type` tinyint NOT NULL DEFAULT 0 COMMENT '1 - news, 2 - ticker, 3 - article',
-	`date` INT(11) NOT NULL DEFAULT 0,
+	`date` int NOT NULL DEFAULT 0,
-	`category` TINYINT(1) NOT NULL DEFAULT 0,
+	`category` tinyint NOT NULL DEFAULT 0,
-	`player_id` INT(11) NOT NULL DEFAULT 0,
+	`player_id` int NOT NULL DEFAULT 0,
-	`last_modified_by` INT(11) NOT NULL DEFAULT 0,
+	`last_modified_by` int NOT NULL DEFAULT 0,
-	`last_modified_date` INT(11) NOT NULL DEFAULT 0,
+	`last_modified_date` int NOT NULL DEFAULT 0,
-	`comments` VARCHAR(50) NOT NULL DEFAULT '',
+	`comments` varchar(50) NOT NULL DEFAULT '',
-	`article_text` VARCHAR(300) NOT NULL DEFAULT '',
+	`article_text` varchar(300) NOT NULL DEFAULT '',
-	`article_image` VARCHAR(100) NOT NULL DEFAULT '',
+	`article_image` varchar(100) NOT NULL DEFAULT '',
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_news_categories`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(50) NOT NULL DEFAULT "",
+	`name` varchar(50) NOT NULL DEFAULT "",
-	`description` VARCHAR(50) NOT NULL DEFAULT "",
+	`description` varchar(50) NOT NULL DEFAULT "",
-	`icon_id` INT(2) NOT NULL DEFAULT 0,
+	`icon_id` int NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
@@ -181,39 +181,39 @@ INSERT INTO `myaac_news_categories` (`id`, `icon_id`) VALUES (NULL, 4);
 
 CREATE TABLE `myaac_notepad`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`account_id` INT(11) NOT NULL,
+	`account_id` int NOT NULL,
-	/*`name` VARCHAR(30) NOT NULL,*/
+	/*`name` varchar(30) NOT NULL,*/
-	`content` TEXT NOT NULL,
+	`content` text NOT NULL,
-	/*`public` TINYINT(1) NOT NULL DEFAULT 0*/
+	/*`public` tinyint NOT NULL DEFAULT 0*/
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_pages`
 (
 	`id` INT NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(30) NOT NULL,
+	`name` varchar(30) NOT NULL,
-	`title` VARCHAR(30) NOT NULL,
+	`title` varchar(30) NOT NULL,
-	`body` TEXT NOT NULL,
+	`body` text NOT NULL,
-	`date` INT(11) NOT NULL DEFAULT 0,
+	`date` int NOT NULL DEFAULT 0,
-	`player_id` INT(11) NOT NULL DEFAULT 0,
+	`player_id` int NOT NULL DEFAULT 0,
-	`php` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '0 - plain html, 1 - php',
+	`php` tinyint NOT NULL DEFAULT 0 COMMENT '0 - plain html, 1 - php',
-	`enable_tinymce` TINYINT(1) NOT NULL DEFAULT 1 COMMENT '1 - enabled, 0 - disabled',
+	`enable_tinymce` tinyint NOT NULL DEFAULT 1 COMMENT '1 - enabled, 0 - disabled',
-	`access` TINYINT(2) NOT NULL DEFAULT 0,
+	`access` tinyint NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_gallery`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`comment` VARCHAR(255) NOT NULL DEFAULT '',
+	`comment` varchar(255) NOT NULL DEFAULT '',
-	`image` VARCHAR(255) NOT NULL,
+	`image` varchar(255) NOT NULL,
-	`thumb` VARCHAR(255) NOT NULL,
+	`thumb` varchar(255) NOT NULL,
-	`author` VARCHAR(50) NOT NULL DEFAULT '',
+	`author` varchar(50) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`ordering` int NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
@@ -221,51 +221,51 @@ INSERT INTO `myaac_gallery` (`id`, `ordering`, `comment`, `image`, `thumb`, `aut
 
 CREATE TABLE `myaac_settings`
 (
-	`id` int(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(255) NOT NULL DEFAULT '',
+	`name` varchar(255) NOT NULL DEFAULT '',
-	`key` VARCHAR(255) NOT NULL DEFAULT '',
+	`key` varchar(255) NOT NULL DEFAULT '',
-	`value` TEXT NOT NULL,
+	`value` text NOT NULL,
 	PRIMARY KEY (`id`),
 	KEY `key` (`key`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_spells`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`spell` VARCHAR(255) NOT NULL DEFAULT '',
+	`spell` varchar(255) NOT NULL DEFAULT '',
-	`name` VARCHAR(255) NOT NULL,
+	`name` varchar(255) NOT NULL,
-	`words` VARCHAR(255) NOT NULL DEFAULT '',
+	`words` varchar(255) NOT NULL DEFAULT '',
-	`category` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - attack, 2 - healing, 3 - summon, 4 - supply, 5 - support',
+	`category` tinyint NOT NULL DEFAULT 0 COMMENT '1 - attack, 2 - healing, 3 - summon, 4 - supply, 5 - support',
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune',
+	`type` tinyint NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune',
-	`level` INT(11) NOT NULL DEFAULT 0,
+	`level` int NOT NULL DEFAULT 0,
-	`maglevel` INT(11) NOT NULL DEFAULT 0,
+	`maglevel` int NOT NULL DEFAULT 0,
-	`mana` INT(11) NOT NULL DEFAULT 0,
+	`mana` int NOT NULL DEFAULT 0,
-	`soul` TINYINT(3) NOT NULL DEFAULT 0,
+	`soul` tinyint NOT NULL DEFAULT 0,
-	`conjure_id` INT(11) NOT NULL DEFAULT 0,
+	`conjure_id` int NOT NULL DEFAULT 0,
-	`conjure_count` TINYINT(3) NOT NULL DEFAULT 0,
+	`conjure_count` tinyint NOT NULL DEFAULT 0,
-	`reagent` INT(11) NOT NULL DEFAULT 0,
+	`reagent` int NOT NULL DEFAULT 0,
-	`item_id` INT(11) NOT NULL DEFAULT 0,
+	`item_id` int NOT NULL DEFAULT 0,
-	`premium` TINYINT(1) NOT NULL DEFAULT 0,
+	`premium` tinyint NOT NULL DEFAULT 0,
-	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
+	`vocations` varchar(100) NOT NULL DEFAULT '',
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_visitors`
 (
-	`ip` VARCHAR(45) NOT NULL,
+	`ip` varchar(45) NOT NULL,
-	`lastvisit` INT(11) NOT NULL DEFAULT 0,
+	`lastvisit` int NOT NULL DEFAULT 0,
-	`page` VARCHAR(2048) NOT NULL,
+	`page` varchar(2048) NOT NULL,
-	`user_agent` VARCHAR(255) NOT NULL DEFAULT '',
+	`user_agent` varchar(255) NOT NULL DEFAULT '',
 	UNIQUE (`ip`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
 CREATE TABLE `myaac_weapons`
 (
-	`id` INT(11) NOT NULL,
+	`id` int NOT NULL,
-	`level` INT(11) NOT NULL DEFAULT 0,
+	`level` int NOT NULL DEFAULT 0,
-	`maglevel` INT(11) NOT NULL DEFAULT 0,
+	`maglevel` int NOT NULL DEFAULT 0,
-	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
+	`vocations` varchar(100) NOT NULL DEFAULT '',
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;

install/steps/4-config.php

@@ -10,6 +10,14 @@ foreach($config['clients'] as $client) {
 	$clients[$client] = $client_version;
 }
 
+if (empty($_SESSION['var_site_url'])) {
+	//require SYSTEM . 'base.php';
+	$serverUrl = 'http' . (isHttps() ? 's' : '') . '://' . $baseHost;
+	$siteURL = $serverUrl . $baseDir;
+
+	$_SESSION['var_site_url'] = $siteURL;
+}
+
 $twig->display('install.config.html.twig', array(
 	'clients' => $clients,
 	'timezones' => DateTimeZone::listIdentifiers(),

install/steps/7-finish.php

@@ -195,13 +195,4 @@ if(!isset($_SESSION['installed'])) {
 	$_SESSION['installed'] = true;
 }
 
-foreach($_SESSION as $key => $value) {
-	if(strpos($key, 'var_') !== false)
-		unset($_SESSION[$key]);
-}
-unset($_SESSION['saved']);
-if(file_exists(CACHE . 'install.txt')) {
-	unlink(CACHE . 'install.txt');
-}
-
 $hooks->trigger(HOOK_INSTALL_FINISH_END);

install/template/template.php

@@ -1,3 +1,4 @@
+<?php defined('MYAAC') or die('Direct access not allowed!'); ?>
 <!DOCTYPE html>
 <html dir="<?php echo $locale['direction']; ?>" lang="<?php echo $locale['lang']; ?>" xml:lang="<?php echo $locale['lang']; ?>">
 <head>

install/tools/5-database.php

@@ -7,6 +7,11 @@ require SYSTEM . 'functions.php';
 require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 
+if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
+	warning($locale['already_installed']);
+	return;
+}
+
 $error = false;
 require BASE . 'install/includes/config.php';
 
@@ -156,9 +161,14 @@ if ($db->hasTable('guilds')) {
 	}
 
 	if (!$db->hasColumn('guilds', 'description')) {
-		if (query("ALTER TABLE `guilds` ADD `description` TEXT NOT NULL;"))
+		if (query("ALTER TABLE `guilds` ADD `description` VARCHAR(5000) NOT NULL DEFAULT '';"))
 			success($locale['step_database_adding_field'] . ' guilds.description...');
 	}
+	else {
+		if (query("ALTER TABLE `guilds` MODIFY `description` VARCHAR(5000) NOT NULL DEFAULT '';")) {
+			success($locale['step_database_modifying_field'] . ' guilds.description...');
+		}
+	}
 
 	if ($db->hasColumn('guilds', 'logo_gfx_name')) {
 		if (query("ALTER TABLE `guilds` CHANGE `logo_gfx_name` `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';")) {
@@ -197,9 +207,14 @@ if ($db->hasTable('players')) {
 	}
 
 	if (!$db->hasColumn('players', 'comment')) {
-		if (query("ALTER TABLE `players` ADD `comment` TEXT NOT NULL;"))
+		if (query("ALTER TABLE `players` ADD `comment` VARCHAR(5000) NOT NULL DEFAULT '';"))
 			success($locale['step_database_adding_field'] . ' players.comment...');
 	}
+	else {
+		if (query("ALTER TABLE `players` MODIFY `comment` VARCHAR(5000) NOT NULL DEFAULT '';")) {
+			success($locale['step_database_modifying_field'] . ' players.comment...');
+		}
+	}
 
 	if ($db->hasColumn('players', 'rank_id')) {
 		if (query("ALTER TABLE players MODIFY `rank_id` INT(11) NOT NULL DEFAULT 0;"))

install/tools/7-finish.php

@@ -17,11 +17,11 @@ ini_set('max_execution_time', 300);
 ob_implicit_flush();
 
 header('X-Accel-Buffering: no');
-/*
+
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
 	return;
-}*/
+}
 
 require SYSTEM . 'init.php';
 
@@ -54,12 +54,13 @@ if ($db->hasTable('players')) {
 	}
 }
 
-Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php');
-Plugins::installMenus('tibiacom', require TEMPLATES . 'tibiacom/menus.php');
-
 DataLoader::setLocale($locale);
 DataLoader::load();
 
+// add menus entries
+require_once SYSTEM . 'migrations/17.php';
+$up();
+
 // update config.highscores_ids_hidden
 require_once SYSTEM . 'migrations/20.php';
 $up();
@@ -78,6 +79,10 @@ $up();
 require_once SYSTEM . 'migrations/31.php';
 $up();
 
+// rules page
+require_once SYSTEM . 'migrations/45.php';
+$up();
+
 if(ModelsFAQ::count() == 0) {
 	ModelsFAQ::create([
 		'question' => 'What is this?',
@@ -89,6 +94,17 @@ $hooks->trigger(HOOK_INSTALL_FINISH);
 
 $db->setClearCacheAfter(true);
 
+// cleanup
+foreach($_SESSION as $key => $value) {
+	if(str_contains($key, 'var_')) {
+		unset($_SESSION[$key]);
+	}
+}
+unset($_SESSION['saved']);
+if(file_exists(CACHE . 'install.txt')) {
+	unlink(CACHE . 'install.txt');
+}
+
 $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_replace('tools/', '',ADMIN_URL), $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(str_replace('tools/', '', BASE_URL), $locale['step_finish_homepage'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$LINK$', generateLink('https://my-aac.org', 'https://my-aac.org', true), $locale['step_finish_desc']);

login.php

@@ -86,12 +86,25 @@ switch ($action) {
 		die(json_encode(['eventlist' => $eventlist, 'lastupdatetimestamp' => time()]));
 
 	case 'boostedcreature':
-		$boostedCreature = BoostedCreature::latest();
+		$clientVersion = (int)setting('core.client');
+
+		// 13.40 and up
+		if ($clientVersion >= 1340) {
+			$creatureBoost = $db->query("SELECT * FROM " . $db->tableName('boosted_creature'))->fetchAll();
+			$bossBoost     = $db->query("SELECT * FROM " . $db->tableName('boosted_boss'))->fetchAll();
+			die(json_encode([
+				'boostedcreature' => true,
+				'creatureraceid'  => intval($creatureBoost[0]['raceid']),
+				'bossraceid'      => intval($bossBoost[0]['raceid'])
+			]));
+		}
+
+		// lower clients
+		$boostedCreature = BoostedCreature::first();
 		die(json_encode([
 			'boostedcreature' => true,
 			'raceid' => $boostedCreature->raceid
 		]));
-	break;
 
 	case 'login':
 
@@ -143,7 +156,7 @@ switch ($action) {
 			if ($limiter->exceeded($ip)) {
 				sendError($ban_msg);
 			}
-			
+
 			sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');
 		}
 

nginx-sample.conf

@@ -1,6 +1,6 @@
 server {
 	listen 80;
-	root /home/otserv/www/public;
+	root /var/www/html;
 	index index.php;
 	server_name your-domain.com;
 
