set version to 0.9.39.5 for bugfix release (imap/pop3 ticks not enabled if active in hosting plan when editing hosting plan)

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
fix correct display of selected checkbox imap/pop3 when editing hosting plan
2018-02-14 13:31:39 +01:00 · 2018-02-14 07:40:39 +01:00 · 2018-02-13 12:23:05 +01:00 · 2018-02-13 11:49:15 +01:00 · 2018-02-13 10:58:06 +01:00 · 2018-02-13 09:06:49 +01:00
267 changed files with 34751 additions and 10874 deletions
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -0,0 +1,58 @@
+# Contributing
+
+Before you start working on a PR, contact us via IRC in #froxlor on Freenode or
+the forum at https://forum.froxlor.org to get a clue whether someone else isn't
+already working on it or if we don't want to invest the effort in favour of
+working on Froxlor 2.0.
+Of course, bug fixes are always welcome.
+However, at this stage of the 0.9.x branch, we are not looking for new
+features or refactoring, especially not the kind which requires changes to a
+lot of files.
+Currently, we are working on a complete re-write, which, at this point in
+time, is not yet public to keep delays due to discussions about internal
+details to a minimum.
+
+
+
+
+## Checklist
+
+General rules for PRs are:
+* Please save us all some trouble and unnecessary round-trips by _testing_ your
+changes.
+
+* Re-write your commit history to provide a CLEAN history!
+
+	* i.e. do not provide PRs which contain a commit that changes something,
+	the next changes it back, a third one changes it again, only a little
+	differently...
+
+
+Thanks!
+
+
+
+
+### Webserver changes
+If you make changes to the functionality of webserver configuration, please
+make sure your implementation covers both apache **and** nginx.
+
+
+
+
+### l10n
+
+If you add new language strings, please make sure you add the english fallback
+strings in
+
+* `lng/english.lng.php`
+* `install/lng/english.lng.php` (if applicable)
+
+
+
+
+### New settings
+If you add new settings, please make sure you add the default values to
+
+* `install/froxlor.sql`
+* handle the update (see `install/updates/froxlor/0.9/update_0.9.inc.php`)
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,64 @@
+# Bug report vs. support request
+If you're unsure of whether your problem is a bug or a configuration error
+* contact us via IRC in #froxlor on freenode
+* or post a thread in our forum at https://forum.froxlor.org
+
+As a rule of thumb: before reporting an issue
+* see if it hasn't been [reported](https://github.com/Froxlor/froxlor/issues) (and possibly already been [fixed](https://github.com/Froxlor/froxlor/issues?utf8=✓&q=is:issue%20is:closed)) first
+* try with the git master
+
+
+
+
+
+# Summary
+
+Please provide a concise summary of the problem you're experiencing...
+
+
+
+
+# System information
+* Froxlor version: $version/$gitSHA1
+* Web server: apache2/nginx/lighttpd
+* DNS server: Bind/PowerDNS (standalone)/PowerDNS (Bind-backend)
+* POP/IMAP server: Courier/Dovecot
+* SMTP server: postfix/exim
+* FTP server: proftpd/pureftpd
+* OS/Version: ...
+
+
+
+
+# Steps to reproduce
+
+1.
+2.
+3.
+
+
+
+
+# Expected behavior
+
+1.
+2.
+3.
+
+
+
+
+# Actual behavior
+
+1.
+2.
+3.
+
+
+
+
+# Log files/log entries
+syslog:
+<pre>
+example
+</pre>
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,17 @@
-templates/*
-logs/*
 install/update.log
+templates/*
+lib/userdata.inc.php
+logs/*
 .buildpath
 .project
 .settings/
 *.diff
 *~
+.well-known
+.idea
+*.iml
+
+!templates/Froxlor/
+!templates/Sparkle/
+!templates/misc/
+templates/Froxlor/assets/img/logo_custom.png
--- a/README.md
+++ b/README.md
@@ -11,13 +11,13 @@ Developed by experienced server administrators, this panel simplifies the effort
 3. Point your browser to http://[ip-of-webserver]/froxlor
 4. Follow the installer
 5. Login as administrator
-6. Adjust "Server > Settings" according to your needs
-7. Choose your distribution under "Server > Configuration"
+6. Adjust "System > Settings" according to your needs
+7. Choose your distribution under "System > Configuration"
 8. Follow the steps for your services
 9. Have fun!

 ### Detailed installation
-http://redmine.froxlor.org/projects/froxlor/wiki/Installationtarball
+https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-from-tarball

 ## Help

@@ -30,12 +30,12 @@ irc://chat.freenode.net/froxlor

 ### Forum

-The community is located on http://forum.froxlor.org
+The community is located on https://forum.froxlor.org/

 ### Wiki

 More documentation may be found in the froxlor - wiki:
-http://redmine.froxlor.org/projects/froxlor/wiki
+https://github.com/Froxlor/Froxlor/wiki

 ## License

@@ -44,17 +44,21 @@ May be found in COPYING
 ## Downloads

 ### Tarball
-http://files.froxlor.org/releases/froxlor-latest.tar.gz [MD5](http://files.froxlor.org/releases/froxlor-latest.tar.gz.md5) [SHA1](http://files.froxlor.org/releases/froxlor-latest.tar.gz.sha1)
+https://files.froxlor.org/releases/froxlor-latest.tar.gz [MD5](https://files.froxlor.org/releases/froxlor-latest.tar.gz.md5) [SHA1](https://files.froxlor.org/releases/froxlor-latest.tar.gz.sha1)

 ### Debian repository

-[HowTo](http://redmine.froxlor.org/projects/froxlor/wiki/Installationdebian)
+[HowTo](https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-on-debian)

 /etc/apt/sources.list.d/froxlor.list
-> deb http://debian.froxlor.org [squeeze|wheezy] main
+> deb http://debian.froxlor.org {wheezy|jessie} main

 ### Gentoo repository

-[HowTo](http://redmine.froxlor.org/projects/froxlor/wiki/Installationgentoo)
+[HowTo](https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-on-gentoo)

-http://files.froxlor.org/gentoo/repositories.xml
+https://files.froxlor.org/gentoo/repositories.xml
+
+## Contributing
+
+[see here](.github/CONTRIBUTING.md)
--- a/actions/admin/settings/100.panel.php
+++ b/actions/admin/settings/100.panel.php
@@ -182,7 +182,7 @@ return array(
 					'settinggroup' => 'admin',
 					'varname' => 'show_news_feed',
 					'type' => 'bool',
-					'default' => true,
+					'default' => false,
 					'save_method' => 'storeSettingField',
 					),
 				'customer_show_news_feed' => array(
@@ -190,7 +190,7 @@ return array(
 					'settinggroup' => 'customer',
 					'varname' => 'show_news_feed',
 					'type' => 'bool',
-					'default' => true,
+					'default' => false,
 					'save_method' => 'storeSettingField',
 					),
 				'customer_news_feed_url' => array(
@@ -227,6 +227,31 @@ return array(
 					'default' => false,
 					'save_method' => 'storeSettingField',
 					),
+				'panel_customer_hide_options' => array(
+					'label' => $lng['serversettings']['panel_customer_hide_options'],
+					'settinggroup' => 'panel',
+					'varname' => 'customer_hide_options',
+					'type' => 'option',
+					'default' => '',
+					'option_mode' => 'multiple',
+					'option_emptyallowed' => true,
+					'option_options' => array(
+						'email'                       => $lng['menue']['email']['email'],
+						'mysql'                       => $lng['menue']['mysql']['mysql'],
+						'domains'                     => $lng['menue']['domains']['domains'],
+						'ftp'                         => $lng['menue']['ftp']['ftp'],
+						'extras'                      => $lng['menue']['extras']['extras'],
+						'extras.directoryprotection'  => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['directoryprotection'],
+						'extras.pathoptions'          => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['pathoptions'],
+						'extras.logger'               => $lng['menue']['extras']['extras']." / ".$lng['menue']['logger']['logger'],
+						'extras.backup'               => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['backup'],
+						'traffic'                     => $lng['menue']['traffic']['traffic'],
+						'traffic.http'                => $lng['menue']['traffic']['traffic']." / HTTP",
+						'traffic.ftp'                 => $lng['menue']['traffic']['traffic']." / FTP",
+						'traffic.mail'                => $lng['menue']['traffic']['traffic']." / Mail",
+					),
+					'save_method' => 'storeSettingField',
+					),
 				),
 			),
 		),
--- a/actions/admin/settings/110.accounts.php
+++ b/actions/admin/settings/110.accounts.php
@@ -183,11 +183,19 @@ return array(
 								'varname' => 'allow_preset',
 							),
 							'onlyif' => 1
-						)
-					),
+					)
+				),
+				'system_backupenabled' => array(
+					'label' => $lng['serversettings']['backupenabled'],
+					'settinggroup' => 'system',
+					'varname' => 'backupenabled',
+					'type' => 'bool',
+					'default' => false,
+					'cronmodule' => 'froxlor/backup',
+					'save_method' => 'storeSettingField'
 				),
 			),
 		),
-	);
+	)
+);

-?>
--- a/actions/admin/settings/120.system.php
+++ b/actions/admin/settings/120.system.php
@@ -55,7 +55,7 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'defaultip',
 					'type' => 'option',
-					'option_mode' => 'one',
+					'option_mode' => 'multiple',
 					'option_options_method' => 'getIpPortCombinations',
 					'default' => '',
 					'save_method' => 'storeSettingDefaultIp',
@@ -69,14 +69,6 @@ return array(
 					'save_method' => 'storeSettingHostname',
 					'plausibility_check_method' => 'checkHostname',
 					),
-				'system_froxlordirectlyviahostname' => array(
-					'label' => $lng['serversettings']['froxlordirectlyviahostname'],
-					'settinggroup' => 'system',
-					'varname' => 'froxlordirectlyviahostname',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-					),
 				'system_validatedomain' => array(
 					'label' => $lng['serversettings']['validate_domain'],
 					'settinggroup' => 'system',
@@ -102,6 +94,14 @@ return array(
 					'plausibility_check_method' => 'checkMysqlAccessHost',
 					'save_method' => 'storeSettingMysqlAccessHost',
 					),
+				'system_nssextrausers' => array(
+					'label' => $lng['serversettings']['nssextrausers'],
+					'settinggroup' => 'system',
+					'varname' => 'nssextrausers',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+					),
 				'system_index_file_extension' => array(
 					'label' => $lng['serversettings']['index_file_extension'],
 					'settinggroup' => 'system',
@@ -145,7 +145,7 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'report_webmax',
 					'type' => 'int',
-					'int_min' => 1,
+					'int_min' => 0,
 					'int_max' => 150,
 					'default' => 90,
 					'save_method' => 'storeSettingField',
@@ -155,11 +155,70 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'report_trafficmax',
 					'type' => 'int',
-					'int_min' => 1,
+					'int_min' => 0,
 					'int_max' => 150,
 					'default' => 90,
 					'save_method' => 'storeSettingField',
 					),
+
+				'system_mail_use_smtp' => array(
+					'label' => $lng['serversettings']['mail_use_smtp'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_use_smtp',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_host' => array(
+					'label' => $lng['serversettings']['mail_smtp_host'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_host',
+					'type' => 'string',
+					'default' => 'localhost',
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_port' => array(
+					'label' => $lng['serversettings']['mail_smtp_port'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_port',
+					'type' => 'int',
+					'int_min' => 1,
+					'int_max' => 65535,
+					'default' => 25,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_usetls' => array(
+					'label' => $lng['serversettings']['mail_smtp_usetls'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_usetls',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_auth' => array(
+					'label' => $lng['serversettings']['mail_smtp_auth'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_auth',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_user' => array(
+					'label' => $lng['serversettings']['mail_smtp_user'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_user',
+					'type' => 'string',
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_passwd' => array(
+					'label' => $lng['serversettings']['mail_smtp_passwd'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_passwd',
+					'type' => 'hiddenString',
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					),
 				),
 			),
 		),
--- a/actions/admin/settings/122.froxlorvhost.php
+++ b/actions/admin/settings/122.froxlorvhost.php
@@ -0,0 +1,205 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2016-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Settings
+ *
+ */
+return array(
+	'groups' => array(
+		'froxlorvhost' => array(
+			'title' => $lng['admin']['froxlorvhost'],
+			'fields' => array(
+				/**
+				 * Webserver-Vhost
+				 */
+				'system_froxlordirectlyviahostname' => array(
+					'label' => $lng['serversettings']['froxlordirectlyviahostname'],
+					'settinggroup' => 'system',
+					'varname' => 'froxlordirectlyviahostname',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				/**
+				 * SSL / Let's Encrypt
+				 */
+				'system_le_froxlor_enabled' => array(
+					'label' => $lng['serversettings']['le_froxlor_enabled'],
+					'settinggroup' => 'system',
+					'varname' => 'le_froxlor_enabled',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingClearCertificates',
+					'visible' => Settings::Get('system.leenabled')
+				),
+				'system_le_froxlor_redirect' => array(
+					'label' => $lng['serversettings']['le_froxlor_redirect'],
+					'settinggroup' => 'system',
+					'varname' => 'le_froxlor_redirect',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_hsts_maxage' => array(
+					'label' => $lng['admin']['domain_hsts_maxage'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_maxage',
+					'type' => 'int',
+					'int_min' => 0,
+					'int_max' => 94608000, // 3-years
+					'default' => 0,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_hsts_incsub' => array(
+					'label' => $lng['admin']['domain_hsts_incsub'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_incsub',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_hsts_preload' => array(
+					'label' => $lng['admin']['domain_hsts_preload'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_preload',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_http2_support' => array(
+					'label' => $lng['serversettings']['http2_support'],
+					'settinggroup' => 'system',
+					'varname' => 'http2_support',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2',
+						'nginx'
+					),
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				/**
+				 * FCGID
+				 */
+				'system_mod_fcgid_enabled_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_ownvhost',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_httpuser' => array(
+					'label' => $lng['admin']['mod_fcgid_user'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_httpuser',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingWebserverFcgidFpmUser',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_httpgroup' => array(
+					'label' => $lng['admin']['mod_fcgid_group'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_httpgroup',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_defaultini_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_defaultini_ownvhost',
+					'type' => 'option',
+					'default' => '2',
+					'option_mode' => 'one',
+					'option_options_method' => 'getPhpConfigs',
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				/**
+				 * php-fpm
+				 */
+				'system_phpfpm_enabled_ownvhost' => array(
+					'label' => $lng['phpfpm']['ownvhost'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'enabled_ownvhost',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_httpuser' => array(
+					'label' => $lng['phpfpm']['vhost_httpuser'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_httpuser',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingWebserverFcgidFpmUser',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_httpgroup' => array(
+					'label' => $lng['phpfpm']['vhost_httpgroup'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_httpgroup',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_defaultini_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_defaultini',
+					'type' => 'option',
+					'default' => '2',
+					'option_mode' => 'one',
+					'option_options_method' => 'getPhpConfigs',
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				/**
+				 * DNS
+				 */
+				'system_dns_createhostnameentry' => array(
+					'label' => $lng['serversettings']['dns_createhostnameentry'],
+					'settinggroup' => 'system',
+					'varname' => 'dns_createhostnameentry',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.bind_enable')
+				)
+			)
+		)
+	)
+);
--- a/actions/admin/settings/125.cronjob.php
+++ b/actions/admin/settings/125.cronjob.php
@@ -29,20 +29,12 @@ return array(
 					'default' => '/etc/cron.d/froxlor',
 					'save_method' => 'storeSettingField',
 					),
-				'system_send_cron_errors' => array(
-					'label' => $lng['serversettings']['system_send_cron_errors'],
-					'settinggroup' => 'system',
-					'varname' => 'send_cron_errors',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-				),
 				'system_croncmdline' => array(
 					'label' => $lng['serversettings']['system_croncmdline'],
 					'settinggroup' => 'system',
 					'varname' => 'croncmdline',
 					'type' => 'string',
-					'default' => '/usr/bin/nice -n 5 /usr/bin/php5 -q',
+					'default' => '/usr/bin/nice -n 5 /usr/bin/php -q',
 					'save_method' => 'storeSettingField',
 					),
 				'system_crondreload' => array(
--- a/actions/admin/settings/130.webserver.php
+++ b/actions/admin/settings/130.webserver.php
@@ -16,7 +16,6 @@
 * @package    Settings
 *
 */
-
 return array(
 	'groups' => array(
 		'webserver' => array(
@@ -29,11 +28,15 @@ return array(
 					'type' => 'option',
 					'default' => 'apache2',
 					'option_mode' => 'one',
-					'option_options' => array('apache2' => 'Apache 2', 'lighttpd' => 'ligHTTPd', 'nginx' => 'Nginx'),
+					'option_options' => array(
+						'apache2' => 'Apache 2',
+						'lighttpd' => 'ligHTTPd',
+						'nginx' => 'Nginx'
+					),
 					'save_method' => 'storeSettingField',
 					'plausibility_check_method' => 'checkPhpInterfaceSetting',
 					'overview_option' => true
-					),
+				),
 				'system_apache_24' => array(
 					'label' => $lng['serversettings']['apache_24'],
 					'settinggroup' => 'system',
@@ -41,34 +44,38 @@ return array(
 					'type' => 'bool',
 					'default' => false,
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
-			    'system_apache_itksupport' => array(
-			        'label' => $lng['serversettings']['apache_itksupport'],
-			        'settinggroup' => 'system',
-			        'varname' => 'apacheitksupport',
-			        'type' => 'bool',
-			        'default' => false,
-			        'save_method' => 'storeSettingField',
-			        'visible' => (Settings::Get('system.mod_fcgid') == 0 && Settings::Get('phpfpm.enabled') == 0),
-			        'websrv_avail' => array('apache2')
-			    ),
+					'websrv_avail' => array(
+						'apache2'
+					)
+				),
+				'system_apache_itksupport' => array(
+					'label' => $lng['serversettings']['apache_itksupport'],
+					'settinggroup' => 'system',
+					'varname' => 'apacheitksupport',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => (Settings::Get('system.mod_fcgid') == 0 && Settings::Get('phpfpm.enabled') == 0),
+					'websrv_avail' => array(
+						'apache2'
+					)
+				),
 				'system_httpuser' => array(
 					'label' => $lng['admin']['webserver_user'],
 					'settinggroup' => 'system',
 					'varname' => 'httpuser',
 					'type' => 'string',
 					'default' => 'www-data',
-					'save_method' => 'storeSettingWebserverFcgidFpmUser',
-					),
+					'save_method' => 'storeSettingWebserverFcgidFpmUser'
+				),
 				'system_httpgroup' => array(
 					'label' => $lng['admin']['webserver_group'],
 					'settinggroup' => 'system',
 					'varname' => 'httpgroup',
 					'type' => 'string',
 					'default' => 'www-data',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_apacheconf_vhost' => array(
 					'label' => $lng['serversettings']['apacheconf_vhost'],
 					'settinggroup' => 'system',
@@ -76,8 +83,8 @@ return array(
 					'type' => 'string',
 					'string_type' => 'filedir',
 					'default' => '/etc/apache2/sites-enabled/',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_apacheconf_diroptions' => array(
 					'label' => $lng['serversettings']['apacheconf_diroptions'],
 					'settinggroup' => 'system',
@@ -85,8 +92,8 @@ return array(
 					'type' => 'string',
 					'string_type' => 'filedir',
 					'default' => '/etc/apache2/sites-enabled/',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_apacheconf_htpasswddir' => array(
 					'label' => $lng['serversettings']['apacheconf_htpasswddir'],
 					'settinggroup' => 'system',
@@ -94,8 +101,8 @@ return array(
 					'type' => 'string',
 					'string_type' => 'confdir',
 					'default' => '/etc/apache2/htpasswd/',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_logfiles_directory' => array(
 					'label' => $lng['serversettings']['logfiles_directory'],
 					'settinggroup' => 'system',
@@ -103,8 +110,8 @@ return array(
 					'type' => 'string',
 					'string_type' => 'dir',
 					'default' => '/var/customers/logs/',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_customersslpath' => array(
 					'label' => $lng['serversettings']['customerssl_directory'],
 					'settinggroup' => 'system',
@@ -112,8 +119,8 @@ return array(
 					'type' => 'string',
 					'string_type' => 'confdir',
 					'default' => '/etc/ssl/froxlor-custom/',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_phpappendopenbasedir' => array(
 					'label' => $lng['serversettings']['phpappendopenbasedir'],
 					'settinggroup' => 'system',
@@ -121,8 +128,8 @@ return array(
 					'type' => 'string',
 					'string_emptyallowed' => true,
 					'default' => '',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_deactivateddocroot' => array(
 					'label' => $lng['serversettings']['deactivateddocroot'],
 					'settinggroup' => 'system',
@@ -131,24 +138,36 @@ return array(
 					'string_type' => 'dir',
 					'string_emptyallowed' => true,
 					'default' => '',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_default_vhostconf' => array(
 					'label' => $lng['serversettings']['default_vhostconf'],
 					'settinggroup' => 'system',
 					'varname' => 'default_vhostconf',
 					'type' => 'text',
 					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_apache_globaldiropt' => array(
+					'label' => $lng['serversettings']['apache_globaldiropt'],
+					'settinggroup' => 'system',
+					'varname' => 'apacheglobaldiropt',
+					'type' => 'text',
+					'default' => '',
 					'save_method' => 'storeSettingField',
-					),
+					'visible' => (Settings::Get('system.mod_fcgid') == 0 && Settings::Get('phpfpm.enabled') == 0),
+					'websrv_avail' => array(
+						'apache2'
+					)
+				),
 				'system_apachereload_command' => array(
 					'label' => $lng['serversettings']['apachereload_command'],
 					'settinggroup' => 'system',
 					'varname' => 'apachereload_command',
 					'type' => 'string',
 					'default' => '/etc/init.d/apache2 reload',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_phpreload_command' => array(
 					'label' => $lng['serversettings']['phpreload_command'],
 					'settinggroup' => 'system',
@@ -156,8 +175,10 @@ return array(
 					'type' => 'string',
 					'default' => '',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('nginx')
-					),
+					'websrv_avail' => array(
+						'nginx'
+					)
+				),
 				'system_nginx_php_backend' => array(
 					'label' => $lng['serversettings']['nginx_php_backend'],
 					'settinggroup' => 'system',
@@ -165,8 +186,10 @@ return array(
 					'type' => 'string',
 					'default' => '127.0.0.1:8888',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('nginx')
-					),
+					'websrv_avail' => array(
+						'nginx'
+					)
+				),
 				'nginx_fastcgiparams' => array(
 					'label' => $lng['serversettings']['nginx_fastcgiparams'],
 					'settinggroup' => 'nginx',
@@ -175,16 +198,18 @@ return array(
 					'string_type' => 'file',
 					'default' => '/etc/nginx/fastcgi_params',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('nginx')
-					),
+					'websrv_avail' => array(
+						'nginx'
+					)
+				),
 				'defaultwebsrverrhandler_enabled' => array(
 					'label' => $lng['serversettings']['defaultwebsrverrhandler_enabled'],
 					'settinggroup' => 'defaultwebsrverrhandler',
 					'varname' => 'enabled',
 					'type' => 'bool',
 					'default' => false,
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'defaultwebsrverrhandler_err401' => array(
 					'label' => $lng['serversettings']['defaultwebsrverrhandler_err401'],
 					'settinggroup' => 'defaultwebsrverrhandler',
@@ -192,8 +217,11 @@ return array(
 					'type' => 'string',
 					'default' => '',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2', 'nginx')
-					),
+					'websrv_avail' => array(
+						'apache2',
+						'nginx'
+					)
+				),
 				'defaultwebsrverrhandler_err403' => array(
 					'label' => $lng['serversettings']['defaultwebsrverrhandler_err403'],
 					'settinggroup' => 'defaultwebsrverrhandler',
@@ -201,16 +229,19 @@ return array(
 					'type' => 'string',
 					'default' => '',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2', 'nginx')
-					),
+					'websrv_avail' => array(
+						'apache2',
+						'nginx'
+					)
+				),
 				'defaultwebsrverrhandler_err404' => array(
 					'label' => $lng['serversettings']['defaultwebsrverrhandler_err404'],
 					'settinggroup' => 'defaultwebsrverrhandler',
 					'varname' => 'err404',
 					'type' => 'string',
 					'default' => '',
-					'save_method' => 'storeSettingField',
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'defaultwebsrverrhandler_err500' => array(
 					'label' => $lng['serversettings']['defaultwebsrverrhandler_err500'],
 					'settinggroup' => 'defaultwebsrverrhandler',
@@ -218,17 +249,19 @@ return array(
 					'type' => 'string',
 					'default' => '',
 					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2', 'nginx')
-					),
+					'websrv_avail' => array(
+						'apache2',
+						'nginx'
+					)
+				),
 				'customredirect_enabled' => array(
 					'label' => $lng['serversettings']['customredirect_enabled'],
 					'settinggroup' => 'customredirect',
 					'varname' => 'enabled',
 					'type' => 'bool',
 					'default' => false,
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2', 'lighttpd')
-					),
+					'save_method' => 'storeSettingField'
+				),
 				'customredirect_default' => array(
 					'label' => $lng['serversettings']['customredirect_default'],
 					'settinggroup' => 'customredirect',
@@ -237,10 +270,9 @@ return array(
 					'default' => '1',
 					'option_mode' => 'one',
 					'option_options_method' => 'getRedirectCodes',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2', 'lighttpd')
-					)
+					'save_method' => 'storeSettingField'
 				)
 			)
 		)
-	);
+	)
+);
--- a/actions/admin/settings/131.ssl.php
+++ b/actions/admin/settings/131.ssl.php
@@ -16,71 +16,191 @@
 * @package    Settings
 *
 */
-
 return array(
 	'groups' => array(
-			'ssl' => array(
-					'title' => $lng['admin']['sslsettings'],
-					'fields' => array(
-							'system_ssl_enabled' => array(
-									'label' => $lng['serversettings']['ssl']['use_ssl'],
-									'settinggroup' => 'system',
-									'varname' => 'use_ssl',
-									'type' => 'bool',
-									'default' => false,
-									'save_method' => 'storeSettingField',
-									'overview_option' => true
-							),
-							'system_ssl_cipher_list' => array(
-									'label' => $lng['serversettings']['ssl']['ssl_cipher_list'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_cipher_list',
-									'type' => 'string',
-									'string_emptyallowed' => false,
-									'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128',
-									'save_method' => 'storeSettingField',
-							),
-							'system_ssl_cert_file' => array(
-									'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_cert_file',
-									'type' => 'string',
-									'string_type' => 'file',
-									'string_emptyallowed' => true,
-									'default' => '/etc/apache2/apache2.pem',
-									'save_method' => 'storeSettingField',
-							),
-							'system_ssl_key_file' => array(
-									'label' => $lng['serversettings']['ssl']['ssl_key_file'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_key_file',
-									'type' => 'string',
-									'string_type' => 'file',
-									'string_emptyallowed' => true,
-									'default' => '/etc/apache2/apache2.key',
-									'save_method' => 'storeSettingField',
-							),
-							'system_ssl_cert_chainfile' => array(
-									'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_cert_chainfile',
-									'type' => 'string',
-									'string_type' => 'file',
-									'string_emptyallowed' => true,
-									'default' => '',
-									'save_method' => 'storeSettingField',
-							),
-							'system_ssl_ca_file' => array(
-									'label' => $lng['serversettings']['ssl']['ssl_ca_file'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_ca_file',
-									'type' => 'string',
-									'string_type' => 'file',
-									'string_emptyallowed' => true,
-									'default' => '',
-									'save_method' => 'storeSettingField',
-							)
-					)
+		'ssl' => array(
+			'title' => $lng['admin']['sslsettings'],
+			'fields' => array(
+				'system_ssl_enabled' => array(
+					'label' => $lng['serversettings']['ssl']['use_ssl'],
+					'settinggroup' => 'system',
+					'varname' => 'use_ssl',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'overview_option' => true
+				),
+				'system_ssl_protocols' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_protocols'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_protocols',
+					'type' => 'option',
+					'default' => 'TLSv1,TLSv1.2',
+					'option_mode' => 'multiple',
+					'option_options' => array(
+						'TLSv1' => 'TLSv1',
+						'TLSv1.1' => 'TLSv1.1',
+						'TLSv1.2' => 'TLSv1.2'
+					),
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_cipher_list' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_cipher_list'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_cipher_list',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128',
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_cert_file' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_cert_file',
+					'type' => 'string',
+					'string_type' => 'file',
+					'string_emptyallowed' => true,
+					'default' => '/etc/apache2/apache2.pem',
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_key_file' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_key_file'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_key_file',
+					'type' => 'string',
+					'string_type' => 'file',
+					'string_emptyallowed' => true,
+					'default' => '/etc/apache2/apache2.key',
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_cert_chainfile' => array(
+					'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_cert_chainfile',
+					'type' => 'string',
+					'string_type' => 'file',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_ca_file' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_ca_file'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_ca_file',
+					'type' => 'string',
+					'string_type' => 'file',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_apache24_ocsp_cache_path' => array(
+					'label' => $lng['serversettings']['ssl']['apache24_ocsp_cache_path'],
+					'settinggroup' => 'system',
+					'varname' => 'apache24_ocsp_cache_path',
+					'type' => 'string',
+					'string_type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'shmcb:/var/run/apache2/ocsp-stapling.cache(131072)',
+					'visible' => Settings::Get('system.webserver') == "apache2" && Settings::Get('system.apache24') == 1,
+					'save_method' => 'storeSettingField'
+				),
+				'system_leenabled' => array(
+					'label' => $lng['serversettings']['leenabled'],
+					'settinggroup' => 'system',
+					'varname' => 'leenabled',
+					'type' => 'bool',
+					'default' => false,
+					'cronmodule' => 'froxlor/letsencrypt',
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptacmeconf' => array(
+					'label' => $lng['serversettings']['letsencryptacmeconf'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptacmeconf',
+					'type' => 'string',
+					'string_type' => 'file',
+					'default' => '/etc/apache2/conf-enabled/acme.conf',
+					'save_method' => 'storeSettingField'
+				),
+				'system_leapiversion' => array(
+					'label' => $lng['serversettings']['leapiversion'],
+					'settinggroup' => 'system',
+					'varname' => 'leapiversion',
+					'type' => 'option',
+					'default' => '1',
+					'option_mode' => 'one',
+					'option_options' => array(
+						'1' => 'ACME v1',
+						'2' => 'ACME v2'
+					),
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptca' => array(
+					'label' => $lng['serversettings']['letsencryptca'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptca',
+					'type' => 'option',
+					'default' => 'testing',
+					'option_mode' => 'one',
+					'option_options' => array(
+						'testing' => 'https://acme-staging' . (Settings::Get('system.leapiversion') == '2' ? '-v02' : '') . '.api.letsencrypt.org (Test)',
+						'production' => 'https://acme-v0' . Settings::Get('system.leapiversion') . '.api.letsencrypt.org (Live)'
+					),
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptcountrycode' => array(
+					'label' => $lng['serversettings']['letsencryptcountrycode'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptcountrycode',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'DE',
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptstate' => array(
+					'label' => $lng['serversettings']['letsencryptstate'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptstate',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'Hessen',
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptchallengepath' => array(
+					'label' => $lng['serversettings']['letsencryptchallengepath'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptchallengepath',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => FROXLOR_INSTALL_DIR,
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptkeysize' => array(
+					'label' => $lng['serversettings']['letsencryptkeysize'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptkeysize',
+					'type' => 'int',
+					'int_min' => 2048,
+					'default' => 4096,
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptreuseold' => array(
+					'label' => $lng['serversettings']['letsencryptreuseold'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptreuseold',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				'system_disable_le_selfcheck' => array(
+					'label' => $lng['serversettings']['disable_le_selfcheck'],
+					'settinggroup' => 'system',
+					'varname' => 'disable_le_selfcheck',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				)
 			)
 		)
-	);
+	)
+);
--- a/actions/admin/settings/135.fcgid.php
+++ b/actions/admin/settings/135.fcgid.php
@@ -97,44 +97,6 @@ return array(
 					'option_options_method' => 'getPhpConfigs',
 					'save_method' => 'storeSettingField',
 					),
-				'system_mod_fcgid_enabled_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_ownvhost',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_httpuser' => array(
-					'label' => $lng['admin']['mod_fcgid_user'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_httpuser',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingWebserverFcgidFpmUser',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_httpgroup' => array(
-					'label' => $lng['admin']['mod_fcgid_group'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_httpgroup',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_defaultini_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_defaultini_ownvhost',
-					'type' => 'option',
-					'default' => '2',
-					'option_mode' => 'one',
-					'option_options_method' => 'getPhpConfigs',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
 				'system_mod_fcgid_idle_timeout' => array(
 					'label' => $lng['serversettings']['mod_fcgid']['idle_timeout'],
 					'settinggroup' => 'system',
@@ -142,7 +104,7 @@ return array(
 					'type' => 'int',
 					'default' => 30,
 					'save_method' => 'storeSettingField'
-					),
+					)
 				)
 			)
 		)
--- a/actions/admin/settings/136.phpfpm.php
+++ b/actions/admin/settings/136.phpfpm.php
@@ -30,59 +30,16 @@ return array(
 					'plausibility_check_method' => 'checkFcgidPhpFpm',
 					'overview_option' => true
 					),
-				'system_phpfpm_enabled_ownvhost' => array(
-					'label' => $lng['phpfpm']['ownvhost'],
+				'system_phpfpm_defaultini' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini'],
 					'settinggroup' => 'phpfpm',
-					'varname' => 'enabled_ownvhost',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_httpuser' => array(
-					'label' => $lng['phpfpm']['vhost_httpuser'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_httpuser',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingWebserverFcgidFpmUser'
-					),
-				'system_phpfpm_httpgroup' => array(
-					'label' => $lng['phpfpm']['vhost_httpgroup'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_httpgroup',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_defaultini' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'defaultini',
-					'type' => 'option',
-					'default' => '1',
-					'option_mode' => 'one',
-					'option_options_method' => 'getPhpConfigs',
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_defaultini_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_defaultini',
+					'varname' => 'defaultini',
 					'type' => 'option',
-					'default' => '2',
+					'default' => '1',
 					'option_mode' => 'one',
 					'option_options_method' => 'getPhpConfigs',
 					'save_method' => 'storeSettingField'
 					),
-				'system_phpfpm_configdir' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['configdir'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'configdir',
-					'type' => 'string',
-					'string_type' => 'confdir',
-					'default' => '/etc/php-fpm.d/',
-					'save_method' => 'storeSettingField'
-					),
 				'system_phpfpm_aliasconfigdir' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['aliasconfigdir'],
 					'settinggroup' => 'phpfpm',
@@ -107,9 +64,22 @@ return array(
 					'varname' => 'peardir',
 					'type' => 'string',
 					'string_type' => 'dir',
+					'string_delimiter' => ':',
+					'string_emptyallowed' => true,
 					'default' => '/usr/share/php/:/usr/share/php5/',
 					'save_method' => 'storeSettingField'
 					),
+				'system_phpfpm_envpath' => array(
+					'label' => $lng['serversettings']['phpfpm_settings']['envpath'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'envpath',
+					'type' => 'string',
+					'string_type' => 'dir',
+					'string_delimiter' => ':',
+					'string_emptyallowed' => true,
+					'default' => '/usr/local/bin:/usr/bin:/bin',
+					'save_method' => 'storeSettingField'
+				),
 				'system_phpfpm_fastcgi_ipcdir' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['ipcdir'],
 					'settinggroup' => 'phpfpm',
@@ -119,72 +89,6 @@ return array(
 					'default' => '/var/lib/apache2/fastcgi/',
 					'save_method' => 'storeSettingField'
 					),
-				'system_phpfpm_reload' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['reload'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'reload',
-					'type' => 'string',
-					'default' => '/etc/init.d/php-fpm restart',
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_pm' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['pm'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'pm',
-					'type' => 'option',
-					'default' => 'static',
-					'option_mode' => 'one',
-					'option_options' => array('static' => 'static', 'dynamic' => 'dynamic', 'ondemand' => 'ondemand'),
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_max_children' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['max_children'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'max_children',
-					'type' => 'int',
-					'default' => 1,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_start_servers' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['start_servers'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'start_servers',
-					'type' => 'int',
-					'default' => 20,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_min_spare_servers' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['min_spare_servers'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'min_spare_servers',
-					'type' => 'int',
-					'default' => 5,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_max_spare_servers' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['max_spare_servers'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'max_spare_servers',
-					'type' => 'int',
-					'default' => 35,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_max_requests' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['max_requests'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'max_requests',
-					'type' => 'int',
-					'default' => 0,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_idle_timeout' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['idle_timeout'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'idle_timeout',
-					'type' => 'int',
-					'default' => 30,
-					'save_method' => 'storeSettingField'
-					),
 				'system_phpfpm_use_mod_proxy' => array(
 					'label' => $lng['phpfpm']['use_mod_proxy'],
 					'settinggroup' => 'phpfpm',
@@ -194,6 +98,38 @@ return array(
 					'visible' => Settings::Get('system.apache24'),
 					'save_method' => 'storeSettingField'
 					),
+				'system_phpfpm_ini_flags' => array(
+					'label' => $lng['phpfpm']['ini_flags'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'ini_flags',
+					'type' => 'text',
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_phpfpm_ini_values' => array(
+					'label' => $lng['phpfpm']['ini_values'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'ini_values',
+					'type' => 'text',
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_phpfpm_ini_admin_flags' => array(
+					'label' => $lng['phpfpm']['ini_admin_flags'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'ini_admin_flags',
+					'type' => 'text',
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_phpfpm_ini_admin_values' => array(
+					'label' => $lng['phpfpm']['ini_admin_values'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'ini_admin_values',
+					'type' => 'text',
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				)
 				),
 			),
 		),
--- a/actions/admin/settings/160.nameserver.php
+++ b/actions/admin/settings/160.nameserver.php
@@ -31,6 +31,24 @@ return array(
 					'save_method' => 'storeSettingField',
 					'overview_option' => true
 					),
+				'system_dnsenabled' => array(
+					'label' => $lng['serversettings']['dnseditorenable'],
+					'settinggroup' => 'system',
+					'varname' => 'dnsenabled',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+					),
+				'system_dns_server' => array(
+					'label' => $lng['serversettings']['dns_server'],
+					'settinggroup' => 'system',
+					'varname' => 'dns_server',
+					'type' => 'option',
+					'default' => 'bind',
+					'option_mode' => 'one',
+					'option_options' => array('bind' => 'Bind9', 'pdns' => 'PowerDNS'),
+					'save_method' => 'storeSettingField'
+				),
 				'system_bindconf_directory' => array(
 					'label' => $lng['serversettings']['bindconf_directory'],
 					'settinggroup' => 'system',
@@ -73,20 +91,12 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'axfrservers',
 					'type' => 'string',
-					'string_type' => 'validate_ip',
+					'string_type' => 'validate_ip_incl_private',
 					'string_delimiter' => ',',
 					'string_emptyallowed' => true,
 					'default' => '',
 					'save_method' => 'storeSettingField',
 				),
-				'system_dns_createhostnameentry' => array(
-					'label' => $lng['serversettings']['dns_createhostnameentry'],
-					'settinggroup' => 'system',
-					'varname' => 'dns_createhostnameentry',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField'
-				),
 				'system_dns_createmailentry' => array(
 					'label' => $lng['serversettings']['mail_also_with_mxservers'],
 					'settinggroup' => 'system',
@@ -109,5 +119,3 @@ return array(
 			),
 		),
 	);
-
-?>
--- a/actions/admin/settings/170.logger.php
+++ b/actions/admin/settings/170.logger.php
@@ -65,8 +65,14 @@ return array(
 					'label' => $lng['serversettings']['logger']['logcron'],
 					'settinggroup' => 'logger',
 					'varname' => 'log_cron',
-					'type' => 'bool',
-					'default' => false,
+					'type' => 'option',
+					'default' => 0,
+					'option_mode' => 'one',
+					'option_options' => array(
+							0 => $lng['serversettings']['logger']['logcronoption']['never'],
+							1 => $lng['serversettings']['logger']['logcronoption']['once'],
+							2 => $lng['serversettings']['logger']['logcronoption']['always']
+						),
 					'save_method' => 'storeSettingField',
 					),
 				),
@@ -74,4 +80,4 @@ return array(
 		)
 	);

-?>
+?>
--- a/actions/admin/settings/185.spf.php
+++ b/actions/admin/settings/185.spf.php
@@ -34,7 +34,7 @@ return array(
 					'settinggroup' => 'spf',
 					'varname' => 'spf_entry',
 					'type' => 'string',
-					'default' => '@	IN	TXT	"v=spf1 a mx -all"',
+					'default' => '"v=spf1 a mx -all"',
 					'save_method' => 'storeSettingField'
 					)
 				)
--- a/actions/admin/settings/210.security.php
+++ b/actions/admin/settings/210.security.php
@@ -63,6 +63,23 @@ return array(
 					'type' => 'bool',
 					'default' => false,
 					'save_method' => 'storeSettingField',
+					),
+				'system_allow_customer_shell' => array(
+					'label' => $lng['serversettings']['allow_allow_customer_shell'],
+					'settinggroup' => 'system',
+					'varname' => 'allow_customer_shell',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'system_available_shells' => array(
+					'label' => $lng['serversettings']['available_shells'],
+					'settinggroup' => 'system',
+					'varname' => 'available_shells',
+					'type' => 'string',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField',
 					)
 				)
 			)
--- a/admin_admins.php
+++ b/admin_admins.php
@@ -155,7 +155,6 @@ if ($page == 'admins'
 		if ($result['loginname'] != '') {
 			if ($result['adminid'] == $userinfo['userid']) {
 				standard_error('youcantdeleteyourself');
-				exit;
 			}

 			if (isset($_POST['send'])
@@ -171,6 +170,11 @@ if ($page == 'admins'
 				");
 				Database::pexecute($del_stmt, array('adminid' => $id));

+				$del_stmt = Database::prepare("
+					DELETE FROM `" . TABLE_PANEL_DISKSPACE_ADMINS . "` WHERE `adminid` = :adminid
+				");
+				Database::pexecute($del_stmt, array('adminid' => $id));
+
 				$upd_stmt = Database::prepare("
 					UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
 					`adminid` = :userid WHERE `adminid` = :adminid
@@ -441,7 +445,7 @@ if ($page == 'admins'
 		} else {

 			$language_options = '';
-			while (list($language_file, $language_name) = each($languages)) {
+			foreach ($languages as $language_file => $language_name) {
 				$language_options.= makeoption($language_name, $language_file, $userinfo['language'], true);
 			}

@@ -841,13 +845,13 @@ if ($page == 'admins'
 				}

 				$language_options = '';
-				while (list($language_file, $language_name) = each($languages)) {
+				foreach ($languages as $language_file => $language_name) {
 					$language_options.= makeoption($language_name, $language_file, $result['def_language'], true);
 				}

 				$ipaddress = makeoption($lng['admin']['allips'], "-1", $result['ip']);
 				$ipsandports_stmt = Database::query("
-					SELECT `id`, `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "` GROUP BY `ip` ORDER BY `ip`, `port` ASC
+					SELECT `id`, `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "` GROUP BY `id`, `ip` ORDER BY `ip`, `port` ASC
 				");

 				while ($row = $ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
--- a/admin_apcuinfo.php
+++ b/admin_apcuinfo.php
@@ -46,7 +46,6 @@ if (!function_exists('apcu_cache_info') ||
        !function_exists('apcu_sma_info')
 ) {
    standard_error($lng['error']['no_apcuinfo']);
-    exit();
 }

 if ($page == 'showinfo'
@@ -73,6 +72,15 @@ if ($page == 'showinfo'
    $uptime_duration = duration($cache['start_time']);
    $size_vars = bsize($cache['mem_size']);

+    // check for possible empty values that are used in the templates
+    if (!isset($cache['file_upload_progress'])) {
+        $cache['file_upload_progress'] = $lng['logger']['unknown'];
+    }
+
+    if (!isset($cache['num_expunges'])) {
+        $cache['num_expunges'] = $lng['logger']['unknown'];
+    }
+
    $runtimelines = '';
    foreach (ini_get_all('apcu') as $name => $v) {
        $value = $v['local_value'];
@@ -334,7 +342,7 @@ function fill_arc($im, $centerX, $centerY, $diameter, $start, $end, $color1, $co


    if (function_exists("imagefilledarc")) {
-        // exists only if GD 2.0.1 is avaliable
+        // exists only if GD 2.0.1 is available
        imagefilledarc($im, $centerX + 1, $centerY + 1, $diameter, $diameter, $start, $end, $color1, IMG_ARC_PIE);
        imagefilledarc($im, $centerX, $centerY, $diameter, $diameter, $start, $end, $color2, IMG_ARC_PIE);
        imagefilledarc($im, $centerX, $centerY, $diameter, $diameter, $start, $end, $color1, IMG_ARC_NOFILL | IMG_ARC_EDGED);
--- a/admin_autoupdate.php
+++ b/admin_autoupdate.php
@@ -0,0 +1,219 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <mkaufmann@nutime.de>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Frontend
+ *
+ * @since      0.9.35
+ *
+ */
+define('AREA', 'admin');
+require './lib/init.php';
+
+// define update-uri
+define('UPDATE_URI', "https://version.froxlor.org/Froxlor/legacy/" . $version);
+define('RELEASE_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip");
+define('CHECKSUM_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip.sha256");
+
+// check for archive-stuff
+if (! extension_loaded('zip')) {
+	redirectTo($filename, array(
+		's' => $s,
+		'page' => 'error',
+		'errno' => 2
+	));
+}
+
+// display initial version check
+if ($page == 'overview') {
+	
+	// log our actions
+	$log->logAction(ADM_ACTION, LOG_NOTICE, "checking auto-update");
+	
+	// check for new version
+	$latestversion = HttpClient::urlGet(UPDATE_URI);
+	
+	$latestversion = explode('|', $latestversion);
+	
+	if (is_array($latestversion) && count($latestversion) >= 1) {
+		$_version = $latestversion[0];
+		$_message = isset($latestversion[1]) ? $latestversion[1] : '';
+		$_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
+		
+		// add the branding so debian guys are not gettings confused
+		// about their version-number
+		$version_label = $_version . $branding;
+		$version_link = $_link;
+		$message_addinfo = $_message;
+		
+		// not numeric -> error-message
+		if (! preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) {
+			// check for customized version to not output
+			// "There is a newer version of froxlor" besides the error-message
+			redirectTo($filename, array(
+				's' => $s,
+				'page' => 'error',
+				'errno' => 3
+			));
+		} elseif (version_compare2($version, $_version) == - 1) {
+			// there is a newer version - yay
+			$isnewerversion = 1;
+		} else {
+			// nothing new
+			$isnewerversion = 0;
+		}
+		
+		// anzeige über version-status mit ggfls. formular
+		// zum update schritt #1 -> download
+		if ($isnewerversion == 1) {
+			$text = 'There is a newer version available. Update to version <b>' . $_version . '</b> now?<br/>(Your current version is: ' . $version . ')';
+			$hiddenparams = '<input type="hidden" name="newversion" value="' . $_version . '" />';
+			$yesfile = $filename . '?s=' . $s . '&amp;page=getdownload';
+			eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";");
+			exit();
+		} elseif ($isnewerversion == 0) {
+			// all good
+			standard_success('noupdatesavail');
+		} else {
+			standard_error('customized_version');
+		}
+	}
+}// download the new archive
+elseif ($page == 'getdownload') {
+	
+	// retrieve the new version from the form
+	$newversion = isset($_POST['newversion']) ? $_POST['newversion'] : null;
+	
+	// valid?
+	if ($newversion !== null) {
+		
+		// define files to get
+		$toLoad = str_replace('{version}', $newversion, RELEASE_URI);
+		$toCheck = str_replace('{version}', $newversion, CHECKSUM_URI);
+		
+		// check for local destination folder
+		if (! is_dir(FROXLOR_INSTALL_DIR . '/updates/')) {
+			mkdir(FROXLOR_INSTALL_DIR . '/updates/');
+		}
+		
+		// name archive
+		$localArchive = FROXLOR_INSTALL_DIR . '/updates/' . basename($toLoad);
+		
+		$log->logAction(ADM_ACTION, LOG_NOTICE, "Downloading " . $toLoad . " to " . $localArchive);
+		
+		// remove old archive
+		if (file_exists($localArchive)) {
+			@unlink($localArchive);
+		}
+		
+		// get archive data
+		try {
+			HttpClient::fileGet($toLoad, $localArchive);
+		} catch (Exception $e) {
+			redirectTo($filename, array(
+				's' => $s,
+				'page' => 'error',
+				'errno' => 4
+			));
+		}
+		
+		// validate the integrity of the downloaded file
+		$_shouldsum = HttpClient::urlGet($toCheck);
+		if (! empty($_shouldsum)) {
+			$_t = explode(" ", $_shouldsum);
+			$shouldsum = $_t[0];
+		} else {
+			$shouldsum = null;
+		}
+		$filesum = hash_file('sha256', $localArchive);
+		
+		if ($filesum != $shouldsum) {
+			redirectTo($filename, array(
+				's' => $s,
+				'page' => 'error',
+				'errno' => 9
+			));
+		}
+		
+		// to the next step
+		redirectTo($filename, array(
+			's' => $s,
+			'page' => 'extract',
+			'archive' => basename($localArchive)
+		));
+	}
+	redirectTo($filename, array(
+		's' => $s,
+		'page' => 'error',
+		'errno' => 6
+	));
+}// extract and install new version
+elseif ($page == 'extract') {
+	
+	$toExtract = isset($_GET['archive']) ? $_GET['archive'] : null;
+	$localArchive = FROXLOR_INSTALL_DIR . '/updates/' . $toExtract;
+	
+	if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		// decompress from zip
+		$zip = new ZipArchive();
+		$res = $zip->open($localArchive);
+		if ($res === true) {
+			$log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting " . $localArchive . " to " . FROXLOR_INSTALL_DIR);
+			$zip->extractTo(FROXLOR_INSTALL_DIR);
+			$zip->close();
+			// success - remove unused archive
+			@unlink($localArchive);
+		} else {
+			// error
+			redirectTo($filename, array(
+				's' => $s,
+				'page' => 'error',
+				'errno' => 8
+			));
+		}
+		
+		// redirect to update-page?
+		redirectTo('admin_updates.php', array(
+			's' => $s
+		));
+	}
+	
+	if (! file_exists($localArchive)) {
+		redirectTo($filename, array(
+			's' => $s,
+			'page' => 'error',
+			'errno' => 7
+		));
+	}
+	
+	$text = 'Extract downloaded archive "' . $toExtract . '"?';
+	$hiddenparams = '';
+	$yesfile = $filename . '?s=' . $s . '&amp;page=extract&amp;archive=' . $toExtract;
+	eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";");
+}
+// display error
+elseif ($page == 'error') {
+	
+	// retrieve error-number via url-parameter
+	$errno = isset($_GET['errno']) ? (int) $_GET['errno'] : 0;
+	
+	// 2 = no Zlib
+	// 3 = custom version detected
+	// 4 = could not store archive to local hdd
+	// 5 = some weird value came from version.froxlor.org
+	// 6 = download without valid version
+	// 7 = local archive does not exist
+	// 8 = could not extract archive
+	// 9 = checksum mismatch
+	standard_error('autoupdate_' . $errno);
+}
--- a/admin_configfiles.php
+++ b/admin_configfiles.php
@@ -19,199 +19,240 @@ define('AREA', 'admin');
 require './lib/init.php';

 if ($userinfo['change_serversettings'] == '1') {
-    
-    $replace_arr = Array(
-        '<SQL_UNPRIVILEGED_USER>' => $sql['user'],
-        '<SQL_UNPRIVILEGED_PASSWORD>' => 'MYSQL_PASSWORD',
-        '<SQL_DB>' => $sql['db'],
-        '<SQL_HOST>' => $sql['host'],
-        '<SQL_SOCKET>' => isset($sql['socket']) ? $sql['socket'] : null,
-        '<SERVERNAME>' => Settings::Get('system.hostname'),
-        '<SERVERIP>' => Settings::Get('system.ipaddress'),
-        '<NAMESERVERS>' => Settings::Get('system.nameservers'),
-        '<VIRTUAL_MAILBOX_BASE>' => Settings::Get('system.vmail_homedir'),
-        '<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
-        '<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),
-        '<SSLPROTOCOLS>' => (Settings::Get('system.use_ssl') == '1') ? 'imaps pop3s' : '',
-        '<CUSTOMER_TMP>' => (Settings::Get('system.mod_fcgid_tmpdir') != '') ? makeCorrectDir(Settings::Get('system.mod_fcgid_tmpdir')) : '/tmp/',
-        '<BASE_PATH>' => makeCorrectDir(FROXLOR_INSTALL_DIR),
-        '<BIND_CONFIG_PATH>' => makeCorrectDir(Settings::Get('system.bindconf_directory')),
-        '<WEBSERVER_RELOAD_CMD>' => Settings::Get('system.apachereload_command'),
-        '<CUSTOMER_LOGS>' => makeCorrectDir(Settings::Get('system.logfiles_directory')),
-        '<FPM_IPCDIR>' => makeCorrectDir(Settings::Get('phpfpm.fastcgi_ipcdir')),
-        '<WEBSERVER_GROUP>' => Settings::Get('system.httpgroup')
-    );
-    
-    // get distro from URL param
-    $distribution = isset($_GET['distribution']) ? $_GET['distribution'] : "";
-    $service = isset($_GET['service']) ? $_GET['service'] : "";
-    $daemon = isset($_GET['daemon']) ? $_GET['daemon'] : "";
-    $distributions_select = "";
-    $services_select = "";
-    $daemons_select = "";
-    
-    $configfiles = "";
-    $services = "";
-    $daemons = "";
-    
-    $config_dir = makeCorrectDir(FROXLOR_INSTALL_DIR . '/lib/configfiles/');
-    
-    if ($distribution != "") {
-        // create configparser object
-        $configfiles = new ConfigParser($config_dir . '/' . $distribution . ".xml");
-        
-        // get distro-info
-        $dist_display = getCompleteDistroName($configfiles);
-        
-        // get all the services from the distro
-        $services = $configfiles->getServices();
-        
-        if ($service != "") {
-            
-            $daemons = $services[$service]->getDaemons();
-            
-            if ($daemon == "") {
-                foreach ($daemons as $di => $dd) {
-                    $title = $dd->title;
-                    if ($dd->default) {
-                        $title = $title." (".strtolower($lng['panel']['default']).")";
-                    }
-                    $daemons_select .= makeoption($title, $di);
-                }
-            }
-        } else {
-            foreach ($services as $si => $sd) {
-                $services_select .= makeoption($sd->title, $si);
-            }
-        }
-    } else {
-        
-        // show list of available distro's
-        $distros = glob($config_dir . '*.xml');
-        // tmp array
-        $distributions_select_data = array();
-        // read in all the distros
-        foreach ($distros as $_distribution) {
-            // get configparser object
-            $dist = new ConfigParser($_distribution);
-            // get distro-info
-            $dist_display = getCompleteDistroName($dist);
-            // store in tmp array
-            $distributions_select_data[$dist_display] = str_replace(".xml", "", strtolower(basename($_distribution)));
-        }
-        
-        // sort by distribution name
-        ksort($distributions_select_data);
-        
-        foreach ($distributions_select_data as $dist_display => $dist_index) {
-            // create select-box-option
-            $distributions_select .= makeoption($dist_display, $dist_index);
-        }
-    }
-    
-    if ($distribution != "" && $service != "" && $daemon != "") {
-        
-        $confarr = $daemons[$daemon]->getConfig();
-        
-        $configpage = '';
-        
-        $distro_editor = $configfiles->distributionEditor;

-        $commands_pre = "";
-        $commands_file = "";
-        $commands_post = "";
-        
-        $lasttype = '';
-        $commands = '';
-        foreach ($confarr as $idx => $action) {
-            if ($lasttype != '' && $lasttype != $action['type']) {
-                $commands = trim($commands);
-                $numbrows = count(explode("\n", $commands));
-                eval("\$configpage.=\"" . getTemplate("configfiles/configfiles_commands") . "\";");
-                $lasttype = '';
-                $commands = '';
-            }
-            switch ($action['type']) {
-                case "install":
-                    $commands .= $action['content'] . "\n";
-                    $lasttype = "install";
-                    break;
-                case "command":
-                    $commands .= $action['content'] . "\n";
-                    $lasttype = "command";
-                    break;
-                case "file":
-                    if (array_key_exists('content', $action)) {
-                        $commands_file = getFileContentContainer($action['content'], $replace_arr, $action['name'], $distro_editor);
-                    } elseif (array_key_exists('subcommands', $action)) {
-                        foreach ($action['subcommands'] as $fileaction) {
-                            if (array_key_exists('execute', $fileaction) && $fileaction['execute'] == "pre") {
-                                $commands_pre .= $fileaction['content'] . "\n";
-                            } elseif (array_key_exists('execute', $fileaction) && $fileaction['execute'] == "post") {
-                                $commands_post .= $fileaction['content'] . "\n";
-                            } elseif ($fileaction['type'] == 'file') {
-                                $commands_file = getFileContentContainer($fileaction['content'], $replace_arr, $action['name'], $distro_editor);
-                            }
-                        }
-                    }
-                    $realname = $action['name'];
-                    $commands = trim($commands_pre);
-                    if ($commands != "") {
-                        $numbrows = count(explode("\n", $commands));
-                        eval("\$commands_pre=\"" . getTemplate("configfiles/configfiles_commands") . "\";");
-                    }
-                    $commands = trim($commands_post);
-                    if ($commands != "") {
-                        $numbrows = count(explode("\n", $commands));
-                        eval("\$commands_post=\"" . getTemplate("configfiles/configfiles_commands") . "\";");
-                    }
-                    eval("\$configpage.=\"" . getTemplate("configfiles/configfiles_subfileblock") . "\";");
-                    $commands = '';
-                    $commands_pre = '';
-                    $commands_post = '';
-                    break;
-            }
-        }
-        $commands = trim($commands);
-        if ($commands != '') {
-            $numbrows = count(explode("\n", $commands));
-            eval("\$configpage.=\"" . getTemplate("configfiles/configfiles_commands") . "\";");
-        }
-        eval("echo \"" . getTemplate("configfiles/configfiles") . "\";");
-    } else {
-        eval("echo \"" . getTemplate("configfiles/wizard") . "\";");
-    }
+	$customer_tmpdir = '/tmp/';
+	if (Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_tmpdir') != '')
+	{
+		$customer_tmpdir = Settings::Get('system.mod_fcgid_tmpdir');
+	}
+	elseif (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.tmpdir') != '')
+	{
+		$customer_tmpdir = Settings::Get('phpfpm.tmpdir');
+	}
+
+	// try to convert namserver hosts to ip's
+	$ns_ips = "";
+	if (Settings::Get('system.nameservers') != '') {
+		$nameservers = explode(',', Settings::Get('system.nameservers'));
+		foreach ($nameservers as $nameserver) {
+			$nameserver = trim($nameserver);
+			$nameserver_ips = gethostbynamel($nameserver);
+			if (is_array($nameserver_ips) && count($nameserver_ips) > 0) {
+				$ns_ips .= implode(",", $nameserver_ips);
+			}
+		}
+	}
+
+	$replace_arr = Array(
+		'<SQL_UNPRIVILEGED_USER>' => $sql['user'],
+		'<SQL_UNPRIVILEGED_PASSWORD>' => 'FROXLOR_MYSQL_PASSWORD',
+		'<SQL_DB>' => $sql['db'],
+		'<SQL_HOST>' => $sql['host'],
+		'<SQL_SOCKET>' => isset($sql['socket']) ? $sql['socket'] : null,
+		'<SERVERNAME>' => Settings::Get('system.hostname'),
+		'<SERVERIP>' => Settings::Get('system.ipaddress'),
+		'<NAMESERVERS>' => Settings::Get('system.nameservers'),
+		'<NAMESERVERS_IP>' => $ns_ips,
+		'<AXFRSERVERS>' => Settings::Get('system.axfrservers'),
+		'<VIRTUAL_MAILBOX_BASE>' => Settings::Get('system.vmail_homedir'),
+		'<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
+		'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),
+		'<SSLPROTOCOLS>' => (Settings::Get('system.use_ssl') == '1') ? 'imaps pop3s' : '',
+		'<CUSTOMER_TMP>' => makeCorrectDir($customer_tmpdir),
+		'<BASE_PATH>' => makeCorrectDir(FROXLOR_INSTALL_DIR),
+		'<BIND_CONFIG_PATH>' => makeCorrectDir(Settings::Get('system.bindconf_directory')),
+		'<WEBSERVER_RELOAD_CMD>' => Settings::Get('system.apachereload_command'),
+		'<CUSTOMER_LOGS>' => makeCorrectDir(Settings::Get('system.logfiles_directory')),
+		'<FPM_IPCDIR>' => makeCorrectDir(Settings::Get('phpfpm.fastcgi_ipcdir')),
+		'<WEBSERVER_GROUP>' => Settings::Get('system.httpgroup')
+	);
+
+	// get distro from URL param
+	$distribution = (isset($_GET['distribution']) && $_GET['distribution'] != 'choose') ? $_GET['distribution'] : "";
+	$service = (isset($_GET['service']) && $_GET['service'] != 'choose') ? $_GET['service'] : "";
+	$daemon = (isset($_GET['daemon']) && $_GET['daemon'] != 'choose') ? $_GET['daemon'] : "";
+	$distributions_select = "";
+	$services_select = "";
+	$daemons_select = "";
+
+	$configfiles = "";
+	$services = "";
+	$daemons = "";
+
+	$config_dir = makeCorrectDir(FROXLOR_INSTALL_DIR . '/lib/configfiles/');
+
+	if ($distribution != "") {
+
+		if (!file_exists($config_dir . '/' . $distribution . ".xml")) {
+			trigger_error("Unknown distribution, are you playing around with the URL?");
+			exit;
+		}
+
+		// create configparser object
+		$configfiles = new ConfigParser($config_dir . '/' . $distribution . ".xml");
+
+		// get distro-info
+		$dist_display = getCompleteDistroName($configfiles);
+
+		// get all the services from the distro
+		$services = $configfiles->getServices();
+
+		if ($service != "") {
+
+			if (!isset($services[$service])) {
+				trigger_error("Unknown service, are you playing around with the URL?");
+				exit;
+			}
+
+			$daemons = $services[$service]->getDaemons();
+
+			if ($daemon == "") {
+				foreach ($daemons as $di => $dd) {
+					$title = $dd->title;
+					if ($dd->default) {
+						$title = $title . " (" . strtolower($lng['panel']['default']) . ")";
+					}
+					$daemons_select .= makeoption($title, $di);
+				}
+			}
+		} else {
+			foreach ($services as $si => $sd) {
+				$services_select .= makeoption($sd->title, $si);
+			}
+		}
+	} else {
+
+		// show list of available distro's
+		$distros = glob($config_dir . '*.xml');
+		// tmp array
+		$distributions_select_data = array();
+		// read in all the distros
+		foreach ($distros as $_distribution) {
+			// get configparser object
+			$dist = new ConfigParser($_distribution);
+			// get distro-info
+			$dist_display = getCompleteDistroName($dist);
+			// store in tmp array
+			$distributions_select_data[$dist_display] = str_replace(".xml", "", strtolower(basename($_distribution)));
+		}
+
+		// sort by distribution name
+		ksort($distributions_select_data);
+
+		foreach ($distributions_select_data as $dist_display => $dist_index) {
+			// create select-box-option
+			$distributions_select .= makeoption($dist_display, $dist_index);
+		}
+	}
+
+	if ($distribution != "" && $service != "" && $daemon != "") {
+
+		if (!isset($daemons[$daemon])) {
+			trigger_error("Unknown daemon, are you playing around with the URL?");
+			exit;
+		}
+
+		$confarr = $daemons[$daemon]->getConfig();
+
+		$configpage = '';
+
+		$distro_editor = $configfiles->distributionEditor;
+
+		$commands_pre = "";
+		$commands_file = "";
+		$commands_post = "";
+
+		$lasttype = '';
+		$commands = '';
+		foreach ($confarr as $idx => $action) {
+			if ($lasttype != '' && $lasttype != $action['type']) {
+				$commands = trim($commands);
+				$numbrows = count(explode("\n", $commands));
+				eval("\$configpage.=\"" . getTemplate("configfiles/configfiles_commands") . "\";");
+				$lasttype = '';
+				$commands = '';
+			}
+			switch ($action['type']) {
+				case "install":
+					$commands .= strtr($action['content'], $replace_arr) . "\n";
+					$lasttype = "install";
+					break;
+				case "command":
+					$commands .= strtr($action['content'], $replace_arr) . "\n";
+					$lasttype = "command";
+					break;
+				case "file":
+					if (array_key_exists('content', $action)) {
+						$commands_file = getFileContentContainer($action['content'], $replace_arr, $action['name'], $distro_editor);
+					} elseif (array_key_exists('subcommands', $action)) {
+						foreach ($action['subcommands'] as $fileaction) {
+							if (array_key_exists('execute', $fileaction) && $fileaction['execute'] == "pre") {
+								$commands_pre .= $fileaction['content'] . "\n";
+							} elseif (array_key_exists('execute', $fileaction) && $fileaction['execute'] == "post") {
+								$commands_post .= $fileaction['content'] . "\n";
+							} elseif ($fileaction['type'] == 'file') {
+								$commands_file = getFileContentContainer($fileaction['content'], $replace_arr, $action['name'], $distro_editor);
+							}
+						}
+					}
+					$realname = $action['name'];
+					$commands = trim($commands_pre);
+					if ($commands != "") {
+						$numbrows = count(explode("\n", $commands));
+						eval("\$commands_pre=\"" . getTemplate("configfiles/configfiles_commands") . "\";");
+					}
+					$commands = trim($commands_post);
+					if ($commands != "") {
+						$numbrows = count(explode("\n", $commands));
+						eval("\$commands_post=\"" . getTemplate("configfiles/configfiles_commands") . "\";");
+					}
+					eval("\$configpage.=\"" . getTemplate("configfiles/configfiles_subfileblock") . "\";");
+					$commands = '';
+					$commands_pre = '';
+					$commands_post = '';
+					break;
+			}
+		}
+		$commands = trim($commands);
+		if ($commands != '') {
+			$numbrows = count(explode("\n", $commands));
+			eval("\$configpage.=\"" . getTemplate("configfiles/configfiles_commands") . "\";");
+		}
+		eval("echo \"" . getTemplate("configfiles/configfiles") . "\";");
+	} else {
+		eval("echo \"" . getTemplate("configfiles/wizard") . "\";");
+	}
 } else {
-    die('not allowed to see this page');
-    // redirect or similar here
+	die('not allowed to see this page');
+	// redirect or similar here
 }

 // helper functions
 function getFileContentContainer($file_content, &$replace_arr, $realname, $distro_editor)
 {
-    $files = "";
-    $file_content = trim($file_content);
-    if ($file_content != '') {
-        $file_content = strtr($file_content, $replace_arr);
-        $file_content = htmlspecialchars($file_content);
-        $numbrows = count(explode("\n", $file_content));
-        eval("\$files=\"" . getTemplate("configfiles/configfiles_file") . "\";");
-    }
-    return $files;
+	$files = "";
+	$file_content = trim($file_content);
+	if ($file_content != '') {
+		$file_content = strtr($file_content, $replace_arr);
+		$file_content = htmlspecialchars($file_content);
+		$numbrows = count(explode("\n", $file_content));
+		eval("\$files=\"" . getTemplate("configfiles/configfiles_file") . "\";");
+	}
+	return $files;
 }

 function getCompleteDistroName($cparser)
 {
-    // get distro-info
-    $dist_display = $cparser->distributionName;
-    if ($cparser->distributionCodename != '') {
-        $dist_display .= " ".$cparser->distributionCodename;
-    }
-    if ($cparser->distributionVersion != '') {
-        $dist_display .= " (" . $cparser->distributionVersion . ")";
-    }
-    if ($cparser->deprecated) {
-        $dist_display .= " [deprecated]";
-    }
-    return $dist_display;
+	// get distro-info
+	$dist_display = $cparser->distributionName;
+	if ($cparser->distributionCodename != '') {
+		$dist_display .= " " . $cparser->distributionCodename;
+	}
+	if ($cparser->distributionVersion != '') {
+		$dist_display .= " (" . $cparser->distributionVersion . ")";
+	}
+	if ($cparser->deprecated) {
+		$dist_display .= " [deprecated]";
+	}
+	return $dist_display;
 }
--- a/admin_customers.php
+++ b/admin_customers.php
@@ -84,6 +84,15 @@ if ($page == 'customers'
 				$domains = $domains_stmt->fetch(PDO::FETCH_ASSOC);
 				$row['domains'] = intval($domains['domains']);
 				$dec_places = Settings::Get('panel.decimal_places');
+
+				// get disk-space usages for web, mysql and mail
+				$usages_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_DISKSPACE."` WHERE `customerid` = :cid ORDER BY `stamp` DESC LIMIT 1");
+				$usages = Database::pexecute_first($usages_stmt, array('cid' => $row['customerid']));
+
+				$row['webspace_used'] = round($usages['webspace'] / 1024, $dec_places);
+				$row['mailspace_used'] = round($usages['mail'] / 1024, $dec_places);
+				$row['dbspace_used'] = round($usages['mysql'] / 1024, $dec_places);
+
 				$row['traffic_used'] = round($row['traffic_used'] / (1024 * 1024), $dec_places);
 				$row['traffic'] = round($row['traffic'] / (1024 * 1024), $dec_places);
 				$row['diskspace_used'] = round($row['diskspace_used'] / 1024, $dec_places);
@@ -278,12 +287,14 @@ if ($page == 'customers'
 				Database::pexecute($stmt, array('id' => $id));
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DATABASES . "` WHERE `customerid` = :id");
 				Database::pexecute($stmt, array('id' => $id));
-				// first gather all domain-id's to clean up panel_domaintoip accordingly
+				// first gather all domain-id's to clean up panel_domaintoip and dns-entries accordingly
 				$did_stmt = Database::prepare("SELECT `id` FROM `".TABLE_PANEL_DOMAINS."` WHERE `customerid` = :id");
 				Database::pexecute($did_stmt, array('id' => $id));
 				while ($row = $did_stmt->fetch(PDO::FETCH_ASSOC)) {
 					$stmt = Database::prepare("DELETE FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :did");
 					Database::pexecute($stmt, array('did' => $row['id']));
+					$stmt = Database::prepare("DELETE FROM `" . TABLE_DOMAIN_DNS . "` WHERE `domain_id` = :did");
+					Database::pexecute($stmt, array('did' => $row['id']));
 				}
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid` = :id");
 				Database::pexecute($stmt, array('id' => $id));
@@ -296,6 +307,8 @@ if ($page == 'customers'
 				Database::pexecute($stmt, array('id' => $id));
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_TRAFFIC . "` WHERE `customerid` = :id");
 				Database::pexecute($stmt, array('id' => $id));
+				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DISKSPACE . "` WHERE `customerid` = :id");
+				Database::pexecute($stmt, array('id' => $id));
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid` = :id");
 				Database::pexecute($stmt, array('id' => $id));
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_VIRTUAL . "` WHERE `customerid` = :id");
@@ -521,11 +534,24 @@ if ($page == 'customers'
 					$phpenabled = intval($_POST['phpenabled']);
 				}

+				$allowed_phpconfigs = array();
+				if (isset($_POST['allowed_phpconfigs']) && is_array($_POST['allowed_phpconfigs'])) {
+					foreach ($_POST['allowed_phpconfigs'] as $allowed_phpconfig) {
+						$allowed_phpconfig = intval($allowed_phpconfig);
+						$allowed_phpconfigs[] = $allowed_phpconfig;
+					}
+				}
+
 				$perlenabled = 0;
 				if (isset($_POST['perlenabled'])) {
 					$perlenabled = intval($_POST['perlenabled']);
 				}

+				$dnsenabled = 0;
+				if (isset($_POST['dnsenabled'])) {
+					$dnsenabled = intval($_POST['dnsenabled']);
+				}
+
 				$store_defaultindex = 0;
 				if (isset($_POST['store_defaultindex'])) {
 					$store_defaultindex = intval($_POST['store_defaultindex']);
@@ -554,7 +580,6 @@ if ($page == 'customers'
 				   || ($subdomains == '-1' && $userinfo['subdomains'] != '-1')
 				) {
 					standard_error('youcantallocatemorethanyouhave');
-					exit;
 				}

 				// Either $name and $firstname or the $company must be inserted
@@ -639,6 +664,10 @@ if ($page == 'customers'
 						$perlenabled = '1';
 					}

+					if ($dnsenabled != '0') {
+						$dnsenabled = '1';
+					}
+
 					if ($password == '') {
 						$password = generatePassword();
 					}
@@ -674,9 +703,11 @@ if ($page == 'customers'
 						'tickets' => $tickets,
 						'mysqls' => $mysqls,
 						'phpenabled' => $phpenabled,
+						'allowed_phpconfigs' => empty($allowed_phpconfigs) ? "" : json_encode($allowed_phpconfigs),
 						'imap' => $email_imap,
 						'pop3' => $email_pop3,
 						'perlenabled' => $perlenabled,
+						'dnsenabled' => $dnsenabled,
 						'theme' => $_theme,
 						'custom_notes' => $custom_notes,
 						'custom_notes_show' => $custom_notes_show
@@ -713,9 +744,11 @@ if ($page == 'customers'
 						`mysqls` = :mysqls,
 						`standardsubdomain` = '0',
 						`phpenabled` = :phpenabled,
+						`allowed_phpconfigs` = :allowed_phpconfigs,
 						`imap` = :imap,
 						`pop3` = :pop3,
 						`perlenabled` = :perlenabled,
+						`dnsenabled` = :dnsenabled,
 						`theme` = :theme,
 						`custom_notes` = :custom_notes,
 						`custom_notes_show` = :custom_notes_show"
@@ -857,7 +890,7 @@ if ($page == 'customers'
 						}
 						// check froxlor-local user membership in ftp-group
 						// without this check addition may duplicate user in list if httpuser == local_user
-						if (strpos($ins_data['members'], $local_user) !== false) {
+						if (strpos($ins_data['members'], $local_user) == false) {
 							$ins_data['members'] .= ','.$local_user;
 						}
 					}
@@ -889,7 +922,8 @@ if ($page == 'customers'
 							'customerid' => $customerid,
 							'adminid' => $userinfo['adminid'],
 							'docroot' => $documentroot,
-							'adddate' => date('Y-m-d')
+							'adddate' => time(),
+							'phpenabled' => $phpenabled
 						);
 						$ins_stmt = Database::prepare("
 							INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
@@ -907,16 +941,20 @@ if ($page == 'customers'
 							`dkim_id` = '0',
 							`dkim_privkey` = '',
 							`dkim_pubkey` = '',
+							`phpenabled` = :phpenabled,
 							`add_date` = :adddate"
 						);
 						Database::pexecute($ins_stmt, $ins_data);
 						$domainid = Database::lastInsertId();

 						// set ip <-> domain connection
+						$defaultips = explode(',', Settings::Get('system.defaultip'));
 						$ins_stmt = Database::prepare("
-							INSERT INTO `".TABLE_DOMAINTOIP."` SET `id_domain` = :domainid, `id_ipandports` = :ipid"
+							  INSERT INTO `" . TABLE_DOMAINTOIP . "` SET `id_domain` = :domainid, `id_ipandports` = :ipid"
 						);
-						Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipid' => Settings::Get('system.defaultip')));
+						foreach ($defaultips as $defaultip) {
+							Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipid' => $defaultip));
+						}

 						$upd_stmt = Database::prepare("
 							UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `standardsubdomain` = :domainid WHERE `customerid` = :customerid"
@@ -937,7 +975,9 @@ if ($page == 'customers'
 							SELECT ip, port FROM `".TABLE_PANEL_IPSANDPORTS."`
 							WHERE `id` = :defaultip
 						");
-						$srv_ip = Database::pexecute_first($srv_ip_stmt, array('defaultip' => Settings::Get('system.defaultip')));
+						$default_ips = Settings::Get('system.defaultip');
+						$default_ips = explode(',', $default_ips);
+						$srv_ip = Database::pexecute_first($srv_ip_stmt, array('defaultip' => reset($default_ips)));

 						$replace_arr = array(
 							'FIRSTNAME' => $firstname,
@@ -996,7 +1036,7 @@ if ($page == 'customers'
 			} else {
 				$language_options = '';

-				while (list($language_file, $language_name) = each($languages)) {
+				foreach ($languages as $language_file => $language_name) {
 					$language_options.= makeoption($language_name, $language_file, Settings::Get('panel.standardlanguage'), true);
 				}

@@ -1015,6 +1055,40 @@ if ($page == 'customers'
 				$gender_options .= makeoption($lng['gender']['male'], 1, null, true, true);
 				$gender_options .= makeoption($lng['gender']['female'], 2, null, true, true);

