feat: update sync myaac (#8)

Synced commits from slawkens repository.

.github/workflows/phplint.yml

@@ -0,0 +1,16 @@
+name: PHP Linting
+on:
+    pull_request:
+        branches: [master]
+    push:
+        branches: [master]
+
+jobs:
+    phplint:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v3
+            - uses: overtrue/[email protected]
+              with:
+                  path: .
+                  options: --exclude="system/libs/polyfill-mbstring/bootstrap80.php"

.gitignore

@@ -3,16 +3,36 @@ Thumbs.db
 .idea
 # git rm --cached -r .idea
 
+# composer
+composer.lock
+vendor
+
 # npm
 node_modules
 
+# cypress
+cypress.env.json
+cypress/e2e/2-advanced-examples
+
+# created by release.sh
+releases
+tmp
+
 config.local.php
-logs/
+
+# all custom templates
+templates/*
+!templates/tibiacom
+!templates/kathrine
 
 # guild images
 images/guilds/*
 !images/guilds/default.gif
 
+# editor images
+images/editor/*
+!images/editor/index.html
+
 # cache
 system/cache/*
 !system/cache/index.html
@@ -27,7 +47,23 @@ system/php_sessions/*
 # logs
 system/logs/*
 !system/logs/index.html
+logs/
 
 # data
 system/data/*
 !system/data/index.html
+
+# plugins
+plugins/*
+!plugins/.htaccess
+!plugins/example.json
+!plugins/account-create-hint.json
+!plugins/account-create-hint
+!plugins/email-confirmed-reward.json
+!plugins/email-confirmed-reward
+!plugins/email-confirmed-reward.json
+!plugins/email-confirmed-reward
+landing
+
+# others/rest
+system/pages/downloads.php

CHANGELOG.md

@@ -1,5 +1,90 @@
 # Changelog
 
+## [0.8.10 - 18.05.2023]
+
+### Changed
+* PHP 7.2.5 is now required, cause of Twig 2.x
+* allow pages to be placed in templates folder, under pages/ subfolder
+
+### Fixed
+* Twig error with global variable on create account
+* links/redirects from facebook, etc. like ?fbclid=x
+* do not allow to continue install when there is no server database imported
+* cannot go forward when config.local.php cannot be saved
+* when server uses another items serializer
+* small bug on install
+
+## [0.8.9 - 16.03.2023]
+
+### Added
+* You can now disable server status checking for testing purposes, useful for local testing when there is no server running
+    * with this, the page won't need 2 seconds to load
+    * set status_enabled to false in config.php
+* new buttons code for tibiacom template, can create button with any text
+* patched some small changes from develop branch
+
+### Changed
+* add .git to denied folders in nginx-sample.conf
+* plugins folder is now accessible from outside
+* add plugins folder to twig search paths
+
+### Fixed
+* player save with new ipv6
+* more php 8.x compatibility
+* rel path for exception message, causing message to be not in red background
+
+## [0.8.8 - 18.02.2023]
+
+### Added
+* mail confirmed reward
+* support for latest group changes in TFS
+* new function: escapeHtml
+
+### Updated
+* TinyMCE to v4.9.1 (latest release in 4.x series)
+* Twig to v2.15.4
+
+### Changed
+* you can now place custom pages in your template directory under pages/ folder
+* HOOK_LOGOUT parameters, now only account_id is passed
+
+### Fixed
+* ipv6 introduced in latest TFS
+* config.account_premium_days
+* better compatibility with GesiorAAC
+* PHP 8.1 compatibility
+* myaac_ db table detection failure
+* reload creatures error, when items cache has been cleared
+
+### Removed
+* accounts.blocked column, which is not used by AAC
+
+## [0.8.7 - 31.08.2022]
+### Added
+* login.php for client 12.x is now part of official repo
+* browsehappy code
+* config use character sample skill (#201, @gpedro)
+* custom words blocked (#190, @gpedro)
+
+### Changed
+* save php sessions in myaac dir
+* don't count deleted players when creating new character
+
+### Fixed
+* patch vulnerability in change_rank.php (#194, @gesior, @thatmichaelguy)
+* fix guild invite page (#196, @worthdavi)
+* players not showing on highscores page (#195)
+* highscores page bug with high pages
+* $player->getStorage() does not work at all (#169, @gesior)
+* copying sample character when it have items with quotes (#200, @gpedro)
+* IPv6 issue when env is set to dev (#171)
+* admin page changed feet to match body colour (#174, @silic0nalph4)
+* exception being thrown when creating duplicated character name (#191)
+* rules page formatting (#177, @silic0nalph4)
+* account character create if auto_login is enabled
+* undefined variable notice on database_log enabled
+* removed VERSION file
+
 ## [0.8.6 - 10.07.2021]
 This update contains very important security fix.
 

