set version to 0.10.30 for upcoming release

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

.github/ISSUE_TEMPLATE.md

@@ -1,6 +1,6 @@
 # Bug report vs. support request
 If you're unsure of whether your problem is a bug or a configuration error
-* contact us via IRC in #froxlor on freenode
+* contact us via IRC in #froxlor on irc.libera.chat
 * or post a thread in our forum at https://forum.froxlor.org
 
 As a rule of thumb: before reporting an issue

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,40 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**As a rule of thumb: before reporting an issue**
+* see if it hasn't been [reported](https://github.com/Froxlor/froxlor/issues) (and possibly already been [fixed](https://github.com/Froxlor/froxlor/issues?utf8=✓&q=is:issue%20is:closed)) first
+* try with the git master
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**System information**
+* Froxlor version: $version/$gitSHA1
+* Web server: apache2/nginx/lighttpd
+* DNS server: Bind/PowerDNS (standalone)/PowerDNS (Bind-backend)
+* POP/IMAP server: Courier/Dovecot
+* SMTP server: postfix/exim
+* FTP server: proftpd/pureftpd
+* OS/Version: ...
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Logfiles**
+If applicable, add log-entries to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/workflows/build-mariadb.yml

@@ -0,0 +1,80 @@
+name: Froxlor-CI-MariaDB
+on: ['push', 'pull_request', 'create']
+
+jobs:
+  froxlor:
+    name: Froxlor (PHP ${{ matrix.php-versions }}, MariaDB ${{ matrix.mariadb-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        php-versions: ['7.4', '8.0']
+        mariadb-version: [10.5, 10.4]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup PHP, with composer and extensions
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          tools: composer:v2
+          extensions: mbstring, xml, ctype, pdo_mysql, mysql, curl, json, zip, session, filter, posix, openssl, fileinfo, bcmath
+
+      - name: Install tools
+        run: sudo apt-get install -y ant
+
+      - name: Adjust firewall
+        run: |
+          sudo ufw allow out 3306/tcp
+          sudo ufw allow in 3306/tcp
+
+      - name: Setup MariaDB
+        uses: getong/mariadb-action@v1.1
+        with:
+          mariadb version: ${{ matrix.mariadb-version }}
+          mysql database: 'froxlor010'
+          mysql root password: 'fr0xl0r.TravisCI'
+
+      - name: Wait for database
+        run: sleep 15
+
+      - name: Setup databases
+        run: |
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "CREATE USER 'froxlor010'@'%' IDENTIFIED BY 'fr0xl0r.TravisCI';"
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "GRANT ALL ON froxlor010.* TO 'froxlor010'@'%';"
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI froxlor010 < install/froxlor.sql
+
+      - name: Run testing
+        run: ant quick-build
+
+#      - name: irc push
+#        uses: rectalogic/notify-irc@v1
+#        if: github.event_name == 'push'
+#        with:
+#          channel: "#froxlor"
+#          server: "irc.libera.chat"
+#          nickname: froxlor-ci
+#          message: |
+#            ${{ github.actor }} pushed ${{ github.event.ref }} ${{ github.event.compare }}
+#            ${{ join(github.event.commits.*.message) }}
+
+#      - name: irc pull request
+#        uses: rectalogic/notify-irc@v1
+#        if: github.event_name == 'pull_request'
+#        with:
+#          channel: "#froxlor"
+#          server: "irc.libera.chat"
+#          nickname: froxlor-ci
+#          message: |
+#            ${{ github.actor }} opened PR ${{ github.event.pull_request.html_url }}
+
+#      - name: irc tag created
+#        uses: rectalogic/notify-irc@v1
+#        if: github.event_name == 'create' && github.event.ref_type == 'tag'
+#        with:
+#          channel: "#froxlor"
+#          server: "irc.libera.chat"
+#          nickname: froxlor-ci
+#          message: |
+#            ${{ github.actor }} tagged ${{ github.repository }} ${{ github.event.ref }}

.github/workflows/build-mysql.yml

@@ -0,0 +1,57 @@
+name: Froxlor-CI-MySQL
+on: ['push', 'pull_request', 'create']
+
+jobs:
+  froxlor:
+    name: Froxlor (PHP ${{ matrix.php-versions }}, MySQL ${{ matrix.mysql-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        php-versions: ['7.4', '8.0']
+        mysql-version: [8.0, 5.7]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup PHP, with composer and extensions
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          tools: composer:v2
+          extensions: mbstring, xml, ctype, pdo_mysql, mysql, curl, json, zip, session, filter, posix, openssl, fileinfo, bcmath
+
+      - name: Install tools
+        run: sudo apt-get install -y ant
+
+      - name: Adjust firewall
+        run: |
+          sudo ufw allow out 3306/tcp
+          sudo ufw allow in 3306/tcp
+
+      - name: Setup MySQL
+        uses: samin/mysql-action@v1.3
+        with:
+          mysql version: ${{ matrix.mysql-version }}
+          mysql database: 'froxlor010'
+          mysql root password: 'fr0xl0r.TravisCI'
+
+      - name: Wait for database
+        run: sleep 15
+
+      - name: Setup database (8.0)
+        if: matrix.mysql-version == '8.0'
+        run: |
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "CREATE USER 'froxlor010'@'%' IDENTIFIED WITH mysql_native_password BY 'fr0xl0r.TravisCI';"
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "GRANT ALL ON froxlor010.* TO 'froxlor010'@'%';"
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI froxlor010 < install/froxlor.sql
+
+      - name: Setup database (5.7)
+        if: matrix.mysql-version == '5.7'
+        run: |
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "CREATE USER 'froxlor010'@'%' IDENTIFIED BY 'fr0xl0r.TravisCI';"
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "GRANT ALL ON froxlor010.* TO 'froxlor010'@'%';"
+          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI froxlor010 < install/froxlor.sql
+
+      - name: Run testing
+        run: ant quick-build

.gitignore

@@ -12,9 +12,10 @@ logs/*
 .well-known
 .idea
 *.iml
+img/
 
 !templates/Froxlor/
 !templates/Sparkle/
 !templates/misc/
-templates/Froxlor/assets/img/logo_custom.png
+templates/Sparkle/assets/css/custom.css
 vendor/

.travis.yml

@@ -55,7 +55,7 @@ script:
   - ant phpunit-no-coverage
 
 notifications:
-  irc: "chat.freenode.net#froxlor"
+  irc: "irc.libera.chat#froxlor"
   webhooks:
     urls:
       - https://webhooks.gitter.im/e/bdf91d1c3f745e51f796

README.md

@@ -1,4 +1,5 @@
-[![Build Status](https://travis-ci.com/Froxlor/Froxlor.svg?branch=master)](https://travis-ci.com/Froxlor/Froxlor)
+[![Froxlor-CI](https://github.com/Froxlor/Froxlor/actions/workflows/build-mariadb.yml/badge.svg?branch=master)](https://github.com/Froxlor/Froxlor/actions/workflows/build-mariadb.yml)
+[![Froxlor-CI](https://github.com/Froxlor/Froxlor/actions/workflows/build-mysql.yml/badge.svg?branch=master)](https://github.com/Froxlor/Froxlor/actions/workflows/build-mysql.yml)
 [![Gitter](https://badges.gitter.im/Froxlor/community.svg)](https://gitter.im/Froxlor/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 
 # Froxlor
@@ -28,8 +29,8 @@ You may find help in the following places:
 
 ### IRC
 
-froxlor may be found on freenode.net, channel #froxlor:
-irc://chat.freenode.net/froxlor
+froxlor may be found on libera.chat, channel #froxlor:
+irc://irc.libera.chat/froxlor
 
 ### Forum
 

actions/admin/settings/100.panel.php

@@ -77,14 +77,6 @@ return array(
 					'default' => false,
 					'save_method' => 'storeSettingField'
 				),
-				'panel_no_robots' => array(
-					'label' => $lng['serversettings']['no_robots'],
-					'settinggroup' => 'panel',
-					'varname' => 'no_robots',
-					'type' => 'bool',
-					'default' => true,
-					'save_method' => 'storeSettingField'
-				),
 				'panel_paging' => array(
 					'label' => $lng['serversettings']['paging'],
 					'settinggroup' => 'panel',
@@ -296,6 +288,40 @@ return array(
 					'default' => '',
 					'save_method' => 'storeSettingField'
 				),
+				'panel_logo_overridetheme' => array(
+					'label' => $lng['serversettings']['logo_overridetheme'],
+					'settinggroup' => 'panel',
+					'varname' => 'logo_overridetheme',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				'panel_logo_overridecustom' => array(
+					'label' => $lng['serversettings']['logo_overridecustom'],
+					'settinggroup' => 'panel',
+					'varname' => 'logo_overridecustom',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				'panel_logo_image_header' => array(
+					'label' => $lng['serversettings']['logo_image_header'],
+					'settinggroup' => 'panel',
+					'varname' => 'logo_image_header',
+					'type' => 'image',
+					'image_name' => 'logo_header',
+					'default' => '',
+					'save_method' => 'storeSettingImage'
+				),
+				'panel_logo_image_login' => array(
+					'label' => $lng['serversettings']['logo_image_login'],
+					'settinggroup' => 'panel',
+					'varname' => 'logo_image_login',
+					'type' => 'image',
+					'image_name' => 'logo_login',
+					'default' => '',
+					'save_method' => 'storeSettingImage'
+				),
 			)
 		)
 	)

actions/admin/settings/110.accounts.php

@@ -205,9 +205,21 @@ return array(
 					'default' => false,
 					'cronmodule' => 'froxlor/backup',
 					'save_method' => 'storeSettingField'
-				)
+				),
+				'system_createstdsubdom_default' => array(
+					'label' => $lng['serversettings']['createstdsubdom_default'],
+					'settinggroup' => 'system',
+					'varname' => 'createstdsubdom_default',
+					'type' => 'option',
+					'default' => '1',
+					'option_mode' => 'one',
+					'option_options' => array(
+						'0' => $lng['panel']['no'],
+						'1' => $lng['panel']['yes']
+					),
+					'save_method' => 'storeSettingField'
+				),
 			)
 		)
 	)
 );
-

actions/admin/settings/120.system.php

@@ -270,6 +270,20 @@ return array(
 					'default' => true,
 					'save_method' => 'storeSettingField'
 				),
+                'system_domaindefaultalias' => array(
+                    'label' => $lng['admin']['domaindefaultalias'],
+                    'settinggroup' => 'system',
+                    'varname' => 'domaindefaultalias',
+                    'type' => 'option',
+                    'default' => '0',
+                    'option_mode' => 'one',
+                    'option_options' => array(
+                        '0' => $lng['domains']['serveraliasoption_wildcard'],
+                        '1' => $lng['domains']['serveraliasoption_www'],
+                        '2' => $lng['domains']['serveraliasoption_none']
+                    ),
+                    'save_method' => 'storeSettingField'
+                ),
 				'hide_incompatible_settings' => array(
 					'label' => $lng['serversettings']['hide_incompatible_settings'],
 					'settinggroup' => 'system',

actions/admin/settings/131.ssl.php

@@ -142,6 +142,9 @@ return array(
 					'default' => '/etc/apache2/conf-enabled/acme.conf',
 					'save_method' => 'storeSettingField'
 				),
+			    /**
+			     * currently the only option anyway
+			     *
 				'system_leapiversion' => array(
 					'label' => $lng['serversettings']['leapiversion'],
 					'settinggroup' => 'system',
@@ -154,16 +157,20 @@ return array(
 					),
 					'save_method' => 'storeSettingField'
 				),
+				*/
 				'system_letsencryptca' => array(
 					'label' => $lng['serversettings']['letsencryptca'],
 					'settinggroup' => 'system',
 					'varname' => 'letsencryptca',
 					'type' => 'option',
-					'default' => 'production',
+					'default' => 'letsencrypt',
 					'option_mode' => 'one',
 					'option_options' => array(
-						'testing' => 'https://acme-staging-v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org (Test)',
-						'production' => 'https://acme-v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org (Live)'
+						'letsencrypt_test' => 'Let\'s Encrypt (Test / Staging)',
+						'letsencrypt' => 'Let\'s Encrypt (Live)',
+						'buypass_test' => 'Buypass (Test / Staging)',
+						'buypass' => 'Buypass (Live)',
+					    'zerossl' => 'ZeroSSL (Live)'
 					),
 					'save_method' => 'storeSettingField'
 				),

actions/admin/settings/160.nameserver.php

@@ -99,6 +99,19 @@ return array(
 					'default' => '',
 					'save_method' => 'storeSettingField'
 				),
+				'system_powerdns_mode' => array(
+					'label' => $lng['serversettings']['powerdns_mode'],
+					'settinggroup' => 'system',
+					'varname' => 'powerdns_mode',
+					'type' => 'option',
+					'default' => 'Native',
+					'option_mode' => 'one',
+					'option_options' => array(
+						'Native' => 'Native',
+						'Master' => 'Master'
+					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_dns_createmailentry' => array(
 					'label' => $lng['serversettings']['mail_also_with_mxservers'],
 					'settinggroup' => 'system',

actions/admin/settings/210.security.php

@@ -82,7 +82,20 @@ return array(
 					'string_emptyallowed' => true,
 					'default' => '',
 					'save_method' => 'storeSettingField'
-				)
+				),
+				'system_froxlorusergroup' => array(
+					'label' => $lng['serversettings']['froxlorusergroup'],
+					'settinggroup' => 'system',
+					'varname' => 'froxlorusergroup',
+					'type' => 'string',
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					'plausibility_check_method' => array(
+						'\\Froxlor\\Validate\\Check',
+						'checkLocalGroup'
+					),
+					'visible' => \Froxlor\Settings::Get('system.nssextrausers')
+				),
 			)
 		)
 	)

admin_admins.php

@@ -129,7 +129,7 @@ if ($page == 'admins' && $userinfo['change_serversettings'] == '1') {
 				'userid' => $userinfo['userid']
 			));
 
-			$s = md5(uniqid(microtime(), 1));
+			$s = \Froxlor\Froxlor::genSessionId();
 			$ins_stmt = Database::prepare("
 				INSERT INTO `" . TABLE_PANEL_SESSIONS . "` SET
 				`hash` = :hash, `userid` = :userid, `ipaddress` = :ip,

admin_apcuinfo.php

@@ -67,6 +67,9 @@ if ($page == 'showinfo') {
 	$uptime_duration = duration($cache['start_time']);
 	$size_vars = bsize($cache['mem_size']);
 
+	$num_hits_and_misses = $cache['num_hits'] + $cache['num_misses'];
+	$num_hits_and_misses = 0 >= $num_hits_and_misses ? 1 : $num_hits_and_misses;
+
 	// check for possible empty values that are used in the templates
 	if (! isset($cache['file_upload_progress'])) {
 		$cache['file_upload_progress'] = $lng['logger']['unknown'];
@@ -84,10 +87,10 @@ if ($page == 'showinfo') {
 
 	$freemem = bsize($mem_avail) . sprintf(" (%.1f%%)", $mem_avail * 100 / $mem_size);
 	$usedmem = bsize($mem_used) . sprintf(" (%.1f%%)", $mem_used * 100 / $mem_size);
-	$hits = $cache['num_hits'] . @sprintf(" (%.1f%%)", $cache['num_hits'] * 100 / ($cache['num_hits'] + $cache['num_misses']));
-	$misses = $cache['num_misses'] . @sprintf(" (%.1f%%)", $cache['num_misses'] * 100 / ($cache['num_hits'] + $cache['num_misses']));
+	$hits = $cache['num_hits'] . @sprintf(" (%.1f%%)", $cache['num_hits'] * 100 / $num_hits_and_misses);
+	$misses = $cache['num_misses'] . @sprintf(" (%.1f%%)", $cache['num_misses'] * 100 / $num_hits_and_misses);
 
-	// Fragementation: (freeseg - 1) / total_seg
+	// Fragmentation: (freeseg - 1) / total_seg
 	$nseg = $freeseg = $fragsize = $freetotal = 0;
 	for ($i = 0; $i < $mem['num_seg']; $i ++) {
 		$ptr = 0;

admin_configfiles.php

@@ -38,13 +38,43 @@ if ($userinfo['change_serversettings'] == '1') {
 
 	// try to convert namserver hosts to ip's
 	$ns_ips = "";
+	$known_ns_ips = [];
 	if (Settings::Get('system.nameservers') != '') {
 		$nameservers = explode(',', Settings::Get('system.nameservers'));
 		foreach ($nameservers as $nameserver) {
 			$nameserver = trim($nameserver);
+			// DNS servers might be multi homed; allow transfer from all ip
+			// addresses of the DNS server
 			$nameserver_ips = \Froxlor\PhpHelper::gethostbynamel6($nameserver);
-			if (is_array($nameserver_ips) && count($nameserver_ips) > 0) {
-				$ns_ips .= implode(",", $nameserver_ips);
+			// append dot to hostname
+			if (substr($nameserver, - 1, 1) != '.') {
+				$nameserver .= '.';
+			}
+			// ignore invalid responses
+			if (! is_array($nameserver_ips)) {
+				// act like \Froxlor\PhpHelper::gethostbynamel6() and return unmodified hostname on error
+				$nameserver_ips = array(
+					$nameserver
+				);
+			} else {
+				$known_ns_ips = array_merge($known_ns_ips, $nameserver_ips);
+			}
+			if (!empty($ns_ips)) {
+				$ns_ips .= ',';
+			}
+			$ns_ips .= implode(",", $nameserver_ips);
+		}
+	}
+
+	// AXFR server
+	if (Settings::Get('system.axfrservers') != '') {
+		$axfrservers = explode(',', Settings::Get('system.axfrservers'));
+		foreach ($axfrservers as $axfrserver) {
+			if (!in_array(trim($axfrserver), $known_ns_ips)) {
+				if (!empty($ns_ips)) {
+					$ns_ips .= ',';
+				}
+				$ns_ips .= trim($axfrserver);
 			}
 		}
 	}
@@ -59,7 +89,6 @@ if ($userinfo['change_serversettings'] == '1') {
 		'<SERVERIP>' => Settings::Get('system.ipaddress'),
 		'<NAMESERVERS>' => Settings::Get('system.nameservers'),
 		'<NAMESERVERS_IP>' => $ns_ips,
-		'<AXFRSERVERS>' => Settings::Get('system.axfrservers'),
 		'<VIRTUAL_MAILBOX_BASE>' => Settings::Get('system.vmail_homedir'),
 		'<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
 		'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),

admin_customers.php

@@ -178,7 +178,7 @@ if ($page == 'customers' && $userinfo['customers'] != '0') {
 				'hash' => $s
 			));
 
-			$s = md5(uniqid(microtime(), 1));
+			$s = \Froxlor\Froxlor::genSessionId();
 			$insert = Database::prepare("
 				INSERT INTO `" . TABLE_PANEL_SESSIONS . "` SET
 					`hash` = :hash,

admin_domains.php

@@ -290,9 +290,9 @@ if ($page == 'domains' || $page == 'overview') {
 
 			// create serveralias options
 			$serveraliasoptions = "";
-			$serveraliasoptions .= \Froxlor\UI\HTML::makeoption($lng['domains']['serveraliasoption_wildcard'], '0', '0', true, true);
-			$serveraliasoptions .= \Froxlor\UI\HTML::makeoption($lng['domains']['serveraliasoption_www'], '1', '0', true, true);
-			$serveraliasoptions .= \Froxlor\UI\HTML::makeoption($lng['domains']['serveraliasoption_none'], '2', '0', true, true);
+			$serveraliasoptions .= \Froxlor\UI\HTML::makeoption($lng['domains']['serveraliasoption_wildcard'], '0', Settings::Get('system.domaindefaultalias'), true, true);
+			$serveraliasoptions .= \Froxlor\UI\HTML::makeoption($lng['domains']['serveraliasoption_www'], '1', Settings::Get('system.domaindefaultalias'), true, true);
+			$serveraliasoptions .= \Froxlor\UI\HTML::makeoption($lng['domains']['serveraliasoption_none'], '2', Settings::Get('system.domaindefaultalias'), true, true);
 
 			$subcanemaildomain = \Froxlor\UI\HTML::makeoption($lng['admin']['subcanemaildomain']['never'], '0', '0', true, true);
 			$subcanemaildomain .= \Froxlor\UI\HTML::makeoption($lng['admin']['subcanemaildomain']['choosableno'], '1', '0', true, true);
@@ -428,7 +428,7 @@ if ($page == 'domains' || $page == 'overview') {
 					$customer = Database::pexecute_first($customer_stmt, array(
 						'customerid' => $result['customerid']
 					));
-					$result['customername'] = \Froxlor\User::getCorrectFullUserDetails($customer) . ' (' . $customer['loginname'] . ')';
+					$result['customername'] = \Froxlor\User::getCorrectFullUserDetails($customer);
 				}
 
 				if ($userinfo['customers_see_all'] == '1') {
@@ -594,6 +594,10 @@ if ($page == 'domains' || $page == 'overview') {
 				}
 
 				$result = \Froxlor\PhpHelper::htmlentitiesArray($result);
+				if (Settings::Get('panel.allow_domain_change_customer') != '1') {
+					$result['customername'] .= ' (<a href="' . $linker->getLink(array('section' => 'customers', 'page' => 'customers',
+						'action' => 'su', 'id' => $customer['customerid'])) . '" rel="external">' . $customer['loginname'] . '</a>)';
+				}
 
 				$domain_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/domains/formfield.domains_edit.php';
 				$domain_edit_form = \Froxlor\UI\HtmlForm::genHTMLForm($domain_edit_data);

admin_message.php

@@ -32,10 +32,10 @@ if ($page == 'message') {
 		$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'viewed panel_message');
 
 		if (isset($_POST['send']) && $_POST['send'] == 'send') {
-			if ($_POST['receipient'] == 0 && $userinfo['customers_see_all'] == '1') {
+			if ($_POST['recipient'] == 0 && $userinfo['customers_see_all'] == '1') {
 				$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'sending messages to admins');
 				$result = Database::query('SELECT `name`, `email`  FROM `' . TABLE_PANEL_ADMINS . "`");
-			} elseif ($_POST['receipient'] == 1) {
+			} elseif ($_POST['recipient'] == 1) {
 				if ($userinfo['customers_see_all'] == '1') {
 					$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'sending messages to ALL customers');
 					$result = Database::query('SELECT `firstname`, `name`, `company`, `email`  FROM `' . TABLE_PANEL_CUSTOMERS . "`");
@@ -49,7 +49,7 @@ if ($page == 'message') {
 					));
 				}
 			} else {
-				\Froxlor\UI\Response::standard_error('noreceipientsgiven');
+				\Froxlor\UI\Response::standard_error('norecipientsgiven');
 			}
 
 			$subject = $_POST['subject'];
@@ -105,7 +105,7 @@ if ($page == 'message') {
 		$sentitems = isset($_GET['sentitems']) ? (int) $_GET['sentitems'] : 0;
 
 		if ($sentitems == 0) {
-			$successmessage = $lng['message']['noreceipients'];
+			$successmessage = $lng['message']['norecipients'];
 		} else {
 			$successmessage = str_replace('%s', $sentitems, $lng['message']['success']);
 		}
@@ -116,12 +116,12 @@ if ($page == 'message') {
 	}
 
 	$action = '';
-	$receipients = '';
+	$recipients = '';
 
 	if ($userinfo['customers_see_all'] == '1') {
-		$receipients .= \Froxlor\UI\HTML::makeoption($lng['panel']['reseller'], 0);
+		$recipients .= \Froxlor\UI\HTML::makeoption($lng['panel']['reseller'], 0);
 	}
 
-	$receipients .= \Froxlor\UI\HTML::makeoption($lng['panel']['customer'], 1);
+	$recipients .= \Froxlor\UI\HTML::makeoption($lng['panel']['customer'], 1);
 	eval("echo \"" . \Froxlor\UI\Template::getTemplate('message/message') . "\";");
 }

admin_opcacheinfo.php

@@ -22,7 +22,7 @@ require './lib/init.php';
 
 if ($action == 'reset' && function_exists('opcache_reset') && $userinfo['change_serversettings'] == '1') {
 	opcache_reset();
-	$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "reseted OPcache");
+	$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_INFO, "reset OPcache");
 	header('Location: ' . $linker->getLink(array(
 		'section' => 'opcacheinfo',
 		'page' => 'showinfo'

api_keys.php

@@ -127,7 +127,7 @@ if ($action == 'delete') {
 
 $log->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, "viewed api::api_keys");
 
-// select all my (accessable) certificates
+// select all my (accessible) certificates
 $keys_stmt_query = "SELECT ak.*, c.loginname, a.loginname as adminname
 	FROM `" . TABLE_API_KEYS . "` ak
 	LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` c ON `c`.`customerid` = `ak`.`customerid`

build.xml

@@ -6,21 +6,20 @@
 	<property name="pdepend" value="${basedir}/vendor/bin/pdepend" />
 	<property name="phpcpd" value="${basedir}/vendor/bin/phpcpd" />
 	<property name="phpcs" value="${basedir}/vendor/bin/phpcs" />
-	<property name="phpdox" value="${basedir}/vendor/bin/phpdox" />
 	<property name="phploc" value="${basedir}/vendor/bin/phploc" />
 	<property name="phpmd" value="${basedir}/vendor/bin/phpmd" />
 	<property name="phpunit" value="${basedir}/vendor/bin/phpunit" />
 
 	<target name="full-build"
-		depends="prepare,composer,static-analysis,phpunit,phpdox,-check-failure"
+		depends="prepare,composer,static-analysis,phpunit,-check-failure"
 		description="Performs static analysis, runs the tests, and generates project documentation" />
 
 	<target name="full-build-parallel"
-		depends="prepare,composer,static-analysis-parallel,phpunit,phpdox,-check-failure"
+		depends="prepare,composer,static-analysis-parallel,phpunit,-check-failure"
 		description="Performs static analysis (executing the tools in parallel), runs the tests, and generates project documentation" />
 
 	<target name="quick-build"
-		depends="prepare,composer,lint,phpunit-no-coverage"
+		depends="prepare,composer,lint,phpunit-no-coverage,-check-failure"
 		description="Performs a lint check and runs the tests (without generating code coverage reports)" />
 
