Merge branch 'main' into feature/refactor-account-lost

First attempt (#331 )
2025-10-31 07:56:23 +01:00 · 2025-09-28 19:15:34 +02:00 · 2025-09-28 19:14:24 +02:00 · 2025-09-28 19:00:51 +02:00 · 2025-09-28 16:21:31 +02:00 · 2025-09-28 16:10:58 +02:00
232 changed files with 5947 additions and 3620 deletions
--- a/.github/workflows/cypress.yml
+++ b/.github/workflows/cypress.yml
@@ -22,7 +22,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        php-versions: [ '8.1', '8.2', '8.3' ]
+        php-versions: [ '8.1', '8.2', '8.3', '8.4' ]
        ots: ['tfs-1.4', 'canary-3.1.2'] # TODO: add 'tfs-master' (actually doesn't work cause AAC doesn't support reading .env configuration)
    name: Cypress (PHP ${{ matrix.php-versions }}, ${{ matrix.ots }})
    steps:
@@ -146,6 +146,7 @@ jobs:
          with:
            name: cypress-screenshots-${{ matrix.php-versions }}-${{ matrix.ots }}
            path: cypress/screenshots
            if-no-files-found: ignore
        - name: Upload Cypress Videos
          uses: actions/upload-artifact@v4
@@ -153,6 +154,7 @@ jobs:
          with:
            name: cypress-videos-${{ matrix.php-versions }}-${{ matrix.ots }}
            path: cypress/videos
            if-no-files-found: ignore
        - name: Upload PHP Logs
          uses: actions/upload-artifact@v4
--- a/.github/workflows/phpstan.yml
+++ b/.github/workflows/phpstan.yml
@@ -14,7 +14,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        php-versions: [ '8.1', '8.2', '8.3' ]
+        php-versions: [ '8.1', '8.2', '8.3', '8.4' ]
    steps:
      - name: "Checkout"
        uses: "actions/checkout@v4"
--- a/.htaccess.dist
+++ b/.htaccess.dist
@@ -6,7 +6,7 @@
 	Options -MultiViews
 </IfModule>
-<FilesMatch "^(CHANGELOG\.md|README\.md|composer\.json|composer\.lock|package\.json|package-lock\.json|cypress\.env\.json)$">
+<FilesMatch "^(.*\.md|.*\.json|.*\.dist|.*\.sql|CHANGELOG|README|composer\.lock)$">
 	Require all denied
 </FilesMatch>
--- a/CHANGELOG-1.x.md
+++ b/CHANGELOG-1.x.md
@@ -0,0 +1,421 @@
 # Changelog
 ## [1.8.2 - 26.09.2025]
 ### Added
 * Routes: Possibility to override routes with plugins pages, like characters.php - No need to define routes in plugin.json anymore (https://github.com/slawkens/myaac/commit/3f24f961b1cdeff5c60387e837ae454448bc5e1b)
 ### Changed
 * Style: Better look for myaac-table (https://github.com/slawkens/myaac/commit/a6032093b21e5bb3f0e75d2704da87d6dea6469d, https://github.com/slawkens/myaac/commit/5aa9bbf1c8e580d973ec82ac012489f8e7bc437e)
 ### Fixed
 * Install: Fix when config.local.php cannot be saved (https://github.com/slawkens/myaac/commit/4eab805d26d8c5562b29ed699769919d77dabced)
 * Create Account: Fix an exception when email cannot be sent (https://github.com/slawkens/myaac/commit/d0112d1a67e8b854b65ad131f0375b79305df8d3)
 * Login Page: Add missing csrf() - fix create account button (https://github.com/slawkens/myaac/commit/3c0cb53e17dd0b85394cfa0fdc9cf9ad8d4551df)
 * tibiacom template: Fix account lost menu (https://github.com/slawkens/myaac/commit/ed9beaf2b6ca069e304e569c52e5b9188b58f05c)
 * tibiacom template: Fix Menu div wrong tag/closing (#329) (https://github.com/slawkens/myaac/commit/85e7005fd3f0be51466151a3c122b96085fdfe68)
 * tibiacom template: Replace firstChild with firstElementChild (Thanks to @un000000) (https://github.com/slawkens/myaac/commit/df7b6e29fb8875da97f431468c81ee99116271d9)
 ## [1.8.1 - 05.09.2025]
 ### Added
 * New Commands: plugin:enable/disable/uninstall {plugin-name} (https://github.com/slawkens/myaac/commit/7a08f91d3fc0897c1ff76089ef3c649a2c6d2003, https://github.com/slawkens/myaac/commit/fec773ba4b740f35c0a3ef92ca8444a4c7d02082)
 * Gifts: Added Transferable Coins to the store dropdown menu in the admin area (by @andreoam, #321) (https://github.com/slawkens/myaac/commit/42671c5c199dd9e91c774d8c9d30da9e12f1b695)
 ### Changed
 * Commands: Allow settings to be changed/reset by plugin name (https://github.com/slawkens/myaac/commit/f8c4332e03e838d285ea0afb4b72b7c23e324d45, https://github.com/slawkens/myaac/commit/4b948e9510f7ba69d00f84d7fdaea8b3bf05b630)
 * Templates: Menus should be saved for each template separately (https://github.com/slawkens/myaac/commit/482f4067b2a2e7513d9ba214274a361ffaf123d8)
 ### Fixed
 * Online: Fix skulls display (#320) (https://github.com/slawkens/myaac/commit/98073a110ae13f9592ec9d2c4d1d1aace87587a9)
 * Online: Fix if there is no world_id in the server_record table (https://github.com/slawkens/myaac/commit/b6e1620f14c20eecfc9001a7d86dfb67942985c6) (Reported by @gesior in #318)
 * tibiacom: some fixes to menus (https://github.com/slawkens/myaac/commit/20f99903ae80c74ad66c1cf5a5ea8d0b0fc2fd70, https://github.com/slawkens/myaac/commit/11dae90fa94fbbf47447017db5e5847c33d6aadf)
 * Guilds: Fix for some servers that don't have guild_invites table (https://github.com/slawkens/myaac/commit/9725a3c2bdb7003f5cb48febb77604c31a9b805b)
 ## [1.8 - 02.08.2025]
 ### Added
 * Templates - Kathrine: Possibility to add custom menu categories (https://github.com/slawkens/myaac/commit/ec11c1402417c25980582467546d1c1e9bb8267f)
 * Admin Panel - Accounts Editor: Add Coins Transferable (https://github.com/slawkens/myaac/commit/45d6047031c9c3a0e7e512dc5d15c75629aec5a2, https://github.com/slawkens/myaac/commit/bb097b69ce106500a49686d6f4fe604348eaa310)
 * Highscores:
  * Revamped: (https://github.com/slawkens/myaac/commit/d8132d4d76e03d5aa0c042be426320655a601392)
    * Show real rank, if 2 or more players have the same skill, show them with same rank
    * New setting: highscores_online_status
    * Additional fields passed to twig: updatedAt, totalResults, page, baseLink
  * Add new Setting: Display Skills Box (https://github.com/slawkens/myaac/commit/36ca755243ef1c83f6ac87465b426d4d8d3b0bb9)
 * Functions: Add getExperienceForLevel (level) (https://github.com/slawkens/myaac/commit/1566deb84a082176b8c683fda205d828bc38fbcc)
 * Commands - cache:clear : Add warning about APCu clear in CLI (https://github.com/slawkens/myaac/commit/83f84172e02e8ea2ccb6dca29bc033e44c35aebc)
 * Models - PlayerOnline: Add missing $fillable into model (https://github.com/slawkens/myaac/commit/43415cf35db1c1307f2684c1728693d65065ffff)
 * Twig: add cache variable (https://github.com/slawkens/myaac/commit/0efe47ce71c4b364a9e96bc5a55b1655326ae6da)
 ### Changed
 * pages/online: add cache, resulting in 20x performance boost
  * (for an example server with 2k players) (https://github.com/slawkens/myaac/commit/c8363086015cbb6e8786c398c7b9ac3959a26ec4)
 * Admin Bar: Move admin bar code into body_start place_holder (https://github.com/slawkens/myaac/commit/f17269e44ce9dd38447bd2e2a8e1bdb065d4161f)
 * Cache::remember: $ttl = 0 means no cache (https://github.com/slawkens/myaac/commit/3b47e9df2f4051807c5ff87892f7fa3d348f9c55)
 * Templates: Load config.ini with $process_sections set to true (https://github.com/slawkens/myaac/commit/a89f9a84847630eb75b4890fdcc8b7a7bfa6b8ac)
 * Twig: Allow for timestamp as integer in the timeago twig function
  (https://github.com/slawkens/myaac/commit/34fead906ea13b9f09d7a3c41ed88109d34d386c)
 ### Fixed
 * Settings: Fixed two exceptions (https://github.com/slawkens/myaac/commit/6e5a4ff8c78ff5373aba091baa66cae029557643, https://github.com/slawkens/myaac/commit/20d69a641c0a933d14889a89da6d32f6a4bc6c7d)
 * Models\Account + OTS_Account -> isPremium -> ignore config.freePremium (https://github.com/slawkens/myaac/commit/5271633bdbfbbfed0b1d59c403093ce6fc2b7d20)
 * Admin Panel - Mailer:
  * Fix send to email link redirecting from accounts page (https://github.com/slawkens/myaac/commit/080cc2781f034c844af658229e495e9a47fd2298)
  * Option to send only to verified accounts - only if setting('core.account_mail_verify') enabled (https://github.com/slawkens/myaac/commit/cf7fd20452e863980045bb5d6012ec86c6e8e01f)
 ### Internal
 * Rewrite to use constants (account transferable coins) (https://github.com/slawkens/myaac/commit/bccf8e056df985bbe1bab5f7ab5492f714d6b62b)
 * Refactor to use HAS_ACCOUNT_COINS (https://github.com/slawkens/myaac/commit/caf326a6584a234775ebc6c8000ea02b3fecd160)
 ## [1.7.1 - 27.06.2025]
 ### Changed
 * Rename plugin:install:install to plugin:setup, also add alias to previous command (https://github.com/slawkens/myaac/commit/13d33822b59df349199e885a78a3d6beb0863d0b)
 ### Fixed
 * Fix commands: setup + cache:clear (https://github.com/slawkens/myaac/commit/0da524fefe93b3028392e9014550eea3324d3a22, https://github.com/slawkens/myaac/commit/fe8281594e989f00280ba1adc734a9198c6b5cc1)
 * Fix polls link in tibiacom template (https://github.com/slawkens/myaac/commit/d90fa323d7c77d81768df60feeb1c374b1650a0c)
 ## [1.7 - 22.06.2025]
 ### Added
 * Feature: plugins versions check (#310)
 * New hooks: HOOK_ACCOUNT_MANAGE_AFTER_CHARACTERS, HOOK_GUILDS_AFTER_MANAGE_BUTTON (https://github.com/slawkens/myaac/commit/c074a48f245df55646b6705737f667b6a84149b2, https://github.com/slawkens/myaac/commit/e6100a1b72de8695bba1dae9ba4e28bfdce47b10)
 * Add OTS_Toolbox::getVocationName(id, promotion) + OTS_Player->isNameLocked() (https://github.com/slawkens/myaac/commit/e222957893c4a1de0dc8dbba55bce1a43418d275, https://github.com/slawkens/myaac/commit/522f6c11d835afd36fd07a07074d96d7e219b488)
 * Add missing csrf in more places, causing white page with error about Request (https://github.com/slawkens/myaac/commit/dca904e61d21d856bf809070e7652803a2df0f58, https://github.com/slawkens/myaac/commit/c720ccc451ff90ef40b2a1595468d061ffd7e1e4)
 ### Changed
 * Revamped online page (https://github.com/slawkens/myaac/commit/9a90e4aae280e607430511c6727d9a714b11f4c5, https://github.com/slawkens/myaac/commit/4767120043b09141870383e249f3729638d53dc2)
 * Better $title inventing (https://github.com/slawkens/myaac/commit/0c95bcfd06b68b21512e477646ef7bd3a0d4912b)
 ### Fixed
 * Use apcu cache clear (https://github.com/slawkens/myaac/commit/b329da52aae9d0e21120a6444d3caf442420ce50, https://github.com/slawkens/myaac/commit/566c2a9151ab6392286f74e26853faa19a1b4f24)
 * fix: boostedcreatures for 13.40 (by @GooseWithAKnife) (#307)
 ## [1.6.1 - 11.06.2025]
 ### Fixed
 * Fixed "Request has been cancelled due to security reasons", cause of missing csrf() in twig files (https://github.com/slawkens/myaac/commit/10cd71a6630ffec91b43a26a6d685b66c5836a6a)
 * Fix: Ignore duplicated route exception (https://github.com/slawkens/myaac/commit/9d8e9d27bd87167d8d4005942a6af62bfe4c0892)
 ### Changed
 * Move counter & visitors code before router (In case someone wants to include that info on page) (https://github.com/slawkens/myaac/commit/f78285030708ad3c74ab048711f73bbf3ee5281e)
 * Set TinyMCE license key to gpl (Avoid warning message in browser console) (https://github.com/slawkens/myaac/commit/8d29fdb98b92dbc3d2853ef88a185c67036b4a77)
 ### Removed
 * Remove deprecated TinyMCE plugin - template (https://github.com/slawkens/myaac/commit/309c1fb715b882e67cb673b1544a03befbf64a22)
 ## [1.6 - 03.06.2025]
 ### Added
 * Add new setting/configurable: site_url, prevents domain spoofing (https://github.com/slawkens/myaac/commit/d8a6090be382c35c19117cfef964b594ed02b8d4)
 * Add new account coins setting (https://github.com/slawkens/myaac/commit/28886551e86fe562172c4c7f2afb89a2e7672c2e)
 * autoload: settings/install/init.php (https://github.com/slawkens/myaac/commit/e5749437074c3b3556628a2aeb5bad2edf97bde0, https://github.com/slawkens/myaac/commit/7d213f479a7e40c6254069b5fc4e578dc32bf8d9, https://github.com/slawkens/myaac/commit/207d6bc69120aba1af2b51808f17e0059b571fed)
 * Protect against csrf in more places (accounts & guilds & forums pages) (https://github.com/slawkens/myaac/commit/6eda38603c8ed7e99b92a78a4600b1245377f74d, https://github.com/slawkens/myaac/commit/e776bd52beb3064a9e694efd1b9021ec972ee2f6, https://github.com/slawkens/myaac/commit/84d502bf105f2a789481fba1acc820d236b4de66)
 * Added two new hooks for pages loaded from database (custom pages): HOOK_BEFORE_PAGE_CUSTOM, HOOK_AFTER_PAGE_CUSTOM (https://github.com/slawkens/myaac/commit/c961a1ebf837f2ab1734a825ff2c57b4937610c9)
 * Add global variables into $hooks->executeFilter (https://github.com/slawkens/myaac/commit/8fdea943768b20193eede99d60313ee84511a0be)
 * Add getNPCsCount() to OTS_InfoRespond (https://github.com/slawkens/myaac/commit/7d435ff6433ef1fb2295ee79ed043ee10dc725e9)
 ### Fixed
 * Allow [] in character name (https://github.com/slawkens/myaac/commit/de6603a51347b9e656c58637ed9971fffdd7cedd)
 * Do not allow access to tools/ folder after install (https://github.com/slawkens/myaac/commit/6e0f5913831f8dba69fd2d1505be3e2a303c6324)
 * Fix CHANGELOG-1.x.md loading in admin panel (https://github.com/slawkens/myaac/commit/4a30fb495dbfbe1d434e8d52419eaf44fe517aee)
 * Fix links not working in admin dashboard modules (https://github.com/slawkens/myaac/commit/be7b27c31aa3bbd6c0289c34d1e61139a3fe015c)
 * Fix twig variables: logged + account_logged being not set directly after login (https://github.com/slawkens/myaac/commit/1e9b10d6489c488cadf7f6ed17b42f1ea6c767a8)
 ### Changed
 * OTS_ServerInfo -> move setTimeout out of class - Possibility to use the class without MyAAC (https://github.com/slawkens/myaac/commit/40d65a6613149fda51bdceb82c807e5301a3388b)
 ## [1.5 - 14.05.2025]
 ### Added
 * Feature/twig hooks filters (#258)
 * Add latest client versions (14.00 - 15.01) (https://github.com/slawkens/myaac/commit/5367df23812c6182863353c9a39fd7fb0b743f4b)
 * db variable to twig (https://github.com/slawkens/myaac/commit/5ed1aec28e146b871a75597411d12e42a067f4e6)
 * New filter: HOOK_FILTER_ROUTES (https://github.com/slawkens/myaac/commit/9b75011224f385db8b27e109bfeb28e75b9d779c)
 * Allow optionally separate folder for views (thanks @Scrollog for idea) (https://github.com/slawkens/myaac/commit/03e275213901a89edb0ebb8974b776a992ab391f)
 * Add float & double types to the Settings (https://github.com/slawkens/myaac/commit/67ab425bb9796d9d123296e3fda542fa8f7f05ee)
 * Add optional param _page_only for single-page apps etc. (https://github.com/slawkens/myaac/commit/113473f2560aab6d364c301cc14a8b5ba8f309f4)
 ### Changed
 * Change OTS_Account->getPremDays to not return -1 in case of freePremium (https://github.com/slawkens/myaac/commit/3befde2a1e4d24a011311e785f15185db57e19b8)
 * Add note about highscores being updated x minutes + allow ttl 0 to disable cache (https://github.com/slawkens/myaac/commit/a161cff00329da6f970f3a70967fe8346fe92bbc)
 * Better monster images (no image not found anymore) + use cache (https://github.com/slawkens/myaac/commit/73a5829974ceca3f02d7925d5cfbd5fa50b1bbd2)
 * Rename server-info -> ots-info, changelog -> change-log (Due to conflict with apache2 server-info mod) (https://github.com/slawkens/myaac/commit/3949d84e5d7631f332111b6d00278bddbd0ad10a)
 * Move rules page to admin panel (https://github.com/slawkens/myaac/commit/3949d84e5d7631f332111b6d00278bddbd0ad10a)
 ### Fixed
 * php 8.4 warnings
 * Visitors counter not working properly on dev mode (https://github.com/slawkens/myaac/commit/da151051186c913dd0dd091aabe893649c2b9ee7)
 * Fix login.php boosted creature & boss (not sure exact version, but should be 14.12 or around) (https://github.com/slawkens/myaac/commit/c48b8006319f6c3b5f082befd16785420bb98110)
 * Fix installMenus when theme/template was removed from disc (https://github.com/slawkens/myaac/commit/c24c580796bccd54bf9e95b864763f4642684d55)
 * Fix if user removes the menu category (https://github.com/slawkens/myaac/commit/dbea69f31478391dacfbbc02c8353c39b4245daf)
 ### Updated:
 * Update cypress from version ^13.17.0 to ^14.3.3 (https://github.com/slawkens/myaac/commit/629fd18ea166860d5898a822f44f9277da6ce43d)
 ## [1.4 - 22.04.2025]
 ### Added
 * feat: admin-pages (can add admin pages through plugins) (https://github.com/slawkens/myaac/commit/ceaa0639e66d31e8177ff90791463470367aa45d)
 	* just place the page in admin-pages folder in the plugin
 	* Also, possibility to overwrite default myaac admin pages
 * Add db->hasTableAndColumns(table, columns), credits to @opentibiabr Team (https://github.com/slawkens/myaac/commit/82a533d88c8a342076891d132b4b409ed9a1fe72)
 * Add noSubmit option to buttons.base (https://github.com/slawkens/myaac/commit/64f6d3abcada3bf9fd7599f50d2fac0a1367f383)
 ### Fixed
 * Fix: display 404 error instead of 500 when page has been removed from filesystem (https://github.com/slawkens/myaac/commit/c2bf94fb2370d2009a2eb907f818955132cf8611)
 * Fix headline.php: change image format to .png cause of black background (https://github.com/slawkens/myaac/commit/b618084d50918539d9a70abd97e764137b966067)
 * Clear cache on plugin enable/disable, fixes some issues with plugin pages being cached (https://github.com/slawkens/myaac/commit/1d0c173e7d000aecbd432800941fc3e38a0e50f2)
 * Do not autoload sub-folders if autoload pages is disabled (https://github.com/slawkens/myaac/commit/d47195a7878095336f9c9edc6f96244257f67eec)
 ### Changed
 * SQL Syntax Standardization (by @JoaozinhoBrasil, #298)
 * Pages in theme/template folder will now have precedence over normal pages (https://github.com/slawkens/myaac/commit/6d8f4718a1d349fba8f0ebc39cfd3a1a84d104b0)
 * Small changes in account.login.html.twig (https://github.com/slawkens/myaac/commit/f40b986b59d4c8fa89ab4745731bf366f8619976)
 * Plugin name is required, version is optional (https://github.com/slawkens/myaac/commit/e6f05a2731c61d931be49e121c068e49c0ad5e01)
 ## [1.3.3 - 04.04.2025]
 ### Fixed
 * Fix uninstall plugin when plugin is disabled (https://github.com/slawkens/myaac/commit/6c568fd36a271270684fc412ccd556b230273a6d)
 ### Changed
 * Display more useful info when error parsing config.lua (https://github.com/slawkens/myaac/commit/fa6b6aa153ffc131e0d1631a4dcd9012a5850c2e)
 ### Other
 * Small adjustments (https://github.com/slawkens/myaac/commit/35e2483de86e295bdf089cceffa25842eeb2e34c, https://github.com/slawkens/myaac/commit/ae639d65b0bfa491e747e907e2ebc77f83f47981)
 ## [1.3.2 - 01.04.2025]
 ### Fixed
 * Fix debugBar/admin panel menu when using custom base_dir (https://github.com/slawkens/myaac/commit/65696f63e3aac02ff952ea81279e7cb2fa7570fb)
 ### Changed
 * Settings: Show/hide IP Ban Protection options depending on the value (enabled/disabled) (https://github.com/slawkens/myaac/commit/dbf73d0b61b45601ae95e51b23c051c2704169c5)
 * Do not require init.php in cache:clear command (https://github.com/slawkens/myaac/commit/d25c71857f767834239bbffacd00fdc671adb157)
 ## [1.3.1 - 19.03.2025]
 ### Fixed
 * Fixed migrate:run command (https://github.com/slawkens/myaac/commit/1a5771ad51e595fe13368a0721b059c4ecefb17d)
 ### Changed
 * Small adjustments (https://github.com/slawkens/myaac/commit/6fac883659f581baac1361826d046410156f1e58, https://github.com/slawkens/myaac/commit/4a6896b4469968b9904292734cf6c14ba5eeef14)
 ## [1.3 - 10.03.2025]
 ### Changed
 * Use latest outfit-images host from @gesior (https://github.com/slawkens/myaac/commit/529bdcf016dd0f9dffbc34d81f99a046a9ddb70d)
 * Change monster link to $_GET ?name= (https://github.com/slawkens/myaac/commit/4c5cc8b573b2b3e7ec00a22b7ede30a68083a924)
 ### Fixed
 * Fixed house links (https://github.com/slawkens/myaac/commit/887b5068ad11c4cdab614afd34525caba785ce13)
 * Fixed long title on headline.php (https://github.com/slawkens/myaac/commit/3e3f4bb5a514158ec8777684ca6c7f1c2a37bed5)
 * Fixed menu colors once again, plus add !important tag (https://github.com/slawkens/myaac/commit/aa52df6e2ec92cafc25b655ae907bf2e1746d9cc)
 * Fix: add possibility to remove all menu items in admin panel (https://github.com/slawkens/myaac/commit/00fe1adc15ea7646596d755f6e6e1f7854ffc1d5, https://github.com/slawkens/myaac/commit/9239a4f4198c3ad260802ac3b47e9c41b80b754e)
 ## [1.2 - 09.02.2025]
 ### Added
 * Twig session(key) function + reworked session functions to accept multi-array like in Laravel (https://github.com/slawkens/myaac/commit/b46ddb43d03ef7e5fc34e555e92e856bdc905691)
 * add template_name to twig variables (https://github.com/slawkens/myaac/commit/ae1161d77050bda181802b4496c9de920a7bb1bc)
 * add HOOK_INIT, executed just after $hooks are loaded (https://github.com/slawkens/myaac/commit/19686725dc810f63a07f049f82c66cf336d90ca6)
 ### Changed
 * settings: password input hide/show, enable Save button only if changes has been made, save settings in transaction (https://github.com/slawkens/myaac/commit/4fda4f643b60a151179e5dd4f04912fb2618d98f, https://github.com/slawkens/myaac/commit/28fef952f857b79d64bc7495ffa5e1999e68e192, https://github.com/slawkens/myaac/commit/4b6024dc451accadb6c469fa282a9a764c1c0a81)
 * rework menus: Different categories can have different colors + Option to reset menus (https://github.com/slawkens/myaac/commit/73de93a561f6b13111e019075724357d8a617249, https://github.com/slawkens/myaac/commit/3da3e62c5b12390d75de9b3320729bcca6e0b458)
 ### Fixed
 * highscores: Fix online status + vocation for TFS 0.x (https://github.com/slawkens/myaac/commit/ea51ad27c38be88d86514cb979bb394fcfbef1f0)
 * clear cache button in admin bar needed to be clicked twice until it worked (https://github.com/slawkens/myaac/commit/ea51ad27c38be88d86514cb979bb394fcfbef1f0)
 * HOOK_STARTUP location (https://github.com/slawkens/myaac/commit/a73fb1003ee3f812cf182d1834d65f08e6f60d1f)
 * if vocation name has more words (https://github.com/slawkens/myaac/commit/9d7fc98e1e0a96b59ecc1a7c39800a64445db364)
 ### Updated
 * Bump twig/twig from 3.18.0 to 3.19.0 (#284)
 ## [1.1 - 27.01.2025]
 ### Changed
 * adjust mailer settings descriptions to latest gmail (https://github.com/slawkens/myaac/commit/c5d5bb80671db135e6b503f53684771c7272e05d)
 * optimize $player->isOnline() function, thanks @gesior (https://github.com/slawkens/myaac/commit/10dd818b139d5e1bb1ca9ec81edfb083ba9316b4)
 * make players.comment and guilds.description VARCHAR (https://github.com/slawkens/myaac/commit/a45ceab83a74bee2b89cdb72baceda75e577e3cf)
 * add lua/ folder to .gitignore (https://github.com/slawkens/myaac/commit/07012f786b1114cb6ab2f064f82c645b136a375a)
 ### Fixed
 * general fixes in the tibiacom template menus, better support for custom menus
 * make functions_custom.php optional (https://github.com/slawkens/myaac/commit/dc2b5afd9980984e2b259c9fc99f2ade46f70a5a)
 * error in CLI, where BASE_URL is not defined (https://github.com/slawkens/myaac/commit/4d749b881582f64b5a46196dbbb5ee8097127f03)
 * hook ACCOUNT_LOGIN_BEFORE_ACCOUNT location (https://github.com/slawkens/myaac/commit/669c447fca8643ce56d9ef8c1374ec647c780998)
 ## [1.0.1 - 14.01.2025]
 ### Fixed
 * tibiacom account & news menu links not auto expanding
 ### Updated (Thanks dependabot)
 * twig from ^2.0 to ^3.11
 * tinymce from ^6.8.3 to ^7.2.0
 * cypress from ^12.12.0 to ^13.17.0
 * nesbot/carbon from 2.72.5 to 2.72.6
 ## [1.0 - 12.01.2025]
 First stable release in the v1.0 series.
 Minimum PHP 8.1 is required.
 Changes since RC.2:
 ### Added
 * feature: migrations up/down. Allows to downgrade/upgrade database to specified version (https://github.com/slawkens/myaac/commit/3f6ff3a3326b0475d28d11ffd7fff51f362d799f)
 * new hooks for news management (https://github.com/slawkens/myaac/commit/011a85d8ae34283ded6999882833f9d4797028ec, https://github.com/slawkens/myaac/commit/36bd3eb846e829b45313e10f7568dc4e95841143)
 * None Vocation to highscores (can be changed to RookStayer in Admin Panel) (https://github.com/slawkens/myaac/commit/a4a248099521bb5b8b2aa5bd592138debd2f19d5)
 * support for button_color (green, red, blue) (https://github.com/slawkens/myaac/commit/d8b6b749ee62e88b6af4a05d3d7557f90b94d94e)
 * add $whoopsHandler as variable, can be used by plugins (https://github.com/slawkens/myaac/commit/b0c8cf2ecda23045d725aaf43cfb3852ed766a4b)
 * PlayerModel->outfit_url attribute (https://github.com/slawkens/myaac/commit/3b5be1a8db5dceecaa388e2925a5536d13b38881)
 * support for selecting plugin themes in Admin menus.php (https://github.com/slawkens/myaac/commit/77a2c1cec343ffe4be5c2c2503ee81bc32a14ca1)
 ### Changed
 * schema: Change character set to utf8mb4 (support for Emojis in Menus/Pages/News/Forum etc.) (https://github.com/slawkens/myaac/commit/27c44f1bdfb6234cf0c9d5b4b491123bb205b08f)
 * prefer get_browser_real_ip() over REMOTE_ADDR (https://github.com/slawkens/myaac/commit/941846605c00cee83168d2f916410b8ba8d4b7b9)
 * automatically set selected current one on highscores filters (https://github.com/slawkens/myaac/commit/e96227fbe41ae281783b2d49edb169a603601813)
 * rewrite towns loading code, removed OTBM loader (was too slow) (https://github.com/slawkens/myaac/commit/c980a0914632e7b27f718464f669a200707d217e)
 * allow OTS_Player to be passed as object to getPlayerLink (https://github.com/slawkens/myaac/commit/84d37c5a8f2c4535a41c8aa8264752969d3f3a3d)
 * do not clear menus by default on install (https://github.com/slawkens/myaac/commit/12d8faa3eda5e798f97b71e941c035187daad96e)
 * display warning in admin panel - plugins - if zip extension is not installed (https://github.com/slawkens/myaac/commit/e3ffe5d9e11d78ab064a370d8541bac351c9bcd9)
 * set default_socket_timeout for ipinfo.io checkup to 5 seconds (https://github.com/slawkens/myaac/commit/783d96fc6568a607d3198b832fed3a0dd06c4ebb)
 * refactor getTopPlayers function (support for balance) (https://github.com/slawkens/myaac/commit/c769962e39fe8dfb72ecd5be1864e145696be794)
 ### Fixed
 * XSS in forum (https://github.com/slawkens/myaac/commit/c2b7286d20d4b579171540f7a774e8a0995d5e8f, https://github.com/slawkens/myaac/commit/8fb643596f9586005976e7bdb484a541a9d8715e)
 * price deducted when changing sex (https://github.com/slawkens/myaac/commit/16671ea40b72dcf74037c359ad572f9eb825edf9)
 * move_thread by unauthorized user (https://github.com/slawkens/myaac/commit/d6c40c836a53cb1710f911f77f45f28b54ea1b54, thanks @anyeor)
 * TFS 1.4.2 where conditions is NULL (https://github.com/slawkens/myaac/commit/b8396d4c8482e951da538b13f2296123732c4545)
 * do not show forum new thread show button if not logged in (https://github.com/slawkens/myaac/commit/507402171ba3b6e7ee184bd7fa73e0d55e0cad7a, @anyeor)
 * login if limiter is disabled (https://github.com/slawkens/myaac/commit/a0f1971583f0f790013e2145fb5ac573c59fbdef)
 * fixes to installMenus function (https://github.com/slawkens/myaac/commit/a2fadc5945fe0a5e39f740827f6ffbda1bb501e2)
 * many PHP exceptions in different places
 * fixes to tibiacom menus ActiveSubmenuItem
 ### Removed
 * bugtracker SQL table code as the page has been removed/moved to plugins (https://github.com/slawkens/myaac/commit/5782772b901b05fb814bc718d062f6e2cd71df8c)
 ## [1.0-RC.2 - 25.10.2024]
 Still waiting for your reports about bugs found in this release. We are very close to stable release.
