fix deactivated check in api

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

actions/admin/settings/131.ssl.php

@@ -122,10 +122,7 @@ return array(
 					'type' => 'bool',
 					'default' => true,
 					'save_method' => 'storeSettingField',
-					'visible' => \Froxlor\Settings::Get('system.use_ssl') && (\Froxlor\Settings::Get('system.webserver') == "nginx" || (\Froxlor\Settings::Get('system.webserver') == "apache2" && \Froxlor\Settings::Get('system.apache24') == 1)) && call_user_func(array(
+					'visible' => \Froxlor\Settings::Get('system.use_ssl') && (\Froxlor\Settings::Get('system.webserver') == "nginx" || (\Froxlor\Settings::Get('system.webserver') == "apache2" && \Froxlor\Settings::Get('system.apache24') == 1))
-						'\Froxlor\Settings\FroxlorVhostSettings',
-						'hasVhostContainerEnabled'
-					), true)
 				),
 				'system_leenabled' => array(
 					'label' => $lng['serversettings']['leenabled'],

admin_domains.php

@@ -39,7 +39,7 @@ if ($page == 'domains' || $page == 'overview') {
 
 		$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, "viewed admin_domains");
 		$fields = array(
-			'd.domain' => $lng['domains']['domainname'],
+			'd.domain_ace' => $lng['domains']['domainname'],
 			'c.name' => $lng['customer']['name'],
 			'c.firstname' => $lng['customer']['firstname'],
 			'c.company' => $lng['customer']['company'],

admin_ipsandports.php

@@ -160,5 +160,14 @@ if ($page == 'ipsandports' || $page == 'overview') {
 				eval("echo \"" . \Froxlor\UI\Template::getTemplate("ipsandports/ipsandports_edit") . "\";");
 			}
 		}
+	} elseif ($action == 'jqCheckIP') {
+		$ip = $_POST['ip'] ?? "";
+		if ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE) == false) {
+			// returns notice if private network detected so we can display it
+			echo json_encode($lng['admin']['ipsandports']['ipnote']);
+		} else {
+			echo 0;
+		}
+		exit();
 	}
 }

customer_domains.php

@@ -42,7 +42,7 @@ if ($page == 'overview') {
 	if ($action == '') {
 		$log->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, "viewed customer_domains::domains");
 		$fields = array(
-			'd.domain' => $lng['domains']['domainname'],
+			'd.domain_ace' => $lng['domains']['domainname'],
 			'd.aliasdomain' => $lng['domains']['aliasdomain']
 		);
 		try {

customer_email.php

@@ -44,7 +44,7 @@ if ($page == 'overview') {
 	if ($action == '') {
 		$log->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, "viewed customer_email::emails");
 		$fields = array(
-			'd.domain' => $lng['domains']['domainname'],
+			'd.domain_ace' => $lng['domains']['domainname'],
 			'm.email_full' => $lng['emails']['emailaddress'],
 			'm.destination' => $lng['emails']['forwarders']
 		);
@@ -76,7 +76,7 @@ if ($page == 'overview') {
 			$emails[$row['domain']][$row['email_full']] = $row;
 		}
 
-		if ($paging->sortfield == 'd.domain' && $paging->sortorder == 'desc') {
+		if ($paging->sortfield == 'd.domain_ace' && $paging->sortorder == 'desc') {
 			krsort($emails);
 		} else {
 			ksort($emails);
@@ -129,16 +129,15 @@ if ($page == 'overview') {
 			}
 		}
 
-		$json_result = SubDomains::getLocal($userinfo, [
+		$result_stmt = Database::prepare("
-			'sql_search' => [
+			SELECT COUNT(`id`) as emaildomains
-				'd.isemaildomain' => [
+			FROM `" . TABLE_PANEL_DOMAINS . "`
-					'value' => 1,
+			WHERE `customerid`= :cid AND `isemaildomain` = '1'
-					'op' => '='
+		");
-				]
+		$result = Database::pexecute_first($result_stmt, array(
-			]
+			"cid" => $userinfo['customerid']
-		])->listing();
+		));
-		$result = json_decode($json_result, true)['data'];
+		$emaildomains_count = $result['emaildomains'];
-		$emaildomains_count = $result['count'];
 
 		eval("echo \"" . \Froxlor\UI\Template::getTemplate("email/emails") . "\";");
 	} elseif ($action == 'delete' && $id != 0) {
@@ -196,7 +195,7 @@ if ($page == 'overview') {
 				$result_stmt = Database::prepare("SELECT `id`, `domain`, `customerid` FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `customerid`= :cid
 					AND `isemaildomain`='1'
-					ORDER BY `domain` ASC");
+					ORDER BY `domain_ace` ASC");
 				Database::pexecute($result_stmt, array(
 					"cid" => $userinfo['customerid']
 				));

index.php

@@ -393,7 +393,7 @@ if ($action == 'forgotpwd') {
 	if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		$loginname = \Froxlor\Validate\Validate::validate($_POST['loginname'], 'loginname');
 		$email = \Froxlor\Validate\Validate::validateEmail($_POST['loginemail'], 'email');
-		$result_stmt = Database::prepare("SELECT `adminid`, `customerid`, `firstname`, `name`, `company`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_CUSTOMERS . "`
+		$result_stmt = Database::prepare("SELECT `adminid`, `customerid`, `customernumber`, `firstname`, `name`, `company`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_CUSTOMERS . "`
 			WHERE `loginname`= :loginname
 			AND `email`= :email");
 		Database::pexecute($result_stmt, array(
@@ -481,6 +481,10 @@ if ($action == 'forgotpwd') {
 
