setting version to 0.10.10 for upcoming maintenance release

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

actions/admin/settings/120.system.php

@@ -253,7 +253,23 @@ return array(
 					'type' => 'hiddenString',
 					'default' => '',
 					'save_method' => 'storeSettingField'
-				)
+				),
+				'system_apply_specialsettings_default' => array(
+					'label' => $lng['serversettings']['apply_specialsettings_default'],
+					'settinggroup' => 'system',
+					'varname' => 'apply_specialsettings_default',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField'
+				),
+				'system_apply_phpconfigs_default' => array(
+					'label' => $lng['serversettings']['apply_phpconfigs_default'],
+					'settinggroup' => 'system',
+					'varname' => 'apply_phpconfigs_default',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField'
+				),
 			)
 		)
 	)

actions/admin/settings/122.froxlorvhost.php

@@ -105,6 +105,30 @@ return array(
 						'hasVhostContainerEnabled'
 					), true)
 				),
+				'system_honorcipherorder' => array(
+					'label' => $lng['admin']['domain_honorcipherorder'],
+					'settinggroup' => 'system',
+					'varname' => 'honorcipherorder',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => \Froxlor\Settings::Get('system.use_ssl') && call_user_func(array(
+						'\Froxlor\Settings\FroxlorVhostSettings',
+						'hasVhostContainerEnabled'
+					), true)
+				),
+				'system_sessiontickets' => array(
+					'label' => $lng['admin']['domain_sessiontickets'],
+					'settinggroup' => 'system',
+					'varname' => 'sessiontickets',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					'visible' => \Froxlor\Settings::Get('system.use_ssl') && call_user_func(array(
+						'\Froxlor\Settings\FroxlorVhostSettings',
+						'hasVhostContainerEnabled'
+					), true)
+				),
 				/**
 				 * FCGID
 				 */

actions/admin/settings/131.ssl.php

@@ -150,10 +150,10 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'letsencryptca',
 					'type' => 'option',
-					'default' => 'testing',
+					'default' => 'production',
 					'option_mode' => 'one',
 					'option_options' => array(
-						'testing' => 'https://acme-staging' . (\Froxlor\Settings::Get('system.leapiversion') == '2' ? '-v02' : '') . '.api.letsencrypt.org (Test)',
+						'testing' => 'https://acme-staging-v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org (Test)',
 						'production' => 'https://acme-v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org (Live)'
 					),
 					'save_method' => 'storeSettingField'

admin_domains.php

@@ -64,47 +64,20 @@ if ($page == 'domains' || $page == 'overview') {
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 		$searchcode = $paging->getHtmlSearchCode($lng);
 		$pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s);
-		$domain_array = array();
-
-		foreach ($result['list'] as $row) {
-
-			formatDomainEntry($row, $idna_convert);
-
-			if (! isset($domain_array[$row['domain']])) {
-				$domain_array[$row['domain']] = $row;
-			} else {
-				$domain_array[$row['domain']] = array_merge($row, $domain_array[$row['domain']]);
-			}
-
-			if (isset($row['aliasdomainid']) && $row['aliasdomainid'] != null && isset($row['aliasdomain']) && $row['aliasdomain'] != '') {
-				if (! isset($domain_array[$row['aliasdomain']])) {
-					$domain_array[$row['aliasdomain']] = array();
-				}
-				$domain_array[$row['aliasdomain']]['domainaliasid'] = $row['id'];
-				$domain_array[$row['aliasdomain']]['domainalias'] = $row['domain'];
-			}
-		}
-
-		/**
-		 * We need ksort/krsort here to make sure idna-domains are also sorted correctly
-		 */
-		if ($paging->sortfield == 'd.domain' && $paging->sortorder == 'asc') {
-			ksort($domain_array);
-		} elseif ($paging->sortfield == 'd.domain' && $paging->sortorder == 'desc') {
-			krsort($domain_array);
-		}
 
 		$count = 0;
-		foreach ($domain_array as $row) {
-
-			if (isset($row['domain']) && $row['domain'] != '') {
-				$row['customername'] = \Froxlor\User::getCorrectFullUserDetails($row);
-				$row = \Froxlor\PhpHelper::htmlentitiesArray($row);
-				// display a nice list of IP's
+		foreach ($result['list'] as $row) {
+			formatDomainEntry($row, $idna_convert);
+			$row['customername'] = \Froxlor\User::getCorrectFullUserDetails($row);
+			$row = \Froxlor\PhpHelper::htmlentitiesArray($row);
+			// display a nice list of IP's if it's not an alias for another domain
+			if (isset($row['aliasdomainid']) && $row['aliasdomainid'] != null && isset($row['aliasdomain']) && $row['aliasdomain'] != '') {
+				$row['ipandport'] = sprintf($lng['domains']['isaliasdomainof'], $row['aliasdomain']);
+			} else {
 				$row['ipandport'] = str_replace("\n", "<br />", $row['ipandport']);
-				eval("\$domains.=\"" . \Froxlor\UI\Template::getTemplate("domains/domains_domain") . "\";");
-				$count ++;
 			}
+			eval("\$domains.=\"" . \Froxlor\UI\Template::getTemplate("domains/domains_domain") . "\";");
+			$count++;
 		}
 
 		$domainscount = $paging->getEntries();
@@ -409,7 +382,7 @@ if ($page == 'domains' || $page == 'overview') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				try {
 					// remove ssl ip/ports if set is empty
-					if (isset($_POST['ssl_ipandport']) && empty($_POST['ssl_ipandport'])) {
+					if (!isset($_POST['ssl_ipandport']) || empty($_POST['ssl_ipandport'])) {
 						$_POST['remove_ssl_ipandport'] = true;
 					}
 					Domains::getLocal($userinfo, $_POST)->update();

customer_domains.php

@@ -42,7 +42,8 @@ if ($page == 'overview') {
 	if ($action == '') {
 		$log->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, "viewed customer_domains::domains");
 		$fields = array(
-			'd.domain' => $lng['domains']['domainname']
+			'd.domain' => $lng['domains']['domainname'],
+			'd.aliasdomain' => $lng['domains']['aliasdomain']
 		);
 		try {
 			// get total count
@@ -71,19 +72,24 @@ if ($page == 'overview') {
 			if ($row['parentdomainid'] == '0' && $row['caneditdomain'] == '1') {
 				$parentdomains_count ++;
 			}
-			$domain_array[$row['parentdomainid']][] = $row;
+			$domain_array[$row['parentdomainname']][] = $row;
 		}
 
-		if (isset($domain_array[0])) {
-			foreach ($domain_array[0] as $pdomain) {
-				// PARENTDOMAIN
-				$row = \Froxlor\PhpHelper::htmlentitiesArray($pdomain);
-				if (Settings::Get('system.awstats_enabled') == '1') {
-					$statsapp = 'awstats';
-				} else {
-					$statsapp = 'webalizer';
-				}
-				eval("\$domains.=\"" . \Froxlor\UI\Template::getTemplate("domains/domains_delimiter") . "\";");
+		foreach ($domain_array as $parentdomain => $sdomains) {
+			// PARENTDOMAIN
+			if (Settings::Get('system.awstats_enabled') == '1') {
+				$statsapp = 'awstats';
+			} else {
+				$statsapp = 'webalizer';
+			}
+			$row = [
+				'domain' => $idna_convert->decode($parentdomain)
+			];
+			eval("\$domains.=\"" . \Froxlor\UI\Template::getTemplate("domains/domains_delimiter") . "\";");
+
+			foreach ($sdomains as $domain) {
+				$row = \Froxlor\PhpHelper::htmlentitiesArray($domain);
+
 				// show docroot nicely
 				if (strpos($row['documentroot'], $userinfo['documentroot']) === 0) {
 					$row['documentroot'] = \Froxlor\FileDir::makeCorrectDir(str_replace($userinfo['documentroot'], "/", $row['documentroot']));
@@ -94,23 +100,6 @@ if ($page == 'overview') {
 					$show_ssledit = true;
 				}
 				eval("\$domains.=\"" . \Froxlor\UI\Template::getTemplate("domains/domains_domain") . "\";");
-
-				// every domain below the parentdomain
-				if (isset($domain_array[$pdomain['id']])) {
-					$mydomains = $domain_array[$pdomain['id']];
-					foreach ($mydomains as $row) {
-						// show docroot nicely
-						if (strpos($row['documentroot'], $userinfo['documentroot']) === 0) {
-							$row['documentroot'] = \Froxlor\FileDir::makeCorrectDir(str_replace($userinfo['documentroot'], "/", $row['documentroot']));
-						}
-						// get ssl-ips if activated
-						$show_ssledit = false;
-						if (Settings::Get('system.use_ssl') == '1' && \Froxlor\Domain\Domain::domainHasSslIpPort($row['id']) && $row['caneditdomain'] == '1' && $row['letsencrypt'] == 0) {
-							$show_ssledit = true;
-						}
-						eval("\$domains.=\"" . \Froxlor\UI\Template::getTemplate("domains/domains_domain") . "\";");
-					}
-				}
 			}
 		}
 

customer_traffic.php

@@ -112,11 +112,14 @@ if (! is_null($month) && ! is_null($year)) {
 
 	eval("echo \"" . \Froxlor\UI\Template::getTemplate('traffic/traffic_details') . "\";");
 } else {
-	$result_stmt = Database::prepare("SELECT `month`, `year`, SUM(`http`) AS http, SUM(`ftp_up`) AS ftp_up, SUM(`ftp_down`) AS ftp_down, SUM(`mail`) AS mail
+	$result_stmt = Database::prepare("
+		SELECT `month`, `year`, SUM(`http`) AS http, SUM(`ftp_up`) AS ftp_up, SUM(`ftp_down`) AS ftp_down, SUM(`mail`) AS mail
 		FROM `" . TABLE_PANEL_TRAFFIC . "`
 		WHERE `customerid` = :customerid
-		GROUP BY `year` DESC, `month` DESC
-		LIMIT 12");
+		GROUP BY `year`, `month`
+		ORDER BY `year` DESC, `month` DESC
+		LIMIT 12
+	");
 	Database::pexecute($result_stmt, array(
 		"customerid" => $userinfo['customerid']
 	));

