use separate escapeshellarg()-calls as it leads to 'group user' as being recognized as the group only

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

actions/admin/settings/100.panel.php

@@ -93,23 +93,6 @@ return array(
 					'option_options' => array('Manual' => $lng['serversettings']['manual'], 'Dropdown' => $lng['serversettings']['dropdown']),
 					'save_method' => 'storeSettingField',
 					),
-				'use_webfonts' => array(
-					'label' => $lng['serversettings']['enablewebfonts'],
-					'settinggroup' => 'panel',
-					'varname' => 'use_webfonts',
-					'type' => 'bool',
-					'default' => true,
-					'save_method' => 'storeSettingField',
-					),
-				'webfont' => array(
-					'label' => $lng['serversettings']['definewebfont']['title'],
-					'settinggroup' => 'panel',
-					'varname' => 'webfont',
-					'type' => 'string',
-					'default' => 'Numans',
-					'string_emptyallowed' => false,
-					'save_method' => 'storeSettingField',
-					),
 				'panel_adminmail' => array(
 					'label' => $lng['serversettings']['adminmail'],
 					'settinggroup' => 'panel',
@@ -202,6 +185,24 @@ return array(
 					'default' => true,
 					'save_method' => 'storeSettingField',
 					),
+				'customer_show_news_feed' => array(
+					'label' => $lng['admin']['customer_show_news_feed'],
+					'settinggroup' => 'customer',
+					'varname' => 'show_news_feed',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'customer_news_feed_url' => array(
+					'label' => $lng['admin']['customer_news_feed_url'],
+					'settinggroup' => 'customer',
+					'varname' => 'news_feed_url',
+					'type' => 'string',
+					'string_type' => 'url',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					),
 				'panel_allow_domain_change_admin' => array(
 					'label' => $lng['serversettings']['panel_allow_domain_change_admin'],
 					'settinggroup' => 'panel',

actions/admin/settings/110.accounts.php

@@ -70,6 +70,46 @@ return array(
 					'default' => 0,
 					'save_method' => 'storeSettingField',
 					),
+				'panel_password_alpha_lower' => array(
+					'label' => $lng['serversettings']['panel_password_alpha_lower'],
+					'settinggroup' => 'panel',
+					'varname' => 'password_alpha_lower',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'panel_password_alpha_upper' => array(
+					'label' => $lng['serversettings']['panel_password_alpha_upper'],
+					'settinggroup' => 'panel',
+					'varname' => 'password_alpha_upper',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'panel_password_numeric' => array(
+					'label' => $lng['serversettings']['panel_password_numeric'],
+					'settinggroup' => 'panel',
+					'varname' => 'password_numeric',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'panel_password_special_char_required' => array(
+					'label' => $lng['serversettings']['panel_password_special_char_required'],
+					'settinggroup' => 'panel',
+					'varname' => 'password_special_char_required',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'panel_password_special_char' => array(
+					'label' => $lng['serversettings']['panel_password_special_char'],
+					'settinggroup' => 'panel',
+					'varname' => 'password_special_char',
+					'type' => 'string',
+					'default' => '!?<>§$%&+#=@',
+					'save_method' => 'storeSettingField',
+					),
 				'panel_password_regex' => array(
 					'label' => $lng['serversettings']['panel_password_regex'],
 					'settinggroup' => 'panel',

actions/admin/settings/136.phpfpm.php

@@ -185,9 +185,16 @@ return array(
 					'default' => 30,
 					'save_method' => 'storeSettingField'
 					),
+				'system_phpfpm_use_mod_proxy' => array(
+					'label' => $lng['phpfpm']['use_mod_proxy'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'use_mod_proxy',
+					'type' => 'bool',
+					'default' => false,
+					'visible' => Settings::Get('system.apache24'),
+					'save_method' => 'storeSettingField'
+					),
 				),
 			),
 		),
 	);
-
-?>

actions/admin/settings/160.nameserver.php

@@ -74,10 +74,19 @@ return array(
 					'varname' => 'axfrservers',
 					'type' => 'string',
 					'string_type' => 'validate_ip',
+					'string_delimiter' => ',',
 					'string_emptyallowed' => true,
 					'default' => '',
 					'save_method' => 'storeSettingField',
 				),
+				'system_dns_createhostnameentry' => array(
+					'label' => $lng['serversettings']['dns_createhostnameentry'],
+					'settinggroup' => 'system',
+					'varname' => 'dns_createhostnameentry',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
 				'system_dns_createmailentry' => array(
 					'label' => $lng['serversettings']['mail_also_with_mxservers'],
 					'settinggroup' => 'system',

admin_admins.php

@@ -68,7 +68,7 @@ if ($page == 'admins'
 				// percent-values for progressbar
 				// For Disk usage
 				if ($row['diskspace'] > 0) {
-					$disk_percent = round(($row['diskspace_used']*100)/$row['diskspace'], 2);
+					$disk_percent = round(($row['diskspace_used']*100)/$row['diskspace'], 0);
 					$disk_doublepercent = round($disk_percent*2, 2);
 				} else {
 					$disk_percent = 0;
@@ -76,13 +76,21 @@ if ($page == 'admins'
 				}
 				// For Traffic usage
 				if ($row['traffic'] > 0) {
-					$traffic_percent = round(($row['traffic_used']*100)/$row['traffic'], 2);
+					$traffic_percent = round(($row['traffic_used']*100)/$row['traffic'], 0);
 					$traffic_doublepercent = round($traffic_percent*2, 2);
 				} else {
 					$traffic_percent = 0;
 					$traffic_doublepercent = 0;
 				}
 
+				// fix progress-bars if value is >100%
+				if ($disk_percent > 100) {
+					$disk_percent = 100;
+				}
+				if ($traffic_percent > 100) {
+					$traffic_percent = 100;
+				}
+
 				$row = str_replace_array('-1', 'UL', $row, 'customers domains diskspace traffic mysqls emails email_accounts email_forwarders email_quota ftps subdomains tickets');
 				$row = htmlentities_array($row);
 				eval("\$admins.=\"" . getTemplate("admins/admins_admin") . "\";");

admin_customers.php

@@ -95,7 +95,7 @@ if ($page == 'customers'
 				 */
 				//For Disk usage
 				if ($row['diskspace'] > 0) {
-					$disk_percent = round(($row['diskspace_used']*100)/$row['diskspace'], 2);
+					$disk_percent = round(($row['diskspace_used']*100)/$row['diskspace'], 0);
 					$disk_doublepercent = round($disk_percent*2, 2);
 				} else {
 					$disk_percent = 0;
@@ -103,7 +103,7 @@ if ($page == 'customers'
 				}
 
 				if ($row['traffic'] > 0) {
-					$traffic_percent = round(($row['traffic_used']*100)/$row['traffic'], 2);
+					$traffic_percent = round(($row['traffic_used']*100)/$row['traffic'], 0);
 					$traffic_doublepercent = round($traffic_percent*2, 2);
 				} else {
 					$traffic_percent = 0;
@@ -119,6 +119,15 @@ if ($page == 'customers'
 
 				$row = str_replace_array('-1', 'UL', $row, 'diskspace traffic mysqls emails email_accounts email_forwarders ftps tickets subdomains');
 				$row = htmlentities_array($row);
+
+				// fix progress-bars if value is >100%
+				if ($disk_percent > 100) {
+					$disk_percent = 100;
+				}
+				if ($traffic_percent > 100) {
+					$traffic_percent = 100;
+				}
+
 				eval("\$customers.=\"" . getTemplate("customers/customers_customer") . "\";");
 				$count++;
 			}
@@ -824,7 +833,21 @@ if ($page == 'customers'
 							'guid' => $guid,
 							'members' => $loginname.','.Settings::Get('system.httpuser')
 					);
+
+					// also, add froxlor-local user to ftp-group (if exists!) to
+					// allow access to customer-directories from within the panel, which
+					// is necessary when pathedit = Dropdown
+					if ((int)Settings::Get('system.mod_fcgid_ownvhost') == 1 || (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) {
+						if ((int)Settings::Get('system.mod_fcgid') == 1) {
+							$local_user = Settings::Get('system.mod_fcgid_httpuser');
+						} else {
+							$local_user = Settings::Get('phpfpm.vhost_httpuser');
+						}
+						$ins_data['members'] .= ','.$local_user;
+					}
+
 					Database::pexecute($ins_stmt, $ins_data);
+
 					// FTP-Quotatallies
 					$ins_stmt = Database::prepare("
 						INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "` SET `name` = :name, `quota_type` = 'user', `bytes_in_used` = '0',
@@ -1000,6 +1023,24 @@ if ($page == 'customers'
 		}
 		$result = Database::pexecute_first($result_stmt, $result_data);
 
+		/*
+		 * information for moving customer
+		 */
+		$available_admins_stmt = Database::prepare("
+                        SELECT * FROM `" . TABLE_PANEL_ADMINS . "`
+                        WHERE (`customers` = '-1' OR `customers` < `customers_used`)"
+		);
+		Database::pexecute($available_admins_stmt);
+		$admin_select = makeoption("-----", 0, true, true, true);
+		$admin_select_cnt = 0;
+		while ($available_admin = $available_admins_stmt->fetch()) {
+			$admin_select .= makeoption($available_admin['name']." (".$available_admin['loginname'].")", $available_admin['adminid'], null, true, true);
+			$admin_select_cnt++;
+		}
+		/*
+		 * end of moving customer stuff
+		 */
+
 		if ($result['loginname'] != '') {
 
 			if (isset($_POST['send'])
@@ -1020,6 +1061,8 @@ if ($page == 'customers'
 				$password = validate($_POST['new_customer_password'], 'new password');
 				$gender = intval_ressource($_POST['gender']);
 
+				$move_to_admin = isset($_POST['move_to_admin']) ? intval_ressource($_POST['move_to_admin']) : 0;
+
 				$diskspace = intval_ressource($_POST['diskspace']);
 				if (isset($_POST['diskspace_ul'])) {
 					$diskspace = - 1;
@@ -1498,6 +1541,17 @@ if ($page == 'customers'
 					$admin_update_query.= " WHERE `adminid` = '" . (int)$result['adminid'] . "'";
 					Database::query($admin_update_query);
 					$log->logAction(ADM_ACTION, LOG_INFO, "edited user '" . $result['loginname'] . "'");
+
+					/*
+					 * move customer to another admin/reseller; #1166
+					 */
+					if ($move_to_admin > 0 && $move_to_admin != $result['adminid']) {
+						$move_result = moveCustomerToAdmin($id, $move_to_admin);
+						if ($move_result != true) {
+							standard_error('moveofcustomerfailed', $move_result);
+						}
+					}
+
 					$redirect_props = Array(
 						'page' => $page,
 						's' => $s

admin_domains.php

@@ -579,14 +579,26 @@ if ($page == 'domains'
 				if ($aliasdomain != 0) {
 					// Overwrite given ipandports with these of the "main" domain
 					$ipandports = array();
+					$ssl_ipandports = array();
 					$origipresult_stmt = Database::prepare("
 						SELECT `id_ipandports` FROM `" . TABLE_DOMAINTOIP ."`
 						WHERE `id_domain` = :id"
 					);
 					Database::pexecute($origipresult_stmt, array('id' => $aliasdomain));
-
+					$ipdata_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_IPSANDPORTS."` WHERE `id` = :ipid");
 					while ($origip = $origipresult_stmt->fetch(PDO::FETCH_ASSOC)) {
-						$ipandports[] = $origip['id_ipandports'];
+						$_origip_tmp = Database::pexecute_first($ipdata_stmt, array('ipid' => $origip['id_ipandports']));
+						if ($_origip_tmp['ssl'] == 0) {
+							$ipandports[] = $origip['id_ipandports'];
+						} else {
+							$ssl_ipandports[] = $origip['id_ipandports'];
+						}
+					}
+
+					if (count($ssl_ipandports) == 0) {
+						// we need this for the serialize
+						// if ssl is disabled or no ssl-ip/port exists
+						$ssl_ipandports[] = -1;
 					}
 
 					$aliasdomain_check_stmt = Database::prepare("
@@ -781,16 +793,17 @@ if ($page == 'domains'
 					);
 					Database::pexecute($upd_stmt, array('adminid' => $adminid));
 
+					$ins_stmt = Database::prepare("
+						INSERT INTO `" . TABLE_DOMAINTOIP . "` SET
+						`id_domain` = :domainid,
+						`id_ipandports` = :ipandportsid
+					");
+
 					foreach ($ipandports as $ipportid) {
 						$ins_data = array(
 							'domainid' => $domainid,
 							'ipandportsid' => $ipportid
 						);
-						$ins_stmt = Database::prepare("
-							INSERT INTO `" . TABLE_DOMAINTOIP . "` SET
-							`id_domain` = :domainid,
-							`id_ipandports` = :ipandportsid
-						");
 						Database::pexecute($ins_stmt, $ins_data);
 					}
 
@@ -800,11 +813,6 @@ if ($page == 'domains'
 								'domainid' => $domainid,
 								'ipandportsid' => $ssl_ipportid
 							);
-							$ins_stmt = Database::prepare("
-								INSERT INTO `" . TABLE_DOMAINTOIP . "` SET
-								`id_domain` = :domainid,
-								`id_ipandports` = :ipandportsid
-							");
 							Database::pexecute($ins_stmt, $ins_data);
 						}
 					}
@@ -882,7 +890,7 @@ if ($page == 'domains'
 						$row_ipandport['ip'] = '[' . $row_ipandport['ip'] . ']';
 					}
 
-					$ipsandports[] = array('label' => $row_ipandport['ip'] . ':' . $row_ipandport['port'], 'value' => $row_ipandport['id']);
+					$ipsandports[] = array('label' => $row_ipandport['ip'] . ':' . $row_ipandport['port'] . '<br />', 'value' => $row_ipandport['id']);
 				}
 
 				$ssl_ipsandports = array();
@@ -892,7 +900,7 @@ if ($page == 'domains'
 						$row_ssl_ipandport['ip'] = '[' . $row_ssl_ipandport['ip'] . ']';
 					}
 
-					$ssl_ipsandports[] = array('label' => $row_ssl_ipandport['ip'] . ':' . $row_ssl_ipandport['port'], 'value' => $row_ssl_ipandport['id']);
+					$ssl_ipsandports[] = array('label' => $row_ssl_ipandport['ip'] . ':' . $row_ssl_ipandport['port'] . '<br />', 'value' => $row_ssl_ipandport['id']);
 				}
 
 				$standardsubdomains = array();
@@ -1361,13 +1369,27 @@ if ($page == 'domains'
 				if ($aliasdomain != 0) {
 					// Overwrite given ipandports with these of the "main" domain
 					$ipandports = array();
+					$ssl_ipandports = array();
 					$origipresult_stmt = Database::prepare("
 						SELECT `id_ipandports` FROM `" . TABLE_DOMAINTOIP ."` WHERE `id_domain` = :aliasdomain
 					");
 					Database::pexecute($origipresult_stmt, array('aliasdomain' => $aliasdomain));
+					$ipdata_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_IPSANDPORTS."` WHERE `id` = :ipid");
 					while ($origip = $origipresult_stmt->fetch(PDO::FETCH_ASSOC)) {
-						$ipandports[] = $origip['id_ipandports'];
+						$_origip_tmp = Database::pexecute_first($ipdata_stmt, array('ipid' => $origip['id_ipandports']));
+						if ($_origip_tmp['ssl'] == 0) {
+							$ipandports[] = $origip['id_ipandports'];
+						} else {
+							$ssl_ipandports[] = $origip['id_ipandports'];
+						}
 					}
+
+					if (count($ssl_ipandports) == 0) {
+						// we need this for the serialize
+						// if ssl is disabled or no ssl-ip/port exists
+						$ssl_ipandports[] = -1;
+					}
+
 					$aliasdomain_check_stmt = Database::prepare("
 						SELECT `d`.`id` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c`
 						WHERE `d`.`customerid` = :customerid
@@ -1652,6 +1674,8 @@ if ($page == 'domains'
 				// FIXME check how many we got and if the amount of assigned IP's
 				// has changed so we can insert a config-rebuild task if only
 				// the ip's of this domain were changed
+				// -> for now, always insert a rebuild-task
+				inserttask('1');
 
 				// Cleanup domain <-> ip mapping
 				$del_stmt = Database::prepare("
@@ -1695,7 +1719,9 @@ if ($page == 'domains'
 						Database::pexecute($ins_stmt, array('rowid' => $row['id'], 'ipportid' => $ipportid));
 					}
 					foreach ($ssl_ipandports as $ssl_ipportid) {
-						Database::pexecute($ins_stmt, array('rowid' => $row['id'], 'ipportid' => $ssl_ipportid));
+						if ($ssl_ipportid > 0) {
+							Database::pexecute($ins_stmt, array('rowid' => $row['id'], 'ipportid' => $ssl_ipportid));
+						}
 					}
 				}
 
@@ -1825,7 +1851,7 @@ if ($page == 'domains'
 					if (filter_var($row_ipandport['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
 						$row_ipandport['ip'] = '[' . $row_ipandport['ip'] . ']';
 					}
-					$ipsandports[] = array('label' => $row_ipandport['ip'] . ':' . $row_ipandport['port'], 'value' => $row_ipandport['id']);
+					$ipsandports[] = array('label' => $row_ipandport['ip'] . ':' . $row_ipandport['port'] . '<br />', 'value' => $row_ipandport['id']);
 				}
 
 				$ssl_ipsandports = array();
@@ -1833,7 +1859,7 @@ if ($page == 'domains'
 					if (filter_var($row_ssl_ipandport['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
 						$row_ssl_ipandport['ip'] = '[' . $row_ssl_ipandport['ip'] . ']';
 					}
-					$ssl_ipsandports[] = array('label' => $row_ssl_ipandport['ip'] . ':' . $row_ssl_ipandport['port'], 'value' => $row_ssl_ipandport['id']);
+					$ssl_ipsandports[] = array('label' => $row_ssl_ipandport['ip'] . ':' . $row_ssl_ipandport['port'] . '<br />', 'value' => $row_ssl_ipandport['id']);
 				}
 
 				$result['specialsettings'] = $result['specialsettings'];
@@ -1877,5 +1903,60 @@ if ($page == 'domains'
 				eval("echo \"" . getTemplate("domains/domains_edit") . "\";");
 			}
 		}
+	} elseif($action == 'import') {
+
+		if (isset($_POST['send'])
+			&& $_POST['send'] == 'send'
+		) {
+
+			$customerid = intval($_POST['customerid']);
+			$separator = validate($_POST['separator'], 'separator');
+			$offset = validate($_POST['offset'], 'offset', "/[0-9]/i");
+
+			$file_name = $_FILES['file']['tmp_name'];
+
+			$result = array();
+
+			try {
+				$bulk = new DomainBulkAction($file_name, $customerid);
+				$result = $bulk->doImport($separator, $offset);
+			} catch (Exception $e) {
+				standard_error('domain_import_error', $e->getMessage());
+			}
+
+			// @FIXME find a way to display $result['notice'] here somehow,
+			//        as it might be important if you've reached your maximum allocation of domains
+
+			// update customer/admin counters
+			updateCounters(false);
+
+			$result_str = $result['imported'] . ' / ' . $result['all'];
+			standard_success('domain_import_successfully', $result_str, array('filename' => $filename, 'action' => '', 'page' => 'domains'));
+		} else {
+			$customers = makeoption($lng['panel']['please_choose'], 0, 0, true);
+			$result_customers_stmt = Database::prepare("
+				SELECT `customerid`, `loginname`, `name`, `firstname`, `company`
+				FROM `" . TABLE_PANEL_CUSTOMERS . "` " .
+				($userinfo['customers_see_all'] ? '' : " WHERE `adminid` = '" . (int)$userinfo['adminid'] . "' ") .
+				" ORDER BY `name` ASC"
+			);
+			$params = array();
+			if ($userinfo['customers_see_all'] == '0') {
+				$params['adminid'] = $userinfo['adminid'];
+			}
+			Database::pexecute($result_customers_stmt, $params);
+
+			while ($row_customer = $result_customers_stmt->fetch(PDO::FETCH_ASSOC)) {
+				$customers.= makeoption(getCorrectFullUserDetails($row_customer) . ' (' . $row_customer['loginname'] . ')', $row_customer['customerid']);
+			}
+
+			$domain_import_data = include_once dirname(__FILE__).'/lib/formfields/admin/domains/formfield.domains_import.php';
+			$domain_import_form = htmlform::genHTMLForm($domain_import_data);
+
+			$title = $domain_import_data['domain_import']['title'];
+			$image = $domain_import_data['domain_import']['image'];
+
+			eval("echo \"" . getTemplate("domains/domains_import") . "\";");
+		}
 	}
 }

admin_settings.php

@@ -105,14 +105,14 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 } elseif($page == 'phpinfo'
 	&& $userinfo['change_serversettings'] == '1'
 ) {
-		ob_start();
-		phpinfo();
-		$phpinfo = array('phpinfo' => array());
-		if (preg_match_all(
-				'#(?:<h2>(?:<a name=".*?">)?(.*?)(?:</a>)?</h2>)|(?:<tr(?: class=".*?")?><t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>(?:<t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>(?:<t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>)?)?</tr>)#s',
-				ob_get_clean(), $matches, PREG_SET_ORDER
-			)
-		) {
+	ob_start();
+	phpinfo();
+	$phpinfo = array('phpinfo' => array());
+	if (preg_match_all(
+			'#(?:<h2>(?:<a name=".*?">)?(.*?)(?:</a>)?</h2>)|(?:<tr(?: class=".*?")?><t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>(?:<t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>(?:<t[hd](?: class=".*?")?>(.*?)\s*</t[hd]>)?)?</tr>)#s',
+			ob_get_clean(), $matches, PREG_SET_ORDER
+		)
+	) {
 		foreach ($matches as $match) {
 			$end = array_keys($phpinfo);
 			$end = end($end);
@@ -143,6 +143,8 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 			eval("\$phpinfohtml .= \"" . getTemplate("settings/phpinfo/phpinfo_table") . "\";");
 		}
 		$phpinfo = $phpinfohtml;
+	} else {
+		standard_error($lng['error']['no_phpinfo']);
 	}
 	eval("echo \"" . getTemplate("settings/phpinfo") . "\";");
 

admin_templates.php

@@ -214,24 +214,23 @@ if ($action == '') {
 		&& $_POST['prepare'] == 'prepare'
 	) {
 		//email templates
-		$language = validate($_POST['language'], 'language');
-		$templates = array();
-		$result_stmt = Database::prepare("
-			SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
-			WHERE `adminid`= :adminid AND `language`= :lang
-			AND `templategroup` = 'mails' AND `varname` LIKE '%_subject'"
-		);
-		Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'lang' => $language));
+		$language = validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect');
+		$template = validate($_POST['template'], 'template');
 
