set version to 0.10.1 for maintenance release

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

.codecov.yml

@@ -0,0 +1,4 @@
+codecov:
+  notify:
+    require_ci_to_pass: no
+

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+custom: ['https://paypal.me/Froxlor']

.gitignore

@@ -1,6 +1,7 @@
 install/update.log
 templates/*
 lib/userdata.inc.php
+lib/userdata.inc.php.bak
 logs/*
 !logs/index.html
 .buildpath

.travis.yml

@@ -1,11 +1,9 @@
 language: php
-
+dist: bionic
+services:
+  - docker
 php:
-#  - "5.4"
-#  - "5.6"
-#  - "7.0"
-  - "7.1"
-#  - "7.2"
+  - 7.3
 
 branches:
   only:
@@ -14,47 +12,56 @@ branches:
 
 matrix:
   include:
- #   - php: 5.6
- #     env: deps=highest
- #   - php: 5.4
- #     env: deps=lowest
-    - php: 7.1
-      env: deps=highest
-
-mysql:
-  database: froxlor010
-  username: root
-  encoding: utf8
+    - php: 7.3
+      env: "DOCKER_MYSQL_TYPE=mysql DOCKER_MYSQL_VERSION=5.6"
+    - php: 7.3
+      env: "DOCKER_MYSQL_TYPE=mysql DOCKER_MYSQL_VERSION=5.7"
+    - php: 7.3
+      env: "DOCKER_MYSQL_TYPE=mysql DOCKER_MYSQL_VERSION=8.0 STARTCMD='mysqld --default-authentication-plugin=mysql_native_password'"
+    - php: 7.3
+      env: "DOCKER_MYSQL_TYPE=mariadb DOCKER_MYSQL_VERSION=10.3"
+    - php: 7.3
+      env: "DOCKER_MYSQL_TYPE=mariadb DOCKER_MYSQL_VERSION=10.4"
 
 addons:
   apt:
     update: true
 
-# build.xml includes that
-#install:
-#  - composer install
+before_install:
+  - export MYSQL_DATABASE=froxlor010
+  - docker run -d --name mysql -e MYSQL_ROOT_PASSWORD=fr0xl0r.TravisCI -e MYSQL_DATABASE=$MYSQL_DATABASE -p 3306:3306 $DOCKER_MYSQL_TYPE:$DOCKER_MYSQL_VERSION $STARTCMD
+  - sudo apt-get install -y ant
+  - >
+    export tries=0;
+    export max_tries=20;
+    while [[ true ]]; do
+      tries=$((tries + 1));
+      echo "waiting for database server to start up... [$tries]";
+      sleep 5;
+      # Now see that today's table is there, which would indicate that the cron job ran.
+      mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -s -e 'SHOW VARIABLES LIKE "%version%";'
+      look_exit=$?;
+      if [[ "$look_exit" = "0" ]]; then echo "Database server successfully started"; break; fi;
+      if [[ "$tries" -ge "$max_tries" ]]; then echo "Database server did not start in time"; exit 1; break; fi;
+    done;
 
-service:
-  - mysql
-
-before_script:
-  - mysql -e 'CREATE DATABASE IF NOT EXISTS froxlor010'
-  - echo "USE mysql;\nUPDATE user SET password=PASSWORD('fr0xl0r.TravisCI') WHERE user='root';\nFLUSH PRIVILEGES;\n" | mysql -u root
-  - mysql -u root -pfr0xl0r.TravisCI froxlor010 < install/froxlor.sql
-  - mysql -u root -pfr0xl0r.TravisCI -e "CREATE USER 'froxlor010'@'localhost' IDENTIFIED BY 'fr0xl0r.TravisCI';"
-  - mysql -u root -pfr0xl0r.TravisCI -e "GRANT ALL ON froxlor010.* TO 'froxlor010'@'localhost';"
+install:
+  - mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "CREATE DATABASE IF NOT EXISTS froxlor010;"
+  - mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "CREATE USER 'froxlor010'@'%' IDENTIFIED BY 'fr0xl0r.TravisCI';"
+  - mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "GRANT ALL ON froxlor010.* TO 'froxlor010'@'%';"
+  - mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI froxlor010 < install/froxlor.sql
 
 script:
-# sufficient for travis
-   - ant phpunit-no-coverage
-#  - ant full-build-parallel
-#      -Dpdepend=$(pwd)/vendor/bin/pdepend
-#      -Dphpmd=$(pwd)/vendor/bin/phpmd
-#      -Dphpcpd=$(pwd)/vendor/bin/phpcpd
-#      -Dphpcs=$(pwd)/vendor/bin/phpcs
-#      -Dphploc=$(pwd)/vendor/bin/phploc
-#      -Dphpdox=$(pwd)/vendor/bin/phpdox
-#      -Dphpunit=$(pwd)/vendor/bin/phpunit
+  - ant phpunit
+
+after_success:
+  - bash <(curl -s https://codecov.io/bash) -f "build/logs/clover.xml"
 
 notifications:
   irc: "irc.freenode.org#froxlor"
+  webhooks:
+    urls:
+      - https://webhooks.gitter.im/e/bdf91d1c3f745e51f796
+    on_success: always
+    on_failure: always
+    on_start: never

README.md

@@ -1,4 +1,5 @@
 [![Build Status](https://travis-ci.com/Froxlor/Froxlor.svg?branch=master)](https://travis-ci.com/Froxlor/Froxlor)
+[![Gitter](https://badges.gitter.im/Froxlor/community.svg)](https://gitter.im/Froxlor/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 
 # Froxlor
 
@@ -53,7 +54,7 @@ https://files.froxlor.org/releases/froxlor-latest.tar.gz [MD5](https://files.fro
 [HowTo](https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-on-debian)
 
 /etc/apt/sources.list.d/froxlor.list
-> deb http://debian.froxlor.org {wheezy|jessie|stretch} main
+> deb http://debian.froxlor.org {stretch|buster} main
 
 ### Gentoo repository
 

actions/admin/settings/131.ssl.php

@@ -54,6 +54,16 @@ return array(
 					'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128',
 					'save_method' => 'storeSettingField'
 				),
+				'system_tlsv13_cipher_list' => array(
+					'label' => $lng['serversettings']['ssl']['tlsv13_cipher_list'],
+					'settinggroup' => 'system',
+					'varname' => 'tlsv13_cipher_list',
+					'type' => 'string',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'visible' => \Froxlor\Settings::Get('system.webserver') == "apache2" && \Froxlor\Settings::Get('system.apache24') == 1,
+					'save_method' => 'storeSettingField',
+				),
 				'system_ssl_cert_file' => array(
 					'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
 					'settinggroup' => 'system',
@@ -128,7 +138,7 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'leapiversion',
 					'type' => 'option',
-					'default' => '1',
+					'default' => '2',
 					'option_mode' => 'one',
 					'option_options' => array(
 						'1' => 'ACME v1',

actions/admin/settings/136.phpfpm.php

@@ -99,7 +99,7 @@ return array(
 					'settinggroup' => 'phpfpm',
 					'varname' => 'use_mod_proxy',
 					'type' => 'bool',
-					'default' => false,
+					'default' => true,
 					'visible' => \Froxlor\Settings::Get('system.apache24'),
 					'save_method' => 'storeSettingField'
 				),

actions/admin/settings/160.nameserver.php

@@ -107,6 +107,22 @@ return array(
 					'default' => false,
 					'save_method' => 'storeSettingField'
 				),
+				'system_dns_createcaaentry' => array(
+					'label' => $lng['serversettings']['caa_entry'],
+					'settinggroup' => 'system',
+					'varname' => 'dns_createcaaentry',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField'
+				),
+				'caa_caa_entry' => array(
+					'label' => $lng['serversettings']['caa_entry_custom'],
+					'settinggroup' => 'caa',
+					'varname' => 'caa_entry',
+					'type' => 'text',
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
 				'system_defaultttl' => array(
 					'label' => $lng['serversettings']['defaultttl'],
 					'settinggroup' => 'system',

admin_autoupdate.php

@@ -43,8 +43,11 @@ if ($page == 'overview') {
 	$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, "checking auto-update");
 
 	// check for new version
-	$latestversion = HttpClient::urlGet(UPDATE_URI);
-
+	try {
+		$latestversion = HttpClient::urlGet(UPDATE_URI, true, 3);
+	} catch (\Exception $e) {
+		\Froxlor\UI\Response::dynamic_error("Version-check currently unavailable, please try again later");
+	}
 	$latestversion = explode('|', $latestversion);
 
 	if (is_array($latestversion) && count($latestversion) >= 1) {
@@ -175,6 +178,8 @@ elseif ($page == 'extract') {
 			$zip->close();
 			// success - remove unused archive
 			@unlink($localArchive);
+			// wait a bit before we redirect to be sure
+			sleep(2);
 		} else {
 			// error
 			\Froxlor\UI\Response::redirectTo($filename, array(

admin_customers.php

@@ -91,10 +91,16 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
 					'cid' => $row['customerid']
 				));
 
-				$row['webspace_used'] = round($usages['webspace'] / 1024, $dec_places);
-				$row['mailspace_used'] = round($usages['mail'] / 1024, $dec_places);
-				$row['dbspace_used'] = round($usages['mysql'] / 1024, $dec_places);
-
+				if ($usages)
+				{
+					$row['webspace_used'] = round($usages['webspace'] / 1024, $dec_places);
+					$row['mailspace_used'] = round($usages['mail'] / 1024, $dec_places);
+					$row['dbspace_used'] = round($usages['mysql'] / 1024, $dec_places);
+				} else {
+					$row['webspace_used'] = 0;
+					$row['mailspace_used'] = 0;
+					$row['dbspace_used'] = 0;
+				}
 				$row['traffic_used'] = round($row['traffic_used'] / (1024 * 1024), $dec_places);
 				$row['traffic'] = round($row['traffic'] / (1024 * 1024), $dec_places);
 				$row['diskspace_used'] = round($row['diskspace_used'] / 1024, $dec_places);

admin_logger.php

@@ -83,7 +83,7 @@ if ($page == 'log' && $userinfo['change_serversettings'] == '1') {
 						case \Froxlor\FroxlorLogger::LOGIN_ACTION:
 							$_action = $lng['logger']['login'];
 							break;
-						case LOG_ERROR:
+						case \Froxlor\FroxlorLogger::LOG_ERROR:
 							$_action = $lng['logger']['intern'];
 							break;
 						default:

admin_plans.php

@@ -17,6 +17,7 @@
 define('AREA', 'admin');
 require './lib/init.php';
 
+use Froxlor\Api\Commands\HostingPlans;
 use Froxlor\Database\Database;
 use Froxlor\Settings;
 
@@ -69,22 +70,26 @@ if ($page == '' || $page == 'overview') {
 		eval("echo \"" . \Froxlor\UI\Template::getTemplate("plans/plans") . "\";");
 	} elseif ($action == 'delete' && $id != 0) {
 
-		$result_stmt = Database::prepare("
-			SELECT * FROM `" . TABLE_PANEL_PLANS . "` WHERE `id` = :id");
-		$result = Database::pexecute_first($result_stmt, array(
-			'id' => $id
-		));
+		try {
+			$json_result = HostingPlans::getLocal($userinfo, array(
+				'id' => $id
+			))->get();
+		} catch (Exception $e) {
+			\Froxlor\UI\Response::dynamic_error($e->getMessage());
+		}
+		$result = json_decode($json_result, true)['data'];
 
 		if ($result['id'] != 0 && $result['id'] == $id && (int) $userinfo['adminid'] == $result['adminid']) {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 
-				$del_stmt = Database::prepare("
-					DELETE FROM `" . TABLE_PANEL_PLANS . "` WHERE `id` = :id");
-				Database::pexecute($del_stmt, array(
-					'id' => $id
-				));
+				try {
+					HostingPlans::getLocal($userinfo, array(
+						'id' => $id
+					))->delete();
+				} catch (Exception $e) {
+					\Froxlor\UI\Response::dynamic_error($e->getMessage());
+				}
 
-				$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "Plan '" . $result['name'] . "' has been deleted by '" . $userinfo['loginname'] . "'");
 				\Froxlor\UI\Response::redirectTo($filename, array(
 					'page' => $page,
 					's' => $s
@@ -102,113 +107,11 @@ if ($page == '' || $page == 'overview') {
 	} elseif ($action == 'add') {
 
 		if (isset($_POST['send']) && $_POST['send'] == 'send') {
-			$name = \Froxlor\Validate\Validate::validate($_POST['name'], 'name');
-			$description = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $_POST['description']), 'description', '/^[^\0]*$/');
-
-			$value_arr = array();
-
-			if (empty($name)) {
-				\Froxlor\UI\Response::standard_error('stringmustntbeempty', 'name');
+			try {
+				HostingPlans::getLocal($userinfo, $_POST)->add();
+			} catch (Exception $e) {
+				\Froxlor\UI\Response::dynamic_error($e->getMessage());
 			}
-
-			$value_arr['diskspace'] = (int)($_POST['diskspace']);
-			if (isset($_POST['diskspace_ul'])) {
-				$value_arr['diskspace'] = - 1;
-			}
-
-			$value_arr['traffic'] = $_POST['traffic'];
-			if (isset($_POST['traffic_ul'])) {
-				$value_arr['traffic'] = - 1;
-			}
-
-			$value_arr['subdomains'] = (int)($_POST['subdomains']);
-			if (isset($_POST['subdomains_ul'])) {
-				$value_arr['subdomains'] = - 1;
-			}
-
-			$value_arr['emails'] = (int)($_POST['emails']);
-			if (isset($_POST['emails_ul'])) {
-				$value_arr['emails'] = - 1;
-			}
-
-			$value_arr['email_accounts'] = (int)($_POST['email_accounts']);
-			if (isset($_POST['email_accounts_ul'])) {
-				$value_arr['email_accounts'] = - 1;
-			}
-
-			$value_arr['email_forwarders'] = (int)($_POST['email_forwarders']);
-			if (isset($_POST['email_forwarders_ul'])) {
-				$value_arr['email_forwarders'] = - 1;
-			}
-
-			if (Settings::Get('system.mail_quota_enabled') == '1') {
-				$value_arr['email_quota'] = \Froxlor\Validate\Validate::validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong', array(
-					'0',
-					''
-				));
-				if (isset($_POST['email_quota_ul'])) {
-					$value_arr['email_quota'] = - 1;
-				}
-			} else {
-				$value_arr['email_quota'] = - 1;
-			}
-
-			$value_arr['email_imap'] = 0;
-			if (isset($_POST['email_imap'])) {
-				$value_arr['email_imap'] = (int)($_POST['email_imap']);
-			}
-
-			$value_arr['email_pop3'] = 0;
-			if (isset($_POST['email_pop3'])) {
-				$value_arr['email_pop3'] = (int)($_POST['email_pop3']);
-			}
-
-			$value_arr['ftps'] = (int)($_POST['ftps']);
-			if (isset($_POST['ftps_ul'])) {
-				$value_arr['ftps'] = - 1;
-			}
-
-			$value_arr['mysqls'] = (int)($_POST['mysqls']);
-			if (isset($_POST['mysqls_ul'])) {
-				$value_arr['mysqls'] = - 1;
-			}
-
-			$value_arr['phpenabled'] = 0;
-			if (isset($_POST['phpenabled'])) {
-				$value_arr['phpenabled'] = intval($_POST['phpenabled']);
-			}
-
-			$value_arr['allowed_phpconfigs'] = array();
-			if (isset($_POST['allowed_phpconfigs']) && is_array($_POST['allowed_phpconfigs'])) {
-				foreach ($_POST['allowed_phpconfigs'] as $allowed_phpconfig) {
-					$allowed_phpconfig = intval($allowed_phpconfig);
-					$value_arr['allowed_phpconfigs'][] = $allowed_phpconfig;
-				}
-			}
-
-			$value_arr['perlenabled'] = 0;
-			if (isset($_POST['perlenabled'])) {
-				$value_arr['perlenabled'] = intval($_POST['perlenabled']);
-			}
-
-			$value_arr['dnsenabled'] = 0;
-			if (isset($_POST['dnsenabled'])) {
-				$value_arr['dnsenabled'] = intval($_POST['dnsenabled']);
-			}
-
-			$ins_stmt = Database::prepare("
-				INSERT INTO `" . TABLE_PANEL_PLANS . "`
-				SET `adminid` = :adminid, `name` = :name, `description` = :desc, `value` = :valuearr, `ts` = UNIX_TIMESTAMP();
-			");
-			$ins_data = array(
-				'adminid' => $userinfo['adminid'],
-				'name' => $name,
-				'desc' => $description,
-				'valuearr' => json_encode($value_arr)
-			);
-			Database::pexecute($ins_stmt, $ins_data);
-
-			$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_WARNING, "added plan '" . $name . "'");
 			\Froxlor\UI\Response::redirectTo($filename, array(
 				'page' => $page,
 				's' => $s
@@ -266,11 +169,14 @@ if ($page == '' || $page == 'overview') {
 			eval("echo \"" . \Froxlor\UI\Template::getTemplate("plans/plans_add") . "\";");
 		}
 	} elseif ($action == 'edit' && $id != 0) {
-		$result_stmt = Database::prepare("
-			SELECT * FROM `" . TABLE_PANEL_PLANS . "` WHERE `id` = :id");
-		$result = Database::pexecute_first($result_stmt, array(
-			'id' => $id
-		));
+		try {
+			$json_result = HostingPlans::getLocal($userinfo, array(
+				'id' => $id
+			))->get();
+		} catch (Exception $e) {
+			\Froxlor\UI\Response::dynamic_error($e->getMessage());
+		}
+		$result = json_decode($json_result, true)['data'];
 
 		if ($result['name'] != '') {
 
@@ -284,110 +190,13 @@ if ($page == '' || $page == 'overview') {
 
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 
-				$name = \Froxlor\Validate\Validate::validate($_POST['name'], 'name');
-				$description = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $_POST['description']), 'description', '/^[^\0]*$/');
-
-				$value_arr = array();
-
-				$value_arr['diskspace'] = (int)($_POST['diskspace']);
-				if (isset($_POST['diskspace_ul'])) {
-					$value_arr['diskspace'] = - 1;
+				try {
+					HostingPlans::getLocal($userinfo, array(
+						'id' => $id
+					))->update();
+				} catch (Exception $e) {
+					\Froxlor\UI\Response::dynamic_error($e->getMessage());
 				}
-
-				$value_arr['traffic'] = $_POST['traffic'];
-				if (isset($_POST['traffic_ul'])) {
-					$value_arr['traffic'] = - 1;
-				}
-
-				$value_arr['subdomains'] = (int)($_POST['subdomains']);
-				if (isset($_POST['subdomains_ul'])) {
-					$value_arr['subdomains'] = - 1;
-				}
-
-				$value_arr['emails'] = (int)($_POST['emails']);
-				if (isset($_POST['emails_ul'])) {
-					$value_arr['emails'] = - 1;
-				}
-
-				$value_arr['email_accounts'] = (int)($_POST['email_accounts']);
-				if (isset($_POST['email_accounts_ul'])) {
-					$value_arr['email_accounts'] = - 1;
-				}
-
-				$value_arr['email_forwarders'] = (int)($_POST['email_forwarders']);
-				if (isset($_POST['email_forwarders_ul'])) {
-					$value_arr['email_forwarders'] = - 1;
-				}
-
-				if (Settings::Get('system.mail_quota_enabled') == '1') {
-					$value_arr['email_quota'] = \Froxlor\Validate\Validate::validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong', array(
-						'0',
-						''
-					));
-					if (isset($_POST['email_quota_ul'])) {
-						$value_arr['email_quota'] = - 1;
-					}
-				} else {
-					$value_arr['email_quota'] = - 1;
-				}
-
-				$value_arr['email_imap'] = 0;
-				if (isset($_POST['email_imap'])) {
-					$value_arr['email_imap'] = (int)($_POST['email_imap']);
-				}
-
-				$value_arr['email_pop3'] = 0;
-				if (isset($_POST['email_pop3'])) {
-					$value_arr['email_pop3'] = (int)($_POST['email_pop3']);
-				}
-
-				$value_arr['ftps'] = (int)($_POST['ftps']);
-				if (isset($_POST['ftps_ul'])) {
-					$value_arr['ftps'] = - 1;
-				}
-
-				$value_arr['mysqls'] = (int)($_POST['mysqls']);
-				if (isset($_POST['mysqls_ul'])) {
-					$value_arr['mysqls'] = - 1;
-				}
-
-				$value_arr['phpenabled'] = 0;
-				if (isset($_POST['phpenabled'])) {
-					$value_arr['phpenabled'] = intval($_POST['phpenabled']);
-				}
-
-				$value_arr['allowed_phpconfigs'] = array();
-				if (isset($_POST['allowed_phpconfigs']) && is_array($_POST['allowed_phpconfigs'])) {
-					foreach ($_POST['allowed_phpconfigs'] as $allowed_phpconfig) {
-						$allowed_phpconfig = intval($allowed_phpconfig);
-						$value_arr['allowed_phpconfigs'][] = $allowed_phpconfig;
-					}
-				}
-
-				$value_arr['perlenabled'] = 0;
-				if (isset($_POST['perlenabled'])) {
-					$value_arr['perlenabled'] = intval($_POST['perlenabled']);
-				}
-
-				$value_arr['dnsenabled'] = 0;
-				if (isset($_POST['dnsenabled'])) {
-					$value_arr['dnsenabled'] = intval($_POST['dnsenabled']);
-				}
-
-				$ins_stmt = Database::prepare("
-					UPDATE `" . TABLE_PANEL_PLANS . "`
-					SET `name` = :name, `description` = :desc, `value` = :valuearr, `ts` = UNIX_TIMESTAMP()
-					WHERE `id` = :id
-				");
-				$ins_data = array(
-					'name' => $name,
-					'desc' => $description,
-					'valuearr' => json_encode($value_arr),
-					'id' => $id
-				);
-				Database::pexecute($ins_stmt, $ins_data);
-
-				$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_WARNING, "updated plan '" . $name . "'");
 				\Froxlor\UI\Response::redirectTo($filename, array(
 					'page' => $page,
 					's' => $s
@@ -502,11 +311,14 @@ if ($page == '' || $page == 'overview') {
 		}
 	} elseif ($action == 'jqGetPlanValues') {
 		$planid = isset($_POST['planid']) ? (int) $_POST['planid'] : 0;
-		$result_stmt = Database::prepare("
-			SELECT * FROM `" . TABLE_PANEL_PLANS . "` WHERE `id` = :id");
-		$result = Database::pexecute_first($result_stmt, array(
-			'id' => $planid
-		));
+		try {
+			$json_result = HostingPlans::getLocal($userinfo, array(
+				'id' => $planid
+			))->get();
+		} catch (Exception $e) {
+			\Froxlor\UI\Response::dynamic_error($e->getMessage());
+		}
+		$result = json_decode($json_result, true)['data'];
 		echo $result['value'];
 		exit();
 	}

api_keys.php

@@ -88,15 +88,17 @@ if ($action == 'delete') {
 	$valid_until = isset($_POST['valid_until']) ? (int) $_POST['valid_until'] : - 1;
 
 	// validate allowed_from
-	$ip_list = array_map('trim', explode(",", $allowed_from));
-	$_check_list = $ip_list;
-	foreach ($_check_list as $idx => $ip) {
-		if (\Froxlor\Validate\Validate::validate_ip2($ip, true, 'invalidip', true, true) == false) {
-			unset($ip_list[$idx]);
+	if (! empty($allowed_from)) {
+		$ip_list = array_map('trim', explode(",", $allowed_from));
+		$_check_list = $ip_list;
+		foreach ($_check_list as $idx => $ip) {
+			if (\Froxlor\Validate\Validate::validate_ip2($ip, true, 'invalidip', true, true) == false) {
+				unset($ip_list[$idx]);
+			}
 		}
+		$ip_list = array_map('inet_ntop', array_map('inet_pton', $ip_list));
+		$allowed_from = implode(",", array_unique($ip_list));
 	}
-	$ip_list = array_map('inet_ntop', array_map('inet_pton', $ip_list));
-	$allowed_from = implode(",", array_unique($ip_list));
 
 	if ($valid_until <= 0 || ! is_numeric($valid_until)) {
 		$valid_until = - 1;

build.xml

@@ -226,14 +226,29 @@
 		<property name="phpcpd.done" value="true" />
 	</target>
 
-	<target name="phpunit" unless="phpunit.done" depends="composer"
+	<target name="phpunit-prepare" unless="phpunit-prepare.done" depends="composer"
+		description="prepare xdebug unit tests">
+		<exec executable="${phpunit}" resultproperty="result.phpunit-prepare"
+			taskname="phpunit">
+			<arg value="--configuration" />
+			<arg path="${basedir}/phpunit.xml" />
+			<arg value="--dump-xdebug-filter" />
+			<arg path="${basedir}/tests/xdebug-filter.php" />
+		</exec>
+
+		<property name="phpunit-prepare.done" value="true" />
+	</target>
+
+	<target name="phpunit" unless="phpunit.done" depends="phpunit-prepare"
 		description="Run unit tests with PHPUnit">
-		<exec executable="${phpunit}" resultproperty="result.phpunit"
+		<exec executable="${phpunit}" failonerror="true" resultproperty="result.phpunit"
 			taskname="phpunit">
 			<arg value="--configuration" />
 			<arg path="${basedir}/phpunit.xml" />
 			<arg value="--testsuite" />
 			<arg value="froxlor" />
+			<arg value="--prepend" />
+			<arg path="${basedir}/tests/xdebug-filter.php" />
 		</exec>
 
 		<property name="phpunit.done" value="true" />

composer.json

@@ -30,7 +30,7 @@
 		"docs": "https://github.com/Froxlor/Froxlor/wiki"
 	},
 	"require": {
-		"php": ">=5.6",
+		"php": ">=7.0",
 		"ext-session": "*",
 		"ext-ctype": "*",
 		"ext-pdo": "*",
@@ -49,17 +49,16 @@
 		"algo26-matthias/idna-convert": "^2.1"
 	},
 	"require-dev": {
-		"phpunit/phpunit": "6.5.13",
-		"pdepend/pdepend": "2.5.0",
-		"phpmd/phpmd": "2.6.0",
-		"sebastian/phpcpd": "3.0.1",
-		"squizlabs/php_codesniffer": "3.3.2",
-		"phploc/phploc": "3.0.1",
-		"theseer/phpdox": "0.11.2",
-		"phpunit/php-invoker": "1.1.4",
-		"php": ">=7.1",
+		"phpunit/phpunit": "^8",
+		"php": ">=7.3",
 		"ext-pcntl": "*",
-		"phpcompatibility/php-compatibility": "*"
+		"phpcompatibility/php-compatibility": "*",
+		"squizlabs/php_codesniffer": "*",
+		"pdepend/pdepend": "^2.5",
+		"sebastian/phpcpd": "^4.1",
+		"theseer/phpdox": "^0.12.0",
+		"phploc/phploc": "^5.0",
+		"phpmd/phpmd": "^2.6"
 	},
 	"suggest": {
 		"ext-bcmath": "*",

customer_domains.php

@@ -369,7 +369,7 @@ if ($page == 'overview') {
 					$domains .= \Froxlor\UI\HTML::makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id'], $result['aliasdomain']);
 				}
 
-				if (preg_match('/^https?\:\/\//', $result['documentroot']) && \Froxlor\Validate\Form\Data::validateUrl($result['documentroot'])) {
+				if (preg_match('/^https?\:\/\//', $result['documentroot']) && \Froxlor\Validate\Validate::validateUrl($result['documentroot'])) {
 					if (Settings::Get('panel.pathedit') == 'Dropdown') {
 						$urlvalue = $result['documentroot'];
 						$pathSelect = \Froxlor\FileDir::makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
@@ -480,6 +480,17 @@ if ($page == 'overview') {
 } elseif ($page == 'domainssleditor') {
 
 	if ($action == '' || $action == 'view') {
+
+		// get domain
+		try {
+			$json_result = SubDomains::getLocal($userinfo, array(
+				'id' => $id
+			))->get();
+		} catch (Exception $e) {
+			\Froxlor\UI\Response::dynamic_error($e->getMessage());
+		}
+		$result_domain = json_decode($json_result, true)['data'];
+
 		if (isset($_POST['send']) && $_POST['send'] == 'send') {
 			$do_insert = isset($_POST['do_insert']) ? (($_POST['do_insert'] == 1) ? true : false) : false;
 			try {

customer_index.php

@@ -93,11 +93,17 @@ if ($page == 'overview') {
 		'cid' => $userinfo['customerid']
 	));
 
+	if ($usages)
+	{
+		$userinfo['diskspace_used'] = round($usages['webspace'] / 1024, Settings::Get('panel.decimal_places'));
+		$userinfo['mailspace_used'] = round($usages['mail'] / 1024, Settings::Get('panel.decimal_places'));
+		$userinfo['dbspace_used'] = round($usages['mysql'] / 1024, Settings::Get('panel.decimal_places'));
+	} else {
+		$userinfo['diskspace_used'] = 0;
+		$userinfo['mailspace_used'] = 0;
+		$userinfo['dbspace_used'] = 0;
+	}
 	$userinfo['diskspace'] = round($userinfo['diskspace'] / 1024, Settings::Get('panel.decimal_places'));
-	$userinfo['diskspace_used'] = round($usages['webspace'] / 1024, Settings::Get('panel.decimal_places'));
-	$userinfo['mailspace_used'] = round($usages['mail'] / 1024, Settings::Get('panel.decimal_places'));
-	$userinfo['dbspace_used'] = round($usages['mysql'] / 1024, Settings::Get('panel.decimal_places'));
-
 	$userinfo['traffic'] = round($userinfo['traffic'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 	$userinfo['traffic_used'] = round($userinfo['traffic_used'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 	$userinfo = \Froxlor\PhpHelper::strReplaceArray('-1', $lng['customer']['unlimited'], $userinfo, 'diskspace traffic mysqls emails email_accounts email_forwarders email_quota ftps subdomains');

customer_logger.php

@@ -96,7 +96,7 @@ if ($page == 'log') {
 						case \Froxlor\FroxlorLogger::LOGIN_ACTION:
 							$_action = $lng['logger']['login'];
 							break;
-						case LOG_ERROR:
+						case \Froxlor\FroxlorLogger::LOG_ERROR:
 							$_action = $lng['logger']['intern'];
 							break;
 						default:

dns_editor.php

@@ -108,11 +108,16 @@ if (! empty($dom_entries)) {
 $type_select_values = array(
 	'A',
 	'AAAA',
-	'NS',
+	'CAA',
+	'CNAME',
+	'DNAME',
+	'LOC',
 	'MX',
+	'NS',
+	'RP',
 	'SRV',
+	'SSHFP',
 	'TXT',
-	'CNAME'
 );
 asort($type_select_values);
 foreach ($type_select_values as $_type) {

doc/example/FroxlorAPI.php

@@ -148,6 +148,11 @@ class FroxlorAPI
 	 */
 	public function getLastResponse(): array
 	{
+		if (!empty($this->getLastError())) {
+			// nothing is returned when the last call
+			// was not successful
+			return [];
+		}
 		return $this->last_body;
 	}
 

install/froxlor.sql

@@ -132,6 +132,7 @@ CREATE TABLE `panel_admins` (
   `custom_notes_show` tinyint(1) NOT NULL default '0',
   `type_2fa` tinyint(1) NOT NULL default '0',
   `data_2fa` varchar(500) NOT NULL default '',
+  `api_allowed` tinyint(1) NOT NULL default '1',
    PRIMARY KEY  (`adminid`),
    UNIQUE KEY `loginname` (`loginname`)
 ) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
@@ -199,6 +200,7 @@ CREATE TABLE `panel_customers` (
   `allowed_phpconfigs` varchar(500) NOT NULL default '',
   `type_2fa` tinyint(1) NOT NULL default '0',
   `data_2fa` varchar(500) NOT NULL default '',
+  `api_allowed` tinyint(1) NOT NULL default '1',
   `logviewenabled` tinyint(1) NOT NULL default '0',
    PRIMARY KEY  (`customerid`),
    UNIQUE KEY `loginname` (`loginname`)
@@ -375,6 +377,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('admin', 'show_news_feed', '0'),
 	('admin', 'show_version_login', '0'),
 	('admin', 'show_version_footer', '0'),
+	('caa', 'caa_entry', ''),
 	('spf', 'use_spf', '0'),
 	('spf', 'spf_entry', '"v=spf1 a mx -all"'),
 	('dkim', 'dkim_algorithm', 'all'),
@@ -404,7 +407,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('phpfpm', 'defaultini', '1'),
 	('phpfpm', 'vhost_defaultini', '2'),
 	('phpfpm', 'fastcgi_ipcdir', '/var/lib/apache2/fastcgi/'),
-	('phpfpm', 'use_mod_proxy', '0'),
+	('phpfpm', 'use_mod_proxy', '1'),
 	('phpfpm', 'ini_flags', 'asp_tags
 display_errors
 display_startup_errors
@@ -561,6 +564,7 @@ opcache.interned_strings_buffer'),
 	('system', 'mod_fcgid_defaultini', '1'),
 	('system', 'ftpserver', 'proftpd'),
 	('system', 'dns_createmailentry', '0'),
+	('system', 'dns_createcaaentry', '1'),
 	('system', 'froxlordirectlyviahostname', '0'),
 	('system', 'report_enable', '1'),
 	('system', 'report_webmax', '90'),
@@ -613,7 +617,7 @@ opcache.interned_strings_buffer'),
 	('system', 'letsencryptkeysize', '4096'),
 	('system', 'letsencryptreuseold', 0),
 	('system', 'leenabled', '0'),
-	('system', 'leapiversion', '1'),
+	('system', 'leapiversion', '2'),
 	('system', 'backupenabled', '0'),
 	('system', 'dnsenabled', '0'),
 	('system', 'dns_server', 'Bind'),
@@ -638,6 +642,7 @@ opcache.interned_strings_buffer'),
 	('system', 'nssextrausers', '0'),
 	('system', 'disable_le_selfcheck', '0'),
 	('system', 'ssl_protocols', 'TLSv1,TLSv1.2'),
+	('system', 'tlsv13_cipher_list', ''),
 	('system', 'logfiles_format', ''),
 	('system', 'logfiles_type', '1'),
 	('system', 'logfiles_piped', '0'),
@@ -680,8 +685,8 @@ opcache.interned_strings_buffer'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
 	('panel', 'customer_hide_options', ''),
 	('panel', 'is_configured', '0'),
-	('panel', 'version', '0.10.0-rc2'),
-	('panel', 'db_version', '201904250');
+	('panel', 'version', '0.10.1'),
+	('panel', 'db_version', '201910090');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;
@@ -871,7 +876,7 @@ CREATE TABLE `panel_phpconfigs` (
 
 INSERT INTO `panel_phpconfigs` (`id`, `description`, `binary`, `file_extensions`, `mod_fcgid_starter`, `mod_fcgid_maxrequests`, `phpsettings`) VALUES
 (1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = "{DOCUMENT_ROOT}"\r\n'),
-(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = ""\r\n');
+(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = ""\r\n');
 
