set version to 0.9.37 for upcoming release

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
Update phpMailer to version 5.2.16
2016-08-02 08:51:34 +02:00 · 2016-08-02 08:50:22 +02:00 · 2016-08-02 07:58:23 +02:00 · 2016-08-01 15:05:58 +02:00 · 2016-08-01 15:03:48 +02:00 · 2016-08-01 08:47:45 +02:00
1264 changed files with 45213 additions and 86215 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,9 +1,17 @@
-lib/classes/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/*/
-templates/*
-logs/*
 install/update.log
+templates/*
+lib/userdata.inc.php
+logs/*
 .buildpath
 .project
 .settings/
 *.diff
 *~
+.well-known
+.idea
+*.iml
+
+!templates/Froxlor/
+!templates/Sparkle/
+!templates/misc/
+templates/Froxlor/assets/img/logo_custom.png
--- a/README.md
+++ b/README.md
@@ -51,10 +51,24 @@ http://files.froxlor.org/releases/froxlor-latest.tar.gz [MD5](http://files.froxl
 [HowTo](http://redmine.froxlor.org/projects/froxlor/wiki/Installationdebian)

 /etc/apt/sources.list.d/froxlor.list
-> deb http://debian.froxlor.org [squeeze|wheezy] main
+> deb http://debian.froxlor.org {wheezy|jessie} main

 ### Gentoo repository

 [HowTo](http://redmine.froxlor.org/projects/froxlor/wiki/Installationgentoo)

 http://files.froxlor.org/gentoo/repositories.xml
+
+## Let's Encrypt support
+
+This version of Froxlor contains a test implementation of support for [Let's Encrypt](https://letsencrypt.org). This is (as Let's Encrypt is in itself)
+still a beta version and may break your system. The way it currently works is by creating a (sub-)domain with the default system - certificate,
+after which the Let's Encrypt cronjob orders the certificate for this (sub-)domain and inserts the certificates in the database. With the next run
+of the default cronjob, the certificates will be updated on the disk and the webserver reloaded.
+
+This has 2 known side-effects at the moment:
+* The basic ip/port combinations don't work with the Froxlor - integration of Let's Encrypt, since it needs a certificate for the very first creation
+* After creating a domain, it will have the default certificate for a short time (by default 5 minutes until the cronjob runs the next time)
+
+It may be possible to fix these issues, but they are not a priority at the moment
+
--- a/actions/admin/settings/100.panel.php
+++ b/actions/admin/settings/100.panel.php
@@ -93,23 +93,6 @@ return array(
 					'option_options' => array('Manual' => $lng['serversettings']['manual'], 'Dropdown' => $lng['serversettings']['dropdown']),
 					'save_method' => 'storeSettingField',
 					),
-				'use_webfonts' => array(
-					'label' => $lng['serversettings']['enablewebfonts'],
-					'settinggroup' => 'panel',
-					'varname' => 'use_webfonts',
-					'type' => 'bool',
-					'default' => true,
-					'save_method' => 'storeSettingField',
-					),
-				'webfont' => array(
-					'label' => $lng['serversettings']['definewebfont']['title'],
-					'settinggroup' => 'panel',
-					'varname' => 'webfont',
-					'type' => 'string',
-					'default' => 'Numans',
-					'string_emptyallowed' => false,
-					'save_method' => 'storeSettingField',
-					),
 				'panel_adminmail' => array(
 					'label' => $lng['serversettings']['adminmail'],
 					'settinggroup' => 'panel',
@@ -199,7 +182,25 @@ return array(
 					'settinggroup' => 'admin',
 					'varname' => 'show_news_feed',
 					'type' => 'bool',
-					'default' => true,
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'customer_show_news_feed' => array(
+					'label' => $lng['admin']['customer_show_news_feed'],
+					'settinggroup' => 'customer',
+					'varname' => 'show_news_feed',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'customer_news_feed_url' => array(
+					'label' => $lng['admin']['customer_news_feed_url'],
+					'settinggroup' => 'customer',
+					'varname' => 'news_feed_url',
+					'type' => 'string',
+					'string_type' => 'url',
+					'string_emptyallowed' => true,
+					'default' => '',
 					'save_method' => 'storeSettingField',
 					),
 				'panel_allow_domain_change_admin' => array(
@@ -226,6 +227,30 @@ return array(
 					'default' => false,
 					'save_method' => 'storeSettingField',
 					),
+				'panel_customer_hide_options' => array(
+					'label' => $lng['serversettings']['panel_customer_hide_options'],
+					'settinggroup' => 'panel',
+					'varname' => 'customer_hide_options',
+					'type' => 'option',
+					'default' => '',
+					'option_mode' => 'multiple',
+					'option_options' => array(
+						'email'                       => $lng['menue']['email']['email'],
+						'mysql'                       => $lng['menue']['mysql']['mysql'],
+						'domains'                     => $lng['menue']['domains']['domains'],
+						'ftp'                         => $lng['menue']['ftp']['ftp'],
+						'extras'                      => $lng['menue']['extras']['extras'],
+						'extras.directoryprotection'  => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['directoryprotection'],
+						'extras.pathoptions'          => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['pathoptions'],
+						'extras.logger'               => $lng['menue']['extras']['extras']." / ".$lng['menue']['logger']['logger'],
+						'extras.backup'               => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['backup'],
+						'traffic'                     => $lng['menue']['traffic']['traffic'],
+						'traffic.http'                => $lng['menue']['traffic']['traffic']." / HTTP",
+						'traffic.ftp'                 => $lng['menue']['traffic']['traffic']." / FTP",
+						'traffic.mail'                => $lng['menue']['traffic']['traffic']." / Mail",
+					),
+					'save_method' => 'storeSettingField',
+					),
 				),
 			),
 		),
--- a/actions/admin/settings/110.accounts.php
+++ b/actions/admin/settings/110.accounts.php
@@ -70,6 +70,46 @@ return array(
 					'default' => 0,
 					'save_method' => 'storeSettingField',
 					),
+				'panel_password_alpha_lower' => array(
+					'label' => $lng['serversettings']['panel_password_alpha_lower'],
+					'settinggroup' => 'panel',
+					'varname' => 'password_alpha_lower',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'panel_password_alpha_upper' => array(
+					'label' => $lng['serversettings']['panel_password_alpha_upper'],
+					'settinggroup' => 'panel',
+					'varname' => 'password_alpha_upper',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'panel_password_numeric' => array(
+					'label' => $lng['serversettings']['panel_password_numeric'],
+					'settinggroup' => 'panel',
+					'varname' => 'password_numeric',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'panel_password_special_char_required' => array(
+					'label' => $lng['serversettings']['panel_password_special_char_required'],
+					'settinggroup' => 'panel',
+					'varname' => 'password_special_char_required',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'panel_password_special_char' => array(
+					'label' => $lng['serversettings']['panel_password_special_char'],
+					'settinggroup' => 'panel',
+					'varname' => 'password_special_char',
+					'type' => 'string',
+					'default' => '!?<>§$%+#=@',
+					'save_method' => 'storeSettingField',
+					),
 				'panel_password_regex' => array(
 					'label' => $lng['serversettings']['panel_password_regex'],
 					'settinggroup' => 'panel',
@@ -143,11 +183,19 @@ return array(
 								'varname' => 'allow_preset',
 							),
 							'onlyif' => 1
-						)
-					),
+					)
+				),
+				'system_backupenabled' => array(
+					'label' => $lng['serversettings']['backupenabled'],
+					'settinggroup' => 'system',
+					'varname' => 'backupenabled',
+					'type' => 'bool',
+					'default' => false,
+					'cronmodule' => 'froxlor/backup',
+					'save_method' => 'storeSettingField'
 				),
 			),
 		),
-	);
+	)
+);

-?>
--- a/actions/admin/settings/120.system.php
+++ b/actions/admin/settings/120.system.php
@@ -55,7 +55,7 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'defaultip',
 					'type' => 'option',
-					'option_mode' => 'one',
+					'option_mode' => 'multiple',
 					'option_options_method' => 'getIpPortCombinations',
 					'default' => '',
 					'save_method' => 'storeSettingDefaultIp',
@@ -145,7 +145,7 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'report_webmax',
 					'type' => 'int',
-					'int_min' => 1,
+					'int_min' => 0,
 					'int_max' => 150,
 					'default' => 90,
 					'save_method' => 'storeSettingField',
@@ -155,7 +155,7 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'report_trafficmax',
 					'type' => 'int',
-					'int_min' => 1,
+					'int_min' => 0,
 					'int_max' => 150,
 					'default' => 90,
 					'save_method' => 'storeSettingField',
--- a/actions/admin/settings/125.cronjob.php
+++ b/actions/admin/settings/125.cronjob.php
@@ -29,6 +29,14 @@ return array(
 					'default' => '/etc/cron.d/froxlor',
 					'save_method' => 'storeSettingField',
 					),
+				'system_croncmdline' => array(
+					'label' => $lng['serversettings']['system_croncmdline'],
+					'settinggroup' => 'system',
+					'varname' => 'croncmdline',
+					'type' => 'string',
+					'default' => '/usr/bin/nice -n 5 /usr/bin/php -q',
+					'save_method' => 'storeSettingField',
+					),
 				'system_crondreload' => array(
 					'label' => $lng['serversettings']['system_crondreload'],
 					'settinggroup' => 'system',
@@ -36,7 +44,15 @@ return array(
 					'type' => 'string',
 					'default' => '/etc/init.d/cron reload',
 					'save_method' => 'storeSettingField',
-				),
+					),
+				'system_cron_allowautoupdate' => array(
+					'label' => $lng['serversettings']['system_cron_allowautoupdate'],
+					'settinggroup' => 'system',
+					'varname' => 'cron_allowautoupdate',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
 				'system_debug_cron' => array(
 					'label' => $lng['serversettings']['cron']['debug'],
 					'settinggroup' => 'system',
--- a/actions/admin/settings/130.webserver.php
+++ b/actions/admin/settings/130.webserver.php
@@ -16,7 +16,6 @@
 * @package    Settings
 *
 */
-
 return array(
 	'groups' => array(
 		'webserver' => array(
@@ -29,11 +28,15 @@ return array(
 					'type' => 'option',
 					'default' => 'apache2',
 					'option_mode' => 'one',
-					'option_options' => array('apache2' => 'Apache 2', 'lighttpd' => 'ligHTTPd', 'nginx' => 'Nginx'),
+					'option_options' => array(
+						'apache2' => 'Apache 2',
+						'lighttpd' => 'ligHTTPd',
+						'nginx' => 'Nginx'
+					),
 					'save_method' => 'storeSettingField',
 					'plausibility_check_method' => 'checkPhpInterfaceSetting',
 					'overview_option' => true
-					),
+				),
 				'system_apache_24' => array(
 					'label' => $lng['serversettings']['apache_24'],
 					'settinggroup' => 'system',
@@ -41,24 +44,38 @@ return array(
 					'type' => 'bool',
 					'default' => false,
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
+					'websrv_avail' => array(
+						'apache2'
+					)
+				),
+				'system_apache_itksupport' => array(
+					'label' => $lng['serversettings']['apache_itksupport'],
+					'settinggroup' => 'system',
+					'varname' => 'apacheitksupport',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => (Settings::Get('system.mod_fcgid') == 0 && Settings::Get('phpfpm.enabled') == 0),
+					'websrv_avail' => array(
+						'apache2'
+					)
+				),
 				'system_httpuser' => array(
 					'label' => $lng['admin']['webserver_user'],
 					'settinggroup' => 'system',
 					'varname' => 'httpuser',
 					'type' => 'string',
 					'default' => 'www-data',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingWebserverFcgidFpmUser'
+				),
 				'system_httpgroup' => array(
 					'label' => $lng['admin']['webserver_group'],
 					'settinggroup' => 'system',
 					'varname' => 'httpgroup',
 					'type' => 'string',
 					'default' => 'www-data',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_apacheconf_vhost' => array(
 					'label' => $lng['serversettings']['apacheconf_vhost'],
 					'settinggroup' => 'system',
@@ -66,8 +83,8 @@ return array(
 					'type' => 'string',
 					'string_type' => 'filedir',
 					'default' => '/etc/apache2/sites-enabled/',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_apacheconf_diroptions' => array(
 					'label' => $lng['serversettings']['apacheconf_diroptions'],
 					'settinggroup' => 'system',
@@ -75,8 +92,8 @@ return array(
 					'type' => 'string',
 					'string_type' => 'filedir',
 					'default' => '/etc/apache2/sites-enabled/',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_apacheconf_htpasswddir' => array(
 					'label' => $lng['serversettings']['apacheconf_htpasswddir'],
 					'settinggroup' => 'system',
@@ -84,8 +101,8 @@ return array(
 					'type' => 'string',
 					'string_type' => 'confdir',
 					'default' => '/etc/apache2/htpasswd/',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_logfiles_directory' => array(
 					'label' => $lng['serversettings']['logfiles_directory'],
 					'settinggroup' => 'system',
@@ -93,8 +110,8 @@ return array(
 					'type' => 'string',
 					'string_type' => 'dir',
 					'default' => '/var/customers/logs/',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_customersslpath' => array(
 					'label' => $lng['serversettings']['customerssl_directory'],
 					'settinggroup' => 'system',
@@ -102,8 +119,8 @@ return array(
 					'type' => 'string',
 					'string_type' => 'confdir',
 					'default' => '/etc/ssl/froxlor-custom/',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_phpappendopenbasedir' => array(
 					'label' => $lng['serversettings']['phpappendopenbasedir'],
 					'settinggroup' => 'system',
@@ -111,8 +128,8 @@ return array(
 					'type' => 'string',
 					'string_emptyallowed' => true,
 					'default' => '',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_deactivateddocroot' => array(
 					'label' => $lng['serversettings']['deactivateddocroot'],
 					'settinggroup' => 'system',
@@ -121,24 +138,36 @@ return array(
 					'string_type' => 'dir',
 					'string_emptyallowed' => true,
 					'default' => '',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_default_vhostconf' => array(
 					'label' => $lng['serversettings']['default_vhostconf'],
 					'settinggroup' => 'system',
 					'varname' => 'default_vhostconf',
 					'type' => 'text',
 					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_apache_globaldiropt' => array(
+					'label' => $lng['serversettings']['apache_globaldiropt'],
+					'settinggroup' => 'system',
+					'varname' => 'apacheglobaldiropt',
+					'type' => 'text',
+					'default' => '',
 					'save_method' => 'storeSettingField',
-					),
+					'visible' => (Settings::Get('system.mod_fcgid') == 0 && Settings::Get('phpfpm.enabled') == 0),
+					'websrv_avail' => array(
+						'apache2'
+					)
+				),
 				'system_apachereload_command' => array(
 					'label' => $lng['serversettings']['apachereload_command'],
 					'settinggroup' => 'system',
 					'varname' => 'apachereload_command',
 					'type' => 'string',
 					'default' => '/etc/init.d/apache2 reload',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_phpreload_command' => array(
 					'label' => $lng['serversettings']['phpreload_command'],
 					'settinggroup' => 'system',
@@ -146,8 +175,10 @@ return array(
 					'type' => 'string',
 					'default' => '',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('nginx')
-					),
+					'websrv_avail' => array(
+						'nginx'
+					)
+				),
 				'system_nginx_php_backend' => array(
 					'label' => $lng['serversettings']['nginx_php_backend'],
 					'settinggroup' => 'system',
@@ -155,8 +186,10 @@ return array(
 					'type' => 'string',
 					'default' => '127.0.0.1:8888',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('nginx')
-					),
+					'websrv_avail' => array(
+						'nginx'
+					)
+				),
 				'nginx_fastcgiparams' => array(
 					'label' => $lng['serversettings']['nginx_fastcgiparams'],
 					'settinggroup' => 'nginx',
@@ -165,16 +198,18 @@ return array(
 					'string_type' => 'file',
 					'default' => '/etc/nginx/fastcgi_params',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('nginx')
-					),
+					'websrv_avail' => array(
+						'nginx'
+					)
+				),
 				'defaultwebsrverrhandler_enabled' => array(
 					'label' => $lng['serversettings']['defaultwebsrverrhandler_enabled'],
 					'settinggroup' => 'defaultwebsrverrhandler',
 					'varname' => 'enabled',
 					'type' => 'bool',
 					'default' => false,
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'defaultwebsrverrhandler_err401' => array(
 					'label' => $lng['serversettings']['defaultwebsrverrhandler_err401'],
 					'settinggroup' => 'defaultwebsrverrhandler',
@@ -182,8 +217,11 @@ return array(
 					'type' => 'string',
 					'default' => '',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2', 'nginx')
-					),
+					'websrv_avail' => array(
+						'apache2',
+						'nginx'
+					)
+				),
 				'defaultwebsrverrhandler_err403' => array(
 					'label' => $lng['serversettings']['defaultwebsrverrhandler_err403'],
 					'settinggroup' => 'defaultwebsrverrhandler',
@@ -191,16 +229,19 @@ return array(
 					'type' => 'string',
 					'default' => '',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2', 'nginx')
-					),
+					'websrv_avail' => array(
+						'apache2',
+						'nginx'
+					)
+				),
 				'defaultwebsrverrhandler_err404' => array(
 					'label' => $lng['serversettings']['defaultwebsrverrhandler_err404'],
 					'settinggroup' => 'defaultwebsrverrhandler',
 					'varname' => 'err404',
 					'type' => 'string',
 					'default' => '',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'defaultwebsrverrhandler_err500' => array(
 					'label' => $lng['serversettings']['defaultwebsrverrhandler_err500'],
 					'settinggroup' => 'defaultwebsrverrhandler',
@@ -208,8 +249,11 @@ return array(
 					'type' => 'string',
 					'default' => '',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2', 'nginx')
-					),
+					'websrv_avail' => array(
+						'apache2',
+						'nginx'
+					)
+				),
 				'customredirect_enabled' => array(
 					'label' => $lng['serversettings']['customredirect_enabled'],
 					'settinggroup' => 'customredirect',
@@ -217,8 +261,11 @@ return array(
 					'type' => 'bool',
 					'default' => false,
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2', 'lighttpd')
-					),
+					'websrv_avail' => array(
+						'apache2',
+						'lighttpd'
+					)
+				),
 				'customredirect_default' => array(
 					'label' => $lng['serversettings']['customredirect_default'],
 					'settinggroup' => 'customredirect',
@@ -228,9 +275,12 @@ return array(
 					'option_mode' => 'one',
 					'option_options_method' => 'getRedirectCodes',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2', 'lighttpd')
+					'websrv_avail' => array(
+						'apache2',
+						'lighttpd'
 					)
 				)
 			)
 		)
-	);
+	)
+);
--- a/actions/admin/settings/131.ssl.php
+++ b/actions/admin/settings/131.ssl.php
@@ -37,7 +37,7 @@ return array(
 									'varname' => 'ssl_cipher_list',
 									'type' => 'string',
 									'string_emptyallowed' => false,
-									'default' => 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH',
+									'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128',
 									'save_method' => 'storeSettingField',
 							),
 							'system_ssl_cert_file' => array(
@@ -79,7 +79,70 @@ return array(
 									'string_emptyallowed' => true,
 									'default' => '',
 									'save_method' => 'storeSettingField',
-							)
+							),
+							'system_leenabled' => array(
+							        'label' => $lng['serversettings']['leenabled'],
+							        'settinggroup' => 'system',
+							        'varname' => 'leenabled',
+							        'type' => 'bool',
+							        'default' => false,
+							        'cronmodule' => 'froxlor/letsencrypt',
+							        'save_method' => 'storeSettingField'
+							),
+							'system_letsencryptca' => array(
+									'label' => $lng['serversettings']['letsencryptca'],
+									'settinggroup' => 'system',
+									'varname' => 'letsencryptca',
+									'type' => 'option',
+									'default' => 'testing',
+									'option_mode' => 'one',
+									'option_options' => array('testing' => 'https://acme-staging.api.letsencrypt.org (Test)', 'production' => 'https://acme-v01.api.letsencrypt.org (Live)'),
+									'save_method' => 'storeSettingField',
+							),
+							'system_letsencryptcountrycode' => array(
+									'label' => $lng['serversettings']['letsencryptcountrycode'],
+									'settinggroup' => 'system',
+									'varname' => 'letsencryptcountrycode',
+									'type' => 'string',
+									'string_emptyallowed' => false,
+									'default' => 'DE',
+									'save_method' => 'storeSettingField',
+							),
+							'system_letsencryptstate' => array(
+									'label' => $lng['serversettings']['letsencryptstate'],
+									'settinggroup' => 'system',
+									'varname' => 'letsencryptstate',
+									'type' => 'string',
+									'string_emptyallowed' => false,
+									'default' => 'Hessen',
+									'save_method' => 'storeSettingField',
+							),
+							'system_letsencryptchallengepath' => array(
+									'label' => $lng['serversettings']['letsencryptchallengepath'],
+									'settinggroup' => 'system',
+									'varname' => 'letsencryptchallengepath',
+									'type' => 'string',
+									'string_emptyallowed' => false,
+									'default' => FROXLOR_INSTALL_DIR,
+									'save_method' => 'storeSettingField',
+							),
+							'system_letsencryptkeysize' => array(
+									'label' => $lng['serversettings']['letsencryptkeysize'],
+									'settinggroup' => 'system',
+									'varname' => 'letsencryptkeysize',
+									'type' => 'int',
+									'int_min' => 2048,
+									'default' => 4096,
+									'save_method' => 'storeSettingField',
+							),
+							'system_letsencryptreuseold' => array(
+									'label' => $lng['serversettings']['letsencryptreuseold'],
+									'settinggroup' => 'system',
+									'varname' => 'letsencryptreuseold',
+									'type' => 'bool',
+									'default' => false,
+									'save_method' => 'storeSettingField',
+							),
 					)
 			)
 		)
--- a/actions/admin/settings/135.fcgid.php
+++ b/actions/admin/settings/135.fcgid.php
@@ -112,7 +112,7 @@ return array(
 					'varname' => 'mod_fcgid_httpuser',
 					'type' => 'string',
 					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingWebserverFcgidFpmUser',
 					'websrv_avail' => array('apache2')
 					),
 				'system_mod_fcgid_httpgroup' => array(
--- a/actions/admin/settings/136.phpfpm.php
+++ b/actions/admin/settings/136.phpfpm.php
@@ -44,7 +44,7 @@ return array(
 					'varname' => 'vhost_httpuser',
 					'type' => 'string',
 					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField'
+					'save_method' => 'storeSettingWebserverFcgidFpmUser'
 					),
 				'system_phpfpm_httpgroup' => array(
 					'label' => $lng['phpfpm']['vhost_httpgroup'],
@@ -185,9 +185,16 @@ return array(
 					'default' => 30,
 					'save_method' => 'storeSettingField'
 					),
+				'system_phpfpm_use_mod_proxy' => array(
+					'label' => $lng['phpfpm']['use_mod_proxy'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'use_mod_proxy',
+					'type' => 'bool',
+					'default' => false,
+					'visible' => Settings::Get('system.apache24'),
+					'save_method' => 'storeSettingField'
+					),
 				),
 			),
 		),
 	);
-
-?>
--- a/actions/admin/settings/160.nameserver.php
+++ b/actions/admin/settings/160.nameserver.php
@@ -31,6 +31,24 @@ return array(
 					'save_method' => 'storeSettingField',
 					'overview_option' => true
 					),
+				'system_dnsenabled' => array(
+					'label' => $lng['serversettings']['dnseditorenable'],
+					'settinggroup' => 'system',
+					'varname' => 'dnsenabled',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+					),
+				'system_dns_server' => array(
+					'label' => $lng['serversettings']['dns_server'],
+					'settinggroup' => 'system',
+					'varname' => 'dns_server',
+					'type' => 'option',
+					'default' => 'bind',
+					'option_mode' => 'one',
+					'option_options' => array('bind' => 'Bind9', 'pdns' => 'PowerDNS'),
+					'save_method' => 'storeSettingField'
+				),
 				'system_bindconf_directory' => array(
 					'label' => $lng['serversettings']['bindconf_directory'],
 					'settinggroup' => 'system',
@@ -73,11 +91,20 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'axfrservers',
 					'type' => 'string',
-					'string_type' => 'validate_ip',
+					'string_type' => 'validate_ip_incl_private',
+					'string_delimiter' => ',',
 					'string_emptyallowed' => true,
 					'default' => '',
 					'save_method' => 'storeSettingField',
 				),
+				'system_dns_createhostnameentry' => array(
+					'label' => $lng['serversettings']['dns_createhostnameentry'],
+					'settinggroup' => 'system',
+					'varname' => 'dns_createhostnameentry',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
 				'system_dns_createmailentry' => array(
 					'label' => $lng['serversettings']['mail_also_with_mxservers'],
 					'settinggroup' => 'system',
--- a/actions/admin/settings/170.logger.php
+++ b/actions/admin/settings/170.logger.php
@@ -65,8 +65,14 @@ return array(
 					'label' => $lng['serversettings']['logger']['logcron'],
 					'settinggroup' => 'logger',
 					'varname' => 'log_cron',
-					'type' => 'bool',
-					'default' => false,
+					'type' => 'option',
+					'default' => 0,
+					'option_mode' => 'one',
+					'option_options' => array(
+							0 => $lng['serversettings']['logger']['logcronoption']['never'],
+							1 => $lng['serversettings']['logger']['logcronoption']['once'],
+							2 => $lng['serversettings']['logger']['logcronoption']['always']
+						),
 					'save_method' => 'storeSettingField',
 					),
 				),
@@ -74,4 +80,4 @@ return array(
 		)
 	);

-?>
+?>
--- a/actions/admin/settings/185.spf.php
+++ b/actions/admin/settings/185.spf.php
@@ -34,7 +34,7 @@ return array(
 					'settinggroup' => 'spf',
 					'varname' => 'spf_entry',
 					'type' => 'string',
-					'default' => '@	IN	TXT	"v=spf1 a mx -all"',
+					'default' => '"v=spf1 a mx -all"',
 					'save_method' => 'storeSettingField'
 					)
 				)
--- a/actions/admin/settings/210.security.php
+++ b/actions/admin/settings/210.security.php
@@ -45,7 +45,7 @@ return array(
 					'type' => 'option',
 					'default' => 0,
 					'option_mode' => 'one',
-					'option_options' => array(0 => $lng['serversettings']['systemdefault'], 1 => 'MD5', 2 => 'BLOWFISH', 3 => 'SHA-256', 4 => 'SHA-512'),
+					'option_options_method' => 'getAvailablePasswordHashes',
 					'save_method' => 'storeSettingField',
 					),
 				'system_allow_error_report_admin' => array(
--- a/admin_admins.php
+++ b/admin_admins.php
@@ -68,7 +68,7 @@ if ($page == 'admins'
 				// percent-values for progressbar
 				// For Disk usage
 				if ($row['diskspace'] > 0) {
-					$disk_percent = round(($row['diskspace_used']*100)/$row['diskspace'], 2);
+					$disk_percent = round(($row['diskspace_used']*100)/$row['diskspace'], 0);
 					$disk_doublepercent = round($disk_percent*2, 2);
 				} else {
 					$disk_percent = 0;
@@ -76,15 +76,26 @@ if ($page == 'admins'
 				}
 				// For Traffic usage
 				if ($row['traffic'] > 0) {
-					$traffic_percent = round(($row['traffic_used']*100)/$row['traffic'], 2);
+					$traffic_percent = round(($row['traffic_used']*100)/$row['traffic'], 0);
 					$traffic_doublepercent = round($traffic_percent*2, 2);
 				} else {
 					$traffic_percent = 0;
 					$traffic_doublepercent = 0;
 				}

+				// fix progress-bars if value is >100%
+				if ($disk_percent > 100) {
+					$disk_percent = 100;
+				}
+				if ($traffic_percent > 100) {
+					$traffic_percent = 100;
+				}
+
 				$row = str_replace_array('-1', 'UL', $row, 'customers domains diskspace traffic mysqls emails email_accounts email_forwarders email_quota ftps subdomains tickets');
 				$row = htmlentities_array($row);
+
+				$row['custom_notes'] = ($row['custom_notes'] != '') ? nl2br($row['custom_notes']) : '';
+
 				eval("\$admins.=\"" . getTemplate("admins/admins_admin") . "\";");
 				$count++;
 			}
@@ -144,7 +155,6 @@ if ($page == 'admins'
 		if ($result['loginname'] != '') {
 			if ($result['adminid'] == $userinfo['userid']) {
 				standard_error('youcantdeleteyourself');
-				exit;
 			}

 			if (isset($_POST['send'])
@@ -190,6 +200,12 @@ if ($page == 'admins'
 			$name = validate($_POST['name'], 'name');
 			$email = $idna_convert->encode(validate($_POST['email'], 'email'));

+			$custom_notes = validate(str_replace("\r\n", "\n", $_POST['custom_notes']), 'custom_notes', '/^[^\0]*$/');
+			$custom_notes_show = 0;
+			if (isset($_POST['custom_notes_show'])) {
+			    $custom_notes_show = intval_ressource($_POST['custom_notes_show']);
+			}
+
 			$loginname = validate($_POST['loginname'], 'loginname');
 			$password = validate($_POST['admin_password'], 'password');
 			$password = validatePassword($password);
@@ -358,7 +374,7 @@ if ($page == 'admins'

 				$ins_data = array(
 					'loginname' => $loginname,
-					'password' => md5($password),
+					'password' => makeCryptPassword($password),
 					'name' => $name,
 					'email' => $email,
 					'lang' => $def_language,
@@ -380,7 +396,9 @@ if ($page == 'admins'
 					'tickets_see_all' => $tickets_see_all,
 					'mysqls' => $mysqls,
 					'ip' => $ipaddress,
-					'theme' => $_theme
+					'theme' => $_theme,
+					'custom_notes' => $custom_notes,
+					'custom_notes_show' => $custom_notes_show
 				);

 				$ins_stmt = Database::prepare("
@@ -408,7 +426,9 @@ if ($page == 'admins'
 					`tickets_see_all` = :tickets_see_all,
 					`mysqls` = :mysqls,
 					`ip` = :ip,
-					`theme` = :theme
+					`theme` = :theme,
+					`custom_notes` = :custom_notes,
+					`custom_notes_show` = :custom_notes_show
 				");
 				Database::pexecute($ins_stmt, $ins_data);

@@ -425,19 +445,12 @@ if ($page == 'admins'
 			}

 			$ipaddress = makeoption($lng['admin']['allips'], "-1");
-			$ips = array();
 			$ipsandports_stmt = Database::query("
-				SELECT `id`, `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip`, `port` ASC
+				SELECT `id`, `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "` GROUP BY `ip` ORDER BY `ip` ASC
 			");

 			while ($row = $ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
-				if (filter_var($row['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
-					$row['ip'] = '[' . $row['ip'] . ']';
-				}
-				if (!in_array($row['ip'], $ips)) {
-					$ipaddress.= makeoption($row['ip'], $row['id']);
-					$ips[] = $row['ip'];
-				}
+				$ipaddress.= makeoption($row['ip'], $row['id']);
 			}

 			$customers_ul = makecheckbox('customers_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
@@ -479,6 +492,12 @@ if ($page == 'admins'
 				$name = validate($_POST['name'], 'name');
 				$email = $idna_convert->encode(validate($_POST['email'], 'email'));

+				$custom_notes = validate(str_replace("\r\n", "\n", $_POST['custom_notes']), 'custom_notes', '/^[^\0]*$/');
+				$custom_notes_show = $result['custom_notes_show'];
+				if (isset($_POST['custom_notes_show'])) {
+				    $custom_notes_show = intval_ressource($_POST['custom_notes_show']);
+				}
+
 				if ($result['adminid'] == $userinfo['userid']) {

 					$password = '';
@@ -616,7 +635,7 @@ if ($page == 'admins'
 				} else {
 					if ($password != '') {
 						$password = validatePassword($password);
-						$password = md5($password);
+						$password = makeCryptPassword($password);
 					} else {
 						$password = $result['password'];
 					}
@@ -713,6 +732,8 @@ if ($page == 'admins'
 						'mysqls' => $mysqls,
 						'ip' => $ipaddress,
 						'deactivated' => $deactivated,
+						'custom_notes' => $custom_notes,
+						'custom_notes_show' => $custom_notes_show,
 						'adminid' => $id
 					);

@@ -740,7 +761,9 @@ if ($page == 'admins'
 						`tickets_see_all` = :tickets_see_all,
 						`mysqls` = :mysqls,
 						`ip` = :ip,
-						`deactivated` = :deactivated
+						`deactivated` = :deactivated,
+						`custom_notes` = :custom_notes,
+						`custom_notes_show` = :custom_notes_show
 						WHERE `adminid` = :adminid
 					");
 					Database::pexecute($upd_stmt, $upd_data);
@@ -822,19 +845,12 @@ if ($page == 'admins'
 				}

 				$ipaddress = makeoption($lng['admin']['allips'], "-1", $result['ip']);
-				$ips = array();
 				$ipsandports_stmt = Database::query("
-					SELECT `id`, `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip`, `port` ASC
+					SELECT `id`, `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "` GROUP BY `ip` ORDER BY `ip`, `port` ASC
 				");

 				while ($row = $ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
-					if (filter_var($row['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
-						$row['ip'] = '[' . $row['ip'] . ']';
-					}
-					if (!in_array($row['ip'], $ips)) {
-						$ipaddress.= makeoption($row['ip'], $row['id'], $result['ip']);
-						$ips[] = $row['ip'];
-					}
+					$ipaddress.= makeoption($row['ip'], $row['id'], $result['ip']);
 				}

