set version to 0.10.29 for upcoming release

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

.github/ISSUE_TEMPLATE.md

@@ -1,6 +1,6 @@
 # Bug report vs. support request
 If you're unsure of whether your problem is a bug or a configuration error
-* contact us via IRC in #froxlor on freenode
+* contact us via IRC in #froxlor on irc.libera.chat
 * or post a thread in our forum at https://forum.froxlor.org
 
 As a rule of thumb: before reporting an issue

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,40 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**As a rule of thumb: before reporting an issue**
+* see if it hasn't been [reported](https://github.com/Froxlor/froxlor/issues) (and possibly already been [fixed](https://github.com/Froxlor/froxlor/issues?utf8=✓&q=is:issue%20is:closed)) first
+* try with the git master
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**System information**
+* Froxlor version: $version/$gitSHA1
+* Web server: apache2/nginx/lighttpd
+* DNS server: Bind/PowerDNS (standalone)/PowerDNS (Bind-backend)
+* POP/IMAP server: Courier/Dovecot
+* SMTP server: postfix/exim
+* FTP server: proftpd/pureftpd
+* OS/Version: ...
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Logfiles**
+If applicable, add log-entries to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/workflows/build-mariadb.yml

@@ -0,0 +1,80 @@
+name: Froxlor-CI-MariaDB
+on: ['push', 'pull_request', 'create']
+
+jobs:
+  froxlor:
+    name: Froxlor (PHP ${{ matrix.php-versions }}, MariaDB ${{ matrix.mariadb-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        php-versions: ['7.4', '8.0']
+        mariadb-version: [10.5, 10.4]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup PHP, with composer and extensions
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          tools: composer:v2
+          extensions: mbstring, xml, ctype, pdo_mysql, mysql, curl, json, zip, session, filter, posix, openssl, fileinfo, bcmath
+
+      - name: Install tools
+        run: sudo apt-get install -y ant
+
+      - name: Adjust firewall
+        run: |
+          sudo ufw allow out 3306/tcp
+          sudo ufw allow in 3306/tcp
+
+      - name: Setup MariaDB
+        uses: getong/mariadb-action@v1.1
+        with:
+          mariadb version: ${{ matrix.mariadb-version }}
+          mysql database: 'froxlor010'
+          mysql root password: 'fr0xl0r.TravisCI'
+
+      - name: Wait for database
+        run: sleep 15
+
+      - name: Setup databases
+        run: |
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "CREATE USER 'froxlor010'@'%' IDENTIFIED BY 'fr0xl0r.TravisCI';"
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "GRANT ALL ON froxlor010.* TO 'froxlor010'@'%';"
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI froxlor010 < install/froxlor.sql
+
+      - name: Run testing
+        run: ant quick-build
+
+#      - name: irc push
+#        uses: rectalogic/notify-irc@v1
+#        if: github.event_name == 'push'
+#        with:
+#          channel: "#froxlor"
+#          server: "irc.libera.chat"
+#          nickname: froxlor-ci
+#          message: |
+#            ${{ github.actor }} pushed ${{ github.event.ref }} ${{ github.event.compare }}
+#            ${{ join(github.event.commits.*.message) }}
+
+#      - name: irc pull request
+#        uses: rectalogic/notify-irc@v1
+#        if: github.event_name == 'pull_request'
+#        with:
+#          channel: "#froxlor"
+#          server: "irc.libera.chat"
+#          nickname: froxlor-ci
+#          message: |
+#            ${{ github.actor }} opened PR ${{ github.event.pull_request.html_url }}
+
+#      - name: irc tag created
+#        uses: rectalogic/notify-irc@v1
+#        if: github.event_name == 'create' && github.event.ref_type == 'tag'
+#        with:
+#          channel: "#froxlor"
+#          server: "irc.libera.chat"
+#          nickname: froxlor-ci
+#          message: |
+#            ${{ github.actor }} tagged ${{ github.repository }} ${{ github.event.ref }}

.github/workflows/build-mysql.yml

@@ -0,0 +1,57 @@
+name: Froxlor-CI-MySQL
+on: ['push', 'pull_request', 'create']
+
+jobs:
+  froxlor:
+    name: Froxlor (PHP ${{ matrix.php-versions }}, MySQL ${{ matrix.mysql-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        php-versions: ['7.4', '8.0']
+        mysql-version: [8.0, 5.7]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup PHP, with composer and extensions
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          tools: composer:v2
+          extensions: mbstring, xml, ctype, pdo_mysql, mysql, curl, json, zip, session, filter, posix, openssl, fileinfo, bcmath
+
+      - name: Install tools
+        run: sudo apt-get install -y ant
+
+      - name: Adjust firewall
+        run: |
+          sudo ufw allow out 3306/tcp
+          sudo ufw allow in 3306/tcp
+
+      - name: Setup MySQL
+        uses: samin/mysql-action@v1.3
+        with:
+          mysql version: ${{ matrix.mysql-version }}
+          mysql database: 'froxlor010'
+          mysql root password: 'fr0xl0r.TravisCI'
+
+      - name: Wait for database
+        run: sleep 15
+
+      - name: Setup database (8.0)
+        if: matrix.mysql-version == '8.0'
+        run: |
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "CREATE USER 'froxlor010'@'%' IDENTIFIED WITH mysql_native_password BY 'fr0xl0r.TravisCI';"
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "GRANT ALL ON froxlor010.* TO 'froxlor010'@'%';"
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI froxlor010 < install/froxlor.sql
+
+      - name: Setup database (5.7)
+        if: matrix.mysql-version == '5.7'
+        run: |
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "CREATE USER 'froxlor010'@'%' IDENTIFIED BY 'fr0xl0r.TravisCI';"
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "GRANT ALL ON froxlor010.* TO 'froxlor010'@'%';"
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI froxlor010 < install/froxlor.sql
+
+      - name: Run testing
+        run: ant quick-build

.gitignore

@@ -12,9 +12,10 @@ logs/*
 .well-known
 .idea
 *.iml
+img/
 
 !templates/Froxlor/
 !templates/Sparkle/
 !templates/misc/
-templates/Froxlor/assets/img/logo_custom.png
+templates/Sparkle/assets/css/custom.css
 vendor/

.travis.yml

@@ -55,7 +55,7 @@ script:
   - ant phpunit-no-coverage
 
 notifications:
-  irc: "chat.freenode.net#froxlor"
+  irc: "irc.libera.chat#froxlor"
   webhooks:
     urls:
       - https://webhooks.gitter.im/e/bdf91d1c3f745e51f796

README.md

@@ -1,4 +1,5 @@
-[![Build Status](https://travis-ci.com/Froxlor/Froxlor.svg?branch=master)](https://travis-ci.com/Froxlor/Froxlor)
+[![Froxlor-CI](https://github.com/Froxlor/Froxlor/actions/workflows/build-mariadb.yml/badge.svg?branch=master)](https://github.com/Froxlor/Froxlor/actions/workflows/build-mariadb.yml)
+[![Froxlor-CI](https://github.com/Froxlor/Froxlor/actions/workflows/build-mysql.yml/badge.svg?branch=master)](https://github.com/Froxlor/Froxlor/actions/workflows/build-mysql.yml)
 [![Gitter](https://badges.gitter.im/Froxlor/community.svg)](https://gitter.im/Froxlor/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 
 # Froxlor
@@ -28,8 +29,8 @@ You may find help in the following places:
 
 ### IRC
 
-froxlor may be found on freenode.net, channel #froxlor:
-irc://chat.freenode.net/froxlor
+froxlor may be found on libera.chat, channel #froxlor:
+irc://irc.libera.chat/froxlor
 
 ### Forum
 

actions/admin/settings/100.panel.php

@@ -77,14 +77,6 @@ return array(
 					'default' => false,
 					'save_method' => 'storeSettingField'
 				),
-				'panel_no_robots' => array(
-					'label' => $lng['serversettings']['no_robots'],
-					'settinggroup' => 'panel',
-					'varname' => 'no_robots',
-					'type' => 'bool',
-					'default' => true,
-					'save_method' => 'storeSettingField'
-				),
 				'panel_paging' => array(
 					'label' => $lng['serversettings']['paging'],
 					'settinggroup' => 'panel',
@@ -296,6 +288,40 @@ return array(
 					'default' => '',
 					'save_method' => 'storeSettingField'
 				),
+				'panel_logo_overridetheme' => array(
+					'label' => $lng['serversettings']['logo_overridetheme'],
+					'settinggroup' => 'panel',
+					'varname' => 'logo_overridetheme',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				'panel_logo_overridecustom' => array(
+					'label' => $lng['serversettings']['logo_overridecustom'],
+					'settinggroup' => 'panel',
+					'varname' => 'logo_overridecustom',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				'panel_logo_image_header' => array(
+					'label' => $lng['serversettings']['logo_image_header'],
+					'settinggroup' => 'panel',
+					'varname' => 'logo_image_header',
+					'type' => 'image',
+					'image_name' => 'logo_header',
+					'default' => '',
+					'save_method' => 'storeSettingImage'
+				),
+				'panel_logo_image_login' => array(
+					'label' => $lng['serversettings']['logo_image_login'],
+					'settinggroup' => 'panel',
+					'varname' => 'logo_image_login',
+					'type' => 'image',
+					'image_name' => 'logo_login',
+					'default' => '',
+					'save_method' => 'storeSettingImage'
+				),
 			)
 		)
 	)

actions/admin/settings/110.accounts.php

@@ -205,9 +205,21 @@ return array(
 					'default' => false,
 					'cronmodule' => 'froxlor/backup',
 					'save_method' => 'storeSettingField'
-				)
+				),
+				'system_createstdsubdom_default' => array(
+					'label' => $lng['serversettings']['createstdsubdom_default'],
+					'settinggroup' => 'system',
+					'varname' => 'createstdsubdom_default',
+					'type' => 'option',
+					'default' => '1',
+					'option_mode' => 'one',
+					'option_options' => array(
+						'0' => $lng['panel']['no'],
+						'1' => $lng['panel']['yes']
+					),
+					'save_method' => 'storeSettingField'
+				),
 			)
 		)
 	)
 );
-

actions/admin/settings/120.system.php

@@ -270,6 +270,20 @@ return array(
 					'default' => true,
 					'save_method' => 'storeSettingField'
 				),
+                'system_domaindefaultalias' => array(
+                    'label' => $lng['admin']['domaindefaultalias'],
+                    'settinggroup' => 'system',
+                    'varname' => 'domaindefaultalias',
+                    'type' => 'option',
+                    'default' => '0',
+                    'option_mode' => 'one',
+                    'option_options' => array(
+                        '0' => $lng['domains']['serveraliasoption_wildcard'],
+                        '1' => $lng['domains']['serveraliasoption_www'],
+                        '2' => $lng['domains']['serveraliasoption_none']
+                    ),
+                    'save_method' => 'storeSettingField'
+                ),
 				'hide_incompatible_settings' => array(
 					'label' => $lng['serversettings']['hide_incompatible_settings'],
 					'settinggroup' => 'system',

actions/admin/settings/131.ssl.php

@@ -142,6 +142,9 @@ return array(
 					'default' => '/etc/apache2/conf-enabled/acme.conf',
 					'save_method' => 'storeSettingField'
 				),
+			    /**
+			     * currently the only option anyway
+			     *
 				'system_leapiversion' => array(
 					'label' => $lng['serversettings']['leapiversion'],
 					'settinggroup' => 'system',
@@ -154,16 +157,20 @@ return array(
 					),
 					'save_method' => 'storeSettingField'
 				),
+				*/
 				'system_letsencryptca' => array(
 					'label' => $lng['serversettings']['letsencryptca'],
 					'settinggroup' => 'system',
 					'varname' => 'letsencryptca',
 					'type' => 'option',
-					'default' => 'production',
+					'default' => 'letsencrypt',
 					'option_mode' => 'one',
 					'option_options' => array(
-						'testing' => 'https://acme-staging-v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org (Test)',
-						'production' => 'https://acme-v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org (Live)'
+						'letsencrypt_test' => 'Let\'s Encrypt (Test / Staging)',
+						'letsencrypt' => 'Let\'s Encrypt (Live)',
+						'buypass_test' => 'Buypass (Test / Staging)',
+						'buypass' => 'Buypass (Live)',
+					    'zerossl' => 'ZeroSSL (Live)'
 					),
 					'save_method' => 'storeSettingField'
 				),

actions/admin/settings/160.nameserver.php

@@ -99,6 +99,19 @@ return array(
 					'default' => '',
 					'save_method' => 'storeSettingField'
 				),
+				'system_powerdns_mode' => array(
+					'label' => $lng['serversettings']['powerdns_mode'],
+					'settinggroup' => 'system',
+					'varname' => 'powerdns_mode',
+					'type' => 'option',
+					'default' => 'Native',
+					'option_mode' => 'one',
+					'option_options' => array(
+						'Native' => 'Native',
+						'Master' => 'Master'
+					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_dns_createmailentry' => array(
 					'label' => $lng['serversettings']['mail_also_with_mxservers'],
 					'settinggroup' => 'system',

actions/admin/settings/210.security.php

@@ -82,7 +82,20 @@ return array(
 					'string_emptyallowed' => true,
 					'default' => '',
 					'save_method' => 'storeSettingField'
-				)
+				),
+				'system_froxlorusergroup' => array(
+					'label' => $lng['serversettings']['froxlorusergroup'],
+					'settinggroup' => 'system',
+					'varname' => 'froxlorusergroup',
+					'type' => 'string',
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					'plausibility_check_method' => array(
+						'\\Froxlor\\Validate\\Check',
+						'checkLocalGroup'
+					),
+					'visible' => \Froxlor\Settings::Get('system.nssextrausers')
+				),
 			)
 		)
 	)

admin_admins.php

@@ -129,7 +129,7 @@ if ($page == 'admins' && $userinfo['change_serversettings'] == '1') {
 				'userid' => $userinfo['userid']
 			));
 
-			$s = md5(uniqid(microtime(), 1));
+			$s = \Froxlor\Froxlor::genSessionId();
 			$ins_stmt = Database::prepare("
 				INSERT INTO `" . TABLE_PANEL_SESSIONS . "` SET
 				`hash` = :hash, `userid` = :userid, `ipaddress` = :ip,

admin_apcuinfo.php

@@ -87,7 +87,7 @@ if ($page == 'showinfo') {
 	$hits = $cache['num_hits'] . @sprintf(" (%.1f%%)", $cache['num_hits'] * 100 / ($cache['num_hits'] + $cache['num_misses']));
 	$misses = $cache['num_misses'] . @sprintf(" (%.1f%%)", $cache['num_misses'] * 100 / ($cache['num_hits'] + $cache['num_misses']));
 
-	// Fragementation: (freeseg - 1) / total_seg
+	// Fragmentation: (freeseg - 1) / total_seg
 	$nseg = $freeseg = $fragsize = $freetotal = 0;
 	for ($i = 0; $i < $mem['num_seg']; $i ++) {
 		$ptr = 0;

admin_customers.php

@@ -178,7 +178,7 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
 				'hash' => $s
 			));
 
-			$s = md5(uniqid(microtime(), 1));
+			$s = \Froxlor\Froxlor::genSessionId();
 			$insert = Database::prepare("
 				INSERT INTO `" . TABLE_PANEL_SESSIONS . "` SET
 					`hash` = :hash,

admin_domains.php

@@ -290,9 +290,9 @@ if ($page == 'domains' || $page == 'overview') {
 
 			// create serveralias options
 			$serveraliasoptions = "";
-			$serveraliasoptions .= \Froxlor\UI\HTML::makeoption($lng['domains']['serveraliasoption_wildcard'], '0', '0', true, true);
-			$serveraliasoptions .= \Froxlor\UI\HTML::makeoption($lng['domains']['serveraliasoption_www'], '1', '0', true, true);
-			$serveraliasoptions .= \Froxlor\UI\HTML::makeoption($lng['domains']['serveraliasoption_none'], '2', '0', true, true);
+			$serveraliasoptions .= \Froxlor\UI\HTML::makeoption($lng['domains']['serveraliasoption_wildcard'], '0', Settings::Get('system.domaindefaultalias'), true, true);
+			$serveraliasoptions .= \Froxlor\UI\HTML::makeoption($lng['domains']['serveraliasoption_www'], '1', Settings::Get('system.domaindefaultalias'), true, true);
+			$serveraliasoptions .= \Froxlor\UI\HTML::makeoption($lng['domains']['serveraliasoption_none'], '2', Settings::Get('system.domaindefaultalias'), true, true);
 
 			$subcanemaildomain = \Froxlor\UI\HTML::makeoption($lng['admin']['subcanemaildomain']['never'], '0', '0', true, true);
 			$subcanemaildomain .= \Froxlor\UI\HTML::makeoption($lng['admin']['subcanemaildomain']['choosableno'], '1', '0', true, true);
@@ -428,7 +428,7 @@ if ($page == 'domains' || $page == 'overview') {
 					$customer = Database::pexecute_first($customer_stmt, array(
 						'customerid' => $result['customerid']
 					));
-					$result['customername'] = \Froxlor\User::getCorrectFullUserDetails($customer) . ' (' . $customer['loginname'] . ')';
+					$result['customername'] = \Froxlor\User::getCorrectFullUserDetails($customer);
 				}
 
 				if ($userinfo['customers_see_all'] == '1') {
@@ -594,6 +594,10 @@ if ($page == 'domains' || $page == 'overview') {
 				}
 
 				$result = \Froxlor\PhpHelper::htmlentitiesArray($result);
+				if (Settings::Get('panel.allow_domain_change_customer') != '1') {
+					$result['customername'] .= ' (<a href="' . $linker->getLink(array('section' => 'customers', 'page' => 'customers',
+						'action' => 'su', 'id' => $customer['customerid'])) . '" rel="external">' . $customer['loginname'] . '</a>)';
+				}
 
 				$domain_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/domains/formfield.domains_edit.php';
 				$domain_edit_form = \Froxlor\UI\HtmlForm::genHTMLForm($domain_edit_data);

admin_message.php

@@ -32,10 +32,10 @@ if ($page == 'message') {
 		$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'viewed panel_message');
 
 		if (isset($_POST['send']) && $_POST['send'] == 'send') {
-			if ($_POST['receipient'] == 0 && $userinfo['customers_see_all'] == '1') {
+			if ($_POST['recipient'] == 0 && $userinfo['customers_see_all'] == '1') {
 				$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'sending messages to admins');
 				$result = Database::query('SELECT `name`, `email`  FROM `' . TABLE_PANEL_ADMINS . "`");
-			} elseif ($_POST['receipient'] == 1) {
+			} elseif ($_POST['recipient'] == 1) {
 				if ($userinfo['customers_see_all'] == '1') {
 					$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'sending messages to ALL customers');
 					$result = Database::query('SELECT `firstname`, `name`, `company`, `email`  FROM `' . TABLE_PANEL_CUSTOMERS . "`");
@@ -49,7 +49,7 @@ if ($page == 'message') {
 					));
 				}
 			} else {
-				\Froxlor\UI\Response::standard_error('noreceipientsgiven');
+				\Froxlor\UI\Response::standard_error('norecipientsgiven');
 			}
 
 			$subject = $_POST['subject'];
@@ -105,7 +105,7 @@ if ($page == 'message') {
 		$sentitems = isset($_GET['sentitems']) ? (int) $_GET['sentitems'] : 0;
 
 		if ($sentitems == 0) {
-			$successmessage = $lng['message']['noreceipients'];
+			$successmessage = $lng['message']['norecipients'];
 		} else {
 			$successmessage = str_replace('%s', $sentitems, $lng['message']['success']);
 		}
@@ -116,12 +116,12 @@ if ($page == 'message') {
 	}
 
 	$action = '';
-	$receipients = '';
+	$recipients = '';
 
 	if ($userinfo['customers_see_all'] == '1') {
-		$receipients .= \Froxlor\UI\HTML::makeoption($lng['panel']['reseller'], 0);
+		$recipients .= \Froxlor\UI\HTML::makeoption($lng['panel']['reseller'], 0);
 	}
 
-	$receipients .= \Froxlor\UI\HTML::makeoption($lng['panel']['customer'], 1);
+	$recipients .= \Froxlor\UI\HTML::makeoption($lng['panel']['customer'], 1);
 	eval("echo \"" . \Froxlor\UI\Template::getTemplate('message/message') . "\";");
 }

admin_opcacheinfo.php

@@ -22,7 +22,7 @@ require './lib/init.php';
 
 if ($action == 'reset' && function_exists('opcache_reset') && $userinfo['change_serversettings'] == '1') {
 	opcache_reset();
-	$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "reseted OPcache");
+	$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "reset OPcache");
 	header('Location: ' . $linker->getLink(array(
 		'section' => 'opcacheinfo',
 		'page' => 'showinfo'

api_keys.php

@@ -127,7 +127,7 @@ if ($action == 'delete') {
 
 $log->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, "viewed api::api_keys");
 
-// select all my (accessable) certificates
+// select all my (accessible) certificates
 $keys_stmt_query = "SELECT ak.*, c.loginname, a.loginname as adminname
 	FROM `" . TABLE_API_KEYS . "` ak
 	LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` c ON `c`.`customerid` = `ak`.`customerid`

build.xml

@@ -6,21 +6,20 @@
 	<property name="pdepend" value="${basedir}/vendor/bin/pdepend" />
 	<property name="phpcpd" value="${basedir}/vendor/bin/phpcpd" />
 	<property name="phpcs" value="${basedir}/vendor/bin/phpcs" />
-	<property name="phpdox" value="${basedir}/vendor/bin/phpdox" />
 	<property name="phploc" value="${basedir}/vendor/bin/phploc" />
 	<property name="phpmd" value="${basedir}/vendor/bin/phpmd" />
 	<property name="phpunit" value="${basedir}/vendor/bin/phpunit" />
 
 	<target name="full-build"
-		depends="prepare,composer,static-analysis,phpunit,phpdox,-check-failure"
+		depends="prepare,composer,static-analysis,phpunit,-check-failure"
 		description="Performs static analysis, runs the tests, and generates project documentation" />
 
 	<target name="full-build-parallel"
-		depends="prepare,composer,static-analysis-parallel,phpunit,phpdox,-check-failure"
+		depends="prepare,composer,static-analysis-parallel,phpunit,-check-failure"
 		description="Performs static analysis (executing the tools in parallel), runs the tests, and generates project documentation" />
 
 	<target name="quick-build"
-		depends="prepare,composer,lint,phpunit-no-coverage"
+		depends="prepare,composer,lint,phpunit-no-coverage,-check-failure"
 		description="Performs a lint check and runs the tests (without generating code coverage reports)" />
 