 					$replace_arr = array(
 						'SALUTATION' => \Froxlor\User::getCorrectUserSalutation($user),
+						'NAME' => $user['name'],
+						'FIRSTNAME' => $user['firstname'] ?? "",
+						'COMPANY' => $user['company'] ?? "",
+						'CUSTOMER_NO' => $user['customernumber'] ?? 0,
 						'USERNAME' => $loginname,
 						'LINK' => $activationlink
 					);
@@ -598,21 +602,18 @@ if ($action == 'resetpwd') {
 				));
 
 				if ($result !== false) {
-					if ($result['admin'] == 1) {
+					try {
-						$new_password = \Froxlor\Validate\Validate::validate($_POST['new_password'], 'new password');
+						$new_password = \Froxlor\System\Crypt::validatePassword($_POST['new_password'], true);
-						$new_password_confirm = \Froxlor\Validate\Validate::validate($_POST['new_password_confirm'], 'new password confirm');
+						$new_password_confirm = \Froxlor\System\Crypt::validatePassword($_POST['new_password_confirm'], true);
-					} else {
+					} catch (Exception $e) {
-						$new_password = \Froxlor\System\Crypt::validatePassword($_POST['new_password'], 'new password');
+						$message = $e->getMessage();
-						$new_password_confirm = \Froxlor\System\Crypt::validatePassword($_POST['new_password_confirm'], 'new password confirm');
 					}
 
-					if ($new_password == '') {
+					if (empty($message) && (empty($new_password) || $new_password != $new_password_confirm)) {
-						$message = $new_password;
+						$message = $lng['error']['newpasswordconfirmerror'];
-					} elseif ($new_password_confirm == '') {
+					}
-						$message = $new_password_confirm;
+
-					} elseif ($new_password != $new_password_confirm) {
+					if (empty($message)) {
-						$message = $new_password . " != " . $new_password_confirm;
-					} else {
 						// Update user password
 						if ($result['admin'] == 1) {
 							$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_ADMINS . "`

install/froxlor.sql

@@ -224,6 +224,7 @@ DROP TABLE IF EXISTS `panel_domains`;
 CREATE TABLE `panel_domains` (
   `id` int(11) unsigned NOT NULL auto_increment,
   `domain` varchar(255) NOT NULL default '',
+  `domain_ace` varchar(255) NOT NULL default '',
   `adminid` int(11) unsigned NOT NULL default '0',
   `customerid` int(11) unsigned NOT NULL default '0',
   `aliasdomain` int(11) unsigned NULL,
@@ -703,8 +704,8 @@ opcache.interned_strings_buffer'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
 	('panel', 'customer_hide_options', ''),
 	('panel', 'is_configured', '0'),
-	('panel', 'version', '0.10.13'),
+	('panel', 'version', '0.10.14'),
-	('panel', 'db_version', '201912313');
+	('panel', 'db_version', '202002290');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;

install/lib/class.FroxlorInstall.php

@@ -333,21 +333,26 @@ class FroxlorInstall
 
 		// test if we can store the userdata.inc.php in ../lib
 		$userdata_file = dirname(dirname(dirname(__FILE__))) . '/lib/userdata.inc.php';
-		if ($fp = @fopen($userdata_file, 'w')) {
+		if (@touch($userdata_file) && @chmod($userdata_file, 0400) && @is_writable($userdata_file)) {
-			$result = @fputs($fp, $userdata, strlen($userdata));
+			$fp = @fopen($userdata_file, 'w');
+			@fputs($fp, $userdata, strlen($userdata));
 			@fclose($fp);
 			$content .= $this->_status_message('green', 'OK');
-			chmod($userdata_file, 0440);
+		} else {
-		} elseif ($fp = @fopen('/tmp/userdata.inc.php', 'w')) {
+			// try creating it in a temporary file
-			$result = @fputs($fp, $userdata, strlen($userdata));
+			$temp_file = @tempnam(sys_get_temp_dir(), 'fx');
+			if ($temp_file) {
+				chmod($temp_file, 0400);
+				$fp = @fopen($temp_file, 'w');
+				@fputs($fp, $userdata, strlen($userdata));
 				@fclose($fp);
-			$content .= $this->_status_message('orange', $this->_lng['install']['creating_configfile_temp']);
+				$content .= $this->_status_message('orange', sprintf($this->_lng['install']['creating_configfile_temp'], $temp_file));
-			chmod('/tmp/userdata.inc.php', 0440);
 			} else {
 				$content .= $this->_status_message('red', $this->_lng['install']['creating_configfile_failed']);
 				$escpduserdata = nl2br(htmlspecialchars($userdata));
 				eval("\$content .= \"" . $this->_getTemplate("textarea") . "\";");
 			}
+		}
 
 		return $content;
 	}
@@ -563,7 +568,7 @@ class FroxlorInstall
 			for ($i = 0; $i < sizeof($sql_query); $i ++) {
 				if (trim($sql_query[$i]) != '') {
 					try {
-						$result = $db->query($sql_query[$i]);
+						$db->query($sql_query[$i]);
 					} catch (\PDOException $e) {
 						$content .= $this->_status_message('red', $e->getMessage());
 						$fatal_fail = true;
@@ -730,7 +735,7 @@ class FroxlorInstall
 			}
 
