set version to 0.9.38-rc1 for upcoming release candidate

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
do not redirect when requesting let's encrypt certificates in nginx (same as we do in apache)
2016-10-11 07:50:25 +02:00 · 2016-10-11 07:49:52 +02:00 · 2016-10-07 19:25:40 +02:00 · 2016-10-07 19:08:32 +02:00 · 2016-10-07 16:11:23 +02:00 · 2016-10-07 16:07:23 +02:00
216 changed files with 19706 additions and 5703 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,17 @@
-templates/*
-logs/*
 install/update.log
+templates/*
+lib/userdata.inc.php
+logs/*
 .buildpath
 .project
 .settings/
 *.diff
 *~
+.well-known
+.idea
+*.iml
+
+!templates/Froxlor/
+!templates/Sparkle/
+!templates/misc/
+templates/Froxlor/assets/img/logo_custom.png
--- a/README.md
+++ b/README.md
@@ -51,10 +51,24 @@ http://files.froxlor.org/releases/froxlor-latest.tar.gz [MD5](http://files.froxl
 [HowTo](http://redmine.froxlor.org/projects/froxlor/wiki/Installationdebian)

 /etc/apt/sources.list.d/froxlor.list
-> deb http://debian.froxlor.org [squeeze|wheezy] main
+> deb http://debian.froxlor.org {wheezy|jessie} main

 ### Gentoo repository

 [HowTo](http://redmine.froxlor.org/projects/froxlor/wiki/Installationgentoo)

 http://files.froxlor.org/gentoo/repositories.xml
+
+## Let's Encrypt support
+
+This version of Froxlor contains a test implementation of support for [Let's Encrypt](https://letsencrypt.org). This is (as Let's Encrypt is in itself)
+still a beta version and may break your system. The way it currently works is by creating a (sub-)domain with the default system - certificate,
+after which the Let's Encrypt cronjob orders the certificate for this (sub-)domain and inserts the certificates in the database. With the next run
+of the default cronjob, the certificates will be updated on the disk and the webserver reloaded.
+
+This has 2 known side-effects at the moment:
+* The basic ip/port combinations don't work with the Froxlor - integration of Let's Encrypt, since it needs a certificate for the very first creation
+* After creating a domain, it will have the default certificate for a short time (by default 5 minutes until the cronjob runs the next time)
+
+It may be possible to fix these issues, but they are not a priority at the moment
+
--- a/actions/admin/settings/100.panel.php
+++ b/actions/admin/settings/100.panel.php
@@ -182,7 +182,7 @@ return array(
 					'settinggroup' => 'admin',
 					'varname' => 'show_news_feed',
 					'type' => 'bool',
-					'default' => true,
+					'default' => false,
 					'save_method' => 'storeSettingField',
 					),
 				'customer_show_news_feed' => array(
@@ -190,7 +190,7 @@ return array(
 					'settinggroup' => 'customer',
 					'varname' => 'show_news_feed',
 					'type' => 'bool',
-					'default' => true,
+					'default' => false,
 					'save_method' => 'storeSettingField',
 					),
 				'customer_news_feed_url' => array(
@@ -227,6 +227,30 @@ return array(
 					'default' => false,
 					'save_method' => 'storeSettingField',
 					),
+				'panel_customer_hide_options' => array(
+					'label' => $lng['serversettings']['panel_customer_hide_options'],
+					'settinggroup' => 'panel',
+					'varname' => 'customer_hide_options',
+					'type' => 'option',
+					'default' => '',
+					'option_mode' => 'multiple',
+					'option_options' => array(
+						'email'                       => $lng['menue']['email']['email'],
+						'mysql'                       => $lng['menue']['mysql']['mysql'],
+						'domains'                     => $lng['menue']['domains']['domains'],
+						'ftp'                         => $lng['menue']['ftp']['ftp'],
+						'extras'                      => $lng['menue']['extras']['extras'],
+						'extras.directoryprotection'  => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['directoryprotection'],
+						'extras.pathoptions'          => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['pathoptions'],
+						'extras.logger'               => $lng['menue']['extras']['extras']." / ".$lng['menue']['logger']['logger'],
+						'extras.backup'               => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['backup'],
+						'traffic'                     => $lng['menue']['traffic']['traffic'],
+						'traffic.http'                => $lng['menue']['traffic']['traffic']." / HTTP",
+						'traffic.ftp'                 => $lng['menue']['traffic']['traffic']." / FTP",
+						'traffic.mail'                => $lng['menue']['traffic']['traffic']." / Mail",
+					),
+					'save_method' => 'storeSettingField',
+					),
 				),
 			),
 		),
--- a/actions/admin/settings/110.accounts.php
+++ b/actions/admin/settings/110.accounts.php
@@ -185,9 +185,17 @@ return array(
 							'onlyif' => 1
 					)
 				),
+				'system_backupenabled' => array(
+					'label' => $lng['serversettings']['backupenabled'],
+					'settinggroup' => 'system',
+					'varname' => 'backupenabled',
+					'type' => 'bool',
+					'default' => false,
+					'cronmodule' => 'froxlor/backup',
+					'save_method' => 'storeSettingField'
 				),
 			),
 		),
+	)
 );

-?>
--- a/actions/admin/settings/120.system.php
+++ b/actions/admin/settings/120.system.php
@@ -55,7 +55,7 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'defaultip',
 					'type' => 'option',
-					'option_mode' => 'one',
+					'option_mode' => 'multiple',
 					'option_options_method' => 'getIpPortCombinations',
 					'default' => '',
 					'save_method' => 'storeSettingDefaultIp',
@@ -69,14 +69,6 @@ return array(
 					'save_method' => 'storeSettingHostname',
 					'plausibility_check_method' => 'checkHostname',
 					),
-				'system_froxlordirectlyviahostname' => array(
-					'label' => $lng['serversettings']['froxlordirectlyviahostname'],
-					'settinggroup' => 'system',
-					'varname' => 'froxlordirectlyviahostname',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-					),
 				'system_validatedomain' => array(
 					'label' => $lng['serversettings']['validate_domain'],
 					'settinggroup' => 'system',
@@ -145,7 +137,7 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'report_webmax',
 					'type' => 'int',
-					'int_min' => 1,
+					'int_min' => 0,
 					'int_max' => 150,
 					'default' => 90,
 					'save_method' => 'storeSettingField',
@@ -155,11 +147,70 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'report_trafficmax',
 					'type' => 'int',
-					'int_min' => 1,
+					'int_min' => 0,
 					'int_max' => 150,
 					'default' => 90,
 					'save_method' => 'storeSettingField',
 					),
+
+				'system_mail_use_smtp' => array(
+					'label' => $lng['serversettings']['mail_use_smtp'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_use_smtp',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_host' => array(
+					'label' => $lng['serversettings']['mail_smtp_host'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_host',
+					'type' => 'string',
+					'default' => 'localhost',
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_port' => array(
+					'label' => $lng['serversettings']['mail_smtp_port'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_port',
+					'type' => 'int',
+					'int_min' => 1,
+					'int_max' => 65535,
+					'default' => 25,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_usetls' => array(
+					'label' => $lng['serversettings']['mail_smtp_usetls'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_usetls',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_auth' => array(
+					'label' => $lng['serversettings']['mail_smtp_auth'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_auth',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_user' => array(
+					'label' => $lng['serversettings']['mail_smtp_user'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_user',
+					'type' => 'string',
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_passwd' => array(
+					'label' => $lng['serversettings']['mail_smtp_passwd'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_passwd',
+					'type' => 'hiddenString',
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					),
 				),
 			),
 		),
--- a/actions/admin/settings/122.froxlorvhost.php
+++ b/actions/admin/settings/122.froxlorvhost.php
@@ -0,0 +1,163 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2016-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Settings
+ *
+ */
+return array(
+	'groups' => array(
+		'froxlorvhost' => array(
+			'title' => $lng['admin']['froxlorvhost'],
+			'fields' => array(
+				/**
+				 * Webserver-Vhost
+				 */
+				'system_froxlordirectlyviahostname' => array(
+					'label' => $lng['serversettings']['froxlordirectlyviahostname'],
+					'settinggroup' => 'system',
+					'varname' => 'froxlordirectlyviahostname',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				/**
+				 * SSL / Let's Encrypt
+				 */
+				'system_le_froxlor_enabled' => array(
+					'label' => $lng['serversettings']['le_froxlor_enabled'],
+					'settinggroup' => 'system',
+					'varname' => 'le_froxlor_enabled',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.leenabled')
+				),
+				'system_le_froxlor_redirect' => array(
+					'label' => $lng['serversettings']['le_froxlor_redirect'],
+					'settinggroup' => 'system',
+					'varname' => 'le_froxlor_redirect',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.leenabled')
+				),
+				/**
+				 * FCGID
+				 */
+				'system_mod_fcgid_enabled_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_ownvhost',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_httpuser' => array(
+					'label' => $lng['admin']['mod_fcgid_user'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_httpuser',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingWebserverFcgidFpmUser',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_httpgroup' => array(
+					'label' => $lng['admin']['mod_fcgid_group'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_httpgroup',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_defaultini_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_defaultini_ownvhost',
+					'type' => 'option',
+					'default' => '2',
+					'option_mode' => 'one',
+					'option_options_method' => 'getPhpConfigs',
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				/**
+				 * php-fpm
+				 */
+				'system_phpfpm_enabled_ownvhost' => array(
+					'label' => $lng['phpfpm']['ownvhost'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'enabled_ownvhost',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_httpuser' => array(
+					'label' => $lng['phpfpm']['vhost_httpuser'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_httpuser',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingWebserverFcgidFpmUser',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_httpgroup' => array(
+					'label' => $lng['phpfpm']['vhost_httpgroup'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_httpgroup',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_defaultini_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_defaultini',
+					'type' => 'option',
+					'default' => '2',
+					'option_mode' => 'one',
+					'option_options_method' => 'getPhpConfigs',
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				/**
+				 * DNS
+				 */
+				'system_dns_createhostnameentry' => array(
+					'label' => $lng['serversettings']['dns_createhostnameentry'],
+					'settinggroup' => 'system',
+					'varname' => 'dns_createhostnameentry',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.bind_enable')
+				)
+			)
+		)
+	)
+);
--- a/actions/admin/settings/125.cronjob.php
+++ b/actions/admin/settings/125.cronjob.php
@@ -29,20 +29,12 @@ return array(
 					'default' => '/etc/cron.d/froxlor',
 					'save_method' => 'storeSettingField',
 					),
-				'system_send_cron_errors' => array(
-					'label' => $lng['serversettings']['system_send_cron_errors'],
-					'settinggroup' => 'system',
-					'varname' => 'send_cron_errors',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-				),
 				'system_croncmdline' => array(
 					'label' => $lng['serversettings']['system_croncmdline'],
 					'settinggroup' => 'system',
 					'varname' => 'croncmdline',
 					'type' => 'string',
-					'default' => '/usr/bin/nice -n 5 /usr/bin/php5 -q',
+					'default' => '/usr/bin/nice -n 5 /usr/bin/php -q',
 					'save_method' => 'storeSettingField',
 					),
 				'system_crondreload' => array(
--- a/actions/admin/settings/130.webserver.php
+++ b/actions/admin/settings/130.webserver.php
@@ -16,7 +16,6 @@
 * @package    Settings
 *
 */
-
 return array(
 	'groups' => array(
 		'webserver' => array(
@@ -29,7 +28,11 @@ return array(
 					'type' => 'option',
 					'default' => 'apache2',
 					'option_mode' => 'one',
-					'option_options' => array('apache2' => 'Apache 2', 'lighttpd' => 'ligHTTPd', 'nginx' => 'Nginx'),
+					'option_options' => array(
+						'apache2' => 'Apache 2',
+						'lighttpd' => 'ligHTTPd',
+						'nginx' => 'Nginx'
+					),
 					'save_method' => 'storeSettingField',
 					'plausibility_check_method' => 'checkPhpInterfaceSetting',
 					'overview_option' => true
@@ -41,7 +44,9 @@ return array(
 					'type' => 'bool',
 					'default' => false,
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
+					'websrv_avail' => array(
+						'apache2'
+					)
 				),
 				'system_apache_itksupport' => array(
 					'label' => $lng['serversettings']['apache_itksupport'],
@@ -51,7 +56,9 @@ return array(
 					'default' => false,
 					'save_method' => 'storeSettingField',
 					'visible' => (Settings::Get('system.mod_fcgid') == 0 && Settings::Get('phpfpm.enabled') == 0),
-			        'websrv_avail' => array('apache2')
+					'websrv_avail' => array(
+						'apache2'
+					)
 				),
 				'system_httpuser' => array(
 					'label' => $lng['admin']['webserver_user'],
@@ -59,7 +66,7 @@ return array(
 					'varname' => 'httpuser',
 					'type' => 'string',
 					'default' => 'www-data',
-					'save_method' => 'storeSettingWebserverFcgidFpmUser',
+					'save_method' => 'storeSettingWebserverFcgidFpmUser'
 				),
 				'system_httpgroup' => array(
 					'label' => $lng['admin']['webserver_group'],
@@ -67,7 +74,7 @@ return array(
 					'varname' => 'httpgroup',
 					'type' => 'string',
 					'default' => 'www-data',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_apacheconf_vhost' => array(
 					'label' => $lng['serversettings']['apacheconf_vhost'],
@@ -76,7 +83,7 @@ return array(
 					'type' => 'string',
 					'string_type' => 'filedir',
 					'default' => '/etc/apache2/sites-enabled/',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_apacheconf_diroptions' => array(
 					'label' => $lng['serversettings']['apacheconf_diroptions'],
@@ -85,7 +92,7 @@ return array(
 					'type' => 'string',
 					'string_type' => 'filedir',
 					'default' => '/etc/apache2/sites-enabled/',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_apacheconf_htpasswddir' => array(
 					'label' => $lng['serversettings']['apacheconf_htpasswddir'],
@@ -94,7 +101,7 @@ return array(
 					'type' => 'string',
 					'string_type' => 'confdir',
 					'default' => '/etc/apache2/htpasswd/',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_logfiles_directory' => array(
 					'label' => $lng['serversettings']['logfiles_directory'],
@@ -103,7 +110,7 @@ return array(
 					'type' => 'string',
 					'string_type' => 'dir',
 					'default' => '/var/customers/logs/',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_customersslpath' => array(
 					'label' => $lng['serversettings']['customerssl_directory'],
@@ -112,7 +119,7 @@ return array(
 					'type' => 'string',
 					'string_type' => 'confdir',
 					'default' => '/etc/ssl/froxlor-custom/',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_phpappendopenbasedir' => array(
 					'label' => $lng['serversettings']['phpappendopenbasedir'],
@@ -121,7 +128,7 @@ return array(
 					'type' => 'string',
 					'string_emptyallowed' => true,
 					'default' => '',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_deactivateddocroot' => array(
 					'label' => $lng['serversettings']['deactivateddocroot'],
@@ -131,7 +138,7 @@ return array(
 					'string_type' => 'dir',
 					'string_emptyallowed' => true,
 					'default' => '',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_default_vhostconf' => array(
 					'label' => $lng['serversettings']['default_vhostconf'],
@@ -139,7 +146,19 @@ return array(
 					'varname' => 'default_vhostconf',
 					'type' => 'text',
 					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_apache_globaldiropt' => array(
+					'label' => $lng['serversettings']['apache_globaldiropt'],
+					'settinggroup' => 'system',
+					'varname' => 'apacheglobaldiropt',
+					'type' => 'text',
+					'default' => '',
 					'save_method' => 'storeSettingField',
+					'visible' => (Settings::Get('system.mod_fcgid') == 0 && Settings::Get('phpfpm.enabled') == 0),
+					'websrv_avail' => array(
+						'apache2'
+					)
 				),
 				'system_apachereload_command' => array(
 					'label' => $lng['serversettings']['apachereload_command'],
@@ -147,7 +166,7 @@ return array(
 					'varname' => 'apachereload_command',
 					'type' => 'string',
 					'default' => '/etc/init.d/apache2 reload',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_phpreload_command' => array(
 					'label' => $lng['serversettings']['phpreload_command'],
@@ -156,7 +175,9 @@ return array(
 					'type' => 'string',
 					'default' => '',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('nginx')
+					'websrv_avail' => array(
+						'nginx'
+					)
 				),
 				'system_nginx_php_backend' => array(
 					'label' => $lng['serversettings']['nginx_php_backend'],
@@ -165,7 +186,9 @@ return array(
 					'type' => 'string',
 					'default' => '127.0.0.1:8888',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('nginx')
+					'websrv_avail' => array(
+						'nginx'
+					)
 				),
 				'nginx_fastcgiparams' => array(
 					'label' => $lng['serversettings']['nginx_fastcgiparams'],
@@ -175,7 +198,9 @@ return array(
 					'string_type' => 'file',
 					'default' => '/etc/nginx/fastcgi_params',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('nginx')
+					'websrv_avail' => array(
+						'nginx'
+					)
 				),
 				'defaultwebsrverrhandler_enabled' => array(
 					'label' => $lng['serversettings']['defaultwebsrverrhandler_enabled'],
@@ -183,7 +208,7 @@ return array(
 					'varname' => 'enabled',
 					'type' => 'bool',
 					'default' => false,
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'defaultwebsrverrhandler_err401' => array(
 					'label' => $lng['serversettings']['defaultwebsrverrhandler_err401'],
@@ -192,7 +217,10 @@ return array(
 					'type' => 'string',
 					'default' => '',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2', 'nginx')
+					'websrv_avail' => array(
+						'apache2',
+						'nginx'
+					)
 				),
 				'defaultwebsrverrhandler_err403' => array(
 					'label' => $lng['serversettings']['defaultwebsrverrhandler_err403'],
@@ -201,7 +229,10 @@ return array(
 					'type' => 'string',
 					'default' => '',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2', 'nginx')
+					'websrv_avail' => array(
+						'apache2',
+						'nginx'
+					)
 				),
 				'defaultwebsrverrhandler_err404' => array(
 					'label' => $lng['serversettings']['defaultwebsrverrhandler_err404'],
@@ -209,7 +240,7 @@ return array(
 					'varname' => 'err404',
 					'type' => 'string',
 					'default' => '',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'defaultwebsrverrhandler_err500' => array(
 					'label' => $lng['serversettings']['defaultwebsrverrhandler_err500'],
@@ -218,7 +249,10 @@ return array(
 					'type' => 'string',
 					'default' => '',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2', 'nginx')
+					'websrv_avail' => array(
+						'apache2',
+						'nginx'
+					)
 				),
 				'customredirect_enabled' => array(
 					'label' => $lng['serversettings']['customredirect_enabled'],
@@ -227,7 +261,10 @@ return array(
 					'type' => 'bool',
 					'default' => false,
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2', 'lighttpd')
+					'websrv_avail' => array(
+						'apache2',
+						'lighttpd'
+					)
 				),
 				'customredirect_default' => array(
 					'label' => $lng['serversettings']['customredirect_default'],
@@ -238,7 +275,10 @@ return array(
 					'option_mode' => 'one',
 					'option_options_method' => 'getRedirectCodes',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2', 'lighttpd')
+					'websrv_avail' => array(
+						'apache2',
+						'lighttpd'
+					)
 				)
 			)
 		)
--- a/actions/admin/settings/131.ssl.php
+++ b/actions/admin/settings/131.ssl.php
@@ -16,7 +16,6 @@
 * @package    Settings
 *
 */
-
 return array(
 	'groups' => array(
 		'ssl' => array(
@@ -38,7 +37,7 @@ return array(
 					'type' => 'string',
 					'string_emptyallowed' => false,
 					'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_ssl_cert_file' => array(
 					'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
@@ -48,7 +47,7 @@ return array(
 					'string_type' => 'file',
 					'string_emptyallowed' => true,
 					'default' => '/etc/apache2/apache2.pem',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_ssl_key_file' => array(
 					'label' => $lng['serversettings']['ssl']['ssl_key_file'],
@@ -58,7 +57,7 @@ return array(
 					'string_type' => 'file',
 					'string_emptyallowed' => true,
 					'default' => '/etc/apache2/apache2.key',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_ssl_cert_chainfile' => array(
 					'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
@@ -68,7 +67,7 @@ return array(
 					'string_type' => 'file',
 					'string_emptyallowed' => true,
 					'default' => '',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_ssl_ca_file' => array(
 					'label' => $lng['serversettings']['ssl']['ssl_ca_file'],
@@ -78,8 +77,109 @@ return array(
 					'string_type' => 'file',
 					'string_emptyallowed' => true,
 					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_leenabled' => array(
+					'label' => $lng['serversettings']['leenabled'],
+					'settinggroup' => 'system',
+					'varname' => 'leenabled',
+					'type' => 'bool',
+					'default' => false,
+					'cronmodule' => 'froxlor/letsencrypt',
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptacmeconf' => array(
+					'label' => $lng['serversettings']['letsencryptacmeconf'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptacmeconf',
+					'type' => 'string',
+					'string_type' => 'file',
+					'default' => '/etc/apache2/conf-enabled/acme.conf',
 					'save_method' => 'storeSettingField',
-							)
+				),
+				'system_letsencryptca' => array(
+					'label' => $lng['serversettings']['letsencryptca'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptca',
+					'type' => 'option',
+					'default' => 'testing',
+					'option_mode' => 'one',
+					'option_options' => array(
+						'testing' => 'https://acme-staging.api.letsencrypt.org (Test)',
+						'production' => 'https://acme-v01.api.letsencrypt.org (Live)'
+					),
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptcountrycode' => array(
+					'label' => $lng['serversettings']['letsencryptcountrycode'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptcountrycode',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'DE',
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptstate' => array(
+					'label' => $lng['serversettings']['letsencryptstate'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptstate',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'Hessen',
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptchallengepath' => array(
+					'label' => $lng['serversettings']['letsencryptchallengepath'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptchallengepath',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => FROXLOR_INSTALL_DIR,
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptkeysize' => array(
+					'label' => $lng['serversettings']['letsencryptkeysize'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptkeysize',
+					'type' => 'int',
+					'int_min' => 2048,
+					'default' => 4096,
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptreuseold' => array(
+					'label' => $lng['serversettings']['letsencryptreuseold'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptreuseold',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				'system_hsts_maxage' => array(
+					'label' => $lng['admin']['domain_hsts_maxage'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_maxage',
+					'type' => 'int',
+					'int_min' => 0,
+					'int_max' => 94608000, // 3-years
+					'default' => 0,
+					'save_method' => 'storeSettingField'
+				),
+				'system_hsts_incsub' => array(
+					'label' => $lng['admin']['domain_hsts_incsub'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_incsub',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				'system_hsts_preload' => array(
+					'label' => $lng['admin']['domain_hsts_preload'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_preload',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
 			)
 		)
 	)
--- a/actions/admin/settings/135.fcgid.php
+++ b/actions/admin/settings/135.fcgid.php
@@ -97,44 +97,6 @@ return array(
 					'option_options_method' => 'getPhpConfigs',
 					'save_method' => 'storeSettingField',
 					),
-				'system_mod_fcgid_enabled_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_ownvhost',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_httpuser' => array(
-					'label' => $lng['admin']['mod_fcgid_user'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_httpuser',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingWebserverFcgidFpmUser',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_httpgroup' => array(
-					'label' => $lng['admin']['mod_fcgid_group'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_httpgroup',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_defaultini_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_defaultini_ownvhost',
-					'type' => 'option',
-					'default' => '2',
-					'option_mode' => 'one',
-					'option_options_method' => 'getPhpConfigs',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
 				'system_mod_fcgid_idle_timeout' => array(
 					'label' => $lng['serversettings']['mod_fcgid']['idle_timeout'],
 					'settinggroup' => 'system',
--- a/actions/admin/settings/136.phpfpm.php
+++ b/actions/admin/settings/136.phpfpm.php
@@ -30,30 +30,6 @@ return array(
 					'plausibility_check_method' => 'checkFcgidPhpFpm',
 					'overview_option' => true
 					),
-				'system_phpfpm_enabled_ownvhost' => array(
-					'label' => $lng['phpfpm']['ownvhost'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'enabled_ownvhost',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_httpuser' => array(
-					'label' => $lng['phpfpm']['vhost_httpuser'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_httpuser',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingWebserverFcgidFpmUser'
-					),
-				'system_phpfpm_httpgroup' => array(
-					'label' => $lng['phpfpm']['vhost_httpgroup'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_httpgroup',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField'
-					),
 				'system_phpfpm_defaultini' => array(
 					'label' => $lng['serversettings']['mod_fcgid']['defaultini'],
 					'settinggroup' => 'phpfpm',
@@ -64,16 +40,6 @@ return array(
 					'option_options_method' => 'getPhpConfigs',
 					'save_method' => 'storeSettingField'
 					),
-				'system_phpfpm_defaultini_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_defaultini',
-					'type' => 'option',
-					'default' => '2',
-					'option_mode' => 'one',
-					'option_options_method' => 'getPhpConfigs',
-					'save_method' => 'storeSettingField'
-					),
 				'system_phpfpm_configdir' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['configdir'],
 					'settinggroup' => 'phpfpm',
--- a/actions/admin/settings/160.nameserver.php
+++ b/actions/admin/settings/160.nameserver.php
@@ -31,6 +31,24 @@ return array(
 					'save_method' => 'storeSettingField',
 					'overview_option' => true
 					),
+				'system_dnsenabled' => array(
+					'label' => $lng['serversettings']['dnseditorenable'],
+					'settinggroup' => 'system',
+					'varname' => 'dnsenabled',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+					),
+				'system_dns_server' => array(
+					'label' => $lng['serversettings']['dns_server'],
+					'settinggroup' => 'system',
+					'varname' => 'dns_server',
+					'type' => 'option',
+					'default' => 'bind',
+					'option_mode' => 'one',
+					'option_options' => array('bind' => 'Bind9', 'pdns' => 'PowerDNS'),
+					'save_method' => 'storeSettingField'
+				),
 				'system_bindconf_directory' => array(
 					'label' => $lng['serversettings']['bindconf_directory'],
 					'settinggroup' => 'system',
@@ -73,20 +91,12 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'axfrservers',
 					'type' => 'string',
-					'string_type' => 'validate_ip',
+					'string_type' => 'validate_ip_incl_private',
 					'string_delimiter' => ',',
 					'string_emptyallowed' => true,
 					'default' => '',
 					'save_method' => 'storeSettingField',
 				),
-				'system_dns_createhostnameentry' => array(
-					'label' => $lng['serversettings']['dns_createhostnameentry'],
-					'settinggroup' => 'system',
-					'varname' => 'dns_createhostnameentry',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField'
-				),
 				'system_dns_createmailentry' => array(
 					'label' => $lng['serversettings']['mail_also_with_mxservers'],
 					'settinggroup' => 'system',
@@ -109,5 +119,3 @@ return array(
 			),
 		),
 	);
-
-?>
--- a/actions/admin/settings/170.logger.php
+++ b/actions/admin/settings/170.logger.php
@@ -65,8 +65,14 @@ return array(
 					'label' => $lng['serversettings']['logger']['logcron'],
 					'settinggroup' => 'logger',
 					'varname' => 'log_cron',
-					'type' => 'bool',
-					'default' => false,
+					'type' => 'option',
+					'default' => 0,
+					'option_mode' => 'one',
+					'option_options' => array(
+							0 => $lng['serversettings']['logger']['logcronoption']['never'],
+							1 => $lng['serversettings']['logger']['logcronoption']['once'],
+							2 => $lng['serversettings']['logger']['logcronoption']['always']
+						),
 					'save_method' => 'storeSettingField',
 					),
 				),
--- a/actions/admin/settings/185.spf.php
+++ b/actions/admin/settings/185.spf.php
@@ -34,7 +34,7 @@ return array(
 					'settinggroup' => 'spf',
 					'varname' => 'spf_entry',
 					'type' => 'string',
-					'default' => '@	IN	TXT	"v=spf1 a mx -all"',
+					'default' => '"v=spf1 a mx -all"',
 					'save_method' => 'storeSettingField'
 					)
 				)
--- a/actions/admin/settings/210.security.php
+++ b/actions/admin/settings/210.security.php
@@ -63,6 +63,23 @@ return array(
 					'type' => 'bool',
 					'default' => false,
 					'save_method' => 'storeSettingField',
+					),
+				'system_allow_customer_shell' => array(
+					'label' => $lng['serversettings']['allow_allow_customer_shell'],
+					'settinggroup' => 'system',
+					'varname' => 'allow_customer_shell',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'system_available_shells' => array(
+					'label' => $lng['serversettings']['available_shells'],
+					'settinggroup' => 'system',
+					'varname' => 'available_shells',
+					'type' => 'string',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField',
 					)
 				)
 			)
--- a/admin_admins.php
+++ b/admin_admins.php
@@ -155,7 +155,6 @@ if ($page == 'admins'
 		if ($result['loginname'] != '') {
 			if ($result['adminid'] == $userinfo['userid']) {
 				standard_error('youcantdeleteyourself');
-				exit;
 			}

 			if (isset($_POST['send'])
--- a/admin_apcuinfo.php
+++ b/admin_apcuinfo.php
@@ -0,0 +1,415 @@
+<?php
+
+/*
+  +----------------------------------------------------------------------+
+  | APC                                                                  |
+  +----------------------------------------------------------------------+
+  | Copyright (c) 2006-2011 The PHP Group                                |
+  +----------------------------------------------------------------------+
+  | This source file is subject to version 3.01 of the PHP license,      |
+  | that is bundled with this package in the file LICENSE, and is        |
+  | available through the world-wide-web at the following url:           |
+  | http://www.php.net/license/3_01.txt                                  |
+  | If you did not receive a copy of the PHP license and are unable to   |
+  | obtain it through the world-wide-web, please send a note to          |
+  | license@php.net so we can mail you a copy immediately.               |
+  +----------------------------------------------------------------------+
+  | Authors: Ralf Becker <beckerr@php.net>                               |
+  |          Rasmus Lerdorf <rasmus@php.net>                             |
+  |          Ilia Alshanetsky <ilia@prohost.org>                         |
+  +----------------------------------------------------------------------+
+
+   All other licensing and usage conditions are those of the PHP Group.
+
+   Based on https://github.com/krakjoe/apcu/blob/master/apc.php
+   Implemented into Froxlor: Janos Muzsi <muzsij@hypernics.hu>
+
+ */
+
+define('AREA', 'admin');
+require './lib/init.php';
+
+
+$horizontal_bar_size = 950; // 1280px window width
+
+if ($action == 'delete' &&
+        function_exists('apcu_clear_cache') &&
+        $userinfo['change_serversettings'] == '1'
+) {
+    apcu_clear_cache();
+    $log->logAction(ADM_ACTION, LOG_INFO, "cleared APCu cache");
+    header('Location: ' . $linker->getLink(array('section' => 'apcuinfo', 'page' => 'showinfo')));
+    exit();
+}
+
+if (!function_exists('apcu_cache_info') ||
+        !function_exists('apcu_sma_info')
+) {
+    standard_error($lng['error']['no_apcuinfo']);
+}
+
+if ($page == 'showinfo'
+) {
+    $cache = apcu_cache_info();
+    $mem = apcu_sma_info();
+    $time = time();
+    $log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_apcuinfo");
+
+    $passtime = $time - $cache['start_time'] > 0 ? $time - $cache['start_time'] : 1; // zero division
+    $mem_size = $mem['num_seg'] * $mem['seg_size'];
+    $mem_avail = $mem['avail_mem'];
+    $mem_used = $mem_size - $mem_avail;
+    $seg_size = bsize($mem['seg_size']);
+    $sharedmem = sprintf($lng['apcuinfo']['sharedmemval'], $mem['num_seg'], $seg_size, $cache['memory_type']);
+    $req_rate_user = sprintf("%.2f", $cache['num_hits'] ? (($cache['num_hits'] + $cache['num_misses']) / $passtime) : 0);
+    $hit_rate_user = sprintf("%.2f", $cache['num_hits'] ? (($cache['num_hits']) / $passtime) : 0);
+    $miss_rate_user = sprintf("%.2f", $cache['num_misses'] ? (($cache['num_misses']) / $passtime) : 0);
+    $insert_rate_user = sprintf("%.2f", $cache['num_inserts'] ? (($cache['num_inserts']) / $passtime) : 0);
+    $apcversion = phpversion('apcu');
+    $phpversion = phpversion();
+    $number_vars = $cache['num_entries'];
+    $starttime = date('Y-m-d H:i:s', $cache['start_time']);
+    $uptime_duration = duration($cache['start_time']);
+    $size_vars = bsize($cache['mem_size']);
+
+    // check for possible empty values that are used in the templates
+    if (!isset($cache['file_upload_progress'])) {
+        $cache['file_upload_progress'] = $lng['logger']['unknown'];
+    }
+
+    if (!isset($cache['num_expunges'])) {
+        $cache['num_expunges'] = $lng['logger']['unknown'];
+    }
+
+    $runtimelines = '';
+    foreach (ini_get_all('apcu') as $name => $v) {
+        $value = $v['local_value'];
+        eval("\$runtimelines.=\"" . getTemplate("settings/apcuinfo/runtime_line") . "\";");
+    }
+
+    $freemem = bsize($mem_avail) . sprintf(" (%.1f%%)", $mem_avail * 100 / $mem_size);
+    $usedmem = bsize($mem_used) . sprintf(" (%.1f%%)", $mem_used * 100 / $mem_size);
+    $hits = $cache['num_hits'] . @sprintf(" (%.1f%%)", $cache['num_hits'] * 100 / ($cache['num_hits'] + $cache['num_misses']));
+    $misses = $cache['num_misses'] . @sprintf(" (%.1f%%)", $cache['num_misses'] * 100 / ($cache['num_hits'] + $cache['num_misses']));
+
+    // Fragementation: (freeseg - 1) / total_seg
+    $nseg = $freeseg = $fragsize = $freetotal = 0;
+    for ($i = 0; $i < $mem['num_seg']; $i++) {
+        $ptr = 0;
+        foreach ($mem['block_lists'][$i] as $block) {
+            if ($block['offset'] != $ptr) {
+                ++$nseg;
+            }
+            $ptr = $block['offset'] + $block['size'];
+            /* Only consider blocks <5M for the fragmentation % */
+            if ($block['size'] < (5 * 1024 * 1024))
+                $fragsize+=$block['size'];
+            $freetotal+=$block['size'];
+        }
+        $freeseg += count($mem['block_lists'][$i]);
+    }
+
+    if ($freeseg > 1) {
+        $frag = sprintf("%.2f%% (%s out of %s in %d fragments)", ($fragsize / $freetotal) * 100, bsize($fragsize), bsize($freetotal), $freeseg);
+    } else {
+        $frag = "0%";
+    }
+
+    foreach (ini_get_all('apcu') as $name => $v) {
+        $value = $v['local_value'];
+    }
+
+    $img_src1 = '';
+    $img_src2 = '';
+    $img_src3 = '';
+    if (graphics_avail()) {
+        $img_src = $linker->getLink(array('section' => 'apcuinfo', 'page' => 'img1', 'action' => mt_rand(0, 1000000)));
+        eval("\$img_src1=\"" . getTemplate("settings/apcuinfo/img_line") . "\";");
+        $img_src = $linker->getLink(array('section' => 'apcuinfo', 'page' => 'img2', 'action' => mt_rand(0, 1000000)));
+        eval("\$img_src2=\"" . getTemplate("settings/apcuinfo/img_line") . "\";");
+        $img_src = $linker->getLink(array('section' => 'apcuinfo', 'page' => 'img3', 'action' => mt_rand(0, 1000000)));
+        eval("\$img_src3=\"" . getTemplate("settings/apcuinfo/img_line") . "\";");
+    }
+
+    eval("echo \"" . getTemplate("settings/apcuinfo/showinfo") . "\";");
+    
+} elseif ($page == 'img1'
+) {
+
+    $mem = apcu_sma_info();
+
+    $size = 460;
+    $image = imagecreate($size + 5, $size + 5);
+
+    $col_white = imagecolorallocate($image, 0xFF, 0xFF, 0xFF);
+    $col_red = imagecolorallocate($image, 0xD0, 0x60, 0x30);
+    $col_green = imagecolorallocate($image, 0x60, 0xF0, 0x60);
+    $col_black = imagecolorallocate($image, 0, 0, 0);
+
+    imagecolortransparent($image, $col_white);
+
+    $s = $mem['num_seg'] * $mem['seg_size'];
+    $a = $mem['avail_mem'];
+    $x = $y = $size / 2;
+    $fuzz = 0.000001;
+
+    // This block of code creates the pie chart.  It is a lot more complex than you
+    // would expect because we try to visualize any memory fragmentation as well.
+    $angle_from = 0;
+    $string_placement = array();
+    for ($i = 0; $i < $mem['num_seg']; $i++) {
+        $ptr = 0;
+        $free = $mem['block_lists'][$i];
+        uasort($free, 'block_sort');
+        foreach ($free as $block) {
+            if ($block['offset'] != $ptr) {       // Used block
+                $angle_to = $angle_from + ($block['offset'] - $ptr) / $s;
+                if (($angle_to + $fuzz) > 1)
+                    $angle_to = 1;
+                if (($angle_to * 360) - ($angle_from * 360) >= 1) {
+                    fill_arc($image, $x, $y, $size, $angle_from * 360, $angle_to * 360, $col_black, $col_red);
+                    if (($angle_to - $angle_from) > 0.05) {
+                        array_push($string_placement, array($angle_from, $angle_to));
+                    }
+                }
+                $angle_from = $angle_to;
+            }
+            $angle_to = $angle_from + ($block['size']) / $s;
+            if (($angle_to + $fuzz) > 1)
+                $angle_to = 1;
+            if (($angle_to * 360) - ($angle_from * 360) >= 1) {
+                fill_arc($image, $x, $y, $size, $angle_from * 360, $angle_to * 360, $col_black, $col_green);
+                if (($angle_to - $angle_from) > 0.05) {
+                    array_push($string_placement, array($angle_from, $angle_to));
+                }
+            }
+            $angle_from = $angle_to;
+            $ptr = $block['offset'] + $block['size'];
+        }
+        if ($ptr < $mem['seg_size']) { // memory at the end
+            $angle_to = $angle_from + ($mem['seg_size'] - $ptr) / $s;
+            if (($angle_to + $fuzz) > 1)
+                $angle_to = 1;
+            fill_arc($image, $x, $y, $size, $angle_from * 360, $angle_to * 360, $col_black, $col_red);
+            if (($angle_to - $angle_from) > 0.05) {
+                array_push($string_placement, array($angle_from, $angle_to));
+            }
+        }
+    }
+    foreach ($string_placement as $angle) {
+        text_arc($image, $x, $y, $size, $angle[0] * 360, $angle[1] * 360, $col_black, bsize($s * ($angle[1] - $angle[0])));
+    }
+
+    header("Content-type: image/png");
+    imagepng($image);
+    exit;
+} elseif ($page == 'img2'
+) {
+
+    $cache = apcu_cache_info();
+
+    $size = $horizontal_bar_size;
+    $image = imagecreate($size + 5, 140);
+
+    $col_white = imagecolorallocate($image, 0xFF, 0xFF, 0xFF);
+    $col_red = imagecolorallocate($image, 0xD0, 0x60, 0x30);
+    $col_green = imagecolorallocate($image, 0x60, 0xF0, 0x60);
+    $col_black = imagecolorallocate($image, 0, 0, 0);
+
+    imagecolortransparent($image, $col_white);
+
+    $s = $cache['num_hits'] + $cache['num_misses'];
+    $a = $cache['num_hits'];
+
+    fill_box($image, 1, 10, $s ? ($a * ($size - 21) / $s) : $size, 50, $col_black, $col_green/* , sprintf("%.1f%%", $s ? $cache['num_hits'] * 100 / $s : 0) */);
+    fill_box($image, 1, 80, $s ? max(4, ($s - $a) * ($size - 21) / $s) : $size, 50, $col_black, $col_red/* , sprintf("%.1f%%", $s ? $cache['num_misses'] * 100 / $s : 0) */);
+
+    header("Content-type: image/png");
+    imagepng($image);
+    exit;
+} elseif ($page == 'img3'
+) {
+
+    $mem = apcu_sma_info();
+
+    $size = $horizontal_bar_size;
+    $image = imagecreate($size, 70);
+
+    $col_white = imagecolorallocate($image, 0xFF, 0xFF, 0xFF);
+    $col_red = imagecolorallocate($image, 0xD0, 0x60, 0x30);
+    $col_green = imagecolorallocate($image, 0x60, 0xF0, 0x60);
+    $col_black = imagecolorallocate($image, 0, 0, 0);
+
+    imagecolortransparent($image, $col_white);
+
+    $s = $mem['num_seg'] * $mem['seg_size'];
+    $a = $mem['avail_mem'];
+    $x = 10;
+    $y = 0;
+
+    // This block of code creates the bar chart.  It is a lot more complex than you
+    // would expect because we try to visualize any memory fragmentation as well.
+    for ($i = 0; $i < $mem['num_seg']; $i++) {
+        $ptr = 0;
+        $free = $mem['block_lists'][$i];
+        uasort($free, 'block_sort');
+        foreach ($free as $block) {
+            if ($block['offset'] != $ptr) {       // Used block
+                $h = ($size - 5) * ($block['offset'] - $ptr) / $s;
+                if ($h > 0) {
+                    fill_box($image, $y, $x, $h, 50, $col_black, $col_red);
+                }
+                $y+=$h;
+            }
+            $h = ($size - 5) * ($block['size']) / $s;
+            if ($h > 0) {
+                fill_box($image, $y, $x, $h, 50, $col_black, $col_green);
+            }
+            $y+=$h;
+            $ptr = $block['offset'] + $block['size'];
+        }
+        if ($ptr < $mem['seg_size']) { // memory at the end
+            $h = ($size - 5) * ($mem['seg_size'] - $ptr) / $s;
+            if ($h > 0) {
+                fill_box($image, $y, $x, $h, 50, $col_black, $col_red, bsize($mem['seg_size'] - $ptr), $j++);
+            }
+        }
+    }
+
+    header("Content-type: image/png");
+    imagepng($image);
+    exit;
+}
+
+function graphics_avail() {
+    return extension_loaded('gd');
+}
+
+// pretty printer for byte values
+//
+function bsize($s) {
+    foreach (array('', 'K', 'M', 'G') as $i => $k) {
+        if ($s < 1024)
+            break;
+        $s/=1024;
+    }
+    return sprintf("%5.1f %sBytes", $s, $k);
+}
+
+function duration($ts) {
+    global $time;
+    $years = (int) ((($time - $ts) / (7 * 86400)) / 52.177457);
+    $rem = (int) (($time - $ts) - ($years * 52.177457 * 7 * 86400));
+    $weeks = (int) (($rem) / (7 * 86400));
+    $days = (int) (($rem) / 86400) - $weeks * 7;
+    $hours = (int) (($rem) / 3600) - $days * 24 - $weeks * 7 * 24;
+    $mins = (int) (($rem) / 60) - $hours * 60 - $days * 24 * 60 - $weeks * 7 * 24 * 60;
+    $str = '';
+    if ($years == 1)
+        $str .= "$years year, ";
+    if ($years > 1)
+        $str .= "$years years, ";
+    if ($weeks == 1)
+        $str .= "$weeks week, ";
+    if ($weeks > 1)
+        $str .= "$weeks weeks, ";
+    if ($days == 1)
+        $str .= "$days day,";
+    if ($days > 1)
+        $str .= "$days days,";
+    if ($hours == 1)
+        $str .= " $hours hour and";
+    if ($hours > 1)
+        $str .= " $hours hours and";
+    if ($mins == 1)
+        $str .= " 1 minute";
+    else
+        $str .= " $mins minutes";
+    return $str;
+}
+
+function block_sort($array1, $array2) {
+    if ($array1['offset'] > $array2['offset']) {
+        return 1;
+    } else {
+        return -1;
+    }
+}
+
+function fill_arc($im, $centerX, $centerY, $diameter, $start, $end, $color1, $color2, $text = '', $placeindex = 0) {
+    $r = $diameter / 2;
+    $w = deg2rad((360 + $start + ($end - $start) / 2) % 360);
+
+
+    if (function_exists("imagefilledarc")) {
+        // exists only if GD 2.0.1 is available
+        imagefilledarc($im, $centerX + 1, $centerY + 1, $diameter, $diameter, $start, $end, $color1, IMG_ARC_PIE);
+        imagefilledarc($im, $centerX, $centerY, $diameter, $diameter, $start, $end, $color2, IMG_ARC_PIE);
+        imagefilledarc($im, $centerX, $centerY, $diameter, $diameter, $start, $end, $color1, IMG_ARC_NOFILL | IMG_ARC_EDGED);
+    } else {
+        imagearc($im, $centerX, $centerY, $diameter, $diameter, $start, $end, $color2);
+        imageline($im, $centerX, $centerY, $centerX + cos(deg2rad($start)) * $r, $centerY + sin(deg2rad($start)) * $r, $color2);
+        imageline($im, $centerX, $centerY, $centerX + cos(deg2rad($start + 1)) * $r, $centerY + sin(deg2rad($start)) * $r, $color2);
+        imageline($im, $centerX, $centerY, $centerX + cos(deg2rad($end - 1)) * $r, $centerY + sin(deg2rad($end)) * $r, $color2);
+        imageline($im, $centerX, $centerY, $centerX + cos(deg2rad($end)) * $r, $centerY + sin(deg2rad($end)) * $r, $color2);
+        imagefill($im, $centerX + $r * cos($w) / 2, $centerY + $r * sin($w) / 2, $color2);
+    }
+    if ($text) {
+        if ($placeindex > 0) {
+            imageline($im, $centerX + $r * cos($w) / 2, $centerY + $r * sin($w) / 2, $diameter, $placeindex * 12, $color1);
+            imagestring($im, 4, $diameter, $placeindex * 12, $text, $color1);
+        } else {
+            imagestring($im, 4, $centerX + $r * cos($w) / 2, $centerY + $r * sin($w) / 2, $text, $color1);
+        }
+    }
+}
+
+function text_arc($im, $centerX, $centerY, $diameter, $start, $end, $color1, $text, $placeindex = 0) {
+    $r = $diameter / 2;
+    $w = deg2rad((360 + $start + ($end - $start) / 2) % 360);
+
+    if ($placeindex > 0) {
+        imageline($im, $centerX + $r * cos($w) / 2, $centerY + $r * sin($w) / 2, $diameter, $placeindex * 12, $color1);
+        imagestring($im, 4, $diameter, $placeindex * 12, $text, $color1);
+    } else {
+        imagestring($im, 4, $centerX + $r * cos($w) / 2, $centerY + $r * sin($w) / 2, $text, $color1);
+    }
+}
+
+function fill_box($im, $x, $y, $w, $h, $color1, $color2, $text = '', $placeindex = '') {
+    global $col_black;
+    $x1 = $x + $w - 1;
+    $y1 = $y + $h - 1;
+
+    imagerectangle($im, $x, $y1, $x1 + 1, $y + 1, $col_black);
+    if ($y1 > $y)
+        imagefilledrectangle($im, $x, $y, $x1, $y1, $color2);
+    else
+        imagefilledrectangle($im, $x, $y1, $x1, $y, $color2);
+    imagerectangle($im, $x, $y1, $x1, $y, $color1);
+    if ($text) {
+        if ($placeindex > 0) {
+
+            if ($placeindex < 16) {
+                $px = 5;
+                $py = $placeindex * 12 + 6;
+                imagefilledrectangle($im, $px + 90, $py + 3, $px + 90 - 4, $py - 3, $color2);
+                imageline($im, $x, $y + $h / 2, $px + 90, $py, $color2);
+                imagestring($im, 2, $px, $py - 6, $text, $color1);
+            } else {
+                if ($placeindex < 31) {
+                    $px = $x + 40 * 2;
+                    $py = ($placeindex - 15) * 12 + 6;
+                } else {
+                    $px = $x + 40 * 2 + 100 * intval(($placeindex - 15) / 15);
+                    $py = ($placeindex % 15) * 12 + 6;
+                }
+                imagefilledrectangle($im, $px, $py + 3, $px - 4, $py - 3, $color2);
+                imageline($im, $x + $w, $y + $h / 2, $px, $py, $color2);
+                imagestring($im, 2, $px + 2, $py - 6, $text, $color1);
+            }
+        } else {
+            imagestring($im, 4, $x + 5, $y1 - 16, $text, $color1);
+        }
+    }
+}
--- a/admin_autoupdate.php
+++ b/admin_autoupdate.php
@@ -0,0 +1,209 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <mkaufmann@nutime.de>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Frontend
+ *
+ * @since      0.9.35
+ *
+ */
+
+define('AREA', 'admin');
+require './lib/init.php';
+
+// define update-uri
+define('UPDATE_URI', "https://version.froxlor.org/Froxlor/legacy/" . $version);
+define('RELEASE_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip");
+define('CHECKSUM_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip.sha256");
+
+// check for allow_url_fopen
+if (ini_get('allow_url_fopen') === false) {
+	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 1));
+}
+
+// check for archive-stuff
+if (! extension_loaded('zip')) {
+	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 2));
+}
+
+// display initial version check
+if ($page == 'overview') {
+
+	// log our actions
+	$log->logAction(ADM_ACTION, LOG_NOTICE, "checking auto-update");
+
+	// check for new version
+	$latestversion = @file(UPDATE_URI);
+
+	if (isset($latestversion[0])) {
+		$latestversion = explode('|', $latestversion[0]);
+
+		if (is_array($latestversion)
+				&& count($latestversion) >= 1
+		) {
+			$_version = $latestversion[0];
+			$_message = isset($latestversion[1]) ? $latestversion[1] : '';
+			$_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
+
+			// add the branding so debian guys are not gettings confused
+			// about their version-number
+			$version_label = $_version.$branding;
+			$version_link = $_link;
+			$message_addinfo = $_message;
+
+			// not numeric -> error-message
+			if (!preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) {
+				// check for customized version to not output
+				// "There is a newer version of froxlor" besides the error-message
+				redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 3));
+			} elseif (version_compare2($version, $_version) == -1) {
+				// there is a newer version - yay
+				$isnewerversion = 1;
+			} else {
+				// nothing new
+				$isnewerversion = 0;
+			}
+
+			// anzeige über version-status mit ggfls. formular
+			// zum update schritt #1 -> download
+			if ($isnewerversion == 1) {
+				$text = 'There is a newer version available. Update to version <b>'.$_version.'</b> now?<br/>(Your current version is: '.$version.')';
+				$hiddenparams = '<input type="hidden" name="newversion" value="'.$_version.'" />';
+				$yesfile = $filename.'?s='.$s.'&amp;page=getdownload';
+				eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";");
+				exit;
+			}
+			elseif ($isnewerversion == 0) {
+				// all good
+				standard_success ('noupdatesavail');
+			} else {
+				standard_error ('customized_version');
+			}
+		}
+	}
+	// error (something weird came from version.froxlor.org)
+	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 5));
+}
+// download the new archive
+elseif ($page == 'getdownload') {
+
+	// retrieve the new version from the form
+	$newversion = isset($_POST['newversion']) ? $_POST['newversion'] : null;
+
+	// valid?
+	if ($newversion !== null) {
+
+		// define files to get
+		$toLoad = str_replace('{version}', $newversion, RELEASE_URI);
+		$toCheck = str_replace('{version}', $newversion, CHECKSUM_URI);
+
+		// get archive data
+		$newArchive = @file_get_contents($toLoad);
+
+		// check for local destination folder
+		if (!is_dir(FROXLOR_INSTALL_DIR.'/updates/')) {
+			mkdir(FROXLOR_INSTALL_DIR.'/updates/');
+		}
+
+		// name archive
+		$localArchive = FROXLOR_INSTALL_DIR.'/updates/'.basename($toLoad);
+
+		$log->logAction(ADM_ACTION, LOG_NOTICE, "Downloading ".$toLoad." to ".$localArchive);
+
+		// remove old archive
+		if (file_exists($localArchive)) {
+			@unlink($localArchive);
+		}
+
+		// store archive
+		$fh = fopen($localArchive, 'w');
+		if (!fwrite($fh, $newArchive)) {
+			redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 4));
+		}
+
+		// close file-handle
+		fclose($fh);
+
+		// validate the integrity of the downloaded file
+		$_shouldsum = @file_get_contents($toCheck);
+		if (!empty($_shouldsum)) {
+			$_t = explode(" ", $_shouldsum);
+			$shouldsum = $_t[0];
+		} else {
+			$shouldsum = null;
+		}
+		$filesum = hash_file('sha256', $localArchive);
+
+		if ($filesum != $shouldsum) {
+			redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 9));
+		}
+
+		// to the next step
+		redirectTo($filename, array('s' => $s, 'page' => 'extract', 'archive' => basename($localArchive)));
+	}
+	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 6));
+}
+// extract and install new version
+elseif ($page == 'extract') {
+
+	$toExtract = isset($_GET['archive']) ? $_GET['archive'] : null;
+	$localArchive = FROXLOR_INSTALL_DIR.'/updates/'.$toExtract;
+
+	if (isset($_POST['send'])
+			&& $_POST['send'] == 'send'
+	) {
+		// decompress from zip
+		$zip = new ZipArchive;
+		$res = $zip->open($localArchive);
+		if ($res === true) {
+			$log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting ".$localArchive." to ".FROXLOR_INSTALL_DIR);
+			$zip->extractTo(FROXLOR_INSTALL_DIR);
+			$zip->close();
+			// success - remove unused archive
+			@unlink($localArchive);
+		} else {
+			// error
+			redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 8));
+		}
+
+		// redirect to update-page?
+		redirectTo('admin_updates.php', array('s' => $s));
+	}
+
+	if (!file_exists($localArchive)) {
+		redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 7));
+	}
+
+	$text = 'Extract downloaded archive "'.$toExtract.'"?';
+	$hiddenparams = '';
+	$yesfile = $filename.'?s='.$s.'&amp;page=extract&amp;archive='.$toExtract;
+	eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";");
+}
+
+// display error
+elseif ($page == 'error') {
+
+	// retrieve error-number via url-parameter
+	$errno = isset($_GET['errno']) ? (int)$_GET['errno'] : 0;
+
+	// 1 = no allow_url_fopen
+	// 2 = no Zlib
+	// 3 = custom version detected
+	// 4 = could not store archive to local hdd
+	// 5 = some weird value came from version.froxlor.org
+	// 6 = download without valid version
+	// 7 = local archive does not exist
+	// 8 = could not extract archive
+	// 9 = checksum mismatch
+	standard_error ('autoupdate_'.$errno);
+}
--- a/admin_configfiles.php
+++ b/admin_configfiles.php
@@ -20,6 +20,16 @@ require './lib/init.php';

 if ($userinfo['change_serversettings'] == '1') {

+	$customer_tmpdir = '/tmp/';
+	if (Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_tmpdir') != '')
+	{
+		$customer_tmpdir = Settings::Get('system.mod_fcgid_tmpdir');
+	}
+	elseif (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.tmpdir') != '')
+	{
+		$customer_tmpdir = Settings::Get('phpfpm.tmpdir');
+	}
+
 	$replace_arr = Array(
 		'<SQL_UNPRIVILEGED_USER>' => $sql['user'],
 		'<SQL_UNPRIVILEGED_PASSWORD>' => 'MYSQL_PASSWORD',
@@ -33,7 +43,7 @@ if ($userinfo['change_serversettings'] == '1') {
 		'<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
 		'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),
 		'<SSLPROTOCOLS>' => (Settings::Get('system.use_ssl') == '1') ? 'imaps pop3s' : '',
-        '<CUSTOMER_TMP>' => (Settings::Get('system.mod_fcgid_tmpdir') != '') ? makeCorrectDir(Settings::Get('system.mod_fcgid_tmpdir')) : '/tmp/',
+		'<CUSTOMER_TMP>' => makeCorrectDir($customer_tmpdir),
 		'<BASE_PATH>' => makeCorrectDir(FROXLOR_INSTALL_DIR),
 		'<BIND_CONFIG_PATH>' => makeCorrectDir(Settings::Get('system.bindconf_directory')),
 		'<WEBSERVER_RELOAD_CMD>' => Settings::Get('system.apachereload_command'),
@@ -43,9 +53,9 @@ if ($userinfo['change_serversettings'] == '1') {
 	);

 	// get distro from URL param
-    $distribution = isset($_GET['distribution']) ? $_GET['distribution'] : "";
-    $service = isset($_GET['service']) ? $_GET['service'] : "";
-    $daemon = isset($_GET['daemon']) ? $_GET['daemon'] : "";
+	$distribution = (isset($_GET['distribution']) && $_GET['distribution'] != 'choose') ? $_GET['distribution'] : "";
+	$service = (isset($_GET['service']) && $_GET['service'] != 'choose') ? $_GET['service'] : "";
+	$daemon = (isset($_GET['daemon']) && $_GET['daemon'] != 'choose') ? $_GET['daemon'] : "";
 	$distributions_select = "";
 	$services_select = "";
 	$daemons_select = "";
@@ -133,11 +143,11 @@ if ($userinfo['change_serversettings'] == '1') {
 			}
 			switch ($action['type']) {
 				case "install":
-                    $commands .= $action['content'] . "\n";
+					$commands .= strtr($action['content'], $replace_arr) . "\n";
 					$lasttype = "install";
 					break;
 				case "command":
-                    $commands .= $action['content'] . "\n";
+					$commands .= strtr($action['content'], $replace_arr) . "\n";
 					$lasttype = "command";
 					break;
 				case "file":
--- a/admin_customers.php
+++ b/admin_customers.php
@@ -84,6 +84,15 @@ if ($page == 'customers'
 				$domains = $domains_stmt->fetch(PDO::FETCH_ASSOC);
 				$row['domains'] = intval($domains['domains']);
 				$dec_places = Settings::Get('panel.decimal_places');
+
+				// get disk-space usages for web, mysql and mail
+				$usages_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_DISKSPACE."` WHERE `customerid` = :cid ORDER BY `stamp` DESC LIMIT 1");
+				$usages = Database::pexecute_first($usages_stmt, array('cid' => $row['customerid']));
+
+				$row['webspace_used'] = round($usages['webspace'] / 1024, $dec_places);
+				$row['mailspace_used'] = round($usages['mail'] / 1024, $dec_places);
+				$row['dbspace_used'] = round($usages['mysql'] / 1024, $dec_places);
+
 				$row['traffic_used'] = round($row['traffic_used'] / (1024 * 1024), $dec_places);
 				$row['traffic'] = round($row['traffic'] / (1024 * 1024), $dec_places);
 				$row['diskspace_used'] = round($row['diskspace_used'] / 1024, $dec_places);
@@ -278,12 +287,14 @@ if ($page == 'customers'
 				Database::pexecute($stmt, array('id' => $id));
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DATABASES . "` WHERE `customerid` = :id");
 				Database::pexecute($stmt, array('id' => $id));
-				// first gather all domain-id's to clean up panel_domaintoip accordingly
+				// first gather all domain-id's to clean up panel_domaintoip and dns-entries accordingly
 				$did_stmt = Database::prepare("SELECT `id` FROM `".TABLE_PANEL_DOMAINS."` WHERE `customerid` = :id");
 				Database::pexecute($did_stmt, array('id' => $id));
 				while ($row = $did_stmt->fetch(PDO::FETCH_ASSOC)) {
 					$stmt = Database::prepare("DELETE FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :did");
 					Database::pexecute($stmt, array('did' => $row['id']));
+					$stmt = Database::prepare("DELETE FROM `" . TABLE_DOMAIN_DNS . "` WHERE `domain_id` = :did");
+					Database::pexecute($stmt, array('did' => $row['id']));
 				}
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid` = :id");
 				Database::pexecute($stmt, array('id' => $id));
@@ -526,6 +537,11 @@ if ($page == 'customers'
 					$perlenabled = intval($_POST['perlenabled']);
 				}

+				$dnsenabled = 0;
+				if (isset($_POST['dnsenabled'])) {
+					$dnsenabled = intval($_POST['dnsenabled']);
+				}
+
 				$store_defaultindex = 0;
 				if (isset($_POST['store_defaultindex'])) {
 					$store_defaultindex = intval($_POST['store_defaultindex']);
@@ -554,7 +570,6 @@ if ($page == 'customers'
 				   || ($subdomains == '-1' && $userinfo['subdomains'] != '-1')
 				) {
 					standard_error('youcantallocatemorethanyouhave');
-					exit;
 				}

 				// Either $name and $firstname or the $company must be inserted
@@ -639,6 +654,10 @@ if ($page == 'customers'
 						$perlenabled = '1';
 					}

+					if ($dnsenabled != '0') {
+						$dnsenabled = '1';
+					}
+
 					if ($password == '') {
 						$password = generatePassword();
 					}
@@ -677,6 +696,7 @@ if ($page == 'customers'
 						'imap' => $email_imap,
 						'pop3' => $email_pop3,
 						'perlenabled' => $perlenabled,
+						'dnsenabled' => $dnsenabled,
 						'theme' => $_theme,
 						'custom_notes' => $custom_notes,
 						'custom_notes_show' => $custom_notes_show
@@ -716,6 +736,7 @@ if ($page == 'customers'
 						`imap` = :imap,
 						`pop3` = :pop3,
 						`perlenabled` = :perlenabled,
+						`dnsenabled` = :dnsenabled,
 						`theme` = :theme,
 						`custom_notes` = :custom_notes,
 						`custom_notes_show` = :custom_notes_show"
@@ -857,7 +878,7 @@ if ($page == 'customers'
 						}
 						// check froxlor-local user membership in ftp-group
 						// without this check addition may duplicate user in list if httpuser == local_user
-						if (strpos($ins_data['members'], $local_user) !== false) {
+						if (strpos($ins_data['members'], $local_user) == false) {
 							$ins_data['members'] .= ','.$local_user;
 						}
 					}
@@ -913,10 +934,13 @@ if ($page == 'customers'
 						$domainid = Database::lastInsertId();