-		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
-			$templates[] = str_replace('_subject', '', $row['varname']);
+		$lng_bak = $lng;
+		foreach ($langs['English'] as $key => $value) {
+			include_once makeSecurePath($value['file']);
+		}
+		if ($language != 'English') {
+			foreach ($langs[$language] as $key => $value) {
+				include makeSecurePath($value['file']);
+			}
 		}
 
-		$templates = array_diff($available_templates, $templates);
-		$template_options = '';
-		foreach ($templates as $template) {
-			$template_options.= makeoption($lng['admin']['templates'][$template], $template, NULL, true);
-		}
+		$subject = $lng['mails'][$template]['subject'];
+		$body = str_replace('\n', "\n", $lng['mails'][$template]['mailbody']);
+
+		$lng = $lng_bak;
 
 		$template_add_data = include_once dirname(__FILE__).'/lib/formfields/admin/templates/formfield.template_add.php';
 		$template_add_form = htmlform::genHTMLForm($template_add_data);
@@ -328,6 +327,7 @@ if ($action == '') {
 		//email templates
 		$add = false;
 		$language_options = '';
+		$template_options = '';
 
 		while (list($language_file, $language_name) = each($languages)) {
 			$templates = array();
@@ -344,7 +344,13 @@ if ($action == '') {
 
 			if (count(array_diff($available_templates, $templates)) > 0) {
 				$add = true;
-				$language_options.= makeoption($language_name, $language_file, $userinfo['language'], true);
+				$language_options.= makeoption($language_name, $language_file, $userinfo['language'], true, true);
+
+				$templates = array_diff($available_templates, $templates);
+
+				foreach ($templates as $template) {
+					$template_options.= makeoption($lng['admin']['templates'][$template], $template, NULL, true, true, $language_file) . "\n";
+				}
 			}
 		}
 
@@ -444,6 +450,8 @@ if ($action == '') {
 			Database::pexecute($result_stmt, array('id' => $mailbodyid));
 			$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 			
+			$template_name = str_replace('_mailbody', '', $result['varname']);
+
 			$result = htmlentities_array($result);
 			$mailbody = $result['value'];
 

admin_updates.php

@@ -79,7 +79,7 @@ if ($page == 'overview') {
 				
 				$successful_update = true;
 			} else {
-				$message = '<br /><strong style="color: red">You have to agree that you have read the update notifications.</strong>';
+				$message = '<br /><strong class="red">You have to agree that you have read the update notifications.</strong>';
 			}
 		}
 

customer_domains.php

@@ -406,6 +406,7 @@ if ($page == 'overview') {
 				$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`domain` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c`
 					WHERE `d`.`aliasdomain` IS NULL
 					AND `d`.`id` <> `c`.`standardsubdomain`
+					AND `d`.`parentdomainid` = '0'
 					AND `d`.`customerid`=`c`.`customerid`
 					AND `d`.`email_only`='0'
 					AND `d`.`customerid`= :customerid
@@ -607,6 +608,7 @@ if ($page == 'overview') {
 					WHERE `d`.`aliasdomain` IS NULL
 					AND `d`.`id` <> :id
 					AND `c`.`standardsubdomain` <> `d`.`id`
+					AND `d`.`parentdomainid` = '0'
 					AND `d`.`customerid` = :customerid
 					AND `c`.`customerid` = `d`.`customerid`
 					AND `d`.`id` = `dip`.`id_domain`

customer_ftp.php

@@ -266,7 +266,7 @@ if ($page == 'overview') {
 						);
 						Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
 						$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
-						$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['ftp_add']['infomail_subject']), $replace_arr));
+						$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['new_ftpaccount_by_customer']['subject']), $replace_arr));
 
 						$def_language = $userinfo['def_language'];
 						$result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
@@ -277,7 +277,7 @@ if ($page == 'overview') {
 						);
 						Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
 						$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
-						$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['ftp_add']['infomail_body']['main']), $replace_arr));
+						$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['new_ftpaccount_by_customer']['mailbody']), $replace_arr));
 
 						$_mailerror = false;
 						try {

customer_mysql.php

@@ -232,7 +232,7 @@ if ($page == 'overview') {
 						);
 						Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
 						$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
-						$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['mysql_add']['infomail_subject']), $replace_arr));
+						$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['new_database_by_customer']['subject']), $replace_arr));
 
 						$result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
 							WHERE `adminid`= :adminid
@@ -242,7 +242,7 @@ if ($page == 'overview') {
 						);
 						Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
 						$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
-						$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['mysql_add']['infomail_body']['main']), $replace_arr));
+						$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['new_database_by_customer']['mailbody']), $replace_arr));
 
 						$_mailerror = false;
 						try {

index.php

@@ -280,10 +280,14 @@ if ($action == 'login') {
 		$lastscript = "";
 		if (isset($_REQUEST['script']) && $_REQUEST['script'] != "") {
 			$lastscript = $_REQUEST['script'];
+
+			if (!file_exists(__DIR__."/".$lastscript)) {
+				$lastscript = "";
+			}
 		}
 		$lastqrystr = "";
 		if (isset($_REQUEST['qrystr']) && $_REQUEST['qrystr'] != "") {
-			$lastqrystr = $_REQUEST['qrystr'];
+			$lastqrystr = strip_tags($_REQUEST['qrystr']);
 		}
 
 		eval("echo \"" . getTemplate('login') . "\";");
@@ -363,19 +367,26 @@ if ($action == 'forgotpwd') {
 
 					// Set together our activation link
 					$protocol = empty( $_SERVER['HTTPS'] ) ? 'http' : 'https';
-					$host = $_SERVER['HTTP_HOST'];
+					// this can be a fixed value to avoid potential exploiting by modifying headers
+					$host = Settings::Get('system.hostname'); // $_SERVER['HTTP_HOST'];
 					$port = $_SERVER['SERVER_PORT'] != 80 ? ':' . $_SERVER['SERVER_PORT'] : '';
-					$script = $_SERVER['SCRIPT_NAME'];
+					// don't add :443 when https is used, as it is default (and just looks weird!)
+					if ($protocol == 'https' && $_SERVER['SERVER_PORT'] == '443') {
+						$port = '';
+					}
+					// there can be only one script to handle this so we can use a fixed value here
+					$script = "/index.php"; // $_SERVER['SCRIPT_NAME'];
+					if (Settings::Get('system.froxlordirectlyviahostname') == 0) {
+						$script = makeCorrectFile("/".basename(__DIR__)."/".$script);
+					}
 					$activationlink = $protocol . '://' . $host . $port . $script . '?action=resetpwd&resetcode=' . $activationcode;
 
 					$replace_arr = array(
 						'SALUTATION' => getCorrectUserSalutation($user),
-						'USERNAME' => $user['loginname'],
+						'USERNAME' => $loginname,
 						'LINK' => $activationlink
 					);
 
-					$body = strtr($lng['pwdreminder']['body'], array('%s' => $user['firstname'] . ' ' . $user['name'], '%a' => $activationlink));
-
 					$def_language = ($user['def_language'] != '') ? $user['def_language'] : Settings::Get('panel.standardlanguage');
 					$result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
 						WHERE `adminid`= :adminid
@@ -385,7 +396,7 @@ if ($action == 'forgotpwd') {
 					);
 					Database::pexecute($result_stmt, array("adminid" => $user['adminid'], "lang" => $def_language));
 					$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
-					$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['pwdreminder']['subject']), $replace_arr));
+					$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['password_reset']['subject']), $replace_arr));
 
 					$result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
 						WHERE `adminid`= :adminid
@@ -395,14 +406,14 @@ if ($action == 'forgotpwd') {
 					);
 					Database::pexecute($result_stmt, array("adminid" => $user['adminid'], "lang" => $def_language));
 					$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
-					$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $body), $replace_arr));
+					$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['password_reset']['mailbody']), $replace_arr));
 
 					$_mailerror = false;
 					try {
 						$mail->Subject = $mail_subject;
 						$mail->AltBody = $mail_body;
 						$mail->MsgHTML(str_replace("\n", "<br />", $mail_body));
-						$mail->AddAddress($user['email'], $user['firstname'] . ' ' . $user['name']);
+						$mail->AddAddress($user['email'], getCorrectUserSalutation($user));
 						$mail->Send();
 					} catch(phpmailerException $e) {
 						$mailerr_msg = $e->errorMessage();

install/froxlor.sql

@@ -217,7 +217,6 @@ CREATE TABLE `panel_domains` (
   `customerid` int(11) unsigned NOT NULL default '0',
   `aliasdomain` int(11) unsigned NULL,
   `documentroot` varchar(255) NOT NULL default '',
-  `ipandport` int(11) unsigned NOT NULL default '1',
   `isbinddomain` tinyint(1) NOT NULL default '0',
   `isemaildomain` tinyint(1) NOT NULL default '0',
   `email_only` tinyint(1) NOT NULL default '0',
@@ -227,17 +226,15 @@ CREATE TABLE `panel_domains` (
   `zonefile` varchar(255) NOT NULL default '',
   `dkim` tinyint(1) NOT NULL default '0',
   `dkim_id` int(11) unsigned NOT NULL default '0',
-  `dkim_privkey` text NOT NULL default '',
-  `dkim_pubkey` text NOT NULL default '',
+  `dkim_privkey` text,
+  `dkim_pubkey` text,
   `wwwserveralias` tinyint(1) NOT NULL default '1',
   `parentdomainid` int(11) unsigned NOT NULL default '0',
   `openbasedir` tinyint(1) NOT NULL default '0',
   `openbasedir_path` tinyint(1) NOT NULL default '0',
   `speciallogfile` tinyint(1) NOT NULL default '0',
-  `ssl` tinyint(4) NOT NULL default '0',
   `ssl_redirect` tinyint(4) NOT NULL default '0',
-  `ssl_ipandport` tinyint(4) NOT NULL default '0',
-  `specialsettings` text NOT NULL,
+  `specialsettings` text,
   `deactivated` tinyint(1) NOT NULL default '0',
   `bindserial` varchar(10) NOT NULL default '2000010100',
   `add_date` int( 11 ) NOT NULL default '0',
@@ -263,12 +260,12 @@ CREATE TABLE `panel_ipsandports` (
   `namevirtualhost_statement` tinyint(1) NOT NULL default '0',
   `vhostcontainer` tinyint(1) NOT NULL default '0',
   `vhostcontainer_servername_statement` tinyint(1) NOT NULL default '0',
-  `specialsettings` text NOT NULL default '',
+  `specialsettings` text,
   `ssl` tinyint(4) NOT NULL default '0',
   `ssl_cert_file` varchar(255) NOT NULL,
   `ssl_key_file` varchar(255) NOT NULL,
   `ssl_ca_file` varchar(255) NOT NULL,
-  `default_vhostconf_domain` text NOT NULL,
+  `default_vhostconf_domain` text,
   `ssl_cert_chainfile` varchar(255) NOT NULL,
   `docroot` varchar(255) NOT NULL default '',
   PRIMARY KEY  (`id`)
@@ -341,6 +338,8 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('customer', 'ftpprefix', 'ftp'),
 	('customer', 'mysqlprefix', 'sql'),
 	('customer', 'ftpatdomain', '0'),
+	('customer', 'show_news_feed', '0'),
+	('customer', 'news_feed_url', ''),
 	('ticket', 'noreply_email', 'NO-REPLY@SERVERNAME'),
 	('ticket', 'worktime_all', '1'),
 	('ticket', 'worktime_begin', '00:00'),
@@ -405,6 +404,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('phpfpm', 'defaultini', '1'),
 	('phpfpm', 'vhost_defaultini', '2'),
 	('phpfpm', 'fastcgi_ipcdir', '/var/lib/apache2/fastcgi/'),
+	('phpfpm', 'use_mod_proxy', '0'),
 	('nginx', 'fastcgiparams', '/etc/nginx/fastcgi_params'),
 	('system', 'lastaccountnumber', '0'),
 	('system', 'lastguid', '9999'),
@@ -502,6 +502,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'crondreload', '/etc/init.d/cron reload'),
 	('system', 'croncmdline', '/usr/bin/nice -n 5 /usr/bin/php5 -q'),
 	('system', 'cron_allowautoupdate', '0'),
+	('system', 'dns_createhostnameentry', '0'),
 	('panel', 'decimal_places', '4'),
 	('panel', 'adminmail', 'admin@SERVERNAME'),
 	('panel', 'phpmyadmin_url', ''),
@@ -524,19 +525,22 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'allow_preset', '1'),
 	('panel', 'allow_preset_admin', '0'),
 	('panel', 'password_regex', ''),
-	('panel', 'use_webfonts', '0'),
-	('panel', 'webfont', 'Numans'),
 	('panel', 'phpconfigs_hidestdsubdomain', '0'),
 	('panel', 'allow_theme_change_admin', '1'),
 	('panel', 'allow_theme_change_customer', '1'),
-	('panel', 'version', '0.9.32');
+	('panel', 'password_alpha_lower', '1'),
+	('panel', 'password_alpha_upper', '1'),
+	('panel', 'password_numeric', '0'),
+	('panel', 'password_special_char_required', '0'),
+	('panel', 'password_special_char', '!?<>§$%&+#=@'),
+	('panel', 'version', '0.9.33-rc1');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;
 CREATE TABLE `panel_tasks` (
   `id` int(11) unsigned NOT NULL auto_increment,
   `type` int(11) NOT NULL default '0',
-  `data` text NOT NULL default '',
+  `data` text NOT NULL,
   PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
 
@@ -713,8 +717,8 @@ CREATE TABLE `panel_phpconfigs` (
 
 
 INSERT INTO `panel_phpconfigs` (`id`, `description`, `binary`, `file_extensions`, `mod_fcgid_starter`, `mod_fcgid_maxrequests`, `phpsettings`) VALUES
-(1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 16M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n'),
-(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 16M\r\nnoutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n');
+(1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 16M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\n'),
+(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 16M\r\nnoutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\n');
 
 
 DROP TABLE IF EXISTS `cronjobs_run`;
@@ -809,8 +813,8 @@ CREATE TABLE IF NOT EXISTS `domain_ssl_settings` (
   `domainid` int(11) NOT NULL,
   `ssl_cert_file` text NOT NULL,
   `ssl_key_file` text NOT NULL,
-  `ssl_ca_file` text NOT NULL,
-  `ssl_cert_chainfile` text NOT NULL,
+  `ssl_ca_file` text,
+  `ssl_cert_chainfile` text,
   PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
 

install/lib/class.FroxlorInstall.php

@@ -479,6 +479,9 @@ class FroxlorInstall {
 		$db->query("UPDATE `".TABLE_PANEL_CRONRUNS."` SET `lastrun` = '".$ts."' WHERE `cronfile` ='cron_used_tickets_reset.php';");
 		$db->query("UPDATE `".TABLE_PANEL_CRONRUNS."` SET `lastrun` = '".$ts."' WHERE `cronfile` ='cron_ticketarchive.php';");
 
+		// insert task 99 to generate a correct cron.d-file automatically
+		$db->query("INSERT INTO `".TABLE_PANEL_TASKS."` SET `type` = '99';");
+
 		$content .= $this->_status_message('green', 'OK');
 
 		return $content;
@@ -564,7 +567,7 @@ class FroxlorInstall {
 
 		// we have to create a new user and database for the froxlor unprivileged mysql access
 		$content .= $this->_status_message('begin', $this->_lng['install']['create_mysqluser_and_db']);
-		$ins_stmt = $db_root->prepare("CREATE DATABASE `".str_replace('`', '', $this->_data['mysql_database'])."`");
+		$ins_stmt = $db_root->prepare("CREATE DATABASE `".str_replace('`', '', $this->_data['mysql_database'])."` CHARACTER SET=utf8 COLLATE=utf8_general_ci");
 		$ins_stmt->execute();
 
 		$mysql_access_host_array = array_map('trim', explode(',', $this->_data['mysql_access_host']));
@@ -689,25 +692,25 @@ class FroxlorInstall {
 		$formdata .= $this->_getSectionItemString('mysql_database', true);
 		// unpriv-user has to be different from root
 		if ($this->_data['mysql_unpriv_user'] == $this->_data['mysql_root_user']) {
-			$style = 'color:blue;';
+			$style = 'blue';
 		} else { $style = '';
 		}
 		$formdata .= $this->_getSectionItemString('mysql_unpriv_user', true, $style);
 		// is we posted and no password was given -> red
 		if (!empty($_POST['installstep']) && $this->_data['mysql_unpriv_pass'] == '') {
-			$style = 'color:red;';
+			$style = 'red';
 		} else { $style = '';
 		}
 		$formdata .= $this->_getSectionItemString('mysql_unpriv_pass', true, $style, 'password');
 		// unpriv-user has to be different from root
 		if ($this->_data['mysql_unpriv_user'] == $this->_data['mysql_root_user']) {
-			$style = 'color:blue;';
+			$style = 'blue';
 		} else { $style = '';
 		}
 		$formdata .= $this->_getSectionItemString('mysql_root_user', true, $style);
 		// is we posted and no password was given -> red
 		if (!empty($_POST['installstep']) && $this->_data['mysql_root_pass'] == '') {
-			$style = 'color:red;';
+			$style = 'red';
 		} else { $style = '';
 		}
 		$formdata .= $this->_getSectionItemString('mysql_root_pass', true, $style, 'password');
@@ -847,14 +850,16 @@ class FroxlorInstall {
 			$content .= $this->_status_message('green', PHP_VERSION);
 		}
 
-		// Check if magic_quotes_runtime is active
-		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpmagic_quotes_runtime']);
-		if (get_magic_quotes_runtime()) {
-			// deactivate it
-			set_magic_quotes_runtime(false);
-			$content .= $this->_status_message('orange', $this->_lng['requirements']['not_true'] . "<br />". $this->_lng['requirements']['phpmagic_quotes_runtime_description']);
-		} else {
-			$content .= $this->_status_message('green', 'off');
+		// Check if magic_quotes_runtime is active | get_magic_quotes_runtime() is always FALSE since 5.4
+		if (version_compare(PHP_VERSION, "5.4.0", "<")) {
+			$content .= $this->_status_message('begin', $this->_lng['requirements']['phpmagic_quotes_runtime']);
+			if (get_magic_quotes_runtime()) {
+				// deactivate it
+				set_magic_quotes_runtime(false);
+				$content .= $this->_status_message('orange', $this->_lng['requirements']['not_true'] . "<br />". $this->_lng['requirements']['phpmagic_quotes_runtime_description']);
+			} else {
+				$content .= $this->_status_message('green', 'off');
+			}
 		}
 
 		// check for php_pdo and pdo_mysql
@@ -977,6 +982,7 @@ class FroxlorInstall {
 			) {
 				// use sparkle theme for the notice
 				$installed_hint = file_get_contents($this->_basepath.'/templates/Sparkle/misc/alreadyinstalledhint.tpl');
+				$installed_hint = str_replace("<CURRENT_YEAR>", date('Y', time()), $installed_hint);
 				die($installed_hint);
 			}
 		}
@@ -1058,9 +1064,9 @@ class FroxlorInstall {
 	 */
 	private function _status_message($case, $text) {
 		if ($case == 'begin') {
-			return '<tr><td style="width: 250px;">'.$text;
+			return '<tr><td class="install-step">'.$text;
 		} else {
-			return '</td><td><span style="color:'.$case.';">'.$text.'</span></td></tr>';
+			return '</td><td><span class="'.$case.'">'.$text.'</span></td></tr>';
 		}
 	}
 

install/templates/assets/css/install.css

@@ -1,5 +1,4 @@
 @charset "UTF-8";
-
 /* RESET */
 html,body,div,ul,ol,li,dl,dt,dd,h1,h2,h3,h4,h5,h6,pre,form,p,blockquote,fieldset,input { margin:0; padding:0; }
 h1,h2,h3,h4,h5,h6,pre,code,address,caption,cite,code,em,strong,th { font-size:1em; font-weight:400; font-style:normal; }
@@ -11,10 +10,10 @@ article,aside,details,figcaption,figure,footer,header,hgroup,menu,nav,section {
 
