Merge branch 'main' into feature/refactor-account-lost

First attempt (#331 )
2025-10-30 23:46:24 +01:00 · 2025-09-28 19:15:34 +02:00 · 2025-09-28 19:14:24 +02:00 · 2025-09-28 19:00:51 +02:00 · 2025-09-28 16:21:31 +02:00 · 2025-09-28 16:10:58 +02:00
38 changed files with 1101 additions and 663 deletions
--- a/CHANGELOG-1.x.md
+++ b/CHANGELOG-1.x.md
@@ -1,5 +1,21 @@
 # Changelog

+## [1.8.2 - 26.09.2025]
+
+### Added
+* Routes: Possibility to override routes with plugins pages, like characters.php - No need to define routes in plugin.json anymore (https://github.com/slawkens/myaac/commit/3f24f961b1cdeff5c60387e837ae454448bc5e1b)
+
+### Changed
+* Style: Better look for myaac-table (https://github.com/slawkens/myaac/commit/a6032093b21e5bb3f0e75d2704da87d6dea6469d, https://github.com/slawkens/myaac/commit/5aa9bbf1c8e580d973ec82ac012489f8e7bc437e)
+
+### Fixed
+* Install: Fix when config.local.php cannot be saved (https://github.com/slawkens/myaac/commit/4eab805d26d8c5562b29ed699769919d77dabced)
+* Create Account: Fix an exception when email cannot be sent (https://github.com/slawkens/myaac/commit/d0112d1a67e8b854b65ad131f0375b79305df8d3)
+* Login Page: Add missing csrf() - fix create account button (https://github.com/slawkens/myaac/commit/3c0cb53e17dd0b85394cfa0fdc9cf9ad8d4551df)
+* tibiacom template: Fix account lost menu (https://github.com/slawkens/myaac/commit/ed9beaf2b6ca069e304e569c52e5b9188b58f05c)
+* tibiacom template: Fix Menu div wrong tag/closing (#329) (https://github.com/slawkens/myaac/commit/85e7005fd3f0be51466151a3c122b96085fdfe68)
+* tibiacom template: Replace firstChild with firstElementChild (Thanks to @un000000) (https://github.com/slawkens/myaac/commit/df7b6e29fb8875da97f431468c81ee99116271d9)
+
 ## [1.8.1 - 05.09.2025]

 ### Added
--- a/admin/pages/players.php
+++ b/admin/pages/players.php
@@ -669,11 +669,17 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="lastip" class="control-label">Last IP:</label>
 										<input type="text" class="form-control" id="lastip" name="lastip" autocomplete="off" maxlength="10" value="<?php
-										if (strlen($player->getLastIP()) > 11) {
-											echo inet_ntop($player->getLastIP());
+										$lastIPColumnInfo = $db->getColumnInfo('players', 'lastip');
+										if ($lastIPColumnInfo && is_array($lastIPColumnInfo)) {
+											if (str_contains($lastIPColumnInfo['type'], 'varbinary')) {
+												echo inet_ntop($player->getLastIP());
+											}
+											else {
+												echo longToIp($player->getLastIP());
+											}
 										}
 										else {
-											echo longToIp($player->getLastIP());
+											echo 'Error';
 										}
 										?>" readonly/>
 									</div>
--- a/common.php
+++ b/common.php
@@ -26,7 +26,7 @@
 if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');

 const MYAAC = true;
-const MYAAC_VERSION = '1.8.1';
+const MYAAC_VERSION = '1.8.3-dev';
 const DATABASE_VERSION = 45;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
--- a/install/steps/5-database.php
+++ b/install/steps/5-database.php
@@ -42,45 +42,44 @@ if(!$error) {
 	$configToSave['cache_prefix'] = 'myaac_' . generateRandomString(8, true, false, true);
 	$configToSave['database_auto_migrate'] = true;

-	if(!$error) {
-		$content = '';
-		$saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content);
-		if ($saved) {
-			success($locale['step_database_config_saved']);
-			$_SESSION['saved'] = true;
+	$content = '';
+	$saved = Settings::saveConfig($configToSave, BASE . 'config.local.php', $content);
+	if ($saved || file_exists(BASE . 'config.local.php')) {
+		success($locale['step_database_config_saved']);
+		$_SESSION['saved'] = true;

-			require BASE . 'config.local.php';
-			require BASE . 'install/includes/config.php';
+		require BASE . 'config.local.php';
+		require BASE . 'install/includes/config.php';

-			if (!$error) {
-				require BASE . 'install/includes/database.php';
+		if (!$error) {
+			require BASE . 'install/includes/database.php';

-				if (isset($database_error)) { // we failed connect to the database
-					error($database_error);
+			if (isset($database_error)) { // we failed connect to the database
+				error($database_error);
+			}
+			else {
+				if (!$db->hasTable('accounts')) {
+					$tmp = str_replace('$TABLE$', 'accounts', $locale['step_database_error_table']);
+					error($tmp);
+					$error = true;
 				}
-				else {
-					if (!$db->hasTable('accounts')) {
-						$tmp = str_replace('$TABLE$', 'accounts', $locale['step_database_error_table']);
-						error($tmp);
-						$error = true;
-					}

-					if (!$error) {
-						$twig->display('install.installer.html.twig', array(
-							'url' => 'tools/5-database.php',
-							'message' => $locale['loading_spinner']
-						));
-					}
+				if (!$error) {
+					$twig->display('install.installer.html.twig', array(
+						'url' => 'tools/5-database.php',
+						'message' => $locale['loading_spinner']
+					));
 				}
 			}
-		} else {
-			$_SESSION['config_content'] = $content;
-			unset($_SESSION['saved']);
-
-			$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.php</b>', $locale['step_database_error_file']);
-			error($locale['step_database_error_file'] . '<br/>
-				<textarea cols="70" rows="10">' . $content . '</textarea>');
 		}
+	} else {
+		$error = true;
+		$_SESSION['config_content'] = $content;
+		unset($_SESSION['saved']);
+
+		$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.local.php</b>', $locale['step_database_error_file']);
+		error($locale['step_database_error_file'] . '<br/>
+			<textarea cols="70" rows="10">' . $content . '</textarea>');
 	}
 }
 ?>
--- a/system/libs/pot/OTS_DB_MySQL.php
+++ b/system/libs/pot/OTS_DB_MySQL.php
@@ -26,10 +26,11 @@ use MyAAC\Cache\Cache;
 */
 class OTS_DB_MySQL extends OTS_Base_DB
 {
-	private $has_table_cache = array();
-	private $has_column_cache = array();
+	private array $has_table_cache = [];
+	private array $has_column_cache = [];
+	private array $get_column_info_cache = [];

-	private $clearCacheAfter = false;
+	private bool $clearCacheAfter = false;
 /**
 * Creates database connection.
 *
@@ -209,7 +210,8 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return $sql;
 	}

-	public function hasTable($name) {
+	public function hasTable($name): bool
+	{
 		if(isset($this->has_table_cache[$name])) {
 			return $this->has_table_cache[$name];
 		}
@@ -217,12 +219,13 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return $this->hasTableInternal($name);
 	}

-	private function hasTableInternal($name) {
-		global $config;
-		return ($this->has_table_cache[$name] = $this->query('SELECT `TABLE_NAME` FROM `information_schema`.`tables` WHERE `TABLE_SCHEMA` = ' . $this->quote($config['database_name']) . ' AND `TABLE_NAME` = ' . $this->quote($name) . ' LIMIT 1;')->rowCount() > 0);
+	private function hasTableInternal($name): bool
+	{
+		return ($this->has_table_cache[$name] = $this->query('SELECT `TABLE_NAME` FROM `information_schema`.`tables` WHERE `TABLE_SCHEMA` = ' . $this->quote(config('database_name')) . ' AND `TABLE_NAME` = ' . $this->quote($name) . ' LIMIT 1;')->rowCount() > 0);
 	}

-	public function hasColumn($table, $column) {
+	public function hasColumn($table, $column): bool
+	{
 		if(isset($this->has_column_cache[$table . '.' . $column])) {
 			return $this->has_column_cache[$table . '.' . $column];
 		}
@@ -230,8 +233,8 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return $this->hasColumnInternal($table, $column);
 	}

-	private function hasColumnInternal($table, $column) {
-		return $this->hasTable($table) && ($this->has_column_cache[$table . '.' . $column] = count($this->query('SHOW COLUMNS FROM `' . $table . "` LIKE '" . $column . "'")->fetchAll()) > 0);
+	private function hasColumnInternal($table, $column): bool {
+		return $this->hasTable($table) && ($this->has_column_cache[$table . '.' . $column] = count($this->query('SHOW COLUMNS FROM `' . $table . "` LIKE " . $this->quote($column))->fetchAll()) > 0);
 	}

 	public function hasTableAndColumns(string $table, array $columns = []): bool
@@ -247,6 +250,51 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return true;
 	}

+	public function getColumnInfo(string $table, string $column): bool|array
+	{
+		if(isset($this->get_column_info_cache[$table . '.' . $column])) {
+			return $this->get_column_info_cache[$table . '.' . $column];
+		}
+
+		return $this->getColumnInfoInternal($table, $column);
+	}
+
+	private function getColumnInfoInternal(string $table, string $column): bool|array
+	{
+		if (!$this->hasTable($table) || !$this->hasColumn($table, $column)) {
+			return false;
+		}
+
+		$formatResult = function ($result) {
+			return [
+				'field' => $result['Field'],
+				'type' => $result['Type'],
+				'null' => strtolower($result['Null']),
+				'default' => $result['Default'],
+				'extra' => $result['Extra'],
+			];
+		};
+
+		$query = $this->query('SHOW COLUMNS FROM `' . $table . "` LIKE " . $this->quote($column));
+		$rowCount = $query->rowCount();
+		if ($rowCount > 1) {
+			$tmp = [];
+
+			$results = $query->fetchAll(PDO::FETCH_ASSOC);
+			foreach ($results as $result) {
+				$tmp[] = $formatResult($result);
+			}
+
+			return ($this->get_column_info_cache[$table . '.' . $column] = $tmp);
+		}
+		else if ($rowCount == 1) {
+			$result = $query->fetch(PDO::FETCH_ASSOC);
+			return ($this->get_column_info_cache[$table . '.' . $column] = $formatResult($result));
+		}
+
+		return [];
+	}
+
 	public function revalidateCache() {
 		foreach($this->has_table_cache as $key => $value) {
 			$this->hasTableInternal($key);
--- a/system/pages/account/create.php
+++ b/system/pages/account/create.php
@@ -268,8 +268,10 @@ if($save)
 			}
 			else
 			{
-				error('An error occorred while sending email! Account not created. Try again. For Admin: More info can be found in system/logs/mailer-error.log');
+				error('An error occurred while sending email! Account not created. Try again. For Admin: More info can be found in system/logs/mailer-error.log');
 				$new_account->delete();
+
+				return;
 			}
 		}
 		else
--- a/system/pages/account/lost.php
+++ b/system/pages/account/lost.php
@@ -9,540 +9,11 @@
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = 'Lost Account Interface';
+$title = 'Lost Account';

