Fix if $hooks not defined

CHANGELOG-1.x.md

@@ -1,39 +1,5 @@
 # Changelog
 
-## [1.6.1 - 11.06.2025]
-
-### Fixed
-* Fixed "Request has been cancelled due to security reasons", cause of missing csrf() in twig files (https://github.com/slawkens/myaac/commit/10cd71a6630ffec91b43a26a6d685b66c5836a6a)
-* Fix: Ignore duplicated route exception (https://github.com/slawkens/myaac/commit/9d8e9d27bd87167d8d4005942a6af62bfe4c0892)
-
-### Changed
-* Move counter & visitors code before router (In case someone wants to include that info on page) (https://github.com/slawkens/myaac/commit/f78285030708ad3c74ab048711f73bbf3ee5281e)
-* Set TinyMCE license key to gpl (Avoid warning message in browser console) (https://github.com/slawkens/myaac/commit/8d29fdb98b92dbc3d2853ef88a185c67036b4a77)
-
-### Removed
-* Remove deprecated TinyMCE plugin - template (https://github.com/slawkens/myaac/commit/309c1fb715b882e67cb673b1544a03befbf64a22)
-
-## [1.6 - 03.06.2025]
-
-### Added
-* Add new setting/configurable: site_url, prevents domain spoofing (https://github.com/slawkens/myaac/commit/d8a6090be382c35c19117cfef964b594ed02b8d4)
-* Add new account coins setting (https://github.com/slawkens/myaac/commit/28886551e86fe562172c4c7f2afb89a2e7672c2e)
-* autoload: settings/install/init.php (https://github.com/slawkens/myaac/commit/e5749437074c3b3556628a2aeb5bad2edf97bde0, https://github.com/slawkens/myaac/commit/7d213f479a7e40c6254069b5fc4e578dc32bf8d9, https://github.com/slawkens/myaac/commit/207d6bc69120aba1af2b51808f17e0059b571fed)
-* Protect against csrf in more places (accounts & guilds & forums pages) (https://github.com/slawkens/myaac/commit/6eda38603c8ed7e99b92a78a4600b1245377f74d, https://github.com/slawkens/myaac/commit/e776bd52beb3064a9e694efd1b9021ec972ee2f6, https://github.com/slawkens/myaac/commit/84d502bf105f2a789481fba1acc820d236b4de66)
-* Added two new hooks for pages loaded from database (custom pages): HOOK_BEFORE_PAGE_CUSTOM, HOOK_AFTER_PAGE_CUSTOM (https://github.com/slawkens/myaac/commit/c961a1ebf837f2ab1734a825ff2c57b4937610c9)
-* Add global variables into $hooks->executeFilter (https://github.com/slawkens/myaac/commit/8fdea943768b20193eede99d60313ee84511a0be)
-* Add getNPCsCount() to OTS_InfoRespond (https://github.com/slawkens/myaac/commit/7d435ff6433ef1fb2295ee79ed043ee10dc725e9)
-
-### Fixed
-* Allow [] in character name (https://github.com/slawkens/myaac/commit/de6603a51347b9e656c58637ed9971fffdd7cedd)
-* Do not allow access to tools/ folder after install (https://github.com/slawkens/myaac/commit/6e0f5913831f8dba69fd2d1505be3e2a303c6324)
-* Fix CHANGELOG-1.x.md loading in admin panel (https://github.com/slawkens/myaac/commit/4a30fb495dbfbe1d434e8d52419eaf44fe517aee)
-* Fix links not working in admin dashboard modules (https://github.com/slawkens/myaac/commit/be7b27c31aa3bbd6c0289c34d1e61139a3fe015c)
-* Fix twig variables: logged + account_logged being not set directly after login (https://github.com/slawkens/myaac/commit/1e9b10d6489c488cadf7f6ed17b42f1ea6c767a8)
-
-### Changed
-* OTS_ServerInfo -> move setTimeout out of class - Possibility to use the class without MyAAC (https://github.com/slawkens/myaac/commit/40d65a6613149fda51bdceb82c807e5301a3388b)
-
 ## [1.5 - 14.05.2025]
 
