Merge branch 'main' into feature/2fa

Fix submenu initialization for missing elements
Added a check in InitializeMenu to skip submenu items if their corresponding DOM element does not exist, preventing potential JavaScript errors.
2025-09-14 04:23:34 +02:00 · 2025-08-12 14:36:29 +02:00 · 2025-08-12 12:46:39 +02:00 · 2025-08-07 21:17:25 +02:00 · 2025-08-07 16:21:22 +02:00 · 2025-08-02 14:15:13 +02:00
94 changed files with 2556 additions and 695 deletions
--- a/CHANGELOG-1.x.md
+++ b/CHANGELOG-1.x.md
@@ -1,5 +1,79 @@
 # Changelog
 ## [1.8 - 02.08.2025]
 ### Added
 * Templates - Kathrine: Possibility to add custom menu categories (https://github.com/slawkens/myaac/commit/ec11c1402417c25980582467546d1c1e9bb8267f)
 * Admin Panel - Accounts Editor: Add Coins Transferable (https://github.com/slawkens/myaac/commit/45d6047031c9c3a0e7e512dc5d15c75629aec5a2, https://github.com/slawkens/myaac/commit/bb097b69ce106500a49686d6f4fe604348eaa310)
 * Highscores:
  * Revamped: (https://github.com/slawkens/myaac/commit/d8132d4d76e03d5aa0c042be426320655a601392)
    * Show real rank, if 2 or more players have the same skill, show them with same rank
    * New setting: highscores_online_status
    * Additional fields passed to twig: updatedAt, totalResults, page, baseLink
  * Add new Setting: Display Skills Box (https://github.com/slawkens/myaac/commit/36ca755243ef1c83f6ac87465b426d4d8d3b0bb9)
 * Functions: Add getExperienceForLevel (level) (https://github.com/slawkens/myaac/commit/1566deb84a082176b8c683fda205d828bc38fbcc)
 * Commands - cache:clear : Add warning about APCu clear in CLI (https://github.com/slawkens/myaac/commit/83f84172e02e8ea2ccb6dca29bc033e44c35aebc)
 * Models - PlayerOnline: Add missing $fillable into model (https://github.com/slawkens/myaac/commit/43415cf35db1c1307f2684c1728693d65065ffff)
 * Twig: add cache variable (https://github.com/slawkens/myaac/commit/0efe47ce71c4b364a9e96bc5a55b1655326ae6da)
 ### Changed
 * pages/online: add cache, resulting in 20x performance boost
  * (for an example server with 2k players) (https://github.com/slawkens/myaac/commit/c8363086015cbb6e8786c398c7b9ac3959a26ec4)
 * Admin Bar: Move admin bar code into body_start place_holder (https://github.com/slawkens/myaac/commit/f17269e44ce9dd38447bd2e2a8e1bdb065d4161f)
 * Cache::remember: $ttl = 0 means no cache (https://github.com/slawkens/myaac/commit/3b47e9df2f4051807c5ff87892f7fa3d348f9c55)
 * Templates: Load config.ini with $process_sections set to true (https://github.com/slawkens/myaac/commit/a89f9a84847630eb75b4890fdcc8b7a7bfa6b8ac)
 * Twig: Allow for timestamp as integer in the timeago twig function
  (https://github.com/slawkens/myaac/commit/34fead906ea13b9f09d7a3c41ed88109d34d386c)
 ### Fixed
 * Settings: Fixed two exceptions (https://github.com/slawkens/myaac/commit/6e5a4ff8c78ff5373aba091baa66cae029557643, https://github.com/slawkens/myaac/commit/20d69a641c0a933d14889a89da6d32f6a4bc6c7d)
 * Models\Account + OTS_Account -> isPremium -> ignore config.freePremium (https://github.com/slawkens/myaac/commit/5271633bdbfbbfed0b1d59c403093ce6fc2b7d20)
 * Admin Panel - Mailer:
  * Fix send to email link redirecting from accounts page (https://github.com/slawkens/myaac/commit/080cc2781f034c844af658229e495e9a47fd2298)
  * Option to send only to verified accounts - only if setting('core.account_mail_verify') enabled (https://github.com/slawkens/myaac/commit/cf7fd20452e863980045bb5d6012ec86c6e8e01f)
 ### Internal
 * Rewrite to use constants (account transferable coins) (https://github.com/slawkens/myaac/commit/bccf8e056df985bbe1bab5f7ab5492f714d6b62b)
 * Refactor to use HAS_ACCOUNT_COINS (https://github.com/slawkens/myaac/commit/caf326a6584a234775ebc6c8000ea02b3fecd160)
 ## [1.7.1 - 27.06.2025]
 ### Changed
 * Rename plugin:install:install to plugin:setup, also add alias to previous command (https://github.com/slawkens/myaac/commit/13d33822b59df349199e885a78a3d6beb0863d0b)
 ### Fixed
 * Fix commands: setup + cache:clear (https://github.com/slawkens/myaac/commit/0da524fefe93b3028392e9014550eea3324d3a22, https://github.com/slawkens/myaac/commit/fe8281594e989f00280ba1adc734a9198c6b5cc1)
 * Fix polls link in tibiacom template (https://github.com/slawkens/myaac/commit/d90fa323d7c77d81768df60feeb1c374b1650a0c)
 ## [1.7 - 22.06.2025]
 ### Added
 * Feature: plugins versions check (#310)
 * New hooks: HOOK_ACCOUNT_MANAGE_AFTER_CHARACTERS, HOOK_GUILDS_AFTER_MANAGE_BUTTON (https://github.com/slawkens/myaac/commit/c074a48f245df55646b6705737f667b6a84149b2, https://github.com/slawkens/myaac/commit/e6100a1b72de8695bba1dae9ba4e28bfdce47b10)
 * Add OTS_Toolbox::getVocationName(id, promotion) + OTS_Player->isNameLocked() (https://github.com/slawkens/myaac/commit/e222957893c4a1de0dc8dbba55bce1a43418d275, https://github.com/slawkens/myaac/commit/522f6c11d835afd36fd07a07074d96d7e219b488)
 * Add missing csrf in more places, causing white page with error about Request (https://github.com/slawkens/myaac/commit/dca904e61d21d856bf809070e7652803a2df0f58, https://github.com/slawkens/myaac/commit/c720ccc451ff90ef40b2a1595468d061ffd7e1e4)
 ### Changed
 * Revamped online page (https://github.com/slawkens/myaac/commit/9a90e4aae280e607430511c6727d9a714b11f4c5, https://github.com/slawkens/myaac/commit/4767120043b09141870383e249f3729638d53dc2)
 * Better $title inventing (https://github.com/slawkens/myaac/commit/0c95bcfd06b68b21512e477646ef7bd3a0d4912b)
 ### Fixed
 * Use apcu cache clear (https://github.com/slawkens/myaac/commit/b329da52aae9d0e21120a6444d3caf442420ce50, https://github.com/slawkens/myaac/commit/566c2a9151ab6392286f74e26853faa19a1b4f24)
 * fix: boostedcreatures for 13.40 (by @GooseWithAKnife) (#307)
 ## [1.6.1 - 11.06.2025]
 ### Fixed
 * Fixed "Request has been cancelled due to security reasons", cause of missing csrf() in twig files (https://github.com/slawkens/myaac/commit/10cd71a6630ffec91b43a26a6d685b66c5836a6a)
 * Fix: Ignore duplicated route exception (https://github.com/slawkens/myaac/commit/9d8e9d27bd87167d8d4005942a6af62bfe4c0892)
 ### Changed
 * Move counter & visitors code before router (In case someone wants to include that info on page) (https://github.com/slawkens/myaac/commit/f78285030708ad3c74ab048711f73bbf3ee5281e)
 * Set TinyMCE license key to gpl (Avoid warning message in browser console) (https://github.com/slawkens/myaac/commit/8d29fdb98b92dbc3d2853ef88a185c67036b4a77)
 ### Removed
 * Remove deprecated TinyMCE plugin - template (https://github.com/slawkens/myaac/commit/309c1fb715b882e67cb673b1544a03befbf64a22)
 ## [1.6 - 03.06.2025]
 ### Added
--- a/admin/pages/accounts.php
+++ b/admin/pages/accounts.php
@@ -26,7 +26,6 @@ if (setting('core.account_country'))
 $nameOrNumberColumn = getAccountIdentityColumn();
 $hasSecretColumn = $db->hasColumn('accounts', 'secret');
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $hasTypeColumn = $db->hasColumn('accounts', 'type');
 $hasGroupColumn = $db->hasColumn('accounts', 'group_id');
@@ -136,11 +135,18 @@ else if (isset($_REQUEST['search'])) {
 			if (!Validator::email($email))
 				$errors['email'] = Validator::getLastError();
-			//tibia coins
+			// tibia coins
-			if ($hasCoinsColumn) {
+			if (HAS_ACCOUNT_COINS) {
 				$t_coins = $_POST['t_coins'];
 				verify_number($t_coins, 'Tibia coins', 12);
 			}
 			// transferable tibia coins
 			if (HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS) {
 				$t_coins_transferable = $_POST['t_coins_transferable'];
 				verify_number($t_coins_transferable, 'Transferable Tibia coins', 12);
 			}
 			// prem days
 			$p_days = (int)$_POST['p_days'];
 			verify_number($p_days, 'Prem days', 11);
@@ -185,12 +191,18 @@ else if (isset($_REQUEST['search'])) {
 				if ($hasSecretColumn) {
 					$account->setCustomField('secret', $secret);
 				}
 				$account->setCustomField('key', $key);
 				$account->setEMail($email);
-				if ($hasCoinsColumn) {
+
 				if (HAS_ACCOUNT_COINS) {
 					$account->setCustomField('coins', $t_coins);
 				}
 				if (HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS) {
 					$account->setCustomField(ACCOUNT_COINS_TRANSFERABLE_COLUMN, $t_coins_transferable);
 				}
 				$lastDay = 0;
 				if($p_days != 0 && $p_days != OTS_Account::GRATIS_PREMIUM_DAYS) {
 					$lastDay = time();
@@ -223,9 +235,6 @@ else if (isset($_REQUEST['search'])) {
 					$password = encrypt($password);
 					$account->setPassword($password);
 					if (USE_ACCOUNT_SALT)
 						$account->setCustomField('salt', $salt);
 				}
 				$account->save();
@@ -395,12 +404,18 @@ else if (isset($_REQUEST['search'])) {
 										<label for="email">Email:</label><?php echo (setting('core.mail_enabled') ? ' (<a href="' . ADMIN_URL . '?p=mailer&mail_to=' . $account->getEMail() . '">Send Mail</a>)' : ''); ?>
 										<input type="text" class="form-control" id="email" name="email" autocomplete="off" value="<?php echo $account->getEMail(); ?>"/>
 									</div>
-									<?php if ($hasCoinsColumn): ?>
+									<?php if (HAS_ACCOUNT_COINS): ?>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="t_coins">Tibia Coins:</label>
 											<input type="text" class="form-control" id="t_coins" name="t_coins" autocomplete="off" maxlength="11" value="<?php echo $account->getCustomField('coins') ?>"/>
 										</div>
 									<?php endif; ?>
 									<?php if (HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS): ?>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="t_coins_transferable">Transferable Tibia Coins:</label>
 											<input type="text" class="form-control" id="t_coins_transferable" name="t_coins_transferable" autocomplete="off" maxlength="11" value="<?php echo $account->getCustomField(ACCOUNT_COINS_TRANSFERABLE_COLUMN) ?>"/>
 										</div>
 									<?php endif; ?>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="p_days">Premium Days:</label>
 										<input type="text" class="form-control" id="p_days" name="p_days" autocomplete="off" maxlength="11" value="<?php echo $account->getPremDays(); ?>"/>
--- a/admin/pages/mailer.php
+++ b/admin/pages/mailer.php
@@ -25,9 +25,10 @@ if (!setting('core.mail_enabled')) {
 	return;
 }
-$mail_to = isset($_POST['mail_to']) ? stripslashes(trim($_POST['mail_to'])) : null;
+$mail_to = isset($_REQUEST['mail_to']) ? stripslashes(trim($_REQUEST['mail_to'])) : null;
 $mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : null;
 $mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : null;
 $mail_verified_only = $_POST['mail_verified_only'] ?? false;
 if (isset($_POST['submit'])) {
 	if (empty($mail_subject)) {
@@ -58,14 +59,14 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
 	$success = 0;
 	$failed = 0;
-	$add = '';
+	$query = Account::where('email', '!=', '');
-	if (setting('core.account_mail_verify')) {
+
-		note('Note: Sending only to users with verified E-Mail.');
+	if ($mail_verified_only) {
-		$add = ' AND `email_verified` = 1';
+		info('Note: Sending only to users with verified E-Mail.');
 		$query->where('email_verified', 1);
 	}
-	$query = Account::where('email', '!=', '')->get(['email']);
+	foreach ($query->get(['email']) as $email) {
 	foreach ($query as $email) {
 		if (_mail($email->email, $mail_subject, $mail_content)) {
 			$success++;
 		}
@@ -84,5 +85,6 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
 $twig->display('admin.mailer.html.twig', [
 	'mail_to' => $mail_to,
 	'mail_subject' => $mail_subject,
-	'mail_content' => $mail_content
+	'mail_content' => $mail_content,
 	'mail_verified_only' => $mail_verified_only,
 ]);
--- a/admin/pages/mass_account.php
+++ b/admin/pages/mass_account.php
@@ -18,7 +18,6 @@ $title = 'Mass Account Actions';
 csrfProtect();
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $freePremium = $config['lua']['freePremium'];
@@ -40,9 +39,7 @@ function admin_give_points($points)
 function admin_give_coins($coins)
 {
-	global $hasCoinsColumn;
+	if (!HAS_ACCOUNT_COINS) {
 	if (!$hasCoinsColumn) {
 		displayMessage('Coins not supported.');
 		return;
 	}
@@ -167,19 +164,19 @@ if (!empty(ACTION) && isRequestMethod('post')) {
 }
 else {
 	$twig->display('admin.tools.account.html.twig', array(
-		'hasCoinsColumn' => $hasCoinsColumn,
+		'hasCoinsColumn' => HAS_ACCOUNT_COINS,
 		'hasPointsColumn' => $hasPointsColumn,
 		'freePremium' => $freePremium,
 	));
 }
 function displayMessage($message, $success = false) {
-	global $twig, $hasCoinsColumn, $hasPointsColumn, $freePremium;
+	global $twig, $hasPointsColumn, $freePremium;
 	$success ? success($message): error($message);
 	$twig->display('admin.tools.account.html.twig', array(
-		'hasCoinsColumn' => $hasCoinsColumn,
+		'hasCoinsColumn' => HAS_ACCOUNT_COINS,
 		'hasPointsColumn' => $hasPointsColumn,
 		'freePremium' => $freePremium,
 	));
--- a/admin/pages/modules/coins.php
+++ b/admin/pages/modules/coins.php
@@ -6,7 +6,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 $coins = 0;
-if ($db->hasColumn('accounts', 'coins')) {
+if (HAS_ACCOUNT_COINS) {
 	$whatToGet = ['id', 'coins'];
 	if (USE_ACCOUNT_NAME) {
 		$whatToGet[] = 'name';
--- a/admin/pages/plugins.php
+++ b/admin/pages/plugins.php
@@ -51,6 +51,56 @@ else {
 		} else {
 			error('Error while disabling plugin ' . $disable . ': ' . Plugins::getError());
 		}
 	}
 	else if (isset($_GET['check-updates'])) {
 		$repoUri = $config['admin_plugins_api_uri'] ?? 'https://plugins.my-aac.org/api/';
 		success("Fetching latest info from $repoUri..");
 		$adminPlugins = new \MyAAC\Admin\Plugins();
 		$adminPlugins->setApiBaseUri($repoUri);
 		try {
 			$plugins = $adminPlugins->getLatestVersions();
 		}
 		catch (Exception $e) {
 			error($e->getMessage());
 		}
 		if (isset($plugins) && count($plugins) > 0) {
 			$outdated = [];
 			foreach (get_plugins(true) as $plugin) {
 				$string = file_get_contents(BASE . 'plugins/' . $plugin . '.json');
 				$plugin_info = json_decode($string, true);
 				if (!$plugin_info) {
 					continue;
 				}
 				$disabled = (str_contains($plugin, 'disabled.'));
 				$pluginOriginal = ($disabled ? str_replace('disabled.', '', $plugin) : $plugin);
 				$info = $plugins[$pluginOriginal] ?? false;
 				if ($info && version_compare($info['version'], $plugin_info['version'], '>')) {
 					$outdated[] = [
 						'name' => $pluginOriginal,
 						'yourVersion' => $plugin_info['version'],
 						'latestVersion' => $info['version'],
 						'link' => $info['link'] ?? 'Unknown',
 						'download_link' => $info['download_link'] ?? 'Unknown',
 					];
 				}
 			}
 			if (count($outdated) > 0) {
 				info('Following updates have been found for your plugins:');
 				$twig->display('admin.plugins.outdated.html.twig', ['plugins' => $outdated]);
 			}
 			else {
 				success('All plugins up to date!');
 			}
 		}
 	} else if (isset($_FILES['plugin']['name'])) {
 		$file = $_FILES['plugin'];
 		$filename = $file['name'];
--- a/admin/pages/visitors.php
+++ b/admin/pages/visitors.php
@@ -19,8 +19,7 @@ $use_datatable = true;
 if (!setting('core.visitors_counter')): ?>
 	Visitors counter is disabled.<br/>
-	You can enable it by editing this configurable in <b>config.local.php</b> file:<br/>
+	You can enable it in Settings -> General -> Visitors Counter.<br/>
 	<p style="margin-left: 3em;"><b>$config['visitors_counter'] = true;</b></p>
 	<?php
 	return;
 endif;
@@ -46,7 +45,7 @@ foreach ($tmp as &$visitor) {
 		if ($dd->isBot()) {
 			$bot = $dd->getBot();
 			$message = '(Bot) %s, <a href="%s" target="_blank">%s</a>';
-			$browser = sprintf($message, $bot['category'], $bot['url'], $bot['name']);
+			$browser = sprintf($message, $bot['category'] ?? 'Unknown', $bot['url'] ?? '', $bot['name'] ?? 'Unknown name');
 		}
 		else {
 			$osFamily = OperatingSystem::getOsFamily($dd->getOs('name'));
--- a/admin/tools/settings_save.php
+++ b/admin/tools/settings_save.php
@@ -1,6 +1,5 @@
 <?php
 use MyAAC\Hooks;
 use MyAAC\Settings;
 const MYAAC_ADMIN = true;
--- a/common.php
+++ b/common.php
@@ -26,8 +26,8 @@
 if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
 const MYAAC = true;
-const MYAAC_VERSION = '1.6';
+const MYAAC_VERSION = '1.8.1-dev';
-const DATABASE_VERSION = 45;
+const DATABASE_VERSION = 46;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
--- a/composer.json
+++ b/composer.json
@@ -18,7 +18,8 @@
        "symfony/string": "^6.4",
        "symfony/var-dumper": "^6.4",
        "filp/whoops": "^2.15",
-        "maximebf/debugbar": "1.*"
+        "maximebf/debugbar": "1.*",
        "guzzlehttp/guzzle": "7.9.3"
    },
    "require-dev": {
        "phpstan/phpstan": "^1.10"
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "be4d1489a53a9cd8eec6bcaa7a096f30",
+    "content-hash": "5317e97a5025ebc2a977214bd3fa964c",
    "packages": [
        {
            "name": "brick/math",
@@ -493,6 +493,331 @@
            ],
            "time": "2024-09-25T12:00:00+00:00"
        },
        {
            "name": "guzzlehttp/guzzle",
            "version": "7.9.3",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/guzzle.git",
                "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
                "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
                "shasum": ""
            },
            "require": {
                "ext-json": "*",
                "guzzlehttp/promises": "^1.5.3 || ^2.0.3",
                "guzzlehttp/psr7": "^2.7.0",
                "php": "^7.2.5 || ^8.0",
                "psr/http-client": "^1.0",
                "symfony/deprecation-contracts": "^2.2 || ^3.0"
            },
            "provide": {
                "psr/http-client-implementation": "1.0"
            },
            "require-dev": {
                "bamarni/composer-bin-plugin": "^1.8.2",
                "ext-curl": "*",
                "guzzle/client-integration-tests": "3.0.2",
                "php-http/message-factory": "^1.1",
                "phpunit/phpunit": "^8.5.39 || ^9.6.20",
                "psr/log": "^1.1 || ^2.0 || ^3.0"
            },
            "suggest": {
                "ext-curl": "Required for CURL handler support",
                "ext-intl": "Required for Internationalized Domain Name (IDN) support",
                "psr/log": "Required for using the Log middleware"
            },
            "type": "library",
            "extra": {
                "bamarni-bin": {
                    "bin-links": true,
                    "forward-command": false
                }
            },
            "autoload": {
                "files": [
                    "src/functions_include.php"
                ],
                "psr-4": {
                    "GuzzleHttp\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Graham Campbell",
                    "email": "hello@gjcampbell.co.uk",
                    "homepage": "https://github.com/GrahamCampbell"
                },
                {
                    "name": "Michael Dowling",
                    "email": "mtdowling@gmail.com",
                    "homepage": "https://github.com/mtdowling"
                },
                {
                    "name": "Jeremy Lindblom",
                    "email": "jeremeamia@gmail.com",
                    "homepage": "https://github.com/jeremeamia"
                },
                {
                    "name": "George Mponos",
                    "email": "gmponos@gmail.com",
                    "homepage": "https://github.com/gmponos"
                },
                {
                    "name": "Tobias Nyholm",
                    "email": "tobias.nyholm@gmail.com",
                    "homepage": "https://github.com/Nyholm"
                },
                {
                    "name": "Márk Sági-Kazár",
                    "email": "mark.sagikazar@gmail.com",
                    "homepage": "https://github.com/sagikazarmark"
                },
                {
                    "name": "Tobias Schultze",
                    "email": "webmaster@tubo-world.de",
                    "homepage": "https://github.com/Tobion"
                }
            ],
            "description": "Guzzle is a PHP HTTP client library",
            "keywords": [
                "client",
                "curl",
                "framework",
                "http",
                "http client",
                "psr-18",
                "psr-7",
                "rest",
                "web service"
            ],
            "support": {
                "issues": "https://github.com/guzzle/guzzle/issues",
                "source": "https://github.com/guzzle/guzzle/tree/7.9.3"
            },
            "funding": [
                {
                    "url": "https://github.com/GrahamCampbell",
                    "type": "github"
                },
                {
                    "url": "https://github.com/Nyholm",
                    "type": "github"
                },
                {
                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/guzzle",
                    "type": "tidelift"
                }
            ],
            "time": "2025-03-27T13:37:11+00:00"
        },
        {
            "name": "guzzlehttp/promises",
            "version": "2.2.0",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/promises.git",
                "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/guzzle/promises/zipball/7c69f28996b0a6920945dd20b3857e499d9ca96c",
                "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c",
                "shasum": ""
            },
            "require": {
                "php": "^7.2.5 || ^8.0"
            },
            "require-dev": {
                "bamarni/composer-bin-plugin": "^1.8.2",
                "phpunit/phpunit": "^8.5.39 || ^9.6.20"
            },
            "type": "library",
            "extra": {
                "bamarni-bin": {
                    "bin-links": true,
                    "forward-command": false
                }
            },
            "autoload": {
                "psr-4": {
                    "GuzzleHttp\\Promise\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Graham Campbell",
                    "email": "hello@gjcampbell.co.uk",