-if(!setting('core.mail_enabled'))
-{
-	echo '<b>Account maker is not configured to send e-mails, you can\'t use Lost Account Interface. Contact with admin to get help.</b>';
+if(!setting('core.mail_enabled')) {
+	echo "<b>Account maker is not configured to send e-mails, you can't use Lost Account Interface. Contact with admin to get help.</b>";
 	return;
 }

-$action_type = isset($_REQUEST['action_type']) ? $_REQUEST['action_type'] : '';
-if($action == '')
-{
-	$twig->display('account.lost.form.html.twig');
-}
-else if($action == 'step1' && $action_type == '') {
-	$twig->display('account.lost.noaction.html.twig');
-}
-elseif($action == 'step1' && $action_type == 'email')
-{
-	$nick = stripslashes($_REQUEST['nick']);
-	if(Validator::characterName($nick))
-	{
-		$player = new OTS_Player();
-		$account = new OTS_Account();
-		$player->find($nick);
-		if($player->isLoaded())
-			$account = $player->getAccount();
-
-		if($account->isLoaded())
-		{
-			if($account->getCustomField('email_next') < time())
-				echo 'Please enter e-mail to account with this character.<BR>
-				<form action="' . getLink('account/lost') . '?action=sendcode" method=post>
-				<input type=hidden name="character">
-				<table cellspacing=1 cellpadding=4 border=0 width=100%>
-				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter e-mail to account</B></TD></TR>
-				<TR><TD BGCOLOR="'.$config['darkborder'].'">
-				Character: <INPUT TYPE=text NAME="nick" VALUE="'.$nick.'" SIZE="40" readonly="readonly"><BR>
-				E-mail to account:<INPUT TYPE=text NAME="email" VALUE="" SIZE="40"><BR>
-				</TD></TR>
-				</TABLE>
-				<BR>
-				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
-				' . $twig->render('buttons.submit.html.twig') . '</div>
-				</TD></TR></FORM></TABLE></TABLE>';
-			else
-			{
-				$insec = (int)$account->getCustomField('email_next') - time();
-				$minutesleft = floor($insec / 60);
-				$secondsleft = $insec - ($minutesleft * 60);
-				$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';
-				echo 'Account of selected character (<b>'.$nick.'</b>) received e-mail in last '.ceil(setting('core.mail_lost_account_interval') / 60).' minutes. You must wait '.$timeleft.' before you can use Lost Account Interface again.';
-			}
-		}
-		else
-			echo 'Player or account of player <b>' . $nick . '</b> doesn\'t exist.';
-	}
-	else
-		echo 'Invalid player name format. If you have other characters on account try with other name.';
-	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
-				<a href="' . getLink('account/lost') . '" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
-				</TD></TR></FORM></TABLE></TABLE>';
-}
-elseif($action == 'sendcode')
-{
-	$email = $_REQUEST['email'];
-	$nick = stripslashes($_REQUEST['nick']);
-	if(Validator::characterName($nick))
-	{
-		$player = new OTS_Player();
-		$account = new OTS_Account();
-		$player->find($nick);
-		if($player->isLoaded())
-			$account = $player->getAccount();
-
-		if($account->isLoaded())
-		{
-			if($account->getCustomField('email_next') < time())
-			{
-				if($account->getEMail() == $email)
-				{
-					$newcode = generateRandomString(30, true, false, true);
-					$mailBody = '
-					You asked to reset your ' . $config['lua']['serverName'] . ' password.<br/>
-					<p>Account name: '.$account->getName().'</p>
-					<br />
-					To do so, please click this link:
-					<p><a href="' . getLink('account/lost') . '?action=checkcode&code='.$newcode.'&character='.urlencode($nick).'">' . getLink('account/lost') . '?action=checkcode&code='.$newcode.'&character='.urlencode($nick).'</a></p>
-					<p>or open page: <i>' . getLink('account/lost') . '?action=checkcode</i> and in field "code" write <b>'.$newcode.'</b></p>
-					<br/>
-						<p>If you did not request a password change, you may ignore this message and your password will remain unchanged.';
-
-					$account_mail = $account->getCustomField('email');
-					if(_mail($account_mail, $config['lua']['serverName'].' - Recover your account', $mailBody))
-					{
-						$account->setCustomField('email_code', $newcode);
-						$account->setCustomField('email_next', (time() + setting('core.mail_lost_account_interval')));
-						echo '<br />Details about steps required to recover your account has been sent to <b>' . $account_mail . '</b>. You should receive this email within 15 minutes. Please check your inbox/spam directory.';
-					}
-					else
-					{
-						$account->setCustomField('email_next', (time() + 60));
-						echo '<br /><p class="error">An error occurred while sending email! Try again later or contact with admin. For Admin: More info can be found in system/logs/mailer-error.log</p>';
-					}
-				}
-				else
-					echo 'Invalid e-mail to account of character <b>'.$nick.'</b>. Try again.';
-			}
-			else
-			{
-				$insec = (int)$account->getCustomField('email_next') - time();
-				$minutesleft = floor($insec / 60);
-				$secondsleft = $insec - ($minutesleft * 60);
-				$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';
-				echo 'Account of selected character (<b>'.$nick.'</b>) received e-mail in last '.ceil(setting('core.mail_lost_account_interval') / 60).' minutes. You must wait '.$timeleft.' before you can use Lost Account Interface again.';
-			}
-		}
-		else
-			echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
-	}
-	else
-		echo 'Invalid player name format. If you have other characters on account try with other name.';
-	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
-				<a href="' . getLink('account/lost') . '?action=step1&action_type=email&nick='.urlencode($nick).'" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
-				</TD></TR></FORM></TABLE></TABLE>';
-}
-elseif($action == 'step1' && $action_type == 'reckey')
-{
-	$nick = stripslashes($_REQUEST['nick']);
-	if(Validator::characterName($nick))
-	{
-		$player = new OTS_Player();
-		$account = new OTS_Account();
-		$player->find($nick);
-		if($player->isLoaded())
-			$account = $player->getAccount();
-		if($account->isLoaded())
-		{
-			$account_key = $account->getCustomField('key');
-			if(!empty($account_key))
-			{
-						echo 'If you enter right recovery key you will see form to set new e-mail and password to account. To this e-mail will be send your new password and account name.<BR>
-						<FORM ACTION="' . getLink('account/lost') . '?action=step2" METHOD=post>
-						<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
-						<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter your recovery key</B></TD></TR>
-						<TR><TD BGCOLOR="'.$config['darkborder'].'">
-						Character name:&nbsp;<INPUT TYPE=text NAME="nick" VALUE="'.$nick.'" SIZE="40" readonly="readonly"><BR />
-						Recovery key:&nbsp;&nbsp;&nbsp;&nbsp;<INPUT TYPE=text NAME="key" VALUE="" SIZE="40"><BR>
-						</TD></TR>
-						</TABLE>
-						<BR>
-						<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
-						' . $twig->render('buttons.submit.html.twig') . '</div>
-						</TD></TR></FORM></TABLE></TABLE>';
-			}
-			else
-				echo 'Account of this character has no recovery key!';
-		}
-		else
-			echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
-	}
-	else
-		echo 'Invalid player name format. If you have other characters on account try with other name.';
-	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
-				<a href="' . getLink('account/lost') . '" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
-				</TD></TR></FORM></TABLE></TABLE>';
-}
-elseif($action == 'step2')
-{
-	$rec_key = trim($_REQUEST['key']);
-	$nick = stripslashes($_REQUEST['nick']);
-	if(Validator::characterName($nick))
-	{
-		$player = new OTS_Player();
-		$account = new OTS_Account();
-		$player->find($nick);
-		if($player->isLoaded())
-			$account = $player->getAccount();
-		if($account->isLoaded())
-		{
-			$account_key = $account->getCustomField('key');
-			if(!empty($account_key))
-			{
-				if($account_key == $rec_key)
-				{
-					echo '<script type="text/javascript">
-					function validate_required(field,alerttxt)
-					{
-					with (field)
-					{
-					if (value==null||value==""||value==" ")
-					  {alert(alerttxt);return false;}
-					else {return true}
-					}
-					}
-					function validate_email(field,alerttxt)
-					{
-					with (field)
-					{
-					apos=value.indexOf("@");
-					dotpos=value.lastIndexOf(".");
-					if (apos<1||dotpos-apos<2)
-					  {alert(alerttxt);return false;}
-					else {return true;}
-					}
-					}
-					function validate_form(thisform)
-					{
-					with (thisform)
-					{
-					if (validate_required(email,"Please enter your e-mail!")==false)
-					  {email.focus();return false;}
-					if (validate_email(email,"Invalid e-mail format!")==false)
-					  {email.focus();return false;}
-					if (validate_required(passor,"Please enter password!")==false)
-					  {passor.focus();return false;}
-					if (validate_required(passor2,"Please repeat password!")==false)
-					  {passor2.focus();return false;}
-					if (passor2.value!=passor.value)
-					  {alert(\'Repeated password is not equal to password!\');return false;}
-					}
-					}
-					</script>';
-					echo 'Set new password and e-mail to your account.<BR>
-					<FORM ACTION="' . getLink('account/lost') . '?action=step3" onsubmit="return validate_form(this)" METHOD=post>
-					<INPUT TYPE=hidden NAME="character" VALUE="">
-					<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
-					<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter new password and e-mail</B></TD></TR>
-					<TR><TD BGCOLOR="'.$config['darkborder'].'">
-					Account of character:&nbsp;&nbsp;<INPUT TYPE=text NAME="nick" VALUE="'.$nick.'" SIZE="40" readonly="readonly"><BR />
-					New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<INPUT id="passor" TYPE=password NAME="passor" VALUE="" SIZE="40"><BR>
-					Repeat new password:&nbsp;&nbsp;<INPUT id="passor2" TYPE=password NAME="passor" VALUE="" SIZE="40"><BR>
-					New e-mail address:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<INPUT id="email" TYPE=text NAME="email" VALUE="" SIZE="40"><BR>
-					<INPUT TYPE=hidden NAME="key" VALUE="'.$rec_key.'">
-					</TD></TR>
-					</TABLE>
-					<BR>
-					<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
-					' . $twig->render('buttons.submit.html.twig') . '</div>
-					</TD></TR></FORM></TABLE></TABLE>';
-				}
-				else
-					echo 'Wrong recovery key!';
-			}
-			else
-				echo 'Account of this character has no recovery key!';
-		}
-		else
-			echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
-	}
-	else
-		echo 'Invalid player name format. If you have other characters on account try with other name.';
-	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
-				<a href="' . getLink('account/lost') . '?action=step1&action_type=reckey&nick='.urlencode($nick).'" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
-				</TD></TR></FORM></TABLE></TABLE>';
-}
-elseif($action == 'step3')
-{
-	$rec_key = trim($_REQUEST['key']);
-	$nick = stripslashes($_REQUEST['nick']);
-	$new_pass = trim($_REQUEST['passor']);
-	$new_email = trim($_REQUEST['email']);
-	if(Validator::characterName($nick))
-	{
-		$player = new OTS_Player();
-		$account = new OTS_Account();
-		$player->find($nick);
-		if($player->isLoaded())
-			$account = $player->getAccount();
-		if($account->isLoaded())
-		{
-			$account_key = $account->getCustomField('key');
-			if(!empty($account_key))
-			{
-				if($account_key == $rec_key)
-				{
-					if(Validator::password($new_pass))
-					{
-						if(Validator::email($new_email))
-						{
-							$account->setEMail($new_email);
-
-							$tmp_new_pass = $new_pass;
-							if(USE_ACCOUNT_SALT)
-							{
-								$salt = generateRandomString(10, false, true, true);
-								$tmp_new_pass = $salt . $new_pass;
-							}
-
-							$account->setPassword(encrypt($tmp_new_pass));
-							$account->save();
-
-							if(USE_ACCOUNT_SALT)
-								$account->setCustomField('salt', $salt);
-
-							echo 'Your account name, new password and new e-mail.<BR>