 						// set ip <-> domain connection
+						$defaultips = explode(',', Settings::Get('system.defaultip'));
 						$ins_stmt = Database::prepare("
 							  INSERT INTO `" . TABLE_DOMAINTOIP . "` SET `id_domain` = :domainid, `id_ipandports` = :ipid"
 						);
-						Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipid' => Settings::Get('system.defaultip')));
+						foreach ($defaultips as $defaultip) {
+							Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipid' => $defaultip));
+						}

 						$upd_stmt = Database::prepare("
 							UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `standardsubdomain` = :domainid WHERE `customerid` = :customerid"
@@ -937,7 +961,9 @@ if ($page == 'customers'
 							SELECT ip, port FROM `".TABLE_PANEL_IPSANDPORTS."`
 							WHERE `id` = :defaultip
 						");
-						$srv_ip = Database::pexecute_first($srv_ip_stmt, array('defaultip' => Settings::Get('system.defaultip')));
+						$default_ips = Settings::Get('system.defaultip');
+						$default_ips = explode(',', $default_ips);
+						$srv_ip = Database::pexecute_first($srv_ip_stmt, array('defaultip' => reset($default_ips)));

 						$replace_arr = array(
 							'FIRSTNAME' => $firstname,
@@ -1182,6 +1208,11 @@ if ($page == 'customers'
 					$perlenabled = intval($_POST['perlenabled']);
 				}

+				$dnsenabled = 0;
+				if (isset($_POST['dnsenabled'])) {
+					$dnsenabled = intval($_POST['dnsenabled']);
+				}
+
 				$diskspace = $diskspace * 1024;
 				$traffic = $traffic * 1024 * 1024;

@@ -1205,7 +1236,6 @@ if ($page == 'customers'
 				   || ($subdomains == '-1' && $userinfo['subdomains'] != '-1')
 				) {
 					standard_error('youcantallocatemorethanyouhave');
-					exit;
 				}

 				// Either $name and $firstname or the $company must be inserted
@@ -1272,10 +1302,13 @@ if ($page == 'customers'
 						$domainid = Database::lastInsertId();

 						// set ip <-> domain connection
+						$defaultips = explode(',', Settings::Get('system.defaultip'));
 						$ins_stmt = Database::prepare("
 							  INSERT INTO `" . TABLE_DOMAINTOIP . "` SET `id_domain` = :domainid, `id_ipandports` = :ipid"
 						);
-						Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipid' => Settings::Get('system.defaultip')));
+						foreach ($defaultips as $defaultip) {
+							Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipid' => $defaultip));
+						}

 						$upd_stmt = Database::prepare("
 							UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `standardsubdomain` = :domainid WHERE `customerid` = :customerid"
@@ -1311,6 +1344,10 @@ if ($page == 'customers'
 						$perlenabled = '1';
 					}

+					if ($dnsenabled != '0') {
+						$dnsenabled = '1';
+					}
+
 					if ($phpenabled != $result['phpenabled']
 						|| $perlenabled != $result['perlenabled']
 					) {
@@ -1421,6 +1458,7 @@ if ($page == 'customers'
 						'imap' => $email_imap,
 						'pop3' => $email_pop3,
 						'perlenabled' => $perlenabled,
+						'dnsenabled' => $dnsenabled,
 						'custom_notes' => $custom_notes,
 						'custom_notes_show' => $custom_notes_show
 					);
@@ -1454,6 +1492,7 @@ if ($page == 'customers'
 						`imap` = :imap,
 						`pop3` = :pop3,
 						`perlenabled` = :perlenabled,
+						`dnsenabled` = :dnsenabled,
 						`custom_notes` = :custom_notes,
 						`custom_notes_show` = :custom_notes_show
 						WHERE `customerid` = :customerid"
--- a/admin_domains.php
+++ b/admin_domains.php
--- a/admin_index.php
+++ b/admin_index.php
@@ -42,7 +42,6 @@ if ($action == 'logout')  {
 	Database::pexecute($stmt, $params);

 	redirectTo('index.php');
-	exit;
 }

 if (isset($_POST['id'])) {
@@ -145,6 +144,15 @@ if ($page == 'overview') {
 	$cron_last_runs = getCronjobsLastRun();
 	$outstanding_tasks = getOutstandingTasks();

+	$system_hostname = gethostname();
+	$meminfo= explode("\n", @file_get_contents("/proc/meminfo"));
+	$memory = "";
+	for ($i = 0; $i < sizeof($meminfo); ++$i) {
+		if (substr($meminfo[$i], 0, 3) === "Mem") {
+			$memory.= $meminfo[$i] . PHP_EOL;
+		}
+	}
+
 	if (function_exists('sys_getloadavg')) {
 		$loadArray = sys_getloadavg();
 		$load = number_format($loadArray[0], 2, '.', '') . " / " . number_format($loadArray[1], 2, '.', '') . " / " . number_format($loadArray[2], 2, '.', '');
@@ -201,7 +209,6 @@ if ($page == 'overview') {

 		if (!validatePasswordLogin($userinfo,$old_password,TABLE_PANEL_ADMINS,'adminid')) {
 			standard_error('oldpasswordnotcorrect');
-			exit;
 		}

 		$new_password = validate($_POST['new_password'], 'new password');
@@ -362,7 +369,8 @@ if ($page == 'overview') {
 			$mail_body .= "File: ".$_error['file'].':'.$_error['line']."\n\n";
 			$mail_body .= "Trace:\n".trim($_error['trace'])."\n\n";
 			$mail_body .= "-------------------------------------------------------------\n\n";
-			$mail_body .= "Froxlor-version: ".$version."\n\n";
+			$mail_body .= "Froxlor-version: ".$version."\n";
+			$mail_body .= "DB-version: ".$dbversion."\n\n";
 			$mail_body .= "End of report";
 			$mail_html = nl2br($mail_body);

--- a/admin_ipsandports.php
+++ b/admin_ipsandports.php
@@ -29,6 +29,11 @@ if (isset($_POST['id'])) {
 if ($page == 'ipsandports'
 	|| $page == 'overview'
 ) {
+	// Do not display attributes that are not used by the current webserver
+	$websrv = Settings::Get('system.webserver');
+	$is_nginx = ($websrv == 'nginx');
+	$is_apache = ($websrv == 'apache2');
+	$is_apache24 = $is_apache && (Settings::Get('system.apache24') === '1');

 	if ($action == '') {

@@ -79,7 +84,7 @@ if ($page == 'ipsandports'
 			$result_checkdomain = Database::pexecute_first($result_checkdomain_stmt, array('id' => $id));

 			if ($result_checkdomain['id'] == '') {
-				if ($result['id'] != Settings::Get('system.defaultip')) {
+				if (!in_array($result['id'], explode(',', Settings::Get('system.defaultip')))) {

 					$result_sameipotherport_stmt = Database::prepare("
 						SELECT `id` FROM `" . TABLE_PANEL_IPSANDPORTS . "`
--- a/admin_logger.php
+++ b/admin_logger.php
@@ -34,7 +34,8 @@ if ($page == 'log'
 		$result_stmt = Database::query('
 			SELECT * FROM `' . TABLE_PANEL_LOG . '` ' . $paging->getSqlWhere(false) . ' ' . $paging->getSqlOrderBy() . ' ' . $paging->getSqlLimit()
 		);
-		$paging->setEntries(Database::num_rows());
+		$logs_count = Database::num_rows();
+		$paging->setEntries($logs_count);
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 		$searchcode = $paging->getHtmlSearchCode($lng);
@@ -100,35 +101,12 @@ if ($page == 'log'
 					}

 					$log_count++;
-					$type = $row['type'];
-					$_type = 'unknown';
-
-					switch ($type) {
-						case LOG_INFO:
-							$_type = 'Information';
-							break;
-						case LOG_NOTICE:
-							$_type = 'Notice';
-							break;
-						case LOG_WARNING:
-							$_type = 'Warning';
-							break;
-						case LOG_ERR:
-							$_type = 'Error';
-							break;
-						case LOG_CRIT:
-							$_type = 'Critical';
-							break;
-						default:
-							$_type = 'Unknown';
-							break;
-					}
-
-					$row['type'] = $_type;
+					$row['type'] = getLogLevelDesc($row['type']);
 					eval("\$log.=\"" . getTemplate('logger/logger_log') . "\";");
 					$count++;
 					$_action = $action;
 				}
+				$i++;
 			}
 			$i++;
 		}
--- a/admin_opcacheinfo.php
+++ b/admin_opcacheinfo.php
@@ -0,0 +1,158 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Janos Muzsi <muzsij@hypernics.hu> (2016)
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Panel
+ *
+ * Based on https://github.com/amnuts/opcache-gui
+ *
+ */
+
+define('AREA', 'admin');
+require './lib/init.php';
+
+
+if ($action == 'reset' &&
+        function_exists('opcache_reset') &&
+        $userinfo['change_serversettings'] == '1'
+) {
+    opcache_reset();
+    $log->logAction(ADM_ACTION, LOG_INFO, "reseted OPcache");
+    header('Location: ' . $linker->getLink(array('section' => 'opcacheinfo', 'page' => 'showinfo')));
+    exit();
+}
+
+if (!function_exists('opcache_get_configuration')
+) {
+    standard_error($lng['error']['no_opcacheinfo']);
+}
+
+if ($page == 'showinfo'
+) {
+    
+    $opcache_info = opcache_get_configuration();
+    $opcache_status = opcache_get_status(false);
+    $time = time();
+    $log->logAction(ADM_ACTION, LOG_NOTICE, "viewed OPcache info");
+    
+    $runtimelines = '';
+    if (isset($opcache_info['directives']) && is_array($opcache_info['directives'])) {
+        foreach ($opcache_info['directives'] as $name => $value) {
+            $linkname=  str_replace('_', '-', $name);
+            if ($name=='opcache.optimization_level' && is_integer($value)) {
+                $value='0x'.dechex($value);
+            }
+            if ($name=='opcache.memory_consumption' && is_integer($value) && $value%(1024*1024)==0) {
+                $value=$value/(1024*1024);
+            }
+            if ($value===null || $value==='') {
+                $value=$lng['opcacheinfo']['novalue'];
+            }
+            if ($value===true) {
+                $value=$lng['opcacheinfo']['true'];
+            }
+            if ($value===false) {
+                $value=$lng['opcacheinfo']['false'];
+            }
+            if (is_integer($value)) {
+                $value=number_format($value,0,'.',' ');
+            }
+            $name=str_replace('_', ' ', $name);
+            eval("\$runtimelines.=\"" . getTemplate("settings/opcacheinfo/runtime_line") . "\";");
+        }
+    }
+    
+    $cachehits=@$opcache_status['opcache_statistics']['hits'] ?: 0;
+    $cachemiss=@$opcache_status['opcache_statistics']['misses'] ?: 0;
+    $blacklistmiss=@$opcache_status['opcache_statistics']['blacklist_misses'] ?: 0;
+    $cachetotal=$cachehits+$cachemiss+$blacklistmiss;
+    
+    $general=array(
+        'version' => (isset($opcache_info['version']['opcache_product_name']) ? $opcache_info['version']['opcache_product_name'].' ' : '').$opcache_info['version']['version'],
+        'phpversion' => phpversion(),
+        'start_time'         => @$opcache_status['opcache_statistics']['start_time'] ? date('Y-m-d H:i:s',$opcache_status['opcache_statistics']['start_time']) : '',
+        'last_restart_time'  => @$opcache_status['opcache_statistics']['last_restart_time'] ? date('Y-m-d H:i:s',$opcache_status['opcache_statistics']['last_restart_time']) : $lng['opcacheinfo']['never'],
+        'oom_restarts' => number_format(@$opcache_status['opcache_statistics']['oom_restarts'] ?: 0,0,'.',' '),
+        'hash_restarts' => number_format(@$opcache_status['opcache_statistics']['hash_restarts'] ?: 0,0,'.',' '),
+        'manual_restarts' => number_format(@$opcache_status['opcache_statistics']['manual_restarts'] ?: 0,0,'.',' '),
+        'status' => (@$opcache_status['restart_in_progress'] ? $lng['opcacheinfo']['restartinprogress'] :
+            (@$opcache_status['restart_pending'] ? $lng['opcacheinfo']['restartpending'] :
+            (@$opcache_status['cache_full'] ? $lng['opcacheinfo']['cachefull'] :
+            (@$opcache_status['opcache_enabled'] ? $lng['opcacheinfo']['enabled'] : $lng['opcacheinfo']['novalue'])))),
+        'cachedscripts' => number_format(@$opcache_status['opcache_statistics']['num_cached_scripts'] ?: 0,0,'.',' '),
+        'cachehits' => number_format($cachehits,0,'.',' ') . ($cachetotal>0 ? sprintf(" (%.1f %%)", $cachehits/($cachetotal)*100) : ''),
+        'cachemiss' => number_format($cachemiss,0,'.',' ') . ($cachetotal>0 ? sprintf(" (%.1f %%)", $cachemiss/($cachetotal)*100) : ''),
+        'blacklistmiss' => number_format($blacklistmiss,0,'.',' ') . ($cachetotal>0 ? sprintf(" (%.1f %%)", $blacklistmiss/($cachetotal)*100) : ''),
+    );
+    
+    $usedmem=@$opcache_status['memory_usage']['used_memory'] ?: 0;
+    $usedmemstr=bsize($usedmem);
+    $freemem=@$opcache_status['memory_usage']['free_memory'] ?: 0;
+    $freememstr=bsize($freemem);
+    $totalmem=$usedmem+$freemem;
+    $wastedmem=@$opcache_status['memory_usage']['wasted_memory'] ?: 0;
+    $wastedmemstr=bsize($wastedmem);
+    if ($totalmem) {
+        $memory=array(
+            'total' => bsize($totalmem),
+            'used' => $usedmemstr . ($totalmem>0 ? sprintf(" (%.1f %%)", $usedmem/($totalmem)*100) : ''),
+            'free' => $freememstr . ($totalmem>0 ? sprintf(" (%.1f %%)", $freemem/($totalmem)*100) : ''),
+            'wasted' => $wastedmemstr . ($totalmem>0 ? sprintf(" (%.1f %%)", $wastedmem/($totalmem)*100) : ''),
+        );
+    }
+    
+    if (isset($opcache_status['interned_strings_usage'])) {
+        $usedstring=@$opcache_status['interned_strings_usage']['used_memory'] ?: 0;
+        $usedstringstr=bsize($usedstring);
+        $freestring=@$opcache_status['interned_strings_usage']['free_memory'] ?: 0;
+        $freestringstr=bsize($freestring);
+        $totalstring=$usedstring+$freestring;
+        $stringbuffer=array(
+            'total' => bsize($totalstring),
+            'used' => $usedstringstr . ($totalstring>0 ? sprintf(" (%.1f %%)", $usedstring/$totalstring*100) : ''),
+            'free' => $freestringstr . ($totalstring>0 ? sprintf(" (%.1f %%)", $freestring/$totalstring*100) : ''),
+            'strcount' => number_format(@$opcache_status['interned_strings_usage']['number_of_strings'] ?: 0,0,'.',' '),
+        );
+    }
+
+    $usedkey=@$opcache_status['opcache_statistics']['num_cached_keys'] ?: 0;
+    $usedkeystr=number_format($usedkey,0,'.',' ');
+    $totalkey=@$opcache_status['opcache_statistics']['max_cached_keys'] ?: 0;
+    $wastedkey=$usedkey - (@$opcache_status['opcache_statistics']['num_cached_scripts'] ?: 0);
+    if (isset($opcache_status['opcache_statistics'])) {
+        $keystat=array(
+            'total' => number_format($totalkey,0,'.',' '),
+            'used' => $usedkeystr . ($totalkey>0 ? sprintf(" (%.1f %%)", $usedkey/($totalkey)*100) : ''),
+            'wasted' => number_format($wastedkey,0,'.',' ') . ($totalkey>0 ? sprintf(" (%.1f %%)", $wastedkey/($totalkey)*100) : ''),
+        );
+    }
+    
+    $blacklistlines = '';
+    if (isset($opcache_info['blacklist']) && is_array($opcache_info['blacklist'])) {
+        foreach ($opcache_info['blacklist'] as $value) {
+            eval("\$blacklistlines.=\"" . getTemplate("settings/opcacheinfo/blacklist_line") . "\";");
+        }
+    }
+    
+    eval("echo \"" . getTemplate("settings/opcacheinfo/showinfo") . "\";");
+    
+}
+
+function bsize($s) {
+    foreach (array('', 'K', 'M', 'G') as $i => $k) {
+        if ($s < 1024)
+            break;
+        $s/=1024;
+    }
+    return sprintf("%5.1f %sBytes", $s, $k);
+}
--- a/admin_settings.php
+++ b/admin_settings.php
@@ -160,6 +160,8 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		inserttask('10');
 		// Using nameserver, insert a task which rebuilds the server config
 		inserttask('4');
+		// cron.d file
+		inserttask('99');

 		standard_success('rebuildingconfigs', '', array('filename' => 'admin_index.php'));

--- a/admin_templates.php
+++ b/admin_templates.php
@@ -201,7 +201,6 @@ if ($action == '') {

 	} else {
 		standard_error('templatenotfound');
-		exit;
 	}

 } elseif($action == 'add') {
@@ -358,7 +357,6 @@ if ($action == '') {
 			eval("echo \"" . getTemplate("templates/templates_add_1") . "\";");
 		} else {
 			standard_error('alltemplatesdefined');
-			exit;
 		}

 	} else {
@@ -371,7 +369,6 @@ if ($action == '') {

 		if (Database::num_rows() == count($file_templates)) {
 			standard_error('alltemplatesdefined');
-			exit;

 		} else {

@@ -514,6 +511,5 @@ if ($action == '') {

 	} else {
 		standard_error('templatenotfound');
-		exit;
 	}
 }
--- a/admin_traffic.php
+++ b/admin_traffic.php
@@ -27,7 +27,6 @@ if ($action == 'logout') {
 	);
 	Database::pexecute($logout_stmt, array('adminid' => $userinfo['adminid']));
 	redirectTo('index.php');
-	exit;
 }

 if (isset($_POST['id'])) {
--- a/admin_updates.php
+++ b/admin_updates.php
@@ -54,7 +54,7 @@ if ($page == 'overview') {
 		}
 	}

-	if (hasUpdates($version)) {
+	if (hasDbUpdates($dbversion) || hasUpdates($version)) {
 		$successful_update = false;
 		$message = '';

@@ -85,15 +85,26 @@ if ($page == 'overview') {

 		if (!$successful_update) {
 			$current_version = Settings::Get('panel.version');
+			$current_db_version = Settings::Get('panel.db_version');
+			if (empty($current_db_version)) {
+			    $current_db_version = "0";
+			}
 			$new_version = $version;
+			$new_db_version = $dbversion;

 			$ui_text = $lng['update']['update_information']['part_a'];
+			if ($version != $current_version) {
 			     $ui_text = str_replace('%curversion', $current_version, $ui_text);
 			     $ui_text = str_replace('%newversion', $new_version, $ui_text);
+			} else {
+			    // show db version
+			    $ui_text = str_replace('%curversion', $current_db_version, $ui_text);
+			    $ui_text = str_replace('%newversion', $new_db_version, $ui_text);
+			}
 			$update_information = $ui_text;

 			include_once './install/updates/preconfig.php';
-			$preconfig = getPreConfig($current_version);
+			$preconfig = getPreConfig($current_version, $current_db_version);
 			if ($preconfig != '') {
 				$update_information .= '<br />' . $preconfig . $message;
 			}
--- a/customer_domains.php
+++ b/customer_domains.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','domains')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -36,7 +41,7 @@ if ($page == 'overview') {
 			'd.domain' => $lng['domains']['domainname']
 		);
 		$paging = new paging($userinfo, TABLE_PANEL_DOMAINS, $fields);
-		$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d`
+		$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isbinddomain`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `d`.`letsencrypt`, `d`.`termination_date`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `da` ON `da`.`aliasdomain`=`d`.`id`
 			WHERE `d`.`customerid`= :customerid
@@ -87,6 +92,18 @@ if ($page == 'overview') {
 				}
 			}

+			$row['termination_date'] = str_replace("0000-00-00", "", $row['termination_date']);
+			if($row['termination_date'] != "") {
+				$cdate = strtotime($row['termination_date'] . " 23:59:59");
+				$today = time();
+
+				if($cdate < $today) {
+					$row['termination_css'] = 'domain-expired';
+				} else {
+					$row['termination_css'] = 'domain-canceled';
+				}
+			}
+
 			$domains_count++;
 			$domain_array[$row['domain']] = $row;
 		}
@@ -146,7 +163,7 @@ if ($page == 'overview') {

 					// get ssl-ips if activated
 					$show_ssledit = false;
-					if (Settings::Get('system.use_ssl') == '1' && domainHasSslIpPort($row['id']) && $row['caneditdomain'] == '1') {
+					if (Settings::Get('system.use_ssl') == '1' && domainHasSslIpPort($row['id']) && $row['caneditdomain'] == '1' && $row['letsencrypt'] == 0) {
 						$show_ssledit = true;
 					}
 					$row = htmlentities_array($row);
@@ -159,7 +176,7 @@ if ($page == 'overview') {

 		eval("echo \"" . getTemplate("domains/domainlist") . "\";");
 	} elseif ($action == 'delete' && $id != 0) {
-		$stmt = Database::prepare("SELECT `id`, `customerid`, `domain`, `documentroot`, `isemaildomain`, `parentdomainid` FROM `" . TABLE_PANEL_DOMAINS . "`
+		$stmt = Database::prepare("SELECT `id`, `customerid`, `domain`, `documentroot`, `isemaildomain`, `parentdomainid`, `aliasdomain` FROM `" . TABLE_PANEL_DOMAINS . "`
 			WHERE `customerid` = :customerid
 			AND `id` = :id"
 		);
@@ -185,6 +202,8 @@ if ($page == 'overview') {
 					}
 				}

+				triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
+
 				$log->logAction(USR_ACTION, LOG_INFO, "deleted subdomain '" . $idna_convert->decode($result['domain']) . "'");
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE
 					`customerid` = :customerid
@@ -211,6 +230,20 @@ if ($page == 'overview') {
 				);
 				Database::pexecute($del_stmt, array('domainid' => $id));

+				// remove certificate from domain_ssl_settings, fixes #1596
+				$del_stmt = Database::prepare("
+					DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
+					WHERE `domainid` = :domainid"
+				);
+				Database::pexecute($del_stmt, array('domainid' => $id));
+
+				// remove possible existing DNS entries
+				$del_stmt = Database::prepare("
+					DELETE FROM `" . TABLE_DOMAIN_DNS . "`
+					WHERE `domain_id` = :domainid
+				");
+				Database::pexecute($del_stmt, array('domainid' => $id));
+
 				inserttask('1');

 				// Using nameserver, insert a task which rebuilds the server config
@@ -226,8 +259,13 @@ if ($page == 'overview') {
 	} elseif ($action == 'add') {
 		if ($userinfo['subdomains_used'] < $userinfo['subdomains'] || $userinfo['subdomains'] == '-1') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+
+				if (strpos($_POST['subdomain'], '--') !== false) {
+					standard_error('domain_nopunycode');
+				}
+
 				$subdomain = $idna_convert->encode(preg_replace(array('/\:(\d)+$/', '/^https?\:\/\//'), '', validate($_POST['subdomain'], 'subdomain', '', 'subdomainiswrong')));
-				$domain = $idna_convert->encode($_POST['domain']);
+				$domain = $_POST['domain'];
 				$domain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `domain` = :domain
 					AND `customerid` = :customerid
@@ -239,9 +277,15 @@ if ($page == 'overview') {

 				$completedomain = $subdomain . '.' . $domain;

+				if (Settings::Get('system.validate_domain') && ! validateDomain($completedomain)) {
+					standard_error(array(
+						'stringiswrong',
+						'mydomain'
+					));
+				}
+
 				if ($completedomain == Settings::Get('system.hostname')) {
 					standard_error('admin_domain_emailsystemhostname');
-					exit;
 				}

 				$completedomain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "`
@@ -272,16 +316,17 @@ if ($page == 'overview') {
 						ORDER BY `d`.`domain` ASC;"
 					);
 					$aliasdomain_check = Database::pexecute_first($aliasdomain_stmt, array("id" => $aliasdomain, "customerid" => $userinfo['customerid']));
+					triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
 				}

-				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
+				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($_POST['url'])) {
 					$path = $_POST['url'];
 					$_doredirect = true;
 				} else {
 					$path = validate($_POST['path'], 'path');
 				}

-				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) {
+				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
 					// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 					// set default path to subdomain or domain name
 					if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -303,7 +348,7 @@ if ($page == 'overview') {

 				$ssl_redirect = '0';
 				if (isset($_POST['ssl_redirect']) && $_POST['ssl_redirect'] == '1') {
-					// a ssl-redirect only works of there actually is a
+					// a ssl-redirect only works if there actually is a
 					// ssl ip/port assigned to the domain
 					if (domainHasSslIpPort($domain_check['id']) == true) {
 						$ssl_redirect = '1';
@@ -313,6 +358,27 @@ if ($page == 'overview') {
 					}
 				}

+				$letsencrypt = '0';
+				if (isset($_POST['letsencrypt']) && $_POST['letsencrypt'] == '1') {
+					// let's encrypt only works if there actually is a
+					// ssl ip/port assigned to the domain
+					if (domainHasSslIpPort($domain_check['id']) == true) {
+						$letsencrypt = '1';
+					} else {
+						standard_error('letsencryptonlypossiblewithsslipport');
+					}
+				}
+
+				// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
+				if ($ssl_redirect > 0 && $letsencrypt == 1) {
+					$ssl_redirect = 2;
+				}
+
+				// HSTS
+				$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+				$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+				$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 				if ($path == '') {
 					standard_error('patherror');
 				} elseif ($subdomain == '') {
@@ -354,7 +420,11 @@ if ($page == 'overview') {
 						`speciallogfile` = :speciallogfile,
 						`specialsettings` = :specialsettings,
 						`ssl_redirect` = :ssl_redirect,
-						`phpsettingid` = :phpsettingid"
+						`phpsettingid` = :phpsettingid,
+						`letsencrypt` = :letsencrypt,
+						`hsts` = :hsts,
+						`hsts_sub` = :hsts_sub,
+						`hsts_preload` = :hsts_preload"
 					);
 					$params = array(
 						"customerid" => $userinfo['customerid'],
@@ -370,7 +440,11 @@ if ($page == 'overview') {
 						"speciallogfile" => $domain_check['speciallogfile'],
 						"specialsettings" => $domain_check['specialsettings'],
 						"ssl_redirect" => $ssl_redirect,
-						"phpsettingid" => $phpsid_result['phpsettingid']
+						"phpsettingid" => $phpsid_result['phpsettingid'],
+						"letsencrypt" => $letsencrypt,
+						"hsts" => $hsts_maxage,
+						"hsts_sub" => $hsts_sub,
+						"hsts_preload" => $hsts_preload
 					);
 					Database::pexecute($stmt, $params);

@@ -403,7 +477,7 @@ if ($page == 'overview') {
 					redirectTo($filename, array('page' => $page, 's' => $s));
 				}
 			} else {
-				$stmt = Database::prepare("SELECT `id`, `domain`, `documentroot`, `ssl_redirect`,`isemaildomain` FROM `" . TABLE_PANEL_DOMAINS . "`
+				$stmt = Database::prepare("SELECT `id`, `domain`, `documentroot`, `ssl_redirect`,`isemaildomain`,`letsencrypt` FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `customerid` = :customerid
 					AND `parentdomainid` = '0'
 					AND `email_only` = '0'
@@ -464,8 +538,7 @@ if ($page == 'overview') {
 		}
 	} elseif ($action == 'edit' && $id != 0) {

-		$stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`wwwserveralias`, `d`.`iswildcarddomain`,
-			`d`.`parentdomainid`, `d`.`ssl_redirect`, `d`.`aliasdomain`, `d`.`openbasedir`, `d`.`openbasedir_path`, `pd`.`subcanemaildomain`
+		$stmt = Database::prepare("SELECT `d`.*, `pd`.`subcanemaildomain`
 			FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_DOMAINS . "` `pd`
 			WHERE `d`.`customerid` = :customerid
 			AND `d`.`id` = :id
@@ -483,14 +556,14 @@ if ($page == 'overview') {

 		if (isset($result['customerid']) && $result['customerid'] == $userinfo['customerid']) {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
-				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
+				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($_POST['url'])) {
 					$path = $_POST['url'];
 					$_doredirect = true;
 				} else {
 					$path = validate($_POST['path'], 'path');
 				}

-				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) {
+				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
 					// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 					// set default path to subdomain or domain name
 					if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -507,7 +580,7 @@ if ($page == 'overview') {

 				$aliasdomain = intval($_POST['alias']);

-				if (isset($_POST['selectserveralias']) && $result['parentdomainid'] == '0' ) {
+				if (isset($_POST['selectserveralias'])) {
 					$iswildcarddomain = ($_POST['selectserveralias'] == '0') ? '1' : '0';
 					$wwwserveralias = ($_POST['selectserveralias'] == '1') ? '1' : '0';
 				} else {
@@ -545,7 +618,7 @@ if ($page == 'overview') {
 				}

 				if (isset($_POST['ssl_redirect']) && $_POST['ssl_redirect'] == '1') {
-					// a ssl-redirect only works of there actually is a
+					// a ssl-redirect only works if there actually is a
 					// ssl ip/port assigned to the domain
 					if (domainHasSslIpPort($id) == true) {
 						$ssl_redirect = '1';
@@ -557,6 +630,33 @@ if ($page == 'overview') {
 					$ssl_redirect = '0';
 				}

+				if (isset($_POST['letsencrypt']) && $_POST['letsencrypt'] == '1') {
+					// let's encrypt only works if there actually is a
+					// ssl ip/port assigned to the domain
+					if (domainHasSslIpPort($id) == true) {
+						$letsencrypt = '1';
+					} else {
+						standard_error('letsencryptonlypossiblewithsslipport');
+					}
+				} else {
+					$letsencrypt = '0';
+				}
+
+				// We can't enable let's encrypt for wildcard - domains
+				if ($iswildcarddomain == '1' && $letsencrypt == '1') {
+					standard_error('nowildcardwithletsencrypt');
+				}
+
+				// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
+				if ($ssl_redirect > 0 && $letsencrypt == 1 && $result['letsencrypt'] != $letsencrypt) {
+					$ssl_redirect = 2;
+				}
+
+				// HSTS
+				$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+				$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+				$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 				if ($path == '') {
 					standard_error('patherror');
 				} else {
@@ -580,7 +680,8 @@ if ($page == 'overview') {
 						|| $iswildcarddomain != $result['iswildcarddomain']
 						|| $aliasdomain != $result['aliasdomain']
 						|| $openbasedir_path != $result['openbasedir_path']
-						|| $ssl_redirect != $result['ssl_redirect']) {
+						|| $ssl_redirect != $result['ssl_redirect']
+						|| $letsencrypt != $result['letsencrypt']) {
 						$log->logAction(USR_ACTION, LOG_INFO, "edited domain '" . $idna_convert->decode($result['domain']) . "'");

 						$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
@@ -590,7 +691,11 @@ if ($page == 'overview') {
 							`iswildcarddomain`= :iswildcarddomain,
 							`aliasdomain`= :aliasdomain,
 							`openbasedir_path`= :openbasedir_path,
-							`ssl_redirect`= :ssl_redirect
+							`ssl_redirect`= :ssl_redirect,
+							`letsencrypt`= :letsencrypt,
+							`hsts` = :hsts,
+							`hsts_sub` = :hsts_sub,
+							`hsts_preload` = :hsts_preload
 							WHERE `customerid`= :customerid
 							AND `id`= :id"
 						);
@@ -602,10 +707,25 @@ if ($page == 'overview') {
 							"aliasdomain" => ($aliasdomain != 0 && $alias_check == 0) ? $aliasdomain : null,
 							"openbasedir_path" => $openbasedir_path,
 							"ssl_redirect" => $ssl_redirect,
+							"letsencrypt" => $letsencrypt,
+							"hsts" => $hsts_maxage,
+							"hsts_sub" => $hsts_sub,
+							"hsts_preload" => $hsts_preload,
 							"customerid" => $userinfo['customerid'],
 							"id" => $id
 						);
 						Database::pexecute($stmt, $params);
+
+						if ($result['aliasdomain'] != $aliasdomain) {
+							// trigger when domain id for alias destination has changed: both for old and new destination
+							triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
+							triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
+						} else
+							if ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
+								// or when wwwserveralias or letsencrypt was changed
+								triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
+							}
+
 						inserttask('1');

 						// Using nameserver, insert a task which rebuilds the server config
@@ -631,7 +751,7 @@ if ($page == 'overview') {
 					AND `dip`.`id_ipandports`
 					IN (SELECT `id_ipandports` FROM `".TABLE_DOMAINTOIP."`
 						WHERE `id_domain` = :id)
-					GROUP BY `d`.`domain`
+					GROUP BY `d`.`id`, `d`.`domain`
 					ORDER BY `d`.`domain` ASC"
 				);
 				Database::pexecute($domains_stmt, array("id" => $result['id'], "customerid" => $userinfo['customerid']));
@@ -640,7 +760,7 @@ if ($page == 'overview') {
 					$domains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id'], $result['aliasdomain']);
 				}

-				if (preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($idna_convert->encode($result['documentroot']))) {
+				if (preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($result['documentroot'])) {
 					if (Settings::Get('panel.pathedit') == 'Dropdown') {
 						$urlvalue = $result['documentroot'];
 						$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
@@ -671,6 +791,10 @@ if ($page == 'overview') {
 					$ssl_ipsandports = 'notempty';
 				}

+				// Fudge the result for ssl_redirect to hide the Let's Encrypt steps
+				$result['temporary_ssl_redirect'] = $result['ssl_redirect'];
+				$result['ssl_redirect'] = ($result['ssl_redirect'] == 0 ? 0 : 1);
+
 				$openbasedir = makeoption($lng['domain']['docroot'], 0, $result['openbasedir_path'], true) . makeoption($lng['domain']['homedir'], 1, $result['openbasedir_path'], true);

 				// create serveralias options
@@ -829,4 +953,12 @@ if ($page == 'overview') {

 		eval("echo \"" . getTemplate("domains/domain_ssleditor") . "\";");
 	}
+} elseif ($page == 'domaindnseditor' && $userinfo['dnsenabled'] == '1' && Settings::Get('system.dnsenabled') == '1') {
+
+	require_once __DIR__.'/dns_editor.php';
+
+} elseif ($page == 'sslcertificates') {
+
+	require_once __DIR__.'/ssl_certificates.php';
+
 }
--- a/customer_email.php
+++ b/customer_email.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','email')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -200,7 +205,8 @@ if ($page == 'overview') {
 		if ($userinfo['emails_used'] < $userinfo['emails'] || $userinfo['emails'] == '-1') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$email_part = $_POST['email_part'];
-				$domain = $idna_convert->encode(validate($_POST['domain'], 'domain'));
+				// domain does not need idna encoding as the value of the select-box is already Punycode
+				$domain = validate($_POST['domain'], 'domain');
 				$stmt = Database::prepare("SELECT `id`, `domain`, `customerid` FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `domain`= :domain
 					AND `customerid`= :customerid
@@ -244,7 +250,6 @@ if ($page == 'overview') {
 					standard_error('emailexistalready', $email_full);
 				} elseif ($email_check['email'] == $email) {
 					standard_error('youhavealreadyacatchallforthisdomain');
-					exit;
 				} else {
 					$stmt = Database::prepare("INSERT INTO `" . TABLE_MAIL_VIRTUAL . "`
 						(`customerid`, `email`, `email_full`, `iscatchall`, `domainid`)
@@ -377,7 +382,6 @@ if ($page == 'overview') {

 					if ($email_check['email'] == $email) {
 						standard_error('youhavealreadyacatchallforthisdomain');
-						exit;
 					} else {
 						$stmt = Database::prepare("UPDATE `" . TABLE_MAIL_VIRTUAL . "`
 							SET `email` = :email , `iscatchall` = '1'
@@ -414,10 +418,11 @@ if ($page == 'overview') {
 				standard_error('notallowedtouseaccounts');
 			}

-			$stmt = Database::prepare("SELECT `id`, `email`, `email_full`, `iscatchall`, `destination`, `customerid`, `popaccountid`, `domainid` FROM `" . TABLE_MAIL_VIRTUAL . "`
-				WHERE `customerid`= :cid
-				AND `id`= :id"
-			);
+			$stmt = Database::prepare("
+			    SELECT `id`, `email`, `email_full`, `iscatchall`, `destination`, `customerid`, `popaccountid`, `domainid`
+			    FROM `" . TABLE_MAIL_VIRTUAL . "`
+			    WHERE `customerid`= :cid AND `id`= :id
+			");
 			$result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'], "id" => $id));

 			if (isset($result['email']) && $result['email'] != '' && $result['popaccountid'] == '0') {
@@ -461,7 +466,9 @@ if ($page == 'overview') {
 						$maildirname=trim(Settings::Get('system.vmail_maildirname'));
 						// Add trailing slash to Maildir if needed
 						$maildirpath=$maildirname;
-						if (!empty($maildirname) and substr($maildirname,-1) != "/") $maildirpath.="/";
+						if (!empty($maildirname) && substr($maildirname,-1) != "/") {
+							$maildirpath.="/";
+						}

 						$stmt = Database::prepare("INSERT INTO `" . TABLE_MAIL_USERS . "`
 							(`customerid`, `email`, `username`, " . (Settings::Get('system.mailpwcleartext') == '1' ? '`password`, ' : '') . " `password_enc`, `homedir`, `maildir`, `uid`, `gid`, `domainid`, `postfix`, `quota`, `imap`, `pop3`) ".
@@ -595,7 +602,7 @@ if ($page == 'overview') {

 							if ($_mailerror) {
 								$log->logAction(USR_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
-								standard_error(array('errorsendingmail', $alternative_email));
+								standard_error(array('errorsendingmail'), $alternative_email);
 							}

 							$mail->ClearAddresses();
@@ -604,6 +611,11 @@ if ($page == 'overview') {
 						redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
 					}
 				} else {
+
+					if (checkMailAccDeletionState($result['email_full'])) {
+					   standard_error(array('mailaccistobedeleted'), $result['email_full']);
+					}
+
 					$result['email_full'] = $idna_convert->decode($result['email_full']);
 					$result = htmlentities_array($result);
 					$quota = Settings::Get('system.mail_quota');
@@ -633,11 +645,9 @@ if ($page == 'overview') {

 				if ($password == '') {
 					standard_error(array('stringisempty', 'mypassword'));
-					exit;
 				}
 				elseif ($password == $result['email_full']) {
 					standard_error('passwordshouldnotbeusername');
-					exit;
 				}

 				$password = validatePassword($password);
--- a/customer_extras.php
+++ b/customer_extras.php
@@ -16,10 +16,14 @@
 * @package    Panel
 *
 */
-
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','extras')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -30,6 +34,12 @@ if ($page == 'overview') {
 	$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras");
 	eval("echo \"" . getTemplate("extras/extras") . "\";");
 } elseif ($page == 'htpasswds') {
+
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.directoryprotection')) {
+		redirectTo('customer_index.php');
+	}
+
 	if ($action == '') {
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htpasswds");
 		$fields = array(
@@ -38,9 +48,10 @@ if ($page == 'overview') {
 		);
 		$paging = new paging($userinfo, TABLE_PANEL_HTPASSWDS, $fields);
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
-			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
+			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid']
+		));
 		$paging->setEntries(Database::num_rows());
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
@@ -53,9 +64,9 @@ if ($page == 'overview') {
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			if ($paging->checkDisplay($i)) {
 				if (strpos($row['path'], $userinfo['documentroot']) === 0) {
-					$row['path'] = substr($row['path'], strlen($userinfo['documentroot']) - 1);
+					$row['path'] = str_replace($userinfo['documentroot'], "/", $row['path']);
 				}
-
+				$row['path'] = makeCorrectDir($row['path']);
 				$row = htmlentities_array($row);
 				eval("\$htpasswds.=\"" . getTemplate("extras/htpasswds_htpasswd") . "\";");
 				$count ++;
@@ -68,28 +79,39 @@ if ($page == 'overview') {
 	} elseif ($action == 'delete' && $id != 0) {
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
 			WHERE `customerid`= :customerid
-			AND `id`= :id"
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+			AND `id`= :id");
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid'],
+			"id" => $id
+		));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

 		if (isset($result['username']) && $result['username'] != '') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "`
 					WHERE `customerid`= :customerid
-					AND `id`= :id"
-				);
-				Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+					AND `id`= :id");
+				Database::pexecute($stmt, array(
+					"customerid" => $userinfo['customerid'],
+					"id" => $id
+				));

 				$log->logAction(USR_ACTION, LOG_INFO, "deleted htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
 				inserttask('1');
-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
 				if (strpos($result['path'], $userinfo['documentroot']) === 0) {
-					$result['path'] = substr($result['path'], strlen($userinfo['documentroot']) - 1);
+					$result['path'] = str_replace($userinfo['documentroot'], "/", $result['path']);
 				}

-				ask_yesno('extras_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username'] . ' (' . $result['path'] . ')');
+				ask_yesno('extras_reallydelete', $filename, array(
+					'id' => $id,
+					'page' => $page,
+					'action' => $action
+				), $result['username'] . ' (' . $result['path'] . ')');
 			}
 		}
 	} elseif ($action == 'add') {
@@ -104,8 +126,7 @@ if ($page == 'overview') {
 			$username_path_check_stmt = Database::prepare("SELECT `id`, `username`, `path` FROM `" . TABLE_PANEL_HTPASSWDS . "`
 				WHERE `username`= :username
 				AND `path`= :path
-				AND `customerid`= :customerid"
-			);
+				AND `customerid`= :customerid");
 			$params = array(
 				"username" => $username,
 				"path" => $path,
@@ -126,11 +147,17 @@ if ($page == 'overview') {
 			}

 			if ($username == '') {
-				standard_error(array('stringisempty', 'myloginname'));
+				standard_error(array(
+					'stringisempty',
+					'myloginname'
+				));
 			} elseif ($username_path_check['username'] == $username && $username_path_check['path'] == $path) {
 				standard_error('userpathcombinationdupe');
 			} elseif ($_POST['directory_password'] == '') {
-				standard_error(array('stringisempty', 'mypassword'));
+				standard_error(array(
+					'stringisempty',
+					'mypassword'
+				));
 			} elseif ($path == '') {
 				standard_error('patherror');
 			} elseif ($_POST['directory_password'] == $username) {
@@ -141,8 +168,7 @@ if ($page == 'overview') {
 					`username` = :username,
 					`password` = :password,
 					`path` = :path,
-					`authname` = :authname"
-				);
+					`authname` = :authname");
 				$params = array(
 					"customerid" => $userinfo['customerid'],
 					"username" => $username,
@@ -153,7 +179,10 @@ if ($page == 'overview') {
 				Database::pexecute($stmt, $params);
 				$log->logAction(USR_ACTION, LOG_INFO, "added htpasswd for '" . $username . " (" . $path . ")'");
 				inserttask('1');
-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			}
 		} else {
 			$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
@@ -169,9 +198,11 @@ if ($page == 'overview') {
 	} elseif ($action == 'edit' && $id != 0) {
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
 			WHERE `customerid`= :customerid
-			AND `id`= :id"
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+			AND `id`= :id");
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid'],
+			"id" => $id
+		));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

 		if (isset($result['username']) && $result['username'] != '') {
@@ -215,16 +246,18 @@ if ($page == 'overview') {
 					$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "`
 						SET " . $pwd_sql . $auth_sql . "
 						WHERE `customerid`= :customerid
-						AND `id`= :id"
-					);
+						AND `id`= :id");
 					Database::pexecute($stmt, $params);
 					$log->logAction(USR_ACTION, LOG_INFO, "edited htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
 					inserttask('1');
-					redirectTo($filename, array('page' => $page, 's' => $s));
+					redirectTo($filename, array(
+						'page' => $page,
+						's' => $s
+					));
 				}
 			} else {
 				if (strpos($result['path'], $userinfo['documentroot']) === 0) {
-					$result['path'] = substr($result['path'], strlen($userinfo['documentroot']));
+					$result['path'] = str_replace($userinfo['documentroot'], "/", $result['path']);
 				}

 				$result = htmlentities_array($result);
@@ -240,6 +273,12 @@ if ($page == 'overview') {
 		}
 	}
 } elseif ($page == 'htaccess') {
+
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.pathoptions')) {
+		redirectTo('customer_index.php');
+	}
+
 	if ($action == '') {
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htaccess");
 		$fields = array(
@@ -252,9 +291,10 @@ if ($page == 'overview') {
 		);
 		$paging = new paging($userinfo, TABLE_PANEL_HTACCESS, $fields);
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
-			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
+			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid']
+		));
 		$paging->setEntries(Database::num_rows());
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
@@ -269,11 +309,9 @@ if ($page == 'overview') {
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			if ($paging->checkDisplay($i)) {
 				if (strpos($row['path'], $userinfo['documentroot']) === 0) {
-					$row['path'] = substr($row['path'], strlen($userinfo['documentroot']));
-					// don't show nothing when it's the docroot, show slash
-					if ($row['path'] == '') { $row['path'] = '/'; }
+					$row['path'] = str_replace($userinfo['documentroot'], "/", $row['path']);
 				}
-
+				$row['path'] = makeCorrectDir($row['path']);
 				$row['options_indexes'] = str_replace('1', $lng['panel']['yes'], $row['options_indexes']);
 				$row['options_indexes'] = str_replace('0', $lng['panel']['no'], $row['options_indexes']);
 				$row['options_cgi'] = str_replace('1', $lng['panel']['yes'], $row['options_cgi']);
@@ -290,9 +328,11 @@ if ($page == 'overview') {
 	} elseif ($action == 'delete' && $id != 0) {
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
 			WHERE `customerid` = :customerid
-			AND `id` = :id"
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+			AND `id` = :id");
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid'],
+			"id" => $id
+		));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

 		if (isset($result['customerid']) && $result['customerid'] != '' && $result['customerid'] == $userinfo['customerid']) {
@@ -315,14 +355,23 @@ if ($page == 'overview') {
 				}
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTACCESS . "`
 					WHERE `customerid`= :customerid
-					AND `id`= :id"
-				);
-				Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+					AND `id`= :id");
+				Database::pexecute($stmt, array(
+					"customerid" => $userinfo['customerid'],
+					"id" => $id
+				));
 				$log->logAction(USR_ACTION, LOG_INFO, "deleted htaccess for '" . str_replace($userinfo['documentroot'], '/', $result['path']) . "'");
 				inserttask('1');
-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
-				ask_yesno('extras_reallydelete_pathoptions', $filename, array('id' => $id, 'page' => $page, 'action' => $action), str_replace($userinfo['documentroot'], '/', $result['path']));
+				ask_yesno('extras_reallydelete_pathoptions', $filename, array(
+					'id' => $id,
+					'page' => $page,
+					'action' => $action
+				), str_replace($userinfo['documentroot'], '/', $result['path']));
 			}
 		}
 	} elseif ($action == 'add') {
@@ -332,9 +381,11 @@ if ($page == 'overview') {
 			$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
 			$path_dupe_check_stmt = Database::prepare("SELECT `id`, `path` FROM `" . TABLE_PANEL_HTACCESS . "`
 				WHERE `path`= :path
-				AND `customerid`= :customerid"
-			);
-			Database::pexecute($path_dupe_check_stmt, array("path" => $path, "customerid" => $userinfo['customerid']));
+				AND `customerid`= :customerid");
+			Database::pexecute($path_dupe_check_stmt, array(
+				"path" => $path,
+				"customerid" => $userinfo['customerid']
+			));
 			$path_dupe_check = $path_dupe_check_stmt->fetch(PDO::FETCH_ASSOC);

 			if (! $_POST['path']) {
@@ -374,8 +425,7 @@ if ($page == 'overview') {
 					`error404path` = :error404path,
 					`error403path` = :error403path,
 					`error500path` = :error500path,
-					`options_cgi` = :options_cgi'
-				);
+					`options_cgi` = :options_cgi');
 				$params = array(
 					"customerid" => $userinfo['customerid'],
 					"path" => $path,
@@ -389,7 +439,10 @@ if ($page == 'overview') {

 				$log->logAction(USR_ACTION, LOG_INFO, "added htaccess for '" . $path . "'");
 				inserttask('1');
-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			}
 		} else {
 			$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
@@ -406,9 +459,11 @@ if ($page == 'overview') {
 	} elseif (($action == 'edit') && ($id != 0)) {
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
 			WHERE `customerid` = :customerid
-			AND `id` = :id"
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+			AND `id` = :id");
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid'],
+			"id" => $id
+		));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

 		if ((isset($result['customerid'])) && ($result['customerid'] != '') && ($result['customerid'] == $userinfo['customerid'])) {
@@ -428,12 +483,7 @@ if ($page == 'overview') {
 				$error403path = correctErrorDocument($_POST['error403path']);
 				$error500path = correctErrorDocument($_POST['error500path']);

-				if (($option_indexes != $result['options_indexes'])
-					|| ($error404path != $result['error404path'])
-					|| ($error403path != $result['error403path'])
-					|| ($error500path != $result['error500path'])
-					|| ($options_cgi != $result['options_cgi'])
-				) {
+				if (($option_indexes != $result['options_indexes']) || ($error404path != $result['error404path']) || ($error403path != $result['error403path']) || ($error500path != $result['error500path']) || ($options_cgi != $result['options_cgi'])) {
 					inserttask('1');
 					$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTACCESS . "`
 						SET `options_indexes` = :options_indexes,
@@ -442,8 +492,7 @@ if ($page == 'overview') {
 						`error500path` = :error500path,
 						`options_cgi` = :options_cgi
 						WHERE `customerid` = :customerid
-						AND `id` = :id"
-					);
+						AND `id` = :id");
 					$params = array(
 						"customerid" => $userinfo['customerid'],
 						"options_indexes" => $_POST['options_indexes'] == '1' ? '1' : '0',
@@ -457,12 +506,13 @@ if ($page == 'overview') {
 					$log->logAction(USR_ACTION, LOG_INFO, "edited htaccess for '" . str_replace($userinfo['documentroot'], '/', $result['path']) . "'");
 				}

-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
 				if (strpos($result['path'], $userinfo['documentroot']) === 0) {
-					$result['path'] = substr($result['path'], strlen($userinfo['documentroot']));
-					// don't show nothing when it's the docroot, show slash
-					if ($result['path'] == '') { $result['path'] = '/'; }
+					$result['path'] = str_replace($userinfo['documentroot'], "/", $result['path']);
 				}

 				$result['error404path'] = $result['error404path'];
@@ -470,8 +520,8 @@ if ($page == 'overview') {
 				$result['error500path'] = $result['error500path'];
 				$cperlenabled = customerHasPerlEnabled($userinfo['customerid']);
 				/*
-				$options_indexes = makeyesno('options_indexes', '1', '0', $result['options_indexes']);
-				$options_cgi = makeyesno('options_cgi', '1', '0', $result['options_cgi']);
+				 * $options_indexes = makeyesno('options_indexes', '1', '0', $result['options_indexes']);
+				 * $options_cgi = makeyesno('options_cgi', '1', '0', $result['options_cgi']);
 				 */
 				$result = htmlentities_array($result);

@@ -485,4 +535,106 @@ if ($page == 'overview') {
 			}
 		}
 	}
+} elseif ($page == 'backup') {
+
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.backup')) {
+		redirectTo('customer_index.php');
+	}
+
+	if (Settings::Get('system.backupenabled') == 1)
+	{
+		if ($action == 'abort' && isset($_POST['send']) && $_POST['send'] == 'send') {
+			$log->logAction(USR_ACTION, LOG_NOTICE, "customer_extras::backup - aborted scheduled backupjob");
+			$entry = isset($_POST['backup_job_entry']) ? (int)$_POST['backup_job_entry'] : 0;
+			if ($entry > 0) {
+				$del_stmt = Database::prepare("DELETE FROM `".TABLE_PANEL_TASKS."` WHERE `id` = :tid");
+				Database::pexecute($del_stmt, array('tid' => $entry));
+				standard_success('backupaborted');
+			}
+			redirectTo($filename, array('page' => $page, 'action' => '', 's' => $s));
+		}
+		if ($action == '') {
+			$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::backup");
+
+			// check whether there is a backup-job for this customer
+			$sel_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_TASKS."` WHERE `type` = '20'");
+			Database::pexecute($sel_stmt);
+			$existing_backupJob = null;
+			while ($entry = $sel_stmt->fetch())
+			{
+				$data = unserialize($entry['data']);
+				if ($data['customerid'] == $userinfo['customerid']) {
+					$existing_backupJob = $entry;
+					break;
+				}
+			}
+
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+
+				if (! $_POST['path']) {
+					standard_error('invalidpath');
+				}
+
+				$path = makeCorrectDir(validate($_POST['path'], 'path'));
+				$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
+
+				$backup_dbs = isset($_POST['backup_dbs']) ? intval($_POST['backup_dbs']) : 0;
+				$backup_mail = isset($_POST['backup_mail']) ? intval($_POST['backup_mail']) : 0;
+				$backup_web = isset($_POST['backup_web']) ? intval($_POST['backup_web']) : 0;
+
+				if ($backup_dbs != '1') {
+					$backup_dbs = '0';
+				}
+
+				if ($backup_mail != '1') {
+					$backup_mail = '0';
+				}
+
+				if ($backup_web != '1') {
+					$backup_web = '0';
+				}
+
+				$task_data = array(
+					'customerid' => $userinfo['customerid'],
+					'uid' => $userinfo['guid'],
+					'gid' => $userinfo['guid'],
+					'loginname' => $userinfo['loginname'],
+					'destdir' => $path,
+					'backup_dbs' => $backup_dbs,
+					'backup_mail' => $backup_mail,
+					'backup_web' => $backup_web
+				);
+				// schedule backup job
+				inserttask('20', $task_data);
+
+				standard_success('backupscheduled');
+			} else {
+
+				if (!empty($existing_backupJob)) {
+					$action = "abort";
+					$row = unserialize($entry['data']);
+					$row['path'] = makeCorrectDir(str_replace($userinfo['documentroot'], "/", $row['destdir']));
+					$row['backup_web'] = ($row['backup_web'] == '1') ? $lng['panel']['yes'] : $lng['panel']['no'];
+					$row['backup_mail'] = ($row['backup_mail'] == '1') ? $lng['panel']['yes'] : $lng['panel']['no'];
+					$row['backup_dbs'] = ($row['backup_dbs'] == '1') ? $lng['panel']['yes'] : $lng['panel']['no'];
+				}
+				$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
+				$backup_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.backup.php';
+				$backup_form = htmlform::genHTMLForm($backup_data);
+				$title = $backup_data['backup']['title'];
+				$image = $backup_data['backup']['image'];
+
+				if (!empty($existing_backupJob)) {
+					// overwrite backup_form after we took everything from it we needed
+					eval("\$backup_form = \"" . getTemplate("extras/backup_listexisting") . "\";");
+				}
+				eval("echo \"" . getTemplate("extras/backup") . "\";");
+			}
+		}
+	}
+	else
+	{
+		standard_error('backupfunctionnotenabled');
+	}
 }
--- a/customer_ftp.php
+++ b/customer_ftp.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','ftp')) {
+	redirectTo('customer_index.php');
+}
+
 $id = 0;
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
@@ -40,7 +45,7 @@ if ($page == 'overview') {
 		);
 		$paging = new paging($userinfo, TABLE_FTP_USERS, $fields);

-		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir` FROM `" . TABLE_FTP_USERS . "`
+		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `shell` FROM `" . TABLE_FTP_USERS . "`
 			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
 		);
 		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
@@ -153,6 +158,10 @@ if ($page == 'overview') {
 				$path = validate($_POST['path'], 'path');
 				$password = validate($_POST['ftp_password'], 'password');
 				$password = validatePassword($password);
+				$shell = "/bin/false";
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shell = isset($_POST['shell']) ? validate($_POST['shell'], 'shell') : '/bin/false';
+				}

 				$sendinfomail = isset($_POST['sendinfomail']) ? 1 : 0;
 				if ($sendinfomail != 1) {
@@ -200,8 +209,8 @@ if ($page == 'overview') {
 					$cryptPassword = makeCryptPassword($password);

 					$stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_USERS . "`
-						(`customerid`, `username`, `description`, `password`, `homedir`, `login_enabled`, `uid`, `gid`)
-						VALUES (:customerid, :username, :description, :password, :homedir, 'y', :guid, :guid)"
+						(`customerid`, `username`, `description`, `password`, `homedir`, `login_enabled`, `uid`, `gid`, `shell`)
+						VALUES (:customerid, :username, :description, :password, :homedir, 'y', :guid, :guid, :shell)"
 					);
 					$params = array(
 						"customerid" => $userinfo['customerid'],
@@ -209,7 +218,8 @@ if ($page == 'overview') {
 						"description" => $description,
 						"password" => $cryptPassword,
 						"homedir" => $path,
-						"guid" => $userinfo['guid']
+						"guid" => $userinfo['guid'],
+						"shell" => $shell
 					);
 					Database::pexecute($stmt, $params);

@@ -329,6 +339,18 @@ if ($page == 'overview') {
 					}
 				}

+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shells = makeoption("/bin/false", "/bin/false", "/bin/false");
+					$shells_avail = Settings::Get('system.available_shells');
+					if (!empty($shells_avail)) {
+						$shells_avail = explode(",", $shells_avail);
+						$shells_avail = array_map("trim", $shells_avail);
+						foreach ($shells_avail as $_shell) {
+							$shells .= makeoption($_shell, $_shell, "/bin/false");
+						}
+					}
+				}
+
 				//$sendinfomail = makeyesno('sendinfomail', '1', '0', '0');

 				$ftp_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/ftp/formfield.ftp_add.php';
@@ -341,7 +363,7 @@ if ($page == 'overview') {
 			}
 		}
 	} elseif ($action == 'edit' && $id != 0) {
-		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `uid`, `gid` FROM `" . TABLE_FTP_USERS . "`
+		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `uid`, `gid`, `shell` FROM `" . TABLE_FTP_USERS . "`
 			WHERE `customerid` = :customerid
 			AND `id` = :id"
 		);
@@ -353,6 +375,11 @@ if ($page == 'overview') {
 				// @FIXME use a good path-validating regex here (refs #1231)
 				$path = validate($_POST['path'], 'path');

+				$shell = "/bin/false";
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shell = isset($_POST['shell']) ? validate($_POST['shell'], 'shell') : '/bin/false';
+				}
+
 				$_setnewpass = false;
 				if (isset($_POST['ftp_password']) && $_POST['ftp_password'] != '') {
 					$password = validate($_POST['ftp_password'], 'password');
@@ -363,10 +390,8 @@ if ($page == 'overview') {
 				if ($_setnewpass) {
 					if ($password == '') {
 						standard_error(array('stringisempty', 'mypassword'));
-						exit;
 					} elseif ($result['username'] == $password) {
 						standard_error('passwordshouldnotbeusername');
-						exit;
 					}
 					$log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account password for '" . $result['username'] . "'");
 					$cryptPassword = makeCryptPassword($password);
@@ -408,11 +433,11 @@ if ($page == 'overview') {
 				$log->logAction(USR_ACTION, LOG_INFO, "edited ftp-account '" . $result['username'] . "'");
 				$description = validate($_POST['ftp_description'], 'description');
 				$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
-					SET `description` = :desc
+					SET `description` = :desc, `shell` = :shell
 					WHERE `customerid` = :customerid
 					AND `id` = :id"
 				);
-				Database::pexecute($stmt, array("desc" => $description, "customerid" => $userinfo['customerid'], "id" => $id));
+				Database::pexecute($stmt, array("desc" => $description, "shell" => $shell, "customerid" => $userinfo['customerid'], "id" => $id));

 				redirectTo($filename, array('page' => $page, 's' => $s));
 			} else {
@@ -438,6 +463,18 @@ if ($page == 'overview') {
 					}
 				}

+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shells = makeoption("/bin/false", "/bin/false", $result['shell']);
+					$shells_avail = Settings::Get('system.available_shells');
+					if (!empty($shells_avail)) {
+						$shells_avail = explode(",", $shells_avail);
+						$shells_avail = array_map("trim", $shells_avail);
+						foreach ($shells_avail as $_shell) {
+							$shells .= makeoption($_shell, $_shell, $result['shell']);
+						}
+					}
+				}
+
 				$ftp_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/ftp/formfield.ftp_edit.php';
 				$ftp_edit_form = htmlform::genHTMLForm($ftp_edit_data);

--- a/customer_index.php
+++ b/customer_index.php
@@ -40,7 +40,6 @@ if ($action == 'logout') {
 	Database::pexecute($stmt, $params);

 	redirectTo('index.php');
-	exit;
 }

 if ($page == 'overview') {
@@ -79,8 +78,15 @@ if ($page == 'overview') {
 	$yesterday = time() - (60 * 60 * 24);
 	$month = date('M Y', $yesterday);

+	// get disk-space usages for web, mysql and mail
+	$usages_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_DISKSPACE."` WHERE `customerid` = :cid ORDER BY `stamp` DESC LIMIT 1");
+	$usages = Database::pexecute_first($usages_stmt, array('cid' => $userinfo['customerid']));
+
 	$userinfo['diskspace'] = round($userinfo['diskspace'] / 1024, Settings::Get('panel.decimal_places'));
-	$userinfo['diskspace_used'] = round($userinfo['diskspace_used'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['diskspace_used'] = round($usages['webspace'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['mailspace_used'] = round($usages['mail'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['dbspace_used'] = round($usages['mysql'] / 1024, Settings::Get('panel.decimal_places'));
+
 	$userinfo['traffic'] = round($userinfo['traffic'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 	$userinfo['traffic_used'] = round($userinfo['traffic_used'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 	$userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'diskspace traffic mysqls emails email_accounts email_forwarders email_quota ftps tickets subdomains');
@@ -101,7 +107,6 @@ if ($page == 'overview') {
 		$old_password = validate($_POST['old_password'], 'old password');
 		if (!validatePasswordLogin($userinfo,$old_password,TABLE_PANEL_CUSTOMERS,'customerid')) {
 			standard_error('oldpasswordnotcorrect');
-			exit;
 		}

