Change message

+ rework the whole concept, based on new table for email hashes
This make it possible that every email will work, not matter if first or last

CHANGELOG-1.x.md

@@ -1,5 +1,21 @@
 # Changelog
 
+## [1.8.2 - 26.09.2025]
+
+### Added
+* Routes: Possibility to override routes with plugins pages, like characters.php - No need to define routes in plugin.json anymore (https://github.com/slawkens/myaac/commit/3f24f961b1cdeff5c60387e837ae454448bc5e1b)
+
+### Changed
+* Style: Better look for myaac-table (https://github.com/slawkens/myaac/commit/a6032093b21e5bb3f0e75d2704da87d6dea6469d, https://github.com/slawkens/myaac/commit/5aa9bbf1c8e580d973ec82ac012489f8e7bc437e)
+
+### Fixed
+* Install: Fix when config.local.php cannot be saved (https://github.com/slawkens/myaac/commit/4eab805d26d8c5562b29ed699769919d77dabced)
+* Create Account: Fix an exception when email cannot be sent (https://github.com/slawkens/myaac/commit/d0112d1a67e8b854b65ad131f0375b79305df8d3)
+* Login Page: Add missing csrf() - fix create account button (https://github.com/slawkens/myaac/commit/3c0cb53e17dd0b85394cfa0fdc9cf9ad8d4551df)
+* tibiacom template: Fix account lost menu (https://github.com/slawkens/myaac/commit/ed9beaf2b6ca069e304e569c52e5b9188b58f05c)
+* tibiacom template: Fix Menu div wrong tag/closing (#329) (https://github.com/slawkens/myaac/commit/85e7005fd3f0be51466151a3c122b96085fdfe68)
+* tibiacom template: Replace firstChild with firstElementChild (Thanks to @un000000) (https://github.com/slawkens/myaac/commit/df7b6e29fb8875da97f431468c81ee99116271d9)
+
 ## [1.8.1 - 05.09.2025]
 
 ### Added

admin/pages/players.php

@@ -669,11 +669,17 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="lastip" class="control-label">Last IP:</label>
 										<input type="text" class="form-control" id="lastip" name="lastip" autocomplete="off" maxlength="10" value="<?php
-										if (strlen($player->getLastIP()) > 11) {
+										$lastIPColumnInfo = $db->getColumnInfo('players', 'lastip');
-											echo inet_ntop($player->getLastIP());
+										if ($lastIPColumnInfo && is_array($lastIPColumnInfo)) {
+											if (str_contains($lastIPColumnInfo['type'], 'varbinary')) {
+												echo inet_ntop($player->getLastIP());
+											}
+											else {
+												echo longToIp($player->getLastIP());
+											}
 										}
 										else {
-											echo longToIp($player->getLastIP());
+											echo 'Error';
 										}
 										?>" readonly/>
 									</div>

common.php

@@ -26,8 +26,8 @@
 if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
 
 const MYAAC = true;
-const MYAAC_VERSION = '1.8.1';
+const MYAAC_VERSION = '1.8.3-dev';
-const DATABASE_VERSION = 45;
+const DATABASE_VERSION = 46;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));

install/includes/schema.sql

@@ -1,4 +1,4 @@
-SET @myaac_database_version = 45;
+SET @myaac_database_version = 46;
 
 CREATE TABLE `myaac_account_actions`
 (
@@ -10,6 +10,15 @@ CREATE TABLE `myaac_account_actions`
 	KEY (`account_id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 
+CREATE TABLE `myaac_account_emails_verify`
+(
+	`id` int NOT NULL AUTO_INCREMENT,
+	`account_id` int NOT NULL,
+	`hash` varchar(32) NOT NULL,
+	`sent_at` int NOT NULL DEFAULT 0,
+	PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
+
 CREATE TABLE `myaac_admin_menu`
 (
 	`id` int NOT NULL AUTO_INCREMENT,

install/steps/5-database.php

@@ -42,45 +42,44 @@ if(!$error) {
 	$configToSave['cache_prefix'] = 'myaac_' . generateRandomString(8, true, false, true);
 	$configToSave['database_auto_migrate'] = true;
 
-	if(!$error) {
+	$content = '';
-		$content = '';
+	$saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content);
-		$saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content);
+	if ($saved || file_exists(BASE . 'config.local.php')) {
-		if ($saved) {
+		success($locale['step_database_config_saved']);
-			success($locale['step_database_config_saved']);
+		$_SESSION['saved'] = true;
-			$_SESSION['saved'] = true;
 
-			require BASE . 'config.local.php';
+		require BASE . 'config.local.php';
-			require BASE . 'install/includes/config.php';
+		require BASE . 'install/includes/config.php';
 
-			if (!$error) {
+		if (!$error) {
-				require BASE . 'install/includes/database.php';
+			require BASE . 'install/includes/database.php';
 
-				if (isset($database_error)) { // we failed connect to the database
+			if (isset($database_error)) { // we failed connect to the database
-					error($database_error);
+				error($database_error);
+			}
+			else {
+				if (!$db->hasTable('accounts')) {
+					$tmp = str_replace('$TABLE$', 'accounts', $locale['step_database_error_table']);
+					error($tmp);
+					$error = true;
 				}
-				else {
-					if (!$db->hasTable('accounts')) {
-						$tmp = str_replace('$TABLE$', 'accounts', $locale['step_database_error_table']);
-						error($tmp);
-						$error = true;
-					}
 