-							<FORM ACTION="' . getLink('account/manage') . '" onsubmit="return validate_form(this)" METHOD=post>
-							<INPUT TYPE=hidden NAME="character" VALUE="">
-							<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
-							<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Your account name, new password and new e-mail</B></TD></TR>
-							<TR><TD BGCOLOR="'.$config['darkborder'].'">
-							Account name:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>'.$account->getName().'</b><BR>
-							New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>'.$new_pass.'</b><BR>
-							New e-mail address:&nbsp;<b>'.$new_email.'</b><BR>';
-							if($account->getCustomField('email_next') < time())
-							{
-								$mailBody = '
-								<h3>Your account name and new password!</h3>
-								<p>Changed password and e-mail to your account in Lost Account Interface on server <a href="'.BASE_URL.'"><b>'.$config['lua']['serverName'].'</b></a></p>
-								<p>Account name: <b>'.$account->getName().'</b></p>
-								<p>New password: <b>'.$new_pass.'</b></p>
-								<p>E-mail: <b>'.$new_email.'</b> (this e-mail)</p>
-								<br />
-								<p><u>It\'s automatic e-mail from OTS Lost Account System. Do not reply!</u></p>';
-
-								if(_mail($account->getCustomField('email'), $config['lua']['serverName']." - New password to your account", $mailBody))
-								{
-									echo '<br /><small>Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!</small>';
-								}
-								else
-								{
-									echo '<br /><p class="error">An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
-								}
-							}
-							else
-							{
-								echo '<br /><small>You will not receive e-mail with this informations.</small>';
-							}
-							echo '<INPUT TYPE=hidden NAME="account_login" VALUE="'.$account->getId().'">
-							<INPUT TYPE=hidden NAME="password_login" VALUE="'.$new_pass.'">
-							</TD></TR></TABLE><BR>
-							<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
-							<INPUT TYPE=image NAME="Login" ALT="Login" SRC="'.$template_path.'/images/global/buttons/sbutton_login.gif" BORDER=0 WIDTH=120 HEIGHT=18></div>
-							</TD></TR></FORM></TABLE></TABLE>';
-						}
-						else
-							echo Validator::getLastError();
-					}
-					else
-						echo Validator::getLastError();
-				}
-				else
-					echo 'Wrong recovery key!';
-			}
-			else
-				echo 'Account of this character has no recovery key!';
-		}
-		else
-			echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
-	}
-	else
-		echo 'Invalid player name format. If you have other characters on account try with other name.';
-	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
-				<a href="' . getLink('account/lost') . '?action=step1&action_type=reckey&nick='.urlencode($nick).'" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
-				</TD></TR></FORM></TABLE></TABLE>';
-}
-elseif($action == 'checkcode')
-{
-	$code = trim($_REQUEST['code']);
-	$character = stripslashes(trim($_REQUEST['character']));
-	if(empty($code) || empty($character))
-		echo 'Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
-				<FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
-				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
-				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & character name</B></TD></TR>
-				<TR><TD BGCOLOR="'.$config['darkborder'].'">
-				Your code:&nbsp;<INPUT TYPE=text NAME="code" VALUE="" SIZE="40")><BR />
-				Character:&nbsp;<INPUT TYPE=text NAME="character" VALUE="" SIZE="40")><BR />
-				</TD></TR>
-				</TABLE>
-				<BR>
-				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
-				' . $twig->render('buttons.submit.html.twig') . '</div>
-				</TD></TR></FORM></TABLE></TABLE>';
-	else
-	{
-		$player = new OTS_Player();
-		$account = new OTS_Account();
-		$player->find($character);
-		if($player->isLoaded())
-			$account = $player->getAccount();
-		if($account->isLoaded())
-		{
-			if($account->getCustomField('email_code') == $code)
-			{
-				echo '<script type="text/javascript">
-				function validate_required(field,alerttxt)
-				{
-				with (field)
-				{
-				if (value==null||value==""||value==" ")
-				  {alert(alerttxt);return false;}
-				else {return true}
-				}
-				}
-
-				function validate_form(thisform)
-				{
-				with (thisform)
-				{
-				if (validate_required(passor,"Please enter password!")==false)
-				  {passor.focus();return false;}
-				if (validate_required(passor2,"Please repeat password!")==false)
-				  {passor2.focus();return false;}
-				if (passor2.value!=passor.value)
-				  {alert(\'Repeated password is not equal to password!\');return false;}
-				}
-				}
-				</script>
-				Please enter new password to your account and repeat to make sure you remember password.<BR>
-				<FORM ACTION="' . getLink('account/lost') . '?action=setnewpassword" onsubmit="return validate_form(this)" METHOD=post>
-				<INPUT TYPE=hidden NAME="character" VALUE="'.$character.'">
-				<INPUT TYPE=hidden NAME="code" VALUE="'.$code.'">
-				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
-				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & account name</B></TD></TR>
-				<TR><TD BGCOLOR="'.$config['darkborder'].'">
-				New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<INPUT TYPE=password ID="passor" NAME="passor" VALUE="" SIZE="40")><BR />
-				Repeat new password:&nbsp;<INPUT TYPE=password ID="passor2" NAME="passor2" VALUE="" SIZE="40")><BR />
-				</TD></TR>
-				</TABLE>
-				<BR>
-				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
-				' . $twig->render('buttons.submit.html.twig') . '</div>
-				</TD></TR></FORM></TABLE></TABLE>';
-			}
-			else
-				$error= 'Wrong code to change password.';
-		}
-		else
-			$error = 'Account of this character or this character doesn\'t exist.';
-	}
-	if(!empty($error))
-				echo '<span style="color: red"><b>'.$error.'</b></span><br />Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
-				<FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
-				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
-				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & character name</B></TD></TR>
-				<TR><TD BGCOLOR="'.$config['darkborder'].'">
-				Your code:&nbsp;<INPUT TYPE=text NAME="code" VALUE="" SIZE="40")><BR />
-				Character:&nbsp;<INPUT TYPE=text NAME="character" VALUE="" SIZE="40")><BR />
-				</TD></TR>
-				</TABLE>
-				<BR>
-				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
-				' . $twig->render('buttons.submit.html.twig') . '</div>
-				</TD></TR></FORM></TABLE></TABLE>';
-}
-elseif($action == 'setnewpassword')
-{
-	$newpassword = $_REQUEST['passor'];
-	$code = $_REQUEST['code'];
-	$character = stripslashes($_REQUEST['character']);
-	echo '';
-	if(empty($code) || empty($character) || empty($newpassword))
-		echo '<span style="color: red"><b>Error. Try again.</b></span><br />Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
-				<BR><FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
-				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
-				<INPUT TYPE=image NAME="Back" ALT="Back" SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" BORDER=0 WIDTH=120 HEIGHT=18></div>
-				</TD></TR></FORM></TABLE></TABLE>';
-	else
-	{
-		$player = new OTS_Player();
-		$account = new OTS_Account();
-		$player->find($character);
-		if($player->isLoaded())
-			$account = $player->getAccount();
-		if($account->isLoaded())
-		{
-			if($account->getCustomField('email_code') == $code)
-			{
-				if(Validator::password($newpassword))
-				{
-					$tmp_new_pass = $newpassword;
-					if(USE_ACCOUNT_SALT)
-					{
-						$salt = generateRandomString(10, false, true, true);
-						$tmp_new_pass  = $salt . $newpassword;
-						$account->setCustomField('salt', $salt);
-					}
-
-					$account->setPassword(encrypt($tmp_new_pass ));
-					$account->save();
-					$account->setCustomField('email_code', '');
-					echo 'New password to your account is below. Now you can login.<BR>
-					<INPUT TYPE=hidden NAME="character" VALUE="'.$character.'">
-					<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
-					<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Changed password</B></TD></TR>
-					<TR><TD BGCOLOR="'.$config['darkborder'].'">
-					New password:&nbsp;<b>'.$newpassword.'</b><BR />
-					Account name:&nbsp;&nbsp;&nbsp;<i>(Already on your e-mail)</i><BR />';
-
-					$mailBody = '
-					<h3>Your account name and password!</h3>
-					<p>Changed password to your account in Lost Account Interface on server <a href="'.BASE_URL.'"><b>'.$config['lua']['serverName'].'</b></a></p>
-					<p>Account name: <b>'.$account->getName().'</b></p>
-					<p>New password: <b>'.$newpassword.'</b></p>
-					<br />
-					<p><u>It\'s automatic e-mail from OTS Lost Account System. Do not reply!</u></p>';
-
-					if(_mail($account->getCustomField('email'), $config['lua']['serverName']." - Your new password", $mailBody))
-					{
-						echo '<br /><small>New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!';
-					}
-					else
-					{
-						echo '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
-					}
-				echo '</TD></TR>
-				</TABLE>
-				<BR>
-				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
-				<FORM ACTION="' . getLink('account/manage') . '" METHOD=post>
-				<INPUT TYPE=image NAME="Login" ALT="Login" SRC="'.$template_path.'/images/global/buttons/sbutton_login.gif" BORDER=0 WIDTH=120 HEIGHT=18></div>
-				</TD></TR></FORM></TABLE></TABLE>';
-				}
-				else
-					$error= Validator::getLastError();
-			}
-			else
-				$error= 'Wrong code to change password.';
-		}
-		else
-			$error = 'Account of this character or this character doesn\'t exist.';
-	}
-	if(!empty($error))
-				echo '<span style="color: red"><b>'.$error.'</b></span><br />Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
-				<FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
-				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
-				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & character name</B></TD></TR>
-				<TR><TD BGCOLOR="'.$config['darkborder'].'">
-				Your code:&nbsp;<INPUT TYPE=text NAME="code" VALUE="" SIZE="40")><BR />
-				Character:&nbsp;<INPUT TYPE=text NAME="character" VALUE="" SIZE="40")><BR />
-				</TD></TR>
-				</TABLE>
-				<BR>
-				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
-				' . $twig->render('buttons.submit.html.twig') . '</div>
-				</TD></TR></FORM></TABLE></TABLE>';
-}
+$twig->display('account/lost/form.html.twig');
--- a/system/pages/account/lost/base.php
+++ b/system/pages/account/lost/base.php
@@ -0,0 +1,18 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+function lostAccountWriteCooldown(string $nick, int $time): void
+{
+	global $twig;
+
+	$inSec = $time - time();
+	$minutesLeft = floor($inSec / 60);
+	$secondsLeft = $inSec - ($minutesLeft * 60);
+	$timeLeft = $minutesLeft.' minutes '.$secondsLeft.' seconds';
+
+	$timeRounded = ceil(setting('core.mail_lost_account_interval') / 60);
+
+	$twig->display('error_box.html.twig', [
+		'errors' => ["Account of selected character (<b>" . escapeHtml($nick) . "</b>) received e-mail in last $timeRounded minutes. You must wait $timeLeft before you can use Lost Account Interface again."]
+	]);
+}
--- a/system/pages/account/lost/check-code.php
+++ b/system/pages/account/lost/check-code.php
@@ -0,0 +1,51 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+csrfProtect();
+
+$title = 'Lost Account';
+
+$code = isset($_REQUEST['code']) ? trim($_REQUEST['code']) : '';
+$character = isset($_REQUEST['character']) ? stripslashes(trim($_REQUEST['character'])) : '';
+
+if(empty($code) || empty($character))
+	$twig->display('account/lost/check-code.html.twig', [
+		'code' => $code,
+		'characters' => $character,
+	]);
+else
+{
+	$player = new OTS_Player();
+	$account = new OTS_Account();
+	$player->find($character);
+	if($player->isLoaded()) {
+		$account = $player->getAccount();
+	}
+
+	if($account->isLoaded()) {
+		if($account->getCustomField('email_code') == $code) {
+			$twig->display('account/lost/check-code.finish.html.twig', [