@@ -14,7 +14,7 @@ server {
 
 	# block .htaccess, CHANGELOG.md, composer.json etc.
 	# this is to prevent finding software versions
-	location ~\.(ht|md|json|dist)$ {
+	location ~\.(ht|md|json|dist|sql)$ {
 		deny all;
 	}
 

package-lock.json

@@ -14,24 +14,13 @@
         "tinymce": "^7.2.0"
       },
       "devDependencies": {
-        "cypress": "^13.17.0"
+        "cypress": "^14.3.3"
-      }
-    },
-    "node_modules/@colors/colors": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/@colors/colors/-/colors-1.5.0.tgz",
-      "integrity": "sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==",
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "engines": {
-        "node": ">=0.1.90"
       }
     },
     "node_modules/@cypress/request": {
-      "version": "3.0.7",
+      "version": "3.0.8",
-      "resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.7.tgz",
+      "resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.8.tgz",
-      "integrity": "sha512-LzxlLEMbBOPYB85uXrDqvD4MgcenjRBLIns3zyhx7vTPj/0u2eQhzXvPiGcaJrV38Q9dbkExWp6cOHPJ+EtFYg==",
+      "integrity": "sha512-h0NFgh1mJmm1nr4jCwkGHwKneVYKghUyWe6TMNrk0B9zsjAJxpg8C4/+BAcmLgCPa1vj1V8rNUaILl+zYRUWBQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -48,7 +37,7 @@
         "json-stringify-safe": "~5.0.1",
         "mime-types": "~2.1.19",
         "performance-now": "^2.1.0",
-        "qs": "6.13.1",
+        "qs": "6.14.0",
         "safe-buffer": "^5.1.2",
         "tough-cookie": "^5.0.0",
         "tunnel-agent": "^0.6.0",
@@ -387,9 +376,9 @@
       }
     },
     "node_modules/call-bind-apply-helpers": {
-      "version": "1.0.1",
+      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
-      "integrity": "sha512-BhYE+WDaywFg2TBWYNXAE+8B1ATnThNBqXHP5nQu0jWJdVvY2hvkpyB3qOmtmDePiS5/BDQ8wASEWGMWRG148g==",
+      "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -401,14 +390,14 @@
       }
     },
     "node_modules/call-bound": {
-      "version": "1.0.3",
+      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.3.tgz",
+      "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
-      "integrity": "sha512-YTd+6wGlNlPxSuri7Y6X8tY2dmm12UMH66RpKMhiX6rsk5wXXnYgbUcOt8kiS31/AjfoTOvCsE+w8nZQLQnzHA==",
+      "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "call-bind-apply-helpers": "^1.0.1",
+        "call-bind-apply-helpers": "^1.0.2",
-        "get-intrinsic": "^1.2.6"
+        "get-intrinsic": "^1.3.0"
       },
       "engines": {
         "node": ">= 0.4"
@@ -504,9 +493,9 @@
       }
     },
     "node_modules/cli-table3": {
-      "version": "0.6.5",
+      "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.5.tgz",
+      "resolved": "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.1.tgz",
-      "integrity": "sha512-+W/5efTR7y5HRD7gACw9yQjqMVvEMLBHmboM/kPWam+H+Hmyrgjh6YncVKK122YZkXrLudzTuAukUw9FnMf7IQ==",
+      "integrity": "sha512-w0q/enDHhPLq44ovMGdQeeDLvwxwavsJX7oQGYt/LrBlYsyaxyDnp6z3QzFut/6kLLKnlcUVJLrpB7KBfgG/RA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -516,7 +505,7 @@
         "node": "10.* || >= 12.*"
       },
       "optionalDependencies": {
-        "@colors/colors": "1.5.0"
+        "colors": "1.4.0"
       }
     },
     "node_modules/cli-truncate": {
@@ -563,6 +552,17 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/colors": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz",
+      "integrity": "sha512-a+UqTh4kgZg/SlGvfbzDHpgRu7AAQOmmqRHJnxhRZICKFUT91brVhNNt58CMWU9PsBbv3PDCZUHbVxuDiH2mtA==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "engines": {
+        "node": ">=0.1.90"
+      }
+    },
     "node_modules/combined-stream": {
       "version": "1.0.8",
       "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
@@ -619,14 +619,14 @@
       }
     },
     "node_modules/cypress": {
-      "version": "13.17.0",
+      "version": "14.3.3",
-      "resolved": "https://registry.npmjs.org/cypress/-/cypress-13.17.0.tgz",
+      "resolved": "https://registry.npmjs.org/cypress/-/cypress-14.3.3.tgz",
-      "integrity": "sha512-5xWkaPurwkIljojFidhw8lFScyxhtiFHl/i/3zov+1Z5CmY4t9tjIdvSXfu82Y3w7wt0uR9KkucbhkVvJZLQSA==",
+      "integrity": "sha512-1Rz7zc9iqLww6BysaESqUhtIuaFHS7nL3wREovAKYsNhLTfX3TbcBWHWgEz70YimH2NkSOsm4oIcJJ9HYHOlew==",
       "dev": true,
       "hasInstallScript": true,
       "license": "MIT",
       "dependencies": {
-        "@cypress/request": "^3.0.6",
+        "@cypress/request": "^3.0.8",
         "@cypress/xvfb": "^1.2.4",
         "@types/sinonjs__fake-timers": "8.1.1",
         "@types/sizzle": "^2.3.2",
@@ -637,9 +637,9 @@
         "cachedir": "^2.3.0",
         "chalk": "^4.1.0",
         "check-more-types": "^2.24.0",
-        "ci-info": "^4.0.0",
+        "ci-info": "^4.1.0",
         "cli-cursor": "^3.1.0",
-        "cli-table3": "~0.6.1",
+        "cli-table3": "0.6.1",
         "commander": "^6.2.1",
         "common-tags": "^1.8.0",
         "dayjs": "^1.10.4",
@@ -663,7 +663,7 @@
         "process": "^0.11.10",
         "proxy-from-env": "1.0.0",
         "request-progress": "^3.0.0",
-        "semver": "^7.5.3",
+        "semver": "^7.7.1",
         "supports-color": "^8.1.1",
         "tmp": "~0.2.3",
         "tree-kill": "1.2.2",
@@ -674,7 +674,7 @@
         "cypress": "bin/cypress"
       },
       "engines": {
-        "node": "^16.0.0 || ^18.0.0 || >=20.0.0"
+        "node": "^18.0.0 || ^20.0.0 || >=22.0.0"
       }
     },
     "node_modules/cypress/node_modules/fs-extra": {
@@ -819,9 +819,9 @@
       }
     },
     "node_modules/es-object-atoms": {
-      "version": "1.0.0",
+      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.0.0.tgz",
+      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz",
-      "integrity": "sha512-MZ4iQ6JwHOBQjahnjwaC1ZtIBH+2ohjamzAO3oaHcXYup7qxjF2fixyH+Q71voWHeOkI2q/TnJao/KfXYIZWbw==",
+      "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -831,6 +831,22 @@
         "node": ">= 0.4"
       }
     },
+    "node_modules/es-set-tostringtag": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz",
+      "integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.6",
+        "has-tostringtag": "^1.0.2",
+        "hasown": "^2.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
     "node_modules/escape-string-regexp": {
       "version": "1.0.5",
       "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
@@ -960,14 +976,15 @@
       }
     },
     "node_modules/form-data": {
-      "version": "4.0.1",
+      "version": "4.0.2",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.2.tgz",
-      "integrity": "sha512-tzN8e4TX8+kkxGPK8D5u0FNmjPUjw3lwC9lSLxxoB/+GtsJG91CO8bSWy73APlgAZzZbXEYZJuxjkHH2w+Ezhw==",
+      "integrity": "sha512-hGfm/slu0ZabnNt4oaRZ6uREyfCj6P4fT/n6A1rGV+Z0VdGXjfOhVUpkn6qVQONHGIFwmveGXyDs75+nr6FM8w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "asynckit": "^0.4.0",
         "combined-stream": "^1.0.8",
+        "es-set-tostringtag": "^2.1.0",
         "mime-types": "^2.1.12"
       },
       "engines": {
@@ -999,18 +1016,18 @@
       }
     },
     "node_modules/get-intrinsic": {
-      "version": "1.2.7",
+      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.7.tgz",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
-      "integrity": "sha512-VW6Pxhsrk0KAOqs3WEd0klDiF/+V7gQOpAvY1jVU/LHmaD/kQO4523aiJuikX/QAKYiW6x8Jh+RJej1almdtCA==",
+      "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "call-bind-apply-helpers": "^1.0.1",
+        "call-bind-apply-helpers": "^1.0.2",
         "es-define-property": "^1.0.1",
         "es-errors": "^1.3.0",
-        "es-object-atoms": "^1.0.0",
+        "es-object-atoms": "^1.1.1",
         "function-bind": "^1.1.2",
-        "get-proto": "^1.0.0",
+        "get-proto": "^1.0.1",
         "gopd": "^1.2.0",
         "has-symbols": "^1.1.0",
         "hasown": "^2.0.2",
@@ -1131,6 +1148,22 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/has-tostringtag": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz",
+      "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "has-symbols": "^1.0.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
     "node_modules/hasown": {
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
@@ -1560,9 +1593,9 @@
       }
     },
     "node_modules/object-inspect": {
-      "version": "1.13.3",
+      "version": "1.13.4",
-      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.3.tgz",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
-      "integrity": "sha512-kDCGIbxkDSXE3euJZZXzc6to7fCrKHNI/hSRQnRuQ+BWjFNzZwiFF8fj/6o2t2G9/jTj8PSIYTfCLelLZEeRpA==",
+      "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -1709,13 +1742,13 @@
       }
     },
     "node_modules/qs": {
-      "version": "6.13.1",
+      "version": "6.14.0",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.1.tgz",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz",
-      "integrity": "sha512-EJPeIn0CYrGu+hli1xilKAPXODtJ12T0sP63Ijx2/khC2JtuaN3JyNIpvmnkmaEtha9ocbG4A4cMcr+TvqvwQg==",
+      "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==",
       "dev": true,
       "license": "BSD-3-Clause",
       "dependencies": {
-        "side-channel": "^1.0.6"
+        "side-channel": "^1.1.0"
       },
       "engines": {
         "node": ">=0.6"
@@ -1794,9 +1827,9 @@
       "license": "MIT"
     },
     "node_modules/semver": {
-      "version": "7.6.3",
+      "version": "7.7.1",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==",
       "dev": true,
       "license": "ISC",
       "bin": {
@@ -2031,22 +2064,22 @@
       "license": "GPL-2.0-or-later"
     },
     "node_modules/tldts": {
-      "version": "6.1.71",
+      "version": "6.1.86",
-      "resolved": "https://registry.npmjs.org/tldts/-/tldts-6.1.71.tgz",
+      "resolved": "https://registry.npmjs.org/tldts/-/tldts-6.1.86.tgz",
-      "integrity": "sha512-LQIHmHnuzfZgZWAf2HzL83TIIrD8NhhI0DVxqo9/FdOd4ilec+NTNZOlDZf7EwrTNoutccbsHjvWHYXLAtvxjw==",
+      "integrity": "sha512-WMi/OQ2axVTf/ykqCQgXiIct+mSQDFdH2fkwhPwgEwvJ1kSzZRiinb0zF2Xb8u4+OqPChmyI6MEu4EezNJz+FQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "tldts-core": "^6.1.71"
+        "tldts-core": "^6.1.86"
       },
       "bin": {
         "tldts": "bin/cli.js"
       }
     },
     "node_modules/tldts-core": {
-      "version": "6.1.71",
+      "version": "6.1.86",
-      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-6.1.71.tgz",
+      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-6.1.86.tgz",
-      "integrity": "sha512-LRbChn2YRpic1KxY+ldL1pGXN/oVvKfCVufwfVzEQdFYNo39uF7AJa/WXdo+gYO7PTvdfkCPCed6Hkvz/kR7jg==",
+      "integrity": "sha512-Je6p7pkk+KMzMv2XXKmAE3McmolOQFdxkKw0R8EYNr7sELW46JqnNeTX8ybPiQgvg1ymCoF8LXs5fzFaZvJPTA==",
       "dev": true,
       "license": "MIT"
     },
@@ -2061,9 +2094,9 @@
       }
     },
     "node_modules/tough-cookie": {
-      "version": "5.1.0",
+      "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-5.1.0.tgz",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-5.1.2.tgz",
-      "integrity": "sha512-rvZUv+7MoBYTiDmFPBrhL7Ujx9Sk+q9wwm22x8c8T5IJaR+Wsyc7TNxbVxo84kZoRJZZMazowFLqpankBEQrGg==",
+      "integrity": "sha512-FVDYdxtnj0G6Qm/DhNPSb8Ju59ULcup3tuJxkFb5K8Bv2pUXILbf0xZWU8PX8Ov19OXljbUyveOFwRMwkXzO+A==",
       "dev": true,
       "license": "BSD-3-Clause",
       "dependencies": {

package.json

@@ -4,7 +4,7 @@
     "postinstall": "node ./npm-post-install.js"
   },
   "devDependencies": {
-    "cypress": "^13.17.0"
+    "cypress": "^14.3.3"
   },
   "dependencies": {
     "@tinymce/tinymce-jquery": "^2.1.0",

plugins/account-create-hint.json

@@ -1,6 +1,6 @@
 {
 	"name": "create-account-hint",
-	"description": "This plugin display text 'To play on Forgotten you need an account.  All you have to do to create your new account is to enter an account name, password, country and your email address. Also you have to agree to the terms presented below. If you have done so, your account name will be shown on the following page and your account password will be sent to your email address along with further instructions. If you do not receive the email with your password, please check your spam filter.' on the create account page. <strong>Be careful when uninstalling this!</strong>",
+	"description": "This plugin display text 'To play on Forgotten you need an account.  All you have to do to create your new account is to enter an account name, password, country and your email address. Also you have to agree to the terms presented below. If you have done so, your account name will be shown on the following page and your account password will be sent to your email address along with further instructions. If you do not receive the email with your password, please check your spam filter.' on the create account page.",
 	"version": "1.0",
 	"author": "slawkens",
 	"contact": "slawkens@gmail.com",

plugins/account-create-hint/hint.php

@@ -9,7 +9,4 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-global $twig_loader;
+$twig->display('account-create-hint/hint.html.twig');
-$twig_loader->prependPath(BASE . 'plugins/account-create-hint');
-
-$twig->display('hint.html.twig');

plugins/example.json

@@ -46,8 +46,13 @@
 	"settings": "plugins/your-plugin-folder/settings.php",
 	"autoload": {
 		"pages": true,
-		"pagesSubFolders": false,
+		"pages-sub-folders": false,
 		"commands": true,
-		"themes": true
+		"themes": true,
+		"admin-pages": true,
+		"admin-pages-sub-folders": true,
+		"settings": true,
+		"install": true,
+		"init": false
 	}
  }

release.sh

@@ -22,7 +22,7 @@ if [ $1 = "prepare" ]; then
 	mkdir -p tmp
 
 	# get myaac from git archive
-	git archive --format zip --output tmp/myaac.zip master
+	git archive --format zip --output tmp/myaac.zip main
 
 	cd tmp/ || exit
 

system/base.php

@@ -0,0 +1,21 @@
+<?php
+
+$baseDir = '';
+$tmp = explode('/', $_SERVER['SCRIPT_NAME']);
+$size = count($tmp) - 1;
+for($i = 1; $i < $size; $i++)
+	$baseDir .= '/' . $tmp[$i];
+
+$baseDir = str_replace(['/' . ADMIN_PANEL_FOLDER, '/install', '/tools'], '', $baseDir);
+
+if(!IS_CLI) {
+	if (isset($_SERVER['HTTP_HOST'][0])) {
+		$baseHost = $_SERVER['HTTP_HOST'];
+	} else {
+		if (isset($_SERVER['SERVER_NAME'][0])) {
+			$baseHost = $_SERVER['SERVER_NAME'];
+		} else {
+			$baseHost = $_SERVER['SERVER_ADDR'];
+		}
+	}
+}

system/clients.conf.php

@@ -109,4 +109,12 @@ $config['clients'] = [
 	1330,
 	1332,
 	1340,
+
+	1400,
+	1405,
+	1410,
+	1411,
+	1412,
+	1500,
+	1501,
 ];

system/compat/base.php

@@ -74,7 +74,3 @@ function fieldExist($field, $table)
 	global $db;
 	return $db->hasColumn($table, $field);
 }
-
-function getCreatureImgPath($creature): string {
-	return getMonsterImgPath($creature);
-}

system/database.php

@@ -122,6 +122,10 @@ try {
 
 	$eloquentConnection = $capsule->getConnection();
 