 /* TYPE */
 html,body {
-	font:12px/18px Helvetica,Arial,Verdana,sans-serif;
-	background-color:#f2f2f2;
-	color:#333;
-	-webkit-font-smoothing: antialiased;
+	font:12px/18px 'Lucida Grande','Lucida Sans Unicode',Helvetica,Arial,Verdana,sans-serif;
+	background-color: #f5f5f5;
+	color:#444;
+	-webkit-font-smoothing: subpixel-antialiased;
 }
 
 body {
@@ -557,3 +556,12 @@ select.dropdown {
 	background-color: #35aa47;
 	height:5px;
 }
+
+.red { color: #ff0000; }
+.green { color: green; }
+.orange { color: orange; }
+.blue { color: blue; }
+.install-block { width: 65%; }
+.install-step { width: 250px; }
+.install-h3 { text-align: center; }
+.install-text { margin: 20px 20px 0 !important; }

install/templates/dataform.tpl

@@ -1,4 +1,4 @@
-		<p style="margin: 20px 20px 0 !important">{$this->_lng['install']['title']}</p>
+		<p class="install-text">{$this->_lng['install']['title']}</p>
 		<form action="{$formaction}" method="get">
 			<fieldset>
 				{$formdata}

install/templates/dataform2.tpl

@@ -1,4 +1,4 @@
-		<p style="margin: 20px 20px 0 !important">{$this->_lng['install']['welcometext']}</p>
+		<p class="install-text">{$this->_lng['install']['welcometext']}</p>
 		<form action="{$formaction}" method="post">
 			<hr class="line">
 			<fieldset>

install/templates/dataitem.tpl

@@ -1,4 +1,4 @@
 <p>
-	<label for="{$fieldname}" style="width:65%;{$style}">{$fieldlabel}:</label>&nbsp;
+	<label for="{$fieldname}" class="install-block {$style}">{$fieldlabel}:</label>&nbsp;
 	<input type="{$type}" name="{$fieldname}" id="{$fieldname}" value="{$fieldvalue}" {$required} />
 </p>

install/templates/dataitemchk.tpl

@@ -1,4 +1,4 @@
 <p>
-	<label for="{$fieldname}" style="width:65%;{$style}">{$this->_lng['install']['webserver']} {$fieldlabel}:</label>
+	<label for="{$fieldname}" class="install-block {$style}">{$this->_lng['install']['webserver']} {$fieldlabel}:</label>
 	<input type="radio" name="webserver" id="{$fieldname}" value="{$fieldname}" {$checked} /><span>{$fieldlabel}<span>
 </p>

install/templates/header.tpl

@@ -8,11 +8,6 @@
 	<!--[if IE]><link rel="stylesheet" href="../templates/{$theme}/css/main_ie.css" type="text/css" /><![endif]-->
 	<link href="templates/assets/img/favicon.ico" rel="icon" type="image/x-icon" />
 	<title>Froxlor Server Management Panel - Installation</title>
-	<style type="text/css">
-	body {
-        font-family: Verdana, Geneva, sans-serif;
-	}
-	</style>
 </head>
 <body>
 	<div class="installsec">

install/templates/pagebottom.tpl

@@ -1,4 +1,4 @@
-<h3 style="color:{$msgcolor};text-align: center">{$message}</h3>
+<h3 class="install-h3 {$msgcolor}">{$message}</h3>
 <aside>
 	<a href="{$link}">{$linktext}</a>
 </aside>

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -15,6 +15,15 @@
  *
  */
 
+if (!defined('AREA')
+		|| (defined('AREA') && AREA != 'admin')
+		|| !isset($userinfo['loginname'])
+		|| (isset($userinfo['loginname']) && $userinfo['loginname'] == '')
+) {
+	header('Location: ../../../../index.php');
+	exit;
+}
+
 if (isFroxlorVersion('0.9-r0')) {
 
 	showUpdateStep("Updating from 0.9-r0 to 0.9-r1", false);
@@ -2770,3 +2779,76 @@ if (isFroxlorVersion('0.9.32-rc3')) {
 	showUpdateStep("Updating from 0.9.32-rc3 to 0.9.32 final", false);
 	updateToVersion('0.9.32');
 }
+
+if (isFroxlorVersion('0.9.32')) {
+	showUpdateStep("Updating from 0.9.32 to 0.9.33-dev1", false);
+
+	showUpdateStep("Adding settings for custom newsfeed on customer-dashboard");
+	Settings::AddNew("customer.show_news_feed", isset($_POST['customer_show_news_feed']) ? (int)$_POST['customer_show_news_feed'] : '0');
+	Settings::AddNew("customer.news_feed_url", isset($_POST['customer_news_feed_url']) ? $_POST['customer_news_feed_url'] : '');
+	lastStepStatus(0);
+
+	updateToVersion('0.9.33-dev1');
+}
+
+if (isFroxlorVersion('0.9.33-dev1')) {
+	showUpdateStep("Updating from 0.9.33-dev1 to 0.9.33-dev2", false);
+
+	showUpdateStep("Adding settings for hostname-dns-entry");
+	Settings::AddNew("system.dns_createhostnameentry", isset($_POST['dns_createhostnameentry']) ? (int)$_POST['dns_createhostnameentry'] : '0');
+	lastStepStatus(0);
+
+	updateToVersion('0.9.33-dev2');
+}
+
+if (isFroxlorVersion('0.9.33-dev2')) {
+	showUpdateStep("Updating from 0.9.33-dev2 to 0.9.33-dev3", false);
+
+	showUpdateStep("Adding settings for password-generation options");
+	Settings::AddNew("panel.password_alpha_lower", '1');
+	Settings::AddNew("panel.password_alpha_upper", '1');
+	Settings::AddNew("panel.password_numeric", '0');
+	Settings::AddNew("panel.password_special_char_required", '0');
+	Settings::AddNew("panel.password_special_char", '!?<>§$%&+#=@');
+	lastStepStatus(0);
+
+	showUpdateStep("Adding settings for fpm-apache2.4-mod_proxy integration");
+	Settings::AddNew("phpfpm.use_mod_proxy", '0');
+	lastStepStatus(0);
+
+	updateToVersion('0.9.33-dev3');
+}
+
+if (isFroxlorVersion('0.9.33-dev3')) {
+	showUpdateStep("Updating from 0.9.33-dev3 to 0.9.33-rc1", false);
+
+	showUpdateStep("Updating database-scheme");
+	Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` MODIFY `dkim_privkey` text");
+	Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` MODIFY `dkim_pubkey` text");
+	Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` MODIFY `specialsettings` text");
+	Database::query("ALTER TABLE `".TABLE_PANEL_IPSANDPORTS."` MODIFY `specialsettings` text");
+	Database::query("ALTER TABLE `".TABLE_PANEL_IPSANDPORTS."` MODIFY `default_vhostconf_domain` text");
+	Database::query("ALTER TABLE `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` MODIFY `ssl_ca_file` text");
+	Database::query("ALTER TABLE `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` MODIFY `ssl_cert_chainfile` text");
+	lastStepStatus(0);
+
+	showUpdateStep("Removing old settings");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup`='panel' AND `varname` = 'use_webfonts';");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup`='panel' AND `varname` = 'webfont';");
+	lastStepStatus(0);
+
+	showUpdateStep("Adding local froxlor group to customer groups");
+	if ((int)Settings::Get('system.mod_fcgid_ownvhost') == 1 || (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) {
+		if ((int)Settings::Get('system.mod_fcgid') == 1) {
+			$local_user = Settings::Get('system.mod_fcgid_httpuser');
+		} else {
+			$local_user = Settings::Get('phpfpm.vhost_httpuser');
+		}
+		Database::query("UPDATE `".TABLE_FTP_GROUPS."` SET `members` = CONCAT(`members`, ',".$local_user."');");
+		lastStepStatus(0);
+	} else {
+		lastStepStatus(1, "not needed");
+	}
+
+	updateToVersion('0.9.33-rc1');
+}

install/updates/froxlor/upgrade_syscp.inc.php

@@ -15,6 +15,15 @@
  *
  */
 
+if (!defined('AREA')
+		|| (defined('AREA') && AREA != 'admin')
+		|| !isset($userinfo['loginname'])
+		|| (isset($userinfo['loginname']) && $userinfo['loginname'] == '')
+) {
+	header('Location: ../../../index.php');
+	exit;
+}
+
 $updateto = '0.9-r0';
 $frontend = 'froxlor';
 

install/updates/preconfig.php

@@ -28,7 +28,7 @@
 function getPreConfig($current_version)
 {
 	$has_preconfig = false;
-	$return = '<div class="preconfig"><h3 style="color:#ff0000;">PLEASE NOTE - Important update notifications</h3>';
+	$return = '<div class="preconfig"><h3 class="red">PLEASE NOTE - Important update notifications</h3>';
 
 	include_once makeCorrectFile(dirname(__FILE__).'/preconfig/0.9/preconfig_0.9.inc.php');
 	parseAndOutputPreconfig($has_preconfig, $return, $current_version);

install/updates/preconfig/0.9/preconfig_0.9.inc.php

@@ -440,7 +440,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		$description = 'This version introduces a lot of profound changes:';
 		$description .= '<br /><ul><li>Improving the whole template system</li><li>Full UTF-8 support</li><li><strong>Removing support for the former default theme \'Classic\'</strong></li></ul>';
 		$description .= '<br /><br />Notice: This update will <strong>alter your Froxlor database to use UTF-8</strong> as default charset. ';
-		$description .= 'Even though this is already tested, we <span style="color:#ff0000;font-weight:bold;">strongly recommend</span> to ';
+		$description .= 'Even though this is already tested, we <span class="red">strongly recommend</span> to ';
 		$description .= 'test this update in a testing environment using your existing data.<br /><br />';
 
 		$question = '<strong>Select your preferred Classic Theme replacement:</strong>&nbsp;';
@@ -560,7 +560,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		) {
 			$has_preconfig = true;
 			$description  = 'The PHP-FPM implementation for apache2 has changed. Please look for the "<b>fastcgi.conf</b>" (Debian/Ubuntu) or "<b>70_fastcgi.conf</b>" (Gentoo) within /etc/apache2/ and change it as shown below:<br /><br />';
-			$description .= '<pre style="width:500px;border:1px solid #ccc;padding:4px;">&lt;IfModule mod_fastcgi.c&gt;
+			$description .= '<pre class="code-block">&lt;IfModule mod_fastcgi.c&gt;
     FastCgiIpcDir /var/lib/apache2/fastcgi/
     &lt;Location "/fastcgiphp"&gt;
         Order Deny,Allow
@@ -658,4 +658,25 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}
 
+	if (versionInUpdate($current_version, '0.9.33-dev1')) {
+		$has_preconfig = true;
+		$description  = 'You can enable/disable the display/usage of the custom newsfeed for customers.<br /><br />';
+		$question = '<strong>Do you want to enable the custom newsfeed for customer? (default: no):</strong>&nbsp;';
+		$question.= makeyesno('customer_show_news_feed', '1', '0', '0').'<br />';
+		$question.= '<strong>You have to set the URL for your RSS-feed here, if you have choosen to enable the custom newsfeed on the customer-dashboard:</strong>&nbsp;';
+		$question.= '<input type="text" class="text" name="customer_news_feed_url" value="" /><br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_version, '0.9.33-dev2')) {
+		// only if bind is used - if not the default will be set, which is '0' (off)
+		if (Settings::get('system.bind_enable') == 1) {
+			$has_preconfig = true;
+			$description  = 'You can enable/disable the generation of the bind-zone / config for the system hostname.<br /><br />';
+			$question = '<strong>Do you want to generate a bind-zone for the system-hostname? (default: no):</strong>&nbsp;';
+			$question.= makeyesno('dns_createhostnameentry', '1', '0', '0').'<br />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
+
 }

install/updatesql.php

@@ -17,6 +17,15 @@
  *
  */
 
+if (!defined('AREA')
+	|| (defined('AREA') && AREA != 'admin')
+	|| !isset($userinfo['loginname'])
+	|| (isset($userinfo['loginname']) && $userinfo['loginname'] == '')
+) {
+	header('Location: ../index.php');
+	exit;
+}
+
 $updatelog = FroxlorLogger::getInstanceOf(array('loginname' => 'updater'));
 
 $updatelogfile = validateUpdateLogFile(makeCorrectFile(dirname(__FILE__).'/update.log'));

js/plugins/jquery.tablesorter.sizeparser.min.js

@@ -0,0 +1,23 @@
+$.tablesorter.addParser({
+	id: 'filesize',
+	is: function(s) {
+		return s.match(new RegExp(/[0-9]+(\.[0-9]+)?\ (KiB|B|GiB|MiB|TiB)/));
+	},
+	format: function(s) {
+		var suf = s.match(new RegExp(/(KiB|B|GiB|MiB|TiB)/))[1];
+		var num = parseFloat(s.match(new RegExp(/^[0-9]+(\.[0-9]+)?/))[0]);
+		switch (suf) {
+		case 'B':
+			return num;
+		case 'KiB':
+			return num * 1024;
+		case 'MiB':
+			return num * 1024 * 1024;
+		case 'GiB':
+			return num * 1024 * 1024 * 1024;
+		case 'TiB':
+			return num * 1024 * 1024 * 1024 * 1024;
+		}
+	},
+	type: 'numeric'
+});

lib/ajax.php

@@ -16,6 +16,16 @@
  *
  */
 
+// Load the user settings
+define('FROXLOR_INSTALL_DIR', dirname(dirname(__FILE__)));
+if (!file_exists('./userdata.inc.php')) {
+	die();
+}
+require './userdata.inc.php';
+require './tables.inc.php';
+require './classes/database/class.Database.php';
+require './classes/settings/class.Settings.php';
+
 if(isset($_POST['action'])) {
 	$action = $_POST['action'];
 } elseif(isset($_GET['action'])) {
@@ -25,15 +35,16 @@ if(isset($_POST['action'])) {
 }
 
 if ($action == "newsfeed") {
-	$feed = "http://inside.froxlor.org/news/";
+	if (isset($_GET['role']) && $_GET['role'] == "customer") {
+		$feed = Settings::Get("customer.news_feed_url");
+	} else {
+		$feed = "http://inside.froxlor.org/news/";
+	}
 
 	if (function_exists("simplexml_load_file") == false) {
 		die();
 	}
 
-	// get version
-	require './tables.inc.php';
-
 	if (function_exists('curl_version')) {
 		$ch = curl_init();
 		curl_setopt($ch, CURLOPT_URL, $feed);

lib/classes/bulk/class.DomainBulkAction.php

@@ -0,0 +1,452 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <mkaufmann@nutime.de>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Cron
+ *
+ * @since      0.9.33
+ *
+ */
+
+/**
+ * Class DomainBulkAction to mass-import domains for a given customer
+ *
+ * @author Michael Kaufmann (d00p) <d00p@froxlor.org>
+ *        
+ */
+class DomainBulkAction {
+	
+	/**
+	 * complete path including filename of file to be imported
+	 *
+	 * @var string
+	 */
+	private $_impFile = null;
+	
+	/**
+	 * customer id of the user the domains are being added to
+	 *
+	 * @var int
+	 */
+	private $_custId = null;
+	
+	/**
+	 * array of customer data read from the database
+	 *
+	 * @var array
+	 */
+	private $_custData = null;
+	
+	/**
+	 * array of already known domains from the database
+	 *
+	 * @var array
+	 */
+	private $_knownDomains = null;
+	
+	/**
+	 * array of known ip/port combinations
+	 * 
+	 * @var array
+	 */
+	private $_knownIpPort = null;
+	
+	/**
+	 * array of fields to import to panel_domains
+	 *
+	 * @var array
+	 */
+	private $_required_fields = array (
+			'domain',
+			'documentroot',
+			'isbinddomain',
+			'isemaildomain',
+			'email_only',
+			'iswildcarddomain',
+			'subcanemaildomain',
+			'caneditdomain',
+			'wwwserveralias',
+			'specialsettings',
+			'ssl_redirect',
+			'registration_date',
+			'ips',
+			'adminid',
+			'customerid',
+			'add_date' 
+	);
+	
+	/**
+	 * prepared statements for each domain
+	 *
+	 * @var PDOStatement
+	 */
+	private $_ins_stmt = null;
+	private $_ipp_ins_stmt = null;
+	
+	/**
+	 * class constructor, optionally sets file and customer-id
+	 *
+	 * @param string $import_file        	
+	 * @param int $customer_id        	
+	 *
+	 * @return object DomainBulkAction instance
+	 */
+	public function __construct($import_file = null, $customer_id = 0) {
+
+		if (!empty($import_file)) {
+			$this->_impFile = makeCorrectFile($import_file);
+		}
+		$this->_custId = $customer_id;
+	
+	}
+	
+	/**
+	 * import the parsed import file data with an optional separator other then semicolon
+	 * and offset (maybe for header-line in csv or similar)
+	 *
+	 * @param string $separator        	
+	 * @param int $offset        	
+	 *
+	 * @return array 'all' => amount of records processed, 'imported' => number of imported records
+	 */
+	public function doImport($separator = ";", $offset = 0) {
+		
+		// get the admins userinfo to check for domains_used, etc.
+		global $userinfo;
+		
+		if ($userinfo['domains'] == "-1") {
+			$dom_unlimited = true;
+		} else {
+			$dom_unlimited = false;
+		}
+
+		$domains_used = (int)$userinfo['domains_used'];
+		$domains_avail = (int)$userinfo['domains'];
+		
+		if (empty($separator) || strlen($separator) != 1) {
+			throw new Exception("Invalid separator specified: '" . $separator . "'");
+		}
+		
+		if (! is_int($offset) || $offset < 0) {
+			throw new Exception("Invalid offset specified");
+		}
+
+		if ($this->_custId <= 0) {
+			throw new Exception("Invalid customer selected");
+		}
+
+		$this->_readCustomerData();
+		
+		if (is_null($this->_custData)) {
+			throw new Exception("Failed to read customer data");
+		}
+		
+		$this->_readIpPortData();
+		$this->_readDomainData();
+		
+		try {
+			$domain_array = $this->_parseImportFile($separator);
+		} catch (Exception $e) {
+			throw $e;
+		}
+		
+		if (count($domain_array) <= 0) {
+			throw new Exception("No domains were read from the file.");
+		}
+		
+		// preapre insert statement as it is used a few times
+		$this->_ins_stmt = Database::prepare("
+			INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
+				`domain` = :domain,
+				`adminid` = :adminid,
+				`customerid` = :customerid,
+				`documentroot` = :documentroot,
+				`isbinddomain` = :isbinddomain,
+				`isemaildomain` = :isemaildomain,
+				`email_only` = :email_only,
+				`iswildcarddomain` = :iswildcarddomain,
+				`subcanemaildomain` = :subcanemaildomain,
+				`caneditdomain` = :caneditdomain,
+				`wwwserveralias` = :wwwserveralias,
+				`specialsettings` = :specialsettings,
+				`ssl_redirect` = :ssl_redirect,
+				`registration_date` = :registration_date,
+				`add_date` = :add_date
+		");
+		
+		// prepare insert statement for ip/port <> domain
+		$this->_ipp_ins_stmt = Database::prepare("
+			INSERT INTO `" . TABLE_DOMAINTOIP . "` SET
+				`id_domain` = :domid,
+				`id_ipandports` = :ipid
+		");
+		
+		$global_counter = 0;
+		$import_counter = 0;
+		$note = '';
+		foreach ($domain_array as $idx => $dom) {
+			if ($idx >= $offset) {
+				if ($dom_unlimited || (! $dom_unlimited && $domains_used < $domains_avail)) {
+					$ins_id = $this->_addSingleDomainToDatabase($dom);
+					if ($ins_id !== false) {
+						$import_counter ++;
+						$domains_used ++;
+					}
+				} else {
+					$note = 'You have reached your maximum allocation of domains (' . $domains_avail . ').';
+					break;
+				}
+			}
+			$global_counter ++;
+		}
+		
+		return array (
+				'all' => $global_counter,
+				'imported' => $import_counter,
+				'notice' => $note 
+		);
+	
+	}
+	
+	/**
+	 * setter for import-file
+	 *
+	 * @param string $import_file        	
+	 *
+	 * @return void
+	 */
+	public function setImportFile($import_file = null) {
+
+		$this->_impFile = makeCorrectFile($import_file);
+	
+	}
+	
+	/**
+	 * setter for customer-id
+	 *
+	 * @param int $customer_id        	
+	 *
+	 * @return void
+	 */
+	public function setCustomer($customer_id = 0) {
+
+		$this->_custId = $customer_id;
+	
+	}
+	
+	/**
+	 * adds a single domain to the database using the given array
+	 *
+	 * @param array $domain_data        	
+	 * @param object $ins_stmt prepared PDO-statement to insert into panel_domains
+	 * @param object $ipp_ins_stmt prepared PDO-statement to insert into panel_domaintoip
+	 *        	
+	 * @return int last-inserted id or false on error
+	 */
+	private function _addSingleDomainToDatabase($domain_data = array()) {
+		
+		// format domain
+		$idna_convert = new idna_convert_wrapper();
+		$domain_data['domain'] = $idna_convert->encode(preg_replace(array (
+				'/\:(\d)+$/',
+				'/^https?\:\/\//' 
+		), '', $domain_data['domain']));
+		
+		// check if it is a valid domain
+		if (! validateDomain($domain_data['domain'])) {
+			return false;
+		}
+		
+		// no system-hostname can be added
+		if ($domain_data['domain'] == Settings::Get('system.hostname')) {
+			return false;
+		}
+		
+		// no existing domains
+		if (in_array($domain_data['domain'], $this->_knownDomains)) {
+			return false;
+		}
+		
+		// add to known domains
+		$this->_knownDomains[] = $domain_data['domain'];
+		
+		// docroot (URL allowed, will lead to redirect)
+		if (! preg_match('/^https?\:\/\//', $domain_data['documentroot'])) {
+			$domain_data['documentroot'] = makeCorrectDir($this->_custData['documentroot'] . "/" . $domain_data['documentroot']);
+		}
+		
+		// is bind domain?
+		if (! isset($domain_data['isbinddomain'])) {
+			$domain_data['isbinddomain'] = (Settings::Get('system.bind_enable') == '1') ? 1 : 0;
+		} elseif ($domain_data['isbinddomain'] != 1) {
+			$domain_data['isbinddomain'] = 0;
+		}
+		
+		/*
+		 * automatically set values (not from the file)
+		 */
+		// add date
+		$domain_data['add_date'] = time();
+		// set adminid
+		$domain_data['adminid'] = $this->_custData['adminid'];
+		// set customerid
+		$domain_data['customerid'] = $this->_custId;
+		
+		// check for required fields
+		foreach ($this->_required_fields as $rfld) {
+			if (! isset($domain_data[$rfld])) {
+				return false;
+			}
+		}
+		
+		// clean all fields that do not belong to the required fields
+		$domain_data_tmp = $domain_data;
+		foreach ($domain_data_tmp as $fld => $val) {
+			if (! in_array($fld, $this->_required_fields)) {
+				unset($domain_data[$fld]);
+			}
+		}
+		
+		// save iplist
+		$iplist = $domain_data['ips'];
+		// dont need that for the domain-insert-statement
+		unset($domain_data['ips']);
+		
+		// finally ADD the domain to panel_domains
+		Database::pexecute($this->_ins_stmt, $domain_data);
+		
+		// get the newly inserted domain-id
+		$domain_id = Database::lastInsertId();
+		
+		// insert domain <-> ip/port reference
+		if (empty($iplist)) {
+			$iplist = Settings::Get('system.ipaddress');
+		}
+		
+		// split ip-list and remove duplicates
+		$iplist_arr = array_unique(explode(",", $iplist));
+		foreach ($iplist_arr as $ip) {
+			// if we know the ip, at all variants (different ports, ssl and non-ssl) of it!
+			if (isset($this->_knownIpPort[$ip])) {
+				foreach ($this->_knownIpPort[$ip] as $ipdata) {
+					// add domain->ip reference
+					Database::pexecute($this->_ipp_ins_stmt, array (
+							'domid' => $domain_id,
+							'ipid' => $ipdata['id'] 
+					));
+				}
+			}
+		}
+		
+		return $domain_id;
+	
+	}
+	
+	/**
+	 * reads in the csv import file and returns an array with
+	 * all the domains to be imported
+	 *
+	 * @param string $separator        	
+	 *
+	 * @return array
+	 */
+	private function _parseImportFile($separator = ";") {
+
+		if (empty($this->_impFile)) {
+			throw new Exception("No file was given for import");
+		}
+		
+		if (! file_exists($this->_impFile)) {
+			throw new Exception("The file '" . $this->_impFile . "' could not be found");
+		}
+		
+		if (! is_readable($this->_impFile)) {
+			throw new Exception("Unable to read file '" . $this->_impFile . "'");
+		}
+		
+		$file_data = array ();
+		
+		$fh = @fopen($this->_impFile, "r");
+		if ($fh) {
+			while (($line = fgets($fh)) !== false) {
+				$tmp_arr = explode($separator, $line);
+				$data_arr = array ();
+				foreach ($tmp_arr as $idx => $data) {
+					// dont include more fields that the 13 we use
+					if ($idx > 12)
+						break;
+					$data_arr[$this->_required_fields[$idx]] = $data;
+				}
+				$file_data[] = array_map("trim", $data_arr);
+			}
+		} else {
+			throw new Exception("Unable to open file '" . $this->_impFile . "'");
+		}
+		fclose($fh);
+		
+		return $file_data;
+	
+	}
+	
+	/**
+	 * reads customer data from panel_customer by $_custId
+	 *
+	 * @return bool
+	 */
+	private function _readCustomerData() {
+
+		$cust_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid` = :cid");
+		$this->_custData = Database::pexecute_first($cust_stmt, array (
+				'cid' => $this->_custId 
+		));
+		if (is_array($this->_custData) && isset($this->_custData['customerid']) && $this->_custData['customerid'] == $this->_custId) {
+			return true;
+		}
+		$this->_custData = null;
+		return false;
+	
+	}
+	
+	/**
+	 * reads domain data from panel_domain
+	 *
+	 * @return void
+	 */
+	private function _readDomainData() {
+
+		$knowndom_stmt = Database::prepare("SELECT `domain` FROM `" . TABLE_PANEL_DOMAINS . "` ORDER BY `domain` ASC");
+		Database::pexecute($knowndom_stmt);
+		$this->_knownDomains = array ();
+		while ($dom = $knowndom_stmt->fetch()) {
+			$this->_knownDomains[] = $dom['domain'];
+		}
+	
+	}
+	
+	/**
+	 * reads ip/port data from panel_ipsandports
+	 *
+	 * @return void
+	 */
+	private function _readIpPortData() {
+
+		$knownip_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "`");
+		Database::pexecute($knownip_stmt);
+		$this->_knownIpPort = array ();
+		while ($ipp = $knownip_stmt->fetch()) {
+			$this->_knownIpPort[$ipp['ip']][] = $ipp;
+		}
+	
+	}
+
+}

