Release v1.8.9

* Better name validation, like in the original game website

* Don't automatically ucfirst and strtolower the cases of the word
    * This allows for names like: Lord of Ring, Man of the Earth etc.
* Don't allow special characters like: -, [], '
* Don't allow one letter words
* Require at least one vowel per word
* Add notice about admin logged in

* Add trim, for future

Currently its stripped anyway in the init.php, but AI don't know it :P

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Implement AI recommended changes

* Update tools/validate.php

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Trim $name

* Update Validator.php

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

.github/workflows/phpstan.yml

@@ -25,7 +25,7 @@ jobs:
           coverage: "none"
           extensions: "intl, zip"
           ini-values: "memory_limit=-1"
-          php-version: "${{ matrix.php-version }}"
+          php-version: "${{ matrix.php-versions }}"
 
       - name: Get composer cache directory
         id: composer-cache

CHANGELOG-1.x.md

@@ -1,5 +1,46 @@
 # Changelog
 
+## [1.8.9 - 06.04.2026]
+### Added
+* Settings: Possibility to add custom HTML for the head and body tags like Google Analytics code etc. (https://github.com/slawkens/myaac/commit/108e83806df5686a06826931ed5e243c19cbe130)
+* Add command: give-admin (https://github.com/slawkens/myaac/commit/9fa9ec746c4b344387a21f21886c2251319806fc)
+  * Usage: php aac give:admin slawkens@gmail.com
+    Parameter: account email, name or id
+  * It's admin for the website, not the GM for the game! For that, go into the admin panel and change the group manually
+* Add page load time to an Admin Panel footer (https://github.com/slawkens/myaac/commit/4ae2fdd0dfcd56697612395c14aecc2dfd33b1c3)
+
+### Changed
+* Better character name validation, like in the original game website (#356)
+* Install: don't suggest deleting of install folder - it's not required (https://github.com/slawkens/myaac/commit/5fcde4708a39255cf68edc8c43f2ac6597e2601d)
+
+## [1.8.8 - 31.01.2026]
+### Added
+* Change Comment: Add missing hooks - patched from 0.8 (https://github.com/slawkens/myaac/commit/a60a23b84f61d41d1503073b52e01e3120f6d92a)
+
+### Changed
+* Account Manage: Change the last login to the correct login time – Instead of just "now" (https://github.com/slawkens/myaac/commit/5b841682cdc473b38ef1a5edfcfe1a020802e286)
+* Twig: Extract renderInline(content, context) as a method to $twig (https://github.com/slawkens/myaac/commit/5e4806f891f8c88c37d45b89bbede23afc2fa37b)
+* Mail: Remove HTML tags from the email function (https://github.com/slawkens/myaac/commit/6661c78dac69c6aa498b9c79fe7da4fe0150e5c8)
+
+### Fixed
+* Forum: Fix XSS in board name (https://github.com/slawkens/myaac/commit/e52d9e486f5bf1dea867f59287f70aef3d538189, https://github.com/slawkens/myaac/commit/6db738a87c44b8d96919191ba5e661c32ab47457)
+* Forum: Fix edit_post, despite being an author, edit didn't work (https://github.com/slawkens/myaac/commit/e8b47429e8c607c2662a78b65415dfa772aa0e48)
+* Forum: Fix a player link in the forum thread being not clickable (When outfits are enabled) (https://github.com/slawkens/myaac/commit/f640ca636f34cd2dfc1fa8de6fdbed0674908b30)
+* Settings: Fix variable overlapping if the same var name as in core (https://github.com/slawkens/myaac/commit/c2415e9df3a5ffaf768f6f9668bdd38b5efd0771)
+* Settings: fix show_if for the selects (https://github.com/slawkens/myaac/commit/8dcbb66753914322706216cfd01436eb1478a5ce)
+
+## [1.8.7 - 04.01.2026]
+
+### Fixed
+* Fixed [player/guild/house] bb code in forum (https://github.com/slawkens/myaac/commit/8ec9bf10682c73f1fe40967a106ccda2a5073ed0)
+
+### Changed
+* Settings: better responsiveness on mobile (https://github.com/slawkens/myaac/commit/c65d4e4b62ef26fb4e24ecb1d2bcc4556d746adf)
+* Signatures: Return 404 when the signature player is not found (https://github.com/slawkens/myaac/commit/7e6480b380799add7a2b1b7ce1d3c1f2b6819ff1)
+
+### Removed
+* Remove setting: outfit_images_wrong_looktypes - is obsolete, the bug doesn't exist in the latest outfit images (https://github.com/slawkens/myaac/commit/cc220bedc1f01535eaac23f6961135e2e7a6e310)
+
 ## [1.8.6 - 14.12.2025]
 
 ### Added

README.md

@@ -7,7 +7,7 @@ Official website: https://my-aac.org
 [![GitHub Workflow Status (with event)](https://img.shields.io/github/actions/workflow/status/slawkens/myaac/cypress.yml)](https://github.com/slawkens/myaac/actions)
 [![License: GPL-3.0](https://img.shields.io/github/license/slawkens/myaac)](https://opensource.org/licenses/gpl-license)
 [![Downloads Count](https://img.shields.io/github/downloads/slawkens/myaac/total)](https://github.com/slawkens/myaac/releases)
-[![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
+[![MyAAC Discord](https://img.shields.io/discord/1468205461319848049)](https://discord.gg/aVagGPJt3g)
 [![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
 
 | Version | Status                 | Branch  | Requirements   |

admin/template/template.php

@@ -172,7 +172,8 @@
 			<div class="float-sm-right d-none d-sm-inline">
 				<span class="p-2 right badge badge-<?php echo((isset($status['online']) and $status['online']) ? 'success' : 'danger'); ?>"><?php echo $config['lua']['serverName'] ?></span>
 			</div>
-			<?php echo base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4='); ?>
+			<?= base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4='); ?>
+			<?= 'Load time: ' . round(microtime(true) - START_TIME, 4) . ' seconds.'; ?>
 		</footer>
 		<div id="sidebar-overlay"></div>
 	</div>

common.php

@@ -26,7 +26,7 @@
 if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
 
 const MYAAC = true;
-const MYAAC_VERSION = '1.8.6';
+const MYAAC_VERSION = '1.8.9';
 const DATABASE_VERSION = 46;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));

install/index.php

@@ -30,7 +30,7 @@ if(file_exists(CACHE . 'install.txt')) {
 	$install_status = unserialize(file_get_contents(CACHE . 'install.txt'));
 
 	if(!isset($_REQUEST['step'])) {
-		$step = isset($install_status['step']) ? $install_status['step'] : '';
+		$step = $install_status['step'] ?? '';
 	}
 }
 
@@ -53,7 +53,7 @@ if($step == 'finish' && (!isset($config['installed']) || !$config['installed']))
 
 // step verify
 $steps = array(1 => 'welcome', 2 => 'license', 3 => 'requirements', 4 => 'config', 5 => 'database', 6 => 'admin', 7 => 'finish');
-if(!in_array($step, $steps)) // check if step is valid
+if(!in_array($step, $steps)) // check if a step is valid
 	throw new RuntimeException('ERROR: Unknown step.');
 
 $install_status['step'] = $step;
@@ -61,7 +61,7 @@ $errors = array();
 
 if($step == 'database') {
 	foreach($_SESSION as $key => $value) {
-		if(strpos($key, 'var_') === false) {
+		if(!str_contains($key, 'var_')) {
 			continue;
 		}
 
@@ -182,7 +182,7 @@ $error = false;
 clearstatcache();
 if(is_writable(CACHE) && (MYAAC_OS != 'WINDOWS' || win_is_writable(CACHE))) {
 	if(!file_exists(BASE . 'install/ip.txt')) {
-		$content = warning('AAC installation is disabled. To enable it make file <b>ip.txt</b> in install/ directory and put there your IP.<br/>
+		$content = warning('AAC installation is disabled. To enable it make a file <b>ip.txt</b> in install/ directory and put there your IP.<br/>
 		Your IP is:<br /><b>' . get_browser_real_ip() . '</b>', true);
 	}
 	else {
@@ -198,7 +198,7 @@ if(is_writable(CACHE) && (MYAAC_OS != 'WINDOWS' || win_is_writable(CACHE))) {
 		if(!$allow)
 		{
 			$content = warning('In file <b>install/ip.txt</b> must be your IP!<br/>
-			In file is:<br /><b>' . nl2br($file_content) . '</b><br/>
+			In the file is:<br /><b>' . nl2br($file_content) . '</b><br/>
 			Your IP is:<br /><b>' . get_browser_real_ip() . '</b>', true);
 		}
 		else {

install/tools/7-finish.php

@@ -57,6 +57,8 @@ if ($db->hasTable('players')) {
 DataLoader::setLocale($locale);
 DataLoader::load();
 
+clearCache();
+
 // add menus entries
 require_once SYSTEM . 'migrations/17.php';
 $up();
@@ -105,6 +107,10 @@ if(file_exists(CACHE . 'install.txt')) {
 	unlink(CACHE . 'install.txt');
 }
 