 		$new_password = validatePassword($_POST['new_password'], 'new password');
@@ -269,7 +274,8 @@ if ($page == 'overview') {
 			$mail_body .= "File: ".$_error['file'].':'.$_error['line']."\n\n";
 			$mail_body .= "Trace:\n".trim($_error['trace'])."\n\n";
 			$mail_body .= "-------------------------------------------------------------\n\n";
-			$mail_body .= "Froxlor-version: ".$version."\n\n";
+			$mail_body .= "Froxlor-version: ".$version."\n";
+			$mail_body .= "DB-version: ".$dbversion."\n\n";
 			$mail_body .= "End of report";
 			$mail_html = str_replace("\n", "<br />", $mail_body);

--- a/customer_logger.php
+++ b/customer_logger.php
@@ -0,0 +1,122 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2003-2009 the SysCP Team (see authors).
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Florian Lippert <flo@syscp.org> (2003-2009)
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Panel
+ *
+ */
+
+define('AREA', 'customer');
+require './lib/init.php';
+
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','extras.logger')) {
+	redirectTo('customer_index.php');
+}
+
+if ($page == 'log'
+) {
+	if ($action == '') {
+		$fields = array(
+			'date' => $lng['logger']['date'],
+			'type' => $lng['logger']['type'],
+			'user' => $lng['logger']['user'],
+			'text' => $lng['logger']['action']
+		);
+		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, null, null, 0, 'desc');
+		$result_stmt = Database::prepare('
+			SELECT * FROM `' . TABLE_PANEL_LOG . '` WHERE `user` = :loginname ' . $paging->getSqlWhere(true) . ' ' . $paging->getSqlOrderBy() . ' ' . $paging->getSqlLimit()
+		);
+		Database::pexecute($result_stmt, array("loginname" => $userinfo['loginname']));
+		$logs_count = Database::num_rows();
+		$paging->setEntries($logs_count);
+		$sortcode = $paging->getHtmlSortCode($lng);
+		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
+		$searchcode = $paging->getHtmlSearchCode($lng);
+		$pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s);
+		$clog = array();
+
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+
+			if (!isset($clog[$row['action']])
+				|| !is_array($clog[$row['action']])
+			) {
+				$clog[$row['action']] = array();
+			}
+			$clog[$row['action']][$row['logid']] = $row;
+		}
+
+		if ($paging->sortfield == 'date'
+			&& $paging->sortorder == 'desc'
+		) {
+			krsort($clog);
+		} else {
+			ksort($clog);
+		}
+
+		$i = 0;
+		$count = 0;
+		$log_count = 0;
+		$log = '';
+		foreach ($clog as $action => $logrows) {
+			$_action = 0;
+			foreach ($logrows as $row) {
+				if ($paging->checkDisplay($i)) {
+					$row = htmlentities_array($row);
+					$row['date'] = date("d.m.y H:i:s", $row['date']);
+
+					if ($_action != $action) {
+						switch ($action) {
+							case USR_ACTION:
+								$_action = $lng['admin']['customer'];
+								break;
+							case RES_ACTION:
+								$_action = $lng['logger']['reseller'];
+								break;
+							case ADM_ACTION:
+								$_action = $lng['logger']['admin'];
+								break;
+							case CRON_ACTION:
+								$_action = $lng['logger']['cron'];
+								break;
+							case LOGIN_ACTION:
+								$_action = $lng['logger']['login'];
+								break;
+							case LOG_ERROR:
+								$_action = $lng['logger']['intern'];
+								break;
+							default:
+								$_action = $lng['logger']['unknown'];
+								break;
+						}
+
+						$row['action'] = $_action;
+						eval("\$log.=\"" . getTemplate('logger/logger_action') . "\";");
+					}
+
+					$log_count++;
+					$row['type'] = getLogLevelDesc($row['type']);
+					eval("\$log.=\"" . getTemplate('logger/logger_log') . "\";");
+					$count++;
+					$_action = $action;
+				}
+				$i++;
+			}
+			$i++;
+		}
+
+		eval("echo \"" . getTemplate('logger/logger') . "\";");
+
+	}
+}
--- a/customer_mysql.php
+++ b/customer_mysql.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','mysql')) {
+	redirectTo('customer_index.php');
+}
+
 // get sql-root access data
 Database::needRoot(true);
 Database::needSqlData();
--- a/customer_tickets.php
+++ b/customer_tickets.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','domains')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {

 	$id = intval($_POST['id']);
--- a/customer_traffic.php
+++ b/customer_traffic.php
@@ -20,6 +20,12 @@
 define('AREA', 'customer');
 $intrafficpage = 1;
 require './lib/init.php';
+
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','traffic')) {
+	redirectTo('customer_index.php');
+}
+
 $traffic = '';
 $month = null;
 $year = null;
@@ -109,8 +115,7 @@ if (!is_null($month) && !is_null($year)) {
 	$result_stmt = Database::prepare("SELECT `month`, `year`, SUM(`http`) AS http, SUM(`ftp_up`) AS ftp_up, SUM(`ftp_down`) AS ftp_down, SUM(`mail`) AS mail
 		FROM `" . TABLE_PANEL_TRAFFIC . "`
 		WHERE `customerid` = :customerid
-		GROUP BY CONCAT(`year`,`month`)
-		ORDER BY CONCAT(`year`,`month`) DESC
+		GROUP BY `year` DESC, `month` DESC
 		LIMIT 12"
 	);
 	Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
--- a/dns_editor.php
+++ b/dns_editor.php
@@ -0,0 +1,306 @@
+<?php
+if (! defined('AREA'))
+	die('You cannot access this file directly!');
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Froxlor team <team@froxlor.org> (2016-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Panel
+ *
+ */
+
+// This file is being included in admin_domains and customer_domains
+	// and therefore does not need to require lib/init.php
+
+$domain_id = isset($_GET['domain_id']) ? (int) $_GET['domain_id'] : null;
+
+$record = isset($_POST['record']['record']) ? trim($_POST['record']['record']) : null;
+$type = isset($_POST['record']['type']) ? $_POST['record']['type'] : 'A';
+$prio = isset($_POST['record']['prio']) ? (int) $_POST['record']['prio'] : null;
+$content = isset($_POST['record']['content']) ? trim($_POST['record']['content']) : null;
+$ttl = isset($_POST['record']['ttl']) ? (int) $_POST['record']['ttl'] : 18000;
+
+// get domain-name
+$domain = getAllowedDomainEntry($domain_id, AREA, $userinfo, $idna_convert);
+
+// select all entries
+$sel_stmt = Database::prepare("SELECT * FROM `" . TABLE_DOMAIN_DNS . "` WHERE domain_id = :did");
+Database::pexecute($sel_stmt, array(
+	'did' => $domain_id
+));
+$dom_entries = $sel_stmt->fetchAll(PDO::FETCH_ASSOC);
+
+$errors = array();
+$success_message = "";
+
+// action for adding a new entry
+if ($action == 'add_record' && ! empty($_POST)) {
+
+	// validation
+	if (empty($record)) {
+		$record = "@";
+	}
+
+	$record = strtolower($record);
+
+	if ($record != '@' && $record != '*') {
+		// validate record
+		if (strpos($record, '--') !== false) {
+			$errors[] = $lng['error']['domain_nopunycode'];
+		} else {
+			$record = $idna_convert->encode($record);
+			if ($type != 'SRV' && $type != 'TXT') {
+				$check_dom = $record . '.example.com';
+				if (! validateDomain($check_dom)) {
+					$errors[] = sprintf($lng['error']['subdomainiswrong'], $idna_convert->decode($record));
+				}
+			}
+			if (strlen($record) > 63) {
+				$errors[] = $lng['error']['dns_record_toolong'];
+			}
+		}
+	}
+
+	// TODO regex validate content for invalid characters
+
+	if ($ttl <= 0) {
+		$ttl = 18000;
+	}
+
+	if (empty($content)) {
+		$errors[] = $lng['error']['dns_content_empty'];
+	}
+
+	// types
+	if ($type == 'A' && filter_var($content, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === false) {
+		$errors[] = $lng['error']['dns_arec_noipv4'];
+	} elseif ($type == 'AAAA' && filter_var($content, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === false) {
+		$errors[] = $lng['error']['dns_aaaarec_noipv6'];
+	} elseif ($type == 'MX') {
+		if ($prio === null || $prio < 0) {
+			$errors[] = $lng['error']['dns_mx_prioempty'];
+		}
+		// check for trailing dot
+		if (substr($content, - 1) == '.') {
+			// remove it for checks
+			$content = substr($content, 0, - 1);
+		}
+		if (! validateDomain($content)) {
+			$errors[] = $lng['error']['dns_mx_needdom'];
+		} else {
+			// check whether there is a CNAME-record for the same resource
+			foreach ($dom_entries as $existing_entries) {
+				$fqdn = $existing_entries['record'] . '.' . $domain;
+				if ($existing_entries['type'] == 'CNAME' && $fqdn == $content) {
+					$errors[] = $lng['error']['dns_mx_noalias'];
+					break;
+				}
+			}
+		}
+		// append trailing dot (again)
+		$content .= '.';
+	} elseif ($type == 'CNAME') {
+		// check for trailing dot
+		if (substr($content, - 1) == '.') {
+			// remove it for checks
+			$content = substr($content, 0, - 1);
+		}
+		if (! validateDomain($content)) {
+			$errors[] = $lng['error']['dns_cname_invaliddom'];
+		} else {
+			// check whether there are RR-records for the same resource
+			foreach ($dom_entries as $existing_entries) {
+				if (($existing_entries['type'] == 'A' || $existing_entries['type'] == 'AAAA' || $existing_entries['type'] == 'MX' || $existing_entries['type'] == 'NS') && $existing_entries['record'] == $record) {
+					$errors[] = $lng['error']['dns_cname_nomorerr'];
+					break;
+				}
+			}
+		}
+		// append trailing dot (again)
+		$content .= '.';
+	} elseif ($type == 'NS') {
+		// check for trailing dot
+		if (substr($content, - 1) == '.') {
+			// remove it for checks
+			$content = substr($content, 0, - 1);
+		}
+		if (! validateDomain($content)) {
+			$errors[] = $lng['error']['dns_ns_invaliddom'];
+		}
+		// append trailing dot (again)
+		$content .= '.';
+	} elseif ($type == 'TXT' && ! empty($content)) {
+		// check that TXT content is enclosed in " "
+		$content = encloseTXTContent($content);
+	} elseif ($type == 'SRV') {
+		if ($prio === null || $prio < 0) {
+			$errors[] = $lng['error']['dns_srv_prioempty'];
+		}
+		// check only last part of content, as it can look like:
+		// _service._proto.name. TTL class SRV priority weight port target.
+		$_split_content = explode(" ", $content);
+		// SRV content must be [weight] [port] [target]
+		if (count($_split_content) != 3) {
+			$errors[] = $lng['error']['dns_srv_invalidcontent'];
+		}
+		$target = trim($_split_content[count($_split_content) - 1]);
+		if ($target != '.') {
+			// check for trailing dot
+			if (substr($target, - 1) == '.') {
+				// remove it for checks
+				$target = substr($target, 0, - 1);
+			}
+		}
+		if ($target != '.' && ! validateDomain($target)) {
+			$errors[] = $lng['error']['dns_srv_needdom'];
+		} else {
+			// check whether there is a CNAME-record for the same resource
+			foreach ($dom_entries as $existing_entries) {
+				$fqdn = $existing_entries['record'] . '.' . $domain;
+				if ($existing_entries['type'] == 'CNAME' && $fqdn == $target) {
+					$errors[] = $lng['error']['dns_srv_noalias'];
+					break;
+				}
+			}
+		}
+		// append trailing dot (again)
+		if ($target != '.') {
+			$content .= '.';
+		}
+	}
+
+	$new_entry = array(
+		'record' => $record,
+		'type' => $type,
+		'prio' => $prio,
+		'content' => $content,
+		'ttl' => $ttl,
+		'domain_id' => $domain_id
+	);
+	ksort($new_entry);
+
+	// check for duplicate
+	foreach ($dom_entries as $existing_entry) {
+		// compare serialized string of array
+		$check_entry = $existing_entry;
+		// new entry has no ID yet
+		unset($check_entry['id']);
+		// sort by key
+		ksort($check_entry);
+		// format integer fields to real integer (as they are read as string from the DB)
+		$check_entry['prio'] = (int) $check_entry['prio'];
+		$check_entry['ttl'] = (int) $check_entry['ttl'];
+		$check_entry['domain_id'] = (int) $check_entry['domain_id'];
+		// serialize both
+		$check_entry = serialize($check_entry);
+		$new = serialize($new_entry);
+		// compare
+		if ($check_entry === $new) {
+			$errors[] = $lng['error']['dns_duplicate_entry'];
+			unset($check_entry);
+			break;
+		}
+	}
+
+	if (empty($errors)) {
+		$ins_stmt = Database::prepare("
+			INSERT INTO `" . TABLE_DOMAIN_DNS . "` SET
+			`record` = :record,
+			`type` = :type,
+			`prio` = :prio,
+			`content` = :content,
+			`ttl` = :ttl,
+			`domain_id` = :domain_id
+		");
+
+		Database::pexecute($ins_stmt, $new_entry);
+
+		$new_entry_id = Database::lastInsertId();
+
+		// add temporary to the entries-array (no reread of DB necessary)
+		$new_entry['id'] = $new_entry_id;
+		$dom_entries[] = $new_entry;
+
+		// success message (inline)
+		$success_message = $lng['success']['dns_record_added'];
+
+		$record = "";
+		$type = 'A';
+		$prio = "";
+		$content = "";
+		$ttl = "";
+
+		// re-generate bind configs
+		inserttask('4');
+	} else {
+		// show $errors
+		$errors = implode("<br>", $errors);
+	}
+} elseif ($action == 'delete') {
+	// remove entry
+	$entry_id = isset($_GET['id']) ? (int) $_GET['id'] : 0;
+	if ($entry_id > 0) {
+		$del_stmt = Database::prepare("DELETE FROM `" . TABLE_DOMAIN_DNS . "` WHERE `id` = :id");
+		Database::pexecute($del_stmt, array(
+			'id' => $entry_id
+		));
+
+		// remove deleted entry from internal data array (no reread of DB necessary)
+		$_t = $dom_entries;
+		foreach ($_t as $idx => $entry) {
+			if ($entry['id'] == $entry_id) {
+				unset($dom_entries[$idx]);
+				break;
+			}
+		}
+		unset($_t);
+		// success message (inline)
+		$success_message = $lng['success']['dns_record_deleted'];
+
+		// re-generate bind configs
+		inserttask('4');
+	}
+}
+
+// show editor
+$record_list = "";
+$existing_entries = "";
+$type_select = "";
+$entriescount = 0;
+
+if (! empty($dom_entries)) {
+	$entriescount = count($dom_entries);
+	foreach ($dom_entries as $entry) {
+		$entry['content'] = wordwrap($entry['content'], 100, '<br>', true);
+		eval("\$existing_entries.=\"" . getTemplate("dns_editor/entry_bit", true) . "\";");
+	}
+}
+
+// available types
+$type_select_values = array(
+	'A',
+	'AAAA',
+	'NS',
+	'MX',
+	'SRV',
+	'TXT',
+	'CNAME'
+);
+asort($type_select_values);
+foreach ($type_select_values as $_type) {
+	$type_select .= makeoption($_type, $_type, $type);
+}
+
+eval("\$record_list=\"" . getTemplate("dns_editor/list", true) . "\";");
+
+$zone = createDomainZone($domain_id);
+$zonefile = (string) $zone;
+eval("echo \"" . getTemplate("dns_editor/index", true) . "\";");
--- a/index.php
+++ b/index.php
@@ -69,13 +69,13 @@ if ($action == 'login') {
 			}
 		}

-		if (hasUpdates($version) && $is_admin == false) {
+		if ((hasUpdates($version) || hasDbUpdates($dbversion)) && $is_admin == false) {
 			redirectTo('index.php');
 			exit;
 		}

 		if ($is_admin) {
-			if (hasUpdates($version)) {
+			if (hasUpdates($version) || hasDbUpdates($dbversion)) {
 				$stmt = Database::prepare("SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "`
 					WHERE `loginname`= :loginname
 					AND `change_serversettings` = '1'"
@@ -222,11 +222,15 @@ if ($action == 'login') {
 			$qryparams['s'] = $s;

 			if ($userinfo['adminsession'] == '1') {
-				if (hasUpdates($version)) {
+				if (hasUpdates($version) || hasDbUpdates($dbversion)) {
 					redirectTo('admin_updates.php', array('s' => $s));
 				} else {
 					if (isset($_POST['script']) && $_POST['script'] != "") {
+						if (preg_match("/customer\_/", $_POST['script']) === 1) {
+							redirectTo('admin_customers.php', array("page" => "customers"));
+						} else {
 							redirectTo($_POST['script'], $qryparams);
+						}
 					} else {
 						redirectTo('admin_index.php', $qryparams);
 					}
@@ -283,7 +287,7 @@ if ($action == 'login') {
 		}

 		$update_in_progress = '';
-		if (hasUpdates($version)) {
+		if (hasUpdates($version) || hasDbUpdates($dbversion)) {
 			$update_in_progress = $lng['update']['updateinprogress_onlyadmincanlogin'];
 		}
 		
@@ -298,7 +302,7 @@ if ($action == 'login') {
 		}
 		$lastqrystr = "";
 		if (isset($_REQUEST['qrystr']) && $_REQUEST['qrystr'] != "") {
-			$lastqrystr = strip_tags($_REQUEST['qrystr']);
+			$lastqrystr = htmlspecialchars($_REQUEST['qrystr'], ENT_QUOTES);
 		}

 		eval("echo \"" . getTemplate('login') . "\";");
@@ -345,8 +349,8 @@ if ($action == 'forgotpwd') {
 				if ($user !== false) {
 					// build a activation code
 					$timestamp = time();
-					$first = substr(md5($user['loginname'] . $timestamp . rand(0, $timestamp)), 0, 15);
-					$third = substr(md5($user['email'] . $timestamp . rand(0, $timestamp)), -15);
+					$first = substr(md5($user['loginname'] . $timestamp . randomStr(16)), 0, 15);
+					$third = substr(md5($user['email'] . $timestamp . randomStr(16)), -15);
 					$activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10);

 					// Drop all existing activation codes for this user
--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -23,7 +23,7 @@ CREATE TABLE `ftp_users` (
  `shell` varchar(255) NOT NULL default '/bin/false',
  `login_enabled` enum('N','Y') NOT NULL default 'N',
  `login_count` int(15) NOT NULL default '0',
-  `last_login` datetime NOT NULL default '0000-00-00 00:00:00',
+  `last_login` datetime default NULL,
  `up_count` int(15) NOT NULL default '0',
  `up_bytes` bigint(30) NOT NULL default '0',
  `down_count` int(15) NOT NULL default '0',
@@ -66,7 +66,7 @@ CREATE TABLE `mail_virtual` (
  `id` int(11) NOT NULL auto_increment,
  `email` varchar(255) NOT NULL default '',
  `email_full` varchar(255) NOT NULL default '',
-  `destination` text NOT NULL,
+  `destination` text NOT NULL default '',
  `domainid` int(11) NOT NULL default '0',
  `customerid` int(11) NOT NULL default '0',
  `popaccountid` int(11) NOT NULL default '0',
@@ -191,9 +191,12 @@ CREATE TABLE `panel_customers` (
  `pop3` tinyint(1) NOT NULL default '1',
  `imap` tinyint(1) NOT NULL default '1',
  `perlenabled` tinyint(1) NOT NULL default '0',
+  `dnsenabled` tinyint(1) NOT NULL default '0',
  `theme` varchar(255) NOT NULL default 'Sparkle',
  `custom_notes` text,
  `custom_notes_show` tinyint(1) NOT NULL default '0',
+  `lepublickey` mediumtext DEFAULT NULL,
+  `leprivatekey` mediumtext DEFAULT NULL,
   PRIMARY KEY  (`customerid`),
   UNIQUE KEY `loginname` (`loginname`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
@@ -242,11 +245,16 @@ CREATE TABLE `panel_domains` (
  `deactivated` tinyint(1) NOT NULL default '0',
  `bindserial` varchar(10) NOT NULL default '2000010100',
  `add_date` int( 11 ) NOT NULL default '0',
-  `registration_date` date NOT NULL,
+  `registration_date` date DEFAULT NULL,
+  `termination_date` date DEFAULT NULL,
  `phpsettingid` INT( 11 ) UNSIGNED NOT NULL DEFAULT '1',
  `mod_fcgid_starter` int(4) default '-1',
  `mod_fcgid_maxrequests` int(4) default '-1',
  `ismainbutsubto` int(11) unsigned NOT NULL default '0',
+  `letsencrypt` tinyint(1) NOT NULL default '0',
+  `hsts` varchar(10) NOT NULL default '0',
+  `hsts_sub` tinyint(1) NOT NULL default '0',
+  `hsts_preload` tinyint(1) NOT NULL default '0',
  PRIMARY KEY  (`id`),
  KEY `customerid` (`customerid`),
  KEY `parentdomain` (`parentdomainid`),
@@ -365,11 +373,11 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('dkim', 'dkim_domains', 'domains'),
 	('dkim', 'dkim_dkimkeys', 'dkim-keys.conf'),
 	('dkim', 'dkimrestart_command', '/etc/init.d/dkim-filter restart'),
-	('admin', 'show_news_feed', '1'),
+	('admin', 'show_news_feed', '0'),
 	('admin', 'show_version_login', '0'),
 	('admin', 'show_version_footer', '0'),
 	('spf', 'use_spf', '0'),
-	('spf', 'spf_entry', '@	IN	TXT	"v=spf1 a mx -all"'),
+	('spf', 'spf_entry', '"v=spf1 a mx -all"'),
 	('dkim', 'dkim_algorithm', 'all'),
 	('dkim', 'dkim_add_adsp', '1'),
 	('dkim', 'dkim_keylength', '1024'),
@@ -504,11 +512,39 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'mailtraffic_enabled', '1'),
 	('system', 'cronconfig', '/etc/cron.d/froxlor'),
 	('system', 'crondreload', '/etc/init.d/cron reload'),
-	('system', 'croncmdline', '/usr/bin/nice -n 5 /usr/bin/php5 -q'),
+	('system', 'croncmdline', '/usr/bin/nice -n 5 /usr/bin/php -q'),
 	('system', 'cron_allowautoupdate', '0'),
 	('system', 'dns_createhostnameentry', '0'),
 	('system', 'send_cron_errors', '0'),
 	('system', 'apacheitksupport', '0'),
+	('system', 'leprivatekey', 'unset'),
+	('system', 'lepublickey', 'unset'),
+	('system', 'letsencryptca', 'production'),
+	('system', 'letsencryptcountrycode', 'DE'),
+	('system', 'letsencryptstate', 'Hessen'),
+	('system', 'letsencryptchallengepath', '/var/www/froxlor'),
+	('system', 'letsencryptkeysize', '4096'),
+	('system', 'letsencryptreuseold', 0),
+	('system', 'leenabled', '0'),
+	('system', 'backupenabled', '0'),
+	('system', 'dnsenabled', '0'),
+	('system', 'dns_server', 'bind'),
+	('system', 'apacheglobaldiropt', ''),
+	('system', 'allow_customer_shell', '0'),
+	('system', 'available_shells', ''),
+	('system', 'le_froxlor_enabled', '0'),
+	('system', 'le_froxlor_redirect', '0'),
+	('system', 'letsencryptacmeconf', '/etc/apache2/conf-enabled/acme.conf'),
+	('system', 'mail_use_smtp', '0'),
+	('system', 'mail_smtp_host', 'localhost'),
+	('system', 'mail_smtp_port', '25'),
+	('system', 'mail_smtp_usetls', '1'),
+	('system', 'mail_smtp_auth', '1'),
+	('system', 'mail_smtp_user', ''),
+	('system', 'mail_smtp_passwd', ''),
+	('system', 'hsts_maxage', '0'),
+	('system', 'hsts_sub', '0'),
+	('system', 'hsts_preload', '0'),
 	('panel', 'decimal_places', '4'),
 	('panel', 'adminmail', 'admin@SERVERNAME'),
 	('panel', 'phpmyadmin_url', ''),
@@ -539,14 +575,15 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'password_numeric', '0'),
 	('panel', 'password_special_char_required', '0'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
-	('panel', 'version', '0.9.34.1');
+	('panel', 'version', '0.9.38-rc1'),
+	('panel', 'db_version', '201610070');


 DROP TABLE IF EXISTS `panel_tasks`;
 CREATE TABLE `panel_tasks` (
  `id` int(11) unsigned NOT NULL auto_increment,
  `type` int(11) NOT NULL default '0',
-  `data` text NOT NULL,
+  `data` text,
  PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;

@@ -724,8 +761,8 @@ CREATE TABLE `panel_phpconfigs` (


 INSERT INTO `panel_phpconfigs` (`id`, `description`, `binary`, `file_extensions`, `mod_fcgid_starter`, `mod_fcgid_maxrequests`, `phpsettings`) VALUES
-(1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\n'),
-(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\nnoutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\n');
+(1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = "{DOCUMENT_ROOT}"\r\n'),
+(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\nnoutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = ""\r\n');


 DROP TABLE IF EXISTS `cronjobs_run`;
@@ -747,7 +784,9 @@ INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`,
 	(3, 'froxlor/ticket', 'used_tickets_reset', '1 DAY', '1', 'cron_ticketsreset'),
 	(4, 'froxlor/ticket', 'ticketarchive', '1 MONTH', '1', 'cron_ticketarchive'),
 	(5, 'froxlor/reports', 'usage_report', '1 DAY', '1', 'cron_usage_report'),
-	(6, 'froxlor/core', 'mailboxsize', '6 HOUR', '1', 'cron_mailboxsize');
+	(6, 'froxlor/core', 'mailboxsize', '6 HOUR', '1', 'cron_mailboxsize'),
+	(7, 'froxlor/letsencrypt', 'letsencrypt', '5 MINUTE', '0', 'cron_letsencrypt'),
+	(8, 'froxlor/backup', 'backup', '1 DAY', '1', 'cron_backup');



@@ -822,6 +861,8 @@ CREATE TABLE IF NOT EXISTS `domain_ssl_settings` (
  `ssl_key_file` mediumtext NOT NULL,
  `ssl_ca_file` mediumtext,
  `ssl_cert_chainfile` mediumtext,
+  `ssl_csr_file` mediumtext,
+  `expirationdate` datetime DEFAULT NULL,
  PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;

@@ -833,3 +874,16 @@ CREATE TABLE IF NOT EXISTS `panel_domaintoip` (
  PRIMARY KEY (`id_domain`,`id_ipandports`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;

+
+DROP TABLE IF EXISTS `domain_dns_entries`;
+CREATE TABLE `domain_dns_entries` (
+  `id` int(20) NOT NULL auto_increment,
+  `domain_id` int(15) NOT NULL,
+  `record` varchar(255) NOT NULL,
+  `type` varchar(10) NOT NULL DEFAULT 'A',
+  `content` text NOT NULL,
+  `ttl` int(11) NOT NULL DEFAULT '18000',
+  `prio` int(11) DEFAULT NULL,
+  PRIMARY KEY  (`id`)
+) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
+
--- a/install/lib/class.FroxlorInstall.php
+++ b/install/lib/class.FroxlorInstall.php
@@ -30,10 +30,12 @@
 * @package Install
 *
 */
-class FroxlorInstall {
+class FroxlorInstall
+{

 	/**
-	 * define froxlor basepath e.g. /var/www/froxlor
+	 * define froxlor basepath e.g.
+	 * /var/www/froxlor
 	 *
 	 * @var string
 	 */
@@ -71,6 +73,7 @@ class FroxlorInstall {

 	/**
 	 * currently used language
+	 *
 	 * @var unknown
 	 */
 	private $_activelng = 'english';
@@ -78,7 +81,8 @@ class FroxlorInstall {
 	/**
 	 * Class constructor
 	 */
-	public function __construct() {
+	public function __construct()
+	{
 		$this->_basepath = dirname(dirname(dirname(__FILE__)));
 		$this->_data = array();
 	}
@@ -86,7 +90,8 @@ class FroxlorInstall {
 	/**
 	 * FC
 	 */
-	public function run() {
+	public function run()
+	{
 		// send headers
 		$this->_sendHeaders();
 		// check if we have a valid installation already
@@ -104,15 +109,13 @@ class FroxlorInstall {
 	/**
 	 * build up and show the install-process-pages
 	 */
-	private function _showPage() {
+	private function _showPage()
+	{
 		// set theme for templates
 		$theme = $this->_theme;
 		eval("echo \"" . $this->_getTemplate("header") . "\";");
 		// check install-state
-		if ((isset($_POST['installstep'])
-				&& $_POST['installstep'] == '1')
-				|| (isset($_GET['check']) && $_GET['check'] == '1')
-		) {
+		if ((isset($_POST['installstep']) && $_POST['installstep'] == '1') || (isset($_GET['check']) && $_GET['check'] == '1')) {
 			$pagetitle = $this->_lng['install']['title'];
 			if ($this->_checkPostData()) {
 				// ceck data and create userdata etc.etc.etc.
@@ -146,7 +149,8 @@ class FroxlorInstall {
 	 *
 	 * @return boolean
 	 */
-	private function _checkPostData() {
+	private function _checkPostData()
+	{
 		$this->_guessServerName();
 		$this->_guessServerIP();
 		$this->_guessWebserver();
@@ -160,14 +164,13 @@ class FroxlorInstall {
 		$this->_getPostField('admin_user', 'admin');
 		$this->_getPostField('admin_pass1');
 		$this->_getPostField('admin_pass2');
+		$this->_getPostField('activate_newsfeed', 1);
 		$posixusername = posix_getpwuid(posix_getuid());
 		$this->_getPostField('httpuser', $posixusername['name']);
 		$posixgroup = posix_getgrgid(posix_getgid());
 		$this->_getPostField('httpgroup', $posixgroup['name']);

-		if ($this->_data['mysql_host'] == 'localhost'
-				|| $this->_data['mysql_host'] == '127.0.0.1'
-		) {
+		if ($this->_data['mysql_host'] == 'localhost' || $this->_data['mysql_host'] == '127.0.0.1') {
 			$this->_data['mysql_access_host'] = $this->_data['mysql_host'];
 		} else {
 			$this->_data['mysql_access_host'] = $this->_data['serverip'];
@@ -178,19 +181,7 @@ class FroxlorInstall {
 			$this->_data['servername'] = '';
 		}

-		if (isset($_POST['installstep'])
-				&& $_POST['installstep'] == '1'
-				&& $this->_data['admin_pass1'] == $this->_data['admin_pass2']
-				&& $this->_data['admin_pass1'] != ''
-				&& $this->_data['admin_pass2'] != ''
-				&& $this->_data['mysql_unpriv_pass'] != ''
-				&& $this->_data['mysql_root_pass'] != ''
-				&& $this->_data['servername'] != ''
-				&& $this->_data['serverip'] != ''
-				&& $this->_data['httpuser'] != ''
-				&& $this->_data['httpgroup'] != ''
-				&& $this->_data['mysql_unpriv_user'] != $this->_data['mysql_root_user']
-		) {
+		if (isset($_POST['installstep']) && $_POST['installstep'] == '1' && $this->_data['admin_pass1'] == $this->_data['admin_pass2'] && $this->_data['admin_pass1'] != '' && $this->_data['admin_pass2'] != '' && $this->_data['mysql_unpriv_pass'] != '' && $this->_data['mysql_root_pass'] != '' && $this->_data['servername'] != '' && $this->_data['serverip'] != '' && $this->_data['httpuser'] != '' && $this->_data['httpgroup'] != '' && $this->_data['mysql_unpriv_user'] != $this->_data['mysql_root_user']) {
 			return true;
 		}
 		return false;
@@ -201,31 +192,31 @@ class FroxlorInstall {
 	 *
 	 * @return array
 	 */
-	private function _doInstall() {
-
+	private function _doInstall()
+	{
 		$content = "<table class=\"noborder\">";

 		// check for mysql-root-connection
 		$content .= $this->_status_message('begin', $this->_lng['install']['testing_mysql']);

-		$options = array('PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8');
+		$options = array(
+			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8'
+		);
 		$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";";
 		$fatal_fail = false;
 		try {
-			$db_root = new PDO(
-					$dsn, $this->_data['mysql_root_user'], $this->_data['mysql_root_pass'], $options
-			);
+			$db_root = new PDO($dsn, $this->_data['mysql_root_user'], $this->_data['mysql_root_pass'], $options);
 		} catch (PDOException $e) {
 			// possibly without passwd?
 			try {
-				$db_root = new PDO(
-						$dsn, $this->_data['mysql_root_user'], '', $options
-				);
+				$db_root = new PDO($dsn, $this->_data['mysql_root_user'], '', $options);
 				// set the given password
 				$passwd_stmt = $db_root->prepare("
 						SET PASSWORD = PASSWORD(:passwd)
 						");
-				$passwd_stmt->execute(array('passwd' => $this->_data['mysql_root_pass']));
+				$passwd_stmt->execute(array(
+					'passwd' => $this->_data['mysql_root_pass']
+				));
 			} catch (PDOException $e) {
 				// nope
 				$content .= $this->_status_message('red', $e->getMessage());
@@ -244,18 +235,19 @@ class FroxlorInstall {
 			// importing data to new database
 			$content .= $this->_importDatabaseData();
 			// create DB object for new database
-			$options = array('PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8');
+			$options = array(
+				'PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8'
+			);
 			$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";dbname=" . $this->_data['mysql_database'] . ";";
 			$another_fail = false;
 			try {
-				$db = new PDO(
-						$dsn, $this->_data['mysql_unpriv_user'], $this->_data['mysql_unpriv_pass'], $options
-				);
+				$db = new PDO($dsn, $this->_data['mysql_unpriv_user'], $this->_data['mysql_unpriv_pass'], $options);
 			} catch (PDOException $e) {
 				// dafuq? this should have happened in _importDatabaseData()
 				$content .= $this->_status_message('red', $e->getMessage());
 				$another_fail = true;
-			};
+			}
+			;

 			if (! $another_fail) {
 				// change settings accordingly
@@ -289,14 +281,17 @@ class FroxlorInstall {

 		eval("\$navigation .= \"" . $this->_getTemplate("pagebottom") . "\";");

-		return array('pagecontent' => $content, 'pagenavigation' => $navigation);
+		return array(
+			'pagecontent' => $content,
+			'pagenavigation' => $navigation
+		);
 	}

 	/**
 	 * Create userdata.inc.php file
 	 */
-	private function _createUserdataConf() {
-
+	private function _createUserdataConf()
+	{
 		$content = "";

 		$content .= $this->_status_message('begin', $this->_lng['install']['creating_configfile']);
@@ -310,6 +305,8 @@ class FroxlorInstall {
 		$userdata .= "\$sql_root[0]['host']='" . addcslashes($this->_data['mysql_host'], "'\\") . "';\n";
 		$userdata .= "\$sql_root[0]['user']='" . addcslashes($this->_data['mysql_root_user'], "'\\") . "';\n";
 		$userdata .= "\$sql_root[0]['password']='" . addcslashes($this->_data['mysql_root_pass'], "'\\") . "';\n";
+		$userdata .= "// enable debugging to browser in case of SQL errors\n";
+		$userdata .= "\$sql['debug'] = false;\n";
 		$userdata .= "?>";

 		// test if we can store the userdata.inc.php in ../lib
@@ -318,8 +315,7 @@ class FroxlorInstall {
 			@fclose($fp);
 			$content .= $this->_status_message('green', 'OK');
 			chmod('../lib/userdata.inc.php', 0440);
-		}
-		elseif ($fp = @fopen('/tmp/userdata.inc.php', 'w')) {
+		} elseif ($fp = @fopen('/tmp/userdata.inc.php', 'w')) {
 			$result = @fputs($fp, $userdata, strlen($userdata));
 			@fclose($fp);
 			$content .= $this->_status_message('orange', $this->_lng['install']['creating_configfile_temp']);
@@ -340,8 +336,8 @@ class FroxlorInstall {
 	 *
 	 * @return string status messages
 	 */
-	private function _doDataEntries(&$db) {
-
+	private function _doDataEntries(&$db)
+	{
 		$content = "";

 		$content .= $this->_status_message('begin', $this->_lng['install']['creating_entries']);
@@ -355,7 +351,9 @@ class FroxlorInstall {
 				`vhostcontainer` = '1',
 				`vhostcontainer_servername_statement` = '1'
 				");
-		$stmt->execute(array('serverip' => $this->_data['serverip']));
+		$stmt->execute(array(
+			'serverip' => $this->_data['serverip']
+		));
 		$defaultip = $db->lastInsertId();

 		// insert the defaultip
@@ -364,7 +362,9 @@ class FroxlorInstall {
 				`value` = :defaultip
 				WHERE `settinggroup` = 'system' AND `varname` = 'defaultip'
 				");
-		$upd_stmt->execute(array('defaultip' => $defaultip));
+		$upd_stmt->execute(array(
+			'defaultip' => $defaultip
+		));

 		$content .= $this->_status_message('green', 'OK');

@@ -418,7 +418,8 @@ class FroxlorInstall {
 	 * @param string $varname
 	 * @param string $value
 	 */
-	private function _updateSetting(&$stmt = null, $value = null, $group = null, $varname = null) {
+	private function _updateSetting(&$stmt = null, $value = null, $group = null, $varname = null)
+	{
 		$stmt->execute(array(
 			'group' => $group,
 			'varname' => $varname,
@@ -433,8 +434,8 @@ class FroxlorInstall {
 	 *
 	 * @return string status messages
 	 */
-	private function _doSettings(&$db) {
-
+	private function _doSettings(&$db)
+	{
 		$content = "";

 		$content .= $this->_status_message('begin', $this->_lng['install']['changing_data']);
@@ -470,9 +471,12 @@ class FroxlorInstall {
 			$this->_updateSetting($upd_stmt, '/etc/nginx/froxlor-htpasswd/', 'system', 'apacheconf_htpasswddir');
 			$this->_updateSetting($upd_stmt, '/etc/init.d/nginx reload', 'system', 'apachereload_command');
 			$this->_updateSetting($upd_stmt, '/etc/nginx/nginx.pem', 'system', 'ssl_cert_file');
-			$this->_updateSetting($upd_stmt, '/var/run/nginx/', 'phpfpm', 'fastcgi_ipcdir');
+			$this->_updateSetting($upd_stmt, '/var/run/', 'phpfpm', 'fastcgi_ipcdir');
 		}

+		$this->_updateSetting($upd_stmt, $this->_data['activate_newsfeed'], 'admin', 'show_news_feed');
+		$this->_updateSetting($upd_stmt, dirname(dirname(dirname(__FILE__))), 'system', 'letsencryptchallengepath');
+
 		// insert the lastcronrun to be the installation date
 		$this->_updateSetting($upd_stmt, time(), 'system', 'lastcronrun');

@@ -498,21 +502,22 @@ class FroxlorInstall {
 	 *
 	 * @return string status messages
 	 */
-	private function _importDatabaseData() {
-
+	private function _importDatabaseData()
+	{
 		$content = "";
 		$content .= $this->_status_message('begin', $this->_lng['install']['testing_new_db']);
-		$options = array('PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8');
+		$options = array(
+			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8'
+		);
 		$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";dbname=" . $this->_data['mysql_database'] . ";";
 		$fatal_fail = false;
 		try {
-			$db = new PDO(
-					$dsn, $this->_data['mysql_unpriv_user'], $this->_data['mysql_unpriv_pass'], $options
-			);
+			$db = new PDO($dsn, $this->_data['mysql_unpriv_user'], $this->_data['mysql_unpriv_pass'], $options);
 		} catch (PDOException $e) {
 			$content .= $this->_status_message('red', $e->getMessage());
 			$fatal_fail = true;
-		};
+		}
+		;

 		if (! $fatal_fail) {

@@ -543,8 +548,8 @@ class FroxlorInstall {
 	 *
 	 * @return string status messages
 	 */
-	private function _createDatabaseAndUser(&$db_root) {
-
+	private function _createDatabaseAndUser(&$db_root)
+	{
 		$content = "";

 		// so first we have to delete the database and
@@ -552,16 +557,28 @@ class FroxlorInstall {
 		$content .= $this->_status_message('begin', $this->_lng['install']['prepare_db']);

 		$del_stmt = $db_root->prepare("DELETE FROM `mysql`.`user` WHERE `User` = :user AND `Host` = :accesshost");
-		$del_stmt->execute(array('user' => $this->_data['mysql_unpriv_user'], 'accesshost' => $this->_data['mysql_access_host']));
+		$del_stmt->execute(array(
+			'user' => $this->_data['mysql_unpriv_user'],
+			'accesshost' => $this->_data['mysql_access_host']
+		));

 		$del_stmt = $db_root->prepare("DELETE FROM `mysql`.`db` WHERE `User` = :user AND `Host` = :accesshost");
-		$del_stmt->execute(array('user' => $this->_data['mysql_unpriv_user'], 'accesshost' => $this->_data['mysql_access_host']));
+		$del_stmt->execute(array(
+			'user' => $this->_data['mysql_unpriv_user'],
+			'accesshost' => $this->_data['mysql_access_host']
+		));

 		$del_stmt = $db_root->prepare("DELETE FROM `mysql`.`tables_priv` WHERE `User` = :user AND `Host` =:accesshost");
-		$del_stmt->execute(array('user' => $this->_data['mysql_unpriv_user'], 'accesshost' => $this->_data['mysql_access_host']));
+		$del_stmt->execute(array(
+			'user' => $this->_data['mysql_unpriv_user'],
+			'accesshost' => $this->_data['mysql_access_host']
+		));

 		$del_stmt = $db_root->prepare("DELETE FROM `mysql`.`columns_priv` WHERE `User` = :user AND `Host` = :accesshost");
-		$del_stmt->execute(array('user' => $this->_data['mysql_unpriv_user'], 'accesshost' => $this->_data['mysql_access_host']));
+		$del_stmt->execute(array(
+			'user' => $this->_data['mysql_unpriv_user'],
+			'accesshost' => $this->_data['mysql_access_host']
+		));

 		$del_stmt = $db_root->prepare("DROP DATABASE IF EXISTS `" . str_replace('`', '', $this->_data['mysql_database']) . "`;");
 		$del_stmt->execute();
@@ -576,15 +593,11 @@ class FroxlorInstall {

 		$mysql_access_host_array = array_map('trim', explode(',', $this->_data['mysql_access_host']));

-		if (in_array('127.0.0.1', $mysql_access_host_array)
-				&& !in_array('localhost', $mysql_access_host_array)
-		) {
+		if (in_array('127.0.0.1', $mysql_access_host_array) && ! in_array('localhost', $mysql_access_host_array)) {
 			$mysql_access_host_array[] = 'localhost';
 		}

-		if (!in_array('127.0.0.1', $mysql_access_host_array)
-				&& in_array('localhost', $mysql_access_host_array)
-		) {
+		if (! in_array('127.0.0.1', $mysql_access_host_array) && in_array('localhost', $mysql_access_host_array)) {
 			$mysql_access_host_array[] = '127.0.0.1';
 		}

@@ -594,11 +607,17 @@ class FroxlorInstall {
 			$stmt = $db_root->prepare("
 					GRANT ALL PRIVILEGES ON `" . $_db . "`.*
 					TO :username@:host
-					IDENTIFIED BY 'password'"
-			);
-			$stmt->execute(array("username" => $this->_data['mysql_unpriv_user'], "host" => $mysql_access_host));
+					IDENTIFIED BY 'password'");
+			$stmt->execute(array(
+				"username" => $this->_data['mysql_unpriv_user'],
+				"host" => $mysql_access_host
+			));
 			$stmt = $db_root->prepare("SET PASSWORD FOR :username@:host = PASSWORD(:password)");
-			$stmt->execute(array("username" => $this->_data['mysql_unpriv_user'], "host" => $mysql_access_host, "password" => $this->_data['mysql_unpriv_pass']));
+			$stmt->execute(array(
+				"username" => $this->_data['mysql_unpriv_user'],
+				"host" => $mysql_access_host,
+				"password" => $this->_data['mysql_unpriv_pass']
+			));
 		}

 		$db_root->query("FLUSH PRIVILEGES;");
@@ -615,15 +634,17 @@ class FroxlorInstall {
 	 *
 	 * @return string status messages
 	 */
-	private function _backupExistingDatabase(&$db_root) {
-
+	private function _backupExistingDatabase(&$db_root)
+	{
 		$content = "";

 		// check for existing of former database
 		$tables_exist = false;
 		$sql = "SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = :database";
 		$result_stmt = $db_root->prepare($sql);
-		$result_stmt->execute(array('database' => $this->_data['mysql_database']));
+		$result_stmt->execute(array(
+			'database' => $this->_data['mysql_database']
+		));
 		$rows = $db_root->query("SELECT FOUND_ROWS()")->fetchColumn();

 		// check result
@@ -667,8 +688,8 @@ class FroxlorInstall {
 	/**
 	 * show form to collect all needed data for the install
 	 */
-	private function _showDataForm() {
-
+	private function _showDataForm()
+	{
 		$content = "";
 		// form action
 		$formaction = htmlspecialchars($_SERVER['PHP_SELF']);
@@ -697,25 +718,29 @@ class FroxlorInstall {
 		// unpriv-user has to be different from root
 		if ($this->_data['mysql_unpriv_user'] == $this->_data['mysql_root_user']) {
 			$style = 'blue';
-		} else { $style = '';
+		} else {
+			$style = '';
 		}
 		$formdata .= $this->_getSectionItemString('mysql_unpriv_user', true, $style);
 		// is we posted and no password was given -> red
 		if (! empty($_POST['installstep']) && $this->_data['mysql_unpriv_pass'] == '') {
 			$style = 'red';
-		} else { $style = '';
+		} else {
+			$style = '';
 		}
 		$formdata .= $this->_getSectionItemString('mysql_unpriv_pass', true, $style, 'password');
 		// unpriv-user has to be different from root
 		if ($this->_data['mysql_unpriv_user'] == $this->_data['mysql_root_user']) {
 			$style = 'blue';
-		} else { $style = '';
+		} else {
+			$style = '';
 		}
 		$formdata .= $this->_getSectionItemString('mysql_root_user', true, $style);
 		// is we posted and no password was given -> red
 		if (! empty($_POST['installstep']) && $this->_data['mysql_root_pass'] == '') {
 			$style = 'red';
-		} else { $style = '';
+		} else {
+			$style = '';
 		}
 		$formdata .= $this->_getSectionItemString('mysql_root_pass', true, $style, 'password');

@@ -727,23 +752,21 @@ class FroxlorInstall {
 		// user
 		$formdata .= $this->_getSectionItemString('admin_user', true);
 		// check for admin passwords to be equal
-		if (!empty($_POST['installstep']) &&
-				($this->_data['admin_pass1'] == ''
-						|| $this->_data['admin_pass1'] != $this->_data['admin_pass2'])
-		) {
+		if (! empty($_POST['installstep']) && ($this->_data['admin_pass1'] == '' || $this->_data['admin_pass1'] != $this->_data['admin_pass2'])) {
 			$style = 'color:red;';
-		} else { $style = '';
+		} else {
+			$style = '';
 		}
 		$formdata .= $this->_getSectionItemString('admin_pass1', true, $style, 'password');
 		// check for admin passwords to be equal
-		if (!empty($_POST['installstep']) &&
-				($this->_data['admin_pass2'] == ''
-						|| $this->_data['admin_pass1'] != $this->_data['admin_pass2'])
-		) {
+		if (! empty($_POST['installstep']) && ($this->_data['admin_pass2'] == '' || $this->_data['admin_pass1'] != $this->_data['admin_pass2'])) {
 			$style = 'color:red;';
-		} else { $style = '';
+		} else {
+			$style = '';
 		}
 		$formdata .= $this->_getSectionItemString('admin_pass2', true, $style, 'password');
+		// activate newsfeed?
+		$formdata .= $this->_getSectionItemYesNo('activate_newsfeed', true);

 		/**
 		 * Server data
@@ -753,19 +776,22 @@ class FroxlorInstall {
 		// servername
 		if (! empty($_POST['installstep']) && $this->_data['servername'] == '') {
 			$style = 'color:red;';
-		} else { $style = '';
+		} else {
+			$style = '';
 		}
 		$formdata .= $this->_getSectionItemString('servername', true, $style);
 		// serverip
 		if (! empty($_POST['installstep']) && $this->_data['serverip'] == '') {
 			$style = 'color:red;';
-		} else { $style = '';
+		} else {
+			$style = '';
 		}
 		$formdata .= $this->_getSectionItemString('serverip', true, $style);
 		// webserver
 		if (! empty($_POST['installstep']) && $this->_data['webserver'] == '') {
 			$websrvstyle = 'color:red;';
-		} else { $websrvstyle = '';
+		} else {
+			$websrvstyle = '';
 		}
 		// apache
 		$formdata .= $this->_getSectionItemCheckbox('apache2', ($this->_data['webserver'] == 'apache2'), $websrvstyle);
@@ -777,13 +803,15 @@ class FroxlorInstall {
 		// webserver-user
 		if (! empty($_POST['installstep']) && $this->_data['httpuser'] == '') {
 			$style = 'color:red;';
-		} else { $style = '';
+		} else {
+			$style = '';
 		}
 		$formdata .= $this->_getSectionItemString('httpuser', true, $style);
 		// webserver-group
 		if (! empty($_POST['installstep']) && $this->_data['httpgroup'] == '') {
 			$style = 'color:red;';
-		} else { $style = '';
+		} else {
+			$style = '';
 		}
 		$formdata .= $this->_getSectionItemString('httpgroup', true, $style);

@@ -792,7 +820,10 @@ class FroxlorInstall {
 		eval("\$content .= \"" . $this->_getTemplate("dataform2") . "\";");

 		$navigation = '';
-		return array('pagecontent' => $content, 'pagenavigation' => $navigation);
+		return array(
+			'pagecontent' => $content,
+			'pagenavigation' => $navigation
+		);
 	}

 	/**
@@ -800,12 +831,15 @@ class FroxlorInstall {
 	 *
 	 * @param string $fieldname
 	 * @param boolean $required
-	 * @param string $style optional css
-	 * @param string $type optional type of input-box (default: text)
+	 * @param string $style
+	 *        	optional css
+	 * @param string $type
+	 *        	optional type of input-box (default: text)
 	 *
 	 * @return string
 	 */
-	private function _getSectionItemString($fieldname = null, $required = false, $style = "", $type = 'text') {
+	private function _getSectionItemString($fieldname = null, $required = false, $style = "", $type = 'text')
+	{
 		$fieldlabel = $this->_lng['install'][$fieldname];
 		$fieldvalue = htmlspecialchars($this->_data[$fieldname]);
 		if ($required) {
@@ -817,15 +851,16 @@ class FroxlorInstall {
 	}

 	/**
-	 * generate form checkbox field
+	 * generate form radio field for webserver-selection
 	 *
 	 * @param string $fieldname
-	 * @param boolean $required
+	 * @param boolean $checked
 	 * @param string $style
 	 *
 	 * @return string
 	 */
-	private function _getSectionItemCheckbox($fieldname = null, $checked = false, $style = "") {
+	private function _getSectionItemCheckbox($fieldname = null, $checked = false, $style = "")
+	{
 		$fieldlabel = $this->_lng['install'][$fieldname];
 		if ($checked) {
 			$checked = 'checked="checked"';
@@ -835,10 +870,31 @@ class FroxlorInstall {
 		return $sectionitem;
 	}

+	/**
+	 * generate form checkbox field
+	 *
+	 * @param string $fieldname
+	 * @param boolean $checked
+	 * @param string $style
+	 *
+	 * @return string
+	 */
+	private function _getSectionItemYesNo($fieldname = null, $checked = false, $style = "")
+	{
+		$fieldlabel = $this->_lng['install'][$fieldname];
+		if ($checked) {
+			$checked = 'checked="checked"';
+		}
+		$sectionitem = "";
+		eval("\$sectionitem .= \"" . $this->_getTemplate("dataitemyesno") . "\";");
+		return $sectionitem;
+	}
+
 	/**
 	 * check for requirements froxlor needs
 	 */
-	private function _requirementCheck() {
+	private function _requirementCheck()
+	{

 		// indicator whether we need to abort or not
 		$_die = false;
@@ -851,9 +907,13 @@ class FroxlorInstall {
 		if (version_compare("5.3.0", PHP_VERSION, ">=")) {
 			$content .= $this->_status_message('red', $this->_lng['requirements']['notfound'] . ' (' . PHP_VERSION . ')');
 			$_die = true;
+		} else {
+			if (version_compare("5.6.0", PHP_VERSION, ">=")) {
+				$content .= $this->_status_message('orange', $this->_lng['requirements']['newerphpprefered'] . ' (' .PHP_VERSION . ')');
 			} else {
 				$content .= $this->_status_message('green', PHP_VERSION);
 			}
+		}

 		// Check if magic_quotes_runtime is active | get_magic_quotes_runtime() is always FALSE since 5.4
 		if (version_compare(PHP_VERSION, "5.4.0", "<")) {
@@ -917,6 +977,16 @@ class FroxlorInstall {
 			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
 		}

+		// check for curl extension
+		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpcurl']);
+
+		if (! extension_loaded('curl')) {
+			$content .= $this->_status_message('red', $this->_lng['requirements']['notinstalled']);
+			$_die = true;
+		} else {
+			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
+		}
+
 		// check for bcmath extension
 		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpbcmath']);

@@ -926,11 +996,11 @@ class FroxlorInstall {
 			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
 		}

-		// check for curl extension
-		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpcurl']);
+		// check for zip extension
+		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpzip']);

-		if (!extension_loaded('curl')) {
-			$content .= $this->_status_message('orange', $this->_lng['requirements']['notinstalled'] . "<br />" . $this->_lng['requirements']['curldescription']);
+		if (! extension_loaded('zip')) {
+			$content .= $this->_status_message('orange', $this->_lng['requirements']['notinstalled'] . "<br />" . $this->_lng['requirements']['zipdescription']);
 		} else {
 			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
 		}
@@ -960,13 +1030,17 @@ class FroxlorInstall {
 		}
 		eval("\$navigation .= \"" . $this->_getTemplate("pagebottom") . "\";");

-		return array('pagecontent' => $content, 'pagenavigation' => $navigation);
+		return array(
+			'pagecontent' => $content,
+			'pagenavigation' => $navigation
+		);
 	}

 	/**
 	 * send no-caching headers and set the default timezone
 	 */
-	private function _sendHeaders() {
+	private function _sendHeaders()
+	{
 		// no caching
 		header("Cache-Control: no-store, no-cache, must-revalidate");
 		header("Pragma: no-cache");
@@ -974,9 +1048,7 @@ class FroxlorInstall {
 		header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time()));

 		// ensure that default timezone is set
-		if (function_exists("date_default_timezone_set")
-				&& function_exists("date_default_timezone_get")
-		) {
+		if (function_exists("date_default_timezone_set") && function_exists("date_default_timezone_get")) {
 			@date_default_timezone_set(@date_default_timezone_get());
 		}
 	}
@@ -985,16 +1057,15 @@ class FroxlorInstall {
 	 * check for the userdata - if it exists then froxlor is
 	 * already installed and we show a nice note
 	 */
-	private function _checkUserDataFile() {
+	private function _checkUserDataFile()
+	{
 		$userdata = $this->_basepath . '/lib/userdata.inc.php';
 		if (file_exists($userdata)) {
 			// includes the usersettings (MySQL-Username/Passwort)
 			// to test if Froxlor is already installed
 			require $this->_basepath . '/lib/userdata.inc.php';

-			if (isset($sql)
-					&& is_array($sql)
-			) {
+			if (isset($sql) && is_array($sql)) {
 				// use sparkle theme for the notice
 				$installed_hint = file_get_contents($this->_basepath . '/templates/Sparkle/misc/alreadyinstalledhint.tpl');
 				$installed_hint = str_replace("<CURRENT_YEAR>", date('Y', time()), $installed_hint);
@@ -1006,18 +1077,15 @@ class FroxlorInstall {
 	/**
 	 * include the chose language or else default (english)
 	 */
-	private function _includeLanguageFile() {
+	private function _includeLanguageFile()
+	{
 		// set default
 		$standardlanguage = 'english';

 		// check either _GET or _POST
-		if (isset($_GET['language'])
-				&& isset($this->_languages[$_GET['language']])
-		) {
+		if (isset($_GET['language']) && isset($this->_languages[$_GET['language']])) {
 			$this->_activelng = $_GET['language'];
-		} elseif (isset($_POST['language'])
-				&& isset($this->_languages[$_POST['language']])
-		) {
+		} elseif (isset($_POST['language']) && isset($this->_languages[$_POST['language']])) {
 			$this->_activelng = $_POST['language'];
 		} else {
 			// try to guess the right language
@@ -1046,17 +1114,17 @@ class FroxlorInstall {
 	/**
 	 * Get template from filesystem
 	 *
-	 * @param string $template name of the template including subdirectory
+	 * @param string $template
+	 *        	name of the template including subdirectory
 	 *
 	 * @return string
 	 */
-	private function _getTemplate($template = null) {
+	private function _getTemplate($template = null)
+	{
 		// build filename
 		$filename = $this->_basepath . '/install/templates/' . $template . '.tpl';
 		// check existence
-		if(file_exists($filename)
-				&& is_readable($filename)
-		) {
+		if (file_exists($filename) && is_readable($filename)) {
 			$templatefile = addcslashes(file_get_contents($filename), '"\\');
 			// loop through template more than once in case we have an "if"-statement in another one
 			while (preg_match('/<if[ \t]*(.*)>(.*)(<\/if>|<else>(.*)<\/if>)/Uis', $templatefile)) {
@@ -1077,7 +1145,8 @@ class FroxlorInstall {
 	 *
 	 * @return string
 	 */
-	private function _status_message($case, $text) {
+	private function _status_message($case, $text)
+	{
 		if ($case == 'begin') {
 			return '<tr><td class="install-step">' . $text;
 		} else {
@@ -1088,13 +1157,15 @@ class FroxlorInstall {
 	/**
 	 * get/guess servername
 	 */
-	private function _guessServerName() {
+	private function _guessServerName()
+	{
 		// from form?
 		if (! empty($_POST['servername'])) {
 			$this->_data['servername'] = $_POST['servername'];
 			return;
 			// from $_SERVER
-		} else if (!empty($_SERVER['SERVER_NAME'])) {
+		} else
+			if (! empty($_SERVER['SERVER_NAME'])) {
 				// no ips
 				if ($this->_validate_ip($_SERVER['SERVER_NAME']) == false) {
 					$this->_data['servername'] = $_SERVER['SERVER_NAME'];
@@ -1108,7 +1179,8 @@ class FroxlorInstall {
 	/**
 	 * get/guess serverip
 	 */
-	private function _guessServerIP() {
+	private function _guessServerIP()
+	{
 		// from form
 		if (! empty($_POST['serverip'])) {
 			$this->_data['serverip'] = $_POST['serverip'];
@@ -1125,22 +1197,17 @@ class FroxlorInstall {
 	/**
 	 * get/guess webserver-software
 	 */
-	private function _guessWebserver() {
+	private function _guessWebserver()
+	{
 		// post
 		if (! empty($_POST['webserver'])) {
 			$this->_data['webserver'] = $_POST['webserver'];
 		} else {
-			if (strtoupper(@php_sapi_name()) == "APACHE2HANDLER"
-					|| stristr($_SERVER['SERVER_SOFTWARE'], "apache/2")
-			) {
+			if (strtoupper(@php_sapi_name()) == "APACHE2HANDLER" || stristr($_SERVER['SERVER_SOFTWARE'], "apache/2")) {
 				$this->_data['webserver'] = 'apache2';
-			} elseif(substr(strtoupper(@php_sapi_name()), 0, 8) == "LIGHTTPD"
-					|| stristr($_SERVER['SERVER_SOFTWARE'], "lighttpd")
-			) {
+			} elseif (substr(strtoupper(@php_sapi_name()), 0, 8) == "LIGHTTPD" || stristr($_SERVER['SERVER_SOFTWARE'], "lighttpd")) {
 				$this->_data['webserver'] = 'lighttpd';
-			} elseif(substr(strtoupper(@php_sapi_name()), 0, 8) == "NGINX"
-					|| stristr($_SERVER['SERVER_SOFTWARE'], "nginx")
-			) {
+			} elseif (substr(strtoupper(@php_sapi_name()), 0, 8) == "NGINX" || stristr($_SERVER['SERVER_SOFTWARE'], "nginx")) {
 				$this->_data['webserver'] = 'nginx';
 			} else {
 				// we don't need to bail out, since unknown does not affect any critical installation routines
@@ -1157,7 +1224,8 @@ class FroxlorInstall {
 	 * @param string $default
 	 *
 	 */
-	private function _getPostField($fieldname = null, $default = null) {
+	private function _getPostField($fieldname = null, $default = null)
+	{
 		// initialize
 		$this->_data[$fieldname] = '';
 		// set default
@@ -1177,11 +1245,9 @@ class FroxlorInstall {
 	 *
 	 * @return boolean|string
 	 */
-	private function _validate_ip($ip = null) {
-		if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === false
-				&& filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === false
-				&& filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE) === false
-		) {
+	private function _validate_ip($ip = null)
+	{
+		if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === false && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === false && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE) === false) {
 			return false;
 		}
 		return $ip;
@@ -1194,17 +1260,15 @@ class FroxlorInstall {
 	 *
 	 * @return string
 	 */
-	private function _remove_remarks($sql) {
-
+	private function _remove_remarks($sql)
+	{
 		$lines = explode("\n", $sql);
 		// try to keep mem. use down
 		$sql = "";
 		$linecount = count($lines);
 		$output = "";
 		for ($i = 0; $i < $linecount; $i ++) {
-			if ($i != ($linecount - 1)
-					|| strlen($lines[$i]) > 0
-			) {
+			if ($i != ($linecount - 1) || strlen($lines[$i]) > 0) {
 				if (substr($lines[$i], 0, 1) != "#") {
 					$output .= $lines[$i] . "\n";
 				} else {
@@ -1224,7 +1288,8 @@ class FroxlorInstall {
 	 * The whole function has been taken from the phpbb installer,
 	 * copyright by the phpbb team, phpbb in summer 2004.
 	 */
-	private function _split_sql_file($sql, $delimiter) {
+	private function _split_sql_file($sql, $delimiter)
+	{