 				$result = htmlentities_array($result);
--- a/admin_apcuinfo.php
+++ b/admin_apcuinfo.php
@@ -0,0 +1,415 @@
+<?php
+
+/*
+  +----------------------------------------------------------------------+
+  | APC                                                                  |
+  +----------------------------------------------------------------------+
+  | Copyright (c) 2006-2011 The PHP Group                                |
+  +----------------------------------------------------------------------+
+  | This source file is subject to version 3.01 of the PHP license,      |
+  | that is bundled with this package in the file LICENSE, and is        |
+  | available through the world-wide-web at the following url:           |
+  | http://www.php.net/license/3_01.txt                                  |
+  | If you did not receive a copy of the PHP license and are unable to   |
+  | obtain it through the world-wide-web, please send a note to          |
+  | license@php.net so we can mail you a copy immediately.               |
+  +----------------------------------------------------------------------+
+  | Authors: Ralf Becker <beckerr@php.net>                               |
+  |          Rasmus Lerdorf <rasmus@php.net>                             |
+  |          Ilia Alshanetsky <ilia@prohost.org>                         |
+  +----------------------------------------------------------------------+
+
+   All other licensing and usage conditions are those of the PHP Group.
+
+   Based on https://github.com/krakjoe/apcu/blob/master/apc.php
+   Implemented into Froxlor: Janos Muzsi <muzsij@hypernics.hu>
+
+ */
+
+define('AREA', 'admin');
+require './lib/init.php';
+
+
+$horizontal_bar_size = 950; // 1280px window width
+
+if ($action == 'delete' &&
+        function_exists('apcu_clear_cache') &&
+        $userinfo['change_serversettings'] == '1'
+) {
+    apcu_clear_cache();
+    $log->logAction(ADM_ACTION, LOG_INFO, "cleared APCu cache");
+    header('Location: ' . $linker->getLink(array('section' => 'apcuinfo', 'page' => 'showinfo')));
+    exit();
+}
+
+if (!function_exists('apcu_cache_info') ||
+        !function_exists('apcu_sma_info')
+) {
+    standard_error($lng['error']['no_apcuinfo']);
+}
+
+if ($page == 'showinfo'
+) {
+    $cache = apcu_cache_info();
+    $mem = apcu_sma_info();
+    $time = time();
+    $log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_apcuinfo");
+
+    $passtime = $time - $cache['start_time'] > 0 ? $time - $cache['start_time'] : 1; // zero division
+    $mem_size = $mem['num_seg'] * $mem['seg_size'];
+    $mem_avail = $mem['avail_mem'];
+    $mem_used = $mem_size - $mem_avail;
+    $seg_size = bsize($mem['seg_size']);
+    $sharedmem = sprintf($lng['apcuinfo']['sharedmemval'], $mem['num_seg'], $seg_size, $cache['memory_type']);
+    $req_rate_user = sprintf("%.2f", $cache['num_hits'] ? (($cache['num_hits'] + $cache['num_misses']) / $passtime) : 0);
+    $hit_rate_user = sprintf("%.2f", $cache['num_hits'] ? (($cache['num_hits']) / $passtime) : 0);
+    $miss_rate_user = sprintf("%.2f", $cache['num_misses'] ? (($cache['num_misses']) / $passtime) : 0);
+    $insert_rate_user = sprintf("%.2f", $cache['num_inserts'] ? (($cache['num_inserts']) / $passtime) : 0);
+    $apcversion = phpversion('apcu');
+    $phpversion = phpversion();
+    $number_vars = $cache['num_entries'];
+    $starttime = date('Y-m-d H:i:s', $cache['start_time']);
+    $uptime_duration = duration($cache['start_time']);
+    $size_vars = bsize($cache['mem_size']);
+
+    // check for possible empty values that are used in the templates
+    if (!isset($cache['file_upload_progress'])) {
+        $cache['file_upload_progress'] = $lng['logger']['unknown'];
+    }
+
+    if (!isset($cache['num_expunges'])) {
+        $cache['num_expunges'] = $lng['logger']['unknown'];
+    }
+
+    $runtimelines = '';
+    foreach (ini_get_all('apcu') as $name => $v) {
+        $value = $v['local_value'];
+        eval("\$runtimelines.=\"" . getTemplate("settings/apcuinfo/runtime_line") . "\";");
+    }
+
+    $freemem = bsize($mem_avail) . sprintf(" (%.1f%%)", $mem_avail * 100 / $mem_size);
+    $usedmem = bsize($mem_used) . sprintf(" (%.1f%%)", $mem_used * 100 / $mem_size);
+    $hits = $cache['num_hits'] . @sprintf(" (%.1f%%)", $cache['num_hits'] * 100 / ($cache['num_hits'] + $cache['num_misses']));
+    $misses = $cache['num_misses'] . @sprintf(" (%.1f%%)", $cache['num_misses'] * 100 / ($cache['num_hits'] + $cache['num_misses']));
+
+    // Fragementation: (freeseg - 1) / total_seg
+    $nseg = $freeseg = $fragsize = $freetotal = 0;
+    for ($i = 0; $i < $mem['num_seg']; $i++) {
+        $ptr = 0;
+        foreach ($mem['block_lists'][$i] as $block) {
+            if ($block['offset'] != $ptr) {
+                ++$nseg;
+            }
+            $ptr = $block['offset'] + $block['size'];
+            /* Only consider blocks <5M for the fragmentation % */
+            if ($block['size'] < (5 * 1024 * 1024))
+                $fragsize+=$block['size'];
+            $freetotal+=$block['size'];
+        }
+        $freeseg += count($mem['block_lists'][$i]);
+    }
+
+    if ($freeseg > 1) {
+        $frag = sprintf("%.2f%% (%s out of %s in %d fragments)", ($fragsize / $freetotal) * 100, bsize($fragsize), bsize($freetotal), $freeseg);
+    } else {
+        $frag = "0%";
+    }
+
+    foreach (ini_get_all('apcu') as $name => $v) {
+        $value = $v['local_value'];
+    }
+
+    $img_src1 = '';
+    $img_src2 = '';
+    $img_src3 = '';
+    if (graphics_avail()) {
+        $img_src = $linker->getLink(array('section' => 'apcuinfo', 'page' => 'img1', 'action' => mt_rand(0, 1000000)));
+        eval("\$img_src1=\"" . getTemplate("settings/apcuinfo/img_line") . "\";");
+        $img_src = $linker->getLink(array('section' => 'apcuinfo', 'page' => 'img2', 'action' => mt_rand(0, 1000000)));
+        eval("\$img_src2=\"" . getTemplate("settings/apcuinfo/img_line") . "\";");
+        $img_src = $linker->getLink(array('section' => 'apcuinfo', 'page' => 'img3', 'action' => mt_rand(0, 1000000)));
+        eval("\$img_src3=\"" . getTemplate("settings/apcuinfo/img_line") . "\";");
+    }
+
+    eval("echo \"" . getTemplate("settings/apcuinfo/showinfo") . "\";");
+    
+} elseif ($page == 'img1'
+) {
+
+    $mem = apcu_sma_info();
+
+    $size = 460;
+    $image = imagecreate($size + 5, $size + 5);
+
+    $col_white = imagecolorallocate($image, 0xFF, 0xFF, 0xFF);
+    $col_red = imagecolorallocate($image, 0xD0, 0x60, 0x30);
+    $col_green = imagecolorallocate($image, 0x60, 0xF0, 0x60);
+    $col_black = imagecolorallocate($image, 0, 0, 0);
+
+    imagecolortransparent($image, $col_white);
+
+    $s = $mem['num_seg'] * $mem['seg_size'];
+    $a = $mem['avail_mem'];
+    $x = $y = $size / 2;
+    $fuzz = 0.000001;
+
+    // This block of code creates the pie chart.  It is a lot more complex than you
+    // would expect because we try to visualize any memory fragmentation as well.
+    $angle_from = 0;
+    $string_placement = array();
+    for ($i = 0; $i < $mem['num_seg']; $i++) {
+        $ptr = 0;
+        $free = $mem['block_lists'][$i];
+        uasort($free, 'block_sort');
+        foreach ($free as $block) {
+            if ($block['offset'] != $ptr) {       // Used block
+                $angle_to = $angle_from + ($block['offset'] - $ptr) / $s;
+                if (($angle_to + $fuzz) > 1)
+                    $angle_to = 1;
+                if (($angle_to * 360) - ($angle_from * 360) >= 1) {
+                    fill_arc($image, $x, $y, $size, $angle_from * 360, $angle_to * 360, $col_black, $col_red);
+                    if (($angle_to - $angle_from) > 0.05) {
+                        array_push($string_placement, array($angle_from, $angle_to));
+                    }
+                }
+                $angle_from = $angle_to;
+            }
+            $angle_to = $angle_from + ($block['size']) / $s;
+            if (($angle_to + $fuzz) > 1)
+                $angle_to = 1;
+            if (($angle_to * 360) - ($angle_from * 360) >= 1) {
+                fill_arc($image, $x, $y, $size, $angle_from * 360, $angle_to * 360, $col_black, $col_green);
+                if (($angle_to - $angle_from) > 0.05) {
+                    array_push($string_placement, array($angle_from, $angle_to));
+                }
+            }
+            $angle_from = $angle_to;
+            $ptr = $block['offset'] + $block['size'];
+        }
+        if ($ptr < $mem['seg_size']) { // memory at the end
+            $angle_to = $angle_from + ($mem['seg_size'] - $ptr) / $s;
+            if (($angle_to + $fuzz) > 1)
+                $angle_to = 1;
+            fill_arc($image, $x, $y, $size, $angle_from * 360, $angle_to * 360, $col_black, $col_red);
+            if (($angle_to - $angle_from) > 0.05) {
+                array_push($string_placement, array($angle_from, $angle_to));
+            }
+        }
+    }
+    foreach ($string_placement as $angle) {
+        text_arc($image, $x, $y, $size, $angle[0] * 360, $angle[1] * 360, $col_black, bsize($s * ($angle[1] - $angle[0])));
+    }
+
+    header("Content-type: image/png");
+    imagepng($image);
+    exit;
+} elseif ($page == 'img2'
+) {
+
+    $cache = apcu_cache_info();
+
+    $size = $horizontal_bar_size;
+    $image = imagecreate($size + 5, 140);
+
+    $col_white = imagecolorallocate($image, 0xFF, 0xFF, 0xFF);
+    $col_red = imagecolorallocate($image, 0xD0, 0x60, 0x30);
+    $col_green = imagecolorallocate($image, 0x60, 0xF0, 0x60);
+    $col_black = imagecolorallocate($image, 0, 0, 0);
+
+    imagecolortransparent($image, $col_white);
+
+    $s = $cache['num_hits'] + $cache['num_misses'];
+    $a = $cache['num_hits'];
+
+    fill_box($image, 1, 10, $s ? ($a * ($size - 21) / $s) : $size, 50, $col_black, $col_green/* , sprintf("%.1f%%", $s ? $cache['num_hits'] * 100 / $s : 0) */);
+    fill_box($image, 1, 80, $s ? max(4, ($s - $a) * ($size - 21) / $s) : $size, 50, $col_black, $col_red/* , sprintf("%.1f%%", $s ? $cache['num_misses'] * 100 / $s : 0) */);
+
+    header("Content-type: image/png");
+    imagepng($image);
+    exit;
+} elseif ($page == 'img3'
+) {
+
+    $mem = apcu_sma_info();
+
+    $size = $horizontal_bar_size;
+    $image = imagecreate($size, 70);
+
+    $col_white = imagecolorallocate($image, 0xFF, 0xFF, 0xFF);
+    $col_red = imagecolorallocate($image, 0xD0, 0x60, 0x30);
+    $col_green = imagecolorallocate($image, 0x60, 0xF0, 0x60);
+    $col_black = imagecolorallocate($image, 0, 0, 0);
+
+    imagecolortransparent($image, $col_white);
+
+    $s = $mem['num_seg'] * $mem['seg_size'];
+    $a = $mem['avail_mem'];
+    $x = 10;
+    $y = 0;
+
+    // This block of code creates the bar chart.  It is a lot more complex than you
+    // would expect because we try to visualize any memory fragmentation as well.
+    for ($i = 0; $i < $mem['num_seg']; $i++) {
+        $ptr = 0;
+        $free = $mem['block_lists'][$i];
+        uasort($free, 'block_sort');
+        foreach ($free as $block) {
+            if ($block['offset'] != $ptr) {       // Used block
+                $h = ($size - 5) * ($block['offset'] - $ptr) / $s;
+                if ($h > 0) {
+                    fill_box($image, $y, $x, $h, 50, $col_black, $col_red);
+                }
+                $y+=$h;
+            }
+            $h = ($size - 5) * ($block['size']) / $s;
+            if ($h > 0) {
+                fill_box($image, $y, $x, $h, 50, $col_black, $col_green);
+            }
+            $y+=$h;
+            $ptr = $block['offset'] + $block['size'];
+        }
+        if ($ptr < $mem['seg_size']) { // memory at the end
+            $h = ($size - 5) * ($mem['seg_size'] - $ptr) / $s;
+            if ($h > 0) {
+                fill_box($image, $y, $x, $h, 50, $col_black, $col_red, bsize($mem['seg_size'] - $ptr), $j++);
+            }
+        }
+    }
+
+    header("Content-type: image/png");
+    imagepng($image);
+    exit;
+}
+
+function graphics_avail() {
+    return extension_loaded('gd');
+}
+
+// pretty printer for byte values
+//
+function bsize($s) {
+    foreach (array('', 'K', 'M', 'G') as $i => $k) {
+        if ($s < 1024)
+            break;
+        $s/=1024;
+    }
+    return sprintf("%5.1f %sBytes", $s, $k);
+}
+
+function duration($ts) {
+    global $time;
+    $years = (int) ((($time - $ts) / (7 * 86400)) / 52.177457);
+    $rem = (int) (($time - $ts) - ($years * 52.177457 * 7 * 86400));
+    $weeks = (int) (($rem) / (7 * 86400));
+    $days = (int) (($rem) / 86400) - $weeks * 7;
+    $hours = (int) (($rem) / 3600) - $days * 24 - $weeks * 7 * 24;
+    $mins = (int) (($rem) / 60) - $hours * 60 - $days * 24 * 60 - $weeks * 7 * 24 * 60;
+    $str = '';
+    if ($years == 1)
+        $str .= "$years year, ";
+    if ($years > 1)
+        $str .= "$years years, ";
+    if ($weeks == 1)
+        $str .= "$weeks week, ";
+    if ($weeks > 1)
+        $str .= "$weeks weeks, ";
+    if ($days == 1)
+        $str .= "$days day,";
+    if ($days > 1)
+        $str .= "$days days,";
+    if ($hours == 1)
+        $str .= " $hours hour and";
+    if ($hours > 1)
+        $str .= " $hours hours and";
+    if ($mins == 1)
+        $str .= " 1 minute";
+    else
+        $str .= " $mins minutes";
+    return $str;
+}
+
+function block_sort($array1, $array2) {
+    if ($array1['offset'] > $array2['offset']) {
+        return 1;
+    } else {
+        return -1;
+    }
+}
+
+function fill_arc($im, $centerX, $centerY, $diameter, $start, $end, $color1, $color2, $text = '', $placeindex = 0) {
+    $r = $diameter / 2;
+    $w = deg2rad((360 + $start + ($end - $start) / 2) % 360);
+
+
+    if (function_exists("imagefilledarc")) {
+        // exists only if GD 2.0.1 is available
+        imagefilledarc($im, $centerX + 1, $centerY + 1, $diameter, $diameter, $start, $end, $color1, IMG_ARC_PIE);
+        imagefilledarc($im, $centerX, $centerY, $diameter, $diameter, $start, $end, $color2, IMG_ARC_PIE);
+        imagefilledarc($im, $centerX, $centerY, $diameter, $diameter, $start, $end, $color1, IMG_ARC_NOFILL | IMG_ARC_EDGED);
+    } else {
+        imagearc($im, $centerX, $centerY, $diameter, $diameter, $start, $end, $color2);
+        imageline($im, $centerX, $centerY, $centerX + cos(deg2rad($start)) * $r, $centerY + sin(deg2rad($start)) * $r, $color2);
+        imageline($im, $centerX, $centerY, $centerX + cos(deg2rad($start + 1)) * $r, $centerY + sin(deg2rad($start)) * $r, $color2);
+        imageline($im, $centerX, $centerY, $centerX + cos(deg2rad($end - 1)) * $r, $centerY + sin(deg2rad($end)) * $r, $color2);
+        imageline($im, $centerX, $centerY, $centerX + cos(deg2rad($end)) * $r, $centerY + sin(deg2rad($end)) * $r, $color2);
+        imagefill($im, $centerX + $r * cos($w) / 2, $centerY + $r * sin($w) / 2, $color2);
+    }
+    if ($text) {
+        if ($placeindex > 0) {
+            imageline($im, $centerX + $r * cos($w) / 2, $centerY + $r * sin($w) / 2, $diameter, $placeindex * 12, $color1);
+            imagestring($im, 4, $diameter, $placeindex * 12, $text, $color1);
+        } else {
+            imagestring($im, 4, $centerX + $r * cos($w) / 2, $centerY + $r * sin($w) / 2, $text, $color1);
+        }
+    }
+}
+
+function text_arc($im, $centerX, $centerY, $diameter, $start, $end, $color1, $text, $placeindex = 0) {
+    $r = $diameter / 2;
+    $w = deg2rad((360 + $start + ($end - $start) / 2) % 360);
+
+    if ($placeindex > 0) {
+        imageline($im, $centerX + $r * cos($w) / 2, $centerY + $r * sin($w) / 2, $diameter, $placeindex * 12, $color1);
+        imagestring($im, 4, $diameter, $placeindex * 12, $text, $color1);
+    } else {
+        imagestring($im, 4, $centerX + $r * cos($w) / 2, $centerY + $r * sin($w) / 2, $text, $color1);
+    }
+}
+
+function fill_box($im, $x, $y, $w, $h, $color1, $color2, $text = '', $placeindex = '') {
+    global $col_black;
+    $x1 = $x + $w - 1;
+    $y1 = $y + $h - 1;
+
+    imagerectangle($im, $x, $y1, $x1 + 1, $y + 1, $col_black);
+    if ($y1 > $y)
+        imagefilledrectangle($im, $x, $y, $x1, $y1, $color2);
+    else
+        imagefilledrectangle($im, $x, $y1, $x1, $y, $color2);
+    imagerectangle($im, $x, $y1, $x1, $y, $color1);
+    if ($text) {
+        if ($placeindex > 0) {
+
+            if ($placeindex < 16) {
+                $px = 5;
+                $py = $placeindex * 12 + 6;
+                imagefilledrectangle($im, $px + 90, $py + 3, $px + 90 - 4, $py - 3, $color2);
+                imageline($im, $x, $y + $h / 2, $px + 90, $py, $color2);
+                imagestring($im, 2, $px, $py - 6, $text, $color1);
+            } else {
+                if ($placeindex < 31) {
+                    $px = $x + 40 * 2;
+                    $py = ($placeindex - 15) * 12 + 6;
+                } else {
+                    $px = $x + 40 * 2 + 100 * intval(($placeindex - 15) / 15);
+                    $py = ($placeindex % 15) * 12 + 6;
+                }
+                imagefilledrectangle($im, $px, $py + 3, $px - 4, $py - 3, $color2);
+                imageline($im, $x + $w, $y + $h / 2, $px, $py, $color2);
+                imagestring($im, 2, $px + 2, $py - 6, $text, $color1);
+            }
+        } else {
+            imagestring($im, 4, $x + 5, $y1 - 16, $text, $color1);
+        }
+    }
+}
--- a/admin_autoupdate.php
+++ b/admin_autoupdate.php
@@ -0,0 +1,209 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <mkaufmann@nutime.de>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Frontend
+ *
+ * @since      0.9.35
+ *
+ */
+
+define('AREA', 'admin');
+require './lib/init.php';
+
+// define update-uri
+define('UPDATE_URI', "https://version.froxlor.org/Froxlor/legacy/" . $version);
+define('RELEASE_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip");
+define('CHECKSUM_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip.sha256");
+
+// check for allow_url_fopen
+if (ini_get('allow_url_fopen') === false) {
+	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 1));
+}
+
+// check for archive-stuff
+if (function_exists('gzopen') === false) {
+	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 2));
+}
+
+// display initial version check
+if ($page == 'overview') {
+
+	// log our actions
+	$log->logAction(ADM_ACTION, LOG_NOTICE, "checking auto-update");
+
+	// check for new version
+	$latestversion = @file(UPDATE_URI);
+
+	if (isset($latestversion[0])) {
+		$latestversion = explode('|', $latestversion[0]);
+
+		if (is_array($latestversion)
+				&& count($latestversion) >= 1
+		) {
+			$_version = $latestversion[0];
+			$_message = isset($latestversion[1]) ? $latestversion[1] : '';
+			$_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
+
+			// add the branding so debian guys are not gettings confused
+			// about their version-number
+			$version_label = $_version.$branding;
+			$version_link = $_link;
+			$message_addinfo = $_message;
+
+			// not numeric -> error-message
+			if (!preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) {
+				// check for customized version to not output
+				// "There is a newer version of froxlor" besides the error-message
+				redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 3));
+			} elseif (version_compare2($version, $_version) == -1) {
+				// there is a newer version - yay
+				$isnewerversion = 1;
+			} else {
+				// nothing new
+				$isnewerversion = 0;
+			}
+
+			// anzeige über version-status mit ggfls. formular
+			// zum update schritt #1 -> download
+			if ($isnewerversion == 1) {
+				$text = 'There is a newer version available. Update to version <b>'.$_version.'</b> now?<br/>(Your current version is: '.$version.')';
+				$hiddenparams = '<input type="hidden" name="newversion" value="'.$_version.'" />';
+				$yesfile = $filename.'?s='.$s.'&amp;page=getdownload';
+				eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";");
+				exit;
+			}
+			elseif ($isnewerversion == 0) {
+				// all good
+			    standard_success ('noupdatesavail');
+			} else {
+				standard_error ('customized_version');
+			}
+		}
+	}
+	// error (something weird came from version.froxlor.org)
+	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 5));
+}
+// download the new archive
+elseif ($page == 'getdownload') {
+
+	// retrieve the new version from the form
+	$newversion = isset($_POST['newversion']) ? $_POST['newversion'] : null;
+
+	// valid?
+	if ($newversion !== null) {
+
+		// define files to get
+		$toLoad = str_replace('{version}', $newversion, RELEASE_URI);
+		$toCheck = str_replace('{version}', $newversion, CHECKSUM_URI);
+
+		// get archive data
+		$newArchive = @file_get_contents($toLoad);
+
+		// check for local destination folder
+		if (!is_dir(FROXLOR_INSTALL_DIR.'/updates/')) {
+			mkdir(FROXLOR_INSTALL_DIR.'/updates/');
+		}
+
+		// name archive
+		$localArchive = FROXLOR_INSTALL_DIR.'/updates/'.basename($toLoad);
+
+		$log->logAction(ADM_ACTION, LOG_NOTICE, "Downloading ".$toLoad." to ".$localArchive);
+
+		// remove old archive
+		if (file_exists($localArchive)) {
+		    @unlink($localArchive);
+		}
+
+		// store archive
+		$fh = fopen($localArchive, 'w');
+		if (!fwrite($fh, $newArchive)) {
+			redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 4));
+		}
+
+		// close file-handle
+		fclose($fh);
+
+		// validate the integrity of the downloaded file
+		$_shouldsum = @file_get_contents($toCheck);
+		if (!empty($_shouldsum)) {
+		    $_t = explode(" ", $_shouldsum);
+		    $shouldsum = $_t[0];
+		} else {
+		    $shouldsum = null;
+		}
+		$filesum = hash_file('sha256', $localArchive);
+
+		if ($filesum != $shouldsum) {
+		    redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 9));
+		}
+
+		// to the next step
+		redirectTo($filename, array('s' => $s, 'page' => 'extract', 'archive' => basename($localArchive)));
+	}
+	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 6));
+}
+// extract and install new version
+elseif ($page == 'extract') {
+
+	$toExtract = isset($_GET['archive']) ? $_GET['archive'] : null;
+	$localArchive = FROXLOR_INSTALL_DIR.'/updates/'.$toExtract;
+
+	if (isset($_POST['send'])
+			&& $_POST['send'] == 'send'
+	) {
+		// decompress from zip
+		$zip = new ZipArchive;
+		$res = $zip->open($localArchive);
+		if ($res === true) {
+		    $log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting ".$localArchive." to ".dirname(FROXLOR_INSTALL_DIR));
+			$zip->extractTo(dirname(FROXLOR_INSTALL_DIR));
+			$zip->close();
+			// success - remove unused archive
+			@unlink($localArchive);
+		} else {
+			// error
+			redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 8));
+		}
+
+		// redirect to update-page?
+		redirectTo('admin_updates.php', array('s' => $s));
+	}
+
+	if (!file_exists($localArchive)) {
+		redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 7));
+	}
+
+	$text = 'Extract downloaded archive "'.$toExtract.'"?';
+	$hiddenparams = '';
+	$yesfile = $filename.'?s='.$s.'&amp;page=extract&amp;archive='.$toExtract;
+	eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";");
+}
+
+// display error
+elseif ($page == 'error') {
+
+	// retrieve error-number via url-parameter
+	$errno = isset($_GET['errno']) ? (int)$_GET['errno'] : 0;
+
+	// 1 = no allow_url_fopen
+	// 2 = no Zlib
+	// 3 = custom version detected
+	// 4 = could not store archive to local hdd
+	// 5 = some weird value came from version.froxlor.org
+	// 6 = download without valid version
+	// 7 = local archive does not exist
+	// 8 = could not extract archive
+	// 9 = checksum mismatch
+	standard_error ('autoupdate_'.$errno);
+}
--- a/admin_configfiles.php
+++ b/admin_configfiles.php
@@ -2,7 +2,6 @@

 /**
 * This file is part of the Froxlor project.
- * Copyright (c) 2003-2009 the SysCP Team (see authors).
 * Copyright (c) 2010 the Froxlor Team (see authors).
 *
 * For the full copyright and license information, please view the COPYING
@@ -10,174 +9,219 @@
 * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
 *
 * @copyright  (c) the authors
- * @author     Florian Lippert <flo@syscp.org> (2003-2009)
 * @author     Froxlor team <team@froxlor.org> (2010-)
 * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
 * @package    Panel
 *
+ * @since 0.9.34
 */
-
 define('AREA', 'admin');
-$need_db_sql_data = true;
 require './lib/init.php';
-require './lib/configfiles_index.inc.php';

-$distribution = '';
-$distributions_select = '';
-$service = '';
-$services_select = '';
-$daemon = '';
-$daemons_select = '';
+if ($userinfo['change_serversettings'] == '1') {

-if($userinfo['change_serversettings'] == '1')
-{
-	if(isset($_GET['distribution'])
-	   && $_GET['distribution'] != ''
-	   && isset($configfiles[$_GET['distribution']])
-	   && is_array($configfiles[$_GET['distribution']]))
+	$customer_tmpdir = '/tmp/';
+	if (Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_tmpdir') != '')
 	{
-		$distribution = $_GET['distribution'];
+		$customer_tmpdir = Settings::Get('system.mod_fcgid_tmpdir');
+	}
+	elseif (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.tmpdir') != '')
+	{
+		$customer_tmpdir = Settings::Get('phpfpm.tmpdir');
+	}

-		if(isset($_GET['service'])
-		   && $_GET['service'] != ''
-		   && isset($configfiles[$distribution]['services'][$_GET['service']])
-		   && is_array($configfiles[$distribution]['services'][$_GET['service']]))
-		{
-			$service = $_GET['service'];
+	$replace_arr = Array(
+		'<SQL_UNPRIVILEGED_USER>' => $sql['user'],
+		'<SQL_UNPRIVILEGED_PASSWORD>' => 'MYSQL_PASSWORD',
+		'<SQL_DB>' => $sql['db'],
+		'<SQL_HOST>' => $sql['host'],
+		'<SQL_SOCKET>' => isset($sql['socket']) ? $sql['socket'] : null,
+		'<SERVERNAME>' => Settings::Get('system.hostname'),
+		'<SERVERIP>' => Settings::Get('system.ipaddress'),
+		'<NAMESERVERS>' => Settings::Get('system.nameservers'),
+		'<VIRTUAL_MAILBOX_BASE>' => Settings::Get('system.vmail_homedir'),
+		'<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
+		'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),
+		'<SSLPROTOCOLS>' => (Settings::Get('system.use_ssl') == '1') ? 'imaps pop3s' : '',
+		'<CUSTOMER_TMP>' => makeCorrectDir($customer_tmpdir),
+		'<BASE_PATH>' => makeCorrectDir(FROXLOR_INSTALL_DIR),
+		'<BIND_CONFIG_PATH>' => makeCorrectDir(Settings::Get('system.bindconf_directory')),
+		'<WEBSERVER_RELOAD_CMD>' => Settings::Get('system.apachereload_command'),
+		'<CUSTOMER_LOGS>' => makeCorrectDir(Settings::Get('system.logfiles_directory')),
+		'<FPM_IPCDIR>' => makeCorrectDir(Settings::Get('phpfpm.fastcgi_ipcdir')),
+		'<WEBSERVER_GROUP>' => Settings::Get('system.httpgroup')
+	);

-			if(isset($_GET['daemon'])
-			   && $_GET['daemon'] != ''
-			   && isset($configfiles[$distribution]['services'][$service]['daemons'][$_GET['daemon']])
-			   && is_array($configfiles[$distribution]['services'][$service]['daemons'][$_GET['daemon']]))
-			{
-				$daemon = $_GET['daemon'];
-			}
-			else
-			{
-				foreach($configfiles[$distribution]['services'][$service]['daemons'] as $daemon_name => $daemon_details)
-				{
-					$daemons_select.= makeoption($daemon_details['label'], $daemon_name);
+	// get distro from URL param
+	$distribution = (isset($_GET['distribution']) && $_GET['distribution'] != 'choose') ? $_GET['distribution'] : "";
+	$service = (isset($_GET['service']) && $_GET['service'] != 'choose') ? $_GET['service'] : "";
+	$daemon = (isset($_GET['daemon']) && $_GET['daemon'] != 'choose') ? $_GET['daemon'] : "";
+	$distributions_select = "";
+	$services_select = "";
+	$daemons_select = "";
+
+	$configfiles = "";
+	$services = "";
+	$daemons = "";
+
+	$config_dir = makeCorrectDir(FROXLOR_INSTALL_DIR . '/lib/configfiles/');
+
+	if ($distribution != "") {
+		// create configparser object
+		$configfiles = new ConfigParser($config_dir . '/' . $distribution . ".xml");
+
+		// get distro-info
+		$dist_display = getCompleteDistroName($configfiles);
+
+		// get all the services from the distro
+		$services = $configfiles->getServices();
+
+		if ($service != "") {
+
+			$daemons = $services[$service]->getDaemons();
+
+			if ($daemon == "") {
+				foreach ($daemons as $di => $dd) {
+					$title = $dd->title;
+					if ($dd->default) {
+						$title = $title . " (" . strtolower($lng['panel']['default']) . ")";
+					}
+					$daemons_select .= makeoption($title, $di);
 				}
 			}
-		}
-		else
-		{
-			foreach($configfiles[$distribution]['services'] as $service_name => $service_details)
-			{
-				$services_select.= makeoption($service_details['label'], $service_name);
+		} else {
+			foreach ($services as $si => $sd) {
+				$services_select .= makeoption($sd->title, $si);
 			}
 		}
-	}
-	else
-	{
-		foreach($configfiles as $distribution_name => $distribution_details)
-		{
-			$distributions_select.= makeoption($distribution_details['label'], $distribution_name);
+	} else {
+
+		// show list of available distro's
+		$distros = glob($config_dir . '*.xml');
+		// tmp array
+		$distributions_select_data = array();
+		// read in all the distros
+		foreach ($distros as $_distribution) {
+			// get configparser object
+			$dist = new ConfigParser($_distribution);
+			// get distro-info
+			$dist_display = getCompleteDistroName($dist);
+			// store in tmp array
+			$distributions_select_data[$dist_display] = str_replace(".xml", "", strtolower(basename($_distribution)));
+		}
+
+		// sort by distribution name
+		ksort($distributions_select_data);
+
+		foreach ($distributions_select_data as $dist_display => $dist_index) {
+			// create select-box-option
+			$distributions_select .= makeoption($dist_display, $dist_index);
 		}
 	}

-	if($distribution != ''
-	   && $service != ''
-	   && $daemon != '')
-	{
-		$replace_arr = Array(
-			'<SQL_UNPRIVILEGED_USER>' => $sql['user'],
-			'<SQL_UNPRIVILEGED_PASSWORD>' => 'MYSQL_PASSWORD',
-			'<SQL_DB>' => $sql['db'],
-			'<SQL_HOST>' => $sql['host'],
-			'<SERVERNAME>' => Settings::Get('system.hostname'),
-			'<SERVERIP>' => Settings::Get('system.ipaddress'),
-			'<NAMESERVERS>' => Settings::Get('system.nameservers'),
-			'<VIRTUAL_MAILBOX_BASE>' => Settings::Get('system.vmail_homedir'),
-			'<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
-			'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),
-			'<SSLPROTOCOLS>' => (Settings::Get('system.use_ssl') == '1') ? 'imaps pop3s' : '',
-			'<CUSTOMER_TMP>' => (Settings::Get('system.mod_fcgid_tmpdir') != '') ? makeCorrectDir(Settings::Get('system.mod_fcgid_tmpdir')) : '/tmp/',
-			'<BASE_PATH>' => makeCorrectDir(FROXLOR_INSTALL_DIR),
-			'<BIND_CONFIG_PATH>' => makeCorrectDir(Settings::Get('system.bindconf_directory')),
-			'<WEBSERVER_RELOAD_CMD>' => Settings::Get('system.apachereload_command'),
-			'<CUSTOMER_LOGS>' => makeCorrectDir(Settings::Get('system.logfiles_directory')),
-			'<FPM_IPCDIR>' => makeCorrectDir(Settings::Get('phpfpm.fastcgi_ipcdir')),
-			'<WEBSERVER_GROUP>' => Settings::Get('system.httpgroup')
-		);
-		$files = '';
+	if ($distribution != "" && $service != "" && $daemon != "") {
+
+		$confarr = $daemons[$daemon]->getConfig();
+
 		$configpage = '';
-		foreach($configfiles[$distribution]['services'][$service]['daemons'][$daemon] as $action => $value)
-		{
-			if(substr($action, 0, 8) == 'commands')
-			{
+
+		$distro_editor = $configfiles->distributionEditor;
+
+		$commands_pre = "";
+		$commands_file = "";
+		$commands_post = "";
+
+		$lasttype = '';
+		$commands = '';
+		foreach ($confarr as $idx => $action) {
+			if ($lasttype != '' && $lasttype != $action['type']) {
+				$commands = trim($commands);
+				$numbrows = count(explode("\n", $commands));
+				eval("\$configpage.=\"" . getTemplate("configfiles/configfiles_commands") . "\";");
+				$lasttype = '';
 				$commands = '';
-
-				if(is_array($value))
-				{
-					$commands = implode("\n", $value);
-					$commands = str_replace("\n\n", "\n", $commands);
-
-					if($commands != '')
-					{
-						eval("\$configpage.=\"" . getTemplate("configfiles/configfiles_commands") . "\";");
-					}
-				}
 			}
-			elseif(substr($action, 0, 5) == 'files')
-			{
-				$files = '';
-
-				if(is_array($value))
-				{
-					while(list($filename, $realname) = each($value))
-					{
-						$file_content = file_get_contents('./templates/misc/configfiles/' . $distribution . '/' . $daemon . '/' . $filename);
-						$file_content = strtr($file_content, $replace_arr);
-						$file_content = htmlspecialchars($file_content);
-						$numbrows = count(explode("\n", $file_content));
-						eval("\$files.=\"" . getTemplate("configfiles/configfiles_file") . "\";");
+			switch ($action['type']) {
+				case "install":
+					$commands .= strtr($action['content'], $replace_arr) . "\n";
+					$lasttype = "install";
+					break;
+				case "command":
+					$commands .= strtr($action['content'], $replace_arr) . "\n";
+					$lasttype = "command";
+					break;
+				case "file":
+					if (array_key_exists('content', $action)) {
+						$commands_file = getFileContentContainer($action['content'], $replace_arr, $action['name'], $distro_editor);
+					} elseif (array_key_exists('subcommands', $action)) {
+						foreach ($action['subcommands'] as $fileaction) {
+							if (array_key_exists('execute', $fileaction) && $fileaction['execute'] == "pre") {
+								$commands_pre .= $fileaction['content'] . "\n";
+							} elseif (array_key_exists('execute', $fileaction) && $fileaction['execute'] == "post") {
+								$commands_post .= $fileaction['content'] . "\n";
+							} elseif ($fileaction['type'] == 'file') {
+								$commands_file = getFileContentContainer($fileaction['content'], $replace_arr, $action['name'], $distro_editor);
+							}
+						}
 					}
-
-					eval("\$configpage.=\"" . getTemplate("configfiles/configfiles_files") . "\";");
-				}
+					$realname = $action['name'];
+					$commands = trim($commands_pre);
+					if ($commands != "") {
+						$numbrows = count(explode("\n", $commands));
+						eval("\$commands_pre=\"" . getTemplate("configfiles/configfiles_commands") . "\";");
+					}
+					$commands = trim($commands_post);
+					if ($commands != "") {
+						$numbrows = count(explode("\n", $commands));
+						eval("\$commands_post=\"" . getTemplate("configfiles/configfiles_commands") . "\";");
+					}
+					eval("\$configpage.=\"" . getTemplate("configfiles/configfiles_subfileblock") . "\";");
+					$commands = '';
+					$commands_pre = '';
+					$commands_post = '';
+					break;
 			}
 		}
-
-		if(isset($configfiles[$distribution]['services'][$service]['daemons'][$daemon]['restart'])
-		   && is_array($configfiles[$distribution]['services'][$service]['daemons'][$daemon]['restart']))
-		{
-			$restart = implode("\n", $configfiles[$distribution]['services'][$service]['daemons'][$daemon]['restart']);
+		$commands = trim($commands);
+		if ($commands != '') {
+			$numbrows = count(explode("\n", $commands));
+			eval("\$configpage.=\"" . getTemplate("configfiles/configfiles_commands") . "\";");
 		}
-		else
-		{
-			$restart = '';
-		}
-
 		eval("echo \"" . getTemplate("configfiles/configfiles") . "\";");
-	}
-	elseif($page == 'overview')
-	{
-		$log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_configfiles");
-		$distributions = '';
-		foreach($configfiles as $distribution_name => $distribution_details)
-		{
-			$services = '';
-			foreach($distribution_details['services'] as $service_name => $service_details)
-			{
-				$daemons = '';
-				foreach($service_details['daemons'] as $daemon_name => $daemon_details)
-				{
-					eval("\$daemons.=\"" . getTemplate("configfiles/choose_daemon") . "\";");
-				}
-
-				eval("\$services.=\"" . getTemplate("configfiles/choose_service") . "\";");
-			}
-
-			eval("\$distributions.=\"" . getTemplate("configfiles/choose_distribution") . "\";");
-		}
-
-		eval("echo \"" . getTemplate("configfiles/choose") . "\";");
-	}
-	else
-	{
+	} else {
 		eval("echo \"" . getTemplate("configfiles/wizard") . "\";");
 	}
+} else {
+	die('not allowed to see this page');
+	// redirect or similar here
 }

-?>
+// helper functions
+function getFileContentContainer($file_content, &$replace_arr, $realname, $distro_editor)
+{
+	$files = "";
+	$file_content = trim($file_content);
+	if ($file_content != '') {
+		$file_content = strtr($file_content, $replace_arr);
+		$file_content = htmlspecialchars($file_content);
+		$numbrows = count(explode("\n", $file_content));
+		eval("\$files=\"" . getTemplate("configfiles/configfiles_file") . "\";");
+	}
+	return $files;
+}
+
+function getCompleteDistroName($cparser)
+{
+	// get distro-info
+	$dist_display = $cparser->distributionName;
+	if ($cparser->distributionCodename != '') {
+		$dist_display .= " " . $cparser->distributionCodename;
+	}
+	if ($cparser->distributionVersion != '') {
+		$dist_display .= " (" . $cparser->distributionVersion . ")";
+	}
+	if ($cparser->deprecated) {
+		$dist_display .= " [deprecated]";
+	}
+	return $dist_display;
+}
--- a/admin_customers.php
+++ b/admin_customers.php
@@ -95,7 +95,7 @@ if ($page == 'customers'
 				 */
 				//For Disk usage
 				if ($row['diskspace'] > 0) {
-					$disk_percent = round(($row['diskspace_used']*100)/$row['diskspace'], 2);
+					$disk_percent = round(($row['diskspace_used']*100)/$row['diskspace'], 0);
 					$disk_doublepercent = round($disk_percent*2, 2);
 				} else {
 					$disk_percent = 0;
@@ -103,7 +103,7 @@ if ($page == 'customers'
 				}

 				if ($row['traffic'] > 0) {
-					$traffic_percent = round(($row['traffic_used']*100)/$row['traffic'], 2);
+					$traffic_percent = round(($row['traffic_used']*100)/$row['traffic'], 0);
 					$traffic_doublepercent = round($traffic_percent*2, 2);
 				} else {
 					$traffic_percent = 0;
@@ -119,6 +119,17 @@ if ($page == 'customers'

 				$row = str_replace_array('-1', 'UL', $row, 'diskspace traffic mysqls emails email_accounts email_forwarders ftps tickets subdomains');
 				$row = htmlentities_array($row);
+
+				// fix progress-bars if value is >100%
+				if ($disk_percent > 100) {
+					$disk_percent = 100;
+				}
+				if ($traffic_percent > 100) {
+					$traffic_percent = 100;
+				}
+
+				$row['custom_notes'] = ($row['custom_notes'] != '') ? nl2br($row['custom_notes']) : '';
+
 				eval("\$customers.=\"" . getTemplate("customers/customers_customer") . "\";");
 				$count++;
 			}
@@ -267,6 +278,15 @@ if ($page == 'customers'
 				Database::pexecute($stmt, array('id' => $id));
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DATABASES . "` WHERE `customerid` = :id");
 				Database::pexecute($stmt, array('id' => $id));
+				// first gather all domain-id's to clean up panel_domaintoip and dns-entries accordingly
+				$did_stmt = Database::prepare("SELECT `id` FROM `".TABLE_PANEL_DOMAINS."` WHERE `customerid` = :id");
+				Database::pexecute($did_stmt, array('id' => $id));
+				while ($row = $did_stmt->fetch(PDO::FETCH_ASSOC)) {
+					$stmt = Database::prepare("DELETE FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :did");
+					Database::pexecute($stmt, array('did' => $row['id']));
+					$stmt = Database::prepare("DELETE FROM `" . TABLE_DOMAIN_DNS . "` WHERE `domain_id` = :did");
+					Database::pexecute($stmt, array('did' => $row['id']));
+				}
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid` = :id");
 				Database::pexecute($stmt, array('id' => $id));
 				$domains_deleted = $stmt->rowCount();
@@ -401,6 +421,12 @@ if ($page == 'customers'
 				$def_language = validate($_POST['def_language'], 'default language');
 				$gender = intval_ressource($_POST['gender']);

+				$custom_notes = validate(str_replace("\r\n", "\n", $_POST['custom_notes']), 'custom_notes', '/^[^\0]*$/');
+				$custom_notes_show = 0;
+				if (isset($_POST['custom_notes_show'])) {
+				    $custom_notes_show = intval_ressource($_POST['custom_notes_show']);
+				}
+
 				$diskspace = intval_ressource($_POST['diskspace']);
 				if (isset($_POST['diskspace_ul'])) {
 					$diskspace = - 1;
@@ -502,6 +528,11 @@ if ($page == 'customers'
 					$perlenabled = intval($_POST['perlenabled']);
 				}

+				$dnsenabled = 0;
+				if (isset($_POST['dnsenabled'])) {
+					$dnsenabled = intval($_POST['dnsenabled']);
+				}
+
 				$store_defaultindex = 0;
 				if (isset($_POST['store_defaultindex'])) {
 					$store_defaultindex = intval($_POST['store_defaultindex']);
@@ -530,7 +561,6 @@ if ($page == 'customers'
 				   || ($subdomains == '-1' && $userinfo['subdomains'] != '-1')
 				) {
 					standard_error('youcantallocatemorethanyouhave');
-					exit;
 				}

 				// Either $name and $firstname or the $company must be inserted
@@ -615,8 +645,12 @@ if ($page == 'customers'
 						$perlenabled = '1';
 					}

+					if ($dnsenabled != '0') {
+						$dnsenabled = '1';
+					}
+
 					if ($password == '') {
-						$password = substr(md5(uniqid(microtime(), 1)), 12, 6);
+						$password = generatePassword();
 					}

 					$_theme = Settings::Get('panel.default_theme');
@@ -624,7 +658,7 @@ if ($page == 'customers'
 					$ins_data = array(
 						'adminid' => $userinfo['adminid'],
 						'loginname' => $loginname,
-						'passwd' => md5($password),
+						'passwd' => makeCryptPassword($password),
 						'name' => $name,
 						'firstname' => $firstname,
 						'gender' => $gender,
@@ -653,7 +687,10 @@ if ($page == 'customers'
 						'imap' => $email_imap,
 						'pop3' => $email_pop3,
 						'perlenabled' => $perlenabled,
-						'theme' => $theme
+						'dnsenabled' => $dnsenabled,
+						'theme' => $_theme,
+						'custom_notes' => $custom_notes,
+						'custom_notes_show' => $custom_notes_show
 					);

 					$ins_stmt = Database::prepare("
@@ -690,7 +727,10 @@ if ($page == 'customers'
 						`imap` = :imap,
 						`pop3` = :pop3,
 						`perlenabled` = :perlenabled,
-						`theme` = :theme"
+						`dnsenabled` = :dnsenabled,
+						`theme` = :theme,
+						`custom_notes` = :custom_notes,
+						`custom_notes_show` = :custom_notes_show"
 					);
 					Database::pexecute($ins_stmt, $ins_data);

@@ -817,7 +857,25 @@ if ($page == 'customers'
 							'guid' => $guid,
 							'members' => $loginname.','.Settings::Get('system.httpuser')
 					);
+
+					// also, add froxlor-local user to ftp-group (if exists!) to
+					// allow access to customer-directories from within the panel, which
+					// is necessary when pathedit = Dropdown
+					if ((int)Settings::Get('system.mod_fcgid_ownvhost') == 1 || (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) {
+						if ((int)Settings::Get('system.mod_fcgid') == 1) {
+							$local_user = Settings::Get('system.mod_fcgid_httpuser');
+						} else {
+							$local_user = Settings::Get('phpfpm.vhost_httpuser');
+						}
+						// check froxlor-local user membership in ftp-group
+						// without this check addition may duplicate user in list if httpuser == local_user
+						if (strpos($ins_data['members'], $local_user) !== false) {
+							$ins_data['members'] .= ','.$local_user;
+						}
+					}
+
 					Database::pexecute($ins_stmt, $ins_data);
+
 					// FTP-Quotatallies
 					$ins_stmt = Database::prepare("
 						INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "` SET `name` = :name, `quota_type` = 'user', `bytes_in_used` = '0',
@@ -850,7 +908,7 @@ if ($page == 'customers'
 							`domain` = :domain,
 							`customerid` = :customerid,
 							`adminid` = :adminid,
-							`parentdomainid` = '-1',
+							`parentdomainid` = '0',
 							`documentroot` = :docroot,
 							`zonefile` = '',
 							`isemaildomain` = '0',
@@ -858,16 +916,22 @@ if ($page == 'customers'
 							`openbasedir` = '1',
 							`speciallogfile` = '0',
 							`specialsettings` = '',
+							`dkim_id` = '0',
+							`dkim_privkey` = '',
+							`dkim_pubkey` = '',
 							`add_date` = :adddate"
 						);
 						Database::pexecute($ins_stmt, $ins_data);
 						$domainid = Database::lastInsertId();