+if(file_exists(BASE . 'install/ip.txt')) {
+	unlink(BASE . 'install/ip.txt');
+}
+
 $locale['step_finish_desc'] = str_replace('$ADMIN_PANEL$', generateLink(str_replace('tools/', '',ADMIN_URL), $locale['step_finish_admin_panel'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$HOMEPAGE$', generateLink(str_replace('tools/', '', BASE_URL), $locale['step_finish_homepage'], true), $locale['step_finish_desc']);
 $locale['step_finish_desc'] = str_replace('$LINK$', generateLink('https://my-aac.org', 'https://my-aac.org', true), $locale['step_finish_desc']);

package-lock.json

@@ -18,9 +18,9 @@
       }
     },
     "node_modules/@cypress/request": {
-      "version": "3.0.8",
+      "version": "3.0.10",
-      "resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.8.tgz",
+      "resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.10.tgz",
-      "integrity": "sha512-h0NFgh1mJmm1nr4jCwkGHwKneVYKghUyWe6TMNrk0B9zsjAJxpg8C4/+BAcmLgCPa1vj1V8rNUaILl+zYRUWBQ==",
+      "integrity": "sha512-hauBrOdvu08vOsagkZ/Aju5XuiZx6ldsLfByg1htFeldhex+PeMrYauANzFsMJeAA0+dyPLbDoX2OYuvVoLDkQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -30,14 +30,14 @@
         "combined-stream": "~1.0.6",
         "extend": "~3.0.2",
         "forever-agent": "~0.6.1",
-        "form-data": "~4.0.0",
+        "form-data": "~4.0.4",
         "http-signature": "~1.4.0",
         "is-typedarray": "~1.0.0",
         "isstream": "~0.1.2",
         "json-stringify-safe": "~5.0.1",
         "mime-types": "~2.1.19",
         "performance-now": "^2.1.0",
-        "qs": "6.14.0",
+        "qs": "~6.14.1",
         "safe-buffer": "^5.1.2",
         "tough-cookie": "^5.0.0",
         "tunnel-agent": "^0.6.0",
@@ -1431,9 +1431,9 @@
       }
     },
     "node_modules/lodash": {
-      "version": "4.17.21",
+      "version": "4.17.23",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
-      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+      "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
       "dev": true,
       "license": "MIT"
     },
@@ -1743,9 +1743,9 @@
       }
     },
     "node_modules/qs": {
-      "version": "6.14.0",
+      "version": "6.14.2",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
-      "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==",
+      "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
       "dev": true,
       "license": "BSD-3-Clause",
       "dependencies": {

system/compat/config.php

@@ -21,7 +21,6 @@ $deprecatedConfig = [
 	'visitors_counter_ttl',
 	'views_counter',
 	'outfit_images_url',
-	'outfit_images_wrong_looktypes',
 	'item_images_url',
 	'account_country',
 	'towns',
@@ -52,6 +51,7 @@ $deprecatedConfig = [
 	'online_skulls',
 	'online_outfit',
 	'online_afk',
+	'team_style',
 	'team_display_outfit' => 'team_outfit',
 	'team_display_status' => 'team_status',
 	'team_display_world' => 'team_world',

system/functions.php

@@ -21,7 +21,6 @@ use MyAAC\News;
 use MyAAC\Plugins;
 use MyAAC\Settings;
 use PHPMailer\PHPMailer\PHPMailer;
-use Twig\Loader\ArrayLoader as Twig_ArrayLoader;
 
 function message($message, $type, $return)
 {
@@ -516,7 +515,12 @@ function template_place_holder($type): string
 			$ret .= $debugBarRenderer->renderHead();
 		}
 	}
+	elseif ($type === 'head_end') {
+		$ret .= setting('core.html_head');
+	}
 	elseif ($type === 'body_start') {
+		$ret .= setting('core.html_body');
+
 		$ret .= $twig->render('browsehappy.html.twig');
 
 		if (admin()) {
@@ -527,6 +531,8 @@ function template_place_holder($type): string
 		}
 	}
 	elseif($type === 'body_end') {
+		$ret .= setting('core.html_footer');
+
 		$ret .= template_ga_code();
 		if (isset($debugBar)) {
 			$ret .= $debugBarRenderer->render();
@@ -878,11 +884,12 @@ function getWorldName($id)
  *
  * @param string $to Recipient email address.
  * @param string $subject Subject of the message.
- * @param string $body Message body in html format.
+ * @param string $body Message body in HTML format.
  * @param string $altBody Alternative message body, plain text.
  * @return bool PHPMailer status returned (success/failure).
+ * @throws \PHPMailer\PHPMailer\Exception
  */
-function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
+function _mail(string $to, string $subject, string $body, string $altBody = ''): bool
 {
 	global $mailer, $config;
 
@@ -900,12 +907,6 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 		$mailer->clearAllRecipients();
 	}
 
-	$signature_html = setting('core.mail_signature_html');
-	if($add_html_tags && isset($body[0]))
-		$tmp_body = '<html><head></head><body>' . $body . '<br/><br/>' . $signature_html . '</body></html>';
-	else
-		$tmp_body = $body . '<br/><br/>' . $signature_html;
-
 	$mailOption = setting('core.mail_option');
 	if($mailOption == MAIL_SMTP)
 	{
@@ -932,6 +933,9 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 		$mailer->isMail();
 	}
 
+	$signature_html = setting('core.mail_signature_html');
+	$tmp_body = $body . '<br/><br/>' . $signature_html;
+
 	$mailer->isHTML(isset($body[0]) > 0);
 	$mailer->From = setting('core.mail_address');
 	$mailer->Sender = setting('core.mail_address');
@@ -1381,17 +1385,7 @@ function getCustomPage($name, &$success): string
 			ob_end_clean();
 		}
 		else {
-			$oldLoader = $twig->getLoader();
+			$content .= $twig->renderInline($page['body']);
-
-			$twig_loader_array = new Twig_ArrayLoader(array(
-				'content.html' => $page['body']
-			));
-
-			$twig->setLoader($twig_loader_array);
-
-			$content .= $twig->render('content.html');
-
-			$twig->setLoader($oldLoader);
 		}
 	}
 

system/locale/de/install.php

@@ -20,7 +20,7 @@ $locale['not_loaded'] = 'Nicht geladen';
 $locale['loading_spinner'] = 'Bitte warten, installieren...';
 $locale['importing_spinner'] = 'Bitte warte, Daten werden importiert...';
 $locale['please_fill_all'] = 'Bitte füllen Sie alle Felder aus!';
-$locale['already_installed'] = 'MyAAC wurde bereits installiert. Bitte löschen <b>install/</b> Verzeichnis. Wenn Sie MyAAC neu installieren möchten, löschen Sie die Datei <strong>config.local.php</strong> aus dem Hauptverzeichnis und aktualisieren Sie die Seite.';
+$locale['already_installed'] = 'MyAAC wurde bereits installiert. Wenn Sie MyAAC neu installieren möchten, löschen Sie die Datei <strong>config.local.php</strong> aus dem Hauptverzeichnis und aktualisieren Sie die Seite.';
 
 // welcome
 $locale['step_welcome'] = 'Willkommen';

system/locale/en/install.php

@@ -20,7 +20,7 @@ $locale['not_loaded'] = 'Not loaded';
 $locale['loading_spinner'] = 'Please wait, installing...';
 $locale['importing_spinner'] = 'Please wait, importing data...';
 $locale['please_fill_all'] = 'Please fill all inputs!';
-$locale['already_installed'] = 'MyAAC has been already installed. Please delete <b>install/</b> directory. If you want to reinstall MyAAC - please delete <strong>config.local.php</strong> file from the main directory and refresh the page.';
+$locale['already_installed'] = 'MyAAC has been already installed. If you want to reinstall MyAAC - please delete <strong>config.local.php</strong> file from the main directory and refresh the page.';
 
 // welcome
 $locale['step_welcome'] = 'Welcome';

system/locale/pl/install.php

@@ -20,7 +20,7 @@ $locale['not_loaded'] = 'Nie załadowane';
 $locale['loading_spinner'] = 'Proszę czekać, trwa instalacja...';
 $locale['importing_spinner'] = 'Proszę czekać, trwa importowanie danych...';
 $locale['please_fill_all'] = 'Proszę wypełnić wszystkie pola!';
-$locale['already_installed'] = 'MyAAC został już zainstalowany. Proszę usunąć katalog <b>install/</b>. Jeśli chcesz zainstalować MyAAC od nowa - proszę usuń plik <strong>config.local.php</strong> z katalogu głównego i odśwież stronę.';
+$locale['already_installed'] = 'MyAAC został już zainstalowany. Jeśli chcesz zainstalować MyAAC od nowa - proszę usuń plik <strong>config.local.php</strong> z katalogu głównego i odśwież stronę.';
 
 // welcome
 $locale['step_welcome'] = 'Witamy';

system/locale/pt_br/install.php

@@ -20,7 +20,7 @@ $locale['not_loaded'] = 'Não carregado';
 $locale['loading_spinner'] = 'Por favor aguarde, instalando...';
 $locale['importing_spinner'] = 'Por favor, aguarde, importando dados...';
 $locale['please_fill_all'] = 'Por favor, preencha todas as entradas!';
-$locale['already_installed'] = 'MyAAC já foi instalado. Por favor, apague o diretório <b> install/ <b/>. Se você quiser reinstalar o MyAAC - exclua o arquivo <strong> config.local.php </strong> do diretório principal e atualize a página.';
+$locale['already_installed'] = 'MyAAC já foi instalado. Se você quiser reinstalar o MyAAC - exclua o arquivo <strong> config.local.php </strong> do diretório principal e atualize a página.';
 