 
 DROP TABLE IF EXISTS `cronjobs_run`;

install/install.php

@@ -15,6 +15,14 @@
  * @package    Install
  *
  */
+if (! file_exists(dirname(__DIR__) . '/vendor/autoload.php')) {
+	// get hint-template
+	$vendor_hint = file_get_contents(dirname(__DIR__) . '/templates/Sparkle/misc/vendormissinghint.tpl');
+	// replace values
+	$vendor_hint = str_replace("<FROXLOR_INSTALL_DIR>", dirname(__DIR__), $vendor_hint);
+	$vendor_hint = str_replace("<CURRENT_YEAR>", date('Y', time()), $vendor_hint);
+	die($vendor_hint);
+}
 require dirname(__DIR__) . '/vendor/autoload.php';
 require __DIR__ . '/lib/class.FroxlorInstall.php';
 

install/lib/class.FroxlorInstall.php

@@ -104,7 +104,7 @@ class FroxlorInstall
 		// check if we have a valid installation already
 		$this->_checkUserdataFile();
 		// include the MySQL-Table-Definitions
-		require $this->_basepath . '/lib/tables.inc.php';
+		require_once $this->_basepath . '/lib/tables.inc.php';
 		// include language
 		$this->_includeLanguageFile();
 		// show the action
@@ -407,6 +407,7 @@ class FroxlorInstall
 				`name` = 'Froxlor-Administrator',
 				`email` = :email,
 				`def_language` = :deflang,
+				`api_allowed` = 1,
 				`customers` = -1,
 				`customers_see_all` = 1,
 				`caneditphpsettings` = 1,
@@ -643,21 +644,8 @@ class FroxlorInstall
 
 		$mysql_access_host_array[] = $this->_data['serverip'];
 		foreach ($mysql_access_host_array as $mysql_access_host) {
-			$_db = str_replace('`', '', $this->_data['mysql_database']);
-			$stmt = $db_root->prepare("
-					GRANT ALL PRIVILEGES ON `" . $_db . "`.*
-					TO :username@:host
-					IDENTIFIED BY 'password'");
-			$stmt->execute(array(
-				"username" => $this->_data['mysql_unpriv_user'],
-				"host" => $mysql_access_host
-			));
-			$stmt = $db_root->prepare("SET PASSWORD FOR :username@:host = PASSWORD(:password)");
-			$stmt->execute(array(
-				"username" => $this->_data['mysql_unpriv_user'],
-				"host" => $mysql_access_host,
-				"password" => $this->_data['mysql_unpriv_pass']
-			));
+			$frox_db = str_replace('`', '', $this->_data['mysql_database']);
+			$this->_grantDbPrivilegesTo($db_root, $frox_db, $this->_data['mysql_unpriv_user'], $this->_data['mysql_unpriv_pass'], $mysql_access_host);
 		}
 
 		$db_root->query("FLUSH PRIVILEGES;");
@@ -667,6 +655,38 @@ class FroxlorInstall
 		return $content;
 	}
 
+	private function _grantDbPrivilegesTo(&$db_root, $database, $username, $password, $access_host)
+	{
+		// mysql8 compatibility
+		if (version_compare($db_root->getAttribute(\PDO::ATTR_SERVER_VERSION), '8.0.11', '>=')) {
+			// create user
+			$stmt = $db_root->prepare("
+				CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED BY :password
+			");
+			$stmt->execute(array(
+				"password" => $password
+			));
+			// grant privileges
+			$stmt = $db_root->prepare("
+				GRANT ALL ON `" . $database . "`.* TO :username@:host
+			");
+			$stmt->execute(array(
+				"username" => $username,
+				"host" => $access_host
+			));
+		} else {
+			// grant privileges
+			$stmt = $db_root->prepare("
+				GRANT ALL PRIVILEGES ON `" . $database . "`.* TO :username@:host IDENTIFIED BY :password
+			");
+			$stmt->execute(array(
+				"username" => $username,
+				"host" => $access_host,
+				"password" => $password
+			));
+		}
+	}
+
 	/**
 	 * Check if an old database exists and back it up if necessary
 	 *
@@ -944,11 +964,11 @@ class FroxlorInstall
 		// check for correct php version
 		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpversion']);
 
-		if (version_compare("5.6.0", PHP_VERSION, ">=")) {
+		if (version_compare("7.0.0", PHP_VERSION, ">=")) {
 			$content .= $this->_status_message('red', $this->_lng['requirements']['notfound'] . ' (' . PHP_VERSION . ')');
 			$_die = true;
 		} else {
-			if (version_compare("7.0.0", PHP_VERSION, ">=")) {
+			if (version_compare("7.1.0", PHP_VERSION, ">=")) {
 				$content .= $this->_status_message('orange', $this->_lng['requirements']['newerphpprefered'] . ' (' . PHP_VERSION . ')');
 			} else {
 				$content .= $this->_status_message('green', PHP_VERSION);
@@ -1060,12 +1080,13 @@ class FroxlorInstall
 	 */
 	private function _sendHeaders()
 	{
-		// no caching
-		header("Cache-Control: no-store, no-cache, must-revalidate");
-		header("Pragma: no-cache");
-		header('Last-Modified: ' . gmdate('D, d M Y H:i:s \G\M\T', time()));
-		header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time()));
-
+		if (@php_sapi_name() !== 'cli') {
+			// no caching
+			header("Cache-Control: no-store, no-cache, must-revalidate");
+			header("Pragma: no-cache");
+			header('Last-Modified: ' . gmdate('D, d M Y H:i:s \G\M\T', time()));
+			header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time()));
+		}
 		// ensure that default timezone is set
 		if (function_exists("date_default_timezone_set") && function_exists("date_default_timezone_get")) {
 			@date_default_timezone_set(@date_default_timezone_get());
@@ -1082,7 +1103,7 @@ class FroxlorInstall
 		if (file_exists($userdata)) {
 			// includes the usersettings (MySQL-Username/Passwort)
 			// to test if Froxlor is already installed
-			require $this->_basepath . '/lib/userdata.inc.php';
+			require_once $this->_basepath . '/lib/userdata.inc.php';
 
 			if (isset($sql) && is_array($sql)) {
 				// use sparkle theme for the notice
@@ -1126,7 +1147,7 @@ class FroxlorInstall
 		$lngfile = $this->_basepath . '/install/lng/' . $standardlanguage . '.lng.php';
 		if (file_exists($lngfile)) {
 			// includes file /lng/$language.lng.php if it exists
-			require $lngfile;
+			require_once $lngfile;
 			$this->_lng = $lng;
 		}
 
@@ -1135,7 +1156,7 @@ class FroxlorInstall
 			$lngfile = $this->_basepath . '/install/lng/' . $this->_activelng . '.lng.php';
 			if (file_exists($lngfile)) {
 				// includes file /lng/$language.lng.php if it exists
-				require $lngfile;
+				require_once $lngfile;
 				$this->_lng = $lng;
 			}
 		}

install/lng/english.lng.php

@@ -22,8 +22,8 @@ $lng['requirements']['not_true'] = 'no';
 $lng['requirements']['notfound'] = 'not found';
 $lng['requirements']['notinstalled'] = 'not installed';
 $lng['requirements']['activated'] = 'enabled';
-$lng['requirements']['phpversion'] = 'PHP version >= 5.6';
-$lng['requirements']['newerphpprefered'] = 'Good, but php-7.0 is prefered.';
+$lng['requirements']['phpversion'] = 'PHP version >= 7.0';
+$lng['requirements']['newerphpprefered'] = 'Good, but php-7.1 is prefered.';
 $lng['requirements']['phppdo'] = 'PHP PDO extension and PDO-MySQL driver...';
 $lng['requirements']['phpsession'] = 'PHP session-extension...';
 $lng['requirements']['phpctype'] = 'PHP ctype-extension...';

install/lng/french.lng.php

@@ -22,7 +22,7 @@ $lng['requirements']['not_true'] = 'non';
 $lng['requirements']['notfound'] = 'introuvable';
 $lng['requirements']['notinstalled'] = 'non installé';
 $lng['requirements']['activated'] = 'activé';
-$lng['requirements']['phpversion'] = 'PHP version >= 5.6';
+$lng['requirements']['phpversion'] = 'PHP version >= 7.0';
 $lng['requirements']['phppdo'] = 'extension PHP PDO et pilote PDO-MySQL ...';
 $lng['requirements']['phpxml'] = 'extension PHP XML...';
 $lng['requirements']['phpfilter'] = 'extension PHP filter ...';

install/lng/german.lng.php

@@ -22,8 +22,8 @@ $lng['requirements']['not_true'] = 'nein';
 $lng['requirements']['notfound'] = 'nicht gefunden';
 $lng['requirements']['notinstalled'] = 'nicht installiert';
 $lng['requirements']['activated'] = 'ist aktiviert.';
-$lng['requirements']['phpversion'] = 'PHP Version >= 5.6';
-$lng['requirements']['newerphpprefered'] = 'Passt, aber php-7.0 wird bevorzugt.';
+$lng['requirements']['phpversion'] = 'PHP Version >= 7.0';
+$lng['requirements']['newerphpprefered'] = 'Passt, aber php-7.1 wird bevorzugt.';
 $lng['requirements']['phppdo'] = 'PHP PDO Erweiterung und PDO-MySQL Treiber...';
 $lng['requirements']['phpsession'] = 'PHP session-Erweiterung...';
 $lng['requirements']['phpctype'] = 'PHP ctype-Erweiterung...';

install/updates/froxlor/0.10/update_0.10.inc.php

@@ -220,6 +220,14 @@ if (\Froxlor\Froxlor::isDatabaseVersion('201902120')) {
 		$domain_in = substr($domain_in, 0, - 1);
 		Database::query("DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` IN (" . $domain_in . ")");
 	}
+	// check for froxlor domain using let's encrypt
+	if (Settings::Get('system.le_froxlor_enabled') == 1) {
+		Database::query("DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'");
+	}
+	lastStepStatus(0);
+
+	showUpdateStep("Inserting job to regenerate configfiles");
+	\Froxlor\System\Cronjob::inserttask('1');
 	lastStepStatus(0);
 
 	\Froxlor\Froxlor::updateToDbVersion('201902170');
@@ -257,5 +265,97 @@ if (\Froxlor\Froxlor::isDatabaseVersion('201904100')) {
 }
 
 if (\Froxlor\Froxlor::isFroxlorVersion('0.10.0-rc1')) {
+	showUpdateStep("Updating from 0.10.0-rc1 to 0.10.0-rc2", false);
 	\Froxlor\Froxlor::updateToVersion('0.10.0-rc2');
 }
+
+if (\Froxlor\Froxlor::isDatabaseVersion('201904250')) {
+
+	showUpdateStep("Adding new settings for CAA");
+	Settings::AddNew('caa.caa_entry', '', true);
+	Settings::AddNew('system.dns_createcaaentry', 1, true);
+	lastStepStatus(0);
+
+	\Froxlor\Froxlor::updateToDbVersion('201907270');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('201907270')) {
+
+	showUpdateStep("Cleaning up old files");
+	$to_clean = array(
+		"actions/admin/settings/000.version.php",
+		"actions/admin/settings/190.ticket.php",
+		"admin_tickets.php",
+		"customer_tickets.php",
+		"install/scripts/language-check.php",
+		"install/updates/froxlor/upgrade_syscp.inc.php",
+		"lib/classes",
+		"lib/configfiles/precise.xml",
+		"lib/cron_init.php",
+		"lib/cron_shutdown.php",
+		"lib/formfields/admin/tickets",
+		"lib/formfields/customer/tickets",
+		"lib/functions.php",
+		"lib/functions",
+		"lib/navigation/10.tickets.php",
+		"scripts/classes",
+		"scripts/jobs",
+		"templates/Sparkle/admin/tickets",
+		"templates/Sparkle/customer/tickets"
+	);
+	$disabled = explode(',', ini_get('disable_functions'));
+	$exec_allowed = !in_array('exec', $disabled);
+	$del_list = "";
+	foreach ($to_clean as $filedir) {
+		$complete_filedir = \Froxlor\Froxlor::getInstallDir() . $filedir;
+		if (file_exists($complete_filedir)) {
+			if ($exec_allowed) {
+				Froxlor\FileDir::safe_exec("rm -rf " . escapeshellarg($complete_filedir));
+			} else {
+				$del_list .= "rm -rf " . escapeshellarg($complete_filedir) . PHP_EOL;
+			}
+		}
+	}
+	if ($exec_allowed) {
+		lastStepStatus(0);
+	} else {
+		if (empty($del_list)) {
+			// none of the files existed
+			lastStepStatus(0);
+		} else {
+			lastStepStatus(1, 'manual commands needed');
+			echo '<span class="update-step update-step-err">Please run the following commands manually:</span><br><pre>'.$del_list.'</pre><br>';
+		}
+	}
+
+	\Froxlor\Froxlor::updateToDbVersion('201909150');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.0-rc2')) {
+	showUpdateStep("Updating from 0.10.0-rc2 to 0.10.0 final", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.0');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('201909150')) {
+
+	showUpdateStep("Adding TLSv1.3-cipherlist setting");
+	Settings::AddNew("system.tlsv13_cipher_list", '');
+	lastStepStatus(0);
+
+	\Froxlor\Froxlor::updateToDbVersion('201910030');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('201910030')) {
+
+	showUpdateStep("Adding field api_allowed to admins and customers");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_ADMINS . "` ADD `api_allowed` tinyint(1) NOT NULL default '1';");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` ADD `api_allowed` tinyint(1) NOT NULL default '1';");
+	lastStepStatus(0);
+
+	\Froxlor\Froxlor::updateToDbVersion('201910090');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.0')) {
+        showUpdateStep("Updating from 0.10.0 to 0.10.1 final", false);
+        \Froxlor\Froxlor::updateToVersion('0.10.1');
+}

lib/Froxlor/Api/Commands/Admins.php

@@ -97,6 +97,8 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 *        	optional, default auto-generated
 	 * @param string $def_language
 	 *        	optional, default is system-default language
+	 * @param bool $api_allowed
+	 *        	optional, default is true if system setting api.enabled is true, else false
 	 * @param string $custom_notes
 	 *        	optional, default empty
 	 * @param bool $custom_notes_show
@@ -171,6 +173,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 
 			// parameters
 			$def_language = $this->getParam('def_language', true, Settings::Get('panel.standardlanguage'));
+			$api_allowed = $this->getBoolParam('api_allowed', true, Settings::Get('api.enabled'));
 			$custom_notes = $this->getParam('custom_notes', true, '');
 			$custom_notes_show = $this->getBoolParam('custom_notes_show', true, 0);
 			$password = $this->getParam('admin_password', true, '');
@@ -271,6 +274,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 					'name' => $name,
 					'email' => $email,
 					'lang' => $def_language,
+					'api_allowed' => $api_allowed,
 					'change_serversettings' => $change_serversettings,
 					'customers' => $customers,
 					'customers_see_all' => $customers_see_all,
@@ -299,6 +303,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 					`name` = :name,
 					`email` = :email,
 					`def_language` = :lang,
+					`api_allowed` = :api_allowed,
 					`change_serversettings` = :change_serversettings,
 					`customers` = :customers,
 					`customers_see_all` = :customers_see_all,
@@ -350,6 +355,8 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 *        	optional, default auto-generated
 	 * @param string $def_language
 	 *        	optional, default is system-default language
+	 * @param bool $api_allowed
+	 *        	optional, default is true if system setting api.enabled is true, else false
 	 * @param string $custom_notes
 	 *        	optional, default empty
 	 * @param string $theme
@@ -444,6 +451,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 
 				// you cannot edit some of the details of yourself
 				if ($result['adminid'] == $this->getUserDetail('adminid')) {
+					$api_allowed = $result['api_allowed'];
 					$deactivated = $result['deactivated'];
 					$customers = $result['customers'];
 					$domains = $result['domains'];
@@ -462,6 +470,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 					$traffic = $result['traffic'];
 					$ipaddress = ($result['ip'] != - 1 ? json_decode($result['ip'], true) : - 1);
 				} else {
+					$api_allowed = $this->getBoolParam('api_allowed', true, $result['api_allowed']);
 					$deactivated = $this->getBoolParam('deactivated', true, $result['deactivated']);
 
 					$dec_places = Settings::Get('panel.decimal_places');
@@ -578,6 +587,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 						'name' => $name,
 						'email' => $email,
 						'lang' => $def_language,
+						'api_allowed' => $api_allowed,
 						'change_serversettings' => $change_serversettings,
 						'customers' => $customers,
 						'customers_see_all' => $customers_see_all,
@@ -607,6 +617,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 						`name` = :name,
 						`email` = :email,
 						`def_language` = :lang,
+						`api_allowed` = :api_allowed,
 						`change_serversettings` = :change_serversettings,
 						`customers` = :customers,
 						`customers_see_all` = :customers_see_all,
@@ -793,7 +804,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 * @param string $extra
 	 *        	optional, default empty
 	 * @param int $increase_by
-	 *              optional, default 1
+	 *        	optional, default 1
 	 */
 	public static function increaseUsage($adminid = 0, $resource = null, $extra = '', $increase_by = 1)
 	{
@@ -808,7 +819,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 * @param string $extra
 	 *        	optional, default empty
 	 * @param int $decrease_by
-	 *              optional, default 1
+	 *        	optional, default 1
 	 */
 	public static function decreaseUsage($adminid = 0, $resource = null, $extra = '', $decrease_by = 1)
 	{

lib/Froxlor/Api/Commands/Certificates.php

@@ -63,10 +63,19 @@ class Certificates extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 		$ssl_cert_chainfile = $this->getParam('ssl_cert_chainfile', true, '');
 
 		// validate whether the domain does not already have an entry
-		$result = $this->apiCall('Certificates.get', array(
-			'id' => $domainid
-		));
-		if (empty($result)) {
+		$has_cert = true;
+		try {
+			$this->apiCall('Certificates.get', array(
+				'id' => $domainid
+			));
+		} catch (\Exception $e) {
+			if ($e->getCode() == 412) {
+				$has_cert = false;
+			} else {
+				throw $e;
+			}
+		}
+		if (!$has_cert) {
 			$this->addOrUpdateCertificate($domain['id'], $ssl_cert_file, $ssl_key_file, $ssl_ca_file, $ssl_cert_chainfile, true);
 			$this->logger()->logAction($this->isAdmin() ? \Froxlor\FroxlorLogger::ADM_ACTION : \Froxlor\FroxlorLogger::USR_ACTION, LOG_INFO, "[API] added ssl-certificate for '" . $domain['domain'] . "'");
 			$result = $this->apiCall('Certificates.get', array(
@@ -110,6 +119,9 @@ class Certificates extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 		$result = Database::pexecute_first($stmt, array(
 			"domainid" => $domainid
 		));
+		if (! $result) {
+			throw new \Exception("Domain '" . $domain['domain'] . "' does not have a certificate.", 412);
+		}
 		return $this->response(200, "successfull", $result);
 	}
 
@@ -271,6 +283,7 @@ class Certificates extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 		throw new \Exception("Unable to determine SSL certificate. Maybe no access?", 406);
 	}
 
+
 	/**
 	 * insert or update certificates entry
 	 *
@@ -292,6 +305,7 @@ class Certificates extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 		}
 
 		$do_verify = true;
+		$expirationdate = null;
 		// no cert-file given -> forget everything
 		if ($ssl_cert_file == '') {
 			$ssl_key_file = '';
@@ -332,6 +346,7 @@ class Certificates extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 			} else {
 				\Froxlor\UI\Response::standard_error('sslcertificateinvalidcert', '', true);
 			}
+			$expirationdate = empty($cert_content['validTo_time_t']) ? null : date("Y-m-d H:i:s", $cert_content['validTo_time_t']);
 		}
 
 		// Add/Update database entry
@@ -345,7 +360,8 @@ class Certificates extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 			`ssl_cert_file` = :ssl_cert_file,
 			`ssl_key_file` = :ssl_key_file,
 			`ssl_ca_file` = :ssl_ca_file,
-			`ssl_cert_chainfile` = :ssl_cert_chainfile
+			`ssl_cert_chainfile` = :ssl_cert_chainfile,
+			`expirationdate` = :expirationdate
 			" . $qrywhere . " `domainid`= :domainid
 		");
 		$params = array(
@@ -353,6 +369,7 @@ class Certificates extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 			"ssl_key_file" => $ssl_key_file,
 			"ssl_ca_file" => $ssl_ca_file,
 			"ssl_cert_chainfile" => $ssl_cert_chainfile,
+			"expirationdate" => $expirationdate,
 			"domainid" => $domainid
 		);
 		Database::pexecute($stmt, $params, true, true);

lib/Froxlor/Api/Commands/Customers.php

@@ -136,6 +136,8 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 	 *        	optional
 	 * @param string $def_language,
 	 *        	optional, default is system-default language
+	 * @param bool $api_allowed
+	 *        	optional, default is true if system setting api.enabled is true, else false
 	 * @param int $gender
 	 *        	optional, 0 = no-gender, 1 = male, 2 = female
 	 * @param string $custom_notes
@@ -197,11 +199,13 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 	 * @param bool $perlenabled
 	 *        	optional, whether to allow usage of Perl/CGI, default 0 (false)
 	 * @param bool $dnsenabled
-	 *        	optional, ether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
+	 *        	optional, wether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
 	 * @param bool $logviewenabled
-	 *        	optional, ether to allow acccess to webserver access/error-logs, default 0 (false)
+	 *        	optional, wether to allow acccess to webserver access/error-logs, default 0 (false)
 	 * @param bool $store_defaultindex
 	 *        	optional, whether to store the default index file to customers homedir
+	 * @param int $hosting_plan_id
+	 *        	optional, specify a hosting-plan to set certain resource-values from the plan instead of specifying them
 	 *        	
 	 * @access admin
 	 * @throws \Exception
@@ -227,32 +231,61 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 				$fax = $this->getParam('fax', true, '');
 				$customernumber = $this->getParam('customernumber', true, '');
 				$def_language = $this->getParam('def_language', true, Settings::Get('panel.standardlanguage'));
+				$api_allowed = $this->getBoolParam('api_allowed', true, Settings::Get('api.enabled'));
 				$gender = (int) $this->getParam('gender', true, 0);
 				$custom_notes = $this->getParam('custom_notes', true, '');
 				$custom_notes_show = $this->getBoolParam('custom_notes_show', true, 0);
-
-				$diskspace = $this->getUlParam('diskspace', 'diskspace_ul', true, 0);
-				$traffic = $this->getUlParam('traffic', 'traffic_ul', true, 0);
-				$subdomains = $this->getUlParam('subdomains', 'subdomains_ul', true, 0);
-				$emails = $this->getUlParam('emails', 'emails_ul', true, 0);
-				$email_accounts = $this->getUlParam('email_accounts', 'email_accounts_ul', true, 0);
-				$email_forwarders = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, 0);
-				$email_quota = $this->getUlParam('email_quota', 'email_quota_ul', true, Settings::Get('system.mail_quota'));
-				$email_imap = $this->getBoolParam('email_imap', true, 0);
-				$email_pop3 = $this->getBoolParam('email_pop3', true, 0);
-				$ftps = $this->getUlParam('ftps', 'ftps_ul', true, 0);
-				$mysqls = $this->getUlParam('mysqls', 'mysqls_ul', true, 0);
 				$createstdsubdomain = $this->getBoolParam('createstdsubdomain', true, 0);
 				$password = $this->getParam('new_customer_password', true, '');
 				$sendpassword = $this->getBoolParam('sendpassword', true, 0);
-				$phpenabled = $this->getBoolParam('phpenabled', true, 0);
-				$p_allowed_phpconfigs = $this->getParam('allowed_phpconfigs', true, array());
-				$perlenabled = $this->getBoolParam('perlenabled', true, 0);
-				$dnsenabled = $this->getBoolParam('dnsenabled', true, 0);
-				$logviewenabled = $this->getBoolParam('logviewenabled', true, 0);
 				$store_defaultindex = $this->getBoolParam('store_defaultindex', true, 0);
 				$loginname = $this->getParam('new_loginname', true, '');
 
+				// hosting-plan values
+				$hosting_plan_id = $this->getParam('hosting_plan_id', true, 0);
+				if ($hosting_plan_id > 0) {
+					$hp_result = $this->apiCall('HostingPlans.get', array(
+						'id' => $hosting_plan_id
+					));
+					$hp_result['value'] = json_decode($hp_result['value'], true);
+					foreach ($hp_result['value'] as $index => $value) {
+						$hp_result[$index] = $value;
+					}
+					$diskspace = $hp_result['diskspace'] ?? 0;
+					$traffic = $hp_result['traffic'] ?? 0;
+					$subdomains = $hp_result['subdomains'] ?? 0;
+					$emails = $hp_result['emails'] ?? 0;
+					$email_accounts = $hp_result['email_accounts'] ?? 0;
+					$email_forwarders = $hp_result['email_forwarders'] ?? 0;
+					$email_quota = $hp_result['email_quota'] ?? Settings::Get('system.mail_quota');
+					$email_imap = $hp_result['email_imap'] ?? 0;
+					$email_pop3 = $hp_result['email_pop3'] ?? 0;
+					$ftps = $hp_result['ftps'] ?? 0;
+					$mysqls = $hp_result['mysqls'] ?? 0;
+					$phpenabled = $hp_result['phpenabled'] ?? 0;
+					$p_allowed_phpconfigs = $hp_result['allowed_phpconfigs'] ?? 0;
+					$perlenabled = $hp_result['perlenabled'] ?? 0;
+					$dnsenabled = $hp_result['dnsenabled'] ?? 0;
+					$logviewenabled = $hp_result['logviewenabled'] ?? 0;
+				} else {
+					$diskspace = $this->getUlParam('diskspace', 'diskspace_ul', true, 0);
+					$traffic = $this->getUlParam('traffic', 'traffic_ul', true, 0);
+					$subdomains = $this->getUlParam('subdomains', 'subdomains_ul', true, 0);
+					$emails = $this->getUlParam('emails', 'emails_ul', true, 0);
+					$email_accounts = $this->getUlParam('email_accounts', 'email_accounts_ul', true, 0);
+					$email_forwarders = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, 0);
+					$email_quota = $this->getUlParam('email_quota', 'email_quota_ul', true, Settings::Get('system.mail_quota'));
+					$email_imap = $this->getBoolParam('email_imap', true, 0);
+					$email_pop3 = $this->getBoolParam('email_pop3', true, 0);
+					$ftps = $this->getUlParam('ftps', 'ftps_ul', true, 0);
+					$mysqls = $this->getUlParam('mysqls', 'mysqls_ul', true, 0);
+					$phpenabled = $this->getBoolParam('phpenabled', true, 0);
+					$p_allowed_phpconfigs = $this->getParam('allowed_phpconfigs', true, array());
+					$perlenabled = $this->getBoolParam('perlenabled', true, 0);
+					$dnsenabled = $this->getBoolParam('dnsenabled', true, 0);
+					$logviewenabled = $this->getBoolParam('logviewenabled', true, 0);
+				}
+
 				// validation
 				$name = \Froxlor\Validate\Validate::validate($name, 'name', '', '', array(), true);
 				$firstname = \Froxlor\Validate\Validate::validate($firstname, 'first name', '', '', array(), true);
@@ -340,11 +373,12 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 						'login' => $loginname
 					), true, true);
 
+					$mysql_maxlen = \Froxlor\Database\Database::getSqlUsernameLength() - strlen(Settings::Get('customer.mysqlprefix'));
 					if (strtolower($loginname_check['loginname']) == strtolower($loginname) || strtolower($loginname_check_admin['loginname']) == strtolower($loginname)) {
 						\Froxlor\UI\Response::standard_error('loginnameexists', $loginname, true);
-					} elseif (! \Froxlor\Validate\Validate::validateUsername($loginname, Settings::Get('panel.unix_names'), 14 - strlen(Settings::Get('customer.mysqlprefix')))) {
-						if (strlen($loginname) > 14 - strlen(Settings::Get('customer.mysqlprefix'))) {
-							\Froxlor\UI\Response::standard_error('loginnameiswrong2', 14 - strlen(Settings::Get('customer.mysqlprefix')), true);
+					} elseif (! \Froxlor\Validate\Validate::validateUsername($loginname, Settings::Get('panel.unix_names'), $mysql_maxlen)) {
+						if (strlen($loginname) > $mysql_maxlen) {
+							\Froxlor\UI\Response::standard_error('loginnameiswrong2', $mysql_maxlen, true);
 						} else {
 							\Froxlor\UI\Response::standard_error('loginnameiswrong', $loginname, true);
 						}
@@ -357,26 +391,6 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 						\Froxlor\UI\Response::standard_error('documentrootexists', $documentroot, true);
 					}
 
-					if ($createstdsubdomain != '1') {
-						$createstdsubdomain = '0';
-					}
-
-					if ($phpenabled != '0') {
-						$phpenabled = '1';
-					}
-
-					if ($perlenabled != '0') {
-						$perlenabled = '1';
-					}
-
-					if ($dnsenabled != '0') {
-						$dnsenabled = '1';
-					}
-
-					if ($logviewenabled != '0') {
-						$logviewenabled = '1';
-					}
-
 					if ($password == '') {
 						$password = \Froxlor\System\Crypt::generatePassword();
 					}
@@ -399,6 +413,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 						'email' => $email,
 						'customerno' => $customernumber,
 						'lang' => $def_language,
+						'api_allowed' => $api_allowed,
 						'docroot' => $documentroot,
 						'guid' => $guid,
 						'diskspace' => $diskspace,
@@ -439,6 +454,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 						`email` = :email,
 						`customernumber` = :customerno,
 						`def_language` = :lang,
+						`api_allowed` = :api_allowed,
 						`documentroot` = :docroot,
 						`guid` = :guid,
 						`diskspace` = :diskspace,
@@ -542,37 +558,14 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 					Database::pexecute($ins_stmt, $ins_data, true, true);
 
 					\Froxlor\System\Cronjob::inserttask('1');
-					$cryptPassword = \Froxlor\System\Crypt::makeCryptPassword($password);
-					// add FTP-User
-					// @fixme use Ftp-ApiCommand later
-					$ins_stmt = Database::prepare("
-						INSERT INTO `" . TABLE_FTP_USERS . "` SET `customerid` = :customerid, `username` = :username, `description` = :desc,
-						`password` = :passwd, `homedir` = :homedir, `login_enabled` = 'y', `uid` = :guid, `gid` = :guid
-					");
-					$ins_data = array(
-						'customerid' => $customerid,
-						'username' => $loginname,
-						'passwd' => $cryptPassword,
-						'homedir' => $documentroot,
-						'guid' => $guid,
-						'desc' => "Default"
-					);
-					Database::pexecute($ins_stmt, $ins_data, true, true);
-					// add FTP-Group
-					// @fixme use Ftp-ApiCommand later
-					$ins_stmt = Database::prepare("
-						INSERT INTO `" . TABLE_FTP_GROUPS . "` SET `customerid` = :customerid, `groupname` = :groupname, `gid` = :guid, `members` = :members
-					");
-					$ins_data = array(
-						'customerid' => $customerid,
-						'groupname' => $loginname,
-						'guid' => $guid,
-						'members' => $loginname . ',' . Settings::Get('system.httpuser')
-					);
 
+					// add default FTP-User
 					// also, add froxlor-local user to ftp-group (if exists!) to
 					// allow access to customer-directories from within the panel, which
 					// is necessary when pathedit = Dropdown
+					$local_users = array(
+						Settings::Get('system.httpuser')
+					);
 					if ((int) Settings::Get('system.mod_fcgid_ownvhost') == 1 || (int) Settings::Get('phpfpm.enabled_ownvhost') == 1) {
 						if ((int) Settings::Get('system.mod_fcgid') == 1) {
 							$local_user = Settings::Get('system.mod_fcgid_httpuser');
@@ -581,22 +574,20 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 						}
 						// check froxlor-local user membership in ftp-group
 						// without this check addition may duplicate user in list if httpuser == local_user
-						if (strpos($ins_data['members'], $local_user) == false) {
-							$ins_data['members'] .= ',' . $local_user;
+						if (in_array($local_user, $local_users) == false) {
+							$local_users[] = $local_user;
 						}
 					}
-					Database::pexecute($ins_stmt, $ins_data, true, true);
-
-					// FTP-Quotatallies
-					// @fixme use Ftp-ApiCommand later
-					$ins_stmt = Database::prepare("
-						INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "` SET `name` = :name, `quota_type` = 'user', `bytes_in_used` = '0',
-						`bytes_out_used` = '0', `bytes_xfer_used` = '0', `files_in_used` = '0', `files_out_used` = '0', `files_xfer_used` = '0'
-					");
-					Database::pexecute($ins_stmt, array(
-						'name' => $loginname
-					), true, true);
-					$this->logger()->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] automatically added ftp-account for user '" . $loginname . "'");
+					$this->apiCall('Ftps.add', array(
+						'customerid' => $customerid,
+						'path' => '/',
+						'ftp_password' => $password,
+						'ftp_description' => "Default",
+						'sendinfomail' => 0,
+						'ftp_username' => $loginname,
+						'additional_members' => $local_users,
+						'is_defaultuser' => 1
+					));
 
 					$_stdsubdomain = '';
 					if ($createstdsubdomain == '1') {
@@ -749,6 +740,8 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 	 *        	optional
 	 * @param string $def_language,
 	 *        	optional, default is system-default language
+	 * @param bool $api_allowed
+	 *        	optional, default is true if system setting api.enabled is true, else false
 	 * @param int $gender
 	 *        	optional, 0 = no-gender, 1 = male, 2 = female
 	 * @param string $custom_notes
@@ -851,6 +844,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 			$fax = $this->getParam('fax', true, $result['fax']);
 			$customernumber = $this->getParam('customernumber', true, $result['customernumber']);
 			$def_language = $this->getParam('def_language', true, $result['def_language']);
+			$api_allowed = $this->getBoolParam('api_allowed', true, $result['api_allowed']);
 			$gender = (int) $this->getParam('gender', true, $result['gender']);
 			$custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']);
 			$custom_notes_show = $this->getBoolParam('custom_notes_show', true, $result['custom_notes_show']);
@@ -897,7 +891,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 			$email = $idna_convert->encode(\Froxlor\Validate\Validate::validate($email, 'email', '', '', array(), true));
 			$customernumber = \Froxlor\Validate\Validate::validate($customernumber, 'customer number', '/^[A-Za-z0-9 \-]*$/Di', '', array(), true);
 			$custom_notes = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true);
-			if (!empty($allowed_phpconfigs)) {
+			if (! empty($allowed_phpconfigs)) {
 				$allowed_phpconfigs = array_map('intval', $allowed_phpconfigs);
 			}
 		}
@@ -993,30 +987,10 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 				\Froxlor\System\Cronjob::inserttask('1');
 			}
 
-			if ($deactivated != '1') {
-				$deactivated = '0';
-			}
-
-			if ($phpenabled != '0') {
-				$phpenabled = '1';
-			}
-
-			if ($perlenabled != '0') {
-				$perlenabled = '1';
-			}
-
-			if ($dnsenabled != '0') {
-				$dnsenabled = '1';
-			}
-
 			if ($phpenabled != $result['phpenabled'] || $perlenabled != $result['perlenabled']) {
 				\Froxlor\System\Cronjob::inserttask('1');
 			}
 