 	<target name="static-analysis"
@@ -49,7 +48,6 @@
 		<delete dir="${basedir}/build/coverage" />
 		<delete dir="${basedir}/build/logs" />
 		<delete dir="${basedir}/build/pdepend" />
-		<delete dir="${basedir}/build/phpdox" />
 		<property name="clean.done" value="true" />
 	</target>
 
@@ -59,7 +57,6 @@
 		<mkdir dir="${basedir}/build/coverage" />
 		<mkdir dir="${basedir}/build/logs" />
 		<mkdir dir="${basedir}/build/pdepend" />
-		<mkdir dir="${basedir}/build/phpdox" />
 
 		<property name="prepare.done" value="true" />
 	</target>
@@ -257,7 +254,7 @@
 	<target name="phpunit-no-coverage" unless="phpunit.done"
 		depends="composer"
 		description="Run unit tests with PHPUnit (without generating code coverage reports)">
-		<exec executable="${phpunit}" failonerror="true"
+		<exec executable="${phpunit}" failonerror="true" resultproperty="result.phpunit"
 			taskname="phpunit">
 			<arg value="--configuration" />
 			<arg path="${basedir}/phpunit.xml" />
@@ -269,18 +266,6 @@
 		<property name="phpunit.done" value="true" />
 	</target>
 
-	<target name="phpdox" unless="phpdox.done"
-		depends="phploc-ci,phpcs-ci,phpcompat-ci,phpmd-ci"
-		description="Generate project documentation using phpDox">
-		<exec executable="${phpdox}" dir="${basedir}/build"
-			taskname="phpdox">
-			<arg value="--file" />
-			<arg path="${basedir}/phpdox.xml" />
-		</exec>
-
-		<property name="phpdox.done" value="true" />
-	</target>
-
 	<target name="-check-failure">
 		<fail message="PHPUnit did not finish successfully">
 			<condition>

composer.json

@@ -25,7 +25,7 @@
 		"issues": "https://github.com/Froxlor/Froxlor/issues",
 		"forum": "https://forum.froxlor.org/",
 		"wiki": "https://github.com/Froxlor/Froxlor/wiki",
-		"irc": "irc://chat.freenode.net/froxlor",
+		"irc": "irc://irc.libera.chat/froxlor",
 		"source": "https://github.com/Froxlor/Froxlor",
 		"docs": "https://github.com/Froxlor/Froxlor/wiki"
 	},
@@ -43,6 +43,7 @@
 		"ext-curl": "*",
 		"ext-json": "*",
 		"ext-openssl": "*",
+		"ext-fileinfo": "*",
 		"phpmailer/phpmailer": "~6.0",
 		"monolog/monolog": "^1.24",
 		"robthree/twofactorauth": "^1.6",
@@ -50,16 +51,16 @@
 		"voku/anti-xss": "^4.1"
     },
 	"require-dev": {
-		"phpunit/phpunit": "8.4.1",
+		"phpunit/phpunit": "^9",
 		"php": ">=7.3",
 		"ext-pcntl": "*",
 		"phpcompatibility/php-compatibility": "*",
 		"squizlabs/php_codesniffer": "*",
-		"pdepend/pdepend": "^2.5",
-		"sebastian/phpcpd": "^4.1",
-		"theseer/phpdox": "^0.12.0",
-		"phploc/phploc": "^5.0",
-		"phpmd/phpmd": "^2.6"
+		"pdepend/pdepend": "^2.9",
+		"sebastian/phpcpd": "^6.0",
+		"phploc/phploc": "^7.0",
+		"phpmd/phpmd": "^2.10",
+		"phpunit/php-timer" : "^5"
 	},
 	"suggest": {
 		"ext-bcmath": "*",

index.php

@@ -28,6 +28,12 @@ if ($action == '') {
 }
 
 if (session_status() == PHP_SESSION_NONE) {
+	ini_set("session.name", "s");
+	ini_set("url_rewriter.tags", "");
+	ini_set("session.use_cookies", false);
+	ini_set("session.cookie_httponly", true);
+	ini_set("session.cookie_secure", $is_ssl);
+	session_id('login');
 	session_start();
 }
 
@@ -669,7 +675,7 @@ function finishLogin($userinfo)
 	global $version, $dbversion, $remote_addr, $http_user_agent, $languages;
 
 	if (isset($userinfo['userid']) && $userinfo['userid'] != '') {
-		$s = md5(uniqid(microtime(), 1));
+		$s = \Froxlor\Froxlor::genSessionId();
 
 		if (isset($_POST['language'])) {
 			$language = \Froxlor\Validate\Validate::validate($_POST['language'], 'language');

install/froxlor.sql

@@ -611,6 +611,7 @@ opcache.interned_strings_buffer'),
 	('system', 'documentroot_use_default_value', '0'),
 	('system', 'passwordcryptfunc', '3'),
 	('system', 'axfrservers', ''),
+	('system', 'powerdns_mode', 'Native'),
 	('system', 'customer_ssl_path', '/etc/ssl/froxlor-custom/'),
 	('system', 'allow_error_report_admin', '1'),
 	('system', 'allow_error_report_customer', '0'),
@@ -628,7 +629,7 @@ opcache.interned_strings_buffer'),
 	('system', 'apacheitksupport', '0'),
 	('system', 'leprivatekey', 'unset'),
 	('system', 'lepublickey', 'unset'),
-	('system', 'letsencryptca', 'production'),
+	('system', 'letsencryptca', 'letsencrypt'),
 	('system', 'letsencryptcountrycode', 'DE'),
 	('system', 'letsencryptstate', 'Hessen'),
 	('system', 'letsencryptchallengepath', '/var/www/froxlor'),
@@ -677,6 +678,10 @@ opcache.interned_strings_buffer'),
 	('system', 'hide_incompatible_settings', '0'),
 	('system', 'include_default_vhostconf', '0'),
 	('system', 'soaemail', ''),
+	('system', 'domaindefaultalias', '0'),
+	('system', 'createstdsubdom_default', '1'),
+	('system', 'froxlorusergroup', ''),
+	('system', 'froxlorusergroup_gid', ''),
 	('api', 'enabled', '0'),
 	('2fa', 'enabled', '1'),
 	('panel', 'decimal_places', '4'),
@@ -689,7 +694,6 @@ opcache.interned_strings_buffer'),
 	('panel', 'paging', '20'),
 	('panel', 'natsorting', '1'),
 	('panel', 'sendalternativemail', '0'),
-	('panel', 'no_robots', '1'),
 	('panel', 'allow_domain_change_admin', '0'),
 	('panel', 'allow_domain_change_customer', '0'),
 	('panel', 'frontend', 'froxlor'),
@@ -714,8 +718,12 @@ opcache.interned_strings_buffer'),
 	('panel', 'imprint_url', ''),
 	('panel', 'terms_url', ''),
 	('panel', 'privacy_url', ''),
-	('panel', 'version', '0.10.26'),
-	('panel', 'db_version', '202103240');
+	('panel', 'logo_image_header', ''),
+	('panel', 'logo_image_login', ''),
+	('panel', 'logo_overridetheme', '0'),
+	('panel', 'logo_overridecustom', '0'),
+	('panel', 'version', '0.10.29'),
+	('panel', 'db_version', '202109040');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;
@@ -814,7 +822,8 @@ INSERT INTO `panel_languages` (`id`, `language`, `iso`, `file`) VALUES
     (4, 'Português', 'pt', 'lng/portugues.lng.php'),
     (5, 'Italiano', 'it', 'lng/italian.lng.php'),
     (6, 'Nederlands', 'nl', 'lng/dutch.lng.php'),
-    (7, 'Svenska', 'sv', 'lng/swedish.lng.php');
+    (7, 'Svenska', 'sv', 'lng/swedish.lng.php'),
+    (8, 'Česká republika', 'cs', 'lng/czech.lng.php');
 
 
 DROP TABLE IF EXISTS `panel_syslog`;

install/lib/class.FroxlorInstall.php

@@ -123,7 +123,7 @@ class FroxlorInstall
 		if ((isset($_POST['installstep']) && $_POST['installstep'] == '1') || (isset($_GET['check']) && $_GET['check'] == '1')) {
 			$pagetitle = $this->_lng['install']['title'];
 			if ($this->_checkPostData()) {
-				// ceck data and create userdata etc.etc.etc.
+				// check data and create userdata etc.etc.etc.
 				$result = $this->_doInstall();
 			} elseif (isset($_GET['check']) && $_GET['check'] == '1') {
 				// gather data
@@ -163,10 +163,13 @@ class FroxlorInstall
 
 		$this->_getPostField('mysql_host', '127.0.0.1');
 		$this->_getPostField('mysql_database', 'froxlor');
+		$this->_getPostField('mysql_forcecreate', '0');
 		$this->_getPostField('mysql_unpriv_user', 'froxlor');
 		$this->_getPostField('mysql_unpriv_pass');
 		$this->_getPostField('mysql_root_user', 'root');
 		$this->_getPostField('mysql_root_pass');
+		$this->_getPostField('mysql_ssl_ca_file');
+		$this->_getPostField('mysql_ssl_verify_server_certificate', 0);
 		$this->_getPostField('admin_user', 'admin');
 		$this->_getPostField('admin_pass1');
 		$this->_getPostField('admin_pass2');
@@ -212,6 +215,12 @@ class FroxlorInstall
 		$options = array(
 			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8'
 		);
+
+		if (!empty($this->_data['mysql_ssl_ca_file'])) {
+			$options[\PDO::MYSQL_ATTR_SSL_CA] = $this->_data['mysql_ssl_ca_file'];
+			$options[\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool) $this->_data['mysql_ssl_verify_server_certificate'];
+		}
+
 		$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";";
 		$fatal_fail = false;
 		try {
@@ -246,15 +255,23 @@ class FroxlorInstall
 			$content .= $this->_status_message('green', "OK");
 			// check for existing db and create backup if so
 			$content .= $this->_backupExistingDatabase($db_root);
+			if (!$this->_abort) {
 				// create unprivileged user and the database itself
 				$content .= $this->_createDatabaseAndUser($db_root);
 				// importing data to new database
 				$content .= $this->_importDatabaseData();
+			}
 			if (! $this->_abort) {
 				// create DB object for new database
 				$options = array(
 					'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8'
 				);
+
+				if (!empty($this->_data['mysql_ssl_ca_file'])) {
+					$options[\PDO::MYSQL_ATTR_SSL_CA] = $this->_data['mysql_ssl_ca_file'];
+					$options[\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool) $this->_data['mysql_ssl_verify_server_certificate'];
+				}
+
 				$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";dbname=" . $this->_data['mysql_database'] . ";";
 				$another_fail = false;
 				try {
@@ -324,10 +341,14 @@ class FroxlorInstall
 		$userdata .= "\$sql['user']='" . addcslashes($this->_data['mysql_unpriv_user'], "'\\") . "';\n";
 		$userdata .= "\$sql['password']='" . addcslashes($this->_data['mysql_unpriv_pass'], "'\\") . "';\n";
 		$userdata .= "\$sql['db']='" . addcslashes($this->_data['mysql_database'], "'\\") . "';\n";
+		$userdata .= "\$sql['ssl']['caFile']='" . addcslashes($this->_data['mysql_ssl_ca_file'], "'\\") . "';\n";
+		$userdata .= "\$sql['ssl']['verifyServerCertificate']='" . addcslashes($this->_data['mysql_ssl_verify_server_certificate'], "'\\") . "';\n";
 		$userdata .= "\$sql_root[0]['caption']='Default';\n";
 		$userdata .= "\$sql_root[0]['host']='" . addcslashes($this->_data['mysql_host'], "'\\") . "';\n";
 		$userdata .= "\$sql_root[0]['user']='" . addcslashes($this->_data['mysql_root_user'], "'\\") . "';\n";
 		$userdata .= "\$sql_root[0]['password']='" . addcslashes($this->_data['mysql_root_pass'], "'\\") . "';\n";
+		$userdata .= "\$sql_root[0]['ssl']['caFile']='" . addcslashes($this->_data['mysql_ssl_ca_file'], "'\\") . "';\n";
+		$userdata .= "\$sql_root[0]['ssl']['verifyServerCertificate']='" . addcslashes($this->_data['mysql_ssl_verify_server_certificate'], "'\\") . "';\n";
 		$userdata .= "// enable debugging to browser in case of SQL errors\n";
 		$userdata .= "\$sql['debug'] = false;\n";
 		$userdata .= "?>";
@@ -360,6 +381,30 @@ class FroxlorInstall
 		return $content;
 	}
 
+	/**
+	 * generate safe unique token
+	 *
+	 * @param int $length
+	 * @return string
+	 */
+	private function genUniqueToken(int $length = 16)
+	{
+		if(!isset($length) || intval($length) <= 8 ){
+			$length = 16;
+		}
+		if (function_exists('random_bytes')) {
+			return bin2hex(random_bytes($length));
+		}
+		if (function_exists('mcrypt_create_iv')) {
+			return bin2hex(mcrypt_create_iv($length, MCRYPT_DEV_URANDOM));
+		}
+		if (function_exists('openssl_random_pseudo_bytes')) {
+			return bin2hex(openssl_random_pseudo_bytes($length));
+		}
+		// if everything else fails, use unsafe fallback
+		return md5(uniqid(microtime(), 1));
+	}
+
 	/**
 	 * create corresponding entries in froxlor database
 	 *
@@ -404,7 +449,7 @@ class FroxlorInstall
 		$ins_data = array(
 			'loginname' => $this->_data['admin_user'],
 			/* use SHA256 default crypt */
-				'password' => crypt($this->_data['admin_pass1'], '$5$' . md5(uniqid(microtime(), 1)) . md5(uniqid(microtime(), 1))),
+			'password' => crypt($this->_data['admin_pass1'], '$5$' . $this->genUniqueToken() . $this->genUniqueToken()),
 			'email' => 'admin@' . $this->_data['servername'],
 			'deflang' => $this->_languages[$this->_activelng]
 		);
@@ -555,6 +600,12 @@ class FroxlorInstall
 		$options = array(
 			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8'
 		);
+
+		if (!empty($this->_data['mysql_ssl_ca_file'])) {
+			$options[\PDO::MYSQL_ATTR_SSL_CA] = $this->_data['mysql_ssl_ca_file'];
+			$options[\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool) $this->_data['mysql_ssl_verify_server_certificate'];
+		}
+
 		$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";dbname=" . $this->_data['mysql_database'] . ";";
 		$fatal_fail = false;
 		try {
@@ -687,7 +738,7 @@ class FroxlorInstall
 		if (version_compare($db_root->getAttribute(\PDO::ATTR_SERVER_VERSION), '8.0.11', '>=')) {
 			// create user
 			$stmt = $db_root->prepare("
-				CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED BY :password
+				CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED WITH mysql_native_password BY :password
 			");
 			$stmt->execute(array(
 				"password" => $password
@@ -733,13 +784,17 @@ class FroxlorInstall
 		));
 		$rows = $db_root->query("SELECT FOUND_ROWS()")->fetchColumn();
 
+		$content .= $this->_status_message('begin', $this->_lng['install']['check_db_exists']);
+
 		// check result
 		if ($result_stmt !== false && $rows > 0) {
 			$tables_exist = true;
 		}
 
-		if ($tables_exist) {
-			// tell whats going on
+		if ($tables_exist && (int)$this->_data['mysql_forcecreate'] > 0) {
+			// set status
+			$content .= $this->_status_message('orange', 'exists (' . $this->_data['mysql_database'] . ')');
+			// tell what's going on
 			$content .= $this->_status_message('begin', $this->_lng['install']['backup_old_db']);
 
 			// create temporary backup-filename
@@ -755,17 +810,29 @@ class FroxlorInstall
 				$mysql_dump = '/usr/local/bin/mysqldump';
 			}
 
+			// create temporary .cnf file
+			$cnffilename = "/tmp/froxlor_dump.cnf";
+			$dumpcnf = "[mysqldump]".PHP_EOL."password=\"".$this->_data['mysql_root_pass']."\"".PHP_EOL;
+			file_put_contents($cnffilename, $dumpcnf);
+
 			if ($do_backup) {
-				$command = $mysql_dump . " " . escapeshellarg($this->_data['mysql_database']) . " -u " . escapeshellarg($this->_data['mysql_root_user']) . " --password='" . escapeshellarg($this->_data['mysql_root_pass']) . "' --result-file=" . $filename;
-				$output = exec($command);
-				if (stristr($output, "error")) {
+				$command = $mysql_dump . " --defaults-extra-file=" . $cnffilename . " " . escapeshellarg($this->_data['mysql_database']) . " -u " . escapeshellarg($this->_data['mysql_root_user']) . " --result-file=" . $filename;
+				$output = [];
+				exec($command, $output);
+				@unlink($cnffilename);
+				if (stristr(implode(" ", $output), "error") || !file_exists($filename)) {
 					$content .= $this->_status_message('red', $this->_lng['install']['backup_failed']);
+					$this->_abort = true;
 				} else {
 					$content .= $this->_status_message('green', 'OK (' . $filename . ')');
 				}
 			} else {
 				$content .= $this->_status_message('red', $this->_lng['install']['backup_binary_missing']);
+				$this->_abort = true;
 			}
+		} else {
+			$content .= $this->_status_message('red', $this->_lng['install']['db_exists']);
+			$this->_abort = true;
 		}
 
 		return $content;
@@ -784,7 +851,7 @@ class FroxlorInstall
 		}
 		// language selection
 		$language_options = '';
-		foreach ($this->_languages as $language_name => $language_file) {
+		foreach ($this->_languages as $language_file => $language_name) {
 			$language_options .= \Froxlor\UI\HTML::makeoption($language_name, $language_file, $this->_activelng, true, true);
 		}
 		// get language-form-template
@@ -801,6 +868,8 @@ class FroxlorInstall
 		$formdata .= $this->_getSectionItemString('mysql_host', true);
 		// database
 		$formdata .= $this->_getSectionItemString('mysql_database', true);
+		// database overwrite if exists?
+		$formdata .= $this->_getSectionItemYesNo('mysql_forcecreate', false);
 		// unpriv-user has to be different from root
 		if ($this->_data['mysql_unpriv_user'] == $this->_data['mysql_root_user']) {
 			$style = 'blue';
@@ -830,6 +899,9 @@ class FroxlorInstall
 		}
 		$formdata .= $this->_getSectionItemString('mysql_root_pass', true, $style, 'password');
 
+		$formdata .= $this->_getSectionItemString('mysql_ssl_ca_file', false, $style);
+		$formdata .= $this->_getSectionItemYesNo('mysql_ssl_verify_server_certificate', false, $style);
+
 		/**
 		 * admin data
 		 */
@@ -867,19 +939,24 @@ class FroxlorInstall
 		}
 
 		// show list of available distro's
+		$distributions_select_data = [];
 		$distros = glob(\Froxlor\FileDir::makeCorrectDir(\Froxlor\Froxlor::getInstallDir() . '/lib/configfiles/') . '*.xml');
 		foreach ($distros as $_distribution) {
 			$dist = new \Froxlor\Config\ConfigParser($_distribution);
 			$dist_display = $dist->distributionName . " " . $dist->distributionCodename . " (" . $dist->distributionVersion . ")";
+			if (!array_key_exists($dist_display, $distributions_select_data)) {
+				$distributions_select_data[$dist_display] = '';
+			}
 			$distributions_select_data[$dist_display] .= str_replace(".xml", "", strtolower(basename($_distribution)));
 		}
 
 		// sort by distribution name
 		ksort($distributions_select_data);
 
+		$distributions_select = '';
 		foreach ($distributions_select_data as $dist_display => $dist_index) {
 			// create select-box-option
-			$distributions_select .= \Froxlor\UI\HTML::makeoption($dist_display, $dist_index, $this->_data['distribution']);
+			$distributions_select .= \Froxlor\UI\HTML::makeoption($dist_display, $dist_index, $this->_data['distribution'] ?? '');
 			// $this->_data['distribution']
 		}
 
@@ -994,7 +1071,6 @@ class FroxlorInstall
 	 */
 	private function _getSectionItemSelectbox($fieldname = null, $options = null, $style = "")
 	{
-		$groupname = $this->_lng['install'][$groupname];
 		$fieldlabel = $this->_lng['install'][$fieldname];
 
 		$sectionitem = "";
@@ -1306,10 +1382,12 @@ class FroxlorInstall
 		// from form
 		if (! empty($_POST['serverip'])) {
 			$this->_data['serverip'] = $_POST['serverip'];
+			$this->_data['serverip'] = inet_ntop(inet_pton($this->_data['serverip']));
 			return;
 			// from $_SERVER
 		} elseif (! empty($_SERVER['SERVER_ADDR'])) {
 			$this->_data['serverip'] = $_SERVER['SERVER_ADDR'];
+			$this->_data['serverip'] = inet_ntop(inet_pton($this->_data['serverip']));
 			return;
 		}
 		// empty
@@ -1357,7 +1435,14 @@ class FroxlorInstall
 