+				$phpconfigs = array();
+				$configs = Database::query("
+					SELECT c.*, fc.description as interpreter
+					FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+					LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+				");
+				while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
+					if ((int) Settings::Get('phpfpm.enabled') == 1) {
+						$phpconfigs[] = array(
+							'label' => $row['description'] . " [".$row['interpreter']."]<br />",
+							'value' => $row['id']
+						);
+					} else {
+						$phpconfigs[] = array(
+							'label' => $row['description']."<br />",
+							'value' => $row['id']
+						);
+					}
+				}
+
+				// hosting plans
+				$hosting_plans = "";
+				$plans = Database::query("
+					SELECT *
+					FROM `" . TABLE_PANEL_PLANS . "`
+					ORDER BY name ASC
+				");
+				if (Database::num_rows() > 0){
+					$hosting_plans .= makeoption("---", 0, 0, true, true);
+				}
+				while ($row = $plans->fetch(PDO::FETCH_ASSOC)) {
+					$hosting_plans .= makeoption($row['name'], $row['id'], 0, true, true);
+				}
+
 				$customer_add_data = include_once dirname(__FILE__).'/lib/formfields/admin/customer/formfield.customer_add.php';
 				$customer_add_form = htmlform::genHTMLForm($customer_add_data);

@@ -1177,11 +1251,24 @@ if ($page == 'customers'
 					$phpenabled = intval($_POST['phpenabled']);
 				}

+				$allowed_phpconfigs = array();
+				if (isset($_POST['allowed_phpconfigs']) && is_array($_POST['allowed_phpconfigs'])) {
+					foreach ($_POST['allowed_phpconfigs'] as $allowed_phpconfig) {
+						$allowed_phpconfig = intval($allowed_phpconfig);
+						$allowed_phpconfigs[] = $allowed_phpconfig;
+					}
+				}
+
 				$perlenabled = 0;
 				if (isset($_POST['perlenabled'])) {
 					$perlenabled = intval($_POST['perlenabled']);
 				}

+				$dnsenabled = 0;
+				if (isset($_POST['dnsenabled'])) {
+					$dnsenabled = intval($_POST['dnsenabled']);
+				}
+
 				$diskspace = $diskspace * 1024;
 				$traffic = $traffic * 1024 * 1024;

@@ -1205,7 +1292,6 @@ if ($page == 'customers'
 				   || ($subdomains == '-1' && $userinfo['subdomains'] != '-1')
 				) {
 					standard_error('youcantallocatemorethanyouhave');
-					exit;
 				}

 				// Either $name and $firstname or the $company must be inserted
@@ -1251,7 +1337,7 @@ if ($page == 'customers'
 								'customerid' => $result['customerid'],
 								'adminid' => $userinfo['adminid'],
 								'docroot' => $result['documentroot'],
-								'adddate' => date('Y-m-d')
+								'adddate' => time()
 						);
 						$ins_stmt = Database::prepare("
 							INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
@@ -1272,10 +1358,13 @@ if ($page == 'customers'
 						$domainid = Database::lastInsertId();

 						// set ip <-> domain connection
+						$defaultips = explode(',', Settings::Get('system.defaultip'));
 						$ins_stmt = Database::prepare("
-							INSERT INTO `".TABLE_DOMAINTOIP."` SET `id_domain` = :domainid, `id_ipandports` = :ipid"
+							  INSERT INTO `" . TABLE_DOMAINTOIP . "` SET `id_domain` = :domainid, `id_ipandports` = :ipid"
 						);
-						Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipid' => Settings::Get('system.defaultip')));
+						foreach ($defaultips as $defaultip) {
+							Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipid' => $defaultip));
+						}

 						$upd_stmt = Database::prepare("
 							UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `standardsubdomain` = :domainid WHERE `customerid` = :customerid"
@@ -1311,6 +1400,10 @@ if ($page == 'customers'
 						$perlenabled = '1';
 					}

+					if ($dnsenabled != '0') {
+						$dnsenabled = '1';
+					}
+
 					if ($phpenabled != $result['phpenabled']
 						|| $perlenabled != $result['perlenabled']
 					) {
@@ -1418,9 +1511,11 @@ if ($page == 'customers'
 						'mysqls' => $mysqls,
 						'deactivated' => $deactivated,
 						'phpenabled' => $phpenabled,
+						'allowed_phpconfigs' => empty($allowed_phpconfigs) ? "" : json_encode($allowed_phpconfigs),
 						'imap' => $email_imap,
 						'pop3' => $email_pop3,
 						'perlenabled' => $perlenabled,
+						'dnsenabled' => $dnsenabled,
 						'custom_notes' => $custom_notes,
 						'custom_notes_show' => $custom_notes_show
 					);
@@ -1450,10 +1545,12 @@ if ($page == 'customers'
 						`mysqls` = :mysqls,
 						`deactivated` = :deactivated,
 						`phpenabled` = :phpenabled,
+						`allowed_phpconfigs` = :allowed_phpconfigs,
 						`email_quota` = :email_quota,
 						`imap` = :imap,
 						`pop3` = :pop3,
 						`perlenabled` = :perlenabled,
+						`dnsenabled` = :dnsenabled,
 						`custom_notes` = :custom_notes,
 						`custom_notes_show` = :custom_notes_show
 						WHERE `customerid` = :customerid"
@@ -1589,7 +1686,7 @@ if ($page == 'customers'
 			} else {
 				$language_options = '';

-				while (list($language_file, $language_name) = each($languages)) {
+				foreach ($languages as $language_file => $language_name) {
 					$language_options.= makeoption($language_name, $language_file, $result['def_language'], true);
 				}

@@ -1654,6 +1751,40 @@ if ($page == 'customers'
 				$gender_options .= makeoption($lng['gender']['male'], 1, ($result['gender'] == '1' ? true : false), true, true);
 				$gender_options .= makeoption($lng['gender']['female'], 2, ($result['gender'] == '2' ? true : false), true, true);

+				$phpconfigs = array();
+				$configs = Database::query("
+					SELECT c.*, fc.description as interpreter
+					FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+					LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+				");
+				while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
+					if ((int) Settings::Get('phpfpm.enabled') == 1) {
+						$phpconfigs[] = array(
+							'label' => $row['description'] . " [".$row['interpreter']."]<br />",
+							'value' => $row['id']
+						);
+					} else {
+						$phpconfigs[] = array(
+							'label' => $row['description']."<br />",
+							'value' => $row['id']
+						);
+					}
+				}
+
+				// hosting plans
+				$hosting_plans = "";
+				$plans = Database::query("
+					SELECT *
+					FROM `" . TABLE_PANEL_PLANS . "`
+					ORDER BY name ASC
+				");
+				if (Database::num_rows() > 0){
+					$hosting_plans .= makeoption("---", 0, 0, true, true);
+				}
+				while ($row = $plans->fetch(PDO::FETCH_ASSOC)) {
+					$hosting_plans .= makeoption($row['name'], $row['id'], 0, true, true);
+				}
+
 				$customer_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/customer/formfield.customer_edit.php';
 				$customer_edit_form = htmlform::genHTMLForm($customer_edit_data);

--- a/admin_domains.php
+++ b/admin_domains.php
--- a/admin_index.php
+++ b/admin_index.php
@@ -42,7 +42,6 @@ if ($action == 'logout')  {
 	Database::pexecute($stmt, $params);

 	redirectTo('index.php');
-	exit;
 }

 if (isset($_POST['id'])) {
@@ -87,41 +86,31 @@ if ($page == 'overview') {
 		|| (isset($lookfornewversion) && $lookfornewversion == 'yes')
 	) {
 		$update_check_uri = 'http://version.froxlor.org/Froxlor/legacy/' . $version;
+		$latestversion = HttpClient::urlGet($update_check_uri);
+		$latestversion = explode('|', $latestversion);

-		if (ini_get('allow_url_fopen')) {
-			$latestversion = @file($update_check_uri);
+		if (is_array($latestversion)
+			&& count($latestversion) >= 1
+		) {
+			$_version = $latestversion[0];
+			$_message = isset($latestversion[1]) ? $latestversion[1] : '';
+			$_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');

-			if (isset($latestversion[0])) {
-				$latestversion = explode('|', $latestversion[0]);
+			// add the branding so debian guys are not gettings confused
+			// about their version-number
+			$lookfornewversion_lable = $_version.$branding;
+			$lookfornewversion_link = $_link;
+			$lookfornewversion_addinfo = $_message;

-				if (is_array($latestversion)
-					&& count($latestversion) >= 1
-				) {
-					$_version = $latestversion[0];
-					$_message = isset($latestversion[1]) ? $latestversion[1] : '';
-					$_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
-
-					// add the branding so debian guys are not gettings confused
-					// about their version-number
-					$lookfornewversion_lable = $_version.$branding;
-					$lookfornewversion_link = $_link;
-					$lookfornewversion_addinfo = $_message;
-
-					// not numeric -> error-message
-					if (!preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) {
-						// check for customized version to not output
-						// "There is a newer version of froxlor" besides the error-message
-						$isnewerversion = 2;
-					} elseif (version_compare2($version, $_version) == -1) {
-						$isnewerversion = 1;
-					} else {
-						$isnewerversion = 0;
-					}
-				} else {
-					redirectTo($update_check_uri.'/pretty', NULL, false);
-				}
+			// not numeric -> error-message
+			if (!preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) {
+				// check for customized version to not output
+				// "There is a newer version of froxlor" besides the error-message
+				$isnewerversion = 2;
+			} elseif (version_compare2($version, $_version) == -1) {
+				$isnewerversion = 1;
 			} else {
-				redirectTo($update_check_uri.'/pretty', NULL, false);
+				$isnewerversion = 0;
 			}
 		} else {
 			redirectTo($update_check_uri.'/pretty', NULL, false);
@@ -145,6 +134,15 @@ if ($page == 'overview') {
 	$cron_last_runs = getCronjobsLastRun();
 	$outstanding_tasks = getOutstandingTasks();

+	$system_hostname = gethostname();
+	$meminfo= explode("\n", @file_get_contents("/proc/meminfo"));
+	$memory = "";
+	for ($i = 0; $i < sizeof($meminfo); ++$i) {
+		if (substr($meminfo[$i], 0, 3) === "Mem") {
+			$memory.= $meminfo[$i] . PHP_EOL;
+		}
+	}
+
 	if (function_exists('sys_getloadavg')) {
 		$loadArray = sys_getloadavg();
 		$load = number_format($loadArray[0], 2, '.', '') . " / " . number_format($loadArray[1], 2, '.', '') . " / " . number_format($loadArray[2], 2, '.', '');
@@ -201,7 +199,6 @@ if ($page == 'overview') {

 		if (!validatePasswordLogin($userinfo,$old_password,TABLE_PANEL_ADMINS,'adminid')) {
 			standard_error('oldpasswordnotcorrect');
-			exit;
 		}

 		$new_password = validate($_POST['new_password'], 'new password');
@@ -273,7 +270,7 @@ if ($page == 'overview') {
 			$default_lang = $userinfo['def_language'];
 		}

-		while (list($language_file, $language_name) = each($languages)) {
+		foreach ($languages as $language_file => $language_name) {
 			$language_options.= makeoption($language_name, $language_file, $default_lang, true);
 		}

@@ -362,7 +359,8 @@ if ($page == 'overview') {
 			$mail_body .= "File: ".$_error['file'].':'.$_error['line']."\n\n";
 			$mail_body .= "Trace:\n".trim($_error['trace'])."\n\n";
 			$mail_body .= "-------------------------------------------------------------\n\n";
-			$mail_body .= "Froxlor-version: ".$version."\n\n";
+			$mail_body .= "Froxlor-version: ".$version."\n";
+			$mail_body .= "DB-version: ".$dbversion."\n\n";
 			$mail_body .= "End of report";
 			$mail_html = nl2br($mail_body);

--- a/admin_ipsandports.php
+++ b/admin_ipsandports.php
@@ -29,6 +29,11 @@ if (isset($_POST['id'])) {
 if ($page == 'ipsandports'
 	|| $page == 'overview'
 ) {
+	// Do not display attributes that are not used by the current webserver
+	$websrv = Settings::Get('system.webserver');
+	$is_nginx = ($websrv == 'nginx');
+	$is_apache = ($websrv == 'apache2');
+	$is_apache24 = $is_apache && (Settings::Get('system.apache24') === '1');

 	if ($action == '') {

@@ -79,7 +84,7 @@ if ($page == 'ipsandports'
 			$result_checkdomain = Database::pexecute_first($result_checkdomain_stmt, array('id' => $id));

 			if ($result_checkdomain['id'] == '') {
-				if ($result['id'] != Settings::Get('system.defaultip')) {
+				if (!in_array($result['id'], explode(',', Settings::Get('system.defaultip')))) {

 					$result_sameipotherport_stmt = Database::prepare("
 						SELECT `id` FROM `" . TABLE_PANEL_IPSANDPORTS . "`
@@ -320,7 +325,7 @@ if ($page == 'ipsandports'
 					$ssl_ca_file = '';
 					$ssl_cert_chainfile = '';
 				}
-				
+
 				if ($listen_statement != '1') {
 					$listen_statement = '0';
 				}
@@ -340,7 +345,7 @@ if ($page == 'ipsandports'
 				if ($ssl != '1') {
 					$ssl = '0';
 				}
-				
+
 				if ($ssl_cert_file != '') {
 					$ssl_cert_file = makeCorrectFile($ssl_cert_file);
 				}
@@ -422,7 +427,7 @@ if ($page == 'ipsandports'

 				$ipsandports_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php';
 				$ipsandports_edit_form = htmlform::genHTMLForm($ipsandports_edit_data);
-	
+
 				$title = $ipsandports_edit_data['ipsandports_edit']['title'];
 				$image = $ipsandports_edit_data['ipsandports_edit']['image'];

--- a/admin_logger.php
+++ b/admin_logger.php
@@ -30,11 +30,12 @@ if ($page == 'log'
 			'user' => $lng['logger']['user'],
 			'text' => $lng['logger']['action']
 		);
-		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, null, null, 0, 'desc');
-		$result_stmt = Database::query('
-			SELECT * FROM `' . TABLE_PANEL_LOG . '` ' . $paging->getSqlWhere(false) . ' ' . $paging->getSqlOrderBy() . ' ' . $paging->getSqlLimit()
-		);
-		$paging->setEntries(Database::num_rows());
+		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, null, null, 0, 'desc', 30);
+		$query = 'SELECT * FROM `' . TABLE_PANEL_LOG . '` ' . $paging->getSqlWhere(false) . ' ' . $paging->getSqlOrderBy();
+		$result_stmt = Database::query($query . ' ' . $paging->getSqlLimit());
+		$result_cnt_stmt = Database::query($query);
+		$logs_count = $result_cnt_stmt->rowCount();
+		$paging->setEntries($logs_count);
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 		$searchcode = $paging->getHtmlSearchCode($lng);
@@ -66,7 +67,7 @@ if ($page == 'log'
 		foreach ($clog as $action => $logrows) {
 			$_action = 0;
 			foreach ($logrows as $row) {
-				if ($paging->checkDisplay($i)) {
+				// if ($paging->checkDisplay($i)) {
 					$row = htmlentities_array($row);
 					$row['date'] = date("d.m.y H:i:s", $row['date']);

@@ -100,35 +101,12 @@ if ($page == 'log'
 					}

 					$log_count++;
-					$type = $row['type'];
-					$_type = 'unknown';
-
-					switch ($type) {
-						case LOG_INFO:
-							$_type = 'Information';
-							break;
-						case LOG_NOTICE:
-							$_type = 'Notice';
-							break;
-						case LOG_WARNING:
-							$_type = 'Warning';
-							break;
-						case LOG_ERR:
-							$_type = 'Error';
-							break;
-						case LOG_CRIT:
-							$_type = 'Critical';
-							break;
-						default:
-							$_type = 'Unknown';
-							break;
-					}
-
-					$row['type'] = $_type;
+					$row['type'] = getLogLevelDesc($row['type']);
 					eval("\$log.=\"" . getTemplate('logger/logger_log') . "\";");
 					$count++;
 					$_action = $action;
-				}
+				// }
+				$i++;
 			}
 			$i++;
 		}
--- a/admin_opcacheinfo.php
+++ b/admin_opcacheinfo.php
@@ -0,0 +1,158 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Janos Muzsi <muzsij@hypernics.hu> (2016)
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Panel
+ *
+ * Based on https://github.com/amnuts/opcache-gui
+ *
+ */
+
+define('AREA', 'admin');
+require './lib/init.php';
+
+
+if ($action == 'reset' &&
+        function_exists('opcache_reset') &&
+        $userinfo['change_serversettings'] == '1'
+) {
+    opcache_reset();
+    $log->logAction(ADM_ACTION, LOG_INFO, "reseted OPcache");
+    header('Location: ' . $linker->getLink(array('section' => 'opcacheinfo', 'page' => 'showinfo')));
+    exit();
+}
+
+if (!function_exists('opcache_get_configuration')
+) {
+    standard_error($lng['error']['no_opcacheinfo']);
+}
+
+if ($page == 'showinfo'
+) {
+    
+    $opcache_info = opcache_get_configuration();
+    $opcache_status = opcache_get_status(false);
+    $time = time();
+    $log->logAction(ADM_ACTION, LOG_NOTICE, "viewed OPcache info");
+    
+    $runtimelines = '';
+    if (isset($opcache_info['directives']) && is_array($opcache_info['directives'])) {
+        foreach ($opcache_info['directives'] as $name => $value) {
+            $linkname=  str_replace('_', '-', $name);
+            if ($name=='opcache.optimization_level' && is_integer($value)) {
+                $value='0x'.dechex($value);
+            }
+            if ($name=='opcache.memory_consumption' && is_integer($value) && $value%(1024*1024)==0) {
+                $value=$value/(1024*1024);
+            }
+            if ($value===null || $value==='') {
+                $value=$lng['opcacheinfo']['novalue'];
+            }
+            if ($value===true) {
+                $value=$lng['opcacheinfo']['true'];
+            }
+            if ($value===false) {
+                $value=$lng['opcacheinfo']['false'];
+            }
+            if (is_integer($value)) {
+                $value=number_format($value,0,'.',' ');
+            }
+            $name=str_replace('_', ' ', $name);
+            eval("\$runtimelines.=\"" . getTemplate("settings/opcacheinfo/runtime_line") . "\";");
+        }
+    }
+    
+    $cachehits=@$opcache_status['opcache_statistics']['hits'] ?: 0;
+    $cachemiss=@$opcache_status['opcache_statistics']['misses'] ?: 0;
+    $blacklistmiss=@$opcache_status['opcache_statistics']['blacklist_misses'] ?: 0;
+    $cachetotal=$cachehits+$cachemiss+$blacklistmiss;
+    
+    $general=array(
+        'version' => (isset($opcache_info['version']['opcache_product_name']) ? $opcache_info['version']['opcache_product_name'].' ' : '').$opcache_info['version']['version'],
+        'phpversion' => phpversion(),
+        'start_time'         => @$opcache_status['opcache_statistics']['start_time'] ? date('Y-m-d H:i:s',$opcache_status['opcache_statistics']['start_time']) : '',
+        'last_restart_time'  => @$opcache_status['opcache_statistics']['last_restart_time'] ? date('Y-m-d H:i:s',$opcache_status['opcache_statistics']['last_restart_time']) : $lng['opcacheinfo']['never'],
+        'oom_restarts' => number_format(@$opcache_status['opcache_statistics']['oom_restarts'] ?: 0,0,'.',' '),
+        'hash_restarts' => number_format(@$opcache_status['opcache_statistics']['hash_restarts'] ?: 0,0,'.',' '),
+        'manual_restarts' => number_format(@$opcache_status['opcache_statistics']['manual_restarts'] ?: 0,0,'.',' '),
+        'status' => (@$opcache_status['restart_in_progress'] ? $lng['opcacheinfo']['restartinprogress'] :
+            (@$opcache_status['restart_pending'] ? $lng['opcacheinfo']['restartpending'] :
+            (@$opcache_status['cache_full'] ? $lng['opcacheinfo']['cachefull'] :
+            (@$opcache_status['opcache_enabled'] ? $lng['opcacheinfo']['enabled'] : $lng['opcacheinfo']['novalue'])))),
+        'cachedscripts' => number_format(@$opcache_status['opcache_statistics']['num_cached_scripts'] ?: 0,0,'.',' '),
+        'cachehits' => number_format($cachehits,0,'.',' ') . ($cachetotal>0 ? sprintf(" (%.1f %%)", $cachehits/($cachetotal)*100) : ''),
+        'cachemiss' => number_format($cachemiss,0,'.',' ') . ($cachetotal>0 ? sprintf(" (%.1f %%)", $cachemiss/($cachetotal)*100) : ''),
+        'blacklistmiss' => number_format($blacklistmiss,0,'.',' ') . ($cachetotal>0 ? sprintf(" (%.1f %%)", $blacklistmiss/($cachetotal)*100) : ''),
+    );
+    
+    $usedmem=@$opcache_status['memory_usage']['used_memory'] ?: 0;
+    $usedmemstr=bsize($usedmem);
+    $freemem=@$opcache_status['memory_usage']['free_memory'] ?: 0;
+    $freememstr=bsize($freemem);
+    $totalmem=$usedmem+$freemem;
+    $wastedmem=@$opcache_status['memory_usage']['wasted_memory'] ?: 0;
+    $wastedmemstr=bsize($wastedmem);
+    if ($totalmem) {
+        $memory=array(
+            'total' => bsize($totalmem),
+            'used' => $usedmemstr . ($totalmem>0 ? sprintf(" (%.1f %%)", $usedmem/($totalmem)*100) : ''),
+            'free' => $freememstr . ($totalmem>0 ? sprintf(" (%.1f %%)", $freemem/($totalmem)*100) : ''),
+            'wasted' => $wastedmemstr . ($totalmem>0 ? sprintf(" (%.1f %%)", $wastedmem/($totalmem)*100) : ''),
+        );
+    }
+    
+    if (isset($opcache_status['interned_strings_usage'])) {
+        $usedstring=@$opcache_status['interned_strings_usage']['used_memory'] ?: 0;
+        $usedstringstr=bsize($usedstring);
+        $freestring=@$opcache_status['interned_strings_usage']['free_memory'] ?: 0;
+        $freestringstr=bsize($freestring);
+        $totalstring=$usedstring+$freestring;
+        $stringbuffer=array(
+            'total' => bsize($totalstring),
+            'used' => $usedstringstr . ($totalstring>0 ? sprintf(" (%.1f %%)", $usedstring/$totalstring*100) : ''),
+            'free' => $freestringstr . ($totalstring>0 ? sprintf(" (%.1f %%)", $freestring/$totalstring*100) : ''),
+            'strcount' => number_format(@$opcache_status['interned_strings_usage']['number_of_strings'] ?: 0,0,'.',' '),
+        );
+    }
+
+    $usedkey=@$opcache_status['opcache_statistics']['num_cached_keys'] ?: 0;
+    $usedkeystr=number_format($usedkey,0,'.',' ');
+    $totalkey=@$opcache_status['opcache_statistics']['max_cached_keys'] ?: 0;
+    $wastedkey=$usedkey - (@$opcache_status['opcache_statistics']['num_cached_scripts'] ?: 0);
+    if (isset($opcache_status['opcache_statistics'])) {
+        $keystat=array(
+            'total' => number_format($totalkey,0,'.',' '),
+            'used' => $usedkeystr . ($totalkey>0 ? sprintf(" (%.1f %%)", $usedkey/($totalkey)*100) : ''),
+            'wasted' => number_format($wastedkey,0,'.',' ') . ($totalkey>0 ? sprintf(" (%.1f %%)", $wastedkey/($totalkey)*100) : ''),
+        );
+    }
+    
+    $blacklistlines = '';
+    if (isset($opcache_info['blacklist']) && is_array($opcache_info['blacklist'])) {
+        foreach ($opcache_info['blacklist'] as $value) {
+            eval("\$blacklistlines.=\"" . getTemplate("settings/opcacheinfo/blacklist_line") . "\";");
+        }
+    }
+    
+    eval("echo \"" . getTemplate("settings/opcacheinfo/showinfo") . "\";");
+    
+}
+
+function bsize($s) {
+    foreach (array('', 'K', 'M', 'G') as $i => $k) {
+        if ($s < 1024)
+            break;
+        $s/=1024;
+    }
+    return sprintf("%5.1f %sBytes", $s, $k);
+}
--- a/admin_phpsettings.php
+++ b/admin_phpsettings.php
@@ -16,7 +16,6 @@
 * @package    Panel
 *
 */
-
 define('AREA', 'admin');
 require './lib/init.php';

@@ -27,104 +26,111 @@ if (isset($_POST['id'])) {
 }

 if ($page == 'overview') {
-
+	
 	if ($action == '') {
-
+		
 		$tablecontent = '';
 		$count = 0;
-		$result = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "`");
-
+		$result = Database::query("
+			SELECT c.*, fd.description as fpmdesc
+			FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+			LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fd ON fd.id = c.fpmsettingid
+			ORDER BY c.description ASC
+		");
+		
 		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
-
+			
 			$domainresult = false;
-			$query_params = array('id' => $row['id']);
-
-			$query = "SELECT * FROM `".TABLE_PANEL_DOMAINS."`
+			$query_params = array(
+				'id' => $row['id']
+			);
+			
+			$query = "SELECT * FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `phpsettingid` = :id
 					AND `parentdomainid` = '0'";
-
-			if ((int)$userinfo['domains_see_all'] == 0) {
+			
+			if ((int) $userinfo['domains_see_all'] == 0) {
 				$query .= " AND `adminid` = :adminid";
 				$query_params['adminid'] = $userinfo['adminid'];
 			}
-
-			if ((int)Settings::Get('panel.phpconfigs_hidestdsubdomain') == 1) {
+			
+			if ((int) Settings::Get('panel.phpconfigs_hidestdsubdomain') == 1) {
 				$ssdids_res = Database::query("
-					SELECT DISTINCT `standardsubdomain` FROM `".TABLE_PANEL_CUSTOMERS."`
-					WHERE `standardsubdomain` > 0 ORDER BY `standardsubdomain` ASC;"
-				);
+					SELECT DISTINCT `standardsubdomain` FROM `" . TABLE_PANEL_CUSTOMERS . "`
+					WHERE `standardsubdomain` > 0 ORDER BY `standardsubdomain` ASC;");
 				$ssdids = array();
 				while ($ssd = $ssdids_res->fetch(PDO::FETCH_ASSOC)) {
 					$ssdids[] = $ssd['standardsubdomain'];
 				}
 				if (count($ssdids) > 0) {
-					$query .= " AND `id` NOT IN (".implode(', ', $ssdids).")";
+					$query .= " AND `id` NOT IN (" . implode(', ', $ssdids) . ")";
 				}
 			}
-
+			
 			$domainresult_stmt = Database::prepare($query);
 			Database::pexecute($domainresult_stmt, $query_params);
-
+			
 			$domains = '';
 			if (Database::num_rows() > 0) {
 				while ($row2 = $domainresult_stmt->fetch(PDO::FETCH_ASSOC)) {
-					$domains.= $row2['domain'] . '<br/>';
+					$domains .= $row2['domain'] . '<br/>';
 				}
 			}
-
+			
 			// check whether we use that config as froxor-vhost config
-			if (Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $row['id']
-				|| Settings::Get('phpfpm.vhost_defaultini') == $row['id']
-			) {
+			if (Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $row['id'] || Settings::Get('phpfpm.vhost_defaultini') == $row['id']) {
 				$domains .= Settings::Get('system.hostname');
 			}
-
+			
 			if ($domains == '') {
 				$domains = $lng['admin']['phpsettings']['notused'];
 			}
-
+			
 			// check whether this is our default config
-			if ((Settings::Get('system.mod_fcgid') == '1'
-				&& Settings::Get('system.mod_fcgid_defaultini') == $row['id'])
-				|| (Settings::Get('phpfpm.enabled') == '1'
-				&& Settings::Get('phpfpm.defaultini') == $row['id'])
-			) {
-				$row['description'] = '<b>'.$row['description'].'</b>';
+			if ((Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_defaultini') == $row['id']) || (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.defaultini') == $row['id'])) {
+				$row['description'] = '<b>' . $row['description'] . '</b>';
 			}
-
+			
 			$count ++;
 			eval("\$tablecontent.=\"" . getTemplate("phpconfig/overview_overview") . "\";");
 		}
-
+		
 		$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting overview has been viewed by '" . $userinfo['loginname'] . "'");
 		eval("echo \"" . getTemplate("phpconfig/overview") . "\";");
 	}
-
+	
 	if ($action == 'add') {
-
-		if ((int)$userinfo['change_serversettings'] == 1) {
-
-			if (isset($_POST['send'])
-				&& $_POST['send'] == 'send'
-			) {
+		
+		if ((int) $userinfo['change_serversettings'] == 1) {
+			
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$description = validate($_POST['description'], 'description');
 				$phpsettings = validate(str_replace("\r\n", "\n", $_POST['phpsettings']), 'phpsettings', '/^[^\0]*$/');
-
+				
 				if (Settings::Get('system.mod_fcgid') == 1) {
 					$binary = makeCorrectFile(validate($_POST['binary'], 'binary'));
 					$file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/');
-					$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', ''));
-					$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', ''));
+					$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array(
+						'-1',
+						''
+					));
+					$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array(
+						'-1',
+						''
+					));
 					$mod_fcgid_umask = validate($_POST['mod_fcgid_umask'], 'mod_fcgid_umask', '/^[0-9]*$/');
 					// disable fpm stuff
+					$fpm_config_id = 1;
 					$fpm_enableslowlog = 0;
 					$fpm_reqtermtimeout = 0;
 					$fpm_reqslowtimeout = 0;
-				}
-				elseif (Settings::Get('phpfpm.enabled') == 1) {
-					$fpm_enableslowlog = isset($_POST['phpfpm_enable_slowlog']) ? (int)$_POST['phpfpm_enable_slowlog'] : 0;
+					$fpm_pass_authorizationheader = 0;
+				} elseif (Settings::Get('phpfpm.enabled') == 1) {
+					$fpm_config_id = intval($_POST['fpmconfig']);
+					$fpm_enableslowlog = isset($_POST['phpfpm_enable_slowlog']) ? (int) $_POST['phpfpm_enable_slowlog'] : 0;
 					$fpm_reqtermtimeout = validate($_POST['phpfpm_reqtermtimeout'], 'phpfpm_reqtermtimeout', '/^([0-9]+)(|s|m|h|d)$/');
 					$fpm_reqslowtimeout = validate($_POST['phpfpm_reqslowtimeout'], 'phpfpm_reqslowtimeout', '/^([0-9]+)(|s|m|h|d)$/');
+					$fpm_pass_authorizationheader = isset($_POST['phpfpm_pass_authorizationheader']) ? (int) $_POST['phpfpm_pass_authorizationheader'] : 0;
 					// disable fcgid stuff
 					$binary = '/usr/bin/php-cgi';
 					$file_extensions = 'php';
@@ -132,13 +138,11 @@ if ($page == 'overview') {
 					$mod_fcgid_maxrequests = 0;
 					$mod_fcgid_umask = "022";
 				}
-
-				if (strlen($description) == 0
-					|| strlen($description) > 50
-				) {
+				
+				if (strlen($description) == 0 || strlen($description) > 50) {
 					standard_error('descriptioninvalid');
 				}
-
+				
 				$ins_stmt = Database::prepare("
 					INSERT INTO `" . TABLE_PANEL_PHPCONFIGS . "` SET
 						`description` = :desc,
@@ -150,8 +154,9 @@ if ($page == 'overview') {
 						`fpm_slowlog` = :fpmslow,
 						`fpm_reqterm` = :fpmreqterm,
 						`fpm_reqslow` = :fpmreqslow,
-						`phpsettings` = :phpsettings"
-				);
+						`phpsettings` = :phpsettings,
+						`fpmsettingid` = :fpmsettingid,
+						`pass_authorizationheader` = :fpmpassauth");
 				$ins_data = array(
 					'desc' => $description,
 					'binary' => $binary,
@@ -162,123 +167,133 @@ if ($page == 'overview') {
 					'fpmslow' => $fpm_enableslowlog,
 					'fpmreqterm' => $fpm_reqtermtimeout,
 					'fpmreqslow' => $fpm_reqslowtimeout,
-					'phpsettings' => $phpsettings
+					'phpsettings' => $phpsettings,
+					'fpmsettingid' => $fpm_config_id,
+					'fpmpassauth' => $fpm_pass_authorizationheader
 				);
 				Database::pexecute($ins_stmt, $ins_data);
-
+				
 				inserttask('1');
 				$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with description '" . $description . "' has been created by '" . $userinfo['loginname'] . "'");
-				redirectTo($filename, array('page' => $page, 's' => $s));
-
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
-
+				
 				$result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = 1");
 				$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
-
-				$phpconfig_add_data = include_once dirname(__FILE__).'/lib/formfields/admin/phpconfig/formfield.phpconfig_add.php';
+				
+				$fpmconfigs = '';
+				$configs = Database::query("SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` ORDER BY `description` ASC");
+				while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
+					$fpmconfigs .= makeoption($row['description'], $row['id'], 1, true, true);
+				}
+				
+				$phpconfig_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/phpconfig/formfield.phpconfig_add.php';
 				$phpconfig_add_form = htmlform::genHTMLForm($phpconfig_add_data);
-
+				
 				$title = $phpconfig_add_data['phpconfig_add']['title'];
 				$image = $phpconfig_add_data['phpconfig_add']['image'];
-
+				
 				eval("echo \"" . getTemplate("phpconfig/overview_add") . "\";");
 			}
-
 		} else {
 			standard_error('nopermissionsorinvalidid');
 		}
 	}
-
+	
 	if ($action == 'delete') {
-
+		
 		$result_stmt = Database::prepare("
-			SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
-		);
-		$result = Database::pexecute_first($result_stmt, array('id' => $id));
-
-		if ((Settings::Get('system.mod_fcgid') == '1'
-			&& Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $id)
-			|| (Settings::Get('phpfpm.enabled') == '1'
-			&& Settings::Get('phpfpm.vhost_defaultini') == $id)
-		) {
+			SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $id
+		));
+		
+		if ((Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $id) || (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.vhost_defaultini') == $id)) {
 			standard_error('cannotdeletehostnamephpconfig');
 		}
-
-		if ((Settings::Get('system.mod_fcgid') == '1'
-			&& Settings::Get('system.mod_fcgid_defaultini') == $id)
-			|| (Settings::Get('phpfpm.enabled') == '1'
-			&& Settings::Get('phpfpm.defaultini') == $id)
-		) {
+		
+		if ((Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_defaultini') == $id) || (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.defaultini') == $id)) {
 			standard_error('cannotdeletedefaultphpconfig');
 		}
-
-		if ($result['id'] != 0
-			&& $result['id'] == $id
-			&& (int)$userinfo['change_serversettings'] == 1
-			&& $id != 1 // cannot delete the default php.config
-		) {
-
-			if (isset($_POST['send'])
-				&& $_POST['send'] == 'send'
-			) {
+		
+		if ($result['id'] != 0 && $result['id'] == $id && (int) $userinfo['change_serversettings'] == 1 && $id != 1) // cannot delete the default php.config
+		{
+			
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				// set php-config to default for all domains using the
 				// config that is to be deleted
 				$upd_stmt = Database::prepare("
 					UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
-					`phpsettingid` = '1' WHERE `phpsettingid` = :id"
-				);
-				Database::pexecute($upd_stmt, array('id' => $id));
-
+					`phpsettingid` = '1' WHERE `phpsettingid` = :id");
+				Database::pexecute($upd_stmt, array(
+					'id' => $id
+				));
+				
 				$del_stmt = Database::prepare("
-					DELETE FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
-				);
-				Database::pexecute($del_stmt, array('id' => $id));
-
+					DELETE FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id");
+				Database::pexecute($del_stmt, array(
+					'id' => $id
+				));
+				
 				inserttask('1');
-				$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with id #" . (int)$id . " has been deleted by '" . $userinfo['loginname'] . "'");
-				redirectTo($filename, array('page' => $page, 's' => $s));
-
+				$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with id #" . (int) $id . " has been deleted by '" . $userinfo['loginname'] . "'");
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
-				ask_yesno('phpsetting_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['description']);
+				ask_yesno('phpsetting_reallydelete', $filename, array(
+					'id' => $id,
+					'page' => $page,
+					'action' => $action
+				), $result['description']);
 			}
 		} else {
 			standard_error('nopermissionsorinvalidid');
 		}
 	}
-
+	
 	if ($action == 'edit') {
-
+		
 		$result_stmt = Database::prepare("
-			SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
-		);
-		$result = Database::pexecute_first($result_stmt, array('id' => $id));
-
-		if ($result['id'] != 0
-			&& $result['id'] == $id
-			&& (int)$userinfo['change_serversettings'] == 1
-		) {
-
-			if (isset($_POST['send'])
-				&& $_POST['send'] == 'send'
-			) {
+			SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $id
+		));
+		
+		if ($result['id'] != 0 && $result['id'] == $id && (int) $userinfo['change_serversettings'] == 1) {
+			
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$description = validate($_POST['description'], 'description');
 				$phpsettings = validate(str_replace("\r\n", "\n", $_POST['phpsettings']), 'phpsettings', '/^[^\0]*$/');
-
+				
 				if (Settings::Get('system.mod_fcgid') == 1) {
 					$binary = makeCorrectFile(validate($_POST['binary'], 'binary'));
 					$file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/');
-					$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', ''));
-					$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', ''));
+					$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array(
+						'-1',
+						''
+					));
+					$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array(
+						'-1',
+						''
+					));
 					$mod_fcgid_umask = validate($_POST['mod_fcgid_umask'], 'mod_fcgid_umask', '/^[0-9]*$/');
 					// disable fpm stuff
+					$fpm_config_id = 1;
 					$fpm_enableslowlog = 0;
 					$fpm_reqtermtimeout = 0;
 					$fpm_reqslowtimeout = 0;
-				}
-				elseif (Settings::Get('phpfpm.enabled') == 1) {
-					$fpm_enableslowlog = isset($_POST['phpfpm_enable_slowlog']) ? (int)$_POST['phpfpm_enable_slowlog'] : 0;
+					$fpm_pass_authorizationheader = 0;
+				} elseif (Settings::Get('phpfpm.enabled') == 1) {
+					$fpm_config_id = intval($_POST['fpmconfig']);
+					$fpm_enableslowlog = isset($_POST['phpfpm_enable_slowlog']) ? (int) $_POST['phpfpm_enable_slowlog'] : 0;
 					$fpm_reqtermtimeout = validate($_POST['phpfpm_reqtermtimeout'], 'phpfpm_reqtermtimeout', '/^([0-9]+)(|s|m|h|d)$/');
 					$fpm_reqslowtimeout = validate($_POST['phpfpm_reqslowtimeout'], 'phpfpm_reqslowtimeout', '/^([0-9]+)(|s|m|h|d)$/');
+					$fpm_pass_authorizationheader = isset($_POST['phpfpm_pass_authorizationheader']) ? (int) $_POST['phpfpm_pass_authorizationheader'] : 0;
 					// disable fcgid stuff
 					$binary = '/usr/bin/php-cgi';
 					$file_extensions = 'php';
@@ -286,13 +301,11 @@ if ($page == 'overview') {
 					$mod_fcgid_maxrequests = 0;
 					$mod_fcgid_umask = "022";
 				}
-
-				if (strlen($description) == 0
-					|| strlen($description) > 50
-				) {
+				
+				if (strlen($description) == 0 || strlen($description) > 50) {
 					standard_error('descriptioninvalid');
 				}
-
+				
 				$upd_stmt = Database::prepare("
 					UPDATE `" . TABLE_PANEL_PHPCONFIGS . "` SET
 						`description` = :desc,
@@ -304,39 +317,292 @@ if ($page == 'overview') {
 						`fpm_slowlog` = :fpmslow,
 						`fpm_reqterm` = :fpmreqterm,
 						`fpm_reqslow` = :fpmreqslow,
-						`phpsettings` = :phpsettings
-					WHERE `id` = :id"
-				);
+						`phpsettings` = :phpsettings,
+						`fpmsettingid` = :fpmsettingid,
+						`pass_authorizationheader` = :fpmpassauth
+					WHERE `id` = :id");
 				$upd_data = array(
-						'desc' => $description,
-						'binary' => $binary,
-						'fext' => $file_extensions,
-						'starter' => $mod_fcgid_starter,
-						'mreq' => $mod_fcgid_maxrequests,
-						'umask' => $mod_fcgid_umask,
-						'fpmslow' => $fpm_enableslowlog,
-						'fpmreqterm' => $fpm_reqtermtimeout,
-						'fpmreqslow' => $fpm_reqslowtimeout,
-						'phpsettings' => $phpsettings,
-						'id' => $id
+					'desc' => $description,
+					'binary' => $binary,
+					'fext' => $file_extensions,
+					'starter' => $mod_fcgid_starter,
+					'mreq' => $mod_fcgid_maxrequests,
+					'umask' => $mod_fcgid_umask,
+					'fpmslow' => $fpm_enableslowlog,
+					'fpmreqterm' => $fpm_reqtermtimeout,
+					'fpmreqslow' => $fpm_reqslowtimeout,
+					'phpsettings' => $phpsettings,
+					'fpmsettingid' => $fpm_config_id,
+					'fpmpassauth' => $fpm_pass_authorizationheader,
+					'id' => $id
 				);
 				Database::pexecute($upd_stmt, $upd_data);
-
+				
 				inserttask('1');
 				$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with description '" . $description . "' has been changed by '" . $userinfo['loginname'] . "'");
-				redirectTo($filename, array('page' => $page, 's' => $s));
-
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {

-				$phpconfig_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php';
+				$fpmconfigs = '';
+				$configs = Database::query("SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` ORDER BY `description` ASC");
+				while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
+					$fpmconfigs .= makeoption($row['description'], $row['id'], $result['fpmsettingid'], true, true);
+				}
+
+				$phpconfig_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php';
 				$phpconfig_edit_form = htmlform::genHTMLForm($phpconfig_edit_data);

 				$title = $phpconfig_edit_data['phpconfig_edit']['title'];
 				$image = $phpconfig_edit_data['phpconfig_edit']['image'];
-
+				
 				eval("echo \"" . getTemplate("phpconfig/overview_edit") . "\";");
 			}
+		} else {
+			standard_error('nopermissionsorinvalidid');
+		}
+	}
+} elseif ($page == 'fpmdaemons') {
+	
+	if ($action == '') {
+		
+		$tablecontent = '';
+		$count = 0;
+		$result = Database::query("SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` ORDER BY `description` ASC");
+		
+		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {

+			$query_params = array(
+				'id' => $row['id']
+			);
+			
+			$query = "SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `fpmsettingid` = :id";
+			
+			$configresult_stmt = Database::prepare($query);
+			Database::pexecute($configresult_stmt, $query_params);
+			
+			$configs = '';
+			if (Database::num_rows() > 0) {
+				while ($row2 = $configresult_stmt->fetch(PDO::FETCH_ASSOC)) {
+					$configs .= $row2['description'] . '<br/>';
+				}
+			}
+			
+			if ($configs == '') {
+				$configs = $lng['admin']['phpsettings']['notused'];
+			}
+			
+			$count ++;
+			eval("\$tablecontent.=\"" . getTemplate("phpconfig/fpmdaemons_overview") . "\";");
+		}
+		
+		$log->logAction(ADM_ACTION, LOG_INFO, "fpm daemons setting overview has been viewed by '" . $userinfo['loginname'] . "'");
+		eval("echo \"" . getTemplate("phpconfig/fpmdaemons") . "\";");
+	}
+	
+	if ($action == 'add') {
+		
+		if ((int) $userinfo['change_serversettings'] == 1) {
+			
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				$description = validate($_POST['description'], 'description');
+				$reload_cmd = validate($_POST['reload_cmd'], 'reload_cmd');
+				$config_dir = validate($_POST['config_dir'], 'config_dir');
+				$pm = $_POST['pm'];
+				$max_children = isset($_POST['max_children']) ? (int) $_POST['max_children'] : 0;
+				$start_servers = isset($_POST['start_servers']) ? (int) $_POST['start_servers'] : 0;
+				$min_spare_servers = isset($_POST['min_spare_servers']) ? (int) $_POST['min_spare_servers'] : 0;
+				$max_spare_servers = isset($_POST['max_spare_servers']) ? (int) $_POST['max_spare_servers'] : 0;
+				$max_requests = isset($_POST['max_requests']) ? (int) $_POST['max_requests'] : 0;
+				$idle_timeout = isset($_POST['idle_timeout']) ? (int) $_POST['idle_timeout'] : 0;
+				$limit_extensions = validate($_POST['limit_extensions'], 'limit_extensions', '/^(\.[a-z]([a-z0-9]+)\ ?)+$/');
+				
+				if (strlen($description) == 0 || strlen($description) > 50) {
+					standard_error('descriptioninvalid');
+				}
+				
+				$ins_stmt = Database::prepare("
+					INSERT INTO `" . TABLE_PANEL_FPMDAEMONS . "` SET
+					`description` = :desc,
+					`reload_cmd` = :reload_cmd,
+					`config_dir` = :config_dir,
+					`pm` = :pm,
+					`max_children` = :max_children,
+					`start_servers` = :start_servers,
+					`min_spare_servers` = :min_spare_servers,
+					`max_spare_servers` = :max_spare_servers,
+					`max_requests` = :max_requests,
+					`idle_timeout` = :idle_timeout,
+					`limit_extensions` = :limit_extensions
+				");
+				$ins_data = array(
+					'desc' => $description,
+					'reload_cmd' => $reload_cmd,
+					'config_dir' => makeCorrectDir($config_dir),
+					'pm' => $pm,
+					'max_children' => $max_children,
+					'start_servers' => $start_servers,
+					'min_spare_servers' => $min_spare_servers,
+					'max_spare_servers' => $max_spare_servers,
+					'max_requests' => $max_requests,
+					'idle_timeout' => $idle_timeout,
+					'limit_extensions' => $limit_extensions
+				);
+				Database::pexecute($ins_stmt, $ins_data);
+				
+				inserttask('1');
+				$log->logAction(ADM_ACTION, LOG_INFO, "fpm-daemon setting with description '" . $description . "' has been created by '" . $userinfo['loginname'] . "'");
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
+			} else {
+				
+				$pm_select = makeoption('static', 'static', 'static', true, true);
+				$pm_select.= makeoption('dynamic', 'dynamic', 'static', true, true);
+				$pm_select.= makeoption('ondemand', 'ondemand', 'static', true, true);
+
+				$fpmconfig_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/phpconfig/formfield.fpmconfig_add.php';
+				$fpmconfig_add_form = htmlform::genHTMLForm($fpmconfig_add_data);
+				
+				$title = $fpmconfig_add_data['fpmconfig_add']['title'];
+				$image = $fpmconfig_add_data['fpmconfig_add']['image'];
+				
+				eval("echo \"" . getTemplate("phpconfig/fpmconfig_add") . "\";");
+			}
+		} else {
+			standard_error('nopermissionsorinvalidid');
+		}
+	}
+	
+	if ($action == 'delete') {
+		
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $id
+		));
+
+		if ($id == 1) {
+			standard_error('cannotdeletedefaultphpconfig');
+		}
+
+		if ($result['id'] != 0 && $result['id'] == $id && (int) $userinfo['change_serversettings'] == 1 && $id != 1) // cannot delete the default php.config
+		{
+			
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				// set default fpm daemon config for all php-config that use this config that is to be deleted
+				$upd_stmt = Database::prepare("
+					UPDATE `" . TABLE_PANEL_PHPCONFIGS . "` SET
+					`fpmsettingid` = '1' WHERE `fpmsettingid` = :id");
+				Database::pexecute($upd_stmt, array(
+					'id' => $id
+				));
+				
+				$del_stmt = Database::prepare("
+					DELETE FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id");
+				Database::pexecute($del_stmt, array(
+					'id' => $id
+				));
+				
+				inserttask('1');
+				$log->logAction(ADM_ACTION, LOG_INFO, "fpm-daemon setting with id #" . (int) $id . " has been deleted by '" . $userinfo['loginname'] . "'");
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
+			} else {
+				ask_yesno('fpmsetting_reallydelete', $filename, array(
+					'id' => $id,
+					'page' => $page,
+					'action' => $action
+				), $result['description']);
+			}
+		} else {
+			standard_error('nopermissionsorinvalidid');
+		}
+	}
+	
+	if ($action == 'edit') {
+		
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $id
+		));
+		
+		if ($result['id'] != 0 && $result['id'] == $id && (int) $userinfo['change_serversettings'] == 1) {
+			
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				$description = validate($_POST['description'], 'description');
+				$reload_cmd = validate($_POST['reload_cmd'], 'reload_cmd');
+				$config_dir = validate($_POST['config_dir'], 'config_dir');
+				$pm = $_POST['pm'];
+				$max_children = isset($_POST['max_children']) ? (int) $_POST['max_children'] : $result['max_children'];
+				$start_servers = isset($_POST['start_servers']) ? (int) $_POST['start_servers'] : $result['start_servers'];
+				$min_spare_servers = isset($_POST['min_spare_servers']) ? (int) $_POST['min_spare_servers'] : $result['min_spare_servers'];
+				$max_spare_servers = isset($_POST['max_spare_servers']) ? (int) $_POST['max_spare_servers'] : $result['max_spare_servers'];
+				$max_requests = isset($_POST['max_requests']) ? (int) $_POST['max_requests'] : $result['max_requests'];
+				$idle_timeout = isset($_POST['idle_timeout']) ? (int) $_POST['idle_timeout'] : $result['idle_timeout'];
+				$limit_extensions = validate($_POST['limit_extensions'], 'limit_extensions', '/^(\.[a-z]([a-z0-9]+)\ ?)+$/');
+				
+				if (strlen($description) == 0 || strlen($description) > 50) {
+					standard_error('descriptioninvalid');
+				}
+				
+				$upd_stmt = Database::prepare("
+					UPDATE `" . TABLE_PANEL_FPMDAEMONS . "` SET
+					`description` = :desc,
+					`reload_cmd` = :reload_cmd,
+					`config_dir` = :config_dir,
+					`pm` = :pm,
+					`max_children` = :max_children,
+					`start_servers` = :start_servers,
+					`min_spare_servers` = :min_spare_servers,
+					`max_spare_servers` = :max_spare_servers,
+					`max_requests` = :max_requests,
+					`idle_timeout` = :idle_timeout,
+					`limit_extensions` = :limit_extensions
+					WHERE `id` = :id
+				");
+				$upd_data = array(
+					'desc' => $description,
+					'reload_cmd' => $reload_cmd,
+					'config_dir' => makeCorrectDir($config_dir),
+					'pm' => $pm,
+					'max_children' => $max_children,
+					'start_servers' => $start_servers,
+					'min_spare_servers' => $min_spare_servers,
+					'max_spare_servers' => $max_spare_servers,
+					'max_requests' => $max_requests,
+					'idle_timeout' => $idle_timeout,
+					'limit_extensions' => $limit_extensions,
+					'id' => $id
+				);
+				Database::pexecute($upd_stmt, $upd_data);
+				
+				inserttask('1');
+				$log->logAction(ADM_ACTION, LOG_INFO, "fpm-daemon setting with description '" . $description . "' has been changed by '" . $userinfo['loginname'] . "'");
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
+			} else {
+				
+				$pm_select = makeoption('static', 'static', $result['pm'], true, true);
+				$pm_select.= makeoption('dynamic', 'dynamic', $result['pm'], true, true);
+				$pm_select.= makeoption('ondemand', 'ondemand', $result['pm'], true, true);
+
+				$fpmconfig_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/phpconfig/formfield.fpmconfig_edit.php';
+				$fpmconfig_edit_form = htmlform::genHTMLForm($fpmconfig_edit_data);
+				
+				$title = $fpmconfig_edit_data['fpmconfig_edit']['title'];
+				$image = $fpmconfig_edit_data['fpmconfig_edit']['image'];
+				
+				eval("echo \"" . getTemplate("phpconfig/fpmconfig_edit") . "\";");
+			}
 		} else {
 			standard_error('nopermissionsorinvalidid');
 		}
--- a/admin_plans.php
+++ b/admin_plans.php
@@ -0,0 +1,522 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Panel
+ *
+ */
+define('AREA', 'admin');
+require './lib/init.php';
+
+if (isset($_POST['id'])) {
+	$id = intval($_POST['id']);
+} elseif (isset($_GET['id'])) {
+	$id = intval($_GET['id']);
+}
+
+if ($page == '' || $page == 'overview') {
+	
+	if ($action == '') {
+		
+		$log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_plans");
+		$fields = array(
+			'p.name' => $lng['admin']['plans']['name'],
+			'p.description' => $lng['admin']['plans']['description'],
+			'adminname' => $lng['admin']['admin'],
+			'p.ts' => $lng['admin']['plans']['last_update']
+		);
+		$paging = new paging($userinfo, TABLE_PANEL_PLANS, $fields);
+		$plans = '';
+		$result_stmt = Database::prepare("
+			SELECT p.*, a.loginname as adminname
+			FROM `" . TABLE_PANEL_PLANS . "` p, `" . TABLE_PANEL_ADMINS . "` a
+			WHERE " . ($userinfo['customers_see_all'] ? '' : " `p`.`adminid` = :adminid AND ") . "
+			`p`.`adminid` = `a`.`adminid` " . $paging->getSqlWhere(false) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
+		Database::pexecute($result_stmt, array(
+			'adminid' => $userinfo['adminid']
+		));
+		$paging->setEntries(Database::num_rows());
+		$sortcode = $paging->getHtmlSortCode($lng);
+		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
+		$searchcode = $paging->getHtmlSearchCode($lng);
+		$pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s);
+		$i = 0;
+		$count = 0;
+		
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			
+			if ($paging->checkDisplay($i)) {
+				$row = htmlentities_array($row);
+				$row['ts_format'] = date("d.m.Y H:i", $row['ts']);
+				eval("\$plans.=\"" . getTemplate("plans/plans_plan") . "\";");
+				$count ++;
+			}
+			$i ++;
+		}
+		
+		eval("echo \"" . getTemplate("plans/plans") . "\";");
+	} elseif ($action == 'delete' && $id != 0) {
+		
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_PLANS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $id
+		));
+		
+		if ($result['id'] != 0 && $result['id'] == $id && (int) $userinfo['adminid'] == $result['adminid']) {
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				
+				$del_stmt = Database::prepare("
+					DELETE FROM `" . TABLE_PANEL_PLANS . "` WHERE `id` = :id");
+				Database::pexecute($del_stmt, array(
+					'id' => $id
+				));
+				
+				$log->logAction(ADM_ACTION, LOG_INFO, "Plan '" . $result['name'] . "' has been deleted by '" . $userinfo['loginname'] . "'");
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
+			} else {
+				ask_yesno('plan_reallydelete', $filename, array(
+					'id' => $id,
+					'page' => $page,
+					'action' => $action
+				), $result['name']);
+			}
+		} else {
+			standard_error('nopermissionsorinvalidid');
+		}
+	} elseif ($action == 'add') {
+		
+		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			$name = validate($_POST['name'], 'name');
+			$description = validate(str_replace("\r\n", "\n", $_POST['description']), 'description', '/^[^\0]*$/');
+			
+			$value_arr = array();
+			
+			$value_arr['diskspace'] = intval_ressource($_POST['diskspace']);
+			if (isset($_POST['diskspace_ul'])) {
+				$value_arr['diskspace'] = - 1;
+			}
+			
+			$value_arr['traffic'] = doubleval_ressource($_POST['traffic']);
+			if (isset($_POST['traffic_ul'])) {
+				$value_arr['traffic'] = - 1;
+			}
+			
+			$value_arr['subdomains'] = intval_ressource($_POST['subdomains']);
+			if (isset($_POST['subdomains_ul'])) {
+				$value_arr['subdomains'] = - 1;
+			}
+			
+			$value_arr['emails'] = intval_ressource($_POST['emails']);
+			if (isset($_POST['emails_ul'])) {
+				$value_arr['emails'] = - 1;
+			}
+			
+			$value_arr['email_accounts'] = intval_ressource($_POST['email_accounts']);
+			if (isset($_POST['email_accounts_ul'])) {
+				$value_arr['email_accounts'] = - 1;
+			}
+			
+			$value_arr['email_forwarders'] = intval_ressource($_POST['email_forwarders']);
+			if (isset($_POST['email_forwarders_ul'])) {
+				$value_arr['email_forwarders'] = - 1;
+			}
+			
+			if (Settings::Get('system.mail_quota_enabled') == '1') {
+				$value_arr['email_quota'] = validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong', array(
+					'0',
+					''
+				));
+				if (isset($_POST['email_quota_ul'])) {
+					$value_arr['email_quota'] = - 1;
+				}
+			} else {
+				$value_arr['email_quota'] = - 1;
+			}
+			
+			$value_arr['email_imap'] = 0;
+			if (isset($_POST['email_imap'])) {
+				$value_arr['email_imap'] = intval_ressource($_POST['email_imap']);
+			}
+			
+			$value_arr['email_pop3'] = 0;
+			if (isset($_POST['email_pop3'])) {
+				$value_arr['email_pop3'] = intval_ressource($_POST['email_pop3']);
+			}
+			
+			$value_arr['ftps'] = intval_ressource($_POST['ftps']);
+			if (isset($_POST['ftps_ul'])) {
+				$value_arr['ftps'] = - 1;
+			}
+			
+			$value_arr['tickets'] = (Settings::Get('ticket.enabled') == 1 ? intval_ressource($_POST['tickets']) : 0);
+			if (isset($_POST['tickets_ul']) && Settings::Get('ticket.enabled') == '1') {
+				$value_arr['tickets'] = - 1;
+			}
+			
+			$value_arr['mysqls'] = intval_ressource($_POST['mysqls']);
+			if (isset($_POST['mysqls_ul'])) {
+				$value_arr['mysqls'] = - 1;
+			}
+			
+			$value_arr['phpenabled'] = 0;
+			if (isset($_POST['phpenabled'])) {
+				$value_arr['phpenabled'] = intval($_POST['phpenabled']);
+			}
+			
+			$value_arr['allowed_phpconfigs'] = array();
+			if (isset($_POST['allowed_phpconfigs']) && is_array($_POST['allowed_phpconfigs'])) {
+				foreach ($_POST['allowed_phpconfigs'] as $allowed_phpconfig) {
+					$allowed_phpconfig = intval($allowed_phpconfig);
+					$value_arr['allowed_phpconfigs'][] = $allowed_phpconfig;
+				}
+			}
+			
+			$value_arr['perlenabled'] = 0;
+			if (isset($_POST['perlenabled'])) {
+				$value_arr['perlenabled'] = intval($_POST['perlenabled']);
+			}
+			
+			$value_arr['dnsenabled'] = 0;
+			if (isset($_POST['dnsenabled'])) {
+				$value_arr['dnsenabled'] = intval($_POST['dnsenabled']);
+			}
+			
+			$ins_stmt = Database::prepare("
+				INSERT INTO `" . TABLE_PANEL_PLANS . "`
+				SET `adminid` = :adminid, `name` = :name, `description` = :desc, `value` = :valuearr, `ts` = UNIX_TIMESTAMP();
+			");
+			$ins_data = array(
+				'adminid' => $userinfo['adminid'],
+				'name' => $name,
+				'desc' => $description,
+				'valuearr' => json_encode($value_arr)
+			);
+			Database::pexecute($ins_stmt, $ins_data);
+			
+			$log->logAction(ADM_ACTION, LOG_WARNING, "added plan '" . $name . "'");
+			redirectTo($filename, array(
+				'page' => $page,
+				's' => $s
+			));
+		} else {
+			
+			$diskspace_ul = makecheckbox('diskspace_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$traffic_ul = makecheckbox('traffic_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$subdomains_ul = makecheckbox('subdomains_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$emails_ul = makecheckbox('emails_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$email_accounts_ul = makecheckbox('email_accounts_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$email_forwarders_ul = makecheckbox('email_forwarders_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$email_quota_ul = makecheckbox('email_quota_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$ftps_ul = makecheckbox('ftps_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$tickets_ul = makecheckbox('tickets_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$mysqls_ul = makecheckbox('mysqls_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			
+			$phpconfigs = array();
+			$configs = Database::query("
+					SELECT c.*, fc.description as interpreter
+					FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+					LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+				");
+			while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
+				if ((int) Settings::Get('phpfpm.enabled') == 1) {
+					$phpconfigs[] = array(
+						'label' => $row['description'] . " [" . $row['interpreter'] . "]<br />",
+						'value' => $row['id']
+					);
+				} else {
+					$phpconfigs[] = array(
+						'label' => $row['description'] . "<br />",
+						'value' => $row['id']
+					);
+				}
+			}
+			
+			// dummy to avoid unknown variables
+			$language_options = null;
+			$gender_options = null;
+			$hosting_plans = null;
+
+			$plans_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/plans/formfield.plans_add.php';
+			$cust_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/customer/formfield.customer_add.php';
+			// unset unneeded stuff
+			unset($cust_add_data['customer_add']['sections']['section_a']);
+			unset($cust_add_data['customer_add']['sections']['section_b']);
+			unset($cust_add_data['customer_add']['sections']['section_cpre']);
+			// merge
+			$plans_add_data['plans_add']['sections'] = array_merge($plans_add_data['plans_add']['sections'], $cust_add_data['customer_add']['sections']);
+			$plans_add_form = htmlform::genHTMLForm($plans_add_data);
+			
+			$title = $plans_add_data['plans_add']['title'];
+			$image = $plans_add_data['plans_add']['image'];
+			
+			eval("echo \"" . getTemplate("plans/plans_add") . "\";");
+		}
+	} elseif ($action == 'edit' && $id != 0) {
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_PLANS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $id
+		));
+		
+		if ($result['name'] != '') {
+			
+			$result['value'] = json_decode($result['value'], true);
+			$result = htmlentities_array($result);
+			
+			foreach ($result['value'] as $index => $value) {
+				$result[$index] = $value;
+			}
+			$result['allowed_phpconfigs'] = json_encode($result['allowed_phpconfigs']);
+			
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				
+				$name = validate($_POST['name'], 'name');
+				$description = validate(str_replace("\r\n", "\n", $_POST['description']), 'description', '/^[^\0]*$/');
+				
+				$value_arr = array();
+				
+				$value_arr['diskspace'] = intval_ressource($_POST['diskspace']);
+				if (isset($_POST['diskspace_ul'])) {
+					$value_arr['diskspace'] = - 1;
+				}
+				
+				$value_arr['traffic'] = doubleval_ressource($_POST['traffic']);
+				if (isset($_POST['traffic_ul'])) {
+					$value_arr['traffic'] = - 1;
+				}
+				
+				$value_arr['subdomains'] = intval_ressource($_POST['subdomains']);
+				if (isset($_POST['subdomains_ul'])) {
+					$value_arr['subdomains'] = - 1;
+				}
+				
+				$value_arr['emails'] = intval_ressource($_POST['emails']);
+				if (isset($_POST['emails_ul'])) {
+					$value_arr['emails'] = - 1;
+				}
+				
+				$value_arr['email_accounts'] = intval_ressource($_POST['email_accounts']);
+				if (isset($_POST['email_accounts_ul'])) {
+					$value_arr['email_accounts'] = - 1;
+				}
+				
+				$value_arr['email_forwarders'] = intval_ressource($_POST['email_forwarders']);
+				if (isset($_POST['email_forwarders_ul'])) {
+					$value_arr['email_forwarders'] = - 1;
+				}
+				
+				if (Settings::Get('system.mail_quota_enabled') == '1') {
+					$value_arr['email_quota'] = validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong', array(
+						'0',
+						''
+					));
+					if (isset($_POST['email_quota_ul'])) {
+						$value_arr['email_quota'] = - 1;
+					}
+				} else {
+					$value_arr['email_quota'] = - 1;
+				}
+				
+				$value_arr['email_imap'] = 0;
+				if (isset($_POST['email_imap'])) {
+					$value_arr['email_imap'] = intval_ressource($_POST['email_imap']);
+				}
+				
+				$value_arr['email_pop3'] = 0;
+				if (isset($_POST['email_pop3'])) {
+					$value_arr['email_pop3'] = intval_ressource($_POST['email_pop3']);
+				}
+				
+				$value_arr['ftps'] = intval_ressource($_POST['ftps']);
+				if (isset($_POST['ftps_ul'])) {
+					$value_arr['ftps'] = - 1;
+				}
+				
+				$value_arr['tickets'] = (Settings::Get('ticket.enabled') == 1 ? intval_ressource($_POST['tickets']) : 0);
+				if (isset($_POST['tickets_ul']) && Settings::Get('ticket.enabled') == '1') {
+					$value_arr['tickets'] = - 1;
+				}
+				
+				$value_arr['mysqls'] = intval_ressource($_POST['mysqls']);
+				if (isset($_POST['mysqls_ul'])) {
+					$value_arr['mysqls'] = - 1;
+				}
+				
+				$value_arr['phpenabled'] = 0;
+				if (isset($_POST['phpenabled'])) {
+					$value_arr['phpenabled'] = intval($_POST['phpenabled']);
+				}
+				
+				$value_arr['allowed_phpconfigs'] = array();
+				if (isset($_POST['allowed_phpconfigs']) && is_array($_POST['allowed_phpconfigs'])) {
+					foreach ($_POST['allowed_phpconfigs'] as $allowed_phpconfig) {
+						$allowed_phpconfig = intval($allowed_phpconfig);
+						$value_arr['allowed_phpconfigs'][] = $allowed_phpconfig;
+					}
+				}
+				
+				$value_arr['perlenabled'] = 0;
+				if (isset($_POST['perlenabled'])) {
+					$value_arr['perlenabled'] = intval($_POST['perlenabled']);
+				}
+				
+				$value_arr['dnsenabled'] = 0;
+				if (isset($_POST['dnsenabled'])) {
+					$value_arr['dnsenabled'] = intval($_POST['dnsenabled']);
+				}
+				
+				$ins_stmt = Database::prepare("
+					UPDATE `" . TABLE_PANEL_PLANS . "`
+					SET `name` = :name, `description` = :desc, `value` = :valuearr, `ts` = UNIX_TIMESTAMP()
+					WHERE `id` = :id
+				");
+				$ins_data = array(
+					'name' => $name,
+					'desc' => $description,
+					'valuearr' => json_encode($value_arr),
+					'id' => $id
+				);
+				Database::pexecute($ins_stmt, $ins_data);
+				
+				$log->logAction(ADM_ACTION, LOG_WARNING, "updated plan '" . $name . "'");
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
+			} else {
+
+				$diskspace_ul = makecheckbox('diskspace_ul', $lng['customer']['unlimited'], '-1', false, $result['diskspace'], true, true);
+				if ($result['diskspace'] == '-1') {
+					$result['diskspace'] = '';
+				}
+
+				$traffic_ul = makecheckbox('traffic_ul', $lng['customer']['unlimited'], '-1', false, $result['traffic'], true, true);
+				if ($result['traffic'] == '-1') {
+					$result['traffic'] = '';
+				}
+
+				$subdomains_ul = makecheckbox('subdomains_ul', $lng['customer']['unlimited'], '-1', false, $result['subdomains'], true, true);
+				if ($result['subdomains'] == '-1') {
+					$result['subdomains'] = '';
+				}
+				
+				$emails_ul = makecheckbox('emails_ul', $lng['customer']['unlimited'], '-1', false, $result['emails'], true, true);
+				if ($result['emails'] == '-1') {
+					$result['emails'] = '';
+				}
+				
+				$email_accounts_ul = makecheckbox('email_accounts_ul', $lng['customer']['unlimited'], '-1', false, $result['email_accounts'], true, true);
+				if ($result['email_accounts'] == '-1') {
+					$result['email_accounts'] = '';
+				}
+				
+				$email_forwarders_ul = makecheckbox('email_forwarders_ul', $lng['customer']['unlimited'], '-1', false, $result['email_forwarders'], true, true);
+				if ($result['email_forwarders'] == '-1') {
+					$result['email_forwarders'] = '';
+				}
+				
+				$email_quota_ul = makecheckbox('email_quota_ul', $lng['customer']['unlimited'], '-1', false, $result['email_quota'], true, true);
+				if ($result['email_quota'] == '-1') {
+					$result['email_quota'] = '';
+				}
+				
+				$ftps_ul = makecheckbox('ftps_ul', $lng['customer']['unlimited'], '-1', false, $result['ftps'], true, true);
+				if ($result['ftps'] == '-1') {
+					$result['ftps'] = '';
+				}
+				
+				$tickets_ul = makecheckbox('tickets_ul', $lng['customer']['unlimited'], '-1', false, $result['tickets'], true, true);
+				if ($result['tickets'] == '-1') {
+					$result['tickets'] = '';
+				}
+				
+				$mysqls_ul = makecheckbox('mysqls_ul', $lng['customer']['unlimited'], '-1', false, $result['mysqls'], true, true);
+				if ($result['mysqls'] == '-1') {
+					$result['mysqls'] = '';
+				}
+				
+				$phpconfigs = array();
+				$configs = Database::query("
+					SELECT c.*, fc.description as interpreter
+					FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+					LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+				");
+				while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
+					if ((int) Settings::Get('phpfpm.enabled') == 1) {
+						$phpconfigs[] = array(
+							'label' => $row['description'] . " [" . $row['interpreter'] . "]<br />",
+							'value' => $row['id']
+						);
+					} else {
+						$phpconfigs[] = array(
+							'label' => $row['description'] . "<br />",
+							'value' => $row['id']
+						);
+					}
+				}
+
+				$result['imap'] = $result['email_imap'];
+				$result['pop3'] = $result['email_pop3'];
+
+				// dummy to avoid unknown variables
+				$result['loginname'] = null;
+				$result['documentroot'] = null;
+				$result['standardsubdomain'] = null;
+				$result['deactivated'] = null;
+				$language_options = null;
+				$result['firstname'] = null;
+				$gender_options = null;
+				$result['company'] = null;
+				$result['street'] = null;
+				$result['zipcode'] = null;
+				$result['city'] = null;
+				$result['phone'] = null;
+				$result['fax'] = null;
+				$result['email'] = null;
+				$result['customernumber'] = null;
+				$result['custom_notes'] = null;
+				$result['custom_notes_show'] = null;
+				$hosting_plans = null;
+				$admin_select_cnt = null;
+				$admin_select = null;
+
+				$plans_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/plans/formfield.plans_edit.php';
+				$cust_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/customer/formfield.customer_edit.php';
+				// unset unneeded stuff
+				unset($cust_edit_data['customer_edit']['sections']['section_a']);
+				unset($cust_edit_data['customer_edit']['sections']['section_b']);
+				unset($cust_edit_data['customer_edit']['sections']['section_cpre']);
+				// merge
+				$plans_edit_data['plans_edit']['sections'] = array_merge($plans_edit_data['plans_edit']['sections'], $cust_edit_data['customer_edit']['sections']);
+				$plans_edit_form = htmlform::genHTMLForm($plans_edit_data);
+				
+				$title = $plans_edit_data['plans_edit']['title'];
+				$image = $plans_edit_data['plans_edit']['image'];
+				
+				eval("echo \"" . getTemplate("plans/plans_edit") . "\";");
+			}
+		}
+	} elseif ($action == 'jqGetPlanValues') {
+		$planid = isset($_POST['planid']) ? (int)$_POST['planid'] : 0;
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_PLANS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $planid
+		));
+		echo $result['value'];
+		exit;
+	}
+}
--- a/admin_settings.php
+++ b/admin_settings.php
@@ -54,7 +54,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 			$settings_part = false;
 			$only_enabledisable = true;
 		}
-		
+
 		// check if the session timeout is too low #815
 		if (isset($_POST['session_sessiontimeout'])
 			&& $_POST['session_sessiontimeout'] < 60
@@ -160,6 +160,8 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		inserttask('10');
 		// Using nameserver, insert a task which rebuilds the server config
 		inserttask('4');
+		// cron.d file
+		inserttask('99');

 		standard_success('rebuildingconfigs', '', array('filename' => 'admin_index.php'));

@@ -288,3 +290,107 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 	}
 	eval("echo \"" . getTemplate("settings/integritycheck") . "\";");
 }
+elseif ($page == 'importexport' && $userinfo['change_serversettings'] == '1')
+{
+	// check for json-stuff
+	if (! extension_loaded('json')) {
+		standard_error('jsonextensionnotfound');
+	}
+
+	if (isset($_GET['action']) && $_GET['action'] == "export") {
+		// export
+		try {
+			$json_export = SImExporter::export();
+		} catch(Exception $e) {
+			dynamic_error($e->getMessage());
+		}
+		header('Content-disposition: attachment; filename=Froxlor_settings-'.$version.'-'.$dbversion.'_'.date('d.m.Y').'.json');
+		header('Content-type: application/json');
+		echo $json_export;
+		exit;
+	} elseif (isset($_GET['action']) && $_GET['action'] == "import") {
+		// import
+		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			// get uploaded file
+			if (isset($_FILES["import_file"]["tmp_name"])) {
+				$imp_content = file_get_contents($_FILES["import_file"]["tmp_name"]);
+				try {
+					SImExporter::import($imp_content);
+				} catch(Exception $e) {
+					dynamic_error($e->getMessage());
+				}
+				standard_success('settingsimported', '', array('filename' => 'admin_settings.php'));
+			}
+			dynamic_error("Upload failed");
+		}
+	} else {
+		eval("echo \"" . getTemplate("settings/importexport/index") . "\";");
+	}
+}
+elseif ($page == 'testmail')
+{
+		if (isset($_POST['send']) && $_POST['send'] == 'send')
+		{
+			$test_addr = isset($_POST['test_addr']) ? $_POST['test_addr'] : null;
+
+			/**
+			 * Initialize the mailingsystem
+			 */
+			$testmail = new PHPMailer(true);
+			$testmail->CharSet = "UTF-8";
+
+			if (Settings::Get('system.mail_use_smtp')) {
+				$testmail->isSMTP();
+				$testmail->Host = Settings::Get('system.mail_smtp_host');
+				$testmail->SMTPAuth = Settings::Get('system.mail_smtp_auth') == '1' ? true : false;
+				$testmail->Username = Settings::Get('system.mail_smtp_user');
+				$testmail->Password = Settings::Get('system.mail_smtp_passwd');
+				if (Settings::Get('system.mail_smtp_usetls')) {
+					$testmail->SMTPSecure = 'tls';
+				} else {
+					$testmail->SMTPAutoTLS = false;
+				}
+				$testmail->Port = Settings::Get('system.mail_smtp_port');
+			}
+
+			$_mailerror = false;
+			if (PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')) !== false) {
+				// set return-to address and custom sender-name, see #76
+				$testmail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
+				if (Settings::Get('panel.adminmail_return') != '') {
+					$testmail->AddReplyTo(Settings::Get('panel.adminmail_return'), Settings::Get('panel.adminmail_defname'));
+				}
+
+				try {
+					$testmail->Subject = "Froxlor Test-Mail";
+					$mail_body = "Yay, this worked :)";
+					$testmail->AltBody = $mail_body;
+					$testmail->MsgHTML(str_replace("\n", "<br />", $mail_body));
+					$testmail->AddAddress($test_addr);
+					$testmail->Send();
+				} catch(phpmailerException $e) {
+					$mailerr_msg = $e->errorMessage();
+					$_mailerror = true;
+				} catch (Exception $e) {
+					$mailerr_msg = $e->getMessage();
+					$_mailerror = true;
+				}
+
+				if (!$_mailerror) {
+					// success
+					$mail->ClearAddresses();
+					standard_success('testmailsent', '', array('filename' => 'admin_settings.php', 'page' => 'testmail'));
+				}
+			} else {
+				// invalid sender e-mail
+				$mailerr_msg = "Invalid sender e-mail address: ".Settings::Get('panel.adminmail');
+				$_mailerror = true;
+			}
+		}
+
+		$mail_smtp_user = Settings::Get('system.mail_smtp_user');
+		$mail_smtp_host = Settings::Get('system.mail_smtp_host');
+		$mail_smtp_port = Settings::Get('system.mail_smtp_port');
+
+		eval("echo \"" . getTemplate("settings/testmail") . "\";");
+}
--- a/admin_templates.php
+++ b/admin_templates.php
@@ -99,7 +99,7 @@ if ($action == '') {
 	}

 	$add = false;
-	while (list($language_file, $language_name) = each($languages)) {
+	foreach ($languages as $language_file => $language_name) {

 		$templates_done = array();
 		$result_stmt = Database::prepare("
@@ -201,7 +201,6 @@ if ($action == '') {

 	} else {
 		standard_error('templatenotfound');
-		exit;
 	}

 } elseif($action == 'add') {
@@ -329,7 +328,7 @@ if ($action == '') {
 		$language_options = '';
 		$template_options = '';

-		while (list($language_file, $language_name) = each($languages)) {
+		foreach ($languages as $language_file => $language_name) {
 			$templates = array();
 			$result_stmt = Database::prepare("
 				SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
@@ -358,7 +357,6 @@ if ($action == '') {
 			eval("echo \"" . getTemplate("templates/templates_add_1") . "\";");
 		} else {
 			standard_error('alltemplatesdefined');
-			exit;
 		}

 	} else {
@@ -371,7 +369,6 @@ if ($action == '') {

 		if (Database::num_rows() == count($file_templates)) {
 			standard_error('alltemplatesdefined');
-			exit;

 		} else {

@@ -514,6 +511,5 @@ if ($action == '') {

 	} else {
 		standard_error('templatenotfound');
-		exit;
 	}
 }
--- a/admin_traffic.php
+++ b/admin_traffic.php
@@ -27,7 +27,6 @@ if ($action == 'logout') {
 	);
 	Database::pexecute($logout_stmt, array('adminid' => $userinfo['adminid']));
 	redirectTo('index.php');
-	exit;
 }

 if (isset($_POST['id'])) {
--- a/admin_updates.php
+++ b/admin_updates.php
@@ -54,7 +54,7 @@ if ($page == 'overview') {
 		}
 	}