 						// set ip <-> domain connection
+						$defaultips = explode(',', Settings::Get('system.defaultip'));
 						$ins_stmt = Database::prepare("
-							INSERT INTO `".TABLE_DOMAINTOIP."` SET `id_domain` = :domainid, `id_ipandports` = :ipid"
+							  INSERT INTO `" . TABLE_DOMAINTOIP . "` SET `id_domain` = :domainid, `id_ipandports` = :ipid"
 						);
-						Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipid' => Settings::Get('system.defaultip')));
+						foreach ($defaultips as $defaultip) {
+							Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipid' => $defaultip));
+						}

 						$upd_stmt = Database::prepare("
 							UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `standardsubdomain` = :domainid WHERE `customerid` = :customerid"
@@ -888,7 +952,9 @@ if ($page == 'customers'
 							SELECT ip, port FROM `".TABLE_PANEL_IPSANDPORTS."`
 							WHERE `id` = :defaultip
 						");
-						$srv_ip = Database::pexecute_first($srv_ip_stmt, array('defaultip' => Settings::Get('system.defaultip')));
+						$default_ips = Settings::Get('system.defaultip');
+						$default_ips = explode(',', $default_ips);
+						$srv_ip = Database::pexecute_first($srv_ip_stmt, array('defaultip' => reset($default_ips)));

 						$replace_arr = array(
 							'FIRSTNAME' => $firstname,
@@ -990,6 +1056,24 @@ if ($page == 'customers'
 		}
 		$result = Database::pexecute_first($result_stmt, $result_data);

+		/*
+		 * information for moving customer
+		 */
+		$available_admins_stmt = Database::prepare("
+                        SELECT * FROM `" . TABLE_PANEL_ADMINS . "`
+                        WHERE (`customers` = '-1' OR `customers` > `customers_used`)"
+		);
+		Database::pexecute($available_admins_stmt);
+		$admin_select = makeoption("-----", 0, true, true, true);
+		$admin_select_cnt = 0;
+		while ($available_admin = $available_admins_stmt->fetch()) {
+			$admin_select .= makeoption($available_admin['name']." (".$available_admin['loginname'].")", $available_admin['adminid'], null, true, true);
+			$admin_select_cnt++;
+		}
+		/*
+		 * end of moving customer stuff
+		 */
+
 		if ($result['loginname'] != '') {

 			if (isset($_POST['send'])
@@ -1010,6 +1094,14 @@ if ($page == 'customers'
 				$password = validate($_POST['new_customer_password'], 'new password');
 				$gender = intval_ressource($_POST['gender']);

+				$move_to_admin = isset($_POST['move_to_admin']) ? intval_ressource($_POST['move_to_admin']) : 0;
+
+				$custom_notes = validate(str_replace("\r\n", "\n", $_POST['custom_notes']), 'custom_notes', '/^[^\0]*$/');
+				$custom_notes_show = $result['custom_notes_show'];
+				if (isset($_POST['custom_notes_show'])) {
+				    $custom_notes_show = intval_ressource($_POST['custom_notes_show']);
+				}
+
 				$diskspace = intval_ressource($_POST['diskspace']);
 				if (isset($_POST['diskspace_ul'])) {
 					$diskspace = - 1;
@@ -1107,6 +1199,11 @@ if ($page == 'customers'
 					$perlenabled = intval($_POST['perlenabled']);
 				}

+				$dnsenabled = 0;
+				if (isset($_POST['dnsenabled'])) {
+					$dnsenabled = intval($_POST['dnsenabled']);
+				}
+
 				$diskspace = $diskspace * 1024;
 				$traffic = $traffic * 1024 * 1024;

@@ -1130,7 +1227,6 @@ if ($page == 'customers'
 				   || ($subdomains == '-1' && $userinfo['subdomains'] != '-1')
 				) {
 					standard_error('youcantallocatemorethanyouhave');
-					exit;
 				}

 				// Either $name and $firstname or the $company must be inserted
@@ -1150,7 +1246,7 @@ if ($page == 'customers'

 					if ($password != '') {
 						$password = validatePassword($password);
-						$password = md5($password);
+						$password = makeCryptPassword($password);
 					} else {
 						$password = $result['password'];
 					}
@@ -1183,7 +1279,7 @@ if ($page == 'customers'
 							`domain` = :domain,
 							`customerid` = :customerid,
 							`adminid` = :adminid,
-							`parentdomainid` = '-1',
+							`parentdomainid` = '0',
 							`documentroot` = :docroot,
 							`zonefile` = '',
 							`isemaildomain` = '0',
@@ -1197,10 +1293,13 @@ if ($page == 'customers'
 						$domainid = Database::lastInsertId();

 						// set ip <-> domain connection
+						$defaultips = explode(',', Settings::Get('system.defaultip'));
 						$ins_stmt = Database::prepare("
-							INSERT INTO `".TABLE_DOMAINTOIP."` SET `id_domain` = :domainid, `id_ipandports` = :ipid"
+							  INSERT INTO `" . TABLE_DOMAINTOIP . "` SET `id_domain` = :domainid, `id_ipandports` = :ipid"
 						);
-						Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipid' => Settings::Get('system.defaultip')));
+						foreach ($defaultips as $defaultip) {
+							Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipid' => $defaultip));
+						}

 						$upd_stmt = Database::prepare("
 							UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `standardsubdomain` = :domainid WHERE `customerid` = :customerid"
@@ -1236,6 +1335,10 @@ if ($page == 'customers'
 						$perlenabled = '1';
 					}

+					if ($dnsenabled != '0') {
+						$dnsenabled = '1';
+					}
+
 					if ($phpenabled != $result['phpenabled']
 						|| $perlenabled != $result['perlenabled']
 					) {
@@ -1345,7 +1448,10 @@ if ($page == 'customers'
 						'phpenabled' => $phpenabled,
 						'imap' => $email_imap,
 						'pop3' => $email_pop3,
-						'perlenabled' => $perlenabled
+						'perlenabled' => $perlenabled,
+						'dnsenabled' => $dnsenabled,
+						'custom_notes' => $custom_notes,
+						'custom_notes_show' => $custom_notes_show
 					);
 					$upd_stmt = Database::prepare("
 						UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
@@ -1376,7 +1482,10 @@ if ($page == 'customers'
 						`email_quota` = :email_quota,
 						`imap` = :imap,
 						`pop3` = :pop3,
-						`perlenabled` = :perlenabled
+						`perlenabled` = :perlenabled,
+						`dnsenabled` = :dnsenabled,
+						`custom_notes` = :custom_notes,
+						`custom_notes_show` = :custom_notes_show
 						WHERE `customerid` = :customerid"
 					);
 					Database::pexecute($upd_stmt, $upd_data);
@@ -1488,6 +1597,17 @@ if ($page == 'customers'
 					$admin_update_query.= " WHERE `adminid` = '" . (int)$result['adminid'] . "'";
 					Database::query($admin_update_query);
 					$log->logAction(ADM_ACTION, LOG_INFO, "edited user '" . $result['loginname'] . "'");
+
+					/*
+					 * move customer to another admin/reseller; #1166
+					 */
+					if ($move_to_admin > 0 && $move_to_admin != $result['adminid']) {
+						$move_result = moveCustomerToAdmin($id, $move_to_admin);
+						if ($move_result != true) {
+							standard_error('moveofcustomerfailed', $move_result);
+						}
+					}
+
 					$redirect_props = Array(
 						'page' => $page,
 						's' => $s
--- a/admin_domains.php
+++ b/admin_domains.php
--- a/admin_index.php
+++ b/admin_index.php
@@ -42,7 +42,6 @@ if ($action == 'logout')  {
 	Database::pexecute($stmt, $params);

 	redirectTo('index.php');
-	exit;
 }

 if (isset($_POST['id'])) {
@@ -118,13 +117,13 @@ if ($page == 'overview') {
 						$isnewerversion = 0;
 					}
 				} else {
-					redirectTo($update_check_uri.'/pretty', NULL);
+					redirectTo($update_check_uri.'/pretty', NULL, false);
 				}
 			} else {
-				redirectTo($update_check_uri.'/pretty', NULL);
+				redirectTo($update_check_uri.'/pretty', NULL, false);
 			}
 		} else {
-			redirectTo($update_check_uri.'/pretty', NULL);
+			redirectTo($update_check_uri.'/pretty', NULL, false);
 		}
 	} else {
 		$lookfornewversion_lable = $lng['admin']['lookfornewversion']['clickhere'];
@@ -140,6 +139,8 @@ if ($page == 'overview') {
 	$userinfo['traffic_used'] = round($userinfo['traffic_used'] / (1024 * 1024), $dec_places);
 	$userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'customers domains diskspace traffic mysqls emails email_accounts email_forwarders email_quota ftps tickets subdomains');

+	$userinfo['custom_notes'] = ($userinfo['custom_notes'] != '') ? nl2br($userinfo['custom_notes']) : '';
+
 	$cron_last_runs = getCronjobsLastRun();
 	$outstanding_tasks = getOutstandingTasks();

@@ -197,9 +198,8 @@ if ($page == 'overview') {
 	) {
 		$old_password = validate($_POST['old_password'], 'old password');

-		if (md5($old_password) != $userinfo['password']) {
+		if (!validatePasswordLogin($userinfo,$old_password,TABLE_PANEL_ADMINS,'adminid')) {
 			standard_error('oldpasswordnotcorrect');
-			exit;
 		}

 		$new_password = validate($_POST['new_password'], 'new password');
@@ -217,13 +217,11 @@ if ($page == 'overview') {
 			$chgpwd_stmt = Database::prepare("
 				UPDATE `" . TABLE_PANEL_ADMINS . "`
 				SET `password`= :newpasswd
-				WHERE `adminid`= :adminid
-				AND `password`= :oldpasswd"
+				WHERE `adminid`= :adminid"
 			);
 			Database::pexecute($chgpwd_stmt, array(
-				'newpasswd' => md5($new_password),
-				'adminid' => (int)$userinfo['adminid'],
-				'oldpasswd' => md5($old_password)
+				'newpasswd' => makeCryptPassword($new_password),
+				'adminid' => (int)$userinfo['adminid']
 			));
 			$log->logAction(ADM_ACTION, LOG_NOTICE, 'changed password');
 			redirectTo($filename, Array('s' => $s));
--- a/admin_ipsandports.php
+++ b/admin_ipsandports.php
@@ -29,6 +29,10 @@ if (isset($_POST['id'])) {
 if ($page == 'ipsandports'
 	|| $page == 'overview'
 ) {
+	// Do not display attributes that are not used by the current webserver
+	$websrv = Settings::Get('system.webserver');
+	$is_nginx = ($websrv == 'nginx');
+	$is_apache = ($websrv == 'apache2');

 	if ($action == '') {

@@ -79,7 +83,7 @@ if ($page == 'ipsandports'
 			$result_checkdomain = Database::pexecute_first($result_checkdomain_stmt, array('id' => $id));

 			if ($result_checkdomain['id'] == '') {
-				if ($result['id'] != Settings::Get('system.defaultip')) {
+				if (!in_array($result['id'], explode(',', Settings::Get('system.defaultip')))) {

 					$result_sameipotherport_stmt = Database::prepare("
 						SELECT `id` FROM `" . TABLE_PANEL_IPSANDPORTS . "`
@@ -320,7 +324,7 @@ if ($page == 'ipsandports'
 					$ssl_ca_file = '';
 					$ssl_cert_chainfile = '';
 				}
-				
+
 				if ($listen_statement != '1') {
 					$listen_statement = '0';
 				}
@@ -340,7 +344,7 @@ if ($page == 'ipsandports'
 				if ($ssl != '1') {
 					$ssl = '0';
 				}
-				
+
 				if ($ssl_cert_file != '') {
 					$ssl_cert_file = makeCorrectFile($ssl_cert_file);
 				}
@@ -422,7 +426,7 @@ if ($page == 'ipsandports'

 				$ipsandports_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php';
 				$ipsandports_edit_form = htmlform::genHTMLForm($ipsandports_edit_data);
-	
+
 				$title = $ipsandports_edit_data['ipsandports_edit']['title'];
 				$image = $ipsandports_edit_data['ipsandports_edit']['image'];

--- a/admin_logger.php
+++ b/admin_logger.php
@@ -34,7 +34,8 @@ if ($page == 'log'
 		$result_stmt = Database::query('
 			SELECT * FROM `' . TABLE_PANEL_LOG . '` ' . $paging->getSqlWhere(false) . ' ' . $paging->getSqlOrderBy() . ' ' . $paging->getSqlLimit()
 		);
-		$paging->setEntries(Database::num_rows());
+		$logs_count = Database::num_rows();
+		$paging->setEntries($logs_count);
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 		$searchcode = $paging->getHtmlSearchCode($lng);
@@ -100,35 +101,12 @@ if ($page == 'log'
 					}

 					$log_count++;
-					$type = $row['type'];
-					$_type = 'unknown';
-
-					switch ($type) {
-						case LOG_INFO:
-							$_type = 'Information';
-							break;
-						case LOG_NOTICE:
-							$_type = 'Notice';
-							break;
-						case LOG_WARNING:
-							$_type = 'Warning';
-							break;
-						case LOG_ERR:
-							$_type = 'Error';
-							break;
-						case LOG_CRIT:
-							$_type = 'Critical';
-							break;
-						default:
-							$_type = 'Unknown';
-							break;
-					}
-
-					$row['type'] = $_type;
+					$row['type'] = getLogLevelDesc($row['type']);
 					eval("\$log.=\"" . getTemplate('logger/logger_log') . "\";");
 					$count++;
 					$_action = $action;
 				}
+				$i++;
 			}
 			$i++;
 		}
--- a/admin_opcacheinfo.php
+++ b/admin_opcacheinfo.php
@@ -0,0 +1,158 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Janos Muzsi <muzsij@hypernics.hu> (2016)
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Panel
+ *
+ * Based on https://github.com/amnuts/opcache-gui
+ *
+ */
+
+define('AREA', 'admin');
+require './lib/init.php';
+
+
+if ($action == 'reset' &&
+        function_exists('opcache_reset') &&
+        $userinfo['change_serversettings'] == '1'
+) {
+    opcache_reset();
+    $log->logAction(ADM_ACTION, LOG_INFO, "reseted OPcache");
+    header('Location: ' . $linker->getLink(array('section' => 'opcacheinfo', 'page' => 'showinfo')));
+    exit();
+}
+
+if (!function_exists('opcache_get_configuration')
+) {
+    standard_error($lng['error']['no_opcacheinfo']);
+}
+
+if ($page == 'showinfo'
+) {
+    
+    $opcache_info = opcache_get_configuration();
+    $opcache_status = opcache_get_status(false);
+    $time = time();
+    $log->logAction(ADM_ACTION, LOG_NOTICE, "viewed OPcache info");
+    
+    $runtimelines = '';
+    if (isset($opcache_info['directives']) && is_array($opcache_info['directives'])) {
+        foreach ($opcache_info['directives'] as $name => $value) {
+            $linkname=  str_replace('_', '-', $name);
+            if ($name=='opcache.optimization_level' && is_integer($value)) {
+                $value='0x'.dechex($value);
+            }
+            if ($name=='opcache.memory_consumption' && is_integer($value) && $value%(1024*1024)==0) {
+                $value=$value/(1024*1024);
+            }
+            if ($value===null || $value==='') {
+                $value=$lng['opcacheinfo']['novalue'];
+            }
+            if ($value===true) {
+                $value=$lng['opcacheinfo']['true'];
+            }
+            if ($value===false) {
+                $value=$lng['opcacheinfo']['false'];
+            }
+            if (is_integer($value)) {
+                $value=number_format($value,0,'.',' ');
+            }
+            $name=str_replace('_', ' ', $name);
+            eval("\$runtimelines.=\"" . getTemplate("settings/opcacheinfo/runtime_line") . "\";");
+        }
+    }
+    
+    $cachehits=@$opcache_status['opcache_statistics']['hits'] ?: 0;
+    $cachemiss=@$opcache_status['opcache_statistics']['misses'] ?: 0;
+    $blacklistmiss=@$opcache_status['opcache_statistics']['blacklist_misses'] ?: 0;
+    $cachetotal=$cachehits+$cachemiss+$blacklistmiss;
+    
+    $general=array(
+        'version' => (isset($opcache_info['version']['opcache_product_name']) ? $opcache_info['version']['opcache_product_name'].' ' : '').$opcache_info['version']['version'],
+        'phpversion' => phpversion(),
+        'start_time'         => @$opcache_status['opcache_statistics']['start_time'] ? date('Y-m-d H:i:s',$opcache_status['opcache_statistics']['start_time']) : '',
+        'last_restart_time'  => @$opcache_status['opcache_statistics']['last_restart_time'] ? date('Y-m-d H:i:s',$opcache_status['opcache_statistics']['last_restart_time']) : $lng['opcacheinfo']['never'],
+        'oom_restarts' => number_format(@$opcache_status['opcache_statistics']['oom_restarts'] ?: 0,0,'.',' '),
+        'hash_restarts' => number_format(@$opcache_status['opcache_statistics']['hash_restarts'] ?: 0,0,'.',' '),
+        'manual_restarts' => number_format(@$opcache_status['opcache_statistics']['manual_restarts'] ?: 0,0,'.',' '),
+        'status' => (@$opcache_status['restart_in_progress'] ? $lng['opcacheinfo']['restartinprogress'] :
+            (@$opcache_status['restart_pending'] ? $lng['opcacheinfo']['restartpending'] :
+            (@$opcache_status['cache_full'] ? $lng['opcacheinfo']['cachefull'] :
+            (@$opcache_status['opcache_enabled'] ? $lng['opcacheinfo']['enabled'] : $lng['opcacheinfo']['novalue'])))),
+        'cachedscripts' => number_format(@$opcache_status['opcache_statistics']['num_cached_scripts'] ?: 0,0,'.',' '),
+        'cachehits' => number_format($cachehits,0,'.',' ') . ($cachetotal>0 ? sprintf(" (%.1f %%)", $cachehits/($cachetotal)*100) : ''),
+        'cachemiss' => number_format($cachemiss,0,'.',' ') . ($cachetotal>0 ? sprintf(" (%.1f %%)", $cachemiss/($cachetotal)*100) : ''),
+        'blacklistmiss' => number_format($blacklistmiss,0,'.',' ') . ($cachetotal>0 ? sprintf(" (%.1f %%)", $blacklistmiss/($cachetotal)*100) : ''),
+    );
+    
+    $usedmem=@$opcache_status['memory_usage']['used_memory'] ?: 0;
+    $usedmemstr=bsize($usedmem);
+    $freemem=@$opcache_status['memory_usage']['free_memory'] ?: 0;
+    $freememstr=bsize($freemem);
+    $totalmem=$usedmem+$freemem;
+    $wastedmem=@$opcache_status['memory_usage']['wasted_memory'] ?: 0;
+    $wastedmemstr=bsize($wastedmem);
+    if ($totalmem) {
+        $memory=array(
+            'total' => bsize($totalmem),
+            'used' => $usedmemstr . ($totalmem>0 ? sprintf(" (%.1f %%)", $usedmem/($totalmem)*100) : ''),
+            'free' => $freememstr . ($totalmem>0 ? sprintf(" (%.1f %%)", $freemem/($totalmem)*100) : ''),
+            'wasted' => $wastedmemstr . ($totalmem>0 ? sprintf(" (%.1f %%)", $wastedmem/($totalmem)*100) : ''),
+        );
+    }
+    
+    if (isset($opcache_status['interned_strings_usage'])) {
+        $usedstring=@$opcache_status['interned_strings_usage']['used_memory'] ?: 0;
+        $usedstringstr=bsize($usedstring);
+        $freestring=@$opcache_status['interned_strings_usage']['free_memory'] ?: 0;
+        $freestringstr=bsize($freestring);
+        $totalstring=$usedstring+$freestring;
+        $stringbuffer=array(
+            'total' => bsize($totalstring),
+            'used' => $usedstringstr . ($totalstring>0 ? sprintf(" (%.1f %%)", $usedstring/$totalstring*100) : ''),
+            'free' => $freestringstr . ($totalstring>0 ? sprintf(" (%.1f %%)", $freestring/$totalstring*100) : ''),
+            'strcount' => number_format(@$opcache_status['interned_strings_usage']['number_of_strings'] ?: 0,0,'.',' '),
+        );
+    }
+
+    $usedkey=@$opcache_status['opcache_statistics']['num_cached_keys'] ?: 0;
+    $usedkeystr=number_format($usedkey,0,'.',' ');
+    $totalkey=@$opcache_status['opcache_statistics']['max_cached_keys'] ?: 0;
+    $wastedkey=$usedkey - (@$opcache_status['opcache_statistics']['num_cached_scripts'] ?: 0);
+    if (isset($opcache_status['opcache_statistics'])) {
+        $keystat=array(
+            'total' => number_format($totalkey,0,'.',' '),
+            'used' => $usedkeystr . ($totalkey>0 ? sprintf(" (%.1f %%)", $usedkey/($totalkey)*100) : ''),
+            'wasted' => number_format($wastedkey,0,'.',' ') . ($totalkey>0 ? sprintf(" (%.1f %%)", $wastedkey/($totalkey)*100) : ''),
+        );
+    }
+    
+    $blacklistlines = '';
+    if (isset($opcache_info['blacklist']) && is_array($opcache_info['blacklist'])) {
+        foreach ($opcache_info['blacklist'] as $value) {
+            eval("\$blacklistlines.=\"" . getTemplate("settings/opcacheinfo/blacklist_line") . "\";");
+        }
+    }
+    
+    eval("echo \"" . getTemplate("settings/opcacheinfo/showinfo") . "\";");
+    
+}
+
+function bsize($s) {
+    foreach (array('', 'K', 'M', 'G') as $i => $k) {
+        if ($s < 1024)
+            break;
+        $s/=1024;
+    }
+    return sprintf("%5.1f %sBytes", $s, $k);
+}
--- a/admin_phpsettings.php
+++ b/admin_phpsettings.php
@@ -70,9 +70,28 @@ if ($page == 'overview') {
 				while ($row2 = $domainresult_stmt->fetch(PDO::FETCH_ASSOC)) {
 					$domains.= $row2['domain'] . '<br/>';
 				}
-			} else {
+			}
+
+			// check whether we use that config as froxor-vhost config
+			if (Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $row['id']
+				|| Settings::Get('phpfpm.vhost_defaultini') == $row['id']
+			) {
+				$domains .= Settings::Get('system.hostname');
+			}
+
+			if ($domains == '') {
 				$domains = $lng['admin']['phpsettings']['notused'];
 			}
+
+			// check whether this is our default config
+			if ((Settings::Get('system.mod_fcgid') == '1'
+				&& Settings::Get('system.mod_fcgid_defaultini') == $row['id'])
+				|| (Settings::Get('phpfpm.enabled') == '1'
+				&& Settings::Get('phpfpm.defaultini') == $row['id'])
+			) {
+				$row['description'] = '<b>'.$row['description'].'</b>';
+			}
+
 			$count ++;
 			eval("\$tablecontent.=\"" . getTemplate("phpconfig/overview_overview") . "\";");
 		}
@@ -96,6 +115,7 @@ if ($page == 'overview') {
 					$file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/');
 					$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', ''));
 					$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', ''));
+					$mod_fcgid_umask = validate($_POST['mod_fcgid_umask'], 'mod_fcgid_umask', '/^[0-9]*$/');
 					// disable fpm stuff
 					$fpm_enableslowlog = 0;
 					$fpm_reqtermtimeout = 0;
@@ -110,6 +130,7 @@ if ($page == 'overview') {
 					$file_extensions = 'php';
 					$mod_fcgid_starter = 0;
 					$mod_fcgid_maxrequests = 0;
+					$mod_fcgid_umask = "022";
 				}

 				if (strlen($description) == 0
@@ -125,6 +146,7 @@ if ($page == 'overview') {
 						`file_extensions` = :fext,
 						`mod_fcgid_starter` = :starter,
 						`mod_fcgid_maxrequests` = :mreq,
+						`mod_fcgid_umask` = :umask,
 						`fpm_slowlog` = :fpmslow,
 						`fpm_reqterm` = :fpmreqterm,
 						`fpm_reqslow` = :fpmreqslow,
@@ -136,6 +158,7 @@ if ($page == 'overview') {
 					'fext' => $file_extensions,
 					'starter' => $mod_fcgid_starter,
 					'mreq' => $mod_fcgid_maxrequests,
+					'umask' => $mod_fcgid_umask,
 					'fpmslow' => $fpm_enableslowlog,
 					'fpmreqterm' => $fpm_reqtermtimeout,
 					'fpmreqslow' => $fpm_reqslowtimeout,
@@ -173,6 +196,22 @@ if ($page == 'overview') {
 		);
 		$result = Database::pexecute_first($result_stmt, array('id' => $id));

+		if ((Settings::Get('system.mod_fcgid') == '1'
+			&& Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $id)
+			|| (Settings::Get('phpfpm.enabled') == '1'
+			&& Settings::Get('phpfpm.vhost_defaultini') == $id)
+		) {
+			standard_error('cannotdeletehostnamephpconfig');
+		}
+
+		if ((Settings::Get('system.mod_fcgid') == '1'
+			&& Settings::Get('system.mod_fcgid_defaultini') == $id)
+			|| (Settings::Get('phpfpm.enabled') == '1'
+			&& Settings::Get('phpfpm.defaultini') == $id)
+		) {
+			standard_error('cannotdeletedefaultphpconfig');
+		}
+
 		if ($result['id'] != 0
 			&& $result['id'] == $id
 			&& (int)$userinfo['change_serversettings'] == 1
@@ -186,7 +225,7 @@ if ($page == 'overview') {
 				// config that is to be deleted
 				$upd_stmt = Database::prepare("
 					UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
-					`phpsettingid` = 1 WHERE `phpsettingid` = :id"
+					`phpsettingid` = '1' WHERE `phpsettingid` = :id"
 				);
 				Database::pexecute($upd_stmt, array('id' => $id));

@@ -230,6 +269,7 @@ if ($page == 'overview') {
 					$file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/');
 					$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', ''));
 					$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', ''));
+					$mod_fcgid_umask = validate($_POST['mod_fcgid_umask'], 'mod_fcgid_umask', '/^[0-9]*$/');
 					// disable fpm stuff
 					$fpm_enableslowlog = 0;
 					$fpm_reqtermtimeout = 0;
@@ -244,6 +284,7 @@ if ($page == 'overview') {
 					$file_extensions = 'php';
 					$mod_fcgid_starter = 0;
 					$mod_fcgid_maxrequests = 0;
+					$mod_fcgid_umask = "022";
 				}

 				if (strlen($description) == 0
@@ -259,6 +300,7 @@ if ($page == 'overview') {
 						`file_extensions` = :fext,
 						`mod_fcgid_starter` = :starter,
 						`mod_fcgid_maxrequests` = :mreq,
+						`mod_fcgid_umask` = :umask,
 						`fpm_slowlog` = :fpmslow,
 						`fpm_reqterm` = :fpmreqterm,
 						`fpm_reqslow` = :fpmreqslow,
@@ -271,6 +313,7 @@ if ($page == 'overview') {
 						'fext' => $file_extensions,
 						'starter' => $mod_fcgid_starter,
 						'mreq' => $mod_fcgid_maxrequests,
+						'umask' => $mod_fcgid_umask,
 						'fpmslow' => $fpm_enableslowlog,
 						'fpmreqterm' => $fpm_reqtermtimeout,
 						'fpmreqslow' => $fpm_reqslowtimeout,
--- a/admin_settings.php
+++ b/admin_settings.php
@@ -54,7 +54,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 			$settings_part = false;
 			$only_enabledisable = true;
 		}
-		
+
 		// check if the session timeout is too low #815
 		if (isset($_POST['session_sessiontimeout'])
 			&& $_POST['session_sessiontimeout'] < 60
@@ -105,14 +105,14 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 } elseif($page == 'phpinfo'
 	&& $userinfo['change_serversettings'] == '1'
 ) {
-		ob_start();
-		phpinfo();
-		$phpinfo = array('phpinfo' => array());
-		if (preg_match_all(
-				'#(?:<h2>(?:<a name=".*?">)?(.*?)(?:</a>)?</h2>)|(?:<tr(?: class=".*?")?><t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>(?:<t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>(?:<t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>)?)?</tr>)#s',
-				ob_get_clean(), $matches, PREG_SET_ORDER
-			)
-		) {
+	ob_start();
+	phpinfo();
+	$phpinfo = array('phpinfo' => array());
+	if (preg_match_all(
+			'#(?:<h2>(?:<a name=".*?">)?(.*?)(?:</a>)?</h2>)|(?:<tr(?: class=".*?")?><t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>(?:<t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>(?:<t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>)?)?</tr>)#s',
+			ob_get_clean(), $matches, PREG_SET_ORDER
+		)
+	) {
 		foreach ($matches as $match) {
 			$end = array_keys($phpinfo);
 			$end = end($end);
@@ -143,6 +143,8 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 			eval("\$phpinfohtml .= \"" . getTemplate("settings/phpinfo/phpinfo_table") . "\";");
 		}
 		$phpinfo = $phpinfohtml;
+	} else {
+		standard_error($lng['error']['no_phpinfo']);
 	}
 	eval("echo \"" . getTemplate("settings/phpinfo") . "\";");

@@ -158,6 +160,8 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		inserttask('10');
 		// Using nameserver, insert a task which rebuilds the server config
 		inserttask('4');
+		// cron.d file
+		inserttask('99');

 		standard_success('rebuildingconfigs', '', array('filename' => 'admin_index.php'));

@@ -202,7 +206,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		$log->logAction(ADM_ACTION, LOG_WARNING, "wiped all cleartext mail passwords");
 		Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = '';");
 		Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '0' WHERE `settinggroup` = 'system' AND `varname` = 'mailpwcleartext'");
-		redirectTo('admin_settings.php', array('s' => $s));
+		redirectTo($filename, array('s' => $s));

 	} else {
 		ask_yesno('admin_cleartextmailpws_reallywipe', $filename, array('page' => $page));
@@ -221,7 +225,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		// Set the quota to 0 which means unlimited
 		Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `quota` = '0';");
 		Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_quota_used` = '0'");
-		redirectTo('admin_settings.php', array('s' => $s));
+		redirectTo($filename, array('s' => $s));

 	} else {
 		ask_yesno('admin_quotas_reallywipe', $filename, array('page' => $page));
@@ -259,7 +263,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		// Update the Customer, if the used quota is bigger than the allowed quota
 		Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_quota` = `email_quota_used` WHERE `email_quota` < `email_quota_used`");
 		$log->logAction(ADM_ACTION, LOG_WARNING, 'enforcing mailquota to all customers: ' . Settings::Get('system.mail_quota') . ' MB');
-		redirectTo('admin_settings.php', array('s' => $s));
+		redirectTo($filename, array('s' => $s));

 	} else {
 		ask_yesno('admin_quotas_reallyenforce', $filename, array('page' => $page));
@@ -281,6 +285,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 	foreach ($integrity->available as $id => $check) {
 		$displayid = $id + 1;
 		$result = $integrity->$check();
+		$checkdesc = $lng['integrity_check'][$check];
 		eval("\$integritycheck.=\"" . getTemplate("settings/integritycheck_row") . "\";");
 	}
 	eval("echo \"" . getTemplate("settings/integritycheck") . "\";");
--- a/admin_templates.php
+++ b/admin_templates.php
@@ -201,7 +201,6 @@ if ($action == '') {

 	} else {
 		standard_error('templatenotfound');
-		exit;
 	}

 } elseif($action == 'add') {
@@ -214,24 +213,23 @@ if ($action == '') {
 		&& $_POST['prepare'] == 'prepare'
 	) {
 		//email templates
-		$language = validate($_POST['language'], 'language');
-		$templates = array();
-		$result_stmt = Database::prepare("
-			SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
-			WHERE `adminid`= :adminid AND `language`= :lang
-			AND `templategroup` = 'mails' AND `varname` LIKE '%_subject'"
-		);
-		Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'lang' => $language));
+		$language = htmlentities(validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
+		$template = validate($_POST['template'], 'template');

-		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
-			$templates[] = str_replace('_subject', '', $row['varname']);
+		$lng_bak = $lng;
+		foreach ($langs['English'] as $key => $value) {
+			include_once makeSecurePath($value['file']);
+		}
+		if ($language != 'English') {
+			foreach ($langs[$language] as $key => $value) {
+				include makeSecurePath($value['file']);
+			}
 		}

-		$templates = array_diff($available_templates, $templates);
-		$template_options = '';
-		foreach ($templates as $template) {
-			$template_options.= makeoption($lng['admin']['templates'][$template], $template, NULL, true);
-		}
+		$subject = $lng['mails'][$template]['subject'];
+		$body = str_replace('\n', "\n", $lng['mails'][$template]['mailbody']);
+
+		$lng = $lng_bak;

 		$template_add_data = include_once dirname(__FILE__).'/lib/formfields/admin/templates/formfield.template_add.php';
 		$template_add_form = htmlform::genHTMLForm($template_add_data);
@@ -245,7 +243,7 @@ if ($action == '') {
 		&& $_POST['send'] == 'send'
 	) {
 		//email templates
-		$language = validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect');
+		$language = htmlentities(validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
 		$template = validate($_POST['template'], 'template');
 		$subject = validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
 		$mailbody = validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
@@ -328,6 +326,7 @@ if ($action == '') {
 		//email templates
 		$add = false;
 		$language_options = '';
+		$template_options = '';

 		while (list($language_file, $language_name) = each($languages)) {
 			$templates = array();
@@ -344,7 +343,13 @@ if ($action == '') {

 			if (count(array_diff($available_templates, $templates)) > 0) {
 				$add = true;
-				$language_options.= makeoption($language_name, $language_file, $userinfo['language'], true);
+				$language_options.= makeoption($language_name, $language_file, $userinfo['language'], true, true);
+
+				$templates = array_diff($available_templates, $templates);
+
+				foreach ($templates as $template) {
+					$template_options.= makeoption($lng['admin']['templates'][$template], $template, NULL, true, true, $language_file) . "\n";
+				}
 			}
 		}

@@ -352,7 +357,6 @@ if ($action == '') {
 			eval("echo \"" . getTemplate("templates/templates_add_1") . "\";");
 		} else {
 			standard_error('alltemplatesdefined');
-			exit;
 		}

 	} else {
@@ -365,7 +369,6 @@ if ($action == '') {

 		if (Database::num_rows() == count($file_templates)) {
 			standard_error('alltemplatesdefined');
-			exit;

 		} else {

@@ -443,7 +446,11 @@ if ($action == '') {
 			);
 			Database::pexecute($result_stmt, array('id' => $mailbodyid));
 			$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
+			
+			$template_name = str_replace('_mailbody', '', $result['varname']);

+			// don't escape the already escaped language-string so save up before htmlentities()
+			$language = $result['language'];
 			$result = htmlentities_array($result);
 			$mailbody = $result['value'];

@@ -504,6 +511,5 @@ if ($action == '') {

 	} else {
 		standard_error('templatenotfound');
-		exit;
 	}
 }
--- a/admin_tickets.php
+++ b/admin_tickets.php
@@ -158,8 +158,10 @@ if ($page == 'tickets'
 					}

 					$row['subject'] = html_entity_decode($row['subject']);
-					if (strlen($row['subject']) > 20) {
-						$row['subject'] = substr($row['subject'], 0, 17) . '...';
+					if (strlen($row['subject']) > 30) {
+						$ts = wordwrap($row['subject'], 30, "|");
+						$ts = explode("|", $ts);
+						$row['subject'] = $ts[0]. '...';
 					}

 					eval("\$tickets.=\"" . getTemplate("tickets/tickets_tickets") . "\";");
--- a/admin_traffic.php
+++ b/admin_traffic.php
@@ -27,7 +27,6 @@ if ($action == 'logout') {
 	);
 	Database::pexecute($logout_stmt, array('adminid' => $userinfo['adminid']));
 	redirectTo('index.php');
-	exit;
 }

 if (isset($_POST['id'])) {
--- a/admin_updates.php
+++ b/admin_updates.php
@@ -54,7 +54,7 @@ if ($page == 'overview') {
 		}
 	}

-	if (hasUpdates($version)) {
+	if (hasDbUpdates($dbversion) || hasUpdates($version)) {
 		$successful_update = false;
 		$message = '';

@@ -67,33 +67,44 @@ if ($page == 'overview') {
 				|| !isset($_POST['update_preconfig'])
 			) {
 				eval("echo \"" . getTemplate('update/update_start') . "\";");
-	
+
 				include_once './install/updatesql.php';
-	
+
 				$redirect_url = 'admin_index.php?s=' . $s;
 				eval("echo \"" . getTemplate('update/update_end') . "\";");
-	
+
 				updateCounters();
 				inserttask('1');
 				@chmod('./lib/userdata.inc.php', 0440);
-				
+
 				$successful_update = true;
 			} else {
-				$message = '<br /><strong style="color: red">You have to agree that you have read the update notifications.</strong>';
+				$message = '<br /><strong class="red">You have to agree that you have read the update notifications.</strong>';
 			}
 		}

 		if (!$successful_update) {
 			$current_version = Settings::Get('panel.version');
+			$current_db_version = Settings::Get('panel.db_version');
+			if (empty($current_db_version)) {
+			    $current_db_version = "0";
+			}
 			$new_version = $version;
+			$new_db_version = $dbversion;

 			$ui_text = $lng['update']['update_information']['part_a'];
-			$ui_text = str_replace('%curversion', $current_version, $ui_text);
-			$ui_text = str_replace('%newversion', $new_version, $ui_text);
+			if ($version != $current_version) {
+			     $ui_text = str_replace('%curversion', $current_version, $ui_text);
+			     $ui_text = str_replace('%newversion', $new_version, $ui_text);
+			} else {
+			    // show db version
+			    $ui_text = str_replace('%curversion', $current_db_version, $ui_text);
+			    $ui_text = str_replace('%newversion', $new_db_version, $ui_text);
+			}
 			$update_information = $ui_text;

 			include_once './install/updates/preconfig.php';
-			$preconfig = getPreConfig($current_version);
+			$preconfig = getPreConfig($current_version, $current_db_version);
 			if ($preconfig != '') {
 				$update_information .= '<br />' . $preconfig . $message;
 			}
--- a/cache/.gitignore
+++ b/cache/.gitignore
@@ -1 +0,0 @@
-*
--- a/css/images/animated-overlay.gif
+++ b/css/images/animated-overlay.gif
--- a/css/images/ui-bg_diagonals-thick_18_b81900_40x40.png
+++ b/css/images/ui-bg_diagonals-thick_18_b81900_40x40.png
--- a/css/images/ui-bg_diagonals-thick_20_666666_40x40.png
+++ b/css/images/ui-bg_diagonals-thick_20_666666_40x40.png
--- a/css/images/ui-bg_flat_10_000000_40x100.png
+++ b/css/images/ui-bg_flat_10_000000_40x100.png
--- a/css/images/ui-bg_glass_100_f6f6f6_1x400.png
+++ b/css/images/ui-bg_glass_100_f6f6f6_1x400.png
--- a/css/images/ui-bg_glass_100_fdf5ce_1x400.png
+++ b/css/images/ui-bg_glass_100_fdf5ce_1x400.png
--- a/css/images/ui-bg_glass_65_ffffff_1x400.png
+++ b/css/images/ui-bg_glass_65_ffffff_1x400.png
--- a/css/images/ui-bg_gloss-wave_35_f6a828_500x100.png
+++ b/css/images/ui-bg_gloss-wave_35_f6a828_500x100.png
--- a/css/images/ui-bg_highlight-soft_100_eeeeee_1x100.png
+++ b/css/images/ui-bg_highlight-soft_100_eeeeee_1x100.png
--- a/css/images/ui-bg_highlight-soft_75_ffe45c_1x100.png
+++ b/css/images/ui-bg_highlight-soft_75_ffe45c_1x100.png
--- a/css/images/ui-icons_222222_256x240.png
+++ b/css/images/ui-icons_222222_256x240.png
--- a/css/images/ui-icons_228ef1_256x240.png
+++ b/css/images/ui-icons_228ef1_256x240.png
--- a/css/images/ui-icons_ef8c08_256x240.png
+++ b/css/images/ui-icons_ef8c08_256x240.png
--- a/css/images/ui-icons_ffd27a_256x240.png
+++ b/css/images/ui-icons_ffd27a_256x240.png
--- a/css/images/ui-icons_ffffff_256x240.png
+++ b/css/images/ui-icons_ffffff_256x240.png
--- a/css/jquery-ui.min.css
+++ b/css/jquery-ui.min.css
--- a/customer_domains.php
+++ b/customer_domains.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','domains')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -36,7 +41,7 @@ if ($page == 'overview') {
 			'd.domain' => $lng['domains']['domainname']
 		);
 		$paging = new paging($userinfo, TABLE_PANEL_DOMAINS, $fields);
-		$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d`
+		$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isbinddomain`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `d`.`letsencrypt`, `d`.`termination_date`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `da` ON `da`.`aliasdomain`=`d`.`id`
 			WHERE `d`.`customerid`= :customerid
@@ -87,6 +92,18 @@ if ($page == 'overview') {
 				}
 			}