-					if (!$error) {
+				if (!$error) {
-						$twig->display('install.installer.html.twig', array(
+					$twig->display('install.installer.html.twig', array(
-							'url' => 'tools/5-database.php',
+						'url' => 'tools/5-database.php',
-							'message' => $locale['loading_spinner']
+						'message' => $locale['loading_spinner']
-						));
+					));
-					}
 				}
 			}
-		} else {
-			$_SESSION['config_content'] = $content;
-			unset($_SESSION['saved']);
-
-			$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.php</b>', $locale['step_database_error_file']);
-			error($locale['step_database_error_file'] . '<br/>
-				<textarea cols="70" rows="10">' . $content . '</textarea>');
 		}
+	} else {
+		$error = true;
+		$_SESSION['config_content'] = $content;
+		unset($_SESSION['saved']);
+
+		$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.local.php</b>', $locale['step_database_error_file']);
+		error($locale['step_database_error_file'] . '<br/>
+			<textarea cols="70" rows="10">' . $content . '</textarea>');
 	}
 }
 ?>

install/tools/5-database.php

@@ -102,18 +102,13 @@ if(!$db->hasColumn('accounts', 'web_flags')) {
 		success($locale['step_database_adding_field'] . ' accounts.web_flags...');
 }
 
-if(!$db->hasColumn('accounts', 'email_hash')) {
-	if(query("ALTER TABLE `accounts` ADD `email_hash` VARCHAR(32) NOT NULL DEFAULT '' AFTER `web_flags`;"))
-		success($locale['step_database_adding_field'] . ' accounts.email_hash...');
-}
-
 if(!$db->hasColumn('accounts', 'email_verified')) {
-	if(query("ALTER TABLE `accounts` ADD `email_verified` TINYINT(1) NOT NULL DEFAULT 0 AFTER `email_hash`;"))
+	if(query("ALTER TABLE `accounts` ADD `email_verified` TINYINT(1) NOT NULL DEFAULT 0 AFTER `web_flags`;"))
 		success($locale['step_database_adding_field'] . ' accounts.email_verified...');
 }
 
 if(!$db->hasColumn('accounts', 'email_new')) {
-	if(query("ALTER TABLE `accounts` ADD `email_new` VARCHAR(255) NOT NULL DEFAULT '' AFTER `email_hash`;"))
+	if(query("ALTER TABLE `accounts` ADD `email_new` VARCHAR(255) NOT NULL DEFAULT '' AFTER `email_verified`;"))
 		success($locale['step_database_adding_field'] . ' accounts.email_new...');
 }
 

system/compat/config.php

@@ -81,6 +81,7 @@ $deprecatedConfig = [
 	'account_change_character_name_points' => 'account_change_character_name_price',
 	'account_change_character_sex',
 	'account_change_character_sex_points' => 'account_change_character_name_price',
+	'email_lai_sec_interval' => 'mail_lost_account_interval',
 ];
 
 foreach ($deprecatedConfig as $key => $value) {

system/functions.php

@@ -1142,10 +1142,18 @@ function getTopPlayers($limit = 5, $skill = 'level') {
 			'looktype', 'lookhead', 'lookbody', 'looklegs', 'lookfeet'
 		];
 
+		if ($db->hasColumn('players', 'promotion')) {
+			$columns[] = 'promotion';
+		}
+
 		if ($db->hasColumn('players', 'lookaddons')) {
 			$columns[] = 'lookaddons';
 		}
 
+		if ($db->hasColumn('players', 'lookmount')) {
+			$columns[] = 'lookmount';
+		}
+
 		return Player::query()
 			->select($columns)
 			->withOnlineStatus()

system/libs/pot/OTS_DB_MySQL.php

@@ -26,10 +26,11 @@ use MyAAC\Cache\Cache;
  */
 class OTS_DB_MySQL extends OTS_Base_DB
 {
-	private $has_table_cache = array();
+	private array $has_table_cache = [];
-	private $has_column_cache = array();
+	private array $has_column_cache = [];
+	private array $get_column_info_cache = [];
 
-	private $clearCacheAfter = false;
+	private bool $clearCacheAfter = false;
 /**
  * Creates database connection.
  *
@@ -119,6 +120,11 @@ class OTS_DB_MySQL extends OTS_Base_DB
 				if($cache->fetch('database_columns', $tmp) && $tmp) {
 					$this->has_column_cache = unserialize($tmp);
 				}
+
+				$tmp = null;
+				if($cache->fetch('database_columns_info', $tmp) && $tmp) {
+					$this->get_column_info_cache = unserialize($tmp);
+				}
 			}
 		}
 
@@ -155,11 +161,13 @@ class OTS_DB_MySQL extends OTS_Base_DB
 			if ($this->clearCacheAfter) {
 				$cache->delete('database_tables');
 				$cache->delete('database_columns');
+				$cache->delete('database_columns_info');
 				$cache->delete('database_checksum');
 			}
 			else {
 				$cache->set('database_tables', serialize($this->has_table_cache), 3600);
 				$cache->set('database_columns', serialize($this->has_column_cache), 3600);
+				$cache->set('database_columns_info', serialize($this->get_column_info_cache), 3600);
 				$cache->set('database_checksum', serialize(sha1($config['database_host'] . '.' . $config['database_name'])), 3600);
 			}
 		}
@@ -209,7 +217,8 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return $sql;
 	}
 