 ### Added
 * feat: rate limit settings for blocking accounts login attempts (@gpedro, #266)
 * search by email in accounts editor (https://github.com/slawkens/myaac/commit/c2ec46824621468f2a1cb4046805c485ed13fea5)
 * New hooks in account manage + create (https://github.com/slawkens/myaac/commit/93641fc68ac9a5f1479329e2bd41380c19534d5d)
 ### Changed
 * chore: drop raw queries + accounts - search by email + accounts - required min size for search by account number (@gpedro, #266)
 * Use https for outfit & item images (https://github.com/slawkens/myaac/commit/71c00aa5e01fbdfd88802912e200dd1025976231)
 * Do not require players & guilds tables on install (https://github.com/slawkens/myaac/commit/779aa152fa940261c9b161533946f44e288597a2)
 * Do not create player if there is no players table in db (https://github.com/slawkens/myaac/commit/201f95caa8b70e88fa651eac8c3c3aa7cd765bd0)
 ### Fixed
 * Highscore frags fixed for TFS 0.3 (@Scrollog, #263)
 * Missing groups variable #262. thanks, @Scrollog for reporting (https://github.com/slawkens/myaac/commit/8d8bdb6dac6df21672ac77288fff2f2f8d6eb665)
 * Verified email for login.php (@gpedro, #265)
 * Warning if core.account_country is disabled (https://github.com/slawkens/myaac/commit/ab73d60c61e14a1cacdb6cfbf7f89f4bf3be0833)
 ## [1.0-RC.1 - 23.07.2024]
 Changes since 1.0-beta:
 ### Added
 * Feat: Hooks priority (https://github.com/slawkens/myaac/commit/dc17b701da053e04bfa64e21be9247a4f07505e1)
 * Make autoload of pages, commands and themes configurable (https://github.com/slawkens/myaac/commit/c1d4b4f80cd6bb85507ee9471e47013955a26a91)
 * Fraggers in characters page for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/42f99c3edc8de39cccc5632cb42e88b24579c5a6)
 * New hooks: HOOK_INSTALL_FINISH, HOOK_ACCOUNT_CREATE_CHARACTER_* (https://github.com/slawkens/myaac/commit/08ac8ebade106521a5c7396faa5ce7006e629f7c, https://github.com/slawkens/myaac/commit/45dda5e834ff2059faea6ef9be2efa76f1723cbd)
 ### Changed
 * Allow account_create_character_create even if account_mail_verify is activated (https://github.com/slawkens/myaac/commit/203e411b626fe62401a4b74a48420769e512aa39)
 * Create guild_rank entries, in case MySQL trigger not loaded (https://github.com/slawkens/myaac/commit/d9c1b2507c81f306970642b35e4bf5f7cc04a6f2, https://github.com/slawkens/myaac/commit/47a19e85dd84e9f3b39a1b29cfc2c04b004832b9)
 * Set Admin Account verified by default (https://github.com/slawkens/myaac/commit/cd49dfc79942f3301ce9c0b8d899b9f39bda9a41)
 * Refactor account routes into sub folders (https://github.com/slawkens/myaac/commit/bdc0c43d3fd3a51030c3e916bdb9f008468f5ecd)
 * Order towns by id (https://github.com/slawkens/myaac/commit/9ea2a5067fc4b75de395f381577b18914132ad84)
 * Do not create news about myaac, if any news already exist (on installation (https://github.com/slawkens/myaac/commit/504242fb846b73b56b87bc1e39d070687ad7f5b4)
 ### Fixed
 * Not working google recaptcha plugin (https://github.com/slawkens/myaac/commit/a1bcb217ecf4e21fd58da4ba491da1852029898a)
 * Not working account create if account_country is disabled (https://github.com/slawkens/myaac/commit/933b681a9fcdbb6283e0469b3806d2ded492d232)
 * Account verify - do not allow login without verified email (Thanks @anyeor, https://github.com/slawkens/myaac/commit/fcb13f3c0fb8ceafda0bd614a229a26a269432bd)
 * Detect tools/ext exists on install to prevent broken installs (https://github.com/slawkens/myaac/commit/10a739773c4f2911876bc802a0ee0537c3e00a92)
 * Cache reloading each time page refreshes (https://github.com/slawkens/myaac/commit/ec96985872057340112f65073efc0c4bf86dddb0)
 * Highscores frags for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/a04d186c22912915f0a7873dfe677ef3b5a23c79)
 * Monsters page: monster not found exception (https://github.com/slawkens/myaac/commit/ef79b99b8acc179f14b8475547347d9daca27512)
 * Fixed bug if \<flags\> are not present in monster.xml (https://github.com/slawkens/myaac/commit/57b47ab7983f625c7c0ef4f5303a4d07ef172786)
 * fastRoute duplicate errors (https://github.com/slawkens/myaac/commit/4c0739d3e93812dff0c33849ea3f38e4e49113ac)
 * useGuildNick displaying (https://github.com/slawkens/myaac/commit/0db0ec1aa47e044c26bc403ff5078a2115d086f8)
 ## [1.0-beta - 18.05.2024]
 Minimum PHP version for this release is 8.1.
 ### Added
 * reworked Admin Panel (@Leesneaks, @gpedro, @slawkens)
  * updated to Bootstrap v4
  * new Menu
  * new Dashboard: statistics, server status
  * new Admin Bar showed on top when admin logged in
  * new page: Server Data, to reload server data
    * Towns, NPCs & Items are stored in permanent cache
  * new pages: mass account & teleport tools
  * changelogs editor
  * revised Accounts & Players editors
  * option to add/modify admin menus with plugins
  * option to enable/disable plugins
  * better, updated TinyMCE editor (v6.x)
    * with option to upload images
  * list of open source libraries used in project page
 * auto-loading of themes, commands & pages from plugins/ folder. You need just to place them in correct folder and they will be loaded automatically - this allows better customization, without interfering with core AAC folders. This will allow in the future automatic updates for plugins as well the AAC as whole.
 * config.php moved to Admin Panel -> Settings page
 * new console script: aac - using symfony/console
  * usage: `php aac` (will list all commands by default)
  * example: `php aac cache:clear`
  * example: `php aac plugin:install theme-example.zip`
 * replace POT Query Builder to Eloquent ORM. Not 100% yet - in some places there is still old $db approach used (@gpedro) (https://github.com/slawkens/myaac/pull/230)
 * brand new charming installation page (by @fernandomatos)
  * using Bootstrap
 * new pages router: nikic/fast-route, allowing for better customisation
 * Plugin cronjobs: central control of the cronjobs
 * Guild Wars support (available as plugin)
 * support for login and create account only by email (configurable)
  * with no need for account name
 * Google ReCAPTCHA v3 support (available as plugin)
 * support for Account Number
  * suggest account number option
 * many new functions, hooks and configurables
 * better Exception Handler (Whoops - https://github.com/filp/whoops)
 * automated website tests (using Cypress)
 * csrf protection (https://github.com/slawkens/myaac/pull/235)
 * option to restrict Page view to specified group of users (Not-Logged in, logged-in players, tutors, gamemasters etc.)
 * phpdebug bar (http://phpdebugbar.com/). Activated if env == 'dev', can be also activated in production by enabling "enable_debugbar" in local config
 ### Changed
 * Composer and NPM is now used for external libraries like: Twig, PHPMailer, fast-route, jQuery, Bootstrap etc.
 * mail support is disabled on fresh install, can be manually enabled by user
 * disable add php pages in admin panel for security. Option to disable plugins upload
 * visitors counter shows now user browser, and also if its bot
 * changes in required and optional PHP extensions
 * reworked Pages:
 	* Bans
 		* works now for TFS 1.x
 	* Highscores
 		* frags works for TFS 1.x
 		* cached
 	* Monsters
 * moved pages to Twig:
  * experience stages
 * update player_deaths entries on name change
 * change_password email to be more informal
 ### Fixed
 * hundreds of bug fixes, mostly patched from 0.8, so it makes no sense writing them again here
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,225 +0,0 @@
 # Changelog
 ## [1.3.1 - 19.03.2025]
 ### Fixed
 * Fixed migrate:run command (https://github.com/slawkens/myaac/commit/1a5771ad51e595fe13368a0721b059c4ecefb17d)
 ### Changed
 * Small adjustments (https://github.com/slawkens/myaac/commit/6fac883659f581baac1361826d046410156f1e58, https://github.com/slawkens/myaac/commit/4a6896b4469968b9904292734cf6c14ba5eeef14)
 ## [1.3 - 10.03.2025]
 ### Changed
 * Use latest outfit-images host from @gesior (https://github.com/slawkens/myaac/commit/529bdcf016dd0f9dffbc34d81f99a046a9ddb70d)
 * Change monster link to $_GET ?name= (https://github.com/slawkens/myaac/commit/4c5cc8b573b2b3e7ec00a22b7ede30a68083a924)
 ### Fixed
 * Fixed house links (https://github.com/slawkens/myaac/commit/887b5068ad11c4cdab614afd34525caba785ce13)
 * Fixed long title on headline.php (https://github.com/slawkens/myaac/commit/3e3f4bb5a514158ec8777684ca6c7f1c2a37bed5)
 * Fixed menu colors once again, plus add !important tag (https://github.com/slawkens/myaac/commit/aa52df6e2ec92cafc25b655ae907bf2e1746d9cc)
 * Fix: add possibility to remove all menu items in admin panel (https://github.com/slawkens/myaac/commit/00fe1adc15ea7646596d755f6e6e1f7854ffc1d5, https://github.com/slawkens/myaac/commit/9239a4f4198c3ad260802ac3b47e9c41b80b754e)
 ## [1.2 - 09.02.2025]
 ### Added
 * Twig session(key) function + reworked session functions to accept multi-array like in Laravel (https://github.com/slawkens/myaac/commit/b46ddb43d03ef7e5fc34e555e92e856bdc905691)
 * add template_name to twig variables (https://github.com/slawkens/myaac/commit/ae1161d77050bda181802b4496c9de920a7bb1bc)
 * add HOOK_INIT, executed just after $hooks are loaded (https://github.com/slawkens/myaac/commit/19686725dc810f63a07f049f82c66cf336d90ca6)
 ### Changed
 * settings: password input hide/show, enable Save button only if changes has been made, save settings in transaction (https://github.com/slawkens/myaac/commit/4fda4f643b60a151179e5dd4f04912fb2618d98f, https://github.com/slawkens/myaac/commit/28fef952f857b79d64bc7495ffa5e1999e68e192, https://github.com/slawkens/myaac/commit/4b6024dc451accadb6c469fa282a9a764c1c0a81)
 * rework menus: Different categories can have different colors + Option to reset menus (https://github.com/slawkens/myaac/commit/73de93a561f6b13111e019075724357d8a617249, https://github.com/slawkens/myaac/commit/3da3e62c5b12390d75de9b3320729bcca6e0b458)
 ### Fixed
 * highscores: Fix online status + vocation for TFS 0.x (https://github.com/slawkens/myaac/commit/ea51ad27c38be88d86514cb979bb394fcfbef1f0)
 * clear cache button in admin bar needed to be clicked twice until it worked (https://github.com/slawkens/myaac/commit/ea51ad27c38be88d86514cb979bb394fcfbef1f0)
 * HOOK_STARTUP location (https://github.com/slawkens/myaac/commit/a73fb1003ee3f812cf182d1834d65f08e6f60d1f)
 * if vocation name has more words (https://github.com/slawkens/myaac/commit/9d7fc98e1e0a96b59ecc1a7c39800a64445db364)
 ### Updated
 * Bump twig/twig from 3.18.0 to 3.19.0 (#284)
 ## [1.1 - 27.01.2025]
 ### Changed
 * adjust mailer settings descriptions to latest gmail (https://github.com/slawkens/myaac/commit/c5d5bb80671db135e6b503f53684771c7272e05d)
 * optimize $player->isOnline() function, thanks @gesior (https://github.com/slawkens/myaac/commit/10dd818b139d5e1bb1ca9ec81edfb083ba9316b4)
 * make players.comment and guilds.description VARCHAR (https://github.com/slawkens/myaac/commit/a45ceab83a74bee2b89cdb72baceda75e577e3cf)
 * add lua/ folder to .gitignore (https://github.com/slawkens/myaac/commit/07012f786b1114cb6ab2f064f82c645b136a375a)
 ### Fixed
 * general fixes in the tibiacom template menus, better support for custom menus
 * make functions_custom.php optional (https://github.com/slawkens/myaac/commit/dc2b5afd9980984e2b259c9fc99f2ade46f70a5a)
 * error in CLI, where BASE_URL is not defined (https://github.com/slawkens/myaac/commit/4d749b881582f64b5a46196dbbb5ee8097127f03)
 * hook ACCOUNT_LOGIN_BEFORE_ACCOUNT location (https://github.com/slawkens/myaac/commit/669c447fca8643ce56d9ef8c1374ec647c780998)
 ## [1.0.1 - 14.01.2025]
 ### Fixed
 * tibiacom account & news menu links not auto expanding
 ### Updated (Thanks dependabot)
 * twig from ^2.0 to ^3.11
 * tinymce from ^6.8.3 to ^7.2.0
 * cypress from ^12.12.0 to ^13.17.0
 * nesbot/carbon from 2.72.5 to 2.72.6
 ## [1.0 - 12.01.2025]
 First stable release in the v1.0 series.
 Minimum PHP 8.1 is required.
 Changes since RC.2:
 ### Added
 * feature: migrations up/down. Allows to downgrade/upgrade database to specified version (https://github.com/slawkens/myaac/commit/3f6ff3a3326b0475d28d11ffd7fff51f362d799f)
 * new hooks for news management (https://github.com/slawkens/myaac/commit/011a85d8ae34283ded6999882833f9d4797028ec, https://github.com/slawkens/myaac/commit/36bd3eb846e829b45313e10f7568dc4e95841143)
 * None Vocation to highscores (can be changed to RookStayer in Admin Panel) (https://github.com/slawkens/myaac/commit/a4a248099521bb5b8b2aa5bd592138debd2f19d5)
 * support for button_color (green, red, blue) (https://github.com/slawkens/myaac/commit/d8b6b749ee62e88b6af4a05d3d7557f90b94d94e)
 * add $whoopsHandler as variable, can be used by plugins (https://github.com/slawkens/myaac/commit/b0c8cf2ecda23045d725aaf43cfb3852ed766a4b)
 * PlayerModel->outfit_url attribute (https://github.com/slawkens/myaac/commit/3b5be1a8db5dceecaa388e2925a5536d13b38881)
 * support for selecting plugin themes in Admin menus.php (https://github.com/slawkens/myaac/commit/77a2c1cec343ffe4be5c2c2503ee81bc32a14ca1)
 ### Changed
 * schema: Change character set to utf8mb4 (support for Emojis in Menus/Pages/News/Forum etc.) (https://github.com/slawkens/myaac/commit/27c44f1bdfb6234cf0c9d5b4b491123bb205b08f)
 * prefer get_browser_real_ip() over REMOTE_ADDR (https://github.com/slawkens/myaac/commit/941846605c00cee83168d2f916410b8ba8d4b7b9)
 * automatically set selected current one on highscores filters (https://github.com/slawkens/myaac/commit/e96227fbe41ae281783b2d49edb169a603601813)
 * rewrite towns loading code, removed OTBM loader (was too slow) (https://github.com/slawkens/myaac/commit/c980a0914632e7b27f718464f669a200707d217e)
 * allow OTS_Player to be passed as object to getPlayerLink (https://github.com/slawkens/myaac/commit/84d37c5a8f2c4535a41c8aa8264752969d3f3a3d)
 * do not clear menus by default on install (https://github.com/slawkens/myaac/commit/12d8faa3eda5e798f97b71e941c035187daad96e)
 * display warning in admin panel - plugins - if zip extension is not installed (https://github.com/slawkens/myaac/commit/e3ffe5d9e11d78ab064a370d8541bac351c9bcd9)
 * set default_socket_timeout for ipinfo.io checkup to 5 seconds (https://github.com/slawkens/myaac/commit/783d96fc6568a607d3198b832fed3a0dd06c4ebb)
 * refactor getTopPlayers function (support for balance) (https://github.com/slawkens/myaac/commit/c769962e39fe8dfb72ecd5be1864e145696be794)
 ### Fixed
 * XSS in forum (https://github.com/slawkens/myaac/commit/c2b7286d20d4b579171540f7a774e8a0995d5e8f, https://github.com/slawkens/myaac/commit/8fb643596f9586005976e7bdb484a541a9d8715e)
 * price deducted when changing sex (https://github.com/slawkens/myaac/commit/16671ea40b72dcf74037c359ad572f9eb825edf9)
 * move_thread by unauthorized user (https://github.com/slawkens/myaac/commit/d6c40c836a53cb1710f911f77f45f28b54ea1b54, thanks @anyeor)
 * TFS 1.4.2 where conditions is NULL (https://github.com/slawkens/myaac/commit/b8396d4c8482e951da538b13f2296123732c4545)
 * do not show forum new thread show button if not logged in (https://github.com/slawkens/myaac/commit/507402171ba3b6e7ee184bd7fa73e0d55e0cad7a, @anyeor)
 * login if limiter is disabled (https://github.com/slawkens/myaac/commit/a0f1971583f0f790013e2145fb5ac573c59fbdef)
 * fixes to installMenus function (https://github.com/slawkens/myaac/commit/a2fadc5945fe0a5e39f740827f6ffbda1bb501e2)
 * many PHP exceptions in different places
 * fixes to tibiacom menus ActiveSubmenuItem
 ### Removed
 * bugtracker SQL table code as the page has been removed/moved to plugins (https://github.com/slawkens/myaac/commit/5782772b901b05fb814bc718d062f6e2cd71df8c)
 ## [1.0-RC.2 - 25.10.2024]
 Still waiting for your reports about bugs found in this release. We are very close to stable release.
 ### Added
 * feat: rate limit settings for blocking accounts login attempts (@gpedro, #266)
 * search by email in accounts editor (https://github.com/slawkens/myaac/commit/c2ec46824621468f2a1cb4046805c485ed13fea5)
 * New hooks in account manage + create (https://github.com/slawkens/myaac/commit/93641fc68ac9a5f1479329e2bd41380c19534d5d)
 ### Changed
 * chore: drop raw queries + accounts - search by email + accounts - required min size for search by account number (@gpedro, #266)
 * Use https for outfit & item images (https://github.com/slawkens/myaac/commit/71c00aa5e01fbdfd88802912e200dd1025976231)
 * Do not require players & guilds tables on install (https://github.com/slawkens/myaac/commit/779aa152fa940261c9b161533946f44e288597a2)
 * Do not create player if there is no players table in db (https://github.com/slawkens/myaac/commit/201f95caa8b70e88fa651eac8c3c3aa7cd765bd0)
 ### Fixed
 * Highscore frags fixed for TFS 0.3 (@Scrollog, #263)
 * Missing groups variable #262. thanks, @Scrollog for reporting (https://github.com/slawkens/myaac/commit/8d8bdb6dac6df21672ac77288fff2f2f8d6eb665)
 * Verified email for login.php (@gpedro, #265)
 * Warning if core.account_country is disabled (https://github.com/slawkens/myaac/commit/ab73d60c61e14a1cacdb6cfbf7f89f4bf3be0833)
 ## [1.0-RC.1 - 23.07.2024]
 Changes since 1.0-beta:
 ### Added
 * Feat: Hooks priority (https://github.com/slawkens/myaac/commit/dc17b701da053e04bfa64e21be9247a4f07505e1)
 * Make autoload of pages, commands and themes configurable (https://github.com/slawkens/myaac/commit/c1d4b4f80cd6bb85507ee9471e47013955a26a91)
 * Fraggers in characters page for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/42f99c3edc8de39cccc5632cb42e88b24579c5a6)
 * New hooks: HOOK_INSTALL_FINISH, HOOK_ACCOUNT_CREATE_CHARACTER_* (https://github.com/slawkens/myaac/commit/08ac8ebade106521a5c7396faa5ce7006e629f7c, https://github.com/slawkens/myaac/commit/45dda5e834ff2059faea6ef9be2efa76f1723cbd)
 ### Changed
 * Allow account_create_character_create even if account_mail_verify is activated (https://github.com/slawkens/myaac/commit/203e411b626fe62401a4b74a48420769e512aa39)
 * Create guild_rank entries, in case MySQL trigger not loaded (https://github.com/slawkens/myaac/commit/d9c1b2507c81f306970642b35e4bf5f7cc04a6f2, https://github.com/slawkens/myaac/commit/47a19e85dd84e9f3b39a1b29cfc2c04b004832b9)
 * Set Admin Account verified by default (https://github.com/slawkens/myaac/commit/cd49dfc79942f3301ce9c0b8d899b9f39bda9a41)
 * Refactor account routes into sub folders (https://github.com/slawkens/myaac/commit/bdc0c43d3fd3a51030c3e916bdb9f008468f5ecd)
 * Order towns by id (https://github.com/slawkens/myaac/commit/9ea2a5067fc4b75de395f381577b18914132ad84)
 * Do not create news about myaac, if any news already exist (on installation (https://github.com/slawkens/myaac/commit/504242fb846b73b56b87bc1e39d070687ad7f5b4)
 ### Fixed
 * Not working google recaptcha plugin (https://github.com/slawkens/myaac/commit/a1bcb217ecf4e21fd58da4ba491da1852029898a)
 * Not working account create if account_country is disabled (https://github.com/slawkens/myaac/commit/933b681a9fcdbb6283e0469b3806d2ded492d232)
 * Account verify - do not allow login without verified email (Thanks @anyeor, https://github.com/slawkens/myaac/commit/fcb13f3c0fb8ceafda0bd614a229a26a269432bd)
 * Detect tools/ext exists on install to prevent broken installs (https://github.com/slawkens/myaac/commit/10a739773c4f2911876bc802a0ee0537c3e00a92)
 * Cache reloading each time page refreshes (https://github.com/slawkens/myaac/commit/ec96985872057340112f65073efc0c4bf86dddb0)
 * Highscores frags for TFS 1.x and canary (https://github.com/slawkens/myaac/commit/a04d186c22912915f0a7873dfe677ef3b5a23c79)
 * Monsters page: monster not found exception (https://github.com/slawkens/myaac/commit/ef79b99b8acc179f14b8475547347d9daca27512)
 * Fixed bug if \<flags\> are not present in monster.xml (https://github.com/slawkens/myaac/commit/57b47ab7983f625c7c0ef4f5303a4d07ef172786)
 * fastRoute duplicate errors (https://github.com/slawkens/myaac/commit/4c0739d3e93812dff0c33849ea3f38e4e49113ac)
 * useGuildNick displaying (https://github.com/slawkens/myaac/commit/0db0ec1aa47e044c26bc403ff5078a2115d086f8)
 ## [1.0-beta - 18.05.2024]
 Minimum PHP version for this release is 8.1.
 ### Added
 * reworked Admin Panel (@Leesneaks, @gpedro, @slawkens)
  * updated to Bootstrap v4
  * new Menu
  * new Dashboard: statistics, server status
  * new Admin Bar showed on top when admin logged in
  * new page: Server Data, to reload server data
    * Towns, NPCs & Items are stored in permanent cache
  * new pages: mass account & teleport tools
  * changelogs editor
  * revised Accounts & Players editors
  * option to add/modify admin menus with plugins
  * option to enable/disable plugins
  * better, updated TinyMCE editor (v6.x)
    * with option to upload images
  * list of open source libraries used in project page
 * auto-loading of themes, commands & pages from plugins/ folder. You need just to place them in correct folder and they will be loaded automatically - this allows better customization, without interfering with core AAC folders. This will allow in the future automatic updates for plugins as well the AAC as whole.
 * config.php moved to Admin Panel -> Settings page
 * new console script: aac - using symfony/console
  * usage: `php aac` (will list all commands by default)
  * example: `php aac cache:clear`
  * example: `php aac plugin:install theme-example.zip`
 * replace POT Query Builder to Eloquent ORM. Not 100% yet - in some places there is still old $db approach used (@gpedro) (https://github.com/slawkens/myaac/pull/230)
 * brand new charming installation page (by @fernandomatos)
  * using Bootstrap
 * new pages router: nikic/fast-route, allowing for better customisation
 * Plugin cronjobs: central control of the cronjobs
 * Guild Wars support (available as plugin)
 * support for login and create account only by email (configurable)
  * with no need for account name
 * Google ReCAPTCHA v3 support (available as plugin)
 * support for Account Number
  * suggest account number option
 * many new functions, hooks and configurables
 * better Exception Handler (Whoops - https://github.com/filp/whoops)
 * automated website tests (using Cypress)
 * csrf protection (https://github.com/slawkens/myaac/pull/235)
 * option to restrict Page view to specified group of users (Not-Logged in, logged-in players, tutors, gamemasters etc.)
 * phpdebug bar (http://phpdebugbar.com/). Activated if env == 'dev', can be also activated in production by enabling "enable_debugbar" in local config
 ### Changed
 * Composer and NPM is now used for external libraries like: Twig, PHPMailer, fast-route, jQuery, Bootstrap etc.
 * mail support is disabled on fresh install, can be manually enabled by user
 * disable add php pages in admin panel for security. Option to disable plugins upload
 * visitors counter shows now user browser, and also if its bot
 * changes in required and optional PHP extensions
 * reworked Pages:
 	* Bans
 		* works now for TFS 1.x
 	* Highscores
 		* frags works for TFS 1.x
 		* cached
 	* Monsters
 * moved pages to Twig:
  * experience stages
 * update player_deaths entries on name change
 * change_password email to be more informal
 ### Fixed
 * hundreds of bug fixes, mostly patched from 0.8, so it makes no sense writing them again here
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # [MyAAC](https://my-aac.org)
-MyAAC is a free and open-source Automatic Account Creator (AAC) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
+MyAAC is a free and open-source Automatic Account Creator (AAC) for Open Tibia Servers written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
 Official website: https://my-aac.org
@@ -10,12 +10,19 @@ Official website: https://my-aac.org
 [![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
 [![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
-| Version | Status                 | Branch | Requirements   |
+| Version | Status                 | Branch  | Requirements   |
-|:--------|:-----------------------|:-------|:---------------|
+|:--------|:-----------------------|:--------|:---------------|
-| **1.x** | **Active development** | master | **PHP >= 8.1** |
+| 2.x     | Experimental features  | develop | PHP >= 8.1     |
-| 0.9.x   | Not developed anymore  | 0.9    | PHP >= 7.2.5   |
+| **1.x** | **Active development** | main    | **PHP >= 8.1** |
-| 0.8.x   | Active support         | 0.8    | PHP >= 7.2.5   |
+| 0.9.x   | Not developed anymore  | 0.9     | PHP >= 7.2.5   |
-| 0.7.x   | End Of Life            | 0.7    | PHP >= 5.3.3   |
+| 0.8.x   | Active support         | 0.8     | PHP >= 7.2.5   |
 | 0.7.x   | End Of Life            | 0.7     | PHP >= 5.3.3   |
 The recommended version to install is 1.x, which can be found at releases page - [https://github.com/slawkens/myaac/releases](https://github.com/slawkens/myaac/releases).
 ### Documentation
 * [docs.my-aac.org](https://docs.my-aac.org)
 * [my-aac.org - FAQ](https://my-aac.org/faqs/)
 ### Requirements
@@ -47,23 +54,23 @@ Official website: https://my-aac.org
 ### Configuration
-Check *config.php* to get more informations. (Notice: MyAAC 1.0+ doesn't use config.php anymore, it has been moved to Admin Panel - Settings page).
+Check *config.php* to get more information. (Notice: MyAAC 1.0+ doesn't use config.php anymore, it has been moved to Admin Panel - Settings page).
 Use *config.local.php* for your local configuration changes.
 ### Branches
 This repository follows the Git Flow Workflow.
-Cheatsheet: [Git-Flow-Cheetsheet](https://danielkummer.github.io/git-flow-cheatsheet)
+Cheatsheet: [Git-Flow-Cheatsheet](https://danielkummer.github.io/git-flow-cheatsheet)
 That means, we use:
-* master branch, for current stable release
+* main branch, for current stable release
 * develop branch, for development version (next release)
 * feature branches, for features etc.
 ### Known Problems
- Some compatibility issues with some exotical distibutions.
+- Some compatibility issues with some exotic distributions.
 ### Contributing
@@ -73,11 +80,11 @@ Pull requests should be made to the *develop* branch as that is the working bran
 Bug fixes to current release should be done to master branch.
-Look: [Contributing](https://github.com/otsoft/myaac/wiki/Contributing) in our wiki.
+Look: [Contributing](https://docs.my-aac.org/misc/contributing) in our wiki.
 ### Other Notes
-If you have a great idea or want contribute to the project - visit our website at https://www.my-aac.org
+If you have a great idea or want to contribute to the project - visit our website at https://www.my-aac.org
 ## Project supported by JetBrains
@@ -88,4 +95,4 @@ Many thanks to Jetbrains for kindly providing a license for me to work on this a
 ### License
 This program and all associated files are released under the GNU Public License.  
-See [LICENSE](https://github.com/slawkens/myaac/blob/master/LICENSE) for details.
+See [LICENSE](https://github.com/slawkens/myaac/blob/main/LICENSE) for details.