+			$row['termination_date'] = str_replace("0000-00-00", "", $row['termination_date']);
+			if($row['termination_date'] != "") {
+				$cdate = strtotime($row['termination_date'] . " 23:59:59");
+				$today = time();
+
+				if($cdate < $today) {
+					$row['termination_css'] = 'domain-expired';
+				} else {
+					$row['termination_css'] = 'domain-canceled';
+				}
+			}
+
 			$domains_count++;
 			$domain_array[$row['domain']] = $row;
 		}
@@ -102,6 +119,11 @@ if ($page == 'overview') {
 			if ($row['parentdomainid'] == 0) {
 				$domain_sort_array[$sortkey][$sortkey] = $row;
 			} else {
+				// when searching and the results are subdomains only, we need to get
+				// the parent domain to this subdomain
+				if (!isset($domain_id_array[$row['parentdomainid']])) {
+				    $domain_id_array[$row['parentdomainid']] = "[parent-domain]";
+				}
 				$domain_sort_array[$domain_id_array[$row['parentdomainid']]][$sortkey] = $row;
 			}
 		}
@@ -117,13 +139,16 @@ if ($page == 'overview') {
 		$i = 0;
 		foreach ($domain_sort_array as $sortkey => $domain_array) {
 			if ($paging->checkDisplay($i)) {
-				$row = htmlentities_array($domain_array[$sortkey]);
-				if (Settings::Get('system.awstats_enabled') == '1') {
-					$statsapp = 'awstats';
-				} else {
-					$statsapp = 'webalizer';
+
+				if (isset($domain_array[$sortkey])) {
+					$row = htmlentities_array($domain_array[$sortkey]);
+					if (Settings::Get('system.awstats_enabled') == '1') {
+					   $statsapp = 'awstats';
+					} else {
+					   $statsapp = 'webalizer';
+					}
+					eval("\$domains.=\"" . getTemplate("domains/domains_delimiter") . "\";");
 				}
-				eval("\$domains.=\"" . getTemplate("domains/domains_delimiter") . "\";");

 				if ($paging->sortfield == 'd.domain' && $paging->sortorder == 'asc') {
 					ksort($domain_array);
@@ -133,12 +158,12 @@ if ($page == 'overview') {

 				foreach ($domain_array as $row) {
 					if (strpos($row['documentroot'], $userinfo['documentroot']) === 0) {
-						$row['documentroot'] = makeCorrectDir(substr($row['documentroot'], strlen($userinfo['documentroot'])));
+						$row['documentroot'] = makeCorrectDir(str_replace($userinfo['documentroot'], "/", $row['documentroot']));
 					}

 					// get ssl-ips if activated
 					$show_ssledit = false;
-					if (Settings::Get('system.use_ssl') == '1' && domainHasSslIpPort($row['id']) && $row['caneditdomain'] == '1') {
+					if (Settings::Get('system.use_ssl') == '1' && domainHasSslIpPort($row['id']) && $row['caneditdomain'] == '1' && $row['letsencrypt'] == 0) {
 						$show_ssledit = true;
 					}
 					$row = htmlentities_array($row);
@@ -151,7 +176,7 @@ if ($page == 'overview') {

 		eval("echo \"" . getTemplate("domains/domainlist") . "\";");
 	} elseif ($action == 'delete' && $id != 0) {
-		$stmt = Database::prepare("SELECT `id`, `customerid`, `domain`, `documentroot`, `isemaildomain`, `parentdomainid` FROM `" . TABLE_PANEL_DOMAINS . "`
+		$stmt = Database::prepare("SELECT `id`, `customerid`, `domain`, `documentroot`, `isemaildomain`, `parentdomainid`, `aliasdomain` FROM `" . TABLE_PANEL_DOMAINS . "`
 			WHERE `customerid` = :customerid
 			AND `id` = :id"
 		);
@@ -177,6 +202,8 @@ if ($page == 'overview') {
 					}
 				}

+				triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
+
 				$log->logAction(USR_ACTION, LOG_INFO, "deleted subdomain '" . $idna_convert->decode($result['domain']) . "'");
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE
 					`customerid` = :customerid
@@ -203,6 +230,20 @@ if ($page == 'overview') {
 				);
 				Database::pexecute($del_stmt, array('domainid' => $id));

+				// remove certificate from domain_ssl_settings, fixes #1596
+				$del_stmt = Database::prepare("
+					DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
+					WHERE `domainid` = :domainid"
+				);
+				Database::pexecute($del_stmt, array('domainid' => $id));
+
+				// remove possible existing DNS entries
+				$del_stmt = Database::prepare("
+					DELETE FROM `" . TABLE_DOMAIN_DNS . "`
+					WHERE `domain_id` = :domainid
+				");
+				Database::pexecute($del_stmt, array('domainid' => $id));
+
 				inserttask('1');

 				// Using nameserver, insert a task which rebuilds the server config
@@ -218,6 +259,11 @@ if ($page == 'overview') {
 	} elseif ($action == 'add') {
 		if ($userinfo['subdomains_used'] < $userinfo['subdomains'] || $userinfo['subdomains'] == '-1') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+
+				if (strpos($_POST['subdomain'], '--') !== false) {
+					standard_error('domain_nopunycode');
+				}
+
 				$subdomain = $idna_convert->encode(preg_replace(array('/\:(\d)+$/', '/^https?\:\/\//'), '', validate($_POST['subdomain'], 'subdomain', '', 'subdomainiswrong')));
 				$domain = $idna_convert->encode($_POST['domain']);
 				$domain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "`
@@ -230,6 +276,11 @@ if ($page == 'overview') {
 				$domain_check = Database::pexecute_first($domain_stmt, array("domain" => $domain, "customerid" => $userinfo['customerid']));

 				$completedomain = $subdomain . '.' . $domain;
+
+				if ($completedomain == Settings::Get('system.hostname')) {
+					standard_error('admin_domain_emailsystemhostname');
+				}
+
 				$completedomain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `domain` = :domain
 					AND `customerid` = :customerid
@@ -258,6 +309,7 @@ if ($page == 'overview') {
 						ORDER BY `d`.`domain` ASC;"
 					);
 					$aliasdomain_check = Database::pexecute_first($aliasdomain_stmt, array("id" => $aliasdomain, "customerid" => $userinfo['customerid']));
+					triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
 				}

 				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
@@ -289,15 +341,32 @@ if ($page == 'overview') {

 				$ssl_redirect = '0';
 				if (isset($_POST['ssl_redirect']) && $_POST['ssl_redirect'] == '1') {
-					// a ssl-redirect only works of there actually is a
+					// a ssl-redirect only works if there actually is a
 					// ssl ip/port assigned to the domain
 					if (domainHasSslIpPort($domain_check['id']) == true) {
 						$ssl_redirect = '1';
+						$_doredirect = true;
 					} else {
 						standard_error('sslredirectonlypossiblewithsslipport');
 					}
 				}

+				$letsencrypt = '0';
+				if (isset($_POST['letsencrypt']) && $_POST['letsencrypt'] == '1') {
+					// let's encrypt only works if there actually is a
+					// ssl ip/port assigned to the domain
+					if (domainHasSslIpPort($domain_check['id']) == true) {
+						$letsencrypt = '1';
+					} else {
+						standard_error('letsencryptonlypossiblewithsslipport');
+					}
+				}
+
+				// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
+				if ($ssl_redirect > 0 && $letsencrypt == 1) {
+					$ssl_redirect = 2;
+				}
+
 				if ($path == '') {
 					standard_error('patherror');
 				} elseif ($subdomain == '') {
@@ -339,7 +408,8 @@ if ($page == 'overview') {
 						`speciallogfile` = :speciallogfile,
 						`specialsettings` = :specialsettings,
 						`ssl_redirect` = :ssl_redirect,
-						`phpsettingid` = :phpsettingid"
+						`phpsettingid` = :phpsettingid,
+						`letsencrypt` = :letsencrypt"
 					);
 					$params = array(
 						"customerid" => $userinfo['customerid'],
@@ -355,7 +425,8 @@ if ($page == 'overview') {
 						"speciallogfile" => $domain_check['speciallogfile'],
 						"specialsettings" => $domain_check['specialsettings'],
 						"ssl_redirect" => $ssl_redirect,
-						"phpsettingid" => $phpsid_result['phpsettingid']
+						"phpsettingid" => $phpsid_result['phpsettingid'],
+						"letsencrypt" => $letsencrypt
 					);
 					Database::pexecute($stmt, $params);

@@ -388,7 +459,7 @@ if ($page == 'overview') {
 					redirectTo($filename, array('page' => $page, 's' => $s));
 				}
 			} else {
-				$stmt = Database::prepare("SELECT `id`, `domain`, `documentroot`, `ssl_redirect`,`isemaildomain` FROM `" . TABLE_PANEL_DOMAINS . "`
+				$stmt = Database::prepare("SELECT `id`, `domain`, `documentroot`, `ssl_redirect`,`isemaildomain`,`letsencrypt` FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `customerid` = :customerid
 					AND `parentdomainid` = '0'
 					AND `email_only` = '0'
@@ -406,6 +477,7 @@ if ($page == 'overview') {
 				$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`domain` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c`
 					WHERE `d`.`aliasdomain` IS NULL
 					AND `d`.`id` <> `c`.`standardsubdomain`
+					AND `d`.`parentdomainid` = '0'
 					AND `d`.`customerid`=`c`.`customerid`
 					AND `d`.`email_only`='0'
 					AND `d`.`customerid`= :customerid
@@ -448,8 +520,8 @@ if ($page == 'overview') {
 		}
 	} elseif ($action == 'edit' && $id != 0) {

-		$stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`wwwserveralias`, `d`.`iswildcarddomain`,
-			`d`.`parentdomainid`, `d`.`ssl_redirect`, `d`.`aliasdomain`, `d`.`openbasedir`, `d`.`openbasedir_path`, `pd`.`subcanemaildomain`
+		$stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`isbinddomain`, `d`.`wwwserveralias`, `d`.`iswildcarddomain`,
+			`d`.`parentdomainid`, `d`.`ssl_redirect`, `d`.`aliasdomain`, `d`.`openbasedir`, `d`.`openbasedir_path`, `d`.`letsencrypt`, `pd`.`subcanemaildomain`
 			FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_DOMAINS . "` `pd`
 			WHERE `d`.`customerid` = :customerid
 			AND `d`.`id` = :id
@@ -491,7 +563,7 @@ if ($page == 'overview') {

 				$aliasdomain = intval($_POST['alias']);

-				if (isset($_POST['selectserveralias']) && $result['parentdomainid'] == '0' ) {
+				if (isset($_POST['selectserveralias'])) {
 					$iswildcarddomain = ($_POST['selectserveralias'] == '0') ? '1' : '0';
 					$wwwserveralias = ($_POST['selectserveralias'] == '1') ? '1' : '0';
 				} else {
@@ -529,10 +601,11 @@ if ($page == 'overview') {
 				}

 				if (isset($_POST['ssl_redirect']) && $_POST['ssl_redirect'] == '1') {
-					// a ssl-redirect only works of there actually is a
+					// a ssl-redirect only works if there actually is a
 					// ssl ip/port assigned to the domain
 					if (domainHasSslIpPort($id) == true) {
 						$ssl_redirect = '1';
+						$_doredirect = true;
 					} else {
 						standard_error('sslredirectonlypossiblewithsslipport');
 					}
@@ -540,6 +613,28 @@ if ($page == 'overview') {
 					$ssl_redirect = '0';
 				}

+				if (isset($_POST['letsencrypt']) && $_POST['letsencrypt'] == '1') {
+					// let's encrypt only works if there actually is a
+					// ssl ip/port assigned to the domain
+					if (domainHasSslIpPort($id) == true) {
+						$letsencrypt = '1';
+					} else {
+						standard_error('letsencryptonlypossiblewithsslipport');
+					}
+				} else {
+					$letsencrypt = '0';
+				}
+
+				// We can't enable let's encrypt for wildcard - domains
+				if ($iswildcarddomain == '1' && $letsencrypt == '1') {
+				    standard_error('nowildcardwithletsencrypt');
+				}
+
+				// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
+				if ($ssl_redirect > 0 && $letsencrypt == 1 && $result['letsencrypt'] != $letsencrypt) {
+					$ssl_redirect = 2;
+				}
+
 				if ($path == '') {
 					standard_error('patherror');
 				} else {
@@ -563,7 +658,8 @@ if ($page == 'overview') {
 						|| $iswildcarddomain != $result['iswildcarddomain']
 						|| $aliasdomain != $result['aliasdomain']
 						|| $openbasedir_path != $result['openbasedir_path']
-						|| $ssl_redirect != $result['ssl_redirect']) {
+						|| $ssl_redirect != $result['ssl_redirect']
+						|| $letsencrypt != $result['letsencrypt']) {
 						$log->logAction(USR_ACTION, LOG_INFO, "edited domain '" . $idna_convert->decode($result['domain']) . "'");

 						$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
@@ -573,7 +669,8 @@ if ($page == 'overview') {
 							`iswildcarddomain`= :iswildcarddomain,
 							`aliasdomain`= :aliasdomain,
 							`openbasedir_path`= :openbasedir_path,
-							`ssl_redirect`= :ssl_redirect
+							`ssl_redirect`= :ssl_redirect,
+							`letsencrypt`= :letsencrypt
 							WHERE `customerid`= :customerid
 							AND `id`= :id"
 						);
@@ -585,10 +682,22 @@ if ($page == 'overview') {
 							"aliasdomain" => ($aliasdomain != 0 && $alias_check == 0) ? $aliasdomain : null,
 							"openbasedir_path" => $openbasedir_path,
 							"ssl_redirect" => $ssl_redirect,
+							"letsencrypt" => $letsencrypt,
 							"customerid" => $userinfo['customerid'],
 							"id" => $id
 						);
 						Database::pexecute($stmt, $params);
+
+						if ($result['aliasdomain'] != $aliasdomain) {
+							// trigger when domain id for alias destination has changed: both for old and new destination
+							triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
+							triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
+						} else
+							if ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
+								// or when wwwserveralias or letsencrypt was changed
+								triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
+							}
+
 						inserttask('1');

 						// Using nameserver, insert a task which rebuilds the server config
@@ -607,6 +716,7 @@ if ($page == 'overview') {
 					WHERE `d`.`aliasdomain` IS NULL
 					AND `d`.`id` <> :id
 					AND `c`.`standardsubdomain` <> `d`.`id`
+					AND `d`.`parentdomainid` = '0'
 					AND `d`.`customerid` = :customerid
 					AND `c`.`customerid` = `d`.`customerid`
 					AND `d`.`id` = `dip`.`id_domain`
@@ -653,6 +763,10 @@ if ($page == 'overview') {
 					$ssl_ipsandports = 'notempty';
 				}

+				// Fudge the result for ssl_redirect to hide the Let's Encrypt steps
+				$result['temporary_ssl_redirect'] = $result['ssl_redirect'];
+				$result['ssl_redirect'] = ($result['ssl_redirect'] == 0 ? 0 : 1);
+
 				$openbasedir = makeoption($lng['domain']['docroot'], 0, $result['openbasedir_path'], true) . makeoption($lng['domain']['homedir'], 1, $result['openbasedir_path'], true);

 				// create serveralias options
@@ -811,4 +925,7 @@ if ($page == 'overview') {

 		eval("echo \"" . getTemplate("domains/domain_ssleditor") . "\";");
 	}
+} elseif ($page == 'domaindnseditor' && $userinfo['dnsenabled'] == '1' && Settings::Get('system.dnsenabled') == '1') {
+
+	require_once __DIR__.'/dns_editor.php';
 }
--- a/customer_email.php
+++ b/customer_email.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','email')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -244,7 +249,6 @@ if ($page == 'overview') {
 					standard_error('emailexistalready', $email_full);
 				} elseif ($email_check['email'] == $email) {
 					standard_error('youhavealreadyacatchallforthisdomain');
-					exit;
 				} else {
 					$stmt = Database::prepare("INSERT INTO `" . TABLE_MAIL_VIRTUAL . "`
 						(`customerid`, `email`, `email_full`, `iscatchall`, `domainid`)
@@ -377,7 +381,6 @@ if ($page == 'overview') {

 					if ($email_check['email'] == $email) {
 						standard_error('youhavealreadyacatchallforthisdomain');
-						exit;
 					} else {
 						$stmt = Database::prepare("UPDATE `" . TABLE_MAIL_VIRTUAL . "`
 							SET `email` = :email , `iscatchall` = '1'
@@ -414,10 +417,11 @@ if ($page == 'overview') {
 				standard_error('notallowedtouseaccounts');
 			}

-			$stmt = Database::prepare("SELECT `id`, `email`, `email_full`, `iscatchall`, `destination`, `customerid`, `popaccountid`, `domainid` FROM `" . TABLE_MAIL_VIRTUAL . "`
-				WHERE `customerid`= :cid
-				AND `id`= :id"
-			);
+			$stmt = Database::prepare("
+			    SELECT `id`, `email`, `email_full`, `iscatchall`, `destination`, `customerid`, `popaccountid`, `domainid`
+			    FROM `" . TABLE_MAIL_VIRTUAL . "`
+			    WHERE `customerid`= :cid AND `id`= :id
+			");
 			$result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'], "id" => $id));

 			if (isset($result['email']) && $result['email'] != '' && $result['popaccountid'] == '0') {
@@ -446,9 +450,12 @@ if ($page == 'overview') {
 					}
 					elseif ($password == '' && !(Settings::Get('panel.sendalternativemail') == 1 && validateEmail($alternative_email))) {
 						standard_error(array('stringisempty', 'mypassword'));
+					}
+					elseif ($password == $email_full) {
+						standard_error('passwordshouldnotbeusername');
 					} else {
 						if ($password == '') {
-							$password = substr(md5(uniqid(microtime(), 1)), 12, 6);
+							$password = generatePassword();
 						}

 						$cryptPassword = makeCryptPassword($password);
@@ -458,7 +465,9 @@ if ($page == 'overview') {
 						$maildirname=trim(Settings::Get('system.vmail_maildirname'));
 						// Add trailing slash to Maildir if needed
 						$maildirpath=$maildirname;
-						if (!empty($maildirname) and substr($maildirname,-1) != "/") $maildirpath.="/";
+						if (!empty($maildirname) && substr($maildirname,-1) != "/") {
+							$maildirpath.="/";
+						}

 						$stmt = Database::prepare("INSERT INTO `" . TABLE_MAIL_USERS . "`
 							(`customerid`, `email`, `username`, " . (Settings::Get('system.mailpwcleartext') == '1' ? '`password`, ' : '') . " `password_enc`, `homedir`, `maildir`, `uid`, `gid`, `domainid`, `postfix`, `quota`, `imap`, `pop3`) ".
@@ -592,7 +601,7 @@ if ($page == 'overview') {

 							if ($_mailerror) {
 								$log->logAction(USR_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
-								standard_error(array('errorsendingmail', $alternative_email));
+								standard_error(array('errorsendingmail'), $alternative_email);
 							}

 							$mail->ClearAddresses();
@@ -601,6 +610,11 @@ if ($page == 'overview') {
 						redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
 					}
 				} else {
+
+					if (checkMailAccDeletionState($result['email_full'])) {
+					   standard_error(array('mailaccistobedeleted'), $result['email_full']);
+					}
+
 					$result['email_full'] = $idna_convert->decode($result['email_full']);
 					$result = htmlentities_array($result);
 					$quota = Settings::Get('system.mail_quota');
@@ -630,7 +644,9 @@ if ($page == 'overview') {

 				if ($password == '') {
 					standard_error(array('stringisempty', 'mypassword'));
-					exit;
+				}
+				elseif ($password == $result['email_full']) {
+					standard_error('passwordshouldnotbeusername');
 				}

 				$password = validatePassword($password);
@@ -887,5 +903,3 @@ if ($page == 'overview') {
 		}
 	}
 }
-
-?>
--- a/customer_extras.php
+++ b/customer_extras.php
@@ -16,10 +16,14 @@
 * @package    Panel
 *
 */
-
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','extras')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -30,6 +34,12 @@ if ($page == 'overview') {
 	$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras");
 	eval("echo \"" . getTemplate("extras/extras") . "\";");
 } elseif ($page == 'htpasswds') {
+
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.directoryprotection')) {
+		redirectTo('customer_index.php');
+	}
+
 	if ($action == '') {
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htpasswds");
 		$fields = array(
@@ -38,9 +48,10 @@ if ($page == 'overview') {
 		);
 		$paging = new paging($userinfo, TABLE_PANEL_HTPASSWDS, $fields);
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
-			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
+			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid']
+		));
 		$paging->setEntries(Database::num_rows());
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
@@ -53,43 +64,54 @@ if ($page == 'overview') {
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			if ($paging->checkDisplay($i)) {
 				if (strpos($row['path'], $userinfo['documentroot']) === 0) {
-					$row['path'] = substr($row['path'], strlen($userinfo['documentroot']));
+					$row['path'] = str_replace($userinfo['documentroot'], "/", $row['path']);
 				}
-
+				$row['path'] = makeCorrectDir($row['path']);
 				$row = htmlentities_array($row);
 				eval("\$htpasswds.=\"" . getTemplate("extras/htpasswds_htpasswd") . "\";");
-				$count++;
+				$count ++;
 			}

-			$i++;
+			$i ++;
 		}

 		eval("echo \"" . getTemplate("extras/htpasswds") . "\";");
 	} elseif ($action == 'delete' && $id != 0) {
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
 			WHERE `customerid`= :customerid
-			AND `id`= :id"
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+			AND `id`= :id");
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid'],
+			"id" => $id
+		));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

 		if (isset($result['username']) && $result['username'] != '') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "`
 					WHERE `customerid`= :customerid
-					AND `id`= :id"
-				);
-				Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+					AND `id`= :id");
+				Database::pexecute($stmt, array(
+					"customerid" => $userinfo['customerid'],
+					"id" => $id
+				));

 				$log->logAction(USR_ACTION, LOG_INFO, "deleted htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
 				inserttask('1');
-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
 				if (strpos($result['path'], $userinfo['documentroot']) === 0) {
-					$result['path'] = substr($result['path'], strlen($userinfo['documentroot']));
+					$result['path'] = str_replace($userinfo['documentroot'], "/", $result['path']);
 				}

-				ask_yesno('extras_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username'] . ' (' . $result['path'] . ')');
+				ask_yesno('extras_reallydelete', $filename, array(
+					'id' => $id,
+					'page' => $page,
+					'action' => $action
+				), $result['username'] . ' (' . $result['path'] . ')');
 			}
 		}
 	} elseif ($action == 'add') {
@@ -104,8 +126,7 @@ if ($page == 'overview') {
 			$username_path_check_stmt = Database::prepare("SELECT `id`, `username`, `path` FROM `" . TABLE_PANEL_HTPASSWDS . "`
 				WHERE `username`= :username
 				AND `path`= :path
-				AND `customerid`= :customerid"
-			);
+				AND `customerid`= :customerid");
 			$params = array(
 				"username" => $username,
 				"path" => $path,
@@ -121,26 +142,33 @@ if ($page == 'overview') {
 				$password = crypt($_POST['directory_password']);
 			}

-			if (!$_POST['path']) {
+			if (! $_POST['path']) {
 				standard_error('invalidpath');
 			}

 			if ($username == '') {
-				standard_error(array('stringisempty', 'myloginname'));
+				standard_error(array(
+					'stringisempty',
+					'myloginname'
+				));
 			} elseif ($username_path_check['username'] == $username && $username_path_check['path'] == $path) {
 				standard_error('userpathcombinationdupe');
 			} elseif ($_POST['directory_password'] == '') {
-				standard_error(array('stringisempty', 'mypassword'));
+				standard_error(array(
+					'stringisempty',
+					'mypassword'
+				));
 			} elseif ($path == '') {
 				standard_error('patherror');
+			} elseif ($_POST['directory_password'] == $username) {
+				standard_error('passwordshouldnotbeusername');
 			} else {
 				$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` SET
 					`customerid` = :customerid,
 					`username` = :username,
 					`password` = :password,
 					`path` = :path,
-					`authname` = :authname"
-				);
+					`authname` = :authname");
 				$params = array(
 					"customerid" => $userinfo['customerid'],
 					"username" => $username,
@@ -151,12 +179,15 @@ if ($page == 'overview') {
 				Database::pexecute($stmt, $params);
 				$log->logAction(USR_ACTION, LOG_INFO, "added htpasswd for '" . $username . " (" . $path . ")'");
 				inserttask('1');
-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			}
 		} else {
 			$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);

-			$htpasswd_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htpasswd_add.php';
+			$htpasswd_add_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.htpasswd_add.php';
 			$htpasswd_add_form = htmlform::genHTMLForm($htpasswd_add_data);

 			$title = $htpasswd_add_data['htpasswd_add']['title'];
@@ -167,9 +198,11 @@ if ($page == 'overview') {
 	} elseif ($action == 'edit' && $id != 0) {
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
 			WHERE `customerid`= :customerid
-			AND `id`= :id"
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+			AND `id`= :id");
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid'],
+			"id" => $id
+		));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

 		if (isset($result['username']) && $result['username'] != '') {
@@ -184,6 +217,10 @@ if ($page == 'overview') {
 					$password = crypt($_POST['directory_password']);
 				}

+				if ($_POST['directory_password'] == $result['username']) {
+					standard_error('passwordshouldnotbeusername');
+				}
+
 				$params = array(
 					"customerid" => $userinfo['customerid'],
 					"id" => $id
@@ -202,28 +239,30 @@ if ($page == 'overview') {
 				}

 				if ($pwd_sql != '' || $auth_sql != '') {
-					if ($pwd_sql !='' && $auth_sql != '') {
-						$pwd_sql.= ', ';
+					if ($pwd_sql != '' && $auth_sql != '') {
+						$pwd_sql .= ', ';
 					}

 					$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "`
-						SET ".$pwd_sql.$auth_sql."
+						SET " . $pwd_sql . $auth_sql . "
 						WHERE `customerid`= :customerid
-						AND `id`= :id"
-					);
+						AND `id`= :id");
 					Database::pexecute($stmt, $params);
 					$log->logAction(USR_ACTION, LOG_INFO, "edited htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
 					inserttask('1');
-					redirectTo($filename, array('page' => $page, 's' => $s));
+					redirectTo($filename, array(
+						'page' => $page,
+						's' => $s
+					));
 				}
 			} else {
 				if (strpos($result['path'], $userinfo['documentroot']) === 0) {
-					$result['path'] = substr($result['path'], strlen($userinfo['documentroot']));
+					$result['path'] = str_replace($userinfo['documentroot'], "/", $result['path']);
 				}

 				$result = htmlentities_array($result);

-				$htpasswd_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htpasswd_edit.php';
+				$htpasswd_edit_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.htpasswd_edit.php';
 				$htpasswd_edit_form = htmlform::genHTMLForm($htpasswd_edit_data);

 				$title = $htpasswd_edit_data['htpasswd_edit']['title'];
@@ -234,6 +273,12 @@ if ($page == 'overview') {
 		}
 	}
 } elseif ($page == 'htaccess') {
+
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.pathoptions')) {
+		redirectTo('customer_index.php');
+	}
+
 	if ($action == '') {
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htaccess");
 		$fields = array(
@@ -246,9 +291,10 @@ if ($page == 'overview') {
 		);
 		$paging = new paging($userinfo, TABLE_PANEL_HTACCESS, $fields);
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
-			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
+			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid']
+		));
 		$paging->setEntries(Database::num_rows());
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
@@ -263,44 +309,69 @@ if ($page == 'overview') {
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			if ($paging->checkDisplay($i)) {
 				if (strpos($row['path'], $userinfo['documentroot']) === 0) {
-					$row['path'] = substr($row['path'], strlen($userinfo['documentroot']));
-					// don't show nothing wehn it's the docroot, show slash
-					if ($row['path'] == '') { $row['path'] = '/'; }
+					$row['path'] = str_replace($userinfo['documentroot'], "/", $row['path']);
 				}
-
+				$row['path'] = makeCorrectDir($row['path']);
 				$row['options_indexes'] = str_replace('1', $lng['panel']['yes'], $row['options_indexes']);
 				$row['options_indexes'] = str_replace('0', $lng['panel']['no'], $row['options_indexes']);
 				$row['options_cgi'] = str_replace('1', $lng['panel']['yes'], $row['options_cgi']);
 				$row['options_cgi'] = str_replace('0', $lng['panel']['no'], $row['options_cgi']);
 				$row = htmlentities_array($row);
 				eval("\$htaccess.=\"" . getTemplate("extras/htaccess_htaccess") . "\";");
-				$count++;
+				$count ++;
 			}

-			$i++;
+			$i ++;
 		}

 		eval("echo \"" . getTemplate("extras/htaccess") . "\";");
 	} elseif ($action == 'delete' && $id != 0) {
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
 			WHERE `customerid` = :customerid
-			AND `id` = :id"
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+			AND `id` = :id");
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid'],
+			"id" => $id
+		));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

 		if (isset($result['customerid']) && $result['customerid'] != '' && $result['customerid'] == $userinfo['customerid']) {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				// do we have to remove the symlink and folder in suexecpath?
+				if ((int) Settings::Get('perl.suexecworkaround') == 1) {
+					$loginname = getCustomerDetail($result['customerid'], 'loginname');
+					$suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath') . '/' . $loginname . '/' . md5($result['path']) . '/');
+					$perlsymlink = makeCorrectFile($result['path'] . '/cgi-bin');
+					// remove symlink
+					if (file_exists($perlsymlink)) {
+						safe_exec('rm -f ' . escapeshellarg($perlsymlink));
+						$log->logAction(USR_ACTION, LOG_DEBUG, "deleted suexecworkaround symlink '" . $perlsymlink . "'");
+					}
+					// remove folder in suexec-path
+					if (file_exists($suexecpath)) {
+						safe_exec('rm -rf ' . escapeshellarg($suexecpath));
+						$log->logAction(USR_ACTION, LOG_DEBUG, "deleted suexecworkaround path '" . $suexecpath . "'");
+					}
+				}
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTACCESS . "`
 					WHERE `customerid`= :customerid
-					AND `id`= :id"
-				);
-				Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
-				$log->logAction(USR_ACTION, LOG_INFO, "deleted htaccess for '" . str_replace($userinfo['documentroot'], '', $result['path']) . "'");
+					AND `id`= :id");
+				Database::pexecute($stmt, array(
+					"customerid" => $userinfo['customerid'],
+					"id" => $id
+				));
+				$log->logAction(USR_ACTION, LOG_INFO, "deleted htaccess for '" . str_replace($userinfo['documentroot'], '/', $result['path']) . "'");
 				inserttask('1');
-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
-				ask_yesno('extras_reallydelete_pathoptions', $filename, array('id' => $id, 'page' => $page, 'action' => $action), str_replace($userinfo['documentroot'], '', $result['path']));
+				ask_yesno('extras_reallydelete_pathoptions', $filename, array(
+					'id' => $id,
+					'page' => $page,
+					'action' => $action
+				), str_replace($userinfo['documentroot'], '/', $result['path']));
 			}
 		}
 	} elseif ($action == 'add') {
@@ -310,16 +381,18 @@ if ($page == 'overview') {
 			$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
 			$path_dupe_check_stmt = Database::prepare("SELECT `id`, `path` FROM `" . TABLE_PANEL_HTACCESS . "`
 				WHERE `path`= :path
-				AND `customerid`= :customerid"
-			);
-			Database::pexecute($path_dupe_check_stmt, array("path" => $path, "customerid" => $userinfo['customerid']));
+				AND `customerid`= :customerid");
+			Database::pexecute($path_dupe_check_stmt, array(
+				"path" => $path,
+				"customerid" => $userinfo['customerid']
+			));
 			$path_dupe_check = $path_dupe_check_stmt->fetch(PDO::FETCH_ASSOC);

-			if (!$_POST['path']) {
+			if (! $_POST['path']) {
 				standard_error('invalidpath');
 			}

-			if (isset($_POST['options_cgi']) && (int)$_POST['options_cgi'] != 0) {
+			if (isset($_POST['options_cgi']) && (int) $_POST['options_cgi'] != 0) {
 				$options_cgi = '1';
 			} else {
 				$options_cgi = '0';
@@ -352,8 +425,7 @@ if ($page == 'overview') {
 					`error404path` = :error404path,
 					`error403path` = :error403path,
 					`error500path` = :error500path,
-					`options_cgi` = :options_cgi'
-				);
+					`options_cgi` = :options_cgi');
 				$params = array(
 					"customerid" => $userinfo['customerid'],
 					"path" => $path,
@@ -367,13 +439,16 @@ if ($page == 'overview') {

 				$log->logAction(USR_ACTION, LOG_INFO, "added htaccess for '" . $path . "'");
 				inserttask('1');
-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			}
 		} else {
 			$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
 			$cperlenabled = customerHasPerlEnabled($userinfo['customerid']);

-			$htaccess_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htaccess_add.php';
+			$htaccess_add_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.htaccess_add.php';
 			$htaccess_add_form = htmlform::genHTMLForm($htaccess_add_data);

 			$title = $htaccess_add_data['htaccess_add']['title'];
@@ -384,9 +459,11 @@ if ($page == 'overview') {
 	} elseif (($action == 'edit') && ($id != 0)) {
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
 			WHERE `customerid` = :customerid
-			AND `id` = :id"
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+			AND `id` = :id");
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid'],
+			"id" => $id
+		));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

 		if ((isset($result['customerid'])) && ($result['customerid'] != '') && ($result['customerid'] == $userinfo['customerid'])) {
@@ -406,12 +483,7 @@ if ($page == 'overview') {
 				$error403path = correctErrorDocument($_POST['error403path']);
 				$error500path = correctErrorDocument($_POST['error500path']);

-				if (($option_indexes != $result['options_indexes'])
-					|| ($error404path != $result['error404path'])
-					|| ($error403path != $result['error403path'])
-					|| ($error500path != $result['error500path'])
-					|| ($options_cgi != $result['options_cgi'])
-				) {
+				if (($option_indexes != $result['options_indexes']) || ($error404path != $result['error404path']) || ($error403path != $result['error403path']) || ($error500path != $result['error500path']) || ($options_cgi != $result['options_cgi'])) {
 					inserttask('1');
 					$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTACCESS . "`
 						SET `options_indexes` = :options_indexes,
@@ -420,8 +492,7 @@ if ($page == 'overview') {
 						`error500path` = :error500path,
 						`options_cgi` = :options_cgi
 						WHERE `customerid` = :customerid
-						AND `id` = :id"
-					);
+						AND `id` = :id");
 					$params = array(
 						"customerid" => $userinfo['customerid'],
 						"options_indexes" => $_POST['options_indexes'] == '1' ? '1' : '0',
@@ -432,15 +503,16 @@ if ($page == 'overview') {
 						"id" => $id
 					);
 					Database::pexecute($stmt, $params);
-					$log->logAction(USR_ACTION, LOG_INFO, "edited htaccess for '" . str_replace($userinfo['documentroot'], '', $result['path']) . "'");
+					$log->logAction(USR_ACTION, LOG_INFO, "edited htaccess for '" . str_replace($userinfo['documentroot'], '/', $result['path']) . "'");
 				}

-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
 				if (strpos($result['path'], $userinfo['documentroot']) === 0) {
-					$result['path'] = substr($result['path'], strlen($userinfo['documentroot']));
-					// don't show nothing wehn it's the docroot, show slash
-					if ($result['path'] == '') { $result['path'] = '/'; }
+					$result['path'] = str_replace($userinfo['documentroot'], "/", $result['path']);
 				}

 				$result['error404path'] = $result['error404path'];
@@ -448,12 +520,12 @@ if ($page == 'overview') {
 				$result['error500path'] = $result['error500path'];
 				$cperlenabled = customerHasPerlEnabled($userinfo['customerid']);
 				/*
-				$options_indexes = makeyesno('options_indexes', '1', '0', $result['options_indexes']);
-				$options_cgi = makeyesno('options_cgi', '1', '0', $result['options_cgi']);
-				*/
+				 * $options_indexes = makeyesno('options_indexes', '1', '0', $result['options_indexes']);
+				 * $options_cgi = makeyesno('options_cgi', '1', '0', $result['options_cgi']);
+				 */
 				$result = htmlentities_array($result);

-				$htaccess_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htaccess_edit.php';
+				$htaccess_edit_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.htaccess_edit.php';
 				$htaccess_edit_form = htmlform::genHTMLForm($htaccess_edit_data);

 				$title = $htaccess_edit_data['htaccess_edit']['title'];
@@ -463,4 +535,106 @@ if ($page == 'overview') {
 			}
 		}
 	}
+} elseif ($page == 'backup') {
+
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.backup')) {
+		redirectTo('customer_index.php');
+	}
+
+	if (Settings::Get('system.backupenabled') == 1)
+	{
+		if ($action == 'abort' && isset($_POST['send']) && $_POST['send'] == 'send') {
+			$log->logAction(USR_ACTION, LOG_NOTICE, "customer_extras::backup - aborted scheduled backupjob");
+			$entry = isset($_POST['backup_job_entry']) ? (int)$_POST['backup_job_entry'] : 0;
+			if ($entry > 0) {
+				$del_stmt = Database::prepare("DELETE FROM `".TABLE_PANEL_TASKS."` WHERE `id` = :tid");
+				Database::pexecute($del_stmt, array('tid' => $entry));
+				standard_success('backupaborted');
+			}
+			redirectTo($filename, array('page' => $page, 'action' => '', 's' => $s));
+		}
+		if ($action == '') {
+			$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::backup");
+
+			// check whether there is a backup-job for this customer
+			$sel_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_TASKS."` WHERE `type` = '20'");
+			Database::pexecute($sel_stmt);
+			$existing_backupJob = null;
+			while ($entry = $sel_stmt->fetch())
+			{
+				$data = unserialize($entry['data']);
+				if ($data['customerid'] == $userinfo['customerid']) {
+					$existing_backupJob = $entry;
+					break;
+				}
+			}
+
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+
+				if (! $_POST['path']) {
+					standard_error('invalidpath');
+				}
+
+				$path = makeCorrectDir(validate($_POST['path'], 'path'));
+				$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
+
+				$backup_dbs = isset($_POST['backup_dbs']) ? intval($_POST['backup_dbs']) : 0;
+				$backup_mail = isset($_POST['backup_mail']) ? intval($_POST['backup_mail']) : 0;
+				$backup_web = isset($_POST['backup_web']) ? intval($_POST['backup_web']) : 0;
+
+				if ($backup_dbs != '1') {
+					$backup_dbs = '0';
+				}
+
+				if ($backup_mail != '1') {
+					$backup_mail = '0';
+				}
+
+				if ($backup_web != '1') {
+					$backup_web = '0';
+				}
+
+				$task_data = array(
+					'customerid' => $userinfo['customerid'],
+					'uid' => $userinfo['guid'],
+					'gid' => $userinfo['guid'],
+					'loginname' => $userinfo['loginname'],
+					'destdir' => $path,
+					'backup_dbs' => $backup_dbs,
+					'backup_mail' => $backup_mail,
+					'backup_web' => $backup_web
+				);
+				// schedule backup job
+				inserttask('20', $task_data);
+
+				standard_success('backupscheduled');
+			} else {
+
+				if (!empty($existing_backupJob)) {
+					$action = "abort";
+					$row = unserialize($entry['data']);
+					$row['path'] = makeCorrectDir(str_replace($userinfo['documentroot'], "/", $row['destdir']));
+					$row['backup_web'] = ($row['backup_web'] == '1') ? $lng['panel']['yes'] : $lng['panel']['no'];
+					$row['backup_mail'] = ($row['backup_mail'] == '1') ? $lng['panel']['yes'] : $lng['panel']['no'];
+					$row['backup_dbs'] = ($row['backup_dbs'] == '1') ? $lng['panel']['yes'] : $lng['panel']['no'];
+				}
+				$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
+				$backup_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.backup.php';
+				$backup_form = htmlform::genHTMLForm($backup_data);
+				$title = $backup_data['backup']['title'];
+				$image = $backup_data['backup']['image'];
+
+				if (!empty($existing_backupJob)) {
+					// overwrite backup_form after we took everything from it we needed
+					eval("\$backup_form = \"" . getTemplate("extras/backup_listexisting") . "\";");
+				}
+				eval("echo \"" . getTemplate("extras/backup") . "\";");
+			}
+		}
+	}
+	else
+	{
+		standard_error('backupfunctionnotenabled');
+	}
 }
--- a/customer_ftp.php
+++ b/customer_ftp.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','ftp')) {
+	redirectTo('customer_index.php');
+}
+
 $id = 0;
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
@@ -57,7 +62,7 @@ if ($page == 'overview') {
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			if ($paging->checkDisplay($i)) {
 				if (strpos($row['homedir'], $userinfo['documentroot']) === 0) {
-					$row['documentroot'] = substr($row['homedir'], strlen($userinfo['documentroot']));
+					$row['documentroot'] = str_replace($userinfo['documentroot'], "/", $row['homedir']);
 				} else {
 					$row['documentroot'] = $row['homedir'];
 				}
@@ -192,6 +197,8 @@ if ($page == 'overview') {
 					standard_error(array('stringisempty', 'mypassword'));
 				} elseif ($path == '') {
 					standard_error('patherror');
+				} elseif ($username == $password) {
+					standard_error('passwordshouldnotbeusername');
 				} else {
 					$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);