                    "homepage": "https://github.com/GrahamCampbell"
                },
                {
                    "name": "Michael Dowling",
                    "email": "mtdowling@gmail.com",
                    "homepage": "https://github.com/mtdowling"
                },
                {
                    "name": "Tobias Nyholm",
                    "email": "tobias.nyholm@gmail.com",
                    "homepage": "https://github.com/Nyholm"
                },
                {
                    "name": "Tobias Schultze",
                    "email": "webmaster@tubo-world.de",
                    "homepage": "https://github.com/Tobion"
                }
            ],
            "description": "Guzzle promises library",
            "keywords": [
                "promise"
            ],
            "support": {
                "issues": "https://github.com/guzzle/promises/issues",
                "source": "https://github.com/guzzle/promises/tree/2.2.0"
            },
            "funding": [
                {
                    "url": "https://github.com/GrahamCampbell",
                    "type": "github"
                },
                {
                    "url": "https://github.com/Nyholm",
                    "type": "github"
                },
                {
                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/promises",
                    "type": "tidelift"
                }
            ],
            "time": "2025-03-27T13:27:01+00:00"
        },
        {
            "name": "guzzlehttp/psr7",
            "version": "2.7.1",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/psr7.git",
                "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/guzzle/psr7/zipball/c2270caaabe631b3b44c85f99e5a04bbb8060d16",
                "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16",
                "shasum": ""
            },
            "require": {
                "php": "^7.2.5 || ^8.0",
                "psr/http-factory": "^1.0",
                "psr/http-message": "^1.1 || ^2.0",
                "ralouphie/getallheaders": "^3.0"
            },
            "provide": {
                "psr/http-factory-implementation": "1.0",
                "psr/http-message-implementation": "1.0"
            },
            "require-dev": {
                "bamarni/composer-bin-plugin": "^1.8.2",
                "http-interop/http-factory-tests": "0.9.0",
                "phpunit/phpunit": "^8.5.39 || ^9.6.20"
            },
            "suggest": {
                "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
            },
            "type": "library",
            "extra": {
                "bamarni-bin": {
                    "bin-links": true,
                    "forward-command": false
                }
            },
            "autoload": {
                "psr-4": {
                    "GuzzleHttp\\Psr7\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Graham Campbell",
                    "email": "hello@gjcampbell.co.uk",
                    "homepage": "https://github.com/GrahamCampbell"
                },
                {
                    "name": "Michael Dowling",
                    "email": "mtdowling@gmail.com",
                    "homepage": "https://github.com/mtdowling"
                },
                {
                    "name": "George Mponos",
                    "email": "gmponos@gmail.com",
                    "homepage": "https://github.com/gmponos"
                },
                {
                    "name": "Tobias Nyholm",
                    "email": "tobias.nyholm@gmail.com",
                    "homepage": "https://github.com/Nyholm"
                },
                {
                    "name": "Márk Sági-Kazár",
                    "email": "mark.sagikazar@gmail.com",
                    "homepage": "https://github.com/sagikazarmark"
                },
                {
                    "name": "Tobias Schultze",
                    "email": "webmaster@tubo-world.de",
                    "homepage": "https://github.com/Tobion"
                },
                {
                    "name": "Márk Sági-Kazár",
                    "email": "mark.sagikazar@gmail.com",
                    "homepage": "https://sagikazarmark.hu"
                }
            ],
            "description": "PSR-7 message implementation that also provides common utility methods",
            "keywords": [
                "http",
                "message",
                "psr-7",
                "request",
                "response",
                "stream",
                "uri",
                "url"
            ],
            "support": {
                "issues": "https://github.com/guzzle/psr7/issues",
                "source": "https://github.com/guzzle/psr7/tree/2.7.1"
            },
            "funding": [
                {
                    "url": "https://github.com/GrahamCampbell",
                    "type": "github"
                },
                {
                    "url": "https://github.com/Nyholm",
                    "type": "github"
                },
                {
                    "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/psr7",
                    "type": "tidelift"
                }
            ],
            "time": "2025-03-27T12:30:47+00:00"
        },
        {
            "name": "illuminate/collections",
            "version": "v10.48.25",
@@ -1472,6 +1797,166 @@
            },
            "time": "2021-11-05T16:47:00+00:00"
        },
        {
            "name": "psr/http-client",
            "version": "1.0.3",
            "source": {
                "type": "git",
                "url": "https://github.com/php-fig/http-client.git",
                "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/php-fig/http-client/zipball/bb5906edc1c324c9a05aa0873d40117941e5fa90",
                "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90",
                "shasum": ""
            },
            "require": {
                "php": "^7.0 || ^8.0",
                "psr/http-message": "^1.0 || ^2.0"
            },
            "type": "library",
            "extra": {
                "branch-alias": {
                    "dev-master": "1.0.x-dev"
                }
            },
            "autoload": {
                "psr-4": {
                    "Psr\\Http\\Client\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "PHP-FIG",
                    "homepage": "https://www.php-fig.org/"
                }
            ],
            "description": "Common interface for HTTP clients",
            "homepage": "https://github.com/php-fig/http-client",
            "keywords": [
                "http",
                "http-client",
                "psr",
                "psr-18"
            ],
            "support": {
                "source": "https://github.com/php-fig/http-client"
            },
            "time": "2023-09-23T14:17:50+00:00"
        },
        {
            "name": "psr/http-factory",
            "version": "1.1.0",
            "source": {
                "type": "git",
                "url": "https://github.com/php-fig/http-factory.git",
                "reference": "2b4765fddfe3b508ac62f829e852b1501d3f6e8a"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/php-fig/http-factory/zipball/2b4765fddfe3b508ac62f829e852b1501d3f6e8a",
                "reference": "2b4765fddfe3b508ac62f829e852b1501d3f6e8a",
                "shasum": ""
            },
            "require": {
                "php": ">=7.1",
                "psr/http-message": "^1.0 || ^2.0"
            },
            "type": "library",
            "extra": {
                "branch-alias": {
                    "dev-master": "1.0.x-dev"
                }
            },
            "autoload": {
                "psr-4": {
                    "Psr\\Http\\Message\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "PHP-FIG",
                    "homepage": "https://www.php-fig.org/"
                }
            ],
            "description": "PSR-17: Common interfaces for PSR-7 HTTP message factories",
            "keywords": [
                "factory",
                "http",
                "message",
                "psr",
                "psr-17",
                "psr-7",
                "request",
                "response"
            ],
            "support": {
                "source": "https://github.com/php-fig/http-factory"
            },
            "time": "2024-04-15T12:06:14+00:00"
        },
        {
            "name": "psr/http-message",
            "version": "2.0",
            "source": {
                "type": "git",
                "url": "https://github.com/php-fig/http-message.git",
                "reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/php-fig/http-message/zipball/402d35bcb92c70c026d1a6a9883f06b2ead23d71",
                "reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71",
                "shasum": ""
            },
            "require": {
                "php": "^7.2 || ^8.0"
            },
            "type": "library",
            "extra": {
                "branch-alias": {
                    "dev-master": "2.0.x-dev"
                }
            },
            "autoload": {
                "psr-4": {
                    "Psr\\Http\\Message\\": "src/"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "PHP-FIG",
                    "homepage": "https://www.php-fig.org/"
                }
            ],
            "description": "Common interface for HTTP messages",
            "homepage": "https://github.com/php-fig/http-message",
            "keywords": [
                "http",
                "http-message",
                "psr",
                "psr-7",
                "request",
                "response"
            ],
            "support": {
                "source": "https://github.com/php-fig/http-message/tree/2.0"
            },
            "time": "2023-04-04T09:54:51+00:00"
        },
        {
            "name": "psr/log",
            "version": "3.0.2",
@@ -1573,6 +2058,50 @@
            },
            "time": "2021-10-29T13:26:27+00:00"
        },
        {
            "name": "ralouphie/getallheaders",
            "version": "3.0.3",
            "source": {
                "type": "git",
                "url": "https://github.com/ralouphie/getallheaders.git",
                "reference": "120b605dfeb996808c31b6477290a714d356e822"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/ralouphie/getallheaders/zipball/120b605dfeb996808c31b6477290a714d356e822",
                "reference": "120b605dfeb996808c31b6477290a714d356e822",
                "shasum": ""
            },
            "require": {
                "php": ">=5.6"
            },
            "require-dev": {
                "php-coveralls/php-coveralls": "^2.1",
                "phpunit/phpunit": "^5 || ^6.5"
            },
            "type": "library",
            "autoload": {
                "files": [
                    "src/getallheaders.php"
                ]
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Ralph Khattar",
                    "email": "ralph.khattar@gmail.com"
                }
            ],
            "description": "A polyfill for getallheaders.",
            "support": {
                "issues": "https://github.com/ralouphie/getallheaders/issues",
                "source": "https://github.com/ralouphie/getallheaders/tree/develop"
            },
            "time": "2019-03-08T08:55:37+00:00"
        },
        {
            "name": "symfony/console",
            "version": "v6.4.17",
@@ -2910,7 +3439,7 @@
    ],
    "aliases": [],
    "minimum-stability": "stable",
-    "stability-flags": [],
+    "stability-flags": {},
    "prefer-stable": false,
    "prefer-lowest": false,
    "platform": {
@@ -2921,6 +3450,6 @@
        "ext-xml": "*",
        "ext-dom": "*"
    },
-    "platform-dev": [],
+    "platform-dev": {},
-    "plugin-api-version": "2.3.0"
+    "plugin-api-version": "2.6.0"
 }
--- a/images/order_asc.gif
+++ b/images/order_asc.gif
--- a/images/order_desc.gif
+++ b/images/order_desc.gif
--- a/index.php
+++ b/index.php
@@ -93,6 +93,7 @@ if(setting('core.backward_support')) {
 	if($logged && $account_logged)
 		$group_id_of_acc_logged = $account_logged->getGroupId();
 	$config['serverPath'] = $config['server_path'];
 	$config['site'] = &$config;
 	$config['server'] = &$config['lua'];
 	$config['site']['shop_system'] = setting('core.gifts_system');
@@ -117,6 +118,14 @@ if(setting('core.backward_support')) {
 		$config['status']['serverStatus_' . $key] = $value;
 }
 if(setting('core.views_counter')) {
 	require_once SYSTEM . 'counter.php';
 }
 if(setting('core.visitors_counter')) {
 	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
 }
 require_once SYSTEM . 'router.php';
 // anonymous usage statistics
@@ -153,22 +162,6 @@ if(setting('core.anonymous_usage_statistics')) {
 	}
 }
 if(setting('core.views_counter'))
 	require_once SYSTEM . 'counter.php';
 if(setting('core.visitors_counter')) {
 	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
 }
 /**
 * @var OTS_Account $account_logged
 */
 if ($logged && admin()) {
 	$content .= $twig->render('admin-bar.html.twig', [
 		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
 	]);
 }
 $title_full =  (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];
 require $template_path . '/' . $template_index;
--- a/install/includes/schema.sql
+++ b/install/includes/schema.sql
@@ -10,6 +10,15 @@ CREATE TABLE `myaac_account_actions`
 	KEY (`account_id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_account_email_codes`
 (
 	`id` int(11) NOT NULL AUTO_INCREMENT,
 	`account_id` int NOT NULL,
 	`code` varchar(6) NOT NULL,
 	`created_at` int NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE `myaac_admin_menu`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
--- a/login.php
+++ b/login.php
@@ -88,8 +88,8 @@ switch ($action) {
 	case 'boostedcreature':
 		$clientVersion = (int)setting('core.client');
-		// 14.00 and up
+		// 13.40 and up
-		if ($clientVersion >= 1400) {
+		if ($clientVersion >= 1340) {
 			$creatureBoost = $db->query("SELECT * FROM " . $db->tableName('boosted_creature'))->fetchAll();
 			$bossBoost     = $db->query("SELECT * FROM " . $db->tableName('boosted_boss'))->fetchAll();
 			die(json_encode([
--- a/package-lock.json
+++ b/package-lock.json
@@ -976,15 +976,16 @@
      }
    },
    "node_modules/form-data": {
-      "version": "4.0.2",
+      "version": "4.0.4",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.2.tgz",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz",
-      "integrity": "sha512-hGfm/slu0ZabnNt4oaRZ6uREyfCj6P4fT/n6A1rGV+Z0VdGXjfOhVUpkn6qVQONHGIFwmveGXyDs75+nr6FM8w==",
+      "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "asynckit": "^0.4.0",
        "combined-stream": "^1.0.8",
        "es-set-tostringtag": "^2.1.0",
        "hasown": "^2.0.2",
        "mime-types": "^2.1.12"
      },
      "engines": {
@@ -2084,9 +2085,9 @@
      "license": "MIT"
    },
    "node_modules/tmp": {
-      "version": "0.2.3",
+      "version": "0.2.4",
-      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz",
+      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.4.tgz",
-      "integrity": "sha512-nZD7m9iCPC5g0pYmcaxogYKggSfLsdxl8of3Q/oIbqCqLLIO9IAF0GWjX1z9NZRHPiXv8Wex4yDCaZsgEw0Y8w==",
+      "integrity": "sha512-UdiSoX6ypifLmrfQ/XfiawN6hkjSBpCjhKxxZcWlUUmoXLaCKQU0bx4HF/tdDK2uzRuchf1txGvrWBzYREssoQ==",
      "dev": true,
      "license": "MIT",
      "engines": {
--- a/phpstan.neon
+++ b/phpstan.neon
@@ -28,10 +28,9 @@ parameters:
 		- '#Variable \$guild might not be defined#'
 		- '#Variable \$[a-zA-Z0-9\\_]+ might not be defined#'
 		# Eloquent models
 		- '#Call to an undefined method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+\(\)#'
 		- '#Call to an undefined static method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+\(\)#'
 		- '#Call to an undefined method object::toArray\(\)#'
 		# system/pages/highscores.php
 		- '#Call to an undefined method Illuminate\\Database\\Query\\Builder::withOnlineStatus\(\)#'
 		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$online_status#'
 		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$vocation_name#'
 		-
--- a/plugins/example.json
+++ b/plugins/example.json
@@ -51,5 +51,8 @@
 		"themes": true,
 		"admin-pages": true,
 		"admin-pages-sub-folders": true,
 		"settings": true,
 		"install": true,
 		"init": false
 	}
 }
--- a/system/functions.php
+++ b/system/functions.php
@@ -512,6 +512,13 @@ function template_place_holder($type): string
 	}
 	elseif ($type === 'body_start') {
 		$ret .= $twig->render('browsehappy.html.twig');
 		if (admin()) {
 			global $account_logged;
 			$ret .= $twig->render('admin-bar.html.twig', [
 				'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
 			]);
 		}
 	}
 	elseif($type === 'body_end') {
 		$ret .= template_ga_code();
@@ -767,6 +774,10 @@ function formatExperience($exp, $color = true)
 	return $ret;
 }
 function getExperienceForLevel($level): float|int {
 	return ( 50 / 3 ) * pow( $level, 3 ) - ( 100 * pow( $level, 2 ) ) + ( ( 850 / 3 ) * $level ) - 200;
 }
 function get_locales()
 {
 	$ret = array();
@@ -982,11 +993,12 @@ function load_config_lua($filename)
 		foreach($lines as $ln => $line)
 		{
 			$line = trim($line);
-			if(@$line[0] === '{' || @$line[0] === '}') {
+			if(isset($line[0]) && ($line[0] === '{' || $line[0] === '}')) {
 				// arrays are not supported yet
 				// just ignore the error
 				continue;
 			}
 			$tmp_exp = explode('=', $line, 2);
 			if(str_contains($line, 'dofile')) {
 				$delimiter = '"';
@@ -1216,7 +1228,8 @@ function setting($key)
 		return $settings[$key[0]] = $key[1];
 	}
-	return $settings[$key]['value'];
+	$ret = $settings[$key];
 	return isset($ret) ? $ret['value'] : null;
 }
 function clearCache()
@@ -1265,14 +1278,15 @@ function clearCache()
 		$db->setClearCacheAfter(true);
 	}
 	if (function_exists('apcu_clear_cache')) {
 		apcu_clear_cache();
 	}
 	deleteDirectory(CACHE . 'signatures', ['index.html'], true);
 	deleteDirectory(CACHE . 'twig', ['index.html'], true);
 	deleteDirectory(CACHE . 'plugins', ['index.html'], true);
 	deleteDirectory(CACHE, ['signatures', 'twig', 'plugins', 'index.html', 'persistent'], true);
 	// routes cache
 	clearRouteCache();
 	global $hooks;
 	$hooks->trigger(HOOK_CACHE_CLEAR, ['cache' => Cache::getInstance()]);
--- a/system/init.php
+++ b/system/init.php
@@ -144,6 +144,15 @@ $ots = POT::getInstance();
 $eloquentConnection = null;
 require_once SYSTEM . 'database.php';
 define('USE_ACCOUNT_NAME', $db->hasColumn('accounts', 'name'));
 define('USE_ACCOUNT_NUMBER', $db->hasColumn('accounts', 'number'));
 define('USE_ACCOUNT_SALT', $db->hasColumn('accounts', 'salt'));
 define('HAS_ACCOUNT_COINS', $db->hasColumn('accounts', 'coins'));
 define('HAS_ACCOUNT_COINS_TRANSFERABLE', $db->hasColumn('accounts', 'coins_transferable'));
 define('HAS_ACCOUNT_TRANSFERABLE_COINS', $db->hasColumn('accounts', 'transferable_coins'));
 const ACCOUNT_COINS_TRANSFERABLE_COLUMN = (HAS_ACCOUNT_COINS_TRANSFERABLE ? 'coins_transferable' : 'transferable_coins');
 $twig->addGlobal('logged', false);
 $twig->addGlobal('account_logged', new \OTS_Account());
@@ -188,10 +197,6 @@ if($settingsItemImagesURL[strlen($settingsItemImagesURL) - 1] !== '/') {
 	setting(['core.item_images_url', $settingsItemImagesURL . '/']);
 }
 define('USE_ACCOUNT_NAME', $db->hasColumn('accounts', 'name'));
 define('USE_ACCOUNT_NUMBER', $db->hasColumn('accounts', 'number'));
 define('USE_ACCOUNT_SALT', $db->hasColumn('accounts', 'salt'));
 $towns = Cache::remember('towns', 10 * 60, function () use ($db) {
 	if ($db->hasTable('towns') && Town::count() > 0) {
 		return Town::orderBy('id', 'ASC')->pluck('name', 'id')->toArray();
--- a/system/libs/pot/OTS_Account.php
+++ b/system/libs/pot/OTS_Account.php
@@ -473,12 +473,9 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
    public function isPremium()
    {
-		global $config;
+		if(isset($this->data['premium_ends_at'])) {
-        if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return true;
+			return $this->data['premium_ends_at'] > time();
-
+		}
 	    if(isset($this->data['premium_ends_at'])) {
 		    return $this->data['premium_ends_at'] > time();
 	    }
 		if(isset($this->data['premend'])) {
 			return $this->data['premend'] > time();
--- a/system/libs/pot/OTS_Player.php
+++ b/system/libs/pot/OTS_Player.php
@@ -2919,6 +2919,32 @@ class OTS_Player extends OTS_Row_DAO
 		$this->data['banned'] = $ban['active'];
 		$this->data['banned_time'] = $ban['expires'];
 	}
 	public function isNameLocked(): bool
 	{
 		// nothing can't be banned
 		if( !$this->isLoaded() ) {
 			throw new E_OTS_NotLoaded();
 		}
 		if($this->db->hasTable('player_namelocks')) {
 			$ban = $this->db->query('SELECT 1 FROM `player_namelocks` WHERE `player_id` = ' . $this->data['id'])->fetch(PDO::FETCH_ASSOC);
 			return (isset($ban['1']));
 		}
 		else if($this->db->hasTable('bans')) {
 			if($this->db->hasColumn('bans', 'active')) {
 				$ban = $this->db->query('SELECT `active`, `expires` FROM `bans` WHERE `type` = 2 AND `active` = 1 AND `value` = ' . $this->data['id'] . ' AND (`expires` > ' . time() .' OR `expires` = -1) ORDER BY `expires` DESC')->fetch();
 				return isset($ban['active']);
 			}
 			else { // tfs 0.2
 				$ban = $this->db->query('SELECT `time` FROM `bans` WHERE `type` = 2 AND `account` = ' . $this->data['account_id'] . ' AND (`time` > ' . time() .' OR `time` = -1) ORDER BY `time` DESC')->fetch();
 				return isset($ban['time']) && ($ban['time'] == -1 || $ban['time'] > 0);
 			}
 		}
 		return false;
 	}
 /**
 * Deletes player.
 *
@@ -2953,21 +2979,14 @@ class OTS_Player extends OTS_Row_DAO
 * @return string Player proffesion name.
 * @throws E_OTS_NotLoaded If player is not loaded or global vocations list is not loaded.