 			// read os-release
 			if (file_exists('/etc/os-release')) {
-				$os_dist = parse_ini_file('/etc/os-release', false);
+				$os_dist_content = file_get_contents('/etc/os-release');
+				$os_dist_arr = explode("\n", $os_dist_content);
+				$os_dist = [];
+				foreach ($os_dist_arr as $os_dist_line) {
+					if (empty(trim($os_dist_line))) continue;
+					$tmp = explode("=", $os_dist_line);
+					$os_dist[$tmp[0]] = str_replace('"', "", trim($tmp[1]));
+				}
 				if (is_array($os_dist) && array_key_exists('ID', $os_dist) && array_key_exists('VERSION_ID', $os_dist)) {
 					$os_version = explode('.', $os_dist['VERSION_ID'])[0];
 				}

install/lng/english.lng.php

@@ -23,7 +23,7 @@ $lng['requirements']['notfound'] = 'not found';
 $lng['requirements']['notinstalled'] = 'not installed';
 $lng['requirements']['activated'] = 'enabled';
 $lng['requirements']['phpversion'] = 'PHP version >= 7.0';
-$lng['requirements']['newerphpprefered'] = 'Good, but php-7.1 is prefered.';
+$lng['requirements']['newerphpprefered'] = 'Good, but php-7.1 is preferred.';
 $lng['requirements']['phppdo'] = 'PHP PDO extension and PDO-MySQL driver...';
 $lng['requirements']['phpsession'] = 'PHP session-extension...';
 $lng['requirements']['phpctype'] = 'PHP ctype-extension...';
@@ -39,7 +39,7 @@ $lng['requirements']['phpjson'] = 'PHP json-extension...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-calculation related functions will not work correctly!';
 $lng['requirements']['zipdescription'] = 'The auto-update feature requires the zip extension.';
 $lng['requirements']['openbasedir'] = 'open_basedir...';
-$lng['requirements']['openbasedirenabled'] = 'Froxlor will not work properly with open_basedir enabled. Please disable open_basedir for Froxlor in the coresponding php.ini';
+$lng['requirements']['openbasedirenabled'] = 'Froxlor will not work properly with open_basedir enabled. Please disable open_basedir for Froxlor in the corresponding php.ini';
 $lng['requirements']['mysqldump'] = 'MySQL dump tool';
 $lng['requirements']['mysqldumpmissing'] = 'Automatic backup of possible existing database is not possible. Please install mysql-client tools';
 $lng['requirements']['diedbecauseofrequirements'] = 'Cannot install Froxlor without these requirements! Try to fix them and retry.';
@@ -53,10 +53,13 @@ $lng['install']['welcometext'] = 'Thank you for choosing Froxlor. Please fill ou
 $lng['install']['database'] = 'Database connection';
 $lng['install']['mysql_host'] = 'MySQL-Hostname';
 $lng['install']['mysql_database'] = 'Database name';
+$lng['install']['mysql_forcecreate'] = 'Backup and overwrite database if exists?';
 $lng['install']['mysql_unpriv_user'] = 'Username for the unprivileged MySQL-account';
 $lng['install']['mysql_unpriv_pass'] = 'Password for the unprivileged MySQL-account';
 $lng['install']['mysql_root_user'] = 'Username for the MySQL-root-account';
 $lng['install']['mysql_root_pass'] = 'Password for the MySQL-root-account';
+$lng['install']['mysql_ssl_ca_file'] = 'MySQL server certificate file path';
+$lng['install']['mysql_ssl_verify_server_certificate'] = 'Verify MySQL TLS certificate';
 $lng['install']['admin_account'] = 'Administrator Account';
 $lng['install']['admin_user'] = 'Administrator Username';
 $lng['install']['admin_pass1'] = 'Administrator Password';
@@ -79,6 +82,8 @@ $lng['install']['testing_mysql_fail'] = 'There seems to be a problem with the da
 $lng['install']['backup_old_db'] = 'Creating backup of old database...';
 $lng['install']['backup_binary_missing'] = 'Could not find mysqldump';
 $lng['install']['backup_failed'] = 'Could not backup database';
+$lng['install']['check_db_exists'] = 'Checking database...';
+$lng['install']['db_exists'] = 'Unable to create database. A database with the same name exists and should not be overwritten';
 $lng['install']['prepare_db'] = 'Preparing database...';
 $lng['install']['create_mysqluser_and_db'] = 'Creating database and username...';
 $lng['install']['testing_new_db'] = 'Testing if database and user have been created correctly...';

install/lng/german.lng.php

@@ -53,10 +53,13 @@ $lng['install']['welcometext'] = 'Vielen Dank dass Sie sich für Froxlor entschi
 $lng['install']['database'] = 'Datenbankverbindung';
 $lng['install']['mysql_host'] = 'MySQL-Hostname';
 $lng['install']['mysql_database'] = 'Datenbank Name';
+$lng['install']['mysql_forcecreate'] = 'Datenbank sichern und überschreiben wenn vorhanden?';
 $lng['install']['mysql_unpriv_user'] = 'Benutzername für den unprivilegierten MySQL-Account';
 $lng['install']['mysql_unpriv_pass'] = 'Passwort für den unprivilegierten MySQL-Account';
 $lng['install']['mysql_root_user'] = 'Benutzername für den MySQL-Root-Account';
 $lng['install']['mysql_root_pass'] = 'Passwort für den MySQL-Root-Account';
+$lng['install']['mysql_ssl_ca_file'] = 'MySQL-Server Zertifikatspfad';
+$lng['install']['mysql_ssl_verify_server_certificate'] = 'Validieren des MySQL-Server Zertifikats';
 $lng['install']['admin_account'] = 'Admin-Zugang';
 $lng['install']['admin_user'] = 'Administrator-Benutzername';
 $lng['install']['admin_pass1'] = 'Administrator-Passwort';
@@ -79,6 +82,8 @@ $lng['install']['testing_mysql_fail'] = 'Bei der Verwendung der Datenbank gibt e
 $lng['install']['backup_old_db'] = 'Sicherung vorheriger Datenbank...';
 $lng['install']['backup_binary_missing'] = 'Konnte mysqldump nicht finden';
 $lng['install']['backup_failed'] = 'Sicherung fehlgeschlagen';
+$lng['install']['check_db_exists'] = 'Databenbank wird geprüft...';
+$lng['install']['db_exists'] = 'Datenbank kann nicht erstellt werden. Eine Datenbank mit dem selben Namen existiert bereits und soll nicht überschrieben werden.';
 $lng['install']['prepare_db'] = 'Datenbank wird vorbereitet...';
 $lng['install']['create_mysqluser_and_db'] = 'Erstelle Datenbank und Benutzer...';
 $lng['install']['testing_new_db'] = 'Teste, ob Datenbank und Benutzer korrekt angelegt wurden...';

install/updates/froxlor/0.10/update_0.10.inc.php

@@ -1,6 +1,7 @@
 <?php
 use Froxlor\Database\Database;
 use Froxlor\Settings;
+use Froxlor\Validate\Validate;
 
 /**
  * This file is part of the Froxlor project.
@@ -803,3 +804,137 @@ if (\Froxlor\Froxlor::isFroxlorVersion('0.10.25')) {
     showUpdateStep("Updating from 0.10.25 to 0.10.26", false);
     \Froxlor\Froxlor::updateToVersion('0.10.26');
 }
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202103240')) {
+
+    showUpdateStep("Adding setting for default serveralias value for new domains", true);
+    Settings::AddNew("system.domaindefaultalias", '0');
+    lastStepStatus(0);
+
+    \Froxlor\Froxlor::updateToDbVersion('202106160');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202106160')) {
+
+    showUpdateStep("Adjusting Let's Encrypt endpoint configuration to support ZeroSSL", true);
+    if (Settings::Get('system.letsencryptca') == 'testing') {
+        Settings::Set("system.letsencryptca", 'letsencrypt_test');
+    } else {
+        Settings::Set("system.letsencryptca", 'letsencrypt');
+    }
+    lastStepStatus(0);
+
+    \Froxlor\Froxlor::updateToDbVersion('202106270');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202106270')) {
+    showUpdateStep("Adding custom logo image settings", true);
+    Settings::AddNew("panel.logo_image_header", '');
+    Settings::AddNew("panel.logo_image_login", '');
+    lastStepStatus(0);
+
+    // Migrating old custom logo over, if exists
+    $custom_logo_file_old = \Froxlor\Froxlor::getInstallDir() . '/templates/Sparkle/assets/img/logo_custom.png';
+    if (file_exists($custom_logo_file_old)) {
+        showUpdateStep("Migrating existing custom logo to new settings", true);
+
+        $path = \Froxlor\Froxlor::getInstallDir().'/img/';
+        if (!is_dir($path) && !mkdir($path, 0775)) {
+            throw new \Exception("img directory does not exist and cannot be created");
+        }
+        if (!is_writable($path)) {
+            if (!chmod($path, '0775')) {
+                throw new \Exception("Cannot write to img directory");
+            }
+        }
+
+        // Save as new custom logo header
+        $save_to = 'logo_header.png';
+        copy($custom_logo_file_old, $path.$save_to);
+        Settings::Set("panel.logo_image_header", "img/{$save_to}?v=".time());
+
+        // Save as new custom logo login
+        $save_to = 'logo_login.png';
+        copy($custom_logo_file_old, $path.$save_to);
+        Settings::Set("panel.logo_image_login", "img/{$save_to}?v=".time());
+
+        lastStepStatus(0);
+    }
+
+    \Froxlor\Froxlor::updateToDbVersion('202107070');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.26')) {
+	showUpdateStep("Updating from 0.10.26 to 0.10.27", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.27');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202107070')) {
+	showUpdateStep("Adding settings to overwrite theme- or custom theme-logo with the new logo settings", true);
+	Settings::AddNew("panel.logo_overridetheme", '0');
+	Settings::AddNew("panel.logo_overridecustom", '0');
+	lastStepStatus(0);
+	\Froxlor\Froxlor::updateToDbVersion('202107200');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202107200')) {
+	showUpdateStep("Adding settings to define default value of 'create std-subdomain' when creating a customer", true);
+	Settings::AddNew("system.createstdsubdom_default", '1');
+	lastStepStatus(0);
+	\Froxlor\Froxlor::updateToDbVersion('202107210');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202107210')) {
+	showUpdateStep("Normalizing ipv6 for correct comparison", true);
+	$result_stmt = Database::prepare("
+		SELECT `id`, `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "`"
+	);
+	Database::pexecute($result_stmt);
+	$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_IPSANDPORTS . "` SET `ip` = :ip WHERE `id` = :id");
+	while ($iprow = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
+		if (Validate::is_ipv6($iprow['ip'])) {
+			$ip = inet_ntop(inet_pton($iprow['ip']));
+			Database::pexecute($upd_stmt, [
+				'ip' => $ip,
+				'id' => $iprow['id']
+			]);
+		}
+	}
+	lastStepStatus(0);
+	\Froxlor\Froxlor::updateToDbVersion('202107260');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202107260')) {
+	showUpdateStep("Removing setting for search-engine allow yes/no", true);
+	Database::query("DELETE FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'panel' AND `varname` = 'no_robots'");
+	lastStepStatus(0);
+	showUpdateStep("Adding setting to have all froxlor customers in a local group", true);
+	Settings::AddNew("system.froxlorusergroup", '');
+	Settings::AddNew("system.froxlorusergroup_gid", '');
+	lastStepStatus(0);
+	\Froxlor\Froxlor::updateToDbVersion('202107300');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202107300')) {
+	showUpdateStep("Adds the possibility to select the PowerDNS Operation Mode", true);
+	Settings::AddNew("system.powerdns_mode", 'Native');
+	lastStepStatus(0);
+	\Froxlor\Froxlor::updateToDbVersion('202108180');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.27')) {
+	showUpdateStep("Updating from 0.10.27 to 0.10.28", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.28');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202108180')) {
+	showUpdateStep("Adding czech language file", true);
+	Database::query("INSERT INTO `" . TABLE_PANEL_LANGUAGE . "` SET `language` = '&#268;esk&aacute; republika', `iso` = 'cs', `file` = 'lng/czech.lng.php'");
+	lastStepStatus(0);
+	\Froxlor\Froxlor::updateToDbVersion('202109040');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.28')) {
+	showUpdateStep("Updating from 0.10.28 to 0.10.29", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.29');
+}

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -2505,7 +2505,7 @@ if (\Froxlor\Froxlor::isFroxlorVersion('0.9.30')) {
 	showUpdateStep("Updating from 0.9.30 to 0.9.31-dev1", true);
 	lastStepStatus(0);
 
-	showUpdateStep("Removing unsused tables");
+	showUpdateStep("Removing unused tables");
 	Database::query("DROP TABLE IF EXISTS `ipsandports_docrootsettings`;");
 	Database::query("DROP TABLE IF EXISTS `domain_docrootsettings`;");
 	lastStepStatus(0);
@@ -2856,7 +2856,7 @@ if (\Froxlor\Froxlor::isFroxlorVersion('0.9.32-rc1')) {
 	Settings::AddNew("system.croncmdline", $croncmdline);
 	// add task to generate cron.d-file
 	\Froxlor\System\Cronjob::inserttask('99');
-	// silenty add the auto-update setting - we do not want everybody to know and use this
+	// silently add the auto-update setting - we do not want everybody to know and use this
 	// as it is a very dangerous setting
 	Settings::AddNew("system.cron_allowautoupdate", 0);
 	lastStepStatus(0);
@@ -3872,7 +3872,7 @@ opcache.interned_strings_buffer');
 
 if (\Froxlor\Froxlor::isDatabaseVersion('201801110')) {
 
-	showUpdateStep("Adding php-fpm php PATH setting for envrironment");
+	showUpdateStep("Adding php-fpm php PATH setting for environment");
 	Settings::AddNew("phpfpm.envpath", '/usr/local/bin:/usr/bin:/bin');
 	lastStepStatus(0);
 

install/updates/preconfig.php

@@ -19,7 +19,7 @@
  * Function getPreConfig
  *
  * outputs various content before the update process
- * can be continued (askes for agreement whatever is being asked)
+ * can be continued (asks for agreement whatever is being asked)
  *
  * @param string $current_version
  * @param int $current_db_version

install/updates/preconfig/0.9/preconfig_0.9.inc.php

@@ -414,7 +414,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version, $c
 
 		if (Settings::Get('system.webserver') == 'apache2') {
 			$has_preconfig = true;
-			$description = 'Froxlor now supports the new Apache 2.4. Please be aware that you need to load additional apache-modules in ordner to use it.<br />';
+			$description = 'Froxlor now supports the new Apache 2.4. Please be aware that you need to load additional apache-modules in order to use it.<br />';
 			$description .= '<pre>LoadModule authz_core_module modules/mod_authz_core.so
 					LoadModule authz_host_module modules/mod_authz_host.so</pre><br />';
 			$question = '<strong>Do you want to enable the Apache-2.4 modification?:</strong>&nbsp;';

lib/Froxlor/Api/Commands/Certificates.php

@@ -189,7 +189,7 @@ class Certificates extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 	 */
 	public function listing()
 	{
-		// select all my (accessable) certificates
+		// select all my (accessible) certificates
 		$certs_stmt_query = "SELECT s.*, d.domain, d.letsencrypt, c.customerid, c.loginname
 			FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` s
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` d ON `d`.`id` = `s`.`domainid`
@@ -237,7 +237,7 @@ class Certificates extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 	 */
 	public function listingCount()
 	{
-		// select all my (accessable) certificates
+		// select all my (accessible) certificates
 		$certs_stmt_query = "SELECT COUNT(*) as num_certs
 			FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` s
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` d ON `d`.`id` = `s`.`domainid`

lib/Froxlor/Api/Commands/CustomerBackups.php

@@ -23,7 +23,7 @@ class CustomerBackups extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Re
 {
 
 	/**
-	 * check whether backup is enabled systemwide and if accessable for customer (hide_options)
+	 * check whether backup is enabled systemwide and if accessible for customer (hide_options)
 	 *
 	 * @throws \Exception
 	 */

lib/Froxlor/Api/Commands/Customers.php

@@ -308,7 +308,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 	 * @param bool $mysqls_ul
 	 *        	optional, whether customer should have unlimited mysql-databases, default 0 (false)
 	 * @param bool $createstdsubdomain
-	 *        	optional, whether to create a standard-subdomain ([loginname].froxlor-hostname.tld), default 0 (false)
+	 *        	optional, whether to create a standard-subdomain ([loginname].froxlor-hostname.tld), default [system.createstdsubdom_default]
 	 * @param bool $phpenabled
 	 *        	optional, whether to allow usage of PHP, default 0 (false)
 	 * @param array $allowed_phpconfigs
@@ -316,9 +316,9 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 	 * @param bool $perlenabled
 	 *        	optional, whether to allow usage of Perl/CGI, default 0 (false)
 	 * @param bool $dnsenabled
-	 *        	optional, wether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
+	 *        	optional, whether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
 	 * @param bool $logviewenabled
-	 *        	optional, wether to allow acccess to webserver access/error-logs, default 0 (false)
+	 *        	optional, whether to allow access to webserver access/error-logs, default 0 (false)
 	 * @param bool $store_defaultindex
 	 *        	optional, whether to store the default index file to customers homedir
 	 * @param int $hosting_plan_id
@@ -352,7 +352,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 				$gender = (int) $this->getParam('gender', true, 0);
 				$custom_notes = $this->getParam('custom_notes', true, '');
 				$custom_notes_show = $this->getBoolParam('custom_notes_show', true, 0);
-				$createstdsubdomain = $this->getBoolParam('createstdsubdomain', true, 0);
+				$createstdsubdomain = $this->getBoolParam('createstdsubdomain', true, Settings::Get('system.createstdsubdom_default'));
 				$password = $this->getParam('new_customer_password', true, '');
 				$sendpassword = $this->getBoolParam('sendpassword', true, 0);
 				$store_defaultindex = $this->getBoolParam('store_defaultindex', true, 0);
@@ -923,9 +923,9 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 	 * @param bool $perlenabled
 	 *        	optional, whether to allow usage of Perl/CGI, default 0 (false)
 	 * @param bool $dnsenabled
-	 *        	optional, ether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
+	 *        	optional, whether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
 	 * @param bool $logviewenabled
-	 *        	optional, ether to allow acccess to webserver access/error-logs, default 0 (false)
+	 *        	optional, whether to allow access to webserver access/error-logs, default 0 (false)
 	 * @param string $theme
 	 *        	optional, change theme
 	 *        	
@@ -1512,7 +1512,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 					'did' => $row['id']
 				), true, true);
 				// remove domains DNS from powerDNS if used, #581
-				\Froxlor\System\Cronjob::inserttask('11', $result['domain']);
+				\Froxlor\System\Cronjob::inserttask('11', $row['domain']);
 				// remove domain from acme.sh / lets encrypt if used
 				\Froxlor\System\Cronjob::inserttask('12', $row['domain']);
 			}

lib/Froxlor/Api/Commands/DirOptions.php

@@ -322,7 +322,7 @@ class DirOptions extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 	}
 
 	/**
-	 * returns the total number of accessable directory options
+	 * returns the total number of accessible directory options
 	 *
 	 * @param int $customerid
 	 *        	optional, admin-only, select directory-protections of a specific customer by id

lib/Froxlor/Api/Commands/DirProtections.php

@@ -305,7 +305,7 @@ class DirProtections extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Res
 	}
 
 	/**
-	 * returns the total number of accessable directory protections
+	 * returns the total number of accessible directory protections
 	 *
 	 * @param int $customerid
 	 *        	optional, admin-only, select directory-protections of a specific customer by id

lib/Froxlor/Api/Commands/Domains.php

@@ -77,7 +77,7 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	}
 
 	/**
-	 * returns the total number of accessable domains
+	 * returns the total number of accessible domains
 	 *
 	 * @access admin
 	 * @throws \Exception
@@ -193,6 +193,27 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 		return $ipandports;
 	}
 
+	/**
+	 * get ips from array of id's
+	 *
+	 * @param array $ips
+	 * @return array
+	 */
+	private function getIpsFromIdArray(array $ids)
+	{
+		$resultips_stmt = Database::prepare("
+			SELECT `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE id = :id
+		");
+		$result = [];
+		foreach ($ids as $id) {
+			$entry = Database::pexecute_first($resultips_stmt, array(
+				'id' => $id
+			));
+			$result[] = $entry['ip'];
+		}
+		return $result;
+	}
+
 	/**
 	 * add new domain entry
 	 *
@@ -213,7 +234,7 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 * @param bool $email_only
 	 *        	optional, restrict domain to email usage, default 0 (false)
 	 * @param int $selectserveralias
-	 *        	optional, 0 = wildcard, 1 = www-alias, 2 = none, default 0
+	 *        	optional, 0 = wildcard, 1 = www-alias, 2 = none, default [system.domaindefaultalias]
 	 * @param bool $speciallogfile
 	 *        	optional, whether to create an exclusive web-logfile for this domain, default 0 (false)
 	 * @param int $alias
@@ -309,7 +330,7 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 				$subcanemaildomain = $this->getParam('subcanemaildomain', true, 0);
 				$isemaildomain = $this->getBoolParam('isemaildomain', true, 0);
 				$email_only = $this->getBoolParam('email_only', true, 0);
-				$serveraliasoption = $this->getParam('selectserveralias', true, 0);
+				$serveraliasoption = $this->getParam('selectserveralias', true, Settings::Get('system.domaindefaultalias'));
 				$speciallogfile = $this->getBoolParam('speciallogfile', true, 0);
 				$aliasdomain = intval($this->getParam('alias', true, 0));
 				$issubof = $this->getParam('issubof', true, 0);
@@ -574,6 +595,15 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 					$include_specialsettings = 0;
 				}
 
+				// validate dns if lets encrypt is enabled to check whether we can use it at all
+				if ($letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
+					$domain_ips = \Froxlor\PhpHelper::gethostbynamel6($domain);
+					$selected_ips = $this->getIpsFromIdArray($ssl_ipandports);
+					if ($domain_ips == false || count(array_intersect($selected_ips, $domain_ips)) <= 0) {
+						\Froxlor\UI\Response::standard_error('invaliddnsforletsencrypt', '', true);
+					}
+				}
+
 				// We can't enable let's encrypt for wildcard-domains
 				if ($serveraliasoption == '0' && $letsencrypt == '1') {
 					\Froxlor\UI\Response::standard_error('nowildcardwithletsencrypt', '', true);
@@ -1326,6 +1356,15 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 				$include_specialsettings = 0;
 			}
 
+			// validate dns if lets encrypt is enabled to check whether we can use it at all
+			if ($letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
+				$domain_ips = \Froxlor\PhpHelper::gethostbynamel6($result['domain']);
+				$selected_ips = $this->getIpsFromIdArray($ssl_ipandports);
+				if ($domain_ips == false || count(array_intersect($selected_ips, $domain_ips)) <= 0) {
+					\Froxlor\UI\Response::standard_error('invaliddnsforletsencrypt', '', true);
+				}
+			}
+
 			// We can't enable let's encrypt for wildcard-domains
 			if ($serveraliasoption == '0' && $letsencrypt == '1') {
 				\Froxlor\UI\Response::standard_error('nowildcardwithletsencrypt', '', true);
@@ -1702,9 +1741,6 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 			");
 			Database::pexecute($_update_stmt, $_update_data, true, true);
 
-			// insert a rebuild-task
-			\Froxlor\System\Cronjob::inserttask('1');
-
 			// Cleanup domain <-> ip mapping
 			$del_stmt = Database::prepare("
 				DELETE FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :id

lib/Froxlor/Api/Commands/Emails.php

@@ -326,7 +326,7 @@ class Emails extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	}
 
 	/**
-	 * returns the total number of accessable email addresses
+	 * returns the total number of accessible email addresses
 	 *
 	 * @param int $customerid
 	 *        	optional, admin-only, select email addresses of a specific customer by id

lib/Froxlor/Api/Commands/FpmDaemons.php

@@ -79,7 +79,7 @@ class FpmDaemons extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 	}
 
 	/**
-	 * returns the total number of accessable fpm daemons
+	 * returns the total number of accessible fpm daemons
 	 *
 	 * @access admin
 	 * @throws \Exception

lib/Froxlor/Api/Commands/Ftps.php

@@ -62,7 +62,7 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
 
 		if (($this->getUserDetail('ftps_used') < $this->getUserDetail('ftps') || $this->getUserDetail('ftps') == '-1') || $this->isAdmin() && $is_defaultuser == 1) {
 
-			// required paramters
+			// required parameters
 			$path = $this->getParam('path');
 			$password = $this->getParam('ftp_password');
 