 	<target name="static-analysis"
@@ -49,7 +48,6 @@
 		<delete dir="${basedir}/build/coverage" />
 		<delete dir="${basedir}/build/logs" />
 		<delete dir="${basedir}/build/pdepend" />
-		<delete dir="${basedir}/build/phpdox" />
 		<property name="clean.done" value="true" />
 	</target>
 
@@ -59,7 +57,6 @@
 		<mkdir dir="${basedir}/build/coverage" />
 		<mkdir dir="${basedir}/build/logs" />
 		<mkdir dir="${basedir}/build/pdepend" />
-		<mkdir dir="${basedir}/build/phpdox" />
 
 		<property name="prepare.done" value="true" />
 	</target>
@@ -257,7 +254,7 @@
 	<target name="phpunit-no-coverage" unless="phpunit.done"
 		depends="composer"
 		description="Run unit tests with PHPUnit (without generating code coverage reports)">
-		<exec executable="${phpunit}" failonerror="true"
+		<exec executable="${phpunit}" failonerror="true" resultproperty="result.phpunit"
 			taskname="phpunit">
 			<arg value="--configuration" />
 			<arg path="${basedir}/phpunit.xml" />
@@ -269,18 +266,6 @@
 		<property name="phpunit.done" value="true" />
 	</target>
 
-	<target name="phpdox" unless="phpdox.done"
-		depends="phploc-ci,phpcs-ci,phpcompat-ci,phpmd-ci"
-		description="Generate project documentation using phpDox">
-		<exec executable="${phpdox}" dir="${basedir}/build"
-			taskname="phpdox">
-			<arg value="--file" />
-			<arg path="${basedir}/phpdox.xml" />
-		</exec>
-
-		<property name="phpdox.done" value="true" />
-	</target>
-
 	<target name="-check-failure">
 		<fail message="PHPUnit did not finish successfully">
 			<condition>

composer.json

@@ -25,7 +25,7 @@
 		"issues": "https://github.com/Froxlor/Froxlor/issues",
 		"forum": "https://forum.froxlor.org/",
 		"wiki": "https://github.com/Froxlor/Froxlor/wiki",
-		"irc": "irc://chat.freenode.net/froxlor",
+		"irc": "irc://irc.libera.chat/froxlor",
 		"source": "https://github.com/Froxlor/Froxlor",
 		"docs": "https://github.com/Froxlor/Froxlor/wiki"
 	},
@@ -43,23 +43,24 @@
 		"ext-curl": "*",
 		"ext-json": "*",
 		"ext-openssl": "*",
+		"ext-fileinfo": "*",
 		"phpmailer/phpmailer": "~6.0",
 		"monolog/monolog": "^1.24",
 		"robthree/twofactorauth": "^1.6",
 		"froxlor/idna-convert-legacy": "^2.1",
 		"voku/anti-xss": "^4.1"
-	},
+    },
 	"require-dev": {
-		"phpunit/phpunit": "8.4.1",
+		"phpunit/phpunit": "^9",
 		"php": ">=7.3",
 		"ext-pcntl": "*",
 		"phpcompatibility/php-compatibility": "*",
 		"squizlabs/php_codesniffer": "*",
-		"pdepend/pdepend": "^2.5",
-		"sebastian/phpcpd": "^4.1",
-		"theseer/phpdox": "^0.12.0",
-		"phploc/phploc": "^5.0",
-		"phpmd/phpmd": "^2.6"
+		"pdepend/pdepend": "^2.9",
+		"sebastian/phpcpd": "^6.0",
+		"phploc/phploc": "^7.0",
+		"phpmd/phpmd": "^2.10",
+		"phpunit/php-timer" : "^5"
 	},
 	"suggest": {
 		"ext-bcmath": "*",

index.php

@@ -28,6 +28,12 @@ if ($action == '') {
 }
 
 if (session_status() == PHP_SESSION_NONE) {
+	ini_set("session.name", "s");
+	ini_set("url_rewriter.tags", "");
+	ini_set("session.use_cookies", false);
+	ini_set("session.cookie_httponly", true);
+	ini_set("session.cookie_secure", $is_ssl);
+	session_id('login');
 	session_start();
 }
 
@@ -669,7 +675,7 @@ function finishLogin($userinfo)
 	global $version, $dbversion, $remote_addr, $http_user_agent, $languages;
 
 	if (isset($userinfo['userid']) && $userinfo['userid'] != '') {
-		$s = md5(uniqid(microtime(), 1));
+		$s = \Froxlor\Froxlor::genSessionId();
 
 		if (isset($_POST['language'])) {
 			$language = \Froxlor\Validate\Validate::validate($_POST['language'], 'language');

install/froxlor.sql

@@ -532,7 +532,7 @@ opcache.interned_strings_buffer'),
 	('system', 'vmail_gid', '2000'),
 	('system', 'vmail_homedir', '/var/customers/mail/'),
 	('system', 'vmail_maildirname', 'Maildir'),
-	('system', 'bind_enable', '1'),
+	('system', 'bind_enable', '0'),
 	('system', 'bindconf_directory', '/etc/bind/'),
 	('system', 'bindreload_command', '/etc/init.d/bind9 reload'),
 	('system', 'hostname', 'SERVERNAME'),
@@ -611,6 +611,7 @@ opcache.interned_strings_buffer'),
 	('system', 'documentroot_use_default_value', '0'),
 	('system', 'passwordcryptfunc', '3'),
 	('system', 'axfrservers', ''),
+	('system', 'powerdns_mode', 'Native'),
 	('system', 'customer_ssl_path', '/etc/ssl/froxlor-custom/'),
 	('system', 'allow_error_report_admin', '1'),
 	('system', 'allow_error_report_customer', '0'),
@@ -628,7 +629,7 @@ opcache.interned_strings_buffer'),
 	('system', 'apacheitksupport', '0'),
 	('system', 'leprivatekey', 'unset'),
 	('system', 'lepublickey', 'unset'),
-	('system', 'letsencryptca', 'production'),
+	('system', 'letsencryptca', 'letsencrypt'),
 	('system', 'letsencryptcountrycode', 'DE'),
 	('system', 'letsencryptstate', 'Hessen'),
 	('system', 'letsencryptchallengepath', '/var/www/froxlor'),
@@ -677,6 +678,10 @@ opcache.interned_strings_buffer'),
 	('system', 'hide_incompatible_settings', '0'),
 	('system', 'include_default_vhostconf', '0'),
 	('system', 'soaemail', ''),
+	('system', 'domaindefaultalias', '0'),
+	('system', 'createstdsubdom_default', '1'),
+	('system', 'froxlorusergroup', ''),
+	('system', 'froxlorusergroup_gid', ''),
 	('api', 'enabled', '0'),
 	('2fa', 'enabled', '1'),
 	('panel', 'decimal_places', '4'),
@@ -689,7 +694,6 @@ opcache.interned_strings_buffer'),
 	('panel', 'paging', '20'),
 	('panel', 'natsorting', '1'),
 	('panel', 'sendalternativemail', '0'),
-	('panel', 'no_robots', '1'),
 	('panel', 'allow_domain_change_admin', '0'),
 	('panel', 'allow_domain_change_customer', '0'),
 	('panel', 'frontend', 'froxlor'),
@@ -714,8 +718,12 @@ opcache.interned_strings_buffer'),
 	('panel', 'imprint_url', ''),
 	('panel', 'terms_url', ''),
 	('panel', 'privacy_url', ''),
-	('panel', 'version', '0.10.26'),
-	('panel', 'db_version', '202103240');
+	('panel', 'logo_image_header', ''),
+	('panel', 'logo_image_login', ''),
+	('panel', 'logo_overridetheme', '0'),
+	('panel', 'logo_overridecustom', '0'),
+	('panel', 'version', '0.10.30'),
+	('panel', 'db_version', '202109040');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;
@@ -814,7 +822,8 @@ INSERT INTO `panel_languages` (`id`, `language`, `iso`, `file`) VALUES
     (4, 'Português', 'pt', 'lng/portugues.lng.php'),
     (5, 'Italiano', 'it', 'lng/italian.lng.php'),
     (6, 'Nederlands', 'nl', 'lng/dutch.lng.php'),
-    (7, 'Svenska', 'sv', 'lng/swedish.lng.php');
+    (7, 'Svenska', 'sv', 'lng/swedish.lng.php'),
+    (8, 'Česká republika', 'cs', 'lng/czech.lng.php');
 
 
 DROP TABLE IF EXISTS `panel_syslog`;
@@ -932,7 +941,7 @@ CREATE TABLE IF NOT EXISTS `ftp_quotalimits` (
 
 
 
-INSERT INTO `ftp_quotalimits` (`name`, `quota_type`, `per_session`, `limit_type`, `bytes_in_avail`, `bytes_out_avail`, `bytes_xfer_avail`, `files_in_avail`, `files_out_avail`, `files_xfer_avail`) VALUES 
+INSERT INTO `ftp_quotalimits` (`name`, `quota_type`, `per_session`, `limit_type`, `bytes_in_avail`, `bytes_out_avail`, `bytes_xfer_avail`, `files_in_avail`, `files_out_avail`, `files_xfer_avail`) VALUES
 	('froxlor', 'user', 'false', 'hard', 0, 0, 0, 0, 0, 0);
 
 

install/lib/class.FroxlorInstall.php

@@ -28,7 +28,7 @@
  * @author Froxlor team <team@froxlor.org> (2010-)
  * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
  * @package Install
- *         
+ *
  */
 class FroxlorInstall
 {
@@ -123,7 +123,7 @@ class FroxlorInstall
 		if ((isset($_POST['installstep']) && $_POST['installstep'] == '1') || (isset($_GET['check']) && $_GET['check'] == '1')) {
 			$pagetitle = $this->_lng['install']['title'];
 			if ($this->_checkPostData()) {
-				// ceck data and create userdata etc.etc.etc.
+				// check data and create userdata etc.etc.etc.
 				$result = $this->_doInstall();
 			} elseif (isset($_GET['check']) && $_GET['check'] == '1') {
 				// gather data
@@ -163,10 +163,13 @@ class FroxlorInstall
 
 		$this->_getPostField('mysql_host', '127.0.0.1');
 		$this->_getPostField('mysql_database', 'froxlor');
+		$this->_getPostField('mysql_forcecreate', '0');
 		$this->_getPostField('mysql_unpriv_user', 'froxlor');
 		$this->_getPostField('mysql_unpriv_pass');
 		$this->_getPostField('mysql_root_user', 'root');
 		$this->_getPostField('mysql_root_pass');
+		$this->_getPostField('mysql_ssl_ca_file');
+		$this->_getPostField('mysql_ssl_verify_server_certificate', 0);
 		$this->_getPostField('admin_user', 'admin');
 		$this->_getPostField('admin_pass1');
 		$this->_getPostField('admin_pass2');
@@ -212,6 +215,12 @@ class FroxlorInstall
 		$options = array(
 			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8'
 		);
+
+		if (!empty($this->_data['mysql_ssl_ca_file'])) {
+			$options[\PDO::MYSQL_ATTR_SSL_CA] = $this->_data['mysql_ssl_ca_file'];
+			$options[\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool) $this->_data['mysql_ssl_verify_server_certificate'];
+		}
+
 		$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";";
 		$fatal_fail = false;
 		try {
@@ -246,15 +255,23 @@ class FroxlorInstall
 			$content .= $this->_status_message('green', "OK");
 			// check for existing db and create backup if so
 			$content .= $this->_backupExistingDatabase($db_root);
-			// create unprivileged user and the database itself
-			$content .= $this->_createDatabaseAndUser($db_root);
-			// importing data to new database
-			$content .= $this->_importDatabaseData();
+			if (!$this->_abort) {
+				// create unprivileged user and the database itself
+				$content .= $this->_createDatabaseAndUser($db_root);
+				// importing data to new database
+				$content .= $this->_importDatabaseData();
+			}
 			if (! $this->_abort) {
 				// create DB object for new database
 				$options = array(
 					'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8'
 				);
+
+				if (!empty($this->_data['mysql_ssl_ca_file'])) {
+					$options[\PDO::MYSQL_ATTR_SSL_CA] = $this->_data['mysql_ssl_ca_file'];
+					$options[\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool) $this->_data['mysql_ssl_verify_server_certificate'];
+				}
+
 				$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";dbname=" . $this->_data['mysql_database'] . ";";
 				$another_fail = false;
 				try {
@@ -324,10 +341,14 @@ class FroxlorInstall
 		$userdata .= "\$sql['user']='" . addcslashes($this->_data['mysql_unpriv_user'], "'\\") . "';\n";
 		$userdata .= "\$sql['password']='" . addcslashes($this->_data['mysql_unpriv_pass'], "'\\") . "';\n";
 		$userdata .= "\$sql['db']='" . addcslashes($this->_data['mysql_database'], "'\\") . "';\n";
+		$userdata .= "\$sql['ssl']['caFile']='" . addcslashes($this->_data['mysql_ssl_ca_file'], "'\\") . "';\n";
+		$userdata .= "\$sql['ssl']['verifyServerCertificate']='" . addcslashes($this->_data['mysql_ssl_verify_server_certificate'], "'\\") . "';\n";
 		$userdata .= "\$sql_root[0]['caption']='Default';\n";
 		$userdata .= "\$sql_root[0]['host']='" . addcslashes($this->_data['mysql_host'], "'\\") . "';\n";
 		$userdata .= "\$sql_root[0]['user']='" . addcslashes($this->_data['mysql_root_user'], "'\\") . "';\n";
 		$userdata .= "\$sql_root[0]['password']='" . addcslashes($this->_data['mysql_root_pass'], "'\\") . "';\n";
+		$userdata .= "\$sql_root[0]['ssl']['caFile']='" . addcslashes($this->_data['mysql_ssl_ca_file'], "'\\") . "';\n";
+		$userdata .= "\$sql_root[0]['ssl']['verifyServerCertificate']='" . addcslashes($this->_data['mysql_ssl_verify_server_certificate'], "'\\") . "';\n";
 		$userdata .= "// enable debugging to browser in case of SQL errors\n";
 		$userdata .= "\$sql['debug'] = false;\n";
 		$userdata .= "?>";
@@ -360,6 +381,30 @@ class FroxlorInstall
 		return $content;
 	}
 
+	/**
+	 * generate safe unique token
+	 *
+	 * @param int $length
+	 * @return string
+	 */
+	private function genUniqueToken(int $length = 16)
+	{
+		if(!isset($length) || intval($length) <= 8 ){
+			$length = 16;
+		}
+		if (function_exists('random_bytes')) {
+			return bin2hex(random_bytes($length));
+		}
+		if (function_exists('mcrypt_create_iv')) {
+			return bin2hex(mcrypt_create_iv($length, MCRYPT_DEV_URANDOM));
+		}
+		if (function_exists('openssl_random_pseudo_bytes')) {
+			return bin2hex(openssl_random_pseudo_bytes($length));
+		}
+		// if everything else fails, use unsafe fallback
+		return md5(uniqid(microtime(), 1));
+	}
+
 	/**
 	 * create corresponding entries in froxlor database
 	 *
@@ -403,8 +448,8 @@ class FroxlorInstall
 		$content .= $this->_status_message('begin', $this->_lng['install']['adding_admin_user']);
 		$ins_data = array(
 			'loginname' => $this->_data['admin_user'],
-				/* use SHA256 default crypt */
-				'password' => crypt($this->_data['admin_pass1'], '$5$' . md5(uniqid(microtime(), 1)) . md5(uniqid(microtime(), 1))),
+			/* use SHA256 default crypt */
+			'password' => crypt($this->_data['admin_pass1'], '$5$' . $this->genUniqueToken() . $this->genUniqueToken()),
 			'email' => 'admin@' . $this->_data['servername'],
 			'deflang' => $this->_languages[$this->_activelng]
 		);
@@ -555,6 +600,12 @@ class FroxlorInstall
 		$options = array(
 			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8'
 		);
+
+		if (!empty($this->_data['mysql_ssl_ca_file'])) {
+			$options[\PDO::MYSQL_ATTR_SSL_CA] = $this->_data['mysql_ssl_ca_file'];
+			$options[\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool) $this->_data['mysql_ssl_verify_server_certificate'];
+		}
+
 		$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";dbname=" . $this->_data['mysql_database'] . ";";
 		$fatal_fail = false;
 		try {
@@ -687,7 +738,7 @@ class FroxlorInstall
 		if (version_compare($db_root->getAttribute(\PDO::ATTR_SERVER_VERSION), '8.0.11', '>=')) {
 			// create user
 			$stmt = $db_root->prepare("
-				CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED BY :password
+				CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED WITH mysql_native_password BY :password
 			");
 			$stmt->execute(array(
 				"password" => $password
@@ -733,39 +784,59 @@ class FroxlorInstall
 		));
 		$rows = $db_root->query("SELECT FOUND_ROWS()")->fetchColumn();
 
+		$content .= $this->_status_message('begin', $this->_lng['install']['check_db_exists']);
+
 		// check result
 		if ($result_stmt !== false && $rows > 0) {
 			$tables_exist = true;
 		}
 
 		if ($tables_exist) {
-			// tell whats going on
-			$content .= $this->_status_message('begin', $this->_lng['install']['backup_old_db']);
+			if ((int)$this->_data['mysql_forcecreate'] > 0) {
+				// set status
+				$content .= $this->_status_message('orange', 'exists (' . $this->_data['mysql_database'] . ')');
+				// tell what's going on
+				$content .= $this->_status_message('begin', $this->_lng['install']['backup_old_db']);
 
-			// create temporary backup-filename
-			$filename = "/tmp/froxlor_backup_" . date('YmdHi') . ".sql";
+				// create temporary backup-filename
+				$filename = "/tmp/froxlor_backup_" . date('YmdHi') . ".sql";
 
-			// look for mysqldump
-			$do_backup = false;
-			if (file_exists("/usr/bin/mysqldump")) {
-				$do_backup = true;
-				$mysql_dump = '/usr/bin/mysqldump';
-			} elseif (file_exists("/usr/local/bin/mysqldump")) {
-				$do_backup = true;
-				$mysql_dump = '/usr/local/bin/mysqldump';
-			}
+				// look for mysqldump
+				$do_backup = false;
+				if (file_exists("/usr/bin/mysqldump")) {
+					$do_backup = true;
+					$mysql_dump = '/usr/bin/mysqldump';
+				} elseif (file_exists("/usr/local/bin/mysqldump")) {
+					$do_backup = true;
+					$mysql_dump = '/usr/local/bin/mysqldump';
+				}
 
-			if ($do_backup) {
-				$command = $mysql_dump . " " . escapeshellarg($this->_data['mysql_database']) . " -u " . escapeshellarg($this->_data['mysql_root_user']) . " --password='" . escapeshellarg($this->_data['mysql_root_pass']) . "' --result-file=" . $filename;
-				$output = exec($command);
-				if (stristr($output, "error")) {
-					$content .= $this->_status_message('red', $this->_lng['install']['backup_failed']);
+				// create temporary .cnf file
+				$cnffilename = "/tmp/froxlor_dump.cnf";
+				$dumpcnf = "[mysqldump]" . PHP_EOL . "password=\"" . $this->_data['mysql_root_pass'] . "\"" . PHP_EOL;
+				file_put_contents($cnffilename, $dumpcnf);
+
+				if ($do_backup) {
+					$command = $mysql_dump . " --defaults-extra-file=" . $cnffilename . " " . escapeshellarg($this->_data['mysql_database']) . " -u " . escapeshellarg($this->_data['mysql_root_user']) . " --result-file=" . $filename;
+					$output = [];
+					exec($command, $output);
+					@unlink($cnffilename);
+					if (stristr(implode(" ", $output), "error") || ! file_exists($filename)) {
+						$content .= $this->_status_message('red', $this->_lng['install']['backup_failed']);
+						$this->_abort = true;
+					} else {
+						$content .= $this->_status_message('green', 'OK (' . $filename . ')');
+					}
 				} else {
-					$content .= $this->_status_message('green', 'OK (' . $filename . ')');
+					$content .= $this->_status_message('red', $this->_lng['install']['backup_binary_missing']);
+					$this->_abort = true;
 				}
 			} else {
-				$content .= $this->_status_message('red', $this->_lng['install']['backup_binary_missing']);
+				$content .= $this->_status_message('red', $this->_lng['install']['db_exists']);
+				$this->_abort = true;
 			}
+		} else {
+			$content .= $content .= $this->_status_message('green', 'OK');
 		}
 
 		return $content;
@@ -784,7 +855,7 @@ class FroxlorInstall
 		}
 		// language selection
 		$language_options = '';
-		foreach ($this->_languages as $language_name => $language_file) {
+		foreach ($this->_languages as $language_file => $language_name) {
 			$language_options .= \Froxlor\UI\HTML::makeoption($language_name, $language_file, $this->_activelng, true, true);
 		}
 		// get language-form-template
@@ -801,6 +872,8 @@ class FroxlorInstall
 		$formdata .= $this->_getSectionItemString('mysql_host', true);
 		// database
 		$formdata .= $this->_getSectionItemString('mysql_database', true);
+		// database overwrite if exists?
+		$formdata .= $this->_getSectionItemYesNo('mysql_forcecreate', false);
 		// unpriv-user has to be different from root
 		if ($this->_data['mysql_unpriv_user'] == $this->_data['mysql_root_user']) {
 			$style = 'blue';
@@ -830,6 +903,9 @@ class FroxlorInstall
 		}
 		$formdata .= $this->_getSectionItemString('mysql_root_pass', true, $style, 'password');
 
+		$formdata .= $this->_getSectionItemString('mysql_ssl_ca_file', false, $style);
+		$formdata .= $this->_getSectionItemYesNo('mysql_ssl_verify_server_certificate', false, $style);
+
 		/**
 		 * admin data
 		 */
@@ -867,19 +943,24 @@ class FroxlorInstall
 		}
 
 		// show list of available distro's
+		$distributions_select_data = [];
 		$distros = glob(\Froxlor\FileDir::makeCorrectDir(\Froxlor\Froxlor::getInstallDir() . '/lib/configfiles/') . '*.xml');
 		foreach ($distros as $_distribution) {
 			$dist = new \Froxlor\Config\ConfigParser($_distribution);
 			$dist_display = $dist->distributionName . " " . $dist->distributionCodename . " (" . $dist->distributionVersion . ")";
+			if (!array_key_exists($dist_display, $distributions_select_data)) {
+				$distributions_select_data[$dist_display] = '';
+			}
 			$distributions_select_data[$dist_display] .= str_replace(".xml", "", strtolower(basename($_distribution)));
 		}
 
 		// sort by distribution name
 		ksort($distributions_select_data);
 
+		$distributions_select = '';
 		foreach ($distributions_select_data as $dist_display => $dist_index) {
 			// create select-box-option
-			$distributions_select .= \Froxlor\UI\HTML::makeoption($dist_display, $dist_index, $this->_data['distribution']);
+			$distributions_select .= \Froxlor\UI\HTML::makeoption($dist_display, $dist_index, $this->_data['distribution'] ?? '');
 			// $this->_data['distribution']
 		}
 
@@ -947,7 +1028,7 @@ class FroxlorInstall
 	 *        	optional css
 	 * @param string $type
 	 *        	optional type of input-box (default: text)
-	 *        	
+	 *
 	 * @return string
 	 */
 	private function _getSectionItemString($fieldname = null, $required = false, $style = "", $type = 'text')
@@ -994,7 +1075,6 @@ class FroxlorInstall
 	 */
 	private function _getSectionItemSelectbox($fieldname = null, $options = null, $style = "")
 	{
-		$groupname = $this->_lng['install'][$groupname];
 		$fieldlabel = $this->_lng['install'][$fieldname];
 
 		$sectionitem = "";
@@ -1239,7 +1319,7 @@ class FroxlorInstall
 	 *
 	 * @param string $template
 	 *        	name of the template including subdirectory
-	 *        	
+	 *
 	 * @return string
 	 */
 	private function _getTemplate($template = null)
@@ -1306,10 +1386,12 @@ class FroxlorInstall
 		// from form
 		if (! empty($_POST['serverip'])) {
 			$this->_data['serverip'] = $_POST['serverip'];
+			$this->_data['serverip'] = inet_ntop(inet_pton($this->_data['serverip']));
 			return;
 			// from $_SERVER
 		} elseif (! empty($_SERVER['SERVER_ADDR'])) {
 			$this->_data['serverip'] = $_SERVER['SERVER_ADDR'];
+			$this->_data['serverip'] = inet_ntop(inet_pton($this->_data['serverip']));
 			return;
 		}
 		// empty
@@ -1357,7 +1439,14 @@ class FroxlorInstall
 