-			if ($logviewenabled != '0') {
-				$logviewenabled = '1';
-			}
-
 			// activate/deactivate customer services
 			if ($deactivated != $result['deactivated']) {
 
@@ -1061,6 +1035,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 				$dbm = new \Froxlor\Database\DbManager($this->logger());
 
 				// For each of them
+				$priv_changed = false;
 				while ($row_database = $databases_stmt->fetch(\PDO::FETCH_ASSOC)) {
 
 					if ($last_dbserver != $row_database['dbserver']) {
@@ -1081,10 +1056,13 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 							$dbm->getManager()->enableUser($row_database['databasename'], $mysql_access_host);
 						}
 					}
+					$priv_changed = true;
 				}
 
 				// At last flush the new privileges
-				$dbm->getManager()->flushPrivileges();
+				if ($priv_changed) {
+					$dbm->getManager()->flushPrivileges();
+				}
 				Database::needRoot(false);
 
 				// reactivate/deactivate api-keys
@@ -1156,7 +1134,8 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 				'dnsenabled' => $dnsenabled,
 				'logviewenabled' => $logviewenabled,
 				'custom_notes' => $custom_notes,
-				'custom_notes_show' => $custom_notes_show
+				'custom_notes_show' => $custom_notes_show,
+				'api_allowed' => $api_allowed
 			);
 			$upd_data = $upd_data + $admin_upd_data;
 		}
@@ -1197,7 +1176,8 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 				`dnsenabled` = :dnsenabled,
 				`logviewenabled` = :logviewenabled,
 				`custom_notes` = :custom_notes,
-				`custom_notes_show` = :custom_notes_show";
+				`custom_notes_show` = :custom_notes_show,
+				`api_allowed` = :api_allowed";
 			$upd_query .= $admin_upd_query;
 		}
 		$upd_query .= " WHERE `customerid` = :customerid";
@@ -1365,6 +1345,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 
 			$dbm = new \Froxlor\Database\DbManager($this->logger());
 
+			$priv_changed = false;
 			while ($row_database = $databases_stmt->fetch(\PDO::FETCH_ASSOC)) {
 				if ($last_dbserver != $row_database['dbserver']) {
 					Database::needRoot(true, $row_database['dbserver']);
@@ -1372,8 +1353,11 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 					$last_dbserver = $row_database['dbserver'];
 				}
 				$dbm->getManager()->deleteDatabase($row_database['databasename']);
+				$priv_changed = true;
+			}
+			if ($priv_changed) {
+				$dbm->getManager()->flushPrivileges();
 			}
-			$dbm->getManager()->flushPrivileges();
 			Database::needRoot(false);
 
 			// delete customer itself

lib/Froxlor/Api/Commands/DirOptions.php

@@ -394,7 +394,7 @@ class DirOptions extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 	{
 		if ($errdoc !== null && $errdoc != '') {
 			// not a URL
-			if ((strtoupper(substr($errdoc, 0, 5)) != 'HTTP:' && strtoupper(substr($errdoc, 0, 6)) != 'HTTPS:') || ! \Froxlor\Validate\Form\Data::validateUrl($errdoc)) {
+			if ((strtoupper(substr($errdoc, 0, 5)) != 'HTTP:' && strtoupper(substr($errdoc, 0, 6)) != 'HTTPS:') || ! \Froxlor\Validate\Validate::validateUrl($errdoc)) {
 				// a file
 				if (substr($errdoc, 0, 1) != '"') {
 					$errdoc = \Froxlor\FileDir::makeCorrectFile($errdoc);

lib/Froxlor/Api/Commands/DomainZones.php

@@ -138,6 +138,43 @@ class DomainZones extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 			$errors[] = $this->lng['error']['dns_arec_noipv4'];
 		} elseif ($type == 'AAAA' && filter_var($content, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === false) {
 			$errors[] = $this->lng['error']['dns_aaaarec_noipv6'];
+		} elseif ($type == 'CAA' && ! empty($content)) {
+			$re = '/(?\'critical\'\d)\h*(?\'type\'iodef|issue|issuewild)\h*(?\'value\'(?\'issuevalue\'"(?\'domain\'(?=.{3,128}$)(?>(?>[a-zA-Z0-9]+[a-zA-Z0-9-]*[a-zA-Z0-9]+|[a-zA-Z0-9]+)\.)*(?>[a-zA-Z]{2,}|[a-zA-Z0-9]{2,}\.[a-zA-Z]{2,}))[;\h]*(?\'parameters\'(?>[a-zA-Z0-9]{1,60}=[a-zA-Z0-9]{1,60}\h*)+)?")|(?\'iodefvalue\'"(?\'url\'(mailto:.*|http:\/\/.*|https:\/\/.*))"))/';
+			preg_match($re, $content, $matches);
+
+			if (empty($matches)) {
+				$errors[] = $this->lng['error']['dns_content_invalid'];
+			} elseif (($matches['type'] == 'issue' || $matches['type'] == 'issuewild') && !\Froxlor\Validate\Validate::validateDomain($matches['domain'])) {
+				$errors[] = $this->lng['error']['dns_content_invalid'];
+			} elseif ($matches['type'] == 'iodef' && !\Froxlor\Validate\Validate::validateUrl($matches['url'])) {
+				$errors[] = $this->lng['error']['dns_content_invalid'];
+			} else {
+				$content = $matches[0];
+			}
+		} elseif ($type == 'CNAME' || $type == 'DNAME') {
+			// check for trailing dot
+			if (substr($content, - 1) == '.') {
+				// remove it for checks
+				$content = substr($content, 0, - 1);
+			} else {
+				// add domain name
+				$content .= '.' . $domain;
+			}
+			if (! \Froxlor\Validate\Validate::validateDomain($content, true)) {
+				$errors[] = $this->lng['error']['dns_cname_invaliddom'];
+			} else {
+				// check whether there are RR-records for the same resource
+				foreach ($dom_entries as $existing_entries) {
+					if (($existing_entries['type'] == 'A' || $existing_entries['type'] == 'AAAA' || $existing_entries['type'] == 'MX' || $existing_entries['type'] == 'NS') && $existing_entries['record'] == $record) {
+						$errors[] = $this->lng['error']['dns_cname_nomorerr'];
+						break;
+					}
+				}
+			}
+			// append trailing dot (again)
+			$content .= '.';
+		} elseif ($type == 'LOC' && ! empty($content)) {
+			$content = $content;
 		} elseif ($type == 'MX') {
 			if ($prio === null || $prio < 0) {
 				$errors[] = $this->lng['error']['dns_mx_prioempty'];
@@ -161,28 +198,6 @@ class DomainZones extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 			}
 			// append trailing dot (again)
 			$content .= '.';
-		} elseif ($type == 'CNAME') {
-			// check for trailing dot
-			if (substr($content, - 1) == '.') {
-				// remove it for checks
-				$content = substr($content, 0, - 1);
-			} else {
-				// add domain name
-				$content .= '.' . $domain;
-			}
-			if (! \Froxlor\Validate\Validate::validateDomain($content, true)) {
-				$errors[] = $this->lng['error']['dns_cname_invaliddom'];
-			} else {
-				// check whether there are RR-records for the same resource
-				foreach ($dom_entries as $existing_entries) {
-					if (($existing_entries['type'] == 'A' || $existing_entries['type'] == 'AAAA' || $existing_entries['type'] == 'MX' || $existing_entries['type'] == 'NS') && $existing_entries['record'] == $record) {
-						$errors[] = $this->lng['error']['dns_cname_nomorerr'];
-						break;
-					}
-				}
-			}
-			// append trailing dot (again)
-			$content .= '.';
 		} elseif ($type == 'NS') {
 			// check for trailing dot
 			if (substr($content, - 1) == '.') {
@@ -194,9 +209,8 @@ class DomainZones extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 			}
 			// append trailing dot (again)
 			$content .= '.';
-		} elseif ($type == 'TXT' && ! empty($content)) {
-			// check that TXT content is enclosed in " "
-			$content = \Froxlor\Dns\Dns::encloseTXTContent($content);
+		} elseif ($type == 'RP' && ! empty($content)) {
+			$content = $content;
 		} elseif ($type == 'SRV') {
 			if ($prio === null || $prio < 0) {
 				$errors[] = $this->lng['error']['dns_srv_prioempty'];
@@ -232,6 +246,11 @@ class DomainZones extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 			if (substr($content, - 1) != '.') {
 				$content .= '.';
 			}
+		} elseif ($type == 'SSHFP' && ! empty($content)) {
+			$content = $content;
+		} elseif ($type == 'TXT' && ! empty($content)) {
+			// check that TXT content is enclosed in " "
+			$content = \Froxlor\Dns\Dns::encloseTXTContent($content);
 		}
 
 		$new_entry = array(

lib/Froxlor/Api/Commands/Domains.php

@@ -119,8 +119,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 *        	optional, default is the calling admin's ID
 	 * @param array $ipandport
 	 *        	optional list of ip/ports to assign to domain, default is system-default-ips
-	 * @param bool $subcanemaildomain
-	 *        	optional, allow subdomains of this domain as email domains, default 0 (false)
+	 * @param int $subcanemaildomain
+	 *        	optional, allow subdomains of this domain as email domains, 1 = choosable (default no), 2 = choosable (default yes), 3 = always, default 0 (never)
 	 * @param bool $isemaildomain
 	 *        	optional, allow email usage with this domain, default 0 (false)
 	 * @param bool $email_only
@@ -170,7 +170,9 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 * @param bool $letsencrypt
 	 *        	optional, whether to generate a Let's Encrypt certificate for this domain, default false; requires SSL to be enabled
 	 * @param array $ssl_ipandport
-	 *        	optional, list of ssl-enabled ip/port id's to assign to this domain
+	 *        	optional, list of ssl-enabled ip/port id's to assign to this domain, default empty
+	 * @param bool $use_default_ssl_ipandport_if_empty
+	 *        	optional, set the systems default ssl ip addresses if none are given via $ssl_ipandport parameter
 	 * @param bool $http2
 	 *        	optional, whether to enable http/2 for this domain (requires to be enabled in the settings), default 0 (false)
 	 * @param int $hsts_maxage
@@ -223,7 +225,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 				$mod_fcgid_maxrequests = $this->getParam('mod_fcgid_maxrequests', true, - 1);
 				$ssl_redirect = $this->getBoolParam('ssl_redirect', true, 0);
 				$letsencrypt = $this->getBoolParam('letsencrypt', true, 0);
-				$p_ssl_ipandports = $this->getParam('ssl_ipandport', true, explode(',', Settings::Get('system.defaultsslip')));
+				$use_default_ssl_ipandport_if_empty = $this->getBoolParam('use_default_ssl_ipandport_if_empty', true, 0);
+				$p_ssl_ipandports = $this->getParam('ssl_ipandport', true, $use_default_ssl_ipandport_if_empty ? explode(',', Settings::Get('system.defaultsslip')) : array());
 				$http2 = $this->getBoolParam('http2', true, 0);
 				$hsts_maxage = $this->getParam('hsts_maxage', true, 0);
 				$hsts_sub = $this->getBoolParam('hsts_sub', true, 0);
@@ -670,8 +673,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 *        	optional, default is the calling admin's ID
 	 * @param array $ipandport
 	 *        	optional list of ip/ports to assign to domain, default is system-default-ips
-	 * @param bool $subcanemaildomain
-	 *        	optional, allow subdomains of this domain as email domains, default 0 (false)
+	 * @param int $subcanemaildomain
+	 *        	optional, allow subdomains of this domain as email domains, 1 = choosable (default no), 2 = choosable (default yes), 3 = always, default 0 (never)
 	 * @param bool $isemaildomain
 	 *        	optional, allow email usage with this domain, default 0 (false)
 	 * @param bool $email_only
@@ -764,7 +767,7 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 			$customerid = intval($this->getParam('customerid', true, $result['customerid']));
 			$adminid = intval($this->getParam('adminid', true, $result['adminid']));
 
-			$subcanemaildomain = $this->getBoolParam('subcanemaildomain', true, $result['subcanemaildomain']);
+			$subcanemaildomain = $this->getParam('subcanemaildomain', true, $result['subcanemaildomain']);
 			$isemaildomain = $this->getBoolParam('isemaildomain', true, $result['isemaildomain']);
 			$email_only = $this->getBoolParam('email_only', true, $result['email_only']);
 			$p_serveraliasoption = $this->getParam('selectserveralias', true, - 1);
@@ -1447,14 +1450,15 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 					}
 				}
 			}
-			if ($result['aliasdomain'] != $aliasdomain) {
+			if ($result['aliasdomain'] != $aliasdomain && is_numeric($result['aliasdomain'])) {
 				// trigger when domain id for alias destination has changed: both for old and new destination
 				\Froxlor\Domain\Domain::triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $this->logger());
 				\Froxlor\Domain\Domain::triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $this->logger());
-			} elseif ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
+			}
+			if ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
 				// or when wwwserveralias or letsencrypt was changed
 				\Froxlor\Domain\Domain::triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $this->logger());
-				if ($aliasdomain === 0) {
+				if ((int) $aliasdomain === 0) {
 					// in case the wwwserveralias is set on a main domain, $aliasdomain is 0
 					// --> the call just above to triggerLetsEncryptCSRForAliasDestinationDomain
 					// is a noop...let's repeat it with the domain id of the main domain
@@ -1462,7 +1466,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 				}
 			}
 
-			$this->logger()->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_WARNING, "[API] updated domain '" . $result['domain'] . "'");
+			$idna_convert = new \Froxlor\Idna\IdnaWrapper();
+			$this->logger()->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_WARNING, "[API] updated domain '" . $idna_convert->decode($result['domain']) . "'");
 			return $this->response(200, "successfull", $update_data);
 		}
 		throw new \Exception("Not allowed to execute given command.", 403);
@@ -1616,6 +1621,9 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 			// remove domains DNS from powerDNS if used, #581
 			\Froxlor\System\Cronjob::inserttask('11', $result['domain']);
 
+			// remove domain from acme.sh / lets encrypt if used
+			\Froxlor\System\Cronjob::inserttask('12', $result['domain']);
+
 			$this->logger()->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] deleted domain/subdomains (#" . $result['id'] . ")");
 			\Froxlor\User::updateCounters();
 			\Froxlor\System\Cronjob::inserttask('1');
@@ -1633,7 +1641,7 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 * @param boolean $ssl
 	 *        	default false
 	 * @param int $edit_id
-	 *          default 0
+	 *        	default 0
 	 *        	
 	 * @throws \Exception
 	 * @return array

lib/Froxlor/Api/Commands/EmailAccounts.php

@@ -81,9 +81,9 @@ class EmailAccounts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Reso
 			));
 			$id = $result['id'];
 
-			$email_full = $result['email_full'];
 			$idna_convert = new \Froxlor\Idna\IdnaWrapper();
-			$username = $idna_convert->decode($email_full);
+			$email_full = $result['email_full'];
+			$username = $email_full;
 			$password = \Froxlor\Validate\Validate::validate($email_password, 'password', '', '', array(), true);
 			$password = \Froxlor\System\Crypt::validatePassword($password, true);
 

lib/Froxlor/Api/Commands/Emails.php

@@ -340,26 +340,12 @@ class Emails extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 		}
 		// check whether this address is an account
 		if ($result['popaccountid'] != 0) {
-			// Free the Quota used by the email account
-			if (Settings::Get('system.mail_quota_enabled') == 1) {
-				$stmt = Database::prepare("SELECT `quota` FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid`= :customerid AND `id`= :id");
-				$res_quota = Database::pexecute_first($stmt, array(
-					"customerid" => $customer['customerid'],
-					"id" => $result['popaccountid']
-				), true, true);
-				Customers::decreaseUsage($customer['customerid'], 'email_quota_used', '', $res_quota['quota']);
-				Admins::decreaseUsage($customer['customerid'], 'email_quota_used', '', $res_quota['quota']);
-				$this->logger()->logAction($this->isAdmin() ? \Froxlor\FroxlorLogger::ADM_ACTION : \Froxlor\FroxlorLogger::USR_ACTION, LOG_INFO, "[API] deleted quota entries for email address '" . $result['email_full'] . "'");
-			}
-			// delete account
-			$stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid`= :customerid AND `id`= :id");
-			Database::pexecute($stmt, array(
-				"customerid" => $customer['customerid'],
-				"id" => $result['popaccountid']
-			), true, true);
-			Customers::decreaseUsage($customer['customerid'], 'email_accounts_used');
-			Admins::decreaseUsage($customer['customerid'], 'email_accounts_used');
-			$this->logger()->logAction($this->isAdmin() ? \Froxlor\FroxlorLogger::ADM_ACTION : \Froxlor\FroxlorLogger::USR_ACTION, LOG_INFO, "[API] deleted email account '" . $result['email_full'] . "'");
+			// use EmailAccounts.delete
+			$this->apiCall('EmailAccounts.delete', array(
+				'id' => $result['id'],
+				'customerid' => $customer['customerid'],
+				'delete_userfiles' => $delete_userfiles
+			));
 			$number_forwarders --;
 		}
 

lib/Froxlor/Api/Commands/Froxlor.php

@@ -39,7 +39,11 @@ class Froxlor extends \Froxlor\Api\ApiCommand
 				$this->logger()->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] checking for updates");
 
 				// check for new version
-				$latestversion = \Froxlor\Http\HttpClient::urlGet(UPDATE_URI);
+				try {
+					$latestversion = \Froxlor\Http\HttpClient::urlGet(UPDATE_URI, true, 3);
+				} catch (\Exception $e) {
+					$latestversion = \Froxlor\Froxlor::getVersion()."|Version-check currently unavailable, please try again later";
+				}
 				$latestversion = explode('|', $latestversion);
 
 				if (is_array($latestversion) && count($latestversion) >= 1) {

lib/Froxlor/Api/Commands/Ftps.php

@@ -41,6 +41,10 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
 	 *        	optional if customer.ftpatdomain is allowed, specify a domain (customer must be owner)
 	 * @param int $customerid
 	 *        	required when called as admin, not needed when called as customer
+	 * @param array $additional_members
+	 *        	optional whether to add additional usernames to the group
+	 * @param bool $is_defaultuser
+	 *        	optional whether this is the standard default ftp user which is being added so no usage is decreased
 	 *        	
 	 * @access admin, customer
 	 * @throws \Exception
@@ -66,6 +70,9 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
 			$ftpusername = $this->getParam('ftp_username', true, '');
 			$ftpdomain = $this->getParam('ftp_domain', true, '');
 
+			$additional_members = $this->getParam('additional_members', true, array());
+			$is_defaultuser = $this->getBoolParam('is_defaultuser', true, 0);
+
 			// validation
 			$password = \Froxlor\Validate\Validate::validate($password, 'password', '', '', array(), true);
 			$password = \Froxlor\System\Crypt::validatePassword($password, true);
@@ -87,13 +94,18 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
 
 			$params = array();
 			// get needed customer info to reduce the ftp-user-counter by one
-			$customer = $this->getCustomerData('ftps');
+			if ($is_defaultuser) {
+				// no resource check for default user
+				$customer = $this->getCustomerData();
+			} else {
+				$customer = $this->getCustomerData('ftps');
+			}
 
 			if ($sendinfomail != 1) {
 				$sendinfomail = 0;
 			}
 
-			if (Settings::Get('customer.ftpatdomain') == '1') {
+			if (Settings::Get('customer.ftpatdomain') == '1' && !$is_defaultuser) {
 				if ($ftpusername == '') {
 					\Froxlor\UI\Response::standard_error(array(
 						'stringisempty',
@@ -113,7 +125,11 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
 				}
 				$username = $ftpusername . "@" . $ftpdomain;
 			} else {
-				$username = $customer['loginname'] . Settings::Get('customer.ftpprefix') . (intval($customer['ftp_lastaccountnumber']) + 1);
+				if ($is_defaultuser) {
+					$username = $customer['loginname'];
+				} else {
+					$username = $customer['loginname'] . Settings::Get('customer.ftpprefix') . (intval($customer['ftp_lastaccountnumber']) + 1);
+				}
 			}
 
 			$username_check_stmt = Database::prepare("
@@ -163,7 +179,7 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
 					), true, true);
 				}
 
-				$stmt = Database::prepare("
+				$group_upd_stmt = Database::prepare("
 					UPDATE `" . TABLE_FTP_GROUPS . "`
 					SET `members` = CONCAT_WS(',',`members`, :username)
 					WHERE `customerid`= :customerid AND `gid`= :guid
@@ -173,12 +189,35 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
 					"customerid" => $customer['customerid'],
 					"guid" => $customer['guid']
 				);
-				Database::pexecute($stmt, $params, true, true);
 
-				// update customer usage
-				Customers::increaseUsage($customer['customerid'], 'ftps_used');
-				Customers::increaseUsage($customer['customerid'], 'ftp_lastaccountnumber');
+				if ($is_defaultuser) {
+					// add the new group
+					$group_ins_stmt = Database::prepare("
+						INSERT INTO `" . TABLE_FTP_GROUPS . "`
+						SET `customerid`= :customerid, `gid`= :guid, `groupname` = :username, `members` = :username
+					");
+					Database::pexecute($group_ins_stmt, $params, true, true);
+				} else {
+					// just update
+					Database::pexecute($group_upd_stmt, $params, true, true);
+				}
 
+				if (count($additional_members) > 0) {
+					foreach ($additional_members as $add_member) {
+						$params = array(
+							"username" => $add_member,
+							"customerid" => $customer['customerid'],
+							"guid" => $customer['guid']
+						);
+						Database::pexecute($group_upd_stmt, $params, true, true);
+					}
+				}
+
+				if (! $is_defaultuser) {
+					// update customer usage
+					Customers::increaseUsage($customer['customerid'], 'ftps_used');
+					Customers::increaseUsage($customer['customerid'], 'ftp_lastaccountnumber');
+				}
 
 				$this->logger()->logAction($this->isAdmin() ? \Froxlor\FroxlorLogger::ADM_ACTION : \Froxlor\FroxlorLogger::USR_ACTION, LOG_INFO, "[API] added ftp-account '" . $username . " (" . $path . ")'");
 				\Froxlor\System\Cronjob::inserttask(5);

lib/Froxlor/Api/Commands/HostingPlans.php

@@ -1,6 +1,9 @@
 <?php
 namespace Froxlor\Api\Commands;
 
+use Froxlor\Settings;
+use Froxlor\Database\Database;
+
 /**
  * This file is part of the Froxlor project.
  * Copyright (c) 2010 the Froxlor Team (see authors).
@@ -19,28 +22,380 @@ namespace Froxlor\Api\Commands;
 class HostingPlans extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntity
 {
 
-	public function add()
-	{
-		throw new \Exception('noop', 303);
-	}
-
-	public function get()
-	{
-		throw new \Exception('noop', 303);
-	}
-
-	public function update()
-	{
-		throw new \Exception('noop', 303);
-	}
-
+	/**
+	 * list all available hosting plans
+	 *
+	 * @access admin
+	 * @throws \Exception
+	 * @return string json-encoded array count|list
+	 */
 	public function listing()
 	{
-		throw new \Exception('noop', 303);
+		if ($this->isAdmin()) {
+			$this->logger()->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] list hosting-plans");
+			$result_stmt = Database::prepare("
+				SELECT p.*, a.loginname as adminname
+				FROM `" . TABLE_PANEL_PLANS . "` p, `" . TABLE_PANEL_ADMINS . "` a
+				WHERE `p`.`adminid` = `a`.`adminid`" . ($this->getUserDetail('customers_see_all') ? '' : " AND `p`.`adminid` = :adminid "));
+			$params = array();
+			if ($this->getUserDetail('customers_see_all') == '0') {
+				$params['adminid'] = $this->getUserDetail('adminid');
+			}
+			Database::pexecute($result_stmt, $params);
+			$result = array();
+			while ($row = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
+				$result[] = $row;
+			}
+			return $this->response(200, "successfull", array(
+				'count' => count($result),
+				'list' => $result
+			));
+		}
+		throw new \Exception("Not allowed to execute given command.", 403);
 	}
 
+	/**
+	 * return a hosting-plan entry by either id or plan-name
+	 *
+	 * @param int $id
+	 *        	optional, the hosting-plan-id
+	 * @param string $planname
+	 *        	optional, the hosting-plan-name
+	 *        	
+	 * @access admin
+	 * @throws \Exception
+	 * @return string json-encoded array
+	 */
+	public function get()
+	{
+		if ($this->isAdmin()) {
+			$id = $this->getParam('id', true, 0);
+			$dn_optional = ($id <= 0 ? false : true);
+			$planname = $this->getParam('planname', $dn_optional, '');
+			$result_stmt = Database::prepare("
+				SELECT * FROM `" . TABLE_PANEL_PLANS . "` WHERE " . ($id > 0 ? "`id` = :iddn" : "`name` = :iddn") . ($this->getUserDetail('customers_see_all') ? '' : " AND `adminid` = :adminid"));
+			$params = array(
+				'iddn' => ($id <= 0 ? $planname : $id)
+			);
+			if ($this->getUserDetail('customers_see_all') == '0') {
+				$params['adminid'] = $this->getUserDetail('adminid');
+			}
+			$result = Database::pexecute_first($result_stmt, $params, true, true);
+			if ($result) {
+				$this->logger()->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] get hosting-plan '" . $result['name'] . "'");
+				return $this->response(200, "successfull", $result);
+			}
+			$key = ($id > 0 ? "id #" . $id : "planname '" . $planname . "'");
+			throw new \Exception("Hosting-plan with " . $key . " could not be found", 404);
+		}
+		throw new \Exception("Not allowed to execute given command.", 403);
+	}
+
+	/**
+	 * add new hosting-plan
+	 *
+	 * @param string $name
+	 *        	name of the plan
+	 * @param string $description
+	 *        	optional, description for hosting-plan
+	 * @param int $diskspace
+	 *        	optional disk-space available for customer in MB, default 0
+	 * @param bool $diskspace_ul
+	 *        	optional, whether customer should have unlimited diskspace, default 0 (false)
+	 * @param int $traffic
+	 *        	optional traffic available for customer in GB, default 0
+	 * @param bool $traffic_ul
+	 *        	optional, whether customer should have unlimited traffic, default 0 (false)
+	 * @param int $subdomains
+	 *        	optional amount of subdomains available for customer, default 0
+	 * @param bool $subdomains_ul
+	 *        	optional, whether customer should have unlimited subdomains, default 0 (false)
+	 * @param int $emails
+	 *        	optional amount of emails available for customer, default 0
+	 * @param bool $emails_ul
+	 *        	optional, whether customer should have unlimited emails, default 0 (false)
+	 * @param int $email_accounts
+	 *        	optional amount of email-accounts available for customer, default 0
+	 * @param bool $email_accounts_ul
+	 *        	optional, whether customer should have unlimited email-accounts, default 0 (false)
+	 * @param int $email_forwarders
+	 *        	optional amount of email-forwarders available for customer, default 0
+	 * @param bool $email_forwarders_ul
+	 *        	optional, whether customer should have unlimited email-forwarders, default 0 (false)
+	 * @param int $email_quota
+	 *        	optional size of email-quota available for customer in MB, default is system-setting mail_quota
+	 * @param bool $email_quota_ul
+	 *        	optional, whether customer should have unlimited email-quota, default 0 (false)
+	 * @param bool $email_imap
+	 *        	optional, whether to allow IMAP access, default 0 (false)
+	 * @param bool $email_pop3
+	 *        	optional, whether to allow POP3 access, default 0 (false)
+	 * @param int $ftps
+	 *        	optional amount of ftp-accounts available for customer, default 0
+	 * @param bool $ftps_ul
+	 *        	optional, whether customer should have unlimited ftp-accounts, default 0 (false)
+	 * @param int $mysqls
+	 *        	optional amount of mysql-databases available for customer, default 0
+	 * @param bool $mysqls_ul
+	 *        	optional, whether customer should have unlimited mysql-databases, default 0 (false)
+	 * @param bool $phpenabled
+	 *        	optional, whether to allow usage of PHP, default 0 (false)
+	 * @param array $allowed_phpconfigs
+	 *        	optional, array of IDs of php-config that the customer is allowed to use, default empty (none)
+	 * @param bool $perlenabled
+	 *        	optional, whether to allow usage of Perl/CGI, default 0 (false)
+	 * @param bool $dnsenabled
+	 *        	optional, ether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
+	 * @param bool $logviewenabled
+	 *        	optional, ether to allow acccess to webserver access/error-logs, default 0 (false)
+	 *        	
+	 * @access admin
+	 * @throws \Exception
+	 * @return string json-encoded array
+	 */
+	public function add()
+	{
+		if ($this->isAdmin()) {
+			$name = $this->getParam('name');
+			$description = $this->getParam('description', true, '');
+
+			$value_arr = array();
+			$value_arr['diskspace'] = $this->getUlParam('diskspace', 'diskspace_ul', true, 0);
+			$value_arr['traffic'] = $this->getUlParam('traffic', 'traffic_ul', true, 0);
+			$value_arr['subdomains'] = $this->getUlParam('subdomains', 'subdomains_ul', true, 0);
+			$value_arr['emails'] = $this->getUlParam('emails', 'emails_ul', true, 0);
+			$value_arr['email_accounts'] = $this->getUlParam('email_accounts', 'email_accounts_ul', true, 0);
+			$value_arr['email_forwarders'] = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, 0);
+			$value_arr['email_quota'] = $this->getUlParam('email_quota', 'email_quota_ul', true, Settings::Get('system.mail_quota'));
+			$value_arr['email_imap'] = $this->getBoolParam('email_imap', true, 0);
+			$value_arr['email_pop3'] = $this->getBoolParam('email_pop3', true, 0);
+			$value_arr['ftps'] = $this->getUlParam('ftps', 'ftps_ul', true, 0);
+			$value_arr['mysqls'] = $this->getUlParam('mysqls', 'mysqls_ul', true, 0);
+			$value_arr['phpenabled'] = $this->getBoolParam('phpenabled', true, 0);
+			$p_allowed_phpconfigs = $this->getParam('allowed_phpconfigs', true, array());
+			$value_arr['perlenabled'] = $this->getBoolParam('perlenabled', true, 0);
+			$value_arr['dnsenabled'] = $this->getBoolParam('dnsenabled', true, 0);
+			$value_arr['logviewenabled'] = $this->getBoolParam('logviewenabled', true, 0);
+
+			// validation
+			$name = \Froxlor\Validate\Validate::validate(trim($name), 'name', '', '', array(), true);
+			$description = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $description), 'description', '/^[^\0]*$/');
+
+			if (Settings::Get('system.mail_quota_enabled') != '1') {
+				$value_arr['email_quota'] = - 1;
+			}
+
+			$value_arr['allowed_phpconfigs'] = array();
+			if (! empty($p_allowed_phpconfigs) && is_array($p_allowed_phpconfigs)) {
+				foreach ($p_allowed_phpconfigs as $allowed_phpconfig) {
+					$allowed_phpconfig = intval($allowed_phpconfig);
+					$value_arr['allowed_phpconfigs'][] = $allowed_phpconfig;
+				}
+			}
+			$value_arr['allowed_phpconfigs'] = array_map('intval', $value_arr['allowed_phpconfigs']);
+
+			$ins_stmt = Database::prepare("
+				INSERT INTO `" . TABLE_PANEL_PLANS . "`
+				SET `adminid` = :adminid, `name` = :name, `description` = :desc, `value` = :valuearr, `ts` = UNIX_TIMESTAMP();
+			");
+			$ins_data = array(
+				'adminid' => $this->getUserDetail('adminid'),
+				'name' => $name,
+				'desc' => $description,
+				'valuearr' => json_encode($value_arr)
+			);
+			Database::pexecute($ins_stmt, $ins_data, true, true);
+			$this->logger()->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_WARNING, "[API] added hosting-plan '" . $name . "'");
+			$result = $this->apiCall('HostingPlans.get', array(
+				'planname' => $name
+			));
+			return $this->response(200, "successfull", $result);
+		}
+		throw new \Exception("Not allowed to execute given command.", 403);
+	}
+
+	/**
+	 * update hosting-plan by either id or plan-name
+	 *
+	 * @param int $id
+	 *        	optional the hosting-plan-id
+	 * @param string $planname
+	 *        	optional the hosting-plan-name
+	 * @param string $name
+	 *        	optional name of the plan
+	 * @param string $description
+	 *        	optional description for hosting-plan
+	 * @param int $diskspace
+	 *        	optional disk-space available for customer in MB, default 0
+	 * @param bool $diskspace_ul
+	 *        	optional, whether customer should have unlimited diskspace, default 0 (false)
+	 * @param int $traffic
+	 *        	optional traffic available for customer in GB, default 0
+	 * @param bool $traffic_ul
+	 *        	optional, whether customer should have unlimited traffic, default 0 (false)
+	 * @param int $subdomains
+	 *        	optional amount of subdomains available for customer, default 0
+	 * @param bool $subdomains_ul
+	 *        	optional, whether customer should have unlimited subdomains, default 0 (false)
+	 * @param int $emails
+	 *        	optional amount of emails available for customer, default 0
+	 * @param bool $emails_ul
+	 *        	optional, whether customer should have unlimited emails, default 0 (false)
+	 * @param int $email_accounts
+	 *        	optional amount of email-accounts available for customer, default 0
+	 * @param bool $email_accounts_ul
+	 *        	optional, whether customer should have unlimited email-accounts, default 0 (false)
+	 * @param int $email_forwarders
+	 *        	optional amount of email-forwarders available for customer, default 0
+	 * @param bool $email_forwarders_ul
+	 *        	optional, whether customer should have unlimited email-forwarders, default 0 (false)
+	 * @param int $email_quota
+	 *        	optional size of email-quota available for customer in MB, default is system-setting mail_quota
+	 * @param bool $email_quota_ul
+	 *        	optional, whether customer should have unlimited email-quota, default 0 (false)
+	 * @param bool $email_imap
+	 *        	optional, whether to allow IMAP access, default 0 (false)
+	 * @param bool $email_pop3
+	 *        	optional, whether to allow POP3 access, default 0 (false)
+	 * @param int $ftps
+	 *        	optional amount of ftp-accounts available for customer, default 0
+	 * @param bool $ftps_ul
+	 *        	optional, whether customer should have unlimited ftp-accounts, default 0 (false)
+	 * @param int $mysqls
+	 *        	optional amount of mysql-databases available for customer, default 0
+	 * @param bool $mysqls_ul
+	 *        	optional, whether customer should have unlimited mysql-databases, default 0 (false)
+	 * @param bool $phpenabled
+	 *        	optional, whether to allow usage of PHP, default 0 (false)
+	 * @param array $allowed_phpconfigs
+	 *        	optional, array of IDs of php-config that the customer is allowed to use, default empty (none)
+	 * @param bool $perlenabled
+	 *        	optional, whether to allow usage of Perl/CGI, default 0 (false)
+	 * @param bool $dnsenabled
+	 *        	optional, ether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
+	 * @param bool $logviewenabled
+	 *        	optional, ether to allow acccess to webserver access/error-logs, default 0 (false)
+	 *        	
+	 * @access admin
+	 * @throws \Exception
+	 * @return string json-encoded array
+	 */
+	public function update()
+	{
+		if ($this->isAdmin()) {
+
+			// parameters
+			$id = $this->getParam('id', true, 0);
+			$dn_optional = ($id <= 0 ? false : true);
+			$planname = $this->getParam('planname', $dn_optional, '');
+
+			// get requested hosting-plan
+			$result = $this->apiCall('HostingPlans.get', array(
+				'id' => $id,
+				'planname' => $planname
+			));
+			$id = $result['id'];
+
+			$result['value'] = json_decode($result['value'], true);
+			foreach ($result['value'] as $index => $value) {
+				$result[$index] = $value;
+			}
+
+			$name = $this->getParam('name', true, $result['name']);
+			$description = $this->getParam('description', true, $result['description']);
+
+			$value_arr = array();
+			$value_arr['diskspace'] = $this->getUlParam('diskspace', 'diskspace_ul', true, $result['diskspace']);
+			$value_arr['traffic'] = $this->getUlParam('traffic', 'traffic_ul', true, $result['traffic']);
+			$value_arr['subdomains'] = $this->getUlParam('subdomains', 'subdomains_ul', true, $result['subdomains']);
+			$value_arr['emails'] = $this->getUlParam('emails', 'emails_ul', true, $result['emails']);
+			$value_arr['email_accounts'] = $this->getUlParam('email_accounts', 'email_accounts_ul', true, $result['email_accounts']);
+			$value_arr['email_forwarders'] = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, $result['email_forwarders']);
+			$value_arr['email_quota'] = $this->getUlParam('email_quota', 'email_quota_ul', true, $result['email_quota']);
+			$value_arr['email_imap'] = $this->getParam('email_imap', true, $result['email_imap']);
+			$value_arr['email_pop3'] = $this->getParam('email_pop3', true, $result['email_pop3']);
+			$value_arr['ftps'] = $this->getUlParam('ftps', 'ftps_ul', true, $result['ftps']);
+			$value_arr['mysqls'] = $this->getUlParam('mysqls', 'mysqls_ul', true, $result['mysqls']);
+			$value_arr['phpenabled'] = $this->getBoolParam('phpenabled', true, $result['phpenabled']);
+			$p_allowed_phpconfigs = $this->getParam('allowed_phpconfigs', true, $result['allowed_phpconfigs']);
+			$value_arr['perlenabled'] = $this->getBoolParam('perlenabled', true, $result['perlenabled']);
+			$value_arr['dnsenabled'] = $this->getBoolParam('dnsenabled', true, $result['dnsenabled']);
+			$value_arr['logviewenabled'] = $this->getBoolParam('logviewenabled', true, $result['logviewenabled']);
+
+			// validation
+			$name = \Froxlor\Validate\Validate::validate(trim($name), 'name', '', '', array(), true);
+			$description = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $description), 'description', '/^[^\0]*$/');
+
+			if (Settings::Get('system.mail_quota_enabled') != '1') {
+				$value_arr['email_quota'] = - 1;
+			}
+
+			if (empty($name)) {
+				$name = $result['name'];
+			}
+
+			$value_arr['allowed_phpconfigs'] = array();
+			if (! empty($p_allowed_phpconfigs) && is_array($p_allowed_phpconfigs)) {
+				foreach ($p_allowed_phpconfigs as $allowed_phpconfig) {
+					$allowed_phpconfig = intval($allowed_phpconfig);
+					$value_arr['allowed_phpconfigs'][] = $allowed_phpconfig;
+				}
+			}
+			$value_arr['allowed_phpconfigs'] = array_map('intval', $value_arr['allowed_phpconfigs']);
+
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_PLANS . "`
+				SET `name` = :name, `description` = :desc, `value` = :valuearr, `ts` = UNIX_TIMESTAMP()
+				WHERE `id` = :id
+			");
+			$update_data = array(
+				'name' => $name,
+				'desc' => $description,
+				'valuearr' => json_encode($value_arr),
+				'id' => $id
+			);
+			Database::pexecute($upd_stmt, $update_data, true, true);
+			$this->logger()->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_WARNING, "[API] updated hosting-plan '" . $result['name'] . "'");
+			return $this->response(200, "successfull", $update_data);
+		}
+		throw new \Exception("Not allowed to execute given command.", 403);
+	}
+
+	/**
+	 * delete hosting-plan by either id or plan-name
+	 *
+	 * @param int $id
+	 *        	optional the hosting-plan-id
+	 * @param string $planname
+	 *        	optional the hosting-plan-name
+	 *        	
+	 * @access admin
+	 * @throws \Exception
+	 * @return string json-encoded array
+	 */
 	public function delete()
 	{
-		throw new \Exception('noop', 303);
+		if ($this->isAdmin()) {
+			$id = $this->getParam('id', true, 0);
+			$dn_optional = ($id <= 0 ? false : true);
+			$planname = $this->getParam('planname', $dn_optional, '');
+
+			// get requested hosting-plan
+			$result = $this->apiCall('HostingPlans.get', array(
+				'id' => $id,
+				'planname' => $planname
+			));
+			$id = $result['id'];
+
+			$del_stmt = Database::prepare("
+				DELETE FROM `" . TABLE_PANEL_PLANS . "` WHERE `id` = :id
+			");
+			Database::pexecute($del_stmt, array(
+				'id' => $id
+			), true, true);
+			$this->logger()->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_WARNING, "[API] deleted hosting-plan '" . $result['name'] . "'");
+			return $this->response(200, "successfull", $result);
+		}
+		throw new \Exception("Not allowed to execute given command.", 403);
 	}
 }