--- a/admin/includes/debugbar.php
+++ b/admin/includes/debugbar.php
@@ -7,7 +7,7 @@ $hooks->register('debugbar_admin_head_end', HOOK_ADMIN_HEAD_END, function ($para
 		return;
 	}
-	$debugBarRenderer = $debugBar->getJavascriptRenderer();
+	$debugBarRenderer = $debugBar->getJavascriptRenderer(BASE_URL . 'vendor/maximebf/debugbar/src/DebugBar/Resources/');
 	echo $debugBarRenderer->renderHead();
 });
 $hooks->register('debugbar_admin_body_end', HOOK_ADMIN_BODY_END, function ($params) {
@@ -17,6 +17,6 @@ $hooks->register('debugbar_admin_body_end', HOOK_ADMIN_BODY_END, function ($para
 		return;
 	}
-	$debugBarRenderer = $debugBar->getJavascriptRenderer();
+	$debugBarRenderer = $debugBar->getJavascriptRenderer(BASE_URL . 'vendor/maximebf/debugbar/src/DebugBar/Resources/');
 	echo $debugBarRenderer->render();
 });
--- a/admin/index.php
+++ b/admin/index.php
@@ -1,6 +1,8 @@
 <?php
 // few things we'll need
 use MyAAC\Plugins;
 require '../common.php';
 const ADMIN_PANEL = true;
@@ -42,15 +44,21 @@ if(!$logged || !admin()) {
 	$page = 'login';
 }
-// include our page
+$pluginsAdminPages = Plugins::getAdminPages();
-$file = __DIR__ . '/pages/' . $page . '.php';
+if(isset($pluginsAdminPages[$page]) && file_exists(BASE . $pluginsAdminPages[$page])) {
-if(!@file_exists($file)) {
+	$file = BASE . $pluginsAdminPages[$page];
-	if (str_contains($page, 'plugins/')) {
+}
-		$file = BASE . $page;
+else {
-	}
+	// include our page
-	else {
+	$file = __DIR__ . '/pages/' . $page . '.php';
-		$page = '404';
+	if(!@file_exists($file)) {
-		$file = SYSTEM . 'pages/404.php';
+		if (str_contains($page, 'plugins/')) {
 			$file = BASE . $page;
 		}
 		else {
 			$page = '404';
 			$file = SYSTEM . 'pages/404.php';
 		}
 	}
 }
--- a/admin/pages/accounts.php
+++ b/admin/pages/accounts.php
@@ -26,7 +26,6 @@ if (setting('core.account_country'))
 $nameOrNumberColumn = getAccountIdentityColumn();
 $hasSecretColumn = $db->hasColumn('accounts', 'secret');
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $hasTypeColumn = $db->hasColumn('accounts', 'type');
 $hasGroupColumn = $db->hasColumn('accounts', 'group_id');
@@ -136,11 +135,18 @@ else if (isset($_REQUEST['search'])) {
 			if (!Validator::email($email))
 				$errors['email'] = Validator::getLastError();
-			//tibia coins
+			// tibia coins
-			if ($hasCoinsColumn) {
+			if (HAS_ACCOUNT_COINS) {
 				$t_coins = $_POST['t_coins'];
 				verify_number($t_coins, 'Tibia coins', 12);
 			}
 			// transferable tibia coins
 			if (HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS) {
 				$t_coins_transferable = $_POST['t_coins_transferable'];
 				verify_number($t_coins_transferable, 'Transferable Tibia coins', 12);
 			}
 			// prem days
 			$p_days = (int)$_POST['p_days'];
 			verify_number($p_days, 'Prem days', 11);
@@ -185,12 +191,18 @@ else if (isset($_REQUEST['search'])) {
 				if ($hasSecretColumn) {
 					$account->setCustomField('secret', $secret);
 				}
 				$account->setCustomField('key', $key);
 				$account->setEMail($email);
-				if ($hasCoinsColumn) {
+
 				if (HAS_ACCOUNT_COINS) {
 					$account->setCustomField('coins', $t_coins);
 				}
 				if (HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS) {
 					$account->setCustomField(ACCOUNT_COINS_TRANSFERABLE_COLUMN, $t_coins_transferable);
 				}
 				$lastDay = 0;
 				if($p_days != 0 && $p_days != OTS_Account::GRATIS_PREMIUM_DAYS) {
 					$lastDay = time();
@@ -223,9 +235,6 @@ else if (isset($_REQUEST['search'])) {
 					$password = encrypt($password);
 					$account->setPassword($password);
 					if (USE_ACCOUNT_SALT)
 						$account->setCustomField('salt', $salt);
 				}
 				$account->save();
@@ -395,12 +404,18 @@ else if (isset($_REQUEST['search'])) {
 										<label for="email">Email:</label><?php echo (setting('core.mail_enabled') ? ' (<a href="' . ADMIN_URL . '?p=mailer&mail_to=' . $account->getEMail() . '">Send Mail</a>)' : ''); ?>
 										<input type="text" class="form-control" id="email" name="email" autocomplete="off" value="<?php echo $account->getEMail(); ?>"/>
 									</div>
-									<?php if ($hasCoinsColumn): ?>
+									<?php if (HAS_ACCOUNT_COINS): ?>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="t_coins">Tibia Coins:</label>
 											<input type="text" class="form-control" id="t_coins" name="t_coins" autocomplete="off" maxlength="11" value="<?php echo $account->getCustomField('coins') ?>"/>
 										</div>
 									<?php endif; ?>
 									<?php if (HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS): ?>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="t_coins_transferable">Transferable Tibia Coins:</label>
 											<input type="text" class="form-control" id="t_coins_transferable" name="t_coins_transferable" autocomplete="off" maxlength="11" value="<?php echo $account->getCustomField(ACCOUNT_COINS_TRANSFERABLE_COLUMN) ?>"/>
 										</div>
 									<?php endif; ?>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="p_days">Premium Days:</label>
 										<input type="text" class="form-control" id="p_days" name="p_days" autocomplete="off" maxlength="11" value="<?php echo $account->getPremDays(); ?>"/>
--- a/admin/pages/clmd.php
+++ b/admin/pages/clmd.php
@@ -11,12 +11,12 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'MyAAC Changelog';
-if (!file_exists(BASE . 'CHANGELOG.md')) {
+if (!file_exists(BASE . 'CHANGELOG-1.x.md')) {
 	echo 'File CHANGELOG.md doesn\'t exist.';
 	return;
 }
-$changelog = file_get_contents(BASE . 'CHANGELOG.md');
+$changelog = file_get_contents(BASE . 'CHANGELOG-1.x.md');
 $Parsedown = new Parsedown();
--- a/admin/pages/mailer.php
+++ b/admin/pages/mailer.php
@@ -25,9 +25,10 @@ if (!setting('core.mail_enabled')) {
 	return;
 }
-$mail_to = isset($_POST['mail_to']) ? stripslashes(trim($_POST['mail_to'])) : null;
+$mail_to = isset($_REQUEST['mail_to']) ? stripslashes(trim($_REQUEST['mail_to'])) : null;
 $mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : null;
 $mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : null;
 $mail_verified_only = $_POST['mail_verified_only'] ?? false;
 if (isset($_POST['submit'])) {
 	if (empty($mail_subject)) {
@@ -58,14 +59,14 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
 	$success = 0;
 	$failed = 0;
-	$add = '';
+	$query = Account::where('email', '!=', '');
-	if (setting('core.account_mail_verify')) {
+
-		note('Note: Sending only to users with verified E-Mail.');
+	if ($mail_verified_only) {
-		$add = ' AND `email_verified` = 1';
+		info('Note: Sending only to users with verified E-Mail.');
 		$query->where('email_verified', 1);
 	}
-	$query = Account::where('email', '!=', '')->get(['email']);
+	foreach ($query->get(['email']) as $email) {
 	foreach ($query as $email) {
 		if (_mail($email->email, $mail_subject, $mail_content)) {
 			$success++;
 		}
@@ -84,5 +85,6 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
 $twig->display('admin.mailer.html.twig', [
 	'mail_to' => $mail_to,
 	'mail_subject' => $mail_subject,
-	'mail_content' => $mail_content
+	'mail_content' => $mail_content,
 	'mail_verified_only' => $mail_verified_only,
 ]);
--- a/admin/pages/mass_account.php
+++ b/admin/pages/mass_account.php
@@ -18,7 +18,6 @@ $title = 'Mass Account Actions';
 csrfProtect();
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $freePremium = $config['lua']['freePremium'];
@@ -40,9 +39,7 @@ function admin_give_points($points)
 function admin_give_coins($coins)
 {
-	global $hasCoinsColumn;
+	if (!HAS_ACCOUNT_COINS) {
 	if (!$hasCoinsColumn) {
 		displayMessage('Coins not supported.');
 		return;
 	}
@@ -167,19 +164,19 @@ if (!empty(ACTION) && isRequestMethod('post')) {
 }
 else {
 	$twig->display('admin.tools.account.html.twig', array(
-		'hasCoinsColumn' => $hasCoinsColumn,
+		'hasCoinsColumn' => HAS_ACCOUNT_COINS,
 		'hasPointsColumn' => $hasPointsColumn,
 		'freePremium' => $freePremium,
 	));
 }
 function displayMessage($message, $success = false) {
-	global $twig, $hasCoinsColumn, $hasPointsColumn, $freePremium;
+	global $twig, $hasPointsColumn, $freePremium;
 	$success ? success($message): error($message);
 	$twig->display('admin.tools.account.html.twig', array(
-		'hasCoinsColumn' => $hasCoinsColumn,
+		'hasCoinsColumn' => HAS_ACCOUNT_COINS,
 		'hasPointsColumn' => $hasPointsColumn,
 		'freePremium' => $freePremium,
 	));
--- a/admin/pages/modules/balance.php
+++ b/admin/pages/modules/balance.php
@@ -7,7 +7,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 $balance = 0;
 if ($db->hasColumn('players', 'balance')) {
-	$balance = Player::orderByDesc('balance')->limit(10)->get(['balance', 'id','name', 'level'])->toArray();
+	$balance = Player::orderByDesc('balance')->limit(10)->get(['id', 'name', 'balance'])->toArray();
 }
 $twig->display('balance.html.twig', array(
--- a/admin/pages/modules/coins.php
+++ b/admin/pages/modules/coins.php
@@ -6,8 +6,13 @@ defined('MYAAC') or die('Direct access not allowed!');
 $coins = 0;
-if ($db->hasColumn('accounts', 'coins')) {
+if (HAS_ACCOUNT_COINS) {
-	$coins = Account::orderByDesc('coins')->limit(10)->get(['coins', (USE_ACCOUNT_NAME ? 'name' : 'id')])->toArray();
+	$whatToGet = ['id', 'coins'];
 	if (USE_ACCOUNT_NAME) {
 		$whatToGet[] = 'name';
 	}
 	$coins = Account::orderByDesc('coins')->limit(10)->get($whatToGet)->toArray();
 }
 $twig->display('coins.html.twig', array(
--- a/admin/pages/modules/lastlogin.php
+++ b/admin/pages/modules/lastlogin.php
@@ -7,7 +7,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 $players = 0;
 if ($db->hasColumn('players', 'lastlogin')) {
-	$players = Player::orderByDesc('lastlogin')->limit(10)->get(['name', 'level', 'lastlogin'])->toArray();
+	$players = Player::orderByDesc('lastlogin')->limit(10)->get(['id', 'name', 'level', 'lastlogin'])->toArray();
 }
 $twig->display('lastlogin.html.twig', array(
--- a/admin/pages/modules/templates/balance.html.twig
+++ b/admin/pages/modules/templates/balance.html.twig
@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=players&id={{ result.id }}">{{ result.name }}</a></td>
 							<td>{{ result.balance }}</td>
 						</tr>
 					{% endfor %}
--- a/admin/pages/modules/templates/coins.html.twig
+++ b/admin/pages/modules/templates/coins.html.twig
@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=accounts&id={{ result.id }}">{{ result.name ?? result.id }}</a></td>
 							<td>{{ result.coins }}</td>
 						</tr>
 					{% endfor %}
--- a/admin/pages/modules/templates/lastlogin.html.twig
+++ b/admin/pages/modules/templates/lastlogin.html.twig
@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=players&id={{ result.id }}">{{ result.name }}</a></td>
 							<td>{{ result.lastlogin|date("M d Y, H:i:s") }}</td>
 						</tr>
 					{% endfor %}
--- a/admin/pages/modules/templates/points.html.twig
+++ b/admin/pages/modules/templates/points.html.twig
@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
+							<td><a href="?p=accounts&id={{ result.id }}">{{ result.name }}</a></td>
 							<td>{{ result.premium_points }}</td>
 						</tr>
 					{% endfor %}
--- a/admin/pages/players.php
+++ b/admin/pages/players.php
@@ -669,11 +669,17 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="lastip" class="control-label">Last IP:</label>
 										<input type="text" class="form-control" id="lastip" name="lastip" autocomplete="off" maxlength="10" value="<?php
-										if (strlen($player->getLastIP()) > 11) {
+										$lastIPColumnInfo = $db->getColumnInfo('players', 'lastip');
-											echo inet_ntop($player->getLastIP());
+										if ($lastIPColumnInfo && is_array($lastIPColumnInfo)) {
 											if (str_contains($lastIPColumnInfo['type'], 'varbinary')) {
 												echo inet_ntop($player->getLastIP());
 											}
 											else {
 												echo longToIp($player->getLastIP());
 											}
 										}
 										else {
-											echo longToIp($player->getLastIP());
+											echo 'Error';
 										}
 										?>" readonly/>
 									</div>
--- a/admin/pages/plugins.php
+++ b/admin/pages/plugins.php
@@ -17,7 +17,7 @@ csrfProtect();
 $use_datatable = true;
-if (!getBoolean(setting('core.admin_plugins_manage_enable'))) {
+if (!setting('core.admin_plugins_manage_enable')) {
 	warning('Plugin installation and management is disabled in Settings.<br/>If you wish to enable, go to Settings and enable <strong>Enable Plugins Manage</strong>.');
 }
 else {
@@ -51,6 +51,56 @@ else {
 		} else {
 			error('Error while disabling plugin ' . $disable . ': ' . Plugins::getError());
 		}
 	}
 	else if (isset($_GET['check-updates'])) {
 		$repoUri = $config['admin_plugins_api_uri'] ?? 'https://plugins.my-aac.org/api/';
 		success("Fetching latest info from $repoUri..");
 		$adminPlugins = new \MyAAC\Admin\Plugins();
 		$adminPlugins->setApiBaseUri($repoUri);
 		try {
 			$plugins = $adminPlugins->getLatestVersions();
 		}
 		catch (Exception $e) {
 			error($e->getMessage());
 		}
 		if (isset($plugins) && count($plugins) > 0) {
 			$outdated = [];
 			foreach (get_plugins(true) as $plugin) {
 				$string = file_get_contents(BASE . 'plugins/' . $plugin . '.json');
 				$plugin_info = json_decode($string, true);
 				if (!$plugin_info) {
 					continue;
 				}
 				$disabled = (str_contains($plugin, 'disabled.'));
 				$pluginOriginal = ($disabled ? str_replace('disabled.', '', $plugin) : $plugin);
 				$info = $plugins[$pluginOriginal] ?? false;
 				if ($info && version_compare($info['version'], $plugin_info['version'], '>')) {
 					$outdated[] = [
 						'name' => $pluginOriginal,
 						'yourVersion' => $plugin_info['version'],
 						'latestVersion' => $info['version'],
 						'link' => $info['link'] ?? 'Unknown',
 						'download_link' => $info['download_link'] ?? 'Unknown',
 					];
 				}
 			}
 			if (count($outdated) > 0) {
 				info('Following updates have been found for your plugins:');
 				$twig->display('admin.plugins.outdated.html.twig', ['plugins' => $outdated]);
 			}
 			else {
 				success('All plugins up to date!');
 			}
 		}
 	} else if (isset($_FILES['plugin']['name'])) {
 		$file = $_FILES['plugin'];
 		$filename = $file['name'];
--- a/admin/pages/visitors.php
+++ b/admin/pages/visitors.php
@@ -19,8 +19,7 @@ $use_datatable = true;
 if (!setting('core.visitors_counter')): ?>
 	Visitors counter is disabled.<br/>
-	You can enable it by editing this configurable in <b>config.local.php</b> file:<br/>
+	You can enable it in Settings -> General -> Visitors Counter.<br/>
 	<p style="margin-left: 3em;"><b>$config['visitors_counter'] = true;</b></p>
 	<?php
 	return;
 endif;
@@ -46,7 +45,7 @@ foreach ($tmp as &$visitor) {
 		if ($dd->isBot()) {
 			$bot = $dd->getBot();
 			$message = '(Bot) %s, <a href="%s" target="_blank">%s</a>';
-			$browser = sprintf($message, $bot['category'], $bot['url'], $bot['name']);
+			$browser = sprintf($message, $bot['category'] ?? 'Unknown', $bot['url'] ?? '', $bot['name'] ?? 'Unknown name');
 		}
 		else {
 			$osFamily = OperatingSystem::getOsFamily($dd->getOs('name'));
--- a/admin/tools/settings_save.php
+++ b/admin/tools/settings_save.php
@@ -1,6 +1,5 @@
 <?php
 use MyAAC\Hooks;
 use MyAAC\Settings;
 const MYAAC_ADMIN = true;
--- a/common.php
+++ b/common.php
@@ -26,8 +26,8 @@
 if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
 const MYAAC = true;
-const MYAAC_VERSION = '1.3.1';
+const MYAAC_VERSION = '1.8.3-dev';
-const DATABASE_VERSION = 43;
+const DATABASE_VERSION = 45;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
@@ -122,38 +122,30 @@ if (!IS_CLI) {
 	session_start();
 }
 // basedir
 $basedir = '';
 $tmp = explode('/', $_SERVER['SCRIPT_NAME']);
 $size = count($tmp) - 1;
 for($i = 1; $i < $size; $i++)
 	$basedir .= '/' . $tmp[$i];
 $basedir = str_replace(['/' . ADMIN_PANEL_FOLDER, '/install', '/tools'], '', $basedir);
 define('BASE_DIR', $basedir);
 if(!IS_CLI) {
 	if (isset($_SERVER['HTTP_HOST'][0])) {
 		$baseHost = $_SERVER['HTTP_HOST'];
 	} else {
 		if (isset($_SERVER['SERVER_NAME'][0])) {
 			$baseHost = $_SERVER['SERVER_NAME'];
 		} else {
 			$baseHost = $_SERVER['SERVER_ADDR'];
 		}
 	}
 	define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
 	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
 	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
 	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
 }
 if (file_exists(BASE . 'config.local.php')) {
 	require BASE . 'config.local.php';
 }
 require SYSTEM . 'base.php';
 define('BASE_DIR', $baseDir);
 if(!IS_CLI) {
 	if (isset($config['site_url'])) {
 		$hasSlashAtEnd = ($config['site_url'][strlen($config['site_url']) - 1] == '/');
 		define('SERVER_URL', $config['site_url']);
 		define('BASE_URL', SERVER_URL . ($hasSlashAtEnd ? '' : '/'));
 		define('ADMIN_URL', SERVER_URL . ($hasSlashAtEnd ? '' : '/') . ADMIN_PANEL_FOLDER . '/');
 	}
 	else {
 		define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
 		define('BASE_URL', SERVER_URL . BASE_DIR . '/');
 		define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
 		//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
 	}
 }
 /** @var array $config */
 ini_set('log_errors', 1);
 if(@$config['env'] === 'dev' || defined('MYAAC_INSTALL')) {
--- a/composer.json
+++ b/composer.json
@@ -18,7 +18,8 @@
        "symfony/string": "^6.4",
        "symfony/var-dumper": "^6.4",
        "filp/whoops": "^2.15",
-        "maximebf/debugbar": "1.*"
+        "maximebf/debugbar": "1.*",
        "guzzlehttp/guzzle": "7.9.3"
    },
    "require-dev": {
        "phpstan/phpstan": "^1.10"
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "be4d1489a53a9cd8eec6bcaa7a096f30",
+    "content-hash": "5317e97a5025ebc2a977214bd3fa964c",
    "packages": [
        {
            "name": "brick/math",
@@ -493,6 +493,331 @@
            ],
            "time": "2024-09-25T12:00:00+00:00"
        },
        {
            "name": "guzzlehttp/guzzle",
            "version": "7.9.3",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/guzzle.git",
                "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
                "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
                "shasum": ""
            },
            "require": {
                "ext-json": "*",
                "guzzlehttp/promises": "^1.5.3 || ^2.0.3",
                "guzzlehttp/psr7": "^2.7.0",
                "php": "^7.2.5 || ^8.0",
                "psr/http-client": "^1.0",
                "symfony/deprecation-contracts": "^2.2 || ^3.0"
            },
            "provide": {
                "psr/http-client-implementation": "1.0"
            },
            "require-dev": {
                "bamarni/composer-bin-plugin": "^1.8.2",
                "ext-curl": "*",
                "guzzle/client-integration-tests": "3.0.2",
                "php-http/message-factory": "^1.1",
                "phpunit/phpunit": "^8.5.39 || ^9.6.20",
                "psr/log": "^1.1 || ^2.0 || ^3.0"
            },
            "suggest": {
                "ext-curl": "Required for CURL handler support",
                "ext-intl": "Required for Internationalized Domain Name (IDN) support",
                "psr/log": "Required for using the Log middleware"
            },
            "type": "library",
            "extra": {
                "bamarni-bin": {
                    "bin-links": true,
                    "forward-command": false
                }
            },
            "autoload": {
                "files": [
                    "src/functions_include.php"
                ],
                "psr-4": {
                    "GuzzleHttp\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Graham Campbell",
                    "email": "hello@gjcampbell.co.uk",
                    "homepage": "https://github.com/GrahamCampbell"
                },
                {
                    "name": "Michael Dowling",
                    "email": "mtdowling@gmail.com",
                    "homepage": "https://github.com/mtdowling"
                },
                {
                    "name": "Jeremy Lindblom",
                    "email": "jeremeamia@gmail.com",
                    "homepage": "https://github.com/jeremeamia"
                },
                {
                    "name": "George Mponos",
                    "email": "gmponos@gmail.com",
                    "homepage": "https://github.com/gmponos"
                },
                {
                    "name": "Tobias Nyholm",
                    "email": "tobias.nyholm@gmail.com",
                    "homepage": "https://github.com/Nyholm"
                },
                {
                    "name": "Márk Sági-Kazár",
                    "email": "mark.sagikazar@gmail.com",
                    "homepage": "https://github.com/sagikazarmark"
                },
                {
                    "name": "Tobias Schultze",
                    "email": "webmaster@tubo-world.de",
                    "homepage": "https://github.com/Tobion"
                }
            ],
            "description": "Guzzle is a PHP HTTP client library",
            "keywords": [
                "client",
                "curl",
                "framework",
                "http",
                "http client",
                "psr-18",
                "psr-7",
                "rest",
                "web service"
            ],
            "support": {
                "issues": "https://github.com/guzzle/guzzle/issues",
                "source": "https://github.com/guzzle/guzzle/tree/7.9.3"
            },
            "funding": [
                {
                    "url": "https://github.com/GrahamCampbell",
                    "type": "github"
                },
                {
                    "url": "https://github.com/Nyholm",
                    "type": "github"
                },
                {
                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/guzzle",
                    "type": "tidelift"
                }
            ],
            "time": "2025-03-27T13:37:11+00:00"
        },
        {
            "name": "guzzlehttp/promises",
            "version": "2.2.0",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/promises.git",
                "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/guzzle/promises/zipball/7c69f28996b0a6920945dd20b3857e499d9ca96c",
                "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c",
                "shasum": ""
            },
            "require": {
                "php": "^7.2.5 || ^8.0"
            },
            "require-dev": {
                "bamarni/composer-bin-plugin": "^1.8.2",
                "phpunit/phpunit": "^8.5.39 || ^9.6.20"
            },
            "type": "library",
            "extra": {
                "bamarni-bin": {
                    "bin-links": true,
                    "forward-command": false
                }
            },
            "autoload": {
                "psr-4": {
                    "GuzzleHttp\\Promise\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Graham Campbell",
                    "email": "hello@gjcampbell.co.uk",
                    "homepage": "https://github.com/GrahamCampbell"
                },
                {
                    "name": "Michael Dowling",
                    "email": "mtdowling@gmail.com",
                    "homepage": "https://github.com/mtdowling"
                },
                {
                    "name": "Tobias Nyholm",
                    "email": "tobias.nyholm@gmail.com",
                    "homepage": "https://github.com/Nyholm"
                },
                {
                    "name": "Tobias Schultze",
                    "email": "webmaster@tubo-world.de",
                    "homepage": "https://github.com/Tobion"
                }
            ],
            "description": "Guzzle promises library",
            "keywords": [
                "promise"
            ],
            "support": {
                "issues": "https://github.com/guzzle/promises/issues",
                "source": "https://github.com/guzzle/promises/tree/2.2.0"
            },
            "funding": [
                {
                    "url": "https://github.com/GrahamCampbell",
                    "type": "github"
                },
                {
                    "url": "https://github.com/Nyholm",
                    "type": "github"
                },
                {
                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/promises",
                    "type": "tidelift"
                }
            ],
            "time": "2025-03-27T13:27:01+00:00"
        },
        {
            "name": "guzzlehttp/psr7",
            "version": "2.7.1",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/psr7.git",
                "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/guzzle/psr7/zipball/c2270caaabe631b3b44c85f99e5a04bbb8060d16",
                "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16",
                "shasum": ""
            },
            "require": {
                "php": "^7.2.5 || ^8.0",
                "psr/http-factory": "^1.0",
                "psr/http-message": "^1.1 || ^2.0",
                "ralouphie/getallheaders": "^3.0"
            },
            "provide": {
                "psr/http-factory-implementation": "1.0",
                "psr/http-message-implementation": "1.0"
            },
            "require-dev": {
                "bamarni/composer-bin-plugin": "^1.8.2",
                "http-interop/http-factory-tests": "0.9.0",
                "phpunit/phpunit": "^8.5.39 || ^9.6.20"
            },
            "suggest": {
                "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
            },
            "type": "library",
            "extra": {
                "bamarni-bin": {
                    "bin-links": true,
                    "forward-command": false
                }
            },
            "autoload": {
                "psr-4": {
                    "GuzzleHttp\\Psr7\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Graham Campbell",
                    "email": "hello@gjcampbell.co.uk",
                    "homepage": "https://github.com/GrahamCampbell"
                },
                {
                    "name": "Michael Dowling",
                    "email": "mtdowling@gmail.com",
                    "homepage": "https://github.com/mtdowling"
                },
                {
                    "name": "George Mponos",
                    "email": "gmponos@gmail.com",
                    "homepage": "https://github.com/gmponos"
                },
                {
                    "name": "Tobias Nyholm",
                    "email": "tobias.nyholm@gmail.com",
                    "homepage": "https://github.com/Nyholm"
                },
                {
                    "name": "Márk Sági-Kazár",
                    "email": "mark.sagikazar@gmail.com",
                    "homepage": "https://github.com/sagikazarmark"
                },
                {
                    "name": "Tobias Schultze",
                    "email": "webmaster@tubo-world.de",
                    "homepage": "https://github.com/Tobion"
                },
                {
                    "name": "Márk Sági-Kazár",
                    "email": "mark.sagikazar@gmail.com",
                    "homepage": "https://sagikazarmark.hu"
                }
            ],
            "description": "PSR-7 message implementation that also provides common utility methods",
            "keywords": [
                "http",
                "message",
                "psr-7",
                "request",
                "response",
                "stream",
                "uri",
                "url"
            ],
            "support": {
                "issues": "https://github.com/guzzle/psr7/issues",
                "source": "https://github.com/guzzle/psr7/tree/2.7.1"
            },
            "funding": [
                {
                    "url": "https://github.com/GrahamCampbell",
                    "type": "github"
                },
                {
                    "url": "https://github.com/Nyholm",
                    "type": "github"
                },
                {
                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/psr7",
                    "type": "tidelift"
                }
            ],
            "time": "2025-03-27T12:30:47+00:00"
        },
        {
            "name": "illuminate/collections",
            "version": "v10.48.25",
@@ -1472,6 +1797,166 @@
            },
            "time": "2021-11-05T16:47:00+00:00"
        },
        {
            "name": "psr/http-client",
            "version": "1.0.3",
            "source": {
                "type": "git",
                "url": "https://github.com/php-fig/http-client.git",
                "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/php-fig/http-client/zipball/bb5906edc1c324c9a05aa0873d40117941e5fa90",
                "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90",
                "shasum": ""
            },
            "require": {
                "php": "^7.0 || ^8.0",