-	public function hasTable($name) {
+	public function hasTable($name): bool
+	{
 		if(isset($this->has_table_cache[$name])) {
 			return $this->has_table_cache[$name];
 		}
@@ -217,12 +226,13 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return $this->hasTableInternal($name);
 	}
 
-	private function hasTableInternal($name) {
+	private function hasTableInternal($name): bool
-		global $config;
+	{
-		return ($this->has_table_cache[$name] = $this->query('SELECT `TABLE_NAME` FROM `information_schema`.`tables` WHERE `TABLE_SCHEMA` = ' . $this->quote($config['database_name']) . ' AND `TABLE_NAME` = ' . $this->quote($name) . ' LIMIT 1;')->rowCount() > 0);
+		return ($this->has_table_cache[$name] = $this->query('SELECT `TABLE_NAME` FROM `information_schema`.`tables` WHERE `TABLE_SCHEMA` = ' . $this->quote(config('database_name')) . ' AND `TABLE_NAME` = ' . $this->quote($name) . ' LIMIT 1;')->rowCount() > 0);
 	}
 
-	public function hasColumn($table, $column) {
+	public function hasColumn($table, $column): bool
+	{
 		if(isset($this->has_column_cache[$table . '.' . $column])) {
 			return $this->has_column_cache[$table . '.' . $column];
 		}
@@ -230,8 +240,8 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return $this->hasColumnInternal($table, $column);
 	}
 
-	private function hasColumnInternal($table, $column) {
+	private function hasColumnInternal($table, $column): bool {
-		return $this->hasTable($table) && ($this->has_column_cache[$table . '.' . $column] = count($this->query('SHOW COLUMNS FROM `' . $table . "` LIKE '" . $column . "'")->fetchAll()) > 0);
+		return $this->hasTable($table) && ($this->has_column_cache[$table . '.' . $column] = count($this->query('SHOW COLUMNS FROM `' . $table . "` LIKE " . $this->quote($column))->fetchAll()) > 0);
 	}
 
 	public function hasTableAndColumns(string $table, array $columns = []): bool
@@ -247,7 +257,53 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return true;
 	}
 
-	public function revalidateCache() {
+	public function getColumnInfo(string $table, string $column): bool|array
+	{
+		if(isset($this->get_column_info_cache[$table . '.' . $column])) {
+			return $this->get_column_info_cache[$table . '.' . $column];
+		}
+
+		return $this->getColumnInfoInternal($table, $column);
+	}
+
+	private function getColumnInfoInternal(string $table, string $column): bool|array
+	{
+		if (!$this->hasTable($table) || !$this->hasColumn($table, $column)) {
+			return false;
+		}
+
+		$formatResult = function ($result) {
+			return [
+				'field' => $result['Field'],
+				'type' => $result['Type'],
+				'null' => strtolower($result['Null']),
+				'default' => $result['Default'],
+				'extra' => $result['Extra'],
+			];
+		};
+
+		$query = $this->query('SHOW COLUMNS FROM `' . $table . "` LIKE " . $this->quote($column));
+		$rowCount = $query->rowCount();
+		if ($rowCount > 1) {
+			$tmp = [];
+
+			$results = $query->fetchAll(PDO::FETCH_ASSOC);
+			foreach ($results as $result) {
+				$tmp[] = $formatResult($result);
+			}
+
+			return ($this->get_column_info_cache[$table . '.' . $column] = $tmp);
+		}
+		else if ($rowCount == 1) {
+			$result = $query->fetch(PDO::FETCH_ASSOC);
+			return ($this->get_column_info_cache[$table . '.' . $column] = $formatResult($result));
+		}
+
+		return [];
+	}
+
+	public function revalidateCache(): void
+	{
 		foreach($this->has_table_cache as $key => $value) {
 			$this->hasTableInternal($key);
 		}
@@ -262,6 +318,21 @@ class OTS_DB_MySQL extends OTS_Base_DB
 				$this->hasColumnInternal($explode[0], $explode[1]);
 			}
 		}
+
+		foreach($this->get_column_info_cache as $key => $value) {
+			$explode = explode('.', $key);
+			if(!isset($this->has_table_cache[$explode[0]])) { // first check if table exist
+				$this->hasTableInternal($explode[0]);
+			}
+
+			if($this->has_table_cache[$explode[0]]) {
+				$this->hasColumnInternal($explode[0], $explode[1]);
+			}
+
+			if($this->has_table_cache[$explode[0]]) {
+				$this->getColumnInfoInternal($explode[0], $explode[1]);
+			}
+		}
 	}
 
 	public function setClearCacheAfter($clearCache)

system/migrations/46-account_emails_verify.sql

@@ -0,0 +1,8 @@
+CREATE TABLE `myaac_account_emails_verify`
+(
+	`id` int NOT NULL AUTO_INCREMENT,
+	`account_id` int NOT NULL,
+	`hash` varchar(32) NOT NULL,
+	`sent_at` int NOT NULL DEFAULT 0,
+	PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;