 */
-	public function getVocationName()
+	public function getVocationName(): string
 	{
 		if( !isset($this->data['vocation']) )
 		{
 			throw new E_OTS_NotLoaded();
 		}
-		global $config;
+		return OTS_Toolbox::getVocationName($this->data['vocation'], $this->data['promotion'] ?? 0);
 		$voc = $this->getVocation();
 		if(!isset($config['vocations'][$voc])) {
 			return 'Unknown';
 		}
 		return $config['vocations'][$voc];
 		//return POT::getInstance()->getVocationsList()->getVocationName($this->data['vocation']);
 	}
 /**
--- a/system/libs/pot/OTS_Toolbox.php
+++ b/system/libs/pot/OTS_Toolbox.php
@@ -29,11 +29,11 @@ class OTS_Toolbox
 * @return int Experience points for level.
 */
 	public static function experienceForLevel($level, $experience = 0)
-    {
+	{
-        //return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
+		//return 50 * ($level - 1) * ($level * $level - 5 * $level + 12) / 3 - $experience;
 		$level = $level - 1;
 		return ((50 * $level * $level * $level) - (150 * $level * $level) + (400 * $level)) / 3;
-    }
+	}
 /**
 * Finds out which level user have basing on his/her experience.
@@ -45,19 +45,19 @@ class OTS_Toolbox
 * @param int $experience Current experience points.
 * @return int Experience level.
 */
-    public static function levelForExperience($experience)
+	public static function levelForExperience($experience)
-    {
+	{
-        // default level
+		// default level
-        $level = 1;
+		$level = 1;
-        // until we will find level which requires more experience then we have we will step to next
+		// until we will find level which requires more experience then we have we will step to next
-        while( self::experienceForLevel($level + 1) <= $experience)
+		while( self::experienceForLevel($level + 1) <= $experience)
-        {
+		{
-            $level++;
+			$level++;
-        }
+		}
-        return $level;
+		return $level;
-    }
+	}
 /**
 * @version 0.1.5
@@ -65,25 +65,25 @@ class OTS_Toolbox
 * @return OTS_Players_List Filtered list.
 * @deprecated 0.1.5 Use OTS_PlayerBans_List.
 */
-    public static function bannedPlayers()
+	public static function bannedPlayers()
-    {
+	{
-        // creates filter
+		// creates filter
-        $filter = new OTS_SQLFilter();
+		$filter = new OTS_SQLFilter();
-        $filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_PLAYER);
+		$filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_PLAYER);
-        $filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
+		$filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
-        $filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'players') );
+		$filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'players') );
-        // selects only active bans
+		// selects only active bans
-        $actives = new OTS_SQLFilter();
+		$actives = new OTS_SQLFilter();
-        $actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
+		$actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
-        $actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
+		$actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
-        $filter->addFilter($actives);
+		$filter->addFilter($actives);
-        // creates list and aplies filter
+		// creates list and aplies filter
-        $list = new OTS_Players_List();
+		$list = new OTS_Players_List();
-        $list->setFilter($filter);
+		$list->setFilter($filter);
-        return $list;
+		return $list;
-    }
+	}
 /**
 * @version 0.1.5
@@ -91,25 +91,34 @@ class OTS_Toolbox
 * @return OTS_Accounts_List Filtered list.
 * @deprecated 0.1.5 Use OTS_AccountBans_List.
 */
-    public static function bannedAccounts()
+	public static function bannedAccounts()
-    {
+	{
-        // creates filter
+		// creates filter
-        $filter = new OTS_SQLFilter();
+		$filter = new OTS_SQLFilter();
-        $filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_ACCOUNT);
+		$filter->addFilter( new OTS_SQLField('type', 'bans'), POT::BAN_ACCOUNT);
-        $filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
+		$filter->addFilter( new OTS_SQLField('active', 'bans'), 1);
-        $filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'accounts') );
+		$filter->addFilter( new OTS_SQLField('value', 'bans'), new OTS_SQLField('id', 'accounts') );
-        // selects only active bans
+		// selects only active bans
-        $actives = new OTS_SQLFilter();
+		$actives = new OTS_SQLFilter();
-        $actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
+		$actives->addFilter( new OTS_SQLField('expires', 'bans'), 0);
-        $actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
+		$actives->addFilter( new OTS_SQLField('time', 'bans'), time(), OTS_SQLFilter::OPERATOR_GREATER, OTS_SQLFilter::CRITERIUM_OR);
-        $filter->addFilter($actives);
+		$filter->addFilter($actives);
-        // creates list and aplies filter
+		// creates list and aplies filter
-        $list = new OTS_Accounts_List();
+		$list = new OTS_Accounts_List();
-        $list->setFilter($filter);
+		$list->setFilter($filter);
-        return $list;
+		return $list;
-    }
+	}
 	public static function getVocationName($id, $promotion = 0): string
 	{
 		if($promotion > 0) {
 			$id = ($id + ($promotion * config('vocations_amount')));
 		}
 		return config('vocations')[$id] ?? 'Unknown';
 	}
 }
 /**#@-*/
--- a/system/migrations/46-account_email_codes.sql
+++ b/system/migrations/46-account_email_codes.sql
@@ -0,0 +1,8 @@
 CREATE TABLE `myaac_account_email_codes`
 (
 	`id` int(11) NOT NULL AUTO_INCREMENT,
 	`account_id` int NOT NULL,
 	`code` varchar(6) NOT NULL,
 	`created_at` int NOT NULL,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
--- a/system/migrations/46.php
+++ b/system/migrations/46.php
@@ -0,0 +1,27 @@
 <?php
 // add the myaac_account_email_codes
 /**
 * @var OTS_DB_MySQL $db
 */
 $up = function () use ($db) {
 	if (!$db->hasColumn('accounts', '2fa_type')) {
 		$db->addColumn('accounts', '2fa_type', "tinyint NOT NULL DEFAULT 0 AFTER `web_flags`");
 	}
 	// add myaac_account_email_codes table
 	if (!$db->hasTable(TABLE_PREFIX . 'account_email_codes')) {
 		$db->exec(file_get_contents(__DIR__ . '/46-account_email_codes.sql'));
 	}
 };
 $down = function () use ($db) {
 	if ($db->hasColumn('accounts', '2fa_type')) {
 		$db->dropColumn('accounts', '2fa_type');
 	}
 	//if ($db->hasTable(TABLE_PREFIX . 'account_email_codes')) {
 	//	$db->dropTable(TABLE_PREFIX . 'account_email_codes');
 	//}
 };
--- a/system/pages/404.php
+++ b/system/pages/404.php
@@ -8,7 +8,7 @@
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = '404 Not Found';
+$title = 'Not Found';
 header('HTTP/1.0 404 Not Found');
 ?>
--- a/system/pages/405.php
+++ b/system/pages/405.php
@@ -8,7 +8,7 @@
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = '405 Method Not Allowed';
+$title = 'Method Not Allowed';
 header('HTTP/1.0 405 Method Not Allowed');
 ?>
--- a/system/pages/account/2fa.php
+++ b/system/pages/account/2fa.php
@@ -0,0 +1,121 @@
 <?php
 /**
 * 2-factor authentication
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\TwoFactorAuth\TwoFactorAuth;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Two Factor Authentication';
 require __DIR__ . '/base.php';
 csrfProtect();
 /**
 * @var OTS_Account $account_logged
 */
 $step = $_REQUEST['step'] ?? '';
 $code = $_REQUEST['email-code'] ?? '';
 if ((!setting('core.mail_enabled')) && ACTION == 'email-code') {
 	$twig->display('error_box.html.twig',  ['errors' => ['Account two-factor e-mail authentication disabled.']]);
 	return;
 }
 if (!isset($account_logged) || !$account_logged->isLoaded()) {
 	$current_session = getSession('account');
 	if($current_session) {
 		$account_logged->load($current_session);
 	}
 }
 $twoFactorAuth = TwoFactorAuth::getInstance($account_logged);
 if (ACTION == 'email-code') {
 	if ($step == 'resend') {
 		if ($twoFactorAuth->hasRecentEmailCode(15 * 60)) {
 			$errors = ['Sorry, one email per 15 minutes'];
 		}
 		else {
 			$twoFactorAuth->resendEmailCode();
 		}
 		if (!empty($errors)) {
 			$twig->display('error_box.html.twig',  ['errors' => $errors]);
 		}
 		$twig->display('account.2fa.email.login.html.twig');
 	}
 	else if ($step == 'activate') {
 		if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
 			$twoFactorAuth->resendEmailCode();
 		}
 		if (isset($_POST['save'])) {
 			if (!empty($code)) {
 				$twoFactorAuth->setAuthGateway(TwoFactorAuth::TYPE_EMAIL);
 				if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
 					$serverName = configLua('serverName');
 					$twoFactorAuth->enable(TwoFactorAuth::TYPE_EMAIL);
 					$twoFactorAuth->deleteOldCodes();
 					$twig->display('success.html.twig', [
 						'title' => 'Email Code Authentication Activated',
 						'description' => sprintf('You have successfully activated <b>email code authentication</b> for your account. This means an <b>email code</b> will be sent to the email address assigned to your account whenever you try to log in to the %s client or the %s website. In order to log in, you will need to enter the <b>most recent email code</b> you have received.', $serverName, $serverName)
 					]);
 					return;
 				}
 				else {
 					$errors[] = 'Invalid email code!';
 				}
 			}
 		}
 		if (!empty($errors)) {
 			$twig->display('error_box.html.twig', ['errors' => $errors]);
 		}
 		$twig->display('account.2fa.email_code.html.twig', ['wrongCode' => count($errors) > 0]);
 	}
 	else if ($step == 'deactivate') {
 		if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
 			$twoFactorAuth->resendEmailCode();
 		}
 		if (isset($_POST['save'])) {
 			if (!empty($code)) {
 				if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
 					$twoFactorAuth->disable();
 					$twoFactorAuth->deleteOldCodes();
 					$twig->display('success.html.twig',
 						[
 							'title' => 'Email Code Authentication Deactivated',
 							'description' => 'You have successfully <b>deactivated</b> the <b>Email Code Authentication</b> for your account.'
 						]
 					);
 					return;
 				}
 				else {
 					$errors[] = 'Invalid email code!';
 				}
 			}
 		}
 		if (!empty($errors)) {
 			$twig->display('error_box.html.twig', ['errors' => $errors]);
 		}
 		$twig->display('account.2fa.email.deactivate.html.twig', ['wrongCode' => count($errors) > 0]);
 	}
 }
--- a/system/pages/account/base.php
+++ b/system/pages/account/base.php
@@ -17,6 +17,10 @@ if(!$logged)
 	if(!empty($errors))
 		$twig->display('error_box.html.twig', array('errors' => $errors));
 	if (defined('HIDE_LOGIN_BOX') && HIDE_LOGIN_BOX) {
 		return;
 	}
 	$twig->display('account.login.html.twig', array(
 		'redirect' => $_REQUEST['redirect'] ?? null,
 		'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
--- a/system/pages/account/change-email.php
+++ b/system/pages/account/change-email.php
@@ -166,7 +166,7 @@ if(isset($_POST['emailchangecancel']) && $_POST['emailchangecancel'] == 1) {
 	$account_logged->setCustomField("email_new", "");
 	$account_logged->setCustomField("email_new_time", 0);
-	$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" ><tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';
+	$custom_buttons = '<div style="text-align:center"><table border="0" cellspacing="0" cellpadding="0" ><form action="' . getLink('account/manage') . '" method="post" >' . csrf(true) . '<tr><td style="border:0px;" >' . $twig->render('buttons.back.html.twig') . '</td></tr></form></table></div>';
 	$twig->display('success.html.twig', array(
 		'title' => 'Email Address Change Cancelled',
--- a/system/pages/account/create.php
+++ b/system/pages/account/create.php
@@ -227,10 +227,15 @@ if($save)
 		}
 		$accountDefaultCoins = setting('core.account_coins');
-		if($db->hasColumn('accounts', 'coins') && $accountDefaultCoins > 0) {
+		if(HAS_ACCOUNT_COINS && $accountDefaultCoins > 0) {
 			$new_account->setCustomField('coins', $accountDefaultCoins);
 		}
 		$accountDefaultCoinsTransferable = setting('core.account_coins_transferable');
 		if((HAS_ACCOUNT_COINS_TRANSFERABLE || HAS_ACCOUNT_TRANSFERABLE_COINS) && $accountDefaultCoinsTransferable > 0) {
 			$new_account->setCustomField(ACCOUNT_COINS_TRANSFERABLE_COLUMN, $accountDefaultCoinsTransferable);
 		}
 		$tmp_account = $email;
 		if (!config('account_login_by_email')) {
 			$tmp_account = (USE_ACCOUNT_NAME ? $account_name : $account_id);
--- a/system/pages/account/login.php
+++ b/system/pages/account/login.php
@@ -10,6 +10,7 @@
 */
 use MyAAC\RateLimit;
 use MyAAC\TwoFactorAuth\TwoFactorAuth;
 defined('MYAAC') or die('Direct access not allowed!');
@@ -50,6 +51,11 @@ if(!empty($login_account) && !empty($login_password))
 		if (setting('core.account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) {
 			$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.';
 		} else {
 			$twoFactorAuth = TwoFactorAuth::getInstance($account_logged);
 			if (!$twoFactorAuth->process($login_account, $login_password, $_POST['email-code'] ?? '')) {
 				return;
 			}
 			session_regenerate_id();
 			setSession('account', $account_logged->getId());
 			setSession('password', encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password));
--- a/system/pages/account/manage.php
+++ b/system/pages/account/manage.php
@@ -8,6 +8,9 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 use MyAAC\TwoFactorAuth\TwoFactorAuth;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Account Management';
@@ -111,6 +114,8 @@ $twig->display('account.management.html.twig', array(
 	'account_registered' => $account_registered,
 	'account_rlname' => $account_rlname,
 	'account_location' => $account_location,
 	'twoFactorViews' => TwoFactorAuth::getInstance($account_logged)->getAccountManageViews(),
 	'actions' => $actions,
-	'players' => $account_players
+	'players' => $account_players,
 ));
--- a/system/pages/account/redirect.php
+++ b/system/pages/account/redirect.php
@@ -1,23 +0,0 @@
 <?php
 /**
 * Change comment
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $redirect = urldecode($_REQUEST['redirect']);
 // should never happen, unless hacker modify the URL
 if (!str_contains($redirect, BASE_URL)) {
 	error('Fatal error: Cannot redirect outside the website.');
 	return;
 }
 $twig->display('account.redirect.html.twig', array(
 	'redirect' => $redirect
 ));
--- a/system/pages/guilds/list.php
+++ b/system/pages/guilds/list.php
@@ -36,10 +36,9 @@ if(count($guilds_list) > 0) {
 		$guildName = $guild->getName();
 		$guilds[] = array('name' => $guildName, 'logo' => $guild_logo, 'link' => getGuildLink($guildName, false), 'description' => $description);
 	}
-};
+}
 $twig->display('guilds.list.html.twig', array(
 	'guilds' => $guilds,
 	'logged' => $logged ?? false,
 	'isAdmin' => admin(),
 ));
--- a/system/pages/highscores.php
+++ b/system/pages/highscores.php
@@ -123,16 +123,10 @@ if($db->hasColumn('players', 'promotion'))
 	$promotion = ',players.promotion';
 $outfit_addons = false;
-$outfit = '';
+$outfit = ', lookbody, lookfeet, lookhead, looklegs, looktype';
-
+if($db->hasColumn('players', 'lookaddons')) {
-$settingHighscoresOutfit = setting('core.highscores_outfit');
+	$outfit .= ', lookaddons';
-
+	$outfit_addons = true;
 if($settingHighscoresOutfit) {
 	$outfit = ', lookbody, lookfeet, lookhead, looklegs, looktype';
 	if($db->hasColumn('players', 'lookaddons')) {
 		$outfit .= ', lookaddons';
 		$outfit_addons = true;
 	}
 }
 $configHighscoresPerPage = setting('core.highscores_per_page');
@@ -146,17 +140,24 @@ $cache = Cache::getInstance();
 if ($cache->enabled() && $highscoresTTL > 0) {
 	$tmp = '';
 	if ($cache->fetch($cacheKey, $tmp)) {
-		$highscores = unserialize($tmp);
+		$data = unserialize($tmp);
 		$totalResults = $data['totalResults'];
 		$highscores = $data['highscores'];
 		$updatedAt = $data['updatedAt'];
 		$needReCache = false;
 	}
 }
 $offset = ($page - 1) * $configHighscoresPerPage;
-$query->join('accounts', 'accounts.id', '=', 'players.account_id')
+$query->withOnlineStatus()
 	->withOnlineStatus()
 	->whereNotIn('players.id', setting('core.highscores_ids_hidden'))
 	->notDeleted()
-	->where('players.group_id', '<', setting('core.highscores_groups_hidden'))
+	->where('players.group_id', '<', setting('core.highscores_groups_hidden'));
 $totalResultsQuery = clone $query;
 $query
 	->join('accounts', 'accounts.id', '=', 'players.account_id')
 	->limit($limit)
 	->offset($offset)
 	->selectRaw('accounts.country, players.id, players.name, players.account_id, players.level, players.vocation' . $outfit . $promotion)
@@ -215,17 +216,24 @@ if (empty($highscores)) {
 		return $tmp;
 	})->toArray();
 	$updatedAt = time();
 	$totalResults = $totalResultsQuery->count();
 }
 if ($highscoresTTL > 0 && $cache->enabled() && $needReCache) {
-	$cache->set($cacheKey, serialize($highscores), $highscoresTTL * 60);
+	$cache->set($cacheKey, serialize(
 		[
 			'totalResults' => $totalResults,
 			'highscores' => $highscores,
 			'updatedAt' => $updatedAt,
 		]
 	), $highscoresTTL * 60);
 }
 $show_link_to_next_page = false;
 $i = 0;
 $settingHighscoresVocation = setting('core.highscores_vocation');
 foreach($highscores as $id => &$player)