+				'character' => $character,
+				'code' => $code,
+			]);
+		}
+		else {
+			$error = 'Wrong code to change password.';
+		}
+	}
+	else {
+		$error = "Account of this character or this character doesn't exist.";
+	}
+}
+
+if(!empty($error)) {
+	$twig->display('error_box.html.twig', [
+		'errors' => [$error],
+	]);
+
+	echo '<br/>';
+
+	$twig->display('account/lost/check-code.html.twig', [
+
+	]);
+}
--- a/system/pages/account/lost/email/send-code.php
+++ b/system/pages/account/lost/email/send-code.php
@@ -0,0 +1,68 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+csrfProtect();
+
+require __DIR__ . '/../base.php';
+
+$title = 'Lost Account';
+
+$email = $_REQUEST['email'];
+$nick = stripslashes($_REQUEST['nick']);
+
+$player = new OTS_Player();
+$account = new OTS_Account();
+$player->find($nick);
+if($player->isLoaded()) {
+	$account = $player->getAccount();
+}
+
+if($account->isLoaded()) {
+	if($account->getCustomField('email_next') < time()) {
+		if($account->getEMail() == $email) {
+			$newCode = generateRandomString(30, true, false, true);
+			$mailBody = $twig->render('mail.account.lost.code.html.twig', [
+				'newCode' => $newCode,
+				'account' => $account,
+				'nick' => $nick,
+			]);
+
+			$accountEMail = $account->getCustomField('email');
+			if(_mail($accountEMail, configLua('serverName') . ' - Recover your account', $mailBody)) {
+				$account->setCustomField('email_code', $newCode);
+				$account->setCustomField('email_next', (time() + setting('core.mail_lost_account_interval')));
+
+				$twig->display('success.html.twig', [
+					'title' => 'Email has been sent',
+					'description' => 'Details about steps required to recover your account has been sent to <b>' . $accountEMail . '</b>. You should receive this email within 15 minutes. Please check your inbox/spam directory.',
+					'custom_buttons' => '',
+				]);
+			}
+			else {
+				$account->setCustomField('email_next', (time() + 60));
+				error('An error occurred while sending email! Try again later or contact with admin. For Admin: More info can be found in system/logs/mailer-error.log</p>');
+			}
+		}
+		else {
+			$errors[] = 'Invalid e-mail to account of character <b>' . escapeHtml($nick) . '</b>. Try again.';
+		}
+	}
+	else {
+		lostAccountWriteCooldown($nick, (int)$account->getCustomField('email_next'));
+	}
+}
+else {
+	$errors[] =  "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
+}
+
+if (!empty($errors)) {
+	$twig->display('error_box.html.twig', [
+		'errors' => $errors,
+	]);
+}
+
+$twig->display('account.back_button.html.twig', [
+	'new_line' => true,
+	'center' => true,
+	'action' => getLink('account/lost/step-1') . '?action=email&nick=' . urlencode($nick),
+]);
--- a/system/pages/account/lost/email/set-new-password.php
+++ b/system/pages/account/lost/email/set-new-password.php
@@ -0,0 +1,94 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+csrfProtect();
+
+$title = 'Lost Account';
+
+$newPassword = $_REQUEST['password'];
+$passwordRepeat = $_REQUEST['password_repeat'];
+$code = $_REQUEST['code'];
+$character = stripslashes($_REQUEST['character']);
+
+if(empty($code) || empty($character) || empty($newPassword) || empty($passwordRepeat)) {
+	$errors[] = 'Please enter code from e-mail and name of one character from account. Then press Submit.';
+
+	$twig->display('error_box.html.twig', [
+		'errors' => $errors,
+	]);
+
+	$twig->display('account.back_button.html.twig', [
+		'new_line' => true,
+		'center' => true,
+		'action' => getLink('account/lost/check-code')
+	]);
+
+	return;
+}
+
+$player = new OTS_Player();
+$account = new OTS_Account();
+$player->find($character);
+if($player->isLoaded()) {
+	$account = $player->getAccount();
+}
+
+if($account->isLoaded()) {
+	if($account->getCustomField('email_code') == $code) {
+		if ($newPassword == $passwordRepeat) {
+			if (Validator::password($newPassword)) {
+				$tmp_new_pass = $newPassword;
+				if (USE_ACCOUNT_SALT) {
+					$salt = generateRandomString(10, false, true, true);
+					$tmp_new_pass = $salt . $newPassword;
+					$account->setCustomField('salt', $salt);
+				}
+
+				$account->setPassword(encrypt($tmp_new_pass));
+				$account->save();
+				$account->setCustomField('email_code', '');
+
+				$mailBody = $twig->render('mail.account.lost.new-password.html.twig', [
+					'account' => $account,
+					'newPassword' => $newPassword,
+				]);
+
+				$statusMsg = '';
+				if (_mail($account->getCustomField('email'), configLua('serverName') . ' - Your new password', $mailBody)) {
+					$statusMsg = '<br /><small>New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!';
+				} else {
+					$statusMsg = '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
+				}
+
+				$twig->display('account/lost/finish.new-password.html.twig', [
+					'statusMsg' => $statusMsg,
+					'newPassword' => $newPassword,
+				]);
+			} else {
+				$error = Validator::getLastError();
+			}
+		}
+		else {
+			$error = 'Passwords are not the same!';
+		}
+	}
+	else {
+		$error = 'Wrong code to change password.';
+	}
+}
+else {
+	$error = "Account of this character or this character doesn't exist.";
+}
+
+if(!empty($error)) {
+	$twig->display('error_box.html.twig', [
+		'errors' => [$error],
+	]);
+
+	echo '<br/>';
+
+	$twig->display('account/lost/check-code.html.twig', [
+		'code' => $code,
+		'character' => $character,
+	]);
+}
--- a/system/pages/account/lost/email/step-1.php
+++ b/system/pages/account/lost/email/step-1.php
@@ -0,0 +1,34 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+require __DIR__ . '/../base.php';
+
+csrfProtect();
+
+$title = 'Lost Account';
+
+if($account->isLoaded()) {
+	if($account->getCustomField('email_next') < time()) {
+		$twig->display('account/lost/email.html.twig', [
+			'nick' => $nick,
+		]);
+	}
+	else {
+		lostAccountWriteCooldown($nick, (int)$account->getCustomField('email_next'));
+	}
+}
+else {
+	$errors[] = "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
+}
+
+if (!empty($errors)) {
+	$twig->display('error_box.html.twig', [
+		'errors' => $errors,
+	]);
+}
+
+$twig->display('account.back_button.html.twig', [
+	'new_line' => true,
+	'center' => true,
+	'action' => getLink('account/lost'),
+]);
--- a/system/pages/account/lost/recovery-key/step-1.php
+++ b/system/pages/account/lost/recovery-key/step-1.php
@@ -0,0 +1,34 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+csrfProtect();
+
+$title = 'Lost Account';
+
+if($account->isLoaded()) {
+	$account_key = $account->getCustomField('key');
+
+	if(!empty($account_key)) {
+		$twig->display('account/lost/recovery-key.step-1.html.twig', [
+			'nick' => $nick,
+		]);
+	}
+	else {
+		$errors[] = 'Account of this character has no recovery key!';
+	}
+}
+else {
+	$errors[] = "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
+}
+
+if (!empty($errors)) {
+	$twig->display('error_box.html.twig', [
+		'errors' => $errors,
+	]);
+}
+
+$twig->display('account.back_button.html.twig', [
+	'new_line' => true,
+	'center' => true,
+	'action' => getLink('account/lost'),
+]);
--- a/system/pages/account/lost/recovery-key/step-2.php
+++ b/system/pages/account/lost/recovery-key/step-2.php
@@ -0,0 +1,48 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+csrfProtect();
+
+$title = 'Lost Account';
+
+$key = trim($_REQUEST['key']);
+$nick = stripslashes($_REQUEST['nick']);
+
+$player = new OTS_Player();
+$account = new OTS_Account();
+$player->find($nick);
+if($player->isLoaded()) {
+	$account = $player->getAccount();
+}
+
+if($account->isLoaded()) {
+	$accountKey = $account->getCustomField('key');
+	if(!empty($accountKey)) {
+		if($accountKey == $key) {
+			$twig->display('account/lost/recovery-key.step-2.html.twig', [
+				'nick' => $nick,
+				'key' => $key,
+			]);
+		}
+		else {
+			$errors[] = 'Wrong recovery key!';
+		}
+	}
+	else {
+		$errors[] = 'Account of this character has no recovery key!';
+	}
+}
+else
+	$errors[] =  "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
+
+if (!empty($errors)) {
+	$twig->display('error_box.html.twig', [
+		'errors' => $errors,
+	]);
+}
+
+$twig->display('account.back_button.html.twig', [
+	'new_line' => true,
+	'center' => true,
+	'action' => getLink('account/lost/step-1') . '?action=recovery-key&nick=' . urlencode($nick),
+]);
--- a/system/pages/account/lost/recovery-key/step-3.php
+++ b/system/pages/account/lost/recovery-key/step-3.php
@@ -0,0 +1,101 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+csrfProtect();
+
+$title = 'Lost Account';
+
+$key = trim($_REQUEST['key']);
+$nick = stripslashes($_REQUEST['nick']);
+$newPassword = trim($_REQUEST['password']);
+$passwordRepeat = trim($_REQUEST['password_repeat']);
+$newEmail = trim($_REQUEST['email']);
+
+$player = new OTS_Player();
+$account = new OTS_Account();
+$player->find($nick);
+if($player->isLoaded()) {
+	$account = $player->getAccount();
+}
+
+if($account->isLoaded()) {
+	$accountKey = $account->getCustomField('key');
+
+	if(!empty($accountKey)) {
+		if($accountKey == $key) {
+			if(Validator::password($newPassword)) {
+				if ($newPassword == $passwordRepeat) {
+					if (Validator::email($newEmail)) {
+						$account->setEMail($newEmail);
+
+						$tmp_new_pass = $newPassword;
+						if (USE_ACCOUNT_SALT) {
+							$salt = generateRandomString(10, false, true, true);
+							$tmp_new_pass = $salt . $newPassword;
+						}
+
+						$account->setPassword(encrypt($tmp_new_pass));
+						$account->save();
+
+						if (USE_ACCOUNT_SALT) {
+							$account->setCustomField('salt', $salt);
+						}
+
+						$statusMsg = '';
+						if ($account->getCustomField('email_next') < time()) {
+							$mailBody = $twig->render('mail.account.lost.new-email.html.twig', [
+								'account' => $account,
+								'newPassword' => $newPassword,
+								'newEmail' => $newEmail,
+							]);
+
+							if (_mail($account->getCustomField('email'), configLua('serverName') . ' - New password to your account', $mailBody)) {
+								$statusMsg = '<br /><small>Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!</small>';
+							} else {
+								$statusMsg = '<br /><p class="error">An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
+							}
+						} else {
+							$statusMsg = '<br /><small>You will not receive e-mail with this informations.</small>';
+						}
+
+						$twig->display('account/lost/finish.new-email.html.twig', [
+							'statusMsg' => $statusMsg,
+							'account' => $account,
+							'newPassword' => $newPassword,
+							'newEmail' => $newEmail,
+						]);
+					} else {
+						$errors[] = Validator::getLastError();
+					}
+				}
+				else {
+					$errors[] = 'Passwords are not the same!';
+				}
+			}
+			else {
+				$errors[] = Validator::getLastError();
+			}
+		}
+		else {
+			$errors[] = 'Wrong recovery key!';
+		}
+	}
+	else {
+		$errors[] = 'Account of this character has no recovery key!';
+	}
+}
+else {
+	$errors[] = "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
+}
+
+if (!empty($errors)) {
+	$twig->display('error_box.html.twig', [
+		'errors' => $errors,
+	]);
+}
+
+$twig->display('account.back_button.html.twig', [
+	'new_line' => true,
+	'center' => true,
+	'action' => getLink('account/lost/step-1') . '?action=recovery-key&nick=' . urlencode($nick),
+]);
--- a/system/pages/account/lost/step-1.php
+++ b/system/pages/account/lost/step-1.php
@@ -0,0 +1,26 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+csrfProtect();
+
+$title = 'Lost Account';
+
+$nick = stripslashes($_REQUEST['nick']);
+
+$player = new OTS_Player();
+$account = new OTS_Account();
+$player->find($nick);
+if($player->isLoaded()) {
+	$account = $player->getAccount();
+}
+
+if (ACTION == 'email') {
+	require __DIR__ . '/email/step-1.php';
+}
+else if (ACTION == 'recovery-key') {
+	require __DIR__ . '/recovery-key/step-1.php';
+}
+else {
+	$twig->display('account/lost/no-action.html.twig');
+}
+
--- a/system/router.php
+++ b/system/router.php
@@ -94,19 +94,30 @@ $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r)
 		$routesFinal[] = ['*', $page, '__database__/' . $page, 100];
 	}