+	if (isset($twig)) {
+		$twig->addGlobal('db', $db);
+	}
+
 } catch (Exception $e) {
 	if(isset($cache) && $cache->enabled()) {
 		$cache->delete('config_lua');

system/functions.php

@@ -49,7 +49,7 @@ function warning($message, $return = false) {
 	return message($message, 'warning', $return);
 }
 function note($message, $return = false) {
-	return info($message, $return);
+	return message($message, 'note', $return);
 }
 function info($message, $return = false) {
 	return message($message, 'info', $return);
@@ -121,7 +121,7 @@ function getPlayerLink($name, $generate = true, bool $colored = false): string
 
 function getMonsterLink($name, $generate = true): string
 {
-	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'monsters/' . urlencode($name);
+	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'monsters?name=' . urlencode($name);
 
 	if(!$generate) return $url;
 	return generateLink($url, $name);
@@ -129,16 +129,14 @@ function getMonsterLink($name, $generate = true): string
 
 function getHouseLink($name, $generate = true): string
 {
-	if(is_numeric($name))
+	if(is_numeric($name)) {
-	{
 		$house = House::find(intval($name), ['name']);
 		if ($house) {
 			$name = $house->name;
 		}
 	}
 
-
+	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'houses?name=' . urlencode($name);
-	$url = BASE_URL . (setting('core.friendly_urls') ? '' : 'index.php/') . 'houses/' . urlencode($name);
 
 	if(!$generate) return $url;
 	return generateLink($url, $name);
@@ -547,33 +545,39 @@ function template_header($is_admin = false): string
  */
 function template_footer(): string
 {
-	global $views_counter;
+	$footer = [];
-	$ret = '';
+
 	if(admin()) {
-		$ret .= generateLink(ADMIN_URL, 'Admin Panel', true);
+		$footer[] = generateLink(ADMIN_URL, 'Admin Panel', true);
 	}
 
 	if(setting('core.visitors_counter')) {
 		global $visitors;
 		$amount = $visitors->getAmountVisitors();
-		$ret .= '<br/>Currently there ' . ($amount > 1 ? 'are' : 'is') . ' ' . $amount . ' visitor' . ($amount > 1 ? 's' : '') . '.';
+		$footer[] = 'Currently there ' . ($amount > 1 ? 'are' : 'is') . ' ' . $amount . ' visitor' . ($amount > 1 ? 's' : '') . '.';
 	}
 
 	if(setting('core.views_counter')) {
-		$ret .= '<br/>Page has been viewed ' . $views_counter . ' times.';
+		global $views_counter;
+		$footer[] = 'Page has been viewed ' . $views_counter . ' times.';
 	}
 
 	if(setting('core.footer_load_time')) {
-		$ret .= '<br/>Load time: ' . round(microtime(true) - START_TIME, 4) . ' seconds.';
+		$footer[] = 'Load time: ' . round(microtime(true) - START_TIME, 4) . ' seconds.';
 	}
 
 	$settingFooter = setting('core.footer');
 	if(isset($settingFooter[0])) {
-		$ret .= '<br/>' . $settingFooter;
+		$footer[] = '' . $settingFooter;
 	}
 
 	// please respect my work and help spreading the word, thanks!
-	return $ret . '<br/>' . base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4=');
+	$footer[] = base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4=');
+
+	global $hooks;
+	$hooks->triggerFilter(HOOK_FILTER_THEME_FOOTER, $footer);
+
+	return implode('<br/>', $footer);
 }
 
 function template_ga_code()
@@ -984,31 +988,29 @@ function load_config_lua($filename)
 				continue;
 			}
 			$tmp_exp = explode('=', $line, 2);
-			if(strpos($line, 'dofile') !== false)
+			if(str_contains($line, 'dofile')) {
-			{
 				$delimiter = '"';
-				if(strpos($line, $delimiter) === false)
+				if(!str_contains($line, $delimiter)) {
 					$delimiter = "'";
+				}
 
 				$tmp = explode($delimiter, $line);
 				$result = array_merge($result, load_config_lua($config['server_path'] . $tmp[1]));
 			}
-			else if(count($tmp_exp) >= 2)
+			else if(count($tmp_exp) >= 2) {
-			{
 				$key = trim($tmp_exp[0]);
-				if(0 !== strpos($key, '--'))
+				if(!str_starts_with($key, '--')) {
-				{
 					$value = trim($tmp_exp[1]);
-					if(strpos($value, '--') !== false) {// found some deep comment
+					if(str_contains($value, '--')) {// found some deep comment
 						$value = preg_replace('/--.*$/i', '', $value);
 					}
 
 					if(is_numeric($value))
 						$result[$key] = (float) $value;
 					elseif(in_array(@$value[0], array("'", '"')) && in_array(@$value[strlen($value) - 1], array("'", '"')))
-						$result[$key] = (string) substr(substr($value, 1), 0, -1);
+						$result[$key] = substr(substr($value, 1), 0, -1);
 					elseif(in_array($value, array('true', 'false')))
-						$result[$key] = ($value === 'true') ? true : false;
+						$result[$key] = $value === 'true';
 					elseif(@$value[0] === '{') {
 						// arrays are not supported yet
 						// just ignore the error
@@ -1016,12 +1018,19 @@ function load_config_lua($filename)
 					}
 					else
 					{
-						foreach($result as $tmp_key => $tmp_value) // load values definied by other keys, like: dailyFragsToBlackSkull = dailyFragsToRedSkull
+						foreach($result as $tmp_key => $tmp_value) { // load values defined by other keys, like: dailyFragsToBlackSkull = dailyFragsToRedSkull
 							$value = str_replace($tmp_key, $tmp_value, $value);
-						$ret = @eval("return $value;");
+						}
-						if((string) $ret == '' && trim($value) !== '""') // = parser error
+
-						{
+						try {
-							throw new RuntimeException('ERROR: Loading config.lua file. Line <b>' . ($ln + 1) . '</b> of LUA config file is not valid [key: <b>' . $key . '</b>]');
+							$ret = eval("return $value;");
+						}
+						catch (Throwable $e) {
+							throw new RuntimeException('ERROR: Loading config.lua file. Line: ' . ($ln + 1) . ' - Unable to parse value "' . $value . '" - ' . $e->getMessage());
+						}
+
+						if((string) $ret == '' && trim($value) !== '""') {
+							throw new RuntimeException('ERROR: Loading config.lua file. Line ' . ($ln + 1) . ' is not valid [key: ' . $key . ']');
 						}
 						$result[$key] = $ret;
 					}
@@ -1030,8 +1039,7 @@ function load_config_lua($filename)
 		}
 	}
 
-	$result = array_merge($result, isset($config['lua']) ? $config['lua'] : array());
+	return array_merge($result, $config['lua'] ?? []);
-	return $result;
 }
 
 function str_replace_first($search,$replace, $subject) {
@@ -1057,17 +1065,36 @@ function get_browser_real_ip() {
 
 	return '0';
 }
-function setSession($key, $data) {
+function setSession($key, $value = null): void {
-	$_SESSION[setting('core.session_prefix') . $key] = $data;
+	if (!is_array($key)) {
+		$key = [$key => $value];
+	}
+
+	foreach ($key as $arrayKey => $arrayValue) {
+		if (is_null($arrayValue)) {
+			unsetSession($arrayKey);
+		}
+		else {
+			$_SESSION[setting('core.session_prefix') . $arrayKey] = $arrayValue;
+		}
+	}
 }
 function getSession($key) {
-	$key = setting('core.session_prefix') . $key;
+	return $_SESSION[setting('core.session_prefix') . $key] ?? null;
-	return isset($_SESSION[$key]) ? $_SESSION[$key] : false;
 }
-function unsetSession($key) {
+function unsetSession($key): void {
 	unset($_SESSION[setting('core.session_prefix') . $key]);
 }
 
+function session($key): mixed {
+	if (is_array($key)) {
+		setSession($key);
+		return null;
+	}
+
+	return getSession($key);
+}
+
 function csrf(bool $return = false): string {
 	return CsrfToken::create($return);
 }
@@ -1107,10 +1134,6 @@ function getTopPlayers($limit = 5, $skill = 'level') {
 			$columns[] = 'lookaddons';
 		}
 
-		if ($db->hasColumn('players', 'online')) {
-			$columns[] = 'online';
-		}
-
 		return Player::query()
 			->select($columns)
 			->withOnlineStatus()
@@ -1240,6 +1263,10 @@ function clearCache()
 
 		global $db;
 		$db->setClearCacheAfter(true);
+
+		if (function_exists('apcu_clear_cache')) {
+			apcu_clear_cache();
+		}
 	}
 
 	deleteDirectory(CACHE . 'signatures', ['index.html'], true);
@@ -1555,22 +1582,6 @@ function right($str, $length) {
 	return substr($str, -$length);
 }
 
-function getMonsterImgPath($monster): string
-{
-	$monster_path = setting('core.monsters_images_url');
-	$monster_gfx_name = trim(strtolower($monster)) . setting('core.monsters_images_extension');
-	if (!file_exists($monster_path . $monster_gfx_name)) {
-		$monster_gfx_name = str_replace(" ", "", $monster_gfx_name);
-		if (file_exists($monster_path . $monster_gfx_name)) {
-			return $monster_path . $monster_gfx_name;
-		} else {
-			return $monster_path . 'nophoto.png';
-		}
-	} else {
-		return $monster_path . $monster_gfx_name;
-	}
-}
-
 function between($x, $lim1, $lim2) {
 	if ($lim1 < $lim2) {
 		$lower = $lim1; $upper = $lim2;
@@ -1679,4 +1690,7 @@ function getAccountIdentityColumn(): string
 require_once SYSTEM . 'compat/base.php';
 
 // custom functions
-require SYSTEM . 'functions_custom.php';
+$customFunctions = SYSTEM . 'functions_custom.php';
+if (is_file($customFunctions)) {
+	require $customFunctions;
+}

system/init.php

@@ -12,6 +12,7 @@ use DebugBar\StandardDebugBar;
 use MyAAC\Cache\Cache;
 use MyAAC\CsrfToken;
 use MyAAC\Hooks;
+use MyAAC\Plugins;
 use MyAAC\Models\Town;
 use MyAAC\Settings;
 
@@ -46,10 +47,16 @@ if(isset($config['gzip_output']) && $config['gzip_output'] && isset($_SERVER['HT
 global $cache;
 $cache = Cache::getInstance();
 
+// load plugins init.php
+foreach (Plugins::getInits() as $init) {
+	require $init;
+}
+
 // event system
 global $hooks;
 $hooks = new Hooks();
 $hooks->load();
+$hooks->trigger(HOOK_INIT);
 
 // twig
 require_once SYSTEM . 'twig.php';
@@ -137,9 +144,12 @@ $ots = POT::getInstance();
 $eloquentConnection = null;
 require_once SYSTEM . 'database.php';
 
+$twig->addGlobal('logged', false);
+$twig->addGlobal('account_logged', new \OTS_Account());
+
 // verify myaac tables exists in database
 if(!defined('MYAAC_INSTALL') && !$db->hasTable('myaac_account_actions')) {
-	throw new RuntimeException('Seems that the table myaac_account_actions of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting ' . BASE_URL . 'install');
+	throw new RuntimeException('Seems that the table myaac_account_actions of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting ' . (IS_CLI ? 'http://your-ip.com/' : BASE_URL) . 'install');
 }
 
 // execute migrations

system/libs/pot/OTS_Account.php

@@ -446,16 +446,13 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		if(isset($this->data['premium_ends_at']) || isset($this->data['premend'])) {
 			$col = isset($this->data['premium_ends_at']) ? 'premium_ends_at' : 'premend';
 			$ret = ceil(($this->data[$col] - time()) / (24 * 60 * 60));
-			return $ret > 0 ? $ret : 0;
+			return max($ret, 0);
 		}
 
 		if($this->data['premdays'] == 0) {
 			return 0;
 		}
 
-		global $config;
-		if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return -1;
-
 		if($this->data['premdays'] == self::GRATIS_PREMIUM_DAYS){
 			return self::GRATIS_PREMIUM_DAYS;
 		}
@@ -1011,7 +1008,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 	public function logAction($action)
 	{
 		$ip = get_browser_real_ip();
-		if(strpos($ip, ":") === false) {
+		if(!str_contains($ip, ":")) {
 			$ipv6 = '0';
 		}
 		else {

system/libs/pot/OTS_DB_MySQL.php

@@ -234,6 +234,19 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return $this->hasTable($table) && ($this->has_column_cache[$table . '.' . $column] = count($this->query('SHOW COLUMNS FROM `' . $table . "` LIKE '" . $column . "'")->fetchAll()) > 0);
 	}
 
+	public function hasTableAndColumns(string $table, array $columns = []): bool
+	{
+		if (!$this->hasTable($table)) return false;
+
+		foreach ($columns as $column) {
+			if (!$this->hasColumn($table, $column)) {
+				return false;
+			}
+		}
+
+		return true;
+	}
+
 	public function revalidateCache() {
 		foreach($this->has_table_cache as $key => $value) {
 			$this->hasTableInternal($key);

system/libs/pot/OTS_Guild.php

@@ -97,7 +97,7 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
  *
  * @param IOTS_GuildAction $invites Invites driver (don't pass it to clear driver).
  */
-    public function setInvitesDriver(IOTS_GuildAction $invites = null)
+    public function setInvitesDriver(?IOTS_GuildAction $invites = null)
     {
         $this->invites = $invites;
     }
@@ -107,7 +107,7 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
  *
  * @param IOTS_GuildAction $requests Membership requests driver (don't pass it to clear driver).
  */
-    public function setRequestsDriver(IOTS_GuildAction $requests = null)
+    public function setRequestsDriver(?IOTS_GuildAction $requests = null)
     {
         $this->requests = $requests;
     }

system/libs/pot/OTS_GuildRank.php

@@ -60,7 +60,7 @@ class OTS_GuildRank extends OTS_Row_DAO implements IteratorAggregate, Countable
  * @throws PDOException On PDO operation error.
  * @throws E_OTS_NotLoaded If given <var>$guild</var> object is not loaded.
  */
-    public function find($name, OTS_Guild $guild = null)
+    public function find($name, ?OTS_Guild $guild = null)
     {
         $where = '';
 

system/libs/pot/OTS_InfoRespond.php

@@ -15,11 +15,11 @@
 
 /**
  * Wrapper for 'info' respond's DOMDocument.
- * 
+ *
  * <p>
  * Note: as this class extends DOMDocument class and contains exacly respond XML tree you can work on it as on normal DOM tree.
  * </p>
- * 
+ *
  * @package POT
  * @version 0.1.0
  * @property-read string $tspqVersion Root element version.
@@ -48,252 +48,257 @@ class OTS_InfoRespond extends DOMDocument
 {
 /**
  * Returns version of root element.
- * 
+ *
  * @return string TSPQ version.
  * @throws DOMException On DOM operation error.
  */
-    public function getTSPQVersion()
+	public function getTSPQVersion()
-    {
+	{
-        return $this->documentElement->getAttribute('version');
+		return $this->documentElement->getAttribute('version');
-    }
+	}
 
 /**
  * Returns server uptime.
- * 
+ *
  * @return int Uptime.
  * @throws DOMException On DOM operation error.
  */
-    public function getUptime()
+	public function getUptime()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('uptime');
+		return (int) $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('uptime');
-    }
+	}
 