system/migrations/46.php

@@ -0,0 +1,24 @@
+<?php
+/**
+ * @var OTS_DB_MySQL $db
+ */
+
+$up = function () use ($db) {
+	if ($db->hasColumn('accounts', 'email_hash')) {
+		$db->dropColumn('accounts', 'email_hash');
+	}
+
+	if (!$db->hasTable(TABLE_PREFIX . 'account_emails_verify')) {
+		$db->query(file_get_contents(__DIR__ . '/46-account_emails_verify.sql'));
+	}
+};
+
+$down = function () use ($db) {
+	if (!$db->hasColumn('accounts', 'email_hash')) {
+		$db->addColumn('accounts', 'email_hash', "varchar(32) NOT NULL DEFAULT ''");
+	}
+
+	if ($db->hasTable(TABLE_PREFIX . 'account_emails_verify')) {
+		$db->dropTable(TABLE_PREFIX . 'account_emails_verify');
+	}
+};

system/pages/account/confirm-email.php

@@ -9,6 +9,7 @@
  */
 
 use MyAAC\Models\Account;
+use MyAAC\Models\AccountEmailVerify;
 
 defined('MYAAC') or die('Direct access not allowed!');
 
@@ -20,16 +21,20 @@ if(empty($hash)) {
 	return;
 }
 
-if(!Account::where('email_hash', $hash)->exists()) {
+// by default link is valid for 30 days
-	note("Your email couldn't be verified. Please contact staff to do it manually.");
+$accountEmailVerify = AccountEmailVerify::where('hash', $hash)->where('sent_at', '>', time() - 30 * 24 * 60 * 60)->first();
+if(!$accountEmailVerify) {
+	note("Wrong link or link has expired.");
 }
 else
 {
-	$accountModel = Account::where('email_hash', $hash)->where('email_verified', 0)->first();
+	$accountModel = Account::where('id', $accountEmailVerify->account_id)->where('email_verified', 0)->first();
 	if ($accountModel) {
 		$accountModel->email_verified = 1;
 		$accountModel->save();
 
+		AccountEmailVerify::where('account_id', $accountModel->id)->delete();
+
 		success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this. You can now <a href=' . getLink('account/manage') . '>log in</a>.');
 
 		$account = new OTS_Account();
@@ -39,6 +44,6 @@ else
 		}
 	}
 	else {
-		error('Link has expired.');
+		error('Your account is already verified.');
 	}
 }

system/pages/account/create.php

@@ -10,6 +10,7 @@
  */
 
 use MyAAC\CreateCharacter;
+use MyAAC\Models\AccountEmailVerify;
 
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Create Account';
@@ -244,7 +245,12 @@ if($save)
 		if(setting('core.mail_enabled') && setting('core.account_mail_verify'))
 		{
 			$hash = md5(generateRandomString(16, true, true) . $email);
-			$new_account->setCustomField('email_hash', $hash);
+
+			AccountEmailVerify::create([
+				'account_id' => $new_account->getId(),
+				'hash' => $hash,
+				'sent_at' => time(),
+			]);
 
 			$verify_url = getLink('account/confirm-email/' . $hash);
 			$body_html = $twig->render('mail.account.verify.html.twig', array(
@@ -268,8 +274,10 @@ if($save)
 			}
 			else
 			{
-				error('An error occorred while sending email! Account not created. Try again. For Admin: More info can be found in system/logs/mailer-error.log');
+				error('An error occurred while sending email! Account not created. Try again. For Admin: More info can be found in system/logs/mailer-error.log');
 				$new_account->delete();
+
+				return;
 			}
 		}
 		else

system/pages/account/login.php

@@ -48,7 +48,9 @@ if(!empty($login_account) && !empty($login_password))
 	)
 	{
 		if (setting('core.account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) {
-			$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.';
+			$link = getLink('account/resend-email-verify');
+			$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.<br/>' .
+				'You can resend the Email here: <a href="' . $link . '">' . $link . '</a>';
 		} else {
 			session_regenerate_id();
 			setSession('account', $account_logged->getId());

system/pages/account/resend-email-verify.php

@@ -0,0 +1,94 @@
+<?php
+
+use MyAAC\Models\AccountEmailVerify;
+
+defined('MYAAC') or die('Direct access not allowed!');
+
+$title = 'Resend Email';
+
+$errorWithBackButton = function ($msg) use ($twig) {
+	$errors = [$msg];
+
+	$twig->display('error_box.html.twig', ['errors' => $errors]);
+	$twig->display('account.back_button.html.twig', [
+		'action' => getLink('account/resend-email-verify'),
+	]);
+};
+
+if (!setting('core.mail_enabled') || !setting('core.account_mail_verify')) {
+	$errorWithBackButton('Resending email is not possible on this server.');
+	return;
+}
+
+$showForm = true;
+
+if (isset($_POST['submit']) && $_POST['submit'] == '1') {
+	$email = $_REQUEST['email'];
+
+	if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
+		$errorWithBackButton('Please enter valid Email.');
+		return;
+	}
+
+	$account = new OTS_Account();
+	$account->findByEMail($email);
+	if ($account->isLoaded()) {
+		if ($account->getCustomField('email_verified') == '1') {
+			$errorWithBackButton('This account is already verified! You can <a href=' . getLink('account/manage') . '>log in</a> on the website.');
+			return;
+		}
+
+		$accountEmailVerify = AccountEmailVerify::where('account_id', $account->getId())->orderBy('sent_at', 'DESC')->first();
+		if ($accountEmailVerify && time() - $accountEmailVerify->sent_at < 60) {
+			$errorWithBackButton('Only one Email per minute is allowed. Please try again later.');
+			return;
+		}
+
+		$tmp_account = $email;
+		if (!config('account_login_by_email')) {
+			$tmp_account = (USE_ACCOUNT_NAME ? $account->getName() : $account->getId());
+		}
+
+		$hash = md5(generateRandomString(16, true, true) . $email);
+
+		AccountEmailVerify::create([
+			'account_id' => $account->getId(),
+			'hash' => $hash,
+			'sent_at' => time(),
+		]);
+
+		$verify_url = getLink('account/confirm-email/' . $hash);
+		$body_html = $twig->render('mail.account.resend-email-verify.html.twig', array(
+			'account' => $tmp_account,
+			'verify_url' => generateLink($verify_url, $verify_url, true)
+		));
+
+		if (_mail($account->getEMail(), configLua('serverName') . ' - Verify Account', $body_html)) {
+			$message = "If account with this email exists - you will become an email with verification link.";
+			$showForm = false;
+		} else {
+			$message = "<p class='error'>An error occurred while sending email (<b>{$email}</b> )! Try again later. For Admin: More info can be found in system/logs/mailer-error.log</p>";
+		}
+	}
+	else {
+		$message = "<br />If account with this email exists - you will become an email with verification link.";
+		$showForm = false;
+	}
+
+	$twig->display('success.html.twig', array(
+		'title' => 'Verify Email Sent',
+		'description' => $message,
+	));
+}
+
+//show errors if not empty
+if (!empty($errors)) {
+	$twig->display('error_box.html.twig', ['errors' => $errors]);
+	$twig->display('account.back_button.html.twig', [
+		'action' => getLink('account/resend-email-verify'),
+	]);
+}
+
+if ($showForm) {
+	$twig->display('account.resend-email-verify.html.twig');
+}