-	if (hasUpdates($version)) {
+	if (hasDbUpdates($dbversion) || hasUpdates($version)) {
 		$successful_update = false;
 		$message = '';

@@ -67,16 +67,16 @@ if ($page == 'overview') {
 				|| !isset($_POST['update_preconfig'])
 			) {
 				eval("echo \"" . getTemplate('update/update_start') . "\";");
-	
+
 				include_once './install/updatesql.php';
-	
+
 				$redirect_url = 'admin_index.php?s=' . $s;
 				eval("echo \"" . getTemplate('update/update_end') . "\";");
-	
+
 				updateCounters();
 				inserttask('1');
 				@chmod('./lib/userdata.inc.php', 0440);
-				
+
 				$successful_update = true;
 			} else {
 				$message = '<br /><strong class="red">You have to agree that you have read the update notifications.</strong>';
@@ -85,15 +85,26 @@ if ($page == 'overview') {

 		if (!$successful_update) {
 			$current_version = Settings::Get('panel.version');
+			$current_db_version = Settings::Get('panel.db_version');
+			if (empty($current_db_version)) {
+			    $current_db_version = "0";
+			}
 			$new_version = $version;
+			$new_db_version = $dbversion;

 			$ui_text = $lng['update']['update_information']['part_a'];
-			$ui_text = str_replace('%curversion', $current_version, $ui_text);
-			$ui_text = str_replace('%newversion', $new_version, $ui_text);
+			if ($version != $current_version) {
+			     $ui_text = str_replace('%curversion', $current_version, $ui_text);
+			     $ui_text = str_replace('%newversion', $new_version, $ui_text);
+			} else {
+			    // show db version
+			    $ui_text = str_replace('%curversion', $current_db_version, $ui_text);
+			    $ui_text = str_replace('%newversion', $new_db_version, $ui_text);
+			}
 			$update_information = $ui_text;

 			include_once './install/updates/preconfig.php';
-			$preconfig = getPreConfig($current_version);
+			$preconfig = getPreConfig($current_version, $current_db_version);
 			if ($preconfig != '') {
 				$update_information .= '<br />' . $preconfig . $message;
 			}
--- a/customer_domains.php
+++ b/customer_domains.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','domains')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -36,7 +41,7 @@ if ($page == 'overview') {
 			'd.domain' => $lng['domains']['domainname']
 		);
 		$paging = new paging($userinfo, TABLE_PANEL_DOMAINS, $fields);
-		$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d`
+		$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isbinddomain`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `d`.`letsencrypt`, `d`.`termination_date`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `da` ON `da`.`aliasdomain`=`d`.`id`
 			WHERE `d`.`customerid`= :customerid
@@ -87,6 +92,18 @@ if ($page == 'overview') {
 				}
 			}

+			$row['termination_date'] = str_replace("0000-00-00", "", $row['termination_date']);
+			if($row['termination_date'] != "") {
+				$cdate = strtotime($row['termination_date'] . " 23:59:59");
+				$today = time();
+
+				if($cdate < $today) {
+					$row['termination_css'] = 'domain-expired';
+				} else {
+					$row['termination_css'] = 'domain-canceled';
+				}
+			}
+
 			$domains_count++;
 			$domain_array[$row['domain']] = $row;
 		}
@@ -146,7 +163,7 @@ if ($page == 'overview') {

 					// get ssl-ips if activated
 					$show_ssledit = false;
-					if (Settings::Get('system.use_ssl') == '1' && domainHasSslIpPort($row['id']) && $row['caneditdomain'] == '1') {
+					if (Settings::Get('system.use_ssl') == '1' && domainHasSslIpPort($row['id']) && $row['caneditdomain'] == '1' && $row['letsencrypt'] == 0) {
 						$show_ssledit = true;
 					}
 					$row = htmlentities_array($row);
@@ -159,7 +176,7 @@ if ($page == 'overview') {

 		eval("echo \"" . getTemplate("domains/domainlist") . "\";");
 	} elseif ($action == 'delete' && $id != 0) {
-		$stmt = Database::prepare("SELECT `id`, `customerid`, `domain`, `documentroot`, `isemaildomain`, `parentdomainid` FROM `" . TABLE_PANEL_DOMAINS . "`
+		$stmt = Database::prepare("SELECT `id`, `customerid`, `domain`, `documentroot`, `isemaildomain`, `parentdomainid`, `aliasdomain` FROM `" . TABLE_PANEL_DOMAINS . "`
 			WHERE `customerid` = :customerid
 			AND `id` = :id"
 		);
@@ -185,6 +202,8 @@ if ($page == 'overview') {
 					}
 				}

+				triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
+
 				$log->logAction(USR_ACTION, LOG_INFO, "deleted subdomain '" . $idna_convert->decode($result['domain']) . "'");
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE
 					`customerid` = :customerid
@@ -211,6 +230,20 @@ if ($page == 'overview') {
 				);
 				Database::pexecute($del_stmt, array('domainid' => $id));

+				// remove certificate from domain_ssl_settings, fixes #1596
+				$del_stmt = Database::prepare("
+					DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
+					WHERE `domainid` = :domainid"
+				);
+				Database::pexecute($del_stmt, array('domainid' => $id));
+
+				// remove possible existing DNS entries
+				$del_stmt = Database::prepare("
+					DELETE FROM `" . TABLE_DOMAIN_DNS . "`
+					WHERE `domain_id` = :domainid
+				");
+				Database::pexecute($del_stmt, array('domainid' => $id));
+
 				inserttask('1');

 				// Using nameserver, insert a task which rebuilds the server config
@@ -226,8 +259,13 @@ if ($page == 'overview') {
 	} elseif ($action == 'add') {
 		if ($userinfo['subdomains_used'] < $userinfo['subdomains'] || $userinfo['subdomains'] == '-1') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+
+				if (substr($_POST['subdomain'], 0, 4) == 'xn--') {
+					standard_error('domain_nopunycode');
+				}
+
 				$subdomain = $idna_convert->encode(preg_replace(array('/\:(\d)+$/', '/^https?\:\/\//'), '', validate($_POST['subdomain'], 'subdomain', '', 'subdomainiswrong')));
-				$domain = $idna_convert->encode($_POST['domain']);
+				$domain = $_POST['domain'];
 				$domain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `domain` = :domain
 					AND `customerid` = :customerid
@@ -239,9 +277,15 @@ if ($page == 'overview') {

 				$completedomain = $subdomain . '.' . $domain;

+				if (Settings::Get('system.validate_domain') && ! validateDomain($completedomain)) {
+					standard_error(array(
+						'stringiswrong',
+						'mydomain'
+					));
+				}
+
 				if ($completedomain == Settings::Get('system.hostname')) {
 					standard_error('admin_domain_emailsystemhostname');
-					exit;
 				}

 				$completedomain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "`
@@ -272,16 +316,20 @@ if ($page == 'overview') {
 						ORDER BY `d`.`domain` ASC;"
 					);
 					$aliasdomain_check = Database::pexecute_first($aliasdomain_stmt, array("id" => $aliasdomain, "customerid" => $userinfo['customerid']));
+					triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
 				}

-				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
+				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($_POST['url'])) {
 					$path = $_POST['url'];
 					$_doredirect = true;
 				} else {
 					$path = validate($_POST['path'], 'path');
 				}

-				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) {
+				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
+					if (strstr($path, ":") !== FALSE) {
+						standard_error('pathmaynotcontaincolon');
+					}
 					// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 					// set default path to subdomain or domain name
 					if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -289,9 +337,6 @@ if ($page == 'overview') {
 					} else {
 						$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
 					}
-					if (strstr($path, ":") !== FALSE) {
-						standard_error('pathmaynotcontaincolon');
-					}
 				} else {
 					$_doredirect = true;
 				}
@@ -303,7 +348,7 @@ if ($page == 'overview') {

 				$ssl_redirect = '0';
 				if (isset($_POST['ssl_redirect']) && $_POST['ssl_redirect'] == '1') {
-					// a ssl-redirect only works of there actually is a
+					// a ssl-redirect only works if there actually is a
 					// ssl ip/port assigned to the domain
 					if (domainHasSslIpPort($domain_check['id']) == true) {
 						$ssl_redirect = '1';
@@ -313,6 +358,27 @@ if ($page == 'overview') {
 					}
 				}

+				$letsencrypt = '0';
+				if (isset($_POST['letsencrypt']) && $_POST['letsencrypt'] == '1') {
+					// let's encrypt only works if there actually is a
+					// ssl ip/port assigned to the domain
+					if (domainHasSslIpPort($domain_check['id']) == true) {
+						$letsencrypt = '1';
+					} else {
+						standard_error('letsencryptonlypossiblewithsslipport');
+					}
+				}
+
+				// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
+				if ($ssl_redirect > 0 && $letsencrypt == 1) {
+					$ssl_redirect = 2;
+				}
+
+				// HSTS
+				$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+				$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+				$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 				if ($path == '') {
 					standard_error('patherror');
 				} elseif ($subdomain == '') {
@@ -339,6 +405,10 @@ if ($page == 'overview') {
 						// assign default config
 						$phpsid_result['phpsettingid'] = 1;
 					}
+					// check whether the customer has chosen its own php-config
+					if (isset($_POST['phpsettingid']) && intval($_POST['phpsettingid']) != $phpsid_result['phpsettingid']) {
+						$phpsid_result['phpsettingid'] = intval($_POST['phpsettingid']);
+					}

 					$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
 						`customerid` = :customerid,
@@ -349,12 +419,17 @@ if ($page == 'overview') {
 						`wwwserveralias` = :wwwserveralias,
 						`isemaildomain` = :isemaildomain,
 						`iswildcarddomain` = :iswildcarddomain,
+						`phpenabled` = :phpenabled,
 						`openbasedir` = :openbasedir,
 						`openbasedir_path` = :openbasedir_path,
 						`speciallogfile` = :speciallogfile,
 						`specialsettings` = :specialsettings,
 						`ssl_redirect` = :ssl_redirect,
-						`phpsettingid` = :phpsettingid"
+						`phpsettingid` = :phpsettingid,
+						`letsencrypt` = :letsencrypt,
+						`hsts` = :hsts,
+						`hsts_sub` = :hsts_sub,
+						`hsts_preload` = :hsts_preload"
 					);
 					$params = array(
 						"customerid" => $userinfo['customerid'],
@@ -367,10 +442,15 @@ if ($page == 'overview') {
 						"isemaildomain" => $domain_check['subcanemaildomain'] == '3' ? '1' : '0',
 						"openbasedir" => $domain_check['openbasedir'],
 						"openbasedir_path" => $openbasedir_path,
+						"phpenabled" => $domain_check['phpenabled'],
 						"speciallogfile" => $domain_check['speciallogfile'],
 						"specialsettings" => $domain_check['specialsettings'],
 						"ssl_redirect" => $ssl_redirect,
-						"phpsettingid" => $phpsid_result['phpsettingid']
+						"phpsettingid" => $phpsid_result['phpsettingid'],
+						"letsencrypt" => $letsencrypt,
+						"hsts" => $hsts_maxage,
+						"hsts_sub" => $hsts_sub,
+						"hsts_preload" => $hsts_preload
 					);
 					Database::pexecute($stmt, $params);

@@ -403,7 +483,7 @@ if ($page == 'overview') {
 					redirectTo($filename, array('page' => $page, 's' => $s));
 				}
 			} else {
-				$stmt = Database::prepare("SELECT `id`, `domain`, `documentroot`, `ssl_redirect`,`isemaildomain` FROM `" . TABLE_PANEL_DOMAINS . "`
+				$stmt = Database::prepare("SELECT `id`, `domain`, `documentroot`, `ssl_redirect`,`isemaildomain`,`letsencrypt` FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `customerid` = :customerid
 					AND `parentdomainid` = '0'
 					AND `email_only` = '0'
@@ -443,7 +523,12 @@ if ($page == 'overview') {

 				// check if we at least have one ssl-ip/port, #1179
 				$ssl_ipsandports = '';
-				$ssl_ip_stmt = Database::prepare("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'");
+				$ssl_ip_stmt = Database::prepare("
+					SELECT COUNT(*) as countSSL
+					FROM `".TABLE_PANEL_IPSANDPORTS."` pip
+					LEFT JOIN `".TABLE_DOMAINTOIP."` dti ON dti.id_ipandports = pip.id
+					WHERE pip.`ssl`='1'
+				");
 				Database::pexecute($ssl_ip_stmt);
 				$resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC);
 				if (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) {
@@ -453,6 +538,27 @@ if ($page == 'overview') {
 				$openbasedir = makeoption($lng['domain']['docroot'], 0, NULL, true) . makeoption($lng['domain']['homedir'], 1, NULL, true);
 				$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);

+				$phpconfigs = '';
+				$has_phpconfigs = false;
+				if (isset($userinfo['allowed_phpconfigs']) && !empty($userinfo['allowed_phpconfigs']))
+				{
+					$has_phpconfigs = true;
+					$allowed_cfg = json_decode($userinfo['allowed_phpconfigs'], JSON_OBJECT_AS_ARRAY);
+					$phpconfigs_result_stmt = Database::query("
+						SELECT c.*, fc.description as interpreter
+						FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+						LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+						WHERE c.id IN (".implode(", ", $allowed_cfg).")
+					");
+					while ($phpconfigs_row = $phpconfigs_result_stmt->fetch(PDO::FETCH_ASSOC)) {
+						if ((int) Settings::Get('phpfpm.enabled') == 1) {
+							$phpconfigs .= makeoption($phpconfigs_row['description'] . " [".$phpconfigs_row['interpreter']."]", $phpconfigs_row['id'], Settings::Get('phpfpm.defaultini'), true, true);
+						} else {
+							$phpconfigs .= makeoption($phpconfigs_row['description'], $phpconfigs_row['id'], Settings::Get('system.mod_fcgid_defaultini'), true, true);
+						}
+					}
+				}
+
 				$subdomain_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/domains/formfield.domains_add.php';
 				$subdomain_add_form = htmlform::genHTMLForm($subdomain_add_data);

@@ -464,8 +570,7 @@ if ($page == 'overview') {
 		}
 	} elseif ($action == 'edit' && $id != 0) {

-		$stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`wwwserveralias`, `d`.`iswildcarddomain`,
-			`d`.`parentdomainid`, `d`.`ssl_redirect`, `d`.`aliasdomain`, `d`.`openbasedir`, `d`.`openbasedir_path`, `pd`.`subcanemaildomain`
+		$stmt = Database::prepare("SELECT `d`.*, `pd`.`subcanemaildomain`
 			FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_DOMAINS . "` `pd`
 			WHERE `d`.`customerid` = :customerid
 			AND `d`.`id` = :id
@@ -483,14 +588,17 @@ if ($page == 'overview') {

 		if (isset($result['customerid']) && $result['customerid'] == $userinfo['customerid']) {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
-				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
+				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($_POST['url'])) {
 					$path = $_POST['url'];
 					$_doredirect = true;
 				} else {
 					$path = validate($_POST['path'], 'path');
 				}

-				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) {
+				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
+					if (strstr($path, ":") !== FALSE) {
+						standard_error('pathmaynotcontaincolon');
+					}
 					// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 					// set default path to subdomain or domain name
 					if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -498,16 +606,13 @@ if ($page == 'overview') {
 					} else {
 						$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
 					}
-					if (strstr($path, ":") !== FALSE) {
-						standard_error('pathmaynotcontaincolon');
-					}
 				} else {
 					$_doredirect = true;
 				}

-				$aliasdomain = intval($_POST['alias']);
+				$aliasdomain = isset($_POST['alias']) ? intval($_POST['alias']) : 0;

-				if (isset($_POST['selectserveralias']) && $result['parentdomainid'] == '0' ) {
+				if (isset($_POST['selectserveralias'])) {
 					$iswildcarddomain = ($_POST['selectserveralias'] == '0') ? '1' : '0';
 					$wwwserveralias = ($_POST['selectserveralias'] == '1') ? '1' : '0';
 				} else {
@@ -544,8 +649,15 @@ if ($page == 'overview') {
 					$openbasedir_path = '0';
 				}

+				// check whether the customer has chosen its own php-config
+				if (isset($_POST['phpsettingid'])) {
+					$phpsettingid = intval($_POST['phpsettingid']);
+				} else {
+					$phpsettingid = $result['phpsettingid'];
+				}
+
 				if (isset($_POST['ssl_redirect']) && $_POST['ssl_redirect'] == '1') {
-					// a ssl-redirect only works of there actually is a
+					// a ssl-redirect only works if there actually is a
 					// ssl ip/port assigned to the domain
 					if (domainHasSslIpPort($id) == true) {
 						$ssl_redirect = '1';
@@ -557,6 +669,38 @@ if ($page == 'overview') {
 					$ssl_redirect = '0';
 				}

+				if (isset($_POST['letsencrypt']) && $_POST['letsencrypt'] == '1') {
+					// let's encrypt only works if there actually is a
+					// ssl ip/port assigned to the domain
+					if (domainHasSslIpPort($id) == true) {
+						$letsencrypt = '1';
+					} else {
+						standard_error('letsencryptonlypossiblewithsslipport');
+					}
+				} else {
+					$letsencrypt = '0';
+				}
+
+				// We can't enable let's encrypt for wildcard - domains when using acme-v1
+				if ($iswildcarddomain == '1' && $letsencrypt == '1' && Settings::Get('system.leapiversion') == '1') {
+					standard_error('nowildcardwithletsencrypt');
+				}
+				// if using acme-v2 we cannot issue wildcard-certificates
+				// because they currently only support the dns-01 challenge
+				if ($iswildcarddomain == '0' && $letsencrypt == '1' && Settings::Get('system.leapiversion') == '2') {
+					standard_error('nowildcardwithletsencryptv2');
+				}
+
+				// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
+				if ($ssl_redirect > 0 && $letsencrypt == 1 && $result['letsencrypt'] != $letsencrypt) {
+					$ssl_redirect = 2;
+				}
+
+				// HSTS
+				$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+				$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+				$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 				if ($path == '') {
 					standard_error('patherror');
 				} else {
@@ -580,7 +724,13 @@ if ($page == 'overview') {
 						|| $iswildcarddomain != $result['iswildcarddomain']
 						|| $aliasdomain != $result['aliasdomain']
 						|| $openbasedir_path != $result['openbasedir_path']
-						|| $ssl_redirect != $result['ssl_redirect']) {
+						|| $ssl_redirect != $result['ssl_redirect']
+						|| $letsencrypt != $result['letsencrypt']
+						|| $hsts_maxage != $result['hsts']
+						|| $hsts_sub != $result['hsts_sub']
+						|| $hsts_preload != $result['hsts_preload']
+						|| $phpsettingid != $result['phpsettingid']
+					) {
 						$log->logAction(USR_ACTION, LOG_INFO, "edited domain '" . $idna_convert->decode($result['domain']) . "'");

 						$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
@@ -590,7 +740,12 @@ if ($page == 'overview') {
 							`iswildcarddomain`= :iswildcarddomain,
 							`aliasdomain`= :aliasdomain,
 							`openbasedir_path`= :openbasedir_path,
-							`ssl_redirect`= :ssl_redirect
+							`ssl_redirect`= :ssl_redirect,
+							`letsencrypt`= :letsencrypt,
+							`hsts` = :hsts,
+							`hsts_sub` = :hsts_sub,
+							`hsts_preload` = :hsts_preload,
+							`phpsettingid` = :phpsettingid
 							WHERE `customerid`= :customerid
 							AND `id`= :id"
 						);
@@ -602,10 +757,35 @@ if ($page == 'overview') {
 							"aliasdomain" => ($aliasdomain != 0 && $alias_check == 0) ? $aliasdomain : null,
 							"openbasedir_path" => $openbasedir_path,
 							"ssl_redirect" => $ssl_redirect,
+							"letsencrypt" => $letsencrypt,
+							"hsts" => $hsts_maxage,
+							"hsts_sub" => $hsts_sub,
+							"hsts_preload" => $hsts_preload,
+							"phpsettingid" => $phpsettingid,
 							"customerid" => $userinfo['customerid'],
 							"id" => $id
 						);
 						Database::pexecute($stmt, $params);
+
+						if ($result['aliasdomain'] != $aliasdomain) {
+							// trigger when domain id for alias destination has changed: both for old and new destination
+							triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
+							triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
+						} elseif ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
+							// or when wwwserveralias or letsencrypt was changed
+							triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
+						}
+
+						// check whether LE has been disabled, so we remove the certificate
+						if ($letsencrypt == '0' && $result['letsencrypt'] == '1')  {
+							$del_stmt = Database::prepare("
+								DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = :id
+							");
+							Database::pexecute($del_stmt, array(
+								'id' => $id
+							));
+						}
+
 						inserttask('1');

 						// Using nameserver, insert a task which rebuilds the server config
@@ -631,7 +811,7 @@ if ($page == 'overview') {
 					AND `dip`.`id_ipandports`
 					IN (SELECT `id_ipandports` FROM `".TABLE_DOMAINTOIP."`
 						WHERE `id_domain` = :id)
-					GROUP BY `d`.`domain`
+					GROUP BY `d`.`id`, `d`.`domain`
 					ORDER BY `d`.`domain` ASC"
 				);
 				Database::pexecute($domains_stmt, array("id" => $result['id'], "customerid" => $userinfo['customerid']));
@@ -640,7 +820,7 @@ if ($page == 'overview') {
 					$domains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id'], $result['aliasdomain']);
 				}

-				if (preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($idna_convert->encode($result['documentroot']))) {
+				if (preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($result['documentroot'])) {
 					if (Settings::Get('panel.pathedit') == 'Dropdown') {
 						$urlvalue = $result['documentroot'];
 						$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
@@ -664,13 +844,22 @@ if ($page == 'overview') {

 				// check if we at least have one ssl-ip/port, #1179
 				$ssl_ipsandports = '';
-				$ssl_ip_stmt = Database::prepare("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'");
-				Database::pexecute($ssl_ip_stmt);
+				$ssl_ip_stmt = Database::prepare("
+					SELECT COUNT(*) as countSSL
+					FROM `".TABLE_PANEL_IPSANDPORTS."` pip
+					LEFT JOIN `".TABLE_DOMAINTOIP."` dti ON dti.id_ipandports = pip.id
+					WHERE `dti`.`id_domain` = :id_domain AND pip.`ssl`='1'
+				");
+				Database::pexecute($ssl_ip_stmt, array("id_domain" => $result['id']));
 				$resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC);
 				if (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) {
 					$ssl_ipsandports = 'notempty';
 				}

+				// Fudge the result for ssl_redirect to hide the Let's Encrypt steps
+				$result['temporary_ssl_redirect'] = $result['ssl_redirect'];
+				$result['ssl_redirect'] = ($result['ssl_redirect'] == 0 ? 0 : 1);
+
 				$openbasedir = makeoption($lng['domain']['docroot'], 0, $result['openbasedir_path'], true) . makeoption($lng['domain']['homedir'], 1, $result['openbasedir_path'], true);

 				// create serveralias options
@@ -697,6 +886,27 @@ if ($page == 'overview') {
 					$result_ipandport['ip'] .= $rowip['ip'] . "<br />";
 				}

+				$phpconfigs = '';
+				$has_phpconfigs = false;
+				if (isset($userinfo['allowed_phpconfigs']) && !empty($userinfo['allowed_phpconfigs']))
+				{
+					$has_phpconfigs = true;
+					$allowed_cfg = json_decode($userinfo['allowed_phpconfigs'], JSON_OBJECT_AS_ARRAY);
+					$phpconfigs_result_stmt = Database::query("
+						SELECT c.*, fc.description as interpreter
+						FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+						LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+						WHERE c.id IN (".implode(", ", $allowed_cfg).")
+					");
+					while ($phpconfigs_row = $phpconfigs_result_stmt->fetch(PDO::FETCH_ASSOC)) {
+						if ((int) Settings::Get('phpfpm.enabled') == 1) {
+							$phpconfigs .= makeoption($phpconfigs_row['description'] . " [".$phpconfigs_row['interpreter']."]", $phpconfigs_row['id'], $result['phpsettingid'], true, true);
+						} else {
+							$phpconfigs .= makeoption($phpconfigs_row['description'], $phpconfigs_row['id'], $result['phpsettingid'], true, true);
+						}
+					}
+				}
+
 				$domainip = $result_ipandport['ip'];
 				$result = htmlentities_array($result);

@@ -829,4 +1039,12 @@ if ($page == 'overview') {

 		eval("echo \"" . getTemplate("domains/domain_ssleditor") . "\";");
 	}
+} elseif ($page == 'domaindnseditor' && $userinfo['dnsenabled'] == '1' && Settings::Get('system.dnsenabled') == '1') {
+
+	require_once __DIR__.'/dns_editor.php';
+
+} elseif ($page == 'sslcertificates') {
+
+	require_once __DIR__.'/ssl_certificates.php';
+
 }
--- a/customer_email.php
+++ b/customer_email.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','email')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -91,7 +96,8 @@ if ($page == 'overview') {
 					$row['destination'] = explode(' ', $row['destination']);
 					uasort($row['destination'], 'strcasecmp');

-					while (list($dest_id, $destination) = each($row['destination'])) {
+					$dest_list = $row['destination'];
+					foreach ($dest_list as $dest_id => $destination) {
 						$row['destination'][$dest_id] = $idna_convert->decode($row['destination'][$dest_id]);

 						if ($row['destination'][$dest_id] == $row['email_full']) {
@@ -159,7 +165,7 @@ if ($page == 'overview') {
 						Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $result['popaccountid']));
 						$update_users_query_addon .= " , `email_accounts_used` = `email_accounts_used` - 1 ";
 						$number_forwarders-= 1;
-						$log->logAction(USR_ACTION, LOG_NOTICE, "deleted forwarder for email address '" . $result['email'] . "'");
+						$log->logAction(USR_ACTION, LOG_INFO, "deleted forwarder for email address '" . $result['email'] . "'");
 					}
 				} else {
 					$number_forwarders = 0;
@@ -200,7 +206,8 @@ if ($page == 'overview') {
 		if ($userinfo['emails_used'] < $userinfo['emails'] || $userinfo['emails'] == '-1') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$email_part = $_POST['email_part'];
-				$domain = $idna_convert->encode(validate($_POST['domain'], 'domain'));
+				// domain does not need idna encoding as the value of the select-box is already Punycode
+				$domain = validate($_POST['domain'], 'domain');
 				$stmt = Database::prepare("SELECT `id`, `domain`, `customerid` FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `domain`= :domain
 					AND `customerid`= :customerid
@@ -244,7 +251,6 @@ if ($page == 'overview') {
 					standard_error('emailexistalready', $email_full);
 				} elseif ($email_check['email'] == $email) {
 					standard_error('youhavealreadyacatchallforthisdomain');
-					exit;
 				} else {
 					$stmt = Database::prepare("INSERT INTO `" . TABLE_MAIL_VIRTUAL . "`
 						(`customerid`, `email`, `email_full`, `iscatchall`, `domainid`)
@@ -318,7 +324,7 @@ if ($page == 'overview') {
 			$forwarders = '';
 			$forwarders_count = 0;

-			while (list($dest_id, $destination) = each($result['destination'])) {
+			foreach ($result['destination'] as $dest_id => $destination) {
 				$destination = $idna_convert->decode($destination);

 				if ($destination != $result['email_full'] && $destination != '') {
@@ -377,7 +383,6 @@ if ($page == 'overview') {

 					if ($email_check['email'] == $email) {
 						standard_error('youhavealreadyacatchallforthisdomain');
-						exit;
 					} else {
 						$stmt = Database::prepare("UPDATE `" . TABLE_MAIL_VIRTUAL . "`
 							SET `email` = :email , `iscatchall` = '1'
@@ -414,10 +419,11 @@ if ($page == 'overview') {
 				standard_error('notallowedtouseaccounts');
 			}

-			$stmt = Database::prepare("SELECT `id`, `email`, `email_full`, `iscatchall`, `destination`, `customerid`, `popaccountid`, `domainid` FROM `" . TABLE_MAIL_VIRTUAL . "`
-				WHERE `customerid`= :cid
-				AND `id`= :id"
-			);
+			$stmt = Database::prepare("
+			    SELECT `id`, `email`, `email_full`, `iscatchall`, `destination`, `customerid`, `popaccountid`, `domainid`
+			    FROM `" . TABLE_MAIL_VIRTUAL . "`
+			    WHERE `customerid`= :cid AND `id`= :id
+			");
 			$result = Database::pexecute_first($stmt, array("cid" => $userinfo['customerid'], "id" => $id));

 			if (isset($result['email']) && $result['email'] != '' && $result['popaccountid'] == '0') {
@@ -461,7 +467,9 @@ if ($page == 'overview') {
 						$maildirname=trim(Settings::Get('system.vmail_maildirname'));
 						// Add trailing slash to Maildir if needed
 						$maildirpath=$maildirname;
-						if (!empty($maildirname) and substr($maildirname,-1) != "/") $maildirpath.="/";
+						if (!empty($maildirname) && substr($maildirname,-1) != "/") {
+							$maildirpath.="/";
+						}

 						$stmt = Database::prepare("INSERT INTO `" . TABLE_MAIL_USERS . "`
 							(`customerid`, `email`, `username`, " . (Settings::Get('system.mailpwcleartext') == '1' ? '`password`, ' : '') . " `password_enc`, `homedir`, `maildir`, `uid`, `gid`, `domainid`, `postfix`, `quota`, `imap`, `pop3`) ".
@@ -595,7 +603,7 @@ if ($page == 'overview') {

 							if ($_mailerror) {
 								$log->logAction(USR_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
-								standard_error(array('errorsendingmail', $alternative_email));
+								standard_error(array('errorsendingmail'), $alternative_email);
 							}

 							$mail->ClearAddresses();
@@ -604,6 +612,11 @@ if ($page == 'overview') {
 						redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
 					}
 				} else {
+
+					if (checkMailAccDeletionState($result['email_full'])) {
+					   standard_error(array('mailaccistobedeleted'), $result['email_full']);
+					}
+
 					$result['email_full'] = $idna_convert->decode($result['email_full']);
 					$result = htmlentities_array($result);
 					$quota = Settings::Get('system.mail_quota');
@@ -633,16 +646,14 @@ if ($page == 'overview') {

 				if ($password == '') {
 					standard_error(array('stringisempty', 'mypassword'));
-					exit;
 				}
 				elseif ($password == $result['email_full']) {
 					standard_error('passwordshouldnotbeusername');
-					exit;
 				}

 				$password = validatePassword($password);

-				$log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'");
+				$log->logAction(USR_ACTION, LOG_INFO, "changed email password for '" . $result['email_full'] . "'");
 				$cryptPassword = makeCryptPassword($password);
 				$stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "`
 					SET " . (Settings::Get('system.mailpwcleartext') == '1' ? "`password` = :password, " : '') . "
@@ -689,7 +700,7 @@ if ($page == 'overview') {
 				if ($userinfo['email_quota'] != '-1' && ($quota == 0 || ($quota + $userinfo['email_quota_used'] - $result['quota']) > $userinfo['email_quota'])) {
 					standard_error('allocatetoomuchquota', $quota);
 				} else {
-					$log->logAction(USR_ACTION, LOG_NOTICE, "updated quota for email address '" . $result['email'] . "' to " . $quota . " MB");
+					$log->logAction(USR_ACTION, LOG_INFO, "updated quota for email address '" . $result['email'] . "' to " . $quota . " MB");
 					$stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "`
 						SET `quota` = :quota
 						WHERE `id` = :id
@@ -824,7 +835,7 @@ if ($page == 'overview') {
 						);
 						Database::pexecute($stmt, array("cid" => $userinfo['customerid']));

-						$log->logAction(USR_ACTION, LOG_NOTICE, "added email forwarder for '" . $result['email_full'] . "'");
+						$log->logAction(USR_ACTION, LOG_INFO, "added email forwarder for '" . $result['email_full'] . "'");
 						redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
 					}
 				} else {
@@ -885,7 +896,7 @@ if ($page == 'overview') {
 					);
 					Database::pexecute($stmt, array("cid" => $userinfo['customerid']));

-					$log->logAction(USR_ACTION, LOG_NOTICE, "deleted email forwarder for '" . $result['email_full'] . "'");
+					$log->logAction(USR_ACTION, LOG_INFO, "deleted email forwarder for '" . $result['email_full'] . "'");
 					redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
 				} else {
 					ask_yesno('email_reallydelete_forwarder', $filename, array('id' => $id, 'forwarderid' => $forwarderid, 'page' => $page, 'action' => $action), $idna_convert->decode($result['email_full']) . ' -> ' . $idna_convert->decode($forwarder));
--- a/customer_extras.php
+++ b/customer_extras.php
@@ -16,10 +16,14 @@
 * @package    Panel
 *
 */
-
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','extras')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -30,6 +34,12 @@ if ($page == 'overview') {
 	$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras");
 	eval("echo \"" . getTemplate("extras/extras") . "\";");
 } elseif ($page == 'htpasswds') {
+
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.directoryprotection')) {
+		redirectTo('customer_index.php');
+	}
+
 	if ($action == '') {
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htpasswds");
 		$fields = array(
@@ -38,9 +48,10 @@ if ($page == 'overview') {
 		);
 		$paging = new paging($userinfo, TABLE_PANEL_HTPASSWDS, $fields);
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
-			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
+			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid']
+		));
 		$paging->setEntries(Database::num_rows());
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
@@ -53,43 +64,54 @@ if ($page == 'overview') {
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			if ($paging->checkDisplay($i)) {
 				if (strpos($row['path'], $userinfo['documentroot']) === 0) {
-					$row['path'] = substr($row['path'], strlen($userinfo['documentroot']) - 1);
+					$row['path'] = str_replace($userinfo['documentroot'], "/", $row['path']);
 				}
-
+				$row['path'] = makeCorrectDir($row['path']);
 				$row = htmlentities_array($row);
 				eval("\$htpasswds.=\"" . getTemplate("extras/htpasswds_htpasswd") . "\";");
-				$count++;
+				$count ++;
 			}

-			$i++;
+			$i ++;
 		}

 		eval("echo \"" . getTemplate("extras/htpasswds") . "\";");
 	} elseif ($action == 'delete' && $id != 0) {
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
 			WHERE `customerid`= :customerid
-			AND `id`= :id"
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+			AND `id`= :id");
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid'],
+			"id" => $id
+		));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

 		if (isset($result['username']) && $result['username'] != '') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "`
 					WHERE `customerid`= :customerid
-					AND `id`= :id"
-				);
-				Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+					AND `id`= :id");
+				Database::pexecute($stmt, array(
+					"customerid" => $userinfo['customerid'],
+					"id" => $id
+				));

 				$log->logAction(USR_ACTION, LOG_INFO, "deleted htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
 				inserttask('1');
-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
 				if (strpos($result['path'], $userinfo['documentroot']) === 0) {
-					$result['path'] = substr($result['path'], strlen($userinfo['documentroot']) - 1);
+					$result['path'] = str_replace($userinfo['documentroot'], "/", $result['path']);
 				}

-				ask_yesno('extras_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username'] . ' (' . $result['path'] . ')');
+				ask_yesno('extras_reallydelete', $filename, array(
+					'id' => $id,
+					'page' => $page,
+					'action' => $action
+				), $result['username'] . ' (' . $result['path'] . ')');
 			}
 		}
 	} elseif ($action == 'add') {
@@ -104,8 +126,7 @@ if ($page == 'overview') {
 			$username_path_check_stmt = Database::prepare("SELECT `id`, `username`, `path` FROM `" . TABLE_PANEL_HTPASSWDS . "`
 				WHERE `username`= :username
 				AND `path`= :path
-				AND `customerid`= :customerid"
-			);
+				AND `customerid`= :customerid");
 			$params = array(
 				"username" => $username,
 				"path" => $path,
@@ -121,16 +142,22 @@ if ($page == 'overview') {
 				$password = crypt($_POST['directory_password']);
 			}

-			if (!$_POST['path']) {
+			if (! $_POST['path']) {
 				standard_error('invalidpath');
 			}

 			if ($username == '') {
-				standard_error(array('stringisempty', 'myloginname'));
+				standard_error(array(
+					'stringisempty',
+					'myloginname'
+				));
 			} elseif ($username_path_check['username'] == $username && $username_path_check['path'] == $path) {
 				standard_error('userpathcombinationdupe');
 			} elseif ($_POST['directory_password'] == '') {
-				standard_error(array('stringisempty', 'mypassword'));
+				standard_error(array(
+					'stringisempty',
+					'mypassword'
+				));
 			} elseif ($path == '') {
 				standard_error('patherror');
 			} elseif ($_POST['directory_password'] == $username) {
@@ -141,8 +168,7 @@ if ($page == 'overview') {
 					`username` = :username,
 					`password` = :password,
 					`path` = :path,
-					`authname` = :authname"
-				);
+					`authname` = :authname");
 				$params = array(
 					"customerid" => $userinfo['customerid'],
 					"username" => $username,
@@ -153,12 +179,15 @@ if ($page == 'overview') {
 				Database::pexecute($stmt, $params);
 				$log->logAction(USR_ACTION, LOG_INFO, "added htpasswd for '" . $username . " (" . $path . ")'");
 				inserttask('1');
-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			}
 		} else {
 			$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);

-			$htpasswd_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htpasswd_add.php';
+			$htpasswd_add_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.htpasswd_add.php';
 			$htpasswd_add_form = htmlform::genHTMLForm($htpasswd_add_data);

 			$title = $htpasswd_add_data['htpasswd_add']['title'];
@@ -169,9 +198,11 @@ if ($page == 'overview') {
 	} elseif ($action == 'edit' && $id != 0) {
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
 			WHERE `customerid`= :customerid
-			AND `id`= :id"
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+			AND `id`= :id");
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid'],
+			"id" => $id
+		));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

 		if (isset($result['username']) && $result['username'] != '') {
@@ -208,28 +239,30 @@ if ($page == 'overview') {
 				}

 				if ($pwd_sql != '' || $auth_sql != '') {
-					if ($pwd_sql !='' && $auth_sql != '') {
-						$pwd_sql.= ', ';
+					if ($pwd_sql != '' && $auth_sql != '') {
+						$pwd_sql .= ', ';
 					}

 					$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "`
-						SET ".$pwd_sql.$auth_sql."
+						SET " . $pwd_sql . $auth_sql . "
 						WHERE `customerid`= :customerid
-						AND `id`= :id"
-					);
+						AND `id`= :id");
 					Database::pexecute($stmt, $params);
 					$log->logAction(USR_ACTION, LOG_INFO, "edited htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
 					inserttask('1');
-					redirectTo($filename, array('page' => $page, 's' => $s));
+					redirectTo($filename, array(
+						'page' => $page,
+						's' => $s
+					));
 				}
 			} else {
 				if (strpos($result['path'], $userinfo['documentroot']) === 0) {
-					$result['path'] = substr($result['path'], strlen($userinfo['documentroot']));
+					$result['path'] = str_replace($userinfo['documentroot'], "/", $result['path']);
 				}

 				$result = htmlentities_array($result);

-				$htpasswd_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htpasswd_edit.php';
+				$htpasswd_edit_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.htpasswd_edit.php';
 				$htpasswd_edit_form = htmlform::genHTMLForm($htpasswd_edit_data);

 				$title = $htpasswd_edit_data['htpasswd_edit']['title'];
@@ -240,6 +273,12 @@ if ($page == 'overview') {
 		}
 	}
 } elseif ($page == 'htaccess') {
+
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.pathoptions')) {
+		redirectTo('customer_index.php');
+	}
+
 	if ($action == '') {
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htaccess");
 		$fields = array(
@@ -252,9 +291,10 @@ if ($page == 'overview') {
 		);
 		$paging = new paging($userinfo, TABLE_PANEL_HTACCESS, $fields);
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
-			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
+			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid']
+		));
 		$paging->setEntries(Database::num_rows());
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
@@ -269,60 +309,69 @@ if ($page == 'overview') {
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			if ($paging->checkDisplay($i)) {
 				if (strpos($row['path'], $userinfo['documentroot']) === 0) {
-					$row['path'] = substr($row['path'], strlen($userinfo['documentroot']));
-					// don't show nothing when it's the docroot, show slash
-					if ($row['path'] == '') { $row['path'] = '/'; }
+					$row['path'] = str_replace($userinfo['documentroot'], "/", $row['path']);
 				}
-
+				$row['path'] = makeCorrectDir($row['path']);
 				$row['options_indexes'] = str_replace('1', $lng['panel']['yes'], $row['options_indexes']);
 				$row['options_indexes'] = str_replace('0', $lng['panel']['no'], $row['options_indexes']);
 				$row['options_cgi'] = str_replace('1', $lng['panel']['yes'], $row['options_cgi']);
 				$row['options_cgi'] = str_replace('0', $lng['panel']['no'], $row['options_cgi']);
 				$row = htmlentities_array($row);
 				eval("\$htaccess.=\"" . getTemplate("extras/htaccess_htaccess") . "\";");
-				$count++;
+				$count ++;
 			}

-			$i++;
+			$i ++;
 		}

 		eval("echo \"" . getTemplate("extras/htaccess") . "\";");
 	} elseif ($action == 'delete' && $id != 0) {
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
 			WHERE `customerid` = :customerid
-			AND `id` = :id"
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+			AND `id` = :id");
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid'],
+			"id" => $id
+		));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

 		if (isset($result['customerid']) && $result['customerid'] != '' && $result['customerid'] == $userinfo['customerid']) {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				// do we have to remove the symlink and folder in suexecpath?
-				if ((int)Settings::Get('perl.suexecworkaround') == 1) {
+				if ((int) Settings::Get('perl.suexecworkaround') == 1) {
 					$loginname = getCustomerDetail($result['customerid'], 'loginname');
-					$suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath').'/'.$loginname.'/'.md5($result['path']).'/');
-					$perlsymlink = makeCorrectFile($result['path'].'/cgi-bin');
+					$suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath') . '/' . $loginname . '/' . md5($result['path']) . '/');
+					$perlsymlink = makeCorrectFile($result['path'] . '/cgi-bin');
 					// remove symlink
 					if (file_exists($perlsymlink)) {
-						safe_exec('rm -f '.escapeshellarg($perlsymlink));
+						safe_exec('rm -f ' . escapeshellarg($perlsymlink));
 						$log->logAction(USR_ACTION, LOG_DEBUG, "deleted suexecworkaround symlink '" . $perlsymlink . "'");
 					}
 					// remove folder in suexec-path
 					if (file_exists($suexecpath)) {
-						safe_exec('rm -rf '.escapeshellarg($suexecpath));
+						safe_exec('rm -rf ' . escapeshellarg($suexecpath));
 						$log->logAction(USR_ACTION, LOG_DEBUG, "deleted suexecworkaround path '" . $suexecpath . "'");
 					}
 				}
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTACCESS . "`
 					WHERE `customerid`= :customerid
-					AND `id`= :id"
-				);
-				Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+					AND `id`= :id");
+				Database::pexecute($stmt, array(
+					"customerid" => $userinfo['customerid'],
+					"id" => $id
+				));
 				$log->logAction(USR_ACTION, LOG_INFO, "deleted htaccess for '" . str_replace($userinfo['documentroot'], '/', $result['path']) . "'");
 				inserttask('1');
-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
-				ask_yesno('extras_reallydelete_pathoptions', $filename, array('id' => $id, 'page' => $page, 'action' => $action), str_replace($userinfo['documentroot'], '/', $result['path']));
+				ask_yesno('extras_reallydelete_pathoptions', $filename, array(
+					'id' => $id,
+					'page' => $page,
+					'action' => $action
+				), str_replace($userinfo['documentroot'], '/', $result['path']));
 			}
 		}
 	} elseif ($action == 'add') {
@@ -332,16 +381,18 @@ if ($page == 'overview') {
 			$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
 			$path_dupe_check_stmt = Database::prepare("SELECT `id`, `path` FROM `" . TABLE_PANEL_HTACCESS . "`
 				WHERE `path`= :path
-				AND `customerid`= :customerid"
-			);
-			Database::pexecute($path_dupe_check_stmt, array("path" => $path, "customerid" => $userinfo['customerid']));
+				AND `customerid`= :customerid");
+			Database::pexecute($path_dupe_check_stmt, array(
+				"path" => $path,
+				"customerid" => $userinfo['customerid']
+			));
 			$path_dupe_check = $path_dupe_check_stmt->fetch(PDO::FETCH_ASSOC);

-			if (!$_POST['path']) {
+			if (! $_POST['path']) {
 				standard_error('invalidpath');
 			}

-			if (isset($_POST['options_cgi']) && (int)$_POST['options_cgi'] != 0) {
+			if (isset($_POST['options_cgi']) && (int) $_POST['options_cgi'] != 0) {
 				$options_cgi = '1';
 			} else {
 				$options_cgi = '0';
@@ -374,8 +425,7 @@ if ($page == 'overview') {
 					`error404path` = :error404path,
 					`error403path` = :error403path,
 					`error500path` = :error500path,
-					`options_cgi` = :options_cgi'
-				);
+					`options_cgi` = :options_cgi');
 				$params = array(
 					"customerid" => $userinfo['customerid'],
 					"path" => $path,
@@ -389,13 +439,16 @@ if ($page == 'overview') {

 				$log->logAction(USR_ACTION, LOG_INFO, "added htaccess for '" . $path . "'");
 				inserttask('1');
-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			}
 		} else {
 			$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
 			$cperlenabled = customerHasPerlEnabled($userinfo['customerid']);

-			$htaccess_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htaccess_add.php';
+			$htaccess_add_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.htaccess_add.php';
 			$htaccess_add_form = htmlform::genHTMLForm($htaccess_add_data);

 			$title = $htaccess_add_data['htaccess_add']['title'];
@@ -406,9 +459,11 @@ if ($page == 'overview') {
 	} elseif (($action == 'edit') && ($id != 0)) {
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
 			WHERE `customerid` = :customerid
-			AND `id` = :id"
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+			AND `id` = :id");
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid'],
+			"id" => $id
+		));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

 		if ((isset($result['customerid'])) && ($result['customerid'] != '') && ($result['customerid'] == $userinfo['customerid'])) {
@@ -428,12 +483,7 @@ if ($page == 'overview') {
 				$error403path = correctErrorDocument($_POST['error403path']);
 				$error500path = correctErrorDocument($_POST['error500path']);

-				if (($option_indexes != $result['options_indexes'])
-					|| ($error404path != $result['error404path'])
-					|| ($error403path != $result['error403path'])
-					|| ($error500path != $result['error500path'])
-					|| ($options_cgi != $result['options_cgi'])
-				) {
+				if (($option_indexes != $result['options_indexes']) || ($error404path != $result['error404path']) || ($error403path != $result['error403path']) || ($error500path != $result['error500path']) || ($options_cgi != $result['options_cgi'])) {
 					inserttask('1');
 					$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTACCESS . "`
 						SET `options_indexes` = :options_indexes,
@@ -442,8 +492,7 @@ if ($page == 'overview') {
 						`error500path` = :error500path,
 						`options_cgi` = :options_cgi
 						WHERE `customerid` = :customerid
-						AND `id` = :id"
-					);
+						AND `id` = :id");
 					$params = array(
 						"customerid" => $userinfo['customerid'],
 						"options_indexes" => $_POST['options_indexes'] == '1' ? '1' : '0',
@@ -457,12 +506,13 @@ if ($page == 'overview') {
 					$log->logAction(USR_ACTION, LOG_INFO, "edited htaccess for '" . str_replace($userinfo['documentroot'], '/', $result['path']) . "'");
 				}

-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
 				if (strpos($result['path'], $userinfo['documentroot']) === 0) {
-					$result['path'] = substr($result['path'], strlen($userinfo['documentroot']));
-					// don't show nothing when it's the docroot, show slash
-					if ($result['path'] == '') { $result['path'] = '/'; }
+					$result['path'] = str_replace($userinfo['documentroot'], "/", $result['path']);
 				}

 				$result['error404path'] = $result['error404path'];
@@ -470,12 +520,12 @@ if ($page == 'overview') {
 				$result['error500path'] = $result['error500path'];
 				$cperlenabled = customerHasPerlEnabled($userinfo['customerid']);
 				/*
-				$options_indexes = makeyesno('options_indexes', '1', '0', $result['options_indexes']);
-				$options_cgi = makeyesno('options_cgi', '1', '0', $result['options_cgi']);
-				*/
+				 * $options_indexes = makeyesno('options_indexes', '1', '0', $result['options_indexes']);
+				 * $options_cgi = makeyesno('options_cgi', '1', '0', $result['options_cgi']);
+				 */
 				$result = htmlentities_array($result);

-				$htaccess_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htaccess_edit.php';
+				$htaccess_edit_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.htaccess_edit.php';
 				$htaccess_edit_form = htmlform::genHTMLForm($htaccess_edit_data);

 				$title = $htaccess_edit_data['htaccess_edit']['title'];
@@ -485,4 +535,106 @@ if ($page == 'overview') {
 			}
 		}
 	}
+} elseif ($page == 'backup') {
+
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.backup')) {
+		redirectTo('customer_index.php');
+	}
+
+	if (Settings::Get('system.backupenabled') == 1)
+	{
+		if ($action == 'abort' && isset($_POST['send']) && $_POST['send'] == 'send') {
+			$log->logAction(USR_ACTION, LOG_NOTICE, "customer_extras::backup - aborted scheduled backupjob");
+			$entry = isset($_POST['backup_job_entry']) ? (int)$_POST['backup_job_entry'] : 0;
+			if ($entry > 0) {
+				$del_stmt = Database::prepare("DELETE FROM `".TABLE_PANEL_TASKS."` WHERE `id` = :tid");
+				Database::pexecute($del_stmt, array('tid' => $entry));
+				standard_success('backupaborted');
+			}
+			redirectTo($filename, array('page' => $page, 'action' => '', 's' => $s));
+		}
+		if ($action == '') {
+			$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::backup");
+
+			// check whether there is a backup-job for this customer
+			$sel_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_TASKS."` WHERE `type` = '20'");
+			Database::pexecute($sel_stmt);
+			$existing_backupJob = null;
+			while ($entry = $sel_stmt->fetch())
+			{
+				$data = unserialize($entry['data']);
+				if ($data['customerid'] == $userinfo['customerid']) {
+					$existing_backupJob = $entry;
+					break;
+				}
+			}
+
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+
+				if (! $_POST['path']) {
+					standard_error('invalidpath');
+				}
+
+				$path = makeCorrectDir(validate($_POST['path'], 'path'));
+				$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
+
+				$backup_dbs = isset($_POST['backup_dbs']) ? intval($_POST['backup_dbs']) : 0;
+				$backup_mail = isset($_POST['backup_mail']) ? intval($_POST['backup_mail']) : 0;
+				$backup_web = isset($_POST['backup_web']) ? intval($_POST['backup_web']) : 0;
+
+				if ($backup_dbs != '1') {
+					$backup_dbs = '0';
+				}
+
+				if ($backup_mail != '1') {
+					$backup_mail = '0';
+				}
+
+				if ($backup_web != '1') {
+					$backup_web = '0';
+				}
+
+				$task_data = array(
+					'customerid' => $userinfo['customerid'],
+					'uid' => $userinfo['guid'],
+					'gid' => $userinfo['guid'],
+					'loginname' => $userinfo['loginname'],
+					'destdir' => $path,
+					'backup_dbs' => $backup_dbs,
+					'backup_mail' => $backup_mail,
+					'backup_web' => $backup_web
+				);
+				// schedule backup job
+				inserttask('20', $task_data);
+
+				standard_success('backupscheduled');
+			} else {
+
+				if (!empty($existing_backupJob)) {
+					$action = "abort";
+					$row = unserialize($entry['data']);
+					$row['path'] = makeCorrectDir(str_replace($userinfo['documentroot'], "/", $row['destdir']));
+					$row['backup_web'] = ($row['backup_web'] == '1') ? $lng['panel']['yes'] : $lng['panel']['no'];
+					$row['backup_mail'] = ($row['backup_mail'] == '1') ? $lng['panel']['yes'] : $lng['panel']['no'];
+					$row['backup_dbs'] = ($row['backup_dbs'] == '1') ? $lng['panel']['yes'] : $lng['panel']['no'];
+				}
+				$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
+				$backup_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.backup.php';
+				$backup_form = htmlform::genHTMLForm($backup_data);
+				$title = $backup_data['backup']['title'];
+				$image = $backup_data['backup']['image'];
+
+				if (!empty($existing_backupJob)) {
+					// overwrite backup_form after we took everything from it we needed
+					eval("\$backup_form = \"" . getTemplate("extras/backup_listexisting") . "\";");
+				}
+				eval("echo \"" . getTemplate("extras/backup") . "\";");
+			}
+		}
+	}
+	else
+	{
+		standard_error('backupfunctionnotenabled');
+	}
 }
--- a/customer_ftp.php
+++ b/customer_ftp.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','ftp')) {
+	redirectTo('customer_index.php');
+}
+
 $id = 0;
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
@@ -40,7 +45,7 @@ if ($page == 'overview') {
 		);
 		$paging = new paging($userinfo, TABLE_FTP_USERS, $fields);

-		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir` FROM `" . TABLE_FTP_USERS . "`
+		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `shell` FROM `" . TABLE_FTP_USERS . "`
 			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
 		);
 		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
@@ -129,6 +134,12 @@ if ($page == 'overview') {
 				// refs #293
 				if (isset($_POST['delete_userfiles']) && (int)$_POST['delete_userfiles'] == 1) {
 					inserttask('8', $userinfo['loginname'], $result['homedir']);
+				} else {
+					if (Settings::Get('system.nssextrausers') == 1)
+					{
+						// this is used so that the libnss-extrausers cron is fired
+						inserttask(5);
+					}
 				}

 				$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
@@ -153,6 +164,10 @@ if ($page == 'overview') {
 				$path = validate($_POST['path'], 'path');
 				$password = validate($_POST['ftp_password'], 'password');
 				$password = validatePassword($password);
+				$shell = "/bin/false";
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shell = isset($_POST['shell']) ? validate($_POST['shell'], 'shell') : '/bin/false';
+				}

 				$sendinfomail = isset($_POST['sendinfomail']) ? 1 : 0;
 				if ($sendinfomail != 1) {
@@ -200,8 +215,8 @@ if ($page == 'overview') {
 					$cryptPassword = makeCryptPassword($password);

 					$stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_USERS . "`
-						(`customerid`, `username`, `description`, `password`, `homedir`, `login_enabled`, `uid`, `gid`)
-						VALUES (:customerid, :username, :description, :password, :homedir, 'y', :guid, :guid)"
+						(`customerid`, `username`, `description`, `password`, `homedir`, `login_enabled`, `uid`, `gid`, `shell`)
+						VALUES (:customerid, :username, :description, :password, :homedir, 'y', :guid, :guid, :shell)"
 					);
 					$params = array(
 						"customerid" => $userinfo['customerid'],
@@ -209,7 +224,8 @@ if ($page == 'overview') {
 						"description" => $description,
 						"password" => $cryptPassword,
 						"homedir" => $path,
-						"guid" => $userinfo['guid']
+						"guid" => $userinfo['guid'],
+						"shell" => $shell
 					);
 					Database::pexecute($stmt, $params);

@@ -329,6 +345,18 @@ if ($page == 'overview') {
 					}
 				}

+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shells = makeoption("/bin/false", "/bin/false", "/bin/false");
+					$shells_avail = Settings::Get('system.available_shells');
+					if (!empty($shells_avail)) {
+						$shells_avail = explode(",", $shells_avail);
+						$shells_avail = array_map("trim", $shells_avail);
+						foreach ($shells_avail as $_shell) {
+							$shells .= makeoption($_shell, $_shell, "/bin/false");
+						}
+					}
+				}
+
 				//$sendinfomail = makeyesno('sendinfomail', '1', '0', '0');

 				$ftp_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/ftp/formfield.ftp_add.php';
@@ -341,7 +369,7 @@ if ($page == 'overview') {
 			}
 		}
 	} elseif ($action == 'edit' && $id != 0) {
-		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `uid`, `gid` FROM `" . TABLE_FTP_USERS . "`
+		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `uid`, `gid`, `shell` FROM `" . TABLE_FTP_USERS . "`
 			WHERE `customerid` = :customerid
 			AND `id` = :id"
 		);
@@ -353,6 +381,11 @@ if ($page == 'overview') {
 				// @FIXME use a good path-validating regex here (refs #1231)
 				$path = validate($_POST['path'], 'path');

+				$shell = "/bin/false";
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shell = isset($_POST['shell']) ? validate($_POST['shell'], 'shell') : '/bin/false';
+				}
+
 				$_setnewpass = false;
 				if (isset($_POST['ftp_password']) && $_POST['ftp_password'] != '') {
 					$password = validate($_POST['ftp_password'], 'password');
@@ -363,10 +396,8 @@ if ($page == 'overview') {
 				if ($_setnewpass) {
 					if ($password == '') {
 						standard_error(array('stringisempty', 'mypassword'));
-						exit;
 					} elseif ($result['username'] == $password) {
 						standard_error('passwordshouldnotbeusername');
-						exit;
 					}
 					$log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account password for '" . $result['username'] . "'");
 					$cryptPassword = makeCryptPassword($password);
@@ -406,13 +437,14 @@ if ($page == 'overview') {
 				}

 				$log->logAction(USR_ACTION, LOG_INFO, "edited ftp-account '" . $result['username'] . "'");
+				inserttask(5);
 				$description = validate($_POST['ftp_description'], 'description');
 				$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
-					SET `description` = :desc
+					SET `description` = :desc, `shell` = :shell
 					WHERE `customerid` = :customerid
 					AND `id` = :id"
 				);
-				Database::pexecute($stmt, array("desc" => $description, "customerid" => $userinfo['customerid'], "id" => $id));
+				Database::pexecute($stmt, array("desc" => $description, "shell" => $shell, "customerid" => $userinfo['customerid'], "id" => $id));

 				redirectTo($filename, array('page' => $page, 's' => $s));
 			} else {
@@ -438,6 +470,18 @@ if ($page == 'overview') {
 					}
 				}

+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shells = makeoption("/bin/false", "/bin/false", $result['shell']);
+					$shells_avail = Settings::Get('system.available_shells');
+					if (!empty($shells_avail)) {
+						$shells_avail = explode(",", $shells_avail);
+						$shells_avail = array_map("trim", $shells_avail);
+						foreach ($shells_avail as $_shell) {
+							$shells .= makeoption($_shell, $_shell, $result['shell']);
+						}
+					}
+				}
+
 				$ftp_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/ftp/formfield.ftp_edit.php';
 				$ftp_edit_form = htmlform::genHTMLForm($ftp_edit_data);

--- a/customer_index.php
+++ b/customer_index.php
@@ -40,7 +40,6 @@ if ($action == 'logout') {
 	Database::pexecute($stmt, $params);

 	redirectTo('index.php');
-	exit;
 }

 if ($page == 'overview') {
@@ -79,8 +78,15 @@ if ($page == 'overview') {
 	$yesterday = time() - (60 * 60 * 24);
 	$month = date('M Y', $yesterday);

+	// get disk-space usages for web, mysql and mail
+	$usages_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_DISKSPACE."` WHERE `customerid` = :cid ORDER BY `stamp` DESC LIMIT 1");
+	$usages = Database::pexecute_first($usages_stmt, array('cid' => $userinfo['customerid']));
+
 	$userinfo['diskspace'] = round($userinfo['diskspace'] / 1024, Settings::Get('panel.decimal_places'));
-	$userinfo['diskspace_used'] = round($userinfo['diskspace_used'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['diskspace_used'] = round($usages['webspace'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['mailspace_used'] = round($usages['mail'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['dbspace_used'] = round($usages['mysql'] / 1024, Settings::Get('panel.decimal_places'));
+
 	$userinfo['traffic'] = round($userinfo['traffic'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 	$userinfo['traffic_used'] = round($userinfo['traffic_used'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 	$userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'diskspace traffic mysqls emails email_accounts email_forwarders email_quota ftps tickets subdomains');
@@ -101,7 +107,6 @@ if ($page == 'overview') {
 		$old_password = validate($_POST['old_password'], 'old password');
 		if (!validatePasswordLogin($userinfo,$old_password,TABLE_PANEL_CUSTOMERS,'customerid')) {
 			standard_error('oldpasswordnotcorrect');
-			exit;
 		}

 		$new_password = validatePassword($_POST['new_password'], 'new password');
@@ -199,7 +204,7 @@ if ($page == 'overview') {
 		}

 		$language_options = '';
-		while (list($language_file, $language_name) = each($languages)) {
+		foreach ($languages as $language_file => $language_name) {
 			$language_options .= makeoption($language_name, $language_file, $default_lang, true);
 		}

@@ -269,7 +274,8 @@ if ($page == 'overview') {
 			$mail_body .= "File: ".$_error['file'].':'.$_error['line']."\n\n";
 			$mail_body .= "Trace:\n".trim($_error['trace'])."\n\n";
 			$mail_body .= "-------------------------------------------------------------\n\n";
-			$mail_body .= "Froxlor-version: ".$version."\n\n";
+			$mail_body .= "Froxlor-version: ".$version."\n";
+			$mail_body .= "DB-version: ".$dbversion."\n\n";
 			$mail_body .= "End of report";
 			$mail_html = str_replace("\n", "<br />", $mail_body);

--- a/customer_logger.php
+++ b/customer_logger.php
@@ -0,0 +1,121 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2003-2009 the SysCP Team (see authors).
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Florian Lippert <flo@syscp.org> (2003-2009)
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Panel
+ *
+ */
+define('AREA', 'customer');
+require './lib/init.php';
+
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options', 'extras.logger')) {
+	redirectTo('customer_index.php');
+}
+
+if ($page == 'log') {
+	if ($action == '') {
+		$fields = array(
+			'date' => $lng['logger']['date'],
+			'type' => $lng['logger']['type'],
+			'user' => $lng['logger']['user'],
+			'text' => $lng['logger']['action']
+		);
+		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, null, null, 0, 'desc', 30);
+		$query = 'SELECT * FROM `' . TABLE_PANEL_LOG . '` WHERE `user` = :loginname ' . $paging->getSqlWhere(true) . ' ' . $paging->getSqlOrderBy();
+		$result_stmt = Database::prepare($query . ' ' . $paging->getSqlLimit());
+		Database::pexecute($result_stmt, array(
+			"loginname" => $userinfo['loginname']
+		));
+		$result_cnt_stmt = Database::prepare($query);
+		Database::pexecute($result_cnt_stmt, array(
+			"loginname" => $userinfo['loginname']
+		));
+		$res_cnt = $result_cnt_stmt->fetch(PDO::FETCH_ASSOC);
+		$logs_count = $result_cnt_stmt->rowCount();
+		$paging->setEntries($logs_count);
+		$sortcode = $paging->getHtmlSortCode($lng);
+		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
+		$searchcode = $paging->getHtmlSearchCode($lng);
+		$pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s);
+		$clog = array();
+		
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			
+			if (! isset($clog[$row['action']]) || ! is_array($clog[$row['action']])) {
+				$clog[$row['action']] = array();
+			}
+			$clog[$row['action']][$row['logid']] = $row;
+		}
+		
+		if ($paging->sortfield == 'date' && $paging->sortorder == 'desc') {
+			krsort($clog);
+		} else {
+			ksort($clog);
+		}
+		
+		$i = 0;
+		$count = 0;
+		$log_count = 0;
+		$log = '';
+		foreach ($clog as $action => $logrows) {
+			$_action = 0;
+			foreach ($logrows as $row) {
+				// if ($paging->checkDisplay($i)) {
+				$row = htmlentities_array($row);
+				$row['date'] = date("d.m.y H:i:s", $row['date']);
+				
+				if ($_action != $action) {
+					switch ($action) {
+						case USR_ACTION:
+							$_action = $lng['admin']['customer'];
+							break;
+						case RES_ACTION:
+							$_action = $lng['logger']['reseller'];
+							break;
+						case ADM_ACTION:
+							$_action = $lng['logger']['admin'];
+							break;
+						case CRON_ACTION:
+							$_action = $lng['logger']['cron'];
+							break;
+						case LOGIN_ACTION:
+							$_action = $lng['logger']['login'];
+							break;
+						case LOG_ERROR:
+							$_action = $lng['logger']['intern'];
+							break;
+						default:
+							$_action = $lng['logger']['unknown'];
+							break;
+					}
+					
+					$row['action'] = $_action;
+					eval("\$log.=\"" . getTemplate('logger/logger_action') . "\";");
+				}
+				
+				$log_count ++;
+				$row['type'] = getLogLevelDesc($row['type']);
+				eval("\$log.=\"" . getTemplate('logger/logger_log') . "\";");
+				$count ++;
+				$_action = $action;
+				// }
+				$i ++;
+			}
+			$i ++;
+		}
+		
+		eval("echo \"" . getTemplate('logger/logger') . "\";");
+	}
+}
--- a/customer_mysql.php
+++ b/customer_mysql.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','mysql')) {
+	redirectTo('customer_index.php');
+}
+
 // get sql-root access data
 Database::needRoot(true);
 Database::needSqlData();
--- a/customer_tickets.php
+++ b/customer_tickets.php
@@ -20,6 +20,7 @@
 define('AREA', 'customer');
 require './lib/init.php';

+
 if (isset($_POST['id'])) {

 	$id = intval($_POST['id']);
@@ -327,7 +328,7 @@ if ($page == 'overview') {

 				$subject = $subticket->Get('subject');
 				$message = $subticket->Get('message');
-				
+
 				$row2 = htmlentities_array($row2);
 				eval("\$ticket_replies.=\"" . getTemplate("tickets/tickets_tickets_list") . "\";");
 			}
--- a/customer_traffic.php
+++ b/customer_traffic.php
@@ -20,6 +20,12 @@
 define('AREA', 'customer');
 $intrafficpage = 1;
 require './lib/init.php';
+
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','traffic')) {
+	redirectTo('customer_index.php');
+}
+
 $traffic = '';
 $month = null;
 $year = null;
@@ -109,8 +115,7 @@ if (!is_null($month) && !is_null($year)) {
 	$result_stmt = Database::prepare("SELECT `month`, `year`, SUM(`http`) AS http, SUM(`ftp_up`) AS ftp_up, SUM(`ftp_down`) AS ftp_down, SUM(`mail`) AS mail
 		FROM `" . TABLE_PANEL_TRAFFIC . "`
 		WHERE `customerid` = :customerid
-		GROUP BY CONCAT(`year`,`month`)
-		ORDER BY CONCAT(`year`,`month`) DESC
+		GROUP BY `year` DESC, `month` DESC
 		LIMIT 12"
 	);
 	Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
--- a/dns_editor.php
+++ b/dns_editor.php
@@ -0,0 +1,325 @@
+<?php
+if (! defined('AREA'))
+	die('You cannot access this file directly!');
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Froxlor team <team@froxlor.org> (2016-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Panel
+ *
+ */
+
+// This file is being included in admin_domains and customer_domains
+	// and therefore does not need to require lib/init.php
+
+$domain_id = isset($_GET['domain_id']) ? (int) $_GET['domain_id'] : null;
+
+$record = isset($_POST['record']['record']) ? trim($_POST['record']['record']) : null;
+$type = isset($_POST['record']['type']) ? $_POST['record']['type'] : 'A';
+$prio = isset($_POST['record']['prio']) ? (int) $_POST['record']['prio'] : null;
+$content = isset($_POST['record']['content']) ? trim($_POST['record']['content']) : null;
+$ttl = isset($_POST['record']['ttl']) ? (int) $_POST['record']['ttl'] : 18000;
+
+// get domain-name
+$domain = getAllowedDomainEntry($domain_id, AREA, $userinfo, $idna_convert);
+
+// select all entries
+$sel_stmt = Database::prepare("SELECT * FROM `" . TABLE_DOMAIN_DNS . "` WHERE domain_id = :did");
+Database::pexecute($sel_stmt, array(
+	'did' => $domain_id
+));
+$dom_entries = $sel_stmt->fetchAll(PDO::FETCH_ASSOC);
+
+$errors = array();
+$success_message = "";
+
+// action for adding a new entry
+if ($action == 'add_record' && ! empty($_POST)) {
+
+	// validation
+	if (empty($record)) {
+		$record = "@";
+	}
+
+	$record = strtolower($record);
+
+	if ($record != '@' && $record != '*') {
+		// validate record
+		if (strpos($record, '--') !== false) {
+			$errors[] = $lng['error']['domain_nopunycode'];
+		} else {
+			// check for wildcard-record
+			$add_wildcard_again = false;
+			if (substr($record, 0, 2) == '*.') {
+				$record = substr($record, 2);
+				$add_wildcard_again = true;
+			}
+			// convert entry
+			$record = $idna_convert->encode($record);
+
+			if ($add_wildcard_again) {
+				$record = '*.'.$record;
+			}
+
+			/*
+			 * see https://redmine.froxlor.org/issues/1697
+			 *
+			if ($type != 'SRV' && $type != 'TXT') {
+				$check_dom = $record . '.example.com';
+				if (! validateDomain($check_dom)) {
+					$errors[] = sprintf($lng['error']['subdomainiswrong'], $idna_convert->decode($record));
+				}
+			}
+			*/
+			if (strlen($record) > 63) {
+				$errors[] = $lng['error']['dns_record_toolong'];
+			}
+		}
+	}
+
+	// TODO regex validate content for invalid characters
+
+	if ($ttl <= 0) {
+		$ttl = 18000;
+	}
+
+	if (empty($content)) {
+		$errors[] = $lng['error']['dns_content_empty'];
+	}
+
+	// types
+	if ($type == 'A' && filter_var($content, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === false) {
+		$errors[] = $lng['error']['dns_arec_noipv4'];
+	} elseif ($type == 'AAAA' && filter_var($content, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === false) {
+		$errors[] = $lng['error']['dns_aaaarec_noipv6'];
+	} elseif ($type == 'MX') {
+		if ($prio === null || $prio < 0) {
+			$errors[] = $lng['error']['dns_mx_prioempty'];
+		}
+		// check for trailing dot
+		if (substr($content, - 1) == '.') {
+			// remove it for checks
+			$content = substr($content, 0, - 1);
+		}
+		if (! validateDomain($content)) {
+			$errors[] = $lng['error']['dns_mx_needdom'];
+		} else {
+			// check whether there is a CNAME-record for the same resource
+			foreach ($dom_entries as $existing_entries) {
+				$fqdn = $existing_entries['record'] . '.' . $domain;
+				if ($existing_entries['type'] == 'CNAME' && $fqdn == $content) {
+					$errors[] = $lng['error']['dns_mx_noalias'];
+					break;
+				}
+			}
+		}
+		// append trailing dot (again)
+		$content .= '.';
+	} elseif ($type == 'CNAME') {
+		// check for trailing dot
+		if (substr($content, - 1) == '.') {
+			// remove it for checks
+			$content = substr($content, 0, - 1);
+		} else {
+			// add domain name
+			$content .= '.' . $domain;
+		}
+		if (! validateDomain($content)) {
+			$errors[] = $lng['error']['dns_cname_invaliddom'];
+		} else {
+			// check whether there are RR-records for the same resource
+			foreach ($dom_entries as $existing_entries) {
+				if (($existing_entries['type'] == 'A' || $existing_entries['type'] == 'AAAA' || $existing_entries['type'] == 'MX' || $existing_entries['type'] == 'NS') && $existing_entries['record'] == $record) {
+					$errors[] = $lng['error']['dns_cname_nomorerr'];
+					break;
+				}
+			}
+		}
+		// append trailing dot (again)
+		$content .= '.';
+	} elseif ($type == 'NS') {
+		// check for trailing dot
+		if (substr($content, - 1) == '.') {
+			// remove it for checks
+			$content = substr($content, 0, - 1);
+		}
+		if (! validateDomain($content)) {
+			$errors[] = $lng['error']['dns_ns_invaliddom'];
+		}
+		// append trailing dot (again)
+		$content .= '.';
+	} elseif ($type == 'TXT' && ! empty($content)) {
+		// check that TXT content is enclosed in " "
+		$content = encloseTXTContent($content);
+	} elseif ($type == 'SRV') {
+		if ($prio === null || $prio < 0) {
+			$errors[] = $lng['error']['dns_srv_prioempty'];
+		}
+		// check only last part of content, as it can look like:
+		// _service._proto.name. TTL class SRV priority weight port target.
+		$_split_content = explode(" ", $content);
+		// SRV content must be [weight] [port] [target]
+		if (count($_split_content) != 3) {
+			$errors[] = $lng['error']['dns_srv_invalidcontent'];
+		}
+		$target = trim($_split_content[count($_split_content) - 1]);
+		if ($target != '.') {
+			// check for trailing dot
+			if (substr($target, - 1) == '.') {
+				// remove it for checks
+				$target = substr($target, 0, - 1);
+			}
+		}
+		if ($target != '.' && ! validateDomain($target)) {
+			$errors[] = $lng['error']['dns_srv_needdom'];
+		} else {
+			// check whether there is a CNAME-record for the same resource
+			foreach ($dom_entries as $existing_entries) {
+				$fqdn = $existing_entries['record'] . '.' . $domain;
+				if ($existing_entries['type'] == 'CNAME' && $fqdn == $target) {
+					$errors[] = $lng['error']['dns_srv_noalias'];
+					break;
+				}
+			}
+		}
+		// append trailing dot if there's none
+		if (substr($content, - 1) != '.') {
+			$content .= '.';
+		}
+	}
+
+	$new_entry = array(
+		'record' => $record,
+		'type' => $type,
+		'prio' => $prio,
+		'content' => $content,
+		'ttl' => $ttl,
+		'domain_id' => $domain_id
+	);
+	ksort($new_entry);
+
+	// check for duplicate
+	foreach ($dom_entries as $existing_entry) {
+		// compare serialized string of array
+		$check_entry = $existing_entry;
+		// new entry has no ID yet
+		unset($check_entry['id']);
+		// sort by key
+		ksort($check_entry);
+		// format integer fields to real integer (as they are read as string from the DB)
+		$check_entry['prio'] = (int) $check_entry['prio'];
+		$check_entry['ttl'] = (int) $check_entry['ttl'];
+		$check_entry['domain_id'] = (int) $check_entry['domain_id'];
+		// serialize both
+		$check_entry = serialize($check_entry);
+		$new = serialize($new_entry);
+		// compare
+		if ($check_entry === $new) {
+			$errors[] = $lng['error']['dns_duplicate_entry'];
+			unset($check_entry);
+			break;
+		}
+	}
+
+	if (empty($errors)) {
+		$ins_stmt = Database::prepare("
+			INSERT INTO `" . TABLE_DOMAIN_DNS . "` SET
+			`record` = :record,
+			`type` = :type,
+			`prio` = :prio,
+			`content` = :content,
+			`ttl` = :ttl,
+			`domain_id` = :domain_id
+		");
+
+		Database::pexecute($ins_stmt, $new_entry);
+
+		$new_entry_id = Database::lastInsertId();
+
+		// add temporary to the entries-array (no reread of DB necessary)
+		$new_entry['id'] = $new_entry_id;
+		$dom_entries[] = $new_entry;
+
+		// success message (inline)
+		$success_message = $lng['success']['dns_record_added'];
+
+		$record = "";
+		$type = 'A';
+		$prio = "";
+		$content = "";
+		$ttl = "";
+
+		// re-generate bind configs
+		inserttask('4');
+	} else {
+		// show $errors
+		$errors = implode("<br>", $errors);
+	}
+} elseif ($action == 'delete') {
+	// remove entry
+	$entry_id = isset($_GET['id']) ? (int) $_GET['id'] : 0;
+	if ($entry_id > 0) {
+		$del_stmt = Database::prepare("DELETE FROM `" . TABLE_DOMAIN_DNS . "` WHERE `id` = :id");
+		Database::pexecute($del_stmt, array(
+			'id' => $entry_id
+		));
+
+		// remove deleted entry from internal data array (no reread of DB necessary)
+		$_t = $dom_entries;
+		foreach ($_t as $idx => $entry) {
+			if ($entry['id'] == $entry_id) {
+				unset($dom_entries[$idx]);
+				break;
+			}
+		}
+		unset($_t);
+		// success message (inline)
+		$success_message = $lng['success']['dns_record_deleted'];
+
+		// re-generate bind configs
+		inserttask('4');
+	}
+}
+
+// show editor
+$record_list = "";
+$existing_entries = "";
+$type_select = "";
+$entriescount = 0;
+
+if (! empty($dom_entries)) {
+	$entriescount = count($dom_entries);
+	foreach ($dom_entries as $entry) {
+		$entry['content'] = wordwrap($entry['content'], 100, '<br>', true);
+		eval("\$existing_entries.=\"" . getTemplate("dns_editor/entry_bit", true) . "\";");
+	}
+}
+
+// available types
+$type_select_values = array(
+	'A',
+	'AAAA',
+	'NS',
+	'MX',
+	'SRV',
+	'TXT',
+	'CNAME'
+);
+asort($type_select_values);
+foreach ($type_select_values as $_type) {
+	$type_select .= makeoption($_type, $_type, $type);
+}
+
+eval("\$record_list=\"" . getTemplate("dns_editor/list", true) . "\";");
+
+$zone = createDomainZone($domain_id);
+$zonefile = (string) $zone;
+eval("echo \"" . getTemplate("dns_editor/index", true) . "\";");
--- a/index.php
+++ b/index.php
@@ -69,13 +69,13 @@ if ($action == 'login') {
 			}
 		}