 ### Added

admin/pages/modules/templates/coins.html.twig

@@ -19,7 +19,7 @@
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
-							<td><a href="?p=accounts&id={{ result.id }}">{{ result.name ?? result.id }}</a></td>
+							<td><a href="?p=accounts&id={{ result.id }}">{{ result.name }}</a></td>
 							<td>{{ result.coins }}</td>
 						</tr>
 					{% endfor %}

admin/tools/settings_save.php

@@ -1,5 +1,6 @@
 <?php
 
+use MyAAC\Hooks;
 use MyAAC\Settings;
 
 const MYAAC_ADMIN = true;

common.php

@@ -26,7 +26,7 @@
 if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
 
 const MYAAC = true;
-const MYAAC_VERSION = '1.6.1';
+const MYAAC_VERSION = '1.5.1-dev';
 const DATABASE_VERSION = 45;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
@@ -122,28 +122,36 @@ if (!IS_CLI) {
 	session_start();
 }
 
-if (file_exists(BASE . 'config.local.php')) {
-	require BASE . 'config.local.php';
-}
+// basedir
+$basedir = '';
+$tmp = explode('/', $_SERVER['SCRIPT_NAME']);
+$size = count($tmp) - 1;
+for($i = 1; $i < $size; $i++)
+	$basedir .= '/' . $tmp[$i];
 
-require SYSTEM . 'base.php';
-define('BASE_DIR', $baseDir);
+$basedir = str_replace(['/' . ADMIN_PANEL_FOLDER, '/install', '/tools'], '', $basedir);
+define('BASE_DIR', $basedir);
 
 if(!IS_CLI) {
-	if (isset($config['site_url'])) {
-		$hasSlashAtEnd = ($config['site_url'][strlen($config['site_url']) - 1] == '/');
-
-		define('SERVER_URL', $config['site_url']);
-		define('BASE_URL', SERVER_URL . ($hasSlashAtEnd ? '' : '/'));
-		define('ADMIN_URL', SERVER_URL . ($hasSlashAtEnd ? '' : '/') . ADMIN_PANEL_FOLDER . '/');
+	if (isset($_SERVER['HTTP_HOST'][0])) {
+		$baseHost = $_SERVER['HTTP_HOST'];
+	} else {
+		if (isset($_SERVER['SERVER_NAME'][0])) {
+			$baseHost = $_SERVER['SERVER_NAME'];
+		} else {
+			$baseHost = $_SERVER['SERVER_ADDR'];
+		}
 	}
-	else {
-		define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
-		define('BASE_URL', SERVER_URL . BASE_DIR . '/');
-		define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
 
-		//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
-	}
+	define('SERVER_URL', 'http' . (isHttps() ? 's' : '') . '://' . $baseHost);
+	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
+	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
+
+	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
+}
+
+if (file_exists(BASE . 'config.local.php')) {
+	require BASE . 'config.local.php';
 }
 
 /** @var array $config */

index.php

@@ -117,14 +117,6 @@ if(setting('core.backward_support')) {
 		$config['status']['serverStatus_' . $key] = $value;
 }
 
-if(setting('core.views_counter')) {
-	require_once SYSTEM . 'counter.php';
-}
-
-if(setting('core.visitors_counter')) {
-	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
-}
-
 require_once SYSTEM . 'router.php';
 
 // anonymous usage statistics
@@ -161,6 +153,13 @@ if(setting('core.anonymous_usage_statistics')) {
 	}
 }
 
+if(setting('core.views_counter'))
+	require_once SYSTEM . 'counter.php';
+
+if(setting('core.visitors_counter')) {
+	$visitors = new Visitors(setting('core.visitors_counter_ttl'));
+}
+
 /**
  * @var OTS_Account $account_logged
  */

install/steps/4-config.php

@@ -10,14 +10,6 @@ foreach($config['clients'] as $client) {
 	$clients[$client] = $client_version;
 }
 