system/router.php

@@ -88,25 +88,38 @@ if($logged && $account_logged && $account_logged->isLoaded()) {
 /**
  * Routes loading
  */
+$routesFinal = [];
 $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r) {
-	$routesFinal = [];
+	global $cache, $routesFinal;
+
 	foreach(getDatabasePages() as $page) {
 		$routesFinal[] = ['*', $page, '__database__/' . $page, 100];
 	}
 
+	$routes = require SYSTEM . 'routes.php';
 	Plugins::clearWarnings();
-	foreach (Plugins::getRoutes() as $route) {
+
-		$routesFinal[] = [$route[0], $route[1], $route[2], $route[3] ?? 1000];
+	foreach (Plugins::getRoutes() as $pluginRoute) {
+
+		$routesFinal[] = [$pluginRoute[0], $pluginRoute[1], $pluginRoute[2], $pluginRoute[3] ?? 1000];
+
+		// Possibility to override routes with plugins pages, like characters.php
+		foreach ($routes as &$route) {
+			if (str_contains($pluginRoute[2], 'pages/' . $route[2])) {
+				$route[2] = $pluginRoute[2];
+			}
+		}
 /*
 		echo '<pre>';
-		var_dump($route[1], $route[3], $route[2]);
+		var_dump($pluginRoute[1], $pluginRoute[3], $pluginRoute[2]);
 		echo '/<pre>';
 */
 	}
 
-	$routes = require SYSTEM . 'routes.php';
 	foreach ($routes as $route) {
-		if (!str_contains($route[2], '__redirect__') && !str_contains($route[2], '__database__')) {
+		if (!str_contains($route[2], '__redirect__') && !str_contains($route[2], '__database__')
+			&& !str_contains($route[2], 'plugins/')
+		) {
 			if (!is_file(BASE . 'system/pages/' . $route[2])) {
 				continue;
 			}
@@ -154,7 +167,7 @@ $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r)
 	echo '</pre>';
 	die;
 */
-	foreach ($routesFinal as $route) {
+	foreach ($routesFinal as &$route) {
 		if ($route[0] === '*') {
 			$route[0] = ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'HEAD'];
 		}
@@ -187,6 +200,10 @@ $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r)
 			log_append('router.log', $warning);
 		}
 	}
+
+	if ($cache->enabled()) {
+		$cache->set('routes_final', serialize($routesFinal), 10 * 365 * 24 * 60 * 60); // 10 years / infinite
+	}
 },
 	[
 		'cacheFile' => CACHE . 'route.cache',
@@ -201,7 +218,7 @@ $found = true;
 
 // old support for pages like /?subtopic=accountmanagement
 $page = $_REQUEST['p'] ?? ($_REQUEST['subtopic'] ?? '');
-if(!empty($page) && preg_match('/^[A-z0-9\-]+$/', $page)) {
+if(!empty($page) && preg_match('/^[A-z0-9\/\-]+$/', $page)) {
 	if (isset($_REQUEST['p'])) { // some plugins may require this
 		$_REQUEST['subtopic'] = $_REQUEST['p'];
 	}
@@ -210,9 +227,26 @@ if(!empty($page) && preg_match('/^[A-z0-9\-]+$/', $page)) {
 		require SYSTEM . 'compat/pages.php';
 	}
 