 {
 	if(++$i <= $configHighscoresPerPage)
@@ -239,10 +247,22 @@ foreach($highscores as $id => &$player)
 		$player['link'] = getPlayerLink($player['name'], false);
 		$player['flag'] = getFlagImage($player['country']);
-		if($settingHighscoresOutfit) {
+		$player['outfit'] = '<img style="position:absolute;margin-top:' . (in_array($player['looktype'], setting('core.outfit_images_wrong_looktypes')) ? '-15px;margin-left:5px' : '-45px;margin-left:-25px') . ';" src="' . $player['outfit_url'] . '" alt="" />';
-			$player['outfit'] = '<img style="position:absolute;margin-top:' . (in_array($player['looktype'], setting('core.outfit_images_wrong_looktypes')) ? '-15px;margin-left:5px' : '-45px;margin-left:-25px') . ';" src="' . $player['outfit_url'] . '" alt="" />';
+
 		if ($skill != POT::SKILL__LEVEL) {
 			if (isset($lastValue) && $lastValue == $player['value']) {
 				$player['rank'] = $lastRank;
 			}
 			else {
 				$player['rank'] = $offset + $i;
 			}
 			$lastRank = $player['rank'] ;
 			$lastValue = $player['value'];
 		}
 		else {
 			$player['rank'] = $offset + $i;
 		}
 		$player['rank'] = $offset + $i;
 	}
 	else {
 		unset($highscores[$id]);
@@ -263,6 +283,8 @@ if($show_link_to_next_page) {
 	$linkNextPage = getLink('highscores') . '/' . $list . ($vocation !== 'all' ? '/' . $vocation : '') . '/' . ($page + 1);
 }
 $baseLink = getLink('highscores') . '/' . $list . ($vocation !== 'all' ? '/' . $vocation : '') . '/';
 $types = array(
 	'experience' => 'Experience',
 	'magic' => 'Magic',
@@ -297,4 +319,8 @@ $twig->display('highscores.html.twig', [
 	'types' => $types,
 	'linkPreviousPage' => $linkPreviousPage,
 	'linkNextPage' => $linkNextPage,
 	'totalResults' => $totalResults,
 	'page' => $page,
 	'baseLink' => $baseLink,
 	'updatedAt' => $updatedAt,
 ]);
--- a/system/pages/online.php
+++ b/system/pages/online.php
@@ -9,123 +9,140 @@
 * @link      https://my-aac.org
 */
 use MyAAC\Cache\Cache;
 use MyAAC\Models\ServerConfig;
 use MyAAC\Models\ServerRecord;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Who is online?';
-if (setting('core.account_country'))
+if (setting('core.account_country')) {
 	require SYSTEM . 'countries.conf.php';
 }
 $promotion = '';
-if($db->hasColumn('players', 'promotion'))
+if($db->hasColumn('players', 'promotion')) {
 	$promotion = '`promotion`,';
 $order = $_GET['order'] ?? 'name';
 if(!in_array($order, array('country', 'name', 'level', 'vocation')))
 	$order = $db->fieldName('name');
 else if($order == 'country')
 	$order = $db->tableName('accounts') . '.' . $db->fieldName('country');
 else if($order == 'vocation')
 	$order = $promotion . 'vocation ASC';
 $skull_type = 'skull';
 if($db->hasColumn('players', 'skull_type')) {
 	$skull_type = 'skull_type';
 }
-$skull_time = 'skulltime';
+$order = $_GET['order'] ?? 'name_asc';
-if($db->hasColumn('players', 'skull_time')) {
+if(!in_array($order, ['country_asc', 'country_desc', 'name_asc', 'name_desc', 'level_asc', 'level_desc', 'vocation_asc', 'vocation_desc'])) {
-	$skull_time = 'skull_time';
+	$order = 'name_asc';
 }
 else if($order == 'vocation_asc' || $order == 'vocation_desc') {
 	$order = $promotion . 'vocation_' . (str_contains($order, 'asc') ? 'asc' : 'desc');
 }
-$outfit_addons = false;
+$cached = Cache::remember("online_$order", setting('core.online_cache_ttl') * 60, function() use($db, $promotion, $order) {
-$outfit = '';
+	$orderExplode = explode('_', $order);
-if (setting('core.online_outfit')) {
+	$orderSql = $orderExplode[0] . ' ' . $orderExplode[1];
 	$skull_type = 'skull';
 	if($db->hasColumn('players', 'skull_type')) {
 		$skull_type = 'skull_type';
 	}
 	$skull_time = 'skulltime';
 	if($db->hasColumn('players', 'skull_time')) {
 		$skull_time = 'skull_time';
 	}
 	$outfit_addons = false;
 	$outfit = ', lookbody, lookfeet, lookhead, looklegs, looktype';
 	if($db->hasColumn('players', 'lookaddons')) {
 		$outfit .= ', lookaddons';
 		$outfit_addons = true;
 	}
 }
-$vocs = [];
+	$vocations = array_map(function ($name) {
-if (setting('core.online_vocations')) {
+		return 0;
-	foreach($config['vocations'] as $id => $name) {
+	}, setting('core.vocations'));
 		$vocs[$id] = 0;
 	}
 }
-if($db->hasTable('players_online')) // tfs 1.0
+	if($db->hasTable('players_online')) // tfs 1.0
-	$playersOnline = $db->query('SELECT `accounts`.`country`, `players`.`name`, `players`.`level`, `players`.`vocation`' . $outfit . ', `' . $skull_time . '` as `skulltime`, `' . $skull_type . '` as `skull` FROM `accounts`, `players`, `players_online` WHERE `players`.`id` = `players_online`.`player_id` AND `accounts`.`id` = `players`.`account_id`  ORDER BY ' . $order);
+		$playersOnline = $db->query('SELECT `accounts`.`country`, `players`.`name`, `players`.`level`, `players`.`vocation`' . $outfit . ', `' . $skull_time . '` as `skulltime`, `' . $skull_type . '` as `skull` FROM `accounts`, `players`, `players_online` WHERE `players`.`id` = `players_online`.`player_id` AND `accounts`.`id` = `players`.`account_id`  ORDER BY ' . $orderSql);
-else
+	else
-	$playersOnline = $db->query('SELECT `accounts`.`country`, `players`.`name`, `players`.`level`, `players`.`vocation`' . $outfit . ', ' . $promotion . ' `' . $skull_time . '` as `skulltime`, `' . $skull_type . '` as `skull` FROM `accounts`, `players` WHERE `players`.`online` > 0 AND `accounts`.`id` = `players`.`account_id`  ORDER BY ' . $order);
+		$playersOnline = $db->query('SELECT `accounts`.`country`, `players`.`name`, `players`.`level`, `players`.`vocation`' . $outfit . ', ' . $promotion . ' `' . $skull_time . '` as `skulltime`, `' . $skull_type . '` as `skull` FROM `accounts`, `players` WHERE `players`.`online` > 0 AND `accounts`.`id` = `players`.`account_id`  ORDER BY ' . $orderSql);
-$players_data = array();
+	$settingVocations = setting('core.vocations');
-$players = 0;
+	$settingVocationsAmount = setting('core.vocations_amount');
-$data = '';
+
-foreach($playersOnline as $player) {
+	$players = [];
-	$skull = '';
+	foreach($playersOnline as $player) {
-	if (setting('core.online_skulls'))
+		$skull = '';
-	{
+		if($player['skulltime'] > 0) {
-		if($player['skulltime'] > 0)
+			if($player['skull'] == 3) {
 		{
 			if($player['skull'] == 3)
 				$skull = ' <img style="border: 0;" src="images/white_skull.gif"/>';
-			elseif($player['skull'] == 4)
+			}
 			elseif($player['skull'] == 4) {
 				$skull = ' <img style="border: 0;" src="images/red_skull.gif"/>';
-			elseif($player['skull'] == 5)
+			}
 			elseif($player['skull'] == 5) {
 				$skull = ' <img style="border: 0;" src="images/black_skull.gif"/>';
 		}
 	}
 	if(isset($player['promotion'])) {
 		if((int)$player['promotion'] > 0)
 			$player['vocation'] += ($player['promotion'] * $config['vocations_amount']);
 	}
 	$players_data[] = array(
 		'name' => getPlayerLink($player['name']),
 		'player' => $player,
 		'level' => $player['level'],
 		'vocation' => $config['vocations'][$player['vocation']],
 		'country_image' => setting('core.account_country') ? getFlagImage($player['country']) : null,
 		'outfit' => setting('core.online_outfit') ? setting('core.outfit_images_url') . '?id=' . $player['looktype'] . ($outfit_addons ? '&addons=' . $player['lookaddons'] : '') . '&head=' . $player['lookhead'] . '&body=' . $player['lookbody'] . '&legs=' . $player['looklegs'] . '&feet=' . $player['lookfeet'] : null
 	);
 	if (setting('core.online_vocations')) {
 		$vocs[($player['vocation'] > $config['vocations_amount'] ? $player['vocation'] - $config['vocations_amount'] : $player['vocation'])]++;
 	}
 }
 $record = '';
 if(count($players_data) > 0) {
 	if( setting('core.online_record')) {
 		$result = null;
 		$timestamp = false;
 		if($db->hasTable('server_record')) {
 			$timestamp = true;
 			$result = ServerRecord::where('world_id', $config['lua']['worldId'])->orderByDesc('record')->first()->toArray();
 		} else if($db->hasTable('server_config')) { // tfs 1.0
 			$row = ServerConfig::where('config', 'players_record')->first();
 			if ($row) {
 				$result = ['record' => $row->value];
 			}
 		}
-		if($result) {
+		if(isset($player['promotion'])) {
-			$record = 'The maximum on this game world was ' . $result['record'] . ' players' . ($timestamp ? ' on ' . date("M d Y, H:i:s", $result['timestamp']) . '.' : '.');
+			if((int)$player['promotion'] > 0)
 				$player['vocation'] += ($player['promotion'] * $settingVocationsAmount);
 		}
 		$players[] = array(
 			'name' => getPlayerLink($player['name']),
 			'player' => $player,
 			'level' => $player['level'],
 			'vocation' => $settingVocations[$player['vocation']],
 			'skull' => $skull,
 			'country_image' => getFlagImage($player['country']),
 			'outfit' => setting('core.outfit_images_url') . '?id=' . $player['looktype'] . ($outfit_addons ? '&addons=' . $player['lookaddons'] : '') . '&head=' . $player['lookhead'] . '&body=' . $player['lookbody'] . '&legs=' . $player['looklegs'] . '&feet=' . $player['lookfeet'],
 		);
 		$vocations[($player['vocation'] > $settingVocationsAmount ? $player['vocation'] - $settingVocationsAmount : $player['vocation'])]++;
 	}
 	$record = '';
 	if(count($players) > 0) {
 		if( setting('core.online_record')) {
 			$result = null;
 			$timestamp = false;
 			if($db->hasTable('server_record')) {
 				$timestamp = $db->hasColumn('server_record', 'timestamp');
 				$serverRecordQuery = ServerRecord::query();
 				if ($db->hasColumn('server_record', 'world_id')) {
 					$serverRecordQuery->where('world_id', configLua('worldId'));
 				}
 				$result = $serverRecordQuery->orderByDesc('record')->first();
 				if ($result) {
 					$result = $result->toArray();
 				}
 			} else if($db->hasTable('server_config')) { // tfs 1.0
 				$row = ServerConfig::where('config', 'players_record')->first();
 				if ($row) {
 					$result = ['record' => $row->value];
 				}
 			}
 			if($result) {
 				$record = $result['record'] . ' player' . ($result['record'] > 1 ? 's' : '') . ($timestamp ? ' (on ' . date("M d Y, H:i:s", $result['timestamp']) . ')' : '');
 			}
 		}
 	}
-}
+
 	return [
 		'players' => $players,
 		'record' => $record,
 		'vocations' => $vocations,
 	];
 });
 $twig->display('online.html.twig', array(
-	'players' => $players_data,
+	'players' => $cached['players'],
-	'record' => $record,
+	'record' => $cached['record'],
-	'vocs' => $vocs,
+	'vocations' => $cached['vocations'],
 	'vocs' => $cached['vocations'], // deprecated, to be removed
 	'order' => $order,
 ));
-//search bar
+// search bar
-$twig->display('online.form.html.twig');
+$twig->display('characters.form.html.twig');
 ?>
--- a/system/router.php
+++ b/system/router.php
@@ -174,7 +174,12 @@ $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r)
 		// apply aliases
 		$route[1] = str_replace($aliases[0], $aliases[1], $route[1]);
-		$r->addRoute($route[0], $route[1], $route[2]);
+		try {
 			$r->addRoute($route[0], $route[1], $route[2]);
 		}
 		catch (\Exception $e) {
 			// duplicated route, just ignore
 		}
 	}
 	if (config('env') === 'dev') {
@@ -321,7 +326,9 @@ if (isset($_REQUEST['_page_only'])) {
 if(!isset($title)) {
 	$title = str_replace('index.php/', '', $page);
-	$title = ucfirst($title);
+	$title = str_replace(['_', '-', '/'], ' ', $page);
 	$title = ucwords($title);
 }
 if(setting('core.backward_support')) {
--- a/system/routes.php
+++ b/system/routes.php
@@ -22,11 +22,11 @@ return [
 	['GET', 'account/confirm-email/{hash:alphanum}', 'account/confirm-email.php'],
 	['GET', 'bans/{page:int}', 'bans.php'],
-	[['GET', 'POST'], 'characters[/{name:[A-Za-z0-9-_%+\' \[\]]+}]', 'characters.php'],
+	[['GET', 'POST'], 'characters/{name:[A-Za-z0-9-_%+\' \[\]]+}', 'characters.php'],
-	['GET', 'changelog[/{page:int}]', 'changelog.php'],
+	['GET', 'changelog/{page:int}', 'changelog.php'],
-	[['GET', 'POST'], 'monsters[/{name:string}]', 'monsters.php'],
+	[['GET', 'POST'], 'monsters/{name:string}', 'monsters.php'],
-	[['GET', 'POST'], 'faq[/{action:string}]', 'faq.php'],
+	[['GET', 'POST'], 'faq/{action:string}', 'faq.php'],
 	[['GET', 'POST'], 'forum/{action:string}', 'forum.php'],
 	['GET', 'forum/board/{id:int}', 'forum/show_board.php'],
--- a/system/settings.php
+++ b/system/settings.php
@@ -694,7 +694,14 @@ Sent by MyAAC,<br/>
 			'name' => 'Default Account Coins',
 			'type' => 'number',
 			'desc' => 'Default coins on new account',
-			'hidden' => ($db && !$db->hasColumn('accounts', 'coins')),
+			'hidden' => ($db && !HAS_ACCOUNT_COINS),
 			'default' => 0,
 		],
 		'account_coins_transferable' => [
 			'name' => 'Default Account Transferable Coins',
 			'type' => 'number',
 			'desc' => 'Default transferable coins on new account',
 			'hidden' => ($db && !HAS_ACCOUNT_COINS_TRANSFERABLE && !HAS_ACCOUNT_TRANSFERABLE_COINS),
 			'default' => 0,
 		],
 		'account_mail_change' => [
@@ -1062,6 +1069,12 @@ Sent by MyAAC,<br/>
 			'desc' => 'How often to update highscores from database in minutes. Too low may slow down your website.<br/>0 to disable.',
 			'default' => 15,
 		],
 		'highscores_skills_box' => [
 			'name' => 'Display Skills Box',
 			'type' => 'boolean',
 			'desc' => 'show "Choose a skill" box on the highscores (allowing peoples to sort highscores by skill)?',
 			'default' => true,
 		],
 		'highscores_vocation_box' => [
 			'name' => 'Display Vocation Box',
 			'type' => 'boolean',
@@ -1074,6 +1087,12 @@ Sent by MyAAC,<br/>
 			'desc' => 'Show player vocation under his nickname?',
 			'default' => true,
 		],
 		'highscores_online_status' => [
 			'name' => 'Display Online Status',
 			'type' => 'boolean',
 			'desc' => 'Show player status as red (offline) or green (online)',
 			'default' => false,
 		],
 		'highscores_frags' => [
 			'name' => 'Display Top Frags',
 			'type' => 'boolean',
@@ -1228,6 +1247,14 @@ Sent by MyAAC,<br/>
 			'type' => 'section',
 			'title' => 'Online Page'
 		],
 		'online_cache_ttl' => [
 			'name' => 'Online Cache TTL (in minutes)',
 			'type' => 'number',
 			'min' => 0,
 			'desc' => 'How often to update online list from database in minutes. Too low may slow down your website.' . PHP_EOL .
 				'0 to disable.',
 			'default' => 15,
 		],
 		'online_record' => [
 			'name' => 'Display Players Record',
 			'type' => 'boolean',
@@ -1264,6 +1291,12 @@ Sent by MyAAC,<br/>
 			'desc' => '',
 			'default' => false,
 		],
 		'online_datacenter' => [
 			'name' => 'Data Center',
 			'type' => 'text',
 			'desc' => 'Server Location, will be shown on online page',
 			'default' => 'Frankfurt - Germany',
 		],
 		[
 			'type' => 'section',
 			'title' => 'Team Page'
@@ -1570,7 +1603,7 @@ Sent by MyAAC,<br/>
 			'callbacks' => [
 				'beforeSave' => function($key, $value, &$errorMessage) {
 					global $db;
-					if ($value == 'coins' && !$db->hasColumn('accounts', 'coins')) {
+					if ($value == 'coins' && !HAS_ACCOUNT_COINS) {
 						$errorMessage = "Shop: Donate Column: Cannot set column to coins, because it doesn't exist in database.";
 						return false;
 					}
--- a/system/src/Admin/Plugins.php
+++ b/system/src/Admin/Plugins.php
@@ -0,0 +1,49 @@
 <?php
 namespace MyAAC\Admin;
 use GuzzleHttp\Client;
 class Plugins
 {
 	private string $api_base_uri = 'https://plugins.my-aac.org/api/';
 	public function getLatestVersions(): array
 	{
 		$client = new Client([
 			// Base URI is used with relative requests
 			'base_uri' => $this->api_base_uri,
 			// You can set any number of default request options.
 			'timeout'  => 3.0,
 		]);
 		$plugins = get_plugins(true);
 		foreach ($plugins as &$plugin) {
 			if (str_contains($plugin, 'disabled.')) {
 				$plugin = str_replace('disabled.', '', $plugin);
 			}
 		}
 		try {
 			$response = $client->get('get-latest-versions', [
 				'json' => ['plugins' => $plugins],
 			]);
 		}
 		catch (\Exception $e) {
 			error('API Error. Please try again later.');
 			return [];
 		}
 		$statusCode = $response->getStatusCode();
 		if ($statusCode != 200) {
 			throw new \Exception('Error getting info from plugins repository. Please try again later.');
 		}
 		$data = $response->getBody();
 		return json_decode($data, true);
 	}
 	public function setApiBaseUri(string $uri): void {
 		$this->api_base_uri = $uri;
 	}
 }
--- a/system/src/Cache/Cache.php
+++ b/system/src/Cache/Cache.php
@@ -106,7 +106,7 @@ class Cache
 	public static function remember($key, $ttl, $callback)
 	{
 		$cache = self::getInstance();
-		if (!$cache->enabled()) {
+		if (!$cache->enabled() || $ttl == 0) {
 			return $callback();
 		}
--- a/system/src/Commands/CacheClearCommand.php
+++ b/system/src/Commands/CacheClearCommand.php
@@ -2,6 +2,7 @@
 namespace MyAAC\Commands;
 use MyAAC\Cache\Cache;
 use MyAAC\Hooks;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Output\OutputInterface;
@@ -17,10 +18,7 @@ class CacheClearCommand extends Command
 	protected function execute(InputInterface $input, OutputInterface $output): int
 	{
-		global $hooks;
+		require SYSTEM . 'init.php';
 		$hooks = new Hooks();
 		$hooks->load();
 		$hooks->trigger(HOOK_INIT);
 		$io = new SymfonyStyle($input, $output);
@@ -29,6 +27,13 @@ class CacheClearCommand extends Command
 			return Command::FAILURE;
 		}
 		$cacheEngine = config('cache_engine') == 'auto' ?