 // welcome
 $locale['step_welcome'] = 'Bem vindo';

system/locale/sv/install.php

@@ -18,7 +18,7 @@ $locale['loaded'] = 'Laddad';
 $locale['not_loaded'] = 'Inte Laddad';
 
 $locale['please_fill_all'] = 'Vänligen fyll i allt!';
-$locale['already_installed'] = 'MyAAC är redan installerat. Vänligen ta bort <b>install/<b/> mappen. Om du vill installera MyAAC igen - ta bort filen <strong>config.local.php</strong> från huvudkatalogen och uppdatera sidan.';
+$locale['already_installed'] = 'MyAAC är redan installerat. Om du vill installera MyAAC igen - ta bort filen <strong>config.local.php</strong> från huvudkatalogen och uppdatera sidan.';
 
 // welcome
 $locale['step_welcome'] = 'Välkommen';

system/pages/account/change-password.php

@@ -22,7 +22,7 @@ csrfProtect();
 $new_password = $_POST['new_password'] ?? null;
 $new_password_confirm = $_POST['new_password_confirm'] ?? null;
 $old_password = $_POST['old_password'] ?? null;
-if(empty($new_password) && empty($new_password_confirm) && empty($old_password)) {
+if(is_null($new_password) && is_null($new_password_confirm) && is_null($old_password)) {
 	$twig->display('account.change-password.html.twig');
 }
 else {

system/pages/account/characters/change-comment.php

@@ -51,6 +51,8 @@ if($player_name != null) {
 						'description' => 'The character information has been changed.'
 					));
 					$show_form = false;
+
+					$hooks->trigger(HOOK_ACCOUNT_CHARACTERS_CHANGE_COMMENT_AFTER_SUCCESS, ['player' => $player]);
 				}
 			}
 		} else {
@@ -70,9 +72,11 @@ if($show_form) {
 	}
 
 	if(isset($player) && $player) {
-		$twig->display('account.characters.change-comment.html.twig', array(
+		$_player = $player->toArray();
-			'player' => $player->toArray()
+		$_player['id'] = $player->id; // Hack, as it's somehow missing in the toArray() function
-		));
+
+		$twig->display('account.characters.change-comment.html.twig', [
+			'player' => $_player,
+		]);
 	}
 }
-?>

system/pages/account/create.php

@@ -160,7 +160,7 @@ if($save)
 	}
 
 	if(setting('core.account_create_character_create')) {
-		$character_name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : null;
+		$character_name = isset($_POST['name']) ? trim(stripslashes($_POST['name'])) : null;
 		$character_sex = isset($_POST['sex']) ? (int)$_POST['sex'] : null;
 		$character_vocation = isset($_POST['vocation']) ? (int)$_POST['vocation'] : null;
 		$character_town = isset($_POST['town']) ? (int)$_POST['town'] : null;

system/pages/account/register-new.php

@@ -48,7 +48,7 @@ else
 					$account_logged->setCustomField('key', $new_rec_key);
 					$account_logged->setCustomField(setting('core.donate_column'), $account_logged->getCustomField(setting('core.donate_column')) - setting('core.account_generate_new_reckey_price'));
 					$account_logged->logAction('Generated new recovery key for ' . setting('core.account_generate_new_reckey_price') . ' premium points.');
-					$message = '<br />Your recovery key were send on email address <b>'.$account_logged->getEMail().'</b> for '.setting('core.account_generate_new_reckey_price').' premium points.';
+					$message = '<br />Your recovery key was sent on email address <b>'.$account_logged->getEMail().'</b> for '.setting('core.account_generate_new_reckey_price').' premium points.';
 				}
 				else
 					$message = '<br /><p class="error">An error occurred while sending email ( <b>'.$account_logged->getEMail().'</b> ) with recovery key! Recovery key not changed. Try again later. For Admin: More info can be found in system/logs/mailer-error.log</p>';

system/pages/forum/edit_post.php

@@ -36,9 +36,9 @@ if(Forum::canPost($account_logged)) {
 	$thread = $db->query("SELECT `author_guid`, `author_aid`, `first_post`, `post_topic`, `post_date`, `post_text`, `post_smile`, `post_html`, `id`, `section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `id` = ".$post_id." LIMIT 1")->fetch();
 	if(isset($thread['id'])) {
 		$first_post = $db->query("SELECT `" . FORUM_TABLE_PREFIX . "forum`.`author_guid`, `" . FORUM_TABLE_PREFIX . "forum`.`author_aid`, `" . FORUM_TABLE_PREFIX . "forum`.`first_post`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_smile`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`id` = ".(int) $thread['first_post']." LIMIT 1")->fetch();
-		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread['first_post']) . '">'.htmlspecialchars($first_post['post_topic']).'</a> >> <b>Edit post</b>';
+		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.escapeHtml($sections[$thread['section']]['name']).'</a> >> <a href="' . getForumThreadLink($thread['first_post']) . '">'.htmlspecialchars($first_post['post_topic']).'</a> >> <b>Edit post</b>';
 
-		if(Forum::hasAccess($thread['section'] && ($account_logged->getId() == $thread['author_aid'] || Forum::isModerator()))) {
+		if(Forum::hasAccess($thread['section']) && ($account_logged->getId() == $thread['author_aid'] || Forum::isModerator())) {
 			$char_id = $post_topic = $text = $smile = $html = null;
 			$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
 			$saved = false;

system/pages/forum/new_post.php

@@ -42,7 +42,7 @@ if(Forum::canPost($account_logged)) {
 	$thread = $db->query("SELECT `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`id` = ".(int) $thread_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".$thread_id." LIMIT 1")->fetch();
 
 	if(isset($thread['id']) && Forum::hasAccess($thread['section'])) {
-		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread_id) . '">'.htmlspecialchars($thread['post_topic']).'</a> >> <b>Post new reply</b><br /><h3>'.htmlspecialchars($thread['post_topic']).'</h3>';
+		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.escapeHtml($sections[$thread['section']]['name']).'</a> >> <a href="' . getForumThreadLink($thread_id) . '">'.htmlspecialchars($thread['post_topic']).'</a> >> <b>Post new reply</b><br /><h3>'.htmlspecialchars($thread['post_topic']).'</h3>';
 
 		$quote = isset($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : NULL;
 		$text = isset($_POST['text']) ? stripslashes(trim($_POST['text'])) : NULL;

system/pages/forum/new_thread.php

@@ -34,7 +34,7 @@ if(Forum::canPost($account_logged)) {
 	$players_from_account = $db->query('SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = '.(int) $account_logged->getId())->fetchAll();
 	$section_id = $_REQUEST['section_id'] ?? null;
 	if($section_id !== null) {
-		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($section_id) . '">' . $sections[$section_id]['name'] . '</a> >> <b>Post new thread</b><br />';
+		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($section_id) . '">' . escapeHtml($sections[$section_id]['name']) . '</a> >> <b>Post new thread</b><br />';
 
 		if(isset($sections[$section_id]['name']) && Forum::hasAccess($section_id)) {
 			if ($sections[$section_id]['closed'] && !Forum::isModerator())

system/pages/forum/show_board.php

@@ -42,7 +42,7 @@ for($i = 0; $i < $threads_count['threads_count'] / setting('core.forum_threads_p
 		$links_to_pages .= '<b>'.($i + 1).' </b>';
 }
 
-echo '<a href="' . getLink('forum') . '">Boards</a> >> <b>'.$sections[$section_id]['name'].'</b>';
+echo '<a href="' . getLink('forum') . '">Boards</a> >> <b>'.escapeHtml($sections[$section_id]['name']).'</b>';
 
 if($logged && (!$sections[$section_id]['closed'] || Forum::isModerator())) {
 	echo '<br /><br />

system/pages/forum/show_thread.php

@@ -70,7 +70,7 @@ foreach($posts as &$post) {
 	}
 
 	$post['group'] = $groupName;
-	$post['player_link'] = getPlayerLink($player->getName());
+	$post['player_link'] = '<a href="' . getPlayerLink($player, false) . '" style="position: relative;">' . $player->getName() . '</a>';
 
 	$post['vocation'] = $player->getVocationName();
 

system/pages/highscores.php

@@ -249,7 +249,7 @@ foreach($highscores as $id => &$player)
 