 			if ($do_backup) {
-				$command = $mysql_dump . " " . $this->_data['mysql_database'] . " -u " . $this->_data['mysql_root_user'] . " --password='" . $this->_data['mysql_root_pass'] . "' --result-file=" . $filename;
+				$command = $mysql_dump . " " . escapeshellarg($this->_data['mysql_database']) . " -u " . escapeshellarg($this->_data['mysql_root_user']) . " --password='" . escapeshellarg($this->_data['mysql_root_pass']) . "' --result-file=" . $filename;
 				$output = exec($command);
 				if (stristr($output, "error")) {
 					$content .= $this->_status_message('red', $this->_lng['install']['backup_failed']);

install/lng/english.lng.php

@@ -86,7 +86,7 @@ $lng['install']['changing_data'] = 'Adjusting settings...';
 $lng['install']['creating_entries'] = 'Inserting new values...';
 $lng['install']['adding_admin_user'] = 'Creating admin-account...';
 $lng['install']['creating_configfile'] = 'Creating configfile...';
-$lng['install']['creating_configfile_temp'] = 'File was saved in /tmp/userdata.inc.php, please move to ' . dirname(dirname(__DIR__)) . '/lib/.';
+$lng['install']['creating_configfile_temp'] = 'File was saved in %s, please move to ' . dirname(dirname(__DIR__)) . '/lib/userdata.inc.php';
 $lng['install']['creating_configfile_failed'] = 'Could not create ' . dirname(dirname(__DIR__)) . '/lib/userdata.inc.php, please create it manually with the following content:';
 $lng['install']['froxlor_succ_installed'] = 'Froxlor was installed successfully.';
 

install/lng/french.lng.php

@@ -76,7 +76,7 @@ $lng['install']['changing_data'] = 'Ajustement des paramètres...';
 $lng['install']['creating_entries'] = 'Insertion des nouvelles valeurs...';
 $lng['install']['adding_admin_user'] = 'Création du compte administrateur...';
 $lng['install']['creating_configfile'] = 'Création du fichier de configuration...';
-$lng['install']['creating_configfile_temp'] = 'Le fichier a été enregistré dans /tmp/userdata.inc.php, merci de le déplacer dans ' . dirname(dirname(__DIR__)) . '/lib/.';
+$lng['install']['creating_configfile_temp'] = 'Le fichier a été enregistré dans %s, merci de le déplacer dans ' . dirname(dirname(__DIR__)) . '/lib/userdata.inc.php';
 $lng['install']['creating_configfile_failed'] = 'Impossible de créer ' . dirname(dirname(__DIR__)) . '/lib/userdata.inc.php, merci de le créer manuellement avec le contenu suivant:';
 $lng['install']['froxlor_succ_installed'] = 'Froxlor a été installé avec succès.';
 

install/lng/german.lng.php

@@ -86,7 +86,7 @@ $lng['install']['changing_data'] = 'Einstellungen anpassen...';
 $lng['install']['creating_entries'] = 'Trage neue Werte ein...';
 $lng['install']['adding_admin_user'] = 'Erstelle Admin-Benutzer...';
 $lng['install']['creating_configfile'] = 'Erstelle Konfigurationsdatei...';
-$lng['install']['creating_configfile_temp'] = 'Datei wurde in /tmp/userdata.inc.php gespeichert, bitte nach ' . dirname(dirname(__DIR__)) . '/lib/ verschieben.';
+$lng['install']['creating_configfile_temp'] = 'Datei wurde in %s gespeichert, bitte nach ' . dirname(dirname(__DIR__)) . '/lib/userdata.inc.php verschieben.';
 $lng['install']['creating_configfile_failed'] = 'Konnte ' . dirname(dirname(__DIR__)) . '/lib/userdata.inc.php nicht erstellen, bitte manuell mit folgendem Inhalt anlegen:';
 $lng['install']['froxlor_succ_installed'] = 'Froxlor wurde erfolgreich installiert.';
 

install/updates/froxlor/0.10/update_0.10.inc.php

@@ -571,3 +571,29 @@ if (\Froxlor\Froxlor::isFroxlorVersion('0.10.12')) {
 	showUpdateStep("Updating from 0.10.12 to 0.10.13", false);
 	\Froxlor\Froxlor::updateToVersion('0.10.13');
 }
+
+if (\Froxlor\Froxlor::isDatabaseVersion('201912313')) {
+	showUpdateStep("Adding new field to domains table");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `domain_ace` varchar(255) NOT NULL default '' AFTER `domain`;");
+	lastStepStatus(0);
+
+	showUpdateStep("Updating domain entries");
+	$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `domain_ace` = :ace WHERE `id` = :domainid");
+	$sel_stmt = Database::prepare("SELECT id, domain FROM `" . TABLE_PANEL_DOMAINS . "` ORDER BY id ASC");
+	Database::pexecute($sel_stmt);
+	$idna_convert = new \Froxlor\Idna\IdnaWrapper();
+	while ($domain = $sel_stmt->fetch(\PDO::FETCH_ASSOC)) {
+		Database::pexecute($upd_stmt, [
+			'ace' => $idna_convert->decode($domain['domain']),
+			'domainid' => $domain['id']
+		]);
+	}
+	lastStepStatus(0);
+
+	\Froxlor\Froxlor::updateToDbVersion('202002290');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.13')) {
+	showUpdateStep("Updating from 0.10.13 to 0.10.14", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.14');
+}

