Update phpMailer to 5.2.15

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

actions/admin/settings/110.accounts.php

@@ -183,11 +183,19 @@ return array(
 								'varname' => 'allow_preset',
 							),
 							'onlyif' => 1
-						)
-					),
+					)
+				),
+				'system_backupenabled' => array(
+					'label' => $lng['serversettings']['backupenabled'],
+					'settinggroup' => 'system',
+					'varname' => 'backupenabled',
+					'type' => 'bool',
+					'default' => false,
+					'cronmodule' => 'froxlor/backup',
+					'save_method' => 'storeSettingField'
 				),
 			),
 		),
-	);
+	)
+);
 
-?>

admin_customers.php

@@ -939,7 +939,9 @@ if ($page == 'customers'
 							SELECT ip, port FROM `".TABLE_PANEL_IPSANDPORTS."`
 							WHERE `id` = :defaultip
 						");
-						$srv_ip = Database::pexecute_first($srv_ip_stmt, array('defaultip' => reset(explode(',', Settings::Get('system.defaultip')))));
+						$default_ips = Settings::Get('system.defaultip');
+						$default_ips = explode(',', $default_ips);
+						$srv_ip = Database::pexecute_first($srv_ip_stmt, array('defaultip' => reset($default_ips)));
 
 						$replace_arr = array(
 							'FIRSTNAME' => $firstname,

admin_settings.php

@@ -54,7 +54,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 			$settings_part = false;
 			$only_enabledisable = true;
 		}
-		
+
 		// check if the session timeout is too low #815
 		if (isset($_POST['session_sessiontimeout'])
 			&& $_POST['session_sessiontimeout'] < 60
@@ -160,6 +160,8 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		inserttask('10');
 		// Using nameserver, insert a task which rebuilds the server config
 		inserttask('4');
+		// cron.d file
+		inserttask('99');
 
 		standard_success('rebuildingconfigs', '', array('filename' => 'admin_index.php'));
 

customer_domains.php

@@ -171,7 +171,7 @@ if ($page == 'overview') {
 
 		eval("echo \"" . getTemplate("domains/domainlist") . "\";");
 	} elseif ($action == 'delete' && $id != 0) {
-		$stmt = Database::prepare("SELECT `id`, `customerid`, `domain`, `documentroot`, `isemaildomain`, `parentdomainid` FROM `" . TABLE_PANEL_DOMAINS . "`
+		$stmt = Database::prepare("SELECT `id`, `customerid`, `domain`, `documentroot`, `isemaildomain`, `parentdomainid`, `aliasdomain` FROM `" . TABLE_PANEL_DOMAINS . "`
 			WHERE `customerid` = :customerid
 			AND `id` = :id"
 		);
@@ -197,6 +197,8 @@ if ($page == 'overview') {
 					}
 				}
 
+				triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
+
 				$log->logAction(USR_ACTION, LOG_INFO, "deleted subdomain '" . $idna_convert->decode($result['domain']) . "'");
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE
 					`customerid` = :customerid
@@ -245,6 +247,11 @@ if ($page == 'overview') {
 	} elseif ($action == 'add') {
 		if ($userinfo['subdomains_used'] < $userinfo['subdomains'] || $userinfo['subdomains'] == '-1') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+
+				if (strpos($_POST['subdomain'], '--') !== false) {
+					standard_error('domain_nopunycode');
+				}
+
 				$subdomain = $idna_convert->encode(preg_replace(array('/\:(\d)+$/', '/^https?\:\/\//'), '', validate($_POST['subdomain'], 'subdomain', '', 'subdomainiswrong')));
 				$domain = $idna_convert->encode($_POST['domain']);
 				$domain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "`
@@ -290,6 +297,7 @@ if ($page == 'overview') {
 						ORDER BY `d`.`domain` ASC;"
 					);
 					$aliasdomain_check = Database::pexecute_first($aliasdomain_stmt, array("id" => $aliasdomain, "customerid" => $userinfo['customerid']));
+					triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
 				}
 
 				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
@@ -342,11 +350,6 @@ if ($page == 'overview') {
 					}
 				}
 
-				if ($aliasdomain != 0 && $letsencrypt != 0)
-				{
-					standard_error('letsencryptdoesnotworkwithaliasdomains');
-				}
-
 				// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
 				if ($ssl_redirect > 0 && $letsencrypt == 1) {
 					$ssl_redirect = 2;
@@ -610,11 +613,6 @@ if ($page == 'overview') {
 					$letsencrypt = '0';
 				}
 
-				if ($aliasdomain != 0 && $letsencrypt != 0)
-				{
-					standard_error('letsencryptdoesnotworkwithaliasdomains');
-				}
-
 				// We can't enable let's encrypt for wildcard - domains
 				if ($iswildcarddomain == '1' && $letsencrypt == '1') {
 				    standard_error('nowildcardwithletsencrypt');
@@ -677,6 +675,17 @@ if ($page == 'overview') {
 							"id" => $id
 						);
 						Database::pexecute($stmt, $params);
+
+						if ($result['aliasdomain'] != $aliasdomain) {
+							// trigger when domain id for alias destination has changed: both for old and new destination
+							triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
+							triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
+						} else
+							if ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
+								// or when wwwserveralias or letsencrypt was changed
+								triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
+							}
+
 						inserttask('1');
 
 						// Using nameserver, insert a task which rebuilds the server config

customer_extras.php

@@ -16,7 +16,6 @@
  * @package    Panel
  *
  */
-
 define('AREA', 'customer');
 require './lib/init.php';
 
@@ -38,9 +37,10 @@ if ($page == 'overview') {
 		);
 		$paging = new paging($userinfo, TABLE_PANEL_HTPASSWDS, $fields);
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
-			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
+			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid']
+		));
 		$paging->setEntries(Database::num_rows());
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
@@ -58,38 +58,49 @@ if ($page == 'overview') {
 				$row['path'] = makeCorrectDir($row['path']);
 				$row = htmlentities_array($row);
 				eval("\$htpasswds.=\"" . getTemplate("extras/htpasswds_htpasswd") . "\";");
-				$count++;
+				$count ++;
 			}
 
-			$i++;
+			$i ++;
 		}
 
 		eval("echo \"" . getTemplate("extras/htpasswds") . "\";");
 	} elseif ($action == 'delete' && $id != 0) {
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
 			WHERE `customerid`= :customerid
-			AND `id`= :id"
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+			AND `id`= :id");
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid'],
+			"id" => $id
+		));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 
 		if (isset($result['username']) && $result['username'] != '') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "`
 					WHERE `customerid`= :customerid
-					AND `id`= :id"
-				);
-				Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+					AND `id`= :id");
+				Database::pexecute($stmt, array(
+					"customerid" => $userinfo['customerid'],
+					"id" => $id
+				));
 
 				$log->logAction(USR_ACTION, LOG_INFO, "deleted htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
 				inserttask('1');
-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
 				if (strpos($result['path'], $userinfo['documentroot']) === 0) {
-				    $result['path'] = str_replace($userinfo['documentroot'], "/", $result['path']);
+					$result['path'] = str_replace($userinfo['documentroot'], "/", $result['path']);
 				}
 
-				ask_yesno('extras_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username'] . ' (' . $result['path'] . ')');
+				ask_yesno('extras_reallydelete', $filename, array(
+					'id' => $id,
+					'page' => $page,
+					'action' => $action
+				), $result['username'] . ' (' . $result['path'] . ')');
 			}
 		}
 	} elseif ($action == 'add') {
@@ -104,8 +115,7 @@ if ($page == 'overview') {
 			$username_path_check_stmt = Database::prepare("SELECT `id`, `username`, `path` FROM `" . TABLE_PANEL_HTPASSWDS . "`
 				WHERE `username`= :username
 				AND `path`= :path
-				AND `customerid`= :customerid"
-			);
+				AND `customerid`= :customerid");
 			$params = array(
 				"username" => $username,
 				"path" => $path,
@@ -121,16 +131,22 @@ if ($page == 'overview') {
 				$password = crypt($_POST['directory_password']);
 			}
 
-			if (!$_POST['path']) {
+			if (! $_POST['path']) {
 				standard_error('invalidpath');
 			}
 
 			if ($username == '') {
-				standard_error(array('stringisempty', 'myloginname'));
+				standard_error(array(
+					'stringisempty',
+					'myloginname'
+				));
 			} elseif ($username_path_check['username'] == $username && $username_path_check['path'] == $path) {
 				standard_error('userpathcombinationdupe');
 			} elseif ($_POST['directory_password'] == '') {
-				standard_error(array('stringisempty', 'mypassword'));
+				standard_error(array(
+					'stringisempty',
+					'mypassword'
+				));
 			} elseif ($path == '') {
 				standard_error('patherror');
 			} elseif ($_POST['directory_password'] == $username) {
@@ -141,8 +157,7 @@ if ($page == 'overview') {
 					`username` = :username,
 					`password` = :password,
 					`path` = :path,
-					`authname` = :authname"
-				);
+					`authname` = :authname");
 				$params = array(
 					"customerid" => $userinfo['customerid'],
 					"username" => $username,
@@ -153,12 +168,15 @@ if ($page == 'overview') {
 				Database::pexecute($stmt, $params);
 				$log->logAction(USR_ACTION, LOG_INFO, "added htpasswd for '" . $username . " (" . $path . ")'");
 				inserttask('1');
-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			}
 		} else {
 			$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
 
-			$htpasswd_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htpasswd_add.php';
+			$htpasswd_add_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.htpasswd_add.php';
 			$htpasswd_add_form = htmlform::genHTMLForm($htpasswd_add_data);
 
 			$title = $htpasswd_add_data['htpasswd_add']['title'];
@@ -169,9 +187,11 @@ if ($page == 'overview') {
 	} elseif ($action == 'edit' && $id != 0) {
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
 			WHERE `customerid`= :customerid
-			AND `id`= :id"
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+			AND `id`= :id");
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid'],
+			"id" => $id
+		));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 
 		if (isset($result['username']) && $result['username'] != '') {
@@ -208,19 +228,21 @@ if ($page == 'overview') {
 				}
 
 				if ($pwd_sql != '' || $auth_sql != '') {
-					if ($pwd_sql !='' && $auth_sql != '') {
-						$pwd_sql.= ', ';
+					if ($pwd_sql != '' && $auth_sql != '') {
+						$pwd_sql .= ', ';
 					}
 
 					$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "`
-						SET ".$pwd_sql.$auth_sql."
+						SET " . $pwd_sql . $auth_sql . "
 						WHERE `customerid`= :customerid
-						AND `id`= :id"
-					);
+						AND `id`= :id");
 					Database::pexecute($stmt, $params);
 					$log->logAction(USR_ACTION, LOG_INFO, "edited htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
 					inserttask('1');
-					redirectTo($filename, array('page' => $page, 's' => $s));
+					redirectTo($filename, array(
+						'page' => $page,
+						's' => $s
+					));
 				}
 			} else {
 				if (strpos($result['path'], $userinfo['documentroot']) === 0) {
@@ -229,7 +251,7 @@ if ($page == 'overview') {
 
 				$result = htmlentities_array($result);
 
-				$htpasswd_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htpasswd_edit.php';
+				$htpasswd_edit_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.htpasswd_edit.php';
 				$htpasswd_edit_form = htmlform::genHTMLForm($htpasswd_edit_data);
 
 				$title = $htpasswd_edit_data['htpasswd_edit']['title'];
@@ -252,9 +274,10 @@ if ($page == 'overview') {
 		);
 		$paging = new paging($userinfo, TABLE_PANEL_HTACCESS, $fields);
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
-			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
+			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid']
+		));
 		$paging->setEntries(Database::num_rows());
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
@@ -278,49 +301,60 @@ if ($page == 'overview') {
 				$row['options_cgi'] = str_replace('0', $lng['panel']['no'], $row['options_cgi']);
 				$row = htmlentities_array($row);
 				eval("\$htaccess.=\"" . getTemplate("extras/htaccess_htaccess") . "\";");
-				$count++;
+				$count ++;
 			}
 
-			$i++;
+			$i ++;
 		}
 
 		eval("echo \"" . getTemplate("extras/htaccess") . "\";");
 	} elseif ($action == 'delete' && $id != 0) {
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
 			WHERE `customerid` = :customerid
-			AND `id` = :id"
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+			AND `id` = :id");
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid'],
+			"id" => $id
+		));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 
 		if (isset($result['customerid']) && $result['customerid'] != '' && $result['customerid'] == $userinfo['customerid']) {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				// do we have to remove the symlink and folder in suexecpath?
-				if ((int)Settings::Get('perl.suexecworkaround') == 1) {
+				if ((int) Settings::Get('perl.suexecworkaround') == 1) {
 					$loginname = getCustomerDetail($result['customerid'], 'loginname');
-					$suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath').'/'.$loginname.'/'.md5($result['path']).'/');
-					$perlsymlink = makeCorrectFile($result['path'].'/cgi-bin');
+					$suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath') . '/' . $loginname . '/' . md5($result['path']) . '/');
+					$perlsymlink = makeCorrectFile($result['path'] . '/cgi-bin');
 					// remove symlink
 					if (file_exists($perlsymlink)) {
-						safe_exec('rm -f '.escapeshellarg($perlsymlink));
+						safe_exec('rm -f ' . escapeshellarg($perlsymlink));
 						$log->logAction(USR_ACTION, LOG_DEBUG, "deleted suexecworkaround symlink '" . $perlsymlink . "'");
 					}
 					// remove folder in suexec-path
 					if (file_exists($suexecpath)) {
-						safe_exec('rm -rf '.escapeshellarg($suexecpath));
+						safe_exec('rm -rf ' . escapeshellarg($suexecpath));
 						$log->logAction(USR_ACTION, LOG_DEBUG, "deleted suexecworkaround path '" . $suexecpath . "'");
 					}
 				}
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTACCESS . "`
 					WHERE `customerid`= :customerid
-					AND `id`= :id"
-				);
-				Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+					AND `id`= :id");
+				Database::pexecute($stmt, array(
+					"customerid" => $userinfo['customerid'],
+					"id" => $id
+				));
 				$log->logAction(USR_ACTION, LOG_INFO, "deleted htaccess for '" . str_replace($userinfo['documentroot'], '/', $result['path']) . "'");
 				inserttask('1');
-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
-				ask_yesno('extras_reallydelete_pathoptions', $filename, array('id' => $id, 'page' => $page, 'action' => $action), str_replace($userinfo['documentroot'], '/', $result['path']));
+				ask_yesno('extras_reallydelete_pathoptions', $filename, array(
+					'id' => $id,
+					'page' => $page,
+					'action' => $action
+				), str_replace($userinfo['documentroot'], '/', $result['path']));
 			}
 		}
 	} elseif ($action == 'add') {
@@ -330,16 +364,18 @@ if ($page == 'overview') {
 			$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
 			$path_dupe_check_stmt = Database::prepare("SELECT `id`, `path` FROM `" . TABLE_PANEL_HTACCESS . "`
 				WHERE `path`= :path
-				AND `customerid`= :customerid"
-			);
-			Database::pexecute($path_dupe_check_stmt, array("path" => $path, "customerid" => $userinfo['customerid']));
+				AND `customerid`= :customerid");
+			Database::pexecute($path_dupe_check_stmt, array(
+				"path" => $path,
+				"customerid" => $userinfo['customerid']
+			));
 			$path_dupe_check = $path_dupe_check_stmt->fetch(PDO::FETCH_ASSOC);
 
-			if (!$_POST['path']) {
+			if (! $_POST['path']) {
 				standard_error('invalidpath');
 			}
 
-			if (isset($_POST['options_cgi']) && (int)$_POST['options_cgi'] != 0) {
+			if (isset($_POST['options_cgi']) && (int) $_POST['options_cgi'] != 0) {
 				$options_cgi = '1';
 			} else {
 				$options_cgi = '0';
@@ -372,8 +408,7 @@ if ($page == 'overview') {
 					`error404path` = :error404path,
 					`error403path` = :error403path,
 					`error500path` = :error500path,
-					`options_cgi` = :options_cgi'
-				);
+					`options_cgi` = :options_cgi');
 				$params = array(
 					"customerid" => $userinfo['customerid'],
 					"path" => $path,
@@ -387,13 +422,16 @@ if ($page == 'overview') {
 
 				$log->logAction(USR_ACTION, LOG_INFO, "added htaccess for '" . $path . "'");
 				inserttask('1');
-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			}
 		} else {
 			$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
 			$cperlenabled = customerHasPerlEnabled($userinfo['customerid']);
 
-			$htaccess_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htaccess_add.php';
+			$htaccess_add_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.htaccess_add.php';
 			$htaccess_add_form = htmlform::genHTMLForm($htaccess_add_data);
 
 			$title = $htaccess_add_data['htaccess_add']['title'];
@@ -404,9 +442,11 @@ if ($page == 'overview') {
 	} elseif (($action == 'edit') && ($id != 0)) {
 		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
 			WHERE `customerid` = :customerid
-			AND `id` = :id"
-		);
-		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+			AND `id` = :id");
+		Database::pexecute($result_stmt, array(
+			"customerid" => $userinfo['customerid'],
+			"id" => $id
+		));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 
 		if ((isset($result['customerid'])) && ($result['customerid'] != '') && ($result['customerid'] == $userinfo['customerid'])) {
@@ -426,12 +466,7 @@ if ($page == 'overview') {
 				$error403path = correctErrorDocument($_POST['error403path']);
 				$error500path = correctErrorDocument($_POST['error500path']);
 