                "psr/http-message": "^1.0 || ^2.0"
            },
            "type": "library",
            "extra": {
                "branch-alias": {
                    "dev-master": "1.0.x-dev"
                }
            },
            "autoload": {
                "psr-4": {
                    "Psr\\Http\\Client\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "PHP-FIG",
                    "homepage": "https://www.php-fig.org/"
                }
            ],
            "description": "Common interface for HTTP clients",
            "homepage": "https://github.com/php-fig/http-client",
            "keywords": [
                "http",
                "http-client",
                "psr",
                "psr-18"
            ],
            "support": {
                "source": "https://github.com/php-fig/http-client"
            },
            "time": "2023-09-23T14:17:50+00:00"
        },
        {
            "name": "psr/http-factory",
            "version": "1.1.0",
            "source": {
                "type": "git",
                "url": "https://github.com/php-fig/http-factory.git",
                "reference": "2b4765fddfe3b508ac62f829e852b1501d3f6e8a"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/php-fig/http-factory/zipball/2b4765fddfe3b508ac62f829e852b1501d3f6e8a",
                "reference": "2b4765fddfe3b508ac62f829e852b1501d3f6e8a",
                "shasum": ""
            },
            "require": {
                "php": ">=7.1",
                "psr/http-message": "^1.0 || ^2.0"
            },
            "type": "library",
            "extra": {
                "branch-alias": {
                    "dev-master": "1.0.x-dev"
                }
            },
            "autoload": {
                "psr-4": {
                    "Psr\\Http\\Message\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "PHP-FIG",
                    "homepage": "https://www.php-fig.org/"
                }
            ],
            "description": "PSR-17: Common interfaces for PSR-7 HTTP message factories",
            "keywords": [
                "factory",
                "http",
                "message",
                "psr",
                "psr-17",
                "psr-7",
                "request",
                "response"
            ],
            "support": {
                "source": "https://github.com/php-fig/http-factory"
            },
            "time": "2024-04-15T12:06:14+00:00"
        },
        {
            "name": "psr/http-message",
            "version": "2.0",
            "source": {
                "type": "git",
                "url": "https://github.com/php-fig/http-message.git",
                "reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/php-fig/http-message/zipball/402d35bcb92c70c026d1a6a9883f06b2ead23d71",
                "reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71",
                "shasum": ""
            },
            "require": {
                "php": "^7.2 || ^8.0"
            },
            "type": "library",
            "extra": {
                "branch-alias": {
                    "dev-master": "2.0.x-dev"
                }
            },
            "autoload": {
                "psr-4": {
                    "Psr\\Http\\Message\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "PHP-FIG",
                    "homepage": "https://www.php-fig.org/"
                }
            ],
            "description": "Common interface for HTTP messages",
            "homepage": "https://github.com/php-fig/http-message",
            "keywords": [
                "http",
                "http-message",
                "psr",
                "psr-7",
                "request",
                "response"
            ],
            "support": {
                "source": "https://github.com/php-fig/http-message/tree/2.0"
            },
            "time": "2023-04-04T09:54:51+00:00"
        },
        {
            "name": "psr/log",
            "version": "3.0.2",
@@ -1573,6 +2058,50 @@
            },
            "time": "2021-10-29T13:26:27+00:00"
        },
        {
            "name": "ralouphie/getallheaders",
            "version": "3.0.3",
            "source": {
                "type": "git",
                "url": "https://github.com/ralouphie/getallheaders.git",
                "reference": "120b605dfeb996808c31b6477290a714d356e822"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/ralouphie/getallheaders/zipball/120b605dfeb996808c31b6477290a714d356e822",
                "reference": "120b605dfeb996808c31b6477290a714d356e822",
                "shasum": ""
            },
            "require": {
                "php": ">=5.6"
            },
            "require-dev": {
                "php-coveralls/php-coveralls": "^2.1",
                "phpunit/phpunit": "^5 || ^6.5"
            },
            "type": "library",
            "autoload": {
                "files": [
                    "src/getallheaders.php"
                ]
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Ralph Khattar",
                    "email": "ralph.khattar@gmail.com"
                }
            ],
            "description": "A polyfill for getallheaders.",
            "support": {
                "issues": "https://github.com/ralouphie/getallheaders/issues",
                "source": "https://github.com/ralouphie/getallheaders/tree/develop"
            },
            "time": "2019-03-08T08:55:37+00:00"
        },
        {
            "name": "symfony/console",
            "version": "v6.4.17",
@@ -2910,7 +3439,7 @@
    ],
    "aliases": [],
    "minimum-stability": "stable",
-    "stability-flags": [],
+    "stability-flags": {},
    "prefer-stable": false,
    "prefer-lowest": false,
    "platform": {
@@ -2921,6 +3450,6 @@
        "ext-xml": "*",
        "ext-dom": "*"
    },
-    "platform-dev": [],
+    "platform-dev": {},
-    "plugin-api-version": "2.3.0"
+    "plugin-api-version": "2.6.0"
 }
--- a/cypress/e2e/3-check-public-pages.cy.js
+++ b/cypress/e2e/3-check-public-pages.cy.js
@@ -17,7 +17,7 @@ describe('Check Public Pages', () => {
 	it('Go to changelog page', () => {
 		cy.visit({
-			url: Cypress.env('URL') + '/changelog',
+			url: Cypress.env('URL') + '/change-log',
 			method: 'GET',
 		})
 	})
@@ -132,7 +132,7 @@ describe('Check Public Pages', () => {
 	it('Go to server info page', () => {
 		cy.visit({
-			url: Cypress.env('URL') + '/server-info',
+			url: Cypress.env('URL') + '/ots-info',
 			method: 'GET',
 		})
 	})
--- a/images/order_asc.gif
+++ b/images/order_asc.gif
--- a/images/order_desc.gif
+++ b/images/order_desc.gif
--- a/index.php
+++ b/index.php
@@ -31,11 +31,11 @@ require_once 'common.php';
 require_once SYSTEM . 'functions.php';
 $uri = $_SERVER['REQUEST_URI'];
-if(false !== strpos($uri, 'index.php')) {
+if(str_contains($uri, 'index.php')) {
 	$uri = str_replace_first('/index.php', '', $uri);
 }
-if(0 === strpos($uri, '/')) {
+if(str_starts_with($uri, '/')) {
 	$uri = str_replace_first('/', '', $uri);
 }
@@ -93,6 +93,7 @@ if(setting('core.backward_support')) {
 	if($logged && $account_logged)
 		$group_id_of_acc_logged = $account_logged->getGroupId();
 	$config['serverPath'] = $config['server_path'];
 	$config['site'] = &$config;
 	$config['server'] = &$config['lua'];
 	$config['site']['shop_system'] = setting('core.gifts_system');
@@ -117,6 +118,14 @@ if(setting('core.backward_support')) {
 		$config['status']['serverStatus_' . $key] = $value;
 }
 if(setting('core.views_counter')) {
 	require_once SYSTEM . 'counter.php';
 }
 if(setting('core.visitors_counter')) {
 	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
 }
 require_once SYSTEM . 'router.php';
 // anonymous usage statistics
@@ -153,21 +162,6 @@ if(setting('core.anonymous_usage_statistics')) {
 	}
 }
 if(setting('core.views_counter'))
 	require_once SYSTEM . 'counter.php';
 if(setting('core.visitors_counter')) {
 	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
 }
 /**
 * @var OTS_Account $account_logged
 */
 if ($logged && admin()) {
 	$content .= $twig->render('admin-bar.html.twig', [
 		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
 	]);
 }
 $title_full =  (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];
 require $template_path . '/' . $template_index;
--- a/install/includes/config.php
+++ b/install/includes/config.php
@@ -26,6 +26,9 @@ if(!isset($error) || !$error) {
 		$config['database_type'] = $config['lua']['database_type'];
 	else if(isset($config['lua']['sql_type'])) // otserv
 		$config['database_type'] = $config['lua']['sql_type'];
 	else {
 		$config['database_type'] = '';
 	}
 	$config['database_type'] = strtolower($config['database_type']);
 	if(empty($config['database_type'])) {
--- a/install/includes/schema.sql
+++ b/install/includes/schema.sql
@@ -1,35 +1,35 @@
-SET @myaac_database_version = 43;
+SET @myaac_database_version = 45;
 CREATE TABLE `myaac_account_actions`
 (
-	`account_id` INT(11) NOT NULL,
+	`account_id` int NOT NULL,
-	`ip` INT(10) UNSIGNED NOT NULL DEFAULT 0,
+	`ip` int unsigned NOT NULL DEFAULT 0,
-	`ipv6` BINARY(16) NOT NULL DEFAULT 0,
+	`ipv6` binary(16) NOT NULL DEFAULT 0,
-	`date` INT(11) NOT NULL DEFAULT 0,
+	`date` int NOT NULL DEFAULT 0,
-	`action` VARCHAR(255) NOT NULL DEFAULT '',
+	`action` varchar(255) NOT NULL DEFAULT '',
 	KEY (`account_id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_admin_menu`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(255) NOT NULL DEFAULT '',
+	`name` varchar(255) NOT NULL DEFAULT '',
-	`page` VARCHAR(255) NOT NULL DEFAULT '',
+	`page` varchar(255) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`ordering` int NOT NULL DEFAULT 0,
-	`flags` INT(11) NOT NULL DEFAULT 0,
+	`flags` int NOT NULL DEFAULT 0,
-	`enabled` INT(1) NOT NULL DEFAULT 1,
+	`enabled` int NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_changelog`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`body` VARCHAR(500) NOT NULL DEFAULT '',
+	`body` varchar(500) NOT NULL DEFAULT '',
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - added, 2 - removed, 3 - changed, 4 - fixed',
+	`type` tinyint NOT NULL DEFAULT 0 COMMENT '1 - added, 2 - removed, 3 - changed, 4 - fixed',
-	`where` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - server, 2 - site',
+	`where` tinyint NOT NULL DEFAULT 0 COMMENT '1 - server, 2 - site',
-	`date` INT(11) NOT NULL DEFAULT 0,
+	`date` int NOT NULL DEFAULT 0,
-	`player_id` INT(11) NOT NULL DEFAULT 0,
+	`player_id` int NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
@@ -37,9 +37,9 @@ INSERT INTO `myaac_changelog` (`id`, `type`, `where`, `date`, `body`, `hide`) VA
 CREATE TABLE `myaac_config`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(30) NOT NULL,
+	`name` varchar(30) NOT NULL,
-	`value` VARCHAR(1000) NOT NULL,
+	`value` varchar(1000) NOT NULL,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
@@ -48,24 +48,24 @@ INSERT INTO `myaac_config` (`name`, `value`) VALUES ('database_version', @myaac_
 CREATE TABLE `myaac_faq`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`question` VARCHAR(255) NOT NULL DEFAULT '',
+	`question` varchar(255) NOT NULL DEFAULT '',
-	`answer` VARCHAR(1020) NOT NULL DEFAULT '',
+	`answer` varchar(1020) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`ordering` int NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_forum_boards`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(32) NOT NULL,
+	`name` varchar(32) NOT NULL,
-	`description` VARCHAR(255) NOT NULL DEFAULT '',
+	`description` varchar(255) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`ordering` int NOT NULL DEFAULT 0,
-	`guild` INT(11) NOT NULL DEFAULT 0,
+	`guild` int NOT NULL DEFAULT 0,
-	`access` INT(11) NOT NULL DEFAULT 0,
+	`access` int NOT NULL DEFAULT 0,
-	`closed` TINYINT(1) NOT NULL DEFAULT 0,
+	`closed` tinyint NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`, `closed`) VALUES (NULL, 'News', 'News commenting', 0, 1);
@@ -76,100 +76,100 @@ INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`) VALUE
 CREATE TABLE `myaac_forum`
 (
-	`id` int(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`first_post` int(11) NOT NULL default '0',
+	`first_post` int NOT NULL DEFAULT 0,
-	`last_post` int(11) NOT NULL default '0',
+	`last_post` int NOT NULL DEFAULT 0,
-	`section` int(3) NOT NULL default '0',
+	`section` int NOT NULL DEFAULT 0,
-	`replies` int(20) NOT NULL default '0',
+	`replies` int NOT NULL DEFAULT 0,
-	`views` int(20) NOT NULL default '0',
+	`views` int NOT NULL DEFAULT 0,
-	`author_aid` int(20) NOT NULL default '0',
+	`author_aid` int NOT NULL DEFAULT 0,
-	`author_guid` int(20) NOT NULL default '0',
+	`author_guid` int NOT NULL DEFAULT 0,
 	`post_text` text NOT NULL,
 	`post_topic` varchar(255) NOT NULL DEFAULT '',
-	`post_smile` tinyint(1) NOT NULL default '0',
+	`post_smile` tinyint NOT NULL DEFAULT 0,
-	`post_html` tinyint(1) NOT NULL default '0',
+	`post_html` tinyint NOT NULL DEFAULT 0,
-	`post_date` int(20) NOT NULL default '0',
+	`post_date` int NOT NULL DEFAULT 0,
-	`last_edit_aid` int(20) NOT NULL default '0',
+	`last_edit_aid` int NOT NULL DEFAULT 0,
-	`edit_date` int(20) NOT NULL default '0',
+	`edit_date` int NOT NULL DEFAULT 0,
-	`post_ip` varchar(45) NOT NULL default '0.0.0.0',
+	`post_ip` varchar(45) NOT NULL DEFAULT '0.0.0.0',
-	`sticked` tinyint(1) NOT NULL DEFAULT '0',
+	`sticked` tinyint NOT NULL DEFAULT 0,
-	`closed` tinyint(1) NOT NULL DEFAULT '0',
+	`closed` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	KEY `section` (`section`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_menu`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`template` VARCHAR(255) NOT NULL,
+	`template` varchar(255) NOT NULL,
-	`name` VARCHAR(255) NOT NULL,
+	`name` varchar(255) NOT NULL,
-	`link` VARCHAR(255) NOT NULL,
+	`link` varchar(255) NOT NULL,
-	`blank` TINYINT(1) NOT NULL DEFAULT 0,
+	`blank` tinyint NOT NULL DEFAULT 0,
-	`color` VARCHAR(6) NOT NULL DEFAULT '',
+	`color` varchar(6) NOT NULL DEFAULT '',
-	`category` INT(11) NOT NULL DEFAULT 1,
+	`category` int NOT NULL DEFAULT 1,
-	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`ordering` int NOT NULL DEFAULT 0,
-	`enabled` INT(1) NOT NULL DEFAULT 1,
+	`enabled` int NOT NULL DEFAULT 1,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_monsters` (
-	`id` int(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`hide` tinyint(1) NOT NULL default 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	`name` varchar(255) NOT NULL,
-	`mana` int(11) NOT NULL DEFAULT 0,
+	`mana` int NOT NULL DEFAULT 0,
-	`exp` int(11) NOT NULL,
+	`exp` int NOT NULL,
-	`health` int(11) NOT NULL,
+	`health` int NOT NULL,
-	`look` VARCHAR(255) NOT NULL DEFAULT '',
+	`look` varchar(255) NOT NULL DEFAULT '',
-	`speed_lvl` int(11) NOT NULL default 1,
+	`speed_lvl` int NOT NULL DEFAULT 1,
-	`use_haste` tinyint(1) NOT NULL,
+	`use_haste` tinyint NOT NULL,
 	`voices` text NOT NULL,
 	`immunities` varchar(255) NOT NULL,
-	`elements` TEXT NOT NULL,
+	`elements` text NOT NULL,
-	`summonable` tinyint(1) NOT NULL,
+	`summonable` tinyint NOT NULL,
-	`convinceable` tinyint(1) NOT NULL,
+	`convinceable` tinyint NOT NULL,
-	`pushable` TINYINT(1) NOT NULL DEFAULT '0',
+	`pushable` tinyint NOT NULL DEFAULT 0,
-	`canpushitems` TINYINT(1) NOT NULL DEFAULT '0',
+	`canpushitems` tinyint NOT NULL DEFAULT 0,
-	`canwalkonenergy` TINYINT(1) NOT NULL DEFAULT '0',
+	`canwalkonenergy` tinyint NOT NULL DEFAULT 0,
-	`canwalkonpoison` TINYINT(1) NOT NULL DEFAULT '0',
+	`canwalkonpoison` tinyint NOT NULL DEFAULT 0,
-	`canwalkonfire` TINYINT(1) NOT NULL DEFAULT '0',
+	`canwalkonfire` tinyint NOT NULL DEFAULT 0,
-	`runonhealth` TINYINT(1) NOT NULL DEFAULT '0',
+	`runonhealth` tinyint NOT NULL DEFAULT 0,
-	`hostile` TINYINT(1) NOT NULL DEFAULT '0',
+	`hostile` tinyint NOT NULL DEFAULT 0,
-	`attackable` TINYINT(1) NOT NULL DEFAULT '0',
+	`attackable` tinyint NOT NULL DEFAULT 0,
-	`rewardboss` TINYINT(1) NOT NULL DEFAULT '0',
+	`rewardboss` tinyint NOT NULL DEFAULT 0,
-	`defense` INT(11) NOT NULL DEFAULT '0',
+	`defense` int NOT NULL DEFAULT 0,
-	`armor` INT(11) NOT NULL DEFAULT '0',
+	`armor` int NOT NULL DEFAULT 0,
-	`canpushcreatures` TINYINT(1) NOT NULL DEFAULT '0',
+	`canpushcreatures` tinyint NOT NULL DEFAULT 0,
 	`race` varchar(255) NOT NULL,
 	`loot` text NOT NULL,
-	`summons` TEXT NOT NULL,
+	`summons` text NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_news`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`title` VARCHAR(100) NOT NULL,
+	`title` varchar(100) NOT NULL,
-	`body` TEXT NOT NULL,
+	`body` text NOT NULL,
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - news, 2 - ticker, 3 - article',
+	`type` tinyint NOT NULL DEFAULT 0 COMMENT '1 - news, 2 - ticker, 3 - article',
-	`date` INT(11) NOT NULL DEFAULT 0,
+	`date` int NOT NULL DEFAULT 0,
-	`category` TINYINT(1) NOT NULL DEFAULT 0,
+	`category` tinyint NOT NULL DEFAULT 0,
-	`player_id` INT(11) NOT NULL DEFAULT 0,
+	`player_id` int NOT NULL DEFAULT 0,
-	`last_modified_by` INT(11) NOT NULL DEFAULT 0,
+	`last_modified_by` int NOT NULL DEFAULT 0,
-	`last_modified_date` INT(11) NOT NULL DEFAULT 0,
+	`last_modified_date` int NOT NULL DEFAULT 0,
-	`comments` VARCHAR(50) NOT NULL DEFAULT '',
+	`comments` varchar(50) NOT NULL DEFAULT '',
-	`article_text` VARCHAR(300) NOT NULL DEFAULT '',
+	`article_text` varchar(300) NOT NULL DEFAULT '',
-	`article_image` VARCHAR(100) NOT NULL DEFAULT '',
+	`article_image` varchar(100) NOT NULL DEFAULT '',
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_news_categories`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(50) NOT NULL DEFAULT "",
+	`name` varchar(50) NOT NULL DEFAULT "",
-	`description` VARCHAR(50) NOT NULL DEFAULT "",
+	`description` varchar(50) NOT NULL DEFAULT "",
-	`icon_id` INT(2) NOT NULL DEFAULT 0,
+	`icon_id` int NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
@@ -181,39 +181,39 @@ INSERT INTO `myaac_news_categories` (`id`, `icon_id`) VALUES (NULL, 4);
 CREATE TABLE `myaac_notepad`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`account_id` INT(11) NOT NULL,
+	`account_id` int NOT NULL,
-	/*`name` VARCHAR(30) NOT NULL,*/
+	/*`name` varchar(30) NOT NULL,*/
-	`content` TEXT NOT NULL,
+	`content` text NOT NULL,
-	/*`public` TINYINT(1) NOT NULL DEFAULT 0*/
+	/*`public` tinyint NOT NULL DEFAULT 0*/
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_pages`
 (
 	`id` INT NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(30) NOT NULL,
+	`name` varchar(30) NOT NULL,
-	`title` VARCHAR(30) NOT NULL,
+	`title` varchar(30) NOT NULL,
-	`body` TEXT NOT NULL,
+	`body` text NOT NULL,
-	`date` INT(11) NOT NULL DEFAULT 0,
+	`date` int NOT NULL DEFAULT 0,
-	`player_id` INT(11) NOT NULL DEFAULT 0,
+	`player_id` int NOT NULL DEFAULT 0,
-	`php` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '0 - plain html, 1 - php',
+	`php` tinyint NOT NULL DEFAULT 0 COMMENT '0 - plain html, 1 - php',
-	`enable_tinymce` TINYINT(1) NOT NULL DEFAULT 1 COMMENT '1 - enabled, 0 - disabled',
+	`enable_tinymce` tinyint NOT NULL DEFAULT 1 COMMENT '1 - enabled, 0 - disabled',
-	`access` TINYINT(2) NOT NULL DEFAULT 0,
+	`access` tinyint NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_gallery`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`comment` VARCHAR(255) NOT NULL DEFAULT '',
+	`comment` varchar(255) NOT NULL DEFAULT '',
-	`image` VARCHAR(255) NOT NULL,
+	`image` varchar(255) NOT NULL,
-	`thumb` VARCHAR(255) NOT NULL,
+	`thumb` varchar(255) NOT NULL,
-	`author` VARCHAR(50) NOT NULL DEFAULT '',
+	`author` varchar(50) NOT NULL DEFAULT '',
-	`ordering` INT(11) NOT NULL DEFAULT 0,
+	`ordering` int NOT NULL DEFAULT 0,
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
@@ -221,51 +221,51 @@ INSERT INTO `myaac_gallery` (`id`, `ordering`, `comment`, `image`, `thumb`, `aut
 CREATE TABLE `myaac_settings`
 (
-	`id` int(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`name` VARCHAR(255) NOT NULL DEFAULT '',
+	`name` varchar(255) NOT NULL DEFAULT '',
-	`key` VARCHAR(255) NOT NULL DEFAULT '',
+	`key` varchar(255) NOT NULL DEFAULT '',
-	`value` TEXT NOT NULL,
+	`value` text NOT NULL,
 	PRIMARY KEY (`id`),
 	KEY `key` (`key`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_spells`
 (
-	`id` INT(11) NOT NULL AUTO_INCREMENT,
+	`id` int NOT NULL AUTO_INCREMENT,
-	`spell` VARCHAR(255) NOT NULL DEFAULT '',
+	`spell` varchar(255) NOT NULL DEFAULT '',
-	`name` VARCHAR(255) NOT NULL,
+	`name` varchar(255) NOT NULL,
-	`words` VARCHAR(255) NOT NULL DEFAULT '',
+	`words` varchar(255) NOT NULL DEFAULT '',
-	`category` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - attack, 2 - healing, 3 - summon, 4 - supply, 5 - support',
+	`category` tinyint NOT NULL DEFAULT 0 COMMENT '1 - attack, 2 - healing, 3 - summon, 4 - supply, 5 - support',
-	`type` TINYINT(1) NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune',
+	`type` tinyint NOT NULL DEFAULT 0 COMMENT '1 - instant, 2 - conjure, 3 - rune',
-	`level` INT(11) NOT NULL DEFAULT 0,
+	`level` int NOT NULL DEFAULT 0,
-	`maglevel` INT(11) NOT NULL DEFAULT 0,
+	`maglevel` int NOT NULL DEFAULT 0,
-	`mana` INT(11) NOT NULL DEFAULT 0,
+	`mana` int NOT NULL DEFAULT 0,
-	`soul` TINYINT(3) NOT NULL DEFAULT 0,
+	`soul` tinyint NOT NULL DEFAULT 0,
-	`conjure_id` INT(11) NOT NULL DEFAULT 0,
+	`conjure_id` int NOT NULL DEFAULT 0,
-	`conjure_count` TINYINT(3) NOT NULL DEFAULT 0,
+	`conjure_count` tinyint NOT NULL DEFAULT 0,
-	`reagent` INT(11) NOT NULL DEFAULT 0,
+	`reagent` int NOT NULL DEFAULT 0,
-	`item_id` INT(11) NOT NULL DEFAULT 0,
+	`item_id` int NOT NULL DEFAULT 0,
-	`premium` TINYINT(1) NOT NULL DEFAULT 0,
+	`premium` tinyint NOT NULL DEFAULT 0,
-	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
+	`vocations` varchar(100) NOT NULL DEFAULT '',
-	`hide` TINYINT(1) NOT NULL DEFAULT 0,
+	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`),
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_visitors`
 (
-	`ip` VARCHAR(45) NOT NULL,
+	`ip` varchar(45) NOT NULL,
-	`lastvisit` INT(11) NOT NULL DEFAULT 0,
+	`lastvisit` int NOT NULL DEFAULT 0,
-	`page` VARCHAR(2048) NOT NULL,
+	`page` varchar(2048) NOT NULL,
-	`user_agent` VARCHAR(255) NOT NULL DEFAULT '',
+	`user_agent` varchar(255) NOT NULL DEFAULT '',
 	UNIQUE (`ip`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_weapons`
 (
-	`id` INT(11) NOT NULL,
+	`id` int NOT NULL,
-	`level` INT(11) NOT NULL DEFAULT 0,
+	`level` int NOT NULL DEFAULT 0,
-	`maglevel` INT(11) NOT NULL DEFAULT 0,
+	`maglevel` int NOT NULL DEFAULT 0,
-	`vocations` VARCHAR(100) NOT NULL DEFAULT '',
+	`vocations` varchar(100) NOT NULL DEFAULT '',
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
--- a/install/steps/4-config.php
+++ b/install/steps/4-config.php
@@ -10,6 +10,14 @@ foreach($config['clients'] as $client) {
 	$clients[$client] = $client_version;
 }
 if (empty($_SESSION['var_site_url'])) {
 	//require SYSTEM . 'base.php';
 	$serverUrl = 'http' . (isHttps() ? 's' : '') . '://' . $baseHost;
 	$siteURL = $serverUrl . $baseDir;
 	$_SESSION['var_site_url'] = $siteURL;
 }
 $twig->display('install.config.html.twig', array(
 	'clients' => $clients,
 	'timezones' => DateTimeZone::listIdentifiers(),
--- a/install/steps/5-database.php
+++ b/install/steps/5-database.php
@@ -42,45 +42,44 @@ if(!$error) {
 	$configToSave['cache_prefix'] = 'myaac_' . generateRandomString(8, true, false, true);
 	$configToSave['database_auto_migrate'] = true;
-	if(!$error) {
+	$content = '';
-		$content = '';
+	$saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content);
-		$saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content);
+	if ($saved || file_exists(BASE . 'config.local.php')) {
-		if ($saved) {
+		success($locale['step_database_config_saved']);
-			success($locale['step_database_config_saved']);
+		$_SESSION['saved'] = true;
 			$_SESSION['saved'] = true;
-			require BASE . 'config.local.php';
+		require BASE . 'config.local.php';
-			require BASE . 'install/includes/config.php';
+		require BASE . 'install/includes/config.php';
-			if (!$error) {
+		if (!$error) {
-				require BASE . 'install/includes/database.php';
+			require BASE . 'install/includes/database.php';
-				if (isset($database_error)) { // we failed connect to the database
+			if (isset($database_error)) { // we failed connect to the database
-					error($database_error);
+				error($database_error);
 			}
 			else {
 				if (!$db->hasTable('accounts')) {
 					$tmp = str_replace('$TABLE$', 'accounts', $locale['step_database_error_table']);
 					error($tmp);
 					$error = true;
 				}
 				else {
 					if (!$db->hasTable('accounts')) {
 						$tmp = str_replace('$TABLE$', 'accounts', $locale['step_database_error_table']);
 						error($tmp);
 						$error = true;
 					}
-					if (!$error) {
+				if (!$error) {
-						$twig->display('install.installer.html.twig', array(
+					$twig->display('install.installer.html.twig', array(
-							'url' => 'tools/5-database.php',
+						'url' => 'tools/5-database.php',
-							'message' => $locale['loading_spinner']
+						'message' => $locale['loading_spinner']
-						));
+					));
 					}
 				}
 			}
 		} else {
 			$_SESSION['config_content'] = $content;
 			unset($_SESSION['saved']);
 			$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.php</b>', $locale['step_database_error_file']);
 			error($locale['step_database_error_file'] . '<br/>
 				<textarea cols="70" rows="10">' . $content . '</textarea>');
 		}
 	} else {
 		$error = true;
 		$_SESSION['config_content'] = $content;
 		unset($_SESSION['saved']);
 		$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.local.php</b>', $locale['step_database_error_file']);
 		error($locale['step_database_error_file'] . '<br/>
 			<textarea cols="70" rows="10">' . $content . '</textarea>');
 	}
 }
 ?>
--- a/install/steps/7-finish.php
+++ b/install/steps/7-finish.php
@@ -195,13 +195,4 @@ if(!isset($_SESSION['installed'])) {
 	$_SESSION['installed'] = true;
 }
 foreach($_SESSION as $key => $value) {
 	if(strpos($key, 'var_') !== false)
 		unset($_SESSION[$key]);
 }
 unset($_SESSION['saved']);
 if(file_exists(CACHE . 'install.txt')) {
 	unlink(CACHE . 'install.txt');
 }
 $hooks->trigger(HOOK_INSTALL_FINISH_END);
--- a/install/tools/5-database.php
+++ b/install/tools/5-database.php
@@ -7,6 +7,11 @@ require SYSTEM . 'functions.php';
 require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
 	return;
 }
 $error = false;
 require BASE . 'install/includes/config.php';
--- a/install/tools/7-finish.php
+++ b/install/tools/7-finish.php
@@ -17,11 +17,11 @@ ini_set('max_execution_time', 300);
 ob_implicit_flush();
 header('X-Accel-Buffering: no');
-/*
+
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
 	return;
-}*/
+}
 require SYSTEM . 'init.php';
@@ -54,12 +54,13 @@ if ($db->hasTable('players')) {
 	}
 }
 Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php');
 Plugins::installMenus('tibiacom', require TEMPLATES . 'tibiacom/menus.php');
 DataLoader::setLocale($locale);
 DataLoader::load();
 // add menus entries
 require_once SYSTEM . 'migrations/17.php';
 $up();
 // update config.highscores_ids_hidden
 require_once SYSTEM . 'migrations/20.php';
 $up();
@@ -78,6 +79,10 @@ $up();
 require_once SYSTEM . 'migrations/31.php';
 $up();
 // rules page
 require_once SYSTEM . 'migrations/45.php';
 $up();
 if(ModelsFAQ::count() == 0) {
 	ModelsFAQ::create([
 		'question' => 'What is this?',
@@ -89,6 +94,17 @@ $hooks->trigger(HOOK_INSTALL_FINISH);
 $db->setClearCacheAfter(true);
 // cleanup
 foreach($_SESSION as $key => $value) {
 	if(str_contains($key, 'var_')) {
 		unset($_SESSION[$key]);
 	}
 }
 unset($_SESSION['saved']);
 if(file_exists(CACHE . 'install.txt')) {
 	unlink(CACHE . 'install.txt');
 }
 $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_replace('tools/', '',ADMIN_URL), $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(str_replace('tools/', '', BASE_URL), $locale['step_finish_homepage'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$LINK$', generateLink('https://my-aac.org', 'https://my-aac.org', true), $locale['step_finish_desc']);
--- a/login.php
+++ b/login.php
@@ -86,12 +86,25 @@ switch ($action) {
 		die(json_encode(['eventlist' => $eventlist, 'lastupdatetimestamp' => time()]));
 	case 'boostedcreature':
-		$boostedCreature = BoostedCreature::latest();
+		$clientVersion = (int)setting('core.client');
 		// 13.40 and up
 		if ($clientVersion >= 1340) {
 			$creatureBoost = $db->query("SELECT * FROM " . $db->tableName('boosted_creature'))->fetchAll();
 			$bossBoost     = $db->query("SELECT * FROM " . $db->tableName('boosted_boss'))->fetchAll();
 			die(json_encode([
 				'boostedcreature' => true,
 				'creatureraceid'  => intval($creatureBoost[0]['raceid']),
 				'bossraceid'      => intval($bossBoost[0]['raceid'])
 			]));
 		}
 		// lower clients
 		$boostedCreature = BoostedCreature::first();
 		die(json_encode([
 			'boostedcreature' => true,
 			'raceid' => $boostedCreature->raceid
 		]));
 	break;
 	case 'login':
--- a/nginx-sample.conf
+++ b/nginx-sample.conf
@@ -1,6 +1,6 @@
 server {
 	listen 80;
-	root /home/otserv/www/public;
+	root /var/www/html;
 	index index.php;
 	server_name your-domain.com;