lib/classes/database/class.Database.php

@@ -332,9 +332,11 @@ class Database {
 			// include userdata.inc.php
 			require FROXLOR_INSTALL_DIR."/lib/userdata.inc.php";
 
+			// fallback
+			$theme = 'Sparkle';
+
 			// le format
-			if (self::$_needroot == true
-				&& isset($sql['root_user'])
+			if (isset($sql['root_user'])
 				&& isset($sql['root_password'])
 				&& (!isset($sql_root) || !is_array($sql_root))
 			) {
@@ -365,6 +367,7 @@ class Database {
 					// replace values
 					$err_hint = str_replace("<TEXT>", $error_message, $err_hint);
 					$err_hint = str_replace("<DEBUG>", $error_trace, $err_hint);
+					$err_hint = str_replace("<CURRENT_YEAR>", date('Y', time()), $err_hint);
 
 					$err_report_html = '';
 					if (is_array($userinfo) && (

lib/classes/integrity/class.IntegrityCheck.php

@@ -58,6 +58,41 @@ class IntegrityCheck {
 		return $integrityok;
 	}
 
+	/**
+	 * check whether the froxlor database and its tables are in utf-8 character-set
+	 *
+	 * @param bool $fix fix db charset/collation if not utf8
+	 *
+	 * @return boolean
+	 */
+	public function DatabaseCharset($fix = false) {
+
+		// get characterset
+		$cs_stmt = Database::prepare('SELECT default_character_set_name FROM information_schema.SCHEMATA WHERE schema_name = :dbname');
+		$resp = Database::pexecute_first($cs_stmt, array('dbname' => Database::getDbName()));
+		$charset = isset($resp['default_character_set_name']) ? $resp['default_character_set_name'] : null;
+		if (!empty($charset) && strtolower($charset) != 'utf8') {
+			if ($fix) {
+				// fix database
+				Database::query('ALTER DATABASE `' . Database::getDbName() . '` CHARACTER SET utf8 COLLATE utf8_general_ci');
+				// fix all tables
+				$handle = Database::query('SHOW TABLES');
+				while ($row = $handle->fetch(PDO::FETCH_ASSOC)) {
+					foreach ($row as $table) {
+						Database::query('ALTER TABLE `' . $table . '` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;');
+					}
+				}
+			} else {
+				return false;
+			}
+		}
+
+		if ($fix) {
+			return $this->DatabaseCharset();
+		}
+		return true;
+	}
+
 	/**
 	 * Check the integrity of the domain to ip/port - association
 	 * @param $fix Fix everything found directly

lib/classes/io/class.frxDirectory.php

@@ -0,0 +1,109 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <mkaufmann@nutime.de>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Cron
+ *
+ * @since      0.9.33
+ *
+ */
+
+/**
+ * Class frxDirectory handles directory actions and gives information
+ * about a given directory in connections with its usage in froxlor
+ *
+ * @author Michael Kaufmann (d00p) <d00p@froxlor.org>
+ *
+ */
+class frxDirectory {
+
+	/**
+	 * directory string
+	 *
+	 * @var string
+	 */
+	private $_dir = null;
+
+	/**
+	 * class constructor, optionally set directory
+	 *
+	 * @param string $dir
+	 */
+	public function __construct($dir = null) {
+		$this->_dir = $dir;
+	}
+
+	/**
+	 * check whether the directory has options set in panel_htaccess
+	 */
+	public function hasUserOptions() {
+		$uo_stmt = Database::prepare("
+			SELECT COUNT(`id`) as `usropts` FROM `".TABLE_PANEL_HTACCESS."` WHERE `path` = :dir
+		");
+		$uo_res = Database::pexecute_first($uo_stmt, array('dir' => makeCorrectDir($this->_dir)));
+		if ($uo_res != false && isset($uo_res['usropts'])) {
+			return ($uo_res['usropts'] > 0 ? true : false);
+		}
+		return false;
+	}
+
+	/**
+	 * check whether the directory is protected using panel_htpasswd
+	 */
+	public function isUserProtected() {
+		$up_stmt = Database::prepare("
+			SELECT COUNT(`id`) as `usrprot` FROM `".TABLE_PANEL_HTPASSWDS."` WHERE `path` = :dir
+		");
+		$up_res = Database::pexecute_first($up_stmt, array('dir' => makeCorrectDir($this->_dir)));
+		if ($up_res != false && isset($up_res['usrprot'])) {
+			return ($up_res['usrprot'] > 0 ? true : false);
+		}
+		return false;
+	}
+
+	/**
+	 * Checks if a given directory is valid for multiple configurations
+	 * or should rather be used as a single file
+	 *
+	 * @param bool $ifexists also check whether file/dir exists
+	 *
+	 * @return bool true if usable as dir, false otherwise
+	 */
+	public function isConfigDir($ifexists = false) {
+		
+		if (is_null($this->_dir)) {
+			trigger_error(__CLASS__.'::'.__FUNCTION__.' has been called with a null value', E_USER_WARNING);
+			return false;
+		}
+
+		if (file_exists($this->_dir)) {
+			if (is_dir($this->_dir)) {
+				$returnval = true;
+			} else {
+				$returnval = false;
+			}
+		} else {
+			if (!$ifexists) {
+				if (substr($this->_dir, -1) == '/') {
+					$returnval = true;
+				} else {
+					$returnval = false;
+				}
+			} else {
+				$returnval = false;
+			}
+		}
+		return $returnval;
+	}
+
+}

lib/classes/output/class.htmlform.php

@@ -65,7 +65,7 @@ class htmlform
 					if ($nexto === false || (isset($fielddata['next_to']) && $nexto['field'] != $fielddata['next_to'])) {
 						$label = $fielddata['label'];
 						$desc = (isset($fielddata['desc']) ? $fielddata['desc'] : '');
-						$style = (isset($fielddata['style']) ? ' style="'.$fielddata['style'].'"' : '');
+						$style = (isset($fielddata['style']) ? ' class="'.$fielddata['style'].'"' : '');
 						$mandatory = self::_getMandatoryFlag($fielddata);
 						$data_field = self::_parseDataField($fieldname, $fielddata);
 						//$data_field = str_replace("\n", "", $data_field);
@@ -123,6 +123,8 @@ class htmlform
 				return self::_textArea($fieldname, $data); break;
 			case 'checkbox':
 				return self::_checkbox($fieldname, $data); break;
+			case 'file':
+				return self::_file($fieldname, $data); break;
 		}
 	}
 
@@ -130,11 +132,11 @@ class htmlform
 	{
 		if(isset($data['mandatory']))
 		{
-			return '&nbsp;<span style="color:#ff0000;">*</span>';
+			return '&nbsp;<span class="red">*</span>';
 		}
 		elseif(isset($data['mandatory_ex']))
 		{
-			return '&nbsp;<span style="color:#ff0000;">**</span>';
+			return '&nbsp;<span class="red">**</span>';
 		}
 		return '';
 	}
@@ -288,4 +290,30 @@ class htmlform
 		return $output;
 	}
 
+	private static function _file($fieldname = '', $data = array())
+	{
+		$return = '';
+		$extras = '';
+		if(isset($data['maxlength'])) {
+			$extras .= ' maxlength="'.$data['maxlength'].'"';
+		}
+
+		// add support to save reloaded forms
+		if (isset($data['value'])) {
+			$value = $data['value'];
+		} elseif (isset($_SESSION['requestData'][$fieldname])) {
+			$value = $_SESSION['requestData'][$fieldname];
+		} else {
+			$value = '';
+		}
+
+		if(isset($data['display']) && $data['display'] != '')
+		{
+			$ulfield = '<strong>'.$data['display'].'</strong>';
+		}
+
+		eval("\$return = \"" . getTemplate("misc/form/input_file", "1") . "\";");
+		return $return;
+	}
+
 }

lib/classes/phpinterface/class.phpinterface_fpm.php

@@ -35,55 +35,79 @@ class phpinterface_fpm {
 
 	/**
 	 * defines what can be used for pool-config from php.ini
+	 * Mostly taken from http://php.net/manual/en/ini.list.php
+	 *
 	 * @var array
 	*/
 	private $_ini = array(
 			'php_value' => array(
-					'error_reporting',
-					'max_execution_time',
-					'include_path',
-					'upload_max_filesize',
-					'log_errors_max_len'
+				'auto_append_file',
+				'auto_prepend_file',
+				'date.timezone',
+				'default_charset',
+				'error_reporting',
+				'include_path',
+				'log_errors_max_len',
+				'mail.log',
+				'max_execution_time',
+				'session.cookie_domain',
+				'session.cookie_lifetime',
+				'session.cookie_path',
+				'session.name',
+				'session.serialize_handler',
+				'upload_max_filesize',
+				'xmlrpc_error_number',
+				'session.auto_start',
 			),
 			'php_flag' => array(
-					'short_open_tag',
-					'asp_tags',
-					'display_errors',
-					'display_startup_errors',
-					'log_errors',
-					'track_errors',
-					'html_errors',
-					'magic_quotes_gpc',
-					'magic_quotes_runtime',
-					'magic_quotes_sybase'
+				'asp_tags',
+				'display_errors',
+				'display_startup_errors',
+				'html_errors',
+				'log_errors',
+				'magic_quotes_gpc',
+				'magic_quotes_runtime',
+				'magic_quotes_sybase',
+				'mail.add_x_header',
+				'session.cookie_secure',
+				'session.use_cookies',
+				'short_open_tag',
+				'track_errors',
+				'xmlrpc_errors'
 			),
 			'php_admin_value' => array(
-					'open_basedir',
-					'precision',
-					'output_buffering',
-					'disable_functions',
-					'max_input_time',
-					'memory_limit',
-					'post_max_size',
-					'variables_order',
-					'gpc_order',
-					'date.timezone',
-					'sendmail_path',
-					'session.gc_divisor',
-					'session.gc_probability'
+				'cgi.redirect_status_env',
+				'date.timezone',
+				'disable_classes',
+				'disable_functions',
+				'error_log',
+				'gpc_order',
+				'max_input_time',
+				'memory_limit',
+				'open_basedir',
+				'output_buffering',
+				'post_max_size',
+				'precision',
+				'sendmail_path',
+				'session.gc_divisor',
+				'session.gc_probability',
+				'variables_order'
 			),
 			'php_admin_flag' => array(
-					'allow_call_time_pass_reference',
-					'allow_url_fopen',
-					'cgi.force_redirect',
-					'enable_dl',
-					'expose_php',
-					'ignore_repeated_errors',
-					'ignore_repeated_source',
-					'report_memleaks',
-					'register_argc_argv',
-					'file_uploads',
-					'allow_url_fopen'
+				'allow_call_time_pass_reference',
+				'allow_url_fopen',
+				'allow_url_include',
+				'auto_detect_line_endings',
+				'cgi.fix_pathinfo',
+				'cgi.force_redirect',
+				'enable_dl',
+				'expose_php',
+				'file_uploads',
+				'ignore_repeated_errors',
+				'ignore_repeated_source',
+				'log_errors',
+				'register_argc_argv',
+				'report_memleaks'
 			)
 	);
 
@@ -126,7 +150,8 @@ class phpinterface_fpm {
 				$fpm_config.= 'listen.owner = '.$this->_domain['loginname']."\n";
 				$fpm_config.= 'listen.group = '.$this->_domain['loginname']."\n";
 			}
-			$fpm_config.= 'listen.mode = 0666'."\n";
+			// see #1418 why this is 0660
+			$fpm_config.= 'listen.mode = 0660'."\n";
 
 			if ($this->_domain['loginname'] == 'froxlor.panel') {
 				$fpm_config.= 'user = '.$this->_domain['guid']."\n";
@@ -140,6 +165,13 @@ class phpinterface_fpm {
 			$fpm_config.= 'pm.max_children = '.$fpm_children."\n";
 
 			if ($fpm_pm == 'dynamic') {
+				// honor max_children
+				if ($fpm_children < $fpm_min_spare_servers) {
+					$fpm_min_spare_servers = $fpm_children;
+				}
+				if ($fpm_children < $fpm_max_spare_servers) {
+					$fpm_max_spare_servers = $fpm_children;
+				}
 				// failsafe, refs #955
 				if ($fpm_start_servers < $fpm_min_spare_servers) {
 					$fpm_start_servers = $fpm_min_spare_servers;
@@ -151,7 +183,6 @@ class phpinterface_fpm {
 				$fpm_config.= 'pm.min_spare_servers = '.$fpm_min_spare_servers."\n";
 				$fpm_config.= 'pm.max_spare_servers = '.$fpm_max_spare_servers."\n";
 			} elseif ($fpm_pm == 'ondemand') {
-				$fpm_config.= 'pm.start_servers = '.$fpm_start_servers."\n";
 				$fpm_config.= 'pm.process_idle_timeout = '.$fpm_process_idle_timeout."\n";
 			}
 

lib/classes/phpmailer/PHPMailerAutoload.php

@@ -1,14 +1,14 @@
 <?php
 /**
  * PHPMailer SPL autoloader.
- * PHP Version 5.0.0
+ * PHP Version 5
  * @package PHPMailer
- * @link https://github.com/PHPMailer/PHPMailer/
- * @author Marcus Bointon (coolbru) <phpmailer@synchromedia.co.uk>
+ * @link https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
+ * @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
  * @author Jim Jagielski (jimjag) <jimjag@gmail.com>
  * @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
  * @author Brent R. Matzelle (original founder)
- * @copyright 2013 Marcus Bointon
+ * @copyright 2012 - 2014 Marcus Bointon
  * @copyright 2010 - 2012 Jim Jagielski
  * @copyright 2004 - 2009 Andy Prevost
  * @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
@@ -30,5 +30,20 @@ function PHPMailerAutoload($classname)
     }
 }
 
-spl_autoload_register('PHPMailerAutoload');
-
+if (version_compare(PHP_VERSION, '5.1.2', '>=')) {
+    //SPL autoloading was introduced in PHP 5.1.2
+    if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
+        spl_autoload_register('PHPMailerAutoload', true, true);
+    } else {
+        spl_autoload_register('PHPMailerAutoload');
+    }
+} else {
+    /**
+     * Fall back to traditional autoload for old PHP versions
+     * @param string $classname The name of the class to load
+     */
+    function __autoload($classname)
+    {
+        PHPMailerAutoload($classname);
+    }
+}

lib/classes/phpmailer/class.SMTP.php

@@ -1,102 +1,117 @@
 <?php
 /**
  * PHPMailer RFC821 SMTP email transport class.
- * Version 5.2.7
- * PHP version 5.0.0
- * @category  PHP
- * @package   PHPMailer
- * @link      https://github.com/PHPMailer/PHPMailer/
- * @author Marcus Bointon (coolbru) <phpmailer@synchromedia.co.uk>
+ * PHP Version 5
+ * @package PHPMailer
+ * @link https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
+ * @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
  * @author Jim Jagielski (jimjag) <jimjag@gmail.com>
  * @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
- * @copyright 2013 Marcus Bointon
- * @copyright 2004 - 2008 Andy Prevost
+ * @author Brent R. Matzelle (original founder)
+ * @copyright 2014 Marcus Bointon
  * @copyright 2010 - 2012 Jim Jagielski
- * @license   http://www.gnu.org/copyleft/lesser.html Distributed under the Lesser General Public License (LGPL)
+ * @copyright 2004 - 2009 Andy Prevost
+ * @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
+ * @note This program is distributed in the hope that it will be useful - WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.
  */
 
 /**
  * PHPMailer RFC821 SMTP email transport class.
- *
- * Implements RFC 821 SMTP commands
- * and provides some utility methods for sending mail to an SMTP server.
- *
- * PHP Version 5.0.0
- *
- * @category PHP
- * @package  PHPMailer
- * @link     https://github.com/PHPMailer/PHPMailer/blob/master/class.smtp.php
- * @author   Chris Ryan <unknown@example.com>
- * @author   Marcus Bointon <phpmailer@synchromedia.co.uk>
- * @license  http://www.gnu.org/copyleft/lesser.html Distributed under the Lesser General Public License (LGPL)
+ * Implements RFC 821 SMTP commands and provides some utility methods for sending mail to an SMTP server.
+ * @package PHPMailer
+ * @author Chris Ryan <unknown@example.com>
+ * @author Marcus Bointon <phpmailer@synchromedia.co.uk>
  */
-
 class SMTP
 {
     /**
-     * The PHPMailer SMTP Version number.
+     * The PHPMailer SMTP version number.
+     * @type string
      */
-    const VERSION = '5.2.7';
+    const VERSION = '5.2.8';
 
     /**
      * SMTP line break constant.
+     * @type string
      */
     const CRLF = "\r\n";
 
     /**
      * The SMTP port to use if one is not specified.
+     * @type int
      */
     const DEFAULT_SMTP_PORT = 25;
 
+    /**
+     * The maximum line length allowed by RFC 2822 section 2.1.1
+     * @type int
+     */
+    const MAX_LINE_LENGTH = 998;
+
     /**
      * The PHPMailer SMTP Version number.
      * @type string
-     * @deprecated This should be a constant
+     * @deprecated Use the constant instead
      * @see SMTP::VERSION
      */
-    public $Version = '5.2.7';
+    public $Version = '5.2.8';
 
     /**
      * SMTP server port number.
      * @type int
-     * @deprecated This is only ever ued as default value, so should be a constant
+     * @deprecated This is only ever used as a default value, so use the constant instead
      * @see SMTP::DEFAULT_SMTP_PORT
      */
     public $SMTP_PORT = 25;
 
     /**
-     * SMTP reply line ending
+     * SMTP reply line ending.
      * @type string
-     * @deprecated Use the class constant instead
+     * @deprecated Use the constant instead
      * @see SMTP::CRLF
      */
     public $CRLF = "\r\n";
 
     /**
      * Debug output level.
-     * Options: 0 for no output, 1 for commands, 2 for data and commands
+     * Options:
+     * * `0` No output
+     * * `1` Commands
+     * * `2` Data and commands
+     * * `3` As 2 plus connection status
+     * * `4` Low-level data output
      * @type int
      */
     public $do_debug = 0;
 
     /**
-     * The function/method to use for debugging output.
-     * Options: 'echo', 'html' or 'error_log'
+     * How to handle debug output.
+     * Options:
+     * * `echo` Output plain-text as-is, appropriate for CLI
+     * * `html` Output escaped, line breaks converted to <br>, appropriate for browser output
+     * * `error_log` Output to error log as configured in php.ini
      * @type string
      */
     public $Debugoutput = 'echo';
 
     /**
      * Whether to use VERP.
+     * @link http://en.wikipedia.org/wiki/Variable_envelope_return_path
+     * @link http://www.postfix.org/VERP_README.html Info on VERP
      * @type bool
      */
     public $do_verp = false;
 
     /**
-     * The SMTP timeout value for reads, in seconds.
+     * The timeout value for connection, in seconds.
+     * Default of 5 minutes (300sec) is from RFC2821 section 4.5.3.2
+     * This needs to be quite high to function correctly with hosts using greetdelay as an anti-spam measure.
+     * @link http://tools.ietf.org/html/rfc2821#section-4.5.3.2
      * @type int
      */
-    public $Timeout = 15;
+    public $Timeout = 300;
 
