set version to 0.9.40 for upcoming release

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
Merge pull request #583 from heavygale/patch-1
2018-11-10 11:34:50 +01:00 · 2018-10-27 17:14:28 +02:00 · 2018-10-27 14:57:27 +02:00 · 2018-10-20 14:02:17 +02:00 · 2018-10-20 13:29:25 +02:00 · 2018-10-17 11:55:36 +02:00
207 changed files with 22934 additions and 11164 deletions
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -0,0 +1,58 @@
+# Contributing
+
+Before you start working on a PR, contact us via IRC in #froxlor on Freenode or
+the forum at https://forum.froxlor.org to get a clue whether someone else isn't
+already working on it or if we don't want to invest the effort in favour of
+working on Froxlor 2.0.
+Of course, bug fixes are always welcome.
+However, at this stage of the 0.9.x branch, we are not looking for new
+features or refactoring, especially not the kind which requires changes to a
+lot of files.
+Currently, we are working on a complete re-write, which, at this point in
+time, is not yet public to keep delays due to discussions about internal
+details to a minimum.
+
+
+
+
+## Checklist
+
+General rules for PRs are:
+* Please save us all some trouble and unnecessary round-trips by _testing_ your
+changes.
+
+* Re-write your commit history to provide a CLEAN history!
+
+	* i.e. do not provide PRs which contain a commit that changes something,
+	the next changes it back, a third one changes it again, only a little
+	differently...
+
+
+Thanks!
+
+
+
+
+### Webserver changes
+If you make changes to the functionality of webserver configuration, please
+make sure your implementation covers both apache **and** nginx.
+
+
+
+
+### l10n
+
+If you add new language strings, please make sure you add the english fallback
+strings in
+
+* `lng/english.lng.php`
+* `install/lng/english.lng.php` (if applicable)
+
+
+
+
+### New settings
+If you add new settings, please make sure you add the default values to
+
+* `install/froxlor.sql`
+* handle the update (see `install/updates/froxlor/0.9/update_0.9.inc.php`)
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,64 @@
+# Bug report vs. support request
+If you're unsure of whether your problem is a bug or a configuration error
+* contact us via IRC in #froxlor on freenode
+* or post a thread in our forum at https://forum.froxlor.org
+
+As a rule of thumb: before reporting an issue
+* see if it hasn't been [reported](https://github.com/Froxlor/froxlor/issues) (and possibly already been [fixed](https://github.com/Froxlor/froxlor/issues?utf8=✓&q=is:issue%20is:closed)) first
+* try with the git master
+
+
+
+
+
+# Summary
+
+Please provide a concise summary of the problem you're experiencing...
+
+
+
+
+# System information
+* Froxlor version: $version/$gitSHA1
+* Web server: apache2/nginx/lighttpd
+* DNS server: Bind/PowerDNS (standalone)/PowerDNS (Bind-backend)
+* POP/IMAP server: Courier/Dovecot
+* SMTP server: postfix/exim
+* FTP server: proftpd/pureftpd
+* OS/Version: ...
+
+
+
+
+# Steps to reproduce
+
+1.
+2.
+3.
+
+
+
+
+# Expected behavior
+
+1.
+2.
+3.
+
+
+
+
+# Actual behavior
+
+1.
+2.
+3.
+
+
+
+
+# Log files/log entries
+syslog:
+<pre>
+example
+</pre>
--- a/README.md
+++ b/README.md
@@ -11,13 +11,13 @@ Developed by experienced server administrators, this panel simplifies the effort
 3. Point your browser to http://[ip-of-webserver]/froxlor
 4. Follow the installer
 5. Login as administrator
-6. Adjust "Server > Settings" according to your needs
-7. Choose your distribution under "Server > Configuration"
+6. Adjust "System > Settings" according to your needs
+7. Choose your distribution under "System > Configuration"
 8. Follow the steps for your services
 9. Have fun!

 ### Detailed installation
-http://redmine.froxlor.org/projects/froxlor/wiki/Installationtarball
+https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-from-tarball

 ## Help

@@ -30,12 +30,12 @@ irc://chat.freenode.net/froxlor

 ### Forum

-The community is located on http://forum.froxlor.org
+The community is located on https://forum.froxlor.org/

 ### Wiki

 More documentation may be found in the froxlor - wiki:
-http://redmine.froxlor.org/projects/froxlor/wiki
+https://github.com/Froxlor/Froxlor/wiki

 ## License

@@ -44,31 +44,21 @@ May be found in COPYING
 ## Downloads

 ### Tarball
-http://files.froxlor.org/releases/froxlor-latest.tar.gz [MD5](http://files.froxlor.org/releases/froxlor-latest.tar.gz.md5) [SHA1](http://files.froxlor.org/releases/froxlor-latest.tar.gz.sha1)
+https://files.froxlor.org/releases/froxlor-latest.tar.gz [MD5](https://files.froxlor.org/releases/froxlor-latest.tar.gz.md5) [SHA1](https://files.froxlor.org/releases/froxlor-latest.tar.gz.sha1)

 ### Debian repository

-[HowTo](http://redmine.froxlor.org/projects/froxlor/wiki/Installationdebian)
+[HowTo](https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-on-debian)

 /etc/apt/sources.list.d/froxlor.list
-> deb http://debian.froxlor.org {wheezy|jessie} main
+> deb http://debian.froxlor.org {wheezy|jessie|stretch} main

 ### Gentoo repository

-[HowTo](http://redmine.froxlor.org/projects/froxlor/wiki/Installationgentoo)
+[HowTo](https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-on-gentoo)

-http://files.froxlor.org/gentoo/repositories.xml
+https://files.froxlor.org/gentoo/repositories.xml

-## Let's Encrypt support
-
-This version of Froxlor contains a test implementation of support for [Let's Encrypt](https://letsencrypt.org). This is (as Let's Encrypt is in itself)
-still a beta version and may break your system. The way it currently works is by creating a (sub-)domain with the default system - certificate,
-after which the Let's Encrypt cronjob orders the certificate for this (sub-)domain and inserts the certificates in the database. With the next run
-of the default cronjob, the certificates will be updated on the disk and the webserver reloaded.
-
-This has 2 known side-effects at the moment:
-* The basic ip/port combinations don't work with the Froxlor - integration of Let's Encrypt, since it needs a certificate for the very first creation
-* After creating a domain, it will have the default certificate for a short time (by default 5 minutes until the cronjob runs the next time)
-
-It may be possible to fix these issues, but they are not a priority at the moment
+## Contributing