lib/Froxlor/Api/Commands/Mysqls.php

@@ -33,7 +33,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 *        	optional, description for database
 	 * @param bool $sendinfomail
 	 *        	optional, send created resource-information to customer, default: false
-	 * @param int $customer_id
+	 * @param int $customerid
 	 *        	required when called as admin, not needed when called as customer
 	 *        	
 	 * @access admin, customer

lib/Froxlor/Api/Commands/SubDomains.php

@@ -45,6 +45,8 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 	 *        	optional, whether to generate a https-redirect or not, default false; requires SSL to be enabled
 	 * @param bool $letsencrypt
 	 *        	optional, whether to generate a Let's Encrypt certificate for this domain, default false; requires SSL to be enabled
+	 * @param bool $http2
+	 *        	optional, whether to enable http/2 for this subdomain (requires to be enabled in the settings), default 0 (false)
 	 * @param int $hsts_maxage
 	 *        	optional max-age value for HSTS header, default 0
 	 * @param bool $hsts_sub
@@ -76,12 +78,14 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 			if (Settings::Get('system.use_ssl')) {
 				$ssl_redirect = $this->getBoolParam('ssl_redirect', true, 0);
 				$letsencrypt = $this->getBoolParam('letsencrypt', true, 0);
+				$http2 = $this->getBoolParam('http2', true, 0);
 				$hsts_maxage = $this->getParam('hsts_maxage', true, 0);
 				$hsts_sub = $this->getBoolParam('hsts_sub', true, 0);
 				$hsts_preload = $this->getBoolParam('hsts_preload', true, 0);
 			} else {
 				$ssl_redirect = 0;
 				$letsencrypt = 0;
+				$http2 = 0;
 				$hsts_maxage = 0;
 				$hsts_sub = 0;
 				$hsts_preload = 0;
@@ -241,7 +245,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				$phpsid_result['phpsettingid'] = intval($phpsettingid);
 			}
 
-			// acutall insert domain
+			// actually insert domain
 			$stmt = Database::prepare("
 				INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
 				`customerid` = :customerid,
@@ -261,6 +265,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				`ssl_redirect` = :ssl_redirect,
 				`phpsettingid` = :phpsettingid,
 				`letsencrypt` = :letsencrypt,
+				`http2` = :http2,
 				`hsts` = :hsts,
 				`hsts_sub` = :hsts_sub,
 				`hsts_preload` = :hsts_preload
@@ -283,6 +288,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				"ssl_redirect" => $ssl_redirect,
 				"phpsettingid" => $phpsid_result['phpsettingid'],
 				"letsencrypt" => $letsencrypt,
+				"http2" => $http2,
 				"hsts" => $hsts_maxage,
 				"hsts_sub" => $hsts_sub,
 				"hsts_preload" => $hsts_preload
@@ -430,6 +436,8 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 	 *        	optional, whether to generate a https-redirect or not, default false; requires SSL to be enabled
 	 * @param bool $letsencrypt
 	 *        	optional, whether to generate a Let's Encrypt certificate for this domain, default false; requires SSL to be enabled
+	 * @param bool $http2
+	 *        	optional, whether to enable http/2 for this domain (requires to be enabled in the settings), default 0 (false)
 	 * @param int $hsts_maxage
 	 *        	optional max-age value for HSTS header
 	 * @param bool $hsts_sub
@@ -473,12 +481,14 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 		if (Settings::Get('system.use_ssl')) {
 			$ssl_redirect = $this->getBoolParam('ssl_redirect', true, $result['ssl_redirect']);
 			$letsencrypt = $this->getBoolParam('letsencrypt', true, $result['letsencrypt']);
+			$http2 = $this->getBoolParam('http2', true, $result['http2']);
 			$hsts_maxage = $this->getParam('hsts_maxage', true, $result['hsts']);
 			$hsts_sub = $this->getBoolParam('hsts_sub', true, $result['hsts_sub']);
 			$hsts_preload = $this->getBoolParam('hsts_preload', true, $result['hsts_preload']);
 		} else {
 			$ssl_redirect = 0;
 			$letsencrypt = 0;
+			$http2 = 0;
 			$hsts_maxage = 0;
 			$hsts_sub = 0;
 			$hsts_preload = 0;
@@ -599,6 +609,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 					`openbasedir_path`= :openbasedir_path,
 					`ssl_redirect`= :ssl_redirect,
 					`letsencrypt`= :letsencrypt,
+					`http2` = :http2,
 					`hsts` = :hsts,
 					`hsts_sub` = :hsts_sub,
 					`hsts_preload` = :hsts_preload,
@@ -614,6 +625,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				"openbasedir_path" => $openbasedir_path,
 				"ssl_redirect" => $ssl_redirect,
 				"letsencrypt" => $letsencrypt,
+				"http2" => $http2,
 				"hsts" => $hsts_maxage,
 				"hsts_sub" => $hsts_sub,
 				"hsts_preload" => $hsts_preload,
@@ -623,13 +635,20 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 			);
 			Database::pexecute($stmt, $params, true, true);
 
-			if ($result['aliasdomain'] != $aliasdomain) {
+			if ($result['aliasdomain'] != $aliasdomain && is_numeric($result['aliasdomain'])) {
 				// trigger when domain id for alias destination has changed: both for old and new destination
 				\Froxlor\Domain\Domain::triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $this->logger());
 				\Froxlor\Domain\Domain::triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $this->logger());
-			} elseif ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
+			}
+			if ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
 				// or when wwwserveralias or letsencrypt was changed
 				\Froxlor\Domain\Domain::triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $this->logger());
+				if ((int) $aliasdomain === 0) {
+					// in case the wwwserveralias is set on a main domain, $aliasdomain is 0
+					// --> the call just above to triggerLetsEncryptCSRForAliasDestinationDomain
+					// is a noop...let's repeat it with the domain id of the main domain
+					\Froxlor\Domain\Domain::triggerLetsEncryptCSRForAliasDestinationDomain($id, $this->logger());
+				}
 			}
 
 			// check whether LE has been disabled, so we remove the certificate
@@ -828,6 +847,8 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 		\Froxlor\System\Cronjob::inserttask('4');
 		// remove domains DNS from powerDNS if used, #581
 		\Froxlor\System\Cronjob::inserttask('11', $result['domain']);
+		// remove domain from acme.sh / lets encrypt if used
+		\Froxlor\System\Cronjob::inserttask('12', $result['domain']);
 
 		// reduce subdomain-usage-counter
 		Customers::decreaseUsage($customer['customerid'], 'subdomains_used');
@@ -852,7 +873,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 	{
 		// check whether an URL was specified
 		$_doredirect = false;
-		if (! empty($url) && \Froxlor\Validate\Form\Data::validateUrl($url)) {
+		if (! empty($url) && \Froxlor\Validate\Validate::validateUrl($url)) {
 			$path = $url;
 			$_doredirect = true;
 		} else {
@@ -860,7 +881,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 		}
 
 		// check whether path is a real path
-		if (! preg_match('/^https?\:\/\//', $path) || ! \Froxlor\Validate\Form\Data::validateUrl($path)) {
+		if (! preg_match('/^https?\:\/\//', $path) || ! \Froxlor\Validate\Validate::validateUrl($path)) {
 			if (strstr($path, ":") !== false) {
 				\Froxlor\UI\Response::standard_error('pathmaynotcontaincolon', '', true);
 			}

lib/Froxlor/Api/FroxlorRPC.php

@@ -55,13 +55,20 @@ class FroxlorRPC
 	 */
 	private static function validateAuth($key, $secret)
 	{
-		$sel_stmt = \Froxlor\Database\Database::prepare("SELECT * FROM `api_keys` WHERE `apikey` = :ak AND `secret` = :as");
+		$sel_stmt = \Froxlor\Database\Database::prepare("
+			SELECT ak.*, a.api_allowed as admin_api_allowed, c.api_allowed as cust_api_allowed
+			FROM `api_keys` ak
+			LEFT JOIN `panel_admins` a ON a.adminid = ak.adminid
+			LEFT JOIN `panel_customers` c ON c.customerid = ak.customerid
+			WHERE `apikey` = :ak AND `secret` = :as
+		");
 		$result = \Froxlor\Database\Database::pexecute_first($sel_stmt, array(
 			'ak' => $key,
 			'as' => $secret
 		), true, true);
 		if ($result) {
-			if ($result['apikey'] == $key && $result['secret'] == $secret && ($result['valid_until'] == - 1 || $result['valid_until'] >= time())) {
+			if ($result['apikey'] == $key && $result['secret'] == $secret && ($result['valid_until'] == - 1 || $result['valid_until'] >= time()) && (($result['customerid'] == 0 && $result['admin_api_allowed'] == 1) || ($result['customerid'] > 0 && $result['cust_api_allowed'] == 1))) {
+				// get user to check whether api call is allowed
 				if (! empty($result['allowed_from'])) {
 					// @todo allow specification and validating of whole subnets later
 					$ip_list = explode(",", $result['allowed_from']);

lib/Froxlor/Cli/Action/ConfigServicesAction.php

@@ -103,7 +103,7 @@ class ConfigServicesAction extends \Froxlor\Cli\Action
 		echo PHP_EOL;
 
 		while (! in_array($_daemons_config['distro'], $distributions_select_data)) {
-			$_daemons_config['distro'] = ConfigServicesCmd::getInput("choose distribution", "stretch");
+			$_daemons_config['distro'] = ConfigServicesCmd::getInput("choose distribution", "buster");
 		}
 
 		// go through all services and let user check whether to include it or not

lib/Froxlor/Cron/CronConfig.php

@@ -61,6 +61,7 @@ class CronConfig
 			$month_delay = 7;
 			while ($row_cronentry = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
 				// create cron.d-entry
+				$matches = array();
 				if (preg_match("/(\d+) (MINUTE|HOUR|DAY|WEEK|MONTH)/", $row_cronentry['interval'], $matches)) {
 					if ($matches[1] == 1) {
 						$minvalue = "*";
@@ -101,7 +102,7 @@ class CronConfig
 						$binpath = "/usr/bin/nice -n 5 /usr/bin/php5 -q";
 					}
 
-					$cronfile .= "root " . $binpath . " " . \Froxlor\Froxlor::getInstallDir() . "/scripts/froxlor_master_cronjob.php --" . $row_cronentry['cronfile'] . " 1> /dev/null\n";
+					$cronfile .= "root " . $binpath . " " . \Froxlor\FileDir::makeCorrectFile(\Froxlor\Froxlor::getInstallDir() . "/scripts/froxlor_master_cronjob.php") . " --" . $row_cronentry['cronfile'] . " 1> /dev/null\n";
 				}
 			}
 

lib/Froxlor/Cron/Dns/PowerDNS.php

@@ -111,7 +111,7 @@ class PowerDNS extends DnsBase
 
 	private function insertZone($domainname, $serial = 0)
 	{
-		$ins_stmt = PowerDNS::getDB()->prepare("
+		$ins_stmt = \Froxlor\Dns\PowerDNS::getDB()->prepare("
 			INSERT INTO domains set `name` = :domainname, `notified_serial` = :serial, `type` = 'NATIVE'
 		");
 		$ins_stmt->execute(array(
@@ -124,7 +124,7 @@ class PowerDNS extends DnsBase
 
 	private function insertRecords($domainid = 0, $records = array(), $origin = "")
 	{
-		$ins_stmt = PowerDNS::getDB()->prepare("
+		$ins_stmt = \Froxlor\Dns\PowerDNS::getDB()->prepare("
 			INSERT INTO records set
 			`domain_id` = :did,
 			`name` = :rec,
@@ -161,7 +161,7 @@ class PowerDNS extends DnsBase
 
 	private function insertAllowedTransfers($domainid)
 	{
-		$ins_stmt = PowerDNS::getDB()->prepare("
+		$ins_stmt = \Froxlor\Dns\PowerDNS::getDB()->prepare("
 			INSERT INTO domainmetadata set `domain_id` = :did, `kind` = 'ALLOW-AXFR-FROM', `content` = :value
 		");
 

lib/Froxlor/Cron/Http/Apache.php

@@ -3,7 +3,6 @@ namespace Froxlor\Cron\Http;
 
 use Froxlor\Database\Database;
 use Froxlor\Settings;
-use Froxlor\Cron\Http\Php\Fpm;
 use Froxlor\Cron\Http\Php\PhpInterface;
 
 /**
@@ -46,30 +45,6 @@ class Apache extends HttpConfigBase
 	 */
 	private $deactivated = false;
 
-	public function reload()
-	{
-		if ((int) Settings::Get('phpfpm.enabled') == 1) {
-			// get all start/stop commands
-			$startstop_sel = Database::prepare("SELECT reload_cmd, config_dir FROM `" . TABLE_PANEL_FPMDAEMONS . "`");
-			Database::pexecute($startstop_sel);
-			$restart_cmds = $startstop_sel->fetchAll(\PDO::FETCH_ASSOC);
-			// restart all php-fpm instances
-			foreach ($restart_cmds as $restart_cmd) {
-				// check whether the config dir is empty (no domains uses this daemon)
-				// so we need to create a dummy
-				$_conffiles = glob(\Froxlor\FileDir::makeCorrectFile($restart_cmd['config_dir'] . "/*.conf"));
-				if ($_conffiles === false || empty($_conffiles)) {
-					\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, 'apache::reload: fpm config directory "' . $restart_cmd['config_dir'] . '" is empty. Creating dummy.');
-					Fpm::createDummyPool($restart_cmd['config_dir']);
-				}
-				\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, 'apache::reload: running ' . $restart_cmd['reload_cmd']);
-				\Froxlor\FileDir::safe_exec(escapeshellcmd($restart_cmd['reload_cmd']));
-			}
-		}
-		\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, 'apache::reload: reloading apache');
-		\Froxlor\FileDir::safe_exec(escapeshellcmd(Settings::Get('system.apachereload_command')));
-	}
-
 	/**
 	 * define a standard <Directory>-statement, bug #32
 	 */
@@ -144,7 +119,7 @@ class Apache extends HttpConfigBase
 			foreach ($statusCodes as $statusCode) {
 				if (Settings::Get('defaultwebsrverrhandler.err' . $statusCode) != '') {
 					$defhandler = Settings::Get('defaultwebsrverrhandler.err' . $statusCode);
-					if (! \Froxlor\Validate\Form\Data::validateUrl($defhandler)) {
+					if (! \Froxlor\Validate\Validate::validateUrl($defhandler)) {
 						if (substr($defhandler, 0, 1) != '"' && substr($defhandler, - 1, 1) != '"') {
 							$defhandler = '"' . \Froxlor\FileDir::makeCorrectFile($defhandler) . '"';
 						}
@@ -502,6 +477,10 @@ class Apache extends HttpConfigBase
 							// this makes it more secure, thx to Marcel (08/2013)
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder On' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
+							$protocols = array_map('trim', explode(",", Settings::Get('system.ssl_protocols')));
+							if (in_array("TLSv1.3", $protocols) && !empty(Settings::Get('system.tlsv13_cipher_list')) && Settings::Get('system.apache24') == 1) {
+								$this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite TLSv1.3 ' . Settings::Get('system.tlsv13_cipher_list') . "\n";
+							}
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLVerifyDepth 10' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateFile ' . \Froxlor\FileDir::makeCorrectFile($domain['ssl_cert_file']) . "\n";
 
@@ -949,7 +928,7 @@ class Apache extends HttpConfigBase
 				'domainid' => $domain['id']
 			));
 
-			if ($ssldestport['port'] != '') {
+			if ($ssldestport && $ssldestport['port'] != '') {
 				$_sslport = ":" . $ssldestport['port'];
 			}
 
@@ -984,7 +963,7 @@ class Apache extends HttpConfigBase
 				$vhost_content .= '  SSLProtocol -ALL +' . str_replace(",", " +", Settings::Get('system.ssl_protocols')) . "\n";
 				if (Settings::Get('system.apache24') == '1') {
 					if (isset($domain['http2']) && $domain['http2'] == '1' && Settings::Get('system.http2_support') == '1') {
-						$vhost_content .= ' Protocols h2 http/1.1' . "\n";
+						$vhost_content .= '  Protocols h2 http/1.1' . "\n";
 					}
 					if (! empty(Settings::Get('system.dhparams_file'))) {
 						$dhparams = \Froxlor\FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
@@ -998,6 +977,10 @@ class Apache extends HttpConfigBase
 				// this makes it more secure, thx to Marcel (08/2013)
 				$vhost_content .= '  SSLHonorCipherOrder On' . "\n";
 				$vhost_content .= '  SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
+				$protocols = array_map('trim', explode(",", Settings::Get('system.ssl_protocols')));
+				if (in_array("TLSv1.3", $protocols) && !empty(Settings::Get('system.tlsv13_cipher_list')) && Settings::Get('system.apache24') == 1) {
+					$vhost_content .= '  SSLCipherSuite TLSv1.3 ' . Settings::Get('system.tlsv13_cipher_list') . "\n";
+				}
 				$vhost_content .= '  SSLVerifyDepth 10' . "\n";
 				$vhost_content .= '  SSLCertificateFile ' . \Froxlor\FileDir::makeCorrectFile($domain['ssl_cert_file']) . "\n";
 
@@ -1209,7 +1192,7 @@ class Apache extends HttpConfigBase
 				foreach ($statusCodes as $statusCode) {
 					if (isset($row_diroptions['error' . $statusCode . 'path']) && $row_diroptions['error' . $statusCode . 'path'] != '') {
 						$defhandler = $row_diroptions['error' . $statusCode . 'path'];
-						if (! \Froxlor\Validate\Form\Data::validateUrl($defhandler)) {
+						if (! \Froxlor\Validate\Validate::validateUrl($defhandler)) {
 							if (substr($defhandler, 0, 1) != '"' && substr($defhandler, - 1, 1) != '"') {
 								$defhandler = '"' . \Froxlor\FileDir::makeCorrectFile($defhandler) . '"';
 							}

lib/Froxlor/Cron/Http/ConfigIO.php

@@ -128,7 +128,7 @@ class ConfigIO
 				// iterate through all subdirs,
 				// look for vhost/diroption files
 				// and delete them
-				foreach ($its as $fullFileName => $it) {
+				foreach ($its as $it) {
 					if ($it->isFile() && preg_match($pattern, $it->getFilename())) {
 						// remove file
 						\Froxlor\FileDir::safe_exec('rm -f ' . escapeshellarg(\Froxlor\FileDir::makeCorrectFile($its->getPathname())));
@@ -191,7 +191,7 @@ class ConfigIO
 				/**
 				 * don't do anything if the file does not exist
 				 */
-				if (@file_exists($awstatsclean['fullentry'])) {
+				if (@file_exists($awstatsclean['fullentry']) && $awstatsclean['entry'] != '.' && $awstatsclean['entry'] != '..') {
 					$awstatsclean['fh'] = fopen($awstatsclean['fullentry'], 'r');
 					$awstatsclean['headerRead'] = fgets($awstatsclean['fh'], strlen($awstatsclean['header']) + 1);
 					fclose($awstatsclean['fh']);
@@ -232,7 +232,7 @@ class ConfigIO
 				// look for php-fcgi-starter files
 				// and take immutable-flag away from them
 				// so we can delete them :)
-				foreach ($its as $fullFileName => $it) {
+				foreach ($its as $it) {
 					if ($it->isFile() && $it->getFilename() == 'php-fcgi-starter') {
 						// set chattr -i
 						\Froxlor\FileDir::removeImmutable($its->getPathname());

lib/Froxlor/Cron/Http/HttpConfigBase.php

@@ -3,6 +3,7 @@ namespace Froxlor\Cron\Http;
 
 use Froxlor\Database\Database;
 use Froxlor\Settings;
+use Froxlor\Cron\Http\Php\Fpm;
 
 /**
  * This file is part of the Froxlor project.
@@ -27,6 +28,51 @@ use Froxlor\Settings;
 class HttpConfigBase
 {
 
+	public function init()
+	{
+		// if Let's Encrypt is activated, run it before regeneration of webserver configfiles
+		if (Settings::Get('system.leenabled') == 1) {
+			\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, 'Running Let\'s Encrypt cronjob prior to regenerating webserver config files');
+			\Froxlor\Cron\Http\LetsEncrypt\AcmeSh::$no_inserttask = true;
+			\Froxlor\Cron\Http\LetsEncrypt\AcmeSh::run(true);
+			// set last run timestamp of cronjob
+			\Froxlor\System\Cronjob::updateLastRunOfCron('letsencrypt');
+		}
+	}
+
+	public function reload()
+	{
+		$called_class = get_called_class();
+		if ((int) Settings::Get('phpfpm.enabled') == 1) {
+			// get all start/stop commands
+			$startstop_sel = Database::prepare("SELECT reload_cmd, config_dir FROM `" . TABLE_PANEL_FPMDAEMONS . "`");
+			Database::pexecute($startstop_sel);
+			$restart_cmds = $startstop_sel->fetchAll(\PDO::FETCH_ASSOC);
+			// restart all php-fpm instances
+			foreach ($restart_cmds as $restart_cmd) {
+				// check whether the config dir is empty (no domains uses this daemon)
+				// so we need to create a dummy
+				$_conffiles = glob(\Froxlor\FileDir::makeCorrectFile($restart_cmd['config_dir'] . "/*.conf"));
+				if ($_conffiles === false || empty($_conffiles)) {
+					\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, $called_class . '::reload: fpm config directory "' . $restart_cmd['config_dir'] . '" is empty. Creating dummy.');
+					Fpm::createDummyPool($restart_cmd['config_dir']);
+				}
+				\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, $called_class . '::reload: running ' . $restart_cmd['reload_cmd']);
+				\Froxlor\FileDir::safe_exec(escapeshellcmd($restart_cmd['reload_cmd']));
+			}
+		}
+		\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, $called_class . '::reload: reloading ' . $called_class);
+		\Froxlor\FileDir::safe_exec(escapeshellcmd(Settings::Get('system.apachereload_command')));
+
+		/**
+		 * nginx does not auto-spawn fcgi-processes
+		 */
+		if (Settings::Get('system.webserver') == "nginx" && Settings::Get('system.phpreload_command') != '' && (int) Settings::Get('phpfpm.enabled') == 0) {
+			\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, $called_class . '::reload: restarting php processes');
+			\Froxlor\FileDir::safe_exec(Settings::Get('system.phpreload_command'));
+		}
+	}
+
 	/**
 	 * process special config as template, by substituting {VARIABLE} with the
 	 * respective value.
@@ -87,7 +133,7 @@ class HttpConfigBase
 		");
 		$ssldestport = Database::pexecute_first($ssldestport_stmt);
 
-		if ($ssldestport['port'] != '') {
+		if ($ssldestport && $ssldestport['port'] != '') {
 			$_sslport = ":" . $ssldestport['port'];
 		}
 

lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php

@@ -43,19 +43,26 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 
 	private static $do_update = true;
 
-	public static function run()
+	public static $no_inserttask = false;
+
+	public static function run($internal = false)
 	{
+		if (! defined('CRON_IS_FORCED') && ! defined('CRON_DEBUG_FLAG') && $internal == false) {
+			//FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Let's Encrypt cronjob is combined with regeneration of webserver configuration files.\nFor debugging purposes you can use the --debug switch and/or the --force switch to run the cron manually.");
+			return 0;
+		}
+
 		self::checkInstall();
 
 		self::$apiserver = 'https://acme-v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org/directory';
 
-		FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Updating Let's Encrypt certificates");
+		FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Requesting/renewing Let's Encrypt certificates");
 
 		$certificates_stmt = Database::query("
 			SELECT
 				domssl.`id`,
 				domssl.`domainid`,
-				domssl.expirationdate,
+				domssl.`expirationdate`,
 				domssl.`ssl_cert_file`,
 				domssl.`ssl_key_file`,
 				domssl.`ssl_ca_file`,
@@ -174,7 +181,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 				);
 
 				$froxlor_aliases = Settings::Get('system.froxloraliases');
-				if (!empty($froxlor_aliases)) {
+				if (! empty($froxlor_aliases)) {
 					$froxlor_aliases = explode(",", $froxlor_aliases);
 					foreach ($froxlor_aliases as $falias) {
 						if (\Froxlor\Validate\Validate::validateDomain(trim($falias))) {
@@ -185,10 +192,12 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 
 				// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
 				// - this temp. deactivation of the ssl-redirect is handled by the webserver-cronjob
+				$do_force = false;
 				if ($cert_mode == 'renew') {
-					FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Creating certificate for " . $certrow['domain']);
+					FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Updating certificate for " . $certrow['domain']);
 				} else {
-					FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Updating certificate for " . $certrow['domain']);
+					$do_force = true;
+					FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Creating certificate for " . $certrow['domain']);
 				}
 
 				$cronlog = FroxlorLogger::getInstanceOf(array(
@@ -196,7 +205,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 					'adminsession' => 0
 				));
 
-				self::runAcmeSh($certrow, $domains, $cert_mode, $cronlog, $changedetected);
+				self::runAcmeSh($certrow, $domains, $cert_mode, $cronlog, $changedetected, $do_force);
 			}
 		}
 
@@ -214,20 +223,25 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 			// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
 			if ($certrow['ssl_redirect'] != 2) {
 
-				if (! empty($certrow['ssl_cert_file'])) {
+				$do_force = false;
+				if (! empty($certrow['ssl_cert_file']) && !empty($certrow['expirationdate'])) {
 					$cert_mode = 'renew';
-					$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Updating certificate for " . $certrow['domain']);
+					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Updating certificate for " . $certrow['domain']);
+				} else if (! empty($certrow['ssl_cert_file']) && empty($certrow['expirationdate'])) {
+					// domain changed (SAN or similar)
+					$do_force = true;
+					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Re-creating certificate for " . $certrow['domain']);
 				} else {
-					$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Creating certificate for " . $certrow['domain']);
+					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Creating certificate for " . $certrow['domain']);
 				}
 
-				$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $certrow['domain']);
+				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $certrow['domain']);
 				$domains = array(
 					$certrow['domain']
 				);
 				// add www.<domain> to SAN list
 				if ($certrow['wwwserveralias'] == 1) {
-					$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $certrow['domain']);
+					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $certrow['domain']);
 					$domains[] = 'www.' . $certrow['domain'];
 				}
 
@@ -237,30 +251,33 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 				));
 				$aliasdomains = $aliasdomains_stmt->fetchAll(\PDO::FETCH_ASSOC);
 				foreach ($aliasdomains as $aliasdomain) {
-					$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $aliasdomain['domain']);
+					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $aliasdomain['domain']);
 					$domains[] = $aliasdomain['domain'];
 					if ($aliasdomain['wwwserveralias'] == 1) {
-						$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $aliasdomain['domain']);
+						$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $aliasdomain['domain']);
 						$domains[] = 'www.' . $aliasdomain['domain'];
 					}
 				}
 
-				self::runAcmeSh($certrow, $domains, $cert_mode, $cronlog, $changedetected);
+				self::runAcmeSh($certrow, $domains, $cert_mode, $cronlog, $changedetected, $do_force);
 			} else {
-				$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
+				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
 			}
 		}
 
 		// If we have a change in a certificate, we need to update the webserver - configs
 		// This is easiest done by just creating a new task ;)
 		if ($changedetected) {
-			\Froxlor\System\Cronjob::inserttask(1);
+			if (self::$no_inserttask == false) {
+				\Froxlor\System\Cronjob::inserttask(1);
+			}
+			FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Let's Encrypt certificates have been updated");
+		} else {
+			FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "No new certificates or certificates due for renewal found");
 		}
-
-		FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Let's Encrypt certificates have been updated");
 	}
 
-	private static function runAcmeSh($certrow = array(), $domains = array(), $cert_mode = 'issue', &$cronlog = null, &$changedetected = 0)
+	private static function runAcmeSh($certrow = array(), $domains = array(), $cert_mode = 'issue', &$cronlog = null, &$changedetected = 0, $force = false)
 	{
 		if (! empty($domains)) {
 
@@ -272,7 +289,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 			$acmesh_cmd = self::$acmesh . " --auto-upgrade 0 --server " . self::$apiserver . " --" . $cert_mode . " -d " . implode(" -d ", $domains);
 
 			if ($cert_mode == 'issue') {
-				$acmesh_cmd .= " -w " . \Froxlor\Froxlor::getInstallDir();
+				$acmesh_cmd .= " -w " . Settings::Get('system.letsencryptchallengepath');
 			}
 			if (Settings::Get('system.leecc') > 0) {
 				$acmesh_cmd .= " --keylength ec-" . Settings::Get('system.leecc');
@@ -282,8 +299,16 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 			if (Settings::Get('system.letsencryptreuseold') != '1') {
 				$acmesh_cmd .= " --always-force-new-domain-key";
 			}
+			if (Settings::Get('system.letsencryptca') == 'testing') {
+				$acmesh_cmd .= " --staging";
+			}
+			if ($force) {
+				$acmesh_cmd .= " --force";
+			}
 
 			$acme_result = \Froxlor\FileDir::safe_exec($acmesh_cmd);
+			// debug output of acme.sh run
+			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, implode("\n", $acme_result));
 
 			$return = array();
 			self::readCertificateToVar($certrow['domain'], $return);
@@ -292,29 +317,33 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 
 				$newcert = openssl_x509_parse($return['crt']);
 
-				// Store the new data
-				Database::pexecute(self::$updcert_stmt, array(
-					'id' => $certrow['id'],
-					'domainid' => $certrow['domainid'],
-					'crt' => $return['crt'],
-					'key' => $return['key'],
-					'ca' => $return['chain'],
-					'chain' => $return['chain'],
-					'csr' => $return['csr'],
-					'fullchain' => $return['fullchain'],
-					'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
-				));
-
-				if ($certrow['ssl_redirect'] == 3) {
-					Database::pexecute(self::$upddom_stmt, array(
-						'domainid' => $certrow['domainid']
+				if ($newcert) {
+					// Store the new data
+					Database::pexecute(self::$updcert_stmt, array(
+						'id' => $certrow['id'],
+						'domainid' => $certrow['domainid'],
+						'crt' => $return['crt'],
+						'key' => $return['key'],
+						'ca' => $return['chain'],
+						'chain' => $return['chain'],
+						'csr' => $return['csr'],
+						'fullchain' => $return['fullchain'],
+						'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
 					));
-				}
 