lib/Froxlor/Api/Commands/Customers.php

@@ -689,6 +689,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 								'name' => $name,
 								'company' => $company
 							)),
+							'CUSTOMER_NO' => $customernumber,
 							'USERNAME' => $loginname,
 							'PASSWORD' => $password,
 							'SERVER_HOSTNAME' => $srv_hostname,

lib/Froxlor/Api/Commands/Domains.php

@@ -684,6 +684,7 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 
 					$ins_data = array(
 						'domain' => $domain,
+						'domain_ace' => $idna_convert->decode($domain),
 						'customerid' => $customerid,
 						'adminid' => $adminid,
 						'documentroot' => $documentroot,
@@ -732,6 +733,7 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 					$ins_stmt = Database::prepare("
 						INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
 						`domain` = :domain,
+						`domain_ace` = :domain_ace,
 						`customerid` = :customerid,
 						`adminid` = :adminid,
 						`documentroot` = :documentroot,

lib/Froxlor/Api/Commands/EmailAccounts.php

@@ -192,7 +192,12 @@ class EmailAccounts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Reso
 				$replace_arr = array(
 					'EMAIL' => $email_full,
 					'USERNAME' => $username,
-					'PASSWORD' => $password
+					'PASSWORD' => $password,
+					'SALUTATION' => \Froxlor\User::getCorrectUserSalutation($customer),
+					'NAME' => $customer['name'],
+					'FIRSTNAME' => $customer['firstname'],
+					'COMPANY' => $customer['company'],
+					'CUSTOMER_NO' => $customer['customernumber']
 				);
 
 				// get the customers admin

lib/Froxlor/Api/Commands/Froxlor.php

@@ -243,6 +243,26 @@ class Froxlor extends \Froxlor\Api\ApiCommand
 		return $this->response(200, "successfull", \Froxlor\System\Crypt::generatePassword());
 	}
 
+	/**
+	 * can be used to remotely run the integritiy checks froxlor implements
+	 *
+	 * @access admin
+	 * @throws \Exception
+	 * @return string
+	 */
+	public function integrityCheck()
+	{
+		if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {
+			$integrity = new \Froxlor\Database\IntegrityCheck();
+			$result = $integrity->checkAll();
+			if ($result) {
+				return $this->response(200, "successfull", "OK");
+			}
+			throw new \Exception("Some checks failed.", 406);
+		}
+		throw new \Exception("Not allowed to execute given command.", 403);
+	}
+
 	/**
 	 * returns a list of all available api functions
 	 *

lib/Froxlor/Api/Commands/Ftps.php

@@ -227,6 +227,10 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
 					$replace_arr = array(
 						'SALUTATION' => \Froxlor\User::getCorrectUserSalutation($customer),
 						'CUST_NAME' => \Froxlor\User::getCorrectUserSalutation($customer), // < keep this for compatibility
+						'NAME' => $customer['name'],
+						'FIRSTNAME' => $customer['firstname'],
+						'COMPANY' => $customer['company'],
+						'CUSTOMER_NO' => $customer['customernumber'],
 						'USR_NAME' => $username,
 						'USR_PASS' => $password,
 						'USR_PATH' => \Froxlor\FileDir::makeCorrectDir(str_replace($customer['documentroot'], "/", $path))

lib/Froxlor/Api/Commands/IpsAndPorts.php

@@ -170,7 +170,7 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 	{
 		if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {
 
-			$ip = \Froxlor\Validate\Validate::validate_ip2($this->getParam('ip'), false, 'invalidip', false, false, false, false, true);
+			$ip = \Froxlor\Validate\Validate::validate_ip2($this->getParam('ip'), false, 'invalidip', false, true, false, false, true);
 			$port = \Froxlor\Validate\Validate::validate($this->getParam('port', true, 80), 'port', '/^(([1-9])|([1-9][0-9])|([1-9][0-9][0-9])|([1-9][0-9][0-9][0-9])|([1-5][0-9][0-9][0-9][0-9])|(6[0-4][0-9][0-9][0-9])|(65[0-4][0-9][0-9])|(655[0-2][0-9])|(6553[0-5]))$/Di', array(
 				'stringisempty',
 				'myport'
@@ -367,7 +367,7 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 				'id' => $id
 			));
 
-			$ip = \Froxlor\Validate\Validate::validate_ip2($this->getParam('ip', true, $result['ip']), false, 'invalidip', false, false, false, false, true);
+			$ip = \Froxlor\Validate\Validate::validate_ip2($this->getParam('ip', true, $result['ip']), false, 'invalidip', false, true, false, false, true);
 			$port = \Froxlor\Validate\Validate::validate($this->getParam('port', true, $result['port']), 'port', '/^(([1-9])|([1-9][0-9])|([1-9][0-9][0-9])|([1-9][0-9][0-9][0-9])|([1-5][0-9][0-9][0-9][0-9])|(6[0-4][0-9][0-9][0-9])|(65[0-4][0-9][0-9])|(655[0-2][0-9])|(6553[0-5]))$/Di', array(
 				'stringisempty',
 				'myport'

lib/Froxlor/Api/Commands/Mysqls.php

@@ -125,6 +125,10 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 			$replace_arr = array(
 				'SALUTATION' => \Froxlor\User::getCorrectUserSalutation($userinfo),
 				'CUST_NAME' => \Froxlor\User::getCorrectUserSalutation($userinfo), // < keep this for compatibility
+				'NAME' => $userinfo['name'],
+				'FIRSTNAME' => $userinfo['firstname'],
+				'COMPANY' => $userinfo['company'],
+				'CUSTOMER_NO' => $userinfo['customernumber'],
 				'DB_NAME' => $username,
 				'DB_PASS' => $password,
 				'DB_DESC' => $databasedescription,