+	$routes = require SYSTEM . 'routes.php';
 	Plugins::clearWarnings();
-	foreach (Plugins::getRoutes() as $route) {
-		$routesFinal[] = [$route[0], $route[1], $route[2], $route[3] ?? 1000];
+
+	foreach (Plugins::getRoutes() as $pluginRoute) {
+
+		$routesFinal[] = [$pluginRoute[0], $pluginRoute[1], $pluginRoute[2], $pluginRoute[3] ?? 1000];
+
+		// Possibility to override routes with plugins pages, like characters.php
+		foreach ($routes as &$route) {
+			if (str_contains($pluginRoute[2], 'pages/' . $route[2])) {
+				$route[2] = $pluginRoute[2];
+			}
+		}
 /*
 		echo '<pre>';
-		var_dump($route[1], $route[3], $route[2]);
+		var_dump($pluginRoute[1], $pluginRoute[3], $pluginRoute[2]);
 		echo '/<pre>';
 */
 	}

-	$routes = require SYSTEM . 'routes.php';
 	foreach ($routes as $route) {
-		if (!str_contains($route[2], '__redirect__') && !str_contains($route[2], '__database__')) {
+		if (!str_contains($route[2], '__redirect__') && !str_contains($route[2], '__database__')
+			&& !str_contains($route[2], 'plugins/')
+		) {
 			if (!is_file(BASE . 'system/pages/' . $route[2])) {
 				continue;
 			}
--- a/system/templates/account.back_button.html.twig
+++ b/system/templates/account.back_button.html.twig
@@ -1,7 +1,26 @@
 {% if new_line is defined and new_line %}
 	<br/>
 {% endif %}
-<form action="{% if action is not defined %}{{ getLink('account/manage') }}{% else %}{{ action }}{% endif %}" method="post">
-	{{ csrf() }}
-	{{ include('buttons.back.html.twig') }}
-</form>
+
+{% set _center = false %}
+
+{% if center is defined and center %}
+{% set _center = true %}
+{% endif %}
+
+{% if _center %}
+<table border="0" cellspacing="1" cellpadding="4" width="100%">
+	<tbody>
+	<tr>
+		<td align="center">
+{% endif %}
+			<form action="{% if action is not defined %}{{ getLink('account/manage') }}{% else %}{{ action }}{% endif %}" method="post">
+				{{ csrf() }}
+				{{ include('buttons.back.html.twig') }}
+			</form>
+{% if _center %}
+		</td>
+	</tr>
+	</tbody>
+</table>
+{% endif %}
--- a/system/templates/account.lost.form.html.twig
+++ b/system/templates/account.lost.form.html.twig
@@ -1,36 +0,0 @@
-The Lost Account Interface can help you to get back your account name and password. Please enter your character name and select what you want to do.<br/>
-<form action="{{ getLink('account/lost') }}?action=step1" method="post">
-	{{ csrf() }}
-	<input type="hidden" name="character" value="">
-	<table cellspacing="1" cellpadding="4" border="0" width="100%">
-		<tr>
-			<td bgcolor="{{ config.vdarkborder }}" class="white"><b>Please enter your character name</b></td>
-		</tr>
-		<tr>
-			<td bgcolor="{{ config.darkborder }}">
-				<input type="text" name="nick" size="40" autofocus/><br>
-			</td>
-		</tr>
-	</table>
-	<table cellspacing="1" cellpadding="4" border="0" width="100%">
-		<tr>
-			<td bgcolor="{{ config.vdarkborder }}" class="white"><b>What do you want?</b></td>
-		</tr>
-		<tr>
-			<td bgcolor="{{ config.darkborder }}">
-				<input type="radio" name="action_type" id="action_type_email" value="email">
-				<label for="action_type_email"> Send me new password and my account name to account e-mail adress.</label><br/>
-				<input type=radio name="action_type" id="action_type_key" value="reckey">
-				<label for="action_type_key"> I got <b>recovery key</b> and want set new password and e-mail adress to my account.</label><br/>
-			</td>
-		</tr>
-	</table>
-	<br/>
-	<table cellspacing="0" cellpadding="0" border="0" width="100%">
-		<tr>
-			<td align="center">
-				{{ include('buttons.submit.html.twig') }}
-			</td>
-		</tr>
-	</table>
-</form>
--- a/system/templates/account.lost.noaction.html.twig
+++ b/system/templates/account.lost.noaction.html.twig
@@ -1,10 +0,0 @@
-Please select action.<br/>
-<table cellspacing="0" cellpadding="0" border="0" width="100%">
-	<tr>
-		<td align="center">
-			<a href="{{ getLink('account/lost') }}" border="0">
-				{{ include('buttons.back.html.twig') }}
-			</a>
-		</td>
-	</tr>
-</table>
--- a/system/templates/account/lost/check-code.finish.html.twig
+++ b/system/templates/account/lost/check-code.finish.html.twig
@@ -0,0 +1,54 @@
+Please enter new password to your account and repeat to make sure you remember password.<BR>
+<form action="{{ getLink('account/lost/email/set-new-password') }}" method="post">
+
+	{{ csrf() }}
+
+	<input type="hidden" name="character" value="{{ character }}">
+	<input type="hidden" name="code" value="{{ code }}">
+
+	<table class="myaac-table" style="width: 100%;">
+
+		<thead>
+		<tr>
+			<th class="white"><b>Passwords</b></th>
+		</tr>
+		</thead>
+
+		<tbody>
+		<tr>
+			<td>
+				<table>
+					<tr>
+						<td>
+							<label for="password">New password:</label>
+						</td>
+						<td>
+							<input type="password" id="password" name="password" value="" size="40">
+						</td>
+					</tr>
+					<tr>
+						<td>
+							<label for="password_repeat">Repeat new password:</label>
+						</td>
+						<td>
+							<input type="password" id="password_repeat" name="password_repeat" value="" size="40">
+						</td>
+					</tr>
+				</table>
+			</td>
+		</tr>
+		</tbody>
+
+	</table>
+	<br/>
+	<table style="width: 100%">
+		<tr>
+			<td>
+				<div style="text-align: center">
+					{% set button_name = 'Submit' %}
+					{% include('buttons.base.html.twig') %}
+				</div>
+			</td>
+		</tr>
+	</table>
+</form>
--- a/system/templates/account/lost/check-code.html.twig
+++ b/system/templates/account/lost/check-code.html.twig
@@ -0,0 +1,33 @@
+Please enter code from e-mail and name of one character from account. Then press Submit.<br/>
+<form action="{{ getLink('account/lost/check-code') }}" method="post">
+
+	{{ csrf() }}
+
+	<table class="myaac-table" style="width: 100%;">
+		<thead>
+		<tr>
+			<th class="white">
+				<b>Code & character name</b>
+			</th>
+		</tr>
+		</thead>
+
+		<tbody>
+		<tr>
+			<td>
+				Your code:&nbsp;<input type="text" name="code" value="{{ code }}" size="40"><br/>
+				Character:&nbsp;<input type="text" name="character" value="{{ character }}" size="40"><br/>
+			</td>
+		</tr>
+		</tbody>
+	</table>
+	<br>
+	<table style="width: 100%">
+		<tr>
+			<td align="center">
+				{% set button_name = 'Submit' %}
+				{% include('buttons.base.html.twig') %}
+			</td>
+		</tr>
+	</table>
+</form>
--- a/system/templates/account/lost/email.html.twig
+++ b/system/templates/account/lost/email.html.twig
@@ -0,0 +1,54 @@
+Please enter e-mail to account with this character.<br/>
+<form action="{{ getLink('account/lost/email/send-code') }}" method="post">
+
+	{{ csrf() }}
+
+	<input type=hidden name="character">
+	<table class="myaac-table" style="width: 100%;">
+
+		<thead>
+		<tr>
+			<th class="white"><b>Please enter e-mail to account</b></th>
+		</tr>
+		</thead>
+
+		<tbody>
+		<tr>
+			<td>
+
+				<table>
+					<tr>
+						<td>
+							<label for="nick">Character:</label>
+						</td>
+						<td>
+							<input type=text id="nick" name="nick" value="{{ nick }}" size="40" readonly="readonly">
+						</td>
+					</tr>
+					<tr>
+						<td>
+							<label for="name">E-mail to account:</label>
+						</td>
+						<td>
+							<input type=text id="name" name="email" value="" size="40">
+						</td>
+					</tr>
+				</table>
+
+			</td>
+		</tr>
+		</tbody>
+
+	</table>
+	<br>
+	<table style="width: 100%">
+		<tr>
+			<td>
+				<div style="text-align:center">
+					{% set button_name = 'Submit' %}
+					{% include('buttons.base.html.twig') %}
+				</div>
+			</td>
+		</tr>
+	</table>
+</form>
--- a/system/templates/account/lost/finish.new-email.html.twig
+++ b/system/templates/account/lost/finish.new-email.html.twig
@@ -0,0 +1,58 @@
+Your account name, new password and new e-mail.<br/>