 			// read os-release
 			if (file_exists('/etc/os-release')) {
-				$os_dist = parse_ini_file('/etc/os-release', false);
+				$os_dist_content = file_get_contents('/etc/os-release');
+				$os_dist_arr = explode("\n", $os_dist_content);
+				$os_dist = [];
+				foreach ($os_dist_arr as $os_dist_line) {
+					if (empty(trim($os_dist_line))) continue;
+					$tmp = explode("=", $os_dist_line);
+					$os_dist[$tmp[0]] = str_replace('"', "", trim($tmp[1]));
+				}
 				if (is_array($os_dist) && array_key_exists('ID', $os_dist) && array_key_exists('VERSION_ID', $os_dist)) {
 					$os_version = explode('.', $os_dist['VERSION_ID'])[0];
 				}

install/lng/english.lng.php

@@ -23,7 +23,7 @@ $lng['requirements']['notfound'] = 'not found';
 $lng['requirements']['notinstalled'] = 'not installed';
 $lng['requirements']['activated'] = 'enabled';
 $lng['requirements']['phpversion'] = 'PHP version >= 7.0';
-$lng['requirements']['newerphpprefered'] = 'Good, but php-7.1 is prefered.';
+$lng['requirements']['newerphpprefered'] = 'Good, but php-7.1 is preferred.';
 $lng['requirements']['phppdo'] = 'PHP PDO extension and PDO-MySQL driver...';
 $lng['requirements']['phpsession'] = 'PHP session-extension...';
 $lng['requirements']['phpctype'] = 'PHP ctype-extension...';
@@ -39,7 +39,7 @@ $lng['requirements']['phpjson'] = 'PHP json-extension...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-calculation related functions will not work correctly!';
 $lng['requirements']['zipdescription'] = 'The auto-update feature requires the zip extension.';
 $lng['requirements']['openbasedir'] = 'open_basedir...';
-$lng['requirements']['openbasedirenabled'] = 'Froxlor will not work properly with open_basedir enabled. Please disable open_basedir for Froxlor in the coresponding php.ini';
+$lng['requirements']['openbasedirenabled'] = 'Froxlor will not work properly with open_basedir enabled. Please disable open_basedir for Froxlor in the corresponding php.ini';
 $lng['requirements']['mysqldump'] = 'MySQL dump tool';
 $lng['requirements']['mysqldumpmissing'] = 'Automatic backup of possible existing database is not possible. Please install mysql-client tools';
 $lng['requirements']['diedbecauseofrequirements'] = 'Cannot install Froxlor without these requirements! Try to fix them and retry.';
@@ -53,10 +53,13 @@ $lng['install']['welcometext'] = 'Thank you for choosing Froxlor. Please fill ou
 $lng['install']['database'] = 'Database connection';
 $lng['install']['mysql_host'] = 'MySQL-Hostname';
 $lng['install']['mysql_database'] = 'Database name';
+$lng['install']['mysql_forcecreate'] = 'Backup and overwrite database if exists?';
 $lng['install']['mysql_unpriv_user'] = 'Username for the unprivileged MySQL-account';
 $lng['install']['mysql_unpriv_pass'] = 'Password for the unprivileged MySQL-account';
 $lng['install']['mysql_root_user'] = 'Username for the MySQL-root-account';
 $lng['install']['mysql_root_pass'] = 'Password for the MySQL-root-account';
+$lng['install']['mysql_ssl_ca_file'] = 'MySQL server certificate file path';
+$lng['install']['mysql_ssl_verify_server_certificate'] = 'Verify MySQL TLS certificate';
 $lng['install']['admin_account'] = 'Administrator Account';
 $lng['install']['admin_user'] = 'Administrator Username';
 $lng['install']['admin_pass1'] = 'Administrator Password';
@@ -79,6 +82,8 @@ $lng['install']['testing_mysql_fail'] = 'There seems to be a problem with the da
 $lng['install']['backup_old_db'] = 'Creating backup of old database...';
 $lng['install']['backup_binary_missing'] = 'Could not find mysqldump';
 $lng['install']['backup_failed'] = 'Could not backup database';
+$lng['install']['check_db_exists'] = 'Checking database...';
+$lng['install']['db_exists'] = 'Unable to create database. A database with the same name exists and should not be overwritten';
 $lng['install']['prepare_db'] = 'Preparing database...';
 $lng['install']['create_mysqluser_and_db'] = 'Creating database and username...';
 $lng['install']['testing_new_db'] = 'Testing if database and user have been created correctly...';

install/lng/german.lng.php

@@ -53,10 +53,13 @@ $lng['install']['welcometext'] = 'Vielen Dank dass Sie sich für Froxlor entschi
 $lng['install']['database'] = 'Datenbankverbindung';
 $lng['install']['mysql_host'] = 'MySQL-Hostname';
 $lng['install']['mysql_database'] = 'Datenbank Name';
+$lng['install']['mysql_forcecreate'] = 'Datenbank sichern und überschreiben wenn vorhanden?';
 $lng['install']['mysql_unpriv_user'] = 'Benutzername für den unprivilegierten MySQL-Account';
 $lng['install']['mysql_unpriv_pass'] = 'Passwort für den unprivilegierten MySQL-Account';
 $lng['install']['mysql_root_user'] = 'Benutzername für den MySQL-Root-Account';
 $lng['install']['mysql_root_pass'] = 'Passwort für den MySQL-Root-Account';
+$lng['install']['mysql_ssl_ca_file'] = 'MySQL-Server Zertifikatspfad';
+$lng['install']['mysql_ssl_verify_server_certificate'] = 'Validieren des MySQL-Server Zertifikats';
 $lng['install']['admin_account'] = 'Admin-Zugang';
 $lng['install']['admin_user'] = 'Administrator-Benutzername';
 $lng['install']['admin_pass1'] = 'Administrator-Passwort';
@@ -79,6 +82,8 @@ $lng['install']['testing_mysql_fail'] = 'Bei der Verwendung der Datenbank gibt e
 $lng['install']['backup_old_db'] = 'Sicherung vorheriger Datenbank...';
 $lng['install']['backup_binary_missing'] = 'Konnte mysqldump nicht finden';
 $lng['install']['backup_failed'] = 'Sicherung fehlgeschlagen';
+$lng['install']['check_db_exists'] = 'Databenbank wird geprüft...';
+$lng['install']['db_exists'] = 'Datenbank kann nicht erstellt werden. Eine Datenbank mit dem selben Namen existiert bereits und soll nicht überschrieben werden.';
 $lng['install']['prepare_db'] = 'Datenbank wird vorbereitet...';
 $lng['install']['create_mysqluser_and_db'] = 'Erstelle Datenbank und Benutzer...';
 $lng['install']['testing_new_db'] = 'Teste, ob Datenbank und Benutzer korrekt angelegt wurden...';

install/updates/froxlor/0.10/update_0.10.inc.php

@@ -1,6 +1,7 @@
 <?php
 use Froxlor\Database\Database;
 use Froxlor\Settings;
+use Froxlor\Validate\Validate;
 
 /**
  * This file is part of the Froxlor project.
@@ -14,7 +15,7 @@ use Froxlor\Settings;
  * @author Froxlor team <team@froxlor.org> (2010-)
  * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
  * @package Install
- *         
+ *
  */
 if (! defined('_CRON_UPDATE')) {
 	if (! defined('AREA') || (defined('AREA') && AREA != 'admin') || ! isset($userinfo['loginname']) || (isset($userinfo['loginname']) && $userinfo['loginname'] == '')) {
@@ -803,3 +804,147 @@ if (\Froxlor\Froxlor::isFroxlorVersion('0.10.25')) {
     showUpdateStep("Updating from 0.10.25 to 0.10.26", false);
     \Froxlor\Froxlor::updateToVersion('0.10.26');
 }
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202103240')) {
+
+    showUpdateStep("Adding setting for default serveralias value for new domains", true);
+    Settings::AddNew("system.domaindefaultalias", '0');
+    lastStepStatus(0);
+
+    \Froxlor\Froxlor::updateToDbVersion('202106160');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202106160')) {
+
+    showUpdateStep("Adjusting Let's Encrypt endpoint configuration to support ZeroSSL", true);
+    if (Settings::Get('system.letsencryptca') == 'testing') {
+        Settings::Set("system.letsencryptca", 'letsencrypt_test');
+    } else {
+        Settings::Set("system.letsencryptca", 'letsencrypt');
+    }
+    lastStepStatus(0);
+
+    \Froxlor\Froxlor::updateToDbVersion('202106270');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202106270')) {
+    showUpdateStep("Adding custom logo image settings", true);
+    Settings::AddNew("panel.logo_image_header", '');
+    Settings::AddNew("panel.logo_image_login", '');
+    lastStepStatus(0);
+
+    // Migrating old custom logo over, if exists
+    $custom_logo_file_old = \Froxlor\Froxlor::getInstallDir() . '/templates/Sparkle/assets/img/logo_custom.png';
+    if (file_exists($custom_logo_file_old)) {
+        showUpdateStep("Migrating existing custom logo to new settings", true);
+
+        $path = \Froxlor\Froxlor::getInstallDir().'/img/';
+        if (!is_dir($path) && !mkdir($path, 0775)) {
+            throw new \Exception("img directory does not exist and cannot be created");
+        }
+        if (!is_writable($path)) {
+            if (!chmod($path, '0775')) {
+                throw new \Exception("Cannot write to img directory");
+            }
+        }
+
+        // Save as new custom logo header
+        $save_to = 'logo_header.png';
+        copy($custom_logo_file_old, $path.$save_to);
+        Settings::Set("panel.logo_image_header", "img/{$save_to}?v=".time());
+
+        // Save as new custom logo login
+        $save_to = 'logo_login.png';
+        copy($custom_logo_file_old, $path.$save_to);
+        Settings::Set("panel.logo_image_login", "img/{$save_to}?v=".time());
+
+        lastStepStatus(0);
+    }
+
+    \Froxlor\Froxlor::updateToDbVersion('202107070');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.26')) {
+	showUpdateStep("Updating from 0.10.26 to 0.10.27", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.27');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202107070')) {
+	showUpdateStep("Adding settings to overwrite theme- or custom theme-logo with the new logo settings", true);
+	Settings::AddNew("panel.logo_overridetheme", '0');
+	Settings::AddNew("panel.logo_overridecustom", '0');
+	lastStepStatus(0);
+	\Froxlor\Froxlor::updateToDbVersion('202107200');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202107200')) {
+	showUpdateStep("Adding settings to define default value of 'create std-subdomain' when creating a customer", true);
+	Settings::AddNew("system.createstdsubdom_default", '1');
+	lastStepStatus(0);
+	\Froxlor\Froxlor::updateToDbVersion('202107210');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202107210')) {
+	showUpdateStep("Normalizing ipv6 for correct comparison", true);
+	$result_stmt = Database::prepare("
+		SELECT `id`, `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "`"
+	);
+	Database::pexecute($result_stmt);
+	$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_IPSANDPORTS . "` SET `ip` = :ip WHERE `id` = :id");
+	while ($iprow = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
+		if (Validate::is_ipv6($iprow['ip'])) {
+			$ip = inet_ntop(inet_pton($iprow['ip']));
+			Database::pexecute($upd_stmt, [
+				'ip' => $ip,
+				'id' => $iprow['id']
+			]);
+		}
+	}
+	lastStepStatus(0);
+	\Froxlor\Froxlor::updateToDbVersion('202107260');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202107260')) {
+	showUpdateStep("Removing setting for search-engine allow yes/no", true);
+	Database::query("DELETE FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'panel' AND `varname` = 'no_robots'");
+	lastStepStatus(0);
+	showUpdateStep("Adding setting to have all froxlor customers in a local group", true);
+	Settings::AddNew("system.froxlorusergroup", '');
+	Settings::AddNew("system.froxlorusergroup_gid", '');
+	lastStepStatus(0);
+	\Froxlor\Froxlor::updateToDbVersion('202107300');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202107300')) {
+	showUpdateStep("Adds the possibility to select the PowerDNS Operation Mode", true);
+	Settings::AddNew("system.powerdns_mode", 'Native');
+	lastStepStatus(0);
+	\Froxlor\Froxlor::updateToDbVersion('202108180');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.27')) {
+	showUpdateStep("Updating from 0.10.27 to 0.10.28", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.28');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202108180')) {
+	showUpdateStep("Adding czech language file", true);
+	Database::query("INSERT INTO `" . TABLE_PANEL_LANGUAGE . "` SET `language` = '&#268;esk&aacute; republika', `iso` = 'cs', `file` = 'lng/czech.lng.php'");
+	lastStepStatus(0);
+	\Froxlor\Froxlor::updateToDbVersion('202109040');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.28')) {
+	showUpdateStep("Updating from 0.10.28 to 0.10.29", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.29');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.29')) {
+	showUpdateStep("Updating from 0.10.29 to 0.10.29.1", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.29.1');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.29.1')) {
+	showUpdateStep("Updating from 0.10.29.1 to 0.10.30", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.30');
+}

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -2505,7 +2505,7 @@ if (\Froxlor\Froxlor::isFroxlorVersion('0.9.30')) {
 	showUpdateStep("Updating from 0.9.30 to 0.9.31-dev1", true);
 	lastStepStatus(0);
 
-	showUpdateStep("Removing unsused tables");
+	showUpdateStep("Removing unused tables");
 	Database::query("DROP TABLE IF EXISTS `ipsandports_docrootsettings`;");
 	Database::query("DROP TABLE IF EXISTS `domain_docrootsettings`;");
 	lastStepStatus(0);
@@ -2856,7 +2856,7 @@ if (\Froxlor\Froxlor::isFroxlorVersion('0.9.32-rc1')) {
 	Settings::AddNew("system.croncmdline", $croncmdline);
 	// add task to generate cron.d-file
 	\Froxlor\System\Cronjob::inserttask('99');
-	// silenty add the auto-update setting - we do not want everybody to know and use this
+	// silently add the auto-update setting - we do not want everybody to know and use this
 	// as it is a very dangerous setting
 	Settings::AddNew("system.cron_allowautoupdate", 0);
 	lastStepStatus(0);
@@ -3872,7 +3872,7 @@ opcache.interned_strings_buffer');
 
 if (\Froxlor\Froxlor::isDatabaseVersion('201801110')) {
 
-	showUpdateStep("Adding php-fpm php PATH setting for envrironment");
+	showUpdateStep("Adding php-fpm php PATH setting for environment");
 	Settings::AddNew("phpfpm.envpath", '/usr/local/bin:/usr/bin:/bin');
 	lastStepStatus(0);
 

install/updates/preconfig.php

@@ -19,7 +19,7 @@
  * Function getPreConfig
  *
  * outputs various content before the update process
- * can be continued (askes for agreement whatever is being asked)
+ * can be continued (asks for agreement whatever is being asked)
  *
  * @param string $current_version
  * @param int $current_db_version

install/updates/preconfig/0.9/preconfig_0.9.inc.php

@@ -414,7 +414,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version, $c
 
 		if (Settings::Get('system.webserver') == 'apache2') {
 			$has_preconfig = true;
-			$description = 'Froxlor now supports the new Apache 2.4. Please be aware that you need to load additional apache-modules in ordner to use it.<br />';
+			$description = 'Froxlor now supports the new Apache 2.4. Please be aware that you need to load additional apache-modules in order to use it.<br />';
 			$description .= '<pre>LoadModule authz_core_module modules/mod_authz_core.so
 					LoadModule authz_host_module modules/mod_authz_host.so</pre><br />';
 			$question = '<strong>Do you want to enable the Apache-2.4 modification?:</strong>&nbsp;';

lib/Froxlor/Api/Commands/Certificates.php

@@ -189,7 +189,7 @@ class Certificates extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 	 */
 	public function listing()
 	{
-		// select all my (accessable) certificates
+		// select all my (accessible) certificates
 		$certs_stmt_query = "SELECT s.*, d.domain, d.letsencrypt, c.customerid, c.loginname
 			FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` s
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` d ON `d`.`id` = `s`.`domainid`
@@ -237,7 +237,7 @@ class Certificates extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 	 */
 	public function listingCount()
 	{
-		// select all my (accessable) certificates
+		// select all my (accessible) certificates
 		$certs_stmt_query = "SELECT COUNT(*) as num_certs
 			FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` s
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` d ON `d`.`id` = `s`.`domainid`

lib/Froxlor/Api/Commands/CustomerBackups.php

@@ -23,7 +23,7 @@ class CustomerBackups extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Re
 {
 
 	/**
-	 * check whether backup is enabled systemwide and if accessable for customer (hide_options)
+	 * check whether backup is enabled systemwide and if accessible for customer (hide_options)
 	 *
 	 * @throws \Exception
 	 */

lib/Froxlor/Api/Commands/Customers.php

@@ -308,7 +308,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 	 * @param bool $mysqls_ul
 	 *        	optional, whether customer should have unlimited mysql-databases, default 0 (false)
 	 * @param bool $createstdsubdomain
-	 *        	optional, whether to create a standard-subdomain ([loginname].froxlor-hostname.tld), default 0 (false)
+	 *        	optional, whether to create a standard-subdomain ([loginname].froxlor-hostname.tld), default [system.createstdsubdom_default]
 	 * @param bool $phpenabled
 	 *        	optional, whether to allow usage of PHP, default 0 (false)
 	 * @param array $allowed_phpconfigs
@@ -316,9 +316,9 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 	 * @param bool $perlenabled
 	 *        	optional, whether to allow usage of Perl/CGI, default 0 (false)
 	 * @param bool $dnsenabled
-	 *        	optional, wether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
+	 *        	optional, whether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
 	 * @param bool $logviewenabled
-	 *        	optional, wether to allow acccess to webserver access/error-logs, default 0 (false)
+	 *        	optional, whether to allow access to webserver access/error-logs, default 0 (false)
 	 * @param bool $store_defaultindex
 	 *        	optional, whether to store the default index file to customers homedir
 	 * @param int $hosting_plan_id
@@ -352,7 +352,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 				$gender = (int) $this->getParam('gender', true, 0);
 				$custom_notes = $this->getParam('custom_notes', true, '');
 				$custom_notes_show = $this->getBoolParam('custom_notes_show', true, 0);
-				$createstdsubdomain = $this->getBoolParam('createstdsubdomain', true, 0);
+				$createstdsubdomain = $this->getBoolParam('createstdsubdomain', true, Settings::Get('system.createstdsubdom_default'));
 				$password = $this->getParam('new_customer_password', true, '');
 				$sendpassword = $this->getBoolParam('sendpassword', true, 0);
 				$store_defaultindex = $this->getBoolParam('store_defaultindex', true, 0);
@@ -923,9 +923,9 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 	 * @param bool $perlenabled
 	 *        	optional, whether to allow usage of Perl/CGI, default 0 (false)
 	 * @param bool $dnsenabled
-	 *        	optional, ether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
+	 *        	optional, whether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
 	 * @param bool $logviewenabled
-	 *        	optional, ether to allow acccess to webserver access/error-logs, default 0 (false)
+	 *        	optional, whether to allow access to webserver access/error-logs, default 0 (false)
 	 * @param string $theme
 	 *        	optional, change theme
 	 *        	
@@ -1512,7 +1512,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 					'did' => $row['id']
 				), true, true);
 				// remove domains DNS from powerDNS if used, #581
-				\Froxlor\System\Cronjob::inserttask('11', $result['domain']);
+				\Froxlor\System\Cronjob::inserttask('11', $row['domain']);
 				// remove domain from acme.sh / lets encrypt if used
 				\Froxlor\System\Cronjob::inserttask('12', $row['domain']);
 			}

lib/Froxlor/Api/Commands/DirOptions.php

@@ -322,7 +322,7 @@ class DirOptions extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 	}
 
 	/**
-	 * returns the total number of accessable directory options
+	 * returns the total number of accessible directory options
 	 *
 	 * @param int $customerid
 	 *        	optional, admin-only, select directory-protections of a specific customer by id

lib/Froxlor/Api/Commands/DirProtections.php

@@ -305,7 +305,7 @@ class DirProtections extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Res
 	}
 
 	/**
-	 * returns the total number of accessable directory protections
+	 * returns the total number of accessible directory protections
 	 *
 	 * @param int $customerid
 	 *        	optional, admin-only, select directory-protections of a specific customer by id

lib/Froxlor/Api/Commands/Domains.php

@@ -77,7 +77,7 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	}
 
 	/**
-	 * returns the total number of accessable domains
+	 * returns the total number of accessible domains
 	 *
 	 * @access admin
 	 * @throws \Exception
@@ -193,6 +193,27 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 		return $ipandports;
 	}
 
+	/**
+	 * get ips from array of id's
+	 *
+	 * @param array $ips
+	 * @return array
+	 */
+	private function getIpsFromIdArray(array $ids)
+	{
+		$resultips_stmt = Database::prepare("
+			SELECT `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE id = :id
+		");
+		$result = [];
+		foreach ($ids as $id) {
+			$entry = Database::pexecute_first($resultips_stmt, array(
+				'id' => $id
+			));
+			$result[] = $entry['ip'];
+		}
+		return $result;
+	}
+
 	/**
 	 * add new domain entry
 	 *
@@ -213,12 +234,12 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 * @param bool $email_only
 	 *        	optional, restrict domain to email usage, default 0 (false)
 	 * @param int $selectserveralias
-	 *        	optional, 0 = wildcard, 1 = www-alias, 2 = none, default 0
+	 *        	optional, 0 = wildcard, 1 = www-alias, 2 = none, default [system.domaindefaultalias]
 	 * @param bool $speciallogfile
 	 *        	optional, whether to create an exclusive web-logfile for this domain, default 0 (false)
 	 * @param int $alias
 	 *        	optional, domain-id of a domain that the new domain should be an alias of, default 0 (none)
-	 * @param bool $issubof
+	 * @param int $issubof
 	 *        	optional, domain-id of a domain this domain is a subdomain of (required for webserver-cronjob to generate the correct order), default 0 (none)
 	 * @param string $registration_date
 	 *        	optional, date of domain registration in form of YYYY-MM-DD, default empty (none)
@@ -309,7 +330,7 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 				$subcanemaildomain = $this->getParam('subcanemaildomain', true, 0);
 				$isemaildomain = $this->getBoolParam('isemaildomain', true, 0);
 				$email_only = $this->getBoolParam('email_only', true, 0);
-				$serveraliasoption = $this->getParam('selectserveralias', true, 0);
+				$serveraliasoption = $this->getParam('selectserveralias', true, Settings::Get('system.domaindefaultalias'));
 				$speciallogfile = $this->getBoolParam('speciallogfile', true, 0);
 				$aliasdomain = intval($this->getParam('alias', true, 0));
 				$issubof = $this->getParam('issubof', true, 0);
@@ -574,6 +595,15 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 					$include_specialsettings = 0;
 				}
 
+				// validate dns if lets encrypt is enabled to check whether we can use it at all
+				if ($letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
+					$domain_ips = \Froxlor\PhpHelper::gethostbynamel6($domain);
+					$selected_ips = $this->getIpsFromIdArray($ssl_ipandports);
+					if ($domain_ips == false || count(array_intersect($selected_ips, $domain_ips)) <= 0) {
+						\Froxlor\UI\Response::standard_error('invaliddnsforletsencrypt', '', true);
+					}
+				}
+
 				// We can't enable let's encrypt for wildcard-domains
 				if ($serveraliasoption == '0' && $letsencrypt == '1') {
 					\Froxlor\UI\Response::standard_error('nowildcardwithletsencrypt', '', true);
@@ -871,7 +901,7 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 *        	optional, when setting $speciallogfile to false, this needs to be set to true to confirm the action, default 0 (false)
 	 * @param int $alias
 	 *        	optional, domain-id of a domain that the new domain should be an alias of, default 0 (none)
-	 * @param bool $issubof
+	 * @param int $issubof
 	 *        	optional, domain-id of a domain this domain is a subdomain of (required for webserver-cronjob to generate the correct order), default 0 (none)
 	 * @param string $registration_date
 	 *        	optional, date of domain registration in form of YYYY-MM-DD, default empty (none)
@@ -1326,6 +1356,15 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 				$include_specialsettings = 0;
 			}
 
+			// validate dns if lets encrypt is enabled to check whether we can use it at all
+			if ($letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
+				$domain_ips = \Froxlor\PhpHelper::gethostbynamel6($result['domain']);
+				$selected_ips = $this->getIpsFromIdArray($ssl_ipandports);
+				if ($domain_ips == false || count(array_intersect($selected_ips, $domain_ips)) <= 0) {
+					\Froxlor\UI\Response::standard_error('invaliddnsforletsencrypt', '', true);
+				}
+			}
+
 			// We can't enable let's encrypt for wildcard-domains
 			if ($serveraliasoption == '0' && $letsencrypt == '1') {
 				\Froxlor\UI\Response::standard_error('nowildcardwithletsencrypt', '', true);
@@ -1702,9 +1741,6 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 			");
 			Database::pexecute($_update_stmt, $_update_data, true, true);
 
-			// insert a rebuild-task
-			\Froxlor\System\Cronjob::inserttask('1');
-
 			// Cleanup domain <-> ip mapping
 			$del_stmt = Database::prepare("
 				DELETE FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :id

lib/Froxlor/Api/Commands/Emails.php

@@ -326,7 +326,7 @@ class Emails extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	}
 
 	/**
-	 * returns the total number of accessable email addresses
+	 * returns the total number of accessible email addresses
 	 *
 	 * @param int $customerid
 	 *        	optional, admin-only, select email addresses of a specific customer by id

lib/Froxlor/Api/Commands/FpmDaemons.php

@@ -79,7 +79,7 @@ class FpmDaemons extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 	}
 
 	/**
-	 * returns the total number of accessable fpm daemons
+	 * returns the total number of accessible fpm daemons
 	 *
 	 * @access admin
 	 * @throws \Exception

lib/Froxlor/Api/Commands/Ftps.php

@@ -62,7 +62,7 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
 
 		if (($this->getUserDetail('ftps_used') < $this->getUserDetail('ftps') || $this->getUserDetail('ftps') == '-1') || $this->isAdmin() && $is_defaultuser == 1) {
 
-			// required paramters
+			// required parameters
 			$path = $this->getParam('path');
 			$password = $this->getParam('ftp_password');
 
@@ -512,7 +512,7 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
 	}
 
 	/**
-	 * returns the total number of accessable ftp accounts
+	 * returns the total number of accessible ftp accounts
 	 *
 	 * @param int $customerid
 	 *        	optional, admin-only, select ftp-users of a specific customer by id

lib/Froxlor/Api/Commands/HostingPlans.php

@@ -66,7 +66,7 @@ class HostingPlans extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 	}
 
 	/**
-	 * returns the total number of accessable hosting plans
+	 * returns the total number of accessible hosting plans
 	 *
 	 * @access admin
 	 * @throws \Exception
@@ -182,9 +182,9 @@ class HostingPlans extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 	 * @param bool $perlenabled
 	 *        	optional, whether to allow usage of Perl/CGI, default 0 (false)
 	 * @param bool $dnsenabled
-	 *        	optional, ether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
+	 *        	optional, whether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
 	 * @param bool $logviewenabled
-	 *        	optional, ether to allow acccess to webserver access/error-logs, default 0 (false)
+	 *        	optional, whether to allow access to webserver access/error-logs, default 0 (false)
 	 *        	
 	 * @access admin
 	 * @throws \Exception
@@ -309,9 +309,9 @@ class HostingPlans extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 	 * @param bool $perlenabled
 	 *        	optional, whether to allow usage of Perl/CGI, default 0 (false)
 	 * @param bool $dnsenabled
-	 *        	optional, ether to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
+	 *        	optional, either to allow usage of the DNS editor (requires activated nameserver in settings), default 0 (false)
 	 * @param bool $logviewenabled
-	 *        	optional, ether to allow acccess to webserver access/error-logs, default 0 (false)
+	 *        	optional, either to allow access to webserver access/error-logs, default 0 (false)
 	 *        	
 	 * @access admin
 	 * @throws \Exception

lib/Froxlor/Api/Commands/IpsAndPorts.php

@@ -65,7 +65,7 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 	}
 
 	/**
-	 * returns the total number of accessable ip/port entries
+	 * returns the total number of accessible ip/port entries
 	 *
 	 * @access admin
 	 * @throws \Exception
@@ -247,6 +247,9 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 				$docroot = '';
 			}
 