lib/Froxlor/Api/Commands/SubDomains.php

@@ -256,6 +256,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				`customerid` = :customerid,
 				`adminid` = :adminid,
 				`domain` = :domain,
+				`domain_ace` = :domain_ace,
 				`documentroot` = :documentroot,
 				`aliasdomain` = :aliasdomain,
 				`parentdomainid` = :parentdomainid,
@@ -287,6 +288,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				"customerid" => $customer['customerid'],
 				"adminid" => $customer['adminid'],
 				"domain" => $completedomain,
+				"domain_ace" => $idna_convert->decode($completedomain),
 				"documentroot" => $path,
 				"aliasdomain" => $aliasdomain != 0 ? $aliasdomain : null,
 				"parentdomainid" => $domain_check['id'],
@@ -765,6 +767,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				'`d`.`id`',
 				'`d`.`customerid`',
 				'`d`.`domain`',
+				'`d`.`domain_ace`',
 				'`d`.`documentroot`',
 				'`d`.`isbinddomain`',
 				'`d`.`isemaildomain`',
@@ -780,7 +783,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 
 		// prepare select statement
 		$domains_stmt = Database::prepare("
-			SELECT " . implode(",", $select_fields) . ", IF(`d`.`parentdomainid` > 0, `pd`.`domain`, `d`.`domain`) AS `parentdomainname`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias`
+			SELECT " . implode(",", $select_fields) . ", IF(`d`.`parentdomainid` > 0, `pd`.`domain_ace`, `d`.`domain_ace`) AS `parentdomainname`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias`
 			FROM `" . TABLE_PANEL_DOMAINS . "` `d`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `da` ON `da`.`aliasdomain`=`d`.`id`

lib/Froxlor/Api/FroxlorRPC.php

@@ -56,7 +56,7 @@ class FroxlorRPC
 	private static function validateAuth($key, $secret)
 	{
 		$sel_stmt = \Froxlor\Database\Database::prepare("
-			SELECT ak.*, a.api_allowed as admin_api_allowed, c.api_allowed as cust_api_allowed
+			SELECT ak.*, a.api_allowed as admin_api_allowed, c.api_allowed as cust_api_allowed, c.deactivated
 			FROM `api_keys` ak
 			LEFT JOIN `panel_admins` a ON a.adminid = ak.adminid
 			LEFT JOIN `panel_customers` c ON c.customerid = ak.customerid
@@ -67,7 +67,7 @@ class FroxlorRPC
 			'as' => $secret
 		), true, true);
 		if ($result) {
-			if ($result['apikey'] == $key && $result['secret'] == $secret && ($result['valid_until'] == - 1 || $result['valid_until'] >= time()) && (($result['customerid'] == 0 && $result['admin_api_allowed'] == 1) || ($result['customerid'] > 0 && $result['cust_api_allowed'] == 1))) {
+			if ($result['apikey'] == $key && $result['secret'] == $secret && ($result['valid_until'] == - 1 || $result['valid_until'] >= time()) && (($result['customerid'] == 0 && $result['admin_api_allowed'] == 1) || ($result['customerid'] > 0 && $result['cust_api_allowed'] == 1 && $result['deactivated'] == 0))) {
 				// get user to check whether api call is allowed
 				if (! empty($result['allowed_from'])) {
 					// @todo allow specification and validating of whole subnets later