-				if (($option_indexes != $result['options_indexes'])
-					|| ($error404path != $result['error404path'])
-					|| ($error403path != $result['error403path'])
-					|| ($error500path != $result['error500path'])
-					|| ($options_cgi != $result['options_cgi'])
-				) {
+				if (($option_indexes != $result['options_indexes']) || ($error404path != $result['error404path']) || ($error403path != $result['error403path']) || ($error500path != $result['error500path']) || ($options_cgi != $result['options_cgi'])) {
 					inserttask('1');
 					$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTACCESS . "`
 						SET `options_indexes` = :options_indexes,
@@ -440,8 +475,7 @@ if ($page == 'overview') {
 						`error500path` = :error500path,
 						`options_cgi` = :options_cgi
 						WHERE `customerid` = :customerid
-						AND `id` = :id"
-					);
+						AND `id` = :id");
 					$params = array(
 						"customerid" => $userinfo['customerid'],
 						"options_indexes" => $_POST['options_indexes'] == '1' ? '1' : '0',
@@ -455,7 +489,10 @@ if ($page == 'overview') {
 					$log->logAction(USR_ACTION, LOG_INFO, "edited htaccess for '" . str_replace($userinfo['documentroot'], '/', $result['path']) . "'");
 				}
 
-				redirectTo($filename, array('page' => $page, 's' => $s));
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
 				if (strpos($result['path'], $userinfo['documentroot']) === 0) {
 					$result['path'] = str_replace($userinfo['documentroot'], "/", $result['path']);
@@ -466,12 +503,12 @@ if ($page == 'overview') {
 				$result['error500path'] = $result['error500path'];
 				$cperlenabled = customerHasPerlEnabled($userinfo['customerid']);
 				/*
-				$options_indexes = makeyesno('options_indexes', '1', '0', $result['options_indexes']);
-				$options_cgi = makeyesno('options_cgi', '1', '0', $result['options_cgi']);
-				*/
+				 * $options_indexes = makeyesno('options_indexes', '1', '0', $result['options_indexes']);
+				 * $options_cgi = makeyesno('options_cgi', '1', '0', $result['options_cgi']);
+				 */
 				$result = htmlentities_array($result);
 
-				$htaccess_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htaccess_edit.php';
+				$htaccess_edit_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.htaccess_edit.php';
 				$htaccess_edit_form = htmlform::genHTMLForm($htaccess_edit_data);
 
 				$title = $htaccess_edit_data['htaccess_edit']['title'];
@@ -481,4 +518,76 @@ if ($page == 'overview') {
 			}
 		}
 	}
+} elseif ($page == 'backup') {
+
+	if (Settings::Get('system.backupenabled') == 1)
+	{
+		if ($action == '') {
+			$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::backup");
+
+			// check whether there is a backup-job for this customer
+			$sel_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_TASKS."` WHERE `type` = '20'");
+			Database::pexecute($sel_stmt);
+			while ($entry = $sel_stmt->fetch())
+			{
+				$data = unserialize($entry['data']);
+				if ($data['customerid'] == $userinfo['customerid']) {
+					standard_error('customerhasongoingbackupjob');
+				}
+			}
+
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+
+				if (! $_POST['path']) {
+					standard_error('invalidpath');
+				}
+
+				$path = makeCorrectDir(validate($_POST['path'], 'path'));
+				$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
+
+				$backup_dbs = isset($_POST['backup_dbs']) ? intval($_POST['backup_dbs']) : 0;
+				$backup_mail = isset($_POST['backup_mail']) ? intval($_POST['backup_mail']) : 0;
+				$backup_web = isset($_POST['backup_web']) ? intval($_POST['backup_web']) : 0;
+
+				if ($backup_dbs != '1') {
+					$backup_dbs = '0';
+				}
+
+				if ($backup_mail != '1') {
+					$backup_mail = '0';
+				}
+
+				if ($backup_web != '1') {
+					$backup_web = '0';
+				}
+
+				$task_data = array(
+					'customerid' => $userinfo['customerid'],
+					'uid' => $userinfo['guid'],
+					'gid' => $userinfo['guid'],
+					'loginname' => $userinfo['loginname'],
+					'destdir' => $path,
+					'backup_dbs' => $backup_dbs,
+					'backup_mail' => $backup_mail,
+					'backup_web' => $backup_web
+				);
+				// schedule backup job
+				inserttask('20', $task_data);
+
+				standard_success('backupscheduled');
+			} else {
+
+				$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
+				$backup_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.backup.php';
+				$backup_form = htmlform::genHTMLForm($backup_data);
+				$title = $backup_data['backup']['title'];
+				$image = $backup_data['backup']['image'];
+				eval("echo \"" . getTemplate("extras/backup") . "\";");
+			}
+		}
+	}
+	else
+	{
+		standard_error('backupfunctionnotenabled');
+	}
 }

install/froxlor.sql

@@ -525,6 +525,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'letsencryptkeysize', '4096'),
 	('system', 'letsencryptreuseold', 0),
 	('system', 'leenabled', '0'),
+	('system', 'backupenabled', '0'),
 	('panel', 'decimal_places', '4'),
 	('panel', 'adminmail', 'admin@SERVERNAME'),
 	('panel', 'phpmyadmin_url', ''),
@@ -555,8 +556,8 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'password_numeric', '0'),
 	('panel', 'password_special_char_required', '0'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
-	('panel', 'version', '0.9.35.1'),
-	('panel', 'db_version', '201603150');
+	('panel', 'version', '0.9.36'),
+	('panel', 'db_version', '201604270');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;
@@ -765,7 +766,8 @@ INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `interval`, `isactive`,
 	(4, 'froxlor/ticket', 'ticketarchive', '1 MONTH', '1', 'cron_ticketarchive'),
 	(5, 'froxlor/reports', 'usage_report', '1 DAY', '1', 'cron_usage_report'),
 	(6, 'froxlor/core', 'mailboxsize', '6 HOUR', '1', 'cron_mailboxsize'),
-	(7, 'froxlor/letsencrypt', 'letsencrypt', '5 MINUTE', '0', 'cron_letsencrypt');
+	(7, 'froxlor/letsencrypt', 'letsencrypt', '5 MINUTE', '0', 'cron_letsencrypt'),
+	(8, 'froxlor/backup', 'backup', '1 DAY', '1', 'cron_backup');
 
 
 

install/lng/english.lng.php

@@ -34,7 +34,6 @@ $lng['requirements']['phpbcmath'] = 'PHP bcmath-extension...';
 $lng['requirements']['phpcurl'] = 'PHP curl-extension...';
 $lng['requirements']['phpmbstring'] = 'PHP mbstring-extension...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-calculation related functions will not work correctly!';
-$lng['requirements']['curldescription'] = 'Version-check and news-feed may not work correctly!';
 $lng['requirements']['openbasedir'] = 'open_basedir...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor will not work properly with open_basedir enabled. Please disable open_basedir for Froxlor in the coresponding php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Cannot install Froxlor without these requirements! Try to fix them and retry.';

install/lng/french.lng.php

@@ -34,7 +34,6 @@ $lng['requirements']['phpbcmath'] = 'extension PHP bcmath ...';
 $lng['requirements']['phpcurl'] = 'extension PHP curl...';
 $lng['requirements']['phpmbstring'] = 'extension PHP mbstring...';
 $lng['requirements']['bcmathdescription'] = 'Les fonctions de calcul de traffic ne fonctionneront pas correctement!';
-$lng['requirements']['curldescription'] = 'Les vérifications de version et les flux d\'information peuvent ne pas fonctionner correctement!';
 $lng['requirements']['openbasedir'] = 'open_basedir...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor ne fonctionnera pas correctement avec open_basedir activé. Merci de désactiver open_basedir pour Froxlor dans le php.ini correspondant';
 $lng['requirements']['diedbecauseofrequirements'] = 'Impossible d\'installer Froxlor sans ces prérequis! Essayez de les corriger et essayez à nouveau.';

install/lng/german.lng.php

@@ -34,7 +34,6 @@ $lng['requirements']['phpbcmath'] = 'PHP bcmath-Erweiterung...';
 $lng['requirements']['phpcurl'] = 'PHP curl-Erweiterung...';
 $lng['requirements']['phpmbstring'] = 'PHP mbstring-Erweiterung...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-Berechnungs bezogene Funktionen stehen nicht vollständig zur Verfügung!';
-$lng['requirements']['curldescription'] = 'Versions-Prüfung und News-Feed stehen nicht vollständig zur Verfügung!';
 $lng['requirements']['openbasedir'] = 'open_basedir genutzt wird...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor wird mit aktiviertem open_basedir nicht vollständig funktionieren. Bitte deaktivieren Sie open_basedir für Froxlor in der entsprechenden php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Kann Froxlor ohne diese Voraussetzungen nicht installieren! Beheben Sie die angezeigten Probleme und versuchen Sie es erneut.';

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -3292,3 +3292,31 @@ if (isFroxlorVersion('0.9.35')) {
 
 	updateToVersion('0.9.35.1');
 }
+
+if (isFroxlorVersion('0.9.35.1') && isDatabaseVersion('201603150')) {
+
+	showUpdateStep("Adding new backup settings and cron");
+	$enable_backup = isset($_POST['enable_backup']) ? (int) $_POST['enable_backup'] : "0";
+	Settings::AddNew("system.backupenabled", $enable_backup);
+	$stmt = Database::prepare("
+		INSERT INTO `" . TABLE_PANEL_CRONRUNS . "` SET
+		`module` = 'froxlor/backup',
+		`cronfile` = 'backup',
+		`interval` = '1 DAY',
+		`desc_lng_key` = 'cron_backup',
+		`lastrun` = 0,
+		`isactive` = :isactive"
+	);
+	Database::pexecute($stmt, array('isactive' => $enable_backup));
+	lastStepStatus(0);
+
+	updateToDbVersion('201604270');
+}
+
+if (isFroxlorVersion('0.9.35.1')) {
+
+	showUpdateStep("Updating from 0.9.35.1 to 0.9.36 final");
+	lastStepStatus(0);
+
+	updateToVersion('0.9.36');
+}

install/updates/preconfig/0.9/preconfig_0.9.inc.php

@@ -708,4 +708,12 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version, $c
 	    $question.= makeyesno('enable_letsencrypt', '1', '0', '1').'<br />';
 	    eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}
+
+	if (versionInUpdate($current_db_version, '201604270')) {
+		$has_preconfig = true;
+		$description  = 'You can chose whether you want to enable or disable our backup function.<br /><br />';
+		$question = '<strong>Do you want to enable Backup? (default: no):</strong>&nbsp;';
+		$question.= makeyesno('enable_backup', '1', '0', '0').'<br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
 }

lib/classes/phpmailer/class.PHPMailer.php

@@ -31,7 +31,7 @@ class PHPMailer
      * The PHPMailer Version number.
      * @var string
      */
-    public $Version = '5.2.14';
+    public $Version = '5.2.15';
 
     /**
      * Email priority.
@@ -352,6 +352,7 @@ class PHPMailer
     /**
      * Whether to split multiple to addresses into multiple messages
      * or send them all in one message.
+     * Only supported in `mail` and `sendmail` transports, not in SMTP.
      * @var boolean
      */
     public $SingleTo = false;
@@ -446,6 +447,15 @@ class PHPMailer
      */
     public $XMailer = '';
 
+    /**
+     * Which validator to use by default when validating email addresses.
+     * May be a callable to inject your own validator, but there are several built-in validators.
+     * @see PHPMailer::validateAddress()
+     * @var string|callable
+     * @static
+     */
+    public static $validator = 'auto';
+
     /**
      * An instance of the SMTP sender class.
      * @var SMTP
@@ -634,9 +644,11 @@ class PHPMailer
      * Constructor.
      * @param boolean $exceptions Should we throw external exceptions?
      */
-    public function __construct($exceptions = false)
+    public function __construct($exceptions = null)
     {
-        $this->exceptions = (boolean)$exceptions;
+        if ($exceptions !== null) {
+            $this->exceptions = (boolean)$exceptions;
+        }
     }
 
     /**
@@ -645,9 +657,7 @@ class PHPMailer
     public function __destruct()
     {
         //Close any open SMTP connection nicely
-        if ($this->Mailer == 'smtp') {
-            $this->smtpClose();
-        }
+        $this->smtpClose();
     }
 
     /**
@@ -713,7 +723,7 @@ class PHPMailer
             case 'echo':
             default:
                 //Normalize line breaks
-                $str = preg_replace('/(\r\n|\r|\n)/ms', "\n", $str);
+                $str = preg_replace('/\r\n?/ms', "\n", $str);
                 echo gmdate('Y-m-d H:i:s') . "\t" . str_replace(
                     "\n",
                     "\n                   \t                  ",
@@ -850,7 +860,7 @@ class PHPMailer
         $name = trim(preg_replace('/[\r\n]+/', '', $name)); //Strip breaks and trim
         if (($pos = strrpos($address, '@')) === false) {
             // At-sign is misssing.
-            $error_message = $this->lang('invalid_address') . $address;
+            $error_message = $this->lang('invalid_address') . " (addAnAddress $kind): $address";
             $this->setError($error_message);
             $this->edebug($error_message);
             if ($this->exceptions) {
@@ -900,7 +910,7 @@ class PHPMailer
             return false;
         }
         if (!$this->validateAddress($address)) {
-            $error_message = $this->lang('invalid_address') . $address;
+            $error_message = $this->lang('invalid_address') . " (addAnAddress $kind): $address";
             $this->setError($error_message);
             $this->edebug($error_message);
             if ($this->exceptions) {
@@ -994,7 +1004,7 @@ class PHPMailer
         if (($pos = strrpos($address, '@')) === false or
             (!$this->has8bitChars(substr($address, ++$pos)) or !$this->idnSupported()) and
             !$this->validateAddress($address)) {
-            $error_message = $this->lang('invalid_address') . $address;
+            $error_message = $this->lang('invalid_address') . " (setFrom) $address";
             $this->setError($error_message);
             $this->edebug($error_message);
             if ($this->exceptions) {
@@ -1027,19 +1037,30 @@ class PHPMailer
     /**
      * Check that a string looks like an email address.
      * @param string $address The email address to check
-     * @param string $patternselect A selector for the validation pattern to use :
+     * @param string|callable $patternselect A selector for the validation pattern to use :
      * * `auto` Pick best pattern automatically;
      * * `pcre8` Use the squiloople.com pattern, requires PCRE > 8.0, PHP >= 5.3.2, 5.2.14;
      * * `pcre` Use old PCRE implementation;
      * * `php` Use PHP built-in FILTER_VALIDATE_EMAIL;
      * * `html5` Use the pattern given by the HTML5 spec for 'email' type form input elements.
      * * `noregex` Don't use a regex: super fast, really dumb.
+     * Alternatively you may pass in a callable to inject your own validator, for example:
+     * PHPMailer::validateAddress('user@example.com', function($address) {
+     *     return (strpos($address, '@') !== false);
+     * });
+     * You can also set the PHPMailer::$validator static to a callable, allowing built-in methods to use your validator.
      * @return boolean
      * @static
      * @access public
      */
-    public static function validateAddress($address, $patternselect = 'auto')
+    public static function validateAddress($address, $patternselect = null)
     {
+        if (is_null($patternselect)) {
+            $patternselect = self::$validator;
+        }
+        if (is_callable($patternselect)) {
+            return call_user_func($patternselect, $address);
+        }
         //Reject line breaks in addresses; it's valid RFC5322, but not RFC5321
         if (strpos($address, "\n") !== false or strpos($address, "\r") !== false) {
             return false;
@@ -1216,7 +1237,7 @@ class PHPMailer
                 }
                 $this->$address_kind = $this->punyencodeAddress($this->$address_kind);
                 if (!$this->validateAddress($this->$address_kind)) {
-                    $error_message = $this->lang('invalid_address') . $this->$address_kind;
+                    $error_message = $this->lang('invalid_address') . ' (punyEncode) ' . $this->$address_kind;
                     $this->setError($error_message);
                     $this->edebug($error_message);
                     if ($this->exceptions) {
@@ -1227,7 +1248,7 @@ class PHPMailer
             }
 
             // Set whether the message is multipart/alternative
-            if (!empty($this->AltBody)) {
+            if ($this->alternativeExists()) {
                 $this->ContentType = 'multipart/alternative';
             }
 
@@ -1634,7 +1655,7 @@ class PHPMailer
      */
     public function smtpClose()
     {
-        if ($this->smtp !== null) {
+        if (is_a($this->smtp, 'SMTP')) {
             if ($this->smtp->connected()) {
                 $this->smtp->quit();
                 $this->smtp->close();
@@ -1972,7 +1993,7 @@ class PHPMailer
             $result .= $this->headerLine('Subject', $this->encodeHeader($this->secureHeader($this->Subject)));
         }
 