-	$file = loadPageFromFileSystem($page, $found);
+	$foundRoute = false;
-	if(!$found) {
+
-		$file = false;
+	$tmp = null;
+	if ($cache->enabled() && $cache->fetch('routes_final', $tmp)) {
+		$routesFinal = unserialize($tmp);
+	}
+
+	foreach ($routesFinal as $route) {
+		if ($page === $route[1]) {
+			$file = $route[2];
+			$foundRoute = true;
+			break;
+		}
+	}
+
+	if (!$foundRoute) {
+		$file = loadPageFromFileSystem($page, $found);
+		if(!$found) {
+			$file = false;
+		}
 	}
 }
 else {

system/src/Cache/Cache.php

@@ -115,6 +115,11 @@ class Cache
 			return unserialize($value);
 		}
 
+		// -1 for infinite cache
+		if ($ttl == -1) {
+			$ttl = 10 * 365 * 24 * 60 * 60; // 10 years should be enough
+		}
+
 		$value = $callback();
 		$cache->set($key, serialize($value), $ttl);
 		return $value;

system/src/Models/AccountEmailVerify.php

@@ -0,0 +1,15 @@
+<?php
+
+namespace MyAAC\Models;
+use Illuminate\Database\Eloquent\Model;
+
+class AccountEmailVerify extends Model
+{
+
+	protected $table = TABLE_PREFIX . 'account_emails_verify';
+
+	public $timestamps = false;
+
+	protected $fillable = ['account_id', 'hash', 'sent_at'];
+
+}

system/templates/account.resend-email-verify.html.twig

@@ -0,0 +1,45 @@
+Please enter your account Email address.<br/><br/>
+{% set title = 'Resend Email' %}
+{% set background = config('darkborder') %}
+{% set content %}
+	<table style="width:100%;">
+		<tr>
+			<td class="LabelV" >
+				<span><label for="email">Email Address:</label></span>
+			</td>
+			<td style="width:90%;">
+				<input type="email" form="form" id="email" name="email" size="30" maxlength="50" autofocus/>
+			</td>
+		</tr>
+	</table>
+{% endset %}
+{% include 'tables.headline.html.twig' %}
+<br/>
+<table style="width:100%;">
+	<tr align="center">
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0">
+				<tr>
+					<td style="border:0;">
+						<form id="form" action="{{ getLink('account/resend-email-verify') }}" method="post">
+							{{ csrf() }}
+							<input type="hidden" name="submit" value="1"/>
+							{{ include('buttons.submit.html.twig') }}
+						</form>
+					</td>
+				<tr>
+			</table>
+		</td>
+		<td>
+			<table border="0" cellspacing="0" cellpadding="0">
+				<tr>
+					<td style="border:0;">
+						<form action="{{ getLink('news') }}" method="post">
+							{{ include('buttons.back.html.twig') }}
+						</form>
+					</td>
+				</tr>
+			</table>
+		</td>
+	</tr>
+</table>

system/templates/characters.html.twig

@@ -9,7 +9,7 @@
 <table border="0" cellpadding="0" cellspacing="0" width="100%"><tr>
 	<td><img src="{{ template_path }}/images/general/blank.gif" width="10" height="1" border="0"></td>
 	<td>
-        {{ hook(constant('HOOK_CHARACTERS_BEFORE_INFORMATIONS')) }}
+        {{ hook('HOOK_CHARACTERS_BEFORE_INFORMATIONS') }}
 		{% if canEdit %}
 			<a href="{{ constant('ADMIN_URL') }}?p=players&id={{ player.getId() }}" title="Edit in Admin Panel" target="_blank">
 				<img src="images/edit.png"/>Edit
@@ -153,11 +153,11 @@
 				<td>{% if account.isPremium() %}Premium Account{% else %}Free Account{% endif %}</td>
 			</tr>
 		</table>
-		{{ hook(constant('HOOK_CHARACTERS_AFTER_INFORMATIONS')) }}
+		{{ hook('HOOK_CHARACTERS_AFTER_INFORMATIONS') }}
 		<br/>
 		<table border="0" width="100%">
 			<tr>
-				{{ hook(constant('HOOK_CHARACTERS_BEFORE_SKILLS')) }}
+				{{ hook('HOOK_CHARACTERS_BEFORE_SKILLS') }}
 
 				{% if config.characters.skills %}
 				<!-- SKILLS -->
@@ -179,7 +179,7 @@
 				<!-- SKILLS_END -->
 				{% endif %}
 
-				{{ hook(constant('HOOK_CHARACTERS_AFTER_SKILLS')) }}
+				{{ hook('HOOK_CHARACTERS_AFTER_SKILLS') }}
 
 				{% if quests_enabled %}
 				<!-- QUESTS -->
@@ -201,7 +201,7 @@
 				<!-- QUESTS_END -->
 				{% endif %}
 
-				{{ hook(constant('HOOK_CHARACTERS_AFTER_QUESTS')) }}
+				{{ hook('HOOK_CHARACTERS_AFTER_QUESTS') }}
 
 				{% if config.characters.equipment %}
 				<!-- EQUIPMENT -->
@@ -239,11 +239,11 @@
 				<!-- EQUIPMENT_END -->
 				{% endif %}
 
-				{{ hook(constant('HOOK_CHARACTERS_AFTER_EQUIPMENT')) }}
+				{{ hook('HOOK_CHARACTERS_AFTER_EQUIPMENT') }}
 			</tr>
 		</table>
 
-		{{ hook(constant('HOOK_CHARACTERS_BEFORE_DEATHS')) }}
+		{{ hook('HOOK_CHARACTERS_BEFORE_DEATHS') }}
 
 		{% if deaths|length > 0 %}
 		<!-- DEATHS -->
@@ -283,7 +283,7 @@
 		<!-- FRAGS_END -->
 		{% endif %}
 