 			Cache::detect() : config('cache_engine');
 		if (config('env') !== 'dev' && $cacheEngine == 'apcu') {
 			$io->warning('APCu cache cannot be cleared in CLI. Please visit the Admin Panel and clear there.');
 		}
 		$io->success('Cache cleared');
 		return Command::SUCCESS;
 	}
--- a/system/src/Commands/MailSendCommand.php
+++ b/system/src/Commands/MailSendCommand.php
@@ -12,9 +12,10 @@ class MailSendCommand extends Command
 {
 	protected function configure(): void
 	{
-		$this->setName('mail:send')
+		$this->setName('email:send')
 			->setAliases(['mail:send'])
 			->setDescription('This command sends E-Mail to single user. Message can be provided as follows: ' . PHP_EOL
-				. '  echo "Hello World" | php sa email:send --subject="This is the subject" test@test.com')
+				. '  echo "Hello World" | php aac email:send --subject="This is the subject" test@test.com')
 			->addArgument('recipient', InputArgument::REQUIRED, 'Email, Account Name, Account id or Player Name')
 			->addOption('subject', 's', InputOption::VALUE_REQUIRED, 'Subject');
 	}
--- a/system/src/Commands/PluginInstallInstallCommand.php
+++ b/system/src/Commands/PluginInstallInstallCommand.php
@@ -12,7 +12,8 @@ class PluginInstallInstallCommand extends Command
 {
 	protected function configure(): void
 	{
-		$this->setName('plugin:install:install')
+		$this->setName('plugin:setup')
 			->setAliases(['plugin:install:install'])
 			->setDescription('This command executes the "install" part of the plugin')
 			->addArgument('plugin', InputArgument::REQUIRED, 'Plugin name');
 	}
--- a/system/src/Models/Account.php
+++ b/system/src/Models/Account.php
@@ -53,12 +53,9 @@ class Account extends Model {
 	public function getIsPremiumAttribute()
 	{
-		global $config;
+		if(isset($this->premium_ends_at)) {
-        if(isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium'])) return true;
+			return $this->premium_ends_at > time();
-
+		}
 	    if(isset($this->premium_ends_at)) {
 		    return $this->premium_ends_at > time();
 	    }
 		if(isset($this->premend)) {
 			return $this->premend > time();
--- a/system/src/Models/AccountEMailCode.php
+++ b/system/src/Models/AccountEMailCode.php
@@ -0,0 +1,14 @@
 <?php
 namespace MyAAC\Models;
 use Illuminate\Database\Eloquent\Model;
 class AccountEMailCode extends Model {
 	protected $table = TABLE_PREFIX . 'account_email_codes';
 	public $timestamps = false;
 	protected $fillable = ['account_id', 'code', 'created_at'];
 }
--- a/system/src/Models/PlayerOnline.php
+++ b/system/src/Models/PlayerOnline.php
@@ -9,6 +9,10 @@ class PlayerOnline extends Model {
 	public $timestamps = false;
 	protected $fillable = [
 		'player_id',
 	];
 	public function player()
 	{
 		return $this->belongsTo(Player::class);
--- a/system/src/Plugins.php
+++ b/system/src/Plugins.php
@@ -532,193 +532,192 @@ class Plugins {
 		self::$plugin_json = $plugin_json;
 		if ($plugin_json == null) {
 			self::$warnings[] = 'Cannot load ' . $file_name . '. File might be not a valid json code.';
 			return false;
 		}
 		else {
 			$continue = true;
-			if(!isset($plugin_json['name']) || empty(trim($plugin_json['name']))) {
+		$continue = true;
-				self::$error = 'Plugin "name" tag is not set.';
+
 		if(!isset($plugin_json['name']) || empty(trim($plugin_json['name']))) {
 			self::$error = 'Plugin "name" tag is not set.';
 			return false;
 		}
 		if(!isset($plugin_json['version']) || empty(trim($plugin_json['version']))) {
 			self::$warnings[] = 'Plugin "version" tag is not set.';
 		}
 		if(isset($plugin_json['require'])) {
 			$require = $plugin_json['require'];
 			$myaac_satified = true;
 			if(isset($require['myaac_'])) {
 				$require_myaac = $require['myaac_'];
 				if(!Semver::satisfies(MYAAC_VERSION, $require_myaac)) {
 					$myaac_satified = false;
 				}
 			}
 			else if(isset($require['myaac'])) {
 				$require_myaac = $require['myaac'];
 				if(version_compare(MYAAC_VERSION, $require_myaac, '<')) {
 					$myaac_satified = false;
 				}
 			}
 			if(!$myaac_satified) {
 				self::$error = "Your AAC version doesn't meet the requirement of this plugin. Required version is: " . $require_myaac . ", and you're using version " . MYAAC_VERSION . ".";
 				return false;
 			}
-			if(!isset($plugin_json['version']) || empty(trim($plugin_json['version']))) {
+			$php_satisfied = true;
-				self::$warnings[] = 'Plugin "version" tag is not set.';
+			if(isset($require['php_'])) {
 				$require_php = $require['php_'];
 				if(!Semver::satisfies(phpversion(), $require_php)) {
 					$php_satisfied = false;
 				}
 			}
 			else if(isset($require['php'])) {
 				$require_php = $require['php'];
 				if(version_compare(phpversion(), $require_php, '<')) {
 					$php_satisfied = false;
 				}
 			}
-			if(isset($plugin_json['require'])) {
+			if(!$php_satisfied) {
-				$require = $plugin_json['require'];
+				self::$error = "Your PHP version doesn't meet the requirement of this plugin. Required version is: " . $require_php . ", and you're using version " . phpversion() . ".";
 				$continue = false;
 			}
-				$myaac_satified = true;
+			$database_satisfied = true;
-				if(isset($require['myaac_'])) {
+			if(isset($require['database_'])) {
-					$require_myaac = $require['myaac_'];
+				$require_database = $require['database_'];
-					if(!Semver::satisfies(MYAAC_VERSION, $require_myaac)) {
+				if(!Semver::satisfies(DATABASE_VERSION, $require_database)) {
-						$myaac_satified = false;
+					$database_satisfied = false;
 				}
 			}
 			else if(isset($require['database'])) {
 				$require_database = $require['database'];
 				if(version_compare(DATABASE_VERSION, $require_database, '<')) {
 					$database_satisfied = false;
 				}
 			}
 			if(!$database_satisfied) {
 				self::$error = "Your database version doesn't meet the requirement of this plugin. Required version is: " . $require_database . ", and you're using version " . DATABASE_VERSION . ".";
 				$continue = false;
 			}
 			if($continue) {
 				foreach($require as $req => $version) {
 					$req = strtolower(trim($req));
 					$version = trim($version);
 					if(in_array($req, array('myaac', 'myaac_', 'php', 'php_', 'database', 'database_'))) {
 						continue;
 					}
 				}
 				else if(isset($require['myaac'])) {
 					$require_myaac = $require['myaac'];
 					if(version_compare(MYAAC_VERSION, $require_myaac, '<')) {
 						$myaac_satified = false;
 					}
 				}
-				if(!$myaac_satified) {
+					if(in_array($req, array('php-ext', 'php-extension'))) { // require php extension
-					self::$error = "Your AAC version doesn't meet the requirement of this plugin. Required version is: " . $require_myaac . ", and you're using version " . MYAAC_VERSION . ".";
+						$tmpDisplayError = false;
-					return false;
+						$explode = explode(',', $version);
 				}
-				$php_satisfied = true;
+						foreach ($explode as $item) {
-				if(isset($require['php_'])) {
+							if(!extension_loaded($item)) {
-					$require_php = $require['php_'];
+								$errors[] = "This plugin requires php extension: " . $item . " to be installed.";
-					if(!Semver::satisfies(phpversion(), $require_php)) {
+								$tmpDisplayError = true;
-						$php_satisfied = false;
+							}
 					}
 				}
 				else if(isset($require['php'])) {
 					$require_php = $require['php'];
 					if(version_compare(phpversion(), $require_php, '<')) {
 						$php_satisfied = false;
 					}
 				}
 				if(!$php_satisfied) {
 					self::$error = "Your PHP version doesn't meet the requirement of this plugin. Required version is: " . $require_php . ", and you're using version " . phpversion() . ".";
 					$continue = false;
 				}
 				$database_satisfied = true;
 				if(isset($require['database_'])) {
 					$require_database = $require['database_'];
 					if(!Semver::satisfies(DATABASE_VERSION, $require_database)) {
 						$database_satisfied = false;
 					}
 				}
 				else if(isset($require['database'])) {
 					$require_database = $require['database'];
 					if(version_compare(DATABASE_VERSION, $require_database, '<')) {
 						$database_satisfied = false;
 					}
 				}
 				if(!$database_satisfied) {
 					self::$error = "Your database version doesn't meet the requirement of this plugin. Required version is: " . $require_database . ", and you're using version " . DATABASE_VERSION . ".";
 					$continue = false;
 				}
 				if($continue) {
 					foreach($require as $req => $version) {
 						$req = strtolower(trim($req));
 						$version = trim($version);
 						if(in_array($req, array('myaac', 'myaac_', 'php', 'php_', 'database', 'database_'))) {
 							continue;
 						}
-						if(in_array($req, array('php-ext', 'php-extension'))) { // require php extension
+						if ($tmpDisplayError) {
-							$tmpDisplayError = false;
+							self::$error = implode('<br/>', $errors);
 							$explode = explode(',', $version);
 							foreach ($explode as $item) {
 								if(!extension_loaded($item)) {
 									$errors[] = "This plugin requires php extension: " . $item . " to be installed.";
 									$tmpDisplayError = true;
 								}
 							}
 							if ($tmpDisplayError) {
 								self::$error = implode('<br/>', $errors);
 								$continue = false;
 								break;
 							}
 						}
 						else if($req == 'table') {
 							$tmpDisplayError = false;
 							$explode = explode(',', $version);
 							foreach ($explode as $item) {
 								if(!$db->hasTable($item)) {
 									$errors[] = "This plugin requires table: " . $item . " to exist in the database.";
 									$tmpDisplayError = true;
 								}
 							}
 							if ($tmpDisplayError) {
 								self::$error = implode('<br/>', $errors);
 								$continue = false;
 								break;
 							}
 						}
 						else if($req == 'column') {
 							$tmpDisplayError = false;
 							$explode = explode(',', $version);
 							foreach ($explode as $item) {
 								$tmp = explode('.', $item);
 								if(count($tmp) == 2) {
 									if(!$db->hasColumn($tmp[0], $tmp[1])) {
 										$errors[] = "This plugin requires database column: " . $tmp[0] . "." . $tmp[1] . " to exist in database.";
 										$tmpDisplayError = true;
 									}
 								}
 								else {
 									self::$warnings[] = "Invalid plugin require column: " . $item;
 								}
 							}
 							if ($tmpDisplayError) {
 								self::$error = implode('<br/>', $errors);
 								$continue = false;
 								break;
 							}
 						}
 						else if(strpos($req, 'ext-') !== false) {
 							$tmp = explode('-', $req);
 							if(count($tmp) == 2) {
 								if(!extension_loaded($tmp[1]) || !Semver::satisfies(phpversion($tmp[1]), $version)) {
 									self::$error = "This plugin requires php extension: " . $tmp[1] . ", version " . $version . " to be installed.";
 									$continue = false;
 									break;
 								}
 							}
 						}
 						else if(!self::is_installed($req, $version)) {
 							self::$error = "This plugin requires another plugin to run correctly. The another plugin is: " . $req . ", with version " . $version . ".";
 							$continue = false;
 							break;
 						}
 					}
-				}
+					else if($req == 'table') {
-			}
+						$tmpDisplayError = false;
 						$explode = explode(',', $version);
 						foreach ($explode as $item) {
 							if(!$db->hasTable($item)) {
 								$errors[] = "This plugin requires table: " . $item . " to exist in the database.";
 								$tmpDisplayError = true;
 							}
 						}
-			if($continue) {
+						if ($tmpDisplayError) {
-				if(!$zip->extractTo(BASE)) { // "Real" Install
+							self::$error = implode('<br/>', $errors);
-					self::$error = 'There was a problem with extracting zip archive to base directory.';
+							$continue = false;
-					$zip->close();
+							break;
-					return false;
+						}
 				}
 				$install = $plugin_json['install'] ?? '';
 				if (self::getAutoLoadOption($plugin_json, 'install', true) && is_file(PLUGINS . $pluginFilename . '/install.php')) {
 					$install = 'plugins/' . $pluginFilename . '/install.php';
 				}
 				if (!empty($install)) {
 					if (file_exists(BASE . $install)) {
 						$db->revalidateCache();
 						require BASE . $install;
 						$db->revalidateCache();
 					}
-					else {
+					else if($req == 'column') {
-						self::$warnings[] = 'Cannot load install script. Your plugin might be not working correctly.';
+						$tmpDisplayError = false;
 						$explode = explode(',', $version);
 						foreach ($explode as $item) {
 							$tmp = explode('.', $item);
 							if(count($tmp) == 2) {
 								if(!$db->hasColumn($tmp[0], $tmp[1])) {
 									$errors[] = "This plugin requires database column: " . $tmp[0] . "." . $tmp[1] . " to exist in database.";
 									$tmpDisplayError = true;
 								}
 							}
 							else {
 								self::$warnings[] = "Invalid plugin require column: " . $item;
 							}
 						}
 						if ($tmpDisplayError) {
 							self::$error = implode('<br/>', $errors);
 							$continue = false;
 							break;
 						}
 					}
 					else if(strpos($req, 'ext-') !== false) {
 						$tmp = explode('-', $req);
 						if(count($tmp) == 2) {
 							if(!extension_loaded($tmp[1]) || !Semver::satisfies(phpversion($tmp[1]), $version)) {
 								self::$error = "This plugin requires php extension: " . $tmp[1] . ", version " . $version . " to be installed.";
 								$continue = false;
 								break;
 							}
 						}
 					}
 					else if(!self::is_installed($req, $version)) {
 						self::$error = "This plugin requires another plugin to run correctly. The another plugin is: " . $req . ", with version " . $version . ".";
 						$continue = false;
 						break;
 					}
 				}
 				clearCache();
 				return true;
 			}
 		}
-		return false;
+		if(!$continue) {
 			return false;
 		}
 		if(!$zip->extractTo(BASE)) { // "Real" Install
 			self::$error = 'There was a problem with extracting zip archive to base directory.';
 			$zip->close();
 			return false;
 		}
 		$install = $plugin_json['install'] ?? '';
 		if (self::getAutoLoadOption($plugin_json, 'install', true) && is_file(PLUGINS . $pluginFilename . '/install.php')) {
 			$install = 'plugins/' . $pluginFilename . '/install.php';
 		}
 		if (!empty($install)) {
 			if (file_exists(BASE . $install)) {
 				$db->revalidateCache();
 				require BASE . $install;
 				$db->revalidateCache();
 			}
 			else {
 				self::$warnings[] = 'Cannot load install script. Your plugin might be not working correctly.';
 			}
 		}
 		clearCache();
 		return true;
 	}
 	public static function isEnabled($pluginFileName): bool
@@ -781,15 +780,20 @@ class Plugins {
 			return false;
 		}
-		if(!isset($plugin_json['install'])) {
+		$install = $plugin_json['install'] ?? '';
-			self::$error = "Plugin doesn't have install options defined. Skipping...";
+		if (self::getAutoLoadOption($plugin_json, 'install', true) && is_file(PLUGINS . $plugin_name . '/install.php')) {
 			$install = 'plugins/' . $plugin_name . '/install.php';
 		}
 		if (empty($install)) {
 			self::$error = "This plugin doesn't seem to have install script defined.";
 			return false;
 		}
 		global $db;
-		if (file_exists(BASE . $plugin_json['install'])) {
+		if (file_exists(BASE . $install)) {
 			$db->revalidateCache();
-			require BASE . $plugin_json['install'];
+			require BASE . $install;
 			$db->revalidateCache();
 		}
 		else {
--- a/system/src/Settings.php
+++ b/system/src/Settings.php
@@ -472,24 +472,22 @@ class Settings implements \ArrayAccess
 			if (!isset($this->settingsFile[$pluginKeyName]['settings'])) {
 				throw new \RuntimeException('Unknown plugin settings: ' . $pluginKeyName);
 			}
 			return $this->settingsFile[$pluginKeyName]['settings'];
 		}
-		$ret = [];
+		if (!isset($this->settingsFile[$pluginKeyName]['settings'][$key])) {
-		if(isset($this->settingsFile[$pluginKeyName]['settings'][$key])) {
+			return null;
 			$ret = $this->settingsFile[$pluginKeyName]['settings'][$key];
 		}
 		$ret = $this->settingsFile[$pluginKeyName]['settings'][$key];
 		if(isset($this->settingsDatabase[$pluginKeyName][$key])) {
 			$value = $this->settingsDatabase[$pluginKeyName][$key];
 			$ret['value'] = $value;
 		}
 		else {
 			if (!isset($this->settingsFile[$pluginKeyName]['settings'][$key])) {
 				return null;
 			}
 			$ret['value'] = $this->settingsFile[$pluginKeyName]['settings'][$key]['default'];
 		}
--- a/system/src/TwoFactorAuth/Gateway/AppAuthGateway.php
+++ b/system/src/TwoFactorAuth/Gateway/AppAuthGateway.php
@@ -0,0 +1,13 @@
 <?php
 namespace MyAAC\TwoFactorAuth\Gateway;
 use MyAAC\TwoFactorAuth\Interface\AuthGatewayInterface;
 class AppAuthGateway extends BaseAuthGateway implements AuthGatewayInterface
 {
 	public function verifyCode(string $code): bool
 	{
 		return true;
 	}
 }
--- a/system/src/TwoFactorAuth/Gateway/BaseAuthGateway.php
+++ b/system/src/TwoFactorAuth/Gateway/BaseAuthGateway.php
@@ -0,0 +1,12 @@
 <?php
 namespace MyAAC\TwoFactorAuth\Gateway;
 class BaseAuthGateway
 {
 	protected \OTS_Account $account;
 	public function __construct(\OTS_Account $account) {
 		$this->account = $account;
 	}
 }
--- a/system/src/TwoFactorAuth/Gateway/EmailAuthGateway.php
+++ b/system/src/TwoFactorAuth/Gateway/EmailAuthGateway.php
@@ -0,0 +1,16 @@
 <?php
 namespace MyAAC\TwoFactorAuth\Gateway;
 use MyAAC\Models\AccountEMailCode;
 use MyAAC\TwoFactorAuth\Interface\AuthGatewayInterface;
 use MyAAC\TwoFactorAuth\TwoFactorAuth;
 class EmailAuthGateway extends BaseAuthGateway implements AuthGatewayInterface
 {
 	public function verifyCode(string $code): bool
 	{
 		return AccountEMailCode::where('account_id', '=', $this->account->getId())->where('code', $code)->where('created_at', '>', time() - TwoFactorAuth::EMAIL_CODE_VALID_UNTIL)->first() !== null;
 	}
 }
--- a/system/src/TwoFactorAuth/Interface/AuthGatewayInterface.php
+++ b/system/src/TwoFactorAuth/Interface/AuthGatewayInterface.php
@@ -0,0 +1,9 @@
 <?php
 namespace MyAAC\TwoFactorAuth\Interface;
 interface AuthGatewayInterface
 {
 	public function __construct(\OTS_Account $account);
 	public function verifyCode(string $code): bool;
 }
--- a/system/src/TwoFactorAuth/TwoFactorAuth.php
+++ b/system/src/TwoFactorAuth/TwoFactorAuth.php
@@ -0,0 +1,173 @@
 <?php
 namespace MyAAC\TwoFactorAuth;
 use MyAAC\Models\AccountEMailCode;
 use MyAAC\TwoFactorAuth\Gateway\AppAuthGateway;
 use MyAAC\TwoFactorAuth\Gateway\EmailAuthGateway;
 class TwoFactorAuth
 {
 	const TYPE_NONE = 0;
 	const TYPE_EMAIL = 1;
 	const TYPE_APP = 2;
 	// maybe later
 	//const TYPE_SMS = 3;
 	const EMAIL_CODE_VALID_UNTIL = 24 * 60 * 60;
 	private static self $instance;
 	private \OTS_Account $account;
 	private int $authType;
 	private EmailAuthGateway|AppAuthGateway $authGateway;
 	public function __construct(\OTS_Account|int $account) {
 		if (is_int($account)) {
 			$this->account = new \OTS_Account();
 			$this->account->load($account);
 		}
 		else {
 			$this->account = $account;
 		}
 		$this->authType = (int)$this->account->getCustomField('2fa_type');
 		$this->setAuthGateway($this->authType);
 	}
 	public static function getInstance($account = null): self
 	{
 		if (!isset(self::$instance)) {
 			self::$instance = new self($account);
 		}
 		return self::$instance;
 	}
 	public function process($login_account, $login_password, $code): bool
 	{
 		global $twig;
 		if (!$this->isActive()) {
 			return true;
 		}
 		if (empty($code)) {
 			if ($this->authType == self::TYPE_EMAIL) {
 				if (!$this->hasRecentEmailCode(15 * 60)) {
 					$this->resendEmailCode();
 					//success('Resent email.');
 				}
 				define('HIDE_LOGIN_BOX', true);
 				$twig->display('account.2fa.email.login.html.twig');
 			}
 			else {
 				echo 'Two Factor App Auth';
 			}
 			return false;
 		}
 		if ($this->getAuthGateway()->verifyCode($code)) {
 			if ($this->authType === self::TYPE_EMAIL) {
 				$this->deleteOldCodes();
 			}
 			header('Location: account/manage');
 			return true;
 		}
 		if (setting('core.mail_enabled')) {
 			$mailBody = $twig->render('mail.account.2fa.email-code.wrong-attempt.html.twig');
 			if (!_mail($this->account->getEMail(), configLua('serverName') . ' - Failed Two-Factor Authentication Attempt', $mailBody)) {
 				error('An error occurred while sending email. For Admin: More info can be found in system/logs/mailer-error.log');
 			}
 		}
 		define('HIDE_LOGIN_BOX', true);
 		$errors[] = 'Invalid email code!';
 		$twig->display('error_box.html.twig', ['errors' => $errors]);
 		$twig->display('account.2fa.email.login.html.twig', ['wrongCode' => true]);
 		return false;
 	}
 	public function setAuthGateway(int $authType): void
 	{
 		if ($authType === self::TYPE_EMAIL) {
 			$this->authGateway = new EmailAuthGateway($this->account);
 		}
 		else if ($authType === self::TYPE_APP) {
 			$this->authGateway = new AppAuthGateway($this->account);
 		}
 	}
 	public function getAccountManageViews(): array
 	{
 		$twoFactorView = 'account.2fa.protected.html.twig';
 		if ($this->authType == self::TYPE_EMAIL) {
 			$twoFactorView2 = 'account.2fa.email.activated.html.twig';
 		}
 		elseif ($this->authType == self::TYPE_APP) {
 			$twoFactorView2 = 'account.2fa.app.activated.html.twig';
 		}
 		else {
 			$twoFactorView = 'account.2fa.connect.html.twig';
 			$twoFactorView2 = 'account.2fa.email.activate.html.twig';
 		}
 		return [$twoFactorView, $twoFactorView2];
 	}
 	public function enable(int $type): void {
 		$this->account->setCustomField('2fa_type', $type);
 	}
 	public function disable(): void {
 		$this->account->setCustomField('2fa_type', self::TYPE_NONE);
 	}
 	public function isActive(): bool {
 		return $this->authType != self::TYPE_NONE;
 	}
 	public function getAuthType(): int {
 		return $this->authType;
 	}
 	public function getAuthGateway(): AppAuthGateway|EmailAuthGateway  {
 		return $this->authGateway;
 	}
 	public function hasRecentEmailCode($since = self::EMAIL_CODE_VALID_UNTIL): bool {
 		return AccountEMailCode::where('account_id', '=', $this->account->getId())->where('created_at', '>', time() - $since)->first() !== null;
 	}
 	public function deleteOldCodes(): void {
 		AccountEMailCode::where('account_id', '=', $this->account->getId())->delete();
 	}
 	public function resendEmailCode(): void
 	{
 		global $twig;
 		$newCode = generateRandomString(6, true, false, true);
 		AccountEMailCode::create([
 			'account_id' => $this->account->getId(),
 			'code' => $newCode,
 			'created_at' => time(),
 		]);
 		$mailBody = $twig->render('mail.account.2fa.email-code.html.twig', [
 			'code' => $newCode,
 		]);
 		if (!_mail($this->account->getEMail(), configLua('serverName') . ' - Requested Authentication Email Code', $mailBody)) {
 			error('An error occurred while sending email. For Admin: More info can be found in system/logs/mailer-error.log');
 		}
 	}
 }
--- a/system/src/global.php
+++ b/system/src/global.php
@@ -54,6 +54,7 @@ define('HOOK_ACCOUNT_MANAGE_BEFORE_GENERAL_INFORMATION', ++$i);
 define('HOOK_ACCOUNT_MANAGE_BEFORE_PUBLIC_INFORMATION', ++$i);
 define('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS', ++$i);
 define('HOOK_ACCOUNT_MANAGE_BEFORE_CHARACTERS', ++$i);
 define('HOOK_ACCOUNT_MANAGE_AFTER_CHARACTERS', ++$i);
 define('HOOK_ACCOUNT_LOGIN_BEFORE_PAGE', ++$i);
 define('HOOK_ACCOUNT_LOGIN_BEFORE_ACCOUNT', ++$i);
 define('HOOK_ACCOUNT_LOGIN_AFTER_ACCOUNT', ++$i);
@@ -92,6 +93,7 @@ define('HOOK_EMAIL_CONFIRMED', ++$i);
 define('HOOK_GUILDS_BEFORE_GUILD_HEADER', ++$i);
 define('HOOK_GUILDS_AFTER_GUILD_HEADER', ++$i);
 define('HOOK_GUILDS_AFTER_GUILD_INFORMATION', ++$i);
 define('HOOK_GUILDS_AFTER_MANAGE_BUTTON', ++$i);
 define('HOOK_GUILDS_AFTER_GUILD_MEMBERS', ++$i);
 define('HOOK_GUILDS_AFTER_INVITED_CHARACTERS', ++$i);
 define('HOOK_TWIG', ++$i);
--- a/system/template.php
+++ b/system/template.php
@@ -91,7 +91,7 @@ else {
 			$file = BASE . $template_path . '/layout_config.ini';
 		}
-		$template_ini = parse_ini_file($file);
+		$template_ini = parse_ini_file($file, true);
 		unset($file);
 		if ($cache->enabled()) {
--- a/system/templates/account.2fa.connect.html.twig
+++ b/system/templates/account.2fa.connect.html.twig
@@ -0,0 +1,36 @@
 <tr>
 	<td>
 		<div class="TableShadowContainerRightTop">
 			<div class="TableShadowRightTop" style="background-image:url({{ template_path }}/images/global/content/table-shadow-rt.gif);"></div>
 		</div>
 		<div class="TableContentAndRightShadow" style="background-image:url({{ template_path }}/images/global/content/table-shadow-rm.gif);">
 			<div class="TableContentContainer">
 				<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 					<tbody><tr>
 						<td class="LabelV"><b>Connect your {{ config.lua.serverName }} account to an authenticator app!</b>
 							<div style="float: right; font-size: 1px;">
 								<form action="{{ getLink('account/2fa') }}?action=email-code" method="post" style="margin: 0px; padding: 0px;">
 									{{ csrf() }}
 									{% set button_name = 'Request' %}
 									{% include('buttons.base.html.twig') %}
 								</form>
 							</div>
 						</td>
 					</tr>
 					<tr>
 						<td>
 							<p>As a first step to connect an <b>authenticator app</b> to your account, click on "Request"! An email with a confirmation key will be sent to the email address assigned to your account.</p>
 						</td>
 					</tr>
 					</tbody>
 				</table>
 			</div>
 		</div>
 		<div class="TableShadowContainer">
 			<div class="TableBottomShadow" style="background-image:url({{ template_path }}/images/global/content/table-shadow-bm.gif);">
 				<div class="TableBottomLeftShadow" style="background-image:url({{ template_path }}/images/global/content/table-shadow-bl.gif);"></div>
 				<div class="TableBottomRightShadow" style="background-image:url({{ template_path }}/images/global/content/table-shadow-br.gif);"></div>
 			</div>
 		</div>
 	</td>
 </tr>
--- a/system/templates/account.2fa.email.activate.html.twig
+++ b/system/templates/account.2fa.email.activate.html.twig
@@ -0,0 +1,37 @@
 <tr>
 	<td>
 		<div class="TableShadowContainerRightTop">
 			<div class="TableShadowRightTop" style="background-image:url({{ template_path }}/images/global/content/table-shadow-rt.gif);"></div>
 		</div>
 		<div class="TableContentAndRightShadow" style="background-image:url({{ template_path }}/images/global/content/table-shadow-rm.gif);">
 			<div class="TableContentContainer">
 				<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 					<tbody>
 					<tr>
 						<td class="LabelV"><b>Activate email code authentication for your account!</b>
 							<div style="float: right; font-size: 1px;">
 								<form action="{{ getLink('account/2fa') }}?action=email-code&step=activate" method="post" style="margin: 0; padding: 0;">
 									{{ csrf() }}
 									{% set button_name = 'Request' %}
 									{% include('buttons.base.html.twig') %}
 								</form>
 							</div>
 						</td>
 					</tr>
 					<tr>
 						<td>
 							<p>As a first step to activate <b>email code authentication</b> for your account, click on "Request"! An <b>email code</b> will be sent to the email address assigned to your account. You will be asked to enter this <b>email code</b> on the next page within 24 hours.</p>
 						</td>
 					</tr>
 					</tbody>
 				</table>
 			</div>
 		</div>
 		<div class="TableShadowContainer">
 			<div class="TableBottomShadow" style="background-image:url({{ template_path }}/images/global/content/table-shadow-bm.gif);">
 				<div class="TableBottomLeftShadow" style="background-image:url({{ template_path }}/images/global/content/table-shadow-bl.gif);"></div>
 				<div class="TableBottomRightShadow" style="background-image:url({{ template_path }}/images/global/content/table-shadow-br.gif);"></div>
 			</div>
 		</div>
 	</td>
 </tr>
--- a/system/templates/account.2fa.email.activated.html.twig
+++ b/system/templates/account.2fa.email.activated.html.twig
@@ -0,0 +1,26 @@
 <tr>
 	<td>
 		<div class="TableContentContainer ">
 			<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 				<tbody>
 				<tr>
 					<td>
 						<div style="float: right; width: 135px;">
 							<form action="{{ getLink('account/2fa') }}?action=email-code" method="post" style="padding:0;margin:0;">
 								{{ csrf() }}
 								<input type="hidden" name="step" value="deactivate">
 								{% set button_name = 'Deactivate' %}
 								{{ include('buttons.base.html.twig') }}
 							</form>
 						</div>
 						<b>Two-Factor Email Code Authentication <span style="color: green">Activated</span>!</b>
 						<p>To deactivate <b>email code authentication</b>, click on the "Deactivate" button.</p>
 						<p>You will have to confirm the deactivation by entering an <b>email code</b> which will be sent
 							to the email address assigned to your account.</p>
 					</td>
 				</tr>
 				</tbody>
 			</table>
 		</div>
 	</td>
 </tr>
--- a/system/templates/account.2fa.email.deactivate.html.twig
+++ b/system/templates/account.2fa.email.deactivate.html.twig
@@ -0,0 +1,109 @@
 {% set title = 'Deactivate Email Code Authentication' %}
 {% set content %}
 	<table style="width:100%;">
 		<tbody>
 		<tr>
 			<td>
 				<div class="TableContentContainer ">
 					<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 						<tbody>
 						<tr>
 							<td>To deactivate <b>two-factor email code authentication</b> for your account, enter the
 								received <b>email code</b> below. Note, however, that <b>email code authentication</b>
 								is an important security feature which helps to prevent any unauthorised access to your
 								Tibia account.