-        if ($this->MessageID != '') {
+        if ('' != $this->MessageID and preg_match('/^<.*@.*>$/', $this->MessageID)) {
             $this->lastMessageID = $this->MessageID;
         } else {
             $this->lastMessageID = sprintf('<%s@%s>', $this->uniqueid, $this->serverHostname());
@@ -2074,7 +2095,7 @@ class PHPMailer
      */
     public function getSentMIMEMessage()
     {
-        return $this->MIMEHeader . $this->mailHeader . self::CRLF . $this->MIMEBody;
+        return rtrim($this->MIMEHeader . $this->mailHeader, "\n\r") . self::CRLF . self::CRLF . $this->MIMEBody;
     }
 
     /**
@@ -2120,8 +2141,9 @@ class PHPMailer
             $altBodyEncoding = '7bit';
             $altBodyCharSet = 'us-ascii';
         }
-        //If lines are too long, change to quoted-printable transfer encoding
-        if (self::hasLineLongerThanMax($this->AltBody)) {
+        //If lines are too long, and we're not already using an encoding that will shorten them,
+        //change to quoted-printable transfer encoding
+        if ('base64' != $altBodyEncoding and self::hasLineLongerThanMax($this->AltBody)) {
             $altBodyEncoding = 'quoted-printable';
         }
         //Use this as a preamble in all multipart message types
@@ -3296,7 +3318,7 @@ class PHPMailer
                             $message
                         );
                     }
-                } elseif (substr($url, 0, 4) !== 'cid:' && !preg_match('#^[A-z]+://#', $url)) {
+                } elseif (substr($url, 0, 4) !== 'cid:' && !preg_match('#^[a-z][a-z0-9+.-]*://#i', $url)) {
                     // Do not change urls for absolute images (thanks to corvuscorax)
                     // Do not change urls that are already inline images
                     $filename = basename($url);
@@ -3332,7 +3354,7 @@ class PHPMailer
         // Convert all message body line breaks to CRLF, makes quoted-printable encoding work much better
         $this->Body = $this->normalizeBreaks($message);
         $this->AltBody = $this->normalizeBreaks($this->html2text($message, $advanced));
-        if (empty($this->AltBody)) {
+        if (!$this->alternativeExists()) {
             $this->AltBody = 'To view this email message, open it in a program that understands HTML!' .
                 self::CRLF . self::CRLF;
         }
@@ -3657,11 +3679,13 @@ class PHPMailer
         if ($this->DKIM_passphrase != '') {
             $privKey = openssl_pkey_get_private($privKeyStr, $this->DKIM_passphrase);
         } else {
-            $privKey = $privKeyStr;
+            $privKey = openssl_pkey_get_private($privKeyStr);
         }
-        if (openssl_sign($signHeader, $signature, $privKey)) {
+        if (openssl_sign($signHeader, $signature, $privKey, 'sha256WithRSAEncryption')) { //sha1WithRSAEncryption
+            openssl_pkey_free($privKey);
             return base64_encode($signature);
         }
+        openssl_pkey_free($privKey);
         return '';
     }
 
@@ -3678,7 +3702,7 @@ class PHPMailer
         foreach ($lines as $key => $line) {
             list($heading, $value) = explode(':', $line, 2);
             $heading = strtolower($heading);
-            $value = preg_replace('/\s+/', ' ', $value); // Compress useless spaces
+            $value = preg_replace('/\s{2,}/', ' ', $value); // Compress useless spaces
             $lines[$key] = $heading . ':' . trim($value); // Don't forget to remove WSP around the value
         }
         $signHeader = implode("\r\n", $lines);
@@ -3716,7 +3740,7 @@ class PHPMailer
      */
     public function DKIM_Add($headers_line, $subject, $body)
     {
-        $DKIMsignatureType = 'rsa-sha1'; // Signature & hash algorithms
+        $DKIMsignatureType = 'rsa-sha256'; // Signature & hash algorithms
         $DKIMcanonicalization = 'relaxed/simple'; // Canonicalization of header/body
         $DKIMquery = 'dns/txt'; // Query method
         $DKIMtime = time(); // Signature Timestamp = seconds since 00:00:00 - Jan 1, 1970 (UTC time zone)
@@ -3724,6 +3748,7 @@ class PHPMailer
         $headers = explode($this->LE, $headers_line);
         $from_header = '';
         $to_header = '';
+        $date_header = '';
         $current = '';
         foreach ($headers as $header) {
             if (strpos($header, 'From:') === 0) {
@@ -3732,6 +3757,9 @@ class PHPMailer
             } elseif (strpos($header, 'To:') === 0) {
                 $to_header = $header;
                 $current = 'to_header';
+            } elseif (strpos($header, 'Date:') === 0) {
+                $date_header = $header;
+                $current = 'date_header';
             } else {
                 if (!empty($$current) && strpos($header, ' =?') === 0) {
                     $$current .= $header;
@@ -3742,6 +3770,7 @@ class PHPMailer
         }
         $from = str_replace('|', '=7C', $this->DKIM_QP($from_header));
         $to = str_replace('|', '=7C', $this->DKIM_QP($to_header));
+        $date = str_replace('|', '=7C', $this->DKIM_QP($date_header));
         $subject = str_replace(
             '|',
             '=7C',
@@ -3749,7 +3778,7 @@ class PHPMailer
         ); // Copied header fields (dkim-quoted-printable)
         $body = $this->DKIM_BodyC($body);
         $DKIMlen = strlen($body); // Length of body
-        $DKIMb64 = base64_encode(pack('H*', sha1($body))); // Base64 of packed binary SHA-1 hash of body
+        $DKIMb64 = base64_encode(pack('H*', hash('sha256', $body))); // Base64 of packed binary SHA-256 hash of body
         if ('' == $this->DKIM_identity) {
             $ident = '';
         } else {
@@ -3762,16 +3791,18 @@ class PHPMailer
             $this->DKIM_selector .
             ";\r\n" .
             "\tt=" . $DKIMtime . '; c=' . $DKIMcanonicalization . ";\r\n" .
-            "\th=From:To:Subject;\r\n" .
+            "\th=From:To:Date:Subject;\r\n" .
             "\td=" . $this->DKIM_domain . ';' . $ident . "\r\n" .
             "\tz=$from\r\n" .
             "\t|$to\r\n" .
+            "\t|$date\r\n" .
             "\t|$subject;\r\n" .
             "\tbh=" . $DKIMb64 . ";\r\n" .
             "\tb=";
         $toSign = $this->DKIM_HeaderC(
             $from_header . "\r\n" .
             $to_header . "\r\n" .
+            $date_header . "\r\n" .
             $subject_header . "\r\n" .
             $dkimhdrs
         );

lib/classes/phpmailer/class.SMTP.php

@@ -30,7 +30,7 @@ class SMTP
      * The PHPMailer SMTP version number.
      * @var string
      */
-    const VERSION = '5.2.14';
+    const VERSION = '5.2.15';
 
     /**
      * SMTP line break constant.
@@ -81,7 +81,7 @@ class SMTP
      * @deprecated Use the `VERSION` constant instead
      * @see SMTP::VERSION
      */
-    public $Version = '5.2.14';
+    public $Version = '5.2.15';
 
     /**
      * SMTP server port number.
@@ -336,11 +336,22 @@ class SMTP
         if (!$this->sendCommand('STARTTLS', 'STARTTLS', 220)) {
             return false;
         }
+
+        //Allow the best TLS version(s) we can
+        $crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
+
+        //PHP 5.6.7 dropped inclusion of TLS 1.1 and 1.2 in STREAM_CRYPTO_METHOD_TLS_CLIENT
+        //so add them back in manually if we can
+        if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) {
+            $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
+            $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
+        }
+
         // Begin encrypted connection
         if (!stream_socket_enable_crypto(
             $this->smtp_conn,
             true,
-            STREAM_CRYPTO_METHOD_TLS_CLIENT
+            $crypto_method
         )) {
             return false;
         }
@@ -736,7 +747,7 @@ class SMTP
     protected function parseHelloFields($type)
     {
         $this->server_caps = array();
-        $lines = explode("\n", $this->last_reply);
+        $lines = explode("\n", $this->helo_rply);
 
         foreach ($lines as $n => $s) {
             //First 4 chars contain response code followed by - or space

lib/classes/ssl/class.lescript.php

@@ -4,14 +4,14 @@
 //
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are met:
-//     * Redistributions of source code must retain the above copyright
-//       notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above copyright
-//       notice, this list of conditions and the following disclaimer in the
-//       documentation and/or other materials provided with the distribution.
-//     * Neither the name of the <organization> nor the
-//       names of its contributors may be used to endorse or promote products
-//       derived from this software without specific prior written permission.
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+// * Neither the name of the <organization> nor the
+// names of its contributors may be used to endorse or promote products
+// derived from this software without specific prior written permission.
 //
 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 // ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
@@ -28,274 +28,293 @@
 // and modified to work without files and integrate in Froxlor
 class lescript
 {
-    public $license = 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf';
 
-    private $logger;
-    private $client;
-    private $accountKey;
+	public $license = 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf';
 
-    public function __construct($logger)
-    {
-        $this->logger = $logger;
-        if (Settings::Get('system.letsencryptca') == 'production') {
-            $ca = 'https://acme-v01.api.letsencrypt.org';
-        } else {
-            $ca = 'https://acme-staging.api.letsencrypt.org';
-        }
-        $this->client = new Client($ca);
-        $this->log("Using '$ca' to generate certificate");
-    }
+	private $logger;
 
-    public function initAccount($certrow)
-    {
-        // Let's see if we have the private accountkey
-        $this->accountKey = $certrow['leprivatekey'];
-        if (!$this->accountKey || $this->accountKey == 'unset' || Settings::Get('system.letsencryptca') != 'production') {
+	private $client;
 
-            // generate and save new private key for account
-            // ---------------------------------------------
+	private $accountKey;
 
-            $this->log('Starting new account registration');
-            $keys = $this->generateKey();
-            // Only store the accountkey in production, in staging always generate a new key
-            if (Settings::Get('system.letsencryptca') == 'production') {
-                    $upd_stmt = Database::prepare("
-                    UPDATE `".TABLE_PANEL_CUSTOMERS."` SET `lepublickey` = :public, `leprivatekey` = :private WHERE `customerid` = :customerid;
-                ");
-                Database::pexecute($upd_stmt, array('public' => $keys['public'], 'private' => $keys['private'], 'customerid' => $certrow['customerid']));
-            }
-            $this->accountKey = $keys['private'];
-            $this->postNewReg();
-            $this->log('New account certificate registered');
-
-        } else {
-
-            $this->log('Account already registered. Continuing.');
-
-        }
-    }
-
-    public function signDomains(array $domains, $domainkey = null, $csr = null)
-    {
-
-        if (!$this->accountKey) {
-            throw new \RuntimeException("Account not initiated");
-        }
-
-        $this->log('Starting certificate generation process for domains');
-
-        $privateAccountKey = openssl_pkey_get_private($this->accountKey);
-        $accountKeyDetails = openssl_pkey_get_details($privateAccountKey);
-
-        // start domains authentication
-        // ----------------------------
-
-        foreach($domains as $domain) {
-
-            // 1. getting available authentication options
-            // -------------------------------------------
-
-            $this->log("Requesting challenge for $domain");
-
-            $response = $this->signedRequest(
-                "/acme/new-authz",
-                array("resource" => "new-authz", "identifier" => array("type" => "dns", "value" => $domain))
-            );
-
-            // if response is not an array but a string, it's most likely a server-error, e.g.
-            // <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>An error occurred while processing your request.
-            // <p>Reference&#32;&#35;179&#46;d8be1402&#46;1458059103&#46;3613c4db</BODY></HTML>
-            if (!is_array($response)) {
-                throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: ".$response);
-            }
-
-            if (!array_key_exists('challenges', $response)) {
-                throw new RuntimeException("No challenges received for $domain. Whole response: ".json_encode($response));
-            }
-
-            // choose http-01 challenge only
-            $challenge = array_reduce($response['challenges'], function($v, $w) { return $v ? $v : ($w['type'] == 'http-01' ? $w : false); });
-            if(!$challenge) throw new RuntimeException("HTTP Challenge for $domain is not available. Whole response: ".json_encode($response));
-
-            $this->log("Got challenge token for $domain");
-            $location = $this->client->getLastLocation();
-
-
-            // 2. saving authentication token for web verification
-            // ---------------------------------------------------
-
-            $directory = Settings::Get('system.letsencryptchallengepath').'/.well-known/acme-challenge';
-            $tokenPath = $directory.'/'.$challenge['token'];
-
-            if(!file_exists($directory) && !@mkdir($directory, 0755, true)) {
-                throw new \RuntimeException("Couldn't create directory to expose challenge: ${tokenPath}");
-            }
-
-            $header = array(
-                // need to be in precise order!
-                "e" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["e"]),
-                "kty" => "RSA",
-                "n" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["n"])
-
-            );
-            $payload = $challenge['token'] . '.' . Base64UrlSafeEncoder::encode(hash('sha256', json_encode($header), true));
-
-            file_put_contents($tokenPath, $payload);
-            chmod($tokenPath, 0644);
-
-            // 3. verification process itself
-            // -------------------------------
-
-            $uri = "http://${domain}/.well-known/acme-challenge/${challenge['token']}";
-
-            $this->log("Token for $domain saved at $tokenPath and should be available at $uri");
-
-            // simple self check
-            if($payload !== trim(@file_get_contents($uri))) {
-		$errmsg = json_encode(error_get_last());
-		if ($errmsg != "null") {
-			$errmsg = "; PHP error: " . $errmsg;
+	public function __construct($logger)
+	{
+		$this->logger = $logger;
+		if (Settings::Get('system.letsencryptca') == 'production') {
+			$ca = 'https://acme-v01.api.letsencrypt.org';
 		} else {
-			$errmsg = "";
+			$ca = 'https://acme-staging.api.letsencrypt.org';
 		}
-                @unlink($tokenPath);
-                throw new \RuntimeException("Please check $uri - token not available" . $errmsg);
-            }
+		$this->client = new Client($ca);
+		$this->log("Using '$ca' to generate certificate");
+	}
 
-            $this->log("Sending request to challenge");
+	public function initAccount($certrow)
+	{
+		// Let's see if we have the private accountkey
+		$this->accountKey = $certrow['leprivatekey'];
+		if (! $this->accountKey || $this->accountKey == 'unset' || Settings::Get('system.letsencryptca') != 'production') {
 
-            // send request to challenge
-            $result = $this->signedRequest(
-                $challenge['uri'],
-                array(
-                    "resource" => "challenge",
-                    "type" => "http-01",
-                    "keyAuthorization" => $payload,
-                    "token" => $challenge['token']
-                )
-            );
+			// generate and save new private key for account
+			// ---------------------------------------------
 
-            // waiting loop
-            // we wait for a maximum of 30 seconds to avoid endless loops
-            $count = 0;
-            do {
-                if(empty($result['status']) || $result['status'] == "invalid") {
-                    @unlink($tokenPath);
-                    throw new \RuntimeException("Verification ended with error: ".json_encode($result));
-                }
-                $ended = !($result['status'] === "pending");
+			$this->log('Starting new account registration');
+			$keys = $this->generateKey();
+			// Only store the accountkey in production, in staging always generate a new key
+			if (Settings::Get('system.letsencryptca') == 'production') {
+				$upd_stmt = Database::prepare(
+					"UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private " .
+						 "WHERE `customerid` = :customerid;");
+				Database::pexecute($upd_stmt,
+					array(
+						'public' => $keys['public'],
+						'private' => $keys['private'],
+						'customerid' => $certrow['customerid']
+					));
+			}
+			$this->accountKey = $keys['private'];
 
-                if(!$ended) {
-                    $this->log("Verification pending, sleeping 1s");
-                    sleep(1);
-                    $count++;
-                }
+			$response = $this->postNewReg();
+			if ($this->client->getLastCode() != 201) {
+				throw new \RuntimeException("Account not initialized, probably due to rate limiting. Whole response: " . $response);
+			}
 
-                $result = $this->client->get($location);
+			$this->postNewReg();
+			$this->log('New account certificate registered');
+		} else {
 
-            } while (!$ended && $count < 30);
+			$this->log('Account already registered. Continuing.');
+		}
+	}
 
-            $this->log("Verification ended with status: ${result['status']}");
-            @unlink($tokenPath);
-        }
+	public function signDomains(array $domains, $domainkey = null, $csr = null)
+	{
+		if (! $this->accountKey) {
+			throw new \RuntimeException("Account not initialized");
+		}
 
-        // requesting certificate
-        // ----------------------
+		$this->log('Starting certificate generation process for domains');
 
-        // generate private key for domain if not exist
-        if(empty($domainkey) || Settings::Get('system.letsencryptreuseold') == 0) {
-            $keys = $this->generateKey();
-            $domainkey = $keys['private'];
-        }
+		$privateAccountKey = openssl_pkey_get_private($this->accountKey);
+		$accountKeyDetails = openssl_pkey_get_details($privateAccountKey);
 
-        // load domain key
-        $privateDomainKey = openssl_pkey_get_private($domainkey);
+		// start domains authentication
+		// ----------------------------
 
-        $this->client->getLastLinks();
+		foreach ($domains as $domain) {
 
-        if (empty($csrfile) || Settings::Get('system.letsencryptreuseold') == 0) {
-            $csr = $this->generateCSR($privateDomainKey, $domains);
-        }
+			// 1. getting available authentication options
+			// -------------------------------------------
 