+<table class="myaac-table" style="width: 100%;">
+
+	<thead>
+	<tr>
+		<th class="white">
+			<b>Your account name, new password and new e-mail</b>
+		</th>
+	</tr>
+	</thead>
+
+	<tbody>
+	<tr>
+		<td>
+
+			<table>
+				<tr>
+					<td>
+						Account name:
+					</td>
+					<td>
+						<b>{{ account.getName() }}</b>
+					</td>
+				</tr>
+				<tr>
+					<td>
+						New password:
+					</td>
+					<td>
+						<b>{{ newPassword }}</b>
+					</td>
+				</tr>
+				<tr>
+					<td>
+						New e-mail address:
+					</td>
+					<td>
+						<b>{{ newEmail }}</b>
+					</td>
+				</tr>
+			</table>
+
+			{{ statusMsg|raw }}
+		</td>
+	</tr>
+	</tbody>
+
+</table>
+<br>
+<table style="width: 100%">
+	<tr>
+		<td align="center">
+			<form action="{{ getLink('account/manage') }}" method="post">
+				{{ include('buttons.login.html.twig') }}
+			</form>
+		</td>
+	</tr>
+</table>
--- a/system/templates/account/lost/finish.new-password.html.twig
+++ b/system/templates/account/lost/finish.new-password.html.twig
@@ -0,0 +1,30 @@
+New password to your account is below. Now you can log in.<BR>
+<table class="myaac-table" style="width: 100%;">
+
+	<thead>
+	<tr>
+		<th class="white"><b>Changed password</b></th>
+	</tr>
+	</thead>
+
+	<tbody>
+	<tr>
+		<td>
+			New password:&nbsp;<b>{{ newPassword }}</b><br/>
+			Account name:&nbsp;&nbsp;&nbsp;<i>(Already on your e-mail)</i><br/>
+			{{ statusMsg|raw }}
+		</td>
+	</tr>
+	</tbody>
+</table>
+<br/>
+<table style="width: 100%">
+	<tr>
+		<td align="center">
+			<form action="{{ getLink('account/manage') }}">
+				{% set button_name = 'Login' %}
+				{% include('buttons.base.html.twig') %}
+			</form>
+		</td>
+	</tr>
+</table>
--- a/system/templates/account/lost/form.html.twig
+++ b/system/templates/account/lost/form.html.twig
@@ -0,0 +1,43 @@
+The Lost Account Interface can help you to get back your account name and password. Please enter your character name and select what you want to do.<br/>
+<form action="{{ getLink('account/lost/step-1') }}" method="post">
+
+	{{ csrf() }}
+
+	<input type="hidden" name="character" value="">
+	<table class="myaac-table" style="width: 100%">
+		<thead>
+		<tr>
+			<th class="white"><b>Please enter your character name</b></th>
+		</tr>
+		</thead>
+		<tbody>
+			<tr>
+				<td>
+					<input type="text" name="nick" size="40" autofocus/><br>
+				</td>
+			</tr>
+		</tbody>
+	</table>
+	<table style="width: 100%; border-spacing: 1px">
+		<tr>
+			<td style="padding: 4px; background: {{ config('vdarkborder') }}" class="white"><b>What do you want?</b></td>
+		</tr>
+		<tr>
+			<td style="padding: 4px; background: {{ config('darkborder') }}">
+				<input type="radio" name="action" id="action_type_email" value="email">
+				<label for="action_type_email"> Send me new password and my account name to account e-mail address.</label><br/>
+				<input type=radio name="action" id="action_type_key" value="recovery-key">
+				<label for="action_type_key"> I got <b>recovery key</b> and want set new password and e-mail address to my account.</label><br/>
+			</td>
+		</tr>
+	</table>
+	<br/>
+	<table style="width: 100%">
+		<tr>
+			<td align="center">
+				{% set button_name = 'Submit' %}
+				{% include('buttons.base.html.twig') %}
+			</td>
+		</tr>
+	</table>
+</form>
--- a/system/templates/account/lost/no-action.html.twig
+++ b/system/templates/account/lost/no-action.html.twig
@@ -0,0 +1,10 @@
+Please select action.<br/>
+<table style="width: 100%">
+	<tr>
+		<td align="center">
+			<a href="{{ getLink('account/lost') }}">
+				{{ include('buttons.back.html.twig') }}
+			</a>
+		</td>
+	</tr>
+</table>
--- a/system/templates/account/lost/recovery-key.step-1.html.twig
+++ b/system/templates/account/lost/recovery-key.step-1.html.twig
@@ -0,0 +1,53 @@
+If you enter right recovery key you will see form to set new e-mail and password to account. To this e-mail will be send your new password and account name.<BR>
+<form action="{{ getLink('account/lost/recovery-key/step-2') }}" method="post">
+
+	{{ csrf() }}
+
+	<table class="myaac-table" style="width: 100%;">
+
+		<thead>
+		<tr>
+			<th class="white">
+				<b>Please enter your recovery key</b>
+			</th>
+		</tr>
+		</thead>
+
+		<tbody>
+		<tr>
+			<td>
+				<table>
+					<tr>
+						<td>
+							<label for="nick">Character name:</label>
+						</td>
+						<td>
+							<input type=text id="nick" name="nick" value="{{ nick }}" size="40" readonly="readonly">
+						</td>
+					</tr>
+					<tr>
+						<td>
+							<label for="key">Recovery key:</label>
+						</td>
+						<td>
+							<input type="text" id="key" name="key" value="" size="40">
+						</td>
+					</tr>
+				</table>
+			</td>
+		</tr>
+		</tbody>
+
+	</table>
+	<br>
+	<table style="width: 100%">
+		<tr>
+			<td>
+				<div style="text-align:center">
+					{% set button_name = 'Submit' %}
+					{% include('buttons.base.html.twig') %}
+				</div>
+			</td>
+		</tr>
+	</table>
+</form>
--- a/system/templates/account/lost/recovery-key.step-2.html.twig
+++ b/system/templates/account/lost/recovery-key.step-2.html.twig
@@ -0,0 +1,71 @@
+Set new password and e-mail to your account.<br>
+<form action="{{ getLink('account/lost/recovery-key/step-3') }}" method="post">
+
+	{{ csrf() }}
+
+	<input type="hidden" name="key" VALUE="{{ key }}">
+
+	<input type="hidden" name="character" value="">
+	<table class="myaac-table" style="width: 100%">
+
+		<thead>
+		<tr>
+			<th class="white">
+				<b>Please enter new password and e-mail</b>
+			</th>
+		</tr>
+		</thead>
+
+		<tbody>
+		<tr>
+			<td>
+
+				<table>
+					<tr>
+						<td>
+							<label for="nick">Account of character:</label>
+						</td>
+						<td>
+							<input type="text" id="nick" name="nick" value="{{ nick }}" size="40" readonly="readonly">
+						</td>
+					</tr>
+					<tr>
+						<td>
+							<label for="password">New password:</label>
+						</td>
+						<td>
+							<input type="password" id="password" name="password" value="" size="40">
+						</td>
+					</tr>
+					<tr>
+						<td>
+							<label for="password_repeat">Repeat new password:</label>
+						</td>
+						<td>
+							<input type="password" id="password_repeat" name="password_repeat" value="" size="40">
+						</td>
+					</tr>
+					<tr>
+						<td>
+							<label for="email">New e-mail address:</label>
+						</td>
+						<td>
+							<input type="text" id="email" name="email" value="" size="40">
+						</td>
+					</tr>
+				</table>
+
+			</td>
+		</tr>
+		</tbody>
+	</table>
+	<br>
+	<table style="width: 100%">
+		<tr>
+			<td align="center">
+				{% set button_name = 'Submit' %}
+				{% include('buttons.base.html.twig') %}
+			</td>
+		</tr>
+</table>
+</form>
--- a/system/templates/characters.html.twig
+++ b/system/templates/characters.html.twig
@@ -9,7 +9,7 @@
 <table border="0" cellpadding="0" cellspacing="0" width="100%"><tr>
 	<td><img src="{{ template_path }}/images/general/blank.gif" width="10" height="1" border="0"></td>
 	<td>
-        {{ hook(constant('HOOK_CHARACTERS_BEFORE_INFORMATIONS')) }}
+        {{ hook('HOOK_CHARACTERS_BEFORE_INFORMATIONS') }}
 		{% if canEdit %}
 			<a href="{{ constant('ADMIN_URL') }}?p=players&id={{ player.getId() }}" title="Edit in Admin Panel" target="_blank">
 				<img src="images/edit.png"/>Edit
@@ -153,11 +153,11 @@
 				<td>{% if account.isPremium() %}Premium Account{% else %}Free Account{% endif %}</td>
 			</tr>
 		</table>
-		{{ hook(constant('HOOK_CHARACTERS_AFTER_INFORMATIONS')) }}
+		{{ hook('HOOK_CHARACTERS_AFTER_INFORMATIONS') }}
 		<br/>
 		<table border="0" width="100%">
 			<tr>
-				{{ hook(constant('HOOK_CHARACTERS_BEFORE_SKILLS')) }}
+				{{ hook('HOOK_CHARACTERS_BEFORE_SKILLS') }}