-		if (hasUpdates($version) && $is_admin == false) {
+		if ((hasUpdates($version) || hasDbUpdates($dbversion)) && $is_admin == false) {
 			redirectTo('index.php');
 			exit;
 		}

 		if ($is_admin) {
-			if (hasUpdates($version)) {
+			if (hasUpdates($version) || hasDbUpdates($dbversion)) {
 				$stmt = Database::prepare("SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "`
 					WHERE `loginname`= :loginname
 					AND `change_serversettings` = '1'"
@@ -222,11 +222,15 @@ if ($action == 'login') {
 			$qryparams['s'] = $s;

 			if ($userinfo['adminsession'] == '1') {
-				if (hasUpdates($version)) {
+				if (hasUpdates($version) || hasDbUpdates($dbversion)) {
 					redirectTo('admin_updates.php', array('s' => $s));
 				} else {
 					if (isset($_POST['script']) && $_POST['script'] != "") {
-						redirectTo($_POST['script'], $qryparams);
+						if (preg_match("/customer\_/", $_POST['script']) === 1) {
+							redirectTo('admin_customers.php', array("page" => "customers"));
+						} else {
+							redirectTo($_POST['script'], $qryparams);
+						}
 					} else {
 						redirectTo('admin_index.php', $qryparams);
 					}
@@ -246,7 +250,7 @@ if ($action == 'login') {
 		$language_options = '';
 		$language_options .= makeoption($lng['login']['profile_lng'], 'profile', 'profile', true, true);

-		while (list($language_file, $language_name) = each($languages)) {
+		foreach ($languages as $language_file => $language_name) {
 			$language_options .= makeoption($language_name, $language_file, 'profile', true);
 		}

@@ -283,7 +287,7 @@ if ($action == 'login') {
 		}

 		$update_in_progress = '';
-		if (hasUpdates($version)) {
+		if (hasUpdates($version) || hasDbUpdates($dbversion)) {
 			$update_in_progress = $lng['update']['updateinprogress_onlyadmincanlogin'];
 		}
 		
@@ -298,7 +302,7 @@ if ($action == 'login') {
 		}
 		$lastqrystr = "";
 		if (isset($_REQUEST['qrystr']) && $_REQUEST['qrystr'] != "") {
-			$lastqrystr = strip_tags($_REQUEST['qrystr']);
+			$lastqrystr = htmlspecialchars($_REQUEST['qrystr'], ENT_QUOTES);
 		}

 		eval("echo \"" . getTemplate('login') . "\";");
@@ -345,8 +349,8 @@ if ($action == 'forgotpwd') {
 				if ($user !== false) {
 					// build a activation code
 					$timestamp = time();
-					$first = substr(md5($user['loginname'] . $timestamp . rand(0, $timestamp)), 0, 15);
-					$third = substr(md5($user['email'] . $timestamp . rand(0, $timestamp)), -15);
+					$first = substr(md5($user['loginname'] . $timestamp . randomStr(16)), 0, 15);
+					$third = substr(md5($user['email'] . $timestamp . randomStr(16)), -15);
 					$activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10);

 					// Drop all existing activation codes for this user
--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -23,7 +23,7 @@ CREATE TABLE `ftp_users` (
  `shell` varchar(255) NOT NULL default '/bin/false',
  `login_enabled` enum('N','Y') NOT NULL default 'N',
  `login_count` int(15) NOT NULL default '0',
-  `last_login` datetime NOT NULL default '0000-00-00 00:00:00',
+  `last_login` datetime default NULL,
  `up_count` int(15) NOT NULL default '0',
  `up_bytes` bigint(30) NOT NULL default '0',
  `down_count` int(15) NOT NULL default '0',
@@ -66,7 +66,7 @@ CREATE TABLE `mail_virtual` (
  `id` int(11) NOT NULL auto_increment,
  `email` varchar(255) NOT NULL default '',
  `email_full` varchar(255) NOT NULL default '',
-  `destination` text NOT NULL,
+  `destination` text,
  `domainid` int(11) NOT NULL default '0',
  `customerid` int(11) NOT NULL default '0',
  `popaccountid` int(11) NOT NULL default '0',
@@ -191,9 +191,14 @@ CREATE TABLE `panel_customers` (
  `pop3` tinyint(1) NOT NULL default '1',
  `imap` tinyint(1) NOT NULL default '1',
  `perlenabled` tinyint(1) NOT NULL default '0',
+  `dnsenabled` tinyint(1) NOT NULL default '0',
  `theme` varchar(255) NOT NULL default 'Sparkle',
  `custom_notes` text,
  `custom_notes_show` tinyint(1) NOT NULL default '0',
+  `lepublickey` mediumtext default NULL,
+  `leprivatekey` mediumtext default NULL,
+  `leregistered` tinyint(1) NOT NULL default '0',
+  `allowed_phpconfigs` varchar(500) NOT NULL default '',
   PRIMARY KEY  (`customerid`),
   UNIQUE KEY `loginname` (`loginname`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
@@ -234,6 +239,7 @@ CREATE TABLE `panel_domains` (
  `dkim_pubkey` text,
  `wwwserveralias` tinyint(1) NOT NULL default '1',
  `parentdomainid` int(11) NOT NULL default '0',
+  `phpenabled` tinyint(1) NOT NULL default '0',
  `openbasedir` tinyint(1) NOT NULL default '0',
  `openbasedir_path` tinyint(1) NOT NULL default '0',
  `speciallogfile` tinyint(1) NOT NULL default '0',
@@ -242,11 +248,19 @@ CREATE TABLE `panel_domains` (
  `deactivated` tinyint(1) NOT NULL default '0',
  `bindserial` varchar(10) NOT NULL default '2000010100',
  `add_date` int( 11 ) NOT NULL default '0',
-  `registration_date` date NOT NULL,
+  `registration_date` date DEFAULT NULL,
+  `termination_date` date DEFAULT NULL,
  `phpsettingid` INT( 11 ) UNSIGNED NOT NULL DEFAULT '1',
  `mod_fcgid_starter` int(4) default '-1',
  `mod_fcgid_maxrequests` int(4) default '-1',
  `ismainbutsubto` int(11) unsigned NOT NULL default '0',
+  `letsencrypt` tinyint(1) NOT NULL default '0',
+  `hsts` varchar(10) NOT NULL default '0',
+  `hsts_sub` tinyint(1) NOT NULL default '0',
+  `hsts_preload` tinyint(1) NOT NULL default '0',
+  `ocsp_stapling` tinyint(1) DEFAULT '0',
+  `http2` tinyint(1) DEFAULT '0',
+  `notryfiles` tinyint(1) DEFAULT '0',
  PRIMARY KEY  (`id`),
  KEY `customerid` (`customerid`),
  KEY `parentdomain` (`parentdomainid`),
@@ -272,7 +286,8 @@ CREATE TABLE `panel_ipsandports` (
  `default_vhostconf_domain` text,
  `ssl_cert_chainfile` varchar(255) NOT NULL,
  `docroot` varchar(255) NOT NULL default '',
-  PRIMARY KEY  (`id`)
+  PRIMARY KEY  (`id`),
+  UNIQUE KEY `ip_port` (`ip`,`port`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;


@@ -365,11 +380,11 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('dkim', 'dkim_domains', 'domains'),
 	('dkim', 'dkim_dkimkeys', 'dkim-keys.conf'),
 	('dkim', 'dkimrestart_command', '/etc/init.d/dkim-filter restart'),
-	('admin', 'show_news_feed', '1'),
+	('admin', 'show_news_feed', '0'),
 	('admin', 'show_version_login', '0'),
 	('admin', 'show_version_footer', '0'),
 	('spf', 'use_spf', '0'),
-	('spf', 'spf_entry', '@	IN	TXT	"v=spf1 a mx -all"'),
+	('spf', 'spf_entry', '"v=spf1 a mx -all"'),
 	('dkim', 'dkim_algorithm', 'all'),
 	('dkim', 'dkim_add_adsp', '1'),
 	('dkim', 'dkim_keylength', '1024'),
@@ -400,6 +415,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('phpfpm', 'max_requests', '0'),
 	('phpfpm', 'tmpdir', '/var/customers/tmp/'),
 	('phpfpm', 'peardir', '/usr/share/php/:/usr/share/php5/'),
+	('phpfpm', 'envpath', '/usr/local/bin:/usr/bin:/bin'),
 	('phpfpm', 'enabled_ownvhost', '0'),
 	('phpfpm', 'vhost_httpuser', 'froxlorlocal'),
 	('phpfpm', 'vhost_httpgroup', 'froxlorlocal'),
@@ -409,6 +425,102 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('phpfpm', 'vhost_defaultini', '2'),
 	('phpfpm', 'fastcgi_ipcdir', '/var/lib/apache2/fastcgi/'),
 	('phpfpm', 'use_mod_proxy', '0'),
+	('phpfpm', 'ini_flags', 'asp_tags
+display_errors
+display_startup_errors
+html_errors
+log_errors
+magic_quotes_gpc
+magic_quotes_runtime
+magic_quotes_sybase
+mail.add_x_header
+session.cookie_secure
+session.use_cookies
+short_open_tag
+track_errors
+xmlrpc_errors
+suhosin.simulation
+suhosin.session.encrypt
+suhosin.session.cryptua
+suhosin.session.cryptdocroot
+suhosin.cookie.encrypt
+suhosin.cookie.cryptua
+suhosin.cookie.cryptdocroot
+suhosin.executor.disable_eval
+mbstring.func_overload'),
+	('phpfpm', 'ini_values', 'auto_append_file
+auto_prepend_file
+date.timezone
+default_charset
+error_reporting
+include_path
+log_errors_max_len
+mail.log
+max_execution_time
+session.cookie_domain
+session.cookie_lifetime
+session.cookie_path
+session.name
+session.serialize_handler
+upload_max_filesize
+xmlrpc_error_number
+session.auto_start
+always_populate_raw_post_data
+suhosin.session.cryptkey
+suhosin.session.cryptraddr
+suhosin.session.checkraddr
+suhosin.cookie.cryptkey
+suhosin.cookie.plainlist
+suhosin.cookie.cryptraddr
+suhosin.cookie.checkraddr
+suhosin.executor.func.blacklist
+suhosin.executor.eval.whitelist'),
+	('phpfpm', 'ini_admin_flags', 'allow_call_time_pass_reference
+allow_url_fopen
+allow_url_include
+auto_detect_line_endings
+cgi.fix_pathinfo
+cgi.force_redirect
+enable_dl
+expose_php
+file_uploads
+ignore_repeated_errors
+ignore_repeated_source
+log_errors
+register_argc_argv
+report_memleaks
+opcache.enable
+opcache.consistency_checks
+opcache.dups_fix
+opcache.load_comments
+opcache.revalidate_path
+opcache.save_comments
+opcache.use_cwd
+opcache.validate_timestamps
+opcache.fast_shutdown'),
+	('phpfpm', 'ini_admin_values', 'cgi.redirect_status_env
+date.timezone
+disable_classes
+disable_functions
+error_log
+gpc_order
+max_input_time
+max_input_vars
+memory_limit
+open_basedir
+output_buffering
+post_max_size
+precision
+sendmail_path
+session.gc_divisor
+session.gc_probability
+variables_order
+opcache.log_verbosity_level
+opcache.restrict_api
+opcache.revalidate_freq
+opcache.max_accelerated_files
+opcache.memory_consumption
+opcache.interned_strings_buffer'),
 	('nginx', 'fastcgiparams', '/etc/nginx/fastcgi_params'),
 	('system', 'lastaccountnumber', '0'),
 	('system', 'lastguid', '9999'),
@@ -488,9 +600,11 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'ssl_cert_chainfile', ''),
 	('system', 'ssl_cipher_list', 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128'),
 	('system', 'nginx_php_backend', '127.0.0.1:8888'),
+	('system', 'http2_support', '0'),
 	('system', 'perl_server', 'unix:/var/run/nginx/cgiwrap-dispatch.sock'),
 	('system', 'phpreload_command', ''),
-	('system', 'apache24', '0'),
+	('system', 'apache24', '1'),
+	('system', 'apache24_ocsp_cache_path', 'shmcb:/var/run/apache2/ocsp-stapling.cache(131072)'),
 	('system', 'documentroot_use_default_value', '0'),
 	('system', 'passwordcryptfunc', '3'),
 	('system', 'axfrservers', ''),
@@ -504,11 +618,44 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'mailtraffic_enabled', '1'),
 	('system', 'cronconfig', '/etc/cron.d/froxlor'),
 	('system', 'crondreload', '/etc/init.d/cron reload'),
-	('system', 'croncmdline', '/usr/bin/nice -n 5 /usr/bin/php5 -q'),
+	('system', 'croncmdline', '/usr/bin/nice -n 5 /usr/bin/php -q'),
 	('system', 'cron_allowautoupdate', '0'),
 	('system', 'dns_createhostnameentry', '0'),
 	('system', 'send_cron_errors', '0'),
 	('system', 'apacheitksupport', '0'),
+	('system', 'leprivatekey', 'unset'),
+	('system', 'lepublickey', 'unset'),
+	('system', 'letsencryptca', 'production'),
+	('system', 'letsencryptcountrycode', 'DE'),
+	('system', 'letsencryptstate', 'Hessen'),
+	('system', 'letsencryptchallengepath', '/var/www/froxlor'),
+	('system', 'letsencryptkeysize', '4096'),
+	('system', 'letsencryptreuseold', 0),
+	('system', 'leenabled', '0'),
+	('system', 'leapiversion', '1'),
+	('system', 'backupenabled', '0'),
+	('system', 'dnsenabled', '0'),
+	('system', 'dns_server', 'bind'),
+	('system', 'apacheglobaldiropt', ''),
+	('system', 'allow_customer_shell', '0'),
+	('system', 'available_shells', ''),
+	('system', 'le_froxlor_enabled', '0'),
+	('system', 'le_froxlor_redirect', '0'),
+	('system', 'letsencryptacmeconf', '/etc/apache2/conf-enabled/acme.conf'),
+	('system', 'mail_use_smtp', '0'),
+	('system', 'mail_smtp_host', 'localhost'),
+	('system', 'mail_smtp_port', '25'),
+	('system', 'mail_smtp_usetls', '1'),
+	('system', 'mail_smtp_auth', '1'),
+	('system', 'mail_smtp_user', ''),
+	('system', 'mail_smtp_passwd', ''),
+	('system', 'hsts_maxage', '0'),
+	('system', 'hsts_incsub', '0'),
+	('system', 'hsts_preload', '0'),
+	('system', 'leregistered', '0'),
+	('system', 'nssextrausers', '0'),
+	('system', 'disable_le_selfcheck', '0'),
+	('system', 'ssl_protocols', 'TLSv1,TLSv1.2'),
 	('panel', 'decimal_places', '4'),
 	('panel', 'adminmail', 'admin@SERVERNAME'),
 	('panel', 'phpmyadmin_url', ''),
@@ -539,14 +686,16 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'password_numeric', '0'),
 	('panel', 'password_special_char_required', '0'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
-	('panel', 'version', '0.9.34.2');
+	('panel', 'customer_hide_options', ''),
+	('panel', 'version', '0.9.39.5'),
+	('panel', 'db_version', '201802130');


 DROP TABLE IF EXISTS `panel_tasks`;
 CREATE TABLE `panel_tasks` (
  `id` int(11) unsigned NOT NULL auto_increment,
  `type` int(11) NOT NULL default '0',
-  `data` text NOT NULL,
+  `data` text,
  PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;

@@ -705,6 +854,33 @@ CREATE TABLE IF NOT EXISTS `panel_syslog` (
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;


+
+DROP TABLE IF EXISTS `panel_fpmdaemons`;
+CREATE TABLE `panel_fpmdaemons` (
+  `id` int(11) unsigned NOT NULL auto_increment,
+  `description` varchar(50) NOT NULL,
+  `reload_cmd` varchar(255) NOT NULL,
+  `config_dir` varchar(255) NOT NULL,
+  `pm` varchar(15) NOT NULL DEFAULT 'static',
+  `max_children` int(4) NOT NULL DEFAULT '1',
+  `start_servers` int(4) NOT NULL DEFAULT '20',
+  `min_spare_servers` int(4) NOT NULL DEFAULT '5',
+  `max_spare_servers` int(4) NOT NULL DEFAULT '35',
+  `max_requests` int(4) NOT NULL DEFAULT '0',
+  `idle_timeout` int(4) NOT NULL DEFAULT '30',
+  `limit_extensions` varchar(255) NOT NULL default '.php',
+  PRIMARY KEY  (`id`),
+  UNIQUE KEY `reload` (`reload_cmd`),
+  UNIQUE KEY `config` (`config_dir`)
+) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
+
+
+
+INSERT INTO `panel_fpmdaemons` (`id`, `description`, `reload_cmd`, `config_dir`) VALUES
+(1, 'System default', 'service php7.0-fpm restart', '/etc/php/7.0/fpm/pool.d/');
+
+
+
 DROP TABLE IF EXISTS `panel_phpconfigs`;
 CREATE TABLE `panel_phpconfigs` (
  `id` int(11) unsigned NOT NULL auto_increment,
@@ -718,14 +894,17 @@ CREATE TABLE `panel_phpconfigs` (
  `fpm_reqterm` varchar(15) NOT NULL default '60s',
  `fpm_reqslow` varchar(15) NOT NULL default '5s',
  `phpsettings` text NOT NULL,
-  PRIMARY KEY  (`id`)
+  `fpmsettingid` int(11) NOT NULL DEFAULT '1',
+  `pass_authorizationheader` tinyint(1) NOT NULL default '0',
+  PRIMARY KEY  (`id`),
+  KEY `fpmsettingid` (`fpmsettingid`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;



 INSERT INTO `panel_phpconfigs` (`id`, `description`, `binary`, `file_extensions`, `mod_fcgid_starter`, `mod_fcgid_maxrequests`, `phpsettings`) VALUES
-(1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\n'),
-(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\nnoutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\n');
+(1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = "{DOCUMENT_ROOT}"\r\n'),
+(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = ""\r\n');


 DROP TABLE IF EXISTS `cronjobs_run`;
@@ -747,7 +926,9 @@ INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`,
 	(3, 'froxlor/ticket', 'used_tickets_reset', '1 DAY', '1', 'cron_ticketsreset'),
 	(4, 'froxlor/ticket', 'ticketarchive', '1 MONTH', '1', 'cron_ticketarchive'),
 	(5, 'froxlor/reports', 'usage_report', '1 DAY', '1', 'cron_usage_report'),
-	(6, 'froxlor/core', 'mailboxsize', '6 HOUR', '1', 'cron_mailboxsize');
+	(6, 'froxlor/core', 'mailboxsize', '6 HOUR', '1', 'cron_mailboxsize'),
+	(7, 'froxlor/letsencrypt', 'letsencrypt', '5 MINUTE', '0', 'cron_letsencrypt'),
+	(8, 'froxlor/backup', 'backup', '1 DAY', '1', 'cron_backup');



@@ -822,6 +1003,8 @@ CREATE TABLE IF NOT EXISTS `domain_ssl_settings` (
  `ssl_key_file` mediumtext NOT NULL,
  `ssl_ca_file` mediumtext,
  `ssl_cert_chainfile` mediumtext,
+  `ssl_csr_file` mediumtext,
+  `expirationdate` datetime DEFAULT NULL,
  PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;

@@ -833,3 +1016,29 @@ CREATE TABLE IF NOT EXISTS `panel_domaintoip` (
  PRIMARY KEY (`id_domain`,`id_ipandports`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;

+
+DROP TABLE IF EXISTS `domain_dns_entries`;
+CREATE TABLE `domain_dns_entries` (
+  `id` int(20) NOT NULL auto_increment,
+  `domain_id` int(15) NOT NULL,
+  `record` varchar(255) NOT NULL,
+  `type` varchar(10) NOT NULL DEFAULT 'A',
+  `content` text NOT NULL,
+  `ttl` int(11) NOT NULL DEFAULT '18000',
+  `prio` int(11) DEFAULT NULL,
+  PRIMARY KEY  (`id`)
+) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
+
+
+DROP TABLE IF EXISTS `panel_plans`;
+CREATE TABLE `panel_plans` (
+  `id` int(11) NOT NULL auto_increment,
+  `adminid` int(11) NOT NULL default '0',
+  `name` varchar(255) NOT NULL default '',
+  `description` text NOT NULL,
+  `value` longtext NOT NULL,
+  `ts` int(15) NOT NULL default '0',
+  PRIMARY KEY  (id),
+  KEY adminid (adminid)
+) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
+
--- a/install/lib/class.FroxlorInstall.php
+++ b/install/lib/class.FroxlorInstall.php
--- a/install/lng/english.lng.php
+++ b/install/lng/english.lng.php
@@ -24,6 +24,7 @@ $lng['requirements']['notfound'] = 'not found';
 $lng['requirements']['notinstalled'] = 'not installed';
 $lng['requirements']['activated'] = 'enabled';
 $lng['requirements']['phpversion'] = 'PHP version >= 5.3';
+$lng['requirements']['newerphpprefered'] = 'Good, but php-5.6 is prefered.';
 $lng['requirements']['phpmagic_quotes_runtime'] = 'magic_quotes_runtime...';
 $lng['requirements']['phpmagic_quotes_runtime_description'] = 'PHP setting "magic_quotes_runtime" must be set to "Off". We have disabled it temporary for now please fix the coresponding php.ini.';
 $lng['requirements']['phppdo'] = 'PHP PDO extension and PDO-MySQL driver...';
@@ -33,8 +34,11 @@ $lng['requirements']['phpposix'] = 'PHP posix-extension...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-extension...';
 $lng['requirements']['phpcurl'] = 'PHP curl-extension...';
 $lng['requirements']['phpmbstring'] = 'PHP mbstring-extension...';
+$lng['requirements']['phpzip'] = 'PHP zip-extension...';
+$lng['requirements']['phpjson'] = 'PHP json-extension...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-calculation related functions will not work correctly!';
-$lng['requirements']['curldescription'] = 'Version-check and news-feed may not work correctly!';
+$lng['requirements']['zipdescription'] = 'The auto-update feature requires the zip extension.';
+$lng['requirements']['jsondescription'] = 'The settings import/export feature requires the json extension.';
 $lng['requirements']['openbasedir'] = 'open_basedir...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor will not work properly with open_basedir enabled. Please disable open_basedir for Froxlor in the coresponding php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Cannot install Froxlor without these requirements! Try to fix them and retry.';
@@ -56,11 +60,12 @@ $lng['install']['admin_account'] = 'Administrator Account';
 $lng['install']['admin_user'] = 'Administrator Username';
 $lng['install']['admin_pass1'] = 'Administrator Password';
 $lng['install']['admin_pass2'] = 'Administrator-Password (confirm)';
+$lng['install']['activate_newsfeed'] = 'Enable the official newsfeed<br><small>(https://inside.froxlor.org/news/)</small>';
 $lng['install']['serversettings'] = 'Server settings';
 $lng['install']['servername'] = 'Server name (FQDN, no ip-address)';
 $lng['install']['serverip'] = 'Server IP';
 $lng['install']['webserver'] = 'Webserver';
-$lng['install']['apache2'] = 'Apache 2';
+$lng['install']['apache2'] = 'Apache 2.2';
 $lng['install']['apache24'] = 'Apache 2.4';
 $lng['install']['lighttpd'] = 'LigHTTPd';
 $lng['install']['nginx'] = 'NGINX';
@@ -80,8 +85,8 @@ $lng['install']['changing_data'] = 'Adjusting settings...';
 $lng['install']['creating_entries'] = 'Inserting new values...';
 $lng['install']['adding_admin_user'] = 'Creating admin-account...';
 $lng['install']['creating_configfile'] = 'Creating configfile...';
-$lng['install']['creating_configfile_temp'] = 'File was saved in /tmp/userdata.inc.php, please move to lib/.';
-$lng['install']['creating_configfile_failed'] = 'Could not create lib/userdata.inc.php, please create it manually with the following content:';
+$lng['install']['creating_configfile_temp'] = 'File was saved in /tmp/userdata.inc.php, please move to '.dirname(dirname(__DIR__)).'/lib/.';
+$lng['install']['creating_configfile_failed'] = 'Could not create '.dirname(dirname(__DIR__)).'/lib/userdata.inc.php, please create it manually with the following content:';
 $lng['install']['froxlor_succ_installed'] = 'Froxlor was installed successfully.';

 $lng['click_here_to_refresh'] = 'Click here to check again';
--- a/install/lng/french.lng.php
+++ b/install/lng/french.lng.php
@@ -34,7 +34,6 @@ $lng['requirements']['phpbcmath'] = 'extension PHP bcmath ...';
 $lng['requirements']['phpcurl'] = 'extension PHP curl...';
 $lng['requirements']['phpmbstring'] = 'extension PHP mbstring...';
 $lng['requirements']['bcmathdescription'] = 'Les fonctions de calcul de traffic ne fonctionneront pas correctement!';
-$lng['requirements']['curldescription'] = 'Les vérifications de version et les flux d\'information peuvent ne pas fonctionner correctement!';
 $lng['requirements']['openbasedir'] = 'open_basedir...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor ne fonctionnera pas correctement avec open_basedir activé. Merci de désactiver open_basedir pour Froxlor dans le php.ini correspondant';
 $lng['requirements']['diedbecauseofrequirements'] = 'Impossible d\'installer Froxlor sans ces prérequis! Essayez de les corriger et essayez à nouveau.';
@@ -80,8 +79,8 @@ $lng['install']['changing_data'] = 'Ajustement des paramètres...';
 $lng['install']['creating_entries'] = 'Insertion des nouvelles valeurs...';
 $lng['install']['adding_admin_user'] = 'Création du compte administrateur...';
 $lng['install']['creating_configfile'] = 'Création du fichier de configuration...';
-$lng['install']['creating_configfile_temp'] = 'Le fichier a été enregistré dans /tmp/userdata.inc.php, merci de le déplacer dans lib/.';
-$lng['install']['creating_configfile_failed'] = 'Impossible de créer lib/userdata.inc.php, merci de le créer manuellement avec le contenu suivant:';
+$lng['install']['creating_configfile_temp'] = 'Le fichier a été enregistré dans /tmp/userdata.inc.php, merci de le déplacer dans '.dirname(dirname(__DIR__)).'/lib/.';
+$lng['install']['creating_configfile_failed'] = 'Impossible de créer '.dirname(dirname(__DIR__)).'/lib/userdata.inc.php, merci de le créer manuellement avec le contenu suivant:';
 $lng['install']['froxlor_succ_installed'] = 'Froxlor a été installé avec succès.';

 $lng['click_here_to_refresh'] = 'Cliquez ici pour vérifier à nouveau';
--- a/install/lng/german.lng.php
+++ b/install/lng/german.lng.php
@@ -24,6 +24,7 @@ $lng['requirements']['notfound'] = 'nicht gefunden';
 $lng['requirements']['notinstalled'] = 'nicht installiert';
 $lng['requirements']['activated'] = 'ist aktiviert.';
 $lng['requirements']['phpversion'] = 'PHP Version >= 5.3';
+$lng['requirements']['newerphpprefered'] = 'Passt, aber php-5.6 wird bevorzugt.';
 $lng['requirements']['phpmagic_quotes_runtime'] = 'magic_quotes_runtime';
 $lng['requirements']['phpmagic_quotes_runtime_description'] = 'Die PHP Einstellung "magic_quotes_runtime" muss deaktiviert sein ("Off"). Die Einstellung wurde temporär deaktiviert, bitte ändern Sie diese in der entsprechenden php.ini.';
 $lng['requirements']['phppdo'] = 'PHP PDO Erweiterung und PDO-MySQL Treiber...';
@@ -33,8 +34,11 @@ $lng['requirements']['phpposix'] = 'PHP posix-Erweiterung...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-Erweiterung...';
 $lng['requirements']['phpcurl'] = 'PHP curl-Erweiterung...';
 $lng['requirements']['phpmbstring'] = 'PHP mbstring-Erweiterung...';
+$lng['requirements']['phpzip'] = 'PHP zip-Erweiterung...';
+$lng['requirements']['phpjson'] = 'PHP json-Erweiterung...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-Berechnungs bezogene Funktionen stehen nicht vollständig zur Verfügung!';
-$lng['requirements']['curldescription'] = 'Versions-Prüfung und News-Feed stehen nicht vollständig zur Verfügung!';
+$lng['requirements']['zipdescription'] = 'Die Auto-Update Funktion benötigt die zip Erweiterung.';
+$lng['requirements']['jsondescription'] = 'Die Einstellungen Import/Export Funktion benötigt die json Erweiterung.';
 $lng['requirements']['openbasedir'] = 'open_basedir genutzt wird...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor wird mit aktiviertem open_basedir nicht vollständig funktionieren. Bitte deaktivieren Sie open_basedir für Froxlor in der entsprechenden php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Kann Froxlor ohne diese Voraussetzungen nicht installieren! Beheben Sie die angezeigten Probleme und versuchen Sie es erneut.';
@@ -56,6 +60,7 @@ $lng['install']['admin_account'] = 'Admin-Zugang';
 $lng['install']['admin_user'] = 'Administrator-Benutzername';
 $lng['install']['admin_pass1'] = 'Administrator-Passwort';
 $lng['install']['admin_pass2'] = 'Administrator-Passwort (Bestätigung)';
+$lng['install']['activate_newsfeed'] = 'Aktiviere das offizielle Newsfeed<br><small>(https://inside.froxlor.org/news/)</small>';
 $lng['install']['serversettings'] = 'Servereinstellungen';
 $lng['install']['servername'] = 'Servername (FQDN, keine IP-Adresse)';
 $lng['install']['serverip'] = 'Server-IP';
@@ -80,8 +85,8 @@ $lng['install']['changing_data'] = 'Einstellungen anpassen...';
 $lng['install']['creating_entries'] = 'Trage neue Werte ein...';
 $lng['install']['adding_admin_user'] = 'Erstelle Admin-Benutzer...';
 $lng['install']['creating_configfile'] = 'Erstelle Konfigurationsdatei...';
-$lng['install']['creating_configfile_temp'] = 'Datei wurde in /tmp/userdata.inc.php gespeichert, bitte nach lib/ verschieben.';
-$lng['install']['creating_configfile_failed'] = 'Konnte lib/userdata.inc.php nicht erstellen, bitte manuell mit folgendem Inhalt anlegen:';
+$lng['install']['creating_configfile_temp'] = 'Datei wurde in /tmp/userdata.inc.php gespeichert, bitte nach '.dirname(dirname(__DIR__)).'/lib/ verschieben.';
+$lng['install']['creating_configfile_failed'] = 'Konnte '.dirname(dirname(__DIR__)).'/lib/userdata.inc.php nicht erstellen, bitte manuell mit folgendem Inhalt anlegen:';
 $lng['install']['froxlor_succ_installed'] = 'Froxlor wurde erfolgreich installiert.';

 $lng['click_here_to_refresh'] = 'Hier klicken, um erneut zu prüfen';
--- a/install/scripts/config-services.php
+++ b/install/scripts/config-services.php
@@ -0,0 +1,427 @@
+#!/usr/bin/php
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2018 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Froxlor team <team@froxlor.org> (2018-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Cron
+ *         
+ */
+
+// Check if we're in the CLI
+if (@php_sapi_name() !== 'cli') {
+	die('This script will only work in the shell.');
+}
+
+require dirname(dirname(__DIR__)) . '/lib/classes/output/class.CmdLineHandler.php';
+
+class ConfigServicesCmd extends CmdLineHandler
+{
+
+	/**
+	 * list of valid switches
+	 *
+	 * @var array
+	 */
+	public static $switches = array(
+		'h'
+	);
+
+	/**
+	 * list of valid parameters
+	 *
+	 * @var array
+	 */
+	public static $params = array(
+		'create',
+		'apply',
+		'daemon',
+		'list-daemons',
+		'froxlor-dir',
+		'help'
+	);
+
+	public static $action_class = 'Action';
+
+	public static function printHelp()
+	{
+		self::println("");
+		self::println("Help / command line parameters:");
+		self::println("");
+		// commands
+		self::println("--create\t\tlets you create a services list configuration for the 'apply' command");
+		self::println("");
+		self::println("--apply\t\t\tconfigure your services by given configuration file. To create one run the --create command");
+		self::println("\t\t\tExample: --apply=/path/to/my-config.json");
+		self::println("");
+		self::println("--list-daemons\t\tOutput the services that are going to be configured using a given config file. No services will be configured.");
+		self::println("\t\t\tExample: --apply=/path/to/my-config.json --list-daemons");
+		self::println("");
+		self::println("--daemon\t\tWhen running --apply you can specify a daemon. This will be the only service that gets configured");
+		self::println("\t\t\tExample: --apply=/path/to/my-config.json --daemon=apache24");
+		self::println("");
+		self::println("--froxlor-dir\t\tpath to froxlor installation");
+		self::println("\t\t\tExample: --froxlor-dir=/var/www/froxlor/");
+		self::println("");
+		self::println("--help\t\t\tshow help screen (this)");
+		self::println("");
+		// switches
+		// self::println("-d\t\t\tenable debug output");
+		self::println("-h\t\t\tsame as --help");
+		self::println("");
+		
+		die(); // end of execution
+	}
+}
+
+class Action
+{
+
+	private $_args = null;
+
+	private $_name = null;
+
+	private $_db = null;
+
+	public function __construct($args)
+	{
+		$this->_args = $args;
+		$this->_validate();
+	}
+
+	public function getActionName()
+	{
+		return $this->_name;
+	}
+
+	/**
+	 * validates the parsed command line parameters
+	 *
+	 * @throws Exception
+	 */
+	private function _validate()
+	{
+		$this->_checkConfigParam(true);
+		$this->_parseConfig();
+		
+		require FROXLOR_INSTALL_DIR . '/lib/tables.inc.php';
+		require FROXLOR_INSTALL_DIR . '/lib/functions.php';
+		require FROXLOR_INSTALL_DIR . '/lib/classes/settings/class.Settings.php';
+		require FROXLOR_INSTALL_DIR . '/lib/classes/config/class.ConfigParser.php';
+		require FROXLOR_INSTALL_DIR . '/lib/classes/config/class.ConfigService.php';
+		require FROXLOR_INSTALL_DIR . '/lib/classes/config/class.ConfigDaemon.php';
+		
+		if (array_key_exists("create", $this->_args)) {
+			$this->_createConfig();
+		} elseif (array_key_exists("apply", $this->_args)) {
+			$this->_applyConfig();
+		} elseif (array_key_exists("list-daemons", $this->_args) || array_key_exists("daemon", $this->_args)) {
+			CmdLineHandler::printwarn("--list-daemons and --daemon only work together with --apply");
+		}
+	}
+
+	private function _createConfig()
+	{
+		$_daemons_config = array(
+			'distro' => ""
+		);
+		
+		$config_dir = FROXLOR_INSTALL_DIR . '/lib/configfiles/';
+		// show list of available distro's
+		$distros = glob($config_dir . '*.xml');
+		// tmp array
+		$distributions_select_data = array();
+		// read in all the distros
+		foreach ($distros as $_distribution) {
+			// get configparser object
+			$dist = new ConfigParser($_distribution);
+			// get distro-info
+			$dist_display = $this->getCompleteDistroName($dist);
+			// store in tmp array
+			$distributions_select_data[$dist_display] = str_replace(".xml", "", strtolower(basename($_distribution)));
+		}
+		
+		// sort by distribution name
+		ksort($distributions_select_data);
+		
+		// list all distributions
+		$mask = "|%-50.50s |%-50.50s |\n";
+		printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+		printf($mask, 'dist', 'name');
+		printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+		foreach ($distributions_select_data as $name => $filename) {
+			printf($mask, $filename, $name);
+		}
+		printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+		echo PHP_EOL;
+		
+		while (! in_array($_daemons_config['distro'], $distributions_select_data)) {
+			$_daemons_config['distro'] = CmdLineHandler::getInput("choose distribution", "stretch");
+		}
+		
+		// go through all services and let user check whether to include it or not
+		$configfiles = new ConfigParser($config_dir . '/' . $_daemons_config['distro'] . ".xml");
+		$services = $configfiles->getServices();
+		
+		foreach ($services as $si => $service) {
+			echo PHP_EOL . "--- " . strtoupper($si) . " ---" . PHP_EOL . PHP_EOL;
+			$_daemons_config[$si] = "";
+			
+			$daemons = $service->getDaemons();
+			$mask = "|%-50.50s |%-50.50s |\n";
+			printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+			printf($mask, 'value', 'name');
+			printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+			$default_daemon = "";
+			foreach ($daemons as $di => $dd) {
+				$title = $dd->title;
+				if ($dd->default) {
+					$default_daemon = $di;
+					$title = $title . " (default)";
+				}
+				printf($mask, $di, $title);
+			}
+			printf($mask, "x", "No " . $si);
+			$daemons['x'] = 'x';
+			printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+			echo PHP_EOL;
+			if ($si == 'system') {
+				$_daemons_config[$si] = array();
+				// for the system/other services we need a multiple choice possibility
+				CmdLineHandler::println("Select every service you need. Enter empty value when done");
+				$sysservice = "";
+				do {
+					$sysservice = CmdLineHandler::getInput("choose service");
+					if (! empty($sysservice)) {
+						$_daemons_config[$si][] = $sysservice;
+					}
+				} while (! empty($sysservice));
+			} else {
+				// for all others -> only one value
+				while (! array_key_exists($_daemons_config[$si], $daemons)) {
+					$_daemons_config[$si] = CmdLineHandler::getInput("choose service", $default_daemon);
+				}
+			}
+		}
+		
+		echo PHP_EOL . PHP_EOL;
+		$daemons_config = json_encode($_daemons_config);
+		$output = CmdLineHandler::getInput("choose output-filename", "/tmp/froxlor-config-" . date('Ymd') . ".json");
+		file_put_contents($output, $daemons_config);
+		CmdLineHandler::printsucc("Successfully generated service-configfile '" . $output . "'");
+	}
+
+	private function getCompleteDistroName($cparser)
+	{
+		// get distro-info
+		$dist_display = $cparser->distributionName;
+		if ($cparser->distributionCodename != '') {
+			$dist_display .= " " . $cparser->distributionCodename;
+		}
+		if ($cparser->distributionVersion != '') {
+			$dist_display .= " (" . $cparser->distributionVersion . ")";
+		}
+		if ($cparser->deprecated) {
+			$dist_display .= " [deprecated]";
+		}
+		return $dist_display;
+	}
+
+	private function _applyConfig()
+	{
+		if (! is_file($this->_args["apply"])) {
+			throw new Exception("Given config file is not a file");
+		} elseif (! file_exists($this->_args["apply"])) {
+			throw new Exception("Given config file cannot be found ('" . $this->_args["apply"] . "')");
+		} elseif (! is_readable($this->_args["apply"])) {
+			throw new Exception("Given config file cannot be read ('" . $this->_args["apply"] . "')");
+		}
+		
+		$config = file_get_contents($this->_args["apply"]);
+		$decoded_config = json_decode($config, true);
+		
+		if (array_key_exists("list-daemons", $this->_args)) {
+			$mask = "|%-50.50s |%-50.50s |\n";
+			printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+			printf($mask, 'service', 'daemon');
+			printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+			foreach ($decoded_config as $service => $daemon) {
+				if (is_array($daemon) && count($daemon) > 0) {
+					foreach ($daemon as $sysdaemon) {
+						printf($mask, $service, $sysdaemon);
+					}
+				} else {
+					if ($daemon == 'x') {
+						$daemon = '--- skipped ---';
+					}
+					printf($mask, $service, $daemon);
+				}
+			}
+			printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+			echo PHP_EOL;
+			exit();
+		}
+		
+		$only_daemon = null;
+		if (array_key_exists("daemon", $this->_args)) {
+			$only_daemon = $this->_args['daemon'];
+		}
+		
+		if (! empty($decoded_config)) {
+			$config_dir = FROXLOR_INSTALL_DIR . '/lib/configfiles/';
+			$configfiles = new ConfigParser($config_dir . '/' . $decoded_config['distro'] . ".xml");
+			$services = $configfiles->getServices();
+			$replace_arr = $this->_getReplacerArray();
+			
+			foreach ($services as $si => $service) {
+				echo PHP_EOL . "--- Configuring: " . strtoupper($si) . " ---" . PHP_EOL . PHP_EOL;
+				if (! isset($decoded_config[$si]) || $decoded_config[$si] == 'x') {
+					CmdLineHandler::printwarn("Skipping " . strtoupper($si) . " configuration as desired");
+					continue;
+				}
+				$daemons = $service->getDaemons();
+				foreach ($daemons as $di => $dd) {
+					// check for desired service
+					if (($si != 'system' && $decoded_config[$si] != $di) || (is_array($decoded_config[$si]) && ! in_array($di, $decoded_config[$si]))) {
+						continue;
+					}
+					CmdLineHandler::println("Configuring '" . $di . "'");
+					
+					if (! empty($only_daemon) && $only_daemon != $di) {
+						CmdLineHandler::printwarn("Skipping " . $di . " configuration as desired");
+						continue;
+					}
+					// run all cmds
+					$confarr = $dd->getConfig();
+					foreach ($confarr as $idx => $action) {
+						switch ($action['type']) {
+							case "install":
+								CmdLineHandler::println("Installing required packages");
+								passthru(strtr($action['content'], $replace_arr), $result);
+								if (strlen($result) > 1) {
+									echo $result;
+								}
+								break;
+							case "command":
+								exec(strtr($action['content'], $replace_arr));
+								break;
+							case "file":
+								if (array_key_exists('content', $action)) {
+									CmdLineHandler::printwarn("Creating file '" . $action['name'] . "'");
+									file_put_contents($action['name'], strtr($action['content'], $replace_arr));
+								} elseif (array_key_exists('subcommands', $action)) {
+									foreach ($action['subcommands'] as $fileaction) {
+										if (array_key_exists('execute', $fileaction) && $fileaction['execute'] == "pre") {
+											exec(strtr($fileaction['content'], $replace_arr));
+										} elseif (array_key_exists('execute', $fileaction) && $fileaction['execute'] == "post") {
+											exec(strtr($fileaction['content'], $replace_arr));
+										} elseif ($fileaction['type'] == 'file') {
+											CmdLineHandler::printwarn("Creating file '" . $fileaction['name'] . "'");
+											file_put_contents($fileaction['name'], strtr($fileaction['content'], $replace_arr));
+										}
+									}
+								}
+								break;
+						}
+					}
+				}
+			}
+			CmdLineHandler::printsucc("All services have been configured");
+		} else {
+			CmdLineHandler::printerr("Unable to decode given JSON file");
+		}
+	}
+
+	private function _getReplacerArray()
+	{
+		$customer_tmpdir = '/tmp/';
+		if (Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_tmpdir') != '') {
+			$customer_tmpdir = Settings::Get('system.mod_fcgid_tmpdir');
+		} elseif (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.tmpdir') != '') {
+			$customer_tmpdir = Settings::Get('phpfpm.tmpdir');
+		}
+		
+		// try to convert namserver hosts to ip's
+		$ns_ips = "";
+		if (Settings::Get('system.nameservers') != '') {
+			$nameservers = explode(',', Settings::Get('system.nameservers'));
+			foreach ($nameservers as $nameserver) {
+				$nameserver = trim($nameserver);
+				$nameserver_ips = gethostbynamel($nameserver);
+				if (is_array($nameserver_ips) && count($nameserver_ips) > 0) {
+					$ns_ips .= implode(",", $nameserver_ips);
+				}
+			}
+		}
+		
+		Database::needSqlData();
+		$sql = Database::getSqlData();
+		
+		$replace_arr = array(
+			'<SQL_UNPRIVILEGED_USER>' => $sql['user'],
+			'<SQL_UNPRIVILEGED_PASSWORD>' => $sql['passwd'],
+			'<SQL_DB>' => $sql['db'],
+			'<SQL_HOST>' => $sql['host'],
+			'<SQL_SOCKET>' => isset($sql['socket']) ? $sql['socket'] : null,
+			'<SERVERNAME>' => Settings::Get('system.hostname'),
+			'<SERVERIP>' => Settings::Get('system.ipaddress'),
+			'<NAMESERVERS>' => Settings::Get('system.nameservers'),
+			'<NAMESERVERS_IP>' => $ns_ips,
+			'<AXFRSERVERS>' => Settings::Get('system.axfrservers'),
+			'<VIRTUAL_MAILBOX_BASE>' => Settings::Get('system.vmail_homedir'),
+			'<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
+			'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),
+			'<SSLPROTOCOLS>' => (Settings::Get('system.use_ssl') == '1') ? 'imaps pop3s' : '',
+			'<CUSTOMER_TMP>' => makeCorrectDir($customer_tmpdir),
+			'<BASE_PATH>' => makeCorrectDir(FROXLOR_INSTALL_DIR),
+			'<BIND_CONFIG_PATH>' => makeCorrectDir(Settings::Get('system.bindconf_directory')),
+			'<WEBSERVER_RELOAD_CMD>' => Settings::Get('system.apachereload_command'),
+			'<CUSTOMER_LOGS>' => makeCorrectDir(Settings::Get('system.logfiles_directory')),
+			'<FPM_IPCDIR>' => makeCorrectDir(Settings::Get('phpfpm.fastcgi_ipcdir')),
+			'<WEBSERVER_GROUP>' => Settings::Get('system.httpgroup')
+		);
+		return $replace_arr;
+	}
+
+	private function _parseConfig()
+	{
+		define('FROXLOR_INSTALL_DIR', $this->_args['froxlor-dir']);
+		if (! file_exists(FROXLOR_INSTALL_DIR . '/lib/classes/database/class.Database.php')) {
+			throw new Exception("Could not find froxlor's Database class. Is froxlor really installed to '" . FROXLOR_INSTALL_DIR . "'?");
+		}
+		if (! file_exists(FROXLOR_INSTALL_DIR . '/lib/userdata.inc.php')) {
+			throw new Exception("Could not find froxlor's userdata.inc.php file. You should use this script only with a fully installed and setup froxlor system.");
+		}
+		require FROXLOR_INSTALL_DIR . '/lib/classes/database/class.Database.php';
+	}
+
+	private function _checkConfigParam($needed = false)
+	{
+		if ($needed) {
+			if (! isset($this->_args["froxlor-dir"])) {
+				throw new Exception("No configuration given (missing --froxlor-dir parameter?)");
+			} elseif (! is_dir($this->_args["froxlor-dir"])) {
+				throw new Exception("Given --froxlor-dir parameter is not a directory");
+			} elseif (! file_exists($this->_args["froxlor-dir"])) {
+				throw new Exception("Given froxlor directory cannot be found ('" . $this->_args["froxlor-dir"] . "')");
+			} elseif (! is_readable($this->_args["froxlor-dir"])) {
+				throw new Exception("Given froxlor direcotry cannot be read ('" . $this->_args["froxlor-dir"] . "')");
+			}
+		}
+	}
+}
+
+// give control to command line handler
+try {
+	ConfigServicesCmd::processParameters($argc, $argv);
+} catch (Exception $e) {
+	ConfigServicesCmd::printerr($e->getMessage());
+}
--- a/install/scripts/language-check.php
+++ b/install/scripts/language-check.php
@@ -19,10 +19,7 @@
 $baseLanguage = 'english.lng.php';

 // Check if we're in the CLI
-if(@php_sapi_name() != 'cli'
-   && @php_sapi_name() != 'cgi'
-   && @php_sapi_name() != 'cgi-fcgi'
-) {
+if(@php_sapi_name() !== 'cli') {
 	die('This script will only work in the shell.');
 }

@@ -56,7 +53,7 @@ if ($dh = opendir($path)) {
 } else {
 	print "ERROR: The path you requested cannot be read! \n ";
 	print "\n";
-	print_help();
+	print_help($argv);
 	exit;
 }

@@ -64,7 +61,7 @@ if ($dh = opendir($path)) {
 if (!isset($files[$baseLanguage])) {
 	print "ERROR: The baselanguage cannot be found! \n";
 	print "\n";
-	print_help();
+	print_help($argv);
 	exit;
 }

--- a/install/scripts/switch-server-ip.php
+++ b/install/scripts/switch-server-ip.php
@@ -0,0 +1,262 @@
+#!/usr/bin/php
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Froxlor team <team@froxlor.org> (2016-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Cron
+ *         
+ */
+
+// Check if we're in the CLI
+if (@php_sapi_name() !== 'cli') {
+	die('This script will only work in the shell.');
+}
+
+require dirname(dirname(__DIR__)) . '/lib/classes/output/class.CmdLineHandler.php';
+
+class SwitchServerIp extends CmdLineHandler
+{
+
+	/**
+	 * list of valid switches
+	 *
+	 * @var array
+	 */
+	public static $switches = array(
+		'h'
+	);
+
+	/**
+	 * list of valid parameters
+	 *
+	 * @var array
+	 */
+	public static $params = array(
+		'switch',
+		'list',
+		'froxlor-dir',
+		'help'
+	);
+
+	public static $action_class = 'Action';
+
+	public static function printHelp()
+	{
+		self::println("");
+		self::println("Help / command line parameters:");
+		self::println("");
+		// commands
+		self::println("--switch\t\tlets you switch ip-address A with ip-address B");
+		self::println("\t\t\tExample: --switch=A,B");
+		self::println("\t\t\tExample: --switch=\"A1,B1 A2,B2 A3,B3 ...\"");
+		self::println("");
+		self::println("--list\t\t\tshow all currently used ip-addresses in froxlor");
+		self::println("");
+		self::println("--froxlor-dir\t\tpath to froxlor installation");
+		self::println("\t\t\tExample: --froxlor-dir=/var/www/froxlor/");
+		self::println("");
+		self::println("--help\t\t\tshow help screen (this)");
+		self::println("");
+		// switches
+		// self::println("-d\t\t\tenable debug output");
+		self::println("-h\t\t\tsame as --help");
+		self::println("");
+		
+		die(); // end of execution
+	}
+}
+
+class Action
+{
+
+	private $_args = null;
+
+	private $_name = null;
+
+	private $_db = null;
+
+	public function __construct($args)
+	{
+		$this->_args = $args;
+		$this->_validate();
+	}
+
+	public function getActionName()
+	{
+		return $this->_name;
+	}
+
+	/**
+	 * validates the parsed command line parameters
+	 *
+	 * @throws Exception
+	 */
+	private function _validate()
+	{
+		$need_config = false;
+		if (array_key_exists("list", $this->_args) || array_key_exists("switch", $this->_args)) {
+			$need_config = true;
+		}
+		
+		$this->_checkConfigParam($need_config);
+		
+		$this->_parseConfig();
+		
+		if (array_key_exists("list", $this->_args)) {
+			$this->_listIPs();
+		}
+		if (array_key_exists("switch", $this->_args)) {
+			$this->_switchIPs();
+		}
+	}
+
+	private function _listIPs()
+	{
+		$sel_stmt = Database::prepare("SELECT * FROM panel_ipsandports ORDER BY ip ASC, port ASC");
+		Database::pexecute($sel_stmt);
+		$ips = $sel_stmt->fetchAll(PDO::FETCH_ASSOC);
+		$mask = "|%-10.10s |%-50.50s | %10.10s |\n";
+		printf($mask, str_repeat("-", 10), str_repeat("-", 50), str_repeat("-", 10));
+		printf($mask, 'id', 'IP address', 'port');
+		printf($mask, str_repeat("-", 10), str_repeat("-", 50), str_repeat("-", 10));
+		foreach ($ips as $ipdata) {
+			printf($mask, $ipdata['id'], $ipdata['ip'], $ipdata['port']);
+		}
+		printf($mask, str_repeat("-", 10), str_repeat("-", 50), str_repeat("-", 10));
+		echo PHP_EOL . PHP_EOL;
+	}
+
+	private function _switchIPs()
+	{
+		$ip_list = $this->_args['switch'];
+		
+		if (empty($ip_list) || is_bool($ip_list)) {
+			throw new Exception("No paramters given for --switch action.");
+		}
+		
+		$ips_to_switch = array();
+		$ip_list = explode(" ", $ip_list);
+		foreach ($ip_list as $ips_combo) {
+			$ip_pair = explode(",", $ips_combo);
+			if (count($ip_pair) != 2) {
+				throw new Exception("Invalid parameter given for --switch");
+			} else {
+				if (filter_var($ip_pair[0], FILTER_VALIDATE_IP) == false) {
+					throw new Exception("Invalid source ip address: " . $ip_pair[0]);
+				}
+				if (filter_var($ip_pair[1], FILTER_VALIDATE_IP) == false) {
+					throw new Exception("Invalid target ip address: " . $ip_pair[1]);
+				}
+				if ($ip_pair[0] == $ip_pair[1]) {
+					throw new Exception("Source and target ip address are equal");
+				}
+			}
+			$ips_to_switch[] = $ip_pair;
+		}
+		
+		if (count($ips_to_switch) > 0) {
+			$upd_stmt = Database::prepare("UPDATE panel_ipsandports SET `ip` = :newip WHERE `ip` = :oldip");
+			
+			// system.ipaddress
+			$check_sysip_stmt = Database::prepare("SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'system' and `varname` = 'ipaddress'");
+			$check_sysip = Database::pexecute_first($check_sysip_stmt);
+			
+			// system.mysql_access_host
+			$check_mysqlip_stmt = Database::prepare("SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'system' and `varname` = 'mysql_access_host'");
+			$check_mysqlip = Database::pexecute_first($check_mysqlip_stmt);
+			
+			// system.axfrservers
+			$check_axfrip_stmt = Database::prepare("SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'system' and `varname` = 'axfrservers'");
+			$check_axfrip = Database::pexecute_first($check_axfrip_stmt);
+			
+			foreach ($ips_to_switch as $ip_pair) {
+				echo "Switching IP \033[1m" . $ip_pair[0] . "\033[0m to IP \033[1m" . $ip_pair[1] . "\033[0m" . PHP_EOL;
+				Database::pexecute($upd_stmt, array(
+					'newip' => $ip_pair[1],
+					'oldip' => $ip_pair[0]
+				));
+				$rows_updated = $upd_stmt->rowCount();
+				
+				if ($rows_updated == 0) {
+					CmdLineHandler::printwarn("Note: " . $ip_pair[0] . " not updated to " . $ip_pair[1] . " (possibly no entry found in froxlor database. Use --list to see what IP addresses are added in froxlor");
+				}
+				
+				// check whether the system.ipaddress needs updating
+				if ($check_sysip['value'] == $ip_pair[0]) {
+					$upd2_stmt = Database::prepare("UPDATE `panel_settings` SET `value` = :newip WHERE `settinggroup` = 'system' and `varname` = 'ipaddress'");
+					Database::pexecute($upd2_stmt, array(
+						'newip' => $ip_pair[1]
+					));
+					CmdLineHandler::printsucc("Updated system-ipaddress from '" . $ip_pair[0] . "' to '" . $ip_pair[1] . "'");
+				}
+				
+				// check whether the system.mysql_access_host needs updating
+				if (strstr($check_mysqlip['value'], $ip_pair[0]) !== false) {
+					$new_mysqlip = str_replace($ip_pair[0], $ip_pair[1], $check_mysqlip['value']);
+					$upd2_stmt = Database::prepare("UPDATE `panel_settings` SET `value` = :newmysql WHERE `settinggroup` = 'system' and `varname` = 'mysql_access_host'");
+					Database::pexecute($upd2_stmt, array(
+						'newmysql' => $new_mysqlip
+					));
+					CmdLineHandler::printsucc("Updated mysql_access_host from '" . $check_mysqlip['value'] . "' to '" . $new_mysqlip . "'");
+				}
+				
+				// check whether the system.axfrservers needs updating
+				if (strstr($check_axfrip['value'], $ip_pair[0]) !== false) {
+					$new_axfrip = str_replace($ip_pair[0], $ip_pair[1], $check_axfrip['value']);
+					$upd2_stmt = Database::prepare("UPDATE `panel_settings` SET `value` = :newaxfr WHERE `settinggroup` = 'system' and `varname` = 'axfrservers'");
+					Database::pexecute($upd2_stmt, array(
+						'newaxfr' => $new_axfrip
+					));
+					CmdLineHandler::printsucc("Updated axfrservers from '" . $check_axfrip['value'] . "' to '" . $new_axfrip . "'");
+				}
+			}
+		}
+		
+		echo PHP_EOL;
+		CmdLineHandler::printwarn("*** ATTENTION *** Remember to replace IP addresses in configuration files if used anywhere.");
+		CmdLineHandler::printsucc("IP addresses updated");
+	}
+
+	private function _parseConfig()
+	{
+		define('FROXLOR_INSTALL_DIR', $this->_args['froxlor-dir']);
+		if (! file_exists(FROXLOR_INSTALL_DIR . '/lib/classes/database/class.Database.php')) {
+			throw new Exception("Could not find froxlor's Database class. Is froxlor really installed to '" . FROXLOR_INSTALL_DIR . "'?");
+		}
+		if (! file_exists(FROXLOR_INSTALL_DIR . '/lib/userdata.inc.php')) {
+			throw new Exception("Could not find froxlor's userdata.inc.php file. You should use this script only with a fully installed and setup froxlor system.");
+		}
+		require FROXLOR_INSTALL_DIR . '/lib/classes/database/class.Database.php';
+	}
+
+	private function _checkConfigParam($needed = false)
+	{
+		if ($needed) {
+			if (! isset($this->_args["froxlor-dir"])) {
+				throw new Exception("No configuration given (missing --froxlor-dir parameter?)");
+			} elseif (! is_dir($this->_args["froxlor-dir"])) {
+				throw new Exception("Given --froxlor-dir parameter is not a directory");
+			} elseif (! file_exists($this->_args["froxlor-dir"])) {
+				throw new Exception("Given froxlor directory cannot be found ('" . $this->_args["froxlor-dir"] . "')");
+			} elseif (! is_readable($this->_args["froxlor-dir"])) {
+				throw new Exception("Given froxlor direcotry cannot be read ('" . $this->_args["froxlor-dir"] . "')");
+			}
+		}
+	}
+}
+
+// give control to command line handler
+try {
+	SwitchServerIp::processParameters($argc, $argv);
+} catch (Exception $e) {
+	SwitchServerIp::printerr($e->getMessage());
+}
--- a/install/templates/dataitemchk.tpl
+++ b/install/templates/dataitemchk.tpl
@@ -1,4 +1,4 @@
 <p>
 	<label for="{$fieldname}" class="install-block {$style}">{$this->_lng['install']['webserver']} {$fieldlabel}:</label>
-	<input type="radio" name="webserver" id="{$fieldname}" value="{$fieldname}" {$checked} /><span>{$fieldlabel}<span>
+	<input type="radio" name="webserver" id="{$fieldname}" value="{$fieldname}" {$checked} /><span>{$fieldlabel}</span>
 </p>
--- a/install/templates/dataitemyesno.tpl
+++ b/install/templates/dataitemyesno.tpl
@@ -0,0 +1,4 @@
+<p>
+	<label for="{$fieldname}" class="install-block {$style}">{$fieldlabel}:</label>
+	<input type="checkbox" name="{$fieldname}" id="{$fieldname}" value="1" {$checked} />
+</p>
--- a/install/updates/froxlor/0.9/update_0.9.inc.php
+++ b/install/updates/froxlor/0.9/update_0.9.inc.php
--- a/install/updates/preconfig.php
+++ b/install/updates/preconfig.php
@@ -21,17 +21,18 @@
 * outputs various content before the update process
 * can be continued (askes for agreement whatever is being asked)
 *
- * @param string version
+ * @param string $current_version
+ * @param int $current_db_version
 *
 * @return string
 */
-function getPreConfig($current_version)
+function getPreConfig($current_version, $current_db_version)
 {
 	$has_preconfig = false;
 	$return = '<div class="preconfig"><h3 class="red">PLEASE NOTE - Important update notifications</h3>';

 	include_once makeCorrectFile(dirname(__FILE__).'/preconfig/0.9/preconfig_0.9.inc.php');
-	parseAndOutputPreconfig($has_preconfig, $return, $current_version);
+	parseAndOutputPreconfig($has_preconfig, $return, $current_version, $current_db_version);

 	$return .= '<br /><br />'.makecheckbox('update_changesagreed', '<strong>I have read the update notifications above and I am aware of the changes made to my system.</strong>', '1', true, '0', true);
 	$return .= '</div>';
--- a/install/updates/preconfig/0.9/preconfig_0.9.inc.php
+++ b/install/updates/preconfig/0.9/preconfig_0.9.inc.php
@@ -18,47 +18,45 @@
 /**
 * checks if the new-version has some updating to do
 *
- * @param boolean $has_preconfig   pointer to check if any preconfig has to be output
- * @param string  $return          pointer to output string
- * @param string  $current_version current froxlor version
+ * @param boolean $has_preconfig
+ *        	pointer to check if any preconfig has to be output
+ * @param string $return
+ *        	pointer to output string
+ * @param string $current_version
+ *        	current froxlor version
 *
 * @return null
 */
-function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
-
+function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version, $current_db_version)
+{
 	global $lng;

-	if(versionInUpdate($current_version, '0.9.4-svn2'))
-	{
+	if (versionInUpdate($current_version, '0.9.4-svn2')) {
 		$has_preconfig = true;
 		$description = 'Froxlor now enables the usage of a domain-wildcard entry and subdomains for this domain at the same time (subdomains are parsed before the main-domain vhost container).';
-		$description.= 'This makes it possible to catch all non-existing subdomains with the main vhost but also have the ability to use subdomains for that domain.<br />';
-		$description.= 'If you would like Froxlor to do so with your domains, the update script can set the correct values for existing domains for you. Note: future domains will have wildcard-entries enabled by default no matter how you decide here.';
+		$description .= 'This makes it possible to catch all non-existing subdomains with the main vhost but also have the ability to use subdomains for that domain.<br />';
+		$description .= 'If you would like Froxlor to do so with your domains, the update script can set the correct values for existing domains for you. Note: future domains will have wildcard-entries enabled by default no matter how you decide here.';
 		$question = '<strong>Do you want to use wildcard-entries for existing domains?:</strong>&nbsp;';
-		$question.= makeyesno('update_domainwildcardentry', '1', '0', '1');
+		$question .= makeyesno('update_domainwildcardentry', '1', '0', '1');

 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.6-svn2'))
-	{
-		if(!PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')))
-		{
+	if (versionInUpdate($current_version, '0.9.6-svn2')) {
+		if (! PHPMailer::ValidateAddress(Settings::Get('panel.adminmail'))) {
 			$has_preconfig = true;
 			$description = 'Froxlor uses a newer version of the phpMailerClass and determined that your current admin-mail address is invalid.';
-			$question = '<strong>Please specify a new admin-email address:</strong>&nbsp;<input type="text" class="text" name="update_adminmail" value="'.Settings::Get('panel.adminmail').'" />';
+			$question = '<strong>Please specify a new admin-email address:</strong>&nbsp;<input type="text" class="text" name="update_adminmail" value="' . Settings::Get('panel.adminmail') . '" />';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.6-svn3'))
-	{
+	if (versionInUpdate($current_version, '0.9.6-svn3')) {
 		$has_preconfig = true;
 		$description = 'You now have the possibility to define default error-documents for your webserver which replace the default webserver error-messages.';
 		$question = '<strong>Do you want to enable default error-documents?:</strong>&nbsp;';
-		$question .= makeyesno('update_deferr_enable', '1', '0', '0').'<br /><br />';
-		if(Settings::Get('system.webserver') == 'apache2')
-		{
+		$question .= makeyesno('update_deferr_enable', '1', '0', '0') . '<br /><br />';
+		if (Settings::Get('system.webserver') == 'apache2') {
 			$question .= 'Path/URL for error 500:&nbsp;<input type="text" class="text" name="update_deferr_500" /><br /><br />';
 			$question .= 'Path/URL for error 401:&nbsp;<input type="text" class="text" name="update_deferr_401" /><br /><br />';
 			$question .= 'Path/URL for error 403:&nbsp;<input type="text" class="text" name="update_deferr_403" /><br /><br />';
@@ -67,37 +65,33 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.6-svn4'))
-	{
+	if (versionInUpdate($current_version, '0.9.6-svn4')) {
 		$has_preconfig = true;
 		$description = 'You can define a default support-ticket priority level which is pre-selected for new support-tickets.';
 		$question = '<strong>Which should be the default ticket-priority?:</strong>&nbsp;';
 		$question .= '<select name="update_deftic_priority">';
 		$priorities = makeoption($lng['ticket']['high'], '1', '2');
-		$priorities.= makeoption($lng['ticket']['normal'], '2', '2');
-		$priorities.= makeoption($lng['ticket']['low'], '3', '2');
-		$question .= $priorities.'</select>';
+		$priorities .= makeoption($lng['ticket']['normal'], '2', '2');
+		$priorities .= makeoption($lng['ticket']['low'], '3', '2');
+		$question .= $priorities . '</select>';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.6-svn5'))
-	{
+	if (versionInUpdate($current_version, '0.9.6-svn5')) {
 		$has_preconfig = true;
 		$description = 'If you have more than one PHP configurations defined in Froxlor you can now set a default one which will be used for every domain.';
 		$question = '<strong>Select default PHP configuration:</strong>&nbsp;';
 		$question .= '<select name="update_defsys_phpconfig">';
 		$configs_array = getPhpConfigs();
 		$configs = '';
-		foreach($configs_array as $idx => $desc)
-		{
+		foreach ($configs_array as $idx => $desc) {
 			$configs .= makeoption($desc, $idx, '1');
 		}
-		$question .= $configs.'</select>';
+		$question .= $configs . '</select>';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.6-svn6'))
-	{
+	if (versionInUpdate($current_version, '0.9.6-svn6')) {
 		$has_preconfig = true;
 		$description = 'For the new FTP-quota feature, you can now chose the currently used ftpd-software.';
 		$question = '<strong>Used FTPd-software:</strong>&nbsp;';
@@ -108,72 +102,63 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.7-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.7-svn1')) {
 		$has_preconfig = true;
 		$description = 'You can now choose whether customers can select the http-redirect code and which of them acts as default.';
 		$question = '<strong>Allow customer chosen redirects?:</strong>&nbsp;';
-		$question.= makeyesno('update_customredirect_enable', '1', '0', '1').'<br /><br />';
-		$question.= '<strong>Select default redirect code (default: empty):</strong>&nbsp;';
-		$question.= '<select name="update_customredirect_default">';
-		$redirects = makeoption('--- ('.$lng['redirect_desc']['rc_default'].')', 1, '1');
-		$redirects.= makeoption('301 ('.$lng['redirect_desc']['rc_movedperm'].')', 2, '1');
-		$redirects.= makeoption('302 ('.$lng['redirect_desc']['rc_found'].')', 3, '1');
-		$redirects.= makeoption('303 ('.$lng['redirect_desc']['rc_seeother'].')', 4, '1');
-		$redirects.= makeoption('307 ('.$lng['redirect_desc']['rc_tempred'].')', 5, '1');
-		$question .= $redirects.'</select>';
+		$question .= makeyesno('update_customredirect_enable', '1', '0', '1') . '<br /><br />';
+		$question .= '<strong>Select default redirect code (default: empty):</strong>&nbsp;';
+		$question .= '<select name="update_customredirect_default">';
+		$redirects = makeoption('--- (' . $lng['redirect_desc']['rc_default'] . ')', 1, '1');
+		$redirects .= makeoption('301 (' . $lng['redirect_desc']['rc_movedperm'] . ')', 2, '1');
+		$redirects .= makeoption('302 (' . $lng['redirect_desc']['rc_found'] . ')', 3, '1');
+		$redirects .= makeoption('303 (' . $lng['redirect_desc']['rc_seeother'] . ')', 4, '1');
+		$redirects .= makeoption('307 (' . $lng['redirect_desc']['rc_tempred'] . ')', 5, '1');
+		$question .= $redirects . '</select>';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.7-svn2'))
-	{
+	if (versionInUpdate($current_version, '0.9.7-svn2')) {
 		$result = Database::query("SELECT `domain` FROM " . TABLE_PANEL_DOMAINS . " WHERE `documentroot` LIKE '%:%' AND `documentroot` NOT LIKE 'http://%' AND `openbasedir_path` = '0' AND `openbasedir` = '1'");
 		$wrongOpenBasedirDomain = array();
-		while($row = $result->fetch(PDO::FETCH_ASSOC)) {
+		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
 			$wrongOpenBasedirDomain[] = $row['domain'];
 		}

-		if(count($wrongOpenBasedirDomain) > 0)
-		{
+		if (count($wrongOpenBasedirDomain) > 0) {
 			$has_preconfig = true;
 			$description = 'Resetting the open_basedir to customer - root';
 			$question = '<strong>Due to a security - issue regarding open_basedir, Froxlor will set the open_basedir for the following domains to the customers root instead of the chosen documentroot:</strong><br />&nbsp;';
-			$question.= '<ul>';
+			$question .= '<ul>';
 			$idna_convert = new idna_convert_wrapper();
-			foreach($wrongOpenBasedirDomain as $domain)
-			{
-				$question.= '<li>' . $idna_convert->decode($domain) . '</li>';
+			foreach ($wrongOpenBasedirDomain as $domain) {
+				$question .= '<li>' . $idna_convert->decode($domain) . '</li>';
 			}
-			$question.= '</ul>';
+			$question .= '</ul>';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.9-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.9-svn1')) {
 		$has_preconfig = true;
 		$description = 'When entering MX servers to Froxlor there was no mail-, imap-, pop3- and smtp-"A record" created. You can now chose whether this should be done or not.';
 		$question = '<strong>Do you want these A-records to be created even with MX servers given?:</strong>&nbsp;';
-		$question.= makeyesno('update_defdns_mailentry', '1', '0', '0');
+		$question .= makeyesno('update_defdns_mailentry', '1', '0', '0');
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.10-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.10-svn1')) {
 		$has_nouser = false;
 		$has_nogroup = false;

 		$result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'system' AND `varname` = 'httpuser'");
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

-		if(!isset($result) || !isset($result['value']))
-		{
+		if (! isset($result) || ! isset($result['value'])) {
 			$has_preconfig = true;
 			$has_nouser = true;
 			$guessed_user = 'www-data';
-			if(function_exists('posix_getuid')
-					&& function_exists('posix_getpwuid')
-			) {
+			if (function_exists('posix_getuid') && function_exists('posix_getpwuid')) {
 				$_httpuser = posix_getpwuid(posix_getuid());
 				$guessed_user = $_httpuser['name'];
 			}
@@ -182,31 +167,24 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		$result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'system' AND `varname` = 'httpgroup'");
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

-		if(!isset($result) || !isset($result['value']))
-		{
+		if (! isset($result) || ! isset($result['value'])) {
 			$has_preconfig = true;
 			$has_nogroup = true;
 			$guessed_group = 'www-data';
-			if(function_exists('posix_getgid')
-					&& function_exists('posix_getgrgid')
-			) {
+			if (function_exists('posix_getgid') && function_exists('posix_getgrgid')) {
 				$_httpgroup = posix_getgrgid(posix_getgid());
 				$guessed_group = $_httpgroup['name'];
 			}
 		}