@@ -252,7 +259,7 @@ if ($page == 'overview') {
 							'CUST_NAME' => getCorrectUserSalutation($userinfo), // < keep this for compatibility
 							'USR_NAME' => $username,
 							'USR_PASS' => $password,
-							'USR_PATH' => makeCorrectDir(substr($path, strlen($userinfo['documentroot'])))
+							'USR_PATH' => makeCorrectDir(str_replace($userinfo['documentroot'], "/", $path))
 						);

 						$def_language = $userinfo['def_language'];
@@ -264,7 +271,7 @@ if ($page == 'overview') {
 						);
 						Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
 						$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
-						$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['ftp_add']['infomail_subject']), $replace_arr));
+						$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['new_ftpaccount_by_customer']['subject']), $replace_arr));

 						$def_language = $userinfo['def_language'];
 						$result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
@@ -275,7 +282,7 @@ if ($page == 'overview') {
 						);
 						Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
 						$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
-						$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['ftp_add']['infomail_body']['main']), $replace_arr));
+						$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['new_ftpaccount_by_customer']['mailbody']), $replace_arr));

 						$_mailerror = false;
 						try {
@@ -361,7 +368,8 @@ if ($page == 'overview') {
 				if ($_setnewpass) {
 					if ($password == '') {
 						standard_error(array('stringisempty', 'mypassword'));
-						exit;
+					} elseif ($result['username'] == $password) {
+						standard_error('passwordshouldnotbeusername');
 					}
 					$log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account password for '" . $result['username'] . "'");
 					$cryptPassword = makeCryptPassword($password);
@@ -412,7 +420,7 @@ if ($page == 'overview') {
 				redirectTo($filename, array('page' => $page, 's' => $s));
 			} else {
 				if (strpos($result['homedir'], $userinfo['documentroot']) === 0) {
-					$homedir = substr($result['homedir'], strlen($userinfo['documentroot']));
+					$homedir = str_replace($userinfo['documentroot'], "/", $result['homedir']);
 				} else {
 					$homedir = $result['homedir'];
 				}
--- a/customer_index.php
+++ b/customer_index.php
@@ -40,7 +40,6 @@ if ($action == 'logout') {
 	Database::pexecute($stmt, $params);

 	redirectTo('index.php');
-	exit;
 }

 if ($page == 'overview') {
@@ -85,6 +84,8 @@ if ($page == 'overview') {
 	$userinfo['traffic_used'] = round($userinfo['traffic_used'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 	$userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'diskspace traffic mysqls emails email_accounts email_forwarders email_quota ftps tickets subdomains');

+	$userinfo['custom_notes'] = ($userinfo['custom_notes'] != '') ? nl2br($userinfo['custom_notes']) : '';
+
 	$services_enabled = "";
 	$se = array();
 	if ($userinfo['imap'] == '1') $se[] = "IMAP";
@@ -97,9 +98,8 @@ if ($page == 'overview') {
 } elseif ($page == 'change_password') {
 	if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		$old_password = validate($_POST['old_password'], 'old password');
-		if (md5($old_password) != $userinfo['password']) {
+		if (!validatePasswordLogin($userinfo,$old_password,TABLE_PANEL_CUSTOMERS,'customerid')) {
 			standard_error('oldpasswordnotcorrect');
-			exit;
 		}

 		$new_password = validatePassword($_POST['new_password'], 'new password');
@@ -117,13 +117,11 @@ if ($page == 'overview') {
 			// Update user password
 			$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
 				SET `password` = :newpassword
-				WHERE `customerid` = :customerid
-				AND `password` = :oldpassword"
+				WHERE `customerid` = :customerid"
 			);
 			$params = array(
-				"newpassword" => md5($new_password),
-				"customerid" => $userinfo['customerid'],
-				"oldpassword" => md5($old_password)
+				"newpassword" => makeCryptPassword($new_password),
+				"customerid" => $userinfo['customerid']
 			);
 			Database::pexecute($stmt, $params);
 			$log->logAction(USR_ACTION, LOG_NOTICE, 'changed password');
--- a/customer_logger.php
+++ b/customer_logger.php
@@ -0,0 +1,122 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2003-2009 the SysCP Team (see authors).
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Florian Lippert <flo@syscp.org> (2003-2009)
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Panel
+ *
+ */
+
+define('AREA', 'customer');
+require './lib/init.php';
+
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','extras.logger')) {
+	redirectTo('customer_index.php');
+}
+
+if ($page == 'log'
+) {
+	if ($action == '') {
+		$fields = array(
+			'date' => $lng['logger']['date'],
+			'type' => $lng['logger']['type'],
+			'user' => $lng['logger']['user'],
+			'text' => $lng['logger']['action']
+		);
+		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, null, null, 0, 'desc');
+		$result_stmt = Database::prepare('
+			SELECT * FROM `' . TABLE_PANEL_LOG . '` WHERE `user` = :loginname ' . $paging->getSqlWhere(true) . ' ' . $paging->getSqlOrderBy() . ' ' . $paging->getSqlLimit()
+		);
+		Database::pexecute($result_stmt, array("loginname" => $userinfo['loginname']));
+		$logs_count = Database::num_rows();
+		$paging->setEntries($logs_count);
+		$sortcode = $paging->getHtmlSortCode($lng);
+		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
+		$searchcode = $paging->getHtmlSearchCode($lng);
+		$pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s);
+		$clog = array();
+
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+
+			if (!isset($clog[$row['action']])
+				|| !is_array($clog[$row['action']])
+			) {
+				$clog[$row['action']] = array();
+			}
+			$clog[$row['action']][$row['logid']] = $row;
+		}
+
+		if ($paging->sortfield == 'date'
+			&& $paging->sortorder == 'desc'
+		) {
+			krsort($clog);
+		} else {
+			ksort($clog);
+		}
+
+		$i = 0;
+		$count = 0;
+		$log_count = 0;
+		$log = '';
+		foreach ($clog as $action => $logrows) {
+			$_action = 0;
+			foreach ($logrows as $row) {
+				if ($paging->checkDisplay($i)) {
+					$row = htmlentities_array($row);
+					$row['date'] = date("d.m.y H:i:s", $row['date']);
+
+					if ($_action != $action) {
+						switch ($action) {
+							case USR_ACTION:
+								$_action = $lng['admin']['customer'];
+								break;
+							case RES_ACTION:
+								$_action = $lng['logger']['reseller'];
+								break;
+							case ADM_ACTION:
+								$_action = $lng['logger']['admin'];
+								break;
+							case CRON_ACTION:
+								$_action = $lng['logger']['cron'];
+								break;
+							case LOGIN_ACTION:
+								$_action = $lng['logger']['login'];
+								break;
+							case LOG_ERROR:
+								$_action = $lng['logger']['intern'];
+								break;
+							default:
+								$_action = $lng['logger']['unknown'];
+								break;
+						}
+
+						$row['action'] = $_action;
+						eval("\$log.=\"" . getTemplate('logger/logger_action') . "\";");
+					}
+
+					$log_count++;
+					$row['type'] = getLogLevelDesc($row['type']);
+					eval("\$log.=\"" . getTemplate('logger/logger_log') . "\";");
+					$count++;
+					$_action = $action;
+				}
+				$i++;
+			}
+			$i++;
+		}
+
+		eval("echo \"" . getTemplate('logger/logger') . "\";");
+
+	}
+}
--- a/customer_mysql.php
+++ b/customer_mysql.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','mysql')) {
+	redirectTo('customer_index.php');
+}
+
 // get sql-root access data
 Database::needRoot(true);
 Database::needSqlData();
@@ -178,6 +183,11 @@ if ($page == 'overview') {
 						$userinfo['mysql_lastaccountnumber']
 					);

+					// we've checked against the password in dbm->createDatabase
+					if ($username == false) {
+						standard_error('passwordshouldnotbeusername');
+					}
+
 					// Statement modified for Database description -- PH 2004-11-29
 					$stmt = Database::prepare('INSERT INTO `' . TABLE_PANEL_DATABASES . '`
 						(`customerid`, `databasename`, `description`, `dbserver`)
@@ -214,7 +224,7 @@ if ($page == 'overview') {
 							'DB_NAME' => $username,
 							'DB_PASS' => $password,
 							'DB_DESC' => $databasedescription,
-							'DB_SRV' => $sql_root['caption'],
+							'DB_SRV' => $sql_root['host'],
 							'PMA_URI' => $pma
 						);

@@ -227,7 +237,7 @@ if ($page == 'overview') {
 						);
 						Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
 						$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
-						$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['mysql_add']['infomail_subject']), $replace_arr));
+						$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['new_database_by_customer']['subject']), $replace_arr));

 						$result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
 							WHERE `adminid`= :adminid
@@ -237,7 +247,7 @@ if ($page == 'overview') {
 						);
 						Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
 						$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
-						$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['mysql_add']['infomail_body']['main']), $replace_arr));
+						$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['new_database_by_customer']['mailbody']), $replace_arr));

 						$_mailerror = false;
 						try {
@@ -307,6 +317,10 @@ if ($page == 'overview') {
 					// validate password
 					$password = validatePassword($password);

+					if ($password == $result['databasename']) {
+						standard_error('passwordshouldnotbeusername');
+					}
+
 					// Begin root-session
 					Database::needRoot(true);
 					foreach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
--- a/customer_tickets.php
+++ b/customer_tickets.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','domains')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {

 	$id = intval($_POST['id']);
@@ -92,8 +97,10 @@ if ($page == 'overview') {
 				}

 				$row['subject'] = html_entity_decode($row['subject']);
-				if (strlen($row['subject']) > 20) {
-					$row['subject'] = substr($row['subject'], 0, 17) . '...';
+				if (strlen($row['subject']) > 30) {
+					$ts = wordwrap($row['subject'], 30, "|");
+					$ts = explode("|", $ts);
+					$row['subject'] = $ts[0]. '...';
 				}

 				eval("\$tickets.=\"" . getTemplate("tickets/tickets_tickets") . "\";");
@@ -313,11 +320,20 @@ if ($page == 'overview') {
 				if ($subticket->Get('by') == '1') {
 					$by = $lng['ticket']['staff'];
 				} else {
+					$cid = $subticket->Get('customer');
+					$usr_stmt = Database::prepare('
+						SELECT `customerid`, `firstname`, `name`, `company`, `loginname`
+						FROM `' . TABLE_PANEL_CUSTOMERS . '`
+						WHERE `customerid` = :customerid '
+					);
+					$usr = Database::pexecute_first($usr_stmt, array("customerid" => $cid));
 					$by = getCorrectFullUserDetails($usr);
 				}

 				$subject = $subticket->Get('subject');
 				$message = $subticket->Get('message');
+
+				$row2 = htmlentities_array($row2);
 				eval("\$ticket_replies.=\"" . getTemplate("tickets/tickets_tickets_list") . "\";");
 			}

--- a/customer_traffic.php
+++ b/customer_traffic.php
@@ -20,6 +20,12 @@
 define('AREA', 'customer');
 $intrafficpage = 1;
 require './lib/init.php';
+
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','traffic')) {
+	redirectTo('customer_index.php');
+}
+
 $traffic = '';
 $month = null;
 $year = null;
--- a/dns_editor.php
+++ b/dns_editor.php
@@ -0,0 +1,306 @@
+<?php
+if (! defined('AREA'))
+	die('You cannot access this file directly!');
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Froxlor team <team@froxlor.org> (2016-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Panel
+ *
+ */
+
+// This file is being included in admin_domains and customer_domains
+	// and therefore does not need to require lib/init.php
+
+$domain_id = isset($_GET['domain_id']) ? (int) $_GET['domain_id'] : null;
+
+$record = isset($_POST['record']['record']) ? trim($_POST['record']['record']) : null;
+$type = isset($_POST['record']['type']) ? $_POST['record']['type'] : 'A';
+$prio = isset($_POST['record']['prio']) ? (int) $_POST['record']['prio'] : null;
+$content = isset($_POST['record']['content']) ? trim($_POST['record']['content']) : null;
+$ttl = isset($_POST['record']['ttl']) ? (int) $_POST['record']['ttl'] : 18000;
+
+// get domain-name
+$domain = getAllowedDomainEntry($domain_id, AREA, $userinfo, $idna_convert);
+
+// select all entries
+$sel_stmt = Database::prepare("SELECT * FROM `" . TABLE_DOMAIN_DNS . "` WHERE domain_id = :did");
+Database::pexecute($sel_stmt, array(
+	'did' => $domain_id
+));
+$dom_entries = $sel_stmt->fetchAll(PDO::FETCH_ASSOC);
+
+$errors = array();
+$success_message = "";
+
+// action for adding a new entry
+if ($action == 'add_record' && ! empty($_POST)) {
+
+	// validation
+	if (empty($record)) {
+		$record = "@";
+	}
+
+	$record = strtolower($record);
+
+	if ($record != '@' && $record != '*') {
+		// validate record
+		if (strpos($record, '--') !== false) {
+			$errors[] = $lng['error']['domain_nopunycode'];
+		} else {
+			$record = $idna_convert->encode($record);
+			if ($type != 'SRV' && $type != 'TXT') {
+				$check_dom = $record . '.example.com';
+				if (! validateDomain($check_dom)) {
+					$errors[] = sprintf($lng['error']['subdomainiswrong'], $idna_convert->decode($record));
+				}
+			}
+			if (strlen($record) > 63) {
+				$errors[] = $lng['error']['dns_record_toolong'];
+			}
+		}
+	}
+
+	// TODO regex validate content for invalid characters
+
+	if ($ttl <= 0) {
+		$ttl = 18000;
+	}
+
+	if (empty($content)) {
+		$errors[] = $lng['error']['dns_content_empty'];
+	}
+
+	// types
+	if ($type == 'A' && filter_var($content, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === false) {
+		$errors[] = $lng['error']['dns_arec_noipv4'];
+	} elseif ($type == 'AAAA' && filter_var($content, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === false) {
+		$errors[] = $lng['error']['dns_aaaarec_noipv6'];
+	} elseif ($type == 'MX') {
+		if ($prio === null || $prio < 0) {
+			$errors[] = $lng['error']['dns_mx_prioempty'];
+		}
+		// check for trailing dot
+		if (substr($content, - 1) == '.') {
+			// remove it for checks
+			$content = substr($content, 0, - 1);
+		}
+		if (! validateDomain($content)) {
+			$errors[] = $lng['error']['dns_mx_needdom'];
+		} else {
+			// check whether there is a CNAME-record for the same resource
+			foreach ($dom_entries as $existing_entries) {
+				$fqdn = $existing_entries['record'] . '.' . $domain;
+				if ($existing_entries['type'] == 'CNAME' && $fqdn == $content) {
+					$errors[] = $lng['error']['dns_mx_noalias'];
+					break;
+				}
+			}
+		}
+		// append trailing dot (again)
+		$content .= '.';
+	} elseif ($type == 'CNAME') {
+		// check for trailing dot
+		if (substr($content, - 1) == '.') {
+			// remove it for checks
+			$content = substr($content, 0, - 1);
+		}
+		if (! validateDomain($content)) {
+			$errors[] = $lng['error']['dns_cname_invaliddom'];
+		} else {
+			// check whether there are RR-records for the same resource
+			foreach ($dom_entries as $existing_entries) {
+				if (($existing_entries['type'] == 'A' || $existing_entries['type'] == 'AAAA' || $existing_entries['type'] == 'MX' || $existing_entries['type'] == 'NS') && $existing_entries['record'] == $record) {
+					$errors[] = $lng['error']['dns_cname_nomorerr'];
+					break;
+				}
+			}
+		}
+		// append trailing dot (again)
+		$content .= '.';
+	} elseif ($type == 'NS') {
+		// check for trailing dot
+		if (substr($content, - 1) == '.') {
+			// remove it for checks
+			$content = substr($content, 0, - 1);
+		}
+		if (! validateDomain($content)) {
+			$errors[] = $lng['error']['dns_ns_invaliddom'];
+		}
+		// append trailing dot (again)
+		$content .= '.';
+	} elseif ($type == 'TXT' && ! empty($content)) {
+		// check that TXT content is enclosed in " "
+		$content = encloseTXTContent($content);
+	} elseif ($type == 'SRV') {
+		if ($prio === null || $prio < 0) {
+			$errors[] = $lng['error']['dns_srv_prioempty'];
+		}
+		// check only last part of content, as it can look like:
+		// _service._proto.name. TTL class SRV priority weight port target.
+		$_split_content = explode(" ", $content);
+		// SRV content must be [weight] [port] [target]
+		if (count($_split_content) != 3) {
+			$errors[] = $lng['error']['dns_srv_invalidcontent'];
+		}
+		$target = trim($_split_content[count($_split_content) - 1]);
+		if ($target != '.') {
+			// check for trailing dot
+			if (substr($target, - 1) == '.') {
+				// remove it for checks
+				$target = substr($target, 0, - 1);
+			}
+		}
+		if ($target != '.' && ! validateDomain($target)) {
+			$errors[] = $lng['error']['dns_srv_needdom'];
+		} else {
+			// check whether there is a CNAME-record for the same resource
+			foreach ($dom_entries as $existing_entries) {
+				$fqdn = $existing_entries['record'] . '.' . $domain;
+				if ($existing_entries['type'] == 'CNAME' && $fqdn == $target) {
+					$errors[] = $lng['error']['dns_srv_noalias'];
+					break;
+				}
+			}
+		}
+		// append trailing dot (again)
+		if ($target != '.') {
+			$content .= '.';
+		}
+	}
+
+	$new_entry = array(
+		'record' => $record,
+		'type' => $type,
+		'prio' => $prio,
+		'content' => $content,
+		'ttl' => $ttl,
+		'domain_id' => $domain_id
+	);
+	ksort($new_entry);
+
+	// check for duplicate
+	foreach ($dom_entries as $existing_entry) {
+		// compare serialized string of array
+		$check_entry = $existing_entry;
+		// new entry has no ID yet
+		unset($check_entry['id']);
+		// sort by key
+		ksort($check_entry);
+		// format integer fields to real integer (as they are read as string from the DB)
+		$check_entry['prio'] = (int) $check_entry['prio'];
+		$check_entry['ttl'] = (int) $check_entry['ttl'];
+		$check_entry['domain_id'] = (int) $check_entry['domain_id'];
+		// serialize both
+		$check_entry = serialize($check_entry);
+		$new = serialize($new_entry);
+		// compare
+		if ($check_entry === $new) {
+			$errors[] = $lng['error']['dns_duplicate_entry'];
+			unset($check_entry);
+			break;
+		}
+	}
+
+	if (empty($errors)) {
+		$ins_stmt = Database::prepare("
+			INSERT INTO `" . TABLE_DOMAIN_DNS . "` SET
+			`record` = :record,
+			`type` = :type,
+			`prio` = :prio,
+			`content` = :content,
+			`ttl` = :ttl,
+			`domain_id` = :domain_id
+		");
+
+		Database::pexecute($ins_stmt, $new_entry);
+
+		$new_entry_id = Database::lastInsertId();
+
+		// add temporary to the entries-array (no reread of DB necessary)
+		$new_entry['id'] = $new_entry_id;
+		$dom_entries[] = $new_entry;
+
+		// success message (inline)
+		$success_message = $lng['success']['dns_record_added'];
+
+		$record = "";
+		$type = 'A';
+		$prio = "";
+		$content = "";
+		$ttl = "";
+
+		// re-generate bind configs
+		inserttask('4');
+	} else {
+		// show $errors
+		$errors = implode("<br>", $errors);
+	}
+} elseif ($action == 'delete') {
+	// remove entry
+	$entry_id = isset($_GET['id']) ? (int) $_GET['id'] : 0;
+	if ($entry_id > 0) {
+		$del_stmt = Database::prepare("DELETE FROM `" . TABLE_DOMAIN_DNS . "` WHERE `id` = :id");
+		Database::pexecute($del_stmt, array(
+			'id' => $entry_id
+		));
+
+		// remove deleted entry from internal data array (no reread of DB necessary)
+		$_t = $dom_entries;
+		foreach ($_t as $idx => $entry) {
+			if ($entry['id'] == $entry_id) {
+				unset($dom_entries[$idx]);
+				break;
+			}
+		}
+		unset($_t);
+		// success message (inline)
+		$success_message = $lng['success']['dns_record_deleted'];
+
+		// re-generate bind configs
+		inserttask('4');
+	}
+}
+
+// show editor
+$record_list = "";
+$existing_entries = "";
+$type_select = "";
+$entriescount = 0;
+
+if (! empty($dom_entries)) {
+	$entriescount = count($dom_entries);
+	foreach ($dom_entries as $entry) {
+		$entry['content'] = wordwrap($entry['content'], 100, '<br>', true);
+		eval("\$existing_entries.=\"" . getTemplate("dns_editor/entry_bit", true) . "\";");
+	}
+}
+
+// available types
+$type_select_values = array(
+	'A',
+	'AAAA',
+	'NS',
+	'MX',
+	'SRV',
+	'TXT',
+	'CNAME'
+);
+asort($type_select_values);
+foreach ($type_select_values as $_type) {
+	$type_select .= makeoption($_type, $_type, $type);
+}
+
+eval("\$record_list=\"" . getTemplate("dns_editor/list", true) . "\";");
+
+$zone = createDomainZone($domain_id);
+$zonefile = (string) $zone;
+eval("echo \"" . getTemplate("dns_editor/index", true) . "\";");
--- a/index.php
+++ b/index.php
@@ -69,13 +69,13 @@ if ($action == 'login') {
 			}
 		}

-		if (hasUpdates($version) && $is_admin == false) {
+		if ((hasUpdates($version) || hasDbUpdates($dbversion)) && $is_admin == false) {
 			redirectTo('index.php');
 			exit;
 		}

 		if ($is_admin) {
-			if (hasUpdates($version)) {
+			if (hasUpdates($version) || hasDbUpdates($dbversion)) {
 				$stmt = Database::prepare("SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "`
 					WHERE `loginname`= :loginname
 					AND `change_serversettings` = '1'"
@@ -104,7 +104,7 @@ if ($action == 'login') {
 				$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => $_SERVER['REMOTE_ADDR']));
 				$rstlog->logAction(LOGIN_ACTION, LOG_WARNING, "Unknown user '" . $loginname . "' tried to login.");

-				redirectTo('index.php', array('showmessage' => '2'), true);
+				redirectTo('index.php', array('showmessage' => '2'));
 				exit;
 			}
 		}
@@ -116,18 +116,26 @@ if ($action == 'login') {
 		$userinfo = $userinfo_stmt->fetch(PDO::FETCH_ASSOC);

 		if ($userinfo['loginfail_count'] >= Settings::Get('login.maxloginattempts') && $userinfo['lastlogin_fail'] > (time() - Settings::Get('login.deactivatetime'))) {
-			redirectTo('index.php', array('showmessage' => '3'), true);
+			redirectTo('index.php', array('showmessage' => '3'));
 			exit;
-		} elseif ($userinfo['password'] == md5($password)) {
-			// login correct
-			// reset loginfail_counter, set lastlogin_succ
-			$stmt = Database::prepare("UPDATE $table
-				SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0'
-				WHERE `$uid`= :uid"
-			);
-			Database::pexecute($stmt, array("lastlogin_succ" => time(), "uid" => $userinfo[$uid]));
-			$userinfo['userid'] = $userinfo[$uid];
-			$userinfo['adminsession'] = $adminsession;
+		} elseif (validatePasswordLogin($userinfo, $password, $table, $uid)) {
+		    // only show "you're banned" if the login was successful
+		    // because we don't want to publish that the user does exist
+		    if ($userinfo['deactivated']) {
+		        unset($userinfo);
+		        redirectTo('index.php', array('showmessage' => '5'));
+		        exit;
+		    } else {
+		        // login correct
+		        // reset loginfail_counter, set lastlogin_succ
+		        $stmt = Database::prepare("UPDATE $table
+		              SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0'
+		              WHERE `$uid`= :uid"
+		        );
+		        Database::pexecute($stmt, array("lastlogin_succ" => time(), "uid" => $userinfo[$uid]));
+		        $userinfo['userid'] = $userinfo[$uid];
+		        $userinfo['adminsession'] = $adminsession;
+		    }
 		} else {
 			// login incorrect
 			$stmt = Database::prepare("UPDATE $table
@@ -141,7 +149,7 @@ if ($action == 'login') {
 			$rstlog->logAction(LOGIN_ACTION, LOG_WARNING, "User '" . $loginname . "' tried to login with wrong password.");

 			unset($userinfo);
-			redirectTo('index.php', array('showmessage' => '2'), true);
+			redirectTo('index.php', array('showmessage' => '2'));
 			exit;
 		}

@@ -206,32 +214,36 @@ if ($action == 'login') {
 				);
 			}
 			Database::pexecute($stmt, $params);
-			
+
 			$qryparams = array();
 			if (isset($_POST['qrystr']) && $_POST['qrystr'] != "") {
 				parse_str(urldecode($_POST['qrystr']), $qryparams);
 			}
 			$qryparams['s'] = $s;
-			
+
 			if ($userinfo['adminsession'] == '1') {
-				if (hasUpdates($version)) {
-					redirectTo('admin_updates.php', array('s' => $s), true);
+				if (hasUpdates($version) || hasDbUpdates($dbversion)) {
+					redirectTo('admin_updates.php', array('s' => $s));
 				} else {
 					if (isset($_POST['script']) && $_POST['script'] != "") {
-						redirectTo($_POST['script'], $qryparams, true);
+						if (preg_match("/customer\_/", $_POST['script']) === 1) {
+							redirectTo('admin_customers.php', array("page" => "customers"));
+						} else {
+							redirectTo($_POST['script'], $qryparams);
+						}
 					} else {
-						redirectTo('admin_index.php', $qryparams, true);
+						redirectTo('admin_index.php', $qryparams);
 					}
 				}
 			} else {
 				if (isset($_POST['script']) && $_POST['script'] != "") {
-					redirectTo($_POST['script'], $qryparams, true);
+					redirectTo($_POST['script'], $qryparams);
 				} else {
-					redirectTo('customer_index.php', $qryparams, true);
+					redirectTo('customer_index.php', $qryparams);
 				}
 			}
 		} else {
-			redirectTo('index.php', array('showmessage' => '2'), true);
+			redirectTo('index.php', array('showmessage' => '2'));
 		}
 		exit;
 	} else {
@@ -269,10 +281,13 @@ if ($action == 'login') {
 		case 7:
 			$message = $lng['pwdreminder']['wrongcode'];
 			break;
+		case 8:
+		    $message = $lng['pwdreminder']['notallowed'];
+		    break;
 		}

 		$update_in_progress = '';
-		if (hasUpdates($version)) {
+		if (hasUpdates($version) || hasDbUpdates($dbversion)) {
 			$update_in_progress = $lng['update']['updateinprogress_onlyadmincanlogin'];
 		}
 		
@@ -280,10 +295,14 @@ if ($action == 'login') {
 		$lastscript = "";
 		if (isset($_REQUEST['script']) && $_REQUEST['script'] != "") {
 			$lastscript = $_REQUEST['script'];
+
+			if (!file_exists(__DIR__."/".$lastscript)) {
+				$lastscript = "";
+			}
 		}
 		$lastqrystr = "";
 		if (isset($_REQUEST['qrystr']) && $_REQUEST['qrystr'] != "") {
-			$lastqrystr = $_REQUEST['qrystr'];
+			$lastqrystr = htmlspecialchars($_REQUEST['qrystr'], ENT_QUOTES);
 		}

 		eval("echo \"" . getTemplate('login') . "\";");
@@ -322,16 +341,16 @@ if ($action == 'forgotpwd') {

 			/* Check whether user is banned */
 			if ($user['deactivated']) {
-				$message = $lng['pwdreminder']['notallowed'];
-				redirectTo('index.php', array('showmessage' => '5'), true);
+				redirectTo('index.php', array('showmessage' => '8'));
+				exit;
 			}

 			if (($adminchecked && Settings::Get('panel.allow_preset_admin') == '1') || $adminchecked == false) {
 				if ($user !== false) {
 					// build a activation code
 					$timestamp = time();
-					$first = substr(md5($user['loginname'] . $timestamp . rand(0, $timestamp)), 0, 15);
-					$third = substr(md5($user['email'] . $timestamp . rand(0, $timestamp)), -15);
+					$first = substr(md5($user['loginname'] . $timestamp . randomStr(16)), 0, 15);
+					$third = substr(md5($user['email'] . $timestamp . randomStr(16)), -15);
 					$activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10);

 					// Drop all existing activation codes for this user
@@ -362,20 +381,27 @@ if ($action == 'forgotpwd') {
 					$rstlog->logAction(USR_ACTION, LOG_WARNING, "User '" . $user['loginname'] . "' requested a link for setting a new password.");

 					// Set together our activation link
-					$protocol = empty( $_SERVER['HTTPS'] ) ? 'http' : 'https';				
-					$host = $_SERVER['HTTP_HOST'];
+					$protocol = empty( $_SERVER['HTTPS'] ) ? 'http' : 'https';
+					// this can be a fixed value to avoid potential exploiting by modifying headers
+					$host = Settings::Get('system.hostname'); // $_SERVER['HTTP_HOST'];
 					$port = $_SERVER['SERVER_PORT'] != 80 ? ':' . $_SERVER['SERVER_PORT'] : '';
-					$script = $_SERVER['SCRIPT_NAME'];
+					// don't add :443 when https is used, as it is default (and just looks weird!)
+					if ($protocol == 'https' && $_SERVER['SERVER_PORT'] == '443') {
+						$port = '';
+					}
+					// there can be only one script to handle this so we can use a fixed value here
+					$script = "/index.php"; // $_SERVER['SCRIPT_NAME'];
+					if (Settings::Get('system.froxlordirectlyviahostname') == 0) {
+						$script = makeCorrectFile("/".basename(__DIR__)."/".$script);
+					}
 					$activationlink = $protocol . '://' . $host . $port . $script . '?action=resetpwd&resetcode=' . $activationcode;

 					$replace_arr = array(
 						'SALUTATION' => getCorrectUserSalutation($user),
-						'USERNAME' => $user['loginname'],
+						'USERNAME' => $loginname,
 						'LINK' => $activationlink
 					);

-					$body = strtr($lng['pwdreminder']['body'], array('%s' => $user['firstname'] . ' ' . $user['name'], '%a' => $activationlink));
-
 					$def_language = ($user['def_language'] != '') ? $user['def_language'] : Settings::Get('panel.standardlanguage');
 					$result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
 						WHERE `adminid`= :adminid
@@ -385,7 +411,7 @@ if ($action == 'forgotpwd') {
 					);
 					Database::pexecute($result_stmt, array("adminid" => $user['adminid'], "lang" => $def_language));
 					$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
-					$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['pwdreminder']['subject']), $replace_arr));
+					$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['password_reset']['subject']), $replace_arr));

 					$result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
 						WHERE `adminid`= :adminid
@@ -395,14 +421,14 @@ if ($action == 'forgotpwd') {
 					);
 					Database::pexecute($result_stmt, array("adminid" => $user['adminid'], "lang" => $def_language));
 					$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
-					$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $body), $replace_arr));
+					$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['password_reset']['mailbody']), $replace_arr));

 					$_mailerror = false;
 					try {
 						$mail->Subject = $mail_subject;
 						$mail->AltBody = $mail_body;
 						$mail->MsgHTML(str_replace("\n", "<br />", $mail_body));
-						$mail->AddAddress($user['email'], $user['firstname'] . ' ' . $user['name']);
+						$mail->AddAddress($user['email'], getCorrectUserSalutation($user));
 						$mail->Send();
 					} catch(phpmailerException $e) {
 						$mailerr_msg = $e->errorMessage();
@@ -415,12 +441,12 @@ if ($action == 'forgotpwd') {
 					if ($_mailerror) {
 						$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'));
 						$rstlog->logAction(ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
-						redirectTo('index.php', array('showmessage' => '4', 'customermail' => $user['email']), true);
+						redirectTo('index.php', array('showmessage' => '4', 'customermail' => $user['email']));
 						exit;
 					}

 					$mail->ClearAddresses();
-					redirectTo('index.php', array('showmessage' => '1'), true);
+					redirectTo('index.php', array('showmessage' => '1'));
 					exit;
 				} else {
 					$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'));
@@ -500,7 +526,7 @@ if ($action == 'resetpwd') {
 								WHERE `customerid` = :userid"
 							);
 						}
-						Database::pexecute($stmt, array("newpassword" => md5($new_password), "userid" => $result['userid']));
+						Database::pexecute($stmt, array("newpassword" => makeCryptPassword($new_password), "userid" => $result['userid']));

 						$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'));
 						$rstlog->logAction(USR_ACTION, LOG_NOTICE, "changed password using password reset.");
@@ -511,17 +537,17 @@ if ($action == 'resetpwd') {
 							AND `userid` = :userid"
 						);
 						Database::pexecute($stmt, array("activationcode" => $activationcode, "userid" => $result['userid']));
-						redirectTo('index.php', array("showmessage" => '6'), true);
+						redirectTo('index.php', array("showmessage" => '6'));
 					}
 				} else {
-					redirectTo('index.php', array("showmessage" => '7'), true);
+					redirectTo('index.php', array("showmessage" => '7'));
 				}
 			}

 			eval("echo \"" . getTemplate('rpwd') . "\";");

 		} else {
-			redirectTo('index.php', array("showmessage" => '7'), true);
+			redirectTo('index.php', array("showmessage" => '7'));
 		}