+			// always use compressed ipv6 format
+			$ip = inet_ntop(inet_pton($ip));
+
 			$result_checkfordouble_stmt = Database::prepare("
 			SELECT `id` FROM `" . TABLE_PANEL_IPSANDPORTS . "`
 			WHERE `ip` = :ip AND `port` = :port");
@@ -462,6 +465,9 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 				$docroot = '';
 			}
 
+			// always use compressed ipv6 format
+			$ip = inet_ntop(inet_pton($ip));
+
 			if ($result['ip'] != $ip && $result['ip'] == Settings::Get('system.ipaddress') && $result_sameipotherport == false) {
 				\Froxlor\UI\Response::standard_error('cantchangesystemip', '', true);
 			} elseif ($result_checkfordouble && $result_checkfordouble['id'] != '' && $result_checkfordouble['id'] != $id) {

lib/Froxlor/Api/Commands/Mysqls.php

@@ -17,7 +17,7 @@ use Froxlor\Settings;
  * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
  * @package API
  * @since 0.10.0
- *       
+ *
  */
 class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntity
 {
@@ -31,25 +31,28 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 *        	optional, default is 0
 	 * @param string $description
 	 *        	optional, description for database
+	 * @param string $custom_suffix
+	 *			optional, name for database
 	 * @param bool $sendinfomail
 	 *        	optional, send created resource-information to customer, default: false
 	 * @param int $customerid
 	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
 	 *        	optional, required when called as admin (if $customerid is not specified)
-	 *        	
+	 *
 	 * @access admin, customer
 	 * @throws \Exception
 	 * @return string json-encoded array
 	 */
 	public function add()
 	{
-		// required paramters
+		// required parameters
 		$password = $this->getParam('mysql_password');
 
 		// parameters
 		$dbserver = $this->getParam('mysql_server', true, 0);
 		$databasedescription = $this->getParam('description', true, '');
+		$databasename = $this->getParam('custom_suffix', true, '');
 		$sendinfomail = $this->getBoolParam('sendinfomail', true, 0);
 		// get needed customer info to reduce the mysql-usage-counter by one
 		$customer = $this->getCustomerData('mysqls');
@@ -58,6 +61,9 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 		$password = \Froxlor\Validate\Validate::validate($password, 'password', '', '', array(), true);
 		$password = \Froxlor\System\Crypt::validatePassword($password, true);
 		$databasedescription = \Froxlor\Validate\Validate::validate(trim($databasedescription), 'description', '', '', array(), true);
+		if (!empty($databasename)) {
+			$databasename = \Froxlor\Validate\Validate::validate(trim($databasename), 'database_name', '/^[A-Za-z0-9][A-Za-z0-9\-_]+$/i', '', array(), true);
+		}
 
 		// validate whether the dbserver exists
 		$dbserver = \Froxlor\Validate\Validate::validate($dbserver, html_entity_decode($this->lng['mysql']['mysql_server']), '', '', 0, true);
@@ -79,7 +85,12 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 		);
 		// create database, user, set permissions, etc.pp.
 		$dbm = new \Froxlor\Database\DbManager($this->logger());
-		$username = $dbm->createDatabase($newdb_params['loginname'], $password, $newdb_params['mysql_lastaccountnumber']);
+
+		if(strtoupper(Settings::Get('customer.mysqlprefix')) == 'DBNAME' && !empty($databasename)) {
+			$username = $dbm->createDatabase($newdb_params['loginname'].'_'.$databasename, $password);
+		} else {
+			$username = $dbm->createDatabase($newdb_params['loginname'], $password, $newdb_params['mysql_lastaccountnumber']);
+		}
 
 		// we've checked against the password in dbm->createDatabase
 		if ($username == false) {
@@ -181,7 +192,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 *        	optional, the databasename
 	 * @param int $mysql_server
 	 *        	optional, specify database-server, default is none
-	 *        	
+	 *
 	 * @access admin, customer
 	 * @throws \Exception
 	 * @return string json-encoded array
@@ -281,7 +292,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
 	 *        	optional, required when called as admin (if $customerid is not specified)
-	 *        	
+	 *
 	 * @access admin, customer
 	 * @throws \Exception
 	 * @return string json-encoded array
@@ -305,7 +316,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 		));
 		$id = $result['id'];
 
-		// paramters
+		// parameters
 		$password = $this->getParam('mysql_password', true, '');
 		$databasedescription = $this->getParam('description', true, $result['description']);
 
@@ -370,7 +381,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 *        	optional specify offset for resultset
 	 * @param array $sql_orderby
 	 *        	optional array with index = fieldname and value = ASC|DESC to order the resultset by one or more fields
-	 *        	
+	 *
 	 * @access admin, customer
 	 * @throws \Exception
 	 * @return string json-encoded array count|list
@@ -428,13 +439,13 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	}
 
 	/**
-	 * returns the total number of accessable databases
+	 * returns the total number of accessible databases
 	 *
 	 * @param int $customerid
 	 *        	optional, admin-only, select dbs of a specific customer by id
 	 * @param string $loginname
 	 *        	optional, admin-only, select dbs of a specific customer by loginname
-	 *        	
+	 *
 	 * @access admin, customer
 	 * @throws \Exception
 	 * @return string json-encoded array
@@ -465,7 +476,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 	 *        	optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
 	 *        	optional, required when called as admin (if $customerid is not specified)
-	 *        	
+	 *
 	 * @access admin, customer
 	 * @throws \Exception
 	 * @return string json-encoded array

lib/Froxlor/Api/Commands/PhpSettings.php

@@ -122,7 +122,7 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 	}
 
 	/**
-	 * returns the total number of accessable php-setting entries
+	 * returns the total number of accessible php-setting entries
 	 *
 	 * @access admin
 	 * @throws \Exception
@@ -217,7 +217,9 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 	 *        	optional number of seconds for idle-timeout if FPM is used, default is fpm-daemon-value
 	 * @param string $limit_extensions
 	 *        	optional limitation of php-file-extensions if FPM is used, default is fpm-daemon-value
-	 *        	
+	 * @param bool $allow_all_customers
+	 *        	optional add this configuration to the list of every existing customer's allowed-fpm-config list, default is false (no)
+	 *
 	 * @access admin
 	 * @throws \Exception
 	 * @return string json-encoded array
@@ -261,6 +263,7 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 			$max_requests = $this->getParam('max_requests', true, $def_fpmconfig['max_requests']);
 			$idle_timeout = $this->getParam('idle_timeout', true, $def_fpmconfig['idle_timeout']);
 			$limit_extensions = $this->getParam('limit_extensions', true, $def_fpmconfig['limit_extensions']);
+			$allow_all_customers = $this->getBoolParam('allow_all_customers', true, 0);
 
 			// validation
 			$description = \Froxlor\Validate\Validate::validate($description, 'description', '', '', array(), true);
@@ -367,6 +370,8 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 			$result = $this->apiCall('PhpSettings.get', array(
 				'id' => $ins_data['id']
 			));
+
+			$this->addForAllCustomers($allow_all_customers, $ins_data['id']);
 			return $this->response(200, "successful", $result);
 		}
 		throw new \Exception("Not allowed to execute given command.", 403);
@@ -418,6 +423,8 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 	 *        	optional number of seconds for idle-timeout if FPM is used, default is fpm-daemon-value
 	 * @param string $limit_extensions
 	 *        	optional limitation of php-file-extensions if FPM is used, default is fpm-daemon-value
+	 * @param bool $allow_all_customers
+	 *        	optional add this configuration to the list of every existing customer's allowed-fpm-config list, default is false (no)
 	 *        	
 	 * @access admin
 	 * @throws \Exception
@@ -456,6 +463,7 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 			$max_requests = $this->getParam('max_requests', true, $result['max_requests']);
 			$idle_timeout = $this->getParam('idle_timeout', true, $result['idle_timeout']);
 			$limit_extensions = $this->getParam('limit_extensions', true, $result['limit_extensions']);
+			$allow_all_customers = $this->getBoolParam('allow_all_customers', true, 0);
 
 			// validation
 			$description = \Froxlor\Validate\Validate::validate($description, 'description', '', '', array(), true);
@@ -563,6 +571,8 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 			$result = $this->apiCall('PhpSettings.get', array(
 				'id' => $id
 			));
+
+			$this->addForAllCustomers($allow_all_customers, $id);
 			return $this->response(200, "successful", $result);
 		}
 		throw new \Exception("Not allowed to execute given command.", 403);
@@ -618,4 +628,38 @@ class PhpSettings extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 		}
 		throw new \Exception("Not allowed to execute given command.", 403);
 	}
+
+	/**
+	 * add given php-config id to the list of allowed php-config to all currently existing customers
+	 * if allow_all_customers parameter is true in PhpSettings::add() or PhpSettings::update()
+	 *
+	 * @param bool $allow_all_customers
+	 * @param int $config_id
+	 */
+	private function addForAllCustomers(bool $allow_all_customers, int $config_id)
+	{
+		// should this config be added to the allowed list of all existing customers?
+		if ($allow_all_customers) {
+			$sel_stmt = Database::prepare("SELECT customerid, allowed_phpconfigs FROM `" . TABLE_PANEL_CUSTOMERS . "`");
+			$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET allowed_phpconfigs = :ap WHERE customerid = :cid");
+			Database::pexecute($sel_stmt);
+			while ($cust = $sel_stmt->fetch(\PDO::FETCH_ASSOC)) {
+				// get existing entries of customer
+				$ap = json_decode($cust['allowed_phpconfigs'], true);
+				// initialize array if it's empty
+				if (empty($ap)) {
+					$ap = [];
+				}
+				// add this config
+				$ap[] = $config_id;
+				// check for duplicates and force value-type to be int
+				$ap = array_map('intval', array_unique($ap));
+				// update customer-entry
+				Database::pexecute($upd_stmt, [
+					'ap' => json_encode($ap),
+					'cid' => $cust['customerid']
+				]);
+			}
+		}
+	}
 }

lib/Froxlor/Api/Commands/SubDomains.php

@@ -2,6 +2,7 @@
 namespace Froxlor\Api\Commands;
 
 use Froxlor\Database\Database;
+use Froxlor\Domain\Domain;
 use Froxlor\Settings;
 
 /**
@@ -230,6 +231,15 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				}
 			}
 
+			// validate dns if lets encrypt is enabled to check whether we can use it at all
+			if ($letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
+				$our_ips = Domain::getIpsOfDomain($domain_check['id']);
+				$domain_ips = \Froxlor\PhpHelper::gethostbynamel6($completedomain);
+				if ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {
+					\Froxlor\UI\Response::standard_error('invaliddnsforletsencrypt', '', true);
+				}
+			}
+
 			// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
 			if ($ssl_redirect > 0 && $letsencrypt == 1) {
 				$ssl_redirect = 2;
@@ -252,6 +262,16 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				$phpsid_result['phpsettingid'] = intval($phpsettingid);
 			}
 
+			$allowed_phpconfigs = $customer['allowed_phpconfigs'];
+			if (! empty($allowed_phpconfigs)) {
+				$allowed_phpconfigs = json_decode($allowed_phpconfigs, true);
+			} else {
+				$allowed_phpconfigs = [];
+			}
+			if (! in_array($phpsid_result['phpsettingid'], $allowed_phpconfigs)) {
+				\Froxlor\UI\Response::standard_error('notallowedphpconfigused', '', true);
+			}
+
 			// actually insert domain
 			$stmt = Database::prepare("
 				INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
@@ -595,9 +615,18 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 			}
 		}
 
+		// validate dns if lets encrypt is enabled to check whether we can use it at all
+		if ($result['letsencrypt'] != $letsencrypt && $letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
+			$our_ips = Domain::getIpsOfDomain($result['parentdomainid']);
+			$domain_ips = \Froxlor\PhpHelper::gethostbynamel6($result['domain']);
+			if ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {
+				\Froxlor\UI\Response::standard_error('invaliddnsforletsencrypt', '', true);
+			}
+		}
+
 		// We can't enable let's encrypt for wildcard-domains
 		if ($iswildcarddomain == '1' && $letsencrypt == '1') {
-			\Froxlor\UI\Response::standard_error('nowildcardwithletsencrypt');
+			\Froxlor\UI\Response::standard_error('nowildcardwithletsencrypt', '', true);
 		}
 
 		// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
@@ -619,12 +648,22 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 			$this->logger()->logAction($this->isAdmin() ? \Froxlor\FroxlorLogger::ADM_ACTION : \Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] automatically deleted mail-table entries for '" . $idna_convert->decode($result['domain']) . "'");
 		}
 
+		$allowed_phpconfigs = $customer['allowed_phpconfigs'];
+		if (! empty($allowed_phpconfigs)) {
+			$allowed_phpconfigs = json_decode($allowed_phpconfigs, true);
+		} else {
+			$allowed_phpconfigs = [];
+		}
+		if (! in_array($phpsettingid, $allowed_phpconfigs)) {
+			\Froxlor\UI\Response::standard_error('notallowedphpconfigused', '', true);
+		}
+
 		// handle redirect
 		if ($_doredirect) {
 			\Froxlor\Domain\Domain::updateRedirectOfDomain($id, $redirectcode);
 		}
 
-		if ($path != $result['documentroot'] || $isemaildomain != $result['isemaildomain'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $aliasdomain != $result['aliasdomain'] || $openbasedir_path != $result['openbasedir_path'] || $ssl_redirect != $result['ssl_redirect'] || $letsencrypt != $result['letsencrypt'] || $hsts_maxage != $result['hsts'] || $hsts_sub != $result['hsts_sub'] || $hsts_preload != $result['hsts_preload'] || $phpsettingid != $result['phpsettingid']) {
+		if ($path != $result['documentroot'] || $isemaildomain != $result['isemaildomain'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $aliasdomain != (int)$result['aliasdomain'] || $openbasedir_path != $result['openbasedir_path'] || $ssl_redirect != $result['ssl_redirect'] || $letsencrypt != $result['letsencrypt'] || $hsts_maxage != $result['hsts'] || $hsts_sub != $result['hsts_sub'] || $hsts_preload != $result['hsts_preload'] || $phpsettingid != $result['phpsettingid']) {
 			$stmt = Database::prepare("
 					UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
 					`documentroot` = :documentroot,
@@ -810,7 +849,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 	}
 
 	/**
-	 * returns the total number of accessable subdomain entries
+	 * returns the total number of accessible subdomain entries
 	 *
 	 * @param int $customerid
 	 *        	optional, admin-only, select (sub)domains of a specific customer by id

lib/Froxlor/Bulk/BulkAction.php

@@ -133,7 +133,7 @@ abstract class BulkAction
 
 		$new_data = array();
 		foreach ($this->api_params as $idx => $param) {
-			if (isset($data_array[$idx]) && ! empty($data_array[$idx])) {
+			if (isset($data_array[$idx])) {
 				$new_data[$param] = $data_array[$idx];
 			}
 		}
@@ -150,7 +150,7 @@ abstract class BulkAction
 
 	/**
 	 * reads in the csv import file and returns an array with
-	 * all the entites to be imported
+	 * all the entities to be imported
 	 *
 	 * @param string $separator
 	 *

lib/Froxlor/Cli/Action/ConfigServicesAction.php

@@ -341,13 +341,43 @@ class ConfigServicesAction extends \Froxlor\Cli\Action
 
 		// try to convert namserver hosts to ip's
 		$ns_ips = "";
+		$known_ns_ips = [];
 		if (Settings::Get('system.nameservers') != '') {
 			$nameservers = explode(',', Settings::Get('system.nameservers'));
 			foreach ($nameservers as $nameserver) {
 				$nameserver = trim($nameserver);
+				// DNS servers might be multi homed; allow transfer from all ip
+				// addresses of the DNS server
 				$nameserver_ips = \Froxlor\PhpHelper::gethostbynamel6($nameserver);
-				if (is_array($nameserver_ips) && count($nameserver_ips) > 0) {
-					$ns_ips .= implode(",", $nameserver_ips);
+				// append dot to hostname
+				if (substr($nameserver, - 1, 1) != '.') {
+					$nameserver .= '.';
+				}
+				// ignore invalid responses
+				if (! is_array($nameserver_ips)) {
+					// act like \Froxlor\PhpHelper::gethostbynamel6() and return unmodified hostname on error
+					$nameserver_ips = array(
+						$nameserver
+					);
+				} else {
+					$known_ns_ips = array_merge($known_ns_ips, $nameserver_ips);
+				}
+				if (!empty($ns_ips)) {
+					$ns_ips .= ',';
+				}
+				$ns_ips .= implode(",", $nameserver_ips);
+			}
+		}
+
+		// AXFR server
+		if (Settings::Get('system.axfrservers') != '') {
+			$axfrservers = explode(',', Settings::Get('system.axfrservers'));
+			foreach ($axfrservers as $axfrserver) {
+				if (!in_array(trim($axfrserver), $known_ns_ips)) {
+					if (!empty($ns_ips)) {
+						$ns_ips .= ',';
+					}
+					$ns_ips .= trim($axfrserver);
 				}
 			}
 		}
@@ -365,7 +395,6 @@ class ConfigServicesAction extends \Froxlor\Cli\Action
 			'<SERVERIP>' => Settings::Get('system.ipaddress'),
 			'<NAMESERVERS>' => Settings::Get('system.nameservers'),
 			'<NAMESERVERS_IP>' => $ns_ips,
-			'<AXFRSERVERS>' => Settings::Get('system.axfrservers'),
 			'<VIRTUAL_MAILBOX_BASE>' => Settings::Get('system.vmail_homedir'),
 			'<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
 			'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),
@@ -402,7 +431,7 @@ class ConfigServicesAction extends \Froxlor\Cli\Action
 			} elseif (! file_exists($this->_args["froxlor-dir"])) {
 				throw new \Exception("Given froxlor directory cannot be found ('" . $this->_args["froxlor-dir"] . "')");
 			} elseif (! is_readable($this->_args["froxlor-dir"])) {
-				throw new \Exception("Given froxlor direcotry cannot be read ('" . $this->_args["froxlor-dir"] . "')");
+				throw new \Exception("Given froxlor directory cannot be read ('" . $this->_args["froxlor-dir"] . "')");
 			}
 		}
 	}

lib/Froxlor/Cli/Action/SwitchServerIpAction.php

@@ -62,7 +62,7 @@ class SwitchServerIpAction extends \Froxlor\Cli\Action
 		$ip_list = $this->_args['switch'];
 
 		if (empty($ip_list) || is_bool($ip_list)) {
-			throw new \Exception("No paramters given for --switch action.");
+			throw new \Exception("No parameters given for --switch action.");
 		}
 
 		$ips_to_switch = array();
@@ -179,7 +179,7 @@ class SwitchServerIpAction extends \Froxlor\Cli\Action
 			} elseif (! file_exists($this->_args["froxlor-dir"])) {
 				throw new \Exception("Given froxlor directory cannot be found ('" . $this->_args["froxlor-dir"] . "')");
 			} elseif (! is_readable($this->_args["froxlor-dir"])) {
-				throw new \Exception("Given froxlor direcotry cannot be read ('" . $this->_args["froxlor-dir"] . "')");
+				throw new \Exception("Given froxlor directory cannot be read ('" . $this->_args["froxlor-dir"] . "')");
 			}
 		}
 	}

lib/Froxlor/Config/ConfigDaemon.php

@@ -55,7 +55,7 @@ class ConfigDaemon
 	private $isparsed = false;
 
 	/**
-	 * Sub - area of the full - XML only holding the daemon - data we are interessted in
+	 * Sub - area of the full - XML only holding the daemon - data we are interested in
 	 *
 	 * @var \SimpleXMLElement
 	 */

lib/Froxlor/Cron/Dns/PowerDNS.php

@@ -1,6 +1,8 @@
 <?php
 namespace Froxlor\Cron\Dns;
 
+use Froxlor\Settings;
+
 /**
  * This file is part of the Froxlor project.
  * Copyright (c) 2016 the Froxlor Team (see authors).
@@ -97,26 +99,29 @@ class PowerDNS extends DnsBase
 			));
 			$pdns_domain = $pdns_domains_stmt->fetch(\PDO::FETCH_ASSOC);
 
-			$del_rec_stmt->execute(array(
-				'did' => $pdns_domain['id']
-			));
-			$del_meta_stmt->execute(array(
-				'did' => $pdns_domain['id']
-			));
-			$del_dom_stmt->execute(array(
-				'did' => $pdns_domain['id']
-			));
+			if ($pdns_domain && ! empty($pdns_domain['id'])) {
+				$del_rec_stmt->execute(array(
+					'did' => $pdns_domain['id']
+				));
+				$del_meta_stmt->execute(array(
+					'did' => $pdns_domain['id']
+				));
+				$del_dom_stmt->execute(array(
+					'did' => $pdns_domain['id']
+				));
+			}
 		}
 	}
 
 	private function insertZone($domainname, $serial = 0)
 	{
 		$ins_stmt = \Froxlor\Dns\PowerDNS::getDB()->prepare("
-			INSERT INTO domains set `name` = :domainname, `notified_serial` = :serial, `type` = 'NATIVE'
+			INSERT INTO domains set `name` = :domainname, `notified_serial` = :serial, `type` = :type
 		");
 		$ins_stmt->execute(array(
 			'domainname' => $domainname,
-			'serial' => $serial
+			'serial' => $serial,
+			'type' => strtoupper(Settings::Get('system.powerdns_mode'))
 		));
 		$lastid = \Froxlor\Dns\PowerDNS::getDB()->lastInsertId();
 		return $lastid;

lib/Froxlor/Cron/Http/Apache.php

@@ -826,7 +826,7 @@ class Apache extends HttpConfigBase
 				// After inserting the AWStats information,
 				// be sure to build the awstats conf file as well
 				// and chown it using $awstats_params, #258
-				// Bug 960 + Bug 970 : Use full $domain instead of custom $awstats_params as following classes depend on the informations
+				// Bug 960 + Bug 970 : Use full $domain instead of custom $awstats_params as following classes depend on the information
 				\Froxlor\Http\Statistics::createAWStatsConf(Settings::Get('system.logfiles_directory') . $domain['loginname'] . $speciallogfile . '-access.log', $domain['domain'], $alias . $server_alias, $domain['customerroot'], $domain);
 			}
 		}

lib/Froxlor/Cron/Http/ConfigIO.php

@@ -287,7 +287,7 @@ class ConfigIO
 	}
 
 	/**
-	 * returns a file/direcotry from the settings and checks whether it exists
+	 * returns a file/directory from the settings and checks whether it exists
 	 *
 	 * @param string $group
 	 *        	settings-group

lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php

@@ -21,13 +21,21 @@ use Froxlor\FileDir;
  * @author Froxlor team <team@froxlor.org> (2016-)
  * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
  * @package Cron
- *
+ *         
  * @since 0.9.35
- *
+ *       
  */
 class AcmeSh extends \Froxlor\Cron\FroxlorCron
 {
 
+	const ACME_PROVIDER = [
+		'letsencrypt' => "https://acme-v02.api.letsencrypt.org/directory",
+		'letsencrypt_test' => "https://acme-staging-v02.api.letsencrypt.org/directory",
+		'buypass' => "https://api.buypass.com/acme/directory",
+		'buypass_test' => "https://api.test4.buypass.no/acme/directory",
+		'zerossl' => "https://acme.zerossl.com/v2/DV90"
+	];
+
 	private static $apiserver = "";
 
 	private static $acmesh = "/root/.acme.sh/acme.sh";
@@ -63,7 +71,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 			$issue_domains = self::issueDomains();
 			$renew_froxlor = self::renewFroxlorVhost();
 			$renew_domains = self::renewDomains(true);
-			if ($issue_froxlor || !empty($issue_domains) || !empty($renew_froxlor) || $renew_domains) {
+			if ($issue_froxlor || ! empty($issue_domains) || ! empty($renew_froxlor) || $renew_domains) {
 				// insert task to generate certificates and vhost-configs
 				\Froxlor\System\Cronjob::inserttask(1);
 			}
@@ -71,7 +79,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 		}
 
 		// set server according to settings
-		self::$apiserver = 'https://acme-' . (Settings::Get('system.letsencryptca') == 'testing' ? 'staging-' : '') . 'v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org/directory';
+		self::$apiserver = self::ACME_PROVIDER[Settings::Get('system.letsencryptca')];
 
 		// validate acme.sh installation
 		if (! self::checkInstall()) {
@@ -123,7 +131,8 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 				'ssl_key_file' => null,
 				'ssl_ca_file' => null,
 				'ssl_csr_file' => null,
-				'id' => null
+				'id' => null,
+				'wwwserveralias' => 0
 			);
 