-if (empty($_SESSION['var_site_url'])) {
-	//require SYSTEM . 'base.php';
-	$serverUrl = 'http' . (isHttps() ? 's' : '') . '://' . $baseHost;
-	$siteURL = $serverUrl . $baseDir;
-
-	$_SESSION['var_site_url'] = $siteURL;
-}
-
 $twig->display('install.config.html.twig', array(
 	'clients' => $clients,
 	'timezones' => DateTimeZone::listIdentifiers(),

install/steps/7-finish.php

@@ -195,4 +195,13 @@ if(!isset($_SESSION['installed'])) {
 	$_SESSION['installed'] = true;
 }
 
+foreach($_SESSION as $key => $value) {
+	if(strpos($key, 'var_') !== false)
+		unset($_SESSION[$key]);
+}
+unset($_SESSION['saved']);
+if(file_exists(CACHE . 'install.txt')) {
+	unlink(CACHE . 'install.txt');
+}
+
 $hooks->trigger(HOOK_INSTALL_FINISH_END);

install/tools/5-database.php

@@ -7,11 +7,6 @@ require SYSTEM . 'functions.php';
 require BASE . 'install/includes/functions.php';
 require BASE . 'install/includes/locale.php';
 
-if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
-	warning($locale['already_installed']);
-	return;
-}
-
 $error = false;
 require BASE . 'install/includes/config.php';
 

install/tools/7-finish.php

@@ -17,11 +17,11 @@ ini_set('max_execution_time', 300);
 ob_implicit_flush();
 
 header('X-Accel-Buffering: no');
-
+/*
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
 	warning($locale['already_installed']);
 	return;
-}
+}*/
 
 require SYSTEM . 'init.php';
 
@@ -94,17 +94,6 @@ $hooks->trigger(HOOK_INSTALL_FINISH);
 
 $db->setClearCacheAfter(true);
 
-// cleanup
-foreach($_SESSION as $key => $value) {
-	if(str_contains($key, 'var_')) {
-		unset($_SESSION[$key]);
-	}
-}
-unset($_SESSION['saved']);
-if(file_exists(CACHE . 'install.txt')) {
-	unlink(CACHE . 'install.txt');
-}
-
 $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_replace('tools/', '',ADMIN_URL), $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(str_replace('tools/', '', BASE_URL), $locale['step_finish_homepage'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$LINK$', generateLink('https://my-aac.org', 'https://my-aac.org', true), $locale['step_finish_desc']);

plugins/example.json

@@ -51,8 +51,5 @@
 		"themes": true,
 		"admin-pages": true,
 		"admin-pages-sub-folders": true,
-		"settings": true,
-		"install": true,
-		"init": false
 	}
  }

system/base.php

@@ -1,21 +0,0 @@
-<?php
-
-$baseDir = '';
-$tmp = explode('/', $_SERVER['SCRIPT_NAME']);
-$size = count($tmp) - 1;
-for($i = 1; $i < $size; $i++)
-	$baseDir .= '/' . $tmp[$i];
-
-$baseDir = str_replace(['/' . ADMIN_PANEL_FOLDER, '/install', '/tools'], '', $baseDir);
-
-if(!IS_CLI) {
-	if (isset($_SERVER['HTTP_HOST'][0])) {
-		$baseHost = $_SERVER['HTTP_HOST'];
-	} else {
-		if (isset($_SERVER['SERVER_NAME'][0])) {
-			$baseHost = $_SERVER['SERVER_NAME'];
-		} else {
-			$baseHost = $_SERVER['SERVER_ADDR'];
-		}
-	}
-}

system/init.php

@@ -12,7 +12,6 @@ use DebugBar\StandardDebugBar;
 use MyAAC\Cache\Cache;
 use MyAAC\CsrfToken;
 use MyAAC\Hooks;
-use MyAAC\Plugins;
 use MyAAC\Models\Town;
 use MyAAC\Settings;
 