 	} else {
--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -23,7 +23,7 @@ CREATE TABLE `ftp_users` (
  `shell` varchar(255) NOT NULL default '/bin/false',
  `login_enabled` enum('N','Y') NOT NULL default 'N',
  `login_count` int(15) NOT NULL default '0',
-  `last_login` datetime NOT NULL default '0000-00-00 00:00:00',
+  `last_login` datetime default NULL,
  `up_count` int(15) NOT NULL default '0',
  `up_bytes` bigint(30) NOT NULL default '0',
  `down_count` int(15) NOT NULL default '0',
@@ -91,7 +91,7 @@ DROP TABLE IF EXISTS `panel_admins`;
 CREATE TABLE `panel_admins` (
  `adminid` int(11) unsigned NOT NULL auto_increment,
  `loginname` varchar(50) NOT NULL default '',
-  `password` varchar(50) NOT NULL default '',
+  `password` varchar(255) NOT NULL default '',
  `name` varchar(255) NOT NULL default '',
  `email` varchar(255) NOT NULL default '',
  `def_language` varchar(255) NOT NULL default '',
@@ -131,6 +131,8 @@ CREATE TABLE `panel_admins` (
  `loginfail_count` int(11) unsigned NOT NULL default '0',
  `reportsent` tinyint(4) unsigned NOT NULL default '0',
  `theme` varchar(255) NOT NULL default 'Sparkle',
+  `custom_notes` text,
+  `custom_notes_show` tinyint(1) NOT NULL default '0',
   PRIMARY KEY  (`adminid`),
   UNIQUE KEY `loginname` (`loginname`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
@@ -141,7 +143,7 @@ DROP TABLE IF EXISTS `panel_customers`;
 CREATE TABLE `panel_customers` (
  `customerid` int(11) unsigned NOT NULL auto_increment,
  `loginname` varchar(50) NOT NULL default '',
-  `password` varchar(50) NOT NULL default '',
+  `password` varchar(255) NOT NULL default '',
  `adminid` int(11) unsigned NOT NULL default '0',
  `name` varchar(255) NOT NULL default '',
  `firstname` varchar(255) NOT NULL default '',
@@ -189,7 +191,12 @@ CREATE TABLE `panel_customers` (
  `pop3` tinyint(1) NOT NULL default '1',
  `imap` tinyint(1) NOT NULL default '1',
  `perlenabled` tinyint(1) NOT NULL default '0',
+  `dnsenabled` tinyint(1) NOT NULL default '0',
  `theme` varchar(255) NOT NULL default 'Sparkle',
+  `custom_notes` text,
+  `custom_notes_show` tinyint(1) NOT NULL default '0',
+  `lepublickey` mediumtext DEFAULT NULL,
+  `leprivatekey` mediumtext DEFAULT NULL,
   PRIMARY KEY  (`customerid`),
   UNIQUE KEY `loginname` (`loginname`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
@@ -217,7 +224,6 @@ CREATE TABLE `panel_domains` (
  `customerid` int(11) unsigned NOT NULL default '0',
  `aliasdomain` int(11) unsigned NULL,
  `documentroot` varchar(255) NOT NULL default '',
-  `ipandport` int(11) unsigned NOT NULL default '1',
  `isbinddomain` tinyint(1) NOT NULL default '0',
  `isemaildomain` tinyint(1) NOT NULL default '0',
  `email_only` tinyint(1) NOT NULL default '0',
@@ -226,26 +232,29 @@ CREATE TABLE `panel_domains` (
  `caneditdomain` tinyint(1) NOT NULL default '1',
  `zonefile` varchar(255) NOT NULL default '',
  `dkim` tinyint(1) NOT NULL default '0',
-  `dkim_id` int(11) unsigned NOT NULL,
-  `dkim_privkey` text NOT NULL,
-  `dkim_pubkey` text NOT NULL,
+  `dkim_id` int(11) unsigned NOT NULL default '0',
+  `dkim_privkey` text,
+  `dkim_pubkey` text,
  `wwwserveralias` tinyint(1) NOT NULL default '1',
-  `parentdomainid` int(11) unsigned NOT NULL default '0',
+  `parentdomainid` int(11) NOT NULL default '0',
  `openbasedir` tinyint(1) NOT NULL default '0',
  `openbasedir_path` tinyint(1) NOT NULL default '0',
  `speciallogfile` tinyint(1) NOT NULL default '0',
-  `ssl` tinyint(4) NOT NULL default '0',
  `ssl_redirect` tinyint(4) NOT NULL default '0',
-  `ssl_ipandport` tinyint(4) NOT NULL default '0',
-  `specialsettings` text NOT NULL,
+  `specialsettings` text,
  `deactivated` tinyint(1) NOT NULL default '0',
  `bindserial` varchar(10) NOT NULL default '2000010100',
  `add_date` int( 11 ) NOT NULL default '0',
  `registration_date` date NOT NULL,
+  `termination_date` date NOT NULL,
  `phpsettingid` INT( 11 ) UNSIGNED NOT NULL DEFAULT '1',
  `mod_fcgid_starter` int(4) default '-1',
  `mod_fcgid_maxrequests` int(4) default '-1',
  `ismainbutsubto` int(11) unsigned NOT NULL default '0',
+  `letsencrypt` tinyint(1) NOT NULL default '0',
+  `hsts` varchar(10) NOT NULL default '0',
+  `hsts_sub` tinyint(1) NOT NULL default '0',
+  `hsts_preload` tinyint(1) NOT NULL default '1',
  PRIMARY KEY  (`id`),
  KEY `customerid` (`customerid`),
  KEY `parentdomain` (`parentdomainid`),
@@ -263,12 +272,12 @@ CREATE TABLE `panel_ipsandports` (
  `namevirtualhost_statement` tinyint(1) NOT NULL default '0',
  `vhostcontainer` tinyint(1) NOT NULL default '0',
  `vhostcontainer_servername_statement` tinyint(1) NOT NULL default '0',
-  `specialsettings` text NOT NULL default '',
+  `specialsettings` text,
  `ssl` tinyint(4) NOT NULL default '0',
  `ssl_cert_file` varchar(255) NOT NULL,
  `ssl_key_file` varchar(255) NOT NULL,
  `ssl_ca_file` varchar(255) NOT NULL,
-  `default_vhostconf_domain` text NOT NULL,
+  `default_vhostconf_domain` text,
  `ssl_cert_chainfile` varchar(255) NOT NULL,
  `docroot` varchar(255) NOT NULL default '',
  PRIMARY KEY  (`id`)
@@ -341,6 +350,8 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('customer', 'ftpprefix', 'ftp'),
 	('customer', 'mysqlprefix', 'sql'),
 	('customer', 'ftpatdomain', '0'),
+	('customer', 'show_news_feed', '0'),
+	('customer', 'news_feed_url', ''),
 	('ticket', 'noreply_email', 'NO-REPLY@SERVERNAME'),
 	('ticket', 'worktime_all', '1'),
 	('ticket', 'worktime_begin', '00:00'),
@@ -362,11 +373,11 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('dkim', 'dkim_domains', 'domains'),
 	('dkim', 'dkim_dkimkeys', 'dkim-keys.conf'),
 	('dkim', 'dkimrestart_command', '/etc/init.d/dkim-filter restart'),
-	('admin', 'show_news_feed', '1'),
+	('admin', 'show_news_feed', '0'),
 	('admin', 'show_version_login', '0'),
 	('admin', 'show_version_footer', '0'),
 	('spf', 'use_spf', '0'),
-	('spf', 'spf_entry', '@	IN	TXT	"v=spf1 a mx -all"'),
+	('spf', 'spf_entry', '"v=spf1 a mx -all"'),
 	('dkim', 'dkim_algorithm', 'all'),
 	('dkim', 'dkim_add_adsp', '1'),
 	('dkim', 'dkim_keylength', '1024'),
@@ -405,6 +416,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('phpfpm', 'defaultini', '1'),
 	('phpfpm', 'vhost_defaultini', '2'),
 	('phpfpm', 'fastcgi_ipcdir', '/var/lib/apache2/fastcgi/'),
+	('phpfpm', 'use_mod_proxy', '0'),
 	('nginx', 'fastcgiparams', '/etc/nginx/fastcgi_params'),
 	('system', 'lastaccountnumber', '0'),
 	('system', 'lastguid', '9999'),
@@ -440,7 +452,6 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'mod_fcgid_tmpdir', '/var/customers/tmp'),
 	('system', 'ssl_cert_file', '/etc/apache2/apache2.pem'),
 	('system', 'use_ssl', '0'),
-	('system', 'openssl_cnf', '[ req ]\r\ndefault_bits = 1024\r\ndistinguished_name = req_distinguished_name\r\nattributes = req_attributes\r\nprompt = no\r\noutput_password =\r\ninput_password =\r\n[ req_distinguished_name ]\r\nC = DE\r\nST = froxlor\r\nL = froxlor    \r\nO = Testcertificate\r\nOU = froxlor        \r\nCN = @@domain_name@@\r\nemailAddress = @@email@@    \r\n[ req_attributes ]\r\nchallengePassword =\r\n'),
 	('system', 'default_vhostconf', ''),
 	('system', 'mail_quota_enabled', '0'),
 	('system', 'mail_quota', '100'),
@@ -483,13 +494,13 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'mod_fcgid_defaultini_ownvhost', '2'),
 	('system', 'awstats_icons', '/usr/share/awstats/icon/'),
 	('system', 'ssl_cert_chainfile', ''),
-	('system', 'ssl_cipher_list', 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH'),
+	('system', 'ssl_cipher_list', 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128'),
 	('system', 'nginx_php_backend', '127.0.0.1:8888'),
 	('system', 'perl_server', 'unix:/var/run/nginx/cgiwrap-dispatch.sock'),
 	('system', 'phpreload_command', ''),
 	('system', 'apache24', '0'),
 	('system', 'documentroot_use_default_value', '0'),
-	('system', 'passwordcryptfunc', '1'),
+	('system', 'passwordcryptfunc', '3'),
 	('system', 'axfrservers', ''),
 	('system', 'customer_ssl_path', '/etc/ssl/froxlor-custom/'),
 	('system', 'allow_error_report_admin', '1'),
@@ -501,6 +512,24 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'mailtraffic_enabled', '1'),
 	('system', 'cronconfig', '/etc/cron.d/froxlor'),
 	('system', 'crondreload', '/etc/init.d/cron reload'),
+	('system', 'croncmdline', '/usr/bin/nice -n 5 /usr/bin/php -q'),
+	('system', 'cron_allowautoupdate', '0'),
+	('system', 'dns_createhostnameentry', '0'),
+	('system', 'send_cron_errors', '0'),
+	('system', 'apacheitksupport', '0'),
+	('system', 'leprivatekey', 'unset'),
+	('system', 'lepublickey', 'unset'),
+	('system', 'letsencryptca', 'production'),
+	('system', 'letsencryptcountrycode', 'DE'),
+	('system', 'letsencryptstate', 'Germany'),
+	('system', 'letsencryptchallengepath', '/var/www/froxlor'),
+	('system', 'letsencryptkeysize', '4096'),
+	('system', 'letsencryptreuseold', 0),
+	('system', 'leenabled', '0'),
+	('system', 'backupenabled', '0'),
+	('system', 'dnsenabled', '0'),
+	('system', 'dns_server', 'bind'),
+	('system', 'apacheglobaldiropt', ''),
 	('panel', 'decimal_places', '4'),
 	('panel', 'adminmail', 'admin@SERVERNAME'),
 	('panel', 'phpmyadmin_url', ''),
@@ -523,19 +552,23 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'allow_preset', '1'),
 	('panel', 'allow_preset_admin', '0'),
 	('panel', 'password_regex', ''),
-	('panel', 'use_webfonts', '0'),
-	('panel', 'webfont', 'Numans'),
 	('panel', 'phpconfigs_hidestdsubdomain', '0'),
 	('panel', 'allow_theme_change_admin', '1'),
 	('panel', 'allow_theme_change_customer', '1'),
-	('panel', 'version', '0.9.32-rc1');
+	('panel', 'password_alpha_lower', '1'),
+	('panel', 'password_alpha_upper', '1'),
+	('panel', 'password_numeric', '0'),
+	('panel', 'password_special_char_required', '0'),
+	('panel', 'password_special_char', '!?<>§$%+#=@'),
+	('panel', 'version', '0.9.37'),
+	('panel', 'db_version', '201607210');


 DROP TABLE IF EXISTS `panel_tasks`;
 CREATE TABLE `panel_tasks` (
  `id` int(11) unsigned NOT NULL auto_increment,
  `type` int(11) NOT NULL default '0',
-  `data` text NOT NULL default '',
+  `data` text,
  PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;

@@ -640,21 +673,11 @@ CREATE TABLE `panel_languages` (
 INSERT INTO `panel_languages` (`id`, `language`, `iso`, `file`) VALUES
    (1, 'Deutsch', 'de', 'lng/german.lng.php'),
    (2, 'English', 'en', 'lng/english.lng.php'),
-    (3, 'Français', 'fr', 'lng/french.lng.php'),
-    (4, 'Chinese', 'zh', 'lng/zh-cn.lng.php'),
-    (5, 'Catalan', 'ca', 'lng/catalan.lng.php'),
-    (6, 'Espa&ntilde;ol', 'es', 'lng/spanish.lng.php'),
-    (7, 'Portugu&ecirc;s', 'pt', 'lng/portugues.lng.php'),
-    (8, 'Russian', 'ru', 'lng/russian.lng.php'),
-    (9, 'Danish', 'da', 'lng/danish.lng.php'),
-    (10, 'Italian', 'it', 'lng/italian.lng.php'),
-    (11, 'Bulgarian', 'bg', 'lng/bulgarian.lng.php'),
-    (12, 'Slovak', 'sk', 'lng/slovak.lng.php'),
-    (13, 'Dutch', 'nl', 'lng/dutch.lng.php'),
-    (14, 'Hungarian', 'hu', 'lng/hungarian.lng.php'),
-    (15, 'Swedish', 'sv', 'lng/swedish.lng.php'),
-    (16, 'Czech', 'cz', 'lng/czech.lng.php'),
-    (17, 'Polski', 'pl', 'lng/polish.lng.php');
+    (3, 'Fran&ccedil;ais', 'fr', 'lng/french.lng.php'),
+    (4, 'Portugu&ecirc;s', 'pt', 'lng/portugues.lng.php'),
+    (5, 'Italiano', 'it', 'lng/italian.lng.php'),
+    (6, 'Nederlands', 'nl', 'lng/dutch.lng.php'),
+    (7, 'Svenska', 'sv', 'lng/swedish.lng.php');



@@ -712,6 +735,7 @@ CREATE TABLE `panel_phpconfigs` (
  `file_extensions` varchar(255) NOT NULL,
  `mod_fcgid_starter` int(4) NOT NULL DEFAULT '-1',
  `mod_fcgid_maxrequests` int(4) NOT NULL DEFAULT '-1',
+  `mod_fcgid_umask` varchar(15) NOT NULL DEFAULT '022',
  `fpm_slowlog` tinyint(1) NOT NULL default '0',
  `fpm_reqterm` varchar(15) NOT NULL default '60s',
  `fpm_reqslow` varchar(15) NOT NULL default '5s',
@@ -722,8 +746,8 @@ CREATE TABLE `panel_phpconfigs` (


 INSERT INTO `panel_phpconfigs` (`id`, `description`, `binary`, `file_extensions`, `mod_fcgid_starter`, `mod_fcgid_maxrequests`, `phpsettings`) VALUES
-(1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 16M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n'),
-(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 16M\r\nnoutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n');
+(1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = "{DOCUMENT_ROOT}"\r\n'),
+(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\nnoutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = ""\r\n');


 DROP TABLE IF EXISTS `cronjobs_run`;
@@ -745,7 +769,9 @@ INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`,
 	(3, 'froxlor/ticket', 'used_tickets_reset', '1 DAY', '1', 'cron_ticketsreset'),
 	(4, 'froxlor/ticket', 'ticketarchive', '1 MONTH', '1', 'cron_ticketarchive'),
 	(5, 'froxlor/reports', 'usage_report', '1 DAY', '1', 'cron_usage_report'),
-	(6, 'froxlor/core', 'mailboxsize', '6 HOUR', '1', 'cron_mailboxsize');
+	(6, 'froxlor/core', 'mailboxsize', '6 HOUR', '1', 'cron_mailboxsize'),
+	(7, 'froxlor/letsencrypt', 'letsencrypt', '5 MINUTE', '0', 'cron_letsencrypt'),
+	(8, 'froxlor/backup', 'backup', '1 DAY', '1', 'cron_backup');



@@ -816,10 +842,12 @@ DROP TABLE IF EXISTS `domain_ssl_settings`;
 CREATE TABLE IF NOT EXISTS `domain_ssl_settings` (
  `id` int(5) NOT NULL auto_increment,
  `domainid` int(11) NOT NULL,
-  `ssl_cert_file` text NOT NULL,
-  `ssl_key_file` text NOT NULL,
-  `ssl_ca_file` text NOT NULL,
-  `ssl_cert_chainfile` text NOT NULL,
+  `ssl_cert_file` mediumtext NOT NULL,
+  `ssl_key_file` mediumtext NOT NULL,
+  `ssl_ca_file` mediumtext,
+  `ssl_cert_chainfile` mediumtext,
+  `ssl_csr_file` mediumtext,
+  `expirationdate` datetime DEFAULT NULL,
  PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;

@@ -831,3 +859,16 @@ CREATE TABLE IF NOT EXISTS `panel_domaintoip` (
  PRIMARY KEY (`id_domain`,`id_ipandports`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;

+
+DROP TABLE IF EXISTS `domain_dns_entries`;
+CREATE TABLE `domain_dns_entries` (
+  `id` int(20) NOT NULL auto_increment,
+  `domain_id` int(15) NOT NULL,
+  `record` varchar(255) NOT NULL,
+  `type` varchar(10) NOT NULL DEFAULT 'A',
+  `content` text NOT NULL,
+  `ttl` int(11) NOT NULL DEFAULT '18000',
+  `prio` int(11) DEFAULT NULL,
+  PRIMARY KEY  (`id`)
+) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
+
--- a/install/lib/class.FroxlorInstall.php
+++ b/install/lib/class.FroxlorInstall.php
--- a/install/lng/english.lng.php
+++ b/install/lng/english.lng.php
@@ -24,6 +24,7 @@ $lng['requirements']['notfound'] = 'not found';
 $lng['requirements']['notinstalled'] = 'not installed';
 $lng['requirements']['activated'] = 'enabled';
 $lng['requirements']['phpversion'] = 'PHP version >= 5.3';
+$lng['requirements']['newerphpprefered'] = 'Good, but php-5.6 is prefered.';
 $lng['requirements']['phpmagic_quotes_runtime'] = 'magic_quotes_runtime...';
 $lng['requirements']['phpmagic_quotes_runtime_description'] = 'PHP setting "magic_quotes_runtime" must be set to "Off". We have disabled it temporary for now please fix the coresponding php.ini.';
 $lng['requirements']['phppdo'] = 'PHP PDO extension and PDO-MySQL driver...';
@@ -32,8 +33,8 @@ $lng['requirements']['phpfilter'] = 'PHP filter-extension...';
 $lng['requirements']['phpposix'] = 'PHP posix-extension...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-extension...';
 $lng['requirements']['phpcurl'] = 'PHP curl-extension...';
+$lng['requirements']['phpmbstring'] = 'PHP mbstring-extension...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-calculation related functions will not work correctly!';
-$lng['requirements']['curldescription'] = 'Version-check and news-feed may not work correctly!';
 $lng['requirements']['openbasedir'] = 'open_basedir...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor will not work properly with open_basedir enabled. Please disable open_basedir for Froxlor in the coresponding php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Cannot install Froxlor without these requirements! Try to fix them and retry.';
@@ -55,11 +56,13 @@ $lng['install']['admin_account'] = 'Administrator Account';
 $lng['install']['admin_user'] = 'Administrator Username';
 $lng['install']['admin_pass1'] = 'Administrator Password';
 $lng['install']['admin_pass2'] = 'Administrator-Password (confirm)';
+$lng['install']['activate_newsfeed'] = 'Enable the official newsfeed<br><small>(https://inside.froxlor.org/news/)</small>';
 $lng['install']['serversettings'] = 'Server settings';
 $lng['install']['servername'] = 'Server name (FQDN, no ip-address)';
 $lng['install']['serverip'] = 'Server IP';
 $lng['install']['webserver'] = 'Webserver';
 $lng['install']['apache2'] = 'Apache 2';
+$lng['install']['apache24'] = 'Apache 2.4';
 $lng['install']['lighttpd'] = 'LigHTTPd';
 $lng['install']['nginx'] = 'NGINX';
 $lng['install']['httpuser'] = 'HTTP username';
--- a/install/lng/french.lng.php
+++ b/install/lng/french.lng.php
@@ -0,0 +1,89 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2003-2009 the SysCP Team (see authors).
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Florian Lippert <flo@syscp.org> (2003-2009)
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Language
+ *
+ */
+
+$lng['requirements']['title'] = 'Vérification des prérequis système...';
+$lng['requirements']['installed'] = 'installé';
+$lng['requirements']['not_true'] = 'non';
+$lng['requirements']['notfound'] = 'introuvable';
+$lng['requirements']['notinstalled'] = 'non installé';
+$lng['requirements']['activated'] = 'activé';
+$lng['requirements']['phpversion'] = 'PHP version >= 5.3';
+$lng['requirements']['phpmagic_quotes_runtime'] = 'magic_quotes_runtime...';
+$lng['requirements']['phpmagic_quotes_runtime_description'] = 'Le réglage PHP "magic_quotes_runtime" doit être positionné à "Off". Nous l\'avons désactivé temporairement pour l\'instant; merci de corriger le php.ini correspondant.';
+$lng['requirements']['phppdo'] = 'extension PHP PDO et pilote PDO-MySQL ...';
+$lng['requirements']['phpxml'] = 'extension PHP XML...';
+$lng['requirements']['phpfilter'] = 'extension PHP filter ...';
+$lng['requirements']['phpposix'] = 'extension PHP posix ...';
+$lng['requirements']['phpbcmath'] = 'extension PHP bcmath ...';
+$lng['requirements']['phpcurl'] = 'extension PHP curl...';
+$lng['requirements']['phpmbstring'] = 'extension PHP mbstring...';
+$lng['requirements']['bcmathdescription'] = 'Les fonctions de calcul de traffic ne fonctionneront pas correctement!';
+$lng['requirements']['openbasedir'] = 'open_basedir...';
+$lng['requirements']['openbasedirenabled'] = 'Froxlor ne fonctionnera pas correctement avec open_basedir activé. Merci de désactiver open_basedir pour Froxlor dans le php.ini correspondant';
+$lng['requirements']['diedbecauseofrequirements'] = 'Impossible d\'installer Froxlor sans ces prérequis! Essayez de les corriger et essayez à nouveau.';
+$lng['requirements']['froxlor_succ_checks'] = 'Tous les prérequis sont vérifiés';
+
+$lng['install']['lngtitle'] = 'Installation de Froxlor - choisisez la langue';
+$lng['install']['language'] = 'Langue d\'installation';
+$lng['install']['lngbtn_go'] = 'Changer la langue';
+$lng['install']['title'] = 'Installation de Froxlor - paramètrage';
+$lng['install']['welcometext'] = 'Merci d\'avoir choisi Froxlor. Merci de remplir les champs suivant avec les informations nécessaires pour démarrer l\'installation.<br /><b>Attention:</b> Si la base de données que vous choisissez existe déjà sur votre système, elle sera écrasée ainsi que les données contenues!';
+$lng['install']['database'] = 'Connexion à la base de données';
+$lng['install']['mysql_host'] = 'Nom d\'hôte MySQL';
+$lng['install']['mysql_database'] = 'Nom de la base de données';
+$lng['install']['mysql_unpriv_user'] = 'Nom d\'utilisateur pour le compte non priviligié MySQL';
+$lng['install']['mysql_unpriv_pass'] = 'Mot de passe pour le compte non priviligié MySQL';
+$lng['install']['mysql_root_user'] = 'Nom d\'utilisateur pour le compte MySQL root';
+$lng['install']['mysql_root_pass'] = 'Mot de passe pour le compte MySQL root';
+$lng['install']['admin_account'] = 'Compte administrateur';
+$lng['install']['admin_user'] = 'Nom d\'utilisateur administrateur';
+$lng['install']['admin_pass1'] = 'Mot de passe administrateur';
+$lng['install']['admin_pass2'] = 'Mot de passe administrateur (confirmez)';
+$lng['install']['serversettings'] = 'Réglages serveur';
+$lng['install']['servername'] = 'Nom du serveur (FQDN, pas d\'adresse IP)';
+$lng['install']['serverip'] = 'Adresse IP du serveur';
+$lng['install']['webserver'] = 'Serveur Web';
+$lng['install']['apache2'] = 'Apache 2';
+$lng['install']['apache24'] = 'Apache 2.4';
+$lng['install']['lighttpd'] = 'LigHTTPd';
+$lng['install']['nginx'] = 'NGINX';
+$lng['install']['httpuser'] = 'Nom d\'utilisateur HTTP';
+$lng['install']['httpgroup'] = 'Nom de groupe HTTP';
+
+$lng['install']['testing_mysql'] = 'Vérification de l\'accès root MySQL...';
+$lng['install']['testing_mysql_fail'] = 'Il semble y avoir un problème avec la connexion à la base de données. Impossible de continuer. Merci de revenir en arrière et de vérifier les informations d\'identification.';
+$lng['install']['backup_old_db'] = 'Création des sauvegardes de l\'ancienne base de données...';
+$lng['install']['backup_binary_missing'] = 'Impossible de trouver mysqldump';
+$lng['install']['backup_failed'] = 'Impossible de sauvegarde la base de données';
+$lng['install']['prepare_db'] = 'Préparation de la base de données...';
+$lng['install']['create_mysqluser_and_db'] = 'Création de la base de données et l\'utilisateur...';
+$lng['install']['testing_new_db'] = 'Teste si la base de données et l\'utilisateur ont été créés correctement...';
+$lng['install']['importing_data'] = 'Import des données...';
+$lng['install']['changing_data'] = 'Ajustement des paramètres...';
+$lng['install']['creating_entries'] = 'Insertion des nouvelles valeurs...';
+$lng['install']['adding_admin_user'] = 'Création du compte administrateur...';
+$lng['install']['creating_configfile'] = 'Création du fichier de configuration...';
+$lng['install']['creating_configfile_temp'] = 'Le fichier a été enregistré dans /tmp/userdata.inc.php, merci de le déplacer dans lib/.';
+$lng['install']['creating_configfile_failed'] = 'Impossible de créer lib/userdata.inc.php, merci de le créer manuellement avec le contenu suivant:';
+$lng['install']['froxlor_succ_installed'] = 'Froxlor a été installé avec succès.';
+
+$lng['click_here_to_refresh'] = 'Cliquez ici pour vérifier à nouveau';
+$lng['click_here_to_goback'] = 'Cliquez ici pour revenir';
+$lng['click_here_to_continue'] = 'Cliquez ici pour continuer';
+$lng['click_here_to_login'] = 'Cliquez ici pour vous connecter.';
--- a/install/lng/german.lng.php
+++ b/install/lng/german.lng.php
@@ -24,6 +24,7 @@ $lng['requirements']['notfound'] = 'nicht gefunden';
 $lng['requirements']['notinstalled'] = 'nicht installiert';
 $lng['requirements']['activated'] = 'ist aktiviert.';
 $lng['requirements']['phpversion'] = 'PHP Version >= 5.3';
+$lng['requirements']['newerphpprefered'] = 'Passt, aber php-5.6 wird bevorzugt.';
 $lng['requirements']['phpmagic_quotes_runtime'] = 'magic_quotes_runtime';
 $lng['requirements']['phpmagic_quotes_runtime_description'] = 'Die PHP Einstellung "magic_quotes_runtime" muss deaktiviert sein ("Off"). Die Einstellung wurde temporär deaktiviert, bitte ändern Sie diese in der entsprechenden php.ini.';
 $lng['requirements']['phppdo'] = 'PHP PDO Erweiterung und PDO-MySQL Treiber...';
@@ -32,8 +33,8 @@ $lng['requirements']['phpfilter'] = 'PHP filter-Erweiterung...';
 $lng['requirements']['phpposix'] = 'PHP posix-Erweiterung...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-Erweiterung...';
 $lng['requirements']['phpcurl'] = 'PHP curl-Erweiterung...';
+$lng['requirements']['phpmbstring'] = 'PHP mbstring-Erweiterung...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-Berechnungs bezogene Funktionen stehen nicht vollständig zur Verfügung!';
-$lng['requirements']['curldescription'] = 'Versions-Prüfung und News-Feed stehen nicht vollständig zur Verfügung!';
 $lng['requirements']['openbasedir'] = 'open_basedir genutzt wird...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor wird mit aktiviertem open_basedir nicht vollständig funktionieren. Bitte deaktivieren Sie open_basedir für Froxlor in der entsprechenden php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Kann Froxlor ohne diese Voraussetzungen nicht installieren! Beheben Sie die angezeigten Probleme und versuchen Sie es erneut.';
@@ -55,11 +56,13 @@ $lng['install']['admin_account'] = 'Admin-Zugang';
 $lng['install']['admin_user'] = 'Administrator-Benutzername';
 $lng['install']['admin_pass1'] = 'Administrator-Passwort';
 $lng['install']['admin_pass2'] = 'Administrator-Passwort (Bestätigung)';
+$lng['install']['activate_newsfeed'] = 'Aktiviere das offizielle Newsfeed<br><small>(https://inside.froxlor.org/news/)</small>';
 $lng['install']['serversettings'] = 'Servereinstellungen';
 $lng['install']['servername'] = 'Servername (FQDN, keine IP-Adresse)';
 $lng['install']['serverip'] = 'Server-IP';
 $lng['install']['webserver'] = 'Webserver';
 $lng['install']['apache2'] = 'Apache 2';
+$lng['install']['apache24'] = 'Apache 2.4';
 $lng['install']['lighttpd'] = 'LigHTTPd';
 $lng['install']['nginx'] = 'NGINX';
 $lng['install']['httpuser'] = 'HTTP Username';
--- a/install/scripts/language-check.php
+++ b/install/scripts/language-check.php
@@ -19,21 +19,21 @@
 $baseLanguage = 'english.lng.php';

 // Check if we're in the CLI
-if(@php_sapi_name() != 'cli'
-   && @php_sapi_name() != 'cgi'
-   && @php_sapi_name() != 'cgi-fcgi'
-) {
+if(@php_sapi_name() !== 'cli') {
 	die('This script will only work in the shell.');
 }

 // Check argument count
+/*
 if (sizeof($argv) != 2) {
 	print_help($argv);
 	exit;
 }
+*/

 // Load the contents of the given path
 $path = $argv[1];
+$_f = isset($argv[2]) ? $argv[2] : null;
 $files = array();

 if ($dh = opendir($path)) {
@@ -43,7 +43,9 @@ if ($dh = opendir($path)) {
 		   && !is_dir($file)
 		   && preg_match('/(.+)\.lng\.php/i', $file)
 		) {
-			$files[$file] = str_replace('//', '/', $path . '/' . $file);
+			if (is_null($_f) || (!is_null($_f) && ($file == $_f || $file == $baseLanguage))) {
+				$files[$file] = str_replace('//', '/', $path . '/' . $file);
+			}
 		}
 	}

@@ -51,7 +53,7 @@ if ($dh = opendir($path)) {
 } else {
 	print "ERROR: The path you requested cannot be read! \n ";
 	print "\n";
-	print_help();
+	print_help($argv);
 	exit;
 }

@@ -59,7 +61,7 @@ if ($dh = opendir($path)) {
 if (!isset($files[$baseLanguage])) {
 	print "ERROR: The baselanguage cannot be found! \n";
 	print "\n";
-	print_help();
+	print_help($argv);
 	exit;
 }

--- a/install/scripts/switch-server-ip.php
+++ b/install/scripts/switch-server-ip.php
@@ -0,0 +1,417 @@
+#!/usr/bin/php
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Froxlor team <team@froxlor.org> (2016-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Cron
+ *
+ */
+
+// Check if we're in the CLI
+if(@php_sapi_name() !== 'cli') {
+	die('This script will only work in the shell.');
+}
+
+// give control to command line handler
+try {
+	CmdLineHandler::processParameters($argc, $argv);
+} catch (Exception $e) {
+	CmdLineHandler::printerr($e->getMessage());
+}
+
+class CmdLineHandler
+{
+
+	/**
+	 * internal variable for passed arguments
+	 *
+	 * @var array
+	 */
+	private static $args = null;
+
+	/**
+	 * Action object read from commandline/config
+	 *
+	 * @var Action
+	 */
+	private $_action = null;
+
+	/**
+	 * list of valid parameters/switches
+	 */
+	public static $switches = array(
+		/* 'd', // debug / output information for everything */
+		'h'
+	);
+ // same as --help
+	public static $params = array(
+		'switch',
+		'list',
+		'froxlor-dir',
+		'help'
+	);
+
+	/**
+	 * Returns a CmdLineHandler object with given
+	 * arguments from command line
+	 *
+	 * @param int $argc
+	 * @param array $argv
+	 *
+	 * @return CmdLineHandler
+	 */
+	public static function processParameters($argc, $argv)
+	{
+		return new CmdLineHandler($argc, $argv);
+	}
+
+	/**
+	 * returns the Action object generated in
+	 * the class constructor
+	 *
+	 * @return Action
+	 */
+	public function getAction()
+	{
+		return $this->_action;
+	}
+
+	/**
+	 * class constructor, validates the command line parameters
+	 * and sets the Action-object if valid
+	 *
+	 * @param int $argc
+	 * @param string[] $argv
+	 *
+	 * @return null
+	 * @throws Exception
+	 */
+	private function __construct($argc, $argv)
+	{
+		self::$args = $this->_parseArgs($argv);
+		$this->_action = $this->_createAction();
+	}
+
+	/**
+	 * Parses the arguments given via the command line;
+	 * three types are supported:
+	 * 1.
+	 * --parm1 or --parm2=value
+	 * 2. -xyz (multiple switches in one) or -a=value
+	 * 3. parm1 parm2
+	 *
+	 * The 1. will be mapped as
+	 * ["parm1"] => true, ["parm2"] => "value"
+	 * The 2. as
+	 * ["x"] => true, ["y"] => true, ["z"] => true, ["a"] => "value"
+	 * And the 3. as
+	 * [0] => "parm1", [1] => "parm2"
+	 *
+	 * @param array $argv
+	 *
+	 * @return array
+	 */
+	private function _parseArgs($argv)
+	{
+		array_shift($argv);
+		$o = array();
+		foreach ($argv as $a) {
+			if (substr($a, 0, 2) == '--') {
+				$eq = strpos($a, '=');
+				if ($eq !== false) {
+					$o[substr($a, 2, $eq - 2)] = substr($a, $eq + 1);
+				} else {
+					$k = substr($a, 2);
+					if (! isset($o[$k])) {
+						$o[$k] = true;
+					}
+				}
+			} else
+				if (substr($a, 0, 1) == '-') {
+					if (substr($a, 2, 1) == '=') {
+						$o[substr($a, 1, 1)] = substr($a, 3);
+					} else {
+						foreach (str_split(substr($a, 1)) as $k) {
+							if (! isset($o[$k])) {
+								$o[$k] = true;
+							}
+						}
+					}
+				} else {
+					$o[] = $a;
+				}
+		}
+		return $o;
+	}
+
+	/**
+	 * Creates an Action-Object for the Action-Handler
+	 *
+	 * @return Action
+	 * @throws Exception
+	 */
+	private function _createAction()
+	{
+
+		// Test for help-switch
+		if (empty(self::$args) || array_key_exists("help", self::$args) || array_key_exists("h", self::$args)) {
+			self::printHelp();
+			// end of execution
+		}
+		// check if no unknown parameters are present
+		foreach (self::$args as $arg => $value) {
+
+			if (is_numeric($arg)) {
+				throw new Exception("Unknown parameter '" . $value . "' in argument list");
+			} elseif (! in_array($arg, self::$params) && ! in_array($arg, self::$switches)) {
+				throw new Exception("Unknown parameter '" . $arg . "' in argument list");
+			}
+		}
+
+		// set debugger switch
+		if (isset(self::$args["d"]) && self::$args["d"] == true) {
+			// Debugger::getInstance()->setEnabled(true);
+			// Debugger::getInstance()->debug("debug output enabled");
+		}
+
+		return new Action(self::$args);
+	}
+
+	public static function printHelp()
+	{
+		self::println("");
+		self::println("Help / command line parameters:");
+		self::println("");
+		// commands
+		self::println("--switch\t\tlets you switch ip-address A with ip-address B");
+		self::println("\t\t\tExample: --switch=A,B");
+		self::println("\t\t\tExample: --switch=\"A1,B1 A2,B2 A3,B3 ...\"");
+		self::println("");
+		self::println("--list\t\t\tshow all currently used ip-addresses in froxlor");
+		self::println("");
+		self::println("--froxlor-dir\t\tpath to froxlor installation");
+		self::println("\t\t\tExample: --froxlor-dir=/var/www/froxlor/");
+		self::println("");
+		self::println("--help\t\t\tshow help screen (this)");
+		self::println("");
+		// switches
+		// self::println("-d\t\t\tenable debug output");
+		self::println("-h\t\t\tsame as --help");
+		self::println("");
+
+		die(); // end of execution
+	}
+
+	public static function println($msg = "")
+	{
+		print $msg . PHP_EOL;
+	}
+
+	private static function _printcolor($msg = "", $color = "0")
+	{
+		print "\033[" . $color . "m" . $msg . "\033[0m" . PHP_EOL;
+	}
+
+	public static function printerr($msg = "")
+	{
+		self::_printcolor($msg, "31");
+	}
+
+	public static function printsucc($msg = "")
+	{
+		self::_printcolor($msg, "32");
+	}
+
+	public static function printwarn($msg = "")
+	{
+		self::_printcolor($msg, "33");
+	}
+}
+
+class Action
+{
+
+	private $_args = null;
+
+	private $_name = null;
+
+	private $_db = null;
+
+	public function __construct($args)
+	{
+		$this->_args = $args;
+		$this->_validate();
+	}
+
+	public function getActionName()
+	{
+		return $this->_name;
+	}
+
+	/**
+	 * validates the parsed command line parameters
+	 *
+	 * @throws Exception
+	 */
+	private function _validate()
+	{
+		$need_config = false;
+		if (array_key_exists("list", $this->_args) || array_key_exists("switch", $this->_args)) {
+			$need_config = true;
+		}
+
+		$this->_checkConfigParam($need_config);
+
+		$this->_parseConfig();
+
+		if (array_key_exists("list", $this->_args)) {
+			$this->_listIPs();
+		}
+		if (array_key_exists("switch", $this->_args)) {
+			$this->_switchIPs();
+		}
+	}
+
+	private function _listIPs()
+	{
+		$sel_stmt = Database::prepare("SELECT * FROM panel_ipsandports ORDER BY ip ASC, port ASC");
+		Database::pexecute($sel_stmt);
+		$ips = $sel_stmt->fetchAll(PDO::FETCH_ASSOC);
+		$mask = "|%-10.10s |%-50.50s | %10.10s |\n";
+		printf($mask, str_repeat("-", 10), str_repeat("-", 50), str_repeat("-", 10));
+		printf($mask, 'id', 'IP address', 'port');
+		printf($mask, str_repeat("-", 10), str_repeat("-", 50), str_repeat("-", 10));
+		foreach ($ips as $ipdata) {
+			printf($mask, $ipdata['id'], $ipdata['ip'], $ipdata['port']);
+		}
+		printf($mask, str_repeat("-", 10), str_repeat("-", 50), str_repeat("-", 10));
+		echo PHP_EOL . PHP_EOL;
+	}
+
+	private function _switchIPs()
+	{
+		$ip_list = $this->_args['switch'];
+
+		if (empty($ip_list) || is_bool($ip_list)) {
+			throw new Exception("No paramters given for --switch action.");
+		}
+
+		$ips_to_switch = array();
+		$ip_list = explode(" ", $ip_list);
+		foreach ($ip_list as $ips_combo) {
+			$ip_pair = explode(",", $ips_combo);
+			if (count($ip_pair) != 2) {
+				throw new Exception("Invalid parameter given for --switch");
+			} else {
+				if (filter_var($ip_pair[0], FILTER_VALIDATE_IP) == false) {
+					throw new Exception("Invalid source ip address: " . $ip_pair[0]);
+				}
+				if (filter_var($ip_pair[1], FILTER_VALIDATE_IP) == false) {
+					throw new Exception("Invalid target ip address: " . $ip_pair[1]);
+				}
+				if ($ip_pair[0] == $ip_pair[1]) {
+					throw new Exception("Source and target ip address are equal");
+				}
+			}
+			$ips_to_switch[] = $ip_pair;
+		}
+
+		if (count($ips_to_switch) > 0) {
+			$upd_stmt = Database::prepare("UPDATE panel_ipsandports SET `ip` = :newip WHERE `ip` = :oldip");
+
+			// system.ipaddress
+			$check_sysip_stmt = Database::prepare("SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'system' and `varname` = 'ipaddress'");
+			$check_sysip = Database::pexecute_first($check_sysip_stmt);
+
+			// system.mysql_access_host
+			$check_mysqlip_stmt = Database::prepare("SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'system' and `varname` = 'mysql_access_host'");
+			$check_mysqlip = Database::pexecute_first($check_mysqlip_stmt);
+
+			// system.axfrservers
+			$check_axfrip_stmt = Database::prepare("SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'system' and `varname` = 'axfrservers'");
+			$check_axfrip = Database::pexecute_first($check_axfrip_stmt);
+
+			foreach ($ips_to_switch as $ip_pair) {
+				echo "Switching IP \033[1m" . $ip_pair[0] . "\033[0m to IP \033[1m" . $ip_pair[1] . "\033[0m" . PHP_EOL;
+				Database::pexecute($upd_stmt, array(
+					'newip' => $ip_pair[1],
+					'oldip' => $ip_pair[0]
+				));
+				$rows_updated = $upd_stmt->rowCount();
+
+				if ($rows_updated == 0) {
+					CmdLineHandler::printwarn("Note: " . $ip_pair[0] . " not updated to " . $ip_pair[1] . " (possibly no entry found in froxlor database. Use --list to see what IP addresses are added in froxlor");
+				}
+
+				// check whether the system.ipaddress needs updating
+				if ($check_sysip['value'] == $ip_pair[0]) {
+					$upd2_stmt = Database::prepare("UPDATE `panel_settings` SET `value` = :newip WHERE `settinggroup` = 'system' and `varname` = 'ipaddress'");
+					Database::pexecute($upd2_stmt, array(
+						'newip' => $ip_pair[1]
+					));
+					CmdLineHandler::printsucc("Updated system-ipaddress from '" . $ip_pair[0] . "' to '" . $ip_pair[1] . "'");
+				}
+
+				// check whether the system.mysql_access_host needs updating
+				if (strstr($check_mysqlip['value'], $ip_pair[0]) !== false) {
+					$new_mysqlip = str_replace($ip_pair[0], $ip_pair[1], $check_mysqlip['value']);
+					$upd2_stmt = Database::prepare("UPDATE `panel_settings` SET `value` = :newmysql WHERE `settinggroup` = 'system' and `varname` = 'mysql_access_host'");
+					Database::pexecute($upd2_stmt, array(
+						'newmysql' => $new_mysqlip
+					));
+					CmdLineHandler::printsucc("Updated mysql_access_host from '" . $check_mysqlip['value'] . "' to '" . $new_mysqlip . "'");
+				}
+
+				// check whether the system.axfrservers needs updating
+				if (strstr($check_axfrip['value'], $ip_pair[0]) !== false) {
+					$new_axfrip = str_replace($ip_pair[0], $ip_pair[1], $check_axfrip['value']);
+					$upd2_stmt = Database::prepare("UPDATE `panel_settings` SET `value` = :newaxfr WHERE `settinggroup` = 'system' and `varname` = 'axfrservers'");
+					Database::pexecute($upd2_stmt, array(
+						'newaxfr' => $new_axfrip
+					));
+					CmdLineHandler::printsucc("Updated axfrservers from '" . $check_axfrip['value'] . "' to '" . $new_axfrip . "'");
+				}
+			}
+		}
+
+		echo PHP_EOL;
+		CmdLineHandler::printwarn("*** ATTENTION *** Remember to replace IP addresses in configuration files if used anywhere.");
+		CmdLineHandler::printsucc("IP addresses updated");
+	}
+
+	private function _parseConfig()
+	{
+		define('FROXLOR_INSTALL_DIR', $this->_args['froxlor-dir']);
+		if (!file_exists(FROXLOR_INSTALL_DIR . '/lib/classes/database/class.Database.php')) {
+			throw new Exception("Could not find froxlor's Database class. Is froxlor really installed to '".FROXLOR_INSTALL_DIR."'?");
+		}
+		if (!file_exists(FROXLOR_INSTALL_DIR . '/lib/userdata.inc.php')) {
+			throw new Exception("Could not find froxlor's userdata.inc.php file. You should use this script only with a fully installed and setup froxlor system.");
+		}
+		require FROXLOR_INSTALL_DIR . '/lib/classes/database/class.Database.php';
+	}
+
+	private function _checkConfigParam($needed = false)
+	{
+		if ($needed) {
+			if (! isset($this->_args["froxlor-dir"])) {
+				throw new Exception("No configuration given (missing --froxlor-dir parameter?)");
+			} elseif (! is_dir($this->_args["froxlor-dir"])) {
+				throw new Exception("Given --froxlor-dir parameter is not a directory");
+			} elseif (! file_exists($this->_args["froxlor-dir"])) {
+				throw new Exception("Given froxlor directory cannot be found ('" . $this->_args["froxlor-dir"] . "')");
+			} elseif (! is_readable($this->_args["froxlor-dir"])) {
+				throw new Exception("Given froxlor direcotry cannot be read ('" . $this->_args["froxlor-dir"] . "')");
+			}
+		}
+	}
+}
--- a/install/templates/assets/css/install.css
+++ b/install/templates/assets/css/install.css
@@ -1,5 +1,4 @@
@charset "UTF-8";
-
 /* RESET */
 html,body,div,ul,ol,li,dl,dt,dd,h1,h2,h3,h4,h5,h6,pre,form,p,blockquote,fieldset,input { margin:0; padding:0; }
 h1,h2,h3,h4,h5,h6,pre,code,address,caption,cite,code,em,strong,th { font-size:1em; font-weight:400; font-style:normal; }
@@ -11,10 +10,10 @@ article,aside,details,figcaption,figure,footer,header,hgroup,menu,nav,section {