 		// Split up our string into "possible" SQL statements.
 		$tokens = explode($delimiter, $sql);
@@ -1240,9 +1305,7 @@ class FroxlorInstall {
 		$token_count = count($tokens);
 		for ($i = 0; $i < $token_count; $i ++) {
 			// Don't want to add an empty string as the last thing in the array.
-			if (($i != ($token_count - 1))
-					|| (strlen($tokens[$i] > 0))
-			) {
+			if (($i != ($token_count - 1)) || (strlen($tokens[$i] > 0))) {
 				// This is the total number of single quotes in the token.
 				$total_quotes = preg_match_all("/'/", $tokens[$i], $matches);

@@ -1298,5 +1361,4 @@ class FroxlorInstall {
 		}
 		return $output;
 	}
-
 }
--- a/install/lng/english.lng.php
+++ b/install/lng/english.lng.php
@@ -24,6 +24,7 @@ $lng['requirements']['notfound'] = 'not found';
 $lng['requirements']['notinstalled'] = 'not installed';
 $lng['requirements']['activated'] = 'enabled';
 $lng['requirements']['phpversion'] = 'PHP version >= 5.3';
+$lng['requirements']['newerphpprefered'] = 'Good, but php-5.6 is prefered.';
 $lng['requirements']['phpmagic_quotes_runtime'] = 'magic_quotes_runtime...';
 $lng['requirements']['phpmagic_quotes_runtime_description'] = 'PHP setting "magic_quotes_runtime" must be set to "Off". We have disabled it temporary for now please fix the coresponding php.ini.';
 $lng['requirements']['phppdo'] = 'PHP PDO extension and PDO-MySQL driver...';
@@ -33,8 +34,9 @@ $lng['requirements']['phpposix'] = 'PHP posix-extension...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-extension...';
 $lng['requirements']['phpcurl'] = 'PHP curl-extension...';
 $lng['requirements']['phpmbstring'] = 'PHP mbstring-extension...';
+$lng['requirements']['phpzip'] = 'PHP zip-extension...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-calculation related functions will not work correctly!';
-$lng['requirements']['curldescription'] = 'Version-check and news-feed may not work correctly!';
+$lng['requirements']['zipdescription'] = 'The auto-update feature requires the zip extension.';
 $lng['requirements']['openbasedir'] = 'open_basedir...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor will not work properly with open_basedir enabled. Please disable open_basedir for Froxlor in the coresponding php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Cannot install Froxlor without these requirements! Try to fix them and retry.';
@@ -56,6 +58,7 @@ $lng['install']['admin_account'] = 'Administrator Account';
 $lng['install']['admin_user'] = 'Administrator Username';
 $lng['install']['admin_pass1'] = 'Administrator Password';
 $lng['install']['admin_pass2'] = 'Administrator-Password (confirm)';
+$lng['install']['activate_newsfeed'] = 'Enable the official newsfeed<br><small>(https://inside.froxlor.org/news/)</small>';
 $lng['install']['serversettings'] = 'Server settings';
 $lng['install']['servername'] = 'Server name (FQDN, no ip-address)';
 $lng['install']['serverip'] = 'Server IP';
--- a/install/lng/french.lng.php
+++ b/install/lng/french.lng.php
@@ -34,7 +34,6 @@ $lng['requirements']['phpbcmath'] = 'extension PHP bcmath ...';
 $lng['requirements']['phpcurl'] = 'extension PHP curl...';
 $lng['requirements']['phpmbstring'] = 'extension PHP mbstring...';
 $lng['requirements']['bcmathdescription'] = 'Les fonctions de calcul de traffic ne fonctionneront pas correctement!';
-$lng['requirements']['curldescription'] = 'Les vérifications de version et les flux d\'information peuvent ne pas fonctionner correctement!';
 $lng['requirements']['openbasedir'] = 'open_basedir...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor ne fonctionnera pas correctement avec open_basedir activé. Merci de désactiver open_basedir pour Froxlor dans le php.ini correspondant';
 $lng['requirements']['diedbecauseofrequirements'] = 'Impossible d\'installer Froxlor sans ces prérequis! Essayez de les corriger et essayez à nouveau.';
--- a/install/lng/german.lng.php
+++ b/install/lng/german.lng.php
@@ -24,6 +24,7 @@ $lng['requirements']['notfound'] = 'nicht gefunden';
 $lng['requirements']['notinstalled'] = 'nicht installiert';
 $lng['requirements']['activated'] = 'ist aktiviert.';
 $lng['requirements']['phpversion'] = 'PHP Version >= 5.3';
+$lng['requirements']['newerphpprefered'] = 'Passt, aber php-5.6 wird bevorzugt.';
 $lng['requirements']['phpmagic_quotes_runtime'] = 'magic_quotes_runtime';
 $lng['requirements']['phpmagic_quotes_runtime_description'] = 'Die PHP Einstellung "magic_quotes_runtime" muss deaktiviert sein ("Off"). Die Einstellung wurde temporär deaktiviert, bitte ändern Sie diese in der entsprechenden php.ini.';
 $lng['requirements']['phppdo'] = 'PHP PDO Erweiterung und PDO-MySQL Treiber...';
@@ -33,8 +34,9 @@ $lng['requirements']['phpposix'] = 'PHP posix-Erweiterung...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-Erweiterung...';
 $lng['requirements']['phpcurl'] = 'PHP curl-Erweiterung...';
 $lng['requirements']['phpmbstring'] = 'PHP mbstring-Erweiterung...';
+$lng['requirements']['phpzip'] = 'PHP zip-Erweiterung...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-Berechnungs bezogene Funktionen stehen nicht vollständig zur Verfügung!';
-$lng['requirements']['curldescription'] = 'Versions-Prüfung und News-Feed stehen nicht vollständig zur Verfügung!';
+$lng['requirements']['zipdescription'] = 'Die Auto-Update Funktion benötigt die zip Erweiterung.';
 $lng['requirements']['openbasedir'] = 'open_basedir genutzt wird...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor wird mit aktiviertem open_basedir nicht vollständig funktionieren. Bitte deaktivieren Sie open_basedir für Froxlor in der entsprechenden php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Kann Froxlor ohne diese Voraussetzungen nicht installieren! Beheben Sie die angezeigten Probleme und versuchen Sie es erneut.';
@@ -56,6 +58,7 @@ $lng['install']['admin_account'] = 'Admin-Zugang';
 $lng['install']['admin_user'] = 'Administrator-Benutzername';
 $lng['install']['admin_pass1'] = 'Administrator-Passwort';
 $lng['install']['admin_pass2'] = 'Administrator-Passwort (Bestätigung)';
+$lng['install']['activate_newsfeed'] = 'Aktiviere das offizielle Newsfeed<br><small>(https://inside.froxlor.org/news/)</small>';
 $lng['install']['serversettings'] = 'Servereinstellungen';
 $lng['install']['servername'] = 'Servername (FQDN, keine IP-Adresse)';
 $lng['install']['serverip'] = 'Server-IP';
--- a/install/scripts/language-check.php
+++ b/install/scripts/language-check.php
@@ -19,10 +19,7 @@
 $baseLanguage = 'english.lng.php';

 // Check if we're in the CLI
-if(@php_sapi_name() != 'cli'
-   && @php_sapi_name() != 'cgi'
-   && @php_sapi_name() != 'cgi-fcgi'
-) {
+if(@php_sapi_name() !== 'cli') {
 	die('This script will only work in the shell.');
 }

@@ -56,7 +53,7 @@ if ($dh = opendir($path)) {
 } else {
 	print "ERROR: The path you requested cannot be read! \n ";
 	print "\n";
-	print_help();
+	print_help($argv);
 	exit;
 }

@@ -64,7 +61,7 @@ if ($dh = opendir($path)) {
 if (!isset($files[$baseLanguage])) {
 	print "ERROR: The baselanguage cannot be found! \n";
 	print "\n";
-	print_help();
+	print_help($argv);
 	exit;
 }

--- a/install/scripts/switch-server-ip.php
+++ b/install/scripts/switch-server-ip.php
@@ -0,0 +1,417 @@
+#!/usr/bin/php
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Froxlor team <team@froxlor.org> (2016-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Cron
+ *
+ */
+
+// Check if we're in the CLI
+if(@php_sapi_name() !== 'cli') {
+	die('This script will only work in the shell.');
+}
+
+// give control to command line handler
+try {
+	CmdLineHandler::processParameters($argc, $argv);
+} catch (Exception $e) {
+	CmdLineHandler::printerr($e->getMessage());
+}
+
+class CmdLineHandler
+{
+
+	/**
+	 * internal variable for passed arguments
+	 *
+	 * @var array
+	 */
+	private static $args = null;
+
+	/**
+	 * Action object read from commandline/config
+	 *
+	 * @var Action
+	 */
+	private $_action = null;
+
+	/**
+	 * list of valid parameters/switches
+	 */
+	public static $switches = array(
+		/* 'd', // debug / output information for everything */
+		'h'
+	);
+ // same as --help
+	public static $params = array(
+		'switch',
+		'list',
+		'froxlor-dir',
+		'help'
+	);
+
+	/**
+	 * Returns a CmdLineHandler object with given
+	 * arguments from command line
+	 *
+	 * @param int $argc
+	 * @param array $argv
+	 *
+	 * @return CmdLineHandler
+	 */
+	public static function processParameters($argc, $argv)
+	{
+		return new CmdLineHandler($argc, $argv);
+	}
+
+	/**
+	 * returns the Action object generated in
+	 * the class constructor
+	 *
+	 * @return Action
+	 */
+	public function getAction()
+	{
+		return $this->_action;
+	}
+
+	/**
+	 * class constructor, validates the command line parameters
+	 * and sets the Action-object if valid
+	 *
+	 * @param int $argc
+	 * @param string[] $argv
+	 *
+	 * @return null
+	 * @throws Exception
+	 */
+	private function __construct($argc, $argv)
+	{
+		self::$args = $this->_parseArgs($argv);
+		$this->_action = $this->_createAction();
+	}
+
+	/**
+	 * Parses the arguments given via the command line;
+	 * three types are supported:
+	 * 1.
+	 * --parm1 or --parm2=value
+	 * 2. -xyz (multiple switches in one) or -a=value
+	 * 3. parm1 parm2
+	 *
+	 * The 1. will be mapped as
+	 * ["parm1"] => true, ["parm2"] => "value"
+	 * The 2. as
+	 * ["x"] => true, ["y"] => true, ["z"] => true, ["a"] => "value"
+	 * And the 3. as
+	 * [0] => "parm1", [1] => "parm2"
+	 *
+	 * @param array $argv
+	 *
+	 * @return array
+	 */
+	private function _parseArgs($argv)
+	{
+		array_shift($argv);
+		$o = array();
+		foreach ($argv as $a) {
+			if (substr($a, 0, 2) == '--') {
+				$eq = strpos($a, '=');
+				if ($eq !== false) {
+					$o[substr($a, 2, $eq - 2)] = substr($a, $eq + 1);
+				} else {
+					$k = substr($a, 2);
+					if (! isset($o[$k])) {
+						$o[$k] = true;
+					}
+				}
+			} else
+				if (substr($a, 0, 1) == '-') {
+					if (substr($a, 2, 1) == '=') {
+						$o[substr($a, 1, 1)] = substr($a, 3);
+					} else {
+						foreach (str_split(substr($a, 1)) as $k) {
+							if (! isset($o[$k])) {
+								$o[$k] = true;
+							}
+						}
+					}
+				} else {
+					$o[] = $a;
+				}
+		}
+		return $o;
+	}
+
+	/**
+	 * Creates an Action-Object for the Action-Handler
+	 *
+	 * @return Action
+	 * @throws Exception
+	 */
+	private function _createAction()
+	{
+
+		// Test for help-switch
+		if (empty(self::$args) || array_key_exists("help", self::$args) || array_key_exists("h", self::$args)) {
+			self::printHelp();
+			// end of execution
+		}
+		// check if no unknown parameters are present
+		foreach (self::$args as $arg => $value) {
+
+			if (is_numeric($arg)) {
+				throw new Exception("Unknown parameter '" . $value . "' in argument list");
+			} elseif (! in_array($arg, self::$params) && ! in_array($arg, self::$switches)) {
+				throw new Exception("Unknown parameter '" . $arg . "' in argument list");
+			}
+		}
+
+		// set debugger switch
+		if (isset(self::$args["d"]) && self::$args["d"] == true) {
+			// Debugger::getInstance()->setEnabled(true);
+			// Debugger::getInstance()->debug("debug output enabled");
+		}
+
+		return new Action(self::$args);
+	}
+
+	public static function printHelp()
+	{
+		self::println("");
+		self::println("Help / command line parameters:");
+		self::println("");
+		// commands
+		self::println("--switch\t\tlets you switch ip-address A with ip-address B");
+		self::println("\t\t\tExample: --switch=A,B");
+		self::println("\t\t\tExample: --switch=\"A1,B1 A2,B2 A3,B3 ...\"");
+		self::println("");
+		self::println("--list\t\t\tshow all currently used ip-addresses in froxlor");
+		self::println("");
+		self::println("--froxlor-dir\t\tpath to froxlor installation");
+		self::println("\t\t\tExample: --froxlor-dir=/var/www/froxlor/");
+		self::println("");
+		self::println("--help\t\t\tshow help screen (this)");
+		self::println("");
+		// switches
+		// self::println("-d\t\t\tenable debug output");
+		self::println("-h\t\t\tsame as --help");
+		self::println("");
+
+		die(); // end of execution
+	}
+
+	public static function println($msg = "")
+	{
+		print $msg . PHP_EOL;
+	}
+
+	private static function _printcolor($msg = "", $color = "0")
+	{
+		print "\033[" . $color . "m" . $msg . "\033[0m" . PHP_EOL;
+	}
+
+	public static function printerr($msg = "")
+	{
+		self::_printcolor($msg, "31");
+	}
+
+	public static function printsucc($msg = "")
+	{
+		self::_printcolor($msg, "32");
+	}
+
+	public static function printwarn($msg = "")
+	{
+		self::_printcolor($msg, "33");
+	}
+}
+
+class Action
+{
+
+	private $_args = null;
+
+	private $_name = null;
+
+	private $_db = null;
+
+	public function __construct($args)
+	{
+		$this->_args = $args;
+		$this->_validate();
+	}
+
+	public function getActionName()
+	{
+		return $this->_name;
+	}
+
+	/**
+	 * validates the parsed command line parameters
+	 *
+	 * @throws Exception
+	 */
+	private function _validate()
+	{
+		$need_config = false;
+		if (array_key_exists("list", $this->_args) || array_key_exists("switch", $this->_args)) {
+			$need_config = true;
+		}
+
+		$this->_checkConfigParam($need_config);
+
+		$this->_parseConfig();
+
+		if (array_key_exists("list", $this->_args)) {
+			$this->_listIPs();
+		}
+		if (array_key_exists("switch", $this->_args)) {
+			$this->_switchIPs();
+		}
+	}
+
+	private function _listIPs()
+	{
+		$sel_stmt = Database::prepare("SELECT * FROM panel_ipsandports ORDER BY ip ASC, port ASC");
+		Database::pexecute($sel_stmt);
+		$ips = $sel_stmt->fetchAll(PDO::FETCH_ASSOC);
+		$mask = "|%-10.10s |%-50.50s | %10.10s |\n";
+		printf($mask, str_repeat("-", 10), str_repeat("-", 50), str_repeat("-", 10));
+		printf($mask, 'id', 'IP address', 'port');
+		printf($mask, str_repeat("-", 10), str_repeat("-", 50), str_repeat("-", 10));
+		foreach ($ips as $ipdata) {
+			printf($mask, $ipdata['id'], $ipdata['ip'], $ipdata['port']);
+		}
+		printf($mask, str_repeat("-", 10), str_repeat("-", 50), str_repeat("-", 10));
+		echo PHP_EOL . PHP_EOL;
+	}
+
+	private function _switchIPs()
+	{
+		$ip_list = $this->_args['switch'];
+
+		if (empty($ip_list) || is_bool($ip_list)) {
+			throw new Exception("No paramters given for --switch action.");
+		}
+
+		$ips_to_switch = array();
+		$ip_list = explode(" ", $ip_list);
+		foreach ($ip_list as $ips_combo) {
+			$ip_pair = explode(",", $ips_combo);
+			if (count($ip_pair) != 2) {
+				throw new Exception("Invalid parameter given for --switch");
+			} else {
+				if (filter_var($ip_pair[0], FILTER_VALIDATE_IP) == false) {
+					throw new Exception("Invalid source ip address: " . $ip_pair[0]);
+				}
+				if (filter_var($ip_pair[1], FILTER_VALIDATE_IP) == false) {
+					throw new Exception("Invalid target ip address: " . $ip_pair[1]);
+				}
+				if ($ip_pair[0] == $ip_pair[1]) {
+					throw new Exception("Source and target ip address are equal");
+				}
+			}
+			$ips_to_switch[] = $ip_pair;
+		}
+
+		if (count($ips_to_switch) > 0) {
+			$upd_stmt = Database::prepare("UPDATE panel_ipsandports SET `ip` = :newip WHERE `ip` = :oldip");
+
+			// system.ipaddress
+			$check_sysip_stmt = Database::prepare("SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'system' and `varname` = 'ipaddress'");
+			$check_sysip = Database::pexecute_first($check_sysip_stmt);
+
+			// system.mysql_access_host
+			$check_mysqlip_stmt = Database::prepare("SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'system' and `varname` = 'mysql_access_host'");
+			$check_mysqlip = Database::pexecute_first($check_mysqlip_stmt);
+
+			// system.axfrservers
+			$check_axfrip_stmt = Database::prepare("SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'system' and `varname` = 'axfrservers'");
+			$check_axfrip = Database::pexecute_first($check_axfrip_stmt);
+
+			foreach ($ips_to_switch as $ip_pair) {
+				echo "Switching IP \033[1m" . $ip_pair[0] . "\033[0m to IP \033[1m" . $ip_pair[1] . "\033[0m" . PHP_EOL;
+				Database::pexecute($upd_stmt, array(
+					'newip' => $ip_pair[1],
+					'oldip' => $ip_pair[0]
+				));
+				$rows_updated = $upd_stmt->rowCount();
+
+				if ($rows_updated == 0) {
+					CmdLineHandler::printwarn("Note: " . $ip_pair[0] . " not updated to " . $ip_pair[1] . " (possibly no entry found in froxlor database. Use --list to see what IP addresses are added in froxlor");
+				}
+
+				// check whether the system.ipaddress needs updating
+				if ($check_sysip['value'] == $ip_pair[0]) {
+					$upd2_stmt = Database::prepare("UPDATE `panel_settings` SET `value` = :newip WHERE `settinggroup` = 'system' and `varname` = 'ipaddress'");
+					Database::pexecute($upd2_stmt, array(
+						'newip' => $ip_pair[1]
+					));
+					CmdLineHandler::printsucc("Updated system-ipaddress from '" . $ip_pair[0] . "' to '" . $ip_pair[1] . "'");
+				}
+
+				// check whether the system.mysql_access_host needs updating
+				if (strstr($check_mysqlip['value'], $ip_pair[0]) !== false) {
+					$new_mysqlip = str_replace($ip_pair[0], $ip_pair[1], $check_mysqlip['value']);
+					$upd2_stmt = Database::prepare("UPDATE `panel_settings` SET `value` = :newmysql WHERE `settinggroup` = 'system' and `varname` = 'mysql_access_host'");
+					Database::pexecute($upd2_stmt, array(
+						'newmysql' => $new_mysqlip
+					));
+					CmdLineHandler::printsucc("Updated mysql_access_host from '" . $check_mysqlip['value'] . "' to '" . $new_mysqlip . "'");
+				}
+
+				// check whether the system.axfrservers needs updating
+				if (strstr($check_axfrip['value'], $ip_pair[0]) !== false) {
+					$new_axfrip = str_replace($ip_pair[0], $ip_pair[1], $check_axfrip['value']);
+					$upd2_stmt = Database::prepare("UPDATE `panel_settings` SET `value` = :newaxfr WHERE `settinggroup` = 'system' and `varname` = 'axfrservers'");
+					Database::pexecute($upd2_stmt, array(
+						'newaxfr' => $new_axfrip
+					));
+					CmdLineHandler::printsucc("Updated axfrservers from '" . $check_axfrip['value'] . "' to '" . $new_axfrip . "'");
+				}
+			}
+		}
+
+		echo PHP_EOL;
+		CmdLineHandler::printwarn("*** ATTENTION *** Remember to replace IP addresses in configuration files if used anywhere.");
+		CmdLineHandler::printsucc("IP addresses updated");
+	}
+
+	private function _parseConfig()
+	{
+		define('FROXLOR_INSTALL_DIR', $this->_args['froxlor-dir']);
+		if (!file_exists(FROXLOR_INSTALL_DIR . '/lib/classes/database/class.Database.php')) {
+			throw new Exception("Could not find froxlor's Database class. Is froxlor really installed to '".FROXLOR_INSTALL_DIR."'?");
+		}
+		if (!file_exists(FROXLOR_INSTALL_DIR . '/lib/userdata.inc.php')) {
+			throw new Exception("Could not find froxlor's userdata.inc.php file. You should use this script only with a fully installed and setup froxlor system.");
+		}
+		require FROXLOR_INSTALL_DIR . '/lib/classes/database/class.Database.php';
+	}
+
+	private function _checkConfigParam($needed = false)
+	{
+		if ($needed) {
+			if (! isset($this->_args["froxlor-dir"])) {
+				throw new Exception("No configuration given (missing --froxlor-dir parameter?)");
+			} elseif (! is_dir($this->_args["froxlor-dir"])) {
+				throw new Exception("Given --froxlor-dir parameter is not a directory");
+			} elseif (! file_exists($this->_args["froxlor-dir"])) {
+				throw new Exception("Given froxlor directory cannot be found ('" . $this->_args["froxlor-dir"] . "')");
+			} elseif (! is_readable($this->_args["froxlor-dir"])) {
+				throw new Exception("Given froxlor direcotry cannot be read ('" . $this->_args["froxlor-dir"] . "')");
+			}
+		}
+	}
+}
--- a/install/templates/assets/css/install.css
+++ b/install/templates/assets/css/install.css
--- a/install/templates/assets/img/favicon.ico
+++ b/install/templates/assets/img/favicon.ico
--- a/install/templates/assets/img/logo.png
+++ b/install/templates/assets/img/logo.png
--- a/install/templates/assets/img/text_align_left.png
+++ b/install/templates/assets/img/text_align_left.png
--- a/install/templates/dataitemyesno.tpl
+++ b/install/templates/dataitemyesno.tpl
@@ -0,0 +1,4 @@
+<p>
+	<label for="{$fieldname}" class="install-block {$style}">{$fieldlabel}:</label>
+	<input type="checkbox" name="{$fieldname}" id="{$fieldname}" value="1" {$checked} />
+</p>
--- a/install/updates/froxlor/0.9/update_0.9.inc.php
+++ b/install/updates/froxlor/0.9/update_0.9.inc.php
--- a/install/updates/preconfig.php
+++ b/install/updates/preconfig.php
@@ -21,17 +21,18 @@
 * outputs various content before the update process
 * can be continued (askes for agreement whatever is being asked)
 *
- * @param string version
+ * @param string $current_version
+ * @param int $current_db_version
 *
 * @return string
 */
-function getPreConfig($current_version)
+function getPreConfig($current_version, $current_db_version)
 {
 	$has_preconfig = false;
 	$return = '<div class="preconfig"><h3 class="red">PLEASE NOTE - Important update notifications</h3>';

 	include_once makeCorrectFile(dirname(__FILE__).'/preconfig/0.9/preconfig_0.9.inc.php');
-	parseAndOutputPreconfig($has_preconfig, $return, $current_version);
+	parseAndOutputPreconfig($has_preconfig, $return, $current_version, $current_db_version);

 	$return .= '<br /><br />'.makecheckbox('update_changesagreed', '<strong>I have read the update notifications above and I am aware of the changes made to my system.</strong>', '1', true, '0', true);
 	$return .= '</div>';
--- a/install/updates/preconfig/0.9/preconfig_0.9.inc.php
+++ b/install/updates/preconfig/0.9/preconfig_0.9.inc.php
@@ -18,18 +18,20 @@
 /**
 * checks if the new-version has some updating to do
 *
- * @param boolean $has_preconfig   pointer to check if any preconfig has to be output
- * @param string  $return          pointer to output string
- * @param string  $current_version current froxlor version
+ * @param boolean $has_preconfig
+ *        	pointer to check if any preconfig has to be output
+ * @param string $return
+ *        	pointer to output string
+ * @param string $current_version
+ *        	current froxlor version
 *
 * @return null
 */
-function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
-
+function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version, $current_db_version)
+{
 	global $lng;

-	if(versionInUpdate($current_version, '0.9.4-svn2'))
-	{
+	if (versionInUpdate($current_version, '0.9.4-svn2')) {
 		$has_preconfig = true;
 		$description = 'Froxlor now enables the usage of a domain-wildcard entry and subdomains for this domain at the same time (subdomains are parsed before the main-domain vhost container).';
 		$description .= 'This makes it possible to catch all non-existing subdomains with the main vhost but also have the ability to use subdomains for that domain.<br />';
@@ -40,10 +42,8 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.6-svn2'))
-	{
-		if(!PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')))
-		{
+	if (versionInUpdate($current_version, '0.9.6-svn2')) {
+		if (! PHPMailer::ValidateAddress(Settings::Get('panel.adminmail'))) {
 			$has_preconfig = true;
 			$description = 'Froxlor uses a newer version of the phpMailerClass and determined that your current admin-mail address is invalid.';
 			$question = '<strong>Please specify a new admin-email address:</strong>&nbsp;<input type="text" class="text" name="update_adminmail" value="' . Settings::Get('panel.adminmail') . '" />';
@@ -51,14 +51,12 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.6-svn3'))
-	{
+	if (versionInUpdate($current_version, '0.9.6-svn3')) {
 		$has_preconfig = true;
 		$description = 'You now have the possibility to define default error-documents for your webserver which replace the default webserver error-messages.';
 		$question = '<strong>Do you want to enable default error-documents?:</strong>&nbsp;';
 		$question .= makeyesno('update_deferr_enable', '1', '0', '0') . '<br /><br />';
-		if(Settings::Get('system.webserver') == 'apache2')
-		{
+		if (Settings::Get('system.webserver') == 'apache2') {
 			$question .= 'Path/URL for error 500:&nbsp;<input type="text" class="text" name="update_deferr_500" /><br /><br />';
 			$question .= 'Path/URL for error 401:&nbsp;<input type="text" class="text" name="update_deferr_401" /><br /><br />';
 			$question .= 'Path/URL for error 403:&nbsp;<input type="text" class="text" name="update_deferr_403" /><br /><br />';
@@ -67,8 +65,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.6-svn4'))
-	{
+	if (versionInUpdate($current_version, '0.9.6-svn4')) {
 		$has_preconfig = true;
 		$description = 'You can define a default support-ticket priority level which is pre-selected for new support-tickets.';
 		$question = '<strong>Which should be the default ticket-priority?:</strong>&nbsp;';
@@ -80,24 +77,21 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.6-svn5'))
-	{
+	if (versionInUpdate($current_version, '0.9.6-svn5')) {
 		$has_preconfig = true;
 		$description = 'If you have more than one PHP configurations defined in Froxlor you can now set a default one which will be used for every domain.';
 		$question = '<strong>Select default PHP configuration:</strong>&nbsp;';
 		$question .= '<select name="update_defsys_phpconfig">';
 		$configs_array = getPhpConfigs();
 		$configs = '';
-		foreach($configs_array as $idx => $desc)
-		{
+		foreach ($configs_array as $idx => $desc) {
 			$configs .= makeoption($desc, $idx, '1');
 		}
 		$question .= $configs . '</select>';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.6-svn6'))
-	{
+	if (versionInUpdate($current_version, '0.9.6-svn6')) {
 		$has_preconfig = true;
 		$description = 'For the new FTP-quota feature, you can now chose the currently used ftpd-software.';
 		$question = '<strong>Used FTPd-software:</strong>&nbsp;';
@@ -108,8 +102,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.7-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.7-svn1')) {
 		$has_preconfig = true;
 		$description = 'You can now choose whether customers can select the http-redirect code and which of them acts as default.';
 		$question = '<strong>Allow customer chosen redirects?:</strong>&nbsp;';
@@ -125,23 +118,20 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.7-svn2'))
-	{
+	if (versionInUpdate($current_version, '0.9.7-svn2')) {
 		$result = Database::query("SELECT `domain` FROM " . TABLE_PANEL_DOMAINS . " WHERE `documentroot` LIKE '%:%' AND `documentroot` NOT LIKE 'http://%' AND `openbasedir_path` = '0' AND `openbasedir` = '1'");
 		$wrongOpenBasedirDomain = array();
 		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
 			$wrongOpenBasedirDomain[] = $row['domain'];
 		}

-		if(count($wrongOpenBasedirDomain) > 0)
-		{
+		if (count($wrongOpenBasedirDomain) > 0) {
 			$has_preconfig = true;
 			$description = 'Resetting the open_basedir to customer - root';
 			$question = '<strong>Due to a security - issue regarding open_basedir, Froxlor will set the open_basedir for the following domains to the customers root instead of the chosen documentroot:</strong><br />&nbsp;';
 			$question .= '<ul>';
 			$idna_convert = new idna_convert_wrapper();
-			foreach($wrongOpenBasedirDomain as $domain)
-			{
+			foreach ($wrongOpenBasedirDomain as $domain) {
 				$question .= '<li>' . $idna_convert->decode($domain) . '</li>';
 			}
 			$question .= '</ul>';
@@ -149,8 +139,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.9-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.9-svn1')) {
 		$has_preconfig = true;
 		$description = 'When entering MX servers to Froxlor there was no mail-, imap-, pop3- and smtp-"A record" created. You can now chose whether this should be done or not.';
 		$question = '<strong>Do you want these A-records to be created even with MX servers given?:</strong>&nbsp;';
@@ -158,22 +147,18 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.10-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.10-svn1')) {
 		$has_nouser = false;
 		$has_nogroup = false;

 		$result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'system' AND `varname` = 'httpuser'");
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

-		if(!isset($result) || !isset($result['value']))
-		{
+		if (! isset($result) || ! isset($result['value'])) {
 			$has_preconfig = true;
 			$has_nouser = true;
 			$guessed_user = 'www-data';
-			if(function_exists('posix_getuid')
-					&& function_exists('posix_getpwuid')
-			) {
+			if (function_exists('posix_getuid') && function_exists('posix_getpwuid')) {
 				$_httpuser = posix_getpwuid(posix_getuid());
 				$guessed_user = $_httpuser['name'];
 			}
@@ -182,28 +167,21 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		$result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'system' AND `varname` = 'httpgroup'");
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

-		if(!isset($result) || !isset($result['value']))
-		{
+		if (! isset($result) || ! isset($result['value'])) {
 			$has_preconfig = true;
 			$has_nogroup = true;
 			$guessed_group = 'www-data';
-			if(function_exists('posix_getgid')
-					&& function_exists('posix_getgrgid')
-			) {
+			if (function_exists('posix_getgid') && function_exists('posix_getgrgid')) {
 				$_httpgroup = posix_getgrgid(posix_getgid());
 				$guessed_group = $_httpgroup['name'];
 			}
 		}

-		if($has_nouser || $has_nogroup)
-		{
+		if ($has_nouser || $has_nogroup) {
 			$description = 'Please enter the correct username/groupname of the webserver on your system We\'re guessing the user but it might not be correct, so please check.';
-			if($has_nouser)
-			{
+			if ($has_nouser) {
 				$question = '<strong>Please enter the webservers username:</strong>&nbsp;<input type="text" class="text" name="update_httpuser" value="' . $guessed_user . '" />';
-			}
-			elseif($has_nogroup)
-			{
+			} elseif ($has_nogroup) {
 				$question2 = '<strong>Please enter the webservers groupname:</strong>&nbsp;<input type="text" class="text" name="update_httpgroup" value="' . $guessed_group . '" />';
 				if ($has_nouser) {
 					$question .= '<br /><br />' . $question2;
@@ -215,8 +193,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.10'))
-	{
+	if (versionInUpdate($current_version, '0.9.10')) {
 		$has_preconfig = true;
 		$description = 'you can now decide whether Froxlor should be reached via hostname/froxlor or directly via the hostname.';
 		$question = '<strong>Do you want Froxlor to be reached directly via the hostname?:</strong>&nbsp;';
@@ -224,8 +201,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.11-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.11-svn1')) {
 		$has_preconfig = true;
 		$description = 'It is possible to enhance security with setting a regular expression to force your customers to enter more complex passwords.';
 		$question = '<strong>Enter a regular expression to force a higher password complexity (leave empty for none):</strong>&nbsp;';
@@ -233,8 +209,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.11-svn3'))
-	{
+	if (versionInUpdate($current_version, '0.9.11-svn3')) {
 		$has_preconfig = true;
 		$description = 'As Froxlor can now handle perl, you have to specify where the perl executable is (only if you\'re running lighttpd, else just leave empty).';
 		$question = '<strong>Path to perl (default \'/usr/bin/perl\'):</strong>&nbsp;';
@@ -242,10 +217,8 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.12-svn1'))
-	{
-		if(Settings::Get('system.mod_fcgid') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.12-svn1')) {
+		if (Settings::Get('system.mod_fcgid') == 1) {
 			$has_preconfig = true;
 			$description = 'You can chose whether you want Froxlor to use FCGID itself too now.';
 			$question = '<strong>Use FCGID for the Froxlor Panel?:</strong>&nbsp;';
@@ -259,8 +232,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.12-svn2'))
-	{
+	if (versionInUpdate($current_version, '0.9.12-svn2')) {
 		$has_preconfig = true;
 		$description = 'Many apache user will have problems using perl/CGI as the customer docroots are not within the suexec path. Froxlor provides a simple workaround for that.';
 		$question = '<strong>Enable Apache/SuExec/Perl workaround?:</strong>&nbsp;';
@@ -271,10 +243,8 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.12-svn4'))
-	{
-		if((int)Settings::Get('system.awstats_enabled') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.12-svn4')) {
+		if ((int) Settings::Get('system.awstats_enabled') == 1) {
 			$has_preconfig = true;
 			$description = 'Due to different paths of awstats_buildstaticpages.pl and awstats.pl you can set a different path for awstats.pl now.';
 			$question = '<strong>Path to \'awstats.pl\'?:</strong>&nbsp;';
@@ -283,10 +253,8 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.13-svn1'))
-	{
-		if((int)Settings::Get('autoresponder.autoresponder_active') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.13-svn1')) {
+		if ((int) Settings::Get('autoresponder.autoresponder_active') == 1) {
 			$has_preconfig = true;
 			$description = 'Froxlor can now limit the number of autoresponder-entries for each user. Here you can set the value which will be available for each customer (Of course you can change the value for each customer separately after the update).';
 			$question = '<strong>How many autoresponders should your customers be able to add?:</strong>&nbsp;';
@@ -295,18 +263,15 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.13.1'))
-	{
-		if((int)Settings::Get('system.mod_fcgid_ownvhost') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.13.1')) {
+		if ((int) Settings::Get('system.mod_fcgid_ownvhost') == 1) {
 			$has_preconfig = true;
 			$description = 'You have FCGID for Froxlor itself activated. You can now specify a PHP-configuration for this.';
 			$question = '<strong>Select Froxlor-vhost PHP configuration:</strong>&nbsp;';
 			$question .= '<select name="update_defaultini_ownvhost">';
 			$configs_array = getPhpConfigs();
 			$configs = '';
-			foreach($configs_array as $idx => $desc)
-			{
+			foreach ($configs_array as $idx => $desc) {
 				$configs .= makeoption($desc, $idx, '1');
 			}
 			$question .= $configs . '</select>';
@@ -314,10 +279,8 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.14-svn3'))
-	{
-		if((int)Settings::Get('system.awstats_enabled') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.14-svn3')) {
+		if ((int) Settings::Get('system.awstats_enabled') == 1) {
 			$has_preconfig = true;
 			$description = 'To have icons in AWStats statistic-pages please enter the path to AWStats icons folder.';
 			$question = '<strong>Path to AWSTats icons folder:</strong>&nbsp;';
@@ -326,10 +289,8 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.14-svn4'))
-	{
-		if((int)Settings::Get('system.use_ssl') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.14-svn4')) {
+		if ((int) Settings::Get('system.use_ssl') == 1) {
 			$has_preconfig = true;
 			$description = 'Froxlor now has the possibility to set \'SSLCertificateChainFile\' for the apache webserver.';
 			$question = '<strong>Enter filename (leave empty for none):</strong>&nbsp;';
@@ -338,8 +299,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.14-svn6'))
-	{
+	if (versionInUpdate($current_version, '0.9.14-svn6')) {
 		$has_preconfig = true;
 		$description = 'You can now allow customers to use any of their domains as username for the login.';
 		$question = '<strong>Do you want to enable domain-login for all customers?:</strong>&nbsp;';
@@ -347,16 +307,14 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.14-svn10'))
-	{
+	if (versionInUpdate($current_version, '0.9.14-svn10')) {
 		$has_preconfig = true;
 		$description = '<strong>This update removes the unsupported real-time option. Additionally the deprecated tables for navigation and cronscripts are removed, any modules using these tables need to be updated to the new structure!</strong>';
 		$question = '';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.16-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.16-svn1')) {
 		$has_preconfig = true;
 		$description = 'Froxlor now features support for php-fpm.';
 		$question = '<strong>Do you want to enable php-fpm?:</strong>&nbsp;';
@@ -388,10 +346,8 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.16-svn2'))
-	{
-		if((int)Settings::Get('phpfpm.enabled') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.16-svn2')) {
+		if ((int) Settings::Get('phpfpm.enabled') == 1) {
 			$has_preconfig = true;
 			$description = 'You can chose whether you want Froxlor to use PHP-FPM itself too now.';
 			$question = '<strong>Use PHP-FPM for the Froxlor Panel?:</strong>&nbsp;';
@@ -405,8 +361,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.17-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.17-svn1')) {
 		$has_preconfig = true;
 		$description = 'Select if you want to enable the web- and traffic-reports';
 		$question = '<strong>Enable?:</strong>&nbsp;';
@@ -419,8 +374,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.18-svn2'))
-	{
+	if (versionInUpdate($current_version, '0.9.18-svn2')) {
 		$has_preconfig = true;
 		$description = 'As you can (obviously) see, Froxlor now comes with a new theme. You also have the possibility to switch back to "Classic" if you want to.';
 		$question = '<strong>Select default panel theme:</strong>&nbsp;';
@@ -434,8 +388,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.28-svn4'))
-	{
+	if (versionInUpdate($current_version, '0.9.28-svn4')) {
 		$has_preconfig = true;
 		$description = 'This version introduces a lot of profound changes:';
 		$description .= '<br /><ul><li>Improving the whole template system</li><li>Full UTF-8 support</li><li><strong>Removing support for the former default theme \'Classic\'</strong></li></ul>';
@@ -446,8 +399,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		$question = '<strong>Select your preferred Classic Theme replacement:</strong>&nbsp;';
 		$question .= '<select name="classic_theme_replacement">';
 		$themes = getThemes();
-		foreach($themes as $cur_theme)
-		{
+		foreach ($themes as $cur_theme) {
 			$question .= makeoption($cur_theme, $cur_theme, 'Froxlor');
 		}
 		$question .= '</select>';
@@ -494,9 +446,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		$description = 'Froxlor changed the default parameter-set of sendmail (php.ini)<br />';
 		$description .= 'sendmail_path = "/usr/sbin/sendmail -t <strong>-i</strong> -f {CUSTOMER_EMAIL}"<br /><br />';
 		$description .= 'If you don\'t have any problems with sending mails, you don\'t need to change this';
-		if (Settings::Get('system.mod_fcgid') == '1'
-				|| Settings::Get('phpfpm.enabled') == '1'
-		) {
+		if (Settings::Get('system.mod_fcgid') == '1' || Settings::Get('phpfpm.enabled') == '1') {
 			// information about removal of php's safe_mode
 			$description .= '<br /><br />The php safe_mode flag has been removed as current versions of PHP<br />';
 			$description .= 'do not support it anymore.<br /><br />';
@@ -509,9 +459,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {

 	if (versionInUpdate($current_version, '0.9.29-dev1')) {
 		// we only need to ask if fcgid|php-fpm is enabled
-		if (Settings::Get('system.mod_fcgid') == '1'
-				|| Settings::Get('phpfpm.enabled') == '1'
-		) {
+		if (Settings::Get('system.mod_fcgid') == '1' || Settings::Get('phpfpm.enabled') == '1') {
 			$has_preconfig = true;
 			$description = 'Standard-subdomains can now be hidden from the php-configuration overview.<br />';
 			$question = '<strong>Do you want to hide the standard-subdomains (this can be changed in the settings any time)?:</strong>&nbsp;';
@@ -555,9 +503,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 	// let the apache+fpm users know that they MUST change their config
 	// for the domains / webserver to work after the update
 	if (versionInUpdate($current_version, '0.9.30-dev1')) {
-		if (Settings::Get('system.webserver') == 'apache2'
-			&& Settings::Get('phpfpm.enabled') == '1'
-		) {
+		if (Settings::Get('system.webserver') == 'apache2' && Settings::Get('phpfpm.enabled') == '1') {
 			$has_preconfig = true;
 			$description = 'The PHP-FPM implementation for apache2 has changed. Please look for the "<b>fastcgi.conf</b>" (Debian/Ubuntu) or "<b>70_fastcgi.conf</b>" (Gentoo) within /etc/apache2/ and change it as shown below:<br /><br />';
 			$description .= '<pre class="code-block">&lt;IfModule mod_fastcgi.c&gt;
@@ -575,9 +521,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 	}

 	if (versionInUpdate($current_version, '0.9.31-dev2')) {
-		if (Settings::Get('system.webserver') == 'apache2'
-				&& Settings::Get('phpfpm.enabled') == '1'
-		) {
+		if (Settings::Get('system.webserver') == 'apache2' && Settings::Get('phpfpm.enabled') == '1') {
 			$has_preconfig = true;
 			$description = 'The FPM socket directory is now a setting in froxlor. Its default is <b>/var/lib/apache2/fastcgi/</b>.<br/>If you are using <b>/var/run/apache2</b> in the "<b>fastcgi.conf</b>" (Debian/Ubuntu) or "<b>70_fastcgi.conf</b>" (Gentoo) please correct this path accordingly<br />';
 			$question = '';
@@ -700,4 +644,69 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		$question .= '<br>';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}
+
+	if (versionInUpdate($current_db_version, '201603070')) {
+		$has_preconfig = true;
+		$description = 'You can chose whether you want to enable or disable our Let\'s Encrypt implementation.<br />Please remember that you need to go through the webserver-configuration when enabled because this feature needs a special configuration.<br /><br />';
+		$question = '<strong>Do you want to enable Let\'s Encrypt? (default: yes):</strong>&nbsp;';
+		$question .= makeyesno('enable_letsencrypt', '1', '0', '1') . '<br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201604270')) {
+		$has_preconfig = true;
+		$description = 'You can chose whether you want to enable or disable our backup function.<br /><br />';
+		$question = '<strong>Do you want to enable Backup? (default: no):</strong>&nbsp;';
+		$question .= makeyesno('enable_backup', '1', '0', '0') . '<br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201605090')) {
+		$has_preconfig = true;
+		$description = 'You can chose whether you want to enable or disable our DNS editor<br /><br />';
+		$question = '<strong>Do you want to enable the DNS editor? (default: no):</strong>&nbsp;';
+		$question .= makeyesno('enable_dns', '1', '0', '0') . '<br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201605170')) {
+		$has_preconfig = true;
+		$description = 'Froxlor now supports the dns-daemon Power-DNS, you can chose between bind and powerdns now.';
+		$question = '<strong>Select dns-daemon you want to use:</strong>&nbsp;';
+		$question .= '<select name="new_dns_daemon">';
+		$dnsdaemons = makeoption('Bind9', 'bind', 'bind');
+		$dnsdaemons .= makeoption('PowerDNS', 'pdns', 'bind');
+		$question .= $dnsdaemons . '</select>';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201609120')) {
+		if (Settings::Get('system.leenabled') == 1) {
+			$has_preconfig = true;
+			$description = 'You can now customize the path to your acme.conf file (global alias for Let\'s Encrypt). If you already set up Let\'s Encrypt and the acme.conf file, please set this to the complete path to the file!<br /><br />';
+			$question = '<strong>Path to the acme.conf alias-file.</strong><br />';
+			$question .= '<input type="text" class="text" name="acmeconffile" value="/etc/apache2/conf-enabled/acme.conf" /><br />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
+
+	if (versionInUpdate($current_db_version, '201609200')) {
+		$has_preconfig = true;
+		$description = 'Specify SMTP settings which froxlor should use to send mail (optional)<br /><br />';
+		$question = '<strong>Enable sending mails via SMTP?</strong><br />';
+		$question .= makeyesno('smtp_enable', '1', '0', '0') . '<br />';
+		$question .= '<strong>Enable sending mails via SMTP?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_host" value="localhost" /><br />';
+		$question .= '<strong>TCP port to connect to?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_port" value="25" /><br />';
+		$question .= '<strong>Enable TLS encryption?</strong><br />';
+		$question .= makeyesno('smtp_usetls', '1', '0', '1') . '<br />';
+		$question .= '<strong>Enable SMTP authentication?</strong><br />';
+		$question .= makeyesno('smtp_auth', '1', '0', '1') . '<br />';
+		$question .= '<strong>SMTP user?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_user" value="" /><br />';
+		$question .= '<strong>SMTP password?</strong><br />';
+		$question .= '<input type="password" class="text" name="smtp_passwd" value="" /><br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
 }
--- a/js/jquery-ui.min.js
+++ b/js/jquery-ui.min.js
--- a/lib/.gitignore
+++ b/lib/.gitignore
@@ -1 +0,0 @@
-userdata.inc.php
--- a/lib/ajax.php
+++ b/lib/ajax.php
@@ -40,7 +40,7 @@ if ($action == "newsfeed") {
 	if (isset($_GET['role']) && $_GET['role'] == "customer") {
 		$feed = Settings::Get("customer.news_feed_url");
 	} else {
-		$feed = "http://inside.froxlor.org/news/";
+		$feed = "https://inside.froxlor.org/news/";
 	}

 	if (function_exists("simplexml_load_file") == false) {
--- a/lib/classes/config/class.ConfigDaemon.php
+++ b/lib/classes/config/class.ConfigDaemon.php
@@ -393,14 +393,17 @@ class ConfigDaemon {
 		$return = 0;
 		switch ($attributes['mode']) {
 			case "isfile": if (!is_file($order)) { $return = -1; }; break;
+			case "notisfile": if (is_file($order)) { $return = -1; }; break;
 			case "isdir": if (!is_dir($order)) { $return = -1; }; break;
+			case "notisdir": if (is_dir($order)) { $return = -1; }; break;
 			case "false": if ($order == true) { $return = -1; }; break;
 			case "true": if ($order == false) { $return = -1; }; break;
 			case "notempty": if ($order == "") { $return = -1; }; break;
-			case "userexists": if (posix_getpwnam($order) === false) { $return = -1; }; break;
-			case "groupexists": if (posix_getgrnam($order) === false) { $return = -1; }; break;
-			case "usernotexists": if (is_array(posix_getpwnam($order))) { $return = -1; }; break;
-			case "groupnotexists": if (is_array(posix_getgrnam($order))) { $return = -1; }; break;
+			case "userexists": if (posix_getpwuid($order) === false) { $return = -1; }; break;
+			case "groupexists": if (posix_getgrgid($order) === false) { $return = -1; }; break;
+			case "usernotexists": if (is_array(posix_getpwuid($order))) { $return = -1; }; break;
+			case "groupnotexists": if (is_array(posix_getgrgid($order))) { $return = -1; }; break;
+			case "usernamenotexists": if (is_array(posix_getpwnam($order))) { $return = -1; }; break;
 			case "equals": $return = (isset($attributes['value']) && $attributes['value'] == $order ? 0 : -1); break;
 		}
 		return $return;
--- a/lib/classes/database/class.Database.php
+++ b/lib/classes/database/class.Database.php
@@ -323,15 +323,18 @@ class Database {
 		    $sql_root = array(0 => array('caption' => 'Default', 'host' => $sql['host'], 'socket' => (isset($sql['socket']) ? $sql['socket'] : null), 'user' => $sql['root_user'], 'password' => $sql['root_password']));
 		}

+		$substitutions = array(
+			$sql['password'] => 'DB_UNPRIV_PWD',
+			$sql_root[0]['password'] => 'DB_ROOT_PWD',
+		);
+
 		// hide username/password in messages
 		$error_message = $error->getMessage();
 		$error_trace = $error->getTraceAsString();
 		// error-message
-		$error_message = str_replace($sql['password'], 'DB_UNPRIV_PWD', $error_message);
-		$error_message = str_replace($sql_root[0]['password'], 'DB_ROOT_PWD', $error_message);
+		$error_message = self::_substitute($error_message, $substitutions);
 		// error-trace
-		$error_trace = str_replace($sql['password'], 'DB_UNPRIV_PWD', $error_trace);
-		$error_trace = str_replace($sql_root[0]['password'], 'DB_ROOT_PWD', $error_trace);
+		$error_trace = self::_substitute($error_trace, $substitutions);

 		if ($error->getCode() == 2003) {
 		    $error_message = "Unable to connect to database. Either the mysql-server is not running or your user/password is wrong.";
@@ -365,6 +368,9 @@ class Database {
 		@fclose($errlog);

 		if ($showerror) {
+			if (empty($sql['debug'])) {
+				$error_trace = '';
+			}

 			// fallback
 			$theme = 'Sparkle';
@@ -402,4 +408,58 @@ class Database {
 			die("We are sorry, but a MySQL - error occurred. The administrator may find more information in the syslog");
 		}
 	}
+
+	/**
+	 * Substitutes patterns in content.
+	 *
+	 * @param string $content
+	 * @param array $substitutions
+	 * @param int $minLength
+	 * @return string
+	 */
+	private static function _substitute($content, array $substitutions, $minLength = 6) {
+		$replacements = array();
+
+		foreach ($substitutions as $search => $replace) {
+			$replacements = $replacements + self::_createShiftedSubstitutions($search, $replace, $minLength);
+		}
+
+		$content = str_replace(
+			array_keys($replacements),
+			array_values($replacements),
+			$content
+		);
+
+		return $content;
+	}
+
+	/**
+	 * Creates substitutions, shifted by length, e.g.
+	 *
+	 * _createShiftedSubstitutions('abcdefgh', 'value', 4):
+	 *   array(
+	 *     'abcdefgh' => 'value',
+	 *     'abcdefg' => 'value',
+	 *     'abcdef' => 'value',
+	 *     'abcde' => 'value',
+	 *     'abcd' => 'value',
+	 *   )
+	 *
+	 * @param string $search
+	 * @param string $replace
+	 * @param int $minLength
+	 * @return array
+	 */
+	private static function _createShiftedSubstitutions($search, $replace, $minLength) {
+		$substitutions = array();
+		$length = strlen($search);
+
+		if ($length > $minLength) {
+			for ($shiftedLength = $length; $shiftedLength >= $minLength; $shiftedLength--) {
+				$substitutions[substr($search, 0, $shiftedLength)] = $replace;
+			}
+		}
+
+		return $substitutions;
+	}
 }
--- a/lib/classes/dns/class.DnsEntry.php
+++ b/lib/classes/dns/class.DnsEntry.php
@@ -0,0 +1,47 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Froxlor team <team@froxlor.org> (2016-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Classes
+ *
+ */
+class DnsEntry
+{
+
+	public $record;
+
+	public $ttl;
+
+	public $class = 'IN';
+
+	public $type;
+
+	public $priority;
+
+	public $content;
+
+	public function __construct($record = '', $type = 'A', $content = null, $prio = 0, $ttl = 18000, $class = 'IN')
+	{
+		$this->record = $record;
+		$this->type = $type;
+		$this->content = $content;
+		$this->priority = $prio;
+		$this->ttl = $ttl;
+		$this->class = $class;
+	}
+
+	public function __toString()
+	{
+		$result = $this->record . "\t" . $this->ttl . "\t" . $this->class . "\t" . $this->type . "\t" . (($this->priority >= 0 && ($this->type == 'MX' || $this->type == 'SRV')) ? $this->priority . "\t" : "") . $this->content . PHP_EOL;
+		return $result;
+	}
+}
--- a/lib/classes/dns/class.DnsZone.php
+++ b/lib/classes/dns/class.DnsZone.php
@@ -0,0 +1,47 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Froxlor team <team@froxlor.org> (2016-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Classes
+ *
+ */
+class DnsZone
+{
+
+	public $ttl;
+
+	public $origin;
+
+	public $serial;
+
+	public $records;
+
+	public function __construct($ttl = 18000, $origin = '', $serial = '', $records = null)
+	{
+		$this->ttl = $ttl;
+		$this->origin = $origin;
+		$this->serial = $serial;
+		$this->records = $records;
+	}
+
+	public function __toString()
+	{
+		$_zonefile = "\$TTL " . $this->ttl . PHP_EOL;
+		$_zonefile .= "\$ORIGIN " . $this->origin . "." . PHP_EOL;
+		if (! empty($this->records)) {
+			foreach ($this->records as $record) {
+				$_zonefile .= (string) $record;
+			}
+		}
+		return $_zonefile;
+	}
+}
--- a/lib/classes/idna/class.idna_convert.php
+++ b/lib/classes/idna/class.idna_convert.php
@@ -3461,3 +3461,4 @@ class idna_convert {
            )
    );
 }
+
--- a/lib/classes/idna/class.idna_convert_wrapper.php
+++ b/lib/classes/idna/class.idna_convert_wrapper.php
@@ -17,11 +17,12 @@
 *
 */

+// Source for updates: https://github.com/phlylabs/idna-convert.git
+
 /**
 * Class for wrapping a specific idna conversion class and offering a standard interface
 * @package Functions
 */
-
 class idna_convert_wrapper
 {
 	/**
@@ -37,7 +38,13 @@ class idna_convert_wrapper

 	public function __construct()
 	{
-		$this->idna_converter = new idna_convert();
+		// Instantiate it
+		if (version_compare("5.6.0", PHP_VERSION, ">=")) {
+			$this->idna_converter = new idna_convert(array('idn_version' => '2008', 'encode_german_sz' => false));
+		} else {
+			// use this when using new version of IdnaConverter (which does not work yet)
+			$this->idna_converter = new Mso\IdnaConvert\IdnaConvert();
+		}
 	}

 	/**
@@ -52,7 +59,22 @@ class idna_convert_wrapper

 	public function encode($to_encode)
 	{
+		if (version_compare("5.6.0", PHP_VERSION, ">=")) {
 			return $this->_do_action('encode', $to_encode);
+		} else {
+			$to_encode = $this->is_utf8($to_encode) ? $to_encode : utf8_encode($to_encode);
+			return $this->idna_converter->encode($to_encode);
+		}
+	}
+
+	public function encode_uri($to_encode)
+	{
+		if (version_compare("5.6.0", PHP_VERSION, ">=")) {
+			return $this->_do_action('encode', $to_encode);
+		} else {
+			$to_encode = $this->is_utf8($to_encode) ? $to_encode : utf8_encode($to_encode);
+			return $this->idna_converter->encodeUri($to_encode);
+		}
 	}

 	/**
@@ -67,7 +89,48 @@ class idna_convert_wrapper

 	public function decode($to_decode)
 	{
+		if (version_compare("5.6.0", PHP_VERSION, ">=")) {
 			return $this->_do_action('decode', $to_decode);
+		} else {
+			return $this->idna_converter->decode($to_decode);
+		}
+	}
+
+	/**
+	 * check whether a string is utf-8 encoded or not
+	 *
+	 * @param string $string
+	 *
+	 * @return boolean
+	 */
+	public function is_utf8($string = null) {
+
+		if (function_exists("mb_detect_encoding")) {
+			if (mb_detect_encoding($string, 'UTF-8, ISO-8859-1') === 'UTF-8') {
+				return true;
+			}
+			return false;
+		}
+		$strlen = strlen($string);
+		for ($i = 0; $i < $strlen; $i ++) {
+			$ord = ord($string[$i]);
+			if ($ord < 0x80)
+				continue; // 0bbbbbbb
+				elseif (($ord & 0xE0) === 0xC0 && $ord > 0xC1)
+				$n = 1; // 110bbbbb (exkl C0-C1)
+				elseif (($ord & 0xF0) === 0xE0)
+				$n = 2; // 1110bbbb
+				elseif (($ord & 0xF8) === 0xF0 && $ord < 0xF5)
+				$n = 3; // 11110bbb (exkl F5-FF)
+				else
+					return false; // ungültiges UTF-8-Zeichen
+					for ($c = 0; $c < $n; $c ++) // $n Folgebytes? // 10bbbbbb
+						if (++ $i === $strlen || (ord($string[$i]) & 0xC0) !== 0x80)
+							// ungültiges UTF-8-Zeichen
+							return false;
+		}
+		// kein ungültiges UTF-8-Zeichen gefunden
+		return true;
 	}