@@ -47,11 +46,6 @@ if(isset($config['gzip_output']) && $config['gzip_output'] && isset($_SERVER['HT
 global $cache;
 $cache = Cache::getInstance();
 
-// load plugins init.php
-foreach (Plugins::getInits() as $init) {
-	require $init;
-}
-
 // event system
 global $hooks;
 $hooks = new Hooks();

system/libs/pot/OTS.php

@@ -311,9 +311,18 @@ class POT
  */
 	public function loadClass($class)
 	{
-		if( preg_match('/^(I|E_)?OTS_/', $class) > 0)
-		{
-			include_once($this->path . $class . '.php');
+		if( preg_match('/^(I|E_)?OTS_/', $class) > 0) {
+			global $hooks;
+			$include = $this->path . $class . '.php';
+
+			if (isset($hooks)) {
+				$args = ['include' => $include, 'class' => $class];
+				$hooks->triggerFilter(HOOK_FILTER_POT, $args);
+
+				$include = $args['include'];
+			}
+
+			include_once($include);
 		}
 	}
 

system/locale/de/install.php

@@ -48,8 +48,6 @@ $locale['step_config'] = 'Konfiguration';
 $locale['step_config_title'] = 'Grundkonfiguration';
 $locale['step_config_server_path'] = 'Serverpfad';
 $locale['step_config_server_path_desc'] = 'Pfad zu Ihrem TFS-Hauptverzeichnis, in dem sich die config.lua befinden.';
-$locale['step_config_site_url'] = 'Website URL';
-$locale['step_config_site_url_desc'] = 'Ihre Website-Adresse.';
 $locale['step_config_mail_admin'] = 'Admin E-Mail';
 $locale['step_config_mail_admin_desc'] = 'Adresse, an die E-Mails aus dem Kontaktformular gesendet werden, z. B. admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'Admin E-Mail ist nicht korrekt.';

system/locale/en/install.php

@@ -52,8 +52,6 @@ $locale['step_config'] = 'Configuration';
 $locale['step_config_title'] = 'Basic configuration';
 $locale['step_config_server_path'] = 'Server path';
 $locale['step_config_server_path_desc'] = 'Path to your TFS main directory, where you have config.lua located.';
-$locale['step_config_site_url'] = 'Website URL';
-$locale['step_config_site_url_desc'] = 'Your website address.';
 $locale['step_config_mail_admin'] = 'Admin Email';
 $locale['step_config_mail_admin_desc'] = 'Address where emails from contact form will be delivered, for example admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'Admin Email is not correct.';

system/locale/pl/install.php

@@ -52,8 +52,6 @@ $locale['step_config'] = 'Konfiguracja';
 $locale['step_config_title'] = 'Podstawowa konfiguracja';
 $locale['step_config_server_path'] = 'Ścieżka do serwera';
 $locale['step_config_server_path_desc'] = 'Ścieżka do Twojego folderu z TFS, gdzie znajduje się plik config.lua.';
-$locale['step_config_server_url'] = 'Adres strony';
-$locale['step_config_server_url_desc'] = 'Adres tej strony www.';
 $locale['step_config_mail_admin'] = 'E-Mail admina';
 $locale['step_config_mail_admin_desc'] = 'Na ten adres będą dostarczane E-Maile z formularza kontaktowego, przykładowo admin@gmail.com';
 $locale['step_config_mail_admin_error'] = 'E-Mail admina jest niepoprawny.';

system/pages/account/create.php

@@ -221,14 +221,8 @@ if($save)
 			}
 		}
 
-		$accountDefaultPremiumPoints = setting('core.account_premium_points');
-		if($accountDefaultPremiumPoints > 0) {
-			$new_account->setCustomField('premium_points', $accountDefaultPremiumPoints);
-		}
-
-		$accountDefaultCoins = setting('core.account_coins');
-		if($db->hasColumn('accounts', 'coins') && $accountDefaultCoins > 0) {
-			$new_account->setCustomField('coins', $accountDefaultCoins);
+		if(setting('core.account_premium_points') && setting('core.account_premium_points') > 0) {
+			$new_account->setCustomField('premium_points', setting('core.account_premium_points'));
 		}
 