-		if($has_nouser || $has_nogroup)
-		{
+		if ($has_nouser || $has_nogroup) {
 			$description = 'Please enter the correct username/groupname of the webserver on your system We\'re guessing the user but it might not be correct, so please check.';
-			if($has_nouser)
-			{
-				$question = '<strong>Please enter the webservers username:</strong>&nbsp;<input type="text" class="text" name="update_httpuser" value="'.$guessed_user.'" />';
-			}
-			elseif($has_nogroup)
-			{
-				$question2 = '<strong>Please enter the webservers groupname:</strong>&nbsp;<input type="text" class="text" name="update_httpgroup" value="'.$guessed_group.'" />';
-				if($has_nouser) {
-					$question .= '<br /><br />'.$question2;
+			if ($has_nouser) {
+				$question = '<strong>Please enter the webservers username:</strong>&nbsp;<input type="text" class="text" name="update_httpuser" value="' . $guessed_user . '" />';
+			} elseif ($has_nogroup) {
+				$question2 = '<strong>Please enter the webservers groupname:</strong>&nbsp;<input type="text" class="text" name="update_httpgroup" value="' . $guessed_group . '" />';
+				if ($has_nouser) {
+					$question .= '<br /><br />' . $question2;
 				} else {
 					$question = $question2;
 				}
@@ -215,227 +193,202 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.10'))
-	{
+	if (versionInUpdate($current_version, '0.9.10')) {
 		$has_preconfig = true;
 		$description = 'you can now decide whether Froxlor should be reached via hostname/froxlor or directly via the hostname.';
 		$question = '<strong>Do you want Froxlor to be reached directly via the hostname?:</strong>&nbsp;';
-		$question.= makeyesno('update_directlyviahostname', '1', '0', '0');
+		$question .= makeyesno('update_directlyviahostname', '1', '0', '0');
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.11-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.11-svn1')) {
 		$has_preconfig = true;
 		$description = 'It is possible to enhance security with setting a regular expression to force your customers to enter more complex passwords.';
 		$question = '<strong>Enter a regular expression to force a higher password complexity (leave empty for none):</strong>&nbsp;';
-		$question.= '<input type="text" class="text" name="update_pwdregex" value="" />';
+		$question .= '<input type="text" class="text" name="update_pwdregex" value="" />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.11-svn3'))
-	{
+	if (versionInUpdate($current_version, '0.9.11-svn3')) {
 		$has_preconfig = true;
 		$description = 'As Froxlor can now handle perl, you have to specify where the perl executable is (only if you\'re running lighttpd, else just leave empty).';
 		$question = '<strong>Path to perl (default \'/usr/bin/perl\'):</strong>&nbsp;';
-		$question.= '<input type="text" class="text" name="update_perlpath" value="/usr/bin/perl" />';
+		$question .= '<input type="text" class="text" name="update_perlpath" value="/usr/bin/perl" />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.12-svn1'))
-	{
-		if(Settings::Get('system.mod_fcgid') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.12-svn1')) {
+		if (Settings::Get('system.mod_fcgid') == 1) {
 			$has_preconfig = true;
 			$description = 'You can chose whether you want Froxlor to use FCGID itself too now.';
 			$question = '<strong>Use FCGID for the Froxlor Panel?:</strong>&nbsp;';
-			$question.= makeyesno('update_fcgid_ownvhost', '1', '0', '0').'<br /><br />';
-			$question.= '<strong>If \'yes\', please specify local user/group (have to exist, Froxlor does not add them automatically):</strong><br /><br />';
-			$question.= 'Local user:&nbsp;';
-			$question.= '<input type="text" class="text" name="update_fcgid_httpuser" value="froxlorlocal" /><br /><br />';
-			$question.= 'Local group:&nbsp;';
-			$question.= '<input type="text" class="text" name="update_fcgid_httpgroup" value="froxlorlocal" /><br />';
+			$question .= makeyesno('update_fcgid_ownvhost', '1', '0', '0') . '<br /><br />';
+			$question .= '<strong>If \'yes\', please specify local user/group (have to exist, Froxlor does not add them automatically):</strong><br /><br />';
+			$question .= 'Local user:&nbsp;';
+			$question .= '<input type="text" class="text" name="update_fcgid_httpuser" value="froxlorlocal" /><br /><br />';
+			$question .= 'Local group:&nbsp;';
+			$question .= '<input type="text" class="text" name="update_fcgid_httpgroup" value="froxlorlocal" /><br />';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.12-svn2'))
-	{
+	if (versionInUpdate($current_version, '0.9.12-svn2')) {
 		$has_preconfig = true;
 		$description = 'Many apache user will have problems using perl/CGI as the customer docroots are not within the suexec path. Froxlor provides a simple workaround for that.';
 		$question = '<strong>Enable Apache/SuExec/Perl workaround?:</strong>&nbsp;';
-		$question.= makeyesno('update_perl_suexecworkaround', '1', '0', '0').'<br /><br />';
-		$question.= '<strong>If \'yes\', please specify a path within the suexec path where Froxlor will create symlinks to customer perl-enabled paths:</strong><br /><br />';
-		$question.= 'Path for symlinks (must be within suexec path):&nbsp;';
-		$question.= '<input type="text" class="text" name="update_perl_suexecpath" value="/var/www/cgi-bin/" /><br />';
+		$question .= makeyesno('update_perl_suexecworkaround', '1', '0', '0') . '<br /><br />';
+		$question .= '<strong>If \'yes\', please specify a path within the suexec path where Froxlor will create symlinks to customer perl-enabled paths:</strong><br /><br />';
+		$question .= 'Path for symlinks (must be within suexec path):&nbsp;';
+		$question .= '<input type="text" class="text" name="update_perl_suexecpath" value="/var/www/cgi-bin/" /><br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.12-svn4'))
-	{
-		if((int)Settings::Get('system.awstats_enabled') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.12-svn4')) {
+		if ((int) Settings::Get('system.awstats_enabled') == 1) {
 			$has_preconfig = true;
 			$description = 'Due to different paths of awstats_buildstaticpages.pl and awstats.pl you can set a different path for awstats.pl now.';
 			$question = '<strong>Path to \'awstats.pl\'?:</strong>&nbsp;';
-			$question.= '<input type="text" class="text" name="update_awstats_awstatspath" value="'.Settings::Get('system.awstats_path').'" /><br />';
+			$question .= '<input type="text" class="text" name="update_awstats_awstatspath" value="' . Settings::Get('system.awstats_path') . '" /><br />';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.13-svn1'))
-	{
-		if((int)Settings::Get('autoresponder.autoresponder_active') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.13-svn1')) {
+		if ((int) Settings::Get('autoresponder.autoresponder_active') == 1) {
 			$has_preconfig = true;
 			$description = 'Froxlor can now limit the number of autoresponder-entries for each user. Here you can set the value which will be available for each customer (Of course you can change the value for each customer separately after the update).';
 			$question = '<strong>How many autoresponders should your customers be able to add?:</strong>&nbsp;';
-			$question.= '<input type="text" class="text" name="update_autoresponder_default" value="0" />&nbsp;'.makecheckbox('update_autoresponder_default', $lng['customer']['unlimited'], '-1', false, 0, true, true).'<br />';
+			$question .= '<input type="text" class="text" name="update_autoresponder_default" value="0" />&nbsp;' . makecheckbox('update_autoresponder_default', $lng['customer']['unlimited'], '-1', false, 0, true, true) . '<br />';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.13.1'))
-	{
-		if((int)Settings::Get('system.mod_fcgid_ownvhost') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.13.1')) {
+		if ((int) Settings::Get('system.mod_fcgid_ownvhost') == 1) {
 			$has_preconfig = true;
 			$description = 'You have FCGID for Froxlor itself activated. You can now specify a PHP-configuration for this.';
 			$question = '<strong>Select Froxlor-vhost PHP configuration:</strong>&nbsp;';
 			$question .= '<select name="update_defaultini_ownvhost">';
 			$configs_array = getPhpConfigs();
 			$configs = '';
-			foreach($configs_array as $idx => $desc)
-			{
+			foreach ($configs_array as $idx => $desc) {
 				$configs .= makeoption($desc, $idx, '1');
 			}
-			$question .= $configs.'</select>';
+			$question .= $configs . '</select>';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.14-svn3'))
-	{
-		if((int)Settings::Get('system.awstats_enabled') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.14-svn3')) {
+		if ((int) Settings::Get('system.awstats_enabled') == 1) {
 			$has_preconfig = true;
 			$description = 'To have icons in AWStats statistic-pages please enter the path to AWStats icons folder.';
 			$question = '<strong>Path to AWSTats icons folder:</strong>&nbsp;';
-			$question.= '<input type="text" class="text" name="update_awstats_icons" value="'.Settings::Get('system.awstats_icons').'" />';
+			$question .= '<input type="text" class="text" name="update_awstats_icons" value="' . Settings::Get('system.awstats_icons') . '" />';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.14-svn4'))
-	{
-		if((int)Settings::Get('system.use_ssl') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.14-svn4')) {
+		if ((int) Settings::Get('system.use_ssl') == 1) {
 			$has_preconfig = true;
 			$description = 'Froxlor now has the possibility to set \'SSLCertificateChainFile\' for the apache webserver.';
 			$question = '<strong>Enter filename (leave empty for none):</strong>&nbsp;';
-			$question.= '<input type="text" class="text" name="update_ssl_cert_chainfile" value="'.Settings::Get('system.ssl_cert_chainfile').'" />';
+			$question .= '<input type="text" class="text" name="update_ssl_cert_chainfile" value="' . Settings::Get('system.ssl_cert_chainfile') . '" />';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.14-svn6'))
-	{
+	if (versionInUpdate($current_version, '0.9.14-svn6')) {
 		$has_preconfig = true;
 		$description = 'You can now allow customers to use any of their domains as username for the login.';
 		$question = '<strong>Do you want to enable domain-login for all customers?:</strong>&nbsp;';
-		$question.= makeyesno('update_allow_domain_login', '1', '0', '0');
+		$question .= makeyesno('update_allow_domain_login', '1', '0', '0');
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.14-svn10'))
-	{
+	if (versionInUpdate($current_version, '0.9.14-svn10')) {
 		$has_preconfig = true;
 		$description = '<strong>This update removes the unsupported real-time option. Additionally the deprecated tables for navigation and cronscripts are removed, any modules using these tables need to be updated to the new structure!</strong>';
 		$question = '';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.16-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.16-svn1')) {
 		$has_preconfig = true;
 		$description = 'Froxlor now features support for php-fpm.';
 		$question = '<strong>Do you want to enable php-fpm?:</strong>&nbsp;';
-		$question.= makeyesno('update_phpfpm_enabled', '1', '0', '0').'<br /><br />';
-		$question.= 'If \'yes\', please specify the configuration directory:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_configdir" value="/etc/php-fpm.d/" /><br /><br />';
-		$question.= 'Please specify the temporary files directory:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_tmpdir" value="/var/customers/tmp/" /><br /><br />';
-		$question.= 'Please specify the PEAR directory:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_peardir" value="/usr/share/php/:/usr/share/php5/" /><br /><br />';
-		$question.= 'Please specify the php-fpm restart-command:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_reload" value="/etc/init.d/php-fpm restart" /><br /><br />';
-		$question.= 'Please specify the php-fpm rocess manager control:&nbsp;';
-		$question.= '<select name="update_phpfpm_pm">';
+		$question .= makeyesno('update_phpfpm_enabled', '1', '0', '0') . '<br /><br />';
+		$question .= 'If \'yes\', please specify the configuration directory:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_configdir" value="/etc/php-fpm.d/" /><br /><br />';
+		$question .= 'Please specify the temporary files directory:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_tmpdir" value="/var/customers/tmp/" /><br /><br />';
+		$question .= 'Please specify the PEAR directory:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_peardir" value="/usr/share/php/:/usr/share/php5/" /><br /><br />';
+		$question .= 'Please specify the php-fpm restart-command:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_reload" value="/etc/init.d/php-fpm restart" /><br /><br />';
+		$question .= 'Please specify the php-fpm rocess manager control:&nbsp;';
+		$question .= '<select name="update_phpfpm_pm">';
 		$redirects = makeoption('static', 'static', 'static');
-		$redirects.= makeoption('dynamic', 'dynamic', 'static');
-		$question .= $redirects.'</select><br /><br />';
-		$question.= 'Please specify the number of child processes:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_max_children" value="1" /><br /><br />';
-		$question.= 'Please specify the number of requests per child before respawning:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_max_requests" value="0" /><br /><br />';
-		$question.= '<em>The following settings are only required if you chose process manager = dynamic</em><br /><br />';
-		$question.= 'Please specify the number of child processes created on startup:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_start_servers" value="20" /><br /><br />';
-		$question.= 'Please specify the desired minimum number of idle server processes:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_min_spare_servers" value="5" /><br /><br />';
-		$question.= 'Please specify the desired maximum number of idle server processes:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_phpfpm_max_spare_servers" value="35" /><br />';
+		$redirects .= makeoption('dynamic', 'dynamic', 'static');
+		$question .= $redirects . '</select><br /><br />';
+		$question .= 'Please specify the number of child processes:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_max_children" value="1" /><br /><br />';
+		$question .= 'Please specify the number of requests per child before respawning:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_max_requests" value="0" /><br /><br />';
+		$question .= '<em>The following settings are only required if you chose process manager = dynamic</em><br /><br />';
+		$question .= 'Please specify the number of child processes created on startup:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_start_servers" value="20" /><br /><br />';
+		$question .= 'Please specify the desired minimum number of idle server processes:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_min_spare_servers" value="5" /><br /><br />';
+		$question .= 'Please specify the desired maximum number of idle server processes:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_phpfpm_max_spare_servers" value="35" /><br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.16-svn2'))
-	{
-		if((int)Settings::Get('phpfpm.enabled') == 1)
-		{
+	if (versionInUpdate($current_version, '0.9.16-svn2')) {
+		if ((int) Settings::Get('phpfpm.enabled') == 1) {
 			$has_preconfig = true;
 			$description = 'You can chose whether you want Froxlor to use PHP-FPM itself too now.';
 			$question = '<strong>Use PHP-FPM for the Froxlor Panel?:</strong>&nbsp;';
-			$question.= makeyesno('update_phpfpm_enabled_ownvhost', '1', '0', '0').'<br /><br />';
-			$question.= '<strong>If \'yes\', please specify local user/group (have to exist, Froxlor does not add them automatically):</strong><br /><br />';
-			$question.= 'Local user:&nbsp;';
-			$question.= '<input type="text" class="text" name="update_phpfpm_httpuser" value="'.Settings::Get('system.mod_fcgid_httpuser').'" /><br /><br />';
-			$question.= 'Local group:&nbsp;';
-			$question.= '<input type="text" class="text" name="update_phpfpm_httpgroup" value="'.Settings::Get('system.mod_fcgid_httpgroup').'" /><br />';
+			$question .= makeyesno('update_phpfpm_enabled_ownvhost', '1', '0', '0') . '<br /><br />';
+			$question .= '<strong>If \'yes\', please specify local user/group (have to exist, Froxlor does not add them automatically):</strong><br /><br />';
+			$question .= 'Local user:&nbsp;';
+			$question .= '<input type="text" class="text" name="update_phpfpm_httpuser" value="' . Settings::Get('system.mod_fcgid_httpuser') . '" /><br /><br />';
+			$question .= 'Local group:&nbsp;';
+			$question .= '<input type="text" class="text" name="update_phpfpm_httpgroup" value="' . Settings::Get('system.mod_fcgid_httpgroup') . '" /><br />';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

-	if(versionInUpdate($current_version, '0.9.17-svn1'))
-	{
+	if (versionInUpdate($current_version, '0.9.17-svn1')) {
 		$has_preconfig = true;
 		$description = 'Select if you want to enable the web- and traffic-reports';
 		$question = '<strong>Enable?:</strong>&nbsp;';
-		$question.= makeyesno('update_system_report_enable', '1', '0', '1').'<br /><br />';
-		$question.= '<strong>If \'yes\', please specify a percentage value for web- and traffic when reports are to be sent:</strong><br /><br />';
-		$question.= 'Webusage warning level:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_system_report_webmax" value="90" /><br /><br />';
-		$question.= 'Traffic warning level:&nbsp;';
-		$question.= '<input type="text" class="text" name="update_system_report_trafficmax" value="90" /><br />';
+		$question .= makeyesno('update_system_report_enable', '1', '0', '1') . '<br /><br />';
+		$question .= '<strong>If \'yes\', please specify a percentage value for web- and traffic when reports are to be sent:</strong><br /><br />';
+		$question .= 'Webusage warning level:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_system_report_webmax" value="90" /><br /><br />';
+		$question .= 'Traffic warning level:&nbsp;';
+		$question .= '<input type="text" class="text" name="update_system_report_trafficmax" value="90" /><br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.18-svn2'))
-	{
+	if (versionInUpdate($current_version, '0.9.18-svn2')) {
 		$has_preconfig = true;
 		$description = 'As you can (obviously) see, Froxlor now comes with a new theme. You also have the possibility to switch back to "Classic" if you want to.';
 		$question = '<strong>Select default panel theme:</strong>&nbsp;';
-		$question.= '<select name="update_default_theme">';
+		$question .= '<select name="update_default_theme">';
 		$themes = getThemes();
-		foreach($themes as $cur_theme) // $theme is already in use
-		{
-			$question.= makeoption($cur_theme, $cur_theme, 'Froxlor');
+		foreach ($themes as $cur_theme) // $theme is already in use
+{
+			$question .= makeoption($cur_theme, $cur_theme, 'Froxlor');
 		}
-		$question.= '</select>';
+		$question .= '</select>';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

-	if(versionInUpdate($current_version, '0.9.28-svn4'))
-	{
+	if (versionInUpdate($current_version, '0.9.28-svn4')) {
 		$has_preconfig = true;
 		$description = 'This version introduces a lot of profound changes:';
 		$description .= '<br /><ul><li>Improving the whole template system</li><li>Full UTF-8 support</li><li><strong>Removing support for the former default theme \'Classic\'</strong></li></ul>';
@@ -444,13 +397,12 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		$description .= 'test this update in a testing environment using your existing data.<br /><br />';

 		$question = '<strong>Select your preferred Classic Theme replacement:</strong>&nbsp;';
-		$question.= '<select name="classic_theme_replacement">';
+		$question .= '<select name="classic_theme_replacement">';
 		$themes = getThemes();
-		foreach($themes as $cur_theme)
-		{
-			$question.= makeoption($cur_theme, $cur_theme, 'Froxlor');
+		foreach ($themes as $cur_theme) {
+			$question .= makeoption($cur_theme, $cur_theme, 'Froxlor');
 		}
-		$question.= '</select>';
+		$question .= '</select>';

 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}
@@ -460,16 +412,16 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		if (Settings::Get('system.webserver') == 'apache2') {
 			$has_preconfig = true;
 			$description = 'Froxlor now supports the new Apache 2.4. Please be aware that you need to load additional apache-modules in ordner to use it.<br />';
-			$description.= '<pre>LoadModule authz_core_module modules/mod_authz_core.so
+			$description .= '<pre>LoadModule authz_core_module modules/mod_authz_core.so
 					LoadModule authz_host_module modules/mod_authz_host.so</pre><br />';
 			$question = '<strong>Do you want to enable the Apache-2.4 modification?:</strong>&nbsp;';
-			$question.= makeyesno('update_system_apache24', '1', '0', '0');
+			$question .= makeyesno('update_system_apache24', '1', '0', '0');
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		} elseif (Settings::Get('system.webserver') == 'nginx') {
 			$has_preconfig = true;
 			$description = 'The path to nginx\'s fastcgi_params file is now customizable.<br /><br />';
 			$question = '<strong>Please enter full path to you nginx/fastcgi_params file (including filename):</strong>&nbsp;';
-			$question.= '<input type="text" class="text" name="nginx_fastcgi_params" value="/etc/nginx/fastcgi_params" />';
+			$question .= '<input type="text" class="text" name="nginx_fastcgi_params" value="/etc/nginx/fastcgi_params" />';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}
@@ -478,11 +430,11 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {

 		$has_preconfig = true;

-		$description  = 'This version adds an option to append the domain-name to the document-root for domains and subdomains.<br />';
+		$description = 'This version adds an option to append the domain-name to the document-root for domains and subdomains.<br />';
 		$description .= 'You can enable or disable this feature anytime from settings -> system settings.<br />';

 		$question = '<strong>Do you want to automatically append the domain-name to the documentroot of newly created domains?:</strong>&nbsp;';
-		$question.= makeyesno('update_system_documentroot_use_default_value', '1', '0', '0');
+		$question .= makeyesno('update_system_documentroot_use_default_value', '1', '0', '0');

 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}
@@ -491,12 +443,10 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {

 		$has_preconfig = true;
 		// just an information about the new sendmail parameter (#1134)
-		$description  = 'Froxlor changed the default parameter-set of sendmail (php.ini)<br />';
+		$description = 'Froxlor changed the default parameter-set of sendmail (php.ini)<br />';
 		$description .= 'sendmail_path = "/usr/sbin/sendmail -t <strong>-i</strong> -f {CUSTOMER_EMAIL}"<br /><br />';
 		$description .= 'If you don\'t have any problems with sending mails, you don\'t need to change this';
-		if (Settings::Get('system.mod_fcgid') == '1'
-				|| Settings::Get('phpfpm.enabled') == '1'
-		) {
+		if (Settings::Get('system.mod_fcgid') == '1' || Settings::Get('phpfpm.enabled') == '1') {
 			// information about removal of php's safe_mode
 			$description .= '<br /><br />The php safe_mode flag has been removed as current versions of PHP<br />';
 			$description .= 'do not support it anymore.<br /><br />';
@@ -509,45 +459,43 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {

 	if (versionInUpdate($current_version, '0.9.29-dev1')) {
 		// we only need to ask if fcgid|php-fpm is enabled
-		if (Settings::Get('system.mod_fcgid') == '1'
-				|| Settings::Get('phpfpm.enabled') == '1'
-		) {
+		if (Settings::Get('system.mod_fcgid') == '1' || Settings::Get('phpfpm.enabled') == '1') {
 			$has_preconfig = true;
-			$description  = 'Standard-subdomains can now be hidden from the php-configuration overview.<br />';
+			$description = 'Standard-subdomains can now be hidden from the php-configuration overview.<br />';
 			$question = '<strong>Do you want to hide the standard-subdomains (this can be changed in the settings any time)?:</strong>&nbsp;';
-			$question.= makeyesno('hide_stdsubdomains', '1', '0', '0');
+			$question .= makeyesno('hide_stdsubdomains', '1', '0', '0');
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

 	if (versionInUpdate($current_version, '0.9.29-dev2')) {
 		$has_preconfig = true;
-		$description  = 'You can now decide whether admins/customers are able to change the theme<br />';
+		$description = 'You can now decide whether admins/customers are able to change the theme<br />';
 		$question = '<strong>If you want to disallow theme-changing, select "no" from the dropdowns:</strong>&nbsp;';
-		$question.= "Admins: ". makeyesno('allow_themechange_a', '1', '0', '1').'&nbsp;&nbsp;';
-		$question.= "Customers: ".makeyesno('allow_themechange_c', '1', '0', '1');
+		$question .= "Admins: " . makeyesno('allow_themechange_a', '1', '0', '1') . '&nbsp;&nbsp;';
+		$question .= "Customers: " . makeyesno('allow_themechange_c', '1', '0', '1');
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

 	if (versionInUpdate($current_version, '0.9.29-dev3')) {
 		$has_preconfig = true;
-		$description  = 'There is now a possibility to specify AXFR servers for your bind zone-configuration<br />';
+		$description = 'There is now a possibility to specify AXFR servers for your bind zone-configuration<br />';
 		$question = '<strong>Enter a comma-separated list of AXFR servers or leave empty (default):</strong>&nbsp;';
-		$question.= '<input type="text" class="text" name="system_afxrservers" value="" />';
+		$question .= '<input type="text" class="text" name="system_afxrservers" value="" />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

 	if (versionInUpdate($current_version, '0.9.29-dev4')) {
 		$has_preconfig = true;
-		$description  = 'As customers can now specify ssl-certificate data for their domains, you need to specify where the generated files are stored<br />';
+		$description = 'As customers can now specify ssl-certificate data for their domains, you need to specify where the generated files are stored<br />';
 		$question = '<strong>Specify the directory for customer ssl-certificates:</strong>&nbsp;';
-		$question.= '<input type="text" class="text" name="system_customersslpath" value="/etc/ssl/froxlor-custom/" />';
+		$question .= '<input type="text" class="text" name="system_customersslpath" value="/etc/ssl/froxlor-custom/" />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

 	if (versionInUpdate($current_version, '0.9.29.1-dev3')) {
 		$has_preconfig = true;
-		$description  = 'The build in logrotation-feature has been removed. Please follow the configuration-instructions for your system to enable logrotating again.';
+		$description = 'The build in logrotation-feature has been removed. Please follow the configuration-instructions for your system to enable logrotating again.';
 		$question = '';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}
@@ -555,11 +503,9 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 	// let the apache+fpm users know that they MUST change their config
 	// for the domains / webserver to work after the update
 	if (versionInUpdate($current_version, '0.9.30-dev1')) {
-		if (Settings::Get('system.webserver') == 'apache2'
-			&& Settings::Get('phpfpm.enabled') == '1'
-		) {
+		if (Settings::Get('system.webserver') == 'apache2' && Settings::Get('phpfpm.enabled') == '1') {
 			$has_preconfig = true;
-			$description  = 'The PHP-FPM implementation for apache2 has changed. Please look for the "<b>fastcgi.conf</b>" (Debian/Ubuntu) or "<b>70_fastcgi.conf</b>" (Gentoo) within /etc/apache2/ and change it as shown below:<br /><br />';
+			$description = 'The PHP-FPM implementation for apache2 has changed. Please look for the "<b>fastcgi.conf</b>" (Debian/Ubuntu) or "<b>70_fastcgi.conf</b>" (Gentoo) within /etc/apache2/ and change it as shown below:<br /><br />';
 			$description .= '<pre class="code-block">&lt;IfModule mod_fastcgi.c&gt;
    FastCgiIpcDir /var/lib/apache2/fastcgi/
    &lt;Location "/fastcgiphp"&gt;
@@ -575,11 +521,9 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 	}

 	if (versionInUpdate($current_version, '0.9.31-dev2')) {
-		if (Settings::Get('system.webserver') == 'apache2'
-				&& Settings::Get('phpfpm.enabled') == '1'
-		) {
+		if (Settings::Get('system.webserver') == 'apache2' && Settings::Get('phpfpm.enabled') == '1') {
 			$has_preconfig = true;
-			$description  = 'The FPM socket directory is now a setting in froxlor. Its default is <b>/var/lib/apache2/fastcgi/</b>.<br/>If you are using <b>/var/run/apache2</b> in the "<b>fastcgi.conf</b>" (Debian/Ubuntu) or "<b>70_fastcgi.conf</b>" (Gentoo) please correct this path accordingly<br />';
+			$description = 'The FPM socket directory is now a setting in froxlor. Its default is <b>/var/lib/apache2/fastcgi/</b>.<br/>If you are using <b>/var/run/apache2</b> in the "<b>fastcgi.conf</b>" (Debian/Ubuntu) or "<b>70_fastcgi.conf</b>" (Gentoo) please correct this path accordingly<br />';
 			$question = '';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
@@ -587,50 +531,50 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {

 	if (versionInUpdate($current_version, '0.9.31-dev4')) {
 		$has_preconfig = true;
-		$description  = 'The template-variable {PASSWORD} has been replaced with {LINK}. Please update your password reset templates!<br />';
+		$description = 'The template-variable {PASSWORD} has been replaced with {LINK}. Please update your password reset templates!<br />';
 		$question = '';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

 	if (versionInUpdate($current_version, '0.9.31-dev5')) {
 		$has_preconfig = true;
-		$description  = 'You can enable/disable error-reporting for admins and customers!<br /><br />';
+		$description = 'You can enable/disable error-reporting for admins and customers!<br /><br />';
 		$question = '<strong>Do you want to enable error-reporting for admins? (default: yes):</strong>&nbsp;';
-		$question.= makeyesno('update_error_report_admin', '1', '0', '1').'<br />';
-		$question.= '<strong>Do you want to enable error-reporting for customers? (default: no):</strong>&nbsp;';
-		$question.= makeyesno('update_error_report_customer', '1', '0', '0');
+		$question .= makeyesno('update_error_report_admin', '1', '0', '1') . '<br />';
+		$question .= '<strong>Do you want to enable error-reporting for customers? (default: no):</strong>&nbsp;';
+		$question .= makeyesno('update_error_report_customer', '1', '0', '0');
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

 	if (versionInUpdate($current_version, '0.9.31-rc2')) {
 		$has_preconfig = true;
-		$description  = 'You can enable/disable the display/usage of the news-feed for admins<br /><br />';
+		$description = 'You can enable/disable the display/usage of the news-feed for admins<br /><br />';
 		$question = '<strong>Do you want to enable the news-feed for admins? (default: yes):</strong>&nbsp;';
-		$question.= makeyesno('update_admin_news_feed', '1', '0', '1').'<br />';
+		$question .= makeyesno('update_admin_news_feed', '1', '0', '1') . '<br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

 	if (versionInUpdate($current_version, '0.9.32-dev2')) {
 		$has_preconfig = true;
-		$description  = 'To enable logging of the mail-traffic, you need to set the following settings accordingly<br /><br />';
+		$description = 'To enable logging of the mail-traffic, you need to set the following settings accordingly<br /><br />';
 		$question = '<strong>Do you want to enable the traffic collection for mail? (default: yes):</strong>&nbsp;';
-		$question.= makeyesno('mailtraffic_enabled', '1', '0', '1').'<br />';
-		$question.= '<strong>Mail Transfer Agent</strong><br />';
-		$question.= 'Type of your MTA:&nbsp;';
-		$question.= '<select name="mtaserver">';
-		$question.= makeoption('Postfix', 'postfix', 'postfix');
-		$question.= makeoption('Exim4', 'exim4', 'postfix');
-		$question.= '</select><br />';
-		$question.= 'Logfile for your MTA:&nbsp;';
-		$question.= '<input type="text" class="text" name="mtalog" value="/var/log/mail.log" /><br />';
-		$question.= '<strong>Mail Delivery Agent</strong><br />';
-		$question.= 'Type of your MDA:&nbsp;';
-		$question.= '<select name="mdaserver">';
-		$question.= makeoption('Dovecot', 'dovecot', 'dovecot');
-		$question.= makeoption('Courier', 'courier', 'dovecot');
-		$question.= '</select><br /><br />';
-		$question.= 'Logfile for your MDA:&nbsp;';
-		$question.= '<input type="text" class="text" name="mdalog" value="/var/log/mail.log" /><br />';
+		$question .= makeyesno('mailtraffic_enabled', '1', '0', '1') . '<br />';
+		$question .= '<strong>Mail Transfer Agent</strong><br />';
+		$question .= 'Type of your MTA:&nbsp;';
+		$question .= '<select name="mtaserver">';
+		$question .= makeoption('Postfix', 'postfix', 'postfix');
+		$question .= makeoption('Exim4', 'exim4', 'postfix');
+		$question .= '</select><br />';
+		$question .= 'Logfile for your MTA:&nbsp;';
+		$question .= '<input type="text" class="text" name="mtalog" value="/var/log/mail.log" /><br />';
+		$question .= '<strong>Mail Delivery Agent</strong><br />';
+		$question .= 'Type of your MDA:&nbsp;';
+		$question .= '<select name="mdaserver">';
+		$question .= makeoption('Dovecot', 'dovecot', 'dovecot');
+		$question .= makeoption('Courier', 'courier', 'dovecot');
+		$question .= '</select><br /><br />';
+		$question .= 'Logfile for your MDA:&nbsp;';
+		$question .= '<input type="text" class="text" name="mdalog" value="/var/log/mail.log" /><br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

@@ -638,7 +582,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		$has_preconfig = true;
 		$description = 'Froxlor now generates a cron-configuration file for the cron-daemon. Please set a filename which will be included automatically by your crond (e.g. files in /etc/cron.d/)<br /><br />';
 		$question = '<strong>Path to the cron-service configuration-file.</strong> This file will be updated regularly and automatically by froxlor.<br />Note: please <b>be sure</b> to use the same filename as for the main froxlor cronjob (default: /etc/cron.d/froxlor)!<br />';
-		$question.= '<input type="text" class="text" name="crondfile" value="/etc/cron.d/froxlor" /><br />';
+		$question .= '<input type="text" class="text" name="crondfile" value="/etc/cron.d/froxlor" /><br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

@@ -646,7 +590,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		$has_preconfig = true;
 		$description = 'In order for the new cron.d file to work properly, we need to know about the cron-service reload command.<br /><br />';
 		$question = '<strong>Please specify the reload-command of your cron-daemon</strong> (default: /etc/init.d/cron reload)<br />';
-		$question.= '<input type="text" class="text" name="crondreload" value="/etc/init.d/cron reload" /><br />';
+		$question .= '<input type="text" class="text" name="crondreload" value="/etc/init.d/cron reload" /><br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

@@ -654,17 +598,17 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		$has_preconfig = true;
 		$description = 'To customize the command which executes the cronjob (php - basically) change the path below according to your system.<br /><br />';
 		$question = '<strong>Please specify the command to execute cronscripts</strong> (default: "/usr/bin/nice -n 5 /usr/bin/php5 -q")<br />';
-		$question.= '<input type="text" class="text" name="croncmdline" value="/usr/bin/nice -n 5 /usr/bin/php5 -q" /><br />';
+		$question .= '<input type="text" class="text" name="croncmdline" value="/usr/bin/nice -n 5 /usr/bin/php5 -q" /><br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

 	if (versionInUpdate($current_version, '0.9.33-dev1')) {
 		$has_preconfig = true;
-		$description  = 'You can enable/disable the display/usage of the custom newsfeed for customers.<br /><br />';
+		$description = 'You can enable/disable the display/usage of the custom newsfeed for customers.<br /><br />';
 		$question = '<strong>Do you want to enable the custom newsfeed for customer? (default: no):</strong>&nbsp;';
-		$question.= makeyesno('customer_show_news_feed', '1', '0', '0').'<br />';
-		$question.= '<strong>You have to set the URL for your RSS-feed here, if you have chosen to enable the custom newsfeed on the customer-dashboard:</strong>&nbsp;';
-		$question.= '<input type="text" class="text" name="customer_news_feed_url" value="" /><br />';
+		$question .= makeyesno('customer_show_news_feed', '1', '0', '0') . '<br />';
+		$question .= '<strong>You have to set the URL for your RSS-feed here, if you have chosen to enable the custom newsfeed on the customer-dashboard:</strong>&nbsp;';
+		$question .= '<input type="text" class="text" name="customer_news_feed_url" value="" /><br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

@@ -672,32 +616,115 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) {
 		// only if bind is used - if not the default will be set, which is '0' (off)
 		if (Settings::get('system.bind_enable') == 1) {
 			$has_preconfig = true;
-			$description  = 'You can enable/disable the generation of the bind-zone / config for the system hostname.<br /><br />';
+			$description = 'You can enable/disable the generation of the bind-zone / config for the system hostname.<br /><br />';
 			$question = '<strong>Do you want to generate a bind-zone for the system-hostname? (default: no):</strong>&nbsp;';
-			$question.= makeyesno('dns_createhostnameentry', '1', '0', '0').'<br />';
+			$question .= makeyesno('dns_createhostnameentry', '1', '0', '0') . '<br />';
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}

 	if (versionInUpdate($current_version, '0.9.33-rc2')) {
 		$has_preconfig = true;
-		$description  = 'You can chose whether you want to receive an e-mail on cronjob errors. Keep in mind that this can lead to an e-mail being sent every 5 minutes.<br /><br />';
+		$description = 'You can chose whether you want to receive an e-mail on cronjob errors. Keep in mind that this can lead to an e-mail being sent every 5 minutes.<br /><br />';
 		$question = '<strong>Do you want to receive cron-errors via mail? (default: no):</strong>&nbsp;';
-		$question.= makeyesno('system_send_cron_errors', '1', '0', '0').'<br />';
+		$question .= makeyesno('system_send_cron_errors', '1', '0', '0') . '<br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

 	if (versionInUpdate($current_version, '0.9.34-dev3')) {
-	    $has_preconfig = true;
-	    $description = 'Froxlor now requires the PHP mbstring-extension as we need to be multibyte-character safe in some cases';
-	    $question = '<strong>PHP mbstring</strong> is currently: ';
-	    if (!extension_loaded('mbstring')) {
-	        $question .= '<span class="red">not installed/loaded</span>';
-	        $question .= '<br>Please install the PHP mbstring extension in order to finish the update';
-	    } else {
-	        $question .= '<span class="green">installed/loaded</span>';
-	    }
-	    $question .= '<br>';
-	    eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		$has_preconfig = true;
+		$description = 'Froxlor now requires the PHP mbstring-extension as we need to be multibyte-character safe in some cases';
+		$question = '<strong>PHP mbstring</strong> is currently: ';
+		if (! extension_loaded('mbstring')) {
+			$question .= '<span class="red">not installed/loaded</span>';
+			$question .= '<br>Please install the PHP mbstring extension in order to finish the update';
+		} else {
+			$question .= '<span class="green">installed/loaded</span>';
+		}
+		$question .= '<br>';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201603070')) {
+		$has_preconfig = true;
+		$description = 'You can chose whether you want to enable or disable our Let\'s Encrypt implementation.<br />Please remember that you need to go through the webserver-configuration when enabled because this feature needs a special configuration.<br /><br />';
+		$question = '<strong>Do you want to enable Let\'s Encrypt? (default: yes):</strong>&nbsp;';
+		$question .= makeyesno('enable_letsencrypt', '1', '0', '1') . '<br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201604270')) {
+		$has_preconfig = true;
+		$description = 'You can chose whether you want to enable or disable our backup function.<br /><br />';
+		$question = '<strong>Do you want to enable Backup? (default: no):</strong>&nbsp;';
+		$question .= makeyesno('enable_backup', '1', '0', '0') . '<br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201605090')) {
+		$has_preconfig = true;
+		$description = 'You can chose whether you want to enable or disable our DNS editor<br /><br />';
+		$question = '<strong>Do you want to enable the DNS editor? (default: no):</strong>&nbsp;';
+		$question .= makeyesno('enable_dns', '1', '0', '0') . '<br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201605170')) {
+		$has_preconfig = true;
+		$description = 'Froxlor now supports the dns-daemon Power-DNS, you can chose between bind and powerdns now.';
+		$question = '<strong>Select dns-daemon you want to use:</strong>&nbsp;';
+		$question .= '<select name="new_dns_daemon">';
+		$dnsdaemons = makeoption('Bind9', 'bind', 'bind');
+		$dnsdaemons .= makeoption('PowerDNS', 'pdns', 'bind');
+		$question .= $dnsdaemons . '</select>';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201609120')) {
+		if (Settings::Get('system.leenabled') == 1) {
+			$has_preconfig = true;
+			$description = 'You can now customize the path to your acme.conf file (global alias for Let\'s Encrypt). If you already set up Let\'s Encrypt and the acme.conf file, please set this to the complete path to the file!<br /><br />';
+			$question = '<strong>Path to the acme.conf alias-file.</strong><br />';
+			$question .= '<input type="text" class="text" name="acmeconffile" value="/etc/apache2/conf-enabled/acme.conf" /><br />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
+
+	if (versionInUpdate($current_db_version, '201609200')) {
+		$has_preconfig = true;
+		$description = 'Specify SMTP settings which froxlor should use to send mail (optional)<br /><br />';
+		$question = '<strong>Enable sending mails via SMTP?</strong><br />';
+		$question .= makeyesno('smtp_enable', '1', '0', '0') . '<br />';
+		$question .= '<strong>Enable sending mails via SMTP?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_host" value="localhost" /><br />';
+		$question .= '<strong>TCP port to connect to?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_port" value="25" /><br />';
+		$question .= '<strong>Enable TLS encryption?</strong><br />';
+		$question .= makeyesno('smtp_usetls', '1', '0', '1') . '<br />';
+		$question .= '<strong>Enable SMTP authentication?</strong><br />';
+		$question .= makeyesno('smtp_auth', '1', '0', '1') . '<br />';
+		$question .= '<strong>SMTP user?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_user" value="" /><br />';
+		$question .= '<strong>SMTP password?</strong><br />';
+		$question .= '<input type="password" class="text" name="smtp_passwd" value="" /><br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201705050')) {
+		$has_preconfig = true;
+		$description = 'DEBIAN/UBUNTU ONLY: Enable usage of libnss-extrausers as alternative to libnss-mysql (NOTE: if enabled, go through the configuration steps right after the update!!!)<br /><br />';
+		$question = '<strong>Enable usage of libnss-extrausers?</strong><br />';
+		$question .= makeyesno('system_nssextrausers', '1', '0', '0') . '<br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201712310')) {
+		if (Settings::Get('system.leenabled') == 1) {
+			$has_preconfig = true;
+			$description = 'Chose whether you want to disable the Let\'s Encrypt selfcheck as it causes false positives for some configurations.<br /><br />';
+			$question = '<strong>Disable Let\'s Encrypt self-check?</strong><br />';
+			$question .= makeyesno('system_disable_le_selfcheck', '1', '0', '0') . '<br />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
 	}
 }
--- a/install/updatesql.php
+++ b/install/updatesql.php
@@ -17,13 +17,15 @@
 *
 */

-if (!defined('AREA')
-	|| (defined('AREA') && AREA != 'admin')
-	|| !isset($userinfo['loginname'])
-	|| (isset($userinfo['loginname']) && $userinfo['loginname'] == '')
-) {
-	header('Location: ../index.php');
-	exit;
+if (!defined('_CRON_UPDATE')) {
+	if (!defined('AREA')
+		|| (defined('AREA') && AREA != 'admin')
+		|| !isset($userinfo['loginname'])
+		|| (isset($userinfo['loginname']) && $userinfo['loginname'] == '')
+	) {
+		header('Location: ../index.php');
+		exit;
+	}
 }

 $updatelog = FroxlorLogger::getInstanceOf(array('loginname' => 'updater'));
--- a/lib/.gitignore
+++ b/lib/.gitignore
@@ -1 +0,0 @@
-userdata.inc.php
--- a/lib/ajax.php
+++ b/lib/ajax.php
@@ -18,7 +18,7 @@

 // Load the user settings
 define('FROXLOR_INSTALL_DIR', dirname(dirname(__FILE__)));
-if (!file_exists('./userdata.inc.php')) {
+if (! file_exists('./userdata.inc.php')) {
 	die();
 }
 require './userdata.inc.php';
@@ -27,10 +27,11 @@ require './classes/database/class.Database.php';
 require './classes/settings/class.Settings.php';
 require './functions/validate/function.validate_ip.php';
 require './functions/validate/function.validateDomain.php';
+require './classes/cURL/class.HttpClient.php';

-if(isset($_POST['action'])) {
+if (isset($_POST['action'])) {
 	$action = $_POST['action'];
-} elseif(isset($_GET['action'])) {
+} elseif (isset($_GET['action'])) {
 	$action = $_GET['action'];
 } else {
 	$action = "";
@@ -40,53 +41,33 @@ if ($action == "newsfeed") {
 	if (isset($_GET['role']) && $_GET['role'] == "customer") {
 		$feed = Settings::Get("customer.news_feed_url");
 	} else {
-		$feed = "http://inside.froxlor.org/news/";
+		$feed = "https://inside.froxlor.org/news/";
 	}
-
+	
 	if (function_exists("simplexml_load_file") == false) {
-		die();
+		outputItem("Newsfeed not available due to missing php-simplexml extension", "Please install the php-simplexml extension in order to view our newsfeed.");
+		exit();
 	}
-
+	
 	if (function_exists('curl_version')) {
-		$ch = curl_init();
-		curl_setopt($ch, CURLOPT_URL, $feed);
-		curl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/'.$version);
-		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-		$output = curl_exec($ch);
-		curl_close($ch);
+		$output = HttpClient::urlGet($feed);
 		$news = simplexml_load_string(trim($output));
 	} else {
-		if (ini_get('allow_url_fopen')) {
-			ini_set('user_agent', 'Froxlor/'.$version);
-			$news = simplexml_load_file($feed, null, LIBXML_NOCDATA);
-		} else {
-			$news = false;
-		}
+		outputItem("Newsfeed not available due to missing php-curl extension", "Please install the php-curl extension in order to view our newsfeed.");
+		exit();
 	}
-
+	
 	if ($news !== false) {
-		for ($i = 0; $i < 3; $i++) {
+		for ($i = 0; $i < 3; $i ++) {
 			$item = $news->channel->item[$i];
-
-			$title = (string)$item->title;
-			$link = (string)$item->link;
+			
+			$title = (string) $item->title;
+			$link = (string) $item->link;
 			$date = date("Y-m-d G:i", strtotime($item->pubDate));
 			$content = preg_replace("/[\r\n]+/", " ", strip_tags($item->description));
 			$content = substr($content, 0, 150) . "...";
-
-			echo "<li class=\"clearfix\">
-                <div class=\"newsfeed-body clearfix\">
-                    <div class=\"header\">
-                        <strong class=\"primary-font\"><a href=\"{$link}\" target=\"_blank\">{$title}</a></strong>
-                        <small class=\"pull-right text-muted\">
-                            <i class=\"fa fa-clock-o fa-fw\"></i> {$date}
-                        </small>
-                    </div>
-                    <p>
-                        {$content}
-                    </p>
-                </div>
-            </li>";
+			
+			outputItem($title, $content, $link, $date);
 		}
 	} else {
 		echo "";
@@ -94,3 +75,30 @@ if ($action == "newsfeed") {
 } else {
 	echo "No action set.";
 }
+
+function outputItem($title, $content, $link = null, $date = null)
+{
+	echo "<li class=\"clearfix\">
+			<div class=\"newsfeed-body clearfix\">
+				<div class=\"header\">
+					<strong class=\"primary-font\">";
+			if (! empty($link)) {
+				echo "<a href=\"{$link}\" target=\"_blank\">";
+			}
+			echo $title;
+			if (! empty($link)) {
+				echo "</a>";
+			}
+			echo "</strong>";
+			if (! empty($date)) {
+				echo "<small class=\"pull-right text-muted\">
+                            <i class=\"fa fa-clock-o fa-fw\"></i> {$date}
+                        </small>";
+			}
+			echo "</div>
+                    <p>
+                        {$content}
+                    </p>
+                </div>
+            </li>";
+}
--- a/lib/classes/bulk/class.DomainBulkAction.php
+++ b/lib/classes/bulk/class.DomainBulkAction.php
@@ -93,6 +93,13 @@ class DomainBulkAction
 /* 16 */    'use_ssl',
 /* 17 */	'registration_date',
 /* 18 */	'ips',
+/* 19 */	'letsencrypt',
+/* 20 */	'hsts',
+/* 21 */	'hsts_sub',
+/* 22 */	'hsts_preload',
+/* 23 */	'ocsp_stapling',
+/* 24 */	'phpenabled',
+/* 25 */	'http2',
 	    /* automatically added */
 		'adminid',
        'customerid',
@@ -180,13 +187,14 @@ class DomainBulkAction
        }
        
        // preapre insert statement as it is used a few times
+        // leave out aliasdomain for now, cause empty = NULL value which cannot be
+        // added this easily using prepared statements
        $this->_ins_stmt = Database::prepare("
 			INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
 				`domain` = :domain,
 				`adminid` = :adminid,
 				`customerid` = :customerid,
 				`documentroot` = :documentroot,
-                `aliasdomain` = :aliasdomain,
 				`isbinddomain` = :isbinddomain,
 				`isemaildomain` = :isemaildomain,
 				`email_only` = :email_only,
@@ -200,7 +208,14 @@ class DomainBulkAction
 				`specialsettings` = :specialsettings,
 				`ssl_redirect` = :ssl_redirect,
 				`registration_date` = :registration_date,
-				`add_date` = :add_date
+				`add_date` = :add_date,
+				`letsencrypt` = :letsencrypt,
+				`hsts` = :hsts,
+				`hsts_sub` = :hsts_sub,
+				`hsts_preload` = :hsts_preload,
+				`ocsp_stapling` = :ocsp_stapling,
+				`phpenabled` = :phpenabled,
+				`http2` = :http2
 		");
        
        // prepare insert statement for ip/port <> domain
@@ -293,6 +308,7 @@ class DomainBulkAction
        }
        
        // check for alias-domain
+        $hasAlias = false;
        if (! empty($domain_data['aliasdomain'])) {
            // format
            $domain_data['aliasdomain'] = $idna_convert->encode(preg_replace(array(
@@ -311,6 +327,7 @@ class DomainBulkAction
                // - we'd better skip
                return false;
            }
+            $hasAlias = $domain_data['aliasdomain'];
        }
        
        // check for use_ssl and ssl_redirect
@@ -335,6 +352,38 @@ class DomainBulkAction
            $domain_data['ssl_redirect'] = 0;
        }
        
+        // only check for letsencrypt, hsts and oscp-stapling if ssl is enabled
+        if ($domain_data['use_ssl'] == 1) {
+			//lets encrypt
+			if ($domain_data['letsencrypt'] != 1 || $domain_data['iswildcarddomain'] == 1) {
+				$domain_data['letsencrypt'] = 0;
+			}
+		} else {
+			$domain_data['letsencrypt'] = 0;
+		}
+
+		// hsts
+		if ($domain_data['hsts'] != 1) {
+			$domain_data['hsts'] = 0;
+		}
+		if ($domain_data['hsts_sub'] != 1) {
+			$domain_data['hsts_sub'] = 0;
+		}
+		if ($domain_data['hsts_preload'] != 1) {
+			$domain_data['hsts_preload'] = 0;
+		}
+		if ($domain_data['ocsp_stapling'] != 1) {
+			$domain_data['ocsp_stapling'] = 0;
+		}
+
+		if ($domain_data['phpenabled'] != 1) {
+			$domain_data['phpenabled'] = 0;
+		}
+
+		if ($domain_data['http2'] != 1) {
+			$domain_data['http2'] = 0;
+		}
+
        // add to known domains
        $this->_knownDomains[] = $domain_data['domain'];
        
@@ -416,13 +465,21 @@ class DomainBulkAction
        $use_ssl = (bool)$domain_data['use_ssl'];
        // don't need that for the domain-insert-statement
        unset($domain_data['use_ssl']);
-        
+        // don't need alias
+        unset($domain_data['aliasdomain']);
+
        // finally ADD the domain to panel_domains
        Database::pexecute($this->_ins_stmt, $domain_data);
        
        // get the newly inserted domain-id
        $domain_id = Database::lastInsertId();
        
+        // add alias if any
+        if ($hasAlias != false) {
+			$alias_stmt = Database::prepare("UPDATE `".TABLE_PANEL_DOMAINS."` SET `aliasdomain` = :aliasdomain WHERE `id` = :did");
+			Database::pexecute($alias_stmt, array('aliasdomain' => $hasAlias, 'did' => $domain_id));
+        }
+
        // insert domain <-> ip/port reference
        if (empty($iplist)) {
            $iplist = Settings::Get('system.ipaddress');
--- a/lib/classes/cURL/class.HttpClient.php
+++ b/lib/classes/cURL/class.HttpClient.php
@@ -0,0 +1,60 @@
+<?php
+
+class HttpClient
+{
+
+	/**
+	 * Executes simple GET request
+	 *
+	 * @param string $url
+	 *
+	 * @return array
+	 */
+	public static function urlGet($url)
+	{
+		include FROXLOR_INSTALL_DIR . '/lib/version.inc.php';
+		$ch = curl_init();
+		curl_setopt($ch, CURLOPT_URL, $url);
+		curl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/' . $version);
+		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+		$output = curl_exec($ch);
+		if ($output === false) {
+			$e = curl_error($ch);
+			curl_close($ch);
+			throw new \Exception("Curl error: " . $e);
+		}
+		curl_close($ch);
+		return $output;
+	}
+	
+	/**
+	 * Downloads and stores a file from an url
+	 *
+	 * @param string $url
+	 * @param string $target
+	 *
+	 * @return array
+	 */
+	public static function fileGet($url, $target)
+	{
+		include FROXLOR_INSTALL_DIR . '/lib/version.inc.php';
+		$fh = fopen($target, 'w');
+		$ch = curl_init();
+		curl_setopt($ch, CURLOPT_URL, $url);
+		curl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/' . $version);
+		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+		curl_setopt($ch, CURLOPT_TIMEOUT, 50);
+		//give curl the file pointer so that it can write to it
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+		curl_setopt($ch, CURLOPT_FILE, $fh);
+		$output = curl_exec($ch);
+		if ($output === false) {
+			$e = curl_error($ch);
+			curl_close($ch);
+			throw new \Exception("Curl error: " . $e);
+		}
+		curl_close($ch);
+		return $output;
+	}
+}
--- a/lib/classes/config/class.ConfigDaemon.php
+++ b/lib/classes/config/class.ConfigDaemon.php
@@ -71,7 +71,7 @@ class ConfigDaemon {
 	 * @var string
 	 */
 	public $title;
-	
+
 	/**
 	 * Whether this is the default daemon of the service-category
 	 * @var boolean
@@ -321,7 +321,7 @@ class ConfigDaemon {
 		if (array_key_exists('chown', $attributes)) {
 			$return[] = array('type' => 'command', 'content' => 'chown ' . $attributes['chown'] . ' "' . $this->_parseContent($attributes['name']) . '"', 'execute' => "post");
 		}
-		
+
 		// If we have more than 1 element, we want to group this stuff for easier processing later
 		if (count($return) > 1) {
 			$return = array('type' => 'file', 'subcommands' => $return, 'name' => $this->_parseContent($attributes['name']));
@@ -393,14 +393,17 @@ class ConfigDaemon {
 		$return = 0;
 		switch ($attributes['mode']) {
 			case "isfile": if (!is_file($order)) { $return = -1; }; break;
+			case "notisfile": if (is_file($order)) { $return = -1; }; break;
 			case "isdir": if (!is_dir($order)) { $return = -1; }; break;
+			case "notisdir": if (is_dir($order)) { $return = -1; }; break;
 			case "false": if ($order == true) { $return = -1; }; break;
 			case "true": if ($order == false) { $return = -1; }; break;
 			case "notempty": if ($order == "") { $return = -1; }; break;
-			case "userexists": if (posix_getpwnam($order) === false) { $return = -1; }; break;
-			case "groupexists": if (posix_getgrnam($order) === false) { $return = -1; }; break;
-			case "usernotexists": if (is_array(posix_getpwnam($order))) { $return = -1; }; break;
-			case "groupnotexists": if (is_array(posix_getgrnam($order))) { $return = -1; }; break;
+			case "userexists": if (posix_getpwuid($order) === false) { $return = -1; }; break;
+			case "groupexists": if (posix_getgrgid($order) === false) { $return = -1; }; break;
+			case "usernotexists": if (is_array(posix_getpwuid($order))) { $return = -1; }; break;
+			case "groupnotexists": if (is_array(posix_getgrgid($order))) { $return = -1; }; break;
+			case "usernamenotexists": if (is_array(posix_getpwnam($order))) { $return = -1; }; break;
 			case "equals": $return = (isset($attributes['value']) && $attributes['value'] == $order ? 0 : -1); break;
 		}
 		return $return;
--- a/lib/classes/database/class.Database.php
+++ b/lib/classes/database/class.Database.php
@@ -262,7 +262,7 @@ class Database {
 		// build up connection string
 		$driver = 'mysql';
 		$dsn = $driver.":";
-		$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'set names utf8');
+		$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET names utf8,sql_mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"');
 		$attributes = array('ATTR_ERRMODE' => 'ERRMODE_EXCEPTION');

 		$dbconf["dsn"] = array(
@@ -323,15 +323,18 @@ class Database {
 		    $sql_root = array(0 => array('caption' => 'Default', 'host' => $sql['host'], 'socket' => (isset($sql['socket']) ? $sql['socket'] : null), 'user' => $sql['root_user'], 'password' => $sql['root_password']));
 		}

+		$substitutions = array(
+			$sql['password'] => 'DB_UNPRIV_PWD',
+			$sql_root[0]['password'] => 'DB_ROOT_PWD',
+		);
+
 		// hide username/password in messages
 		$error_message = $error->getMessage();
 		$error_trace = $error->getTraceAsString();
 		// error-message
-		$error_message = str_replace($sql['password'], 'DB_UNPRIV_PWD', $error_message);
-		$error_message = str_replace($sql_root[0]['password'], 'DB_ROOT_PWD', $error_message);
+		$error_message = self::_substitute($error_message, $substitutions);
 		// error-trace
-		$error_trace = str_replace($sql['password'], 'DB_UNPRIV_PWD', $error_trace);
-		$error_trace = str_replace($sql_root[0]['password'], 'DB_ROOT_PWD', $error_trace);
+		$error_trace = self::_substitute($error_trace, $substitutions);

 		if ($error->getCode() == 2003) {
 		    $error_message = "Unable to connect to database. Either the mysql-server is not running or your user/password is wrong.";
@@ -365,6 +368,9 @@ class Database {
 		@fclose($errlog);

 		if ($showerror) {
+			if (empty($sql['debug'])) {
+				$error_trace = '';
+			}

 			// fallback
 			$theme = 'Sparkle';
@@ -402,4 +408,58 @@ class Database {
 			die("We are sorry, but a MySQL - error occurred. The administrator may find more information in the syslog");
 		}
 	}
+
+	/**
+	 * Substitutes patterns in content.
+	 *
+	 * @param string $content
+	 * @param array $substitutions
+	 * @param int $minLength
+	 * @return string
+	 */
+	private static function _substitute($content, array $substitutions, $minLength = 6) {
+		$replacements = array();
+
+		foreach ($substitutions as $search => $replace) {
+			$replacements = $replacements + self::_createShiftedSubstitutions($search, $replace, $minLength);
+		}
+
+		$content = str_replace(
+			array_keys($replacements),
+			array_values($replacements),
+			$content
+		);
+
+		return $content;
+	}
+
+	/**
+	 * Creates substitutions, shifted by length, e.g.
+	 *
+	 * _createShiftedSubstitutions('abcdefgh', 'value', 4):
+	 *   array(
+	 *     'abcdefgh' => 'value',
+	 *     'abcdefg' => 'value',
+	 *     'abcdef' => 'value',
+	 *     'abcde' => 'value',
+	 *     'abcd' => 'value',
+	 *   )
+	 *
+	 * @param string $search
+	 * @param string $replace
+	 * @param int $minLength
+	 * @return array
+	 */
+	private static function _createShiftedSubstitutions($search, $replace, $minLength) {
+		$substitutions = array();
+		$length = strlen($search);
+
+		if ($length > $minLength) {
+			for ($shiftedLength = $length; $shiftedLength >= $minLength; $shiftedLength--) {
+				$substitutions[substr($search, 0, $shiftedLength)] = $replace;
+			}
+		}
+
+		return $substitutions;
+	}
 }
--- a/lib/classes/database/manager/class.DbManagerMySQL.php
+++ b/lib/classes/database/manager/class.DbManagerMySQL.php
@@ -134,7 +134,7 @@ class DbManagerMySQL {
 	 * @param string $host (unused in mysql)
 	 */
 	public function disableUser($username = null, $host = null) {
-		$stmt = Database::prepare("REVOKE ALL PRIVILEGES, GRANT OPTION FROM `".$row_database['databasename']."`");
+		$stmt = Database::prepare('REVOKE ALL PRIVILEGES, GRANT OPTION FROM `' . $username . '`@`' . $host . '`');
 		Database::pexecute($stmt, array(), false);
 	}

--- a/lib/classes/dns/class.DnsEntry.php
+++ b/lib/classes/dns/class.DnsEntry.php
@@ -0,0 +1,71 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Froxlor team <team@froxlor.org> (2016-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Classes
+ *
+ */
+class DnsEntry
+{
+
+	public $record;
+
+	public $ttl;
+
+	public $class = 'IN';
+
+	public $type;
+
+	public $priority;
+
+	public $content;
+
+	public function __construct($record = '', $type = 'A', $content = null, $prio = 0, $ttl = 18000, $class = 'IN')
+	{
+		$this->record = $record;
+		$this->type = $type;
+		$this->content = $content;
+		$this->priority = $prio;
+		$this->ttl = $ttl;
+		$this->class = $class;
+	}
+
+	public function __toString()
+	{
+		$_content = $this->content;
+		// check content length for txt records for bind9 (multiline)
+		if (Settings::Get('system.dns_server') != 'pdns' && $this->type == 'TXT' && strlen($_content) >= 64) {
+			// split string
+			$_contentlines = str_split($_content, 63);
+			// first line
+			$_l = array_shift($_contentlines);
+			// check for starting quote
+			if (substr($_l, 0, 1) == '"') {
+				$_l = substr($_l, 1);
+			}
+			$_content = '("' . $_l . '"' . PHP_EOL;
+			$_l = array_pop($_contentlines);
+			// check for ending quote
+			if (substr($_l, - 1) == '"') {
+				$_l = substr($_l, 0, - 1);
+			}
+			foreach ($_contentlines as $_cl) {
+				// lines in between
+				$_content .= "\t\t\t\t" . '"' . $_cl . '"' . PHP_EOL;
+			}
+			// last line
+			$_content .= "\t\t\t\t" . '"' . $_l . '")';
+		}
+		$result = $this->record . "\t" . $this->ttl . "\t" . $this->class . "\t" . $this->type . "\t" . (($this->priority >= 0 && ($this->type == 'MX' || $this->type == 'SRV')) ? $this->priority . "\t" : "") . $_content . PHP_EOL;
+		return $result;
+	}
+}
--- a/lib/classes/dns/class.DnsZone.php
+++ b/lib/classes/dns/class.DnsZone.php
@@ -0,0 +1,47 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Froxlor team <team@froxlor.org> (2016-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Classes
+ *
+ */
+class DnsZone
+{
+
+	public $ttl;
+
+	public $origin;
+
+	public $serial;
+
+	public $records;
+
+	public function __construct($ttl = 18000, $origin = '', $serial = '', $records = null)
+	{
+		$this->ttl = $ttl;
+		$this->origin = $origin;
+		$this->serial = $serial;
+		$this->records = $records;
+	}
+
+	public function __toString()
+	{
+		$_zonefile = "\$TTL " . $this->ttl . PHP_EOL;
+		$_zonefile .= "\$ORIGIN " . $this->origin . "." . PHP_EOL;
+		if (! empty($this->records)) {
+			foreach ($this->records as $record) {
+				$_zonefile .= (string) $record;
+			}
+		}
+		return $_zonefile;
+	}
+}
--- a/lib/classes/idna/class.idna_convert.php
+++ b/lib/classes/idna/class.idna_convert.php
@@ -3461,3 +3461,4 @@ class idna_convert {
            )
    );
 }
+
--- a/lib/classes/idna/class.idna_convert_wrapper.php
+++ b/lib/classes/idna/class.idna_convert_wrapper.php
@@ -17,11 +17,12 @@
 *
 */

+// Source for updates: https://github.com/phlylabs/idna-convert.git
+
 /**
 * Class for wrapping a specific idna conversion class and offering a standard interface
 * @package Functions
 */
-
 class idna_convert_wrapper
 {
 	/**
@@ -37,7 +38,13 @@ class idna_convert_wrapper

 	public function __construct()
 	{
-		$this->idna_converter = new idna_convert();
+		// Instantiate it
+		if (version_compare("5.6.0", PHP_VERSION, ">=")) {
+			$this->idna_converter = new idna_convert(array('idn_version' => '2008', 'encode_german_sz' => false));
+		} else {
+			// use this when using new version of IdnaConverter (which does not work yet)
+			$this->idna_converter = new Mso\IdnaConvert\IdnaConvert();
+		}
 	}

 	/**
@@ -52,7 +59,22 @@ class idna_convert_wrapper

 	public function encode($to_encode)
 	{
-		return $this->_do_action('encode', $to_encode);
+		if (version_compare("5.6.0", PHP_VERSION, ">=")) {
+			return $this->_do_action('encode', $to_encode);
+		} else {
+			$to_encode = $this->is_utf8($to_encode) ? $to_encode : utf8_encode($to_encode);
+			return $this->idna_converter->encode($to_encode);
+		}
+	}
+
+	public function encode_uri($to_encode)
+	{
+		if (version_compare("5.6.0", PHP_VERSION, ">=")) {
+			return $this->_do_action('encode', $to_encode);
+		} else {
+			$to_encode = $this->is_utf8($to_encode) ? $to_encode : utf8_encode($to_encode);
+			return $this->idna_converter->encodeUri($to_encode);
+		}
 	}

 	/**
@@ -67,7 +89,48 @@ class idna_convert_wrapper

 	public function decode($to_decode)
 	{
-		return $this->_do_action('decode', $to_decode);
+		if (version_compare("5.6.0", PHP_VERSION, ">=")) {
+			return $this->_do_action('decode', $to_decode);
+		} else {
+			return $this->idna_converter->decode($to_decode);
+		}
+	}
+
+	/**
+	 * check whether a string is utf-8 encoded or not
+	 *
+	 * @param string $string
+	 *
+	 * @return boolean
+	 */
+	public function is_utf8($string = null) {
+
+		if (function_exists("mb_detect_encoding")) {
+			if (mb_detect_encoding($string, 'UTF-8, ISO-8859-1') === 'UTF-8') {
+				return true;
+			}
+			return false;
+		}
+		$strlen = strlen($string);
+		for ($i = 0; $i < $strlen; $i ++) {
+			$ord = ord($string[$i]);
+			if ($ord < 0x80)
+				continue; // 0bbbbbbb
+				elseif (($ord & 0xE0) === 0xC0 && $ord > 0xC1)
+				$n = 1; // 110bbbbb (exkl C0-C1)
+				elseif (($ord & 0xF0) === 0xE0)
+				$n = 2; // 1110bbbb
+				elseif (($ord & 0xF8) === 0xF0 && $ord < 0xF5)
+				$n = 3; // 11110bbb (exkl F5-FF)
+				else
+					return false; // ungültiges UTF-8-Zeichen
+					for ($c = 0; $c < $n; $c ++) // $n Folgebytes? // 10bbbbbb
+						if (++ $i === $strlen || (ord($string[$i]) & 0xC0) !== 0x80)
+							// ungültiges UTF-8-Zeichen
+							return false;
+		}
+		// kein ungültiges UTF-8-Zeichen gefunden
+		return true;
 	}