 			// add to queue
@@ -157,7 +166,8 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 				'ssl_key_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_key_file'] : null,
 				'ssl_ca_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_ca_file'] : null,
 				'ssl_csr_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_csr_file'] : null,
-				'id' => is_array($renew_froxlor) ? $renew_froxlor['id'] : null
+				'id' => is_array($renew_froxlor) ? $renew_froxlor['id'] : null,
+				'wwwserveralias' => 0
 			);
 			$renew_domains[] = $certrow;
 		}
@@ -279,12 +289,18 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 			$our_ips = Domain::getIpsOfDomain($domain_id);
 			foreach ($loop_domains as $idx => $domain) {
 				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Validating DNS of " . $domain);
-				// ips accordint to NS
+				// ips according to NS
 				$domain_ips = PhpHelper::gethostbynamel6($domain);
 				if ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {
 					// no common ips...
 					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $domain . " due to no system known IP address via DNS check");
 					unset($domains[$idx]);
+					// in order to avoid a cron-loop that tries to get a certificate every 5 minutes, we disable let's encrypt for this domain
+					$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `letsencrypt` = '0' WHERE `id` = :did");
+					Database::pexecute($upd_stmt, [
+						'did' => $domain_id
+					]);
+					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Let's Encrypt deactivated for domain " . $domain);
 				}
 			}
 		}
@@ -306,7 +322,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 			if (Settings::Get('system.letsencryptreuseold') != '1') {
 				$acmesh_cmd .= " --always-force-new-domain-key";
 			}
-			if (Settings::Get('system.letsencryptca') == 'testing') {
+			if (Settings::Get('system.letsencryptca') == 'letsencrypt_test') {
 				$acmesh_cmd .= " --staging";
 			}
 			if ($force) {
@@ -517,7 +533,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 		$env_file = FileDir::makeCorrectFile(dirname(self::$acmesh) . '/acme.sh.env');
 		if (file_exists($env_file)) {
 			$output = [];
-			$cut = <<<EOC
+$cut = <<<EOC
 cut -d'"' -f2
 EOC;
 			exec('grep "LE_WORKING_DIR" ' . escapeshellarg($env_file) . ' | ' . $cut, $output);

lib/Froxlor/Cron/Http/Lighttpd.php

@@ -678,7 +678,7 @@ class Lighttpd extends HttpConfigBase
 				// After inserting the AWStats information,
 				// be sure to build the awstats conf file as well
 				// and chown it using $awstats_params, #258
-				// Bug 960 + Bug 970 : Use full $domain instead of custom $awstats_params as following classes depend on the informations
+				// Bug 960 + Bug 970 : Use full $domain instead of custom $awstats_params as following classes depend on the information
 				\Froxlor\Http\Statistics::createAWStatsConf(Settings::Get('system.logfiles_directory') . $domain['loginname'] . $speciallogfile . '-access.log', $domain['domain'], $alias . $server_alias, $domain['customerroot'], $domain);
 			}
 		}

lib/Froxlor/Cron/Http/Nginx.php

@@ -1153,7 +1153,7 @@ class Nginx extends HttpConfigBase
 				// After inserting the AWStats information,
 				// be sure to build the awstats conf file as well
 				// and chown it using $awstats_params, #258
-				// Bug 960 + Bug 970 : Use full $domain instead of custom $awstats_params as following classes depend on the informations
+				// Bug 960 + Bug 970 : Use full $domain instead of custom $awstats_params as following classes depend on the information
 				\Froxlor\Http\Statistics::createAWStatsConf(Settings::Get('system.logfiles_directory') . $domain['loginname'] . $speciallogfile . '-access.log', $domain['domain'], $alias . $server_alias, $domain['customerroot'], $domain);
 			}
 		}

lib/Froxlor/Cron/Http/Php/Fcgid.php

@@ -94,7 +94,7 @@ class Fcgid
 		// Set Binary
 		$starter_file .= "exec " . $phpconfig['binary'] . " -c " . escapeshellarg($this->getConfigDir()) . "\n";
 
-		// remove +i attibute, so starter can be overwritten
+		// remove +i attribute, so starter can be overwritten
 		if (file_exists($this->getStarterFile())) {
 			\Froxlor\FileDir::removeImmutable($this->getStarterFile());
 		}

lib/Froxlor/Cron/Http/Php/Fpm.php

@@ -218,7 +218,7 @@ class Fpm
 					$openbasedir .= $_phpappendopenbasedir;
 				}
 			}
-			$fpm_config .= 'php_admin_value[session.save_path] = ' . \Froxlor\FileDir::makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->domain['loginname'] . '/') . "\n";
+
 			$fpm_config .= 'php_admin_value[upload_tmp_dir] = ' . \Froxlor\FileDir::makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->domain['loginname'] . '/') . "\n";
 
 			$admin = $this->getAdminData($this->domain['adminid']);
@@ -261,6 +261,11 @@ class Fpm
 				$fpm_config .= 'php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f ' . $this->domain['email'] . "\n";
 			}
 
+			// check for session.save_path, whether it has been specified by the user, if not, set a default
+			if (strpos($fpm_config, 'php_value[session.save_path]') === false && strpos($fpm_config, 'php_admin_value[session.save_path]') === false) {
+				$fpm_config .= 'php_admin_value[session.save_path] = ' . $this->getTempDir() . "\n";
+			}
+
 			// append custom phpfpm configuration
 			if (! empty($fpm_custom_config)) {
 				$fpm_config .= "\n; Custom Configuration\n";

lib/Froxlor/Cron/System/Extrausers.php

@@ -2,6 +2,7 @@
 namespace Froxlor\Cron\System;
 
 use Froxlor\Database\Database;
+use Froxlor\Settings;
 
 /**
  * This file is part of the Froxlor project.
@@ -25,12 +26,13 @@ class Extrausers
 		// passwd
 		$passwd = '/var/lib/extrausers/passwd';
 		$sql = "SELECT customerid,username,'x' as password,uid,gid,'Froxlor User' as comment,homedir,shell, login_enabled FROM ftp_users ORDER BY uid, LENGTH(username) ASC";
-		self::generateFile($passwd, $sql, $cronlog);
+		$users_list = [];
+		self::generateFile($passwd, $sql, $cronlog, $users_list);
 
 		// group
 		$group = '/var/lib/extrausers/group';
 		$sql = "SELECT groupname,'x' as password,gid,members FROM ftp_groups ORDER BY gid ASC";
-		self::generateFile($group, $sql, $cronlog);
+		self::generateFile($group, $sql, $cronlog, $users_list);
 
 		// shadow
 		$shadow = '/var/lib/extrausers/shadow';
@@ -44,7 +46,7 @@ class Extrausers
 		@chmod('/var/lib/extrausers/shadow', 0640);
 	}
 
-	private static function generateFile($file, $query, &$cronlog)
+	private static function generateFile($file, $query, &$cronlog, &$result_list = null)
 	{
 		$type = basename($file);
 		$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Creating ' . $type . ' file');
@@ -74,6 +76,9 @@ class Extrausers
 						$u['comment'] = 'Locked Froxlor User';
 					}
 					$line = $u['username'] . ':' . $u['password'] . ':' . $u['uid'] . ':' . $u['gid'] . ':' . $u['comment'] . ':' . $u['homedir'] . ':' . $u['shell'] . PHP_EOL;
+					if (is_array($result_list)) {
+						$result_list[] = $u['username'];
+					}
 					break;
 				case 'group':
 					$line = $u['groupname'] . ':' . $u['password'] . ':' . $u['gid'] . ':' . $u['members'] . PHP_EOL;
@@ -84,6 +89,19 @@ class Extrausers
 			}
 			$data_content .= $line;
 		}
+
+		// check for local group to generate
+		if ($type == 'group' && Settings::Get('system.froxlorusergroup') != '') {
+			$guid = intval(Settings::Get('system.froxlorusergroup_gid'));
+			if (empty($guid)) {
+				$guid = intval(Settings::Get('system.lastguid')) + 1;
+				Settings::Set('system.lastguid', $guid, true);
+				Settings::Set('system.froxlorusergroup_gid', $guid, true);
+			}
+			$line = Settings::Get('system.froxlorusergroup') . ':x:' . $guid . ':' . implode(',', $result_list) . PHP_EOL;
+			$data_content .= $line;
+		}
+
 		if (file_put_contents($file, $data_content) !== false) {
 			$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Succesfully wrote ' . $type . ' file');
 		} else {

lib/Froxlor/Cron/Traffic/TrafficCron.php

@@ -69,7 +69,7 @@ class TrafficCron extends \Froxlor\Cron\FroxlorCron
 		}
 
 		/**
-		 * TRAFFIC AND DISKUSAGE MESSURE
+		 * TRAFFIC AND DISKUSAGE MEASURE
 		 */
 		\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_INFO, 'Traffic run started...');
 		$admin_traffic = array();

lib/Froxlor/Database/Database.php

@@ -165,7 +165,7 @@ class Database
 	}
 
 	/**
-	 * returns the sql-access data as array using indeces
+	 * returns the sql-access data as array using indices
 	 * 'user', 'passwd' and 'host'.
 	 * Returns false if not enabled
 	 *
@@ -279,6 +279,8 @@ class Database
 			$host = $sql_root[self::$dbserver]['host'];
 			$socket = isset($sql_root[self::$dbserver]['socket']) ? $sql_root[self::$dbserver]['socket'] : null;
 			$port = isset($sql_root[self::$dbserver]['port']) ? $sql_root[self::$dbserver]['port'] : '3306';
+			$sslCAFile = $sql_root[self::$dbserver]['ssl']['caFile'] ?? "";
+			$sslVerifyServerCertificate = $sql_root[self::$dbserver]['ssl']['verifyServerCertificate'] ?? false;
 		} else {
 			$caption = 'localhost';
 			$user = $sql["user"];
@@ -286,6 +288,8 @@ class Database
 			$host = $sql["host"];
 			$socket = isset($sql['socket']) ? $sql['socket'] : null;
 			$port = isset($sql['port']) ? $sql['port'] : '3306';
+			$sslCAFile = $sql['ssl']['caFile'] ?? "";
+			$sslVerifyServerCertificate = $sql['ssl']['verifyServerCertificate'] ?? false;
 		}
 
 		// save sql-access-data if needed
@@ -297,7 +301,9 @@ class Database
 				'port' => $port,
 				'socket' => $socket,
 				'db' => $sql["db"],
-				'caption' => $caption
+				'caption' => $caption,
+				'ssl_ca_file' => $sslCAFile,
+				'ssl_verify_server_certificate' => $sslVerifyServerCertificate
 			);
 		}
 
@@ -321,6 +327,11 @@ class Database
 		} else {
 			$dbconf["dsn"]['host'] = $host;
 			$dbconf["dsn"]['port'] = $port;
+
+			if (!empty(self::$sqldata['ssl_ca_file'])) {
+				$options[\PDO::MYSQL_ATTR_SSL_CA] = self::$sqldata['ssl_ca_file'];
+				$options[\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool) self::$sqldata['ssl_verify_server_certificate'];
+			}
 		}
 
 		self::$dbname = $sql["db"];

lib/Froxlor/Database/DbManager.php

@@ -16,9 +16,9 @@ use Froxlor\Settings;
  * @author Froxlor team <team@froxlor.org> (2010-)
  * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
  * @package Classes
- *         
+ *
  * @since 0.9.31
- *       
+ *
  */
 
 /**
@@ -82,11 +82,13 @@ class DbManager
 			// get all usernames from db-manager
 			$allsqlusers = $this->getManager()->getAllSqlUsers();
 			// generate random username
-			$username = $loginname . '-' . substr(md5(uniqid(microtime(), 1)), 20, 3);
+			$username = $loginname . '-' . substr(\Froxlor\Froxlor::genSessionId(), 20, 3);
 			// check whether it exists on the DBMS
 			while (in_array($username, $allsqlusers)) {
-				$username = $loginname . '-' . substr(md5(uniqid(microtime(), 1)), 20, 3);
+				$username = $loginname . '-' . substr(\Froxlor\Froxlor::genSessionId(), 20, 3);
 			}
+		} elseif (strtoupper(Settings::Get('customer.mysqlprefix')) == 'DBNAME') {
+			$username = $loginname;
 		} else {
 			$username = $loginname . Settings::Get('customer.mysqlprefix') . (intval($last_accnumber) + 1);
 		}

lib/Froxlor/Database/IntegrityCheck.php

@@ -90,7 +90,7 @@ class IntegrityCheck
 			'dbname' => Database::getDbName()
 		));
 		$charset = isset($resp['default_character_set_name']) ? $resp['default_character_set_name'] : null;
-		if (! empty($charset) && strtolower($charset) != 'utf8') {
+		if (! empty($charset) && substr(strtolower($charset), 0, 4) != 'utf8') {
 			$this->log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, "database charset seems to be different from UTF-8, integrity-check can fix that");
 			if ($fix) {
 				// fix database

lib/Froxlor/Dns/Dns.php

@@ -53,7 +53,7 @@ class Dns
 			$domain = $domain_id;
 		}
 
-		if ($domain['isbinddomain'] != '1') {
+		if (!isset($domain['isbinddomain']) || $domain['isbinddomain'] != '1') {
 			return;
 		}
 
@@ -190,12 +190,26 @@ class Dns
 				'@',
 				'www',
 				'*'
-			] as $crceord) {
-				if ($entry['type'] == 'CNAME' && $entry['record'] == '@' && (array_key_exists(md5($crceord), $required_entries['A']) || array_key_exists(md5($crceord), $required_entries['AAAA']))) {
-					unset($required_entries['A'][md5($crceord)]);
-					unset($required_entries['AAAA'][md5($crceord)]);
+			] as $crecord) {
+				if ($entry['type'] == 'CNAME' && $entry['record'] == '@' && (array_key_exists(md5($crecord), $required_entries['A']) || array_key_exists(md5($crecord), $required_entries['AAAA']))) {
+					unset($required_entries['A'][md5($crecord)]);
+					unset($required_entries['AAAA'][md5($crecord)]);
 				}
 			}
+			// also allow overriding of auto-generated values (imap,pop3,mail,smtp) if enabled in the settings
+			if (Settings::Get('system.dns_createmailentry')) {
+			    foreach (array(
+			        'imap',
+			        'pop3',
+			        'mail',
+			        'smtp'
+			    ) as $crecord) {
+			        if ($entry['type'] == 'CNAME' && $entry['record'] == $crecord && (array_key_exists(md5($crecord), $required_entries['A']) || array_key_exists(md5($crecord), $required_entries['AAAA']))) {
+			            unset($required_entries['A'][md5($crecord)]);
+			            unset($required_entries['AAAA'][md5($crecord)]);
+			        }
+			    }
+			}
 			$zonerecords[] = new DnsEntry($entry['record'], $entry['type'], $entry['content'], $entry['prio'], $entry['ttl']);
 		}
 
@@ -324,11 +338,28 @@ class Dns
 						foreach ($records as $record) {
 							if ($record == '@CAA@') {
 								$caa_entries = explode(PHP_EOL, Settings::Get('caa.caa_entry'));
-								if ($domain['letsencrypt'] == 1) {
-									$le_entry = $domain['iswildcarddomain'] == '1' ? '0 issuewild "letsencrypt.org"' : '0 issue "letsencrypt.org"';
-									array_push($caa_entries, $le_entry);
+								$caa_domain = "letsencrypt.org";
+								if (Settings::Get('system.letsencryptca') == 'buypass' || Settings::Get('system.letsencryptca') == 'buypass_test') {
+									$caa_domain = "buypass.com";
+								}
+								if ($domain['letsencrypt'] == 1) {
+									if (Settings::Get('system.letsencryptca') == 'zerossl') {
+										$caa_domains = [
+											"sectigo.com",
+											"trust-provider.com",
+											"usertrust.com",
+											"comodoca.com",
+											"comodo.com"
+										];
+										foreach ($caa_domains as $caa_domain) {
+											$le_entry = $domain['iswildcarddomain'] == '1' ? '0 issuewild "' . $caa_domain . '"' : '0 issue "' . $caa_domain . '"';
+											array_push($caa_entries, $le_entry);
+										}
+									} else {
+										$le_entry = $domain['iswildcarddomain'] == '1' ? '0 issuewild "' . $caa_domain . '"' : '0 issue "' . $caa_domain . '"';
+										array_push($caa_entries, $le_entry);
+									}
 								}
-
 								foreach ($caa_entries as $entry) {
 									if (empty($entry)) continue;
 									$zonerecords[] = new DnsEntry('@', 'CAA', $entry);
@@ -372,7 +403,7 @@ class Dns
 			$soa_content = $primary_ns . " " . self::escapeSoaAdminMail($soa_email) . " ";
 			$soa_content .= $domain['bindserial'] . " ";
 			// TODO for now, dummy time-periods
-			$soa_content .= "3600 900 604800 " . (int) Settings::Get('system.defaultttl');
+			$soa_content .= "3600 900 1209600 1200";
 
 			$soa_record = new DnsEntry('@', 'SOA', $soa_content);
 			array_unshift($zonerecords, $soa_record);

lib/Froxlor/Dns/PowerDNS.php

@@ -62,6 +62,11 @@ class PowerDNS
 		} else {
 			$dbconf["dsn"]['host'] = $mysql_data['gmysql-host'];
 			$dbconf["dsn"]['port'] = $mysql_data['gmysql-port'];
+
+			if (!empty($mysql_data['gmysql-ssl-ca-file'])) {
+				$options[\PDO::MYSQL_ATTR_SSL_CA] = $mysql_data['gmysql-ssl-ca-file'];
+				$options[\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool) $mysql_data['gmysql-ssl-verify-server-certificate'];
+			}
 		}
 
 		// add options to dsn-string

lib/Froxlor/Domain/Domain.php

@@ -340,7 +340,7 @@ class Domain
 				// run remove command
 				\Froxlor\FileDir::safe_exec($acmesh . $params);
 				// remove certificates directory
-				@unlink($certificate_folder);
+				\Froxlor\FileDir::safe_exec('rm -rf ' . $certificate_folder);
 			}
 		}
 		return true;

lib/Froxlor/FileDir.php

@@ -370,7 +370,7 @@ class FileDir
 	 * @param
 	 *        	integer uid The uid which must match the found directories
 	 * @param
-	 *        	integer gid The gid which must match the found direcotries
+	 *        	integer gid The gid which must match the found directories
 	 * @param
 	 *        	string value the value for the input-field
 	 *        	
@@ -461,7 +461,7 @@ class FileDir
 	 * @param int $uid
 	 *        	the uid which must match the found directories
 	 * @param int $gid
-	 *        	the gid which must match the found direcotries
+	 *        	the gid which must match the found directories
 	 *        	
 	 * @return array Array of found valid paths
 	 */

lib/Froxlor/Froxlor.php

@@ -7,10 +7,10 @@ final class Froxlor
 {
 
 	// Main version variable
-	const VERSION = '0.10.26';
+	const VERSION = '0.10.30';
 
 	// Database version (YYYYMMDDC where C is a daily counter)
-	const DBVERSION = '202103240';
+	const DBVERSION = '202109040';
 
 	// Distribution branding-tag (used for Debian etc.)
 	const BRANDING = '';
@@ -63,7 +63,7 @@ final class Froxlor
 	 *
 	 * @param string $to_check
 	 *        	version to check, if empty current version is used
-	 *        	
+	 *
 	 * @return bool true if version to check does not match, else false
 	 */
 	public static function hasUpdates($to_check = null)
@@ -84,7 +84,7 @@ final class Froxlor
 	 *
 	 * @param int $to_check
 	 *        	version to check, if empty current dbversion is used
-	 *        	
+	 *
 	 * @return bool true if version to check does not match, else false
 	 */
 	public static function hasDbUpdates($to_check = null)
@@ -105,7 +105,7 @@ final class Froxlor
 	 *
 	 * @param int $to_check
 	 *        	version to check
-	 *        	
+	 *
 	 * @return bool true if version to check matches, else false
 	 */
 	public static function isDatabaseVersion($to_check = null)
@@ -124,7 +124,7 @@ final class Froxlor
 	 *
 	 * @param string $new_version
 	 *        	new-version
-	 *        	
+	 *
 	 * @return bool true on success, else false
 	 */
 	public static function updateToDbVersion($new_version = null)
@@ -150,7 +150,7 @@ final class Froxlor
 	 *
 	 * @param string $new_version
 	 *        	new-version
-	 *        	
+	 *
 	 * @return bool true on success, else false
 	 */
 	public static function updateToVersion($new_version = null)
@@ -191,7 +191,7 @@ final class Froxlor
 	 *
 	 * @param string $to_check
 	 *        	version to check
-	 *        	
+	 *
 	 * @return bool true if version to check matches, else false
 	 */
 	public static function isFroxlorVersion($to_check = null)
@@ -202,6 +202,30 @@ final class Froxlor
 		return false;
 	}
 
+	/**
+	 * generate safe unique session id
+	 *
+	 * @param int $length
+	 * @return string
+	 */
+	public static function genSessionId(int $length = 16)
+	{
+		if(!isset($length) || intval($length) <= 8 ){
+			$length = 16;
+		}
+		if (function_exists('random_bytes')) {
+			return bin2hex(random_bytes($length));
+		}
+		if (function_exists('mcrypt_create_iv')) {
+			return bin2hex(mcrypt_create_iv($length, MCRYPT_DEV_URANDOM));
+		}
+		if (function_exists('openssl_random_pseudo_bytes')) {
+			return bin2hex(openssl_random_pseudo_bytes($length));
+		}
+		// if everything else fails, use unsafe fallback
+		return md5(uniqid(microtime(), 1));
+	}
+
 	/**
 	 * compare of froxlor versions
 	 *

lib/Froxlor/FroxlorLogger.php

@@ -157,7 +157,7 @@ class FroxlorLogger
 			echo "[" . $this->getLogLevelDesc($type) . "] " . $text . PHP_EOL;
 		}
 
-		// warnings, errors and critical mesages WILL be logged
+		// warnings, errors and critical messages WILL be logged
 		if (Settings::Get('logger.log_cron') == '0' && $action == \Froxlor\FroxlorLogger::CRON_ACTION && $type > LOG_WARNING) {
 			return;
 		}

lib/Froxlor/PhpHelper.php

@@ -241,10 +241,14 @@ class PhpHelper
 		$ips = array();
 		foreach ($dns as $record) {
 			if ($record["type"] == "A") {
-				$ips[] = $record["ip"];
+				// always use compressed ipv6 format
+				$ip = inet_ntop(inet_pton($record["ip"]));
+				$ips[] = $ip;
 			}
 			if ($record["type"] == "AAAA") {
-				$ips[] = $record["ipv6"];
+				// always use compressed ipv6 format
+				$ip = inet_ntop(inet_pton($record["ipv6"]));
+				$ips[] = $ip;
 			}
 		}
 		if (count($ips) < 1) {

lib/Froxlor/SImExporter.php

@@ -16,9 +16,9 @@ use Froxlor\Database\Database;
  * @author Froxlor team <team@froxlor.org> (2018-)
  * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
  * @package Classes
- *         
+ *
  * @since 0.9.39
- *       
+ *
  */
 
 /**
@@ -60,6 +60,13 @@ class SImExporter
 
 	public static function export()
 	{
+	    $settings_definitions = [];
+	    foreach (\Froxlor\PhpHelper::loadConfigArrayDir('./actions/admin/settings/')['groups'] AS $group) {
+            foreach ($group['fields'] AS $field) {
+                $settings_definitions[$field['settinggroup']][$field['varname']] = $field;
+            }
+        }
+
 		$result_stmt = Database::query("
 			SELECT * FROM `" . TABLE_PANEL_SETTINGS . "` ORDER BY `settingid` ASC
 		");
@@ -69,13 +76,26 @@ class SImExporter
 			if (! in_array($index, self::$no_export)) {
 				$_data[$index] = $row['value'];
 			}
+
+			if (array_key_exists($row['settinggroup'], $settings_definitions) && array_key_exists($row['varname'], $settings_definitions[$row['settinggroup']])) {
+			    // Export image file
+			    if ($settings_definitions[$row['settinggroup']][$row['varname']]['type'] === "image") {
+			        if ($row['value'] === "") {
+			            continue;
+                    }
+
+			        $_data[$index.'.image_data'] = base64_encode(file_get_contents(explode('?', $row['value'], 2)[0]));
+                }
+            }
 		}
+
 		// add checksum for validation
 		$_data['_sha'] = sha1(var_export($_data, true));
 		$_export = json_encode($_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
 		if (! $_export) {
 			throw new \Exception("Error exporting settings: " . json_last_error_msg());
 		}
+
 		return $_export;
 	}
 
