Merge branch 'main' into feature/2fa

Fix submenu initialization for missing elements
Added a check in InitializeMenu to skip submenu items if their corresponding DOM element does not exist, preventing potential JavaScript errors.
2025-09-14 04:23:34 +02:00 · 2025-08-12 14:36:29 +02:00 · 2025-08-12 12:46:39 +02:00 · 2025-08-07 21:17:25 +02:00 · 2025-08-07 16:21:22 +02:00 · 2025-08-02 14:15:13 +02:00
218 changed files with 5277 additions and 2669 deletions
--- a/.github/workflows/cypress.yml
+++ b/.github/workflows/cypress.yml
@@ -22,7 +22,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        php-versions: [ '8.1', '8.2', '8.3' ]
+        php-versions: [ '8.1', '8.2', '8.3', '8.4' ]
        ots: ['tfs-1.4', 'canary-3.1.2'] # TODO: add 'tfs-master' (actually doesn't work cause AAC doesn't support reading .env configuration)
    name: Cypress (PHP ${{ matrix.php-versions }}, ${{ matrix.ots }})
    steps:
@@ -146,6 +146,7 @@ jobs:
          with:
            name: cypress-screenshots-${{ matrix.php-versions }}-${{ matrix.ots }}
            path: cypress/screenshots
            if-no-files-found: ignore
        - name: Upload Cypress Videos
          uses: actions/upload-artifact@v4
@@ -153,6 +154,7 @@ jobs:
          with:
            name: cypress-videos-${{ matrix.php-versions }}-${{ matrix.ots }}
            path: cypress/videos
            if-no-files-found: ignore
        - name: Upload PHP Logs
          uses: actions/upload-artifact@v4
--- a/.github/workflows/phpstan.yml
+++ b/.github/workflows/phpstan.yml
@@ -14,7 +14,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        php-versions: [ '8.1', '8.2', '8.3' ]
+        php-versions: [ '8.1', '8.2', '8.3', '8.4' ]
    steps:
      - name: "Checkout"
        uses: "actions/checkout@v4"
--- a/.htaccess.dist
+++ b/.htaccess.dist
@@ -6,7 +6,7 @@
 	Options -MultiViews
 </IfModule>
-<FilesMatch "^(CHANGELOG\.md|README\.md|composer\.json|composer\.lock|package\.json|package-lock\.json|cypress\.env\.json)$">
+<FilesMatch "^(.*\.md|.*\.json|.*\.dist|.*\.sql|CHANGELOG|README|composer\.lock)$">
 	Require all denied
 </FilesMatch>
--- a/CHANGELOG-1.x.md
+++ b/CHANGELOG-1.x.md
@@ -1,5 +1,177 @@
 # Changelog
 ## [1.8 - 02.08.2025]
 ### Added
 * Templates - Kathrine: Possibility to add custom menu categories (https://github.com/slawkens/myaac/commit/ec11c1402417c25980582467546d1c1e9bb8267f)
 * Admin Panel - Accounts Editor: Add Coins Transferable (https://github.com/slawkens/myaac/commit/45d6047031c9c3a0e7e512dc5d15c75629aec5a2, https://github.com/slawkens/myaac/commit/bb097b69ce106500a49686d6f4fe604348eaa310)
 * Highscores:
  * Revamped: (https://github.com/slawkens/myaac/commit/d8132d4d76e03d5aa0c042be426320655a601392)
    * Show real rank, if 2 or more players have the same skill, show them with same rank
    * New setting: highscores_online_status
    * Additional fields passed to twig: updatedAt, totalResults, page, baseLink
  * Add new Setting: Display Skills Box (https://github.com/slawkens/myaac/commit/36ca755243ef1c83f6ac87465b426d4d8d3b0bb9)
 * Functions: Add getExperienceForLevel (level) (https://github.com/slawkens/myaac/commit/1566deb84a082176b8c683fda205d828bc38fbcc)
 * Commands - cache:clear : Add warning about APCu clear in CLI (https://github.com/slawkens/myaac/commit/83f84172e02e8ea2ccb6dca29bc033e44c35aebc)
 * Models - PlayerOnline: Add missing $fillable into model (https://github.com/slawkens/myaac/commit/43415cf35db1c1307f2684c1728693d65065ffff)
 * Twig: add cache variable (https://github.com/slawkens/myaac/commit/0efe47ce71c4b364a9e96bc5a55b1655326ae6da)
 ### Changed
 * pages/online: add cache, resulting in 20x performance boost
  * (for an example server with 2k players) (https://github.com/slawkens/myaac/commit/c8363086015cbb6e8786c398c7b9ac3959a26ec4)
 * Admin Bar: Move admin bar code into body_start place_holder (https://github.com/slawkens/myaac/commit/f17269e44ce9dd38447bd2e2a8e1bdb065d4161f)
 * Cache::remember: $ttl = 0 means no cache (https://github.com/slawkens/myaac/commit/3b47e9df2f4051807c5ff87892f7fa3d348f9c55)
 * Templates: Load config.ini with $process_sections set to true (https://github.com/slawkens/myaac/commit/a89f9a84847630eb75b4890fdcc8b7a7bfa6b8ac)
 * Twig: Allow for timestamp as integer in the timeago twig function
  (https://github.com/slawkens/myaac/commit/34fead906ea13b9f09d7a3c41ed88109d34d386c)
 ### Fixed
 * Settings: Fixed two exceptions (https://github.com/slawkens/myaac/commit/6e5a4ff8c78ff5373aba091baa66cae029557643, https://github.com/slawkens/myaac/commit/20d69a641c0a933d14889a89da6d32f6a4bc6c7d)
 * Models\Account + OTS_Account -> isPremium -> ignore config.freePremium (https://github.com/slawkens/myaac/commit/5271633bdbfbbfed0b1d59c403093ce6fc2b7d20)
 * Admin Panel - Mailer:
  * Fix send to email link redirecting from accounts page (https://github.com/slawkens/myaac/commit/080cc2781f034c844af658229e495e9a47fd2298)
  * Option to send only to verified accounts - only if setting('core.account_mail_verify') enabled (https://github.com/slawkens/myaac/commit/cf7fd20452e863980045bb5d6012ec86c6e8e01f)
 ### Internal
 * Rewrite to use constants (account transferable coins) (https://github.com/slawkens/myaac/commit/bccf8e056df985bbe1bab5f7ab5492f714d6b62b)
 * Refactor to use HAS_ACCOUNT_COINS (https://github.com/slawkens/myaac/commit/caf326a6584a234775ebc6c8000ea02b3fecd160)
 ## [1.7.1 - 27.06.2025]
 ### Changed
 * Rename plugin:install:install to plugin:setup, also add alias to previous command (https://github.com/slawkens/myaac/commit/13d33822b59df349199e885a78a3d6beb0863d0b)
 ### Fixed
 * Fix commands: setup + cache:clear (https://github.com/slawkens/myaac/commit/0da524fefe93b3028392e9014550eea3324d3a22, https://github.com/slawkens/myaac/commit/fe8281594e989f00280ba1adc734a9198c6b5cc1)
 * Fix polls link in tibiacom template (https://github.com/slawkens/myaac/commit/d90fa323d7c77d81768df60feeb1c374b1650a0c)
 ## [1.7 - 22.06.2025]
 ### Added
 * Feature: plugins versions check (#310)
 * New hooks: HOOK_ACCOUNT_MANAGE_AFTER_CHARACTERS, HOOK_GUILDS_AFTER_MANAGE_BUTTON (https://github.com/slawkens/myaac/commit/c074a48f245df55646b6705737f667b6a84149b2, https://github.com/slawkens/myaac/commit/e6100a1b72de8695bba1dae9ba4e28bfdce47b10)
 * Add OTS_Toolbox::getVocationName(id, promotion) + OTS_Player->isNameLocked() (https://github.com/slawkens/myaac/commit/e222957893c4a1de0dc8dbba55bce1a43418d275, https://github.com/slawkens/myaac/commit/522f6c11d835afd36fd07a07074d96d7e219b488)
 * Add missing csrf in more places, causing white page with error about Request (https://github.com/slawkens/myaac/commit/dca904e61d21d856bf809070e7652803a2df0f58, https://github.com/slawkens/myaac/commit/c720ccc451ff90ef40b2a1595468d061ffd7e1e4)
 ### Changed
 * Revamped online page (https://github.com/slawkens/myaac/commit/9a90e4aae280e607430511c6727d9a714b11f4c5, https://github.com/slawkens/myaac/commit/4767120043b09141870383e249f3729638d53dc2)
 * Better $title inventing (https://github.com/slawkens/myaac/commit/0c95bcfd06b68b21512e477646ef7bd3a0d4912b)
 ### Fixed
 * Use apcu cache clear (https://github.com/slawkens/myaac/commit/b329da52aae9d0e21120a6444d3caf442420ce50, https://github.com/slawkens/myaac/commit/566c2a9151ab6392286f74e26853faa19a1b4f24)
 * fix: boostedcreatures for 13.40 (by @GooseWithAKnife) (#307)
 ## [1.6.1 - 11.06.2025]
 ### Fixed
 * Fixed "Request has been cancelled due to security reasons", cause of missing csrf() in twig files (https://github.com/slawkens/myaac/commit/10cd71a6630ffec91b43a26a6d685b66c5836a6a)
 * Fix: Ignore duplicated route exception (https://github.com/slawkens/myaac/commit/9d8e9d27bd87167d8d4005942a6af62bfe4c0892)
 ### Changed
 * Move counter & visitors code before router (In case someone wants to include that info on page) (https://github.com/slawkens/myaac/commit/f78285030708ad3c74ab048711f73bbf3ee5281e)
 * Set TinyMCE license key to gpl (Avoid warning message in browser console) (https://github.com/slawkens/myaac/commit/8d29fdb98b92dbc3d2853ef88a185c67036b4a77)
 ### Removed
 * Remove deprecated TinyMCE plugin - template (https://github.com/slawkens/myaac/commit/309c1fb715b882e67cb673b1544a03befbf64a22)
 ## [1.6 - 03.06.2025]
 ### Added
 * Add new setting/configurable: site_url, prevents domain spoofing (https://github.com/slawkens/myaac/commit/d8a6090be382c35c19117cfef964b594ed02b8d4)
 * Add new account coins setting (https://github.com/slawkens/myaac/commit/28886551e86fe562172c4c7f2afb89a2e7672c2e)
 * autoload: settings/install/init.php (https://github.com/slawkens/myaac/commit/e5749437074c3b3556628a2aeb5bad2edf97bde0, https://github.com/slawkens/myaac/commit/7d213f479a7e40c6254069b5fc4e578dc32bf8d9, https://github.com/slawkens/myaac/commit/207d6bc69120aba1af2b51808f17e0059b571fed)
 * Protect against csrf in more places (accounts & guilds & forums pages) (https://github.com/slawkens/myaac/commit/6eda38603c8ed7e99b92a78a4600b1245377f74d, https://github.com/slawkens/myaac/commit/e776bd52beb3064a9e694efd1b9021ec972ee2f6, https://github.com/slawkens/myaac/commit/84d502bf105f2a789481fba1acc820d236b4de66)
 * Added two new hooks for pages loaded from database (custom pages): HOOK_BEFORE_PAGE_CUSTOM, HOOK_AFTER_PAGE_CUSTOM (https://github.com/slawkens/myaac/commit/c961a1ebf837f2ab1734a825ff2c57b4937610c9)
 * Add global variables into $hooks->executeFilter (https://github.com/slawkens/myaac/commit/8fdea943768b20193eede99d60313ee84511a0be)
 * Add getNPCsCount() to OTS_InfoRespond (https://github.com/slawkens/myaac/commit/7d435ff6433ef1fb2295ee79ed043ee10dc725e9)
 ### Fixed
 * Allow [] in character name (https://github.com/slawkens/myaac/commit/de6603a51347b9e656c58637ed9971fffdd7cedd)
 * Do not allow access to tools/ folder after install (https://github.com/slawkens/myaac/commit/6e0f5913831f8dba69fd2d1505be3e2a303c6324)
 * Fix CHANGELOG-1.x.md loading in admin panel (https://github.com/slawkens/myaac/commit/4a30fb495dbfbe1d434e8d52419eaf44fe517aee)
 * Fix links not working in admin dashboard modules (https://github.com/slawkens/myaac/commit/be7b27c31aa3bbd6c0289c34d1e61139a3fe015c)
 * Fix twig variables: logged + account_logged being not set directly after login (https://github.com/slawkens/myaac/commit/1e9b10d6489c488cadf7f6ed17b42f1ea6c767a8)
 ### Changed
 * OTS_ServerInfo -> move setTimeout out of class - Possibility to use the class without MyAAC (https://github.com/slawkens/myaac/commit/40d65a6613149fda51bdceb82c807e5301a3388b)
 ## [1.5 - 14.05.2025]
 ### Added
 * Feature/twig hooks filters (#258)
 * Add latest client versions (14.00 - 15.01) (https://github.com/slawkens/myaac/commit/5367df23812c6182863353c9a39fd7fb0b743f4b)
 * db variable to twig (https://github.com/slawkens/myaac/commit/5ed1aec28e146b871a75597411d12e42a067f4e6)
 * New filter: HOOK_FILTER_ROUTES (https://github.com/slawkens/myaac/commit/9b75011224f385db8b27e109bfeb28e75b9d779c)
 * Allow optionally separate folder for views (thanks @Scrollog for idea) (https://github.com/slawkens/myaac/commit/03e275213901a89edb0ebb8974b776a992ab391f)
 * Add float & double types to the Settings (https://github.com/slawkens/myaac/commit/67ab425bb9796d9d123296e3fda542fa8f7f05ee)
 * Add optional param _page_only for single-page apps etc. (https://github.com/slawkens/myaac/commit/113473f2560aab6d364c301cc14a8b5ba8f309f4)
 ### Changed
 * Change OTS_Account->getPremDays to not return -1 in case of freePremium (https://github.com/slawkens/myaac/commit/3befde2a1e4d24a011311e785f15185db57e19b8)
 * Add note about highscores being updated x minutes + allow ttl 0 to disable cache (https://github.com/slawkens/myaac/commit/a161cff00329da6f970f3a70967fe8346fe92bbc)
 * Better monster images (no image not found anymore) + use cache (https://github.com/slawkens/myaac/commit/73a5829974ceca3f02d7925d5cfbd5fa50b1bbd2)
 * Rename server-info -> ots-info, changelog -> change-log (Due to conflict with apache2 server-info mod) (https://github.com/slawkens/myaac/commit/3949d84e5d7631f332111b6d00278bddbd0ad10a)
 * Move rules page to admin panel (https://github.com/slawkens/myaac/commit/3949d84e5d7631f332111b6d00278bddbd0ad10a)
 ### Fixed
 * php 8.4 warnings
 * Visitors counter not working properly on dev mode (https://github.com/slawkens/myaac/commit/da151051186c913dd0dd091aabe893649c2b9ee7)
 * Fix login.php boosted creature & boss (not sure exact version, but should be 14.12 or around) (https://github.com/slawkens/myaac/commit/c48b8006319f6c3b5f082befd16785420bb98110)
 * Fix installMenus when theme/template was removed from disc (https://github.com/slawkens/myaac/commit/c24c580796bccd54bf9e95b864763f4642684d55)
 * Fix if user removes the menu category (https://github.com/slawkens/myaac/commit/dbea69f31478391dacfbbc02c8353c39b4245daf)
 ### Updated:
 * Update cypress from version ^13.17.0 to ^14.3.3 (https://github.com/slawkens/myaac/commit/629fd18ea166860d5898a822f44f9277da6ce43d)
 ## [1.4 - 22.04.2025]
 ### Added
 * feat: admin-pages (can add admin pages through plugins) (https://github.com/slawkens/myaac/commit/ceaa0639e66d31e8177ff90791463470367aa45d)
 	* just place the page in admin-pages folder in the plugin
 	* Also, possibility to overwrite default myaac admin pages
 * Add db->hasTableAndColumns(table, columns), credits to @opentibiabr Team (https://github.com/slawkens/myaac/commit/82a533d88c8a342076891d132b4b409ed9a1fe72)
 * Add noSubmit option to buttons.base (https://github.com/slawkens/myaac/commit/64f6d3abcada3bf9fd7599f50d2fac0a1367f383)
 ### Fixed
 * Fix: display 404 error instead of 500 when page has been removed from filesystem (https://github.com/slawkens/myaac/commit/c2bf94fb2370d2009a2eb907f818955132cf8611)
 * Fix headline.php: change image format to .png cause of black background (https://github.com/slawkens/myaac/commit/b618084d50918539d9a70abd97e764137b966067)
 * Clear cache on plugin enable/disable, fixes some issues with plugin pages being cached (https://github.com/slawkens/myaac/commit/1d0c173e7d000aecbd432800941fc3e38a0e50f2)
 * Do not autoload sub-folders if autoload pages is disabled (https://github.com/slawkens/myaac/commit/d47195a7878095336f9c9edc6f96244257f67eec)
 ### Changed
 * SQL Syntax Standardization (by @JoaozinhoBrasil, #298)
 * Pages in theme/template folder will now have precedence over normal pages (https://github.com/slawkens/myaac/commit/6d8f4718a1d349fba8f0ebc39cfd3a1a84d104b0)
 * Small changes in account.login.html.twig (https://github.com/slawkens/myaac/commit/f40b986b59d4c8fa89ab4745731bf366f8619976)
 * Plugin name is required, version is optional (https://github.com/slawkens/myaac/commit/e6f05a2731c61d931be49e121c068e49c0ad5e01)
 ## [1.3.3 - 04.04.2025]
 ### Fixed
 * Fix uninstall plugin when plugin is disabled (https://github.com/slawkens/myaac/commit/6c568fd36a271270684fc412ccd556b230273a6d)
 ### Changed
 * Display more useful info when error parsing config.lua (https://github.com/slawkens/myaac/commit/fa6b6aa153ffc131e0d1631a4dcd9012a5850c2e)
 ### Other
 * Small adjustments (https://github.com/slawkens/myaac/commit/35e2483de86e295bdf089cceffa25842eeb2e34c, https://github.com/slawkens/myaac/commit/ae639d65b0bfa491e747e907e2ebc77f83f47981)
 ## [1.3.2 - 01.04.2025]
 ### Fixed
 * Fix debugBar/admin panel menu when using custom base_dir (https://github.com/slawkens/myaac/commit/65696f63e3aac02ff952ea81279e7cb2fa7570fb)
 ### Changed
 * Settings: Show/hide IP Ban Protection options depending on the value (enabled/disabled) (https://github.com/slawkens/myaac/commit/dbf73d0b61b45601ae95e51b23c051c2704169c5)
 * Do not require init.php in cache:clear command (https://github.com/slawkens/myaac/commit/d25c71857f767834239bbffacd00fdc671adb157)
 ## [1.3.1 - 19.03.2025]
 ### Fixed
 * Fixed migrate:run command (https://github.com/slawkens/myaac/commit/1a5771ad51e595fe13368a0721b059c4ecefb17d)
 ### Changed
 * Small adjustments (https://github.com/slawkens/myaac/commit/6fac883659f581baac1361826d046410156f1e58, https://github.com/slawkens/myaac/commit/4a6896b4469968b9904292734cf6c14ba5eeef14)
 ## [1.3 - 10.03.2025]
 ### Changed
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # [MyAAC](https://my-aac.org)
-MyAAC is a free and open-source Automatic Account Creator (AAC) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
+MyAAC is a free and open-source Automatic Account Creator (AAC) for Open Tibia Servers written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
 Official website: https://my-aac.org
@@ -10,12 +10,19 @@ Official website: https://my-aac.org
 [![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
 [![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
-| Version | Status                 | Branch | Requirements   |
+| Version | Status                 | Branch  | Requirements   |
-|:--------|:-----------------------|:-------|:---------------|
+|:--------|:-----------------------|:--------|:---------------|
-| **1.x** | **Active development** | master | **PHP >= 8.1** |
+| 2.x     | Experimental features  | develop | PHP >= 8.1     |
-| 0.9.x   | Not developed anymore  | 0.9    | PHP >= 7.2.5   |
+| **1.x** | **Active development** | main    | **PHP >= 8.1** |
-| 0.8.x   | Active support         | 0.8    | PHP >= 7.2.5   |
+| 0.9.x   | Not developed anymore  | 0.9     | PHP >= 7.2.5   |
-| 0.7.x   | End Of Life            | 0.7    | PHP >= 5.3.3   |
+| 0.8.x   | Active support         | 0.8     | PHP >= 7.2.5   |
 | 0.7.x   | End Of Life            | 0.7     | PHP >= 5.3.3   |
 The recommended version to install is 1.x, which can be found at releases page - [https://github.com/slawkens/myaac/releases](https://github.com/slawkens/myaac/releases).
 ### Documentation
 * [docs.my-aac.org](https://docs.my-aac.org)
 * [my-aac.org - FAQ](https://my-aac.org/faqs/)
 ### Requirements
@@ -47,23 +54,23 @@ Official website: https://my-aac.org
 ### Configuration
-Check *config.php* to get more informations. (Notice: MyAAC 1.0+ doesn't use config.php anymore, it has been moved to Admin Panel - Settings page).
+Check *config.php* to get more information. (Notice: MyAAC 1.0+ doesn't use config.php anymore, it has been moved to Admin Panel - Settings page).
 Use *config.local.php* for your local configuration changes.
 ### Branches
 This repository follows the Git Flow Workflow.
-Cheatsheet: [Git-Flow-Cheetsheet](https://danielkummer.github.io/git-flow-cheatsheet)
+Cheatsheet: [Git-Flow-Cheatsheet](https://danielkummer.github.io/git-flow-cheatsheet)
 That means, we use:
-* master branch, for current stable release
+* main branch, for current stable release
 * develop branch, for development version (next release)
 * feature branches, for features etc.
 ### Known Problems
- Some compatibility issues with some exotical distibutions.
+- Some compatibility issues with some exotic distributions.
 ### Contributing
@@ -73,11 +80,11 @@ Pull requests should be made to the *develop* branch as that is the working bran
 Bug fixes to current release should be done to master branch.
-Look: [Contributing](https://github.com/otsoft/myaac/wiki/Contributing) in our wiki.
+Look: [Contributing](https://docs.my-aac.org/misc/contributing) in our wiki.
 ### Other Notes
-If you have a great idea or want contribute to the project - visit our website at https://www.my-aac.org
+If you have a great idea or want to contribute to the project - visit our website at https://www.my-aac.org
 ## Project supported by JetBrains
@@ -88,4 +95,4 @@ Many thanks to Jetbrains for kindly providing a license for me to work on this a
 ### License
 This program and all associated files are released under the GNU Public License.  
-See [LICENSE](https://github.com/slawkens/myaac/blob/master/LICENSE) for details.
+See [LICENSE](https://github.com/slawkens/myaac/blob/main/LICENSE) for details.