-        // request certificates creation
-        $result = $this->signedRequest(
-            "/acme/new-cert",
-            array('resource' => 'new-cert', 'csr' => $csr)
-        );
-        if ($this->client->getLastCode() !== 201) {
-            throw new \RuntimeException("Invalid response code: ".$this->client->getLastCode().", ".json_encode($result));
-        }
-        $location = $this->client->getLastLocation();
+			$this->log("Requesting challenge for $domain");
 
-        // waiting loop
-        $certificates = array();
-        while(1) {
-            $this->client->getLastLinks();
+			$response = $this->signedRequest("/acme/new-authz",
+				array(
+					"resource" => "new-authz",
+					"identifier" => array(
+						"type" => "dns",
+						"value" => $domain
+					)
+				));
 
-            $result = $this->client->get($location);
+			// if response is not an array but a string, it's most likely a server-error, e.g.
+			// <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>An error occurred while processing your request.
+			// <p>Reference&#32;&#35;179&#46;d8be1402&#46;1458059103&#46;3613c4db</BODY></HTML>
+			if (! is_array($response)) {
+				throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . $response);
+			}
 
-            if($this->client->getLastCode() == 202) {
+			if (! array_key_exists('challenges', $response)) {
+				throw new RuntimeException("No challenges received for $domain. Whole response: " . json_encode($response));
+			}
 
-                $this->log("Certificate generation pending, sleeping 1s");
-                sleep(1);
+			// choose http-01 challenge only
+			$challenge = array_reduce($response['challenges'],
+				function ($v, $w) {
+					return $v ? $v : ($w['type'] == 'http-01' ? $w : false);
+				});
+			if (! $challenge)
+				throw new RuntimeException("HTTP Challenge for $domain is not available. Whole response: " . json_encode($response));
 
-            } else if ($this->client->getLastCode() == 200) {
+			$this->log("Got challenge token for $domain");
+			$location = $this->client->getLastLocation();
 
-                $this->log("Got certificate! YAY!");
-                $certificates[] = $this->parsePemFromBody($result);
+			// 2. saving authentication token for web verification
+			// ---------------------------------------------------
 
+			$directory = Settings::Get('system.letsencryptchallengepath') . '/.well-known/acme-challenge';
+			$tokenPath = $directory . '/' . $challenge['token'];
 
-                foreach($this->client->getLastLinks() as $link) {
-                    $this->log("Requesting chained cert at $link");
-                    $result = $this->client->get($link);
-                    $certificates[] = $this->parsePemFromBody($result);
-                }
+			if (! file_exists($directory) && ! @mkdir($directory, 0755, true)) {
+				throw new \RuntimeException("Couldn't create directory to expose challenge: ${tokenPath}");
+			}
 
-                break;
-            } else {
+			$header = array(
+				// need to be in precise order!
+				"e" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["e"]),
+				"kty" => "RSA",
+				"n" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["n"])
+			);
+			$payload = $challenge['token'] . '.' . Base64UrlSafeEncoder::encode(hash('sha256', json_encode($header), true));
 
-                throw new \RuntimeException("Can't get certificate: HTTP code ".$this->client->getLastCode());
+			file_put_contents($tokenPath, $payload);
+			chmod($tokenPath, 0644);
 
-            }
-        }
+			// 3. verification process itself
+			// -------------------------------
 
-        if(empty($certificates)) throw new \RuntimeException('No certificates generated');
+			$uri = "http://${domain}/.well-known/acme-challenge/${challenge['token']}";
 
-        $fullchain = implode("\n", $certificates);
-        $crt = array_shift($certificates);
-        $chain = implode("\n", $certificates);
+			$this->log("Token for $domain saved at $tokenPath and should be available at $uri");
 
-        $this->log("Done, returning new certificates and key");
-        return array('fullchain' => $fullchain, 'crt' => $crt, 'chain' => $chain, 'key' => $domainkey, 'csr' => $csr);
-    }
+			// simple self check
+			if ($payload !== trim(@file_get_contents($uri))) {
+				$errmsg = json_encode(error_get_last());
+				if ($errmsg != "null") {
+					$errmsg = "; PHP error: " . $errmsg;
+				} else {
+					$errmsg = "";
+				}
+				@unlink($tokenPath);
+				throw new \RuntimeException("Please check $uri - token not available" . $errmsg);
+			}
 
-    private function parsePemFromBody($body)
-    {
-        $pem = chunk_split(base64_encode($body), 64, "\n");
-        return "-----BEGIN CERTIFICATE-----\n" . $pem . "-----END CERTIFICATE-----\n";
-    }
+			$this->log("Sending request to challenge");
 
-    private  function postNewReg()
-    {
-        $this->log('Sending registration to letsencrypt server');
+			// send request to challenge
+			$result = $this->signedRequest($challenge['uri'],
+				array(
+					"resource" => "challenge",
+					"type" => "http-01",
+					"keyAuthorization" => $payload,
+					"token" => $challenge['token']
+				));
 
-        return $this->signedRequest(
-            '/acme/new-reg',
-            array('resource' => 'new-reg', 'agreement' => $this->license)
-        );
-    }
+			// waiting loop
+			// we wait for a maximum of 30 seconds to avoid endless loops
+			$count = 0;
+			do {
+				if (empty($result['status']) || $result['status'] == "invalid") {
+					@unlink($tokenPath);
+					throw new \RuntimeException("Verification ended with error: " . json_encode($result));
+				}
+				$ended = ! ($result['status'] === "pending");
 
-    private function generateCSR($privateKey, array $domains)
-    {
-        $domain = reset($domains);
-        $san = implode(",", array_map(function ($dns) { return "DNS:" . $dns; }, $domains));
-        $tmpConf = tmpfile();
-        $tmpConfMeta =  stream_get_meta_data($tmpConf);
-        $tmpConfPath = $tmpConfMeta["uri"];
+				if (! $ended) {
+					$this->log("Verification pending, sleeping 1s");
+					sleep(1);
+					$count ++;
+				}
 
-        // workaround to get SAN working
-        fwrite($tmpConf,
-'HOME = .
+				$result = $this->client->get($location);
+			} while (! $ended && $count < 30);
+
+			$this->log("Verification ended with status: ${result['status']}");
+			@unlink($tokenPath);
+		}
+
+		// requesting certificate
+		// ----------------------
+
+		// generate private key for domain if not exist
+		if (empty($domainkey) || Settings::Get('system.letsencryptreuseold') == 0) {
+			$keys = $this->generateKey();
+			$domainkey = $keys['private'];
+		}
+
+		// load domain key
+		$privateDomainKey = openssl_pkey_get_private($domainkey);
+
+		$this->client->getLastLinks();
+
+		$csr = $this->generateCSR($privateDomainKey, $domains);
+
+		// request certificates creation
+		$result = $this->signedRequest("/acme/new-cert", array(
+			'resource' => 'new-cert',
+			'csr' => $csr
+		));
+		if ($this->client->getLastCode() !== 201) {
+			throw new \RuntimeException("Invalid response code: " . $this->client->getLastCode() . ", " . json_encode($result));
+		}
+		$location = $this->client->getLastLocation();
+
+		// waiting loop
+		$certificates = array();
+		while (1) {
+			$this->client->getLastLinks();
+
+			$result = $this->client->get($location);
+
+			if ($this->client->getLastCode() == 202) {
+
+				$this->log("Certificate generation pending, sleeping 1s");
+				sleep(1);
+			} else
+				if ($this->client->getLastCode() == 200) {
+
+					$this->log("Got certificate! YAY!");
+					$certificates[] = $this->parsePemFromBody($result);
+
+					foreach ($this->client->getLastLinks() as $link) {
+						$this->log("Requesting chained cert at $link");
+						$result = $this->client->get($link);
+						$certificates[] = $this->parsePemFromBody($result);
+					}
+
+					break;
+				} else {
+
+					throw new \RuntimeException("Can't get certificate: HTTP code " . $this->client->getLastCode());
+				}
+		}
+
+		if (empty($certificates))
+			throw new \RuntimeException('No certificates generated');
+
+		$fullchain = implode("\n", $certificates);
+		$crt = array_shift($certificates);
+		$chain = implode("\n", $certificates);
+
+		$this->log("Done, returning new certificates and key");
+		return array(
+			'fullchain' => $fullchain,
+			'crt' => $crt,
+			'chain' => $chain,
+			'key' => $domainkey,
+			'csr' => $csr
+		);
+	}
+
+	private function parsePemFromBody($body)
+	{
+		$pem = chunk_split(base64_encode($body), 64, "\n");
+		return "-----BEGIN CERTIFICATE-----\n" . $pem . "-----END CERTIFICATE-----\n";
+	}
+
+	private function postNewReg()
+	{
+		$this->log('Sending registration to letsencrypt server');
+
+		return $this->signedRequest('/acme/new-reg', array(
+			'resource' => 'new-reg',
+			'agreement' => $this->license
+		));
+	}
+
+	private function generateCSR($privateKey, array $domains)
+	{
+		$domain = reset($domains);
+		$san = implode(",", array_map(function ($dns) {
+			return "DNS:" . $dns;
+		}, $domains));
+		$tmpConf = tmpfile();
+		$tmpConfMeta = stream_get_meta_data($tmpConf);
+		$tmpConfPath = $tmpConfMeta["uri"];
+
+		// workaround to get SAN working
+		fwrite($tmpConf,
+			'HOME = .
 RANDFILE = $ENV::HOME/.rnd
 [ req ]
 default_bits = ' . Settings::Get('system.letsencryptkeysize') . '
@@ -306,197 +325,204 @@ req_extensions = v3_req
 countryName = Country Name (2 letter code)
 [ v3_req ]
 basicConstraints = CA:FALSE
-subjectAltName = '.$san.'
+subjectAltName = ' . $san . '
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment');
 
-        $csr = openssl_csr_new(
-            array(
-                "CN" => $domain,
-                "ST" => Settings::Get('system.letsencryptstate'),
-                "C" => Settings::Get('system.letsencryptcountrycode'),
-                "O" => "Unknown",
-            ),
-            $privateKey,
-            array(
-                "config" => $tmpConfPath,
-                "digest_alg" => "sha256"
-            )
-        );
+		$csr = openssl_csr_new(
+			array(
+				"CN" => $domain,
+				"ST" => Settings::Get('system.letsencryptstate'),
+				"C" => Settings::Get('system.letsencryptcountrycode'),
+				"O" => "Unknown"
+			), $privateKey, array(
+				"config" => $tmpConfPath,
+				"digest_alg" => "sha256"
+			));
 
-        if (!$csr) throw new \RuntimeException("CSR couldn't be generated! ".openssl_error_string());
+		if (! $csr)
+			throw new \RuntimeException("CSR couldn't be generated! " . openssl_error_string());
 
-        openssl_csr_export($csr, $csr);
-        fclose($tmpConf);
+		openssl_csr_export($csr, $csr);
+		fclose($tmpConf);
 
-        preg_match('~REQUEST-----(.*)-----END~s', $csr, $matches);
+		preg_match('~REQUEST-----(.*)-----END~s', $csr, $matches);
 
-        return trim(Base64UrlSafeEncoder::encode(base64_decode($matches[1])));
-    }
+		return trim(Base64UrlSafeEncoder::encode(base64_decode($matches[1])));
+	}
 
-    private function generateKey()
-    {
-        $res = openssl_pkey_new(array(
-            "private_key_type" => OPENSSL_KEYTYPE_RSA,
-            "private_key_bits" => (int)Settings::Get('system.letsencryptkeysize'),
-        ));
+	private function generateKey()
+	{
+		$res = openssl_pkey_new(
+			array(
+				"private_key_type" => OPENSSL_KEYTYPE_RSA,
+				"private_key_bits" => (int) Settings::Get('system.letsencryptkeysize')
+			));
 
-        if(!openssl_pkey_export($res, $privateKey)) {
-            throw new \RuntimeException("Key export failed!");
-        }
+		if (! openssl_pkey_export($res, $privateKey)) {
+			throw new \RuntimeException("Key export failed!");
+		}
 
-        $details = openssl_pkey_get_details($res);
+		$details = openssl_pkey_get_details($res);
 
-        return array('private' => $privateKey, 'public' => $details['key']);
-    }
+		return array(
+			'private' => $privateKey,
+			'public' => $details['key']
+		);
+	}
 
-    private function signedRequest($uri, array $payload)
-    {
-        $privateKey = openssl_pkey_get_private($this->accountKey);
-        $details = openssl_pkey_get_details($privateKey);
+	private function signedRequest($uri, array $payload)
+	{
+		$privateKey = openssl_pkey_get_private($this->accountKey);
+		$details = openssl_pkey_get_details($privateKey);
 
-        $header = array(
-            "alg" => "RS256",
-            "jwk" => array(
-                "kty" => "RSA",
-                "n" => Base64UrlSafeEncoder::encode($details["rsa"]["n"]),
-                "e" => Base64UrlSafeEncoder::encode($details["rsa"]["e"]),
-            )
-        );
+		$header = array(
+			"alg" => "RS256",
+			"jwk" => array(
+				"kty" => "RSA",
+				"n" => Base64UrlSafeEncoder::encode($details["rsa"]["n"]),
+				"e" => Base64UrlSafeEncoder::encode($details["rsa"]["e"])
+			)
+		);
 
-        $protected = $header;
-        $protected["nonce"] = $this->client->getLastNonce();
+		$protected = $header;
+		$protected["nonce"] = $this->client->getLastNonce();
 
+		$payload64 = Base64UrlSafeEncoder::encode(str_replace('\\/', '/', json_encode($payload)));
+		$protected64 = Base64UrlSafeEncoder::encode(json_encode($protected));
 
-        $payload64 = Base64UrlSafeEncoder::encode(str_replace('\\/', '/', json_encode($payload)));
-        $protected64 = Base64UrlSafeEncoder::encode(json_encode($protected));
+		openssl_sign($protected64 . '.' . $payload64, $signed, $privateKey, "SHA256");
 
-        openssl_sign($protected64.'.'.$payload64, $signed, $privateKey, "SHA256");
+		$signed64 = Base64UrlSafeEncoder::encode($signed);
 
-        $signed64 = Base64UrlSafeEncoder::encode($signed);
+		$data = array(
+			'header' => $header,
+			'protected' => $protected64,
+			'payload' => $payload64,
+			'signature' => $signed64
+		);
 
-        $data = array(
-            'header' => $header,
-            'protected' => $protected64,
-            'payload' => $payload64,
-            'signature' => $signed64
-        );
+		$this->log("Sending signed request to $uri");
 
-        $this->log("Sending signed request to $uri");
+		return $this->client->post($uri, json_encode($data));
+	}
 
-        return $this->client->post($uri, json_encode($data));
-    }
-
-    protected function log($message)
-    {
-        $this->logger->logAction(CRON_ACTION, LOG_INFO, "letsencrypt " . $message);
-    }
+	protected function log($message)
+	{
+		$this->logger->logAction(CRON_ACTION, LOG_INFO, "letsencrypt " . $message);
+	}
 }
 
 class Client
 {
-    private $lastCode;
-    private $lastHeader;
 
-    private $base;
+	private $lastCode;
 
-    public function __construct($base)
-    {
-        $this->base = $base;
-    }
+	private $lastHeader;
 
-    private function curl($method, $url, $data = null)
-    {
-        $headers = array('Accept: application/json', 'Content-Type: application/json');
-        $handle = curl_init();
-        curl_setopt($handle, CURLOPT_URL, preg_match('~^http~', $url) ? $url : $this->base.$url);
-        curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
-        curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
-        curl_setopt($handle, CURLOPT_HEADER, true);
+	private $base;
 
-        // DO NOT DO THAT!
-        // curl_setopt($handle, CURLOPT_SSL_VERIFYHOST, false);
-        // curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, false);
+	public function __construct($base)
+	{
+		$this->base = $base;
+	}
 
-        switch ($method) {
-            case 'GET':
-                break;
-            case 'POST':
-                curl_setopt($handle, CURLOPT_POST, true);
-                curl_setopt($handle, CURLOPT_POSTFIELDS, $data);
-                break;
-        }
-        $response = curl_exec($handle);
+	private function curl($method, $url, $data = null)
+	{
+		$headers = array(
+			'Accept: application/json',
+			'Content-Type: application/json'
+		);
+		$handle = curl_init();
+		curl_setopt($handle, CURLOPT_URL, preg_match('~^http~', $url) ? $url : $this->base . $url);
+		curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
+		curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($handle, CURLOPT_HEADER, true);
 
-        if(curl_errno($handle)) {
-            throw new \RuntimeException('Curl: '.curl_error($handle));
-        }
+		// DO NOT DO THAT!
+		// curl_setopt($handle, CURLOPT_SSL_VERIFYHOST, false);
+		// curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, false);
 
-        $header_size = curl_getinfo($handle, CURLINFO_HEADER_SIZE);
+		switch ($method) {
+			case 'GET':
+				break;
+			case 'POST':
+				curl_setopt($handle, CURLOPT_POST, true);
+				curl_setopt($handle, CURLOPT_POSTFIELDS, $data);
+				break;
+		}
+		$response = curl_exec($handle);
 
-        $header = substr($response, 0, $header_size);
-        $body = substr($response, $header_size);
+		if (curl_errno($handle)) {
+			throw new \RuntimeException('Curl: ' . curl_error($handle));
+		}
 