install/froxlor.sql

@@ -271,6 +271,9 @@ CREATE TABLE `panel_domains` (
   `ssl_protocols` text,
   `ssl_cipher_list` text,
   `tlsv13_cipher_list` text,
+  `ssl_enabled` tinyint(1) DEFAULT '1',
+  `ssl_honorcipherorder` tinyint(1) DEFAULT '0',
+  `ssl_sessiontickets` tinyint(1) DEFAULT '1',
   PRIMARY KEY  (`id`),
   KEY `customerid` (`customerid`),
   KEY `parentdomain` (`parentdomainid`),
@@ -652,6 +655,8 @@ opcache.interned_strings_buffer'),
 	('system', 'disable_le_selfcheck', '0'),
 	('system', 'ssl_protocols', 'TLSv1,TLSv1.2'),
 	('system', 'tlsv13_cipher_list', ''),
+	('system', 'honorcipherorder', '0'),
+	('system', 'sessiontickets', '1'),
 	('system', 'logfiles_format', ''),
 	('system', 'logfiles_type', '1'),
 	('system', 'logfiles_piped', '0'),
@@ -660,6 +665,8 @@ opcache.interned_strings_buffer'),
 	('system', 'errorlog_level', 'warn'),
 	('system', 'leecc', '0'),
 	('system', 'froxloraliases', ''),
+	('system', 'apply_specialsettings_default', '1'),
+	('system', 'apply_phpconfigs_default', '1'),
 	('api', 'enabled', '0'),
 	('2fa', 'enabled', '1'),
 	('panel', 'decimal_places', '4'),
@@ -694,8 +701,8 @@ opcache.interned_strings_buffer'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
 	('panel', 'customer_hide_options', ''),
 	('panel', 'is_configured', '0'),
-	('panel', 'version', '0.10.6'),
-	('panel', 'db_version', '201911130');
+	('panel', 'version', '0.10.10'),
+	('panel', 'db_version', '201912100');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;

install/updates/froxlor/0.10/update_0.10.inc.php

@@ -482,3 +482,44 @@ if (\Froxlor\Froxlor::isFroxlorVersion('0.10.5')) {
 	showUpdateStep("Updating from 0.10.5 to 0.10.6", false);
 	\Froxlor\Froxlor::updateToVersion('0.10.6');
 }
+
+if (\Froxlor\Froxlor::isDatabaseVersion('201911130')) {
+	showUpdateStep("Adding new settings for domain edit form default values");
+	Settings::AddNew("system.apply_specialsettings_default", '1');
+	Settings::AddNew("system.apply_phpconfigs_default", '1');
+	lastStepStatus(0);
+	\Froxlor\Froxlor::updateToDbVersion('201911220');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.6')) {
+	showUpdateStep("Updating from 0.10.6 to 0.10.7", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.7');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.7')) {
+	showUpdateStep("Updating from 0.10.7 to 0.10.8", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.8');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.8')) {
+	showUpdateStep("Updating from 0.10.8 to 0.10.9", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.9');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('201911220')) {
+	showUpdateStep("Adding enhanced SSL control over domains");
+	// customer domains
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `ssl_enabled` tinyint(1) DEFAULT '1';");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `ssl_honorcipherorder` tinyint(1) DEFAULT '0' AFTER `ssl_enabled`;");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `ssl_sessiontickets` tinyint(1) DEFAULT '1' AFTER `ssl_honorcipherorder`;");
+	// as setting for froxlor vhost
+	Settings::AddNew("system.honorcipherorder", '0');
+	Settings::AddNew("system.sessiontickets", '1');
+	lastStepStatus(0);
+	\Froxlor\Froxlor::updateToDbVersion('201912100');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.9')) {
+	showUpdateStep("Updating from 0.10.9 to 0.10.10", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.10');
+}

lib/Froxlor/Api/ApiCommand.php

@@ -331,15 +331,30 @@ abstract class ApiCommand extends ApiParameter
 	 *
 	 * @param array $sql_orderby
 	 *        	optional array with index = fieldname and value = ASC|DESC
+	 * @param boolean $append
+	 *        	optional append to ORDER BY clause rather then create new one, default false [internal]
 	 *
 	 * @return string
 	 */
-	protected function getOrderBy()
+	protected function getOrderBy($append = false)
 	{
 		$orderby = $this->getParam('sql_orderby', true, array());
 		$order = "";
 		if (! empty($orderby)) {
-			$order .= " ORDER BY ";
+			if ($append) {
+				$order .= ", ";
+			} else {
+				$order .= " ORDER BY ";
+			}
+
+			$nat_fields = [
+				'`c`.`loginname`',
+				'`a`.`loginname`',
+				'`adminname`',
+				'`databasename`',
+				'`username`'
+			];
+
 			foreach ($orderby as $field => $by) {
 				$sortfield = explode('.', $field);
 				foreach ($sortfield as $id => $sfield) {
@@ -359,7 +374,7 @@ abstract class ApiCommand extends ApiParameter
 				])) {
 					$by = 'ASC';
 				}
-				if (\Froxlor\Settings::Get('panel.natsorting') == 1) {
+				if (\Froxlor\Settings::Get('panel.natsorting') == 1 && in_array($field, $nat_fields)) {
 					// Acts similar to php's natsort(), found in one comment at http://my.opera.com/cpr/blog/show.dml/160556
 					$order .= "CONCAT( IF( ASCII( LEFT( " . $field . ", 5 ) ) > 57,
 					LEFT( " . $field . ", 1 ), 0 ),

lib/Froxlor/Api/Commands/Certificates.php

@@ -209,7 +209,7 @@ class Certificates extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resou
 		} else {
 			$certs_stmt_query .= "1 ";
 		}
-		$certs_stmt = Database::prepare($certs_stmt_query . $this->getSearchWhere($query_fields) . $this->getOrderBy() . $this->getLimit());
+		$certs_stmt = Database::prepare($certs_stmt_query . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());
 		$qry_params = array_merge($qry_params, $query_fields);
 		Database::pexecute($certs_stmt, $qry_params, true, true);
 		$result = array();

lib/Froxlor/Api/Commands/Domains.php

@@ -168,14 +168,15 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 * get ips connected to given domain as array
 	 *
 	 * @param number $domain_id
+	 * @param bool $ssl_only
+	 *        	optional, return only ssl enabled ip's, default false
 	 * @return array
 	 */
-	private function getIpsForDomain($domain_id = 0)
+	private function getIpsForDomain($domain_id = 0, $ssl_only = false)
 	{
 		$resultips_stmt = Database::prepare("
 			SELECT `ips`.* FROM `" . TABLE_DOMAINTOIP . "` AS `dti`, `" . TABLE_PANEL_IPSANDPORTS . "` AS `ips`
-			WHERE `dti`.`id_ipandports` = `ips`.`id` AND `dti`.`id_domain` = :domainid
-		");
+			WHERE `dti`.`id_ipandports` = `ips`.`id` AND `dti`.`id_domain` = :domainid " . ($ssl_only ? " AND `ips`.`ssl` = '1'" : ""));
 
 		Database::pexecute($resultips_stmt, array(
 			'domainid' => $domain_id
@@ -260,6 +261,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 *        	optional, list of ssl-enabled ip/port id's to assign to this domain, default empty
 	 * @param bool $dont_use_default_ssl_ipandport_if_empty
 	 *        	optional, do NOT set the systems default ssl ip addresses if none are given via $ssl_ipandport parameter
+	 * @param bool $sslenabled
+	 *        	optional, whether or not SSL is enabled for this domain, regardless of the assigned ssl-ips, default 1 (true)
 	 * @param bool $http2
 	 *        	optional, whether to enable http/2 for this domain (requires to be enabled in the settings), default 0 (false)
 	 * @param int $hsts_maxage
@@ -270,6 +273,10 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 *        	optional whether or not to preload HSTS header value
 	 * @param bool $ocsp_stapling
 	 *        	optional whether to enable ocsp-stapling for this domain. default 0 (false), requires SSL
+	 * @param bool $honorcipherorder
+	 *        	optional whether to honor the (server) cipher order for this domain. default 0 (false), requires SSL
+	 * @param bool $sessiontickets
+	 *        	optional whether to enable or disable TLS sessiontickets (RFC 5077) for this domain. default 1 (true), requires SSL
 	 * @param bool $override_tls
 	 *        	optional whether or not to override system-tls settings like protocol, ssl-ciphers and if applicable tls-1.3 ciphers, requires change_serversettings flag for the admin, default false
 	 * @param array $ssl_protocols
@@ -324,11 +331,14 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 				$letsencrypt = $this->getBoolParam('letsencrypt', true, 0);
 				$dont_use_default_ssl_ipandport_if_empty = $this->getBoolParam('dont_use_default_ssl_ipandport_if_empty', true, 0);
 				$p_ssl_ipandports = $this->getParam('ssl_ipandport', true, $dont_use_default_ssl_ipandport_if_empty ? array() : explode(',', Settings::Get('system.defaultsslip')));
+				$sslenabled = $this->getBoolParam('sslenabled', true, 1);
 				$http2 = $this->getBoolParam('http2', true, 0);
 				$hsts_maxage = $this->getParam('hsts_maxage', true, 0);
 				$hsts_sub = $this->getBoolParam('hsts_sub', true, 0);
 				$hsts_preload = $this->getBoolParam('hsts_preload', true, 0);
 				$ocsp_stapling = $this->getBoolParam('ocsp_stapling', true, 0);
+				$honorcipherorder = $this->getBoolParam('honorcipherorder', true, 0);
+				$sessiontickets = $this->getBoolParam('sessiontickets', true, 1);
 
 				$override_tls = $this->getBoolParam('override_tls', true, 0);
 				$p_ssl_protocols = array();
@@ -344,7 +354,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 				}
 
 				// validation
-				if ($p_domain == Settings::Get('system.hostname')) {
+				$p_domain = strtolower($p_domain);
+				if ($p_domain == strtolower(Settings::Get('system.hostname'))) {
 					\Froxlor\UI\Response::standard_error('admin_domain_emailsystemhostname', '', true);
 				}
 
@@ -712,7 +723,10 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 						'override_tls' => $override_tls,
 						'ssl_protocols' => implode(",", $ssl_protocols),
 						'ssl_cipher_list' => $ssl_cipher_list,
-						'tlsv13_cipher_list' => $tlsv13_cipher_list
+						'tlsv13_cipher_list' => $tlsv13_cipher_list,
+						'sslenabled' => $sslenabled,
+						'honorcipherorder' => $honorcipherorder,
+						'sessiontickets' => $sessiontickets
 					);
 