--- a/admin/includes/debugbar.php
+++ b/admin/includes/debugbar.php
@@ -7,7 +7,7 @@ $hooks->register('debugbar_admin_head_end', HOOK_ADMIN_HEAD_END, function ($para
 		return;
 	}
-	$debugBarRenderer = $debugBar->getJavascriptRenderer();
+	$debugBarRenderer = $debugBar->getJavascriptRenderer(BASE_URL . 'vendor/maximebf/debugbar/src/DebugBar/Resources/');
 	echo $debugBarRenderer->renderHead();
 });
 $hooks->register('debugbar_admin_body_end', HOOK_ADMIN_BODY_END, function ($params) {
@@ -17,6 +17,6 @@ $hooks->register('debugbar_admin_body_end', HOOK_ADMIN_BODY_END, function ($para
 		return;
 	}
-	$debugBarRenderer = $debugBar->getJavascriptRenderer();
+	$debugBarRenderer = $debugBar->getJavascriptRenderer(BASE_URL . 'vendor/maximebf/debugbar/src/DebugBar/Resources/');
 	echo $debugBarRenderer->render();
 });
--- a/admin/index.php
+++ b/admin/index.php
@@ -1,6 +1,8 @@
 <?php
 // few things we'll need
 use MyAAC\Plugins;
 require '../common.php';
 const ADMIN_PANEL = true;
@@ -42,15 +44,21 @@ if(!$logged || !admin()) {
 	$page = 'login';
 }
-// include our page
+$pluginsAdminPages = Plugins::getAdminPages();
-$file = __DIR__ . '/pages/' . $page . '.php';
+if(isset($pluginsAdminPages[$page]) && file_exists(BASE . $pluginsAdminPages[$page])) {
-if(!@file_exists($file)) {
+	$file = BASE . $pluginsAdminPages[$page];
-	if (str_contains($page, 'plugins/')) {
+}
-		$file = BASE . $page;
+else {
-	}
+	// include our page
-	else {
+	$file = __DIR__ . '/pages/' . $page . '.php';
-		$page = '404';
+	if(!@file_exists($file)) {
-		$file = SYSTEM . 'pages/404.php';
+		if (str_contains($page, 'plugins/')) {
 			$file = BASE . $page;
 		}
 		else {
 			$page = '404';
 			$file = SYSTEM . 'pages/404.php';
 		}
 	}
 }
--- a/admin/pages/accounts.php
+++ b/admin/pages/accounts.php
@@ -26,7 +26,6 @@ if (setting('core.account_country'))
 $nameOrNumberColumn = getAccountIdentityColumn();
 $hasSecretColumn = $db->hasColumn('accounts', 'secret');
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $hasTypeColumn = $db->hasColumn('accounts', 'type');
 $hasGroupColumn = $db->hasColumn('accounts', 'group_id');
@@ -136,11 +135,18 @@ else if (isset($_REQUEST['search'])) {
 			if (!Validator::email($email))
 				$errors['email'] = Validator::getLastError();
-			//tibia coins
+			// tibia coins
-			if ($hasCoinsColumn) {
+			if (HAS_ACCOUNT_COINS) {
 				$t_coins = $_POST['t_coins'];
 				verify_number($t_coins, 'Tibia coins', 12);
 			}
 			// transferable tibia coins
 			if (HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS) {
 				$t_coins_transferable = $_POST['t_coins_transferable'];
 				verify_number($t_coins_transferable, 'Transferable Tibia coins', 12);
 			}
 			// prem days
 			$p_days = (int)$_POST['p_days'];
 			verify_number($p_days, 'Prem days', 11);
@@ -185,12 +191,18 @@ else if (isset($_REQUEST['search'])) {
 				if ($hasSecretColumn) {
 					$account->setCustomField('secret', $secret);
 				}
 				$account->setCustomField('key', $key);
 				$account->setEMail($email);
-				if ($hasCoinsColumn) {
+
 				if (HAS_ACCOUNT_COINS) {
 					$account->setCustomField('coins', $t_coins);
 				}
 				if (HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS) {
 					$account->setCustomField(ACCOUNT_COINS_TRANSFERABLE_COLUMN, $t_coins_transferable);
 				}
 				$lastDay = 0;
 				if($p_days != 0 && $p_days != OTS_Account::GRATIS_PREMIUM_DAYS) {
 					$lastDay = time();
@@ -223,9 +235,6 @@ else if (isset($_REQUEST['search'])) {
 					$password = encrypt($password);
 					$account->setPassword($password);
 					if (USE_ACCOUNT_SALT)
 						$account->setCustomField('salt', $salt);
 				}
 				$account->save();
@@ -395,12 +404,18 @@ else if (isset($_REQUEST['search'])) {
 										<label for="email">Email:</label><?php echo (setting('core.mail_enabled') ? ' (<a href="' . ADMIN_URL . '?p=mailer&mail_to=' . $account->getEMail() . '">Send Mail</a>)' : ''); ?>
 										<input type="text" class="form-control" id="email" name="email" autocomplete="off" value="<?php echo $account->getEMail(); ?>"/>
 									</div>
-									<?php if ($hasCoinsColumn): ?>
+									<?php if (HAS_ACCOUNT_COINS): ?>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="t_coins">Tibia Coins:</label>
 											<input type="text" class="form-control" id="t_coins" name="t_coins" autocomplete="off" maxlength="11" value="<?php echo $account->getCustomField('coins') ?>"/>
 										</div>
 									<?php endif; ?>
 									<?php if (HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS): ?>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="t_coins_transferable">Transferable Tibia Coins:</label>
 											<input type="text" class="form-control" id="t_coins_transferable" name="t_coins_transferable" autocomplete="off" maxlength="11" value="<?php echo $account->getCustomField(ACCOUNT_COINS_TRANSFERABLE_COLUMN) ?>"/>
 										</div>
 									<?php endif; ?>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="p_days">Premium Days:</label>
 										<input type="text" class="form-control" id="p_days" name="p_days" autocomplete="off" maxlength="11" value="<?php echo $account->getPremDays(); ?>"/>
--- a/admin/pages/clmd.php
+++ b/admin/pages/clmd.php
@@ -11,12 +11,12 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'MyAAC Changelog';
-if (!file_exists(BASE . 'CHANGELOG.md')) {
+if (!file_exists(BASE . 'CHANGELOG-1.x.md')) {
 	echo 'File CHANGELOG.md doesn\'t exist.';
 	return;
 }
-$changelog = file_get_contents(BASE . 'CHANGELOG.md');
+$changelog = file_get_contents(BASE . 'CHANGELOG-1.x.md');
 $Parsedown = new Parsedown();
--- a/admin/pages/mailer.php
+++ b/admin/pages/mailer.php
@@ -25,9 +25,10 @@ if (!setting('core.mail_enabled')) {
 	return;
 }
-$mail_to = isset($_POST['mail_to']) ? stripslashes(trim($_POST['mail_to'])) : null;
+$mail_to = isset($_REQUEST['mail_to']) ? stripslashes(trim($_REQUEST['mail_to'])) : null;
 $mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : null;
 $mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : null;
 $mail_verified_only = $_POST['mail_verified_only'] ?? false;
 if (isset($_POST['submit'])) {
 	if (empty($mail_subject)) {
@@ -58,14 +59,14 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
 	$success = 0;
 	$failed = 0;
-	$add = '';
+	$query = Account::where('email', '!=', '');
-	if (setting('core.account_mail_verify')) {
+
-		note('Note: Sending only to users with verified E-Mail.');
+	if ($mail_verified_only) {
-		$add = ' AND `email_verified` = 1';
+		info('Note: Sending only to users with verified E-Mail.');
 		$query->where('email_verified', 1);
 	}
-	$query = Account::where('email', '!=', '')->get(['email']);
+	foreach ($query->get(['email']) as $email) {
 	foreach ($query as $email) {
 		if (_mail($email->email, $mail_subject, $mail_content)) {
 			$success++;
 		}
@@ -84,5 +85,6 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
 $twig->display('admin.mailer.html.twig', [
 	'mail_to' => $mail_to,
 	'mail_subject' => $mail_subject,
-	'mail_content' => $mail_content
+	'mail_content' => $mail_content,
 	'mail_verified_only' => $mail_verified_only,
 ]);
--- a/admin/pages/mass_account.php
+++ b/admin/pages/mass_account.php
@@ -18,7 +18,6 @@ $title = 'Mass Account Actions';
 csrfProtect();
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $freePremium = $config['lua']['freePremium'];
@@ -40,9 +39,7 @@ function admin_give_points($points)
 function admin_give_coins($coins)
 {
-	global $hasCoinsColumn;
+	if (!HAS_ACCOUNT_COINS) {
 	if (!$hasCoinsColumn) {
 		displayMessage('Coins not supported.');
 		return;
 	}
@@ -167,19 +164,19 @@ if (!empty(ACTION) && isRequestMethod('post')) {
 }
 else {
 	$twig->display('admin.tools.account.html.twig', array(
-		'hasCoinsColumn' => $hasCoinsColumn,
+		'hasCoinsColumn' => HAS_ACCOUNT_COINS,
 		'hasPointsColumn' => $hasPointsColumn,
 		'freePremium' => $freePremium,
 	));
 }
 function displayMessage($message, $success = false) {
-	global $twig, $hasCoinsColumn, $hasPointsColumn, $freePremium;
+	global $twig, $hasPointsColumn, $freePremium;
 	$success ? success($message): error($message);
 	$twig->display('admin.tools.account.html.twig', array(
-		'hasCoinsColumn' => $hasCoinsColumn,
+		'hasCoinsColumn' => HAS_ACCOUNT_COINS,
 		'hasPointsColumn' => $hasPointsColumn,
 		'freePremium' => $freePremium,
 	));
--- a/admin/pages/modules/balance.php
+++ b/admin/pages/modules/balance.php
@@ -7,7 +7,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 $balance = 0;
 if ($db->hasColumn('players', 'balance')) {
-	$balance = Player::orderByDesc('balance')->limit(10)->get(['balance', 'id','name', 'level'])->toArray();
+	$balance = Player::orderByDesc('balance')->limit(10)->get(['id', 'name', 'balance'])->toArray();
 }
 $twig->display('balance.html.twig', array(
--- a/admin/pages/modules/coins.php
+++ b/admin/pages/modules/coins.php
@@ -6,8 +6,13 @@ defined('MYAAC') or die('Direct access not allowed!');
 $coins = 0;
-if ($db->hasColumn('accounts', 'coins')) {
+if (HAS_ACCOUNT_COINS) {
-	$coins = Account::orderByDesc('coins')->limit(10)->get(['coins', (USE_ACCOUNT_NAME ? 'name' : 'id')])->toArray();
+	$whatToGet = ['id', 'coins'];
 	if (USE_ACCOUNT_NAME) {
 		$whatToGet[] = 'name';
 	}
 	$coins = Account::orderByDesc('coins')->limit(10)->get($whatToGet)->toArray();
 }
 $twig->display('coins.html.twig', array(
--- a/admin/pages/modules/lastlogin.php
+++ b/admin/pages/modules/lastlogin.php
@@ -7,7 +7,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 $players = 0;
 if ($db->hasColumn('players', 'lastlogin')) {
-	$players = Player::orderByDesc('lastlogin')->limit(10)->get(['name', 'level', 'lastlogin'])->toArray();
+	$players = Player::orderByDesc('lastlogin')->limit(10)->get(['id', 'name', 'level', 'lastlogin'])->toArray();
 }
 $twig->display('lastlogin.html.twig', array(
--- a/admin/pages/modules/templates/balance.html.twig
+++ b/admin/pages/modules/templates/balance.html.twig
@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=players&id={{ result.id }}">{{ result.name }}</a></td>
 							<td>{{ result.balance }}</td>
 						</tr>
 					{% endfor %}
--- a/admin/pages/modules/templates/coins.html.twig
+++ b/admin/pages/modules/templates/coins.html.twig
@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=accounts&id={{ result.id }}">{{ result.name ?? result.id }}</a></td>
 							<td>{{ result.coins }}</td>
 						</tr>
 					{% endfor %}
--- a/admin/pages/modules/templates/lastlogin.html.twig
+++ b/admin/pages/modules/templates/lastlogin.html.twig
@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=players&id={{ result.id }}">{{ result.name }}</a></td>
 							<td>{{ result.lastlogin|date("M d Y, H:i:s") }}</td>
 						</tr>
 					{% endfor %}
--- a/admin/pages/modules/templates/points.html.twig
+++ b/admin/pages/modules/templates/points.html.twig
@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=accounts&id={{ result.id }}">{{ result.name }}</a></td>
 							<td>{{ result.premium_points }}</td>
 						</tr>
 					{% endfor %}
--- a/admin/pages/plugins.php
+++ b/admin/pages/plugins.php
@@ -17,7 +17,7 @@ csrfProtect();
 $use_datatable = true;
-if (!getBoolean(setting('core.admin_plugins_manage_enable'))) {
+if (!setting('core.admin_plugins_manage_enable')) {
 	warning('Plugin installation and management is disabled in Settings.<br/>If you wish to enable, go to Settings and enable <strong>Enable Plugins Manage</strong>.');
 }
 else {
@@ -51,6 +51,56 @@ else {
 		} else {
 			error('Error while disabling plugin ' . $disable . ': ' . Plugins::getError());
 		}
 	}
 	else if (isset($_GET['check-updates'])) {
 		$repoUri = $config['admin_plugins_api_uri'] ?? 'https://plugins.my-aac.org/api/';
 		success("Fetching latest info from $repoUri..");
 		$adminPlugins = new \MyAAC\Admin\Plugins();
 		$adminPlugins->setApiBaseUri($repoUri);
 		try {
 			$plugins = $adminPlugins->getLatestVersions();
 		}
 		catch (Exception $e) {
 			error($e->getMessage());
 		}
 		if (isset($plugins) && count($plugins) > 0) {
 			$outdated = [];
 			foreach (get_plugins(true) as $plugin) {
 				$string = file_get_contents(BASE . 'plugins/' . $plugin . '.json');
 				$plugin_info = json_decode($string, true);
 				if (!$plugin_info) {
 					continue;
 				}
 				$disabled = (str_contains($plugin, 'disabled.'));
 				$pluginOriginal = ($disabled ? str_replace('disabled.', '', $plugin) : $plugin);
 				$info = $plugins[$pluginOriginal] ?? false;
 				if ($info && version_compare($info['version'], $plugin_info['version'], '>')) {
 					$outdated[] = [
 						'name' => $pluginOriginal,
 						'yourVersion' => $plugin_info['version'],
 						'latestVersion' => $info['version'],
 						'link' => $info['link'] ?? 'Unknown',
 						'download_link' => $info['download_link'] ?? 'Unknown',
 					];
 				}
 			}
 			if (count($outdated) > 0) {
 				info('Following updates have been found for your plugins:');
 				$twig->display('admin.plugins.outdated.html.twig', ['plugins' => $outdated]);
 			}
 			else {
 				success('All plugins up to date!');
 			}
 		}
 	} else if (isset($_FILES['plugin']['name'])) {
 		$file = $_FILES['plugin'];
 		$filename = $file['name'];
--- a/admin/pages/visitors.php
+++ b/admin/pages/visitors.php
@@ -19,8 +19,7 @@ $use_datatable = true;
 if (!setting('core.visitors_counter')): ?>
 	Visitors counter is disabled.<br/>
-	You can enable it by editing this configurable in <b>config.local.php</b> file:<br/>
+	You can enable it in Settings -> General -> Visitors Counter.<br/>
 	<p style="margin-left: 3em;"><b>$config['visitors_counter'] = true;</b></p>
 	<?php
 	return;
 endif;
@@ -46,7 +45,7 @@ foreach ($tmp as &$visitor) {
 		if ($dd->isBot()) {
 			$bot = $dd->getBot();
 			$message = '(Bot) %s, <a href="%s" target="_blank">%s</a>';
-			$browser = sprintf($message, $bot['category'], $bot['url'], $bot['name']);
+			$browser = sprintf($message, $bot['category'] ?? 'Unknown', $bot['url'] ?? '', $bot['name'] ?? 'Unknown name');
 		}
 		else {
 			$osFamily = OperatingSystem::getOsFamily($dd->getOs('name'));
--- a/admin/tools/settings_save.php
+++ b/admin/tools/settings_save.php
@@ -1,6 +1,5 @@
 <?php
 use MyAAC\Hooks;
 use MyAAC\Settings;
 const MYAAC_ADMIN = true;
--- a/common.php
+++ b/common.php
@@ -26,8 +26,8 @@
 if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
 const MYAAC = true;
-const MYAAC_VERSION = '1.3';
+const MYAAC_VERSION = '1.8.1-dev';
-const DATABASE_VERSION = 43;
+const DATABASE_VERSION = 46;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
@@ -122,38 +122,30 @@ if (!IS_CLI) {
 	session_start();
 }
 // basedir
 $basedir = '';
 $tmp = explode('/', $_SERVER['SCRIPT_NAME']);
 $size = count($tmp) - 1;
 for($i = 1; $i < $size; $i++)
 	$basedir .= '/' . $tmp[$i];
 $basedir = str_replace(['/' . ADMIN_PANEL_FOLDER, '/install', '/tools'], '', $basedir);
 define('BASE_DIR', $basedir);
 if(!IS_CLI) {
 	if (isset($_SERVER['HTTP_HOST'][0])) {
 		$baseHost = $_SERVER['HTTP_HOST'];
 	} else {
 		if (isset($_SERVER['SERVER_NAME'][0])) {
 			$baseHost = $_SERVER['SERVER_NAME'];
 		} else {
 			$baseHost = $_SERVER['SERVER_ADDR'];
 		}
 	}
 	define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
 	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
 	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
 	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
 }
 if (file_exists(BASE . 'config.local.php')) {
 	require BASE . 'config.local.php';
 }
 require SYSTEM . 'base.php';
 define('BASE_DIR', $baseDir);
 if(!IS_CLI) {
 	if (isset($config['site_url'])) {
 		$hasSlashAtEnd = ($config['site_url'][strlen($config['site_url']) - 1] == '/');
 		define('SERVER_URL', $config['site_url']);
 		define('BASE_URL', SERVER_URL . ($hasSlashAtEnd ? '' : '/'));
 		define('ADMIN_URL', SERVER_URL . ($hasSlashAtEnd ? '' : '/') . ADMIN_PANEL_FOLDER . '/');
 	}
 	else {
 		define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
 		define('BASE_URL', SERVER_URL . BASE_DIR . '/');
 		define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
 		//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
 	}
 }
 /** @var array $config */
 ini_set('log_errors', 1);
 if(@$config['env'] === 'dev' || defined('MYAAC_INSTALL')) {
--- a/composer.json
+++ b/composer.json
@@ -18,7 +18,8 @@
        "symfony/string": "^6.4",
        "symfony/var-dumper": "^6.4",
        "filp/whoops": "^2.15",
-        "maximebf/debugbar": "1.*"
+        "maximebf/debugbar": "1.*",
        "guzzlehttp/guzzle": "7.9.3"
    },
    "require-dev": {
        "phpstan/phpstan": "^1.10"
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "be4d1489a53a9cd8eec6bcaa7a096f30",
+    "content-hash": "5317e97a5025ebc2a977214bd3fa964c",
    "packages": [
        {
            "name": "brick/math",
@@ -493,6 +493,331 @@
            ],
            "time": "2024-09-25T12:00:00+00:00"
        },
        {
            "name": "guzzlehttp/guzzle",
            "version": "7.9.3",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/guzzle.git",
                "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
                "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
                "shasum": ""
            },
            "require": {
                "ext-json": "*",
                "guzzlehttp/promises": "^1.5.3 || ^2.0.3",
                "guzzlehttp/psr7": "^2.7.0",
                "php": "^7.2.5 || ^8.0",
                "psr/http-client": "^1.0",
                "symfony/deprecation-contracts": "^2.2 || ^3.0"
            },
            "provide": {
                "psr/http-client-implementation": "1.0"
            },
            "require-dev": {
                "bamarni/composer-bin-plugin": "^1.8.2",
                "ext-curl": "*",
                "guzzle/client-integration-tests": "3.0.2",
                "php-http/message-factory": "^1.1",
                "phpunit/phpunit": "^8.5.39 || ^9.6.20",
                "psr/log": "^1.1 || ^2.0 || ^3.0"
            },
            "suggest": {
                "ext-curl": "Required for CURL handler support",
                "ext-intl": "Required for Internationalized Domain Name (IDN) support",
                "psr/log": "Required for using the Log middleware"
            },
            "type": "library",
            "extra": {
                "bamarni-bin": {
                    "bin-links": true,
                    "forward-command": false
                }
            },
            "autoload": {
                "files": [
                    "src/functions_include.php"
                ],
                "psr-4": {
                    "GuzzleHttp\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Graham Campbell",
                    "email": "hello@gjcampbell.co.uk",
                    "homepage": "https://github.com/GrahamCampbell"
                },
                {
                    "name": "Michael Dowling",
                    "email": "mtdowling@gmail.com",
                    "homepage": "https://github.com/mtdowling"
                },
                {
                    "name": "Jeremy Lindblom",
                    "email": "jeremeamia@gmail.com",
                    "homepage": "https://github.com/jeremeamia"
                },
                {
                    "name": "George Mponos",
                    "email": "gmponos@gmail.com",
                    "homepage": "https://github.com/gmponos"
                },
                {
                    "name": "Tobias Nyholm",
                    "email": "tobias.nyholm@gmail.com",
                    "homepage": "https://github.com/Nyholm"
                },
                {
                    "name": "Márk Sági-Kazár",
                    "email": "mark.sagikazar@gmail.com",
                    "homepage": "https://github.com/sagikazarmark"
                },
                {
                    "name": "Tobias Schultze",
                    "email": "webmaster@tubo-world.de",
                    "homepage": "https://github.com/Tobion"
                }
            ],
            "description": "Guzzle is a PHP HTTP client library",
            "keywords": [
                "client",
                "curl",
                "framework",
                "http",
                "http client",
                "psr-18",
                "psr-7",
                "rest",
                "web service"
            ],
            "support": {
                "issues": "https://github.com/guzzle/guzzle/issues",
                "source": "https://github.com/guzzle/guzzle/tree/7.9.3"
            },
            "funding": [
                {
                    "url": "https://github.com/GrahamCampbell",
                    "type": "github"
                },
                {
                    "url": "https://github.com/Nyholm",
                    "type": "github"
                },
                {
                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/guzzle",
                    "type": "tidelift"
                }
            ],
            "time": "2025-03-27T13:37:11+00:00"
        },
        {
            "name": "guzzlehttp/promises",
            "version": "2.2.0",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/promises.git",
                "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/guzzle/promises/zipball/7c69f28996b0a6920945dd20b3857e499d9ca96c",
                "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c",
                "shasum": ""
            },
            "require": {
                "php": "^7.2.5 || ^8.0"
            },
            "require-dev": {
                "bamarni/composer-bin-plugin": "^1.8.2",
                "phpunit/phpunit": "^8.5.39 || ^9.6.20"
            },
            "type": "library",
            "extra": {
                "bamarni-bin": {
                    "bin-links": true,
                    "forward-command": false
                }
            },
            "autoload": {
                "psr-4": {
                    "GuzzleHttp\\Promise\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Graham Campbell",
                    "email": "hello@gjcampbell.co.uk",
                    "homepage": "https://github.com/GrahamCampbell"
                },
                {
                    "name": "Michael Dowling",
                    "email": "mtdowling@gmail.com",
                    "homepage": "https://github.com/mtdowling"
                },
                {
                    "name": "Tobias Nyholm",
                    "email": "tobias.nyholm@gmail.com",
                    "homepage": "https://github.com/Nyholm"
                },
                {
                    "name": "Tobias Schultze",
                    "email": "webmaster@tubo-world.de",
                    "homepage": "https://github.com/Tobion"
                }
            ],
            "description": "Guzzle promises library",
            "keywords": [
                "promise"
            ],
            "support": {
                "issues": "https://github.com/guzzle/promises/issues",
                "source": "https://github.com/guzzle/promises/tree/2.2.0"
            },
            "funding": [
                {
                    "url": "https://github.com/GrahamCampbell",
                    "type": "github"
                },
                {
                    "url": "https://github.com/Nyholm",
                    "type": "github"
                },
                {
                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/promises",
                    "type": "tidelift"
                }
            ],
            "time": "2025-03-27T13:27:01+00:00"
        },
        {
            "name": "guzzlehttp/psr7",
            "version": "2.7.1",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/psr7.git",
                "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/guzzle/psr7/zipball/c2270caaabe631b3b44c85f99e5a04bbb8060d16",
                "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16",
                "shasum": ""
            },
            "require": {
                "php": "^7.2.5 || ^8.0",
                "psr/http-factory": "^1.0",
                "psr/http-message": "^1.1 || ^2.0",
                "ralouphie/getallheaders": "^3.0"
            },
            "provide": {
                "psr/http-factory-implementation": "1.0",
                "psr/http-message-implementation": "1.0"
            },
            "require-dev": {
                "bamarni/composer-bin-plugin": "^1.8.2",
                "http-interop/http-factory-tests": "0.9.0",
                "phpunit/phpunit": "^8.5.39 || ^9.6.20"
            },
            "suggest": {
                "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
            },
            "type": "library",
            "extra": {
                "bamarni-bin": {
                    "bin-links": true,
                    "forward-command": false
                }
            },
            "autoload": {
                "psr-4": {
                    "GuzzleHttp\\Psr7\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Graham Campbell",
                    "email": "hello@gjcampbell.co.uk",
                    "homepage": "https://github.com/GrahamCampbell"
                },
                {
                    "name": "Michael Dowling",
                    "email": "mtdowling@gmail.com",
                    "homepage": "https://github.com/mtdowling"
                },
                {
                    "name": "George Mponos",
                    "email": "gmponos@gmail.com",
                    "homepage": "https://github.com/gmponos"
                },
                {
                    "name": "Tobias Nyholm",
                    "email": "tobias.nyholm@gmail.com",
                    "homepage": "https://github.com/Nyholm"
                },
                {
                    "name": "Márk Sági-Kazár",
                    "email": "mark.sagikazar@gmail.com",
                    "homepage": "https://github.com/sagikazarmark"
                },
                {
                    "name": "Tobias Schultze",
                    "email": "webmaster@tubo-world.de",
                    "homepage": "https://github.com/Tobion"
                },
                {
                    "name": "Márk Sági-Kazár",
                    "email": "mark.sagikazar@gmail.com",
                    "homepage": "https://sagikazarmark.hu"
                }
            ],
            "description": "PSR-7 message implementation that also provides common utility methods",
            "keywords": [
                "http",
                "message",
                "psr-7",
                "request",
                "response",
                "stream",
                "uri",
                "url"
            ],
            "support": {
                "issues": "https://github.com/guzzle/psr7/issues",
                "source": "https://github.com/guzzle/psr7/tree/2.7.1"
            },
            "funding": [
                {
                    "url": "https://github.com/GrahamCampbell",
                    "type": "github"
                },
                {
                    "url": "https://github.com/Nyholm",
                    "type": "github"
                },
                {
                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/psr7",
                    "type": "tidelift"