-        $this->lastHeader = $header;
-        $this->lastCode = curl_getinfo($handle, CURLINFO_HTTP_CODE);
+		$header_size = curl_getinfo($handle, CURLINFO_HEADER_SIZE);
 
-        $data = json_decode($body, true);
-        return $data === null ? $body : $data;
-    }
+		$header = substr($response, 0, $header_size);
+		$body = substr($response, $header_size);
 
-    public function post($url, $data)
-    {
-        return $this->curl('POST', $url, $data);
-    }
+		$this->lastHeader = $header;
+		$this->lastCode = curl_getinfo($handle, CURLINFO_HTTP_CODE);
 
-    public function get($url)
-    {
-        return $this->curl('GET', $url);
-    }
+		$data = json_decode($body, true);
+		return $data === null ? $body : $data;
+	}
 
-    public function getLastNonce()
-    {
-        if(preg_match('~Replay\-Nonce: (.+)~i', $this->lastHeader, $matches)) {
-            return trim($matches[1]);
-        }
+	public function post($url, $data)
+	{
+		return $this->curl('POST', $url, $data);
+	}
 
-        $this->curl('GET', '/directory');
-        return $this->getLastNonce();
-    }
+	public function get($url)
+	{
+		return $this->curl('GET', $url);
+	}
 
-    public function getLastLocation()
-    {
-        if(preg_match('~Location: (.+)~i', $this->lastHeader, $matches)) {
-            return trim($matches[1]);
-        }
-        return null;
-    }
+	public function getLastNonce()
+	{
+		if (preg_match('~Replay\-Nonce: (.+)~i', $this->lastHeader, $matches)) {
+			return trim($matches[1]);
+		}
 
-    public function getLastCode()
-    {
-        return $this->lastCode;
-    }
+		$this->curl('GET', '/directory');
+		return $this->getLastNonce();
+	}
 
-    public function getLastLinks()
-    {
-        preg_match_all('~Link: <(.+)>;rel="up"~', $this->lastHeader, $matches);
-        return $matches[1];
-    }
+	public function getLastLocation()
+	{
+		if (preg_match('~Location: (.+)~i', $this->lastHeader, $matches)) {
+			return trim($matches[1]);
+		}
+		return null;
+	}
+
+	public function getLastCode()
+	{
+		return $this->lastCode;
+	}
+
+	public function getLastLinks()
+	{
+		preg_match_all('~Link: <(.+)>;rel="up"~', $this->lastHeader, $matches);
+		return $matches[1];
+	}
 }
 
 class Base64UrlSafeEncoder
 {
-    public static function encode($input)
-    {
-        return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
-    }
 
-    public static function decode($input)
-    {
-        $remainder = strlen($input) % 4;
-        if ($remainder) {
-            $padlen = 4 - $remainder;
-            $input .= str_repeat('=', $padlen);
-        }
-        return base64_decode(strtr($input, '-_', '+/'));
-    }
+	public static function encode($input)
+	{
+		return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
+	}
+
+	public static function decode($input)
+	{
+		$remainder = strlen($input) % 4;
+		if ($remainder) {
+			$padlen = 4 - $remainder;
+			$input .= str_repeat('=', $padlen);
+		}
+		return base64_decode(strtr($input, '-_', '+/'));
+	}
 }

lib/configfiles/jessie.xml

@@ -40,14 +40,14 @@
 							</visibility>
 							<content><![CDATA[mkdir -p {{settings.system.deactivateddocroot}}]]></content>
 						</command>
-						<command><![CDATA[a2dismod userdir]]></command>
-						<command><![CDATA[a2enmod headers]]></command>
 					</commands>
 				</general>
 				<!-- HTTP Apache -->
 				<daemon name="apache" version="2.4" title="Apache 2.4" default="true">
 					<install><![CDATA[apt-get install apache2]]></install>
 					<include>//service[@type='http']/general/commands</include>
+					<command><![CDATA[a2dismod userdir]]></command>
+					<command><![CDATA[a2enmod headers]]></command>
 					<command>
 						<visibility mode="true">{{settings.phpfpm.enabled}}
 						</visibility>
@@ -4022,7 +4022,7 @@ aliases:     files
 					<command><![CDATA[/etc/init.d/nscd restart]]></command>
 					<!-- clear group chache -->
 					<command><![CDATA[nscd --invalidate=group]]></command>
-					<file /><!-- separate the following mkdir command from the previous nscd -->
+					<!-- @TODO separate the following mkdir command from the previous nscd -->
 					<command>
 						<visibility mode="notisdir">/etc/insserv/overrides</visibility>
 						<content><![CDATA[mkdir -p /etc/insserv/overrides]]></content>

lib/configfiles/precise.xml

@@ -40,8 +40,6 @@
 							</visibility>
 							<content><![CDATA[mkdir -p {{settings.system.deactivateddocroot}}]]></content>
 						</command>
-						<command><![CDATA[a2dismod userdir]]></command>
-						<command><![CDATA[a2enmod headers]]></command>
 					</commands>
 				</general>
 				<!-- HTTP Apache -->
@@ -49,6 +47,8 @@
 					default="true">
 					<install><![CDATA[apt-get install apache2]]></install>
 					<include>//service[@type='http']/general/commands</include>
+					<command><![CDATA[a2dismod userdir]]></command>
+					<command><![CDATA[a2enmod headers]]></command>
 					<file name="/etc/apache2/mods-enabled/fastcgi.conf">
 						<visibility mode="true">{{settings.phpfpm.enabled}}
 						</visibility>

lib/configfiles/rhel_centos.xml

@@ -40,8 +40,6 @@
 							</visibility>
 							<content><![CDATA[mkdir -p {{settings.system.deactivateddocroot}}]]></content>
 						</command>
-						<command><![CDATA[a2dismod userdir]]></command>
-						<command><![CDATA[a2enmod headers]]></command>
 					</commands>
 				</general>
 				<!-- HTTP Apache -->

lib/configfiles/trusty.xml

@@ -40,8 +40,6 @@
 							</visibility>
 							<content><![CDATA[mkdir -p {{settings.system.deactivateddocroot}}]]></content>
 						</command>
-						<command><![CDATA[a2dismod userdir]]></command>
-						<command><![CDATA[a2enmod headers]]></command>
 					</commands>
 				</general>
 				<!-- HTTP Apache -->
@@ -49,6 +47,8 @@
 					default="true">
 					<install><![CDATA[apt-get install apache2]]></install>
 					<include>//service[@type='http']/general/commands</include>
+					<command><![CDATA[a2dismod userdir]]></command>
+					<command><![CDATA[a2enmod headers]]></command>
 					<file name="/etc/apache2/mods-enabled/fastcgi.conf">
 						<visibility mode="true">{{settings.phpfpm.enabled}}
 						</visibility>
@@ -83,6 +83,8 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 				<daemon name="apache" version="2.4" title="Apache 2.4">
 					<install><![CDATA[apt-get install apache2]]></install>
 					<include>//service[@type='http']/general/commands</include>
+					<command><![CDATA[a2dismod userdir]]></command>
+					<command><![CDATA[a2enmod headers]]></command>
 					<file name="/etc/apache2/mods-enabled/fastcgi.conf">
 						<visibility mode="true">{{settings.phpfpm.enabled}}
 						</visibility>
@@ -1363,8 +1365,8 @@ TLSLog                                  /var/log/proftpd/tls.log
 TLSProtocol                             TLSv1 TLSv1.1 TLSv1.2
 TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
 TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key
-TLSECCertificateFile                    /etc/ssl/certs/proftpd_ec.crt
-TLSECCertificateKeyFile                 /etc/ssl/private/proftpd_ec.key
+#TLSECCertificateFile                    /etc/ssl/certs/proftpd_ec.crt
+#TLSECCertificateKeyFile                 /etc/ssl/private/proftpd_ec.key
 TLSOptions                              NoCertRequest NoSessionReuseRequired
 TLSVerifyClient                         off
 

lib/configfiles/wheezy.xml

@@ -40,8 +40,6 @@
 							</visibility>
 							<content><![CDATA[mkdir -p {{settings.system.deactivateddocroot}}]]></content>
 						</command>
-						<command><![CDATA[a2dismod userdir]]></command>
-						<command><![CDATA[a2enmod headers]]></command>
 					</commands>
 				</general>
 				<!-- HTTP Apache -->
@@ -49,6 +47,8 @@
 					default="true">
 					<install><![CDATA[apt-get install apache2]]></install>
 					<include>//service[@type='http']/general/commands</include>
+					<command><![CDATA[a2dismod userdir]]></command>
+					<command><![CDATA[a2enmod headers]]></command>
 					<file name="/etc/apache2/mods-enabled/fastcgi.conf">
 						<visibility mode="true">{{settings.phpfpm.enabled}}
 						</visibility>
@@ -83,6 +83,8 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 				<daemon name="apache" version="2.4" title="Apache 2.4">
 					<install><![CDATA[apt-get install apache2]]></install>
 					<include>//service[@type='http']/general/commands</include>
+					<command><![CDATA[a2dismod userdir]]></command>
+					<command><![CDATA[a2enmod headers]]></command>
 					<file name="/etc/apache2/mods-enabled/fastcgi.conf">
 						<visibility mode="true">{{settings.phpfpm.enabled}}
 						</visibility>

lib/cron_init.php

@@ -129,7 +129,7 @@ while ($fName = readdir($lockDirHandle)) {
 			//
 			fwrite($debugHandler, 'Previous cronjob didn\'t exit clean. PID: ' . $check_pid . "\n");
 			fwrite($debugHandler, 'Removing lockfile: ' . $lockdir . $fName . "\n");
-			unlink($lockdir . $fName);
+			@unlink($lockdir . $fName);
 
 		} else {
 			// Result:      A Cronscript with this pid

lib/formfields/admin/domains/formfield.domains_add.php

@@ -207,7 +207,7 @@ return array(
 					),
 					'zonefile' => array(
 						'label' => 'Zonefile',
-						'desc' => $lng['panel']['emptyfordefault'],
+						'desc' => $lng['admin']['bindzonewarning'],
 						'type' => 'text'
 					)
 				)

lib/formfields/admin/domains/formfield.domains_edit.php

@@ -84,7 +84,7 @@ return array(
 						'value' => $result['registration_date'],
 						'size' => 10
 					),
-                                        'termination_date' => array(
+					'termination_date' => array(
 						'label' => $lng['domains']['termination_date'],
 						'desc' => $lng['panel']['dateformat'],
 						'type' => 'text',
@@ -232,7 +232,7 @@ return array(
 					),
 					'zonefile' => array(
 						'label' => 'Zonefile',
-						'desc' => $lng['panel']['emptyfordefault'],
+						'desc' => $lng['admin']['bindzonewarning'],
 						'type' => 'text',
 						'value' => $result['zonefile']
 					)

lib/formfields/customer/extras/formfield.backup.php

@@ -0,0 +1,75 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Formfields
+ *
+ */
+return array(
+	'backup' => array(
+		'title' => $lng['extras']['backup'],
+		'image' => 'icons/backup_big.png',
+		'sections' => array(
+			'section_a' => array(
+				'title' => $lng['extras']['backup'],
+				'image' => 'icons/backup_big.png',
+				'fields' => array(
+					'path' => array(
+						'label' => $lng['panel']['path'],
+						'desc' => (Settings::Get('panel.pathedit') != 'Dropdown' ? $lng['panel']['pathDescription'] : null).(isset($pathSelect['note']) ? '<br />'.$pathSelect['value'] : ''),
+						'type' => $pathSelect['type'],
+						'select_var' => $pathSelect['value'],
+						'value' => $pathSelect['value']
+					),
+					'path_protection_info' => array(
+						'label' => $lng['extras']['path_protection_label'],
+						'type' => 'label',
+						'value' => $lng['extras']['path_protection_info']
+					),
+					'backup_web' => array(
+						'label' => $lng['extras']['backup_web'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array('1')
+					),
+					'backup_mail' => array(
+						'label' => $lng['extras']['backup_mail'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array('1')
+					),
+					'backup_dbs' => array(
+						'label' => $lng['extras']['backup_dbs'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array('1')
+					)
+				)
+			)
+		)
+	)
+);

lib/functions/filedir/function.createCustomerBackup.php

@@ -0,0 +1,123 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Functions
+ *
+ */
+
+/**
+ * depending on the give choice, the customers web-data, email-data and databases are being backup'ed
+ *
+ * @param array $data
+ *
+ * @return void
+ *
+ */
+function createCustomerBackup($data = null, $customerdocroot = null, &$cronlog)
+{
+	$cronlog->logAction(CRON_ACTION, LOG_INFO, 'Creating Backup for user "'.$data['loginname'].'"');
+
+	// create tmp folder
+	$tmpdir = makeCorrectDir($data['destdir'] . '/.tmp/');
+	$cronlog->logAction(CRON_ACTION, LOG_DEBUG, 'Creating tmp-folder "'.$tmpdir.'"');
+	$cronlog->logAction(CRON_ACTION, LOG_DEBUG, 'shell> mkdir -p ' . escapeshellarg($tmpdir));
+	safe_exec('mkdir -p ' . escapeshellarg($tmpdir));
+	$create_backup_tar_data = "";
+
+	// MySQL databases
+	if ($data['backup_dbs'] == 1) {
+
+		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, 'Creating mysql-folder "'.makeCorrectDir($tmpdir . '/mysql').'"');
+		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, 'shell> mkdir -p ' . escapeshellarg(makeCorrectDir($tmpdir . '/mysql')));
+		safe_exec('mkdir -p ' . escapeshellarg(makeCorrectDir($tmpdir . '/mysql')));
+
+		// get all customer database-names
+		$sel_stmt = Database::prepare("SELECT `databasename` FROM `" . TABLE_PANEL_DATABASES . "` WHERE `customerid` = :cid");
+		Database::pexecute($sel_stmt, array(
+			'cid' => $data['customerid']
+		));
+
+		Database::needRoot(true);
+		Database::needSqlData();
+		$sql_root = Database::getSqlData();
+		Database::needRoot(false);
+
+		$has_dbs = false;
+		while ($row = $sel_stmt->fetch()) {
+			$cronlog->logAction(CRON_ACTION, LOG_DEBUG, 'shell> mysqldump -u ' . escapeshellarg($sql_root['user']) . ' -pXXXXX ' . $row['databasename'] . ' > ' . makeCorrectFile($tmpdir . '/mysql/' . $row['databasename'] . '_' . date('YmdHi', time()) . '.sql'));
+			$bool_false = false;
+			safe_exec('mysqldump -u ' . escapeshellarg($sql_root['user']) . ' -p' . $sql_root['passwd'] . ' ' . $row['databasename'] . ' > ' . makeCorrectFile($tmpdir . '/mysql/' . $row['databasename'] . '_' . date('YmdHi', time()) . '.sql'), $bool_false, array('>'));
+			$has_dbs = true;
+		}
+
+		if ($has_dbs) {
+			$create_backup_tar_data .= './mysql ';
+		}
+
+		unset($sql_root);
+	}
+
+	// E-mail data
+	if ($data['backup_mail'] == 1) {
+
+		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, 'Creating mail-folder "'.makeCorrectDir($tmpdir . '/mail').'"');
+		safe_exec('mkdir -p ' . escapeshellarg(makeCorrectDir($tmpdir . '/mail')));
+
+		// get all customer mail-accounts
+		$sel_stmt = Database::prepare("SELECT `homedir`, `maildir` FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid` = :cid");
+		Database::pexecute($sel_stmt, array(
+			'cid' => $data['customerid']
+		));
+
+		$tar_file_list = "";
+		$mail_homedir = "";
+		while ($row = $sel_stmt->fetch()) {
+			$tar_file_list .= escapeshellarg("./".$row['maildir']) . " ";
+			$mail_homedir = $row['homedir'];
+		}
+
+		if (! empty($tar_file_list)) {
+			$cronlog->logAction(CRON_ACTION, LOG_DEBUG, 'shell> tar cfvz ' . escapeshellarg(makeCorrectFile($tmpdir . '/mail/' . $data['loginname'] . '-mail.tar.gz')) . ' -C '.escapeshellarg($mail_homedir) . ' ' . trim($tar_file_list));
+			safe_exec('tar cfz ' . escapeshellarg(makeCorrectFile($tmpdir . '/mail/' . $data['loginname'] . '-mail.tar.gz')) . ' -C '.escapeshellarg($mail_homedir) . ' ' . trim($tar_file_list));
+			$create_backup_tar_data .= './mail ';
+		}
+	}
+
+	// Web data
+	if ($data['backup_web'] == 1) {
+
+		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, 'Creating web-folder "'.makeCorrectDir($tmpdir . '/web').'"');
+		safe_exec('mkdir -p ' . escapeshellarg(makeCorrectDir($tmpdir . '/web')));
+		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, 'shell> tar cfz ' . escapeshellarg(makeCorrectFile($tmpdir . '/web/' . $data['loginname'] . '-web.tar.gz')) . ' --exclude=' . escapeshellarg(str_replace($customerdocroot, "./", makeCorrectFile($tmpdir.'/*'))) .' --exclude=' . escapeshellarg(str_replace($customerdocroot, "./", substr(makeCorrectDir($tmpdir), 0, -1))) .' -C '.escapeshellarg($customerdocroot). ' .');
+		safe_exec('tar cfz ' . escapeshellarg(makeCorrectFile($tmpdir . '/web/' . $data['loginname'] . '-web.tar.gz')) . ' --exclude=' . escapeshellarg(str_replace($customerdocroot, "./", makeCorrectFile($tmpdir.'/*'))) .' --exclude=' . escapeshellarg(str_replace($customerdocroot, "./", substr(makeCorrectFile($tmpdir), 0, -1))) .' -C '.escapeshellarg($customerdocroot).' .');
+		$create_backup_tar_data .= './web ';
+	}
+
+	if (!empty($create_backup_tar_data))
+	{
+		$backup_file = makeCorrectFile($tmpdir . '/' . $data['loginname'] . '-backup_' . date('YmdHi', time()) . '.tar.gz');
+		$cronlog->logAction(CRON_ACTION, LOG_INFO, 'Creating backup-file "'.$backup_file.'"');
+		// pack all archives in tmp-dir to one
+		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, 'shell> tar cfz ' . escapeshellarg($backup_file) . ' -C '.escapeshellarg($tmpdir).' '.trim($create_backup_tar_data));
+		safe_exec('tar cfz ' . escapeshellarg($backup_file) . ' -C '.escapeshellarg($tmpdir).' '.trim($create_backup_tar_data));
+		// move to destination directory
+		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, 'shell> mv ' . escapeshellarg($backup_file) . ' ' . escapeshellarg($data['destdir']));
+		safe_exec('mv ' . escapeshellarg($backup_file) . ' ' . escapeshellarg($data['destdir']));
+		// remove tmp-files
+		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, 'shell> rm -rf '.escapeshellarg($tmpdir));
+		safe_exec('rm -rf '.escapeshellarg($tmpdir));
+		// set owner to customer
+		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, 'shell> chown -R ' . (int)$data['uid'] . ':' . (int)$data['gid'] . ' ' . escapeshellarg($data['destdir']));
+		safe_exec('chown -R ' . (int)$data['uid'] . ':' . (int)$data['gid'] . ' ' . escapeshellarg($data['destdir']));
+	}
+}