 	/**
@@ -141,5 +204,3 @@ class idna_convert_wrapper
 		return implode($sepchar, $strings);
 	}
 }
-
-?>
--- a/lib/classes/idna/ext/EncodingHelper.php
+++ b/lib/classes/idna/ext/EncodingHelper.php
@@ -0,0 +1,186 @@
+<?php
+/**
+ * Encoding Helper - convert various encodings to / from UTF-8
+ * @package IDNA Convert
+ * @subpackage charset transcoding
+ * @author Matthias Sommerfeld, <mso@phlylabs.de>
+ * @copyright 2003-2016 phlyLabs Berlin, http://phlylabs.de
+ * @version 1.0.0 2016-01-08
+ */
+
+namespace Mso\IdnaConvert;
+
+class EncodingHelper
+{
+    /**
+     * Convert a string from any of various encodings to UTF-8
+     *
+     * @param  string  $string String to encode
+     *[@param  string $encoding  Encoding; Default: ISO-8859-1]
+     *[@param  bool $safe_mode  Safe Mode: if set to TRUE, the original string is retunred on errors]
+     * @return  string|false  The encoded string or false on failure
+     * @since 0.0.1
+     */
+    public static function toUtf8($string = '', $encoding = 'iso-8859-1', $safe_mode = false)
+    {
+        $safe = ($safe_mode) ? $string : false;
+        if (strtoupper($encoding) == 'UTF-8' || strtoupper($encoding) == 'UTF8') {
+
+            return $string;
+        }
+        if (strtoupper($encoding) == 'ISO-8859-1') {
+
+            return \utf8_encode($string);
+
+        } if (strtoupper($encoding) == 'WINDOWS-1252') {
+
+            return \utf8_encode(self::map_w1252_iso8859_1($string));
+        }
+
+        if (strtoupper($encoding) == 'UNICODE-1-1-UTF-7') {
+            $encoding = 'utf-7';
+        }
+        if (function_exists('mb_convert_encoding')) {
+            $conv = @mb_convert_encoding($string, 'UTF-8', strtoupper($encoding));
+            if ($conv) {
+
+                return $conv;
+            }
+        }
+        if (function_exists('iconv')) {
+            $conv = @iconv(strtoupper($encoding), 'UTF-8', $string);
+            if ($conv) {
+
+                return $conv;
+            }
+        }
+        if (function_exists('libiconv')) {
+            $conv = @libiconv(strtoupper($encoding), 'UTF-8', $string);
+            if ($conv) {
+
+                return $conv;
+            }
+        }
+
+        return $safe;
+    }
+
+    /**
+     * Convert a string from UTF-8 to any of various encodings
+     *
+     * @param  string  $string String to decode
+     *[@param  string  $encoding Encoding; Default: ISO-8859-1]
+     *[@param  bool  $safe_mode Safe Mode: if set to TRUE, the original string is retunred on errors]
+     * @return  string|false  The decoded string or false on failure
+     * @since 0.0.1
+     */
+    public static function fromUtf8($string = '', $encoding = 'iso-8859-1', $safe_mode = false)
+    {
+        $safe = ($safe_mode) ? $string : false;
+        if (!$encoding) $encoding = 'ISO-8859-1';
+        if (strtoupper($encoding) == 'UTF-8' || strtoupper($encoding) == 'UTF8') {
+
+            return $string;
+        }
+        if (strtoupper($encoding) == 'ISO-8859-1') {
+
+            return utf8_decode($string);
+        }
+        if (strtoupper($encoding) == 'WINDOWS-1252') {
+
+            return self::map_iso8859_1_w1252(utf8_decode($string));
+        }
+
+        if (strtoupper($encoding) == 'UNICODE-1-1-UTF-7') {
+            $encoding = 'utf-7';
+        }
+        if (function_exists('mb_convert_encoding')) {
+            $conv = @mb_convert_encoding($string, strtoupper($encoding), 'UTF-8');
+            if ($conv) {
+
+                return $conv;
+            }
+        }
+        if (function_exists('iconv')) {
+            $conv = @iconv('UTF-8', strtoupper($encoding), $string);
+            if ($conv) {
+
+                return $conv;
+            }
+        }
+        if (function_exists('libiconv')) {
+            $conv = @libiconv('UTF-8', strtoupper($encoding), $string);
+            if ($conv) {
+
+                return $conv;
+            }
+        }
+
+        return $safe;
+    }
+
+    /**
+     * Special treatment for our guys in Redmond
+     * Windows-1252 is basically ISO-8859-1 -- with some exceptions, which get accounted for here
+     *
+     * @param  string $string Your input in Win1252
+     * @return string  The resulting ISO-8859-1 string
+     * @since 0.0.1
+     */
+    protected static function map_w1252_iso8859_1($string = '')
+    {
+        if ($string == '') {
+
+            return '';
+        }
+        $return = '';
+
+        for ($i = 0; $i < strlen($string); ++$i) {
+            $c = ord($string{$i});
+            switch ($c) {
+                case 129: $return .= chr(252); break;
+                case 132: $return .= chr(228); break;
+                case 142: $return .= chr(196); break;
+                case 148: $return .= chr(246); break;
+                case 153: $return .= chr(214); break;
+                case 154: $return .= chr(220); break;
+                case 225: $return .= chr(223); break;
+                default: $return .= chr($c);
+            }
+        }
+
+        return $return;
+    }
+
+    /**
+     * Special treatment for our guys in Redmond
+     * Windows-1252 is basically ISO-8859-1 -- with some exceptions, which get accounted for here
+     *
+     * @param  string $string  Your input in ISO-8859-1
+     * @return  string  The resulting Win1252 string
+     * @since 0.0.1
+     */
+    protected static function map_iso8859_1_w1252($string = '')
+    {
+        if ($string == '') {
+            return '';
+        }
+
+        $return = '';
+        for ($i = 0; $i < strlen($string); ++$i) {
+            $c = ord($string{$i});
+            switch ($c) {
+                case 196: $return .= chr(142); break;
+                case 214: $return .= chr(153); break;
+                case 220: $return .= chr(154); break;
+                case 223: $return .= chr(225); break;
+                case 228: $return .= chr(132); break;
+                case 246: $return .= chr(148); break;
+                case 252: $return .= chr(129); break;
+                default: $return .= chr($c);
+            }
+        }
+
+        return $return;
+    }
+}
--- a/lib/classes/idna/ext/IdnaConvert.php
+++ b/lib/classes/idna/ext/IdnaConvert.php
@@ -0,0 +1,405 @@
+<?php
+
+// {{{ license
+
+/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */
+//
+// +----------------------------------------------------------------------+
+// | This library is free software; you can redistribute it and/or modify |
+// | it under the terms of the GNU Lesser General Public License as       |
+// | published by the Free Software Foundation; either version 2.1 of the |
+// | License, or (at your option) any later version.                      |
+// |                                                                      |
+// | This library is distributed in the hope that it will be useful, but  |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of           |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU    |
+// | Lesser General Public License for more details.                      |
+// |                                                                      |
+// | You should have received a copy of the GNU Lesser General Public     |
+// | License along with this library; if not, write to the Free Software  |
+// | Foundation, Inc., 51 Franklin St, Boston, MA 02110, United States    |
+// +----------------------------------------------------------------------+
+//
+// }}}
+
+/**
+ * Encode/decode Internationalized Domain Names.
+ *
+ * The class allows to convert internationalized domain names
+ * (see RFC 3490 for details) as they can be used with various registries worldwide
+ * to be translated between their original (localized) form and their encoded form
+ * as it will be used in the DNS (Domain Name System).
+ *
+ * The class provides two public methods, encode() and decode(), which do exactly
+ * what you would expect them to do. You are allowed to use complete domain names,
+ * simple strings and complete email addresses as well. That means, that you might
+ * use any of the following notations:
+ *
+ * - www.nörgler.com
+ * - xn--nrgler-wxa
+ * - xn--brse-5qa.xn--knrz-1ra.info
+ *
+ * Unicode input might be given as either UTF-8 string, UCS-4 string or UCS-4 array.
+ * Unicode output is available in the same formats.
+ * You can select your preferred format via {@link set_paramter()}.
+ *
+ * ACE input and output is always expected to be ASCII.
+ *
+ * @author  Matthias Sommerfeld <mso@phlylabs.de>
+ * @copyright 2004-2016 phlyLabs Berlin, http://phlylabs.de
+ * @version 1.0.1-dev 2016-01-12
+ */
+
+namespace Mso\IdnaConvert;
+
+class IdnaConvert {
+
+    const Version = '1.1.0';
+    const SubVersion = 'main';
+
+    // Internal settings, do not touch!
+    protected $encoding = 'utf8';          // Default input charset is UTF-8
+    protected $strictMode = false;         // Behave strict or not
+    protected $idnVersion = '2008';          // Can be either 2003 (old) or 2008 (default)
+
+    protected $NamePrepData = null;
+    protected $UnicodeTranscoder = null;
+
+    /**
+     * the constructor
+     *
+     * @param array|null $params Parameters to control the class' behaviour
+     * @since 0.5.2
+     */
+    public function __construct($params = null)
+    {
+        $this->UnicodeTranscoder = new UnicodeTranscoder();
+
+        // Kept for backwarsds compatibility. Consider using the setter methods instead.
+        if (!empty($params) && is_array($params)) {
+            if (isset($params['encoding'])) {
+                $this->setEncoding($params['encoding']);
+            }
+
+            if (isset($params['idn_version'])) {
+                $this->setIdnVersion($params['idn_version']);
+            }
+
+            if (isset($params['strict_mode'])) {
+                $this->setStrictMode($params['strict_mode']);
+            }
+        }
+
+        $this->setIdnVersion($this->idnVersion);
+    }
+
+    public function getClassVersion()
+    {
+        return self::Version.'-'.self::SubVersion;
+    }
+
+    /**
+     * @return string
+     */
+    public function getEncoding()
+    {
+        return $this->encoding;
+    }
+
+    /**
+     * @param string $encoding
+     */
+    public function setEncoding($encoding)
+    {
+        switch ($encoding) {
+            case 'utf8':
+            case 'ucs4_string':
+            case 'ucs4_array':
+                $this->encoding = $encoding;
+                break;
+            default:
+                throw new \InvalidArgumentException(sprintf('Invalid encoding %s', $encoding));
+        }
+    }
+
+    /**
+     * @return boolean
+     */
+    public function isStrictMode()
+    {
+        return $this->strictMode;
+    }
+
+    /**
+     * @param boolean $strictMode
+     */
+    public function setStrictMode($strictMode)
+    {
+        $this->strictMode = ($strictMode) ? true : false;
+    }
+
+    /**
+     * @return int
+     */
+    public function getIdnVersion()
+    {
+        return $this->idnVersion;
+    }
+
+    /**
+     * @param int $idnVersion
+     */
+    public function setIdnVersion($idnVersion)
+    {
+        if (in_array($idnVersion, ['2003', '2008'])) {
+            if (is_null($this->NamePrepData) || $idnVersion != $this->idnVersion) {
+                $this->NamePrepData = null; // Ought to destroy the object's reference
+                // Re-instantiate with different data set
+                $this->NamePrepData = ($idnVersion == 2003)
+                        ? new NamePrepData2003()
+                        : new NamePrepData();
+            }
+
+            $this->idnVersion = $idnVersion;
+
+        } else {
+            throw new \InvalidArgumentException(sprintf('Invalid IDN version %d', $idnVersion));
+        }
+    }
+
+    /**
+     * Decode a given ACE domain name
+     * @param string $input  Domain name (ACE string)
+     * [@param string $one_time_encoding  Desired output encoding]
+     * @return string  Decoded Domain name (UTF-8 or UCS-4)
+     */
+    public function decode($input, $one_time_encoding = null)
+    {
+        $punyCode = $this->punycodeFactory();
+
+        // Optionally set
+        if ($one_time_encoding) {
+            switch ($one_time_encoding) {
+                case 'utf8':
+                case 'ucs4_string':
+                case 'ucs4_array':
+                    break;
+                default:
+                    throw new \InvalidArgumentException(sprintf('Invalid encoding %s', $one_time_encoding));
+            }
+        }
+        // Make sure to drop any newline characters around
+        $input = trim($input);
+
+        // Negotiate input and try to determine, whether it is a plain string,
+        // an email address or something like a complete URL
+        if (strpos($input, '@')) { // Maybe it is an email address
+            // No no in strict mode
+            if ($this->strictMode) {
+                throw new \InvalidArgumentException('Only individual domain name parts can be handled in strict mode');
+            }
+            list ($email_pref, $input) = explode('@', $input, 2);
+            $arr = explode('.', $input);
+            foreach ($arr as $k => $v) {
+                $conv = $punyCode->decode($v);
+                if ($conv) {
+                    $arr[$k] = $conv;
+                }
+            }
+            $input = join('.', $arr);
+            $arr = explode('.', $email_pref);
+            foreach ($arr as $k => $v) {
+                $conv = $punyCode->decode($v);
+                if ($conv) {
+                    $arr[$k] = $conv;
+                }
+            }
+            $email_pref = join('.', $arr);
+            $return = $email_pref . '@' . $input;
+        } elseif (preg_match('![:\./]!', $input)) { // Or a complete domain name (with or without paths / parameters)
+            // No no in strict mode
+            if ($this->strictMode) {
+                throw new \InvalidArgumentException('Only individual domain name parts can be handled in strict mode');
+            }
+            $parsed = parse_url($input);
+            if (isset($parsed['host'])) {
+                $arr = explode('.', $parsed['host']);
+                foreach ($arr as $k => $v) {
+                    $conv = $punyCode->decode($v);
+                    if ($conv) {
+                        $arr[$k] = $conv;
+                    }
+                }
+                $parsed['host'] = join('.', $arr);
+                $return = (empty($parsed['scheme']) ? '' : $parsed['scheme'] . (strtolower($parsed['scheme']) == 'mailto' ? ':' : '://')).
+                        (empty($parsed['user']) ? '' : $parsed['user'] . (empty($parsed['pass']) ? '' : ':' . $parsed['pass']) . '@').
+                        $parsed['host'].
+                        (empty($parsed['port']) ? '' : ':' . $parsed['port']).
+                        (empty($parsed['path']) ? '' : $parsed['path']).
+                        (empty($parsed['query']) ? '' : '?' . $parsed['query']).
+                        (empty($parsed['fragment']) ? '' : '#' . $parsed['fragment']);
+            } else { // parse_url seems to have failed, try without it
+                $arr = explode('.', $input);
+                foreach ($arr as $k => $v) {
+                    $conv = $punyCode->decode($v);
+                    if ($conv) {
+                        $arr[$k] = $conv;
+                    }
+                }
+                $return = join('.', $arr);
+            }
+        } else { // Otherwise we consider it being a pure domain name string
+            $return = $punyCode->decode($input);
+            if (!$return) {
+                $return = $input;
+            }
+        }
+        // The output is UTF-8 by default, other output formats need conversion here
+        // If one time encoding is given, use this, else the objects property
+        $outputEncoding = ($one_time_encoding) ? $one_time_encoding : $this->encoding;
+        switch ($outputEncoding) {
+            case 'utf8':
+                return $return; // break;
+            case 'ucs4_string':
+                return $this->UnicodeTranscoder->convert($return, 'utf8', 'ucs4');  // break;
+            case 'ucs4_array':
+                return $this->UnicodeTranscoder->convert($return, 'utf8', 'ucs4array');  // break;
+            default:
+                throw new \InvalidArgumentException(sprintf('Unsupported output encoding %s', $outputEncoding));
+        }
+    }
+
+    /**
+     * Encode a given UTF-8 domain name
+     * @param string $decoded  Domain name (UTF-8 or UCS-4)
+     * [@param boolean  $one_time_encoding  Desired input encoding, see {@link set_parameter}]
+     * @return string   Encoded Domain name (ACE string)
+     */
+    public function encode($decoded, $one_time_encoding = false)
+    {
+        // Forcing conversion of input to UCS4 array
+        // If one time encoding is given, use this, else the objects property
+        $inputEncoding = $one_time_encoding ? $one_time_encoding : $this->encoding;
+        switch ($inputEncoding) {
+            case 'utf8':
+                $decoded = $this->UnicodeTranscoder->convert($decoded, 'utf8', 'ucs4array');
+                break;
+            case 'ucs4_string':
+                $decoded = $this->UnicodeTranscoder->convert($decoded, 'ucs4', 'ucs4array');
+                break;
+            case 'ucs4_array':
+                break;
+            default:
+                throw new \InvalidArgumentException(sprintf('Unsupported input encoding %s', $inputEncoding));
+        }
+
+        // No input, no output, what else did you expect?
+        if (empty($decoded)) {
+            return '';
+        }
+
+        $punyCode = $this->punycodeFactory();
+
+        // Anchors for iteration
+        $last_begin = 0;
+        // Output string
+        $output = '';
+        foreach ($decoded as $k => $v) {
+            // Make sure to use just the plain dot
+            switch ($v) {
+                case 0x3002:
+                case 0xFF0E:
+                case 0xFF61:
+                    $decoded[$k] = 0x2E;
+                    // Right, no break here, the above are converted to dots anyway
+                // Stumbling across an anchoring character
+                case 0x2E:
+                case 0x2F:
+                case 0x3A:
+                case 0x3F:
+                case 0x40:
+                    // Neither email addresses nor URLs allowed in strict mode
+                    if ($this->strictMode) {
+                        throw new \InvalidArgumentException('Neither email addresses nor URLs are allowed in strict mode.');
+                    } else {
+                        // Skip first char
+                        if ($k) {
+                            $encoded = $punyCode->encode(array_slice($decoded, $last_begin, (($k) - $last_begin)));
+                            if ($encoded) {
+                                $output .= $encoded;
+                            } else {
+                                $output .= $this->UnicodeTranscoder->convert(array_slice($decoded, $last_begin, (($k) - $last_begin)), 'ucs4array', 'utf8');
+                            }
+                            $output .= chr($decoded[$k]);
+                        }
+                        $last_begin = $k + 1;
+                    }
+            }
+        }
+        // Catch the rest of the string
+        if ($last_begin) {
+            $inp_len = sizeof($decoded);
+            $encoded = $punyCode->encode(array_slice($decoded, $last_begin, (($inp_len) - $last_begin)));
+            if ($encoded) {
+                $output .= $encoded;
+            } else {
+                $output .= $this->UnicodeTranscoder->convert(array_slice($decoded, $last_begin, (($inp_len) - $last_begin)), 'ucs4array', 'utf8');
+            }
+            return $output;
+        } else {
+            if (false !== ($output = $punyCode->encode($decoded))) {
+                return $output;
+            } else {
+                return $this->UnicodeTranscoder->convert($decoded, 'ucs4array', 'utf8');
+            }
+        }
+    }
+
+    /**
+     * Mitigates a weakness of encode(), which cannot properly handle URIs but instead encodes their
+     * path or query components, too.
+     * @param string  $uri  Expects the URI as a UTF-8 (or ASCII) string
+     * @return  string  The URI encoded to Punycode, everything but the host component is left alone
+     * @since 0.6.4
+     */
+    public function encodeUri($uri)
+    {
+        $parsed = parse_url($uri);
+        if (!isset($parsed['host'])) {
+            throw new \InvalidArgumentException('The given string does not look like a URI');
+        }
+        $arr = explode('.', $parsed['host']);
+        foreach ($arr as $k => $v) {
+            $conv = $this->encode($v, 'utf8');
+            if ($conv) {
+                $arr[$k] = $conv;
+            }
+        }
+        $parsed['host'] = join('.', $arr);
+        $return = (empty($parsed['scheme']) ? '' : $parsed['scheme'] . (strtolower($parsed['scheme']) == 'mailto' ? ':' : '://')).
+                (empty($parsed['user']) ? '' : $parsed['user'] . (empty($parsed['pass']) ? '' : ':' . $parsed['pass']) . '@').
+                $parsed['host'].
+                (empty($parsed['port']) ? '' : ':' . $parsed['port']).
+                (empty($parsed['path']) ? '' : $parsed['path']).
+                (empty($parsed['query']) ? '' : '?' . $parsed['query']).
+                (empty($parsed['fragment']) ? '' : '#' . $parsed['fragment']);
+        return $return;
+    }
+
+    /**
+     * The actual punycode class is rather costly, as well as passing the huge nameprep database around.
+     * This factory method allows to ease the burden when dealing with multiple IDN versions.
+     *
+     * @return \Mso\IdnaConvert\Punycode
+     */
+    protected function punycodeFactory()
+    {
+        static $instances = [];
+
+        if (!isset($instances[$this->idnVersion])) {
+            $instances[$this->idnVersion] = new Punycode($this->NamePrepData, $this->UnicodeTranscoder);
+        }
+        return $instances[$this->idnVersion];
+    }
+
+}
--- a/lib/classes/idna/ext/NamePrepData.php
+++ b/lib/classes/idna/ext/NamePrepData.php
--- a/lib/classes/idna/ext/NamePrepData2003.php
+++ b/lib/classes/idna/ext/NamePrepData2003.php
@@ -0,0 +1,501 @@
+<?php
+
+namespace Mso\IdnaConvert;
+
+class NamePrepData2003 extends NamePrepData implements NamePrepDataInterface
+{
+    public $replaceMaps = [
+            0x41 => [0x61], 0x42 => [0x62], 0x43 => [0x63],
+            0x44 => [0x64], 0x45 => [0x65], 0x46 => [0x66], 0x47 => [0x67],
+            0x48 => [0x68], 0x49 => [0x69], 0x4A => [0x6A], 0x4B => [0x6B],
+            0x4C => [0x6C], 0x4D => [0x6D], 0x4E => [0x6E], 0x4F => [0x6F],
+            0x50 => [0x70], 0x51 => [0x71], 0x52 => [0x72], 0x53 => [0x73],
+            0x54 => [0x74], 0x55 => [0x75], 0x56 => [0x76], 0x57 => [0x77],
+            0x58 => [0x78], 0x59 => [0x79], 0x5A => [0x7A], 0xB5 => [0x3BC],
+            0xC0 => [0xE0], 0xC1 => [0xE1], 0xC2 => [0xE2], 0xC3 => [0xE3],
+            0xC4 => [0xE4], 0xC5 => [0xE5], 0xC6 => [0xE6], 0xC7 => [0xE7],
+            0xC8 => [0xE8], 0xC9 => [0xE9], 0xCA => [0xEA], 0xCB => [0xEB],
+            0xCC => [0xEC], 0xCD => [0xED], 0xCE => [0xEE], 0xCF => [0xEF],
+            0xD0 => [0xF0], 0xD1 => [0xF1], 0xD2 => [0xF2], 0xD3 => [0xF3],
+            0xD4 => [0xF4], 0xD5 => [0xF5], 0xD6 => [0xF6], 0xD8 => [0xF8],
+            0xD9 => [0xF9], 0xDA => [0xFA], 0xDB => [0xFB], 0xDC => [0xFC],
+            0xDD => [0xFD], 0xDE => [0xFE], 0xDF => [0x73, 0x73],
+            0x100 => [0x101], 0x102 => [0x103], 0x104 => [0x105],
+            0x106 => [0x107], 0x108 => [0x109], 0x10A => [0x10B],
+            0x10C => [0x10D], 0x10E => [0x10F], 0x110 => [0x111],
+            0x112 => [0x113], 0x114 => [0x115], 0x116 => [0x117],
+            0x118 => [0x119], 0x11A => [0x11B], 0x11C => [0x11D],
+            0x11E => [0x11F], 0x120 => [0x121], 0x122 => [0x123],
+            0x124 => [0x125], 0x126 => [0x127], 0x128 => [0x129],
+            0x12A => [0x12B], 0x12C => [0x12D], 0x12E => [0x12F],
+            0x130 => [0x69, 0x307], 0x132 => [0x133], 0x134 => [0x135],
+            0x136 => [0x137], 0x139 => [0x13A], 0x13B => [0x13C],
+            0x13D => [0x13E], 0x13F => [0x140], 0x141 => [0x142],
+            0x143 => [0x144], 0x145 => [0x146], 0x147 => [0x148],
+            0x149 => [0x2BC, 0x6E], 0x14A => [0x14B], 0x14C => [0x14D],
+            0x14E => [0x14F], 0x150 => [0x151], 0x152 => [0x153],
+            0x154 => [0x155], 0x156 => [0x157], 0x158 => [0x159],
+            0x15A => [0x15B], 0x15C => [0x15D], 0x15E => [0x15F],
+            0x160 => [0x161], 0x162 => [0x163], 0x164 => [0x165],
+            0x166 => [0x167], 0x168 => [0x169], 0x16A => [0x16B],
+            0x16C => [0x16D], 0x16E => [0x16F], 0x170 => [0x171],
+            0x172 => [0x173], 0x174 => [0x175], 0x176 => [0x177],
+            0x178 => [0xFF], 0x179 => [0x17A], 0x17B => [0x17C],
+            0x17D => [0x17E], 0x17F => [0x73], 0x181 => [0x253],
+            0x182 => [0x183], 0x184 => [0x185], 0x186 => [0x254],
+            0x187 => [0x188], 0x189 => [0x256], 0x18A => [0x257],
+            0x18B => [0x18C], 0x18E => [0x1DD], 0x18F => [0x259],
+            0x190 => [0x25B], 0x191 => [0x192], 0x193 => [0x260],
+            0x194 => [0x263], 0x196 => [0x269], 0x197 => [0x268],
+            0x198 => [0x199], 0x19C => [0x26F], 0x19D => [0x272],
+            0x19F => [0x275], 0x1A0 => [0x1A1], 0x1A2 => [0x1A3],
+            0x1A4 => [0x1A5], 0x1A6 => [0x280], 0x1A7 => [0x1A8],
+            0x1A9 => [0x283], 0x1AC => [0x1AD], 0x1AE => [0x288],
+            0x1AF => [0x1B0], 0x1B1 => [0x28A], 0x1B2 => [0x28B],
+            0x1B3 => [0x1B4], 0x1B5 => [0x1B6], 0x1B7 => [0x292],
+            0x1B8 => [0x1B9], 0x1BC => [0x1BD], 0x1C4 => [0x1C6],
+            0x1C5 => [0x1C6], 0x1C7 => [0x1C9], 0x1C8 => [0x1C9],
+            0x1CA => [0x1CC], 0x1CB => [0x1CC], 0x1CD => [0x1CE],
+            0x1CF => [0x1D0], 0x1D1 => [0x1D2], 0x1D3 => [0x1D4],
+            0x1D5 => [0x1D6], 0x1D7 => [0x1D8], 0x1D9 => [0x1DA],
+            0x1DB => [0x1DC], 0x1DE => [0x1DF], 0x1E0 => [0x1E1],
+            0x1E2 => [0x1E3], 0x1E4 => [0x1E5], 0x1E6 => [0x1E7],
+            0x1E8 => [0x1E9], 0x1EA => [0x1EB], 0x1EC => [0x1ED],
+            0x1EE => [0x1EF], 0x1F0 => [0x6A, 0x30C], 0x1F1 => [0x1F3],
+            0x1F2 => [0x1F3], 0x1F4 => [0x1F5], 0x1F6 => [0x195],
+            0x1F7 => [0x1BF], 0x1F8 => [0x1F9], 0x1FA => [0x1FB],
+            0x1FC => [0x1FD], 0x1FE => [0x1FF], 0x200 => [0x201],
+            0x202 => [0x203], 0x204 => [0x205], 0x206 => [0x207],
+            0x208 => [0x209], 0x20A => [0x20B], 0x20C => [0x20D],
+            0x20E => [0x20F], 0x210 => [0x211], 0x212 => [0x213],
+            0x214 => [0x215], 0x216 => [0x217], 0x218 => [0x219],
+            0x21A => [0x21B], 0x21C => [0x21D], 0x21E => [0x21F],
+            0x220 => [0x19E], 0x222 => [0x223], 0x224 => [0x225],
+            0x226 => [0x227], 0x228 => [0x229], 0x22A => [0x22B],
+            0x22C => [0x22D], 0x22E => [0x22F], 0x230 => [0x231],
+            0x232 => [0x233], 0x345 => [0x3B9], 0x37A => [0x20, 0x3B9],
+            0x386 => [0x3AC], 0x388 => [0x3AD], 0x389 => [0x3AE],
+            0x38A => [0x3AF], 0x38C => [0x3CC], 0x38E => [0x3CD],
+            0x38F => [0x3CE], 0x390 => [0x3B9, 0x308, 0x301],
+            0x391 => [0x3B1], 0x392 => [0x3B2], 0x393 => [0x3B3],
+            0x394 => [0x3B4], 0x395 => [0x3B5], 0x396 => [0x3B6],
+            0x397 => [0x3B7], 0x398 => [0x3B8], 0x399 => [0x3B9],
+            0x39A => [0x3BA], 0x39B => [0x3BB], 0x39C => [0x3BC],
+            0x39D => [0x3BD], 0x39E => [0x3BE], 0x39F => [0x3BF],
+            0x3A0 => [0x3C0], 0x3A1 => [0x3C1], 0x3A3 => [0x3C3],
+            0x3A4 => [0x3C4], 0x3A5 => [0x3C5], 0x3A6 => [0x3C6],
+            0x3A7 => [0x3C7], 0x3A8 => [0x3C8], 0x3A9 => [0x3C9],
+            0x3AA => [0x3CA], 0x3AB => [0x3CB], 0x3B0 => [0x3C5, 0x308, 0x301],
+            0x3C2 => [0x3C3], 0x3D0 => [0x3B2], 0x3D1 => [0x3B8],
+            0x3D2 => [0x3C5], 0x3D3 => [0x3CD], 0x3D4 => [0x3CB],
+            0x3D5 => [0x3C6], 0x3D6 => [0x3C0], 0x3D8 => [0x3D9],
+            0x3DA => [0x3DB], 0x3DC => [0x3DD], 0x3DE => [0x3DF],
+            0x3E0 => [0x3E1], 0x3E2 => [0x3E3], 0x3E4 => [0x3E5],
+            0x3E6 => [0x3E7], 0x3E8 => [0x3E9], 0x3EA => [0x3EB],
+            0x3EC => [0x3ED], 0x3EE => [0x3EF], 0x3F0 => [0x3BA],
+            0x3F1 => [0x3C1], 0x3F2 => [0x3C3], 0x3F4 => [0x3B8],
+            0x3F5 => [0x3B5], 0x400 => [0x450], 0x401 => [0x451],
+            0x402 => [0x452], 0x403 => [0x453], 0x404 => [0x454],
+            0x405 => [0x455], 0x406 => [0x456], 0x407 => [0x457],
+            0x408 => [0x458], 0x409 => [0x459], 0x40A => [0x45A],
+            0x40B => [0x45B], 0x40C => [0x45C], 0x40D => [0x45D],
+            0x40E => [0x45E], 0x40F => [0x45F], 0x410 => [0x430],
+            0x411 => [0x431], 0x412 => [0x432], 0x413 => [0x433],
+            0x414 => [0x434], 0x415 => [0x435], 0x416 => [0x436],
+            0x417 => [0x437], 0x418 => [0x438], 0x419 => [0x439],
+            0x41A => [0x43A], 0x41B => [0x43B], 0x41C => [0x43C],
+            0x41D => [0x43D], 0x41E => [0x43E], 0x41F => [0x43F],
+            0x420 => [0x440], 0x421 => [0x441], 0x422 => [0x442],
+            0x423 => [0x443], 0x424 => [0x444], 0x425 => [0x445],
+            0x426 => [0x446], 0x427 => [0x447], 0x428 => [0x448],
+            0x429 => [0x449], 0x42A => [0x44A], 0x42B => [0x44B],
+            0x42C => [0x44C], 0x42D => [0x44D], 0x42E => [0x44E],
+            0x42F => [0x44F], 0x460 => [0x461], 0x462 => [0x463],
+            0x464 => [0x465], 0x466 => [0x467], 0x468 => [0x469],
+            0x46A => [0x46B], 0x46C => [0x46D], 0x46E => [0x46F],
+            0x470 => [0x471], 0x472 => [0x473], 0x474 => [0x475],
+            0x476 => [0x477], 0x478 => [0x479], 0x47A => [0x47B],
+            0x47C => [0x47D], 0x47E => [0x47F], 0x480 => [0x481],
+            0x48A => [0x48B], 0x48C => [0x48D], 0x48E => [0x48F],
+            0x490 => [0x491], 0x492 => [0x493], 0x494 => [0x495],
+            0x496 => [0x497], 0x498 => [0x499], 0x49A => [0x49B],
+            0x49C => [0x49D], 0x49E => [0x49F], 0x4A0 => [0x4A1],
+            0x4A2 => [0x4A3], 0x4A4 => [0x4A5], 0x4A6 => [0x4A7],
+            0x4A8 => [0x4A9], 0x4AA => [0x4AB], 0x4AC => [0x4AD],
+            0x4AE => [0x4AF], 0x4B0 => [0x4B1], 0x4B2 => [0x4B3],
+            0x4B4 => [0x4B5], 0x4B6 => [0x4B7], 0x4B8 => [0x4B9],
+            0x4BA => [0x4BB], 0x4BC => [0x4BD], 0x4BE => [0x4BF],
+            0x4C1 => [0x4C2], 0x4C3 => [0x4C4], 0x4C5 => [0x4C6],
+            0x4C7 => [0x4C8], 0x4C9 => [0x4CA], 0x4CB => [0x4CC],
+            0x4CD => [0x4CE], 0x4D0 => [0x4D1], 0x4D2 => [0x4D3],
+            0x4D4 => [0x4D5], 0x4D6 => [0x4D7], 0x4D8 => [0x4D9],
+            0x4DA => [0x4DB], 0x4DC => [0x4DD], 0x4DE => [0x4DF],
+            0x4E0 => [0x4E1], 0x4E2 => [0x4E3], 0x4E4 => [0x4E5],
+            0x4E6 => [0x4E7], 0x4E8 => [0x4E9], 0x4EA => [0x4EB],
+            0x4EC => [0x4ED], 0x4EE => [0x4EF], 0x4F0 => [0x4F1],
+            0x4F2 => [0x4F3], 0x4F4 => [0x4F5], 0x4F8 => [0x4F9],
+            0x500 => [0x501], 0x502 => [0x503], 0x504 => [0x505],
+            0x506 => [0x507], 0x508 => [0x509], 0x50A => [0x50B],
+            0x50C => [0x50D], 0x50E => [0x50F], 0x531 => [0x561],
+            0x532 => [0x562], 0x533 => [0x563], 0x534 => [0x564],
+            0x535 => [0x565], 0x536 => [0x566], 0x537 => [0x567],
+            0x538 => [0x568], 0x539 => [0x569], 0x53A => [0x56A],
+            0x53B => [0x56B], 0x53C => [0x56C], 0x53D => [0x56D],
+            0x53E => [0x56E], 0x53F => [0x56F], 0x540 => [0x570],
+            0x541 => [0x571], 0x542 => [0x572], 0x543 => [0x573],
+            0x544 => [0x574], 0x545 => [0x575], 0x546 => [0x576],
+            0x547 => [0x577], 0x548 => [0x578], 0x549 => [0x579],
+            0x54A => [0x57A], 0x54B => [0x57B], 0x54C => [0x57C],
+            0x54D => [0x57D], 0x54E => [0x57E], 0x54F => [0x57F],
+            0x550 => [0x580], 0x551 => [0x581], 0x552 => [0x582],
+            0x553 => [0x583], 0x554 => [0x584], 0x555 => [0x585],
+            0x556 => [0x586], 0x587 => [0x565, 0x582], 0xE33 => [0xE4D, 0xE32],
+            0x1E00 => [0x1E01], 0x1E02 => [0x1E03], 0x1E04 => [0x1E05],
+            0x1E06 => [0x1E07], 0x1E08 => [0x1E09], 0x1E0A => [0x1E0B],
+            0x1E0C => [0x1E0D], 0x1E0E => [0x1E0F], 0x1E10 => [0x1E11],
+            0x1E12 => [0x1E13], 0x1E14 => [0x1E15], 0x1E16 => [0x1E17],
+            0x1E18 => [0x1E19], 0x1E1A => [0x1E1B], 0x1E1C => [0x1E1D],
+            0x1E1E => [0x1E1F], 0x1E20 => [0x1E21], 0x1E22 => [0x1E23],
+            0x1E24 => [0x1E25], 0x1E26 => [0x1E27], 0x1E28 => [0x1E29],
+            0x1E2A => [0x1E2B], 0x1E2C => [0x1E2D], 0x1E2E => [0x1E2F],
+            0x1E30 => [0x1E31], 0x1E32 => [0x1E33], 0x1E34 => [0x1E35],
+            0x1E36 => [0x1E37], 0x1E38 => [0x1E39], 0x1E3A => [0x1E3B],
+            0x1E3C => [0x1E3D], 0x1E3E => [0x1E3F], 0x1E40 => [0x1E41],
+            0x1E42 => [0x1E43], 0x1E44 => [0x1E45], 0x1E46 => [0x1E47],
+            0x1E48 => [0x1E49], 0x1E4A => [0x1E4B], 0x1E4C => [0x1E4D],
+            0x1E4E => [0x1E4F], 0x1E50 => [0x1E51], 0x1E52 => [0x1E53],
+            0x1E54 => [0x1E55], 0x1E56 => [0x1E57], 0x1E58 => [0x1E59],
+            0x1E5A => [0x1E5B], 0x1E5C => [0x1E5D], 0x1E5E => [0x1E5F],
+            0x1E60 => [0x1E61], 0x1E62 => [0x1E63], 0x1E64 => [0x1E65],
+            0x1E66 => [0x1E67], 0x1E68 => [0x1E69], 0x1E6A => [0x1E6B],
+            0x1E6C => [0x1E6D], 0x1E6E => [0x1E6F], 0x1E70 => [0x1E71],
+            0x1E72 => [0x1E73], 0x1E74 => [0x1E75], 0x1E76 => [0x1E77],
+            0x1E78 => [0x1E79], 0x1E7A => [0x1E7B], 0x1E7C => [0x1E7D],
+            0x1E7E => [0x1E7F], 0x1E80 => [0x1E81], 0x1E82 => [0x1E83],
+            0x1E84 => [0x1E85], 0x1E86 => [0x1E87], 0x1E88 => [0x1E89],
+            0x1E8A => [0x1E8B], 0x1E8C => [0x1E8D], 0x1E8E => [0x1E8F],
+            0x1E90 => [0x1E91], 0x1E92 => [0x1E93], 0x1E94 => [0x1E95],
+            0x1E96 => [0x68, 0x331], 0x1E97 => [0x74, 0x308], 0x1E98 => [0x77, 0x30A],
+            0x1E99 => [0x79, 0x30A], 0x1E9A => [0x61, 0x2BE], 0x1E9B => [0x1E61],
+            0x1EA0 => [0x1EA1], 0x1EA2 => [0x1EA3], 0x1EA4 => [0x1EA5],
+            0x1EA6 => [0x1EA7], 0x1EA8 => [0x1EA9], 0x1EAA => [0x1EAB],
+            0x1EAC => [0x1EAD], 0x1EAE => [0x1EAF], 0x1EB0 => [0x1EB1],
+            0x1EB2 => [0x1EB3], 0x1EB4 => [0x1EB5], 0x1EB6 => [0x1EB7],
+            0x1EB8 => [0x1EB9], 0x1EBA => [0x1EBB], 0x1EBC => [0x1EBD],
+            0x1EBE => [0x1EBF], 0x1EC0 => [0x1EC1], 0x1EC2 => [0x1EC3],
+            0x1EC4 => [0x1EC5], 0x1EC6 => [0x1EC7], 0x1EC8 => [0x1EC9],
+            0x1ECA => [0x1ECB], 0x1ECC => [0x1ECD], 0x1ECE => [0x1ECF],
+            0x1ED0 => [0x1ED1], 0x1ED2 => [0x1ED3], 0x1ED4 => [0x1ED5],
+            0x1ED6 => [0x1ED7], 0x1ED8 => [0x1ED9], 0x1EDA => [0x1EDB],
+            0x1EDC => [0x1EDD], 0x1EDE => [0x1EDF], 0x1EE0 => [0x1EE1],
+            0x1EE2 => [0x1EE3], 0x1EE4 => [0x1EE5], 0x1EE6 => [0x1EE7],
+            0x1EE8 => [0x1EE9], 0x1EEA => [0x1EEB], 0x1EEC => [0x1EED],
+            0x1EEE => [0x1EEF], 0x1EF0 => [0x1EF1], 0x1EF2 => [0x1EF3],
+            0x1EF4 => [0x1EF5], 0x1EF6 => [0x1EF7], 0x1EF8 => [0x1EF9],
+            0x1F08 => [0x1F00], 0x1F09 => [0x1F01], 0x1F0A => [0x1F02],
+            0x1F0B => [0x1F03], 0x1F0C => [0x1F04], 0x1F0D => [0x1F05],
+            0x1F0E => [0x1F06], 0x1F0F => [0x1F07], 0x1F18 => [0x1F10],
+            0x1F19 => [0x1F11], 0x1F1A => [0x1F12], 0x1F1B => [0x1F13],
+            0x1F1C => [0x1F14], 0x1F1D => [0x1F15], 0x1F28 => [0x1F20],
+            0x1F29 => [0x1F21], 0x1F2A => [0x1F22], 0x1F2B => [0x1F23],
+            0x1F2C => [0x1F24], 0x1F2D => [0x1F25], 0x1F2E => [0x1F26],
+            0x1F2F => [0x1F27], 0x1F38 => [0x1F30], 0x1F39 => [0x1F31],
+            0x1F3A => [0x1F32], 0x1F3B => [0x1F33], 0x1F3C => [0x1F34],
+            0x1F3D => [0x1F35], 0x1F3E => [0x1F36], 0x1F3F => [0x1F37],
+            0x1F48 => [0x1F40], 0x1F49 => [0x1F41], 0x1F4A => [0x1F42],
+            0x1F4B => [0x1F43], 0x1F4C => [0x1F44], 0x1F4D => [0x1F45],
+            0x1F50 => [0x3C5, 0x313], 0x1F52 => [0x3C5, 0x313, 0x300],
+            0x1F54 => [0x3C5, 0x313, 0x301], 0x1F56 => [0x3C5, 0x313, 0x342],
+            0x1F59 => [0x1F51], 0x1F5B => [0x1F53], 0x1F5D => [0x1F55],
+            0x1F5F => [0x1F57], 0x1F68 => [0x1F60], 0x1F69 => [0x1F61],
+            0x1F6A => [0x1F62], 0x1F6B => [0x1F63], 0x1F6C => [0x1F64],
+            0x1F6D => [0x1F65], 0x1F6E => [0x1F66], 0x1F6F => [0x1F67],
+            0x1F80 => [0x1F00, 0x3B9], 0x1F81 => [0x1F01, 0x3B9],
+            0x1F82 => [0x1F02, 0x3B9], 0x1F83 => [0x1F03, 0x3B9],
+            0x1F84 => [0x1F04, 0x3B9], 0x1F85 => [0x1F05, 0x3B9],
+            0x1F86 => [0x1F06, 0x3B9], 0x1F87 => [0x1F07, 0x3B9],
+            0x1F88 => [0x1F00, 0x3B9], 0x1F89 => [0x1F01, 0x3B9],
+            0x1F8A => [0x1F02, 0x3B9], 0x1F8B => [0x1F03, 0x3B9],
+            0x1F8C => [0x1F04, 0x3B9], 0x1F8D => [0x1F05, 0x3B9],
+            0x1F8E => [0x1F06, 0x3B9], 0x1F8F => [0x1F07, 0x3B9],
+            0x1F90 => [0x1F20, 0x3B9], 0x1F91 => [0x1F21, 0x3B9],
+            0x1F92 => [0x1F22, 0x3B9], 0x1F93 => [0x1F23, 0x3B9],
+            0x1F94 => [0x1F24, 0x3B9], 0x1F95 => [0x1F25, 0x3B9],
+            0x1F96 => [0x1F26, 0x3B9], 0x1F97 => [0x1F27, 0x3B9],
+            0x1F98 => [0x1F20, 0x3B9], 0x1F99 => [0x1F21, 0x3B9],
+            0x1F9A => [0x1F22, 0x3B9], 0x1F9B => [0x1F23, 0x3B9],
+            0x1F9C => [0x1F24, 0x3B9], 0x1F9D => [0x1F25, 0x3B9],
+            0x1F9E => [0x1F26, 0x3B9], 0x1F9F => [0x1F27, 0x3B9],
+            0x1FA0 => [0x1F60, 0x3B9], 0x1FA1 => [0x1F61, 0x3B9],
+            0x1FA2 => [0x1F62, 0x3B9], 0x1FA3 => [0x1F63, 0x3B9],
+            0x1FA4 => [0x1F64, 0x3B9], 0x1FA5 => [0x1F65, 0x3B9],
+            0x1FA6 => [0x1F66, 0x3B9], 0x1FA7 => [0x1F67, 0x3B9],
+            0x1FA8 => [0x1F60, 0x3B9], 0x1FA9 => [0x1F61, 0x3B9],
+            0x1FAA => [0x1F62, 0x3B9], 0x1FAB => [0x1F63, 0x3B9],
+            0x1FAC => [0x1F64, 0x3B9], 0x1FAD => [0x1F65, 0x3B9],
+            0x1FAE => [0x1F66, 0x3B9], 0x1FAF => [0x1F67, 0x3B9],
+            0x1FB2 => [0x1F70, 0x3B9], 0x1FB3 => [0x3B1, 0x3B9],
+            0x1FB4 => [0x3AC, 0x3B9], 0x1FB6 => [0x3B1, 0x342],
+            0x1FB7 => [0x3B1, 0x342, 0x3B9], 0x1FB8 => [0x1FB0],
+            0x1FB9 => [0x1FB1], 0x1FBA => [0x1F70], 0x1FBB => [0x1F71],
+            0x1FBC => [0x3B1, 0x3B9], 0x1FBE => [0x3B9],
+            0x1FC2 => [0x1F74, 0x3B9], 0x1FC3 => [0x3B7, 0x3B9],
+            0x1FC4 => [0x3AE, 0x3B9], 0x1FC6 => [0x3B7, 0x342],
+            0x1FC7 => [0x3B7, 0x342, 0x3B9], 0x1FC8 => [0x1F72],
+            0x1FC9 => [0x1F73], 0x1FCA => [0x1F74], 0x1FCB => [0x1F75],
+            0x1FCC => [0x3B7, 0x3B9], 0x1FD2 => [0x3B9, 0x308, 0x300],
+            0x1FD3 => [0x3B9, 0x308, 0x301], 0x1FD6 => [0x3B9, 0x342],
+            0x1FD7 => [0x3B9, 0x308, 0x342], 0x1FD8 => [0x1FD0],
+            0x1FD9 => [0x1FD1], 0x1FDA => [0x1F76],
+            0x1FDB => [0x1F77], 0x1FE2 => [0x3C5, 0x308, 0x300],
+            0x1FE3 => [0x3C5, 0x308, 0x301], 0x1FE4 => [0x3C1, 0x313],
+            0x1FE6 => [0x3C5, 0x342], 0x1FE7 => [0x3C5, 0x308, 0x342],
+            0x1FE8 => [0x1FE0], 0x1FE9 => [0x1FE1],
+            0x1FEA => [0x1F7A], 0x1FEB => [0x1F7B],
+            0x1FEC => [0x1FE5], 0x1FF2 => [0x1F7C, 0x3B9],
+            0x1FF3 => [0x3C9, 0x3B9], 0x1FF4 => [0x3CE, 0x3B9],
+            0x1FF6 => [0x3C9, 0x342], 0x1FF7 => [0x3C9, 0x342, 0x3B9],
+            0x1FF8 => [0x1F78], 0x1FF9 => [0x1F79], 0x1FFA => [0x1F7C],
+            0x1FFB => [0x1F7D], 0x1FFC => [0x3C9, 0x3B9],
+            0x20A8 => [0x72, 0x73], 0x2102 => [0x63], 0x2103 => [0xB0, 0x63],
+            0x2107 => [0x25B], 0x2109 => [0xB0, 0x66], 0x210B => [0x68],
+            0x210C => [0x68], 0x210D => [0x68], 0x2110 => [0x69],
+            0x2111 => [0x69], 0x2112 => [0x6C], 0x2115 => [0x6E],
+            0x2116 => [0x6E, 0x6F], 0x2119 => [0x70], 0x211A => [0x71],
+            0x211B => [0x72], 0x211C => [0x72], 0x211D => [0x72],
+            0x2120 => [0x73, 0x6D], 0x2121 => [0x74, 0x65, 0x6C],
+            0x2122 => [0x74, 0x6D], 0x2124 => [0x7A], 0x2126 => [0x3C9],
+            0x2128 => [0x7A], 0x212A => [0x6B], 0x212B => [0xE5],
+            0x212C => [0x62], 0x212D => [0x63], 0x2130 => [0x65],
+            0x2131 => [0x66], 0x2133 => [0x6D], 0x213E => [0x3B3],
+            0x213F => [0x3C0], 0x2145 => [0x64], 0x2160 => [0x2170],
+            0x2161 => [0x2171], 0x2162 => [0x2172], 0x2163 => [0x2173],
+            0x2164 => [0x2174], 0x2165 => [0x2175], 0x2166 => [0x2176],
+            0x2167 => [0x2177], 0x2168 => [0x2178], 0x2169 => [0x2179],
+            0x216A => [0x217A], 0x216B => [0x217B], 0x216C => [0x217C],
+            0x216D => [0x217D], 0x216E => [0x217E], 0x216F => [0x217F],
+            0x24B6 => [0x24D0], 0x24B7 => [0x24D1], 0x24B8 => [0x24D2],
+            0x24B9 => [0x24D3], 0x24BA => [0x24D4], 0x24BB => [0x24D5],
+            0x24BC => [0x24D6], 0x24BD => [0x24D7], 0x24BE => [0x24D8],
+            0x24BF => [0x24D9], 0x24C0 => [0x24DA], 0x24C1 => [0x24DB],
+            0x24C2 => [0x24DC], 0x24C3 => [0x24DD], 0x24C4 => [0x24DE],
+            0x24C5 => [0x24DF], 0x24C6 => [0x24E0], 0x24C7 => [0x24E1],
+            0x24C8 => [0x24E2], 0x24C9 => [0x24E3], 0x24CA => [0x24E4],
+            0x24CB => [0x24E5], 0x24CC => [0x24E6], 0x24CD => [0x24E7],
+            0x24CE => [0x24E8], 0x24CF => [0x24E9], 0x3371 => [0x68, 0x70, 0x61],
+            0x3373 => [0x61, 0x75], 0x3375 => [0x6F, 0x76],
+            0x3380 => [0x70, 0x61], 0x3381 => [0x6E, 0x61],
+            0x3382 => [0x3BC, 0x61], 0x3383 => [0x6D, 0x61],
+            0x3384 => [0x6B, 0x61], 0x3385 => [0x6B, 0x62],
+            0x3386 => [0x6D, 0x62], 0x3387 => [0x67, 0x62],
+            0x338A => [0x70, 0x66], 0x338B => [0x6E, 0x66],
+            0x338C => [0x3BC, 0x66], 0x3390 => [0x68, 0x7A],
+            0x3391 => [0x6B, 0x68, 0x7A], 0x3392 => [0x6D, 0x68, 0x7A],
+            0x3393 => [0x67, 0x68, 0x7A], 0x3394 => [0x74, 0x68, 0x7A],
+            0x33A9 => [0x70, 0x61], 0x33AA => [0x6B, 0x70, 0x61],
+            0x33AB => [0x6D, 0x70, 0x61], 0x33AC => [0x67, 0x70, 0x61],
+            0x33B4 => [0x70, 0x76], 0x33B5 => [0x6E, 0x76],
+            0x33B6 => [0x3BC, 0x76], 0x33B7 => [0x6D, 0x76],
+            0x33B8 => [0x6B, 0x76], 0x33B9 => [0x6D, 0x76],
+            0x33BA => [0x70, 0x77], 0x33BB => [0x6E, 0x77],
+            0x33BC => [0x3BC, 0x77], 0x33BD => [0x6D, 0x77],
+            0x33BE => [0x6B, 0x77], 0x33BF => [0x6D, 0x77],
+            0x33C0 => [0x6B, 0x3C9], 0x33C1 => [0x6D, 0x3C9], /*
+            0x33C2  => array(0x61, 0x2E, 0x6D, 0x2E), */
+            0x33C3 => [0x62, 0x71], 0x33C6 => [0x63, 0x2215, 0x6B, 0x67],
+            0x33C7 => [0x63, 0x6F, 0x2E], 0x33C8 => [0x64, 0x62],
+            0x33C9 => [0x67, 0x79], 0x33CB => [0x68, 0x70],
+            0x33CD => [0x6B, 0x6B], 0x33CE => [0x6B, 0x6D],
+            0x33D7 => [0x70, 0x68], 0x33D9 => [0x70, 0x70, 0x6D],
+            0x33DA => [0x70, 0x72], 0x33DC => [0x73, 0x76],
+            0x33DD => [0x77, 0x62], 0xFB00 => [0x66, 0x66],
+            0xFB01 => [0x66, 0x69], 0xFB02 => [0x66, 0x6C],
+            0xFB03 => [0x66, 0x66, 0x69], 0xFB04 => [0x66, 0x66, 0x6C],
+            0xFB05 => [0x73, 0x74], 0xFB06 => [0x73, 0x74],
+            0xFB13 => [0x574, 0x576], 0xFB14 => [0x574, 0x565],
+            0xFB15 => [0x574, 0x56B], 0xFB16 => [0x57E, 0x576],
+            0xFB17 => [0x574, 0x56D], 0xFF21 => [0xFF41],
+            0xFF22 => [0xFF42], 0xFF23 => [0xFF43], 0xFF24 => [0xFF44],
+            0xFF25 => [0xFF45], 0xFF26 => [0xFF46], 0xFF27 => [0xFF47],
+            0xFF28 => [0xFF48], 0xFF29 => [0xFF49], 0xFF2A => [0xFF4A],
+            0xFF2B => [0xFF4B], 0xFF2C => [0xFF4C], 0xFF2D => [0xFF4D],
+            0xFF2E => [0xFF4E], 0xFF2F => [0xFF4F], 0xFF30 => [0xFF50],
+            0xFF31 => [0xFF51], 0xFF32 => [0xFF52], 0xFF33 => [0xFF53],
+            0xFF34 => [0xFF54], 0xFF35 => [0xFF55], 0xFF36 => [0xFF56],
+            0xFF37 => [0xFF57], 0xFF38 => [0xFF58], 0xFF39 => [0xFF59],
+            0xFF3A => [0xFF5A], 0x10400 => [0x10428], 0x10401 => [0x10429],
+            0x10402 => [0x1042A], 0x10403 => [0x1042B], 0x10404 => [0x1042C],
+            0x10405 => [0x1042D], 0x10406 => [0x1042E], 0x10407 => [0x1042F],
+            0x10408 => [0x10430], 0x10409 => [0x10431], 0x1040A => [0x10432],
+            0x1040B => [0x10433], 0x1040C => [0x10434], 0x1040D => [0x10435],
+            0x1040E => [0x10436], 0x1040F => [0x10437], 0x10410 => [0x10438],
+            0x10411 => [0x10439], 0x10412 => [0x1043A], 0x10413 => [0x1043B],
+            0x10414 => [0x1043C], 0x10415 => [0x1043D], 0x10416 => [0x1043E],
+            0x10417 => [0x1043F], 0x10418 => [0x10440], 0x10419 => [0x10441],
+            0x1041A => [0x10442], 0x1041B => [0x10443], 0x1041C => [0x10444],
+            0x1041D => [0x10445], 0x1041E => [0x10446], 0x1041F => [0x10447],
+            0x10420 => [0x10448], 0x10421 => [0x10449], 0x10422 => [0x1044A],
+            0x10423 => [0x1044B], 0x10424 => [0x1044C], 0x10425 => [0x1044D],
+            0x1D400 => [0x61], 0x1D401 => [0x62], 0x1D402 => [0x63],
+            0x1D403 => [0x64], 0x1D404 => [0x65], 0x1D405 => [0x66],
+            0x1D406 => [0x67], 0x1D407 => [0x68], 0x1D408 => [0x69],
+            0x1D409 => [0x6A], 0x1D40A => [0x6B], 0x1D40B => [0x6C],
+            0x1D40C => [0x6D], 0x1D40D => [0x6E], 0x1D40E => [0x6F],
+            0x1D40F => [0x70], 0x1D410 => [0x71], 0x1D411 => [0x72],
+            0x1D412 => [0x73], 0x1D413 => [0x74], 0x1D414 => [0x75],
+            0x1D415 => [0x76], 0x1D416 => [0x77], 0x1D417 => [0x78],
+            0x1D418 => [0x79], 0x1D419 => [0x7A], 0x1D434 => [0x61],
+            0x1D435 => [0x62], 0x1D436 => [0x63], 0x1D437 => [0x64],
+            0x1D438 => [0x65], 0x1D439 => [0x66], 0x1D43A => [0x67],
+            0x1D43B => [0x68], 0x1D43C => [0x69], 0x1D43D => [0x6A],
+            0x1D43E => [0x6B], 0x1D43F => [0x6C], 0x1D440 => [0x6D],
+            0x1D441 => [0x6E], 0x1D442 => [0x6F], 0x1D443 => [0x70],
+            0x1D444 => [0x71], 0x1D445 => [0x72], 0x1D446 => [0x73],
+            0x1D447 => [0x74], 0x1D448 => [0x75], 0x1D449 => [0x76],
+            0x1D44A => [0x77], 0x1D44B => [0x78], 0x1D44C => [0x79],
+            0x1D44D => [0x7A], 0x1D468 => [0x61], 0x1D469 => [0x62],
+            0x1D46A => [0x63], 0x1D46B => [0x64], 0x1D46C => [0x65],
+            0x1D46D => [0x66], 0x1D46E => [0x67], 0x1D46F => [0x68],
+            0x1D470 => [0x69], 0x1D471 => [0x6A], 0x1D472 => [0x6B],
+            0x1D473 => [0x6C], 0x1D474 => [0x6D], 0x1D475 => [0x6E],
+            0x1D476 => [0x6F], 0x1D477 => [0x70], 0x1D478 => [0x71],
+            0x1D479 => [0x72], 0x1D47A => [0x73], 0x1D47B => [0x74],
+            0x1D47C => [0x75], 0x1D47D => [0x76], 0x1D47E => [0x77],
+            0x1D47F => [0x78], 0x1D480 => [0x79], 0x1D481 => [0x7A],
+            0x1D49C => [0x61], 0x1D49E => [0x63], 0x1D49F => [0x64],
+            0x1D4A2 => [0x67], 0x1D4A5 => [0x6A], 0x1D4A6 => [0x6B],
+            0x1D4A9 => [0x6E], 0x1D4AA => [0x6F], 0x1D4AB => [0x70],
+            0x1D4AC => [0x71], 0x1D4AE => [0x73], 0x1D4AF => [0x74],
+            0x1D4B0 => [0x75], 0x1D4B1 => [0x76], 0x1D4B2 => [0x77],
+            0x1D4B3 => [0x78], 0x1D4B4 => [0x79], 0x1D4B5 => [0x7A],
+            0x1D4D0 => [0x61], 0x1D4D1 => [0x62], 0x1D4D2 => [0x63],
+            0x1D4D3 => [0x64], 0x1D4D4 => [0x65], 0x1D4D5 => [0x66],
+            0x1D4D6 => [0x67], 0x1D4D7 => [0x68], 0x1D4D8 => [0x69],
+            0x1D4D9 => [0x6A], 0x1D4DA => [0x6B], 0x1D4DB => [0x6C],
+            0x1D4DC => [0x6D], 0x1D4DD => [0x6E], 0x1D4DE => [0x6F],
+            0x1D4DF => [0x70], 0x1D4E0 => [0x71], 0x1D4E1 => [0x72],
+            0x1D4E2 => [0x73], 0x1D4E3 => [0x74], 0x1D4E4 => [0x75],
+            0x1D4E5 => [0x76], 0x1D4E6 => [0x77], 0x1D4E7 => [0x78],
+            0x1D4E8 => [0x79], 0x1D4E9 => [0x7A], 0x1D504 => [0x61],
+            0x1D505 => [0x62], 0x1D507 => [0x64], 0x1D508 => [0x65],
+            0x1D509 => [0x66], 0x1D50A => [0x67], 0x1D50D => [0x6A],
+            0x1D50E => [0x6B], 0x1D50F => [0x6C], 0x1D510 => [0x6D],
+            0x1D511 => [0x6E], 0x1D512 => [0x6F], 0x1D513 => [0x70],
+            0x1D514 => [0x71], 0x1D516 => [0x73], 0x1D517 => [0x74],
+            0x1D518 => [0x75], 0x1D519 => [0x76], 0x1D51A => [0x77],
+            0x1D51B => [0x78], 0x1D51C => [0x79], 0x1D538 => [0x61],
+            0x1D539 => [0x62], 0x1D53B => [0x64], 0x1D53C => [0x65],
+            0x1D53D => [0x66], 0x1D53E => [0x67], 0x1D540 => [0x69],
+            0x1D541 => [0x6A], 0x1D542 => [0x6B], 0x1D543 => [0x6C],
+            0x1D544 => [0x6D], 0x1D546 => [0x6F], 0x1D54A => [0x73],
+            0x1D54B => [0x74], 0x1D54C => [0x75], 0x1D54D => [0x76],
+            0x1D54E => [0x77], 0x1D54F => [0x78], 0x1D550 => [0x79],
+            0x1D56C => [0x61], 0x1D56D => [0x62], 0x1D56E => [0x63],
+            0x1D56F => [0x64], 0x1D570 => [0x65], 0x1D571 => [0x66],
+            0x1D572 => [0x67], 0x1D573 => [0x68], 0x1D574 => [0x69],
+            0x1D575 => [0x6A], 0x1D576 => [0x6B], 0x1D577 => [0x6C],
+            0x1D578 => [0x6D], 0x1D579 => [0x6E], 0x1D57A => [0x6F],
+            0x1D57B => [0x70], 0x1D57C => [0x71], 0x1D57D => [0x72],
+            0x1D57E => [0x73], 0x1D57F => [0x74], 0x1D580 => [0x75],
+            0x1D581 => [0x76], 0x1D582 => [0x77], 0x1D583 => [0x78],
+            0x1D584 => [0x79], 0x1D585 => [0x7A], 0x1D5A0 => [0x61],
+            0x1D5A1 => [0x62], 0x1D5A2 => [0x63], 0x1D5A3 => [0x64],
+            0x1D5A4 => [0x65], 0x1D5A5 => [0x66], 0x1D5A6 => [0x67],
+            0x1D5A7 => [0x68], 0x1D5A8 => [0x69], 0x1D5A9 => [0x6A],
+            0x1D5AA => [0x6B], 0x1D5AB => [0x6C], 0x1D5AC => [0x6D],
+            0x1D5AD => [0x6E], 0x1D5AE => [0x6F], 0x1D5AF => [0x70],
+            0x1D5B0 => [0x71], 0x1D5B1 => [0x72], 0x1D5B2 => [0x73],
+            0x1D5B3 => [0x74], 0x1D5B4 => [0x75], 0x1D5B5 => [0x76],
+            0x1D5B6 => [0x77], 0x1D5B7 => [0x78], 0x1D5B8 => [0x79],
+            0x1D5B9 => [0x7A], 0x1D5D4 => [0x61], 0x1D5D5 => [0x62],
+            0x1D5D6 => [0x63], 0x1D5D7 => [0x64], 0x1D5D8 => [0x65],
+            0x1D5D9 => [0x66], 0x1D5DA => [0x67], 0x1D5DB => [0x68],
+            0x1D5DC => [0x69], 0x1D5DD => [0x6A], 0x1D5DE => [0x6B],
+            0x1D5DF => [0x6C], 0x1D5E0 => [0x6D], 0x1D5E1 => [0x6E],
+            0x1D5E2 => [0x6F], 0x1D5E3 => [0x70], 0x1D5E4 => [0x71],
+            0x1D5E5 => [0x72], 0x1D5E6 => [0x73], 0x1D5E7 => [0x74],
+            0x1D5E8 => [0x75], 0x1D5E9 => [0x76], 0x1D5EA => [0x77],
+            0x1D5EB => [0x78], 0x1D5EC => [0x79], 0x1D5ED => [0x7A],
+            0x1D608 => [0x61], 0x1D609 => [0x62], 0x1D60A => [0x63],
+            0x1D60B => [0x64], 0x1D60C => [0x65], 0x1D60D => [0x66],
+            0x1D60E => [0x67], 0x1D60F => [0x68], 0x1D610 => [0x69],
+            0x1D611 => [0x6A], 0x1D612 => [0x6B], 0x1D613 => [0x6C],
+            0x1D614 => [0x6D], 0x1D615 => [0x6E], 0x1D616 => [0x6F],
+            0x1D617 => [0x70], 0x1D618 => [0x71], 0x1D619 => [0x72],
+            0x1D61A => [0x73], 0x1D61B => [0x74], 0x1D61C => [0x75],
+            0x1D61D => [0x76], 0x1D61E => [0x77], 0x1D61F => [0x78],
+            0x1D620 => [0x79], 0x1D621 => [0x7A], 0x1D63C => [0x61],
+            0x1D63D => [0x62], 0x1D63E => [0x63], 0x1D63F => [0x64],
+            0x1D640 => [0x65], 0x1D641 => [0x66], 0x1D642 => [0x67],
+            0x1D643 => [0x68], 0x1D644 => [0x69], 0x1D645 => [0x6A],
+            0x1D646 => [0x6B], 0x1D647 => [0x6C], 0x1D648 => [0x6D],
+            0x1D649 => [0x6E], 0x1D64A => [0x6F], 0x1D64B => [0x70],
+            0x1D64C => [0x71], 0x1D64D => [0x72], 0x1D64E => [0x73],
+            0x1D64F => [0x74], 0x1D650 => [0x75], 0x1D651 => [0x76],
+            0x1D652 => [0x77], 0x1D653 => [0x78], 0x1D654 => [0x79],
+            0x1D655 => [0x7A], 0x1D670 => [0x61], 0x1D671 => [0x62],
+            0x1D672 => [0x63], 0x1D673 => [0x64], 0x1D674 => [0x65],
+            0x1D675 => [0x66], 0x1D676 => [0x67], 0x1D677 => [0x68],
+            0x1D678 => [0x69], 0x1D679 => [0x6A], 0x1D67A => [0x6B],
+            0x1D67B => [0x6C], 0x1D67C => [0x6D], 0x1D67D => [0x6E],
+            0x1D67E => [0x6F], 0x1D67F => [0x70], 0x1D680 => [0x71],
+            0x1D681 => [0x72], 0x1D682 => [0x73], 0x1D683 => [0x74],
+            0x1D684 => [0x75], 0x1D685 => [0x76], 0x1D686 => [0x77],
+            0x1D687 => [0x78], 0x1D688 => [0x79], 0x1D689 => [0x7A],
+            0x1D6A8 => [0x3B1], 0x1D6A9 => [0x3B2], 0x1D6AA => [0x3B3],
+            0x1D6AB => [0x3B4], 0x1D6AC => [0x3B5], 0x1D6AD => [0x3B6],
+            0x1D6AE => [0x3B7], 0x1D6AF => [0x3B8], 0x1D6B0 => [0x3B9],
+            0x1D6B1 => [0x3BA], 0x1D6B2 => [0x3BB], 0x1D6B3 => [0x3BC],
+            0x1D6B4 => [0x3BD], 0x1D6B5 => [0x3BE], 0x1D6B6 => [0x3BF],
+            0x1D6B7 => [0x3C0], 0x1D6B8 => [0x3C1], 0x1D6B9 => [0x3B8],
+            0x1D6BA => [0x3C3], 0x1D6BB => [0x3C4], 0x1D6BC => [0x3C5],
+            0x1D6BD => [0x3C6], 0x1D6BE => [0x3C7], 0x1D6BF => [0x3C8],
+            0x1D6C0 => [0x3C9], 0x1D6D3 => [0x3C3], 0x1D6E2 => [0x3B1],
+            0x1D6E3 => [0x3B2], 0x1D6E4 => [0x3B3], 0x1D6E5 => [0x3B4],
+            0x1D6E6 => [0x3B5], 0x1D6E7 => [0x3B6], 0x1D6E8 => [0x3B7],
+            0x1D6E9 => [0x3B8], 0x1D6EA => [0x3B9], 0x1D6EB => [0x3BA],
+            0x1D6EC => [0x3BB], 0x1D6ED => [0x3BC], 0x1D6EE => [0x3BD],
+            0x1D6EF => [0x3BE], 0x1D6F0 => [0x3BF], 0x1D6F1 => [0x3C0],
+            0x1D6F2 => [0x3C1], 0x1D6F3 => [0x3B8], 0x1D6F4 => [0x3C3],
+            0x1D6F5 => [0x3C4], 0x1D6F6 => [0x3C5], 0x1D6F7 => [0x3C6],
+            0x1D6F8 => [0x3C7], 0x1D6F9 => [0x3C8], 0x1D6FA => [0x3C9],
+            0x1D70D => [0x3C3], 0x1D71C => [0x3B1], 0x1D71D => [0x3B2],
+            0x1D71E => [0x3B3], 0x1D71F => [0x3B4], 0x1D720 => [0x3B5],
+            0x1D721 => [0x3B6], 0x1D722 => [0x3B7], 0x1D723 => [0x3B8],
+            0x1D724 => [0x3B9], 0x1D725 => [0x3BA], 0x1D726 => [0x3BB],
+            0x1D727 => [0x3BC], 0x1D728 => [0x3BD], 0x1D729 => [0x3BE],
+            0x1D72A => [0x3BF], 0x1D72B => [0x3C0], 0x1D72C => [0x3C1],
+            0x1D72D => [0x3B8], 0x1D72E => [0x3C3], 0x1D72F => [0x3C4],
+            0x1D730 => [0x3C5], 0x1D731 => [0x3C6], 0x1D732 => [0x3C7],
+            0x1D733 => [0x3C8], 0x1D734 => [0x3C9], 0x1D747 => [0x3C3],
+            0x1D756 => [0x3B1], 0x1D757 => [0x3B2], 0x1D758 => [0x3B3],
+            0x1D759 => [0x3B4], 0x1D75A => [0x3B5], 0x1D75B => [0x3B6],
+            0x1D75C => [0x3B7], 0x1D75D => [0x3B8], 0x1D75E => [0x3B9],
+            0x1D75F => [0x3BA], 0x1D760 => [0x3BB], 0x1D761 => [0x3BC],
+            0x1D762 => [0x3BD], 0x1D763 => [0x3BE], 0x1D764 => [0x3BF],
+            0x1D765 => [0x3C0], 0x1D766 => [0x3C1], 0x1D767 => [0x3B8],
+            0x1D768 => [0x3C3], 0x1D769 => [0x3C4], 0x1D76A => [0x3C5],
+            0x1D76B => [0x3C6], 0x1D76C => [0x3C7], 0x1D76D => [0x3C8],
+            0x1D76E => [0x3C9], 0x1D781 => [0x3C3], 0x1D790 => [0x3B1],
+            0x1D791 => [0x3B2], 0x1D792 => [0x3B3], 0x1D793 => [0x3B4],
+            0x1D794 => [0x3B5], 0x1D795 => [0x3B6], 0x1D796 => [0x3B7],
+            0x1D797 => [0x3B8], 0x1D798 => [0x3B9], 0x1D799 => [0x3BA],
+            0x1D79A => [0x3BB], 0x1D79B => [0x3BC], 0x1D79C => [0x3BD],
+            0x1D79D => [0x3BE], 0x1D79E => [0x3BF], 0x1D79F => [0x3C0],
+            0x1D7A0 => [0x3C1], 0x1D7A1 => [0x3B8], 0x1D7A2 => [0x3C3],
+            0x1D7A3 => [0x3C4], 0x1D7A4 => [0x3C5], 0x1D7A5 => [0x3C6],
+            0x1D7A6 => [0x3C7], 0x1D7A7 => [0x3C8], 0x1D7A8 => [0x3C9],
+            0x1D7BB => [0x3C3], 0x3F9 => [0x3C3], 0x1D2C => [0x61],
+            0x1D2D => [0xE6], 0x1D2E => [0x62], 0x1D30 => [0x64],
+            0x1D31 => [0x65], 0x1D32 => [0x1DD], 0x1D33 => [0x67],
+            0x1D34 => [0x68], 0x1D35 => [0x69], 0x1D36 => [0x6A],
+            0x1D37 => [0x6B], 0x1D38 => [0x6C], 0x1D39 => [0x6D],
+            0x1D3A => [0x6E], 0x1D3C => [0x6F], 0x1D3D => [0x223],
+            0x1D3E => [0x70], 0x1D3F => [0x72], 0x1D40 => [0x74],
+            0x1D41 => [0x75], 0x1D42 => [0x77], 0x213B => [0x66, 0x61, 0x78],
+            0x3250 => [0x70, 0x74, 0x65], 0x32CC => [0x68, 0x67],
+            0x32CE => [0x65, 0x76], 0x32CF => [0x6C, 0x74, 0x64],
+            0x337A => [0x69, 0x75], 0x33DE => [0x76, 0x2215, 0x6D],
+            0x33DF => [0x61, 0x2215, 0x6D]
+    ];
+}
--- a/lib/classes/idna/ext/NamePrepDataInterface.php
+++ b/lib/classes/idna/ext/NamePrepDataInterface.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace Mso\IdnaConvert;
+
+interface NamePrepDataInterface
+{
+}
--- a/lib/classes/idna/ext/Punycode.php
+++ b/lib/classes/idna/ext/Punycode.php
@@ -0,0 +1,555 @@
+<?php
+
+// {{{ license
+
+/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */
+//
+// +----------------------------------------------------------------------+
+// | This library is free software; you can redistribute it and/or modify |
+// | it under the terms of the GNU Lesser General Public License as       |
+// | published by the Free Software Foundation; either version 2.1 of the |
+// | License, or (at your option) any later version.                      |
+// |                                                                      |
+// | This library is distributed in the hope that it will be useful, but  |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of           |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU    |
+// | Lesser General Public License for more details.                      |
+// |                                                                      |
+// | You should have received a copy of the GNU Lesser General Public     |
+// | License along with this library; if not, write to the Free Software  |
+// | Foundation, Inc., 51 Franklin St, Boston, MA 02110, United States    |
+// +----------------------------------------------------------------------+
+//
+// }}}
+
+ /*
+ * @author  Matthias Sommerfeld <mso@phlylabs.de>
+ * @copyright 2004-2016 phlyLabs Berlin, http://phlylabs.de
+ * @version 1.0.1 2016-01-24
+ */
+
+namespace Mso\IdnaConvert;
+
+class Punycode implements PunycodeInterface
+{
+    // Internal settings, do not touch!
+    const punycodePrefix = 'xn--';
+    const invalidUcs = 0x80000000;
+    const maxUcs = 0x10FFFF;
+    const base = 36;
+    const tMin = 1;
+    const tMax = 26;
+    const skew = 38;
+    const damp = 700;
+    const initialBias = 72;
+    const initialN = 0x80;
+    const sBase = 0xAC00;
+    const lBase = 0x1100;
+    const vBase = 0x1161;
+    const tBase = 0x11A7;
+    const lCount = 19;
+    const vCount = 21;
+    const tCount = 28;
+    const nCount = 588;   // vCount * tCount
+    const sCount = 11172; // lCount * tCount * vCount
+    const sLast = self::sBase + self::lCount * self::vCount * self::tCount;
+
+    protected static $isMbStringOverload = null;
+
+    protected $NamePrepData;
+    protected $UnicodeTranscoder;
+
+    /**
+     * the constructor
+     *
+     * @param $NamePrepData NamePrepDataInterface inject NamePrepData object
+     * @param $UnicodeTranscoder UnicodeTranscoderInterface inject Unicode Transcoder
+     * @since 0.5.2
+     */
+    public function __construct(NamePrepDataInterface $NamePrepData, UnicodeTranscoderInterface $UnicodeTranscoder)
+    {
+        // populate mbstring overloading cache if not set
+        if (self::$isMbStringOverload === null) {
+            self::$isMbStringOverload = (extension_loaded('mbstring') && (ini_get('mbstring.func_overload') & 0x02) === 0x02);
+        }
+
+        $this->NamePrepData = $NamePrepData;
+        $this->UnicodeTranscoder = $UnicodeTranscoder;
+    }
+
+    /**
+     * Returns the used prefix for punycode-encoded strings
+     * @return string
+     */
+    public function getPunycodePrefix()
+    {
+        return self::punycodePrefix;
+    }
+
+    /**
+     * Checks, whether or not the provided string is a valid punycode string
+     * @param string $encoded
+     * @return boolean
+     */
+    public function validate($encoded) {
+        // Check for existence of the prefix
+        if (strpos($encoded, self::punycodePrefix) !== 0) {
+            return false;
+        }
+        // If nothing is left after the prefix, it is hopeless
+        if (strlen(trim($encoded)) <= strlen(self::punycodePrefix)) {
+            return false;
+        }
+        return true;
+    }
+
+    /**
+     * The actual decoding algorithm
+     * @param string
+     * @return mixed
+     */
+    public function decode($encoded)
+    {
+        if (!$this->validate($encoded)) {
+            return false;
+        }
+
+        $decoded = [];
+        // Find last occurence of the delimiter
+        $delim_pos = strrpos($encoded, '-');
+        if ($delim_pos > self::byteLength(self::punycodePrefix)) {
+            for ($k = self::byteLength(self::punycodePrefix); $k < $delim_pos; ++$k) {
+                $decoded[] = ord($encoded{$k});
+            }
+        }
+        $deco_len = count($decoded);
+        $enco_len = self::byteLength($encoded);
+
+        // Wandering through the strings; init
+        $is_first = true;
+        $bias = self::initialBias;
+        $idx = 0;
+        $char = self::initialN;
+
+        for ($enco_idx = ($delim_pos) ? ($delim_pos + 1) : 0; $enco_idx < $enco_len; ++$deco_len) {
+            for ($old_idx = $idx, $w = 1, $k = self::base; 1; $k += self::base) {
+                $digit = $this->decodeDigit($encoded{$enco_idx++});
+                $idx += $digit * $w;
+                $t = ($k <= $bias) ? self::tMin :
+                        (($k >= $bias + self::tMax) ? self::tMax : ($k - $bias));
+                if ($digit < $t) {
+                    break;
+                }
+                $w = (int) ($w * (self::base - $t));
+            }
+            $bias = $this->adapt($idx - $old_idx, $deco_len + 1, $is_first);
+            $is_first = false;
+            $char += (int) ($idx / ($deco_len + 1));
+            $idx %= ($deco_len + 1);
+            if ($deco_len > 0) {
+                // Make room for the decoded char
+                for ($i = $deco_len; $i > $idx; $i--) {
+                    $decoded[$i] = $decoded[($i - 1)];
+                }
+            }
+            $decoded[$idx++] = $char;
+        }
+        return $this->UnicodeTranscoder->ucs4array_utf8($decoded);
+    }
+
+    /**
+     * The actual encoding algorithm
+     * @param  array $decoded
+     * @return mixed
+     */
+    public function encode($decoded)
+    {
+        // We cannot encode a domain name containing the Punycode prefix
+        $extract = self::byteLength(self::punycodePrefix);
+        $check_pref = $this->UnicodeTranscoder->utf8_ucs4array(self::punycodePrefix);
+        $check_deco = array_slice($decoded, 0, $extract);
+
+        if ($check_pref == $check_deco) {
+            throw new \InvalidArgumentException('This is already a Punycode string');
+        }
+        // We will not try to encode strings consisting of basic code points only
+        $encodable = false;
+        foreach ($decoded as $k => $v) {
+            if ($v > 0x7a) {
+                $encodable = true;
+                break;
+            }
+        }
+        if (!$encodable) {
+            return false;
+        }
+        // Do NAMEPREP
+        $decoded = $this->namePrep($decoded);
+        if (!$decoded || !is_array($decoded)) {
+            return false; // NAMEPREP failed
+        }
+        $deco_len = count($decoded);
+        if (!$deco_len) {
+            return false; // Empty array
+        }
+        $codecount = 0; // How many chars have been consumed
+        $encoded = '';
+        // Copy all basic code points to output
+        for ($i = 0; $i < $deco_len; ++$i) {
+            $test = $decoded[$i];
+            // Will match [-0-9a-zA-Z]
+            if ((0x2F < $test && $test < 0x40)
+                    || (0x40 < $test && $test < 0x5B)
+                    || (0x60 < $test && $test <= 0x7B)
+                    || (0x2D == $test)) {
+                $encoded .= chr($decoded[$i]);
+                $codecount++;
+            }
+        }
+        if ($codecount == $deco_len) {
+            return $encoded; // All codepoints were basic ones
+        }
+        // Start with the prefix; copy it to output
+        $encoded = self::punycodePrefix . $encoded;
+        // If we have basic code points in output, add an hyphen to the end
+        if ($codecount) {
+            $encoded .= '-';
+        }
+        // Now find and encode all non-basic code points
+        $is_first = true;
+        $cur_code = self::initialN;
+        $bias = self::initialBias;
+        $delta = 0;
+        while ($codecount < $deco_len) {
+            // Find the smallest code point >= the current code point and
+            // remember the last ouccrence of it in the input
+            for ($i = 0, $next_code = self::maxUcs; $i < $deco_len; $i++) {
+                if ($decoded[$i] >= $cur_code && $decoded[$i] <= $next_code) {
+                    $next_code = $decoded[$i];
+                }
+            }
+            $delta += ($next_code - $cur_code) * ($codecount + 1);
+            $cur_code = $next_code;
+
+            // Scan input again and encode all characters whose code point is $cur_code
+            for ($i = 0; $i < $deco_len; $i++) {
+                if ($decoded[$i] < $cur_code) {
+                    $delta++;
+                } elseif ($decoded[$i] == $cur_code) {
+                    for ($q = $delta, $k = self::base; 1; $k += self::base) {
+                        $t = ($k <= $bias)
+                                ? self::tMin
+                                : (($k >= $bias + self::tMax) ? self::tMax : $k - $bias);
+                        if ($q < $t) {
+                            break;
+                        }
+
+                        $encoded .= $this->encodeDigit(intval($t + (($q - $t) % (self::base - $t))));
+                        $q = (int) (($q - $t) / (self::base - $t));
+                    }
+                    $encoded .= $this->encodeDigit($q);
+                    $bias = $this->adapt($delta, $codecount + 1, $is_first);
+                    $codecount++;
+                    $delta = 0;
+                    $is_first = false;
+                }
+            }
+            $delta++;
+            $cur_code++;
+        }
+        return $encoded;
+    }
+
+    /**
+     * Adapt the bias according to the current code point and position
+     * @param int $delta
+     * @param int $npoints
+     * @param int $is_first
+     * @return int
+     */
+    protected function adapt($delta, $npoints, $is_first)
+    {
+        $delta = intval($is_first ? ($delta / self::damp) : ($delta / 2));
+        $delta += intval($delta / $npoints);
+        for ($k = 0; $delta > ((self::base - self::tMin) * self::tMax) / 2; $k += self::base) {
+            $delta = intval($delta / (self::base - self::tMin));
+        }
+        return intval($k + (self::base - self::tMin + 1) * $delta / ($delta + self::skew));
+    }
+
+    /**
+     * Encoding a certain digit
+     * @param    int $d
+     * @return string
+     */
+    protected function encodeDigit($d)
+    {
+        return chr($d + 22 + 75 * ($d < 26));
+    }
+
+    /**
+     * Decode a certain digit
+     * @param    int $cp
+     * @return int
+     */
+    protected function decodeDigit($cp)
+    {
+        $cp = ord($cp);
+        if ($cp - 48 < 10) {
+
+            return $cp - 22;
+        }
+
+        if ($cp - 65 < 26) {
+
+            return $cp - 65;
+        }
+        if ($cp - 97 < 26) {
+
+            return $cp - 97;
+        }
+
+        return self::base;
+    }
+
+    /**
+     * Do Nameprep according to RFC3491 and RFC3454
+     * @param array $input Unicode Characters
+     * @return string  Unicode Characters, Nameprep'd
+     */
+    protected function namePrep($input)
+    {
+        $output = [];
+        //
+        // Mapping
+        // Walking through the input array, performing the required steps on each of
+        // the input chars and putting the result into the output array
+        // While mapping required chars we apply the canonical ordering
+        foreach ($input as $v) {
+            // Map to nothing == skip that code point
+            if (in_array($v, $this->NamePrepData->mapToNothing)) {
+                continue;
+            }
+            // Try to find prohibited input
+            if (in_array($v, $this->NamePrepData->prohibit) || in_array($v, $this->NamePrepData->generalProhibited)) {
+                throw new \InvalidArgumentException(sprintf('NAMEPREP: Prohibited input U+%08X', $v));
+            }
+            foreach ($this->NamePrepData->prohibitRanges as $range) {
+                if ($range[0] <= $v && $v <= $range[1]) {
+                    throw new \InvalidArgumentException(sprintf('NAMEPREP: Prohibited input U+%08X', $v));
+                }
+            }
+
+            if (0xAC00 <= $v && $v <= 0xD7AF) {
+                // Hangul syllable decomposition
+                foreach ($this->hangulDecompose($v) as $out) {
+                    $output[] = (int) $out;
+                }
+            } elseif (isset($this->NamePrepData->replaceMaps[$v])) {
+                foreach ($this->applyCanonicalOrdering($this->NamePrepData->replaceMaps[$v]) as $out) {
+                    $output[] = (int) $out;
+                }
+            } else {
+                $output[] = (int) $v;
+            }
+        }
+        // Before applying any Combining, try to rearrange any Hangul syllables
+        $output = $this->hangulCompose($output);
+        //
+        // Combine code points
+        //
+        $last_class = 0;
+        $last_starter = 0;
+        $out_len = count($output);
+        for ($i = 0; $i < $out_len; ++$i) {
+            $class = $this->getCombiningClass($output[$i]);
+            if ((!$last_class || $last_class > $class) && $class) {
+                // Try to match
+                $seq_len = $i - $last_starter;
+                $out = $this->combine(array_slice($output, $last_starter, $seq_len));
+                // On match: Replace the last starter with the composed character and remove
+                // the now redundant non-starter(s)
+                if ($out) {
+                    $output[$last_starter] = $out;
+                    if (count($out) != $seq_len) {
+                        for ($j = $i + 1; $j < $out_len; ++$j) {
+                            $output[$j - 1] = $output[$j];
+                        }
+                        unset($output[$out_len]);
+                    }
+                    // Rewind the for loop by one, since there can be more possible compositions
+                    $i--;
+                    $out_len--;
+                    $last_class = ($i == $last_starter) ? 0 : $this->getCombiningClass($output[$i - 1]);
+                    continue;
+                }
+            }
+            // The current class is 0
+            if (!$class) {
+                $last_starter = $i;
+            }
+            $last_class = $class;
+        }
+        return $output;
+    }
+
+    /**
+     * Decomposes a Hangul syllable
+     * (see http://www.unicode.org/unicode/reports/tr15/#Hangul
+     * @param    integer  32bit UCS4 code point
+     * @return   array    Either Hangul Syllable decomposed or original 32bit value as one value array
+     */
+    protected function hangulDecompose($char)
+    {
+        $sindex = (int) $char - self::sBase;
+        if ($sindex < 0 || $sindex >= self::sCount) {
+            return [$char];
+        }
+        $result = [];
+        $result[] = (int) self::lBase + $sindex / self::nCount;
+        $result[] = (int) self::vBase + ($sindex % self::nCount) / self::tCount;
+        $T = intval(self::tBase + $sindex % self::tCount);
+        if ($T != self::tBase) {
+            $result[] = $T;
+        }
+        return $result;
+    }
+
+    /**
+     * Ccomposes a Hangul syllable
+     * (see http://www.unicode.org/unicode/reports/tr15/#Hangul
+     * @param  array $input   Decomposed UCS4 sequence
+     * @return array UCS4 sequence with syllables composed
+     */
+    protected function hangulCompose($input)
+    {
+        $inp_len = count($input);
+        if (!$inp_len) {
+            return [];
+        }
+        $result = [];
+        $last = (int) $input[0];
+        $result[] = $last; // copy first char from input to output
+
+        for ($i = 1; $i < $inp_len; ++$i) {
+            $char = (int) $input[$i];
+            $sindex = $last - self::sBase;
+            $lindex = $last - self::lBase;
+            $vindex = $char - self::vBase;
+            $tindex = $char - self::tBase;
+            // Find out, whether two current characters are LV and T
+            if (0 <= $sindex && $sindex < self::sCount && ($sindex % self::tCount == 0) && 0 <= $tindex && $tindex <= self::tCount) {
+                // create syllable of form LVT
+                $last += $tindex;
+                $result[(count($result) - 1)] = $last; // reset last
+                continue; // discard char
+            }
+            // Find out, whether two current characters form L and V
+            if (0 <= $lindex && $lindex < self::lCount && 0 <= $vindex && $vindex < self::vCount) {
+                // create syllable of form LV
+                $last = (int) self::sBase + ($lindex * self::vCount + $vindex) * self::tCount;
+                $result[(count($result) - 1)] = $last; // reset last
+                continue; // discard char
+            }
+            // if neither case was true, just add the character
+            $last = $char;
+            $result[] = $char;
+        }
+        return $result;
+    }
+
+    /**
+     * Returns the combining class of a certain wide char
+     * @param integer  $char  Wide char to check (32bit integer)
+     * @return integer Combining class if found, else 0
+     */
+    protected function getCombiningClass($char)
+    {
+        return isset($this->NamePrepData->normalizeCombiningClasses[$char])
+                ? $this->NamePrepData->normalizeCombiningClasses[$char]
+                : 0;
+    }
+
+    /**
+     * Applies the canonical ordering of a decomposed UCS4 sequence
+     * @param array  $input Decomposed UCS4 sequence
+     * @return array Ordered USC4 sequence
+     */
+    protected function applyCanonicalOrdering($input)
+    {
+        $swap = true;
+        $size = count($input);
+        while ($swap) {
+            $swap = false;
+            $last = $this->getCombiningClass(intval($input[0]));
+            for ($i = 0; $i < $size - 1; ++$i) {
+                $next = $this->getCombiningClass(intval($input[$i + 1]));
+                if ($next != 0 && $last > $next) {
+                    // Move item leftward until it fits
+                    for ($j = $i + 1; $j > 0; --$j) {
+                        if ($this->getCombiningClass(intval($input[$j - 1])) <= $next) {
+                            break;
+                        }
+                        $t = intval($input[$j]);
+                        $input[$j] = intval($input[$j - 1]);
+                        $input[$j - 1] = $t;
+                        $swap = true;
+                    }
+                    // Reentering the loop looking at the old character again
+                    $next = $last;
+                }
+                $last = $next;
+            }
+        }
+        return $input;
+    }
+
+    /**
+     * Do composition of a sequence of starter and non-starter
+     * @param   array $input UCS4 Decomposed sequence
+     * @return  array  Ordered USC4 sequence
+     */
+    protected function combine($input)
+    {
+        $inp_len = count($input);
+        if (0 == $inp_len) {
+            return false;
+        }
+        foreach ($this->NamePrepData->replaceMaps as $np_src => $np_target) {
+            if ($np_target[0] != $input[0]) {
+                continue;
+            }
+            if (count($np_target) != $inp_len) {
+                continue;
+            }
+            $hit = false;
+            foreach ($input as $k2 => $v2) {
+                if ($v2 == $np_target[$k2]) {
+                    $hit = true;
+                } else {
+                    $hit = false;
+                    break;
+                }
+            }
+            if ($hit) {
+                return $np_src;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * Gets the length of a string in bytes even if mbstring function
+     * overloading is turned on
+     *
+     * @param string $string the string for which to get the length.
+     * @return integer the length of the string in bytes.
+     */
+    protected static function byteLength($string)
+    {
+        if (self::$isMbStringOverload) {
+            return mb_strlen($string, '8bit');
+        }
+        return strlen((binary) $string);
+    }
+}
--- a/lib/classes/idna/ext/PunycodeInterface.php
+++ b/lib/classes/idna/ext/PunycodeInterface.php
@@ -0,0 +1,20 @@
+<?php
+ /*
+ * @author  Matthias Sommerfeld <mso@phlylabs.de>
+ * @copyright 2004-2016 phlyLabs Berlin, http://phlylabs.de
+ */
+
+namespace Mso\IdnaConvert;
+
+interface PunycodeInterface 
+{
+   
+    public function __construct(NamePrepDataInterface $NamePrepData, UnicodeTranscoderInterface $UCTC);
+
+    public function getPunycodePrefix();
+
+    public function decode($encoded);
+
+    public function encode($decoded);
+
+}
--- a/lib/classes/idna/ext/UnicodeTranscoder.php
+++ b/lib/classes/idna/ext/UnicodeTranscoder.php
@@ -0,0 +1,358 @@
+<?php
+/**
+ * UCTC - The Unicode Transcoder
+ *
+ * Converts between various flavours of Unicode representations like UCS-4 or UTF-8
+ * Supported schemes:
+ * - UCS-4 Little Endian / Big Endian / Array (partially)
+ * - UTF-16 Little Endian / Big Endian (not yet)
+ * - UTF-8
+ * - UTF-7
+ * - UTF-7 IMAP (modified UTF-7)
+ *
+ * @package IdnaConvert
+ * @author Matthias Sommerfeld  <mso@phlyLabs.de>
+ * @copyright 2003-2016 phlyLabs Berlin, http://phlylabs.de
+ * @version 0.1.1 2016-01-24
+ */
+
+namespace Mso\IdnaConvert;
+
+class UnicodeTranscoder implements UnicodeTranscoderInterface
+{
+    private static $mechs = ['ucs4', 'ucs4array', 'utf8', 'utf7', 'utf7imap'];
+    // unsupported yet: 'ucs4le', 'ucs4be', 'utf16', 'utf16le', 'utf16be'
+
+    private static $allow_overlong = false;
+    private static $safe_mode;
+    private static $safe_char;
+
+    /**
+     * The actual conversion routine
+     *
+     * @param mixed $data The data to convert, usually a string, array when converting from UCS-4 array
+     * @param string $from Original encoding of the data
+     * @param string $to Target encoding of the data
+     * @param bool $safe_mode SafeMode tries to correct invalid codepoints
+     * @param int  $safe_char Unicode Codepoint as placeholder for all otherwise broken characters
+     * @return mixed  False on failure, String or array on success, depending on target encoding
+     * @access public
+     * @throws \InvalidArgumentException
+     * @since 0.0.1
+     */
+    public static function convert($data, $from, $to, $safe_mode = false, $safe_char = 0xFFFC)
+    {
+        self::$safe_mode = ($safe_mode) ? true : false;
+        self::$safe_char = ($safe_char) ? $safe_char : 0xFFFC;
+
+        if (self::$safe_mode) {
+            self::$allow_overlong = true;
+        }
+        if (!in_array($from, self::$mechs)) {
+            throw new \InvalidArgumentException(sprintf('Invalid input format %s', $from));
+        }
+        if (!in_array($to, self::$mechs)) {
+            throw new \InvalidArgumentException(sprintf('Invalid output format %s', $to));
+        }
+        if ($from != 'ucs4array') {
+            $methodName = $from.'_ucs4array';
+            $data = self::$methodName($data);
+        }
+        if ($to != 'ucs4array') {
+            $methodName = 'ucs4array_'.$to;
+            $data = self::$methodName($data);
+        }
+
+        return $data;
+    }
+
+    /**
+     * This converts an UTF-8 encoded string to its UCS-4 representation
+     *
+     * @param string $input The UTF-8 string to convert
+     * @return array  Array of 32bit values representing each codepoint
+     * @throws \InvalidArgumentException
+     * @access public
+     */
+    public static function utf8_ucs4array($input)
+    {
+        $start_byte = $next_byte = 0;
+
+        $output = [];
+        $out_len = 0;
+        $inp_len = self::byteLength($input);
+        $mode = 'next';
+        $test = 'none';
+        for ($k = 0; $k < $inp_len; ++$k) {
+            $v = ord($input{$k}); // Extract byte from input string
+
+            if ($v < 128) { // We found an ASCII char - put into stirng as is
+                $output[$out_len] = $v;
+                ++$out_len;
+                if ('add' == $mode) {
+                    if (self::$safe_mode) {
+                        $output[$out_len - 2] = self::$safe_char;
+                        $mode = 'next';
+                    } else {
+                        throw new \InvalidArgumentException(sprintf('Conversion from UTF-8 to UCS-4 failed: malformed input at byte %d', $k));
+                    }
+                }
+                continue;
+            }
+            if ('next' == $mode) { // Try to find the next start byte; determine the width of the Unicode char
+                $start_byte = $v;
+                $mode = 'add';
+                $test = 'range';
+                if ($v >> 5 == 6) { // &110xxxxx 10xxxxx
+                    $next_byte = 0; // Tells, how many times subsequent bitmasks must rotate 6bits to the left
+                    $v = ($v - 192) << 6;
+                } elseif ($v >> 4 == 14) { // &1110xxxx 10xxxxxx 10xxxxxx
+                    $next_byte = 1;
+                    $v = ($v - 224) << 12;
+                } elseif ($v >> 3 == 30) { // &11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
+                    $next_byte = 2;
+                    $v = ($v - 240) << 18;
+                } elseif (self::$safe_mode) {
+                    $mode = 'next';
+                    $output[$out_len] = self::$safe_char;
+                    ++$out_len;
+                    continue;
+                } else {
+                    throw new \InvalidArgumentException(sprintf('This might be UTF-8, but I don\'t understand it at byte %d', $k));
+                }
+                if ($inp_len - $k - $next_byte < 2) {
+                    $output[$out_len] = self::$safe_char;
+                    $mode = 'no';
+                    continue;
+                }
+
+                if ('add' == $mode) {
+                    $output[$out_len] = (int)$v;
+                    ++$out_len;
+                    continue;
+                }
+            }
+            if ('add' == $mode) {
+                if (!self::$allow_overlong && $test == 'range') {
+                    $test = 'none';
+                    if (($v < 0xA0 && $start_byte == 0xE0) || ($v < 0x90 && $start_byte == 0xF0) || ($v > 0x8F && $start_byte == 0xF4)) {
+                        throw new \InvalidArgumentException(sprintf('Bogus UTF-8 character detected (out of legal range) at byte %d', $k));
+                    }
+                }
+                if ($v >> 6 == 2) { // Bit mask must be 10xxxxxx
+                    $v = ($v - 128) << ($next_byte * 6);
+                    $output[($out_len - 1)] += $v;
+                    --$next_byte;
+                } else {
+                    if (self::$safe_mode) {
+                        $output[$out_len - 1] = ord(self::$safe_char);
+                        $k--;
+                        $mode = 'next';
+                        continue;
+                    } else {
+                        throw new \InvalidArgumentException(sprintf('Conversion from UTF-8 to UCS-4 failed: malformed input at byte %d', $k));
+                    }
+                }
+                if ($next_byte < 0) {
+                    $mode = 'next';
+                }
+            }
+        } // for
+
+        return $output;
+    }
+
+    /**
+     * Convert UCS-4 arary into UTF-8 string
+     * See utf8_ucs4array() for details
+     * @param $input array Array of UCS-4 codepoints
+     * @return string
+     * @access   public
+     */
+    public static function ucs4array_utf8($input)
+    {
+        $output = '';
+        foreach ($input as $k => $v) {
+            if ($v < 128) { // 7bit are transferred literally
+                $output .= chr($v);
+            } elseif ($v < (1 << 11)) { // 2 bytes
+                $output .= chr(192 + ($v >> 6)) . chr(128 + ($v & 63));
+            } elseif ($v < (1 << 16)) { // 3 bytes
+                $output .= chr(224 + ($v >> 12)) . chr(128 + (($v >> 6) & 63)) . chr(128 + ($v & 63));
+            } elseif ($v < (1 << 21)) { // 4 bytes
+                $output .= chr(240 + ($v >> 18)) . chr(128 + (($v >> 12) & 63)) . chr(128 + (($v >> 6) & 63)) . chr(128 + ($v & 63));
+            } elseif (self::$safe_mode) {
+                $output .= self::$safe_char;
+            } else {
+                throw new \InvalidArgumentException(sprintf('Conversion from UCS-4 to UTF-8 failed: malformed input at byte %d', $k));
+            }
+        }
+
+        return $output;
+    }
+
+    public static function utf7imap_ucs4array($input)
+    {
+        return self::utf7_ucs4array(str_replace(',', '/', $input), '&');
+    }
+
+    public static function utf7_ucs4array($input, $sc = '+')
+    {
+        $output = [];
+        $out_len = 0;
+        $inp_len = self::byteLength($input);
+        $mode = 'd';
+        $b64 = '';
+
+        for ($k = 0; $k < $inp_len; ++$k) {
+            $c = $input{$k};
+
+            // Ignore zero bytes
+            if (0 == ord($c)) {
+                continue;
+            }
+            if ('b' == $mode) {
+                // Sequence got terminated
+                if (!preg_match('![A-Za-z0-9/' . preg_quote($sc, '!') . ']!', $c)) {
+                    if ('-' == $c) {
+                        if ($b64 == '') {
+                            $output[$out_len] = ord($sc);
+                            $out_len++;
+                            $mode = 'd';
+
+                            continue;
+                        }
+                    }
+                    $tmp = base64_decode($b64);
+                    $tmp = substr($tmp, -1 * (strlen($tmp) % 2));
+                    for ($i = 0; $i < strlen($tmp); $i++) {
+                        if ($i % 2) {
+                            $output[$out_len] += ord($tmp{$i});
+                            $out_len++;
+                        } else {
+                            $output[$out_len] = ord($tmp{$i}) << 8;
+                        }
+                    }
+                    $mode = 'd';
+                    $b64 = '';
+
+                    continue;
+                } else {
+                    $b64 .= $c;
+                }
+            }
+            if ('d' == $mode) {
+                if ($sc == $c) {
+                    $mode = 'b';
+
+                    continue;
+                }
+                $output[$out_len] = ord($c);
+                $out_len++;
+            }
+        }
+
+        return $output;
+    }
+
+    public static function ucs4array_utf7imap($input)
+    {
+        return str_replace('/', ',', self::ucs4array_utf7($input, '&'));
+    }
+
+    public static function ucs4array_utf7($input, $sc = '+')
+    {
+        $output = '';
+        $mode = 'd';
+        $b64 = '';
+        while (true) {
+            $v = (!empty($input)) ? array_shift($input) : false;
+            $is_direct = (false !== $v) ? (0x20 <= $v && $v <= 0x7e && $v != ord($sc)) : true;
+            if ($mode == 'b') {
+                if ($is_direct) {
+                    if ($b64 == chr(0) . $sc) {
+                        $output .= $sc . '-';
+                        $b64 = '';
+                    } elseif ($b64) {
+                        $output .= $sc . str_replace('=', '', base64_encode($b64)) . '-';
+                        $b64 = '';
+                    }
+                    $mode = 'd';
+                } elseif (false !== $v) {
+                    $b64 .= chr(($v >> 8) & 255) . chr($v & 255);
+                }
+            }
+            if ($mode == 'd' && false !== $v) {
+                if ($is_direct) {
+                    $output .= chr($v);
+                } else {
+                    $b64 = chr(($v >> 8) & 255) . chr($v & 255);
+                    $mode = 'b';
+                }
+            }
+            if (false === $v && $b64 == '') break;
+        }
+
+        return $output;
+    }
+
+    /**
+     * Convert UCS-4 array into UCS-4 string (Little Endian at the moment)
+     * @param $input array UCS-4 code points
+     * @return string
+     * @access   public
+     */
+    public static function ucs4array_ucs4($input)
+    {
+        $output = '';
+        foreach ($input as $v) {
+            $output .= chr(($v >> 24) & 255) . chr(($v >> 16) & 255) . chr(($v >> 8) & 255) . chr($v & 255);
+        }
+
+        return $output;
+    }
+
+    /**
+     * Convert UCS-4 string (LE ar the moment) into UCS-4 array
+     * @param $input string UCS-4 LE string
+     * @return array
+     * @access   public
+     */
+    public static function ucs4_ucs4array($input)
+    {
+        $output = [];
+
+        $inp_len = self::byteLength($input);
+        // Input length must be dividable by 4
+        if ($inp_len % 4) {
+            throw new \InvalidArgumentException('Input UCS4 string is broken');
+        }
+        // Empty input - return empty output
+        if (!$inp_len) return $output;
+
+        for ($i = 0, $out_len = -1; $i < $inp_len; ++$i) {
+            if (!($i % 4)) { // Increment output position every 4 input bytes
+                $out_len++;
+                $output[$out_len] = 0;
+            }
+            $output[$out_len] += ord($input{$i}) << (8 * (3 - ($i % 4)));
+        }
+
+        return $output;
+    }
+
+    /**
+     * Gets the length of a string in bytes even if mbstring function
+     * overloading is turned on
+     *
+     * @param string $string the string for which to get the length.
+     * @return integer the length of the string in bytes.
+     */
+    protected static function byteLength($string)
+    {
+        if ((extension_loaded('mbstring') && (ini_get('mbstring.func_overload') & 0x02) === 0x02)) {
+            return mb_strlen($string, '8bit');
+        }
+        return strlen((binary) $string);
+    }
+}
--- a/lib/classes/idna/ext/UnicodeTranscoderInterface.php
+++ b/lib/classes/idna/ext/UnicodeTranscoderInterface.php
@@ -0,0 +1,40 @@
+<?php
+/**
+ * UCTC - The Unicode Transcoder
+ *
+ * Converts between various flavours of Unicode representations like UCS-4 or UTF-8
+ * Supported schemes:
+ * - UCS-4 Little Endian / Big Endian / Array (partially)
+ * - UTF-16 Little Endian / Big Endian (not yet)
+ * - UTF-8
+ * - UTF-7
+ * - UTF-7 IMAP (modified UTF-7)
+ *
+ * @package IdnaConvert
+ * @author Matthias Sommerfeld  <mso@phlyLabs.de>
+ * @copyright 2003-2016 phlyLabs Berlin, http://phlylabs.de
+ * @version 0.1.0 2016-01-08
+ */
+
+namespace Mso\IdnaConvert;
+
+interface UnicodeTranscoderInterface
+{
+    public static function convert($data, $from, $to, $safe_mode = false, $safe_char = 0xFFFC);
+
+    public static function utf8_ucs4array($input);
+
+    public static function ucs4array_utf8($input);
+
+    public static function utf7imap_ucs4array($input);
+
+    public static function utf7_ucs4array($input, $sc = '+');
+
+    public static function ucs4array_utf7imap($input);
+
+    public static function ucs4array_utf7($input, $sc = '+');
+
+    public static function ucs4array_ucs4($input);
+
+    public static function ucs4_ucs4array($input);
+}
--- a/lib/classes/integrity/class.IntegrityCheck.php
+++ b/lib/classes/integrity/class.IntegrityCheck.php
@@ -130,9 +130,9 @@ class IntegrityCheck {
 			while ($row = $adm_stmt->fetch(PDO::FETCH_ASSOC)) {
 				if ($row['ip'] < 0 || is_null($row['ip']) || empty($row['ip'])) {
 					// Admin uses default-IP
-					$admips[$row['adminid']] = Settings::Get('system.defaultip');
+					$admips[$row['adminid']] = explode(',', Settings::Get('system.defaultip'));
 				} else {
-					$admips[$row['adminid']] = $row['ip'];
+					$admips[$row['adminid']] = array($row['ip']);
 				}
 			}
 		}
@@ -181,7 +181,9 @@ class IntegrityCheck {
 		foreach ($domains as $domainid => $adminid) {
 			if (!array_key_exists($domainid, $ipstodomains)) {
 				if ($fix) {
-					Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipandportid' => $admips[$adminid]));
+					foreach ($admips[$adminid] as $defaultip) {
+						Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipandportid' => $defaultip));
+					}
 					$this->_log->logAction(ADM_ACTION, LOG_WARNING, "found a domain-id with no entry in domain <> ip table, integrity check fixed this");
 				} else {
 					$this->_log->logAction(ADM_ACTION, LOG_NOTICE, "found a domain-id with no entry in domain <> ip table, integrity check can fix this");
@@ -198,7 +200,7 @@ class IntegrityCheck {
 	}