                }
            ],
            "time": "2025-03-27T12:30:47+00:00"
        },
        {
            "name": "illuminate/collections",
            "version": "v10.48.25",
@@ -1472,6 +1797,166 @@
            },
            "time": "2021-11-05T16:47:00+00:00"
        },
        {
            "name": "psr/http-client",
            "version": "1.0.3",
            "source": {
                "type": "git",
                "url": "https://github.com/php-fig/http-client.git",
                "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/php-fig/http-client/zipball/bb5906edc1c324c9a05aa0873d40117941e5fa90",
                "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90",
                "shasum": ""
            },
            "require": {
                "php": "^7.0 || ^8.0",
                "psr/http-message": "^1.0 || ^2.0"
            },
            "type": "library",
            "extra": {
                "branch-alias": {
                    "dev-master": "1.0.x-dev"
                }
            },
            "autoload": {
                "psr-4": {
                    "Psr\\Http\\Client\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "PHP-FIG",
                    "homepage": "https://www.php-fig.org/"
                }
            ],
            "description": "Common interface for HTTP clients",
            "homepage": "https://github.com/php-fig/http-client",
            "keywords": [
                "http",
                "http-client",
                "psr",
                "psr-18"
            ],
            "support": {
                "source": "https://github.com/php-fig/http-client"
            },
            "time": "2023-09-23T14:17:50+00:00"
        },
        {
            "name": "psr/http-factory",
            "version": "1.1.0",
            "source": {
                "type": "git",
                "url": "https://github.com/php-fig/http-factory.git",
                "reference": "2b4765fddfe3b508ac62f829e852b1501d3f6e8a"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/php-fig/http-factory/zipball/2b4765fddfe3b508ac62f829e852b1501d3f6e8a",
                "reference": "2b4765fddfe3b508ac62f829e852b1501d3f6e8a",
                "shasum": ""
            },
            "require": {
                "php": ">=7.1",
                "psr/http-message": "^1.0 || ^2.0"
            },
            "type": "library",
            "extra": {
                "branch-alias": {
                    "dev-master": "1.0.x-dev"
                }
            },
            "autoload": {
                "psr-4": {
                    "Psr\\Http\\Message\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "PHP-FIG",
                    "homepage": "https://www.php-fig.org/"
                }
            ],
            "description": "PSR-17: Common interfaces for PSR-7 HTTP message factories",
            "keywords": [
                "factory",
                "http",
                "message",
                "psr",
                "psr-17",
                "psr-7",
                "request",
                "response"
            ],
            "support": {
                "source": "https://github.com/php-fig/http-factory"
            },
            "time": "2024-04-15T12:06:14+00:00"
        },
        {
            "name": "psr/http-message",
            "version": "2.0",
            "source": {
                "type": "git",
                "url": "https://github.com/php-fig/http-message.git",
                "reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/php-fig/http-message/zipball/402d35bcb92c70c026d1a6a9883f06b2ead23d71",
                "reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71",
                "shasum": ""
            },
            "require": {
                "php": "^7.2 || ^8.0"
            },
            "type": "library",
            "extra": {
                "branch-alias": {
                    "dev-master": "2.0.x-dev"
                }
            },
            "autoload": {
                "psr-4": {
                    "Psr\\Http\\Message\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "PHP-FIG",
                    "homepage": "https://www.php-fig.org/"
                }
            ],
            "description": "Common interface for HTTP messages",
            "homepage": "https://github.com/php-fig/http-message",
            "keywords": [
                "http",
                "http-message",
                "psr",
                "psr-7",
                "request",
                "response"
            ],
            "support": {
                "source": "https://github.com/php-fig/http-message/tree/2.0"
            },
            "time": "2023-04-04T09:54:51+00:00"
        },
        {
            "name": "psr/log",
            "version": "3.0.2",
@@ -1573,6 +2058,50 @@
            },
            "time": "2021-10-29T13:26:27+00:00"
        },
        {
            "name": "ralouphie/getallheaders",
            "version": "3.0.3",
            "source": {
                "type": "git",
                "url": "https://github.com/ralouphie/getallheaders.git",
                "reference": "120b605dfeb996808c31b6477290a714d356e822"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/ralouphie/getallheaders/zipball/120b605dfeb996808c31b6477290a714d356e822",
                "reference": "120b605dfeb996808c31b6477290a714d356e822",
                "shasum": ""
            },
            "require": {
                "php": ">=5.6"
            },
            "require-dev": {
                "php-coveralls/php-coveralls": "^2.1",
                "phpunit/phpunit": "^5 || ^6.5"
            },
            "type": "library",
            "autoload": {
                "files": [
                    "src/getallheaders.php"
                ]
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Ralph Khattar",
                    "email": "ralph.khattar@gmail.com"
                }
            ],
            "description": "A polyfill for getallheaders.",
            "support": {
                "issues": "https://github.com/ralouphie/getallheaders/issues",
                "source": "https://github.com/ralouphie/getallheaders/tree/develop"
            },
            "time": "2019-03-08T08:55:37+00:00"
        },
        {
            "name": "symfony/console",
            "version": "v6.4.17",
@@ -2910,7 +3439,7 @@
    ],
    "aliases": [],
    "minimum-stability": "stable",
-    "stability-flags": [],
+    "stability-flags": {},
    "prefer-stable": false,
    "prefer-lowest": false,
    "platform": {
@@ -2921,6 +3450,6 @@
        "ext-xml": "*",
        "ext-dom": "*"
    },
-    "platform-dev": [],
+    "platform-dev": {},
-    "plugin-api-version": "2.3.0"
+    "plugin-api-version": "2.6.0"
 }
--- a/cypress/e2e/3-check-public-pages.cy.js
+++ b/cypress/e2e/3-check-public-pages.cy.js
@@ -17,7 +17,7 @@ describe('Check Public Pages', () => {
 	it('Go to changelog page', () => {
 		cy.visit({
-			url: Cypress.env('URL') + '/changelog',
+			url: Cypress.env('URL') + '/change-log',
 			method: 'GET',
 		})
 	})
@@ -132,7 +132,7 @@ describe('Check Public Pages', () => {
 	it('Go to server info page', () => {
 		cy.visit({
-			url: Cypress.env('URL') + '/server-info',
+			url: Cypress.env('URL') + '/ots-info',
 			method: 'GET',
 		})
 	})
--- a/images/order_asc.gif
+++ b/images/order_asc.gif
--- a/images/order_desc.gif
+++ b/images/order_desc.gif
--- a/index.php
+++ b/index.php
@@ -31,11 +31,11 @@ require_once 'common.php';
 require_once SYSTEM . 'functions.php';
 $uri = $_SERVER['REQUEST_URI'];
-if(false !== strpos($uri, 'index.php')) {
+if(str_contains($uri, 'index.php')) {
 	$uri = str_replace_first('/index.php', '', $uri);
 }
-if(0 === strpos($uri, '/')) {
+if(str_starts_with($uri, '/')) {
 	$uri = str_replace_first('/', '', $uri);
 }
@@ -93,6 +93,7 @@ if(setting('core.backward_support')) {
 	if($logged && $account_logged)
 		$group_id_of_acc_logged = $account_logged->getGroupId();
 	$config['serverPath'] = $config['server_path'];
 	$config['site'] = &$config;
 	$config['server'] = &$config['lua'];
 	$config['site']['shop_system'] = setting('core.gifts_system');
@@ -117,6 +118,14 @@ if(setting('core.backward_support')) {
 		$config['status']['serverStatus_' . $key] = $value;
 }
 if(setting('core.views_counter')) {
 	require_once SYSTEM . 'counter.php';
 }
 if(setting('core.visitors_counter')) {
 	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
 }
 require_once SYSTEM . 'router.php';
 // anonymous usage statistics
@@ -153,21 +162,6 @@ if(setting('core.anonymous_usage_statistics')) {
 	}
 }
 if(setting('core.views_counter'))
 	require_once SYSTEM . 'counter.php';
 if(setting('core.visitors_counter')) {
 	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
 }
 /**
 * @var OTS_Account $account_logged
 */
 if ($logged && admin()) {
 	$content .= $twig->render('admin-bar.html.twig', [
 		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
 	]);
 }
 $title_full =  (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];
 require $template_path . '/' . $template_index;
--- a/install/includes/config.php
+++ b/install/includes/config.php
@@ -26,6 +26,9 @@ if(!isset($error) || !$error) {
 		$config['database_type'] = $config['lua']['database_type'];
 	else if(isset($config['lua']['sql_type'])) // otserv
 		$config['database_type'] = $config['lua']['sql_type'];
 	else {
 		$config['database_type'] = '';
 	}
 	$config['database_type'] = strtolower($config['database_type']);
 	if(empty($config['database_type'])) {
--- a/install/includes/schema.sql
+++ b/install/includes/schema.sql
@@ -1,35 +1,44 @@
-SET @myaac_database_version = 43;
+SET @myaac_database_version = 45;
 CREATE TABLE `myaac_account_actions`
 (
-	`account_id` INT(11) NOT NULL,
+	`account_id` int NOT NULL,
-	`ip` INT(10) UNSIGNED NOT NULL DEFAULT 0,
+	`ip` int unsigned NOT NULL DEFAULT 0,
-	`ipv6` BINARY(16) NOT NULL DEFAULT 0,
+	`ipv6` binary(16) NOT NULL DEFAULT 0,
-	`date` INT(11) NOT NULL DEFAULT 0,
+	`date` int NOT NULL DEFAULT 0,
-	`action` VARCHAR(255) NOT NULL DEFAULT '',
+	`action` varchar(255) NOT NULL DEFAULT '',
 	KEY (`account_id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_account_email_codes`
 (
 	`id` int(11) NOT NULL AUTO_INCREMENT,
 	`account_id` int NOT NULL,
 	`code` varchar(6) NOT NULL,
 	`created_at` int NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_admin_menu`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(255) NOT NULL DEFAULT '',
+	`name` varchar(255) NOT NULL DEFAULT '',
-	`page` VARCHAR(255) NOT NULL DEFAULT '',
+	`page` varchar(255) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`ordering` int NOT NULL DEFAULT 0,
-	`flags` INT(11) NOT NULL DEFAULT 0,
+	`flags` int NOT NULL DEFAULT 0,
-	`enabled` INT(1) NOT NULL DEFAULT 1,
+	`enabled` int NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_changelog`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`body` VARCHAR(500) NOT NULL DEFAULT '',
+	`body` varchar(500) NOT NULL DEFAULT '',
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - added, 2 - removed, 3 - changed, 4 - fixed',
+	`type` tinyint NOT NULL DEFAULT 0 COMMENT '1 - added, 2 - removed, 3 - changed, 4 - fixed',
-	`where` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - server, 2 - site',
+	`where` tinyint NOT NULL DEFAULT 0 COMMENT '1 - server, 2 - site',
-	`date` INT(11) NOT NULL DEFAULT 0,
+	`date` int NOT NULL DEFAULT 0,
-	`player_id` INT(11) NOT NULL DEFAULT 0,
+	`player_id` int NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
@@ -37,9 +46,9 @@ INSERT INTO `myaac_changelog` (`id`, `type`, `where`, `date`, `body`, `hide`) VA
 CREATE TABLE `myaac_config`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(30) NOT NULL,
+	`name` varchar(30) NOT NULL,
-	`value` VARCHAR(1000) NOT NULL,
+	`value` varchar(1000) NOT NULL,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
@@ -48,24 +57,24 @@ INSERT INTO `myaac_config` (`name`, `value`) VALUES ('database_version', @myaac_
 CREATE TABLE `myaac_faq`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`question` VARCHAR(255) NOT NULL DEFAULT '',
+	`question` varchar(255) NOT NULL DEFAULT '',
-	`answer` VARCHAR(1020) NOT NULL DEFAULT '',
+	`answer` varchar(1020) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`ordering` int NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_forum_boards`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(32) NOT NULL,
+	`name` varchar(32) NOT NULL,
-	`description` VARCHAR(255) NOT NULL DEFAULT '',
+	`description` varchar(255) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`ordering` int NOT NULL DEFAULT 0,
-	`guild` INT(11) NOT NULL DEFAULT 0,
+	`guild` int NOT NULL DEFAULT 0,
-	`access` INT(11) NOT NULL DEFAULT 0,
+	`access` int NOT NULL DEFAULT 0,
-	`closed` TINYINT(1) NOT NULL DEFAULT 0,
+	`closed` tinyint NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`, `closed`) VALUES (NULL, 'News', 'News commenting', 0, 1);
@@ -76,100 +85,100 @@ INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`) VALUE
 CREATE TABLE `myaac_forum`
 (
-	`id` int(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`first_post` int(11) NOT NULL default '0',
+	`first_post` int NOT NULL DEFAULT 0,
-	`last_post` int(11) NOT NULL default '0',
+	`last_post` int NOT NULL DEFAULT 0,
-	`section` int(3) NOT NULL default '0',
+	`section` int NOT NULL DEFAULT 0,
-	`replies` int(20) NOT NULL default '0',
+	`replies` int NOT NULL DEFAULT 0,
-	`views` int(20) NOT NULL default '0',
+	`views` int NOT NULL DEFAULT 0,
-	`author_aid` int(20) NOT NULL default '0',
+	`author_aid` int NOT NULL DEFAULT 0,
-	`author_guid` int(20) NOT NULL default '0',
+	`author_guid` int NOT NULL DEFAULT 0,
 	`post_text` text NOT NULL,
 	`post_topic` varchar(255) NOT NULL DEFAULT '',
-	`post_smile` tinyint(1) NOT NULL default '0',
+	`post_smile` tinyint NOT NULL DEFAULT 0,
-	`post_html` tinyint(1) NOT NULL default '0',
+	`post_html` tinyint NOT NULL DEFAULT 0,
-	`post_date` int(20) NOT NULL default '0',
+	`post_date` int NOT NULL DEFAULT 0,
-	`last_edit_aid` int(20) NOT NULL default '0',
+	`last_edit_aid` int NOT NULL DEFAULT 0,
-	`edit_date` int(20) NOT NULL default '0',
+	`edit_date` int NOT NULL DEFAULT 0,
-	`post_ip` varchar(45) NOT NULL default '0.0.0.0',
+	`post_ip` varchar(45) NOT NULL DEFAULT '0.0.0.0',
-	`sticked` tinyint(1) NOT NULL DEFAULT '0',
+	`sticked` tinyint NOT NULL DEFAULT 0,
-	`closed` tinyint(1) NOT NULL DEFAULT '0',
+	`closed` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	KEY `section` (`section`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_menu`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`template` VARCHAR(255) NOT NULL,
+	`template` varchar(255) NOT NULL,
-	`name` VARCHAR(255) NOT NULL,
+	`name` varchar(255) NOT NULL,
-	`link` VARCHAR(255) NOT NULL,
+	`link` varchar(255) NOT NULL,
-	`blank` TINYINT(1) NOT NULL DEFAULT 0,
+	`blank` tinyint NOT NULL DEFAULT 0,
-	`color` VARCHAR(6) NOT NULL DEFAULT '',
+	`color` varchar(6) NOT NULL DEFAULT '',
-	`category` INT(11) NOT NULL DEFAULT 1,
+	`category` int NOT NULL DEFAULT 1,
-	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`ordering` int NOT NULL DEFAULT 0,
-	`enabled` INT(1) NOT NULL DEFAULT 1,
+	`enabled` int NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_monsters` (
-	`id` int(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`hide` tinyint(1) NOT NULL default 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	`name` varchar(255) NOT NULL,
-	`mana` int(11) NOT NULL DEFAULT 0,
+	`mana` int NOT NULL DEFAULT 0,
-	`exp` int(11) NOT NULL,
+	`exp` int NOT NULL,
-	`health` int(11) NOT NULL,
+	`health` int NOT NULL,
-	`look` VARCHAR(255) NOT NULL DEFAULT '',
+	`look` varchar(255) NOT NULL DEFAULT '',
-	`speed_lvl` int(11) NOT NULL default 1,
+	`speed_lvl` int NOT NULL DEFAULT 1,
-	`use_haste` tinyint(1) NOT NULL,
+	`use_haste` tinyint NOT NULL,
 	`voices` text NOT NULL,
 	`immunities` varchar(255) NOT NULL,
-	`elements` TEXT NOT NULL,
+	`elements` text NOT NULL,
-	`summonable` tinyint(1) NOT NULL,
+	`summonable` tinyint NOT NULL,
-	`convinceable` tinyint(1) NOT NULL,
+	`convinceable` tinyint NOT NULL,
-	`pushable` TINYINT(1) NOT NULL DEFAULT '0',
+	`pushable` tinyint NOT NULL DEFAULT 0,
-	`canpushitems` TINYINT(1) NOT NULL DEFAULT '0',
+	`canpushitems` tinyint NOT NULL DEFAULT 0,
-	`canwalkonenergy` TINYINT(1) NOT NULL DEFAULT '0',
+	`canwalkonenergy` tinyint NOT NULL DEFAULT 0,
-	`canwalkonpoison` TINYINT(1) NOT NULL DEFAULT '0',
+	`canwalkonpoison` tinyint NOT NULL DEFAULT 0,
-	`canwalkonfire` TINYINT(1) NOT NULL DEFAULT '0',
+	`canwalkonfire` tinyint NOT NULL DEFAULT 0,
-	`runonhealth` TINYINT(1) NOT NULL DEFAULT '0',
+	`runonhealth` tinyint NOT NULL DEFAULT 0,
-	`hostile` TINYINT(1) NOT NULL DEFAULT '0',
+	`hostile` tinyint NOT NULL DEFAULT 0,
-	`attackable` TINYINT(1) NOT NULL DEFAULT '0',
+	`attackable` tinyint NOT NULL DEFAULT 0,
-	`rewardboss` TINYINT(1) NOT NULL DEFAULT '0',
+	`rewardboss` tinyint NOT NULL DEFAULT 0,
-	`defense` INT(11) NOT NULL DEFAULT '0',
+	`defense` int NOT NULL DEFAULT 0,
-	`armor` INT(11) NOT NULL DEFAULT '0',
+	`armor` int NOT NULL DEFAULT 0,
-	`canpushcreatures` TINYINT(1) NOT NULL DEFAULT '0',
+	`canpushcreatures` tinyint NOT NULL DEFAULT 0,
 	`race` varchar(255) NOT NULL,
 	`loot` text NOT NULL,
-	`summons` TEXT NOT NULL,
+	`summons` text NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_news`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`title` VARCHAR(100) NOT NULL,
+	`title` varchar(100) NOT NULL,
-	`body` TEXT NOT NULL,
+	`body` text NOT NULL,
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - news, 2 - ticker, 3 - article',
+	`type` tinyint NOT NULL DEFAULT 0 COMMENT '1 - news, 2 - ticker, 3 - article',
-	`date` INT(11) NOT NULL DEFAULT 0,
+	`date` int NOT NULL DEFAULT 0,
-	`category` TINYINT(1) NOT NULL DEFAULT 0,
+	`category` tinyint NOT NULL DEFAULT 0,
-	`player_id` INT(11) NOT NULL DEFAULT 0,
+	`player_id` int NOT NULL DEFAULT 0,
-	`last_modified_by` INT(11) NOT NULL DEFAULT 0,
+	`last_modified_by` int NOT NULL DEFAULT 0,
-	`last_modified_date` INT(11) NOT NULL DEFAULT 0,
+	`last_modified_date` int NOT NULL DEFAULT 0,
-	`comments` VARCHAR(50) NOT NULL DEFAULT '',
+	`comments` varchar(50) NOT NULL DEFAULT '',
-	`article_text` VARCHAR(300) NOT NULL DEFAULT '',
+	`article_text` varchar(300) NOT NULL DEFAULT '',
-	`article_image` VARCHAR(100) NOT NULL DEFAULT '',
+	`article_image` varchar(100) NOT NULL DEFAULT '',
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_news_categories`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(50) NOT NULL DEFAULT "",
+	`name` varchar(50) NOT NULL DEFAULT "",
-	`description` VARCHAR(50) NOT NULL DEFAULT "",
+	`description` varchar(50) NOT NULL DEFAULT "",
-	`icon_id` INT(2) NOT NULL DEFAULT 0,
+	`icon_id` int NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
@@ -181,39 +190,39 @@ INSERT INTO `myaac_news_categories` (`id`, `icon_id`) VALUES (NULL, 4);
 CREATE TABLE `myaac_notepad`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`account_id` INT(11) NOT NULL,
+	`account_id` int NOT NULL,
-	/*`name` VARCHAR(30) NOT NULL,*/
+	/*`name` varchar(30) NOT NULL,*/
-	`content` TEXT NOT NULL,
+	`content` text NOT NULL,
-	/*`public` TINYINT(1) NOT NULL DEFAULT 0*/
+	/*`public` tinyint NOT NULL DEFAULT 0*/
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_pages`
 (
 	`id` INT NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(30) NOT NULL,
+	`name` varchar(30) NOT NULL,
-	`title` VARCHAR(30) NOT NULL,
+	`title` varchar(30) NOT NULL,
-	`body` TEXT NOT NULL,
+	`body` text NOT NULL,
-	`date` INT(11) NOT NULL DEFAULT 0,
+	`date` int NOT NULL DEFAULT 0,
-	`player_id` INT(11) NOT NULL DEFAULT 0,
+	`player_id` int NOT NULL DEFAULT 0,
-	`php` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '0 - plain html, 1 - php',
+	`php` tinyint NOT NULL DEFAULT 0 COMMENT '0 - plain html, 1 - php',
-	`enable_tinymce` TINYINT(1) NOT NULL DEFAULT 1 COMMENT '1 - enabled, 0 - disabled',
+	`enable_tinymce` tinyint NOT NULL DEFAULT 1 COMMENT '1 - enabled, 0 - disabled',
-	`access` TINYINT(2) NOT NULL DEFAULT 0,
+	`access` tinyint NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_gallery`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`comment` VARCHAR(255) NOT NULL DEFAULT '',
+	`comment` varchar(255) NOT NULL DEFAULT '',
-	`image` VARCHAR(255) NOT NULL,
+	`image` varchar(255) NOT NULL,
-	`thumb` VARCHAR(255) NOT NULL,
+	`thumb` varchar(255) NOT NULL,
-	`author` VARCHAR(50) NOT NULL DEFAULT '',
+	`author` varchar(50) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`ordering` int NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
@@ -221,51 +230,51 @@ INSERT INTO `myaac_gallery` (`id`, `ordering`, `comment`, `image`, `thumb`, `aut
 CREATE TABLE `myaac_settings`
 (
-	`id` int(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(255) NOT NULL DEFAULT '',
+	`name` varchar(255) NOT NULL DEFAULT '',
-	`key` VARCHAR(255) NOT NULL DEFAULT '',
+	`key` varchar(255) NOT NULL DEFAULT '',
-	`value` TEXT NOT NULL,
+	`value` text NOT NULL,
 	PRIMARY KEY (`id`),
 	KEY `key` (`key`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_spells`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`spell` VARCHAR(255) NOT NULL DEFAULT '',
+	`spell` varchar(255) NOT NULL DEFAULT '',
-	`name` VARCHAR(255) NOT NULL,
+	`name` varchar(255) NOT NULL,
-	`words` VARCHAR(255) NOT NULL DEFAULT '',
+	`words` varchar(255) NOT NULL DEFAULT '',
-	`category` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - attack, 2 - healing, 3 - summon, 4 - supply, 5 - support',
+	`category` tinyint NOT NULL DEFAULT 0 COMMENT '1 - attack, 2 - healing, 3 - summon, 4 - supply, 5 - support',
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune',
+	`type` tinyint NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune',
-	`level` INT(11) NOT NULL DEFAULT 0,
+	`level` int NOT NULL DEFAULT 0,
-	`maglevel` INT(11) NOT NULL DEFAULT 0,
+	`maglevel` int NOT NULL DEFAULT 0,
-	`mana` INT(11) NOT NULL DEFAULT 0,
+	`mana` int NOT NULL DEFAULT 0,
-	`soul` TINYINT(3) NOT NULL DEFAULT 0,
+	`soul` tinyint NOT NULL DEFAULT 0,
-	`conjure_id` INT(11) NOT NULL DEFAULT 0,
+	`conjure_id` int NOT NULL DEFAULT 0,
-	`conjure_count` TINYINT(3) NOT NULL DEFAULT 0,
+	`conjure_count` tinyint NOT NULL DEFAULT 0,
-	`reagent` INT(11) NOT NULL DEFAULT 0,
+	`reagent` int NOT NULL DEFAULT 0,
-	`item_id` INT(11) NOT NULL DEFAULT 0,
+	`item_id` int NOT NULL DEFAULT 0,
-	`premium` TINYINT(1) NOT NULL DEFAULT 0,
+	`premium` tinyint NOT NULL DEFAULT 0,
-	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
+	`vocations` varchar(100) NOT NULL DEFAULT '',
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_visitors`
 (
-	`ip` VARCHAR(45) NOT NULL,
+	`ip` varchar(45) NOT NULL,
-	`lastvisit` INT(11) NOT NULL DEFAULT 0,
+	`lastvisit` int NOT NULL DEFAULT 0,
-	`page` VARCHAR(2048) NOT NULL,
+	`page` varchar(2048) NOT NULL,
-	`user_agent` VARCHAR(255) NOT NULL DEFAULT '',
+	`user_agent` varchar(255) NOT NULL DEFAULT '',
 	UNIQUE (`ip`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_weapons`
 (
-	`id` INT(11) NOT NULL,
+	`id` int NOT NULL,
-	`level` INT(11) NOT NULL DEFAULT 0,
+	`level` int NOT NULL DEFAULT 0,
-	`maglevel` INT(11) NOT NULL DEFAULT 0,
+	`maglevel` int NOT NULL DEFAULT 0,
-	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
+	`vocations` varchar(100) NOT NULL DEFAULT '',
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
--- a/install/steps/4-config.php
+++ b/install/steps/4-config.php
@@ -10,6 +10,14 @@ foreach($config['clients'] as $client) {
 	$clients[$client] = $client_version;
 }
 if (empty($_SESSION['var_site_url'])) {
 	//require SYSTEM . 'base.php';
 	$serverUrl = 'http' . (isHttps() ? 's' : '') . '://' . $baseHost;
 	$siteURL = $serverUrl . $baseDir;
 	$_SESSION['var_site_url'] = $siteURL;
 }
 $twig->display('install.config.html.twig', array(
 	'clients' => $clients,
 	'timezones' => DateTimeZone::listIdentifiers(),
--- a/install/steps/7-finish.php
+++ b/install/steps/7-finish.php
@@ -195,13 +195,4 @@ if(!isset($_SESSION['installed'])) {
 	$_SESSION['installed'] = true;
 }
 foreach($_SESSION as $key => $value) {
 	if(strpos($key, 'var_') !== false)
 		unset($_SESSION[$key]);
 }
 unset($_SESSION['saved']);
 if(file_exists(CACHE . 'install.txt')) {
 	unlink(CACHE . 'install.txt');
 }
 $hooks->trigger(HOOK_INSTALL_FINISH_END);
--- a/install/tools/5-database.php
+++ b/install/tools/5-database.php
@@ -7,6 +7,11 @@ require SYSTEM . 'functions.php';
 require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
 	return;
 }
 $error = false;
 require BASE . 'install/includes/config.php';
--- a/install/tools/7-finish.php
+++ b/install/tools/7-finish.php
@@ -17,11 +17,11 @@ ini_set('max_execution_time', 300);
 ob_implicit_flush();
 header('X-Accel-Buffering: no');
-/*
+
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
 	return;
-}*/
+}
 require SYSTEM . 'init.php';
@@ -54,12 +54,13 @@ if ($db->hasTable('players')) {
 	}
 }
 Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php');
 Plugins::installMenus('tibiacom', require TEMPLATES . 'tibiacom/menus.php');
 DataLoader::setLocale($locale);
 DataLoader::load();
 // add menus entries
 require_once SYSTEM . 'migrations/17.php';
 $up();
 // update config.highscores_ids_hidden
 require_once SYSTEM . 'migrations/20.php';
 $up();
@@ -78,6 +79,10 @@ $up();
 require_once SYSTEM . 'migrations/31.php';
 $up();
 // rules page
 require_once SYSTEM . 'migrations/45.php';
 $up();
 if(ModelsFAQ::count() == 0) {
 	ModelsFAQ::create([
 		'question' => 'What is this?',
@@ -89,6 +94,17 @@ $hooks->trigger(HOOK_INSTALL_FINISH);
 $db->setClearCacheAfter(true);
 // cleanup
 foreach($_SESSION as $key => $value) {
 	if(str_contains($key, 'var_')) {
 		unset($_SESSION[$key]);
 	}
 }
 unset($_SESSION['saved']);
 if(file_exists(CACHE . 'install.txt')) {
 	unlink(CACHE . 'install.txt');
 }
 $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_replace('tools/', '',ADMIN_URL), $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(str_replace('tools/', '', BASE_URL), $locale['step_finish_homepage'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$LINK$', generateLink('https://my-aac.org', 'https://my-aac.org', true), $locale['step_finish_desc']);
--- a/login.php
+++ b/login.php
@@ -86,12 +86,25 @@ switch ($action) {
 		die(json_encode(['eventlist' => $eventlist, 'lastupdatetimestamp' => time()]));
 	case 'boostedcreature':
-		$boostedCreature = BoostedCreature::latest();
+		$clientVersion = (int)setting('core.client');
 		// 13.40 and up
 		if ($clientVersion >= 1340) {
 			$creatureBoost = $db->query("SELECT * FROM " . $db->tableName('boosted_creature'))->fetchAll();
 			$bossBoost     = $db->query("SELECT * FROM " . $db->tableName('boosted_boss'))->fetchAll();
 			die(json_encode([
 				'boostedcreature' => true,
 				'creatureraceid'  => intval($creatureBoost[0]['raceid']),
 				'bossraceid'      => intval($bossBoost[0]['raceid'])
 			]));
 		}
 		// lower clients
 		$boostedCreature = BoostedCreature::first();
 		die(json_encode([
 			'boostedcreature' => true,
 			'raceid' => $boostedCreature->raceid
 		]));
 	break;
 	case 'login':
--- a/nginx-sample.conf
+++ b/nginx-sample.conf
@@ -1,6 +1,6 @@
 server {
 	listen 80;
-	root /home/otserv/www/public;
+	root /var/www/html;
 	index index.php;
 	server_name your-domain.com;