 					$ins_stmt = Database::prepare("
@@ -760,7 +774,10 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 						`override_tls` = :override_tls,
 						`ssl_protocols` = :ssl_protocols,
 						`ssl_cipher_list` = :ssl_cipher_list,
-						`tlsv13_cipher_list` = :tlsv13_cipher_list
+						`tlsv13_cipher_list` = :tlsv13_cipher_list,
+						`ssl_enabled` = :sslenabled,
+						`ssl_honorcipherorder` = :honorcipherorder,
+						`ssl_sessiontickets`= :sessiontickets
 					");
 					Database::pexecute($ins_stmt, $ins_data, true, true);
 					$domainid = Database::lastInsertId();
@@ -865,7 +882,7 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 * @param bool $include_specialsettings
 	 *        	optional, whether or not to include non-ssl specialsettings in the generated ssl-vhost, default false
 	 * @param bool $specialsettingsforsubdomains
-	 *        	optional, whether to apply specialsettings to all subdomains of this domain, default 0 (false)
+	 *        	optional, whether to apply specialsettings to all subdomains of this domain, default is read from setting system.apply_specialsettings_default
 	 * @param bool $notryfiles
 	 *        	optional, [nginx only] do not generate the default try-files directive, default 0 (false)
 	 * @param bool $writeaccesslog
@@ -877,7 +894,7 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 * @param bool $phpenabled
 	 *        	optional, whether php is enabled for this domain, default 0 (false)
 	 * @param bool $phpsettingsforsubdomains
-	 *        	optional, whether to apply php-setting to apply to all subdomains of this domain, default 0 (false)
+	 *        	optional, whether to apply php-setting to apply to all subdomains of this domain, default is read from setting system.apply_phpconfigs_default
 	 * @param bool $openbasedir
 	 *        	optional, whether to activate openbasedir restriction for this domain, default 0 (false)
 	 * @param int $phpsettingid
@@ -894,6 +911,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 *        	optional, list of ssl-enabled ip/port id's to assign to this domain, if left empty, the current set value is being used, to remove all ssl ips use $remove_ssl_ipandport
 	 * @param bool $remove_ssl_ipandport
 	 *        	optional, if set to true and no $ssl_ipandport value is given, the ip's get removed, otherwise, the currently set value is used, default false
+	 * @param bool $sslenabled
+	 *        	optional, whether or not SSL is enabled for this domain, regardless of the assigned ssl-ips, default 1 (true)
 	 * @param bool $http2
 	 *        	optional, whether to enable http/2 for this domain (requires to be enabled in the settings), default 0 (false)
 	 * @param int $hsts_maxage
@@ -904,6 +923,10 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 	 *        	optional whether or not to preload HSTS header value
 	 * @param bool $ocsp_stapling
 	 *        	optional whether to enable ocsp-stapling for this domain. default 0 (false), requires SSL
+	 * @param bool $honorcipherorder
+	 *        	optional whether to honor the (server) cipher order for this domain. default 0 (false), requires SSL
+	 * @param bool $sessiontickets
+	 *        	optional whether to enable or disable TLS sessiontickets (RFC 5077) for this domain. default 1 (true), requires SSL
 	 *        	
 	 * @access admin
 	 * @throws \Exception
@@ -947,13 +970,13 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 			$specialsettings = $this->getParam('specialsettings', true, $result['specialsettings']);
 			$ssl_specialsettings = $this->getParam('ssl_specialsettings', true, $result['ssl_specialsettings']);
 			$include_specialsettings = $this->getBoolParam('include_specialsettings', true, $result['include_specialsettings']);
-			$ssfs = $this->getBoolParam('specialsettingsforsubdomains', true, 0);
+			$ssfs = $this->getBoolParam('specialsettingsforsubdomains', true, \Froxlor\Settings::Get('system.apply_specialsettings_default'));
 			$notryfiles = $this->getBoolParam('notryfiles', true, $result['notryfiles']);
 			$writeaccesslog = $this->getBoolParam('writeaccesslog', true, $result['writeaccesslog']);
 			$writeerrorlog = $this->getBoolParam('writeerrorlog', true, $result['writeerrorlog']);
 			$documentroot = $this->getParam('documentroot', true, $result['documentroot']);
 			$phpenabled = $this->getBoolParam('phpenabled', true, $result['phpenabled']);
-			$phpfs = $this->getBoolParam('phpsettingsforsubdomains', true, 0);
+			$phpfs = $this->getBoolParam('phpsettingsforsubdomains', true, \Froxlor\Settings::Get('system.apply_phpconfigs_default'));
 			$openbasedir = $this->getBoolParam('openbasedir', true, $result['openbasedir']);
 			$phpsettingid = $this->getParam('phpsettingid', true, $result['phpsettingid']);
 			$mod_fcgid_starter = $this->getParam('mod_fcgid_starter', true, $result['mod_fcgid_starter']);
@@ -964,11 +987,14 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 			$p_ssl_ipandports = $this->getParam('ssl_ipandport', true, $remove_ssl_ipandport ? array(
 				- 1
 			) : null);
+			$sslenabled = $this->getBoolParam('sslenabled', true, $result['ssl_enabled']);
 			$http2 = $this->getBoolParam('http2', true, $result['http2']);
 			$hsts_maxage = $this->getParam('hsts_maxage', true, $result['hsts']);
 			$hsts_sub = $this->getBoolParam('hsts_sub', true, $result['hsts_sub']);
 			$hsts_preload = $this->getBoolParam('hsts_preload', true, $result['hsts_preload']);
 			$ocsp_stapling = $this->getBoolParam('ocsp_stapling', true, $result['ocsp_stapling']);
+			$honorcipherorder = $this->getBoolParam('honorcipherorder', true, $result['ssl_honorcipherorder']);
+			$sessiontickets = $this->getBoolParam('sessiontickets', true, $result['ssl_sessiontickets']);
 
 			$override_tls = $this->getBoolParam('override_tls', true, $result['override_tls']);
 
@@ -1546,6 +1572,9 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 			$update_data['ssl_protocols'] = implode(",", $ssl_protocols);
 			$update_data['ssl_cipher_list'] = $ssl_cipher_list;
 			$update_data['tlsv13_cipher_list'] = $tlsv13_cipher_list;
+			$update_data['sslenabled'] = $sslenabled;
+			$update_data['honorcipherorder'] = $honorcipherorder;
+			$update_data['sessiontickets'] = $sessiontickets;
 			$update_data['id'] = $id;
 
 			$update_stmt = Database::prepare("
@@ -1588,7 +1617,10 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 				`override_tls` = :override_tls,
 				`ssl_protocols` = :ssl_protocols,
 				`ssl_cipher_list` = :ssl_cipher_list,
-				`tlsv13_cipher_list` = :tlsv13_cipher_list
+				`tlsv13_cipher_list` = :tlsv13_cipher_list,
+				`ssl_enabled` = :sslenabled,
+				`ssl_honorcipherorder` = :honorcipherorder,
+				`ssl_sessiontickets` = :sessiontickets
 				WHERE `id` = :id
 			");
 			Database::pexecute($update_stmt, $update_data, true, true);
@@ -1603,6 +1635,8 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 			$_update_data['ssl_protocols'] = implode(",", $ssl_protocols);
 			$_update_data['ssl_cipher_list'] = $ssl_cipher_list;
 			$_update_data['tlsv13_cipher_list'] = $tlsv13_cipher_list;
+			$_update_data['honorcipherorder'] = $honorcipherorder;
+			$_update_data['sessiontickets'] = $sessiontickets;
 			$_update_data['parentdomainid'] = $id;
 
 			// if php config is to be set for all subdomains, check here
@@ -1630,7 +1664,9 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 				`override_tls` = :override_tls,
 				`ssl_protocols` = :ssl_protocols,
 				`ssl_cipher_list` = :ssl_cipher_list,
-				`tlsv13_cipher_list` = :tlsv13_cipher_list
+				`tlsv13_cipher_list` = :tlsv13_cipher_list,
+				`ssl_honorcipherorder` = :honorcipherorder,
+				`ssl_sessiontickets` = :sessiontickets
 				" . $update_phpconfig . $upd_specialsettings . $updatechildren . $update_sslredirect . "
 				WHERE `parentdomainid` = :parentdomainid
 			");

lib/Froxlor/Api/Commands/Froxlor.php

@@ -42,7 +42,7 @@ class Froxlor extends \Froxlor\Api\ApiCommand
 				try {
 					$latestversion = \Froxlor\Http\HttpClient::urlGet(UPDATE_URI, true, 3);
 				} catch (\Exception $e) {
-					$latestversion = \Froxlor\Froxlor::getVersion()."|Version-check currently unavailable, please try again later";
+					$latestversion = \Froxlor\Froxlor::getVersion() . "|Version-check currently unavailable, please try again later";
 				}
 				$latestversion = explode('|', $latestversion);
 
@@ -216,7 +216,7 @@ class Froxlor extends \Froxlor\Api\ApiCommand
 	 */
 	public function updateSetting()
 	{
-		// currently not implemented as it required validation too so no wrong settings are being stored via API
+		// currently not implemented as it requires validation too so no wrong settings are being stored via API
 		throw new \Exception("Not available yet.", 501);
 
 		if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {
@@ -232,6 +232,17 @@ class Froxlor extends \Froxlor\Api\ApiCommand
 		throw new \Exception("Not allowed to execute given command.", 403);
 	}
 
+	/**
+	 * returns a random password based on froxlor settings for min-length, included characters, etc.
+	 *
+	 * @access admin, customer
+	 * @return string
+	 */
+	public function generatePassword()
+	{
+		return $this->response(200, "successfull", \Froxlor\System\Crypt::generatePassword());
+	}
+
 	/**
 	 * returns a list of all available api functions
 	 *

lib/Froxlor/Api/Commands/IpsAndPorts.php

@@ -540,7 +540,7 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 			));
 
 			$result_checkdomain_stmt = Database::prepare("
-				SELECT `id_domain` as `id` FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_ipandports` = :id
+				SELECT `id_domain` FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_ipandports` = :id
 			");
 			$result_checkdomain = Database::pexecute_first($result_checkdomain_stmt, array(
 				'id' => $id

lib/Froxlor/Api/Commands/SubDomains.php

@@ -41,6 +41,8 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 	 *        	optional, php-settings-id, if empty the $domain value is used
 	 * @param int $redirectcode
 	 *        	optional, redirect-code-id from TABLE_PANEL_REDIRECTCODES
+	 * @param bool $sslenabled
+	 *        	optional, whether or not SSL is enabled for this domain, regardless of the assigned ssl-ips, default 1 (true)
 	 * @param bool $ssl_redirect
 	 *        	optional, whether to generate a https-redirect or not, default false; requires SSL to be enabled
 	 * @param bool $letsencrypt
@@ -76,6 +78,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 			$redirectcode = $this->getParam('redirectcode', true, Settings::Get('customredirect.default'));
 			$isemaildomain = $this->getParam('isemaildomain', true, 0);
 			if (Settings::Get('system.use_ssl')) {
+				$sslenabled = $this->getBoolParam('sslenabled', true, 1);
 				$ssl_redirect = $this->getBoolParam('ssl_redirect', true, 0);
 				$letsencrypt = $this->getBoolParam('letsencrypt', true, 0);
 				$http2 = $this->getBoolParam('http2', true, 0);
@@ -83,6 +86,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				$hsts_sub = $this->getBoolParam('hsts_sub', true, 0);
 				$hsts_preload = $this->getBoolParam('hsts_preload', true, 0);
 			} else {
+				$sslenabled = 0;
 				$ssl_redirect = 0;
 				$letsencrypt = 0;
 				$http2 = 0;
@@ -95,6 +99,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 			$customer = $this->getCustomerData('subdomains');
 
 			// validation
+			$subdomain = strtolower($subdomain);
 			if (substr($subdomain, 0, 4) == 'xn--') {
 				\Froxlor\UI\Response::standard_error('domain_nopunycode', '', true);
 			}
@@ -114,7 +119,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 					'mydomain'
 				), '', true);
 			}
-			if ($completedomain == Settings::Get('system.hostname')) {
+			if ($completedomain == strtolower(Settings::Get('system.hostname'))) {
 				\Froxlor\UI\Response::standard_error('admin_domain_emailsystemhostname', '', true);
 			}
 