 /**
  * Returns server IP.
- * 
+ *
  * @return string IP.
  * @throws DOMException On DOM operation error.
  */
-    public function getIP()
+	public function getIP()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('ip');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('ip');
-    }
+	}
 
 /**
  * Returns server name.
- * 
+ *
  * @return string Name.
  * @throws DOMException On DOM operation error.
  */
-    public function getName()
+	public function getName()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('servername');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('servername');
-    }
+	}
 
 /**
  * Returns server port.
- * 
+ *
  * @return int Port.
  * @throws DOMException On DOM operation error.
  */
-    public function getPort()
+	public function getPort()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('port');
+		return (int) $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('port');
-    }
+	}
 
 /**
  * Returns server location.
- * 
+ *
  * @return string Location.
  * @throws DOMException On DOM operation error.
  */
-    public function getLocation()
+	public function getLocation()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('location');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('location');
-    }
+	}
 
 /**
  * Returns server website.
- * 
+ *
  * @return string Website URL.
  * @throws DOMException On DOM operation error.
  */
-    public function getURL()
+	public function getURL()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('url');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('url');
-    }
+	}
 
 /**
  * Returns server attribute.
- * 
+ *
  * I have no idea what the hell is it representing :P.
- * 
+ *
  * @return string Attribute value.
  * @throws DOMException On DOM operation error.
  */
-    public function getServer()
+	public function getServer()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('server');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('server');
-    }
+	}
 
 /**
  * Returns server version.
- * 
+ *
  * @return string Version.
  * @throws DOMException On DOM operation error.
  */
-    public function getServerVersion()
+	public function getServerVersion()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('version');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('version');
-    }
+	}
 
 /**
  * Returns dedicated version of client.
- * 
+ *
  * @return string Version.
  * @throws DOMException On DOM operation error.
  */
-    public function getClientVersion()
+	public function getClientVersion()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('client');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('client');
-    }
+	}
 
 /**
  * Returns owner name.
- * 
+ *
  * @return string Owner name.
  * @throws DOMException On DOM operation error.
  */
-    public function getOwner()
+	public function getOwner()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('owner')->item(0)->getAttribute('name');
+		return $this->documentElement->getElementsByTagName('owner')->item(0)->getAttribute('name');
-    }
+	}
 
 /**
  * Returns owner e-mail.
- * 
+ *
  * @return string Owner e-mail.
  * @throws DOMException On DOM operation error.
  */
-    public function getEMail()
+	public function getEMail()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('owner')->item(0)->getAttribute('email');
+		return $this->documentElement->getElementsByTagName('owner')->item(0)->getAttribute('email');
-    }
+	}
 
 /**
  * Returns current amount of players online.
- * 
+ *
  * @return int Count of players.
  * @throws DOMException On DOM operation error.
  */
-    public function getOnlinePlayers()
+	public function getOnlinePlayers()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('online');
+		return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('online');
-    }
+	}
 
 /**
  * Returns maximum amount of players online.
- * 
+ *
  * @return int Maximum allowed count of players.
  * @throws DOMException On DOM operation error.
  */
-    public function getMaxPlayers()
+	public function getMaxPlayers()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('max');
+		return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('max');
-    }
+	}
 
 /**
  * Returns record of online players.
- * 
+ *
  * @return int Players online record.
  * @throws DOMException On DOM operation error.
  */
-    public function getPlayersPeak()
+	public function getPlayersPeak()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('peak');
+		return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('peak');
-    }
+	}
 
 /**
  * Returns number of all monsters on map.
- * 
+ *
  * @return int Count of monsters.
  * @throws DOMException On DOM operation error.
  */
-    public function getMonstersCount()
+	public function getMonstersCount(): int
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('monsters')->item(0)->getAttribute('total');
+		return (int) $this->documentElement->getElementsByTagName('monsters')->item(0)->getAttribute('total');
-    }
+	}
+
+	public function getNPCsCount(): int
+	{
+		return (int) $this->documentElement->getElementsByTagName('npcs')->item(0)->getAttribute('total');
+	}
 
 /**
  * Returns map name.
- * 
+ *
  * @return string Map name.
  * @throws DOMException On DOM operation error.
  */
-    public function getMapName()
+	public function getMapName()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('name');
+		return $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('name');
-    }
+	}
 
 /**
  * Returns map author.
- * 
+ *
  * @return string Mapper name.
  * @throws DOMException On DOM operation error.
  */
-    public function getMapAuthor()
+	public function getMapAuthor()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('author');
+		return $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('author');
-    }
+	}
 
 /**
  * Returns map width.
- * 
+ *
  * @return int Map width.
  * @throws DOMException On DOM operation error.
  */
-    public function getMapWidth()
+	public function getMapWidth()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('width');
+		return (int) $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('width');
-    }
+	}
 
 /**
  * Returns map height.
- * 
+ *
  * @return int Map height.
  * @throws DOMException On DOM operation error.
  */
-    public function getMapHeight()
+	public function getMapHeight()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('height');
+		return (int) $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('height');
-    }
+	}
 
 /**
  * Returns server's Message Of The Day
- * 
+ *
  * @version 0.1.0
  * @return string Server MOTD.
  * @throws DOMException On DOM operation error.
  */
-    public function getMOTD()
+	public function getMOTD()
-    {
+	{
-        // look for text node child
+		// look for text node child
-        foreach( $this->documentElement->getElementsByTagName('motd')->item(0)->childNodes as $child)
+		foreach( $this->documentElement->getElementsByTagName('motd')->item(0)->childNodes as $child)
-        {
+		{
-            if($child->nodeType == XML_TEXT_NODE)
+			if($child->nodeType == XML_TEXT_NODE)
-            {
+			{
-                // found
+				// found
-                return $child->nodeValue;
+				return $child->nodeValue;
-            }
+			}
-        }
+		}
 
-        // strange...
+		// strange...
-        return '';
+		return '';
-    }
+	}
 
 /**
  * Magic PHP5 method.
- * 
+ *
  * @version 0.1.0
  * @since 0.1.0
  * @param string $name Property name.
@@ -301,89 +306,89 @@ class OTS_InfoRespond extends DOMDocument
  * @throws OutOfBoundsException For non-supported properties.
  * @throws DOMException On DOM operation error.
  */
-    public function __get($name)
+	public function __get($name)
-    {
+	{
-        switch($name)
+		switch($name)
-        {
+		{
-            case 'tspqVersion':
+			case 'tspqVersion':
-                return $this->getTSPQVersion();
+				return $this->getTSPQVersion();
 
-            case 'uptime':
+			case 'uptime':
-                return $this->getUptime();
+				return $this->getUptime();
 
-            case 'ip':
+			case 'ip':
-                return $this->getIP();
+				return $this->getIP();
 
-            case 'name':
+			case 'name':
-                return $this->getName();
+				return $this->getName();
 
-            case 'port':
+			case 'port':
-                return $this->getPort();
+				return $this->getPort();
 
-            case 'location':
+			case 'location':
-                return $this->getLocation();
+				return $this->getLocation();
 
-            case 'url':
+			case 'url':
-                return $this->getURL();
+				return $this->getURL();
 
-            case 'server':
+			case 'server':
-                return $this->getServer();
+				return $this->getServer();
 
-            case 'serverVersion':
+			case 'serverVersion':
-                return $this->getServerVersion();
+				return $this->getServerVersion();
 
-            case 'clientVersion':
+			case 'clientVersion':
-                return $this->getClientVersion();
+				return $this->getClientVersion();
 
-            case 'owner':
+			case 'owner':
-                return $this->getOwner();
+				return $this->getOwner();
 
-            case 'eMail':
+			case 'eMail':
-                return $this->getEMail();
+				return $this->getEMail();
 
-            case 'onlinePlayers':
+			case 'onlinePlayers':
-                return $this->getOnlinePlayers();
+				return $this->getOnlinePlayers();
 
-            case 'maxPlayers':
+			case 'maxPlayers':
-                return $this->getMaxPlayers();
+				return $this->getMaxPlayers();
 
-            case 'playersPeak':
+			case 'playersPeak':
-                return $this->getPlayersPeak();
+				return $this->getPlayersPeak();
 
-            case 'monstersCount':
+			case 'monstersCount':
-                return $this->getMonstersCount();
+				return $this->getMonstersCount();
 
-            case 'mapName':
+			case 'mapName':
-                return $this->getMapName();
+				return $this->getMapName();
 
-            case 'mapAuthor':
+			case 'mapAuthor':
-                return $this->getMapAuthor();
+				return $this->getMapAuthor();
 
-            case 'mapWidth':
+			case 'mapWidth':
-                return $this->getMapWidth();
+				return $this->getMapWidth();
 
-            case 'mapHeight':
+			case 'mapHeight':
-                return $this->getMapHeight();
+				return $this->getMapHeight();
 
-            case 'motd':
+			case 'motd':
-                return $this->getMOTD();
+				return $this->getMOTD();
 
-            default:
+			default:
-                throw new OutOfBoundsException();
+				throw new OutOfBoundsException();
-        }
+		}
-    }
+	}
 
 /**
  * Returns string representation of XML.
- * 
+ *
  * @version 0.1.0
  * @since 0.1.0
  * @return string String representation of object.
  */
-    public function __toString()
+	public function __toString()
-    {
+	{
-        return $this->saveXML();
+		return $this->saveXML();
-    }
+	}
 }
 
 /**#@-*/

system/libs/pot/OTS_Monster.php

@@ -284,7 +284,7 @@ class OTS_Monster extends DOMDocument
  */
 	public function getLook()
 	{
-		$look = array();
+		$look = [];
 
 		$element = $this->documentElement->getElementsByTagName('look')->item(0);
 
@@ -292,14 +292,30 @@ class OTS_Monster extends DOMDocument
 			return $look;
 		}
 
-		$look['type'] = $element->getAttribute('type');
+		if ($element->hasAttribute('typeex')) {
-		$look['typeex'] = $element->getAttribute('typeex');
+			$look['typeEx'] = (int) $element->getAttribute('typeex');
-		$look['head'] = $element->getAttribute('head');
+		}
-		$look['body'] = $element->getAttribute('body');
+		if ($element->hasAttribute('type')) {
-		$look['legs'] = $element->getAttribute('legs');
+			$look['type'] = (int) $element->getAttribute('type');
-		$look['feet'] = $element->getAttribute('feet');
+		}
-		$look['addons'] = $element->getAttribute('addons');
+		if ($element->hasAttribute('head')) {
-		$look['corpse'] = $element->getAttribute('corpse');
+			$look['head'] = (int) $element->getAttribute('head');
+		}
+		if ($element->hasAttribute('body')) {
+			$look['body'] = (int) $element->getAttribute('body');
+		}
+		if ($element->hasAttribute('legs')) {
+			$look['legs'] = (int) $element->getAttribute('legs');
+		}
+		if ($element->hasAttribute('feet')) {
+			$look['feet'] = (int) $element->getAttribute('feet');
+		}
+		if ($element->hasAttribute('addons')) {
+			$look['addons'] = (int) $element->getAttribute('addons');
+		}
+		if ($element->hasAttribute('corpse')) {
+			$look['corpse'] = (int) $element->getAttribute('corpse');
+		}
 
 		return $look;
 	}

system/libs/pot/OTS_ServerInfo.php

@@ -26,14 +26,19 @@ class OTS_ServerInfo
  *
  * @var string
  */
-    private $server;
+	private string $server;
 
 /**
  * Connection port.
  *
  * @var int
  */
-    private $port;
+	private int $port;
+
+	/**
+	 * Status timeout
+	 */
+	private float $timeout = 2.0;
 
 /**
  * Creates handler for new server.
@@ -41,11 +46,11 @@ class OTS_ServerInfo
  * @param string $server Server IP/domain.
  * @param int $port OTServ port.
  */
-    public function __construct($server, $port)
+	public function __construct($server, $port)
-    {
+	{
-        $this->server = $server;
+		$this->server = $server;
-        $this->port = $port;
+		$this->port = $port;
-    }
+	}
 
 /**
  * Sends packet to server.
@@ -54,46 +59,46 @@ class OTS_ServerInfo
  * @return OTS_Buffer|null Respond buffer (null if server is offline).
  * @throws E_OTS_OutOfBuffer When there is read attemp after end of packet stream.
  */
-    private function send(OTS_Buffer $packet)
+	private function send(OTS_Buffer $packet)
-    {
+	{
-        // connects to server
+		// connects to server
-        $socket = @fsockopen($this->server, $this->port, $error, $message, setting('core.status_timeout'));
+		$socket = @fsockopen($this->server, $this->port, $error, $message, $this->timeout);
 
-        // if connected then checking statistics
+		// if connected then checking statistics
-        if($socket)
+		if($socket)
-        {
+		{
-            // sets 5 second timeout for reading and writing
+			// sets 5 second timeout for reading and writing
-            stream_set_timeout($socket, 5);
+			stream_set_timeout($socket, 5);
 
-            // creates real packet
+			// creates real packet
-            $packet = $packet->getBuffer();
+			$packet = $packet->getBuffer();
-            $packet = pack('v', strlen($packet) ) . $packet;
+			$packet = pack('v', strlen($packet) ) . $packet;
 
-            // sends packet with request
+			// sends packet with request
-            // 06 - length of packet, 255, 255 is the comamnd identifier, 'info' is a request
+			// 06 - length of packet, 255, 255 is the comamnd identifier, 'info' is a request
-            fwrite($socket, $packet);
+			fwrite($socket, $packet);
 
-            // reads respond
+			// reads respond
-            //$data = stream_get_contents($socket);
+			//$data = stream_get_contents($socket);
 			$data = '';
 			while (!feof($socket))
 				$data .= fgets($socket, 1024);
 
-            // closing connection to current server
+			// closing connection to current server
-            fclose($socket);
+			fclose($socket);
 
-            // sometimes server returns empty info
+			// sometimes server returns empty info
-            if( empty($data) )
+			if( empty($data) )
-            {
+			{
-                // returns offline state
+				// returns offline state
-                return false;
+				return false;
-            }
+			}
 
-            return new OTS_Buffer($data);
+			return new OTS_Buffer($data);
-        }
+		}
 
-        return false;
+		return false;
-    }
+	}
 
 /**
  * Queries server status.
@@ -108,30 +113,30 @@ class OTS_ServerInfo
  * @example examples/info.php info.php
  * @tutorial POT/Server_status.pkg
  */
-    public function status()
+	public function status()
-    {
+	{
-        // request packet
+		// request packet
-        $request = new OTS_Buffer();
+		$request = new OTS_Buffer();
-        $request->putChar(255);
+		$request->putChar(255);
-        $request->putChar(255);
+		$request->putChar(255);
-        $request->putString('info', false);
+		$request->putString('info', false);
 
-        $status = $this->send($request);
+		$status = $this->send($request);
 
-        // checks if server is online
+		// checks if server is online
-        if($status)
+		if($status)
-        {
+		{
-            // loads respond XML
+			// loads respond XML
-            $info = new OTS_InfoRespond();
+			$info = new OTS_InfoRespond();
-            if(!$info->loadXML( $status->getBuffer()))
+			if(!$info->loadXML( $status->getBuffer()))
 				return false;
 
-            return $info;
+			return $info;
-        }
+		}
 
-        // offline
+		// offline
-        return false;
+		return false;
-    }
+	}
 