@@ -14,7 +14,7 @@ server {
 	# block .htaccess, CHANGELOG.md, composer.json etc.
 	# this is to prevent finding software versions
-	location ~\.(ht|md|json|dist)$ {
+	location ~\.(ht|md|json|dist|sql)$ {
 		deny all;
 	}
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,24 +14,13 @@
        "tinymce": "^7.2.0"
      },
      "devDependencies": {
-        "cypress": "^13.17.0"
+        "cypress": "^14.3.3"
      }
    },
    "node_modules/@colors/colors": {
      "version": "1.5.0",
      "resolved": "https://registry.npmjs.org/@colors/colors/-/colors-1.5.0.tgz",
      "integrity": "sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==",
      "dev": true,
      "license": "MIT",
      "optional": true,
      "engines": {
        "node": ">=0.1.90"
      }
    },
    "node_modules/@cypress/request": {
-      "version": "3.0.7",
+      "version": "3.0.8",
-      "resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.7.tgz",
+      "resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.8.tgz",
-      "integrity": "sha512-LzxlLEMbBOPYB85uXrDqvD4MgcenjRBLIns3zyhx7vTPj/0u2eQhzXvPiGcaJrV38Q9dbkExWp6cOHPJ+EtFYg==",
+      "integrity": "sha512-h0NFgh1mJmm1nr4jCwkGHwKneVYKghUyWe6TMNrk0B9zsjAJxpg8C4/+BAcmLgCPa1vj1V8rNUaILl+zYRUWBQ==",
      "dev": true,
      "license": "Apache-2.0",
      "dependencies": {
@@ -48,7 +37,7 @@
        "json-stringify-safe": "~5.0.1",
        "mime-types": "~2.1.19",
        "performance-now": "^2.1.0",
-        "qs": "6.13.1",
+        "qs": "6.14.0",
        "safe-buffer": "^5.1.2",
        "tough-cookie": "^5.0.0",
        "tunnel-agent": "^0.6.0",
@@ -387,9 +376,9 @@
      }
    },
    "node_modules/call-bind-apply-helpers": {
-      "version": "1.0.1",
+      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
-      "integrity": "sha512-BhYE+WDaywFg2TBWYNXAE+8B1ATnThNBqXHP5nQu0jWJdVvY2hvkpyB3qOmtmDePiS5/BDQ8wASEWGMWRG148g==",
+      "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
@@ -401,14 +390,14 @@
      }
    },
    "node_modules/call-bound": {
-      "version": "1.0.3",
+      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.3.tgz",
+      "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
-      "integrity": "sha512-YTd+6wGlNlPxSuri7Y6X8tY2dmm12UMH66RpKMhiX6rsk5wXXnYgbUcOt8kiS31/AjfoTOvCsE+w8nZQLQnzHA==",
+      "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "call-bind-apply-helpers": "^1.0.1",
+        "call-bind-apply-helpers": "^1.0.2",
-        "get-intrinsic": "^1.2.6"
+        "get-intrinsic": "^1.3.0"
      },
      "engines": {
        "node": ">= 0.4"
@@ -504,9 +493,9 @@
      }
    },
    "node_modules/cli-table3": {
-      "version": "0.6.5",
+      "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.5.tgz",
+      "resolved": "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.1.tgz",
-      "integrity": "sha512-+W/5efTR7y5HRD7gACw9yQjqMVvEMLBHmboM/kPWam+H+Hmyrgjh6YncVKK122YZkXrLudzTuAukUw9FnMf7IQ==",
+      "integrity": "sha512-w0q/enDHhPLq44ovMGdQeeDLvwxwavsJX7oQGYt/LrBlYsyaxyDnp6z3QzFut/6kLLKnlcUVJLrpB7KBfgG/RA==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
@@ -516,7 +505,7 @@
        "node": "10.* || >= 12.*"
      },
      "optionalDependencies": {
-        "@colors/colors": "1.5.0"
+        "colors": "1.4.0"
      }
    },
    "node_modules/cli-truncate": {
@@ -563,6 +552,17 @@
      "dev": true,
      "license": "MIT"
    },
    "node_modules/colors": {
      "version": "1.4.0",
      "resolved": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz",
      "integrity": "sha512-a+UqTh4kgZg/SlGvfbzDHpgRu7AAQOmmqRHJnxhRZICKFUT91brVhNNt58CMWU9PsBbv3PDCZUHbVxuDiH2mtA==",
      "dev": true,
      "license": "MIT",
      "optional": true,
      "engines": {
        "node": ">=0.1.90"
      }
    },
    "node_modules/combined-stream": {
      "version": "1.0.8",
      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
@@ -619,14 +619,14 @@
      }
    },
    "node_modules/cypress": {
-      "version": "13.17.0",
+      "version": "14.3.3",
-      "resolved": "https://registry.npmjs.org/cypress/-/cypress-13.17.0.tgz",
+      "resolved": "https://registry.npmjs.org/cypress/-/cypress-14.3.3.tgz",
-      "integrity": "sha512-5xWkaPurwkIljojFidhw8lFScyxhtiFHl/i/3zov+1Z5CmY4t9tjIdvSXfu82Y3w7wt0uR9KkucbhkVvJZLQSA==",
+      "integrity": "sha512-1Rz7zc9iqLww6BysaESqUhtIuaFHS7nL3wREovAKYsNhLTfX3TbcBWHWgEz70YimH2NkSOsm4oIcJJ9HYHOlew==",
      "dev": true,
      "hasInstallScript": true,
      "license": "MIT",
      "dependencies": {
-        "@cypress/request": "^3.0.6",
+        "@cypress/request": "^3.0.8",
        "@cypress/xvfb": "^1.2.4",
        "@types/sinonjs__fake-timers": "8.1.1",
        "@types/sizzle": "^2.3.2",
@@ -637,9 +637,9 @@
        "cachedir": "^2.3.0",
        "chalk": "^4.1.0",
        "check-more-types": "^2.24.0",
-        "ci-info": "^4.0.0",
+        "ci-info": "^4.1.0",
        "cli-cursor": "^3.1.0",
-        "cli-table3": "~0.6.1",
+        "cli-table3": "0.6.1",
        "commander": "^6.2.1",
        "common-tags": "^1.8.0",
        "dayjs": "^1.10.4",
@@ -663,7 +663,7 @@
        "process": "^0.11.10",
        "proxy-from-env": "1.0.0",
        "request-progress": "^3.0.0",
-        "semver": "^7.5.3",
+        "semver": "^7.7.1",
        "supports-color": "^8.1.1",
        "tmp": "~0.2.3",
        "tree-kill": "1.2.2",
@@ -674,7 +674,7 @@
        "cypress": "bin/cypress"
      },
      "engines": {
-        "node": "^16.0.0 || ^18.0.0 || >=20.0.0"
+        "node": "^18.0.0 || ^20.0.0 || >=22.0.0"
      }
    },
    "node_modules/cypress/node_modules/fs-extra": {
@@ -819,9 +819,9 @@
      }
    },
    "node_modules/es-object-atoms": {
-      "version": "1.0.0",
+      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.0.0.tgz",
+      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz",
-      "integrity": "sha512-MZ4iQ6JwHOBQjahnjwaC1ZtIBH+2ohjamzAO3oaHcXYup7qxjF2fixyH+Q71voWHeOkI2q/TnJao/KfXYIZWbw==",
+      "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
@@ -831,6 +831,22 @@
        "node": ">= 0.4"
      }
    },
    "node_modules/es-set-tostringtag": {
      "version": "2.1.0",
      "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz",
      "integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "es-errors": "^1.3.0",
        "get-intrinsic": "^1.2.6",
        "has-tostringtag": "^1.0.2",
        "hasown": "^2.0.2"
      },
      "engines": {
        "node": ">= 0.4"
      }
    },
    "node_modules/escape-string-regexp": {
      "version": "1.0.5",
      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
@@ -960,14 +976,16 @@
      }
    },
    "node_modules/form-data": {
-      "version": "4.0.1",
+      "version": "4.0.4",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz",
-      "integrity": "sha512-tzN8e4TX8+kkxGPK8D5u0FNmjPUjw3lwC9lSLxxoB/+GtsJG91CO8bSWy73APlgAZzZbXEYZJuxjkHH2w+Ezhw==",
+      "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "asynckit": "^0.4.0",
        "combined-stream": "^1.0.8",
        "es-set-tostringtag": "^2.1.0",
        "hasown": "^2.0.2",
        "mime-types": "^2.1.12"
      },
      "engines": {
@@ -999,18 +1017,18 @@
      }
    },
    "node_modules/get-intrinsic": {
-      "version": "1.2.7",
+      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.7.tgz",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
-      "integrity": "sha512-VW6Pxhsrk0KAOqs3WEd0klDiF/+V7gQOpAvY1jVU/LHmaD/kQO4523aiJuikX/QAKYiW6x8Jh+RJej1almdtCA==",
+      "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "call-bind-apply-helpers": "^1.0.1",
+        "call-bind-apply-helpers": "^1.0.2",
        "es-define-property": "^1.0.1",
        "es-errors": "^1.3.0",
-        "es-object-atoms": "^1.0.0",
+        "es-object-atoms": "^1.1.1",
        "function-bind": "^1.1.2",
-        "get-proto": "^1.0.0",
+        "get-proto": "^1.0.1",
        "gopd": "^1.2.0",
        "has-symbols": "^1.1.0",
        "hasown": "^2.0.2",
@@ -1131,6 +1149,22 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/has-tostringtag": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz",
      "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "has-symbols": "^1.0.3"
      },
      "engines": {
        "node": ">= 0.4"
      },
      "funding": {
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/hasown": {
      "version": "2.0.2",
      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
@@ -1560,9 +1594,9 @@
      }
    },
    "node_modules/object-inspect": {
-      "version": "1.13.3",
+      "version": "1.13.4",
-      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.3.tgz",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
-      "integrity": "sha512-kDCGIbxkDSXE3euJZZXzc6to7fCrKHNI/hSRQnRuQ+BWjFNzZwiFF8fj/6o2t2G9/jTj8PSIYTfCLelLZEeRpA==",
+      "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -1709,13 +1743,13 @@
      }
    },
    "node_modules/qs": {
-      "version": "6.13.1",
+      "version": "6.14.0",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.1.tgz",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz",
-      "integrity": "sha512-EJPeIn0CYrGu+hli1xilKAPXODtJ12T0sP63Ijx2/khC2JtuaN3JyNIpvmnkmaEtha9ocbG4A4cMcr+TvqvwQg==",
+      "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==",
      "dev": true,
      "license": "BSD-3-Clause",
      "dependencies": {
-        "side-channel": "^1.0.6"
+        "side-channel": "^1.1.0"
      },
      "engines": {
        "node": ">=0.6"
@@ -1794,9 +1828,9 @@
      "license": "MIT"
    },
    "node_modules/semver": {
-      "version": "7.6.3",
+      "version": "7.7.1",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==",
      "dev": true,
      "license": "ISC",
      "bin": {
@@ -2031,29 +2065,29 @@
      "license": "GPL-2.0-or-later"
    },
    "node_modules/tldts": {
-      "version": "6.1.71",
+      "version": "6.1.86",
-      "resolved": "https://registry.npmjs.org/tldts/-/tldts-6.1.71.tgz",
+      "resolved": "https://registry.npmjs.org/tldts/-/tldts-6.1.86.tgz",
-      "integrity": "sha512-LQIHmHnuzfZgZWAf2HzL83TIIrD8NhhI0DVxqo9/FdOd4ilec+NTNZOlDZf7EwrTNoutccbsHjvWHYXLAtvxjw==",
+      "integrity": "sha512-WMi/OQ2axVTf/ykqCQgXiIct+mSQDFdH2fkwhPwgEwvJ1kSzZRiinb0zF2Xb8u4+OqPChmyI6MEu4EezNJz+FQ==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "tldts-core": "^6.1.71"
+        "tldts-core": "^6.1.86"
      },
      "bin": {
        "tldts": "bin/cli.js"
      }
    },
    "node_modules/tldts-core": {
-      "version": "6.1.71",
+      "version": "6.1.86",
-      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-6.1.71.tgz",
+      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-6.1.86.tgz",
-      "integrity": "sha512-LRbChn2YRpic1KxY+ldL1pGXN/oVvKfCVufwfVzEQdFYNo39uF7AJa/WXdo+gYO7PTvdfkCPCed6Hkvz/kR7jg==",
+      "integrity": "sha512-Je6p7pkk+KMzMv2XXKmAE3McmolOQFdxkKw0R8EYNr7sELW46JqnNeTX8ybPiQgvg1ymCoF8LXs5fzFaZvJPTA==",
      "dev": true,
      "license": "MIT"
    },
    "node_modules/tmp": {
-      "version": "0.2.3",
+      "version": "0.2.4",
-      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz",
+      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.4.tgz",
-      "integrity": "sha512-nZD7m9iCPC5g0pYmcaxogYKggSfLsdxl8of3Q/oIbqCqLLIO9IAF0GWjX1z9NZRHPiXv8Wex4yDCaZsgEw0Y8w==",
+      "integrity": "sha512-UdiSoX6ypifLmrfQ/XfiawN6hkjSBpCjhKxxZcWlUUmoXLaCKQU0bx4HF/tdDK2uzRuchf1txGvrWBzYREssoQ==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -2061,9 +2095,9 @@
      }
    },
    "node_modules/tough-cookie": {
-      "version": "5.1.0",
+      "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-5.1.0.tgz",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-5.1.2.tgz",
-      "integrity": "sha512-rvZUv+7MoBYTiDmFPBrhL7Ujx9Sk+q9wwm22x8c8T5IJaR+Wsyc7TNxbVxo84kZoRJZZMazowFLqpankBEQrGg==",
+      "integrity": "sha512-FVDYdxtnj0G6Qm/DhNPSb8Ju59ULcup3tuJxkFb5K8Bv2pUXILbf0xZWU8PX8Ov19OXljbUyveOFwRMwkXzO+A==",
      "dev": true,
      "license": "BSD-3-Clause",
      "dependencies": {
--- a/package.json
+++ b/package.json
@@ -4,7 +4,7 @@
    "postinstall": "node ./npm-post-install.js"
  },
  "devDependencies": {
-    "cypress": "^13.17.0"
+    "cypress": "^14.3.3"
  },
  "dependencies": {
    "@tinymce/tinymce-jquery": "^2.1.0",
--- a/phpstan.neon
+++ b/phpstan.neon
@@ -28,10 +28,9 @@ parameters:
 		- '#Variable \$guild might not be defined#'
 		- '#Variable \$[a-zA-Z0-9\\_]+ might not be defined#'
 		# Eloquent models
 		- '#Call to an undefined method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+\(\)#'
 		- '#Call to an undefined static method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+\(\)#'
 		- '#Call to an undefined method object::toArray\(\)#'
 		# system/pages/highscores.php
 		- '#Call to an undefined method Illuminate\\Database\\Query\\Builder::withOnlineStatus\(\)#'
 		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$online_status#'
 		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$vocation_name#'
 		-
--- a/plugins/example.json
+++ b/plugins/example.json
@@ -46,8 +46,13 @@
 	"settings": "plugins/your-plugin-folder/settings.php",
 	"autoload": {
 		"pages": true,
-		"pagesSubFolders": false,
+		"pages-sub-folders": false,
 		"commands": true,
-		"themes": true
+		"themes": true,
 		"admin-pages": true,
 		"admin-pages-sub-folders": true,
 		"settings": true,
 		"install": true,
 		"init": false
 	}
 }
--- a/system/base.php
+++ b/system/base.php
@@ -0,0 +1,21 @@
 <?php
 $baseDir = '';
 $tmp = explode('/', $_SERVER['SCRIPT_NAME']);
 $size = count($tmp) - 1;
 for($i = 1; $i < $size; $i++)
 	$baseDir .= '/' . $tmp[$i];
 $baseDir = str_replace(['/' . ADMIN_PANEL_FOLDER, '/install', '/tools'], '', $baseDir);
 if(!IS_CLI) {
 	if (isset($_SERVER['HTTP_HOST'][0])) {
 		$baseHost = $_SERVER['HTTP_HOST'];
 	} else {
 		if (isset($_SERVER['SERVER_NAME'][0])) {
 			$baseHost = $_SERVER['SERVER_NAME'];
 		} else {
 			$baseHost = $_SERVER['SERVER_ADDR'];
 		}
 	}
 }
--- a/system/clients.conf.php
+++ b/system/clients.conf.php
@@ -109,4 +109,12 @@ $config['clients'] = [
 	1330,
 	1332,
 	1340,
 	1400,
 	1405,
 	1410,
 	1411,
 	1412,
 	1500,
 	1501,
 ];
--- a/system/compat/base.php
+++ b/system/compat/base.php
@@ -74,7 +74,3 @@ function fieldExist($field, $table)
 	global $db;
 	return $db->hasColumn($table, $field);
 }
 function getCreatureImgPath($creature): string {
 	return getMonsterImgPath($creature);
 }
--- a/system/database.php
+++ b/system/database.php
@@ -122,6 +122,10 @@ try {
 	$eloquentConnection = $capsule->getConnection();
 	if (isset($twig)) {
 		$twig->addGlobal('db', $db);
 	}
 } catch (Exception $e) {
 	if(isset($cache) && $cache->enabled()) {
 		$cache->delete('config_lua');
--- a/system/functions.php
+++ b/system/functions.php
@@ -512,6 +512,13 @@ function template_place_holder($type): string
 	}
 	elseif ($type === 'body_start') {
 		$ret .= $twig->render('browsehappy.html.twig');
 		if (admin()) {
 			global $account_logged;
 			$ret .= $twig->render('admin-bar.html.twig', [
 				'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
 			]);
 		}
 	}
 	elseif($type === 'body_end') {
 		$ret .= template_ga_code();
@@ -545,33 +552,39 @@ function template_header($is_admin = false): string
 */
 function template_footer(): string
 {
-	global $views_counter;
+	$footer = [];
-	$ret = '';
+
 	if(admin()) {
-		$ret .= generateLink(ADMIN_URL, 'Admin Panel', true);
+		$footer[] = generateLink(ADMIN_URL, 'Admin Panel', true);
 	}
 	if(setting('core.visitors_counter')) {
 		global $visitors;
 		$amount = $visitors->getAmountVisitors();
-		$ret .= '<br/>Currently there ' . ($amount > 1 ? 'are' : 'is') . ' ' . $amount . ' visitor' . ($amount > 1 ? 's' : '') . '.';
+		$footer[] = 'Currently there ' . ($amount > 1 ? 'are' : 'is') . ' ' . $amount . ' visitor' . ($amount > 1 ? 's' : '') . '.';
 	}
 	if(setting('core.views_counter')) {
-		$ret .= '<br/>Page has been viewed ' . $views_counter . ' times.';
+		global $views_counter;
 		$footer[] = 'Page has been viewed ' . $views_counter . ' times.';
 	}
 	if(setting('core.footer_load_time')) {
-		$ret .= '<br/>Load time: ' . round(microtime(true) - START_TIME, 4) . ' seconds.';
+		$footer[] = 'Load time: ' . round(microtime(true) - START_TIME, 4) . ' seconds.';
 	}
 	$settingFooter = setting('core.footer');
 	if(isset($settingFooter[0])) {
-		$ret .= '<br/>' . $settingFooter;
+		$footer[] = '' . $settingFooter;
 	}
 	// please respect my work and help spreading the word, thanks!
-	return $ret . '<br/>' . base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4=');
+	$footer[] = base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4=');
 	global $hooks;
 	$hooks->triggerFilter(HOOK_FILTER_THEME_FOOTER, $footer);
 	return implode('<br/>', $footer);
 }
 function template_ga_code()
@@ -761,6 +774,10 @@ function formatExperience($exp, $color = true)
 	return $ret;
 }
 function getExperienceForLevel($level): float|int {
 	return ( 50 / 3 ) * pow( $level, 3 ) - ( 100 * pow( $level, 2 ) ) + ( ( 850 / 3 ) * $level ) - 200;
 }
 function get_locales()
 {
 	$ret = array();
@@ -976,11 +993,12 @@ function load_config_lua($filename)
 		foreach($lines as $ln => $line)
 		{
 			$line = trim($line);
-			if(@$line[0] === '{' || @$line[0] === '}') {
+			if(isset($line[0]) && ($line[0] === '{' || $line[0] === '}')) {
 				// arrays are not supported yet
 				// just ignore the error
 				continue;
 			}
 			$tmp_exp = explode('=', $line, 2);
 			if(str_contains($line, 'dofile')) {
 				$delimiter = '"';
@@ -1012,12 +1030,19 @@ function load_config_lua($filename)
 					}
 					else
 					{
-						foreach($result as $tmp_key => $tmp_value) // load values defined by other keys, like: dailyFragsToBlackSkull = dailyFragsToRedSkull
+						foreach($result as $tmp_key => $tmp_value) { // load values defined by other keys, like: dailyFragsToBlackSkull = dailyFragsToRedSkull
 							$value = str_replace($tmp_key, $tmp_value, $value);
-						$ret = @eval("return $value;");
+						}
-						if((string) $ret == '' && trim($value) !== '""') // = parser error
+
-						{
+						try {
-							throw new RuntimeException('ERROR: Loading config.lua file. Line <b>' . ($ln + 1) . '</b> of LUA config file is not valid [key: <b>' . $key . '</b>]');
+							$ret = eval("return $value;");
 						}
 						catch (Throwable $e) {
 							throw new RuntimeException('ERROR: Loading config.lua file. Line: ' . ($ln + 1) . ' - Unable to parse value "' . $value . '" - ' . $e->getMessage());
 						}
 						if((string) $ret == '' && trim($value) !== '""') {
 							throw new RuntimeException('ERROR: Loading config.lua file. Line ' . ($ln + 1) . ' is not valid [key: ' . $key . ']');
 						}
 						$result[$key] = $ret;
 					}
@@ -1203,7 +1228,8 @@ function setting($key)
 		return $settings[$key[0]] = $key[1];
 	}
-	return $settings[$key]['value'];
+	$ret = $settings[$key];
 	return isset($ret) ? $ret['value'] : null;
 }
 function clearCache()
@@ -1252,14 +1278,15 @@ function clearCache()
 		$db->setClearCacheAfter(true);
 	}
 	if (function_exists('apcu_clear_cache')) {
 		apcu_clear_cache();
 	}
 	deleteDirectory(CACHE . 'signatures', ['index.html'], true);
 	deleteDirectory(CACHE . 'twig', ['index.html'], true);
 	deleteDirectory(CACHE . 'plugins', ['index.html'], true);
 	deleteDirectory(CACHE, ['signatures', 'twig', 'plugins', 'index.html', 'persistent'], true);
 	// routes cache
 	clearRouteCache();
 	global $hooks;
 	$hooks->trigger(HOOK_CACHE_CLEAR, ['cache' => Cache::getInstance()]);
@@ -1565,22 +1592,6 @@ function right($str, $length) {
 	return substr($str, -$length);
 }
 function getMonsterImgPath($monster): string
 {
 	$monster_path = setting('core.monsters_images_url');
 	$monster_gfx_name = trim(strtolower($monster)) . setting('core.monsters_images_extension');
 	if (!file_exists($monster_path . $monster_gfx_name)) {
 		$monster_gfx_name = str_replace(" ", "", $monster_gfx_name);
 		if (file_exists($monster_path . $monster_gfx_name)) {
 			return $monster_path . $monster_gfx_name;
 		} else {
 			return $monster_path . 'nophoto.png';
 		}
 	} else {
 		return $monster_path . $monster_gfx_name;
 	}
 }
 function between($x, $lim1, $lim2) {
 	if ($lim1 < $lim2) {
 		$lower = $lim1; $upper = $lim2;
--- a/system/init.php
+++ b/system/init.php
@@ -12,6 +12,7 @@ use DebugBar\StandardDebugBar;
 use MyAAC\Cache\Cache;
 use MyAAC\CsrfToken;
 use MyAAC\Hooks;
 use MyAAC\Plugins;
 use MyAAC\Models\Town;
 use MyAAC\Settings;
@@ -46,6 +47,11 @@ if(isset($config['gzip_output']) && $config['gzip_output'] && isset($_SERVER['HT
 global $cache;
 $cache = Cache::getInstance();
 // load plugins init.php
 foreach (Plugins::getInits() as $init) {
 	require $init;
 }
 // event system
 global $hooks;
 $hooks = new Hooks();
@@ -138,6 +144,18 @@ $ots = POT::getInstance();
 $eloquentConnection = null;
 require_once SYSTEM . 'database.php';
 define('USE_ACCOUNT_NAME', $db->hasColumn('accounts', 'name'));
 define('USE_ACCOUNT_NUMBER', $db->hasColumn('accounts', 'number'));
 define('USE_ACCOUNT_SALT', $db->hasColumn('accounts', 'salt'));
 define('HAS_ACCOUNT_COINS', $db->hasColumn('accounts', 'coins'));
 define('HAS_ACCOUNT_COINS_TRANSFERABLE', $db->hasColumn('accounts', 'coins_transferable'));
 define('HAS_ACCOUNT_TRANSFERABLE_COINS', $db->hasColumn('accounts', 'transferable_coins'));
 const ACCOUNT_COINS_TRANSFERABLE_COLUMN = (HAS_ACCOUNT_COINS_TRANSFERABLE ? 'coins_transferable' : 'transferable_coins');
 $twig->addGlobal('logged', false);
 $twig->addGlobal('account_logged', new \OTS_Account());
 // verify myaac tables exists in database
 if(!defined('MYAAC_INSTALL') && !$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table myaac_account_actions of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting ' . (IS_CLI ? 'http://your-ip.com/' : BASE_URL) . 'install');
@@ -179,10 +197,6 @@ if($settingsItemImagesURL[strlen($settingsItemImagesURL) - 1] !== '/') {
 	setting(['core.item_images_url', $settingsItemImagesURL . '/']);
 }
 define('USE_ACCOUNT_NAME', $db->hasColumn('accounts', 'name'));
 define('USE_ACCOUNT_NUMBER', $db->hasColumn('accounts', 'number'));
 define('USE_ACCOUNT_SALT', $db->hasColumn('accounts', 'salt'));
 $towns = Cache::remember('towns', 10 * 60, function () use ($db) {
 	if ($db->hasTable('towns') && Town::count() > 0) {
 		return Town::orderBy('id', 'ASC')->pluck('name', 'id')->toArray();
--- a/system/libs/pot/OTS.php
+++ b/system/libs/pot/OTS.php
--- a/system/libs/pot/OTS_Account.php
+++ b/system/libs/pot/OTS_Account.php
@@ -446,16 +446,13 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		if(isset($this->data['premium_ends_at']) || isset($this->data['premend'])) {
 			$col = isset($this->data['premium_ends_at']) ? 'premium_ends_at' : 'premend';
 			$ret = ceil(($this->data[$col] - time()) / (24 * 60 * 60));
-			return $ret > 0 ? $ret : 0;
+			return max($ret, 0);
 		}
 		if($this->data['premdays'] == 0) {
 			return 0;
 		}
 		global $config;
 		if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return -1;
 		if($this->data['premdays'] == self::GRATIS_PREMIUM_DAYS){
 			return self::GRATIS_PREMIUM_DAYS;
 		}
@@ -476,12 +473,9 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
    public function isPremium()
    {
-		global $config;
+		if(isset($this->data['premium_ends_at'])) {
-        if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return true;
+			return $this->data['premium_ends_at'] > time();
-
+		}
 	    if(isset($this->data['premium_ends_at'])) {
 		    return $this->data['premium_ends_at'] > time();
 	    }
 		if(isset($this->data['premend'])) {
 			return $this->data['premend'] > time();
--- a/system/libs/pot/OTS_DB_MySQL.php
+++ b/system/libs/pot/OTS_DB_MySQL.php
@@ -234,6 +234,19 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return $this->hasTable($table) && ($this->has_column_cache[$table . '.' . $column] = count($this->query('SHOW COLUMNS FROM `' . $table . "` LIKE '" . $column . "'")->fetchAll()) > 0);
 	}
 	public function hasTableAndColumns(string $table, array $columns = []): bool
 	{
 		if (!$this->hasTable($table)) return false;
 		foreach ($columns as $column) {
 			if (!$this->hasColumn($table, $column)) {
 				return false;
 			}
 		}
 		return true;
 	}
 	public function revalidateCache() {
 		foreach($this->has_table_cache as $key => $value) {
 			$this->hasTableInternal($key);
--- a/system/libs/pot/OTS_Guild.php
+++ b/system/libs/pot/OTS_Guild.php
@@ -97,7 +97,7 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
 *
 * @param IOTS_GuildAction $invites Invites driver (don't pass it to clear driver).
 */
-    public function setInvitesDriver(IOTS_GuildAction $invites = null)
+    public function setInvitesDriver(?IOTS_GuildAction $invites = null)
    {
        $this->invites = $invites;
    }
@@ -107,7 +107,7 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
 *
 * @param IOTS_GuildAction $requests Membership requests driver (don't pass it to clear driver).
 */
-    public function setRequestsDriver(IOTS_GuildAction $requests = null)
+    public function setRequestsDriver(?IOTS_GuildAction $requests = null)
    {
        $this->requests = $requests;
    }
--- a/system/libs/pot/OTS_GuildRank.php
+++ b/system/libs/pot/OTS_GuildRank.php
@@ -60,7 +60,7 @@ class OTS_GuildRank extends OTS_Row_DAO implements IteratorAggregate, Countable
 * @throws PDOException On PDO operation error.
 * @throws E_OTS_NotLoaded If given <var>$guild</var> object is not loaded.
 */
-    public function find($name, OTS_Guild $guild = null)
+    public function find($name, ?OTS_Guild $guild = null)
    {
        $where = '';
--- a/system/libs/pot/OTS_InfoRespond.php
+++ b/system/libs/pot/OTS_InfoRespond.php
@@ -52,10 +52,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string TSPQ version.
 * @throws DOMException On DOM operation error.
 */
-    public function getTSPQVersion()
+	public function getTSPQVersion()
-    {
+	{
-        return $this->documentElement->getAttribute('version');
+		return $this->documentElement->getAttribute('version');
-    }
+	}
 /**
 * Returns server uptime.
@@ -63,10 +63,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return int Uptime.
 * @throws DOMException On DOM operation error.
 */
-    public function getUptime()
+	public function getUptime()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('uptime');
+		return (int) $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('uptime');
-    }
+	}
 /**
 * Returns server IP.
@@ -74,10 +74,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string IP.
 * @throws DOMException On DOM operation error.
 */
-    public function getIP()
+	public function getIP()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('ip');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('ip');
-    }
+	}
 /**
 * Returns server name.
@@ -85,10 +85,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Name.
 * @throws DOMException On DOM operation error.
 */
-    public function getName()
+	public function getName()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('servername');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('servername');
-    }
+	}
 /**
 * Returns server port.
@@ -96,10 +96,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return int Port.