@@ -275,7 +280,8 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				`override_tls` = :override_tls,
 				`ssl_protocols` = :ssl_protocols,
 				`ssl_cipher_list` = :ssl_cipher_list,
-				`tlsv13_cipher_list` = :tlsv13_cipher_list
+				`tlsv13_cipher_list` = :tlsv13_cipher_list,
+				`ssl_enabled` = :sslenabled
 			");
 			$params = array(
 				"customerid" => $customer['customerid'],
@@ -305,7 +311,8 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				"override_tls" => $domain_check['override_tls'],
 				"ssl_protocols" => $domain_check['ssl_protocols'],
 				"ssl_cipher_list" => $domain_check['ssl_cipher_list'],
-				"tlsv13_cipher_list" => $domain_check['tlsv13_cipher_list']
+				"tlsv13_cipher_list" => $domain_check['tlsv13_cipher_list'],
+				"sslenabled" => $sslenabled
 			);
 			Database::pexecute($stmt, $params, true, true);
 			$subdomain_id = Database::lastInsertId();
@@ -446,6 +453,8 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 	 *        	optional, php-settings-id, if empty the $domain value is used
 	 * @param int $redirectcode
 	 *        	optional, redirect-code-id from TABLE_PANEL_REDIRECTCODES
+	 * @param bool $sslenabled
+	 *        	optional, whether or not SSL is enabled for this domain, regardless of the assigned ssl-ips, default 1 (true)
 	 * @param bool $ssl_redirect
 	 *        	optional, whether to generate a https-redirect or not, default false; requires SSL to be enabled
 	 * @param bool $letsencrypt
@@ -493,6 +502,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 		$phpsettingid = $this->getParam('phpsettingid', true, $result['phpsettingid']);
 		$redirectcode = $this->getParam('redirectcode', true, \Froxlor\Domain\Domain::getDomainRedirectId($id));
 		if (Settings::Get('system.use_ssl')) {
+			$sslenabled = $this->getBoolParam('sslenabled', true, $result['ssl_enabled']);
 			$ssl_redirect = $this->getBoolParam('ssl_redirect', true, $result['ssl_redirect']);
 			$letsencrypt = $this->getBoolParam('letsencrypt', true, $result['letsencrypt']);
 			$http2 = $this->getBoolParam('http2', true, $result['http2']);
@@ -500,6 +510,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 			$hsts_sub = $this->getBoolParam('hsts_sub', true, $result['hsts_sub']);
 			$hsts_preload = $this->getBoolParam('hsts_preload', true, $result['hsts_preload']);
 		} else {
+			$sslenabled = 0;
 			$ssl_redirect = 0;
 			$letsencrypt = 0;
 			$http2 = 0;
@@ -610,14 +621,15 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 		if ($path != $result['documentroot'] || $isemaildomain != $result['isemaildomain'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $aliasdomain != $result['aliasdomain'] || $openbasedir_path != $result['openbasedir_path'] || $ssl_redirect != $result['ssl_redirect'] || $letsencrypt != $result['letsencrypt'] || $hsts_maxage != $result['hsts'] || $hsts_sub != $result['hsts_sub'] || $hsts_preload != $result['hsts_preload'] || $phpsettingid != $result['phpsettingid']) {
 			$stmt = Database::prepare("
 					UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
-					`documentroot`= :documentroot,
-					`isemaildomain`= :isemaildomain,
-					`wwwserveralias`= :wwwserveralias,
-					`iswildcarddomain`= :iswildcarddomain,
-					`aliasdomain`= :aliasdomain,
-					`openbasedir_path`= :openbasedir_path,
-					`ssl_redirect`= :ssl_redirect,
-					`letsencrypt`= :letsencrypt,
+					`documentroot` = :documentroot,
+					`isemaildomain` = :isemaildomain,
+					`wwwserveralias` = :wwwserveralias,
+					`iswildcarddomain` = :iswildcarddomain,
+					`aliasdomain` = :aliasdomain,
+					`openbasedir_path` = :openbasedir_path,
+					`ssl_enabled` = :sslenabled,
+					`ssl_redirect` = :ssl_redirect,
+					`letsencrypt` = :letsencrypt,
 					`http2` = :http2,
 					`hsts` = :hsts,
 					`hsts_sub` = :hsts_sub,
@@ -632,6 +644,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				"iswildcarddomain" => $iswildcarddomain,
 				"aliasdomain" => ($aliasdomain != 0 && $alias_check == 0) ? $aliasdomain : null,
 				"openbasedir_path" => $openbasedir_path,
+				"sslenabled" => $sslenabled,
 				"ssl_redirect" => $ssl_redirect,
 				"letsencrypt" => $letsencrypt,
 				"http2" => $http2,
@@ -767,13 +780,14 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 
 		// prepare select statement
 		$domains_stmt = Database::prepare("
-			SELECT " . implode(",", $select_fields) . ", `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias`
+			SELECT " . implode(",", $select_fields) . ", IF(`d`.`parentdomainid` > 0, `pd`.`domain`, `d`.`domain`) AS `parentdomainname`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias`
 			FROM `" . TABLE_PANEL_DOMAINS . "` `d`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `da` ON `da`.`aliasdomain`=`d`.`id`
+			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `pd` ON `pd`.`id`=`d`.`parentdomainid`
 			WHERE `d`.`customerid` IN (" . implode(', ', $customer_ids) . ")
 			AND `d`.`email_only` = '0'
-			AND `d`.`id` NOT IN (" . implode(', ', $customer_stdsubs) . ")" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());
+			AND `d`.`id` NOT IN (" . implode(', ', $customer_stdsubs) . ")" . $this->getSearchWhere($query_fields, true) . " GROUP BY `d`.`id` ORDER BY `parentdomainname` " . $this->getOrderBy(true) . $this->getLimit());
 
 		$result = array();
 		Database::pexecute($domains_stmt, $query_fields, true, true);
@@ -839,8 +853,6 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 		$domains_stmt = Database::prepare("
 			SELECT COUNT(*) as num_subdom
 			FROM `" . TABLE_PANEL_DOMAINS . "` `d`
-			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id`
-			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `da` ON `da`.`aliasdomain`=`d`.`id`
 			WHERE `d`.`customerid` IN (" . implode(', ', $customer_ids) . ")
 			AND `d`.`email_only` = '0'
 			AND `d`.`id` NOT IN (" . implode(', ', $customer_stdsubs) . ")

lib/Froxlor/Api/Commands/SysLog.php

@@ -203,7 +203,7 @@ class SysLog extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 				];
 			}
 			$params['trunc'] = $truncatedate;
-			Database::execute($result_stmt, $params, true, true);
+			Database::pexecute($result_stmt, $params, true, true);
 			$this->logger()->logAction($this->isAdmin() ? \Froxlor\FroxlorLogger::ADM_ACTION : \Froxlor\FroxlorLogger::USR_ACTION, LOG_WARNING, "[API] truncated the froxlor syslog");
 			return $this->response(200, "successfull", true);
 		}

lib/Froxlor/Cron/Http/Apache.php

@@ -442,7 +442,9 @@ class Apache extends HttpConfigBase
 						'loginname' => 'froxlor.panel',
 						'documentroot' => $mypath,
 						'customerroot' => $mypath,
-						'parentdomainid' => 0
+						'parentdomainid' => 0,
+						'ssl_honorcipherorder' => Settings::Get('system.honorcipherorder'),
+						'ssl_sessiontickets' => Settings::Get('system.sessiontickets')
 					);
 
 					// override corresponding array values
@@ -478,9 +480,10 @@ class Apache extends HttpConfigBase
 									$this->virtualhosts_data[$vhosts_filename] .= ' SSLOpenSSLConfCmd DHParameters "' . $dhparams . '"' . "\n";
 								}
 								$this->virtualhosts_data[$vhosts_filename] .= ' SSLCompression Off' . "\n";
+								$this->virtualhosts_data[$vhosts_filename] .= ' SSLSessionTickets ' .  ($domain['ssl_sessiontickets'] == '1' ? 'on' : 'off') . "\n";
 							}
-							// this makes it more secure, thx to Marcel (08/2013)
-							$this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder On' . "\n";
+
+							$this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder ' .  ($domain['ssl_honorcipherorder'] == '1' ? 'on' : 'off') . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
 							$protocols = array_map('trim', explode(",", Settings::Get('system.ssl_protocols')));
 							if (in_array("TLSv1.3", $protocols) && ! empty(Settings::Get('system.tlsv13_cipher_list')) && Settings::Get('system.apache24') == 1) {
@@ -986,9 +989,9 @@ class Apache extends HttpConfigBase
 						$vhost_content .= '  SSLOpenSSLConfCmd DHParameters "' . $dhparams . '"' . "\n";
 					}
 					$vhost_content .= '  SSLCompression Off' . "\n";
+					$vhost_content .= '  SSLSessionTickets ' .  ($domain['ssl_sessiontickets'] == '1' ? 'on' : 'off') . "\n";
 				}
-				// this makes it more secure, thx to Marcel (08/2013)
-				$vhost_content .= '  SSLHonorCipherOrder On' . "\n";
+				$vhost_content .= '  SSLHonorCipherOrder ' .  ($domain['ssl_honorcipherorder'] == '1' ? 'on' : 'off') . "\n";
 				$vhost_content .= '  SSLCipherSuite ' . $ssl_cipher_list . "\n";
 				$protocols = array_map('trim', explode(",", $ssl_protocols));
 				if (in_array("TLSv1.3", $protocols) && ! empty($tlsv13_cipher_list) && Settings::Get('system.apache24') == 1) {
@@ -1114,7 +1117,7 @@ class Apache extends HttpConfigBase
 				// Create vhost without ssl
 				$this->virtualhosts_data[$vhosts_filename] .= $this->getVhostContent($domain, false);
 
-				if ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1') {
+				if ($domain['ssl_enabled'] == '1' && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')) {
 					// Adding ssl stuff if enabled
 					$vhosts_filename_ssl = $this->getVhostFilename($domain, true);
 					$this->virtualhosts_data[$vhosts_filename_ssl] = '# Domain ID: ' . $domain['id'] . ' (SSL) - CustomerID: ' . $domain['customerid'] . ' - CustomerLogin: ' . $domain['loginname'] . "\n";

lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php

@@ -84,7 +84,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 				)
 		");
 		$customer_ssl = $certificates_stmt->fetchAll(\PDO::FETCH_ASSOC);
-		if (!$customer_ssl) {
+		if (! $customer_ssl) {
 			$customer_ssl = array();
 		}
 
@@ -96,7 +96,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 				(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
 			");
 			$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
-			if (!$froxlor_ssl) {
+			if (! $froxlor_ssl) {
 				$froxlor_ssl = array();
 			}
 		}
@@ -126,7 +126,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 
 		self::checkInstall();
 
-		self::$apiserver = 'https://acme-v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org/directory';
+		self::$apiserver = 'https://acme-'.(Settings::Get('system.letsencryptca') == 'testing' ? 'staging-' : '').'v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org/directory';
 
 		FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Requesting/renewing Let's Encrypt certificates");
 
@@ -339,6 +339,9 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 			if ($force) {
 				$acmesh_cmd .= " --force";
 			}
+			if (defined('CRON_DEBUG_FLAG')) {
+				$acmesh_cmd .= " --debug";
+			}
 