 /* TYPE */
 html,body {
-	font:12px/18px Helvetica,Arial,Verdana,sans-serif;
-	background-color:#f2f2f2;
-	color:#333;
-	-webkit-font-smoothing: antialiased;
+	font:12px/18px 'Lucida Grande','Lucida Sans Unicode',Helvetica,Arial,Verdana,sans-serif;
+	background-color: #f5f5f5;
+	color:#444;
+	-webkit-font-smoothing: subpixel-antialiased;
 }

 body {
@@ -557,3 +556,12 @@ select.dropdown {
 	background-color: #35aa47;
 	height:5px;
 }
+
+.red { color: #ff0000; }
+.green { color: green; }
+.orange { color: orange; }
+.blue { color: blue; }
+.install-block { width: 65%; }
+.install-step { width: 250px; }
+.install-h3 { text-align: center; }
+.install-text { margin: 20px 20px 0 !important; }
--- a/install/templates/assets/img/favicon.ico
+++ b/install/templates/assets/img/favicon.ico
--- a/install/templates/assets/img/logo.png
+++ b/install/templates/assets/img/logo.png
--- a/install/templates/assets/img/password.png
+++ b/install/templates/assets/img/password.png
--- a/install/templates/assets/img/text_align_left.png
+++ b/install/templates/assets/img/text_align_left.png
--- a/install/templates/dataform.tpl
+++ b/install/templates/dataform.tpl
@@ -1,4 +1,4 @@
-		<p style="margin: 20px 20px 0 !important">{$this->_lng['install']['title']}</p>
+		<p class="install-text">{$this->_lng['install']['title']}</p>
 		<form action="{$formaction}" method="get">
 			<fieldset>
 				{$formdata}
--- a/install/templates/dataform2.tpl
+++ b/install/templates/dataform2.tpl
@@ -1,4 +1,4 @@
-		<p style="margin: 20px 20px 0 !important">{$this->_lng['install']['welcometext']}</p>
+		<p class="install-text">{$this->_lng['install']['welcometext']}</p>
 		<form action="{$formaction}" method="post">
 			<hr class="line">
 			<fieldset>
--- a/install/templates/dataitem.tpl
+++ b/install/templates/dataitem.tpl
@@ -1,4 +1,4 @@
 <p>
-	<label for="{$fieldname}" style="width:65%;{$style}">{$fieldlabel}:</label>&nbsp;
+	<label for="{$fieldname}" class="install-block {$style}">{$fieldlabel}:</label>&nbsp;
 	<input type="{$type}" name="{$fieldname}" id="{$fieldname}" value="{$fieldvalue}" {$required} />
 </p>
--- a/install/templates/dataitemchk.tpl
+++ b/install/templates/dataitemchk.tpl
@@ -1,4 +1,4 @@
 <p>
-	<label for="{$fieldname}" style="width:65%;{$style}">{$this->_lng['install']['webserver']} {$fieldlabel}:</label>
+	<label for="{$fieldname}" class="install-block {$style}">{$this->_lng['install']['webserver']} {$fieldlabel}:</label>
 	<input type="radio" name="webserver" id="{$fieldname}" value="{$fieldname}" {$checked} /><span>{$fieldlabel}<span>
 </p>
--- a/install/templates/dataitemyesno.tpl
+++ b/install/templates/dataitemyesno.tpl
@@ -0,0 +1,4 @@
+<p>
+	<label for="{$fieldname}" class="install-block {$style}">{$fieldlabel}:</label>
+	<input type="checkbox" name="{$fieldname}" id="{$fieldname}" value="1" {$checked} />
+</p>
--- a/install/templates/datasection.tpl
+++ b/install/templates/datasection.tpl
--- a/install/templates/footer.tpl
+++ b/install/templates/footer.tpl
--- a/install/templates/header.tpl
+++ b/install/templates/header.tpl
@@ -3,16 +3,11 @@
 <head>
 	<meta charset="utf-8" />
 	<meta http-equiv="Default-Style" content="text/css" />
-	<!--[if lt IE 9]><script src="../js/html5shiv.js"></script><![endif]-->
+	<!--[if lt IE 9]><script src="../js/html5shiv.min.js"></script><![endif]-->
 	<link href="templates/assets/css/install.css" rel="stylesheet" type="text/css" />
 	<!--[if IE]><link rel="stylesheet" href="../templates/{$theme}/css/main_ie.css" type="text/css" /><![endif]-->
 	<link href="templates/assets/img/favicon.ico" rel="icon" type="image/x-icon" />
 	<title>Froxlor Server Management Panel - Installation</title>
-	<style type="text/css">
-	body {
-        font-family: Verdana, Geneva, sans-serif;
-	}
-	</style>
 </head>
 <body>
 	<div class="installsec">
--- a/install/templates/lngform.tpl
+++ b/install/templates/lngform.tpl
--- a/install/templates/page.tpl
+++ b/install/templates/page.tpl
--- a/install/templates/pagebottom.tpl
+++ b/install/templates/pagebottom.tpl
@@ -1,4 +1,4 @@
-<h3 style="color:{$msgcolor};text-align: center">{$message}</h3>
+<h3 class="install-h3 {$msgcolor}">{$message}</h3>
 <aside>
 	<a href="{$link}">{$linktext}</a>
 </aside>
--- a/install/templates/textarea.tpl
+++ b/install/templates/textarea.tpl
--- a/install/tsmarty2c.php
+++ b/install/tsmarty2c.php
@@ -1,124 +0,0 @@
-#!/usr/bin/php
-<?php
-/**
- * tsmarty2c.php - rips gettext strings from smarty template
- *
- * ------------------------------------------------------------------------- *
- * This library is free software; you can redistribute it and/or             *
- * modify it under the terms of the GNU Lesser General Public                *
- * License as published by the Free Software Foundation; either              *
- * version 2.1 of the License, or (at your option) any later version.        *
- *                                                                           *
- * This library is distributed in the hope that it will be useful,           *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of            *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU         *
- * Lesser General Public License for more details.                           *
- *                                                                           *
- * You should have received a copy of the GNU Lesser General Public          *
- * License along with this library; if not, write to the Free Software       *
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA *
- * ------------------------------------------------------------------------- *
- *
- * This command line script rips gettext strings from smarty file, 
- * and prints them to stdout in C format, that can later be used with the 
- * standard gettext tools.
- *
- * Usage:
- * ./tsmarty2c.php <filename or directory> <file2> <..> > smarty.c
- *
- * If a parameter is a directory, the template files within will be parsed.
- *
- * @package	smarty-gettext
- * @version	$Id: tsmarty2c.php,v 1.3 2005/07/27 17:59:39 sagi Exp $
- * @link	http://smarty-gettext.sf.net/
- * @author	Sagi Bashari <sagi@boom.org.il>
- * @copyright 2004-2005 Sagi Bashari
- */
-
-// smarty open tag
-$ldq = preg_quote('{');
-
-// smarty close tag
-$rdq = preg_quote('}');
-
-// smarty command
-$cmd = preg_quote('t');
-
-// extensions of smarty files, used when going through a directory
-$extensions = array('tpl');
-
-// "fix" string - strip slashes, escape and convert new lines to \n
-function fs($str)
-{
-	$str = stripslashes($str);
-	$str = str_replace('"', '\"', $str);
-	$str = str_replace("\n", '\n', $str);
-	return $str;
-}
-
-// rips gettext strings from $file and prints them in C format
-function do_file($file)
-{
-	$content = @file_get_contents($file);
-
-	if (empty($content)) {
-		return;
-	}
-
-	global $ldq, $rdq, $cmd;
-
-	preg_match_all(
-			"/{$ldq}\s*({$cmd})\s*([^{$rdq}]*){$rdq}([^{$ldq}]*){$ldq}\/\\1{$rdq}/",
-			$content,
-			$matches
-	);
-	
-	for ($i=0; $i < count($matches[0]); $i++) {
-		// TODO: add line number
-		echo "/* $file */\n"; // credit: Mike van Lammeren 2005-02-14
-		
-		if (preg_match('/plural\s*=\s*["\']?\s*(.[^\"\']*)\s*["\']?/', $matches[2][$i], $match)) {
-			echo 'ngettext("'.fs($matches[3][$i]).'","'.fs($match[1]).'",x);'."\n";
-		} else {
-			echo 'gettext("'.fs($matches[3][$i]).'");'."\n";
-		}
-
-		echo "\n";
-	}
-}
-
-// go through a directory
-function do_dir($dir)
-{
-	$d = dir($dir);
-
-	while (false !== ($entry = $d->read())) {
-		if ($entry == '.' || $entry == '..') {
-			continue;
-		}
-
-		$entry = $dir.'/'.$entry;
-
-		if (is_dir($entry)) { // if a directory, go through it
-			do_dir($entry);
-		} else { // if file, parse only if extension is matched
-			$pi = pathinfo($entry);
-			
-			if (isset($pi['extension']) && in_array($pi['extension'], $GLOBALS['extensions'])) {
-				do_file($entry);
-			}
-		}
-	}
-
-	$d->close();
-}
-
-for ($ac=1; $ac < $_SERVER['argc']; $ac++) {
-	if (is_dir($_SERVER['argv'][$ac])) { // go through directory
-		do_dir($_SERVER['argv'][$ac]);
-	} else { // do file
-		do_file($_SERVER['argv'][$ac]);
-	}
-}
-
-?>
--- a/install/updates/froxlor/0.9/update_0.9.inc.php
+++ b/install/updates/froxlor/0.9/update_0.9.inc.php
--- a/install/updates/froxlor/upgrade_syscp.inc.php
+++ b/install/updates/froxlor/upgrade_syscp.inc.php
@@ -15,6 +15,15 @@
 *
 */

+if (!defined('AREA')
+		|| (defined('AREA') && AREA != 'admin')
+		|| !isset($userinfo['loginname'])
+		|| (isset($userinfo['loginname']) && $userinfo['loginname'] == '')
+) {
+	header('Location: ../../../index.php');
+	exit;
+}
+
 $updateto = '0.9-r0';
 $frontend = 'froxlor';

--- a/install/updates/preconfig.php
+++ b/install/updates/preconfig.php
@@ -21,17 +21,18 @@
 * outputs various content before the update process
 * can be continued (askes for agreement whatever is being asked)
 *
- * @param string version
+ * @param string $current_version
+ * @param int $current_db_version
 *
 * @return string
 */
-function getPreConfig($current_version)
+function getPreConfig($current_version, $current_db_version)
 {
 	$has_preconfig = false;
-	$return = '<div class="preconfig"><h3 style="color:#ff0000;">PLEASE NOTE - Important update notifications</h3>';
+	$return = '<div class="preconfig"><h3 class="red">PLEASE NOTE - Important update notifications</h3>';

 	include_once makeCorrectFile(dirname(__FILE__).'/preconfig/0.9/preconfig_0.9.inc.php');
-	parseAndOutputPreconfig($has_preconfig, $return, $current_version);
+	parseAndOutputPreconfig($has_preconfig, $return, $current_version, $current_db_version);

 	$return .= '<br /><br />'.makecheckbox('update_changesagreed', '<strong>I have read the update notifications above and I am aware of the changes made to my system.</strong>', '1', true, '0', true);
 	$return .= '</div>';
--- a/install/updates/preconfig/0.9/preconfig_0.9.inc.php
+++ b/install/updates/preconfig/0.9/preconfig_0.9.inc.php
@@ -18,47 +18,45 @@
 /**
 * checks if the new-version has some updating to do
 *
- * @param boolean $has_preconfig   pointer to check if any preconfig has to be output
- * @param string  $return          pointer to output string
- * @param string  $current_version current froxlor version
+ * @param boolean $has_preconfig
+ *        	pointer to check if any preconfig has to be output
+ * @param string $return
+ *        	pointer to output string
+ * @param string $current_version
+ *        	current froxlor version
 *
 * @return null
 */
-function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
-
+function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version, $current_db_version)
+{
 	global $lng;

-	if(versionInUpdate($current_version, '0.9.4-svn2'))
-	{
+	if (versionInUpdate($current_version, '0.9.4-svn2')) {
 		$has_preconfig = true;
 		$description = 'Froxlor now enables the usage of a domain-wildcard entry and subdomains for this domain at the same time (subdomains are parsed before the main-domain vhost container).';
-		$description.= 'This makes it possible to catch all non-existing subdomains with the main vhost but also have the ability to use subdomains for that domain.<br />';
-		$description.= 'If you would like Froxlor to do so with your domains, the update script can set the correct values for existing domains for you. Note: future domains will have wildcard-entries enabled by default no matter how you decide here.';
+		$description .= 'This makes it possible to catch all non-existing subdomains with the main vhost but also have the ability to use subdomains for that domain.<br />';
+		$description .= 'If you would like Froxlor to do so with your domains, the update script can set the correct values for existing domains for you. Note: future domains will have wildcard-entries enabled by default no matter how you decide here.';
 		$question = '<strong>Do you want to use wildcard-entries for existing domains?:</strong>&nbsp;';
-		$question.= makeyesno('update_domainwildcardentry', '1', '0', '1');
+		$question .= makeyesno('update_domainwildcardentry', '1', '0', '1');

 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.6-svn2'))
-	{
-		if(!PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')))
-		{
+	if (versionInUpdate($current_version, '0.9.6-svn2')) {
+		if (! PHPMailer::ValidateAddress(Settings::Get('panel.adminmail'))) {
 			$has_preconfig = true;
 			$description = 'Froxlor uses a newer version of the phpMailerClass and determined that your current admin-mail address is invalid.';
-			$question = '<strong>Please specify a new admin-email address:</strong>&nbsp;<input type="text" class="text" name="update_adminmail" value="'.Settings::Get('panel.adminmail').'" />';
+			$question = '<strong>Please specify a new admin-email address:</strong>&nbsp;<input type="text" class="text" name="update_adminmail" value="' . Settings::Get('panel.adminmail') . '" />';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.6-svn3'))
-	{
+	if (versionInUpdate($current_version, '0.9.6-svn3')) {
 		$has_preconfig = true;
 		$description = 'You now have the possibility to define default error-documents for your webserver which replace the default webserver error-messages.';
 		$question = '<strong>Do you want to enable default error-documents?:</strong>&nbsp;';
-		$question .= makeyesno('update_deferr_enable', '1', '0', '0').'<br /><br />';
-		if(Settings::Get('system.webserver') == 'apache2')
-		{
+		$question .= makeyesno('update_deferr_enable', '1', '0', '0') . '<br /><br />';
+		if (Settings::Get('system.webserver') == 'apache2') {
 			$question .= 'Path/URL for error 500:&nbsp;<input type="text" class="text" name="update_deferr_500" /><br /><br />';
 			$question .= 'Path/URL for error 401:&nbsp;<input type="text" class="text" name="update_deferr_401" /><br /><br />';
 			$question .= 'Path/URL for error 403:&nbsp;<input type="text" class="text" name="update_deferr_403" /><br /><br />';
@@ -67,37 +65,33 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.6-svn4'))
-	{
+	if (versionInUpdate($current_version, '0.9.6-svn4')) {
 		$has_preconfig = true;
 		$description = 'You can define a default support-ticket priority level which is pre-selected for new support-tickets.';
 		$question = '<strong>Which should be the default ticket-priority?:</strong>&nbsp;';
 		$question .= '<select name="update_deftic_priority">';
 		$priorities = makeoption($lng['ticket']['high'], '1', '2');
-		$priorities.= makeoption($lng['ticket']['normal'], '2', '2');
-		$priorities.= makeoption($lng['ticket']['low'], '3', '2');
-		$question .= $priorities.'</select>';
+		$priorities .= makeoption($lng['ticket']['normal'], '2', '2');
+		$priorities .= makeoption($lng['ticket']['low'], '3', '2');
+		$question .= $priorities . '</select>';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.6-svn5'))
-	{
+	if (versionInUpdate($current_version, '0.9.6-svn5')) {
 		$has_preconfig = true;
 		$description = 'If you have more than one PHP configurations defined in Froxlor you can now set a default one which will be used for every domain.';
 		$question = '<strong>Select default PHP configuration:</strong>&nbsp;';
 		$question .= '<select name="update_defsys_phpconfig">';
 		$configs_array = getPhpConfigs();
 		$configs = '';
-		foreach($configs_array as $idx => $desc)
-		{
+		foreach ($configs_array as $idx => $desc) {
 			$configs .= makeoption($desc, $idx, '1');
 		}
-		$question .= $configs.'</select>';
+		$question .= $configs . '</select>';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.6-svn6'))
-	{
+	if (versionInUpdate($current_version, '0.9.6-svn6')) {
 		$has_preconfig = true;
 		$description = 'For the new FTP-quota feature, you can now chose the currently used ftpd-software.';
 		$question = '<strong>Used FTPd-software:</strong>&nbsp;';
@@ -108,72 +102,63 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.7-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.7-svn1')) {
 		$has_preconfig = true;
 		$description = 'You can now choose whether customers can select the http-redirect code and which of them acts as default.';
 		$question = '<strong>Allow customer chosen redirects?:</strong>&nbsp;';
-		$question.= makeyesno('update_customredirect_enable', '1', '0', '1').'<br /><br />';
-		$question.= '<strong>Select default redirect code (default: empty):</strong>&nbsp;';
-		$question.= '<select name="update_customredirect_default">';
-		$redirects = makeoption('--- ('.$lng['redirect_desc']['rc_default'].')', 1, '1');
-		$redirects.= makeoption('301 ('.$lng['redirect_desc']['rc_movedperm'].')', 2, '1');
-		$redirects.= makeoption('302 ('.$lng['redirect_desc']['rc_found'].')', 3, '1');
-		$redirects.= makeoption('303 ('.$lng['redirect_desc']['rc_seeother'].')', 4, '1');
-		$redirects.= makeoption('307 ('.$lng['redirect_desc']['rc_tempred'].')', 5, '1');
-		$question .= $redirects.'</select>';
+		$question .= makeyesno('update_customredirect_enable', '1', '0', '1') . '<br /><br />';
+		$question .= '<strong>Select default redirect code (default: empty):</strong>&nbsp;';
+		$question .= '<select name="update_customredirect_default">';
+		$redirects = makeoption('--- (' . $lng['redirect_desc']['rc_default'] . ')', 1, '1');
+		$redirects .= makeoption('301 (' . $lng['redirect_desc']['rc_movedperm'] . ')', 2, '1');
+		$redirects .= makeoption('302 (' . $lng['redirect_desc']['rc_found'] . ')', 3, '1');
+		$redirects .= makeoption('303 (' . $lng['redirect_desc']['rc_seeother'] . ')', 4, '1');
+		$redirects .= makeoption('307 (' . $lng['redirect_desc']['rc_tempred'] . ')', 5, '1');
+		$question .= $redirects . '</select>';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.7-svn2'))
-	{
+	if (versionInUpdate($current_version, '0.9.7-svn2')) {
 		$result = Database::query("SELECT `domain` FROM " . TABLE_PANEL_DOMAINS . " WHERE `documentroot` LIKE '%:%' AND `documentroot` NOT LIKE 'http://%' AND `openbasedir_path` = '0' AND `openbasedir` = '1'");
 		$wrongOpenBasedirDomain = array();
-		while($row = $result->fetch(PDO::FETCH_ASSOC)) {
+		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
 			$wrongOpenBasedirDomain[] = $row['domain'];
 		}

-		if(count($wrongOpenBasedirDomain) > 0)
-		{
+		if (count($wrongOpenBasedirDomain) > 0) {
 			$has_preconfig = true;
 			$description = 'Resetting the open_basedir to customer - root';
 			$question = '<strong>Due to a security - issue regarding open_basedir, Froxlor will set the open_basedir for the following domains to the customers root instead of the chosen documentroot:</strong><br />&nbsp;';
-			$question.= '<ul>';
+			$question .= '<ul>';
 			$idna_convert = new idna_convert_wrapper();
-			foreach($wrongOpenBasedirDomain as $domain)
-			{
-				$question.= '<li>' . $idna_convert->decode($domain) . '</li>';
+			foreach ($wrongOpenBasedirDomain as $domain) {
+				$question .= '<li>' . $idna_convert->decode($domain) . '</li>';
 			}
-			$question.= '</ul>';
+			$question .= '</ul>';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.9-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.9-svn1')) {
 		$has_preconfig = true;
 		$description = 'When entering MX servers to Froxlor there was no mail-, imap-, pop3- and smtp-"A record" created. You can now chose whether this should be done or not.';
 		$question = '<strong>Do you want these A-records to be created even with MX servers given?:</strong>&nbsp;';
-		$question.= makeyesno('update_defdns_mailentry', '1', '0', '0');
+		$question .= makeyesno('update_defdns_mailentry', '1', '0', '0');
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.10-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.10-svn1')) {
 		$has_nouser = false;
 		$has_nogroup = false;

 		$result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'system' AND `varname` = 'httpuser'");
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

-		if(!isset($result) || !isset($result['value']))
-		{
+		if (! isset($result) || ! isset($result['value'])) {
 			$has_preconfig = true;
 			$has_nouser = true;
 			$guessed_user = 'www-data';
-			if(function_exists('posix_getuid')
-					&& function_exists('posix_getpwuid')
-			) {
+			if (function_exists('posix_getuid') && function_exists('posix_getpwuid')) {
 				$_httpuser = posix_getpwuid(posix_getuid());
 				$guessed_user = $_httpuser['name'];
 			}
@@ -182,31 +167,24 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		$result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'system' AND `varname` = 'httpgroup'");
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

-		if(!isset($result) || !isset($result['value']))
-		{
+		if (! isset($result) || ! isset($result['value'])) {
 			$has_preconfig = true;
 			$has_nogroup = true;
 			$guessed_group = 'www-data';
-			if(function_exists('posix_getgid')
-					&& function_exists('posix_getgrgid')
-			) {
+			if (function_exists('posix_getgid') && function_exists('posix_getgrgid')) {
 				$_httpgroup = posix_getgrgid(posix_getgid());
 				$guessed_group = $_httpgroup['name'];
 			}
 		}

-		if($has_nouser || $has_nogroup)
-		{
+		if ($has_nouser || $has_nogroup) {
 			$description = 'Please enter the correct username/groupname of the webserver on your system We\'re guessing the user but it might not be correct, so please check.';
-			if($has_nouser)
-			{
-				$question = '<strong>Please enter the webservers username:</strong>&nbsp;<input type="text" class="text" name="update_httpuser" value="'.$guessed_user.'" />';
-			}
-			elseif($has_nogroup)
-			{
-				$question2 = '<strong>Please enter the webservers groupname:</strong>&nbsp;<input type="text" class="text" name="update_httpgroup" value="'.$guessed_group.'" />';
-				if($has_nouser) {
-					$question .= '<br /><br />'.$question2;
+			if ($has_nouser) {
+				$question = '<strong>Please enter the webservers username:</strong>&nbsp;<input type="text" class="text" name="update_httpuser" value="' . $guessed_user . '" />';
+			} elseif ($has_nogroup) {
+				$question2 = '<strong>Please enter the webservers groupname:</strong>&nbsp;<input type="text" class="text" name="update_httpgroup" value="' . $guessed_group . '" />';
+				if ($has_nouser) {
+					$question .= '<br /><br />' . $question2;
 				} else {
 					$question = $question2;
 				}
@@ -215,242 +193,216 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.10'))
-	{
+	if (versionInUpdate($current_version, '0.9.10')) {
 		$has_preconfig = true;
 		$description = 'you can now decide whether Froxlor should be reached via hostname/froxlor or directly via the hostname.';
 		$question = '<strong>Do you want Froxlor to be reached directly via the hostname?:</strong>&nbsp;';
-		$question.= makeyesno('update_directlyviahostname', '1', '0', '0');
+		$question .= makeyesno('update_directlyviahostname', '1', '0', '0');
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.11-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.11-svn1')) {
 		$has_preconfig = true;
 		$description = 'It is possible to enhance security with setting a regular expression to force your customers to enter more complex passwords.';
 		$question = '<strong>Enter a regular expression to force a higher password complexity (leave empty for none):</strong>&nbsp;';
-		$question.= '<input type="text" class="text" name="update_pwdregex" value="" />';
+		$question .= '<input type="text" class="text" name="update_pwdregex" value="" />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.11-svn3'))
-	{
+	if (versionInUpdate($current_version, '0.9.11-svn3')) {
 		$has_preconfig = true;
 		$description = 'As Froxlor can now handle perl, you have to specify where the perl executable is (only if you\'re running lighttpd, else just leave empty).';
 		$question = '<strong>Path to perl (default \'/usr/bin/perl\'):</strong>&nbsp;';
-		$question.= '<input type="text" class="text" name="update_perlpath" value="/usr/bin/perl" />';
+		$question .= '<input type="text" class="text" name="update_perlpath" value="/usr/bin/perl" />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.12-svn1'))
-	{
-		if(Settings::Get('system.mod_fcgid') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.12-svn1')) {
+		if (Settings::Get('system.mod_fcgid') == 1) {
 			$has_preconfig = true;
 			$description = 'You can chose whether you want Froxlor to use FCGID itself too now.';
 			$question = '<strong>Use FCGID for the Froxlor Panel?:</strong>&nbsp;';
-			$question.= makeyesno('update_fcgid_ownvhost', '1', '0', '0').'<br /><br />';
-			$question.= '<strong>If \'yes\', please specify local user/group (have to exist, Froxlor does not add them automatically):</strong><br /><br />';
-			$question.= 'Local user:&nbsp;';
-			$question.= '<input type="text" class="text" name="update_fcgid_httpuser" value="froxlorlocal" /><br /><br />';
-			$question.= 'Local group:&nbsp;';
-			$question.= '<input type="text" class="text" name="update_fcgid_httpgroup" value="froxlorlocal" /><br />';
+			$question .= makeyesno('update_fcgid_ownvhost', '1', '0', '0') . '<br /><br />';
+			$question .= '<strong>If \'yes\', please specify local user/group (have to exist, Froxlor does not add them automatically):</strong><br /><br />';
+			$question .= 'Local user:&nbsp;';
+			$question .= '<input type="text" class="text" name="update_fcgid_httpuser" value="froxlorlocal" /><br /><br />';
+			$question .= 'Local group:&nbsp;';
+			$question .= '<input type="text" class="text" name="update_fcgid_httpgroup" value="froxlorlocal" /><br />';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.12-svn2'))
-	{
+	if (versionInUpdate($current_version, '0.9.12-svn2')) {
 		$has_preconfig = true;
 		$description = 'Many apache user will have problems using perl/CGI as the customer docroots are not within the suexec path. Froxlor provides a simple workaround for that.';
 		$question = '<strong>Enable Apache/SuExec/Perl workaround?:</strong>&nbsp;';
-		$question.= makeyesno('update_perl_suexecworkaround', '1', '0', '0').'<br /><br />';
-		$question.= '<strong>If \'yes\', please specify a path within the suexec path where Froxlor will create symlinks to customer perl-enabled paths:</strong><br /><br />';
-		$question.= 'Path for symlinks (must be within suexec path):&nbsp;';
-		$question.= '<input type="text" class="text" name="update_perl_suexecpath" value="/var/www/cgi-bin/" /><br />';
+		$question .= makeyesno('update_perl_suexecworkaround', '1', '0', '0') . '<br /><br />';
+		$question .= '<strong>If \'yes\', please specify a path within the suexec path where Froxlor will create symlinks to customer perl-enabled paths:</strong><br /><br />';
+		$question .= 'Path for symlinks (must be within suexec path):&nbsp;';
+		$question .= '<input type="text" class="text" name="update_perl_suexecpath" value="/var/www/cgi-bin/" /><br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.12-svn4'))
-	{
-		if((int)Settings::Get('system.awstats_enabled') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.12-svn4')) {
+		if ((int) Settings::Get('system.awstats_enabled') == 1) {
 			$has_preconfig = true;
 			$description = 'Due to different paths of awstats_buildstaticpages.pl and awstats.pl you can set a different path for awstats.pl now.';
 			$question = '<strong>Path to \'awstats.pl\'?:</strong>&nbsp;';
-			$question.= '<input type="text" class="text" name="update_awstats_awstatspath" value="'.Settings::Get('system.awstats_path').'" /><br />';
+			$question .= '<input type="text" class="text" name="update_awstats_awstatspath" value="' . Settings::Get('system.awstats_path') . '" /><br />';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.13-svn1'))
-	{
-		if((int)Settings::Get('autoresponder.autoresponder_active') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.13-svn1')) {
+		if ((int) Settings::Get('autoresponder.autoresponder_active') == 1) {
 			$has_preconfig = true;
 			$description = 'Froxlor can now limit the number of autoresponder-entries for each user. Here you can set the value which will be available for each customer (Of course you can change the value for each customer separately after the update).';
 			$question = '<strong>How many autoresponders should your customers be able to add?:</strong>&nbsp;';
-			$question.= '<input type="text" class="text" name="update_autoresponder_default" value="0" />&nbsp;'.makecheckbox('update_autoresponder_default', $lng['customer']['unlimited'], '-1', false, 0, true, true).'<br />';
+			$question .= '<input type="text" class="text" name="update_autoresponder_default" value="0" />&nbsp;' . makecheckbox('update_autoresponder_default', $lng['customer']['unlimited'], '-1', false, 0, true, true) . '<br />';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.13.1'))
-	{
-		if((int)Settings::Get('system.mod_fcgid_ownvhost') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.13.1')) {
+		if ((int) Settings::Get('system.mod_fcgid_ownvhost') == 1) {
 			$has_preconfig = true;
 			$description = 'You have FCGID for Froxlor itself activated. You can now specify a PHP-configuration for this.';
 			$question = '<strong>Select Froxlor-vhost PHP configuration:</strong>&nbsp;';
 			$question .= '<select name="update_defaultini_ownvhost">';
 			$configs_array = getPhpConfigs();
 			$configs = '';
-			foreach($configs_array as $idx => $desc)
-			{
+			foreach ($configs_array as $idx => $desc) {
 				$configs .= makeoption($desc, $idx, '1');
 			}
-			$question .= $configs.'</select>';
+			$question .= $configs . '</select>';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.14-svn3'))
-	{
-		if((int)Settings::Get('system.awstats_enabled') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.14-svn3')) {
+		if ((int) Settings::Get('system.awstats_enabled') == 1) {
 			$has_preconfig = true;
 			$description = 'To have icons in AWStats statistic-pages please enter the path to AWStats icons folder.';
 			$question = '<strong>Path to AWSTats icons folder:</strong>&nbsp;';
-			$question.= '<input type="text" class="text" name="update_awstats_icons" value="'.Settings::Get('system.awstats_icons').'" />';
+			$question .= '<input type="text" class="text" name="update_awstats_icons" value="' . Settings::Get('system.awstats_icons') . '" />';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.14-svn4'))
-	{
-		if((int)Settings::Get('system.use_ssl') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.14-svn4')) {
+		if ((int) Settings::Get('system.use_ssl') == 1) {
 			$has_preconfig = true;
 			$description = 'Froxlor now has the possibility to set \'SSLCertificateChainFile\' for the apache webserver.';
 			$question = '<strong>Enter filename (leave empty for none):</strong>&nbsp;';
-			$question.= '<input type="text" class="text" name="update_ssl_cert_chainfile" value="'.Settings::Get('system.ssl_cert_chainfile').'" />';
+			$question .= '<input type="text" class="text" name="update_ssl_cert_chainfile" value="' . Settings::Get('system.ssl_cert_chainfile') . '" />';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.14-svn6'))
-	{
+	if (versionInUpdate($current_version, '0.9.14-svn6')) {
 		$has_preconfig = true;
 		$description = 'You can now allow customers to use any of their domains as username for the login.';
 		$question = '<strong>Do you want to enable domain-login for all customers?:</strong>&nbsp;';
-		$question.= makeyesno('update_allow_domain_login', '1', '0', '0');
+		$question .= makeyesno('update_allow_domain_login', '1', '0', '0');
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.14-svn10'))
-	{
+	if (versionInUpdate($current_version, '0.9.14-svn10')) {
 		$has_preconfig = true;
 		$description = '<strong>This update removes the unsupported real-time option. Additionally the deprecated tables for navigation and cronscripts are removed, any modules using these tables need to be updated to the new structure!</strong>';
 		$question = '';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.16-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.16-svn1')) {
 		$has_preconfig = true;
 		$description = 'Froxlor now features support for php-fpm.';
 		$question = '<strong>Do you want to enable php-fpm?:</strong>&nbsp;';
-		$question.= makeyesno('update_phpfpm_enabled', '1', '0', '0').'<br /><br />';
-		$question.= 'If \'yes\', please specify the configuration directory:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_configdir" value="/etc/php-fpm.d/" /><br /><br />';
-		$question.= 'Please specify the temporary files directory:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_tmpdir" value="/var/customers/tmp/" /><br /><br />';
-		$question.= 'Please specify the PEAR directory:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_peardir" value="/usr/share/php/:/usr/share/php5/" /><br /><br />';
-		$question.= 'Please specify the php-fpm restart-command:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_reload" value="/etc/init.d/php-fpm restart" /><br /><br />';
-		$question.= 'Please specify the php-fpm rocess manager control:&nbsp;';
-		$question.= '<select name="update_phpfpm_pm">';
+		$question .= makeyesno('update_phpfpm_enabled', '1', '0', '0') . '<br /><br />';
+		$question .= 'If \'yes\', please specify the configuration directory:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_configdir" value="/etc/php-fpm.d/" /><br /><br />';
+		$question .= 'Please specify the temporary files directory:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_tmpdir" value="/var/customers/tmp/" /><br /><br />';
+		$question .= 'Please specify the PEAR directory:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_peardir" value="/usr/share/php/:/usr/share/php5/" /><br /><br />';
+		$question .= 'Please specify the php-fpm restart-command:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_reload" value="/etc/init.d/php-fpm restart" /><br /><br />';
+		$question .= 'Please specify the php-fpm rocess manager control:&nbsp;';
+		$question .= '<select name="update_phpfpm_pm">';
 		$redirects = makeoption('static', 'static', 'static');
-		$redirects.= makeoption('dynamic', 'dynamic', 'static');
-		$question .= $redirects.'</select><br /><br />';
-		$question.= 'Please specify the number of child processes:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_max_children" value="1" /><br /><br />';
-		$question.= 'Please specify the number of requests per child before respawning:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_max_requests" value="0" /><br /><br />';
-		$question.= '<em>The following settings are only required if you chose process manager = dynamic</em><br /><br />';
-		$question.= 'Please specify the number of child processes created on startup:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_start_servers" value="20" /><br /><br />';
-		$question.= 'Please specify the desired minimum number of idle server processes:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_min_spare_servers" value="5" /><br /><br />';
-		$question.= 'Please specify the desired maximum number of idle server processes:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_max_spare_servers" value="35" /><br />';
+		$redirects .= makeoption('dynamic', 'dynamic', 'static');
+		$question .= $redirects . '</select><br /><br />';
+		$question .= 'Please specify the number of child processes:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_max_children" value="1" /><br /><br />';
+		$question .= 'Please specify the number of requests per child before respawning:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_max_requests" value="0" /><br /><br />';
+		$question .= '<em>The following settings are only required if you chose process manager = dynamic</em><br /><br />';
+		$question .= 'Please specify the number of child processes created on startup:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_start_servers" value="20" /><br /><br />';
+		$question .= 'Please specify the desired minimum number of idle server processes:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_min_spare_servers" value="5" /><br /><br />';
+		$question .= 'Please specify the desired maximum number of idle server processes:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_max_spare_servers" value="35" /><br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.16-svn2'))
-	{
-		if((int)Settings::Get('phpfpm.enabled') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.16-svn2')) {
+		if ((int) Settings::Get('phpfpm.enabled') == 1) {
 			$has_preconfig = true;
 			$description = 'You can chose whether you want Froxlor to use PHP-FPM itself too now.';
 			$question = '<strong>Use PHP-FPM for the Froxlor Panel?:</strong>&nbsp;';
-			$question.= makeyesno('update_phpfpm_enabled_ownvhost', '1', '0', '0').'<br /><br />';
-			$question.= '<strong>If \'yes\', please specify local user/group (have to exist, Froxlor does not add them automatically):</strong><br /><br />';
-			$question.= 'Local user:&nbsp;';
-			$question.= '<input type="text" class="text" name="update_phpfpm_httpuser" value="'.Settings::Get('system.mod_fcgid_httpuser').'" /><br /><br />';
-			$question.= 'Local group:&nbsp;';
-			$question.= '<input type="text" class="text" name="update_phpfpm_httpgroup" value="'.Settings::Get('system.mod_fcgid_httpgroup').'" /><br />';
+			$question .= makeyesno('update_phpfpm_enabled_ownvhost', '1', '0', '0') . '<br /><br />';
+			$question .= '<strong>If \'yes\', please specify local user/group (have to exist, Froxlor does not add them automatically):</strong><br /><br />';
+			$question .= 'Local user:&nbsp;';
+			$question .= '<input type="text" class="text" name="update_phpfpm_httpuser" value="' . Settings::Get('system.mod_fcgid_httpuser') . '" /><br /><br />';
+			$question .= 'Local group:&nbsp;';
+			$question .= '<input type="text" class="text" name="update_phpfpm_httpgroup" value="' . Settings::Get('system.mod_fcgid_httpgroup') . '" /><br />';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.17-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.17-svn1')) {
 		$has_preconfig = true;
 		$description = 'Select if you want to enable the web- and traffic-reports';
 		$question = '<strong>Enable?:</strong>&nbsp;';
-		$question.= makeyesno('update_system_report_enable', '1', '0', '1').'<br /><br />';
-		$question.= '<strong>If \'yes\', please specify a percentage value for web- and traffic when reports are to be sent:</strong><br /><br />';
-		$question.= 'Webusage warning level:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_system_report_webmax" value="90" /><br /><br />';
-		$question.= 'Traffic warning level:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_system_report_trafficmax" value="90" /><br />';
+		$question .= makeyesno('update_system_report_enable', '1', '0', '1') . '<br /><br />';
+		$question .= '<strong>If \'yes\', please specify a percentage value for web- and traffic when reports are to be sent:</strong><br /><br />';
+		$question .= 'Webusage warning level:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_system_report_webmax" value="90" /><br /><br />';
+		$question .= 'Traffic warning level:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_system_report_trafficmax" value="90" /><br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.18-svn2'))
-	{
+	if (versionInUpdate($current_version, '0.9.18-svn2')) {
 		$has_preconfig = true;
 		$description = 'As you can (obviously) see, Froxlor now comes with a new theme. You also have the possibility to switch back to "Classic" if you want to.';
 		$question = '<strong>Select default panel theme:</strong>&nbsp;';
-		$question.= '<select name="update_default_theme">';
+		$question .= '<select name="update_default_theme">';
 		$themes = getThemes();
-		foreach($themes as $cur_theme) // $theme is already in use
-		{
-			$question.= makeoption($cur_theme, $cur_theme, 'Froxlor');
+		foreach ($themes as $cur_theme) // $theme is already in use
+{
+			$question .= makeoption($cur_theme, $cur_theme, 'Froxlor');
 		}
-		$question.= '</select>';
+		$question .= '</select>';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.28-svn4'))
-	{
+	if (versionInUpdate($current_version, '0.9.28-svn4')) {
 		$has_preconfig = true;
 		$description = 'This version introduces a lot of profound changes:';
 		$description .= '<br /><ul><li>Improving the whole template system</li><li>Full UTF-8 support</li><li><strong>Removing support for the former default theme \'Classic\'</strong></li></ul>';
 		$description .= '<br /><br />Notice: This update will <strong>alter your Froxlor database to use UTF-8</strong> as default charset. ';
-		$description .= 'Even though this is already tested, we <span style="color:#ff0000;font-weight:bold;">strongly recommend</span> to ';
+		$description .= 'Even though this is already tested, we <span class="red">strongly recommend</span> to ';
 		$description .= 'test this update in a testing environment using your existing data.<br /><br />';