 		$player['link'] = getPlayerLink($player['name'], false);
 		$player['flag'] = getFlagImage($player['country']);
-		$player['outfit'] = '<img style="position:absolute;margin-top:' . (in_array($player['looktype'], setting('core.outfit_images_wrong_looktypes')) ? '-15px;margin-left:5px' : '-45px;margin-left:-25px') . ';" src="' . $player['outfit_url'] . '" alt="" />';
+		$player['outfit'] = '<img style="position:absolute;margin-top:-50px;margin-left:-30px" src="' . $player['outfit_url'] . '" alt="" />';
 
 		if ($skill != POT::SKILL__LEVEL) {
 			if (isset($lastValue) && $lastValue == $player['value']) {

system/settings.php

@@ -156,7 +156,7 @@ return [
 		'footer' => [
 			'name' => 'Custom Text',
 			'type' => 'textarea',
-			'desc' => 'Text displayed in the footer.<br/>For example: <i>' . escapeHtml('<br/>') . 'Your Server &copy; 2023. All rights reserved.</i>',
+			'desc' => 'Text displayed in the footer.<br/>For example: <i>' . escapeHtml('<br/>') . 'Your Server &copy; ' . date("Y") . '. All rights reserved.</i>',
 			'default' => '',
 		],
 		'footer_load_time' => [
@@ -251,6 +251,28 @@ return [
 			'desc' => 'Allow MyAAC to report anonymous usage statistics to developers? The data is sent only once per 30 days and is fully confidential. It won\'t affect the performance of your website',
 			'default' => true,
 		],
+		[
+			'type' => 'section',
+			'title' => 'Custom HTML',
+		],
+		'html_head' => [
+			'name' => 'HTML Head',
+			'type' => 'textarea',
+			'desc' => escapeHtml('These scripts will be printed in the <head> section. Can be, for example, Google Analytics code.'),
+			'default' => '',
+		],
+		'html_body' => [
+			'name' => 'HTML Body',
+			'type' => 'textarea',
+			'desc' => escapeHtml('These scripts will be printed just below the opening <body> tag.'),
+			'default' => '',
+		],
+		'html_footer' => [
+			'name' => 'HTML Footer',
+			'type' => 'textarea',
+			'desc' => escapeHtml('These scripts will be printed above the closing </body> tag.'),
+			'default' => '',
+		],
 		[
 			'type' => 'category',
 			'title' => 'Game',
@@ -1482,17 +1504,6 @@ Sent by MyAAC,<br/>
 			'desc' => 'Set to animoutfit.php for animated outfit',
 			'default' => 'https://outfit-images.ots.me/latest/outfit.php',
 		],
-		'outfit_images_wrong_looktypes' => [
-			'name' => 'Outfit Images Wrong Looktypes',
-			'type' => 'text',
-			'desc' => 'This looktypes needs to have different margin-top and margin-left because they are wrong positioned',
-			'default' => '75, 126, 127, 266, 302',
-			'callbacks' => [
-				'get' => function ($value) {
-					return array_map('trim', explode(',', $value));
-				},
-			],
-		],
 		[
 			'type' => 'section',
 			'title' => 'Monster Images'

system/src/Commands/GiveAdminCommand.php

@@ -0,0 +1,50 @@
+<?php
+
+namespace MyAAC\Commands;
+
+use MyAAC\Plugins;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Style\SymfonyStyle;
+
+class GiveAdminCommand extends Command
+{
+	protected function configure(): void
+	{
+		$this->setName('give:admin')
+			->setDescription('This command adds super admin privileges to selected user')
+			->addArgument('account', InputArgument::REQUIRED, 'Account E-Mail, name or id');
+	}
+
+	protected function execute(InputInterface $input, OutputInterface $output): int
+	{
+		require SYSTEM . 'init.php';
+
+		$io = new SymfonyStyle($input, $output);
+
+		$account = new \OTS_Account();
+
+		$accountParam = $input->getArgument('account');
+		if (str_contains($accountParam, '@')) {
+			$account->findByEMail($accountParam);
+		}
+		else {
+			if (USE_ACCOUNT_NAME || USE_ACCOUNT_NUMBER) {
+				$account->find($accountParam);
+			}
+			else {
+				$account->load($accountParam);
+			}
+		}
+
+		if (!$account->isLoaded()) {
+			$io->error('Cannot find account with supplied parameter: ' . $accountParam);
+			return self::FAILURE;
+		}
+
+		$account->setCustomField('web_flags', 3);
+		$io->success('Successfully added admin privileges to ' . $accountParam . ' (E-Mail: ' . $account->getEMail() . ')');
+		return self::SUCCESS;
+	}
+}

system/src/Forum.php

@@ -231,6 +231,7 @@ class Forum
 			if(!is_int($rows / 2)) { $bgcolor = 'ABED25'; } else { $bgcolor = '23ED25'; } $rows++;
 			$text = str_ireplace('[code]'.$code.'[/code]', '<i>Code:</i><br /><table cellpadding="0" style="background-color: #'.$bgcolor.'; width: 480px; border-style: dotted; border-color: #CCCCCC; border-width: 2px"><tr><td>'.$code.'</td></tr></table>', $text);
 		}
+
 		$rows = 0;
 		while(stripos($text, '[quote]') !== false && stripos($text, '[/quote]') !== false )
 		{
@@ -238,11 +239,31 @@ class Forum
 			if(!is_int($rows / 2)) { $bgcolor = 'AAAAAA'; } else { $bgcolor = 'CCCCCC'; } $rows++;
 			$text = str_ireplace('[quote]'.$quote.'[/quote]', '<table cellpadding="0" style="background-color: #'.$bgcolor.'; width: 480px; border-style: dotted; border-color: #007900; border-width: 2px"><tr><td>'.$quote.'</td></tr></table>', $text);
 		}
-		$rows = 0;
+
-		while(stripos($text, '[url]') !== false && stripos($text, '[/url]') !== false )
+		$tagsToParse = [
+			'url' => function ($str) {
+				return '<a href="'.$str.'" target="_blank">'.$str.'</a>';
+			},
+			'player' => function ($str) {
+				return generateLink(getPlayerLink($str, false), $str, true);
+			},
+			'guild' => function ($str) {
+				return generateLink(getGuildLink($str, false), $str, true);
+			},
+			'house' => function ($str) {
+				return generateLink(getHouseLink($str, false), $str, true);
+			}
+		];
+
+		foreach ($tagsToParse as $tag => $callback) {
+			while(stripos($text, "[$tag]") !== false && stripos($text, "[/$tag]") !== false
+				&& stripos($text, "[$tag]") < stripos($text, "[/$tag]"))
 			{
-			$url = substr($text, stripos($text, '[url]')+5, stripos($text, '[/url]') - stripos($text, '[url]') - 5);
+				$length = strlen("[$tag]");
-			$text = str_ireplace('[url]'.$url.'[/url]', '<a href="'.$url.'" target="_blank">'.$url.'</a>', $text);
+				$substr = substr($text, stripos($text, "[$tag]") + $length, stripos($text, "[/$tag]") - stripos($text, "[$tag]") - $length);
+
+				$text = str_ireplace('[' . $tag . ']' . $substr . '[/' . $tag . ']', $callback($substr), $text);
+			}
 		}
 
 		$xhtml = false;
@@ -252,9 +273,6 @@ class Forum
 			'#\[u\](.*?)\[/u\]#si' => ($xhtml ? '<span style="text-decoration: underline;">\\1</span>' : '<u>\\1</u>'),
 			'#\[s\](.*?)\[/s\]#si' => ($xhtml ? '<strike>\\1</strike>' : '<s>\\1</s>'),
 
-			'#\[guild\](.*?)\[/guild\]#si' => urldecode(generateLink(getGuildLink('$1', false), '$1', true)),
-			'#\[house\](.*?)\[/house\]#si' => urldecode(generateLink(getHouseLink('$1', false), '$1', true)),
-			'#\[player\](.*?)\[/player\]#si' => urldecode(generateLink(getPlayerLink('$1', false), '$1', true)),
 			// TODO: [poll] tag
 
 			'#\[color=(.*?)\](.*?)\[/color\]#si' => ($xhtml ? '<span style="color: \\1;">\\2</span>' : '<span style="color: \\1">\\2</span>'),

system/src/Models/AccountBan.php

@@ -0,0 +1,18 @@
+<?php
+
+namespace MyAAC\Models;
+use Illuminate\Database\Eloquent\Model;
+
+class AccountBan extends Model {
+
+	protected $table = TABLE_PREFIX . 'account_bans';
+
+	public $timestamps = false;
+
+	protected $fillable = [
+		'account_id',
+		'reason', 'banned_at',
+		'expires_at', 'banned_by'
+	];
+
+}

system/src/Settings.php

@@ -122,6 +122,8 @@ class Settings implements \ArrayAccess
 	public static function display($plugin, $settings): array
 	{
 		$settingsDb = ModelsSettings::where('name', $plugin)->pluck('value', 'key')->toArray();
+
+		if ($plugin === 'core') {
 			$config = [];
 			require BASE . 'config.local.php';
 
@@ -136,6 +138,7 @@ class Settings implements \ArrayAccess
 					$settingsDb[$key] = (string)$value;
 				}
 			}
+		}
 
 		$javascript = '';
 		ob_start();
@@ -184,11 +187,11 @@ class Settings implements \ArrayAccess
 					}
 					?>
 					<h3 id="row_<?= $key ?>" style="text-align: center"><strong><?= $setting['title']; ?></strong></h3>
-					<table class="table table-bordered table-striped">
+					<table class="table table-bordered table-striped table-responsive d-md-table">
 						<thead>
 							<tr>
 								<th style="width: 13%">Name</th>
-								<th style="width: 30%">Value</th>
+								<th style="width: 30%; min-width: 200px">Value</th>
 								<th>Description</th>
 							</tr>
 						</thead>

system/src/Twig/EnvironmentBridge.php

@@ -3,6 +3,7 @@
 namespace MyAAC\Twig;
 
 use Twig\Environment;
+use Twig\Loader\ArrayLoader as Twig_ArrayLoader;
 
 class EnvironmentBridge extends Environment
 {
@@ -25,4 +26,21 @@ class EnvironmentBridge extends Environment
 
 		return parent::render($name, $context);
 	}
+
+	public function renderInline($content, array $context = []): string
+	{
+		$oldLoader = $this->getLoader();
+
+		$twig_loader_array = new Twig_ArrayLoader(array(
+			'content.html' => $content
+		));
+
+		$this->setLoader($twig_loader_array);
+
+		$ret = $this->render('content.html', $context);
+
+		$this->setLoader($oldLoader);
+
+		return $ret;
+	}
 }

system/src/Validator.php

@@ -183,7 +183,7 @@ class Validator
 			return false;
 		}
 
-		// installer doesn't know config.php yet
+		// installer doesn't know settings yet
 		// that's why we need to ignore the nulls
 		if(defined('MYAAC_INSTALL')) {
 			$minLength = 4;
@@ -207,21 +207,15 @@ class Validator
 			return false;
 		}
 