+[see here](.github/CONTRIBUTING.md)
--- a/actions/admin/settings/100.panel.php
+++ b/actions/admin/settings/100.panel.php
@@ -71,7 +71,7 @@ return array(
 					'settinggroup' => 'panel',
 					'varname' => 'no_robots',
 					'type' => 'bool',
-					'default' => false,
+					'default' => true,
 					'save_method' => 'storeSettingField',
 					),
 				'panel_paging' => array(
@@ -227,6 +227,31 @@ return array(
 					'default' => false,
 					'save_method' => 'storeSettingField',
 					),
+				'panel_customer_hide_options' => array(
+					'label' => $lng['serversettings']['panel_customer_hide_options'],
+					'settinggroup' => 'panel',
+					'varname' => 'customer_hide_options',
+					'type' => 'option',
+					'default' => '',
+					'option_mode' => 'multiple',
+					'option_emptyallowed' => true,
+					'option_options' => array(
+						'email'                       => $lng['menue']['email']['email'],
+						'mysql'                       => $lng['menue']['mysql']['mysql'],
+						'domains'                     => $lng['menue']['domains']['domains'],
+						'ftp'                         => $lng['menue']['ftp']['ftp'],
+						'extras'                      => $lng['menue']['extras']['extras'],
+						'extras.directoryprotection'  => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['directoryprotection'],
+						'extras.pathoptions'          => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['pathoptions'],
+						'extras.logger'               => $lng['menue']['extras']['extras']." / ".$lng['menue']['logger']['logger'],
+						'extras.backup'               => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['backup'],
+						'traffic'                     => $lng['menue']['traffic']['traffic'],
+						'traffic.http'                => $lng['menue']['traffic']['traffic']." / HTTP",
+						'traffic.ftp'                 => $lng['menue']['traffic']['traffic']." / FTP",
+						'traffic.mail'                => $lng['menue']['traffic']['traffic']." / Mail",
+					),
+					'save_method' => 'storeSettingField',
+					),
 				),
 			),
 		),
--- a/actions/admin/settings/120.system.php
+++ b/actions/admin/settings/120.system.php
@@ -69,14 +69,6 @@ return array(
 					'save_method' => 'storeSettingHostname',
 					'plausibility_check_method' => 'checkHostname',
 					),
-				'system_froxlordirectlyviahostname' => array(
-					'label' => $lng['serversettings']['froxlordirectlyviahostname'],
-					'settinggroup' => 'system',
-					'varname' => 'froxlordirectlyviahostname',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-					),
 				'system_validatedomain' => array(
 					'label' => $lng['serversettings']['validate_domain'],
 					'settinggroup' => 'system',
@@ -102,6 +94,14 @@ return array(
 					'plausibility_check_method' => 'checkMysqlAccessHost',
 					'save_method' => 'storeSettingMysqlAccessHost',
 					),
+				'system_nssextrausers' => array(
+					'label' => $lng['serversettings']['nssextrausers'],
+					'settinggroup' => 'system',
+					'varname' => 'nssextrausers',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+					),
 				'system_index_file_extension' => array(
 					'label' => $lng['serversettings']['index_file_extension'],
 					'settinggroup' => 'system',
@@ -160,6 +160,65 @@ return array(
 					'default' => 90,
 					'save_method' => 'storeSettingField',
 					),
+
+				'system_mail_use_smtp' => array(
+					'label' => $lng['serversettings']['mail_use_smtp'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_use_smtp',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_host' => array(
+					'label' => $lng['serversettings']['mail_smtp_host'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_host',
+					'type' => 'string',
+					'default' => 'localhost',
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_port' => array(
+					'label' => $lng['serversettings']['mail_smtp_port'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_port',
+					'type' => 'int',
+					'int_min' => 1,
+					'int_max' => 65535,
+					'default' => 25,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_usetls' => array(
+					'label' => $lng['serversettings']['mail_smtp_usetls'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_usetls',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_auth' => array(
+					'label' => $lng['serversettings']['mail_smtp_auth'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_auth',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_user' => array(
+					'label' => $lng['serversettings']['mail_smtp_user'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_user',
+					'type' => 'string',
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_passwd' => array(
+					'label' => $lng['serversettings']['mail_smtp_passwd'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_passwd',
+					'type' => 'hiddenString',
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					),
 				),
 			),
 		),
--- a/actions/admin/settings/122.froxlorvhost.php
+++ b/actions/admin/settings/122.froxlorvhost.php
@@ -0,0 +1,192 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2016-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Settings
+ *
+ */
+return array(
+	'groups' => array(
+		'froxlorvhost' => array(
+			'title' => $lng['admin']['froxlorvhost'],
+			'fields' => array(
+				/**
+				 * Webserver-Vhost
+				 */
+				'system_froxlordirectlyviahostname' => array(
+					'label' => $lng['serversettings']['froxlordirectlyviahostname'],
+					'settinggroup' => 'system',
+					'varname' => 'froxlordirectlyviahostname',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				/**
+				 * SSL / Let's Encrypt
+				 */
+				'system_le_froxlor_enabled' => array(
+					'label' => $lng['serversettings']['le_froxlor_enabled'],
+					'settinggroup' => 'system',
+					'varname' => 'le_froxlor_enabled',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingClearCertificates',
+					'visible' => Settings::Get('system.leenabled')
+				),
+				'system_le_froxlor_redirect' => array(
+					'label' => $lng['serversettings']['le_froxlor_redirect'],
+					'settinggroup' => 'system',
+					'varname' => 'le_froxlor_redirect',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_hsts_maxage' => array(
+					'label' => $lng['admin']['domain_hsts_maxage'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_maxage',
+					'type' => 'int',
+					'int_min' => 0,
+					'int_max' => 94608000, // 3-years
+					'default' => 0,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_hsts_incsub' => array(
+					'label' => $lng['admin']['domain_hsts_incsub'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_incsub',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_hsts_preload' => array(
+					'label' => $lng['admin']['domain_hsts_preload'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_preload',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				/**
+				 * FCGID
+				 */
+				'system_mod_fcgid_enabled_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_ownvhost',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_httpuser' => array(
+					'label' => $lng['admin']['mod_fcgid_user'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_httpuser',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingWebserverFcgidFpmUser',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_httpgroup' => array(
+					'label' => $lng['admin']['mod_fcgid_group'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_httpgroup',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_defaultini_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_defaultini_ownvhost',
+					'type' => 'option',
+					'default' => '2',
+					'option_mode' => 'one',
+					'option_options_method' => 'getPhpConfigs',
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				/**
+				 * php-fpm
+				 */
+				'system_phpfpm_enabled_ownvhost' => array(
+					'label' => $lng['phpfpm']['ownvhost'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'enabled_ownvhost',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_httpuser' => array(
+					'label' => $lng['phpfpm']['vhost_httpuser'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_httpuser',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingWebserverFcgidFpmUser',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_httpgroup' => array(
+					'label' => $lng['phpfpm']['vhost_httpgroup'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_httpgroup',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_defaultini_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_defaultini',
+					'type' => 'option',
+					'default' => '2',
+					'option_mode' => 'one',
+					'option_options_method' => 'getPhpConfigs',
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				/**
+				 * DNS
+				 */
+				'system_dns_createhostnameentry' => array(
+					'label' => $lng['serversettings']['dns_createhostnameentry'],
+					'settinggroup' => 'system',
+					'varname' => 'dns_createhostnameentry',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.bind_enable')
+				)
+			)
+		)
+	)
+);
--- a/actions/admin/settings/130.webserver.php
+++ b/actions/admin/settings/130.webserver.php
@@ -60,6 +60,19 @@ return array(
 						'apache2'
 					)
 				),
+				'system_http2_support' => array(
+					'label' => $lng['serversettings']['http2_support'],
+					'settinggroup' => 'system',
+					'varname' => 'http2_support',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2',
+						'nginx'
+					),
+					'visible' => Settings::Get('system.use_ssl')
+				),
 				'system_httpuser' => array(
 					'label' => $lng['admin']['webserver_user'],
 					'settinggroup' => 'system',
@@ -112,6 +125,58 @@ return array(
 					'default' => '/var/customers/logs/',
 					'save_method' => 'storeSettingField'
 				),
+				'system_logfiles_script' => array(
+					'label' => $lng['serversettings']['logfiles_script'],
+					'settinggroup' => 'system',
+					'varname' => 'logfiles_script',
+					'type' => 'string',
+					'string_type' => '',
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					)
+				),
+				'system_logfiles_piped' => array(
+					'label' => $lng['serversettings']['logfiles_piped'],
+					'settinggroup' => 'system',
+					'varname' => 'logfiles_piped',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					)
+				),
+				'system_logfiles_format' => array(
+					'label' => $lng['serversettings']['logfiles_format'],
+					'settinggroup' => 'system',
+					'varname' => 'logfiles_format',
+					'type' => 'string',
+					'default' => '',
+					'string_emptyallowed' => true,
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2',
+						'nginx'
+					)
+				),
+				'system_logfiles_type' => array(
+					'label' => $lng['serversettings']['logfiles_type'],
+					'settinggroup' => 'system',
+					'varname' => 'logfiles_type',
+					'type' => 'option',
+					'default' => '1',
+					'option_mode' => 'one',
+					'option_options' => array(
+						'1' => 'combined',
+						'2' => 'vhost_combined'
+					),
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					)
+				),
 				'system_customersslpath' => array(
 					'label' => $lng['serversettings']['customerssl_directory'],
 					'settinggroup' => 'system',
@@ -260,11 +325,7 @@ return array(
 					'varname' => 'enabled',
 					'type' => 'bool',
 					'default' => false,
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array(
-						'apache2',
-						'lighttpd'
-					)
+					'save_method' => 'storeSettingField'
 				),
 				'customredirect_default' => array(
 					'label' => $lng['serversettings']['customredirect_default'],
@@ -274,11 +335,7 @@ return array(
 					'default' => '1',
 					'option_mode' => 'one',
 					'option_options_method' => 'getRedirectCodes',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array(
-						'apache2',
-						'lighttpd'
-					)
+					'save_method' => 'storeSettingField'
 				)
 			)
 		)
--- a/actions/admin/settings/131.ssl.php
+++ b/actions/admin/settings/131.ssl.php
@@ -16,134 +16,192 @@
 * @package    Settings
 *
 */
-
 return array(
 	'groups' => array(
-			'ssl' => array(
-					'title' => $lng['admin']['sslsettings'],
-					'fields' => array(
-							'system_ssl_enabled' => array(
-									'label' => $lng['serversettings']['ssl']['use_ssl'],
-									'settinggroup' => 'system',
-									'varname' => 'use_ssl',
-									'type' => 'bool',
-									'default' => false,
-									'save_method' => 'storeSettingField',
-									'overview_option' => true
-							),
-							'system_ssl_cipher_list' => array(
-									'label' => $lng['serversettings']['ssl']['ssl_cipher_list'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_cipher_list',
-									'type' => 'string',
-									'string_emptyallowed' => false,
-									'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128',
-									'save_method' => 'storeSettingField',
-							),
-							'system_ssl_cert_file' => array(
-									'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_cert_file',
-									'type' => 'string',
-									'string_type' => 'file',
-									'string_emptyallowed' => true,
-									'default' => '/etc/apache2/apache2.pem',
-									'save_method' => 'storeSettingField',
-							),
-							'system_ssl_key_file' => array(
-									'label' => $lng['serversettings']['ssl']['ssl_key_file'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_key_file',
-									'type' => 'string',
-									'string_type' => 'file',
-									'string_emptyallowed' => true,
-									'default' => '/etc/apache2/apache2.key',
-									'save_method' => 'storeSettingField',
-							),
-							'system_ssl_cert_chainfile' => array(
-									'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_cert_chainfile',
-									'type' => 'string',
-									'string_type' => 'file',
-									'string_emptyallowed' => true,
-									'default' => '',
-									'save_method' => 'storeSettingField',
-							),
-							'system_ssl_ca_file' => array(
-									'label' => $lng['serversettings']['ssl']['ssl_ca_file'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_ca_file',
-									'type' => 'string',
-									'string_type' => 'file',
-									'string_emptyallowed' => true,
-									'default' => '',
-									'save_method' => 'storeSettingField',
-							),
-							'system_leenabled' => array(
-							        'label' => $lng['serversettings']['leenabled'],
-							        'settinggroup' => 'system',
-							        'varname' => 'leenabled',
-							        'type' => 'bool',
-							        'default' => false,
-							        'cronmodule' => 'froxlor/letsencrypt',
-							        'save_method' => 'storeSettingField'
-							),
-							'system_letsencryptca' => array(
-									'label' => $lng['serversettings']['letsencryptca'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptca',
-									'type' => 'option',
-									'default' => 'testing',
-									'option_mode' => 'one',
-									'option_options' => array('testing' => 'https://acme-staging.api.letsencrypt.org (Test)', 'production' => 'https://acme-v01.api.letsencrypt.org (Live)'),
-									'save_method' => 'storeSettingField',
-							),
-							'system_letsencryptcountrycode' => array(
-									'label' => $lng['serversettings']['letsencryptcountrycode'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptcountrycode',
-									'type' => 'string',
-									'string_emptyallowed' => false,
-									'default' => 'DE',
-									'save_method' => 'storeSettingField',
-							),
-							'system_letsencryptstate' => array(
-									'label' => $lng['serversettings']['letsencryptstate'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptstate',
-									'type' => 'string',
-									'string_emptyallowed' => false,
-									'default' => 'Hessen',
-									'save_method' => 'storeSettingField',
-							),
-							'system_letsencryptchallengepath' => array(
-									'label' => $lng['serversettings']['letsencryptchallengepath'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptchallengepath',
-									'type' => 'string',
-									'string_emptyallowed' => false,
-									'default' => FROXLOR_INSTALL_DIR,
-									'save_method' => 'storeSettingField',
-							),
-							'system_letsencryptkeysize' => array(
-									'label' => $lng['serversettings']['letsencryptkeysize'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptkeysize',
-									'type' => 'int',
-									'int_min' => 2048,
-									'default' => 4096,
-									'save_method' => 'storeSettingField',
-							),
-							'system_letsencryptreuseold' => array(
-									'label' => $lng['serversettings']['letsencryptreuseold'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptreuseold',
-									'type' => 'bool',
-									'default' => false,
-									'save_method' => 'storeSettingField',
-							),
-					)
+		'ssl' => array(
+			'title' => $lng['admin']['sslsettings'],
+			'fields' => array(
+				'system_ssl_enabled' => array(
+					'label' => $lng['serversettings']['ssl']['use_ssl'],
+					'settinggroup' => 'system',
+					'varname' => 'use_ssl',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'overview_option' => true
+				),