@@ -14,7 +14,7 @@ server {
 	# block .htaccess, CHANGELOG.md, composer.json etc.
 	# this is to prevent finding software versions
-	location ~\.(ht|md|json|dist)$ {
+	location ~\.(ht|md|json|dist|sql)$ {
 		deny all;
 	}
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,24 +14,13 @@
        "tinymce": "^7.2.0"
      },
      "devDependencies": {
-        "cypress": "^13.17.0"
+        "cypress": "^14.3.3"
      }
    },
    "node_modules/@colors/colors": {
      "version": "1.5.0",
      "resolved": "https://registry.npmjs.org/@colors/colors/-/colors-1.5.0.tgz",
      "integrity": "sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==",
      "dev": true,
      "license": "MIT",
      "optional": true,
      "engines": {
        "node": ">=0.1.90"
      }
    },
    "node_modules/@cypress/request": {
-      "version": "3.0.7",
+      "version": "3.0.8",
-      "resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.7.tgz",
+      "resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.8.tgz",
-      "integrity": "sha512-LzxlLEMbBOPYB85uXrDqvD4MgcenjRBLIns3zyhx7vTPj/0u2eQhzXvPiGcaJrV38Q9dbkExWp6cOHPJ+EtFYg==",
+      "integrity": "sha512-h0NFgh1mJmm1nr4jCwkGHwKneVYKghUyWe6TMNrk0B9zsjAJxpg8C4/+BAcmLgCPa1vj1V8rNUaILl+zYRUWBQ==",
      "dev": true,
      "license": "Apache-2.0",
      "dependencies": {
@@ -48,7 +37,7 @@
        "json-stringify-safe": "~5.0.1",
        "mime-types": "~2.1.19",
        "performance-now": "^2.1.0",
-        "qs": "6.13.1",
+        "qs": "6.14.0",
        "safe-buffer": "^5.1.2",
        "tough-cookie": "^5.0.0",
        "tunnel-agent": "^0.6.0",
@@ -387,9 +376,9 @@
      }
    },
    "node_modules/call-bind-apply-helpers": {
-      "version": "1.0.1",
+      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
-      "integrity": "sha512-BhYE+WDaywFg2TBWYNXAE+8B1ATnThNBqXHP5nQu0jWJdVvY2hvkpyB3qOmtmDePiS5/BDQ8wASEWGMWRG148g==",
+      "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
@@ -401,14 +390,14 @@
      }
    },
    "node_modules/call-bound": {
-      "version": "1.0.3",
+      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.3.tgz",
+      "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
-      "integrity": "sha512-YTd+6wGlNlPxSuri7Y6X8tY2dmm12UMH66RpKMhiX6rsk5wXXnYgbUcOt8kiS31/AjfoTOvCsE+w8nZQLQnzHA==",
+      "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "call-bind-apply-helpers": "^1.0.1",
+        "call-bind-apply-helpers": "^1.0.2",
-        "get-intrinsic": "^1.2.6"
+        "get-intrinsic": "^1.3.0"
      },
      "engines": {
        "node": ">= 0.4"
@@ -504,9 +493,9 @@
      }
    },
    "node_modules/cli-table3": {
-      "version": "0.6.5",
+      "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.5.tgz",
+      "resolved": "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.1.tgz",
-      "integrity": "sha512-+W/5efTR7y5HRD7gACw9yQjqMVvEMLBHmboM/kPWam+H+Hmyrgjh6YncVKK122YZkXrLudzTuAukUw9FnMf7IQ==",
+      "integrity": "sha512-w0q/enDHhPLq44ovMGdQeeDLvwxwavsJX7oQGYt/LrBlYsyaxyDnp6z3QzFut/6kLLKnlcUVJLrpB7KBfgG/RA==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
@@ -516,7 +505,7 @@
        "node": "10.* || >= 12.*"
      },
      "optionalDependencies": {
-        "@colors/colors": "1.5.0"
+        "colors": "1.4.0"
      }
    },
    "node_modules/cli-truncate": {
@@ -563,6 +552,17 @@
      "dev": true,
      "license": "MIT"
    },
    "node_modules/colors": {
      "version": "1.4.0",
      "resolved": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz",
      "integrity": "sha512-a+UqTh4kgZg/SlGvfbzDHpgRu7AAQOmmqRHJnxhRZICKFUT91brVhNNt58CMWU9PsBbv3PDCZUHbVxuDiH2mtA==",
      "dev": true,
      "license": "MIT",
      "optional": true,
      "engines": {
        "node": ">=0.1.90"
      }
    },
    "node_modules/combined-stream": {
      "version": "1.0.8",
      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
@@ -619,14 +619,14 @@
      }
    },
    "node_modules/cypress": {
-      "version": "13.17.0",
+      "version": "14.3.3",
-      "resolved": "https://registry.npmjs.org/cypress/-/cypress-13.17.0.tgz",
+      "resolved": "https://registry.npmjs.org/cypress/-/cypress-14.3.3.tgz",
-      "integrity": "sha512-5xWkaPurwkIljojFidhw8lFScyxhtiFHl/i/3zov+1Z5CmY4t9tjIdvSXfu82Y3w7wt0uR9KkucbhkVvJZLQSA==",
+      "integrity": "sha512-1Rz7zc9iqLww6BysaESqUhtIuaFHS7nL3wREovAKYsNhLTfX3TbcBWHWgEz70YimH2NkSOsm4oIcJJ9HYHOlew==",
      "dev": true,
      "hasInstallScript": true,
      "license": "MIT",
      "dependencies": {
-        "@cypress/request": "^3.0.6",
+        "@cypress/request": "^3.0.8",
        "@cypress/xvfb": "^1.2.4",
        "@types/sinonjs__fake-timers": "8.1.1",
        "@types/sizzle": "^2.3.2",
@@ -637,9 +637,9 @@
        "cachedir": "^2.3.0",
        "chalk": "^4.1.0",
        "check-more-types": "^2.24.0",
-        "ci-info": "^4.0.0",
+        "ci-info": "^4.1.0",
        "cli-cursor": "^3.1.0",
-        "cli-table3": "~0.6.1",
+        "cli-table3": "0.6.1",
        "commander": "^6.2.1",
        "common-tags": "^1.8.0",
        "dayjs": "^1.10.4",
@@ -663,7 +663,7 @@
        "process": "^0.11.10",
        "proxy-from-env": "1.0.0",
        "request-progress": "^3.0.0",
-        "semver": "^7.5.3",
+        "semver": "^7.7.1",
        "supports-color": "^8.1.1",
        "tmp": "~0.2.3",
        "tree-kill": "1.2.2",
@@ -674,7 +674,7 @@
        "cypress": "bin/cypress"
      },
      "engines": {
-        "node": "^16.0.0 || ^18.0.0 || >=20.0.0"
+        "node": "^18.0.0 || ^20.0.0 || >=22.0.0"
      }
    },
    "node_modules/cypress/node_modules/fs-extra": {
@@ -819,9 +819,9 @@
      }
    },
    "node_modules/es-object-atoms": {
-      "version": "1.0.0",
+      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.0.0.tgz",
+      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz",
-      "integrity": "sha512-MZ4iQ6JwHOBQjahnjwaC1ZtIBH+2ohjamzAO3oaHcXYup7qxjF2fixyH+Q71voWHeOkI2q/TnJao/KfXYIZWbw==",
+      "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
@@ -831,6 +831,22 @@
        "node": ">= 0.4"
      }
    },
    "node_modules/es-set-tostringtag": {
      "version": "2.1.0",
      "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz",
      "integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "es-errors": "^1.3.0",
        "get-intrinsic": "^1.2.6",
        "has-tostringtag": "^1.0.2",
        "hasown": "^2.0.2"
      },
      "engines": {
        "node": ">= 0.4"
      }
    },
    "node_modules/escape-string-regexp": {
      "version": "1.0.5",
      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
@@ -960,14 +976,16 @@
      }
    },
    "node_modules/form-data": {
-      "version": "4.0.1",
+      "version": "4.0.4",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz",
-      "integrity": "sha512-tzN8e4TX8+kkxGPK8D5u0FNmjPUjw3lwC9lSLxxoB/+GtsJG91CO8bSWy73APlgAZzZbXEYZJuxjkHH2w+Ezhw==",
+      "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "asynckit": "^0.4.0",
        "combined-stream": "^1.0.8",
        "es-set-tostringtag": "^2.1.0",
        "hasown": "^2.0.2",
        "mime-types": "^2.1.12"
      },
      "engines": {
@@ -999,18 +1017,18 @@
      }
    },
    "node_modules/get-intrinsic": {
-      "version": "1.2.7",
+      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.7.tgz",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
-      "integrity": "sha512-VW6Pxhsrk0KAOqs3WEd0klDiF/+V7gQOpAvY1jVU/LHmaD/kQO4523aiJuikX/QAKYiW6x8Jh+RJej1almdtCA==",
+      "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "call-bind-apply-helpers": "^1.0.1",
+        "call-bind-apply-helpers": "^1.0.2",
        "es-define-property": "^1.0.1",
        "es-errors": "^1.3.0",
-        "es-object-atoms": "^1.0.0",
+        "es-object-atoms": "^1.1.1",
        "function-bind": "^1.1.2",
-        "get-proto": "^1.0.0",
+        "get-proto": "^1.0.1",
        "gopd": "^1.2.0",
        "has-symbols": "^1.1.0",
        "hasown": "^2.0.2",
@@ -1131,6 +1149,22 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/has-tostringtag": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz",
      "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "has-symbols": "^1.0.3"
      },
      "engines": {
        "node": ">= 0.4"
      },
      "funding": {
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/hasown": {
      "version": "2.0.2",
      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
@@ -1560,9 +1594,9 @@
      }
    },
    "node_modules/object-inspect": {
-      "version": "1.13.3",
+      "version": "1.13.4",
-      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.3.tgz",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
-      "integrity": "sha512-kDCGIbxkDSXE3euJZZXzc6to7fCrKHNI/hSRQnRuQ+BWjFNzZwiFF8fj/6o2t2G9/jTj8PSIYTfCLelLZEeRpA==",
+      "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -1709,13 +1743,13 @@
      }
    },
    "node_modules/qs": {
-      "version": "6.13.1",
+      "version": "6.14.0",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.1.tgz",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz",
-      "integrity": "sha512-EJPeIn0CYrGu+hli1xilKAPXODtJ12T0sP63Ijx2/khC2JtuaN3JyNIpvmnkmaEtha9ocbG4A4cMcr+TvqvwQg==",
+      "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==",
      "dev": true,
      "license": "BSD-3-Clause",
      "dependencies": {
-        "side-channel": "^1.0.6"
+        "side-channel": "^1.1.0"
      },
      "engines": {
        "node": ">=0.6"
@@ -1794,9 +1828,9 @@
      "license": "MIT"
    },
    "node_modules/semver": {
-      "version": "7.6.3",
+      "version": "7.7.1",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==",
      "dev": true,
      "license": "ISC",
      "bin": {
@@ -2031,29 +2065,29 @@
      "license": "GPL-2.0-or-later"
    },
    "node_modules/tldts": {
-      "version": "6.1.71",
+      "version": "6.1.86",
-      "resolved": "https://registry.npmjs.org/tldts/-/tldts-6.1.71.tgz",
+      "resolved": "https://registry.npmjs.org/tldts/-/tldts-6.1.86.tgz",
-      "integrity": "sha512-LQIHmHnuzfZgZWAf2HzL83TIIrD8NhhI0DVxqo9/FdOd4ilec+NTNZOlDZf7EwrTNoutccbsHjvWHYXLAtvxjw==",
+      "integrity": "sha512-WMi/OQ2axVTf/ykqCQgXiIct+mSQDFdH2fkwhPwgEwvJ1kSzZRiinb0zF2Xb8u4+OqPChmyI6MEu4EezNJz+FQ==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "tldts-core": "^6.1.71"
+        "tldts-core": "^6.1.86"
      },
      "bin": {
        "tldts": "bin/cli.js"
      }
    },
    "node_modules/tldts-core": {
-      "version": "6.1.71",
+      "version": "6.1.86",
-      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-6.1.71.tgz",
+      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-6.1.86.tgz",
-      "integrity": "sha512-LRbChn2YRpic1KxY+ldL1pGXN/oVvKfCVufwfVzEQdFYNo39uF7AJa/WXdo+gYO7PTvdfkCPCed6Hkvz/kR7jg==",
+      "integrity": "sha512-Je6p7pkk+KMzMv2XXKmAE3McmolOQFdxkKw0R8EYNr7sELW46JqnNeTX8ybPiQgvg1ymCoF8LXs5fzFaZvJPTA==",
      "dev": true,
      "license": "MIT"
    },
    "node_modules/tmp": {
-      "version": "0.2.3",
+      "version": "0.2.4",
-      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz",
+      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.4.tgz",
-      "integrity": "sha512-nZD7m9iCPC5g0pYmcaxogYKggSfLsdxl8of3Q/oIbqCqLLIO9IAF0GWjX1z9NZRHPiXv8Wex4yDCaZsgEw0Y8w==",
+      "integrity": "sha512-UdiSoX6ypifLmrfQ/XfiawN6hkjSBpCjhKxxZcWlUUmoXLaCKQU0bx4HF/tdDK2uzRuchf1txGvrWBzYREssoQ==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -2061,9 +2095,9 @@
      }
    },
    "node_modules/tough-cookie": {
-      "version": "5.1.0",
+      "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-5.1.0.tgz",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-5.1.2.tgz",
-      "integrity": "sha512-rvZUv+7MoBYTiDmFPBrhL7Ujx9Sk+q9wwm22x8c8T5IJaR+Wsyc7TNxbVxo84kZoRJZZMazowFLqpankBEQrGg==",
+      "integrity": "sha512-FVDYdxtnj0G6Qm/DhNPSb8Ju59ULcup3tuJxkFb5K8Bv2pUXILbf0xZWU8PX8Ov19OXljbUyveOFwRMwkXzO+A==",
      "dev": true,
      "license": "BSD-3-Clause",
      "dependencies": {
--- a/package.json
+++ b/package.json
@@ -4,7 +4,7 @@
    "postinstall": "node ./npm-post-install.js"
  },
  "devDependencies": {
-    "cypress": "^13.17.0"
+    "cypress": "^14.3.3"
  },
  "dependencies": {
    "@tinymce/tinymce-jquery": "^2.1.0",
--- a/phpstan.neon
+++ b/phpstan.neon
@@ -28,10 +28,9 @@ parameters:
 		- '#Variable \$guild might not be defined#'
 		- '#Variable \$[a-zA-Z0-9\\_]+ might not be defined#'
 		# Eloquent models
 		- '#Call to an undefined method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+\(\)#'
 		- '#Call to an undefined static method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+\(\)#'
 		- '#Call to an undefined method object::toArray\(\)#'
 		# system/pages/highscores.php
 		- '#Call to an undefined method Illuminate\\Database\\Query\\Builder::withOnlineStatus\(\)#'
 		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$online_status#'
 		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$vocation_name#'
 		-
--- a/plugins/example.json
+++ b/plugins/example.json
@@ -46,8 +46,13 @@
 	"settings": "plugins/your-plugin-folder/settings.php",
 	"autoload": {
 		"pages": true,
-		"pagesSubFolders": false,
+		"pages-sub-folders": false,
 		"commands": true,
-		"themes": true
+		"themes": true,
 		"admin-pages": true,
 		"admin-pages-sub-folders": true,
 		"settings": true,
 		"install": true,
 		"init": false
 	}
 }
--- a/system/base.php
+++ b/system/base.php
@@ -0,0 +1,21 @@
 <?php
 $baseDir = '';
 $tmp = explode('/', $_SERVER['SCRIPT_NAME']);
 $size = count($tmp) - 1;
 for($i = 1; $i < $size; $i++)
 	$baseDir .= '/' . $tmp[$i];
 $baseDir = str_replace(['/' . ADMIN_PANEL_FOLDER, '/install', '/tools'], '', $baseDir);
 if(!IS_CLI) {
 	if (isset($_SERVER['HTTP_HOST'][0])) {
 		$baseHost = $_SERVER['HTTP_HOST'];
 	} else {
 		if (isset($_SERVER['SERVER_NAME'][0])) {
 			$baseHost = $_SERVER['SERVER_NAME'];
 		} else {
 			$baseHost = $_SERVER['SERVER_ADDR'];
 		}
 	}
 }
--- a/system/clients.conf.php
+++ b/system/clients.conf.php
@@ -109,4 +109,12 @@ $config['clients'] = [
 	1330,
 	1332,
 	1340,
 	1400,
 	1405,
 	1410,
 	1411,
 	1412,
 	1500,
 	1501,
 ];
--- a/system/compat/base.php
+++ b/system/compat/base.php
@@ -74,7 +74,3 @@ function fieldExist($field, $table)
 	global $db;
 	return $db->hasColumn($table, $field);
 }
 function getCreatureImgPath($creature): string {
 	return getMonsterImgPath($creature);
 }
--- a/system/database.php
+++ b/system/database.php
@@ -122,6 +122,10 @@ try {
 	$eloquentConnection = $capsule->getConnection();
 	if (isset($twig)) {
 		$twig->addGlobal('db', $db);
 	}
 } catch (Exception $e) {
 	if(isset($cache) && $cache->enabled()) {
 		$cache->delete('config_lua');
--- a/system/functions.php
+++ b/system/functions.php
@@ -512,6 +512,13 @@ function template_place_holder($type): string
 	}
 	elseif ($type === 'body_start') {
 		$ret .= $twig->render('browsehappy.html.twig');
 		if (admin()) {
 			global $account_logged;
 			$ret .= $twig->render('admin-bar.html.twig', [
 				'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
 			]);
 		}
 	}
 	elseif($type === 'body_end') {
 		$ret .= template_ga_code();
@@ -545,33 +552,39 @@ function template_header($is_admin = false): string
 */
 function template_footer(): string
 {
-	global $views_counter;
+	$footer = [];
-	$ret = '';
+
 	if(admin()) {
-		$ret .= generateLink(ADMIN_URL, 'Admin Panel', true);
+		$footer[] = generateLink(ADMIN_URL, 'Admin Panel', true);
 	}
 	if(setting('core.visitors_counter')) {
 		global $visitors;
 		$amount = $visitors->getAmountVisitors();
-		$ret .= '<br/>Currently there ' . ($amount > 1 ? 'are' : 'is') . ' ' . $amount . ' visitor' . ($amount > 1 ? 's' : '') . '.';
+		$footer[] = 'Currently there ' . ($amount > 1 ? 'are' : 'is') . ' ' . $amount . ' visitor' . ($amount > 1 ? 's' : '') . '.';
 	}
 	if(setting('core.views_counter')) {
-		$ret .= '<br/>Page has been viewed ' . $views_counter . ' times.';
+		global $views_counter;
 		$footer[] = 'Page has been viewed ' . $views_counter . ' times.';
 	}
 	if(setting('core.footer_load_time')) {
-		$ret .= '<br/>Load time: ' . round(microtime(true) - START_TIME, 4) . ' seconds.';
+		$footer[] = 'Load time: ' . round(microtime(true) - START_TIME, 4) . ' seconds.';
 	}
 	$settingFooter = setting('core.footer');
 	if(isset($settingFooter[0])) {
-		$ret .= '<br/>' . $settingFooter;
+		$footer[] = '' . $settingFooter;
 	}
 	// please respect my work and help spreading the word, thanks!
-	return $ret . '<br/>' . base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4=');
+	$footer[] = base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4=');
 	global $hooks;
 	$hooks->triggerFilter(HOOK_FILTER_THEME_FOOTER, $footer);
 	return implode('<br/>', $footer);
 }
 function template_ga_code()
@@ -761,6 +774,10 @@ function formatExperience($exp, $color = true)
 	return $ret;
 }
 function getExperienceForLevel($level): float|int {
 	return ( 50 / 3 ) * pow( $level, 3 ) - ( 100 * pow( $level, 2 ) ) + ( ( 850 / 3 ) * $level ) - 200;
 }
 function get_locales()
 {
 	$ret = array();
@@ -976,11 +993,12 @@ function load_config_lua($filename)
 		foreach($lines as $ln => $line)
 		{
 			$line = trim($line);
-			if(@$line[0] === '{' || @$line[0] === '}') {
+			if(isset($line[0]) && ($line[0] === '{' || $line[0] === '}')) {
 				// arrays are not supported yet
 				// just ignore the error
 				continue;
 			}
 			$tmp_exp = explode('=', $line, 2);
 			if(str_contains($line, 'dofile')) {
 				$delimiter = '"';
@@ -1012,12 +1030,19 @@ function load_config_lua($filename)
 					}
 					else
 					{
-						foreach($result as $tmp_key => $tmp_value) // load values defined by other keys, like: dailyFragsToBlackSkull = dailyFragsToRedSkull
+						foreach($result as $tmp_key => $tmp_value) { // load values defined by other keys, like: dailyFragsToBlackSkull = dailyFragsToRedSkull
 							$value = str_replace($tmp_key, $tmp_value, $value);
-						$ret = @eval("return $value;");
+						}
-						if((string) $ret == '' && trim($value) !== '""') // = parser error
+
-						{
+						try {
-							throw new RuntimeException('ERROR: Loading config.lua file. Line <b>' . ($ln + 1) . '</b> of LUA config file is not valid [key: <b>' . $key . '</b>]');
+							$ret = eval("return $value;");
 						}
 						catch (Throwable $e) {
 							throw new RuntimeException('ERROR: Loading config.lua file. Line: ' . ($ln + 1) . ' - Unable to parse value "' . $value . '" - ' . $e->getMessage());
 						}
 						if((string) $ret == '' && trim($value) !== '""') {
 							throw new RuntimeException('ERROR: Loading config.lua file. Line ' . ($ln + 1) . ' is not valid [key: ' . $key . ']');
 						}
 						$result[$key] = $ret;
 					}
@@ -1203,7 +1228,8 @@ function setting($key)
 		return $settings[$key[0]] = $key[1];
 	}
-	return $settings[$key]['value'];
+	$ret = $settings[$key];
 	return isset($ret) ? $ret['value'] : null;
 }
 function clearCache()
@@ -1252,14 +1278,15 @@ function clearCache()
 		$db->setClearCacheAfter(true);
 	}
 	if (function_exists('apcu_clear_cache')) {
 		apcu_clear_cache();
 	}
 	deleteDirectory(CACHE . 'signatures', ['index.html'], true);
 	deleteDirectory(CACHE . 'twig', ['index.html'], true);
 	deleteDirectory(CACHE . 'plugins', ['index.html'], true);
 	deleteDirectory(CACHE, ['signatures', 'twig', 'plugins', 'index.html', 'persistent'], true);
 	// routes cache
 	clearRouteCache();
 	global $hooks;
 	$hooks->trigger(HOOK_CACHE_CLEAR, ['cache' => Cache::getInstance()]);
@@ -1565,22 +1592,6 @@ function right($str, $length) {
 	return substr($str, -$length);
 }
 function getMonsterImgPath($monster): string
 {
 	$monster_path = setting('core.monsters_images_url');
 	$monster_gfx_name = trim(strtolower($monster)) . setting('core.monsters_images_extension');
 	if (!file_exists($monster_path . $monster_gfx_name)) {
 		$monster_gfx_name = str_replace(" ", "", $monster_gfx_name);
 		if (file_exists($monster_path . $monster_gfx_name)) {
 			return $monster_path . $monster_gfx_name;
 		} else {
 			return $monster_path . 'nophoto.png';
 		}
 	} else {
 		return $monster_path . $monster_gfx_name;
 	}
 }
 function between($x, $lim1, $lim2) {
 	if ($lim1 < $lim2) {
 		$lower = $lim1; $upper = $lim2;
--- a/system/init.php
+++ b/system/init.php
@@ -12,6 +12,7 @@ use DebugBar\StandardDebugBar;
 use MyAAC\Cache\Cache;
 use MyAAC\CsrfToken;
 use MyAAC\Hooks;
 use MyAAC\Plugins;
 use MyAAC\Models\Town;
 use MyAAC\Settings;
@@ -46,6 +47,11 @@ if(isset($config['gzip_output']) && $config['gzip_output'] && isset($_SERVER['HT
 global $cache;
 $cache = Cache::getInstance();
 // load plugins init.php
 foreach (Plugins::getInits() as $init) {
 	require $init;
 }
 // event system
 global $hooks;
 $hooks = new Hooks();
@@ -138,6 +144,18 @@ $ots = POT::getInstance();
 $eloquentConnection = null;
 require_once SYSTEM . 'database.php';
 define('USE_ACCOUNT_NAME', $db->hasColumn('accounts', 'name'));
 define('USE_ACCOUNT_NUMBER', $db->hasColumn('accounts', 'number'));
 define('USE_ACCOUNT_SALT', $db->hasColumn('accounts', 'salt'));
 define('HAS_ACCOUNT_COINS', $db->hasColumn('accounts', 'coins'));
 define('HAS_ACCOUNT_COINS_TRANSFERABLE', $db->hasColumn('accounts', 'coins_transferable'));
 define('HAS_ACCOUNT_TRANSFERABLE_COINS', $db->hasColumn('accounts', 'transferable_coins'));
 const ACCOUNT_COINS_TRANSFERABLE_COLUMN = (HAS_ACCOUNT_COINS_TRANSFERABLE ? 'coins_transferable' : 'transferable_coins');
 $twig->addGlobal('logged', false);
 $twig->addGlobal('account_logged', new \OTS_Account());
 // verify myaac tables exists in database
 if(!defined('MYAAC_INSTALL') && !$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table myaac_account_actions of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting ' . (IS_CLI ? 'http://your-ip.com/' : BASE_URL) . 'install');
@@ -179,10 +197,6 @@ if($settingsItemImagesURL[strlen($settingsItemImagesURL) - 1] !== '/') {
 	setting(['core.item_images_url', $settingsItemImagesURL . '/']);
 }
 define('USE_ACCOUNT_NAME', $db->hasColumn('accounts', 'name'));
 define('USE_ACCOUNT_NUMBER', $db->hasColumn('accounts', 'number'));
 define('USE_ACCOUNT_SALT', $db->hasColumn('accounts', 'salt'));
 $towns = Cache::remember('towns', 10 * 60, function () use ($db) {
 	if ($db->hasTable('towns') && Town::count() > 0) {
 		return Town::orderBy('id', 'ASC')->pluck('name', 'id')->toArray();
--- a/system/libs/pot/OTS.php
+++ b/system/libs/pot/OTS.php
--- a/system/libs/pot/OTS_Account.php
+++ b/system/libs/pot/OTS_Account.php
@@ -443,9 +443,6 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 			throw new E_OTS_NotLoaded();
 		}
 		$configFreePremium = configLua('freePremium');
 		if(isset($configFreePremium) && getBoolean($configFreePremium)) {return -1;}
 		if(isset($this->data['premium_ends_at']) || isset($this->data['premend'])) {
 			$col = isset($this->data['premium_ends_at']) ? 'premium_ends_at' : 'premend';
 			$ret = ceil(($this->data[$col] - time()) / (24 * 60 * 60));
@@ -476,12 +473,9 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
    public function isPremium()
    {
-		global $config;
+		if(isset($this->data['premium_ends_at'])) {
-        if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return true;
+			return $this->data['premium_ends_at'] > time();
-
+		}
 	    if(isset($this->data['premium_ends_at'])) {
 		    return $this->data['premium_ends_at'] > time();
 	    }
 		if(isset($this->data['premend'])) {
 			return $this->data['premend'] > time();
--- a/system/libs/pot/OTS_DB_MySQL.php
+++ b/system/libs/pot/OTS_DB_MySQL.php
@@ -26,10 +26,11 @@ use MyAAC\Cache\Cache;
 */
 class OTS_DB_MySQL extends OTS_Base_DB
 {
-	private $has_table_cache = array();
+	private array $has_table_cache = [];
-	private $has_column_cache = array();
+	private array $has_column_cache = [];
 	private array $get_column_info_cache = [];
-	private $clearCacheAfter = false;
+	private bool $clearCacheAfter = false;
 /**
 * Creates database connection.
 *
@@ -209,7 +210,8 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return $sql;
 	}
-	public function hasTable($name) {
+	public function hasTable($name): bool
 	{
 		if(isset($this->has_table_cache[$name])) {
 			return $this->has_table_cache[$name];
 		}
@@ -217,12 +219,13 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return $this->hasTableInternal($name);
 	}
-	private function hasTableInternal($name) {
+	private function hasTableInternal($name): bool
-		global $config;
+	{
-		return ($this->has_table_cache[$name] = $this->query('SELECT `TABLE_NAME` FROM `information_schema`.`tables` WHERE `TABLE_SCHEMA` = ' . $this->quote($config['database_name']) . ' AND `TABLE_NAME` = ' . $this->quote($name) . ' LIMIT 1;')->rowCount() > 0);
+		return ($this->has_table_cache[$name] = $this->query('SELECT `TABLE_NAME` FROM `information_schema`.`tables` WHERE `TABLE_SCHEMA` = ' . $this->quote(config('database_name')) . ' AND `TABLE_NAME` = ' . $this->quote($name) . ' LIMIT 1;')->rowCount() > 0);
 	}
-	public function hasColumn($table, $column) {
+	public function hasColumn($table, $column): bool
 	{
 		if(isset($this->has_column_cache[$table . '.' . $column])) {
 			return $this->has_column_cache[$table . '.' . $column];
 		}
@@ -230,8 +233,66 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return $this->hasColumnInternal($table, $column);
 	}
-	private function hasColumnInternal($table, $column) {
+	private function hasColumnInternal($table, $column): bool {
-		return $this->hasTable($table) && ($this->has_column_cache[$table . '.' . $column] = count($this->query('SHOW COLUMNS FROM `' . $table . "` LIKE '" . $column . "'")->fetchAll()) > 0);
+		return $this->hasTable($table) && ($this->has_column_cache[$table . '.' . $column] = count($this->query('SHOW COLUMNS FROM `' . $table . "` LIKE " . $this->quote($column))->fetchAll()) > 0);
 	}
 	public function hasTableAndColumns(string $table, array $columns = []): bool
 	{
 		if (!$this->hasTable($table)) return false;
 		foreach ($columns as $column) {
 			if (!$this->hasColumn($table, $column)) {
 				return false;
 			}
 		}
 		return true;
 	}
 	public function getColumnInfo(string $table, string $column): bool|array
 	{
 		if(isset($this->get_column_info_cache[$table . '.' . $column])) {
 			return $this->get_column_info_cache[$table . '.' . $column];
 		}
 		return $this->getColumnInfoInternal($table, $column);
 	}
 	private function getColumnInfoInternal(string $table, string $column): bool|array
 	{
 		if (!$this->hasTable($table) || !$this->hasColumn($table, $column)) {
 			return false;
 		}
 		$formatResult = function ($result) {
 			return [
 				'field' => $result['Field'],
 				'type' => $result['Type'],
 				'null' => strtolower($result['Null']),
 				'default' => $result['Default'],
 				'extra' => $result['Extra'],
 			];
 		};
 		$query = $this->query('SHOW COLUMNS FROM `' . $table . "` LIKE " . $this->quote($column));
 		$rowCount = $query->rowCount();
 		if ($rowCount > 1) {
 			$tmp = [];
 			$results = $query->fetchAll(PDO::FETCH_ASSOC);
 			foreach ($results as $result) {
 				$tmp[] = $formatResult($result);
 			}
 			return ($this->get_column_info_cache[$table . '.' . $column] = $tmp);
 		}
 		else if ($rowCount == 1) {
 			$result = $query->fetch(PDO::FETCH_ASSOC);
 			return ($this->get_column_info_cache[$table . '.' . $column] = $formatResult($result));
 		}
 		return [];
 	}
 	public function revalidateCache() {
--- a/system/libs/pot/OTS_Guild.php
+++ b/system/libs/pot/OTS_Guild.php
@@ -97,7 +97,7 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
 *
 * @param IOTS_GuildAction $invites Invites driver (don't pass it to clear driver).
 */
-    public function setInvitesDriver(IOTS_GuildAction $invites = null)
+    public function setInvitesDriver(?IOTS_GuildAction $invites = null)
    {
        $this->invites = $invites;
    }
@@ -107,7 +107,7 @@ class OTS_Guild extends OTS_Row_DAO implements IteratorAggregate, Countable
 *
 * @param IOTS_GuildAction $requests Membership requests driver (don't pass it to clear driver).
 */
-    public function setRequestsDriver(IOTS_GuildAction $requests = null)
+    public function setRequestsDriver(?IOTS_GuildAction $requests = null)
    {
        $this->requests = $requests;
    }
--- a/system/libs/pot/OTS_GuildRank.php
+++ b/system/libs/pot/OTS_GuildRank.php
@@ -60,7 +60,7 @@ class OTS_GuildRank extends OTS_Row_DAO implements IteratorAggregate, Countable
 * @throws PDOException On PDO operation error.
 * @throws E_OTS_NotLoaded If given <var>$guild</var> object is not loaded.
 */
-    public function find($name, OTS_Guild $guild = null)
+    public function find($name, ?OTS_Guild $guild = null)
    {
        $where = '';
--- a/system/libs/pot/OTS_InfoRespond.php
+++ b/system/libs/pot/OTS_InfoRespond.php
@@ -52,10 +52,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string TSPQ version.
 * @throws DOMException On DOM operation error.
 */
-    public function getTSPQVersion()
+	public function getTSPQVersion()
-    {
+	{
-        return $this->documentElement->getAttribute('version');
+		return $this->documentElement->getAttribute('version');
-    }
+	}
 /**
 * Returns server uptime.
@@ -63,10 +63,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return int Uptime.
 * @throws DOMException On DOM operation error.
 */
-    public function getUptime()
+	public function getUptime()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('uptime');
+		return (int) $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('uptime');
-    }
+	}
 /**
 * Returns server IP.
@@ -74,10 +74,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string IP.
 * @throws DOMException On DOM operation error.
 */
-    public function getIP()
+	public function getIP()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('ip');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('ip');
-    }
+	}
 /**
 * Returns server name.
@@ -85,10 +85,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Name.
 * @throws DOMException On DOM operation error.
 */
-    public function getName()
+	public function getName()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('servername');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('servername');
-    }
+	}
 /**
 * Returns server port.
@@ -96,10 +96,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return int Port.
 * @throws DOMException On DOM operation error.
 */
-    public function getPort()
+	public function getPort()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('port');
+		return (int) $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('port');
-    }
+	}
 /**
 * Returns server location.
@@ -107,10 +107,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Location.
 * @throws DOMException On DOM operation error.
 */
-    public function getLocation()
+	public function getLocation()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('location');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('location');
-    }
+	}
 /**
 * Returns server website.
@@ -118,10 +118,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Website URL.
 * @throws DOMException On DOM operation error.
 */
-    public function getURL()
+	public function getURL()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('url');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('url');
-    }
+	}
 /**
 * Returns server attribute.
@@ -131,10 +131,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Attribute value.
 * @throws DOMException On DOM operation error.
 */
-    public function getServer()
+	public function getServer()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('server');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('server');
-    }
+	}
 /**
 * Returns server version.
@@ -142,10 +142,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Version.
 * @throws DOMException On DOM operation error.
 */
-    public function getServerVersion()
+	public function getServerVersion()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('version');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('version');
-    }
+	}
 /**
 * Returns dedicated version of client.
@@ -153,10 +153,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Version.
 * @throws DOMException On DOM operation error.
 */
-    public function getClientVersion()
+	public function getClientVersion()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('client');
+		return $this->documentElement->getElementsByTagName('serverinfo')->item(0)->getAttribute('client');
-    }
+	}
 /**
 * Returns owner name.
@@ -164,10 +164,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Owner name.
 * @throws DOMException On DOM operation error.
 */
-    public function getOwner()
+	public function getOwner()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('owner')->item(0)->getAttribute('name');
+		return $this->documentElement->getElementsByTagName('owner')->item(0)->getAttribute('name');
-    }
+	}
 /**
 * Returns owner e-mail.
@@ -175,10 +175,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Owner e-mail.
 * @throws DOMException On DOM operation error.
 */
-    public function getEMail()
+	public function getEMail()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('owner')->item(0)->getAttribute('email');
+		return $this->documentElement->getElementsByTagName('owner')->item(0)->getAttribute('email');
-    }
+	}
 /**
 * Returns current amount of players online.
@@ -186,10 +186,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return int Count of players.
 * @throws DOMException On DOM operation error.
 */
-    public function getOnlinePlayers()
+	public function getOnlinePlayers()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('online');
+		return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('online');
-    }
+	}
 /**
 * Returns maximum amount of players online.
@@ -197,10 +197,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return int Maximum allowed count of players.
 * @throws DOMException On DOM operation error.
 */
-    public function getMaxPlayers()
+	public function getMaxPlayers()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('max');
+		return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('max');
-    }
+	}
 /**
 * Returns record of online players.
@@ -208,10 +208,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return int Players online record.
 * @throws DOMException On DOM operation error.
 */
-    public function getPlayersPeak()
+	public function getPlayersPeak()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('peak');
+		return (int) $this->documentElement->getElementsByTagName('players')->item(0)->getAttribute('peak');
-    }
+	}
 /**
 * Returns number of all monsters on map.
@@ -219,10 +219,15 @@ class OTS_InfoRespond extends DOMDocument
 * @return int Count of monsters.
 * @throws DOMException On DOM operation error.
 */
-    public function getMonstersCount()
+	public function getMonstersCount(): int
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('monsters')->item(0)->getAttribute('total');
+		return (int) $this->documentElement->getElementsByTagName('monsters')->item(0)->getAttribute('total');
-    }
+	}
 	public function getNPCsCount(): int
 	{
 		return (int) $this->documentElement->getElementsByTagName('npcs')->item(0)->getAttribute('total');
 	}
 /**
 * Returns map name.