 							</td>
 						</tr>
 						</tbody>
 					</table>
 				</div>
 			</td>
 		</tr>
 		<tr>
 			<td>
 				<div class="TableContentContainer">
 					<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 						<tbody>
 						<tr>
 							<td>
 								<div style="float: right;">
 									<form
 										action="{{ getLink('account/2fa') }}?action=email-code&step=resend"
 										method="post"
 										style="padding:0;margin:0;"
 									>
 										{{ csrf() }}
 										{% set button_name = 'Resend Email Code' %}
 										{{ include('buttons.base.html.twig') }}
 									</form>
 								</div>
 								An <b>email code</b> has already been sent to the email address assigned to your
 								account.
 								Please check your email account's spam/junk filter and make sure that your mailbox is
 								not
 								full.<br>In case you need a new email code, you can request one by clicking on "Resend
 								Email
 								Code".
 							</td>
 						</tr>
 						</tbody>
 					</table>
 				</div>
 			</td>
 		</tr>
 		<tr>
 			<td>
 				<div class="TableContentContainer">
 					<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 						<tbody>
 						<tr>
 							<td>To complete the deactivation of <b>email code authentication</b>, please enter the <b>email
 									code</b> you received at the email address assigned to your account.
 								<div style="margin-top: 15px; margin-bottom: 15px;">
 									<div class="LabelV150 {{ wrongCode ? 'red' : '' }}" style="float:left;"><label
 											for="email-code">Email Code:</label></div>
 									<input form="form-code" id="email-code" name="email-code" maxlength="15"
 										   autocomplete="off">
 									{% if wrongCode %}
 										<br/>
 										<div class="LabelV150" style="float:left;">&nbsp; </div>
 										<div class="FormFieldError">Invalid email code!</div>
 									{% endif %}
 								</div>
 							</td>
 						</tr>
 						</tbody>
 					</table>
 				</div>
 			</td>
 		</tr>
 		</tbody>
 	</table>
 {% endset %}
 {% include 'tables.headline.html.twig' %}
 <table style="width: 100%;">
 	<tbody>
 	<tr align="center" valign="top">
 		<td>
 			<form id="form-code" method="post" action="{{ getLink('account/2fa') }}?action=email-code">
 				{{ csrf() }}
 				<input type="hidden" name="step" value="deactivate">
 				<input type="hidden" name="save" value="1">
 				{% set button_name = 'Continue' %}
 				{% set button_color = 'green' %}
 				{{ include('buttons.submit.html.twig') }}
 			</form>
 		</td>
 		<td>
 			<form action="{{ getLink('account/manage') }}" method="post" style="padding:0;margin:0;">
 				{{ csrf() }}
 				{% set button_color = 'blue' %}
 				{{ include('buttons.back.html.twig') }}
 			</form>
 		</td>
 	</tr>
 	</tbody>
 </table>
--- a/system/templates/account.2fa.email.login.html.twig
+++ b/system/templates/account.2fa.email.login.html.twig
@@ -0,0 +1,85 @@
 {% set title = 'Enter Email Code' %}
 {% set content %}
 <table style="width:100%;">
 	<tbody>
 	<tr>
 		<td>
 			<div class="TableContentContainer">
 				<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 					<tbody>
 					<tr>
 						<td>
 							<div style="float: right;">
 								<form
 										action="{{ getLink('account/2fa') }}?action=email-code&step=resend"
 										method="post"
 										style="padding:0;margin:0;"
 								>
 									{{ csrf() }}
 									{% set button_name = 'Resend Email Code' %}
 									{{ include('buttons.base.html.twig') }}
 								</form>
 							</div>
 							An <b>email code</b> has already been sent to the email address assigned to your account.
 							Please check your email account's spam/junk filter and make sure that your mailbox is not
 							full.<br>In case you need a new email code, you can request one by clicking on "Resend Email
 							Code".
 						</td>
 					</tr>
 					</tbody>
 				</table>
 			</div>
 		</td>
 	</tr>
 	<tr>
 		<td>
 			<div class="TableContentContainer">
 				<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 					<tbody>
 					<tr>
 						<td><b>Email code authentication is activated for your account.</b><br><br>Please enter the <b>most
 								recent email code</b> you have received in order to log in.<br>
 							<div style="margin-top: 15px; margin-bottom: 15px;">
 								<div class="LabelV150 {{ wrongCode ? 'red' : '' }}" style="float:left;"><label for="email-code">Email Code:</label></div>
 								<input form="form-code" id="email-code" name="email-code" maxlength="15" autocomplete="off">
 								{% if wrongCode %}
 									<br/>
 									<div class="LabelV150" style="float:left;">&nbsp; </div>
 									<div class="FormFieldError">Invalid email code!</div>
 								{% endif %}
 							</div>
 						</td>
 					</tr>
 					</tbody>
 				</table>
 			</div>
 		</td>
 	</tr>
 	</tbody>
 </table>
 {% endset %}
 {% include 'tables.headline.html.twig' %}
 <table style="width: 100%;">
 	<tbody>
 	<tr align="center" valign="top">
 		<td>
 			<form id="form-code" method="post" action="{{ getLink('account/manage') }}">
 				{{ csrf() }}
 				<input type="hidden" name="step" value="verify">
 				{% set button_name = 'Continue' %}
 				{% set button_color = 'green' %}
 				{{ include('buttons.submit.html.twig') }}
 			</form>
 		</td>
 		<td>
 			<form action="{{ getLink('account/manage') }}" method="post" style="padding:0;margin:0;">
 				{{ csrf() }}
 				{% set button_color = 'blue' %}
 				{{ include('buttons.back.html.twig') }}
 			</form>
 		</td>
 	</tr>
 	</tbody>
 </table>
--- a/system/templates/account.2fa.email_code.html.twig
+++ b/system/templates/account.2fa.email_code.html.twig
@@ -0,0 +1,105 @@
 {% set title = 'Activate Email Code Authentication' %}
 {% set content %}
 <table style="width:100%;">
 	<tbody>
 	<tr>
 		<td>
 			<div class="TableContentContainer">
 				<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 					<tbody>
 					<tr>
 						<td>Enter the email code below to activate <b>two-factor email code authentication</b>. Note
 							that this code is only valid for 24 hours.<br><br>
 							<div class="AttentionSign"><img src="{{ template_path }}/images/global/content/attentionsign.gif"></div>
 							<b>Note:</b> Once you have email code authentication activated, an <b>email code</b> will be
 							sent to the email address assigned to your account whenever you try to log in to the Tibia
 							client or the {{ config.lua.serverName }} website. In order to log in, you will need to enter the <b>most recent
 								email code</b> you have received.
 						</td>
 					</tr>
 					</tbody>
 				</table>
 			</div>
 		</td>
 	</tr>
 	<tr>
 		<td>
 			<div class="TableContentContainer">
 				<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 					<tbody>
 					<tr>
 						<td>
 							<div style="float: right;">
 								<form action="{{ getLink('account/2fa') }}?action=email-code"
 									method="post" style="padding:0;margin:0;">
 									{{ csrf() }}
 									<input type="hidden" name="step" value="resend">
 									{% set button_name = 'Resend Email Code' %}
 									{% include('buttons.base.html.twig') %}
 								</form>
 							</div>
 							An <b>email code</b> has already been sent to the email address assigned to your account.
 							Please check your email account's spam/junk filter and make sure that your mailbox is not
 							full.<br>In case you need a new email code, you can request one by clicking on "Resend Email
 							Code".
 						</td>
 					</tr>
 					</tbody>
 				</table>
 			</div>
 		</td>
 	</tr>
 	<tr>
 		<td>
 			<div class="TableContentContainer">
 				<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 					<tbody>
 					<tr>
 						<td>To complete the activation of email code authentication for your Tibia account, please enter
 							the email code you received at the email address assigned to your account.
 							<div style="margin-top: 15px; margin-bottom: 15px;">
 								<div class="LabelV150 {{ wrongCode ? 'red' : '' }}" style="float:left;">Email Code:</div>
 								<input form="confirmActivateForm" name="email-code" maxlength="6">
 								{% if wrongCode %}
 									<br/>
 									<div class="LabelV150" style="float:left;">&nbsp; </div>
 									<div class="FormFieldError">Invalid email code!</div>
 								{% endif %}
 							</div>
 						</td>
 					</tr>
 					</tbody>
 				</table>
 			</div>
 		</td>
 	</tr>
 	</tbody>
 </table>
 {% endset %}
 {% include 'tables.headline.html.twig' %}
 <table style="width: 100%;">
 	<tbody>
 	<tr align="center" valign="top">
 		<td>
 			<form id="confirmActivateForm" action="{{ getLink('account/2fa') }}?action=email-code" method="post" style="padding:0;margin:0;">
 				{{ csrf() }}
 				<input type="hidden" name="step" value="activate">
 				<input type="hidden" name="save" value="1">
 				{% set button_color = 'green' %}
 				{{ include('buttons.submit.html.twig') }}
 			</form>
 		</td>
 		<td>
 			<form action="{{ getLink('account/manage') }}" method="post" style="padding:0;margin:0;">
 				{{ csrf() }}
 				{{ include('buttons.back.html.twig') }}
 			</form>
 		</td>
 	</tr>
 	</tbody>
 </table>
--- a/system/templates/account.2fa.main.html.twig
+++ b/system/templates/account.2fa.main.html.twig
@@ -0,0 +1,12 @@
 {% set title = 'Two-Factor Authentication' %}
 {% set content %}
 <table style="width:100%;">
 	<tbody>
 	{{ include(twoFactorViews[0]) }}
 	{{ include(twoFactorViews[1]) }}
 	</tbody>
 </table>
 {% endset %}
 {% include('tables.headline.html.twig') %}
 <br/>
--- a/system/templates/account.2fa.protected.html.twig
+++ b/system/templates/account.2fa.protected.html.twig
@@ -0,0 +1,18 @@
 <tr>
 	<td>
 		<div class="TableContentContainer ">
 			<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 				<tbody>
 				<tr>
 					<td>
 						<div class="InTableRightButtonContainer"></div>
 						<b>Two-Factor Authenticator App</b>
 						<p>Your account is currently protected by email code authentication. If you prefer to use a <b>two-factor
 								authentication app</b>, you have to "Deactivate" email code authentication first.</p>
 					</td>
 				</tr>
 				</tbody>
 			</table>
 		</div>
 	</td>
 </tr>
--- a/system/templates/account.change-email.html.twig
+++ b/system/templates/account.change-email.html.twig
@@ -28,7 +28,7 @@ Please enter your password and the new email address. Make sure that you enter a
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0">
 				<tr>
-					<td style="border:0px;">
+					<td style="border:0;">
 						<form id="form" action="{{ getLink('account/change-email') }}" method="post">
 							{{ csrf() }}
 							<input type="hidden" name="changeemailsave" value="1"/>
@@ -40,14 +40,14 @@ Please enter your password and the new email address. Make sure that you enter a
 		</td>
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0">
-				<form action="{{ getLink('account/manage') }}" method="post">
+				<tr>
-					{{ csrf() }}
+					<td style="border:0;">
-					<tr>
+						<form action="{{ getLink('account/manage') }}" method="post">
-						<td style="border:0px;">
+							{{ csrf() }}
 							{{ include('buttons.back.html.twig') }}
-						</td>
+						</form>
-					</tr>
+					</td>
-				</form>
+				</tr>
 			</table>
 		</td>
 	</tr>
--- a/system/templates/account.characters.change-comment.html.twig
+++ b/system/templates/account.characters.change-comment.html.twig
@@ -88,7 +88,7 @@ If you do not want to specify a certain field, just leave it blank.<br/><br/>
 			<td>
 				<table border="0" cellspacing="0" cellpadding="0">
 					<tr>
-						<td style="border:0px;">
+						<td style="border:0;">
 							<input type="hidden" name="name" value="{{ player.name }}">
 							<input type="hidden" name="changecommentsave" value="1">
 							{{ include('buttons.submit.html.twig') }}
@@ -99,15 +99,15 @@ If you do not want to specify a certain field, just leave it blank.<br/><br/>
 			</td>
 			<td>
 				<table border="0" cellspacing="0" cellpadding="0">
-					<form action="{{ getLink('account/manage') }}" method="post">
+					<tr>
-						{{ csrf() }}
+						<td style="border:0;">
-						<tr>
+							<form action="{{ getLink('account/manage') }}" method="post">
-							<td style="border:0px;">
+								{{ csrf() }}
 								{{ include('buttons.back.html.twig') }}
-							</td>
+							</form>
-						</tr>
+						</td>
-					</form>
+					</tr>
-				</table>
+			</table>
 			</td>
 		</tr>
 	</table>
--- a/system/templates/account.characters.delete.html.twig
+++ b/system/templates/account.characters.delete.html.twig
@@ -24,7 +24,7 @@ To delete a character enter the name of the character and your password.<br/><br
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0">
 				<tr>
-					<td style="border:0px;">
+					<td style="border:0;">
 						<form id="form" action="{{ getLink('account/characters/delete') }}" method="post">
 							{{ csrf() }}
 							<input type="hidden" name="deletecharactersave" value="1"/>
@@ -36,14 +36,14 @@ To delete a character enter the name of the character and your password.<br/><br
 		</td>
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0">
-				<form action="{{ getLink('account/manage') }}" method="post">
+				<tr>
-					{{ csrf() }}
+					<td style="border:0;">
-					<tr>
+						<form action="{{ getLink('account/manage') }}" method="post">
-						<td style="border:0px;">
+							{{ csrf() }}
 							{{ include('buttons.back.html.twig') }}
-						</td>
+						</form>
-					</tr>
+					</td>
-				</form>
+				</tr>
 			</table>
 		</td>
 	</tr>
--- a/system/templates/account.generate_recovery_key.html.twig
+++ b/system/templates/account.generate_recovery_key.html.twig
@@ -32,14 +32,14 @@ To generate recovery key for your account please enter your password.<br/><br/>
 		</td>
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0">
-				<form action="{{ getLink('account/manage') }}" method="post">
+				<tr>
-					{{ csrf() }}
+					<td style="border: 0;">
-					<tr>
+						<form action="{{ getLink('account/manage') }}" method="post">
-						<td style="border: 0;">
+							{{ csrf() }}
 							{{ include('buttons.back.html.twig') }}
-						</td>
+						</form>
-					</tr>
+					</td>
-				</form>
+				</tr>
 			</table>
 		</td>
 	</tr>
--- a/system/templates/account.management.html.twig
+++ b/system/templates/account.management.html.twig
@@ -147,6 +147,9 @@
 			{% include('buttons.base.html.twig') %}
 		</form>
 		<br/>
 		{{ include('account.2fa.main.html.twig') }}
 		{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS') }}
 		<a name="Account+Logs" ></a>
 		<h2>Account Logs</h2>
@@ -228,5 +231,7 @@
 				</td>
 			</tr>
 		</table>
 		<br/>
 		{{ hook('HOOK_ACCOUNT_MANAGE_AFTER_CHARACTERS') }}
 	</div>
 </div>
--- a/system/templates/admin.mailer.html.twig
+++ b/system/templates/admin.mailer.html.twig
@@ -16,6 +16,13 @@
 				<input class="form-control" type="text" id="mail_to" name="mail_to" value="{{ mail_to }}"/>
 			</div>
 			{% if setting('core.account_mail_verify') %}
 				<div class="form-check">
 					<input type="checkbox" class="form-check-input" id="mail_verified_only" name="mail_verified_only" {% if mail_verified_only %}checked{% endif %}>
 					<label class="form-check-label" for="mail_verified_only">Mail only verified users</label>
 				</div>
 			{% endif %}
 			<div class="form-group row">
 				<label for="mail_subject">Subject:</label>
 				<input class="form-control" type="text" id="mail_subject" name="mail_subject" value="{{ mail_subject }}" maxlength="30"/>
--- a/system/templates/admin.plugins.form.html.twig
+++ b/system/templates/admin.plugins.form.html.twig
@@ -1,7 +1,9 @@
 <div id="install_plugin">
 	<div class="card card-info card-outline">
 		<div class="card-header">
-			<h5 class="m-0">Install plugin</h5>
+			<h5 class="m-0">Install plugin
 				<a href="?p=plugins&check-updates" class="btn btn-primary float-right">Check for updates</a>
 			</h5>
 		</div>
 		<form enctype="multipart/form-data" method="post" action="{{ constant('ADMIN_URL') }}?p=plugins">
 			{{ csrf() }}
--- a/system/templates/admin.plugins.outdated.html.twig
+++ b/system/templates/admin.plugins.outdated.html.twig
@@ -0,0 +1,18 @@
 <table class="table table-bordered table-striped">
 	<thead>
 	<tr>
 		<th>Plugin Name</th>
 		<th>Your Version</th>
 		<th>Latest Version</th>
 		<th>Download Link</th>
 	</tr>
 	</thead>
 	{% for plugin in plugins %}
 		<tr>
 			<td>{{ plugin.name }}</td>
 			<td>{{ plugin.yourVersion }}</td>
 			<td>{{ plugin.latestVersion }}</td>
 			<td><a href="{{ plugin.download_link }}" target="_blank">{{ plugin.download_link }}</a></td>
 		</tr>
 	{% endfor %}
 </table>
--- a/system/templates/characters.form.html.twig
+++ b/system/templates/characters.form.html.twig
@@ -1,17 +1,23 @@
-<form action="{{ link }}" method="post">
+<br/>
-	<table width="100%" border="0" cellspacing="1" cellpadding="4">
+<form action="{{ getLink('characters') }}" method="post">
-		<tr><td bgcolor="{{ config.vdarkborder }}" class="white"><B>Search Character</B></TD></TR>
+	{% set title = 'Search Character' %}
-		<tr>
+	{% set tableClass = 'Table1' %}
-			<td bgcolor="{{ config.darkborder }}">
+	{% set background = config('darkborder') %}
-				<table border="0" cellpadding="1">
+	{% set content %}
-					<tr>
+		<table width="100%">
-						<td>Name:</td><td><input name="name" value="" size="29" maxlength="29"{% if autofocus %} autofocus{% endif %}></TD>
+			<tr>
-						<td>
+				<td style="vertical-align:middle" class="LabelV150">
-							{{ include('buttons.submit.html.twig') }}
+					Character Name:
-						</td>
+				</td>
-					</tr>
+				<td style="width:170px">
-				</table>
+					<input style="width:165px" name="name" value="" size="29" maxlength="29"/>
-			</td>
+				</td>
-		</tr>
+				<td>
-	</table>
+					{% set button_name = 'Submit' %}
 					{{ include('buttons.base.html.twig') }}
 				</td>
 			</tr>
 		</table>
 	{% endset %}
 	{{ include('tables.headline.html.twig') }}
 </form>
--- a/system/templates/guilds.view.html.twig
+++ b/system/templates/guilds.view.html.twig
@@ -49,6 +49,7 @@
 									{% include('buttons.base.html.twig') %}
 								</a>
 							{% endif %}
 							{{ hook('HOOK_GUILDS_AFTER_MANAGE_BUTTON') }}
 						</div>
 					</td>
 				</tr>
@@ -61,6 +62,7 @@
 			{{ hook('HOOK_GUILDS_AFTER_GUILD_INFORMATION') }}
 			{% set title = 'Guild Members' %}
 			{% set background = config('lightborder') %}
 			{% set content %}
 			<table style="width:100%;">
 				<tbody>
@@ -151,6 +153,7 @@
 			{{ hook('HOOK_GUILDS_AFTER_GUILD_MEMBERS') }}
 			{% set title = 'Invited Characters' %}
 			{% set background = config('lightborder') %}
 			{% set content %}
 			<table style="width:100%;">
 				<tbody>
--- a/system/templates/highscores.html.twig
+++ b/system/templates/highscores.html.twig
@@ -66,7 +66,7 @@
 						<td>
 							<a href="{{ player.link }}">
-								<span style="color: {% if player.online > 0 %}green{% else %}red{% endif %}">{{ player.name }}</span>
+								<span {% if setting('core.highscores_online_status') %}style="color: {% if player.online > 0 %}green{% else %}red{% endif %}"{% endif %}>{{ player.name }}</span>
 							</a>
 							{% if setting('core.highscores_vocation') %}
 							<br/><small>{{ player.vocation }}</small>
@@ -94,8 +94,10 @@
 				{% endif %}
 			</table>
 		</td>
 		{% if setting('core.highscores_skills_box') or setting('core.highscores_vocation_box') %}
 		<td width="5%"></td>
 		<td width="15%" valign="top" align="right">
 			{% if setting('core.highscores_skills_box') %}
 			<table style="border: 0; width: 100%" cellpadding="4" cellspacing="1">
 				<tr bgcolor="{{ config.vdarkborder }}">
 					<td class="white"><B>Choose a skill</B></TD>
@@ -109,7 +111,8 @@
 				</tr>
 			</table>
 			<br/>
-			{% if config.highscores_vocation_box %}
+			{% endif %}
 			{% if setting('core.highscores_vocation_box') %}
 			<table border="0" width="100%" cellpadding="4" cellspacing="1">
 				<tr bgcolor="{{ config.vdarkborder }}">
 					<td class="white"><b>Choose a vocation</b></td>
@@ -126,5 +129,6 @@
 			{% endif %}
 		</td>
 		<td style="width: 18px"></td>
 		{% endif %}
 	</tr>
 </table>
--- a/system/templates/mail.account.2fa.email-code.html.twig
+++ b/system/templates/mail.account.2fa.email-code.html.twig
@@ -0,0 +1,9 @@
 Dear {{ config.lua.serverName}} player,
 <br/><br/>
 Your account is protected by email code authentication, and you requested a new email code:
 <br/><br/>
 <p>{{ code }}</p>
 <br/>
 Note that the code is only valid for 24 hours.