+				'system_ssl_protocols' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_protocols'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_protocols',
+					'type' => 'option',
+					'default' => 'TLSv1,TLSv1.2',
+					'option_mode' => 'multiple',
+					'option_options' => array(
+						'TLSv1' => 'TLSv1',
+						'TLSv1.1' => 'TLSv1.1',
+						'TLSv1.2' => 'TLSv1.2',
+						'TLSv1.3' => 'TLSv1.3'
+					),
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_cipher_list' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_cipher_list'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_cipher_list',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128',
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_cert_file' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_cert_file',
+					'type' => 'string',
+					'string_type' => 'file',
+					'string_emptyallowed' => true,
+					'default' => '/etc/apache2/apache2.pem',
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_key_file' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_key_file'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_key_file',
+					'type' => 'string',
+					'string_type' => 'file',
+					'string_emptyallowed' => true,
+					'default' => '/etc/apache2/apache2.key',
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_cert_chainfile' => array(
+					'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_cert_chainfile',
+					'type' => 'string',
+					'string_type' => 'file',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_ca_file' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_ca_file'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_ca_file',
+					'type' => 'string',
+					'string_type' => 'file',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_apache24_ocsp_cache_path' => array(
+					'label' => $lng['serversettings']['ssl']['apache24_ocsp_cache_path'],
+					'settinggroup' => 'system',
+					'varname' => 'apache24_ocsp_cache_path',
+					'type' => 'string',
+					'string_type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'shmcb:/var/run/apache2/ocsp-stapling.cache(131072)',
+					'visible' => Settings::Get('system.webserver') == "apache2" && Settings::Get('system.apache24') == 1,
+					'save_method' => 'storeSettingField'
+				),
+				'system_leenabled' => array(
+					'label' => $lng['serversettings']['leenabled'],
+					'settinggroup' => 'system',
+					'varname' => 'leenabled',
+					'type' => 'bool',
+					'default' => false,
+					'cronmodule' => 'froxlor/letsencrypt',
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptacmeconf' => array(
+					'label' => $lng['serversettings']['letsencryptacmeconf'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptacmeconf',
+					'type' => 'string',
+					'string_type' => 'file',
+					'default' => '/etc/apache2/conf-enabled/acme.conf',
+					'save_method' => 'storeSettingField'
+				),
+				'system_leapiversion' => array(
+					'label' => $lng['serversettings']['leapiversion'],
+					'settinggroup' => 'system',
+					'varname' => 'leapiversion',
+					'type' => 'option',
+					'default' => '1',
+					'option_mode' => 'one',
+					'option_options' => array(
+						'1' => 'ACME v1',
+						'2' => 'ACME v2'
+					),
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptca' => array(
+					'label' => $lng['serversettings']['letsencryptca'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptca',
+					'type' => 'option',
+					'default' => 'testing',
+					'option_mode' => 'one',
+					'option_options' => array(
+						'testing' => 'https://acme-staging' . (Settings::Get('system.leapiversion') == '2' ? '-v02' : '') . '.api.letsencrypt.org (Test)',
+						'production' => 'https://acme-v0' . Settings::Get('system.leapiversion') . '.api.letsencrypt.org (Live)'
+					),
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptcountrycode' => array(
+					'label' => $lng['serversettings']['letsencryptcountrycode'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptcountrycode',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'DE',
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptstate' => array(
+					'label' => $lng['serversettings']['letsencryptstate'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptstate',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'Hessen',
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptchallengepath' => array(
+					'label' => $lng['serversettings']['letsencryptchallengepath'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptchallengepath',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => FROXLOR_INSTALL_DIR,
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptkeysize' => array(
+					'label' => $lng['serversettings']['letsencryptkeysize'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptkeysize',
+					'type' => 'int',
+					'int_min' => 2048,
+					'default' => 4096,
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptreuseold' => array(
+					'label' => $lng['serversettings']['letsencryptreuseold'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptreuseold',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				'system_disable_le_selfcheck' => array(
+					'label' => $lng['serversettings']['disable_le_selfcheck'],
+					'settinggroup' => 'system',
+					'varname' => 'disable_le_selfcheck',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				)
 			)
 		)
-	);
+	)
+);
--- a/actions/admin/settings/135.fcgid.php
+++ b/actions/admin/settings/135.fcgid.php
@@ -97,44 +97,6 @@ return array(
 					'option_options_method' => 'getPhpConfigs',
 					'save_method' => 'storeSettingField',
 					),
-				'system_mod_fcgid_enabled_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_ownvhost',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_httpuser' => array(
-					'label' => $lng['admin']['mod_fcgid_user'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_httpuser',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingWebserverFcgidFpmUser',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_httpgroup' => array(
-					'label' => $lng['admin']['mod_fcgid_group'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_httpgroup',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_defaultini_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_defaultini_ownvhost',
-					'type' => 'option',
-					'default' => '2',
-					'option_mode' => 'one',
-					'option_options_method' => 'getPhpConfigs',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
 				'system_mod_fcgid_idle_timeout' => array(
 					'label' => $lng['serversettings']['mod_fcgid']['idle_timeout'],
 					'settinggroup' => 'system',
@@ -142,7 +104,7 @@ return array(
 					'type' => 'int',
 					'default' => 30,
 					'save_method' => 'storeSettingField'
-					),
+					)
 				)
 			)
 		)
--- a/actions/admin/settings/136.phpfpm.php
+++ b/actions/admin/settings/136.phpfpm.php
@@ -30,59 +30,16 @@ return array(
 					'plausibility_check_method' => 'checkFcgidPhpFpm',
 					'overview_option' => true
 					),
-				'system_phpfpm_enabled_ownvhost' => array(
-					'label' => $lng['phpfpm']['ownvhost'],
+				'system_phpfpm_defaultini' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini'],
 					'settinggroup' => 'phpfpm',
-					'varname' => 'enabled_ownvhost',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_httpuser' => array(
-					'label' => $lng['phpfpm']['vhost_httpuser'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_httpuser',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingWebserverFcgidFpmUser'
-					),
-				'system_phpfpm_httpgroup' => array(
-					'label' => $lng['phpfpm']['vhost_httpgroup'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_httpgroup',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_defaultini' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'defaultini',
-					'type' => 'option',
-					'default' => '1',
-					'option_mode' => 'one',
-					'option_options_method' => 'getPhpConfigs',
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_defaultini_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_defaultini',
+					'varname' => 'defaultini',
 					'type' => 'option',
-					'default' => '2',
+					'default' => '1',
 					'option_mode' => 'one',
 					'option_options_method' => 'getPhpConfigs',
 					'save_method' => 'storeSettingField'
 					),
-				'system_phpfpm_configdir' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['configdir'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'configdir',
-					'type' => 'string',
-					'string_type' => 'confdir',
-					'default' => '/etc/php-fpm.d/',
-					'save_method' => 'storeSettingField'
-					),
 				'system_phpfpm_aliasconfigdir' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['aliasconfigdir'],
 					'settinggroup' => 'phpfpm',
@@ -107,9 +64,22 @@ return array(
 					'varname' => 'peardir',
 					'type' => 'string',
 					'string_type' => 'dir',
+					'string_delimiter' => ':',
+					'string_emptyallowed' => true,
 					'default' => '/usr/share/php/:/usr/share/php5/',
 					'save_method' => 'storeSettingField'
 					),
+				'system_phpfpm_envpath' => array(
+					'label' => $lng['serversettings']['phpfpm_settings']['envpath'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'envpath',
+					'type' => 'string',
+					'string_type' => 'dir',
+					'string_delimiter' => ':',
+					'string_emptyallowed' => true,
+					'default' => '/usr/local/bin:/usr/bin:/bin',
+					'save_method' => 'storeSettingField'
+				),
 				'system_phpfpm_fastcgi_ipcdir' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['ipcdir'],
 					'settinggroup' => 'phpfpm',
@@ -119,72 +89,6 @@ return array(
 					'default' => '/var/lib/apache2/fastcgi/',
 					'save_method' => 'storeSettingField'
 					),
-				'system_phpfpm_reload' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['reload'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'reload',
-					'type' => 'string',
-					'default' => '/etc/init.d/php-fpm restart',
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_pm' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['pm'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'pm',
-					'type' => 'option',
-					'default' => 'static',
-					'option_mode' => 'one',
-					'option_options' => array('static' => 'static', 'dynamic' => 'dynamic', 'ondemand' => 'ondemand'),
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_max_children' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['max_children'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'max_children',
-					'type' => 'int',
-					'default' => 1,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_start_servers' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['start_servers'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'start_servers',
-					'type' => 'int',
-					'default' => 20,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_min_spare_servers' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['min_spare_servers'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'min_spare_servers',
-					'type' => 'int',
-					'default' => 5,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_max_spare_servers' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['max_spare_servers'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'max_spare_servers',
-					'type' => 'int',
-					'default' => 35,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_max_requests' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['max_requests'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'max_requests',
-					'type' => 'int',
-					'default' => 0,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_idle_timeout' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['idle_timeout'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'idle_timeout',
-					'type' => 'int',
-					'default' => 30,
-					'save_method' => 'storeSettingField'
-					),
 				'system_phpfpm_use_mod_proxy' => array(
 					'label' => $lng['phpfpm']['use_mod_proxy'],
 					'settinggroup' => 'phpfpm',
@@ -194,6 +98,38 @@ return array(
 					'visible' => Settings::Get('system.apache24'),
 					'save_method' => 'storeSettingField'
 					),
+				'system_phpfpm_ini_flags' => array(
+					'label' => $lng['phpfpm']['ini_flags'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'ini_flags',
+					'type' => 'text',
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_phpfpm_ini_values' => array(
+					'label' => $lng['phpfpm']['ini_values'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'ini_values',
+					'type' => 'text',
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_phpfpm_ini_admin_flags' => array(
+					'label' => $lng['phpfpm']['ini_admin_flags'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'ini_admin_flags',
+					'type' => 'text',
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_phpfpm_ini_admin_values' => array(
+					'label' => $lng['phpfpm']['ini_admin_values'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'ini_admin_values',
+					'type' => 'text',
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				)
 				),
 			),
 		),
--- a/actions/admin/settings/160.nameserver.php
+++ b/actions/admin/settings/160.nameserver.php
@@ -97,14 +97,6 @@ return array(
 					'default' => '',
 					'save_method' => 'storeSettingField',
 				),
-				'system_dns_createhostnameentry' => array(
-					'label' => $lng['serversettings']['dns_createhostnameentry'],
-					'settinggroup' => 'system',
-					'varname' => 'dns_createhostnameentry',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField'
-				),
 				'system_dns_createmailentry' => array(
 					'label' => $lng['serversettings']['mail_also_with_mxservers'],
 					'settinggroup' => 'system',
@@ -127,5 +119,3 @@ return array(
 			),
 		),
 	);
-
-?>
--- a/actions/admin/settings/210.security.php
+++ b/actions/admin/settings/210.security.php
@@ -35,7 +35,7 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'mailpwcleartext',
 					'type' => 'bool',
-					'default' => true,
+					'default' => false,
 					'save_method' => 'storeSettingField',
 					),
 				'system_passwordcryptfunc' => array(
@@ -63,6 +63,23 @@ return array(
 					'type' => 'bool',
 					'default' => false,
 					'save_method' => 'storeSettingField',
+					),
+				'system_allow_customer_shell' => array(
+					'label' => $lng['serversettings']['allow_allow_customer_shell'],
+					'settinggroup' => 'system',
+					'varname' => 'allow_customer_shell',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'system_available_shells' => array(
+					'label' => $lng['serversettings']['available_shells'],
+					'settinggroup' => 'system',
+					'varname' => 'available_shells',
+					'type' => 'string',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField',
 					)
 				)
 			)
--- a/admin_admins.php
+++ b/admin_admins.php
@@ -170,6 +170,11 @@ if ($page == 'admins'
 				");
 				Database::pexecute($del_stmt, array('adminid' => $id));

+				$del_stmt = Database::prepare("
+					DELETE FROM `" . TABLE_PANEL_DISKSPACE_ADMINS . "` WHERE `adminid` = :adminid
+				");
+				Database::pexecute($del_stmt, array('adminid' => $id));
+
 				$upd_stmt = Database::prepare("
 					UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
 					`adminid` = :userid WHERE `adminid` = :adminid
@@ -440,7 +445,7 @@ if ($page == 'admins'
 		} else {

 			$language_options = '';
-			while (list($language_file, $language_name) = each($languages)) {
+			foreach ($languages as $language_file => $language_name) {
 				$language_options.= makeoption($language_name, $language_file, $userinfo['language'], true);
 			}

@@ -840,13 +845,13 @@ if ($page == 'admins'
 				}

 				$language_options = '';
-				while (list($language_file, $language_name) = each($languages)) {
+				foreach ($languages as $language_file => $language_name) {
 					$language_options.= makeoption($language_name, $language_file, $result['def_language'], true);
 				}

 				$ipaddress = makeoption($lng['admin']['allips'], "-1", $result['ip']);
 				$ipsandports_stmt = Database::query("
-					SELECT `id`, `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "` GROUP BY `ip` ORDER BY `ip`, `port` ASC
+					SELECT `id`, `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "` GROUP BY `id`, `ip` ORDER BY `ip`, `port` ASC
 				");

 				while ($row = $ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
--- a/admin_autoupdate.php
+++ b/admin_autoupdate.php
@@ -17,7 +17,6 @@
 * @since      0.9.35
 *
 */
-
 define('AREA', 'admin');
 require './lib/init.php';

@@ -26,177 +25,188 @@ define('UPDATE_URI', "https://version.froxlor.org/Froxlor/legacy/" . $version);
 define('RELEASE_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip");
 define('CHECKSUM_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip.sha256");

-// check for allow_url_fopen
-if (ini_get('allow_url_fopen') === false) {
-	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 1));
-}
-
 // check for archive-stuff
-if (function_exists('gzopen') === false) {
-	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 2));
+if (! extension_loaded('zip')) {
+	redirectTo($filename, array(
+		's' => $s,
+		'page' => 'error',
+		'errno' => 2
+	));
 }