 			$acme_result = \Froxlor\FileDir::safe_exec($acmesh_cmd);
 			// debug output of acme.sh run

lib/Froxlor/Cron/Http/Lighttpd.php

@@ -432,7 +432,7 @@ class Lighttpd extends HttpConfigBase
 
 	protected function getVhostContent($domain, $ssl_vhost = false, $ipid = 0)
 	{
-		if ($ssl_vhost === true && $domain['ssl'] != '1' && $domain['ssl_redirect'] != '1') {
+		if ($ssl_vhost === true && $domain['ssl'] != '1' && $domain['ssl_enabled'] != '1'  && $domain['ssl_redirect'] != '1') {
 			return '';
 		}
 
@@ -586,7 +586,7 @@ class Lighttpd extends HttpConfigBase
 				$ssl_settings .= 'ssl.use-sslv2 = "disable"' . "\n";
 				$ssl_settings .= 'ssl.use-sslv3 = "disable"' . "\n";
 				$ssl_settings .= 'ssl.cipher-list = "' . $ssl_cipher_list . '"' . "\n";
-				$ssl_settings .= 'ssl.honor-cipher-order = "enable"' . "\n";
+				$ssl_settings .= 'ssl.honor-cipher-order = ' . ($domain['ssl_honorcipherorder'] == '1' ? '"enable"' : '"disable"') . "\n";
 				$ssl_settings .= 'ssl.pemfile = "' . \Froxlor\FileDir::makeCorrectFile($domain['ssl_cert_file']) . '"' . "\n";
 
 				if ($domain['ssl_ca_file'] != '') {

lib/Froxlor/Cron/Http/Nginx.php

@@ -272,6 +272,8 @@ class Nginx extends HttpConfigBase
 				 */
 				if ($row_ipsandports['ssl'] == '1') {
 					$row_ipsandports['domain'] = Settings::Get('system.hostname');
+					$row_ipsandports['ssl_honorcipherorder'] = Settings::Get('system.honorcipherorder');
+					$row_ipsandports['ssl_sessiontickets'] = Settings::Get('system.sessiontickets');
 					$this->nginx_data[$vhost_filename] .= $this->composeSslSettings($row_ipsandports);
 					if ($row_ipsandports['ssl_specialsettings'] != '') {
 						$this->nginx_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['ssl_specialsettings'], array(
@@ -537,7 +539,7 @@ class Nginx extends HttpConfigBase
 				}
 
 				if ($domain['ssl_specialsettings'] != '' && $ssl_vhost == true) {
-					$vhost_content .= $this->processSpecialConfigTemplate($domain['ssl_specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
+					$vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate($domain['ssl_specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost));
 				}
 
 				if ($_vhost_content != '') {
@@ -549,7 +551,7 @@ class Nginx extends HttpConfigBase
 				}
 
 				if (Settings::Get('system.default_sslvhostconf') != '' && $ssl_vhost == true) {
-					$vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_sslvhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
+					$vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate(Settings::Get('system.default_sslvhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n");
 				}
 			}
 		}
@@ -562,6 +564,8 @@ class Nginx extends HttpConfigBase
 	{
 		// Remove windows linebreaks
 		$vhost = str_replace("\r", "\n", $vhost);
+		// remove comments
+		$vhost = implode("\n", preg_replace('/^(\s+)?#(.*)$/', '', explode("\n", $vhost)));
 		// Break blocks into lines
 		$vhost = str_replace(array(
 			"{",
@@ -698,7 +702,8 @@ class Nginx extends HttpConfigBase
 				// When >1.11.0: Defaults to auto, using recommended curves provided by OpenSSL.
 				// see https://github.com/Froxlor/Froxlor/issues/652
 				// $sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n";
-				$sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n";
+				$sslsettings .= "\t" . 'ssl_prefer_server_ciphers ' .  (isset($domain_or_ip['ssl_honorcipherorder']) && $domain_or_ip['ssl_honorcipherorder'] == '1' ? 'on' : 'off') . ';' . "\n";
+				$sslsettings .= "\t" . 'ssl_session_tickets ' .  (isset($domain_or_ip['ssl_sessiontickets']) && $domain_or_ip['ssl_sessiontickets'] == '1' ? 'on' : 'off') . ';' . "\n";
 				$sslsettings .= "\t" . 'ssl_session_cache shared:SSL:10m;' . "\n";
 				$sslsettings .= "\t" . 'ssl_certificate ' . \Froxlor\FileDir::makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n";
 

lib/Froxlor/Cron/Traffic/TrafficCron.php

@@ -137,7 +137,11 @@ class TrafficCron extends \Froxlor\Cron\FroxlorCron
 					$mysqlusage_all[$row_database['customerid']] = 0;
 				}
 				// sum up result
-				$mysqlusage_all[$row_database['customerid']] += floatval($mysql_usage_row['customerusage']);
+				if ($mysql_usage_row) {
+					$mysqlusage_all[$row_database['customerid']] += floatval($mysql_usage_row['customerusage']);
+				} else {
+					\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_WARNING, "Cannot get usage for database " . $row_database['databasename'] . ".");
+				}
 			} else {
 				\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_WARNING, "Seems like the database " . $row_database['databasename'] . " had been removed manually.");
 			}

lib/Froxlor/Database/Manager/DbManagerMySQL.php

@@ -78,36 +78,35 @@ class DbManagerMySQL
 	public function grantPrivilegesTo($username = null, $password = null, $access_host = null, $p_encrypted = false, $update = false)
 	{
 		if (! $update) {
-			// mysql8 compatibility
-			if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '8.0.11', '>=')) {
-				// create user
+			// create user
+			if ($p_encrypted) {
+				if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '5.7.0', '<')) {
+					$stmt = Database::prepare("
+						CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED BY PASSWORD :password
+					");
+				} else {
+					$stmt = Database::prepare("
+						CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED WITH mysql_native_password AS :password
+					");
+				}
+			} else {
 				$stmt = Database::prepare("
 					CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED BY :password
 				");
-				Database::pexecute($stmt, array(
-					"password" => $password
-				));
-				// grant privileges
-				$stmt = Database::prepare("
-					GRANT ALL ON `" . $username . "`.* TO :username@:host
-				");
-				Database::pexecute($stmt, array(
-					"username" => $username,
-					"host" => $access_host
-				));
-			} else {
-				// grant privileges
-				$stmt = Database::prepare("
-					GRANT ALL PRIVILEGES ON `" . $username . "`.* TO :username@:host IDENTIFIED BY :password
-				");
-				Database::pexecute($stmt, array(
-					"username" => $username,
-					"host" => $access_host,
-					"password" => $password
-				));
 			}
+			Database::pexecute($stmt, array(
+				"password" => $password
+			));
+			// grant privileges
+			$stmt = Database::prepare("
+				GRANT ALL ON `" . $username . "`.* TO :username@:host
+			");
+			Database::pexecute($stmt, array(
+				"username" => $username,
+				"host" => $access_host
+			));
 		} else {
-			// set passoword
+			// set password
 			if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '5.7.6', '<')) {
 				if ($p_encrypted) {
 					$stmt = Database::prepare("SET PASSWORD FOR :username@:host = :password");
@@ -115,7 +114,11 @@ class DbManagerMySQL
 					$stmt = Database::prepare("SET PASSWORD FOR :username@:host = PASSWORD(:password)");
 				}
 			} else {
-				$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED BY :password");
+				if ($p_encrypted) {
+					$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED WITH mysql_native_password AS :password");
+				} else {
+					$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED BY :password");
+				}
 			}
 			Database::pexecute($stmt, array(
 				"username" => $username,
@@ -158,7 +161,6 @@ class DbManagerMySQL
 			), false);
 		}
 
-		
 		$drop_stmt = Database::prepare("DROP DATABASE IF EXISTS `" . $dbname . "`");
 		Database::pexecute($drop_stmt);
 	}
@@ -247,7 +249,7 @@ class DbManagerMySQL
 			if ($user_only == false) {
 				if (! isset($allsqlusers[$row['User']]) || ! is_array($allsqlusers[$row['User']])) {
 					$allsqlusers[$row['User']] = array(
-						'password' => $row['Password'],
+						'password' => $row['Password'] ?? $row['authentication_string'],
 						'hosts' => array()
 					);
 				}

lib/Froxlor/Froxlor.php

@@ -7,10 +7,10 @@ final class Froxlor
 {
 
 	// Main version variable
-	const VERSION = '0.10.6';
+	const VERSION = '0.10.10';
 
 	// Database version (YYYYMMDDC where C is a daily counter)
-	const DBVERSION = '201911130';
+	const DBVERSION = '201912100';
 
 	// Distribution branding-tag (used for Debian etc.)
 	const BRANDING = '';

lib/Froxlor/UI/Pagination.php

@@ -82,7 +82,8 @@ class Pagination
 			// add default ordering by given fields
 			if (count($fields) > 0) {
 				$orderfields = array_keys($fields);
-				$this->addOrderBy($orderfields[0]);
+				$this->sortfield = $orderfields[0];
+				$this->addOrderBy($orderfields[0], $this->sortorder);
 			}
 		}
 
@@ -285,15 +286,22 @@ class Pagination
 				$stop = $pages;
 			}
 
-			$pagingcode = '<a href="' . htmlspecialchars($baseurl) . '&amp;pageno=1">&laquo;</a> <a href="' . htmlspecialchars($baseurl) . '&amp;pageno=' . ((intval($this->pageno) - 1) == 0 ? '1' : intval($this->pageno) - 1) . '">&lt;</a>&nbsp;';
+			// check for possible sorting values and keep it
+			$orderstr = '';
+			if (!empty($this->sortfield)) {
+				$fieldname = htmlspecialchars($this->sortfield);
+				$orderstr .= '&amp;sortfield=' . $fieldname . '&amp;sortorder=' . $this->sortorder;
+			}
+
+			$pagingcode = '<a href="' . htmlspecialchars($baseurl) . '&amp;pageno=1' . $orderstr . '">&laquo;</a> <a href="' . htmlspecialchars($baseurl) . '&amp;pageno=' . ((intval($this->pageno) - 1) == 0 ? '1' : intval($this->pageno) - 1) . $orderstr . '">&lt;</a>&nbsp;';
 			for ($i = $start; $i <= $stop; $i ++) {
 				if ($i != $this->pageno) {
-					$pagingcode .= ' <a href="' . htmlspecialchars($baseurl) . '&amp;pageno=' . $i . '">' . $i . '</a>&nbsp;';
+					$pagingcode .= ' <a href="' . htmlspecialchars($baseurl) . '&amp;pageno=' . $i . $orderstr . '">' . $i . '</a>&nbsp;';
 				} else {
 					$pagingcode .= ' <strong>' . $i . '</strong>&nbsp;';
 				}
 			}
-			$pagingcode .= ' <a href="' . htmlspecialchars($baseurl) . '&amp;pageno=' . ((intval($this->pageno) + 1) > $pages ? $pages : intval($this->pageno) + 1) . '">&gt;</a> <a href="' . $baseurl . '&amp;pageno=' . $pages . '">&raquo;</a>';
+			$pagingcode .= ' <a href="' . htmlspecialchars($baseurl) . '&amp;pageno=' . ((intval($this->pageno) + 1) > $pages ? $pages : intval($this->pageno) + 1) . $orderstr . '">&gt;</a> <a href="' . $baseurl . '&amp;pageno=' . $pages . $orderstr . '">&raquo;</a>';
 		} else {
 			$pagingcode = '';
 		}