 /**
  * Queries server information.
@@ -146,26 +151,26 @@ class OTS_ServerInfo
  * @example examples/server.php info.php
  * @tutorial POT/Server_status.pkg
  */
-    public function info($flags)
+	public function info($flags)
-    {
+	{
-        // request packet
+		// request packet
-        $request = new OTS_Buffer();
+		$request = new OTS_Buffer();
-        $request->putChar(255);
+		$request->putChar(255);
-        $request->putChar(1);
+		$request->putChar(1);
-        $request->putShort($flags);
+		$request->putShort($flags);
 
-        $status = $this->send($request);
+		$status = $this->send($request);
 
-        // checks if server is online
+		// checks if server is online
-        if($status)
+		if($status)
-        {
+		{
-            // loads respond
+			// loads respond
-            return new OTS_ServerStatus($status);
+			return new OTS_ServerStatus($status);
-        }
+		}
 
-        // offline
+		// offline
-        return false;
+		return false;
-    }
+	}
 
 /**
  * Checks player online status.
@@ -180,27 +185,27 @@ class OTS_ServerInfo
  * @example examples/server.php info.php
  * @tutorial POT/Server_status.pkg
  */
-    public function playerStatus($name)
+	public function playerStatus($name)
-    {
+	{
-        // request packet
+		// request packet
-        $request = new OTS_Buffer();
+		$request = new OTS_Buffer();
-        $request->putChar(255);
+		$request->putChar(255);
-        $request->putChar(1);
+		$request->putChar(1);
-        $request->putShort(OTS_ServerStatus::REQUEST_PLAYER_STATUS_INFO);
+		$request->putShort(OTS_ServerStatus::REQUEST_PLAYER_STATUS_INFO);
-        $request->putString($name);
+		$request->putString($name);
 
-        $status = $this->send($request);
+		$status = $this->send($request);
 
-        // checks if server is online
+		// checks if server is online
-        if($status)
+		if($status)
-        {
+		{
-            $status->getChar();
+			$status->getChar();
-            return (bool) $status->getChar();
+			return (bool) $status->getChar();
-        }
+		}
 
-        // offline
+		// offline
-        return false;
+		return false;
-    }
+	}
 
 /**
  * Magic PHP5 method.
@@ -210,20 +215,24 @@ class OTS_ServerInfo
  * @throws OutOfBoundsException For non-supported properties.
  * @throws E_OTS_OutOfBuffer When there is read attemp after end of packet stream.
  */
-    public function __get($name)
+	public function __get($name)
-    {
+	{
-        switch($name)
+		switch($name)
-        {
+		{
-            case 'status':
+			case 'status':
-                return $this->status();
+				return $this->status();
 
-            case 'info':
+			case 'info':
-                return $this->info(OTS_ServerStatus::REQUEST_BASIC_SERVER_INFO | OTS_ServerStatus::REQUEST_OWNER_SERVER_INFO | OTS_ServerStatus::REQUEST_MISC_SERVER_INFO | OTS_ServerStatus::REQUEST_PLAYERS_INFO | OTS_ServerStatus::REQUEST_MAP_INFO | OTS_ServerStatus::REQUEST_PLAYER_STATUS_INFO);
+				return $this->info(OTS_ServerStatus::REQUEST_BASIC_SERVER_INFO | OTS_ServerStatus::REQUEST_OWNER_SERVER_INFO | OTS_ServerStatus::REQUEST_MISC_SERVER_INFO | OTS_ServerStatus::REQUEST_PLAYERS_INFO | OTS_ServerStatus::REQUEST_MAP_INFO | OTS_ServerStatus::REQUEST_PLAYER_STATUS_INFO);
 
-            default:
+			default:
-                throw new OutOfBoundsException();
+				throw new OutOfBoundsException();
-        }
+		}
-    }
+	}
+
+	public function setTimeout($timeout) {
+		$this->timeout = $timeout;
+	}
 }
 
 /**#@-*/

system/libs/pot/OTS_ServerStatus.php

@@ -40,175 +40,175 @@ class OTS_ServerStatus
 /**
  * Basic server info.
  */
-    const REQUEST_BASIC_SERVER_INFO = 1;
+	const REQUEST_BASIC_SERVER_INFO = 1;
 /**
  * Server owner info.
  */
-    const REQUEST_OWNER_SERVER_INFO = 2;
+	const REQUEST_OWNER_SERVER_INFO = 2;
 /**
  * Server extra info.
  */
-    const REQUEST_MISC_SERVER_INFO = 4;
+	const REQUEST_MISC_SERVER_INFO = 4;
 /**
  * Players stats info.
  */
-    const REQUEST_PLAYERS_INFO = 8;
+	const REQUEST_PLAYERS_INFO = 8;
 /**
  * Map info.
  */
-    const REQUEST_MAP_INFO = 16;
+	const REQUEST_MAP_INFO = 16;
 /**
  * Extended players info.
  */
-    const REQUEST_EXT_PLAYERS_INFO = 32;
+	const REQUEST_EXT_PLAYERS_INFO = 32;
 /**
  * Player status info.
  */
-    const REQUEST_PLAYER_STATUS_INFO = 64;
+	const REQUEST_PLAYER_STATUS_INFO = 64;
 /**
  * Server software info.
  */
-    const REQUEST_SERVER_SOFTWARE_INFO = 128;
+	const REQUEST_SERVER_SOFTWARE_INFO = 128;
 /**
  * Basic server respond.
  */
-    const RESPOND_BASIC_SERVER_INFO = 0x10;
+	const RESPOND_BASIC_SERVER_INFO = 0x10;
 /**
  * Server owner respond.
  */
-    const RESPOND_OWNER_SERVER_INFO = 0x11;
+	const RESPOND_OWNER_SERVER_INFO = 0x11;
 /**
  * Server extra respond.
  */
-    const RESPOND_MISC_SERVER_INFO = 0x12;
+	const RESPOND_MISC_SERVER_INFO = 0x12;
 /**
  * Players stats respond.
  */
-    const RESPOND_PLAYERS_INFO = 0x20;
+	const RESPOND_PLAYERS_INFO = 0x20;
 /**
  * Map respond.
  */
-    const RESPOND_MAP_INFO = 0x30;
+	const RESPOND_MAP_INFO = 0x30;
 /**
  * Extended players info.
  */
-    const RESPOND_EXT_PLAYERS_INFO = 0x21;
+	const RESPOND_EXT_PLAYERS_INFO = 0x21;
 /**
  * Player status info.
  */
-    const RESPOND_PLAYER_STATUS_INFO = 0x22;
+	const RESPOND_PLAYER_STATUS_INFO = 0x22;
 /**
  * Server software info.
  */
-    const RESPOND_SERVER_SOFTWARE_INFO = 0x23;
+	const RESPOND_SERVER_SOFTWARE_INFO = 0x23;
 /**
  * Server name.
  *
  * @var string
  */
-    private $name;
+	private $name;
 /**
  * Server IP.
  *
  * @var string
  */
-    private $ip;
+	private $ip;
 /**
  * Server port.
  *
  * @var string
  */
-    private $port;
+	private $port;
 /**
  * Owner name.
  *
  * @var string
  */
-    private $owner;
+	private $owner;
 /**
  * Owner's e-mail.
  *
  * @var string
  */
-    private $eMail;
+	private $eMail;
 /**
  * Message of the day.
  *
  * @var string
  */
-    private $motd;
+	private $motd;
 /**
  * Server location.
  *
  * @var string
  */
-    private $location;
+	private $location;
 /**
  * Website URL.
  *
  * @var string
  */
-    private $url;
+	private $url;
 /**
  * Uptime.
  *
  * @var int
  */
-    private $uptime;
+	private $uptime;
 /**
  * Status version.
  *
  * @var string
  */
-    private $version;
+	private $version;
 /**
  * Players online.
  *
  * @var int
  */
-    private $online;
+	private $online;
 /**
  * Maximum players.
  *
  * @var int
  */
-    private $max;
+	private $max;
 /**
  * Players peak.
  *
  * @var int
  */
-    private $peak;
+	private $peak;
 /**
  * Map name.
  *
  * @var string
  */
-    private $map;
+	private $map;
 /**
  * Map author.
  *
  * @var string
  */
-    private $author;
+	private $author;
 /**
  * Map width.
  *
  * @var int
  */
-    private $width;
+	private $width;
 /**
  * Map height.
  *
  * @var int
  */
-    private $height;
+	private $height;
 /**
  * Players online list.
  *
  * @var array
  */
-    private $players = array();
+	private $players = array();
 
 /**
  * Server software.
@@ -224,277 +224,277 @@ class OTS_ServerStatus
  *
  * @param OTS_Buffer $info Information packet.
  */
-    public function __construct(OTS_Buffer $info)
+	public function __construct(OTS_Buffer $info)
-    {
+	{
-        // skips packet length
+		// skips packet length
-        $info->getShort();
+		$info->getShort();
 
-        while( $info->isValid() )
+		while( $info->isValid() )
-        {
+		{
-            switch( $info->getChar() )
+			switch( $info->getChar() )
-            {
+			{
-                case self::RESPOND_BASIC_SERVER_INFO:
+				case self::RESPOND_BASIC_SERVER_INFO:
-                    $this->name = $info->getString();
+					$this->name = $info->getString();
-                    $this->ip = $info->getString();
+					$this->ip = $info->getString();
-                    $this->port = (int) $info->getString();
+					$this->port = (int) $info->getString();
-                    break;
+					break;
 
-                case self::RESPOND_OWNER_SERVER_INFO:
+				case self::RESPOND_OWNER_SERVER_INFO:
-                    $this->owner = $info->getString();
+					$this->owner = $info->getString();
-                    $this->eMail = $info->getString();
+					$this->eMail = $info->getString();
-                    break;
+					break;
 
-                case self::RESPOND_MISC_SERVER_INFO:
+				case self::RESPOND_MISC_SERVER_INFO:
-                    $this->motd = $info->getString();
+					$this->motd = $info->getString();
-                    $this->location = $info->getString();
+					$this->location = $info->getString();
-                    $this->url = $info->getString();
+					$this->url = $info->getString();
 
-                    $uptime = $info->getLong() << 32;
+					$uptime = $info->getLong() << 32;
 
-                    $this->uptime += $info->getLong() + $uptime;
+					$this->uptime += $info->getLong() + $uptime;
-                    $this->version = $info->getString();
+					$this->version = $info->getString();
-                    break;
+					break;
 
-                case self::RESPOND_PLAYERS_INFO:
+				case self::RESPOND_PLAYERS_INFO:
-                    $this->online = $info->getLong();
+					$this->online = $info->getLong();
-                    $this->max = $info->getLong();
+					$this->max = $info->getLong();
-                    $this->peak = $info->getLong();
+					$this->peak = $info->getLong();
-                    break;
+					break;
 
-                case self::RESPOND_MAP_INFO:
+				case self::RESPOND_MAP_INFO:
-                    $this->map = $info->getString();
+					$this->map = $info->getString();
-                    $this->author = $info->getString();
+					$this->author = $info->getString();
-                    $this->width = $info->getShort();
+					$this->width = $info->getShort();
-                    $this->height = $info->getShort();
+					$this->height = $info->getShort();
-                    break;
+					break;
 
-                case self::RESPOND_EXT_PLAYERS_INFO:
+				case self::RESPOND_EXT_PLAYERS_INFO:
-                    $count = $info->getLong();
+					$count = $info->getLong();
 
-                    for($i = 0; $i < $count; $i++)
+					for($i = 0; $i < $count; $i++)
-                    {
+					{
-                        $name = $info->getString();
+						$name = $info->getString();
-                        $this->players[$name] = $info->getLong();
+						$this->players[$name] = $info->getLong();
-                    }
+					}
-                    break;
+					break;
 
 				case self::RESPOND_SERVER_SOFTWARE_INFO:
 					$this->softwareName = $info->getString();
 					$this->softwareVersion = $info->getString();
 					$this->softwareProtocol = $info->getString();
 					break;
-            }
+			}
-        }
+		}
-    }
+	}
 
 /**
  * Returns server uptime.
  *
  * @return int Uptime.
  */
-    public function getUptime()
+	public function getUptime()
-    {
+	{
-        return $this->uptime;
+		return $this->uptime;
-    }
+	}
 
 /**
  * Returns server IP.
  *
  * @return string IP.
  */
-    public function getIP()
+	public function getIP()
-    {
+	{
-        return $this->ip;
+		return $this->ip;
-    }
+	}
 
 /**
  * Returns server name.
  *
  * @return string Name.
  */
-    public function getName()
+	public function getName()
-    {
+	{
-        return $this->name;
+		return $this->name;
-    }
+	}
 
 /**
  * Returns server port.
  *
  * @return int Port.
  */
-    public function getPort()
+	public function getPort()
-    {
+	{
-        return $this->port;
+		return $this->port;
-    }
+	}
 
 /**
  * Returns server location.
  *
  * @return string Location.
  */
-    public function getLocation()
+	public function getLocation()
-    {
+	{
-        return $this->location;
+		return $this->location;
-    }
+	}
 
 /**
  * Returns server website.
  *
  * @return string Website URL.
  */
-    public function getURL()
+	public function getURL()
-    {
+	{
-        return $this->url;
+		return $this->url;
-    }
+	}
 
 /**
  * Returns server version.
  *
  * @return string Version.
  */
-    public function getServerVersion()
+	public function getServerVersion()
-    {
+	{
-        return $this->version;
+		return $this->version;
-    }
+	}
 
 /**
  * Returns owner name.
  *
  * @return string Owner name.
  */
-    public function getOwner()
+	public function getOwner()
-    {
+	{
-        return $this->owner;
+		return $this->owner;
-    }
+	}
 
 /**
  * Returns owner e-mail.
  *
  * @return string Owner e-mail.
  */
-    public function getEMail()
+	public function getEMail()
-    {
+	{
-        return $this->eMail;
+		return $this->eMail;
-    }
+	}
 
 /**
  * Returns current amount of players online.
  *
  * @return int Count of players.
  */
-    public function getOnlinePlayers()
+	public function getOnlinePlayers()
-    {
+	{
-        return $this->online;
+		return $this->online;
-    }
+	}
 
 /**
  * Returns maximum amount of players online.
  *
  * @return int Maximum allowed count of players.
  */
-    public function getMaxPlayers()
+	public function getMaxPlayers()
-    {
+	{
-        return $this->max;
+		return $this->max;
-    }
+	}
 
 /**
  * Returns record of online players.
  *
  * @return int Players online record.
  */
-    public function getPlayersPeak()
+	public function getPlayersPeak()
-    {
+	{
-        return $this->peak;
+		return $this->peak;
-    }
+	}
 
 /**
  * Returns map name.
  *
  * @return string Map name.
  */
-    public function getMapName()
+	public function getMapName()
-    {
+	{
-        return $this->map;
+		return $this->map;
-    }
+	}
 
 /**
  * Returns map author.
  *
  * @return string Mapper name.
  */
-    public function getMapAuthor()
+	public function getMapAuthor()
-    {
+	{
-        return $this->author;
+		return $this->author;
-    }
+	}
 
 /**
  * Returns map width.
  *
  * @return int Map width.
  */
-    public function getMapWidth()
+	public function getMapWidth()
-    {
+	{
-        return $this->width;
+		return $this->width;
-    }
+	}
 
 /**
  * Returns map height.
  *
  * @return int Map height.
  */
-    public function getMapHeight()
+	public function getMapHeight()
-    {
+	{
-        return $this->height;
+		return $this->height;
-    }
+	}
 