 	/**
@@ -141,5 +204,3 @@ class idna_convert_wrapper
 		return implode($sepchar, $strings);
 	}
 }
-
-?>
--- a/lib/classes/idna/ext/EncodingHelper.php
+++ b/lib/classes/idna/ext/EncodingHelper.php
@@ -0,0 +1,186 @@
+<?php
+/**
+ * Encoding Helper - convert various encodings to / from UTF-8
+ * @package IDNA Convert
+ * @subpackage charset transcoding
+ * @author Matthias Sommerfeld, <mso@phlylabs.de>
+ * @copyright 2003-2016 phlyLabs Berlin, http://phlylabs.de
+ * @version 1.0.0 2016-01-08
+ */
+
+namespace Mso\IdnaConvert;
+
+class EncodingHelper
+{
+    /**
+     * Convert a string from any of various encodings to UTF-8
+     *
+     * @param  string  $string String to encode
+     *[@param  string $encoding  Encoding; Default: ISO-8859-1]
+     *[@param  bool $safe_mode  Safe Mode: if set to TRUE, the original string is retunred on errors]
+     * @return  string|false  The encoded string or false on failure
+     * @since 0.0.1
+     */
+    public static function toUtf8($string = '', $encoding = 'iso-8859-1', $safe_mode = false)
+    {
+        $safe = ($safe_mode) ? $string : false;
+        if (strtoupper($encoding) == 'UTF-8' || strtoupper($encoding) == 'UTF8') {
+
+            return $string;
+        }
+        if (strtoupper($encoding) == 'ISO-8859-1') {
+
+            return \utf8_encode($string);
+
+        } if (strtoupper($encoding) == 'WINDOWS-1252') {
+
+            return \utf8_encode(self::map_w1252_iso8859_1($string));
+        }
+
+        if (strtoupper($encoding) == 'UNICODE-1-1-UTF-7') {
+            $encoding = 'utf-7';
+        }
+        if (function_exists('mb_convert_encoding')) {
+            $conv = @mb_convert_encoding($string, 'UTF-8', strtoupper($encoding));
+            if ($conv) {
+
+                return $conv;
+            }
+        }
+        if (function_exists('iconv')) {
+            $conv = @iconv(strtoupper($encoding), 'UTF-8', $string);
+            if ($conv) {
+
+                return $conv;
+            }
+        }
+        if (function_exists('libiconv')) {
+            $conv = @libiconv(strtoupper($encoding), 'UTF-8', $string);
+            if ($conv) {
+
+                return $conv;
+            }
+        }
+
+        return $safe;
+    }
+
+    /**
+     * Convert a string from UTF-8 to any of various encodings
+     *
+     * @param  string  $string String to decode
+     *[@param  string  $encoding Encoding; Default: ISO-8859-1]
+     *[@param  bool  $safe_mode Safe Mode: if set to TRUE, the original string is retunred on errors]
+     * @return  string|false  The decoded string or false on failure
+     * @since 0.0.1
+     */
+    public static function fromUtf8($string = '', $encoding = 'iso-8859-1', $safe_mode = false)
+    {
+        $safe = ($safe_mode) ? $string : false;
+        if (!$encoding) $encoding = 'ISO-8859-1';
+        if (strtoupper($encoding) == 'UTF-8' || strtoupper($encoding) == 'UTF8') {
+
+            return $string;
+        }
+        if (strtoupper($encoding) == 'ISO-8859-1') {
+
+            return utf8_decode($string);
+        }
+        if (strtoupper($encoding) == 'WINDOWS-1252') {
+
+            return self::map_iso8859_1_w1252(utf8_decode($string));
+        }
+
+        if (strtoupper($encoding) == 'UNICODE-1-1-UTF-7') {
+            $encoding = 'utf-7';
+        }
+        if (function_exists('mb_convert_encoding')) {
+            $conv = @mb_convert_encoding($string, strtoupper($encoding), 'UTF-8');
+            if ($conv) {
+
+                return $conv;
+            }
+        }
+        if (function_exists('iconv')) {
+            $conv = @iconv('UTF-8', strtoupper($encoding), $string);
+            if ($conv) {
+
+                return $conv;
+            }
+        }
+        if (function_exists('libiconv')) {
+            $conv = @libiconv('UTF-8', strtoupper($encoding), $string);
+            if ($conv) {
+
+                return $conv;
+            }
+        }
+
+        return $safe;
+    }
+
+    /**
+     * Special treatment for our guys in Redmond
+     * Windows-1252 is basically ISO-8859-1 -- with some exceptions, which get accounted for here
+     *
+     * @param  string $string Your input in Win1252
+     * @return string  The resulting ISO-8859-1 string
+     * @since 0.0.1
+     */
+    protected static function map_w1252_iso8859_1($string = '')
+    {
+        if ($string == '') {
+
+            return '';
+        }
+        $return = '';
+
+        for ($i = 0; $i < strlen($string); ++$i) {
+            $c = ord($string{$i});
+            switch ($c) {
+                case 129: $return .= chr(252); break;
+                case 132: $return .= chr(228); break;
+                case 142: $return .= chr(196); break;
+                case 148: $return .= chr(246); break;
+                case 153: $return .= chr(214); break;
+                case 154: $return .= chr(220); break;
+                case 225: $return .= chr(223); break;
+                default: $return .= chr($c);
+            }
+        }
+
+        return $return;
+    }
+
+    /**
+     * Special treatment for our guys in Redmond
+     * Windows-1252 is basically ISO-8859-1 -- with some exceptions, which get accounted for here
+     *
+     * @param  string $string  Your input in ISO-8859-1
+     * @return  string  The resulting Win1252 string
+     * @since 0.0.1
+     */
+    protected static function map_iso8859_1_w1252($string = '')
+    {
+        if ($string == '') {
+            return '';
+        }
+
+        $return = '';
+        for ($i = 0; $i < strlen($string); ++$i) {
+            $c = ord($string{$i});
+            switch ($c) {
+                case 196: $return .= chr(142); break;
+                case 214: $return .= chr(153); break;
+                case 220: $return .= chr(154); break;
+                case 223: $return .= chr(225); break;
+                case 228: $return .= chr(132); break;
+                case 246: $return .= chr(148); break;
+                case 252: $return .= chr(129); break;
+                default: $return .= chr($c);
+            }
+        }
+
+        return $return;
+    }
+}
--- a/lib/classes/idna/ext/IdnaConvert.php
+++ b/lib/classes/idna/ext/IdnaConvert.php
@@ -0,0 +1,405 @@
+<?php
+
+// {{{ license
+
+/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */
+//
+// +----------------------------------------------------------------------+
+// | This library is free software; you can redistribute it and/or modify |
+// | it under the terms of the GNU Lesser General Public License as       |
+// | published by the Free Software Foundation; either version 2.1 of the |
+// | License, or (at your option) any later version.                      |
+// |                                                                      |
+// | This library is distributed in the hope that it will be useful, but  |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of           |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU    |
+// | Lesser General Public License for more details.                      |
+// |                                                                      |
+// | You should have received a copy of the GNU Lesser General Public     |
+// | License along with this library; if not, write to the Free Software  |
+// | Foundation, Inc., 51 Franklin St, Boston, MA 02110, United States    |
+// +----------------------------------------------------------------------+
+//
+// }}}
+
+/**
+ * Encode/decode Internationalized Domain Names.
+ *
+ * The class allows to convert internationalized domain names
+ * (see RFC 3490 for details) as they can be used with various registries worldwide
+ * to be translated between their original (localized) form and their encoded form
+ * as it will be used in the DNS (Domain Name System).
+ *
+ * The class provides two public methods, encode() and decode(), which do exactly
+ * what you would expect them to do. You are allowed to use complete domain names,
+ * simple strings and complete email addresses as well. That means, that you might
+ * use any of the following notations:
+ *
+ * - www.nörgler.com
+ * - xn--nrgler-wxa
+ * - xn--brse-5qa.xn--knrz-1ra.info
+ *
+ * Unicode input might be given as either UTF-8 string, UCS-4 string or UCS-4 array.
+ * Unicode output is available in the same formats.
+ * You can select your preferred format via {@link set_paramter()}.
+ *
+ * ACE input and output is always expected to be ASCII.
+ *
+ * @author  Matthias Sommerfeld <mso@phlylabs.de>
+ * @copyright 2004-2016 phlyLabs Berlin, http://phlylabs.de
+ * @version 1.0.1-dev 2016-01-12
+ */
+
+namespace Mso\IdnaConvert;
+
+class IdnaConvert {
+
+    const Version = '1.1.0';
+    const SubVersion = 'main';
+
+    // Internal settings, do not touch!
+    protected $encoding = 'utf8';          // Default input charset is UTF-8
+    protected $strictMode = false;         // Behave strict or not
+    protected $idnVersion = '2008';          // Can be either 2003 (old) or 2008 (default)
+
+    protected $NamePrepData = null;
+    protected $UnicodeTranscoder = null;
+
+    /**
+     * the constructor
+     *
+     * @param array|null $params Parameters to control the class' behaviour
+     * @since 0.5.2
+     */
+    public function __construct($params = null)
+    {
+        $this->UnicodeTranscoder = new UnicodeTranscoder();
+
+        // Kept for backwarsds compatibility. Consider using the setter methods instead.
+        if (!empty($params) && is_array($params)) {
+            if (isset($params['encoding'])) {
+                $this->setEncoding($params['encoding']);
+            }
+
+            if (isset($params['idn_version'])) {
+                $this->setIdnVersion($params['idn_version']);
+            }
+
+            if (isset($params['strict_mode'])) {
+                $this->setStrictMode($params['strict_mode']);
+            }
+        }
+
+        $this->setIdnVersion($this->idnVersion);
+    }
+
+    public function getClassVersion()
+    {
+        return self::Version.'-'.self::SubVersion;
+    }
+
+    /**
+     * @return string
+     */
+    public function getEncoding()
+    {
+        return $this->encoding;
+    }
+
+    /**
+     * @param string $encoding
+     */
+    public function setEncoding($encoding)
+    {
+        switch ($encoding) {
+            case 'utf8':
+            case 'ucs4_string':
+            case 'ucs4_array':
+                $this->encoding = $encoding;
+                break;
+            default:
+                throw new \InvalidArgumentException(sprintf('Invalid encoding %s', $encoding));
+        }
+    }
+
+    /**
+     * @return boolean
+     */
+    public function isStrictMode()
+    {
+        return $this->strictMode;
+    }
+
+    /**
+     * @param boolean $strictMode
+     */
+    public function setStrictMode($strictMode)
+    {
+        $this->strictMode = ($strictMode) ? true : false;
+    }
+
+    /**
+     * @return int
+     */
+    public function getIdnVersion()
+    {
+        return $this->idnVersion;
+    }
+
+    /**
+     * @param int $idnVersion
+     */
+    public function setIdnVersion($idnVersion)
+    {
+        if (in_array($idnVersion, ['2003', '2008'])) {
+            if (is_null($this->NamePrepData) || $idnVersion != $this->idnVersion) {
+                $this->NamePrepData = null; // Ought to destroy the object's reference
+                // Re-instantiate with different data set
+                $this->NamePrepData = ($idnVersion == 2003)
+                        ? new NamePrepData2003()
+                        : new NamePrepData();
+            }
+
+            $this->idnVersion = $idnVersion;
+
+        } else {
+            throw new \InvalidArgumentException(sprintf('Invalid IDN version %d', $idnVersion));
+        }
+    }
+
+    /**
+     * Decode a given ACE domain name
+     * @param string $input  Domain name (ACE string)
+     * [@param string $one_time_encoding  Desired output encoding]
+     * @return string  Decoded Domain name (UTF-8 or UCS-4)
+     */
+    public function decode($input, $one_time_encoding = null)
+    {
+        $punyCode = $this->punycodeFactory();
+
+        // Optionally set
+        if ($one_time_encoding) {
+            switch ($one_time_encoding) {
+                case 'utf8':
+                case 'ucs4_string':
+                case 'ucs4_array':
+                    break;
+                default:
+                    throw new \InvalidArgumentException(sprintf('Invalid encoding %s', $one_time_encoding));
+            }
+        }
+        // Make sure to drop any newline characters around
+        $input = trim($input);
+
+        // Negotiate input and try to determine, whether it is a plain string,
+        // an email address or something like a complete URL
+        if (strpos($input, '@')) { // Maybe it is an email address
+            // No no in strict mode
+            if ($this->strictMode) {
+                throw new \InvalidArgumentException('Only individual domain name parts can be handled in strict mode');
+            }
+            list ($email_pref, $input) = explode('@', $input, 2);
+            $arr = explode('.', $input);
+            foreach ($arr as $k => $v) {
+                $conv = $punyCode->decode($v);
+                if ($conv) {
+                    $arr[$k] = $conv;
+                }
+            }
+            $input = join('.', $arr);
+            $arr = explode('.', $email_pref);
+            foreach ($arr as $k => $v) {
+                $conv = $punyCode->decode($v);
+                if ($conv) {
+                    $arr[$k] = $conv;
+                }
+            }
+            $email_pref = join('.', $arr);
+            $return = $email_pref . '@' . $input;
+        } elseif (preg_match('![:\./]!', $input)) { // Or a complete domain name (with or without paths / parameters)
+            // No no in strict mode
+            if ($this->strictMode) {
+                throw new \InvalidArgumentException('Only individual domain name parts can be handled in strict mode');
+            }
+            $parsed = parse_url($input);
+            if (isset($parsed['host'])) {
+                $arr = explode('.', $parsed['host']);
+                foreach ($arr as $k => $v) {
+                    $conv = $punyCode->decode($v);
+                    if ($conv) {
+                        $arr[$k] = $conv;
+                    }
+                }
+                $parsed['host'] = join('.', $arr);
+                $return = (empty($parsed['scheme']) ? '' : $parsed['scheme'] . (strtolower($parsed['scheme']) == 'mailto' ? ':' : '://')).
+                        (empty($parsed['user']) ? '' : $parsed['user'] . (empty($parsed['pass']) ? '' : ':' . $parsed['pass']) . '@').
+                        $parsed['host'].
+                        (empty($parsed['port']) ? '' : ':' . $parsed['port']).
+                        (empty($parsed['path']) ? '' : $parsed['path']).
+                        (empty($parsed['query']) ? '' : '?' . $parsed['query']).
+                        (empty($parsed['fragment']) ? '' : '#' . $parsed['fragment']);
+            } else { // parse_url seems to have failed, try without it
+                $arr = explode('.', $input);
+                foreach ($arr as $k => $v) {
+                    $conv = $punyCode->decode($v);
+                    if ($conv) {
+                        $arr[$k] = $conv;
+                    }
+                }
+                $return = join('.', $arr);
+            }
+        } else { // Otherwise we consider it being a pure domain name string
+            $return = $punyCode->decode($input);
+            if (!$return) {
+                $return = $input;
+            }
+        }
+        // The output is UTF-8 by default, other output formats need conversion here
+        // If one time encoding is given, use this, else the objects property
+        $outputEncoding = ($one_time_encoding) ? $one_time_encoding : $this->encoding;
+        switch ($outputEncoding) {
+            case 'utf8':
+                return $return; // break;
+            case 'ucs4_string':
+                return $this->UnicodeTranscoder->convert($return, 'utf8', 'ucs4');  // break;
+            case 'ucs4_array':
+                return $this->UnicodeTranscoder->convert($return, 'utf8', 'ucs4array');  // break;
+            default:
+                throw new \InvalidArgumentException(sprintf('Unsupported output encoding %s', $outputEncoding));
+        }
+    }
+
+    /**
+     * Encode a given UTF-8 domain name
+     * @param string $decoded  Domain name (UTF-8 or UCS-4)
+     * [@param boolean  $one_time_encoding  Desired input encoding, see {@link set_parameter}]
+     * @return string   Encoded Domain name (ACE string)
+     */
+    public function encode($decoded, $one_time_encoding = false)
+    {
+        // Forcing conversion of input to UCS4 array
+        // If one time encoding is given, use this, else the objects property
+        $inputEncoding = $one_time_encoding ? $one_time_encoding : $this->encoding;
+        switch ($inputEncoding) {
+            case 'utf8':
+                $decoded = $this->UnicodeTranscoder->convert($decoded, 'utf8', 'ucs4array');
+                break;
+            case 'ucs4_string':
+                $decoded = $this->UnicodeTranscoder->convert($decoded, 'ucs4', 'ucs4array');
+                break;
+            case 'ucs4_array':
+                break;
+            default:
+                throw new \InvalidArgumentException(sprintf('Unsupported input encoding %s', $inputEncoding));
+        }
+
+        // No input, no output, what else did you expect?
+        if (empty($decoded)) {
+            return '';
+        }
+
+        $punyCode = $this->punycodeFactory();
+
+        // Anchors for iteration
+        $last_begin = 0;
+        // Output string
+        $output = '';
+        foreach ($decoded as $k => $v) {
+            // Make sure to use just the plain dot
+            switch ($v) {
+                case 0x3002:
+                case 0xFF0E:
+                case 0xFF61:
+                    $decoded[$k] = 0x2E;
+                    // Right, no break here, the above are converted to dots anyway
+                // Stumbling across an anchoring character
+                case 0x2E:
+                case 0x2F:
+                case 0x3A:
+                case 0x3F:
+                case 0x40:
+                    // Neither email addresses nor URLs allowed in strict mode
+                    if ($this->strictMode) {
+                        throw new \InvalidArgumentException('Neither email addresses nor URLs are allowed in strict mode.');
+                    } else {
+                        // Skip first char
+                        if ($k) {
+                            $encoded = $punyCode->encode(array_slice($decoded, $last_begin, (($k) - $last_begin)));
+                            if ($encoded) {
+                                $output .= $encoded;
+                            } else {
+                                $output .= $this->UnicodeTranscoder->convert(array_slice($decoded, $last_begin, (($k) - $last_begin)), 'ucs4array', 'utf8');
+                            }
+                            $output .= chr($decoded[$k]);
+                        }
+                        $last_begin = $k + 1;
+                    }
+            }
+        }
+        // Catch the rest of the string
+        if ($last_begin) {
+            $inp_len = sizeof($decoded);
+            $encoded = $punyCode->encode(array_slice($decoded, $last_begin, (($inp_len) - $last_begin)));
+            if ($encoded) {
+                $output .= $encoded;
+            } else {
+                $output .= $this->UnicodeTranscoder->convert(array_slice($decoded, $last_begin, (($inp_len) - $last_begin)), 'ucs4array', 'utf8');
+            }
+            return $output;
+        } else {
+            if (false !== ($output = $punyCode->encode($decoded))) {
+                return $output;
+            } else {
+                return $this->UnicodeTranscoder->convert($decoded, 'ucs4array', 'utf8');
+            }
+        }
+    }
+
+    /**
+     * Mitigates a weakness of encode(), which cannot properly handle URIs but instead encodes their
+     * path or query components, too.
+     * @param string  $uri  Expects the URI as a UTF-8 (or ASCII) string
+     * @return  string  The URI encoded to Punycode, everything but the host component is left alone
+     * @since 0.6.4
+     */
+    public function encodeUri($uri)
+    {
+        $parsed = parse_url($uri);
+        if (!isset($parsed['host'])) {
+            throw new \InvalidArgumentException('The given string does not look like a URI');
+        }
+        $arr = explode('.', $parsed['host']);
+        foreach ($arr as $k => $v) {
+            $conv = $this->encode($v, 'utf8');
+            if ($conv) {
+                $arr[$k] = $conv;
+            }
+        }
+        $parsed['host'] = join('.', $arr);
+        $return = (empty($parsed['scheme']) ? '' : $parsed['scheme'] . (strtolower($parsed['scheme']) == 'mailto' ? ':' : '://')).
+                (empty($parsed['user']) ? '' : $parsed['user'] . (empty($parsed['pass']) ? '' : ':' . $parsed['pass']) . '@').
+                $parsed['host'].
+                (empty($parsed['port']) ? '' : ':' . $parsed['port']).
+                (empty($parsed['path']) ? '' : $parsed['path']).
+                (empty($parsed['query']) ? '' : '?' . $parsed['query']).
+                (empty($parsed['fragment']) ? '' : '#' . $parsed['fragment']);
+        return $return;
+    }
+
+    /**
+     * The actual punycode class is rather costly, as well as passing the huge nameprep database around.
+     * This factory method allows to ease the burden when dealing with multiple IDN versions.
+     *
+     * @return \Mso\IdnaConvert\Punycode
+     */
+    protected function punycodeFactory()
+    {
+        static $instances = [];
+
+        if (!isset($instances[$this->idnVersion])) {
+            $instances[$this->idnVersion] = new Punycode($this->NamePrepData, $this->UnicodeTranscoder);
+        }
+        return $instances[$this->idnVersion];
+    }
+
+}
--- a/lib/classes/idna/ext/NamePrepData.php
+++ b/lib/classes/idna/ext/NamePrepData.php
--- a/lib/classes/idna/ext/NamePrepData2003.php
+++ b/lib/classes/idna/ext/NamePrepData2003.php
@@ -0,0 +1,501 @@
+<?php
+
+namespace Mso\IdnaConvert;
+
+class NamePrepData2003 extends NamePrepData implements NamePrepDataInterface
+{
+    public $replaceMaps = [
+            0x41 => [0x61], 0x42 => [0x62], 0x43 => [0x63],
+            0x44 => [0x64], 0x45 => [0x65], 0x46 => [0x66], 0x47 => [0x67],
+            0x48 => [0x68], 0x49 => [0x69], 0x4A => [0x6A], 0x4B => [0x6B],
+            0x4C => [0x6C], 0x4D => [0x6D], 0x4E => [0x6E], 0x4F => [0x6F],
+            0x50 => [0x70], 0x51 => [0x71], 0x52 => [0x72], 0x53 => [0x73],
+            0x54 => [0x74], 0x55 => [0x75], 0x56 => [0x76], 0x57 => [0x77],
+            0x58 => [0x78], 0x59 => [0x79], 0x5A => [0x7A], 0xB5 => [0x3BC],
+            0xC0 => [0xE0], 0xC1 => [0xE1], 0xC2 => [0xE2], 0xC3 => [0xE3],
+            0xC4 => [0xE4], 0xC5 => [0xE5], 0xC6 => [0xE6], 0xC7 => [0xE7],
+            0xC8 => [0xE8], 0xC9 => [0xE9], 0xCA => [0xEA], 0xCB => [0xEB],
+            0xCC => [0xEC], 0xCD => [0xED], 0xCE => [0xEE], 0xCF => [0xEF],
+            0xD0 => [0xF0], 0xD1 => [0xF1], 0xD2 => [0xF2], 0xD3 => [0xF3],
+            0xD4 => [0xF4], 0xD5 => [0xF5], 0xD6 => [0xF6], 0xD8 => [0xF8],
+            0xD9 => [0xF9], 0xDA => [0xFA], 0xDB => [0xFB], 0xDC => [0xFC],
+            0xDD => [0xFD], 0xDE => [0xFE], 0xDF => [0x73, 0x73],
+            0x100 => [0x101], 0x102 => [0x103], 0x104 => [0x105],
+            0x106 => [0x107], 0x108 => [0x109], 0x10A => [0x10B],
+            0x10C => [0x10D], 0x10E => [0x10F], 0x110 => [0x111],
+            0x112 => [0x113], 0x114 => [0x115], 0x116 => [0x117],
+            0x118 => [0x119], 0x11A => [0x11B], 0x11C => [0x11D],
+            0x11E => [0x11F], 0x120 => [0x121], 0x122 => [0x123],
+            0x124 => [0x125], 0x126 => [0x127], 0x128 => [0x129],
+            0x12A => [0x12B], 0x12C => [0x12D], 0x12E => [0x12F],
+            0x130 => [0x69, 0x307], 0x132 => [0x133], 0x134 => [0x135],
+            0x136 => [0x137], 0x139 => [0x13A], 0x13B => [0x13C],
+            0x13D => [0x13E], 0x13F => [0x140], 0x141 => [0x142],
+            0x143 => [0x144], 0x145 => [0x146], 0x147 => [0x148],
+            0x149 => [0x2BC, 0x6E], 0x14A => [0x14B], 0x14C => [0x14D],
+            0x14E => [0x14F], 0x150 => [0x151], 0x152 => [0x153],
+            0x154 => [0x155], 0x156 => [0x157], 0x158 => [0x159],
+            0x15A => [0x15B], 0x15C => [0x15D], 0x15E => [0x15F],
+            0x160 => [0x161], 0x162 => [0x163], 0x164 => [0x165],
+            0x166 => [0x167], 0x168 => [0x169], 0x16A => [0x16B],
+            0x16C => [0x16D], 0x16E => [0x16F], 0x170 => [0x171],
+            0x172 => [0x173], 0x174 => [0x175], 0x176 => [0x177],
+            0x178 => [0xFF], 0x179 => [0x17A], 0x17B => [0x17C],
+            0x17D => [0x17E], 0x17F => [0x73], 0x181 => [0x253],
+            0x182 => [0x183], 0x184 => [0x185], 0x186 => [0x254],
+            0x187 => [0x188], 0x189 => [0x256], 0x18A => [0x257],
+            0x18B => [0x18C], 0x18E => [0x1DD], 0x18F => [0x259],
+            0x190 => [0x25B], 0x191 => [0x192], 0x193 => [0x260],
+            0x194 => [0x263], 0x196 => [0x269], 0x197 => [0x268],
+            0x198 => [0x199], 0x19C => [0x26F], 0x19D => [0x272],
+            0x19F => [0x275], 0x1A0 => [0x1A1], 0x1A2 => [0x1A3],
+            0x1A4 => [0x1A5], 0x1A6 => [0x280], 0x1A7 => [0x1A8],
+            0x1A9 => [0x283], 0x1AC => [0x1AD], 0x1AE => [0x288],
+            0x1AF => [0x1B0], 0x1B1 => [0x28A], 0x1B2 => [0x28B],
+            0x1B3 => [0x1B4], 0x1B5 => [0x1B6], 0x1B7 => [0x292],
+            0x1B8 => [0x1B9], 0x1BC => [0x1BD], 0x1C4 => [0x1C6],
+            0x1C5 => [0x1C6], 0x1C7 => [0x1C9], 0x1C8 => [0x1C9],
+            0x1CA => [0x1CC], 0x1CB => [0x1CC], 0x1CD => [0x1CE],
+            0x1CF => [0x1D0], 0x1D1 => [0x1D2], 0x1D3 => [0x1D4],
+            0x1D5 => [0x1D6], 0x1D7 => [0x1D8], 0x1D9 => [0x1DA],
+            0x1DB => [0x1DC], 0x1DE => [0x1DF], 0x1E0 => [0x1E1],
+            0x1E2 => [0x1E3], 0x1E4 => [0x1E5], 0x1E6 => [0x1E7],
+            0x1E8 => [0x1E9], 0x1EA => [0x1EB], 0x1EC => [0x1ED],
+            0x1EE => [0x1EF], 0x1F0 => [0x6A, 0x30C], 0x1F1 => [0x1F3],
+            0x1F2 => [0x1F3], 0x1F4 => [0x1F5], 0x1F6 => [0x195],
+            0x1F7 => [0x1BF], 0x1F8 => [0x1F9], 0x1FA => [0x1FB],
+            0x1FC => [0x1FD], 0x1FE => [0x1FF], 0x200 => [0x201],
+            0x202 => [0x203], 0x204 => [0x205], 0x206 => [0x207],
+            0x208 => [0x209], 0x20A => [0x20B], 0x20C => [0x20D],
+            0x20E => [0x20F], 0x210 => [0x211], 0x212 => [0x213],
+            0x214 => [0x215], 0x216 => [0x217], 0x218 => [0x219],
+            0x21A => [0x21B], 0x21C => [0x21D], 0x21E => [0x21F],
+            0x220 => [0x19E], 0x222 => [0x223], 0x224 => [0x225],
+            0x226 => [0x227], 0x228 => [0x229], 0x22A => [0x22B],
+            0x22C => [0x22D], 0x22E => [0x22F], 0x230 => [0x231],
+            0x232 => [0x233], 0x345 => [0x3B9], 0x37A => [0x20, 0x3B9],
+            0x386 => [0x3AC], 0x388 => [0x3AD], 0x389 => [0x3AE],
+            0x38A => [0x3AF], 0x38C => [0x3CC], 0x38E => [0x3CD],
+            0x38F => [0x3CE], 0x390 => [0x3B9, 0x308, 0x301],
+            0x391 => [0x3B1], 0x392 => [0x3B2], 0x393 => [0x3B3],
+            0x394 => [0x3B4], 0x395 => [0x3B5], 0x396 => [0x3B6],
+            0x397 => [0x3B7], 0x398 => [0x3B8], 0x399 => [0x3B9],
+            0x39A => [0x3BA], 0x39B => [0x3BB], 0x39C => [0x3BC],
+            0x39D => [0x3BD], 0x39E => [0x3BE], 0x39F => [0x3BF],
+            0x3A0 => [0x3C0], 0x3A1 => [0x3C1], 0x3A3 => [0x3C3],
+            0x3A4 => [0x3C4], 0x3A5 => [0x3C5], 0x3A6 => [0x3C6],
+            0x3A7 => [0x3C7], 0x3A8 => [0x3C8], 0x3A9 => [0x3C9],
+            0x3AA => [0x3CA], 0x3AB => [0x3CB], 0x3B0 => [0x3C5, 0x308, 0x301],
+            0x3C2 => [0x3C3], 0x3D0 => [0x3B2], 0x3D1 => [0x3B8],
+            0x3D2 => [0x3C5], 0x3D3 => [0x3CD], 0x3D4 => [0x3CB],
+            0x3D5 => [0x3C6], 0x3D6 => [0x3C0], 0x3D8 => [0x3D9],
+            0x3DA => [0x3DB], 0x3DC => [0x3DD], 0x3DE => [0x3DF],
+            0x3E0 => [0x3E1], 0x3E2 => [0x3E3], 0x3E4 => [0x3E5],
+            0x3E6 => [0x3E7], 0x3E8 => [0x3E9], 0x3EA => [0x3EB],
+            0x3EC => [0x3ED], 0x3EE => [0x3EF], 0x3F0 => [0x3BA],
+            0x3F1 => [0x3C1], 0x3F2 => [0x3C3], 0x3F4 => [0x3B8],
+            0x3F5 => [0x3B5], 0x400 => [0x450], 0x401 => [0x451],
+            0x402 => [0x452], 0x403 => [0x453], 0x404 => [0x454],
+            0x405 => [0x455], 0x406 => [0x456], 0x407 => [0x457],
+            0x408 => [0x458], 0x409 => [0x459], 0x40A => [0x45A],
+            0x40B => [0x45B], 0x40C => [0x45C], 0x40D => [0x45D],
+            0x40E => [0x45E], 0x40F => [0x45F], 0x410 => [0x430],
+            0x411 => [0x431], 0x412 => [0x432], 0x413 => [0x433],
+            0x414 => [0x434], 0x415 => [0x435], 0x416 => [0x436],
+            0x417 => [0x437], 0x418 => [0x438], 0x419 => [0x439],
+            0x41A => [0x43A], 0x41B => [0x43B], 0x41C => [0x43C],
+            0x41D => [0x43D], 0x41E => [0x43E], 0x41F => [0x43F],
+            0x420 => [0x440], 0x421 => [0x441], 0x422 => [0x442],
+            0x423 => [0x443], 0x424 => [0x444], 0x425 => [0x445],
+            0x426 => [0x446], 0x427 => [0x447], 0x428 => [0x448],
+            0x429 => [0x449], 0x42A => [0x44A], 0x42B => [0x44B],
+            0x42C => [0x44C], 0x42D => [0x44D], 0x42E => [0x44E],
+            0x42F => [0x44F], 0x460 => [0x461], 0x462 => [0x463],
+            0x464 => [0x465], 0x466 => [0x467], 0x468 => [0x469],
+            0x46A => [0x46B], 0x46C => [0x46D], 0x46E => [0x46F],
+            0x470 => [0x471], 0x472 => [0x473], 0x474 => [0x475],
+            0x476 => [0x477], 0x478 => [0x479], 0x47A => [0x47B],
+            0x47C => [0x47D], 0x47E => [0x47F], 0x480 => [0x481],
+            0x48A => [0x48B], 0x48C => [0x48D], 0x48E => [0x48F],
+            0x490 => [0x491], 0x492 => [0x493], 0x494 => [0x495],
+            0x496 => [0x497], 0x498 => [0x499], 0x49A => [0x49B],
+            0x49C => [0x49D], 0x49E => [0x49F], 0x4A0 => [0x4A1],
+            0x4A2 => [0x4A3], 0x4A4 => [0x4A5], 0x4A6 => [0x4A7],
+            0x4A8 => [0x4A9], 0x4AA => [0x4AB], 0x4AC => [0x4AD],
+            0x4AE => [0x4AF], 0x4B0 => [0x4B1], 0x4B2 => [0x4B3],
+            0x4B4 => [0x4B5], 0x4B6 => [0x4B7], 0x4B8 => [0x4B9],
+            0x4BA => [0x4BB], 0x4BC => [0x4BD], 0x4BE => [0x4BF],
+            0x4C1 => [0x4C2], 0x4C3 => [0x4C4], 0x4C5 => [0x4C6],
+            0x4C7 => [0x4C8], 0x4C9 => [0x4CA], 0x4CB => [0x4CC],
+            0x4CD => [0x4CE], 0x4D0 => [0x4D1], 0x4D2 => [0x4D3],
+            0x4D4 => [0x4D5], 0x4D6 => [0x4D7], 0x4D8 => [0x4D9],
+            0x4DA => [0x4DB], 0x4DC => [0x4DD], 0x4DE => [0x4DF],
+            0x4E0 => [0x4E1], 0x4E2 => [0x4E3], 0x4E4 => [0x4E5],
+            0x4E6 => [0x4E7], 0x4E8 => [0x4E9], 0x4EA => [0x4EB],
+            0x4EC => [0x4ED], 0x4EE => [0x4EF], 0x4F0 => [0x4F1],
+            0x4F2 => [0x4F3], 0x4F4 => [0x4F5], 0x4F8 => [0x4F9],
+            0x500 => [0x501], 0x502 => [0x503], 0x504 => [0x505],
+            0x506 => [0x507], 0x508 => [0x509], 0x50A => [0x50B],
+            0x50C => [0x50D], 0x50E => [0x50F], 0x531 => [0x561],
+            0x532 => [0x562], 0x533 => [0x563], 0x534 => [0x564],
+            0x535 => [0x565], 0x536 => [0x566], 0x537 => [0x567],
+            0x538 => [0x568], 0x539 => [0x569], 0x53A => [0x56A],
+            0x53B => [0x56B], 0x53C => [0x56C], 0x53D => [0x56D],
+            0x53E => [0x56E], 0x53F => [0x56F], 0x540 => [0x570],
+            0x541 => [0x571], 0x542 => [0x572], 0x543 => [0x573],
+            0x544 => [0x574], 0x545 => [0x575], 0x546 => [0x576],
+            0x547 => [0x577], 0x548 => [0x578], 0x549 => [0x579],
+            0x54A => [0x57A], 0x54B => [0x57B], 0x54C => [0x57C],
+            0x54D => [0x57D], 0x54E => [0x57E], 0x54F => [0x57F],
+            0x550 => [0x580], 0x551 => [0x581], 0x552 => [0x582],
+            0x553 => [0x583], 0x554 => [0x584], 0x555 => [0x585],
+            0x556 => [0x586], 0x587 => [0x565, 0x582], 0xE33 => [0xE4D, 0xE32],
+            0x1E00 => [0x1E01], 0x1E02 => [0x1E03], 0x1E04 => [0x1E05],
+            0x1E06 => [0x1E07], 0x1E08 => [0x1E09], 0x1E0A => [0x1E0B],
+            0x1E0C => [0x1E0D], 0x1E0E => [0x1E0F], 0x1E10 => [0x1E11],
+            0x1E12 => [0x1E13], 0x1E14 => [0x1E15], 0x1E16 => [0x1E17],
+            0x1E18 => [0x1E19], 0x1E1A => [0x1E1B], 0x1E1C => [0x1E1D],
+            0x1E1E => [0x1E1F], 0x1E20 => [0x1E21], 0x1E22 => [0x1E23],
+            0x1E24 => [0x1E25], 0x1E26 => [0x1E27], 0x1E28 => [0x1E29],
+            0x1E2A => [0x1E2B], 0x1E2C => [0x1E2D], 0x1E2E => [0x1E2F],
+            0x1E30 => [0x1E31], 0x1E32 => [0x1E33], 0x1E34 => [0x1E35],
+            0x1E36 => [0x1E37], 0x1E38 => [0x1E39], 0x1E3A => [0x1E3B],
+            0x1E3C => [0x1E3D], 0x1E3E => [0x1E3F], 0x1E40 => [0x1E41],
+            0x1E42 => [0x1E43], 0x1E44 => [0x1E45], 0x1E46 => [0x1E47],
+            0x1E48 => [0x1E49], 0x1E4A => [0x1E4B], 0x1E4C => [0x1E4D],
+            0x1E4E => [0x1E4F], 0x1E50 => [0x1E51], 0x1E52 => [0x1E53],
+            0x1E54 => [0x1E55], 0x1E56 => [0x1E57], 0x1E58 => [0x1E59],
+            0x1E5A => [0x1E5B], 0x1E5C => [0x1E5D], 0x1E5E => [0x1E5F],
+            0x1E60 => [0x1E61], 0x1E62 => [0x1E63], 0x1E64 => [0x1E65],
+            0x1E66 => [0x1E67], 0x1E68 => [0x1E69], 0x1E6A => [0x1E6B],
+            0x1E6C => [0x1E6D], 0x1E6E => [0x1E6F], 0x1E70 => [0x1E71],
+            0x1E72 => [0x1E73], 0x1E74 => [0x1E75], 0x1E76 => [0x1E77],
+            0x1E78 => [0x1E79], 0x1E7A => [0x1E7B], 0x1E7C => [0x1E7D],
+            0x1E7E => [0x1E7F], 0x1E80 => [0x1E81], 0x1E82 => [0x1E83],
+            0x1E84 => [0x1E85], 0x1E86 => [0x1E87], 0x1E88 => [0x1E89],
+            0x1E8A => [0x1E8B], 0x1E8C => [0x1E8D], 0x1E8E => [0x1E8F],
+            0x1E90 => [0x1E91], 0x1E92 => [0x1E93], 0x1E94 => [0x1E95],
+            0x1E96 => [0x68, 0x331], 0x1E97 => [0x74, 0x308], 0x1E98 => [0x77, 0x30A],
+            0x1E99 => [0x79, 0x30A], 0x1E9A => [0x61, 0x2BE], 0x1E9B => [0x1E61],
+            0x1EA0 => [0x1EA1], 0x1EA2 => [0x1EA3], 0x1EA4 => [0x1EA5],
+            0x1EA6 => [0x1EA7], 0x1EA8 => [0x1EA9], 0x1EAA => [0x1EAB],
+            0x1EAC => [0x1EAD], 0x1EAE => [0x1EAF], 0x1EB0 => [0x1EB1],
+            0x1EB2 => [0x1EB3], 0x1EB4 => [0x1EB5], 0x1EB6 => [0x1EB7],
+            0x1EB8 => [0x1EB9], 0x1EBA => [0x1EBB], 0x1EBC => [0x1EBD],
+            0x1EBE => [0x1EBF], 0x1EC0 => [0x1EC1], 0x1EC2 => [0x1EC3],
+            0x1EC4 => [0x1EC5], 0x1EC6 => [0x1EC7], 0x1EC8 => [0x1EC9],
+            0x1ECA => [0x1ECB], 0x1ECC => [0x1ECD], 0x1ECE => [0x1ECF],
+            0x1ED0 => [0x1ED1], 0x1ED2 => [0x1ED3], 0x1ED4 => [0x1ED5],
+            0x1ED6 => [0x1ED7], 0x1ED8 => [0x1ED9], 0x1EDA => [0x1EDB],
+            0x1EDC => [0x1EDD], 0x1EDE => [0x1EDF], 0x1EE0 => [0x1EE1],
+            0x1EE2 => [0x1EE3], 0x1EE4 => [0x1EE5], 0x1EE6 => [0x1EE7],
+            0x1EE8 => [0x1EE9], 0x1EEA => [0x1EEB], 0x1EEC => [0x1EED],
+            0x1EEE => [0x1EEF], 0x1EF0 => [0x1EF1], 0x1EF2 => [0x1EF3],
+            0x1EF4 => [0x1EF5], 0x1EF6 => [0x1EF7], 0x1EF8 => [0x1EF9],
+            0x1F08 => [0x1F00], 0x1F09 => [0x1F01], 0x1F0A => [0x1F02],
+            0x1F0B => [0x1F03], 0x1F0C => [0x1F04], 0x1F0D => [0x1F05],
+            0x1F0E => [0x1F06], 0x1F0F => [0x1F07], 0x1F18 => [0x1F10],
+            0x1F19 => [0x1F11], 0x1F1A => [0x1F12], 0x1F1B => [0x1F13],
+            0x1F1C => [0x1F14], 0x1F1D => [0x1F15], 0x1F28 => [0x1F20],
+            0x1F29 => [0x1F21], 0x1F2A => [0x1F22], 0x1F2B => [0x1F23],
+            0x1F2C => [0x1F24], 0x1F2D => [0x1F25], 0x1F2E => [0x1F26],
+            0x1F2F => [0x1F27], 0x1F38 => [0x1F30], 0x1F39 => [0x1F31],
+            0x1F3A => [0x1F32], 0x1F3B => [0x1F33], 0x1F3C => [0x1F34],
+            0x1F3D => [0x1F35], 0x1F3E => [0x1F36], 0x1F3F => [0x1F37],
+            0x1F48 => [0x1F40], 0x1F49 => [0x1F41], 0x1F4A => [0x1F42],
+            0x1F4B => [0x1F43], 0x1F4C => [0x1F44], 0x1F4D => [0x1F45],
+            0x1F50 => [0x3C5, 0x313], 0x1F52 => [0x3C5, 0x313, 0x300],
+            0x1F54 => [0x3C5, 0x313, 0x301], 0x1F56 => [0x3C5, 0x313, 0x342],
+            0x1F59 => [0x1F51], 0x1F5B => [0x1F53], 0x1F5D => [0x1F55],
+            0x1F5F => [0x1F57], 0x1F68 => [0x1F60], 0x1F69 => [0x1F61],
+            0x1F6A => [0x1F62], 0x1F6B => [0x1F63], 0x1F6C => [0x1F64],
+            0x1F6D => [0x1F65], 0x1F6E => [0x1F66], 0x1F6F => [0x1F67],
+            0x1F80 => [0x1F00, 0x3B9], 0x1F81 => [0x1F01, 0x3B9],
+            0x1F82 => [0x1F02, 0x3B9], 0x1F83 => [0x1F03, 0x3B9],
+            0x1F84 => [0x1F04, 0x3B9], 0x1F85 => [0x1F05, 0x3B9],
+            0x1F86 => [0x1F06, 0x3B9], 0x1F87 => [0x1F07, 0x3B9],
+            0x1F88 => [0x1F00, 0x3B9], 0x1F89 => [0x1F01, 0x3B9],
+            0x1F8A => [0x1F02, 0x3B9], 0x1F8B => [0x1F03, 0x3B9],
+            0x1F8C => [0x1F04, 0x3B9], 0x1F8D => [0x1F05, 0x3B9],
+            0x1F8E => [0x1F06, 0x3B9], 0x1F8F => [0x1F07, 0x3B9],
+            0x1F90 => [0x1F20, 0x3B9], 0x1F91 => [0x1F21, 0x3B9],
+            0x1F92 => [0x1F22, 0x3B9], 0x1F93 => [0x1F23, 0x3B9],
+            0x1F94 => [0x1F24, 0x3B9], 0x1F95 => [0x1F25, 0x3B9],
+            0x1F96 => [0x1F26, 0x3B9], 0x1F97 => [0x1F27, 0x3B9],
+            0x1F98 => [0x1F20, 0x3B9], 0x1F99 => [0x1F21, 0x3B9],
+            0x1F9A => [0x1F22, 0x3B9], 0x1F9B => [0x1F23, 0x3B9],
+            0x1F9C => [0x1F24, 0x3B9], 0x1F9D => [0x1F25, 0x3B9],
+            0x1F9E => [0x1F26, 0x3B9], 0x1F9F => [0x1F27, 0x3B9],
+            0x1FA0 => [0x1F60, 0x3B9], 0x1FA1 => [0x1F61, 0x3B9],
+            0x1FA2 => [0x1F62, 0x3B9], 0x1FA3 => [0x1F63, 0x3B9],
+            0x1FA4 => [0x1F64, 0x3B9], 0x1FA5 => [0x1F65, 0x3B9],
+            0x1FA6 => [0x1F66, 0x3B9], 0x1FA7 => [0x1F67, 0x3B9],
+            0x1FA8 => [0x1F60, 0x3B9], 0x1FA9 => [0x1F61, 0x3B9],
+            0x1FAA => [0x1F62, 0x3B9], 0x1FAB => [0x1F63, 0x3B9],
+            0x1FAC => [0x1F64, 0x3B9], 0x1FAD => [0x1F65, 0x3B9],
+            0x1FAE => [0x1F66, 0x3B9], 0x1FAF => [0x1F67, 0x3B9],
+            0x1FB2 => [0x1F70, 0x3B9], 0x1FB3 => [0x3B1, 0x3B9],
+            0x1FB4 => [0x3AC, 0x3B9], 0x1FB6 => [0x3B1, 0x342],
+            0x1FB7 => [0x3B1, 0x342, 0x3B9], 0x1FB8 => [0x1FB0],
+            0x1FB9 => [0x1FB1], 0x1FBA => [0x1F70], 0x1FBB => [0x1F71],
+            0x1FBC => [0x3B1, 0x3B9], 0x1FBE => [0x3B9],
+            0x1FC2 => [0x1F74, 0x3B9], 0x1FC3 => [0x3B7, 0x3B9],
+            0x1FC4 => [0x3AE, 0x3B9], 0x1FC6 => [0x3B7, 0x342],
+            0x1FC7 => [0x3B7, 0x342, 0x3B9], 0x1FC8 => [0x1F72],
+            0x1FC9 => [0x1F73], 0x1FCA => [0x1F74], 0x1FCB => [0x1F75],
+            0x1FCC => [0x3B7, 0x3B9], 0x1FD2 => [0x3B9, 0x308, 0x300],
+            0x1FD3 => [0x3B9, 0x308, 0x301], 0x1FD6 => [0x3B9, 0x342],
+            0x1FD7 => [0x3B9, 0x308, 0x342], 0x1FD8 => [0x1FD0],
+            0x1FD9 => [0x1FD1], 0x1FDA => [0x1F76],
+            0x1FDB => [0x1F77], 0x1FE2 => [0x3C5, 0x308, 0x300],
+            0x1FE3 => [0x3C5, 0x308, 0x301], 0x1FE4 => [0x3C1, 0x313],
+            0x1FE6 => [0x3C5, 0x342], 0x1FE7 => [0x3C5, 0x308, 0x342],
+            0x1FE8 => [0x1FE0], 0x1FE9 => [0x1FE1],
+            0x1FEA => [0x1F7A], 0x1FEB => [0x1F7B],
+            0x1FEC => [0x1FE5], 0x1FF2 => [0x1F7C, 0x3B9],
+            0x1FF3 => [0x3C9, 0x3B9], 0x1FF4 => [0x3CE, 0x3B9],
+            0x1FF6 => [0x3C9, 0x342], 0x1FF7 => [0x3C9, 0x342, 0x3B9],
+            0x1FF8 => [0x1F78], 0x1FF9 => [0x1F79], 0x1FFA => [0x1F7C],
+            0x1FFB => [0x1F7D], 0x1FFC => [0x3C9, 0x3B9],
+            0x20A8 => [0x72, 0x73], 0x2102 => [0x63], 0x2103 => [0xB0, 0x63],
+            0x2107 => [0x25B], 0x2109 => [0xB0, 0x66], 0x210B => [0x68],
+            0x210C => [0x68], 0x210D => [0x68], 0x2110 => [0x69],
+            0x2111 => [0x69], 0x2112 => [0x6C], 0x2115 => [0x6E],
+            0x2116 => [0x6E, 0x6F], 0x2119 => [0x70], 0x211A => [0x71],
+            0x211B => [0x72], 0x211C => [0x72], 0x211D => [0x72],
+            0x2120 => [0x73, 0x6D], 0x2121 => [0x74, 0x65, 0x6C],
+            0x2122 => [0x74, 0x6D], 0x2124 => [0x7A], 0x2126 => [0x3C9],
+            0x2128 => [0x7A], 0x212A => [0x6B], 0x212B => [0xE5],
+            0x212C => [0x62], 0x212D => [0x63], 0x2130 => [0x65],
+            0x2131 => [0x66], 0x2133 => [0x6D], 0x213E => [0x3B3],
+            0x213F => [0x3C0], 0x2145 => [0x64], 0x2160 => [0x2170],
+            0x2161 => [0x2171], 0x2162 => [0x2172], 0x2163 => [0x2173],
+            0x2164 => [0x2174], 0x2165 => [0x2175], 0x2166 => [0x2176],
+            0x2167 => [0x2177], 0x2168 => [0x2178], 0x2169 => [0x2179],
+            0x216A => [0x217A], 0x216B => [0x217B], 0x216C => [0x217C],
+            0x216D => [0x217D], 0x216E => [0x217E], 0x216F => [0x217F],
+            0x24B6 => [0x24D0], 0x24B7 => [0x24D1], 0x24B8 => [0x24D2],
+            0x24B9 => [0x24D3], 0x24BA => [0x24D4], 0x24BB => [0x24D5],
+            0x24BC => [0x24D6], 0x24BD => [0x24D7], 0x24BE => [0x24D8],
+            0x24BF => [0x24D9], 0x24C0 => [0x24DA], 0x24C1 => [0x24DB],
+            0x24C2 => [0x24DC], 0x24C3 => [0x24DD], 0x24C4 => [0x24DE],
+            0x24C5 => [0x24DF], 0x24C6 => [0x24E0], 0x24C7 => [0x24E1],
+            0x24C8 => [0x24E2], 0x24C9 => [0x24E3], 0x24CA => [0x24E4],
+            0x24CB => [0x24E5], 0x24CC => [0x24E6], 0x24CD => [0x24E7],
+            0x24CE => [0x24E8], 0x24CF => [0x24E9], 0x3371 => [0x68, 0x70, 0x61],
+            0x3373 => [0x61, 0x75], 0x3375 => [0x6F, 0x76],
+            0x3380 => [0x70, 0x61], 0x3381 => [0x6E, 0x61],
+            0x3382 => [0x3BC, 0x61], 0x3383 => [0x6D, 0x61],
+            0x3384 => [0x6B, 0x61], 0x3385 => [0x6B, 0x62],
+            0x3386 => [0x6D, 0x62], 0x3387 => [0x67, 0x62],
+            0x338A => [0x70, 0x66], 0x338B => [0x6E, 0x66],
+            0x338C => [0x3BC, 0x66], 0x3390 => [0x68, 0x7A],
+            0x3391 => [0x6B, 0x68, 0x7A], 0x3392 => [0x6D, 0x68, 0x7A],
+            0x3393 => [0x67, 0x68, 0x7A], 0x3394 => [0x74, 0x68, 0x7A],
+            0x33A9 => [0x70, 0x61], 0x33AA => [0x6B, 0x70, 0x61],
+            0x33AB => [0x6D, 0x70, 0x61], 0x33AC => [0x67, 0x70, 0x61],
+            0x33B4 => [0x70, 0x76], 0x33B5 => [0x6E, 0x76],
+            0x33B6 => [0x3BC, 0x76], 0x33B7 => [0x6D, 0x76],
+            0x33B8 => [0x6B, 0x76], 0x33B9 => [0x6D, 0x76],
+            0x33BA => [0x70, 0x77], 0x33BB => [0x6E, 0x77],
+            0x33BC => [0x3BC, 0x77], 0x33BD => [0x6D, 0x77],
+            0x33BE => [0x6B, 0x77], 0x33BF => [0x6D, 0x77],
+            0x33C0 => [0x6B, 0x3C9], 0x33C1 => [0x6D, 0x3C9], /*
+            0x33C2  => array(0x61, 0x2E, 0x6D, 0x2E), */
+            0x33C3 => [0x62, 0x71], 0x33C6 => [0x63, 0x2215, 0x6B, 0x67],
+            0x33C7 => [0x63, 0x6F, 0x2E], 0x33C8 => [0x64, 0x62],
+            0x33C9 => [0x67, 0x79], 0x33CB => [0x68, 0x70],
+            0x33CD => [0x6B, 0x6B], 0x33CE => [0x6B, 0x6D],
+            0x33D7 => [0x70, 0x68], 0x33D9 => [0x70, 0x70, 0x6D],
+            0x33DA => [0x70, 0x72], 0x33DC => [0x73, 0x76],
+            0x33DD => [0x77, 0x62], 0xFB00 => [0x66, 0x66],
+            0xFB01 => [0x66, 0x69], 0xFB02 => [0x66, 0x6C],
+            0xFB03 => [0x66, 0x66, 0x69], 0xFB04 => [0x66, 0x66, 0x6C],
+            0xFB05 => [0x73, 0x74], 0xFB06 => [0x73, 0x74],
+            0xFB13 => [0x574, 0x576], 0xFB14 => [0x574, 0x565],
+            0xFB15 => [0x574, 0x56B], 0xFB16 => [0x57E, 0x576],
+            0xFB17 => [0x574, 0x56D], 0xFF21 => [0xFF41],
+            0xFF22 => [0xFF42], 0xFF23 => [0xFF43], 0xFF24 => [0xFF44],
+            0xFF25 => [0xFF45], 0xFF26 => [0xFF46], 0xFF27 => [0xFF47],
+            0xFF28 => [0xFF48], 0xFF29 => [0xFF49], 0xFF2A => [0xFF4A],
+            0xFF2B => [0xFF4B], 0xFF2C => [0xFF4C], 0xFF2D => [0xFF4D],
+            0xFF2E => [0xFF4E], 0xFF2F => [0xFF4F], 0xFF30 => [0xFF50],
+            0xFF31 => [0xFF51], 0xFF32 => [0xFF52], 0xFF33 => [0xFF53],
+            0xFF34 => [0xFF54], 0xFF35 => [0xFF55], 0xFF36 => [0xFF56],
+            0xFF37 => [0xFF57], 0xFF38 => [0xFF58], 0xFF39 => [0xFF59],
+            0xFF3A => [0xFF5A], 0x10400 => [0x10428], 0x10401 => [0x10429],
+            0x10402 => [0x1042A], 0x10403 => [0x1042B], 0x10404 => [0x1042C],
+            0x10405 => [0x1042D], 0x10406 => [0x1042E], 0x10407 => [0x1042F],
+            0x10408 => [0x10430], 0x10409 => [0x10431], 0x1040A => [0x10432],
+            0x1040B => [0x10433], 0x1040C => [0x10434], 0x1040D => [0x10435],
+            0x1040E => [0x10436], 0x1040F => [0x10437], 0x10410 => [0x10438],
+            0x10411 => [0x10439], 0x10412 => [0x1043A], 0x10413 => [0x1043B],
+            0x10414 => [0x1043C], 0x10415 => [0x1043D], 0x10416 => [0x1043E],
+            0x10417 => [0x1043F], 0x10418 => [0x10440], 0x10419 => [0x10441],
+            0x1041A => [0x10442], 0x1041B => [0x10443], 0x1041C => [0x10444],
+            0x1041D => [0x10445], 0x1041E => [0x10446], 0x1041F => [0x10447],
+            0x10420 => [0x10448], 0x10421 => [0x10449], 0x10422 => [0x1044A],
+            0x10423 => [0x1044B], 0x10424 => [0x1044C], 0x10425 => [0x1044D],
+            0x1D400 => [0x61], 0x1D401 => [0x62], 0x1D402 => [0x63],
+            0x1D403 => [0x64], 0x1D404 => [0x65], 0x1D405 => [0x66],
+            0x1D406 => [0x67], 0x1D407 => [0x68], 0x1D408 => [0x69],
+            0x1D409 => [0x6A], 0x1D40A => [0x6B], 0x1D40B => [0x6C],
+            0x1D40C => [0x6D], 0x1D40D => [0x6E], 0x1D40E => [0x6F],
+            0x1D40F => [0x70], 0x1D410 => [0x71], 0x1D411 => [0x72],
+            0x1D412 => [0x73], 0x1D413 => [0x74], 0x1D414 => [0x75],
+            0x1D415 => [0x76], 0x1D416 => [0x77], 0x1D417 => [0x78],
+            0x1D418 => [0x79], 0x1D419 => [0x7A], 0x1D434 => [0x61],
+            0x1D435 => [0x62], 0x1D436 => [0x63], 0x1D437 => [0x64],
+            0x1D438 => [0x65], 0x1D439 => [0x66], 0x1D43A => [0x67],
+            0x1D43B => [0x68], 0x1D43C => [0x69], 0x1D43D => [0x6A],
+            0x1D43E => [0x6B], 0x1D43F => [0x6C], 0x1D440 => [0x6D],
+            0x1D441 => [0x6E], 0x1D442 => [0x6F], 0x1D443 => [0x70],
+            0x1D444 => [0x71], 0x1D445 => [0x72], 0x1D446 => [0x73],
+            0x1D447 => [0x74], 0x1D448 => [0x75], 0x1D449 => [0x76],
+            0x1D44A => [0x77], 0x1D44B => [0x78], 0x1D44C => [0x79],
+            0x1D44D => [0x7A], 0x1D468 => [0x61], 0x1D469 => [0x62],
+            0x1D46A => [0x63], 0x1D46B => [0x64], 0x1D46C => [0x65],
+            0x1D46D => [0x66], 0x1D46E => [0x67], 0x1D46F => [0x68],
+            0x1D470 => [0x69], 0x1D471 => [0x6A], 0x1D472 => [0x6B],
+            0x1D473 => [0x6C], 0x1D474 => [0x6D], 0x1D475 => [0x6E],
+            0x1D476 => [0x6F], 0x1D477 => [0x70], 0x1D478 => [0x71],
+            0x1D479 => [0x72], 0x1D47A => [0x73], 0x1D47B => [0x74],
+            0x1D47C => [0x75], 0x1D47D => [0x76], 0x1D47E => [0x77],
+            0x1D47F => [0x78], 0x1D480 => [0x79], 0x1D481 => [0x7A],
+            0x1D49C => [0x61], 0x1D49E => [0x63], 0x1D49F => [0x64],
+            0x1D4A2 => [0x67], 0x1D4A5 => [0x6A], 0x1D4A6 => [0x6B],
+            0x1D4A9 => [0x6E], 0x1D4AA => [0x6F], 0x1D4AB => [0x70],
+            0x1D4AC => [0x71], 0x1D4AE => [0x73], 0x1D4AF => [0x74],
+            0x1D4B0 => [0x75], 0x1D4B1 => [0x76], 0x1D4B2 => [0x77],
+            0x1D4B3 => [0x78], 0x1D4B4 => [0x79], 0x1D4B5 => [0x7A],
+            0x1D4D0 => [0x61], 0x1D4D1 => [0x62], 0x1D4D2 => [0x63],
+            0x1D4D3 => [0x64], 0x1D4D4 => [0x65], 0x1D4D5 => [0x66],
+            0x1D4D6 => [0x67], 0x1D4D7 => [0x68], 0x1D4D8 => [0x69],
+            0x1D4D9 => [0x6A], 0x1D4DA => [0x6B], 0x1D4DB => [0x6C],
+            0x1D4DC => [0x6D], 0x1D4DD => [0x6E], 0x1D4DE => [0x6F],
+            0x1D4DF => [0x70], 0x1D4E0 => [0x71], 0x1D4E1 => [0x72],
+            0x1D4E2 => [0x73], 0x1D4E3 => [0x74], 0x1D4E4 => [0x75],
+            0x1D4E5 => [0x76], 0x1D4E6 => [0x77], 0x1D4E7 => [0x78],
+            0x1D4E8 => [0x79], 0x1D4E9 => [0x7A], 0x1D504 => [0x61],
+            0x1D505 => [0x62], 0x1D507 => [0x64], 0x1D508 => [0x65],
+            0x1D509 => [0x66], 0x1D50A => [0x67], 0x1D50D => [0x6A],
+            0x1D50E => [0x6B], 0x1D50F => [0x6C], 0x1D510 => [0x6D],
+            0x1D511 => [0x6E], 0x1D512 => [0x6F], 0x1D513 => [0x70],
+            0x1D514 => [0x71], 0x1D516 => [0x73], 0x1D517 => [0x74],
+            0x1D518 => [0x75], 0x1D519 => [0x76], 0x1D51A => [0x77],
+            0x1D51B => [0x78], 0x1D51C => [0x79], 0x1D538 => [0x61],
+            0x1D539 => [0x62], 0x1D53B => [0x64], 0x1D53C => [0x65],
+            0x1D53D => [0x66], 0x1D53E => [0x67], 0x1D540 => [0x69],
+            0x1D541 => [0x6A], 0x1D542 => [0x6B], 0x1D543 => [0x6C],
+            0x1D544 => [0x6D], 0x1D546 => [0x6F], 0x1D54A => [0x73],
+            0x1D54B => [0x74], 0x1D54C => [0x75], 0x1D54D => [0x76],
+            0x1D54E => [0x77], 0x1D54F => [0x78], 0x1D550 => [0x79],
+            0x1D56C => [0x61], 0x1D56D => [0x62], 0x1D56E => [0x63],
+            0x1D56F => [0x64], 0x1D570 => [0x65], 0x1D571 => [0x66],
+            0x1D572 => [0x67], 0x1D573 => [0x68], 0x1D574 => [0x69],
+            0x1D575 => [0x6A], 0x1D576 => [0x6B], 0x1D577 => [0x6C],
+            0x1D578 => [0x6D], 0x1D579 => [0x6E], 0x1D57A => [0x6F],
+            0x1D57B => [0x70], 0x1D57C => [0x71], 0x1D57D => [0x72],
+            0x1D57E => [0x73], 0x1D57F => [0x74], 0x1D580 => [0x75],
+            0x1D581 => [0x76], 0x1D582 => [0x77], 0x1D583 => [0x78],
+            0x1D584 => [0x79], 0x1D585 => [0x7A], 0x1D5A0 => [0x61],
+            0x1D5A1 => [0x62], 0x1D5A2 => [0x63], 0x1D5A3 => [0x64],
+            0x1D5A4 => [0x65], 0x1D5A5 => [0x66], 0x1D5A6 => [0x67],
+            0x1D5A7 => [0x68], 0x1D5A8 => [0x69], 0x1D5A9 => [0x6A],
+            0x1D5AA => [0x6B], 0x1D5AB => [0x6C], 0x1D5AC => [0x6D],
+            0x1D5AD => [0x6E], 0x1D5AE => [0x6F], 0x1D5AF => [0x70],
+            0x1D5B0 => [0x71], 0x1D5B1 => [0x72], 0x1D5B2 => [0x73],
+            0x1D5B3 => [0x74], 0x1D5B4 => [0x75], 0x1D5B5 => [0x76],
+            0x1D5B6 => [0x77], 0x1D5B7 => [0x78], 0x1D5B8 => [0x79],
+            0x1D5B9 => [0x7A], 0x1D5D4 => [0x61], 0x1D5D5 => [0x62],
+            0x1D5D6 => [0x63], 0x1D5D7 => [0x64], 0x1D5D8 => [0x65],
+            0x1D5D9 => [0x66], 0x1D5DA => [0x67], 0x1D5DB => [0x68],
+            0x1D5DC => [0x69], 0x1D5DD => [0x6A], 0x1D5DE => [0x6B],
+            0x1D5DF => [0x6C], 0x1D5E0 => [0x6D], 0x1D5E1 => [0x6E],
+            0x1D5E2 => [0x6F], 0x1D5E3 => [0x70], 0x1D5E4 => [0x71],
+            0x1D5E5 => [0x72], 0x1D5E6 => [0x73], 0x1D5E7 => [0x74],
+            0x1D5E8 => [0x75], 0x1D5E9 => [0x76], 0x1D5EA => [0x77],
+            0x1D5EB => [0x78], 0x1D5EC => [0x79], 0x1D5ED => [0x7A],
+            0x1D608 => [0x61], 0x1D609 => [0x62], 0x1D60A => [0x63],
+            0x1D60B => [0x64], 0x1D60C => [0x65], 0x1D60D => [0x66],
+            0x1D60E => [0x67], 0x1D60F => [0x68], 0x1D610 => [0x69],
+            0x1D611 => [0x6A], 0x1D612 => [0x6B], 0x1D613 => [0x6C],
+            0x1D614 => [0x6D], 0x1D615 => [0x6E], 0x1D616 => [0x6F],
+            0x1D617 => [0x70], 0x1D618 => [0x71], 0x1D619 => [0x72],
+            0x1D61A => [0x73], 0x1D61B => [0x74], 0x1D61C => [0x75],
+            0x1D61D => [0x76], 0x1D61E => [0x77], 0x1D61F => [0x78],
+            0x1D620 => [0x79], 0x1D621 => [0x7A], 0x1D63C => [0x61],
+            0x1D63D => [0x62], 0x1D63E => [0x63], 0x1D63F => [0x64],
+            0x1D640 => [0x65], 0x1D641 => [0x66], 0x1D642 => [0x67],
+            0x1D643 => [0x68], 0x1D644 => [0x69], 0x1D645 => [0x6A],
+            0x1D646 => [0x6B], 0x1D647 => [0x6C], 0x1D648 => [0x6D],
+            0x1D649 => [0x6E], 0x1D64A => [0x6F], 0x1D64B => [0x70],
+            0x1D64C => [0x71], 0x1D64D => [0x72], 0x1D64E => [0x73],
+            0x1D64F => [0x74], 0x1D650 => [0x75], 0x1D651 => [0x76],
+            0x1D652 => [0x77], 0x1D653 => [0x78], 0x1D654 => [0x79],
+            0x1D655 => [0x7A], 0x1D670 => [0x61], 0x1D671 => [0x62],
+            0x1D672 => [0x63], 0x1D673 => [0x64], 0x1D674 => [0x65],
+            0x1D675 => [0x66], 0x1D676 => [0x67], 0x1D677 => [0x68],
+            0x1D678 => [0x69], 0x1D679 => [0x6A], 0x1D67A => [0x6B],
+            0x1D67B => [0x6C], 0x1D67C => [0x6D], 0x1D67D => [0x6E],
+            0x1D67E => [0x6F], 0x1D67F => [0x70], 0x1D680 => [0x71],
+            0x1D681 => [0x72], 0x1D682 => [0x73], 0x1D683 => [0x74],
+            0x1D684 => [0x75], 0x1D685 => [0x76], 0x1D686 => [0x77],
+            0x1D687 => [0x78], 0x1D688 => [0x79], 0x1D689 => [0x7A],
+            0x1D6A8 => [0x3B1], 0x1D6A9 => [0x3B2], 0x1D6AA => [0x3B3],
+            0x1D6AB => [0x3B4], 0x1D6AC => [0x3B5], 0x1D6AD => [0x3B6],
+            0x1D6AE => [0x3B7], 0x1D6AF => [0x3B8], 0x1D6B0 => [0x3B9],
+            0x1D6B1 => [0x3BA], 0x1D6B2 => [0x3BB], 0x1D6B3 => [0x3BC],
+            0x1D6B4 => [0x3BD], 0x1D6B5 => [0x3BE], 0x1D6B6 => [0x3BF],
+            0x1D6B7 => [0x3C0], 0x1D6B8 => [0x3C1], 0x1D6B9 => [0x3B8],
+            0x1D6BA => [0x3C3], 0x1D6BB => [0x3C4], 0x1D6BC => [0x3C5],
+            0x1D6BD => [0x3C6], 0x1D6BE => [0x3C7], 0x1D6BF => [0x3C8],
+            0x1D6C0 => [0x3C9], 0x1D6D3 => [0x3C3], 0x1D6E2 => [0x3B1],
+            0x1D6E3 => [0x3B2], 0x1D6E4 => [0x3B3], 0x1D6E5 => [0x3B4],
+            0x1D6E6 => [0x3B5], 0x1D6E7 => [0x3B6], 0x1D6E8 => [0x3B7],
+            0x1D6E9 => [0x3B8], 0x1D6EA => [0x3B9], 0x1D6EB => [0x3BA],
+            0x1D6EC => [0x3BB], 0x1D6ED => [0x3BC], 0x1D6EE => [0x3BD],
+            0x1D6EF => [0x3BE], 0x1D6F0 => [0x3BF], 0x1D6F1 => [0x3C0],
+            0x1D6F2 => [0x3C1], 0x1D6F3 => [0x3B8], 0x1D6F4 => [0x3C3],
+            0x1D6F5 => [0x3C4], 0x1D6F6 => [0x3C5], 0x1D6F7 => [0x3C6],
+            0x1D6F8 => [0x3C7], 0x1D6F9 => [0x3C8], 0x1D6FA => [0x3C9],
+            0x1D70D => [0x3C3], 0x1D71C => [0x3B1], 0x1D71D => [0x3B2],
+            0x1D71E => [0x3B3], 0x1D71F => [0x3B4], 0x1D720 => [0x3B5],
+            0x1D721 => [0x3B6], 0x1D722 => [0x3B7], 0x1D723 => [0x3B8],
+            0x1D724 => [0x3B9], 0x1D725 => [0x3BA], 0x1D726 => [0x3BB],
+            0x1D727 => [0x3BC], 0x1D728 => [0x3BD], 0x1D729 => [0x3BE],
+            0x1D72A => [0x3BF], 0x1D72B => [0x3C0], 0x1D72C => [0x3C1],
+            0x1D72D => [0x3B8], 0x1D72E => [0x3C3], 0x1D72F => [0x3C4],
+            0x1D730 => [0x3C5], 0x1D731 => [0x3C6], 0x1D732 => [0x3C7],
+            0x1D733 => [0x3C8], 0x1D734 => [0x3C9], 0x1D747 => [0x3C3],
+            0x1D756 => [0x3B1], 0x1D757 => [0x3B2], 0x1D758 => [0x3B3],
+            0x1D759 => [0x3B4], 0x1D75A => [0x3B5], 0x1D75B => [0x3B6],
+            0x1D75C => [0x3B7], 0x1D75D => [0x3B8], 0x1D75E => [0x3B9],
+            0x1D75F => [0x3BA], 0x1D760 => [0x3BB], 0x1D761 => [0x3BC],
+            0x1D762 => [0x3BD], 0x1D763 => [0x3BE], 0x1D764 => [0x3BF],
+            0x1D765 => [0x3C0], 0x1D766 => [0x3C1], 0x1D767 => [0x3B8],
+            0x1D768 => [0x3C3], 0x1D769 => [0x3C4], 0x1D76A => [0x3C5],
+            0x1D76B => [0x3C6], 0x1D76C => [0x3C7], 0x1D76D => [0x3C8],
+            0x1D76E => [0x3C9], 0x1D781 => [0x3C3], 0x1D790 => [0x3B1],
+            0x1D791 => [0x3B2], 0x1D792 => [0x3B3], 0x1D793 => [0x3B4],
+            0x1D794 => [0x3B5], 0x1D795 => [0x3B6], 0x1D796 => [0x3B7],
+            0x1D797 => [0x3B8], 0x1D798 => [0x3B9], 0x1D799 => [0x3BA],
+            0x1D79A => [0x3BB], 0x1D79B => [0x3BC], 0x1D79C => [0x3BD],
+            0x1D79D => [0x3BE], 0x1D79E => [0x3BF], 0x1D79F => [0x3C0],
+            0x1D7A0 => [0x3C1], 0x1D7A1 => [0x3B8], 0x1D7A2 => [0x3C3],
+            0x1D7A3 => [0x3C4], 0x1D7A4 => [0x3C5], 0x1D7A5 => [0x3C6],
+            0x1D7A6 => [0x3C7], 0x1D7A7 => [0x3C8], 0x1D7A8 => [0x3C9],
+            0x1D7BB => [0x3C3], 0x3F9 => [0x3C3], 0x1D2C => [0x61],
+            0x1D2D => [0xE6], 0x1D2E => [0x62], 0x1D30 => [0x64],
+            0x1D31 => [0x65], 0x1D32 => [0x1DD], 0x1D33 => [0x67],
+            0x1D34 => [0x68], 0x1D35 => [0x69], 0x1D36 => [0x6A],
+            0x1D37 => [0x6B], 0x1D38 => [0x6C], 0x1D39 => [0x6D],
+            0x1D3A => [0x6E], 0x1D3C => [0x6F], 0x1D3D => [0x223],
+            0x1D3E => [0x70], 0x1D3F => [0x72], 0x1D40 => [0x74],
+            0x1D41 => [0x75], 0x1D42 => [0x77], 0x213B => [0x66, 0x61, 0x78],
+            0x3250 => [0x70, 0x74, 0x65], 0x32CC => [0x68, 0x67],
+            0x32CE => [0x65, 0x76], 0x32CF => [0x6C, 0x74, 0x64],
+            0x337A => [0x69, 0x75], 0x33DE => [0x76, 0x2215, 0x6D],
+            0x33DF => [0x61, 0x2215, 0x6D]
+    ];
+}
--- a/lib/classes/idna/ext/NamePrepDataInterface.php
+++ b/lib/classes/idna/ext/NamePrepDataInterface.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace Mso\IdnaConvert;
+
+interface NamePrepDataInterface
+{
+}
--- a/lib/classes/idna/ext/Punycode.php
+++ b/lib/classes/idna/ext/Punycode.php
@@ -0,0 +1,555 @@
+<?php
+
+// {{{ license
+
+/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */
+//
+// +----------------------------------------------------------------------+
+// | This library is free software; you can redistribute it and/or modify |
+// | it under the terms of the GNU Lesser General Public License as       |
+// | published by the Free Software Foundation; either version 2.1 of the |
+// | License, or (at your option) any later version.                      |
+// |                                                                      |
+// | This library is distributed in the hope that it will be useful, but  |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of           |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU    |
+// | Lesser General Public License for more details.                      |
+// |                                                                      |
+// | You should have received a copy of the GNU Lesser General Public     |
+// | License along with this library; if not, write to the Free Software  |
+// | Foundation, Inc., 51 Franklin St, Boston, MA 02110, United States    |
+// +----------------------------------------------------------------------+
+//
+// }}}
+
+ /*
+ * @author  Matthias Sommerfeld <mso@phlylabs.de>
+ * @copyright 2004-2016 phlyLabs Berlin, http://phlylabs.de
+ * @version 1.0.1 2016-01-24
+ */
+
+namespace Mso\IdnaConvert;
+
+class Punycode implements PunycodeInterface
+{
+    // Internal settings, do not touch!
+    const punycodePrefix = 'xn--';
+    const invalidUcs = 0x80000000;
+    const maxUcs = 0x10FFFF;
+    const base = 36;
+    const tMin = 1;
+    const tMax = 26;
+    const skew = 38;
+    const damp = 700;
+    const initialBias = 72;
+    const initialN = 0x80;
+    const sBase = 0xAC00;
+    const lBase = 0x1100;
+    const vBase = 0x1161;
+    const tBase = 0x11A7;
+    const lCount = 19;
+    const vCount = 21;
+    const tCount = 28;
+    const nCount = 588;   // vCount * tCount
+    const sCount = 11172; // lCount * tCount * vCount
+    const sLast = self::sBase + self::lCount * self::vCount * self::tCount;
+
+    protected static $isMbStringOverload = null;
+
+    protected $NamePrepData;
+    protected $UnicodeTranscoder;
+
+    /**
+     * the constructor
+     *
+     * @param $NamePrepData NamePrepDataInterface inject NamePrepData object
+     * @param $UnicodeTranscoder UnicodeTranscoderInterface inject Unicode Transcoder
+     * @since 0.5.2
+     */
+    public function __construct(NamePrepDataInterface $NamePrepData, UnicodeTranscoderInterface $UnicodeTranscoder)
+    {
+        // populate mbstring overloading cache if not set
+        if (self::$isMbStringOverload === null) {
+            self::$isMbStringOverload = (extension_loaded('mbstring') && (ini_get('mbstring.func_overload') & 0x02) === 0x02);
+        }
+
+        $this->NamePrepData = $NamePrepData;
+        $this->UnicodeTranscoder = $UnicodeTranscoder;
+    }
+
+    /**
+     * Returns the used prefix for punycode-encoded strings
+     * @return string
+     */
+    public function getPunycodePrefix()
+    {
+        return self::punycodePrefix;
+    }
+
+    /**
+     * Checks, whether or not the provided string is a valid punycode string
+     * @param string $encoded
+     * @return boolean
+     */
+    public function validate($encoded) {
+        // Check for existence of the prefix
+        if (strpos($encoded, self::punycodePrefix) !== 0) {
+            return false;
+        }
+        // If nothing is left after the prefix, it is hopeless
+        if (strlen(trim($encoded)) <= strlen(self::punycodePrefix)) {
+            return false;
+        }
+        return true;
+    }
+
+    /**
+     * The actual decoding algorithm
+     * @param string
+     * @return mixed
+     */
+    public function decode($encoded)
+    {
+        if (!$this->validate($encoded)) {
+            return false;
+        }
+
+        $decoded = [];
+        // Find last occurence of the delimiter
+        $delim_pos = strrpos($encoded, '-');
+        if ($delim_pos > self::byteLength(self::punycodePrefix)) {
+            for ($k = self::byteLength(self::punycodePrefix); $k < $delim_pos; ++$k) {
+                $decoded[] = ord($encoded{$k});
+            }
+        }
+        $deco_len = count($decoded);
+        $enco_len = self::byteLength($encoded);
+
+        // Wandering through the strings; init
+        $is_first = true;
+        $bias = self::initialBias;
+        $idx = 0;
+        $char = self::initialN;
+
+        for ($enco_idx = ($delim_pos) ? ($delim_pos + 1) : 0; $enco_idx < $enco_len; ++$deco_len) {
+            for ($old_idx = $idx, $w = 1, $k = self::base; 1; $k += self::base) {
+                $digit = $this->decodeDigit($encoded{$enco_idx++});
+                $idx += $digit * $w;
+                $t = ($k <= $bias) ? self::tMin :
+                        (($k >= $bias + self::tMax) ? self::tMax : ($k - $bias));
+                if ($digit < $t) {
+                    break;
+                }
+                $w = (int) ($w * (self::base - $t));
+            }
+            $bias = $this->adapt($idx - $old_idx, $deco_len + 1, $is_first);
+            $is_first = false;
+            $char += (int) ($idx / ($deco_len + 1));
+            $idx %= ($deco_len + 1);
+            if ($deco_len > 0) {
+                // Make room for the decoded char
+                for ($i = $deco_len; $i > $idx; $i--) {
+                    $decoded[$i] = $decoded[($i - 1)];
+                }
+            }
+            $decoded[$idx++] = $char;
+        }
+        return $this->UnicodeTranscoder->ucs4array_utf8($decoded);
+    }
+
+    /**
+     * The actual encoding algorithm
+     * @param  array $decoded
+     * @return mixed
+     */
+    public function encode($decoded)
+    {
+        // We cannot encode a domain name containing the Punycode prefix
+        $extract = self::byteLength(self::punycodePrefix);
+        $check_pref = $this->UnicodeTranscoder->utf8_ucs4array(self::punycodePrefix);
+        $check_deco = array_slice($decoded, 0, $extract);
+
+        if ($check_pref == $check_deco) {
+            throw new \InvalidArgumentException('This is already a Punycode string');
+        }
+        // We will not try to encode strings consisting of basic code points only
+        $encodable = false;
+        foreach ($decoded as $k => $v) {
+            if ($v > 0x7a) {
+                $encodable = true;
+                break;
+            }
+        }
+        if (!$encodable) {
+            return false;
+        }
+        // Do NAMEPREP
+        $decoded = $this->namePrep($decoded);
+        if (!$decoded || !is_array($decoded)) {
+            return false; // NAMEPREP failed
+        }
+        $deco_len = count($decoded);
+        if (!$deco_len) {
+            return false; // Empty array
+        }
+        $codecount = 0; // How many chars have been consumed
+        $encoded = '';
+        // Copy all basic code points to output
+        for ($i = 0; $i < $deco_len; ++$i) {
+            $test = $decoded[$i];
+            // Will match [-0-9a-zA-Z]
+            if ((0x2F < $test && $test < 0x40)
+                    || (0x40 < $test && $test < 0x5B)
+                    || (0x60 < $test && $test <= 0x7B)
+                    || (0x2D == $test)) {
+                $encoded .= chr($decoded[$i]);
+                $codecount++;
+            }
+        }
+        if ($codecount == $deco_len) {
+            return $encoded; // All codepoints were basic ones
+        }
+        // Start with the prefix; copy it to output
+        $encoded = self::punycodePrefix . $encoded;
+        // If we have basic code points in output, add an hyphen to the end
+        if ($codecount) {
+            $encoded .= '-';
+        }
+        // Now find and encode all non-basic code points
+        $is_first = true;
+        $cur_code = self::initialN;
+        $bias = self::initialBias;
+        $delta = 0;
+        while ($codecount < $deco_len) {
+            // Find the smallest code point >= the current code point and
+            // remember the last ouccrence of it in the input
+            for ($i = 0, $next_code = self::maxUcs; $i < $deco_len; $i++) {
+                if ($decoded[$i] >= $cur_code && $decoded[$i] <= $next_code) {
+                    $next_code = $decoded[$i];
+                }
+            }
+            $delta += ($next_code - $cur_code) * ($codecount + 1);
+            $cur_code = $next_code;
+
+            // Scan input again and encode all characters whose code point is $cur_code
+            for ($i = 0; $i < $deco_len; $i++) {
+                if ($decoded[$i] < $cur_code) {
+                    $delta++;
+                } elseif ($decoded[$i] == $cur_code) {
+                    for ($q = $delta, $k = self::base; 1; $k += self::base) {
+                        $t = ($k <= $bias)
+                                ? self::tMin
+                                : (($k >= $bias + self::tMax) ? self::tMax : $k - $bias);
+                        if ($q < $t) {
+                            break;
+                        }
+
+                        $encoded .= $this->encodeDigit(intval($t + (($q - $t) % (self::base - $t))));
+                        $q = (int) (($q - $t) / (self::base - $t));
+                    }
+                    $encoded .= $this->encodeDigit($q);
+                    $bias = $this->adapt($delta, $codecount + 1, $is_first);
+                    $codecount++;
+                    $delta = 0;
+                    $is_first = false;
+                }
+            }
+            $delta++;
+            $cur_code++;
+        }
+        return $encoded;
+    }
+
+    /**
+     * Adapt the bias according to the current code point and position
+     * @param int $delta
+     * @param int $npoints
+     * @param int $is_first
+     * @return int
+     */
+    protected function adapt($delta, $npoints, $is_first)
+    {
+        $delta = intval($is_first ? ($delta / self::damp) : ($delta / 2));
+        $delta += intval($delta / $npoints);
+        for ($k = 0; $delta > ((self::base - self::tMin) * self::tMax) / 2; $k += self::base) {
+            $delta = intval($delta / (self::base - self::tMin));
+        }
+        return intval($k + (self::base - self::tMin + 1) * $delta / ($delta + self::skew));
+    }
+
+    /**
+     * Encoding a certain digit
+     * @param    int $d
+     * @return string
+     */
+    protected function encodeDigit($d)
+    {
+        return chr($d + 22 + 75 * ($d < 26));
+    }
+
+    /**
+     * Decode a certain digit
+     * @param    int $cp
+     * @return int
+     */
+    protected function decodeDigit($cp)
+    {
+        $cp = ord($cp);
+        if ($cp - 48 < 10) {
+
+            return $cp - 22;
+        }
+
+        if ($cp - 65 < 26) {
+
+            return $cp - 65;
+        }
+        if ($cp - 97 < 26) {
+
+            return $cp - 97;
+        }
+
+        return self::base;
+    }
+
+    /**
+     * Do Nameprep according to RFC3491 and RFC3454
+     * @param array $input Unicode Characters
+     * @return string  Unicode Characters, Nameprep'd
+     */
+    protected function namePrep($input)
+    {
+        $output = [];
+        //
+        // Mapping
+        // Walking through the input array, performing the required steps on each of
+        // the input chars and putting the result into the output array
+        // While mapping required chars we apply the canonical ordering
+        foreach ($input as $v) {
+            // Map to nothing == skip that code point
+            if (in_array($v, $this->NamePrepData->mapToNothing)) {
+                continue;
+            }
+            // Try to find prohibited input
+            if (in_array($v, $this->NamePrepData->prohibit) || in_array($v, $this->NamePrepData->generalProhibited)) {
+                throw new \InvalidArgumentException(sprintf('NAMEPREP: Prohibited input U+%08X', $v));
+            }
+            foreach ($this->NamePrepData->prohibitRanges as $range) {
+                if ($range[0] <= $v && $v <= $range[1]) {
+                    throw new \InvalidArgumentException(sprintf('NAMEPREP: Prohibited input U+%08X', $v));
+                }
+            }
+
+            if (0xAC00 <= $v && $v <= 0xD7AF) {
+                // Hangul syllable decomposition
+                foreach ($this->hangulDecompose($v) as $out) {
+                    $output[] = (int) $out;
+                }
+            } elseif (isset($this->NamePrepData->replaceMaps[$v])) {
+                foreach ($this->applyCanonicalOrdering($this->NamePrepData->replaceMaps[$v]) as $out) {
+                    $output[] = (int) $out;
+                }
+            } else {
+                $output[] = (int) $v;
+            }
+        }
+        // Before applying any Combining, try to rearrange any Hangul syllables
+        $output = $this->hangulCompose($output);
+        //
+        // Combine code points
+        //
+        $last_class = 0;
+        $last_starter = 0;
+        $out_len = count($output);
+        for ($i = 0; $i < $out_len; ++$i) {
+            $class = $this->getCombiningClass($output[$i]);
+            if ((!$last_class || $last_class > $class) && $class) {
+                // Try to match
+                $seq_len = $i - $last_starter;
+                $out = $this->combine(array_slice($output, $last_starter, $seq_len));
+                // On match: Replace the last starter with the composed character and remove
+                // the now redundant non-starter(s)
+                if ($out) {
+                    $output[$last_starter] = $out;
+                    if (count($out) != $seq_len) {
+                        for ($j = $i + 1; $j < $out_len; ++$j) {
+                            $output[$j - 1] = $output[$j];
+                        }
+                        unset($output[$out_len]);
+                    }
+                    // Rewind the for loop by one, since there can be more possible compositions
+                    $i--;
+                    $out_len--;
+                    $last_class = ($i == $last_starter) ? 0 : $this->getCombiningClass($output[$i - 1]);
+                    continue;
+                }
+            }
+            // The current class is 0
+            if (!$class) {
+                $last_starter = $i;
+            }
+            $last_class = $class;
+        }
+        return $output;
+    }
+
+    /**
+     * Decomposes a Hangul syllable
+     * (see http://www.unicode.org/unicode/reports/tr15/#Hangul
+     * @param    integer  32bit UCS4 code point
+     * @return   array    Either Hangul Syllable decomposed or original 32bit value as one value array
+     */
+    protected function hangulDecompose($char)
+    {
+        $sindex = (int) $char - self::sBase;
+        if ($sindex < 0 || $sindex >= self::sCount) {
+            return [$char];
+        }
+        $result = [];
+        $result[] = (int) self::lBase + $sindex / self::nCount;
+        $result[] = (int) self::vBase + ($sindex % self::nCount) / self::tCount;
+        $T = intval(self::tBase + $sindex % self::tCount);
+        if ($T != self::tBase) {
+            $result[] = $T;
+        }
+        return $result;
+    }
+
+    /**
+     * Ccomposes a Hangul syllable
+     * (see http://www.unicode.org/unicode/reports/tr15/#Hangul
+     * @param  array $input   Decomposed UCS4 sequence
+     * @return array UCS4 sequence with syllables composed
+     */
+    protected function hangulCompose($input)
+    {
+        $inp_len = count($input);
+        if (!$inp_len) {
+            return [];
+        }
+        $result = [];
+        $last = (int) $input[0];
+        $result[] = $last; // copy first char from input to output
+
+        for ($i = 1; $i < $inp_len; ++$i) {
+            $char = (int) $input[$i];
+            $sindex = $last - self::sBase;
+            $lindex = $last - self::lBase;
+            $vindex = $char - self::vBase;
+            $tindex = $char - self::tBase;
+            // Find out, whether two current characters are LV and T
+            if (0 <= $sindex && $sindex < self::sCount && ($sindex % self::tCount == 0) && 0 <= $tindex && $tindex <= self::tCount) {
+                // create syllable of form LVT
+                $last += $tindex;
+                $result[(count($result) - 1)] = $last; // reset last
+                continue; // discard char
+            }
+            // Find out, whether two current characters form L and V
+            if (0 <= $lindex && $lindex < self::lCount && 0 <= $vindex && $vindex < self::vCount) {
+                // create syllable of form LV
+                $last = (int) self::sBase + ($lindex * self::vCount + $vindex) * self::tCount;
+                $result[(count($result) - 1)] = $last; // reset last
+                continue; // discard char
+            }
+            // if neither case was true, just add the character
+            $last = $char;
+            $result[] = $char;
+        }
+        return $result;
+    }
+
+    /**
+     * Returns the combining class of a certain wide char
+     * @param integer  $char  Wide char to check (32bit integer)
+     * @return integer Combining class if found, else 0
+     */
+    protected function getCombiningClass($char)
+    {
+        return isset($this->NamePrepData->normalizeCombiningClasses[$char])
+                ? $this->NamePrepData->normalizeCombiningClasses[$char]
+                : 0;
+    }
+
+    /**
+     * Applies the canonical ordering of a decomposed UCS4 sequence
+     * @param array  $input Decomposed UCS4 sequence
+     * @return array Ordered USC4 sequence
+     */
+    protected function applyCanonicalOrdering($input)
+    {
+        $swap = true;
+        $size = count($input);
+        while ($swap) {
+            $swap = false;
+            $last = $this->getCombiningClass(intval($input[0]));
+            for ($i = 0; $i < $size - 1; ++$i) {
+                $next = $this->getCombiningClass(intval($input[$i + 1]));
+                if ($next != 0 && $last > $next) {
+                    // Move item leftward until it fits
+                    for ($j = $i + 1; $j > 0; --$j) {
+                        if ($this->getCombiningClass(intval($input[$j - 1])) <= $next) {
+                            break;
+                        }
+                        $t = intval($input[$j]);
+                        $input[$j] = intval($input[$j - 1]);
+                        $input[$j - 1] = $t;
+                        $swap = true;
+                    }
+                    // Reentering the loop looking at the old character again
+                    $next = $last;
+                }
+                $last = $next;
+            }
+        }
+        return $input;
+    }
+
+    /**
+     * Do composition of a sequence of starter and non-starter
+     * @param   array $input UCS4 Decomposed sequence
+     * @return  array  Ordered USC4 sequence
+     */
+    protected function combine($input)
+    {
+        $inp_len = count($input);
+        if (0 == $inp_len) {
+            return false;
+        }
+        foreach ($this->NamePrepData->replaceMaps as $np_src => $np_target) {
+            if ($np_target[0] != $input[0]) {
+                continue;
+            }
+            if (count($np_target) != $inp_len) {
+                continue;
+            }
+            $hit = false;
+            foreach ($input as $k2 => $v2) {
+                if ($v2 == $np_target[$k2]) {
+                    $hit = true;
+                } else {
+                    $hit = false;
+                    break;
+                }
+            }
+            if ($hit) {
+                return $np_src;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * Gets the length of a string in bytes even if mbstring function
+     * overloading is turned on
+     *
+     * @param string $string the string for which to get the length.
+     * @return integer the length of the string in bytes.
+     */
+    protected static function byteLength($string)
+    {
+        if (self::$isMbStringOverload) {
+            return mb_strlen($string, '8bit');
+        }
+        return strlen((binary) $string);
+    }
+}
--- a/lib/classes/idna/ext/PunycodeInterface.php
+++ b/lib/classes/idna/ext/PunycodeInterface.php
@@ -0,0 +1,20 @@
+<?php
+ /*
+ * @author  Matthias Sommerfeld <mso@phlylabs.de>
+ * @copyright 2004-2016 phlyLabs Berlin, http://phlylabs.de
+ */
+
+namespace Mso\IdnaConvert;
+
+interface PunycodeInterface 
+{
+   
+    public function __construct(NamePrepDataInterface $NamePrepData, UnicodeTranscoderInterface $UCTC);
+
+    public function getPunycodePrefix();
+
+    public function decode($encoded);
+
+    public function encode($decoded);
+
+}
--- a/lib/classes/idna/ext/UnicodeTranscoder.php
+++ b/lib/classes/idna/ext/UnicodeTranscoder.php
@@ -0,0 +1,358 @@
+<?php
+/**
+ * UCTC - The Unicode Transcoder
+ *
+ * Converts between various flavours of Unicode representations like UCS-4 or UTF-8
+ * Supported schemes:
+ * - UCS-4 Little Endian / Big Endian / Array (partially)
+ * - UTF-16 Little Endian / Big Endian (not yet)
+ * - UTF-8
+ * - UTF-7
+ * - UTF-7 IMAP (modified UTF-7)
+ *
+ * @package IdnaConvert
+ * @author Matthias Sommerfeld  <mso@phlyLabs.de>
+ * @copyright 2003-2016 phlyLabs Berlin, http://phlylabs.de
+ * @version 0.1.1 2016-01-24
+ */
+
+namespace Mso\IdnaConvert;
+
+class UnicodeTranscoder implements UnicodeTranscoderInterface
+{
+    private static $mechs = ['ucs4', 'ucs4array', 'utf8', 'utf7', 'utf7imap'];
+    // unsupported yet: 'ucs4le', 'ucs4be', 'utf16', 'utf16le', 'utf16be'
+
+    private static $allow_overlong = false;
+    private static $safe_mode;
+    private static $safe_char;
+
+    /**
+     * The actual conversion routine
+     *
+     * @param mixed $data The data to convert, usually a string, array when converting from UCS-4 array
+     * @param string $from Original encoding of the data
+     * @param string $to Target encoding of the data
+     * @param bool $safe_mode SafeMode tries to correct invalid codepoints
+     * @param int  $safe_char Unicode Codepoint as placeholder for all otherwise broken characters
+     * @return mixed  False on failure, String or array on success, depending on target encoding
+     * @access public
+     * @throws \InvalidArgumentException
+     * @since 0.0.1
+     */
+    public static function convert($data, $from, $to, $safe_mode = false, $safe_char = 0xFFFC)
+    {
+        self::$safe_mode = ($safe_mode) ? true : false;
+        self::$safe_char = ($safe_char) ? $safe_char : 0xFFFC;
+
+        if (self::$safe_mode) {
+            self::$allow_overlong = true;
+        }
+        if (!in_array($from, self::$mechs)) {
+            throw new \InvalidArgumentException(sprintf('Invalid input format %s', $from));
+        }
+        if (!in_array($to, self::$mechs)) {
+            throw new \InvalidArgumentException(sprintf('Invalid output format %s', $to));
+        }
+        if ($from != 'ucs4array') {
+            $methodName = $from.'_ucs4array';
+            $data = self::$methodName($data);
+        }
+        if ($to != 'ucs4array') {
+            $methodName = 'ucs4array_'.$to;
+            $data = self::$methodName($data);
+        }
+
+        return $data;
+    }
+
+    /**
+     * This converts an UTF-8 encoded string to its UCS-4 representation
+     *
+     * @param string $input The UTF-8 string to convert
+     * @return array  Array of 32bit values representing each codepoint
+     * @throws \InvalidArgumentException
+     * @access public
+     */
+    public static function utf8_ucs4array($input)
+    {
+        $start_byte = $next_byte = 0;
+
+        $output = [];
+        $out_len = 0;
+        $inp_len = self::byteLength($input);
+        $mode = 'next';
+        $test = 'none';
+        for ($k = 0; $k < $inp_len; ++$k) {
+            $v = ord($input{$k}); // Extract byte from input string
+
+            if ($v < 128) { // We found an ASCII char - put into stirng as is
+                $output[$out_len] = $v;
+                ++$out_len;
+                if ('add' == $mode) {
+                    if (self::$safe_mode) {
+                        $output[$out_len - 2] = self::$safe_char;
+                        $mode = 'next';
+                    } else {
+                        throw new \InvalidArgumentException(sprintf('Conversion from UTF-8 to UCS-4 failed: malformed input at byte %d', $k));
+                    }
+                }
+                continue;
+            }
+            if ('next' == $mode) { // Try to find the next start byte; determine the width of the Unicode char
+                $start_byte = $v;
+                $mode = 'add';
+                $test = 'range';
+                if ($v >> 5 == 6) { // &110xxxxx 10xxxxx
+                    $next_byte = 0; // Tells, how many times subsequent bitmasks must rotate 6bits to the left
+                    $v = ($v - 192) << 6;
+                } elseif ($v >> 4 == 14) { // &1110xxxx 10xxxxxx 10xxxxxx
+                    $next_byte = 1;
+                    $v = ($v - 224) << 12;
+                } elseif ($v >> 3 == 30) { // &11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
+                    $next_byte = 2;
+                    $v = ($v - 240) << 18;
+                } elseif (self::$safe_mode) {
+                    $mode = 'next';
+                    $output[$out_len] = self::$safe_char;
+                    ++$out_len;
+                    continue;
+                } else {
+                    throw new \InvalidArgumentException(sprintf('This might be UTF-8, but I don\'t understand it at byte %d', $k));
+                }
+                if ($inp_len - $k - $next_byte < 2) {
+                    $output[$out_len] = self::$safe_char;
+                    $mode = 'no';
+                    continue;
+                }
+
+                if ('add' == $mode) {
+                    $output[$out_len] = (int)$v;
+                    ++$out_len;
+                    continue;
+                }
+            }
+            if ('add' == $mode) {
+                if (!self::$allow_overlong && $test == 'range') {
+                    $test = 'none';
+                    if (($v < 0xA0 && $start_byte == 0xE0) || ($v < 0x90 && $start_byte == 0xF0) || ($v > 0x8F && $start_byte == 0xF4)) {
+                        throw new \InvalidArgumentException(sprintf('Bogus UTF-8 character detected (out of legal range) at byte %d', $k));
+                    }
+                }
+                if ($v >> 6 == 2) { // Bit mask must be 10xxxxxx
+                    $v = ($v - 128) << ($next_byte * 6);
+                    $output[($out_len - 1)] += $v;
+                    --$next_byte;
+                } else {
+                    if (self::$safe_mode) {
+                        $output[$out_len - 1] = ord(self::$safe_char);
+                        $k--;
+                        $mode = 'next';
+                        continue;
+                    } else {
+                        throw new \InvalidArgumentException(sprintf('Conversion from UTF-8 to UCS-4 failed: malformed input at byte %d', $k));
+                    }
+                }
+                if ($next_byte < 0) {
+                    $mode = 'next';
+                }
+            }
+        } // for
+
+        return $output;
+    }
+
+    /**
+     * Convert UCS-4 arary into UTF-8 string
+     * See utf8_ucs4array() for details
+     * @param $input array Array of UCS-4 codepoints
+     * @return string
+     * @access   public
+     */
+    public static function ucs4array_utf8($input)
+    {
+        $output = '';
+        foreach ($input as $k => $v) {
+            if ($v < 128) { // 7bit are transferred literally
+                $output .= chr($v);
+            } elseif ($v < (1 << 11)) { // 2 bytes
+                $output .= chr(192 + ($v >> 6)) . chr(128 + ($v & 63));
+            } elseif ($v < (1 << 16)) { // 3 bytes
+                $output .= chr(224 + ($v >> 12)) . chr(128 + (($v >> 6) & 63)) . chr(128 + ($v & 63));
+            } elseif ($v < (1 << 21)) { // 4 bytes
+                $output .= chr(240 + ($v >> 18)) . chr(128 + (($v >> 12) & 63)) . chr(128 + (($v >> 6) & 63)) . chr(128 + ($v & 63));
+            } elseif (self::$safe_mode) {
+                $output .= self::$safe_char;
+            } else {
+                throw new \InvalidArgumentException(sprintf('Conversion from UCS-4 to UTF-8 failed: malformed input at byte %d', $k));
+            }
+        }
+
+        return $output;
+    }
+
+    public static function utf7imap_ucs4array($input)
+    {
+        return self::utf7_ucs4array(str_replace(',', '/', $input), '&');
+    }
+
+    public static function utf7_ucs4array($input, $sc = '+')
+    {
+        $output = [];
+        $out_len = 0;
+        $inp_len = self::byteLength($input);
+        $mode = 'd';
+        $b64 = '';
+
+        for ($k = 0; $k < $inp_len; ++$k) {
+            $c = $input{$k};
+
+            // Ignore zero bytes
+            if (0 == ord($c)) {
+                continue;
+            }
+            if ('b' == $mode) {
+                // Sequence got terminated
+                if (!preg_match('![A-Za-z0-9/' . preg_quote($sc, '!') . ']!', $c)) {
+                    if ('-' == $c) {
+                        if ($b64 == '') {
+                            $output[$out_len] = ord($sc);
+                            $out_len++;
+                            $mode = 'd';
+
+                            continue;
+                        }
+                    }
+                    $tmp = base64_decode($b64);
+                    $tmp = substr($tmp, -1 * (strlen($tmp) % 2));
+                    for ($i = 0; $i < strlen($tmp); $i++) {
+                        if ($i % 2) {
+                            $output[$out_len] += ord($tmp{$i});
+                            $out_len++;
+                        } else {
+                            $output[$out_len] = ord($tmp{$i}) << 8;
+                        }
+                    }
+                    $mode = 'd';
+                    $b64 = '';
+
+                    continue;
+                } else {
+                    $b64 .= $c;
+                }
+            }
+            if ('d' == $mode) {
+                if ($sc == $c) {
+                    $mode = 'b';
+
+                    continue;
+                }
+                $output[$out_len] = ord($c);
+                $out_len++;
+            }
+        }
+
+        return $output;
+    }
+
+    public static function ucs4array_utf7imap($input)
+    {
+        return str_replace('/', ',', self::ucs4array_utf7($input, '&'));
+    }
+
+    public static function ucs4array_utf7($input, $sc = '+')
+    {
+        $output = '';
+        $mode = 'd';
+        $b64 = '';
+        while (true) {
+            $v = (!empty($input)) ? array_shift($input) : false;
+            $is_direct = (false !== $v) ? (0x20 <= $v && $v <= 0x7e && $v != ord($sc)) : true;
+            if ($mode == 'b') {
+                if ($is_direct) {
+                    if ($b64 == chr(0) . $sc) {
+                        $output .= $sc . '-';
+                        $b64 = '';
+                    } elseif ($b64) {
+                        $output .= $sc . str_replace('=', '', base64_encode($b64)) . '-';
+                        $b64 = '';
+                    }
+                    $mode = 'd';
+                } elseif (false !== $v) {
+                    $b64 .= chr(($v >> 8) & 255) . chr($v & 255);
+                }
+            }
+            if ($mode == 'd' && false !== $v) {
+                if ($is_direct) {
+                    $output .= chr($v);
+                } else {
+                    $b64 = chr(($v >> 8) & 255) . chr($v & 255);
+                    $mode = 'b';
+                }
+            }
+            if (false === $v && $b64 == '') break;
+        }
+
+        return $output;
+    }
+
+    /**
+     * Convert UCS-4 array into UCS-4 string (Little Endian at the moment)
+     * @param $input array UCS-4 code points
+     * @return string
+     * @access   public
+     */
+    public static function ucs4array_ucs4($input)
+    {
+        $output = '';
+        foreach ($input as $v) {
+            $output .= chr(($v >> 24) & 255) . chr(($v >> 16) & 255) . chr(($v >> 8) & 255) . chr($v & 255);
+        }
+
+        return $output;
+    }
+
+    /**
+     * Convert UCS-4 string (LE ar the moment) into UCS-4 array
+     * @param $input string UCS-4 LE string
+     * @return array
+     * @access   public
+     */
+    public static function ucs4_ucs4array($input)
+    {
+        $output = [];
+
+        $inp_len = self::byteLength($input);
+        // Input length must be dividable by 4
+        if ($inp_len % 4) {
+            throw new \InvalidArgumentException('Input UCS4 string is broken');
+        }
+        // Empty input - return empty output
+        if (!$inp_len) return $output;
+
+        for ($i = 0, $out_len = -1; $i < $inp_len; ++$i) {
+            if (!($i % 4)) { // Increment output position every 4 input bytes
+                $out_len++;
+                $output[$out_len] = 0;
+            }
+            $output[$out_len] += ord($input{$i}) << (8 * (3 - ($i % 4)));
+        }
+
+        return $output;
+    }
+
+    /**
+     * Gets the length of a string in bytes even if mbstring function
+     * overloading is turned on
+     *
+     * @param string $string the string for which to get the length.
+     * @return integer the length of the string in bytes.
+     */
+    protected static function byteLength($string)
+    {
+        if ((extension_loaded('mbstring') && (ini_get('mbstring.func_overload') & 0x02) === 0x02)) {
+            return mb_strlen($string, '8bit');
+        }
+        return strlen((binary) $string);
+    }
+}
--- a/lib/classes/idna/ext/UnicodeTranscoderInterface.php
+++ b/lib/classes/idna/ext/UnicodeTranscoderInterface.php
@@ -0,0 +1,40 @@
+<?php
+/**
+ * UCTC - The Unicode Transcoder
+ *
+ * Converts between various flavours of Unicode representations like UCS-4 or UTF-8
+ * Supported schemes:
+ * - UCS-4 Little Endian / Big Endian / Array (partially)
+ * - UTF-16 Little Endian / Big Endian (not yet)
+ * - UTF-8
+ * - UTF-7
+ * - UTF-7 IMAP (modified UTF-7)
+ *
+ * @package IdnaConvert
+ * @author Matthias Sommerfeld  <mso@phlyLabs.de>
+ * @copyright 2003-2016 phlyLabs Berlin, http://phlylabs.de
+ * @version 0.1.0 2016-01-08
+ */
+
+namespace Mso\IdnaConvert;
+
+interface UnicodeTranscoderInterface
+{
+    public static function convert($data, $from, $to, $safe_mode = false, $safe_char = 0xFFFC);
+
+    public static function utf8_ucs4array($input);
+
+    public static function ucs4array_utf8($input);
+
+    public static function utf7imap_ucs4array($input);
+
+    public static function utf7_ucs4array($input, $sc = '+');
+
+    public static function ucs4array_utf7imap($input);
+
+    public static function ucs4array_utf7($input, $sc = '+');
+
+    public static function ucs4array_ucs4($input);
+
+    public static function ucs4_ucs4array($input);
+}
--- a/lib/classes/integrity/class.IntegrityCheck.php
+++ b/lib/classes/integrity/class.IntegrityCheck.php
@@ -15,7 +15,7 @@
 * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
 * @package    Integrity
 *
- * IntegrityCheck - class 
+ * IntegrityCheck - class
 */