-		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM- [ ] '") != $length)
+		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM ") != $length)
 		{
-			self::$lastError = "Invalid name format. Use only A-Z, spaces and '.";
+			self::$lastError = "This name contains invalid letters. Please use only A-Z, a-z and space!";
 			return false;
 		}
 
 		if(preg_match('/ {2,}/', $name))
 		{
-			self::$lastError = 'Invalid character name format. Use only A-Z and no double spaces.';
+			self::$lastError = 'Invalid character name format. Use only A-Z, a-z and no double spaces.';
-			return false;
-		}
-
-		if(!preg_match("/[A-z ']/", $name))
-		{
-			self::$lastError = "Invalid name format. Use only A-Z, spaces and '.";
 			return false;
 		}
 
@@ -230,17 +224,23 @@ class Validator
 
 	/**
 	 * Validate new character name.
-	 * Name lenght must be 3-25 chars
+	 * Name length must be 3-25 chars
 	 *
 	 * @param  string $name Name to check
 	 * @return bool Is name valid?
 	 */
 	public static function newCharacterName($name)
 	{
-		global $db, $config;
+		global $db;
 
+		$name = trim($name);
 		$name_lower = strtolower($name);
 
+		if(strlen($name) < 1) {
+			self::$lastError = 'Please enter a name.';
+			return false;
+		}
+
 		$first_words_blocked = array_merge(["'", '-'], setting('core.create_character_name_blocked_prefix'));
 		foreach($first_words_blocked as $word) {
 			if($word == substr($name_lower, 0, strlen($word))) {
@@ -249,11 +249,6 @@ class Validator
 			}
 		}
 
-		if(str_ends_with($name_lower, "'") || str_ends_with($name_lower, "-")) {
-			self::$lastError = 'Your name contains illegal characters.';
-			return false;
-		}
-
 		if(substr($name_lower, 1, 1) == ' ') {
 			self::$lastError = 'Your name contains illegal space.';
 			return false;
@@ -265,11 +260,36 @@ class Validator
 		}
 
 		if(preg_match('/ {2,}/', $name)) {
-			self::$lastError = 'Invalid character name format. Use only A-Z and numbers 0-9 and no double spaces.';
+			self::$lastError = 'Invalid character name format. Use only A-Z and no double spaces.';
 			return false;
 		}
 
-		if(strtolower($config['lua']['serverName']) == $name_lower) {
+		if (substr($name[0], 0, 1) !== strtoupper(substr($name[0], 0, 1))) {
+			self::$lastError = 'The first letter of a name has to be a capital letter.';
+			return false;
+		}
+
+		foreach (explode(' ', $name) as $word) {
+			$wordCut = substr($word, 1, strlen($word));
+			$hasUpperCase = preg_match('/[A-Z]/', $wordCut);
+			if ($hasUpperCase) {
+				self::$lastError = 'In names capital letters are only allowed at the beginning of a word.';
+				return false;
+			}
+
+			if (strlen($word) == 1) {
+				self::$lastError = 'This name contains a word with only one letter. Please use more than one letter for each word.';
+				return false;
+			}
+
+			$hasVowel = preg_match('/[aeiouAEIOU]/', $word);
+			if (!$hasVowel) {
+				self::$lastError = 'This name contains a word without vowels. Please choose another name.';
+				return false;
+			}
+		}
+
+		if(strtolower(configLua('serverName')) == $name_lower) {
 			self::$lastError = 'Your name cannot be same as server name.';
 			return false;
 		}

system/src/global.php

@@ -28,6 +28,10 @@ define('HOOK_CHARACTERS_AFTER_CHARACTERS', ++$i);
 define('HOOK_LOGIN', ++$i);
 define('HOOK_LOGIN_ATTEMPT', ++$i);
 define('HOOK_LOGOUT', ++$i);
+define('HOOK_ACCOUNT_CHARACTERS_CHANGE_COMMENT_AFTER_SUCCESS', ++$i);
+define('HOOK_ACCOUNT_CHARACTERS_CHANGE_COMMENT_AFTER_NAME', ++$i);
+define('HOOK_ACCOUNT_CHARACTERS_CHANGE_COMMENT_AFTER_HIDE_ACCOUNT', ++$i);
+define('HOOK_ACCOUNT_CHARACTERS_CHANGE_COMMENT_AFTER_COMMENT', ++$i);
 define('HOOK_ACCOUNT_CHANGE_PASSWORD_AFTER_OLD_PASSWORD', ++$i);
 define('HOOK_ACCOUNT_CHANGE_PASSWORD_AFTER_NEW_PASSWORD', ++$i);
 define('HOOK_ACCOUNT_CHANGE_PASSWORD_POST', ++$i);

system/templates/account.change-email.html.twig

@@ -5,18 +5,18 @@ Please enter your password and the new email address. Make sure that you enter a
 	<table style="width:100%;">
 		<tr>
 			<td class="LabelV" >
-				<span>New Email Address:</span>
+				<label for="new_email">New Email Address:</label>
 			</td>
 			<td style="width:90%;">
-				<input form="form" name="new_email" value="{% if new_email is defined %}{{ new_email }}{% endif %}" size="30" maxlength="50" autofocus/>
+				<input form="form" id="new_email" name="new_email" value="{% if new_email is defined %}{{ new_email }}{% endif %}" size="30" maxlength="50" autofocus/>
 			</td>
 		</tr>
 		<tr>
 			<td class="LabelV">
-				<span >Password:</span>
+				<label for="password">Password:</label>
 			</td>
 			<td>
-				<input form="form" type="password" name="password" size="30" maxlength="29">
+				<input form="form" type="password" id="password" name="password" size="30" maxlength="29">
 			</td>
 		</tr>
 	</table>

system/templates/account.change-info.html.twig

@@ -4,20 +4,26 @@ Here you can tell other players about yourself. This information will be display
 {% set content %}
 <table style="width: 100%;" >
 	<tr>
-		<td class="LabelV">Real Name:</td>
+		<td class="LabelV">
+			<label for="info_rlname">Real Name:</label>
+		</td>
 		<td style="width:90%;" >
-			<input form="form" name="info_rlname" value="{{ account_rlname }}" size="30" maxlength="50" >
+			<input form="form" id="info_rlname" name="info_rlname" value="{{ account_rlname }}" size="30" maxlength="50" >
 		</td>
 	</tr>
 	<tr>
-		<td class="LabelV" >Location:</td>
+		<td class="LabelV">
+			<label for="info_location">Location:</label>
+		</td>
 		<td>
-			<input form="form" name="info_location" value="{{ account_location }}" size="30" maxlength="50" >
+			<input form="form" id="info_location" name="info_location" value="{{ account_location }}" size="30" maxlength="50" >
 		</td>
 	</tr>
 	{% if setting('core.account_country') %}
 	<tr>
-		<td class="LabelV">Country:</td>
+		<td class="LabelV">
+			<label for="account_country">Country:</label>
+		</td>
 		<td>
 			<select form="form" name="info_country" id="account_country">
 				{% for code, country in countries %}

system/templates/account.change-password.html.twig

@@ -6,7 +6,7 @@ Please enter your current password and a new password. For your security, please
 <table style="width:100%;">
 	<tr>
 		<td class="LabelV">
-			<span>Current Password:</span>
+			<label for="old_password">Current Password:</label>
 		</td>
 		<td>
 			<input form="form" type="password" id="old_password" name="old_password" size="30" maxlength="29">
@@ -17,7 +17,7 @@ Please enter your current password and a new password. For your security, please
 
 	<tr>
 		<td class="LabelV">
-			<span>New Password:</span>
+			<label for="new_password">New Password:</label>
 		</td>
 		<td style="width:90%;">
 			<input form="form" type="password" id="new_password" name="new_password" size="30" maxlength="29">
@@ -28,7 +28,7 @@ Please enter your current password and a new password. For your security, please
 