 /**
  * Returns server's Message Of The Day
  *
  * @return string Server MOTD.
  */
-    public function getMOTD()
+	public function getMOTD()
-    {
+	{
-        return $this->motd;
+		return $this->motd;
-    }
+	}
 
 /**
  * Returns list of players currently online.
  *
  * @return array List of players in format 'name' => level.
  */
-    public function getPlayers()
+	public function getPlayers()
-    {
+	{
-    }
+	}
 
 /**
  * Returns software name.
  *
  * @return string Software name.
  */
-    public function getSoftwareName()
+	public function getSoftwareName()
-    {
+	{
-        return $this->softwareName;
+		return $this->softwareName;
-    }
+	}
 
 /**
  * Returns software version.
  *
  * @return string Software version.
  */
-    public function getSoftwareVersion()
+	public function getSoftwareVersion()
-    {
+	{
-        return $this->softwareVersion;
+		return $this->softwareVersion;
-    }
+	}
 
 /**
  * Returns software protocol.
  *
  * @return string Software protocol.
  */
-    public function getSoftwareProtocol()
+	public function getSoftwareProtocol()
-    {
+	{
-        return $this->softwareProtocol;
+		return $this->softwareProtocol;
-    }
+	}
 
 /**
  * Magic PHP5 method.
@@ -503,68 +503,68 @@ class OTS_ServerStatus
  * @return mixed Property value.
  * @throws OutOfBoundsException For non-supported properties.
  */
-    public function __get($name)
+	public function __get($name)
-    {
+	{
-        switch($name)
+		switch($name)
-        {
+		{
-            case 'uptime':
+			case 'uptime':
-                return $this->getUptime();
+				return $this->getUptime();
 
-            case 'ip':
+			case 'ip':
-                return $this->getIP();
+				return $this->getIP();
 
-            case 'name':
+			case 'name':
-                return $this->getName();
+				return $this->getName();
 
-            case 'port':
+			case 'port':
-                return $this->getPort();
+				return $this->getPort();
 
-            case 'location':
+			case 'location':
-                return $this->getLocation();
+				return $this->getLocation();
 
-            case 'url':
+			case 'url':
-                return $this->getURL();
+				return $this->getURL();
 
-            case 'serverVersion':
+			case 'serverVersion':
-                return $this->getServerVersion();
+				return $this->getServerVersion();
 
-            case 'owner':
+			case 'owner':
-                return $this->getOwner();
+				return $this->getOwner();
 
-            case 'eMail':
+			case 'eMail':
-                return $this->getEMail();
+				return $this->getEMail();
 
-            case 'onlinePlayers':
+			case 'onlinePlayers':
-                return $this->getOnlinePlayers();
+				return $this->getOnlinePlayers();
 
-            case 'maxPlayers':
+			case 'maxPlayers':
-                return $this->getMaxPlayers();
+				return $this->getMaxPlayers();
 
-            case 'playersPeak':
+			case 'playersPeak':
-                return $this->getPlayersPeak();
+				return $this->getPlayersPeak();
 
-            case 'mapName':
+			case 'mapName':
-                return $this->getMapName();
+				return $this->getMapName();
 
-            case 'mapAuthor':
+			case 'mapAuthor':
-                return $this->getMapAuthor();
+				return $this->getMapAuthor();
 
-            case 'mapWidth':
+			case 'mapWidth':
-                return $this->getMapWidth();
+				return $this->getMapWidth();
 
-            case 'mapHeight':
+			case 'mapHeight':
-                return $this->getMapHeight();
+				return $this->getMapHeight();
 
-            case 'motd':
+			case 'motd':
-                return $this->getMOTD();
+				return $this->getMOTD();
 
-            case 'players':
+			case 'players':
-                return $this->getPlayers();
+				return $this->getPlayers();
 
-            default:
+			default:
-                throw new OutOfBoundsException();
+				throw new OutOfBoundsException();
-        }
+		}
-    }
+	}
 }
 
 /**#@-*/

system/libs/pot/OTS_Toolbox.php

@@ -15,7 +15,7 @@
 
 /**
  * Toolbox for common operations.
- * 
+ *
  * @package POT
  * @version 0.1.5
  */
@@ -23,41 +23,41 @@ class OTS_Toolbox
 {
 /**
  * Calculates experience points needed for given level.
- * 
+ *
  * @param int $level Level for which experience should be calculated.
  * @param int $experience Current experience points.
  * @return int Experience points for level.
  */
 	public static function experienceForLevel($level, $experience = 0)
-    {
+	{
-        //return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
+		//return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
 		$level = $level - 1;
 		return ((50 * $level * $level * $level) - (150 * $level * $level) + (400 * $level)) / 3;
-    }
+	}
 
 /**
  * Finds out which level user have basing on his/her experience.
- * 
+ *
  * <p>
  * PHP doesn't support complex numbers natively so solving third-level polynomials would be quite hard. Rather then doing this, this method iterates calculating experience for next levels until it finds one which requires enought experience we have. Because of that, for high experience values this function can take relatively long time to be executed.
  * </p>
- * 
+ *
  * @param int $experience Current experience points.
  * @return int Experience level.
  */
-    public static function levelForExperience($experience)
+	public static function levelForExperience($experience)
-    {
+	{
-        // default level
+		// default level
-        $level = 1;
+		$level = 1;
 
-        // until we will find level which requires more experience then we have we will step to next
+		// until we will find level which requires more experience then we have we will step to next
-        while( self::experienceForLevel($level + 1) <= $experience)
+		while( self::experienceForLevel($level + 1) <= $experience)
-        {
+		{
-            $level++;
+			$level++;
-        }
+		}
 
-        return $level;
+		return $level;
-    }
+	}
 
 /**
  * @version 0.1.5
@@ -65,25 +65,25 @@ class OTS_Toolbox
  * @return OTS_Players_List Filtered list.
  * @deprecated 0.1.5 Use OTS_PlayerBans_List.
  */
-    public static function bannedPlayers()
+	public static function bannedPlayers()
-    {
+	{
-        // creates filter
+		// creates filter
-        $filter = new OTS_SQLFilter();
+		$filter = new OTS_SQLFilter();
-        $filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_PLAYER);
+		$filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_PLAYER);
-        $filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
+		$filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
-        $filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'players') );
+		$filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'players') );
 
-        // selects only active bans
+		// selects only active bans
-        $actives = new OTS_SQLFilter();
+		$actives = new OTS_SQLFilter();
-        $actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
+		$actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
-        $actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
+		$actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
-        $filter->addFilter($actives);
+		$filter->addFilter($actives);
 
-        // creates list and aplies filter
+		// creates list and aplies filter
-        $list = new OTS_Players_List();
+		$list = new OTS_Players_List();
-        $list->setFilter($filter);
+		$list->setFilter($filter);
-        return $list;
+		return $list;
-    }
+	}
 
 /**
  * @version 0.1.5
@@ -91,25 +91,34 @@ class OTS_Toolbox
  * @return OTS_Accounts_List Filtered list.
  * @deprecated 0.1.5 Use OTS_AccountBans_List.
  */
-    public static function bannedAccounts()
+	public static function bannedAccounts()
-    {
+	{
-        // creates filter
+		// creates filter
-        $filter = new OTS_SQLFilter();
+		$filter = new OTS_SQLFilter();
-        $filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_ACCOUNT);
+		$filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_ACCOUNT);
-        $filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
+		$filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
-        $filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'accounts') );
+		$filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'accounts') );
 
-        // selects only active bans
+		// selects only active bans
-        $actives = new OTS_SQLFilter();
+		$actives = new OTS_SQLFilter();
-        $actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
+		$actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
-        $actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
+		$actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
-        $filter->addFilter($actives);
+		$filter->addFilter($actives);
 
-        // creates list and aplies filter
+		// creates list and aplies filter
-        $list = new OTS_Accounts_List();
+		$list = new OTS_Accounts_List();
-        $list->setFilter($filter);
+		$list->setFilter($filter);
-        return $list;
+		return $list;
-    }
+	}
+
+	public static function getVocationName($id, $promotion = 0): string
+	{
+		if($promotion > 0) {
+			$id = ($id + ($promotion * config('vocations_amount')));
+		}
+
+		return config('vocations')[$id] ?? 'Unknown';
+	}
 }
 
 /**#@-*/

system/locale/de/install.php

@@ -48,6 +48,8 @@ $locale['step_config'] = 'Konfiguration';
 $locale['step_config_title'] = 'Grundkonfiguration';
 $locale['step_config_server_path'] = 'Serverpfad';
 $locale['step_config_server_path_desc'] = 'Pfad zu Ihrem TFS-Hauptverzeichnis, in dem sich die config.lua befinden.';
+$locale['step_config_site_url'] = 'Website URL';
+$locale['step_config_site_url_desc'] = 'Ihre Website-Adresse.';
 $locale['step_config_mail_admin'] = 'Admin E-Mail';
 $locale['step_config_mail_admin_desc'] = 'Adresse, an die E-Mails aus dem Kontaktformular gesendet werden, z. B. admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'Admin E-Mail ist nicht korrekt.';

system/locale/en/install.php

@@ -52,6 +52,8 @@ $locale['step_config'] = 'Configuration';
 $locale['step_config_title'] = 'Basic configuration';
 $locale['step_config_server_path'] = 'Server path';
 $locale['step_config_server_path_desc'] = 'Path to your TFS main directory, where you have config.lua located.';
+$locale['step_config_site_url'] = 'Website URL';
+$locale['step_config_site_url_desc'] = 'Your website address.';
 $locale['step_config_mail_admin'] = 'Admin Email';
 $locale['step_config_mail_admin_desc'] = 'Address where emails from contact form will be delivered, for example admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'Admin Email is not correct.';

system/locale/pl/install.php

@@ -52,6 +52,8 @@ $locale['step_config'] = 'Konfiguracja';
 $locale['step_config_title'] = 'Podstawowa konfiguracja';
 $locale['step_config_server_path'] = 'Ścieżka do serwera';
 $locale['step_config_server_path_desc'] = 'Ścieżka do Twojego folderu z TFS, gdzie znajduje się plik config.lua.';
+$locale['step_config_server_url'] = 'Adres strony';
+$locale['step_config_server_url_desc'] = 'Adres tej strony www.';
 $locale['step_config_mail_admin'] = 'E-Mail admina';
 $locale['step_config_mail_admin_desc'] = 'Na ten adres będą dostarczane E-Maile z formularza kontaktowego, przykładowo admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'E-Mail admina jest niepoprawny.';

system/login.php

@@ -14,12 +14,12 @@ $account_logged = new OTS_Account();
 
 // stay-logged with sessions
 $current_session = getSession('account');
-if($current_session !== false)
+if($current_session)
 {
 	$account_logged->load($current_session);
 	if($account_logged->isLoaded() && $account_logged->getPassword() == getSession('password')
 		//&& (!isset($_SESSION['admin']) || admin())
-		&& (getSession('remember_me') !== false || getSession('last_visit') > time() - 15 * 60)) {  // login for 15 minutes if "remember me" is not used
+		&& (getSession('remember_me') || getSession('last_visit') > time() - 15 * 60)) {  // login for 15 minutes if "remember me" is not used
 			$logged = true;
 	}
 	else {

system/migrations/17.php

@@ -10,8 +10,13 @@ $up = function () use ($db) {
 		$db->exec(file_get_contents(__DIR__ . '/17-menu.sql'));
 	}
 
-	Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php');
+	$themes = ['kathrine', 'tibiacom',];
-	Plugins::installMenus('tibiacom', require TEMPLATES . 'tibiacom/menus.php');
+	foreach ($themes as $theme) {
+		$file = TEMPLATES . $theme . '/menus.php';
+		if (is_file($file)) {
+			Plugins::installMenus($theme, require $file);
+		}
+	}
 };
 
 $down = function () use ($db) {

system/migrations/43.php

@@ -0,0 +1,20 @@
+<?php
+/**
+ * @var OTS_DB_MySQL $db
+ */
+
+// 2025-01-22
+// change columns to VARCHAR
+$up = function () use ($db) {
+	$db->query("UPDATE guilds set description = '' WHERE description is NULL;"); // prevent truncate error when column is NULL
+	$db->modifyColumn('guilds', 'description', "VARCHAR(5000) NOT NULL DEFAULT ''");
+
+	$db->query("UPDATE players set comment = '' WHERE comment is NULL;");
+	$db->modifyColumn('players', 'comment', "VARCHAR(5000) NOT NULL DEFAULT ''");
+};
+
+$down = function () use ($db) {
+	$db->modifyColumn('guilds', 'description', "TEXT NOT NULL");
+	$db->modifyColumn('players', 'comment', "TEXT NOT NULL");
+};
+

system/migrations/44.php

@@ -0,0 +1,20 @@
+<?php
+
+// 2025-05-14
+// update pages links
+// server-info conflicts with apache2 mod
+// Changelog conflicts with changelog files
+
+use MyAAC\Models\Menu;
+use MyAAC\Models\Pages;
+
+$up = function() {
+	Menu::where('link', 'server-info')->update(['link' => 'ots-info']);
+	Menu::where('link', 'changelog')->update(['link' => 'change-log']);
+};
+
+$down = function() {
+	Menu::where('link', 'ots-info')->update(['link' => 'server-info']);
+	Menu::where('link', 'change-log')->update(['link' => 'changelog']);
+};
+

system/migrations/45.php

@@ -0,0 +1,32 @@
+<?php
+
+// 2025-05-14
+// update pages links
+// server-info conflicts with apache2 mod
+// Changelog conflicts with changelog files
+
+use MyAAC\Models\Pages;
+
+$up = function() {
+	Pages::where('name', 'rules_on_the_page')->update(['hide' => 1]);
+
+	$rules = Pages::where('name', 'rules')->first();
+	if (!$rules) {
+		Pages::create([
+			'name' => 'rules',
+			'title' => 'Server Rules',
+			'body' => '<b>{{ config.lua.serverName }} Rules</b><br/>' . nl2br(file_get_contents(__DIR__ . '/30-rules.txt')),
+			'date' => time(),
+			'player_id' => 1,
+			'php' => 0,
+			'enable_tinymce' => 1,
+			'access' => 0,
+			'hide' => 0,
+		]);
+	}
+};
+
+$down = function() {
+	Pages::where('name', 'rules_on_the_page')->update(['hide' => 0]);
+};
+

system/pages/account/change-email.php

@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 
+csrfProtect();
+
 $email_new_time = $account_logged->getCustomField("email_new_time");
 
 if($email_new_time > 10) {
@@ -164,7 +166,7 @@ if(isset($_POST['emailchangecancel']) && $_POST['emailchangecancel'] == 1) {
 	$account_logged->setCustomField("email_new", "");
 	$account_logged->setCustomField("email_new_time", 0);
 
-	$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" ><tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';
+	$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" >' . csrf(true) . '<tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';
 