     /**
      * The SMTP timelimit value for reads, in seconds.
@@ -137,7 +152,6 @@ class SMTP
         $this->smtp_conn = 0;
         $this->error = null;
         $this->helo_rply = null;
-
         $this->do_debug = 0;
     }
 
@@ -164,15 +178,14 @@ class SMTP
                 break;
             case 'echo':
             default:
-                //Just echoes whatever was received
-                echo $str;
+                echo gmdate('Y-m-d H:i:s')."\t".trim($str)."\n";
         }
     }
 
     /**
      * Connect to an SMTP server.
-     * @param string $host    SMTP server IP or host name
-     * @param int $port    The port number to connect to
+     * @param string $host SMTP server IP or host name
+     * @param int $port The port number to connect to
      * @param int $timeout How long to wait for the connection to open
      * @param array $options An array of options for stream_context_create()
      * @access public
@@ -182,19 +195,19 @@ class SMTP
     {
         // Clear errors to avoid confusion
         $this->error = null;
-
         // Make sure we are __not__ connected
         if ($this->connected()) {
             // Already connected, generate error
             $this->error = array('error' => 'Already connected to a server');
             return false;
         }
-
         if (empty($port)) {
             $port = self::DEFAULT_SMTP_PORT;
         }
-
         // Connect to the SMTP server
+        if ($this->do_debug >= 3) {
+            $this->edebug('Connection: opening');
+        }
         $errno = 0;
         $errstr = '';
         $socket_context = stream_context_create($options);
@@ -207,7 +220,6 @@ class SMTP
             STREAM_CLIENT_CONNECT,
             $socket_context
         );
-
         // Verify we connected properly
         if (empty($this->smtp_conn)) {
             $this->error = array(
@@ -217,13 +229,15 @@ class SMTP
             );
             if ($this->do_debug >= 1) {
                 $this->edebug(
-                    'SMTP -> ERROR: ' . $this->error['error']
+                    'SMTP ERROR: ' . $this->error['error']
                     . ": $errstr ($errno)"
                 );
             }
             return false;
         }
-
+        if ($this->do_debug >= 3) {
+            $this->edebug('Connection: opened');
+        }
         // SMTP server can take longer to respond, give longer timeout for first read
         // Windows does not have support for this timeout function
         if (substr(PHP_OS, 0, 3) != 'WIN') {
@@ -233,14 +247,11 @@ class SMTP
             }
             stream_set_timeout($this->smtp_conn, $timeout, 0);
         }
-
         // Get any announcement
         $announce = $this->get_lines();
-
         if ($this->do_debug >= 2) {
-            $this->edebug('SMTP -> FROM SERVER:' . $announce);
+            $this->edebug('SERVER -> CLIENT: ' . $announce);
         }
-
         return true;
     }
 
@@ -251,7 +262,7 @@ class SMTP
      */
     public function startTLS()
     {
-        if (!$this->sendCommand("STARTTLS", "STARTTLS", 220)) {
+        if (!$this->sendCommand('STARTTLS', 'STARTTLS', 220)) {
             return false;
         }
         // Begin encrypted connection
@@ -259,8 +270,7 @@ class SMTP
             $this->smtp_conn,
             true,
             STREAM_CRYPTO_METHOD_TLS_CLIENT
-        )
-        ) {
+        )) {
             return false;
         }
         return true;
@@ -288,7 +298,6 @@ class SMTP
         if (empty($authtype)) {
             $authtype = 'LOGIN';
         }
-
         switch ($authtype) {
             case 'PLAIN':
                 // Start authentication
@@ -351,7 +360,6 @@ class SMTP
                 ) {
                     return false;
                 }
-
                 //Though 0 based, there is a white space after the 3 digit number
                 //msg2
                 $challenge = substr($this->last_reply, 3);
@@ -411,13 +419,13 @@ class SMTP
         // Eliminates the need to install mhash to compute a HMAC
         // Hacked by Lance Rushing
 
-        $b = 64; // byte length for md5
-        if (strlen($key) > $b) {
+        $bytelen = 64; // byte length for md5
+        if (strlen($key) > $bytelen) {
             $key = pack('H*', md5($key));
         }
-        $key = str_pad($key, $b, chr(0x00));
-        $ipad = str_pad('', $b, chr(0x36));
-        $opad = str_pad('', $b, chr(0x5c));
+        $key = str_pad($key, $bytelen, chr(0x00));
+        $ipad = str_pad('', $bytelen, chr(0x36));
+        $opad = str_pad('', $bytelen, chr(0x5c));
         $k_ipad = $key ^ $ipad;
         $k_opad = $key ^ $opad;
 
@@ -437,7 +445,7 @@ class SMTP
                 // the socket is valid but we are not connected
                 if ($this->do_debug >= 1) {
                     $this->edebug(
-                        'SMTP -> NOTICE: EOF caught while checking if connected'
+                        'SMTP NOTICE: EOF caught while checking if connected'
                     );
                 }
                 $this->close();
@@ -462,6 +470,9 @@ class SMTP
         if (!empty($this->smtp_conn)) {
             // close the connection and cleanup
             fclose($this->smtp_conn);
+            if ($this->do_debug >= 3) {
+                $this->edebug('Connection: closed');
+            }
             $this->smtp_conn = 0;
         }
     }
@@ -483,62 +494,52 @@ class SMTP
         if (!$this->sendCommand('DATA', 'DATA', 354)) {
             return false;
         }
-
         /* The server is ready to accept data!
-         * according to rfc821 we should not send more than 1000
-         * including the CRLF
-         * characters on a single line so we will break the data up
-         * into lines by \r and/or \n then if needed we will break
-         * each of those into smaller lines to fit within the limit.
-         * in addition we will be looking for lines that start with
-         * a period '.' and append and additional period '.' to that
-         * line. NOTE: this does not count towards limit.
+         * According to rfc821 we should not send more than 1000 characters on a single line (including the CRLF)
+         * so we will break the data up into lines by \r and/or \n then if needed we will break each of those into
+         * smaller lines to fit within the limit.
+         * We will also look for lines that start with a '.' and prepend an additional '.'.
+         * NOTE: this does not count towards line-length limit.
          */
 
-        // Normalize the line breaks before exploding
-        $msg_data = str_replace("\r\n", "\n", $msg_data);
-        $msg_data = str_replace("\r", "\n", $msg_data);
-        $lines = explode("\n", $msg_data);
+        // Normalize line breaks before exploding
+        $lines = explode("\n", str_replace(array("\r\n", "\r"), "\n", $msg_data));
 
-        /* We need to find a good way to determine if headers are
-         * in the msg_data or if it is a straight msg body
-         * currently I am assuming rfc822 definitions of msg headers
-         * and if the first field of the first line (':' separated)
-         * does not contain a space then it _should_ be a header
-         * and we can process all lines before a blank "" line as
-         * headers.
+        /* To distinguish between a complete RFC822 message and a plain message body, we check if the first field
+         * of the first line (':' separated) does not contain a space then it _should_ be a header and we will
+         * process all lines before a blank line as headers.
          */
 
         $field = substr($lines[0], 0, strpos($lines[0], ':'));
         $in_headers = false;
-        if (!empty($field) && !strstr($field, ' ')) {
+        if (!empty($field) && strpos($field, ' ') === false) {
             $in_headers = true;
         }
 
-        //RFC 2822 section 2.1.1 limit
-        $max_line_length = 998;
-
         foreach ($lines as $line) {
-            $lines_out = null;
-            if ($line == '' && $in_headers) {
+            $lines_out = array();
+            if ($in_headers and $line == '') {
                 $in_headers = false;
             }
             // ok we need to break this line up into several smaller lines
-            while (strlen($line) > $max_line_length) {
-                $pos = strrpos(substr($line, 0, $max_line_length), ' ');
-
-                // Patch to fix DOS attack
-                if (!$pos) {
-                    $pos = $max_line_length - 1;
+            //This is a small micro-optimisation: isset($str[$len]) is equivalent to (strlen($str) > $len)
+            while (isset($line[self::MAX_LINE_LENGTH])) {
+                //Working backwards, try to find a space within the last MAX_LINE_LENGTH chars of the line to break on
+                //so as to avoid breaking in the middle of a word
+                $pos = strrpos(substr($line, 0, self::MAX_LINE_LENGTH), ' ');
+                if (!$pos) { //Deliberately matches both false and 0
+                    //No nice break found, add a hard break
+                    $pos = self::MAX_LINE_LENGTH - 1;
                     $lines_out[] = substr($line, 0, $pos);
                     $line = substr($line, $pos);
                 } else {
+                    //Break at the found point
                     $lines_out[] = substr($line, 0, $pos);
+                    //Move along by the amount we dealt with
                     $line = substr($line, $pos + 1);
                 }
-
                 /* If processing headers add a LWSP-char to the front of new line
-                 * rfc822 on long msg headers
+                 * RFC822 section 3.1.1
                  */
                 if ($in_headers) {
                     $line = "\t" . $line;
@@ -546,12 +547,11 @@ class SMTP
             }
             $lines_out[] = $line;
 
-            // send the lines to the server
-            while (list(, $line_out) = @each($lines_out)) {
-                if (strlen($line_out) > 0) {
-                    if (substr($line_out, 0, 1) == '.') {
-                        $line_out = '.' . $line_out;
-                    }
+            // Send the lines to the server
+            foreach ($lines_out as $line_out) {
+                //RFC2821 section 4.5.2
+                if (!empty($line_out) and $line_out[0] == '.') {
+                    $line_out = '.' . $line_out;
                 }
                 $this->client_send($line_out . self::CRLF);
             }
@@ -565,7 +565,7 @@ class SMTP
      * Send an SMTP HELO or EHLO command.
      * Used to identify the sending server to the receiving server.
      * This makes sure that client and server are in a known state.
-     * Implements from RFC 821: HELO <SP> <domain> <CRLF>
+     * Implements RFC 821: HELO <SP> <domain> <CRLF>
      * and RFC 2821 EHLO.
      * @param string $host The host name or IP to connect to
      * @access public
@@ -574,13 +574,7 @@ class SMTP
     public function hello($host = '')
     {
         // Try extended hello first (RFC 2821)
-        if (!$this->sendHello('EHLO', $host)) {
-            if (!$this->sendHello('HELO', $host)) {
-                return false;
-            }
-        }
-
-        return true;
+        return (bool)($this->sendHello('EHLO', $host) or $this->sendHello('HELO', $host));
     }
 
     /**
@@ -588,7 +582,7 @@ class SMTP
      * Low-level implementation used by hello()
      * @see hello()
      * @param string $hello The HELO string
-     * @param string $host  The hostname to say we are
+     * @param string $host The hostname to say we are
      * @access protected
      * @return bool
      */
@@ -631,28 +625,28 @@ class SMTP
     public function quit($close_on_error = true)
     {
         $noerror = $this->sendCommand('QUIT', 'QUIT', 221);
-        $e = $this->error; //Save any error
+        $err = $this->error; //Save any error
         if ($noerror or $close_on_error) {
             $this->close();
-            $this->error = $e; //Restore any error from the quit command
+            $this->error = $err; //Restore any error from the quit command
         }
         return $noerror;
     }
 
     /**
      * Send an SMTP RCPT command.
-     * Sets the TO argument to $to.
+     * Sets the TO argument to $toaddr.
      * Returns true if the recipient was accepted false if it was rejected.
      * Implements from rfc 821: RCPT <SP> TO:<forward-path> <CRLF>
-     * @param string $to The address the message is being sent to
+     * @param string $toaddr The address the message is being sent to
      * @access public
      * @return bool
      */
-    public function recipient($to)
+    public function recipient($toaddr)
     {
         return $this->sendCommand(
-            'RCPT TO ',
-            'RCPT TO:<' . $to . '>',
+            'RCPT TO',
+            'RCPT TO:<' . $toaddr . '>',
             array(250, 251)
         );
     }
@@ -681,7 +675,7 @@ class SMTP
     {
         if (!$this->connected()) {
             $this->error = array(
-                "error" => "Called $command without being connected"
+                'error' => "Called $command without being connected"
             );
             return false;
         }
@@ -691,19 +685,19 @@ class SMTP
         $code = substr($reply, 0, 3);
 
         if ($this->do_debug >= 2) {
-            $this->edebug('SMTP -> FROM SERVER:' . $reply);
+            $this->edebug('SERVER -> CLIENT: ' . $reply);
         }
 
         if (!in_array($code, (array)$expect)) {
             $this->last_reply = null;
             $this->error = array(
-                "error" => "$command command failed",
-                "smtp_code" => $code,
-                "detail" => substr($reply, 4)
+                'error' => "$command command failed",
+                'smtp_code' => $code,
+                'detail' => substr($reply, 4)
             );
             if ($this->do_debug >= 1) {
                 $this->edebug(
-                    'SMTP -> ERROR: ' . $this->error['error'] . ': ' . $reply
+                    'SMTP ERROR: ' . $this->error['error'] . ': ' . $reply
                 );
             }
             return false;
@@ -729,7 +723,7 @@ class SMTP
      */
     public function sendAndMail($from)
     {
-        return $this->sendCommand("SAML", "SAML FROM:$from", 250);
+        return $this->sendCommand('SAML', "SAML FROM:$from", 250);
     }
 
     /**
@@ -740,7 +734,7 @@ class SMTP
      */
     public function verify($name)
     {
-        return $this->sendCommand("VRFY", "VRFY $name", array(250, 251));
+        return $this->sendCommand('VRFY', "VRFY $name", array(250, 251));
     }
 
     /**
@@ -751,14 +745,14 @@ class SMTP
      */
     public function noop()
     {
-        return $this->sendCommand("NOOP", "NOOP", 250);
+        return $this->sendCommand('NOOP', 'NOOP', 250);
     }
 
     /**
      * Send an SMTP TURN command.
      * This is an optional command for SMTP that this class does not support.
-     * This method is here to make the RFC821 Definition
-     * complete for this class and __may__ be implemented in future
+     * This method is here to make the RFC821 Definition complete for this class
+     * and _may_ be implemented in future
      * Implements from rfc 821: TURN <CRLF>
      * @access public
      * @return bool
@@ -769,7 +763,7 @@ class SMTP
             'error' => 'The SMTP TURN command is not implemented'
         );
         if ($this->do_debug >= 1) {
-            $this->edebug('SMTP -> NOTICE: ' . $this->error['error']);
+            $this->edebug('SMTP NOTICE: ' . $this->error['error']);
         }
         return false;
     }
@@ -778,12 +772,12 @@ class SMTP
      * Send raw data to the server.
      * @param string $data The data to send
      * @access public
-     * @return int|bool The number of bytes sent to the server or FALSE on error
+     * @return int|bool The number of bytes sent to the server or false on error
      */
     public function client_send($data)
     {
         if ($this->do_debug >= 1) {
-            $this->edebug("CLIENT -> SMTP: $data");
+            $this->edebug("CLIENT -> SERVER: $data");
         }
         return fwrite($this->smtp_conn, $data);
     }
@@ -819,12 +813,12 @@ class SMTP
      */
     protected function get_lines()
     {
+        // If the connection is bad, give up straight away
+        if (!is_resource($this->smtp_conn)) {
+            return '';
+        }
         $data = '';
         $endtime = 0;
-        // If the connection is bad, give up now
-        if (!is_resource($this->smtp_conn)) {
-            return $data;
-        }
         stream_set_timeout($this->smtp_conn, $this->Timeout);
         if ($this->Timelimit > 0) {
             $endtime = time() + $this->Timelimit;
@@ -839,8 +833,8 @@ class SMTP
             if ($this->do_debug >= 4) {
                 $this->edebug("SMTP -> get_lines(): \$data is \"$data\"");
             }
-            // if 4th character is a space, we are done reading, break the loop
-            if (substr($str, 3, 1) == ' ') {
+            // If 4th character is a space, we are done reading, break the loop, micro-optimisation over strlen
+            if ((isset($str[3]) and $str[3] == ' ')) {
                 break;
             }
             // Timed-out? Log and break
@@ -854,16 +848,14 @@ class SMTP
                 break;
             }
             // Now check if reads took too long
-            if ($endtime) {
-                if (time() > $endtime) {
-                    if ($this->do_debug >= 4) {
-                        $this->edebug(
-                            'SMTP -> get_lines(): timelimit reached ('
-                            . $this->Timelimit . ' sec)'
-                        );
-                    }
-                    break;
+            if ($endtime and time() > $endtime) {
+                if ($this->do_debug >= 4) {
+                    $this->edebug(
+                        'SMTP -> get_lines(): timelimit reached ('.
+                        $this->Timelimit . ' sec)'
+                    );
                 }
+                break;
             }
         }
         return $data;

lib/classes/settings/class.Settings.php

@@ -196,7 +196,7 @@ class Settings {
 	public function pFlush() {
 		if (is_array(self::$_updatedata) && count(self::$_updatedata) > 0) {
 			// save all un-saved changes to the settings
-			foreach ($self::$_updatedata as $group => $vargroup) {
+			foreach (self::$_updatedata as $group => $vargroup) {
 				foreach ($vargroup as $varname => $value) {
 					$this->_storeSetting($group, $varname, $value);
 				}

lib/configfiles/freebsd.inc.php

@@ -39,8 +39,6 @@ return array(
 			'http' => array(
 				'label' => $lng['admin']['configfiles']['http'],
 				'daemons' => array(
-
-					// Begin: Nginx Config
 					'nginx' => array(
 						'label' => 'Nginx Webserver',
 						'commands_1' => array(
@@ -58,7 +56,7 @@ return array(
 						'commands_2' => array(
 							$configcommand['vhost'],
 							$configcommand['diroptions'],
-							(Settings::Get('system.deactivateddocroot') != '') ? 'mkdir -p '. Settings::Get('system.deactivateddocroot') : null,
+							(Settings::Get('system.deactivateddocroot') != '') ? 'mkdir -p ' . Settings::Get('system.deactivateddocroot') : '',
 							'mkdir -p '. Settings::Get('system.documentroot_prefix'),
 							'mkdir -p '. Settings::Get('system.mod_fcgid_tmpdir'),
 							'mkdir -p '. Settings::Get('system.logfiles_directory'),
@@ -71,8 +69,6 @@ return array(
 							'/usr/local/etc/rc.d/nginx restart'
 						)
 					),
-					// End: Nginx Config
-
 					'apache2' => array(
 						'label' => 'Apache2 Webserver',
 						'commands' => array(
@@ -347,7 +343,7 @@ return array(
 							'echo "*/5 * * * *     root     nice -n 5	/usr/local/bin/php -q '.makeCorrectDir(dirname(dirname(dirname(__FILE__)))).'scripts/froxlor_master_cronjob.php" >> /etc/crontab'
 						),
 						'restart' => array(
-							'/etc/rc.d/cron restart'
+							Settings::Get('system.crondreload')
 						)
 					),
 					'awstats' => array(

lib/configfiles/gentoo.inc.php

@@ -101,7 +101,7 @@ return array(
 						'commands_2' => array(
 							'mkdir -p ' . Settings::Get('system.documentroot_prefix'),
 							'mkdir -p ' . Settings::Get('system.logfiles_directory'),
-							'mkdir -p ' . Settings::Get('system.deactivateddocroot'),
+							(Settings::Get('system.deactivateddocroot') != '') ? 'mkdir -p ' . Settings::Get('system.deactivateddocroot') : '',
 							'mkdir -p ' . Settings::Get('system.mod_fcgid_tmpdir'),
 							'chmod 1777 ' . Settings::Get('system.mod_fcgid_tmpdir'),
 							'chmod u+x /etc/init.d/php-fcgi',
@@ -374,7 +374,6 @@ milter_default_action = accept" >> /etc/postfix/main.cf',
 					'cron' => array(
 						'label' => 'Crond (cronscript)',
 						'commands_1' => array(
-							'emerge -av vixie-cron',
 							'touch /etc/cron.d/froxlor',
 							'chown root:0 /etc/cron.d/froxlor',
 							'chmod 0640 /etc/cron.d/froxlor'
@@ -382,11 +381,8 @@ milter_default_action = accept" >> /etc/postfix/main.cf',
 						'files' => array(
 							'etc_cron.d_froxlor' => '/etc/cron.d/froxlor'
 						),
-						'commands_2' => array(
-							'rc-update add vixie-cron default'
-						),
 						'restart' => array(
-							'/etc/init.d/vixie-cron restart'
+							Settings::Get('system.crondreload')
 						)
 					),
 					'awstats' => array(

lib/configfiles/lucid.inc.php

@@ -36,7 +36,7 @@ if ($vmail_group === false) {
 
 return array(
 	'ubuntu_lucid' => array(
-		'label' => 'Ubuntu 10.04 (Lucid)',
+		'label' => 'Ubuntu 10.04 (Lucid) [deprecated]',
 		'services' => array(
 			'http' => array(
 				'label' => $lng['admin']['configfiles']['http'],
@@ -99,7 +99,7 @@ return array(
 							'rm /etc/nginx/sites-enabled/default',
 							'mkdir -p ' . Settings::Get('system.documentroot_prefix'),
 							'mkdir -p ' . Settings::Get('system.logfiles_directory'),
-							'mkdir -p ' . Settings::Get('system.deactivateddocroot'),
+							(Settings::Get('system.deactivateddocroot') != '') ? 'mkdir -p ' . Settings::Get('system.deactivateddocroot') : '',
 							'mkdir -p ' . Settings::Get('system.mod_fcgid_tmpdir'),
 							'chmod 1777 ' . Settings::Get('system.mod_fcgid_tmpdir'),
 							'chmod u+x /etc/init.d/php-fcgi'
@@ -367,7 +367,7 @@ return array(
 							'etc_cron.d_froxlor' => '/etc/cron.d/froxlor'
 						),
 						'restart' => array(
-							'/etc/init.d/cron restart'
+							Settings::Get('system.crondreload')
 						)
 					),
 					'awstats' => array(