 * @throws DOMException On DOM operation error.
 */
-    public function getPort()
+	public function getPort()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('port');
+		return (int) $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('port');
-    }
+	}
 /**
 * Returns server location.
@@ -107,10 +107,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Location.
 * @throws DOMException On DOM operation error.
 */
-    public function getLocation()
+	public function getLocation()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('location');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('location');
-    }
+	}
 /**
 * Returns server website.
@@ -118,10 +118,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Website URL.
 * @throws DOMException On DOM operation error.
 */
-    public function getURL()
+	public function getURL()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('url');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('url');
-    }
+	}
 /**
 * Returns server attribute.
@@ -131,10 +131,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Attribute value.
 * @throws DOMException On DOM operation error.
 */
-    public function getServer()
+	public function getServer()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('server');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('server');
-    }
+	}
 /**
 * Returns server version.
@@ -142,10 +142,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Version.
 * @throws DOMException On DOM operation error.
 */
-    public function getServerVersion()
+	public function getServerVersion()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('version');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('version');
-    }
+	}
 /**
 * Returns dedicated version of client.
@@ -153,10 +153,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Version.
 * @throws DOMException On DOM operation error.
 */
-    public function getClientVersion()
+	public function getClientVersion()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('client');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('client');
-    }
+	}
 /**
 * Returns owner name.
@@ -164,10 +164,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Owner name.
 * @throws DOMException On DOM operation error.
 */
-    public function getOwner()
+	public function getOwner()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('owner')->item(0)->getAttribute('name');
+		return $this->documentElement->getElementsByTagName('owner')->item(0)->getAttribute('name');
-    }
+	}
 /**
 * Returns owner e-mail.
@@ -175,10 +175,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Owner e-mail.
 * @throws DOMException On DOM operation error.
 */
-    public function getEMail()
+	public function getEMail()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('owner')->item(0)->getAttribute('email');
+		return $this->documentElement->getElementsByTagName('owner')->item(0)->getAttribute('email');
-    }
+	}
 /**
 * Returns current amount of players online.
@@ -186,10 +186,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return int Count of players.
 * @throws DOMException On DOM operation error.
 */
-    public function getOnlinePlayers()
+	public function getOnlinePlayers()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('online');
+		return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('online');
-    }
+	}
 /**
 * Returns maximum amount of players online.
@@ -197,10 +197,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return int Maximum allowed count of players.
 * @throws DOMException On DOM operation error.
 */
-    public function getMaxPlayers()
+	public function getMaxPlayers()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('max');
+		return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('max');
-    }
+	}
 /**
 * Returns record of online players.
@@ -208,10 +208,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return int Players online record.
 * @throws DOMException On DOM operation error.
 */
-    public function getPlayersPeak()
+	public function getPlayersPeak()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('peak');
+		return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('peak');
-    }
+	}
 /**
 * Returns number of all monsters on map.
@@ -219,10 +219,15 @@ class OTS_InfoRespond extends DOMDocument
 * @return int Count of monsters.
 * @throws DOMException On DOM operation error.
 */
-    public function getMonstersCount()
+	public function getMonstersCount(): int
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('monsters')->item(0)->getAttribute('total');
+		return (int) $this->documentElement->getElementsByTagName('monsters')->item(0)->getAttribute('total');
-    }
+	}
 	public function getNPCsCount(): int
 	{
 		return (int) $this->documentElement->getElementsByTagName('npcs')->item(0)->getAttribute('total');
 	}
 /**
 * Returns map name.
@@ -230,10 +235,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Map name.
 * @throws DOMException On DOM operation error.
 */
-    public function getMapName()
+	public function getMapName()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('name');
+		return $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('name');
-    }
+	}
 /**
 * Returns map author.
@@ -241,10 +246,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Mapper name.
 * @throws DOMException On DOM operation error.
 */
-    public function getMapAuthor()
+	public function getMapAuthor()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('author');
+		return $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('author');
-    }
+	}
 /**
 * Returns map width.
@@ -252,10 +257,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return int Map width.
 * @throws DOMException On DOM operation error.
 */
-    public function getMapWidth()
+	public function getMapWidth()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('width');
+		return (int) $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('width');
-    }
+	}
 /**
 * Returns map height.
@@ -263,10 +268,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return int Map height.
 * @throws DOMException On DOM operation error.
 */
-    public function getMapHeight()
+	public function getMapHeight()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('height');
+		return (int) $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('height');
-    }
+	}
 /**
 * Returns server's Message Of The Day
@@ -275,21 +280,21 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Server MOTD.
 * @throws DOMException On DOM operation error.
 */
-    public function getMOTD()
+	public function getMOTD()
-    {
+	{
-        // look for text node child
+		// look for text node child
-        foreach( $this->documentElement->getElementsByTagName('motd')->item(0)->childNodes as $child)
+		foreach( $this->documentElement->getElementsByTagName('motd')->item(0)->childNodes as $child)
-        {
+		{
-            if($child->nodeType == XML_TEXT_NODE)
+			if($child->nodeType == XML_TEXT_NODE)
-            {
+			{
-                // found
+				// found
-                return $child->nodeValue;
+				return $child->nodeValue;
-            }
+			}
-        }
+		}
-        // strange...
+		// strange...
-        return '';
+		return '';
-    }
+	}
 /**
 * Magic PHP5 method.
@@ -301,77 +306,77 @@ class OTS_InfoRespond extends DOMDocument
 * @throws OutOfBoundsException For non-supported properties.
 * @throws DOMException On DOM operation error.
 */
-    public function __get($name)
+	public function __get($name)
-    {
+	{
-        switch($name)
+		switch($name)
-        {
+		{
-            case 'tspqVersion':
+			case 'tspqVersion':
-                return $this->getTSPQVersion();
+				return $this->getTSPQVersion();
-            case 'uptime':
+			case 'uptime':
-                return $this->getUptime();
+				return $this->getUptime();
-            case 'ip':
+			case 'ip':
-                return $this->getIP();
+				return $this->getIP();
-            case 'name':
+			case 'name':
-                return $this->getName();
+				return $this->getName();
-            case 'port':
+			case 'port':
-                return $this->getPort();
+				return $this->getPort();
-            case 'location':
+			case 'location':
-                return $this->getLocation();
+				return $this->getLocation();
-            case 'url':
+			case 'url':
-                return $this->getURL();
+				return $this->getURL();
-            case 'server':
+			case 'server':
-                return $this->getServer();
+				return $this->getServer();
-            case 'serverVersion':
+			case 'serverVersion':
-                return $this->getServerVersion();
+				return $this->getServerVersion();
-            case 'clientVersion':
+			case 'clientVersion':
-                return $this->getClientVersion();
+				return $this->getClientVersion();
-            case 'owner':
+			case 'owner':
-                return $this->getOwner();
+				return $this->getOwner();
-            case 'eMail':
+			case 'eMail':
-                return $this->getEMail();
+				return $this->getEMail();
-            case 'onlinePlayers':
+			case 'onlinePlayers':
-                return $this->getOnlinePlayers();
+				return $this->getOnlinePlayers();
-            case 'maxPlayers':
+			case 'maxPlayers':
-                return $this->getMaxPlayers();
+				return $this->getMaxPlayers();
-            case 'playersPeak':
+			case 'playersPeak':
-                return $this->getPlayersPeak();
+				return $this->getPlayersPeak();
-            case 'monstersCount':
+			case 'monstersCount':
-                return $this->getMonstersCount();
+				return $this->getMonstersCount();
-            case 'mapName':
+			case 'mapName':
-                return $this->getMapName();
+				return $this->getMapName();
-            case 'mapAuthor':
+			case 'mapAuthor':
-                return $this->getMapAuthor();
+				return $this->getMapAuthor();
-            case 'mapWidth':
+			case 'mapWidth':
-                return $this->getMapWidth();
+				return $this->getMapWidth();
-            case 'mapHeight':
+			case 'mapHeight':
-                return $this->getMapHeight();
+				return $this->getMapHeight();
-            case 'motd':
+			case 'motd':
-                return $this->getMOTD();
+				return $this->getMOTD();
-            default:
+			default:
-                throw new OutOfBoundsException();
+				throw new OutOfBoundsException();
-        }
+		}
-    }
+	}
 /**
 * Returns string representation of XML.
@@ -380,10 +385,10 @@ class OTS_InfoRespond extends DOMDocument
 * @since 0.1.0
 * @return string String representation of object.
 */
-    public function __toString()
+	public function __toString()
-    {
+	{
-        return $this->saveXML();
+		return $this->saveXML();
-    }
+	}
 }
 /**#@-*/
--- a/system/libs/pot/OTS_Monster.php
+++ b/system/libs/pot/OTS_Monster.php
@@ -284,7 +284,7 @@ class OTS_Monster extends DOMDocument
 */
 	public function getLook()
 	{
-		$look = array();
+		$look = [];
 		$element = $this->documentElement->getElementsByTagName('look')->item(0);
@@ -292,14 +292,30 @@ class OTS_Monster extends DOMDocument
 			return $look;
 		}
-		$look['type'] = $element->getAttribute('type');
+		if ($element->hasAttribute('typeex')) {
-		$look['typeex'] = $element->getAttribute('typeex');
+			$look['typeEx'] = (int) $element->getAttribute('typeex');
-		$look['head'] = $element->getAttribute('head');
+		}
-		$look['body'] = $element->getAttribute('body');
+		if ($element->hasAttribute('type')) {
-		$look['legs'] = $element->getAttribute('legs');
+			$look['type'] = (int) $element->getAttribute('type');
-		$look['feet'] = $element->getAttribute('feet');
+		}
-		$look['addons'] = $element->getAttribute('addons');
+		if ($element->hasAttribute('head')) {
-		$look['corpse'] = $element->getAttribute('corpse');
+			$look['head'] = (int) $element->getAttribute('head');
 		}
 		if ($element->hasAttribute('body')) {
 			$look['body'] = (int) $element->getAttribute('body');
 		}
 		if ($element->hasAttribute('legs')) {
 			$look['legs'] = (int) $element->getAttribute('legs');
 		}
 		if ($element->hasAttribute('feet')) {
 			$look['feet'] = (int) $element->getAttribute('feet');
 		}
 		if ($element->hasAttribute('addons')) {
 			$look['addons'] = (int) $element->getAttribute('addons');
 		}
 		if ($element->hasAttribute('corpse')) {
 			$look['corpse'] = (int) $element->getAttribute('corpse');
 		}
 		return $look;
 	}
--- a/system/libs/pot/OTS_Player.php
+++ b/system/libs/pot/OTS_Player.php
@@ -2026,7 +2026,7 @@ class OTS_Player extends OTS_Row_DAO
 * @param OTS_GuildRank|null Guild rank (null to clear assign).
 * @throws E_OTS_NotLoaded If passed <var>$guildRank</var> parameter is not loaded.
 */
-	public function setRank(OTS_GuildRank $guildRank = null)
+	public function setRank(?OTS_GuildRank $guildRank = null)
 	{
 		if(isset($guildRank))
 			$this->setRankId($guildRank->getId(), $guildRank->getGuild()->getId());
@@ -2632,7 +2632,7 @@ class OTS_Player extends OTS_Row_DAO
 * @throws E_OTS_NotLoaded If player is not loaded.
 * @throws PDOException On PDO operation error.
 */
-	public function setSlot($slot, OTS_Item $item = null, $pid = 0)
+	public function setSlot($slot, ?OTS_Item $item = null, $pid = 0)
 	{
 		static $sid;
@@ -2776,7 +2776,7 @@ class OTS_Player extends OTS_Row_DAO
 * @throws E_OTS_NotLoaded If player is not loaded.
 * @throws PDOException On PDO operation error.
 */
-	public function setDepot($depot, OTS_Item $item = null, $pid = 0, $depot_id = 0)
+	public function setDepot($depot, ?OTS_Item $item = null, $pid = 0, $depot_id = 0)
 	{
 		static $sid;
@@ -2919,6 +2919,32 @@ class OTS_Player extends OTS_Row_DAO
 		$this->data['banned'] = $ban['active'];
 		$this->data['banned_time'] = $ban['expires'];
 	}
 	public function isNameLocked(): bool
 	{
 		// nothing can't be banned
 		if( !$this->isLoaded() ) {
 			throw new E_OTS_NotLoaded();
 		}
 		if($this->db->hasTable('player_namelocks')) {
 			$ban = $this->db->query('SELECT 1 FROM `player_namelocks` WHERE `player_id` = ' . $this->data['id'])->fetch(PDO::FETCH_ASSOC);
 			return (isset($ban['1']));
 		}
 		else if($this->db->hasTable('bans')) {
 			if($this->db->hasColumn('bans', 'active')) {
 				$ban = $this->db->query('SELECT `active`, `expires` FROM `bans` WHERE `type` = 2 AND `active` = 1 AND `value` = ' . $this->data['id'] . ' AND (`expires` > ' . time() .' OR `expires` = -1) ORDER BY `expires` DESC')->fetch();
 				return isset($ban['active']);
 			}
 			else { // tfs 0.2
 				$ban = $this->db->query('SELECT `time` FROM `bans` WHERE `type` = 2 AND `account` = ' . $this->data['account_id'] . ' AND (`time` > ' . time() .' OR `time` = -1) ORDER BY `time` DESC')->fetch();
 				return isset($ban['time']) && ($ban['time'] == -1 || $ban['time'] > 0);
 			}
 		}
 		return false;
 	}
 /**
 * Deletes player.
 *
@@ -2953,21 +2979,14 @@ class OTS_Player extends OTS_Row_DAO
 * @return string Player proffesion name.
 * @throws E_OTS_NotLoaded If player is not loaded or global vocations list is not loaded.
 */
-	public function getVocationName()
+	public function getVocationName(): string
 	{
 		if( !isset($this->data['vocation']) )
 		{
 			throw new E_OTS_NotLoaded();
 		}
-		global $config;
+		return OTS_Toolbox::getVocationName($this->data['vocation'], $this->data['promotion'] ?? 0);
 		$voc = $this->getVocation();
 		if(!isset($config['vocations'][$voc])) {
 			return 'Unknown';
 		}
 		return $config['vocations'][$voc];
 		//return POT::getInstance()->getVocationsList()->getVocationName($this->data['vocation']);
 	}
 /**
--- a/system/libs/pot/OTS_ServerInfo.php
+++ b/system/libs/pot/OTS_ServerInfo.php
@@ -26,14 +26,19 @@ class OTS_ServerInfo
 *
 * @var string
 */
-    private $server;
+	private string $server;
 /**
 * Connection port.
 *
 * @var int
 */
-    private $port;
+	private int $port;
 	/**
 	 * Status timeout
 	 */
 	private float $timeout = 2.0;
 /**
 * Creates handler for new server.
@@ -41,11 +46,11 @@ class OTS_ServerInfo
 * @param string $server Server IP/domain.
 * @param int $port OTServ port.
 */
-    public function __construct($server, $port)
+	public function __construct($server, $port)
-    {
+	{
-        $this->server = $server;
+		$this->server = $server;
-        $this->port = $port;
+		$this->port = $port;
-    }
+	}
 /**
 * Sends packet to server.
@@ -54,46 +59,46 @@ class OTS_ServerInfo
 * @return OTS_Buffer|null Respond buffer (null if server is offline).
 * @throws E_OTS_OutOfBuffer When there is read attemp after end of packet stream.
 */
-    private function send(OTS_Buffer $packet)
+	private function send(OTS_Buffer $packet)
-    {
+	{
-        // connects to server
+		// connects to server
-        $socket = @fsockopen($this->server, $this->port, $error, $message, setting('core.status_timeout'));
+		$socket = @fsockopen($this->server, $this->port, $error, $message, $this->timeout);
-        // if connected then checking statistics
+		// if connected then checking statistics
-        if($socket)
+		if($socket)
-        {
+		{
-            // sets 5 second timeout for reading and writing
+			// sets 5 second timeout for reading and writing
-            stream_set_timeout($socket, 5);
+			stream_set_timeout($socket, 5);
-            // creates real packet
+			// creates real packet
-            $packet = $packet->getBuffer();
+			$packet = $packet->getBuffer();
-            $packet = pack('v', strlen($packet) ) . $packet;
+			$packet = pack('v', strlen($packet) ) . $packet;
-            // sends packet with request
+			// sends packet with request
-            // 06 - length of packet, 255, 255 is the comamnd identifier, 'info' is a request
+			// 06 - length of packet, 255, 255 is the comamnd identifier, 'info' is a request
-            fwrite($socket, $packet);
+			fwrite($socket, $packet);
-            // reads respond
+			// reads respond
-            //$data = stream_get_contents($socket);
+			//$data = stream_get_contents($socket);
 			$data = '';
 			while (!feof($socket))
 				$data .= fgets($socket, 1024);
-            // closing connection to current server
+			// closing connection to current server
-            fclose($socket);
+			fclose($socket);
-            // sometimes server returns empty info
+			// sometimes server returns empty info
-            if( empty($data) )
+			if( empty($data) )
-            {
+			{
-                // returns offline state
+				// returns offline state
-                return false;
+				return false;
-            }
+			}
-            return new OTS_Buffer($data);
+			return new OTS_Buffer($data);
-        }
+		}
-        return false;
+		return false;
-    }
+	}
 /**
 * Queries server status.
@@ -108,30 +113,30 @@ class OTS_ServerInfo
 * @example examples/info.php info.php
 * @tutorial POT/Server_status.pkg
 */
-    public function status()
+	public function status()
-    {
+	{
-        // request packet
+		// request packet
-        $request = new OTS_Buffer();
+		$request = new OTS_Buffer();
-        $request->putChar(255);
+		$request->putChar(255);
-        $request->putChar(255);
+		$request->putChar(255);
-        $request->putString('info', false);
+		$request->putString('info', false);
-        $status = $this->send($request);
+		$status = $this->send($request);
-        // checks if server is online
+		// checks if server is online
-        if($status)
+		if($status)
-        {
+		{
-            // loads respond XML
+			// loads respond XML
-            $info = new OTS_InfoRespond();
+			$info = new OTS_InfoRespond();
-            if(!$info->loadXML( $status->getBuffer()))
+			if(!$info->loadXML( $status->getBuffer()))
 				return false;
-            return $info;
+			return $info;
-        }
+		}
-        // offline
+		// offline
-        return false;
+		return false;
-    }
+	}
 /**
 * Queries server information.
@@ -146,26 +151,26 @@ class OTS_ServerInfo
 * @example examples/server.php info.php
 * @tutorial POT/Server_status.pkg
 */
-    public function info($flags)
+	public function info($flags)
-    {
+	{
-        // request packet
+		// request packet
-        $request = new OTS_Buffer();
+		$request = new OTS_Buffer();
-        $request->putChar(255);
+		$request->putChar(255);
-        $request->putChar(1);
+		$request->putChar(1);
-        $request->putShort($flags);
+		$request->putShort($flags);
-        $status = $this->send($request);
+		$status = $this->send($request);
-        // checks if server is online
+		// checks if server is online
-        if($status)
+		if($status)
-        {
+		{
-            // loads respond
+			// loads respond
-            return new OTS_ServerStatus($status);
+			return new OTS_ServerStatus($status);
-        }
+		}
-        // offline
+		// offline
-        return false;
+		return false;
-    }
+	}
 /**
 * Checks player online status.
@@ -180,27 +185,27 @@ class OTS_ServerInfo
 * @example examples/server.php info.php
 * @tutorial POT/Server_status.pkg
 */
-    public function playerStatus($name)
+	public function playerStatus($name)
-    {
+	{
-        // request packet
+		// request packet
-        $request = new OTS_Buffer();
+		$request = new OTS_Buffer();
-        $request->putChar(255);
+		$request->putChar(255);
-        $request->putChar(1);
+		$request->putChar(1);
-        $request->putShort(OTS_ServerStatus::REQUEST_PLAYER_STATUS_INFO);
+		$request->putShort(OTS_ServerStatus::REQUEST_PLAYER_STATUS_INFO);
-        $request->putString($name);
+		$request->putString($name);
-        $status = $this->send($request);
+		$status = $this->send($request);
-        // checks if server is online
+		// checks if server is online
-        if($status)
+		if($status)
-        {
+		{
-            $status->getChar();
+			$status->getChar();
-            return (bool) $status->getChar();
+			return (bool) $status->getChar();
-        }
+		}
-        // offline
+		// offline
-        return false;
+		return false;
-    }
+	}
 /**
 * Magic PHP5 method.
@@ -210,20 +215,24 @@ class OTS_ServerInfo
 * @throws OutOfBoundsException For non-supported properties.
 * @throws E_OTS_OutOfBuffer When there is read attemp after end of packet stream.
 */
-    public function __get($name)
+	public function __get($name)
-    {
+	{
-        switch($name)
+		switch($name)
-        {
+		{
-            case 'status':
+			case 'status':
-                return $this->status();
+				return $this->status();
-            case 'info':
+			case 'info':
-                return $this->info(OTS_ServerStatus::REQUEST_BASIC_SERVER_INFO | OTS_ServerStatus::REQUEST_OWNER_SERVER_INFO | OTS_ServerStatus::REQUEST_MISC_SERVER_INFO | OTS_ServerStatus::REQUEST_PLAYERS_INFO | OTS_ServerStatus::REQUEST_MAP_INFO | OTS_ServerStatus::REQUEST_PLAYER_STATUS_INFO);
+				return $this->info(OTS_ServerStatus::REQUEST_BASIC_SERVER_INFO | OTS_ServerStatus::REQUEST_OWNER_SERVER_INFO | OTS_ServerStatus::REQUEST_MISC_SERVER_INFO | OTS_ServerStatus::REQUEST_PLAYERS_INFO | OTS_ServerStatus::REQUEST_MAP_INFO | OTS_ServerStatus::REQUEST_PLAYER_STATUS_INFO);
-            default:
+			default:
-                throw new OutOfBoundsException();
+				throw new OutOfBoundsException();
-        }
+		}
-    }
+	}
 	public function setTimeout($timeout) {
 		$this->timeout = $timeout;
 	}
 }
 /**#@-*/
--- a/system/libs/pot/OTS_ServerStatus.php
+++ b/system/libs/pot/OTS_ServerStatus.php
@@ -40,175 +40,175 @@ class OTS_ServerStatus
 /**
 * Basic server info.
 */
-    const REQUEST_BASIC_SERVER_INFO = 1;
+	const REQUEST_BASIC_SERVER_INFO = 1;
 /**
 * Server owner info.
 */
-    const REQUEST_OWNER_SERVER_INFO = 2;
+	const REQUEST_OWNER_SERVER_INFO = 2;
 /**
 * Server extra info.
 */
-    const REQUEST_MISC_SERVER_INFO = 4;
+	const REQUEST_MISC_SERVER_INFO = 4;
 /**
 * Players stats info.
 */
-    const REQUEST_PLAYERS_INFO = 8;
+	const REQUEST_PLAYERS_INFO = 8;
 /**
 * Map info.
 */
-    const REQUEST_MAP_INFO = 16;
+	const REQUEST_MAP_INFO = 16;
 /**
 * Extended players info.
 */
-    const REQUEST_EXT_PLAYERS_INFO = 32;
+	const REQUEST_EXT_PLAYERS_INFO = 32;
 /**
 * Player status info.
 */
-    const REQUEST_PLAYER_STATUS_INFO = 64;
+	const REQUEST_PLAYER_STATUS_INFO = 64;
 /**
 * Server software info.
 */
-    const REQUEST_SERVER_SOFTWARE_INFO = 128;
+	const REQUEST_SERVER_SOFTWARE_INFO = 128;
 /**
 * Basic server respond.
 */
-    const RESPOND_BASIC_SERVER_INFO = 0x10;
+	const RESPOND_BASIC_SERVER_INFO = 0x10;
 /**
 * Server owner respond.
 */
-    const RESPOND_OWNER_SERVER_INFO = 0x11;
+	const RESPOND_OWNER_SERVER_INFO = 0x11;
 /**
 * Server extra respond.
 */
-    const RESPOND_MISC_SERVER_INFO = 0x12;
+	const RESPOND_MISC_SERVER_INFO = 0x12;
 /**
 * Players stats respond.
 */
-    const RESPOND_PLAYERS_INFO = 0x20;
+	const RESPOND_PLAYERS_INFO = 0x20;
 /**
 * Map respond.
 */
-    const RESPOND_MAP_INFO = 0x30;
+	const RESPOND_MAP_INFO = 0x30;
 /**
 * Extended players info.
 */
-    const RESPOND_EXT_PLAYERS_INFO = 0x21;
+	const RESPOND_EXT_PLAYERS_INFO = 0x21;
 /**
 * Player status info.
 */
-    const RESPOND_PLAYER_STATUS_INFO = 0x22;
+	const RESPOND_PLAYER_STATUS_INFO = 0x22;
 /**
 * Server software info.
 */
-    const RESPOND_SERVER_SOFTWARE_INFO = 0x23;
+	const RESPOND_SERVER_SOFTWARE_INFO = 0x23;
 /**
 * Server name.
 *
 * @var string
 */
-    private $name;
+	private $name;
 /**
 * Server IP.
 *
 * @var string
 */
-    private $ip;
+	private $ip;
 /**
 * Server port.
 *
 * @var string
 */
-    private $port;
+	private $port;
 /**
 * Owner name.
 *
 * @var string
 */
-    private $owner;
+	private $owner;
 /**
 * Owner's e-mail.
 *
 * @var string
 */
-    private $eMail;
+	private $eMail;
 /**
 * Message of the day.
 *
 * @var string
 */
-    private $motd;
+	private $motd;
 /**
 * Server location.
 *
 * @var string
 */
-    private $location;
+	private $location;
 /**
 * Website URL.
 *
 * @var string
 */
-    private $url;
+	private $url;
 /**
 * Uptime.
 *
 * @var int
 */
-    private $uptime;
+	private $uptime;
 /**
 * Status version.
 *
 * @var string
 */
-    private $version;
+	private $version;
 /**
 * Players online.
 *
 * @var int
 */
-    private $online;
+	private $online;
 /**
 * Maximum players.
 *
 * @var int
 */
-    private $max;
+	private $max;
 /**
 * Players peak.
 *
 * @var int
 */
-    private $peak;
+	private $peak;
 /**
 * Map name.
 *
 * @var string
 */
-    private $map;
+	private $map;
 /**
 * Map author.
 *
 * @var string
 */
-    private $author;
+	private $author;
 /**
 * Map width.
 *
 * @var int
 */
-    private $width;
+	private $width;
 /**
 * Map height.
 *
 * @var int
 */
-    private $height;
+	private $height;
 /**
 * Players online list.
 *
 * @var array
 */
-    private $players = array();
+	private $players = array();
 /**
 * Server software.
@@ -224,277 +224,277 @@ class OTS_ServerStatus
 *
 * @param OTS_Buffer $info Information packet.