lib/Froxlor/Cron/Traffic/ReportsCron.php

@@ -36,7 +36,7 @@ class ReportsCron extends \Froxlor\Cron\FroxlorCron
 		if ((int) Settings::Get('system.report_trafficmax') > 0) {
 			// Warn the customers at xx% traffic-usage
 			$result_stmt = Database::prepare("
-				SELECT `c`.`customerid`, `c`.`adminid`, `c`.`name`, `c`.`firstname`,
+				SELECT `c`.`customerid`, `c`.`customernumber`, `c`.`adminid`, `c`.`name`, `c`.`firstname`,
 				`c`.`company`, `c`.`traffic`, `c`.`email`, `c`.`def_language`,
 				`a`.`name` AS `adminname`, `a`.`email` AS `adminmail`,
 				(SELECT SUM(`t`.`http` + `t`.`ftp_up` + `t`.`ftp_down` + `t`.`mail`)
@@ -60,11 +60,15 @@ class ReportsCron extends \Froxlor\Cron\FroxlorCron
 					$rep_userinfo = array(
 						'name' => $row['name'],
 						'firstname' => $row['firstname'],
-						'company' => $row['company']
+						'company' => $row['company'],
+						'customernumber' => $row['customernumber']
 					);
 					$replace_arr = array(
 						'SALUTATION' => \Froxlor\User::getCorrectUserSalutation($rep_userinfo),
-						'NAME' => $row['name'], // < keep this for compatibility
+						'NAME' => $rep_userinfo['name'],
+						'FIRSTNAME' => $rep_userinfo['firstname'],
+						'COMPANY' => $rep_userinfo['company'],
+						'CUSTOMER_NO' => $rep_userinfo['customernumber'],
 						'TRAFFIC' => round(($row['traffic'] / 1024), 2), /* traffic is stored in KB, template uses MB */
 						'TRAFFICUSED' => round(($row['traffic_used'] / 1024), 2), /* traffic is stored in KB, template uses MB */
 						'USAGE_PERCENT' => round(($row['traffic_used'] * 100) / $row['traffic'], 2),
@@ -343,7 +347,7 @@ class ReportsCron extends \Froxlor\Cron\FroxlorCron
 			 * report about diskusage for customers
 			 */
 			$result_stmt = Database::query("
-				SELECT `c`.`customerid`, `c`.`adminid`, `c`.`name`, `c`.`firstname`,
+				SELECT `c`.`customerid`, `c`.`customernumber`, `c`.`adminid`, `c`.`name`, `c`.`firstname`,
 				`c`.`company`, `c`.`diskspace`, `c`.`diskspace_used`, `c`.`email`, `c`.`def_language`,
 				`a`.`name` AS `adminname`, `a`.`email` AS `adminmail`
 				FROM `" . TABLE_PANEL_CUSTOMERS . "` AS `c`
@@ -361,11 +365,15 @@ class ReportsCron extends \Froxlor\Cron\FroxlorCron
 					$rep_userinfo = array(
 						'name' => $row['name'],
 						'firstname' => $row['firstname'],
-						'company' => $row['company']
+						'company' => $row['company'],
+						'customernumber' => $row['customernumber']
 					);
 					$replace_arr = array(
 						'SALUTATION' => \Froxlor\User::getCorrectUserSalutation($rep_userinfo),
-						'NAME' => $row['name'], // < keep this for compatibility
+						'NAME' => $rep_userinfo['name'],
+						'FIRSTNAME' => $rep_userinfo['firstname'],
+						'COMPANY' => $rep_userinfo['company'],
+						'CUSTOMER_NO' => $rep_userinfo['customernumber'],
 						'DISKAVAILABLE' => round(($row['diskspace'] / 1024), 2), /* traffic is stored in KB, template uses MB */
 						'DISKUSED' => round($row['diskspace_used'] / 1024, 2), /* traffic is stored in KB, template uses MB */
 						'USAGE_PERCENT' => round(($row['diskspace_used'] * 100) / $row['diskspace'], 2),

lib/Froxlor/Froxlor.php

@@ -7,10 +7,10 @@ final class Froxlor
 {
 
 	// Main version variable
-	const VERSION = '0.10.13';
+	const VERSION = '0.10.14';
 
 	// Database version (YYYYMMDDC where C is a daily counter)
-	const DBVERSION = '201912313';
+	const DBVERSION = '202002290';
 
 	// Distribution branding-tag (used for Debian etc.)
 	const BRANDING = '';

lib/formfields/admin/domains/formfield.domains_add.php

@@ -384,7 +384,7 @@ return array(
 						'value' => array()
 					),
 					'sessiontickets' => array(
-						'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd',
+						'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd' && \Froxlor\Settings::Get('system.sessionticketsenabled' != '1'),
 						'label' => $lng['admin']['domain_sessiontickets'],
 						'type' => 'checkbox',
 						'values' => array(

lib/formfields/admin/domains/formfield.domains_edit.php

@@ -431,7 +431,7 @@ return array(
 						)
 					),
 					'sessiontickets' => array(
-						'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd',
+						'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd' && \Froxlor\Settings::Get('system.sessionticketsenabled' != '1'),
 						'label' => $lng['admin']['domain_sessiontickets'],
 						'type' => 'checkbox',
 						'values' => array(

lng/english.lng.php

@@ -317,6 +317,7 @@ $lng['admin']['templates']['COMPANY'] = 'Replaces with the customer\'s company n
 $lng['admin']['templates']['USERNAME'] = 'Replaced with the customer\'s account username.';
 $lng['admin']['templates']['PASSWORD'] = 'Replaced with the customer\'s account password.';
 $lng['admin']['templates']['EMAIL'] = 'Replaced with the address of the POP3/IMAP account.';
+$lng['admin']['templates']['CUSTOMER_NO'] = 'Replaces with the customer number';
 $lng['admin']['webserver'] = 'Webserver';
 $lng['admin']['bindzonewarning'] = $lng['panel']['emptyfordefault'] . '<br /><strong class="red">ATTENTION:</strong> If you use a zonefile you will have to manage all required records for all sub-zones manually as well.';
 
@@ -408,6 +409,7 @@ $lng['admin']['ipsandports']['add'] = 'Add IP/Port';
 $lng['admin']['ipsandports']['edit'] = 'Edit IP/Port';
 $lng['admin']['ipsandports']['ipandport'] = 'IP/Port';
 $lng['admin']['ipsandports']['ip'] = 'IP';
+$lng['admin']['ipsandports']['ipnote'] = '<div id="ipnote" class="red">Note: Although private ip addresses are allowed, some features like DNS might not behave correctly.<br>Only use private ip addresses if you are sure.</div>';
 $lng['admin']['ipsandports']['port'] = 'Port';
 
 // ADDED IN 1.2.13-rc3

lng/german.lng.php

@@ -314,6 +314,7 @@ $lng['admin']['templates']['COMPANY'] = 'Wird mit dem Firmennamen des Kunden ers
 $lng['admin']['templates']['USERNAME'] = 'Wird mit dem Benutzernamen des neuen Kundenkontos ersetzt.';
 $lng['admin']['templates']['PASSWORD'] = 'Wird mit dem Passwort des neuen Kundenkontos ersetzt.';
 $lng['admin']['templates']['EMAIL'] = 'Wird mit der Adresse des neuen E-Mail-Kontos ersetzt.';
+$lng['admin']['templates']['CUSTOMER_NO'] = 'Wir mit der Kunden-Nummer ersetzt';
 $lng['admin']['bindzonewarning'] = $lng['panel']['emptyfordefault'] . '<br /><strong class="red">WARNUNG:</strong> Bei der Verwendung einer Zonendatei müssen alle benötigten Records aller Subdomains ebenfalls manuell verwaltet werden.';
 