 class IntegrityCheck {
@@ -28,7 +28,7 @@ class IntegrityCheck {

 	/**
 	 * Constructor
-	 * Parses all available checks into $this->available 
+	 * Parses all available checks into $this->available
 	 */
 	public function __construct() {
 		global $userinfo;
@@ -41,7 +41,7 @@ class IntegrityCheck {
 		unset($this->available[array_search('checkAll', $this->available)]);
 		unset($this->available[array_search('fixAll', $this->available)]);
 		sort($this->available);
-		
+
 	}

 	/**
@@ -85,11 +85,10 @@ class IntegrityCheck {
 				// fix database
 				Database::query('ALTER DATABASE `' . Database::getDbName() . '` CHARACTER SET utf8 COLLATE utf8_general_ci');
 				// fix all tables
-				$handle = Database::query('SHOW TABLES');
-				while ($row = $handle->fetch(PDO::FETCH_ASSOC)) {
-					foreach ($row as $table) {
-						Database::query('ALTER TABLE `' . $table . '` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;');
-					}
+				$handle = Database::query('SHOW FULL TABLES WHERE Table_type != "VIEW"');
+				while ($row = $handle->fetch(PDO::FETCH_BOTH)) {
+					$table = $row[0];
+					Database::query('ALTER TABLE `' . $table . '` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;');
 				}
 				$this->_log->logAction(ADM_ACTION, LOG_WARNING, "database charset was different from UTF-8, integrity-check fixed that");
 			} else {
@@ -130,9 +129,9 @@ class IntegrityCheck {
 			while ($row = $adm_stmt->fetch(PDO::FETCH_ASSOC)) {
 				if ($row['ip'] < 0 || is_null($row['ip']) || empty($row['ip'])) {
 					// Admin uses default-IP
-					$admips[$row['adminid']] = Settings::Get('system.defaultip');
+					$admips[$row['adminid']] = explode(',', Settings::Get('system.defaultip'));
 				} else {
-					$admips[$row['adminid']] = $row['ip'];
+					$admips[$row['adminid']] = array($row['ip']);
 				}
 			}
 		}
@@ -143,19 +142,19 @@ class IntegrityCheck {
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$ips[$row['id']] = $row['ip'] . ':' . $row['port'];
 		}
-		
+
 		// Cache all configured domains
 		$result_stmt = Database::prepare("SELECT `id`, `adminid` FROM `" . TABLE_PANEL_DOMAINS . "` ORDER BY `id` ASC");
 		Database::pexecute($result_stmt);
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$domains[$row['id']] = $row['adminid'];
 		}
-		
+
 		// Check if every domain to ip/port - association is valid in TABLE_DOMAINTOIP
 		$result_stmt = Database::prepare("SELECT `id_domain`, `id_ipandports` FROM `" . TABLE_DOMAINTOIP . "`");
 		Database::pexecute($result_stmt);
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
-			if (!array_key_exists($row['id_ipandports'], $ips)) { 
+			if (!array_key_exists($row['id_ipandports'], $ips)) {
 				if ($fix) {
 					Database::pexecute($del_stmt, array('domainid' => $row['id_domain'], 'ipandportid' => $row['id_ipandports']));
 					$this->_log->logAction(ADM_ACTION, LOG_WARNING, "found an ip/port-id in domain <> ip table which does not exist, integrity check fixed this");
@@ -170,18 +169,20 @@ class IntegrityCheck {
 					$this->_log->logAction(ADM_ACTION, LOG_WARNING, "found a domain-id in domain <> ip table which does not exist, integrity check fixed this");
 				} else {
 					$this->_log->logAction(ADM_ACTION, LOG_NOTICE, "found a domain-id in domain <> ip table which does not exist, integrity check can fix this");
-					return false; 
+					return false;
 				}
 			}
 			// Save one IP/Port combination per domain, so we know, if one domain is missing an IP
 			$ipstodomains[$row['id_domain']] = $row['id_ipandports'];
 		}
-		
+
 		// Check that all domains have at least one IP/Port combination
 		foreach ($domains as $domainid => $adminid) {
 			if (!array_key_exists($domainid, $ipstodomains)) {
 				if ($fix) {
-					Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipandportid' => $admips[$adminid]));
+					foreach ($admips[$adminid] as $defaultip) {
+						Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipandportid' => $defaultip));
+					}
 					$this->_log->logAction(ADM_ACTION, LOG_WARNING, "found a domain-id with no entry in domain <> ip table, integrity check fixed this");
 				} else {
 					$this->_log->logAction(ADM_ACTION, LOG_NOTICE, "found a domain-id with no entry in domain <> ip table, integrity check can fix this");
@@ -198,7 +199,7 @@ class IntegrityCheck {
 	}

 	/**
-	 * Check if all subdomain have ssl-redirect = 0 if domain has no ssl-port
+	 * Check if all subdomains have ssl-redirect = 0 if domain has no ssl-port
 	 * @param $fix Fix everything found directly
 	 */
 	public function SubdomainSslRedirect($fix = false) {
@@ -220,7 +221,7 @@ class IntegrityCheck {
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$ips[$row['id']] = $row['ip'] . ':' . $row['port'];
 		}
-		
+
 		// Cache all configured domains
 		$result_stmt = Database::prepare("SELECT `id`, `parentdomainid`, `ssl_redirect` FROM `" . TABLE_PANEL_DOMAINS . "` ORDER BY `id` ASC");
 		$ip_stmt = Database::prepare("SELECT `id_domain`, `id_ipandports` FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :domainid");
@@ -232,7 +233,7 @@ class IntegrityCheck {
 				Database::pexecute($ip_stmt, array('domainid' => $row['id']));
 				while ($iprow = $ip_stmt->fetch(PDO::FETCH_ASSOC)) {
 					// If the parentdomain has an ip/port assigned which we know is SSL enabled, set the parentdomain to "true"
-					if (array_key_exists($iprow['id_ipandports'], $ips)) { $parentdomains[$row['id']] = true; } 
+					if (array_key_exists($iprow['id_ipandports'], $ips)) { $parentdomains[$row['id']] = true; }
 				}
 			} elseif ($row['ssl_redirect'] == 1)  {
 				// All subdomains with enabled ssl_redirect enabled are stored
@@ -240,14 +241,14 @@ class IntegrityCheck {
 				$subdomains[$row['parentdomainid']][] = $row['id'];
 			}
 		}
-		
+
 		// Check if every parentdomain with enabled ssl_redirect as SSL enabled
 		foreach ($parentdomains as $id => $sslavailable) {
 			// This parentdomain has no subdomains
 			if (!isset($subdomains[$id])) { continue; }
 			// This parentdomain has SSL enabled, doesn't matter what status the subdomains have
 			if ($sslavailable) { continue; }
-			
+
 			// At this point only parentdomains reside which have ssl_redirect enabled subdomains
 			if ($fix) {
 				// We make a blanket update to all subdomains of this parentdomain, doesn't matter which one is wrong, all have to be disabled
@@ -259,7 +260,7 @@ class IntegrityCheck {
 				return false;
 			}
 		}
-		
+
 		if ($fix) {
 			return $this->SubdomainSslRedirect();
 		} else {
@@ -267,6 +268,76 @@ class IntegrityCheck {
 		}
 	}

+	/**
+	 * Check if all subdomain have letsencrypt = 0 if domain has no ssl-port
+	 * @param $fix Fix everything found directly
+	 */
+	public function SubdomainLetsencrypt($fix = false) {
+		$ips = array();
+		$parentdomains = array();
+		$subdomains = array();
+
+		if ($fix) {
+			// Prepare update statement for the fixes
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_DOMAINS . "`
+				SET `letsencrypt` = 0 WHERE `parentdomainid` = :domainid"
+			);
+		}
+
+		// Cache all ssl ip/port - combinations
+		$result_stmt = Database::prepare("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl` = 1 ORDER BY `id` ASC");
+		Database::pexecute($result_stmt);
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			$ips[$row['id']] = $row['ip'] . ':' . $row['port'];
+		}
+
+		// Cache all configured domains
+		$result_stmt = Database::prepare("SELECT `id`, `parentdomainid`, `letsencrypt` FROM `" . TABLE_PANEL_DOMAINS . "` ORDER BY `id` ASC");
+		$ip_stmt = Database::prepare("SELECT `id_domain`, `id_ipandports` FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :domainid");
+		Database::pexecute($result_stmt);
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			if ($row['parentdomainid'] == 0) {
+				// All parentdomains by default have no ssl - ip/port
+				$parentdomains[$row['id']] = false;
+				Database::pexecute($ip_stmt, array('domainid' => $row['id']));
+				while ($iprow = $ip_stmt->fetch(PDO::FETCH_ASSOC)) {
+					// If the parentdomain has an ip/port assigned which we know is SSL enabled, set the parentdomain to "true"
+					if (array_key_exists($iprow['id_ipandports'], $ips)) { $parentdomains[$row['id']] = true; }
+				}
+			} elseif ($row['letsencrypt'] == 1)  {
+				// All subdomains with enabled letsencrypt enabled are stored
+				if (!isset($subdomains[$row['parentdomainid']])) { $subdomains[$row['parentdomainid']] = array(); }
+				$subdomains[$row['parentdomainid']][] = $row['id'];
+			}
+		}
+
+		// Check if every parentdomain with enabled letsencrypt as SSL enabled
+		foreach ($parentdomains as $id => $sslavailable) {
+			// This parentdomain has no subdomains
+			if (!isset($subdomains[$id])) { continue; }
+			// This parentdomain has SSL enabled, doesn't matter what status the subdomains have
+			if ($sslavailable) { continue; }
+
+			// At this point only parentdomains reside which have letsencrypt enabled subdomains
+			if ($fix) {
+				// We make a blanket update to all subdomains of this parentdomain, doesn't matter which one is wrong, all have to be disabled
+				Database::pexecute($upd_stmt, array('domainid' => $id));
+				$this->_log->logAction(ADM_ACTION, LOG_WARNING, "found a subdomain with letsencrypt=1 but parent-domain has ssl=0, integrity check fixed this");
+			} else {
+				// It's just the check, let the function fail
+				$this->_log->logAction(ADM_ACTION, LOG_NOTICE, "found a subdomain with letsencrypt=1 but parent-domain has ssl=0, integrity check can fix this");
+				return false;
+			}
+		}
+
+		if ($fix) {
+			return $this->SubdomainLetsencrypt();
+		} else {
+			return true;
+		}
+	}
+
 	/**
 	 * check whether the webserveruser is in
 	 * the customers groups when fcgid / php-fpm is used
--- a/lib/classes/logger/class.FileLogger.php
+++ b/lib/classes/logger/class.FileLogger.php
@@ -106,29 +106,7 @@ class FileLogger extends AbstractLogger {
 					break;
 			}

-			$_type = 'unknown';
-
-			switch($type)
-			{
-				case LOG_INFO:
-					$_type = 'information';
-					break;
-				case LOG_NOTICE:
-					$_type = 'notice';
-					break;
-				case LOG_WARNING:
-					$_type = 'warning';
-					break;
-				case LOG_ERR:
-					$_type = 'error';
-					break;
-				case LOG_CRIT:
-					$_type = 'critical';
-					break;
-				default:
-					$_type = 'unknown';
-					break;
-			}
+			$_type = getLogLevelDesc($type);

 			if(!isset($this->userinfo['loginname'])
 					|| $this->userinfo['loginname'] == '')
--- a/lib/classes/logger/class.FroxlorLogger.php
+++ b/lib/classes/logger/class.FroxlorLogger.php
@@ -40,6 +40,12 @@ class FroxlorLogger {
 	 */
 	static private $loggers = null;

+	/**
+	 * whether to output log-messages to STDOUT (cron)
+	 * @var bool
+	 */
+	static private $crondebug_flag = false;
+
 	/**
 	 * Class constructor.
 	 *
@@ -98,8 +104,14 @@ class FroxlorLogger {
 			return;
 		}

+		if (self::$crondebug_flag
+			|| ($action == CRON_ACTION && $type <= LOG_WARNING)) {
+			echo "[".getLogLevelDesc($type)."] ".$text.PHP_EOL;
+		}
+
 		if (Settings::Get('logger.log_cron') == '0'
-		   && $action == CRON_ACTION
+			&& $action == CRON_ACTION
+			&& $type > LOG_WARNING // warnings, errors and critical mesages WILL be logged
 		) {
 			return;
 		}
@@ -158,12 +170,21 @@ class FroxlorLogger {

 		$_cronlog = (int)$_cronlog;

-		if ($_cronlog != 0
-		   && $_cronlog != 1
-		) {
+		if ($_cronlog < 0 || $_cronlog > 2) {
 			$_cronlog = 0;
 		}
 		Settings::Set('logger.log_cron', $_cronlog);
-		return true;
+		return $_cronlog;
+	}
+
+	/**
+	 * setter for crondebug-flag
+	 *
+	 * @param bool $_flag
+	 *
+	 * @return void
+	 */
+	public function setCronDebugFlag($_flag = false) {
+	    self::$crondebug_flag = (bool)$_flag;
 	}
 }
--- a/lib/classes/logger/class.SysLogger.php
+++ b/lib/classes/logger/class.SysLogger.php
@@ -114,9 +114,9 @@ class SysLogger extends AbstractLogger {
 			if ($text != null
 					&& $text != ''
 			) {
-				syslog((int)$type, "[" . ucfirst($_action) . " Action " . $name . "] " . $text);
+				syslog((int)$type, "[" . ucfirst($_action) . " Action " . $name . "] [".getLogLevelDesc($type)."] " . $text);
 			} else {
-				syslog((int)$type, "[" . ucfirst($_action) . " Action " . $name . "] No text given!!! Check scripts!");
+				syslog((int)$type, "[" . ucfirst($_action) . " Action " . $name . "] [".getLogLevelDesc($type)."] No text given!!! Check scripts!");
 			}

 			closelog();
--- a/lib/classes/output/class.CmdLineHandler.php
+++ b/lib/classes/output/class.CmdLineHandler.php
@@ -0,0 +1,196 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2018 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Froxlor team <team@froxlor.org> (2018-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Cron
+ *
+ */
+abstract class CmdLineHandler
+{
+
+	/**
+	 * internal variable for passed arguments
+	 *
+	 * @var array
+	 */
+	private static $args = null;
+
+	/**
+	 * Action object read from commandline/config
+	 *
+	 * @var Action
+	 */
+	private $_action = null;
+
+	/**
+	 * Returns a CmdLineHandler object with given
+	 * arguments from command line
+	 *
+	 * @param int $argc
+	 * @param array $argv
+	 *
+	 * @return CmdLineHandler
+	 */
+	public static function processParameters($argc, $argv)
+	{
+		$me = get_called_class();
+		return new $me($argc, $argv);
+	}
+
+	/**
+	 * returns the Action object generated in
+	 * the class constructor
+	 *
+	 * @return Action
+	 */
+	public function getAction()
+	{
+		return $this->_action;
+	}
+
+	/**
+	 * class constructor, validates the command line parameters
+	 * and sets the Action-object if valid
+	 *
+	 * @param int $argc
+	 * @param string[] $argv
+	 *
+	 * @return null
+	 * @throws Exception
+	 */
+	private function __construct($argc, $argv)
+	{
+		self::$args = $this->_parseArgs($argv);
+		$this->_action = $this->_createAction();
+	}
+
+	/**
+	 * Parses the arguments given via the command line;
+	 * three types are supported:
+	 * 1.
+	 * --parm1 or --parm2=value
+	 * 2. -xyz (multiple switches in one) or -a=value
+	 * 3. parm1 parm2
+	 *
+	 * The 1. will be mapped as
+	 * ["parm1"] => true, ["parm2"] => "value"
+	 * The 2. as
+	 * ["x"] => true, ["y"] => true, ["z"] => true, ["a"] => "value"
+	 * And the 3. as
+	 * [0] => "parm1", [1] => "parm2"
+	 *
+	 * @param array $argv
+	 *
+	 * @return array
+	 */
+	private function _parseArgs($argv)
+	{
+		array_shift($argv);
+		$o = array();
+		foreach ($argv as $a) {
+			if (substr($a, 0, 2) == '--') {
+				$eq = strpos($a, '=');
+				if ($eq !== false) {
+					$o[substr($a, 2, $eq - 2)] = substr($a, $eq + 1);
+				} else {
+					$k = substr($a, 2);
+					if (! isset($o[$k])) {
+						$o[$k] = true;
+					}
+				}
+			} else if (substr($a, 0, 1) == '-') {
+				if (substr($a, 2, 1) == '=') {
+					$o[substr($a, 1, 1)] = substr($a, 3);
+				} else {
+					foreach (str_split(substr($a, 1)) as $k) {
+						if (! isset($o[$k])) {
+							$o[$k] = true;
+						}
+					}
+				}
+			} else {
+				$o[] = $a;
+			}
+		}
+		return $o;
+	}
+
+	/**
+	 * Creates an Action-Object for the Action-Handler
+	 *
+	 * @return Action
+	 * @throws Exception
+	 */
+	private function _createAction()
+	{
+		
+		// Test for help-switch
+		if (empty(self::$args) || array_key_exists("help", self::$args) || array_key_exists("h", self::$args)) {
+			static::printHelp();
+			// end of execution
+		}
+		// check if no unknown parameters are present
+		foreach (self::$args as $arg => $value) {
+			
+			if (is_numeric($arg)) {
+				throw new Exception("Unknown parameter '" . $value . "' in argument list");
+			} elseif (! in_array($arg, static::$params) && ! in_array($arg, static::$switches)) {
+				throw new Exception("Unknown parameter '" . $arg . "' in argument list");
+			}
+		}
+		
+		// set debugger switch
+		if (isset(self::$args["d"]) && self::$args["d"] == true) {
+			// Debugger::getInstance()->setEnabled(true);
+			// Debugger::getInstance()->debug("debug output enabled");
+		}
+		
+		return new static::$action_class(self::$args);
+	}
+
+	public static function getInput($prompt = "#", $default = "")
+	{
+		if (! empty($default)) {
+			$prompt .= " [" . $default . "]";
+		}
+		$result = readline($prompt . ":");
+		if (empty($result) && ! empty($default)) {
+			$result = $default;
+		}
+		return mb_strtolower($result);
+	}
+
+	public static function println($msg = "")
+	{
+		print $msg . PHP_EOL;
+	}
+
+	private static function _printcolor($msg = "", $color = "0")
+	{
+		print "\033[" . $color . "m" . $msg . "\033[0m" . PHP_EOL;
+	}
+
+	public static function printerr($msg = "")
+	{
+		self::_printcolor($msg, "31");
+	}
+
+	public static function printsucc($msg = "")
+	{
+		self::_printcolor($msg, "32");
+	}
+
+	public static function printwarn($msg = "")
+	{
+		self::_printcolor($msg, "33");
+	}
+}
--- a/lib/classes/output/class.htmlform.php
+++ b/lib/classes/output/class.htmlform.php
@@ -68,8 +68,6 @@ class htmlform
 						$style = (isset($fielddata['style']) ? ' class="'.$fielddata['style'].'"' : '');
 						$mandatory = self::_getMandatoryFlag($fielddata);
 						$data_field = self::_parseDataField($fieldname, $fielddata);
-						//$data_field = str_replace("\n", "", $data_field);
-						$data_field = str_replace("\t", "", $data_field);
 						if (isset($fielddata['has_nextto'])) {
 							$nexto = array('field' => $fieldname);
 							$data_field.='{NEXTTOFIELD_'.$fieldname.'}';
@@ -79,7 +77,6 @@ class htmlform
 						eval("self::\$_form .= \"" . getTemplate("misc/form/table_row", "1") . "\";");
 					} else {
 						$data_field = self::_parseDataField($fieldname, $fielddata);
-						//$data_field = str_replace("\n", "", $data_field);
 						$data_field = str_replace("\t", "", $data_field);
 						$data_field = $fielddata['next_to_prefix'].$data_field;
 						self::$_form = str_replace(
@@ -125,6 +122,8 @@ class htmlform
 				return self::_checkbox($fieldname, $data); break;
 			case 'file':
 				return self::_file($fieldname, $data); break;
+			case 'int':
+				return self::_int($fieldname, $data); break;
 		}
 	}

@@ -316,4 +315,29 @@ class htmlform
 		return $return;
 	}

+	private static function _int($fieldname = '', $data = array())
+	{
+		$return = '';
+		$extras = '';
+		if(isset($data['int_min'])) {
+			$extras .= ' min="'.$data['int_min'].'"';
+		}
+		if(isset($data['int_max'])) {
+			$extras .= ' max="'.$data['int_max'].'"';
+		}
+
+		// add support to save reloaded forms
+		if (isset($data['value'])) {
+			$value = $data['value'];
+		} elseif (isset($_SESSION['requestData'][$fieldname])) {
+			$value = $_SESSION['requestData'][$fieldname];
+		} else {
+			$value = '';
+		}
+
+		$type = 'number';
+		$ulfield = '';
+		eval("\$return = \"" . getTemplate("misc/form/input_text", "1") . "\";");
+		return $return;
+	}
 }
--- a/lib/classes/output/class.paging.php
+++ b/lib/classes/output/class.paging.php
@@ -88,6 +88,8 @@ class paging {
 	 * @var bool
 	 */
 	private $natSorting = false;
+	
+	private $_limit = 0;

 	/**
 	 * Class constructor. Loads settings from request or from userdata and saves them to session.
@@ -101,7 +103,7 @@ class paging {
 	 * @param string $default_order default sorting order 'asc' or 'desc'
 	 *
 	 */
-	public function __construct($userinfo, $table, $fields, $entriesperpage = 0, $natSorting = false, $default_field = 0, $default_order = 'asc') {
+	public function __construct($userinfo, $table, $fields, $entriesperpage = 0, $natSorting = false, $default_field = 0, $default_order = 'asc', $limit = 0) {

 		// entries per page and natsorting-flag are not
 		// passed as parameter anymore, because these are
@@ -230,6 +232,8 @@ class paging {
 			'adminsession' => $userinfo['adminsession']
 		);
 		Database::pexecute($upd_stmt, $upd_data);
+		
+		$this->_limit = $limit;
 	}

 	/**
@@ -319,6 +323,8 @@ class paging {
 				$condition.= $searchfield . " ".$oper." " . Database::quote($searchtext);
 			} else {
 				$searchtext = str_replace('*', '%', $this->searchtext);
+				// append wildcards if user did not enter any
+				if (strpos($searchtext,'%') === false) $searchtext='%'.$searchtext.'%';
 				$condition.= $searchfield . " LIKE " . Database::quote($searchtext);
 			}
 			
@@ -376,6 +382,11 @@ class paging {
 	 * @return string always empty
 	 */
 	public function getSqlLimit() {
+
+		if ($this->_limit > 0) {
+			$_offset = ($this->pageno - 1) * $this->_limit;
+			return ' LIMIT '.$_offset.','.$this->_limit;
+		}
 		/**
 		 * currently not in use
 		 */
@@ -399,7 +410,7 @@ class paging {
 		}

 		$breakorws = ($break ? '<br />' : '&nbsp;');
-		foreach (array('asc' => $lng['panel']['ascending'], 'desc' => $lng['panel']['decending']) as $sortordertype => $sortorderdescription) {
+		foreach (array('asc' => $lng['panel']['ascending'], 'desc' => $lng['panel']['descending']) as $sortordertype => $sortorderdescription) {
 			$orderoptions.= makeoption($sortorderdescription, $sortordertype, $this->sortorder, true, true);
 		}

--- a/lib/classes/phpinterface/class.phpinterface.php
+++ b/lib/classes/phpinterface/class.phpinterface.php
@@ -91,6 +91,12 @@ class phpinterface {
 					SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
 			);
 			$this->_php_configs_cache[$php_config_id] = Database::pexecute_first($stmt, array('id' => $php_config_id));
+			if ((int)Settings::Get('phpfpm.enabled') == 1) {
+				$stmt = Database::prepare("
+					SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id"
+				);
+				$this->_php_configs_cache[$php_config_id]['fpm_settings'] = Database::pexecute_first($stmt, array('id' => $this->_php_configs_cache[$php_config_id]['fpmsettingid']));
+			}
 		}

 		return $this->_php_configs_cache[$php_config_id];
--- a/lib/classes/phpinterface/class.phpinterface_fcgid.php
+++ b/lib/classes/phpinterface/class.phpinterface_fcgid.php
@@ -135,15 +135,6 @@ class phpinterface_fcgid {
 			$openbasedir .= appendOpenBasedirPath($this->getTempDir());
 			$openbasedir .= $_phpappendopenbasedir;

-			$openbasedir = explode(':', $openbasedir);
-			$clean_openbasedir = array();
-			foreach ($openbasedir as $number => $path) {
-				if (trim($path) != '/') {
-					$clean_openbasedir[] = makeCorrectDir($path);
-				}
-			}
-			$openbasedir = implode(':', $clean_openbasedir);
-
 		} else {
 			$openbasedir = 'none';
 			$openbasedirc = ';';
@@ -153,26 +144,26 @@ class phpinterface_fcgid {
 		$php_ini_variables = array(
 				'SAFE_MODE' => 'Off', // keep this for compatibility, just in case
 				'PEAR_DIR' => Settings::Get('system.mod_fcgid_peardir'),
-				'OPEN_BASEDIR' => $openbasedir,
-				'OPEN_BASEDIR_C' => $openbasedirc,
-				'OPEN_BASEDIR_GLOBAL' => Settings::Get('system.hpappendopenbasedir'),
 				'TMP_DIR' => $this->getTempDir(),
 				'CUSTOMER_EMAIL' => $this->_domain['email'],
 				'ADMIN_EMAIL' => $admin['email'],
 				'DOMAIN' => $this->_domain['domain'],
 				'CUSTOMER' => $this->_domain['loginname'],
-				'ADMIN' => $admin['loginname']
+				'ADMIN' => $admin['loginname'],
+				'OPEN_BASEDIR' => $openbasedir,
+				'OPEN_BASEDIR_C' => $openbasedirc,
+				'OPEN_BASEDIR_GLOBAL' => Settings::Get('system.phpappendopenbasedir'),
+				'DOCUMENT_ROOT' => makeCorrectDir($this->_domain['documentroot'])
 		);

 		//insert a small header for the file
-
 		$phpini_file = ";\n";
 		$phpini_file.= "; php.ini created/changed on " . date("Y.m.d H:i:s") . " for domain '" . $this->_domain['domain'] . "' with id #" . $this->_domain['id'] . " from php template '" . $phpconfig['description'] . "' with id #" . $phpconfig['id'] . "\n";
 		$phpini_file.= "; Do not change anything in this file, it will be overwritten by the Froxlor Cronjob!\n";
 		$phpini_file.= ";\n\n";
 		$phpini_file.= replace_variables($phpconfig['phpsettings'], $php_ini_variables);
 		$phpini_file = str_replace('"none"', 'none', $phpini_file);
-		$phpini_file = preg_replace('/\"+/', '"', $phpini_file);
+		//$phpini_file = preg_replace('/\"+/', '"', $phpini_file);
 		$phpini_file_handler = fopen($this->getIniFile(), 'w');
 		fwrite($phpini_file_handler, $phpini_file);
 		fclose($phpini_file_handler);
--- a/lib/classes/phpinterface/class.phpinterface_fpm.php
+++ b/lib/classes/phpinterface/class.phpinterface_fpm.php
@@ -18,19 +18,28 @@
 * @since      0.9.16
 *
 */
-
-class phpinterface_fpm {
+class phpinterface_fpm
+{

 	/**
 	 * Domain-Data array
+	 *
 	 * @var array
-	*/
+	 */
 	private $_domain = array();

 	/**
-	 * Admin-Date cache array
+	 * fpm config
+	 *
 	 * @var array
-	*/
+	 */
+	private $_fpm_cfg = array();
+
+	/**
+	 * Admin-Date cache array
+	 *
+	 * @var array
+	 */
 	private $_admin_cache = array();

 	/**
@@ -38,104 +47,38 @@ class phpinterface_fpm {
 	 * Mostly taken from http://php.net/manual/en/ini.list.php
 	 *
 	 * @var array
-	*/
-	private $_ini = array(
-			'php_value' => array(
-				'auto_append_file',
-				'auto_prepend_file',
-				'date.timezone',
-				'default_charset',
-				'error_reporting',
-				'include_path',
-				'log_errors_max_len',
-				'mail.log',
-				'max_execution_time',
-				'session.cookie_domain',
-				'session.cookie_lifetime',
-				'session.cookie_path',
-				'session.name',
-				'session.serialize_handler',
-				'upload_max_filesize',
-				'xmlrpc_error_number',
-				'session.auto_start',
-				'always_populate_raw_post_data',
-				'suhosin.session.cryptkey',
-				'suhosin.session.cryptraddr',
-				'suhosin.session.checkraddr',
-				'suhosin.cookie.cryptkey',
-				'suhosin.cookie.plainlist',
-				'suhosin.cookie.cryptraddr',
-				'suhosin.cookie.checkraddr',
-				'suhosin.executor.func.blacklist',
-				'suhosin.executor.eval.whitelist'
-			),
-			'php_flag' => array(
-				'asp_tags',
-				'display_errors',
-				'display_startup_errors',
-				'html_errors',
-				'log_errors',
-				'magic_quotes_gpc',
-				'magic_quotes_runtime',
-				'magic_quotes_sybase',
-				'mail.add_x_header',
-				'session.cookie_secure',
-				'session.use_cookies',
-				'short_open_tag',
-				'track_errors',
-				'xmlrpc_errors',
-				'suhosin.simulation',
-				'suhosin.session.encrypt',
-				'suhosin.session.cryptua',
-				'suhosin.session.cryptdocroot',
-				'suhosin.cookie.encrypt',
-				'suhosin.cookie.cryptua',
-				'suhosin.cookie.cryptdocroot',
-				'suhosin.executor.disable_eval',
-                'mbstring.func_overload'				
-			),
-			'php_admin_value' => array(
-				'cgi.redirect_status_env',
-				'date.timezone',
-				'disable_classes',
-				'disable_functions',
-				'error_log',
-				'gpc_order',
-				'max_input_time',
-				'max_input_vars',
-				'memory_limit',
-				'open_basedir',
-				'output_buffering',
-				'post_max_size',
-				'precision',
-				'sendmail_path',
-				'session.gc_divisor',
-				'session.gc_probability',
-				'variables_order'
-			),
-			'php_admin_flag' => array(
-				'allow_call_time_pass_reference',
-				'allow_url_fopen',
-				'allow_url_include',
-				'auto_detect_line_endings',
-				'cgi.fix_pathinfo',
-				'cgi.force_redirect',
-				'enable_dl',
-				'expose_php',
-				'file_uploads',
-				'ignore_repeated_errors',
-				'ignore_repeated_source',
-				'log_errors',
-				'register_argc_argv',
-				'report_memleaks'
-			)
-	);
+	 */
+	private $_ini = array();

 	/**
 	 * main constructor
-	*/
-	public function __construct($domain) {
+	 */
+	public function __construct($domain)
+	{
+		if (!isset($domain['fpm_config_id']) || empty($domain['fpm_config_id'])) {
+			$domain['fpm_config_id'] = 1;
+		}
 		$this->_domain = $domain;
+		$this->_readFpmConfig($domain['fpm_config_id']);
+		$this->_buildIniMapping();
+	}
+
+	private function _buildIniMapping()
+	{
+		$this->_ini = array(
+			'php_flag' => explode("\n", Settings::Get('phpfpm.ini_flags')),
+			'php_value' => explode("\n", Settings::Get('phpfpm.ini_values')),
+			'php_admin_flag' => explode("\n", Settings::Get('phpfpm.ini_admin_flags')),
+			'php_admin_value' => explode("\n", Settings::Get('phpfpm.ini_admin_values'))
+		);
+	}
+
+	private function _readFpmConfig($fpm_config_id)
+	{
+		$stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id");
+		$this->_fpm_cfg = Database::pexecute_first($stmt, array(
+			'id' => $fpm_config_id
+		));
 	}

 	/**
@@ -143,47 +86,48 @@ class phpinterface_fpm {
 	 *
 	 * @param array $phpconfig
 	 */
-	public function createConfig($phpconfig) {
-
+	public function createConfig($phpconfig)
+	{
 		$fh = @fopen($this->getConfigFile(), 'w');
-
+		
 		if ($fh) {
-			$fpm_pm = Settings::Get('phpfpm.pm');
-			$fpm_children = (int)Settings::Get('phpfpm.max_children');
-			$fpm_start_servers = (int)Settings::Get('phpfpm.start_servers');
-			$fpm_min_spare_servers = (int)Settings::Get('phpfpm.min_spare_servers');
-			$fpm_max_spare_servers = (int)Settings::Get('phpfpm.max_spare_servers');
-			$fpm_requests = (int)Settings::Get('phpfpm.max_requests');
-			$fpm_process_idle_timeout = (int)Settings::Get('phpfpm.idle_timeout');
-
+			$fpm_pm = $this->_fpm_cfg['pm'];
+			$fpm_children = (int) $this->_fpm_cfg['max_children'];
+			$fpm_start_servers = (int) $this->_fpm_cfg['start_servers'];
+			$fpm_min_spare_servers = (int) $this->_fpm_cfg['min_spare_servers'];
+			$fpm_max_spare_servers = (int) $this->_fpm_cfg['max_spare_servers'];
+			$fpm_requests = (int) $this->_fpm_cfg['max_requests'];
+			$fpm_process_idle_timeout = (int) $this->_fpm_cfg['idle_timeout'];
+			$fpm_limit_extensions = $this->_fpm_cfg['limit_extensions'];
+			
 			if ($fpm_children == 0) {
 				$fpm_children = 1;
 			}
-
-			$fpm_config = ';PHP-FPM configuration for "'.$this->_domain['domain'].'" created on ' . date("Y.m.d H:i:s") . "\n";
-			$fpm_config.= '['.$this->_domain['domain'].']'."\n";
-			$fpm_config.= 'listen = '.$this->getSocketFile()."\n";
+			
+			$fpm_config = ';PHP-FPM configuration for "' . $this->_domain['domain'] . '" created on ' . date("Y.m.d H:i:s") . "\n";
+			$fpm_config .= '[' . $this->_domain['domain'] . ']' . "\n";
+			$fpm_config .= 'listen = ' . $this->getSocketFile() . "\n";
 			if ($this->_domain['loginname'] == 'froxlor.panel') {
-				$fpm_config.= 'listen.owner = '.$this->_domain['guid']."\n";
-				$fpm_config.= 'listen.group = '.$this->_domain['guid']."\n";
+				$fpm_config .= 'listen.owner = ' . $this->_domain['guid'] . "\n";
+				$fpm_config .= 'listen.group = ' . $this->_domain['guid'] . "\n";
 			} else {
-				$fpm_config.= 'listen.owner = '.$this->_domain['loginname']."\n";
-				$fpm_config.= 'listen.group = '.$this->_domain['loginname']."\n";
+				$fpm_config .= 'listen.owner = ' . $this->_domain['loginname'] . "\n";
+				$fpm_config .= 'listen.group = ' . $this->_domain['loginname'] . "\n";
 			}
 			// see #1418 why this is 0660
-			$fpm_config.= 'listen.mode = 0660'."\n";
-
+			$fpm_config .= 'listen.mode = 0660' . "\n";
+			
 			if ($this->_domain['loginname'] == 'froxlor.panel') {
-				$fpm_config.= 'user = '.$this->_domain['guid']."\n";
-				$fpm_config.= 'group = '.$this->_domain['guid']."\n";
+				$fpm_config .= 'user = ' . $this->_domain['guid'] . "\n";
+				$fpm_config .= 'group = ' . $this->_domain['guid'] . "\n";
 			} else {
-				$fpm_config.= 'user = '.$this->_domain['loginname']."\n";
-				$fpm_config.= 'group = '.$this->_domain['loginname']."\n";
+				$fpm_config .= 'user = ' . $this->_domain['loginname'] . "\n";
+				$fpm_config .= 'group = ' . $this->_domain['loginname'] . "\n";
 			}
-
-			$fpm_config.= 'pm = '.$fpm_pm."\n";
-			$fpm_config.= 'pm.max_children = '.$fpm_children."\n";
-
+			
+			$fpm_config .= 'pm = ' . $fpm_pm . "\n";
+			$fpm_config .= 'pm.max_children = ' . $fpm_children . "\n";
+			
 			if ($fpm_pm == 'dynamic') {
 				// honor max_children
 				if ($fpm_children < $fpm_min_spare_servers) {
@@ -197,37 +141,42 @@ class phpinterface_fpm {
 					$fpm_start_servers = $fpm_min_spare_servers;
 				}
 				if ($fpm_start_servers > $fpm_max_spare_servers) {
-					$fpm_start_servers = $fpm_start_servers - (($fpm_start_servers - $fpm_max_spare_servers) + 1);
+					$fpm_start_servers = $fpm_max_spare_servers;
 				}
-				$fpm_config.= 'pm.start_servers = '.$fpm_start_servers."\n";
-				$fpm_config.= 'pm.min_spare_servers = '.$fpm_min_spare_servers."\n";
-				$fpm_config.= 'pm.max_spare_servers = '.$fpm_max_spare_servers."\n";
+				$fpm_config .= 'pm.start_servers = ' . $fpm_start_servers . "\n";
+				$fpm_config .= 'pm.min_spare_servers = ' . $fpm_min_spare_servers . "\n";
+				$fpm_config .= 'pm.max_spare_servers = ' . $fpm_max_spare_servers . "\n";
 			} elseif ($fpm_pm == 'ondemand') {
-				$fpm_config.= 'pm.process_idle_timeout = '.$fpm_process_idle_timeout."\n";
+				$fpm_config .= 'pm.process_idle_timeout = ' . $fpm_process_idle_timeout . "\n";
 			}
-
-			$fpm_config.= 'pm.max_requests = '.$fpm_requests."\n";
-
+			
+			$fpm_config .= 'pm.max_requests = ' . $fpm_requests . "\n";
+			
 			// possible slowlog configs
 			if ($phpconfig['fpm_slowlog'] == '1') {
-				$fpm_config.= 'request_terminate_timeout = ' . $phpconfig['fpm_reqterm'] . "\n";
-				$fpm_config.= 'request_slowlog_timeout = ' . $phpconfig['fpm_reqslow'] . "\n";
+				$fpm_config .= 'request_terminate_timeout = ' . $phpconfig['fpm_reqterm'] . "\n";
+				$fpm_config .= 'request_slowlog_timeout = ' . $phpconfig['fpm_reqslow'] . "\n";
 				$slowlog = makeCorrectFile(Settings::Get('system.logfiles_directory') . '/' . $this->_domain['loginname'] . '-php-slow.log');
-				$fpm_config.= 'slowlog = ' . $slowlog . "\n";
-				$fpm_config.= 'catch_workers_output = yes' . "\n";
+				$fpm_config .= 'slowlog = ' . $slowlog . "\n";
+				$fpm_config .= 'catch_workers_output = yes' . "\n";
 			}
-
-			$fpm_config.= ';chroot = '.makeCorrectDir($this->_domain['documentroot'])."\n";
-
+			
+			$fpm_config .= ';chroot = ' . makeCorrectDir($this->_domain['documentroot']) . "\n";
+			$fpm_config .= 'security.limit_extensions = '.$fpm_limit_extensions . "\n";
+			
 			$tmpdir = makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/');
-			if (!is_dir($tmpdir)) {
+			if (! is_dir($tmpdir)) {
 				$this->getTempDir();
 			}
-
-			$fpm_config.= 'env[TMP] = '.$tmpdir."\n";
-			$fpm_config.= 'env[TMPDIR] = '.$tmpdir."\n";
-			$fpm_config.= 'env[TEMP] = '.$tmpdir."\n";
-
+			
+			$env_path = Settings::Get('phpfpm.envpath');
+			if (!empty($env_path)) {
+				$fpm_config .= 'env[PATH] = ' . $env_path . "\n";
+			}
+			$fpm_config .= 'env[TMP] = ' . $tmpdir . "\n";
+			$fpm_config .= 'env[TMPDIR] = ' . $tmpdir . "\n";
+			$fpm_config .= 'env[TEMP] = ' . $tmpdir . "\n";
+			
 			$openbasedir = '';
 			if ($this->_domain['loginname'] != 'froxlor.panel') {
 				if ($this->_domain['openbasedir'] == '1') {
@@ -236,55 +185,45 @@ class phpinterface_fpm {
 					foreach ($_custom_openbasedir as $cobd) {
 						$_phpappendopenbasedir .= appendOpenBasedirPath($cobd);
 					}
-
+					
 					$_custom_openbasedir = explode(':', Settings::Get('system.phpappendopenbasedir'));
 					foreach ($_custom_openbasedir as $cobd) {
 						$_phpappendopenbasedir .= appendOpenBasedirPath($cobd);
 					}
-
-					if ($this->_domain['openbasedir_path'] == '0'
-							&& strstr($this->_domain['documentroot'], ":") === false
-					) {
+					
+					if ($this->_domain['openbasedir_path'] == '0' && strstr($this->_domain['documentroot'], ":") === false) {
 						$openbasedir = appendOpenBasedirPath($this->_domain['documentroot'], true);
 					} else {
 						$openbasedir = appendOpenBasedirPath($this->_domain['customerroot'], true);
 					}
-
+					
 					$openbasedir .= appendOpenBasedirPath($this->getTempDir());
 					$openbasedir .= $_phpappendopenbasedir;
-
-					$openbasedir = explode(':', $openbasedir);
-					$clean_openbasedir = array();
-					foreach ($openbasedir as $number => $path) {
-						if (trim($path) != '/') {
-							$clean_openbasedir[] = makeCorrectDir($path);
-						}
-					}
-					$openbasedir = implode(':', $clean_openbasedir);
 				}
 			}
-			$fpm_config.= 'php_admin_value[session.save_path] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";
-			$fpm_config.= 'php_admin_value[upload_tmp_dir] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";
-
+			$fpm_config .= 'php_admin_value[session.save_path] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";
+			$fpm_config .= 'php_admin_value[upload_tmp_dir] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";
+			
 			$admin = $this->_getAdminData($this->_domain['adminid']);
-
 			$php_ini_variables = array(
-					'SAFE_MODE' => 'Off', // keep this for compatibility, just in case
-					'PEAR_DIR' => Settings::Get('phpfpm.peardir'),
-					'TMP_DIR' => $this->getTempDir(),
-					'CUSTOMER_EMAIL' => $this->_domain['email'],
-					'ADMIN_EMAIL' => $admin['email'],
-					'DOMAIN' => $this->_domain['domain'],
-					'CUSTOMER' => $this->_domain['loginname'],
-					'ADMIN' => $admin['loginname'],
-					'OPEN_BASEDIR' => $openbasedir,
-					'OPEN_BASEDIR_C' => ''
+				'SAFE_MODE' => 'Off', // keep this for compatibility, just in case
+				'PEAR_DIR' => Settings::Get('phpfpm.peardir'),
+				'TMP_DIR' => $this->getTempDir(),
+				'CUSTOMER_EMAIL' => $this->_domain['email'],
+				'ADMIN_EMAIL' => $admin['email'],
+				'DOMAIN' => $this->_domain['domain'],
+				'CUSTOMER' => $this->_domain['loginname'],
+				'ADMIN' => $admin['loginname'],
+				'OPEN_BASEDIR' => $openbasedir,
+				'OPEN_BASEDIR_C' => '',
+				'OPEN_BASEDIR_GLOBAL' => Settings::Get('system.phpappendopenbasedir'),
+				'DOCUMENT_ROOT' => makeCorrectDir($this->_domain['documentroot'])
 			);
-
+			
 			$phpini = replace_variables($phpconfig['phpsettings'], $php_ini_variables);
 			$phpini_array = explode("\n", $phpini);
-
-			$fpm_config.= "\n\n";
+			
+			$fpm_config .= "\n\n";
 			foreach ($phpini_array as $inisection) {
 				$is = explode("=", $inisection);
 				foreach ($this->_ini as $sec => $possibles) {
@@ -293,17 +232,17 @@ class phpinterface_fpm {
 						if (trim($is[0]) == 'open_basedir' && $openbasedir == '') {
 							continue;
 						}
-						$fpm_config.= $sec.'['.trim($is[0]).'] = ' . trim($is[1]) . "\n";
+						$fpm_config .= $sec . '[' . trim($is[0]) . '] = ' . trim($is[1]) . "\n";
 					}
 				}
 			}
-
+			
 			// now check if 'sendmail_path' has not beed set in the custom-php.ini
 			// if not we use our fallback-default as usual
 			if (strpos($fpm_config, 'php_admin_value[sendmail_path]') === false) {
-				$fpm_config.= 'php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f '.$this->_domain['email']."\n";
+				$fpm_config .= 'php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f ' . $this->_domain['email'] . "\n";
 			}
-
+			
 			fwrite($fh, $fpm_config, strlen($fpm_config));
 			fclose($fh);
 		}
@@ -315,108 +254,138 @@ class phpinterface_fpm {
 	 *
 	 * @param string $phpconfig
 	 */
-	public function createIniFile($phpconfig) {
+	public function createIniFile($phpconfig)
+	{
 		return;
 	}

 	/**
 	 * fpm-config file
 	 *
-	 * @param boolean $createifnotexists create the directory if it does not exist
-	 *
+	 * @param boolean $createifnotexists
+	 *        	create the directory if it does not exist
+	 *        	
 	 * @return string the full path to the file
 	 */
-	public function getConfigFile($createifnotexists = true) {
-
-		$configdir = makeCorrectDir(Settings::Get('phpfpm.configdir'));
-		$config = makeCorrectFile($configdir.'/'.$this->_domain['domain'].'.conf');
-
-		if (!is_dir($configdir) && $createifnotexists) {
+	public function getConfigFile($createifnotexists = true)
+	{
+		$configdir = $this->_fpm_cfg['config_dir'];
+		$config = makeCorrectFile($configdir . '/' . $this->_domain['domain'] . '.conf');
+		
+		if (! is_dir($configdir) && $createifnotexists) {
 			safe_exec('mkdir -p ' . escapeshellarg($configdir));
 		}
-
+		
 		return $config;
 	}

 	/**
 	 * return path of fpm-socket file
 	 *
-	 * @param boolean $createifnotexists create the directory if it does not exist
-	 *
+	 * @param boolean $createifnotexists
+	 *        	create the directory if it does not exist
+	 *        	
 	 * @return string the full path to the socket
 	 */
-	public function getSocketFile($createifnotexists = true) {
-
+	public function getSocketFile($createifnotexists = true)
+	{
 		$socketdir = makeCorrectDir(Settings::Get('phpfpm.fastcgi_ipcdir'));
-		$socket = makeCorrectFile($socketdir.'/'.$this->_domain['loginname'].'-'.$this->_domain['domain'].'-php-fpm.socket');
-
-		if (!is_dir($socketdir) && $createifnotexists) {
-			safe_exec('mkdir -p '.escapeshellarg($socketdir));
-			safe_exec('chown -R '.Settings::Get('system.httpuser').':'.Settings::Get('system.httpgroup').' '.escapeshellarg($socketdir));
+		// add fpm-config-id to filename so it's unique for the fpm-daemon and doesn't interfere with running configs when reuilding
+		$socket = strtolower(makeCorrectFile($socketdir . '/' . $this->_domain['fpm_config_id'] . '-' . $this->_domain['loginname'] . '-' . $this->_domain['domain'] . '-php-fpm.socket'));
+		
+		if (! is_dir($socketdir) && $createifnotexists) {
+			safe_exec('mkdir -p ' . escapeshellarg($socketdir));
+			safe_exec('chown -R ' . Settings::Get('system.httpuser') . ':' . Settings::Get('system.httpgroup') . ' ' . escapeshellarg($socketdir));
 		}
-
+		
 		return $socket;
 	}

 	/**
 	 * fpm-temp directory
 	 *
-	 * @param boolean $createifnotexists create the directory if it does not exist
-	 *
+	 * @param boolean $createifnotexists
+	 *        	create the directory if it does not exist
+	 *        	
 	 * @return string the directory
 	 */
-	public function getTempDir($createifnotexists = true) {
-
+	public function getTempDir($createifnotexists = true)
+	{
 		$tmpdir = makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/');
-
-		if (!is_dir($tmpdir) && $createifnotexists) {
+		
+		if (! is_dir($tmpdir) && $createifnotexists) {
 			safe_exec('mkdir -p ' . escapeshellarg($tmpdir));
 			safe_exec('chown -R ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($tmpdir));
 			safe_exec('chmod 0750 ' . escapeshellarg($tmpdir));
 		}
-
+		
 		return $tmpdir;
 	}

 	/**
 	 * fastcgi-fakedirectory directory
 	 *
-	 * @param boolean $createifnotexists create the directory if it does not exist
-	 *
+	 * @param boolean $createifnotexists
+	 *        	create the directory if it does not exist
+	 *        	
 	 * @return string the directory
 	 */
-	public function getAliasConfigDir($createifnotexists = true) {
-
+	public function getAliasConfigDir($createifnotexists = true)
+	{
+		
 		// ensure default...
 		if (Settings::Get('phpfpm.aliasconfigdir') == null) {
 			Settings::Set('phpfpm.aliasconfigdir', '/var/www/php-fpm');
 		}
-
+		
 		$configdir = makeCorrectDir(Settings::Get('phpfpm.aliasconfigdir') . '/' . $this->_domain['loginname'] . '/' . $this->_domain['domain'] . '/');
-		if (!is_dir($configdir) && $createifnotexists) {
+		if (! is_dir($configdir) && $createifnotexists) {
 			safe_exec('mkdir -p ' . escapeshellarg($configdir));
 			safe_exec('chown ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($configdir));
 		}
-
+		
 		return $configdir;
 	}

+	/**
+	 * create a dummy fpm pool config with minimal configuration
+	 * (this is used whenever a config directory is empty but needs at least one pool to startup/restart)
+	 *
+	 * @param string $configdir
+	 */
+	public static function createDummyPool($configdir)
+	{
+		if (! is_dir($configdir)) {
+			safe_exec('mkdir -p ' . escapeshellarg($configdir));
+		}
+		$config = makeCorrectFile($configdir . '/dummy.conf');
+		$dummy = "[dummy]
+user = ".Settings::Get('system.httpuser')."
+listen = /run/" . md5($configdir) . "-fpm.sock
+pm = static
+pm.max_children = 1
+";
+		file_put_contents($config, $dummy);
+	}
+
 	/**
 	 * return the admin-data of a specific admin
 	 *
-	 * @param int $adminid id of the admin-user
-	 *
+	 * @param int $adminid
+	 *        	id of the admin-user
+	 *        	
 	 * @return array
 	 */
-	private function _getAdminData($adminid) {
-
+	private function _getAdminData($adminid)
+	{
 		$adminid = intval($adminid);
-
-		if (!isset($this->_admin_cache[$adminid])) {
+		
+		if (! isset($this->_admin_cache[$adminid])) {
 			$stmt = Database::prepare("
-					SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :id"
-			);
-			$this->_admin_cache[$adminid] = Database::pexecute_first($stmt, array('id' => $adminid));
+					SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :id");
+			$this->_admin_cache[$adminid] = Database::pexecute_first($stmt, array(
+				'id' => $adminid
+			));
 		}
 		return $this->_admin_cache[$adminid];
 	}
--- a/lib/classes/phpmailer/PHPMailerAutoload.php
+++ b/lib/classes/phpmailer/PHPMailerAutoload.php
@@ -1,49 +1,49 @@
 <?php
 /**
 * PHPMailer SPL autoloader.
- * PHP Version 5
- * @package PHPMailer
- * @link https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
- * @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
- * @author Jim Jagielski (jimjag) <jimjag@gmail.com>
- * @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
- * @author Brent R. Matzelle (original founder)
- * @copyright 2012 - 2014 Marcus Bointon
- * @copyright 2010 - 2012 Jim Jagielski
- * @copyright 2004 - 2009 Andy Prevost
- * @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
- * @note This program is distributed in the hope that it will be useful - WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.
- */
+* PHP Version 5
+* @package PHPMailer
+* @link https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
+* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
+* @author Jim Jagielski (jimjag) <jimjag@gmail.com>
+* @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
+* @author Brent R. Matzelle (original founder)
+* @copyright 2012 - 2014 Marcus Bointon
+* @copyright 2010 - 2012 Jim Jagielski
+* @copyright 2004 - 2009 Andy Prevost
+* @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
+* @note This program is distributed in the hope that it will be useful - WITHOUT
+* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+* FITNESS FOR A PARTICULAR PURPOSE.
+*/

 /**
 * PHPMailer SPL autoloader.
- * @param string $classname The name of the class to load
- */
+* @param string $classname The name of the class to load
+*/
 function PHPMailerAutoload($classname)
 {
-    //Can't use __DIR__ as it's only in PHP 5.3+
-    $filename = dirname(__FILE__).DIRECTORY_SEPARATOR.'class.'.strtolower($classname).'.php';
-    if (is_readable($filename)) {
-        require $filename;
-    }
+	//Can't use __DIR__ as it's only in PHP 5.3+
+	$filename = dirname(__FILE__).DIRECTORY_SEPARATOR.'class.'.strtolower($classname).'.php';
+	if (is_readable($filename)) {
+		require $filename;
+	}
 }

 if (version_compare(PHP_VERSION, '5.1.2', '>=')) {
-    //SPL autoloading was introduced in PHP 5.1.2
-    if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
-        spl_autoload_register('PHPMailerAutoload', true, true);
-    } else {
-        spl_autoload_register('PHPMailerAutoload');
-    }
+	//SPL autoloading was introduced in PHP 5.1.2
+	if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
+		spl_autoload_register('PHPMailerAutoload', true, true);
+	} else {
+		spl_autoload_register('PHPMailerAutoload');
+	}
 } else {
-    /**
-     * Fall back to traditional autoload for old PHP versions
-     * @param string $classname The name of the class to load
-     */
-    function __autoload($classname)
-    {
-        PHPMailerAutoload($classname);
-    }
+	/**
+	 * Fall back to traditional autoload for old PHP versions
+	 * @param string $classname The name of the class to load
+	 */
+	function __autoload($classname)
+	{
+		PHPMailerAutoload($classname);
+	}
 }
--- a/lib/classes/phpmailer/class.PHPMailer.php
+++ b/lib/classes/phpmailer/class.PHPMailer.php
--- a/lib/classes/phpmailer/class.SMTP.php
+++ b/lib/classes/phpmailer/class.SMTP.php
--- a/lib/classes/settings/class.SImExporter.php
+++ b/lib/classes/settings/class.SImExporter.php
@@ -0,0 +1,114 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2018 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <d00p@froxlor.org>
+ * @author     Froxlor team <team@froxlor.org> (2018-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Classes
+ *
+ * @since      0.9.39
+ *
+ */
+
+/**
+ * Class SImExporter
+ *
+ * Import/Export settings to JSON
+ *
+ * @copyright (c) the authors
+ * @author Michael Kaufmann <d00p@froxlor.org>
+ * @author Froxlor team <team@froxlor.org> (2018-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Classes
+ */
+class SImExporter
+{
+
+	/**
+	 * settings which are not being exported
+	 *
+	 * @var array
+	 */
+	private static $_no_export = [
+		'panel.adminmail',
+		'admin.show_news_feed',
+		'system.lastaccountnumber',
+		'system.lastguid',
+		'system.ipaddress',
+		'system.last_traffic_run',
+		'system.hostname',
+		'system.mysql_access_host',
+		'system.lastcronrun',
+		'system.defaultip',
+		'system.last_tasks_run',
+		'system.last_archive_run',
+		'system.leprivatekey',
+		'system.lepublickey'
+	];
+
+	public static function export()
+	{
+		$result_stmt = Database::query("
+			SELECT * FROM `" . TABLE_PANEL_SETTINGS . "` ORDER BY `settingid` ASC
+		");
+		$_data = array();
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			$index = $row['settinggroup'] . "." . $row['varname'];
+			if (! in_array($index, self::$_no_export)) {
+				$_data[$index] = $row['value'];
+			}
+		}
+		// add checksum for validation
+		$_data['_sha'] = sha1(var_export($_data, true));
+		$_export = json_encode($_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
+		if (! $_export) {
+			throw new Exception("Error exporting settings: " . json_last_error_msg());
+		}
+		return $_export;
+	}
+
+	public static function import($json_str = null)
+	{
+		// decode data
+		$_data = json_decode($json_str, true);
+		if ($_data) {
+			// get validity check data
+			$_sha = isset($_data['_sha']) ? $_data['_sha'] : false;
+			$_version = isset($_data['panel.version']) ? $_data['panel.version'] : false;
+			$_dbversion = isset($_data['panel.db_version']) ? $_data['panel.db_version'] : false;
+			// check if we have everything we need
+			if (! $_sha || ! $_version || ! $_dbversion) {
+				throw new Exception("Invalid froxlor settings data. Unable to import.");
+			}
+			// validate import file
+			unset($_data['_sha']);
+			// compare
+			if ($_sha != sha1(var_export($_data, true))) {
+				throw new Exception("SHA check of import data failed. Unable to import.");
+			}
+			// do not import version info - but we need that to possibily update settings
+			// when there were changes in the variable-name or similar
+			unset($_data['panel.version']);
+			unset($_data['panel.db_version']);
+
+			// store new data
+			foreach ($_data as $index => $value) {
+				Settings::Set($index, $value);
+			}
+			// save to DB
+			Settings::Flush();
+
+			// all good
+			return true;
+		}
+		throw new Exception("Invalid JSON data: " . json_last_error_msg());
+	}
+}
--- a/lib/classes/settings/class.Settings.php
+++ b/lib/classes/settings/class.Settings.php
@@ -86,6 +86,7 @@ class Settings {
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			self::$_data[$row['settinggroup']][$row['varname']] = $row['value'];
 		}
+		return true;
 	}

 	/**
@@ -124,6 +125,23 @@ class Settings {
 		return $result;
 	}

+	/**
+	 * tests if a setting-value that i s a comma separated list contains an entry
+	 *
+	 * @param string $setting a group and a varname separated by a dot (group.varname)
+	 * @param string $entry the entry that is expected to be in the list
+	 *
+	 * @return boolean true, if the list contains $entry
+	 */
+	public function pIsInList($setting = null, $entry = null) {
+		$s=Settings::Get($setting);
+		if ($s==null) {
+			return false;
+		}
+		$slist = explode(",",$s);
+		return in_array($entry, $slist);
+	}
+
 	/**
 	 * update a setting / set a new value
 	 *
@@ -144,10 +162,16 @@ class Settings {
 			if ($instant_save) {
 				$this->_storeSetting($sstr[0], $sstr[1], $value);
 			} else {
-				if (!is_array(self::$_data[$sstr[0]])) {
+				// set temporary data for usage
+				if (!isset(self::$_data[$sstr[0]]) || !is_array(self::$_data[$sstr[0]])) {
 					self::$_data[$sstr[0]] = array();
 				}
 				self::$_data[$sstr[0]][$sstr[1]] = $value;
+				// set update-data when invoking Flush()
+				if (!isset(self::$_updatedata[$sstr[0]]) || !is_array(self::$_updatedata[$sstr[0]])) {
+					self::$_updatedata[$sstr[0]] = array();
+				}
+				self::$_updatedata[$sstr[0]][$sstr[1]] = $value;
 			}
 			return true;
 		}
@@ -184,6 +208,8 @@ class Settings {
 					'value' => $value
 			);
 			Database::pexecute($ins_stmt, $ins_data);
+			// also set new value to internal array and make it available
+			self::$_data[$sstr[0]][$sstr[1]] = $value;
 			return true;
 		}
 		return false;
@@ -204,8 +230,9 @@ class Settings {
 			// now empty the array
 			self::$_updatedata = array();
 			// re-read in all settings
-			$this->_readSettings();
+			return $this->_readSettings();
 		}
+		return false;
 	}