 	<tr>
 		<td class="LabelV">
-			<span>New Password Again:</span>
+			<label for="new_password_confirm">New Password Again:</label>
 		</td>
 		<td>
 			<input form="form" type="password" id="new_password_confirm" name="new_password_confirm" size="30" maxlength="29">

system/templates/account.characters.change-comment.html.twig

@@ -33,6 +33,7 @@ If you do not want to specify a certain field, just leave it blank.<br/><br/>
 													<td class="LabelV">Name:</td>
 													<td style="width:80%;" >{{ player.name }}</td>
 												</tr>
+												{{ hook('HOOK_ACCOUNT_CHARACTERS_CHANGE_COMMENT_AFTER_NAME') }}
 												<tr>
 													<td class="LabelV" >Hide Account:</td>
 													<td>
@@ -42,6 +43,7 @@ If you do not want to specify a certain field, just leave it blank.<br/><br/>
 														{% if player.group_id > 1 %} (you will be also hidden on the Team page!){% endif %}
 													</td>
 												</tr>
+												{{ hook('HOOK_ACCOUNT_CHARACTERS_CHANGE_COMMENT_AFTER_HIDE_ACCOUNT') }}
 											</table>
 										</div>
 									</div>
@@ -65,6 +67,7 @@ If you do not want to specify a certain field, just leave it blank.<br/><br/>
 													<td class="LabelV" ><span>Comment:</span></td>
 													<td style="width:80%;"><textarea name="comment" rows="10" cols="50" wrap="virtual">{{ player.comment|raw }}</textarea><br>[max. length: 2000 chars, 50 lines (ENTERs)]</td>
 												</tr>
+												{{ hook('HOOK_ACCOUNT_CHARACTERS_CHANGE_COMMENT_AFTER_COMMENT') }}
 											</table>
 										</div>
 									</div>

system/templates/account.characters.change-name.html.twig

@@ -1,4 +1,4 @@
-To change a name of character select player and choose a new name.<br/>
+To change the name of a character, select a player and choose a new name.<br/>
 <span style="color: red">Change name cost {{ setting('core.account_change_character_name_price') }} {{ setting('core.donate_column') == 'coins' ? 'coins' : 'premium points' }}. You have {{ points }} {{ setting('core.donate_column') == 'coins' ? 'coins' : 'premium points' }}.</span><br/><br/>
 
 {% set title = 'Change Name' %}
@@ -6,9 +6,11 @@ To change a name of character select player and choose a new name.<br/>
 {% set content %}
 <table style="width:100%;" >
 	<tr>
-		<td class="LabelV" ><span>Character:</span></td>
+		<td class="LabelV">
+			<label for="player_id">Character:</label>
+		</td>
 		<td style="width:90%;" >
-			<select form="form" name="player_id">
+			<select form="form" id="player_id" name="player_id">
 				{% for player in account_logged.getPlayersList(false) %}
 				<option value="{{ player.getId() }}">{{ player.getName() }}</option>
 				{% endfor %}
@@ -16,7 +18,9 @@ To change a name of character select player and choose a new name.<br/>
 		</td>
 	</tr>
 	<tr>
-		<td class="LabelV" ><span>New Name:</span></td>
+		<td class="LabelV">
+			<label for="character_name">New Name:</label>
+		</td>
 		<td>
 			<input form="form" type="text" name="name" id="character_name" size="25" maxlength="25" >
 			<img id="character_indicator" src="images/global/general/{% if not save or errors|length > 0 %}n{% endif %}ok.gif" />

system/templates/account.characters.change-sex.html.twig

@@ -6,9 +6,11 @@ To change a sex of character select player and choose a new sex.<br/>
 {% set content %}
 <table style="width:100%;" >
 	<tr>
-		<td class="LabelV" ><span>Character:</span></td>
+		<td class="LabelV">
+			<label for="player_id">Character:</label>
+		</td>
 		<td style="width:90%;" >
-			<select form="form" name="player_id">
+			<select form="form" id="player_id" name="player_id">
 				{% for player in players %}
 				<option value="{{ player.getId() }}">{{ player.getName() }}</option>
 				{% endfor %}
@@ -16,9 +18,11 @@ To change a sex of character select player and choose a new sex.<br/>
 		</td>
 	</tr>
 	<tr>
-		<td class="LabelV" ><span>New Sex:</span></td>
+		<td class="LabelV">
+			<label for="new_sex">New Sex:</label>
+		</td>
 		<td>
-			<select form="form" name="new_sex">
+			<select form="form" id="new_sex" name="new_sex">
 				{% for id, gender in config.genders %}
 				<option value="{{ id }}"{% if player_sex == id %} selected{% endif %}>{{ gender }}</option>
 				{% endfor %}

system/templates/account.characters.delete.html.twig

@@ -4,15 +4,19 @@ To delete a character enter the name of the character and your password.<br/><br
 {% set content %}
 <table style="width:100%;">
 	<tr>
-		<td class="LabelV" ><span>Character Name:</span></td>
+		<td class="LabelV">
+			<label for="delete_name">Character Name:</label>
+		</td>
 		<td style="width:90%;">
-			<input form="form" name="delete_name" value="" size="30" maxlength="29"/>
+			<input form="form" id="delete_name" name="delete_name" value="" size="30" maxlength="29"/>
 		</td>
 	</tr>
 	<tr>
-		<td class="LabelV" ><span>Password:</span></td>
+		<td class="LabelV">
+			<label for="delete_password">Password:</label>
+		</td>
 		<td>
-			<input form="form" type="password" name="delete_password" size="30" maxlength="29"/>
+			<input form="form" type="password" id="delete_password" name="delete_password" size="30" maxlength="29"/>
 		</td>
 	</tr>
 </table>

system/templates/account.create.html.twig

@@ -48,7 +48,7 @@
 								</tr>
 
 								{% if setting('core.mail_enabled') and setting('core.account_mail_verify') %}
-									<tr><td></td><td><span><strong>Please use real address!<br/>We will send a link to validate your Email.</strong></span></td></tr>
+									<tr><td></td><td><span><strong>Please use a real address!<br/>We will send a link to validate your Email.</strong></span></td></tr>
 								{% endif %}
 
 								{{ hook('HOOK_ACCOUNT_CREATE_AFTER_EMAIL') }}

system/templates/account.generate_new_recovery_key.html.twig

@@ -1,13 +1,15 @@
-To generate new recovery key for your account please enter your password.<br/>
+To generate a new recovery key for your account, please enter your password.<br/>
-<span style="color: red"><b>New recovery key cost {{ setting('core.account_generate_new_reckey_price') }} Premium Points</b>.</span> You have {{ points }} premium points. You will receive e-mail with this recovery key.
+<span style="color: red"><b>New recovery key cost {{ setting('core.account_change_character_name_price') }} {{ setting('core.donate_column') == 'coins' ? 'coins' : 'premium points' }}. You have {{ points }} {{ setting('core.donate_column') == 'coins' ? 'coins' : 'premium points' }}. You will receive an e-mail with this recovery key.
 <br/>
 {% set title = 'Generate recovery key' %}
 {% set background = config('darkborder') %}
 {% set content %}
 <table style="width:100%;">
 	<tr>
-		<td class="LabelV"><span>Password:</span></td>
+		<td class="LabelV">
-		<td><input form="form" type="password" name="reg_password" size="30" maxlength="29" ></td>
+			<label for="reg_password">Password:</label>
+		</td>
+		<td><input form="form" type="password" id="reg_password" name="reg_password" size="30" maxlength="29" ></td>
 	</tr>
 </table>
 {% endset %}
@@ -18,7 +20,7 @@ To generate new recovery key for your account please enter your password.<br/>
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0">
 				<tr>
-					<td style="border:0px;">
+					<td style="border:0;">
 						<form id="form" action="{{ getLink('account/register-new') }}" method="post">
 							{{ csrf() }}
 							<input type="hidden" name="registeraccountsave" value="1">
@@ -31,7 +33,7 @@ To generate new recovery key for your account please enter your password.<br/>
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0">
 				<tr>
-					<td style="border:0px;">
+					<td style="border:0;">
 						<form action="{{ getLink('account/manage') }}" method="post">
 							{{ csrf() }}
 							{{ include('buttons.back.html.twig') }}

system/templates/account.generate_recovery_key.html.twig

@@ -5,10 +5,10 @@ To generate recovery key for your account please enter your password.<br/><br/>
 <table style="width:100%;" >
 	<tr>
 		<td class="LabelV">
-			<span>Password:</span>
+			<label for="reg_password">Password:</label>
 		</td>
 		<td>
-			<input form="form" type="password" name="reg_password" size="30" maxlength="29" autofocus/>
+			<input form="form" type="password" id="reg_password" name="reg_password" size="30" maxlength="29" autofocus/>
 		</td>
 	</tr>
 </table>
@@ -20,7 +20,7 @@ To generate recovery key for your account please enter your password.<br/><br/>
 		<td>
 			<table border="0" cellspacing="0" cellpadding="0" >
 				<tr>
-					<td style="border:0px;">
+					<td style="border:0;">
 						<form id="form" action="{{ getLink('account/register') }}" method="post">
 							{{ csrf() }}
 							<input type="hidden" name="registeraccountsave" value="1"/>

system/templates/account.management.html.twig

@@ -114,7 +114,7 @@
 			</tr>
 			<tr style="background-color: {{ config.darkborder }};" >
 				<td>Last Login:</td>
-				<td>{{ "now"|date("j F Y, G:i:s") }}</td>
+				<td>{{ account_logged.getCustomField('web_lastlogin')|date("j F Y, G:i:s") }}</td>
 			</tr>
 			{% autoescape false %}
 			<tr style="background-color: {{ config.lightborder }};" >
@@ -179,7 +179,7 @@
 				{% set i = i + 1 %}
 				<tr bgcolor="{{ getStyle(i) }}">
 					<td>
-						<a href="{{ getLink('characters/' ~ player.getName()|urlencode) }}">{{ player.getName() }}</a>
+						<a href="{{ getLink('characters/' ~ player.getName()|urlencode) }}">{{ player.getName() }}</a>{% if player.isDeleted() %}<span style="color: red"><b> [ DELETED ] </b></span>{% endif %}
 					</td>
 					<td>{{ player.getLevel() }}</td>
 					<td>{{ player.getVocationName() }}</td>