 		$tmp_account = $email;

system/pages/account/redirect.php

@@ -0,0 +1,23 @@
+<?php
+/**
+ * Change comment
+ *
+ * @package   MyAAC
+ * @author    Gesior <jerzyskalski@wp.pl>
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2019 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+$redirect = urldecode($_REQUEST['redirect']);
+
+// should never happen, unless hacker modify the URL
+if (!str_contains($redirect, BASE_URL)) {
+	error('Fatal error: Cannot redirect outside the website.');
+	return;
+}
+
+$twig->display('account.redirect.html.twig', array(
+	'redirect' => $redirect
+));

system/router.php

@@ -129,14 +129,14 @@ $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r)
 		return ($a[3] < $b[3]) ? -1 : 1;
 	});
 
-	$aliases = [
-		[':int', ':string', ':alphanum'],
-		[':\d+', ':[A-Za-z0-9-_%+\' ]+', ':[A-Za-z0-9]+'],
-	];
-
 	// remove duplicates
 	// if same route pattern, but different priority
-	$routesFinal = array_filter($routesFinal, function ($a) use ($aliases) {
+	$routesFinal = array_filter($routesFinal, function ($a) {
+		$aliases = [
+			[':int', ':string', ':alphanum'],
+			[':\d+', ':[A-Za-z0-9-_%+\' ]+', ':[A-Za-z0-9]+'],
+		];
+
 		// apply aliases
 		$a[1] = str_replace($aliases[0], $aliases[1], $a[1]);
 
@@ -171,15 +171,15 @@ $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r)
 			$route[0] = array_map($toUpperCase, $route[0]);
 		}
 
+		$aliases = [
+			[':int', ':string', ':alphanum'],
+			[':\d+', ':[A-Za-z0-9-_%+\' ]+', ':[A-Za-z0-9]+'],
+		];
+
 		// apply aliases
 		$route[1] = str_replace($aliases[0], $aliases[1], $route[1]);
 
-		try {
-			$r->addRoute($route[0], $route[1], $route[2]);
-		}
-		catch (\Exception $e) {
-			// duplicated route, just ignore
-		}
+		$r->addRoute($route[0], $route[1], $route[2]);
 	}
 
 	if (config('env') === 'dev') {
@@ -252,7 +252,7 @@ else {
 
 				$success = false;
 				$tmp_content = getCustomPage($pageName, $success);
-				if ($success && $hooks->trigger(HOOK_BEFORE_PAGE_CUSTOM)) {
+				if ($success) {
 					$content .= $tmp_content;
 					if (hasFlag(FLAG_CONTENT_PAGES) || superAdmin()) {
 						$pageInfo = getCustomPageInfo($pageName);
@@ -260,8 +260,6 @@ else {
 							) . $content;
 					}
 
-					$hooks->trigger(HOOK_AFTER_PAGE_CUSTOM);
-
 					$page = $pageName;
 					$file = false;
 				}

system/routes.php

@@ -22,11 +22,11 @@ return [
 	['GET', 'account/confirm-email/{hash:alphanum}', 'account/confirm-email.php'],
 
 	['GET', 'bans/{page:int}', 'bans.php'],
-	[['GET', 'POST'], 'characters/{name:[A-Za-z0-9-_%+\' \[\]]+}', 'characters.php'],
-	['GET', 'changelog/{page:int}', 'changelog.php'],
-	[['GET', 'POST'], 'monsters/{name:string}', 'monsters.php'],
+	[['GET', 'POST'], 'characters[/{name:string}]', 'characters.php'],
+	['GET', 'changelog[/{page:int}]', 'changelog.php'],
+	[['GET', 'POST'], 'monsters[/{name:string}]', 'monsters.php'],
 
-	[['GET', 'POST'], 'faq/{action:string}', 'faq.php'],
+	[['GET', 'POST'], 'faq[/{action:string}]', 'faq.php'],
 