 */
-    public function __construct(OTS_Buffer $info)
+	public function __construct(OTS_Buffer $info)
-    {
+	{
-        // skips packet length
+		// skips packet length
-        $info->getShort();
+		$info->getShort();
-        while( $info->isValid() )
+		while( $info->isValid() )
-        {
+		{
-            switch( $info->getChar() )
+			switch( $info->getChar() )
-            {
+			{
-                case self::RESPOND_BASIC_SERVER_INFO:
+				case self::RESPOND_BASIC_SERVER_INFO:
-                    $this->name = $info->getString();
+					$this->name = $info->getString();
-                    $this->ip = $info->getString();
+					$this->ip = $info->getString();
-                    $this->port = (int) $info->getString();
+					$this->port = (int) $info->getString();
-                    break;
+					break;
-                case self::RESPOND_OWNER_SERVER_INFO:
+				case self::RESPOND_OWNER_SERVER_INFO:
-                    $this->owner = $info->getString();
+					$this->owner = $info->getString();
-                    $this->eMail = $info->getString();
+					$this->eMail = $info->getString();
-                    break;
+					break;
-                case self::RESPOND_MISC_SERVER_INFO:
+				case self::RESPOND_MISC_SERVER_INFO:
-                    $this->motd = $info->getString();
+					$this->motd = $info->getString();
-                    $this->location = $info->getString();
+					$this->location = $info->getString();
-                    $this->url = $info->getString();
+					$this->url = $info->getString();
-                    $uptime = $info->getLong() << 32;
+					$uptime = $info->getLong() << 32;
-                    $this->uptime += $info->getLong() + $uptime;
+					$this->uptime += $info->getLong() + $uptime;
-                    $this->version = $info->getString();
+					$this->version = $info->getString();
-                    break;
+					break;
-                case self::RESPOND_PLAYERS_INFO:
+				case self::RESPOND_PLAYERS_INFO:
-                    $this->online = $info->getLong();
+					$this->online = $info->getLong();
-                    $this->max = $info->getLong();
+					$this->max = $info->getLong();
-                    $this->peak = $info->getLong();
+					$this->peak = $info->getLong();
-                    break;
+					break;
-                case self::RESPOND_MAP_INFO:
+				case self::RESPOND_MAP_INFO:
-                    $this->map = $info->getString();
+					$this->map = $info->getString();
-                    $this->author = $info->getString();
+					$this->author = $info->getString();
-                    $this->width = $info->getShort();
+					$this->width = $info->getShort();
-                    $this->height = $info->getShort();
+					$this->height = $info->getShort();
-                    break;
+					break;
-                case self::RESPOND_EXT_PLAYERS_INFO:
+				case self::RESPOND_EXT_PLAYERS_INFO:
-                    $count = $info->getLong();
+					$count = $info->getLong();
-                    for($i = 0; $i < $count; $i++)
+					for($i = 0; $i < $count; $i++)
-                    {
+					{
-                        $name = $info->getString();
+						$name = $info->getString();
-                        $this->players[$name] = $info->getLong();
+						$this->players[$name] = $info->getLong();
-                    }
+					}
-                    break;
+					break;
 				case self::RESPOND_SERVER_SOFTWARE_INFO:
 					$this->softwareName = $info->getString();
 					$this->softwareVersion = $info->getString();
 					$this->softwareProtocol = $info->getString();
 					break;
-            }
+			}
-        }
+		}
-    }
+	}
 /**
 * Returns server uptime.
 *
 * @return int Uptime.
 */
-    public function getUptime()
+	public function getUptime()
-    {
+	{
-        return $this->uptime;
+		return $this->uptime;
-    }
+	}
 /**
 * Returns server IP.
 *
 * @return string IP.
 */
-    public function getIP()
+	public function getIP()
-    {
+	{
-        return $this->ip;
+		return $this->ip;
-    }
+	}
 /**
 * Returns server name.
 *
 * @return string Name.
 */
-    public function getName()
+	public function getName()
-    {
+	{
-        return $this->name;
+		return $this->name;
-    }
+	}
 /**
 * Returns server port.
 *
 * @return int Port.
 */
-    public function getPort()
+	public function getPort()
-    {
+	{
-        return $this->port;
+		return $this->port;
-    }
+	}
 /**
 * Returns server location.
 *
 * @return string Location.
 */
-    public function getLocation()
+	public function getLocation()
-    {
+	{
-        return $this->location;
+		return $this->location;
-    }
+	}
 /**
 * Returns server website.
 *
 * @return string Website URL.
 */
-    public function getURL()
+	public function getURL()
-    {
+	{
-        return $this->url;
+		return $this->url;
-    }
+	}
 /**
 * Returns server version.
 *
 * @return string Version.
 */
-    public function getServerVersion()
+	public function getServerVersion()
-    {
+	{
-        return $this->version;
+		return $this->version;
-    }
+	}
 /**
 * Returns owner name.
 *
 * @return string Owner name.
 */
-    public function getOwner()
+	public function getOwner()
-    {
+	{
-        return $this->owner;
+		return $this->owner;
-    }
+	}
 /**
 * Returns owner e-mail.
 *
 * @return string Owner e-mail.
 */
-    public function getEMail()
+	public function getEMail()
-    {
+	{
-        return $this->eMail;
+		return $this->eMail;
-    }
+	}
 /**
 * Returns current amount of players online.
 *
 * @return int Count of players.
 */
-    public function getOnlinePlayers()
+	public function getOnlinePlayers()
-    {
+	{
-        return $this->online;
+		return $this->online;
-    }
+	}
 /**
 * Returns maximum amount of players online.
 *
 * @return int Maximum allowed count of players.
 */
-    public function getMaxPlayers()
+	public function getMaxPlayers()
-    {
+	{
-        return $this->max;
+		return $this->max;
-    }
+	}
 /**
 * Returns record of online players.
 *
 * @return int Players online record.
 */
-    public function getPlayersPeak()
+	public function getPlayersPeak()
-    {
+	{
-        return $this->peak;
+		return $this->peak;
-    }
+	}
 /**
 * Returns map name.
 *
 * @return string Map name.
 */
-    public function getMapName()
+	public function getMapName()
-    {
+	{
-        return $this->map;
+		return $this->map;
-    }
+	}
 /**
 * Returns map author.
 *
 * @return string Mapper name.
 */
-    public function getMapAuthor()
+	public function getMapAuthor()
-    {
+	{
-        return $this->author;
+		return $this->author;
-    }
+	}
 /**
 * Returns map width.
 *
 * @return int Map width.
 */
-    public function getMapWidth()
+	public function getMapWidth()
-    {
+	{
-        return $this->width;
+		return $this->width;
-    }
+	}
 /**
 * Returns map height.
 *
 * @return int Map height.
 */
-    public function getMapHeight()
+	public function getMapHeight()
-    {
+	{
-        return $this->height;
+		return $this->height;
-    }
+	}
 /**
 * Returns server's Message Of The Day
 *
 * @return string Server MOTD.
 */
-    public function getMOTD()
+	public function getMOTD()
-    {
+	{
-        return $this->motd;
+		return $this->motd;
-    }
+	}
 /**
 * Returns list of players currently online.
 *
 * @return array List of players in format 'name' => level.
 */
-    public function getPlayers()
+	public function getPlayers()
-    {
+	{
-    }
+	}
 /**
 * Returns software name.
 *
 * @return string Software name.
 */
-    public function getSoftwareName()
+	public function getSoftwareName()
-    {
+	{
-        return $this->softwareName;
+		return $this->softwareName;
-    }
+	}
 /**
 * Returns software version.
 *
 * @return string Software version.
 */
-    public function getSoftwareVersion()
+	public function getSoftwareVersion()
-    {
+	{
-        return $this->softwareVersion;
+		return $this->softwareVersion;
-    }
+	}
 /**
 * Returns software protocol.
 *
 * @return string Software protocol.
 */
-    public function getSoftwareProtocol()
+	public function getSoftwareProtocol()
-    {
+	{
-        return $this->softwareProtocol;
+		return $this->softwareProtocol;
-    }
+	}
 /**
 * Magic PHP5 method.
@@ -503,68 +503,68 @@ class OTS_ServerStatus
 * @return mixed Property value.
 * @throws OutOfBoundsException For non-supported properties.
 */
-    public function __get($name)
+	public function __get($name)
-    {
+	{
-        switch($name)
+		switch($name)
-        {
+		{
-            case 'uptime':
+			case 'uptime':
-                return $this->getUptime();
+				return $this->getUptime();
-            case 'ip':
+			case 'ip':
-                return $this->getIP();
+				return $this->getIP();
-            case 'name':
+			case 'name':
-                return $this->getName();
+				return $this->getName();
-            case 'port':
+			case 'port':
-                return $this->getPort();
+				return $this->getPort();
-            case 'location':
+			case 'location':
-                return $this->getLocation();
+				return $this->getLocation();
-            case 'url':
+			case 'url':
-                return $this->getURL();
+				return $this->getURL();
-            case 'serverVersion':
+			case 'serverVersion':
-                return $this->getServerVersion();
+				return $this->getServerVersion();
-            case 'owner':
+			case 'owner':
-                return $this->getOwner();
+				return $this->getOwner();
-            case 'eMail':
+			case 'eMail':
-                return $this->getEMail();
+				return $this->getEMail();
-            case 'onlinePlayers':
+			case 'onlinePlayers':
-                return $this->getOnlinePlayers();
+				return $this->getOnlinePlayers();
-            case 'maxPlayers':
+			case 'maxPlayers':
-                return $this->getMaxPlayers();
+				return $this->getMaxPlayers();
-            case 'playersPeak':
+			case 'playersPeak':
-                return $this->getPlayersPeak();
+				return $this->getPlayersPeak();
-            case 'mapName':
+			case 'mapName':
-                return $this->getMapName();
+				return $this->getMapName();
-            case 'mapAuthor':
+			case 'mapAuthor':
-                return $this->getMapAuthor();
+				return $this->getMapAuthor();
-            case 'mapWidth':
+			case 'mapWidth':
-                return $this->getMapWidth();
+				return $this->getMapWidth();
-            case 'mapHeight':
+			case 'mapHeight':
-                return $this->getMapHeight();
+				return $this->getMapHeight();
-            case 'motd':
+			case 'motd':
-                return $this->getMOTD();
+				return $this->getMOTD();
-            case 'players':
+			case 'players':
-                return $this->getPlayers();
+				return $this->getPlayers();
-            default:
+			default:
-                throw new OutOfBoundsException();
+				throw new OutOfBoundsException();
-        }
+		}
-    }
+	}
 }
 /**#@-*/
--- a/system/libs/pot/OTS_Toolbox.php
+++ b/system/libs/pot/OTS_Toolbox.php
@@ -29,11 +29,11 @@ class OTS_Toolbox
 * @return int Experience points for level.
 */
 	public static function experienceForLevel($level, $experience = 0)
-    {
+	{
-        //return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
+		//return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
 		$level = $level - 1;
 		return ((50 * $level * $level * $level) - (150 * $level * $level) + (400 * $level)) / 3;
-    }
+	}
 /**
 * Finds out which level user have basing on his/her experience.
@@ -45,19 +45,19 @@ class OTS_Toolbox
 * @param int $experience Current experience points.
 * @return int Experience level.
 */
-    public static function levelForExperience($experience)
+	public static function levelForExperience($experience)
-    {
+	{
-        // default level
+		// default level
-        $level = 1;
+		$level = 1;
-        // until we will find level which requires more experience then we have we will step to next
+		// until we will find level which requires more experience then we have we will step to next
-        while( self::experienceForLevel($level + 1) <= $experience)
+		while( self::experienceForLevel($level + 1) <= $experience)
-        {
+		{
-            $level++;
+			$level++;
-        }
+		}
-        return $level;
+		return $level;
-    }
+	}
 /**
 * @version 0.1.5
@@ -65,25 +65,25 @@ class OTS_Toolbox
 * @return OTS_Players_List Filtered list.
 * @deprecated 0.1.5 Use OTS_PlayerBans_List.
 */
-    public static function bannedPlayers()
+	public static function bannedPlayers()
-    {
+	{
-        // creates filter
+		// creates filter
-        $filter = new OTS_SQLFilter();
+		$filter = new OTS_SQLFilter();
-        $filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_PLAYER);
+		$filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_PLAYER);
-        $filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
+		$filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
-        $filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'players') );
+		$filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'players') );
-        // selects only active bans
+		// selects only active bans
-        $actives = new OTS_SQLFilter();
+		$actives = new OTS_SQLFilter();
-        $actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
+		$actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
-        $actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
+		$actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
-        $filter->addFilter($actives);
+		$filter->addFilter($actives);
-        // creates list and aplies filter
+		// creates list and aplies filter
-        $list = new OTS_Players_List();
+		$list = new OTS_Players_List();
-        $list->setFilter($filter);
+		$list->setFilter($filter);
-        return $list;
+		return $list;
-    }
+	}
 /**
 * @version 0.1.5
@@ -91,25 +91,34 @@ class OTS_Toolbox
 * @return OTS_Accounts_List Filtered list.
 * @deprecated 0.1.5 Use OTS_AccountBans_List.
 */
-    public static function bannedAccounts()
+	public static function bannedAccounts()
-    {
+	{
-        // creates filter
+		// creates filter
-        $filter = new OTS_SQLFilter();
+		$filter = new OTS_SQLFilter();
-        $filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_ACCOUNT);
+		$filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_ACCOUNT);
-        $filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
+		$filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
-        $filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'accounts') );
+		$filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'accounts') );
-        // selects only active bans
+		// selects only active bans
-        $actives = new OTS_SQLFilter();
+		$actives = new OTS_SQLFilter();
-        $actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
+		$actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
-        $actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
+		$actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
-        $filter->addFilter($actives);
+		$filter->addFilter($actives);
-        // creates list and aplies filter
+		// creates list and aplies filter
-        $list = new OTS_Accounts_List();
+		$list = new OTS_Accounts_List();
-        $list->setFilter($filter);
+		$list->setFilter($filter);
-        return $list;
+		return $list;
-    }
+	}
 	public static function getVocationName($id, $promotion = 0): string
 	{
 		if($promotion > 0) {
 			$id = ($id + ($promotion * config('vocations_amount')));
 		}
 		return config('vocations')[$id] ?? 'Unknown';
 	}
 }
 /**#@-*/
--- a/system/locale/de/install.php
+++ b/system/locale/de/install.php
@@ -48,6 +48,8 @@ $locale['step_config'] = 'Konfiguration';
 $locale['step_config_title'] = 'Grundkonfiguration';
 $locale['step_config_server_path'] = 'Serverpfad';
 $locale['step_config_server_path_desc'] = 'Pfad zu Ihrem TFS-Hauptverzeichnis, in dem sich die config.lua befinden.';
 $locale['step_config_site_url'] = 'Website URL';
 $locale['step_config_site_url_desc'] = 'Ihre Website-Adresse.';
 $locale['step_config_mail_admin'] = 'Admin E-Mail';
 $locale['step_config_mail_admin_desc'] = 'Adresse, an die E-Mails aus dem Kontaktformular gesendet werden, z. B. admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'Admin E-Mail ist nicht korrekt.';
--- a/system/locale/en/install.php
+++ b/system/locale/en/install.php
@@ -52,6 +52,8 @@ $locale['step_config'] = 'Configuration';
 $locale['step_config_title'] = 'Basic configuration';
 $locale['step_config_server_path'] = 'Server path';
 $locale['step_config_server_path_desc'] = 'Path to your TFS main directory, where you have config.lua located.';
 $locale['step_config_site_url'] = 'Website URL';
 $locale['step_config_site_url_desc'] = 'Your website address.';
 $locale['step_config_mail_admin'] = 'Admin Email';
 $locale['step_config_mail_admin_desc'] = 'Address where emails from contact form will be delivered, for example admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'Admin Email is not correct.';
--- a/system/locale/pl/install.php
+++ b/system/locale/pl/install.php
@@ -52,6 +52,8 @@ $locale['step_config'] = 'Konfiguracja';
 $locale['step_config_title'] = 'Podstawowa konfiguracja';
 $locale['step_config_server_path'] = 'Ścieżka do serwera';
 $locale['step_config_server_path_desc'] = 'Ścieżka do Twojego folderu z TFS, gdzie znajduje się plik config.lua.';
 $locale['step_config_server_url'] = 'Adres strony';
 $locale['step_config_server_url_desc'] = 'Adres tej strony www.';
 $locale['step_config_mail_admin'] = 'E-Mail admina';
 $locale['step_config_mail_admin_desc'] = 'Na ten adres będą dostarczane E-Maile z formularza kontaktowego, przykładowo admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'E-Mail admina jest niepoprawny.';
--- a/system/migrations/17.php
+++ b/system/migrations/17.php
@@ -10,8 +10,13 @@ $up = function () use ($db) {
 		$db->exec(file_get_contents(__DIR__ . '/17-menu.sql'));
 	}
-	Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php');
+	$themes = ['kathrine', 'tibiacom',];
-	Plugins::installMenus('tibiacom', require TEMPLATES . 'tibiacom/menus.php');
+	foreach ($themes as $theme) {
 		$file = TEMPLATES . $theme . '/menus.php';
 		if (is_file($file)) {
 			Plugins::installMenus($theme, require $file);
 		}
 	}
 };
 $down = function () use ($db) {
--- a/system/migrations/44.php
+++ b/system/migrations/44.php
@@ -0,0 +1,20 @@
 <?php
 // 2025-05-14
 // update pages links
 // server-info conflicts with apache2 mod
 // Changelog conflicts with changelog files
 use MyAAC\Models\Menu;
 use MyAAC\Models\Pages;
 $up = function() {
 	Menu::where('link', 'server-info')->update(['link' => 'ots-info']);
 	Menu::where('link', 'changelog')->update(['link' => 'change-log']);
 };
 $down = function() {
 	Menu::where('link', 'ots-info')->update(['link' => 'server-info']);
 	Menu::where('link', 'change-log')->update(['link' => 'changelog']);
 };
--- a/system/migrations/45.php
+++ b/system/migrations/45.php
@@ -0,0 +1,32 @@
 <?php
 // 2025-05-14
 // update pages links
 // server-info conflicts with apache2 mod
 // Changelog conflicts with changelog files
 use MyAAC\Models\Pages;
 $up = function() {
 	Pages::where('name', 'rules_on_the_page')->update(['hide' => 1]);
 	$rules = Pages::where('name', 'rules')->first();
 	if (!$rules) {
 		Pages::create([
 			'name' => 'rules',
 			'title' => 'Server Rules',
 			'body' => '<b>{{ config.lua.serverName }} Rules</b><br/>' . nl2br(file_get_contents(__DIR__ . '/30-rules.txt')),
 			'date' => time(),
 			'player_id' => 1,
 			'php' => 0,
 			'enable_tinymce' => 1,
 			'access' => 0,
 			'hide' => 0,
 		]);
 	}
 };
 $down = function() {
 	Pages::where('name', 'rules_on_the_page')->update(['hide' => 0]);
 };
--- a/system/migrations/46-account_email_codes.sql
+++ b/system/migrations/46-account_email_codes.sql
@@ -0,0 +1,8 @@
 CREATE TABLE `myaac_account_email_codes`
 (
 	`id` int(11) NOT NULL AUTO_INCREMENT,
 	`account_id` int NOT NULL,
 	`code` varchar(6) NOT NULL,
 	`created_at` int NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
--- a/system/migrations/46.php
+++ b/system/migrations/46.php
@@ -0,0 +1,27 @@
 <?php
 // add the myaac_account_email_codes
 /**
 * @var OTS_DB_MySQL $db
 */
 $up = function () use ($db) {
 	if (!$db->hasColumn('accounts', '2fa_type')) {
 		$db->addColumn('accounts', '2fa_type', "tinyint NOT NULL DEFAULT 0 AFTER `web_flags`");
 	}
 	// add myaac_account_email_codes table
 	if (!$db->hasTable(TABLE_PREFIX . 'account_email_codes')) {
 		$db->exec(file_get_contents(__DIR__ . '/46-account_email_codes.sql'));
 	}
 };
 $down = function () use ($db) {
 	if ($db->hasColumn('accounts', '2fa_type')) {
 		$db->dropColumn('accounts', '2fa_type');
 	}
 	//if ($db->hasTable(TABLE_PREFIX . 'account_email_codes')) {
 	//	$db->dropTable(TABLE_PREFIX . 'account_email_codes');
 	//}
 };
--- a/system/pages/404.php
+++ b/system/pages/404.php
@@ -8,7 +8,7 @@
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = '404 Not Found';
+$title = 'Not Found';
 header('HTTP/1.0 404 Not Found');
 ?>
--- a/system/pages/405.php
+++ b/system/pages/405.php
@@ -8,7 +8,7 @@
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = '405 Method Not Allowed';
+$title = 'Method Not Allowed';
 header('HTTP/1.0 405 Method Not Allowed');
 ?>
--- a/system/pages/account/2fa.php
+++ b/system/pages/account/2fa.php
@@ -0,0 +1,121 @@
 <?php
 /**
 * 2-factor authentication
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\TwoFactorAuth\TwoFactorAuth;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Two Factor Authentication';
 require __DIR__ . '/base.php';
 csrfProtect();
 /**
 * @var OTS_Account $account_logged
 */
 $step = $_REQUEST['step'] ?? '';
 $code = $_REQUEST['email-code'] ?? '';
 if ((!setting('core.mail_enabled')) && ACTION == 'email-code') {
 	$twig->display('error_box.html.twig',  ['errors' => ['Account two-factor e-mail authentication disabled.']]);
 	return;
 }
 if (!isset($account_logged) || !$account_logged->isLoaded()) {
 	$current_session = getSession('account');
 	if($current_session) {
 		$account_logged->load($current_session);
 	}
 }
 $twoFactorAuth = TwoFactorAuth::getInstance($account_logged);
 if (ACTION == 'email-code') {
 	if ($step == 'resend') {
 		if ($twoFactorAuth->hasRecentEmailCode(15 * 60)) {
 			$errors = ['Sorry, one email per 15 minutes'];
 		}
 		else {
 			$twoFactorAuth->resendEmailCode();
 		}
 		if (!empty($errors)) {
 			$twig->display('error_box.html.twig',  ['errors' => $errors]);
 		}
 		$twig->display('account.2fa.email.login.html.twig');
 	}
 	else if ($step == 'activate') {
 		if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
 			$twoFactorAuth->resendEmailCode();
 		}
 		if (isset($_POST['save'])) {
 			if (!empty($code)) {
 				$twoFactorAuth->setAuthGateway(TwoFactorAuth::TYPE_EMAIL);
 				if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
 					$serverName = configLua('serverName');
 					$twoFactorAuth->enable(TwoFactorAuth::TYPE_EMAIL);
 					$twoFactorAuth->deleteOldCodes();
 					$twig->display('success.html.twig', [
 						'title' => 'Email Code Authentication Activated',
 						'description' => sprintf('You have successfully activated <b>email code authentication</b> for your account. This means an <b>email code</b> will be sent to the email address assigned to your account whenever you try to log in to the %s client or the %s website. In order to log in, you will need to enter the <b>most recent email code</b> you have received.', $serverName, $serverName)
 					]);
 					return;
 				}
 				else {
 					$errors[] = 'Invalid email code!';
 				}
 			}
 		}
 		if (!empty($errors)) {
 			$twig->display('error_box.html.twig', ['errors' => $errors]);
 		}
 		$twig->display('account.2fa.email_code.html.twig', ['wrongCode' => count($errors) > 0]);
 	}
 	else if ($step == 'deactivate') {
 		if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
 			$twoFactorAuth->resendEmailCode();
 		}
 		if (isset($_POST['save'])) {
 			if (!empty($code)) {
 				if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
 					$twoFactorAuth->disable();
 					$twoFactorAuth->deleteOldCodes();
 					$twig->display('success.html.twig',
 						[
 							'title' => 'Email Code Authentication Deactivated',
 							'description' => 'You have successfully <b>deactivated</b> the <b>Email Code Authentication</b> for your account.'