system/templates/admin.changelog.html.twig

@@ -1,6 +1,6 @@
 <div class="card card-info card-outline">
 	<div class="card-header">
-		<h5 class="m-0">News:
+		<h5 class="m-0">Changelogs:
 			<form method="post" class="float-right">
 				{{ csrf() }}
 				<input type="hidden" name="action" value="new" />

system/templates/admin.settings.html.twig

@@ -37,21 +37,31 @@
 {% for key, value in settings %}
 	{% if value.show_if is defined %}
 		$(function () {
-			$('input[name="settings[{{ value.show_if[0] }}]"]').change(function () {
+			{% set inputType = 'input' %}
+
+			{% if settings[value.show_if[0]]['type'] == 'options' %}
+				{% set inputType = 'select' %}
+			{% endif %}
+
+			$('{{ inputType }}[name="settings[{{ value.show_if[0] }}]"]').change(function () {
 				performChecks_{{ key }}(this);
 			});
 
 			{% if settings[value.show_if[0]]['type'] == 'boolean' %}
 			performChecks_{{ key }}('input[name="settings[{{ value.show_if[0] }}]"]:checked');
 			{% else %}
-			performChecks_{{ key }}('input[name="settings[{{ value.show_if[0] }}]"]');
+			performChecks_{{ key }}('{{ inputType }}[name="settings[{{ value.show_if[0] }}]"]');
 			{% endif %}
 		});
 
 		function performChecks_{{ key }}(el)
 		{
 			let success = false;
+
 			let thisVal = $(el).val();
+			{% if settings[value.show_if[0]]['type'] == 'options' %}
+			thisVal = $(el).find(":selected").val();
+			{% endif %}
 
 			let operator = '{{ value.show_if[1]|raw }}';
 			if (operator === '>') {

system/templates/characters.html.twig

@@ -17,7 +17,7 @@
 		{% endif %}
 		<table border="0" cellspacing="1" cellpadding="4" width="100%">
 			{% if config.characters.outfit %}
-			<div style="width:64px;height:64px;border:2px solid #F1E0C6; border-radius:50px; padding:13px; margin-top:38px;margin-left:376px;position:absolute;"><img style="margin-left:{% if player.getLookType() in setting('core.outfit_images_wrong_looktypes') %}-0px;margin-top:-0px;width:64px;height:64px;{% else %}-60px;margin-top:-60px;width:128px;height:128px;{% endif %}" src="{{ outfit }}" alt="player outfit"/></div>
+			<div style="width:64px;height:64px;border:2px solid #F1E0C6; border-radius:50px; padding:13px; margin-top:38px;margin-left:376px;position:absolute;"><img style="margin-left:-60px;margin-top:-60px;width:128px;height:128px;" src="{{ outfit }}" alt="player outfit"/></div>
 			{% endif %}
 
 			<tr bgcolor="{{ config.vdarkborder }}">

system/templates/forum.new_post.html.twig

@@ -1,7 +1,7 @@
 <form action="?" method="post">
 	{{ csrf() }}
 	<input type="hidden" name="action" value="new_post" />
-	<input type="hidden" name="thread_id" value=" {{ thread_id }}" />
+	<input type="hidden" name="thread_id" value="{{ thread_id }}" />
 	<input type="hidden" name="subtopic" value="forum" />
 	<input type="hidden" name="save" value="save" />
 	<table width="100%">
@@ -43,7 +43,8 @@
 		</tr>
 	</table>
 	<div style="text-align:center">
-		<input type="submit" value="Post Reply" />
+		{% set button_name = 'Post Reply' %}
+		{{ include('buttons.base.html.twig') }}
 	</div>
 </form>
 

system/templates/forum.new_thread.html.twig

@@ -44,6 +44,7 @@
 		</tr>
 	</table>
 	<div style="text-align:center">
-		<input type="submit" value="Post Thread" />
+		{% set button_name = 'Post Thread' %}
+		{{ include('buttons.base.html.twig') }}
 	</div>
 </form>

system/templates/forum.show_thread.html.twig

@@ -24,7 +24,7 @@ Page: {{ links_to_pages|raw }}<br/>
 		{% set i = i + 1 %}
 		<td valign="top">{{ post.player_link|raw }}<br/>
 			{% if post.outfit is defined %}
-			<img style="margin-left:{% if post.player.getLookType() in setting('core.outfit_images_wrong_looktypes') %}-0px;margin-top:-0px;width:64px;height:64px;{% else %}-60px;margin-top:-60px;width:128px;height:128px;{% endif %}" src="{{ post.outfit }}" alt="player outfit"/>
+			<img style="margin-left:-60px;margin-top:-60px;width:128px;height:128px;" src="{{ post.outfit }}" alt="player outfit"/>
 			<br />
 			{% endif %}
 			<span style="font-size: 10px">

system/templates/guilds.leave_guild.html.twig

@@ -6,7 +6,7 @@
 		<td class="white"><b>Leave guild</b></td></tr>
 	{% if players|length > 0 %}
 	<tr bgcolor="{{ config.lightborder }}">
-		<td width="100%">Select character to leave guild:</td>
+		<td width="100%">Select a character to leave the guild:</td>
 	</tr>
 	<tr bgcolor="{{ config.darkborder }}">
 		<td>

system/templates/guilds.manager.html.twig

@@ -105,7 +105,8 @@ Here you can change names of ranks, delete and add ranks, pass leadership to oth
 				<form action="{{ getLink('guilds') }}?guild={{ guild.getName() }}&action=delete_rank" method="post" style="display: inline;">
 					{{ csrf() }}
 					<input type="hidden" name="rankid" value="{{ rank.getId() }}" />
-					<input type="image" src="/images/news/delete.png" border="0" alt="Delete" />
+
+					<input type="submit" value="Delete" />
 				</form>
 			</td>
 			<td>

system/templates/online.html.twig

@@ -4,24 +4,35 @@
 <br/>
 {% endif %}
 
+<br/>
+
 {# vocation statistics #}
 {% if setting('core.online_vocations') %}
-<br/>
+
+	{% set title = 'Vocation statistics' %}
+	{% set tableClass = 'Table3' %}
+	{% set background = config('darkborder') %}
+	{% set content %}
+
 	{% if setting('core.online_vocations_images') %}
-	<table width="200" cellspacing="1" cellpadding="0" border="0" align="center">
+	<table width="200" cellspacing="1" cellpadding="0" border="0" align="center" class="myaac-table">
-		<tr bgcolor="{{ config.darkborder }}">
+		<thead>
-			<td><img src="images/sorcerer.png" /></td>
+		<tr>
-			<td><img src="images/druid.png" /></td>
-			<td><img src="images/paladin.png" /></td>
-			<td><img src="images/knight.png" /></td>
-		</tr>
-		<tr bgcolor="{{ config.vdarkborder }}">
 			<td class="white" style="text-align: center;"><strong>Sorcerers</strong></td>
 			<td class="white" style="text-align: center;"><strong>Druids</strong></td>
 			<td class="white" style="text-align: center;"><strong>Paladins</strong></td>
 			<td class="white" style="text-align: center;"><strong>Knights</strong></td>
 		</tr>
-		<tr bgcolor="{{ config.lightborder }}">
+		</thead>
+
+		<tr>
+			<td><img src="images/sorcerer.png" /></td>
+			<td><img src="images/druid.png" /></td>
+			<td><img src="images/paladin.png" /></td>
+			<td><img src="images/knight.png" /></td>
+		</tr>
+
+		<tr>
 			<td style="text-align: center;">{{ vocs[1] }}</td>
 			<td style="text-align: center;">{{ vocs[2] }}</td>
 			<td style="text-align: center;">{{ vocs[3] }}</td>
@@ -30,29 +41,29 @@
 	</table>
 	<div style="text-align: center;">&nbsp;</div>
 	{% else %}
-	<table border="0" cellspacing="1" cellpadding="4" width="100%">
+	<table border="0" cellspacing="1" cellpadding="4" width="100%" class="myaac-table">
-		<tr bgcolor="{{ config.vdarkborder }}">
-			<td class="white" colspan="2"><b>Vocation statistics</b></td>
-		</tr>
-
 		{% for i in 1..config.vocations_amount %}
-		<tr bgcolor="{{ getStyle(i) }}">
+		<tr>
 			<td width="25%">{{ config.vocations[i] }}</td>
 			<td width="75%">{{ vocs[i] }}</td>
 		</tr>
 		{% endfor %}
 	</table>
-<br/>
+	<br/>
 	{% endif %}
+
+{% endset %}
+{% include 'tables.headline.html.twig' %}
+
 {% endif %}
 