 	/**
-	 * Check if all subdomain have ssl-redirect = 0 if domain has no ssl-port
+	 * Check if all subdomains have ssl-redirect = 0 if domain has no ssl-port
 	 * @param $fix Fix everything found directly
 	 */
 	public function SubdomainSslRedirect($fix = false) {
@@ -267,6 +269,76 @@ class IntegrityCheck {
 		}
 	}

+	/**
+	 * Check if all subdomain have letsencrypt = 0 if domain has no ssl-port
+	 * @param $fix Fix everything found directly
+	 */
+	public function SubdomainLetsencrypt($fix = false) {
+		$ips = array();
+		$parentdomains = array();
+		$subdomains = array();
+
+		if ($fix) {
+			// Prepare update statement for the fixes
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_DOMAINS . "`
+				SET `letsencrypt` = 0 WHERE `parentdomainid` = :domainid"
+			);
+		}
+
+		// Cache all ssl ip/port - combinations
+		$result_stmt = Database::prepare("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl` = 1 ORDER BY `id` ASC");
+		Database::pexecute($result_stmt);
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			$ips[$row['id']] = $row['ip'] . ':' . $row['port'];
+		}
+
+		// Cache all configured domains
+		$result_stmt = Database::prepare("SELECT `id`, `parentdomainid`, `letsencrypt` FROM `" . TABLE_PANEL_DOMAINS . "` ORDER BY `id` ASC");
+		$ip_stmt = Database::prepare("SELECT `id_domain`, `id_ipandports` FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :domainid");
+		Database::pexecute($result_stmt);
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			if ($row['parentdomainid'] == 0) {
+				// All parentdomains by default have no ssl - ip/port
+				$parentdomains[$row['id']] = false;
+				Database::pexecute($ip_stmt, array('domainid' => $row['id']));
+				while ($iprow = $ip_stmt->fetch(PDO::FETCH_ASSOC)) {
+					// If the parentdomain has an ip/port assigned which we know is SSL enabled, set the parentdomain to "true"
+					if (array_key_exists($iprow['id_ipandports'], $ips)) { $parentdomains[$row['id']] = true; }
+				}
+			} elseif ($row['letsencrypt'] == 1)  {
+				// All subdomains with enabled letsencrypt enabled are stored
+				if (!isset($subdomains[$row['parentdomainid']])) { $subdomains[$row['parentdomainid']] = array(); }
+				$subdomains[$row['parentdomainid']][] = $row['id'];
+			}
+		}
+
+		// Check if every parentdomain with enabled letsencrypt as SSL enabled
+		foreach ($parentdomains as $id => $sslavailable) {
+			// This parentdomain has no subdomains
+			if (!isset($subdomains[$id])) { continue; }
+			// This parentdomain has SSL enabled, doesn't matter what status the subdomains have
+			if ($sslavailable) { continue; }
+
+			// At this point only parentdomains reside which have letsencrypt enabled subdomains
+			if ($fix) {
+				// We make a blanket update to all subdomains of this parentdomain, doesn't matter which one is wrong, all have to be disabled
+				Database::pexecute($upd_stmt, array('domainid' => $id));
+				$this->_log->logAction(ADM_ACTION, LOG_WARNING, "found a subdomain with letsencrypt=1 but parent-domain has ssl=0, integrity check fixed this");
+			} else {
+				// It's just the check, let the function fail
+				$this->_log->logAction(ADM_ACTION, LOG_NOTICE, "found a subdomain with letsencrypt=1 but parent-domain has ssl=0, integrity check can fix this");
+				return false;
+			}
+		}
+
+		if ($fix) {
+			return $this->SubdomainLetsencrypt();
+		} else {
+			return true;
+		}
+	}
+
 	/**
 	 * check whether the webserveruser is in
 	 * the customers groups when fcgid / php-fpm is used
--- a/lib/classes/logger/class.FileLogger.php
+++ b/lib/classes/logger/class.FileLogger.php
@@ -106,29 +106,7 @@ class FileLogger extends AbstractLogger {
 					break;
 			}

-			$_type = 'unknown';
-
-			switch($type)
-			{
-				case LOG_INFO:
-					$_type = 'information';
-					break;
-				case LOG_NOTICE:
-					$_type = 'notice';
-					break;
-				case LOG_WARNING:
-					$_type = 'warning';
-					break;
-				case LOG_ERR:
-					$_type = 'error';
-					break;
-				case LOG_CRIT:
-					$_type = 'critical';
-					break;
-				default:
-					$_type = 'unknown';
-					break;
-			}
+			$_type = getLogLevelDesc($type);

 			if(!isset($this->userinfo['loginname'])
 					|| $this->userinfo['loginname'] == '')
--- a/lib/classes/logger/class.FroxlorLogger.php
+++ b/lib/classes/logger/class.FroxlorLogger.php
@@ -40,6 +40,12 @@ class FroxlorLogger {
 	 */
 	static private $loggers = null;

+	/**
+	 * whether to output log-messages to STDOUT (cron)
+	 * @var bool
+	 */
+	static private $crondebug_flag = false;
+
 	/**
 	 * Class constructor.
 	 *
@@ -98,8 +104,14 @@ class FroxlorLogger {
 			return;
 		}

+		if (self::$crondebug_flag
+			|| ($action == CRON_ACTION && $type <= LOG_WARNING)) {
+			echo "[".getLogLevelDesc($type)."] ".$text.PHP_EOL;
+		}
+
 		if (Settings::Get('logger.log_cron') == '0'
 			&& $action == CRON_ACTION
+			&& $type > LOG_WARNING // warnings, errors and critical mesages WILL be logged
 		) {
 			return;
 		}
@@ -158,12 +170,21 @@ class FroxlorLogger {

 		$_cronlog = (int)$_cronlog;

-		if ($_cronlog != 0
-		   && $_cronlog != 1
-		) {
+		if ($_cronlog < 0 || $_cronlog > 2) {
 			$_cronlog = 0;
 		}
 		Settings::Set('logger.log_cron', $_cronlog);
-		return true;
+		return $_cronlog;
+	}
+
+	/**
+	 * setter for crondebug-flag
+	 *
+	 * @param bool $_flag
+	 *
+	 * @return void
+	 */
+	public function setCronDebugFlag($_flag = false) {
+	    self::$crondebug_flag = (bool)$_flag;
 	}
 }
--- a/lib/classes/logger/class.SysLogger.php
+++ b/lib/classes/logger/class.SysLogger.php
@@ -114,9 +114,9 @@ class SysLogger extends AbstractLogger {
 			if ($text != null
 					&& $text != ''
 			) {
-				syslog((int)$type, "[" . ucfirst($_action) . " Action " . $name . "] " . $text);
+				syslog((int)$type, "[" . ucfirst($_action) . " Action " . $name . "] [".getLogLevelDesc($type)."] " . $text);
 			} else {
-				syslog((int)$type, "[" . ucfirst($_action) . " Action " . $name . "] No text given!!! Check scripts!");
+				syslog((int)$type, "[" . ucfirst($_action) . " Action " . $name . "] [".getLogLevelDesc($type)."] No text given!!! Check scripts!");
 			}

 			closelog();
--- a/lib/classes/output/class.htmlform.php
+++ b/lib/classes/output/class.htmlform.php
@@ -68,8 +68,6 @@ class htmlform
 						$style = (isset($fielddata['style']) ? ' class="'.$fielddata['style'].'"' : '');
 						$mandatory = self::_getMandatoryFlag($fielddata);
 						$data_field = self::_parseDataField($fieldname, $fielddata);
-						//$data_field = str_replace("\n", "", $data_field);
-						$data_field = str_replace("\t", "", $data_field);
 						if (isset($fielddata['has_nextto'])) {
 							$nexto = array('field' => $fieldname);
 							$data_field.='{NEXTTOFIELD_'.$fieldname.'}';
@@ -79,7 +77,6 @@ class htmlform
 						eval("self::\$_form .= \"" . getTemplate("misc/form/table_row", "1") . "\";");
 					} else {
 						$data_field = self::_parseDataField($fieldname, $fielddata);
-						//$data_field = str_replace("\n", "", $data_field);
 						$data_field = str_replace("\t", "", $data_field);
 						$data_field = $fielddata['next_to_prefix'].$data_field;
 						self::$_form = str_replace(
@@ -125,6 +122,8 @@ class htmlform
 				return self::_checkbox($fieldname, $data); break;
 			case 'file':
 				return self::_file($fieldname, $data); break;
+			case 'int':
+				return self::_int($fieldname, $data); break;
 		}
 	}

@@ -316,4 +315,29 @@ class htmlform
 		return $return;
 	}

+	private static function _int($fieldname = '', $data = array())
+	{
+		$return = '';
+		$extras = '';
+		if(isset($data['int_min'])) {
+			$extras .= ' min="'.$data['int_min'].'"';
+		}
+		if(isset($data['int_max'])) {
+			$extras .= ' max="'.$data['int_max'].'"';
+		}
+
+		// add support to save reloaded forms
+		if (isset($data['value'])) {
+			$value = $data['value'];
+		} elseif (isset($_SESSION['requestData'][$fieldname])) {
+			$value = $_SESSION['requestData'][$fieldname];
+		} else {
+			$value = '';
+		}
+
+		$type = 'number';
+		$ulfield = '';
+		eval("\$return = \"" . getTemplate("misc/form/input_text", "1") . "\";");
+		return $return;
+	}
 }
--- a/lib/classes/output/class.paging.php
+++ b/lib/classes/output/class.paging.php
@@ -319,6 +319,8 @@ class paging {
 				$condition.= $searchfield . " ".$oper." " . Database::quote($searchtext);
 			} else {
 				$searchtext = str_replace('*', '%', $this->searchtext);
+				// append wildcards if user did not enter any
+				if (strpos($searchtext,'%') === false) $searchtext='%'.$searchtext.'%';
 				$condition.= $searchfield . " LIKE " . Database::quote($searchtext);
 			}
 			
@@ -399,7 +401,7 @@ class paging {
 		}

 		$breakorws = ($break ? '<br />' : '&nbsp;');
-		foreach (array('asc' => $lng['panel']['ascending'], 'desc' => $lng['panel']['decending']) as $sortordertype => $sortorderdescription) {
+		foreach (array('asc' => $lng['panel']['ascending'], 'desc' => $lng['panel']['descending']) as $sortordertype => $sortorderdescription) {
 			$orderoptions.= makeoption($sortorderdescription, $sortordertype, $this->sortorder, true, true);
 		}

--- a/lib/classes/phpinterface/class.phpinterface_fcgid.php
+++ b/lib/classes/phpinterface/class.phpinterface_fcgid.php
@@ -153,26 +153,26 @@ class phpinterface_fcgid {
 		$php_ini_variables = array(
 				'SAFE_MODE' => 'Off', // keep this for compatibility, just in case
 				'PEAR_DIR' => Settings::Get('system.mod_fcgid_peardir'),
-				'OPEN_BASEDIR' => $openbasedir,
-				'OPEN_BASEDIR_C' => $openbasedirc,
-				'OPEN_BASEDIR_GLOBAL' => Settings::Get('system.hpappendopenbasedir'),
 				'TMP_DIR' => $this->getTempDir(),
 				'CUSTOMER_EMAIL' => $this->_domain['email'],
 				'ADMIN_EMAIL' => $admin['email'],
 				'DOMAIN' => $this->_domain['domain'],
 				'CUSTOMER' => $this->_domain['loginname'],
-				'ADMIN' => $admin['loginname']
+				'ADMIN' => $admin['loginname'],
+				'OPEN_BASEDIR' => $openbasedir,
+				'OPEN_BASEDIR_C' => $openbasedirc,
+				'OPEN_BASEDIR_GLOBAL' => Settings::Get('system.phpappendopenbasedir'),
+				'DOCUMENT_ROOT' => makeCorrectDir($this->_domain['documentroot'])
 		);

 		//insert a small header for the file
-
 		$phpini_file = ";\n";
 		$phpini_file.= "; php.ini created/changed on " . date("Y.m.d H:i:s") . " for domain '" . $this->_domain['domain'] . "' with id #" . $this->_domain['id'] . " from php template '" . $phpconfig['description'] . "' with id #" . $phpconfig['id'] . "\n";
 		$phpini_file.= "; Do not change anything in this file, it will be overwritten by the Froxlor Cronjob!\n";
 		$phpini_file.= ";\n\n";
 		$phpini_file.= replace_variables($phpconfig['phpsettings'], $php_ini_variables);
 		$phpini_file = str_replace('"none"', 'none', $phpini_file);
-		$phpini_file = preg_replace('/\"+/', '"', $phpini_file);
+		//$phpini_file = preg_replace('/\"+/', '"', $phpini_file);
 		$phpini_file_handler = fopen($this->getIniFile(), 'w');
 		fwrite($phpini_file_handler, $phpini_file);
 		fclose($phpini_file_handler);
--- a/lib/classes/phpinterface/class.phpinterface_fpm.php
+++ b/lib/classes/phpinterface/class.phpinterface_fpm.php
@@ -111,7 +111,13 @@ class phpinterface_fpm {
 				'sendmail_path',
 				'session.gc_divisor',
 				'session.gc_probability',
-				'variables_order'
+				'variables_order',
+				'opcache.log_verbosity_level',
+				'opcache.restrict_api',
+				'opcache.revalidate_freq',
+				'opcache.max_accelerated_files',
+				'opcache.memory_consumption',
+				'opcache.interned_strings_buffer'
 			),
 			'php_admin_flag' => array(
 				'allow_call_time_pass_reference',
@@ -127,7 +133,16 @@ class phpinterface_fpm {
 				'ignore_repeated_source',
 				'log_errors',
 				'register_argc_argv',
-				'report_memleaks'
+				'report_memleaks',
+				'opcache.enable',
+				'opcache.consistency_checks',
+				'opcache.dups_fix',
+				'opcache.load_comments',
+				'opcache.revalidate_path',
+				'opcache.save_comments',
+				'opcache.use_cwd',
+				'opcache.validate_timestamps',
+				'opcache.fast_shutdown'
 			)
 	);

@@ -197,7 +212,7 @@ class phpinterface_fpm {
 					$fpm_start_servers = $fpm_min_spare_servers;
 				}
 				if ($fpm_start_servers > $fpm_max_spare_servers) {
-					$fpm_start_servers = $fpm_start_servers - (($fpm_start_servers - $fpm_max_spare_servers) + 1);
+					$fpm_start_servers = $fpm_max_spare_servers;
 				}
 				$fpm_config.= 'pm.start_servers = '.$fpm_start_servers."\n";
 				$fpm_config.= 'pm.min_spare_servers = '.$fpm_min_spare_servers."\n";
@@ -267,7 +282,6 @@ class phpinterface_fpm {
 			$fpm_config.= 'php_admin_value[upload_tmp_dir] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";

 			$admin = $this->_getAdminData($this->_domain['adminid']);
-
 			$php_ini_variables = array(
 					'SAFE_MODE' => 'Off', // keep this for compatibility, just in case
 					'PEAR_DIR' => Settings::Get('phpfpm.peardir'),
@@ -278,7 +292,9 @@ class phpinterface_fpm {
 					'CUSTOMER' => $this->_domain['loginname'],
 					'ADMIN' => $admin['loginname'],
 					'OPEN_BASEDIR' => $openbasedir,
-					'OPEN_BASEDIR_C' => ''
+					'OPEN_BASEDIR_C' => '',
+					'OPEN_BASEDIR_GLOBAL' => Settings::Get('system.phpappendopenbasedir'),
+					'DOCUMENT_ROOT' => makeCorrectDir($this->_domain['documentroot'])
 			);

 			$phpini = replace_variables($phpconfig['phpsettings'], $php_ini_variables);
@@ -348,7 +364,7 @@ class phpinterface_fpm {
 	public function getSocketFile($createifnotexists = true) {

 		$socketdir = makeCorrectDir(Settings::Get('phpfpm.fastcgi_ipcdir'));
-		$socket = makeCorrectFile($socketdir.'/'.$this->_domain['loginname'].'-'.$this->_domain['domain'].'-php-fpm.socket');
+		$socket = strtolower(makeCorrectFile($socketdir.'/'.$this->_domain['loginname'].'-'.$this->_domain['domain'].'-php-fpm.socket'));

 		if (!is_dir($socketdir) && $createifnotexists) {
 			safe_exec('mkdir -p '.escapeshellarg($socketdir));
--- a/lib/classes/phpmailer/class.PHPMailer.php
+++ b/lib/classes/phpmailer/class.PHPMailer.php
--- a/lib/classes/phpmailer/class.SMTP.php
+++ b/lib/classes/phpmailer/class.SMTP.php
@@ -21,32 +21,32 @@
 * PHPMailer RFC821 SMTP email transport class.
 * Implements RFC 821 SMTP commands and provides some utility methods for sending mail to an SMTP server.
 * @package PHPMailer
- * @author Chris Ryan <unknown@example.com>
+ * @author Chris Ryan
 * @author Marcus Bointon <phpmailer@synchromedia.co.uk>
 */
 class SMTP
 {
    /**
     * The PHPMailer SMTP version number.
-     * @type string
+     * @var string
     */
-    const VERSION = '5.2.9';
+    const VERSION = '5.2.16';

    /**
     * SMTP line break constant.
-     * @type string
+     * @var string
     */
    const CRLF = "\r\n";

    /**
     * The SMTP port to use if one is not specified.
-     * @type integer
+     * @var integer
     */
    const DEFAULT_SMTP_PORT = 25;

    /**
     * The maximum line length allowed by RFC 2822 section 2.1.1
-     * @type integer
+     * @var integer
     */
    const MAX_LINE_LENGTH = 998;

@@ -77,15 +77,15 @@ class SMTP

    /**
     * The PHPMailer SMTP Version number.
-     * @type string
+     * @var string
     * @deprecated Use the `VERSION` constant instead
     * @see SMTP::VERSION
     */
-    public $Version = '5.2.9';
+    public $Version = '5.2.16';

    /**
     * SMTP server port number.
-     * @type integer
+     * @var integer
     * @deprecated This is only ever used as a default value, so use the `DEFAULT_SMTP_PORT` constant instead
     * @see SMTP::DEFAULT_SMTP_PORT
     */
@@ -93,7 +93,7 @@ class SMTP

    /**
     * SMTP reply line ending.
-     * @type string
+     * @var string
     * @deprecated Use the `CRLF` constant instead
     * @see SMTP::CRLF
     */
@@ -107,7 +107,7 @@ class SMTP
     * * self::DEBUG_SERVER (`2`) Client commands and server responses
     * * self::DEBUG_CONNECTION (`3`) As DEBUG_SERVER plus connection status
     * * self::DEBUG_LOWLEVEL (`4`) Low-level data output, all messages
-     * @type integer
+     * @var integer
     */
    public $do_debug = self::DEBUG_OFF;

@@ -122,7 +122,7 @@ class SMTP
     * <code>
     * $smtp->Debugoutput = function($str, $level) {echo "debug level $level; message: $str";};
     * </code>
-     * @type string|callable
+     * @var string|callable
     */
    public $Debugoutput = 'echo';

@@ -130,7 +130,7 @@ class SMTP
     * Whether to use VERP.
     * @link http://en.wikipedia.org/wiki/Variable_envelope_return_path
     * @link http://www.postfix.org/VERP_README.html Info on VERP
-     * @type boolean
+     * @var boolean
     */
    public $do_verp = false;

@@ -139,38 +139,55 @@ class SMTP
     * Default of 5 minutes (300sec) is from RFC2821 section 4.5.3.2
     * This needs to be quite high to function correctly with hosts using greetdelay as an anti-spam measure.
     * @link http://tools.ietf.org/html/rfc2821#section-4.5.3.2
-     * @type integer
+     * @var integer
     */
    public $Timeout = 300;

    /**
-     * The SMTP timelimit value for reads, in seconds.
-     * @type integer
+     * How long to wait for commands to complete, in seconds.
+     * Default of 5 minutes (300sec) is from RFC2821 section 4.5.3.2
+     * @var integer
     */
-    public $Timelimit = 30;
+    public $Timelimit = 300;

    /**
     * The socket for the server connection.
-     * @type resource
+     * @var resource
     */
    protected $smtp_conn;

    /**
-     * Error message, if any, for the last call.
-     * @type array
+     * Error information, if any, for the last SMTP command.
+     * @var array
     */
-    protected $error = array();
+    protected $error = array(
+        'error' => '',
+        'detail' => '',
+        'smtp_code' => '',
+        'smtp_code_ex' => ''
+    );