@@ -98,7 +118,7 @@ class SImExporter
 			if ($_sha != sha1(var_export($_data, true))) {
 				throw new \Exception("SHA check of import data failed. Unable to import.");
 			}
-			// do not import version info - but we need that to possibily update settings
+			// do not import version info - but we need that to possibly update settings
 			// when there were changes in the variable-name or similar
 			unset($_data['panel.version']);
 			unset($_data['panel.db_version']);
@@ -120,6 +140,26 @@ class SImExporter
 			}
 			// store new data
 			foreach ($_data as $index => $value) {
+                $index_split = explode('.', $index, 3);
+
+			    // Catch image_data and save it
+                if (isset($index_split[2]) && $index_split[2] === 'image_data' && !empty($_data[$index_split[0].'.'.$index_split[1]])) {
+                    $path = \Froxlor\Froxlor::getInstallDir().'/img/';
+                    if (!is_dir($path) && !mkdir($path, '0775')) {
+                        throw new \Exception("img directory does not exist and cannot be created");
+                    }
+
+                    // Make sure we can write to the upload directory
+                    if (!is_writable($path)) {
+                        if (!chmod($path, '0775')) {
+                            throw new \Exception("Cannot write to img directory");
+                        }
+                    }
+
+                    file_put_contents(\Froxlor\Froxlor::getInstallDir() . '/' . explode('?', $_data[$index_split[0].'.'.$index_split[1]], 2)[0], base64_decode($value));
+                    continue;
+                }
+
 				Settings::Set($index, $value);
 			}
 			// save to DB

lib/Froxlor/Settings/Store.php

@@ -367,4 +367,67 @@ class Store
 
 		return $returnvalue;
 	}
+
+	public static function storeSettingImage($fieldname, $fielddata)
+    {
+        if (isset($fielddata['settinggroup'], $fielddata['varname']) && is_array($fielddata) && $fielddata['settinggroup'] !== '' && $fielddata['varname'] !== '') {
+            $save_to = null;
+            $path = \Froxlor\Froxlor::getInstallDir().'/img/';
+
+            // New file?
+            if (isset($_FILES[$fieldname]) && $_FILES[$fieldname]['tmp_name']) {
+                // Make sure upload directory exists
+                if (!is_dir($path) && !mkdir($path, '0775')) {
+                    throw new \Exception("img directory does not exist and cannot be created");
+                }
+
+                // Make sure we can write to the upload directory
+                if (!is_writable($path)) {
+                    if (!chmod($path, '0775')) {
+                        throw new \Exception("Cannot write to img directory");
+                    }
+                }
+
+                // Make sure mime-type matches an image
+                if (!in_array(mime_content_type($_FILES[$fieldname]['tmp_name']), ['image/jpeg','image/jpg','image/png','image/gif'])) {
+                    throw new \Exception("Uploaded file not a valid image");
+                }
+
+                // Determine file extension
+                $spl = explode('.', $_FILES[$fieldname]['name']);
+                $file_extension = strtolower(array_pop($spl));
+                unset($spl);
+
+                // Move file
+                if (!move_uploaded_file($_FILES[$fieldname]['tmp_name'], $path.$fielddata['image_name'].'.'.$file_extension)) {
+                    throw new \Exception("Unable to save image to img folder");
+                }
+
+                $save_to = 'img/'.$fielddata['image_name'].'.'.$file_extension.'?v='.time();
+            }
+
+            // Delete file?
+            if ($fielddata['value'] !== "" && array_key_exists($fieldname.'_delete', $_POST) && $_POST[$fieldname.'_delete']) {
+                @unlink(\Froxlor\Froxlor::getInstallDir() . '/' . explode('?', $fielddata['value'], 2)[0]);
+                $save_to = '';
+            }
+
+            // Nothing changed
+            if ($save_to === null) {
+                return array(
+                    $fielddata['settinggroup'] . '.' . $fielddata['varname'] => $fielddata['value']
+                );
+            }
+
+            if (Settings::Set($fielddata['settinggroup'] . '.' . $fielddata['varname'], $save_to) === false) {
+                return false;
+            }
+
+            return array(
+                $fielddata['settinggroup'] . '.' . $fielddata['varname'] => $save_to
+            );
+        }
+
+        return false;
+    }
 }

lib/Froxlor/System/Crypt.php

@@ -59,20 +59,20 @@ class Crypt
 	}
 
 	/**
-	 * Make crypted password from clear text password
+	 * Make encrypted password from clear text password
 	 *
 	 * @author Michal Wojcik <m.wojcik@sonet3.pl>
 	 * @author Michael Kaufmann <mkaufmann@nutime.de>
 	 * @author Froxlor team <team@froxlor.org> (2010-)
 	 *        
-	 *         0 - default crypt (depenend on system configuration)
+	 *         0 - default crypt (depends on system configuration)
 	 *         1 - MD5 $1$
 	 *         2 - BLOWFISH $2y$07$
 	 *         3 - SHA-256 $5$ (default)
 	 *         4 - SHA-512 $6$
 	 *        
 	 * @param string $password
-	 *        	Password to be crypted
+	 *        	Password to be encrypted
 	 * @param bool $htpasswd
 	 *        	optional whether to generate a SHA1 password for directory protection
 	 *        	

lib/Froxlor/System/Mailer.php

@@ -7,7 +7,7 @@ class Mailer extends \PHPMailer\PHPMailer\PHPMailer
 {
 
 	/**
-	 * class construtor
+	 * class constructor
 	 *
 	 * @param string $exceptions
 	 *        	whether to throw exceptions or not

lib/Froxlor/UI/Data.php

@@ -52,6 +52,12 @@ class Data
 		return $newfieldvalue;
 	}
 
+	public static function getFormFieldDataImage($fieldname, $fielddata, $input)
+    {
+        // We always make the system think we have new data to trigger the save function where we actually check everything
+        return time();
+    }
+
 	public static function manipulateFormFieldDataDate($fieldname, $fielddata, $newfieldvalue)
 	{
 		if (isset($fielddata['date_timestamp']) && $fielddata['date_timestamp'] === true) {

lib/Froxlor/UI/Fields.php

@@ -89,6 +89,15 @@ class Fields
 		return $returnvalue;
 	}
 
+    public static function getFormFieldOutputImage($fieldname, $fielddata, $do_show = true)
+    {
+        global $lng;
+        $label = $fielddata['label'];
+        $value = htmlentities($fielddata['value']);
+        eval("\$returnvalue = \"" . \Froxlor\UI\Template::getTemplate("formfields/image", true) . "\";");
+        return $returnvalue;
+    }
+
 	public static function getFormFieldOutputDate($fieldname, $fielddata, $do_show = true)
 	{
 		if (isset($fielddata['date_timestamp']) && $fielddata['date_timestamp'] === true) {

lib/Froxlor/User.php

@@ -77,7 +77,7 @@ class User
 	}
 
 	/**
-	 * Function which updates all counters of used ressources in panel_admins and panel_customers
+	 * Function which updates all counters of used resources in panel_admins and panel_customers
 	 *
 	 * @param bool $returndebuginfo
 	 *        	Set to true to get an array with debug information
@@ -237,7 +237,7 @@ class User
 			$admin_domains = Database::pexecute_first($admin_domains_stmt, array(
 				"aid" => $admin['adminid']
 			));
-			// substract the amount of domains that are std-subdomains later when we iterated through all customers and know for sure
+			// subtract the amount of domains that are std-subdomains later when we iterated through all customers and know for sure
 			$admin['domains_used_new'] = $admin_domains['number_domains'];
 			// set current admin
 			$cur_adm = $admin['adminid'];

lib/Froxlor/Validate/Check.php

@@ -74,7 +74,7 @@ class Check
 
 	public static function checkMysqlAccessHost($fieldname, $fielddata, $newfieldvalue, $allnewfieldvalues)
 	{
-		$mysql_access_host_array = array_map('trim', explode(',', $newfieldvalue));
+		$mysql_access_host_array = array_unique(array_map('trim', explode(',', $newfieldvalue)));
 
 		foreach ($mysql_access_host_array as $host_entry) {
 			if (Validate::validate_ip2($host_entry, true, 'invalidip', true, true, true, true, false) == false && Validate::validateDomain($host_entry) == false && Validate::validateLocalHostname($host_entry) == false && $host_entry != '%') {
@@ -207,4 +207,30 @@ class Check
 		}
 		return $returnvalue;
 	}
+
+	public static function checkLocalGroup($fieldname, $fielddata, $newfieldvalue, $allnewfieldvalues)
+	{
+		if (empty($newfieldvalue) || $fielddata == $newfieldvalue) {
+			$returnvalue = [
+				self::FORMFIELDS_PLAUSIBILITY_CHECK_OK
+			];
+		} elseif (function_exists('posix_getgrnam') && posix_getgrnam($newfieldvalue) == false) {
+			if (Validate::validateUsername($newfieldvalue, Settings::Get('panel.unix_names'), 32)) {
+				$returnvalue = [
+					self::FORMFIELDS_PLAUSIBILITY_CHECK_OK
+				];
+			} else {
+				$returnvalue = [
+					self::FORMFIELDS_PLAUSIBILITY_CHECK_ERROR,
+					'local_group_invalid'
+				];
+			}
+		} else {
+			$returnvalue = [
+				self::FORMFIELDS_PLAUSIBILITY_CHECK_ERROR,
+				'local_group_exists'
+			];
+		}
+		return $returnvalue;
+	}
 }

lib/configfiles/bionic.xml

@@ -382,13 +382,12 @@ exit "$RETVAL"
 				</daemon>
 				<daemon name="powerdns" title="PowerDNS (standalone)">
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -907,7 +906,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # mysql-settings / you need to create the power-dns database for yourself!
 launch=gmysql
@@ -917,6 +916,8 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>
@@ -925,13 +926,12 @@ gmysql-password=
 				<daemon name="powerdns_bind"
 					title="PowerDNS via bind-backend">
 					<install><![CDATA[apt-get install pdns-server]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 # allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -1451,7 +1451,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # Bind backend configuration
 
@@ -2228,7 +2228,7 @@ debugger_command =
 #	>$config_directory/$process_name.$process_id.log & sleep 5
 #
 # Another possibility is to run gdb under a detached screen session.
-# To attach to the screen sesssion, su root and run "screen -r
+# To attach to the screen session, su root and run "screen -r
 # <id_string>" where <id_string> uniquely matches one of the detached
 # sessions (from "screen -list").
 #
@@ -2642,7 +2642,7 @@ driver = mysql
 # settings, like: host=sql1.host.org host=sql2.host.org
 #
 # pgsql:
-#   For available options, see the PostgreSQL documention for the
+#   For available options, see the PostgreSQL documentation for the
 #   PQconnectdb function of libpq.
 #   Use maxconns=n (default 5) to change how many connections Dovecot can
 #   create to pgsql.
@@ -2745,7 +2745,7 @@ user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir
 password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve')))
 
 # Query to get a list of all usernames.
-#iterate_query = SELECT username AS user FROM users
+iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)"
 ]]>
 							</content>
 						</file>
@@ -3707,7 +3707,7 @@ protocol sieve {
 #
 # If you want UIDL compatibility with other POP3 servers, use:
 #  UW's ipop3d         : %08Xv%08Xu
-#  Courier             : %f or %v-%u (both might be used simultaneosly)
+#  Courier             : %f or %v-%u (both might be used simultaneously)
 #  Cyrus (<= 2.1.3)    : %u
 #  Cyrus (>= 2.1.4)    : %v.%u
 #  Dovecot v0.99.x     : %v.%u
@@ -3877,6 +3877,15 @@ plugin {
   # (Currently only relevant for ManageSieve)
   #sieve_quota_max_storage = 0
 }
+]]>
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/90-quota.conf" chown="root:0"
+							chmod="0644" backup="true">
+							<content><![CDATA[
+plugin {
+  quota = maildir:User quota
+}
 ]]>
 							</content>
 						</file>
@@ -3965,7 +3974,7 @@ Port				21
 # PassivePorts                  49152 65534
 
 # If your host was NATted, this option is useful in order to
-# allow passive tranfers to work. You have to use your public
+# allow passive transfers to work. You have to use your public
 # address and opening the passive ports used on your firewall as well.
 # MasqueradeAddress		1.2.3.4
 
@@ -3990,7 +3999,7 @@ Group				nogroup
 # Umask 022 is a good standard umask to prevent new files and dirs
 # (second parm) from being group and world writable.
 Umask				022  022
-# Normally, we want files to be overwriteable.
+# Normally, we want files to be overwritable.
 AllowOverwrite			on
 
 # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
@@ -4237,7 +4246,7 @@ SQLBackend	mysql
 SQLEngine on
 SQLAuthenticate on
 #
-# Use both a crypted or plaintext password
+# Use both an encrypted or plaintext password
 SQLAuthTypes Crypt
 
 SQLAuthenticate users* groups*
@@ -4295,7 +4304,7 @@ TLSVerifyClient                         off
 #TLSRequired                             on
 
 # Allow SSL/TLS renegotiations when the client requests them, but
-# do not force the renegotations.  Some clients do not support
+# do not force the renegotiations.  Some clients do not support
 # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
 # clients will close the data connection, or there will be a timeout
 # on an idle data connection.
@@ -4595,7 +4604,7 @@ aliases:     files
 						chmod="0644">
 						<content><![CDATA[
 #
-# Froxlor logrotate snipet
+# Froxlor logrotate snippet
 #
 <CUSTOMER_LOGS>*.log {
   missingok

lib/configfiles/buster.xml

@@ -371,13 +371,12 @@ exit "$RETVAL"
 				</daemon>
 				<daemon name="powerdns" title="PowerDNS (standalone)">
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -881,7 +880,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # mysql-settings / you need to create the power-dns database for yourself!
 launch=gmysql
@@ -891,6 +890,8 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>
@@ -899,13 +900,12 @@ gmysql-password=
 				<daemon name="powerdns_bind"
 					title="PowerDNS via bind-backend">
 					<install><![CDATA[apt-get install pdns-server]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 # allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -1410,7 +1410,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # Bind backend configuration
 
@@ -2187,7 +2187,7 @@ debugger_command =
 #	>$config_directory/$process_name.$process_id.log & sleep 5
 #
 # Another possibility is to run gdb under a detached screen session.
-# To attach to the screen sesssion, su root and run "screen -r
+# To attach to the screen session, su root and run "screen -r
 # <id_string>" where <id_string> uniquely matches one of the detached
 # sessions (from "screen -list").
 #
@@ -2707,7 +2707,7 @@ user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir
 password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve')))
 
 # Query to get a list of all usernames.
-#iterate_query = SELECT username AS user FROM mail_users
+iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)"
 ]]>
 							</content>
 						</file>
@@ -4079,6 +4079,15 @@ plugin {
   # the source line numbers.
   #sieve_trace_addresses = no 
 }
+]]>
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/90-quota.conf" chown="root:0"
+							chmod="0644" backup="true">
+							<content><![CDATA[
+plugin {
+  quota = maildir:User quota
+}
 ]]>
 							</content>
 						</file>
@@ -4167,7 +4176,7 @@ Port				21
 # PassivePorts                  49152 65534
 
 # If your host was NATted, this option is useful in order to
-# allow passive tranfers to work. You have to use your public
+# allow passive transfers to work. You have to use your public
 # address and opening the passive ports used on your firewall as well.
 # MasqueradeAddress		1.2.3.4
 
@@ -4192,7 +4201,7 @@ Group				nogroup
 # Umask 022 is a good standard umask to prevent new files and dirs
 # (second parm) from being group and world writable.
 Umask				022  022
-# Normally, we want files to be overwriteable.
+# Normally, we want files to be overwritable.
 AllowOverwrite			on
 
 # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
@@ -4439,7 +4448,7 @@ SQLBackend	mysql
 SQLEngine on
 SQLAuthenticate on
 #
-# Use both a crypted or plaintext password
+# Use both an encrypted or plaintext password
 SQLAuthTypes Crypt
 
 SQLAuthenticate users* groups*
@@ -4497,7 +4506,7 @@ TLSVerifyClient                         off
 #TLSRequired                             on
 
 # Allow SSL/TLS renegotiations when the client requests them, but
-# do not force the renegotations.  Some clients do not support
+# do not force the renegotiations.  Some clients do not support
 # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
 # clients will close the data connection, or there will be a timeout
 # on an idle data connection.
@@ -4797,7 +4806,7 @@ aliases:     files
 						chmod="0644">
 						<content><![CDATA[
 #
-# Froxlor logrotate snipet
+# Froxlor logrotate snippet
 #
 <CUSTOMER_LOGS>*.log {
   missingok

lib/configfiles/centos7.xml

@@ -226,7 +226,7 @@ query = SELECT gid FROM mail_users WHERE email = '%s'
 # FQDN from Froxlor
 mydomain = <SERVERNAME>
 
-# set myhostname to $mydomain because Froxlor alrady uses a FQDN
+# set myhostname to $mydomain because Froxlor already uses a FQDN
 myhostname = $mydomain
 
 mydestination = $myhostname,
@@ -1536,7 +1536,7 @@ protocol sieve {
 #
 # If you want UIDL compatibility with other POP3 servers, use:
 #  UW's ipop3d         : %08Xv%08Xu
-#  Courier             : %f or %v-%u (both might be used simultaneosly)
+#  Courier             : %f or %v-%u (both might be used simultaneously)
 #  Cyrus (<= 2.1.3)    : %u
 #  Cyrus (>= 2.1.4)    : %v.%u
 #  Dovecot v0.99.x     : %v.%u
@@ -1712,6 +1712,15 @@ plugin {
   # (Currently only relevant for ManageSieve)
   #sieve_quota_max_storage = 0
 }
+]]>
+						</content>
+					</file>
+					<file name="/etc/dovecot/conf.d/90-quota.conf" chown="root:0"
+						chmod="0644" backup="true">
+						<content><![CDATA[
+plugin {
+  quota = maildir:User quota
+}
 ]]>
 						</content>
 					</file>
@@ -1754,7 +1763,7 @@ driver = mysql
 # settings, like: host=sql1.host.org host=sql2.host.org
 #
 # pgsql:
-#   For available options, see the PostgreSQL documention for the
+#   For available options, see the PostgreSQL documentation for the
 #   PQconnectdb function of libpq.
 #   Use maxconns=n (default 5) to change how many connections Dovecot can
 #   create to pgsql.
@@ -1857,8 +1866,7 @@ user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir
 #  FROM users WHERE userid = '%u'
 
 # Query to get a list of all usernames.
-#iterate_query = SELECT username AS user FROM users
-iterate_query = SELECT username AS user FROM mail_users
+iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)"
 ]]>
 						</content>
 					</file>
@@ -2237,7 +2245,7 @@ ControlsLog			/var/log/proftpd/controls.log
   DefaultRoot ~
 # Reject rootlogin (just for security)
   RootLogin off
-# Noo need to require valid shell, because user is virtual
+# No need to require valid shell, because user is virtual
   RequireValidShell off
 </Global>
 
@@ -2447,7 +2455,7 @@ aliases:	files nisplus
 						</content>
 					</file>
 					<command><![CDATA[systemctl reload-or-restart nscd.service]]></command>
-					<!-- clear group chache -->
+					<!-- clear group cache -->
 					<command><![CDATA[nscd --invalidate=group]]></command>
 				</daemon>
 				<!-- Logrotate -->
@@ -2457,7 +2465,7 @@ aliases:	files nisplus
 						chmod="0644">
 						<content><![CDATA[
 #
-# Froxlor logrotate snipet
+# Froxlor logrotate snippet
 #
 <CUSTOMER_LOGS>*.log {
   missingok

lib/configfiles/centos8.xml

@@ -227,7 +227,7 @@ query = SELECT gid FROM mail_users WHERE email = '%s'
 # FQDN from Froxlor
 mydomain = <SERVERNAME>
 
-# set myhostname to $mydomain because Froxlor alrady uses a FQDN
+# set myhostname to $mydomain because Froxlor already uses a FQDN
 myhostname = $mydomain
 
 mydestination = $myhostname,
@@ -1537,7 +1537,7 @@ protocol sieve {
 #
 # If you want UIDL compatibility with other POP3 servers, use:
 #  UW's ipop3d         : %08Xv%08Xu
-#  Courier             : %f or %v-%u (both might be used simultaneosly)
+#  Courier             : %f or %v-%u (both might be used simultaneously)
 #  Cyrus (<= 2.1.3)    : %u
 #  Cyrus (>= 2.1.4)    : %v.%u
 #  Dovecot v0.99.x     : %v.%u
@@ -1713,6 +1713,15 @@ plugin {
   # (Currently only relevant for ManageSieve)
   #sieve_quota_max_storage = 0
 }
+]]>
+						</content>
+					</file>
+					<file name="/etc/dovecot/conf.d/90-quota.conf" chown="root:0"
+						chmod="0644" backup="true">
+						<content><![CDATA[
+plugin {
+  quota = maildir:User quota
+}
 ]]>
 						</content>
 					</file>
@@ -1755,7 +1764,7 @@ driver = mysql
 # settings, like: host=sql1.host.org host=sql2.host.org
 #
 # pgsql:
-#   For available options, see the PostgreSQL documention for the
+#   For available options, see the PostgreSQL documentation for the
 #   PQconnectdb function of libpq.
 #   Use maxconns=n (default 5) to change how many connections Dovecot can
 #   create to pgsql.
@@ -1859,7 +1868,7 @@ user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir
 
 # Query to get a list of all usernames.
 #iterate_query = SELECT username AS user FROM users
-iterate_query = SELECT username AS user FROM mail_users
+iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)"
 ]]>
 						</content>
 					</file>
@@ -2238,7 +2247,7 @@ ControlsLog			/var/log/proftpd/controls.log
   DefaultRoot ~
 # Reject rootlogin (just for security)
   RootLogin off
-# Noo need to require valid shell, because user is virtual
+# No need to require valid shell, because user is virtual
   RequireValidShell off
 </Global>
 
@@ -2449,7 +2458,7 @@ aliases:	files nisplus
 						</content>
 					</file>
 					<command><![CDATA[systemctl reload-or-restart nscd.service]]></command>
-					<!-- clear group chache -->
+					<!-- clear group cache -->
 					<command><![CDATA[nscd --invalidate=group]]></command>
 				</daemon>
 				<!-- Logrotate -->
@@ -2459,7 +2468,7 @@ aliases:	files nisplus
 						chmod="0644">
 						<content><![CDATA[
 #
-# Froxlor logrotate snipet
+# Froxlor logrotate snippet
 #
 <CUSTOMER_LOGS>*.log {
   missingok

lib/configfiles/focal.xml

@@ -74,7 +74,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/apache2 restart]]></command>
+					<command><![CDATA[service apache2 restart]]></command>
 				</daemon>
 				<!-- HTTP Lighttpd -->
 				<daemon name="lighttpd" title="LigHTTPd">
@@ -138,7 +138,7 @@ include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
 					</command>
 					<command><![CDATA[lighty-disable-mod cgi]]></command>
 					<command><![CDATA[lighty-disable-mod fastcgi]]></command>
-					<command><![CDATA[/etc/init.d/lighttpd restart]]></command>
+					<command><![CDATA[service lighttpd restart]]></command>
 				</daemon>
 				<!-- HTTP Nginx -->
 				<daemon name="nginx" title="nginx">
@@ -354,7 +354,6 @@ exit "$RETVAL"
 						</visibility>
 						<content><![CDATA[/etc/init.d/php-fcgi restart]]></content>
 					</command>
-					<command><![CDATA[/etc/init.d/nginx restart]]></command>
 				</daemon>
 			</service>
 			<!--DNS -->
@@ -366,17 +365,16 @@ exit "$RETVAL"
 					<command><![CDATA[touch {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
 					<command><![CDATA[chown bind:0 {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
 					<command><![CDATA[chmod 0644 {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
-					<command><![CDATA[/etc/init.d/bind9 restart]]></command>
+					<command><![CDATA[service bind9 restart]]></command>
 				</daemon>
 				<daemon name="powerdns" title="PowerDNS (standalone)">
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -895,7 +893,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # mysql-settings / you need to create the power-dns database for yourself!
 launch=gmysql
@@ -905,21 +903,22 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/pdns restart]]></command>
+					<command><![CDATA[service pdns restart]]></command>
 				</daemon>
 				<daemon name="powerdns_bind"
 					title="PowerDNS via bind-backend">
 					<install><![CDATA[apt-get install pdns-server]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 # allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -1439,7 +1438,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # Bind backend configuration
 
@@ -1455,7 +1454,7 @@ bind-check-interval=180
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/pdns restart]]></command>
+					<command><![CDATA[service pdns restart]]></command>
 				</daemon>
 			</service>
 			<!-- SMTP services -->
@@ -1578,7 +1577,7 @@ root:               root@<SERVERNAME>
 					</files>
 					<commands index="3">
 						<command><![CDATA[newaliases]]></command>
-						<command><![CDATA[/etc/init.d/postfix restart]]></command>
+						<command><![CDATA[service postfix restart]]></command>
 					</commands>
 				</general>
 				<!-- postfix with dovecot -->
@@ -2059,7 +2058,7 @@ driver = mysql
 # settings, like: host=sql1.host.org host=sql2.host.org
 #
 # pgsql:
-#   For available options, see the PostgreSQL documention for the
+#   For available options, see the PostgreSQL documentation for the
 #   PQconnectdb function of libpq.
 #   Use maxconns=n (default 5) to change how many connections Dovecot can
 #   create to pgsql.
@@ -2162,7 +2161,7 @@ user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir
 password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve')))
 
 # Query to get a list of all usernames.
-#iterate_query = SELECT username AS user FROM users
+iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)"
 ]]>
 							</content>
 						</file>
@@ -3124,7 +3123,7 @@ protocol sieve {
 #
 # If you want UIDL compatibility with other POP3 servers, use:
 #  UW's ipop3d         : %08Xv%08Xu
-#  Courier             : %f or %v-%u (both might be used simultaneosly)
+#  Courier             : %f or %v-%u (both might be used simultaneously)
 #  Cyrus (<= 2.1.3)    : %u
 #  Cyrus (>= 2.1.4)    : %v.%u
 #  Dovecot v0.99.x     : %v.%u
@@ -3294,12 +3293,21 @@ plugin {
   # (Currently only relevant for ManageSieve)
   #sieve_quota_max_storage = 0
 }
+]]>
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/90-quota.conf" chown="root:0"
+							chmod="0644" backup="true">
+							<content><![CDATA[
+plugin {
+  quota = maildir:User quota
+}
 ]]>
 							</content>
 						</file>
 					</files>
 					<commands index="1">
-						<command><![CDATA[/etc/init.d/dovecot restart]]></command>
+						<command><![CDATA[service dovecot restart]]></command>
 					</commands>
 				</general>
 				<!-- Dovecot with postfix -->
@@ -3382,7 +3390,7 @@ Port				21
 # PassivePorts                  49152 65534
 
 # If your host was NATted, this option is useful in order to
-# allow passive tranfers to work. You have to use your public
+# allow passive transfers to work. You have to use your public
 # address and opening the passive ports used on your firewall as well.
 # MasqueradeAddress		1.2.3.4
 
@@ -3407,7 +3415,7 @@ Group				nogroup
 # Umask 022 is a good standard umask to prevent new files and dirs
 # (second parm) from being group and world writable.
 Umask				022  022
-# Normally, we want files to be overwriteable.
+# Normally, we want files to be overwritable.
 AllowOverwrite			on
 
 # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
@@ -3654,7 +3662,7 @@ SQLBackend	mysql
 SQLEngine on
 SQLAuthenticate on
 #
-# Use both a crypted or plaintext password
+# Use both an encrypted or plaintext password
 SQLAuthTypes Crypt
 
 SQLAuthenticate users* groups*
@@ -3712,7 +3720,7 @@ TLSVerifyClient                         off
 #TLSRequired                             on
 