@@ -512,7 +512,7 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
 	}
 
 	/**
-	 * returns the total number of accessable ftp accounts
+	 * returns the total number of accessible ftp accounts
 	 *
 	 * @param int $customerid
 	 *        	optional, admin-only, select ftp-users of a specific customer by id

lib/Froxlor/Api/Commands/HostingPlans.php

@@ -66,7 +66,7 @@ class HostingPlans extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 	}
 
 	/**
-	 * returns the total number of accessable hosting plans
+	 * returns the total number of accessible hosting plans
 	 *
 	 * @access admin
 	 * @throws \Exception
@@ -182,9 +182,9 @@ class HostingPlans extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 	 * @param bool $perlenabled
 	 *        	optional, whether to allow usage of Perl/CGI, default 0 (false)
 	 * @param bool $dnsenabled
-	 *        	optional, ether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
+	 *        	optional, whether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
 	 * @param bool $logviewenabled
-	 *        	optional, ether to allow acccess to webserver access/error-logs, default 0 (false)
+	 *        	optional, whether to allow access to webserver access/error-logs, default 0 (false)
 	 *        	
 	 * @access admin
 	 * @throws \Exception
@@ -309,9 +309,9 @@ class HostingPlans extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 	 * @param bool $perlenabled
 	 *        	optional, whether to allow usage of Perl/CGI, default 0 (false)
 	 * @param bool $dnsenabled
-	 *        	optional, ether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
+	 *        	optional, either to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
 	 * @param bool $logviewenabled
-	 *        	optional, ether to allow acccess to webserver access/error-logs, default 0 (false)
+	 *        	optional, either to allow access to webserver access/error-logs, default 0 (false)
 	 *        	
 	 * @access admin
 	 * @throws \Exception

lib/Froxlor/Api/Commands/IpsAndPorts.php

@@ -65,7 +65,7 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 	}
 
 	/**
-	 * returns the total number of accessable ip/port entries
+	 * returns the total number of accessible ip/port entries
 	 *
 	 * @access admin
 	 * @throws \Exception
@@ -247,6 +247,9 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 				$docroot = '';
 			}
 
+			// always use compressed ipv6 format
+			$ip = inet_ntop(inet_pton($ip));
+
 			$result_checkfordouble_stmt = Database::prepare("
 			SELECT `id` FROM `" . TABLE_PANEL_IPSANDPORTS . "`
 			WHERE `ip` = :ip AND `port` = :port");
@@ -462,6 +465,9 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 				$docroot = '';
 			}
 
+			// always use compressed ipv6 format
+			$ip = inet_ntop(inet_pton($ip));
+
 			if ($result['ip'] != $ip && $result['ip'] == Settings::Get('system.ipaddress') && $result_sameipotherport == false) {
 				\Froxlor\UI\Response::standard_error('cantchangesystemip', '', true);
 			} elseif ($result_checkfordouble && $result_checkfordouble['id'] != '' && $result_checkfordouble['id'] != $id) {

lib/Froxlor/Api/Commands/Mysqls.php

@@ -31,6 +31,8 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 *        	optional, default is 0
 	 * @param string $description
 	 *        	optional, description for database
+	 * @param string $custom_suffix
+	 *			optional, name for database
 	 * @param bool $sendinfomail
 	 *        	optional, send created resource-information to customer, default: false
 	 * @param int $customerid
@@ -44,12 +46,13 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 */
 	public function add()
 	{
-		// required paramters
+		// required parameters
 		$password = $this->getParam('mysql_password');
 
 		// parameters
 		$dbserver = $this->getParam('mysql_server', true, 0);
 		$databasedescription = $this->getParam('description', true, '');
+		$databasename = $this->getParam('custom_suffix', true, '');
 		$sendinfomail = $this->getBoolParam('sendinfomail', true, 0);
 		// get needed customer info to reduce the mysql-usage-counter by one
 		$customer = $this->getCustomerData('mysqls');
@@ -58,6 +61,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 		$password = \Froxlor\Validate\Validate::validate($password, 'password', '', '', array(), true);
 		$password = \Froxlor\System\Crypt::validatePassword($password, true);
 		$databasedescription = \Froxlor\Validate\Validate::validate(trim($databasedescription), 'description', '', '', array(), true);
+		$databasename = \Froxlor\Validate\Validate::validate(trim($databasename), 'database_name', '', '', array(), true);
 
 		// validate whether the dbserver exists
 		$dbserver = \Froxlor\Validate\Validate::validate($dbserver, html_entity_decode($this->lng['mysql']['mysql_server']), '', '', 0, true);
@@ -79,7 +83,12 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 		);
 		// create database, user, set permissions, etc.pp.
 		$dbm = new \Froxlor\Database\DbManager($this->logger());
+
+		if(strtoupper(Settings::Get('customer.mysqlprefix')) == 'DBNAME' && !empty($databasename)) {
+			$username = $dbm->createDatabase($newdb_params['loginname'].'_'.$databasename, $password);
+		} else {
 			$username = $dbm->createDatabase($newdb_params['loginname'], $password, $newdb_params['mysql_lastaccountnumber']);
+		}
 
 		// we've checked against the password in dbm->createDatabase
 		if ($username == false) {
@@ -305,7 +314,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 		));
 		$id = $result['id'];
 
-		// paramters
+		// parameters
 		$password = $this->getParam('mysql_password', true, '');
 		$databasedescription = $this->getParam('description', true, $result['description']);
 
@@ -428,7 +437,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	}
 
 	/**
-	 * returns the total number of accessable databases
+	 * returns the total number of accessible databases
 	 *
 	 * @param int $customerid
 	 *        	optional, admin-only, select dbs of a specific customer by id

lib/Froxlor/Api/Commands/PhpSettings.php

@@ -122,7 +122,7 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 	}
 
 	/**
-	 * returns the total number of accessable php-setting entries
+	 * returns the total number of accessible php-setting entries
 	 *
 	 * @access admin
 	 * @throws \Exception

lib/Froxlor/Api/Commands/SubDomains.php

@@ -2,6 +2,7 @@
 namespace Froxlor\Api\Commands;
 
 use Froxlor\Database\Database;
+use Froxlor\Domain\Domain;
 use Froxlor\Settings;
 
 /**
@@ -230,6 +231,15 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				}
 			}
 
+			// validate dns if lets encrypt is enabled to check whether we can use it at all
+			if ($letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
+				$our_ips = Domain::getIpsOfDomain($domain_check['id']);
+				$domain_ips = \Froxlor\PhpHelper::gethostbynamel6($completedomain);
+				if ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {
+					\Froxlor\UI\Response::standard_error('invaliddnsforletsencrypt', '', true);
+				}
+			}
+
 			// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
 			if ($ssl_redirect > 0 && $letsencrypt == 1) {
 				$ssl_redirect = 2;
@@ -595,6 +605,15 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 			}
 		}
 
+		// validate dns if lets encrypt is enabled to check whether we can use it at all
+		if ($result['letsencrypt'] != $letsencrypt && $letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
+			$our_ips = Domain::getIpsOfDomain($result['parentdomainid']);
+			$domain_ips = \Froxlor\PhpHelper::gethostbynamel6($result['domain']);
+			if ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {
+				\Froxlor\UI\Response::standard_error('invaliddnsforletsencrypt', '', true);
+			}
+		}
+
 		// We can't enable let's encrypt for wildcard-domains
 		if ($iswildcarddomain == '1' && $letsencrypt == '1') {
 			\Froxlor\UI\Response::standard_error('nowildcardwithletsencrypt');
@@ -624,7 +643,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 			\Froxlor\Domain\Domain::updateRedirectOfDomain($id, $redirectcode);
 		}
 
-		if ($path != $result['documentroot'] || $isemaildomain != $result['isemaildomain'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $aliasdomain != $result['aliasdomain'] || $openbasedir_path != $result['openbasedir_path'] || $ssl_redirect != $result['ssl_redirect'] || $letsencrypt != $result['letsencrypt'] || $hsts_maxage != $result['hsts'] || $hsts_sub != $result['hsts_sub'] || $hsts_preload != $result['hsts_preload'] || $phpsettingid != $result['phpsettingid']) {
+		if ($path != $result['documentroot'] || $isemaildomain != $result['isemaildomain'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $aliasdomain != (int)$result['aliasdomain'] || $openbasedir_path != $result['openbasedir_path'] || $ssl_redirect != $result['ssl_redirect'] || $letsencrypt != $result['letsencrypt'] || $hsts_maxage != $result['hsts'] || $hsts_sub != $result['hsts_sub'] || $hsts_preload != $result['hsts_preload'] || $phpsettingid != $result['phpsettingid']) {
 			$stmt = Database::prepare("
 					UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
 					`documentroot` = :documentroot,
@@ -810,7 +829,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 	}
 
 	/**
-	 * returns the total number of accessable subdomain entries
+	 * returns the total number of accessible subdomain entries
 	 *
 	 * @param int $customerid
 	 *        	optional, admin-only, select (sub)domains of a specific customer by id

lib/Froxlor/Bulk/BulkAction.php

@@ -150,7 +150,7 @@ abstract class BulkAction
 
 	/**
 	 * reads in the csv import file and returns an array with
-	 * all the entites to be imported
+	 * all the entities to be imported
 	 *
 	 * @param string $separator
 	 *

lib/Froxlor/Cli/Action/ConfigServicesAction.php

@@ -402,7 +402,7 @@ class ConfigServicesAction extends \Froxlor\Cli\Action
 			} elseif (! file_exists($this->_args["froxlor-dir"])) {
 				throw new \Exception("Given froxlor directory cannot be found ('" . $this->_args["froxlor-dir"] . "')");
 			} elseif (! is_readable($this->_args["froxlor-dir"])) {
-				throw new \Exception("Given froxlor direcotry cannot be read ('" . $this->_args["froxlor-dir"] . "')");
+				throw new \Exception("Given froxlor directory cannot be read ('" . $this->_args["froxlor-dir"] . "')");
 			}
 		}
 	}

lib/Froxlor/Cli/Action/SwitchServerIpAction.php

@@ -62,7 +62,7 @@ class SwitchServerIpAction extends \Froxlor\Cli\Action
 		$ip_list = $this->_args['switch'];
 
 		if (empty($ip_list) || is_bool($ip_list)) {
-			throw new \Exception("No paramters given for --switch action.");
+			throw new \Exception("No parameters given for --switch action.");
 		}
 
 		$ips_to_switch = array();
@@ -179,7 +179,7 @@ class SwitchServerIpAction extends \Froxlor\Cli\Action
 			} elseif (! file_exists($this->_args["froxlor-dir"])) {
 				throw new \Exception("Given froxlor directory cannot be found ('" . $this->_args["froxlor-dir"] . "')");
 			} elseif (! is_readable($this->_args["froxlor-dir"])) {
-				throw new \Exception("Given froxlor direcotry cannot be read ('" . $this->_args["froxlor-dir"] . "')");
+				throw new \Exception("Given froxlor directory cannot be read ('" . $this->_args["froxlor-dir"] . "')");
 			}
 		}
 	}

lib/Froxlor/Config/ConfigDaemon.php

@@ -55,7 +55,7 @@ class ConfigDaemon
 	private $isparsed = false;
 
 	/**
-	 * Sub - area of the full - XML only holding the daemon - data we are interessted in
+	 * Sub - area of the full - XML only holding the daemon - data we are interested in
 	 *
 	 * @var \SimpleXMLElement
 	 */

lib/Froxlor/Cron/Dns/PowerDNS.php

@@ -1,6 +1,8 @@
 <?php
 namespace Froxlor\Cron\Dns;
 
+use Froxlor\Settings;
+
 /**
  * This file is part of the Froxlor project.
  * Copyright (c) 2016 the Froxlor Team (see authors).
@@ -112,14 +114,15 @@ class PowerDNS extends DnsBase
 	private function insertZone($domainname, $serial = 0)
 	{
         $ins_stmt = \Froxlor\Dns\PowerDNS::getDB()->prepare("
-			INSERT INTO domains set `name` = :domainname, `notified_serial` = :serial, `type` = 'NATIVE'
+			INSERT INTO domains set `name` = :domainname, `notified_serial` = :serial, `type` = :type
 		");
         $ins_stmt->execute(array(
             'domainname' => $domainname,
-			'serial' => $serial
+            'serial' => $serial,
+            'type' => strtoupper(Settings::Get('system.powerdns_mode'))
         ));
         $lastid = \Froxlor\Dns\PowerDNS::getDB()->lastInsertId();
-		return $lastid;
+        return $lastid;;
 	}
 
 	private function insertRecords($domainid = 0, $records = array(), $origin = "")

lib/Froxlor/Cron/Http/Apache.php

@@ -826,7 +826,7 @@ class Apache extends HttpConfigBase
 				// After inserting the AWStats information,
 				// be sure to build the awstats conf file as well
 				// and chown it using $awstats_params, #258
-				// Bug 960 + Bug 970 : Use full $domain instead of custom $awstats_params as following classes depend on the informations
+				// Bug 960 + Bug 970 : Use full $domain instead of custom $awstats_params as following classes depend on the information
 				\Froxlor\Http\Statistics::createAWStatsConf(Settings::Get('system.logfiles_directory') . $domain['loginname'] . $speciallogfile . '-access.log', $domain['domain'], $alias . $server_alias, $domain['customerroot'], $domain);
 			}
 		}

lib/Froxlor/Cron/Http/ConfigIO.php

@@ -287,7 +287,7 @@ class ConfigIO
 	}
 
 	/**
-	 * returns a file/direcotry from the settings and checks whether it exists
+	 * returns a file/directory from the settings and checks whether it exists
 	 *
 	 * @param string $group
 	 *        	settings-group

lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php

@@ -28,6 +28,14 @@ use Froxlor\FileDir;
 class AcmeSh extends \Froxlor\Cron\FroxlorCron
 {
 
+	const ACME_PROVIDER = [
+		'letsencrypt' => "https://acme-v02.api.letsencrypt.org/directory",
+		'letsencrypt_test' => "https://acme-staging-v02.api.letsencrypt.org/directory",
+		'buypass' => "https://api.buypass.com/acme/directory",
+		'buypass_test' => "https://api.test4.buypass.no/acme/directory",
+		'zerossl' => "https://acme.zerossl.com/v2/DV90"
+	];
+
 	private static $apiserver = "";
 
 	private static $acmesh = "/root/.acme.sh/acme.sh";
@@ -71,7 +79,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 		}
 
 		// set server according to settings
-		self::$apiserver = 'https://acme-' . (Settings::Get('system.letsencryptca') == 'testing' ? 'staging-' : '') . 'v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org/directory';
+		self::$apiserver = self::ACME_PROVIDER[Settings::Get('system.letsencryptca')];
 
 		// validate acme.sh installation
 		if (! self::checkInstall()) {
@@ -279,12 +287,18 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 			$our_ips = Domain::getIpsOfDomain($domain_id);
 			foreach ($loop_domains as $idx => $domain) {
 				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Validating DNS of " . $domain);
-				// ips accordint to NS
+				// ips according to NS
 				$domain_ips = PhpHelper::gethostbynamel6($domain);
 				if ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {
 					// no common ips...
 					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $domain . " due to no system known IP address via DNS check");
 					unset($domains[$idx]);
+					// in order to avoid a cron-loop that tries to get a certificate every 5 minutes, we disable let's encrypt for this domain
+					$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `letsencrypt` = '0' WHERE `id` = :did");
+					Database::pexecute($upd_stmt, [
+						'did' => $domain_id
+					]);
+					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Let's Encrypt deactivated for domain " . $domain);
 				}
 			}
 		}
@@ -306,7 +320,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 			if (Settings::Get('system.letsencryptreuseold') != '1') {
 				$acmesh_cmd .= " --always-force-new-domain-key";
 			}
-			if (Settings::Get('system.letsencryptca') == 'testing') {
+			if (Settings::Get('system.letsencryptca') == 'letsencrypt_test') {
 				$acmesh_cmd .= " --staging";
 			}
 			if ($force) {

lib/Froxlor/Cron/Http/Lighttpd.php

@@ -678,7 +678,7 @@ class Lighttpd extends HttpConfigBase
 				// After inserting the AWStats information,
 				// be sure to build the awstats conf file as well
 				// and chown it using $awstats_params, #258
-				// Bug 960 + Bug 970 : Use full $domain instead of custom $awstats_params as following classes depend on the informations
+				// Bug 960 + Bug 970 : Use full $domain instead of custom $awstats_params as following classes depend on the information
 				\Froxlor\Http\Statistics::createAWStatsConf(Settings::Get('system.logfiles_directory') . $domain['loginname'] . $speciallogfile . '-access.log', $domain['domain'], $alias . $server_alias, $domain['customerroot'], $domain);
 			}
 		}

lib/Froxlor/Cron/Http/Nginx.php

@@ -1153,7 +1153,7 @@ class Nginx extends HttpConfigBase
 				// After inserting the AWStats information,
 				// be sure to build the awstats conf file as well
 				// and chown it using $awstats_params, #258
-				// Bug 960 + Bug 970 : Use full $domain instead of custom $awstats_params as following classes depend on the informations
+				// Bug 960 + Bug 970 : Use full $domain instead of custom $awstats_params as following classes depend on the information
 				\Froxlor\Http\Statistics::createAWStatsConf(Settings::Get('system.logfiles_directory') . $domain['loginname'] . $speciallogfile . '-access.log', $domain['domain'], $alias . $server_alias, $domain['customerroot'], $domain);
 			}
 		}

lib/Froxlor/Cron/Http/Php/Fcgid.php

@@ -94,7 +94,7 @@ class Fcgid
 		// Set Binary
 		$starter_file .= "exec " . $phpconfig['binary'] . " -c " . escapeshellarg($this->getConfigDir()) . "\n";
 
-		// remove +i attibute, so starter can be overwritten
+		// remove +i attribute, so starter can be overwritten
 		if (file_exists($this->getStarterFile())) {
 			\Froxlor\FileDir::removeImmutable($this->getStarterFile());
 		}

lib/Froxlor/Cron/Http/Php/Fpm.php

@@ -218,7 +218,7 @@ class Fpm
 					$openbasedir .= $_phpappendopenbasedir;
 				}
 			}
-			$fpm_config .= 'php_admin_value[session.save_path] = ' . \Froxlor\FileDir::makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->domain['loginname'] . '/') . "\n";
+
 			$fpm_config .= 'php_admin_value[upload_tmp_dir] = ' . \Froxlor\FileDir::makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->domain['loginname'] . '/') . "\n";
 
 			$admin = $this->getAdminData($this->domain['adminid']);
@@ -261,6 +261,11 @@ class Fpm
 				$fpm_config .= 'php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f ' . $this->domain['email'] . "\n";
 			}
 
+			// check for session.save_path, whether it has been specified by the user, if not, set a default
+			if (strpos($fpm_config, 'php_value[session.save_path]') === false && strpos($fpm_config, 'php_admin_value[session.save_path]') === false) {
+				$fpm_config .= 'php_admin_value[session.save_path] = ' . $this->getTempDir() . "\n";
+			}
+
 			// append custom phpfpm configuration
 			if (! empty($fpm_custom_config)) {
 				$fpm_config .= "\n; Custom Configuration\n";

lib/Froxlor/Cron/System/Extrausers.php

@@ -2,6 +2,7 @@
 namespace Froxlor\Cron\System;
 
 use Froxlor\Database\Database;
+use Froxlor\Settings;
 
 /**
  * This file is part of the Froxlor project.
@@ -25,12 +26,13 @@ class Extrausers
 		// passwd
 		$passwd = '/var/lib/extrausers/passwd';
 		$sql = "SELECT customerid,username,'x' as password,uid,gid,'Froxlor User' as comment,homedir,shell, login_enabled FROM ftp_users ORDER BY uid, LENGTH(username) ASC";
-		self::generateFile($passwd, $sql, $cronlog);
+		$users_list = [];
+		self::generateFile($passwd, $sql, $cronlog, $users_list);
 
 		// group
 		$group = '/var/lib/extrausers/group';
 		$sql = "SELECT groupname,'x' as password,gid,members FROM ftp_groups ORDER BY gid ASC";
-		self::generateFile($group, $sql, $cronlog);
+		self::generateFile($group, $sql, $cronlog, $users_list);
 
 		// shadow
 		$shadow = '/var/lib/extrausers/shadow';
@@ -44,7 +46,7 @@ class Extrausers
 		@chmod('/var/lib/extrausers/shadow', 0640);
 	}
 
-	private static function generateFile($file, $query, &$cronlog)
+	private static function generateFile($file, $query, &$cronlog, &$result_list = null)
 	{
 		$type = basename($file);
 		$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Creating ' . $type . ' file');
@@ -74,6 +76,9 @@ class Extrausers
 						$u['comment'] = 'Locked Froxlor User';
 					}
 					$line = $u['username'] . ':' . $u['password'] . ':' . $u['uid'] . ':' . $u['gid'] . ':' . $u['comment'] . ':' . $u['homedir'] . ':' . $u['shell'] . PHP_EOL;
+					if (is_array($result_list)) {
+						$result_list[] = $u['username'];
+					}
 					break;
 				case 'group':
 					$line = $u['groupname'] . ':' . $u['password'] . ':' . $u['gid'] . ':' . $u['members'] . PHP_EOL;
@@ -84,6 +89,19 @@ class Extrausers
 			}
 			$data_content .= $line;
 		}
+
+		// check for local group to generate
+		if ($type == 'group' && Settings::Get('system.froxlorusergroup') != '') {
+			$guid = intval(Settings::Get('system.froxlorusergroup_gid'));
+			if (empty($guid)) {
+				$guid = intval(Settings::Get('system.lastguid')) + 1;
+				Settings::Set('system.lastguid', $guid, true);
+				Settings::Set('system.froxlorusergroup_gid', $guid, true);
+			}
+			$line = Settings::Get('system.froxlorusergroup') . ':x:' . $guid . ':' . implode(',', $result_list) . PHP_EOL;
+			$data_content .= $line;
+		}
+
 		if (file_put_contents($file, $data_content) !== false) {
 			$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Succesfully wrote ' . $type . ' file');
 		} else {

lib/Froxlor/Cron/Traffic/TrafficCron.php

@@ -69,7 +69,7 @@ class TrafficCron extends \Froxlor\Cron\FroxlorCron
 		}
 
 		/**
-		 * TRAFFIC AND DISKUSAGE MESSURE
+		 * TRAFFIC AND DISKUSAGE MEASURE
 		 */
 		\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, 'Traffic run started...');
 		$admin_traffic = array();

lib/Froxlor/Database/Database.php

@@ -165,7 +165,7 @@ class Database
 	}
 
 	/**
-	 * returns the sql-access data as array using indeces
+	 * returns the sql-access data as array using indices
 	 * 'user', 'passwd' and 'host'.
 	 * Returns false if not enabled
 	 *
@@ -279,6 +279,8 @@ class Database
 			$host = $sql_root[self::$dbserver]['host'];
 			$socket = isset($sql_root[self::$dbserver]['socket']) ? $sql_root[self::$dbserver]['socket'] : null;
 			$port = isset($sql_root[self::$dbserver]['port']) ? $sql_root[self::$dbserver]['port'] : '3306';
+			$sslCAFile = $sql_root[self::$dbserver]['ssl']['caFile'] ?? "";
+			$sslVerifyServerCertificate = $sql_root[self::$dbserver]['ssl']['verifyServerCertificate'] ?? false;
 		} else {
 			$caption = 'localhost';
 			$user = $sql["user"];
@@ -286,6 +288,8 @@ class Database
 			$host = $sql["host"];
 			$socket = isset($sql['socket']) ? $sql['socket'] : null;
 			$port = isset($sql['port']) ? $sql['port'] : '3306';
+			$sslCAFile = $sql['ssl']['caFile'] ?? "";
+			$sslVerifyServerCertificate = $sql['ssl']['verifyServerCertificate'] ?? false;
 		}
 
