myaac/system/pages/account/change_comment.php

<?php
/**
 * Change comment
 *
 * @package   MyAAC
 * @author    Gesior <jerzyskalski@wp.pl>
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2017 MyAAC
 * @version   0.6.4
 * @link      http://my-aac.org
 */
defined('MYAAC') or die('Direct access not allowed!');

$player_name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
$new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
$new_hideacc = isset($_POST['accountvisible']) ? (int)$_POST['accountvisible'] : NULL;

if($player_name != null) {
	if (Validator::characterName($player_name)) {
		$player = new OTS_Player();
		$player->find($player_name);
		if ($player->isLoaded()) {
			$player_account = $player->getAccount();
			if ($account_logged->getId() == $player_account->getId()) {
				if (isset($_POST['changecommentsave']) && $_POST['changecommentsave'] == 1) {
					$player->setCustomField("hidden", $new_hideacc);
					$player->setCustomField("comment", $new_comment);
					$account_logged->logAction('Changed comment for character <b>' . $player->getName() . '</b>.');
					echo $twig->render('success.html.twig', array(
						'title' => 'Character Information Changed',
						'description' => 'The character information has been changed.'
					));
					$show_form = false;
				}
			} else {
				$errors[] = 'Error. Character <b>' . $player_name . '</b> is not on your account.';
			}
		} else {
			$errors[] = "Error. Character with this name doesn't exist.";
		}
	} else {
		$errors[] = 'Error. Name contain illegal characters.';
	}
}
else {
	$errors[] = 'Please enter character name.';
}

if($show_form) {
	if(!empty($errors)) {
		echo $twig->render('error_box.html.twig', array('errors' => $errors));
	}
	
	if(isset($player)) {
		echo $twig->render('account.change_comment.html.twig', array(
			'player' => $player
		));
	}
}
?>