-				$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
-				$changedetected = 1;
+					if ($certrow['ssl_redirect'] == 3) {
+						Database::pexecute(self::$upddom_stmt, array(
+							'domainid' => $certrow['domainid']
+						));
+					}
+
+					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
+					$changedetected = 1;
+				} else {
+					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Got non-successful Let's Encrypt response for " . $certrow['domain'] . ":\n" . implode("\n", $acme_result));
+				}
 			} else {
-				$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ":\n" . implode("\n", $acme_result));
+				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ":\n" . implode("\n", $acme_result));
 			}
 		}
 	}
@@ -339,7 +368,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 	private static function checkInstall()
 	{
 		if (! file_exists(self::$acmesh)) {
-			FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Could not find acme.sh - installing it to /root/.acme.sh/");
+			FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Could not find acme.sh - installing it to /root/.acme.sh/");
 			$return = false;
 			\Froxlor\FileDir::safe_exec("wget -O - https://get.acme.sh | sh", $return, array(
 				'|'
@@ -350,6 +379,6 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 	private static function checkUpgrade()
 	{
 		$acmesh_result = \Froxlor\FileDir::safe_exec(self::$acmesh . " --upgrade");
-		FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, "Checking for LetsEncrypt client upgrades before renewing certificates:\n" . implode("\n", $acmesh_result));
+		FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Checking for LetsEncrypt client upgrades before renewing certificates:\n" . implode("\n", $acmesh_result));
 	}
 }

lib/Froxlor/Cron/Http/Lighttpd.php

@@ -3,7 +3,6 @@ namespace Froxlor\Cron\Http;
 
 use Froxlor\Database\Database;
 use Froxlor\Settings;
-use Froxlor\Cron\Http\Php\Fpm;
 use Froxlor\Cron\Http\Php\PhpInterface;
 
 /**
@@ -45,30 +44,6 @@ class Lighttpd extends HttpConfigBase
 	 */
 	private $deactivated = false;
 
-	public function reload()
-	{
-		if ((int) Settings::Get('phpfpm.enabled') == 1) {
-			// get all start/stop commands
-			$startstop_sel = Database::prepare("SELECT reload_cmd, config_dir FROM `" . TABLE_PANEL_FPMDAEMONS . "`");
-			Database::pexecute($startstop_sel);
-			$restart_cmds = $startstop_sel->fetchAll(\PDO::FETCH_ASSOC);
-			// restart all php-fpm instances
-			foreach ($restart_cmds as $restart_cmd) {
-				// check whether the config dir is empty (no domains uses this daemon)
-				// so we need to create a dummy
-				$_conffiles = glob(\Froxlor\FileDir::makeCorrectFile($restart_cmd['config_dir'] . "/*.conf"));
-				if ($_conffiles === false || empty($_conffiles)) {
-					$this->logger->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, 'lighttpd::reload: fpm config directory "' . $restart_cmd['config_dir'] . '" is empty. Creating dummy.');
-					Fpm::createDummyPool($restart_cmd['config_dir']);
-				}
-				$this->logger->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, 'lighttpd::reload: running ' . $restart_cmd['reload_cmd']);
-				\Froxlor\FileDir::safe_exec(escapeshellcmd($restart_cmd['reload_cmd']));
-			}
-		}
-		$this->logger->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, 'lighttpd::reload: reloading lighttpd');
-		\Froxlor\FileDir::safe_exec(escapeshellcmd(Settings::Get('system.apachereload_command')));
-	}
-
 	public function createIpPort()
 	{
 		$result_ipsandports_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC");
@@ -316,7 +291,7 @@ class Lighttpd extends HttpConfigBase
 			}
 
 			$defhandler = Settings::Get('defaultwebsrverrhandler.err404');
-			if (! \Froxlor\Validate\Form\Data::validateUrl($defhandler)) {
+			if (! \Froxlor\Validate\Validate::validateUrl($defhandler)) {
 				$defhandler = \Froxlor\FileDir::makeCorrectFile($defhandler);
 			}
 			$this->lighttpd_data[$vhost_filename] = 'server.error-handler-404 = "' . $defhandler . '"';
@@ -396,6 +371,7 @@ class Lighttpd extends HttpConfigBase
 	protected function createLighttpdHosts($ipid, $ssl, $vhost_filename)
 	{
 		$domains = WebserverBase::getVhostsToCreate();
+		$included_vhosts = array();
 		foreach ($domains as $domain) {
 
 			if (is_dir(Settings::Get('system.apacheconf_vhost'))) {
@@ -475,7 +451,7 @@ class Lighttpd extends HttpConfigBase
 				'domainid' => $domain['id']
 			));
 
-			if ($ssldestport['port'] != '') {
+			if ($ssldestport && $ssldestport['port'] != '') {
 				$_sslport = ":" . $ssldestport['port'];
 			}
 
@@ -707,7 +683,7 @@ class Lighttpd extends HttpConfigBase
 
 			if (! empty($row['error404path'])) {
 				$defhandler = $row['error404path'];
-				if (! \Froxlor\Validate\Form\Data::validateUrl($defhandler)) {
+				if (! \Froxlor\Validate\Validate::validateUrl($defhandler)) {
 					$defhandler = \Froxlor\FileDir::makeCorrectFile($domain['documentroot'] . '/' . $defhandler);
 				}
 				$error_string .= '  server.error-handler-404 = "' . $defhandler . '"' . "\n\n";
@@ -765,23 +741,21 @@ class Lighttpd extends HttpConfigBase
 		));
 
 		while ($row_htpasswds = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
-			if ($auth_backend_loaded[$domain['ipandport']] != 'yes' && $auth_backend_loaded[$domain['ssl_ipandport']] != 'yes') {
+			if ($this->auth_backend_loaded[$domain['ipandport']] != 'yes' && $this->auth_backend_loaded[$domain['ssl_ipandport']] != 'yes') {
 				$filename = $domain['customerid'] . '.htpasswd';
 
 				if ($this->auth_backend_loaded[$domain['ipandport']] != 'yes') {
-					$auth_backend_loaded[$domain['ipandport']] = 'yes';
+					$this->auth_backend_loaded[$domain['ipandport']] = 'yes';
 					$diroption_text .= 'auth.backend = "htpasswd"' . "\n";
 					$diroption_text .= 'auth.backend.htpasswd.userfile = "' . \Froxlor\FileDir::makeCorrectFile(Settings::Get('system.apacheconf_htpasswddir') . '/' . $filename) . '"' . "\n";
 					$this->needed_htpasswds[$filename] = $row_htpasswds['username'] . ':' . $row_htpasswds['password'] . "\n";
 					$diroption_text .= 'auth.require = ( ' . "\n";
-					$previous_domain_id = '1';
 				} elseif ($this->auth_backend_loaded[$domain['ssl_ipandport']] != 'yes') {
-					$auth_backend_loaded[$domain['ssl_ipandport']] = 'yes';
+					$this->auth_backend_loaded[$domain['ssl_ipandport']] = 'yes';
 					$diroption_text .= 'auth.backend= "htpasswd"' . "\n";
 					$diroption_text .= 'auth.backend.htpasswd.userfile = "' . \Froxlor\FileDir::makeCorrectFile(Settings::Get('system.apacheconf_htpasswddir') . '/' . $filename) . '"' . "\n";
 					$this->needed_htpasswds[$filename] = $row_htpasswds['username'] . ':' . $row_htpasswds['password'] . "\n";
 					$diroption_text .= 'auth.require = ( ' . "\n";
-					$previous_domain_id = '1';
 				}
 			}
 

lib/Froxlor/Cron/Http/Nginx.php

@@ -3,7 +3,6 @@ namespace Froxlor\Cron\Http;
 
 use Froxlor\Database\Database;
 use Froxlor\Settings;
-use Froxlor\Cron\Http\Php\Fpm;
 use Froxlor\Cron\Http\Php\PhpInterface;
 
 /**
@@ -55,39 +54,6 @@ class Nginx extends HttpConfigBase
 		$this->nginx_server = $nginx_server;
 	}
 
-	public function reload()
-	{
-		if ((int) Settings::Get('phpfpm.enabled') == 1) {
-			// get all start/stop commands
-			$startstop_sel = Database::prepare("SELECT reload_cmd, config_dir FROM `" . TABLE_PANEL_FPMDAEMONS . "`");
-			Database::pexecute($startstop_sel);
-			$restart_cmds = $startstop_sel->fetchAll(\PDO::FETCH_ASSOC);
-			// restart all php-fpm instances
-			foreach ($restart_cmds as $restart_cmd) {
-				// check whether the config dir is empty (no domains uses this daemon)
-				// so we need to create a dummy
-				$_conffiles = glob(\Froxlor\FileDir::makeCorrectFile($restart_cmd['config_dir'] . "/*.conf"));
-				if ($_conffiles === false || empty($_conffiles)) {
-					\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, 'nginx::reload: fpm config directory "' . $restart_cmd['config_dir'] . '" is empty. Creating dummy.');
-					Fpm::createDummyPool($restart_cmd['config_dir']);
-				}
-				\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, 'nginx::reload: running ' . $restart_cmd['reload_cmd']);
-				\Froxlor\FileDir::safe_exec(escapeshellcmd($restart_cmd['reload_cmd']));
-			}
-		}
-
-		\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, 'nginx::reload: reloading nginx');
-		\Froxlor\FileDir::safe_exec(Settings::Get('system.apachereload_command'));
-
-		/**
-		 * nginx does not auto-spawn fcgi-processes
-		 */
-		if (Settings::Get('system.phpreload_command') != '' && (int) Settings::Get('phpfpm.enabled') == 0) {
-			\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, 'nginx::reload: restarting php processes');
-			\Froxlor\FileDir::safe_exec(Settings::Get('system.phpreload_command'));
-		}
-	}
-
 	private function createLogformatEntry()
 	{
 		if (Settings::Get('system.logfiles_format') != '') {
@@ -137,7 +103,7 @@ class Nginx extends HttpConfigBase
 			foreach ($statusCodes as $statusCode) {
 				if (Settings::Get('defaultwebsrverrhandler.err' . $statusCode) != '') {
 					$defhandler = Settings::Get('defaultwebsrverrhandler.err' . $statusCode);
-					if (! \Froxlor\Validate\Form\Data::validateUrl($defhandler)) {
+					if (! \Froxlor\Validate\Validate::validateUrl($defhandler)) {
 						$defhandler = \Froxlor\FileDir::makeCorrectFile($defhandler);
 					}
 					$this->nginx_data[$vhosts_filename] .= 'error_page ' . $statusCode . ' ' . $defhandler . ';' . "\n";
@@ -250,7 +216,7 @@ class Nginx extends HttpConfigBase
 
 				$aliases = "";
 				$froxlor_aliases = Settings::Get('system.froxloraliases');
-				if (!empty($froxlor_aliases)) {
+				if (! empty($froxlor_aliases)) {
 					$froxlor_aliases = explode(",", $froxlor_aliases);
 					foreach ($froxlor_aliases as $falias) {
 						if (\Froxlor\Validate\Validate::validateDomain(trim($falias))) {
@@ -278,7 +244,7 @@ class Nginx extends HttpConfigBase
 						$is_redirect = false;
 					} else {
 						$_sslport = $this->checkAlternativeSslPort();
-						$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
+						$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport;
 						$this->nginx_data[$vhost_filename] .= "\t" . 'location / {' . "\n";
 						$this->nginx_data[$vhost_filename] .= "\t\t" . 'return 301 ' . $mypath . '$request_uri;' . "\n";
 						$this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
@@ -313,7 +279,7 @@ class Nginx extends HttpConfigBase
 					$this->nginx_data[$vhost_filename] .= "\tlocation ~ \.php {\n";
 					$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_split_path_info ^(.+\.php)(/.+)\$;\n";
 					$this->nginx_data[$vhost_filename] .= "\t\tinclude " . Settings::Get('nginx.fastcgiparams') . ";\n";
-					$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;\n";
+					$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param SCRIPT_FILENAME \$request_filename;\n";
 					$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n";
 					$this->nginx_data[$vhost_filename] .= "\t\ttry_files \$fastcgi_script_name =404;\n";
 
@@ -510,7 +476,7 @@ class Nginx extends HttpConfigBase
 				'domainid' => $domain['id']
 			));
 
-			if ($ssldestport['port'] != '') {
+			if ($ssldestport && $ssldestport['port'] != '') {
 				$_sslport = ":" . $ssldestport['port'];
 			}
 
@@ -574,26 +540,38 @@ class Nginx extends HttpConfigBase
 		return $vhost_content;
 	}
 
+	private function cleanVhostStruct($vhost = null)
+	{
+		// Remove windows linebreaks
+		$vhost = str_replace("\r", "\n", $vhost);
+		// Break blocks into lines
+		$vhost = str_replace(array(
+			"{",
+			"}"
+		), array(
+			" {\n",
+			"\n}"
+		), $vhost);
+		// Break into array items
+		$vhost = explode("\n", preg_replace('/[ \t]+/', ' ', trim(preg_replace('/\t+/', '', $vhost))));
+		// Remove empty lines
+		$vhost = array_filter($vhost, function ($a) {
+			return preg_match("#\S#", $a);
+		});
+
+		// remove unnecessary whitespaces
+		$vhost = array_map("trim", $vhost);
+		// re-number array keys
+		$vhost = array_values($vhost);
+		return $vhost;
+	}
+
 	protected function mergeVhostCustom($vhost_frx, $vhost_usr)
 	{
 		// Clean froxlor defined settings
-		$vhost_frx = explode("\n", preg_replace('/[ \t]+/', ' ', trim(preg_replace('/\t+/', '', $vhost_frx)))); // Break into array items
-		$vhost_frx = array_map("trim", $vhost_frx); // remove unnecessary whitespaces
-
+		$vhost_frx = $this->cleanVhostStruct($vhost_frx);
 		// Clean user defined settings
-		$vhost_usr = str_replace("\r", "\n", $vhost_usr); // Remove windows linebreaks
-		$vhost_usr = str_replace(array(
-			"{ ",
-			" }"
-		), array(
-			"{\n",
-			"\n}"
-		), $vhost_usr); // Break blocks into lines
-		$vhost_usr = explode("\n", preg_replace('/[ \t]+/', ' ', trim(preg_replace('/\t+/', '', $vhost_usr)))); // Break into array items
-		// Remove empty lines
-		$vhost_usr = array_filter($vhost_usr, function ($a) {
-			return preg_match("#\S#", $a);
-		});
+		$vhost_usr = $this->cleanVhostStruct($vhost_usr);
 
 		// Cycle through the user defined settings
 		$currentBlock = array();
@@ -693,8 +671,13 @@ class Nginx extends HttpConfigBase
 					}
 					$sslsettings .= 'ssl_dhparam ' . $dhparams . ';' . "\n";
 				}
-				$sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n";
+				// When <1.11.0: Defaults to prime256v1, similar to first curve recommendation by Mozilla.
+				// (When specifyng just one, there's no fallback when specific curve is not supported by client.)
+				// When >1.11.0: Defaults to auto, using recommended curves provided by OpenSSL.
+				// see https://github.com/Froxlor/Froxlor/issues/652
+				//$sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n";
 				$sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n";
+				$sslsettings .= "\t" . 'ssl_session_cache shared:SSL:10m;' . "\n";
 				$sslsettings .= "\t" . 'ssl_certificate ' . \Froxlor\FileDir::makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n";
 
 				if ($domain_or_ip['ssl_key_file'] != '') {
@@ -745,7 +728,7 @@ class Nginx extends HttpConfigBase
 		while ($row = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
 			if (! empty($row['error404path'])) {
 				$defhandler = $row['error404path'];
-				if (! \Froxlor\Validate\Form\Data::validateUrl($defhandler)) {
+				if (! \Froxlor\Validate\Validate::validateUrl($defhandler)) {
 					$defhandler = \Froxlor\FileDir::makeCorrectFile($defhandler);
 				}
 				$path_options .= "\t" . 'error_page   404    ' . $defhandler . ';' . "\n";
@@ -753,7 +736,7 @@ class Nginx extends HttpConfigBase
 
 			if (! empty($row['error403path'])) {
 				$defhandler = $row['error403path'];
-				if (! \Froxlor\Validate\Form\Data::validateUrl($defhandler)) {
+				if (! \Froxlor\Validate\Validate::validateUrl($defhandler)) {
 					$defhandler = \Froxlor\FileDir::makeCorrectFile($defhandler);
 				}
 				$path_options .= "\t" . 'error_page   403    ' . $defhandler . ';' . "\n";
@@ -761,7 +744,7 @@ class Nginx extends HttpConfigBase
 
 			if (! empty($row['error500path'])) {
 				$defhandler = $row['error500path'];
-				if (! \Froxlor\Validate\Form\Data::validateUrl($defhandler)) {
+				if (! \Froxlor\Validate\Validate::validateUrl($defhandler)) {
 					$defhandler = \Froxlor\FileDir::makeCorrectFile($defhandler);
 				}
 				$path_options .= "\t" . 'error_page   500 502 503 504    ' . $defhandler . ';' . "\n";
@@ -911,6 +894,7 @@ class Nginx extends HttpConfigBase
 					$path = \Froxlor\FileDir::makeCorrectDir(substr($row_htpasswds['path'], strlen($domain['documentroot']) - 1));
 				} else {
 					// if the website contents is located in a subdirectory of the user
+					$matches = array();
 					preg_match('/^([\/[:print:]]*\/)([[:print:]\/]+){1}$/i', $row_htpasswds['path'], $matches);
 					$path = \Froxlor\FileDir::makeCorrectDir(substr($row_htpasswds['path'], strlen($matches[1]) - 1));
 				}
@@ -951,7 +935,7 @@ class Nginx extends HttpConfigBase
 			$phpopts .= "\tlocation @php {\n";
 			$phpopts .= "\t\tfastcgi_split_path_info ^(.+\.php)(/.+)\$;\n";
 			$phpopts .= "\t\tinclude " . Settings::Get('nginx.fastcgiparams') . ";\n";
-			$phpopts .= "\t\tfastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;\n";
+			$phpopts .= "\t\tfastcgi_param SCRIPT_FILENAME \$request_filename;\n";
 			$phpopts .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n";
 			$phpopts .= "\t\ttry_files \$fastcgi_script_name =404;\n";
 			$phpopts .= "\t\tfastcgi_pass " . Settings::Get('system.nginx_php_backend') . ";\n";

lib/Froxlor/Cron/Http/NginxFcgi.php

@@ -35,10 +35,10 @@ class NginxFcgi extends Nginx
 			$php_options_text .= "\t" . '}' . "\n\n";
 
 			$php_options_text .= "\t" . 'location @php {' . "\n";
-			$php_options_text .= "\t\t" . 'try_files $1 = 404;' . "\n\n";
+			$php_options_text .= "\t\t" . 'try_files $1 =404;' . "\n\n";
 			$php_options_text .= "\t\t" . 'include ' . Settings::Get('nginx.fastcgiparams') . ";\n";
 			$php_options_text .= "\t\t" . 'fastcgi_split_path_info ^(.+\.php)(/.+)\$;' . "\n";
-			$php_options_text .= "\t\t" . 'fastcgi_param SCRIPT_FILENAME $document_root$1;' . "\n";
+			$php_options_text .= "\t\t" . 'fastcgi_param SCRIPT_FILENAME $request_filename;' . "\n";
 			$php_options_text .= "\t\t" . 'fastcgi_param PATH_INFO $2;' . "\n";
 			if ($domain['ssl'] == '1' && $ssl_vhost) {
 				$php_options_text .= "\t\t" . 'fastcgi_param HTTPS on;' . "\n";

lib/Froxlor/Cron/MasterCron.php

@@ -44,8 +44,9 @@ class MasterCron extends \Froxlor\Cron\FroxlorCron
 			echo "Below are possible parameters for this file\n\n";
 			echo "--[cronname]\t\tincludes the given cron-file\n";
 			echo "--force\t\t\tforces re-generating of config-files (webserver, nameserver, etc.)\n";
+			echo "--run-task\t\trun a specific task [1 = re-generate configs, 4 = re-generate dns zones, 10 = re-set quotas, 99 = re-create cron.d-file]\n";
 			echo "--debug\t\t\toutput debug information about what is going on to STDOUT.\n";
-			echo "--no-fork\t\t\tdo not fork to backkground (traffic cron only).\n\n";
+			echo "--no-fork\t\tdo not fork to backkground (traffic cron only).\n\n";
 		}
 
 		/**
@@ -70,10 +71,19 @@ class MasterCron extends \Froxlor\Cron\FroxlorCron
 					// also regenerate cron.d-file
 					\Froxlor\System\Cronjob::inserttask('99');
 					array_push($jobs_to_run, 'tasks');
+					define('CRON_IS_FORCED', 1);
 				} elseif (strtolower($argv[$x]) == '--debug') {
 					define('CRON_DEBUG_FLAG', 1);
 				} elseif (strtolower($argv[$x]) == '--no-fork') {
 					define('CRON_NOFORK_FLAG', 1);
+				} elseif (strtolower($argv[$x]) == '--run-task') {
+					if (isset($argv[$x+1]) && in_array($argv[$x+1], [1,4,10,99])) {
+						\Froxlor\System\Cronjob::inserttask($argv[$x+1]);
+						array_push($jobs_to_run, 'tasks');
+					} else {
+						echo "Invalid argument for --run-task\n";
+						exit;
+					}
 				} elseif (substr(strtolower($argv[$x]), 0, 2) == '--') {
 					// --[cronname]
 					if (strlen($argv[$x]) > 3) {
@@ -90,34 +100,18 @@ class MasterCron extends \Froxlor\Cron\FroxlorCron
 
 		$tasks_cnt_stmt = \Froxlor\Database\Database::query("SELECT COUNT(*) as jobcnt FROM `panel_tasks`");
 		$tasks_cnt = $tasks_cnt_stmt->fetch(\PDO::FETCH_ASSOC);
-		
+
 		// do we have anything to include?
 		if (count($jobs_to_run) > 0) {
 			// include all jobs we want to execute
 			foreach ($jobs_to_run as $cron) {
-				self::updateLastRunOfCron($cron);
+				\Froxlor\System\Cronjob::updateLastRunOfCron($cron);
 				$cronfile = self::getCronModule($cron);
 				if ($cronfile && class_exists($cronfile)) {
 					$cronfile::run();
 				}
 			}
-
-			if ($tasks_cnt['jobcnt'] > 0) {
-				if (\Froxlor\Settings::Get('system.nssextrausers') == 1) {
-					\Froxlor\Cron\System\Extrausers::generateFiles(self::$cronlog);
-				}
-
-				// clear NSCD cache if using fcgid or fpm, #1570
-				if (\Froxlor\Settings::Get('system.mod_fcgid') == 1 || (int) \Froxlor\Settings::Get('phpfpm.enabled') == 1) {
-					$false_val = false;
-					\Froxlor\FileDir::safe_exec('nscd -i passwd 1> /dev/null', $false_val, array(
-						'>'
-					));
-					\Froxlor\FileDir::safe_exec('nscd -i group 1> /dev/null', $false_val, array(
-						'>'
-					));
-				}
-			}
+			self::refreshUsers($tasks_cnt['jobcnt']);
 		}
 
 		/**
@@ -132,6 +126,26 @@ class MasterCron extends \Froxlor\Cron\FroxlorCron
 		self::shutdown();
 	}
 
+	private static function refreshUsers($jobcount = 0)
+	{
+		if ($jobcount > 0) {
+			if (\Froxlor\Settings::Get('system.nssextrausers') == 1) {
+				\Froxlor\Cron\System\Extrausers::generateFiles(self::$cronlog);
+			}
+
+			// clear NSCD cache if using fcgid or fpm, #1570 - not needed for nss-extrausers
+			if ((\Froxlor\Settings::Get('system.mod_fcgid') == 1 || (int) \Froxlor\Settings::Get('phpfpm.enabled') == 1) && \Froxlor\Settings::Get('system.nssextrausers') == 0) {
+				$false_val = false;
+				\Froxlor\FileDir::safe_exec('nscd -i passwd 1> /dev/null', $false_val, array(
+					'>'
+				));
+				\Froxlor\FileDir::safe_exec('nscd -i group 1> /dev/null', $false_val, array(
+					'>'
+				));
+			}
+		}
+	}
+
 	private static function init()
 	{
 		if (@php_sapi_name() != 'cli' && @php_sapi_name() != 'cgi' && @php_sapi_name() != 'cgi-fcgi') {
@@ -335,16 +349,6 @@ class MasterCron extends \Froxlor\Cron\FroxlorCron
 		}
 	}
 
-	private static function updateLastRunOfCron($cronname)
-	{
-		$upd_stmt = Database::prepare("
-			UPDATE `" . TABLE_PANEL_CRONRUNS . "` SET `lastrun` = UNIX_TIMESTAMP() WHERE `cronfile` = :cron;
-		");
-		Database::pexecute($upd_stmt, array(
-			'cron' => $cronname
-		));
-	}
-
 	private static function getCronModule($cronname)
 	{
 		$upd_stmt = Database::prepare("

lib/Froxlor/Cron/System/MailboxsizeCron.php

@@ -38,26 +38,45 @@ class MailboxsizeCron extends \Froxlor\Cron\FroxlorCron
 			$_maildir = \Froxlor\FileDir::makeCorrectDir($maildir['maildirpath']);
 
 			if (file_exists($_maildir) && is_dir($_maildir)) {
-				// mail-address allows many special characters, see http://en.wikipedia.org/wiki/Email_address#Local_part
-				$return = false;
-				$back = \Froxlor\FileDir::safe_exec('du -sk ' . escapeshellarg($_maildir), $return, array(
-					'|',
-					'&',
-					'`',
-					'$',
-					'~',
-					'?'
-				));
-				foreach ($back as $backrow) {
-					$emailusage = explode(' ', $backrow);
+				$maildirsize = \Froxlor\FileDir::makeCorrectFile($_maildir . '/maildirsize');
+				
+				// When quota is enabled and maildirsize file exists, use that to calculate size
+				if (\Froxlor\Settings::Get('system.mail_quota_enabled') == 1 && file_exists($maildirsize)) {
+					\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'found maildirsize file in ' . $_maildir);
+					$file = file($maildirsize, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
+					// Remove header
+					array_shift($file);
+					$emailusage = 0;
+					// Sum up all the changes (line 2 -> end)
+					foreach ($file as $line) {
+						$parts = explode(' ', $line);
+						if (!empty($parts[0])) {
+							$emailusage += floatval($parts[0]);
+						}
+					}
+				} else {
+					// if quota is disabled or maildirsize file does not exist, compute with du
+					// mail-address allows many special characters, see http://en.wikipedia.org/wiki/Email_address#Local_part
+					$return = false;
+					$back = \Froxlor\FileDir::safe_exec('du -sk ' . escapeshellarg($_maildir), $return, array(
+						'|',
+						'&',
+						'`',
+						'$',
+						'~',
+						'?'
+					));
+					foreach ($back as $backrow) {
+						$emailusage = explode(' ', $backrow);
+					}
+					$emailusage = floatval($emailusage['0']);
+
+					// as freebsd does not have the -b flag for 'du' which gives
+					// the size in bytes, we use "-sk" for all and calculate from KiB
+					$emailusage *= 1024;
+
+					unset($back);
 				}
-				$emailusage = floatval($emailusage['0']);
-
-				// as freebsd does not have the -b flag for 'du' which gives
-				// the size in bytes, we use "-sk" for all and calculate from KiB
-				$emailusage *= 1024;
-
-				unset($back);
 				\Froxlor\Database\Database::pexecute($upd_stmt, array(
 					'size' => $emailusage,
 					'id' => $maildir['id']

lib/Froxlor/Cron/System/TasksCron.php

@@ -92,6 +92,12 @@ class TasksCron extends \Froxlor\Cron\FroxlorCron
 				 */
 				\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_NOTICE, "Removing PowerDNS entries for domain " . $row['data']['domain']);
 				\Froxlor\Dns\PowerDNS::cleanDomainZone($row['data']['domain']);
+			} elseif ($row['type'] == '12') {
+				/**
+				 * TYPE=12 domain has been deleted, remove from acme.sh/let's encrypt directory if used
+				 */
+				\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_NOTICE, "Removing Let's Encrypt entries for domain " . $row['data']['domain']);
+				\Froxlor\Domain\Domain::doLetsEncryptCleanUp($row['data']['domain']);
 			}
 		}
 
@@ -139,6 +145,7 @@ class TasksCron extends \Froxlor\Cron\FroxlorCron
 		$webserver = new $websrv();
 
 		if (isset($webserver)) {
+			$webserver->init();
 			$webserver->createIpPort();
 			$webserver->createVirtualHosts();
 			$webserver->createFileDirOptions();
@@ -231,8 +238,8 @@ class TasksCron extends \Froxlor\Cron\FroxlorCron
 				Extrausers::generateFiles($extrausers_log);
 			}
 
-			// clear NSCD cache if using fcgid or fpm, #1570
-			if (Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) {
+			// clear NSCD cache if using fcgid or fpm, #1570 - not needed for nss-extrausers
+			if ((Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) && Settings::Get('system.nssextrausers') == 0) {
 				$false_val = false;
 				\Froxlor\FileDir::safe_exec('nscd -i passwd 1> /dev/null', $false_val, array(
 					'>'

lib/Froxlor/Database/Database.php

@@ -183,6 +183,21 @@ class Database
 		return $return;
 	}
 
+	/**
+	 * return number of characters that are allowed to use as username
+	 *
+	 * @return int
+	 */
+	public static function getSqlUsernameLength()
+	{
+		// MySQL user names can be up to 32 characters long (16 characters before MySQL 5.7.8).
+		$mysql_max = 32;
+		if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '5.7.8', '<')) {
+			$mysql_max = 16;
+		}
+		return $mysql_max;
+	}
+
 	/**
 	 * let's us interact with the PDO-Object by using static
 	 * call like "Database::function()"

lib/Froxlor/Database/Manager/DbManagerMySQL.php

@@ -82,9 +82,11 @@ class DbManagerMySQL
 			if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '8.0.11', '>=')) {
 				// create user
 				$stmt = Database::prepare("
-					CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED BY 'password'
+					CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED BY :password
 				");
-				Database::pexecute($stmt);
+				Database::pexecute($stmt, array(
+					"password" => $password
+				));
 				// grant privileges
 				$stmt = Database::prepare("
 					GRANT ALL ON `" . $username . "`.* TO :username@:host
@@ -96,29 +98,31 @@ class DbManagerMySQL
 			} else {
 				// grant privileges
 				$stmt = Database::prepare("
-					GRANT ALL PRIVILEGES ON `" . $username . "`.* TO :username@:host IDENTIFIED BY 'password'
+					GRANT ALL PRIVILEGES ON `" . $username . "`.* TO :username@:host IDENTIFIED BY :password
 				");
 				Database::pexecute($stmt, array(
 					"username" => $username,
-					"host" => $access_host
+					"host" => $access_host,
+					"password" => $password
 				));
 			}
-		}
-		// set passoword
-		if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '5.7.6', '<')) {
-			if ($p_encrypted) {
-				$stmt = Database::prepare("SET PASSWORD FOR :username@:host = :password");
-			} else {
-				$stmt = Database::prepare("SET PASSWORD FOR :username@:host = PASSWORD(:password)");
-			}
 		} else {
-			$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED BY :password");
+			// set passoword
+			if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '5.7.6', '<')) {
+				if ($p_encrypted) {
+					$stmt = Database::prepare("SET PASSWORD FOR :username@:host = :password");
+				} else {
+					$stmt = Database::prepare("SET PASSWORD FOR :username@:host = PASSWORD(:password)");
+				}
+			} else {
+				$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED BY :password");
+			}
+			Database::pexecute($stmt, array(
+				"username" => $username,
+				"host" => $access_host,
+				"password" => $password
+			));
 		}
-		Database::pexecute($stmt, array(
-			"username" => $username,
-			"host" => $access_host,
-			"password" => $password
-		));
 	}
 
 	/**
@@ -142,7 +146,11 @@ class DbManagerMySQL
 		));
 
 		// as of MySQL 5.0.2 this also revokes privileges. (requires MySQL 4.1.2+)
-		$drop_stmt = Database::prepare("DROP USER IF EXISTS :dbname@:host");
+		if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '5.7.0', '<')) {
+			$drop_stmt = Database::prepare("DROP USER :dbname@:host");
+		} else {
+			$drop_stmt = Database::prepare("DROP USER IF EXISTS :dbname@:host");
+		}
 		while ($host = $host_res_stmt->fetch(\PDO::FETCH_ASSOC)) {
 			Database::pexecute($drop_stmt, array(
 				'dbname' => $dbname,
@@ -150,6 +158,7 @@ class DbManagerMySQL
 			), false);
 		}
 