@@ -230,10 +235,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Map name.
 * @throws DOMException On DOM operation error.
 */
-    public function getMapName()
+	public function getMapName()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('name');
+		return $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('name');
-    }
+	}
 /**
 * Returns map author.
@@ -241,10 +246,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Mapper name.
 * @throws DOMException On DOM operation error.
 */
-    public function getMapAuthor()
+	public function getMapAuthor()
-    {
+	{
-        return $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('author');
+		return $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('author');
-    }
+	}
 /**
 * Returns map width.
@@ -252,10 +257,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return int Map width.
 * @throws DOMException On DOM operation error.
 */
-    public function getMapWidth()
+	public function getMapWidth()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('width');
+		return (int) $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('width');
-    }
+	}
 /**
 * Returns map height.
@@ -263,10 +268,10 @@ class OTS_InfoRespond extends DOMDocument
 * @return int Map height.
 * @throws DOMException On DOM operation error.
 */
-    public function getMapHeight()
+	public function getMapHeight()
-    {
+	{
-        return (int) $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('height');
+		return (int) $this->documentElement->getElementsByTagName('map')->item(0)->getAttribute('height');
-    }
+	}
 /**
 * Returns server's Message Of The Day
@@ -275,21 +280,21 @@ class OTS_InfoRespond extends DOMDocument
 * @return string Server MOTD.
 * @throws DOMException On DOM operation error.
 */
-    public function getMOTD()
+	public function getMOTD()
-    {
+	{
-        // look for text node child
+		// look for text node child
-        foreach( $this->documentElement->getElementsByTagName('motd')->item(0)->childNodes as $child)
+		foreach( $this->documentElement->getElementsByTagName('motd')->item(0)->childNodes as $child)
-        {
+		{
-            if($child->nodeType == XML_TEXT_NODE)
+			if($child->nodeType == XML_TEXT_NODE)
-            {
+			{
-                // found
+				// found
-                return $child->nodeValue;
+				return $child->nodeValue;
-            }
+			}
-        }
+		}
-        // strange...
+		// strange...
-        return '';
+		return '';
-    }
+	}
 /**
 * Magic PHP5 method.
@@ -301,77 +306,77 @@ class OTS_InfoRespond extends DOMDocument
 * @throws OutOfBoundsException For non-supported properties.
 * @throws DOMException On DOM operation error.
 */
-    public function __get($name)
+	public function __get($name)
-    {
+	{
-        switch($name)
+		switch($name)
-        {
+		{
-            case 'tspqVersion':
+			case 'tspqVersion':
-                return $this->getTSPQVersion();
+				return $this->getTSPQVersion();
-            case 'uptime':
+			case 'uptime':
-                return $this->getUptime();
+				return $this->getUptime();
-            case 'ip':
+			case 'ip':
-                return $this->getIP();
+				return $this->getIP();
-            case 'name':
+			case 'name':
-                return $this->getName();
+				return $this->getName();
-            case 'port':
+			case 'port':
-                return $this->getPort();
+				return $this->getPort();
-            case 'location':
+			case 'location':
-                return $this->getLocation();
+				return $this->getLocation();
-            case 'url':
+			case 'url':
-                return $this->getURL();
+				return $this->getURL();
-            case 'server':
+			case 'server':
-                return $this->getServer();
+				return $this->getServer();
-            case 'serverVersion':
+			case 'serverVersion':
-                return $this->getServerVersion();
+				return $this->getServerVersion();
-            case 'clientVersion':
+			case 'clientVersion':
-                return $this->getClientVersion();
+				return $this->getClientVersion();
-            case 'owner':
+			case 'owner':
-                return $this->getOwner();
+				return $this->getOwner();
-            case 'eMail':
+			case 'eMail':
-                return $this->getEMail();
+				return $this->getEMail();
-            case 'onlinePlayers':
+			case 'onlinePlayers':
-                return $this->getOnlinePlayers();
+				return $this->getOnlinePlayers();
-            case 'maxPlayers':
+			case 'maxPlayers':
-                return $this->getMaxPlayers();
+				return $this->getMaxPlayers();
-            case 'playersPeak':
+			case 'playersPeak':
-                return $this->getPlayersPeak();
+				return $this->getPlayersPeak();
-            case 'monstersCount':
+			case 'monstersCount':
-                return $this->getMonstersCount();
+				return $this->getMonstersCount();
-            case 'mapName':
+			case 'mapName':
-                return $this->getMapName();
+				return $this->getMapName();
-            case 'mapAuthor':
+			case 'mapAuthor':
-                return $this->getMapAuthor();
+				return $this->getMapAuthor();
-            case 'mapWidth':
+			case 'mapWidth':
-                return $this->getMapWidth();
+				return $this->getMapWidth();
-            case 'mapHeight':
+			case 'mapHeight':
-                return $this->getMapHeight();
+				return $this->getMapHeight();
-            case 'motd':
+			case 'motd':
-                return $this->getMOTD();
+				return $this->getMOTD();
-            default:
+			default:
-                throw new OutOfBoundsException();
+				throw new OutOfBoundsException();
-        }
+		}
-    }
+	}
 /**
 * Returns string representation of XML.
@@ -380,10 +385,10 @@ class OTS_InfoRespond extends DOMDocument
 * @since 0.1.0
 * @return string String representation of object.
 */
-    public function __toString()
+	public function __toString()
-    {
+	{
-        return $this->saveXML();
+		return $this->saveXML();
-    }
+	}
 }
 /**#@-*/
--- a/system/libs/pot/OTS_Monster.php
+++ b/system/libs/pot/OTS_Monster.php
@@ -284,7 +284,7 @@ class OTS_Monster extends DOMDocument
 */
 	public function getLook()
 	{
-		$look = array();
+		$look = [];
 		$element = $this->documentElement->getElementsByTagName('look')->item(0);
@@ -292,14 +292,30 @@ class OTS_Monster extends DOMDocument
 			return $look;
 		}
-		$look['type'] = $element->getAttribute('type');
+		if ($element->hasAttribute('typeex')) {
-		$look['typeex'] = $element->getAttribute('typeex');
+			$look['typeEx'] = (int) $element->getAttribute('typeex');
-		$look['head'] = $element->getAttribute('head');
+		}
-		$look['body'] = $element->getAttribute('body');
+		if ($element->hasAttribute('type')) {
-		$look['legs'] = $element->getAttribute('legs');
+			$look['type'] = (int) $element->getAttribute('type');
-		$look['feet'] = $element->getAttribute('feet');
+		}
-		$look['addons'] = $element->getAttribute('addons');
+		if ($element->hasAttribute('head')) {
-		$look['corpse'] = $element->getAttribute('corpse');
+			$look['head'] = (int) $element->getAttribute('head');
 		}
 		if ($element->hasAttribute('body')) {
 			$look['body'] = (int) $element->getAttribute('body');
 		}
 		if ($element->hasAttribute('legs')) {
 			$look['legs'] = (int) $element->getAttribute('legs');
 		}
 		if ($element->hasAttribute('feet')) {
 			$look['feet'] = (int) $element->getAttribute('feet');
 		}
 		if ($element->hasAttribute('addons')) {
 			$look['addons'] = (int) $element->getAttribute('addons');
 		}
 		if ($element->hasAttribute('corpse')) {
 			$look['corpse'] = (int) $element->getAttribute('corpse');
 		}
 		return $look;
 	}
--- a/system/libs/pot/OTS_Player.php
+++ b/system/libs/pot/OTS_Player.php
@@ -2026,7 +2026,7 @@ class OTS_Player extends OTS_Row_DAO
 * @param OTS_GuildRank|null Guild rank (null to clear assign).
 * @throws E_OTS_NotLoaded If passed <var>$guildRank</var> parameter is not loaded.
 */
-	public function setRank(OTS_GuildRank $guildRank = null)
+	public function setRank(?OTS_GuildRank $guildRank = null)
 	{
 		if(isset($guildRank))
 			$this->setRankId($guildRank->getId(), $guildRank->getGuild()->getId());
@@ -2632,7 +2632,7 @@ class OTS_Player extends OTS_Row_DAO
 * @throws E_OTS_NotLoaded If player is not loaded.
 * @throws PDOException On PDO operation error.
 */
-	public function setSlot($slot, OTS_Item $item = null, $pid = 0)
+	public function setSlot($slot, ?OTS_Item $item = null, $pid = 0)
 	{
 		static $sid;
@@ -2776,7 +2776,7 @@ class OTS_Player extends OTS_Row_DAO
 * @throws E_OTS_NotLoaded If player is not loaded.
 * @throws PDOException On PDO operation error.
 */
-	public function setDepot($depot, OTS_Item $item = null, $pid = 0, $depot_id = 0)
+	public function setDepot($depot, ?OTS_Item $item = null, $pid = 0, $depot_id = 0)
 	{
 		static $sid;
@@ -2919,6 +2919,32 @@ class OTS_Player extends OTS_Row_DAO
 		$this->data['banned'] = $ban['active'];
 		$this->data['banned_time'] = $ban['expires'];
 	}
 	public function isNameLocked(): bool
 	{
 		// nothing can't be banned
 		if( !$this->isLoaded() ) {
 			throw new E_OTS_NotLoaded();
 		}
 		if($this->db->hasTable('player_namelocks')) {
 			$ban = $this->db->query('SELECT 1 FROM `player_namelocks` WHERE `player_id` = ' . $this->data['id'])->fetch(PDO::FETCH_ASSOC);
 			return (isset($ban['1']));
 		}
 		else if($this->db->hasTable('bans')) {
 			if($this->db->hasColumn('bans', 'active')) {
 				$ban = $this->db->query('SELECT `active`, `expires` FROM `bans` WHERE `type` = 2 AND `active` = 1 AND `value` = ' . $this->data['id'] . ' AND (`expires` > ' . time() .' OR `expires` = -1) ORDER BY `expires` DESC')->fetch();
 				return isset($ban['active']);
 			}
 			else { // tfs 0.2
 				$ban = $this->db->query('SELECT `time` FROM `bans` WHERE `type` = 2 AND `account` = ' . $this->data['account_id'] . ' AND (`time` > ' . time() .' OR `time` = -1) ORDER BY `time` DESC')->fetch();
 				return isset($ban['time']) && ($ban['time'] == -1 || $ban['time'] > 0);
 			}
 		}
 		return false;
 	}
 /**
 * Deletes player.
 *
@@ -2953,21 +2979,14 @@ class OTS_Player extends OTS_Row_DAO
 * @return string Player proffesion name.
 * @throws E_OTS_NotLoaded If player is not loaded or global vocations list is not loaded.
 */
-	public function getVocationName()
+	public function getVocationName(): string
 	{
 		if( !isset($this->data['vocation']) )
 		{
 			throw new E_OTS_NotLoaded();
 		}
-		global $config;
+		return OTS_Toolbox::getVocationName($this->data['vocation'], $this->data['promotion'] ?? 0);
 		$voc = $this->getVocation();
 		if(!isset($config['vocations'][$voc])) {
 			return 'Unknown';
 		}
 		return $config['vocations'][$voc];
 		//return POT::getInstance()->getVocationsList()->getVocationName($this->data['vocation']);
 	}
 /**
--- a/system/libs/pot/OTS_ServerInfo.php
+++ b/system/libs/pot/OTS_ServerInfo.php
@@ -26,14 +26,19 @@ class OTS_ServerInfo
 *
 * @var string
 */
-    private $server;
+	private string $server;
 /**
 * Connection port.
 *
 * @var int
 */
-    private $port;
+	private int $port;
 	/**
 	 * Status timeout
 	 */
 	private float $timeout = 2.0;
 /**
 * Creates handler for new server.
@@ -41,11 +46,11 @@ class OTS_ServerInfo
 * @param string $server Server IP/domain.
 * @param int $port OTServ port.
 */
-    public function __construct($server, $port)
+	public function __construct($server, $port)
-    {
+	{
-        $this->server = $server;
+		$this->server = $server;
-        $this->port = $port;
+		$this->port = $port;
-    }
+	}
 /**
 * Sends packet to server.
@@ -54,46 +59,46 @@ class OTS_ServerInfo
 * @return OTS_Buffer|null Respond buffer (null if server is offline).
 * @throws E_OTS_OutOfBuffer When there is read attemp after end of packet stream.
 */
-    private function send(OTS_Buffer $packet)
+	private function send(OTS_Buffer $packet)
-    {
+	{
-        // connects to server
+		// connects to server
-        $socket = @fsockopen($this->server, $this->port, $error, $message, setting('core.status_timeout'));
+		$socket = @fsockopen($this->server, $this->port, $error, $message, $this->timeout);
-        // if connected then checking statistics
+		// if connected then checking statistics
-        if($socket)
+		if($socket)
-        {
+		{
-            // sets 5 second timeout for reading and writing
+			// sets 5 second timeout for reading and writing
-            stream_set_timeout($socket, 5);
+			stream_set_timeout($socket, 5);
-            // creates real packet
+			// creates real packet
-            $packet = $packet->getBuffer();
+			$packet = $packet->getBuffer();
-            $packet = pack('v', strlen($packet) ) . $packet;
+			$packet = pack('v', strlen($packet) ) . $packet;
-            // sends packet with request
+			// sends packet with request
-            // 06 - length of packet, 255, 255 is the comamnd identifier, 'info' is a request
+			// 06 - length of packet, 255, 255 is the comamnd identifier, 'info' is a request
-            fwrite($socket, $packet);
+			fwrite($socket, $packet);
-            // reads respond
+			// reads respond
-            //$data = stream_get_contents($socket);
+			//$data = stream_get_contents($socket);
 			$data = '';
 			while (!feof($socket))
 				$data .= fgets($socket, 1024);
-            // closing connection to current server
+			// closing connection to current server
-            fclose($socket);
+			fclose($socket);
-            // sometimes server returns empty info
+			// sometimes server returns empty info
-            if( empty($data) )
+			if( empty($data) )
-            {
+			{
-                // returns offline state
+				// returns offline state
-                return false;
+				return false;
-            }
+			}
-            return new OTS_Buffer($data);
+			return new OTS_Buffer($data);
-        }
+		}
-        return false;
+		return false;
-    }
+	}
 /**
 * Queries server status.
@@ -108,30 +113,30 @@ class OTS_ServerInfo
 * @example examples/info.php info.php
 * @tutorial POT/Server_status.pkg
 */
-    public function status()
+	public function status()
-    {
+	{
-        // request packet
+		// request packet
-        $request = new OTS_Buffer();
+		$request = new OTS_Buffer();
-        $request->putChar(255);
+		$request->putChar(255);
-        $request->putChar(255);
+		$request->putChar(255);
-        $request->putString('info', false);
+		$request->putString('info', false);
-        $status = $this->send($request);
+		$status = $this->send($request);
-        // checks if server is online
+		// checks if server is online
-        if($status)
+		if($status)
-        {
+		{
-            // loads respond XML
+			// loads respond XML
-            $info = new OTS_InfoRespond();
+			$info = new OTS_InfoRespond();
-            if(!$info->loadXML( $status->getBuffer()))
+			if(!$info->loadXML( $status->getBuffer()))
 				return false;
-            return $info;
+			return $info;
-        }
+		}
-        // offline
+		// offline
-        return false;
+		return false;
-    }
+	}
 /**
 * Queries server information.
@@ -146,26 +151,26 @@ class OTS_ServerInfo
 * @example examples/server.php info.php
 * @tutorial POT/Server_status.pkg
 */
-    public function info($flags)
+	public function info($flags)
-    {
+	{
-        // request packet
+		// request packet
-        $request = new OTS_Buffer();
+		$request = new OTS_Buffer();
-        $request->putChar(255);
+		$request->putChar(255);
-        $request->putChar(1);
+		$request->putChar(1);
-        $request->putShort($flags);
+		$request->putShort($flags);
-        $status = $this->send($request);
+		$status = $this->send($request);
-        // checks if server is online
+		// checks if server is online
-        if($status)
+		if($status)
-        {
+		{
-            // loads respond
+			// loads respond
-            return new OTS_ServerStatus($status);
+			return new OTS_ServerStatus($status);
-        }
+		}
-        // offline
+		// offline
-        return false;
+		return false;
-    }
+	}
 /**
 * Checks player online status.
@@ -180,27 +185,27 @@ class OTS_ServerInfo
 * @example examples/server.php info.php
 * @tutorial POT/Server_status.pkg
 */
-    public function playerStatus($name)
+	public function playerStatus($name)
-    {
+	{
-        // request packet
+		// request packet
-        $request = new OTS_Buffer();
+		$request = new OTS_Buffer();
-        $request->putChar(255);
+		$request->putChar(255);
-        $request->putChar(1);
+		$request->putChar(1);
-        $request->putShort(OTS_ServerStatus::REQUEST_PLAYER_STATUS_INFO);
+		$request->putShort(OTS_ServerStatus::REQUEST_PLAYER_STATUS_INFO);
-        $request->putString($name);
+		$request->putString($name);
-        $status = $this->send($request);
+		$status = $this->send($request);
-        // checks if server is online
+		// checks if server is online
-        if($status)
+		if($status)
-        {
+		{
-            $status->getChar();
+			$status->getChar();
-            return (bool) $status->getChar();
+			return (bool) $status->getChar();
-        }
+		}
-        // offline
+		// offline
-        return false;
+		return false;
-    }
+	}
 /**
 * Magic PHP5 method.
@@ -210,20 +215,24 @@ class OTS_ServerInfo
 * @throws OutOfBoundsException For non-supported properties.
 * @throws E_OTS_OutOfBuffer When there is read attemp after end of packet stream.
 */
-    public function __get($name)
+	public function __get($name)
-    {
+	{
-        switch($name)
+		switch($name)
-        {
+		{
-            case 'status':
+			case 'status':
-                return $this->status();
+				return $this->status();
-            case 'info':
+			case 'info':
-                return $this->info(OTS_ServerStatus::REQUEST_BASIC_SERVER_INFO | OTS_ServerStatus::REQUEST_OWNER_SERVER_INFO | OTS_ServerStatus::REQUEST_MISC_SERVER_INFO | OTS_ServerStatus::REQUEST_PLAYERS_INFO | OTS_ServerStatus::REQUEST_MAP_INFO | OTS_ServerStatus::REQUEST_PLAYER_STATUS_INFO);
+				return $this->info(OTS_ServerStatus::REQUEST_BASIC_SERVER_INFO | OTS_ServerStatus::REQUEST_OWNER_SERVER_INFO | OTS_ServerStatus::REQUEST_MISC_SERVER_INFO | OTS_ServerStatus::REQUEST_PLAYERS_INFO | OTS_ServerStatus::REQUEST_MAP_INFO | OTS_ServerStatus::REQUEST_PLAYER_STATUS_INFO);
-            default:
+			default:
-                throw new OutOfBoundsException();
+				throw new OutOfBoundsException();
-        }
+		}
-    }
+	}
 	public function setTimeout($timeout) {
 		$this->timeout = $timeout;
 	}
 }
 /**#@-*/
--- a/system/libs/pot/OTS_ServerStatus.php
+++ b/system/libs/pot/OTS_ServerStatus.php
@@ -40,175 +40,175 @@ class OTS_ServerStatus
 /**
 * Basic server info.
 */
-    const REQUEST_BASIC_SERVER_INFO = 1;
+	const REQUEST_BASIC_SERVER_INFO = 1;
 /**
 * Server owner info.
 */
-    const REQUEST_OWNER_SERVER_INFO = 2;
+	const REQUEST_OWNER_SERVER_INFO = 2;
 /**
 * Server extra info.
 */
-    const REQUEST_MISC_SERVER_INFO = 4;
+	const REQUEST_MISC_SERVER_INFO = 4;
 /**
 * Players stats info.
 */
-    const REQUEST_PLAYERS_INFO = 8;
+	const REQUEST_PLAYERS_INFO = 8;
 /**
 * Map info.
 */
-    const REQUEST_MAP_INFO = 16;
+	const REQUEST_MAP_INFO = 16;
 /**
 * Extended players info.
 */
-    const REQUEST_EXT_PLAYERS_INFO = 32;
+	const REQUEST_EXT_PLAYERS_INFO = 32;
 /**
 * Player status info.
 */
-    const REQUEST_PLAYER_STATUS_INFO = 64;
+	const REQUEST_PLAYER_STATUS_INFO = 64;
 /**
 * Server software info.
 */
-    const REQUEST_SERVER_SOFTWARE_INFO = 128;
+	const REQUEST_SERVER_SOFTWARE_INFO = 128;
 /**
 * Basic server respond.
 */
-    const RESPOND_BASIC_SERVER_INFO = 0x10;
+	const RESPOND_BASIC_SERVER_INFO = 0x10;
 /**
 * Server owner respond.
 */
-    const RESPOND_OWNER_SERVER_INFO = 0x11;
+	const RESPOND_OWNER_SERVER_INFO = 0x11;
 /**
 * Server extra respond.
 */
-    const RESPOND_MISC_SERVER_INFO = 0x12;
+	const RESPOND_MISC_SERVER_INFO = 0x12;
 /**
 * Players stats respond.
 */
-    const RESPOND_PLAYERS_INFO = 0x20;
+	const RESPOND_PLAYERS_INFO = 0x20;
 /**
 * Map respond.
 */
-    const RESPOND_MAP_INFO = 0x30;
+	const RESPOND_MAP_INFO = 0x30;
 /**
 * Extended players info.
 */
-    const RESPOND_EXT_PLAYERS_INFO = 0x21;
+	const RESPOND_EXT_PLAYERS_INFO = 0x21;
 /**
 * Player status info.
 */
-    const RESPOND_PLAYER_STATUS_INFO = 0x22;
+	const RESPOND_PLAYER_STATUS_INFO = 0x22;
 /**
 * Server software info.
 */
-    const RESPOND_SERVER_SOFTWARE_INFO = 0x23;
+	const RESPOND_SERVER_SOFTWARE_INFO = 0x23;
 /**
 * Server name.
 *
 * @var string
 */
-    private $name;
+	private $name;
 /**
 * Server IP.
 *
 * @var string
 */
-    private $ip;
+	private $ip;
 /**
 * Server port.
 *
 * @var string
 */
-    private $port;
+	private $port;
 /**
 * Owner name.
 *
 * @var string
 */
-    private $owner;
+	private $owner;
 /**
 * Owner's e-mail.
 *
 * @var string
 */
-    private $eMail;
+	private $eMail;
 /**
 * Message of the day.
 *
 * @var string
 */
-    private $motd;
+	private $motd;
 /**
 * Server location.
 *
 * @var string
 */
-    private $location;
+	private $location;
 /**
 * Website URL.
 *
 * @var string
 */
-    private $url;
+	private $url;
 /**
 * Uptime.
 *
 * @var int
 */
-    private $uptime;
+	private $uptime;
 /**
 * Status version.
 *
 * @var string
 */
-    private $version;
+	private $version;
 /**
 * Players online.
 *
 * @var int
 */
-    private $online;
+	private $online;
 /**
 * Maximum players.
 *
 * @var int
 */
-    private $max;
+	private $max;
 /**
 * Players peak.
 *
 * @var int
 */
-    private $peak;
+	private $peak;
 /**
 * Map name.
 *
 * @var string
 */
-    private $map;
+	private $map;
 /**
 * Map author.
 *
 * @var string
 */
-    private $author;
+	private $author;
 /**
 * Map width.
 *
 * @var int
 */
-    private $width;
+	private $width;
 /**
 * Map height.
 *
 * @var int
 */
-    private $height;
+	private $height;
 /**
 * Players online list.
 *
 * @var array
 */
-    private $players = array();
+	private $players = array();
 /**
 * Server software.
@@ -224,277 +224,277 @@ class OTS_ServerStatus
 *
 * @param OTS_Buffer $info Information packet.
 */
-    public function __construct(OTS_Buffer $info)
+	public function __construct(OTS_Buffer $info)
-    {
+	{
-        // skips packet length
+		// skips packet length
-        $info->getShort();
+		$info->getShort();
-        while( $info->isValid() )
+		while( $info->isValid() )
-        {
+		{
-            switch( $info->getChar() )
+			switch( $info->getChar() )
-            {
+			{
-                case self::RESPOND_BASIC_SERVER_INFO:
+				case self::RESPOND_BASIC_SERVER_INFO:
-                    $this->name = $info->getString();
+					$this->name = $info->getString();
-                    $this->ip = $info->getString();
+					$this->ip = $info->getString();
-                    $this->port = (int) $info->getString();
+					$this->port = (int) $info->getString();
-                    break;
+					break;
-                case self::RESPOND_OWNER_SERVER_INFO:
+				case self::RESPOND_OWNER_SERVER_INFO:
-                    $this->owner = $info->getString();
+					$this->owner = $info->getString();
-                    $this->eMail = $info->getString();
+					$this->eMail = $info->getString();
-                    break;
+					break;
-                case self::RESPOND_MISC_SERVER_INFO:
+				case self::RESPOND_MISC_SERVER_INFO:
-                    $this->motd = $info->getString();
+					$this->motd = $info->getString();
-                    $this->location = $info->getString();
+					$this->location = $info->getString();
-                    $this->url = $info->getString();
+					$this->url = $info->getString();
-                    $uptime = $info->getLong() << 32;
+					$uptime = $info->getLong() << 32;
-                    $this->uptime += $info->getLong() + $uptime;
+					$this->uptime += $info->getLong() + $uptime;
-                    $this->version = $info->getString();
+					$this->version = $info->getString();
-                    break;
+					break;
-                case self::RESPOND_PLAYERS_INFO:
+				case self::RESPOND_PLAYERS_INFO:
-                    $this->online = $info->getLong();
+					$this->online = $info->getLong();
-                    $this->max = $info->getLong();
+					$this->max = $info->getLong();
-                    $this->peak = $info->getLong();
+					$this->peak = $info->getLong();
-                    break;
+					break;
-                case self::RESPOND_MAP_INFO:
+				case self::RESPOND_MAP_INFO:
-                    $this->map = $info->getString();
+					$this->map = $info->getString();
-                    $this->author = $info->getString();
+					$this->author = $info->getString();
-                    $this->width = $info->getShort();
+					$this->width = $info->getShort();
-                    $this->height = $info->getShort();
+					$this->height = $info->getShort();
-                    break;
+					break;
-                case self::RESPOND_EXT_PLAYERS_INFO:
+				case self::RESPOND_EXT_PLAYERS_INFO:
-                    $count = $info->getLong();
+					$count = $info->getLong();
-                    for($i = 0; $i < $count; $i++)
+					for($i = 0; $i < $count; $i++)
-                    {
+					{
-                        $name = $info->getString();
+						$name = $info->getString();
-                        $this->players[$name] = $info->getLong();
+						$this->players[$name] = $info->getLong();
-                    }
+					}
-                    break;
+					break;
 				case self::RESPOND_SERVER_SOFTWARE_INFO:
 					$this->softwareName = $info->getString();
 					$this->softwareVersion = $info->getString();
 					$this->softwareProtocol = $info->getString();
 					break;
-            }
+			}
-        }
+		}
-    }
+	}
 /**
 * Returns server uptime.
 *
 * @return int Uptime.
 */
-    public function getUptime()
+	public function getUptime()
-    {
+	{
-        return $this->uptime;
+		return $this->uptime;
-    }
+	}
 /**
 * Returns server IP.
 *
 * @return string IP.
 */
-    public function getIP()
+	public function getIP()
-    {
+	{
-        return $this->ip;
+		return $this->ip;
-    }
+	}
 /**
 * Returns server name.
 *
 * @return string Name.
 */
-    public function getName()
+	public function getName()
-    {
+	{
-        return $this->name;
+		return $this->name;
-    }
+	}
 /**
 * Returns server port.
 *
 * @return int Port.
 */
-    public function getPort()
+	public function getPort()
-    {
+	{
-        return $this->port;
+		return $this->port;
-    }
+	}
 /**
 * Returns server location.
 *
 * @return string Location.
 */
-    public function getLocation()
+	public function getLocation()
-    {
+	{
-        return $this->location;
+		return $this->location;
-    }
+	}
 /**
 * Returns server website.
 *
 * @return string Website URL.
 */
-    public function getURL()
+	public function getURL()
-    {
+	{
-        return $this->url;
+		return $this->url;
-    }
+	}
 /**
 * Returns server version.
 *
 * @return string Version.
 */
-    public function getServerVersion()
+	public function getServerVersion()
-    {
+	{
-        return $this->version;
+		return $this->version;
-    }
+	}
 /**
 * Returns owner name.
 *
 * @return string Owner name.
 */
-    public function getOwner()
+	public function getOwner()
-    {
+	{
-        return $this->owner;
+		return $this->owner;
-    }
+	}
 /**
 * Returns owner e-mail.
 *
 * @return string Owner e-mail.
 */
-    public function getEMail()
+	public function getEMail()
-    {
+	{
-        return $this->eMail;
+		return $this->eMail;
-    }
+	}
 /**
 * Returns current amount of players online.
 *
 * @return int Count of players.
 */
-    public function getOnlinePlayers()
+	public function getOnlinePlayers()
-    {
+	{
-        return $this->online;
+		return $this->online;
-    }
+	}
 /**
 * Returns maximum amount of players online.
 *
 * @return int Maximum allowed count of players.
 */
-    public function getMaxPlayers()
+	public function getMaxPlayers()
-    {
+	{
-        return $this->max;
+		return $this->max;
-    }
+	}
 /**
 * Returns record of online players.
 *
 * @return int Players online record.
 */
-    public function getPlayersPeak()
+	public function getPlayersPeak()
-    {
+	{
-        return $this->peak;
+		return $this->peak;
-    }
+	}
 /**
 * Returns map name.
 *
 * @return string Map name.
 */
-    public function getMapName()
+	public function getMapName()
-    {
+	{
-        return $this->map;
+		return $this->map;
-    }
+	}
 /**
 * Returns map author.
 *
 * @return string Mapper name.
 */
-    public function getMapAuthor()
+	public function getMapAuthor()
-    {
+	{
-        return $this->author;
+		return $this->author;
-    }
+	}
 /**
 * Returns map width.
 *
 * @return int Map width.
 */
-    public function getMapWidth()
+	public function getMapWidth()
-    {
+	{
-        return $this->width;
+		return $this->width;
-    }
+	}
 /**
 * Returns map height.
 *
 * @return int Map height.
 */
-    public function getMapHeight()
+	public function getMapHeight()
-    {
+	{
-        return $this->height;
+		return $this->height;
-    }
+	}
 /**
 * Returns server's Message Of The Day
 *
 * @return string Server MOTD.
 */
-    public function getMOTD()
+	public function getMOTD()
-    {
+	{
-        return $this->motd;
+		return $this->motd;
-    }
+	}
 /**
 * Returns list of players currently online.
 *
 * @return array List of players in format 'name' => level.
 */
-    public function getPlayers()
+	public function getPlayers()
-    {
+	{
-    }
+	}
 /**
 * Returns software name.
 *
 * @return string Software name.
 */
-    public function getSoftwareName()
+	public function getSoftwareName()
-    {
+	{
-        return $this->softwareName;
+		return $this->softwareName;
-    }
+	}
 /**
 * Returns software version.
 *
 * @return string Software version.
 */
-    public function getSoftwareVersion()
+	public function getSoftwareVersion()
-    {
+	{
-        return $this->softwareVersion;
+		return $this->softwareVersion;
-    }
+	}
 /**
 * Returns software protocol.
 *
 * @return string Software protocol.
 */
-    public function getSoftwareProtocol()
+	public function getSoftwareProtocol()
-    {
+	{
-        return $this->softwareProtocol;
+		return $this->softwareProtocol;
-    }
+	}
 /**
 * Magic PHP5 method.
@@ -503,68 +503,68 @@ class OTS_ServerStatus
 * @return mixed Property value.
 * @throws OutOfBoundsException For non-supported properties.