lib/configfiles/precise.inc.php

@@ -99,7 +99,7 @@ return array(
 							'rm /etc/nginx/sites-enabled/default',
 							'mkdir -p ' . Settings::Get('system.documentroot_prefix'),
 							'mkdir -p ' . Settings::Get('system.logfiles_directory'),
-							'mkdir -p ' . Settings::Get('system.deactivateddocroot'),
+							(Settings::Get('system.deactivateddocroot') != '') ? 'mkdir -p ' . Settings::Get('system.deactivateddocroot') : '',
 							'mkdir -p ' . Settings::Get('system.mod_fcgid_tmpdir'),
 							'chmod 1777 ' . Settings::Get('system.mod_fcgid_tmpdir'),
 							'chmod u+x /etc/init.d/php-fcgi'
@@ -369,7 +369,7 @@ return array(
 							'etc_cron.d_froxlor' => '/etc/cron.d/froxlor'
 						),
 						'restart' => array(
-							'/etc/init.d/cron restart'
+							Settings::Get('system.crondreload')
 						)
 					),
 					'awstats' => array(

lib/configfiles/sle10.inc.php

@@ -36,7 +36,7 @@ if ($vmail_group === false) {
 
 return array(
 	'sle_10' => array(
-		'label' => 'SUSE Linux Enterprise 10',
+		'label' => 'SUSE Linux Enterprise 10 (deprecated)',
 		'services' => array(
 			'http' => array(
 				'label' => $lng['admin']['configfiles']['http'],
@@ -169,7 +169,7 @@ return array(
 							'etc_cron.d_froxlor' => '/etc/cron.d/froxlor'
 						),
 						'restart' => array(
-							'/etc/init.d/cron restart'
+							Settings::Get('system.crondreload')
 						)
 					),
 					'awstats' => array(

lib/configfiles/sle11.inc.php

@@ -35,8 +35,8 @@ if ($vmail_group === false) {
 }
 
 return array(
-	'opensuse_11_x' => array(
-		'label' => 'openSUSE 11.x',
+	'sle_11' => array(
+		'label' => 'SUSE Linux Enterprise 11',
 		'services' => array(
 			'http' => array(
 				'label' => $lng['admin']['configfiles']['http'],
@@ -248,7 +248,7 @@ return array(
 							'etc_cron.d_froxlor' => '/etc/cron.d/froxlor'
 						),
 						'restart' => array(
-							'/etc/init.d/cron restart'
+							Settings::Get('system.crondreload')
 						)
 					),
 					'awstats' => array(

lib/configfiles/squeeze.inc.php

@@ -36,7 +36,7 @@ if ($vmail_group === false) {
 
 return array(
 	'debian_squeeze' => array(
-		'label' => 'Debian 6.0 (Squeeze)',
+		'label' => 'Debian 6.0 (Squeeze) [deprecated]',
 		'services' => array(
 			'http' => array(
 				'label' => $lng['admin']['configfiles']['http'],
@@ -99,7 +99,7 @@ return array(
 							'rm /etc/nginx/sites-enabled/default',
 							'mkdir -p ' . Settings::Get('system.documentroot_prefix'),
 							'mkdir -p ' . Settings::Get('system.logfiles_directory'),
-							//'mkdir -p ' . Settings::Get('system.deactivateddocroot'),
+							(Settings::Get('system.deactivateddocroot') != '') ? 'mkdir -p ' . Settings::Get('system.deactivateddocroot') : '',
 							'mkdir -p ' . Settings::Get('system.mod_fcgid_tmpdir'),
 							'chmod 1777 ' . Settings::Get('system.mod_fcgid_tmpdir'),
 							'chmod u+x /etc/init.d/php-fcgi'
@@ -366,7 +366,7 @@ return array(
 							'etc_cron.d_froxlor' => '/etc/cron.d/froxlor'
 						),
 						'restart' => array(
-							'/etc/init.d/cron restart'
+							Settings::Get('system.crondreload')
 						)
 					),
 					'awstats' => array(

lib/configfiles/wheezy.inc.php

@@ -97,7 +97,7 @@ return array(
 							'rm /etc/nginx/sites-enabled/default',
 							'mkdir -p ' . Settings::Get('system.documentroot_prefix'),
 							'mkdir -p ' . Settings::Get('system.logfiles_directory'),
-							//'mkdir -p ' . Settings::Get('system.deactivateddocroot'),
+							(Settings::Get('system.deactivateddocroot') != '') ? 'mkdir -p ' . Settings::Get('system.deactivateddocroot') : '',
 							'mkdir -p ' . Settings::Get('system.mod_fcgid_tmpdir'),
 							'chmod 1777 ' . Settings::Get('system.mod_fcgid_tmpdir'),
 							'chmod u+x /etc/init.d/php-fcgi'
@@ -369,7 +369,7 @@ return array(
 							'etc_cron.d_froxlor' => '/etc/cron.d/froxlor'
 						),
 						'restart' => array(
-							'/etc/init.d/cron restart'
+							Settings::Get('system.crondreload')
 						)
 					),
 					'awstats' => array(
@@ -426,21 +426,25 @@ return array(
 							(Settings::Get('system.mod_fcgid_ownvhost') == '1') ? 'a2dismod php5' : null
 						),
 						'restart' => array(
-							'/etc/init.d/apache2 restart'
+							Settings::Get('system.apachereload_command')
 						)
 					),
 					'php-fpm' => array(
 						'label' => 'PHP-FPM',
 						'commands' => array(
-							'# add "non-free" after all occurances of "main" in /etc/apt/sources.list',
-							'# this is needed for libapache2-mod-fastcgi to install',
-							'apt-get install apache2-suexec libapache2-mod-fastcgi php5-fpm',
+							(Settings::Get('system.webserver') == 'apache2') ? '# add "non-free" after all occurances of "main" in /etc/apt/sources.list' : null,
+							(Settings::Get('system.webserver') == 'apache2') ? '# this is needed for libapache2-mod-fastcgi to install' : null,
+							'apt-get install '.((Settings::Get('system.webserver') == 'apache2') ? 'apache2-suexec libapache2-mod-fastcgi ' : '') . 'php5-fpm',
 							'rm /etc/php5/fpm/pool.d/www.conf',
-							'a2enmod suexec fastcgi actions',
+							(Settings::Get('system.webserver') == 'apache2') ? 'a2enmod suexec fastcgi actions' : null,
 							(Settings::Get('phpfpm.enabled_ownvhost') == '1') ? 'groupadd -f '.Settings::Get('phpfpm.vhost_httpgroup') : null,
 							(Settings::Get('phpfpm.enabled_ownvhost') == '1') ? 'useradd -s /bin/false -g '.Settings::Get('phpfpm.vhost_httpgroup').' '.Settings::Get('phpfpm.vhost_httpuser') : null,
+							(Settings::Get('phpfpm.enabled_ownvhost') == '1') ? 'usermod -aG '.Settings::Get('phpfpm.vhost_httpgroup').' '.Settings::Get('system.httpuser') : null,
 							(Settings::Get('phpfpm.enabled_ownvhost') == '1') ? 'chown -R '.Settings::Get('phpfpm.vhost_httpuser').':'.Settings::Get('phpfpm.vhost_httpgroup').' '.FROXLOR_INSTALL_DIR : null,
-							(Settings::Get('phpfpm.enabled_ownvhost') == '1') ? 'a2dismod php5' : null
+							(Settings::Get('system.webserver') == 'apache2' && Settings::Get('phpfpm.enabled_ownvhost') == '1') ? 'a2dismod php5' : null
+						),
+						'restart' => array(
+							Settings::Get('system.apachereload_command')
 						)
 					)
 				)

lib/configfiles_index.inc.php

@@ -19,7 +19,10 @@
 
 $configcommand = array();
 
-if (isConfigDir(Settings::Get('system.apacheconf_vhost'))) {
+$vhostDir = new frxDirectory(Settings::Get('system.apacheconf_vhost'));
+$optsDir = new frxDirectory(Settings::Get('system.apacheconf_diroptions'));
+
+if ($vhostDir->isConfigDir()) {
 	$configcommand['vhost'] = 'mkdir -p ' . Settings::Get('system.apacheconf_vhost');
 	$configcommand['include'] = 'echo -e "\\nInclude ' . makeCorrectDir(Settings::Get('system.apacheconf_vhost')) . '*.conf" >> ' . makeCorrectFile(makeCorrectDir('/etc/apache2/httpd.conf'));
 	$configcommand['v_inclighty'] = 'echo -e \'\\ninclude_shell "cat ' . makeCorrectDir(Settings::Get('system.apacheconf_vhost')) . '*.conf"\' >> /etc/lighttpd/lighttpd.conf';
@@ -29,7 +32,7 @@ if (isConfigDir(Settings::Get('system.apacheconf_vhost'))) {
 	$configcommand['v_inclighty'] = 'echo -e \'\\ninclude "' . Settings::Get('system.apacheconf_vhost') . '"\' >> /etc/lighttpd/lighttpd.conf';
 }
 
-if (isConfigDir(Settings::Get('system.apacheconf_diroptions'))) {
+if ($optsDir->isConfigDir()) {
 	$configcommand['diroptions'] = 'mkdir -p ' . Settings::Get('system.apacheconf_diroptions');
 	$configcommand['d_inclighty'] = 'echo -e \'\\ninclude_shell "cat ' . makeCorrectDir(Settings::Get('system.apacheconf_diroptions')) . '*.conf"\' >> /etc/lighttpd/lighttpd.conf';
 } else {
@@ -45,7 +48,7 @@ $configfiles = array_merge(
 	include $cfgPath . 'precise.inc.php',
 	include $cfgPath . 'lucid.inc.php',
 	include $cfgPath . 'gentoo.inc.php',
-	include $cfgPath . 'suse11.inc.php',
+	include $cfgPath . 'sle11.inc.php',
 	include $cfgPath . 'sle10.inc.php',
 	include $cfgPath . 'freebsd.inc.php'
 );

lib/cron_init.php

@@ -143,7 +143,7 @@ fwrite($debugHandler, 'Database-connection established' . "\n");
  * if using fcgid or fpm for froxlor-vhost itself, we have to check
  * whether the permission of the files are still correct
  */
-fwrite($debugHandler, 'Checking froxlor file permissions');
+fwrite($debugHandler, 'Checking froxlor file permissions'."\n");
 $_mypath = makeCorrectDir(FROXLOR_INSTALL_DIR);
 
 if (((int)Settings::Get('system.mod_fcgid') == 1 && (int)Settings::Get('system.mod_fcgid_ownvhost') == 1)

lib/formfields/admin/admin/formfield.admin_add.php

@@ -38,6 +38,7 @@ return array(
 					'admin_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					),
 					'def_language' => array(

lib/formfields/admin/admin/formfield.admin_edit.php

@@ -47,6 +47,7 @@ return array(
 					'admin_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 						'visible' => ($result['adminid'] == $userinfo['userid'] ? false : true)
 					),

lib/formfields/admin/customer/formfield.customer_add.php

@@ -52,6 +52,7 @@ return array(
 					'new_customer_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					),
 					'sendpassword' => array(

lib/formfields/admin/customer/formfield.customer_edit.php

@@ -58,6 +58,7 @@ return array(
 					'new_customer_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					),
 					'def_language' => array(
@@ -251,6 +252,18 @@ return array(
 						'value' => array($result['perlenabled'])
 					)
 				)
+			),
+			'section_d' => array(
+				'title' => $lng['admin']['movetoadmin'],
+				'image' => 'icons/user_edit.png',
+				'visible' => ($admin_select_cnt > 1),
+				'fields' => array(
+					'move_to_admin' => array(
+						'label' => $lng['admin']['movecustomertoadmin'],
+						'type' => 'select',
+						'select_var' => $admin_select
+					)
+				)
 			)
 		)
 	)

lib/formfields/admin/domains/formfield.domains_add.php

@@ -136,7 +136,7 @@ return array(
 					),
 					'specialsettings' => array(
 						'visible' => ($userinfo['change_serversettings'] == '1' ? true : false),
-						'style' => 'vertical-align:top;',
+						'style' => 'align-top',
 						'label' => $lng['admin']['ownvhostsettings'],
 						'desc' => $lng['serversettings']['default_vhostconf']['description'],
 						'type' => 'textarea',

lib/formfields/admin/domains/formfield.domains_edit.php

@@ -147,7 +147,7 @@ return array(
 					),
 					'specialsettings' => array(
 						'visible' => ($userinfo['change_serversettings'] == '1' ? true : false),
-						'style' => 'vertical-align:top;',
+						'style' => 'align-top',
 						'label' => $lng['admin']['ownvhostsettings'],
 						'desc' => $lng['serversettings']['default_vhostconf']['description'],
 						'type' => 'textarea',

lib/formfields/admin/domains/formfield.domains_import.php

@@ -0,0 +1,56 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Formfields
+ *
+ */
+
+return array(
+	'domain_import' => array(
+		'title' => $lng['domains']['domain_import'],
+		'image' => 'icons/domain_add.png',
+		'sections' => array(
+			'section_a' => array(
+				'title' => $lng['domains']['domain_import'],
+				'image' => 'icons/domain_add.png',
+				'fields' => array(
+					'customerid' => array(
+						'label' => $lng['admin']['customer'],
+						'type' => 'select',
+						'select_var' => $customers,
+						'mandatory' => true,
+					),
+					'separator' => array(
+						'label' => $lng['domains']['import_separator'],
+						'type' => 'text',
+						'mandatory' => true,
+						'size' => 5,
+						'value' => ';'
+					),
+					'offset' => array(
+						'label' => $lng['domains']['import_offset'],
+						'type' => 'text',
+						'mandatory' => true,
+						'size' => 10,
+						'value' => '0'
+					),
+					'file' => array(
+						'label' => $lng['domains']['import_file'],
+						'type' => 'file',
+						'mandatory' => true
+					)
+				)
+			)
+		)
+	)
+);

lib/formfields/admin/ipsandports/formfield.ipsandports_add.php

@@ -69,7 +69,7 @@ return array(
 						'type' => 'text'
 					),
 					'specialsettings' => array(
-						'style' => 'vertical-align:top;',
+						'style' => 'align-top',
 						'label' => $lng['admin']['ownvhostsettings'],
 						'desc' => $lng['serversettings']['default_vhostconf']['description'],
 						'type' => 'textarea',
@@ -91,7 +91,7 @@ return array(
 				'image' => 'icons/ipsports_add.png',
 				'fields' => array(
 					'default_vhostconf_domain' => array(
-						'style' => 'vertical-align:top;',
+						'style' => 'align-top',
 						'label' => $lng['admin']['ipsandports']['default_vhostconf_domain'],
 						'desc' => $lng['serversettings']['default_vhostconf_domain']['description'],
 						'type' => 'textarea',

lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php

@@ -72,7 +72,7 @@ return array(
 						'value' => $result['docroot']
 					),
 					'specialsettings' => array(
-						'style' => 'vertical-align:top;',
+						'style' => 'align-top',
 						'label' => $lng['admin']['ownvhostsettings'],
 						'desc' => $lng['serversettings']['default_vhostconf']['description'],
 						'type' => 'textarea',
@@ -95,7 +95,7 @@ return array(
 				'image' => 'icons/ipsports_edit.png',
 				'fields' => array(
 					'default_vhostconf_domain' => array(
-						'style' => 'vertical-align:top;',
+						'style' => 'align-top',
 						'label' => $lng['admin']['ipsandports']['default_vhostconf_domain'],
 						'desc' => $lng['serversettings']['default_vhostconf_domain']['description'],
 						'type' => 'textarea',

lib/formfields/admin/phpconfig/formfield.phpconfig_add.php

@@ -78,7 +78,7 @@ return array(
 						'value' => '5s'
 					),
 					'phpsettings' => array(
-						'style' => 'vertical-align:top;',
+						'style' => 'align-top',
 						'label' => $lng['admin']['phpsettings']['phpinisettings'],
 						'type' => 'textarea',
 						'cols' => 80,

lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php

@@ -81,7 +81,7 @@ return array(
 						'value' => $result['fpm_reqslow']
 					),
 					'phpsettings' => array(
-						'style' => 'vertical-align:top;',
+						'style' => 'align-top',
 						'label' => $lng['admin']['phpsettings']['phpinisettings'],
 						'type' => 'textarea',
 						'cols' => 80,

lib/formfields/admin/templates/formfield.template_add.php

@@ -32,16 +32,19 @@ return array(
 					),
 					'template' => array(
 						'label' => $lng['admin']['templates']['action'],
-						'type' => 'select',
-						'select_var' => $template_options
+						'type' => 'hidden',
+						'value' => $template,
+						'display' => $lng['admin']['templates'][$template]
 					),
 					'subject' => array(
 						'label' => $lng['admin']['templates']['subject'],
-						'type' => 'text'
+						'type' => 'text',
+						'value' => $subject
 					),
 					'mailbody' => array(
 						'label' => $lng['admin']['templates']['mailbody'],
 						'type' => 'textarea',
+						'value' => $body,
 						'cols' => 60,
 						'rows' => 12
 					)

lib/formfields/admin/tickets/formfield.ticket_new.php

@@ -45,7 +45,7 @@ return array(
 						'select_var' => $categories
 					),
 					'message' => array(
-						'style' => 'vertical-align:top;',
+						'style' => 'align-top',
 						'label' => $lng['ticket']['message'],
 						'type' => 'textarea',
 						'cols' => 60,

lib/formfields/admin/tickets/formfield.ticket_reply.php

@@ -41,7 +41,7 @@ return array(
 						'value' => htmlentities($row['name']),
 					),
 					'message' => array(
-						'style' => 'vertical-align:top;',
+						'style' => 'align-top',
 						'label' => $lng['ticket']['message'],
 						'type' => 'textarea',
 						'cols' => 60,

lib/formfields/customer/domains/formfield.domain_ssleditor.php

@@ -25,7 +25,7 @@ return array(
 				'image' => 'icons/ssl.png',
 				'fields' => array(
 					'ssl_cert_file' => array(
-						'style' => 'vertical-align:top;',
+						'style' => 'align-top',
 						'label' => $lng['admin']['ipsandports']['ssl_cert_file_content'],
 						'desc' => $lng['admin']['ipsandports']['ssl_paste_description'],
 						'type' => 'textarea',
@@ -34,7 +34,7 @@ return array(
 						'value' => $result['ssl_cert_file']
 					),
 					'ssl_key_file' => array(
-						'style' => 'vertical-align:top;',
+						'style' => 'align-top',
 						'label' => $lng['admin']['ipsandports']['ssl_key_file_content'],
 						'desc' => $lng['admin']['ipsandports']['ssl_paste_description'],
 						'type' => 'textarea',
@@ -43,7 +43,7 @@ return array(
 						'value' => $result['ssl_key_file']
 					),
 					'ssl_cert_chainfile' => array(
-						'style' => 'vertical-align:top;',
+						'style' => 'align-top',
 						'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile_content'],
 						'desc' => $lng['admin']['ipsandports']['ssl_paste_description'].$lng['admin']['ipsandports']['ssl_cert_chainfile_content_desc'],
 						'type' => 'textarea',
@@ -52,7 +52,7 @@ return array(
 						'value' => $result['ssl_cert_chainfile']
 					),
 					'ssl_ca_file' => array(
-						'style' => 'vertical-align:top;',
+						'style' => 'align-top',
 						'label' => $lng['admin']['ipsandports']['ssl_ca_file_content'],
 						'desc' => $lng['admin']['ipsandports']['ssl_paste_description'].$lng['admin']['ipsandports']['ssl_ca_file_content_desc'],
 						'type' => 'textarea',

lib/formfields/customer/email/formfield.emails_accountchangepasswd.php

@@ -37,6 +37,7 @@ return array(
 					'email_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					)
 				)

lib/formfields/customer/email/formfield.emails_addaccount.php

@@ -37,6 +37,7 @@ return array(
 					'email_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					),
 					'email_quota' => array(

lib/formfields/customer/extras/formfield.htpasswd_add.php

@@ -43,6 +43,7 @@ return array(
 					'directory_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					),
 					'directory_authname' => array(

lib/formfields/customer/extras/formfield.htpasswd_edit.php

@@ -42,6 +42,7 @@ return array(
 					'directory_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					),
 					'directory_authname' => array(

lib/formfields/customer/ftp/formfield.ftp_add.php

@@ -53,6 +53,7 @@ return array(
 					'ftp_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					),
 					'sendinfomail' => array(

lib/formfields/customer/ftp/formfield.ftp_edit.php

@@ -49,6 +49,7 @@ return array(
 					'ftp_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					)
 				)

lib/formfields/customer/mysql/formfield.mysql_add.php

@@ -41,6 +41,7 @@ return array(
 					'mysql_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					),
 					'sendinfomail' => array(

lib/formfields/customer/mysql/formfield.mysql_edit.php

@@ -47,6 +47,7 @@ return array(
 					'mysql_password_suggestion' => array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
+						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
 					)
 				)

lib/functions/filedir/function.findDirs.php

@@ -21,70 +21,42 @@
  * Returns an array of found directories
  *
  * This function checks every found directory if they match either $uid or $gid, if they do
- * the found directory is valid. It uses recursive function calls to find subdirectories. Due
- * to the recursive behauviour this function may consume much memory.
+ * the found directory is valid. It uses recursive-iterators to find subdirectories.
  *
- * @param  string   path       The path to start searching in
- * @param  integer  uid        The uid which must match the found directories
- * @param  integer  gid        The gid which must match the found direcotries
- * @param  array    _fileList  recursive transport array !for internal use only!
- * @return array    Array of found valid pathes
+ * @param  string $path the path to start searching in
+ * @param  int $uid the uid which must match the found directories
+ * @param  int $gid the gid which must match the found direcotries
  *
- * @author Martin Burchert  <martin.burchert@syscp.de>
- * @author Manuel Bernhardt <manuel.bernhardt@syscp.de>
+ * @return array Array of found valid pathes
  */
+function findDirs($path, $uid, $gid) {
 
-function findDirs($path, $uid, $gid)
-{
-	$list = array(
-		$path
-	);
-	$_fileList = array();
+	$_fileList = array ();
+	$path = makeCorrectDir($path);
 