 				{% if config.characters.skills %}
 				<!-- SKILLS -->
@@ -179,7 +179,7 @@
 				<!-- SKILLS_END -->
 				{% endif %}

-				{{ hook(constant('HOOK_CHARACTERS_AFTER_SKILLS')) }}
+				{{ hook('HOOK_CHARACTERS_AFTER_SKILLS') }}

 				{% if quests_enabled %}
 				<!-- QUESTS -->
@@ -201,7 +201,7 @@
 				<!-- QUESTS_END -->
 				{% endif %}

-				{{ hook(constant('HOOK_CHARACTERS_AFTER_QUESTS')) }}
+				{{ hook('HOOK_CHARACTERS_AFTER_QUESTS') }}

 				{% if config.characters.equipment %}
 				<!-- EQUIPMENT -->
@@ -239,11 +239,11 @@
 				<!-- EQUIPMENT_END -->
 				{% endif %}

-				{{ hook(constant('HOOK_CHARACTERS_AFTER_EQUIPMENT')) }}
+				{{ hook('HOOK_CHARACTERS_AFTER_EQUIPMENT') }}
 			</tr>
 		</table>

-		{{ hook(constant('HOOK_CHARACTERS_BEFORE_DEATHS')) }}
+		{{ hook('HOOK_CHARACTERS_BEFORE_DEATHS') }}

 		{% if deaths|length > 0 %}
 		<!-- DEATHS -->
@@ -283,7 +283,7 @@
 		<!-- FRAGS_END -->
 		{% endif %}

-		{{ hook(constant('HOOK_CHARACTERS_BEFORE_SIGNATURE')) }}
+		{{ hook('HOOK_CHARACTERS_BEFORE_SIGNATURE') }}

 		{% if setting('core.signature_enabled') %}
 		<!-- SIGNATURE -->
@@ -327,7 +327,7 @@
 		</table>
 		<!-- SIGNATURE_END -->
 		{% endif %}
-		{{ hook(constant('HOOK_CHARACTERS_AFTER_SIGNATURE')) }}
+		{{ hook('HOOK_CHARACTERS_AFTER_SIGNATURE') }}
 		{% if not player.isHidden() %}
 		{% set rows = 0 %}
 		<!-- ACCOUNT_INFORMATION -->
@@ -377,7 +377,7 @@
 			</tr>
 		</table>
 		<!-- ACCOUNT_INFORMATION_END -->
-		{{ hook(constant('HOOK_CHARACTERS_AFTER_ACCOUNT')) }}
+		{{ hook('HOOK_CHARACTERS_AFTER_ACCOUNT') }}
 		<!-- CHARACTERS_LIST -->
 		<br/><br/>
 		<table border="0" cellspacing="1" cellpadding="4" width="100%">
@@ -421,7 +421,7 @@
 		</table>
 		<!-- CHARACTERS_LIST_END -->
 		{% endif %}
-		{{ hook(constant('HOOK_CHARACTERS_AFTER_CHARACTERS')) }}
+		{{ hook('HOOK_CHARACTERS_AFTER_CHARACTERS') }}
 		{% if canEdit %}
 			<a href="{{ constant('ADMIN_URL') }}?p=players&id={{ player.getId() }}" title="Edit in Admin Panel" target="_blank">
 				<img src="images/edit.png"/>Edit
--- a/system/templates/mail.account.lost.code.html.twig
+++ b/system/templates/mail.account.lost.code.html.twig
@@ -0,0 +1,10 @@
+You asked to reset your {{ config('lua')['serverName'] }} password.<br/>
+<p>Account name: {{ account.getName() }}</p>
+<br/>
+To do so, please click this link:
+<p>
+	<a href="{{ getLink('account/lost/check-code') }}?code={{ newCode }}&character={{ nick|urlencode }}">{{ getLink('account/lost/check-code') }}?code={{ newCode }}&character={{ nick|urlencode }}</a>
+</p>
+<p>or open page: <i>{{ getLink('account/lost/check-code') }}</i> and in field "code" write <b>{{ newCode }}</b></p>
+<br/>
+<p>If you did not request a password change, you may ignore this message and your password will remain unchanged.
--- a/system/templates/mail.account.lost.new-email.html.twig
+++ b/system/templates/mail.account.lost.new-email.html.twig
@@ -0,0 +1,7 @@
+<h3>Your account name and new password!</h3>
+<p>Changed password and e-mail to your account in Lost Account Interface on server <a href="{{ constant('BASE_URL') }}"><b>{{ config('lua')['serverName'] }}</b></a></p>
+<p>Account name: <b>{{ account.getName() }}</b></p>
+<p>New password: <b>{{ newPassword }}</b></p>
+<p>E-mail: <b>{{ newEmail }}</b> (this e-mail)</p>
+<br/>
+<p><u>It's automatic e-mail from OTS Lost Account System. Do not reply!</u></p>
--- a/system/templates/mail.account.lost.new-password.html.twig
+++ b/system/templates/mail.account.lost.new-password.html.twig
@@ -0,0 +1,6 @@
+<h3>Your account name and password!</h3>
+<p>Changed password to your account in Lost Account Interface on server <a href="{{ constant('BASE_URL') }}"><b>{{ config('lua')['serverName'] }}</b></a></p>
+<p>Account name: <b>{{ account.getName() }}</b></p>
+<p>New password: <b>{{ newPassword }}</b></p>
+<br/>
+<p><u>It's automatic e-mail from OTS Lost Account System. Do not reply!</u></p>
--- a/system/templates/tables.style.html.twig
+++ b/system/templates/tables.style.html.twig
@@ -1,6 +1,9 @@
 <style>
-	.myaac-table tbody tr:nth-child(even) {background: {{ config.lightborder }}}
-	.myaac-table tbody tr:nth-child(odd) {background:  {{ config.darkborder }}}
-	.myaac-table thead td {background: {{ config.vdarkborder }}; color: #ffffff !important;}
-	.myaac-table tfoot td {background: {{ config.vdarkborder }}; color: #ffffff !important;}
+	.myaac-table {border-spacing: 1px;}
+	.myaac-table > tbody > tr:nth-child(even) {background: {{ config.lightborder }}}
+	.myaac-table > tbody > tr:nth-child(odd) {background:  {{ config.darkborder }}}
+	.myaac-table > tbody > tr > td {padding: 4px; }
+	.myaac-table > thead > tr > td {padding: 4px; background: {{ config.vdarkborder }}; color: #ffffff !important;}
+	.myaac-table > thead > tr > th {padding: 4px; background: {{ config.vdarkborder }}; color: #ffffff !important;}
+	.myaac-table > tfoot > tr > td {padding: 4px; background: {{ config.vdarkborder }}; color: #ffffff !important;}
 </style>
--- a/system/twig.php
+++ b/system/twig.php
@@ -101,6 +101,8 @@ $twig->addFunction($function);
 $function = new TwigFunction('hook', function ($context, $hook, array $params = []) {
 	global $hooks;