CONTRIBUTORS.txt

@@ -0,0 +1,9 @@
+# automatically exported using this script:
+# git log --all --format='%cN <%cE>' | sort -u > contributors
+# in no particular order
+# cleaned for readability
+
+Elson Costa <[email protected]>
+Majesty <[email protected]>
+lucaslking <[email protected]>
+slawkens <[email protected]>

CREDITS

@@ -1,2 +1,3 @@
 * Gesior.pl (2007 - 2008)
 * Slawkens (2009 - 2020)
+* Contributors listed in CONTRIBUTORS.txt

admin/index.php

@@ -1,38 +1,36 @@
-
-
 <?php
 // few things we'll need
 require '../common.php';
 
-if(file_exists(BASE . 'config.local.php')) {
-	require_once BASE . 'config.local.php';
-}
+define('ADMIN_PANEL', true);
+define('MYAAC_ADMIN', true);
 
-if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed']))
-{
-	header('Location: ' . BASE_URL . 'install/');
-	throw new RuntimeException('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
+if (file_exists(BASE . 'config.local.php')) {
+    require_once BASE . 'config.local.php';
 }
 
-define('ADMIN_PANEL', true);
+if (file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed'])) {
+    header('Location: ' . BASE_URL . 'install/');
+    throw new RuntimeException('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
+}
 
 $content = '';
 
 // validate page
 $page = isset($_GET['p']) ? $_GET['p'] : '';
-if(empty($page) || preg_match("/[^a-zA-Z0-9_\-]/", $page))
-	$page = 'dashboard';
+if (empty($page) || preg_match("/[^a-zA-Z0-9_\-]/", $page))
+    $page = 'dashboard';
 
 $page = strtolower($page);
 define('PAGE', $page);
 
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
 
-if(config('env') === 'dev') {
-	ini_set('display_errors', 1);
-	ini_set('display_startup_errors', 1);
-	error_reporting(E_ALL);
+if (config('env') === 'dev') {
+    ini_set('display_errors', 1);
+    ini_set('display_startup_errors', 1);
+    error_reporting(E_ALL);
 }
 
 // event system
@@ -49,15 +47,15 @@
 $twig->addGlobal('status', $status);
 
 // if we're not logged in - show login box
-if(!$logged || !admin()) {
-	$page = 'login';
+if (!$logged || !admin()) {
+    $page = 'login';
 }
 
 // include our page
 $file = ADMIN . 'pages/' . $page . '.php';
-if(!@file_exists($file)) {
-	$page = '404';
-	$file = SYSTEM . 'pages/404.php';
+if (!@file_exists($file)) {
+    $page = '404';
+    $file = SYSTEM . 'pages/404.php';
 }
 
 ob_start();
@@ -71,7 +69,7 @@
 require ADMIN . $template_path . 'template.php';
 ?>
 
-<?php if($config['pace_load'] == true){ ?>
-<script src="../admin/bootstrap/pace/pace.js"></script>
-<link href="../admin/bootstrap/pace/themes/white/pace-theme-flash.css" rel="stylesheet" />
-<?php } ?>
+<?php if ($config['pace_load'] == true) { ?>
+    <script src="../admin/bootstrap/pace/pace.js"></script>
+    <link href="../admin/bootstrap/pace/themes/white/pace-theme-flash.css" rel="stylesheet"/>
+<?php } ?>

admin/pages/accounts.php

@@ -272,11 +272,15 @@ class="form-horizontal col-md-8">
 						</div>
 					</div>
 					<div class="row">
-						<?php
-						$acc_group = $account->getAccGroupId();
-						if ($hasTypeColumn) {
-							$acc_type = array("Normal", "Tutor", "Senior Tutor", "Gamemaster", "God"); ?>
-							<div class="col-6">
+                        <?php
+                        $acc_group = $account->getAccGroupId();
+                        if ($hasTypeColumn) {
+                            $groups = new OTS_Groups_List();
+                            $acc_type = ($groups->getHighestId() == 6)
+                                ? ["Normal", "Tutor", "Senior Tutor", "Gamemaster", "Community Manager", "God"]
+                                : ["Normal", "Tutor", "Senior Tutor", "Gamemaster", "God"];
+                            ?>
+                            <div class="col-6">
 								<label for="group" class="control-label">Account Type:</label>
 								<select name="group" id="group" class="form-control">
 									<?php foreach ($acc_type as $id => $a_type): ?>

admin/pages/mailer.php

@@ -60,7 +60,7 @@
 	else {
 		$failed++;
 		echo '<br />';
-		error('An error occorred while sending email to <b>' . $email['email'] . '</b>. For Admin: More info can be found in system/logs/mailer-error.log');
+		error('An error occurred while sending email to <b>' . $email['email'] . '</b>. For Admin: More info can be found in system/logs/mailer-error.log');
 	}
 }
 