 		$question = '<strong>Select your preferred Classic Theme replacement:</strong>&nbsp;';
-		$question.= '<select name="classic_theme_replacement">';
+		$question .= '<select name="classic_theme_replacement">';
 		$themes = getThemes();
-		foreach($themes as $cur_theme)
-		{
-			$question.= makeoption($cur_theme, $cur_theme, 'Froxlor');
+		foreach ($themes as $cur_theme) {
+			$question .= makeoption($cur_theme, $cur_theme, 'Froxlor');
 		}
-		$question.= '</select>';
+		$question .= '</select>';

 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}
@@ -460,16 +412,16 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		if (Settings::Get('system.webserver') == 'apache2') {
 			$has_preconfig = true;
 			$description = 'Froxlor now supports the new Apache 2.4. Please be aware that you need to load additional apache-modules in ordner to use it.<br />';
-			$description.= '<pre>LoadModule authz_core_module modules/mod_authz_core.so
+			$description .= '<pre>LoadModule authz_core_module modules/mod_authz_core.so
 					LoadModule authz_host_module modules/mod_authz_host.so</pre><br />';
 			$question = '<strong>Do you want to enable the Apache-2.4 modification?:</strong>&nbsp;';
-			$question.= makeyesno('update_system_apache24', '1', '0', '0');
+			$question .= makeyesno('update_system_apache24', '1', '0', '0');
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		} elseif (Settings::Get('system.webserver') == 'nginx') {
 			$has_preconfig = true;
 			$description = 'The path to nginx\'s fastcgi_params file is now customizable.<br /><br />';
 			$question = '<strong>Please enter full path to you nginx/fastcgi_params file (including filename):</strong>&nbsp;';
-			$question.= '<input type="text" class="text" name="nginx_fastcgi_params" value="/etc/nginx/fastcgi_params" />';
+			$question .= '<input type="text" class="text" name="nginx_fastcgi_params" value="/etc/nginx/fastcgi_params" />';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}
@@ -478,11 +430,11 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {

 		$has_preconfig = true;

-		$description  = 'This version adds an option to append the domain-name to the document-root for domains and subdomains.<br />';
+		$description = 'This version adds an option to append the domain-name to the document-root for domains and subdomains.<br />';
 		$description .= 'You can enable or disable this feature anytime from settings -> system settings.<br />';

 		$question = '<strong>Do you want to automatically append the domain-name to the documentroot of newly created domains?:</strong>&nbsp;';
-		$question.= makeyesno('update_system_documentroot_use_default_value', '1', '0', '0');
+		$question .= makeyesno('update_system_documentroot_use_default_value', '1', '0', '0');

 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}
@@ -491,12 +443,10 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {

 		$has_preconfig = true;
 		// just an information about the new sendmail parameter (#1134)
-		$description  = 'Froxlor changed the default parameter-set of sendmail (php.ini)<br />';
+		$description = 'Froxlor changed the default parameter-set of sendmail (php.ini)<br />';
 		$description .= 'sendmail_path = "/usr/sbin/sendmail -t <strong>-i</strong> -f {CUSTOMER_EMAIL}"<br /><br />';
 		$description .= 'If you don\'t have any problems with sending mails, you don\'t need to change this';
-		if (Settings::Get('system.mod_fcgid') == '1'
-				|| Settings::Get('phpfpm.enabled') == '1'
-		) {
+		if (Settings::Get('system.mod_fcgid') == '1' || Settings::Get('phpfpm.enabled') == '1') {
 			// information about removal of php's safe_mode
 			$description .= '<br /><br />The php safe_mode flag has been removed as current versions of PHP<br />';
 			$description .= 'do not support it anymore.<br /><br />';
@@ -509,45 +459,43 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {

 	if (versionInUpdate($current_version, '0.9.29-dev1')) {
 		// we only need to ask if fcgid|php-fpm is enabled
-		if (Settings::Get('system.mod_fcgid') == '1'
-				|| Settings::Get('phpfpm.enabled') == '1'
-		) {
+		if (Settings::Get('system.mod_fcgid') == '1' || Settings::Get('phpfpm.enabled') == '1') {
 			$has_preconfig = true;
-			$description  = 'Standard-subdomains can now be hidden from the php-configuration overview.<br />';
+			$description = 'Standard-subdomains can now be hidden from the php-configuration overview.<br />';
 			$question = '<strong>Do you want to hide the standard-subdomains (this can be changed in the settings any time)?:</strong>&nbsp;';
-			$question.= makeyesno('hide_stdsubdomains', '1', '0', '0');
+			$question .= makeyesno('hide_stdsubdomains', '1', '0', '0');
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

 	if (versionInUpdate($current_version, '0.9.29-dev2')) {
 		$has_preconfig = true;
-		$description  = 'You can now decide whether admins/customers are able to change the theme<br />';
+		$description = 'You can now decide whether admins/customers are able to change the theme<br />';
 		$question = '<strong>If you want to disallow theme-changing, select "no" from the dropdowns:</strong>&nbsp;';
-		$question.= "Admins: ". makeyesno('allow_themechange_a', '1', '0', '1').'&nbsp;&nbsp;';
-		$question.= "Customers: ".makeyesno('allow_themechange_c', '1', '0', '1');
+		$question .= "Admins: " . makeyesno('allow_themechange_a', '1', '0', '1') . '&nbsp;&nbsp;';
+		$question .= "Customers: " . makeyesno('allow_themechange_c', '1', '0', '1');
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

 	if (versionInUpdate($current_version, '0.9.29-dev3')) {
 		$has_preconfig = true;
-		$description  = 'There is now a possibility to specify AXFR servers for your bind zone-configuration<br />';
+		$description = 'There is now a possibility to specify AXFR servers for your bind zone-configuration<br />';
 		$question = '<strong>Enter a comma-separated list of AXFR servers or leave empty (default):</strong>&nbsp;';
-		$question.= '<input type="text" class="text" name="system_afxrservers" value="" />';
+		$question .= '<input type="text" class="text" name="system_afxrservers" value="" />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

 	if (versionInUpdate($current_version, '0.9.29-dev4')) {
 		$has_preconfig = true;
-		$description  = 'As customers can now specify ssl-certificate data for their domains, you need to specify where the generated files are stored<br />';
+		$description = 'As customers can now specify ssl-certificate data for their domains, you need to specify where the generated files are stored<br />';
 		$question = '<strong>Specify the directory for customer ssl-certificates:</strong>&nbsp;';
-		$question.= '<input type="text" class="text" name="system_customersslpath" value="/etc/ssl/froxlor-custom/" />';
+		$question .= '<input type="text" class="text" name="system_customersslpath" value="/etc/ssl/froxlor-custom/" />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

 	if (versionInUpdate($current_version, '0.9.29.1-dev3')) {
 		$has_preconfig = true;
-		$description  = 'The build in logrotation-feature has been removed. Please follow the configuration-instructions for your system to enable logrotating again.';
+		$description = 'The build in logrotation-feature has been removed. Please follow the configuration-instructions for your system to enable logrotating again.';
 		$question = '';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}
@@ -555,12 +503,10 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 	// let the apache+fpm users know that they MUST change their config
 	// for the domains / webserver to work after the update
 	if (versionInUpdate($current_version, '0.9.30-dev1')) {
-		if (Settings::Get('system.webserver') == 'apache2'
-			&& Settings::Get('phpfpm.enabled') == '1'
-		) {
+		if (Settings::Get('system.webserver') == 'apache2' && Settings::Get('phpfpm.enabled') == '1') {
 			$has_preconfig = true;
-			$description  = 'The PHP-FPM implementation for apache2 has changed. Please look for the "<b>fastcgi.conf</b>" (Debian/Ubuntu) or "<b>70_fastcgi.conf</b>" (Gentoo) within /etc/apache2/ and change it as shown below:<br /><br />';
-			$description .= '<pre style="width:500px;border:1px solid #ccc;padding:4px;">&lt;IfModule mod_fastcgi.c&gt;
+			$description = 'The PHP-FPM implementation for apache2 has changed. Please look for the "<b>fastcgi.conf</b>" (Debian/Ubuntu) or "<b>70_fastcgi.conf</b>" (Gentoo) within /etc/apache2/ and change it as shown below:<br /><br />';
+			$description .= '<pre class="code-block">&lt;IfModule mod_fastcgi.c&gt;
    FastCgiIpcDir /var/lib/apache2/fastcgi/
    &lt;Location "/fastcgiphp"&gt;
        Order Deny,Allow
@@ -575,11 +521,9 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 	}

 	if (versionInUpdate($current_version, '0.9.31-dev2')) {
-		if (Settings::Get('system.webserver') == 'apache2'
-				&& Settings::Get('phpfpm.enabled') == '1'
-		) {
+		if (Settings::Get('system.webserver') == 'apache2' && Settings::Get('phpfpm.enabled') == '1') {
 			$has_preconfig = true;
-			$description  = 'The FPM socket directory is now a setting in froxlor. Its default is <b>/var/lib/apache2/fastcgi/</b>.<br/>If you are using <b>/var/run/apache2</b> in the "<b>fastcgi.conf</b>" (Debian/Ubuntu) or "<b>70_fastcgi.conf</b>" (Gentoo) please correct this path accordingly<br />';
+			$description = 'The FPM socket directory is now a setting in froxlor. Its default is <b>/var/lib/apache2/fastcgi/</b>.<br/>If you are using <b>/var/run/apache2</b> in the "<b>fastcgi.conf</b>" (Debian/Ubuntu) or "<b>70_fastcgi.conf</b>" (Gentoo) please correct this path accordingly<br />';
 			$question = '';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
@@ -587,50 +531,50 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {

 	if (versionInUpdate($current_version, '0.9.31-dev4')) {
 		$has_preconfig = true;
-		$description  = 'The template-variable {PASSWORD} has been replaced with {LINK}. Please update your password reset templates!<br />';
+		$description = 'The template-variable {PASSWORD} has been replaced with {LINK}. Please update your password reset templates!<br />';
 		$question = '';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

 	if (versionInUpdate($current_version, '0.9.31-dev5')) {
 		$has_preconfig = true;
-		$description  = 'You can enable/disable error-reporting for admins and customers!<br /><br />';
+		$description = 'You can enable/disable error-reporting for admins and customers!<br /><br />';
 		$question = '<strong>Do you want to enable error-reporting for admins? (default: yes):</strong>&nbsp;';
-		$question.= makeyesno('update_error_report_admin', '1', '0', '1').'<br />';
-		$question.= '<strong>Do you want to enable error-reporting for customers? (default: no):</strong>&nbsp;';
-		$question.= makeyesno('update_error_report_customer', '1', '0', '0');
+		$question .= makeyesno('update_error_report_admin', '1', '0', '1') . '<br />';
+		$question .= '<strong>Do you want to enable error-reporting for customers? (default: no):</strong>&nbsp;';
+		$question .= makeyesno('update_error_report_customer', '1', '0', '0');
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

 	if (versionInUpdate($current_version, '0.9.31-rc2')) {
 		$has_preconfig = true;
-		$description  = 'You can enable/disable the display/usage of the news-feed for admins<br /><br />';
+		$description = 'You can enable/disable the display/usage of the news-feed for admins<br /><br />';
 		$question = '<strong>Do you want to enable the news-feed for admins? (default: yes):</strong>&nbsp;';
-		$question.= makeyesno('update_admin_news_feed', '1', '0', '1').'<br />';
+		$question .= makeyesno('update_admin_news_feed', '1', '0', '1') . '<br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

 	if (versionInUpdate($current_version, '0.9.32-dev2')) {
 		$has_preconfig = true;
-		$description  = 'To enable logging of the mail-traffic, you need to set the following settings accordingly<br /><br />';
+		$description = 'To enable logging of the mail-traffic, you need to set the following settings accordingly<br /><br />';
 		$question = '<strong>Do you want to enable the traffic collection for mail? (default: yes):</strong>&nbsp;';
-		$question.= makeyesno('mailtraffic_enabled', '1', '0', '1').'<br />';
-		$question.= '<strong>Mail Transfer Agent</strong><br />';
-		$question.= 'Type of your MTA:&nbsp;';
-		$question.= '<select name="mtaserver">';
-		$question.= makeoption('Postfix', 'postfix', 'postfix');
-		$question.= makeoption('Exim4', 'exim4', 'postfix');
-		$question.= '</select><br />';
-		$question.= 'Logfile for your MTA:&nbsp;';
-		$question.= '<input type="text" class="text" name="mtalog" value="/var/log/mail.log" /><br />';
-		$question.= '<strong>Mail Delivery Agent</strong><br />';
-		$question.= 'Type of your MDA:&nbsp;';
-		$question.= '<select name="mdaserver">';
-		$question.= makeoption('Dovecot', 'dovecot', 'dovecot');
-		$question.= makeoption('Courier', 'courier', 'dovecot');
-		$question.= '</select><br /><br />';
-		$question.= 'Logfile for your MDA:&nbsp;';
-		$question.= '<input type="text" class="text" name="mdalog" value="/var/log/mail.log" /><br />';
+		$question .= makeyesno('mailtraffic_enabled', '1', '0', '1') . '<br />';
+		$question .= '<strong>Mail Transfer Agent</strong><br />';
+		$question .= 'Type of your MTA:&nbsp;';
+		$question .= '<select name="mtaserver">';
+		$question .= makeoption('Postfix', 'postfix', 'postfix');
+		$question .= makeoption('Exim4', 'exim4', 'postfix');
+		$question .= '</select><br />';
+		$question .= 'Logfile for your MTA:&nbsp;';
+		$question .= '<input type="text" class="text" name="mtalog" value="/var/log/mail.log" /><br />';
+		$question .= '<strong>Mail Delivery Agent</strong><br />';
+		$question .= 'Type of your MDA:&nbsp;';
+		$question .= '<select name="mdaserver">';
+		$question .= makeoption('Dovecot', 'dovecot', 'dovecot');
+		$question .= makeoption('Courier', 'courier', 'dovecot');
+		$question .= '</select><br /><br />';
+		$question .= 'Logfile for your MDA:&nbsp;';
+		$question .= '<input type="text" class="text" name="mdalog" value="/var/log/mail.log" /><br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

@@ -638,7 +582,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		$has_preconfig = true;
 		$description = 'Froxlor now generates a cron-configuration file for the cron-daemon. Please set a filename which will be included automatically by your crond (e.g. files in /etc/cron.d/)<br /><br />';
 		$question = '<strong>Path to the cron-service configuration-file.</strong> This file will be updated regularly and automatically by froxlor.<br />Note: please <b>be sure</b> to use the same filename as for the main froxlor cronjob (default: /etc/cron.d/froxlor)!<br />';
-		$question.= '<input type="text" class="text" name="crondfile" value="/etc/cron.d/froxlor" /><br />';
+		$question .= '<input type="text" class="text" name="crondfile" value="/etc/cron.d/froxlor" /><br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

@@ -646,8 +590,93 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		$has_preconfig = true;
 		$description = 'In order for the new cron.d file to work properly, we need to know about the cron-service reload command.<br /><br />';
 		$question = '<strong>Please specify the reload-command of your cron-daemon</strong> (default: /etc/init.d/cron reload)<br />';
-		$question.= '<input type="text" class="text" name="crondreload" value="/etc/init.d/cron reload" /><br />';
+		$question .= '<input type="text" class="text" name="crondreload" value="/etc/init.d/cron reload" /><br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

+	if (versionInUpdate($current_version, '0.9.32-rc2')) {
+		$has_preconfig = true;
+		$description = 'To customize the command which executes the cronjob (php - basically) change the path below according to your system.<br /><br />';
+		$question = '<strong>Please specify the command to execute cronscripts</strong> (default: "/usr/bin/nice -n 5 /usr/bin/php5 -q")<br />';
+		$question .= '<input type="text" class="text" name="croncmdline" value="/usr/bin/nice -n 5 /usr/bin/php5 -q" /><br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_version, '0.9.33-dev1')) {
+		$has_preconfig = true;
+		$description = 'You can enable/disable the display/usage of the custom newsfeed for customers.<br /><br />';
+		$question = '<strong>Do you want to enable the custom newsfeed for customer? (default: no):</strong>&nbsp;';
+		$question .= makeyesno('customer_show_news_feed', '1', '0', '0') . '<br />';
+		$question .= '<strong>You have to set the URL for your RSS-feed here, if you have chosen to enable the custom newsfeed on the customer-dashboard:</strong>&nbsp;';
+		$question .= '<input type="text" class="text" name="customer_news_feed_url" value="" /><br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_version, '0.9.33-dev2')) {
+		// only if bind is used - if not the default will be set, which is '0' (off)
+		if (Settings::get('system.bind_enable') == 1) {
+			$has_preconfig = true;
+			$description = 'You can enable/disable the generation of the bind-zone / config for the system hostname.<br /><br />';
+			$question = '<strong>Do you want to generate a bind-zone for the system-hostname? (default: no):</strong>&nbsp;';
+			$question .= makeyesno('dns_createhostnameentry', '1', '0', '0') . '<br />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
+
+	if (versionInUpdate($current_version, '0.9.33-rc2')) {
+		$has_preconfig = true;
+		$description = 'You can chose whether you want to receive an e-mail on cronjob errors. Keep in mind that this can lead to an e-mail being sent every 5 minutes.<br /><br />';
+		$question = '<strong>Do you want to receive cron-errors via mail? (default: no):</strong>&nbsp;';
+		$question .= makeyesno('system_send_cron_errors', '1', '0', '0') . '<br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_version, '0.9.34-dev3')) {
+		$has_preconfig = true;
+		$description = 'Froxlor now requires the PHP mbstring-extension as we need to be multibyte-character safe in some cases';
+		$question = '<strong>PHP mbstring</strong> is currently: ';
+		if (! extension_loaded('mbstring')) {
+			$question .= '<span class="red">not installed/loaded</span>';
+			$question .= '<br>Please install the PHP mbstring extension in order to finish the update';
+		} else {
+			$question .= '<span class="green">installed/loaded</span>';
+		}
+		$question .= '<br>';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201603070')) {
+		$has_preconfig = true;
+		$description = 'You can chose whether you want to enable or disable our Let\'s Encrypt implementation.<br />Please remember that you need to go through the webserver-configuration when enabled because this feature needs a special configuration.<br /><br />';
+		$question = '<strong>Do you want to enable Let\'s Encrypt? (default: yes):</strong>&nbsp;';
+		$question .= makeyesno('enable_letsencrypt', '1', '0', '1') . '<br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201604270')) {
+		$has_preconfig = true;
+		$description = 'You can chose whether you want to enable or disable our backup function.<br /><br />';
+		$question = '<strong>Do you want to enable Backup? (default: no):</strong>&nbsp;';
+		$question .= makeyesno('enable_backup', '1', '0', '0') . '<br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201605090')) {
+		$has_preconfig = true;
+		$description = 'You can chose whether you want to enable or disable our DNS editor<br /><br />';
+		$question = '<strong>Do you want to enable the DNS editor? (default: no):</strong>&nbsp;';
+		$question .= makeyesno('enable_dns', '1', '0', '0') . '<br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201605170')) {
+		$has_preconfig = true;
+		$description = 'Froxlor now supports the dns-daemon Power-DNS, you can chose between bind and powerdns now.';
+		$question = '<strong>Select dns-daemon you want to use:</strong>&nbsp;';
+		$question .= '<select name="new_dns_daemon">';
+		$dnsdaemons = makeoption('Bind9', 'bind', 'bind');
+		$dnsdaemons .= makeoption('PowerDNS', 'pdns', 'bind');
+		$question .= $dnsdaemons . '</select>';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
 }
--- a/install/updatesql.php
+++ b/install/updatesql.php
@@ -17,6 +17,15 @@
 *
 */

+if (!defined('AREA')
+	|| (defined('AREA') && AREA != 'admin')
+	|| !isset($userinfo['loginname'])
+	|| (isset($userinfo['loginname']) && $userinfo['loginname'] == '')
+) {
+	header('Location: ../index.php');
+	exit;
+}
+
 $updatelog = FroxlorLogger::getInstanceOf(array('loginname' => 'updater'));

 $updatelogfile = validateUpdateLogFile(makeCorrectFile(dirname(__FILE__).'/update.log'));
@@ -50,12 +59,12 @@ if (isFroxlor()) {

 	$integrity = new IntegrityCheck();
 	if (!$integrity->checkAll()) {
-		lastStepStatus(2, 'Monkeys ate the integrity');
+		lastStepStatus(1, 'Monkeys ate the integrity');
 		showUpdateStep("Trying to remove monkeys, feeding bananas");
 		if(!$integrity->fixAll()) {
-			lastStepStatus(2, 'Some monkeys just would not move');
+			lastStepStatus(2, 'Some monkeys just would not move, you should contact team@froxlor.org');
 		} else {
-			lastStepStatus(0);
+			lastStepStatus(0, 'Integrity restored');
 		}
 	} else {
 		lastStepStatus(0);
--- a/js/excanvas.min.js
+++ b/js/excanvas.min.js
--- a/js/html5shiv.js
+++ b/js/html5shiv.js
@@ -1,8 +0,0 @@
-/*
- HTML5 Shiv v3.7.0 | @afarkas @jdalton @jon_neal @rem | MIT/GPL2 Licensed
-*/
-(function(l,f){function m(){var a=e.elements;return"string"==typeof a?a.split(" "):a}function i(a){var b=n[a[o]];b||(b={},h++,a[o]=h,n[h]=b);return b}function p(a,b,c){b||(b=f);if(g)return b.createElement(a);c||(c=i(b));b=c.cache[a]?c.cache[a].cloneNode():r.test(a)?(c.cache[a]=c.createElem(a)).cloneNode():c.createElem(a);return b.canHaveChildren&&!s.test(a)?c.frag.appendChild(b):b}function t(a,b){if(!b.cache)b.cache={},b.createElem=a.createElement,b.createFrag=a.createDocumentFragment,b.frag=b.createFrag();
-a.createElement=function(c){return!e.shivMethods?b.createElem(c):p(c,a,b)};a.createDocumentFragment=Function("h,f","return function(){var n=f.cloneNode(),c=n.createElement;h.shivMethods&&("+m().join().replace(/[\w\-]+/g,function(a){b.createElem(a);b.frag.createElement(a);return'c("'+a+'")'})+");return n}")(e,b.frag)}function q(a){a||(a=f);var b=i(a);if(e.shivCSS&&!j&&!b.hasCSS){var c,d=a;c=d.createElement("p");d=d.getElementsByTagName("head")[0]||d.documentElement;c.innerHTML="x<style>article,aside,dialog,figcaption,figure,footer,header,hgroup,main,nav,section{display:block}mark{background:#FF0;color:#000}template{display:none}</style>";
-c=d.insertBefore(c.lastChild,d.firstChild);b.hasCSS=!!c}g||t(a,b);return a}var k=l.html5||{},s=/^<|^(?:button|map|select|textarea|object|iframe|option|optgroup)$/i,r=/^(?:a|b|code|div|fieldset|h1|h2|h3|h4|h5|h6|i|label|li|ol|p|q|span|strong|style|table|tbody|td|th|tr|ul)$/i,j,o="_html5shiv",h=0,n={},g;(function(){try{var a=f.createElement("a");a.innerHTML="<xyz></xyz>";j="hidden"in a;var b;if(!(b=1==a.childNodes.length)){f.createElement("a");var c=f.createDocumentFragment();b="undefined"==typeof c.cloneNode||
-"undefined"==typeof c.createDocumentFragment||"undefined"==typeof c.createElement}g=b}catch(d){g=j=!0}})();var e={elements:k.elements||"abbr article aside audio bdi canvas data datalist details dialog figcaption figure footer header hgroup main mark meter nav output progress section summary template time video",version:"3.7.0",shivCSS:!1!==k.shivCSS,supportsUnknownElements:g,shivMethods:!1!==k.shivMethods,type:"default",shivDocument:q,createElement:p,createDocumentFragment:function(a,b){a||(a=f);
-if(g)return a.createDocumentFragment();for(var b=b||i(a),c=b.frag.cloneNode(),d=0,e=m(),h=e.length;d<h;d++)c.createElement(e[d]);return c}};l.html5=e;q(f)})(this,document);
--- a/js/html5shiv.min.js
+++ b/js/html5shiv.min.js
@@ -0,0 +1,4 @@
+/**
+* @preserve HTML5 Shiv 3.7.2 | @afarkas @jdalton @jon_neal @rem | MIT/GPL2 Licensed
+*/
+!function(a,b){function c(a,b){var c=a.createElement("p"),d=a.getElementsByTagName("head")[0]||a.documentElement;return c.innerHTML="x<style>"+b+"</style>",d.insertBefore(c.lastChild,d.firstChild)}function d(){var a=t.elements;return"string"==typeof a?a.split(" "):a}function e(a,b){var c=t.elements;"string"!=typeof c&&(c=c.join(" ")),"string"!=typeof a&&(a=a.join(" ")),t.elements=c+" "+a,j(b)}function f(a){var b=s[a[q]];return b||(b={},r++,a[q]=r,s[r]=b),b}function g(a,c,d){if(c||(c=b),l)return c.createElement(a);d||(d=f(c));var e;return e=d.cache[a]?d.cache[a].cloneNode():p.test(a)?(d.cache[a]=d.createElem(a)).cloneNode():d.createElem(a),!e.canHaveChildren||o.test(a)||e.tagUrn?e:d.frag.appendChild(e)}function h(a,c){if(a||(a=b),l)return a.createDocumentFragment();c=c||f(a);for(var e=c.frag.cloneNode(),g=0,h=d(),i=h.length;i>g;g++)e.createElement(h[g]);return e}function i(a,b){b.cache||(b.cache={},b.createElem=a.createElement,b.createFrag=a.createDocumentFragment,b.frag=b.createFrag()),a.createElement=function(c){return t.shivMethods?g(c,a,b):b.createElem(c)},a.createDocumentFragment=Function("h,f","return function(){var n=f.cloneNode(),c=n.createElement;h.shivMethods&&("+d().join().replace(/[\w\-:]+/g,function(a){return b.createElem(a),b.frag.createElement(a),'c("'+a+'")'})+");return n}")(t,b.frag)}function j(a){a||(a=b);var d=f(a);return!t.shivCSS||k||d.hasCSS||(d.hasCSS=!!c(a,"article,aside,dialog,figcaption,figure,footer,header,hgroup,main,nav,section{display:block}mark{background:#FF0;color:#000}template{display:none}")),l||i(a,d),a}var k,l,m="3.7.2",n=a.html5||{},o=/^<|^(?:button|map|select|textarea|object|iframe|option|optgroup)$/i,p=/^(?:a|b|code|div|fieldset|h1|h2|h3|h4|h5|h6|i|label|li|ol|p|q|span|strong|style|table|tbody|td|th|tr|ul)$/i,q="_html5shiv",r=0,s={};!function(){try{var a=b.createElement("a");a.innerHTML="<xyz></xyz>",k="hidden"in a,l=1==a.childNodes.length||function(){b.createElement("a");var a=b.createDocumentFragment();return"undefined"==typeof a.cloneNode||"undefined"==typeof a.createDocumentFragment||"undefined"==typeof a.createElement}()}catch(c){k=!0,l=!0}}();var t={elements:n.elements||"abbr article aside audio bdi canvas data datalist details dialog figcaption figure footer header hgroup main mark meter nav output picture progress section summary template time video",version:m,shivCSS:n.shivCSS!==!1,supportsUnknownElements:l,shivMethods:n.shivMethods!==!1,type:"default",shivDocument:j,createElement:g,createDocumentFragment:h,addElements:e};a.html5=t,j(b)}(this,document);
--- a/js/jquery-ui.min.js
+++ b/js/jquery-ui.min.js
--- a/js/jquery.flot.min.js
+++ b/js/jquery.flot.min.js
--- a/js/jquery.min.js
+++ b/js/jquery.min.js
--- a/js/jquery.tablesorter.min.js
+++ b/js/jquery.tablesorter.min.js
--- a/js/plugins/flot.resize.min.js
+++ b/js/plugins/flot.resize.min.js
@@ -1 +0,0 @@
-(function($,t,n){function p(){for(var n=r.length-1;n>=0;n--){var o=$(r[n]);if(o[0]==t||o.is(":visible")){var h=o.width(),d=o.height(),v=o.data(a);!v||h===v.w&&d===v.h?i[f]=i[l]:(i[f]=i[c],o.trigger(u,[v.w=h,v.h=d]))}else v=o.data(a),v.w=0,v.h=0}s!==null&&(s=t.requestAnimationFrame(p))}var r=[],i=$.resize=$.extend($.resize,{}),s,o="setTimeout",u="resize",a=u+"-special-event",f="delay",l="pendingDelay",c="activeDelay",h="throttleWindow";i[l]=250,i[c]=20,i[f]=i[l],i[h]=!0,$.event.special[u]={setup:function(){if(!i[h]&&this[o])return!1;var t=$(this);r.push(this),t.data(a,{w:t.width(),h:t.height()}),r.length===1&&(s=n,p())},teardown:function(){if(!i[h]&&this[o])return!1;var t=$(this);for(var n=r.length-1;n>=0;n--)if(r[n]==this){r.splice(n,1);break}t.removeData(a),r.length||(cancelAnimationFrame(s),s=null)},add:function(t){function s(t,i,s){var o=$(this),u=o.data(a);u.w=i!==n?i:o.width(),u.h=s!==n?s:o.height(),r.apply(this,arguments)}if(!i[h]&&this[o])return!1;var r;if($.isFunction(t))return r=t,s;r=t.handler,t.handler=s}},t.requestAnimationFrame||(t.requestAnimationFrame=function(){return t.webkitRequestAnimationFrame||t.mozRequestAnimationFrame||t.oRequestAnimationFrame||t.msRequestAnimationFrame||function(e,n){return t.setTimeout(e,i[f])}}()),t.cancelAnimationFrame||(t.cancelAnimationFrame=function(){return t.webkitCancelRequestAnimationFrame||t.mozCancelRequestAnimationFrame||t.oCancelRequestAnimationFrame||t.msCancelRequestAnimationFrame||clearTimeout}())})(jQuery,this);(function($){var options={};function init(plot){function onResize(){var placeholder=plot.getPlaceholder();if(placeholder.width()==0||placeholder.height()==0)return;plot.resize();plot.setupGrid();plot.draw()}function bindEvents(plot,eventHolder){plot.getPlaceholder().resize(onResize)}function shutdown(plot,eventHolder){plot.getPlaceholder().unbind("resize",onResize)}plot.hooks.bindEvents.push(bindEvents);plot.hooks.shutdown.push(shutdown)}$.plot.plugins.push({init:init,options:options,name:"resize",version:"1.0"})})(jQuery);
--- a/js/plugins/jquery.flot.resize.min.js
+++ b/js/plugins/jquery.flot.resize.min.js
@@ -0,0 +1,7 @@
+/* Javascript plotting library for jQuery, version 0.8.3.
+
+Copyright (c) 2007-2014 IOLA and Ole Laursen.
+Licensed under the MIT license.
+
+*/
+(function($,e,t){"$:nomunge";var i=[],n=$.resize=$.extend($.resize,{}),a,r=false,s="setTimeout",u="resize",m=u+"-special-event",o="pendingDelay",l="activeDelay",f="throttleWindow";n[o]=200;n[l]=20;n[f]=true;$.event.special[u]={setup:function(){if(!n[f]&&this[s]){return false}var e=$(this);i.push(this);e.data(m,{w:e.width(),h:e.height()});if(i.length===1){a=t;h()}},teardown:function(){if(!n[f]&&this[s]){return false}var e=$(this);for(var t=i.length-1;t>=0;t--){if(i[t]==this){i.splice(t,1);break}}e.removeData(m);if(!i.length){if(r){cancelAnimationFrame(a)}else{clearTimeout(a)}a=null}},add:function(e){if(!n[f]&&this[s]){return false}var i;function a(e,n,a){var r=$(this),s=r.data(m)||{};s.w=n!==t?n:r.width();s.h=a!==t?a:r.height();i.apply(this,arguments)}if($.isFunction(e)){i=e;return a}else{i=e.handler;e.handler=a}}};function h(t){if(r===true){r=t||1}for(var s=i.length-1;s>=0;s--){var l=$(i[s]);if(l[0]==e||l.is(":visible")){var f=l.width(),c=l.height(),d=l.data(m);if(d&&(f!==d.w||c!==d.h)){l.trigger(u,[d.w=f,d.h=c]);r=t||true}}else{d=l.data(m);d.w=0;d.h=0}}if(a!==null){if(r&&(t==null||t-r<1e3)){a=e.requestAnimationFrame(h)}else{a=setTimeout(h,n[o]);r=false}}}if(!e.requestAnimationFrame){e.requestAnimationFrame=function(){return e.webkitRequestAnimationFrame||e.mozRequestAnimationFrame||e.oRequestAnimationFrame||e.msRequestAnimationFrame||function(t,i){return e.setTimeout(function(){t((new Date).getTime())},n[l])}}()}if(!e.cancelAnimationFrame){e.cancelAnimationFrame=function(){return e.webkitCancelRequestAnimationFrame||e.mozCancelRequestAnimationFrame||e.oCancelRequestAnimationFrame||e.msCancelRequestAnimationFrame||clearTimeout}()}})(jQuery,this);(function($){var options={};function init(plot){function onResize(){var placeholder=plot.getPlaceholder();if(placeholder.width()==0||placeholder.height()==0)return;plot.resize();plot.setupGrid();plot.draw()}function bindEvents(plot,eventHolder){plot.getPlaceholder().resize(onResize)}function shutdown(plot,eventHolder){plot.getPlaceholder().unbind("resize",onResize)}plot.hooks.bindEvents.push(bindEvents);plot.hooks.shutdown.push(shutdown)}$.plot.plugins.push({init:init,options:options,name:"resize",version:"1.0"})})(jQuery);
--- a/js/plugins/jquery.tablesorter.sizeparser.min.js
+++ b/js/plugins/jquery.tablesorter.sizeparser.min.js
@@ -0,0 +1,23 @@
+$.tablesorter.addParser({
+	id: 'filesize',
+	is: function(s) {
+		return s.match(new RegExp(/[0-9]+(\.[0-9]+)?\ (KiB|B|GiB|MiB|TiB)/));
+	},
+	format: function(s) {
+		var suf = s.match(new RegExp(/(KiB|B|GiB|MiB|TiB)/))[1];
+		var num = parseFloat(s.match(new RegExp(/^[0-9]+(\.[0-9]+)?/))[0]);
+		switch (suf) {
+		case 'B':
+			return num;
+		case 'KiB':
+			return num * 1024;
+		case 'MiB':
+			return num * 1024 * 1024;
+		case 'GiB':
+			return num * 1024 * 1024 * 1024;
+		case 'TiB':
+			return num * 1024 * 1024 * 1024 * 1024;
+		}
+	},
+	type: 'numeric'
+});
--- a/lib/.gitignore
+++ b/lib/.gitignore
@@ -1 +0,0 @@
-userdata.inc.php
--- a/lib/ajax.php
+++ b/lib/ajax.php
@@ -16,6 +16,18 @@
 *
 */

+// Load the user settings
+define('FROXLOR_INSTALL_DIR', dirname(dirname(__FILE__)));
+if (!file_exists('./userdata.inc.php')) {
+	die();
+}
+require './userdata.inc.php';
+require './tables.inc.php';
+require './classes/database/class.Database.php';
+require './classes/settings/class.Settings.php';
+require './functions/validate/function.validate_ip.php';
+require './functions/validate/function.validateDomain.php';
+
 if(isset($_POST['action'])) {
 	$action = $_POST['action'];
 } elseif(isset($_GET['action'])) {
@@ -25,15 +37,16 @@ if(isset($_POST['action'])) {
 }

 if ($action == "newsfeed") {
-	$feed = "http://inside.froxlor.org/news/";
+	if (isset($_GET['role']) && $_GET['role'] == "customer") {
+		$feed = Settings::Get("customer.news_feed_url");
+	} else {
+		$feed = "https://inside.froxlor.org/news/";
+	}

 	if (function_exists("simplexml_load_file") == false) {
 		die();
 	}

-	// get version
-	require './tables.inc.php';
-
 	if (function_exists('curl_version')) {
 		$ch = curl_init();
 		curl_setopt($ch, CURLOPT_URL, $feed);
@@ -61,7 +74,19 @@ if ($action == "newsfeed") {
 			$content = preg_replace("/[\r\n]+/", " ", strip_tags($item->description));
 			$content = substr($content, 0, 150) . "...";

-			echo "<tr class=\"newsitem\"><td><small>" . $date . "</small><br /><a href=\"" . $link . "\" target=\"_blank\"><b>" . $title . "</b><br />" . $content . "</a></td></tr>";
+			echo "<li class=\"clearfix\">
+                <div class=\"newsfeed-body clearfix\">
+                    <div class=\"header\">
+                        <strong class=\"primary-font\"><a href=\"{$link}\" target=\"_blank\">{$title}</a></strong>
+                        <small class=\"pull-right text-muted\">
+                            <i class=\"fa fa-clock-o fa-fw\"></i> {$date}
+                        </small>
+                    </div>
+                    <p>
+                        {$content}
+                    </p>
+                </div>
+            </li>";
 		}
 	} else {
 		echo "";
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				(function($,t,n){function p(){for(var n=r.length-1;n>=0;n--){var o=$(r[n]);if(o[0]==t\|\|o.is(":visible")){var h=o.width(),d=o.height(),v=o.data(a);!v\|\|h===v.w&&d===v.h?i[f]=i[l]:(i[f]=i[c],o.trigger(u,[v.w=h,v.h=d]))}else v=o.data(a),v.w=0,v.h=0}s!==null&&(s=t.requestAnimationFrame(p))}var r=[],i=$.resize=$.extend($.resize,{}),s,o="setTimeout",u="resize",a=u+"-special-event",f="delay",l="pendingDelay",c="activeDelay",h="throttleWindow";i[l]=250,i[c]=20,i[f]=i[l],i[h]=!0,$.event.special[u]={setup:function(){if(!i[h]&&this[o])return!1;var t=$(this);r.push(this),t.data(a,{w:t.width(),h:t.height()}),r.length===1&&(s=n,p())},teardown:function(){if(!i[h]&&this[o])return!1;var t=$(this);for(var n=r.length-1;n>=0;n--)if(r[n]==this){r.splice(n,1);break}t.removeData(a),r.length\|\|(cancelAnimationFrame(s),s=null)},add:function(t){function s(t,i,s){var o=$(this),u=o.data(a);u.w=i!==n?i:o.width(),u.h=s!==n?s:o.height(),r.apply(this,arguments)}if(!i[h]&&this[o])return!1;var r;if($.isFunction(t))return r=t,s;r=t.handler,t.handler=s}},t.requestAnimationFrame\|\|(t.requestAnimationFrame=function(){return t.webkitRequestAnimationFrame\|\|t.mozRequestAnimationFrame\|\|t.oRequestAnimationFrame\|\|t.msRequestAnimationFrame\|\|function(e,n){return t.setTimeout(e,i[f])}}()),t.cancelAnimationFrame\|\|(t.cancelAnimationFrame=function(){return t.webkitCancelRequestAnimationFrame\|\|t.mozCancelRequestAnimationFrame\|\|t.oCancelRequestAnimationFrame\|\|t.msCancelRequestAnimationFrame\|\|clearTimeout}())})(jQuery,this);(function($){var options={};function init(plot){function onResize(){var placeholder=plot.getPlaceholder();if(placeholder.width()==0\|\|placeholder.height()==0)return;plot.resize();plot.setupGrid();plot.draw()}function bindEvents(plot,eventHolder){plot.getPlaceholder().resize(onResize)}function shutdown(plot,eventHolder){plot.getPlaceholder().unbind("resize",onResize)}plot.hooks.bindEvents.push(bindEvents);plot.hooks.shutdown.push(shutdown)}$.plot.plugins.push({init:init,options:options,name:"resize",version:"1.0"})})(jQuery);