 <br/>
 
 {# show skulls #}
 {% if setting('core.online_skulls') %}
-<table width="100%" cellspacing="1">
+<table width="100%" cellspacing="1" class="myaac-table">
 	<tr>
-		<td style="background: {{ config.darkborder }};" align="center">
+		<td align="center">
 			<img src="images/white_skull.gif"/> - 1 - 6 Frags<br/>
 			<img src="images/red_skull.gif"/> - 6+ Frags or Red Skull<br/>
 			<img src="images/black_skull.gif"/> - 10+ Frags or Black Skull
@@ -125,23 +136,24 @@
 {% set title = 'Players Online' %}
 {% set tableClass = 'Table2' %}
 {% set content %}
-<table width="100%">
+<table width="100%" class="myaac-table">
-	<tr class="LabelH" style="position: relative; z-index: 20;">
+
+	<tr class="LabelH" style="z-index: 20;">
 		{% if setting('core.account_country') %}
-			<td width="11px"><a href="{{ getLink('online')}}?order=country_{{ order == 'country_asc' ? 'desc' : 'asc' }}">#&#160;&#160;</a>
+			<td style="width: 6px;"><a href="{{ getLink('online')}}?order=country_{{ order == 'country_asc' ? 'desc' : 'asc' }}">#&#160;&#160;</a>
 			</td>
 		{% endif %}
 		{% if setting('core.online_outfit') %}
-			<td><b>Outfit</b></td>
+			<td style="width: 32px;"><b>Outfit</b></td>
 		{% endif %}
-		<td style="text-align:left; width:50%">Name&#160;&#160;
+		<td style="text-align:left;">Name&#160;&#160;
 			<small style="font-weight:normal">[<a href="{{ getLink('online')}}?order=name_{{ order == 'name_asc' ? 'desc' : 'asc' }}">sort</a>]</small>
 			<img class="sortarrow" src="images/{{ order == 'name_asc' ? 'order_desc' : (order == 'name_desc' ? 'order_asc' : 'news/blank') }}.gif"/></td>
-		<td style="text-align:left;width:30%">Level&#160;&#160;
+		<td style="text-align:left;width:10%">Level&#160;&#160;
 			<small style="font-weight:normal">[<a href="{{ getLink('online')}}?order=level_{{ order == 'level_asc' ? 'desc' : 'asc' }}">sort</a>]</small>
 			<img class="sortarrow" src="images/{{ order == 'level_asc' ? 'order_desc' : (order == 'level_desc' ? 'order_asc' : 'news/blank') }}.gif"/>
 		</td>
-		<td style="text-align:left;width:50%">Vocation&#160;&#160;
+		<td style="text-align:left;width:20%">Vocation&#160;&#160;
 			<small style="font-weight:normal">[<a href="{{ getLink('online')}}?order=vocation_{{ order == 'vocation_asc' ? 'desc' : 'asc' }}">sort</a>]</small>
 			<img class="sortarrow" src="images/{{ order == 'vocation_asc' ? 'order_desc' : (order == 'vocation_desc' ? 'order_asc' : 'news/blank') }}.gif"/>
 		</td>
@@ -151,20 +163,20 @@
 	{% for player in players %}
 		{% set i = i + 1 %}
 
-		<tr style="background: {{ getStyle(i) }}; text-align: right; height: 40px;">
+		<tr style="text-align: right; height: 40px;">
 			{% if setting('core.account_country') %}
 				<td>{{ player.country_image|raw }}</td>
 			{% endif %}
 
 			{% if setting('core.online_outfit') %}
-				<td width="5%"><img style="position:absolute;margin-top:-48px;margin-left:-70px;" src="{{ player.outfit }}" alt="player outfit"/></td>
+				<td><img style="position:absolute;margin-top:-48px;margin-left:-70px;" src="{{ player.outfit }}" alt="player outfit"/></td>
 			{% endif %}
 
-			<td style="width:70%; text-align:left">
+			<td style="text-align:left">
 				{{ player.name|raw }}{{ player.skull|raw }}
 			</td>
-			<td style="width:10%">{{ player.level }}</td>
+			<td>{{ player.level }}</td>
-			<td style="width:20%">{{ player.vocation }}</td>
+			<td>{{ player.vocation }}</td>
 		</tr>
 	{% endfor %}
 </table>

system/templates/team.html.twig

@@ -47,7 +47,7 @@
 
 					{% if setting('core.team_outfit') %}
 					<td>
-						<img style="position: absolute; margin-top: {% if member.player.looktype in setting('core.outfit_images_wrong_looktypes') %}-16px;margin-left:-0px;{% else %} -45px; margin-left: -30px;{%  endif %}" src="{{ member.outfit }}" alt="player outfit"/>
+						<img style="position: absolute; margin-top: -50px; margin-left: -30px;" src="{{ member.outfit }}" alt="player outfit"/>
 					</td>
 					{% endif %}
 
@@ -127,7 +127,7 @@
 				<tr bgcolor="{{ getStyle(i) }}" style="height: 32px;">
 				{% if setting('core.team_outfit') %}
 				<td>
-					<img style="position: absolute; margin-top: {% if member.player.looktype in setting('core.outfit_images_wrong_looktypes') %}-16px;margin-left:-0px;{% else %} -45px; margin-left: -30px;{%  endif %}" src="{{ member.outfit }}" alt="player outfit"/>
+					<img style="position: absolute; margin-top: -50px; margin-left: -30px;" src="{{ member.outfit }}" alt="player outfit"/>
 				</td>
 				{% endif %}
 

templates/kathrine/news.html.twig

@@ -2,9 +2,9 @@
 	<div class="NewsHeadline">
 		<div class="NewsHeadlineBackground" style="background-image:url({{template_path }}/images/news/newsheadline_background.gif)">
 			<img src="{{ constant('BASE_URL') }}images/news/icon_{{ icon }}.gif" class="NewsHeadlineIcon" />
-			<div class="NewsHeadlineDate">{{ date|date(config.news_date_format) }} - </div>
+			<div class="NewsHeadlineDate">{{ date|date(setting('core.news_date_format')) }} - </div>
 			<div class="NewsHeadlineText">{{ title }}</div>
-			{% if author is not empty %}
+			{% if setting('core.news_author') and author is not empty %}
 			<div class="NewsHeadlineAuthor"><b>Author: </b><i>{{ author }}</i></div>
 			{% endif %}
 		</div>

templates/tibiacom/account.management.html.twig

@@ -151,7 +151,7 @@
 						</tr>
 						<tr style="background-color: {{ config.darkborder }};" >
 							<td class="LabelV" >Last Login:</td>
-							<td>{{ "now"|date("j F Y, G:i:s") }}</td>
+							<td>{{ account_logged.getCustomField('web_lastlogin')|date("j F Y, G:i:s") }}</td>
 						</tr>
 						{% autoescape false %}
 						<tr style="background-color: {{ config.lightborder }};">

templates/tibiacom/boxes/templates/highscores.html.twig

@@ -46,7 +46,7 @@
     {% for player in topPlayers %}
 	    <div style="text-align:left"><a href="{{ getPlayerLink(player['name'], false) }} " class="topfont {% if player['online'] %}online{% else %}offline{% endif %}">
 			{% if setting('core.online_outfit') %}
-				<img style="position:absolute;margin-top:{% if player.looktype in setting('core.outfit_images_wrong_looktypes') %}-20px;margin-left:-0px;{% else %}-45px;margin-left:-25px;{%  endif %}" src="{{ player.outfit }}" alt="player outfit"/>
+				<img style="position:absolute;margin-top:-45px;margin-left:-25px;" src="{{ player.outfit }}" alt="player outfit"/>
 			{% endif %}
 				<span style="color: #CCC; margin-left: 40px">{{ player['rank'] }} - </span>
 				{{ player['name'] }}

tools/signature/index.php

@@ -35,14 +35,14 @@
 	if(!isset($_REQUEST['name']))
 		die('Please enter name as get or post parameter.');
 
-	$name = stripslashes(ucwords(strtolower(trim($_REQUEST['name']))));
 	$player = new OTS_Player();
-	$player->find($name);
+	$player->find($_REQUEST['name']);
 
 	if(!$player->isLoaded())
 	{
-		header('Content-type: image/png');
+		//header('Content-type: image/png');
-		readfile(SIGNATURES_IMAGES.'nocharacter.png');
+		//readfile(SIGNATURES_IMAGES.'nocharacter.png');
+		http_response_code(404);
 		exit;
 	}
 

tools/validate.php

@@ -63,10 +63,7 @@ else if(isset($_GET['email']))
 }
 else if(isset($_GET['name']))
 {
-	$name = $_GET['name'];
+	$name = trim(stripslashes($_GET['name']));
-	if(!admin()) {
-		$name = strtolower(stripslashes($name));
-	}
 
 	if(!Validator::characterName($name)) {
 		error_(Validator::getLastError());
@@ -81,7 +78,12 @@ else if(isset($_GET['name']))
 		error_($errors['name']);
 	}
 
-	success_('Good. Your name will be:<br /><b>' . (admin() ? $name : ucwords($name)) . '</b>');
+	$extraText = '';
+	if (admin()) {
+		$extraText = "<br/>Note: You are logged in as admin, so you can create almost any name without rules.";
+	}
+
+	success_("Good. Your name will be:<br /><b>$name</b>$extraText");
 }
 else if(isset($_GET['password']) && isset($_GET['password_confirm'])) {
 	$password = $_GET['password'];