 		// save sql-access-data if needed
@@ -297,7 +301,9 @@ class Database
 				'port' => $port,
 				'socket' => $socket,
 				'db' => $sql["db"],
-				'caption' => $caption
+				'caption' => $caption,
+				'ssl_ca_file' => $sslCAFile,
+				'ssl_verify_server_certificate' => $sslVerifyServerCertificate
 			);
 		}
 
@@ -321,6 +327,11 @@ class Database
 		} else {
 			$dbconf["dsn"]['host'] = $host;
 			$dbconf["dsn"]['port'] = $port;
+
+			if (!empty(self::$sqldata['ssl_ca_file'])) {
+				$options[\PDO::MYSQL_ATTR_SSL_CA] = self::$sqldata['ssl_ca_file'];
+				$options[\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool) self::$sqldata['ssl_verify_server_certificate'];
+			}
 		}
 
 		self::$dbname = $sql["db"];

lib/Froxlor/Database/DbManager.php

@@ -82,11 +82,13 @@ class DbManager
 			// get all usernames from db-manager
 			$allsqlusers = $this->getManager()->getAllSqlUsers();
 			// generate random username
-			$username = $loginname . '-' . substr(md5(uniqid(microtime(), 1)), 20, 3);
+			$username = $loginname . '-' . substr(\Froxlor\Froxlor::genSessionId(), 20, 3);
 			// check whether it exists on the DBMS
 			while (in_array($username, $allsqlusers)) {
-				$username = $loginname . '-' . substr(md5(uniqid(microtime(), 1)), 20, 3);
+				$username = $loginname . '-' . substr(\Froxlor\Froxlor::genSessionId(), 20, 3);
 			}
+		} elseif (strtoupper(Settings::Get('customer.mysqlprefix')) == 'DBNAME') {
+			$username = $loginname;
 		} else {
 			$username = $loginname . Settings::Get('customer.mysqlprefix') . (intval($last_accnumber) + 1);
 		}

lib/Froxlor/Database/IntegrityCheck.php

@@ -90,7 +90,7 @@ class IntegrityCheck
 			'dbname' => Database::getDbName()
 		));
 		$charset = isset($resp['default_character_set_name']) ? $resp['default_character_set_name'] : null;
-		if (! empty($charset) && strtolower($charset) != 'utf8') {
+		if (! empty($charset) && substr(strtolower($charset), 0, 4) != 'utf8') {
 			$this->log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, "database charset seems to be different from UTF-8, integrity-check can fix that");
 			if ($fix) {
 				// fix database

lib/Froxlor/Dns/Dns.php

@@ -53,7 +53,7 @@ class Dns
 			$domain = $domain_id;
 		}
 
-		if ($domain['isbinddomain'] != '1') {
+		if (!isset($domain['isbinddomain']) || $domain['isbinddomain'] != '1') {
 			return;
 		}
 
@@ -190,10 +190,24 @@ class Dns
 				'@',
 				'www',
 				'*'
-			] as $crceord) {
-				if ($entry['type'] == 'CNAME' && $entry['record'] == '@' && (array_key_exists(md5($crceord), $required_entries['A']) || array_key_exists(md5($crceord), $required_entries['AAAA']))) {
-					unset($required_entries['A'][md5($crceord)]);
-					unset($required_entries['AAAA'][md5($crceord)]);
+			] as $crecord) {
+				if ($entry['type'] == 'CNAME' && $entry['record'] == '@' && (array_key_exists(md5($crecord), $required_entries['A']) || array_key_exists(md5($crecord), $required_entries['AAAA']))) {
+					unset($required_entries['A'][md5($crecord)]);
+					unset($required_entries['AAAA'][md5($crecord)]);
+				}
+			}
+			// also allow overriding of auto-generated values (imap,pop3,mail,smtp) if enabled in the settings
+			if (Settings::Get('system.dns_createmailentry')) {
+			    foreach (array(
+			        'imap',
+			        'pop3',
+			        'mail',
+			        'smtp'
+			    ) as $crecord) {
+			        if ($entry['type'] == 'CNAME' && $entry['record'] == $crecord && (array_key_exists(md5($crecord), $required_entries['A']) || array_key_exists(md5($crecord), $required_entries['AAAA']))) {
+			            unset($required_entries['A'][md5($crecord)]);
+			            unset($required_entries['AAAA'][md5($crecord)]);
+			        }
 			    }
 			}
 			$zonerecords[] = new DnsEntry($entry['record'], $entry['type'], $entry['content'], $entry['prio'], $entry['ttl']);
@@ -324,11 +338,28 @@ class Dns
 						foreach ($records as $record) {
 							if ($record == '@CAA@') {
 								$caa_entries = explode(PHP_EOL, Settings::Get('caa.caa_entry'));
+								$caa_domain = "letsencrypt.org";
+								if (Settings::Get('system.letsencryptca') == 'buypass' || Settings::Get('system.letsencryptca') == 'buypass_test') {
+									$caa_domain = "buypass.com";
+								}
 								if ($domain['letsencrypt'] == 1) {
-									$le_entry = $domain['iswildcarddomain'] == '1' ? '0 issuewild "letsencrypt.org"' : '0 issue "letsencrypt.org"';
+									if (Settings::Get('system.letsencryptca') == 'zerossl') {
+										$caa_domains = [
+											"sectigo.com",
+											"trust-provider.com",
+											"usertrust.com",
+											"comodoca.com",
+											"comodo.com"
+										];
+										foreach ($caa_domains as $caa_domain) {
+											$le_entry = $domain['iswildcarddomain'] == '1' ? '0 issuewild "' . $caa_domain . '"' : '0 issue "' . $caa_domain . '"';
 											array_push($caa_entries, $le_entry);
 										}
-
+									} else {
+										$le_entry = $domain['iswildcarddomain'] == '1' ? '0 issuewild "' . $caa_domain . '"' : '0 issue "' . $caa_domain . '"';
+										array_push($caa_entries, $le_entry);
+									}
+								}
 								foreach ($caa_entries as $entry) {
 									if (empty($entry)) continue;
 									$zonerecords[] = new DnsEntry('@', 'CAA', $entry);
@@ -372,7 +403,7 @@ class Dns
 			$soa_content = $primary_ns . " " . self::escapeSoaAdminMail($soa_email) . " ";
 			$soa_content .= $domain['bindserial'] . " ";
 			// TODO for now, dummy time-periods
-			$soa_content .= "3600 900 604800 " . (int) Settings::Get('system.defaultttl');
+			$soa_content .= "3600 900 1209600 1200";
 
 			$soa_record = new DnsEntry('@', 'SOA', $soa_content);
 			array_unshift($zonerecords, $soa_record);

lib/Froxlor/Dns/PowerDNS.php

@@ -62,6 +62,11 @@ class PowerDNS
 		} else {
 			$dbconf["dsn"]['host'] = $mysql_data['gmysql-host'];
 			$dbconf["dsn"]['port'] = $mysql_data['gmysql-port'];
+
+			if (!empty($mysql_data['gmysql-ssl-ca-file'])) {
+				$options[\PDO::MYSQL_ATTR_SSL_CA] = $mysql_data['gmysql-ssl-ca-file'];
+				$options[\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool) $mysql_data['gmysql-ssl-verify-server-certificate'];
+			}
 		}
 
 		// add options to dsn-string

lib/Froxlor/Domain/Domain.php

@@ -340,7 +340,7 @@ class Domain
 				// run remove command
 				\Froxlor\FileDir::safe_exec($acmesh . $params);
 				// remove certificates directory
-				@unlink($certificate_folder);
+				\Froxlor\FileDir::safe_exec('rm -rf ' . $certificate_folder);
 			}
 		}
 		return true;

lib/Froxlor/FileDir.php

@@ -370,7 +370,7 @@ class FileDir
 	 * @param
 	 *        	integer uid The uid which must match the found directories
 	 * @param
-	 *        	integer gid The gid which must match the found direcotries
+	 *        	integer gid The gid which must match the found directories
 	 * @param
 	 *        	string value the value for the input-field
 	 *        	
@@ -461,7 +461,7 @@ class FileDir
 	 * @param int $uid
 	 *        	the uid which must match the found directories
 	 * @param int $gid
-	 *        	the gid which must match the found direcotries
+	 *        	the gid which must match the found directories
 	 *        	
 	 * @return array Array of found valid paths
 	 */

lib/Froxlor/Froxlor.php

@@ -7,10 +7,10 @@ final class Froxlor
 {
 
 	// Main version variable
-	const VERSION = '0.10.26';
+	const VERSION = '0.10.29';
 
 	// Database version (YYYYMMDDC where C is a daily counter)
-	const DBVERSION = '202103240';
+	const DBVERSION = '202109040';
 
 	// Distribution branding-tag (used for Debian etc.)
 	const BRANDING = '';
@@ -202,6 +202,30 @@ final class Froxlor
 		return false;
 	}
 
+	/**
+	 * generate safe unique session id
+	 *
+	 * @param int $length
+	 * @return string
+	 */
+	public static function genSessionId(int $length = 16)
+	{
+		if(!isset($length) || intval($length) <= 8 ){
+			$length = 16;
+		}
+		if (function_exists('random_bytes')) {
+			return bin2hex(random_bytes($length));
+		}
+		if (function_exists('mcrypt_create_iv')) {
+			return bin2hex(mcrypt_create_iv($length, MCRYPT_DEV_URANDOM));
+		}
+		if (function_exists('openssl_random_pseudo_bytes')) {
+			return bin2hex(openssl_random_pseudo_bytes($length));
+		}
+		// if everything else fails, use unsafe fallback
+		return md5(uniqid(microtime(), 1));
+	}
+
 	/**
 	 * compare of froxlor versions
 	 *

lib/Froxlor/FroxlorLogger.php

@@ -157,7 +157,7 @@ class FroxlorLogger
 			echo "[" . $this->getLogLevelDesc($type) . "] " . $text . PHP_EOL;
 		}
 
-		// warnings, errors and critical mesages WILL be logged
+		// warnings, errors and critical messages WILL be logged
 		if (Settings::Get('logger.log_cron') == '0' && $action == \Froxlor\FroxlorLogger::CRON_ACTION && $type > LOG_WARNING) {
 			return;
 		}

lib/Froxlor/PhpHelper.php

@@ -241,10 +241,14 @@ class PhpHelper
 		$ips = array();
 		foreach ($dns as $record) {
 			if ($record["type"] == "A") {
-				$ips[] = $record["ip"];
+				// always use compressed ipv6 format
+				$ip = inet_ntop(inet_pton($record["ip"]));
+				$ips[] = $ip;
 			}
 			if ($record["type"] == "AAAA") {
-				$ips[] = $record["ipv6"];
+				// always use compressed ipv6 format
+				$ip = inet_ntop(inet_pton($record["ipv6"]));
+				$ips[] = $ip;
 			}
 		}
 		if (count($ips) < 1) {

lib/Froxlor/SImExporter.php

@@ -60,6 +60,13 @@ class SImExporter
 
 	public static function export()
 	{
+	    $settings_definitions = [];
+	    foreach (\Froxlor\PhpHelper::loadConfigArrayDir('./actions/admin/settings/')['groups'] AS $group) {
+            foreach ($group['fields'] AS $field) {
+                $settings_definitions[$field['settinggroup']][$field['varname']] = $field;
+            }
+        }
+
 		$result_stmt = Database::query("
 			SELECT * FROM `" . TABLE_PANEL_SETTINGS . "` ORDER BY `settingid` ASC
 		");
@@ -69,13 +76,26 @@ class SImExporter
 			if (! in_array($index, self::$no_export)) {
 				$_data[$index] = $row['value'];
 			}
+
+			if (array_key_exists($row['settinggroup'], $settings_definitions) && array_key_exists($row['varname'], $settings_definitions[$row['settinggroup']])) {
+			    // Export image file
+			    if ($settings_definitions[$row['settinggroup']][$row['varname']]['type'] === "image") {
+			        if ($row['value'] === "") {
+			            continue;
                     }
+
+			        $_data[$index.'.image_data'] = base64_encode(file_get_contents(explode('?', $row['value'], 2)[0]));
+                }
+            }
+		}
+
 		// add checksum for validation
 		$_data['_sha'] = sha1(var_export($_data, true));
 		$_export = json_encode($_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
 		if (! $_export) {
 			throw new \Exception("Error exporting settings: " . json_last_error_msg());
 		}
+
 		return $_export;
 	}
 
@@ -98,7 +118,7 @@ class SImExporter
 			if ($_sha != sha1(var_export($_data, true))) {
 				throw new \Exception("SHA check of import data failed. Unable to import.");
 			}
-			// do not import version info - but we need that to possibily update settings
+			// do not import version info - but we need that to possibly update settings
 			// when there were changes in the variable-name or similar
 			unset($_data['panel.version']);
 			unset($_data['panel.db_version']);
@@ -120,6 +140,26 @@ class SImExporter
 			}
 			// store new data
 			foreach ($_data as $index => $value) {
+                $index_split = explode('.', $index, 3);
+
+			    // Catch image_data and save it
+                if (isset($index_split[2]) && $index_split[2] === 'image_data' && !empty($_data[$index_split[0].'.'.$index_split[1]])) {
+                    $path = \Froxlor\Froxlor::getInstallDir().'/img/';
+                    if (!is_dir($path) && !mkdir($path, '0775')) {
+                        throw new \Exception("img directory does not exist and cannot be created");
+                    }
+
+                    // Make sure we can write to the upload directory
+                    if (!is_writable($path)) {
+                        if (!chmod($path, '0775')) {
+                            throw new \Exception("Cannot write to img directory");
+                        }
+                    }
+
+                    file_put_contents(\Froxlor\Froxlor::getInstallDir() . '/' . explode('?', $_data[$index_split[0].'.'.$index_split[1]], 2)[0], base64_decode($value));
+                    continue;
+                }
+
 				Settings::Set($index, $value);
 			}
 			// save to DB

lib/Froxlor/Settings/Store.php

@@ -367,4 +367,67 @@ class Store
 
 		return $returnvalue;
 	}
+
+	public static function storeSettingImage($fieldname, $fielddata)
+    {
+        if (isset($fielddata['settinggroup'], $fielddata['varname']) && is_array($fielddata) && $fielddata['settinggroup'] !== '' && $fielddata['varname'] !== '') {
+            $save_to = null;
+            $path = \Froxlor\Froxlor::getInstallDir().'/img/';
+
+            // New file?
+            if (isset($_FILES[$fieldname]) && $_FILES[$fieldname]['tmp_name']) {
+                // Make sure upload directory exists
+                if (!is_dir($path) && !mkdir($path, '0775')) {
+                    throw new \Exception("img directory does not exist and cannot be created");
+                }
+
+                // Make sure we can write to the upload directory
+                if (!is_writable($path)) {
+                    if (!chmod($path, '0775')) {
+                        throw new \Exception("Cannot write to img directory");
+                    }
+                }
+
+                // Make sure mime-type matches an image
+                if (!in_array(mime_content_type($_FILES[$fieldname]['tmp_name']), ['image/jpeg','image/jpg','image/png','image/gif'])) {
+                    throw new \Exception("Uploaded file not a valid image");
+                }
+
+                // Determine file extension
+                $spl = explode('.', $_FILES[$fieldname]['name']);
+                $file_extension = strtolower(array_pop($spl));
+                unset($spl);
+
+                // Move file
+                if (!move_uploaded_file($_FILES[$fieldname]['tmp_name'], $path.$fielddata['image_name'].'.'.$file_extension)) {
+                    throw new \Exception("Unable to save image to img folder");
+                }
+
+                $save_to = 'img/'.$fielddata['image_name'].'.'.$file_extension.'?v='.time();
+            }
+
+            // Delete file?
+            if ($fielddata['value'] !== "" && array_key_exists($fieldname.'_delete', $_POST) && $_POST[$fieldname.'_delete']) {
+                @unlink(\Froxlor\Froxlor::getInstallDir() . '/' . explode('?', $fielddata['value'], 2)[0]);
+                $save_to = '';
+            }
+
+            // Nothing changed
+            if ($save_to === null) {
+                return array(
+                    $fielddata['settinggroup'] . '.' . $fielddata['varname'] => $fielddata['value']
+                );
+            }
+
+            if (Settings::Set($fielddata['settinggroup'] . '.' . $fielddata['varname'], $save_to) === false) {
+                return false;
+            }
+
+            return array(
+                $fielddata['settinggroup'] . '.' . $fielddata['varname'] => $save_to
+            );
+        }
+
+        return false;
+    }
 }

lib/Froxlor/System/Crypt.php

@@ -59,20 +59,20 @@ class Crypt
 	}
 
 	/**
-	 * Make crypted password from clear text password
+	 * Make encrypted password from clear text password
 	 *
 	 * @author Michal Wojcik <m.wojcik@sonet3.pl>
 	 * @author Michael Kaufmann <mkaufmann@nutime.de>
 	 * @author Froxlor team <team@froxlor.org> (2010-)
 	 *        
-	 *         0 - default crypt (depenend on system configuration)
+	 *         0 - default crypt (depends on system configuration)
 	 *         1 - MD5 $1$
 	 *         2 - BLOWFISH $2y$07$
 	 *         3 - SHA-256 $5$ (default)
 	 *         4 - SHA-512 $6$
 	 *        
 	 * @param string $password
-	 *        	Password to be crypted
+	 *        	Password to be encrypted
 	 * @param bool $htpasswd
 	 *        	optional whether to generate a SHA1 password for directory protection
 	 *        	

lib/Froxlor/System/Mailer.php

@@ -7,7 +7,7 @@ class Mailer extends \PHPMailer\PHPMailer\PHPMailer
 {
 
 	/**
-	 * class construtor
+	 * class constructor
 	 *
 	 * @param string $exceptions
 	 *        	whether to throw exceptions or not

lib/Froxlor/UI/Data.php

@@ -52,6 +52,12 @@ class Data
 		return $newfieldvalue;
 	}
 
+	public static function getFormFieldDataImage($fieldname, $fielddata, $input)
+    {
+        // We always make the system think we have new data to trigger the save function where we actually check everything
+        return time();
+    }
+
 	public static function manipulateFormFieldDataDate($fieldname, $fielddata, $newfieldvalue)
 	{
 		if (isset($fielddata['date_timestamp']) && $fielddata['date_timestamp'] === true) {

lib/Froxlor/UI/Fields.php

@@ -89,6 +89,15 @@ class Fields
 		return $returnvalue;
 	}
 
+    public static function getFormFieldOutputImage($fieldname, $fielddata, $do_show = true)
+    {
+        global $lng;
+        $label = $fielddata['label'];
+        $value = htmlentities($fielddata['value']);
+        eval("\$returnvalue = \"" . \Froxlor\UI\Template::getTemplate("formfields/image", true) . "\";");
+        return $returnvalue;
+    }
+
 	public static function getFormFieldOutputDate($fieldname, $fielddata, $do_show = true)
 	{
 		if (isset($fielddata['date_timestamp']) && $fielddata['date_timestamp'] === true) {

lib/Froxlor/User.php

@@ -77,7 +77,7 @@ class User
 	}
 
 	/**
-	 * Function which updates all counters of used ressources in panel_admins and panel_customers
+	 * Function which updates all counters of used resources in panel_admins and panel_customers
 	 *
 	 * @param bool $returndebuginfo
 	 *        	Set to true to get an array with debug information
@@ -237,7 +237,7 @@ class User
 			$admin_domains = Database::pexecute_first($admin_domains_stmt, array(
 				"aid" => $admin['adminid']
 			));
-			// substract the amount of domains that are std-subdomains later when we iterated through all customers and know for sure
+			// subtract the amount of domains that are std-subdomains later when we iterated through all customers and know for sure
 			$admin['domains_used_new'] = $admin_domains['number_domains'];
 			// set current admin
 			$cur_adm = $admin['adminid'];

lib/Froxlor/Validate/Check.php

@@ -74,7 +74,7 @@ class Check
 
 	public static function checkMysqlAccessHost($fieldname, $fielddata, $newfieldvalue, $allnewfieldvalues)
 	{
-		$mysql_access_host_array = array_map('trim', explode(',', $newfieldvalue));
+		$mysql_access_host_array = array_unique(array_map('trim', explode(',', $newfieldvalue)));
 
 		foreach ($mysql_access_host_array as $host_entry) {
 			if (Validate::validate_ip2($host_entry, true, 'invalidip', true, true, true, true, false) == false && Validate::validateDomain($host_entry) == false && Validate::validateLocalHostname($host_entry) == false && $host_entry != '%') {
@@ -207,4 +207,30 @@ class Check
 		}
 		return $returnvalue;
 	}
+
+	public static function checkLocalGroup($fieldname, $fielddata, $newfieldvalue, $allnewfieldvalues)
+	{
+		if (empty($newfieldvalue) || $fielddata == $newfieldvalue) {
+			$returnvalue = [
+				self::FORMFIELDS_PLAUSIBILITY_CHECK_OK
+			];
+		} elseif (function_exists('posix_getgrnam') && posix_getgrnam($newfieldvalue) == false) {
+			if (Validate::validateUsername($newfieldvalue, Settings::Get('panel.unix_names'), 32)) {
+				$returnvalue = [
+					self::FORMFIELDS_PLAUSIBILITY_CHECK_OK
+				];
+			} else {
+				$returnvalue = [
+					self::FORMFIELDS_PLAUSIBILITY_CHECK_ERROR,
+					'local_group_invalid'
+				];
+			}
+		} else {
+			$returnvalue = [
+				self::FORMFIELDS_PLAUSIBILITY_CHECK_ERROR,
+				'local_group_exists'
+			];
+		}
+		return $returnvalue;
+	}
 }

lib/configfiles/bionic.xml

@@ -388,7 +388,7 @@ exit "$RETVAL"
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
+# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -917,6 +917,8 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>
@@ -931,7 +933,7 @@ gmysql-password=
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 # allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
+# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -2228,7 +2230,7 @@ debugger_command =
 #	>$config_directory/$process_name.$process_id.log & sleep 5
 #
 # Another possibility is to run gdb under a detached screen session.
-# To attach to the screen sesssion, su root and run "screen -r
+# To attach to the screen session, su root and run "screen -r
 # <id_string>" where <id_string> uniquely matches one of the detached
 # sessions (from "screen -list").
 #
@@ -2642,7 +2644,7 @@ driver = mysql
 # settings, like: host=sql1.host.org host=sql2.host.org
 #
 # pgsql:
-#   For available options, see the PostgreSQL documention for the
+#   For available options, see the PostgreSQL documentation for the
 #   PQconnectdb function of libpq.
 #   Use maxconns=n (default 5) to change how many connections Dovecot can
 #   create to pgsql.
@@ -2745,7 +2747,7 @@ user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir
 password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve')))
 