 // display initial version check
 if ($page == 'overview') {
-
+	
 	// log our actions
 	$log->logAction(ADM_ACTION, LOG_NOTICE, "checking auto-update");
-
+	
 	// check for new version
-	$latestversion = @file(UPDATE_URI);
-
-	if (isset($latestversion[0])) {
-		$latestversion = explode('|', $latestversion[0]);
-
-		if (is_array($latestversion)
-				&& count($latestversion) >= 1
-		) {
-			$_version = $latestversion[0];
-			$_message = isset($latestversion[1]) ? $latestversion[1] : '';
-			$_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
-
-			// add the branding so debian guys are not gettings confused
-			// about their version-number
-			$version_label = $_version.$branding;
-			$version_link = $_link;
-			$message_addinfo = $_message;
-
-			// not numeric -> error-message
-			if (!preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) {
-				// check for customized version to not output
-				// "There is a newer version of froxlor" besides the error-message
-				redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 3));
-			} elseif (version_compare2($version, $_version) == -1) {
-				// there is a newer version - yay
-				$isnewerversion = 1;
-			} else {
-				// nothing new
-				$isnewerversion = 0;
-			}
-
-			// anzeige über version-status mit ggfls. formular
-			// zum update schritt #1 -> download
-			if ($isnewerversion == 1) {
-				$text = 'There is a newer version available. Update to version <b>'.$_version.'</b> now?<br/>(Your current version is: '.$version.')';
-				$hiddenparams = '<input type="hidden" name="newversion" value="'.$_version.'" />';
-				$yesfile = $filename.'?s='.$s.'&amp;page=getdownload';
-				eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";");
-				exit;
-			}
-			elseif ($isnewerversion == 0) {
-				// all good
-			    standard_success ('noupdatesavail');
-			} else {
-				standard_error ('customized_version');
-			}
+	$latestversion = HttpClient::urlGet(UPDATE_URI);
+	
+	$latestversion = explode('|', $latestversion);
+	
+	if (is_array($latestversion) && count($latestversion) >= 1) {
+		$_version = $latestversion[0];
+		$_message = isset($latestversion[1]) ? $latestversion[1] : '';
+		$_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
+		
+		// add the branding so debian guys are not gettings confused
+		// about their version-number
+		$version_label = $_version . $branding;
+		$version_link = $_link;
+		$message_addinfo = $_message;
+		
+		// not numeric -> error-message
+		if (! preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) {
+			// check for customized version to not output
+			// "There is a newer version of froxlor" besides the error-message
+			redirectTo($filename, array(
+				's' => $s,
+				'page' => 'error',
+				'errno' => 3
+			));
+		} elseif (version_compare2($version, $_version) == - 1) {
+			// there is a newer version - yay
+			$isnewerversion = 1;
+		} else {
+			// nothing new
+			$isnewerversion = 0;
+		}
+		
+		// anzeige über version-status mit ggfls. formular
+		// zum update schritt #1 -> download
+		if ($isnewerversion == 1) {
+			$text = 'There is a newer version available. Update to version <b>' . $_version . '</b> now?<br/>(Your current version is: ' . $version . ')';
+			$hiddenparams = '<input type="hidden" name="newversion" value="' . $_version . '" />';
+			$yesfile = $filename . '?s=' . $s . '&amp;page=getdownload';
+			eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";");
+			exit();
+		} elseif ($isnewerversion == 0) {
+			// all good
+			standard_success('noupdatesavail');
+		} else {
+			standard_error('customized_version');
 		}
 	}
-	// error (something weird came from version.froxlor.org)
-	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 5));
-}
-// download the new archive
+}// download the new archive
 elseif ($page == 'getdownload') {
-
+	
 	// retrieve the new version from the form
 	$newversion = isset($_POST['newversion']) ? $_POST['newversion'] : null;
-
+	
 	// valid?
 	if ($newversion !== null) {
-
+		
 		// define files to get
 		$toLoad = str_replace('{version}', $newversion, RELEASE_URI);
 		$toCheck = str_replace('{version}', $newversion, CHECKSUM_URI);
-
-		// get archive data
-		$newArchive = @file_get_contents($toLoad);
-
+		
 		// check for local destination folder
-		if (!is_dir(FROXLOR_INSTALL_DIR.'/updates/')) {
-			mkdir(FROXLOR_INSTALL_DIR.'/updates/');
+		if (! is_dir(FROXLOR_INSTALL_DIR . '/updates/')) {
+			mkdir(FROXLOR_INSTALL_DIR . '/updates/');
 		}
-
+		
 		// name archive
-		$localArchive = FROXLOR_INSTALL_DIR.'/updates/'.basename($toLoad);
-
-		$log->logAction(ADM_ACTION, LOG_NOTICE, "Downloading ".$toLoad." to ".$localArchive);
-
+		$localArchive = FROXLOR_INSTALL_DIR . '/updates/' . basename($toLoad);
+		
+		$log->logAction(ADM_ACTION, LOG_NOTICE, "Downloading " . $toLoad . " to " . $localArchive);
+		
 		// remove old archive
 		if (file_exists($localArchive)) {
-		    @unlink($localArchive);
+			@unlink($localArchive);
 		}
-
-		// store archive
-		$fh = fopen($localArchive, 'w');
-		if (!fwrite($fh, $newArchive)) {
-			redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 4));
+		
+		// get archive data
+		try {
+			HttpClient::fileGet($toLoad, $localArchive);
+		} catch (Exception $e) {
+			redirectTo($filename, array(
+				's' => $s,
+				'page' => 'error',
+				'errno' => 4
+			));
 		}
-
-		// close file-handle
-		fclose($fh);
-
+		
 		// validate the integrity of the downloaded file
-		$_shouldsum = @file_get_contents($toCheck);
-		if (!empty($_shouldsum)) {
-		    $_t = explode(" ", $_shouldsum);
-		    $shouldsum = $_t[0];
+		$_shouldsum = HttpClient::urlGet($toCheck);
+		if (! empty($_shouldsum)) {
+			$_t = explode(" ", $_shouldsum);
+			$shouldsum = $_t[0];
 		} else {
-		    $shouldsum = null;
+			$shouldsum = null;
 		}
 		$filesum = hash_file('sha256', $localArchive);
-
+		
 		if ($filesum != $shouldsum) {
-		    redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 9));
+			redirectTo($filename, array(
+				's' => $s,
+				'page' => 'error',
+				'errno' => 9
+			));
 		}
-
+		
 		// to the next step
-		redirectTo($filename, array('s' => $s, 'page' => 'extract', 'archive' => basename($localArchive)));
+		redirectTo($filename, array(
+			's' => $s,
+			'page' => 'extract',
+			'archive' => basename($localArchive)
+		));
 	}
-	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 6));
-}
-// extract and install new version
+	redirectTo($filename, array(
+		's' => $s,
+		'page' => 'error',
+		'errno' => 6
+	));
+}// extract and install new version
 elseif ($page == 'extract') {
-
+	
 	$toExtract = isset($_GET['archive']) ? $_GET['archive'] : null;
-	$localArchive = FROXLOR_INSTALL_DIR.'/updates/'.$toExtract;
-
-	if (isset($_POST['send'])
-			&& $_POST['send'] == 'send'
-	) {
+	$localArchive = FROXLOR_INSTALL_DIR . '/updates/' . $toExtract;
+	
+	if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		// decompress from zip
-		$zip = new ZipArchive;
+		$zip = new ZipArchive();
 		$res = $zip->open($localArchive);
 		if ($res === true) {
-		    $log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting ".$localArchive." to ".dirname(FROXLOR_INSTALL_DIR));
-			$zip->extractTo(dirname(FROXLOR_INSTALL_DIR));
+			$log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting " . $localArchive . " to " . FROXLOR_INSTALL_DIR);
+			$zip->extractTo(FROXLOR_INSTALL_DIR);
 			$zip->close();
 			// success - remove unused archive
 			@unlink($localArchive);
 		} else {
 			// error
-			redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 8));
+			redirectTo($filename, array(
+				's' => $s,
+				'page' => 'error',
+				'errno' => 8
+			));
 		}
-
+		
 		// redirect to update-page?
-		redirectTo('admin_updates.php', array('s' => $s));
+		redirectTo('admin_updates.php', array(
+			's' => $s
+		));
 	}
-
-	if (!file_exists($localArchive)) {
-		redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 7));
+	
+	if (! file_exists($localArchive)) {
+		redirectTo($filename, array(
+			's' => $s,
+			'page' => 'error',
+			'errno' => 7
+		));
 	}
-
-	$text = 'Extract downloaded archive "'.$toExtract.'"?';
+	
+	$text = 'Extract downloaded archive "' . $toExtract . '"?';
 	$hiddenparams = '';
-	$yesfile = $filename.'?s='.$s.'&amp;page=extract&amp;archive='.$toExtract;
+	$yesfile = $filename . '?s=' . $s . '&amp;page=extract&amp;archive=' . $toExtract;
 	eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";");
 }
-
 // display error
 elseif ($page == 'error') {
-
+	
 	// retrieve error-number via url-parameter
-	$errno = isset($_GET['errno']) ? (int)$_GET['errno'] : 0;
-
-	// 1 = no allow_url_fopen
+	$errno = isset($_GET['errno']) ? (int) $_GET['errno'] : 0;
+	
 	// 2 = no Zlib
 	// 3 = custom version detected
 	// 4 = could not store archive to local hdd
@@ -205,5 +215,5 @@ elseif ($page == 'error') {
 	// 7 = local archive does not exist
 	// 8 = could not extract archive
 	// 9 = checksum mismatch
-	standard_error ('autoupdate_'.$errno);
+	standard_error('autoupdate_' . $errno);
 }
--- a/admin_configfiles.php
+++ b/admin_configfiles.php
@@ -30,15 +30,30 @@ if ($userinfo['change_serversettings'] == '1') {
 		$customer_tmpdir = Settings::Get('phpfpm.tmpdir');
 	}

+	// try to convert namserver hosts to ip's
+	$ns_ips = "";
+	if (Settings::Get('system.nameservers') != '') {
+		$nameservers = explode(',', Settings::Get('system.nameservers'));
+		foreach ($nameservers as $nameserver) {
+			$nameserver = trim($nameserver);
+			$nameserver_ips = gethostbynamel($nameserver);
+			if (is_array($nameserver_ips) && count($nameserver_ips) > 0) {
+				$ns_ips .= implode(",", $nameserver_ips);
+			}
+		}
+	}
+
 	$replace_arr = Array(
 		'<SQL_UNPRIVILEGED_USER>' => $sql['user'],
-		'<SQL_UNPRIVILEGED_PASSWORD>' => 'MYSQL_PASSWORD',
+		'<SQL_UNPRIVILEGED_PASSWORD>' => 'FROXLOR_MYSQL_PASSWORD',
 		'<SQL_DB>' => $sql['db'],
 		'<SQL_HOST>' => $sql['host'],
 		'<SQL_SOCKET>' => isset($sql['socket']) ? $sql['socket'] : null,
 		'<SERVERNAME>' => Settings::Get('system.hostname'),
 		'<SERVERIP>' => Settings::Get('system.ipaddress'),
 		'<NAMESERVERS>' => Settings::Get('system.nameservers'),
+		'<NAMESERVERS_IP>' => $ns_ips,
+		'<AXFRSERVERS>' => Settings::Get('system.axfrservers'),
 		'<VIRTUAL_MAILBOX_BASE>' => Settings::Get('system.vmail_homedir'),
 		'<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
 		'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),
@@ -67,6 +82,12 @@ if ($userinfo['change_serversettings'] == '1') {
 	$config_dir = makeCorrectDir(FROXLOR_INSTALL_DIR . '/lib/configfiles/');

 	if ($distribution != "") {
+
+		if (!file_exists($config_dir . '/' . $distribution . ".xml")) {
+			trigger_error("Unknown distribution, are you playing around with the URL?");
+			exit;
+		}
+
 		// create configparser object
 		$configfiles = new ConfigParser($config_dir . '/' . $distribution . ".xml");

@@ -78,6 +99,11 @@ if ($userinfo['change_serversettings'] == '1') {

 		if ($service != "") {

+			if (!isset($services[$service])) {
+				trigger_error("Unknown service, are you playing around with the URL?");
+				exit;
+			}
+
 			$daemons = $services[$service]->getDaemons();

 			if ($daemon == "") {
@@ -121,6 +147,11 @@ if ($userinfo['change_serversettings'] == '1') {

 	if ($distribution != "" && $service != "" && $daemon != "") {

+		if (!isset($daemons[$daemon])) {
+			trigger_error("Unknown daemon, are you playing around with the URL?");
+			exit;
+		}
+
 		$confarr = $daemons[$daemon]->getConfig();

 		$configpage = '';
--- a/admin_customers.php
+++ b/admin_customers.php
@@ -84,6 +84,15 @@ if ($page == 'customers'
 				$domains = $domains_stmt->fetch(PDO::FETCH_ASSOC);
 				$row['domains'] = intval($domains['domains']);
 				$dec_places = Settings::Get('panel.decimal_places');
+
+				// get disk-space usages for web, mysql and mail
+				$usages_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_DISKSPACE."` WHERE `customerid` = :cid ORDER BY `stamp` DESC LIMIT 1");
+				$usages = Database::pexecute_first($usages_stmt, array('cid' => $row['customerid']));
+
+				$row['webspace_used'] = round($usages['webspace'] / 1024, $dec_places);
+				$row['mailspace_used'] = round($usages['mail'] / 1024, $dec_places);
+				$row['dbspace_used'] = round($usages['mysql'] / 1024, $dec_places);
+
 				$row['traffic_used'] = round($row['traffic_used'] / (1024 * 1024), $dec_places);
 				$row['traffic'] = round($row['traffic'] / (1024 * 1024), $dec_places);
 				$row['diskspace_used'] = round($row['diskspace_used'] / 1024, $dec_places);
@@ -298,6 +307,8 @@ if ($page == 'customers'
 				Database::pexecute($stmt, array('id' => $id));
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_TRAFFIC . "` WHERE `customerid` = :id");
 				Database::pexecute($stmt, array('id' => $id));
+				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DISKSPACE . "` WHERE `customerid` = :id");
+				Database::pexecute($stmt, array('id' => $id));
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid` = :id");
 				Database::pexecute($stmt, array('id' => $id));
 				$stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_VIRTUAL . "` WHERE `customerid` = :id");
@@ -523,6 +534,14 @@ if ($page == 'customers'
 					$phpenabled = intval($_POST['phpenabled']);
 				}

+				$allowed_phpconfigs = array();
+				if (isset($_POST['allowed_phpconfigs']) && is_array($_POST['allowed_phpconfigs'])) {
+					foreach ($_POST['allowed_phpconfigs'] as $allowed_phpconfig) {
+						$allowed_phpconfig = intval($allowed_phpconfig);
+						$allowed_phpconfigs[] = $allowed_phpconfig;
+					}
+				}
+
 				$perlenabled = 0;
 				if (isset($_POST['perlenabled'])) {
 					$perlenabled = intval($_POST['perlenabled']);
@@ -684,6 +703,7 @@ if ($page == 'customers'
 						'tickets' => $tickets,
 						'mysqls' => $mysqls,
 						'phpenabled' => $phpenabled,
+						'allowed_phpconfigs' => empty($allowed_phpconfigs) ? "" : json_encode($allowed_phpconfigs),
 						'imap' => $email_imap,
 						'pop3' => $email_pop3,
 						'perlenabled' => $perlenabled,
@@ -724,6 +744,7 @@ if ($page == 'customers'
 						`mysqls` = :mysqls,
 						`standardsubdomain` = '0',
 						`phpenabled` = :phpenabled,
+						`allowed_phpconfigs` = :allowed_phpconfigs,
 						`imap` = :imap,
 						`pop3` = :pop3,
 						`perlenabled` = :perlenabled,
@@ -869,7 +890,7 @@ if ($page == 'customers'
 						}
 						// check froxlor-local user membership in ftp-group
 						// without this check addition may duplicate user in list if httpuser == local_user
-						if (strpos($ins_data['members'], $local_user) !== false) {
+						if (strpos($ins_data['members'], $local_user) == false) {
 							$ins_data['members'] .= ','.$local_user;
 						}
 					}
@@ -901,7 +922,8 @@ if ($page == 'customers'
 							'customerid' => $customerid,
 							'adminid' => $userinfo['adminid'],
 							'docroot' => $documentroot,
-							'adddate' => date('Y-m-d')
+							'adddate' => time(),
+							'phpenabled' => $phpenabled
 						);
 						$ins_stmt = Database::prepare("
 							INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
@@ -919,6 +941,7 @@ if ($page == 'customers'
 							`dkim_id` = '0',
 							`dkim_privkey` = '',
 							`dkim_pubkey` = '',
+							`phpenabled` = :phpenabled,
 							`add_date` = :adddate"
 						);
 						Database::pexecute($ins_stmt, $ins_data);
@@ -1013,7 +1036,7 @@ if ($page == 'customers'
 			} else {
 				$language_options = '';

-				while (list($language_file, $language_name) = each($languages)) {
+				foreach ($languages as $language_file => $language_name) {
 					$language_options.= makeoption($language_name, $language_file, Settings::Get('panel.standardlanguage'), true);
 				}

@@ -1032,6 +1055,40 @@ if ($page == 'customers'
 				$gender_options .= makeoption($lng['gender']['male'], 1, null, true, true);
 				$gender_options .= makeoption($lng['gender']['female'], 2, null, true, true);

+				$phpconfigs = array();
+				$configs = Database::query("
+					SELECT c.*, fc.description as interpreter
+					FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+					LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+				");
+				while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
+					if ((int) Settings::Get('phpfpm.enabled') == 1) {
+						$phpconfigs[] = array(
+							'label' => $row['description'] . " [".$row['interpreter']."]<br />",
+							'value' => $row['id']
+						);
+					} else {
+						$phpconfigs[] = array(
+							'label' => $row['description']."<br />",
+							'value' => $row['id']
+						);
+					}
+				}
+
+				// hosting plans
+				$hosting_plans = "";
+				$plans = Database::query("
+					SELECT *
+					FROM `" . TABLE_PANEL_PLANS . "`
+					ORDER BY name ASC
+				");
+				if (Database::num_rows() > 0){
+					$hosting_plans .= makeoption("---", 0, 0, true, true);
+				}
+				while ($row = $plans->fetch(PDO::FETCH_ASSOC)) {
+					$hosting_plans .= makeoption($row['name'], $row['id'], 0, true, true);
+				}
+
 				$customer_add_data = include_once dirname(__FILE__).'/lib/formfields/admin/customer/formfield.customer_add.php';
 				$customer_add_form = htmlform::genHTMLForm($customer_add_data);

@@ -1194,6 +1251,14 @@ if ($page == 'customers'
 					$phpenabled = intval($_POST['phpenabled']);
 				}

+				$allowed_phpconfigs = array();
+				if (isset($_POST['allowed_phpconfigs']) && is_array($_POST['allowed_phpconfigs'])) {
+					foreach ($_POST['allowed_phpconfigs'] as $allowed_phpconfig) {
+						$allowed_phpconfig = intval($allowed_phpconfig);
+						$allowed_phpconfigs[] = $allowed_phpconfig;
+					}
+				}
+
 				$perlenabled = 0;
 				if (isset($_POST['perlenabled'])) {
 					$perlenabled = intval($_POST['perlenabled']);
@@ -1272,7 +1337,7 @@ if ($page == 'customers'
 								'customerid' => $result['customerid'],
 								'adminid' => $userinfo['adminid'],
 								'docroot' => $result['documentroot'],
-								'adddate' => date('Y-m-d')
+								'adddate' => time()
 						);
 						$ins_stmt = Database::prepare("
 							INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
@@ -1446,6 +1511,7 @@ if ($page == 'customers'
 						'mysqls' => $mysqls,
 						'deactivated' => $deactivated,
 						'phpenabled' => $phpenabled,
+						'allowed_phpconfigs' => empty($allowed_phpconfigs) ? "" : json_encode($allowed_phpconfigs),
 						'imap' => $email_imap,
 						'pop3' => $email_pop3,
 						'perlenabled' => $perlenabled,
@@ -1479,6 +1545,7 @@ if ($page == 'customers'
 						`mysqls` = :mysqls,
 						`deactivated` = :deactivated,
 						`phpenabled` = :phpenabled,
+						`allowed_phpconfigs` = :allowed_phpconfigs,
 						`email_quota` = :email_quota,
 						`imap` = :imap,
 						`pop3` = :pop3,
@@ -1619,7 +1686,7 @@ if ($page == 'customers'
 			} else {
 				$language_options = '';

-				while (list($language_file, $language_name) = each($languages)) {
+				foreach ($languages as $language_file => $language_name) {
 					$language_options.= makeoption($language_name, $language_file, $result['def_language'], true);
 				}