+		
 		$drop_stmt = Database::prepare("DROP DATABASE IF EXISTS `" . $dbname . "`");
 		Database::pexecute($drop_stmt);
 	}
@@ -168,7 +177,11 @@ class DbManagerMySQL
 			Database::pexecute($stmt);
 		}
 		// as of MySQL 5.0.2 this also revokes privileges. (requires MySQL 4.1.2+)
-		$stmt = Database::prepare("DROP USER :username@:host");
+		if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '5.7.0', '<')) {
+			$stmt = Database::prepare("DROP USER :username@:host");
+		} else {
+			$stmt = Database::prepare("DROP USER IF EXISTS :username@:host");
+		}
 		Database::pexecute($stmt, array(
 			"username" => $username,
 			"host" => $host

lib/Froxlor/Dns/Dns.php

@@ -130,6 +130,12 @@ class Dns
 			}
 		}
 
+		// additional required records for CAA if activated
+		if (Settings::Get('system.dns_createcaaentry') && Settings::Get('system.use_ssl') == "1" && !empty($domain['p_ssl_ipandports'])) {
+			// check for CAA content later
+			self::addRequiredEntry('@CAA@', 'CAA', $required_entries);
+		}
+
 		// additional required records for SPF and DKIM if activated
 		if ($domain['isemaildomain'] == '1') {
 			if (Settings::Get('spf.use_spf') == '1') {
@@ -150,6 +156,10 @@ class Dns
 			if (array_key_exists($entry['type'], $required_entries) && array_key_exists(md5($entry['record']), $required_entries[$entry['type']])) {
 				unset($required_entries[$entry['type']][md5($entry['record'])]);
 			}
+			if (Settings::Get('system.dns_createcaaentry') == '1' && $entry['type'] == 'CAA' && strtolower(substr($entry['content'], 0, 7)) == '"v=caa1') {
+				// unset special CAA required-entry
+				unset($required_entries[$entry['type']][md5("@CAA@")]);
+			}
 			if (Settings::Get('spf.use_spf') == '1' && $entry['type'] == 'TXT' && $entry['record'] == '@' && strtolower(substr($entry['content'], 0, 7)) == '"v=spf1') {
 				// unset special spf required-entry
 				unset($required_entries[$entry['type']][md5("@SPF@")]);
@@ -278,6 +288,31 @@ class Dns
 					}
 				}
 			}
+
+			// CAA
+			if (array_key_exists("CAA", $required_entries)) {
+				foreach ($required_entries as $type => $records) {
+					if ($type == 'CAA') {
+						foreach ($records as $record) {
+							if ($record == '@CAA@') {
+								$caa_entries = explode(PHP_EOL, Settings::Get('caa.caa_entry'));
+								if ($domain['letsencrypt'] == 1) {
+									$le_entry = $domain['iswildcarddomain'] == '1' ? '0 issuewild "letsencrypt.org"' : '0 issue "letsencrypt.org"';
+									array_push($caa_entries, $le_entry);
+								}
+
+								foreach ($caa_entries as $entry) {
+									$zonerecords[] = new DnsEntry('@', 'CAA', $entry);
+									// additional required records by subdomain setting
+									if ($domain['wwwserveralias'] == '1') {
+										$zonerecords[] = new DnsEntry('www', 'CAA', $entry);
+									}
+								}
+							}
+						}
+					}
+				}
+			}
 		}
 
 		if (empty($primary_ns)) {

lib/Froxlor/Domain/Domain.php

@@ -291,6 +291,30 @@ class Domain
 		}
 	}
 
+	public static function doLetsEncryptCleanUp($domainname = null)
+	{
+		// @ see \Froxlor\Cron\Http\LetsEncrypt\AcmeSh.php
+		$acmesh = "/root/.acme.sh/acme.sh";
+		if (file_exists($acmesh)) {
+			$certificate_folder = dirname($acmesh) . "/" . $domainname;
+			if (\Froxlor\Settings::Get('system.leecc') > 0) {
+				$certificate_folder .= "_ecc";
+			}
+			$certificate_folder = \Froxlor\FileDir::makeCorrectDir($certificate_folder);
+			if (file_exists($certificate_folder)) {
+				$params = " --remove -d " . $domainname;
+				if (\Froxlor\Settings::Get('system.leecc') > 0) {
+					$params .= " --ecc";
+				}
+				// run remove command
+				\Froxlor\FileDir::safe_exec($acmesh . $params);
+				// remove certificates directory
+				@unlink($certificate_folder);
+			}
+		}
+		return true;
+	}
+
 	/**
 	 * checks give path for security issues
 	 * and returns a string that can be appended

lib/Froxlor/FileDir.php

@@ -217,7 +217,7 @@ class FileDir
 					'ADMIN_EMAIL' => $template['admin_email']
 				);
 
-				// @fixme replaceVariables
+				// replaceVariables
 				$htmlcontent = PhpHelper::replaceVariables($template['value'], $replace_arr);
 				$indexhtmlpath = self::makeCorrectFile($destination . '/index.' . Settings::Get('system.index_file_extension'));
 				$index_html_handler = fopen($indexhtmlpath, 'w');

lib/Froxlor/Froxlor.php

@@ -7,10 +7,10 @@ final class Froxlor
 {
 
 	// Main version variable
-	const VERSION = '0.10.0-rc2';
+	const VERSION = '0.10.1';
 
 	// Database version (YYYYMMDDC where C is a daily counter)
-	const DBVERSION = '201904250';
+	const DBVERSION = '201910090';
 
 	// Distribution branding-tag (used for Debian etc.)
 	const BRANDING = '';

lib/Froxlor/FroxlorLogger.php

@@ -40,6 +40,13 @@ class FroxlorLogger
 	 */
 	private static $userinfo = array();
 
+	/**
+	 * whether the logger object has already been initialized
+	 *
+	 * @var bool
+	 */
+	private static $is_initialized = false;
+
 	const USR_ACTION = '10';
 
 	const RES_ACTION = '20';
@@ -72,19 +79,22 @@ class FroxlorLogger
 			}
 		}
 
-		foreach (self::$logtypes as $logger) {
+		if (self::$is_initialized == false) {
+			foreach (self::$logtypes as $logger) {
 
-			switch ($logger) {
-				case 'syslog':
-					self::$ml->pushHandler(new SyslogHandler('froxlor', LOG_USER, Logger::DEBUG));
-					break;
-				case 'file':
-					self::$ml->pushHandler(new StreamHandler(Settings::Get('logger.logfile'), Logger::DEBUG));
-					break;
-				case 'mysql':
-					self::$ml->pushHandler(new MysqlHandler(Logger::DEBUG));
-					break;
+				switch ($logger) {
+					case 'syslog':
+						self::$ml->pushHandler(new SyslogHandler('froxlor', LOG_USER, Logger::DEBUG));
+						break;
+					case 'file':
+						self::$ml->pushHandler(new StreamHandler(Settings::Get('logger.logfile'), Logger::DEBUG));
+						break;
+					case 'mysql':
+						self::$ml->pushHandler(new MysqlHandler(Logger::DEBUG));
+						break;
+				}
 			}
+			self::$is_initialized = true;
 		}
 	}
 

lib/Froxlor/Http/HttpClient.php

@@ -11,7 +11,7 @@ class HttpClient
 	 *
 	 * @return array
 	 */
-	public static function urlGet($url, $follow_location = true)
+	public static function urlGet($url, $follow_location = true, $timeout = 10)
 	{
 		$ch = curl_init();
 		curl_setopt($ch, CURLOPT_URL, $url);
@@ -19,6 +19,7 @@ class HttpClient
 		if ($follow_location) {
 			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
 		}
+		curl_setopt($ch, CURLOPT_TIMEOUT, (int)$timeout);
 		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 		$output = curl_exec($ch);
 		if ($output === false) {

lib/Froxlor/Settings.php

@@ -263,6 +263,8 @@ class Settings
 		self::init();
 		// empty update array
 		self::$updatedata = array();
+		// re-read in all settings
+		return self::readSettings();
 	}
 
 	public static function loadSettingsInto(&$settings_data)

lib/Froxlor/Settings/Store.php

@@ -27,29 +27,58 @@ class Store
 		$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);
 
 		if ($returnvalue !== false && is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] == 'system' && isset($fielddata['varname']) && $fielddata['varname'] == 'defaultip') {
+			self::updateStdSubdomainDefaultIp($newfieldvalue, $defaultips_old);
+		}
 
-			$customerstddomains_result_stmt = Database::prepare("
-				SELECT `standardsubdomain` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `standardsubdomain` <> '0'
-			");
-			Database::pexecute($customerstddomains_result_stmt);
+		return $returnvalue;
+	}
 
-			$ids = array();
+	public static function storeSettingDefaultSslIp($fieldname, $fielddata, $newfieldvalue)
+	{
+		$defaultips_old = Settings::Get('system.defaultsslip');
 
-			while ($customerstddomains_row = $customerstddomains_result_stmt->fetch(\PDO::FETCH_ASSOC)) {
-				$ids[] = (int) $customerstddomains_row['standardsubdomain'];
+		$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);
+
+		if ($returnvalue !== false && is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] == 'system' && isset($fielddata['varname']) && $fielddata['varname'] == 'defaultsslip') {
+			self::updateStdSubdomainDefaultIp($newfieldvalue, $defaultips_old);
+		}
+
+		return $returnvalue;
+	}
+
+	private static function updateStdSubdomainDefaultIp($newfieldvalue, $defaultips_old)
+	{
+		// update standard-subdomain of customer if exists
+		$customerstddomains_result_stmt = Database::prepare("
+			SELECT `standardsubdomain` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `standardsubdomain` <> '0'
+		");
+		Database::pexecute($customerstddomains_result_stmt);
+
+		$ids = array();
+		while ($customerstddomains_row = $customerstddomains_result_stmt->fetch(\PDO::FETCH_ASSOC)) {
+			$ids[] = (int) $customerstddomains_row['standardsubdomain'];
+		}
+
+		if (count($ids) > 0) {
+			$defaultips_new = explode(',', $newfieldvalue);
+
+			if (! empty($defaultips_old) && ! empty($newfieldvalue)) {
+				$in_value = $defaultips_old . ", " . $newfieldvalue;
+			} elseif (! empty($defaultips_old) && empty($newfieldvalue)) {
+				$in_value = $defaultips_old;
+			} else {
+				$in_value = $newfieldvalue;
 			}
 
-			if (count($ids) > 0) {
-				$defaultips_new = explode(',', $newfieldvalue);
-
-				// Delete the existing mappings linking to default IPs
-				$del_stmt = Database::prepare("
-					DELETE FROM `" . TABLE_DOMAINTOIP . "`
-					WHERE `id_domain` IN (" . implode(', ', $ids) . ")
-					AND `id_ipandports` IN (" . $defaultips_old . ", " . $newfieldvalue . ")
-				");
-				Database::pexecute($del_stmt);
+			// Delete the existing mappings linking to default IPs
+			$del_stmt = Database::prepare("
+				DELETE FROM `" . TABLE_DOMAINTOIP . "`
+				WHERE `id_domain` IN (" . implode(', ', $ids) . ")
+				AND `id_ipandports` IN (" . $in_value . ")
+			");
+			Database::pexecute($del_stmt);
 
+			if (count($defaultips_new) > 0) {
 				// Insert the new mappings
 				$ins_stmt = Database::prepare("
 					INSERT INTO `" . TABLE_DOMAINTOIP . "`
@@ -66,68 +95,6 @@ class Store
 				}
 			}
 		}
-
-		return $returnvalue;
-	}
-
-	public static function storeSettingDefaultSslIp($fieldname, $fielddata, $newfieldvalue)
-	{
-		$defaultips_old = Settings::Get('system.defaultsslip');
-
-		$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);
-
-		if ($returnvalue !== false && is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] == 'system' && isset($fielddata['varname']) && $fielddata['varname'] == 'defaultsslip') {
-
-			$customerstddomains_result_stmt = Database::prepare("
-				SELECT `standardsubdomain` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `standardsubdomain` <> '0'
-			");
-			Database::pexecute($customerstddomains_result_stmt);
-
-			$ids = array();
-
-			while ($customerstddomains_row = $customerstddomains_result_stmt->fetch(\PDO::FETCH_ASSOC)) {
-				$ids[] = (int) $customerstddomains_row['standardsubdomain'];
-			}
-
-			if (count($ids) > 0) {
-				$defaultips_new = explode(',', $newfieldvalue);
-
-				if (! empty($defaultips_old) && ! empty($newfieldvalue)) {
-					$in_value = $defaultips_old . ", " . $newfieldvalue;
-				} elseif (! empty($defaultips_old) && empty($newfieldvalue)) {
-					$in_value = $defaultips_old;
-				} else {
-					$in_value = $newfieldvalue;
-				}
-
-				// Delete the existing mappings linking to default IPs
-				$del_stmt = Database::prepare("
-					DELETE FROM `" . TABLE_DOMAINTOIP . "`
-					WHERE `id_domain` IN (" . implode(', ', $ids) . ")
-					AND `id_ipandports` IN (" . $in_value . ")
-				");
-				Database::pexecute($del_stmt);
-
-				if (count($defaultips_new) > 0) {
-					// Insert the new mappings
-					$ins_stmt = Database::prepare("
-					INSERT INTO `" . TABLE_DOMAINTOIP . "`
-					SET `id_domain` = :domainid, `id_ipandports` = :ipandportid
-				");
-
-					foreach ($ids as $id) {
-						foreach ($defaultips_new as $defaultip_new) {
-							Database::pexecute($ins_stmt, array(
-								'domainid' => $id,
-								'ipandportid' => $defaultip_new
-							));
-						}
-					}
-				}
-			}
-		}
-
-		return $returnvalue;
 	}
 
 	/**
@@ -143,25 +110,24 @@ class Store
 	 */
 	public static function storeSettingDefaultTheme($fieldname, $fielddata, $newfieldvalue)
 	{
-
 		// first save the setting itself
 		$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);
 
 		if ($returnvalue !== false && is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] == 'panel' && isset($fielddata['varname']) && $fielddata['varname'] == 'default_theme') {
-			// now, if changing themes is disabled we recursivly set
+			// now, if changing themes is disabled we manually set
 			// the new theme (customers and admin, depending on settings)
 			if (Settings::Get('panel.allow_theme_change_customer') == '0') {
 				$upd_stmt = Database::prepare("
-				UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `theme` = :theme
-			");
+					UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `theme` = :theme
+				");
 				Database::pexecute($upd_stmt, array(
 					'theme' => $newfieldvalue
 				));
 			}
 			if (Settings::Get('panel.allow_theme_change_admin') == '0') {
 				$upd_stmt = Database::prepare("
-				UPDATE `" . TABLE_PANEL_ADMINS . "` SET `theme` = :theme
-			");
+					UPDATE `" . TABLE_PANEL_ADMINS . "` SET `theme` = :theme
+				");
 				Database::pexecute($upd_stmt, array(
 					'theme' => $newfieldvalue
 				));
@@ -204,17 +170,13 @@ class Store
 
 	public static function storeSettingFieldInsertBindTask($fieldname, $fielddata, $newfieldvalue)
 	{
-		if (is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] != '' && isset($fielddata['varname']) && $fielddata['varname'] != '') {
-			if (Settings::Set($fielddata['settinggroup'] . '.' . $fielddata['varname'], $newfieldvalue) !== false) {
-				return array(
-					$fielddata['settinggroup'] . '.' . $fielddata['varname'] => $newfieldvalue
-				);
-			} else {
-				return false;
-			}
-		} else {
-			return false;
+		// first save the setting itself
+		$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);
+
+		if ($returnvalue !== false) {
+			\Froxlor\System\Cronjob::inserttask('4');
 		}
+		return false;
 	}
 
 	public static function storeSettingHostname($fieldname, $fielddata, $newfieldvalue)
@@ -330,25 +292,9 @@ class Store
 		$returnvalue = self::storeSettingField($fieldname, $fielddata, $newfieldvalue);
 
 		if ($returnvalue !== false && is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] == 'catchall' && isset($fielddata['varname']) && $fielddata['varname'] == 'catchall_enabled' && $newfieldvalue == '0') {
-
-			$result_stmt = Database::query("
-				SELECT `id`, `email`, `email_full`, `iscatchall`  FROM `" . TABLE_MAIL_VIRTUAL . "`
-				WHERE `iscatchall` = '1'
+			Database::query("
+				UPDATE `" . TABLE_MAIL_VIRTUAL . "` SET `iscatchall` = '0' WHERE `iscatchall` = '1'
 			");
-
-			if (Database::num_rows() > 0) {
-
-				$upd_stmt = Database::prepare("
-					UPDATE `" . TABLE_MAIL_VIRTUAL . "` SET `email` = :email, `iscatchall` = '0' WHERE `id` = :id
-				");
-
-				while ($result_row = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
-					Database::pexecute($upd_stmt, array(
-						'email' => $result_row['email_full'],
-						'id' => $result_row['id']
-					));
-				}
-			}
 		}
 
 		return $returnvalue;

lib/Froxlor/System/Cronjob.php

@@ -178,6 +178,14 @@ class Cronjob
 				'type' => '11',
 				'data' => $data
 			));
+		} elseif ($type == '12' && $param1 != '') {
+			$data = array();
+			$data['domain'] = $param1;
+			$data = json_encode($data);
+			Database::pexecute($ins_stmt, array(
+				'type' => '12',
+				'data' => $data
+			));
 		} elseif ($type == '20' && is_array($param1)) {
 			$data = json_encode($param1);
 			Database::pexecute($ins_stmt, array(
@@ -277,6 +285,9 @@ class Cronjob
 			} elseif ($row['type'] == '11') {
 				// remove domain from pdns database if used
 				$task_desc = sprintf($lng['tasks']['remove_pdns_domain'], $row['data']['domain']);
+			} elseif ($row['type'] == '12') {
+				// remove domains ssl files
+				$task_desc = sprintf($lng['tasks']['remove_ssl_domain'], $row['data']['domain']);
 			} elseif ($row['type'] == '20') {
 				// deleting user-files
 				$loginname = '';
@@ -350,4 +361,14 @@ class Cronjob
 
 		die($message);
 	}
+
+	public static function updateLastRunOfCron($cronname)
+	{
+		$upd_stmt = Database::prepare("
+			UPDATE `" . TABLE_PANEL_CRONRUNS . "` SET `lastrun` = UNIX_TIMESTAMP() WHERE `cronfile` = :cron;
+		");
+		Database::pexecute($upd_stmt, array(
+			'cron' => $cronname
+		));
+	}
 }

lib/Froxlor/System/MysqlHandler.php

@@ -57,7 +57,7 @@ class MysqlHandler extends AbstractProcessingHandler
 	{
 		$this->insert([
 			':message' => $record['message'],
-			':contextUser' => (isset($record['context']['loginname']) ? $record['context']['loginname'] : 'unknown'),
+			':contextUser' => (isset($record['context']['user']) ? $record['context']['user'] : 'unknown'),
 			':contextAction' => (isset($record['context']['action']) ? $record['context']['action'] : '0'),
 			':level' => self::$froxlorLevels[$record['level']],
 			':datetime' => $record['datetime']->format('U')

lib/Froxlor/UI/Paging.php

@@ -282,7 +282,7 @@ class Paging
 					$field .= '`';
 				}
 
-				if ($field{0} != '`') {
+				if ($field[0] != '`') {
 					$field = '`' . $field;
 				}
 
@@ -352,7 +352,7 @@ class Paging
 				$field .= '`';
 			}
 
-			if ($field{0} != '`') {
+			if ($field[0] != '`') {
 				$field = '`' . $field;
 			}
 

lib/Froxlor/Validate/Check.php

@@ -192,7 +192,7 @@ class Check
 		}
 
 		$returnvalue = array();
-		if (Validate::validateUsername($newfieldvalue, Settings::Get('panel.unix_names'), 14 - strlen($allnewfieldvalues['customer_mysqlprefix'])) === true) {
+		if (Validate::validateUsername($newfieldvalue, Settings::Get('panel.unix_names'), \Froxlor\Database\Database::getSqlUsernameLength() - strlen($allnewfieldvalues['customer_mysqlprefix'])) === true) {
 			$returnvalue = array(
 				self::FORMFIELDS_PLAUSIBILITY_CHECK_OK
 			);

lib/Froxlor/Validate/Form/Data.php

@@ -33,7 +33,7 @@ class Data
 			if (isset($fielddata['string_type']) && $fielddata['string_type'] == 'mail') {
 				$returnvalue = (filter_var($newfieldvalue, FILTER_VALIDATE_EMAIL) == $newfieldvalue);
 			} elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'url') {
-				$returnvalue = self::validateUrl($newfieldvalue);
+				$returnvalue = \Froxlor\Validate\Validate::validateUrl($newfieldvalue);
 			} elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'dir') {
 				// check for empty value (it might be allowed)
 				if (trim($newfieldvalue) == '') {
@@ -128,62 +128,6 @@ class Data
 		}
 	}
 
-	/**
-	 * Returns whether a URL is in a correct format or not
-	 *
-	 * @param string $url
-	 *        	URL to be tested
-	 * @return bool
-	 * @author Christian Hoffmann
-	 * @author Froxlor team <team@froxlor.org> (2010-)
-	 *        
-	 */
-	public static function validateUrl($url)
-	{
-		if (strtolower(substr($url, 0, 7)) != "http://" && strtolower(substr($url, 0, 8)) != "https://") {
-			$url = 'http://' . $url;
-		}
-
-		// needs converting
-		try {
-			$idna_convert = new \Froxlor\Idna\IdnaWrapper();
-			$url = $idna_convert->encode($url);
-		} catch (\Exception $e) {
-			return false;
-		}
-
-		$pattern = '%^(?:(?:https?)://)(?:\S+(?::\S*)?@)?(?:(?!10(?:\.\d{1,3}){3})(?!127(?:\.\d{1,3}){3})(?!169\.254(?:\.\d{1,3}){2})(?!192\.168(?:\.\d{1,3}){2})(?!172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z\x{00a1}-\x{ffff}0-9]+-?)*[a-z\x{00a1}-\x{ffff}0-9]+)(?:\.(?:[a-z\x{00a1}-\x{ffff}0-9]+-?)*[a-z\x{00a1}-\x{ffff}0-9]+)*(?:\.(?:[a-z\x{00a1}-\x{ffff}]{2,})))(?::\d{2,5})?(?:/[^\s]*)?$%iuS';
-		if (preg_match($pattern, $url)) {
-			return true;
-		}
-
-		// not an fqdn
-		if (strtolower(substr($url, 0, 7)) == "http://" || strtolower(substr($url, 0, 8)) == "https://") {
-			if (strtolower(substr($url, 0, 7)) == "http://") {
-				$ip = strtolower(substr($url, 7));
-			}
-
-			if (strtolower(substr($url, 0, 8)) == "https://") {
-				$ip = strtolower(substr($url, 8));
-			}
-
-			$ip = substr($ip, 0, strpos($ip, '/'));
-			// possible : in IP (when a port is given), #1173
-			// but only if there actually IS ONE
-			if (strpos($ip, ':') !== false) {
-				$ip = substr($ip, 0, strpos($ip, ':'));
-			}
-
-			if (\Froxlor\Validate\Validate::validate_ip2($ip, true) !== false) {
-				return true;
-			} else {
-				return false;
-			}
-		} else {
-			return false;
-		}
-	}
-
 	public static function validateFormFieldBool($fieldname, $fielddata, $newfieldvalue)
 	{
 		if ($newfieldvalue === '1' || $newfieldvalue === 1 || $newfieldvalue === true || strtolower($newfieldvalue) === 'yes' || strtolower($newfieldvalue) === 'ja' || $newfieldvalue === '0' || $newfieldvalue === 0 || $newfieldvalue === false || strtolower($newfieldvalue) === 'no' || strtolower($newfieldvalue) === 'nein' || strtolower($newfieldvalue) === '') {
@@ -252,7 +196,7 @@ class Data
 			if (isset($fielddata['string_type']) && $fielddata['string_type'] == 'mail') {
 				$returnvalue = (filter_var($newfieldvalue, FILTER_VALIDATE_EMAIL) == $newfieldvalue);
 			} elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'url') {
-				$returnvalue = \Froxlor\Validate\Form\Data::validateUrl($newfieldvalue);
+				$returnvalue = \Froxlor\Validate\Validate::validateUrl($newfieldvalue);
 			} elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'dir') {
 				// add trailing slash to validate path if needed
 				// refs #331

lib/Froxlor/Validate/Validate.php

@@ -23,8 +23,6 @@ class Validate
 	 */
 	public static function validate($str, $fieldname, $pattern = '', $lng = '', $emptydefault = array(), $throw_exception = false)
 	{
-		global $log;
-
 		if (! is_array($emptydefault)) {
 			$emptydefault_array = array(
 				$emptydefault
@@ -35,8 +33,8 @@ class Validate
 		}
 
 		// Check if the $str is one of the values which represent the default for an 'empty' value
-		if (is_array($emptydefault) && ! empty($emptydefault) && in_array($str, $emptydefault) && isset($emptydefault[0])) {
-			return $emptydefault[0];
+		if (is_array($emptydefault) && ! empty($emptydefault) && in_array($str, $emptydefault)) {
+			return $str;
 		}
 
 		if ($pattern == '') {
@@ -48,6 +46,7 @@ class Validate
 				// everything else is removed from the string.
 				$allowed = "/[^a-z0-9\\040\\.\\-\\_\\\\]/i";
 				$str = preg_replace($allowed, "", $str);
+				$log = \Froxlor\FroxlorLogger::getInstanceOf();
 				$log->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_WARNING, "cleaned bad formatted string (" . $str . ")");
 			}
 		}
@@ -61,7 +60,6 @@ class Validate
 		}
 
 		\Froxlor\UI\Response::standard_error($lng, $fieldname, $throw_exception);
-		exit();
 	}
 
 	/**
@@ -99,7 +97,6 @@ class Validate
 				return false;
 			} else {
 				\Froxlor\UI\Response::standard_error($lng, $ip, $throw_exception);
-				exit();
 			}
 		}
 
@@ -118,10 +115,39 @@ class Validate
 			return false;
 		} else {
 			\Froxlor\UI\Response::standard_error($lng, $ip, $throw_exception);
-			exit();
 		}
 	}
 
+	/**
+	 * Returns whether a URL is in a correct format or not
+	 *
+	 * @param string $url
+	 *        	URL to be tested
+	 *        	
+	 * @return bool
+	 */
+	public static function validateUrl($url)
+	{
+		if (strtolower(substr($url, 0, 7)) != "http://" && strtolower(substr($url, 0, 8)) != "https://") {
+			$url = 'http://' . $url;
+		}
+
+		// needs converting
+		try {
+			$idna_convert = new \Froxlor\Idna\IdnaWrapper();
+			$url = $idna_convert->encode($url);
+		} catch (\Exception $e) {
+			return false;
+		}
+
+		$pattern = '%^(?:(?:https?)://)(?:\S+(?::\S*)?@)?(?:(?!10(?:\.\d{1,3}){3})(?!127(?:\.\d{1,3}){3})(?!169\.254(?:\.\d{1,3}){2})(?!192\.168(?:\.\d{1,3}){2})(?!172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z\x{00a1}-\x{ffff}0-9]+-?)*[a-z\x{00a1}-\x{ffff}0-9]+)(?:\.(?:[a-z\x{00a1}-\x{ffff}0-9]+-?)*[a-z\x{00a1}-\x{ffff}0-9]+)*(?:\.(?:[a-z\x{00a1}-\x{ffff}]{2,})))(?::\d{2,5})?(?:/[^\s]*)?$%iuS';
+		if (preg_match($pattern, $url)) {
+			return true;
+		}
+
+		return false;
+	}
+
 	/**
 	 * Check if the submitted string is a valid domainname
 	 *
@@ -157,7 +183,7 @@ class Validate
 	 */
 	public static function validateLocalHostname($hostname)
 	{
-		$pattern = '/^([a-zA-Z0-9\-])+$/i';
+		$pattern = '/^[a-z0-9][a-z0-9\-]{0,62}$/i';
 		if (preg_match($pattern, $hostname)) {
 			return $hostname;
 		}
@@ -180,52 +206,59 @@ class Validate
 	/**
 	 * Returns if an username is in correct format or not.
 	 *
-	 * @param
-	 *        	string The username to check
-	 * @return bool Correct or not
-	 * @author Michael Duergner <michael@duergner.com>
-	 *        
+	 * @param string $username
+	 *        	The username to check
+	 * @param bool $unix_names
+	 *        	optional, default true, checks whether it must be UNIX compatible
+	 * @param int $mysql_max
+	 *        	optional, number of max mysql username characters, default empty
+	 *        	
+	 * @return bool
 	 */
 	public static function validateUsername($username, $unix_names = 1, $mysql_max = '')
 	{
+		if (empty($mysql_max) || ! is_numeric($mysql_max) || $mysql_max <= 0) {
+			$mysql_max = \Froxlor\Database\Database::getSqlUsernameLength() - 1;
+		} else {
+			$mysql_max --;
+		}
 		if ($unix_names == 0) {
 			if (strpos($username, '--') === false) {
-				return (preg_match('/^[a-z][a-z0-9\-_]{0,' . (int) ($mysql_max - 1) . '}[a-z0-9]{1}$/Di', $username) != false);
-			} else {
-				return false;
+				return (preg_match('/^[a-z][a-z0-9\-_]{0,' . $mysql_max . '}[a-z0-9]{1}$/Di', $username) != false);
 			}
-		} else {
-			return (preg_match('/^[a-z][a-z0-9]{0,' . $mysql_max . '}$/Di', $username) != false);
+			return false;
 		}
+		return (preg_match('/^[a-z][a-z0-9]{0,' . $mysql_max . '}$/Di', $username) != false);
 	}
 
+	/**
+	 * validate sql interval string
+	 *
+	 * @param string $interval
+	 *
+	 * @return boolean
+	 */
 	public static function validateSqlInterval($interval = null)
 	{
-		if (! $interval === null || $interval != '') {
-			if (strstr($interval, ' ') !== false) {
-				/*
-				 * [0] = ([0-9]+)
-				 * [1] = valid SQL-Interval expression
-				 */
-				$valid_expr = array(
-					'SECOND',
-					'MINUTE',
-					'HOUR',
-					'DAY',
-					'WEEK',
-					'MONTH',
-					'YEAR'
-				);
+		if (! empty($interval) && strstr($interval, ' ') !== false) {
+			/*
+			 * [0] = ([0-9]+)
+			 * [1] = valid SQL-Interval expression
+			 */
+			$valid_expr = array(
+				'SECOND',
+				'MINUTE',
+				'HOUR',
+				'DAY',
+				'WEEK',
+				'MONTH',
+				'YEAR'
+			);
 
-				$interval_parts = explode(' ', $interval);
+			$interval_parts = explode(' ', $interval);
 
-				if (is_array($interval_parts) && isset($interval_parts[0]) && isset($interval_parts[1])) {
-					if (preg_match('/([0-9]+)/i', $interval_parts[0])) {
-						if (in_array(strtoupper($interval_parts[1]), $valid_expr)) {
-							return true;
-						}
-					}
-				}
+			if (count($interval_parts) == 2 && preg_match('/[0-9]+/', $interval_parts[0]) && in_array(strtoupper($interval_parts[1]), $valid_expr)) {
+				return true;
 			}
 		}
 		return false;

lib/configfiles/bionic.xml

@@ -1504,7 +1504,7 @@ user = <SQL_UNPRIVILEGED_USER>
 password = <SQL_UNPRIVILEGED_PASSWORD>
 dbname = <SQL_DB>
 hosts = <SQL_HOST>
-query = SELECT destination FROM mail_virtual WHERE email = '%s' AND trim(destination) <> ''
+query = SELECT destination FROM mail_virtual AS v, panel_customers AS c WHERE c.customerid = v.customerid AND c.deactivated = 0 AND v.email = '%s' AND trim(v.destination) <> '' 
 ]]>
 							</content>
 						</file>
@@ -3746,7 +3746,7 @@ protocol sieve {
 #  %m - number of messages (before deletion)
 #  %s - mailbox size in bytes (before deletion)
 #  %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
-#pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
+pop3_logout_format = in=%i out=%o top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
 
 # Workarounds for various client bugs:
 #   outlook-no-nuls:
@@ -4539,21 +4539,7 @@ UPLOADGID=
 				<!-- Cronjob -->
 				<daemon name="cron" title="Cronjob for froxlor"
 					mandatory="true">
-					<file name="/etc/cron.d/froxlor" chown="root:0" chmod="0640">
-						<content><![CDATA[
-#
-# Set PATH, otherwise restart-scripts won't find start-stop-daemon
-#
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-#
-# Regular cron jobs for the froxlor package
-#
-# Please check that all following paths are correct
-#
-*/5 * * * *	root	/usr/bin/nice -n 5 /usr/bin/php -q <BASE_PATH>scripts/froxlor_master_cronjob.php
-]]>
-						</content>
-					</file>
+					<command><![CDATA[/usr/bin/php <BASE_PATH>scripts/froxlor_master_cronjob.php --run-task 99]]></command>
 					<command><![CDATA[{{settings.system.crondreload}}]]></command>
 				</daemon>
 				<!-- AWstats -->
@@ -4568,8 +4554,8 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 				</daemon>
 				<!-- libnss-extrausers -->
 				<daemon name="libnssextrausers"
-					title="libnss-extrausers (alternative to libnss-mysql, required for FCGID/php-fpm/mpm-itk)">
-					<install><![CDATA[apt-get install nscd libnss-extrausers]]></install>
+					title="libnss-extrausers (required for FCGID/php-fpm/mpm-itk)">
+					<install><![CDATA[apt-get install libnss-extrausers]]></install>
 					<commands index="1">
 						<command><![CDATA[mkdir -p /var/lib/extrausers]]></command>
 						<command><![CDATA[touch /var/lib/extrausers/passwd]]></command>
@@ -4601,9 +4587,6 @@ aliases:     files
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/nscd restart]]></command>
-					<!-- clear group chache -->
-					<command><![CDATA[nscd --invalidate=group]]></command>
 				</daemon>
 				<!-- Logrotate -->
 				<daemon name="logrotate" title="Logrotate">

lib/configfiles/buster.xml

@@ -1463,7 +1463,7 @@ user = <SQL_UNPRIVILEGED_USER>
 password = <SQL_UNPRIVILEGED_PASSWORD>
 dbname = <SQL_DB>
 hosts = <SQL_HOST>
-query = SELECT destination FROM mail_virtual WHERE email = '%s' AND trim(destination) <> ''
+query = SELECT destination FROM mail_virtual AS v, panel_customers AS c WHERE c.customerid = v.customerid AND c.deactivated = 0 AND v.email = '%s' AND trim(v.destination) <> '' 
 ]]>
 							</content>
 						</file>
@@ -2593,7 +2593,7 @@ dict {
 # );
 
 # Database driver: mysql, pgsql, sqlite
-driver = mysql 
+driver = mysql
 
 # Database connection string. This is driver-specific setting.
 #
@@ -2707,11 +2707,7 @@ user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir
 password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve')))
 
 # Query to get a list of all usernames.
-#iterate_query = SELECT username AS user FROM users
-
-
-# This file is commonly accessed via passdb {} or userdb {} section in
-# conf.d/auth-sql.conf.ext
+#iterate_query = SELECT username AS user FROM mail_users
 ]]>
 							</content>
 						</file>
@@ -3394,7 +3390,7 @@ service auth {
   unix_listener auth-client {
     mode = 0660
     user = mail
-  #  group = Debian-exim
+    #group = Debian-exim
   }
 
   # Auth process is run as this user.
@@ -3417,6 +3413,17 @@ service dict {
     #group = 
   }
 }
+
+service stats {
+  unix_listener stats-reader {
+    group = vmail
+    mode = 0666
+  }
+  unix_listener stats-writer {
+    group = vmail
+    mode = 0666
+  }
+}
 ]]>
 							</content>
 						</file>
@@ -3428,14 +3435,14 @@ service dict {
 ##
 
 # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
-ssl = no
+ssl = yes
 
 # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
 # dropping root privileges, so keep the key file unreadable by anyone but
 # root. Included doc/mkcert.sh can be used to easily generate self-signed
 # certificate, just make sure to update the domains in dovecot-openssl.cnf
-#ssl_cert = </etc/dovecot/private/dovecot.pem
-#ssl_key = </etc/dovecot/private/dovecot.key
+ssl_cert = </etc/dovecot/private/dovecot.pem
+ssl_key = </etc/dovecot/private/dovecot.key
 
 # If key file is password protected, give the password here. Alternatively
 # give it when starting dovecot with -p parameter. Since this file is often
@@ -3831,7 +3838,7 @@ protocol sieve {
 #  %m - number of messages (before deletion)
 #  %s - mailbox size in bytes (before deletion)
 #  %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
-#pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
+pop3_logout_format = in=%i out=%o top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
 