lib/functions/froxlor/function.CronjobFunctions.php

@@ -108,6 +108,15 @@ function getOutstandingTasks() {
 		elseif ($row['type'] == '10') {
 			$task_desc = $lng['tasks']['diskspace_set_quota'];
 		}
+		// deleting user-files
+		elseif ($row['type'] == '20') {
+			$loginname = '';
+			if (is_array($row['data'])) {
+				$loginname = $row['data']['loginname'];
+			}
+			$task_desc = $lng['tasks']['backup_customerfiles'];
+			$task_desc = str_replace('%loginname%', $loginname, $task_desc);
+		}
 		// re-generating of cron.d-file
 		elseif ($row['type'] == '99') {
 			$task_desc = $lng['tasks']['regenerating_crond'];

lib/functions/froxlor/function.inserttask.php

@@ -101,5 +101,10 @@ function inserttask($type, $param1 = '', $param2 = '', $param3 = '', $param4 = '
 		$data = serialize($data);
 		Database::pexecute($ins_stmt, array('type' => '8', 'data' => $data));
 
+	} elseif ($type == '20'
+		&& is_array($param1)
+	) {
+		$data = serialize($param1);
+		Database::pexecute($ins_stmt, array('type' => '20', 'data' => $data));
 	}
 }

lib/functions/froxlor/function.triggerLetsEncryptCSRForAliasDestinationDomain.php

@@ -0,0 +1,34 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Daniel Reichelt <hacking@nachtgeist.net> (2016-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Functions
+ *
+ */
+
+function triggerLetsEncryptCSRForAliasDestinationDomain($aliasDestinationDomainID, $log)
+{
+	if (isset($aliasDestinationDomainID) && $aliasDestinationDomainID > 0) {
+		$log->logAction(ADM_ACTION, LOG_INFO, "LetsEncrypt CSR triggered for domain ID " . $aliasDestinationDomainID);
+		$upd_stmt = Database::prepare(
+			"UPDATE
+					`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
+				SET
+					`expirationdate` = null
+				WHERE
+					domainid = :domainid
+			");
+		Database::pexecute($upd_stmt, array(
+			'domainid' => $aliasDestinationDomainID
+		));
+	}
+}

lib/navigation/00.froxlor.main.php

@@ -124,11 +124,16 @@ return array (
 					'url' => 'customer_extras.php?page=htaccess',
 					'label' => $lng['menue']['extras']['pathoptions'],
 				),
-			    array (
-			        'url' => 'customer_logger.php?page=log',
-			        'label' => $lng['menue']['logger']['logger'],
-			        'show_element' => ( Settings::Get('logger.enabled') == true )
-			    ),
+				array (
+					'url' => 'customer_logger.php?page=log',
+					'label' => $lng['menue']['logger']['logger'],
+					'show_element' => ( Settings::Get('logger.enabled') == true )
+				),
+				array (
+					'url' => 'customer_extras.php?page=backup',
+					'label' => $lng['menue']['extras']['backup'],
+					'show_element' => ( Settings::Get('system.backupenabled') == true ),
+				),
 			),
 		),
 		'traffic' => array (

lib/version.inc.php

@@ -16,10 +16,10 @@
  */
 
 // Main version variable
-$version = '0.9.35.1';
+$version = '0.9.36';
 
 // Database version (YYYYMMDDC where C is a daily counter)
-$dbversion = '201603150';
+$dbversion = '201604270';
 
 // Distribution branding-tag (used for Debian etc.)
 $branding = '';

lng/dutch.lng.php

@@ -310,8 +310,6 @@ $lng['serversettings']['bindconf_directory']['title'] = 'Bind configuratie map';
 $lng['serversettings']['bindconf_directory']['description'] = 'Waar staan de bind configuratie bestanden?';
 $lng['serversettings']['bindreload_command']['title'] = 'Bind reload commando';
 $lng['serversettings']['bindreload_command']['description'] = 'Wat is het command om bind te herladen?';
-$lng['serversettings']['binddefaultzone']['title'] = 'Bind default zone';
-$lng['serversettings']['binddefaultzone']['description'] = 'Wat is de naam van de default zone?';
 $lng['serversettings']['vmail_uid']['title'] = 'Mails-Uid';
 $lng['serversettings']['vmail_uid']['description'] = 'Welk UserID moeten de e-mails hebben?';
 $lng['serversettings']['vmail_gid']['title'] = 'Mails-Gid';

lng/english.lng.php

@@ -318,6 +318,7 @@ $lng['admin']['templates']['USERNAME'] = 'Replaced with the customers account us
 $lng['admin']['templates']['PASSWORD'] = 'Replaced with the customers account password.';
 $lng['admin']['templates']['EMAIL'] = 'Replaced with the address of the POP3/IMAP account.';
 $lng['admin']['webserver'] = 'Webserver';
+$lng['admin']['bindzonewarning'] = $lng['panel']['emptyfordefault'] . '<br /><strong class="red">ATTENTION:</strong> If you use a zonefile you will have to manage all required records for all sub-zones manually as well.';
 
 /**
  * Serversettings
@@ -347,8 +348,6 @@ $lng['serversettings']['bindconf_directory']['title'] = 'Bind config directory';
 $lng['serversettings']['bindconf_directory']['description'] = 'Where should bind configfiles be saved?';
 $lng['serversettings']['bindreload_command']['title'] = 'Bind reload command';
 $lng['serversettings']['bindreload_command']['description'] = 'What\'s the bind command to reload bind configfiles?';
-$lng['serversettings']['binddefaultzone']['title'] = 'Bind default zone';
-$lng['serversettings']['binddefaultzone']['description'] = 'What\'s the name of the default zone?';
 $lng['serversettings']['vmail_uid']['title'] = 'Mails-UID';
 $lng['serversettings']['vmail_uid']['description'] = 'Which UserID should mails have?';
 $lng['serversettings']['vmail_gid']['title'] = 'Mails-GID';
@@ -1937,7 +1936,6 @@ $lng['customer']['letsencrypt']['title'] = 'Use Let\'s Encrypt';
 $lng['customer']['letsencrypt']['description'] = 'Get a free certificate from <a href="https://letsencrypt.org">Let\'s Encrypt</a>. The certificate will be created and renewed automatically.<br><strong class="red">ATTENTION:</strong> This feature is still in beta.';
 $lng['error']['sslredirectonlypossiblewithsslipport'] = 'Using Let\'s Encrypt is only possible when the domain has at least one ssl-enabled IP/port combination assigned.';
 $lng['error']['nowildcardwithletsencrypt'] = 'Let\'s Encrypt cannot (yet) handle wildcard-domains. Please set the ServerAlias to WWW or disable it completely';
-$lng['error']['letsencryptdoesnotworkwithaliasdomains'] = "Usage of Let's Encrypt is not possible for aliasdomains at the moment. Please disable Let's Encrypt or AliasDomain";
 $lng['panel']['letsencrypt'] = 'Using Let\'s encrypt';
 $lng['crondesc']['cron_letsencrypt'] = 'updating Let\'s Encrypt certificates';
 $lng['serversettings']['letsencryptca']['title'] = "Let's Encrypt environment";
@@ -1950,8 +1948,8 @@ $lng['serversettings']['letsencryptchallengepath']['title'] = "Path for Let's En
 $lng['serversettings']['letsencryptchallengepath']['description'] = "Directory where the Let's Encrypt challenges should be offered from via a global alias.<br><strong class=\"red\">ATTENTION:</strong> Let's Encrypt is still in beta</strong>";
 $lng['serversettings']['letsencryptkeysize']['title'] = "Key size for new Let's Encrypt certificates";
 $lng['serversettings']['letsencryptkeysize']['description'] = "Size of the key in Bits for new Let's Encrypt certificates.<br><strong class=\"red\">ATTENTION:</strong> Let's Encrypt is still in beta</strong>";
-$lng['serversettings']['letsencryptreuseold']['title'] = "Re-use Let's Encrypt key / CSR";
-$lng['serversettings']['letsencryptreuseold']['description'] = "If activated, the same key and CSR will be used for every renew, otherwise a new key / CSR will be generated every time.<br><strong class=\"red\">ATTENTION:</strong> Let's Encrypt is still in beta</strong>";
+$lng['serversettings']['letsencryptreuseold']['title'] = "Re-use Let's Encrypt key";
+$lng['serversettings']['letsencryptreuseold']['description'] = "If activated, the same key will be used for every renew, otherwise a new key will be generated every time.<br><strong class=\"red\">ATTENTION:</strong> Let's Encrypt is still in beta</strong>";
 $lng['serversettings']['leenabled']['title'] = "Enable Let's Encrypt";
 $lng['serversettings']['leenabled']['description'] = "If activated, customers are able to let froxlor automatically generate and renew Let's Encrypt ssl-certificates for domains with a ssl IP/port.<br /><br />Please remember that you need to go through the webserver-configuration when eabled because this feature needs a special configuration.";
 $lng['domains']['ssl_redirect_temporarilydisabled'] = "<br>The SSL redirect is temporarily deactivated while a new Let's Encrypt certificate is generated. It will be activated again after the certificate was generated.";
@@ -1975,3 +1973,20 @@ $lng['domains']['termination_date_overview'] = 'canceled until ';
 $lng['panel']['set'] = 'Apply';
 $lng['customer']['selectserveralias_addinfo'] = 'This option can be set when editing the domain. Its initial value is inherited from the parent-domain.';
 $lng['error']['mailaccistobedeleted'] = "Another account with the same name (%s) is currently being deleted and can therefore not be added at this moment.";
+
+$lng['menue']['extras']['backup'] = 'Backup';
+$lng['extras']['backup'] = 'Create backup';
+$lng['extras']['backup_web'] = 'Backup web-data';
+$lng['extras']['backup_mail'] = 'Backup mail-data';
+$lng['extras']['backup_dbs'] = 'Backup databases';
+$lng['error']['customerhasongoingbackupjob'] = 'There is already a backup job waiting to be processed, please be patient.';
+$lng['success']['backupscheduled'] = 'Your backup job has been scheduled. Please wait for it to be processed';
+$lng['crondesc']['cron_backup'] = 'Process backup jobs';
+$lng['error']['backupfunctionnotenabled'] = 'The backup function is not enabled';
+$lng['serversettings']['backupenabled']['title'] = "Enable backup for customers";
+$lng['serversettings']['backupenabled']['description'] = "If activated, the customer will be able to schedule backup jobs (cron-backup) which generates an archive within his docroot (subdirectory chosable by customer)";
+$lng['extras']['path_protection_label'] = '<strong class="red">Important</strong>';
+$lng['extras']['path_protection_info'] = '<strong class="red">We strongly recommend protecting the given path, see "Extras" -> "Directory protection"</strong>';
+$lng['tasks']['backup_customerfiles'] = 'Backup job for customer %loginname%';
+
+$lng['error']['domain_nopunycode'] = 'You must not specify punycode (IDNA). The domain will automatically be converted';

lng/french.lng.php

@@ -344,8 +344,6 @@ $lng['serversettings']['bindconf_directory']['title'] = 'Emplacement du dossier
 $lng['serversettings']['bindconf_directory']['description'] = 'Oû doit être stocké la configuration de Bind / Named ?';
 $lng['serversettings']['bindreload_command']['title'] = 'Commande de rechargement de Bind / Named';
 $lng['serversettings']['bindreload_command']['description'] = 'Quelle est la commande pour recharger / redémarrer Bind / Named ?';
-$lng['serversettings']['binddefaultzone']['title'] = 'Nom du fichier de zone par défaut Bind / Named';
-$lng['serversettings']['binddefaultzone']['description'] = 'Quel est le nom du fichier de zone par défaut pour Bind / Named ?';
 $lng['serversettings']['vmail_uid']['title'] = 'UID des e-mails';
 $lng['serversettings']['vmail_uid']['description'] = 'Quel UID doivent avoir les e-mails ?';
 $lng['serversettings']['vmail_gid']['title'] = 'GID des e-mails';

lng/german.lng.php

@@ -315,6 +315,7 @@ $lng['admin']['templates']['COMPANY'] = 'Wird mit dem Firmennamen des Kunden ers
 $lng['admin']['templates']['USERNAME'] = 'Wird mit dem Benutzernamen des neuen Kundenkontos ersetzt.';
 $lng['admin']['templates']['PASSWORD'] = 'Wird mit dem Passwort des neuen Kundenkontos ersetzt.';
 $lng['admin']['templates']['EMAIL'] = 'Wird mit der Adresse des neuen E-Mail-Kontos ersetzt.';
+$lng['admin']['bindzonewarning'] = $lng['panel']['emptyfordefault'] . '<br /><strong class="red">WARNUNG:</strong> Bei der Verwendung einer Zonendatei müssen alle benötigten Records aller Subdomains ebenfalls manuell verwaltet werden.';
 