 /**
@@ -403,6 +404,7 @@ $lng['admin']['ipsandports']['add'] = 'IP-Adresse/Port hinzufügen';
 $lng['admin']['ipsandports']['edit'] = 'IP-Adresse/Port bearbeiten';
 $lng['admin']['ipsandports']['ipandport'] = 'IP-Adresse/Port';
 $lng['admin']['ipsandports']['ip'] = 'IP-Adresse';
+$lng['admin']['ipsandports']['ipnote'] = '<div id="ipnote" class="red">Hinweis: Obwohl private IP Adressen erlaubt sind, kann es bei manchen Features wie DNS zu ungewolltem Verhalten kommen.<br>Verwende private Adressen nur wenn du sicher bist.</div>';
 $lng['admin']['ipsandports']['port'] = 'Port';
 
 // ADDED IN 1.2.13-rc3

templates/Sparkle/admin/domains/domains.tpl

@@ -30,7 +30,7 @@
 				<table class="full hl">
 					<thead>
 						<tr>
-							<th>{$lng['domains']['domainname']}&nbsp;{$arrowcode['d.domain']}</th>
+							<th>{$lng['domains']['domainname']}&nbsp;{$arrowcode['d.domain_ace']}</th>
 							<th>{$lng['admin']['ipsandports']['ip']}</th>
 							<th>{$lng['admin']['customer']}&nbsp;{$arrowcode['c.loginname']}</th>
 							<th>{$lng['panel']['options']}</th>

templates/Sparkle/admin/ipsandports/ipsandports_add.tpl

@@ -6,6 +6,7 @@ $header
 				{$title}
 			</h2>
 		</header>
+		<script type="text/javascript" src="templates/{$theme}/assets/js/ipsandports.js"></script>
 
 		<section>
 

templates/Sparkle/admin/ipsandports/ipsandports_edit.tpl

@@ -6,6 +6,7 @@ $header
 				{$title}
 			</h2>
 		</header>
+		<script type="text/javascript" src="templates/{$theme}/assets/js/ipsandports.js"></script>
 
 		<section>
 

templates/Sparkle/admin/templates/templates_add_2.tpl

@@ -40,7 +40,6 @@ $header
 				</tr>
 			</thead>
 			<tbody>
-				<if ($template == 'createcustomer')>
 				<tr>
 					<td><em>{SALUTATION}</em></td>
 					<td>{$lng['admin']['templates']['SALUTATION']}</td>
@@ -57,6 +56,11 @@ $header
 					<td><em>{COMPANY}</em></td>
 					<td>{$lng['admin']['templates']['COMPANY']}</td>
 				</tr>
+				<tr>
+					<td><em>{CUSTOMER_NO}</em></td>
+					<td>{$lng['admin']['templates']['CUSTOMER_NO']}</td>
+				</tr>
+				<if ($template == 'createcustomer')>
 					<tr>
 						<td><em>{USERNAME}</em></td>
 						<td>{$lng['admin']['templates']['USERNAME']}</td>
@@ -88,10 +92,6 @@ $header
 					</if>
 				</if>
 				<if ($template == 'password_reset')>
-					<tr>
-						<td><em>{SALUTATION}</em></td>
-						<td>{$lng['admin']['templates']['SALUTATION']}</td>
-					</tr>
 					<tr>
 						<td><em>{USERNAME}</em></td>
 						<td>{$lng['admin']['templates']['USERNAME']}</td>
@@ -138,10 +138,6 @@ $header
 					</tr>
 				</if>
 				<if ($template == 'new_database_by_customer')>
-					<tr>
-						<td><em>{SALUTATION}</em></td>
-						<td>{$lng['admin']['templates']['SALUTATION']}</td>
-					</tr>
 					<tr>
 						<td><em>{DB_NAME}</em></td>
 						<td>{$lng['admin']['templates']['DB_NAME']}</td>
@@ -164,10 +160,6 @@ $header
 					</tr>
 				</if>
 				<if ($template == 'new_ftpaccount_by_customer')>
-					<tr>
-						<td><em>{SALUTATION}</em></td>
-						<td>{$lng['admin']['templates']['SALUTATION']}</td>
-					</tr>
 					<tr>
 						<td><em>{USR_NAME}</em></td>
 						<td>{$lng['admin']['templates']['USR_NAME']}</td>