 	[['GET', 'POST'], 'forum/{action:string}', 'forum.php'],
 	['GET', 'forum/board/{id:int}', 'forum/show_board.php'],

system/settings.php

@@ -19,15 +19,6 @@ $templates = Cache::remember('templates', 5 * 60, function () {
 });
 $defaultTemplate = in_array('kathrine', $templates) ? 'kathrine' : $templates[0];
 
-global $db;
-
-if (!IS_CLI) {
-	require SYSTEM . 'base.php';
-
-	$serverUrl = 'http' . (isHttps() ? 's' : '') . '://' . $baseHost;
-	$siteURL = $serverUrl . $baseDir;
-}
-
 return [
 	'name' => 'MyAAC',
 	'settings' => [
@@ -39,13 +30,6 @@ return [
 			'type' => 'section',
 			'title' => 'General'
 		],
-		'site_url' => [
-			'name' => 'Website URL',
-			'type' => 'text',
-			'desc' => 'Website address of this MyAAC instance',
-			'default' => IS_CLI ? '' : $siteURL,
-			'is_config' => true,
-		],
 		'env' => [
 			'name' => 'App Environment',
 			'type' => 'options',
@@ -690,13 +674,6 @@ Sent by MyAAC,<br/>
 			'desc' => 'Default premium points on new account',
 			'default' => 0,
 		],
-		'account_coins' => [
-			'name' => 'Default Account Coins',
-			'type' => 'number',
-			'desc' => 'Default coins on new account',
-			'hidden' => ($db && !$db->hasColumn('accounts', 'coins')),
-			'default' => 0,
-		],
 		'account_mail_change' => [
 			'name' => 'Account Mail Change Days',
 			'type' => 'number',

system/src/Hook.php

@@ -38,8 +38,6 @@ class Hook
 	}
 
 	public function executeFilter(&$args) {
-		global $db, $config, $template_path, $ots, $content, $twig;
-
 		return include BASE . $this->_file;
 	}
 

system/src/Plugins.php

@@ -11,25 +11,6 @@ class Plugins {
 	private static $error = null;
 	private static $plugin_json = [];
 
-	public static function getInits()
-	{
-		return Cache::remember('plugins_inits', 10 * 60, function () {
-			$inits = [];
-			foreach(self::getAllPluginsJson() as $plugin) {
-				if (!self::getAutoLoadOption($plugin, 'init', false)) {
-					continue;
-				}
-
-				$pluginInits = glob(PLUGINS . $plugin['filename'] . '/init.php');
-				foreach ($pluginInits as $path) {
-					$inits[] = $path;
-				}
-			}
-
-			return $inits;
-		});
-	}
-
 	public static function getAdminPages()
 	{
 		return Cache::remember('plugins_admin_pages', 10 * 60, function () {

system/src/global.php

@@ -8,9 +8,7 @@ $i = 0;
 define('HOOK_INIT', ++$i);
 define('HOOK_STARTUP', ++$i);
 define('HOOK_BEFORE_PAGE', ++$i);
-define('HOOK_BEFORE_PAGE_CUSTOM', ++$i);
 define('HOOK_AFTER_PAGE', ++$i);
-define('HOOK_AFTER_PAGE_CUSTOM', ++$i);
 define('HOOK_FINISH', ++$i);
 define('HOOK_TIBIACOM_ARTICLE', ++$i);
 define('HOOK_TIBIACOM_BORDER_3', ++$i);
@@ -104,6 +102,7 @@ define('HOOK_FILTER_ROUTES', ++$i);
 define('HOOK_FILTER_TWIG_DISPLAY', ++$i);
 define('HOOK_FILTER_TWIG_RENDER', ++$i);
 define('HOOK_FILTER_THEME_FOOTER', ++$i);
+define('HOOK_FILTER_POT', ++$i);
 
 const HOOK_FIRST = HOOK_INIT;
 define('HOOK_LAST', $i);