 /**
  * Serversettings
@@ -344,8 +345,6 @@ $lng['serversettings']['bindconf_directory']['title'] = 'Bind-Config-Directory';
 $lng['serversettings']['bindconf_directory']['description'] = 'Wo liegen die Bind-Konfigurationsdateien?';
 $lng['serversettings']['bindreload_command']['title'] = 'Bind-Reload-Command';
 $lng['serversettings']['bindreload_command']['description'] = 'Wie heißt das Skript zum Neuladen der Bind-Konfigurationsdateien?';
-$lng['serversettings']['binddefaultzone']['title'] = 'Bind-Default-Zone';
-$lng['serversettings']['binddefaultzone']['description'] = 'Wie heißt die Default-Zone für alle Domains?';
 $lng['serversettings']['vmail_uid']['title'] = 'Mail-UID';
 $lng['serversettings']['vmail_uid']['description'] = 'Welche UID sollen die E-Mails haben?';
 $lng['serversettings']['vmail_gid']['title'] = 'Mail-GID';
@@ -1591,7 +1590,6 @@ $lng['customer']['letsencrypt']['title'] = 'Benutze Let\'s Encrypt';
 $lng['customer']['letsencrypt']['description'] = 'Holt ein kostenloses Zertifikat von <a href="https://letsencrypt.org">Let\'s Encrypt</a>. Das Zertifikat wird automatisch erstellt und verlängert.<br><strong class="red">ACHTUNG:</strong> Dieses Feature befindet sich noch im Test.';
 $lng['error']['sslredirectonlypossiblewithsslipport'] = 'Die Nutzung von Let\'s Encrypt ist nur möglich, wenn die Domain mindestens eine IP/Port - Kombination mit aktiviertem SSL zugewiesen hat.';
 $lng['error']['nowildcardwithletsencrypt'] = 'Let\'s Encrypt kann (noch) nicht mit Wildcard-Domains umgehen. Bitte den ServerAlias auf WWW setzen oder deaktivieren';
-$lng['error']['letsencryptdoesnotworkwithaliasdomains'] = "Die Nutzung von Let's Encrypt ist mit AliasDomains derzeit nicht möglich. Bitte Let's Encrypt oder AliasDomain deaktivieren";
 $lng['panel']['letsencrypt'] = 'Benutzt Let\'s encrypt';
 $lng['crondesc']['cron_letsencrypt'] = 'aktualisiert Let\'s Encrypt Zertifikate';
 $lng['serversettings']['letsencryptca']['title'] = "Let's Encrypt Umgebung";
@@ -1604,8 +1602,8 @@ $lng['serversettings']['letsencryptchallengepath']['title'] = "Verzeichnis für
 $lng['serversettings']['letsencryptchallengepath']['description'] = "Let's Encrypt challenges werden aus diesem Verzeichnis über einen globalen Alias ausgeliefert.<br><strong class=\"red\">ACHTUNG:</strong> Let's Encrypt befindet sich noch im Test";
 $lng['serversettings']['letsencryptkeysize']['title'] = "Schlüsselgröße für neue Let's Encrypt Zertifikate";
 $lng['serversettings']['letsencryptkeysize']['description'] = "Größe des Schlüssels in Bit für neue Let's Encrypt Zertifikate.<br><strong class=\"red\">ACHTUNG:</strong> Let's Encrypt befindet sich noch im Test";
-$lng['serversettings']['letsencryptreuseold']['title'] = "Let's Encrypt Schlüssel / CSR wiederverwenden";
-$lng['serversettings']['letsencryptreuseold']['description'] = "Wenn dies aktiviert ist, werden der alte Schlüssel und CSR bei jeder Verlängerung verwendet, andernfalls wird ein neues Paar generiert.<br><strong class=\"red\">ACHTUNG:</strong> Let's Encrypt befindet sich noch im Test";
+$lng['serversettings']['letsencryptreuseold']['title'] = "Let's Encrypt Schlüssel wiederverwenden";
+$lng['serversettings']['letsencryptreuseold']['description'] = "Wenn dies aktiviert ist, wird der alte Schlüssel bei jeder Verlängerung verwendet, andernfalls wird ein neues Paar generiert.<br><strong class=\"red\">ACHTUNG:</strong> Let's Encrypt befindet sich noch im Test";
 $lng['serversettings']['leenabled']['title'] = "Let's Encrypt verwenden";
 $lng['serversettings']['leenabled']['description'] = "Wenn dies aktiviert ist, können Kunden durch Froxlor automatisch generierte und verlängerbare Let's Encrypt SSL-Zertifikate für Domains mit SSL IP/port nutzen.<br /><br />Bitte die Webserver-Konfiguration beachten wenn aktiviert, da dieses Feature eine spezielle Konfiguration benötigt.";
 $lng['domains']['ssl_redirect_temporarilydisabled'] = "<br>Die SSL-Umleitung ist, während ein neues Let's Encrypt - Zertifikat erstellt wird, temporär deaktiviert. Die Umleitung wird nach der Zertifikatserstellung wieder aktiviert.";
@@ -1628,3 +1626,20 @@ $lng['domains']['termination_date_overview'] = 'gekündigt zum ';
 $lng['panel']['set'] = 'Setzen';
 $lng['customer']['selectserveralias_addinfo'] = 'Diese Option steht beim Bearbeiten der Domain zur Verfügung. Als Initial-Wert wird die Einstellung der Hauptdomain vererbt.';
 $lng['error']['mailaccistobedeleted'] = "Ein vorheriges Konto mit dem gleichen Namen (%s) wird aktuell noch gelöscht und kann daher derzeit nicht angelegt werden";
+
+$lng['menue']['extras']['backup'] = 'Sicherung';
+$lng['extras']['backup'] = 'Sicherung erstellen';
+$lng['extras']['backup_web'] = 'Web-Daten sichern';
+$lng['extras']['backup_mail'] = 'E-Mail Daten sichern';
+$lng['extras']['backup_dbs'] = 'Datenbanken sichern';
+$lng['error']['customerhasongoingbackupjob'] = 'Es gibt noch einen austehenden Backup-Job. Bitte haben Sie etwas Geduld.';
+$lng['success']['backupscheduled'] = 'Ihre Sicherung wurde erfolgreich geplant. Bitte warten Sie nun, bis diese abgearbeitet wurde.';
+$lng['crondesc']['cron_backup'] = 'Ausstehende Sicherungen erstellen';
+$lng['error']['backupfunctionnotenabled'] = 'Die Sicherungs-Funktion is nicht aktiviert';
+$lng['serversettings']['backupenabled']['title'] = "Backup für Kunden aktivieren";
+$lng['serversettings']['backupenabled']['description'] = "Wenn dies aktiviert ist, kann der Kunde Sicherungen planen (cron-backup) welche ein Archiv in sein Heimatverzeichnis ablegt (Unterordner vom Kunden wählbar)";
+$lng['extras']['path_protection_label'] = '<strong class="red">Wichtig</strong>';
+$lng['extras']['path_protection_info'] = '<strong class="red">Wir raten dringend dazu den angegebenen Pfad zu schützen, siehe "Extras" -> "Verzeichnisschutz"</strong>';
+$lng['tasks']['backup_customerfiles'] = 'Datensicherung für Kunde %loginname%';
+
+$lng['error']['domain_nopunycode'] = 'Die Eingabe von Punycode (IDNA) ist nicht notwendig. Die Domain wird automatisch konvertiert.';

lng/italian.lng.php

@@ -336,8 +336,6 @@ $lng['serversettings']['bindconf_directory']['title'] = 'Cartella configurazione
 $lng['serversettings']['bindconf_directory']['description'] = 'Dove sono i file di configurazione per Bind?';
 $lng['serversettings']['bindreload_command']['title'] = 'Comando riavvio Bind';
 $lng['serversettings']['bindreload_command']['description'] = 'Qual\'è il comando per riavviare Bind?';
-$lng['serversettings']['binddefaultzone']['title'] = 'Zona di default Bind';
-$lng['serversettings']['binddefaultzone']['description'] = 'Qual\'è il nome della zona di default Bind?';
 $lng['serversettings']['vmail_uid']['title'] = 'UID Email';
 $lng['serversettings']['vmail_uid']['description'] = 'Che UserID dovrebbe avere l\'utente che gestisce le Email?';
 $lng['serversettings']['vmail_gid']['title'] = 'GID Email';

lng/portugues.lng.php

@@ -341,8 +341,6 @@ $lng['serversettings']['bindconf_directory']['title'] = 'Diretório de configura
 $lng['serversettings']['bindconf_directory']['description'] = 'Aonde estão os arquivos de configuração do bind?';
 $lng['serversettings']['bindreload_command']['title'] = 'Comando de reiniciar o Bind';
 $lng['serversettings']['bindreload_command']['description'] = 'Qual o comando para reiniciar o bind?';
-$lng['serversettings']['binddefaultzone']['title'] = 'Bind default zone';
-$lng['serversettings']['binddefaultzone']['description'] = 'Qual o nome da default zone?';
 $lng['serversettings']['vmail_uid']['title'] = 'Mails-Uid';
 $lng['serversettings']['vmail_uid']['description'] = 'Qual UserID os e-mails devem ter?';
 $lng['serversettings']['vmail_gid']['title'] = 'Mails-Gid';

lng/swedish.lng.php

@@ -328,8 +328,6 @@ $lng['serversettings']['bindconf_directory']['title'] = 'Bind konfigurationskata
 $lng['serversettings']['bindconf_directory']['description'] = 'Vilken sökväg skall det vara till bind:s konfigurationsfiler?';
 $lng['serversettings']['bindreload_command']['title'] = 'Ange sökvägen till programmet som laddar om Bind (reload bind) konfigurationsfiler?';
 $lng['serversettings']['bindreload_command']['description'] = 'Ange sökvägen till programmet som laddar om Bind (reload bind) konfigurationsfiler?';
-$lng['serversettings']['binddefaultzone']['title'] = 'Bind standard zone';
-$lng['serversettings']['binddefaultzone']['description'] = 'Vad är namnet på standard zonen?';
 $lng['serversettings']['vmail_uid']['title'] = 'Mails-UID';
 $lng['serversettings']['vmail_uid']['description'] = 'Vilket användarID (UserID) ska E-posten ha?';
 $lng['serversettings']['vmail_gid']['title'] = 'Mails-GID';

scripts/jobs/cron_backup.php

@@ -0,0 +1,114 @@
+<?php if (!defined('MASTER_CRONJOB')) die('You cannot access this file directly!');
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <mkaufmann@nutime.de>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Cron
+ *
+ * @since      0.9.35.1
+ *
+ */
+
+// Check Traffic-Lock
+if (function_exists('pcntl_fork')) {
+	$BackupLock = makeCorrectFile(dirname($lockfile)."/froxlor_cron_backup.lock");
+	if (file_exists($BackupLock)
+		&& is_numeric($BackupPid=file_get_contents($BackupLock))
+		) {
+			if (function_exists('posix_kill')) {
+				$BackupPidStatus = @posix_kill($BackupPid,0);
+			} else {
+				system("kill -CHLD " . $BackupPid . " 1> /dev/null 2> /dev/null", $BackupPidStatus);
+				$BackupPidStatus = $BackupPidStatus ? false : true;
+			}
+			if ($BackupPidStatus) {
+				$cronlog->logAction(CRON_ACTION, LOG_INFO, 'Backup run already in progress');
+				return 1;
+			}
+		}
+		// Create Backup Log and Fork
+		// We close the database - connection before we fork, so we don't share resources with the child
+		Database::needRoot(false); // this forces the connection to be set to null
+		$BackupPid = pcntl_fork();
+		// Parent
+		if ($BackupPid) {
+			file_put_contents($BackupLock, $BackupPid);
+			// unnecessary to recreate database connection here
+			return 0;
+
+		}
+		//Child
+		elseif ($BackupPid == 0) {
+			posix_setsid();
+			fclose($debugHandler);
+			// re-create db
+			Database::needRoot(false);
+		}
+		//Fork failed
+		else {
+			return 1;
+		}
+
+} else {
+	if (extension_loaded('pcntl')) {
+		$msg = "PHP compiled with pcntl but pcntl_fork function is not available.";
+	} else {
+		$msg = "PHP compiled without pcntl.";
+	}
+	$cronlog->logAction(CRON_ACTION, LOG_WARNING, $msg." Not forking backup-cron, this may take a long time!");
+}
+
+$cronlog->logAction(CRON_ACTION, LOG_INFO, 'cron_backup: started - creating customer backup');
+
+$result_tasks_stmt = Database::query("
+	SELECT * FROM `" . TABLE_PANEL_TASKS . "` WHERE `type` = '20' ORDER BY `id` ASC
+");
+
+$del_stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_TASKS . "` WHERE `id` = :id");
+
+$all_jobs = $result_tasks_stmt->fetchAll();
+foreach ($all_jobs as $row) {
+
+	if ($row['data'] != '') {
+		$row['data'] = unserialize($row['data']);
+	}
+
+	if (is_array($row['data'])) {
+
+		if (isset($row['data']['customerid'])
+			&& isset($row['data']['loginname'])
+			&& isset($row['data']['destdir'])
+			) {
+				$row['data']['destdir'] = makeCorrectDir($row['data']['destdir']);
+				$customerdocroot = makeCorrectDir(Settings::Get('system.documentroot_prefix').'/'.$row['data']['loginname'].'/');
+
+				if (!file_exists($row['data']['destdir'])
+					&& $row['data']['destdir'] != '/'
+					&& $row['data']['destdir'] != Settings::Get('system.documentroot_prefix')
+					&& $row['data']['destdir'] != $customerdocroot
+					) {
+						$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Creating backup-destination path for customer: ' . escapeshellarg($row['data']['destdir']));
+						safe_exec('mkdir -p '.escapeshellarg($row['data']['destdir']));
+					}
+
+					createCustomerBackup($row['data'], $customerdocroot, $cronlog);
+			}
+	}
+
+	// remove entry
+	Database::pexecute($del_stmt, array('id' => $row['id']));
+}
+
+if (function_exists('pcntl_fork')) {
+	@unlink($BackupLock);
+	die();
+}

scripts/jobs/cron_letsencrypt.php

@@ -1,4 +1,6 @@
-<?php if (!defined('MASTER_CRONJOB')) die('You cannot access this file directly!');
+<?php
+if (! defined('MASTER_CRONJOB'))
+	die('You cannot access this file directly!');
 
 /**
  * This file is part of the Froxlor project.
@@ -8,62 +10,123 @@
  * file that was distributed with this source code. You can also view the
  * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
  *
- * @copyright  (c) the authors
- * @author     Florian Aders  <kontakt-froxlor@neteraser.de>
- * @author     Froxlor team <team@froxlor.org> (2016-)
- * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
- * @package    Cron
+ * @copyright (c) the authors
+ * @author Florian Aders <kontakt-froxlor@neteraser.de>
+ * @author Froxlor team <team@froxlor.org> (2016-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Cron
  *
- * @since      0.9.35
+ * @since 0.9.35
  *
  */
 
 $cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating Let's Encrypt certificates");
 
-$certificates_stmt = Database::query("
-	SELECT domssl.`id`, domssl.`domainid`, domssl.expirationdate, domssl.`ssl_cert_file`, domssl.`ssl_key_file`, domssl.`ssl_ca_file`, domssl.`ssl_csr_file`, dom.`domain`, dom.`iswildcarddomain`, dom.`wwwserveralias`,
-	dom.`documentroot`, dom.`id` as 'domainid', dom.`ssl_redirect`, cust.`leprivatekey`, cust.`lepublickey`, cust.customerid, cust.loginname
-	FROM `".TABLE_PANEL_CUSTOMERS."` as cust, `".TABLE_PANEL_DOMAINS."` dom LEFT JOIN `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` domssl ON (dom.id = domssl.domainid)
-	WHERE dom.customerid = cust.customerid AND dom.letsencrypt = 1 AND (domssl.expirationdate < DATE_ADD(NOW(), INTERVAL 30 DAY) OR domssl.expirationdate IS NULL)
-");
+if (! extension_loaded('curl')) {
+	$cronlog->logAction(CRON_ACTION, LOG_ERR, "Let's Encrypt requires the php cURL extension to be installed.");
+	exit();
+}
 
-$updcert_stmt = Database::prepare("
-	REPLACE INTO `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` SET `id` = :id, `domainid` = :domainid, `ssl_cert_file` = :crt, `ssl_key_file` = :key, `ssl_ca_file` = :ca, `ssl_cert_chainfile` = :chain, `ssl_csr_file` = :csr, expirationdate = :expirationdate
-");
+$certificates_stmt = Database::query(
+	"
+		SELECT
+			domssl.`id`,
+			domssl.`domainid`,
+			domssl.expirationdate,
+			domssl.`ssl_cert_file`,
+			domssl.`ssl_key_file`,
+			domssl.`ssl_ca_file`,
+			domssl.`ssl_csr_file`,
+			dom.`domain`,
+			dom.`wwwserveralias`,
+			dom.`documentroot`,
+			dom.`id` AS 'domainid',
+			dom.`ssl_redirect`,
+			cust.`leprivatekey`,
+			cust.`lepublickey`,
+			cust.`customerid`,
+			cust.`loginname`
+		FROM
+			`" . TABLE_PANEL_CUSTOMERS . "` AS cust,
+			`" . TABLE_PANEL_DOMAINS . "` AS dom
+		LEFT JOIN
+			`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` AS domssl ON
+				dom.`id` = domssl.`domainid`
+		WHERE
+			dom.`customerid` = cust.`customerid`
+			AND dom.`letsencrypt` = 1
+			AND dom.`aliasdomain` IS NULL
+			AND dom.`iswildcarddomain` = 0
+			AND (
+				domssl.`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY)
+				OR domssl.`expirationdate` IS NULL
+			)
+	");
 
-$upddom_stmt = Database::prepare("
-	UPDATE `".TABLE_PANEL_DOMAINS."` SET `ssl_redirect` = '1' WHERE `id` = :domainid
-");
+$aliasdomains_stmt = Database::prepare(
+	"
+		SELECT
+			dom.`id` as domainid,
+			dom.`domain`,
+			dom.`wwwserveralias`
+		FROM `" . TABLE_PANEL_DOMAINS . "` AS dom
+		WHERE
+			dom.`aliasdomain` = :id
+			AND dom.`letsencrypt` = 1
+			AND dom.`iswildcarddomain` = 0
+	");
+
+$updcert_stmt = Database::prepare(
+	"
+		REPLACE INTO
+			`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
+		SET
+			`id` = :id,
+			`domainid` = :domainid,
+			`ssl_cert_file` = :crt,
+			`ssl_key_file` = :key,
+			`ssl_ca_file` = :ca,
+			`ssl_cert_chainfile` = :chain,
+			`ssl_csr_file` = :csr,
+			`expirationdate` = :expirationdate
+	");
+
+$upddom_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `ssl_redirect` = '1' WHERE `id` = :domainid");
 
 $changedetected = 0;
 $certrows = $certificates_stmt->fetchAll(PDO::FETCH_ASSOC);
-foreach($certrows AS $certrow) {
+foreach ($certrows as $certrow) {
 
-    // set logger to corresponding loginname for the log to appear in the users system-log
-    $cronlog = FroxlorLogger::getInstanceOf(array('loginname' => $certrow['loginname']));
+	// set logger to corresponding loginname for the log to appear in the users system-log
+	$cronlog = FroxlorLogger::getInstanceOf(array(
+		'loginname' => $certrow['loginname']
+	));
 
 	// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
-	if ($certrow['ssl_redirect'] != 2)
-	{
+	if ($certrow['ssl_redirect'] != 2) {
 		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Updating " . $certrow['domain']);
 