 # Query to get a list of all usernames.
-#iterate_query = SELECT username AS user FROM users
+iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)"
 ]]>
 							</content>
 						</file>
@@ -3707,7 +3709,7 @@ protocol sieve {
 #
 # If you want UIDL compatibility with other POP3 servers, use:
 #  UW's ipop3d         : %08Xv%08Xu
-#  Courier             : %f or %v-%u (both might be used simultaneosly)
+#  Courier             : %f or %v-%u (both might be used simultaneously)
 #  Cyrus (<= 2.1.3)    : %u
 #  Cyrus (>= 2.1.4)    : %v.%u
 #  Dovecot v0.99.x     : %v.%u
@@ -3965,7 +3967,7 @@ Port				21
 # PassivePorts                  49152 65534
 
 # If your host was NATted, this option is useful in order to
-# allow passive tranfers to work. You have to use your public
+# allow passive transfers to work. You have to use your public
 # address and opening the passive ports used on your firewall as well.
 # MasqueradeAddress		1.2.3.4
 
@@ -3990,7 +3992,7 @@ Group				nogroup
 # Umask 022 is a good standard umask to prevent new files and dirs
 # (second parm) from being group and world writable.
 Umask				022  022
-# Normally, we want files to be overwriteable.
+# Normally, we want files to be overwritable.
 AllowOverwrite			on
 
 # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
@@ -4237,7 +4239,7 @@ SQLBackend	mysql
 SQLEngine on
 SQLAuthenticate on
 #
-# Use both a crypted or plaintext password
+# Use both an encrypted or plaintext password
 SQLAuthTypes Crypt
 
 SQLAuthenticate users* groups*
@@ -4295,7 +4297,7 @@ TLSVerifyClient                         off
 #TLSRequired                             on
 
 # Allow SSL/TLS renegotiations when the client requests them, but
-# do not force the renegotations.  Some clients do not support
+# do not force the renegotiations.  Some clients do not support
 # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
 # clients will close the data connection, or there will be a timeout
 # on an idle data connection.
@@ -4595,7 +4597,7 @@ aliases:     files
 						chmod="0644">
 						<content><![CDATA[
 #
-# Froxlor logrotate snipet
+# Froxlor logrotate snippet
 #
 <CUSTOMER_LOGS>*.log {
   missingok

lib/configfiles/buster.xml

@@ -377,7 +377,7 @@ exit "$RETVAL"
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
+# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -891,6 +891,8 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>
@@ -905,7 +907,7 @@ gmysql-password=
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 # allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
+# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -2187,7 +2189,7 @@ debugger_command =
 #	>$config_directory/$process_name.$process_id.log & sleep 5
 #
 # Another possibility is to run gdb under a detached screen session.
-# To attach to the screen sesssion, su root and run "screen -r
+# To attach to the screen session, su root and run "screen -r
 # <id_string>" where <id_string> uniquely matches one of the detached
 # sessions (from "screen -list").
 #
@@ -2707,7 +2709,7 @@ user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir
 password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve')))
 
 # Query to get a list of all usernames.
-#iterate_query = SELECT username AS user FROM mail_users
+iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)"
 ]]>
 							</content>
 						</file>
@@ -4167,7 +4169,7 @@ Port				21
 # PassivePorts                  49152 65534
 
 # If your host was NATted, this option is useful in order to
-# allow passive tranfers to work. You have to use your public
+# allow passive transfers to work. You have to use your public
 # address and opening the passive ports used on your firewall as well.
 # MasqueradeAddress		1.2.3.4
 
@@ -4192,7 +4194,7 @@ Group				nogroup
 # Umask 022 is a good standard umask to prevent new files and dirs
 # (second parm) from being group and world writable.
 Umask				022  022
-# Normally, we want files to be overwriteable.
+# Normally, we want files to be overwritable.
 AllowOverwrite			on
 
 # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
@@ -4439,7 +4441,7 @@ SQLBackend	mysql
 SQLEngine on
 SQLAuthenticate on
 #
-# Use both a crypted or plaintext password
+# Use both an encrypted or plaintext password
 SQLAuthTypes Crypt
 
 SQLAuthenticate users* groups*
@@ -4497,7 +4499,7 @@ TLSVerifyClient                         off
 #TLSRequired                             on
 
 # Allow SSL/TLS renegotiations when the client requests them, but
-# do not force the renegotations.  Some clients do not support
+# do not force the renegotiations.  Some clients do not support
 # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
 # clients will close the data connection, or there will be a timeout
 # on an idle data connection.
@@ -4797,7 +4799,7 @@ aliases:     files
 						chmod="0644">
 						<content><![CDATA[
 #
-# Froxlor logrotate snipet
+# Froxlor logrotate snippet
 #
 <CUSTOMER_LOGS>*.log {
   missingok

lib/configfiles/centos7.xml

@@ -226,7 +226,7 @@ query = SELECT gid FROM mail_users WHERE email = '%s'
 # FQDN from Froxlor
 mydomain = <SERVERNAME>
 
-# set myhostname to $mydomain because Froxlor alrady uses a FQDN
+# set myhostname to $mydomain because Froxlor already uses a FQDN
 myhostname = $mydomain
 
 mydestination = $myhostname,
@@ -1536,7 +1536,7 @@ protocol sieve {
 #
 # If you want UIDL compatibility with other POP3 servers, use:
 #  UW's ipop3d         : %08Xv%08Xu
-#  Courier             : %f or %v-%u (both might be used simultaneosly)
+#  Courier             : %f or %v-%u (both might be used simultaneously)
 #  Cyrus (<= 2.1.3)    : %u
 #  Cyrus (>= 2.1.4)    : %v.%u
 #  Dovecot v0.99.x     : %v.%u
@@ -1754,7 +1754,7 @@ driver = mysql
 # settings, like: host=sql1.host.org host=sql2.host.org
 #
 # pgsql:
-#   For available options, see the PostgreSQL documention for the
+#   For available options, see the PostgreSQL documentation for the
 #   PQconnectdb function of libpq.
 #   Use maxconns=n (default 5) to change how many connections Dovecot can
 #   create to pgsql.
@@ -1857,8 +1857,7 @@ user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir
 #  FROM users WHERE userid = '%u'
 
 # Query to get a list of all usernames.
-#iterate_query = SELECT username AS user FROM users
-iterate_query = SELECT username AS user FROM mail_users
+iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)"
 ]]>
 						</content>
 					</file>
@@ -2237,7 +2236,7 @@ ControlsLog			/var/log/proftpd/controls.log
   DefaultRoot ~
 # Reject rootlogin (just for security)
   RootLogin off
-# Noo need to require valid shell, because user is virtual
+# No need to require valid shell, because user is virtual
   RequireValidShell off
 </Global>
 
@@ -2447,7 +2446,7 @@ aliases:	files nisplus
 						</content>
 					</file>
 					<command><![CDATA[systemctl reload-or-restart nscd.service]]></command>
-					<!-- clear group chache -->
+					<!-- clear group cache -->
 					<command><![CDATA[nscd --invalidate=group]]></command>
 				</daemon>
 				<!-- Logrotate -->
@@ -2457,7 +2456,7 @@ aliases:	files nisplus
 						chmod="0644">
 						<content><![CDATA[
 #
-# Froxlor logrotate snipet
+# Froxlor logrotate snippet
 #
 <CUSTOMER_LOGS>*.log {
   missingok

lib/configfiles/centos8.xml

@@ -227,7 +227,7 @@ query = SELECT gid FROM mail_users WHERE email = '%s'
 # FQDN from Froxlor
 mydomain = <SERVERNAME>
 
-# set myhostname to $mydomain because Froxlor alrady uses a FQDN
+# set myhostname to $mydomain because Froxlor already uses a FQDN
 myhostname = $mydomain
 
 mydestination = $myhostname,
@@ -1537,7 +1537,7 @@ protocol sieve {
 #
 # If you want UIDL compatibility with other POP3 servers, use:
 #  UW's ipop3d         : %08Xv%08Xu
-#  Courier             : %f or %v-%u (both might be used simultaneosly)
+#  Courier             : %f or %v-%u (both might be used simultaneously)
 #  Cyrus (<= 2.1.3)    : %u
 #  Cyrus (>= 2.1.4)    : %v.%u
 #  Dovecot v0.99.x     : %v.%u
@@ -1755,7 +1755,7 @@ driver = mysql
 # settings, like: host=sql1.host.org host=sql2.host.org
 #
 # pgsql:
-#   For available options, see the PostgreSQL documention for the
+#   For available options, see the PostgreSQL documentation for the
 #   PQconnectdb function of libpq.
 #   Use maxconns=n (default 5) to change how many connections Dovecot can
 #   create to pgsql.
@@ -1859,7 +1859,7 @@ user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir
 
 # Query to get a list of all usernames.
 #iterate_query = SELECT username AS user FROM users
-iterate_query = SELECT username AS user FROM mail_users
+iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)"
 ]]>
 						</content>
 					</file>
@@ -2238,7 +2238,7 @@ ControlsLog			/var/log/proftpd/controls.log
   DefaultRoot ~
 # Reject rootlogin (just for security)
   RootLogin off
-# Noo need to require valid shell, because user is virtual
+# No need to require valid shell, because user is virtual
   RequireValidShell off
 </Global>
 
@@ -2449,7 +2449,7 @@ aliases:	files nisplus
 						</content>
 					</file>
 					<command><![CDATA[systemctl reload-or-restart nscd.service]]></command>
-					<!-- clear group chache -->
+					<!-- clear group cache -->
 					<command><![CDATA[nscd --invalidate=group]]></command>
 				</daemon>
 				<!-- Logrotate -->
@@ -2459,7 +2459,7 @@ aliases:	files nisplus
 						chmod="0644">
 						<content><![CDATA[
 #
-# Froxlor logrotate snipet
+# Froxlor logrotate snippet
 #
 <CUSTOMER_LOGS>*.log {
   missingok

lib/configfiles/focal.xml

@@ -74,7 +74,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/apache2 restart]]></command>
+					<command><![CDATA[service apache2 restart]]></command>
 				</daemon>
 				<!-- HTTP Lighttpd -->
 				<daemon name="lighttpd" title="LigHTTPd">
@@ -138,7 +138,7 @@ include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
 					</command>
 					<command><![CDATA[lighty-disable-mod cgi]]></command>
 					<command><![CDATA[lighty-disable-mod fastcgi]]></command>
-					<command><![CDATA[/etc/init.d/lighttpd restart]]></command>
+					<command><![CDATA[service lighttpd restart]]></command>
 				</daemon>
 				<!-- HTTP Nginx -->
 				<daemon name="nginx" title="nginx">
@@ -354,7 +354,6 @@ exit "$RETVAL"
 						</visibility>
 						<content><![CDATA[/etc/init.d/php-fcgi restart]]></content>
 					</command>
-					<command><![CDATA[/etc/init.d/nginx restart]]></command>
 				</daemon>
 			</service>
 			<!--DNS -->
@@ -366,7 +365,7 @@ exit "$RETVAL"
 					<command><![CDATA[touch {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
 					<command><![CDATA[chown bind:0 {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
 					<command><![CDATA[chmod 0644 {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
-					<command><![CDATA[/etc/init.d/bind9 restart]]></command>
+					<command><![CDATA[service bind9 restart]]></command>
 				</daemon>
 				<daemon name="powerdns" title="PowerDNS (standalone)">
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
@@ -376,7 +375,7 @@ exit "$RETVAL"
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
+# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -905,10 +904,12 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/pdns restart]]></command>
+					<command><![CDATA[service pdns restart]]></command>
 				</daemon>
 				<daemon name="powerdns_bind"
 					title="PowerDNS via bind-backend">
@@ -919,7 +920,7 @@ gmysql-password=
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 # allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
+# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -1455,7 +1456,7 @@ bind-check-interval=180
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/pdns restart]]></command>
+					<command><![CDATA[service pdns restart]]></command>
 				</daemon>
 			</service>
 			<!-- SMTP services -->
@@ -1578,7 +1579,7 @@ root:               root@<SERVERNAME>
 					</files>
 					<commands index="3">
 						<command><![CDATA[newaliases]]></command>
-						<command><![CDATA[/etc/init.d/postfix restart]]></command>
+						<command><![CDATA[service postfix restart]]></command>
 					</commands>
 				</general>
 				<!-- postfix with dovecot -->
@@ -2059,7 +2060,7 @@ driver = mysql
 # settings, like: host=sql1.host.org host=sql2.host.org
 #
 # pgsql:
-#   For available options, see the PostgreSQL documention for the
+#   For available options, see the PostgreSQL documentation for the
 #   PQconnectdb function of libpq.
 #   Use maxconns=n (default 5) to change how many connections Dovecot can
 #   create to pgsql.
@@ -2162,7 +2163,7 @@ user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir
 password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve')))
 
 # Query to get a list of all usernames.
-#iterate_query = SELECT username AS user FROM users
+iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)"
 ]]>
 							</content>
 						</file>
@@ -3124,7 +3125,7 @@ protocol sieve {
 #
 # If you want UIDL compatibility with other POP3 servers, use:
 #  UW's ipop3d         : %08Xv%08Xu
-#  Courier             : %f or %v-%u (both might be used simultaneosly)
+#  Courier             : %f or %v-%u (both might be used simultaneously)
 #  Cyrus (<= 2.1.3)    : %u
 #  Cyrus (>= 2.1.4)    : %v.%u
 #  Dovecot v0.99.x     : %v.%u
@@ -3299,7 +3300,7 @@ plugin {
 						</file>
 					</files>
 					<commands index="1">
-						<command><![CDATA[/etc/init.d/dovecot restart]]></command>
+						<command><![CDATA[service dovecot restart]]></command>
 					</commands>
 				</general>
 				<!-- Dovecot with postfix -->
@@ -3382,7 +3383,7 @@ Port				21
 # PassivePorts                  49152 65534
 
 # If your host was NATted, this option is useful in order to
-# allow passive tranfers to work. You have to use your public
+# allow passive transfers to work. You have to use your public
 # address and opening the passive ports used on your firewall as well.
 # MasqueradeAddress		1.2.3.4
 
@@ -3407,7 +3408,7 @@ Group				nogroup
 # Umask 022 is a good standard umask to prevent new files and dirs
 # (second parm) from being group and world writable.
 Umask				022  022
-# Normally, we want files to be overwriteable.
+# Normally, we want files to be overwritable.
 AllowOverwrite			on
 
 # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
@@ -3654,7 +3655,7 @@ SQLBackend	mysql
 SQLEngine on
 SQLAuthenticate on
 #
-# Use both a crypted or plaintext password
+# Use both an encrypted or plaintext password
 SQLAuthTypes Crypt
 
 SQLAuthenticate users* groups*
@@ -3712,7 +3713,7 @@ TLSVerifyClient                         off
 #TLSRequired                             on
 
 # Allow SSL/TLS renegotiations when the client requests them, but
-# do not force the renegotations.  Some clients do not support
+# do not force the renegotiations.  Some clients do not support
 # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
 # clients will close the data connection, or there will be a timeout
 # on an idle data connection.
@@ -3722,7 +3723,7 @@ TLSVerifyClient                         off
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/proftpd restart]]></command>
+					<command><![CDATA[service proftpd restart]]></command>
 				</daemon>
 				<!-- Pureftpd -->
 				<daemon name="pureftpd" title="PureFTPd">
@@ -3948,7 +3949,7 @@ UPLOADGID=
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/pure-ftpd-mysql restart]]></command>
+					<command><![CDATA[service pure-ftpd-mysql restart]]></command>
 				</daemon>
 			</service>
 			<!-- System tools/services -->
@@ -4020,7 +4021,7 @@ aliases:     files
 						chmod="0644">
 						<content><![CDATA[
 #
-# Froxlor logrotate snipet
+# Froxlor logrotate snippet
 #
 <CUSTOMER_LOGS>*.log {
   missingok
@@ -4088,7 +4089,7 @@ aliases:     files
 					<commands index="5">
 						<visibility mode="equals" value="apache2">{{settings.system.webserver}}
 						</visibility>
-						<command><![CDATA[/etc/init.d/apache2 restart]]></command>
+						<command><![CDATA[service apache2 restart]]></command>
 					</commands>
 					<!-- instead of just restarting apache, we let the cronjob do all the 
 						dirty work -->

lib/configfiles/gentoo.xml

@@ -398,7 +398,7 @@ mail	IN		A	<SERVERIP>
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
+# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -912,6 +912,8 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>
@@ -927,7 +929,7 @@ gmysql-password=
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
+# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -1587,7 +1589,7 @@ sendmail_path = /usr/sbin/sendmail
 # FQDN from Froxlor
 mydomain = <SERVERNAME>
 
-# set myhostname to $mydomain because Froxlor alrady uses a FQDN
+# set myhostname to $mydomain because Froxlor already uses a FQDN
 myhostname = $mydomain
 
 mydestination = $myhostname,
@@ -3762,7 +3764,7 @@ aliases:     files
 					</file>
 					<command><![CDATA[rc-update add nscd default]]></command>
 					<command><![CDATA[/etc/init.d/nscd restart]]></command>
-					<!-- clear group chache -->
+					<!-- clear group cache -->
 					<command><![CDATA[nscd --invalidate=group]]></command>
 				</daemon>
 				<!-- Logrotate -->
@@ -3772,7 +3774,7 @@ aliases:     files
 						chmod="0644">
 						<content><![CDATA[
 #
-# Froxlor logrotate snipet
+# Froxlor logrotate snippet
 #
 <CUSTOMER_LOGS>*.log {
   missingok

lib/configfiles/stretch.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <froxlor>
 	<distribution name="Debian" codename="Stretch"
-		version="9.x" defaulteditor="/bin/nano">
+		version="9.x" defaulteditor="/bin/nano" deprecated="true">
 		<services>
 			<!-- HTTP -->
 			<service type="http" title="{{lng.admin.configfiles.http}}">
@@ -377,7 +377,7 @@ exit "$RETVAL"
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
+# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -906,6 +906,8 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>
@@ -920,7 +922,7 @@ gmysql-password=
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 # allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
+# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -2217,7 +2219,7 @@ debugger_command =
 #	>$config_directory/$process_name.$process_id.log & sleep 5
 #
 # Another possibility is to run gdb under a detached screen session.
-# To attach to the screen sesssion, su root and run "screen -r
+# To attach to the screen session, su root and run "screen -r
 # <id_string>" where <id_string> uniquely matches one of the detached
 # sessions (from "screen -list").
 #
@@ -2631,7 +2633,7 @@ driver = mysql
 # settings, like: host=sql1.host.org host=sql2.host.org
 #
 # pgsql:
-#   For available options, see the PostgreSQL documention for the
+#   For available options, see the PostgreSQL documentation for the
 #   PQconnectdb function of libpq.
 #   Use maxconns=n (default 5) to change how many connections Dovecot can
 #   create to pgsql.
@@ -2734,7 +2736,7 @@ user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir
 password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve')))
 
 # Query to get a list of all usernames.
-#iterate_query = SELECT username AS user FROM users
+iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)"
 ]]>
 							</content>
 						</file>
@@ -3696,7 +3698,7 @@ protocol sieve {
 #
 # If you want UIDL compatibility with other POP3 servers, use:
 #  UW's ipop3d         : %08Xv%08Xu
-#  Courier             : %f or %v-%u (both might be used simultaneosly)
+#  Courier             : %f or %v-%u (both might be used simultaneously)
 #  Cyrus (<= 2.1.3)    : %u
 #  Cyrus (>= 2.1.4)    : %v.%u
 #  Dovecot v0.99.x     : %v.%u
@@ -3954,7 +3956,7 @@ Port				21
 # PassivePorts                  49152 65534
 
 # If your host was NATted, this option is useful in order to
-# allow passive tranfers to work. You have to use your public
+# allow passive transfers to work. You have to use your public
 # address and opening the passive ports used on your firewall as well.
 # MasqueradeAddress		1.2.3.4
 
@@ -3979,7 +3981,7 @@ Group				nogroup
 # Umask 022 is a good standard umask to prevent new files and dirs
 # (second parm) from being group and world writable.
 Umask				022  022
-# Normally, we want files to be overwriteable.
+# Normally, we want files to be overwritable.
 AllowOverwrite			on
 
 # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
@@ -4226,7 +4228,7 @@ SQLBackend	mysql
 SQLEngine on
 SQLAuthenticate on
 #
-# Use both a crypted or plaintext password
+# Use both an encrypted or plaintext password
 SQLAuthTypes Crypt
 
 SQLAuthenticate users* groups*
@@ -4284,7 +4286,7 @@ TLSVerifyClient                         off
 #TLSRequired                             on
 
 # Allow SSL/TLS renegotiations when the client requests them, but
-# do not force the renegotations.  Some clients do not support
+# do not force the renegotiations.  Some clients do not support
 # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
 # clients will close the data connection, or there will be a timeout
 # on an idle data connection.
@@ -4584,7 +4586,7 @@ aliases:     files
 						chmod="0644">
 						<content><![CDATA[
 #
-# Froxlor logrotate snipet
+# Froxlor logrotate snippet
 #
 <CUSTOMER_LOGS>*.log {
   missingok

lib/configfiles/xenial.xml

@@ -388,7 +388,7 @@ exit "$RETVAL"
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
+# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -917,6 +917,8 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>
@@ -931,7 +933,7 @@ gmysql-password=
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 # allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
+# add these entries to the list if any specified: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -2228,7 +2230,7 @@ debugger_command =
 #	>$config_directory/$process_name.$process_id.log & sleep 5
 #
 # Another possibility is to run gdb under a detached screen session.
-# To attach to the screen sesssion, su root and run "screen -r
+# To attach to the screen session, su root and run "screen -r
 # <id_string>" where <id_string> uniquely matches one of the detached
 # sessions (from "screen -list").
 #
@@ -2642,7 +2644,7 @@ driver = mysql
 # settings, like: host=sql1.host.org host=sql2.host.org
 #
 # pgsql:
-#   For available options, see the PostgreSQL documention for the
+#   For available options, see the PostgreSQL documentation for the
 #   PQconnectdb function of libpq.
 #   Use maxconns=n (default 5) to change how many connections Dovecot can
 #   create to pgsql.
@@ -2745,7 +2747,7 @@ user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir
 password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve')))
 