system/templates/account.generate_recovery_key.html.twig

@@ -32,14 +32,14 @@ To generate recovery key for your account please enter your password.<br/><br/>
 		</td>
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0">
-				<tr>
-					<td style="border: 0;">
-						<form action="{{ getLink('account/manage') }}" method="post">
-							{{ csrf() }}
+				<form action="{{ getLink('account/manage') }}" method="post">
+					{{ csrf() }}
+					<tr>
+						<td style="border: 0;">
 							{{ include('buttons.back.html.twig') }}
-						</form>
-					</td>
-				</tr>
+						</td>
+					</tr>
+				</form>
 			</table>
 		</td>
 	</tr>

system/templates/install.config.html.twig

@@ -9,7 +9,7 @@
 <form action="{{ constant('BASE_URL') }}install/" method="post" autocomplete="off">
 	<input type="hidden" name="step" id="step" value="database" />
 
-	{% for value in ['site_url', 'server_path'] %}
+	{% for value in ['server_path'] %}
 	<div class="form-group mb-2">
 		<label for="vars_{{ value }}">{{ locale['step_config_' ~ value]  }}</label>
 		<input class="form-control" type="{% if value == 'mail_admin' %}email{% else %}text{% endif %}" name="vars[{{ value }}]" id="vars_{{ value }}"{% if session['var_' ~ value] is not null %} value="{{ session['var_' ~ value] }}"{% endif %}/>

system/templates/tinymce.html.twig

@@ -8,7 +8,7 @@
 			selector: "#editor",
 			content_css: '{{ constant('ADMIN_URL') }}template/style.css',
 			theme: "silver",
-			plugins: 'preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media codesample table charmap pagebreak nonbreaking anchor insertdatetime advlist lists wordcount help code emoticons',
+			plugins: 'preview searchreplace autolink directionality visualblocks visualchars fullscreen image link media template codesample table charmap pagebreak nonbreaking anchor insertdatetime advlist lists wordcount help code emoticons',
 			toolbar1: 'formatselect | bold italic strikethrough forecolor backcolor | emoticons link | alignleft aligncenter alignright alignjustify  | numlist bullist outdent indent  | removeformat code',
 			resize: 'both',
 			image_advtab: true,
@@ -23,8 +23,6 @@
 				{title: 'Colored Table', value: 'myaac-table'},
 			],
 
-			license_key: 'gpl',
-
 			setup: function (ed) {
 				ed.on('NodeChange', function (e) {
 					if (ed.getContent() !== lastContent) {