 */
-    public function __get($name)
+	public function __get($name)
-    {
+	{
-        switch($name)
+		switch($name)
-        {
+		{
-            case 'uptime':
+			case 'uptime':
-                return $this->getUptime();
+				return $this->getUptime();
-            case 'ip':
+			case 'ip':
-                return $this->getIP();
+				return $this->getIP();
-            case 'name':
+			case 'name':
-                return $this->getName();
+				return $this->getName();
-            case 'port':
+			case 'port':
-                return $this->getPort();
+				return $this->getPort();
-            case 'location':
+			case 'location':
-                return $this->getLocation();
+				return $this->getLocation();
-            case 'url':
+			case 'url':
-                return $this->getURL();
+				return $this->getURL();
-            case 'serverVersion':
+			case 'serverVersion':
-                return $this->getServerVersion();
+				return $this->getServerVersion();
-            case 'owner':
+			case 'owner':
-                return $this->getOwner();
+				return $this->getOwner();
-            case 'eMail':
+			case 'eMail':
-                return $this->getEMail();
+				return $this->getEMail();
-            case 'onlinePlayers':
+			case 'onlinePlayers':
-                return $this->getOnlinePlayers();
+				return $this->getOnlinePlayers();
-            case 'maxPlayers':
+			case 'maxPlayers':
-                return $this->getMaxPlayers();
+				return $this->getMaxPlayers();
-            case 'playersPeak':
+			case 'playersPeak':
-                return $this->getPlayersPeak();
+				return $this->getPlayersPeak();
-            case 'mapName':
+			case 'mapName':
-                return $this->getMapName();
+				return $this->getMapName();
-            case 'mapAuthor':
+			case 'mapAuthor':
-                return $this->getMapAuthor();
+				return $this->getMapAuthor();
-            case 'mapWidth':
+			case 'mapWidth':
-                return $this->getMapWidth();
+				return $this->getMapWidth();
-            case 'mapHeight':
+			case 'mapHeight':
-                return $this->getMapHeight();
+				return $this->getMapHeight();
-            case 'motd':
+			case 'motd':
-                return $this->getMOTD();
+				return $this->getMOTD();
-            case 'players':
+			case 'players':
-                return $this->getPlayers();
+				return $this->getPlayers();
-            default:
+			default:
-                throw new OutOfBoundsException();
+				throw new OutOfBoundsException();
-        }
+		}
-    }
+	}
 }
 /**#@-*/
--- a/system/libs/pot/OTS_Toolbox.php
+++ b/system/libs/pot/OTS_Toolbox.php
@@ -29,11 +29,11 @@ class OTS_Toolbox
 * @return int Experience points for level.
 */
 	public static function experienceForLevel($level, $experience = 0)
-    {
+	{
-        //return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
+		//return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
 		$level = $level - 1;
 		return ((50 * $level * $level * $level) - (150 * $level * $level) + (400 * $level)) / 3;
-    }
+	}
 /**
 * Finds out which level user have basing on his/her experience.
@@ -45,19 +45,19 @@ class OTS_Toolbox
 * @param int $experience Current experience points.
 * @return int Experience level.
 */
-    public static function levelForExperience($experience)
+	public static function levelForExperience($experience)
-    {
+	{
-        // default level
+		// default level
-        $level = 1;
+		$level = 1;
-        // until we will find level which requires more experience then we have we will step to next
+		// until we will find level which requires more experience then we have we will step to next
-        while( self::experienceForLevel($level + 1) <= $experience)
+		while( self::experienceForLevel($level + 1) <= $experience)
-        {
+		{
-            $level++;
+			$level++;
-        }
+		}
-        return $level;
+		return $level;
-    }
+	}
 /**
 * @version 0.1.5
@@ -65,25 +65,25 @@ class OTS_Toolbox
 * @return OTS_Players_List Filtered list.
 * @deprecated 0.1.5 Use OTS_PlayerBans_List.
 */
-    public static function bannedPlayers()
+	public static function bannedPlayers()
-    {
+	{
-        // creates filter
+		// creates filter
-        $filter = new OTS_SQLFilter();
+		$filter = new OTS_SQLFilter();
-        $filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_PLAYER);
+		$filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_PLAYER);
-        $filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
+		$filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
-        $filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'players') );
+		$filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'players') );
-        // selects only active bans
+		// selects only active bans
-        $actives = new OTS_SQLFilter();
+		$actives = new OTS_SQLFilter();
-        $actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
+		$actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
-        $actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
+		$actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
-        $filter->addFilter($actives);
+		$filter->addFilter($actives);
-        // creates list and aplies filter
+		// creates list and aplies filter
-        $list = new OTS_Players_List();
+		$list = new OTS_Players_List();
-        $list->setFilter($filter);
+		$list->setFilter($filter);
-        return $list;
+		return $list;
-    }
+	}
 /**
 * @version 0.1.5
@@ -91,25 +91,34 @@ class OTS_Toolbox
 * @return OTS_Accounts_List Filtered list.
 * @deprecated 0.1.5 Use OTS_AccountBans_List.
 */
-    public static function bannedAccounts()
+	public static function bannedAccounts()
-    {
+	{
-        // creates filter
+		// creates filter
-        $filter = new OTS_SQLFilter();
+		$filter = new OTS_SQLFilter();
-        $filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_ACCOUNT);
+		$filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_ACCOUNT);
-        $filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
+		$filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
-        $filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'accounts') );
+		$filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'accounts') );
-        // selects only active bans
+		// selects only active bans
-        $actives = new OTS_SQLFilter();
+		$actives = new OTS_SQLFilter();
-        $actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
+		$actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
-        $actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
+		$actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
-        $filter->addFilter($actives);
+		$filter->addFilter($actives);
-        // creates list and aplies filter
+		// creates list and aplies filter
-        $list = new OTS_Accounts_List();
+		$list = new OTS_Accounts_List();
-        $list->setFilter($filter);
+		$list->setFilter($filter);
-        return $list;
+		return $list;
-    }
+	}
 	public static function getVocationName($id, $promotion = 0): string
 	{
 		if($promotion > 0) {
 			$id = ($id + ($promotion * config('vocations_amount')));
 		}
 		return config('vocations')[$id] ?? 'Unknown';
 	}
 }
 /**#@-*/
--- a/system/locale/de/install.php
+++ b/system/locale/de/install.php
@@ -48,6 +48,8 @@ $locale['step_config'] = 'Konfiguration';
 $locale['step_config_title'] = 'Grundkonfiguration';
 $locale['step_config_server_path'] = 'Serverpfad';
 $locale['step_config_server_path_desc'] = 'Pfad zu Ihrem TFS-Hauptverzeichnis, in dem sich die config.lua befinden.';
 $locale['step_config_site_url'] = 'Website URL';
 $locale['step_config_site_url_desc'] = 'Ihre Website-Adresse.';
 $locale['step_config_mail_admin'] = 'Admin E-Mail';
 $locale['step_config_mail_admin_desc'] = 'Adresse, an die E-Mails aus dem Kontaktformular gesendet werden, z. B. admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'Admin E-Mail ist nicht korrekt.';
--- a/system/locale/en/install.php
+++ b/system/locale/en/install.php
@@ -52,6 +52,8 @@ $locale['step_config'] = 'Configuration';
 $locale['step_config_title'] = 'Basic configuration';
 $locale['step_config_server_path'] = 'Server path';
 $locale['step_config_server_path_desc'] = 'Path to your TFS main directory, where you have config.lua located.';
 $locale['step_config_site_url'] = 'Website URL';
 $locale['step_config_site_url_desc'] = 'Your website address.';
 $locale['step_config_mail_admin'] = 'Admin Email';
 $locale['step_config_mail_admin_desc'] = 'Address where emails from contact form will be delivered, for example admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'Admin Email is not correct.';
--- a/system/locale/pl/install.php
+++ b/system/locale/pl/install.php
@@ -52,6 +52,8 @@ $locale['step_config'] = 'Konfiguracja';
 $locale['step_config_title'] = 'Podstawowa konfiguracja';
 $locale['step_config_server_path'] = 'Ścieżka do serwera';
 $locale['step_config_server_path_desc'] = 'Ścieżka do Twojego folderu z TFS, gdzie znajduje się plik config.lua.';
 $locale['step_config_server_url'] = 'Adres strony';
 $locale['step_config_server_url_desc'] = 'Adres tej strony www.';
 $locale['step_config_mail_admin'] = 'E-Mail admina';
 $locale['step_config_mail_admin_desc'] = 'Na ten adres będą dostarczane E-Maile z formularza kontaktowego, przykładowo admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'E-Mail admina jest niepoprawny.';
--- a/system/migrations/17.php
+++ b/system/migrations/17.php
@@ -10,8 +10,13 @@ $up = function () use ($db) {
 		$db->exec(file_get_contents(__DIR__ . '/17-menu.sql'));
 	}
-	Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php');
+	$themes = ['kathrine', 'tibiacom',];
-	Plugins::installMenus('tibiacom', require TEMPLATES . 'tibiacom/menus.php');
+	foreach ($themes as $theme) {
 		$file = TEMPLATES . $theme . '/menus.php';
 		if (is_file($file)) {
 			Plugins::installMenus($theme, require $file);
 		}
 	}
 };
 $down = function () use ($db) {
--- a/system/migrations/44.php
+++ b/system/migrations/44.php
@@ -0,0 +1,20 @@
 <?php
 // 2025-05-14
 // update pages links
 // server-info conflicts with apache2 mod
 // Changelog conflicts with changelog files
 use MyAAC\Models\Menu;
 use MyAAC\Models\Pages;
 $up = function() {
 	Menu::where('link', 'server-info')->update(['link' => 'ots-info']);
 	Menu::where('link', 'changelog')->update(['link' => 'change-log']);
 };
 $down = function() {
 	Menu::where('link', 'ots-info')->update(['link' => 'server-info']);
 	Menu::where('link', 'change-log')->update(['link' => 'changelog']);
 };
--- a/system/migrations/45.php
+++ b/system/migrations/45.php
@@ -0,0 +1,32 @@
 <?php
 // 2025-05-14
 // update pages links
 // server-info conflicts with apache2 mod
 // Changelog conflicts with changelog files
 use MyAAC\Models\Pages;
 $up = function() {
 	Pages::where('name', 'rules_on_the_page')->update(['hide' => 1]);
 	$rules = Pages::where('name', 'rules')->first();
 	if (!$rules) {
 		Pages::create([
 			'name' => 'rules',
 			'title' => 'Server Rules',
 			'body' => '<b>{{ config.lua.serverName }} Rules</b><br/>' . nl2br(file_get_contents(__DIR__ . '/30-rules.txt')),
 			'date' => time(),
 			'player_id' => 1,
 			'php' => 0,
 			'enable_tinymce' => 1,
 			'access' => 0,
 			'hide' => 0,
 		]);
 	}
 };
 $down = function() {
 	Pages::where('name', 'rules_on_the_page')->update(['hide' => 0]);
 };
--- a/system/pages/404.php
+++ b/system/pages/404.php
@@ -8,7 +8,7 @@
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = '404 Not Found';
+$title = 'Not Found';
 header('HTTP/1.0 404 Not Found');
 ?>
--- a/system/pages/405.php
+++ b/system/pages/405.php
@@ -8,7 +8,7 @@
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = '405 Method Not Allowed';
+$title = 'Method Not Allowed';
 header('HTTP/1.0 405 Method Not Allowed');
 ?>
--- a/system/pages/account/change-email.php
+++ b/system/pages/account/change-email.php
@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 $email_new_time = $account_logged->getCustomField("email_new_time");
 if($email_new_time > 10) {
@@ -164,7 +166,7 @@ if(isset($_POST['emailchangecancel']) && $_POST['emailchangecancel'] == 1) {
 	$account_logged->setCustomField("email_new", "");
 	$account_logged->setCustomField("email_new_time", 0);
-	$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" ><tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';
+	$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" >' . csrf(true) . '<tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';
 	$twig->display('success.html.twig', array(
 		'title' => 'Email Address Change Cancelled',
--- a/system/pages/account/change-info.php
+++ b/system/pages/account/change-info.php
@@ -20,6 +20,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 if(setting('core.account_country'))
 	require SYSTEM . 'countries.conf.php';
--- a/system/pages/account/change-password.php
+++ b/system/pages/account/change-password.php
@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 $new_password = $_POST['newpassword'] ?? NULL;
 $new_password_confirm = $_POST['newpassword_confirm'] ?? NULL;
 $old_password = $_POST['oldpassword'] ?? NULL;
--- a/system/pages/account/characters/change-comment.php
+++ b/system/pages/account/characters/change-comment.php
@@ -20,6 +20,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 $player = null;
 $player_name = isset($_REQUEST['name']) ? stripslashes(urldecode($_REQUEST['name'])) : null;
 $new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
--- a/system/pages/account/characters/change-name.php
+++ b/system/pages/account/characters/change-name.php
@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 $player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
 $name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : NULL;
 if((!setting('core.account_change_character_name')))
--- a/system/pages/account/characters/change-sex.php
+++ b/system/pages/account/characters/change-sex.php
@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 $sex_changed = false;
 $player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
 $new_sex = isset($_POST['new_sex']) ? (int)$_POST['new_sex'] : NULL;
--- a/system/pages/account/characters/create.php
+++ b/system/pages/account/characters/create.php
@@ -20,6 +20,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 $character_name = isset($_POST['name']) ? stripslashes($_POST['name']) : null;
 $character_sex = isset($_POST['sex']) ? (int)$_POST['sex'] : null;
 $character_vocation = isset($_POST['vocation']) ? (int)$_POST['vocation'] : null;
--- a/system/pages/account/characters/delete.php
+++ b/system/pages/account/characters/delete.php
@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 $player_name = isset($_POST['delete_name']) ? stripslashes($_POST['delete_name']) : null;
 $password_verify = isset($_POST['delete_password']) ? $_POST['delete_password'] : null;
 $password_verify = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $password_verify);
--- a/system/pages/account/create.php
+++ b/system/pages/account/create.php
@@ -23,6 +23,8 @@ if($logged)
 	return;
 }
 csrfProtect();
 if(setting('core.account_create_character_create')) {
 	$createCharacter = new CreateCharacter();
 }
@@ -219,8 +221,19 @@ if($save)
 			}
 		}
-		if(setting('core.account_premium_points') && setting('core.account_premium_points') > 0) {
+		$accountDefaultPremiumPoints = setting('core.account_premium_points');
-			$new_account->setCustomField('premium_points', setting('core.account_premium_points'));
+		if($accountDefaultPremiumPoints > 0) {
 			$new_account->setCustomField('premium_points', $accountDefaultPremiumPoints);
 		}
 		$accountDefaultCoins = setting('core.account_coins');
 		if(HAS_ACCOUNT_COINS && $accountDefaultCoins > 0) {
 			$new_account->setCustomField('coins', $accountDefaultCoins);
 		}
 		$accountDefaultCoinsTransferable = setting('core.account_coins_transferable');
 		if((HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS) && $accountDefaultCoinsTransferable > 0) {
 			$new_account->setCustomField(ACCOUNT_COINS_TRANSFERABLE_COLUMN, $accountDefaultCoinsTransferable);
 		}
 		$tmp_account = $email;
@@ -255,8 +268,10 @@ if($save)
 			}
 			else
 			{
-				error('An error occorred while sending email! Account not created. Try again. For Admin: More info can be found in system/logs/mailer-error.log');
+				error('An error occurred while sending email! Account not created. Try again. For Admin: More info can be found in system/logs/mailer-error.log');
 				$new_account->delete();
 				return;
 			}
 		}
 		else
--- a/system/pages/account/login.php
+++ b/system/pages/account/login.php
@@ -18,6 +18,8 @@ if($logged || !isset($_POST['account_login']) || !isset($_POST['password_login']
 	return;
 }
 csrfProtect();
 $login_account = $_POST['account_login'];
 $login_password = $_POST['password_login'];
 $remember_me = isset($_POST['remember_me']);
@@ -95,3 +97,8 @@ else {
 }
 $hooks->trigger(HOOK_ACCOUNT_LOGIN_POST);
 if($logged) {
 	$twig->addGlobal('logged', true);
 	$twig->addGlobal('account_logged', $account_logged);
 }
--- a/system/pages/account/lost.php
+++ b/system/pages/account/lost.php
@@ -9,540 +9,11 @@
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = 'Lost Account Interface';
+$title = 'Lost Account';
-if(!setting('core.mail_enabled'))
+if(!setting('core.mail_enabled')) {
-{
+	echo "<b>Account maker is not configured to send e-mails, you can't use Lost Account Interface. Contact with admin to get help.</b>";
 	echo '<b>Account maker is not configured to send e-mails, you can\'t use Lost Account Interface. Contact with admin to get help.</b>';
 	return;
 }
-$action_type = isset($_REQUEST['action_type']) ? $_REQUEST['action_type'] : '';
+$twig->display('account/lost/form.html.twig');
 if($action == '')
 {
 	$twig->display('account.lost.form.html.twig');
 }
 else if($action == 'step1' && $action_type == '') {
 	$twig->display('account.lost.noaction.html.twig');
 }
 elseif($action == 'step1' && $action_type == 'email')
 {
 	$nick = stripslashes($_REQUEST['nick']);
 	if(Validator::characterName($nick))
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($nick);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			if($account->getCustomField('email_next') < time())
 				echo 'Please enter e-mail to account with this character.<BR>
 				<form action="' . getLink('account/lost') . '?action=sendcode" method=post>
 				<input type=hidden name="character">
 				<table cellspacing=1 cellpadding=4 border=0 width=100%>
 				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter e-mail to account</B></TD></TR>
 				<TR><TD BGCOLOR="'.$config['darkborder'].'">
 				Character: <INPUT TYPE=text NAME="nick" VALUE="'.$nick.'" SIZE="40" readonly="readonly"><BR>
 				E-mail to account:<INPUT TYPE=text NAME="email" VALUE="" SIZE="40"><BR>
 				</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				' . $twig->render('buttons.submit.html.twig') . '</div>
 				</TD></TR></FORM></TABLE></TABLE>';
 			else
 			{
 				$insec = (int)$account->getCustomField('email_next') - time();
 				$minutesleft = floor($insec / 60);
 				$secondsleft = $insec - ($minutesleft * 60);
 				$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';
 				echo 'Account of selected character (<b>'.$nick.'</b>) received e-mail in last '.ceil(setting('core.mail_lost_account_interval') / 60).' minutes. You must wait '.$timeleft.' before you can use Lost Account Interface again.';
 			}
 		}
 		else
 			echo 'Player or account of player <b>' . $nick . '</b> doesn\'t exist.';
 	}
 	else
 		echo 'Invalid player name format. If you have other characters on account try with other name.';
 	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<a href="' . getLink('account/lost') . '" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'sendcode')
 {
 	$email = $_REQUEST['email'];
 	$nick = stripslashes($_REQUEST['nick']);
 	if(Validator::characterName($nick))
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($nick);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			if($account->getCustomField('email_next') < time())
 			{
 				if($account->getEMail() == $email)
 				{
 					$newcode = generateRandomString(30, true, false, true);
 					$mailBody = '
 					You asked to reset your ' . $config['lua']['serverName'] . ' password.<br/>
 					<p>Account name: '.$account->getName().'</p>
 					<br />
 					To do so, please click this link:
 					<p><a href="' . getLink('account/lost') . '?action=checkcode&code='.$newcode.'&character='.urlencode($nick).'">' . getLink('account/lost') . '?action=checkcode&code='.$newcode.'&character='.urlencode($nick).'</a></p>
 					<p>or open page: <i>' . getLink('account/lost') . '?action=checkcode</i> and in field "code" write <b>'.$newcode.'</b></p>
 					<br/>
 						<p>If you did not request a password change, you may ignore this message and your password will remain unchanged.';
 					$account_mail = $account->getCustomField('email');
 					if(_mail($account_mail, $config['lua']['serverName'].' - Recover your account', $mailBody))
 					{
 						$account->setCustomField('email_code', $newcode);
 						$account->setCustomField('email_next', (time() + setting('core.mail_lost_account_interval')));
 						echo '<br />Details about steps required to recover your account has been sent to <b>' . $account_mail . '</b>. You should receive this email within 15 minutes. Please check your inbox/spam directory.';
 					}
 					else
 					{
 						$account->setCustomField('email_next', (time() + 60));
 						echo '<br /><p class="error">An error occurred while sending email! Try again later or contact with admin. For Admin: More info can be found in system/logs/mailer-error.log</p>';
 					}
 				}
 				else
 					echo 'Invalid e-mail to account of character <b>'.$nick.'</b>. Try again.';
 			}
 			else
 			{
 				$insec = (int)$account->getCustomField('email_next') - time();
 				$minutesleft = floor($insec / 60);
 				$secondsleft = $insec - ($minutesleft * 60);
 				$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';
 				echo 'Account of selected character (<b>'.$nick.'</b>) received e-mail in last '.ceil(setting('core.mail_lost_account_interval') / 60).' minutes. You must wait '.$timeleft.' before you can use Lost Account Interface again.';
 			}
 		}
 		else
 			echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
 	}
 	else
 		echo 'Invalid player name format. If you have other characters on account try with other name.';
 	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<a href="' . getLink('account/lost') . '?action=step1&action_type=email&nick='.urlencode($nick).'" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'step1' && $action_type == 'reckey')
 {
 	$nick = stripslashes($_REQUEST['nick']);
 	if(Validator::characterName($nick))
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($nick);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			$account_key = $account->getCustomField('key');
 			if(!empty($account_key))
 			{
 						echo 'If you enter right recovery key you will see form to set new e-mail and password to account. To this e-mail will be send your new password and account name.<BR>
 						<FORM ACTION="' . getLink('account/lost') . '?action=step2" METHOD=post>
 						<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 						<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter your recovery key</B></TD></TR>
 						<TR><TD BGCOLOR="'.$config['darkborder'].'">
 						Character name:&nbsp;<INPUT TYPE=text NAME="nick" VALUE="'.$nick.'" SIZE="40" readonly="readonly"><BR />
 						Recovery key:&nbsp;&nbsp;&nbsp;&nbsp;<INPUT TYPE=text NAME="key" VALUE="" SIZE="40"><BR>
 						</TD></TR>
 						</TABLE>
 						<BR>
 						<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 						' . $twig->render('buttons.submit.html.twig') . '</div>
 						</TD></TR></FORM></TABLE></TABLE>';
 			}
 			else
 				echo 'Account of this character has no recovery key!';
 		}
 		else
 			echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
 	}
 	else
 		echo 'Invalid player name format. If you have other characters on account try with other name.';
 	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<a href="' . getLink('account/lost') . '" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'step2')
 {
 	$rec_key = trim($_REQUEST['key']);
 	$nick = stripslashes($_REQUEST['nick']);
 	if(Validator::characterName($nick))
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($nick);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			$account_key = $account->getCustomField('key');
 			if(!empty($account_key))
 			{
 				if($account_key == $rec_key)
 				{
 					echo '<script type="text/javascript">
 					function validate_required(field,alerttxt)
 					{
 					with (field)
 					{
 					if (value==null||value==""||value==" ")
 					  {alert(alerttxt);return false;}
 					else {return true}
 					}
 					}
 					function validate_email(field,alerttxt)
 					{
 					with (field)
 					{
 					apos=value.indexOf("@");
 					dotpos=value.lastIndexOf(".");
 					if (apos<1||dotpos-apos<2)
 					  {alert(alerttxt);return false;}
 					else {return true;}
 					}
 					}
 					function validate_form(thisform)
 					{
 					with (thisform)
 					{
 					if (validate_required(email,"Please enter your e-mail!")==false)
 					  {email.focus();return false;}
 					if (validate_email(email,"Invalid e-mail format!")==false)
 					  {email.focus();return false;}
 					if (validate_required(passor,"Please enter password!")==false)
 					  {passor.focus();return false;}
 					if (validate_required(passor2,"Please repeat password!")==false)
 					  {passor2.focus();return false;}
 					if (passor2.value!=passor.value)
 					  {alert(\'Repeated password is not equal to password!\');return false;}
 					}
 					}
 					</script>';
 					echo 'Set new password and e-mail to your account.<BR>
 					<FORM ACTION="' . getLink('account/lost') . '?action=step3" onsubmit="return validate_form(this)" METHOD=post>
 					<INPUT TYPE=hidden NAME="character" VALUE="">
 					<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 					<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter new password and e-mail</B></TD></TR>
 					<TR><TD BGCOLOR="'.$config['darkborder'].'">
 					Account of character:&nbsp;&nbsp;<INPUT TYPE=text NAME="nick" VALUE="'.$nick.'" SIZE="40" readonly="readonly"><BR />
 					New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<INPUT id="passor" TYPE=password NAME="passor" VALUE="" SIZE="40"><BR>
 					Repeat new password:&nbsp;&nbsp;<INPUT id="passor2" TYPE=password NAME="passor" VALUE="" SIZE="40"><BR>
 					New e-mail address:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<INPUT id="email" TYPE=text NAME="email" VALUE="" SIZE="40"><BR>
 					<INPUT TYPE=hidden NAME="key" VALUE="'.$rec_key.'">
 					</TD></TR>
 					</TABLE>
 					<BR>
 					<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 					' . $twig->render('buttons.submit.html.twig') . '</div>
 					</TD></TR></FORM></TABLE></TABLE>';
 				}
 				else
 					echo 'Wrong recovery key!';
 			}
 			else
 				echo 'Account of this character has no recovery key!';
 		}
 		else
 			echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
 	}
 	else
 		echo 'Invalid player name format. If you have other characters on account try with other name.';
 	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<a href="' . getLink('account/lost') . '?action=step1&action_type=reckey&nick='.urlencode($nick).'" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'step3')
 {
 	$rec_key = trim($_REQUEST['key']);
 	$nick = stripslashes($_REQUEST['nick']);
 	$new_pass = trim($_REQUEST['passor']);
 	$new_email = trim($_REQUEST['email']);
 	if(Validator::characterName($nick))
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($nick);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			$account_key = $account->getCustomField('key');
 			if(!empty($account_key))
 			{
 				if($account_key == $rec_key)
 				{
 					if(Validator::password($new_pass))
 					{
 						if(Validator::email($new_email))
 						{
 							$account->setEMail($new_email);
 							$tmp_new_pass = $new_pass;
 							if(USE_ACCOUNT_SALT)
 							{
 								$salt = generateRandomString(10, false, true, true);
 								$tmp_new_pass = $salt . $new_pass;
 							}
 							$account->setPassword(encrypt($tmp_new_pass));
 							$account->save();
 							if(USE_ACCOUNT_SALT)
 								$account->setCustomField('salt', $salt);
 							echo 'Your account name, new password and new e-mail.<BR>
 							<FORM ACTION="' . getLink('account/manage') . '" onsubmit="return validate_form(this)" METHOD=post>
 							<INPUT TYPE=hidden NAME="character" VALUE="">
 							<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 							<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Your account name, new password and new e-mail</B></TD></TR>
 							<TR><TD BGCOLOR="'.$config['darkborder'].'">
 							Account name:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>'.$account->getName().'</b><BR>
 							New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>'.$new_pass.'</b><BR>
 							New e-mail address:&nbsp;<b>'.$new_email.'</b><BR>';
 							if($account->getCustomField('email_next') < time())
 							{
 								$mailBody = '
 								<h3>Your account name and new password!</h3>
 								<p>Changed password and e-mail to your account in Lost Account Interface on server <a href="'.BASE_URL.'"><b>'.$config['lua']['serverName'].'</b></a></p>
 								<p>Account name: <b>'.$account->getName().'</b></p>
 								<p>New password: <b>'.$new_pass.'</b></p>
 								<p>E-mail: <b>'.$new_email.'</b> (this e-mail)</p>
 								<br />
 								<p><u>It\'s automatic e-mail from OTS Lost Account System. Do not reply!</u></p>';
 								if(_mail($account->getCustomField('email'), $config['lua']['serverName']." - New password to your account", $mailBody))
 								{
 									echo '<br /><small>Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!</small>';
 								}
 								else
 								{
 									echo '<br /><p class="error">An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
 								}
 							}
 							else
 							{
 								echo '<br /><small>You will not receive e-mail with this informations.</small>';
 							}
 							echo '<INPUT TYPE=hidden NAME="account_login" VALUE="'.$account->getId().'">
 							<INPUT TYPE=hidden NAME="password_login" VALUE="'.$new_pass.'">
 							</TD></TR></TABLE><BR>
 							<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 							<INPUT TYPE=image NAME="Login" ALT="Login" SRC="'.$template_path.'/images/global/buttons/sbutton_login.gif" BORDER=0 WIDTH=120 HEIGHT=18></div>
 							</TD></TR></FORM></TABLE></TABLE>';
 						}
 						else
 							echo Validator::getLastError();
 					}
 					else
 						echo Validator::getLastError();
 				}
 				else
 					echo 'Wrong recovery key!';
 			}
 			else
 				echo 'Account of this character has no recovery key!';
 		}
 		else
 			echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
 	}
 	else
 		echo 'Invalid player name format. If you have other characters on account try with other name.';
 	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<a href="' . getLink('account/lost') . '?action=step1&action_type=reckey&nick='.urlencode($nick).'" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'checkcode')
 {
 	$code = trim($_REQUEST['code']);
 	$character = stripslashes(trim($_REQUEST['character']));
 	if(empty($code) || empty($character))
 		echo 'Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
 				<FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
 				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & character name</B></TD></TR>
 				<TR><TD BGCOLOR="'.$config['darkborder'].'">
 				Your code:&nbsp;<INPUT TYPE=text NAME="code" VALUE="" SIZE="40")><BR />
 				Character:&nbsp;<INPUT TYPE=text NAME="character" VALUE="" SIZE="40")><BR />
 				</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				' . $twig->render('buttons.submit.html.twig') . '</div>
 				</TD></TR></FORM></TABLE></TABLE>';
 	else
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($character);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			if($account->getCustomField('email_code') == $code)
 			{
 				echo '<script type="text/javascript">
 				function validate_required(field,alerttxt)
 				{
 				with (field)
 				{
 				if (value==null||value==""||value==" ")
 				  {alert(alerttxt);return false;}
 				else {return true}
 				}
 				}
 				function validate_form(thisform)
 				{
 				with (thisform)
 				{
 				if (validate_required(passor,"Please enter password!")==false)
 				  {passor.focus();return false;}
 				if (validate_required(passor2,"Please repeat password!")==false)
 				  {passor2.focus();return false;}
 				if (passor2.value!=passor.value)
 				  {alert(\'Repeated password is not equal to password!\');return false;}
 				}
 				}
 				</script>
 				Please enter new password to your account and repeat to make sure you remember password.<BR>
 				<FORM ACTION="' . getLink('account/lost') . '?action=setnewpassword" onsubmit="return validate_form(this)" METHOD=post>
 				<INPUT TYPE=hidden NAME="character" VALUE="'.$character.'">
 				<INPUT TYPE=hidden NAME="code" VALUE="'.$code.'">
 				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & account name</B></TD></TR>
 				<TR><TD BGCOLOR="'.$config['darkborder'].'">
 				New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<INPUT TYPE=password ID="passor" NAME="passor" VALUE="" SIZE="40")><BR />
 				Repeat new password:&nbsp;<INPUT TYPE=password ID="passor2" NAME="passor2" VALUE="" SIZE="40")><BR />
 				</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				' . $twig->render('buttons.submit.html.twig') . '</div>
 				</TD></TR></FORM></TABLE></TABLE>';
 			}
 			else
 				$error= 'Wrong code to change password.';
 		}
 		else
 			$error = 'Account of this character or this character doesn\'t exist.';
 	}
 	if(!empty($error))
 				echo '<span style="color: red"><b>'.$error.'</b></span><br />Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
 				<FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
 				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & character name</B></TD></TR>
 				<TR><TD BGCOLOR="'.$config['darkborder'].'">
 				Your code:&nbsp;<INPUT TYPE=text NAME="code" VALUE="" SIZE="40")><BR />
 				Character:&nbsp;<INPUT TYPE=text NAME="character" VALUE="" SIZE="40")><BR />
 				</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				' . $twig->render('buttons.submit.html.twig') . '</div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'setnewpassword')
 {
 	$newpassword = $_REQUEST['passor'];
 	$code = $_REQUEST['code'];
 	$character = stripslashes($_REQUEST['character']);
 	echo '';
 	if(empty($code) || empty($character) || empty($newpassword))
 		echo '<span style="color: red"><b>Error. Try again.</b></span><br />Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
 				<BR><FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<INPUT TYPE=image NAME="Back" ALT="Back" SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" BORDER=0 WIDTH=120 HEIGHT=18></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 	else
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($character);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			if($account->getCustomField('email_code') == $code)
 			{
 				if(Validator::password($newpassword))
 				{
 					$tmp_new_pass = $newpassword;
 					if(USE_ACCOUNT_SALT)
 					{
 						$salt = generateRandomString(10, false, true, true);
 						$tmp_new_pass  = $salt . $newpassword;
 						$account->setCustomField('salt', $salt);
 					}
 					$account->setPassword(encrypt($tmp_new_pass ));
 					$account->save();
 					$account->setCustomField('email_code', '');
 					echo 'New password to your account is below. Now you can login.<BR>
 					<INPUT TYPE=hidden NAME="character" VALUE="'.$character.'">
 					<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 					<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Changed password</B></TD></TR>
 					<TR><TD BGCOLOR="'.$config['darkborder'].'">
 					New password:&nbsp;<b>'.$newpassword.'</b><BR />
 					Account name:&nbsp;&nbsp;&nbsp;<i>(Already on your e-mail)</i><BR />';
 					$mailBody = '
 					<h3>Your account name and password!</h3>
 					<p>Changed password to your account in Lost Account Interface on server <a href="'.BASE_URL.'"><b>'.$config['lua']['serverName'].'</b></a></p>
 					<p>Account name: <b>'.$account->getName().'</b></p>
 					<p>New password: <b>'.$newpassword.'</b></p>
 					<br />
 					<p><u>It\'s automatic e-mail from OTS Lost Account System. Do not reply!</u></p>';
 					if(_mail($account->getCustomField('email'), $config['lua']['serverName']." - Your new password", $mailBody))
 					{
 						echo '<br /><small>New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!';
 					}
 					else
 					{
 						echo '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
 					}
 				echo '</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<FORM ACTION="' . getLink('account/manage') . '" METHOD=post>
 				<INPUT TYPE=image NAME="Login" ALT="Login" SRC="'.$template_path.'/images/global/buttons/sbutton_login.gif" BORDER=0 WIDTH=120 HEIGHT=18></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 				}
 				else
 					$error= Validator::getLastError();
 			}
 			else
 				$error= 'Wrong code to change password.';
 		}
 		else
 			$error = 'Account of this character or this character doesn\'t exist.';
 	}
 	if(!empty($error))
 				echo '<span style="color: red"><b>'.$error.'</b></span><br />Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
 				<FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
 				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & character name</B></TD></TR>
 				<TR><TD BGCOLOR="'.$config['darkborder'].'">
 				Your code:&nbsp;<INPUT TYPE=text NAME="code" VALUE="" SIZE="40")><BR />
 				Character:&nbsp;<INPUT TYPE=text NAME="character" VALUE="" SIZE="40")><BR />
 				</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				' . $twig->render('buttons.submit.html.twig') . '</div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
--- a/system/pages/account/lost/base.php
+++ b/system/pages/account/lost/base.php
@@ -0,0 +1,18 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 function lostAccountWriteCooldown(string $nick, int $time): void
 {
 	global $twig;
 	$inSec = $time - time();
 	$minutesLeft = floor($inSec / 60);
 	$secondsLeft = $inSec - ($minutesLeft * 60);
 	$timeLeft = $minutesLeft.' minutes '.$secondsLeft.' seconds';
 	$timeRounded = ceil(setting('core.mail_lost_account_interval') / 60);
 	$twig->display('error_box.html.twig', [
 		'errors' => ["Account of selected character (<b>" . escapeHtml($nick) . "</b>) received e-mail in last $timeRounded minutes. You must wait $timeLeft before you can use Lost Account Interface again."]