 	$twig->display('success.html.twig', array(
 		'title' => 'Email Address Change Cancelled',

system/pages/account/change-info.php

@@ -20,6 +20,8 @@ if(!$logged) {
 	return;
 }
 
+csrfProtect();
+
 if(setting('core.account_country'))
 	require SYSTEM . 'countries.conf.php';
 

system/pages/account/change-password.php

@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 
+csrfProtect();
+
 $new_password = $_POST['newpassword'] ?? NULL;
 $new_password_confirm = $_POST['newpassword_confirm'] ?? NULL;
 $old_password = $_POST['oldpassword'] ?? NULL;

system/pages/account/characters/change-comment.php

@@ -20,6 +20,8 @@ if(!$logged) {
 	return;
 }
 
+csrfProtect();
+
 $player = null;
 $player_name = isset($_REQUEST['name']) ? stripslashes(urldecode($_REQUEST['name'])) : null;
 $new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;

system/pages/account/characters/change-name.php

@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 
+csrfProtect();
+
 $player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
 $name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : NULL;
 if((!setting('core.account_change_character_name')))

system/pages/account/characters/change-sex.php

@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 
+csrfProtect();
+
 $sex_changed = false;
 $player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
 $new_sex = isset($_POST['new_sex']) ? (int)$_POST['new_sex'] : NULL;

system/pages/account/characters/create.php

@@ -20,6 +20,8 @@ if(!$logged) {
 	return;
 }
 
+csrfProtect();
+
 $character_name = isset($_POST['name']) ? stripslashes($_POST['name']) : null;
 $character_sex = isset($_POST['sex']) ? (int)$_POST['sex'] : null;
 $character_vocation = isset($_POST['vocation']) ? (int)$_POST['vocation'] : null;

system/pages/account/characters/delete.php

@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 
+csrfProtect();
+
 $player_name = isset($_POST['delete_name']) ? stripslashes($_POST['delete_name']) : null;
 $password_verify = isset($_POST['delete_password']) ? $_POST['delete_password'] : null;
 $password_verify = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $password_verify);

system/pages/account/create.php

@@ -23,6 +23,8 @@ if($logged)
 	return;
 }
 
+csrfProtect();
+
 if(setting('core.account_create_character_create')) {
 	$createCharacter = new CreateCharacter();
 }
@@ -219,8 +221,14 @@ if($save)
 			}
 		}
 
-		if(setting('core.account_premium_points') && setting('core.account_premium_points') > 0) {
+		$accountDefaultPremiumPoints = setting('core.account_premium_points');
-			$new_account->setCustomField('premium_points', setting('core.account_premium_points'));
+		if($accountDefaultPremiumPoints > 0) {
+			$new_account->setCustomField('premium_points', $accountDefaultPremiumPoints);
+		}
+
+		$accountDefaultCoins = setting('core.account_coins');
+		if($db->hasColumn('accounts', 'coins') && $accountDefaultCoins > 0) {
+			$new_account->setCustomField('coins', $accountDefaultCoins);
 		}
 
 		$tmp_account = $email;

system/pages/account/login.php

@@ -18,6 +18,8 @@ if($logged || !isset($_POST['account_login']) || !isset($_POST['password_login']
 	return;
 }
 
+csrfProtect();
+
 $login_account = $_POST['account_login'];
 $login_password = $_POST['password_login'];
 $remember_me = isset($_POST['remember_me']);
@@ -95,3 +97,8 @@ else {
 }
 
 $hooks->trigger(HOOK_ACCOUNT_LOGIN_POST);
+
+if($logged) {
+	$twig->addGlobal('logged', true);
+	$twig->addGlobal('account_logged', $account_logged);
+}

system/pages/account/manage.php

@@ -34,6 +34,8 @@ if(isset($_REQUEST['redirect']))
 	return;
 }
 
+csrfProtect();
+
 $groups = new OTS_Groups_List();
 
 $freePremium = isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium']) || $account_logged->getPremDays() == OTS_Account::GRATIS_PREMIUM_DAYS;

system/pages/account/redirect.php

@@ -1,23 +0,0 @@
-<?php
-/**
- * Change comment
- *
- * @package   MyAAC
- * @author    Gesior <jerzyskalski@wp.pl>
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-
-$redirect = urldecode($_REQUEST['redirect']);
-
-// should never happen, unless hacker modify the URL
-if (!str_contains($redirect, BASE_URL)) {
-	error('Fatal error: Cannot redirect outside the website.');
-	return;
-}
-
-$twig->display('account.redirect.html.twig', array(
-	'redirect' => $redirect
-));

system/pages/account/register-new.php

@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 
+csrfProtect();
+
 if(isset($_POST['reg_password']))
 	$reg_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
 

system/pages/account/register.php

@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 
+csrfProtect();
+
 $_POST['reg_password'] = $_POST['reg_password'] ?? '';
 $reg_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
 $old_key = $account_logged->getCustomField("key");

system/pages/change-log.php

@@ -0,0 +1,46 @@
+<?php
+/**
+ * Changelog
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+$title = 'Changelog';
+
+use MyAAC\Models\Changelog;
+
+$_page = isset($_GET['page']) ? (int)$_GET['page'] : 0;
+$limit = 30;
+$offset = $_page * $limit;
+$next_page = false;
+
+$canEdit = hasFlag(FLAG_CONTENT_NEWS) || superAdmin();
+
+$changelogs = Changelog::isPublic()->orderByDesc('date')->limit($limit + 1)->offset($offset)->get()->toArray();
+
+$i = 0;
+foreach($changelogs as $key => &$log)
+{
+	if($i < $limit) {
+		$log['type'] = getChangelogType($log['type']);
+		$log['where'] = getChangelogWhere($log['where']);
+	}
+	else {
+		unset($changelogs[$key]);
+	}
+
+	if ($i >= $limit)
+		$next_page = true;
+
+	$i++;
+}
+
+$twig->display('changelog.html.twig', array(
+	'changelogs' => $changelogs,
+	'page' => $_page,
+	'next_page' => $next_page,
+	'canEdit' => $canEdit,
+));

system/pages/changelog.php

@@ -1,46 +1,3 @@
 <?php
-/**
- * Changelog
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
- * @link      https://my-aac.org
- */
-defined('MYAAC') or die('Direct access not allowed!');
-$title = 'Changelog';
 
-use MyAAC\Models\Changelog;
+require 'change-log.php';
-
-$_page = isset($_GET['page']) ? (int)$_GET['page'] : 0;
-$limit = 30;
-$offset = $_page * $limit;
-$next_page = false;
-
-$canEdit = hasFlag(FLAG_CONTENT_NEWS) || superAdmin();
-
-$changelogs = Changelog::isPublic()->orderByDesc('date')->limit($limit + 1)->offset($offset)->get()->toArray();
-
-$i = 0;
-foreach($changelogs as $key => &$log)
-{
-	if($i < $limit) {
-		$log['type'] = getChangelogType($log['type']);
-		$log['where'] = getChangelogWhere($log['where']);
-	}
-	else {
-		unset($changelogs[$key]);
-	}
-
-	if ($i >= $limit)
-		$next_page = true;
-
-	$i++;
-}
-
-$twig->display('changelog.html.twig', array(
-	'changelogs' => $changelogs,
-	'page' => $_page,
-	'next_page' => $next_page,
-	'canEdit' => $canEdit,
-));

system/pages/forum/admin.php

@@ -17,6 +17,8 @@ if(!$canEdit) {
 	return;
 }
 
+csrfProtect();
+
 $groupsList = new OTS_Groups_List();
 $groups = [
 	['id' => 0, 'name' => 'Guest'],
@@ -30,23 +32,24 @@ foreach ($groupsList as $group) {
 }
 
 if(!empty($action)) {
-	if($action == 'delete_board' || $action == 'edit_board' || $action == 'hide_board' || $action == 'moveup_board' || $action == 'movedown_board')
+	if($action == 'delete_board' || $action == 'edit_board' || $action == 'hide_board' || $action == 'moveup_board' || $action == 'movedown_board') {
 		$id = $_REQUEST['id'];
-
-	if(isset($_REQUEST['access'])) {
-		$access = $_REQUEST['access'];
 	}
 
-	if(isset($_REQUEST['guild'])) {
+	if(isset($_POST['access'])) {
-		$guild = $_REQUEST['guild'];
+		$access = $_POST['access'];
 	}
 
-	if(isset($_REQUEST['name'])) {
+	if(isset($_POST['guild'])) {
-		$name = $_REQUEST['name'];
+		$guild = $_POST['guild'];
 	}
 
-	if(isset($_REQUEST['description'])) {
+	if(isset($_POST['name'])) {
-		$description = stripslashes($_REQUEST['description']);
+		$name = $_POST['name'];
+	}
+
+	if(isset($_POST['description'])) {
+		$description = stripslashes($_POST['description']);
 	}
 
 	$errors = [];
@@ -55,12 +58,13 @@ if(!empty($action)) {
 		if(Forum::add_board($name, $description, $access, $guild, $errors)) {
 			$action = $name = $description = '';
 			header('Location: ' . getLink('forum'));
+			exit;
 		}
 	}
 	else if($action == 'delete_board') {
 		Forum::delete_board($id, $errors);
 		header('Location: ' . getLink('forum'));
-		$action = '';
+		exit;
 	}
 	else if($action == 'edit_board')
 	{
@@ -74,28 +78,27 @@ if(!empty($action)) {
 		else {
 			Forum::update_board($id, $name, $access, $guild, $description);
 			header('Location: ' . getLink('forum'));
-			$action = $name = $description = '';
+			exit;
-			$access = $guild = 0;
 		}
 	}
 	else if($action == 'hide_board') {
 		Forum::toggleHide_board($id, $errors);
 		header('Location: ' . getLink('forum'));
-		$action = '';
+		exit;
 	}
 	else if($action == 'moveup_board') {
 		Forum::move_board($id, -1, $errors);
 		header('Location: ' . getLink('forum'));
-		$action = '';
+		exit;
 	}
 	else if($action == 'movedown_board') {
 		Forum::move_board($id, 1, $errors);
 		header('Location: ' . getLink('forum'));
-		$action = '';
+		exit;
 	}
 
 	if(!empty($errors)) {
-		$twig->display('error_box.html.twig', array('errors' => $errors));
+		$twig->display('error_box.html.twig', ['errors' => $errors]);
 		$action = '';
 	}
 }

system/pages/forum/edit_post.php

@@ -23,8 +23,9 @@ if(!$logged) {
 	return;
 }
 
-if(Forum::canPost($account_logged))
+csrfProtect();
-{
+
+if(Forum::canPost($account_logged)) {
 	$post_id = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : false;
 	if(!$post_id) {
 		$errors[] = 'Please enter post id.';
@@ -41,12 +42,12 @@ if(Forum::canPost($account_logged))
 			$char_id = $post_topic = $text = $smile = $html = null;
 			$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
 			$saved = false;
-			if(isset($_REQUEST['save'])) {
+			if(isset($_POST['save'])) {
-				$text = stripslashes(trim($_REQUEST['text']));
+				$text = stripslashes(trim($_POST['text']));
-				$char_id = (int) $_REQUEST['char_id'];
+				$char_id = (int) $_POST['char_id'];
-				$post_topic = stripslashes(trim($_REQUEST['topic']));
+				$post_topic = stripslashes(trim($_POST['topic']));
-				$smile = isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0;
+				$smile = isset($_POST['smile']) ? (int)$_POST['smile'] : 0;
-				$html = isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0;
+				$html = isset($_POST['html']) ? (int)$_POST['html'] : 0;
 
 				if (!superAdmin()) {
 					$html = 0;

system/pages/forum/move_thread.php

@@ -23,15 +23,17 @@ if(!$logged) {
 	return;
 }
 
+csrfProtect();
+
 if(!Forum::isModerator()) {
 	echo 'You are not logged in or you are not moderator.';
 	return;
 }
 
-$save = isset($_REQUEST['save']) && (int)$_REQUEST['save'] == 1;
+$save = isset($_POST['save']) && (int)$_POST['save'] == 1;
 if($save) {
-	$post_id = (int)$_REQUEST['id'];
+	$post_id = (int)$_POST['id'];
-	$board = (int)$_REQUEST['section'];
+	$board = (int)$_POST['section'];
 	if(!Forum::hasAccess($board)) {
 		$errors[] = "You don't have access to this board.";
 		displayErrorBoxWithBackButton($errors, getLink('forum'));

system/pages/forum/new_post.php

@@ -28,6 +28,8 @@ if(!$logged) {
 	return;
 }
 
+csrfProtect();
+
 if(Forum::canPost($account_logged)) {
 	$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
 	$thread_id = isset($_REQUEST['thread_id']) ? (int) $_REQUEST['thread_id'] : 0;
@@ -43,11 +45,11 @@ if(Forum::canPost($account_logged)) {
 		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread_id) . '">'.htmlspecialchars($thread['post_topic']).'</a> >> <b>Post new reply</b><br /><h3>'.htmlspecialchars($thread['post_topic']).'</h3>';
 
 		$quote = isset($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : NULL;
-		$text = isset($_REQUEST['text']) ? stripslashes(trim($_REQUEST['text'])) : NULL;
+		$text = isset($_POST['text']) ? stripslashes(trim($_POST['text'])) : NULL;
-		$char_id = (int) ($_REQUEST['char_id'] ?? 0);
+		$char_id = (int) ($_POST['char_id'] ?? 0);
-		$post_topic = isset($_REQUEST['topic']) ? stripslashes(trim($_REQUEST['topic'])) : '';
+		$post_topic = isset($_POST['topic']) ? stripslashes(trim($_POST['topic'])) : '';
-		$smile = (int)($_REQUEST['smile'] ?? 0);
+		$smile = (int)($_POST['smile'] ?? 0);
-		$html = (int)($_REQUEST['html'] ?? 0);
+		$html = (int)($_POST['html'] ?? 0);
 		$saved = false;
 
 		if (!superAdmin()) {
@@ -60,10 +62,10 @@ if(Forum::canPost($account_logged)) {
 				$text = '[i]Originally posted by ' . $quoted_post[0]['name'] . ' on ' . date('d.m.y H:i:s', $quoted_post[0]['post_date']) . ':[/i][quote]' . $quoted_post[0]['post_text'] . '[/quote]';
 			}
 		}
-		elseif(isset($_REQUEST['save'])) {
+		elseif(isset($_POST['save'])) {
 			$length = strlen($text);
 			if($length < 1 || strlen($text) > 15000) {
-				$errors[] = 'Too short or too long post (Length: $length letters). Minimum 1 letter, maximum 15000 letters.';
+				$errors[] = "Too short or too long post (Length: $length letters). Minimum 1 letter, maximum 15000 letters.";
 			}
 
 			if($char_id == 0) {
@@ -79,15 +81,14 @@ if(Forum::canPost($account_logged)) {
 				}
 
 				if(!$player_on_account) {
-					$errors[] = 'Player with selected ID ' . $char_id . ' doesn\'t exist or isn\'t on your account';
+					$errors[] = "Player with selected ID $char_id doesn't exist or isn't on your account";
 				}
 			}
 
 			if(count($errors) == 0) {
 				$last_post = 0;
 				$query = $db->query('SELECT post_date FROM ' . FORUM_TABLE_PREFIX . 'forum ORDER BY post_date DESC LIMIT 1');
-				if($query->rowCount() > 0)
+				if($query->rowCount() > 0) {
-				{
 					$query = $query->fetch();
 					$last_post = $query['post_date'];
 				}

system/pages/forum/new_thread.php

@@ -28,6 +28,8 @@ if(!$logged) {
 	return;
 }
 
+csrfProtect();
+
 if(Forum::canPost($account_logged)) {
 	$players_from_account = $db->query('SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = '.(int) $account_logged->getId())->fetchAll();
 	$section_id = $_REQUEST['section_id'] ?? null;
@@ -38,19 +40,18 @@ if(Forum::canPost($account_logged)) {
 			if ($sections[$section_id]['closed'] && !Forum::isModerator())
 				$errors[] = 'You cannot create topic on this board.';
 