lib/Froxlor/UI/Paging.php

@@ -0,0 +1,520 @@
+<?php
+namespace Froxlor\UI;
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2003-2009 the SysCP Team (see authors).
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Florian Lippert <flo@syscp.org> (2003-2009)
+ * @author Froxlor team <team@froxlor.org> (2010-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Classes
+ *         
+ */
+
+/**
+ * Class to manage paging system
+ *
+ * @package Functions
+ */
+class Paging
+{
+
+	/**
+	 * Userinfo
+	 *
+	 * @var array
+	 */
+	private $userinfo = array();
+
+	/**
+	 * MySQL-Table
+	 *
+	 * @var string
+	 */
+	private $table = '';
+
+	/**
+	 * Fields with description which should be selectable
+	 *
+	 * @var array
+	 */
+	private $fields = array();
+
+	/**
+	 * Entries per page
+	 *
+	 * @var int
+	 */
+	private $entriesperpage = 0;
+
+	/**
+	 * Number of entries of table
+	 *
+	 * @var int
+	 */
+	private $entries = 0;
+
+	/**
+	 * Sortorder, asc or desc
+	 *
+	 * @var string
+	 */
+	public $sortorder = 'asc';
+
+	/**
+	 * Sortfield
+	 *
+	 * @var string
+	 */
+	public $sortfield = '';
+
+	/**
+	 * Searchfield
+	 *
+	 * @var string
+	 */
+	private $searchfield = '';
+
+	/**
+	 * Searchtext
+	 *
+	 * @var string
+	 */
+	private $searchtext = '';
+
+	/**
+	 * Pagenumber
+	 *
+	 * @var int
+	 */
+	private $pageno = 0;
+
+	/**
+	 * Switch natsorting on/off
+	 *
+	 * @var bool
+	 */
+	private $natSorting = false;
+
+	private $limit = 0;
+
+	/**
+	 * Class constructor.
+	 * Loads settings from request or from userdata and saves them to session.
+	 *
+	 * @param
+	 *        	array userinfo
+	 * @param
+	 *        	string Name of Table
+	 * @param
+	 *        	array Fields, in format array( 'fieldname_in_mysql' => 'field_caption' )
+	 * @param
+	 *        	int *deprecated* entries per page
+	 * @param
+	 *        	bool *deprecated* Switch natsorting on/off (global, affects all calls of sort)
+	 * @param int $default_field
+	 *        	default sorting-field-index
+	 * @param string $default_order
+	 *        	default sorting order 'asc' or 'desc'
+	 *        	
+	 */
+	public function __construct($userinfo, $table, $fields, $entriesperpage = 0, $natSorting = false, $default_field = 0, $default_order = 'asc', $limit = 0)
+	{
+
+		// entries per page and natsorting-flag are not
+		// passed as parameter anymore, because these are
+		// from the settings anyway
+		$entriesperpage = \Froxlor\Settings::Get('panel.paging');
+		$natSorting = \Froxlor\Settings::Get('panel.natsorting');
+
+		$this->userinfo = $userinfo;
+
+		if (! is_array($this->userinfo['lastpaging'])) {
+			$this->userinfo['lastpaging'] = json_decode($this->userinfo['lastpaging'], true);
+		}
+
+		$this->table = $table;
+		$this->fields = $fields;
+		$this->entriesperpage = $entriesperpage;
+		$this->natSorting = $natSorting;
+		$checklastpaging = (isset($this->userinfo['lastpaging']['table']) && $this->userinfo['lastpaging']['table'] == $this->table);
+		$this->userinfo['lastpaging']['table'] = $this->table;
+
+		if (isset($_REQUEST['sortorder']) && (strtolower($_REQUEST['sortorder']) == 'desc' || strtolower($_REQUEST['sortorder']) == 'asc')) {
+			$this->sortorder = strtolower($_REQUEST['sortorder']);
+		} else {
+
+			if ($checklastpaging && isset($this->userinfo['lastpaging']['sortorder']) && (strtolower($this->userinfo['lastpaging']['sortorder']) == 'desc' || strtolower($this->userinfo['lastpaging']['sortorder']) == 'asc')) {
+				$this->sortorder = strtolower($this->userinfo['lastpaging']['sortorder']);
+			} else {
+				$this->sortorder = $default_order;
+			}
+		}
+
+		$this->userinfo['lastpaging']['sortorder'] = $this->sortorder;
+
+		if (isset($_REQUEST['sortfield']) && isset($fields[$_REQUEST['sortfield']])) {
+			$this->sortfield = $_REQUEST['sortfield'];
+		} else {
+			if ($checklastpaging && isset($this->userinfo['lastpaging']['sortfield']) && isset($fields[$this->userinfo['lastpaging']['sortfield']])) {
+				$this->sortfield = $this->userinfo['lastpaging']['sortfield'];
+			} else {
+				$fieldnames = array_keys($fields);
+				$this->sortfield = $fieldnames[$default_field];
+			}
+		}
+
+		$this->userinfo['lastpaging']['sortfield'] = $this->sortfield;
+
+		if (isset($_REQUEST['searchfield']) && isset($fields[$_REQUEST['searchfield']])) {
+			$this->searchfield = $_REQUEST['searchfield'];
+		} else {
+			if ($checklastpaging && isset($this->userinfo['lastpaging']['searchfield']) && isset($fields[$this->userinfo['lastpaging']['searchfield']])) {
+				$this->searchfield = $this->userinfo['lastpaging']['searchfield'];
+			} else {
+				$fieldnames = array_keys($fields);
+				$this->searchfield = $fieldnames[0];
+			}
+		}
+
+		$this->userinfo['lastpaging']['searchfield'] = $this->searchfield;
+
+		if (isset($_REQUEST['searchtext']) && (preg_match('/[-_@\p{L}\p{N}*.]+$/u', $_REQUEST['searchtext']) || $_REQUEST['searchtext'] === '')) {
+			$this->searchtext = trim($_REQUEST['searchtext']);
+		} else {
+			if ($checklastpaging && isset($this->userinfo['lastpaging']['searchtext']) && preg_match('/[-_@\p{L}\p{N}*.]+$/u', $this->userinfo['lastpaging']['searchtext'])) {
+				$this->searchtext = $this->userinfo['lastpaging']['searchtext'];
+			} else {
+				$this->searchtext = '';
+			}
+		}
+
+		$this->userinfo['lastpaging']['searchtext'] = $this->searchtext;
+
+		if (isset($_REQUEST['pageno']) && intval($_REQUEST['pageno']) != 0) {
+			$this->pageno = intval($_REQUEST['pageno']);
+		} else {
+			if ($checklastpaging && isset($this->userinfo['lastpaging']['pageno']) && intval($this->userinfo['lastpaging']['pageno']) != 0) {
+				$this->pageno = intval($this->userinfo['lastpaging']['pageno']);
+			} else {
+				$this->pageno = 1;
+			}
+		}
+
+		$this->userinfo['lastpaging']['pageno'] = $this->pageno;
+		$upd_stmt = \Froxlor\Database\Database::prepare("
+			UPDATE `" . TABLE_PANEL_SESSIONS . "` SET
+			`lastpaging` = :lastpaging
+			WHERE `hash` = :hash  AND `userid` = :userid
+			AND `ipaddress` = :ipaddr AND `useragent` = :ua
+			AND `adminsession` = :adminsession
+		");
+		$upd_data = array(
+			'lastpaging' => json_encode($this->userinfo['lastpaging']),
+			'hash' => $userinfo['hash'],
+			'userid' => $userinfo['userid'],
+			'ipaddr' => $userinfo['ipaddress'],
+			'ua' => $userinfo['useragent'],
+			'adminsession' => $userinfo['adminsession']
+		);
+		\Froxlor\Database\Database::pexecute($upd_stmt, $upd_data);
+
+		$this->limit = $limit;
+	}
+
+	/**
+	 * Sets number of entries and adjusts pageno if the number of entries doesn't correspond to the pageno.
+	 *
+	 * @param
+	 *        	int entries
+	 */
+	public function setEntries($entries)
+	{
+		$this->entries = $entries;
+
+		if (($this->pageno - 1) * $this->entriesperpage > $this->entries) {
+			$this->pageno = 1;
+		}
+
+		return true;
+	}
+
+	/**
+	 * Checks if a row should be displayed or not, used in loops
+	 *
+	 * @param
+	 *        	int number of row
+	 * @return bool to display or not to display, that's the question
+	 */
+	public function checkDisplay($count)
+	{
+		$begin = (intval($this->pageno) - 1) * intval($this->entriesperpage);
+		$end = (intval($this->pageno) * intval($this->entriesperpage));
+		return (($count >= $begin && $count < $end) || $this->entriesperpage == 0);
+	}
+
+	/**
+	 * Returns condition code for sql query
+	 *
+	 * @param
+	 *        	bool should returned condition code start with WHERE (false) or AND (true)?
+	 * @return string the condition code
+	 */
+	public function getSqlWhere($append = false)
+	{
+		if ($this->searchtext != '') {
+			if ($append == true) {
+				$condition = ' AND ';
+			} else {
+				$condition = ' WHERE ';
+			}
+
+			$searchfield = explode('.', $this->searchfield);
+			foreach ($searchfield as $id => $field) {
+				if (substr($field, - 1, 1) != '`') {
+					$field .= '`';
+				}
+
+				if ($field[0] != '`') {
+					$field = '`' . $field;
+				}
+
+				$searchfield[$id] = $field;
+			}
+
+			$searchfield = implode('.', $searchfield);
+
+			$ops = array(
+				'<',
+				'>',
+				'='
+			);
+
+			// check if we use an operator or not
+			$useOper = 0;
+			$oper = "=";
+			if (in_array(substr($this->searchtext, 0, 1), $ops)) {
+				$useOper = 1;
+				$oper = substr($this->searchtext, 0, 1);
+			}
+
+			// check for diskspace and whether searchtext is a number
+			// in any other case the logical-operators would make no sense
+			if (strpos($searchfield, 'diskspace') > 0 && is_numeric(substr($this->searchtext, $useOper))) {
+				// anything with diskspace is *1024
+				$searchtext = ((int) substr($this->searchtext, $useOper)) * 1024;
+				$useOper = 1;
+			} elseif (strpos($searchfield, 'traffic') > 0 && is_numeric(substr($this->searchtext, $useOper))) {
+				// anything with traffic is *1024*1024
+				$searchtext = ((int) substr($this->searchtext, $useOper)) * 1024 * 1024;
+				$useOper = 1;
+			} else {
+				// any other field
+				$searchtext = substr($this->searchtext, $useOper);
+			}
+
+			if ($useOper == 1 && is_numeric(substr($this->searchtext, $useOper))) {
+				// now as we use >, < or = we use the given operator and not LIKE
+				$condition .= $searchfield . " " . $oper . " " . \Froxlor\Database\Database::quote($searchtext);
+			} else {
+				$searchtext = str_replace('*', '%', $this->searchtext);
+				// append wildcards if user did not enter any
+				if (strpos($searchtext, '%') === false)
+					$searchtext = '%' . $searchtext . '%';
+				$condition .= $searchfield . " LIKE " . \Froxlor\Database\Database::quote($searchtext);
+			}
+		} else {
+			$condition = '';
+		}
+
+		return $condition;
+	}
+
+	/**
+	 * Returns "order by"-code for sql query
+	 *
+	 * @param
+	 *        	bool Switch natsorting on/off (local, affects just this call)
+	 * @return string the "order by"-code
+	 */
+	public function getSqlOrderBy($natSorting = null)
+	{
+		$sortfield = explode('.', $this->sortfield);
+		foreach ($sortfield as $id => $field) {
+			if (substr($field, - 1, 1) != '`') {
+				$field .= '`';
+			}
+
+			if ($field[0] != '`') {
+				$field = '`' . $field;
+			}
+
+			$sortfield[$id] = $field;
+		}
+
+		$sortfield = implode('.', $sortfield);
+		$sortorder = strtoupper($this->sortorder);
+
+		if ($natSorting == true || ($natSorting === null && $this->natSorting == true)) {
+			// Acts similar to php's natsort(), found in one comment at http://my.opera.com/cpr/blog/show.dml/160556
+			$sortcode = "ORDER BY CONCAT( IF( ASCII( LEFT( " . $sortfield . ", 5 ) ) > 57,
+				LEFT( " . $sortfield . ", 1 ), 0 ),
+				IF( ASCII( RIGHT( " . $sortfield . ", 1 ) ) > 57,
+					LPAD( " . $sortfield . ", 255, '0' ),
+					LPAD( CONCAT( " . $sortfield . ", '-' ), 255, '0' )
+				)) " . $sortorder;
+		} else {
+			$sortcode = 'ORDER BY ' . $sortfield . ' ' . $sortorder;
+		}
+
+		return $sortcode;
+	}
+
+	/**
+	 * Currently not used
+	 *
+	 * @return string always empty
+	 */
+	public function getSqlLimit()
+	{
+		if ($this->limit > 0) {
+			$_offset = ($this->pageno - 1) * $this->limit;
+			return ' LIMIT ' . $_offset . ',' . $this->limit;
+		}
+		/**
+		 * currently not in use
+		 */
+		return '';
+	}
+
+	/**
+	 * Returns html code for sorting field
+	 *
+	 * @param
+	 *        	array Language array
+	 * @return string the html sortcode
+	 */
+	public function getHtmlSortCode($lng, $break = false)
+	{
+		$sortcode = '';
+		$fieldoptions = '';
+		$orderoptions = '';
+
+		foreach ($this->fields as $fieldname => $fieldcaption) {
+			$fieldoptions .= HTML::makeoption($fieldcaption, $fieldname, $this->sortfield, true, true);
+		}
+
+		$breakorws = ($break ? '<br />' : '&nbsp;');
+		foreach (array(
+			'asc' => $lng['panel']['ascending'],
+			'desc' => $lng['panel']['descending']
+		) as $sortordertype => $sortorderdescription) {
+			$orderoptions .= HTML::makeoption($sortorderdescription, $sortordertype, $this->sortorder, true, true);
+		}
+
+		eval("\$sortcode =\"" . Template::getTemplate("misc/htmlsortcode", '1') . "\";");
+		return $sortcode;
+	}
+
+	/**
+	 * Returns html code for sorting arrows
+	 *
+	 * @param
+	 *        	string URL to use as base for links
+	 * @param
+	 *        	string If set, only this field will be returned
+	 * @return mixed An array or a string (if field is set) of html code of arrows
+	 */
+	public function getHtmlArrowCode($baseurl, $field = '')
+	{
+		global $theme;
+
+		if ($field != '' && isset($this->fields[$field])) {
+			$baseurl = htmlspecialchars($baseurl);
+			$fieldname = htmlspecialchars($field);
+			eval("\$arrowcode =\"" . Template::getTemplate("misc/htmlarrowcode", '1') . "\";");
+		} else {
+			$baseurl = htmlspecialchars($baseurl);
+			$arrowcode = array();
+			foreach ($this->fields as $fieldname => $fieldcaption) {
+				$fieldname = htmlspecialchars($fieldname);
+				eval("\$arrowcode[\$fieldname] =\"" . Template::getTemplate("misc/htmlarrowcode", '1') . "\";");
+			}
+		}
+
+		return $arrowcode;
+	}
+
+	/**
+	 * Returns html code for searching field
+	 *
+	 * @param
+	 *        	array Language array
+	 * @return string the html searchcode
+	 */
+	public function getHtmlSearchCode($lng)
+	{
+		$searchcode = '';
+		$fieldoptions = '';
+		$searchtext = htmlspecialchars($this->searchtext);
+		foreach ($this->fields as $fieldname => $fieldcaption) {
+			$fieldoptions .= HTML::makeoption($fieldcaption, $fieldname, $this->searchfield, true, true);
+		}
+		eval("\$searchcode =\"" . Template::getTemplate("misc/htmlsearchcode", '1') . "\";");
+		return $searchcode;
+	}
+
+	/**
+	 * Returns html code for paging
+	 *
+	 * @param
+	 *        	string URL to use as base for links
+	 * @return string the html pagingcode
+	 */
+	public function getHtmlPagingCode($baseurl)
+	{
+		if ($this->entriesperpage == 0) {
+			return '';
+		} else {
+			$pages = intval($this->entries / $this->entriesperpage);
+		}
+
+		if ($this->entries % $this->entriesperpage != 0) {
+			$pages ++;
+		}
+
+		if ($pages > 1) {
+
+			$start = $this->pageno - 4;
+			if ($start < 1) {
+				$start = 1;
+			}
+
+			$stop = $this->pageno + 4;
+			if ($stop > $pages) {
+				$stop = $pages;
+			}
+
+			$pagingcode = '<a href="' . htmlspecialchars($baseurl) . '&amp;pageno=1">&laquo;</a> <a href="' . htmlspecialchars($baseurl) . '&amp;pageno=' . ((intval($this->pageno) - 1) == 0 ? '1' : intval($this->pageno) - 1) . '">&lt;</a>&nbsp;';
+			for ($i = $start; $i <= $stop; $i ++) {
+				if ($i != $this->pageno) {
+					$pagingcode .= ' <a href="' . htmlspecialchars($baseurl) . '&amp;pageno=' . $i . '">' . $i . '</a>&nbsp;';
+				} else {
+					$pagingcode .= ' <strong>' . $i . '</strong>&nbsp;';
+				}
+			}
+			$pagingcode .= ' <a href="' . htmlspecialchars($baseurl) . '&amp;pageno=' . ((intval($this->pageno) + 1) > $pages ? $pages : intval($this->pageno) + 1) . '">&gt;</a> <a href="' . $baseurl . '&amp;pageno=' . $pages . '">&raquo;</a>';
+		} else {
+			$pagingcode = '';
+		}
+
+		return $pagingcode;
+	}
+}