@@ -1684,6 +1751,40 @@ if ($page == 'customers'
 				$gender_options .= makeoption($lng['gender']['male'], 1, ($result['gender'] == '1' ? true : false), true, true);
 				$gender_options .= makeoption($lng['gender']['female'], 2, ($result['gender'] == '2' ? true : false), true, true);

+				$phpconfigs = array();
+				$configs = Database::query("
+					SELECT c.*, fc.description as interpreter
+					FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+					LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+				");
+				while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
+					if ((int) Settings::Get('phpfpm.enabled') == 1) {
+						$phpconfigs[] = array(
+							'label' => $row['description'] . " [".$row['interpreter']."]<br />",
+							'value' => $row['id']
+						);
+					} else {
+						$phpconfigs[] = array(
+							'label' => $row['description']."<br />",
+							'value' => $row['id']
+						);
+					}
+				}
+
+				// hosting plans
+				$hosting_plans = "";
+				$plans = Database::query("
+					SELECT *
+					FROM `" . TABLE_PANEL_PLANS . "`
+					ORDER BY name ASC
+				");
+				if (Database::num_rows() > 0){
+					$hosting_plans .= makeoption("---", 0, 0, true, true);
+				}
+				while ($row = $plans->fetch(PDO::FETCH_ASSOC)) {
+					$hosting_plans .= makeoption($row['name'], $row['id'], 0, true, true);
+				}
+
 				$customer_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/customer/formfield.customer_edit.php';
 				$customer_edit_form = htmlform::genHTMLForm($customer_edit_data);

--- a/admin_domains.php
+++ b/admin_domains.php
@@ -55,7 +55,7 @@ if ($page == 'domains' || $page == 'overview') {
 			$syshostname = "AND `d`.`id` <> " . Settings::Get('system.hostname_id');
 		}
 		$result_stmt = Database::prepare("
-			SELECT `d`.*, `c`.`loginname`, `c`.`name`, `c`.`firstname`, `c`.`company`, `c`.`standardsubdomain`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`
+			SELECT `d`.*, `c`.`loginname`, `c`.`deactivated`, `c`.`name`, `c`.`firstname`, `c`.`company`, `c`.`standardsubdomain`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`
 			FROM `" . TABLE_PANEL_DOMAINS . "` `d`
 			LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id`
@@ -166,7 +166,7 @@ if ($page == 'domains' || $page == 'overview') {

 				$subresult_stmt = Database::prepare("
 					SELECT `id` FROM `" . TABLE_PANEL_DOMAINS . "`
-					WHERE (`id` = :id OR `parentdomainid` = :id " . $rsd_sql . ") AND `isemaildomain` = '1'");
+					WHERE (`id` = :id OR `parentdomainid` = :id " . $rsd_sql . ")");
 				Database::pexecute($subresult_stmt, array(
 					'id' => $id
 				));
@@ -189,12 +189,27 @@ if ($page == 'domains' || $page == 'overview') {
 					$log->logAction(ADM_ACTION, LOG_NOTICE, "deleted domain/s from mail-tables");
 				}

+				// if mainbutsubto-domains are not to be deleted, re-assign the (ismainbutsubto value of the main
+				// domain which is being deleted) as their new ismainbutsubto value
+				if ($remove_subbutmain_domains !== 1) {
+					$upd_stmt = Database::prepare("
+						UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
+						`ismainbutsubto` = :newIsMainButSubtoValue
+						WHERE `ismainbutsubto` = :deletedMainDomainId
+						");
+					Database::pexecute($upd_stmt, array(
+						'newIsMainButSubtoValue' => $result['ismainbutsubto'],
+						'deletedMainDomainId' => $id,
+					));
+				}
+
 				$del_stmt = Database::prepare("
 					DELETE FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `id` = :id OR `parentdomainid` = :id " . $rsd_sql);
 				Database::pexecute($del_stmt, array(
 					'id' => $id
 				));
+
 				$deleted_domains = $del_stmt->rowCount();

 				$upd_stmt = Database::prepare("
@@ -291,7 +306,7 @@ if ($page == 'domains' || $page == 'overview') {
 					standard_error('admin_domain_emailsystemhostname');
 				}

-				if (strpos($_POST['domain'], '--') !== false) {
+				if (substr($_POST['domain'], 0, 4) == 'xn--') {
 					standard_error('domain_nopunycode');
 				}

@@ -380,6 +395,9 @@ if ($page == 'domains' || $page == 'overview') {
 					'0',
 					''
 				));
+				if ($registration_date == '0000-00-00') {
+					$registration_date = null;
+				}

 				$termination_date = trim($_POST['termination_date']);
 				$termination_date = validate($termination_date, 'termination_date', '/^(19|20)\d\d[-](0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])$/', '', array(
@@ -387,6 +405,9 @@ if ($page == 'domains' || $page == 'overview') {
 					'0',
 					''
 				));
+				if ($termination_date == '0000-00-00') {
+					$termination_date = null;
+				}

 				if ($userinfo['change_serversettings'] == '1') {

@@ -408,6 +429,7 @@ if ($page == 'domains' || $page == 'overview') {
 					}

 					$specialsettings = validate(str_replace("\r\n", "\n", $_POST['specialsettings']), 'specialsettings', '/^[^\0]*$/');
+					$notryfiles = isset($_POST['notryfiles']) && (int)$_POST['notryfiles'] == 1 ? 1 : 0;
 					validate($_POST['documentroot'], 'documentroot');

 					// If path is empty and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
@@ -430,10 +452,12 @@ if ($page == 'domains' || $page == 'overview') {
 					$zonefile = '';
 					$dkim = '1';
 					$specialsettings = '';
+					$notryfiles = '0';
 				}

 				if ($userinfo['caneditphpsettings'] == '1' || $userinfo['change_serversettings'] == '1') {

+					$phpenabled  = isset($_POST['phpenabled']) ? intval($_POST['phpenabled']) : 0;
 					$openbasedir = isset($_POST['openbasedir']) ? intval($_POST['openbasedir']) : 0;

 					if ((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) {
@@ -474,7 +498,9 @@ if ($page == 'domains' || $page == 'overview') {
 					}
 				} else {

+					$phpenabled = '1';
 					$openbasedir = '1';
+
 					if ((int) Settings::Get('phpfpm.enabled') == 1) {
 						$phpsettingid = Settings::Get('phpfpm.defaultini');
 					} else {
@@ -502,7 +528,7 @@ if ($page == 'domains' || $page == 'overview') {

 				$ipandports = array();
 				if (isset($_POST['ipandport']) && ! is_array($_POST['ipandport'])) {
-					$_POST['ipandport'] = unserialize($_POST['ipandport']);
+					$_POST['ipandport'] = json_decode($_POST['ipandport'], true);
 				}

 				if (isset($_POST['ipandport']) && is_array($_POST['ipandport'])) {
@@ -538,7 +564,7 @@ if ($page == 'domains' || $page == 'overview') {

 					$ssl_ipandports = array();
 					if (isset($_POST['ssl_ipandport']) && ! is_array($_POST['ssl_ipandport'])) {
-						$_POST['ssl_ipandport'] = unserialize($_POST['ssl_ipandport']);
+						$_POST['ssl_ipandport'] = json_decode($_POST['ssl_ipandport'], true);
 					}

 					// Verify SSL-Ports
@@ -565,25 +591,59 @@ if ($page == 'domains' || $page == 'overview') {
 								$ssl_ipandports[] = $ssl_ipandport;
 							}
 						}
+
+						$http2 = isset($_POST['http2']) && (int)$_POST['http2'] == 1 ? 1 : 0;
+
+						// HSTS
+						$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+						$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+						$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
+						// OCSP stapling
+						$ocsp_stapling = isset($_POST['ocsp_stapling']) && (int)$_POST['ocsp_stapling'] == 1 ? 1 : 0;
+
 					} else {
 						$ssl_redirect = 0;
 						$letsencrypt = 0;
-						// we need this for the serialize
+						$http2 = 0;
+						// we need this for the json-encode
 						// if ssl is disabled or no ssl-ip/port exists
 						$ssl_ipandports[] = - 1;
+
+						// HSTS
+						$hsts_maxage = 0;
+						$hsts_sub = 0;
+						$hsts_preload = 0;
+
+						// OCSP stapling
+						$ocsp_stapling = 0;
 					}
 				} else {
 					$ssl_redirect = 0;
 					$letsencrypt = 0;
-					// we need this for the serialize
+					$http2 = 0;
+					// we need this for the json-encode
 					// if ssl is disabled or no ssl-ip/port exists
 					$ssl_ipandports[] = - 1;
+
+					// HSTS
+					$hsts_maxage = 0;
+					$hsts_sub = 0;
+					$hsts_preload = 0;
+
+					// OCSP stapling
+					$ocsp_stapling = 0;
 				}

-				// We can't enable let's encrypt for wildcard - domains
-				if ($serveraliasoption == '0' && $letsencrypt == '1') {
+				// We can't enable let's encrypt for wildcard - domains if using acme-v1
+				if ($serveraliasoption == '0' && $letsencrypt == '1' && Settings::Get('system.leapiversion') == '1') {
 					standard_error('nowildcardwithletsencrypt');
 				}
+				// if using acme-v2 we cannot issue wildcard-certificates
+				// because they currently only support the dns-01 challenge
+				if ($serveraliasoption == '0' && $letsencrypt == '1' && Settings::Get('system.leapiversion') == '2') {
+					standard_error('nowildcardwithletsencryptv2');
+				}

 				// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
 				if ($ssl_redirect > 0 && $letsencrypt == 1) {
@@ -632,7 +692,7 @@ if ($page == 'domains' || $page == 'overview') {
 					}

 					if (count($ssl_ipandports) == 0) {
-						// we need this for the serialize
+						// we need this for the json-encode
 						// if ssl is disabled or no ssl-ip/port exists
 						$ssl_ipandports[] = - 1;
 					}
@@ -654,6 +714,10 @@ if ($page == 'domains' || $page == 'overview') {
 					standard_error('noipportgiven');
 				}

+				if ($phpenabled != '1') {
+					$phpenabled = '0';
+				}
+
 				if ($openbasedir != '1') {
 					$openbasedir = '0';
 				}
@@ -730,18 +794,25 @@ if ($page == 'domains' || $page == 'overview') {
 						'dkim' => $dkim,
 						'speciallogfile' => $speciallogfile,
 						'selectserveralias' => $serveraliasoption,
-						'ipandport' => serialize($ipandports),
+						'ipandport' => json_encode($ipandports),
 						'ssl_redirect' => $ssl_redirect,
-						'ssl_ipandport' => serialize($ssl_ipandports),
+						'ssl_ipandport' => json_encode($ssl_ipandports),
+						'phpenabled' => $phpenabled,
 						'openbasedir' => $openbasedir,
 						'phpsettingid' => $phpsettingid,
 						'mod_fcgid_starter' => $mod_fcgid_starter,
 						'mod_fcgid_maxrequests' => $mod_fcgid_maxrequests,
 						'specialsettings' => $specialsettings,
+						'notryfiles' => $notryfiles,
 						'registration_date' => $registration_date,
 						'termination_date' => $termination_date,
 						'issubof' => $issubof,
-						'letsencrypt' => $letsencrypt
+						'letsencrypt' => $letsencrypt,
+						'http2' => $http2,
+						'hsts_maxage' => $hsts_maxage,
+						'hsts_sub' => $hsts_sub,
+						'hsts_preload' => $hsts_preload,
+						'ocsp_stapling' => $ocsp_stapling
 					);

 					$security_questions = array(
@@ -778,9 +849,11 @@ if ($page == 'domains' || $page == 'overview') {
 						'email_only' => $email_only,
 						'subcanemaildomain' => $subcanemaildomain,
 						'caneditdomain' => $caneditdomain,
+						'phpenabled' => $phpenabled,
 						'openbasedir' => $openbasedir,
 						'speciallogfile' => $speciallogfile,
 						'specialsettings' => $specialsettings,
+						'notryfiles' => $notryfiles,
 						'ssl_redirect' => $ssl_redirect,
 						'add_date' => time(),
 						'registration_date' => $registration_date,
@@ -789,7 +862,12 @@ if ($page == 'domains' || $page == 'overview') {
 						'mod_fcgid_starter' => $mod_fcgid_starter,
 						'mod_fcgid_maxrequests' => $mod_fcgid_maxrequests,
 						'ismainbutsubto' => $issubof,
-						'letsencrypt' => $letsencrypt
+						'letsencrypt' => $letsencrypt,
+						'http2' => $http2,
+						'hsts' => $hsts_maxage,
+						'hsts_sub' => $hsts_sub,
+						'hsts_preload' => $hsts_preload,
+						'ocsp_stapling' => $ocsp_stapling
 					);

 					$ins_stmt = Database::prepare("
@@ -811,18 +889,25 @@ if ($page == 'domains' || $page == 'overview') {
 						`email_only` = :email_only,
 						`subcanemaildomain` = :subcanemaildomain,
 						`caneditdomain` = :caneditdomain,
+						`phpenabled` = :phpenabled,
 						`openbasedir` = :openbasedir,
 						`speciallogfile` = :speciallogfile,
 						`specialsettings` = :specialsettings,
+						`notryfiles` = :notryfiles,
 						`ssl_redirect` = :ssl_redirect,
 						`add_date` = :add_date,
 						`registration_date` = :registration_date,
-                                                `termination_date` = :termination_date,
+						`termination_date` = :termination_date,
 						`phpsettingid` = :phpsettingid,
 						`mod_fcgid_starter` = :mod_fcgid_starter,
 						`mod_fcgid_maxrequests` = :mod_fcgid_maxrequests,
 						`ismainbutsubto` = :ismainbutsubto,
-						`letsencrypt` = :letsencrypt
+						`letsencrypt` = :letsencrypt,
+						`http2` = :http2,
+						`hsts` = :hsts,
+						`hsts_sub` = :hsts_sub,
+						`hsts_preload` = :hsts_preload,
+						`ocsp_stapling` = :ocsp_stapling
 					");
 					Database::pexecute($ins_stmt, $ins_data);
 					$domainid = Database::lastInsertId();
@@ -1002,11 +1087,15 @@ if ($page == 'domains' || $page == 'overview') {
 				}

 				$phpconfigs = '';
-				$configs = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "`");
+				$configs = Database::query("
+					SELECT c.*, fc.description as interpreter
+					FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+					LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+				");

 				while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
 					if ((int) Settings::Get('phpfpm.enabled') == 1) {
-						$phpconfigs .= makeoption($row['description'], $row['id'], Settings::Get('phpfpm.defaultini'), true, true);
+						$phpconfigs .= makeoption($row['description'] . " [".$row['interpreter']."]", $row['id'], Settings::Get('phpfpm.defaultini'), true, true);
 					} else {
 						$phpconfigs .= makeoption($row['description'], $row['id'], Settings::Get('system.mod_fcgid_defaultini'), true, true);
 					}
@@ -1035,10 +1124,13 @@ if ($page == 'domains' || $page == 'overview') {
 			}
 		}
 	} elseif ($action == 'edit' && $id != 0) {
-
 		$result_stmt = Database::prepare("
-			SELECT `d`.*, `c`.`customerid` FROM `" . TABLE_PANEL_DOMAINS . "` `d` LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
-			WHERE `d`.`parentdomainid` = '0' AND `d`.`id` = :id" . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid"));
+			SELECT `d`.*, `c`.`customerid`
+			FROM `" . TABLE_PANEL_DOMAINS . "` `d`
+			LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
+			WHERE `d`.`parentdomainid` = '0'
+			AND `d`.`id` = :id" . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid")
+		);
 		$params = array(
 			'id' => $id
 		);
@@ -1183,7 +1275,7 @@ if ($page == 'domains' || $page == 'overview') {
 					$adminid = $result['adminid'];
 				}

-				$aliasdomain = intval($_POST['alias']);
+				$aliasdomain = isset($_POST['alias']) ? intval($_POST['alias']) : 0;
 				$issubof = intval($_POST['issubof']);
 				$subcanemaildomain = intval($_POST['subcanemaildomain']);
 				$caneditdomain = isset($_POST['caneditdomain']) ? intval($_POST['caneditdomain']) : 0;
@@ -1193,12 +1285,18 @@ if ($page == 'domains' || $page == 'overview') {
 					'0',
 					''
 				));
+				if ($registration_date == '0000-00-00') {
+					$registration_date = null;
+				}
 				$termination_date = trim($_POST['termination_date']);
 				$termination_date = validate($termination_date, 'termination_date', '/^(19|20)\d\d[-](0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])$/', '', array(
 					'0000-00-00',
 					'0',
 					''
 				));
+				if ($termination_date == '0000-00-00') {
+					$termination_date = null;
+				}

 				$isemaildomain = 0;
 				if (isset($_POST['isemaildomain'])) {
@@ -1244,6 +1342,7 @@ if ($page == 'domains' || $page == 'overview') {

 					$specialsettings = validate(str_replace("\r\n", "\n", $_POST['specialsettings']), 'specialsettings', '/^[^\0]*$/');
 					$ssfs = (isset($_POST['specialsettingsforsubdomains']) && intval($_POST['specialsettingsforsubdomains']) == 1) ? 1 : 0;
+					$notryfiles = isset($_POST['notryfiles']) && (int)$_POST['notryfiles'] == 1 ? 1 : 0;
 					$documentroot = validate($_POST['documentroot'], 'documentroot');

 					if ($documentroot == '') {
@@ -1265,6 +1364,7 @@ if ($page == 'domains' || $page == 'overview') {
 					$dkim = $result['dkim'];
 					$specialsettings = $result['specialsettings'];
 					$ssfs = (empty($specialsettings) ? 0 : 1);
+					$notryfiles = $result['notryfiles'];
 					$documentroot = $result['documentroot'];
 				}

@@ -1272,7 +1372,9 @@ if ($page == 'domains' || $page == 'overview') {

 				if ($userinfo['caneditphpsettings'] == '1' || $userinfo['change_serversettings'] == '1') {

+					$phpenabled  = isset($_POST['phpenabled']) ? intval($_POST['phpenabled']) : 0;
 					$openbasedir = isset($_POST['openbasedir']) ? intval($_POST['openbasedir']) : 0;
+					$phpfs = (isset($_POST['phpsettingsforsubdomains']) && intval($_POST['phpsettingsforsubdomains']) == 1) ? 1 : 0;

 					if ((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) {
 						$phpsettingid = (int) $_POST['phpsettingid'];
@@ -1302,19 +1404,22 @@ if ($page == 'domains' || $page == 'overview') {
 						}
 					} else {
 						$phpsettingid = $result['phpsettingid'];
+						$phpfs = 1;
 						$mod_fcgid_starter = $result['mod_fcgid_starter'];
 						$mod_fcgid_maxrequests = $result['mod_fcgid_maxrequests'];
 					}
 				} else {
+					$phpenabled = $result['phpenabled'];
 					$openbasedir = $result['openbasedir'];
 					$phpsettingid = $result['phpsettingid'];
+					$phpfs = 1;
 					$mod_fcgid_starter = $result['mod_fcgid_starter'];
 					$mod_fcgid_maxrequests = $result['mod_fcgid_maxrequests'];
 				}