 # Query to get a list of all usernames.
-#iterate_query = SELECT username AS user FROM users
+iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)"
 ]]>
 							</content>
 						</file>
@@ -3707,7 +3709,7 @@ protocol sieve {
 #
 # If you want UIDL compatibility with other POP3 servers, use:
 #  UW's ipop3d         : %08Xv%08Xu
-#  Courier             : %f or %v-%u (both might be used simultaneosly)
+#  Courier             : %f or %v-%u (both might be used simultaneously)
 #  Cyrus (<= 2.1.3)    : %u
 #  Cyrus (>= 2.1.4)    : %v.%u
 #  Dovecot v0.99.x     : %v.%u
@@ -3965,7 +3967,7 @@ Port				21
 # PassivePorts                  49152 65534
 
 # If your host was NATted, this option is useful in order to
-# allow passive tranfers to work. You have to use your public
+# allow passive transfers to work. You have to use your public
 # address and opening the passive ports used on your firewall as well.
 # MasqueradeAddress		1.2.3.4
 
@@ -3990,7 +3992,7 @@ Group				nogroup
 # Umask 022 is a good standard umask to prevent new files and dirs
 # (second parm) from being group and world writable.
 Umask				022  022
-# Normally, we want files to be overwriteable.
+# Normally, we want files to be overwritable.
 AllowOverwrite			on
 
 # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
@@ -4237,7 +4239,7 @@ SQLBackend	mysql
 SQLEngine on
 SQLAuthenticate on
 #
-# Use both a crypted or plaintext password
+# Use both an encrypted or plaintext password
 SQLAuthTypes Crypt
 
 SQLAuthenticate users* groups*
@@ -4295,7 +4297,7 @@ TLSVerifyClient                         off
 #TLSRequired                             on
 
 # Allow SSL/TLS renegotiations when the client requests them, but
-# do not force the renegotations.  Some clients do not support
+# do not force the renegotiations.  Some clients do not support
 # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
 # clients will close the data connection, or there will be a timeout
 # on an idle data connection.
@@ -4595,7 +4597,7 @@ aliases:     files
 						chmod="0644">
 						<content><![CDATA[
 #
-# Froxlor logrotate snipet
+# Froxlor logrotate snippet
 #
 <CUSTOMER_LOGS>*.log {
   missingok

lib/formfields/admin/customer/formfield.customer_add.php

@@ -37,7 +37,7 @@ return array(
 							)
 						),
 						'value' => array(
-							'1'
+							\Froxlor\Settings::Get('system.createstdsubdom_default')
 						)
 					),
 					'store_defaultindex' => array(

lib/formfields/customer/mysql/formfield.mysql_add.php

@@ -1,5 +1,7 @@
 <?php
 
+use Froxlor\Settings;
+
 /**
  * This file is part of the Froxlor project.
  * Copyright (c) 2010 the Froxlor Team (see authors).
@@ -22,6 +24,11 @@ return array(
 				'title' => $lng['mysql']['database_create'],
 				'image' => 'icons/mysql_add.png',
 				'fields' => array(
+					'custom_suffix' => array(
+						'visible' => (strtoupper(Settings::Get('customer.mysqlprefix')) == 'DBNAME') ? true : false,
+						'label' => $lng['mysql']['databasename'],
+						'type' => 'text'
+					),
 					'description' => array(
 						'label' => $lng['mysql']['databasedescription'],
 						'type' => 'text'

lib/init.php

@@ -103,7 +103,7 @@ unset($_);
 unset($value);
 unset($key);
 
-$filename = htmlentities(basename($_SERVER['PHP_SELF']));
+$filename = htmlentities(basename($_SERVER['SCRIPT_NAME']));
 
 // check whether the userdata file exists
 if (! file_exists(\Froxlor\Froxlor::getInstallDir() . '/lib/userdata.inc.php')) {
@@ -161,7 +161,9 @@ $idna_convert = new \Froxlor\Idna\IdnaWrapper();
 /**
  * If Froxlor was called via HTTPS -> enforce it for the next time by settings HSTS header according to settings
  */
+$is_ssl = false;
 if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
+	$is_ssl = true;
 	$maxage = Settings::Get('system.hsts_maxage');
 	if (empty($maxage)) {
 		$maxage = 0;
@@ -217,6 +219,8 @@ if (isset($s) && $s != "" && $nosession != 1) {
 	ini_set("session.name", "s");
 	ini_set("url_rewriter.tags", "");
 	ini_set("session.use_cookies", false);
+	ini_set("session.cookie_httponly", true);
+	ini_set("session.cookie_secure", $is_ssl);
 	session_id($s);
 	session_start();
 	$query = "SELECT `s`.*, `u`.* FROM `" . TABLE_PANEL_SESSIONS . "` `s` LEFT JOIN `";
@@ -265,7 +269,7 @@ if (isset($s) && $s != "" && $nosession != 1) {
 }
 
 /**
- * Language Managament
+ * Language Management
  */
 $langs = array();
 $languages = array();
@@ -279,7 +283,7 @@ while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 	$langs[$row['language']][] = $row;
 	// check for row[iso] cause older froxlor
 	// versions didn't have that and it will
-	// lead to a lot of undfined variables
+	// lead to a lot of undefined variables
 	// before the admin can even update
 	if (isset($row['iso'])) {
 		$iso[$row['iso']] = $row['language'];
@@ -380,10 +384,23 @@ if (! array_key_exists('variants', $_themeoptions) || ! array_key_exists($themev
 
 // check for custom header-graphic
 $hl_path = 'templates/' . $theme . '/assets/img';
-$header_logo = $hl_path . '/logo.png';
 
-if (file_exists($hl_path . '/logo_custom.png')) {
+// default is theme-image
+$header_logo = $hl_path . '/logo.png';
+$header_logo_login = $hl_path . '/logo.png';
+
+if (Settings::Get('panel.logo_overridetheme') == 1 || Settings::Get('panel.logo_overridecustom') == 1) {
+	// logo settings shall overwrite theme logo and possible custom logo
+	$header_logo = Settings::Get('panel.logo_image_header') ?: $header_logo;
+	$header_logo_login = Settings::Get('panel.logo_image_login') ?: $header_logo_login;
+}
+if (Settings::Get('panel.logo_overridecustom') == 0 && file_exists($hl_path . '/logo_custom.png')) {
+	// custom theme image (logo_custom.png) is not being overwritten by logo_image_* setting
 	$header_logo = $hl_path . '/logo_custom.png';
+	$header_logo_login = $hl_path . '/logo_custom.png';
+	if (file_exists($hl_path . '/logo_custom_login.png')) {
+		$header_logo_login = $hl_path . '/logo_custom_login.png';
+	}
 }
 
 /**

lng/dutch.lng.php

@@ -558,10 +558,6 @@ $lng['traffic']['sumhttp'] = 'Samenvatting HTTP-verkeer in';
 $lng['traffic']['sumftp'] = 'Samenvatting FTP-verkeer in';
 $lng['traffic']['summail'] = 'Samenvatting Mail-verkeer in';
 
-// ADDED IN 1.2.19-svn4.5
-
-$lng['serversettings']['no_robots']['title'] = 'Zoekmachines toestaan uw Froxlor-installatie te indexeren';
-
 // ADDED IN 1.2.19-svn6
 
 $lng['admin']['loggersettings'] = 'Instellingen voor logs';
@@ -591,7 +587,7 @@ $lng['panel']['reseller'] = 'wederverkoper';
 $lng['panel']['admin'] = 'beheerder';
 $lng['panel']['customer'] = 'klant(en)';
 $lng['error']['nomessagetosend'] = 'U hebt geen bericht opgegeven.';
-$lng['error']['noreceipientsgiven'] = 'U hebt geen ontvanger opgegeven';
+$lng['error']['norecipientsgiven'] = 'U hebt geen ontvanger opgegeven';
 $lng['admin']['emaildomain'] = 'Emaildomein';
 $lng['admin']['email_only'] = 'Alleen email?';
 $lng['admin']['wwwserveralias'] = 'Voeg een "www." ServerAlias toe';
@@ -599,14 +595,14 @@ $lng['admin']['ipsandports']['enable_ssl'] = 'Is dit een SSL-poort?';
 $lng['admin']['ipsandports']['ssl_cert_file'] = 'Pad naar SSL-certificaat';
 $lng['panel']['send'] = 'verzenden';
 $lng['admin']['subject'] = 'Onderwerp';
-$lng['admin']['receipient'] = 'Ontvanger';
+$lng['admin']['recipient'] = 'Ontvanger';
 $lng['admin']['message'] = 'Bericht schrijven';
 $lng['admin']['text'] = 'Bericht';
 $lng['menu']['message'] = 'Berichten';
 $lng['error']['errorsendingmail'] = 'Het versturen van het bericht naar "%s" is mislukt';
 $lng['error']['cannotreaddir'] = 'De map "%s" kan niet gelezen worden';
 $lng['message']['success'] = 'Bericht verzonden naar ontvangers %s';
-$lng['message']['noreceipients'] = 'Er is geen email verstuurd omdat er geen ontvangers in de database zijn';
+$lng['message']['norecipients'] = 'Er is geen email verstuurd omdat er geen ontvangers in de database zijn';
 $lng['admin']['sslsettings'] = 'Instellingen voor SSL';
 $lng['cronjobs']['notyetrun'] = 'Nog niet uitgevoerd';
 $lng['serversettings']['default_vhostconf']['title'] = 'Standaard vhost-instellingen';

lng/english.lng.php

@@ -332,7 +332,7 @@ $lng['serversettings']['session_timeout']['description'] = 'How long does a user
 $lng['serversettings']['accountprefix']['title'] = 'Customer prefix';
 $lng['serversettings']['accountprefix']['description'] = 'Which prefix should customer accounts have?';
 $lng['serversettings']['mysqlprefix']['title'] = 'SQL Prefix';
-$lng['serversettings']['mysqlprefix']['description'] = 'Which prefix should MySQL accounts have?</br>Use "RANDOM" as value to get a 3-digit random prefix';
+$lng['serversettings']['mysqlprefix']['description'] = 'Which prefix should MySQL accounts have?</br>Use "RANDOM" as value to get a 3-digit random prefix</br>Use "DBNAME" as the value, a database name field is used together with the customer name as a prefix.';
 $lng['serversettings']['ftpprefix']['title'] = 'FTP Prefix';
 $lng['serversettings']['ftpprefix']['description'] = 'Which prefix should ftp accounts have?<br/><b>If you change this you also have to change the Quota SQL Query in your FTP Server config file in case you use it!</b> ';
 $lng['serversettings']['documentroot_prefix']['title'] = 'Home directory';
@@ -626,10 +626,6 @@ $lng['traffic']['sumhttp'] = 'Total HTTP-Traffic';
 $lng['traffic']['sumftp'] = 'Total FTP-Traffic';
 $lng['traffic']['summail'] = 'Total Mail-Traffic';
 
-// ADDED IN 1.2.19-svn4.5
-
-$lng['serversettings']['no_robots']['title'] = 'Allow searchengine-robots to index your Froxlor installation';
-
 // ADDED IN 1.2.19-svn6
 
 $lng['admin']['loggersettings'] = 'Log settings';
@@ -664,7 +660,7 @@ $lng['panel']['reseller'] = 'reseller';
 $lng['panel']['admin'] = 'admin';
 $lng['panel']['customer'] = 'customer/s';
 $lng['error']['nomessagetosend'] = 'You did not enter a message.';
-$lng['error']['noreceipientsgiven'] = 'You did not specify any recipient';
+$lng['error']['norecipientsgiven'] = 'You did not specify any recipient';
 $lng['admin']['emaildomain'] = 'Emaildomain';
 $lng['admin']['email_only'] = 'Only email?';
 $lng['admin']['wwwserveralias'] = 'Add a "www." ServerAlias';
@@ -672,14 +668,14 @@ $lng['admin']['ipsandports']['enable_ssl'] = 'Is this an SSL Port?';
 $lng['admin']['ipsandports']['ssl_cert_file'] = 'Path to the SSL Certificate';
 $lng['panel']['send'] = 'send';
 $lng['admin']['subject'] = 'Subject';
-$lng['admin']['receipient'] = 'Recipient';
+$lng['admin']['recipient'] = 'Recipient';
 $lng['admin']['message'] = 'Write a Message';
 $lng['admin']['text'] = 'Message';
 $lng['menu']['message'] = 'Messages';
 $lng['error']['errorsendingmail'] = 'The message to "%s" failed';
 $lng['error']['cannotreaddir'] = 'Unable to read directory "%s"';
 $lng['message']['success'] = 'Successfully sent message to %s recipients';
-$lng['message']['noreceipients'] = 'No e-mail has been sent because there are no recipients in the database';
+$lng['message']['norecipients'] = 'No e-mail has been sent because there are no recipients in the database';
 $lng['admin']['sslsettings'] = 'SSL settings';
 $lng['cronjobs']['notyetrun'] = 'Not yet run';
 $lng['serversettings']['default_vhostconf']['title'] = 'Default vHost-settings';
@@ -930,7 +926,7 @@ $lng['admin']['ipsandports']['default_vhostconf_domain'] = 'Default vHost-settin
 $lng['serversettings']['ssl']['ssl_key_file']['title'] = 'Path to the SSL Keyfile';
 $lng['serversettings']['ssl']['ssl_key_file']['description'] = 'Specify the path including the filename for the private-key file (.key mostly)';
 $lng['serversettings']['ssl']['ssl_ca_file']['title'] = 'Path to the SSL CA certificate (optional)';
-$lng['serversettings']['ssl']['ssl_ca_file']['description'] = 'Client authentification, set this only if you know what it is.';
+$lng['serversettings']['ssl']['ssl_ca_file']['description'] = 'Client authentication, set this only if you know what it is.';
 
 $lng['error']['usernamealreadyexists'] = 'The username %s already exists.';
 
@@ -1600,12 +1596,14 @@ $lng['serversettings']['panel_allow_theme_change_admin'] = 'Allow admins to chan
 $lng['serversettings']['panel_allow_theme_change_customer'] = 'Allow customers to change the theme';
 $lng['serversettings']['axfrservers']['title'] = 'AXFR servers';
 $lng['serversettings']['axfrservers']['description'] = 'A comma separated list of IP addresses allowed to transfer (AXFR) dns zones.';
+$lng['serversettings']['powerdns_mode']['title'] = 'PowerDNS Operation Mode';
+$lng['serversettings']['powerdns_mode']['description'] = 'Select the PoweDNS mode: Native for no replication (Default) / Master if DNS replication is needed.';
 $lng['panel']['ssleditor'] = 'SSL settings for this domain';
 $lng['admin']['ipsandports']['ssl_paste_description'] = 'Paste your complete certificate content in the textbox';
 $lng['admin']['ipsandports']['ssl_cert_file_content'] = 'Content of the ssl certificate';
 $lng['admin']['ipsandports']['ssl_key_file_content'] = 'Content of the ssl (private-) key file';
 $lng['admin']['ipsandports']['ssl_ca_file_content'] = 'Content of the ssl CA file (optional)';
-$lng['admin']['ipsandports']['ssl_ca_file_content_desc'] = '<br /><br />Client authentification, set this only if you know what it is.';
+$lng['admin']['ipsandports']['ssl_ca_file_content_desc'] = '<br /><br />Client authentication, set this only if you know what it is.';
 $lng['admin']['ipsandports']['ssl_cert_chainfile_content'] = 'Content of the certificate chain file (optional)';
 $lng['admin']['ipsandports']['ssl_cert_chainfile_content_desc'] = '<br /><br />Mostly CA_Bundle, or similar, you probably want to set this if you bought a SSL certificate.';
 $lng['error']['sslcertificateismissingprivatekey'] = 'You need to specify a private key for your certificate';
@@ -1615,7 +1613,7 @@ $lng['error']['sslcertificateinvalidcertkeypair'] = 'The given private-key does
 $lng['error']['sslcertificateinvalidca'] = 'The given CA certificate data does not seem to be a valid certificate';
 $lng['error']['sslcertificateinvalidchain'] = 'The given certificate chain data does not seem to be a valid certificate';
 $lng['serversettings']['customerssl_directory']['title'] = 'Webserver customer-ssl certificates-directory';
-$lng['serversettings']['customerssl_directory']['description'] = 'Where should customer-specified ssl-certificates be created?<br /><br /><div class="red">NOTE: This folder\'s content gets deleted regulary so avoid storing data in there manually.</div>';
+$lng['serversettings']['customerssl_directory']['description'] = 'Where should customer-specified ssl-certificates be created?<br /><br /><div class="red">NOTE: This folder\'s content gets deleted regularly so avoid storing data in there manually.</div>';
 $lng['admin']['phpfpm.ininote'] = 'Not all values you may want to define can be used in the php-fpm pool configuration';
 
 // Added in Froxlor 0.9.30
@@ -1832,15 +1830,15 @@ $lng['opcacheinfo']['false'] = '<i>false</i>';
 
 // Added for let's encrypt
 $lng['admin']['letsencrypt']['title'] = 'Use Let\'s Encrypt';
-$lng['admin']['letsencrypt']['description'] = 'Get a free certificate from <a href="https://letsencrypt.org">Let\'s Encrypt</a>. The certificate will be created and renewed automatically.<br><strong class="red">ATTENTION:</strong> If wildcards are enabled, this option will automatically be disabled. This feature is still in beta.';
+$lng['admin']['letsencrypt']['description'] = 'Get a free certificate from <a href="https://letsencrypt.org">Let\'s Encrypt</a>. The certificate will be created and renewed automatically.<br><strong class="red">ATTENTION:</strong> If wildcards are enabled, this option will automatically be disabled.';
 $lng['customer']['letsencrypt']['title'] = 'Use Let\'s Encrypt';
-$lng['customer']['letsencrypt']['description'] = 'Get a free certificate from <a href="https://letsencrypt.org">Let\'s Encrypt</a>. The certificate will be created and renewed automatically.<br><strong class="red">ATTENTION:</strong> This feature is still in beta.';
+$lng['customer']['letsencrypt']['description'] = 'Get a free certificate from <a href="https://letsencrypt.org">Let\'s Encrypt</a>. The certificate will be created and renewed automatically.';
 $lng['error']['sslredirectonlypossiblewithsslipport'] = 'Using Let\'s Encrypt is only possible when the domain has at least one ssl-enabled IP/port combination assigned.';
 $lng['error']['nowildcardwithletsencrypt'] = 'Let\'s Encrypt cannot handle wildcard-domains using ACME in froxlor (requires dns-challenge), sorry. Please set the ServerAlias to WWW or disable it completely';
 $lng['panel']['letsencrypt'] = 'Using Let\'s encrypt';
 $lng['crondesc']['cron_letsencrypt'] = 'updating Let\'s Encrypt certificates';
-$lng['serversettings']['letsencryptca']['title'] = "Let's Encrypt environment";
-$lng['serversettings']['letsencryptca']['description'] = "Environment to be used for Let's Encrypt certificates.";
+$lng['serversettings']['letsencryptca']['title'] = "ACME environment";
+$lng['serversettings']['letsencryptca']['description'] = "Environment to be used for Let's Encrypt / ZeroSSL certificates.";
 $lng['serversettings']['letsencryptcountrycode']['title'] = "Let's Encrypt country code";
 $lng['serversettings']['letsencryptcountrycode']['description'] = "2 letter country code used to generate Let's Encrypt certificates.";
 $lng['serversettings']['letsencryptstate']['title'] = "Let's Encrypt state";
@@ -1922,7 +1920,7 @@ $lng['dnseditor']['records'] = 'records';
 $lng['error']['dns_notfoundorallowed'] = 'Domain not found or no permission';
 $lng['serversettings']['dnseditorenable']['title'] = 'Enable DNS editor';
 $lng['serversettings']['dnseditorenable']['description'] = 'Allows admins and customer to manage domain dns entries';
-$lng['dns']['howitworks'] = 'Here you can manage DNS entries for your domain. Note that froxlor will automatically generate NS/MX/A/AAAA records for you. The custom entries are prefered, only missing entries will be automatically generated.';
+$lng['dns']['howitworks'] = 'Here you can manage DNS entries for your domain. Note that froxlor will automatically generate NS/MX/A/AAAA records for you. The custom entries are preferred, only missing entries will be automatically generated.';
 $lng['serversettings']['dns_server']['title'] = 'DNS server daemon';
 $lng['serversettings']['dns_server']['description'] = 'Remember that daemons have to be configured using froxlors configuration templates';
 