    /**
     * The reply the server sent to us for HELO.
     * If null, no HELO string has yet been received.
-     * @type string|null
+     * @var string|null
     */
    protected $helo_rply = null;

+    /**
+     * The set of SMTP extensions sent in reply to EHLO command.
+     * Indexes of the array are extension names.
+     * Value at index 'HELO' or 'EHLO' (according to command that was sent)
+     * represents the server name. In case of HELO it is the only element of the array.
+     * Other values can be boolean TRUE or an array containing extension options.
+     * If null, no HELO/EHLO string has yet been received.
+     * @var array|null
+     */
+    protected $server_caps = null;
+
    /**
     * The most recent reply received from the server.
-     * @type string
+     * @var string
     */
    protected $last_reply = '';

@@ -187,7 +204,8 @@ class SMTP
        if ($level > $this->do_debug) {
            return;
        }
-        if (is_callable($this->Debugoutput)) {
+        //Avoid clash with built-in function names
+        if (!in_array($this->Debugoutput, array('error_log', 'html', 'echo')) and is_callable($this->Debugoutput)) {
            call_user_func($this->Debugoutput, $str, $this->do_debug);
            return;
        }
@@ -235,11 +253,11 @@ class SMTP
            $streamok = function_exists('stream_socket_client');
        }
        // Clear errors to avoid confusion
-        $this->error = array();
+        $this->setError('');
        // Make sure we are __not__ connected
        if ($this->connected()) {
            // Already connected, generate error
-            $this->error = array('error' => 'Already connected to a server');
+            $this->setError('Already connected to a server');
            return false;
        }
        if (empty($port)) {
@@ -247,7 +265,7 @@ class SMTP
        }
        // Connect to the SMTP server
        $this->edebug(
-            "Connection: opening to $host:$port, t=$timeout, opt=".var_export($options, true),
+            "Connection: opening to $host:$port, timeout=$timeout, options=".var_export($options, true),
            self::DEBUG_CONNECTION
        );
        $errno = 0;
@@ -279,10 +297,10 @@ class SMTP
        }
        // Verify we connected properly
        if (!is_resource($this->smtp_conn)) {
-            $this->error = array(
-                'error' => 'Failed to connect to server',
-                'errno' => $errno,
-                'errstr' => $errstr
+            $this->setError(
+                'Failed to connect to server',
+                $errno,
+                $errstr
            );
            $this->edebug(
                'SMTP ERROR: ' . $this->error['error']
@@ -296,7 +314,8 @@ class SMTP
        // Windows does not have support for this timeout function
        if (substr(PHP_OS, 0, 3) != 'WIN') {
            $max = ini_get('max_execution_time');
-            if ($max != 0 && $timeout > $max) { // Don't bother if unlimited
+            // Don't bother if unlimited
+            if ($max != 0 && $timeout > $max) {
                @set_time_limit($timeout);
            }
            stream_set_timeout($this->smtp_conn, $timeout, 0);
@@ -317,11 +336,22 @@ class SMTP
        if (!$this->sendCommand('STARTTLS', 'STARTTLS', 220)) {
            return false;
        }
+
+        //Allow the best TLS version(s) we can
+        $crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
+
+        //PHP 5.6.7 dropped inclusion of TLS 1.1 and 1.2 in STREAM_CRYPTO_METHOD_TLS_CLIENT
+        //so add them back in manually if we can
+        if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) {
+            $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
+            $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
+        }
+
        // Begin encrypted connection
        if (!stream_socket_enable_crypto(
            $this->smtp_conn,
            true,
-            STREAM_CRYPTO_METHOD_TLS_CLIENT
+            $crypto_method
        )) {
            return false;
        }
@@ -334,20 +364,60 @@ class SMTP
     * @see hello()
     * @param string $username The user name
     * @param string $password The password
-     * @param string $authtype    The auth type (PLAIN, LOGIN, NTLM, CRAM-MD5)
+     * @param string $authtype The auth type (PLAIN, LOGIN, NTLM, CRAM-MD5, XOAUTH2)
     * @param string $realm The auth realm for NTLM
     * @param string $workstation The auth workstation for NTLM
-     * @access public
-     * @return boolean True if successfully authenticated.
+     * @param null|OAuth $OAuth An optional OAuth instance (@see PHPMailerOAuth)
+     * @return bool True if successfully authenticated.* @access public
     */
    public function authenticate(
        $username,
        $password,
-        $authtype = 'LOGIN',
+        $authtype = null,
        $realm = '',
-        $workstation = ''
+        $workstation = '',
+        $OAuth = null
    ) {
+        if (!$this->server_caps) {
+            $this->setError('Authentication is not allowed before HELO/EHLO');
+            return false;
+        }
+
+        if (array_key_exists('EHLO', $this->server_caps)) {
+        // SMTP extensions are available. Let's try to find a proper authentication method
+
+            if (!array_key_exists('AUTH', $this->server_caps)) {
+                $this->setError('Authentication is not allowed at this stage');
+                // 'at this stage' means that auth may be allowed after the stage changes
+                // e.g. after STARTTLS
+                return false;
+            }
+
+            self::edebug('Auth method requested: ' . ($authtype ? $authtype : 'UNKNOWN'), self::DEBUG_LOWLEVEL);
+            self::edebug(
+                'Auth methods available on the server: ' . implode(',', $this->server_caps['AUTH']),
+                self::DEBUG_LOWLEVEL
+            );
+
            if (empty($authtype)) {
+                foreach (array('CRAM-MD5', 'LOGIN', 'PLAIN', 'NTLM', 'XOAUTH2') as $method) {
+                    if (in_array($method, $this->server_caps['AUTH'])) {
+                        $authtype = $method;
+                        break;
+                    }
+                }
+                if (empty($authtype)) {
+                    $this->setError('No supported authentication methods found');
+                    return false;
+                }
+                self::edebug('Auth method selected: '.$authtype, self::DEBUG_LOWLEVEL);
+            }
+
+            if (!in_array($authtype, $this->server_caps['AUTH'])) {
+                $this->setError("The requested authentication method \"$authtype\" is not supported by the server");
+                return false;
+            }
+        } elseif (empty($authtype)) {
            $authtype = 'LOGIN';
        }
        switch ($authtype) {
@@ -378,6 +448,19 @@ class SMTP
                    return false;
                }
                break;
+            case 'XOAUTH2':
+                //If the OAuth Instance is not set. Can be a case when PHPMailer is used
+                //instead of PHPMailerOAuth
+                if (is_null($OAuth)) {
+                    return false;
+                }
+                $oauth = $OAuth->getOauth64();
+
+                // Start authentication
+                if (!$this->sendCommand('AUTH', 'AUTH XOAUTH2 ' . $oauth, 235)) {
+                    return false;
+                }
+                break;
            case 'NTLM':
                /*
                 * ntlm_sasl_client.php
@@ -388,11 +471,11 @@ class SMTP
                 * PROTOCOL Docs http://curl.haxx.se/rfc/ntlm.html#ntlmSmtpAuthentication
                 */
                require_once 'extras/ntlm_sasl_client.php';
-                $temp = new stdClass();
+                $temp = new stdClass;
                $ntlm_client = new ntlm_sasl_client_class;
                //Check that functions are available
                if (!$ntlm_client->Initialize($temp)) {
-                    $this->error = array('error' => $temp->error);
+                    $this->setError($temp->error);
                    $this->edebug(
                        'You need to enable some modules in your php.ini file: '
                        . $this->error['error'],
@@ -441,6 +524,9 @@ class SMTP

                // send encoded credentials
                return $this->sendCommand('Username', base64_encode($response), 235);
+            default:
+                $this->setError("Authentication method \"$authtype\" is not supported");
+                return false;
        }
        return true;
    }
@@ -513,7 +599,8 @@ class SMTP
     */
    public function close()
    {
-        $this->error = array();
+        $this->setError('');
+        $this->server_caps = null;
        $this->helo_rply = null;
        if (is_resource($this->smtp_conn)) {
            // close the connection and cleanup
@@ -537,9 +624,11 @@ class SMTP
     */
    public function data($msg_data)
    {
+        //This will use the standard timelimit
        if (!$this->sendCommand('DATA', 'DATA', 354)) {
            return false;
        }
+
        /* The server is ready to accept data!
         * According to rfc821 we should not send more than 1000 characters on a single line (including the CRLF)
         * so we will break the data up into lines by \r and/or \n then if needed we will break each of those into
@@ -567,13 +656,14 @@ class SMTP
            if ($in_headers and $line == '') {
                $in_headers = false;
            }
-            // ok we need to break this line up into several smaller lines
-            //This is a small micro-optimisation: isset($str[$len]) is equivalent to (strlen($str) > $len)
+            //Break this line up into several smaller lines if it's too long
+            //Micro-optimisation: isset($str[$len]) is faster than (strlen($str) > $len),
            while (isset($line[self::MAX_LINE_LENGTH])) {
                //Working backwards, try to find a space within the last MAX_LINE_LENGTH chars of the line to break on
                //so as to avoid breaking in the middle of a word
                $pos = strrpos(substr($line, 0, self::MAX_LINE_LENGTH), ' ');
-                if (!$pos) { //Deliberately matches both false and 0
+                //Deliberately matches both false and 0
+                if (!$pos) {
                    //No nice break found, add a hard break
                    $pos = self::MAX_LINE_LENGTH - 1;
                    $lines_out[] = substr($line, 0, $pos);
@@ -584,9 +674,7 @@ class SMTP
                    //Move along by the amount we dealt with
                    $line = substr($line, $pos + 1);
                }
-                /* If processing headers add a LWSP-char to the front of new line
-                 * RFC822 section 3.1.1
-                 */
+                //If processing headers add a LWSP-char to the front of new line RFC822 section 3.1.1
                if ($in_headers) {
                    $line = "\t" . $line;
                }
@@ -604,7 +692,13 @@ class SMTP
        }

        //Message data has been sent, complete the command
-        return $this->sendCommand('DATA END', '.', 250);
+        //Increase timelimit for end of DATA command
+        $savetimelimit = $this->Timelimit;
+        $this->Timelimit = $this->Timelimit * 2;
+        $result = $this->sendCommand('DATA END', '.', 250);
+        //Restore timelimit
+        $this->Timelimit = $savetimelimit;
+        return $result;
    }

    /**
@@ -636,9 +730,56 @@ class SMTP
    {
        $noerror = $this->sendCommand($hello, $hello . ' ' . $host, 250);
        $this->helo_rply = $this->last_reply;
+        if ($noerror) {
+            $this->parseHelloFields($hello);
+        } else {
+            $this->server_caps = null;
+        }
        return $noerror;
    }

+    /**
+     * Parse a reply to HELO/EHLO command to discover server extensions.
+     * In case of HELO, the only parameter that can be discovered is a server name.
+     * @access protected
+     * @param string $type - 'HELO' or 'EHLO'
+     */
+    protected function parseHelloFields($type)
+    {
+        $this->server_caps = array();
+        $lines = explode("\n", $this->helo_rply);
+
+        foreach ($lines as $n => $s) {
+            //First 4 chars contain response code followed by - or space
+            $s = trim(substr($s, 4));
+            if (empty($s)) {
+                continue;
+            }
+            $fields = explode(' ', $s);
+            if (!empty($fields)) {
+                if (!$n) {
+                    $name = $type;
+                    $fields = $fields[0];
+                } else {
+                    $name = array_shift($fields);
+                    switch ($name) {
+                        case 'SIZE':
+                            $fields = ($fields ? $fields[0] : 0);
+                            break;
+                        case 'AUTH':
+                            if (!is_array($fields)) {
+                                $fields = array();
+                            }
+                            break;
+                        default:
+                            $fields = true;
+                    }
+                }
+                $this->server_caps[$name] = $fields;
+            }
+        }
+    }
+
    /**
     * Send an SMTP MAIL command.
     * Starts a mail transaction from the email address specified in
@@ -684,15 +825,15 @@ class SMTP
     * Sets the TO argument to $toaddr.
     * Returns true if the recipient was accepted false if it was rejected.
     * Implements from rfc 821: RCPT <SP> TO:<forward-path> <CRLF>
-     * @param string $toaddr The address the message is being sent to
+     * @param string $address The address the message is being sent to
     * @access public
     * @return boolean
     */
-    public function recipient($toaddr)
+    public function recipient($address)
    {
        return $this->sendCommand(
            'RCPT TO',
-            'RCPT TO:<' . $toaddr . '>',
+            'RCPT TO:<' . $address . '>',
            array(250, 251)
        );
    }
@@ -720,23 +861,43 @@ class SMTP
    protected function sendCommand($command, $commandstring, $expect)
    {
        if (!$this->connected()) {
-            $this->error = array(
-                'error' => "Called $command without being connected"
-            );
+            $this->setError("Called $command without being connected");
+            return false;
+        }
+        //Reject line breaks in all commands
+        if (strpos($commandstring, "\n") !== false or strpos($commandstring, "\r") !== false) {
+            $this->setError("Command '$command' contained line breaks");
            return false;
        }
        $this->client_send($commandstring . self::CRLF);

        $this->last_reply = $this->get_lines();
+        // Fetch SMTP code and possible error code explanation
+        $matches = array();
+        if (preg_match("/^([0-9]{3})[ -](?:([0-9]\\.[0-9]\\.[0-9]) )?/", $this->last_reply, $matches)) {
+            $code = $matches[1];
+            $code_ex = (count($matches) > 2 ? $matches[2] : null);
+            // Cut off error code from each response line
+            $detail = preg_replace(
+                "/{$code}[ -]".($code_ex ? str_replace('.', '\\.', $code_ex).' ' : '')."/m",
+                '',
+                $this->last_reply
+            );
+        } else {
+            // Fall back to simple parsing if regex fails
            $code = substr($this->last_reply, 0, 3);
+            $code_ex = null;
+            $detail = substr($this->last_reply, 4);
+        }

        $this->edebug('SERVER -> CLIENT: ' . $this->last_reply, self::DEBUG_SERVER);

        if (!in_array($code, (array)$expect)) {
-            $this->error = array(
-                'error' => "$command command failed",
-                'smtp_code' => $code,
-                'detail' => substr($this->last_reply, 4)
+            $this->setError(
+                "$command command failed",
+                $detail,
+                $code,
+                $code_ex
            );
            $this->edebug(
                'SMTP ERROR: ' . $this->error['error'] . ': ' . $this->last_reply,
@@ -745,7 +906,7 @@ class SMTP
            return false;
        }

-        $this->error = array();
+        $this->setError('');
        return true;
    }

@@ -800,9 +961,7 @@ class SMTP
     */
    public function turn()
    {
-        $this->error = array(
-            'error' => 'The SMTP TURN command is not implemented'
-        );
+        $this->setError('The SMTP TURN command is not implemented');
        $this->edebug('SMTP NOTICE: ' . $this->error['error'], self::DEBUG_CLIENT);
        return false;
    }
@@ -829,6 +988,57 @@ class SMTP
        return $this->error;
    }

+    /**
+     * Get SMTP extensions available on the server
+     * @access public
+     * @return array|null
+     */
+    public function getServerExtList()
+    {
+        return $this->server_caps;
+    }
+
+    /**
+     * A multipurpose method
+     * The method works in three ways, dependent on argument value and current state
+     *   1. HELO/EHLO was not sent - returns null and set up $this->error
+     *   2. HELO was sent
+     *     $name = 'HELO': returns server name
+     *     $name = 'EHLO': returns boolean false
+     *     $name = any string: returns null and set up $this->error
+     *   3. EHLO was sent
+     *     $name = 'HELO'|'EHLO': returns server name
+     *     $name = any string: if extension $name exists, returns boolean True
+     *       or its options. Otherwise returns boolean False
+     * In other words, one can use this method to detect 3 conditions:
+     *  - null returned: handshake was not or we don't know about ext (refer to $this->error)
+     *  - false returned: the requested feature exactly not exists
+     *  - positive value returned: the requested feature exists
+     * @param string $name Name of SMTP extension or 'HELO'|'EHLO'
+     * @return mixed
+     */
+    public function getServerExt($name)
+    {
+        if (!$this->server_caps) {
+            $this->setError('No HELO/EHLO was sent');
+            return null;
+        }
+
+        // the tight logic knot ;)
+        if (!array_key_exists($name, $this->server_caps)) {
+            if ($name == 'HELO') {
+                return $this->server_caps['EHLO'];
+            }
+            if ($name == 'EHLO' || array_key_exists('EHLO', $this->server_caps)) {
+                return false;
+            }
+            $this->setError('HELO handshake was used. Client knows nothing about server extensions');
+            return null;
+        }
+
+        return $this->server_caps[$name];
+    }
+
    /**
     * Get the last reply from the server.
     * @access public
@@ -862,10 +1072,9 @@ class SMTP
        }
        while (is_resource($this->smtp_conn) && !feof($this->smtp_conn)) {
            $str = @fgets($this->smtp_conn, 515);
-            $this->edebug("SMTP -> get_lines(): \$data was \"$data\"", self::DEBUG_LOWLEVEL);
+            $this->edebug("SMTP -> get_lines(): \$data is \"$data\"", self::DEBUG_LOWLEVEL);
            $this->edebug("SMTP -> get_lines(): \$str is  \"$str\"", self::DEBUG_LOWLEVEL);
            $data .= $str;
-            $this->edebug("SMTP -> get_lines(): \$data is \"$data\"", self::DEBUG_LOWLEVEL);
            // If 4th character is a space, we are done reading, break the loop, micro-optimisation over strlen
            if ((isset($str[3]) and $str[3] == ' ')) {
                break;
@@ -910,9 +1119,26 @@ class SMTP
        return $this->do_verp;
    }

+    /**
+     * Set error messages and codes.
+     * @param string $message The error message
+     * @param string $detail Further detail on the error
+     * @param string $smtp_code An associated SMTP error code
+     * @param string $smtp_code_ex Extended SMTP code
+     */
+    protected function setError($message, $detail = '', $smtp_code = '', $smtp_code_ex = '')
+    {
+        $this->error = array(
+            'error' => $message,
+            'detail' => $detail,
+            'smtp_code' => $smtp_code,
+            'smtp_code_ex' => $smtp_code_ex
+        );
+    }
+
    /**
     * Set debug output method.
-     * @param string $method The function/method to use for debugging output.
+     * @param string|callable $method The name of the mechanism to use for debugging output, or a callable to handle it.
     */
    public function setDebugOutput($method = 'echo')
    {
--- a/lib/classes/settings/class.Settings.php
+++ b/lib/classes/settings/class.Settings.php
@@ -124,6 +124,23 @@ class Settings {
 		return $result;
 	}

+	/**
+	 * tests if a setting-value that i s a comma separated list contains an entry
+	 *
+	 * @param string $setting a group and a varname separated by a dot (group.varname)
+	 * @param string $entry the entry that is expected to be in the list
+	 *
+	 * @return boolean true, if the list contains $entry
+	 */
+	public function pIsInList($setting = null, $entry = null) {
+		$s=Settings::Get($setting);
+		if ($s==null) {
+			return false;
+		}
+		$slist = explode(",",$s);
+		return in_array($entry, $slist);
+	}
+
 	/**
 	 * update a setting / set a new value
 	 *
@@ -184,6 +201,8 @@ class Settings {
 					'value' => $value
 			);
 			Database::pexecute($ins_stmt, $ins_data);
+			// also set new value to internal array and make it available
+			self::$_data[$sstr[0]][$sstr[1]] = $value;
 			return true;
 		}
 		return false;
--- a/lib/classes/ssl/class.lescript.php
+++ b/lib/classes/ssl/class.lescript.php
@@ -0,0 +1,565 @@
+<?php
+// Copyright (c) 2015, Stanislav Humplik <sh@analogic.cz>
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+// * Neither the name of the <organization> nor the
+// names of its contributors may be used to endorse or promote products
+// derived from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
+// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// This file is copied from https://github.com/analogic/lescript
+// and modified to work without files and integrate in Froxlor
+class lescript
+{
+
+	// https://letsencrypt.org/repository/
+	public $license;
+
+	private $logger;
+
+	private $client;
+
+	private $accountKey;
+
+	private $version;
+
+	public function __construct($logger, $version = '1')
+	{
+		$this->logger = $logger;
+		$this->version = $version;
+		if (Settings::Get('system.letsencryptca') == 'production') {
+			$ca = 'https://acme-v01.api.letsencrypt.org';
+		} else {
+			$ca = 'https://acme-staging.api.letsencrypt.org';
+		}
+		$this->client = new Client($ca);
+		$this->log("Using '$ca' to generate certificate");
+	}
+
+	public function initAccount($certrow, $isFroxlorVhost = false)
+	{
+		// Let's see if we have the private accountkey
+		$this->accountKey = $certrow['leprivatekey'];
+		if (! $this->accountKey || $this->accountKey == 'unset' || Settings::Get('system.letsencryptca') != 'production') {
+
+			// generate and save new private key for account
+			// ---------------------------------------------
+
+			$this->log('Starting new account registration');
+			$keys = $this->generateKey();
+			// Only store the accountkey in production, in staging always generate a new key
+			if (Settings::Get('system.letsencryptca') == 'production') {
+				if ($isFroxlorVhost) {
+					Settings::Set('system.lepublickey', $keys['public']);
+					Settings::Set('system.leprivatekey', $keys['private']);
+				} else {
+					$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private " . "WHERE `customerid` = :customerid;");
+					Database::pexecute($upd_stmt, array(
+						'public' => $keys['public'],
+						'private' => $keys['private'],
+						'customerid' => $certrow['customerid']
+					));
+				}
+			}
+			$this->accountKey = $keys['private'];
+
+			$response = $this->postNewReg();
+			if ($this->client->getLastCode() != 201) {
+				throw new \RuntimeException("Account not initialized, probably due to rate limiting. Whole response: " . json_encode($response));
+			}
+			$this->license = $this->client->getAgreementURL();
+
+			// Terms of Servce are optional according to ACME specs; if no ToS are presented, no need to update registration
+			if (!empty($this->license)) {
+				$this->postRegAgreement(parse_url($this->client->getLastLocation(), PHP_URL_PATH));
+			}
+			$this->log('New account certificate registered');
+		} else {
+
+			$this->log('Account already registered. Continuing.');
+		}
+	}
+
+	/**
+	 *
+	 * @param array $domains
+	 * @param string $domainkey
+	 * @param string $csr
+	 *        	optional, same behavior as $reuseCsr from the original class, but we're passing the content of the csr already
+	 *
+	 * @throws \RuntimeException
+	 * @return string[]
+	 */
+	public function signDomains(array $domains, $domainkey = null, $csr = null)
+	{
+		if (! $this->accountKey) {
+			throw new \RuntimeException("Account not initialized");
+		}
+
+		$this->log('Starting certificate generation process for domains');
+
+		$privateAccountKey = openssl_pkey_get_private($this->accountKey);
+		$accountKeyDetails = openssl_pkey_get_details($privateAccountKey);
+
+		// start domains authentication
+		// ----------------------------
+
+		foreach ($domains as $domain) {
+
+			// 1. getting available authentication options
+			// -------------------------------------------
+
+			$this->log("Requesting challenge for $domain");
+
+			$response = $this->signedRequest("/acme/new-authz", array(
+				"resource" => "new-authz",
+				"identifier" => array(
+					"type" => "dns",
+					"value" => $domain
+				)
+			));
+
+			// if response is not an array but a string, it's most likely a server-error, e.g.
+			// <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>An error occurred while processing your request.
+			// <p>Reference&#32;&#35;179&#46;d8be1402&#46;1458059103&#46;3613c4db</BODY></HTML>
+			if (! is_array($response)) {
+				throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . $response);
+			}
+
+			if (! array_key_exists('challenges', $response)) {
+				throw new RuntimeException("No challenges received for $domain. Whole response: " . json_encode($response));
+			}
+
+			// choose http-01 challenge only
+			$challenge = array_reduce($response['challenges'], function ($v, $w) {
+				return $v ? $v : ($w['type'] == 'http-01' ? $w : false);
+			});
+
+			if (! $challenge) {
+				throw new RuntimeException("HTTP Challenge for $domain is not available. Whole response: " . json_encode($response));
+			}
+
+			$this->log("Got challenge token for $domain");
+			$location = $this->client->getLastLocation();
+
+			// 2. saving authentication token for web verification
+			// ---------------------------------------------------
+
+			$directory = Settings::Get('system.letsencryptchallengepath') . '/.well-known/acme-challenge';
+			$tokenPath = $directory . '/' . $challenge['token'];
+
+			if (! file_exists($directory) && ! @mkdir($directory, 0755, true)) {
+				throw new \RuntimeException("Couldn't create directory to expose challenge: ${tokenPath}");
+			}
+
+			$header = array(
+				// need to be in precise order!
+				"e" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["e"]),
+				"kty" => "RSA",
+				"n" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["n"])
+			);
+			$payload = $challenge['token'] . '.' . Base64UrlSafeEncoder::encode(hash('sha256', json_encode($header), true));
+
+			file_put_contents($tokenPath, $payload);
+			chmod($tokenPath, 0644);
+
+			// 3. verification process itself
+			// -------------------------------
+
+			$uri = "http://${domain}/.well-known/acme-challenge/${challenge['token']}";
+
+			$this->log("Token for $domain saved at $tokenPath and should be available at $uri");
+
+			// simple self check
+			$selfcheckContextOptions = array('http' => array('header' => "User Agent: Froxlor/".$this->version));
+			$selfcheckContext = stream_context_create($selfcheckContextOptions);
+			if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) {
+				$errmsg = json_encode(error_get_last());
+				if ($errmsg != "null") {
+					$errmsg = "; PHP error: " . $errmsg;
+				} else {
+					$errmsg = "";
+				}
+				@unlink($tokenPath);
+				$this->logger->logAction(CRON_ACTION, LOG_ERR, "letsencrypt Please check $uri - token not available" . $errmsg);
+			}
+
+			$this->log("Sending request to challenge");
+
+			// send request to challenge
+			$result = $this->signedRequest($challenge['uri'], array(
+				"resource" => "challenge",
+				"type" => "http-01",
+				"keyAuthorization" => $payload,
+				"token" => $challenge['token']
+			));
+
+			// waiting loop
+			// we wait for a maximum of 30 seconds to avoid endless loops
+			$count = 0;
+			do {
+				if (empty($result['status']) || $result['status'] == "invalid") {
+					@unlink($tokenPath);
+					throw new \RuntimeException("Verification ended with error: " . json_encode($result));
+				}
+				$ended = ! ($result['status'] === "pending");
+
+				if (! $ended) {
+					$this->log("Verification pending, sleeping 1s");
+					sleep(1);
+					$count ++;
+				}
+
+				$result = $this->client->get($location);
+			} while (! $ended && $count < 30);
+
+			$this->log("Verification ended with status: ${result['status']}");
+			@unlink($tokenPath);
+		}
+
+		// requesting certificate
+		// ----------------------
+
+		// generate private key for domain if not exist
+		if (empty($domainkey) || Settings::Get('system.letsencryptreuseold') == 0) {
+			$keys = $this->generateKey();
+			$domainkey = $keys['private'];
+		}
+
+		// load domain key
+		$privateDomainKey = openssl_pkey_get_private($domainkey);
+
+		$this->client->getLastLinks();
+
+		if (empty($csr)) {
+			$csr = $this->generateCSR($privateDomainKey, $domains);
+		}
+
+		// request certificates creation
+		$result = $this->signedRequest("/acme/new-cert", array(
+			'resource' => 'new-cert',
+			'csr' => $csr
+		));
+		if ($this->client->getLastCode() !== 201) {
+			throw new \RuntimeException("Invalid response code: " . $this->client->getLastCode() . ", " . json_encode($result));
+		}
+		$location = $this->client->getLastLocation();
+
+		// waiting loop
+		$certificates = array();
+		while (1) {
+			$this->client->getLastLinks();
+
+			$result = $this->client->get($location);
+
+			if ($this->client->getLastCode() == 202) {
+
+				$this->log("Certificate generation pending, sleeping 1s");
+				sleep(1);
+			} else
+				if ($this->client->getLastCode() == 200) {
+
+					$this->log("Got certificate! YAY!");
+					$certificates[] = $this->parsePemFromBody($result);
+
+					foreach ($this->client->getLastLinks() as $link) {
+						$this->log("Requesting chained cert at $link");
+						$result = $this->client->get($link);
+						$certificates[] = $this->parsePemFromBody($result);
+					}
+
+					break;
+				} else {
+
+					throw new \RuntimeException("Can't get certificate: HTTP code " . $this->client->getLastCode());
+				}
+		}
+
+		if (empty($certificates))
+			throw new \RuntimeException('No certificates generated');
+
+		$fullchain = implode("\n", $certificates);
+		$crt = array_shift($certificates);
+		$chain = implode("\n", $certificates);
+
+		$this->log("Done, returning new certificates and key");
+		return array(
+			'fullchain' => $fullchain,
+			'crt' => $crt,
+			'chain' => $chain,
+			'key' => $domainkey,
+			'csr' => $csr
+		);
+	}
+
+	private function parsePemFromBody($body)
+	{
+		$pem = chunk_split(base64_encode($body), 64, "\n");
+		return "-----BEGIN CERTIFICATE-----\n" . $pem . "-----END CERTIFICATE-----\n";
+	}
+
+	private function postNewReg()
+	{
+		$this->log('Sending registration to letsencrypt server');
+
+		return $this->signedRequest('/acme/new-reg', array(
+			'resource' => 'new-reg',
+			'agreement' => $this->license
+		));
+	}
+
+	private function postRegAgreement($uri)
+	{
+		$this->log('Accepting agreement at URL: ' . $this->license);
+
+		return $this->signedRequest($uri, array(
+			'resource' => 'reg',
+			'agreement' => $this->license
+		));
+	}
+
+	private function generateCSR($privateKey, array $domains)
+	{
+		$domain = reset($domains);
+		$san = implode(",", array_map(function ($dns) {
+			return "DNS:" . $dns;
+		}, $domains));
+		$tmpConf = tmpfile();
+		$tmpConfMeta = stream_get_meta_data($tmpConf);
+		$tmpConfPath = $tmpConfMeta["uri"];
+
+		// workaround to get SAN working
+		fwrite($tmpConf, 'HOME = .
+RANDFILE = $ENV::HOME/.rnd
+[ req ]
+default_bits = ' . Settings::Get('system.letsencryptkeysize') . '
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+[ v3_req ]
+basicConstraints = CA:FALSE
+subjectAltName = ' . $san . '
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment');
+
+		$csr = openssl_csr_new(array(
+			"CN" => $domain,
+			"ST" => Settings::Get('system.letsencryptstate'),
+			"C" => Settings::Get('system.letsencryptcountrycode'),
+			"O" => "Unknown"
+		), $privateKey, array(
+			"config" => $tmpConfPath,
+			"digest_alg" => "sha256"
+		));
+
+		if (! $csr)
+			throw new \RuntimeException("CSR couldn't be generated! " . openssl_error_string());
+
+		openssl_csr_export($csr, $csr);
+		fclose($tmpConf);
+
+		preg_match('~REQUEST-----(.*)-----END~s', $csr, $matches);
+
+		return trim(Base64UrlSafeEncoder::encode(base64_decode($matches[1])));
+	}
+
+	private function generateKey()
+	{
+		$res = openssl_pkey_new(array(
+			"private_key_type" => OPENSSL_KEYTYPE_RSA,
+			"private_key_bits" => (int) Settings::Get('system.letsencryptkeysize')
+		));
+
+		if (! openssl_pkey_export($res, $privateKey)) {
+			throw new \RuntimeException("Key export failed!");
+		}
+
+		$details = openssl_pkey_get_details($res);
+
+		return array(
+			'private' => $privateKey,
+			'public' => $details['key']
+		);
+	}
+
+	private function signedRequest($uri, array $payload)
+	{
+		$privateKey = openssl_pkey_get_private($this->accountKey);
+		$details = openssl_pkey_get_details($privateKey);
+
+		$header = array(
+			"alg" => "RS256",
+			"jwk" => array(
+				"kty" => "RSA",
+				"n" => Base64UrlSafeEncoder::encode($details["rsa"]["n"]),
+				"e" => Base64UrlSafeEncoder::encode($details["rsa"]["e"])
+			)
+		);
+
+		$protected = $header;
+		$protected["nonce"] = $this->client->getLastNonce();
+
+		$payload64 = Base64UrlSafeEncoder::encode(str_replace('\\/', '/', json_encode($payload)));
+		$protected64 = Base64UrlSafeEncoder::encode(json_encode($protected));
+
+		openssl_sign($protected64 . '.' . $payload64, $signed, $privateKey, "SHA256");
+
+		$signed64 = Base64UrlSafeEncoder::encode($signed);
+
+		$data = array(
+			'header' => $header,
+			'protected' => $protected64,
+			'payload' => $payload64,
+			'signature' => $signed64
+		);
+
+		$this->log("Sending signed request to $uri");
+
+		return $this->client->post($uri, json_encode($data));
+	}
+
+	protected function log($message)
+	{
+		$this->logger->logAction(CRON_ACTION, LOG_INFO, "letsencrypt " . $message);
+	}
+}
+
+class Client
+{
+
+	private $lastCode;
+
+	private $lastHeader;
+
+	private $base;
+
+	public function __construct($base)
+	{
+		$this->base = $base;
+	}
+
+	private function curl($method, $url, $data = null)
+	{
+		$headers = array(
+			'Accept: application/json',
+			'Content-Type: application/json'
+		);
+		$handle = curl_init();
+		curl_setopt($handle, CURLOPT_URL, preg_match('~^http~', $url) ? $url : $this->base . $url);
+		curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
+		curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($handle, CURLOPT_HEADER, true);
+
+		// DO NOT DO THAT!
+		// curl_setopt($handle, CURLOPT_SSL_VERIFYHOST, false);
+		// curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, false);
+
+		switch ($method) {
+			case 'GET':
+				break;
+			case 'POST':
+				curl_setopt($handle, CURLOPT_POST, true);
+				curl_setopt($handle, CURLOPT_POSTFIELDS, $data);
+				break;
+		}
+		$response = curl_exec($handle);
+
+		if (curl_errno($handle)) {
+			throw new \RuntimeException('Curl: ' . curl_error($handle));
+		}
+
+		$header_size = curl_getinfo($handle, CURLINFO_HEADER_SIZE);
+
+		$header = substr($response, 0, $header_size);
+		$body = substr($response, $header_size);
+
+		$this->lastHeader = $header;
+		$this->lastCode = curl_getinfo($handle, CURLINFO_HTTP_CODE);
+
+		$data = json_decode($body, true);
+		return $data === null ? $body : $data;
+	}
+
+	public function post($url, $data)
+	{
+		return $this->curl('POST', $url, $data);
+	}
+
+	public function get($url)
+	{
+		return $this->curl('GET', $url);
+	}
+
+	public function getLastNonce()
+	{
+		if (preg_match('~Replay\-Nonce: (.+)~i', $this->lastHeader, $matches)) {
+			return trim($matches[1]);
+		}
+
+		$this->curl('GET', '/directory');
+		return $this->getLastNonce();
+	}
+
+	public function getLastLocation()
+	{
+		if (preg_match('~Location: (.+)~i', $this->lastHeader, $matches)) {
+			return trim($matches[1]);
+		}
+		return null;
+	}
+
+	public function getLastCode()
+	{
+		return $this->lastCode;
+	}
+
+	public function getLastLinks()
+	{
+		preg_match_all('~Link: <(.+)>;rel="up"~', $this->lastHeader, $matches);
+		return $matches[1];
+	}
+
+	public function getAgreementURL()
+	{
+		preg_match_all('~Link: <(.+)>;rel="terms-of-service"~', $this->lastHeader, $matches);
+		return $matches[1][0];
+	}
+
+}
+
+class Base64UrlSafeEncoder
+{
+
+	public static function encode($input)
+	{
+		return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
+	}
+
+	public static function decode($input)
+	{
+		$remainder = strlen($input) % 4;
+		if ($remainder) {
+			$padlen = 4 - $remainder;
+			$input .= str_repeat('=', $padlen);
+		}
+		return base64_decode(strtr($input, '-_', '+/'));
+	}
+}
--- a/lib/classes/webserver/class.DomainSSL.php
+++ b/lib/classes/webserver/class.DomainSSL.php
@@ -46,7 +46,7 @@ class DomainSSL {
 				|| $dom_certs['ssl_cert_file'] == ''
 		) {
 			// maybe its parent?
-			if ($domain['parentdomainid'] != 0) {
+			if (isset($domain['parentdomainid']) && $domain['parentdomainid'] != 0) {
 				$dom_certs = Database::pexecute_first($dom_certs_stmt, array('domid' => $domain['parentdomainid']));
 			}
 		}
--- a/lib/configfiles/gentoo.xml
+++ b/lib/configfiles/gentoo.xml
@@ -61,6 +61,18 @@
        Allow from env=REDIRECT_STATUS
    </Location>
 </IfModule>
+]]>
+						</content>
+					</file>
+					<file name="{{settings.system.letsencryptacmeconf}}">
+						<visibility mode="true">{{settings.system.leenabled}}
+						</visibility>
+						<content><![CDATA[
+Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
+<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
+	Order allow,deny
+	Allow from all
+</Directory>
 ]]>
 						</content>
 					</file>
@@ -81,6 +93,17 @@
        Require env REDIRECT_STATUS
    </Location>
 </IfModule>
+]]>
+						</content>
+					</file>
+					<file name="{{settings.system.letsencryptacmeconf}}">
+						<visibility mode="true">{{settings.system.leenabled}}
+						</visibility>
+						<content><![CDATA[
+Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
+<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
+	Require all granted
+</Directory>
 ]]>
 						</content>
 					</file>
@@ -107,6 +130,7 @@ server.modules = (
 	"mod_auth",
 	"mod_fastcgi",
 	"mod_cgi",
+	"mod_setenv",
 	"mod_accesslog"
 )

@@ -148,6 +172,9 @@ fastcgi.server = (
 		)
 	)
 )
+
+alias.url           += ("/.well-known/acme-challenge/" => "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge/")
+
 ]]>
 						</content>
 					</file>
@@ -210,8 +237,6 @@ http {
 					</file>
 					<file name="/etc/nginx/fastcgi_params">
 						<content><![CDATA[
-fastcgi_index index.php;
-
 fastcgi_connect_timeout 65;
 fastcgi_send_timeout    180;
 fastcgi_read_timeout    180;
@@ -239,6 +264,20 @@ fastcgi_param  SERVER_NAME        $server_name;

 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param  REDIRECT_STATUS    200;
+]]>
+						</content>
+					</file>
+					<file name="{{settings.system.letsencryptacmeconf}}">
+						<visibility mode="true">{{settings.system.leenabled}}
+						</visibility>
+						<content><![CDATA[
+location /.well-known/acme-challenge {
+	alias {{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge;
+
+	location ~ /.well-known/acme-challenge/(.*) {
+		default_type text/plain;
+	}
+}
 ]]>
 						</content>
 					</file>
@@ -349,15 +388,557 @@ mail	IN		A	<SERVERIP>
 					<command><![CDATA[rc-update add named default]]></command>
 					<command><![CDATA[/etc/init.d/named restart]]></command>
 				</daemon>
-				<daemon name="powerdns" title="PowerDNS via bind-backend">
+				<daemon name="powerdns" title="PowerDNS (standalone)">
 					<install><![CDATA[emerge net-dns/pdns]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
 						<content><![CDATA[
 # Autogenerated configuration file template
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+
+#################################
+# allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
+#
+# allow-dnsupdate-from=127.0.0.0/8,::1
+
+#################################
+# allow-recursion	List of subnets that are allowed to recurse
+#
+allow-recursion=127.0.0.1
+
+#################################
+# also-notify	When notifying a domain, also notify these nameservers
+#
+# also-notify=
+
+#################################
+# any-to-tcp	Answer ANY queries with tc=1, shunting to TCP
+#
+# any-to-tcp=no
+
+#################################
+# cache-ttl	Seconds to store packets in the PacketCache
+#
+# cache-ttl=20
+
+#################################
+# carbon-interval	Number of seconds between carbon (graphite) updates
+#
+# carbon-interval=30
+
+#################################
+# carbon-ourname	If set, overrides our reported hostname for carbon stats
+#
+# carbon-ourname=
+
+#################################
+# carbon-server	If set, send metrics in carbon (graphite) format to this server
+#
+# carbon-server=
+
+#################################
+# chroot	If set, chroot to this directory for more security
+#
+# chroot=
+
+#################################
+# config-dir	Location of configuration directory (pdns.conf)
+#
+config-dir=/etc/powerdns
+
+#################################
+# config-name	Name of this virtual configuration - will rename the binary image
+#
+# config-name=
+
+#################################
+# control-console	Debugging switch - don't use
+#
+# control-console=no
+
+#################################
+# daemon	Operate as a daemon
+#
+daemon=yes
+
+#################################
+# default-ksk-algorithms	Default KSK algorithms
+#
+# default-ksk-algorithms=rsasha256
+
+#################################
+# default-ksk-size	Default KSK size (0 means default)
+#
+# default-ksk-size=0
+
+#################################
+# default-soa-mail	mail address to insert in the SOA record if none set in the backend
+#
+# default-soa-mail=
+
+#################################
+# default-soa-name	name to insert in the SOA record if none set in the backend
+#
+# default-soa-name=a.misconfigured.powerdns.server
+
+#################################
+# default-ttl	Seconds a result is valid if not set otherwise
+#
+# default-ttl=3600
+
+#################################
+# default-zsk-algorithms	Default ZSK algorithms
+#
+# default-zsk-algorithms=rsasha256
+
+#################################
+# default-zsk-size	Default ZSK size (0 means default)
+#
+# default-zsk-size=0
+
+#################################
+# direct-dnskey	Fetch DNSKEY RRs from backend during DNSKEY synthesis
+#
+# direct-dnskey=no
+
+#################################
+# disable-axfr	Disable zonetransfers but do allow TCP queries
+#
+# disable-axfr=no
+
+#################################
+# disable-axfr-rectify	Disable the rectify step during an outgoing AXFR. Only required for regression testing.
+#
+# disable-axfr-rectify=no
+
+#################################
+# disable-tcp	Do not listen to TCP queries
+#
+# disable-tcp=no
+
+#################################
+# distributor-threads	Default number of Distributor (backend) threads to start
+#
+# distributor-threads=3
+
+#################################
+# do-ipv6-additional-processing	Do AAAA additional processing
+#
+# do-ipv6-additional-processing=yes
+
+#################################
+# edns-subnet-processing	If we should act on EDNS Subnet options
+#
+# edns-subnet-processing=no
+
+#################################
+# entropy-source	If set, read entropy from this file
+#
+# entropy-source=/dev/urandom
+
+#################################
+# experimental-api-key	REST API Static authentication key (required for API use)
+#
+# experimental-api-key=
+
+#################################
+# experimental-api-readonly	If the JSON API should disallow data modification
+#
+# experimental-api-readonly=no
+
+#################################
+# experimental-dname-processing	If we should support DNAME records
+#
+# experimental-dname-processing=no
+
+#################################
+# experimental-dnsupdate	Enable/Disable DNS update (RFC2136) support. Default is no.
+#
+# experimental-dnsupdate=no
+
+#################################
+# experimental-json-interface	If the webserver should serve JSON data
+#
+# experimental-json-interface=no
+
+#################################
+# experimental-logfile	Filename of the log file for JSON parser
+#
+# experimental-logfile=/var/log/pdns.log
+
+#################################
+# forward-dnsupdate	A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.
+#
+# forward-dnsupdate=yes
+
+#################################
+# guardian	Run within a guardian process
+#
+guardian=yes
+
+#################################
+# include-dir	Include *.conf files from this directory
+#
+# include-dir=
+
+#################################
+# launch	Which backends to launch and order to query them in
+#
+# launch=
+
+#################################
+# load-modules	Load this module - supply absolute or relative path
+#
+# load-modules=
+
+#################################
+# local-address	Local IP addresses to which we bind
+#
+local-address=<SERVERIP>,127.0.0.1
+
+#################################
+# local-address-nonexist-fail	Fail to start if one or more of the local-address's do not exist on this server
+#
+# local-address-nonexist-fail=yes
+
+#################################
+# local-ipv6	Local IP address to which we bind
+#
+# local-ipv6=
+
+#################################
+# local-ipv6-nonexist-fail	Fail to start if one or more of the local-ipv6 addresses do not exist on this server
+#
+# local-ipv6-nonexist-fail=yes
+
+#################################
+# local-port	The port on which we listen
+#
+local-port=53
+
+#################################
+# log-dns-details	If PDNS should log DNS non-erroneous details
+#
+log-dns-details=yes
+
+#################################
+# log-dns-queries	If PDNS should log all incoming DNS queries
+#
+# log-dns-queries=no
+
+#################################
+# logging-facility	Log under a specific facility
+#
+# logging-facility=
+
+#################################
+# loglevel	Amount of logging. Higher is more. Do not set below 3
+#
+# loglevel=4
+
+#################################
+# lua-prequery-script	Lua script with prequery handler
+#
+# lua-prequery-script=
+
+#################################
+# master	Act as a master
+#
+master=yes
+
+#################################
+# max-cache-entries	Maximum number of cache entries
+#
+# max-cache-entries=1000000
+
+#################################
+# max-ent-entries	Maximum number of empty non-terminals in a zone
+#
+# max-ent-entries=100000
+
+#################################
+# max-nsec3-iterations	Limit the number of NSEC3 hash iterations
+#
+# max-nsec3-iterations=500
+
+#################################
+# max-queue-length	Maximum queuelength before considering situation lost
+#
+# max-queue-length=5000
+
+#################################
+# max-signature-cache-entries	Maximum number of signatures cache entries
+#
+# max-signature-cache-entries=
+
+#################################
+# max-tcp-connections	Maximum number of TCP connections
+#
+# max-tcp-connections=10
+
+#################################
+# module-dir	Default directory for modules
+#
+module-dir=/usr/lib/powerdns/pdns/
+
+#################################
+# negquery-cache-ttl	Seconds to store negative query results in the QueryCache
+#
+# negquery-cache-ttl=60
+
+#################################
+# no-shuffle	Set this to prevent random shuffling of answers - for regression testing
+#
+# no-shuffle=off
+
+#################################
+# only-notify	Only send AXFR NOTIFY to these IP addresses or netmasks
+#
+# only-notify=0.0.0.0/0,::/0
+
+#################################
+# out-of-zone-additional-processing	Do out of zone additional processing
+#
+# out-of-zone-additional-processing=yes
+
+#################################
+# overload-queue-length	Maximum queuelength moving to packetcache only
+#
+# overload-queue-length=0
+
+#################################
+# pipebackend-abi-version	Version of the pipe backend ABI
+#
+# pipebackend-abi-version=1
+
+#################################
+# prevent-self-notification	Don't send notifications to what we think is ourself
+#
+# prevent-self-notification=yes
+
+#################################
+# query-cache-ttl	Seconds to store query results in the QueryCache
+#
+# query-cache-ttl=20
+
+#################################
+# query-local-address	Source IP address for sending queries
+#
+# query-local-address=0.0.0.0
+
+#################################
+# query-local-address6	Source IPv6 address for sending queries
+#
+# query-local-address6=::
+
+#################################
+# query-logging	Hint backends that queries should be logged
+#
+# query-logging=no
+
+#################################
+# queue-limit	Maximum number of milliseconds to queue a query
+#
+# queue-limit=1500
+
+#################################
+# receiver-threads	Default number of receiver threads to start
+#
+# receiver-threads=1
+
+#################################
+# recursive-cache-ttl	Seconds to store packets for recursive queries in the PacketCache
+#
+# recursive-cache-ttl=10
+
+#################################
+# recursor	If recursion is desired, IP address of a recursing nameserver
+#
+# recursor=no
+
+#################################
+# retrieval-threads	Number of AXFR-retrieval threads for slave operation
+#
+# retrieval-threads=2
+
+#################################
+# reuseport	Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket
+#
+# reuseport=no
+
+#################################
+# security-poll-suffix	Domain name from which to query security update notifications
+#
+# security-poll-suffix=secpoll.powerdns.com.
+
+#################################
+# send-root-referral	Send out old-fashioned root-referral instead of ServFail in case of no authority
+#
+# send-root-referral=no
+
+#################################
+# server-id	Returned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom
+#
+# server-id=
+
+#################################
+# setgid	If set, change group id to this gid for more security
+#
+setgid=pdns
+
+#################################
+# setuid	If set, change user id to this uid for more security
+#
+setuid=pdns
+
+#################################
+# signing-threads	Default number of signer threads to start
+#
+# signing-threads=3
+
+#################################
+# slave	Act as a slave
+#
+# slave=no
+
+#################################
+# slave-cycle-interval	Reschedule failed SOA serial checks once every .. seconds
+#
+# slave-cycle-interval=60
+
+#################################
+# slave-renotify	If we should send out notifications for slaved updates
+#
+# slave-renotify=no
+
+#################################
+# soa-expire-default	Default SOA expire
+#
+# soa-expire-default=604800
+
+#################################
+# soa-minimum-ttl	Default SOA minimum ttl
+#
+# soa-minimum-ttl=3600
+
+#################################
+# soa-refresh-default	Default SOA refresh
+#
+# soa-refresh-default=10800
+
+#################################
+# soa-retry-default	Default SOA retry
+#
+# soa-retry-default=3600
+
+#################################
+# socket-dir	Where the controlsocket will live
+#
+socket-dir=/var/run
+
+#################################
+# tcp-control-address	If set, PowerDNS can be controlled over TCP on this address
+#
+# tcp-control-address=
+
+#################################
+# tcp-control-port	If set, PowerDNS can be controlled over TCP on this address
+#
+# tcp-control-port=53000
+
+#################################
+# tcp-control-range	If set, remote control of PowerDNS is possible over these networks only
+#
+# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10
+
+#################################
+# tcp-control-secret	If set, PowerDNS can be controlled over TCP after passing this secret
+#
+# tcp-control-secret=
+
+#################################
+# traceback-handler	Enable the traceback handler (Linux only)
+#
+# traceback-handler=yes
+
+#################################
+# trusted-notification-proxy	IP address of incoming notification proxy
+#
+# trusted-notification-proxy=
+
+#################################
+# udp-truncation-threshold	Maximum UDP response size before we truncate
+#
+# udp-truncation-threshold=1680
+
+#################################
+# version-string	PowerDNS version in packets - full, anonymous, powerdns or custom
+#
+version-string=powerdns
+
+#################################
+# webserver	Start a webserver for monitoring
+#
+# webserver=no
+
+#################################
+# webserver-address	IP Address of webserver to listen on
+#
+# webserver-address=127.0.0.1
+
+#################################
+# webserver-allow-from	Webserver access is only allowed from these subnets
+#
+# webserver-allow-from=0.0.0.0/0,::/0
+
+#################################
+# webserver-password	Password required for accessing the webserver
+#
+# webserver-password=
+
+#################################
+# webserver-port	Port of webserver to listen on
+#
+# webserver-port=8081
+
+#################################
+# webserver-print-arguments	If the webserver should print arguments
+#
+# webserver-print-arguments=no
+
+# include froxlor-specific config
+include-dir=/etc/powerdns/froxlor/
+]]>
+						</content>
+					</file>
+					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
+					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
+						chmod="600">
+						<content><![CDATA[
+# mysql-settings / you need to create the power-dns database for yourself!
+launch=gmysql
+gmysql-host=127.0.0.1
+gmysql-port=3306
+gmysql-dbname=pdns
+gmysql-user=powerdns
+gmysql-group=client
+gmysql-password=
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/pdns restart]]></command>
+				</daemon>
+				<daemon name="powerdns_bind" title="PowerDNS via bind-backend">
+					<install><![CDATA[emerge net-dns/pdns]]></install>
+					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+						<content><![CDATA[
+# Autogenerated configuration file template
+#################################
+# allow-axfr-ips	Allow zonetransfers only to these subnets
+#
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>

 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -870,12 +1451,13 @@ version-string=powerdns
 # webserver-print-arguments=no

 # include froxlor-bind-specific config
-include=/etc/powerdns/pdns_froxlor.conf
+include-dir=/etc/powerdns/froxlor/
 ]]>
 						</content>
 					</file>
-					<file name="/etc/powerdns/pdns_froxlor.conf" chown="root:0"
-						chmod="644">
+					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
+					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
+						chmod="600">
 						<content><![CDATA[
 #local-ipv6=YOUR_IPv6_(if_any)
 bind-config=<BIND_CONFIG_PATH>named.conf
@@ -1028,11 +1610,11 @@ program_directory = /usr/libexec/postfix
 sendmail_path = /usr/sbin/sendmail

 ## General Postfix configuration
-# should be the default domain from your provider eg. "server100.provider.tld"
+# FQDN from Froxlor
 mydomain = <SERVERNAME>

-# should be different from $mydomain eg. "mail.$mydomain"
-myhostname = mail.$mydomain
+# set myhostname to $mydomain because Froxlor alrady uses a FQDN
+myhostname = $mydomain

 mydestination = $myhostname,
 	$mydomain,
@@ -2838,6 +3420,11 @@ MAILDIRPATH=.maildir
 				<daemon name="proftpd" title="ProFTPd" default="true">
 					<command><![CDATA[echo "net-ftp/proftpd mysql" >> /etc/portage/package.use]]></command>
 					<install><![CDATA[emerge net-ftp/proftpd]]></install>
+					<commands>
+						<command><![CDATA[[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
+						<command><![CDATA[[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
+						<command><![CDATA[chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key]]></command>
+					</commands>
 					<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
 						backup="true">
 						<content><![CDATA[
@@ -2914,20 +3501,23 @@ SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, b
 SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies

 # TLS settings
-#<IfModule mod_tls.c>
-#TLSEngine					on
-#TLSLog						/var/log/proftpd-tls.log
-#TLSProtocol					SSLv23
+<IfModule mod_tls.c>
+TLSEngine on
+TLSLog /var/log/proftpd-tls.log
+TLSProtocol TLSv1 TLSv1.1 TLSv1.2
 #TLSTimeoutHandshake 120
 # Really important for WinClients and some clients
-#TLSOptions					NoCertRequest NoSessionReuseRequired
-#TLSRSACertificateFile		/etc/ssl/server/<SERVERNAME>.crt
-#TLSRSACertificateKeyFile	/etc/ssl/server/<SERVERNAME>.key
+TLSOptions NoCertRequest NoSessionReuseRequired
+TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
+TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
+TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt
+TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key
+
 # Authenticate client that want to use FTP over TLS?
-#TLSVerifyClient			off
+TLSVerifyClient off
 # Uncomment the following line to force tls login
-#TLSRequired				off
-#</IfModule>
+#TLSRequired on
+</IfModule>

 # LOG settings
 # Logging Formats
@@ -3244,7 +3834,7 @@ aliases:     files
 					<commands index="2">
 						<visibility mode="equals" value="apache2">{{settings.system.webserver}}
 						</visibility>
-						<command><![CDATA[a2enmod suexec fcgid]]></command>
+						<command><![CDATA[# add "-D SUEXEC -D FCGID" to /etc/conf.d/apache2]]></command>
 					</commands>
 					<commands index="3">
 						<visibility mode="true">{{settings.system.mod_fcgid_ownvhost}}
@@ -3285,7 +3875,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>
--- a/lib/configfiles/jessie.xml
+++ b/lib/configfiles/jessie.xml
@@ -38,15 +38,16 @@
 						<command>
 							<visibility mode="notempty">{{settings.system.deactivateddocroot}}
 							</visibility>
-							<content><![CDATA['mkdir -p {{settings.system.deactivateddocroot}}]]></content>
+							<content><![CDATA[mkdir -p {{settings.system.deactivateddocroot}}]]></content>
 						</command>
-						<command><![CDATA[a2dismod userdir]]></command>
 					</commands>
 				</general>
 				<!-- HTTP Apache -->
 				<daemon name="apache" version="2.4" title="Apache 2.4" default="true">
 					<install><![CDATA[apt-get install apache2]]></install>
 					<include>//service[@type='http']/general/commands</include>
+					<command><![CDATA[a2dismod userdir]]></command>
+					<command><![CDATA[a2enmod headers]]></command>
 					<command>
 						<visibility mode="true">{{settings.phpfpm.enabled}}
 						</visibility>
@@ -64,6 +65,17 @@
        Require env REDIRECT_STATUS
    </Location>
 </IfModule>
+]]>
+						</content>
+					</file>
+					<file name="{{settings.system.letsencryptacmeconf}}">
+						<visibility mode="true">{{settings.system.leenabled}}
+						</visibility>
+						<content><![CDATA[
+Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
+<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
+	Require all granted
+</Directory>
 ]]>
 						</content>
 					</file>
@@ -80,6 +92,7 @@ server.modules = (
 	"mod_compress",
 	"mod_redirect",
 	"mod_rewrite",
+	"mod_setenv",
 )

 server.document-root        = "/var/www"
@@ -98,6 +111,8 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 compress.cache-dir          = "/var/cache/lighttpd/compress/"
 compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )

+alias.url                  += ("/.well-known/acme-challenge/" => "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge/")
+
 # default listening port for IPv6 falls back to the IPv4 port
 include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
 include_shell "/usr/share/lighttpd/create-mime.assign.pl"
@@ -242,8 +257,6 @@ http {
 					</file>
 					<file name="/etc/nginx/fastcgi_params">
 						<content><![CDATA[
-fastcgi_index index.php;
-
 fastcgi_connect_timeout 65;
 fastcgi_send_timeout    180;
 fastcgi_read_timeout    180;
@@ -271,6 +284,20 @@ fastcgi_param  SERVER_NAME        $server_name;