admin/pages/menus.php

@@ -89,13 +89,13 @@
 		if (isset($menus[$id])) {
 			$i = 0;
 			foreach ($menus[$id] as $menu) {
-				echo '<li class="ui-state-default" id="list-' . $id . '-' . $i . '"><label>Name: </label><input type="text" name="menu[' . $id . '][]" value="' . $menu['name'] . '"/>
+				echo '<li class="ui-state-default" id="list-' . $id . '-' . $i . '"><label>Name: </label><input type="text" name="menu[' . $id . '][]" value="' . escapeHtml($menu['name']) . '"/>
 				<label>Link: </label><input type="text" name="menu_link[' . $id . '][]" value="' . $menu['link'] . '"/>
 				<input type="hidden" name="menu_blank[' . $id . '][]" value="0" />
 				<label><input class="blank-checkbox" type="checkbox" ' . ($menu['blank'] == 1 ? 'checked' : '') . '/> <span title="Open in New Window">Open in New Window</span></label>
-				
+
 				<input class="color-picker" type="text" name="menu_color[' . $id . '][]" value="#' . $menu['color'] . '" />
-				
+
 				<a class="btn btn-danger" id="remove-button-' . $id . '-' . $i . '"><i class="fas fa-trash-alt text-white" title="Remove"></i></a></li>';
 
 				$i++;
@@ -134,4 +134,4 @@
 	$twig->display('admin.menus.form.html.twig', array(
 		'templates' => $templates
 	));
-}
+}

admin/pages/news.php

@@ -117,7 +117,7 @@
 		'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'add'),
 		'news_id' => isset($id) ? $id : null,
 		'title' => isset($p_title) ? $p_title : '',
-		'body' => isset($body) ? htmlentities($body, ENT_COMPAT, 'UTF-8') : '',
+		'body' => isset($body) ? escapeHtml($body) : '',
 		'type' => isset($type) ? $type : null,
 		'player' => isset($player) && $player->isLoaded() ? $player : null,
 		'player_id' => isset($player_id) ? $player_id : null,

admin/pages/pages.php

@@ -105,7 +105,7 @@
 	'title' => $p_title,
 	'php' => $php,
 	'enable_tinymce' => $enable_tinymce,
-	'body' => isset($body) ? htmlentities($body, ENT_COMPAT, 'UTF-8') : '',
+	'body' => isset($body) ? escapeHtml($body) : '',
 	'groups' => $groups->getGroups(),
 	'access' => $access
 ));

admin/pages/players.php

@@ -332,17 +332,17 @@ function verify_number($number, $name, $max_length)
 			<div class="">
 				<div class="box box-primary">
 					<div class="box-body">
-						
-						
-							
+
+
+
 							<nav>
 								<div class="nav nav-tabs" id="nav-tab" role="tablist">
 									<button class="nav-link active" id="nav-player-tab" data-bs-toggle="tab" data-bs-target="#nav-player" type="button" role="tab" aria-controls="nav-player" aria-selected="true">Player</button>
 									<button class="nav-link" id="nav-stats-tab" data-bs-toggle="tab" data-bs-target="#nav-stats" type="button" role="tab" aria-controls="nav-stats" aria-selected="false">Stats</button>
 									<button class="nav-link" id="nav-skills-tab" data-bs-toggle="tab" data-bs-target="#nav-skills" type="button" role="tab" aria-controls="nav-skills" aria-selected="false">Skills</button>
 									<button class="nav-link" id="nav-poslook-tab" data-bs-toggle="tab" data-bs-target="#nav-poslook" type="button" role="tab" aria-controls="nav-poslook" aria-selected="false">Pos/Look</button>
 									<button class="nav-link" id="nav-misc-tab" data-bs-toggle="tab" data-bs-target="#nav-misc" type="button" role="tab" aria-controls="nav-misc" aria-selected="false">Misc</button>
-									
+
 								</div>
 							</nav>
 							<div class="tab-content" id="nav-tabContent">
@@ -694,11 +694,12 @@ class="slider form-control" id="look_feet" name="look_feet">
 										</div>
 										<div class="col-6">
 											<label for="lastip" class="control-label">Last IP:</label>
-											<input type="text" class="form-control" id="lastip" name="lastip"
-												   autocomplete="off"
-												   maxlength="10" value="<?php echo longToIp($player->getLastIP()); ?>"
-												   readonly/>
-										</div>
+                                            <input type="text" class="form-control" id="lastip" name="lastip"
+                                                   autocomplete="off"
+                                                   maxlength="10"
+                                                   value="<?= (strlen($player->getLastIP()) > 11) ? inet_ntop($player->getLastIP()) : longToIp($player->getLastIP()); ?>"
+                                                   readonly/>
+                                        </div>
 									</div>
 									<?php if ($db->hasColumn('players', 'loss_experience')): ?>
 										<div class="row">
@@ -892,4 +893,4 @@ function updateOutfit()
             $("#player_outfit").attr("src", new_outfit);
             console.log(new_outfit);
         }
-	</script>
+	</script>