@@ -1997,7 +1995,7 @@ $lng['serversettings']['leapiversion']['title'] = "Choose Let's Encrypt ACME imp
 $lng['serversettings']['leapiversion']['description'] = "Currently only ACME v2 implementation for Let's Encrypt is supported.";
 $lng['admin']['phpsettings']['pass_authorizationheader'] = 'Add "-pass-header Authorization" / "CGIPassAuth On" to vhosts';
 $lng['serversettings']['ssl']['ssl_protocols']['title'] = 'Configure the TLS protocol version';
-$lng['serversettings']['ssl']['ssl_protocols']['description'] = 'This is a list of ssl protocols that you want (or don\'t want) to use when using SSL. <b>Notice:</b> Some older browsers may not support the newest protcol versions.<br /><br /><b>Default value is:</b><pre>TLSv1.2</pre>';
+$lng['serversettings']['ssl']['ssl_protocols']['description'] = 'This is a list of ssl protocols that you want (or don\'t want) to use when using SSL. <b>Notice:</b> Some older browsers may not support the newest protocol versions.<br /><br /><b>Default value is:</b><pre>TLSv1.2</pre>';
 $lng['serversettings']['phpfpm_settings']['limit_extensions']['title'] = 'Allowed extensions';
 $lng['serversettings']['phpfpm_settings']['limit_extensions']['description'] = 'Limits the extensions of the main script FPM will allow to parse. This can prevent configuration mistakes on the web server side. You should only limit FPM to .php extensions to prevent malicious users to use other extensions to execute php code. Default value: .php';
 $lng['phpfpm']['ini_flags'] = 'Enter possible <strong>php_flag</strong>s for php.ini. One entry per line';
@@ -2116,3 +2114,20 @@ $lng['serversettings']['terms_url']['description'] = 'Specify an URL to your ter
 $lng['privacy'] = 'Privacy policy';
 $lng['serversettings']['privacy_url']['title'] = 'URL to privacy policy';
 $lng['serversettings']['privacy_url']['description'] = 'Specify an URL to your privacy policy site / imprint site. The link will be visible on the login screen and on the footer when logged in.';
+$lng['admin']['domaindefaultalias'] = 'Default ServerAlias value for new domains';
+
+$lng['serversettings']['logo_image_header']['title'] = 'Logo Image (Header)';
+$lng['serversettings']['logo_image_header']['description'] = 'Upload your own logo image to be shown in the header after login (recommended height 30px)';
+$lng['serversettings']['logo_image_login']['title'] = 'Logo Image (Login)';
+$lng['serversettings']['logo_image_login']['description'] = 'Upload your own logo image to be shown during login';
+$lng['panel']['image_field_delete'] = 'Delete the existing current image';
+$lng['serversettings']['logo_overridetheme']['title'] = 'Overwrites logo defined in theme by "Logo Image" (Header and Login, see below)';
+$lng['serversettings']['logo_overridetheme']['description'] = 'This needs to be set to "true" if you intend to use your uploaded logo; alternatively you can still use the theme-based "logo_custom.png" and "logo_custom_login.png" possibility.';
+$lng['serversettings']['logo_overridecustom']['title'] = 'Overwrite custom logo (logo_custom.png and logo_custom_login.png) defined in theme by "Logo Image" (Header and Login, see below)';
+$lng['serversettings']['logo_overridecustom']['description'] = 'Set this to "true" if you want to ignore theme-specific custom logos for header and login and use "Logo Image"';
+$lng['serversettings']['createstdsubdom_default']['title'] = 'Preselected value for "'.$lng['admin']['stdsubdomain_add'].'" when creating a customer';
+$lng['serversettings']['froxlorusergroup']['title'] = 'Custom system group for all customer users';
+$lng['serversettings']['froxlorusergroup']['description'] = 'Usage of libnss-extrausers (system-settings) is required for this to take effect. An empty value skips creation or removes existing group.';
+$lng['error']['local_group_exists'] = 'The given group already exists on the system.';
+$lng['error']['local_group_invalid'] = 'The given group name is invalid';
+$lng['error']['invaliddnsforletsencrypt'] = 'The domains DNS does not include any of the chosen IP addresses. Let\'s Encrypt certificate generation not possible.';

lng/french.lng.php

@@ -598,10 +598,6 @@ $lng['traffic']['sumhttp'] = 'Trafic HTTP total entrant';
 $lng['traffic']['sumftp'] = 'Trafic FTP total entrant';
 $lng['traffic']['summail'] = 'Trafic E-mail total entrant';
 
-// ADDED IN 1.2.19-svn4.5
-
-$lng['serversettings']['no_robots']['title'] = 'Permettre aux robots des moteurs de recherche d\'indexer l\'installation de Froxlor';
-
 // ADDED IN 1.2.19-svn6
 
 $lng['admin']['loggersettings'] = 'Paramètres des logs';
@@ -631,7 +627,7 @@ $lng['panel']['reseller'] = 'revendeur';
 $lng['panel']['admin'] = 'administrateur';
 $lng['panel']['customer'] = 'client(s)';
 $lng['error']['nomessagetosend'] = 'Vous n\'avez pas entré de message.';
-$lng['error']['noreceipientsgiven'] = 'Vous n\'avez pas spécifier de destinataire';
+$lng['error']['norecipientsgiven'] = 'Vous n\'avez pas spécifier de destinataire';
 $lng['admin']['emaildomain'] = 'Domaine e-mail';
 $lng['admin']['email_only'] = 'Seulement des e-mails ?';
 $lng['admin']['wwwserveralias'] = 'Ajouter un "www." à l\'alias du serveur "ServerAlias"';
@@ -639,14 +635,14 @@ $lng['admin']['ipsandports']['enable_ssl'] = 'Est-ce un port SSL ?';
 $lng['admin']['ipsandports']['ssl_cert_file'] = 'Emplacement du certificat SSL';
 $lng['panel']['send'] = 'envoyé';
 $lng['admin']['subject'] = 'Sujet';
-$lng['admin']['receipient'] = 'Destinataire';
+$lng['admin']['recipient'] = 'Destinataire';
 $lng['admin']['message'] = 'Ecrire un message';
 $lng['admin']['text'] = 'Message';
 $lng['menu']['message'] = 'Messages';
 $lng['error']['errorsendingmail'] = 'Echec d\'envoi du message à "%s"';
 $lng['error']['cannotreaddir'] = 'Impossible de lire dossier "%s"';
 $lng['message']['success'] = 'Le message a été envoyé aux destinataires "%s"';
-$lng['message']['noreceipients'] = 'Aucun e-mail n\'a été envoyé car il n\'existe aucun destinataire dans la base de données';
+$lng['message']['norecipients'] = 'Aucun e-mail n\'a été envoyé car il n\'existe aucun destinataire dans la base de données';
 $lng['admin']['sslsettings'] = 'Paramètres SSL';
 $lng['cronjobs']['notyetrun'] = 'Pas encore lancé';
 $lng['serversettings']['default_vhostconf']['title'] = 'Paramètres par défaut pour les vHosts';

lng/german.lng.php

@@ -327,7 +327,7 @@ $lng['serversettings']['session_timeout']['description'] = 'Wie lange muss ein B
 $lng['serversettings']['accountprefix']['title'] = 'Kundenpräfix';
 $lng['serversettings']['accountprefix']['description'] = 'Welchen Präfix sollen die Kundenaccounts haben?';
 $lng['serversettings']['mysqlprefix']['title'] = 'MySQL-Präfix';
-$lng['serversettings']['mysqlprefix']['description'] = 'Welchen Präfix sollen die MySQL-Benutzerkonten haben?</br>Mit "RANDOM" als Wert wird ein 3-stelliger Zufallswert als Präfix verwendet.';
+$lng['serversettings']['mysqlprefix']['description'] = 'Welchen Präfix sollen die MySQL-Benutzerkonten haben?</br>Mit "RANDOM" als Wert wird ein 3-stelliger Zufallswert als Präfix verwendet.</br>Mit "DBNAME" als Wert wird ein Feld Databankname zusammen mit dem Kundennamen als Präfix genutzt.';
 $lng['serversettings']['ftpprefix']['title'] = 'FTP-Präfix';
 $lng['serversettings']['ftpprefix']['description'] = 'Welchen Präfix sollen die FTP-Benutzerkonten haben?<br/><b>Falls FTP-Quoatas verwendet werden, ist es notwendig das Quota-SQL-Query in der FTP-Server-Config ebenfalls zu ändern!</b>';
 $lng['serversettings']['documentroot_prefix']['title'] = 'Heimatverzeichnis';
@@ -619,10 +619,6 @@ $lng['traffic']['sumhttp'] = 'Gesamt HTTP-Traffic';
 $lng['traffic']['sumftp'] = 'Gesamt FTP-Traffic';
 $lng['traffic']['summail'] = 'Gesamt Mail-Traffic';
 
-// ADDED IN 1.2.19-svn4.5
-
-$lng['serversettings']['no_robots']['title'] = 'Erlaube die Indizierung Ihrer Froxlor-Installation durch Suchmaschinen';
-
 // ADDED IN 1.2.19-svn6
 
 $lng['admin']['loggersettings'] = 'Log-Einstellungen';
@@ -657,7 +653,7 @@ $lng['panel']['reseller'] = 'Reseller';
 $lng['panel']['admin'] = 'Administrator';
 $lng['panel']['customer'] = 'Kunde/n';
 $lng['error']['nomessagetosend'] = 'Keine Nachricht angegeben';
-$lng['error']['noreceipientsgiven'] = 'Keine Empfänger angegeben';
+$lng['error']['norecipientsgiven'] = 'Keine Empfänger angegeben';
 $lng['admin']['emaildomain'] = 'E-Mail-Domain';
 $lng['admin']['email_only'] = 'Nur als E-Mail-Domain verwenden?';
 $lng['admin']['wwwserveralias'] = 'Einen "www." ServerAlias hinzufügen';
@@ -665,14 +661,14 @@ $lng['admin']['ipsandports']['enable_ssl'] = 'Ist dies ein SSL-Port?';
 $lng['admin']['ipsandports']['ssl_cert_file'] = 'Pfad zum Zertifikat';
 $lng['panel']['send'] = 'Versenden';
 $lng['admin']['subject'] = 'Betreff';
-$lng['admin']['receipient'] = 'Empfänger';
+$lng['admin']['recipient'] = 'Empfänger';
 $lng['admin']['message'] = 'Rundmail senden';
 $lng['admin']['text'] = 'Nachricht';
 $lng['menu']['message'] = 'Nachrichten';
 $lng['error']['errorsendingmail'] = 'Das Versenden der Nachricht an "%s" schlug fehl.';
 $lng['error']['cannotreaddir'] = 'Der Ordner "%s" kann nicht gelesen werden';
 $lng['message']['success'] = 'Nachricht erfolgreich an "%s" Empfänger gesendet';
-$lng['message']['noreceipients'] = 'Es wurde keine E-Mail versendet, da sich keine Empfänger in der Datenbank befinden';
+$lng['message']['norecipients'] = 'Es wurde keine E-Mail versendet, da sich keine Empfänger in der Datenbank befinden';
 $lng['admin']['sslsettings'] = 'SSL-Einstellungen';
 $lng['cronjobs']['notyetrun'] = 'Bisher nicht gestartet';
 $lng['serversettings']['default_vhostconf']['title'] = 'Standard vHost-Einstellungen';
@@ -1324,6 +1320,8 @@ $lng['serversettings']['panel_allow_theme_change_admin'] = 'Erlaube Admins das T
 $lng['serversettings']['panel_allow_theme_change_customer'] = 'Erlaube Kunden das Theme zu wechseln';
 $lng['serversettings']['axfrservers']['title'] = 'AXFR Server';
 $lng['serversettings']['axfrservers']['description'] = 'Eine durch Kommas getrennte Liste von IP Adressen, die DNS-Zonen transferieren dürfen (AXFR).';
+$lng['serversettings']['powerdns_mode']['title'] = 'PowerDNS Operation Mode';
+$lng['serversettings']['powerdns_mode']['description'] = 'Wählen Sie den PowerDNS-Modus: Native für keine DNS-Replikation (Standard) / Master wenn eine DNS-Replikation benötigt wird.';
 $lng['panel']['ssleditor'] = 'SSL-Einstellungen für diese Domain';
 $lng['admin']['ipsandports']['ssl_paste_description'] = 'Bitte den Inhalt der Zertifikatsdatei in das Textfeld kopieren.';
 $lng['admin']['ipsandports']['ssl_cert_file_content'] = 'Inhalt des SSL-Zertifikats (Certificate)';
@@ -1490,8 +1488,8 @@ $lng['error']['sslredirectonlypossiblewithsslipport'] = 'Die Nutzung von Let\'s
 $lng['error']['nowildcardwithletsencrypt'] = 'Let\'s Encrypt kann mittels ACME Wildcard-Domains nur via DNS validieren, sorry. Bitte den ServerAlias auf WWW setzen oder deaktivieren';
 $lng['panel']['letsencrypt'] = 'Benutzt Let\'s encrypt';
 $lng['crondesc']['cron_letsencrypt'] = 'Aktualisierung der Let\'s Encrypt Zertifikate';
-$lng['serversettings']['letsencryptca']['title'] = "Let's Encrypt Umgebung";
-$lng['serversettings']['letsencryptca']['description'] = "Let's Encrypt - Umgebung, welche genutzt wird um Zertifikate zu bestellen.";
+$lng['serversettings']['letsencryptca']['title'] = "ACME Umgebung";
+$lng['serversettings']['letsencryptca']['description'] = "Umgebung, welche genutzt wird um Zertifikate zu bestellen.";
 $lng['serversettings']['letsencryptcountrycode']['title'] = "Let's Encrypt Ländercode";
 $lng['serversettings']['letsencryptcountrycode']['description'] = "2 - stelliger Ländercode, welcher benutzt wird um Let's Encrypt - Zertifikate zu bestellen.";
 $lng['serversettings']['letsencryptstate']['title'] = "Let's Encrypt Bundesland";
@@ -1762,3 +1760,20 @@ $lng['serversettings']['terms_url']['description'] = 'Die URL zur AGB-Seite. Der
 $lng['privacy'] = 'Datenschutzerklärung';
 $lng['serversettings']['privacy_url']['title'] = 'URL zur Datenschutzerklärung';
 $lng['serversettings']['privacy_url']['description'] = 'Die URL zur Datenschutzerklärungs-Seite. Der Link ist auf der Login-Seite und wenn eingeloggt, in der Fußzeile sichtbar.';
+$lng['admin']['domaindefaultalias'] = 'Standard ServerAlias-Angabe für neue Domains';
+
+$lng['serversettings']['logo_image_header']['title'] = 'Logo Bild (Header)';
+$lng['serversettings']['logo_image_header']['description'] = 'Das hochgeladene Bild wird als Logo oben links nach dem Login angezeigt (empfohlene Höhe sind 30px)';
+$lng['serversettings']['logo_image_login']['title'] = 'Logo Bild (Login)';
+$lng['serversettings']['logo_image_login']['description'] = 'Das hochgeladene Bild wird als Logo während des Logins angezeigt';
+$lng['panel']['image_field_delete'] = 'Das momentan vorhandene Bild löschen';
+$lng['serversettings']['logo_overridetheme']['title'] = 'Überschreibe Theme-Logo mit "Logo Bild" (Header und Login, siehe unten)';
+$lng['serversettings']['logo_overridetheme']['description'] = 'Ist die Nutzung eines hochgeladenen Logos gewünscht, muss diese Einstellung auf "Ja" gesetzt werden. Alternativ kann weiterhin das Theme-basierte Überschreiben via "logo_custom.png" und "logo_custom_login.png" genutzt werden.';
+$lng['serversettings']['logo_overridecustom']['title'] = 'Überschreibe benutzerdefinierte Theme-Logos (logo_custom.png und logo_custom_login.png) mit "Logo Bold" (Header und Login, siehe unten)';
+$lng['serversettings']['logo_overridecustom']['description'] = 'Ist diese Einstellung aktiv, werden benutzerdefinierte Logos im Theme-Ordner mit dem "Logo Bild" ersetzt';
+$lng['serversettings']['createstdsubdom_default']['title'] = 'Standardwert für "'.$lng['admin']['stdsubdomain_add'].'" bei Erstellung eines Kunden';
+$lng['serversettings']['froxlorusergroup']['title'] = 'Benutzerdefinierte Gruppe für alle Kunden-Benutzer';
+$lng['serversettings']['froxlorusergroup']['description'] = 'Voraussetzung hierfür ist die Nutzung von libnss-extrausers (System-Einstellungen). Ein leerer Wert bedeutet, es wird keine Gruppe erstellt, bzw. vorhandene Gruppe wird entfernt.';
+$lng['error']['local_group_exists'] = 'Die angegebene Gruppe existiert bereits auf dem System';
+$lng['error']['local_group_invalid'] = 'Der angegebene Gruppen-Name ist nicht gültig';
+$lng['error']['invaliddnsforletsencrypt'] = 'Die DNS-Einträge der Domain enhalten keine der gewählten IP Adressen. Let\'s Encrypt Zertifikats-Erstellung ist nicht möglich.';

lng/italian.lng.php

@@ -584,10 +584,6 @@ $lng['traffic']['sumhttp'] = 'Sommatoria Traffico in ingresso HTTP';
 $lng['traffic']['sumftp'] = 'Sommatoria Traffico in ingresso FTP';
 $lng['traffic']['summail'] = 'Sommatoria Traffico in ingresso Mail';
 
-// ADDED IN 1.2.19-svn4.5
-
-$lng['serversettings']['no_robots']['title'] = 'Permetti ai robot dei motori di ricerca di indicizzare l\'installazione di Froxlor';
-
 // ADDED IN 1.2.19-svn6
 
 $lng['admin']['loggersettings'] = 'Impostazioni Log';
@@ -614,7 +610,7 @@ $lng['panel']['reseller'] = 'rivenditore';
 $lng['panel']['admin'] = 'amministratore';
 $lng['panel']['customer'] = 'cliente/i';
 $lng['error']['nomessagetosend'] = 'Non hai inserito un messaggio.';
-$lng['error']['noreceipientsgiven'] = 'Non hai specificato alcun destinatario';
+$lng['error']['norecipientsgiven'] = 'Non hai specificato alcun destinatario';
 $lng['admin']['emaildomain'] = 'Email dominio';
 $lng['admin']['email_only'] = 'Solo email?';
 $lng['admin']['wwwserveralias'] = 'Aggiungi a "www." ServerAlias';
@@ -622,14 +618,14 @@ $lng['admin']['ipsandports']['enable_ssl'] = 'Questa è una porta SSL?';
 $lng['admin']['ipsandports']['ssl_cert_file'] = 'Percorso del certificato SSL (SSL certificate)';
 $lng['panel']['send'] = 'invia';
 $lng['admin']['subject'] = 'Oggetto';
-$lng['admin']['receipient'] = 'Destinatario';
+$lng['admin']['recipient'] = 'Destinatario';
 $lng['admin']['message'] = 'Scrivi un messaggio';
 $lng['admin']['text'] = 'Messaggio';
 $lng['menu']['message'] = 'Messaggi';
 $lng['error']['errorsendingmail'] = 'Il messaggio a "%s" fallito';
 $lng['error']['cannotreaddir'] = 'Impossibile leggere la cartella "%s"';
 $lng['message']['success'] = 'Inviato correttamente il messaggio a %s recipients';
-$lng['message']['noreceipients'] = 'Nessuna e-mail è stata inviata perch¸ non ci sono i destinatari nel database';
+$lng['message']['norecipients'] = 'Nessuna e-mail è stata inviata perch¸ non ci sono i destinatari nel database';
 $lng['admin']['sslsettings'] = 'Impostazioni SSL';
 $lng['cronjobs']['notyetrun'] = 'Non ancora avviato';
 $lng['serversettings']['default_vhostconf']['title'] = 'Impostazioni default vhost';

lng/portugues.lng.php

@@ -529,7 +529,6 @@ $lng['traffic']['distribution'] = '<font color="#019522">FTP</font> | <font colo
 $lng['traffic']['sumhttp'] = 'Resumo Tráfego de HTTP em';
 $lng['traffic']['sumftp'] = 'Resumo Tráfego de FTP em';
 $lng['traffic']['summail'] = 'Resumo Tráfego de HTTP em';
-$lng['serversettings']['no_robots']['title'] = 'Aceitar robôs de procura na index de seuFroxlor';
 $lng['admin']['loggersettings'] = 'Configurações de Logs';
 $lng['serversettings']['logger']['enable'] = 'Habilitar/Desabilitar Logs';
 $lng['serversettings']['logger']['severity'] = 'Nível de Logs';
@@ -555,7 +554,7 @@ $lng['panel']['reseller'] = 'Revenda';
 $lng['panel']['admin'] = 'Administrador';
 $lng['panel']['customer'] = 'Cliente(s)';
 $lng['error']['nomessagetosend'] = 'Você não entrou com uma mensagem';
-$lng['error']['noreceipientsgiven'] = 'Você não especificou um destinatário';
+$lng['error']['norecipientsgiven'] = 'Você não especificou um destinatário';
 $lng['admin']['emaildomain'] = 'Domínio de Email';
 $lng['admin']['email_only'] = 'Somente Email?';
 $lng['admin']['wwwserveralias'] = 'Adicionar um "www." ServerAlias';
@@ -563,14 +562,14 @@ $lng['admin']['ipsandports']['enable_ssl'] = 'Esta é uma porta SSL?';
 $lng['admin']['ipsandports']['ssl_cert_file'] = 'Caminho para o certificado SSL';
 $lng['panel']['send'] = 'Enviar';
 $lng['admin']['subject'] = 'Assunto';
-$lng['admin']['receipient'] = 'Destinatário';
+$lng['admin']['recipient'] = 'Destinatário';
 $lng['admin']['message'] = 'Escrever uma mensagem';
 $lng['admin']['text'] = 'Mensagem';
 $lng['menu']['message'] = 'Mensagens';
 $lng['error']['errorsendingmail'] = 'A mensagem para "%s" falhou';
 $lng['error']['cannotreaddir'] = 'Não é possível ler o diretório "%s"';
 $lng['message']['success'] = 'Mensagens enviadas para %s destinatários com sucesso';
-$lng['message']['noreceipients'] = 'Email não enviado porque não tem destinatário no banco de dados';
+$lng['message']['norecipients'] = 'Email não enviado porque não tem destinatário no banco de dados';
 $lng['admin']['sslsettings'] = 'Configuração de SSL';
 $lng['cronjobs']['notyetrun'] = 'Ainda não está rodando';
 $lng['serversettings']['default_vhostconf']['title'] = 'Configuração de Vhost padrão';

phpunit.xml

@@ -1,10 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<phpunit backupGlobals="false" backupStaticAttributes="false"
-	colors="false" convertErrorsToExceptions="true"
-	convertNoticesToExceptions="true" convertWarningsToExceptions="true"
-	processIsolation="false" stopOnFailure="false"
-	bootstrap="tests/bootstrap.php">
-
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" backupGlobals="false" backupStaticAttributes="false" colors="false" convertErrorsToExceptions="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" processIsolation="false" stopOnFailure="false" bootstrap="tests/bootstrap.php" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd">
+  <coverage processUncoveredFiles="true">
+    <include>
+      <directory suffix=".php">./lib/Froxlor</directory>
+    </include>
+    <report>
+      <clover outputFile="build/logs/clover.xml"/>
+      <crap4j outputFile="build/logs/crap4j.xml"/>
+      <html outputDirectory="build/coverage" lowUpperBound="35" highLowerBound="70"/>
+    </report>
+  </coverage>
   <testsuites>
     <testsuite name="froxlor">
       <!-- we need to specify the order of the tests for dependency-reasons -->
@@ -27,19 +32,7 @@
       <directory>tests/Froxlor</directory>
     </testsuite>
   </testsuites>
-
   <logging>
-		<log type="coverage-html" target="build/coverage"
-			lowUpperBound="35" highLowerBound="70" />
-		<log type="coverage-clover" target="build/logs/clover.xml" />
-		<log type="coverage-crap4j" target="build/logs/crap4j.xml" />
-		<log type="junit" target="build/logs/junit.xml" />
+    <junit outputFile="build/logs/junit.xml"/>
   </logging>
-
-	<filter>
-		<whitelist processUncoveredFilesFromWhitelist="true">
-			<directory suffix=".php">./lib/Froxlor</directory>
-		</whitelist>
-	</filter>
-
 </phpunit>

robots.txt

@@ -0,0 +1,2 @@
+User-agent: *
+Disallow: /