 # Allow SSL/TLS renegotiations when the client requests them, but
-# do not force the renegotations.  Some clients do not support
+# do not force the renegotiations.  Some clients do not support
 # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
 # clients will close the data connection, or there will be a timeout
 # on an idle data connection.
@@ -3722,7 +3730,7 @@ TLSVerifyClient                         off
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/proftpd restart]]></command>
+					<command><![CDATA[service proftpd restart]]></command>
 				</daemon>
 				<!-- Pureftpd -->
 				<daemon name="pureftpd" title="PureFTPd">
@@ -3948,7 +3956,7 @@ UPLOADGID=
 ]]>
 						</content>
 					</file>
-					<command><![CDATA[/etc/init.d/pure-ftpd-mysql restart]]></command>
+					<command><![CDATA[service pure-ftpd-mysql restart]]></command>
 				</daemon>
 			</service>
 			<!-- System tools/services -->
@@ -4020,7 +4028,7 @@ aliases:     files
 						chmod="0644">
 						<content><![CDATA[
 #
-# Froxlor logrotate snipet
+# Froxlor logrotate snippet
 #
 <CUSTOMER_LOGS>*.log {
   missingok
@@ -4088,7 +4096,7 @@ aliases:     files
 					<commands index="5">
 						<visibility mode="equals" value="apache2">{{settings.system.webserver}}
 						</visibility>
-						<command><![CDATA[/etc/init.d/apache2 restart]]></command>
+						<command><![CDATA[service apache2 restart]]></command>
 					</commands>
 					<!-- instead of just restarting apache, we let the cronjob do all the 
 						dirty work -->

lib/configfiles/gentoo.xml

@@ -391,14 +391,13 @@ mail	IN		A	<SERVERIP>
 				</daemon>
 				<daemon name="powerdns" title="PowerDNS (standalone)">
 					<install><![CDATA[emerge net-dns/pdns]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # Autogenerated configuration file template
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -902,7 +901,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # mysql-settings / you need to create the power-dns database for yourself!
 launch=gmysql
@@ -912,6 +911,8 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>
@@ -920,14 +921,13 @@ gmysql-password=
 				<daemon name="powerdns_bind"
 					title="PowerDNS via bind-backend">
 					<install><![CDATA[emerge net-dns/pdns]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # Autogenerated configuration file template
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -1431,7 +1431,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #local-ipv6=YOUR_IPv6_(if_any)
 bind-config=<BIND_CONFIG_PATH>named.conf
@@ -1587,7 +1587,7 @@ sendmail_path = /usr/sbin/sendmail
 # FQDN from Froxlor
 mydomain = <SERVERNAME>
 
-# set myhostname to $mydomain because Froxlor alrady uses a FQDN
+# set myhostname to $mydomain because Froxlor already uses a FQDN
 myhostname = $mydomain
 
 mydestination = $myhostname,
@@ -2345,6 +2345,15 @@ plugin {
 ]]>
 						</content>
 					</file>
+						<file name="/etc/dovecot/conf.d/90-quota.conf" chown="root:0"
+							chmod="0644" backup="true">
+							<content><![CDATA[
+plugin {
+  quota = maildir:User quota
+}
+]]>
+							</content>
+						</file>
 					<command><![CDATA[rc-update add dovecot default]]></command>
 					<command><![CDATA[/etc/init.d/dovecot restart]]></command>
 				</daemon>
@@ -3762,7 +3771,7 @@ aliases:     files
 					</file>
 					<command><![CDATA[rc-update add nscd default]]></command>
 					<command><![CDATA[/etc/init.d/nscd restart]]></command>
-					<!-- clear group chache -->
+					<!-- clear group cache -->
 					<command><![CDATA[nscd --invalidate=group]]></command>
 				</daemon>
 				<!-- Logrotate -->
@@ -3772,7 +3781,7 @@ aliases:     files
 						chmod="0644">
 						<content><![CDATA[
 #
-# Froxlor logrotate snipet
+# Froxlor logrotate snippet
 #
 <CUSTOMER_LOGS>*.log {
   missingok

lib/configfiles/stretch.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <froxlor>
 	<distribution name="Debian" codename="Stretch"
-		version="9.x" defaulteditor="/bin/nano">
+		version="9.x" defaulteditor="/bin/nano" deprecated="true">
 		<services>
 			<!-- HTTP -->
 			<service type="http" title="{{lng.admin.configfiles.http}}">
@@ -371,13 +371,12 @@ exit "$RETVAL"
 				</daemon>
 				<daemon name="powerdns" title="PowerDNS (standalone)">
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -896,7 +895,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # mysql-settings / you need to create the power-dns database for yourself!
 launch=gmysql
@@ -906,6 +905,8 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>
@@ -914,13 +915,12 @@ gmysql-password=
 				<daemon name="powerdns_bind"
 					title="PowerDNS via bind-backend">
 					<install><![CDATA[apt-get install pdns-server]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 # allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -1440,7 +1440,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # Bind backend configuration
 
@@ -2217,7 +2217,7 @@ debugger_command =
 #	>$config_directory/$process_name.$process_id.log & sleep 5
 #
 # Another possibility is to run gdb under a detached screen session.
-# To attach to the screen sesssion, su root and run "screen -r
+# To attach to the screen session, su root and run "screen -r
 # <id_string>" where <id_string> uniquely matches one of the detached
 # sessions (from "screen -list").
 #
@@ -2631,7 +2631,7 @@ driver = mysql
 # settings, like: host=sql1.host.org host=sql2.host.org
 #
 # pgsql:
-#   For available options, see the PostgreSQL documention for the
+#   For available options, see the PostgreSQL documentation for the
 #   PQconnectdb function of libpq.
 #   Use maxconns=n (default 5) to change how many connections Dovecot can
 #   create to pgsql.
@@ -2734,7 +2734,7 @@ user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir
 password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve')))
 
 # Query to get a list of all usernames.
-#iterate_query = SELECT username AS user FROM users
+iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)"
 ]]>
 							</content>
 						</file>
@@ -3696,7 +3696,7 @@ protocol sieve {
 #
 # If you want UIDL compatibility with other POP3 servers, use:
 #  UW's ipop3d         : %08Xv%08Xu
-#  Courier             : %f or %v-%u (both might be used simultaneosly)
+#  Courier             : %f or %v-%u (both might be used simultaneously)
 #  Cyrus (<= 2.1.3)    : %u
 #  Cyrus (>= 2.1.4)    : %v.%u
 #  Dovecot v0.99.x     : %v.%u
@@ -3866,6 +3866,15 @@ plugin {
   # (Currently only relevant for ManageSieve)
   #sieve_quota_max_storage = 0
 }
+]]>
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/90-quota.conf" chown="root:0"
+							chmod="0644" backup="true">
+							<content><![CDATA[
+plugin {
+  quota = maildir:User quota
+}
 ]]>
 							</content>
 						</file>
@@ -3954,7 +3963,7 @@ Port				21
 # PassivePorts                  49152 65534
 
 # If your host was NATted, this option is useful in order to
-# allow passive tranfers to work. You have to use your public
+# allow passive transfers to work. You have to use your public
 # address and opening the passive ports used on your firewall as well.
 # MasqueradeAddress		1.2.3.4
 
@@ -3979,7 +3988,7 @@ Group				nogroup
 # Umask 022 is a good standard umask to prevent new files and dirs
 # (second parm) from being group and world writable.
 Umask				022  022
-# Normally, we want files to be overwriteable.
+# Normally, we want files to be overwritable.
 AllowOverwrite			on
 
 # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
@@ -4226,7 +4235,7 @@ SQLBackend	mysql
 SQLEngine on
 SQLAuthenticate on
 #
-# Use both a crypted or plaintext password
+# Use both an encrypted or plaintext password
 SQLAuthTypes Crypt
 
 SQLAuthenticate users* groups*
@@ -4284,7 +4293,7 @@ TLSVerifyClient                         off
 #TLSRequired                             on
 
 # Allow SSL/TLS renegotiations when the client requests them, but
-# do not force the renegotations.  Some clients do not support
+# do not force the renegotiations.  Some clients do not support
 # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
 # clients will close the data connection, or there will be a timeout
 # on an idle data connection.
@@ -4584,7 +4593,7 @@ aliases:     files
 						chmod="0644">
 						<content><![CDATA[
 #
-# Froxlor logrotate snipet
+# Froxlor logrotate snippet
 #
 <CUSTOMER_LOGS>*.log {
   missingok

lib/configfiles/xenial.xml

@@ -382,13 +382,12 @@ exit "$RETVAL"
 				</daemon>
 				<daemon name="powerdns" title="PowerDNS (standalone)">
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -907,7 +906,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # mysql-settings / you need to create the power-dns database for yourself!
 launch=gmysql
@@ -917,6 +916,8 @@ gmysql-dbname=pdns
 gmysql-user=powerdns
 gmysql-group=client
 gmysql-password=
+#gmysql-ssl-ca-file=
+#gmysql-ssl-verify-server-certificate=0
 ]]>
 						</content>
 					</file>
@@ -925,13 +926,12 @@ gmysql-password=
 				<daemon name="powerdns_bind"
 					title="PowerDNS via bind-backend">
 					<install><![CDATA[apt-get install pdns-server]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chown="root:pdns" chmod="640">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
 # allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
-# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -1451,7 +1451,7 @@ include-dir=/etc/powerdns/froxlor/
 					</file>
 					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf"
-						chown="root:root" chmod="600">
+						chown="root:pdns" chmod="640">
 						<content><![CDATA[
 # Bind backend configuration
 
@@ -2228,7 +2228,7 @@ debugger_command =
 #	>$config_directory/$process_name.$process_id.log & sleep 5
 #
 # Another possibility is to run gdb under a detached screen session.
-# To attach to the screen sesssion, su root and run "screen -r
+# To attach to the screen session, su root and run "screen -r
 # <id_string>" where <id_string> uniquely matches one of the detached
 # sessions (from "screen -list").
 #
@@ -2642,7 +2642,7 @@ driver = mysql
 # settings, like: host=sql1.host.org host=sql2.host.org
 #
 # pgsql:
-#   For available options, see the PostgreSQL documention for the
+#   For available options, see the PostgreSQL documentation for the
 #   PQconnectdb function of libpq.
 #   Use maxconns=n (default 5) to change how many connections Dovecot can
 #   create to pgsql.
@@ -2745,7 +2745,7 @@ user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir
 password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve')))
 
 # Query to get a list of all usernames.
-#iterate_query = SELECT username AS user FROM users
+iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)"
 ]]>
 							</content>
 						</file>
@@ -3707,7 +3707,7 @@ protocol sieve {
 #
 # If you want UIDL compatibility with other POP3 servers, use:
 #  UW's ipop3d         : %08Xv%08Xu
-#  Courier             : %f or %v-%u (both might be used simultaneosly)
+#  Courier             : %f or %v-%u (both might be used simultaneously)
 #  Cyrus (<= 2.1.3)    : %u
 #  Cyrus (>= 2.1.4)    : %v.%u
 #  Dovecot v0.99.x     : %v.%u
@@ -3877,6 +3877,15 @@ plugin {
   # (Currently only relevant for ManageSieve)
   #sieve_quota_max_storage = 0
 }
+]]>
+							</content>
+						</file>
+						<file name="/etc/dovecot/conf.d/90-quota.conf" chown="root:0"
+							chmod="0644" backup="true">
+							<content><![CDATA[
+plugin {
+  quota = maildir:User quota
+}
 ]]>
 							</content>
 						</file>
@@ -3965,7 +3974,7 @@ Port				21
 # PassivePorts                  49152 65534
 
 # If your host was NATted, this option is useful in order to
-# allow passive tranfers to work. You have to use your public
+# allow passive transfers to work. You have to use your public
 # address and opening the passive ports used on your firewall as well.
 # MasqueradeAddress		1.2.3.4
 
@@ -3990,7 +3999,7 @@ Group				nogroup
 # Umask 022 is a good standard umask to prevent new files and dirs
 # (second parm) from being group and world writable.
 Umask				022  022
-# Normally, we want files to be overwriteable.
+# Normally, we want files to be overwritable.
 AllowOverwrite			on
 
 # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
@@ -4237,7 +4246,7 @@ SQLBackend	mysql
 SQLEngine on
 SQLAuthenticate on
 #
-# Use both a crypted or plaintext password
+# Use both an encrypted or plaintext password
 SQLAuthTypes Crypt
 
 SQLAuthenticate users* groups*
@@ -4295,7 +4304,7 @@ TLSVerifyClient                         off
 #TLSRequired                             on
 
 # Allow SSL/TLS renegotiations when the client requests them, but
-# do not force the renegotations.  Some clients do not support
+# do not force the renegotiations.  Some clients do not support
 # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
 # clients will close the data connection, or there will be a timeout
 # on an idle data connection.
@@ -4595,7 +4604,7 @@ aliases:     files
 						chmod="0644">
 						<content><![CDATA[
 #
-# Froxlor logrotate snipet
+# Froxlor logrotate snippet
 #
 <CUSTOMER_LOGS>*.log {
   missingok

lib/formfields/admin/customer/formfield.customer_add.php

@@ -37,7 +37,7 @@ return array(
 							)
 						),
 						'value' => array(
-							'1'
+							\Froxlor\Settings::Get('system.createstdsubdom_default')
 						)
 					),
 					'store_defaultindex' => array(

lib/formfields/admin/phpconfig/formfield.phpconfig_add.php

@@ -179,6 +179,18 @@ return array(
 						'cols' => 80,
 						'rows' => 20,
 						'value' => $result['phpsettings']
+					),
+					'allow_all_customers' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['allow_all_customers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['allow_all_customers']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
 					)
 				)
 			)

lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php

@@ -187,6 +187,18 @@ return array(
 						'cols' => 80,
 						'rows' => 20,
 						'value' => $result['phpsettings']
+					),
+					'allow_all_customers' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['allow_all_customers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['allow_all_customers']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
 					)
 				)
 			)

lib/formfields/customer/mysql/formfield.mysql_add.php

@@ -1,5 +1,7 @@
 <?php
 
+use Froxlor\Settings;
+
 /**
  * This file is part of the Froxlor project.
  * Copyright (c) 2010 the Froxlor Team (see authors).
@@ -22,6 +24,11 @@ return array(
 				'title' => $lng['mysql']['database_create'],
 				'image' => 'icons/mysql_add.png',
 				'fields' => array(
+					'custom_suffix' => array(
+						'visible' => (strtoupper(Settings::Get('customer.mysqlprefix')) == 'DBNAME') ? true : false,
+						'label' => $lng['mysql']['databasename'],
+						'type' => 'text'
+					),
 					'description' => array(
 						'label' => $lng['mysql']['databasedescription'],
 						'type' => 'text'

lib/init.php

@@ -103,7 +103,7 @@ unset($_);
 unset($value);
 unset($key);
 
-$filename = htmlentities(basename($_SERVER['PHP_SELF']));
+$filename = htmlentities(basename($_SERVER['SCRIPT_NAME']));
 
 // check whether the userdata file exists
 if (! file_exists(\Froxlor\Froxlor::getInstallDir() . '/lib/userdata.inc.php')) {
@@ -161,7 +161,9 @@ $idna_convert = new \Froxlor\Idna\IdnaWrapper();
 /**
  * If Froxlor was called via HTTPS -> enforce it for the next time by settings HSTS header according to settings
  */
+$is_ssl = false;
 if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
+	$is_ssl = true;
 	$maxage = Settings::Get('system.hsts_maxage');
 	if (empty($maxage)) {
 		$maxage = 0;
@@ -217,6 +219,8 @@ if (isset($s) && $s != "" && $nosession != 1) {
 	ini_set("session.name", "s");
 	ini_set("url_rewriter.tags", "");
 	ini_set("session.use_cookies", false);
+	ini_set("session.cookie_httponly", true);
+	ini_set("session.cookie_secure", $is_ssl);
 	session_id($s);
 	session_start();
 	$query = "SELECT `s`.*, `u`.* FROM `" . TABLE_PANEL_SESSIONS . "` `s` LEFT JOIN `";
@@ -265,7 +269,7 @@ if (isset($s) && $s != "" && $nosession != 1) {
 }
 
 /**
- * Language Managament
+ * Language Management
  */
 $langs = array();
 $languages = array();
@@ -279,7 +283,7 @@ while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 	$langs[$row['language']][] = $row;
 	// check for row[iso] cause older froxlor
 	// versions didn't have that and it will
-	// lead to a lot of undfined variables
+	// lead to a lot of undefined variables
 	// before the admin can even update
 	if (isset($row['iso'])) {
 		$iso[$row['iso']] = $row['language'];
@@ -380,10 +384,23 @@ if (! array_key_exists('variants', $_themeoptions) || ! array_key_exists($themev
 
 // check for custom header-graphic
 $hl_path = 'templates/' . $theme . '/assets/img';
-$header_logo = $hl_path . '/logo.png';
 
-if (file_exists($hl_path . '/logo_custom.png')) {
+// default is theme-image
+$header_logo = $hl_path . '/logo.png';
+$header_logo_login = $hl_path . '/logo.png';
+
+if (Settings::Get('panel.logo_overridetheme') == 1 || Settings::Get('panel.logo_overridecustom') == 1) {
+	// logo settings shall overwrite theme logo and possible custom logo
+	$header_logo = Settings::Get('panel.logo_image_header') ?: $header_logo;
+	$header_logo_login = Settings::Get('panel.logo_image_login') ?: $header_logo_login;
+}
+if (Settings::Get('panel.logo_overridecustom') == 0 && file_exists($hl_path . '/logo_custom.png')) {
+	// custom theme image (logo_custom.png) is not being overwritten by logo_image_* setting
 	$header_logo = $hl_path . '/logo_custom.png';
+	$header_logo_login = $hl_path . '/logo_custom.png';
+	if (file_exists($hl_path . '/logo_custom_login.png')) {
+		$header_logo_login = $hl_path . '/logo_custom_login.png';
+	}
 }
 
 /**

lng/dutch.lng.php

@@ -558,10 +558,6 @@ $lng['traffic']['sumhttp'] = 'Samenvatting HTTP-verkeer in';
 $lng['traffic']['sumftp'] = 'Samenvatting FTP-verkeer in';
 $lng['traffic']['summail'] = 'Samenvatting Mail-verkeer in';
 
-// ADDED IN 1.2.19-svn4.5
-
-$lng['serversettings']['no_robots']['title'] = 'Zoekmachines toestaan uw Froxlor-installatie te indexeren';
-
 // ADDED IN 1.2.19-svn6
 
 $lng['admin']['loggersettings'] = 'Instellingen voor logs';
@@ -591,7 +587,7 @@ $lng['panel']['reseller'] = 'wederverkoper';
 $lng['panel']['admin'] = 'beheerder';
 $lng['panel']['customer'] = 'klant(en)';
 $lng['error']['nomessagetosend'] = 'U hebt geen bericht opgegeven.';
-$lng['error']['noreceipientsgiven'] = 'U hebt geen ontvanger opgegeven';
+$lng['error']['norecipientsgiven'] = 'U hebt geen ontvanger opgegeven';
 $lng['admin']['emaildomain'] = 'Emaildomein';
 $lng['admin']['email_only'] = 'Alleen email?';
 $lng['admin']['wwwserveralias'] = 'Voeg een "www." ServerAlias toe';
@@ -599,14 +595,14 @@ $lng['admin']['ipsandports']['enable_ssl'] = 'Is dit een SSL-poort?';
 $lng['admin']['ipsandports']['ssl_cert_file'] = 'Pad naar SSL-certificaat';
 $lng['panel']['send'] = 'verzenden';
 $lng['admin']['subject'] = 'Onderwerp';
-$lng['admin']['receipient'] = 'Ontvanger';
+$lng['admin']['recipient'] = 'Ontvanger';
 $lng['admin']['message'] = 'Bericht schrijven';
 $lng['admin']['text'] = 'Bericht';
 $lng['menu']['message'] = 'Berichten';
 $lng['error']['errorsendingmail'] = 'Het versturen van het bericht naar "%s" is mislukt';
 $lng['error']['cannotreaddir'] = 'De map "%s" kan niet gelezen worden';
 $lng['message']['success'] = 'Bericht verzonden naar ontvangers %s';
-$lng['message']['noreceipients'] = 'Er is geen email verstuurd omdat er geen ontvangers in de database zijn';
+$lng['message']['norecipients'] = 'Er is geen email verstuurd omdat er geen ontvangers in de database zijn';
 $lng['admin']['sslsettings'] = 'Instellingen voor SSL';
 $lng['cronjobs']['notyetrun'] = 'Nog niet uitgevoerd';
 $lng['serversettings']['default_vhostconf']['title'] = 'Standaard vhost-instellingen';

lng/english.lng.php

@@ -332,7 +332,7 @@ $lng['serversettings']['session_timeout']['description'] = 'How long does a user
 $lng['serversettings']['accountprefix']['title'] = 'Customer prefix';
 $lng['serversettings']['accountprefix']['description'] = 'Which prefix should customer accounts have?';
 $lng['serversettings']['mysqlprefix']['title'] = 'SQL Prefix';
-$lng['serversettings']['mysqlprefix']['description'] = 'Which prefix should MySQL accounts have?</br>Use "RANDOM" as value to get a 3-digit random prefix';
+$lng['serversettings']['mysqlprefix']['description'] = 'Which prefix should MySQL accounts have?</br>Use "RANDOM" as value to get a 3-digit random prefix</br>Use "DBNAME" as the value, a database name field is used together with the customer name as a prefix.';
 $lng['serversettings']['ftpprefix']['title'] = 'FTP Prefix';
 $lng['serversettings']['ftpprefix']['description'] = 'Which prefix should ftp accounts have?<br/><b>If you change this you also have to change the Quota SQL Query in your FTP Server config file in case you use it!</b> ';
 $lng['serversettings']['documentroot_prefix']['title'] = 'Home directory';
@@ -626,10 +626,6 @@ $lng['traffic']['sumhttp'] = 'Total HTTP-Traffic';
 $lng['traffic']['sumftp'] = 'Total FTP-Traffic';
 $lng['traffic']['summail'] = 'Total Mail-Traffic';
 
-// ADDED IN 1.2.19-svn4.5
-
-$lng['serversettings']['no_robots']['title'] = 'Allow searchengine-robots to index your Froxlor installation';
-
 // ADDED IN 1.2.19-svn6
 
 $lng['admin']['loggersettings'] = 'Log settings';
@@ -664,7 +660,7 @@ $lng['panel']['reseller'] = 'reseller';
 $lng['panel']['admin'] = 'admin';
 $lng['panel']['customer'] = 'customer/s';
 $lng['error']['nomessagetosend'] = 'You did not enter a message.';
-$lng['error']['noreceipientsgiven'] = 'You did not specify any recipient';
+$lng['error']['norecipientsgiven'] = 'You did not specify any recipient';
 $lng['admin']['emaildomain'] = 'Emaildomain';
 $lng['admin']['email_only'] = 'Only email?';
 $lng['admin']['wwwserveralias'] = 'Add a "www." ServerAlias';
@@ -672,14 +668,14 @@ $lng['admin']['ipsandports']['enable_ssl'] = 'Is this an SSL Port?';
 $lng['admin']['ipsandports']['ssl_cert_file'] = 'Path to the SSL Certificate';
 $lng['panel']['send'] = 'send';
 $lng['admin']['subject'] = 'Subject';
-$lng['admin']['receipient'] = 'Recipient';
+$lng['admin']['recipient'] = 'Recipient';
 $lng['admin']['message'] = 'Write a Message';
 $lng['admin']['text'] = 'Message';
 $lng['menu']['message'] = 'Messages';
 $lng['error']['errorsendingmail'] = 'The message to "%s" failed';
 $lng['error']['cannotreaddir'] = 'Unable to read directory "%s"';
 $lng['message']['success'] = 'Successfully sent message to %s recipients';
-$lng['message']['noreceipients'] = 'No e-mail has been sent because there are no recipients in the database';
+$lng['message']['norecipients'] = 'No e-mail has been sent because there are no recipients in the database';
 $lng['admin']['sslsettings'] = 'SSL settings';
 $lng['cronjobs']['notyetrun'] = 'Not yet run';
 $lng['serversettings']['default_vhostconf']['title'] = 'Default vHost-settings';
@@ -930,7 +926,7 @@ $lng['admin']['ipsandports']['default_vhostconf_domain'] = 'Default vHost-settin
 $lng['serversettings']['ssl']['ssl_key_file']['title'] = 'Path to the SSL Keyfile';
 $lng['serversettings']['ssl']['ssl_key_file']['description'] = 'Specify the path including the filename for the private-key file (.key mostly)';
 $lng['serversettings']['ssl']['ssl_ca_file']['title'] = 'Path to the SSL CA certificate (optional)';
-$lng['serversettings']['ssl']['ssl_ca_file']['description'] = 'Client authentification, set this only if you know what it is.';
+$lng['serversettings']['ssl']['ssl_ca_file']['description'] = 'Client authentication, set this only if you know what it is.';
 
 $lng['error']['usernamealreadyexists'] = 'The username %s already exists.';
 