 	/**
--- a/lib/classes/ssl/class.lescript.php
+++ b/lib/classes/ssl/class.lescript.php
@@ -0,0 +1,595 @@
+<?php
+// Copyright (c) 2015, Stanislav Humplik <sh@analogic.cz>
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+// * Neither the name of the <organization> nor the
+// names of its contributors may be used to endorse or promote products
+// derived from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
+// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// This file is copied from https://github.com/analogic/lescript
+// and modified to work without files and integrate in Froxlor
+class lescript
+{
+
+	// https://letsencrypt.org/repository/
+
+	private $logger;
+
+	private $client;
+
+	private $accountKey;
+
+	private $customerid;
+
+	private $isFroxlorVhost;
+
+	private $isLeProduction;
+
+	private $version;
+
+	public function __construct($logger, $version = '1')
+	{
+		$this->logger = $logger;
+		$this->version = $version;
+		if (Settings::Get('system.letsencryptca') == 'production') {
+			$ca = 'https://acme-v01.api.letsencrypt.org';
+		} else {
+			$ca = 'https://acme-staging.api.letsencrypt.org';
+		}
+		$this->client = new Client($ca);
+		$this->log("Using '$ca' to generate certificate");
+	}
+
+	public function initAccount($certrow, $isFroxlorVhost = false)
+	{
+		// Let's see if we have the private accountkey
+		$this->accountKey = $certrow['leprivatekey'];
+		$this->customerId = (!$isFroxlorVhost ? $certrow['customerid'] : null);
+		$this->isFroxlorVhost = $isFroxlorVhost;
+		$this->isLeProduction = (Settings::Get('system.letsencryptca') == 'production');
+
+		$leregistered=$certrow['leregistered'];
+
+		if (! $this->accountKey || $this->accountKey == 'unset' || !$this->isLeProduction) {
+
+			// generate and save new private key for account
+			// ---------------------------------------------
+
+			$this->log('Creating new account key');
+			$keys = $this->generateKey();
+			// Only store the accountkey in production, in staging always generate a new key
+			if ($this->isLeProduction) {
+				if ($isFroxlorVhost) {
+					Settings::Set('system.lepublickey', $keys['public']);
+					Settings::Set('system.leprivatekey', $keys['private']);
+					Settings::Set('system.leregistered', 0); // key is not registered
+				} else {
+					$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private, `leregistered` = :registered " . "WHERE `customerid` = :customerid;");
+					Database::pexecute($upd_stmt, array(
+						'public' => $keys['public'],
+						'private' => $keys['private'],
+						'registered' => 0,
+						'customerid' => $this->customerId
+					));
+				}
+			}
+			$leregistered=0;
+			$this->accountKey = $keys['private'];
+		} else {
+			$this->log('Using existing account key');
+		}
+
+		if ($leregistered==0) { // Account not registered
+
+			$this->log('Starting new account registration');
+			$response = $this->postNewReg();
+			if ($this->client->getLastCode() == 409) {
+				$this->log('The key was already registered. Using existing account.');
+			} else if ($this->client->getLastCode() == 201) {
+				$this->log('New account registered.');
+			} else {
+				throw new \RuntimeException("Account not initialized, probably due to rate limiting. Whole response: " . json_encode($response));
+			}
+			$accountUrl=$this->client->getLastLocation();
+
+			$leregistered = 1;
+			$this->setLeRegisteredState($leregistered); // Account registered
+			$this->log('Lets encrypt Terms of Service accepted');
+		}
+
+	}
+
+	/**
+	 *
+	 * @param array $domains
+	 * @param string $domainkey
+	 * @param string $csr
+	 *        	optional, same behavior as $reuseCsr from the original class, but we're passing the content of the csr already
+	 *
+	 * @throws \RuntimeException
+	 * @return string[]
+	 */
+	public function signDomains(array $domains, $domainkey = null, $csr = null)
+	{
+		if (! $this->accountKey) {
+			throw new \RuntimeException("Account not initialized");
+		}
+
+		$this->log('Starting certificate generation process for domains');
+
+		$privateAccountKey = openssl_pkey_get_private($this->accountKey);
+		$accountKeyDetails = openssl_pkey_get_details($privateAccountKey);
+
+		// start domains authentication
+		// ----------------------------
+
+		foreach ($domains as $domain) {
+
+			// 1. getting available authentication options
+			// -------------------------------------------
+
+			$this->log("Requesting challenge for $domain");
+
+			$response = $this->signedRequest("/acme/new-authz", array(
+				"resource" => "new-authz",
+				"identifier" => array(
+					"type" => "dns",
+					"value" => $domain
+				)
+			));
+
+			if ($this->client->getLastCode() == 403) {
+				$this->log("Got status 403 - setting LE status to unregistered.");
+				$this->setLeRegisteredState(0);
+				throw new RuntimeException("Got 'unauthorized' response - we need to re-register at next run.  Whole response: " . json_encode($response));
+			}
+
+			// if response is not an array but a string, it's most likely a server-error, e.g.
+			// <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>An error occurred while processing your request.
+			// <p>Reference&#32;&#35;179&#46;d8be1402&#46;1458059103&#46;3613c4db</BODY></HTML>
+			if (! is_array($response)) {
+				throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . json_encode($response));
+			}
+
+			if (! array_key_exists('challenges', $response)) {
+				throw new RuntimeException("No challenges received for $domain. Whole response: " . json_encode($response));
+			}
+
+			// choose http-01 challenge only
+			$challenge = array_reduce($response['challenges'], function ($v, $w) {
+				return $v ? $v : ($w['type'] == 'http-01' ? $w : false);
+			});
+
+			if (! $challenge) {
+				throw new RuntimeException("HTTP Challenge for $domain is not available. Whole response: " . json_encode($response));
+			}
+
+			$this->log("Got challenge token for $domain");
+			$location = $this->client->getLastLocation();
+
+			// 2. saving authentication token for web verification
+			// ---------------------------------------------------
+
+			$directory = Settings::Get('system.letsencryptchallengepath') . '/.well-known/acme-challenge';
+			$tokenPath = $directory . '/' . $challenge['token'];
+
+			if (! file_exists($directory) && ! @mkdir($directory, 0755, true)) {
+				throw new \RuntimeException("Couldn't create directory to expose challenge: ${tokenPath}");
+			}
+
+			$header = array(
+				// need to be in precise order!
+				"e" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["e"]),
+				"kty" => "RSA",
+				"n" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["n"])
+			);
+			$payload = $challenge['token'] . '.' . Base64UrlSafeEncoder::encode(hash('sha256', json_encode($header), true));
+
+			file_put_contents($tokenPath, $payload);
+			chmod($tokenPath, 0644);
+
+			// 3. verification process itself
+			// -------------------------------
+
+			$uri = "http://${domain}/.well-known/acme-challenge/${challenge['token']}";
+
+			$this->log("Token for $domain saved at $tokenPath and should be available at $uri");
+
+			// simple self check
+			if (Settings::Get('system.disable_le_selfcheck') == '0')
+			{
+				$selfcheckpayload = HttpClient::urlGet($uri);
+				if ($payload !== trim($selfcheckpayload)) {
+					$errmsg = json_encode(error_get_last());
+					if ($errmsg != "null") {
+						$errmsg = "; PHP error: " . $errmsg;
+					} else {
+						$errmsg = "";
+					}
+					$this->logger->logAction(CRON_ACTION, LOG_WARNING, "[Lets Encrypt self-check] Please check $uri - token seems to be not available. This is just a simple self-check, it might be wrong but consider using this information when Let's Encrypt fails to issue a certificate" . $errmsg);
+				}
+			}
+
+			$this->log("Sending request to challenge");
+
+			// send request to challenge
+			$result = $this->signedRequest($challenge['uri'], array(
+				"resource" => "challenge",
+				"type" => "http-01",
+				"keyAuthorization" => $payload,
+				"token" => $challenge['token']
+			));
+
+			// waiting loop
+			// we wait for a maximum of 30 seconds to avoid endless loops
+			$count = 0;
+			do {
+				if (empty($result['status']) || $result['status'] == "invalid") {
+					@unlink($tokenPath);
+					throw new \RuntimeException("Verification ended with error: " . json_encode($result));
+				}
+				$ended = ! ($result['status'] === "pending");
+
+				if (! $ended) {
+					$this->log("Verification pending, sleeping 1s");
+					sleep(1);
+					$count ++;
+				}
+
+				$result = $this->client->get($location);
+			} while (! $ended && $count < 30);
+
+			$this->log("Verification ended with status: ${result['status']}");
+			@unlink($tokenPath);
+		}
+
+		// requesting certificate
+		// ----------------------
+
+		// generate private key for domain if not exist
+		if (empty($domainkey) || Settings::Get('system.letsencryptreuseold') == 0) {
+			$keys = $this->generateKey();
+			$domainkey = $keys['private'];
+		}
+
+		// load domain key
+		$privateDomainKey = openssl_pkey_get_private($domainkey);
+
+		$this->client->getLastLinks();
+
+		if (empty($csr)) {
+			$csr = $this->generateCSR($privateDomainKey, $domains);
+		}
+
+		// request certificates creation
+		$result = $this->signedRequest("/acme/new-cert", array(
+			'resource' => 'new-cert',
+			'csr' => $csr
+		));
+		if ($this->client->getLastCode() !== 201) {
+			throw new \RuntimeException("Invalid response code: " . $this->client->getLastCode() . ", " . json_encode($result));
+		}
+		$location = $this->client->getLastLocation();
+
+		// waiting loop
+		$certificates = array();
+		while (1) {
+			$this->client->getLastLinks();
+
+			$result = $this->client->get($location);
+
+			if ($this->client->getLastCode() == 202) {
+
+				$this->log("Certificate generation pending, sleeping 1s");
+				sleep(1);
+			} else
+				if ($this->client->getLastCode() == 200) {
+
+					$this->log("Got certificate! YAY!");
+					$certificates[] = $this->parsePemFromBody($result);
+
+					foreach ($this->client->getLastLinks() as $link) {
+						$this->log("Requesting chained cert at $link");
+						$result = $this->client->get($link);
+						$certificates[] = $this->parsePemFromBody($result);
+					}
+
+					break;
+				} else {
+
+					throw new \RuntimeException("Can't get certificate: HTTP code " . $this->client->getLastCode());
+				}
+		}
+
+		if (empty($certificates))
+			throw new \RuntimeException('No certificates generated');
+
+		$fullchain = implode("\n", $certificates);
+		$crt = array_shift($certificates);
+		$chain = implode("\n", $certificates);
+
+		$this->log("Done, returning new certificates and key");
+		return array(
+			'fullchain' => $fullchain,
+			'crt' => $crt,
+			'chain' => $chain,
+			'key' => $domainkey,
+			'csr' => $csr
+		);
+	}
+
+	private function setLeRegisteredState($state)
+	{
+		if ($this->isLeProduction) {
+			if ($this->isFroxlorVhost) {
+				Settings::Set('system.leregistered', $state);
+			} else {
+				$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `leregistered` = :registered " . "WHERE `customerid` = :customerid;");
+				Database::pexecute($upd_stmt, array(
+					'registered' => $state,
+					'customerid' => $this->customerId
+				));
+			}
+		}
+	}
+
+	private function parsePemFromBody($body)
+	{
+		$pem = chunk_split(base64_encode($body), 64, "\n");
+		return "-----BEGIN CERTIFICATE-----\n" . $pem . "-----END CERTIFICATE-----\n";
+	}
+
+	private function postNewReg()
+	{
+		$this->log('Getting last terms of service URL');
+		$directory = $this->client->get('/directory');
+		if (!isset($directory['meta']) || !isset($directory['meta']['terms-of-service'])) {
+			throw new \RuntimeException("No terms of service link available!");
+		}
+		$this->log('Sending registration to letsencrypt server');
+
+		return $this->signedRequest('/acme/new-reg', array(
+			'resource' => 'new-reg',
+			'agreement' => $directory['meta']['terms-of-service']
+		));
+	}
+
+	private function generateCSR($privateKey, array $domains)
+	{
+		$domain = reset($domains);
+		$san = implode(",", array_map(function ($dns) {
+			return "DNS:" . $dns;
+		}, $domains));
+		$tmpConf = tmpfile();
+		$tmpConfMeta = stream_get_meta_data($tmpConf);
+		$tmpConfPath = $tmpConfMeta["uri"];
+
+		// workaround to get SAN working
+		fwrite($tmpConf, 'HOME = .
+RANDFILE = $ENV::HOME/.rnd
+[ req ]
+default_bits = ' . Settings::Get('system.letsencryptkeysize') . '
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+[ v3_req ]
+basicConstraints = CA:FALSE
+subjectAltName = ' . $san . '
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment');
+
+		$csr = openssl_csr_new(array(
+			"CN" => $domain,
+			"ST" => Settings::Get('system.letsencryptstate'),
+			"C" => Settings::Get('system.letsencryptcountrycode'),
+			"O" => "Unknown"
+		), $privateKey, array(
+			"config" => $tmpConfPath,
+			"digest_alg" => "sha256"
+		));
+
+		if (! $csr)
+			throw new \RuntimeException("CSR couldn't be generated! " . openssl_error_string());
+
+		openssl_csr_export($csr, $csr);
+		fclose($tmpConf);
+
+		preg_match('~REQUEST-----(.*)-----END~s', $csr, $matches);
+
+		return trim(Base64UrlSafeEncoder::encode(base64_decode($matches[1])));
+	}
+
+	private function generateKey()
+	{
+		$res = openssl_pkey_new(array(
+			"private_key_type" => OPENSSL_KEYTYPE_RSA,
+			"private_key_bits" => (int) Settings::Get('system.letsencryptkeysize')
+		));
+
+		if (! openssl_pkey_export($res, $privateKey)) {
+			throw new \RuntimeException("Key export failed!");
+		}
+
+		$details = openssl_pkey_get_details($res);
+
+		return array(
+			'private' => $privateKey,
+			'public' => $details['key']
+		);
+	}
+
+	private function signedRequest($uri, array $payload)
+	{
+		$privateKey = openssl_pkey_get_private($this->accountKey);
+		$details = openssl_pkey_get_details($privateKey);
+
+		$header = array(
+			"alg" => "RS256",
+			"jwk" => array(
+				"kty" => "RSA",
+				"n" => Base64UrlSafeEncoder::encode($details["rsa"]["n"]),
+				"e" => Base64UrlSafeEncoder::encode($details["rsa"]["e"])
+			)
+		);
+
+		$protected = $header;
+		$protected["nonce"] = $this->client->getLastNonce();
+
+		$payload64 = Base64UrlSafeEncoder::encode(str_replace('\\/', '/', json_encode($payload)));
+		$protected64 = Base64UrlSafeEncoder::encode(json_encode($protected));
+
+		openssl_sign($protected64 . '.' . $payload64, $signed, $privateKey, "SHA256");
+
+		$signed64 = Base64UrlSafeEncoder::encode($signed);
+
+		$data = array(
+			'header' => $header,
+			'protected' => $protected64,
+			'payload' => $payload64,
+			'signature' => $signed64
+		);
+
+		$this->log("Sending signed request to $uri");
+
+		return $this->client->post($uri, json_encode($data));
+	}
+
+	protected function log($message)
+	{
+		$this->logger->logAction(CRON_ACTION, LOG_INFO, "letsencrypt " . $message);
+	}
+}
+
+class Client
+{
+
+	private $lastCode;
+
+	private $lastHeader;
+
+	private $base;
+
+	public function __construct($base)
+	{
+		$this->base = $base;
+	}
+
+	private function curl($method, $url, $data = null)
+	{
+		$headers = array(
+			'Accept: application/json',
+			'Content-Type: application/json'
+		);
+		$handle = curl_init();
+		curl_setopt($handle, CURLOPT_URL, preg_match('~^http~', $url) ? $url : $this->base . $url);
+		curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
+		curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($handle, CURLOPT_HEADER, true);
+
+		// DO NOT DO THAT!
+		// curl_setopt($handle, CURLOPT_SSL_VERIFYHOST, false);
+		// curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, false);
+
+		switch ($method) {
+			case 'GET':
+				break;
+			case 'POST':
+				curl_setopt($handle, CURLOPT_POST, true);
+				curl_setopt($handle, CURLOPT_POSTFIELDS, $data);
+				break;
+		}
+		$response = curl_exec($handle);
+
+		if (curl_errno($handle)) {
+			throw new \RuntimeException('Curl: ' . curl_error($handle));
+		}
+
+		$header_size = curl_getinfo($handle, CURLINFO_HEADER_SIZE);
+
+		$header = substr($response, 0, $header_size);
+		$body = substr($response, $header_size);
+
+		$this->lastHeader = $header;
+		$this->lastCode = curl_getinfo($handle, CURLINFO_HTTP_CODE);
+
+		$data = json_decode($body, true);
+		return $data === null ? $body : $data;
+	}
+
+	public function post($url, $data)
+	{
+		return $this->curl('POST', $url, $data);
+	}
+
+	public function get($url)
+	{
+		return $this->curl('GET', $url);
+	}
+
+	public function getLastNonce()
+	{
+		if (preg_match('~Replay\-Nonce: (.+)~i', $this->lastHeader, $matches)) {
+			return trim($matches[1]);
+		}
+
+		$this->curl('GET', '/directory');
+		return $this->getLastNonce();
+	}
+
+	public function getLastLocation()
+	{
+		if (preg_match('~Location: (.+)~i', $this->lastHeader, $matches)) {
+			return trim($matches[1]);
+		}
+		return null;
+	}
+
+	public function getLastCode()
+	{
+		return $this->lastCode;
+	}
+
+	public function getLastLinks()
+	{
+		preg_match_all('~Link: <(.+)>;rel="up"~', $this->lastHeader, $matches);
+		return $matches[1];
+	}
+}
+
+class Base64UrlSafeEncoder
+{
+
+	public static function encode($input)
+	{
+		return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
+	}
+
+	public static function decode($input)
+	{
+		$remainder = strlen($input) % 4;
+		if ($remainder) {
+			$padlen = 4 - $remainder;
+			$input .= str_repeat('=', $padlen);
+		}
+		return base64_decode(strtr($input, '-_', '+/'));
+	}
+}
--- a/lib/classes/ssl/class.lescript_v2.php
+++ b/lib/classes/ssl/class.lescript_v2.php
@@ -0,0 +1,594 @@
+<?php
+
+// Copyright (c) 2015, Stanislav Humplik <sh@analogic.cz>
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+// * Neither the name of the <organization> nor the
+// names of its contributors may be used to endorse or promote products
+// derived from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
+// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// This file is copied from https://github.com/analogic/lescript
+// and modified to work without files and integrate in Froxlor
+class lescript_v2
+{
+
+	// https://letsencrypt.org/repository/
+	private $logger;
+
+	private $client;
+
+	private $accountKey;
+
+	private $customerid;
+
+	private $isFroxlorVhost;
+
+	private $isLeProduction;
+
+	private $version;
+
+	private $_req_uris = array();
+
+	private $_acc_location = null;
+
+	public function __construct($logger, $version = '2')
+	{
+		$this->logger = $logger;
+		$this->version = $version;
+		if (Settings::Get('system.letsencryptca') == 'production') {
+			$ca = 'https://acme-v02.api.letsencrypt.org';
+		} else {
+			$ca = 'https://acme-staging-v02.api.letsencrypt.org';
+		}
+		$this->client = new Client($ca);
+		$this->log("Using '$ca' to generate certificate");
+		
+		// get request-uris from /directory
+		$response = $this->client->get('/directory');
+		$this->_req_uris['newAccount'] = $response['newAccount'];
+		$this->_req_uris['newOrder'] = $response['newOrder'];
+		$this->_req_uris['newNonce'] = $response['newNonce'];
+		$this->_req_uris['revokeCert'] = $response['revokeCert'];
+	}
+
+	public function initAccount($certrow, $isFroxlorVhost = false)
+	{
+		// Let's see if we have the private accountkey
+		$this->accountKey = $certrow['leprivatekey'];
+		$this->customerId = (! $isFroxlorVhost ? $certrow['customerid'] : null);
+		$this->isFroxlorVhost = $isFroxlorVhost;
+		$this->isLeProduction = (Settings::Get('system.letsencryptca') == 'production');
+		
+		$leregistered = $certrow['leregistered'];
+		
+		if (! $this->accountKey || $this->accountKey == 'unset' || ! $this->isLeProduction) {
+			
+			// generate and save new private key for account
+			// ---------------------------------------------
+			
+			$this->log('Creating new account key');
+			$keys = $this->generateKey();
+			// Only store the accountkey in production, in staging always generate a new key
+			if ($this->isLeProduction) {
+				if ($isFroxlorVhost) {
+					Settings::Set('system.lepublickey', $keys['public']);
+					Settings::Set('system.leprivatekey', $keys['private']);
+					Settings::Set('system.leregistered', 0); // key is not registered
+				} else {
+					$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private, `leregistered` = :registered " . "WHERE `customerid` = :customerid;");
+					Database::pexecute($upd_stmt, array(
+						'public' => $keys['public'],
+						'private' => $keys['private'],
+						'registered' => 0,
+						'customerid' => $this->customerId
+					));
+				}
+			}
+			$leregistered = 0;
+			$this->accountKey = $keys['private'];
+		} else {
+			$this->log('Using existing account key');
+		}
+		
+		if ($leregistered == 0) { // Account not registered
+			
+			$this->log('Starting new account registration');
+			$response = $this->postNewReg();
+			if ($this->client->getLastCode() == 409) {
+				$this->log('The key was already registered. Using existing account.');
+			} else if ($this->client->getLastCode() == 201) {
+				$this->log('New account registered.');
+			} else {
+				throw new \RuntimeException("Account not initialized, probably due to rate limiting. Whole response: " . json_encode($response));
+			}
+			$this->_acc_location = $this->client->getLastLocation();
+			
+			$leregistered = 1;
+			$this->setLeRegisteredState($leregistered);
+		}
+	}
+
+	/**
+	 *
+	 * @param array $domains
+	 * @param string $domainkey
+	 * @param string $csr
+	 *        	optional, same behavior as $reuseCsr from the original class, but we're passing the content of the csr already
+	 *        	
+	 * @throws \RuntimeException
+	 * @return string[]
+	 */
+	public function signDomains(array $domains, $domainkey = null, $csr = null)
+	{
+		if (! $this->accountKey) {
+			throw new \RuntimeException("Account not initialized");
+		}
+		
+		$this->log('Starting certificate generation process for domains');
+		
+		$privateAccountKey = openssl_pkey_get_private($this->accountKey);
+		$accountKeyDetails = openssl_pkey_get_details($privateAccountKey);
+		
+		// start domains authentication
+		// ----------------------------
+		
+		foreach ($domains as $domain) {
+			
+			// 1. getting available authentication options
+			// -------------------------------------------
+			
+			$this->log("Requesting challenge for $domain");
+			
+			$response = $this->signedRequest($this->_req_uris['newOrder'], array(
+				"identifiers" => array(
+					array(
+						"type" => "dns",
+						"value" => $domain
+					)
+				)
+			), false);
+			
+			if ($this->client->getLastCode() == 403) {
+				$this->log("Got status 403 - setting LE status to unregistered.");
+				$this->setLeRegisteredState(0);
+				throw new RuntimeException("Got 'unauthorized' response - we need to re-register at next run.  Whole response: " . json_encode($response));
+			}
+			
+			// if response is not an array but a string, it's most likely a server-error, e.g.
+			// <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>An error occurred while processing your request.
+			// <p>Reference&#32;&#35;179&#46;d8be1402&#46;1458059103&#46;3613c4db</BODY></HTML>
+			if (! is_array($response)) {
+				throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . json_encode($response));
+			}
+			
+			if (! array_key_exists('authorizations', $response)) {
+				throw new RuntimeException("No authorizations received for $domain. Whole response: " . json_encode($response));
+			}
+			
+			// get authorization
+			$auth_response = $this->client->get($response['authorizations'][0]);
+			
+			if (! array_key_exists('challenges', $auth_response)) {
+				throw new RuntimeException("No challenges received for $domain. Whole response: " . json_encode($auth_response));
+			}
+			
+			// choose http-01 challenge only
+			$challenge = array_reduce($auth_response['challenges'], function ($v, $w) {
+				return $v ? $v : ($w['type'] == 'http-01' ? $w : false);
+			});
+			
+			if (! $challenge) {
+				throw new RuntimeException("HTTP Challenge for $domain is not available. Whole response: " . json_encode($response));
+			}
+			
+			$this->log("Got challenge token for $domain");
+			$location = $challenge['url'];
+			$finalizeLink = $response['finalize'];
+			
+			// 2. saving authentication token for web verification
+			// ---------------------------------------------------
+			
+			$directory = Settings::Get('system.letsencryptchallengepath') . '/.well-known/acme-challenge';
+			$tokenPath = $directory . '/' . $challenge['token'];
+			
+			if (! file_exists($directory) && ! @mkdir($directory, 0755, true)) {
+				throw new \RuntimeException("Couldn't create directory to expose challenge: ${tokenPath}");
+			}
+			
+			$header = array(
+				// need to be in precise order!
+				"e" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["e"]),
+				"kty" => "RSA",
+				"n" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["n"])
+			);
+			$payload = $challenge['token'] . '.' . Base64UrlSafeEncoder::encode(hash('sha256', json_encode($header), true));
+			
+			file_put_contents($tokenPath, $payload);
+			chmod($tokenPath, 0644);
+			
+			// 3. verification process itself
+			// -------------------------------
+			
+			$uri = "http://${domain}/.well-known/acme-challenge/${challenge['token']}";
+			
+			$this->log("Token for $domain saved at $tokenPath and should be available at $uri");
+			
+			// simple self check
+			if (Settings::Get('system.disable_le_selfcheck') == '0') {
+				$selfcheckpayload = HttpClient::urlGet($uri);
+				if ($payload !== trim($selfcheckpayload)) {
+					$errmsg = json_encode(error_get_last());
+					if ($errmsg != "null") {
+						$errmsg = "; PHP error: " . $errmsg;
+					} else {
+						$errmsg = "";
+					}
+					$this->logger->logAction(CRON_ACTION, LOG_WARNING, "[Lets Encrypt self-check] Please check $uri - token seems to be not available. This is just a simple self-check, it might be wrong but consider using this information when Let's Encrypt fails to issue a certificate" . $errmsg);
+				}
+			}
+			
+			$this->log("Sending request to challenge");
+			
+			// send request to challenge
+			$result = $this->signedRequest($challenge['url'], array(
+				"type" => "http-01",
+				"keyAuthorization" => $payload,
+				"token" => $challenge['token']
+			), false);
+			
+			// waiting loop
+			// we wait for a maximum of 30 seconds to avoid endless loops
+			$count = 0;
+			do {
+				if (empty($result['status']) || $result['status'] == "invalid") {
+					@unlink($tokenPath);
+					throw new \RuntimeException("Verification ended with error: " . json_encode($result));
+				}
+				$ended = ! ($result['status'] === "pending" || $result['status'] === "processing");
+				
+				if (! $ended) {
+					$this->log("Verification " . $result['status'] . ", sleeping 1s");
+					sleep(1);
+					$count ++;
+				}
+				
+				$result = $this->client->get($location);
+			} while (! $ended && $count < 30);
+			
+			$this->log("Verification ended with status: ${result['status']}");
+			@unlink($tokenPath);
+		}
+		
+		// requesting certificate
+		// ----------------------
+		
+		// generate private key for domain if not exist
+		if (empty($domainkey) || Settings::Get('system.letsencryptreuseold') == 0) {
+			$keys = $this->generateKey();
+			$domainkey = $keys['private'];
+		}
+		
+		// load domain key
+		$privateDomainKey = openssl_pkey_get_private($domainkey);
+		
+		if (empty($csr)) {
+			$csr = $this->generateCSR($privateDomainKey, $domains);
+		}
+		
+		// request certificates creation
+		$result = $this->signedRequest($finalizeLink, array(
+			'csr' => $csr
+		), false);
+		if ($this->client->getLastCode() !== 200) {
+			throw new \RuntimeException("Invalid response code: " . $this->client->getLastCode() . ", " . json_encode($result));
+		}
+		if (! isset($result['certificate'])) {
+			throw new \RuntimeException("No certificate URL specified in result");
+		}
+		
+		$certificates = array();
+		$certdata = $this->client->get($result['certificate']);
+		$this->log("Got certificate! YAY!");
+		$certificates[] = $certdata;
+		foreach ($this->client->getLastLinks() as $link) {
+			$this->log("Requesting chained cert at $link");
+			$result = $this->client->get($link);
+			$certificates[] = $result;
+		}
+		
+		if (empty($certificates))
+			throw new \RuntimeException('No certificates generated');
+		
+		$fullchain = implode("\n", $certificates);
+		$crt = array_shift($certificates);
+		$chain = implode("\n", $certificates);
+		
+		$this->log("Done, returning new certificates and key");
+		return array(
+			'fullchain' => $fullchain,
+			'crt' => $crt,
+			'chain' => $chain,
+			'key' => $domainkey,
+			'csr' => $csr
+		);
+	}
+
+	private function setLeRegisteredState($state)
+	{
+		if ($this->isLeProduction) {
+			if ($this->isFroxlorVhost) {
+				Settings::Set('system.leregistered', $state);
+			} else {
+				$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `leregistered` = :registered " . "WHERE `customerid` = :customerid;");
+				Database::pexecute($upd_stmt, array(
+					'registered' => $state,
+					'customerid' => $this->customerId
+				));
+			}
+		}
+	}
+
+	private function parsePemFromBody($body)
+	{
+		$pem = chunk_split(base64_encode($body), 64, "\n");
+		return "-----BEGIN CERTIFICATE-----\n" . $pem . "-----END CERTIFICATE-----\n";
+	}
+
+	private function postNewReg()
+	{
+		$this->log('Getting last terms of service URL');
+		$directory = $this->client->get('/directory');
+		if (! isset($directory['meta']) || ! isset($directory['meta']['termsOfService'])) {
+			throw new \RuntimeException("No terms of service link available!");
+		}
+		$this->log('Sending registration to letsencrypt server');
+		
+		return $this->signedRequest($this->_req_uris['newAccount'], array(
+			'termsOfServiceAgreed' => true
+		));
+	}
+
+	private function generateCSR($privateKey, array $domains)
+	{
+		$domain = reset($domains);
+		$san = implode(",", array_map(function ($dns) {
+			return "DNS:" . $dns;
+		}, $domains));
+		$tmpConf = tmpfile();
+		$tmpConfMeta = stream_get_meta_data($tmpConf);
+		$tmpConfPath = $tmpConfMeta["uri"];
+		
+		// workaround to get SAN working
+		fwrite($tmpConf, 'HOME = .
+RANDFILE = $ENV::HOME/.rnd
+[ req ]
+default_bits = ' . Settings::Get('system.letsencryptkeysize') . '
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+[ v3_req ]
+basicConstraints = CA:FALSE
+subjectAltName = ' . $san . '
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment');
+		
+		$csr = openssl_csr_new(array(
+			"CN" => $domain,
+			"ST" => Settings::Get('system.letsencryptstate'),
+			"C" => Settings::Get('system.letsencryptcountrycode'),
+			"O" => "Unknown"
+		), $privateKey, array(
+			"config" => $tmpConfPath,
+			"digest_alg" => "sha256"
+		));
+		
+		if (! $csr)
+			throw new \RuntimeException("CSR couldn't be generated! " . openssl_error_string());
+		
+		openssl_csr_export($csr, $csr);
+		fclose($tmpConf);
+		
+		preg_match('~REQUEST-----(.*)-----END~s', $csr, $matches);
+		
+		return trim(Base64UrlSafeEncoder::encode(base64_decode($matches[1])));
+	}
+
+	private function generateKey()
+	{
+		$res = openssl_pkey_new(array(
+			"private_key_type" => OPENSSL_KEYTYPE_RSA,
+			"private_key_bits" => (int) Settings::Get('system.letsencryptkeysize')
+		));
+		
+		if (! openssl_pkey_export($res, $privateKey)) {
+			throw new \RuntimeException("Key export failed!");
+		}
+		
+		$details = openssl_pkey_get_details($res);
+		
+		return array(
+			'private' => $privateKey,
+			'public' => $details['key']
+		);
+	}
+
+	private function signedRequest($uri, array $payload, $needs_jwk = true)
+	{
+		$privateKey = openssl_pkey_get_private($this->accountKey);
+		$details = openssl_pkey_get_details($privateKey);
+		
+		$header = array(
+			"alg" => "RS256"
+		);
+		
+		if ($needs_jwk) {
+			$header["jwk"] = array(
+				"kty" => "RSA",
+				"n" => Base64UrlSafeEncoder::encode($details["rsa"]["n"]),
+				"e" => Base64UrlSafeEncoder::encode($details["rsa"]["e"])
+			);
+		} else {
+			// need account-url
+			$header["kid"] = $this->_acc_location;
+		}
+		
+		$protected = $header;
+		$protected["nonce"] = $this->client->getLastNonce();
+		$protected["url"] = $uri;
+		
+		$payload64 = Base64UrlSafeEncoder::encode(json_encode($payload, JSON_UNESCAPED_SLASHES));
+		$protected64 = Base64UrlSafeEncoder::encode(json_encode($protected));
+		
+		openssl_sign($protected64 . '.' . $payload64, $signed, $privateKey, "SHA256");
+		
+		$signed64 = Base64UrlSafeEncoder::encode($signed);
+		
+		$data = array(
+			'protected' => $protected64,
+			'payload' => $payload64,
+			'signature' => $signed64
+		);
+		
+		$this->log("Sending signed request to $uri");
+		return $this->client->post($uri, json_encode($data));
+	}
+
+	protected function log($message)
+	{
+		$this->logger->logAction(CRON_ACTION, LOG_INFO, "letsencrypt-v2 " . $message);
+	}
+}
+
+class Client
+{
+
+	private $lastCode;
+
+	public $lastHeader;
+
+	private $base;
+
+	public function __construct($base)
+	{
+		$this->base = $base;
+	}
+
+	private function curl($method, $url, $data = null)
+	{
+		$headers = array(
+			'Accept: application/json',
+			'Content-Type: application/json'
+		);
+		$handle = curl_init();
+		curl_setopt($handle, CURLOPT_URL, preg_match('~^http~', $url) ? $url : $this->base . $url);
+		curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
+		curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($handle, CURLOPT_HEADER, true);
+		
+		// DO NOT DO THAT!
+		// curl_setopt($handle, CURLOPT_SSL_VERIFYHOST, false);
+		// curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, false);
+		
+		switch ($method) {
+			case 'GET':
+				break;
+			case 'POST':
+				curl_setopt($handle, CURLOPT_POST, true);
+				curl_setopt($handle, CURLOPT_POSTFIELDS, $data);
+				break;
+		}
+		$response = curl_exec($handle);
+		
+		if (curl_errno($handle)) {
+			throw new \RuntimeException('Curl: ' . curl_error($handle));
+		}
+		
+		$header_size = curl_getinfo($handle, CURLINFO_HEADER_SIZE);
+		
+		$header = substr($response, 0, $header_size);
+		$body = substr($response, $header_size);
+		
+		$this->lastHeader = $header;
+		$this->lastCode = curl_getinfo($handle, CURLINFO_HTTP_CODE);
+		
+		$data = json_decode($body, true);
+		return $data === null ? $body : $data;
+	}
+
+	public function post($url, $data)
+	{
+		return $this->curl('POST', $url, $data);
+	}
+
+	public function get($url)
+	{
+		return $this->curl('GET', $url);
+	}
+
+	public function getLastNonce()
+	{
+		if (preg_match('~Replay\-Nonce: (.+)~i', $this->lastHeader, $matches)) {
+			return trim($matches[1]);
+		}
+		
+		$this->curl('GET', '/directory');
+		return $this->getLastNonce();
+	}
+
+	public function getLastLocation()
+	{
+		if (preg_match('~Location: (.+)~i', $this->lastHeader, $matches)) {
+			return trim($matches[1]);
+		}
+		return null;
+	}
+
+	public function getLastCode()
+	{
+		return $this->lastCode;
+	}
+
+	public function getLastLinks()
+	{
+		preg_match_all('~Link: <(.+)>;rel="up"~', $this->lastHeader, $matches);
+		return $matches[1];
+	}
+}
+
+class Base64UrlSafeEncoder
+{
+
+	public static function encode($input)
+	{
+		return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
+	}
+
+	public static function decode($input)
+	{
+		$remainder = strlen($input) % 4;
+		if ($remainder) {
+			$padlen = 4 - $remainder;
+			$input .= str_repeat('=', $padlen);
+		}
+		return base64_decode(strtr($input, '-_', '+/'));
+	}
+}
--- a/lib/classes/webserver/class.ConfigIO.php
+++ b/lib/classes/webserver/class.ConfigIO.php
@@ -17,13 +17,14 @@
 * @since      0.9.29
 *
 */
-
-class ConfigIO {
+class ConfigIO
+{

 	/**
 	 * constructor
 	 */
-	public function __construct() {}
+	public function __construct()
+	{}

 	/**
 	 * clean up former created configs, including (if enabled)
@@ -32,39 +33,40 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	public function cleanUp() {
-
+	public function cleanUp()
+	{
+		
 		// old error logs
 		$this->_cleanErrLogs();
-
+		
 		// awstats files
 		$this->_cleanAwstatsFiles();
-
+		
 		// fcgid files
 		$this->_cleanFcgidFiles();
-
+		
 		// php-fpm files
 		$this->_cleanFpmFiles();
-
+		
 		// clean webserver-configs
 		$this->_cleanWebserverConfigs();
-
+		
 		// old htpasswd files
 		$this->_cleanHtpasswdFiles();
-
+		
 		// customer-specified ssl-certificates
 		$this->_cleanCustomerSslCerts();
 	}

-	private function _cleanErrLogs() {
-
-	    $err_dir = makeCorrectDir(FROXLOR_INSTALL_DIR."/logs/");
-	    if (@is_dir($err_dir)) {
-	        // now get rid of old stuff
-	        //(but append /*.log so we don't delete the directory)
-	        $err_dir.='/*.log';
-	        safe_exec('rm -rf '. makeCorrectFile($err_dir));
-	    }
+	private function _cleanErrLogs()
+	{
+		$err_dir = makeCorrectDir(FROXLOR_INSTALL_DIR . "/logs/");
+		if (@is_dir($err_dir)) {
+			// now get rid of old stuff
+			// (but append /*.log so we don't delete the directory)
+			$err_dir .= '/*.log';
+			safe_exec('rm -f ' . makeCorrectFile($err_dir));
+		}
 	}

 	/**
@@ -73,8 +75,9 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanCustomerSslCerts() {
-
+	private function _cleanCustomerSslCerts()
+	{
+		
 		/*
 		 * only clean up if we're actually using SSL
 		 */
@@ -82,14 +85,14 @@ class ConfigIO {
 			// get correct directory
 			$configdir = $this->_getFile('system', 'customer_ssl_path');
 			if ($configdir !== false) {
-
+				
 				$configdir = makeCorrectDir($configdir);
-
+				
 				if (@is_dir($configdir)) {
 					// now get rid of old stuff
-					//(but append /* so we don't delete the directory)
-					$configdir.='/*';
-					safe_exec('rm -rf '. makeCorrectFile($configdir));
+					// (but append /* so we don't delete the directory)
+					$configdir .= '/*';
+					safe_exec('rm -f ' . makeCorrectFile($configdir));
 				}
 			}
 		}
@@ -100,39 +103,38 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanWebserverConfigs() {
-
+	private function _cleanWebserverConfigs()
+	{
+		
 		// get directories
 		$configdirs = array();
 		$dir = $this->_getFile('system', 'apacheconf_vhost');
 		if ($dir !== false)
 			$configdirs[] = makeCorrectDir($dir);
-
+		
 		$dir = $this->_getFile('system', 'apacheconf_diroptions');
 		if ($dir !== false)
 			$configdirs[] = makeCorrectDir($dir);
-
+		
 		// file pattern
 		$pattern = "/^([0-9]){2}_(froxlor|syscp)_(.+)\.conf$/";
-
+		
 		// check ALL the folders
 		foreach ($configdirs as $config_dir) {
-
+			
 			// check directory
 			if (@is_dir($config_dir)) {
-
+				
 				// create directory iterator
-				$its = new RecursiveIteratorIterator(
-						new RecursiveDirectoryIterator($config_dir)
-				);
-
+				$its = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($config_dir));
+				
 				// iterate through all subdirs,
 				// look for vhost/diroption files
 				// and delete them
-				foreach ($its as $fullFileName => $it ) {
+				foreach ($its as $fullFileName => $it) {
 					if ($it->isFile() && preg_match($pattern, $it->getFilename())) {
 						// remove file
-						safe_exec('rm -f '. escapeshellarg(makeCorrectFile($its->getPathname())));
+						safe_exec('rm -f ' . escapeshellarg(makeCorrectFile($its->getPathname())));
 					}
 				}
 			}
@@ -144,19 +146,20 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanHtpasswdFiles() {
-
+	private function _cleanHtpasswdFiles()
+	{
+		
 		// get correct directory
 		$configdir = $this->_getFile('system', 'apacheconf_htpasswddir');
-
+		
 		if ($configdir !== false) {
 			$configdir = makeCorrectDir($configdir);
-
+			
 			if (@is_dir($configdir)) {
 				// now get rid of old stuff
-				//(but append /* so we don't delete the directory)
-				$configdir.='/*';
-				safe_exec('rm -rf '. makeCorrectFile($configdir));
+				// (but append /* so we don't delete the directory)
+				$configdir .= '/*';
+				safe_exec('rm -f ' . makeCorrectFile($configdir));
 			}
 		}
 	}
@@ -166,37 +169,36 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanAwstatsFiles() {
-
+	private function _cleanAwstatsFiles()
+	{
 		if (Settings::Get('system.awstats_enabled') == '0') {
 			return;
 		}
-
-		//dhr: cleanout froxlor-generated awstats configs prior to re-creation
+		
+		// dhr: cleanout froxlor-generated awstats configs prior to re-creation
 		$awstatsclean['header'] = "## GENERATED BY FROXLOR\n";
 		$awstatsclean['headerold'] = "## GENERATED BY SYSCP\n";
 		$awstatsclean['path'] = $this->_getFile('system', 'awstats_conf');
-
+		
 		/**
 		 * don't do anything if the directory does not exist
-		 * (e.g. awstats not installed yet or whatever)
+		 * (e.g.
+		 * awstats not installed yet or whatever)
 		 * fixes #45
-		*/
+		 */
 		if ($awstatsclean['path'] !== false && is_dir($awstatsclean['path'])) {
 			$awstatsclean['dir'] = dir($awstatsclean['path']);
 			while ($awstatsclean['entry'] = $awstatsclean['dir']->read()) {
-				$awstatsclean['fullentry'] = makeCorrectFile($awstatsclean['path'].'/'.$awstatsclean['entry']);
+				$awstatsclean['fullentry'] = makeCorrectFile($awstatsclean['path'] . '/' . $awstatsclean['entry']);
 				/**
 				 * don't do anything if the file does not exist
-				*/
+				 */
 				if (@file_exists($awstatsclean['fullentry'])) {
 					$awstatsclean['fh'] = fopen($awstatsclean['fullentry'], 'r');
-					$awstatsclean['headerRead'] = fgets($awstatsclean['fh'], strlen($awstatsclean['header'])+1);
+					$awstatsclean['headerRead'] = fgets($awstatsclean['fh'], strlen($awstatsclean['header']) + 1);
 					fclose($awstatsclean['fh']);
-
-					if ($awstatsclean['headerRead'] == $awstatsclean['header']
-							|| $awstatsclean['headerRead'] == $awstatsclean['headerold']
-					) {
+					
+					if ($awstatsclean['headerRead'] == $awstatsclean['header'] || $awstatsclean['headerRead'] == $awstatsclean['headerold']) {
 						$awstats_conf_file = makeCorrectFile($awstatsclean['fullentry']);
 						@unlink($awstats_conf_file);
 					}
@@ -204,7 +206,7 @@ class ConfigIO {
 			}
 		}
 		unset($awstatsclean);
-		//end dhr
+		// end dhr
 	}

 	/**
@@ -212,39 +214,37 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanFcgidFiles() {
-
+	private function _cleanFcgidFiles()
+	{
 		if (Settings::Get('system.mod_fcgid') == '0') {
 			return;
 		}
-
+		
 		// get correct directory
 		$configdir = $this->_getFile('system', 'mod_fcgid_configdir');
 		if ($configdir !== false) {
-
+			
 			$configdir = makeCorrectDir($configdir);
-
+			
 			if (@is_dir($configdir)) {
 				// create directory iterator
-				$its = new RecursiveIteratorIterator(
-						new RecursiveDirectoryIterator($configdir)
-				);
-
+				$its = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($configdir));
+				
 				// iterate through all subdirs,
 				// look for php-fcgi-starter files
 				// and take immutable-flag away from them
 				// so we can delete them :)
-				foreach ($its as $fullFileName => $it ) {
+				foreach ($its as $fullFileName => $it) {
 					if ($it->isFile() && $it->getFilename() == 'php-fcgi-starter') {
 						// set chattr -i
 						removeImmutable($its->getPathname());
 					}
 				}
-
+				
 				// now get rid of old stuff
-				//(but append /* so we don't delete the directory)
-				$configdir.='/*';
-				safe_exec('rm -rf '. makeCorrectFile($configdir));
+				// (but append /* so we don't delete the directory)
+				$configdir .= '/*';
+				safe_exec('rm -rf ' . makeCorrectFile($configdir));
 			}
 		}
 	}
@@ -254,33 +254,36 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanFpmFiles() {
-
+	private function _cleanFpmFiles()
+	{
 		if (Settings::Get('phpfpm.enabled') == '0') {
 			return;
 		}
-
-		// get correct directory
-		$configdir = $this->_getFile('phpfpm', 'configdir');
-		if ($configdir !== false) {
-
-			$configdir = makeCorrectDir($configdir);
-
+		
+		// get all fpm config paths
+		$fpmconf_sel = Database::prepare("SELECT config_dir FROM `" . TABLE_PANEL_FPMDAEMONS . "`");
+		Database::pexecute($fpmconf_sel);
+		$fpmconf_paths = $fpmconf_sel->fetchAll(PDO::FETCH_ASSOC);
+		// clean all php-fpm config-dirs
+		foreach ($fpmconf_paths as $configdir) {
+			$configdir = makeCorrectDir($configdir['config_dir']);
 			if (@is_dir($configdir)) {
 				// now get rid of old stuff
-				//(but append /* so we don't delete the directory)
-				$configdir.='/*';
-				safe_exec('rm -rf '. makeCorrectFile($configdir));
+				// (but append /*.conf so we don't delete the directory)
+				$configdir .= '/*.conf';
+				safe_exec('rm -f ' . makeCorrectFile($configdir));
+			} else {
+				safe_exec('mkdir -p ' . $configdir);
 			}
 		}
-
+		
 		// also remove aliasconfigdir #1273
 		$aliasconfigdir = $this->_getFile('phpfpm', 'aliasconfigdir');
 		if ($aliasconfigdir !== false) {
 			$aliasconfigdir = makeCorrectDir($aliasconfigdir);
 			if (@is_dir($aliasconfigdir)) {
-				$aliasconfigdir.='/*';
-				safe_exec('rm -rf '. makeCorrectFile($aliasconfigdir));
+				$aliasconfigdir .= '/*';
+				safe_exec('rm -rf ' . makeCorrectFile($aliasconfigdir));
 			}
 		}
 	}
@@ -288,17 +291,21 @@ class ConfigIO {
 	/**
 	 * returns a file/direcotry from the settings and checks whether it exists
 	 *
-	 * @param string $group         settings-group
-	 * @param string $varname       var-name
-	 * @param boolean $check_exists check if the file exists
-	 *
+	 * @param string $group
+	 *        	settings-group
+	 * @param string $varname
+	 *        	var-name
+	 * @param boolean $check_exists
+	 *        	check if the file exists
+	 *        	
 	 * @return string|boolean complete path including filename if any or false on error
 	 */
-	private function _getFile($group, $varname, $check_exists = true) {
-
+	private function _getFile($group, $varname, $check_exists = true)
+	{
+		
 		// read from settings
-		$file = Settings::Get($group.'.'.$varname);
-
+		$file = Settings::Get($group . '.' . $varname);
+		
 		// check whether it exists
 		if ($check_exists && @file_exists($file) == false) {
 			return false;
--- a/lib/classes/webserver/class.DomainSSL.php
+++ b/lib/classes/webserver/class.DomainSSL.php
@@ -46,7 +46,7 @@ class DomainSSL {
 				|| $dom_certs['ssl_cert_file'] == ''
 		) {
 			// maybe its parent?
-			if ($domain['parentdomainid'] != 0) {
+			if (isset($domain['parentdomainid']) && $domain['parentdomainid'] != 0) {
 				$dom_certs = Database::pexecute_first($dom_certs_stmt, array('domid' => $domain['parentdomainid']));
 			}
 		}
--- a/lib/classes/webserver/class.WebserverBase.php
+++ b/lib/classes/webserver/class.WebserverBase.php
@@ -17,8 +17,8 @@
 * @since      0.9.31
 *
 */
-
-class WebserverBase {
+class WebserverBase
+{

 	/**
 	 * returns an array with all entries required for all
@@ -26,27 +26,45 @@ class WebserverBase {
 	 *
 	 * @return array
 	 */
-	public static function getVhostsToCreate() {
-
+	public static function getVhostsToCreate()
+	{
 		$query = "SELECT `d`.*, `pd`.`domain` AS `parentdomain`, `c`.`loginname`,
 				`d`.`phpsettingid`, `c`.`adminid`, `c`.`guid`, `c`.`email`,
 				`c`.`documentroot` AS `customerroot`, `c`.`deactivated`,
-				`c`.`phpenabled` AS `phpenabled`, `d`.`mod_fcgid_starter`,
-				`d`.`mod_fcgid_maxrequests`
-				FROM `".TABLE_PANEL_DOMAINS."` `d`
+				`c`.`phpenabled` AS `phpenabled_customer`,
+				`d`.`phpenabled` AS `phpenabled_vhost`,
+				`d`.`mod_fcgid_starter`,`d`.`mod_fcgid_maxrequests`,
+				`d`.`ocsp_stapling`
+				FROM `" . TABLE_PANEL_DOMAINS . "` `d`

-				LEFT JOIN `".TABLE_PANEL_CUSTOMERS."` `c` USING(`customerid`)
-				LEFT JOIN `".TABLE_PANEL_DOMAINS."` `pd` ON (`pd`.`id` = `d`.`parentdomainid`)
+				LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
+				LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `pd` ON (`pd`.`id` = `d`.`parentdomainid`)

 				WHERE `d`.`aliasdomain` IS NULL AND `d`.`email_only` <> '1'
 				ORDER BY `d`.`parentdomainid` DESC, `d`.`iswildcarddomain`, `d`.`domain` ASC;
 		";
-
+		
 		$result_domains_stmt = Database::query($query);
-
+		
+		// prepare IP statement
+		$ip_stmt = Database::prepare("
+			SELECT `di`.`id_domain` , `p`.`ssl`, `p`.`ssl_cert_file`, `p`.`ssl_key_file`, `p`.`ssl_ca_file`, `p`.`ssl_cert_chainfile`
+			FROM `" . TABLE_DOMAINTOIP . "` `di`, `" . TABLE_PANEL_IPSANDPORTS . "` `p`
+			WHERE `p`.`id` = `di`.`id_ipandports`
+			AND `di`.`id_domain` = :domainid
+			AND `p`.`ssl` = '1'
+		");
+		
+		// prepare fpm-config select query
+		$fpm_sel_stmt = Database::prepare("
+			SELECT f.id FROM `" . TABLE_PANEL_FPMDAEMONS . "` f
+			LEFT JOIN `" . TABLE_PANEL_PHPCONFIGS . "` p ON p.fpmsettingid = f.id
+			WHERE p.id = :phpconfigid
+		");
+		
 		$domains = array();
 		while ($domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) {
-
+			
 			// set whole domain
 			$domains[$domain['domain']] = $domain;
 			// set empty-defaults for non-ssl
@@ -55,31 +73,38 @@ class WebserverBase {
 			$domains[$domain['domain']]['ssl_key_file'] = '';
 			$domains[$domain['domain']]['ssl_ca_file'] = '';
 			$domains[$domain['domain']]['ssl_cert_chainfile'] = '';
-
+			
 			// now, if the domain has an ssl ip/port assigned, get
 			// the corresponding information from the db
 			if (domainHasSslIpPort($domain['id'])) {

-				$ip_stmt = Database::prepare("
-						SELECT `di`.`id_domain` , `p`.`ssl`, `p`.`ssl_cert_file`, `p`.`ssl_key_file`, `p`.`ssl_ca_file`, `p`.`ssl_cert_chainfile`
-						FROM `".TABLE_DOMAINTOIP."` `di`, `".TABLE_PANEL_IPSANDPORTS."` `p`
-						WHERE `p`.`id` = `di`.`id_ipandports`
-						AND `di`.`id_domain` = :domainid
-						AND `p`.`ssl` = '1'
-						");
-				$ssl_ip = Database::pexecute_first($ip_stmt, array('domainid' => $domain['id']));
-
+				$ssl_ip = Database::pexecute_first($ip_stmt, array(
+					'domainid' => $domain['id']
+				));
+				
 				// set ssl info for domain
 				$domains[$domain['domain']]['ssl'] = '1';
 				$domains[$domain['domain']]['ssl_cert_file'] = $ssl_ip['ssl_cert_file'];
 				$domains[$domain['domain']]['ssl_key_file'] = $ssl_ip['ssl_key_file'];
 				$domains[$domain['domain']]['ssl_ca_file'] = $ssl_ip['ssl_ca_file'];
 				$domains[$domain['domain']]['ssl_cert_chainfile'] = $ssl_ip['ssl_cert_chainfile'];
+			}
+			
+			// read fpm-config-id if using fpm
+			if ((int) Settings::Get('phpfpm.enabled') == 1) {

+				$fpm_config = Database::pexecute_first($fpm_sel_stmt, array(
+					'phpconfigid' => $domain['phpsettingid']
+				));
+				if ($fpm_config) {
+					$domains[$domain['domain']]['fpm_config_id'] = $fpm_config['id'];
+				} else {
+					// fallback
+					$domains[$domain['domain']]['fpm_config_id'] = 1;
+				}
 			}
 		}
-
+		
 		return $domains;
 	}
-
 }
--- a/lib/configfiles/gentoo.xml
+++ b/lib/configfiles/gentoo.xml
@@ -61,6 +61,18 @@
        Allow from env=REDIRECT_STATUS
    </Location>
 </IfModule>
+]]>
+						</content>
+					</file>
+					<file name="{{settings.system.letsencryptacmeconf}}">
+						<visibility mode="true">{{settings.system.leenabled}}
+						</visibility>
+						<content><![CDATA[
+Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
+<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
+	Order allow,deny
+	Allow from all
+</Directory>
 ]]>
 						</content>
 					</file>
@@ -81,6 +93,17 @@
        Require env REDIRECT_STATUS
    </Location>
 </IfModule>
+]]>
+						</content>
+					</file>
+					<file name="{{settings.system.letsencryptacmeconf}}">
+						<visibility mode="true">{{settings.system.leenabled}}
+						</visibility>
+						<content><![CDATA[
+Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
+<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
+	Require all granted
+</Directory>
 ]]>
 						</content>
 					</file>
@@ -107,6 +130,7 @@ server.modules = (
 	"mod_auth",
 	"mod_fastcgi",
 	"mod_cgi",
+	"mod_setenv",
 	"mod_accesslog"
 )

@@ -119,7 +143,7 @@ server.errorlog      = var.logdir  + "/error.log"

 server.indexfiles    = ("index.php", "index.html",
 						"index.htm", "default.htm")
-						
+
 server.name			 = "<SERVERNAME>"
 server.port          = 80
 server.bind          = "<SERVERIP>"
@@ -147,7 +171,10 @@ fastcgi.server = (
 			"bin-copy-environment" => ( "" )
 		)
 	)
-)						
+)
+
+alias.url           += ("/.well-known/acme-challenge/" => "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge/")
+
 ]]>
 						</content>
 					</file>
@@ -210,8 +237,6 @@ http {
 					</file>
 					<file name="/etc/nginx/fastcgi_params">
 						<content><![CDATA[
-fastcgi_index index.php;
-
 fastcgi_connect_timeout 65;
 fastcgi_send_timeout    180;
 fastcgi_read_timeout    180;
@@ -239,6 +264,20 @@ fastcgi_param  SERVER_NAME        $server_name;

 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param  REDIRECT_STATUS    200;
+]]>
+						</content>
+					</file>
+					<file name="{{settings.system.letsencryptacmeconf}}">
+						<visibility mode="true">{{settings.system.leenabled}}
+						</visibility>
+						<content><![CDATA[
+location /.well-known/acme-challenge {
+	alias {{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge;
+
+	location ~ /.well-known/acme-challenge/(.*) {
+		default_type text/plain;
+	}
+}
 ]]>
 						</content>
 					</file>
@@ -314,31 +353,31 @@ exit "$RETVAL"
 			<!--DNS -->
 			<service type="dns" title="{{lng.admin.configfiles.dns}}">
 				<!--Bind9 -->
-				<daemon name="bind" title="Bind9 nameserver">
+				<daemon name="bind" title="Bind9 nameserver" default="true">
 					<install><![CDATA[emerge net-dns/bind]]></install>
 					<file name="/etc/bind/default.zone">
 						<content><![CDATA[
-$TTL 1W 
-@ IN SOA ns root ( 
-	2015020101 ; serial 
-	8H ; refresh 
-	2H ; retry 
-	1W ; expiry 
-	11h) ; minimum 
+$TTL 1W
+@ IN SOA ns root (
+	2015020101 ; serial
+	8H ; refresh
+	2H ; retry
+	1W ; expiry
+	11h) ; minimum

-	IN		NS		ns 
-	IN		MX		10 mail 
+	IN		NS		ns
+	IN		MX		10 mail

-	IN		A		<SERVERIP> 
-	IN		MX		10 mail 
+	IN		A		<SERVERIP>
+	IN		MX		10 mail

 *	IN		A		<SERVERIP>
-	IN		MX		10 mail 
+	IN		MX		10 mail

-ns	IN		A		<SERVERIP> 
+ns	IN		A		<SERVERIP>

 mail	IN		A	<SERVERIP>
-		IN		MX	10 mail 
+		IN		MX	10 mail
 ]]>
 						</content>
 					</file>
@@ -349,15 +388,559 @@ mail	IN		A	<SERVERIP>
 					<command><![CDATA[rc-update add named default]]></command>
 					<command><![CDATA[/etc/init.d/named restart]]></command>
 				</daemon>
-				<daemon name="powerdns" title="PowerDNS via bind-backend">
+				<daemon name="powerdns" title="PowerDNS (standalone)">
 					<install><![CDATA[emerge net-dns/pdns]]></install>
-					<file name="/etc/powerdns/pdns.conf" backup="true">
+					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
 						<content><![CDATA[
 # Autogenerated configuration file template
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
+
+#################################
+# allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
+#
+# allow-dnsupdate-from=127.0.0.0/8,::1
+
+#################################
+# allow-recursion	List of subnets that are allowed to recurse
+#
+allow-recursion=127.0.0.1
+
+#################################
+# also-notify	When notifying a domain, also notify these nameservers
+#
+# also-notify=
+
+#################################
+# any-to-tcp	Answer ANY queries with tc=1, shunting to TCP
+#
+# any-to-tcp=no
+
+#################################
+# cache-ttl	Seconds to store packets in the PacketCache
+#
+# cache-ttl=20
+
+#################################
+# carbon-interval	Number of seconds between carbon (graphite) updates
+#
+# carbon-interval=30
+
+#################################
+# carbon-ourname	If set, overrides our reported hostname for carbon stats
+#
+# carbon-ourname=
+
+#################################
+# carbon-server	If set, send metrics in carbon (graphite) format to this server
+#
+# carbon-server=
+
+#################################
+# chroot	If set, chroot to this directory for more security
+#
+# chroot=
+
+#################################
+# config-dir	Location of configuration directory (pdns.conf)
+#
+config-dir=/etc/powerdns
+
+#################################
+# config-name	Name of this virtual configuration - will rename the binary image
+#
+# config-name=
+
+#################################
+# control-console	Debugging switch - don't use
+#
+# control-console=no
+
+#################################
+# daemon	Operate as a daemon
+#
+daemon=yes
+
+#################################
+# default-ksk-algorithms	Default KSK algorithms
+#
+# default-ksk-algorithms=rsasha256
+
+#################################
+# default-ksk-size	Default KSK size (0 means default)
+#
+# default-ksk-size=0
+
+#################################
+# default-soa-mail	mail address to insert in the SOA record if none set in the backend
+#
+# default-soa-mail=
+
+#################################
+# default-soa-name	name to insert in the SOA record if none set in the backend
+#
+# default-soa-name=a.misconfigured.powerdns.server
+
+#################################
+# default-ttl	Seconds a result is valid if not set otherwise
+#
+# default-ttl=3600
+
+#################################
+# default-zsk-algorithms	Default ZSK algorithms
+#
+# default-zsk-algorithms=rsasha256
+
+#################################
+# default-zsk-size	Default ZSK size (0 means default)
+#
+# default-zsk-size=0
+
+#################################
+# direct-dnskey	Fetch DNSKEY RRs from backend during DNSKEY synthesis
+#
+# direct-dnskey=no
+
+#################################
+# disable-axfr	Disable zonetransfers but do allow TCP queries
+#
+# disable-axfr=no
+
+#################################
+# disable-axfr-rectify	Disable the rectify step during an outgoing AXFR. Only required for regression testing.
+#
+# disable-axfr-rectify=no
+
+#################################
+# disable-tcp	Do not listen to TCP queries
+#
+# disable-tcp=no
+
+#################################
+# distributor-threads	Default number of Distributor (backend) threads to start
+#
+# distributor-threads=3
+
+#################################
+# do-ipv6-additional-processing	Do AAAA additional processing
+#
+# do-ipv6-additional-processing=yes
+
+#################################
+# edns-subnet-processing	If we should act on EDNS Subnet options
+#
+# edns-subnet-processing=no
+
+#################################
+# entropy-source	If set, read entropy from this file
+#
+# entropy-source=/dev/urandom
+
+#################################
+# experimental-api-key	REST API Static authentication key (required for API use)
+#
+# experimental-api-key=
+
+#################################
+# experimental-api-readonly	If the JSON API should disallow data modification
+#
+# experimental-api-readonly=no
+
+#################################
+# experimental-dname-processing	If we should support DNAME records
+#
+# experimental-dname-processing=no
+
+#################################
+# experimental-dnsupdate	Enable/Disable DNS update (RFC2136) support. Default is no.
+#
+# experimental-dnsupdate=no
+
+#################################
+# experimental-json-interface	If the webserver should serve JSON data
+#
+# experimental-json-interface=no
+
+#################################
+# experimental-logfile	Filename of the log file for JSON parser
+#
+# experimental-logfile=/var/log/pdns.log
+
+#################################
+# forward-dnsupdate	A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.
+#
+# forward-dnsupdate=yes
+
+#################################
+# guardian	Run within a guardian process
+#
+guardian=yes
+
+#################################
+# include-dir	Include *.conf files from this directory
+#
+# include-dir=
+
+#################################
+# launch	Which backends to launch and order to query them in
+#
+# launch=
+
+#################################
+# load-modules	Load this module - supply absolute or relative path
+#
+# load-modules=
+
+#################################
+# local-address	Local IP addresses to which we bind
+#
+local-address=<SERVERIP>,127.0.0.1
+
+#################################
+# local-address-nonexist-fail	Fail to start if one or more of the local-address's do not exist on this server
+#
+# local-address-nonexist-fail=yes
+
+#################################
+# local-ipv6	Local IP address to which we bind
+#
+# local-ipv6=
+
+#################################
+# local-ipv6-nonexist-fail	Fail to start if one or more of the local-ipv6 addresses do not exist on this server
+#
+# local-ipv6-nonexist-fail=yes
+
+#################################
+# local-port	The port on which we listen
+#
+local-port=53
+
+#################################
+# log-dns-details	If PDNS should log DNS non-erroneous details
+#
+log-dns-details=yes
+
+#################################
+# log-dns-queries	If PDNS should log all incoming DNS queries
+#
+# log-dns-queries=no
+
+#################################
+# logging-facility	Log under a specific facility
+#
+# logging-facility=
+
+#################################
+# loglevel	Amount of logging. Higher is more. Do not set below 3
+#
+# loglevel=4
+
+#################################
+# lua-prequery-script	Lua script with prequery handler
+#
+# lua-prequery-script=
+
+#################################
+# master	Act as a master
+#
+master=yes
+
+#################################
+# max-cache-entries	Maximum number of cache entries
+#
+# max-cache-entries=1000000
+
+#################################
+# max-ent-entries	Maximum number of empty non-terminals in a zone
+#
+# max-ent-entries=100000
+
+#################################
+# max-nsec3-iterations	Limit the number of NSEC3 hash iterations
+#
+# max-nsec3-iterations=500
+
+#################################
+# max-queue-length	Maximum queuelength before considering situation lost
+#
+# max-queue-length=5000
+
+#################################
+# max-signature-cache-entries	Maximum number of signatures cache entries
+#
+# max-signature-cache-entries=
+
+#################################
+# max-tcp-connections	Maximum number of TCP connections
+#
+# max-tcp-connections=10
+
+#################################
+# module-dir	Default directory for modules
+#
+module-dir=/usr/lib/powerdns/pdns/
+
+#################################
+# negquery-cache-ttl	Seconds to store negative query results in the QueryCache
+#
+# negquery-cache-ttl=60
+
+#################################
+# no-shuffle	Set this to prevent random shuffling of answers - for regression testing
+#
+# no-shuffle=off
+
+#################################
+# only-notify	Only send AXFR NOTIFY to these IP addresses or netmasks
+#
+# only-notify=0.0.0.0/0,::/0
+
+#################################
+# out-of-zone-additional-processing	Do out of zone additional processing
+#
+# out-of-zone-additional-processing=yes
+
+#################################
+# overload-queue-length	Maximum queuelength moving to packetcache only
+#
+# overload-queue-length=0
+
+#################################
+# pipebackend-abi-version	Version of the pipe backend ABI
+#
+# pipebackend-abi-version=1
+
+#################################
+# prevent-self-notification	Don't send notifications to what we think is ourself
+#
+# prevent-self-notification=yes
+
+#################################
+# query-cache-ttl	Seconds to store query results in the QueryCache
+#
+# query-cache-ttl=20
+
+#################################
+# query-local-address	Source IP address for sending queries
+#
+# query-local-address=0.0.0.0
+
+#################################
+# query-local-address6	Source IPv6 address for sending queries
+#
+# query-local-address6=::
+
+#################################
+# query-logging	Hint backends that queries should be logged
+#
+# query-logging=no
+
+#################################
+# queue-limit	Maximum number of milliseconds to queue a query
+#
+# queue-limit=1500
+
+#################################
+# receiver-threads	Default number of receiver threads to start
+#
+# receiver-threads=1
+
+#################################
+# recursive-cache-ttl	Seconds to store packets for recursive queries in the PacketCache
+#
+# recursive-cache-ttl=10
+
+#################################
+# recursor	If recursion is desired, IP address of a recursing nameserver
+#
+# recursor=no
+
+#################################
+# retrieval-threads	Number of AXFR-retrieval threads for slave operation
+#
+# retrieval-threads=2
+
+#################################
+# reuseport	Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket
+#
+# reuseport=no
+
+#################################
+# security-poll-suffix	Domain name from which to query security update notifications
+#
+# security-poll-suffix=secpoll.powerdns.com.
+
+#################################
+# send-root-referral	Send out old-fashioned root-referral instead of ServFail in case of no authority
+#
+# send-root-referral=no
+
+#################################
+# server-id	Returned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom
+#
+# server-id=
+
+#################################
+# setgid	If set, change group id to this gid for more security
+#
+setgid=pdns
+
+#################################
+# setuid	If set, change user id to this uid for more security
+#
+setuid=pdns
+
+#################################
+# signing-threads	Default number of signer threads to start
+#
+# signing-threads=3
+
+#################################
+# slave	Act as a slave
+#
+# slave=no
+
+#################################
+# slave-cycle-interval	Reschedule failed SOA serial checks once every .. seconds
+#
+# slave-cycle-interval=60
+
+#################################
+# slave-renotify	If we should send out notifications for slaved updates
+#
+# slave-renotify=no
+
+#################################
+# soa-expire-default	Default SOA expire
+#
+# soa-expire-default=604800
+
+#################################
+# soa-minimum-ttl	Default SOA minimum ttl
+#
+# soa-minimum-ttl=3600
+
+#################################
+# soa-refresh-default	Default SOA refresh
+#
+# soa-refresh-default=10800
+
+#################################
+# soa-retry-default	Default SOA retry
+#
+# soa-retry-default=3600
+
+#################################
+# socket-dir	Where the controlsocket will live
+#
+socket-dir=/var/run
+
+#################################
+# tcp-control-address	If set, PowerDNS can be controlled over TCP on this address
+#
+# tcp-control-address=
+
+#################################
+# tcp-control-port	If set, PowerDNS can be controlled over TCP on this address
+#
+# tcp-control-port=53000
+
+#################################
+# tcp-control-range	If set, remote control of PowerDNS is possible over these networks only
+#
+# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10
+
+#################################
+# tcp-control-secret	If set, PowerDNS can be controlled over TCP after passing this secret
+#
+# tcp-control-secret=
+
+#################################
+# traceback-handler	Enable the traceback handler (Linux only)
+#
+# traceback-handler=yes
+
+#################################
+# trusted-notification-proxy	IP address of incoming notification proxy
+#
+# trusted-notification-proxy=
+
+#################################
+# udp-truncation-threshold	Maximum UDP response size before we truncate
+#
+# udp-truncation-threshold=1680
+
+#################################
+# version-string	PowerDNS version in packets - full, anonymous, powerdns or custom
+#
+version-string=powerdns
+
+#################################
+# webserver	Start a webserver for monitoring
+#
+# webserver=no
+
+#################################
+# webserver-address	IP Address of webserver to listen on
+#
+# webserver-address=127.0.0.1
+
+#################################
+# webserver-allow-from	Webserver access is only allowed from these subnets
+#
+# webserver-allow-from=0.0.0.0/0,::/0
+
+#################################
+# webserver-password	Password required for accessing the webserver
+#
+# webserver-password=
+
+#################################
+# webserver-port	Port of webserver to listen on
+#
+# webserver-port=8081
+
+#################################
+# webserver-print-arguments	If the webserver should print arguments
+#
+# webserver-print-arguments=no
+
+# include froxlor-specific config
+include-dir=/etc/powerdns/froxlor/
+]]>
+						</content>
+					</file>
+					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
+					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
+						chmod="600">
+						<content><![CDATA[
+# mysql-settings / you need to create the power-dns database for yourself!
+launch=gmysql
+gmysql-host=127.0.0.1
+gmysql-port=3306
+gmysql-dbname=pdns
+gmysql-user=powerdns
+gmysql-group=client
+gmysql-password=
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/pdns restart]]></command>
+				</daemon>
+				<daemon name="powerdns_bind" title="PowerDNS via bind-backend">
+					<install><![CDATA[emerge net-dns/pdns]]></install>
+					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
+						<content><![CDATA[
+# Autogenerated configuration file template
+#################################
+# allow-axfr-ips	Allow zonetransfers only to these subnets
+#
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>

 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -870,12 +1453,13 @@ version-string=powerdns
 # webserver-print-arguments=no

 # include froxlor-bind-specific config
-include=/etc/powerdns/pdns_froxlor.conf
+include-dir=/etc/powerdns/froxlor/
 ]]>
 						</content>
 					</file>
-					<file name="/etc/powerdns/pdns_froxlor.conf" chown="root:0"
-						chmod="644">
+					<command><![CDATA[mkdir -p /etc/powerdns/froxlor/]]></command>
+					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
+						chmod="600">
 						<content><![CDATA[
 #local-ipv6=YOUR_IPv6_(if_any)
 bind-config=<BIND_CONFIG_PATH>named.conf
@@ -1028,11 +1612,11 @@ program_directory = /usr/libexec/postfix
 sendmail_path = /usr/sbin/sendmail

 ## General Postfix configuration
-# should be the default domain from your provider eg. "server100.provider.tld"
+# FQDN from Froxlor
 mydomain = <SERVERNAME>

-# should be different from $mydomain eg. "mail.$mydomain"
-myhostname = mail.$mydomain
+# set myhostname to $mydomain because Froxlor alrady uses a FQDN
+myhostname = $mydomain

 mydestination = $myhostname,
 	$mydomain,
@@ -1058,9 +1642,9 @@ smtpd_recipient_restrictions = permit_mynetworks,
 	reject_non_fqdn_recipient
 smtpd_sender_restrictions = permit_mynetworks,
 	reject_sender_login_mismatch,
-	permit_sasl_authenticated, 
-	reject_unknown_hostname, 
-	reject_unknown_recipient_domain, 
+	permit_sasl_authenticated,
+	reject_unknown_hostname,
+	reject_unknown_recipient_domain,
 	reject_unknown_sender_domain
 smtpd_client_restrictions = permit_mynetworks,
 	permit_sasl_authenticated,
@@ -1359,9 +1943,9 @@ smtpd_recipient_restrictions = permit_mynetworks,
 	reject_non_fqdn_recipient
 smtpd_sender_restrictions = permit_mynetworks,
 	reject_sender_login_mismatch,
-	permit_sasl_authenticated, 
-	reject_unknown_hostname, 
-	reject_unknown_recipient_domain, 
+	permit_sasl_authenticated,
+	reject_unknown_hostname,
+	reject_unknown_recipient_domain,
 	reject_unknown_sender_domain
 smtpd_client_restrictions = permit_mynetworks,
 	permit_sasl_authenticated,
@@ -1456,7 +2040,7 @@ mail_debug = no
 protocols = imap pop3 sieve

 ### SSL Settings
-### After you obtained an SSL-certificate enable ssl here and 
+### After you obtained an SSL-certificate enable ssl here and
 ### set disable_plaintext_auth to yes (see above)
 ssl = no
 #ssl_cert = </etc/ssl/server/<SERVERNAME>.pem
@@ -1469,7 +2053,7 @@ passdb {

 plugin {
 	quota = maildir:User Quota
-	
+
 	# Sieve-Configuration
 	sieve = ~/sieve/.dovecot.sieve
 	sieve_dir = ~/sieve
@@ -1508,7 +2092,7 @@ userdb {

 protocol imap {
 	mail_plugins = quota imap_quota
-	
+
 	# IMAP logout format string:
 	#  %i - total number of bytes read from client
 	#  %o - total number of bytes sent to client
@@ -1518,7 +2102,7 @@ protocol imap {
 protocol pop3 {
 	mail_plugins = quota
 	pop3_uidl_format = UID%u-%v
-	
+
 	# POP3 logout format string:
 	# %i - total number of bytes read from client
 	# %o - total number of bytes sent to client
@@ -1663,7 +2247,7 @@ protocol sieve {
 #
 # location = [<type>:]path[;<option>[=<value>][;...]]
 #
-# If the type prefix is omitted, the script location type is 'file' and the 
+# If the type prefix is omitted, the script location type is 'file' and the
 # location is interpreted as a local filesystem path pointing to a Sieve script
 # file or directory. Refer to Pigeonhole wiki or INSTALL file for more
 # information.
@@ -1674,7 +2258,7 @@ plugin {
  # delivery. The "include" extension uses this location for retrieving
  # :personal" scripts. This is also where the  ManageSieve service will store
  # the user's scripts, if supported.
-  # 
+  #
  # Currently only the 'file:' location type supports ManageSieve operation.
  # Other location types like 'dict:' and 'ldap:' can currently only
  # be used as a read-only script source ().
@@ -1694,15 +2278,15 @@ plugin {
  #     script.
  #sieve_default = /var/lib/dovecot/sieve/default.sieve

-  # The name by which the default Sieve script (as configured by the 
-  # sieve_default setting) is visible to the user through ManageSieve. 
-  #sieve_default_name = 
+  # The name by which the default Sieve script (as configured by the
+  # sieve_default setting) is visible to the user through ManageSieve.
+  #sieve_default_name =

  # Location for ":global" include scripts as used by the "include" extension.
  #sieve_global =

  # Location Sieve of scripts that need to be executed before the user's
-  # personal script. If a 'file' location path points to a directory, all the 
+  # personal script. If a 'file' location path points to a directory, all the
  # Sieve scripts contained therein (with the proper `.sieve' extension) are
  # executed. The order of execution within that directory is determined by the
  # file names, using a normal 8bit per-character comparison.
@@ -2519,7 +3103,7 @@ POP3_TLS_REQUIRED=0
 COURIERTLS=/usr/sbin/couriertls

 ##NAME: TLS_PROTOCOL:0
-# 
+#
 # TLS_PROTOCOL sets the protocol version.  The possible versions are:
 #
 # SSL2 - SSLv2
@@ -2529,7 +3113,7 @@ COURIERTLS=/usr/sbin/couriertls
 TLS_PROTOCOL=SSL3

 ##NAME: TLS_STARTTLS_PROTOCOL:0
-# 
+#
 # TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the POP3 STARTTLS
 # extension, as opposed to POP3 over SSL on port 995.
 #
@@ -2723,7 +3307,7 @@ IMAP_TLS_REQUIRED=0
 COURIERTLS=/usr/sbin/couriertls

 ##NAME: TLS_PROTOCOL:0
-# 
+#
 # TLS_PROTOCOL sets the protocol version.  The possible versions are:
 #
 # SSL2 - SSLv2
@@ -2733,7 +3317,7 @@ COURIERTLS=/usr/sbin/couriertls
 TLS_PROTOCOL=SSL3

 ##NAME: TLS_STARTTLS_PROTOCOL:0
-# 
+#
 # TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
 # extension, as opposed to IMAP over SSL on port 993.
 #
@@ -2838,6 +3422,18 @@ MAILDIRPATH=.maildir
 				<daemon name="proftpd" title="ProFTPd" default="true">
 					<command><![CDATA[echo "net-ftp/proftpd mysql" >> /etc/portage/package.use]]></command>
 					<install><![CDATA[emerge net-ftp/proftpd]]></install>
+					<file name="/etc/proftpd/create-cert.sh" chown="root:0" chmod="0700">
+						<content><![CDATA[#!/bin/bash
+[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"
+[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"
+chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key
+]]>
+						</content>
+					</file>
+					<commands index="1">
+						<command><![CDATA[/etc/proftpd/create-cert.sh]]></command>
+						<command><![CDATA[rm -f /etc/proftpd/create-cert.sh]]></command>
+					</commands>
 					<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
 						backup="true">
 						<content><![CDATA[
@@ -2914,20 +3510,23 @@ SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, b
 SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies

 # TLS settings
-#<IfModule mod_tls.c>
-#TLSEngine					on
-#TLSLog						/var/log/proftpd-tls.log
-#TLSProtocol					SSLv23
-#TLSTimeoutHandshake				120
+<IfModule mod_tls.c>
+TLSEngine on
+TLSLog /var/log/proftpd-tls.log
+TLSProtocol TLSv1 TLSv1.1 TLSv1.2
+#TLSTimeoutHandshake 120
 # Really important for WinClients and some clients
-#TLSOptions					NoCertRequest NoSessionReuseRequired
-#TLSRSACertificateFile		/etc/ssl/server/<SERVERNAME>.crt
-#TLSRSACertificateKeyFile	/etc/ssl/server/<SERVERNAME>.key
+TLSOptions NoCertRequest NoSessionReuseRequired
+TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
+TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
+TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt
+TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key
+
 # Authenticate client that want to use FTP over TLS?
-#TLSVerifyClient			off
+TLSVerifyClient off
 # Uncomment the following line to force tls login
-#TLSRequired				off
-#</IfModule>
+#TLSRequired on
+</IfModule>

 # LOG settings
 # Logging Formats
@@ -3174,7 +3773,7 @@ password	<SQL_UNPRIVILEGED_PASSWORD>
 					</file>
 					<file name="/etc/nsswitch.conf" backup="true">
 						<content><![CDATA[
-# Make sure that `passwd`, `group` and `shadow` have mysql in their lines 
+# Make sure that `passwd`, `group` and `shadow` have mysql in their lines
 # You should place mysql at the end, so that it is queried after the other mechanisams
 #
 passwd:         compat mysql
@@ -3244,7 +3843,7 @@ aliases:     files
 					<commands index="2">
 						<visibility mode="equals" value="apache2">{{settings.system.webserver}}
 						</visibility>
-						<command><![CDATA[a2enmod suexec fcgid]]></command>
+						<command><![CDATA[# add "-D SUEXEC -D FCGID" to /etc/conf.d/apache2]]></command>
 					</commands>
 					<commands index="3">
 						<visibility mode="true">{{settings.system.mod_fcgid_ownvhost}}
@@ -3259,7 +3858,7 @@ aliases:     files
 							<content><![CDATA[# remove "-D PHP5" from /etc/conf.d/apache2]]></content>
 						</command>
 					</commands>
-					<!-- instead of just restarting apache, we let the cronjob do all the 
+					<!-- instead of just restarting apache, we let the cronjob do all the
 						dirty work -->
 					<command><![CDATA[php {{const.FROXLOR_INSTALL_DIR}}/scripts/froxlor_master_cronjob.php --force]]></command>
 				</daemon>
@@ -3285,7 +3884,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>
@@ -3297,7 +3896,7 @@ aliases:     files
 						</visibility>
 						<command><![CDATA[# remove "-D PHP5" from /etc/conf.d/apache2]]></command>
 					</commands>
-					<!-- instead of just restarting apache, we let the cronjob do all the 
+					<!-- instead of just restarting apache, we let the cronjob do all the
 						dirty work -->
 					<command><![CDATA[php {{const.FROXLOR_INSTALL_DIR}}/scripts/froxlor_master_cronjob.php --force]]></command>
 				</daemon>
--- a/lib/configfiles/jessie.xml
+++ b/lib/configfiles/jessie.xml
--- a/Show More
+++ b/Show More