 	]);
 }
--- a/system/pages/account/lost/check-code.php
+++ b/system/pages/account/lost/check-code.php
@@ -0,0 +1,51 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 csrfProtect();
 $title = 'Lost Account';
 $code = isset($_REQUEST['code']) ? trim($_REQUEST['code']) : '';
 $character = isset($_REQUEST['character']) ? stripslashes(trim($_REQUEST['character'])) : '';
 if(empty($code) || empty($character))
 	$twig->display('account/lost/check-code.html.twig', [
 		'code' => $code,
 		'characters' => $character,
 	]);
 else
 {
 	$player = new OTS_Player();
 	$account = new OTS_Account();
 	$player->find($character);
 	if($player->isLoaded()) {
 		$account = $player->getAccount();
 	}
 	if($account->isLoaded()) {
 		if($account->getCustomField('email_code') == $code) {
 			$twig->display('account/lost/check-code.finish.html.twig', [
 				'character' => $character,
 				'code' => $code,
 			]);
 		}
 		else {
 			$error = 'Wrong code to change password.';
 		}
 	}
 	else {
 		$error = "Account of this character or this character doesn't exist.";
 	}
 }
 if(!empty($error)) {
 	$twig->display('error_box.html.twig', [
 		'errors' => [$error],
 	]);
 	echo '<br/>';
 	$twig->display('account/lost/check-code.html.twig', [
 	]);
 }
--- a/system/pages/account/lost/email/send-code.php
+++ b/system/pages/account/lost/email/send-code.php
@@ -0,0 +1,68 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 csrfProtect();
 require __DIR__ . '/../base.php';
 $title = 'Lost Account';
 $email = $_REQUEST['email'];
 $nick = stripslashes($_REQUEST['nick']);
 $player = new OTS_Player();
 $account = new OTS_Account();
 $player->find($nick);
 if($player->isLoaded()) {
 	$account = $player->getAccount();
 }
 if($account->isLoaded()) {
 	if($account->getCustomField('email_next') < time()) {
 		if($account->getEMail() == $email) {
 			$newCode = generateRandomString(30, true, false, true);
 			$mailBody = $twig->render('mail.account.lost.code.html.twig', [
 				'newCode' => $newCode,
 				'account' => $account,
 				'nick' => $nick,
 			]);
 			$accountEMail = $account->getCustomField('email');
 			if(_mail($accountEMail, configLua('serverName') . ' - Recover your account', $mailBody)) {
 				$account->setCustomField('email_code', $newCode);
 				$account->setCustomField('email_next', (time() + setting('core.mail_lost_account_interval')));
 				$twig->display('success.html.twig', [
 					'title' => 'Email has been sent',
 					'description' => 'Details about steps required to recover your account has been sent to <b>' . $accountEMail . '</b>. You should receive this email within 15 minutes. Please check your inbox/spam directory.',
 					'custom_buttons' => '',
 				]);
 			}
 			else {
 				$account->setCustomField('email_next', (time() + 60));
 				error('An error occurred while sending email! Try again later or contact with admin. For Admin: More info can be found in system/logs/mailer-error.log</p>');
 			}
 		}
 		else {
 			$errors[] = 'Invalid e-mail to account of character <b>' . escapeHtml($nick) . '</b>. Try again.';
 		}
 	}
 	else {
 		lostAccountWriteCooldown($nick, (int)$account->getCustomField('email_next'));
 	}
 }
 else {
 	$errors[] =  "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
 }
 if (!empty($errors)) {
 	$twig->display('error_box.html.twig', [
 		'errors' => $errors,
 	]);
 }
 $twig->display('account.back_button.html.twig', [
 	'new_line' => true,
 	'center' => true,
 	'action' => getLink('account/lost/step-1') . '?action=email&nick=' . urlencode($nick),
 ]);
--- a/system/pages/account/lost/email/set-new-password.php
+++ b/system/pages/account/lost/email/set-new-password.php
@@ -0,0 +1,94 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 csrfProtect();
 $title = 'Lost Account';
 $newPassword = $_REQUEST['password'];
 $passwordRepeat = $_REQUEST['password_repeat'];
 $code = $_REQUEST['code'];
 $character = stripslashes($_REQUEST['character']);
 if(empty($code) || empty($character) || empty($newPassword) || empty($passwordRepeat)) {
 	$errors[] = 'Please enter code from e-mail and name of one character from account. Then press Submit.';
 	$twig->display('error_box.html.twig', [
 		'errors' => $errors,
 	]);
 	$twig->display('account.back_button.html.twig', [
 		'new_line' => true,
 		'center' => true,
 		'action' => getLink('account/lost/check-code')
 	]);
 	return;
 }
 $player = new OTS_Player();
 $account = new OTS_Account();
 $player->find($character);
 if($player->isLoaded()) {
 	$account = $player->getAccount();
 }
 if($account->isLoaded()) {
 	if($account->getCustomField('email_code') == $code) {
 		if ($newPassword == $passwordRepeat) {
 			if (Validator::password($newPassword)) {
 				$tmp_new_pass = $newPassword;
 				if (USE_ACCOUNT_SALT) {
 					$salt = generateRandomString(10, false, true, true);
 					$tmp_new_pass = $salt . $newPassword;
 					$account->setCustomField('salt', $salt);
 				}
 				$account->setPassword(encrypt($tmp_new_pass));
 				$account->save();
 				$account->setCustomField('email_code', '');
 				$mailBody = $twig->render('mail.account.lost.new-password.html.twig', [
 					'account' => $account,
 					'newPassword' => $newPassword,
 				]);
 				$statusMsg = '';
 				if (_mail($account->getCustomField('email'), configLua('serverName') . ' - Your new password', $mailBody)) {
 					$statusMsg = '<br /><small>New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!';
 				} else {
 					$statusMsg = '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
 				}
 				$twig->display('account/lost/finish.new-password.html.twig', [
 					'statusMsg' => $statusMsg,
 					'newPassword' => $newPassword,
 				]);
 			} else {
 				$error = Validator::getLastError();
 			}
 		}
 		else {
 			$error = 'Passwords are not the same!';
 		}
 	}
 	else {
 		$error = 'Wrong code to change password.';
 	}
 }
 else {
 	$error = "Account of this character or this character doesn't exist.";
 }
 if(!empty($error)) {
 	$twig->display('error_box.html.twig', [
 		'errors' => [$error],
 	]);
 	echo '<br/>';
 	$twig->display('account/lost/check-code.html.twig', [
 		'code' => $code,
 		'character' => $character,
 	]);
 }
--- a/system/pages/account/lost/email/step-1.php
+++ b/system/pages/account/lost/email/step-1.php
@@ -0,0 +1,34 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 require __DIR__ . '/../base.php';
 csrfProtect();
 $title = 'Lost Account';
 if($account->isLoaded()) {
 	if($account->getCustomField('email_next') < time()) {
 		$twig->display('account/lost/email.html.twig', [
 			'nick' => $nick,
 		]);
 	}
 	else {
 		lostAccountWriteCooldown($nick, (int)$account->getCustomField('email_next'));
 	}
 }
 else {
 	$errors[] = "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
 }
 if (!empty($errors)) {
 	$twig->display('error_box.html.twig', [
 		'errors' => $errors,
 	]);
 }
 $twig->display('account.back_button.html.twig', [
 	'new_line' => true,
 	'center' => true,
 	'action' => getLink('account/lost'),
 ]);
--- a/system/pages/account/lost/recovery-key/step-1.php
+++ b/system/pages/account/lost/recovery-key/step-1.php
@@ -0,0 +1,34 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 csrfProtect();
 $title = 'Lost Account';
 if($account->isLoaded()) {
 	$account_key = $account->getCustomField('key');
 	if(!empty($account_key)) {
 		$twig->display('account/lost/recovery-key.step-1.html.twig', [
 			'nick' => $nick,
 		]);
 	}
 	else {
 		$errors[] = 'Account of this character has no recovery key!';
 	}
 }
 else {
 	$errors[] = "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
 }
 if (!empty($errors)) {
 	$twig->display('error_box.html.twig', [
 		'errors' => $errors,
 	]);
 }
 $twig->display('account.back_button.html.twig', [
 	'new_line' => true,
 	'center' => true,
 	'action' => getLink('account/lost'),
 ]);
--- a/system/pages/account/lost/recovery-key/step-2.php
+++ b/system/pages/account/lost/recovery-key/step-2.php
@@ -0,0 +1,48 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 csrfProtect();
 $title = 'Lost Account';
 $key = trim($_REQUEST['key']);
 $nick = stripslashes($_REQUEST['nick']);
 $player = new OTS_Player();
 $account = new OTS_Account();
 $player->find($nick);
 if($player->isLoaded()) {
 	$account = $player->getAccount();
 }
 if($account->isLoaded()) {
 	$accountKey = $account->getCustomField('key');
 	if(!empty($accountKey)) {
 		if($accountKey == $key) {
 			$twig->display('account/lost/recovery-key.step-2.html.twig', [
 				'nick' => $nick,
 				'key' => $key,
 			]);
 		}
 		else {
 			$errors[] = 'Wrong recovery key!';
 		}
 	}
 	else {
 		$errors[] = 'Account of this character has no recovery key!';
 	}
 }
 else
 	$errors[] =  "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
 if (!empty($errors)) {
 	$twig->display('error_box.html.twig', [
 		'errors' => $errors,
 	]);
 }
 $twig->display('account.back_button.html.twig', [
 	'new_line' => true,
 	'center' => true,
 	'action' => getLink('account/lost/step-1') . '?action=recovery-key&nick=' . urlencode($nick),
 ]);
--- a/system/pages/account/lost/recovery-key/step-3.php
+++ b/system/pages/account/lost/recovery-key/step-3.php
@@ -0,0 +1,101 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 csrfProtect();
 $title = 'Lost Account';
 $key = trim($_REQUEST['key']);
 $nick = stripslashes($_REQUEST['nick']);
 $newPassword = trim($_REQUEST['password']);
 $passwordRepeat = trim($_REQUEST['password_repeat']);
 $newEmail = trim($_REQUEST['email']);
 $player = new OTS_Player();
 $account = new OTS_Account();
 $player->find($nick);
 if($player->isLoaded()) {
 	$account = $player->getAccount();
 }
 if($account->isLoaded()) {
 	$accountKey = $account->getCustomField('key');
 	if(!empty($accountKey)) {
 		if($accountKey == $key) {
 			if(Validator::password($newPassword)) {
 				if ($newPassword == $passwordRepeat) {
 					if (Validator::email($newEmail)) {
 						$account->setEMail($newEmail);
 						$tmp_new_pass = $newPassword;
 						if (USE_ACCOUNT_SALT) {
 							$salt = generateRandomString(10, false, true, true);
 							$tmp_new_pass = $salt . $newPassword;
 						}
 						$account->setPassword(encrypt($tmp_new_pass));
 						$account->save();
 						if (USE_ACCOUNT_SALT) {
 							$account->setCustomField('salt', $salt);
 						}
 						$statusMsg = '';
 						if ($account->getCustomField('email_next') < time()) {
 							$mailBody = $twig->render('mail.account.lost.new-email.html.twig', [
 								'account' => $account,
 								'newPassword' => $newPassword,
 								'newEmail' => $newEmail,
 							]);
 							if (_mail($account->getCustomField('email'), configLua('serverName') . ' - New password to your account', $mailBody)) {
 								$statusMsg = '<br /><small>Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!</small>';
 							} else {
 								$statusMsg = '<br /><p class="error">An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
 							}
 						} else {
 							$statusMsg = '<br /><small>You will not receive e-mail with this informations.</small>';
 						}
 						$twig->display('account/lost/finish.new-email.html.twig', [
 							'statusMsg' => $statusMsg,
 							'account' => $account,
 							'newPassword' => $newPassword,
 							'newEmail' => $newEmail,
 						]);
 					} else {
 						$errors[] = Validator::getLastError();
 					}
 				}
 				else {
 					$errors[] = 'Passwords are not the same!';
 				}
 			}
 			else {
 				$errors[] = Validator::getLastError();
 			}
 		}
 		else {
 			$errors[] = 'Wrong recovery key!';
 		}
 	}
 	else {
 		$errors[] = 'Account of this character has no recovery key!';
 	}
 }
 else {
 	$errors[] = "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
 }
 if (!empty($errors)) {
 	$twig->display('error_box.html.twig', [
 		'errors' => $errors,
 	]);
 }
 $twig->display('account.back_button.html.twig', [
 	'new_line' => true,
 	'center' => true,
 	'action' => getLink('account/lost/step-1') . '?action=recovery-key&nick=' . urlencode($nick),
 ]);
--- a/system/pages/account/lost/step-1.php
+++ b/system/pages/account/lost/step-1.php
@@ -0,0 +1,26 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 csrfProtect();
 $title = 'Lost Account';
 $nick = stripslashes($_REQUEST['nick']);
 $player = new OTS_Player();
 $account = new OTS_Account();
 $player->find($nick);
 if($player->isLoaded()) {
 	$account = $player->getAccount();
 }
 if (ACTION == 'email') {
 	require __DIR__ . '/email/step-1.php';
 }
 else if (ACTION == 'recovery-key') {
 	require __DIR__ . '/recovery-key/step-1.php';
 }
 else {
 	$twig->display('account/lost/no-action.html.twig');
 }
--- a/system/pages/account/manage.php
+++ b/system/pages/account/manage.php
@@ -34,6 +34,8 @@ if(isset($_REQUEST['redirect']))
 	return;
 }
 csrfProtect();
 $groups = new OTS_Groups_List();
 $freePremium = isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium']) || $account_logged->getPremDays() == OTS_Account::GRATIS_PREMIUM_DAYS;
--- a/system/pages/account/redirect.php
+++ b/system/pages/account/redirect.php
@@ -1,23 +0,0 @@
 <?php
 /**
 * Change comment
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $redirect = urldecode($_REQUEST['redirect']);
 // should never happen, unless hacker modify the URL
 if (!str_contains($redirect, BASE_URL)) {
 	error('Fatal error: Cannot redirect outside the website.');
 	return;
 }
 $twig->display('account.redirect.html.twig', array(
 	'redirect' => $redirect
 ));
--- a/system/pages/account/register-new.php
+++ b/system/pages/account/register-new.php
@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 if(isset($_POST['reg_password']))
 	$reg_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
--- a/system/pages/account/register.php
+++ b/system/pages/account/register.php
@@ -17,6 +17,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 $_POST['reg_password'] = $_POST['reg_password'] ?? '';
 $reg_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
 $old_key = $account_logged->getCustomField("key");
--- a/system/pages/change-log.php
+++ b/system/pages/change-log.php
@@ -0,0 +1,46 @@
 <?php
 /**
 * Changelog
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Changelog';
 use MyAAC\Models\Changelog;
 $_page = isset($_GET['page']) ? (int)$_GET['page'] : 0;
 $limit = 30;
 $offset = $_page * $limit;
 $next_page = false;
 $canEdit = hasFlag(FLAG_CONTENT_NEWS) || superAdmin();
 $changelogs = Changelog::isPublic()->orderByDesc('date')->limit($limit + 1)->offset($offset)->get()->toArray();
 $i = 0;
 foreach($changelogs as $key => &$log)
 {
 	if($i < $limit) {
 		$log['type'] = getChangelogType($log['type']);
 		$log['where'] = getChangelogWhere($log['where']);
 	}
 	else {
 		unset($changelogs[$key]);
 	}
 	if ($i >= $limit)
 		$next_page = true;
 	$i++;
 }
 $twig->display('changelog.html.twig', array(
 	'changelogs' => $changelogs,
 	'page' => $_page,
 	'next_page' => $next_page,
 	'canEdit' => $canEdit,
 ));
--- a/system/pages/changelog.php
+++ b/system/pages/changelog.php
@@ -1,46 +1,3 @@
 <?php
 /**
 * Changelog
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Changelog';
-use MyAAC\Models\Changelog;
+require 'change-log.php';
 $_page = isset($_GET['page']) ? (int)$_GET['page'] : 0;
 $limit = 30;
 $offset = $_page * $limit;
 $next_page = false;
 $canEdit = hasFlag(FLAG_CONTENT_NEWS) || superAdmin();
 $changelogs = Changelog::isPublic()->orderByDesc('date')->limit($limit + 1)->offset($offset)->get()->toArray();
 $i = 0;
 foreach($changelogs as $key => &$log)
 {
 	if($i < $limit) {
 		$log['type'] = getChangelogType($log['type']);
 		$log['where'] = getChangelogWhere($log['where']);
 	}
 	else {
 		unset($changelogs[$key]);
 	}
 	if ($i >= $limit)
 		$next_page = true;
 	$i++;
 }
 $twig->display('changelog.html.twig', array(
 	'changelogs' => $changelogs,
 	'page' => $_page,
 	'next_page' => $next_page,
 	'canEdit' => $canEdit,
 ));
--- a/system/pages/forum/admin.php
+++ b/system/pages/forum/admin.php
@@ -17,6 +17,8 @@ if(!$canEdit) {
 	return;
 }
 csrfProtect();
 $groupsList = new OTS_Groups_List();
 $groups = [
 	['id' => 0, 'name' => 'Guest'],
@@ -30,23 +32,24 @@ foreach ($groupsList as $group) {
 }
 if(!empty($action)) {
-	if($action == 'delete_board' || $action == 'edit_board' || $action == 'hide_board' || $action == 'moveup_board' || $action == 'movedown_board')
+	if($action == 'delete_board' || $action == 'edit_board' || $action == 'hide_board' || $action == 'moveup_board' || $action == 'movedown_board') {
 		$id = $_REQUEST['id'];
 	if(isset($_REQUEST['access'])) {
 		$access = $_REQUEST['access'];
 	}
-	if(isset($_REQUEST['guild'])) {
+	if(isset($_POST['access'])) {
-		$guild = $_REQUEST['guild'];
+		$access = $_POST['access'];
 	}
-	if(isset($_REQUEST['name'])) {
+	if(isset($_POST['guild'])) {
-		$name = $_REQUEST['name'];
+		$guild = $_POST['guild'];
 	}
-	if(isset($_REQUEST['description'])) {
+	if(isset($_POST['name'])) {
-		$description = stripslashes($_REQUEST['description']);
+		$name = $_POST['name'];
 	}
 	if(isset($_POST['description'])) {
 		$description = stripslashes($_POST['description']);
 	}
 	$errors = [];
@@ -55,12 +58,13 @@ if(!empty($action)) {
 		if(Forum::add_board($name, $description, $access, $guild, $errors)) {
 			$action = $name = $description = '';
 			header('Location: ' . getLink('forum'));
 			exit;
 		}
 	}
 	else if($action == 'delete_board') {
 		Forum::delete_board($id, $errors);
 		header('Location: ' . getLink('forum'));
-		$action = '';
+		exit;
 	}
 	else if($action == 'edit_board')
 	{
@@ -74,28 +78,27 @@ if(!empty($action)) {
 		else {
 			Forum::update_board($id, $name, $access, $guild, $description);
 			header('Location: ' . getLink('forum'));
-			$action = $name = $description = '';
+			exit;
 			$access = $guild = 0;
 		}
 	}
 	else if($action == 'hide_board') {
 		Forum::toggleHide_board($id, $errors);
 		header('Location: ' . getLink('forum'));
-		$action = '';
+		exit;
 	}
 	else if($action == 'moveup_board') {
 		Forum::move_board($id, -1, $errors);
 		header('Location: ' . getLink('forum'));
-		$action = '';
+		exit;
 	}
 	else if($action == 'movedown_board') {
 		Forum::move_board($id, 1, $errors);
 		header('Location: ' . getLink('forum'));
-		$action = '';
+		exit;
 	}
 	if(!empty($errors)) {
-		$twig->display('error_box.html.twig', array('errors' => $errors));
+		$twig->display('error_box.html.twig', ['errors' => $errors]);
 		$action = '';
 	}
 }
--- a/system/pages/forum/edit_post.php
+++ b/system/pages/forum/edit_post.php
@@ -23,8 +23,9 @@ if(!$logged) {
 	return;
 }
-if(Forum::canPost($account_logged))
+csrfProtect();
-{
+
 if(Forum::canPost($account_logged)) {
 	$post_id = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : false;
 	if(!$post_id) {
 		$errors[] = 'Please enter post id.';
@@ -41,12 +42,12 @@ if(Forum::canPost($account_logged))
 			$char_id = $post_topic = $text = $smile = $html = null;
 			$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
 			$saved = false;
-			if(isset($_REQUEST['save'])) {
+			if(isset($_POST['save'])) {
-				$text = stripslashes(trim($_REQUEST['text']));
+				$text = stripslashes(trim($_POST['text']));
-				$char_id = (int) $_REQUEST['char_id'];
+				$char_id = (int) $_POST['char_id'];
-				$post_topic = stripslashes(trim($_REQUEST['topic']));
+				$post_topic = stripslashes(trim($_POST['topic']));
-				$smile = isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0;
+				$smile = isset($_POST['smile']) ? (int)$_POST['smile'] : 0;
-				$html = isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0;
+				$html = isset($_POST['html']) ? (int)$_POST['html'] : 0;
 				if (!superAdmin()) {
 					$html = 0;
--- a/system/pages/forum/move_thread.php
+++ b/system/pages/forum/move_thread.php
@@ -23,15 +23,17 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 if(!Forum::isModerator()) {
 	echo 'You are not logged in or you are not moderator.';
 	return;
 }
-$save = isset($_REQUEST['save']) && (int)$_REQUEST['save'] == 1;
+$save = isset($_POST['save']) && (int)$_POST['save'] == 1;
 if($save) {
-	$post_id = (int)$_REQUEST['id'];
+	$post_id = (int)$_POST['id'];
-	$board = (int)$_REQUEST['section'];
+	$board = (int)$_POST['section'];
 	if(!Forum::hasAccess($board)) {
 		$errors[] = "You don't have access to this board.";
 		displayErrorBoxWithBackButton($errors, getLink('forum'));
--- a/system/pages/forum/new_post.php
+++ b/system/pages/forum/new_post.php
@@ -28,6 +28,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 if(Forum::canPost($account_logged)) {
 	$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
 	$thread_id = isset($_REQUEST['thread_id']) ? (int) $_REQUEST['thread_id'] : 0;
@@ -43,11 +45,11 @@ if(Forum::canPost($account_logged)) {
 		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread_id) . '">'.htmlspecialchars($thread['post_topic']).'</a> >> <b>Post new reply</b><br /><h3>'.htmlspecialchars($thread['post_topic']).'</h3>';
 		$quote = isset($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : NULL;
-		$text = isset($_REQUEST['text']) ? stripslashes(trim($_REQUEST['text'])) : NULL;
+		$text = isset($_POST['text']) ? stripslashes(trim($_POST['text'])) : NULL;
-		$char_id = (int) ($_REQUEST['char_id'] ?? 0);
+		$char_id = (int) ($_POST['char_id'] ?? 0);
-		$post_topic = isset($_REQUEST['topic']) ? stripslashes(trim($_REQUEST['topic'])) : '';
+		$post_topic = isset($_POST['topic']) ? stripslashes(trim($_POST['topic'])) : '';
-		$smile = (int)($_REQUEST['smile'] ?? 0);
+		$smile = (int)($_POST['smile'] ?? 0);
-		$html = (int)($_REQUEST['html'] ?? 0);
+		$html = (int)($_POST['html'] ?? 0);
 		$saved = false;
 		if (!superAdmin()) {
@@ -60,10 +62,10 @@ if(Forum::canPost($account_logged)) {
 				$text = '[i]Originally posted by ' . $quoted_post[0]['name'] . ' on ' . date('d.m.y H:i:s', $quoted_post[0]['post_date']) . ':[/i][quote]' . $quoted_post[0]['post_text'] . '[/quote]';
 			}
 		}
-		elseif(isset($_REQUEST['save'])) {
+		elseif(isset($_POST['save'])) {
 			$length = strlen($text);
 			if($length < 1 || strlen($text) > 15000) {
-				$errors[] = 'Too short or too long post (Length: $length letters). Minimum 1 letter, maximum 15000 letters.';
+				$errors[] = "Too short or too long post (Length: $length letters). Minimum 1 letter, maximum 15000 letters.";
 			}
 			if($char_id == 0) {
@@ -79,15 +81,14 @@ if(Forum::canPost($account_logged)) {
 				}
 				if(!$player_on_account) {
-					$errors[] = 'Player with selected ID ' . $char_id . ' doesn\'t exist or isn\'t on your account';
+					$errors[] = "Player with selected ID $char_id doesn't exist or isn't on your account";
 				}
 			}
 			if(count($errors) == 0) {
 				$last_post = 0;
 				$query = $db->query('SELECT post_date FROM ' . FORUM_TABLE_PREFIX . 'forum ORDER BY post_date DESC LIMIT 1');
-				if($query->rowCount() > 0)
+				if($query->rowCount() > 0) {
 				{
 					$query = $query->fetch();
 					$last_post = $query['post_date'];
 				}
--- a/system/pages/forum/new_thread.php
+++ b/system/pages/forum/new_thread.php
@@ -28,6 +28,8 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 if(Forum::canPost($account_logged)) {
 	$players_from_account = $db->query('SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = '.(int) $account_logged->getId())->fetchAll();
 	$section_id = $_REQUEST['section_id'] ?? null;
@@ -38,19 +40,18 @@ if(Forum::canPost($account_logged)) {
 			if ($sections[$section_id]['closed'] && !Forum::isModerator())
 				$errors[] = 'You cannot create topic on this board.';
-			$quote = (int)(isset($_REQUEST['quote']) ? $_REQUEST['quote'] : 0);
+			$text = isset($_POST['text']) ? stripslashes($_POST['text']) : '';
-			$text = isset($_REQUEST['text']) ? stripslashes($_REQUEST['text']) : '';
+			$char_id = (int)(isset($_POST['char_id']) ? $_POST['char_id'] : 0);
-			$char_id = (int)(isset($_REQUEST['char_id']) ? $_REQUEST['char_id'] : 0);
+			$post_topic = isset($_POST['topic']) ? stripslashes($_POST['topic']) : '';
-			$post_topic = isset($_REQUEST['topic']) ? stripslashes($_REQUEST['topic']) : '';
+			$smile = (isset($_POST['smile']) ? (int)$_POST['smile'] : 0);
-			$smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0);
+			$html = (isset($_POST['html']) ? (int)$_POST['html'] : 0);
 			$html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0);
 			if (!superAdmin()) {
 				$html = 0;
 			}
 			$saved = false;
-			if (isset($_REQUEST['save'])) {
+			if (isset($_POST['save'])) {
 				$length = strlen($post_topic);
 				if ($length < 1 || $length > 60) {
 					$errors[] = "Too short or too long topic (Length: $length letters). Minimum 1 letter, maximum 60 letters.";
--- a/system/pages/forum/remove_post.php
+++ b/system/pages/forum/remove_post.php
@@ -23,11 +23,13 @@ if(!$logged) {
 	return;
 }
 csrfProtect();
 if(Forum::isModerator()) {
-	$id = (int) $_REQUEST['id'];
+	$id = (int) ($_POST['id'] ?? 0);
 	$post = $db->query("SELECT `id`, `first_post`, `section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `id` = ".$id." LIMIT 1")->fetch();
-	if($post['id'] == $id && Forum::hasAccess($post['section'])) {
+	if($post && $post['id'] == $id && Forum::hasAccess($post['section'])) {
 		if($post['id'] == $post['first_post']) {
 			$db->query("DELETE FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `first_post` = ".$post['id']);
 			header('Location: ' . getForumBoardLink($post['section']));
@@ -36,7 +38,7 @@ if(Forum::isModerator()) {
 			$post_page = $db->query("SELECT COUNT(`" . FORUM_TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`id` < ".$id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".(int) $post['first_post'])->fetch();
 			$_page = (int) ceil($post_page['posts_count'] / setting('core.forum_threads_per_page')) - 1;
 			$db->query("DELETE FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `id` = ".$post['id']);
-			header('Location: ' . getForumThreadLink($post['first_post'], (int) $_page));
+			header('Location: ' . getForumThreadLink($post['first_post'], $_page));
 		}
 	}
 	else {
--- a/Show More
+++ b/Show More
 ,
 ,
 ,
+,
+,
+,
+,
+,
+,
+,
 ];