templates/Sparkle/admin/templates/templates_edit.tpl

@@ -42,7 +42,6 @@ $header
 				</tr>
 			</thead>
 			<tbody>
-				<if ($template_name == 'createcustomer')>
 				<tr>
 					<td><em>{SALUTATION}</em></td>
 					<td>{$lng['admin']['templates']['SALUTATION']}</td>
@@ -59,6 +58,11 @@ $header
 					<td><em>{COMPANY}</em></td>
 					<td>{$lng['admin']['templates']['COMPANY']}</td>
 				</tr>
+				<tr>
+					<td><em>{CUSTOMER_NO}</em></td>
+					<td>{$lng['admin']['templates']['CUSTOMER_NO']}</td>
+				</tr>
+				<if ($template_name == 'createcustomer')>
 					<tr>
 						<td><em>{USERNAME}</em></td>
 						<td>{$lng['admin']['templates']['USERNAME']}</td>
@@ -90,10 +94,6 @@ $header
 					</if>
 				</if>
 				<if ($template_name == 'password_reset')>
-					<tr>
-						<td><em>{SALUTATION}</em></td>
-						<td>{$lng['admin']['templates']['SALUTATION']}</td>
-					</tr>
 					<tr>
 						<td><em>{USERNAME}</em></td>
 						<td>{$lng['admin']['templates']['USERNAME']}</td>
@@ -140,10 +140,6 @@ $header
 					</tr>
 				</if>
 				<if ($template_name == 'new_database_by_customer')>
-					<tr>
-						<td><em>{SALUTATION}</em></td>
-						<td>{$lng['admin']['templates']['SALUTATION']}</td>
-					</tr>
 					<tr>
 						<td><em>{DB_NAME}</em></td>
 						<td>{$lng['admin']['templates']['DB_NAME']}</td>
@@ -166,10 +162,6 @@ $header
 					</tr>
 				</if>
 				<if ($template_name == 'new_ftpaccount_by_customer')>
-					<tr>
-						<td><em>{SALUTATION}</em></td>
-						<td>{$lng['admin']['templates']['SALUTATION']}</td>
-					</tr>
 					<tr>
 						<td><em>{USR_NAME}</em></td>
 						<td>{$lng['admin']['templates']['USR_NAME']}</td>
@@ -190,4 +182,3 @@ $header
 
 	</article>
 $footer
-

templates/Sparkle/assets/js/ipsandports.js

@@ -0,0 +1,46 @@
+$(document).ready(function() {
+
+	var getUrlParameter = function getUrlParameter(sParam) {
+	    var sPageURL = decodeURIComponent(window.location.search.substring(1)),
+	        sURLVariables = sPageURL.split('&'),
+	        sParameterName,
+	        i;
+
+	    for (i = 0; i < sURLVariables.length; i++) {
+	        sParameterName = sURLVariables[i].split('=');
+
+	        if (sParameterName[0] === sParam) {
+	            return sParameterName[1] === undefined ? true : sParameterName[1];
+	        }
+	    }
+	};
+
+	/**
+	 * check for internal ip and output a notice if private-range ip is given
+	 */
+	$('#ip').change(function() {
+		var ipval = $(this).val();
+		if (ipval.length > 0) {
+			var sid = getUrlParameter('s');
+			$.ajax({
+		        url: "admin_ipsandports.php?s="+sid+"&page=overview&action=jqCheckIP",
+		        type: "POST",
+		        data: {
+		            ip: ipval
+		        },
+		        dataType: "json",
+		        success: function(json) {
+                            if (json != 0) {
+                                $('#ip').parent().append(json);
+	                    } else {
+	                        $('#ipnote').remove();
+	                    }
+		        },
+		        error: function(a, b) {
+		            console.log(a, b);
+		        }
+		    });
+		}
+	});
+
+});

templates/Sparkle/customer/domains/domainlist.tpl

@@ -27,7 +27,7 @@
 				<table class="full hl">
 					<thead>
 						<tr>
-							<th>{$lng['domains']['domainname']}&nbsp;{$arrowcode['d.domain']}</th>
+							<th>{$lng['domains']['domainname']}&nbsp;{$arrowcode['d.domain_ace']}</th>
 							<th>{$lng['panel']['path']}</th>
 							<th>{$lng['panel']['options']}</th>
 						</tr>

tests/Certificates/CertificatesTest.php

@@ -64,7 +64,7 @@ class CertificatesTest extends TestCase
 			'ssl_key_file' => $certdata['key']
 		))->add();
 		$result = json_decode($json_result, true)['data'];
-		$this->assertEquals(5, $result['domainid']);
+		$this->assertEquals(6, $result['domainid']);
 	}
 
 	public function testAdminCertificatesList()
@@ -148,7 +148,7 @@ class CertificatesTest extends TestCase
 			'ssl_key_file' => $certdata['key']
 		))->update();
 		$result = json_decode($json_result, true)['data'];
-		$this->assertEquals(5, $result['domainid']);
+		$this->assertEquals(6, $result['domainid']);
 		$this->assertEquals(str_replace("\n", "", $certdata['cert']), str_replace("\n", "", $result['ssl_cert_file']));
 	}
 

tests/Domains/DomainsTest.php

@@ -347,4 +347,27 @@ class DomainsTest extends TestCase
 		$this->expectExceptionMessage("Not allowed to execute given command.");
 		$json_result = Domains::getLocal($customer_userdata)->listingCount();
 	}
+
+	public function testAdminIdnDomainsAdd()
+	{
+		global $admin_userdata;
+		// get customer
+		$json_result = Customers::getLocal($admin_userdata, array(
+			'loginname' => 'test1'
+		))->get();
+		$customer_userdata = json_decode($json_result, true)['data'];
+		$data = [
+			'domain' => 'täst.local',
+			'customerid' => $customer_userdata['customerid']
+		];
+		$json_result = Domains::getLocal($admin_userdata, $data)->add();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertEquals($customer_userdata['documentroot'] . 'xn--tst-qla.local/', $result['documentroot']);
+		$this->assertEquals('xn--tst-qla.local', $result['domain']);
+		$this->assertEquals('täst.local', $result['domain_ace']);
+
+		Domains::getLocal($admin_userdata, [
+			'domainname' => 'täst.local'
+		])->delete();
+	}
 }