 <br/><br/>
 Kind Regards,
--- a/system/templates/mail.account.2fa.email-code.wrong-attempt.html.twig
+++ b/system/templates/mail.account.2fa.email-code.wrong-attempt.html.twig
@@ -0,0 +1,5 @@
 Dear {{ config.lua.serverName}} player,<br/>
 <br/>
 A <strong>wrong two-factor authentication code</strong> was entered for your {{ config.lua.serverName}} account. If you simply mistyped the code, please try again.<br/>
 <br/>
 However, if this was <strong>not you</strong>, someone else may be trying to access your account. Since they already know your password, we strongly recommend that you <strong>change your password immediately</strong>.
--- a/system/templates/online.form.html.twig
+++ b/system/templates/online.form.html.twig
@@ -1,25 +0,0 @@
 <br/>
 <form action="{{ getLink('characters') }}" method=post>
 	<table width="100%" border="0" cellspacing="1" cellpadding="4">
 		<tr>
 			<td bgcolor="{{ config.vdarkborder }}" class="white">
 				<b>Search Character</b>
 			</td>
 		</tr>
 		<tr>
 			<td bgcolor="{{ config.darkborder }}">
 				<table border="0" cellpadding="1">
 					<tr>
 						<td>Name:</td>
 						<td>
 							<input name="name" value=""size=29 maxlength=29>
 						</td>
 						<td>
 							{{ include('buttons.submit.html.twig') }}
 						</td>
 					</tr>
 				</table>
 			</td>
 		</tr>
 	</table>
 </form>
--- a/system/templates/online.html.twig
+++ b/system/templates/online.html.twig
@@ -1,39 +1,13 @@
-<table border="0" cellspacing="1" cellpadding="4" width="100%">
+{% set onlineTTL = setting('core.online_cache_ttl') %}
-	<tr bgcolor="{{ config.vdarkborder }}">
+{% if onlineTTL > 0 and cache.enabled() %}
-		<td class="white"><b>Server Status</b></td>
+<small>*Note: Online List is updated every {{ onlineTTL > 1 ? ' ' ~ onlineTTL : '' }} minute{{ onlineTTL > 1 ? 's' : '' }}.</small>
 	</tr>
 {% if players|length == 0 %}
 	<tr bgcolor="{{ config.darkborder }}"><td>Currently no one is playing on {{ config.lua.serverName }}.</td></tr></table>
 {% else %}
 	<tr bgcolor="{{ config.darkborder }}">
 		<td>
 			{% if not status.online %}
 			Server is offline.<br/>
 			{% else %}
 				{% if setting('core.online_afk') %}
 					{% set players_count = players|length %}
 					{% set afk = players_count - status.players %}
 					{% if afk < 0 %}
 						{% set players_count = players_count + afk|abs %}
 						{% set afk = 0 %}
 					{% endif %}
 					Currently there are <b>{{ status.players }}</b> active and <b>{{ afk }}</b> AFK players.<br/>
 					Total number of players: <b>{{ players_count }}</b>.<br/>
 				{% else %}
 					Currently {{ players|length }} players are online.<br/>
 				{% endif %}
 			{% endif %}
 			{% if setting('core.online_record') %}
 				{{ record }}
 			{% endif %}
 		</td>
 	</tr>
 </table>
 <br/>
-	{# vocation statistics #}
+{% endif %}
-	{% if setting('core.online_vocations') %}
+
 {# vocation statistics #}
 {% if setting('core.online_vocations') %}
 <br/>
-		{% if setting('core.online_vocations_images') %}
+	{% if setting('core.online_vocations_images') %}
 	<table width="200" cellspacing="1" cellpadding="0" border="0" align="center">
 		<tr bgcolor="{{ config.darkborder }}">
 			<td><img src="images/sorcerer.png" /></td>
@@ -69,11 +43,13 @@
 		{% endfor %}
 	</table>
 <br/>
 		{% endif %}
 	{% endif %}
 {% endif %}
-	{# show skulls #}
+<br/>
-	{% if setting('core.online_skulls') %}
+
 {# show skulls #}
 {% if setting('core.online_skulls') %}
 <table width="100%" cellspacing="1">
 	<tr>
 		<td style="background: {{ config.darkborder }};" align="center">
@@ -83,34 +59,114 @@
 		</td>
 	</tr>
 </table>
 {% endif %}
 <br/>
 {% set title = 'World Information' %}
 {% set tableClass = 'Table3' %}
 {% set background = config('darkborder') %}
 {% set content %}
 <table width="100%">
 	<tr>
 		<td class="LabelV150"><b>Status:</b></td>
 		<td>{% if not status.online %}Offline{% else %}Online{% endif %}</td>
 	</tr>
 	<tr>
 		<td class="LabelV150"><b>Players Online:</b></td>
 		<td>
 			{% if setting('core.online_afk') %}
 				{% set players_count = players|length %}
 				{% set afk = players_count - status.players %}
 				{% if afk < 0 %}
 					{% set players_count = players_count + afk|abs %}
 					{% set afk = 0 %}
 				{% endif %}
 				Currently there are <b>{{ status.players }}</b> active and <b>{{ afk }}</b> AFK players.<br/>
 				Total number of players: <b>{{ players_count }}</b>.<br/>
 			{% else %}
 				{{ players|length }}
 			{% endif %}
 		</td>
 	</tr>
 	{% if setting('core.online_record') and record|length > 0 %}
 	<tr>
 		<td class="LabelV150"><b>Online Record:</b></td>
 		<td>
 			{{ record }}
 		</td>
 	</tr>
 	{% endif %}
-<table border="0" cellspacing="1" cellpadding="4" width="100%">
+	<tr>
-	<tr bgcolor="{{ config.vdarkborder }}">
+		<td class="LabelV150"><b>Location Datacenter:</b></td>
 		<td>{{ setting('core.online_datacenter') }} <small>(Server date & time: - {{ "now"|date("d/m/Y H:i:s") }})</small></td>
 	</tr>
 	<tr>
 		<td class="LabelV150"><b>PvP Type:</b></td>
 		<td>
 			{% set worldType = config('lua')['worldType']|lower %}
 			{% if worldType in ['pvp','2','normal','open','openpvp'] %}
 			Open PvP
 			{% elseif worldType in ['no-pvp','nopvp','non-pvp','nonpvp','1','safe','optional','optionalpvp'] %}
 			Optional PvP
 			{% elseif worldType in ['pvp-enforced','pvpenforced','pvp-enfo','pvpenfo','pvpe','enforced','enfo','3','war','hardcore','hardcorepvp'] %}
 			Hardcore PvP
 			{% endif %}
 		</td>
 	</tr>
 </table>
 {% endset %}
 {% include 'tables.headline.html.twig' %}
 <br/>
 <br/>
 {% set title = 'Players Online' %}
 {% set tableClass = 'Table2' %}
 {% set content %}
 <table width="100%">
 	<tr class="LabelH" style="position: relative; z-index: 20;">
 		{% if setting('core.account_country') %}
-		<td width="11px"><a href="{{ getLink('online?order=country') }}" class="white">#</A></td>
+			<td width="11px"><a href="{{ getLink('online')}}?order=country_{{ order == 'country_asc' ? 'desc' : 'asc' }}">#&#160;&#160;</a>
 			</td>
 		{% endif %}
 		{% if setting('core.online_outfit') %}
-		<td class="white"><b>Outfit</b></td>
+			<td><b>Outfit</b></td>
 		{% endif %}
-		<td width="60%"><a href="{{ getLink('online?order=name') }}" class="white">Name</A></td>
+		<td style="text-align:left; width:50%">Name&#160;&#160;
-		<td width="20%"><a href="{{ getLink('online?order=level') }}" class="white">Level</A></td>
+			<small style="font-weight:normal">[<a href="{{ getLink('online')}}?order=name_{{ order == 'name_asc' ? 'desc' : 'asc' }}">sort</a>]</small>
-		<td width="20%"><a href="{{ getLink('online?order=vocation') }}" class="white">Vocation</td>
+			<img class="sortarrow" src="images/{{ order == 'name_asc' ? 'order_desc' : (order == 'name_desc' ? 'order_asc' : 'news/blank') }}.gif"/></td>
 		<td style="text-align:left;width:30%">Level&#160;&#160;
 			<small style="font-weight:normal">[<a href="{{ getLink('online')}}?order=level_{{ order == 'level_asc' ? 'desc' : 'asc' }}">sort</a>]</small>
 			<img class="sortarrow" src="images/{{ order == 'level_asc' ? 'order_desc' : (order == 'level_desc' ? 'order_asc' : 'news/blank') }}.gif"/>
 		</td>
 		<td style="text-align:left;width:50%">Vocation&#160;&#160;
 			<small style="font-weight:normal">[<a href="{{ getLink('online')}}?order=vocation_{{ order == 'vocation_asc' ? 'desc' : 'asc' }}">sort</a>]</small>
 			<img class="sortarrow" src="images/{{ order == 'vocation_asc' ? 'order_desc' : (order == 'vocation_desc' ? 'order_asc' : 'news/blank') }}.gif"/>
 		</td>
 	</tr>
 	{% set i = 0 %}
 	{% for player in players %}
 		{% set i = i + 1 %}
-		<tr bgcolor="{{ getStyle(i) }}">
+
-		{% if setting('core.account_country') %}
+		<tr style="background: {{ getStyle(i) }}; text-align: right; height: 40px;">
-			<td>{{ player.country_image|raw }}</td>
+			{% if setting('core.account_country') %}
-		{% endif %}
+				<td>{{ player.country_image|raw }}</td>
-		{% if setting('core.online_outfit') %}
+			{% endif %}
-			<td width="5%"><img style="position:absolute;margin-top:{% if player.player.looktype in setting('core.outfit_images_wrong_looktypes') %}-20px;margin-left:-0px;{% else %}-45px;margin-left:-25px;{%  endif %}" src="{{ player.outfit }}" alt="player outfit"/></td>
+
-		{% endif %}
+			{% if setting('core.online_outfit') %}
-			<td>{{ player.name|raw }}{{ player.skull }}</td>
+				<td width="5%"><img style="position:absolute;margin-top:-48px;margin-left:-70px;" src="{{ player.outfit }}" alt="player outfit"/></td>
-			<td>{{ player.level }}</td>
+			{% endif %}
-			<td>{{ player.vocation }}</td>
+
 			<td style="width:70%; text-align:left">
 				{{ player.name|raw }}{{ player.skull }}
 			</td>
 			<td style="width:10%">{{ player.level }}</td>
 			<td style="width:20%">{{ player.vocation }}</td>
 		</tr>
 	{% endfor %}
 </table>
-{% endif %}
+{% endset %}
 {{ include('tables.headline.html.twig') }}
--- a/system/templates/success.html.twig
+++ b/system/templates/success.html.twig
@@ -18,13 +18,14 @@
 {% else %}
 <div style="text-align:center">
 	<table border="0" cellspacing="0" cellpadding="0">
-		<form action="{{ getLink('account/manage') }}" method="post">
+		<tr>
-			<tr>
+			<td style="border:0;">
-				<td style="border:0px;">
+				<form action="{{ getLink('account/manage') }}" method="post">
 					{{ csrf() }}
 					{{ include('buttons.back.html.twig') }}
-				</td>
+				</form>
-			</tr>
+			</td>
-		</form>
+		</tr>
 	</table>
 </div>
 {% endif %}
--- a/system/templates/tinymce.html.twig
+++ b/system/templates/tinymce.html.twig
@@ -8,7 +8,7 @@
 			selector: "#editor",
 			content_css: '{{ constant('ADMIN_URL') }}template/style.css',
 			theme: "silver",
-			plugins: 'preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap pagebreak nonbreaking anchor insertdatetime advlist lists wordcount help code emoticons',
+			plugins: 'preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media codesample table charmap pagebreak nonbreaking anchor insertdatetime advlist lists wordcount help code emoticons',
 			toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | emoticons link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
 			resize: 'both',
 			image_advtab: true,
@@ -23,6 +23,8 @@
 				{title: 'Colored Table', value: 'myaac-table'},
 			],
 			license_key: 'gpl',
 			setup: function (ed) {
 				ed.on('NodeChange', function (e) {
 					if (ed.getContent() !== lastContent) {
--- a/system/twig.php
+++ b/system/twig.php
@@ -36,7 +36,11 @@ $twig->addExtension(new MyAAC\Twig\Extension\TypeCastingExtension());
 $filter = new TwigFilter('timeago', function ($datetime) {
-	$time = time() - strtotime($datetime);
+	if (!is_int($datetime)) {
 		$datetime = strtotime($datetime);
 	}
 	$time = time() - $datetime;
 	$units = array (
 		31536000 => 'year',
@@ -152,3 +156,5 @@ $twig->addFilter($filter);
 unset($function, $filter);
 $hooks->trigger(HOOK_TWIG, ['twig' => $twig, 'twig_loader' => $twig_loader]);
 $twig->addGlobal('cache', $cache);
--- a/templates/kathrine/config.php
+++ b/templates/kathrine/config.php
@@ -1,12 +1,18 @@
 <?php
 $config['menu_default_links_color'] = '#ffffff';
-$config['menu_categories'] = array(
+// max 7 menus for kathrine
-	MENU_CATEGORY_NEWS => array('id' => 'news', 'name' => 'Latest News'),
+$config['menu_categories'] = [
-	MENU_CATEGORY_ACCOUNT => array('id' => 'account', 'name' => 'Account'),
+	MENU_CATEGORY_NEWS => ['id' => 'news', 'name' => 'Latest News'],
-	MENU_CATEGORY_COMMUNITY => array('id' => 'community', 'name' => 'Community'),
+	// you can add custom menu by uncommenting this
-	MENU_CATEGORY_LIBRARY => array('id' => 'library', 'name' => 'Library'),
+	// after doing it, go to admin panel -> Menus and add your entries for this category
-	MENU_CATEGORY_SHOP => array('id' => 'shops', 'name' => 'Shop')
+	// tip: you can move it up/down to show it on specific position
-);
+	//7 => array('id' => 'testing', 'name' => 'Test Menu 1'),
 	//8 => array('id' => 'testing2', 'name' => 'Test Menu 2'),
 	MENU_CATEGORY_ACCOUNT => ['id' => 'account', 'name' => 'Account'],
 	MENU_CATEGORY_COMMUNITY => ['id' => 'community', 'name' => 'Community'],
 	MENU_CATEGORY_LIBRARY => ['id' => 'library', 'name' => 'Library'],
 	MENU_CATEGORY_SHOP => ['id' => 'shops', 'name' => 'Shop']
 ];
 $config['menus'] = require __DIR__ . '/menus.php';
--- a/templates/kathrine/javascript.php
+++ b/templates/kathrine/javascript.php
@@ -1,42 +1,40 @@
 <?php
-$menus = get_template_menus();
+function get_template_pages($category): array
-
+{
 function get_template_pages($category) {
 	global $menus;
 	$ret = array();
-	foreach($menus[$category] as $menu) {
+	foreach($menus[$category] ?? [] as $menu) {
 		$ret[] = $menu['link'];
 	}
 	return $ret;
 }
 ?>
-var category = '<?php
+let category = '<?php
-if(strpos(URI, 'subtopic=') !== false) {
+if(str_contains(URI, 'subtopic=')) {
-	$tmp = array($_REQUEST['subtopic']);
+	$tmp = [$_REQUEST['subtopic']];
 }
 else {
 	$tmp = URI;
 	if(empty($tmp)) {
-		$tmp = array('news');
+		$tmp = ['news'];
 	}
 	else {
 		$tmp = explode('/', URI);
 	}
 }
-if(in_array($tmp[0], get_template_pages(MENU_CATEGORY_NEWS)))
+foreach (config('menu_categories') as $id => $info) {
-	echo 'news';
+	$templatePages = get_template_pages($id);
-elseif(in_array($tmp[0], get_template_pages(MENU_CATEGORY_LIBRARY)))
+
-	echo 'library';
+	if ($id == MENU_CATEGORY_ACCOUNT) {
-elseif(in_array($tmp[0], get_template_pages(MENU_CATEGORY_COMMUNITY)))
+		$templatePages = array_merge($templatePages, ['account']);
-	echo 'community';
+	}
-elseif(in_array($tmp[0], array_merge(get_template_pages(MENU_CATEGORY_ACCOUNT), array('account'))))
+
-	echo 'account';
+	if (in_array($tmp[0], $templatePages)) {
-elseif(in_array($tmp[0], get_template_pages(MENU_CATEGORY_SHOP)))
+		echo $info['id'];
-	echo 'shops';
+		break;
-else {
+	}
 	echo 'news';
 }
 ?>';
--- a/templates/kathrine/menu.js.html.twig
+++ b/templates/kathrine/menu.js.html.twig
@@ -1,10 +1,10 @@
 var list = new Array();
 {% set i = 0 %}
-{% for cat in categories %}
+{% for id, cat in config('menu_categories') %}
-	{% if cat.id != 'shops' or setting('core.gifts_system') %}
+	{% if (cat.id != 'shops' or setting('core.gifts_system')) and menus[id]|length > 0 %}
-	list[{{ i }}] = '{{ cat.id }}';
+		list[{{ i }}] = '{{ cat.id }}';
 		{% set i = i + 1 %}
 	{% endif %}
 {% set i = i + 1 %}
 {% endfor %}
 function initMenu()
--- a/templates/kathrine/style.css
+++ b/templates/kathrine/style.css
@@ -27,11 +27,13 @@ body
 #tabs
 {
-	width: 580px;
+	width: 99%;
 	height: 32px;
 	background: url('images/tabs-bg.png') no-repeat;
 	float: left;
 	padding-left: 200px;
 	position: relative;
 	display: inline-flex;
 	right: 0;
 }
 	#tabs .tab
@@ -453,6 +455,27 @@ a:hover
  white-space: nowrap;
  vertical-align: top;
 }
 .LabelV120 {
 	font-weight: bold;
 	padding-right: 10px;
 	white-space: nowrap;
 	vertical-align: top;
 	width: 120px;
 }
 .LabelV150 {
 	font-weight: bold;
 	padding-right: 10px;
 	white-space: nowrap;
 	vertical-align: top;
 	width: 150px;
 }
 .LabelV200 {
 	font-weight: bold;
 	padding-right: 10px;
 	white-space: nowrap;
 	vertical-align: top;
 	width: 200px;
 }
 .LabelH {
  font-weight: bold;
  padding-right: 10px;
--- a/templates/kathrine/template.php
+++ b/templates/kathrine/template.php
@@ -8,7 +8,9 @@ defined('MYAAC') or die('Direct access not allowed!');
 		<link rel="stylesheet" href="<?php echo $template_path; ?>/style.css" type="text/css" />
 		<script type="text/javascript">
 			<?php
-				$twig->display('menu.js.html.twig', array('categories' => $config['menu_categories']));
+				$menus = get_template_menus();
 				$twig->display('menu.js.html.twig', ['menus' => $menus]);
 			?>
 		</script>
 		<script type="text/javascript" src="tools/basic.js"></script>
@@ -28,11 +30,24 @@ defined('MYAAC') or die('Direct access not allowed!');
 			<div id="header"></div>
 			<!-- End -->
 			<!-- Custom Style for #tabs -->
 			<?php
 			$menusCount = count($menus);
 			$tabsStyle = '';
 			if ($menusCount > 6) {
 				$tabsStyle .= 'padding-left: 4px;';
 				$tabsStyle .= 'padding-right: 12px;';
 			}
 			elseif ($menusCount > 5) {
 				$tabsStyle .= 'padding-left: 90px;';
 			}
 			?>
 			<!-- Menu Section -->
-			<div id="tabs">
+			<div id="tabs" style="<?= $tabsStyle; ?>">
 				<?php
 				foreach($config['menu_categories'] as $id => $cat) {
-					if($id != MENU_CATEGORY_SHOP || $config['gifts_system']) { ?>
+					if (($id != MENU_CATEGORY_SHOP || $config['gifts_system']) && isset($menus[$id])) { ?>
 				<span id="<?php echo $cat['id']; ?>" onclick="menuSwitch('<?php echo $cat['id']; ?>');"><?php echo $cat['name']; ?></span>
 				<?php
 					}
--- a/templates/tibiacom/account.management.html.twig
+++ b/templates/tibiacom/account.management.html.twig
@@ -11,13 +11,14 @@
 					<td width="100%"></td>
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0" >
-							<form action="{{ getLink('account/logout') }}" method="post" >
+							<tr>
-								<tr>
+								<td style="border:0;">
-									<td style="border:0px;">
+									<form action="{{ getLink('account/logout') }}" method="post" >
 										{{ csrf() }}
 										{{ include('buttons.logout.html.twig') }}
-									</td>
+									</form>
-								</tr>
+								</td>
-							</form>
+							</tr>
 						</table>
 					</td>
 				</tr>
@@ -59,13 +60,14 @@
 			</table>
 			<div style="text-align:center">
 				<table border="0" cellspacing="0" cellpadding="0" style="margin-left: auto; margin-right: auto;">
-					<form action="{{ getLink('account/register') }}" method="post">
+					<tr>
-						<tr>
+						<td style="border:0;">
-							<td style="border:0;">
+							<form action="{{ getLink('account/register') }}" method="post">
 								{{ csrf() }}
 								{{ include('buttons.register_account.html.twig') }}
-							</td>
+							</form>
-						</tr>
+						</td>
-					</form>
+					</tr>
 				</table>
 			</div>
 		</div>
@@ -94,13 +96,14 @@
 			</table>