 # Workarounds for various client bugs:
 #   outlook-no-nuls:
@@ -4734,21 +4741,7 @@ UPLOADGID=
 				<!-- Cronjob -->
 				<daemon name="cron" title="Cronjob for froxlor"
 					mandatory="true">
-					<file name="/etc/cron.d/froxlor" chown="root:0" chmod="0640">
-						<content><![CDATA[
-#
-# Set PATH, otherwise restart-scripts won't find start-stop-daemon
-#
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-#
-# Regular cron jobs for the froxlor package
-#
-# Please check that all following paths are correct
-#
-*/5 * * * *	root	/usr/bin/nice -n 5 /usr/bin/php -q <BASE_PATH>scripts/froxlor_master_cronjob.php
-]]>
-						</content>
-					</file>
+					<command><![CDATA[/usr/bin/php <BASE_PATH>scripts/froxlor_master_cronjob.php --run-task 99]]></command>
 					<command><![CDATA[{{settings.system.crondreload}}]]></command>
 				</daemon>
 				<!-- AWstats -->
@@ -4763,8 +4756,8 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 				</daemon>
 				<!-- libnss-extrausers -->
 				<daemon name="libnssextrausers"
-					title="libnss-extrausers (alternative to libnss-mysql, required for FCGID/php-fpm/mpm-itk)">
-					<install><![CDATA[apt-get install nscd libnss-extrausers]]></install>
+					title="libnss-extrausers (required for FCGID/php-fpm/mpm-itk)">
+					<install><![CDATA[apt-get install libnss-extrausers]]></install>
 					<commands index="1">
 						<command><![CDATA[mkdir -p /var/lib/extrausers]]></command>
 						<command><![CDATA[touch /var/lib/extrausers/passwd]]></command>
@@ -4796,9 +4789,6 @@ aliases:     files
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/nscd restart]]></command>
-					<!-- clear group chache -->
-					<command><![CDATA[nscd --invalidate=group]]></command>
 				</daemon>
 				<!-- Logrotate -->
 				<daemon name="logrotate" title="Logrotate">

lib/configfiles/gentoo.xml

@@ -1474,7 +1474,7 @@ user = <SQL_UNPRIVILEGED_USER>
 password = <SQL_UNPRIVILEGED_PASSWORD>
 dbname = <SQL_DB>
 hosts = <SQL_HOST>
-query = SELECT destination FROM mail_virtual WHERE email = '%s' AND trim(destination) <> ''
+query = SELECT destination FROM mail_virtual AS v, panel_customers AS c WHERE c.customerid = v.customerid AND c.deactivated = 0 AND v.email = '%s' AND trim(v.destination) <> '' 
 ]]>
 							</content>
 						</file>
@@ -3657,21 +3657,7 @@ account     required    pam_mysql.so user=<SQL_UNPRIVILEGED_USER> passwd=<SQL_UN
 				<!-- Cronjob -->
 				<daemon name="cron" title="Cronjob for froxlor"
 					mandatory="true">
-					<file name="/etc/cron.d/froxlor" chown="root:0" chmod="0640">
-						<content><![CDATA[
-#
-# Set PATH, otherwise restart-scripts won't find start-stop-daemon
-#
-PATH=/sbin:/bin:/usr/sbin:/usr/bin
-#
-# Regular cron jobs for the froxlor package
-#
-# Please check that all following paths are correct
-#
-*/5 * * * *	root	/usr/bin/nice -n 5 /usr/bin/php -q <BASE_PATH>scripts/froxlor_master_cronjob.php
-]]>
-						</content>
-					</file>
+					<command><![CDATA[/usr/bin/php <BASE_PATH>scripts/froxlor_master_cronjob.php --run-task 99]]></command>
 					<command><![CDATA[{{settings.system.crondreload}}]]></command>
 				</daemon>
 				<!-- AWstats -->

lib/configfiles/jessie.xml

@@ -1504,7 +1504,7 @@ user = <SQL_UNPRIVILEGED_USER>
 password = <SQL_UNPRIVILEGED_PASSWORD>
 dbname = <SQL_DB>
 hosts = <SQL_HOST>
-query = SELECT destination FROM mail_virtual WHERE email = '%s' AND trim(destination) <> ''
+query = SELECT destination FROM mail_virtual AS v, panel_customers AS c WHERE c.customerid = v.customerid AND c.deactivated = 0 AND v.email = '%s' AND trim(v.destination) <> '' 
 ]]>
 							</content>
 						</file>
@@ -3658,7 +3658,7 @@ protocol sieve {
 #  %m - number of messages (before deletion)
 #  %s - mailbox size in bytes (before deletion)
 #  %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
-#pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
+pop3_logout_format = in=%i out=%o top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
 
 # Workarounds for various client bugs:
 #   outlook-no-nuls:
@@ -4461,21 +4461,7 @@ UPLOADGID=
 				<!-- Cronjob -->
 				<daemon name="cron" title="Cronjob for froxlor"
 					mandatory="true">
-					<file name="/etc/cron.d/froxlor" chown="root:0" chmod="0640">
-						<content><![CDATA[
-#
-# Set PATH, otherwise restart-scripts won't find start-stop-daemon
-#
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-#
-# Regular cron jobs for the froxlor package
-#
-# Please check that all following paths are correct
-#
-*/5 * * * *	root	/usr/bin/nice -n 5 /usr/bin/php -q <BASE_PATH>scripts/froxlor_master_cronjob.php
-]]>
-						</content>
-					</file>
+					<command><![CDATA[/usr/bin/php <BASE_PATH>scripts/froxlor_master_cronjob.php --run-task 99]]></command>
 					<command><![CDATA[{{settings.system.crondreload}}]]></command>
 				</daemon>
 				<!-- AWstats -->
@@ -4490,7 +4476,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 				</daemon>
 				<!-- libnss-mysql -->
 				<daemon name="libnss"
-					title="libnss-mysql (required for FCGID/php-fpm/mpm-itk)">
+					title="libnss-mysql (alternative for libnss-extrausers, required for FCGID/php-fpm/mpm-itk)">
 					<install><![CDATA[apt-get install nscd
 wget http://debian.froxlor.org/pool/main/libn/libnss-mysql-bg/libnss-mysql-bg_1.5-3+frx1_amd64.deb
 dpkg -i libnss-mysql-bg_1.5-3+frx1_amd64.deb
@@ -4663,8 +4649,8 @@ aliases:     files
 				</daemon>
 				<!-- libnss-extrausers -->
 				<daemon name="libnssextrausers"
-					title="libnss-extrausers (alternative to libnss-mysql, required for FCGID/php-fpm/mpm-itk)">
-					<install><![CDATA[apt-get install nscd libnss-extrausers]]></install>
+					title="libnss-extrausers (required for FCGID/php-fpm/mpm-itk)">
+					<install><![CDATA[apt-get install libnss-extrausers]]></install>
 					<commands index="1">
 						<command><![CDATA[mkdir -p /var/lib/extrausers]]></command>
 						<command><![CDATA[touch /var/lib/extrausers/passwd]]></command>
@@ -4696,9 +4682,6 @@ aliases:     files
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/nscd restart]]></command>
-					<!-- clear group chache -->
-					<command><![CDATA[nscd --invalidate=group]]></command>
 				</daemon>
 				<!-- Logrotate -->
 				<daemon name="logrotate" title="Logrotate">

lib/configfiles/rhel_centos.xml

@@ -95,7 +95,7 @@ user = <SQL_UNPRIVILEGED_USER>
 password = <SQL_UNPRIVILEGED_PASSWORD>
 dbname = <SQL_DB>
 hosts = <SQL_HOST>
-query = SELECT destination FROM mail_virtual WHERE email = '%s' AND trim(destination) <> ''
+query = SELECT destination FROM mail_virtual AS v, panel_customers AS c WHERE c.customerid = v.customerid AND c.deactivated = 0 AND v.email = '%s' AND trim(v.destination) <> '' 
 ]]>
 							</content>
 						</file>
@@ -1529,7 +1529,7 @@ protocol sieve {
 #  %m - number of messages (before deletion)
 #  %s - mailbox size in bytes (before deletion)
 #  %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
-#pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
+pop3_logout_format = in=%i out=%o top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
 
 # Workarounds for various client bugs:
 #   outlook-no-nuls:
@@ -1826,7 +1826,7 @@ iterate_query = SELECT username AS user FROM mail_users
 				<daemon name="proftpd" version="1.3" title="ProFTPd"
 					default="true">
 					<install><![CDATA[yum install proftpd proftpd-mysql]]></install>
-					<file name="/etc/proftpd/proftpd.conf" chown="root:0"
+					<file name="/etc/proftpd.conf" chown="root:0"
 						chmod="0600" backup="true">
 						<content><![CDATA[
 # This is the ProFTPD configuration file
@@ -2289,21 +2289,7 @@ ControlsLog			/var/log/proftpd/controls.log
 				<!-- Cronjob -->
 				<daemon name="cron" title="Cronjob for froxlor"
 					mandatory="true">
-					<file name="/etc/cron.d/froxlor" chown="root:0" chmod="0640">
-						<content><![CDATA[
-#
-# Set PATH, otherwise restart-scripts won't find start-stop-daemon
-#
-PATH=/sbin:/bin:/usr/sbin:/usr/bin
-#
-# Regular cron jobs for the froxlor package
-#
-# Please check that all following paths are correct
-#
-*/1 * * * *	root	/usr/bin/php -q <BASE_PATH>scripts/froxlor_master_cronjob.php
-]]>
-						</content>
-					</file>
+					<command><![CDATA[/usr/bin/php <BASE_PATH>scripts/froxlor_master_cronjob.php --run-task 99]]></command>
 					<command><![CDATA[{{settings.system.crondreload}}]]></command>
 				</daemon>
 				<!-- AWstats -->

lib/configfiles/stretch.xml

@@ -1493,7 +1493,7 @@ user = <SQL_UNPRIVILEGED_USER>
 password = <SQL_UNPRIVILEGED_PASSWORD>
 dbname = <SQL_DB>
 hosts = <SQL_HOST>
-query = SELECT destination FROM mail_virtual WHERE email = '%s' AND trim(destination) <> ''
+query = SELECT destination FROM mail_virtual AS v, panel_customers AS c WHERE c.customerid = v.customerid AND c.deactivated = 0 AND v.email = '%s' AND trim(v.destination) <> '' 
 ]]>
 							</content>
 						</file>
@@ -3735,7 +3735,7 @@ protocol sieve {
 #  %m - number of messages (before deletion)
 #  %s - mailbox size in bytes (before deletion)
 #  %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
-#pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
+pop3_logout_format = in=%i out=%o top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
 
 # Workarounds for various client bugs:
 #   outlook-no-nuls:
@@ -4528,21 +4528,7 @@ UPLOADGID=
 				<!-- Cronjob -->
 				<daemon name="cron" title="Cronjob for froxlor"
 					mandatory="true">
-					<file name="/etc/cron.d/froxlor" chown="root:0" chmod="0640">
-						<content><![CDATA[
-#
-# Set PATH, otherwise restart-scripts won't find start-stop-daemon
-#
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-#
-# Regular cron jobs for the froxlor package
-#
-# Please check that all following paths are correct
-#
-*/5 * * * *	root	/usr/bin/nice -n 5 /usr/bin/php -q <BASE_PATH>scripts/froxlor_master_cronjob.php
-]]>
-						</content>
-					</file>
+					<command><![CDATA[/usr/bin/php <BASE_PATH>scripts/froxlor_master_cronjob.php --run-task 99]]></command>
 					<command><![CDATA[{{settings.system.crondreload}}]]></command>
 				</daemon>
 				<!-- AWstats -->
@@ -4557,8 +4543,8 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 				</daemon>
 				<!-- libnss-extrausers -->
 				<daemon name="libnssextrausers"
-					title="libnss-extrausers (alternative to libnss-mysql, required for FCGID/php-fpm/mpm-itk)">
-					<install><![CDATA[apt-get install nscd libnss-extrausers]]></install>
+					title="libnss-extrausers (required for FCGID/php-fpm/mpm-itk)">
+					<install><![CDATA[apt-get install libnss-extrausers]]></install>
 					<commands index="1">
 						<command><![CDATA[mkdir -p /var/lib/extrausers]]></command>
 						<command><![CDATA[touch /var/lib/extrausers/passwd]]></command>
@@ -4590,9 +4576,6 @@ aliases:     files
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/nscd restart]]></command>
-					<!-- clear group chache -->
-					<command><![CDATA[nscd --invalidate=group]]></command>
 				</daemon>
 				<!-- Logrotate -->
 				<daemon name="logrotate" title="Logrotate">

lib/configfiles/trusty.xml

@@ -502,7 +502,7 @@ user = <SQL_UNPRIVILEGED_USER>
 password = <SQL_UNPRIVILEGED_PASSWORD>
 dbname = <SQL_DB>
 hosts = <SQL_HOST>
-query = SELECT destination FROM mail_virtual WHERE email = '%s' AND trim(destination) <> ''
+query = SELECT destination FROM mail_virtual AS v, panel_customers AS c WHERE c.customerid = v.customerid AND c.deactivated = 0 AND v.email = '%s' AND trim(v.destination) <> '' 
 ]]>
 							</content>
 						</file>
@@ -1546,21 +1546,7 @@ UPLOADGID=
 				<!-- Cronjob -->
 				<daemon name="cron" title="Cronjob for froxlor"
 					mandatory="true">
-					<file name="/etc/cron.d/froxlor" chown="root:0" chmod="0640">
-						<content><![CDATA[
-#
-# Set PATH, otherwise restart-scripts won't find start-stop-daemon
-#
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-#
-# Regular cron jobs for the froxlor package
-#
-# Please check that all following paths are correct
-#
-*/5 * * * *	root	/usr/bin/nice -n 5 /usr/bin/php -q <BASE_PATH>scripts/froxlor_master_cronjob.php
-]]>
-						</content>
-					</file>
+					<command><![CDATA[/usr/bin/php <BASE_PATH>scripts/froxlor_master_cronjob.php --run-task 99]]></command>
 					<command><![CDATA[{{settings.system.crondreload}}]]></command>
 				</daemon>
 				<!-- AWstats -->
@@ -1575,7 +1561,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 				</daemon>
 				<!-- libnss-mysql -->
 				<daemon name="libnss"
-					title="libnss-mysql (required for FCGID/php-fpm/mpm-itk)">
+					title="libnss-mysql (alternative to libnss-extrausers, required for FCGID/php-fpm/mpm-itk)">
 					<install><![CDATA[apt-get install libnss-mysql-bg nscd]]></install>
 					<file name="/etc/libnss-mysql.cfg" chown="root:root"
 						chmod="0600" backup="true">
@@ -1671,8 +1657,8 @@ aliases:     files
 				</daemon>
 				<!-- libnss-extrausers -->
 				<daemon name="libnssextrausers"
-					title="libnss-extrausers (alternative to libnss-mysql, required for FCGID/php-fpm/mpm-itk)">
-					<install><![CDATA[apt-get install nscd libnss-extrausers]]></install>
+					title="libnss-extrausers (required for FCGID/php-fpm/mpm-itk)">
+					<install><![CDATA[apt-get install libnss-extrausers]]></install>
 					<commands index="1">
 						<command><![CDATA[mkdir -p /var/lib/extrausers]]></command>
 						<command><![CDATA[touch /var/lib/extrausers/passwd]]></command>
@@ -1704,9 +1690,6 @@ aliases:     files
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/nscd restart]]></command>
-					<!-- clear group chache -->
-					<command><![CDATA[nscd --invalidate=group]]></command>
 				</daemon>
 				<!-- Logrotate -->
 				<daemon name="logrotate" title="Logrotate">

lib/configfiles/xenial.xml

@@ -1504,7 +1504,7 @@ user = <SQL_UNPRIVILEGED_USER>
 password = <SQL_UNPRIVILEGED_PASSWORD>
 dbname = <SQL_DB>
 hosts = <SQL_HOST>
-query = SELECT destination FROM mail_virtual WHERE email = '%s' AND trim(destination) <> ''
+query = SELECT destination FROM mail_virtual AS v, panel_customers AS c WHERE c.customerid = v.customerid AND c.deactivated = 0 AND v.email = '%s' AND trim(v.destination) <> '' 
 ]]>
 							</content>
 						</file>
@@ -3746,7 +3746,7 @@ protocol sieve {
 #  %m - number of messages (before deletion)
 #  %s - mailbox size in bytes (before deletion)
 #  %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
-#pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
+pop3_logout_format = in=%i out=%o top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
 
 # Workarounds for various client bugs:
 #   outlook-no-nuls:
@@ -4539,21 +4539,7 @@ UPLOADGID=
 				<!-- Cronjob -->
 				<daemon name="cron" title="Cronjob for froxlor"
 					mandatory="true">
-					<file name="/etc/cron.d/froxlor" chown="root:0" chmod="0640">
-						<content><![CDATA[
-#
-# Set PATH, otherwise restart-scripts won't find start-stop-daemon
-#
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-#
-# Regular cron jobs for the froxlor package
-#
-# Please check that all following paths are correct
-#
-*/5 * * * *	root	/usr/bin/nice -n 5 /usr/bin/php -q <BASE_PATH>scripts/froxlor_master_cronjob.php
-]]>
-						</content>
-					</file>
+					<command><![CDATA[/usr/bin/php <BASE_PATH>scripts/froxlor_master_cronjob.php --run-task 99]]></command>
 					<command><![CDATA[{{settings.system.crondreload}}]]></command>
 				</daemon>
 				<!-- AWstats -->
@@ -4568,8 +4554,8 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 				</daemon>
 				<!-- libnss-extrausers -->
 				<daemon name="libnssextrausers"
-					title="libnss-extrausers (alternative to libnss-mysql, required for FCGID/php-fpm/mpm-itk)">
-					<install><![CDATA[apt-get install nscd libnss-extrausers]]></install>
+					title="libnss-extrausers (required for FCGID/php-fpm/mpm-itk)">
+					<install><![CDATA[apt-get install libnss-extrausers]]></install>
 					<commands index="1">
 						<command><![CDATA[mkdir -p /var/lib/extrausers]]></command>
 						<command><![CDATA[touch /var/lib/extrausers/passwd]]></command>
@@ -4601,9 +4587,6 @@ aliases:     files
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/nscd restart]]></command>
-					<!-- clear group chache -->
-					<command><![CDATA[nscd --invalidate=group]]></command>
 				</daemon>
 				<!-- Logrotate -->
 				<daemon name="logrotate" title="Logrotate">

lib/formfields/admin/admin/formfield.admin_add.php

@@ -44,6 +44,21 @@ return array(
 						'label' => $lng['login']['language'],
 						'type' => 'select',
 						'select_var' => $language_options
+					),
+					'api_allowed' => array(
+						'label' => $lng['usersettings']['api_allowed']['title'],
+						'desc' => $lng['usersettings']['api_allowed']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
+						),
+						'visible' => (\Froxlor\Settings::Get('api.enabled') == '1' ? true : false)
 					)
 				)
 			),

lib/formfields/admin/admin/formfield.admin_edit.php

@@ -59,6 +59,21 @@ return array(
 						'type' => 'select',
 						'select_var' => $language_options,
 						'visible' => ($result['adminid'] == $userinfo['userid'] ? false : true)
+					),
+					'api_allowed' => array(
+						'label' => $lng['usersettings']['api_allowed']['title'],
+						'desc' => $lng['usersettings']['api_allowed']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['api_allowed']
+						),
+						'visible' => (\Froxlor\Settings::Get('api.enabled') == '1' ? true : false)
 					)
 				)
 			),

lib/formfields/admin/customer/formfield.customer_add.php

@@ -81,6 +81,21 @@ return array(
 						'label' => $lng['login']['language'],
 						'type' => 'select',
 						'select_var' => $language_options
+					),
+					'api_allowed' => array(
+						'label' => $lng['usersettings']['api_allowed']['title'],
+						'desc' => $lng['usersettings']['api_allowed']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
+						),
+						'visible' => (\Froxlor\Settings::Get('api.enabled') == '1' ? true : false)
 					)
 				)
 			),
@@ -294,9 +309,9 @@ return array(
 						'values' => $phpconfigs,
 						'value' => ((int) \Froxlor\Settings::Get('system.mod_fcgid') == 1 ? array(
 							\Froxlor\Settings::Get('system.mod_fcgid_defaultini')
-						) : (int) \Froxlor\Settings::Get('phpfpm.enabled') == 1 ? array(
+						) : ((int) \Froxlor\Settings::Get('phpfpm.enabled') == 1 ? array(
 							\Froxlor\Settings::Get('phpfpm.defaultini')
-						) : array()),
+						) : array())),
 						'is_array' => 1
 					),
 					'perlenabled' => array(

lib/formfields/admin/customer/formfield.customer_edit.php

@@ -74,6 +74,21 @@ return array(
 						'label' => $lng['login']['language'],
 						'type' => 'select',
 						'select_var' => $language_options
+					),
+					'api_allowed' => array(
+						'label' => $lng['usersettings']['api_allowed']['title'],
+						'desc' => $lng['usersettings']['api_allowed']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['api_allowed']
+						),
+						'visible' => (\Froxlor\Settings::Get('api.enabled') == '1' ? true : false)
 					)
 				)
 			),

lib/formfields/admin/domains/formfield.domains_add.php

@@ -185,7 +185,7 @@ return array(
 						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
 						'type' => 'checkbox',
 						'values' => $ssl_ipsandports,
-						'value' => '',
+						'value' => explode(',', \Froxlor\Settings::Get('system.defaultsslip')),
 						'is_array' => 1
 					),
 					'ssl_redirect' => array(

lib/formfields/customer/domains/formfield.domain_ssleditor.php

@@ -23,6 +23,12 @@ return array(
 				'title' => 'SSL certificates',
 				'image' => 'icons/ssl.png',
 				'fields' => array(
+					'domainname' => array(
+						'label' => $lng['domains']['domainname'],
+						'type' => 'hidden',
+						'value' => $result_domain['domain'],
+						'display' => $result_domain['domain']
+					),
 					'ssl_cert_file' => array(
 						'style' => 'align-top',
 						'label' => $lng['admin']['ipsandports']['ssl_cert_file_content'],

lib/formfields/customer/domains/formfield.domains_add.php

@@ -108,6 +108,19 @@ return array(
 						),
 						'value' => array()
 					),
+					'http2' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd' && \Froxlor\Settings::Get('system.http2_support') == '1',
+						'label' => $lng['admin']['domain_http2']['title'],
+						'desc' => $lng['admin']['domain_http2']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
 					'hsts_maxage' => array(
 						'label' => $lng['admin']['domain_hsts_maxage']['title'],
 						'desc' => $lng['admin']['domain_hsts_maxage']['description'],

lib/formfields/customer/domains/formfield.domains_edit.php

@@ -128,6 +128,21 @@ return array(
 							$result['letsencrypt']
 						)
 					),
+					'http2' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd' && \Froxlor\Settings::Get('system.http2_support') == '1',
+						'label' => $lng['admin']['domain_http2']['title'],
+						'desc' => $lng['admin']['domain_http2']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['http2']
+						)
+					),
 					'hsts_maxage' => array(
 						'label' => $lng['admin']['domain_hsts_maxage']['title'],
 						'desc' => $lng['admin']['domain_hsts_maxage']['description'],

lib/init.php

@@ -16,6 +16,19 @@
  * @package    System
  *
  */
+
+// define default theme for configurehint, etc.
+$_deftheme = 'Sparkle';
+
+if (! file_exists(dirname(__DIR__) . '/vendor/autoload.php')) {
+	// get hint-template
+	$vendor_hint = file_get_contents(dirname(__DIR__) . '/templates/' . $_deftheme . '/misc/vendormissinghint.tpl');
+	// replace values
+	$vendor_hint = str_replace("<FROXLOR_INSTALL_DIR>", dirname(__DIR__), $vendor_hint);
+	$vendor_hint = str_replace("<CURRENT_YEAR>", date('Y', time()), $vendor_hint);
+	die($vendor_hint);
+}
+
 require dirname(__DIR__) . '/vendor/autoload.php';
 
 use Froxlor\Database\Database;
@@ -68,9 +81,6 @@ unset($key);
 
 $filename = htmlentities(basename($_SERVER['PHP_SELF']));
 
-// define default theme for configurehint, etc.
-$_deftheme = 'Sparkle';
-
 // check whether the userdata file exists
 if (! file_exists(\Froxlor\Froxlor::getInstallDir() . '/lib/userdata.inc.php')) {
 	$config_hint = file_get_contents(\Froxlor\Froxlor::getInstallDir() . '/templates/' . $_deftheme . '/misc/configurehint.tpl');
@@ -88,7 +98,7 @@ if (! is_readable(\Froxlor\Froxlor::getInstallDir() . '/lib/userdata.inc.php'))
 	// replace values
 	$owner_hint = str_replace("<USER>", $posixusername['name'], $owner_hint);
 	$owner_hint = str_replace("<GROUP>", $posixgroup['name'], $owner_hint);
-	$owner_hint = str_replace("<\Froxlor\Froxlor::getInstallDir()>", \Froxlor\Froxlor::getInstallDir(), $owner_hint);
+	$owner_hint = str_replace("<FROXLOR_INSTALL_DIR>", \Froxlor\Froxlor::getInstallDir(), $owner_hint);
 	$owner_hint = str_replace("<CURRENT_YEAR>", date('Y', time()), $owner_hint);
 	// show
 	die($owner_hint);
@@ -210,7 +220,7 @@ if (isset($s) && $s != "" && $nosession != 1) {
 	$userinfo_stmt = Database::prepare($query);
 	$userinfo = Database::pexecute_first($userinfo_stmt, $userinfo_data);
 
-	if ((($userinfo['adminsession'] == '1' && AREA == 'admin' && isset($userinfo['adminid'])) || ($userinfo['adminsession'] == '0' && (AREA == 'customer' || AREA == 'login') && isset($userinfo['customerid']))) && (! isset($userinfo['deactivated']) || $userinfo['deactivated'] != '1')) {
+	if ($userinfo && (($userinfo['adminsession'] == '1' && AREA == 'admin' && isset($userinfo['adminid'])) || ($userinfo['adminsession'] == '0' && (AREA == 'customer' || AREA == 'login') && isset($userinfo['customerid']))) && (! isset($userinfo['deactivated']) || $userinfo['deactivated'] != '1')) {
 		$upd_stmt = Database::prepare("
 			UPDATE `" . TABLE_PANEL_SESSIONS . "` SET
 			`lastactivity` = :lastactive

lng/english.lng.php

@@ -502,7 +502,7 @@ $lng['panel']['pathDescriptionSubdomain'] = $lng['panel']['pathDescription'] . $
 
 // ADDED IN 1.2.16-svn6
 
-$lng['admin']['templates']['TRAFFIC'] = 'Replaced with the traffic in mB, which was assigned to the customer.';
+$lng['admin']['templates']['TRAFFIC'] = 'Replaced with the traffic in MB, which was assigned to the customer.';
 $lng['admin']['templates']['TRAFFICUSED'] = 'Replaced with the traffic in MB, which was exhausted by the customer.';
 
 // ADDED IN 1.2.16-svn7
@@ -1626,7 +1626,7 @@ $lng['domains']['serveraliasoption_www'] = 'WWW (www.domain.tld)';
 $lng['domains']['serveraliasoption_none'] = 'No alias';
 $lng['error']['givendirnotallowed'] = 'The given directory in field %s is not allowed.';
 $lng['serversettings']['ssl']['ssl_cipher_list']['title'] = 'Configure the allowed SSL ciphers';
-$lng['serversettings']['ssl']['ssl_cipher_list']['description'] = 'This is a list of ciphers that you want (or don\'t want) to use when talking SSL. For a list of ciphers and how to include/exclude them, see sections "CIPHER LIST FORMAT" and "CIPHER STRINGS" on <a href="http://openssl.org/docs/apps/ciphers.html">the man-page for ciphers</a>.<br /><br /><b>Default value is:</b><pre>ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128</pre>';
+$lng['serversettings']['ssl']['ssl_cipher_list']['description'] = 'This is a list of ciphers that you want (or don\'t want) to use when talking SSL. For a list of ciphers and how to include/exclude them, see sections "CIPHER LIST FORMAT" and "CIPHER STRINGS" on <a href="https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html">the man-page for ciphers</a>.<br /><br /><b>Default value is:</b><pre>ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128</pre>';
 
 // Added in Froxlor 0.9.31
 $lng['panel']['dashboard'] = 'Dashboard';
@@ -1848,6 +1848,12 @@ $lng['serversettings']['leenabled']['title'] = "Enable Let's Encrypt";
 $lng['serversettings']['leenabled']['description'] = "If activated, customers are able to let froxlor automatically generate and renew Let's Encrypt ssl-certificates for domains with a ssl IP/port.<br /><br />Please remember that you need to go through the webserver-configuration when enabled because this feature needs a special configuration.";
 $lng['domains']['ssl_redirect_temporarilydisabled'] = "<br>The SSL redirect is temporarily deactivated while a new Let's Encrypt certificate is generated. It will be activated again after the certificate was generated.";
 
+// Added for CAA record support
+$lng['serversettings']['caa_entry']['title'] = 'Generate CAA DNS records';
+$lng['serversettings']['caa_entry']['description'] = 'Automatically generates CAA records for SSL-enabled domains that are using Let\'s Encrypt';
+$lng['serversettings']['caa_entry_custom']['title'] = 'Additional CAA DNS records';
+$lng['serversettings']['caa_entry_custom']['description']  = 'DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism which allows domain name holders to indicate to certificate authorities<br>whether they are authorized to issue digital certificates for a particular domain name. It does this by means of a new "CAA" Domain Name System (DNS) resource record.<br><br>The content of this field will be included into the DNS zone directly (each line results in a CAA record).<br>If Let\'s Encrypt is enabled for this domain, this entry will always be added automatically and does not need to be added manually:<br><code>0 issue "letsencrypt.org"</code> (If domain is a wildcard domain, issuewild will be used instead).<br>To enable Incident Reporting, you can add an <code>iodef</code> record. An example for sending such report to <code>me@example.com</code> would be:<br><code>0 iodef "mailto:me@example.com"</code><br><br><strong>Attention:</strong> The code won\'t be checked for any errors. If it contains errors, your CAA records might not work!';
+
 // Autoupdate
 $lng['admin']['autoupdate'] = 'Auto-Update';
 $lng['error']['customized_version'] = 'It looks like your Froxlor installation has been modified, no support sorry.';
@@ -1886,6 +1892,7 @@ $lng['tasks']['backup_customerfiles'] = 'Backup job for customer %loginname%';
 
 $lng['error']['dns_domain_nodns'] = 'DNS is not enabled for this domain';
 $lng['error']['dns_content_empty'] = 'No content given';
+$lng['error']['dns_content_invalid'] = 'DNS content invalid';
 $lng['error']['dns_arec_noipv4'] = 'No valid IP address for A-record given';
 $lng['error']['dns_aaaarec_noipv6'] = 'No valid IP address for AAAA-record given';
 $lng['error']['dns_mx_prioempty'] = 'Invalid MX priority given';
@@ -2051,6 +2058,7 @@ $lng['panel']['system_is_configured'] = 'System is already set as configured';
 $lng['panel']['settings_before_configuration'] = 'Please be sure you adjusted the settings prior to configuring the services here';
 $lng['panel']['alternative_cmdline_config'] = 'Alternatively, just run the following command as root-user in your shell to configure the services automatically';
 $lng['tasks']['remove_pdns_domain'] = 'Delete domain %s from PowerDNS database';
+$lng['tasks']['remove_ssl_domain'] = 'Delete ssl files of domain %s';
 $lng['admin']['novhostcontainer'] = '<br><br><small class="red">None of the IPs and ports has the "' . $lng['admin']['ipsandports']['create_vhostcontainer'] . '" option enabled, many settings here will not be available</small>';
 $lng['serversettings']['errorlog_level']['title'] = 'Error log-level';
 $lng['serversettings']['errorlog_level']['description'] = 'Specify the error log level. Default is "warn" for apache-users and "error" for nginx-users.';
@@ -2058,3 +2066,9 @@ $lng['serversettings']['letsencryptecc']['title'] = "Issue ECC / ECDSA certifica
 $lng['serversettings']['letsencryptecc']['description'] = "If set to a valid key-size the certificate issued will use ECC / ECDSA";
 $lng['serversettings']['froxloraliases']['title'] = "Domain aliases for froxlor vhost";
 $lng['serversettings']['froxloraliases']['description'] = "Comma separated list of domains to add as server alias to the froxlor vhost";
+
+$lng['serversettings']['ssl']['tlsv13_cipher_list']['title'] = 'Configure explicit TLSv1.3 ciphers if used';
+$lng['serversettings']['ssl']['tlsv13_cipher_list']['description'] = 'This is a list of ciphers that you want (or don\'t want) to use when talking TLSv1.3. For a list of ciphers and how to include/exclude them, see <a href="https://wiki.openssl.org/index.php/TLS1.3">the docs for TLSv1.3</a>.<br /><br /><b>Default value is empty</b>';
+$lng['usersettings']['api_allowed']['title'] = 'Allow API access';
+$lng['usersettings']['api_allowed']['description'] = 'When enabled in the settings, this user can create API keys and access the froxlor API';
+$lng['usersettings']['api_allowed']['notice'] = 'API access is not allowed for your account.';

lng/german.lng.php

@@ -1350,7 +1350,7 @@ $lng['domains']['serveraliasoption_www'] = 'www (www.domain.tld)';
 $lng['domains']['serveraliasoption_none'] = 'Kein Alias';
 $lng['error']['givendirnotallowed'] = 'Das angegebene Verzeichnis im Feld %s ist nicht erlaubt.';
 $lng['serversettings']['ssl']['ssl_cipher_list']['title'] = 'Erlaubte SSL Ciphers festlegen';
-$lng['serversettings']['ssl']['ssl_cipher_list']['description'] = 'Dies ist eine Liste von Ciphers, die genutzt werden sollen (oder auch nicht genutzt werden sollen), wenn eine SSL Verbindung besteht. Eine Liste aller Ciphers und wie diese hinzugefügt/ausgeschlossen werden ist in den Abschnitten "CIPHER LIST FORMAT" und "CIPHER STRINGS" in <a href="http://openssl.org/docs/apps/ciphers.html">der man-page für Ciphers</a> zu finden.<br /><br /><b>Standard-Wert ist:</b><pre>ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128</pre>';
+$lng['serversettings']['ssl']['ssl_cipher_list']['description'] = 'Dies ist eine Liste von Ciphers, die genutzt werden sollen (oder auch nicht genutzt werden sollen), wenn eine SSL Verbindung besteht. Eine Liste aller Ciphers und wie diese hinzugefügt/ausgeschlossen werden ist in den Abschnitten "CIPHER LIST FORMAT" und "CIPHER STRINGS" in <a href="https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html">der man-page für Ciphers</a> zu finden.<br /><br /><b>Standard-Wert ist:</b><pre>ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128</pre>';
 
 // Added in Froxlor 0.9.31
 $lng['panel']['dashboard'] = 'Dashboard';
@@ -1500,6 +1500,12 @@ $lng['serversettings']['leenabled']['title'] = "Let's Encrypt verwenden";
 $lng['serversettings']['leenabled']['description'] = "Wenn dies aktiviert ist, können Kunden durch Froxlor automatisch generierte und verlängerbare Let's Encrypt SSL-Zertifikate für Domains mit SSL IP/Port nutzen.<br /><br />Bitte die Webserver-Konfiguration beachten wenn aktiviert, da dieses Feature eine spezielle Konfiguration benötigt.";
 $lng['domains']['ssl_redirect_temporarilydisabled'] = "<br>Die SSL-Umleitung ist, während ein neues Let's Encrypt - Zertifikat erstellt wird, temporär deaktiviert. Die Umleitung wird nach der Zertifikatserstellung wieder aktiviert.";
 