 				$ipandports = array();
 				if (isset($_POST['ipandport']) && ! is_array($_POST['ipandport'])) {
-					$_POST['ipandport'] = unserialize($_POST['ipandport']);
+					$_POST['ipandport'] = json_decode($_POST['ipandport'], true);
 				}
 				if (isset($_POST['ipandport']) && is_array($_POST['ipandport'])) {

@@ -1348,9 +1453,19 @@ if ($page == 'domains' || $page == 'overview') {
 						$letsencrypt = (int) $_POST['letsencrypt'];
 					}

+					$http2 = isset($_POST['http2']) && (int)$_POST['http2'] == 1 ? 1 : 0;
+
+					// HSTS
+					$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+					$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+					$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
+					// OCSP stapling
+					$ocsp_stapling = isset($_POST['ocsp_stapling']) && (int)$_POST['ocsp_stapling'] == 1 ? 1 : 0;
+
 					$ssl_ipandports = array();
 					if (isset($_POST['ssl_ipandport']) && ! is_array($_POST['ssl_ipandport'])) {
-						$_POST['ssl_ipandport'] = unserialize($_POST['ssl_ipandport']);
+						$_POST['ssl_ipandport'] = json_decode($_POST['ssl_ipandport'], true);
 					}
 					if (isset($_POST['ssl_ipandport']) && is_array($_POST['ssl_ipandport'])) {

@@ -1373,25 +1488,49 @@ if ($page == 'domains' || $page == 'overview') {
 								$ssl_ipandports[] = $ssl_ipandport;
 							}
 						}
+
 					} else {
 						$ssl_redirect = 0;
 						$letsencrypt = 0;
-						// we need this for the serialize
+						$http2 = 0;
+						// we need this for the json-encode
 						// if ssl is disabled or no ssl-ip/port exists
 						$ssl_ipandports[] = - 1;
+
+						// HSTS
+						$hsts_maxage = 0;
+						$hsts_sub = 0;
+						$hsts_preload = 0;
+
+						// OCSP stapling
+						$ocsp_stapling = 0;
 					}
 				} else {
 					$ssl_redirect = 0;
 					$letsencrypt = 0;
-					// we need this for the serialize
+					$http2 = 0;
+					// we need this for the json-encode
 					// if ssl is disabled or no ssl-ip/port exists
 					$ssl_ipandports[] = - 1;
+
+					// HSTS
+					$hsts_maxage = 0;
+					$hsts_sub = 0;
+					$hsts_preload = 0;
+
+					// OCSP stapling
+					$ocsp_stapling = 0;
 				}

-				// We can't enable let's encrypt for wildcard domains
-				if ($serveraliasoption == '0' && $letsencrypt == '1') {
+				// We can't enable let's encrypt for wildcard domains when using acme-v1
+				if ($serveraliasoption == '0' && $letsencrypt == '1' && Settings::Get('system.leapiversion') == '1') {
 					standard_error('nowildcardwithletsencrypt');
 				}
+				// if using acme-v2 we cannot issue wildcard-certificates
+				// because they currently only support the dns-01 challenge
+				if ($serveraliasoption == '0' && $letsencrypt == '1' && Settings::Get('system.leapiversion') == '2') {
+					standard_error('nowildcardwithletsencryptv2');
+				}

 				// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
 				if ($ssl_redirect > 0 && $letsencrypt == 1 && $result['letsencrypt'] != $letsencrypt) {
@@ -1402,6 +1541,10 @@ if ($page == 'domains' || $page == 'overview') {
 					$documentroot = makeCorrectDir($documentroot);
 				}

+				if ($phpenabled != '1') {
+					$phpenabled = '0';
+				}
+
 				if ($openbasedir != '1') {
 					$openbasedir = '0';
 				}
@@ -1459,7 +1602,7 @@ if ($page == 'domains' || $page == 'overview') {
 					}

 					if (count($ssl_ipandports) == 0) {
-						// we need this for the serialize
+						// we need this for the json-encode
 						// if ssl is disabled or no ssl-ip/port exists
 						$ssl_ipandports[] = - 1;
 					}
@@ -1510,20 +1653,28 @@ if ($page == 'domains' || $page == 'overview') {
 					'dkim' => $dkim,
 					'selectserveralias' => $serveraliasoption,
 					'ssl_redirect' => $ssl_redirect,
+					'phpenabled' => $phpenabled,
 					'openbasedir' => $openbasedir,
 					'phpsettingid' => $phpsettingid,
+					'phpsettingsforsubdomains' => $phpfs,
 					'mod_fcgid_starter' => $mod_fcgid_starter,
 					'mod_fcgid_maxrequests' => $mod_fcgid_maxrequests,
 					'specialsettings' => $specialsettings,
 					'specialsettingsforsubdomains' => $ssfs,
+					'notryfiles' => $notryfiles,
 					'registration_date' => $registration_date,
 					'termination_date' => $termination_date,
 					'issubof' => $issubof,
 					'speciallogfile' => $speciallogfile,
 					'speciallogverified' => $speciallogverified,
-					'ipandport' => serialize($ipandports),
-					'ssl_ipandport' => serialize($ssl_ipandports),
-					'letsencrypt' => $letsencrypt
+					'ipandport' => json_encode($ipandports),
+					'ssl_ipandport' => json_encode($ssl_ipandports),
+					'letsencrypt' => $letsencrypt,
+					'http2' => $http2,
+					'hsts_maxage' => $hsts_maxage,
+					'hsts_sub' => $hsts_sub,
+					'hsts_preload' => $hsts_preload,
+					'ocsp_stapling' => $ocsp_stapling
 				);

 				$security_questions = array(
@@ -1542,7 +1693,29 @@ if ($page == 'domains' || $page == 'overview') {
 				$wwwserveralias = ($serveraliasoption == '1') ? '1' : '0';
 				$iswildcarddomain = ($serveraliasoption == '0') ? '1' : '0';

-				if ($documentroot != $result['documentroot'] || $ssl_redirect != $result['ssl_redirect'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $openbasedir != $result['openbasedir'] || $phpsettingid != $result['phpsettingid'] || $mod_fcgid_starter != $result['mod_fcgid_starter'] || $mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests'] || $specialsettings != $result['specialsettings'] || $aliasdomain != $result['aliasdomain'] || $issubof != $result['ismainbutsubto'] || $email_only != $result['email_only'] || ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1') || $letsencrypt != $result['letsencrypt']) {
+				if (
+					$documentroot != $result['documentroot'] ||
+					$ssl_redirect != $result['ssl_redirect'] ||
+					$wwwserveralias != $result['wwwserveralias'] ||
+					$iswildcarddomain != $result['iswildcarddomain'] ||
+					$phpenabled != $result['phpenabled'] ||
+					$openbasedir != $result['openbasedir'] ||
+					$phpsettingid != $result['phpsettingid'] ||
+					$mod_fcgid_starter != $result['mod_fcgid_starter'] ||
+					$mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests'] ||
+					$specialsettings != $result['specialsettings'] ||
+					$notryfiles != $result['notryfiles'] ||
+					$aliasdomain != $result['aliasdomain'] ||
+					$issubof != $result['ismainbutsubto'] ||
+					$email_only != $result['email_only'] ||
+					($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1') ||
+					$letsencrypt != $result['letsencrypt'] ||
+					$http2 != $result['http2'] ||
+					$hsts_maxage != $result['hsts'] ||
+					$hsts_sub != $result['hsts_sub'] ||
+					$hsts_preload != $result['hsts_preload'] ||
+					$ocsp_stapling != $result['ocsp_stapling']
+				) {
 					inserttask('1');
 				}

@@ -1571,6 +1744,16 @@ if ($page == 'domains' || $page == 'overview') {
 					$log->logAction(ADM_ACTION, LOG_NOTICE, "deleted domain #" . $id . " from mail-tables");
 				}

+				// check whether LE has been disabled, so we remove the certificate
+				if ($letsencrypt == '0' && $result['letsencrypt'] == '1')  {
+					$del_stmt = Database::prepare("
+						DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = :id
+					");
+					Database::pexecute($del_stmt, array(
+						'id' => $id
+					));
+				}
+
 				$updatechildren = '';

 				if ($subcanemaildomain == '0' && $result['subcanemaildomain'] != '0') {
@@ -1673,16 +1856,23 @@ if ($page == 'domains' || $page == 'overview') {
 				$update_data['zonefile'] = $zonefile;
 				$update_data['wwwserveralias'] = $wwwserveralias;
 				$update_data['iswildcarddomain'] = $iswildcarddomain;
+				$update_data['phpenabled'] = $phpenabled;
 				$update_data['openbasedir'] = $openbasedir;
 				$update_data['speciallogfile'] = $speciallogfile;
 				$update_data['phpsettingid'] = $phpsettingid;
 				$update_data['mod_fcgid_starter'] = $mod_fcgid_starter;
 				$update_data['mod_fcgid_maxrequests'] = $mod_fcgid_maxrequests;
 				$update_data['specialsettings'] = $specialsettings;
+				$update_data['notryfiles'] = $notryfiles;
 				$update_data['registration_date'] = $registration_date;
 				$update_data['termination_date'] = $termination_date;
 				$update_data['ismainbutsubto'] = $issubof;
 				$update_data['letsencrypt'] = $letsencrypt;
+				$update_data['http2'] = $http2;
+				$update_data['hsts'] = $hsts_maxage;
+				$update_data['hsts_sub'] = $hsts_sub;
+				$update_data['hsts_preload'] = $hsts_preload;
+				$update_data['ocsp_stapling'] = $ocsp_stapling;
 				$update_data['id'] = $id;

 				$update_stmt = Database::prepare("
@@ -1701,28 +1891,43 @@ if ($page == 'domains' || $page == 'overview') {
 					`zonefile` = :zonefile,
 					`wwwserveralias` = :wwwserveralias,
 					`iswildcarddomain` = :iswildcarddomain,
+					`phpenabled` = :phpenabled,
 					`openbasedir` = :openbasedir,
 					`speciallogfile` = :speciallogfile,
 					`phpsettingid` = :phpsettingid,
 					`mod_fcgid_starter` = :mod_fcgid_starter,
 					`mod_fcgid_maxrequests` = :mod_fcgid_maxrequests,
 					`specialsettings` = :specialsettings,
+					`notryfiles` = :notryfiles,
 					`registration_date` = :registration_date,
 					`termination_date` = :termination_date,
 					`ismainbutsubto` = :ismainbutsubto,
-					`letsencrypt` = :letsencrypt
+					`letsencrypt` = :letsencrypt,
+					`http2` = :http2,
+					`hsts` = :hsts,
+					`hsts_sub` = :hsts_sub,
+					`hsts_preload` = :hsts_preload,
+					`ocsp_stapling` = :ocsp_stapling
 					WHERE `id` = :id
 				");
 				Database::pexecute($update_stmt, $update_data);

 				$_update_data['customerid'] = $customerid;
 				$_update_data['adminid'] = $adminid;
+				$_update_data['phpenabled'] = $phpenabled;
 				$_update_data['openbasedir'] = $openbasedir;
-				$_update_data['phpsettingid'] = $phpsettingid;
 				$_update_data['mod_fcgid_starter'] = $mod_fcgid_starter;
 				$_update_data['mod_fcgid_maxrequests'] = $mod_fcgid_maxrequests;
 				$_update_data['parentdomainid'] = $id;

+				// if php config is to be set for all subdomains, check here
+				$update_phpconfig = '';
+				$phpfs = isset($_POST['phpsettingsforsubdomains']) ? 1 : 0;
+				if ($phpfs == 1) {
+					$_update_data['phpsettingid'] = $phpsettingid;
+					$update_phpconfig = ", `phpsettingid` = :phpsettingid";
+				}
+
 				// if we have no more ssl-ip's for this domain,
 				// all its subdomains must have "ssl-redirect = 0"
 				// and disable let's encrypt
@@ -1735,11 +1940,11 @@ if ($page == 'domains' || $page == 'overview') {
 					UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
 					`customerid` = :customerid,
 					`adminid` = :adminid,
+					`phpenabled` = :phpenabled,
 					`openbasedir` = :openbasedir,
-					`phpsettingid` = :phpsettingid,
 					`mod_fcgid_starter` = :mod_fcgid_starter,
 					`mod_fcgid_maxrequests` = :mod_fcgid_maxrequests
-					" . $upd_specialsettings . $updatechildren . $update_sslredirect . "
+					" . $update_phpconfig . $upd_specialsettings . $updatechildren . $update_sslredirect . "
 					WHERE `parentdomainid` = :parentdomainid
 				");
 				Database::pexecute($_update_stmt, $_update_data);
@@ -1822,7 +2027,15 @@ if ($page == 'domains' || $page == 'overview') {
 				} else
 					if ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
 						// or when wwwserveralias or letsencrypt was changed
+
 						triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
+
+						if ($aliasdomain === 0) {
+							// in case the wwwserveralias is set on a main domain, $aliasdomain is 0
+							// --> the call just above to triggerLetsEncryptCSRForAliasDestinationDomain
+							//     is a noop...let's repeat it with the domain id of the main domain
+							triggerLetsEncryptCSRForAliasDestinationDomain($id, $log);
+						}
 					}

 				$log->logAction(ADM_ACTION, LOG_INFO, "edited domain #" . $id);
@@ -2009,10 +2222,25 @@ if ($page == 'domains' || $page == 'overview') {
 				$result['add_date'] = date('Y-m-d', $result['add_date']);

 				$phpconfigs = '';
-				$phpconfigs_result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "`");
+				$phpconfigs_result_stmt = Database::query("
+					SELECT c.*, fc.description as interpreter
+					FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+					LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+				");
+				$c_allowed_configs = getCustomerDetail($result['customerid'], 'allowed_phpconfigs');
+				if (!empty($c_allowed_configs)) {
+					$c_allowed_configs = json_decode($c_allowed_configs, true);
+				} else {
+					$c_allowed_configs = array();
+				}

 				while ($phpconfigs_row = $phpconfigs_result_stmt->fetch(PDO::FETCH_ASSOC)) {
-					$phpconfigs .= makeoption($phpconfigs_row['description'], $phpconfigs_row['id'], $result['phpsettingid'], true, true);
+					$disabled = !empty($c_allowed_configs) && !in_array($phpconfigs_row['id'], $c_allowed_configs);
+					if ((int) Settings::Get('phpfpm.enabled') == 1) {
+						$phpconfigs .= makeoption($phpconfigs_row['description'] . " [".$phpconfigs_row['interpreter']."]", $phpconfigs_row['id'], $result['phpsettingid'], true, true, null, $disabled);
+					} else {
+						$phpconfigs .= makeoption($phpconfigs_row['description'], $phpconfigs_row['id'], $result['phpsettingid'], true, true, null, $disabled);
+					}
 				}

 				$result = htmlentities_array($result);
@@ -2028,6 +2256,13 @@ if ($page == 'domains' || $page == 'overview') {
 				eval("echo \"" . getTemplate("domains/domains_edit") . "\";");
 			}
 		}
+	} elseif ($action == 'jqGetCustomerPHPConfigs') {
+
+		$customerid = intval($_POST['customerid']);
+		$allowed_phpconfigs = getCustomerDetail($customerid, 'allowed_phpconfigs');
+		echo !empty($allowed_phpconfigs) ? $allowed_phpconfigs : json_encode(array());
+		exit;
+
 	} elseif ($action == 'import') {

 		if (isset($_POST['send']) && $_POST['send'] == 'send') {
@@ -2052,6 +2287,8 @@ if ($page == 'domains' || $page == 'overview') {

 			// update customer/admin counters
 			updateCounters(false);
+			inserttask('1');
+			inserttask('4');

 			$result_str = $result['imported'] . ' / ' . $result['all'];
 			standard_success('domain_import_successfully', $result_str, array(
@@ -2086,6 +2323,11 @@ if ($page == 'domains' || $page == 'overview') {
 } elseif ($page == 'domaindnseditor' && Settings::Get('system.dnsenabled') == '1') {

 	require_once __DIR__.'/dns_editor.php';
+
+} elseif ($page == 'sslcertificates') {
+
+	require_once __DIR__.'/ssl_certificates.php';
+
 }

 function formatDomainEntry(&$row, &$idna_convert)
--- a/admin_index.php
+++ b/admin_index.php
@@ -85,45 +85,42 @@ if ($page == 'overview') {
 	if ((isset($_GET['lookfornewversion']) && $_GET['lookfornewversion'] == 'yes')
 		|| (isset($lookfornewversion) && $lookfornewversion == 'yes')
 	) {
-		$update_check_uri = 'http://version.froxlor.org/Froxlor/legacy/' . $version;
+		if (function_exists('curl_version')) {
+			$update_check_uri = 'http://version.froxlor.org/Froxlor/legacy/' . $version;
+			$latestversion = HttpClient::urlGet($update_check_uri);
+			$latestversion = explode('|', $latestversion);

-		if (ini_get('allow_url_fopen')) {
-			$latestversion = @file($update_check_uri);
+			if (is_array($latestversion)
+				&& count($latestversion) >= 1
+			) {
+				$_version = $latestversion[0];
+				$_message = isset($latestversion[1]) ? $latestversion[1] : '';
+				$_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');

-			if (isset($latestversion[0])) {
-				$latestversion = explode('|', $latestversion[0]);
+				// add the branding so debian guys are not gettings confused
+				// about their version-number
+				$lookfornewversion_lable = $_version.$branding;
+				$lookfornewversion_link = $_link;
+				$lookfornewversion_addinfo = $_message;