 						]
 					);
 					return;
 				}
 				else {
 					$errors[] = 'Invalid email code!';
 				}
 			}
 		}
 		if (!empty($errors)) {
 			$twig->display('error_box.html.twig', ['errors' => $errors]);
 		}
 		$twig->display('account.2fa.email.deactivate.html.twig', ['wrongCode' => count($errors) > 0]);
 	}
 }
--- a/system/pages/account/base.php
+++ b/system/pages/account/base.php
@@ -17,6 +17,10 @@ if(!$logged)
 	if(!empty($errors))
 		$twig->display('error_box.html.twig', array('errors' => $errors));
 	if (defined('HIDE_LOGIN_BOX') && HIDE_LOGIN_BOX) {
 		return;
 	}
 	$twig->display('account.login.html.twig', array(
 		'redirect' => $_REQUEST['redirect'] ?? null,
 		'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
--- a/system/pages/account/change-email.php
+++ b/system/pages/account/change-email.php
@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 $email_new_time = $account_logged->getCustomField("email_new_time");
 if($email_new_time > 10) {
@@ -164,7 +166,7 @@ if(isset($_POST['emailchangecancel']) && $_POST['emailchangecancel'] == 1) {
 	$account_logged->setCustomField("email_new", "");
 	$account_logged->setCustomField("email_new_time", 0);
-	$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" ><tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';
+	$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" >' . csrf(true) . '<tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';
 	$twig->display('success.html.twig', array(
 		'title' => 'Email Address Change Cancelled',
--- a/system/pages/account/change-info.php
+++ b/system/pages/account/change-info.php
@@ -20,6 +20,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 if(setting('core.account_country'))
 	require SYSTEM . 'countries.conf.php';
--- a/system/pages/account/change-password.php
+++ b/system/pages/account/change-password.php
@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 $new_password = $_POST['newpassword'] ?? NULL;
 $new_password_confirm = $_POST['newpassword_confirm'] ?? NULL;
 $old_password = $_POST['oldpassword'] ?? NULL;
--- a/system/pages/account/characters/change-comment.php
+++ b/system/pages/account/characters/change-comment.php
@@ -20,6 +20,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 $player = null;
 $player_name = isset($_REQUEST['name']) ? stripslashes(urldecode($_REQUEST['name'])) : null;
 $new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
--- a/system/pages/account/characters/change-name.php
+++ b/system/pages/account/characters/change-name.php
@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 $player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
 $name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : NULL;
 if((!setting('core.account_change_character_name')))
--- a/system/pages/account/characters/change-sex.php
+++ b/system/pages/account/characters/change-sex.php
@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 $sex_changed = false;
 $player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
 $new_sex = isset($_POST['new_sex']) ? (int)$_POST['new_sex'] : NULL;
--- a/system/pages/account/characters/create.php
+++ b/system/pages/account/characters/create.php
@@ -20,6 +20,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 $character_name = isset($_POST['name']) ? stripslashes($_POST['name']) : null;
 $character_sex = isset($_POST['sex']) ? (int)$_POST['sex'] : null;
 $character_vocation = isset($_POST['vocation']) ? (int)$_POST['vocation'] : null;
--- a/system/pages/account/characters/delete.php
+++ b/system/pages/account/characters/delete.php
@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 $player_name = isset($_POST['delete_name']) ? stripslashes($_POST['delete_name']) : null;
 $password_verify = isset($_POST['delete_password']) ? $_POST['delete_password'] : null;
 $password_verify = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $password_verify);
--- a/system/pages/account/create.php
+++ b/system/pages/account/create.php
@@ -23,6 +23,8 @@ if($logged)
 	return;
 }
 csrfProtect();
 if(setting('core.account_create_character_create')) {
 	$createCharacter = new CreateCharacter();
 }
@@ -219,8 +221,19 @@ if($save)
 			}
 		}
-		if(setting('core.account_premium_points') && setting('core.account_premium_points') > 0) {
+		$accountDefaultPremiumPoints = setting('core.account_premium_points');
-			$new_account->setCustomField('premium_points', setting('core.account_premium_points'));
+		if($accountDefaultPremiumPoints > 0) {
 			$new_account->setCustomField('premium_points', $accountDefaultPremiumPoints);
 		}
 		$accountDefaultCoins = setting('core.account_coins');
 		if(HAS_ACCOUNT_COINS && $accountDefaultCoins > 0) {
 			$new_account->setCustomField('coins', $accountDefaultCoins);
 		}
 		$accountDefaultCoinsTransferable = setting('core.account_coins_transferable');
 		if((HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS) && $accountDefaultCoinsTransferable > 0) {
 			$new_account->setCustomField(ACCOUNT_COINS_TRANSFERABLE_COLUMN, $accountDefaultCoinsTransferable);
 		}
 		$tmp_account = $email;
--- a/system/pages/account/login.php
+++ b/system/pages/account/login.php
@@ -10,6 +10,7 @@
 */
 use MyAAC\RateLimit;
 use MyAAC\TwoFactorAuth\TwoFactorAuth;
 defined('MYAAC') or die('Direct access not allowed!');
@@ -18,6 +19,8 @@ if($logged || !isset($_POST['account_login']) || !isset($_POST['password_login']
 	return;
 }
 csrfProtect();
 $login_account = $_POST['account_login'];
 $login_password = $_POST['password_login'];
 $remember_me = isset($_POST['remember_me']);
@@ -48,6 +51,11 @@ if(!empty($login_account) && !empty($login_password))
 		if (setting('core.account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) {
 			$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.';
 		} else {
 			$twoFactorAuth = TwoFactorAuth::getInstance($account_logged);
 			if (!$twoFactorAuth->process($login_account, $login_password, $_POST['email-code'] ?? '')) {
 				return;
 			}
 			session_regenerate_id();
 			setSession('account', $account_logged->getId());
 			setSession('password', encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password));
@@ -95,3 +103,8 @@ else {
 }
 $hooks->trigger(HOOK_ACCOUNT_LOGIN_POST);
 if($logged) {
 	$twig->addGlobal('logged', true);
 	$twig->addGlobal('account_logged', $account_logged);
 }
--- a/system/pages/account/manage.php
+++ b/system/pages/account/manage.php
@@ -8,6 +8,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\TwoFactorAuth\TwoFactorAuth;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Account Management';
@@ -34,6 +37,8 @@ if(isset($_REQUEST['redirect']))
 	return;
 }
 csrfProtect();
 $groups = new OTS_Groups_List();
 $freePremium = isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium']) || $account_logged->getPremDays() == OTS_Account::GRATIS_PREMIUM_DAYS;
@@ -109,6 +114,8 @@ $twig->display('account.management.html.twig', array(
 	'account_registered' => $account_registered,
 	'account_rlname' => $account_rlname,
 	'account_location' => $account_location,
 	'twoFactorViews' => TwoFactorAuth::getInstance($account_logged)->getAccountManageViews(),
 	'actions' => $actions,
-	'players' => $account_players
+	'players' => $account_players,
 ));
--- a/system/pages/account/redirect.php
+++ b/system/pages/account/redirect.php
@@ -1,23 +0,0 @@
 <?php
 /**
 * Change comment
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $redirect = urldecode($_REQUEST['redirect']);
 // should never happen, unless hacker modify the URL
 if (!str_contains($redirect, BASE_URL)) {
 	error('Fatal error: Cannot redirect outside the website.');
 	return;
 }
 $twig->display('account.redirect.html.twig', array(
 	'redirect' => $redirect
 ));
--- a/system/pages/account/register-new.php
+++ b/system/pages/account/register-new.php
@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 if(isset($_POST['reg_password']))
 	$reg_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
--- a/system/pages/account/register.php
+++ b/system/pages/account/register.php
@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 $_POST['reg_password'] = $_POST['reg_password'] ?? '';
 $reg_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
 $old_key = $account_logged->getCustomField("key");
--- a/system/pages/change-log.php
+++ b/system/pages/change-log.php
@@ -0,0 +1,46 @@
 <?php
 /**
 * Changelog
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Changelog';
 use MyAAC\Models\Changelog;
 $_page = isset($_GET['page']) ? (int)$_GET['page'] : 0;
 $limit = 30;
 $offset = $_page * $limit;
 $next_page = false;
 $canEdit = hasFlag(FLAG_CONTENT_NEWS) || superAdmin();
 $changelogs = Changelog::isPublic()->orderByDesc('date')->limit($limit + 1)->offset($offset)->get()->toArray();
 $i = 0;
 foreach($changelogs as $key => &$log)
 {
 	if($i < $limit) {
 		$log['type'] = getChangelogType($log['type']);
 		$log['where'] = getChangelogWhere($log['where']);
 	}
 	else {
 		unset($changelogs[$key]);
 	}
 	if ($i >= $limit)
 		$next_page = true;
 	$i++;
 }
 $twig->display('changelog.html.twig', array(
 	'changelogs' => $changelogs,
 	'page' => $_page,
 	'next_page' => $next_page,
 	'canEdit' => $canEdit,
 ));
--- a/system/pages/changelog.php
+++ b/system/pages/changelog.php
@@ -1,46 +1,3 @@
 <?php
 /**
 * Changelog
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Changelog';
-use MyAAC\Models\Changelog;
+require 'change-log.php';
 $_page = isset($_GET['page']) ? (int)$_GET['page'] : 0;
 $limit = 30;
 $offset = $_page * $limit;
 $next_page = false;
 $canEdit = hasFlag(FLAG_CONTENT_NEWS) || superAdmin();
 $changelogs = Changelog::isPublic()->orderByDesc('date')->limit($limit + 1)->offset($offset)->get()->toArray();
 $i = 0;
 foreach($changelogs as $key => &$log)
 {
 	if($i < $limit) {
 		$log['type'] = getChangelogType($log['type']);
 		$log['where'] = getChangelogWhere($log['where']);
 	}
 	else {
 		unset($changelogs[$key]);
 	}
 	if ($i >= $limit)
 		$next_page = true;
 	$i++;
 }
 $twig->display('changelog.html.twig', array(
 	'changelogs' => $changelogs,
 	'page' => $_page,
 	'next_page' => $next_page,
 	'canEdit' => $canEdit,
 ));
--- a/system/pages/forum/admin.php
+++ b/system/pages/forum/admin.php
@@ -17,6 +17,8 @@ if(!$canEdit) {
 	return;
 }
 csrfProtect();
 $groupsList = new OTS_Groups_List();
 $groups = [
 	['id' => 0, 'name' => 'Guest'],
@@ -30,23 +32,24 @@ foreach ($groupsList as $group) {
 }
 if(!empty($action)) {
-	if($action == 'delete_board' || $action == 'edit_board' || $action == 'hide_board' || $action == 'moveup_board' || $action == 'movedown_board')
+	if($action == 'delete_board' || $action == 'edit_board' || $action == 'hide_board' || $action == 'moveup_board' || $action == 'movedown_board') {
 		$id = $_REQUEST['id'];
 	if(isset($_REQUEST['access'])) {
 		$access = $_REQUEST['access'];
 	}
-	if(isset($_REQUEST['guild'])) {
+	if(isset($_POST['access'])) {
-		$guild = $_REQUEST['guild'];
+		$access = $_POST['access'];
 	}
-	if(isset($_REQUEST['name'])) {
+	if(isset($_POST['guild'])) {
-		$name = $_REQUEST['name'];
+		$guild = $_POST['guild'];
 	}
-	if(isset($_REQUEST['description'])) {
+	if(isset($_POST['name'])) {
-		$description = stripslashes($_REQUEST['description']);
+		$name = $_POST['name'];
 	}
 	if(isset($_POST['description'])) {
 		$description = stripslashes($_POST['description']);
 	}
 	$errors = [];
@@ -55,12 +58,13 @@ if(!empty($action)) {
 		if(Forum::add_board($name, $description, $access, $guild, $errors)) {
 			$action = $name = $description = '';
 			header('Location: ' . getLink('forum'));
 			exit;
 		}
 	}
 	else if($action == 'delete_board') {
 		Forum::delete_board($id, $errors);
 		header('Location: ' . getLink('forum'));
-		$action = '';
+		exit;
 	}
 	else if($action == 'edit_board')
 	{
@@ -74,28 +78,27 @@ if(!empty($action)) {
 		else {
 			Forum::update_board($id, $name, $access, $guild, $description);
 			header('Location: ' . getLink('forum'));
-			$action = $name = $description = '';
+			exit;
 			$access = $guild = 0;
 		}
 	}
 	else if($action == 'hide_board') {
 		Forum::toggleHide_board($id, $errors);
 		header('Location: ' . getLink('forum'));
-		$action = '';
+		exit;
 	}
 	else if($action == 'moveup_board') {
 		Forum::move_board($id, -1, $errors);
 		header('Location: ' . getLink('forum'));
-		$action = '';
+		exit;
 	}
 	else if($action == 'movedown_board') {
 		Forum::move_board($id, 1, $errors);
 		header('Location: ' . getLink('forum'));
-		$action = '';
+		exit;
 	}
 	if(!empty($errors)) {
-		$twig->display('error_box.html.twig', array('errors' => $errors));
+		$twig->display('error_box.html.twig', ['errors' => $errors]);
 		$action = '';
 	}
 }
--- a/system/pages/forum/edit_post.php
+++ b/system/pages/forum/edit_post.php
@@ -23,8 +23,9 @@ if(!$logged) {
 	return;
 }
-if(Forum::canPost($account_logged))
+csrfProtect();
-{
+
 if(Forum::canPost($account_logged)) {
 	$post_id = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : false;
 	if(!$post_id) {
 		$errors[] = 'Please enter post id.';
@@ -41,12 +42,12 @@ if(Forum::canPost($account_logged))
 			$char_id = $post_topic = $text = $smile = $html = null;
 			$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
 			$saved = false;
-			if(isset($_REQUEST['save'])) {
+			if(isset($_POST['save'])) {
-				$text = stripslashes(trim($_REQUEST['text']));
+				$text = stripslashes(trim($_POST['text']));
-				$char_id = (int) $_REQUEST['char_id'];
+				$char_id = (int) $_POST['char_id'];
-				$post_topic = stripslashes(trim($_REQUEST['topic']));
+				$post_topic = stripslashes(trim($_POST['topic']));
-				$smile = isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0;
+				$smile = isset($_POST['smile']) ? (int)$_POST['smile'] : 0;
-				$html = isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0;
+				$html = isset($_POST['html']) ? (int)$_POST['html'] : 0;
 				if (!superAdmin()) {
 					$html = 0;
--- a/system/pages/forum/move_thread.php
+++ b/system/pages/forum/move_thread.php
@@ -23,15 +23,17 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 if(!Forum::isModerator()) {
 	echo 'You are not logged in or you are not moderator.';
 	return;
 }
-$save = isset($_REQUEST['save']) && (int)$_REQUEST['save'] == 1;
+$save = isset($_POST['save']) && (int)$_POST['save'] == 1;
 if($save) {
-	$post_id = (int)$_REQUEST['id'];
+	$post_id = (int)$_POST['id'];
-	$board = (int)$_REQUEST['section'];
+	$board = (int)$_POST['section'];
 	if(!Forum::hasAccess($board)) {
 		$errors[] = "You don't have access to this board.";
 		displayErrorBoxWithBackButton($errors, getLink('forum'));
--- a/system/pages/forum/new_post.php
+++ b/system/pages/forum/new_post.php
@@ -28,6 +28,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 if(Forum::canPost($account_logged)) {
 	$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
 	$thread_id = isset($_REQUEST['thread_id']) ? (int) $_REQUEST['thread_id'] : 0;
@@ -43,11 +45,11 @@ if(Forum::canPost($account_logged)) {
 		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread_id) . '">'.htmlspecialchars($thread['post_topic']).'</a> >> <b>Post new reply</b><br /><h3>'.htmlspecialchars($thread['post_topic']).'</h3>';
 		$quote = isset($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : NULL;
-		$text = isset($_REQUEST['text']) ? stripslashes(trim($_REQUEST['text'])) : NULL;
+		$text = isset($_POST['text']) ? stripslashes(trim($_POST['text'])) : NULL;
-		$char_id = (int) ($_REQUEST['char_id'] ?? 0);
+		$char_id = (int) ($_POST['char_id'] ?? 0);
-		$post_topic = isset($_REQUEST['topic']) ? stripslashes(trim($_REQUEST['topic'])) : '';
+		$post_topic = isset($_POST['topic']) ? stripslashes(trim($_POST['topic'])) : '';
-		$smile = (int)($_REQUEST['smile'] ?? 0);
+		$smile = (int)($_POST['smile'] ?? 0);
-		$html = (int)($_REQUEST['html'] ?? 0);
+		$html = (int)($_POST['html'] ?? 0);
 		$saved = false;
 		if (!superAdmin()) {
@@ -60,10 +62,10 @@ if(Forum::canPost($account_logged)) {
 				$text = '[i]Originally posted by ' . $quoted_post[0]['name'] . ' on ' . date('d.m.y H:i:s', $quoted_post[0]['post_date']) . ':[/i][quote]' . $quoted_post[0]['post_text'] . '[/quote]';
 			}
 		}
-		elseif(isset($_REQUEST['save'])) {
+		elseif(isset($_POST['save'])) {
 			$length = strlen($text);
 			if($length < 1 || strlen($text) > 15000) {
-				$errors[] = 'Too short or too long post (Length: $length letters). Minimum 1 letter, maximum 15000 letters.';
+				$errors[] = "Too short or too long post (Length: $length letters). Minimum 1 letter, maximum 15000 letters.";
 			}
 			if($char_id == 0) {
@@ -79,15 +81,14 @@ if(Forum::canPost($account_logged)) {
 				}
 				if(!$player_on_account) {
-					$errors[] = 'Player with selected ID ' . $char_id . ' doesn\'t exist or isn\'t on your account';
+					$errors[] = "Player with selected ID $char_id doesn't exist or isn't on your account";
 				}
 			}
 			if(count($errors) == 0) {
 				$last_post = 0;
 				$query = $db->query('SELECT post_date FROM ' . FORUM_TABLE_PREFIX . 'forum ORDER BY post_date DESC LIMIT 1');
-				if($query->rowCount() > 0)
+				if($query->rowCount() > 0) {
 				{
 					$query = $query->fetch();
 					$last_post = $query['post_date'];
 				}
--- a/system/pages/forum/new_thread.php
+++ b/system/pages/forum/new_thread.php
@@ -28,6 +28,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 if(Forum::canPost($account_logged)) {
 	$players_from_account = $db->query('SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = '.(int) $account_logged->getId())->fetchAll();
 	$section_id = $_REQUEST['section_id'] ?? null;
@@ -38,19 +40,18 @@ if(Forum::canPost($account_logged)) {
 			if ($sections[$section_id]['closed'] && !Forum::isModerator())
 				$errors[] = 'You cannot create topic on this board.';
-			$quote = (int)(isset($_REQUEST['quote']) ? $_REQUEST['quote'] : 0);
+			$text = isset($_POST['text']) ? stripslashes($_POST['text']) : '';
-			$text = isset($_REQUEST['text']) ? stripslashes($_REQUEST['text']) : '';
+			$char_id = (int)(isset($_POST['char_id']) ? $_POST['char_id'] : 0);
-			$char_id = (int)(isset($_REQUEST['char_id']) ? $_REQUEST['char_id'] : 0);
+			$post_topic = isset($_POST['topic']) ? stripslashes($_POST['topic']) : '';
-			$post_topic = isset($_REQUEST['topic']) ? stripslashes($_REQUEST['topic']) : '';
+			$smile = (isset($_POST['smile']) ? (int)$_POST['smile'] : 0);
-			$smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0);
+			$html = (isset($_POST['html']) ? (int)$_POST['html'] : 0);
 			$html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0);
 			if (!superAdmin()) {
 				$html = 0;
 			}
 			$saved = false;
-			if (isset($_REQUEST['save'])) {
+			if (isset($_POST['save'])) {
 				$length = strlen($post_topic);
 				if ($length < 1 || $length > 60) {
 					$errors[] = "Too short or too long topic (Length: $length letters). Minimum 1 letter, maximum 60 letters.";
--- a/system/pages/forum/remove_post.php
+++ b/system/pages/forum/remove_post.php
@@ -23,11 +23,13 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 if(Forum::isModerator()) {
-	$id = (int) $_REQUEST['id'];
+	$id = (int) ($_POST['id'] ?? 0);
 	$post = $db->query("SELECT `id`, `first_post`, `section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `id` = ".$id." LIMIT 1")->fetch();
-	if($post['id'] == $id && Forum::hasAccess($post['section'])) {
+	if($post && $post['id'] == $id && Forum::hasAccess($post['section'])) {
 		if($post['id'] == $post['first_post']) {
 			$db->query("DELETE FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `first_post` = ".$post['id']);
 			header('Location: ' . getForumBoardLink($post['section']));
@@ -36,7 +38,7 @@ if(Forum::isModerator()) {
 			$post_page = $db->query("SELECT COUNT(`" . FORUM_TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`id` < ".$id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".(int) $post['first_post'])->fetch();
 			$_page = (int) ceil($post_page['posts_count'] / setting('core.forum_threads_per_page')) - 1;
 			$db->query("DELETE FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `id` = ".$post['id']);
-			header('Location: ' . getForumThreadLink($post['first_post'], (int) $_page));
+			header('Location: ' . getForumThreadLink($post['first_post'], $_page));
 		}
 	}
 	else {
--- a/system/pages/forum/show_board.php
+++ b/system/pages/forum/show_board.php
@@ -33,7 +33,7 @@ if(!Forum::hasAccess($section_id)) {
 	return;
 }
-$_page = (int) (isset($_REQUEST['page']) ? $_REQUEST['page'] : 0);
+$_page = (int) ($_REQUEST['page'] ?? 0);
 $threads_count = $db->query("SELECT COUNT(`" . FORUM_TABLE_PREFIX . "forum`.`id`) AS threads_count FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`section` = ".(int) $section_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = `" . FORUM_TABLE_PREFIX . "forum`.`id`")->fetch();
 for($i = 0; $i < $threads_count['threads_count'] / setting('core.forum_threads_per_page'); $i++) {
 	if($i != $_page)
@@ -50,7 +50,7 @@ if($logged && (!$sections[$section_id]['closed'] || Forum::isModerator())) {
 }
 echo '<br /><br />Page: '.$links_to_pages.'<br />';
-$last_threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`last_post`, `" . FORUM_TABLE_PREFIX . "forum`.`replies`, `" . FORUM_TABLE_PREFIX . "forum`.`views`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`section` = ".$section_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = `" . FORUM_TABLE_PREFIX . "forum`.`id` ORDER BY `" . FORUM_TABLE_PREFIX . "forum`.`last_post` DESC LIMIT ".setting('core.forum_threads_per_page')." OFFSET ".($_page * setting('core.forum_threads_per_page')))->fetchAll();
+$last_threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`first_post`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`last_post`, `" . FORUM_TABLE_PREFIX . "forum`.`replies`, `" . FORUM_TABLE_PREFIX . "forum`.`views`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`section` = ".$section_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = `" . FORUM_TABLE_PREFIX . "forum`.`id` ORDER BY `" . FORUM_TABLE_PREFIX . "forum`.`last_post` DESC LIMIT ".setting('core.forum_threads_per_page')." OFFSET ".($_page * setting('core.forum_threads_per_page')))->fetchAll(PDO::FETCH_ASSOC);
 if(isset($last_threads[0])) {
 	echo '<table width="100%">
@@ -67,8 +67,8 @@ if(isset($last_threads[0])) {
 	foreach($last_threads as $thread) {
 		echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td>';
 		if(Forum::isModerator()) {
-			echo '<a href="' . getLink('forum') . '?action=move_thread&id='.$thread['id'].'"\')"><span style="color:darkgreen">[MOVE]</span></a>';
+			echo '<a href="' . getLink('forum') . '?action=move_thread&id=' . $thread['id'] . '" title="Move Thread"><img src="images/icons/arrow_right.gif"/></a>';
-			echo '<a href="' . getLink('forum') . '?action=remove_post&id='.$thread['id'].'" onclick="return confirm(\'Are you sure you want remove thread > '.htmlspecialchars($thread['post_topic']).' <?\')"><span style="color: red">[REMOVE]</span></a>  ';
+			$twig->display('forum.remove_post.html.twig', ['post' => $thread]);
 		}
 		$player->load($thread['player_id']);
@@ -82,10 +82,13 @@ if(isset($last_threads[0])) {
 		echo '<a href="' . getForumThreadLink($thread['id']) . '">'.htmlspecialchars($thread['post_topic']). '</a><br /><small>'.($canEditForum ? substr(strip_tags($thread['post_text']), 0, 50) : htmlspecialchars(substr($thread['post_text'], 0, 50))).'...</small></td><td>' . getPlayerLink($thread['name']) . '</td><td>'.(int) $thread['replies'].'</td><td>'.(int) $thread['views'].'</td><td>';
 		if($thread['last_post'] > 0) {
 			$last_post = $db->query("SELECT `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['id']." AND `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` ORDER BY `post_date` DESC LIMIT 1")->fetch();
-			if(isset($last_post['name']))
+
-				echo date('d.m.y H:i:s', $last_post['post_date']).'<br />by ' . getPlayerLink($last_post['name']);
+			if(isset($last_post['name'])) {
-			else
+				echo date('d.m.y H:i:s', $last_post['post_date']) . '<br />by ' . getPlayerLink($last_post['name']);
 			}
 			else {
 				echo 'No posts.';
 			}
 		}
 		else {
 			echo date('d.m.y H:i:s', $thread['post_date']) . '<br />by ' . getPlayerLink($thread['name']);
--- a/system/pages/forum/show_thread.php
+++ b/system/pages/forum/show_thread.php
@@ -35,7 +35,7 @@ if(!Forum::hasAccess($thread_starter['section'])) {
 	return;
 }
-$posts_count = $db->query("SELECT COUNT(`" . FORUM_TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id)->fetch();
+$posts_count = $db->query("SELECT COUNT(`" . FORUM_TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".$thread_id)->fetch();
 for($i = 0; $i < $posts_count['posts_count'] / setting('core.forum_threads_per_page'); $i++) {
 	if($i != $_page)
 		$links_to_pages .= '<a href="' . getForumThreadLink($thread_id, $i) . '">'.($i + 1).'</a> ';
@@ -46,7 +46,7 @@ for($i = 0; $i < $posts_count['posts_count'] / setting('core.forum_threads_per_p
 $posts = $db->query("SELECT `players`.`id` as `player_id`, `" . FORUM_TABLE_PREFIX . "forum`.`id`,`" . FORUM_TABLE_PREFIX . "forum`.`first_post`, `" . FORUM_TABLE_PREFIX . "forum`.`section`,`" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` AS `date`, `" . FORUM_TABLE_PREFIX . "forum`.`post_smile`, `" . FORUM_TABLE_PREFIX . "forum`.`post_html`, `" . FORUM_TABLE_PREFIX . "forum`.`author_aid`, `" . FORUM_TABLE_PREFIX . "forum`.`author_guid`, `" . FORUM_TABLE_PREFIX . "forum`.`last_edit_aid`, `" . FORUM_TABLE_PREFIX . "forum`.`edit_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".$thread_id." ORDER BY `" . FORUM_TABLE_PREFIX . "forum`.`post_date` LIMIT " . setting('core.forum_posts_per_page') . " OFFSET ".($_page * setting('core.forum_posts_per_page')))->fetchAll();
 if(isset($posts[0]['player_id'])) {
-	$db->query("UPDATE `" . FORUM_TABLE_PREFIX . "forum` SET `views`=`views`+1 WHERE `id` = ".(int) $thread_id);
+	$db->query("UPDATE `" . FORUM_TABLE_PREFIX . "forum` SET `views`=`views`+1 WHERE `id` = " . $thread_id);
 }
 $lookaddons = $db->hasColumn('players', 'lookaddons');
--- a/system/pages/guilds/accept_invite.php
+++ b/system/pages/guilds/accept_invite.php
@@ -12,11 +12,11 @@ defined('MYAAC') or die('Direct access not allowed!');
 require __DIR__ . '/base.php';
-//set rights in guild
+// set rights in guild
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
 if(!$logged) {
-	$errors[] = 'You are not logged in. You can\'t accept invitations.';
+	$errors[] = "You are not logged in. You can't accept invitations.";
 }
 if(!Validator::guildName($guild_name)) {