 			<div style="text-align:center">
 				<table border="0" cellspacing="0" cellpadding="0">
-					<form action="{{ getLink('account/change-email') }}" method="post">
+					<tr>
-						<tr>
+						<td style="border:0;">
-							<td style="border:0px;">
+							<form action="{{ getLink('account/change-email') }}" method="post">
 								{{ csrf() }}
 								{{ include('buttons.edit.html.twig') }}
-							</td>
+							</form>
-						</tr>
+						</td>
-					</form>
+					</tr>
 				</table>
 			</div>
 		</div>
@@ -177,26 +180,29 @@
 				<tr>
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
-							<form action="{{ getLink('account/change-password') }}" method="post">
+							<tr>
-								<tr>
+								<td style="border:0;" >
-									<td style="border:0px;" >
+									<form action="{{ getLink('account/change-password') }}" method="post">
 										{{ csrf() }}
 										{{ include('buttons.change_password.html.twig') }}
-									</td>
+									</form>
-								</tr>
+								</td>
-							</form>
+							</tr>
 						</table>
 					</td>
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
-							<form action="{{ getLink('account/change-email') }}" method="post">
+							<tr>
-								<tr>
+								<td style="border:0;">
-									<td style="border:0px;">
+									<form action="{{ getLink('account/change-email') }}" method="post">
 										{{ csrf() }}
 										<input type="hidden" name="newemail" value=""/>
 										<input type="hidden" name="newemaildate" value="0">
 										{{ include('buttons.change_email.html.twig') }}
-									</td>
+									</form>
-								</tr>
+								</td>
-							</form>
+							</tr>
 						</table>
 					</td>
 					<td width="100%"></td>
@@ -204,13 +210,14 @@
 					{% if recovery_key is empty %}
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
-							<form action="{{ getLink('account/register') }}" method="post">
+							<tr>
-								<tr>
+								<td style="border:0;">
-									<td style="border:0px;">
+									<form action="{{ getLink('account/register') }}" method="post">
 										{{ csrf() }}
 										{{ include('buttons.register_account.html.twig') }}
-									</td>
+									</form>
-								</tr>
+								</td>
-							</form>
+							</tr>
 						</table>
 					</td>
 					{% endif %}
@@ -258,13 +265,14 @@
 							</td>
 							<td align=right>
 								<table border="0" cellspacing="0" cellpadding="0">
-									<form action="{{ getLink('account/change-info') }}" method="post">
+									<tr>
-										<tr>
+										<td style="border:0;">
-											<td style="border:0px;">
+											<form action="{{ getLink('account/change-info') }}" method="post">
 												{{ csrf() }}
 												{{ include('buttons.edit.html.twig') }}
-											</td>
+											</form>
-										</tr>
+										</td>
-									</form>
+									</tr>
 								</table>
 							</td>
 						</tr>
@@ -282,6 +290,9 @@
 {% endset %}
 {% include 'tables.headline.html.twig' %}
 <br/>
 {{ include('account.2fa.main.html.twig') }}
 {{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS') }}
 <a name="Account+Logs" ></a>
 <div class="TopButtonContainer">
@@ -398,8 +409,9 @@
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0" >
 							<tr>
-								<td style="border:0px;">
+								<td style="border:0;">
 									<form action="{{ getLink('account/characters/create') }}" method="post" >
 										{{ csrf() }}
 										{{ include('buttons.create_character.html.twig') }}
 									</form>
 								</td>
@@ -410,8 +422,9 @@
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0" >
 							<tr>
-								<td style="border:0px;">
+								<td style="border:0;">
 									<form action="{{ getLink('account/characters/change-name') }}" method="post" >
 										{{ csrf() }}
 										{{ include('buttons.change_name.html.twig') }}
 									</form>
 								</td>
@@ -423,8 +436,9 @@
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0" >
 							<tr>
-								<td style="border:0px;">
+								<td style="border:0;">
 									<form action="{{ getLink('account/characters/change-sex') }}" method="post">
 										{{ csrf() }}
 										{{ include('buttons.change_sex.html.twig') }}
 									</form>
 								</td>
@@ -436,8 +450,9 @@
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
 							<tr>
-								<td style="border: 0px;">
+								<td style="border: 0;">
 									<form action="{{ getLink('account/characters/delete') }}" method="post">
 										{{ csrf() }}
 										{{ include('buttons.delete_character.html.twig') }}
 									</form>
 								</td>
@@ -451,4 +466,7 @@
 </table>
 {% endset %}
 {% include 'tables.headline.html.twig' %}
-<br/><br/>
+<br/>
 {{ hook('HOOK_ACCOUNT_MANAGE_AFTER_CHARACTERS') }}
 <br/>
--- a/templates/tibiacom/basic.css
+++ b/templates/tibiacom/basic.css
@@ -1446,6 +1446,27 @@ img {
  white-space: nowrap;
  vertical-align: top;
 }
 .LabelV120 {
 	font-weight: bold;
 	padding-right: 10px;
 	white-space: nowrap;
 	vertical-align: top;
 	width: 120px;
 }
 .LabelV150 {
 	font-weight: bold;
 	padding-right: 10px;
 	white-space: nowrap;
 	vertical-align: top;
 	width: 150px;
 }
 .LabelV200 {
 	font-weight: bold;
 	padding-right: 10px;
 	white-space: nowrap;
 	vertical-align: top;
 	width: 200px;
 }
 .LabelH {
  font-weight: bold;
  padding-right: 10px;
--- a/templates/tibiacom/boxes/templates/poll.html.twig
+++ b/templates/tibiacom/boxes/templates/poll.html.twig
@@ -1,6 +1,6 @@
 <div id="CurrentPollBox" class="Themebox" style="background-image:url({{ template_path }}/images/themeboxes/current-poll/currentpollbox.gif);">
 	<div id="CurrentPollText">{{ poll.question }}</div>
-	<a class="ThemeboxButton" href="{{ getLink('polls') }}/{{ poll.id }}" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" style="background-image:url({{ template_path }}/images/global/buttons/sbutton.gif);"><div class="BigButtonOver" style="background-image:url({{ template_path }}/images/global/buttons/sbutton_over.gif);"></div><div class="ButtonText" style="background-image:url({{ template_path }}/images/global/buttons/_sbutton_votenow.gif);"></div>
+	<a class="ThemeboxButton" href="{{ getLink('polls') }}?ìd={{ poll.id }}" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" style="background-image:url({{ template_path }}/images/global/buttons/sbutton.gif);"><div class="BigButtonOver" style="background-image:url({{ template_path }}/images/global/buttons/sbutton_over.gif);"></div><div class="ButtonText" style="background-image:url({{ template_path }}/images/global/buttons/_sbutton_votenow.gif);"></div>
 	</a>
 	<div class="Bottom" style="background-image:url({{ template_path }}/images/general/box-bottom.gif);"></div>
 </div>
--- a/templates/tibiacom/index.php
+++ b/templates/tibiacom/index.php
@@ -164,6 +164,10 @@ if(isset($config['boxes']))
 		function InitializeMenu()
 		{
 		  for(menuItemName in menu[0]) {
 			  if (!document.getElementById(menuItemName+"_Submenu")) {
 				  continue;
 			  }
 			if(menu[0][menuItemName] == "0") {
 			  document.getElementById(menuItemName+"_Submenu").style.visibility = "hidden";
 			  document.getElementById(menuItemName+"_Submenu").style.display = "none";
@@ -454,7 +458,7 @@ foreach($config['menu_categories'] as $id => $cat) {
 			foreach($config['boxes'] as $box) {
 				/** @var string $template_name */
-				$file = TEMPLATES . $template_name . '/boxes/' . $box . '.php';
+				$file = __DIR__ . '/boxes/' . $box . '.php';
 				if(file_exists($file)) {
 					include($file); ?>
 				<?php
--- a/templates/tibiacom/success.html.twig
+++ b/templates/tibiacom/success.html.twig
@@ -35,6 +35,7 @@
 		<tr>
 			<td style="border:0;">
 				<form action="{{ getLink('account/manage') }}" method="post">
 					{{ csrf() }}
 					{{ include('buttons.back.html.twig') }}
 				</form>
 			</td>
Author	SHA1	Message	Date
slawkens	03c7dd0002	Merge branch 'main' into feature/2fa	2025-08-12 14:36:29 +02:00
slawkens	20f99903ae	Fix submenu initialization for missing elements Added a check in InitializeMenu to skip submenu items if their corresponding DOM element does not exist, preventing potential JavaScript errors.	2025-08-12 12:46:39 +02:00
slawkens	b6e1620f14	Fix #318 (online.php throws error in one scenario)	2025-08-07 21:17:25 +02:00
dependabot[bot]	9cb7792623	Bump tmp from 0.2.3 to 0.2.4 (#317 ) Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.3 to 0.2.4. - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](https://github.com/raszi/node-tmp/compare/v0.2.3...v0.2.4) --- updated-dependencies: - dependency-name: tmp dependency-version: 0.2.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-07 16:21:22 +02:00
dependabot[bot]	0db908be18	Bump form-data from 4.0.2 to 4.0.4 (#315 ) Bumps [form-data](https://github.com/form-data/form-data) from 4.0.2 to 4.0.4. - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](https://github.com/form-data/form-data/compare/v4.0.2...v4.0.4) --- updated-dependencies: - dependency-name: form-data dependency-version: 4.0.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-02 14:15:13 +02:00
slawkens	785d38312b	Start 1.8.1-dev	2025-08-02 12:41:35 +02:00
slawkens	e1c04ed28e	Release v1.8	2025-08-02 12:28:13 +02:00
slawkens	c836308601	pages/online: add cache, resulting in 20x performance boost (for an example server with 2k players)	2025-07-31 13:28:46 +02:00
slawkens	0efe47ce71	Twig: add cache variable	2025-07-31 13:15:06 +02:00
slawkens	3b47e9df2f	Cache::remember: $ttl = 0 means no cache	2025-07-31 13:02:55 +02:00
slawkens	43415cf35d	Add missing $fillable into PlayerOnline model	2025-07-31 12:32:18 +02:00
slawkens	cf7fd20452	Mailer: send only to verified accounts (option)	2025-07-31 09:19:49 +02:00
slawkens	080cc2781f	Fix mailer: send to email link from accounts page	2025-07-31 07:31:15 +02:00
slawkens	20d69a641c	Fix exception if setting not found	2025-07-24 23:30:28 +02:00
slawkens	2d4be327b2	Fix if highscores show outfit disabled	2025-07-24 23:07:49 +02:00
slawkens	bb097b69ce	Update settings.php	2025-07-22 22:06:32 +02:00
slawkens	6e5a4ff8c7	Fix if setting found in db, but not found in plugins	2025-07-22 21:49:05 +02:00
slawkens	caf326a658	Refactor to use HAS_ACCOUNT_COINS $db->hasColumn('accounts', 'coins') -> HAS_ACCOUNT_COINS	2025-07-22 21:44:09 +02:00
slawkens	bccf8e056d	Rewrite to use constants (account transferable coins)	2025-07-22 21:33:45 +02:00
slawkens	7d27e5a0ba	New setting: Default Account Transferable Coins	2025-07-22 21:32:51 +02:00
slawkens	9b6f410459	Update phpstan.neon	2025-07-22 19:11:42 +02:00
slawkens	c06b0017f1	Update phpstan.neon	2025-07-22 19:07:58 +02:00
slawkens	d8132d4d76	Highscores revamp a bit * Show real rank, if 2 or more players have the same skill, show them with same rank * New setting: highscores_online_status * Additional fields passed to twig: updatedAt, totalResults, page, baseLink	2025-07-22 18:18:29 +02:00
slawkens	1566deb84a	Add getExperienceForLevel (level)	2025-07-19 15:46:51 +02:00
slawkens	536b29be95	That is duplicated	2025-07-19 15:11:09 +02:00
slawkens	5271633bdb	Account -> isPremium -> ignore config.freePremium	2025-07-19 15:00:17 +02:00
slawkens	ce5b1cf2a6	Update CacheClearCommand.php	2025-07-19 11:16:55 +02:00
slawkens	83f84172e0	Add warning about APCu clear in CLI Adds a warning message if attempting to clear APCu cache from the CLI, as this is not supported. Users are advised to use the Admin Panel for clearing APCu cache outside of development environments.	2025-07-19 11:16:03 +02:00
slawkens	34fead906e	Allow for timestamp as integer in the timeago twig function	2025-07-19 10:05:25 +02:00
slawkens	ec11c14024	kathrine: possibility to add custom menu categories	2025-07-19 07:48:01 +02:00
slawkens	2fe9924437	Start 1.7.2-dev	2025-07-08 19:20:45 +02:00
slawkens	f0f2e3785f	Fix phpstan	2025-07-08 15:44:45 +02:00
slawkens	36ca755243	New setting: Display Skills Box on highscores Better space management	2025-07-08 14:28:48 +02:00
slawkens	f17269e44c	Move admin bar code into body_start place_holder	2025-07-08 14:22:51 +02:00
slawkens	dcb96f4ce1	Refactor code - early exit	2025-07-08 13:48:33 +02:00
slawkens	a89f9a8484	Set $process_sections to true	2025-07-08 09:22:12 +02:00
slawkens	45d6047031	Add Coins Transferable to accounts editor	2025-07-05 14:22:58 +02:00
slawkens	e435062025	[WIP] 2fa	2025-07-05 08:20:58 +02:00
slawkens	ecc9bd4042	Merge branch 'main' into feature/2fa	2025-07-01 14:18:38 +02:00
slawkens	c92148d467	Revert delete clearRouteCache, is used somewhere else	2025-06-27 07:23:22 +02:00
slawkens	b4b62442fe	Release v1.7.1	2025-06-27 07:21:19 +02:00
slawkens	047742848b	Delete clearRouteCache, was useless Directory is cleaned already	2025-06-27 07:15:13 +02:00
slawkens	fe8281594e	Fix cache:clear command (missing init)	2025-06-27 07:13:33 +02:00
slawkens	0bff910a05	adjust command email:send + mail:send (alias)	2025-06-25 19:43:40 +02:00
slawkens	6d43fc181f	In case the script don't have install option, inform the user	2025-06-25 17:36:43 +02:00
slawkens	13d33822b5	Rename to plugin:setup, also add alias to previous command	2025-06-25 17:36:02 +02:00
slawkens	f78ebad136	Remove error number from 404 & 405 pages	2025-06-24 14:57:01 +02:00
slawkens	d90fa323d7	Fix polls link	2025-06-24 12:44:43 +02:00
slawkens	181131f7f3	Use __DIR__ instead of template path	2025-06-24 12:44:34 +02:00
slawkens	0da524fefe	Fix plugin install:install command	2025-06-23 00:21:41 +02:00
slawkens	797377e428	Replace TwoFactorAuth with self	2025-06-22 22:34:36 +02:00
slawkens	96b5df9d74	Merge branch 'main' into feature/2fa	2025-06-22 18:51:32 +02:00
slawkens	6cf4b9dac5	Fix xdebug warnings in load_config_lua	2025-06-22 18:51:20 +02:00
slawkens	b3dfc56c96	[WIP] Working 2fa email auth	2025-06-22 18:50:54 +02:00
slawkens	96d6e04bd2	Update 46-account_email_codes.sql	2025-06-22 13:19:29 +02:00
slawkens	9146eee327	Move	2025-06-22 11:55:34 +02:00
slawkens	3d97fa0719	Merge branch 'main' into feature/2fa	2025-06-22 11:45:21 +02:00
slawkens	5cfa3a697f	Start v1.7.1-dev	2025-06-22 11:25:45 +02:00
slawkens	bb830bce44	Release v1.7	2025-06-22 08:55:29 +02:00
slawkens	566c2a9151	Move out of $cache->enabled	2025-06-22 08:48:24 +02:00
slawkens	a66cafceab	2fa: first draft	2025-06-22 08:34:30 +02:00
slawkens	0f48f12e2e	Update admin.plugins.outdated.html.twig	2025-06-19 18:53:11 +02:00
Slawomir Boczek	0ea247ce7e	Feature/plugins versions check (#310 ) * Check plugins versions from plugins.my-aac.org/api * Improve plugin update check messaging Updated the success message when checking for plugin updates to clarify the source. Added an informational message when outdated plugins are found to improve user feedback. * Use configurable API URI for plugin updates Replaces hardcoded plugin API URI with a configurable value from config, defaulting to the official API. Also fixes a typo in the success message.	2025-06-19 16:46:22 +02:00
slawkens	b329da52aa	Use apcu_clear_cache	2025-06-17 17:52:23 +02:00
slawkens	c720ccc451	Add missing csrf()	2025-06-15 19:35:12 +02:00
slawkens	8dc42b6544	Nothing important: just formatting	2025-06-15 19:05:47 +02:00
slawkens	dca904e61d	Add missing csrf()	2025-06-15 19:05:19 +02:00
slawkens	29faa4f695	Add missing csrf() in success.html.twig	2025-06-15 19:03:03 +02:00
slawkens	4767120043	Update online.html.twig	2025-06-14 21:19:52 +02:00
slawkens	9a90e4aae2	Revamped online page	2025-06-14 21:12:47 +02:00
slawkens	ba4ed6a04b	Add LabelV120, LabelV150, LabelV200	2025-06-14 20:52:38 +02:00
slawkens	a7efacdbac	Delete online.form, use revamped characters.form	2025-06-14 20:50:54 +02:00
Goosey	577037becc	fix: boostedcreatures for 13.40 (#307 ) * boostedcreatures fix for 13.40 Fixes the boosted boss/creature display on the login page for 13.40 running the default cipsoft client. * Adjust version --------- Co-authored-by: slawkens <slawkens@gmail.com>	2025-06-14 15:58:08 +02:00
slawkens	b8abc11b96	Update list.php	2025-06-14 11:33:47 +02:00
slawkens	4def6a6cae	Style	2025-06-14 10:39:45 +02:00
slawkens	e6100a1b72	New hook: HOOK_GUILDS_AFTER_MANAGE_BUTTON	2025-06-14 10:36:38 +02:00
slawkens	522f6c11d8	Add OTS_Player->isNameLocked()	2025-06-14 08:26:43 +02:00
slawkens	00c3635c5f	Add $config['site']['serverPath'] for better compatibility with Gesior	2025-06-14 00:59:10 +02:00
slawkens	c074a48f24	New hook: HOOK_ACCOUNT_MANAGE_AFTER_CHARACTERS	2025-06-14 00:44:00 +02:00
slawkens	e222957893	OTS_Toolbox::getVocationName($id, $promotion);	2025-06-13 22:25:36 +02:00
slawkens	d423ddd07a	Nothing important: convert to tabs	2025-06-13 22:14:20 +02:00
slawkens	4d4f7759d3	Update visitors.php	2025-06-13 21:31:04 +02:00
slawkens	9510640ba9	Ignore empty values	2025-06-13 21:25:13 +02:00
slawkens	98b13c91a4	Update notice about how to enable Visitors Counter	2025-06-13 21:24:52 +02:00
slawkens	0c95bcfd06	Better $title inventing	2025-06-13 21:03:09 +02:00
slawkens	524e982a0e	Release v1.6.1	2025-06-11 05:51:39 +02:00
slawkens	fffb427eae	Update account.generate_recovery_key.html.twig	2025-06-09 21:18:45 +02:00
slawkens	10cd71a663	Add missing csrf() into account manage actions	2025-06-09 21:18:42 +02:00
slawkens	0812fe025d	Update settings_save.php	2025-06-09 21:14:44 +02:00
slawkens	309c1fb715	Remove deprecated TinyMCE plugin - template	2025-06-09 14:24:36 +02:00
slawkens	8d29fdb98b	Set TinyMCE license key to gpl (Avoid warning message in browser console)	2025-06-09 14:24:22 +02:00
slawkens	f782850307	Move counter & visitors code before router In case someone wants to include that info on page	2025-06-06 22:10:13 +02:00
slawkens	835dda9659	Remove duplicated code - account redirect, already in account/manage	2025-06-05 19:08:53 +02:00
slawkens	dcc703b1eb	Remove optional param, make it required for few routes	2025-06-05 18:11:44 +02:00
slawkens	9d8e9d27bd	Ignore duplicated route exception	2025-06-05 18:11:31 +02:00
slawkens	db09980de1	Start v1.6.1-dev	2025-06-03 22:57:33 +02:00
slawkens	2dba778167	Update example.json	2025-06-03 18:38:02 +02:00