+	//note($hook);
+
 	if(is_string($hook)) {
 		if (defined($hook)) {
 			$hook = constant($hook);
--- a/templates/tibiacom/account.login.html.twig
+++ b/templates/tibiacom/account.login.html.twig
@@ -130,6 +130,7 @@
 													<div style="float: right; margin-top: 20px;" >
 														{% apply spaceless %}
 														<form class="MediumButtonForm" action="{{ getLink('account/create') }}" method="post" >
+															{{ csrf() }}
 															<div class="MediumButtonBackground" style="background-image:url({{ template_path }}/images/global/buttons/mediumbutton.gif)" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);">
 																<div class="MediumButtonOver" style="background-image:url({{ template_path }}/images/global/buttons/mediumbutton-over.gif)" onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);"></div>
 																<input class="MediumButtonText" type="image" name="Create Account" alt="Create Account" src="{{ template_path }}/images/global/buttons/mediumbutton_createaccount.png" />
--- a/templates/tibiacom/index.php
+++ b/templates/tibiacom/index.php
@@ -37,7 +37,9 @@ if(isset($config['boxes']))
 					$tmp = str_replace('/', '_', PAGE);
 					$exp = explode('/', PAGE);
 					if(PAGE !== 'account/create' && PAGE !== 'account/lost' && isset($exp[1])) {
-						if ($exp[0] === 'account') {
+						if ($exp[0] === 'account' && $exp[1] === 'lost') {
+							$tmp = 'account_lost';
+						} elseif ($exp[0] === 'account') {
 							$tmp = 'account_manage';
 						} else if ($exp[0] === 'news' && $exp[1] === 'archive') {
 							$tmp = 'news_archive';
@@ -90,24 +92,24 @@ if(isset($config['boxes']))
 		// mouse-over and click events of the loginbox
 		function MouseOverLoginBoxText(source)
 		{
-		  source.lastChild.style.visibility = "visible";
-		  source.firstChild.style.visibility = "hidden";
+		  source.lastElementChild.style.visibility = "visible";
+		  source.firstElementChild.style.visibility = "hidden";
 		}
 		function MouseOutLoginBoxText(source)
 		{
-		  source.firstChild.style.visibility = "visible";
-		  source.lastChild.style.visibility = "hidden";
+		  source.firstElementChild.style.visibility = "visible";
+		  source.lastElementChild.style.visibility = "hidden";
 		}
 		function LoginButtonAction()
 		{
-		  if(loginStatus == "false") {
+		  if(loginStatus === "false") {
 			window.location = "<?php echo getLink('account/manage'); ?>";
 		  } else {
 			window.location = "<?php echo getLink('account/manage'); ?>";
 		  }
 		}
 		function LoginstatusTextAction(source) {
-		  if(loginStatus == "false") {
+		  if(loginStatus === "false") {
 			window.location = "<?php echo getLink('account/create'); ?>";
 		  } else {
 			window.location = "<?php echo getLink('account/logout'); ?>";
@@ -226,11 +228,11 @@ if(isset($config['boxes']))
 		// mouse-over effects of menubuttons and submenuitems
 		function MouseOverMenuItem(source)
 		{
-		  source.firstChild.style.visibility = "visible";
+		  source.firstElementChild.style.visibility = "visible";
 		}
 		function MouseOutMenuItem(source)
 		{
-		  source.firstChild.style.visibility = "hidden";
+		  source.firstElementChild.style.visibility = "hidden";
 		}
 		function MouseOverSubmenuItem(source)
 		{
@@ -336,7 +338,7 @@ if(isset($config['boxes']))
    <div id="LoginBottom" class="Loginstatus" style="background-image:url(<?php echo $template_path; ?>/images/general/box-bottom.gif)" ></div>
  </div>

-<div-- id='Menu'>
+<div id='Menu'>
 <div id='MenuTop' style='background-image:url(<?php echo $template_path; ?>/images/general/box-top.gif);'></div>

 <?php
@@ -401,6 +403,7 @@ foreach($config['menu_categories'] as $id => $cat) {
 	<?php
 	}
 	?>
+</div>
 		<script type="text/javascript">
 			InitializePage();
        </script>
--- a/tools/basic.js
+++ b/tools/basic.js
@@ -1,11 +1,11 @@
 function MouseOverBigButton(source) {
-	if (source?.firstChild?.style) {
-		source.firstChild.style.visibility = "visible";
+	if (source?.firstElementChild?.style) {
+		source.firstElementChild.style.visibility = "visible";
 	}
 }
 function MouseOutBigButton(source) {
-	if (source?.firstChild?.style) {
-		source.firstChild.style.visibility = "hidden";
+	if (source?.firstElementChild?.style) {
+		source.firstElementChild.style.visibility = "hidden";
 	}
 }
 function BigButtonAction(path) {
Author	SHA1	Message	Date
slawkens	596dde4077	Merge branch 'main' into feature/refactor-account-lost	2025-09-28 19:15:34 +02:00
slawkens	ac9303402d	Merge branch 'main' into feature/refactor-account-lost	2025-09-28 19:14:24 +02:00
Slawomir Boczek	f54b1bdd2a	First attempt (#331 )	2025-09-28 19:00:51 +02:00
slawkens	c898fe25ef	New function: getColumnInfo($table, $column)	2025-09-28 16:21:31 +02:00
slawkens	73c07d470d	Add variable types, don't use $config	2025-09-28 16:10:58 +02:00
slawkens	56bd7ec5ed	Prevent injection in $db->hasColumn	2025-09-28 16:09:14 +02:00
slawkens	4c6277c124	Start v1.8.3-dev	2025-09-28 14:16:28 +02:00
slawkens	228780f0ad	Just leaving it here, for future use (twig hook display) Maybe configurable in the future	2025-09-28 14:14:26 +02:00
slawkens	4e9999cc0d	Do not use constant on twig hooks So it can be displayed which hook is used	2025-09-28 14:13:51 +02:00
slawkens	8bc328d6fb	Now v1.8.2 real	2025-09-26 10:14:48 +02:00
slawkens	ac41b82579	Update index.php	2025-09-26 10:14:38 +02:00
slawkens	df7b6e29fb	Replace firstChild with firstElementChild (Thanks to @un000000)	2025-09-26 08:56:15 +02:00
slawkens	e0cc19ad86	Release v1.8.2	2025-09-26 07:54:40 +02:00
slawkens	85e7005fd3	Fix Menu div wrong tag/closing (#329 )	2025-09-24 15:39:47 +02:00
slawkens	3c0cb53e17	Add missing csrf() - fix create account buton	2025-09-23 21:45:49 +02:00
slawkens	d0112d1a67	Fix exception when email cannot be send on create account	2025-09-23 21:45:32 +02:00
slawkens	523210c5b7	Refactor Add missing password check Formatting	2025-09-15 20:04:21 +02:00
slawkens	29e2484ad5	Merge branch 'main' into feature/refactor-account-lost	2025-09-14 21:02:11 +02:00
slawkens	ed9beaf2b6	Fix account lost routes in tibiacom template	2025-09-14 21:02:01 +02:00
slawkens	9ae07acfc1	Formatting	2025-09-14 21:01:32 +02:00
slawkens	dc6b60d0b6	Merge branch 'main' into feature/refactor-account-lost	2025-09-14 20:50:11 +02:00
slawkens	5aa9bbf1c8	Ignore child tables of myaac-table class	2025-09-14 20:50:00 +02:00
slawkens	05b5e703ed	Refactor code, better $error messages	2025-09-14 20:49:14 +02:00
slawkens	849944ff20	[WIP] Add csrfProtect()	2025-09-14 20:47:28 +02:00
slawkens	413ad42afa	Remove duplicated code - extract lostAccountCooldown function	2025-09-14 20:03:03 +02:00
slawkens	233bf001ce	Set $title to 'Lost Account'	2025-09-14 19:49:26 +02:00
slawkens	d2f1f41576	Use myaac-table class for tables	2025-09-14 19:44:30 +02:00
slawkens	2f9ae38c19	Merge branch 'main' into feature/refactor-account-lost	2025-09-14 19:35:26 +02:00
slawkens	a6032093b2	Better look for myaac-table	2025-09-14 19:35:12 +02:00
slawkens	b1b536ce68	Update form.html.twig	2025-09-14 19:34:52 +02:00
slawkens	25695a039d	[WIP] Refactor account/lost	2025-09-14 17:41:53 +02:00
slawkens	e27d974c46	Merge branch 'main' into feature/refactor-account-lost	2025-09-14 13:02:41 +02:00
slawkens	4eab805d26	Fix when config.local.php cannot be saved	2025-09-09 17:49:05 +02:00
slawkens	3f24f961b1	Possibility to override routes with plugins pages, like characters.php No need to define routes in plugin.json anymore	2025-09-09 15:17:06 +02:00
slawkens	0b86459940	Start v1.8.2-dev	2025-09-07 09:33:18 +02:00
slawkens	67f54eacbc	Merge branch 'develop' into feature/refactor-account-lost	2024-09-12 08:24:06 +02:00
slawkens	cde8891b9b	Merge branch 'develop' into feature/refactor-account-lost	2024-07-14 05:58:47 +02:00
slawkens	50a8b8169f	[WIP] Account Lost refactor	2024-07-10 18:08:21 +02:00