-		if ($certrow['ssl_cert_file']) {
-			$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "letsencrypt using old key / SAN for " . $certrow['domain']);
-			// Parse the old certificate
-			$x509data = openssl_x509_parse($certrow['ssl_cert_file']);
+		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: " . $certrow['domain']);
+		$domains = array(
+			$certrow['domain']
+		);
+		// add www.<domain> to SAN list
+		if ($certrow['wwwserveralias'] == 1) {
+			$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: www." . $certrow['domain']);
+			$domains[] = 'www.' . $certrow['domain'];
+		}
 
-			// We are interessted in the old SAN - data
-			$san = explode(', ', $x509data['extensions']['subjectAltName']);
-			$domains = array();
-			foreach($san as $dnsname) {
-				$domains[] = substr($dnsname, 4);
-			}
-		} else {
-			$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "letsencrypt generating new key / SAN for " . $certrow['domain']);
-			$domains = array($certrow['domain']);
-			// Add www.<domain> for SAN
-			if ($certrow['wwwserveralias'] == 1) {
-				$domains[] = 'www.' . $certrow['domain'];
+		// add alias domains (and possibly www.<aliasdomain>) to SAN list
+		Database::pexecute($aliasdomains_stmt, array(
+			'id' => $certrow['domainid']
+		));
+		$aliasdomains = $aliasdomains_stmt->fetchAll(PDO::FETCH_ASSOC);
+		foreach ($aliasdomains as $aliasdomain) {
+			$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: " . $aliasdomain['domain']);
+			$domains[] = $aliasdomain['domain'];
+			if ($aliasdomain['wwwserveralias'] == 1) {
+				$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: www." . $aliasdomain['domain']);
+				$domains[] = 'www.' . $aliasdomain['domain'];
 			}
 		}
 
@@ -81,7 +144,8 @@ foreach($certrows AS $certrow) {
 			$newcert = openssl_x509_parse($return['crt']);
 
 			// Store the new data
-			Database::pexecute($updcert_stmt, array(
+			Database::pexecute($updcert_stmt,
+				array(
 					'id' => $certrow['id'],
 					'domainid' => $certrow['domainid'],
 					'crt' => $return['crt'],
@@ -90,25 +154,24 @@ foreach($certrows AS $certrow) {
 					'chain' => $return['chain'],
 					'csr' => $return['csr'],
 					'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
-				)
-			);
+				));
 
 			if ($certrow['ssl_redirect'] == 3) {
 				Database::pexecute($upddom_stmt, array(
-						'domainid' => $certrow['domainid']
-					)
-				);
+					'domainid' => $certrow['domainid']
+				));
 			}
 
 			$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
 
 			$changedetected = 1;
-
 		} catch (Exception $e) {
-			$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
+			$cronlog->logAction(CRON_ACTION, LOG_ERR,
+				"Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
 		}
 	} else {
-		$cronlog->logAction(CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
+		$cronlog->logAction(CRON_ACTION, LOG_WARNING,
+			"Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
 	}
 }
 
@@ -119,5 +182,7 @@ if ($changedetected) {
 }
 
 // reset logger
-$cronlog = FroxlorLogger::getInstanceOf(array('loginname' => 'cronjob'));
+$cronlog = FroxlorLogger::getInstanceOf(array(
+	'loginname' => 'cronjob'
+));
 $cronlog->logAction(CRON_ACTION, LOG_INFO, "Let's Encrypt certificates have been updated");

scripts/jobs/cron_tasks.inc.dns.10.bind.php

@@ -121,8 +121,8 @@ class bind {
 		}
 
 		if (empty($domains)) {
-		    $this->logger->logAction(CRON_ACTION, LOG_INFO, 'No domains found for nameserver-config, skipping...');
-		    return;
+			$this->logger->logAction(CRON_ACTION, LOG_INFO, 'No domains found for nameserver-config, skipping...');
+			return;
 		}
 
 		// collect domain IDs of direct child domains as arrays in ['children'] column
@@ -203,20 +203,23 @@ class bind {
 			$subzones.= $this->walkDomainList($domains[$child_domain_id], $domains);
 		}
 
-		if ($domain['ismainbutsubto'] == 0 &&  $domain['zonefile'] == '') {
-			$zonefile = $this->generateZone($domain);
-			$domain['zonefile'] = 'domains/' . $domain['domain'] . '.zone';
-			$zonefile_name = makeCorrectFile(Settings::Get('system.bindconf_directory') . '/' . $domain['zonefile']);
-			$this->_known_filenames[] = basename($zonefile_name);
-			$zonefile_handler = fopen($zonefile_name, 'w');
-			fwrite($zonefile_handler, $zonefile.$subzones);
-			fclose($zonefile_handler);
-			$this->logger->logAction(CRON_ACTION, LOG_INFO, '`' . $zonefile_name . '` zone written');
+		if ($domain['zonefile'] == '') {
+			if ($domain['ismainbutsubto'] == 0) {
+				$zonefile = $this->generateZone($domain);
+				$domain['zonefile'] = 'domains/' . $domain['domain'] . '.zone';
+				$zonefile_name = makeCorrectFile(Settings::Get('system.bindconf_directory') . '/' . $domain['zonefile']);
+				$this->_known_filenames[] = basename($zonefile_name);
+				$zonefile_handler = fopen($zonefile_name, 'w');
+				fwrite($zonefile_handler, $zonefile.$subzones);
+				fclose($zonefile_handler);
+				$this->logger->logAction(CRON_ACTION, LOG_INFO, '`' . $zonefile_name . '` zone written');
+				$this->_bindconf_file .= $this->_generateDomainConfig($domain);
+			} else {
+				return $this->generateZone($domain);
+			}
 		} else {
-			return $this->generateZone($domain);
-		}
-
-		if ($zonefile !== '') {
+			$this->logger->logAction(CRON_ACTION, LOG_INFO, 'Added zonefile ' . $domain['zonefile'] . ' for domain ' . $domain['domain'] .
+					' - Note that you will also have to handle ALL records for ALL subdomains.');
 			$this->_bindconf_file .= $this->_generateDomainConfig($domain);
 		}
 	}

scripts/jobs/cron_tasks.inc.http.30.nginx.php

@@ -155,7 +155,7 @@ class nginx extends HttpConfigBase {
 				/**
 				 * this HAS to be set for the default host in nginx or else no vhost will work
 				 */
-				$this->nginx_data[$vhost_filename] .= "\t". 'listen    ' . $ip . ':' . $port . ' default'. ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
+				$this->nginx_data[$vhost_filename] .= "\t". 'listen    ' . $ip . ':' . $port . ' default_server'. ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
 
 				$this->nginx_data[$vhost_filename] .= "\t".'# Froxlor default vhost' . "\n";
 				$this->nginx_data[$vhost_filename] .= "\t".'server_name    ' . Settings::Get('system.hostname') . ';' . "\n";
@@ -207,11 +207,11 @@ class nginx extends HttpConfigBase {
 				$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;\n";
 				$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n";
 				$this->nginx_data[$vhost_filename] .= "\t\ttry_files \$fastcgi_script_name =404;\n";
-				
+
 				if ($row_ipsandports['ssl'] == '1') {
 					$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_param HTTPS on;\n";
 				}
-				
+
 				if ((int)Settings::Get('phpfpm.enabled') == 1 && (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) {
 					$domain = array(
 						'id' => 'none',
@@ -225,16 +225,16 @@ class nginx extends HttpConfigBase {
 						'loginname' => 'froxlor.panel',
 						'documentroot' => $mypath,
 					);
-					
+
 					$php = new phpinterface($domain);
 					$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass unix:".$php->getInterface()->getSocketFile().";\n";
 				} else {
 					$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_pass ".Settings::Get('system.nginx_php_backend').";\n";
 				}
-				
+
 				$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_index index.php;\n";
 				$this->nginx_data[$vhost_filename] .= "\t}\n";
-				
+
 				$this->nginx_data[$vhost_filename] .= "}\n\n";
 				// End of Froxlor server{}-part
 			}
@@ -422,7 +422,11 @@ class nginx extends HttpConfigBase {
 		) {
 			$vhost_content.= "\n" . $this->composeSslSettings($domain) . "\n";
 		}
-		$vhost_content.= "\t".'include /etc/nginx/acme.conf;'."\n";
+
+		if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.leenabled') == '1')
+		{
+			$vhost_content.= "\t".'include /etc/nginx/acme.conf;'."\n";
+		}
 
 		// if the documentroot is an URL we just redirect
 		if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
@@ -562,7 +566,7 @@ class nginx extends HttpConfigBase {
 		}
 
 		if ($domain_or_ip['ssl_cert_file'] != '') {
-		    
+
 		    // check for existence, #1485
 		    if (!file_exists($domain_or_ip['ssl_cert_file'])) {
 		        $this->logger->logAction(CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate file "'.$domain_or_ip['ssl_cert_file'].'" does not exist! Cannot create ssl-directives');
@@ -575,7 +579,7 @@ class nginx extends HttpConfigBase {
 					$sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n";
     			$sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n";
     			$sslsettings .= "\t" . 'ssl_certificate ' . makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n";
-    
+
     			if ($domain_or_ip['ssl_key_file'] != '') {
     			    // check for existence, #1485
     			    if (!file_exists($domain_or_ip['ssl_key_file'])) {
@@ -585,7 +589,7 @@ class nginx extends HttpConfigBase {
     				    $sslsettings .= "\t" . 'ssl_certificate_key ' .makeCorrectFile($domain_or_ip['ssl_key_file']) . ';' .  "\n";
     			    }
     			}
-    
+
     			if ($domain_or_ip['ssl_ca_file'] != '') {
     			    // check for existence, #1485
     			    if (!file_exists($domain_or_ip['ssl_ca_file'])) {
@@ -595,7 +599,7 @@ class nginx extends HttpConfigBase {
     				    $sslsettings.= "\t" . 'ssl_client_certificate ' . makeCorrectFile($domain_or_ip['ssl_ca_file']) . ';' . "\n";
     			    }
     			}
-    			
+
 				if (isset($domain_or_ip['hsts']) && $domain_or_ip['hsts'] > 0) {
 
 					$vhost_content .= 'add_header Strict-Transport-Security "max-age=' . $domain_or_ip['hsts'];
@@ -835,11 +839,11 @@ class nginx extends HttpConfigBase {
 				$phpopts .= "\t\tfastcgi_param HTTPS on;\n";
 			}
 			$phpopts .= "\t}\n\n";
-			
+
 		}
 		return $phpopts;
 	}
-	
+
 
 	protected function getWebroot($domain, $ssl) {
 		$webroot_text = '';

scripts/jobs/cron_tasks.php

@@ -30,8 +30,9 @@ require_once makeCorrectFile(dirname(__FILE__) . '/cron_tasks.inc.http.35.nginx_
  * LOOK INTO TASKS TABLE TO SEE IF THERE ARE ANY UNDONE JOBS
  */
 $cronlog->logAction(CRON_ACTION, LOG_INFO, "cron_tasks: Searching for tasks to do");
+// no type 99 (regenerate cron.d-file) and no type 20 (customer backup)
 $result_tasks_stmt = Database::query("
-	SELECT `id`, `type`, `data` FROM `" . TABLE_PANEL_TASKS . "` WHERE `type` <> '99' ORDER BY `id` ASC
+	SELECT `id`, `type`, `data` FROM `" . TABLE_PANEL_TASKS . "` WHERE `type` <> '99' AND `type` <> '20' ORDER BY `id` ASC
 ");
 $num_results = Database::num_rows();
 $resultIDs = array();
@@ -165,6 +166,12 @@ while ($row = $result_tasks_stmt->fetch(PDO::FETCH_ASSOC)) {
 			}
 			$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Running: chown -R ' . (int)Settings::Get('system.vmail_uid') . ':' . (int)Settings::Get('system.vmail_gid') . ' ' . escapeshellarg($usermaildir));
 			safe_exec('chown -R ' . (int)Settings::Get('system.vmail_uid') . ':' . (int)Settings::Get('system.vmail_gid') . ' ' . escapeshellarg($usermaildir));
+
+			// clear NSCD cache if using fcgid or fpm, #1570
+			if (Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {
+				$false_val = false;
+				safe_exec('nscd -i group 1> /dev/null', $false_val, array('>'));
+			}
 		}
 	}
 
@@ -395,7 +402,7 @@ while ($row = $result_tasks_stmt->fetch(PDO::FETCH_ASSOC)) {
 						}
 					}
 				}
-			}	
+			}
 		}
 	}
 }

templates/Sparkle/admin/domains/domains_domain.tpl

@@ -1,23 +1,20 @@
-<if $row['termination_date'] != ''>
-    <tr class="{$row['termination_css']}">
+<if $row['termination_css'] != ''>
+	<tr class="{$row['termination_css']}">
 </if>
-<if $row['termination_date'] == ''>
-    <tr>
+<if $row['termination_css'] == ''>
+	<tr>
 </if>
-
-
 	<td>{$row['domain']}
 		<if (isset($row['standardsubdomain']) && $row['standardsubdomain'] == $row['id'])>
 			&nbsp;({$lng['admin']['stdsubdomain']})
 		</if>
-                <if $row['termination_date'] != ''>
-                    <br><small><div class="red">({$lng['domains']['termination_date_overview']} {$row['termination_date']})</div></small>
-            </if>
-
+		<if $row['termination_date'] != ''>
+			<br><small><div class="red">({$lng['domains']['termination_date_overview']} {$row['termination_date']})</div></small>
+		</if>
 	</td>
 	<td>{$row['ipandport']}</td>
 	<td>{$row['customername']}&nbsp;
-		(<a href="{$linker->getLink(array('section' => 'customers', 'page' => 'customers', 'action' => 'su', 'id' => $row['customerid']))}" rel="external">{$row['loginname']}</a>)
+		<if !empty($row['loginname'])>(<a href="{$linker->getLink(array('section' => 'customers', 'page' => 'customers', 'action' => 'su', 'id' => $row['customerid']))}" rel="external">{$row['loginname']}</a>)</if>
 	</td>
 	<td>
 		<a href="{$linker->getLink(array('section' => 'domains', 'page' => $page, 'action' => 'edit', 'id' => $row['id']))}">
@@ -26,7 +23,7 @@
 		<if $row['letsencrypt'] == '1'>
 			<img src="templates/{$theme}/assets/img/icons/ssl_letsencrypt.png" alt="{$lng['panel']['letsencrypt']}" title="{$lng['panel']['letsencrypt']}" />
 		</if>
-		<if !(isset($row['domainaliasid']) && $row['domainaliasid'] != 0)>
+		<if !(isset($row['domainaliasid']) && $row['domainaliasid'] != 0) && $row['id'] != Settings::Get('system.hostname_id')>
 			<if !(isset($row['standardsubdomain']) && $row['standardsubdomain'] == $row['id'])>
 				&nbsp;<a href="{$linker->getLink(array('section' => 'domains', 'page' => $page, 'action' => 'delete', 'id' => $row['id']))}">
 					<img src="templates/{$theme}/assets/img/icons/delete.png" alt="{$lng['panel']['delete']}" title="{$lng['panel']['delete']}" />

templates/Sparkle/assets/css/main.css

@@ -1495,11 +1495,21 @@ fieldset.file {
 }
 
 .domain-canceled {
-    /* Color copied from .warningcontainer */
-    background-color: #fffecc;
+	/* Color copied from .warningcontainer */
+	background-color: #fffecc;
 }
 
 .domain-expired {
-    /* Color copied from .errorcontainer */
-    background-color: rgb(242, 222, 222);
-}
+	/* Color copied from .errorcontainer */
+	background-color: rgb(242, 222, 222);
+}
+
+.domain-hostname {
+	background-color: rgb(53, 106, 160);
+	color: #ddd;
+	font-weight: bold;
+}
+
+table.hl tbody tr.domain-hostname:hover {
+	background-color: rgb(64, 150, 238);
+}

templates/Sparkle/assets/js/main.js

@@ -70,7 +70,7 @@ $(document).ready(function() {
 	var snheight = $('#sidenavigation').height();
 	var mainheight = $('#maincontent').height();
 	if (snheight > mainheight && !$('#newsfeed').length) {
-		$('#maincontent').height(snheight);
+		$('#maincontent').css("min-height", snheight);
 	}
 	// this is necessary for the special setting feature (ref #1010)
 	$.getQueryVariable = function(key) {
@@ -219,4 +219,4 @@ $(document).ready(function() {
 	});
 
 	autosize($('textarea.shell'));
-});
+});

templates/Sparkle/customer/extras/backup.tpl

@@ -0,0 +1,26 @@
+$header
+	<article>
+		<header>
+			<h2>
+				<img src="templates/{$theme}/assets/img/icons/backup_big.png" alt="{$title}" />&nbsp;
+				{$title}
+			</h2>
+		</header>
+
+		<section>
+
+			<form action="{$linker->getLink(array('section' => 'extras'))}" method="post" enctype="application/x-www-form-urlencoded">
+				<input type="hidden" name="s" value="$s" />
+				<input type="hidden" name="page" value="$page" />
+				<input type="hidden" name="action" value="$action" />
+				<input type="hidden" name="send" value="send" />
+
+				<table class="full">
+					{$backup_form}
+				</table>
+			</form>
+
+		</section>
+
+	</article>
+$footer