lib/formfields/admin/domains/formfield.domains_add.php

@@ -180,6 +180,20 @@ return array(
 				'image' => 'icons/domain_add.png',
 				'visible' => \Froxlor\Settings::Get('system.use_ssl') == '1' ? true : false,
 				'fields' => array(
+					'sslenabled' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_sslenabled'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
+						)
+					),
 					'no_ssl_available_info' => array(
 						'visible' => ($ssl_ipsandports == '' ? true : false),
 						'label' => 'SSL',
@@ -356,6 +370,32 @@ return array(
 							)
 						),
 						'value' => array()
+					),
+					'honorcipherorder' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_honorcipherorder'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+					'sessiontickets' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd',
+						'label' => $lng['admin']['domain_sessiontickets'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
+						)
 					)
 				)
 			),

lib/formfields/admin/domains/formfield.domains_edit.php

@@ -159,7 +159,7 @@ return array(
 							)
 						),
 						'value' => array(
-							'1'
+							\Froxlor\Settings::Get('system.apply_specialsettings_default') == 1 ? '1' : ''
 						)
 					),
 					'notryfiles' => array(
@@ -212,6 +212,20 @@ return array(
 				'image' => 'icons/domain_edit.png',
 				'visible' => \Froxlor\Settings::Get('system.use_ssl') == '1' ? true : false,
 				'fields' => array(
+					'sslenabled' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_sslenabled'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['ssl_enabled']
+						)
+					),
 					'no_ssl_available_info' => array(
 						'visible' => ($ssl_ipsandports == '' ? true : false),
 						'label' => 'SSL',
@@ -290,7 +304,7 @@ return array(
 						'label' => $lng['serversettings']['ssl']['ssl_protocols']['title'],
 						'desc' => $lng['serversettings']['ssl']['ssl_protocols']['description'],
 						'type' => 'checkbox',
-						'value' => !empty($result['ssl_protocols']) ? explode(",", $result['ssl_protocols']) : explode(",", \Froxlor\Settings::Get('system.ssl_protocols')),
+						'value' => ! empty($result['ssl_protocols']) ? explode(",", $result['ssl_protocols']) : explode(",", \Froxlor\Settings::Get('system.ssl_protocols')),
 						'values' => array(
 							array(
 								'value' => 'TLSv1',
@@ -316,14 +330,14 @@ return array(
 						'label' => $lng['serversettings']['ssl']['ssl_cipher_list']['title'],
 						'desc' => $lng['serversettings']['ssl']['ssl_cipher_list']['description'],
 						'type' => 'text',
-						'value' => !empty($result['ssl_cipher_list']) ? $result['ssl_cipher_list'] : \Froxlor\Settings::Get('system.ssl_cipher_list')
+						'value' => ! empty($result['ssl_cipher_list']) ? $result['ssl_cipher_list'] : \Froxlor\Settings::Get('system.ssl_cipher_list')
 					),
 					'tlsv13_cipher_list' => array(
 						'visible' => (($ssl_ipsandports != '' ? true : false) && $userinfo['change_serversettings'] == '1' && \Froxlor\Settings::Get('system.webserver') == "apache2" && \Froxlor\Settings::Get('system.apache24') == 1 ? true : false),
 						'label' => $lng['serversettings']['ssl']['tlsv13_cipher_list']['title'],
 						'desc' => $lng['serversettings']['ssl']['tlsv13_cipher_list']['description'],
 						'type' => 'text',
-						'value' => !empty($result['tlsv13_cipher_list']) ? $result['tlsv13_cipher_list'] : \Froxlor\Settings::Get('system.tlsv13_cipher_list')
+						'value' => ! empty($result['tlsv13_cipher_list']) ? $result['tlsv13_cipher_list'] : \Froxlor\Settings::Get('system.tlsv13_cipher_list')
 					),
 					'ssl_specialsettings' => array(
 						'visible' => ($userinfo['change_serversettings'] == '1' ? true : false),
@@ -401,6 +415,34 @@ return array(
 						'value' => array(
 							$result['ocsp_stapling']
 						)
+					),
+					'honorcipherorder' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_honorcipherorder'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['ssl_honorcipherorder']
+						)
+					),
+					'sessiontickets' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd',
+						'label' => $lng['admin']['domain_sessiontickets'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['ssl_sessiontickets']
+						)
 					)
 				)
 			),
@@ -453,7 +495,7 @@ return array(
 							)
 						),
 						'value' => array(
-							'1'
+							\Froxlor\Settings::Get('system.apply_phpconfigs_default') == 1 ? '1' : ''
 						)
 					),
 					'mod_fcgid_starter' => array(