-		{{ hook(constant('HOOK_CHARACTERS_BEFORE_SIGNATURE')) }}
+		{{ hook('HOOK_CHARACTERS_BEFORE_SIGNATURE') }}
 
 		{% if setting('core.signature_enabled') %}
 		<!-- SIGNATURE -->
@@ -327,7 +327,7 @@
 		</table>
 		<!-- SIGNATURE_END -->
 		{% endif %}
-		{{ hook(constant('HOOK_CHARACTERS_AFTER_SIGNATURE')) }}
+		{{ hook('HOOK_CHARACTERS_AFTER_SIGNATURE') }}
 		{% if not player.isHidden() %}
 		{% set rows = 0 %}
 		<!-- ACCOUNT_INFORMATION -->
@@ -377,7 +377,7 @@
 			</tr>
 		</table>
 		<!-- ACCOUNT_INFORMATION_END -->
-		{{ hook(constant('HOOK_CHARACTERS_AFTER_ACCOUNT')) }}
+		{{ hook('HOOK_CHARACTERS_AFTER_ACCOUNT') }}
 		<!-- CHARACTERS_LIST -->
 		<br/><br/>
 		<table border="0" cellspacing="1" cellpadding="4" width="100%">
@@ -421,7 +421,7 @@
 		</table>
 		<!-- CHARACTERS_LIST_END -->
 		{% endif %}
-		{{ hook(constant('HOOK_CHARACTERS_AFTER_CHARACTERS')) }}
+		{{ hook('HOOK_CHARACTERS_AFTER_CHARACTERS') }}
 		{% if canEdit %}
 			<a href="{{ constant('ADMIN_URL') }}?p=players&id={{ player.getId() }}" title="Edit in Admin Panel" target="_blank">
 				<img src="images/edit.png"/>Edit

system/templates/error_box.html.twig

@@ -9,7 +9,7 @@
 			<div class="AttentionSign" style="background-image:url({{ template_path }}/images/content/attentionsign.gif);"></div>
 			<b>The Following Errors Have Occurred:</b><br/>
 			{% for error in errors %}
-			<li>{{ error|striptags('<b>')|raw }}</li>
+			<li>{{ error|striptags('<b><a>')|raw }}</li>
 			{% endfor %}
 		</div>
 		<div class="BoxFrameHorizontal" style="background-image:url({{ template_path }}/images/content/box-frame-horizontal.gif);"></div>
@@ -17,4 +17,4 @@
 		<div class="BoxFrameEdgeLeftBottom" style="background-image:url({{ template_path }}/images/content/box-frame-edge.gif);"></div>
 	</div>
 </div>
-<br/>
+<br/>

system/templates/mail.account.resend-email-verify.html.twig

@@ -0,0 +1,7 @@
+Hello {{ account }}!<br/>
+<br/>
+You requested to resend the verify Email on {{ config.lua.serverName }}!<br/>
+<br/>
+
+To verify your email address please click the link below:<br/>
+{{ verify_url|raw }}

system/templates/online.html.twig

@@ -101,7 +101,7 @@
 
 	<tr>
 		<td class="LabelV150"><b>Location Datacenter:</b></td>
-		<td>{{ setting('core.online_datacenter') }} <small>(Server date & time: - {{ "now"|date("d/m/Y H:i:s") }})</small></td>
+		<td>{{ setting('core.online_datacenter')|raw }} <small>(Server date & time: - {{ "now"|date("d/m/Y H:i:s") }})</small></td>
 	</tr>
 	<tr>
 		<td class="LabelV150"><b>PvP Type:</b></td>

system/templates/tables.style.html.twig

@@ -1,6 +1,9 @@
 <style>
-	.myaac-table tbody tr:nth-child(even) {background: {{ config.lightborder }}}
+	.myaac-table {border-spacing: 1px;}
-	.myaac-table tbody tr:nth-child(odd) {background:  {{ config.darkborder }}}
+	.myaac-table > tbody > tr:nth-child(even) {background: {{ config.lightborder }}}
-	.myaac-table thead td {background: {{ config.vdarkborder }}; color: #ffffff !important;}
+	.myaac-table > tbody > tr:nth-child(odd) {background:  {{ config.darkborder }}}
-	.myaac-table tfoot td {background: {{ config.vdarkborder }}; color: #ffffff !important;}
+	.myaac-table > tbody > tr > td {padding: 4px; }
+	.myaac-table > thead > tr > td {padding: 4px; background: {{ config.vdarkborder }}; color: #ffffff !important;}
+	.myaac-table > thead > tr > th {padding: 4px; background: {{ config.vdarkborder }}; color: #ffffff !important;}
+	.myaac-table > tfoot > tr > td {padding: 4px; background: {{ config.vdarkborder }}; color: #ffffff !important;}
 </style>

system/twig.php

@@ -101,6 +101,10 @@ $twig->addFunction($function);
 $function = new TwigFunction('hook', function ($context, $hook, array $params = []) {
 	global $hooks;
 