templates/tibiacom/account.management.html.twig

@@ -11,14 +11,13 @@
 					<td width="100%"></td>
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0" >
-							<tr>
-								<td style="border:0;">
-									<form action="{{ getLink('account/logout') }}" method="post" >
-										{{ csrf() }}
+							<form action="{{ getLink('account/logout') }}" method="post" >
+								<tr>
+									<td style="border:0px;">
 										{{ include('buttons.logout.html.twig') }}
-									</form>
-								</td>
-							</tr>
+									</td>
+								</tr>
+							</form>
 						</table>
 					</td>
 				</tr>
@@ -60,14 +59,13 @@
 			</table>
 			<div style="text-align:center">
 				<table border="0" cellspacing="0" cellpadding="0" style="margin-left: auto; margin-right: auto;">
-					<tr>
-						<td style="border:0;">
-							<form action="{{ getLink('account/register') }}" method="post">
-								{{ csrf() }}
+					<form action="{{ getLink('account/register') }}" method="post">
+						<tr>
+							<td style="border:0;">
 								{{ include('buttons.register_account.html.twig') }}
-							</form>
-						</td>
-					</tr>
+							</td>
+						</tr>
+					</form>
 				</table>
 			</div>
 		</div>
@@ -96,14 +94,13 @@
 			</table>
 			<div style="text-align:center">
 				<table border="0" cellspacing="0" cellpadding="0">
-					<tr>
-						<td style="border:0;">
-							<form action="{{ getLink('account/change-email') }}" method="post">
-								{{ csrf() }}
+					<form action="{{ getLink('account/change-email') }}" method="post">
+						<tr>
+							<td style="border:0px;">
 								{{ include('buttons.edit.html.twig') }}
-							</form>
-						</td>
-					</tr>
+							</td>
+						</tr>
+					</form>
 				</table>
 			</div>
 		</div>
@@ -180,29 +177,26 @@
 				<tr>
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
-							<tr>
-								<td style="border:0;" >
-									<form action="{{ getLink('account/change-password') }}" method="post">
-										{{ csrf() }}
+							<form action="{{ getLink('account/change-password') }}" method="post">
+								<tr>
+									<td style="border:0px;" >
 										{{ include('buttons.change_password.html.twig') }}
-									</form>
-								</td>
-							</tr>
+									</td>
+								</tr>
+							</form>
 						</table>
 					</td>
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
-							<tr>
-								<td style="border:0;">
-									<form action="{{ getLink('account/change-email') }}" method="post">
-										{{ csrf() }}
-
+							<form action="{{ getLink('account/change-email') }}" method="post">
+								<tr>
+									<td style="border:0px;">
 										<input type="hidden" name="newemail" value=""/>
 										<input type="hidden" name="newemaildate" value="0">
 										{{ include('buttons.change_email.html.twig') }}
-									</form>
-								</td>
-							</tr>
+									</td>
+								</tr>
+							</form>
 						</table>
 					</td>
 					<td width="100%"></td>
@@ -210,14 +204,13 @@
 					{% if recovery_key is empty %}
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
-							<tr>
-								<td style="border:0;">
-									<form action="{{ getLink('account/register') }}" method="post">
-										{{ csrf() }}
+							<form action="{{ getLink('account/register') }}" method="post">
+								<tr>
+									<td style="border:0px;">
 										{{ include('buttons.register_account.html.twig') }}
-									</form>
-								</td>
-							</tr>
+									</td>
+								</tr>
+							</form>
 						</table>
 					</td>
 					{% endif %}
@@ -265,14 +258,13 @@
 							</td>
 							<td align=right>
 								<table border="0" cellspacing="0" cellpadding="0">
-									<tr>
-										<td style="border:0;">
-											<form action="{{ getLink('account/change-info') }}" method="post">
-												{{ csrf() }}
+									<form action="{{ getLink('account/change-info') }}" method="post">
+										<tr>
+											<td style="border:0px;">
 												{{ include('buttons.edit.html.twig') }}
-											</form>
-										</td>
-									</tr>
+											</td>
+										</tr>
+									</form>
 								</table>
 							</td>
 						</tr>
@@ -406,9 +398,8 @@
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0" >
 							<tr>
-								<td style="border:0;">
+								<td style="border:0px;">
 									<form action="{{ getLink('account/characters/create') }}" method="post" >
-										{{ csrf() }}
 										{{ include('buttons.create_character.html.twig') }}
 									</form>
 								</td>
@@ -419,9 +410,8 @@
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0" >
 							<tr>
-								<td style="border:0;">
+								<td style="border:0px;">
 									<form action="{{ getLink('account/characters/change-name') }}" method="post" >
-										{{ csrf() }}
 										{{ include('buttons.change_name.html.twig') }}
 									</form>
 								</td>
@@ -433,9 +423,8 @@
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0" >
 							<tr>
-								<td style="border:0;">
+								<td style="border:0px;">
 									<form action="{{ getLink('account/characters/change-sex') }}" method="post">
-										{{ csrf() }}
 										{{ include('buttons.change_sex.html.twig') }}
 									</form>
 								</td>
@@ -447,9 +436,8 @@
 					<td>
 						<table border="0" cellspacing="0" cellpadding="0">
 							<tr>
-								<td style="border: 0;">
+								<td style="border: 0px;">
 									<form action="{{ getLink('account/characters/delete') }}" method="post">
-										{{ csrf() }}
 										{{ include('buttons.delete_character.html.twig') }}
 									</form>
 								</td>