+// Added for CAA record support
+$lng['serversettings']['caa_entry']['title'] = 'CAA DNS Einträge generieren';
+$lng['serversettings']['caa_entry']['description'] = 'Generiert CAA Einträge automatisch für alle Domains mit aktiviertem SSL und Let\'s Encrypt';
+$lng['serversettings']['caa_entry_custom']['title'] = 'Zusätzliche CAA DNS Einträge';
+$lng['serversettings']['caa_entry_custom']['description'] = 'DNS Certification Authority Authorization (CAA) verwendet das Domain Name System, um dem Besitzer einer Domain die Möglichkeit zu bieten, gewisse Zertifizierungsstellen (CAs) dazu zu berechtigen,<br>ein Zertifikat für die betroffene Domain auszustellen. CAA Records sollen verhindern, dass Zertifikate fälschlicherweise für eine Domain ausgestellt werden.<br><br>Der Inhalt dieses Feldes wird direkt in die DNS Zone übernommen (eine Zeile pro CAA Record). Wenn Let\'s Encrypt für eine Domain aktiviert wurde und die obige Option aktiviert wurde, wird immer automatisch dieser Eintrag angefügt und muss nicht selber angegeben werden:<br><code>0 issue "letsencrypt.org"</code> (Wenn wildcard aktiviert ist, wird statdessen issuewild benutzt).<br>Um Incident Reporting per Mail zu aktivieren, muss eine <code>iodef</code> Zeile angefügt werden. Ein Beispiel für einen Report an <code>me@example.com</code> wäre:<br><code>0 iodef "mailto:me@example.com"</code><br><br><strong>ACHTUNG:</strong> Der Code wird nicht auf Fehler geprüft. Etwaige Fehler werden also auch übernommen. Die CAA finalen Einträge könnten daher falsch sein!';
+
 // Autoupdate
 $lng['admin']['autoupdate'] = 'Auto-Update';
 $lng['error']['customized_version'] = 'Es scheint als wäre die Froxlor Installation angepasst worden. Kein Support, sorry.';
@@ -1537,6 +1543,7 @@ $lng['tasks']['backup_customerfiles'] = 'Datensicherung für Kunde %loginname%';
 
 $lng['error']['dns_domain_nodns'] = 'DNS ist für diese Domain nicht aktiviert';
 $lng['error']['dns_content_empty'] = 'Keinen Inhalt angegeben';
+$lng['error']['dns_content_invalid'] = 'DNS Eintrag ungültig';
 $lng['error']['dns_arec_noipv4'] = 'Keine gültige IP-Adresse für A-Eintrag angegeben';
 $lng['error']['dns_aaaarec_noipv6'] = 'Keine gültige IP-Adresse für AAAA-Eintrag angegeben';
 $lng['error']['dns_mx_prioempty'] = 'Ungültige MX Priorität angegeben';
@@ -1698,6 +1705,7 @@ $lng['panel']['system_is_configured'] = 'Das System ist bereits konfiguriert';
 $lng['panel']['settings_before_configuration'] = 'Stelle sicher, dass die Einstellungen angepasst wurden bevor die Dienste konfiguriert werden.';
 $lng['panel']['alternative_cmdline_config'] = 'Alternativ, führe den folgenden Befehl als root-Benutzer auf der Shell aus, um die Dienste automatisch zu konfigurieren.';
 $lng['tasks']['remove_pdns_domain'] = 'Lösche Domain %s von PowerDNS Datenbank';
+$lng['tasks']['remove_ssl_domain'] = 'Lösche SSL Dateien von Domain %s';
 $lng['admin']['novhostcontainer'] = '<br><br><small class="red">Keine der IPs und Ports hat die Option "' . $lng['admin']['ipsandports']['create_vhostcontainer'] . '" aktiviert, einige Einstellungen sind daher nicht verfügbar.</small>';
 $lng['serversettings']['errorlog_level']['title'] = 'Ausführlichkeit des Fehlerprotokolls';
 $lng['serversettings']['errorlog_level']['description'] = 'Steuert die Ausführlichkeit des Fehlerprotokolls. Voreinstellung ist "warn" bei Apache und "error" bei Nginx.';
@@ -1705,3 +1713,9 @@ $lng['serversettings']['letsencryptecc']['title'] = "ECC / ECDSA Zertifikate aus
 $lng['serversettings']['letsencryptecc']['description'] = "Wenn eine Schlüsselgröße ausgewählt wird, werden ECC / ECDSA Zertifikate erstellt";
 $lng['serversettings']['froxloraliases']['title'] = "Domain Aliase für Froxlor Vhost";
 $lng['serversettings']['froxloraliases']['description'] = "Komma getrennte Liste von Domains, welche als Server Alias zum Froxlor Vhost hinzugefügt werden";
+
+$lng['serversettings']['ssl']['tlsv13_cipher_list']['title'] = 'Explizite TLSv1.3 Ciphers, wenn genutzt';
+$lng['serversettings']['ssl']['tlsv13_cipher_list']['description'] = 'Dies ist eine Liste von Ciphers, die genutzt werden sollen (oder auch nicht genutzt werden sollen), wenn eine TLSv1.3 Verbindung hergestellt werden soll. Eine Liste aller Ciphers und wie diese hinzugefügt/ausgeschlossen werden ist <a href="https://wiki.openssl.org/index.php/TLS1.3">der Dokumentation für TLSv1.3</a> zu entnehmen.<br /><br /><b>Standard-Wert ist leer</b>';
+$lng['usersettings']['api_allowed']['title'] = 'Erlaube API Zugriff';
+$lng['usersettings']['api_allowed']['description'] = 'Wenn in den Einstellungen aktiviert, kann der Benutzer API Schlüssel erstellen und auf die froxlor API Zugreifen';
+$lng['usersettings']['api_allowed']['notice'] = 'API Zugriff ist für dieses Konto deaktiviert.';

lng/italian.lng.php

@@ -1571,7 +1571,7 @@ $lng['domains']['serveraliasoption_www'] = 'WWW (www.dominio.tld)';
 $lng['domains']['serveraliasoption_none'] = 'Nessun alias';
 $lng['error']['givendirnotallowed'] = 'La cartella fornita nel campo %s non è permessa.';
 $lng['serversettings']['ssl']['ssl_cipher_list']['title'] = 'Configura le cifrature SSL permesse';
-$lng['serversettings']['ssl']['ssl_cipher_list']['description'] = 'Questa è una lista di cifrature che vuoi (o non vuoi) usare nelle communicazioni SSL. Per una lista delle cifrature e come includerle od escluderle, vedi le sezioni "CIPHER LIST FORMAT" e "CIPHER STRINGS" sulla <a href="http://openssl.org/docs/apps/ciphers.html">man-page per le cifrature</a>.<br /><br /><b>Il valore predefinito è:</b><pre>ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH</pre>';
+$lng['serversettings']['ssl']['ssl_cipher_list']['description'] = 'Questa è una lista di cifrature che vuoi (o non vuoi) usare nelle communicazioni SSL. Per una lista delle cifrature e come includerle od escluderle, vedi le sezioni "CIPHER LIST FORMAT" e "CIPHER STRINGS" sulla <a href="https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html">man-page per le cifrature</a>.<br /><br /><b>Il valore predefinito è:</b><pre>ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH</pre>';
 $lng['panel']['dashboard'] = 'Cruscotto';
 $lng['panel']['assigned'] = 'Assegnato';
 $lng['panel']['available'] = 'Disponibile';

phpunit.xml

@@ -2,14 +2,13 @@
 <phpunit backupGlobals="false" backupStaticAttributes="false"
 	colors="false" convertErrorsToExceptions="true"
 	convertNoticesToExceptions="true" convertWarningsToExceptions="true"
-	processIsolation="false" stopOnFailure="false" syntaxCheck="false"
+	processIsolation="false" stopOnFailure="false"
 	bootstrap="tests/bootstrap.php">
 
 	<testsuites>
 		<testsuite name="froxlor">
 			<!-- we need to specify the order of the tests for dependency-reasons -->
 			<directory>tests/Global</directory>
-			<directory>tests/Froxlor</directory>
 			<directory>tests/Admins</directory>
 			<directory>tests/Customers</directory>
 			<directory>tests/IpsAndPorts</directory>
@@ -25,17 +24,16 @@
 			<directory>tests/Mysqls</directory>
 			<directory>tests/PhpAndFpm</directory>
 			<directory>tests/Traffic</directory>
+			<directory>tests/Froxlor</directory>
 		</testsuite>
 	</testsuites>
 
 	<logging>
-		<log type="coverage-html" target="build/coverage" title="froxlor"
-			charset="UTF-8" yui="true" highlight="true" lowUpperBound="35"
-			highLowerBound="70" />
+		<log type="coverage-html" target="build/coverage"
+			lowUpperBound="35" highLowerBound="70" />
 		<log type="coverage-clover" target="build/logs/clover.xml" />
 		<log type="coverage-crap4j" target="build/logs/crap4j.xml" />
-		<log type="junit" target="build/logs/junit.xml"
-			logIncompleteSkipped="false" />
+		<log type="junit" target="build/logs/junit.xml" />
 	</logging>
 
 	<filter>

templates/Sparkle/api_keys/keys_list.tpl

@@ -16,6 +16,15 @@
 			</div>
 		</if>
 
+		<if (int)$userinfo['api_allowed'] != 1>
+		<div class="messagewrapperfull">
+			<div class="warningcontainer bradius">
+				<div class="warningtitle">{$lng['admin']['warning']}</div>
+				<div class="warning">{$lng['usersettings']['api_allowed']['notice']}</div>
+			</div>
+		</div>
+		</if>
+
 		<section>
 
 			<form action="{$linker->getLink(array('section' => 'index', 'page' => $page))}" method="post" enctype="application/x-www-form-urlencoded">
@@ -26,10 +35,12 @@
 					{$searchcode}
 				</div>
 
+				<if (int)$userinfo['api_allowed'] == 1>
 				<div class="overviewadd">
 					<img src="templates/{$theme}/assets/img/icons/add.png" alt="" />
 					<a href="{$linker->getLink(array('section' => 'index', 'page' => $page, 'action' => 'add'))}">{$lng['apikeys']['key_add']}</a>
 				</div>
+				</if>
 
 				<table class="full hl">
 					<thead>
@@ -58,11 +69,13 @@
 			</form>
 
 			<if 15 < $count >
+			<if (int)$userinfo['api_allowed'] == 1>
 			<div class="overviewadd">
 				<img src="templates/{$theme}/assets/img/icons/add.png" alt="" />
 				<a href="{$linker->getLink(array('section' => 'index', 'page' => $page, 'action' => 'add'))}">{$lng['apikeys']['key_add']}</a>
 			</div>
 			</if>
+			</if>
 		</section>
 	</article>
 $footer

templates/Sparkle/assets/js/customers.js

@@ -31,7 +31,7 @@ $(document).ready(function() {
 		        dataType: "json",
 		        success: function(json) {
 				for (var i in json) {
-		        		if (i == 'email_imap' || i == 'email_pop3' || i == 'perlenabled' || i == 'phpenabled' || i == 'dnsenabled') {
+					if (i == 'email_imap' || i == 'email_pop3' || i == 'perlenabled' || i == 'phpenabled' || i == 'dnsenabled' || i == 'logviewenabled') {
 		        			/** handle checkboxes **/
 		        			if (json[i] == 1) {
 		        				$("input[name='"+i+"']").prop('checked', true);

templates/Sparkle/misc/ownershiphint.tpl

@@ -25,7 +25,7 @@
 					<p>&nbsp;</p>
 					<p>This mostly happens due to wrong ownership.<br />Try the following command to correct the ownership:</p>
 					<p>&nbsp;</p>
-					<p><pre>chown -R <USER>:<GROUP> <\Froxlor\Froxlor::getInstallDir()></pre></p>
+					<p><pre>chown -R <USER>:<GROUP> <FROXLOR_INSTALL_DIR></pre></p>
 				</div>
 			</div>
 			<aside class="right">

templates/Sparkle/misc/vendormissinghint.tpl

@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+	<meta charset="utf-8" />
+	<meta http-equiv="Default-Style" content="text/css" />
+	<link rel="stylesheet" href="templates/Sparkle/assets/css/main.css" />
+	<!--[if IE]><link rel="stylesheet" href="templates/Sparkle/assets/css/main_ie.css" /><![endif]-->
+	<!--[if lt IE 9]><script src="js/html5shiv.min.js"></script><![endif]-->
+	<link href="templates/Sparkle/assets/img/favicon.ico" rel="icon" type="image/x-icon" />
+	<title>Froxlor Server Management Panel - Installation</title>
+</head>
+<body>
+<div class="loginpage">
+	
+	<article class="errorbox bradius">
+		<header class="dark">
+			<img src="templates/Sparkle/assets/img/logo.png" alt="Froxlor Server Management Panel" />
+		</header>
+
+		<section class="errorsec">
+			<div class="errorcontainer bradius">
+				<div class="errortitle">Whoops!</div>
+				<div class="error">
+					<p>It seems you are missing some required files.</p>
+					<p>&nbsp;</p>
+					<p>Froxlor uses composer for its external requirements.<br />Try the following command to install them:</p>
+					<p>&nbsp;</p>
+					<p><pre>cd <FROXLOR_INSTALL_DIR> && composer install --no-dev</pre></p>
+				</div>
+			</div>
+			<aside class="right">
+				<a href="index.php" title="Click to refresh">Refresh</a>
+			</aside>
+		</section>
+
+	</article>
+
+</div>
+<footer>
+	<span>
+		Froxlor &copy; 2009-<CURRENT_YEAR> by <a href="https://www.froxlor.org/" rel="external">the Froxlor Team</a>
+	</span>
+</footer>
+</body>
+</html>

tests/Customers/CustomersTest.php

@@ -5,6 +5,7 @@ use Froxlor\Settings;
 use Froxlor\Database\Database;
 use Froxlor\Api\Commands\Admins;
 use Froxlor\Api\Commands\Customers;
+use Froxlor\Api\Commands\SubDomains;
 
 /**
  *
@@ -58,6 +59,11 @@ class CustomersTest extends TestCase
 		$this->assertEquals(1337, $result['customernumber']);
 		$this->assertEquals(15, $result['subdomains']);
 		$this->assertEquals('secret', $result['custom_notes']);
+
+		// validate that the std-subdomain has been added
+		$json_result = SubDomains::getLocal($admin_userdata, array('id' => $result['standardsubdomain']))->get();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertEquals('test1.dev.froxlor.org', $result['domain']);
 	}
 
 	public function testAdminCustomersAddEmptyMail()
@@ -224,7 +230,7 @@ class CustomersTest extends TestCase
 
 	/**
 	 *
-	 * @depends testAdminCustomersAdd
+	 * @depends testAdminCustomerUpdateDeactivate
 	 */
 	public function testCustomerCustomersGetWhenDeactivated()
 	{
@@ -246,7 +252,7 @@ class CustomersTest extends TestCase
 
 	/**
 	 *
-	 * @depends testAdminCustomersAdd
+	 * @depends testCustomerCustomersGetWhenDeactivated
 	 */
 	public function testCustomerCustomersUpdate()
 	{
@@ -447,7 +453,7 @@ class CustomersTest extends TestCase
 			'mysqls' => 15,
 			'createstdsubdomain' => 1,
 			'new_customer_password' => 'h0lYmo1y',
-			'sendpassword' => 1,
+			'sendpassword' => TRAVIS_CI == 1 ? 0 : 1,
 			'phpenabled' => 1,
 			'store_defaultindex' => 1,
 			'custom_notes' => 'secret',
@@ -537,15 +543,16 @@ class CustomersTest extends TestCase
 	{
 		global $admin_userdata;
 
+		$loginname = str_repeat("x", \Froxlor\Database\Database::getSqlUsernameLength() + 1);
 		$data = [
-			'new_loginname' => 'useruseruseruseruseruserX',
+			'new_loginname' => $loginname,
 			'email' => 'team@froxlor.org',
 			'firstname' => 'Test2',
 			'name' => 'Testman2',
 			'customernumber' => 1339
 		];
 
-		$this->expectExceptionMessage('Loginname contains too many characters. Only ' . (14 - strlen(Settings::Get('customer.mysqlprefix'))) . ' characters are allowed.');
+		$this->expectExceptionMessage('Loginname contains too many characters. Only ' . (\Froxlor\Database\Database::getSqlUsernameLength() - strlen(Settings::Get('customer.mysqlprefix'))) . ' characters are allowed.');
 		Customers::getLocal($admin_userdata, $data)->add();
 	}
 }

tests/Customers/HostingPlansTest.php

@@ -0,0 +1,303 @@
+<?php
+use PHPUnit\Framework\TestCase;
+
+use Froxlor\Settings;
+use Froxlor\Database\Database;
+use Froxlor\Api\Commands\Admins;
+use Froxlor\Api\Commands\Customers;
+use Froxlor\Api\Commands\HostingPlans;
+
+/**
+ *
+ * @covers \Froxlor\Api\ApiCommand
+ * @covers \Froxlor\Api\ApiParameter
+ * @covers \Froxlor\Api\Commands\HostingPlans
+ * @covers \Froxlor\Api\Commands\Customers
+ */
+class HostingPlansTest extends TestCase
+{
+
+	public function testAdminPlanAdd()
+	{
+		global $admin_userdata;
+
+		$data = [
+			'name' => 'test',
+			'description' => 'first test plan',
+			'diskspace' => 0,
+			'diskspace_ul' => 1,
+			'traffic' => - 1,
+			'subdomains' => 15,
+			'emails' => - 1,
+			'email_accounts' => 15,
+			'email_forwarders' => 15,
+			'email_imap' => 1,
+			'email_pop3' => 0,
+			'ftps' => 15,
+			'mysqls' => 15,
+			'phpenabled' => 1,
+			'dnsenabled' => 1,
+			'allowed_phpconfigs' => array(
+				1
+			)
+		];
+
+		$json_result = HostingPlans::getLocal($admin_userdata, $data)->add();
+		$result = json_decode($json_result, true)['data'];
+		$result['value'] = json_decode($result['value'], true);
+		foreach ($result['value'] as $index => $value) {
+			$result[$index] = $value;
+		}
+		$this->assertEquals('test', $result['name']);
+		$this->assertEquals(- 1, $result['diskspace']);
+		$this->assertEquals(15, $result['email_accounts']);
+		$this->assertEquals([
+			1
+		], $result['allowed_phpconfigs']);
+	}
+
+	public function testAdminPlanAddEmptyName()
+	{
+		global $admin_userdata;
+
+		$data = [
+			'description' => 'test plan'
+		];
+
+		$this->expectExceptionMessage('Requested parameter "name" could not be found for "HostingPlans:add"');
+		HostingPlans::getLocal($admin_userdata, $data)->add();
+
+		$data['name'] = null;
+		$this->expectExceptionMessage('Requested parameter "name" is empty where it should not be for "HostingPlans:add"');
+		HostingPlans::getLocal($admin_userdata, $data)->add();
+	}
+
+	/**
+	 *
+	 * @depends testAdminPlanAdd
+	 */
+	public function testAdminPlanList()
+	{
+		global $admin_userdata;
+
+		$json_result = HostingPlans::getLocal($admin_userdata)->listing();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertEquals(1, $result['count']);
+	}
+
+	/**
+	 *
+	 * @depends testAdminPlanAdd
+	 */
+	public function testResellerPlanList()
+	{
+		global $admin_userdata;
+		// get reseller
+		$json_result = Admins::getLocal($admin_userdata, array(
+			'loginname' => 'reseller'
+		))->get();
+		$reseller_userdata = json_decode($json_result, true)['data'];
+		$reseller_userdata['adminsession'] = 1;
+		$json_result = HostingPlans::getLocal($reseller_userdata)->listing();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertEquals(0, $result['count']);
+	}
+
+	/**
+	 *
+	 * @depends testAdminPlanAdd
+	 */
+	public function testCustomerPlanList()
+	{
+		global $admin_userdata;
+		// get customer
+		$json_result = Customers::getLocal($admin_userdata, array(
+			'id' => 1
+		))->get();
+		$customer_userdata = json_decode($json_result, true)['data'];
+
+		$this->expectExceptionCode(403);
+		$this->expectExceptionMessage("Not allowed to execute given command.");
+
+		$json_result = HostingPlans::getLocal($customer_userdata)->listing();
+	}
+
+	public function testCustomerPlanAdd()
+	{
+		global $admin_userdata;
+		// get customer
+		$json_result = Customers::getLocal($admin_userdata, array(
+			'id' => 1
+		))->get();
+		$customer_userdata = json_decode($json_result, true)['data'];
+
+		$this->expectExceptionCode(403);
+		$this->expectExceptionMessage("Not allowed to execute given command.");
+
+		$json_result = HostingPlans::getLocal($customer_userdata)->add();
+	}
+
+	public function testCustomerPlanGet()
+	{
+		global $admin_userdata;
+		// get customer
+		$json_result = Customers::getLocal($admin_userdata, array(
+			'id' => 1
+		))->get();
+		$customer_userdata = json_decode($json_result, true)['data'];
+
+		$this->expectExceptionCode(403);
+		$this->expectExceptionMessage("Not allowed to execute given command.");
+
+		$json_result = HostingPlans::getLocal($customer_userdata)->get();
+	}
+
+	public function testCustomerPlanUpdate()
+	{
+		global $admin_userdata;
+		// get customer
+		$json_result = Customers::getLocal($admin_userdata, array(
+			'id' => 1
+		))->get();
+		$customer_userdata = json_decode($json_result, true)['data'];
+
+		$this->expectExceptionCode(403);
+		$this->expectExceptionMessage("Not allowed to execute given command.");
+
+		$json_result = HostingPlans::getLocal($customer_userdata)->update();
+	}
+
+	public function testCustomerPlanDelete()
+	{
+		global $admin_userdata;
+		// get customer
+		$json_result = Customers::getLocal($admin_userdata, array(
+			'id' => 1
+		))->get();
+		$customer_userdata = json_decode($json_result, true)['data'];
+
+		$this->expectExceptionCode(403);
+		$this->expectExceptionMessage("Not allowed to execute given command.");
+
+		$json_result = HostingPlans::getLocal($customer_userdata)->delete();
+	}
+
+	public function testAdminPlanGetNotFound()
+	{
+		global $admin_userdata;
+		$this->expectExceptionCode(404);
+		$this->expectExceptionMessage("Hosting-plan with id #999 could not be found");
+		HostingPlans::getLocal($admin_userdata, array(
+			'id' => 999
+		))->get();
+	}
+
+	/**
+	 *
+	 * @depends testAdminPlanAdd
+	 */
+	public function testAdminPlanUpdate()
+	{
+		global $admin_userdata;
+
+		HostingPlans::getLocal($admin_userdata, array(
+			'planname' => 'test',
+			'name' => '',
+			'ftps' => '20'
+		))->update();
+
+		$json_result = HostingPlans::getLocal($admin_userdata, array(
+			'planname' => 'test'
+		))->get();
+		$result = json_decode($json_result, true)['data'];
+		$result['value'] = json_decode($result['value'], true);
+		foreach ($result['value'] as $index => $value) {
+			$result[$index] = $value;
+		}
+		$this->assertEquals(20, $result['ftps']);
+		$this->assertEquals(- 1, $result['diskspace']);
+		$this->assertEquals(15, $result['email_accounts']);
+		$this->assertEquals([
+			1
+		], $result['allowed_phpconfigs']);
+	}
+
+	public function testResellerPlanDeleteNotOwned()
+	{
+		global $admin_userdata;
+		// get reseller
+		$json_result = Admins::getLocal($admin_userdata, array(
+			'loginname' => 'reseller'
+		))->get();
+		$reseller_userdata = json_decode($json_result, true)['data'];
+		$reseller_userdata['adminsession'] = 1;
+		$this->expectExceptionCode(404);
+		HostingPlans::getLocal($reseller_userdata, array(
+			'planname' => 'test'
+		))->delete();
+	}
+
+	/**
+	 *
+	 * @depends testAdminPlanAdd
+	 */
+	public function testAdminPlanDelete()
+	{
+		global $admin_userdata;
+		// add new customer
+		$data = [
+			'name' => 'test2',
+			'description' => 'second test plan'
+		];
+		HostingPlans::getLocal($admin_userdata, $data)->add();
+		$json_result = HostingPlans::getLocal($admin_userdata, array(
+			'planname' => 'test2'
+		))->delete();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertEquals('test2', $result['name']);
+	}
+
+	/**
+	 *
+	 * @depends testAdminPlanAdd
+	 */
+	public function testAdminCustomersAddWithHostingPlan()
+	{
+		global $admin_userdata;
+
+		$json_result = HostingPlans::getLocal($admin_userdata, array(
+			'planname' => 'test'
+		))->get();
+		$result = json_decode($json_result, true)['data'];
+
+		$data = [
+			'new_loginname' => 'test1hp',
+			'email' => 'team@froxlor.org',
+			'firstname' => 'Test',
+			'name' => 'Testman',
+			'customernumber' => 1337,
+			'createstdsubdomain' => 0,
+			'new_customer_password' => 'h0lYmo1y',
+			'sendpassword' => TRAVIS_CI == 1 ? 0 : 1,
+			'store_defaultindex' => 1,
+			'custom_notes' => 'secret',
+			'custom_notes_show' => 0,
+			'gender' => 5,
+			'hosting_plan_id' => $result['id']
+		];
+
+		$json_result = Customers::getLocal($admin_userdata, $data)->add();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertEquals(- 1024, $result['diskspace']);
+		$this->assertEquals(15, $result['subdomains']);
+		$this->assertEquals(1, $result['phpenabled']);
+		$this->assertJsonStringEqualsJsonString(json_encode([
+			1
+		]), $result['allowed_phpconfigs']);
+
+		// remove customer
+		Customers::getLocal($admin_userdata, array(
+			'loginname' => 'test1hp'
+		))->delete();
+	}
+}

tests/DomainZones/DomainZonesTest.php

@@ -277,6 +277,366 @@ class DomainZonesTest extends TestCase
 		DomainZones::getLocal($admin_userdata, $data)->add();
 	}
 
+	public function testAdminDomainZonesAddCAAIssue()
+	{
+		global $admin_userdata;
+
+		$content = '0 issue "letsencrypt.org"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$json_result = DomainZones::getLocal($admin_userdata, $data)->add();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertTrue(count($result) > 1);
+		$found = false;
+		foreach ($result as $entry) {
+			if (substr($entry, -strlen($content)) == $content) {
+				$found = true;
+				break;
+			}
+		}
+		$this->assertTrue($found);
+		$this->assertEquals('@	18000	IN	CAA	0 issue "letsencrypt.org"', $entry);
+	}
+
+	public function testAdminDomainZonesAddCAAIssueWithParameters()
+	{
+		global $admin_userdata;
+
+		$content = '0 issue "letsencrypt.org; account=230123"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$json_result = DomainZones::getLocal($admin_userdata, $data)->add();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertTrue(count($result) > 1);
+		$found = false;
+		foreach ($result as $entry) {
+			if (substr($entry, strlen($content) * - 1) == $content) {
+				$found = true;
+				break;
+			}
+		}
+		$this->assertTrue($found);
+		$this->assertEquals('@	18000	IN	CAA	'.$content, $entry);
+	}
+
+	public function testAdminDomainZonesAddCAAIssueWithTwoParameters()
+	{
+		global $admin_userdata;
+
+		$content = '0 issue "letsencrypt.org; account=230123 policy=ev"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$json_result = DomainZones::getLocal($admin_userdata, $data)->add();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertTrue(count($result) > 1);
+		$found = false;
+		foreach ($result as $entry) {
+			if (substr($entry, strlen($content) * - 1) == $content) {
+				$found = true;
+				break;
+			}
+		}
+		$this->assertTrue($found);
+		$this->assertEquals('@	18000	IN	CAA	'.$content, $entry);
+	}
+
+	public function testAdminDomainZonesAddCAAInvalidIssueValue()
+	{
+		global $admin_userdata;
+
+		$content = '0 issue ""letsencrypt.org"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$this->expectExceptionMessage("DNS content invalid");
+		DomainZones::getLocal($admin_userdata, $data)->add();
+	}
+
+	public function testAdminDomainZonesAddCAAInvalidIssueDomain()
+	{
+		global $admin_userdata;
+
+		$content = '0 issue "no-valid-domain"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$this->expectExceptionMessage("DNS content invalid");
+		DomainZones::getLocal($admin_userdata, $data)->add();
+	}
+
+	public function testAdminDomainZonesAddCAAInvalidIssueTld()
+	{
+		global $admin_userdata;
+
+		$content = '0 issue "no-valid-domai.n"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$this->expectExceptionMessage("DNS content invalid");
+		DomainZones::getLocal($admin_userdata, $data)->add();
+	}
+
+	public function testAdminDomainZonesAddCAAIssueWild()
+	{
+		global $admin_userdata;
+
+		$content = '0 issuewild "letsencrypt.org"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$json_result = DomainZones::getLocal($admin_userdata, $data)->add();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertTrue(count($result) > 1);
+		$found = false;
+		foreach ($result as $entry) {
+			if (substr($entry, strlen($content) * - 1) == $content) {
+				$found = true;
+				break;
+			}
+		}
+		$this->assertTrue($found);
+		$this->assertEquals('@	18000	IN	CAA	'.$content, $entry);
+	}
+
+	public function testAdminDomainZonesAddCAAIssueWildWithParameters()
+	{
+		global $admin_userdata;
+
+		$content = '0 issuewild "letsencrypt.org; account=230123"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$json_result = DomainZones::getLocal($admin_userdata, $data)->add();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertTrue(count($result) > 1);
+		$found = false;
+		foreach ($result as $entry) {
+			if (substr($entry, strlen($content) * - 1) == $content) {
+				$found = true;
+				break;
+			}
+		}
+		$this->assertTrue($found);
+		$this->assertEquals('@	18000	IN	CAA	'.$content, $entry);
+	}
+
+	public function testAdminDomainZonesAddCAAIssueWildWithTwoParameters()
+	{
+		global $admin_userdata;
+
+		$content = '0 issuewild "letsencrypt.org; account=230123 policy=ev"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$json_result = DomainZones::getLocal($admin_userdata, $data)->add();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertTrue(count($result) > 1);
+		$found = false;
+		foreach ($result as $entry) {
+			if (substr($entry, strlen($content) * - 1) == $content) {
+				$found = true;
+				break;
+			}
+		}
+		$this->assertTrue($found);
+		$this->assertEquals('@	18000	IN	CAA	'.$content, $entry);
+	}
+
+	public function testAdminDomainZonesAddCAAInvalidIssueWildValue()
+	{
+		global $admin_userdata;
+
+		$content = '0 issuewild ""letsencrypt.org"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$this->expectExceptionMessage("DNS content invalid");
+		DomainZones::getLocal($admin_userdata, $data)->add();
+	}
+
+	public function testAdminDomainZonesAddCAAInvalidIssueWildDomain()
+	{
+		global $admin_userdata;
+
+		$content = '0 issuewild "no-valid-domain"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$this->expectExceptionMessage("DNS content invalid");
+		DomainZones::getLocal($admin_userdata, $data)->add();
+	}
+
+	public function testAdminDomainZonesAddCAAInvalidIssueWildTld()
+	{
+		global $admin_userdata;
+
+		$content = '0 issuewild "no-valid-domai.n"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$this->expectExceptionMessage("DNS content invalid");
+		DomainZones::getLocal($admin_userdata, $data)->add();
+	}
+
+	public function testAdminDomainZonesAddCAAIodefMail()
+	{
+		global $admin_userdata;
+
+		$content = '0 iodef "mailto:security@example.com"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$json_result = DomainZones::getLocal($admin_userdata, $data)->add();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertTrue(count($result) > 1);
+		$found = false;
+		foreach ($result as $entry) {
+			if (substr($entry, strlen($content) * - 1) == $content) {
+				$found = true;
+				break;
+			}
+		}
+		$this->assertTrue($found);
+		$this->assertEquals('@	18000	IN	CAA	'.$content, $entry);
+	}
+
+	public function testAdminDomainZonesAddCAAIodefMailInvalid()
+	{
+		global $admin_userdata;
+
+		$content = '0 iodef "mailtosecurity@example.com"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$this->expectExceptionMessage("DNS content invalid");
+		DomainZones::getLocal($admin_userdata, $data)->add();
+	}
+
+	public function testAdminDomainZonesAddCAAIodefHttp()
+	{
+		global $admin_userdata;
+
+		$content = '0 iodef "http://iodef.example.com/"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$json_result = DomainZones::getLocal($admin_userdata, $data)->add();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertTrue(count($result) > 1);
+		$found = false;
+		foreach ($result as $entry) {
+			if (substr($entry, strlen($content) * - 1) == $content) {
+				$found = true;
+				break;
+			}
+		}
+		$this->assertTrue($found);
+		$this->assertEquals('@	18000	IN	CAA	'.$content, $entry);
+	}
+
+	public function testAdminDomainZonesAddCAAIodefHttpInvalid()
+	{
+		global $admin_userdata;
+
+		$content = '0 iodef "http:/iodef.example.com/"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$this->expectExceptionMessage("DNS content invalid");
+		DomainZones::getLocal($admin_userdata, $data)->add();
+	}
+
+	public function testAdminDomainZonesAddCAAIodefHttps()
+	{
+		global $admin_userdata;
+
+		$content = '0 iodef "https://iodef.example.com/"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$json_result = DomainZones::getLocal($admin_userdata, $data)->add();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertTrue(count($result) > 1);
+		$found = false;
+		foreach ($result as $entry) {
+			if (substr($entry, strlen($content) * - 1) == $content) {
+				$found = true;
+				break;
+			}
+		}
+		$this->assertTrue($found);
+		$this->assertEquals('@	18000	IN	CAA	'.$content, $entry);
+	}
+
+	public function testAdminDomainZonesAddCAAIodefHttpsInvalid()
+	{
+		global $admin_userdata;
+
+		$content = '0 iodef "https:/iodef.example.com/"';
+		$data = [
+			'domainname' => 'test2.local',
+			'record' => '@',
+			'type' => 'CAA',
+			'content' => $content,
+		];
+		$this->expectExceptionMessage("DNS content invalid");
+		DomainZones::getLocal($admin_userdata, $data)->add();
+	}
+
 	public function testAdminDomainZonesAddCname()
 	{
 		global $admin_userdata;

tests/Domains/DomainsTest.php

@@ -119,7 +119,7 @@ class DomainsTest extends TestCase
 			'customerid' => 1
 		];
 		$this->expectExceptionMessage('The server-hostname cannot be used as customer-domain.');
-		$json_result = Domains::getLocal($admin_userdata, $data)->add();
+		Domains::getLocal($admin_userdata, $data)->add();
 	}
 
 	public function testAdminDomainsAddNoPunycode()