@@ -1600,12 +1596,14 @@ $lng['serversettings']['panel_allow_theme_change_admin'] = 'Allow admins to chan
 $lng['serversettings']['panel_allow_theme_change_customer'] = 'Allow customers to change the theme';
 $lng['serversettings']['axfrservers']['title'] = 'AXFR servers';
 $lng['serversettings']['axfrservers']['description'] = 'A comma separated list of IP addresses allowed to transfer (AXFR) dns zones.';
+$lng['serversettings']['powerdns_mode']['title'] = 'PowerDNS Operation Mode';
+$lng['serversettings']['powerdns_mode']['description'] = 'Select the PoweDNS mode: Native for no replication (Default) / Master if DNS replication is needed.';
 $lng['panel']['ssleditor'] = 'SSL settings for this domain';
 $lng['admin']['ipsandports']['ssl_paste_description'] = 'Paste your complete certificate content in the textbox';
 $lng['admin']['ipsandports']['ssl_cert_file_content'] = 'Content of the ssl certificate';
 $lng['admin']['ipsandports']['ssl_key_file_content'] = 'Content of the ssl (private-) key file';
 $lng['admin']['ipsandports']['ssl_ca_file_content'] = 'Content of the ssl CA file (optional)';
-$lng['admin']['ipsandports']['ssl_ca_file_content_desc'] = '<br /><br />Client authentification, set this only if you know what it is.';
+$lng['admin']['ipsandports']['ssl_ca_file_content_desc'] = '<br /><br />Client authentication, set this only if you know what it is.';
 $lng['admin']['ipsandports']['ssl_cert_chainfile_content'] = 'Content of the certificate chain file (optional)';
 $lng['admin']['ipsandports']['ssl_cert_chainfile_content_desc'] = '<br /><br />Mostly CA_Bundle, or similar, you probably want to set this if you bought a SSL certificate.';
 $lng['error']['sslcertificateismissingprivatekey'] = 'You need to specify a private key for your certificate';
@@ -1615,7 +1613,7 @@ $lng['error']['sslcertificateinvalidcertkeypair'] = 'The given private-key does
 $lng['error']['sslcertificateinvalidca'] = 'The given CA certificate data does not seem to be a valid certificate';
 $lng['error']['sslcertificateinvalidchain'] = 'The given certificate chain data does not seem to be a valid certificate';
 $lng['serversettings']['customerssl_directory']['title'] = 'Webserver customer-ssl certificates-directory';
-$lng['serversettings']['customerssl_directory']['description'] = 'Where should customer-specified ssl-certificates be created?<br /><br /><div class="red">NOTE: This folder\'s content gets deleted regulary so avoid storing data in there manually.</div>';
+$lng['serversettings']['customerssl_directory']['description'] = 'Where should customer-specified ssl-certificates be created?<br /><br /><div class="red">NOTE: This folder\'s content gets deleted regularly so avoid storing data in there manually.</div>';
 $lng['admin']['phpfpm.ininote'] = 'Not all values you may want to define can be used in the php-fpm pool configuration';
 
 // Added in Froxlor 0.9.30
@@ -1832,15 +1830,15 @@ $lng['opcacheinfo']['false'] = '<i>false</i>';
 
 // Added for let's encrypt
 $lng['admin']['letsencrypt']['title'] = 'Use Let\'s Encrypt';
-$lng['admin']['letsencrypt']['description'] = 'Get a free certificate from <a href="https://letsencrypt.org">Let\'s Encrypt</a>. The certificate will be created and renewed automatically.<br><strong class="red">ATTENTION:</strong> If wildcards are enabled, this option will automatically be disabled. This feature is still in beta.';
+$lng['admin']['letsencrypt']['description'] = 'Get a free certificate from <a href="https://letsencrypt.org">Let\'s Encrypt</a>. The certificate will be created and renewed automatically.<br><strong class="red">ATTENTION:</strong> If wildcards are enabled, this option will automatically be disabled.';
 $lng['customer']['letsencrypt']['title'] = 'Use Let\'s Encrypt';
-$lng['customer']['letsencrypt']['description'] = 'Get a free certificate from <a href="https://letsencrypt.org">Let\'s Encrypt</a>. The certificate will be created and renewed automatically.<br><strong class="red">ATTENTION:</strong> This feature is still in beta.';
+$lng['customer']['letsencrypt']['description'] = 'Get a free certificate from <a href="https://letsencrypt.org">Let\'s Encrypt</a>. The certificate will be created and renewed automatically.';
 $lng['error']['sslredirectonlypossiblewithsslipport'] = 'Using Let\'s Encrypt is only possible when the domain has at least one ssl-enabled IP/port combination assigned.';
 $lng['error']['nowildcardwithletsencrypt'] = 'Let\'s Encrypt cannot handle wildcard-domains using ACME in froxlor (requires dns-challenge), sorry. Please set the ServerAlias to WWW or disable it completely';
 $lng['panel']['letsencrypt'] = 'Using Let\'s encrypt';
 $lng['crondesc']['cron_letsencrypt'] = 'updating Let\'s Encrypt certificates';
-$lng['serversettings']['letsencryptca']['title'] = "Let's Encrypt environment";
-$lng['serversettings']['letsencryptca']['description'] = "Environment to be used for Let's Encrypt certificates.";
+$lng['serversettings']['letsencryptca']['title'] = "ACME environment";
+$lng['serversettings']['letsencryptca']['description'] = "Environment to be used for Let's Encrypt / ZeroSSL certificates.";
 $lng['serversettings']['letsencryptcountrycode']['title'] = "Let's Encrypt country code";
 $lng['serversettings']['letsencryptcountrycode']['description'] = "2 letter country code used to generate Let's Encrypt certificates.";
 $lng['serversettings']['letsencryptstate']['title'] = "Let's Encrypt state";
@@ -1922,7 +1920,7 @@ $lng['dnseditor']['records'] = 'records';
 $lng['error']['dns_notfoundorallowed'] = 'Domain not found or no permission';
 $lng['serversettings']['dnseditorenable']['title'] = 'Enable DNS editor';
 $lng['serversettings']['dnseditorenable']['description'] = 'Allows admins and customer to manage domain dns entries';
-$lng['dns']['howitworks'] = 'Here you can manage DNS entries for your domain. Note that froxlor will automatically generate NS/MX/A/AAAA records for you. The custom entries are prefered, only missing entries will be automatically generated.';
+$lng['dns']['howitworks'] = 'Here you can manage DNS entries for your domain. Note that froxlor will automatically generate NS/MX/A/AAAA records for you. The custom entries are preferred, only missing entries will be automatically generated.';
 $lng['serversettings']['dns_server']['title'] = 'DNS server daemon';
 $lng['serversettings']['dns_server']['description'] = 'Remember that daemons have to be configured using froxlors configuration templates';
 
@@ -1997,7 +1995,7 @@ $lng['serversettings']['leapiversion']['title'] = "Choose Let's Encrypt ACME imp
 $lng['serversettings']['leapiversion']['description'] = "Currently only ACME v2 implementation for Let's Encrypt is supported.";
 $lng['admin']['phpsettings']['pass_authorizationheader'] = 'Add "-pass-header Authorization" / "CGIPassAuth On" to vhosts';
 $lng['serversettings']['ssl']['ssl_protocols']['title'] = 'Configure the TLS protocol version';
-$lng['serversettings']['ssl']['ssl_protocols']['description'] = 'This is a list of ssl protocols that you want (or don\'t want) to use when using SSL. <b>Notice:</b> Some older browsers may not support the newest protcol versions.<br /><br /><b>Default value is:</b><pre>TLSv1.2</pre>';
+$lng['serversettings']['ssl']['ssl_protocols']['description'] = 'This is a list of ssl protocols that you want (or don\'t want) to use when using SSL. <b>Notice:</b> Some older browsers may not support the newest protocol versions.<br /><br /><b>Default value is:</b><pre>TLSv1.2</pre>';
 $lng['serversettings']['phpfpm_settings']['limit_extensions']['title'] = 'Allowed extensions';
 $lng['serversettings']['phpfpm_settings']['limit_extensions']['description'] = 'Limits the extensions of the main script FPM will allow to parse. This can prevent configuration mistakes on the web server side. You should only limit FPM to .php extensions to prevent malicious users to use other extensions to execute php code. Default value: .php';
 $lng['phpfpm']['ini_flags'] = 'Enter possible <strong>php_flag</strong>s for php.ini. One entry per line';
@@ -2116,3 +2114,24 @@ $lng['serversettings']['terms_url']['description'] = 'Specify an URL to your ter
 $lng['privacy'] = 'Privacy policy';
 $lng['serversettings']['privacy_url']['title'] = 'URL to privacy policy';
 $lng['serversettings']['privacy_url']['description'] = 'Specify an URL to your privacy policy site / imprint site. The link will be visible on the login screen and on the footer when logged in.';
+$lng['admin']['domaindefaultalias'] = 'Default ServerAlias value for new domains';
+
+$lng['serversettings']['logo_image_header']['title'] = 'Logo Image (Header)';
+$lng['serversettings']['logo_image_header']['description'] = 'Upload your own logo image to be shown in the header after login (recommended height 30px)';
+$lng['serversettings']['logo_image_login']['title'] = 'Logo Image (Login)';
+$lng['serversettings']['logo_image_login']['description'] = 'Upload your own logo image to be shown during login';
+$lng['panel']['image_field_delete'] = 'Delete the existing current image';
+$lng['serversettings']['logo_overridetheme']['title'] = 'Overwrites logo defined in theme by "Logo Image" (Header and Login, see below)';
+$lng['serversettings']['logo_overridetheme']['description'] = 'This needs to be set to "true" if you intend to use your uploaded logo; alternatively you can still use the theme-based "logo_custom.png" and "logo_custom_login.png" possibility.';
+$lng['serversettings']['logo_overridecustom']['title'] = 'Overwrite custom logo (logo_custom.png and logo_custom_login.png) defined in theme by "Logo Image" (Header and Login, see below)';
+$lng['serversettings']['logo_overridecustom']['description'] = 'Set this to "true" if you want to ignore theme-specific custom logos for header and login and use "Logo Image"';
+$lng['serversettings']['createstdsubdom_default']['title'] = 'Preselected value for "'.$lng['admin']['stdsubdomain_add'].'" when creating a customer';
+$lng['serversettings']['froxlorusergroup']['title'] = 'Custom system group for all customer users';
+$lng['serversettings']['froxlorusergroup']['description'] = 'Usage of libnss-extrausers (system-settings) is required for this to take effect. An empty value skips creation or removes existing group.';
+$lng['error']['local_group_exists'] = 'The given group already exists on the system.';
+$lng['error']['local_group_invalid'] = 'The given group name is invalid';
+$lng['error']['invaliddnsforletsencrypt'] = 'The domains DNS does not include any of the chosen IP addresses. Let\'s Encrypt certificate generation not possible.';
+$lng['error']['notallowedphpconfigused'] = 'Trying to use php-config which is not assigned to customer';
+
+$lng['serversettings']['phpfpm_settings']['allow_all_customers']['title'] = 'Assign this configuration to all currently existing customers';
+$lng['serversettings']['phpfpm_settings']['allow_all_customers']['description'] = 'Set this to "true" if you want to assign this configuration to all currently existing customers so it can be used by them. This setting is not permanent but can be run multiple times.';

lng/french.lng.php

@@ -598,10 +598,6 @@ $lng['traffic']['sumhttp'] = 'Trafic HTTP total entrant';
 $lng['traffic']['sumftp'] = 'Trafic FTP total entrant';
 $lng['traffic']['summail'] = 'Trafic E-mail total entrant';
 
-// ADDED IN 1.2.19-svn4.5
-
-$lng['serversettings']['no_robots']['title'] = 'Permettre aux robots des moteurs de recherche d\'indexer l\'installation de Froxlor';
-
 // ADDED IN 1.2.19-svn6
 
 $lng['admin']['loggersettings'] = 'Paramètres des logs';
@@ -631,7 +627,7 @@ $lng['panel']['reseller'] = 'revendeur';
 $lng['panel']['admin'] = 'administrateur';
 $lng['panel']['customer'] = 'client(s)';
 $lng['error']['nomessagetosend'] = 'Vous n\'avez pas entré de message.';
-$lng['error']['noreceipientsgiven'] = 'Vous n\'avez pas spécifier de destinataire';
+$lng['error']['norecipientsgiven'] = 'Vous n\'avez pas spécifier de destinataire';
 $lng['admin']['emaildomain'] = 'Domaine e-mail';
 $lng['admin']['email_only'] = 'Seulement des e-mails ?';
 $lng['admin']['wwwserveralias'] = 'Ajouter un "www." à l\'alias du serveur "ServerAlias"';
@@ -639,14 +635,14 @@ $lng['admin']['ipsandports']['enable_ssl'] = 'Est-ce un port SSL ?';
 $lng['admin']['ipsandports']['ssl_cert_file'] = 'Emplacement du certificat SSL';
 $lng['panel']['send'] = 'envoyé';
 $lng['admin']['subject'] = 'Sujet';
-$lng['admin']['receipient'] = 'Destinataire';
+$lng['admin']['recipient'] = 'Destinataire';
 $lng['admin']['message'] = 'Ecrire un message';
 $lng['admin']['text'] = 'Message';
 $lng['menu']['message'] = 'Messages';
 $lng['error']['errorsendingmail'] = 'Echec d\'envoi du message à "%s"';
 $lng['error']['cannotreaddir'] = 'Impossible de lire dossier "%s"';
 $lng['message']['success'] = 'Le message a été envoyé aux destinataires "%s"';
-$lng['message']['noreceipients'] = 'Aucun e-mail n\'a été envoyé car il n\'existe aucun destinataire dans la base de données';
+$lng['message']['norecipients'] = 'Aucun e-mail n\'a été envoyé car il n\'existe aucun destinataire dans la base de données';
 $lng['admin']['sslsettings'] = 'Paramètres SSL';
 $lng['cronjobs']['notyetrun'] = 'Pas encore lancé';
 $lng['serversettings']['default_vhostconf']['title'] = 'Paramètres par défaut pour les vHosts';

lng/german.lng.php

@@ -327,7 +327,7 @@ $lng['serversettings']['session_timeout']['description'] = 'Wie lange muss ein B
 $lng['serversettings']['accountprefix']['title'] = 'Kundenpräfix';
 $lng['serversettings']['accountprefix']['description'] = 'Welchen Präfix sollen die Kundenaccounts haben?';
 $lng['serversettings']['mysqlprefix']['title'] = 'MySQL-Präfix';
-$lng['serversettings']['mysqlprefix']['description'] = 'Welchen Präfix sollen die MySQL-Benutzerkonten haben?</br>Mit "RANDOM" als Wert wird ein 3-stelliger Zufallswert als Präfix verwendet.';
+$lng['serversettings']['mysqlprefix']['description'] = 'Welchen Präfix sollen die MySQL-Benutzerkonten haben?</br>Mit "RANDOM" als Wert wird ein 3-stelliger Zufallswert als Präfix verwendet.</br>Mit "DBNAME" als Wert wird ein Feld Databankname zusammen mit dem Kundennamen als Präfix genutzt.';
 $lng['serversettings']['ftpprefix']['title'] = 'FTP-Präfix';
 $lng['serversettings']['ftpprefix']['description'] = 'Welchen Präfix sollen die FTP-Benutzerkonten haben?<br/><b>Falls FTP-Quoatas verwendet werden, ist es notwendig das Quota-SQL-Query in der FTP-Server-Config ebenfalls zu ändern!</b>';
 $lng['serversettings']['documentroot_prefix']['title'] = 'Heimatverzeichnis';
@@ -619,10 +619,6 @@ $lng['traffic']['sumhttp'] = 'Gesamt HTTP-Traffic';
 $lng['traffic']['sumftp'] = 'Gesamt FTP-Traffic';
 $lng['traffic']['summail'] = 'Gesamt Mail-Traffic';
 
-// ADDED IN 1.2.19-svn4.5
-
-$lng['serversettings']['no_robots']['title'] = 'Erlaube die Indizierung Ihrer Froxlor-Installation durch Suchmaschinen';
-
 // ADDED IN 1.2.19-svn6
 
 $lng['admin']['loggersettings'] = 'Log-Einstellungen';
@@ -657,7 +653,7 @@ $lng['panel']['reseller'] = 'Reseller';
 $lng['panel']['admin'] = 'Administrator';
 $lng['panel']['customer'] = 'Kunde/n';
 $lng['error']['nomessagetosend'] = 'Keine Nachricht angegeben';
-$lng['error']['noreceipientsgiven'] = 'Keine Empfänger angegeben';
+$lng['error']['norecipientsgiven'] = 'Keine Empfänger angegeben';
 $lng['admin']['emaildomain'] = 'E-Mail-Domain';
 $lng['admin']['email_only'] = 'Nur als E-Mail-Domain verwenden?';
 $lng['admin']['wwwserveralias'] = 'Einen "www." ServerAlias hinzufügen';
@@ -665,14 +661,14 @@ $lng['admin']['ipsandports']['enable_ssl'] = 'Ist dies ein SSL-Port?';
 $lng['admin']['ipsandports']['ssl_cert_file'] = 'Pfad zum Zertifikat';
 $lng['panel']['send'] = 'Versenden';
 $lng['admin']['subject'] = 'Betreff';
-$lng['admin']['receipient'] = 'Empfänger';
+$lng['admin']['recipient'] = 'Empfänger';
 $lng['admin']['message'] = 'Rundmail senden';
 $lng['admin']['text'] = 'Nachricht';
 $lng['menu']['message'] = 'Nachrichten';
 $lng['error']['errorsendingmail'] = 'Das Versenden der Nachricht an "%s" schlug fehl.';
 $lng['error']['cannotreaddir'] = 'Der Ordner "%s" kann nicht gelesen werden';
 $lng['message']['success'] = 'Nachricht erfolgreich an "%s" Empfänger gesendet';
-$lng['message']['noreceipients'] = 'Es wurde keine E-Mail versendet, da sich keine Empfänger in der Datenbank befinden';
+$lng['message']['norecipients'] = 'Es wurde keine E-Mail versendet, da sich keine Empfänger in der Datenbank befinden';
 $lng['admin']['sslsettings'] = 'SSL-Einstellungen';
 $lng['cronjobs']['notyetrun'] = 'Bisher nicht gestartet';
 $lng['serversettings']['default_vhostconf']['title'] = 'Standard vHost-Einstellungen';
@@ -1324,6 +1320,8 @@ $lng['serversettings']['panel_allow_theme_change_admin'] = 'Erlaube Admins das T
 $lng['serversettings']['panel_allow_theme_change_customer'] = 'Erlaube Kunden das Theme zu wechseln';
 $lng['serversettings']['axfrservers']['title'] = 'AXFR Server';
 $lng['serversettings']['axfrservers']['description'] = 'Eine durch Kommas getrennte Liste von IP Adressen, die DNS-Zonen transferieren dürfen (AXFR).';
+$lng['serversettings']['powerdns_mode']['title'] = 'PowerDNS Operation Mode';
+$lng['serversettings']['powerdns_mode']['description'] = 'Wählen Sie den PowerDNS-Modus: Native für keine DNS-Replikation (Standard) / Master wenn eine DNS-Replikation benötigt wird.';
 $lng['panel']['ssleditor'] = 'SSL-Einstellungen für diese Domain';
 $lng['admin']['ipsandports']['ssl_paste_description'] = 'Bitte den Inhalt der Zertifikatsdatei in das Textfeld kopieren.';
 $lng['admin']['ipsandports']['ssl_cert_file_content'] = 'Inhalt des SSL-Zertifikats (Certificate)';
@@ -1490,8 +1488,8 @@ $lng['error']['sslredirectonlypossiblewithsslipport'] = 'Die Nutzung von Let\'s
 $lng['error']['nowildcardwithletsencrypt'] = 'Let\'s Encrypt kann mittels ACME Wildcard-Domains nur via DNS validieren, sorry. Bitte den ServerAlias auf WWW setzen oder deaktivieren';
 $lng['panel']['letsencrypt'] = 'Benutzt Let\'s encrypt';
 $lng['crondesc']['cron_letsencrypt'] = 'Aktualisierung der Let\'s Encrypt Zertifikate';
-$lng['serversettings']['letsencryptca']['title'] = "Let's Encrypt Umgebung";
-$lng['serversettings']['letsencryptca']['description'] = "Let's Encrypt - Umgebung, welche genutzt wird um Zertifikate zu bestellen.";
+$lng['serversettings']['letsencryptca']['title'] = "ACME Umgebung";
+$lng['serversettings']['letsencryptca']['description'] = "Umgebung, welche genutzt wird um Zertifikate zu bestellen.";
 $lng['serversettings']['letsencryptcountrycode']['title'] = "Let's Encrypt Ländercode";
 $lng['serversettings']['letsencryptcountrycode']['description'] = "2 - stelliger Ländercode, welcher benutzt wird um Let's Encrypt - Zertifikate zu bestellen.";
 $lng['serversettings']['letsencryptstate']['title'] = "Let's Encrypt Bundesland";
@@ -1762,3 +1760,24 @@ $lng['serversettings']['terms_url']['description'] = 'Die URL zur AGB-Seite. Der
 $lng['privacy'] = 'Datenschutzerklärung';
 $lng['serversettings']['privacy_url']['title'] = 'URL zur Datenschutzerklärung';
 $lng['serversettings']['privacy_url']['description'] = 'Die URL zur Datenschutzerklärungs-Seite. Der Link ist auf der Login-Seite und wenn eingeloggt, in der Fußzeile sichtbar.';
+$lng['admin']['domaindefaultalias'] = 'Standard ServerAlias-Angabe für neue Domains';
+
+$lng['serversettings']['logo_image_header']['title'] = 'Logo Bild (Header)';
+$lng['serversettings']['logo_image_header']['description'] = 'Das hochgeladene Bild wird als Logo oben links nach dem Login angezeigt (empfohlene Höhe sind 30px)';
+$lng['serversettings']['logo_image_login']['title'] = 'Logo Bild (Login)';
+$lng['serversettings']['logo_image_login']['description'] = 'Das hochgeladene Bild wird als Logo während des Logins angezeigt';
+$lng['panel']['image_field_delete'] = 'Das momentan vorhandene Bild löschen';
+$lng['serversettings']['logo_overridetheme']['title'] = 'Überschreibe Theme-Logo mit "Logo Bild" (Header und Login, siehe unten)';
+$lng['serversettings']['logo_overridetheme']['description'] = 'Ist die Nutzung eines hochgeladenen Logos gewünscht, muss diese Einstellung auf "Ja" gesetzt werden. Alternativ kann weiterhin das Theme-basierte Überschreiben via "logo_custom.png" und "logo_custom_login.png" genutzt werden.';
+$lng['serversettings']['logo_overridecustom']['title'] = 'Überschreibe benutzerdefinierte Theme-Logos (logo_custom.png und logo_custom_login.png) mit "Logo Bold" (Header und Login, siehe unten)';
+$lng['serversettings']['logo_overridecustom']['description'] = 'Ist diese Einstellung aktiv, werden benutzerdefinierte Logos im Theme-Ordner mit dem "Logo Bild" ersetzt';
+$lng['serversettings']['createstdsubdom_default']['title'] = 'Standardwert für "'.$lng['admin']['stdsubdomain_add'].'" bei Erstellung eines Kunden';
+$lng['serversettings']['froxlorusergroup']['title'] = 'Benutzerdefinierte Gruppe für alle Kunden-Benutzer';
+$lng['serversettings']['froxlorusergroup']['description'] = 'Voraussetzung hierfür ist die Nutzung von libnss-extrausers (System-Einstellungen). Ein leerer Wert bedeutet, es wird keine Gruppe erstellt, bzw. vorhandene Gruppe wird entfernt.';
+$lng['error']['local_group_exists'] = 'Die angegebene Gruppe existiert bereits auf dem System';
+$lng['error']['local_group_invalid'] = 'Der angegebene Gruppen-Name ist nicht gültig';
+$lng['error']['invaliddnsforletsencrypt'] = 'Die DNS-Einträge der Domain enhalten keine der gewählten IP Adressen. Let\'s Encrypt Zertifikats-Erstellung ist nicht möglich.';
+$lng['error']['notallowedphpconfigused'] = 'Nutzung einer PHP-Konfiguration welche nicht dem Kunden zugeordnet ist';
+
+$lng['serversettings']['phpfpm_settings']['allow_all_customers']['title'] = 'Für aktuelle Kunden automatisch hinzufügen';
+$lng['serversettings']['phpfpm_settings']['allow_all_customers']['description'] = 'Ist diese Einstellung aktiv, wird die Konfiguration automatisch allen aktuell existierenden Kunden-Accounts zugewiesen. Diese Einstellung ist nicht permanent, kann aber mehrfach / nach Bedarf ausgeführt werden.';

lng/italian.lng.php

@@ -584,10 +584,6 @@ $lng['traffic']['sumhttp'] = 'Sommatoria Traffico in ingresso HTTP';
 $lng['traffic']['sumftp'] = 'Sommatoria Traffico in ingresso FTP';
 $lng['traffic']['summail'] = 'Sommatoria Traffico in ingresso Mail';
 
-// ADDED IN 1.2.19-svn4.5
-
-$lng['serversettings']['no_robots']['title'] = 'Permetti ai robot dei motori di ricerca di indicizzare l\'installazione di Froxlor';
-
 // ADDED IN 1.2.19-svn6
 
 $lng['admin']['loggersettings'] = 'Impostazioni Log';
@@ -614,7 +610,7 @@ $lng['panel']['reseller'] = 'rivenditore';
 $lng['panel']['admin'] = 'amministratore';
 $lng['panel']['customer'] = 'cliente/i';
 $lng['error']['nomessagetosend'] = 'Non hai inserito un messaggio.';
-$lng['error']['noreceipientsgiven'] = 'Non hai specificato alcun destinatario';
+$lng['error']['norecipientsgiven'] = 'Non hai specificato alcun destinatario';
 $lng['admin']['emaildomain'] = 'Email dominio';
 $lng['admin']['email_only'] = 'Solo email?';
 $lng['admin']['wwwserveralias'] = 'Aggiungi a "www." ServerAlias';
@@ -622,14 +618,14 @@ $lng['admin']['ipsandports']['enable_ssl'] = 'Questa è una porta SSL?';
 $lng['admin']['ipsandports']['ssl_cert_file'] = 'Percorso del certificato SSL (SSL certificate)';
 $lng['panel']['send'] = 'invia';
 $lng['admin']['subject'] = 'Oggetto';
-$lng['admin']['receipient'] = 'Destinatario';
+$lng['admin']['recipient'] = 'Destinatario';
 $lng['admin']['message'] = 'Scrivi un messaggio';
 $lng['admin']['text'] = 'Messaggio';
 $lng['menu']['message'] = 'Messaggi';
 $lng['error']['errorsendingmail'] = 'Il messaggio a "%s" fallito';
 $lng['error']['cannotreaddir'] = 'Impossibile leggere la cartella "%s"';
 $lng['message']['success'] = 'Inviato correttamente il messaggio a %s recipients';
-$lng['message']['noreceipients'] = 'Nessuna e-mail è stata inviata perch¸ non ci sono i destinatari nel database';
+$lng['message']['norecipients'] = 'Nessuna e-mail è stata inviata perch¸ non ci sono i destinatari nel database';
 $lng['admin']['sslsettings'] = 'Impostazioni SSL';
 $lng['cronjobs']['notyetrun'] = 'Non ancora avviato';
 $lng['serversettings']['default_vhostconf']['title'] = 'Impostazioni default vhost';