-	while(sizeof($list) > 0)
-	{
-		$path = array_pop($list);
-		$path = makeCorrectDir($path);
+	// valid directory?
+	if (is_dir($path)) {
+		try {
+			// create RecursiveIteratorIterator
+			$its = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path));
+			// we can limit the recursion-depth, but will it be helpful or
+			// will people start asking "why do I only see 2 subdirectories, i want to use /a/b/c"
+			// let's keep this in mind and see whether it will be useful
+			// @TODO
+			// $its->setMaxDepth(2);
 
-		if(!is_readable($path) || !is_executable($path))
-		{
-			//return $_fileList;
-			// only 'skip' this directory, #611
-			continue;
-		}
-
-		$dh = opendir($path);
-
-		if($dh === false)
-		{
-			/*
-			 * this should never be called because we checked
-			 * 'is_readable' before...but we never know what might happen
-			 */
-			standard_error('cannotreaddir', $path);
-			return null;
-		}
-		else
-		{
-			while(false !== ($file = @readdir($dh)))
-			{
-				if($file == '.'
-				   && (fileowner($path . '/' . $file) == $uid || filegroup($path . '/' . $file) == $gid))
-				{
-					$_fileList[] = makeCorrectDir($path);
-				}
-
-				if(is_dir($path . '/' . $file)
-				   && $file != '..'
-				   && $file != '.')
-				{
-					array_push($list, $path . '/' . $file);
+			// check every file
+			foreach ($its as $fullFileName => $it) {
+				if ($it->isDir() && (fileowner($fullFileName) == $uid || filegroup($fullFileName) == $gid)) {
+					$_fileList[] = makeCorrectDir(dirname($fullFileName));
 				}
 			}
-
-			@closedir($dh);
+		} catch (UnexpectedValueException $e) {
+			// this is thrown if the directory is not found or not readble etc.
+			// just ignore and keep going
 		}
 	}
 
-	return $_fileList;
+	return array_unique($_fileList);
+
 }

lib/functions/filedir/function.isConfigDir.php

@@ -1,48 +0,0 @@
-<?php
-
-/**
- * This file is part of the Froxlor project.
- * Copyright (c) 2003-2009 the SysCP Team (see authors).
- * Copyright (c) 2010 the Froxlor Team (see authors).
- *
- * For the full copyright and license information, please view the COPYING
- * file that was distributed with this source code. You can also view the
- * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
- *
- * @copyright  (c) the authors
- * @author     Florian Lippert <flo@syscp.org> (2003-2009)
- * @author     Froxlor team <team@froxlor.org> (2010-)
- * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
- * @package    Functions
- *
- */
-
-/**
- * Checks if a given directory is valid for multiple configurations
- * or should rather be used as a single file
- *
- * @param  string The dir
- * @return bool   true if usable as dir, false otherwise
- *
- * @author Florian Lippert <flo@syscp.org>
- */
-function isConfigDir($dir, $ifexists = false) {
-	if (file_exists($dir)) {
-		if (is_dir($dir)) {
-			$returnval = true;
-		} else {
-			$returnval = false;
-		}
-	} else {
-		if (!$ifexists) {
-			if (substr($dir, -1) == '/') {
-				$returnval = true;
-			} else {
-				$returnval = false;
-			}
-		} else {
-			$returnval = false;
-		}
-	}
-	return $returnval;
-}

lib/functions/filedir/function.safe_exec.php

@@ -20,24 +20,27 @@
 /**
  * Wrapper around the exec command.
  *
- * @param string exec_string String to be executed
+ * @param string $exec_string command to be executed
+ * @param string $return_value referenced variable where the output is stored
+ * @param array $allowedChars optional array of allowed characters in path/command
  * 
- * @return string The result of the exec()
+ * @return string result of exec()
  */
-function safe_exec($exec_string, &$return_value = false) {
+function safe_exec($exec_string, &$return_value = false, $allowedChars = null) {
 
-	// check for bad signs in execute command
-	if ((stristr($exec_string, ';'))
-	   || (stristr($exec_string, '|'))
-	   || (stristr($exec_string, '&'))
-	   || (stristr($exec_string, '>'))
-	   || (stristr($exec_string, '<'))
-	   || (stristr($exec_string, '`'))
-	   || (stristr($exec_string, '$'))
-	   || (stristr($exec_string, '~'))
-	   || (stristr($exec_string, '?'))
-	) {
-		die('SECURITY CHECK FAILED!' . "\n" . 'The execute string "' . htmlspecialchars($exec_string) . '" is a possible security risk!' . "\n" . 'Please check your whole server for security problems by hand!' . "\n");
+	$disallowed = array(';', '|', '&', '>', '<', '`', '$', '~', '?');
+
+	$acheck = false;
+	if ($allowedChars != null && is_array($allowedChars) && count($allowedChars) > 0) {
+		$acheck = true;
+	}
+
+	foreach ($disallowed as $dc) {
+		if ($acheck && in_array($dc, $allowedChars)) continue;
+		// check for bad signs in execute command
+		if (stristr($exec_string, $dc)) {
+			die("SECURITY CHECK FAILED!\nThe execute string '" . $exec_string . "' is a possible security risk!\nPlease check your whole server for security problems by hand!\n");
+		}
 	}
 
 	// execute the command and return output

lib/functions/formfields/file/function.getFormFieldOutputFile.php

@@ -9,24 +9,16 @@
  * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
  *
  * @copyright  (c) the authors
- * @author     Florian Aders <eleras@froxlor.org>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
  * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
  * @package    Functions
  *
  */
 
-/**
- * Convert a string to UTF-8 if needed
- * @param string String to be converted
- * @return string UTF-8 encoded string
- *
- * @author Florian Aders <eleras@froxlor.org>
- */
-
-function convertUtf8 ($string) {
-	if (!isUtf8($string))
-	{
-		$string = utf8_encode($string);
-	}
-	return addslashes($string);
+function getFormFieldOutputFile($fieldname, $fielddata)
+{
+	$label = $fielddata['label'];
+	$value = htmlentities($fielddata['value']);
+	eval("\$returnvalue = \"" . getTemplate("formfields/text", true) . "\";");
+	return $returnvalue;
 }

lib/functions/formfields/file/function.validateFormFieldFile.php

@@ -0,0 +1,21 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Functions
+ *
+ */
+
+function validateFormFieldFile($fieldname, $fielddata, $newfieldvalue)
+{
+	return true;
+}

lib/functions/formfields/function.buildFormEx.php

@@ -42,6 +42,12 @@ function buildFormEx($form, $part = '') {
 					}
 				}
 
+				// visible = Settings::Get('phpfpm.enabled') for example would result in false if not enabled
+				// and therefore not shown as intended
+				if (isset($groupdetails['visible'])) {
+					$do_show = $groupdetails['visible'];
+				}
+
 				if ($do_show) {
 					if (isset($groupdetails['title']) && $groupdetails['title'] != '') {
 						$fields .= getFormGroupOutput($groupname, $groupdetails);

lib/functions/formfields/function.getFormFieldData.php

@@ -39,5 +39,5 @@ function getFormFieldData($fieldname, $fielddata, &$input)
 		}
 	}
 	
-	return $newfieldvalue;
+	return trim($newfieldvalue);
 }

lib/functions/formfields/function.getFormFieldOutput.php

@@ -54,6 +54,12 @@ function getFormFieldOutput($fieldname, $fielddata) {
 			}
 		}
 
+		// visible = Settings::Get('phpfpm.enabled') for example would result in false if not enabled
+		// and therefore not shown as intended
+		if (isset($fielddata['visible'])) {
+			$do_show = $fielddata['visible'];
+		}
+
 		if ($do_show) {
 			$returnvalue = call_user_func('getFormFieldOutput' . ucfirst($fielddata['type']), $fieldname, $fielddata);
 		}

lib/functions/formfields/string/function.validateFormFieldString.php

@@ -21,7 +21,7 @@ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue)
 {
 	if(isset($fielddata['string_delimiter']) && $fielddata['string_delimiter'] != '')
 	{
-		$newfieldvalues = explode($fielddata['string_delimiter'], $newfieldvalue);
+		$newfieldvalues = array_map('trim', explode($fielddata['string_delimiter'], $newfieldvalue));
 		unset($fielddata['string_delimiter']);
 
 		$returnvalue = true;
@@ -107,11 +107,8 @@ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue)
 			}
 		}
 		elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'validate_ip') {
-			$newfieldvalue = validate_ip($newfieldvalue, true);
-			if ($newfieldvalue === false) {
-				$newfieldvalue = '';
-			}
-			$returnvalue = false;
+			$newfieldvalue = validate_ip2($newfieldvalue);
+			$returnvalue = ($newfieldvalue !== false ? true : 'invalidip');
 		}
 		elseif (preg_match('/^[^\r\n\t\f\0]*$/D', $newfieldvalue)) {
 			$returnvalue = true;

lib/functions/froxlor/function.checkCrondConfigurationFile.php

@@ -32,9 +32,14 @@ function checkCrondConfigurationFile() {
 	if ($num_results > 0) {
 
 		// get all crons and their intervals
-		$cronfile = "# automatically generated cron-configuration by froxlor\n";
-		$cronfile.= "# do not manually edit this file as it will be re-generated periodically.\n";
-		$cronfile.= "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n#\n";
+		if (isFreeBSD()) {
+			// FreeBSD does not need a header as we are writing directly to the crontab
+			$cronfile = "\n";
+		} else {
+			$cronfile = "# automatically generated cron-configuration by froxlor\n";
+			$cronfile.= "# do not manually edit this file as it will be re-generated periodically.\n";
+			$cronfile.= "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n#\n";
+		}
 
 		// get all the crons
 		$result_stmt = Database::query("
@@ -90,10 +95,37 @@ function checkCrondConfigurationFile() {
 			}
 		}
 
+		if (isFreeBSD()) {
+			// FreeBSD handles the cron-stuff in another way. We need to directly
+			// write to the crontab file as there is not cron.d/froxlor file
+			// (settings for system.cronconfig should be set correctly of course)
+			$crontab = file_get_contents(Settings::Get("system.cronconfig"));
+
+			if ($crontab === false) {
+				die("Oh snap, we cannot read the crontab file. This should not happen.\nPlease check the path and permissions, the cron will keep trying if you don't stop the cron-service.\n\n");
+			}
+
+			// now parse out / replace our entries
+			$crontablines = explode("\n", $crontab);
+			$newcrontab = "";
+			foreach ($crontablines as $ctl) {
+				$ctl = trim($ctl);
+				if (!empty($ctl) && !preg_match("/(.*)froxlor_master_cronjob\.php(.*)/", $ctl)) {
+					$newcrontab .= $ctl."\n";
+				}
+			}
+
+			// re-assemble old-content + new froxlor-content
+			$newcrontab .= $cronfile;
+
+			// now continue with writing the file
+			$cronfile = $newcrontab;
+		}
+
 		// write the file
 		if (file_put_contents(Settings::Get("system.cronconfig"), $cronfile) === false) {
 			// oh snap cannot create new crond-file
-			die("Oh snap, we cannot create the cron.d file. This should not happen.\nPlease check the path and permissions, the cron will keep trying if you don't stop the cron-service.\n\n");
+			die("Oh snap, we cannot create the cron-file. This should not happen.\nPlease check the path and permissions, the cron will keep trying if you don't stop the cron-service.\n\n");
 		}
 		// correct permissions
 		chmod(Settings::Get("system.cronconfig"), 0640);

lib/functions/froxlor/function.generatePassword.php

@@ -19,8 +19,28 @@
  * Generates a random password
  */
 function generatePassword() {
-	return substr(
-		base64_encode(sha1(md5(uniqid(microtime(), 1))).md5(uniqid(microtime(), 1)).sha1(md5(uniqid(microtime(), 1)))),
-		rand(5, 50), (Settings::Get('panel.password_min_length') > 0 ? Settings::Get('panel.password_min_length') : 10)
-	);
+	$alpha_lower = 'abcdefghijklmnopqrstuvwxyz';
+	$alpha_upper = strtoupper($alpha_lower);
+	$numeric = '0123456789';
+	$special = Settings::Get('panel.password_special_char');
+	$length = Settings::Get('panel.password_min_length') > 3 ? Settings::Get('panel.password_min_length') : 10;
+
+	$pw = str_shuffle($alpha_lower);
+	$n = floor(($length)/4);
+
+	if (Settings::Get('panel.password_alpha_upper')) {
+		$pw .= substr(str_shuffle($alpha_upper), 0, $n);
+	}
+
+	if (Settings::Get('panel.password_numeric')) {
+		$pw .= substr(str_shuffle($numeric), 0, $n);
+	}
+
+	if (Settings::Get('panel.password_special_char_required')) {
+		$pw .= substr(str_shuffle($special), 0, $n);
+	}
+
+	$pw = substr($pw, -$length);
+
+	return str_shuffle($pw);
 }

lib/functions/froxlor/function.inserttask.php

@@ -25,10 +25,15 @@
  * @param string Parameter 2
  * @param string Parameter 3
  * @author Florian Lippert <flo@syscp.org>
+ * @author Froxlor team <team@froxlor.org>
  */
-
 function inserttask($type, $param1 = '', $param2 = '', $param3 = '', $param4 = '') {
 
+	// prepare the insert-statement
+	$ins_stmt = Database::prepare("
+		INSERT INTO `" . TABLE_PANEL_TASKS . "` SET `type` = :type, `data` = :data
+	");
+
 	if ($type == '1'
 		|| $type == '3'
 		|| $type == '4'
@@ -44,14 +49,15 @@ function inserttask($type, $param1 = '', $param2 = '', $param3 = '', $param4 = '
 		if ($type == '10' && Settings::Get('system.diskquota_enabled') == '0') {
 			return;
 		}
+
+		// delete previously inserted tasks if they are the same as we only need ONE
 		$del_stmt = Database::prepare("
 			DELETE FROM `" . TABLE_PANEL_TASKS . "` WHERE `type` = :type
 		");
 		Database::pexecute($del_stmt, array('type' => $type));
-		$ins_stmt = Database::prepare("
-			INSERT INTO `" . TABLE_PANEL_TASKS . "` SET `type` = :type
-		");
-		Database::pexecute($ins_stmt, array('type' => $type));
+
+		// insert the new task
+		Database::pexecute($ins_stmt, array('type' => $type, 'data' => ''));
 
 	} elseif ($type == '2'
 		&& $param1 != ''
@@ -65,10 +71,7 @@ function inserttask($type, $param1 = '', $param2 = '', $param3 = '', $param4 = '
 		$data['gid'] = $param3;
 		$data['store_defaultindex'] = $param4;
 		$data = serialize($data);
-		$ins_stmt = Database::prepare("
-			INSERT INTO `" . TABLE_PANEL_TASKS . "` SET `type` = '2', `data` = :data
-		");
-		Database::pexecute($ins_stmt, array('data' => $data));
+		Database::pexecute($ins_stmt, array('type' => '2', 'data' => $data));
 
 	} elseif ($type == '6'
 		&& $param1 != ''
@@ -76,10 +79,7 @@ function inserttask($type, $param1 = '', $param2 = '', $param3 = '', $param4 = '
 		$data = array();
 		$data['loginname'] = $param1;
 		$data = serialize($data);
-		$ins_stmt = Database::prepare("
-			INSERT INTO `" . TABLE_PANEL_TASKS . "` SET `type` = '6', `data` = :data
-		");
-		Database::pexecute($ins_stmt, array('data' => $data));
+		Database::pexecute($ins_stmt, array('type' => '6', 'data' => $data));
 
 	} elseif ($type == '7'
 		&& $param1 != ''
@@ -89,10 +89,7 @@ function inserttask($type, $param1 = '', $param2 = '', $param3 = '', $param4 = '
 		$data['loginname'] = $param1;
 		$data['email'] = $param2;
 		$data = serialize($data);
-		$ins_stmt = Database::prepare("
-			INSERT INTO `" . TABLE_PANEL_TASKS . "` SET `type` = '7', `data` = :data
-		");
-		Database::pexecute($ins_stmt, array('data' => $data));
+		Database::pexecute($ins_stmt, array('type' => '7', 'data' => $data));
 
 	} elseif ($type == '8'
 		&& $param1 != ''
@@ -102,10 +99,7 @@ function inserttask($type, $param1 = '', $param2 = '', $param3 = '', $param4 = '
 		$data['loginname'] = $param1;
 		$data['homedir'] = $param2;
 		$data = serialize($data);
-		$ins_stmt = Database::prepare("
-			INSERT INTO `" . TABLE_PANEL_TASKS . "` SET `type` = '8', `data` = :data
-		");
-		Database::pexecute($ins_stmt, array('data' => $data));
+		Database::pexecute($ins_stmt, array('type' => '8', 'data' => $data));
 
 	}
 }

lib/functions/froxlor/function.isUtf8.php

@@ -1,39 +0,0 @@
-<?php
-
-/**
- * This file is part of the Froxlor project.
- * Copyright (c) 2010 the Froxlor Team (see authors).
- *
- * For the full copyright and license information, please view the COPYING
- * file that was distributed with this source code. You can also view the
- * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
- *
- * @copyright  (c) the authors
- * @author     Florian Aders <eleras@froxlor.org>
- * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
- * @package    Functions
- *
- */
-
-/**
- * Function which checks if a string is UTF8 encoded or not
- * @param string String to be checked
- * @return bool true if string is UTF8 encoded
- *
- * @author Florian Aders <eleras@froxlor.org>
- */
-
-function isUtf8 ($string) {
-	// From http://w3.org/International/questions/qa-forms-utf-8.html
-	return preg_match('%^(?:
-		[\x09\x0A\x0D\x20-\x7E]            # ASCII
-		| [\xC2-\xDF][\x80-\xBF]            # non-overlong 2-byte
-		|  \xE0[\xA0-\xBF][\x80-\xBF]        # excluding overlongs
-		| [\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}  # straight 3-byte
-		|  \xED[\x80-\x9F][\x80-\xBF]        # excluding surrogates
-		|  \xF0[\x90-\xBF][\x80-\xBF]{2}    # planes 1-3
-		| [\xF1-\xF3][\x80-\xBF]{3}          # planes 4-15
-		|  \xF4[\x80-\x8F][\x80-\xBF]{2}    # plane 16
-		)*$%xs', $string
-	);
-}

lib/functions/froxlor/function.moveCustomerToAdmin.php

@@ -0,0 +1,57 @@
+<?php
+
+/**
+ * Function to move a given customer to a given admin/reseller
+ * and update all its references accordingly
+ *
+ * @param int $id customer-id
+ * @param int $adminid target-admin-id
+ *
+ * @return true on sucess, error-message on failure
+ */
+function moveCustomerToAdmin($id = 0, $adminid = 0) {
+	if ($id <= 0 || $adminid <= 0) {
+		return "no valid id's given";
+	}
+
+	// get current admin-id
+	$cAdmin_stmt = Database::prepare ( "
+		SELECT `adminid` FROM `" . TABLE_PANEL_CUSTOMERS . "`
+		WHERE `customerid` = :cid
+	" );
+	$cAdmin = Database::pexecute_first ( $cAdmin_stmt, array (
+			'cid' => $id
+	) );
+
+	// Update customer entry
+	$updCustomer_stmt = Database::prepare ( "
+		UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `adminid` = :adminid WHERE `customerid` = :cid
+	" );
+	Database::pexecute ( $updCustomer_stmt, array (
+			'adminid' => $cAdmin ['adminid'],
+			'cid' => $id
+	) );
+
+	// Update customer-domains
+	$updDomains_stmt = Database::prepare ( "
+		UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `adminid` = :adminid WHERE `customerid` = :cid
+	" );
+	Database::pexecute ( $updDomains_stmt, array (
+			'adminid' => $cAdmin ['adminid'],
+			'cid' => $id
+	) );
+
+	// Update customer-tickets
+	$updTickets_stmt = Database::prepare ( "
+		UPDATE `" . TABLE_PANEL_TICKETS . "` SET `adminid` = :adminid WHERE `customerid` = :cid
+	" );
+	Database::pexecute ( $updTickets_stmt, array (
+			'adminid' => $cAdmin ['adminid'],
+			'cid' => $id
+	) );
+
+	// now, recalculate the resource-usage for the old and the new admin
+	updateCounters ( false );
+
+	return true;
+}

lib/functions/froxlor/function.phpErrHandler.php

@@ -20,6 +20,11 @@ function phpErrHandler($errno, $errstr, $errfile, $errline, array $errcontext) {
 
 	if (!isset($_SERVER['SHELL']) || (isset($_SERVER['SHELL']) && $_SERVER['SHELL'] == '')) {
 		global $theme;
+
+		// fallback
+		if (empty($theme)) {
+			$theme = "Sparkle";
+		}
 		// if we're not on the shell, output a nicer error-message
 		$err_hint = file_get_contents(FROXLOR_INSTALL_DIR.'/templates/'.$theme.'/misc/phperrornice.tpl');
 		// replace values

lib/functions/froxlor/function.updateCounters.php

@@ -26,7 +26,7 @@
  * @author Froxlor team <team@froxlor.org> (2010-)
  */
 function updateCounters($returndebuginfo = false) {
-	global $theme;
+
 	$returnval = array();
 
 	if($returndebuginfo === true) {
@@ -36,94 +36,25 @@ function updateCounters($returndebuginfo = false) {
 		);
 	}
 
-	$admin_resources = array();
-
 	// Customers
-
 	$customers_stmt = Database::prepare('SELECT * FROM `' . TABLE_PANEL_CUSTOMERS . '` ORDER BY `customerid`');
-	Database::pexecute($customers_stmt, array());
+	Database::pexecute($customers_stmt);
 
-	while($customer = $customers_stmt->fetch(PDO::FETCH_ASSOC)) {
-		if(!isset($admin_resources[$customer['adminid']])) {
-			$admin_resources[$customer['adminid']] = Array();
+	$admin_resources = array();
+	while ($customer = $customers_stmt->fetch(PDO::FETCH_ASSOC)) {
+
+		$cur_adm = $customer['adminid'];
+
+		// initialize admin-resources array for admin $customer['adminid']
+		if (!isset($admin_resources[$cur_adm])) {
+			$admin_resources[$cur_adm] = array();
 		}
 
-		if(!isset($admin_resources[$customer['adminid']]['diskspace_used'])) {
-			$admin_resources[$customer['adminid']]['diskspace_used'] = 0;
-		}
+		_addResourceCountEx($admin_resources[$cur_adm], $customer, 'diskspace_used', 'diskspace');
+		_addResourceCountEx($admin_resources[$cur_adm], $customer, 'traffic_used', 'traffic_used'); // !!! yes, USED and USED
 