-			$quote = (int)(isset($_REQUEST['quote']) ? $_REQUEST['quote'] : 0);
+			$text = isset($_POST['text']) ? stripslashes($_POST['text']) : '';
-			$text = isset($_REQUEST['text']) ? stripslashes($_REQUEST['text']) : '';
+			$char_id = (int)(isset($_POST['char_id']) ? $_POST['char_id'] : 0);
-			$char_id = (int)(isset($_REQUEST['char_id']) ? $_REQUEST['char_id'] : 0);
+			$post_topic = isset($_POST['topic']) ? stripslashes($_POST['topic']) : '';
-			$post_topic = isset($_REQUEST['topic']) ? stripslashes($_REQUEST['topic']) : '';
+			$smile = (isset($_POST['smile']) ? (int)$_POST['smile'] : 0);
-			$smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0);
+			$html = (isset($_POST['html']) ? (int)$_POST['html'] : 0);
-			$html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0);
 
 			if (!superAdmin()) {
 				$html = 0;
 			}
 
 			$saved = false;
-			if (isset($_REQUEST['save'])) {
+			if (isset($_POST['save'])) {
 				$length = strlen($post_topic);
 				if ($length < 1 || $length > 60) {
 					$errors[] = "Too short or too long topic (Length: $length letters). Minimum 1 letter, maximum 60 letters.";

system/pages/forum/remove_post.php

@@ -23,11 +23,13 @@ if(!$logged) {
 	return;
 }
 
+csrfProtect();
+
 if(Forum::isModerator()) {
-	$id = (int) $_REQUEST['id'];
+	$id = (int) ($_POST['id'] ?? 0);
 	$post = $db->query("SELECT `id`, `first_post`, `section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `id` = ".$id." LIMIT 1")->fetch();
 
-	if($post['id'] == $id && Forum::hasAccess($post['section'])) {
+	if($post && $post['id'] == $id && Forum::hasAccess($post['section'])) {
 		if($post['id'] == $post['first_post']) {
 			$db->query("DELETE FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `first_post` = ".$post['id']);
 			header('Location: ' . getForumBoardLink($post['section']));
@@ -36,7 +38,7 @@ if(Forum::isModerator()) {
 			$post_page = $db->query("SELECT COUNT(`" . FORUM_TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`id` < ".$id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".(int) $post['first_post'])->fetch();
 			$_page = (int) ceil($post_page['posts_count'] / setting('core.forum_threads_per_page')) - 1;
 			$db->query("DELETE FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `id` = ".$post['id']);
-			header('Location: ' . getForumThreadLink($post['first_post'], (int) $_page));
+			header('Location: ' . getForumThreadLink($post['first_post'], $_page));
 		}
 	}
 	else {

system/pages/forum/show_board.php

@@ -33,7 +33,7 @@ if(!Forum::hasAccess($section_id)) {
 	return;
 }
 
-$_page = (int) (isset($_REQUEST['page']) ? $_REQUEST['page'] : 0);
+$_page = (int) ($_REQUEST['page'] ?? 0);
 $threads_count = $db->query("SELECT COUNT(`" . FORUM_TABLE_PREFIX . "forum`.`id`) AS threads_count FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`section` = ".(int) $section_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = `" . FORUM_TABLE_PREFIX . "forum`.`id`")->fetch();
 for($i = 0; $i < $threads_count['threads_count'] / setting('core.forum_threads_per_page'); $i++) {
 	if($i != $_page)
@@ -50,7 +50,7 @@ if($logged && (!$sections[$section_id]['closed'] || Forum::isModerator())) {
 }
 
 echo '<br /><br />Page: '.$links_to_pages.'<br />';
-$last_threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`last_post`, `" . FORUM_TABLE_PREFIX . "forum`.`replies`, `" . FORUM_TABLE_PREFIX . "forum`.`views`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`section` = ".$section_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = `" . FORUM_TABLE_PREFIX . "forum`.`id` ORDER BY `" . FORUM_TABLE_PREFIX . "forum`.`last_post` DESC LIMIT ".setting('core.forum_threads_per_page')." OFFSET ".($_page * setting('core.forum_threads_per_page')))->fetchAll();
+$last_threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`first_post`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`last_post`, `" . FORUM_TABLE_PREFIX . "forum`.`replies`, `" . FORUM_TABLE_PREFIX . "forum`.`views`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`section` = ".$section_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = `" . FORUM_TABLE_PREFIX . "forum`.`id` ORDER BY `" . FORUM_TABLE_PREFIX . "forum`.`last_post` DESC LIMIT ".setting('core.forum_threads_per_page')." OFFSET ".($_page * setting('core.forum_threads_per_page')))->fetchAll(PDO::FETCH_ASSOC);
 
 if(isset($last_threads[0])) {
 	echo '<table width="100%">
@@ -67,8 +67,8 @@ if(isset($last_threads[0])) {
 	foreach($last_threads as $thread) {
 		echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td>';
 		if(Forum::isModerator()) {
-			echo '<a href="' . getLink('forum') . '?action=move_thread&id='.$thread['id'].'"\')"><span style="color:darkgreen">[MOVE]</span></a>';
+			echo '<a href="' . getLink('forum') . '?action=move_thread&id=' . $thread['id'] . '" title="Move Thread"><img src="images/icons/arrow_right.gif"/></a>';
-			echo '<a href="' . getLink('forum') . '?action=remove_post&id='.$thread['id'].'" onclick="return confirm(\'Are you sure you want remove thread > '.htmlspecialchars($thread['post_topic']).' <?\')"><span style="color: red">[REMOVE]</span></a>  ';
+			$twig->display('forum.remove_post.html.twig', ['post' => $thread]);
 		}
 
 		$player->load($thread['player_id']);
@@ -82,10 +82,13 @@ if(isset($last_threads[0])) {
 		echo '<a href="' . getForumThreadLink($thread['id']) . '">'.htmlspecialchars($thread['post_topic']). '</a><br /><small>'.($canEditForum ? substr(strip_tags($thread['post_text']), 0, 50) : htmlspecialchars(substr($thread['post_text'], 0, 50))).'...</small></td><td>' . getPlayerLink($thread['name']) . '</td><td>'.(int) $thread['replies'].'</td><td>'.(int) $thread['views'].'</td><td>';
 		if($thread['last_post'] > 0) {
 			$last_post = $db->query("SELECT `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['id']." AND `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` ORDER BY `post_date` DESC LIMIT 1")->fetch();
-			if(isset($last_post['name']))
+
-				echo date('d.m.y H:i:s', $last_post['post_date']).'<br />by ' . getPlayerLink($last_post['name']);
+			if(isset($last_post['name'])) {
-			else
+				echo date('d.m.y H:i:s', $last_post['post_date']) . '<br />by ' . getPlayerLink($last_post['name']);
+			}
+			else {
 				echo 'No posts.';
+			}
 		}
 		else {
 			echo date('d.m.y H:i:s', $thread['post_date']) . '<br />by ' . getPlayerLink($thread['name']);

system/pages/forum/show_thread.php

@@ -35,7 +35,7 @@ if(!Forum::hasAccess($thread_starter['section'])) {
 	return;
 }
 
-$posts_count = $db->query("SELECT COUNT(`" . FORUM_TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id)->fetch();
+$posts_count = $db->query("SELECT COUNT(`" . FORUM_TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".$thread_id)->fetch();
 for($i = 0; $i < $posts_count['posts_count'] / setting('core.forum_threads_per_page'); $i++) {
 	if($i != $_page)
 		$links_to_pages .= '<a href="' . getForumThreadLink($thread_id, $i) . '">'.($i + 1).'</a> ';
@@ -46,7 +46,7 @@ for($i = 0; $i < $posts_count['posts_count'] / setting('core.forum_threads_per_p
 $posts = $db->query("SELECT `players`.`id` as `player_id`, `" . FORUM_TABLE_PREFIX . "forum`.`id`,`" . FORUM_TABLE_PREFIX . "forum`.`first_post`, `" . FORUM_TABLE_PREFIX . "forum`.`section`,`" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` AS `date`, `" . FORUM_TABLE_PREFIX . "forum`.`post_smile`, `" . FORUM_TABLE_PREFIX . "forum`.`post_html`, `" . FORUM_TABLE_PREFIX . "forum`.`author_aid`, `" . FORUM_TABLE_PREFIX . "forum`.`author_guid`, `" . FORUM_TABLE_PREFIX . "forum`.`last_edit_aid`, `" . FORUM_TABLE_PREFIX . "forum`.`edit_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".$thread_id." ORDER BY `" . FORUM_TABLE_PREFIX . "forum`.`post_date` LIMIT " . setting('core.forum_posts_per_page') . " OFFSET ".($_page * setting('core.forum_posts_per_page')))->fetchAll();
 
 if(isset($posts[0]['player_id'])) {
-	$db->query("UPDATE `" . FORUM_TABLE_PREFIX . "forum` SET `views`=`views`+1 WHERE `id` = ".(int) $thread_id);
+	$db->query("UPDATE `" . FORUM_TABLE_PREFIX . "forum` SET `views`=`views`+1 WHERE `id` = " . $thread_id);
 }
 
 $lookaddons = $db->hasColumn('players', 'lookaddons');

system/pages/guilds/accept_invite.php

@@ -12,11 +12,11 @@ defined('MYAAC') or die('Direct access not allowed!');
 
 require __DIR__ . '/base.php';
 
-//set rights in guild
+// set rights in guild
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
 if(!$logged) {
-	$errors[] = 'You are not logged in. You can\'t accept invitations.';
+	$errors[] = "You are not logged in. You can't accept invitations.";
 }
 
 if(!Validator::guildName($guild_name)) {
@@ -27,11 +27,11 @@ if(empty($errors)) {
 	$guild = new OTS_Guild();
 	$guild->find($guild_name);
 	if(!$guild->isLoaded()) {
-		$errors[] = 'Guild with name <b>'.$guild_name.'</b> doesn\'t exist.';
+		$errors[] = "Guild with name <b>$guild_name</b> doesn't exist.";
 	}
 }
 
-if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 	if(!Validator::characterName($name)) {
 		$errors[] = 'Invalid name format.';
 	}
@@ -51,7 +51,7 @@ if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
 	}
 }
 
-if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 	if(empty($errors)) {
 		$is_invited = false;
 		include(SYSTEM . 'libs/pot/InvitesDriver.php');
@@ -104,7 +104,7 @@ if(!empty($errors)) {
 	));
 }
 else {
-	if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+	if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 		$guild->acceptInvite($player);
 		$twig->display('success.html.twig', array(
 			'title' => 'Accept invitation',

system/pages/guilds/add_rank.php

@@ -13,7 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 require __DIR__ . '/base.php';
 
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
-$rank_name = isset($_REQUEST['rank_name']) ? $_REQUEST['rank_name'] : null;
+$rank_name = $_POST['rank_name'] ?? null;
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
@@ -35,7 +35,7 @@ if(empty($errors)) {
 		$rank_list = $guild->getGuildRanksList();
 		$rank_list->orderBy('level', POT::ORDER_DESC);
 		$guild_leader = false;
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 		foreach($account_players as $player) {
 			if($guild_leader_char->getId() == $player->getId()) {
 				$guild_vice = true;

system/pages/guilds/base.php

@@ -15,3 +15,5 @@ else
 	define('GUILD_MEMBERS_TABLE', 'guild_membership');
 
 define('MOTD_EXISTS', $db->hasColumn('guilds', 'motd'));
+
+csrfProtect();

system/pages/guilds/change_description.php

@@ -31,7 +31,7 @@ if(empty($errors)) {
 		$rank_list = $guild->getGuildRanksList();
 		$rank_list->orderBy('level', POT::ORDER_DESC);
 		$guild_leader = false;
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 		foreach($account_players as $player) {
 			if($guild->getOwner()->getId() == $player->getId()) {
 				$guild_vice = true;
@@ -42,8 +42,8 @@ if(empty($errors)) {
 
 		$saved = false;
 		if($guild_leader) {
-			if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+			if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
-				$description = htmlspecialchars(stripslashes(substr(trim($_REQUEST['description']),0, setting('core.guild_description_chars_limit'))));
+				$description = htmlspecialchars(stripslashes(substr(trim($_POST['description']),0, setting('core.guild_description_chars_limit'))));
 				$guild->setCustomField('description', $description);
 				$saved = true;
 			}

system/pages/guilds/change_logo.php

@@ -30,7 +30,7 @@ if(empty($errors)) {
 	if($logged) {
 		$guild_leader_char = $guild->getOwner();
 		$guild_leader = false;
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 
 		foreach($account_players as $player) {
 			if($guild_leader_char->getId() == $player->getId()) {
@@ -40,14 +40,13 @@ if(empty($errors)) {
 			}
 		}
 
-		if($guild_leader)
+		if($guild_leader) {
-		{
 			$max_image_size_b = setting('core.guild_image_size_kb') * 1024;
 			$allowed_ext = array('image/gif', 'image/jpg', 'image/pjpeg', 'image/jpeg', 'image/bmp', 'image/png', 'image/x-png');
 			$ext_name = array('image/gif' => 'gif', 'image/jpg' => 'jpg', 'image/jpeg' => 'jpg', 'image/pjpeg' => 'jpg', 'image/bmp' => 'bmp', 'image/png' => 'png', 'image/x-png' => 'png');
 			$save_file_name = str_replace(' ', '_', strtolower($guild->getName()));
 			$save_path = GUILD_IMAGES_DIR . $save_file_name;
-			if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save')
+			if(isset($_POST['todo']) && $_POST['todo'] == 'save')
 			{
 				$file = $_FILES['newlogo'];
 				if(is_uploaded_file($file['tmp_name']))
@@ -97,13 +96,13 @@ if(empty($errors)) {
 
 			$guild_logo = $guild->getCustomField('logo_name');
 			if(empty($guild_logo) || !file_exists(GUILD_IMAGES_DIR . $guild_logo)) {
-				$guild_logo = "default.gif";
+				$guild_logo = 'default.gif';
 			}
 
 			$twig->display('guilds.change_logo.html.twig', array(
 				'guild_logo' => $guild_logo,
 				'guild' => $guild,
-				'max_image_size_b' => $max_image_size_b
+				//'max_image_size_b' => $max_image_size_b
 			));
 
 		}

system/pages/guilds/change_motd.php

@@ -34,7 +34,7 @@ if(empty($errors)) {
 		$rank_list = $guild->getGuildRanksList();
 		$rank_list->orderBy('level', POT::ORDER_DESC);
 		$guild_leader = false;
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 		foreach($account_players as $player) {
 			if($guild->getOwner()->getId() == $player->getId()) {
 				$guild_vice = true;
@@ -45,8 +45,8 @@ if(empty($errors)) {
 
 		$saved = false;
 		if($guild_leader) {
-			if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+			if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
-				$motd = htmlspecialchars(stripslashes(substr($_REQUEST['motd'],0, setting('core.guild_motd_chars_limit'))));
+				$motd = htmlspecialchars(stripslashes(substr($_POST['motd'],0, setting('core.guild_motd_chars_limit'))));
 				$guild->setCustomField('motd', $motd);
 				$saved = true;
 			}