 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param  REDIRECT_STATUS    200;
+]]>
+						</content>
+					</file>
+					<file name="{{settings.system.letsencryptacmeconf}}">
+						<visibility mode="true">{{settings.system.leenabled}}
+						</visibility>
+						<content><![CDATA[
+location /.well-known/acme-challenge {
+	alias {{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge;
+
+	location ~ /.well-known/acme-challenge/(.*) {
+		default_type text/plain;
+	}
+}
 ]]>
 						</content>
 					</file>
@@ -346,9 +373,550 @@ exit "$RETVAL"
 					<command><![CDATA[chmod 0644 {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
 					<command><![CDATA[/etc/init.d/bind9 restart]]></command>
 				</daemon>
-				<daemon name="powerdns" title="PowerDNS via bind-backend">
+				<daemon name="powerdns" title="PowerDNS (standalone)">
+					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
+					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+						<content><![CDATA[
+#################################
+# allow-axfr-ips	Allow zonetransfers only to these subnets
+#
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+
+#################################
+# allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
+#
+# allow-dnsupdate-from=127.0.0.0/8,::1
+
+#################################
+# allow-recursion	List of subnets that are allowed to recurse
+#
+allow-recursion=127.0.0.1
+
+#################################
+# also-notify	When notifying a domain, also notify these nameservers
+#
+# also-notify=
+
+#################################
+# any-to-tcp	Answer ANY queries with tc=1, shunting to TCP
+#
+# any-to-tcp=no
+
+#################################
+# cache-ttl	Seconds to store packets in the PacketCache
+#
+# cache-ttl=20
+
+#################################
+# carbon-interval	Number of seconds between carbon (graphite) updates
+#
+# carbon-interval=30
+
+#################################
+# carbon-ourname	If set, overrides our reported hostname for carbon stats
+#
+# carbon-ourname=
+
+#################################
+# carbon-server	If set, send metrics in carbon (graphite) format to this server
+#
+# carbon-server=
+
+#################################
+# chroot	If set, chroot to this directory for more security
+#
+# chroot=
+
+#################################
+# config-dir	Location of configuration directory (pdns.conf)
+#
+config-dir=/etc/powerdns
+
+#################################
+# config-name	Name of this virtual configuration - will rename the binary image
+#
+# config-name=
+
+#################################
+# control-console	Debugging switch - don't use
+#
+# control-console=no
+
+#################################
+# daemon	Operate as a daemon
+#
+daemon=yes
+
+#################################
+# default-ksk-algorithms	Default KSK algorithms
+#
+# default-ksk-algorithms=rsasha256
+
+#################################
+# default-ksk-size	Default KSK size (0 means default)
+#
+# default-ksk-size=0
+
+#################################
+# default-soa-mail	mail address to insert in the SOA record if none set in the backend
+#
+# default-soa-mail=
+
+#################################
+# default-soa-name	name to insert in the SOA record if none set in the backend
+#
+# default-soa-name=a.misconfigured.powerdns.server
+
+#################################
+# default-ttl	Seconds a result is valid if not set otherwise
+#
+# default-ttl=3600
+
+#################################
+# default-zsk-algorithms	Default ZSK algorithms
+#
+# default-zsk-algorithms=rsasha256
+
+#################################
+# default-zsk-size	Default ZSK size (0 means default)
+#
+# default-zsk-size=0
+
+#################################
+# direct-dnskey	Fetch DNSKEY RRs from backend during DNSKEY synthesis
+#
+# direct-dnskey=no
+
+#################################
+# disable-axfr	Disable zonetransfers but do allow TCP queries
+#
+# disable-axfr=no
+
+#################################
+# disable-axfr-rectify	Disable the rectify step during an outgoing AXFR. Only required for regression testing.
+#
+# disable-axfr-rectify=no
+
+#################################
+# disable-tcp	Do not listen to TCP queries
+#
+# disable-tcp=no
+
+#################################
+# distributor-threads	Default number of Distributor (backend) threads to start
+#
+# distributor-threads=3
+
+#################################
+# do-ipv6-additional-processing	Do AAAA additional processing
+#
+# do-ipv6-additional-processing=yes
+
+#################################
+# edns-subnet-processing	If we should act on EDNS Subnet options
+#
+# edns-subnet-processing=no
+
+#################################
+# entropy-source	If set, read entropy from this file
+#
+# entropy-source=/dev/urandom
+
+#################################
+# experimental-api-key	REST API Static authentication key (required for API use)
+#
+# experimental-api-key=
+
+#################################
+# experimental-api-readonly	If the JSON API should disallow data modification
+#
+# experimental-api-readonly=no
+
+#################################
+# experimental-dname-processing	If we should support DNAME records
+#
+# experimental-dname-processing=no
+
+#################################
+# experimental-dnsupdate	Enable/Disable DNS update (RFC2136) support. Default is no.
+#
+# experimental-dnsupdate=no
+
+#################################
+# experimental-json-interface	If the webserver should serve JSON data
+#
+# experimental-json-interface=no
+
+#################################
+# experimental-logfile	Filename of the log file for JSON parser
+#
+# experimental-logfile=/var/log/pdns.log
+
+#################################
+# forward-dnsupdate	A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.
+#
+# forward-dnsupdate=yes
+
+#################################
+# guardian	Run within a guardian process
+#
+guardian=yes
+
+#################################
+# include-dir	Include *.conf files from this directory
+#
+# include-dir=
+
+#################################
+# launch	Which backends to launch and order to query them in
+#
+# launch=
+
+#################################
+# load-modules	Load this module - supply absolute or relative path
+#
+# load-modules=
+
+#################################
+# local-address	Local IP addresses to which we bind
+#
+local-address=<SERVERIP>,127.0.0.1
+
+#################################
+# local-address-nonexist-fail	Fail to start if one or more of the local-address's do not exist on this server
+#
+# local-address-nonexist-fail=yes
+
+#################################
+# local-ipv6	Local IP address to which we bind
+#
+# local-ipv6=
+
+#################################
+# local-ipv6-nonexist-fail	Fail to start if one or more of the local-ipv6 addresses do not exist on this server
+#
+# local-ipv6-nonexist-fail=yes
+
+#################################
+# local-port	The port on which we listen
+#
+# local-port=53
+
+#################################
+# log-dns-details	If PDNS should log DNS non-erroneous details
+#
+# log-dns-details=no
+
+#################################
+# log-dns-queries	If PDNS should log all incoming DNS queries
+#
+# log-dns-queries=no
+
+#################################
+# logging-facility	Log under a specific facility
+#
+# logging-facility=
+
+#################################
+# loglevel	Amount of logging. Higher is more. Do not set below 3
+#
+# loglevel=4
+
+#################################
+# lua-prequery-script	Lua script with prequery handler
+#
+# lua-prequery-script=
+
+#################################
+# master	Act as a master
+#
+master=yes
+
+#################################
+# max-cache-entries	Maximum number of cache entries
+#
+# max-cache-entries=1000000
+
+#################################
+# max-ent-entries	Maximum number of empty non-terminals in a zone
+#
+# max-ent-entries=100000
+
+#################################
+# max-nsec3-iterations	Limit the number of NSEC3 hash iterations
+#
+# max-nsec3-iterations=500
+
+#################################
+# max-queue-length	Maximum queuelength before considering situation lost
+#
+# max-queue-length=5000
+
+#################################
+# max-signature-cache-entries	Maximum number of signatures cache entries
+#
+# max-signature-cache-entries=
+
+#################################
+# max-tcp-connections	Maximum number of TCP connections
+#
+# max-tcp-connections=10
+
+#################################
+# module-dir	Default directory for modules
+#
+# module-dir=/usr/lib/TRIPLET/pdns
+
+#################################
+# negquery-cache-ttl	Seconds to store negative query results in the QueryCache
+#
+# negquery-cache-ttl=60
+
+#################################
+# no-shuffle	Set this to prevent random shuffling of answers - for regression testing
+#
+# no-shuffle=off
+
+#################################
+# only-notify	Only send AXFR NOTIFY to these IP addresses or netmasks
+#
+# only-notify=0.0.0.0/0,::/0
+
+#################################
+# out-of-zone-additional-processing	Do out of zone additional processing
+#
+# out-of-zone-additional-processing=yes
+
+#################################
+# overload-queue-length	Maximum queuelength moving to packetcache only
+#
+# overload-queue-length=0
+
+#################################
+# pipebackend-abi-version	Version of the pipe backend ABI
+#
+# pipebackend-abi-version=1
+
+#################################
+# prevent-self-notification	Don't send notifications to what we think is ourself
+#
+# prevent-self-notification=yes
+
+#################################
+# query-cache-ttl	Seconds to store query results in the QueryCache
+#
+# query-cache-ttl=20
+
+#################################
+# query-local-address	Source IP address for sending queries
+#
+# query-local-address=0.0.0.0
+
+#################################
+# query-local-address6	Source IPv6 address for sending queries
+#
+# query-local-address6=::
+
+#################################
+# query-logging	Hint backends that queries should be logged
+#
+# query-logging=no
+
+#################################
+# queue-limit	Maximum number of milliseconds to queue a query
+#
+# queue-limit=1500
+
+#################################
+# receiver-threads	Default number of receiver threads to start
+#
+# receiver-threads=1
+
+#################################
+# recursive-cache-ttl	Seconds to store packets for recursive queries in the PacketCache
+#
+# recursive-cache-ttl=10
+
+#################################
+# recursor	If recursion is desired, IP address of a recursing nameserver
+#
+# recursor=no
+
+#################################
+# retrieval-threads	Number of AXFR-retrieval threads for slave operation
+#
+# retrieval-threads=2
+
+#################################
+# reuseport	Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket
+#
+# reuseport=no
+
+#################################
+# security-poll-suffix	Domain name from which to query security update notifications
+#
+# security-poll-suffix=secpoll.powerdns.com.
+
+#################################
+# send-root-referral	Send out old-fashioned root-referral instead of ServFail in case of no authority
+#
+# send-root-referral=no
+
+#################################
+# server-id	Returned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom
+#
+# server-id=
+
+#################################
+# setgid	If set, change group id to this gid for more security
+#
+setgid=pdns
+
+#################################
+# setuid	If set, change user id to this uid for more security
+#
+setuid=pdns
+
+#################################
+# signing-threads	Default number of signer threads to start
+#
+# signing-threads=3
+
+#################################
+# slave	Act as a slave
+#
+# slave=no
+
+#################################
+# slave-cycle-interval	Reschedule failed SOA serial checks once every .. seconds
+#
+# slave-cycle-interval=60
+
+#################################
+# slave-renotify	If we should send out notifications for slaved updates
+#
+# slave-renotify=no
+
+#################################
+# soa-expire-default	Default SOA expire
+#
+# soa-expire-default=604800
+
+#################################
+# soa-minimum-ttl	Default SOA minimum ttl
+#
+# soa-minimum-ttl=3600
+
+#################################
+# soa-refresh-default	Default SOA refresh
+#
+# soa-refresh-default=10800
+
+#################################
+# soa-retry-default	Default SOA retry
+#
+# soa-retry-default=3600
+
+#################################
+# socket-dir	Where the controlsocket will live
+#
+# socket-dir=/var/run
+
+#################################
+# tcp-control-address	If set, PowerDNS can be controlled over TCP on this address
+#
+# tcp-control-address=
+
+#################################
+# tcp-control-port	If set, PowerDNS can be controlled over TCP on this address
+#
+# tcp-control-port=53000
+
+#################################
+# tcp-control-range	If set, remote control of PowerDNS is possible over these networks only
+#
+# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10
+
+#################################
+# tcp-control-secret	If set, PowerDNS can be controlled over TCP after passing this secret
+#
+# tcp-control-secret=
+
+#################################
+# traceback-handler	Enable the traceback handler (Linux only)
+#
+# traceback-handler=yes
+
+#################################
+# trusted-notification-proxy	IP address of incoming notification proxy
+#
+# trusted-notification-proxy=
+
+#################################
+# udp-truncation-threshold	Maximum UDP response size before we truncate
+#
+# udp-truncation-threshold=1680
+
+#################################
+# version-string	PowerDNS version in packets - full, anonymous, powerdns or custom
+#
+
+version-string=powerdns
+#################################
+# webserver	Start a webserver for monitoring
+#
+# webserver=no
+
+#################################
+# webserver-address	IP Address of webserver to listen on
+#
+# webserver-address=127.0.0.1
+
+#################################
+# webserver-allow-from	Webserver access is only allowed from these subnets
+#
+# webserver-allow-from=0.0.0.0/0,::/0
+
+#################################
+# webserver-password	Password required for accessing the webserver
+#
+# webserver-password=
+
+#################################
+# webserver-port	Port of webserver to listen on
+#
+# webserver-port=8081
+
+#################################
+# webserver-print-arguments	If the webserver should print arguments
+#
+# webserver-print-arguments=no
+
+# include froxlor-bind-specific config
+include-dir=/etc/powerdns/froxlor/
+]]>
+						</content>
+					</file>
+					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
+					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
+						chmod="600">
+						<content><![CDATA[
+# mysql-settings / you need to create the power-dns database for yourself!
+launch=gmysql
+gmysql-host=127.0.0.1
+gmysql-port=3306
+gmysql-dbname=pdns
+gmysql-user=powerdns
+gmysql-group=client
+gmysql-password=
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/pdns restart]]></command>
+				</daemon>
+				<daemon name="powerdns_bind" title="PowerDNS via bind-backend">
 					<install><![CDATA[apt-get install pdns-server]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
 						<content><![CDATA[
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
@@ -539,7 +1107,6 @@ guardian=yes
 # include-dir	Include *.conf files from this directory
 #
 # include-dir=
-include-dir=/etc/powerdns/pdns.d

 #################################
 # launch	Which backends to launch and order to query them in
@@ -867,11 +1434,14 @@ version-string=powerdns
 #
 # webserver-print-arguments=no

-include=/etc/powerdns/pdns.d
+# include froxlor-bind-specific config
+include-dir=/etc/powerdns/froxlor/
 ]]>
 						</content>
 					</file>
-					<file name="/etc/powerdns/bindbackend.conf" backup="true">
+					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
+					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
+						chmod="600">
 						<content><![CDATA[
 # Bind backend configuration

@@ -1092,23 +1662,12 @@ data_directory = /var/lib/postfix
 #
 #default_privs = nobody

-# INTERNET HOST AND DOMAIN NAMES
-# 
-# The myhostname parameter specifies the internet hostname of this
-# mail system. The default is to use the fully-qualified domain name
-# from gethostname(). $myhostname is used as a default value for many
-# other configuration parameters.
-#
-myhostname = mail.$mydomain
-#myhostname = virtual.domain.tld
-
-# The mydomain parameter specifies the local internet domain name.
-# The default is to use $myhostname minus the first component.
-# $mydomain is used as a default value for many other configuration
-# parameters.
-#
+# FQDN from Froxlor
 mydomain = <SERVERNAME>

+# set myhostname to $mydomain because Froxlor alrady uses a FQDN
+myhostname = $mydomain
+
 # SENDING MAIL
 #
 # The myorigin parameter specifies the domain that locally-posted
@@ -3253,6 +3812,11 @@ plugin {
 				<!-- Proftpd -->
 				<daemon name="proftpd" title="ProFTPd" default="true">
 					<install><![CDATA[apt-get install proftpd-basic proftpd-mod-mysql]]></install>
+					<commands>
+						<command><![CDATA[[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
+						<command><![CDATA[[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
+						<command><![CDATA[chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key]]></command>
+					</commands>
 					<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
 						backup="true">
 						<content><![CDATA[
@@ -3393,7 +3957,7 @@ Include /etc/proftpd/sql.conf
 #
 # This is used for FTPS connections
 #
-#Include /etc/proftpd/tls.conf
+Include /etc/proftpd/tls.conf

 #
 # Useful to keep VirtualHost/VirtualRoot directives separated
@@ -3612,6 +4176,33 @@ SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_
 SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
 SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies

+</IfModule>
+]]>
+						</content>
+					</file>
+					<file name="/etc/proftpd/tls.conf" chown="root:root" chmod="0644" backup="true">
+						<content><![CDATA[
+<IfModule mod_tls.c>
+TLSEngine                               on
+TLSLog                                  /var/log/proftpd/tls.log
+TLSProtocol                             TLSv1 TLSv1.1 TLSv1.2
+TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
+TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key
+TLSECCertificateFile                    /etc/ssl/certs/proftpd_ec.crt
+TLSECCertificateKeyFile                 /etc/ssl/private/proftpd_ec.key
+TLSOptions                              NoCertRequest NoSessionReuseRequired
+TLSVerifyClient                         off
+
+# Are clients required to use FTP over TLS when talking to this server?
+#TLSRequired                             on
+
+# Allow SSL/TLS renegotiations when the client requests them, but
+# do not force the renegotations.  Some clients do not support
+# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
+# clients will close the data connection, or there will be a timeout
+# on an idle data connection.
+#
+#TLSRenegotiate                          required off
 </IfModule>
 ]]>
 						</content>
@@ -3858,7 +4449,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 #
 # Please check that all following paths are correct
 #
-*/5 * * * *	root	/usr/bin/nice -n 5 /usr/bin/php5 -q <BASE_PATH>scripts/froxlor_master_cronjob.php
+*/5 * * * *	root	/usr/bin/nice -n 5 /usr/bin/php -q <BASE_PATH>scripts/froxlor_master_cronjob.php
 ]]>
 						</content>
 					</file>
@@ -3974,6 +4565,72 @@ aliases:     files
 					<command><![CDATA[/etc/init.d/nscd restart]]></command>
 					<!-- clear group chache -->
 					<command><![CDATA[nscd --invalidate=group]]></command>
+					<!-- @TODO separate the following mkdir command from the previous nscd -->
+					<command>
+						<visibility mode="notisdir">/etc/insserv/overrides</visibility>
+						<content><![CDATA[mkdir -p /etc/insserv/overrides]]></content>
+					</command>
+					<file name="/etc/insserv/overrides/apache2" chown="root:root" chmod="0644">
+						<visibility mode="equals" value="apache2">{{settings.system.webserver}}</visibility>
+						<content><![CDATA[
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          apache2
+# Required-Start:    $local_fs $remote_fs $network $syslog nscd
+# Required-Stop:     $local_fs $remote_fs $network $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Start/stop apache2 web server
+### END INIT INFO
+]]>
+						</content>
+					</file>
+					<file name="/etc/insserv/overrides/lighttpd" chown="root:root" chmod="0644">
+						<visibility mode="equals" value="lighttpd">{{settings.system.webserver}}</visibility>
+						<content><![CDATA[
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          lighttpd
+# Required-Start:    $local_fs $remote_fs $network $syslog nscd
+# Required-Stop:     $local_fs $remote_fs $network $syslog
+# Should-Start:      fam
+# Should-Stop:       fam
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Start the lighttpd web server.
+### END INIT INFO
+]]>
+						</content>
+					</file>
+					<file name="/etc/insserv/overrides/nginx" chown="root:root" chmod="0644">
+						<visibility mode="equals" value="nginx">{{settings.system.webserver}}</visibility>
+						<content><![CDATA[
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:       nginx
+# Required-Start:    $local_fs $remote_fs $network $syslog $named nscd
+# Required-Stop:     $local_fs $remote_fs $network $syslog $named
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: starts the nginx web server
+### END INIT INFO
+]]>
+						</content>
+					</file>
+					<file name="/etc/insserv/overrides/nscd" chown="root:root" chmod="0644">
+						<content><![CDATA[
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          nscd
+# Required-Start:    $remote_fs $syslog mysql
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Starts the Name Service Cache Daemon
+### END INIT INFO
+]]>
+						</content>
+					</file>
 				</daemon>
 				<!-- Logrotate -->
 				<daemon name="logrotate" title="Logrotate">
@@ -4039,7 +4696,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>
--- a/lib/configfiles/precise.xml
+++ b/lib/configfiles/precise.xml
@@ -38,9 +38,8 @@
 						<command>
 							<visibility mode="notempty">{{settings.system.deactivateddocroot}}
 							</visibility>
-							<content><![CDATA['mkdir -p {{settings.system.deactivateddocroot}}]]></content>
+							<content><![CDATA[mkdir -p {{settings.system.deactivateddocroot}}]]></content>
 						</command>
-						<command><![CDATA[a2dismod userdir]]></command>
 					</commands>
 				</general>
 				<!-- HTTP Apache -->
@@ -48,6 +47,8 @@
 					default="true">
 					<install><![CDATA[apt-get install apache2]]></install>
 					<include>//service[@type='http']/general/commands</include>
+					<command><![CDATA[a2dismod userdir]]></command>
+					<command><![CDATA[a2enmod headers]]></command>
 					<file name="/etc/apache2/mods-enabled/fastcgi.conf">
 						<visibility mode="true">{{settings.phpfpm.enabled}}
 						</visibility>
@@ -62,6 +63,18 @@
        Allow from env=REDIRECT_STATUS
    </Location>
 </IfModule>
+]]>
+						</content>
+					</file>
+					<file name="{{settings.system.letsencryptacmeconf}}">
+						<visibility mode="true">{{settings.system.leenabled}}
+						</visibility>
+						<content><![CDATA[
+Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
+<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
+	Order allow,deny
+	Allow from all
+</Directory>
 ]]>
 						</content>
 					</file>
@@ -87,6 +100,7 @@ server.modules = (
 	"mod_auth",
 	"mod_fastcgi",
 	"mod_cgi",
+	"mod_setenv",
 	"mod_accesslog"
 )

@@ -126,6 +140,8 @@ fastcgi.server = (
 	)
 )

+alias.url           += ("/.well-known/acme-challenge/" => "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge/")
+
 #### external configuration files
 ## mimetype mapping
 include_shell "/usr/share/lighttpd/create-mime.assign.pl"
@@ -200,8 +216,6 @@ http {
 					</file>
 					<file name="/etc/nginx/fastcgi_params">
 						<content><![CDATA[
-fastcgi_index index.php;
-
 fastcgi_connect_timeout 65;
 fastcgi_send_timeout    180;
 fastcgi_read_timeout    180;
@@ -229,6 +243,20 @@ fastcgi_param  SERVER_NAME        $server_name;

 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param  REDIRECT_STATUS    200;
+]]>
+						</content>
+					</file>
+					<file name="{{settings.system.letsencryptacmeconf}}">
+						<visibility mode="true">{{settings.system.leenabled}}
+						</visibility>
+						<content><![CDATA[
+location /.well-known/acme-challenge {
+	alias {{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge;
+
+	location ~ /.well-known/acme-challenge/(.*) {
+		default_type text/plain;
+	}
+}
 ]]>
 						</content>
 					</file>
@@ -314,9 +342,47 @@ exit "$RETVAL"
 					<command><![CDATA[chmod 0644 {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
 					<command><![CDATA[/etc/init.d/bind9 restart]]></command>
 				</daemon>
-				<daemon name="powerdns" title="PowerDNS via bind-backend">
+				<daemon name="powerdns" title="PowerDNS (standalone)">
+					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
+					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+						<content><![CDATA[
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-recursion=127.0.0.1
+config-dir=/etc/powerdns
+daemon=yes
+guardian=yes
+lazy-recursion=yes
+local-port=53
+master=yes
+module-dir=/usr/lib/powerdns
+setgid=pdns
+setuid=pdns
+socket-dir=/var/run
+version-string=powerdns
+include-dir=/etc/powerdns/froxlor/
+]]>
+						</content>
+					</file>
+					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
+					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
+						chmod="600">
+						<content><![CDATA[
+# mysql-settings / you need to create the power-dns database for yourself!
+launch=gmysql
+gmysql-host=127.0.0.1
+gmysql-port=3306
+gmysql-dbname=pdns
+gmysql-user=powerdns
+gmysql-group=client
+gmysql-password=
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/pdns restart]]></command>
+				</daemon>
+				<daemon name="powerdns_bind" title="PowerDNS via bind-backend">
 					<install><![CDATA[apt-get install pdns-server]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
 						<content><![CDATA[
 allow-recursion=127.0.0.1
 config-dir=/etc/powerdns
@@ -333,12 +399,13 @@ socket-dir=/var/run
 version-string=powerdns
 bind-config=<BIND_CONFIG_PATH>named.conf
 bind-check-interval=300
-include=/etc/powerdns/pdns_froxlor.conf
+include-dir=/etc/powerdns/froxlor/
 ]]>
 						</content>
 					</file>
-					<file name="/etc/powerdns/pdns_froxlor.conf" chown="root:0"
-						chmod="644">
+					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
+					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
+						chmod="600">
 						<content><![CDATA[
 allow-axfr-ips=<NAMESERVERS>
 #local-ipv6=YOUR_IPv6_(if_any)
@@ -488,11 +555,11 @@ root:               root@<SERVERNAME>
 						backup="true">
 						<content><![CDATA[
 ## General Postfix configuration
-# should be the default domain from your provider eg. "server100.provider.tld"
+# FQDN from Froxlor
 mydomain = <SERVERNAME>

-# should be different from $mydomain eg. "mail.$mydomain"
-myhostname = mail.$mydomain
+# set myhostname to $mydomain because Froxlor alrady uses a FQDN
+myhostname = $mydomain

 mydestination = $myhostname,
 	$mydomain,
@@ -1074,6 +1141,11 @@ MYSQL_AUXOPTIONS_FIELD CONCAT("allowimap=",imap,",allowpop3=",pop3)
 				<!-- Proftpd -->
 				<daemon name="proftpd" title="ProFTPd" default="true">
 					<install><![CDATA[apt-get install proftpd-basic proftpd-mod-mysql]]></install>
+					<commands>
+						<command><![CDATA[[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
+						<command><![CDATA[[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
+						<command><![CDATA[chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key]]></command>
+					</commands>
 					<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
 						backup="true">
 						<content><![CDATA[
@@ -1206,7 +1278,7 @@ Include /etc/proftpd/sql.conf
 #
 # This is used for FTPS connections
 #
-#Include /etc/proftpd/tls.conf
+Include /etc/proftpd/tls.conf
 ]]>
 						</content>
 					</file>
@@ -1313,6 +1385,33 @@ SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_
 SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
 SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies

+</IfModule>
+]]>
+						</content>
+					</file>
+					<file name="/etc/proftpd/tls.conf" chown="root:root" chmod="0644" backup="true">
+						<content><![CDATA[
+<IfModule mod_tls.c>
+TLSEngine                               on
+TLSLog                                  /var/log/proftpd/tls.log
+TLSProtocol                             TLSv1 TLSv1.1 TLSv1.2
+TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
+TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key
+TLSECCertificateFile                    /etc/ssl/certs/proftpd_ec.crt
+TLSECCertificateKeyFile                 /etc/ssl/private/proftpd_ec.key
+TLSOptions                              NoCertRequest NoSessionReuseRequired
+TLSVerifyClient                         off
+
+# Are clients required to use FTP over TLS when talking to this server?
+#TLSRequired                             on
+
+# Allow SSL/TLS renegotiations when the client requests them, but
+# do not force the renegotations.  Some clients do not support
+# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
+# clients will close the data connection, or there will be a timeout
+# on an idle data connection.
+#
+#TLSRenegotiate                          required off
 </IfModule>
 ]]>
 						</content>
@@ -1422,7 +1521,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 #
 # Please check that all following paths are correct
 #
-*/5 * * * *	root	/usr/bin/nice -n 5 /usr/bin/php5 -q <BASE_PATH>scripts/froxlor_master_cronjob.php
+*/5 * * * *	root	/usr/bin/nice -n 5 /usr/bin/php -q <BASE_PATH>scripts/froxlor_master_cronjob.php
 ]]>
 						</content>
 					</file>
@@ -1596,7 +1695,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>
--- a/lib/configfiles/rhel_centos.xml
+++ b/lib/configfiles/rhel_centos.xml
@@ -38,15 +38,25 @@
 						<command>
 							<visibility mode="notempty">{{settings.system.deactivateddocroot}}
 							</visibility>
-							<content><![CDATA['mkdir -p {{settings.system.deactivateddocroot}}]]></content>
+							<content><![CDATA[mkdir -p {{settings.system.deactivateddocroot}}]]></content>
 						</command>
-						<command><![CDATA[a2dismod userdir]]></command>
 					</commands>
 				</general>
 				<!-- HTTP Apache -->
 				<daemon name="apache" version="2.4" title="Apache 2.4"
 					default="true">
 					<include>//service[@type='http']/general/commands</include>
+					<file name="{{settings.system.letsencryptacmeconf}}">
+						<visibility mode="true">{{settings.system.leenabled}}
+						</visibility>
+						<content><![CDATA[
+Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
+<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
+	Require all granted
+</Directory>
+]]>
+						</content>
+					</file>
 					<command><![CDATA[systemctl reload-or-restart httpd.service]]></command>
 				</daemon>
 			</service>
@@ -166,11 +176,11 @@ query = SELECT gid FROM mail_users WHERE email = '%s'
 						backup="true">
 						<content><![CDATA[
 ## General Postfix configuration
-
+# FQDN from Froxlor
 mydomain = <SERVERNAME>

-# should be different from $mydomain eg. "mail.$mydomain"
-myhostname = mail.$mydomain
+# set myhostname to $mydomain because Froxlor alrady uses a FQDN
+myhostname = $mydomain

 mydestination = $myhostname,
 	$mydomain,
--- a/lib/configfiles/trusty.xml
+++ b/lib/configfiles/trusty.xml
@@ -38,9 +38,8 @@
 						<command>
 							<visibility mode="notempty">{{settings.system.deactivateddocroot}}
 							</visibility>
-							<content><![CDATA['mkdir -p {{settings.system.deactivateddocroot}}]]></content>
+							<content><![CDATA[mkdir -p {{settings.system.deactivateddocroot}}]]></content>
 						</command>
-						<command><![CDATA[a2dismod userdir]]></command>
 					</commands>
 				</general>
 				<!-- HTTP Apache -->
@@ -48,6 +47,8 @@
 					default="true">
 					<install><![CDATA[apt-get install apache2]]></install>
 					<include>//service[@type='http']/general/commands</include>
+					<command><![CDATA[a2dismod userdir]]></command>
+					<command><![CDATA[a2enmod headers]]></command>
 					<file name="/etc/apache2/mods-enabled/fastcgi.conf">
 						<visibility mode="true">{{settings.phpfpm.enabled}}
 						</visibility>
@@ -62,6 +63,18 @@
        Allow from env=REDIRECT_STATUS
    </Location>
 </IfModule>
+]]>
+						</content>
+					</file>
+					<file name="{{settings.system.letsencryptacmeconf}}">
+						<visibility mode="true">{{settings.system.leenabled}}
+						</visibility>
+						<content><![CDATA[
+Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
+<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
+	Order allow,deny
+	Allow from all
+</Directory>
 ]]>
 						</content>
 					</file>
@@ -70,6 +83,8 @@
 				<daemon name="apache" version="2.4" title="Apache 2.4">
 					<install><![CDATA[apt-get install apache2]]></install>
 					<include>//service[@type='http']/general/commands</include>
+					<command><![CDATA[a2dismod userdir]]></command>
+					<command><![CDATA[a2enmod headers]]></command>
 					<file name="/etc/apache2/mods-enabled/fastcgi.conf">
 						<visibility mode="true">{{settings.phpfpm.enabled}}
 						</visibility>
@@ -82,6 +97,17 @@
        Require env REDIRECT_STATUS
    </Location>
 </IfModule>
+]]>
+						</content>
+					</file>
+					<file name="{{settings.system.letsencryptacmeconf}}">
+						<visibility mode="true">{{settings.system.leenabled}}
+						</visibility>
+						<content><![CDATA[
+Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
+<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
+	Require all granted
+</Directory>
 ]]>
 						</content>
 					</file>
@@ -107,6 +133,7 @@ server.modules = (
 	"mod_auth",
 	"mod_fastcgi",
 	"mod_cgi",
+	"mod_setenv",
 	"mod_accesslog"
 )

@@ -146,6 +173,8 @@ fastcgi.server = (
 	)
 )

+alias.url           += ("/.well-known/acme-challenge/" => "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge/")
+
 #### external configuration files
 ## mimetype mapping
 include_shell "/usr/share/lighttpd/create-mime.assign.pl"
@@ -220,8 +249,6 @@ http {
 					</file>
 					<file name="/etc/nginx/fastcgi_params">
 						<content><![CDATA[
-fastcgi_index index.php;
-
 fastcgi_connect_timeout 65;
 fastcgi_send_timeout    180;
 fastcgi_read_timeout    180;
@@ -249,6 +276,20 @@ fastcgi_param  SERVER_NAME        $server_name;

 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param  REDIRECT_STATUS    200;
+]]>
+						</content>
+					</file>
+					<file name="{{settings.system.letsencryptacmeconf}}">
+						<visibility mode="true">{{settings.system.leenabled}}
+						</visibility>
+						<content><![CDATA[
+location /.well-known/acme-challenge {
+	alias {{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge;
+
+	location ~ /.well-known/acme-challenge/(.*) {
+		default_type text/plain;
+	}
+}
 ]]>
 						</content>
 					</file>
@@ -334,10 +375,49 @@ exit "$RETVAL"
 					<command><![CDATA[chmod 0644 {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
 					<command><![CDATA[service bind9 restart]]></command>
 				</daemon>
-				<daemon name="powerdns" title="PowerDNS via bind-backend">
+				<daemon name="powerdns" title="PowerDNS (standalone)">
+					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
+					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+						<content><![CDATA[
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-recursion=127.0.0.1
+config-dir=/etc/powerdns
+daemon=yes
+guardian=yes
+lazy-recursion=yes
+local-port=53
+master=yes
+module-dir=/usr/lib/powerdns
+setgid=pdns
+setuid=pdns
+socket-dir=/var/run
+version-string=powerdns
+include-dir=/etc/powerdns/froxlor/
+]]>
+						</content>
+					</file>
+					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
+					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
+						chmod="600">
+						<content><![CDATA[
+# mysql-settings / you need to create the power-dns database for yourself!
+launch=gmysql
+gmysql-host=127.0.0.1
+gmysql-port=3306
+gmysql-dbname=pdns
+gmysql-user=powerdns
+gmysql-group=client
+gmysql-password=
+]]>
+						</content>
+					</file>
+					<command><![CDATA[service pdns restart]]></command>
+				</daemon>
+				<daemon name="powerdns_bind" title="PowerDNS via bind-backend">
 					<install><![CDATA[apt-get install pdns-server]]></install>
 					<file name="/etc/powerdns/pdns.conf" backup="true">
 						<content><![CDATA[
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
 allow-recursion=127.0.0.1
 config-dir=/etc/powerdns
 daemon=yes
@@ -353,12 +433,13 @@ socket-dir=/var/run
 version-string=powerdns
 bind-config=<BIND_CONFIG_PATH>named.conf
 bind-check-interval=300
-include=/etc/powerdns/pdns_froxlor.conf
+include-dir=/etc/powerdns/froxlor/
 ]]>
 						</content>
 					</file>
-					<file name="/etc/powerdns/pdns_froxlor.conf" chown="root:0"
-						chmod="644">
+					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
+					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
+						chmod="600">
 						<content><![CDATA[
 allow-axfr-ips=<NAMESERVERS>
 #local-ipv6=YOUR_IPv6_(if_any)
@@ -508,11 +589,11 @@ root:               root@<SERVERNAME>
 						backup="true">
 						<content><![CDATA[
 ## General Postfix configuration
-# should be the default domain from your provider eg. "server100.provider.tld"
+# FQDN from Froxlor
 mydomain = <SERVERNAME>

-# should be different from $mydomain eg. "mail.$mydomain"
-myhostname = mail.$mydomain
+# set myhostname to $mydomain because Froxlor alrady uses a FQDN
+myhostname = $mydomain

 mydestination = $myhostname,
 	$mydomain,
@@ -1068,6 +1149,11 @@ MYSQL_AUXOPTIONS_FIELD CONCAT("allowimap=",imap,",allowpop3=",pop3)
 				<!-- Proftpd -->
 				<daemon name="proftpd" title="ProFTPd" default="true">
 					<install><![CDATA[apt-get install proftpd-basic proftpd-mod-mysql]]></install>
+					<commands>
+						<command><![CDATA[[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
+						<command><![CDATA[[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
+						<command><![CDATA[chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key]]></command>
+					</commands>
 					<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
 						backup="true">
 						<content><![CDATA[
@@ -1200,7 +1286,7 @@ Include /etc/proftpd/sql.conf
 #
 # This is used for FTPS connections
 #
-#Include /etc/proftpd/tls.conf
+Include /etc/proftpd/tls.conf
 ]]>
 						</content>
 					</file>
@@ -1307,6 +1393,33 @@ SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_
 SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
 SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies

+</IfModule>
+]]>
+						</content>
+					</file>
+					<file name="/etc/proftpd/tls.conf" chown="root:root" chmod="0644" backup="true">
+						<content><![CDATA[
+<IfModule mod_tls.c>
+TLSEngine                               on
+TLSLog                                  /var/log/proftpd/tls.log
+TLSProtocol                             TLSv1 TLSv1.1 TLSv1.2
+TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
+TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key
+#TLSECCertificateFile                    /etc/ssl/certs/proftpd_ec.crt
+#TLSECCertificateKeyFile                 /etc/ssl/private/proftpd_ec.key
+TLSOptions                              NoCertRequest NoSessionReuseRequired
+TLSVerifyClient                         off
+
+# Are clients required to use FTP over TLS when talking to this server?
+#TLSRequired                             on
+
+# Allow SSL/TLS renegotiations when the client requests them, but
+# do not force the renegotations.  Some clients do not support
+# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
+# clients will close the data connection, or there will be a timeout
+# on an idle data connection.
+#
+#TLSRenegotiate                          required off
 </IfModule>
 ]]>
 						</content>
@@ -1416,7 +1529,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 #
 # Please check that all following paths are correct
 #
-*/5 * * * *	root	/usr/bin/nice -n 5 /usr/bin/php5 -q <BASE_PATH>scripts/froxlor_master_cronjob.php
+*/5 * * * *	root	/usr/bin/nice -n 5 /usr/bin/php -q <BASE_PATH>scripts/froxlor_master_cronjob.php
 ]]>
 						</content>
 					</file>
@@ -1590,7 +1703,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>
--- a/lib/configfiles/wheezy.xml
+++ b/lib/configfiles/wheezy.xml
@@ -38,9 +38,8 @@
 						<command>
 							<visibility mode="notempty">{{settings.system.deactivateddocroot}}
 							</visibility>
-							<content><![CDATA['mkdir -p {{settings.system.deactivateddocroot}}]]></content>
+							<content><![CDATA[mkdir -p {{settings.system.deactivateddocroot}}]]></content>
 						</command>
-						<command><![CDATA[a2dismod userdir]]></command>
 					</commands>
 				</general>
 				<!-- HTTP Apache -->
@@ -48,6 +47,8 @@
 					default="true">
 					<install><![CDATA[apt-get install apache2]]></install>
 					<include>//service[@type='http']/general/commands</include>
+					<command><![CDATA[a2dismod userdir]]></command>
+					<command><![CDATA[a2enmod headers]]></command>
 					<file name="/etc/apache2/mods-enabled/fastcgi.conf">
 						<visibility mode="true">{{settings.phpfpm.enabled}}
 						</visibility>
@@ -62,6 +63,18 @@
        Allow from env=REDIRECT_STATUS
    </Location>
 </IfModule>
+]]>
+						</content>
+					</file>
+					<file name="{{settings.system.letsencryptacmeconf}}">
+						<visibility mode="true">{{settings.system.leenabled}}
+						</visibility>
+						<content><![CDATA[
+Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
+<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
+	Order allow,deny
+	Allow from all
+</Directory>
 ]]>
 						</content>
 					</file>
@@ -70,6 +83,8 @@
 				<daemon name="apache" version="2.4" title="Apache 2.4">
 					<install><![CDATA[apt-get install apache2]]></install>
 					<include>//service[@type='http']/general/commands</include>
+					<command><![CDATA[a2dismod userdir]]></command>
+					<command><![CDATA[a2enmod headers]]></command>
 					<file name="/etc/apache2/mods-enabled/fastcgi.conf">
 						<visibility mode="true">{{settings.phpfpm.enabled}}
 						</visibility>
@@ -82,6 +97,17 @@
        Require env REDIRECT_STATUS
    </Location>
 </IfModule>
+]]>
+						</content>
+					</file>
+					<file name="{{settings.system.letsencryptacmeconf}}">
+						<visibility mode="true">{{settings.system.leenabled}}
+						</visibility>
+						<content><![CDATA[
+Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
+<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
+	Require all granted
+</Directory>
 ]]>
 						</content>
 					</file>
@@ -97,6 +123,7 @@ server.modules = (
 	"mod_alias",
 	"mod_compress",
 	"mod_redirect",
+	"mod_setenv",
 	"mod_rewrite",
 )

@@ -116,6 +143,8 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 compress.cache-dir          = "/var/cache/lighttpd/compress/"
 compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )

+alias.url                  += ("/.well-known/acme-challenge/" => "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge/")
+
 # default listening port for IPv6 falls back to the IPv4 port
 include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
 include_shell "/usr/share/lighttpd/create-mime.assign.pl"
@@ -260,8 +289,6 @@ http {
 					</file>
 					<file name="/etc/nginx/fastcgi_params">
 						<content><![CDATA[
-fastcgi_index index.php;
-
 fastcgi_connect_timeout 65;
 fastcgi_send_timeout    180;
 fastcgi_read_timeout    180;
@@ -289,6 +316,20 @@ fastcgi_param  SERVER_NAME        $server_name;

 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param  REDIRECT_STATUS    200;
+]]>
+						</content>
+					</file>
+					<file name="{{settings.system.letsencryptacmeconf}}">
+						<visibility mode="true">{{settings.system.leenabled}}
+						</visibility>
+						<content><![CDATA[
+location /.well-known/acme-challenge {
+	alias {{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge;
+
+	location ~ /.well-known/acme-challenge/(.*) {
+		default_type text/plain;
+	}
+}
 ]]>
 						</content>
 					</file>
@@ -374,9 +415,348 @@ exit "$RETVAL"
 					<command><![CDATA[chmod 0644 {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
 					<command><![CDATA[/etc/init.d/bind9 restart]]></command>
 				</daemon>
-				<daemon name="powerdns" title="PowerDNS via bind-backend">
+				<daemon name="powerdns" title="PowerDNS (standalone)">
+					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
+					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+						<content><![CDATA[
+# Autogenerated configuration file template
+#################################
+# allow-axfr-ips    If enabled, restrict zonetransfers to originate from these
+#                   IP addresses
+#
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+
+#################################
+# allow-recursion	List of netmasks that are allowed to recurse
+#
+allow-recursion=127.0.0.1
+
+#################################
+# allow-recursion-override   Local data even about hosts that don't exist will
+#                            override the internet. (on/off)
+#
+# allow-recursion-override=
+
+#################################
+# cache-ttl	Seconds to store packets in the PacketCache
+#
+# cache-ttl=20
+
+#################################
+# chroot	If set, chroot to this directory for more security
+#
+# chroot=/var/spool/powerdns
+
+#################################
+# config-dir	Location of configuration directory (pdns.conf)
+#
+config-dir=/etc/powerdns
+
+#################################
+# config-name	Name of this virtual configuration - will rename the binary image
+#
+# config-name=
+
+#################################
+# control-console	Debugging switch - don't use
+#
+# control-console=no
+
+#################################
+# daemon	Operate as a daemon
+#
+daemon=yes
+
+#################################
+# default-soa-name	name to insert in the SOA record if none set in the backend
+#
+# default-soa-name=a.misconfigured.powerdns.server
+
+#################################
+# disable-axfr	Disable zonetransfers but do allow TCP queries
+#
+disable-axfr=yes
+
+#################################
+# disable-tcp	Do not listen to TCP queries
+#
+# disable-tcp=no
+
+#################################
+# distributor-threads	Default number of Distributor (backend) threads to start
+#
+# distributor-threads=3
+
+#################################
+# fancy-records	Process URL and MBOXFW records
+#
+# fancy-records=no
+
+#################################
+# guardian	Run within a guardian process
+#
+guardian=yes
+
+#################################
+# launch	Which backends to launch and order to query them in
+#
+# launch=
+
+#################################
+# lazy-recursion	Only recurse if question cannot be answered locally
+#
+lazy-recursion=yes
+
+#################################
+# load-modules	Load this module - supply absolute or relative path
+#
+# load-modules=
+
+#################################
+# local-address	Local IP address to which we bind
+#
+local-address=<SERVERIP>,127.0.0.1
+
+#################################
+# local-ipv6	Local IP address to which we bind
+#
+# local-ipv6=
+
+#################################
+# local-port	The port on which we listen
+#
+local-port=53
+
+#################################
+# log-dns-details	If PDNS should log failed update requests
+#
+log-dns-details=yes
+
+#################################
+# log-failed-updates	If PDNS should log failed update requests
+#
+# log-failed-updates=
+
+#################################
+# logfile	Logfile to use
+#
+# logfile=/var/log/pdns.log
+
+#################################
+# logging-facility	Log under a specific facility
+#
+# logging-facility=
+
+#################################
+# loglevel	Amount of logging. Higher is more. Do not set below 3
+#
+# loglevel=4
+
+#################################
+# master	Act as a master
+#
+master=yes
+
+#################################
+# max-queue-length	Maximum queuelength before considering situation lost
+#
+# max-queue-length=5000
+
+#################################
+# max-tcp-connections	Maximum number of TCP connections
+#
+# max-tcp-connections=10
+
+#################################
+# module-dir	Default directory for modules
+#
+module-dir=/usr/lib/powerdns
+
+#################################
+# negquery-cache-ttl	Seconds to store packets in the PacketCache
+#
+# negquery-cache-ttl=60
+
+#################################
+# out-of-zone-additional-processing	Do out of zone additional processing
+#
+# out-of-zone-additional-processing=no
+
+#################################
+# query-cache-ttl	Seconds to store packets in the PacketCache
+#
+# query-cache-ttl=20
+
+#################################
+# query-logging	Hint backends that queries should be logged
+#
+# query-logging=no
+
+#################################
+# queue-limit	Maximum number of milliseconds to queue a query
+#
+# queue-limit=1500
+
+#################################
+# query-local-address   The IP address to use as a source address for sending
+#                       queries.
+# query-local-address=
+
+#################################
+# receiver-threads	Number of receiver threads to launch
+#
+# receiver-threads=1
+
+#################################
+# recursive-cache-ttl	Seconds to store packets in the PacketCache
+#
+# recursive-cache-ttl=10
+
+#################################
+# recursor	If recursion is desired, IP address of a recursing nameserver
+#
+# recursor=
+
+#################################
+# setgid	If set, change group id to this gid for more security
+#
+setgid=pdns
+
+#################################
+# setuid	If set, change user id to this uid for more security
+#
+setuid=pdns
+
+#################################
+# skip-cname	Do not perform CNAME indirection for each query
+#
+# skip-cname=no
+
+#################################
+# slave	Act as a slave
+#
+# slave=no
+
+#################################
+# slave-cycle-interval	Reschedule failed SOA serial checks once every .. seconds
+#
+# slave-cycle-interval=60
+
+#################################
+# smtpredirector	Our smtpredir MX host
+#
+# smtpredirector=a.misconfigured.powerdns.smtp.server
+
+#################################
+# soa-minimum-ttl	Default SOA mininum ttl
+#
+# soa-minimum-ttl=3600
+
+#################################
+# soa-refresh-default  Default SOA refresh
+#
+# soa-refresh-default=10800
+
+#################################
+# soa-retry-default    Default SOA retry
+#
+# soa-retry-default=3600
+
+#################################
+# soa-expire-default   Default SOA expire
+#
+# soa-expire-default=604800
+
+#################################
+# soa-serial-offset	Make sure that no SOA serial is less than this number
+#
+# soa-serial-offset=0
+
+#################################
+# socket-dir	Where the controlsocket will live
+#
+socket-dir=/var/run
+
+#################################
+# strict-rfc-axfrs	Perform strictly rfc compliant axfrs (very slow)
+#
+# strict-rfc-axfrs=no
+
+#################################
+# urlredirector	Where we send hosts to that need to be url redirected
+#
+# urlredirector=127.0.0.1
+
+#################################
+# use-logfile	Use a log file
+#
+# use-logfile=yes
+
+#################################
+# webserver	Start a webserver for monitoring
+#
+# webserver=no
+
+#################################
+# webserver-address	IP Address of webserver to listen on
+#
+# webserver-address=127.0.0.1
+
+#################################
+# webserver-password	Password required for accessing the webserver
+#
+# webserver-password=
+
+#################################
+# webserver-port	Port of webserver to listen on
+#
+# webserver-port=8081
+
+#################################
+# webserver-print-arguments	If the webserver should print arguments
+#
+# webserver-print-arguments=no
+
+#################################
+# wildcard-url	Process URL and MBOXFW records
+#
+# wildcard-url=no
+
+#################################
+# wildcards	Honor wildcards in the database
+#
+# wildcards=
+
+#################################
+# version-string   What should PowerDNS return for version
+#                  allowed methods are anonymous / powerdns / full / custom
+version-string=powerdns
+
+# include froxlor-bind-specific config
+include-dir=/etc/powerdns/froxlor/
+]]>
+						</content>
+					</file>
+					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
+					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
+						chmod="600">
+						<content><![CDATA[
+# mysql-settings / you need to create the power-dns database for yourself!
+launch=gmysql
+gmysql-host=127.0.0.1
+gmysql-port=3306
+gmysql-dbname=pdns
+gmysql-user=powerdns
+gmysql-group=client
+gmysql-password=
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/pdns restart]]></command>
+				</daemon>
+				<daemon name="powerdns_bind" title="PowerDNS via bind-backend">
 					<install><![CDATA[apt-get install pdns-server]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
 						<content><![CDATA[
 # Autogenerated configuration file template
 #################################
@@ -691,11 +1071,14 @@ socket-dir=/var/run
 #                  allowed methods are anonymous / powerdns / full / custom
 version-string=powerdns

-include=/etc/powerdns/pdns.d
+# include froxlor-bind-specific config
+include-dir=/etc/powerdns/froxlor/
 ]]>
 						</content>
 					</file>
-					<file name="/etc/powerdns/bindbackend.conf" backup="true">
+					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
+					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
+						chmod="600">
 						<content><![CDATA[
 # Bind backend configuration

@@ -917,29 +1300,12 @@ data_directory = /var/lib/postfix
 #default_privs = nobody

 # INTERNET HOST AND DOMAIN NAMES
-# 
-# The myhostname parameter specifies the internet hostname of this
-# mail system. The default is to use the fully-qualified domain name
-# from gethostname(). $myhostname is used as a default value for many
-# other configuration parameters.
-#
-# Froxlor Note: $myhostname can and should be the same as $mydomain as long as
-# you don't intend to send mail to it (it will be considered local, not virtual)
-# for the case of a subdomain, $mydomain *must* be equal to $myhostname,
-# otherwise you cannot use the main domain for virtual transport.
-# also check the note about $mydomain below.
-myhostname = mail.$mydomain
-#myhostname = virtual.domain.tld
-
-# The mydomain parameter specifies the local internet domain name.
-# The default is to use $myhostname minus the first component.
-# $mydomain is used as a default value for many other configuration
-# parameters.
-#
-# Froxlor Note: We are using a default here but that may or may not make sense,
-# depending on your dns configuration, please check yourself.
+# FQDN from Froxlor
 mydomain = <SERVERNAME>

+# set myhostname to $mydomain because Froxlor alrady uses a FQDN
+myhostname = $mydomain
+
 # SENDING MAIL
 #
 # The myorigin parameter specifies the domain that locally-posted
@@ -4348,6 +4714,11 @@ MYSQL_AUXOPTIONS_FIELD	CONCAT("allowimap=",imap,",allowpop3=",pop3)
 				<!-- Proftpd -->
 				<daemon name="proftpd" title="ProFTPd" default="true">
 					<install><![CDATA[apt-get install proftpd-basic proftpd-mod-mysql]]></install>
+					<commands>
+						<command><![CDATA[[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
+						<command><![CDATA[[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
+						<command><![CDATA[chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key]]></command>
+					</commands>
 					<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
 						backup="true">
 						<content><![CDATA[
@@ -4488,7 +4859,7 @@ Include /etc/proftpd/sql.conf
 #
 # This is used for FTPS connections
 #
-#Include /etc/proftpd/tls.conf
+Include /etc/proftpd/tls.conf

 #
 # Useful to keep VirtualHost/VirtualRoot directives separated
@@ -4683,6 +5054,33 @@ SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_
 SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
 SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies

+</IfModule>
+]]>
+						</content>
+					</file>
+					<file name="/etc/proftpd/tls.conf" chown="root:root" chmod="0644" backup="true">
+						<content><![CDATA[
+<IfModule mod_tls.c>
+TLSEngine                               on
+TLSLog                                  /var/log/proftpd/tls.log
+TLSProtocol                             TLSv1 TLSv1.1 TLSv1.2
+TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
+TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key
+TLSECCertificateFile                    /etc/ssl/certs/proftpd_ec.crt
+TLSECCertificateKeyFile                 /etc/ssl/private/proftpd_ec.key
+TLSOptions                              NoCertRequest NoSessionReuseRequired
+TLSVerifyClient                         off
+
+# Are clients required to use FTP over TLS when talking to this server?
+#TLSRequired                             on
+
+# Allow SSL/TLS renegotiations when the client requests them, but
+# do not force the renegotations.  Some clients do not support
+# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
+# clients will close the data connection, or there will be a timeout
+# on an idle data connection.
+#
+#TLSRenegotiate                          required off
 </IfModule>
 ]]>
 						</content>
@@ -4929,7 +5327,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 #
 # Please check that all following paths are correct
 #
-*/5 * * * *	root	/usr/bin/nice -n 5 /usr/bin/php5 -q <BASE_PATH>scripts/froxlor_master_cronjob.php
+*/5 * * * *	root	/usr/bin/nice -n 5 /usr/bin/php -q <BASE_PATH>scripts/froxlor_master_cronjob.php
 ]]>
 						</content>
 					</file>
@@ -5106,7 +5504,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>
--- a/lib/cron_init.php
+++ b/lib/cron_init.php
@@ -129,7 +129,7 @@ while ($fName = readdir($lockDirHandle)) {
 			//
 			fwrite($debugHandler, 'Previous cronjob didn\'t exit clean. PID: ' . $check_pid . "\n");
 			fwrite($debugHandler, 'Removing lockfile: ' . $lockdir . $fName . "\n");
-			unlink($lockdir . $fName);
+			@unlink($lockdir . $fName);

 		} else {
 			// Result:      A Cronscript with this pid
@@ -177,8 +177,7 @@ if (((int)Settings::Get('system.mod_fcgid') == 1 && (int)Settings::Get('system.m
 $cronlog = FroxlorLogger::getInstanceOf(array('loginname' => 'cronjob'));
 fwrite($debugHandler, 'Logger has been included' . "\n");

-if (Settings::Get('panel.version') == null
-	|| Settings::Get('panel.version') != $version
+if (hasUpdates($version) || hasDbUpdates($dbversion)
 ) {
 	if (Settings::Get('system.cron_allowautoupdate') == null
 		|| Settings::Get('system.cron_allowautoupdate') == 0
@@ -190,7 +189,7 @@ if (Settings::Get('panel.version') == null
 		unlink($lockfile);
 		$errormessage = "Version of file doesn't match version of database. Exiting...\n\n";
 		$errormessage.= "Possible reason: Froxlor update\n";
-		$errormessage.= "Information: Current version in database: ".Settings::Get('panel.version')." - version of Froxlor files: ".$version."\n";
+		$errormessage.= "Information: Current version in database: ".Settings::Get('panel.version')." (DB: ".Settings::Get('panel.db_version').") - version of Froxlor files: ".$version." (DB: ".$dbversion.")\n";
 		$errormessage.= "Solution: Please visit your Foxlor admin interface for further information.\n";
 		dieWithMail($errormessage);
 	}
--- a/lib/formfields/admin/customer/formfield.customer_add.php
+++ b/lib/formfields/admin/customer/formfield.customer_add.php
@@ -257,7 +257,15 @@ return array(
 						'values' => array(
 										array ('label' => $lng['panel']['yes'], 'value' => '1')
 									)
-					)
+					),
+					'dnsenabled' => array(
+						'label' => $lng['admin']['dnsenabled'].'?',
+						'type' => 'checkbox',
+						'values' => array(
+										array ('label' => $lng['panel']['yes'], 'value' => '1')
+									),
+						'visible' => (Settings::Get('system.dnsenabled') == '1' ? true : false)
+					),
 				)
 			)
 		)
--- a/lib/formfields/admin/customer/formfield.customer_edit.php
+++ b/lib/formfields/admin/customer/formfield.customer_edit.php
@@ -267,7 +267,16 @@ return array(
 							array ('label' => $lng['panel']['yes'], 'value' => '1')
 						),
 						'value' => array($result['perlenabled'])
-					)
+					),
+					'dnsenabled' => array(
+						'label' => $lng['admin']['dnsenabled'].'?',
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['dnsenabled']),
+						'visible' => (Settings::Get('system.dnsenabled') == '1' ? true : false)
+					),
 				)
 			),
 			'section_d' => array(
--- a/lib/formfields/admin/domains/formfield.domains_add.php
+++ b/lib/formfields/admin/domains/formfield.domains_add.php
@@ -73,6 +73,12 @@ return array(
 						'desc' => $lng['panel']['dateformat'],
 						'type' => 'text',
 						'size' => 10
+					),
+					'termination_date' => array(
+						'label' => $lng['domains']['termination_date'],
+						'desc' => $lng['panel']['dateformat'],
+						'type' => 'text',
+						'size' => 10
 					)
 				)
 			),
@@ -91,34 +97,10 @@ return array(
 						'desc' => $lng['domains']['ipandport_multi']['description'],
 						'type' => 'checkbox',
 						'values' => $ipsandports,
-						'value' => array(Settings::Get('system.defaultip')),
+						'value' => explode(',', Settings::Get('system.defaultip')),
 						'is_array' => 1,
 						'mandatory' => true
 					),
-					'ssl_ipandport' => array(
-						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
-						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
-						'type' => 'checkbox',
-						'values' => $ssl_ipsandports,
-						'value' => '',
-						'is_array' => 1
-					),
-					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
-						'label' => $lng['domains']['ssl_redirect']['title'],
-						'desc' => $lng['domains']['ssl_redirect']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array()
-					),
-					'no_ssl_available_info' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports == '' ? true : false) : false),
-						'label' => 'SSL',
-						'type' => 'label',
-						'value' => $lng['panel']['nosslipsavailable']
-					),
 					'selectserveralias' => array(
 						'label' => $lng['admin']['selectserveralias'],
 						'desc' => $lng['admin']['selectserveralias_desc'],
@@ -145,6 +127,76 @@ return array(
 					)
 				)
 			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_add.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'fields' => array(
+					'ssl_ipandport' => array(
+						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
+						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
+						'type' => 'checkbox',
+						'values' => $ssl_ipsandports,
+						'value' => '',
+						'is_array' => 1
+					),
+					'ssl_redirect' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'letsencrypt' => array(
+						'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+						'label' => $lng['admin']['letsencrypt']['title'],
+						'desc' => $lng['admin']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'no_ssl_available_info' => array(
+						'visible' => ($ssl_ipsandports == '' ? true : false),
+						'label' => 'SSL',
+						'type' => 'label',
+						'value' => $lng['panel']['nosslipsavailable']
+					),
+					'hsts_maxage' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => 0
+					),
+					'hsts_incsub' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'hsts_preload' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+				),
+			),
 			'section_c' => array(
 				'title' => $lng['admin']['phpserversettings'],
 				'image' => 'icons/domain_add.png',
@@ -191,7 +243,7 @@ return array(
 					),
 					'zonefile' => array(
 						'label' => 'Zonefile',
-						'desc' => $lng['panel']['emptyfordefault'],
+						'desc' => $lng['admin']['bindzonewarning'],
 						'type' => 'text'
 					)
 				)
--- a/lib/formfields/admin/domains/formfield.domains_edit.php
+++ b/lib/formfields/admin/domains/formfield.domains_edit.php
@@ -83,6 +83,13 @@ return array(
 						'type' => 'text',
 						'value' => $result['registration_date'],
 						'size' => 10
+					),
+					'termination_date' => array(
+						'label' => $lng['domains']['termination_date'],
+						'desc' => $lng['panel']['dateformat'],
+						'type' => 'text',
+						'value' => $result['termination_date'],
+						'size' => 10
 					)
 				)
 			),
@@ -106,30 +113,6 @@ return array(
 						'is_array' => 1,
 						'mandatory' => true
 					),
-					'ssl_ipandport' => array(
-						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
-						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
-						'type' => 'checkbox',
-						'values' => $ssl_ipsandports,
-						'value' => $usedips,
-						'is_array' => 1
-					),
-					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
-						'label' => $lng['domains']['ssl_redirect']['title'],
-						'desc' => $lng['domains']['ssl_redirect']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array($result['ssl_redirect'])
-					),
-					'no_ssl_available_info' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports == '' ? true : false) : false),
-						'label' => 'SSL',
-						'type' => 'label',
-						'value' => $lng['panel']['nosslipsavailable']
-					),
 					'selectserveralias' => array(
 						'label' => $lng['admin']['selectserveralias'],
 						'desc' => $lng['admin']['selectserveralias_desc'],
@@ -167,6 +150,76 @@ return array(
 					)
 				)
 			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_edit.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'fields' => array(
+					'ssl_ipandport' => array(
+						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
+						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
+						'type' => 'checkbox',
+						'values' => $ssl_ipsandports,
+						'value' => $usedips,
+						'is_array' => 1
+					),
+					'ssl_redirect' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['ssl_redirect'])
+					),
+					'letsencrypt' => array(
+						'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+						'label' => $lng['admin']['letsencrypt']['title'],
+						'desc' => $lng['admin']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['letsencrypt'])
+					),
+					'no_ssl_available_info' => array(
+						'visible' => ($ssl_ipsandports == '' ? true : false),
+						'label' => 'SSL',
+						'type' => 'label',
+						'value' => $lng['panel']['nosslipsavailable']
+					),
+					'hsts_maxage' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => $result['hsts']
+					),
+					'hsts_incsub' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['hsts_sub'])
+					),
+					'hsts_preload' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['hsts_preload'])
+					),
+				)
+			),
 			'section_c' => array(
 				'title' => $lng['admin']['phpserversettings'],
 				'image' => 'icons/domain_edit.png',
@@ -215,7 +268,7 @@ return array(
 					),
 					'zonefile' => array(
 						'label' => 'Zonefile',
-						'desc' => $lng['panel']['emptyfordefault'],
+						'desc' => $lng['admin']['bindzonewarning'],
 						'type' => 'text',
 						'value' => $result['zonefile']
 					)
--- a/lib/formfields/admin/ipsandports/formfield.ipsandports_add.php
+++ b/lib/formfields/admin/ipsandports/formfield.ipsandports_add.php
@@ -40,6 +40,7 @@ return array(
 				'image' => 'icons/ipsports_add.png',
 				'fields' => array(
 					'listen_statement' => array(
+						'visible' => !$is_nginx,
 						'label' => $lng['admin']['ipsandports']['create_listen_statement'],
 						'type' => 'checkbox',
 						'values' => array(
@@ -48,6 +49,7 @@ return array(
 						'value' => array('1')
 					),
 					'namevirtualhost_statement' => array(
+						'visible' => $is_apache && !$is_apache24,
 						'label' => $lng['admin']['ipsandports']['create_namevirtualhost_statement'],
 						'type' => 'checkbox',
 						'values' => array(
@@ -77,6 +79,7 @@ return array(
 						'rows' => 12
 					),
 					'vhostcontainer_servername_statement' => array(
+						'visible' => $is_apache,
 						'label' => $lng['admin']['ipsandports']['create_vhostcontainer_servername_statement'],
 						'type' => 'checkbox',
 						'values' => array(
--- a/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php
+++ b/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php
@@ -42,6 +42,7 @@ return array(
 				'image' => 'icons/ipsports_edit.png',
 				'fields' => array(
 					'listen_statement' => array(
+						'visible' => !$is_nginx,
 						'label' => $lng['admin']['ipsandports']['create_listen_statement'],
 						'type' => 'checkbox',
 						'values' => array(
@@ -50,6 +51,7 @@ return array(
 						'value' => array($result['listen_statement'])
 					),
 					'namevirtualhost_statement' => array(
+						'visible' => $is_apache && !$is_apache24,
 						'label' => $lng['admin']['ipsandports']['create_namevirtualhost_statement'],
 						'type' => 'checkbox',
 						'values' => array(
@@ -81,6 +83,7 @@ return array(
 						'value' => $result['specialsettings']
 					),
 					'vhostcontainer_servername_statement' => array(
+						'visible' => $is_apache,
 						'label' => $lng['admin']['ipsandports']['create_vhostcontainer_servername_statement'],
 						'type' => 'checkbox',
 						'values' => array(
--- a/lib/formfields/customer/domains/formfield.domains_add.php
+++ b/lib/formfields/customer/domains/formfield.domains_add.php
@@ -60,8 +60,26 @@ return array(
 						'type' => 'select',
 						'select_var' => isset($redirectcode) ? $redirectcode : null
 					),
+					'selectserveralias' => array(
+						'label' => $lng['admin']['selectserveralias'],
+						'desc' => $lng['admin']['selectserveralias_desc'],
+						'type' => 'label',
+						'value' => $lng['customer']['selectserveralias_addinfo']
+					),
+					'openbasedir_path' => array(
+						'label' => $lng['domain']['openbasedirpath'],
+						'type' => 'select',
+						'select_var' => $openbasedir
+					)
+				)
+			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_add.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'fields' => array(
 					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+						'visible' => ($ssl_ipsandports != '' ? true : false),
 						'label' => $lng['domains']['ssl_redirect']['title'],
 						'desc' => $lng['domains']['ssl_redirect']['description'],
 						'type' => 'checkbox',
@@ -70,13 +88,47 @@ return array(
 						),
 						'value' => array()
 					),
-					'openbasedir_path' => array(
-						'label' => $lng['domain']['openbasedirpath'],
-						'type' => 'select',
-						'select_var' => $openbasedir
-					)
-				)
-			)
+					'letsencrypt' => array(
+						'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+						'label' => $lng['customer']['letsencrypt']['title'],
+						'desc' => $lng['customer']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'hsts_maxage' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => 0
+					),
+					'hsts_incsub' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'hsts_preload' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+				),
+			),
 		)
 	)
 );
--- a/Show More
+++ b/Show More