-		if(($customer['diskspace'] / 1024) != '-1') {
-			$admin_resources[$customer['adminid']]['diskspace_used']+= intval_ressource($customer['diskspace']);
-		}
-
-		if(!isset($admin_resources[$customer['adminid']]['traffic_used'])) {
-			$admin_resources[$customer['adminid']]['traffic_used'] = 0;
-		}
-
-		$admin_resources[$customer['adminid']]['traffic_used']+= $customer['traffic_used'];
-
-		if(!isset($admin_resources[$customer['adminid']]['mysqls_used'])) {
-			$admin_resources[$customer['adminid']]['mysqls_used'] = 0;
-		}
-
-		if($customer['mysqls'] != '-1') {
-			$admin_resources[$customer['adminid']]['mysqls_used']+= intval_ressource($customer['mysqls']);
-		}
-
-		if(!isset($admin_resources[$customer['adminid']]['ftps_used'])) {
-			$admin_resources[$customer['adminid']]['ftps_used'] = 0;
-		}
-
-		if($customer['ftps'] != '-1') {
-			$admin_resources[$customer['adminid']]['ftps_used']+= intval_ressource($customer['ftps']);
-		}
-
-		if(!isset($admin_resources[$customer['adminid']]['tickets_used'])) {
-			$admin_resources[$customer['adminid']]['tickets_used'] = 0;
-		}
-
-		if($customer['tickets'] != '-1') {
-			$admin_resources[$customer['adminid']]['tickets_used']+= intval_ressource($customer['tickets']);
-		}
-
-		if(!isset($admin_resources[$customer['adminid']]['emails_used'])) {
-			$admin_resources[$customer['adminid']]['emails_used'] = 0;
-		}
-
-		if($customer['emails'] != '-1') {
-			$admin_resources[$customer['adminid']]['emails_used']+= intval_ressource($customer['emails']);
-		}
-
-		if(!isset($admin_resources[$customer['adminid']]['email_accounts_used'])) {
-			$admin_resources[$customer['adminid']]['email_accounts_used'] = 0;
-		}
-
-		if($customer['email_accounts'] != '-1') {
-			$admin_resources[$customer['adminid']]['email_accounts_used']+= intval_ressource($customer['email_accounts']);
-		}
-
-		if(!isset($admin_resources[$customer['adminid']]['email_forwarders_used'])) {
-			$admin_resources[$customer['adminid']]['email_forwarders_used'] = 0;
-		}
-
-		if($customer['email_forwarders'] != '-1') {
-			$admin_resources[$customer['adminid']]['email_forwarders_used']+= intval_ressource($customer['email_forwarders']);
-		}
-
-		if(!isset($admin_resources[$customer['adminid']]['email_quota_used'])) {
-			$admin_resources[$customer['adminid']]['email_quota_used'] = 0;
-		}
-
-		if($customer['email_quota'] != '-1') {
-			$admin_resources[$customer['adminid']]['email_quota_used']+= intval_ressource($customer['email_quota']);
-		}
-
-		if(!isset($admin_resources[$customer['adminid']]['subdomains_used'])) {
-			$admin_resources[$customer['adminid']]['subdomains_used'] = 0;
-		}
-
-		if($customer['subdomains'] != '-1') {
-			$admin_resources[$customer['adminid']]['subdomains_used']+= intval_ressource($customer['subdomains']);
+		foreach (array('mysqls', 'ftps', 'emails', 'email_accounts', 'tickets', 'email_forwarders', 'email_quota', 'subdomains') as $field) {
+			_addResourceCount($admin_resources[$cur_adm], $customer, $field.'_used', $field);
 		}
 
 		$customer_mysqls_stmt = Database::prepare('SELECT COUNT(*) AS `number_mysqls` FROM `' . TABLE_PANEL_DATABASES . '`
@@ -206,7 +137,6 @@ function updateCounters($returndebuginfo = false) {
 	}
 
 	// Admins
-
 	$admins_stmt = Database::prepare('SELECT * FROM `' . TABLE_PANEL_ADMINS . '` ORDER BY `adminid`');
 	Database::pexecute($admins_stmt, array());
 
@@ -219,70 +149,17 @@ function updateCounters($returndebuginfo = false) {
 		$admin_domains = Database::pexecute_first($admin_domains_stmt, array("aid" => $admin['adminid']));
 		$admin['domains_used_new'] = $admin_domains['number_domains'];
 
-		if(!isset($admin_resources[$admin['adminid']])) {
-			$admin_resources[$admin['adminid']] = Array();
+		$cur_adm = $admin['adminid'];
+
+		if (!isset($admin_resources[$cur_adm])) {
+			$admin_resources[$cur_adm] = array();
 		}
 
-		if(!isset($admin_resources[$admin['adminid']]['diskspace_used'])) {
-			$admin_resources[$admin['adminid']]['diskspace_used'] = 0;
+		foreach (array('diskspace_used', 'traffic_used', 'mysqls_used', 'ftps_used', 'emails_used', 'email_accounts_used', 'tickets_used', 'email_forwarders_used', 'email_quota_used', 'subdomains_used') as $field) {
+			_initArrField($field, $admin_resources[$cur_adm], 0);
+			$admin[$field.'_new'] = $admin_resources[$cur_adm][$field];
 		}
 
-		$admin['diskspace_used_new'] = $admin_resources[$admin['adminid']]['diskspace_used'];
-
-		if(!isset($admin_resources[$admin['adminid']]['traffic_used'])) {
-			$admin_resources[$admin['adminid']]['traffic_used'] = 0;
-		}
-
-		$admin['traffic_used_new'] = $admin_resources[$admin['adminid']]['traffic_used'];
-
-		if(!isset($admin_resources[$admin['adminid']]['mysqls_used'])) {
-			$admin_resources[$admin['adminid']]['mysqls_used'] = 0;
-		}
-
-		$admin['mysqls_used_new'] = $admin_resources[$admin['adminid']]['mysqls_used'];
-
-		if(!isset($admin_resources[$admin['adminid']]['ftps_used'])) {
-			$admin_resources[$admin['adminid']]['ftps_used'] = 0;
-		}
-
-		$admin['ftps_used_new'] = $admin_resources[$admin['adminid']]['ftps_used'];
-
-		if(!isset($admin_resources[$admin['adminid']]['emails_used'])) {
-			$admin_resources[$admin['adminid']]['emails_used'] = 0;
-		}
-
-		$admin['emails_used_new'] = $admin_resources[$admin['adminid']]['emails_used'];
-
-		if(!isset($admin_resources[$admin['adminid']]['email_accounts_used'])) {
-			$admin_resources[$admin['adminid']]['email_accounts_used'] = 0;
-		}
-
-		$admin['email_accounts_used_new'] = $admin_resources[$admin['adminid']]['email_accounts_used'];
-
-		if(!isset($admin_resources[$admin['adminid']]['tickets_used'])) {
-			$admin_resources[$admin['adminid']]['tickets_used'] = 0;
-		}
-
-		$admin['tickets_used_new'] = $admin_resources[$admin['adminid']]['tickets_used'];
-
-		if(!isset($admin_resources[$admin['adminid']]['email_forwarders_used'])) {
-			$admin_resources[$admin['adminid']]['email_forwarders_used'] = 0;
-		}
-
-		$admin['email_forwarders_used_new'] = $admin_resources[$admin['adminid']]['email_forwarders_used'];
-
-		if(!isset($admin_resources[$admin['adminid']]['email_quota_used'])) {
-			$admin_resources[$admin['adminid']]['email_quota_used'] = 0;
-		}
-
-		$admin['email_quota_used_new'] = $admin_resources[$admin['adminid']]['email_quota_used'];
-
-		if(!isset($admin_resources[$admin['adminid']]['subdomains_used'])) {
-			$admin_resources[$admin['adminid']]['subdomains_used'] = 0;
-		}
-
-		$admin['subdomains_used_new'] = $admin_resources[$admin['adminid']]['subdomains_used'];
-
 		$stmt = Database::prepare('UPDATE `' . TABLE_PANEL_ADMINS . '` 
 			SET `customers_used` = :customers_used,
 				`domains_used` = :domains_used,
@@ -298,6 +175,7 @@ function updateCounters($returndebuginfo = false) {
 				`traffic_used` = :traffic_used
 			WHERE `adminid` = :aid'
 		);
+
 		$params = array(
 			"customers_used" => $admin['customers_used_new'],
 			"domains_used" => $admin['domains_used_new'],
@@ -322,3 +200,59 @@ function updateCounters($returndebuginfo = false) {
 
 	return $returnval;
 }
+
+/**
+ * initialize a field-value of an array if not yet initialized
+ *
+ * @param string $field
+ * @param array $arr reference
+ * @param int $init_value
+ *
+ * @return void
+ */
+function _initArrField($field = null, &$arr, $init_value = 0) {
+	if (!isset($arr[$field])) {
+		$arr[$field] = $init_value;
+	}
+}
+
+/**
+ * if the customer does not have unlimited resources, add the used resources
+ * to the admin-resource-counter
+ *
+ * @param array $arr reference
+ * @param array $customer_arr
+ * @param string $used_field
+ * @param string $field
+ *
+ * @return void
+ */
+function _addResourceCount(&$arr, $customer_arr, $used_field = null, $field = null) {
+	_initArrField($used_field, $arr, 0);
+	if ($customer_arr[$field] != '-1') {
+		$arr[$used_field] += intval($customer_arr[$used_field]);
+	}
+}
+
+/**
+ * if the customer does not have unlimited resources, add the used resources
+ * to the admin-resource-counter
+ * Special function wrapper for diskspace and traffic as they need to
+ * be calculated otherwise to get the -1 for unlimited
+ *
+ * @param array $arr reference
+ * @param array $customer_arr
+ * @param string $used_field
+ * @param string $field
+ *
+ * @return void
+ */
+function _addResourceCountEx(&$arr, $customer_arr, $used_field = null, $field = null) {
+	_initArrField($used_field, $arr, 0);
+	if ($field == 'diskspace' && ($customer_arr[$field] / 1024) != '-1') {
+		$arr[$used_field] += intval($customer_arr[$used_field]);
+	}
+	elseif ($field == 'traffic_used') {
+		$arr[$used_field] += intval($customer_arr[$used_field]);
+	}
+}

lib/functions/froxlor/function.updateFunctions.php

@@ -110,11 +110,13 @@ function showUpdateStep($task = null, $needs_status = true) {
 
 	global $updatelog, $filelog;
 
+	if (!$needs_status) echo "<b>";
+
 	// output
 	echo $task;
 
 	if (!$needs_status) {
-		echo "<br />";
+		echo "</b><br />";
 	}
 
 	$updatelog->logAction(ADM_ACTION, LOG_WARNING, $task);
@@ -139,24 +141,24 @@ function lastStepStatus($status = -1, $message = '') {
 
 		case 0:
 			$status_sign = ($message != '') ? '['.$message.']' : '[OK]';
-			$status_color = '1dcd00';
+			$status_color = 'ok';
 			break;
 		case 1:
 			$status_sign = ($message != '') ? '['.$message.']' : '[??]';
-			$status_color = 'db7100';
+			$status_color = 'warn';
 			break;
 		case 2:
 			$status_sign = ($message != '') ? '['.$message.']' : '[!!]';
-			$status_color = 'ff0000';
+			$status_color = 'err';
 			break;
 		default:
 			$status_sign = '[unknown]';
-			$status_color = '000000';
+			$status_color = 'unknown';
 			break;
 	}
 
 	// output
-	echo "<span style=\"margin-left: 5em; font-weight: bold; color: #".$status_color."\">".$status_sign."</span><br />";
+	echo "<span class=\"update-step update-step-".$status_color."\">".$status_sign."</span><br />";
 
 	if ($status == -1 || $status == 2) {
 		$updatelog->logAction(ADM_ACTION, LOG_WARNING, 'Attention - last update task failed!!!');

lib/functions/output/function.buildNavigation.php

@@ -31,6 +31,14 @@ function buildNavigation($navigation, $userinfo) {
 
 	$returnvalue = '';
 
+	// sanitize user-given input (url-manipulation)
+	if (isset($_GET['page']) && is_array($_GET['page'])) {
+		$_GET['page'] = (string)$_GET['page'][0];
+	}
+	if (isset($_GET['action']) && is_array($_GET['action'])) {
+		$_GET['action'] = (string)$_GET['action'][0];
+	}
+
 	foreach($navigation as $box) {
 		if ((!isset($box['show_element']) || $box['show_element'] === true) &&
 			(!isset($box['required_resources']) || $box['required_resources'] == '' || (isset($userinfo[$box['required_resources']]) && ((int)$userinfo[$box['required_resources']] > 0 || $userinfo[$box['required_resources']] == '-1')))) {

lib/functions/output/function.getTemplate.php

@@ -26,52 +26,43 @@
  * @author Florian Lippert <flo@syscp.org>
  */
 
-function getTemplate($template, $noarea = 0)
-{
+function getTemplate($template, $noarea = 0) {
+
 	global $templatecache, $theme;
 
-	if(!isset($theme) || $theme == '')
-	{
-		$theme = 'Froxlor';
+	$fallback_theme = 'Sparkle';
+
+	if (!isset($theme) || $theme == '') {
+		$theme = $fallback_theme;
 	}
 
-	if($noarea != 1)
-	{
+	if ($noarea != 1) {
 		$template = AREA . '/' . $template;
 	}
 
-	if(!isset($templatecache[$theme][$template]))
-	{
+	if (!isset($templatecache[$theme][$template])) {
+
 		$filename = './templates/' . $theme . '/' . $template . '.tpl';
 
-		if(file_exists($filename)
-		   && is_readable($filename))
-		{
-			$templatefile = addcslashes(file_get_contents($filename), '"\\');
+		// check the current selected theme for the template
+		$templatefile = _checkAndParseTpl($filename);
 
-			// loop through template more than once in case we have an "if"-statement in another one
+		if ($templatefile == false && $theme != $fallback_theme) {
+			// check fallback
+			$_filename = './templates/' . $fallback_theme . '/' . $template . '.tpl';
+			$templatefile = _checkAndParseTpl($_filename);
 
-			while(preg_match('/<if[ \t]*(.*)>(.*)(<\/if>|<else>(.*)<\/if>)/Uis', $templatefile))
-			{
-				$templatefile = preg_replace('/<if[ \t]*(.*)>(.*)(<\/if>|<else>(.*)<\/if>)/Uis', '".( ($1) ? ("$2") : ("$4") )."', $templatefile);
+			if ($templatefile == false) {
+				// check for old layout
+				$_filename = './templates/' . $template . '.tpl';
+				$templatefile = _checkAndParseTpl($_filename);
+
+				if ($templatefile == false) {
+					// not found
+					$templatefile = 'TEMPLATE NOT FOUND: ' . $filename;
+				}
 			}
 		}
-		elseif(file_exists('./templates/' . $template . '.tpl') && is_readable('./templates/' . $template . '.tpl'))
-		{
-			$filename = './templates/' . $template . '.tpl';
-			$templatefile = addcslashes(file_get_contents($filename), '"\\');
-			 
-			// loop through template more than once in case we have an "if"-statement in another one
-			 
-			while(preg_match('/<if[ \t]*(.*)>(.*)(<\/if>|<else>(.*)<\/if>)/Uis', $templatefile))
-			{
-				$templatefile = preg_replace('/<if[ \t]*(.*)>(.*)(<\/if>|<else>(.*)<\/if>)/Uis', '".( ($1) ? ("$2") : ("$4") )."', $templatefile);
-			}
-		}
-		else
-		{
-			$templatefile = 'TEMPLATE NOT FOUND: ' . $filename;
-		}
 
 		$output = $templatefile; // Minify_HTML::minify($templatefile, array('cssMinifier', 'jsMinifier'));
 		$templatecache[$theme][$template] = $output;
@@ -79,3 +70,30 @@ function getTemplate($template, $noarea = 0)
 
 	return $templatecache[$theme][$template];
 }
+
+/**
+ * check whether a tpl file exists and if so, return it's content or else return false
+ *
+ * @param string $filename
+ *
+ * @return string|bool content on success, else false
+ */
+function _checkAndParseTpl($filename) {
+
+	$templatefile = "";
+
+	if (file_exists($filename)
+		&& is_readable($filename)
+	) {
+
+		$templatefile = addcslashes(file_get_contents($filename), '"\\');
+
+		// loop through template more than once in case we have an "if"-statement in another one
+		while (preg_match('/<if[ \t]*(.*)>(.*)(<\/if>|<else>(.*)<\/if>)/Uis', $templatefile)) {
+			$templatefile = preg_replace('/<if[ \t]*(.*)>(.*)(<\/if>|<else>(.*)<\/if>)/Uis', '".( ($1) ? ("$2") : ("$4") )."', $templatefile);
+		}
+
+		return $templatefile;
+	}
+	return false;
+}

lib/functions/output/function.makeoption.php

@@ -29,7 +29,7 @@
  * @author Florian Lippert <flo@syscp.org>
  */
 
-function makeoption($title, $value, $selvalue = NULL, $title_trusted = false, $value_trusted = false)
+function makeoption($title, $value, $selvalue = NULL, $title_trusted = false, $value_trusted = false, $id = NULL)
 {
 	if($selvalue !== NULL
 	   && ((is_array($selvalue) && in_array($value, $selvalue)) || $value == $selvalue))
@@ -51,6 +51,11 @@ function makeoption($title, $value, $selvalue = NULL, $title_trusted = false, $v
 		$value = htmlspecialchars($value);
 	}
 
-	$option = '<option value="' . $value . '" ' . $selected . ' >' . $title . '</option>';
+	$id_str = ' ';
+	if($id !== NULL) {
+		$id_str = 'id="' . $id . '"';
+	}
+
+	$option = '<option value="' . $value . '" ' . $id_str . $selected . ' >' . $title . '</option>';
 	return $option;
 }

lib/functions/validate/function.checkHostname.php

@@ -17,8 +17,9 @@
 
 function checkHostname($fieldname, $fielddata, $newfieldvalue, $allnewfieldvalues)
 {
-	if (0 == strlen(trim($newfieldvalue)))
-	{
+	if (0 == strlen(trim($newfieldvalue))
+		|| validateDomain($newfieldvalue) === false
+	) {
 		return array(FORMFIELDS_PLAUSIBILITY_CHECK_ERROR, 'invalidhostname');
 	} else {
 		return array(FORMFIELDS_PLAUSIBILITY_CHECK_OK);

lib/functions/validate/function.checkMysqlAccessHost.php

@@ -17,17 +17,17 @@
  *
  */
 
-function checkMysqlAccessHost($fieldname, $fielddata, $newfieldvalue, $allnewfieldvalues)
-{
+function checkMysqlAccessHost($fieldname, $fielddata, $newfieldvalue, $allnewfieldvalues) {
+
 	$mysql_access_host_array = array_map('trim', explode(',', $newfieldvalue));
 
-	foreach($mysql_access_host_array as $host_entry)
-	{
-		if(validate_ip($host_entry, true) == false
+	foreach ($mysql_access_host_array as $host_entry) {
+
+		if (validate_ip2($host_entry, true, 'invalidip', true) == false
 		   && validateDomain($host_entry) == false
 		   && validateLocalHostname($host_entry) == false
-		   && $host_entry != '%')
-		{
+		   && $host_entry != '%'
+		) {
 			return array(FORMFIELDS_PLAUSIBILITY_CHECK_ERROR, 'invalidmysqlhost', $host_entry);
 		}
 	}

lib/functions/validate/function.checkUsername.php

@@ -31,7 +31,11 @@ function checkUsername($fieldname, $fielddata, $newfieldvalue, $allnewfieldvalue
 	) {
 		$returnvalue = array(FORMFIELDS_PLAUSIBILITY_CHECK_OK);
 	} else {
-		$returnvalue = array(FORMFIELDS_PLAUSIBILITY_CHECK_ERROR, 'accountprefixiswrong');
+		$errmsg = 'accountprefixiswrong';
+		if ($fieldname == 'customer_mysqlprefix') {
+			$errmsg = 'mysqlprefixiswrong';
+		}
+		$returnvalue = array(FORMFIELDS_PLAUSIBILITY_CHECK_ERROR, $errmsg);
 	}
 	return $returnvalue;
 }

lib/functions/validate/function.validateDomain.php

@@ -22,7 +22,7 @@
  * it consists only of the following characters ([a-z0-9][a-z0-9\-]+\.)+[a-z]{2,4}
  *
  * @param string The domainname which should be checked.
- * @return boolean True if the domain is valid, false otherwise
+ * @return string|boolean the domain-name if the domain is valid, false otherwise
  * @author Florian Lippert <flo@syscp.org>
  * @author Michael Duergner
  *

lib/functions/validate/function.validatePassword.php

@@ -44,6 +44,39 @@ function validatePassword($password = null) {
 			Settings::Get('panel.password_regex'),
 			'notrequiredpasswordcomplexity'
 		);
+	} else {
+		if (Settings::Get('panel.password_alpha_lower')) {
+			$password = validate(
+				$password,
+				'/.*[a-z]+.*/',
+				'/.*[a-z]+.*/',
+				'notrequiredpasswordcomplexity'
+			);
+		}
+		if (Settings::Get('panel.password_alpha_upper')) {
+			$password = validate(
+				$password,
+				'/.*[A-Z]+.*/',
+				'/.*[A-Z]+.*/',
+				'notrequiredpasswordcomplexity'
+			);
+		}
+		if (Settings::Get('panel.password_numeric')) {
+			$password = validate(
+				$password,
+				'/.*[0-9]+.*/',
+				'/.*[0-9]+.*/',
+				'notrequiredpasswordcomplexity'
+			);
+		}
+		if (Settings::Get('panel.password_special_char_required')) {
+			$password = validate(
+				$password,
+				'/.*[' . preg_quote(Settings::Get('panel.password_special_char')) . ']+.*/',
+				'/.*[' . preg_quote(Settings::Get('panel.password_special_char')) . ']+.*/',
+				'notrequiredpasswordcomplexity'
+			);
+		}
 	}
 	
 	return $password;