@@ -27,11 +27,11 @@ if(empty($errors)) {
 	$guild = new OTS_Guild();
 	$guild->find($guild_name);
 	if(!$guild->isLoaded()) {
-		$errors[] = 'Guild with name <b>'.$guild_name.'</b> doesn\'t exist.';
+		$errors[] = "Guild with name <b>$guild_name</b> doesn't exist.";
 	}
 }
-if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 	if(!Validator::characterName($name)) {
 		$errors[] = 'Invalid name format.';
 	}
@@ -51,7 +51,7 @@ if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
 	}
 }
-if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 	if(empty($errors)) {
 		$is_invited = false;
 		include(SYSTEM . 'libs/pot/InvitesDriver.php');
@@ -104,7 +104,7 @@ if(!empty($errors)) {
 	));
 }
 else {
-	if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+	if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 		$guild->acceptInvite($player);
 		$twig->display('success.html.twig', array(
 			'title' => 'Accept invitation',
--- a/system/pages/guilds/add_rank.php
+++ b/system/pages/guilds/add_rank.php
@@ -13,7 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 require __DIR__ . '/base.php';
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
-$rank_name = isset($_REQUEST['rank_name']) ? $_REQUEST['rank_name'] : null;
+$rank_name = $_POST['rank_name'] ?? null;
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
@@ -35,7 +35,7 @@ if(empty($errors)) {
 		$rank_list = $guild->getGuildRanksList();
 		$rank_list->orderBy('level', POT::ORDER_DESC);
 		$guild_leader = false;
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 		foreach($account_players as $player) {
 			if($guild_leader_char->getId() == $player->getId()) {
 				$guild_vice = true;
--- a/system/pages/guilds/base.php
+++ b/system/pages/guilds/base.php
@@ -15,3 +15,5 @@ else
 	define('GUILD_MEMBERS_TABLE', 'guild_membership');
 define('MOTD_EXISTS', $db->hasColumn('guilds', 'motd'));
 csrfProtect();
--- a/system/pages/guilds/change_description.php
+++ b/system/pages/guilds/change_description.php
@@ -31,7 +31,7 @@ if(empty($errors)) {
 		$rank_list = $guild->getGuildRanksList();
 		$rank_list->orderBy('level', POT::ORDER_DESC);
 		$guild_leader = false;
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 		foreach($account_players as $player) {
 			if($guild->getOwner()->getId() == $player->getId()) {
 				$guild_vice = true;
@@ -42,8 +42,8 @@ if(empty($errors)) {
 		$saved = false;
 		if($guild_leader) {
-			if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+			if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
-				$description = htmlspecialchars(stripslashes(substr(trim($_REQUEST['description']),0, setting('core.guild_description_chars_limit'))));
+				$description = htmlspecialchars(stripslashes(substr(trim($_POST['description']),0, setting('core.guild_description_chars_limit'))));
 				$guild->setCustomField('description', $description);
 				$saved = true;
 			}
--- a/system/pages/guilds/change_logo.php
+++ b/system/pages/guilds/change_logo.php
@@ -30,7 +30,7 @@ if(empty($errors)) {
 	if($logged) {
 		$guild_leader_char = $guild->getOwner();
 		$guild_leader = false;
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 		foreach($account_players as $player) {
 			if($guild_leader_char->getId() == $player->getId()) {
@@ -40,14 +40,13 @@ if(empty($errors)) {
 			}
 		}
-		if($guild_leader)
+		if($guild_leader) {
 		{
 			$max_image_size_b = setting('core.guild_image_size_kb') * 1024;
 			$allowed_ext = array('image/gif', 'image/jpg', 'image/pjpeg', 'image/jpeg', 'image/bmp', 'image/png', 'image/x-png');
 			$ext_name = array('image/gif' => 'gif', 'image/jpg' => 'jpg', 'image/jpeg' => 'jpg', 'image/pjpeg' => 'jpg', 'image/bmp' => 'bmp', 'image/png' => 'png', 'image/x-png' => 'png');
 			$save_file_name = str_replace(' ', '_', strtolower($guild->getName()));
 			$save_path = GUILD_IMAGES_DIR . $save_file_name;
-			if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save')
+			if(isset($_POST['todo']) && $_POST['todo'] == 'save')
 			{
 				$file = $_FILES['newlogo'];
 				if(is_uploaded_file($file['tmp_name']))
@@ -97,13 +96,13 @@ if(empty($errors)) {
 			$guild_logo = $guild->getCustomField('logo_name');
 			if(empty($guild_logo) || !file_exists(GUILD_IMAGES_DIR . $guild_logo)) {
-				$guild_logo = "default.gif";
+				$guild_logo = 'default.gif';
 			}
 			$twig->display('guilds.change_logo.html.twig', array(
 				'guild_logo' => $guild_logo,
 				'guild' => $guild,
-				'max_image_size_b' => $max_image_size_b
+				//'max_image_size_b' => $max_image_size_b
 			));
 		}
--- a/system/pages/guilds/change_motd.php
+++ b/system/pages/guilds/change_motd.php
@@ -34,7 +34,7 @@ if(empty($errors)) {
 		$rank_list = $guild->getGuildRanksList();
 		$rank_list->orderBy('level', POT::ORDER_DESC);
 		$guild_leader = false;
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 		foreach($account_players as $player) {
 			if($guild->getOwner()->getId() == $player->getId()) {
 				$guild_vice = true;
@@ -45,8 +45,8 @@ if(empty($errors)) {
 		$saved = false;
 		if($guild_leader) {
-			if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+			if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
-				$motd = htmlspecialchars(stripslashes(substr($_REQUEST['motd'],0, setting('core.guild_motd_chars_limit'))));
+				$motd = htmlspecialchars(stripslashes(substr($_POST['motd'],0, setting('core.guild_motd_chars_limit'))));
 				$guild->setCustomField('motd', $motd);
 				$saved = true;
 			}
--- a/system/pages/guilds/change_nick.php
+++ b/system/pages/guilds/change_nick.php
@@ -20,17 +20,15 @@ if(!$logged) {
 }
 $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
-$new_nick = isset($_REQUEST['nick']) ? stripslashes($_REQUEST['nick']) : null;
+$new_nick = isset($_POST['nick']) ? stripslashes($_POST['nick']) : null;
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 if(!$name) {
 	$errors[] = 'Please enter new name.';
 	return;
 }
 if(!$new_nick) {
 	$errors[] = 'Please enter new nick.';
 	return;
 }
 if(empty($errors))
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
slawkens	03c7dd0002	Merge branch 'main' into feature/2fa	2025-08-12 14:36:29 +02:00
slawkens	20f99903ae	Fix submenu initialization for missing elements Added a check in InitializeMenu to skip submenu items if their corresponding DOM element does not exist, preventing potential JavaScript errors.	2025-08-12 12:46:39 +02:00
slawkens	b6e1620f14	Fix #318 (online.php throws error in one scenario)	2025-08-07 21:17:25 +02:00
dependabot[bot]	9cb7792623	Bump tmp from 0.2.3 to 0.2.4 (#317 ) Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.3 to 0.2.4. - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](https://github.com/raszi/node-tmp/compare/v0.2.3...v0.2.4) --- updated-dependencies: - dependency-name: tmp dependency-version: 0.2.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-07 16:21:22 +02:00
dependabot[bot]	0db908be18	Bump form-data from 4.0.2 to 4.0.4 (#315 ) Bumps [form-data](https://github.com/form-data/form-data) from 4.0.2 to 4.0.4. - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](https://github.com/form-data/form-data/compare/v4.0.2...v4.0.4) --- updated-dependencies: - dependency-name: form-data dependency-version: 4.0.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-02 14:15:13 +02:00
slawkens	785d38312b	Start 1.8.1-dev	2025-08-02 12:41:35 +02:00
slawkens	e1c04ed28e	Release v1.8	2025-08-02 12:28:13 +02:00
slawkens	c836308601	pages/online: add cache, resulting in 20x performance boost (for an example server with 2k players)	2025-07-31 13:28:46 +02:00
slawkens	0efe47ce71	Twig: add cache variable	2025-07-31 13:15:06 +02:00
slawkens	3b47e9df2f	Cache::remember: $ttl = 0 means no cache	2025-07-31 13:02:55 +02:00
slawkens	43415cf35d	Add missing $fillable into PlayerOnline model	2025-07-31 12:32:18 +02:00
slawkens	cf7fd20452	Mailer: send only to verified accounts (option)	2025-07-31 09:19:49 +02:00
slawkens	080cc2781f	Fix mailer: send to email link from accounts page	2025-07-31 07:31:15 +02:00
slawkens	20d69a641c	Fix exception if setting not found	2025-07-24 23:30:28 +02:00
slawkens	2d4be327b2	Fix if highscores show outfit disabled	2025-07-24 23:07:49 +02:00
slawkens	bb097b69ce	Update settings.php	2025-07-22 22:06:32 +02:00
slawkens	6e5a4ff8c7	Fix if setting found in db, but not found in plugins	2025-07-22 21:49:05 +02:00
slawkens	caf326a658	Refactor to use HAS_ACCOUNT_COINS $db->hasColumn('accounts', 'coins') -> HAS_ACCOUNT_COINS	2025-07-22 21:44:09 +02:00
slawkens	bccf8e056d	Rewrite to use constants (account transferable coins)	2025-07-22 21:33:45 +02:00
slawkens	7d27e5a0ba	New setting: Default Account Transferable Coins	2025-07-22 21:32:51 +02:00
slawkens	9b6f410459	Update phpstan.neon	2025-07-22 19:11:42 +02:00
slawkens	c06b0017f1	Update phpstan.neon	2025-07-22 19:07:58 +02:00
slawkens	d8132d4d76	Highscores revamp a bit * Show real rank, if 2 or more players have the same skill, show them with same rank * New setting: highscores_online_status * Additional fields passed to twig: updatedAt, totalResults, page, baseLink	2025-07-22 18:18:29 +02:00
slawkens	1566deb84a	Add getExperienceForLevel (level)	2025-07-19 15:46:51 +02:00
slawkens	536b29be95	That is duplicated	2025-07-19 15:11:09 +02:00
slawkens	5271633bdb	Account -> isPremium -> ignore config.freePremium	2025-07-19 15:00:17 +02:00
slawkens	ce5b1cf2a6	Update CacheClearCommand.php	2025-07-19 11:16:55 +02:00
slawkens	83f84172e0	Add warning about APCu clear in CLI Adds a warning message if attempting to clear APCu cache from the CLI, as this is not supported. Users are advised to use the Admin Panel for clearing APCu cache outside of development environments.	2025-07-19 11:16:03 +02:00
slawkens	34fead906e	Allow for timestamp as integer in the timeago twig function	2025-07-19 10:05:25 +02:00
slawkens	ec11c14024	kathrine: possibility to add custom menu categories	2025-07-19 07:48:01 +02:00
slawkens	2fe9924437	Start 1.7.2-dev	2025-07-08 19:20:45 +02:00
slawkens	f0f2e3785f	Fix phpstan	2025-07-08 15:44:45 +02:00
slawkens	36ca755243	New setting: Display Skills Box on highscores Better space management	2025-07-08 14:28:48 +02:00
slawkens	f17269e44c	Move admin bar code into body_start place_holder	2025-07-08 14:22:51 +02:00
slawkens	dcb96f4ce1	Refactor code - early exit	2025-07-08 13:48:33 +02:00
slawkens	a89f9a8484	Set $process_sections to true	2025-07-08 09:22:12 +02:00
slawkens	45d6047031	Add Coins Transferable to accounts editor	2025-07-05 14:22:58 +02:00
slawkens	e435062025	[WIP] 2fa	2025-07-05 08:20:58 +02:00
slawkens	ecc9bd4042	Merge branch 'main' into feature/2fa	2025-07-01 14:18:38 +02:00
slawkens	c92148d467	Revert delete clearRouteCache, is used somewhere else	2025-06-27 07:23:22 +02:00
slawkens	b4b62442fe	Release v1.7.1	2025-06-27 07:21:19 +02:00
slawkens	047742848b	Delete clearRouteCache, was useless Directory is cleaned already	2025-06-27 07:15:13 +02:00
slawkens	fe8281594e	Fix cache:clear command (missing init)	2025-06-27 07:13:33 +02:00
slawkens	0bff910a05	adjust command email:send + mail:send (alias)	2025-06-25 19:43:40 +02:00
slawkens	6d43fc181f	In case the script don't have install option, inform the user	2025-06-25 17:36:43 +02:00
slawkens	13d33822b5	Rename to plugin:setup, also add alias to previous command	2025-06-25 17:36:02 +02:00
slawkens	f78ebad136	Remove error number from 404 & 405 pages	2025-06-24 14:57:01 +02:00
slawkens	d90fa323d7	Fix polls link	2025-06-24 12:44:43 +02:00
slawkens	181131f7f3	Use __DIR__ instead of template path	2025-06-24 12:44:34 +02:00
slawkens	0da524fefe	Fix plugin install:install command	2025-06-23 00:21:41 +02:00
slawkens	797377e428	Replace TwoFactorAuth with self	2025-06-22 22:34:36 +02:00
slawkens	96b5df9d74	Merge branch 'main' into feature/2fa	2025-06-22 18:51:32 +02:00
slawkens	6cf4b9dac5	Fix xdebug warnings in load_config_lua	2025-06-22 18:51:20 +02:00
slawkens	b3dfc56c96	[WIP] Working 2fa email auth	2025-06-22 18:50:54 +02:00
slawkens	96d6e04bd2	Update 46-account_email_codes.sql	2025-06-22 13:19:29 +02:00
slawkens	9146eee327	Move	2025-06-22 11:55:34 +02:00
slawkens	3d97fa0719	Merge branch 'main' into feature/2fa	2025-06-22 11:45:21 +02:00
slawkens	5cfa3a697f	Start v1.7.1-dev	2025-06-22 11:25:45 +02:00
slawkens	bb830bce44	Release v1.7	2025-06-22 08:55:29 +02:00
slawkens	566c2a9151	Move out of $cache->enabled	2025-06-22 08:48:24 +02:00
slawkens	a66cafceab	2fa: first draft	2025-06-22 08:34:30 +02:00
slawkens	0f48f12e2e	Update admin.plugins.outdated.html.twig	2025-06-19 18:53:11 +02:00
Slawomir Boczek	0ea247ce7e	Feature/plugins versions check (#310 ) * Check plugins versions from plugins.my-aac.org/api * Improve plugin update check messaging Updated the success message when checking for plugin updates to clarify the source. Added an informational message when outdated plugins are found to improve user feedback. * Use configurable API URI for plugin updates Replaces hardcoded plugin API URI with a configurable value from config, defaulting to the official API. Also fixes a typo in the success message.	2025-06-19 16:46:22 +02:00
slawkens	b329da52aa	Use apcu_clear_cache	2025-06-17 17:52:23 +02:00
slawkens	c720ccc451	Add missing csrf()	2025-06-15 19:35:12 +02:00
slawkens	8dc42b6544	Nothing important: just formatting	2025-06-15 19:05:47 +02:00
slawkens	dca904e61d	Add missing csrf()	2025-06-15 19:05:19 +02:00
slawkens	29faa4f695	Add missing csrf() in success.html.twig	2025-06-15 19:03:03 +02:00
slawkens	4767120043	Update online.html.twig	2025-06-14 21:19:52 +02:00
slawkens	9a90e4aae2	Revamped online page	2025-06-14 21:12:47 +02:00
slawkens	ba4ed6a04b	Add LabelV120, LabelV150, LabelV200	2025-06-14 20:52:38 +02:00
slawkens	a7efacdbac	Delete online.form, use revamped characters.form	2025-06-14 20:50:54 +02:00
Goosey	577037becc	fix: boostedcreatures for 13.40 (#307 ) * boostedcreatures fix for 13.40 Fixes the boosted boss/creature display on the login page for 13.40 running the default cipsoft client. * Adjust version --------- Co-authored-by: slawkens <slawkens@gmail.com>	2025-06-14 15:58:08 +02:00
slawkens	b8abc11b96	Update list.php	2025-06-14 11:33:47 +02:00
slawkens	4def6a6cae	Style	2025-06-14 10:39:45 +02:00
slawkens	e6100a1b72	New hook: HOOK_GUILDS_AFTER_MANAGE_BUTTON	2025-06-14 10:36:38 +02:00
slawkens	522f6c11d8	Add OTS_Player->isNameLocked()	2025-06-14 08:26:43 +02:00
slawkens	00c3635c5f	Add $config['site']['serverPath'] for better compatibility with Gesior	2025-06-14 00:59:10 +02:00
slawkens	c074a48f24	New hook: HOOK_ACCOUNT_MANAGE_AFTER_CHARACTERS	2025-06-14 00:44:00 +02:00
slawkens	e222957893	OTS_Toolbox::getVocationName($id, $promotion);	2025-06-13 22:25:36 +02:00
slawkens	d423ddd07a	Nothing important: convert to tabs	2025-06-13 22:14:20 +02:00
slawkens	4d4f7759d3	Update visitors.php	2025-06-13 21:31:04 +02:00
slawkens	9510640ba9	Ignore empty values	2025-06-13 21:25:13 +02:00
slawkens	98b13c91a4	Update notice about how to enable Visitors Counter	2025-06-13 21:24:52 +02:00
slawkens	0c95bcfd06	Better $title inventing	2025-06-13 21:03:09 +02:00
slawkens	524e982a0e	Release v1.6.1	2025-06-11 05:51:39 +02:00
slawkens	fffb427eae	Update account.generate_recovery_key.html.twig	2025-06-09 21:18:45 +02:00
slawkens	10cd71a663	Add missing csrf() into account manage actions	2025-06-09 21:18:42 +02:00
slawkens	0812fe025d	Update settings_save.php	2025-06-09 21:14:44 +02:00
slawkens	309c1fb715	Remove deprecated TinyMCE plugin - template	2025-06-09 14:24:36 +02:00
slawkens	8d29fdb98b	Set TinyMCE license key to gpl (Avoid warning message in browser console)	2025-06-09 14:24:22 +02:00
slawkens	f782850307	Move counter & visitors code before router In case someone wants to include that info on page	2025-06-06 22:10:13 +02:00
slawkens	835dda9659	Remove duplicated code - account redirect, already in account/manage	2025-06-05 19:08:53 +02:00
slawkens	dcc703b1eb	Remove optional param, make it required for few routes	2025-06-05 18:11:44 +02:00
slawkens	9d8e9d27bd	Ignore duplicated route exception	2025-06-05 18:11:31 +02:00
slawkens	db09980de1	Start v1.6.1-dev	2025-06-03 22:57:33 +02:00
slawkens	2dba778167	Update example.json	2025-06-03 18:38:02 +02:00
slawkens	ce2af2bb7a	Update CHANGELOG-1.x.md	2025-06-03 17:33:17 +02:00
slawkens	dc839abfbb	Release v1.6	2025-06-03 16:59:55 +02:00
slawkens	01d49692ed	Update CHANGELOG-1.x.md	2025-06-03 16:59:20 +02:00
slawkens	de6603a513	Allow [] in character name (again), example: [God] Test	2025-06-03 16:49:45 +02:00
slawkens	dd731fd49b	Revert previous commit partially	2025-06-03 16:43:43 +02:00
slawkens	064b929841	Allow [] in character name (for :string)	2025-06-03 16:39:02 +02:00
slawkens	c61747dc75	Update coins.html.twig	2025-06-03 10:17:08 +02:00
slawkens	207d6bc691	feat: AutoLoad plugins init.php, by default disabled	2025-06-03 08:52:33 +02:00
slawkens	8fdea94376	Add globals into $hooks->executeFIlter	2025-06-03 08:39:48 +02:00
slawkens	c961a1ebf8	Two new hooks for pages loaded from database (custom pages) HOOK_BEFORE_PAGE_CUSTOM, HOOK_AFTER_PAGE_CUSTOM	2025-06-03 06:21:44 +02:00
slawkens	770ffcfc52	Fix warnings in CLI (part 2)	2025-05-29 16:10:46 +02:00
slawkens	756d94bb3e	Fix warning from CLI	2025-05-29 16:08:23 +02:00
slawkens	6e0f591383	Do not allow access to tools/ folder after install	2025-05-29 12:22:16 +02:00
slawkens	fb91281140	Fix phpstan workflow	2025-05-29 09:35:20 +02:00
slawkens	d8a6090be3	Add new setting/configurable: site_url, prevents domain spoofing	2025-05-29 09:27:29 +02:00
slawkens	52109f5cca	Another solution	2025-05-28 14:13:04 +02:00
slawkens	4b7b121550	Try fix workflow	2025-05-28 14:08:50 +02:00
slawkens	28886551e8	feat: Add new account coins setting	2025-05-28 13:33:36 +02:00
slawkens	7d435ff643	Add getNPCsCount	2025-05-24 11:54:00 +02:00
slawkens	ae847ff9a6	Nothing important: tabs	2025-05-24 11:51:06 +02:00
slawkens	45ef390829	Nothing important	2025-05-24 11:42:59 +02:00
slawkens	84d502bf10	Fixes regarding csrf + refactor some parts of AAC (guilds + forum) Replace $account_logged->getPlayers() with getPlayersList() $_REQUEST['todo'] -> $_REQUEST['post'] $guild_errors -> $errors	2025-05-24 11:42:42 +02:00
slawkens	e776bd52be	Forum boards admin links: csrf + refactor	2025-05-24 11:28:56 +02:00
slawkens	6e793390c6	Remove unneeded enctype="multipart/form-data"	2025-05-24 11:20:36 +02:00
slawkens	6eda38603c	Protect against csrf in more places (accounts & guilds pages)	2025-05-24 09:52:56 +02:00
slawkens	72cdd290da	Fix link to Contributing	2025-05-23 17:38:14 +02:00
slawkens	40d65a6613	OTS_ServerInfo -> set timeout out of class Possibility to use the class without MyAAC	2025-05-23 16:11:57 +02:00
slawkens	43153b2b0c	Nothing important: tabs	2025-05-23 16:08:02 +02:00
slawkens	2ea549002a	Nothing important: tabs	2025-05-23 15:58:23 +02:00
slawkens	4a30fb495d	Fix CHANGELOG-1.x.md loading	2025-05-23 09:13:20 +02:00
slawkens	4d8f5f31ae	Update Plugins.php	2025-05-23 09:04:48 +02:00
slawkens	be7b27c31a	Fix links not working in admin dashboard modules	2025-05-23 09:04:45 +02:00
slawkens	7d213f479a	feat: autoload install.php	2025-05-23 08:50:38 +02:00
slawkens	e574943707	feat: autoload settings.php	2025-05-23 08:39:09 +02:00
slawkens	1e9b10d648	Fix twig variables: logged + account_logged being not set directly after login	2025-05-15 19:11:20 +02:00
slawkens	7c92d1c197	Start v1.5.1-dev	2025-05-14 15:11:20 +02:00
slawkens	3111d66df9	Fix install, where $twig is not present in tools	2025-05-14 14:09:28 +02:00
slawkens	e45dd88a93	Release v1.5	2025-05-14 14:03:03 +02:00
slawkens	5ed1aec28e	Add db variable to twig	2025-05-14 13:37:23 +02:00
slawkens	7e4d28c648	Fix more php 8.4 warnings	2025-05-14 13:23:34 +02:00
slawkens	3b2669fb3b	Update tables.headline.html.twig	2025-05-14 13:23:25 +02:00
slawkens	6fe3bff163	Update 45.php	2025-05-14 10:56:12 +02:00
slawkens	ae5be41e11	Separate migration 44 with 45	2025-05-14 10:52:06 +02:00
slawkens	83a6f4b61d	Add php 8.4 to phpstan	2025-05-14 10:42:18 +02:00
slawkens	ee360386d8	Addition to previous commit	2025-05-14 10:39:11 +02:00
slawkens	bf06bed385	Update schema.sql	2025-05-14 10:22:42 +02:00
slawkens	3949d84e5d	Rename server-info -> ots-info, changelog -> change-log + move rules to admin panel Due to conflict with apache2 server-info mod	2025-05-14 10:22:25 +02:00
slawkens	a161cff003	Add note about highscores being updated x minutes + allow ttl 0 to disable	2025-05-14 10:00:27 +02:00
slawkens	3befde2a1e	Do not return -1 in case of freePremium, makes things harder	2025-05-14 09:18:55 +02:00
slawkens	5367df2381	Add latest client versions (14.00 - 15.01)	2025-05-13 16:29:40 +02:00
slawkens	c48b800631	Fix login.php boosted creature & boss (not sure exact version, but should be 14.12 or around) Thanks @opentibiabr team	2025-05-13 16:29:19 +02:00
slawkens	ef6549c17c	nothing important: tabs & spaces	2025-05-13 15:20:25 +02:00
slawkens	629fd18ea1	Update cypress version to ^14.3.3	2025-05-12 17:36:50 +02:00
slawkens	da15105118	Fix typo, @gpedro I hate you! :PPP	2025-05-12 17:36:34 +02:00
slawkens	4ca58b4178	Fix PHP 8.4 deprecation warnings "Implicitly marking parameter $var as nullable is deprecated, the explicit nullable type must be used instead"	2025-05-09 13:45:46 +02:00
slawkens	03e2752139	Use optionally separate folder for views (thanks @Scrollog for idea)	2025-05-09 13:38:48 +02:00
slawkens	2fece725a4	Improve cypress workflow: add php 8.4 + ignore upload warnings	2025-05-09 13:23:04 +02:00
slawkens	c24c580796	Fix installMenus when theme/template was removed from disc	2025-05-09 13:09:44 +02:00
slawkens	620a47da72	Update Hooks.php	2025-05-08 20:05:27 +02:00
slawkens	9b75011224	New filter: HOOK_FILTER_ROUTES	2025-05-08 20:05:18 +02:00
slawkens	5b4b7b8a97	triggerFilter -> pass by reference (faster x5)	2025-05-08 20:05:08 +02:00
Slawomir Boczek	99997eb57d	Feature/twig hooks filters (#258 ) * feat: Hooks filters * Cleanup	2025-05-08 20:04:54 +02:00
slawkens	73a5829974	Better monster images (no image not found anymore) + use cache	2025-05-05 21:21:54 +02:00
slawkens	497338c2d6	Update robots.txt	2025-05-04 17:20:23 +02:00
slawkens	beb348fe27	testing something	2025-05-04 17:20:12 +02:00
slawkens	5b1bd4f005	Update robots.txt	2025-05-04 17:00:22 +02:00
slawkens	f09606d01b	Just testing something	2025-05-04 16:54:49 +02:00
slawkens	67ab425bb9	Add float & double types to the Settings	2025-05-04 09:14:30 +02:00
slawkens	113473f256	Add optional param _page_only for single-page apps etc.	2025-05-03 22:04:08 +02:00
slawkens	d6ac4e8d85	Update index.php	2025-05-03 21:04:13 +02:00
Slawomir Boczek	6845869838	Hoping for a better appear in search engines..	2025-04-27 17:50:57 +02:00
slawkens	0fbd4bf1be	nginx: block additionally *.sql	2025-04-24 13:44:38 +02:00
slawkens	1e45d5c393	Optimize .htaccess FilesMatch: Block access to *.md/json/dist/sql	2025-04-24 13:43:50 +02:00
slawkens	dbea69f314	Fix if user removes the menu category	2025-04-23 20:41:50 +02:00
slawkens	4e6aa0f262	Fix boostedCreature fetch on login.php	2025-04-23 18:05:14 +02:00
slawkens	fa1f927082	Update login.php	2025-04-23 18:04:54 +02:00
slawkens	de0512f11a	Start v1.4.1-dev	2025-04-22 15:57:23 +02:00
slawkens	93c09b3380	Release v1.4	2025-04-22 13:42:55 +02:00
slawkens	d47195a787	Do not autoload sub-folders if autoload pages is disabled	2025-04-22 13:30:11 +02:00
slawkens	b618084d50	Fix headline.php: change image format to .png cause of black background	2025-04-21 23:43:57 +02:00
slawkens	d0d0af289d	Refactor code + use clearCache() instead	2025-04-20 21:32:46 +02:00
slawkens	1d0c173e7d	Clear cache on plugin enable/disable, fixes some issues with plugin pages	2025-04-20 21:30:59 +02:00
slawkens	4e7c894cf2	Nothing..	2025-04-20 21:29:37 +02:00
slawkens	b71555d60d	Update router.php	2025-04-20 21:29:22 +02:00
slawkens	c2bf94fb23	Fix: display 404 error instead of 500 when page has been removed from filesystem	2025-04-20 20:40:10 +02:00
João	8cf3409077	SQL Syntax Standardization (#298 ) * Update schema.sql * Update schema.sql	2025-04-18 23:17:35 +02:00
slawkens	e0043b1300	Fix warning	2025-04-18 20:44:11 +02:00
slawkens	86cb5821f6	README.md corrections * Add links to docs & faq * add info about 2.x dev version * fix some grammar typos	2025-04-18 19:42:33 +02:00
slawkens	82a533d88c	Add $db->hasTableAndColumns($table, $columns), credits to @opentibiabr Team	2025-04-18 18:12:56 +02:00
slawkens	ceaa0639e6	feat: admin-pages (can add admin pages through plugins) Also possibility to overwrite default myaac admin pages	2025-04-18 13:57:53 +02:00
slawkens	6844f4392a	Change logout button color	2025-04-06 23:46:52 +02:00
slawkens	6d8f4718a1	pages in theme folder have precedence over normal pages	2025-04-06 22:37:36 +02:00
slawkens	f40b986b59	Small changes in account.login.html.twig * change inputs width to 100% * fix form closing * formatting	2025-04-06 17:00:59 +02:00
slawkens	190697ce98	Update config.php	2025-04-06 16:43:30 +02:00
slawkens	64f6d3abca	Add noSubmit option to buttons.base	2025-04-06 16:43:19 +02:00
slawkens	e6f05a2731	Plugin name is required, version is optional	2025-04-06 16:41:28 +02:00
slawkens	6a0356aa0f	Update version	2025-04-04 21:31:17 +02:00
slawkens	50d649dbde	Release v1.3.3	2025-04-04 21:25:19 +02:00
slawkens	6c568fd36a	Fix uninstall plugin when plugin is disabled	2025-04-04 21:08:49 +02:00
slawkens	fa6b6aa153	Display more info when error parsing config.lua value	2025-04-04 20:07:42 +02:00
slawkens	ae639d65b0	PHP 8 things	2025-04-03 20:39:27 +02:00
slawkens	35e2483de8	Change root folder to /var/www/html, like in default config	2025-04-02 19:48:23 +02:00
slawkens	bbf923e1a6	Update common.php	2025-04-01 07:56:29 +02:00
slawkens	211b6ea698	Update CHANGELOG-1.x.md	2025-04-01 07:37:43 +02:00
slawkens	6d156ae080	Update CHANGELOG-1.x.md	2025-04-01 07:29:43 +02:00
slawkens	a5b3940e59	Prepare to release 1.3.2	2025-04-01 07:28:36 +02:00
slawkens	dbf73d0b61	Show/hide IP Ban Protection options depending on the value (enabled/disabled)	2025-03-31 20:38:42 +02:00
slawkens	65696f63e3	Fix debugbar/admin panel menu when using custom base_dir	2025-03-31 18:13:45 +02:00
slawkens	6341093578	Update version	2025-03-30 07:10:16 +02:00
slawkens	d25c71857f	Do not require init.php in cache:clear command	2025-03-30 07:10:05 +02:00
slawkens	7dcb5c4a1f	Update version to 1.x-dev	2025-03-26 22:02:56 +01:00
slawkens	ff1723b756	Release v1.3.1	2025-03-19 20:37:44 +01:00
slawkens	1a5771ad51	Fix migrate:run command	2025-03-16 20:33:53 +01:00
slawkens	6fac883659	Replace links with from accountmanagement to account/manage	2025-03-16 12:39:07 +01:00
slawkens	4a6896b446	getPremDays: returns -1 if freePremium	2025-03-15 22:48:59 +01:00
 ,
 ,
 ,
+,
+,
+,
+,
+,
+,
+,
 ];