lib/formfields/customer/domains/formfield.domains_add.php

@@ -83,6 +83,19 @@ return array(
 				'image' => 'icons/domain_add.png',
 				'visible' => \Froxlor\Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false,
 				'fields' => array(
+					'sslenabled' => array(
+						'label' => $lng['admin']['domain_sslenabled'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
+						)
+					),
 					'ssl_redirect' => array(
 						'label' => $lng['domains']['ssl_redirect']['title'],
 						'desc' => $lng['domains']['ssl_redirect']['description'],

lib/formfields/customer/domains/formfield.domains_edit.php

@@ -99,6 +99,19 @@ return array(
 				'image' => 'icons/domain_edit.png',
 				'visible' => \Froxlor\Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (\Froxlor\Domain\Domain::domainHasSslIpPort($result['id']) ? true : false) : false) : false,
 				'fields' => array(
+					'sslenabled' => array(
+						'label' => $lng['admin']['domain_sslenabled'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['ssl_enabled']
+						)
+					),
 					'ssl_redirect' => array(
 						'label' => $lng['domains']['ssl_redirect']['title'],
 						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),

lng/english.lng.php

@@ -1853,7 +1853,7 @@ $lng['domains']['ssl_redirect_temporarilydisabled'] = "<br>The SSL redirect is t
 $lng['serversettings']['caa_entry']['title'] = 'Generate CAA DNS records';
 $lng['serversettings']['caa_entry']['description'] = 'Automatically generates CAA records for SSL-enabled domains that are using Let\'s Encrypt';
 $lng['serversettings']['caa_entry_custom']['title'] = 'Additional CAA DNS records';
-$lng['serversettings']['caa_entry_custom']['description']  = 'DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism which allows domain name holders to indicate to certificate authorities<br>whether they are authorized to issue digital certificates for a particular domain name. It does this by means of a new "CAA" Domain Name System (DNS) resource record.<br><br>The content of this field will be included into the DNS zone directly (each line results in a CAA record).<br>If Let\'s Encrypt is enabled for this domain, this entry will always be added automatically and does not need to be added manually:<br><code>0 issue "letsencrypt.org"</code> (If domain is a wildcard domain, issuewild will be used instead).<br>To enable Incident Reporting, you can add an <code>iodef</code> record. An example for sending such report to <code>me@example.com</code> would be:<br><code>0 iodef "mailto:me@example.com"</code><br><br><strong>Attention:</strong> The code won\'t be checked for any errors. If it contains errors, your CAA records might not work!';
+$lng['serversettings']['caa_entry_custom']['description'] = 'DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism which allows domain name holders to indicate to certificate authorities<br>whether they are authorized to issue digital certificates for a particular domain name. It does this by means of a new "CAA" Domain Name System (DNS) resource record.<br><br>The content of this field will be included into the DNS zone directly (each line results in a CAA record).<br>If Let\'s Encrypt is enabled for this domain, this entry will always be added automatically and does not need to be added manually:<br><code>0 issue "letsencrypt.org"</code> (If domain is a wildcard domain, issuewild will be used instead).<br>To enable Incident Reporting, you can add an <code>iodef</code> record. An example for sending such report to <code>me@example.com</code> would be:<br><code>0 iodef "mailto:me@example.com"</code><br><br><strong>Attention:</strong> The code won\'t be checked for any errors. If it contains errors, your CAA records might not work!';
 
 // Autoupdate
 $lng['admin']['autoupdate'] = 'Auto-Update';
@@ -2079,3 +2079,9 @@ $lng['admin']['ownsslvhostsettings'] = 'Own SSL vHost-settings';
 $lng['admin']['ipsandports']['ssl_default_vhostconf_domain'] = 'Default SSL vHost-settings for every domain container';
 $lng['customer']['total_diskspace'] = 'Total diskspace (MiB)';
 $lng['admin']['domain_override_tls'] = 'Override system TLS settings';
+$lng['domains']['isaliasdomainof'] = 'Is aliasdomain for %s';
+$lng['serversettings']['apply_specialsettings_default']['title'] = 'Default value for "' . $lng['admin']['specialsettingsforsubdomains'] . "' setting when editing a domain";
+$lng['serversettings']['apply_phpconfigs_default']['title'] = 'Default value for "' . $lng['admin']['phpsettingsforsubdomains'] . "' setting when editing a domain";
+$lng['admin']['domain_sslenabled'] = 'Enable usage of SSL';
+$lng['admin']['domain_honorcipherorder'] = 'Honor the (server) cipher order, default <strong>no</strong>';
+$lng['admin']['domain_sessiontickets'] = 'Enable TLS sessiontickets (RFC 5077), default <strong>yes</strong>';

lng/german.lng.php

@@ -1726,3 +1726,9 @@ $lng['admin']['ownsslvhostsettings'] = 'Eigene SSL vHost-Einstellungen';
 $lng['admin']['ipsandports']['ssl_default_vhostconf_domain'] = 'Standard SSL vHost-Einstellungen für jeden Domain-Container';
 $lng['customer']['total_diskspace'] = 'Gesamtspeicherplatz (MiB)';
 $lng['admin']['domain_override_tls'] = 'Überschreibe System TLS Einstellungen';
+$lng['domains']['isaliasdomainof'] = 'Ist Aliasdomain für %s';
+$lng['serversettings']['apply_specialsettings_default']['title'] = 'Standardwert für "' . $lng['admin']['specialsettingsforsubdomains'] . "' Einstellung beim Bearbeiten einer Domain";
+$lng['serversettings']['apply_phpconfigs_default']['title'] = 'Standardwert für "' . $lng['admin']['phpsettingsforsubdomains'] . "' Einstellung beim Bearbeiten einer Domain";
+$lng['admin']['domain_sslenabled'] = 'Aktiviere Nutzung von SSL';
+$lng['admin']['domain_honorcipherorder'] = 'Bevorzuge die serverseitige Cipher Reihenfolge, Standardwert <strong>nein</strong>';
+$lng['admin']['domain_sessiontickets'] = 'Aktiviere TLS Sessiontickets (RFC 5077), Standardwert <strong>ja</strong>';

templates/Sparkle/admin/domains/domains_domain.tpl

@@ -41,8 +41,5 @@
 				</a>
 			</if>
 		</if>
-		<if isset($row['domainaliasid']) && $row['domainaliasid'] != 0>
-			&nbsp;<a href="{$linker->getLink(array('section' => 'domains', 'page' => $page, 'searchfield' => 'd.aliasdomain', 'searchtext' => $row['id']))}">{$lng['domains']['hasaliasdomains']}</a>
-		</if>
 	</td>
 </tr>

tests/Domains/DomainsTest.php

@@ -26,7 +26,7 @@ class DomainsTest extends TestCase
 		))->get();
 		$customer_userdata = json_decode($json_result, true)['data'];
 		$data = [
-			'domain' => 'test.local',
+			'domain' => 'TEST.local',
 			'customerid' => $customer_userdata['customerid'],
 			'override_tls' => 1,
 			'ssl_protocols' => array(

tests/Mysqls/MysqlsTest.php

@@ -4,6 +4,7 @@ use PHPUnit\Framework\TestCase;
 use Froxlor\Api\Commands\Admins;
 use Froxlor\Api\Commands\Customers;
 use Froxlor\Api\Commands\Mysqls;
+use Froxlor\Database\Database;
 
 /**
  *
@@ -12,6 +13,8 @@ use Froxlor\Api\Commands\Mysqls;
  * @covers \Froxlor\Api\Commands\Mysqls
  * @covers \Froxlor\Api\Commands\Customers
  * @covers \Froxlor\Api\Commands\Admins
+ * @covers \Froxlor\Database\DbManager
+ * @covers \Froxlor\Database\Manager\DbManagerMySQL
  */
 class MysqlsTest extends TestCase
 {
@@ -36,7 +39,7 @@ class MysqlsTest extends TestCase
 		$result = json_decode($json_result, true)['data'];
 		$this->assertEquals('testdb', $result['description']);
 		$this->assertEquals(0, $result['dbserver']);
-		
+
 		// test connection
 		try {
 			$test_conn = new \PDO("mysql:host=127.0.0.1", 'test1sql1', $newPwd);
@@ -166,4 +169,39 @@ class MysqlsTest extends TestCase
 		$result = json_decode($json_result, true)['data'];
 		$this->assertEquals('test1sql1', $result['databasename']);
 	}
+
+	/**
+	 *
+	 * @depends testCustomerMysqlsAdd
+	 */
+	public function testGetAllSqlUsers()
+	{
+		\Froxlor\Database\Database::needRoot(true);
+		$dbm = new \Froxlor\Database\DbManager(\Froxlor\FroxlorLogger::getInstanceOf());
+		$users = $dbm->getManager()->getAllSqlUsers(false);
+		foreach ($users as $user => $data) {
+			$this->assertNotEmpty($data['password'], 'No password for user "' . $user . '"');
+		}
+
+		if (TRAVIS_CI == 0) {
+			// just to be sure, not required for travis as the vm is fresh every time
+			Database::needRoot(true);
+			Database::query("DROP USER IF EXISTS froxlor010@10.0.0.10;");
+		}
+
+		// grant privileges to another host
+		$testdata = $users['froxlor010'];
+		$dbm->getManager()->grantPrivilegesTo('froxlor010', $testdata['password'], '10.0.0.10', true);
+
+		// select all entries from mysql.user for froxlor010 to compare password-hashes
+		$sel_stmt = Database::prepare("SELECT * FROM mysql.user WHERE `User` = :usr");
+		Database::pexecute($sel_stmt, [
+			'usr' => 'froxlor010'
+		]);
+		$results = $sel_stmt->fetchAll(\PDO::FETCH_ASSOC);
+		foreach ($results as $user) {
+			$passwd = $user['Password'] ?? $user['authentication_string'];
+			$this->assertEquals($testdata['password'], $passwd);
+		}
+	}
 }

tests/SubDomains/SubDomainsTest.php

@@ -28,7 +28,7 @@ class SubDomainsTest extends TestCase
 		$customer_userdata = json_decode($json_result, true)['data'];
 
 		$data = [
-			'subdomain' => 'mysub',
+			'subdomain' => 'mySub',
 			'domain' => 'test2.local'
 		];
 		$json_result = SubDomains::getLocal($customer_userdata, $data)->add();
@@ -47,7 +47,7 @@ class SubDomainsTest extends TestCase
 		$reseller_userdata['adminsession'] = 1;
 
 		$data = [
-			'subdomain' => 'mysub2',
+			'subdomain' => 'mySub2',
 			'domain' => 'test2.local',
 			'customerid' => 1
 		];