+	if (config('hooks_debug')) {
+		note($hook);
+	}
+
 	if(is_string($hook)) {
 		if (defined($hook)) {
 			$hook = constant($hook);

templates/tibiacom/account.login.html.twig

@@ -130,6 +130,7 @@
 													<div style="float: right; margin-top: 20px;" >
 														{% apply spaceless %}
 														<form class="MediumButtonForm" action="{{ getLink('account/create') }}" method="post" >
+															{{ csrf() }}
 															<div class="MediumButtonBackground" style="background-image:url({{ template_path }}/images/global/buttons/mediumbutton.gif)" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);">
 																<div class="MediumButtonOver" style="background-image:url({{ template_path }}/images/global/buttons/mediumbutton-over.gif)" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);"></div>
 																<input class="MediumButtonText" type="image" name="Create Account" alt="Create Account" src="{{ template_path }}/images/global/buttons/mediumbutton_createaccount.png" />

templates/tibiacom/index.php

@@ -27,24 +27,18 @@ if(isset($config['boxes']))
 		var loginStatus="<?php echo ($logged ? 'true' : 'false'); ?>";
 		<?php
 			if(PAGE !== 'news') {
-				if(isset($_REQUEST['subtopic'])) {
+				$tmp = str_replace('/', '_', isset($_REQUEST['subtopic']) ? escapeHtml($_REQUEST['subtopic']) :  PAGE);
-					$tmp = escapeHtml($_REQUEST['subtopic']);
+				$exp = explode('/', PAGE);
-					if($tmp === 'accountmanagement') {
+				if(PAGE !== 'account/create' && PAGE !== 'account/lost' && isset($exp[1])) {
-						$tmp = 'accountmanage';
+					if ($exp[0] === 'account' && $exp[1] === 'lost') {
+						$tmp = 'account_lost';
+					} elseif ($exp[0] === 'account') {
+						$tmp = 'account_manage';
+					} else if ($exp[0] === 'news' && $exp[1] === 'archive') {
+						$tmp = 'news_archive';
 					}
-				}
+					else if (in_array($exp[0], ['characters', 'highscores', 'guilds', 'forum'])) {
-				else {
+						$tmp = $exp[0];
-					$tmp = str_replace('/', '_', PAGE);
-					$exp = explode('/', PAGE);
-					if(PAGE !== 'account/create' && PAGE !== 'account/lost' && isset($exp[1])) {
-						if ($exp[0] === 'account') {
-							$tmp = 'account_manage';
-						} else if ($exp[0] === 'news' && $exp[1] === 'archive') {
-							$tmp = 'news_archive';
-						}
-						else if (in_array($exp[0], ['characters', 'highscores', 'guilds', 'forum'])) {
-							$tmp = $exp[0];
-						}
 					}
 				}
 			}
@@ -90,24 +84,24 @@ if(isset($config['boxes']))
 		// mouse-over and click events of the loginbox
 		function MouseOverLoginBoxText(source)
 		{
-		  source.lastChild.style.visibility = "visible";
+		  source.lastElementChild.style.visibility = "visible";
-		  source.firstChild.style.visibility = "hidden";
+		  source.firstElementChild.style.visibility = "hidden";
 		}
 		function MouseOutLoginBoxText(source)
 		{
-		  source.firstChild.style.visibility = "visible";
+		  source.firstElementChild.style.visibility = "visible";
-		  source.lastChild.style.visibility = "hidden";
+		  source.lastElementChild.style.visibility = "hidden";
 		}
 		function LoginButtonAction()
 		{
-		  if(loginStatus == "false") {
+		  if(loginStatus === "false") {
 			window.location = "<?php echo getLink('account/manage'); ?>";
 		  } else {
 			window.location = "<?php echo getLink('account/manage'); ?>";
 		  }
 		}
 		function LoginstatusTextAction(source) {
-		  if(loginStatus == "false") {
+		  if(loginStatus === "false") {
 			window.location = "<?php echo getLink('account/create'); ?>";
 		  } else {
 			window.location = "<?php echo getLink('account/logout'); ?>";
@@ -226,11 +220,11 @@ if(isset($config['boxes']))
 		// mouse-over effects of menubuttons and submenuitems
 		function MouseOverMenuItem(source)
 		{
-		  source.firstChild.style.visibility = "visible";
+		  source.firstElementChild.style.visibility = "visible";
 		}
 		function MouseOutMenuItem(source)
 		{
-		  source.firstChild.style.visibility = "hidden";
+		  source.firstElementChild.style.visibility = "hidden";
 		}
 		function MouseOverSubmenuItem(source)
 		{
@@ -336,7 +330,7 @@ if(isset($config['boxes']))
     <div id="LoginBottom" class="Loginstatus" style="background-image:url(<?php echo $template_path; ?>/images/general/box-bottom.gif)" ></div>
   </div>
 
-<div-- id='Menu'>
+<div id='Menu'>
 <div id='MenuTop' style='background-image:url(<?php echo $template_path; ?>/images/general/box-top.gif);'></div>
 
 <?php
@@ -401,6 +395,7 @@ foreach($config['menu_categories'] as $id => $cat) {
 	<?php
 	}
 	?>
+</div>
 		<script type="text/javascript">
 			InitializePage();
         </script>

tools/basic.js

@@ -1,11 +1,11 @@
 function MouseOverBigButton(source) {
-	if (source?.firstChild?.style) {
+	if (source?.firstElementChild?.style) {
-		source.firstChild.style.visibility = "visible";
+		source.firstElementChild.style.visibility = "visible";
 	}
 }
 function MouseOutBigButton(source) {
-	if (source?.firstChild?.style) {
+	if (source?.firstElementChild?.style) {
-		source.firstChild.style.visibility = "hidden";
+		source.firstElementChild.style.visibility = "hidden";
 	}
 }
 function BigButtonAction(path) {