-				if (is_array($latestversion)
-					&& count($latestversion) >= 1
-				) {
-					$_version = $latestversion[0];
-					$_message = isset($latestversion[1]) ? $latestversion[1] : '';
-					$_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
-
-					// add the branding so debian guys are not gettings confused
-					// about their version-number
-					$lookfornewversion_lable = $_version.$branding;
-					$lookfornewversion_link = $_link;
-					$lookfornewversion_addinfo = $_message;
-
-					// not numeric -> error-message
-					if (!preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) {
-						// check for customized version to not output
-						// "There is a newer version of froxlor" besides the error-message
-						$isnewerversion = 2;
-					} elseif (version_compare2($version, $_version) == -1) {
-						$isnewerversion = 1;
-					} else {
-						$isnewerversion = 0;
-					}
+				// not numeric -> error-message
+				if (!preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) {
+					// check for customized version to not output
+					// "There is a newer version of froxlor" besides the error-message
+					$isnewerversion = 2;
+				} elseif (version_compare2($version, $_version) == -1) {
+					$isnewerversion = 1;
 				} else {
-					redirectTo($update_check_uri.'/pretty', NULL, false);
+					$isnewerversion = 0;
 				}
 			} else {
 				redirectTo($update_check_uri.'/pretty', NULL, false);
 			}
 		} else {
-			redirectTo($update_check_uri.'/pretty', NULL, false);
+			$lookfornewversion_lable = "Version-check not available due to missing php-curl extension";
+			$lookfornewversion_link = htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
+			$lookfornewversion_addinfo = '';
+			$isnewerversion = 0;
 		}
 	} else {
 		$lookfornewversion_lable = $lng['admin']['lookfornewversion']['clickhere'];
@@ -144,6 +141,15 @@ if ($page == 'overview') {
 	$cron_last_runs = getCronjobsLastRun();
 	$outstanding_tasks = getOutstandingTasks();

+	$system_hostname = gethostname();
+	$meminfo= explode("\n", @file_get_contents("/proc/meminfo"));
+	$memory = "";
+	for ($i = 0; $i < sizeof($meminfo); ++$i) {
+		if (substr($meminfo[$i], 0, 3) === "Mem") {
+			$memory.= $meminfo[$i] . PHP_EOL;
+		}
+	}
+
 	if (function_exists('sys_getloadavg')) {
 		$loadArray = sys_getloadavg();
 		$load = number_format($loadArray[0], 2, '.', '') . " / " . number_format($loadArray[1], 2, '.', '') . " / " . number_format($loadArray[2], 2, '.', '');
@@ -271,7 +277,7 @@ if ($page == 'overview') {
 			$default_lang = $userinfo['def_language'];
 		}

-		while (list($language_file, $language_name) = each($languages)) {
+		foreach ($languages as $language_file => $language_name) {
 			$language_options.= makeoption($language_name, $language_file, $default_lang, true);
 		}

@@ -360,7 +366,8 @@ if ($page == 'overview') {
 			$mail_body .= "File: ".$_error['file'].':'.$_error['line']."\n\n";
 			$mail_body .= "Trace:\n".trim($_error['trace'])."\n\n";
 			$mail_body .= "-------------------------------------------------------------\n\n";
-			$mail_body .= "Froxlor-version: ".$version."\n\n";
+			$mail_body .= "Froxlor-version: ".$version."\n";
+			$mail_body .= "DB-version: ".$dbversion."\n\n";
 			$mail_body .= "End of report";
 			$mail_html = nl2br($mail_body);

--- a/admin_ipsandports.php
+++ b/admin_ipsandports.php
@@ -33,6 +33,7 @@ if ($page == 'ipsandports'
 	$websrv = Settings::Get('system.webserver');
 	$is_nginx = ($websrv == 'nginx');
 	$is_apache = ($websrv == 'apache2');
+	$is_apache24 = $is_apache && (Settings::Get('system.apache24') === '1');

 	if ($action == '') {

--- a/admin_logger.php
+++ b/admin_logger.php
@@ -30,11 +30,11 @@ if ($page == 'log'
 			'user' => $lng['logger']['user'],
 			'text' => $lng['logger']['action']
 		);
-		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, null, null, 0, 'desc');
-		$result_stmt = Database::query('
-			SELECT * FROM `' . TABLE_PANEL_LOG . '` ' . $paging->getSqlWhere(false) . ' ' . $paging->getSqlOrderBy() . ' ' . $paging->getSqlLimit()
-		);
-		$logs_count = Database::num_rows();
+		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, null, null, 0, 'desc', 30);
+		$query = 'SELECT * FROM `' . TABLE_PANEL_LOG . '` ' . $paging->getSqlWhere(false) . ' ' . $paging->getSqlOrderBy();
+		$result_stmt = Database::query($query . ' ' . $paging->getSqlLimit());
+		$result_cnt_stmt = Database::query($query);
+		$logs_count = $result_cnt_stmt->rowCount();
 		$paging->setEntries($logs_count);
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
@@ -67,7 +67,7 @@ if ($page == 'log'
 		foreach ($clog as $action => $logrows) {
 			$_action = 0;
 			foreach ($logrows as $row) {
-				if ($paging->checkDisplay($i)) {
+				// if ($paging->checkDisplay($i)) {
 					$row = htmlentities_array($row);
 					$row['date'] = date("d.m.y H:i:s", $row['date']);

@@ -105,7 +105,7 @@ if ($page == 'log'
 					eval("\$log.=\"" . getTemplate('logger/logger_log') . "\";");
 					$count++;
 					$_action = $action;
-				}
+				// }
 				$i++;
 			}
 			$i++;
--- a/admin_phpsettings.php
+++ b/admin_phpsettings.php
@@ -16,7 +16,6 @@
 * @package    Panel
 *
 */
-
 define('AREA', 'admin');
 require './lib/init.php';

@@ -27,104 +26,134 @@ if (isset($_POST['id'])) {
 }

 if ($page == 'overview') {
-
+	
 	if ($action == '') {
-
+		
 		$tablecontent = '';
 		$count = 0;
-		$result = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "`");
-
+		$result = Database::query("
+			SELECT c.*, fd.description as fpmdesc
+			FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+			LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fd ON fd.id = c.fpmsettingid
+			ORDER BY c.description ASC
+		");
+		
 		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
-
+			
 			$domainresult = false;
-			$query_params = array('id' => $row['id']);
-
-			$query = "SELECT * FROM `".TABLE_PANEL_DOMAINS."`
+			$query_params = array(
+				'id' => $row['id']
+			);
+			
+			$query = "SELECT * FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `phpsettingid` = :id
 					AND `parentdomainid` = '0'";
-
-			if ((int)$userinfo['domains_see_all'] == 0) {
+			
+			if ((int) $userinfo['domains_see_all'] == 0) {
 				$query .= " AND `adminid` = :adminid";
 				$query_params['adminid'] = $userinfo['adminid'];
 			}
-
-			if ((int)Settings::Get('panel.phpconfigs_hidestdsubdomain') == 1) {
+			
+			if ((int) Settings::Get('panel.phpconfigs_hidestdsubdomain') == 1) {
 				$ssdids_res = Database::query("
-					SELECT DISTINCT `standardsubdomain` FROM `".TABLE_PANEL_CUSTOMERS."`
-					WHERE `standardsubdomain` > 0 ORDER BY `standardsubdomain` ASC;"
-				);
+					SELECT DISTINCT `standardsubdomain` FROM `" . TABLE_PANEL_CUSTOMERS . "`
+					WHERE `standardsubdomain` > 0 ORDER BY `standardsubdomain` ASC;");
 				$ssdids = array();
 				while ($ssd = $ssdids_res->fetch(PDO::FETCH_ASSOC)) {
 					$ssdids[] = $ssd['standardsubdomain'];
 				}
 				if (count($ssdids) > 0) {
-					$query .= " AND `id` NOT IN (".implode(', ', $ssdids).")";
+					$query .= " AND `id` NOT IN (" . implode(', ', $ssdids) . ")";
 				}
 			}
-
+			
 			$domainresult_stmt = Database::prepare($query);
 			Database::pexecute($domainresult_stmt, $query_params);
-
+			
 			$domains = '';
 			if (Database::num_rows() > 0) {
 				while ($row2 = $domainresult_stmt->fetch(PDO::FETCH_ASSOC)) {
-					$domains.= $row2['domain'] . '<br/>';
+					$domains .= $row2['domain'] . '<br/>';
 				}
 			}
-
+			
 			// check whether we use that config as froxor-vhost config
-			if (Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $row['id']
-				|| Settings::Get('phpfpm.vhost_defaultini') == $row['id']
-			) {
+			if (Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $row['id'] || Settings::Get('phpfpm.vhost_defaultini') == $row['id']) {
 				$domains .= Settings::Get('system.hostname');
 			}
-
+			
 			if ($domains == '') {
 				$domains = $lng['admin']['phpsettings']['notused'];
 			}
-
+			
 			// check whether this is our default config
-			if ((Settings::Get('system.mod_fcgid') == '1'
-				&& Settings::Get('system.mod_fcgid_defaultini') == $row['id'])
-				|| (Settings::Get('phpfpm.enabled') == '1'
-				&& Settings::Get('phpfpm.defaultini') == $row['id'])
-			) {
-				$row['description'] = '<b>'.$row['description'].'</b>';
+			if ((Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_defaultini') == $row['id']) || (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.defaultini') == $row['id'])) {
+				$row['description'] = '<b>' . $row['description'] . '</b>';
 			}
-
+			
 			$count ++;
 			eval("\$tablecontent.=\"" . getTemplate("phpconfig/overview_overview") . "\";");
 		}
-
+		
 		$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting overview has been viewed by '" . $userinfo['loginname'] . "'");
 		eval("echo \"" . getTemplate("phpconfig/overview") . "\";");
 	}
-
+	
 	if ($action == 'add') {
-
-		if ((int)$userinfo['change_serversettings'] == 1) {
-
-			if (isset($_POST['send'])
-				&& $_POST['send'] == 'send'
-			) {
+		
+		if ((int) $userinfo['change_serversettings'] == 1) {
+			
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$description = validate($_POST['description'], 'description');
 				$phpsettings = validate(str_replace("\r\n", "\n", $_POST['phpsettings']), 'phpsettings', '/^[^\0]*$/');
-
+				
 				if (Settings::Get('system.mod_fcgid') == 1) {
 					$binary = makeCorrectFile(validate($_POST['binary'], 'binary'));
 					$file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/');
-					$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', ''));
-					$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', ''));
+					$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array(
+						'-1',
+						''
+					));
+					$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array(
+						'-1',
+						''
+					));
 					$mod_fcgid_umask = validate($_POST['mod_fcgid_umask'], 'mod_fcgid_umask', '/^[0-9]*$/');
 					// disable fpm stuff
+					$fpm_config_id = 1;
 					$fpm_enableslowlog = 0;
 					$fpm_reqtermtimeout = 0;
 					$fpm_reqslowtimeout = 0;
-				}
-				elseif (Settings::Get('phpfpm.enabled') == 1) {
-					$fpm_enableslowlog = isset($_POST['phpfpm_enable_slowlog']) ? (int)$_POST['phpfpm_enable_slowlog'] : 0;
+					$fpm_pass_authorizationheader = 0;
+					$override_fpmconfig = 0;
+					$stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id");
+					$def_fpmconfig = Database::pexecute_first($stmt, array(
+						'id' => $fpm_config_id
+					));
+					$pm = $def_fpmconfig['pm'];
+					$max_children = $def_fpmconfig['max_children'];
+					$start_servers = $def_fpmconfig['start_servers'];
+					$min_spare_servers = $def_fpmconfig['min_spare_servers'];
+					$max_spare_servers = $def_fpmconfig['max_spare_servers'];
+					$max_requests = $def_fpmconfig['max_requests'];
+					$idle_timeout = $def_fpmconfig['idle_timeout'];
+					$limit_extensions = $def_fpmconfig['limit_extensions'];
+
+				} elseif (Settings::Get('phpfpm.enabled') == 1) {
+					$fpm_config_id = intval($_POST['fpmconfig']);
+					$fpm_enableslowlog = isset($_POST['phpfpm_enable_slowlog']) ? (int) $_POST['phpfpm_enable_slowlog'] : 0;
 					$fpm_reqtermtimeout = validate($_POST['phpfpm_reqtermtimeout'], 'phpfpm_reqtermtimeout', '/^([0-9]+)(|s|m|h|d)$/');
 					$fpm_reqslowtimeout = validate($_POST['phpfpm_reqslowtimeout'], 'phpfpm_reqslowtimeout', '/^([0-9]+)(|s|m|h|d)$/');
+					$fpm_pass_authorizationheader = isset($_POST['phpfpm_pass_authorizationheader']) ? (int) $_POST['phpfpm_pass_authorizationheader'] : 0;
+					$override_fpmconfig = isset($_POST['override_fpmconfig']) ? (int) $_POST['override_fpmconfig'] : 0;
+					$pm = $_POST['pm'];
+					$max_children = isset($_POST['max_children']) ? (int) $_POST['max_children'] : 0;
+					$start_servers = isset($_POST['start_servers']) ? (int) $_POST['start_servers'] : 0;
+					$min_spare_servers = isset($_POST['min_spare_servers']) ? (int) $_POST['min_spare_servers'] : 0;
+					$max_spare_servers = isset($_POST['max_spare_servers']) ? (int) $_POST['max_spare_servers'] : 0;
+					$max_requests = isset($_POST['max_requests']) ? (int) $_POST['max_requests'] : 0;
+					$idle_timeout = isset($_POST['idle_timeout']) ? (int) $_POST['idle_timeout'] : 0;
+					$limit_extensions = validate($_POST['limit_extensions'], 'limit_extensions', '/^(\.[a-z]([a-z0-9]+)\ ?)+$/');
 					// disable fcgid stuff
 					$binary = '/usr/bin/php-cgi';
 					$file_extensions = 'php';
@@ -132,13 +161,11 @@ if ($page == 'overview') {
 					$mod_fcgid_maxrequests = 0;
 					$mod_fcgid_umask = "022";
 				}
-
-				if (strlen($description) == 0
-					|| strlen($description) > 50
-				) {
+				
+				if (strlen($description) == 0 || strlen($description) > 50) {
 					standard_error('descriptioninvalid');
 				}
-
+				
 				$ins_stmt = Database::prepare("
 					INSERT INTO `" . TABLE_PANEL_PHPCONFIGS . "` SET
 						`description` = :desc,
@@ -150,8 +177,18 @@ if ($page == 'overview') {
 						`fpm_slowlog` = :fpmslow,
 						`fpm_reqterm` = :fpmreqterm,
 						`fpm_reqslow` = :fpmreqslow,
-						`phpsettings` = :phpsettings"
-				);
+						`phpsettings` = :phpsettings,
+						`fpmsettingid` = :fpmsettingid,
+						`pass_authorizationheader` = :fpmpassauth,
+						`override_fpmconfig` = :ofc,
+						`pm` = :pm,
+						`max_children` = :max_children,
+						`start_servers` = :start_servers,
+						`min_spare_servers` = :min_spare_servers,
+						`max_spare_servers` = :max_spare_servers,
+						`max_requests` = :max_requests,
+						`idle_timeout` = :idle_timeout,
+						`limit_extensions` = :limit_extensions");
 				$ins_data = array(
 					'desc' => $description,
 					'binary' => $binary,
@@ -162,123 +199,169 @@ if ($page == 'overview') {
 					'fpmslow' => $fpm_enableslowlog,
 					'fpmreqterm' => $fpm_reqtermtimeout,
 					'fpmreqslow' => $fpm_reqslowtimeout,
-					'phpsettings' => $phpsettings
+					'phpsettings' => $phpsettings,
+					'fpmsettingid' => $fpm_config_id,
+					'fpmpassauth' => $fpm_pass_authorizationheader,
+					'ofc' => $override_fpmconfig,
+					'pm' => $pm,
+					'max_children' => $max_children,
+					'start_servers' => $start_servers,
+					'min_spare_servers' => $min_spare_servers,
+					'max_spare_servers' => $max_spare_servers,
+					'max_requests' => $max_requests,
+					'idle_timeout' => $idle_timeout,
+					'limit_extensions' => $limit_extensions
 				);
 				Database::pexecute($ins_stmt, $ins_data);
-
+				
 				inserttask('1');
 				$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with description '" . $description . "' has been created by '" . $userinfo['loginname'] . "'");
-				redirectTo($filename, array('page' => $page, 's' => $s));
-
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
-
+				
 				$result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = 1");
 				$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
-
-				$phpconfig_add_data = include_once dirname(__FILE__).'/lib/formfields/admin/phpconfig/formfield.phpconfig_add.php';
+				
+				$fpmconfigs = '';
+				$configs = Database::query("SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` ORDER BY `description` ASC");
+				while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
+					$fpmconfigs .= makeoption($row['description'], $row['id'], 1, true, true);
+				}
+				
+				$pm_select = makeoption('static', 'static', 'static', true, true);
+				$pm_select.= makeoption('dynamic', 'dynamic', 'static', true, true);
+				$pm_select.= makeoption('ondemand', 'ondemand', 'static', true, true);
+				
+				$phpconfig_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/phpconfig/formfield.phpconfig_add.php';
 				$phpconfig_add_form = htmlform::genHTMLForm($phpconfig_add_data);
-
+				
 				$title = $phpconfig_add_data['phpconfig_add']['title'];
 				$image = $phpconfig_add_data['phpconfig_add']['image'];
-
+				
 				eval("echo \"" . getTemplate("phpconfig/overview_add") . "\";");
 			}
-
 		} else {
 			standard_error('nopermissionsorinvalidid');
 		}
 	}
-
+	
 	if ($action == 'delete') {
-
+		
 		$result_stmt = Database::prepare("
-			SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
-		);
-		$result = Database::pexecute_first($result_stmt, array('id' => $id));
-
-		if ((Settings::Get('system.mod_fcgid') == '1'
-			&& Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $id)
-			|| (Settings::Get('phpfpm.enabled') == '1'
-			&& Settings::Get('phpfpm.vhost_defaultini') == $id)
-		) {
+			SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $id
+		));
+		
+		if ((Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $id) || (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.vhost_defaultini') == $id)) {
 			standard_error('cannotdeletehostnamephpconfig');
 		}
-
-		if ((Settings::Get('system.mod_fcgid') == '1'
-			&& Settings::Get('system.mod_fcgid_defaultini') == $id)
-			|| (Settings::Get('phpfpm.enabled') == '1'
-			&& Settings::Get('phpfpm.defaultini') == $id)
-		) {
+		
+		if ((Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_defaultini') == $id) || (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.defaultini') == $id)) {
 			standard_error('cannotdeletedefaultphpconfig');
 		}
-
-		if ($result['id'] != 0
-			&& $result['id'] == $id
-			&& (int)$userinfo['change_serversettings'] == 1
-			&& $id != 1 // cannot delete the default php.config
-		) {
-
-			if (isset($_POST['send'])
-				&& $_POST['send'] == 'send'
-			) {
+		
+		if ($result['id'] != 0 && $result['id'] == $id && (int) $userinfo['change_serversettings'] == 1 && $id != 1) // cannot delete the default php.config
+		{
+			
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				// set php-config to default for all domains using the
 				// config that is to be deleted
 				$upd_stmt = Database::prepare("
 					UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
-					`phpsettingid` = '1' WHERE `phpsettingid` = :id"
-				);
-				Database::pexecute($upd_stmt, array('id' => $id));
-
+					`phpsettingid` = '1' WHERE `phpsettingid` = :id");
+				Database::pexecute($upd_stmt, array(
+					'id' => $id
+				));
+				
 				$del_stmt = Database::prepare("
-					DELETE FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
-				);
-				Database::pexecute($del_stmt, array('id' => $id));
-
+					DELETE FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id");
+				Database::pexecute($del_stmt, array(
+					'id' => $id
+				));
+				
 				inserttask('1');
-				$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with id #" . (int)$id . " has been deleted by '" . $userinfo['loginname'] . "'");
-				redirectTo($filename, array('page' => $page, 's' => $s));
-
+				$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with id #" . (int) $id . " has been deleted by '" . $userinfo['loginname'] . "'");
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
-				ask_yesno('phpsetting_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['description']);
+				ask_yesno('phpsetting_reallydelete', $filename, array(
+					'id' => $id,
+					'page' => $page,
+					'action' => $action
+				), $result['description']);
 			}
 		} else {
 			standard_error('nopermissionsorinvalidid');
 		}
 	}
-
+	
 	if ($action == 'edit') {
-
+		
 		$result_stmt = Database::prepare("
-			SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
-		);
-		$result = Database::pexecute_first($result_stmt, array('id' => $id));
-
-		if ($result['id'] != 0
-			&& $result['id'] == $id
-			&& (int)$userinfo['change_serversettings'] == 1
-		) {
-
-			if (isset($_POST['send'])
-				&& $_POST['send'] == 'send'
-			) {
+			SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $id
+		));
+		
+		if ($result['id'] != 0 && $result['id'] == $id && (int) $userinfo['change_serversettings'] == 1) {
+			
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$description = validate($_POST['description'], 'description');
 				$phpsettings = validate(str_replace("\r\n", "\n", $_POST['phpsettings']), 'phpsettings', '/^[^\0]*$/');
-
+				
 				if (Settings::Get('system.mod_fcgid') == 1) {
 					$binary = makeCorrectFile(validate($_POST['binary'], 'binary'));
 					$file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/');
-					$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', ''));
-					$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', ''));
+					$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array(
+						'-1',
+						''
+					));
+					$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array(
+						'-1',
+						''
+					));
 					$mod_fcgid_umask = validate($_POST['mod_fcgid_umask'], 'mod_fcgid_umask', '/^[0-9]*$/');
 					// disable fpm stuff
+					$fpm_config_id = 1;
 					$fpm_enableslowlog = 0;
 					$fpm_reqtermtimeout = 0;
 					$fpm_reqslowtimeout = 0;
-				}
-				elseif (Settings::Get('phpfpm.enabled') == 1) {
-					$fpm_enableslowlog = isset($_POST['phpfpm_enable_slowlog']) ? (int)$_POST['phpfpm_enable_slowlog'] : 0;
+					$fpm_pass_authorizationheader = 0;
+					$override_fpmconfig = 0;
+					$stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id");
+					$def_fpmconfig = Database::pexecute_first($stmt, array(
+						'id' => $fpm_config_id
+					));
+					$pm = $def_fpmconfig['pm'];
+					$max_children = $def_fpmconfig['max_children'];
+					$start_servers = $def_fpmconfig['start_servers'];
+					$min_spare_servers = $def_fpmconfig['min_spare_servers'];
+					$max_spare_servers = $def_fpmconfig['max_spare_servers'];
+					$max_requests = $def_fpmconfig['max_requests'];
+					$idle_timeout = $def_fpmconfig['idle_timeout'];
+					$limit_extensions = $def_fpmconfig['limit_extensions'];
+
+				} elseif (Settings::Get('phpfpm.enabled') == 1) {
+					$fpm_config_id = intval($_POST['fpmconfig']);
+					$fpm_enableslowlog = isset($_POST['phpfpm_enable_slowlog']) ? (int) $_POST['phpfpm_enable_slowlog'] : 0;
 					$fpm_reqtermtimeout = validate($_POST['phpfpm_reqtermtimeout'], 'phpfpm_reqtermtimeout', '/^([0-9]+)(|s|m|h|d)$/');
 					$fpm_reqslowtimeout = validate($_POST['phpfpm_reqslowtimeout'], 'phpfpm_reqslowtimeout', '/^([0-9]+)(|s|m|h|d)$/');
+					$fpm_pass_authorizationheader = isset($_POST['phpfpm_pass_authorizationheader']) ? (int) $_POST['phpfpm_pass_authorizationheader'] : 0;
+					$override_fpmconfig = isset($_POST['override_fpmconfig']) ? (int) $_POST['override_fpmconfig'] : $result['override_fpmconfig'];
+					$pm = $_POST['pm'];
+					$max_children = isset($_POST['max_children']) ? (int) $_POST['max_children'] : $result['max_children'];
+					$start_servers = isset($_POST['start_servers']) ? (int) $_POST['start_servers'] : $result['start_servers'];
+					$min_spare_servers = isset($_POST['min_spare_servers']) ? (int) $_POST['min_spare_servers'] : $result['min_spare_servers'];
+					$max_spare_servers = isset($_POST['max_spare_servers']) ? (int) $_POST['max_spare_servers'] : $result['max_spare_servers'];
+					$max_requests = isset($_POST['max_requests']) ? (int) $_POST['max_requests'] : $result['max_requests'];
+					$idle_timeout = isset($_POST['idle_timeout']) ? (int) $_POST['idle_timeout'] : $result['idle_timeout'];
+					$limit_extensions = validate($_POST['limit_extensions'], 'limit_extensions', '/^(\.[a-z]([a-z0-9]+)\ ?)+$/');
 					// disable fcgid stuff
 					$binary = '/usr/bin/php-cgi';
 					$file_extensions = 'php';
@@ -286,13 +369,11 @@ if ($page == 'overview') {
 					$mod_fcgid_maxrequests = 0;
 					$mod_fcgid_umask = "022";
 				}
-
-				if (strlen($description) == 0
-					|| strlen($description) > 50
-				) {
+				
+				if (strlen($description) == 0 || strlen($description) > 50) {
 					standard_error('descriptioninvalid');
 				}
-
+				
 				$upd_stmt = Database::prepare("
 					UPDATE `" . TABLE_PANEL_PHPCONFIGS . "` SET
 						`description` = :desc,
@@ -304,39 +385,314 @@ if ($page == 'overview') {
 						`fpm_slowlog` = :fpmslow,
 						`fpm_reqterm` = :fpmreqterm,
 						`fpm_reqslow` = :fpmreqslow,
-						`phpsettings` = :phpsettings
-					WHERE `id` = :id"
-				);
+						`phpsettings` = :phpsettings,
+						`fpmsettingid` = :fpmsettingid,
+						`pass_authorizationheader` = :fpmpassauth,
+						`override_fpmconfig` = :ofc,
+						`pm` = :pm,
+						`max_children` = :max_children,
+						`start_servers` = :start_servers,
+						`min_spare_servers` = :min_spare_servers,
+						`max_spare_servers` = :max_spare_servers,
+						`max_requests` = :max_requests,
+						`idle_timeout` = :idle_timeout,
+						`limit_extensions` = :limit_extensions
+					WHERE `id` = :id");
 				$upd_data = array(
-						'desc' => $description,
-						'binary' => $binary,
-						'fext' => $file_extensions,
-						'starter' => $mod_fcgid_starter,
-						'mreq' => $mod_fcgid_maxrequests,
-						'umask' => $mod_fcgid_umask,
-						'fpmslow' => $fpm_enableslowlog,
-						'fpmreqterm' => $fpm_reqtermtimeout,
-						'fpmreqslow' => $fpm_reqslowtimeout,
-						'phpsettings' => $phpsettings,
-						'id' => $id
+					'desc' => $description,
+					'binary' => $binary,
+					'fext' => $file_extensions,
+					'starter' => $mod_fcgid_starter,
+					'mreq' => $mod_fcgid_maxrequests,
+					'umask' => $mod_fcgid_umask,
+					'fpmslow' => $fpm_enableslowlog,
+					'fpmreqterm' => $fpm_reqtermtimeout,
+					'fpmreqslow' => $fpm_reqslowtimeout,
+					'phpsettings' => $phpsettings,
+					'fpmsettingid' => $fpm_config_id,
+					'fpmpassauth' => $fpm_pass_authorizationheader,
+					'ofc' => $override_fpmconfig,
+					'pm' => $pm,
+					'max_children' => $max_children,
+					'start_servers' => $start_servers,
+					'min_spare_servers' => $min_spare_servers,
+					'max_spare_servers' => $max_spare_servers,
+					'max_requests' => $max_requests,
+					'idle_timeout' => $idle_timeout,
+					'limit_extensions' => $limit_extensions,
+					'id' => $id
 				);
 				Database::pexecute($upd_stmt, $upd_data);
-
+				
 				inserttask('1');
 				$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with description '" . $description . "' has been changed by '" . $userinfo['loginname'] . "'");
-				redirectTo($filename, array('page' => $page, 's' => $s));
-
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {

-				$phpconfig_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php';
+				$fpmconfigs = '';
+				$configs = Database::query("SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` ORDER BY `description` ASC");
+				while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
+					$fpmconfigs .= makeoption($row['description'], $row['id'], $result['fpmsettingid'], true, true);
+				}
+				
+				$pm_select = makeoption('static', 'static', $result['pm'], true, true);
+				$pm_select.= makeoption('dynamic', 'dynamic', $result['pm'], true, true);
+				$pm_select.= makeoption('ondemand', 'ondemand', $result['pm'], true, true);
+
+				$phpconfig_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php';
 				$phpconfig_edit_form = htmlform::genHTMLForm($phpconfig_edit_data);

 				$title = $phpconfig_edit_data['phpconfig_edit']['title'];
 				$image = $phpconfig_edit_data['phpconfig_edit']['image'];
-
+				
 				eval("echo \"" . getTemplate("phpconfig/overview_edit") . "\";");
 			}
+		} else {
+			standard_error('nopermissionsorinvalidid');
+		}
+	}
+} elseif ($page == 'fpmdaemons') {
+	
+	if ($action == '') {
+		
+		$tablecontent = '';
+		$count = 0;
+		$result = Database::query("SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` ORDER BY `description` ASC");
+		
+		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {

+			$query_params = array(
+				'id' => $row['id']
+			);
+			
+			$query = "SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `fpmsettingid` = :id";
+			
+			$configresult_stmt = Database::prepare($query);
+			Database::pexecute($configresult_stmt, $query_params);
+			
+			$configs = '';
+			if (Database::num_rows() > 0) {
+				while ($row2 = $configresult_stmt->fetch(PDO::FETCH_ASSOC)) {
+					$configs .= $row2['description'] . '<br/>';
+				}
+			}
+			
+			if ($configs == '') {
+				$configs = $lng['admin']['phpsettings']['notused'];
+			}
+			
+			$count ++;
+			eval("\$tablecontent.=\"" . getTemplate("phpconfig/fpmdaemons_overview") . "\";");
+		}
+		
+		$log->logAction(ADM_ACTION, LOG_INFO, "fpm daemons setting overview has been viewed by '" . $userinfo['loginname'] . "'");
+		eval("echo \"" . getTemplate("phpconfig/fpmdaemons") . "\";");
+	}
+	
+	if ($action == 'add') {
+		
+		if ((int) $userinfo['change_serversettings'] == 1) {
+			
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				$description = validate($_POST['description'], 'description');
+				$reload_cmd = validate($_POST['reload_cmd'], 'reload_cmd');
+				$config_dir = validate($_POST['config_dir'], 'config_dir');
+				$pm = $_POST['pm'];
+				$max_children = isset($_POST['max_children']) ? (int) $_POST['max_children'] : 0;
+				$start_servers = isset($_POST['start_servers']) ? (int) $_POST['start_servers'] : 0;
+				$min_spare_servers = isset($_POST['min_spare_servers']) ? (int) $_POST['min_spare_servers'] : 0;
+				$max_spare_servers = isset($_POST['max_spare_servers']) ? (int) $_POST['max_spare_servers'] : 0;
+				$max_requests = isset($_POST['max_requests']) ? (int) $_POST['max_requests'] : 0;
+				$idle_timeout = isset($_POST['idle_timeout']) ? (int) $_POST['idle_timeout'] : 0;
+				$limit_extensions = validate($_POST['limit_extensions'], 'limit_extensions', '/^(\.[a-z]([a-z0-9]+)\ ?)+$/');
+				
+				if (strlen($description) == 0 || strlen($description) > 50) {
+					standard_error('descriptioninvalid');
+				}
+				
+				$ins_stmt = Database::prepare("
+					INSERT INTO `" . TABLE_PANEL_FPMDAEMONS . "` SET
+					`description` = :desc,
+					`reload_cmd` = :reload_cmd,
+					`config_dir` = :config_dir,
+					`pm` = :pm,
+					`max_children` = :max_children,
+					`start_servers` = :start_servers,
+					`min_spare_servers` = :min_spare_servers,
+					`max_spare_servers` = :max_spare_servers,
+					`max_requests` = :max_requests,
+					`idle_timeout` = :idle_timeout,
+					`limit_extensions` = :limit_extensions
+				");
+				$ins_data = array(
+					'desc' => $description,
+					'reload_cmd' => $reload_cmd,
+					'config_dir' => makeCorrectDir($config_dir),
+					'pm' => $pm,
+					'max_children' => $max_children,
+					'start_servers' => $start_servers,
+					'min_spare_servers' => $min_spare_servers,
+					'max_spare_servers' => $max_spare_servers,
+					'max_requests' => $max_requests,
+					'idle_timeout' => $idle_timeout,
+					'limit_extensions' => $limit_extensions
+				);
+				Database::pexecute($ins_stmt, $ins_data);
+				
+				inserttask('1');
+				$log->logAction(ADM_ACTION, LOG_INFO, "fpm-daemon setting with description '" . $description . "' has been created by '" . $userinfo['loginname'] . "'");
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
+			} else {
+				
+				$pm_select = makeoption('static', 'static', 'static', true, true);
+				$pm_select.= makeoption('dynamic', 'dynamic', 'static', true, true);
+				$pm_select.= makeoption('ondemand', 'ondemand', 'static', true, true);
+
+				$fpmconfig_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/phpconfig/formfield.fpmconfig_add.php';
+				$fpmconfig_add_form = htmlform::genHTMLForm($fpmconfig_add_data);
+				
+				$title = $fpmconfig_add_data['fpmconfig_add']['title'];
+				$image = $fpmconfig_add_data['fpmconfig_add']['image'];
+				
+				eval("echo \"" . getTemplate("phpconfig/fpmconfig_add") . "\";");
+			}
+		} else {
+			standard_error('nopermissionsorinvalidid');
+		}
+	}
+	
+	if ($action == 'delete') {
+		
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $id
+		));
+
+		if ($id == 1) {
+			standard_error('cannotdeletedefaultphpconfig');
+		}
+
+		if ($result['id'] != 0 && $result['id'] == $id && (int) $userinfo['change_serversettings'] == 1 && $id != 1) // cannot delete the default php.config
+		{
+			
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				// set default fpm daemon config for all php-config that use this config that is to be deleted
+				$upd_stmt = Database::prepare("
+					UPDATE `" . TABLE_PANEL_PHPCONFIGS . "` SET
+					`fpmsettingid` = '1' WHERE `fpmsettingid` = :id");
+				Database::pexecute($upd_stmt, array(
+					'id' => $id
+				));
+				
+				$del_stmt = Database::prepare("
+					DELETE FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id");
+				Database::pexecute($del_stmt, array(
+					'id' => $id
+				));
+				
+				inserttask('1');
+				$log->logAction(ADM_ACTION, LOG_INFO, "fpm-daemon setting with id #" . (int) $id . " has been deleted by '" . $userinfo['loginname'] . "'");
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
+			} else {
+				ask_yesno('fpmsetting_reallydelete', $filename, array(
+					'id' => $id,
+					'page' => $page,
+					'action' => $action
+				), $result['description']);
+			}
+		} else {
+			standard_error('nopermissionsorinvalidid');
+		}
+	}
+	
+	if ($action == 'edit') {
+		
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $id
+		));
+		
+		if ($result['id'] != 0 && $result['id'] == $id && (int) $userinfo['change_serversettings'] == 1) {
+			
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				$description = validate($_POST['description'], 'description');
+				$reload_cmd = validate($_POST['reload_cmd'], 'reload_cmd');
+				$config_dir = validate($_POST['config_dir'], 'config_dir');
+				$pm = $_POST['pm'];
+				$max_children = isset($_POST['max_children']) ? (int) $_POST['max_children'] : $result['max_children'];
+				$start_servers = isset($_POST['start_servers']) ? (int) $_POST['start_servers'] : $result['start_servers'];
+				$min_spare_servers = isset($_POST['min_spare_servers']) ? (int) $_POST['min_spare_servers'] : $result['min_spare_servers'];
+				$max_spare_servers = isset($_POST['max_spare_servers']) ? (int) $_POST['max_spare_servers'] : $result['max_spare_servers'];
+				$max_requests = isset($_POST['max_requests']) ? (int) $_POST['max_requests'] : $result['max_requests'];
+				$idle_timeout = isset($_POST['idle_timeout']) ? (int) $_POST['idle_timeout'] : $result['idle_timeout'];
+				$limit_extensions = validate($_POST['limit_extensions'], 'limit_extensions', '/^(\.[a-z]([a-z0-9]+)\ ?)+$/');
+				
+				if (strlen($description) == 0 || strlen($description) > 50) {
+					standard_error('descriptioninvalid');
+				}
+				
+				$upd_stmt = Database::prepare("
+					UPDATE `" . TABLE_PANEL_FPMDAEMONS . "` SET
+					`description` = :desc,
+					`reload_cmd` = :reload_cmd,
+					`config_dir` = :config_dir,
+					`pm` = :pm,
+					`max_children` = :max_children,
+					`start_servers` = :start_servers,
+					`min_spare_servers` = :min_spare_servers,
+					`max_spare_servers` = :max_spare_servers,
+					`max_requests` = :max_requests,
+					`idle_timeout` = :idle_timeout,
+					`limit_extensions` = :limit_extensions
+					WHERE `id` = :id
+				");
+				$upd_data = array(
+					'desc' => $description,
+					'reload_cmd' => $reload_cmd,
+					'config_dir' => makeCorrectDir($config_dir),
+					'pm' => $pm,
+					'max_children' => $max_children,
+					'start_servers' => $start_servers,
+					'min_spare_servers' => $min_spare_servers,
+					'max_spare_servers' => $max_spare_servers,
+					'max_requests' => $max_requests,
+					'idle_timeout' => $idle_timeout,
+					'limit_extensions' => $limit_extensions,
+					'id' => $id
+				);
+				Database::pexecute($upd_stmt, $upd_data);
+				
+				inserttask('1');
+				$log->logAction(ADM_ACTION, LOG_INFO, "fpm-daemon setting with description '" . $description . "' has been changed by '" . $userinfo['loginname'] . "'");
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
+			} else {
+				
+				$pm_select = makeoption('static', 'static', $result['pm'], true, true);
+				$pm_select.= makeoption('dynamic', 'dynamic', $result['pm'], true, true);
+				$pm_select.= makeoption('ondemand', 'ondemand', $result['pm'], true, true);
+
+				$fpmconfig_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/phpconfig/formfield.fpmconfig_edit.php';
+				$fpmconfig_edit_form = htmlform::genHTMLForm($fpmconfig_edit_data);
+				
+				$title = $fpmconfig_edit_data['fpmconfig_edit']['title'];
+				$image = $fpmconfig_edit_data['fpmconfig_edit']['image'];
+				
+				eval("echo \"" . getTemplate("phpconfig/fpmconfig_edit") . "\";");
+			}
 		} else {
 			standard_error('nopermissionsorinvalidid');
 		}
--- a/admin_plans.php
+++ b/admin_plans.php
@@ -0,0 +1,522 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Panel
+ *
+ */
+define('AREA', 'admin');
+require './lib/init.php';
+
+if (isset($_POST['id'])) {
+	$id = intval($_POST['id']);
+} elseif (isset($_GET['id'])) {
+	$id = intval($_GET['id']);
+}
+
+if ($page == '' || $page == 'overview') {
+	
+	if ($action == '') {
+		
+		$log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_plans");
+		$fields = array(
+			'p.name' => $lng['admin']['plans']['name'],
+			'p.description' => $lng['admin']['plans']['description'],
+			'adminname' => $lng['admin']['admin'],
+			'p.ts' => $lng['admin']['plans']['last_update']
+		);
+		$paging = new paging($userinfo, TABLE_PANEL_PLANS, $fields);
+		$plans = '';
+		$result_stmt = Database::prepare("
+			SELECT p.*, a.loginname as adminname
+			FROM `" . TABLE_PANEL_PLANS . "` p, `" . TABLE_PANEL_ADMINS . "` a
+			WHERE " . ($userinfo['customers_see_all'] ? '' : " `p`.`adminid` = :adminid AND ") . "
+			`p`.`adminid` = `a`.`adminid` " . $paging->getSqlWhere(false) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
+		Database::pexecute($result_stmt, array(
+			'adminid' => $userinfo['adminid']
+		));
+		$paging->setEntries(Database::num_rows());
+		$sortcode = $paging->getHtmlSortCode($lng);
+		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
+		$searchcode = $paging->getHtmlSearchCode($lng);
+		$pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s);
+		$i = 0;
+		$count = 0;
+		
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			
+			if ($paging->checkDisplay($i)) {
+				$row = htmlentities_array($row);
+				$row['ts_format'] = date("d.m.Y H:i", $row['ts']);
+				eval("\$plans.=\"" . getTemplate("plans/plans_plan") . "\";");
+				$count ++;
+			}
+			$i ++;
+		}
+		
+		eval("echo \"" . getTemplate("plans/plans") . "\";");
+	} elseif ($action == 'delete' && $id != 0) {
+		
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_PLANS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $id
+		));
+		
+		if ($result['id'] != 0 && $result['id'] == $id && (int) $userinfo['adminid'] == $result['adminid']) {
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				
+				$del_stmt = Database::prepare("
+					DELETE FROM `" . TABLE_PANEL_PLANS . "` WHERE `id` = :id");
+				Database::pexecute($del_stmt, array(
+					'id' => $id
+				));
+				
+				$log->logAction(ADM_ACTION, LOG_INFO, "Plan '" . $result['name'] . "' has been deleted by '" . $userinfo['loginname'] . "'");
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
+			} else {
+				ask_yesno('plan_reallydelete', $filename, array(
+					'id' => $id,
+					'page' => $page,
+					'action' => $action
+				), $result['name']);
+			}
+		} else {
+			standard_error('nopermissionsorinvalidid');
+		}
+	} elseif ($action == 'add') {
+		
+		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			$name = validate($_POST['name'], 'name');
+			$description = validate(str_replace("\r\n", "\n", $_POST['description']), 'description', '/^[^\0]*$/');
+			
+			$value_arr = array();
+			
+			$value_arr['diskspace'] = intval_ressource($_POST['diskspace']);
+			if (isset($_POST['diskspace_ul'])) {
+				$value_arr['diskspace'] = - 1;
+			}
+			
+			$value_arr['traffic'] = doubleval_ressource($_POST['traffic']);
+			if (isset($_POST['traffic_ul'])) {
+				$value_arr['traffic'] = - 1;
+			}
+			
+			$value_arr['subdomains'] = intval_ressource($_POST['subdomains']);
+			if (isset($_POST['subdomains_ul'])) {
+				$value_arr['subdomains'] = - 1;
+			}
+			
+			$value_arr['emails'] = intval_ressource($_POST['emails']);
+			if (isset($_POST['emails_ul'])) {
+				$value_arr['emails'] = - 1;
+			}
+			
+			$value_arr['email_accounts'] = intval_ressource($_POST['email_accounts']);
+			if (isset($_POST['email_accounts_ul'])) {
+				$value_arr['email_accounts'] = - 1;
+			}
+			
+			$value_arr['email_forwarders'] = intval_ressource($_POST['email_forwarders']);
+			if (isset($_POST['email_forwarders_ul'])) {
+				$value_arr['email_forwarders'] = - 1;
+			}
+			
+			if (Settings::Get('system.mail_quota_enabled') == '1') {
+				$value_arr['email_quota'] = validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong', array(
+					'0',
+					''
+				));
+				if (isset($_POST['email_quota_ul'])) {
+					$value_arr['email_quota'] = - 1;
+				}
+			} else {
+				$value_arr['email_quota'] = - 1;
+			}
+			
+			$value_arr['email_imap'] = 0;
+			if (isset($_POST['email_imap'])) {
+				$value_arr['email_imap'] = intval_ressource($_POST['email_imap']);
+			}
+			
+			$value_arr['email_pop3'] = 0;
+			if (isset($_POST['email_pop3'])) {
+				$value_arr['email_pop3'] = intval_ressource($_POST['email_pop3']);
+			}
+			
+			$value_arr['ftps'] = intval_ressource($_POST['ftps']);
+			if (isset($_POST['ftps_ul'])) {
+				$value_arr['ftps'] = - 1;
+			}
+			
+			$value_arr['tickets'] = (Settings::Get('ticket.enabled') == 1 ? intval_ressource($_POST['tickets']) : 0);
+			if (isset($_POST['tickets_ul']) && Settings::Get('ticket.enabled') == '1') {
+				$value_arr['tickets'] = - 1;
+			}
+			
+			$value_arr['mysqls'] = intval_ressource($_POST['mysqls']);
+			if (isset($_POST['mysqls_ul'])) {
+				$value_arr['mysqls'] = - 1;
+			}
+			
+			$value_arr['phpenabled'] = 0;
+			if (isset($_POST['phpenabled'])) {
+				$value_arr['phpenabled'] = intval($_POST['phpenabled']);
+			}
+			
+			$value_arr['allowed_phpconfigs'] = array();
+			if (isset($_POST['allowed_phpconfigs']) && is_array($_POST['allowed_phpconfigs'])) {
+				foreach ($_POST['allowed_phpconfigs'] as $allowed_phpconfig) {
+					$allowed_phpconfig = intval($allowed_phpconfig);
+					$value_arr['allowed_phpconfigs'][] = $allowed_phpconfig;
+				}
+			}
+			
+			$value_arr['perlenabled'] = 0;
+			if (isset($_POST['perlenabled'])) {
+				$value_arr['perlenabled'] = intval($_POST['perlenabled']);
+			}
+			
+			$value_arr['dnsenabled'] = 0;
+			if (isset($_POST['dnsenabled'])) {
+				$value_arr['dnsenabled'] = intval($_POST['dnsenabled']);
+			}
+			
+			$ins_stmt = Database::prepare("
+				INSERT INTO `" . TABLE_PANEL_PLANS . "`
+				SET `adminid` = :adminid, `name` = :name, `description` = :desc, `value` = :valuearr, `ts` = UNIX_TIMESTAMP();
+			");
+			$ins_data = array(
+				'adminid' => $userinfo['adminid'],
+				'name' => $name,
+				'desc' => $description,
+				'valuearr' => json_encode($value_arr)
+			);
+			Database::pexecute($ins_stmt, $ins_data);
+			
+			$log->logAction(ADM_ACTION, LOG_WARNING, "added plan '" . $name . "'");
+			redirectTo($filename, array(
+				'page' => $page,
+				's' => $s
+			));
+		} else {
+			
+			$diskspace_ul = makecheckbox('diskspace_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$traffic_ul = makecheckbox('traffic_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$subdomains_ul = makecheckbox('subdomains_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$emails_ul = makecheckbox('emails_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$email_accounts_ul = makecheckbox('email_accounts_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$email_forwarders_ul = makecheckbox('email_forwarders_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$email_quota_ul = makecheckbox('email_quota_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$ftps_ul = makecheckbox('ftps_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$tickets_ul = makecheckbox('tickets_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			$mysqls_ul = makecheckbox('mysqls_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true);
+			
+			$phpconfigs = array();
+			$configs = Database::query("
+					SELECT c.*, fc.description as interpreter
+					FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+					LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+				");
+			while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
+				if ((int) Settings::Get('phpfpm.enabled') == 1) {
+					$phpconfigs[] = array(
+						'label' => $row['description'] . " [" . $row['interpreter'] . "]<br />",
+						'value' => $row['id']
+					);
+				} else {
+					$phpconfigs[] = array(
+						'label' => $row['description'] . "<br />",
+						'value' => $row['id']
+					);
+				}
+			}
+			
+			// dummy to avoid unknown variables
+			$language_options = null;
+			$gender_options = null;
+			$hosting_plans = null;
+
+			$plans_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/plans/formfield.plans_add.php';
+			$cust_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/customer/formfield.customer_add.php';
+			// unset unneeded stuff
+			unset($cust_add_data['customer_add']['sections']['section_a']);
+			unset($cust_add_data['customer_add']['sections']['section_b']);
+			unset($cust_add_data['customer_add']['sections']['section_cpre']);
+			// merge
+			$plans_add_data['plans_add']['sections'] = array_merge($plans_add_data['plans_add']['sections'], $cust_add_data['customer_add']['sections']);
+			$plans_add_form = htmlform::genHTMLForm($plans_add_data);
+			
+			$title = $plans_add_data['plans_add']['title'];
+			$image = $plans_add_data['plans_add']['image'];
+			
+			eval("echo \"" . getTemplate("plans/plans_add") . "\";");
+		}
+	} elseif ($action == 'edit' && $id != 0) {
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_PLANS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $id
+		));
+		
+		if ($result['name'] != '') {
+			
+			$result['value'] = json_decode($result['value'], true);
+			$result = htmlentities_array($result);
+			
+			foreach ($result['value'] as $index => $value) {
+				$result[$index] = $value;
+			}
+			$result['allowed_phpconfigs'] = json_encode($result['allowed_phpconfigs']);
+			
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				
+				$name = validate($_POST['name'], 'name');
+				$description = validate(str_replace("\r\n", "\n", $_POST['description']), 'description', '/^[^\0]*$/');
+				
+				$value_arr = array();
+				
+				$value_arr['diskspace'] = intval_ressource($_POST['diskspace']);
+				if (isset($_POST['diskspace_ul'])) {
+					$value_arr['diskspace'] = - 1;
+				}
+				
+				$value_arr['traffic'] = doubleval_ressource($_POST['traffic']);
+				if (isset($_POST['traffic_ul'])) {
+					$value_arr['traffic'] = - 1;
+				}
+				
+				$value_arr['subdomains'] = intval_ressource($_POST['subdomains']);
+				if (isset($_POST['subdomains_ul'])) {
+					$value_arr['subdomains'] = - 1;
+				}
+				
+				$value_arr['emails'] = intval_ressource($_POST['emails']);
+				if (isset($_POST['emails_ul'])) {
+					$value_arr['emails'] = - 1;
+				}
+				
+				$value_arr['email_accounts'] = intval_ressource($_POST['email_accounts']);
+				if (isset($_POST['email_accounts_ul'])) {
+					$value_arr['email_accounts'] = - 1;
+				}
+				
+				$value_arr['email_forwarders'] = intval_ressource($_POST['email_forwarders']);
+				if (isset($_POST['email_forwarders_ul'])) {
+					$value_arr['email_forwarders'] = - 1;
+				}
+				
+				if (Settings::Get('system.mail_quota_enabled') == '1') {
+					$value_arr['email_quota'] = validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong', array(
+						'0',
+						''
+					));
+					if (isset($_POST['email_quota_ul'])) {
+						$value_arr['email_quota'] = - 1;
+					}
+				} else {
+					$value_arr['email_quota'] = - 1;
+				}
+				
+				$value_arr['email_imap'] = 0;
+				if (isset($_POST['email_imap'])) {
+					$value_arr['email_imap'] = intval_ressource($_POST['email_imap']);
+				}
+				
+				$value_arr['email_pop3'] = 0;
+				if (isset($_POST['email_pop3'])) {
+					$value_arr['email_pop3'] = intval_ressource($_POST['email_pop3']);
+				}
+				
+				$value_arr['ftps'] = intval_ressource($_POST['ftps']);
+				if (isset($_POST['ftps_ul'])) {
+					$value_arr['ftps'] = - 1;
+				}
+				
+				$value_arr['tickets'] = (Settings::Get('ticket.enabled') == 1 ? intval_ressource($_POST['tickets']) : 0);
+				if (isset($_POST['tickets_ul']) && Settings::Get('ticket.enabled') == '1') {
+					$value_arr['tickets'] = - 1;
+				}
+				
+				$value_arr['mysqls'] = intval_ressource($_POST['mysqls']);
+				if (isset($_POST['mysqls_ul'])) {
+					$value_arr['mysqls'] = - 1;
+				}
+				
+				$value_arr['phpenabled'] = 0;
+				if (isset($_POST['phpenabled'])) {
+					$value_arr['phpenabled'] = intval($_POST['phpenabled']);
+				}
+				
+				$value_arr['allowed_phpconfigs'] = array();
+				if (isset($_POST['allowed_phpconfigs']) && is_array($_POST['allowed_phpconfigs'])) {
+					foreach ($_POST['allowed_phpconfigs'] as $allowed_phpconfig) {
+						$allowed_phpconfig = intval($allowed_phpconfig);
+						$value_arr['allowed_phpconfigs'][] = $allowed_phpconfig;
+					}
+				}
+				
+				$value_arr['perlenabled'] = 0;
+				if (isset($_POST['perlenabled'])) {
+					$value_arr['perlenabled'] = intval($_POST['perlenabled']);
+				}
+				
+				$value_arr['dnsenabled'] = 0;
+				if (isset($_POST['dnsenabled'])) {
+					$value_arr['dnsenabled'] = intval($_POST['dnsenabled']);
+				}
+				
+				$ins_stmt = Database::prepare("
+					UPDATE `" . TABLE_PANEL_PLANS . "`
+					SET `name` = :name, `description` = :desc, `value` = :valuearr, `ts` = UNIX_TIMESTAMP()
+					WHERE `id` = :id
+				");
+				$ins_data = array(
+					'name' => $name,
+					'desc' => $description,
+					'valuearr' => json_encode($value_arr),
+					'id' => $id
+				);
+				Database::pexecute($ins_stmt, $ins_data);
+				
+				$log->logAction(ADM_ACTION, LOG_WARNING, "updated plan '" . $name . "'");
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
+			} else {
+
+				$diskspace_ul = makecheckbox('diskspace_ul', $lng['customer']['unlimited'], '-1', false, $result['diskspace'], true, true);
+				if ($result['diskspace'] == '-1') {
+					$result['diskspace'] = '';
+				}
+
+				$traffic_ul = makecheckbox('traffic_ul', $lng['customer']['unlimited'], '-1', false, $result['traffic'], true, true);
+				if ($result['traffic'] == '-1') {
+					$result['traffic'] = '';
+				}
+
+				$subdomains_ul = makecheckbox('subdomains_ul', $lng['customer']['unlimited'], '-1', false, $result['subdomains'], true, true);
+				if ($result['subdomains'] == '-1') {
+					$result['subdomains'] = '';
+				}
+				
+				$emails_ul = makecheckbox('emails_ul', $lng['customer']['unlimited'], '-1', false, $result['emails'], true, true);
+				if ($result['emails'] == '-1') {
+					$result['emails'] = '';
+				}
+				
+				$email_accounts_ul = makecheckbox('email_accounts_ul', $lng['customer']['unlimited'], '-1', false, $result['email_accounts'], true, true);
+				if ($result['email_accounts'] == '-1') {
+					$result['email_accounts'] = '';
+				}
+				
+				$email_forwarders_ul = makecheckbox('email_forwarders_ul', $lng['customer']['unlimited'], '-1', false, $result['email_forwarders'], true, true);
+				if ($result['email_forwarders'] == '-1') {
+					$result['email_forwarders'] = '';
+				}
+				
+				$email_quota_ul = makecheckbox('email_quota_ul', $lng['customer']['unlimited'], '-1', false, $result['email_quota'], true, true);
+				if ($result['email_quota'] == '-1') {
+					$result['email_quota'] = '';
+				}
+				
+				$ftps_ul = makecheckbox('ftps_ul', $lng['customer']['unlimited'], '-1', false, $result['ftps'], true, true);
+				if ($result['ftps'] == '-1') {
+					$result['ftps'] = '';
+				}
+				
+				$tickets_ul = makecheckbox('tickets_ul', $lng['customer']['unlimited'], '-1', false, $result['tickets'], true, true);
+				if ($result['tickets'] == '-1') {
+					$result['tickets'] = '';
+				}
+				
+				$mysqls_ul = makecheckbox('mysqls_ul', $lng['customer']['unlimited'], '-1', false, $result['mysqls'], true, true);
+				if ($result['mysqls'] == '-1') {
+					$result['mysqls'] = '';
+				}
+				
+				$phpconfigs = array();
+				$configs = Database::query("
+					SELECT c.*, fc.description as interpreter
+					FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+					LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+				");
+				while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
+					if ((int) Settings::Get('phpfpm.enabled') == 1) {
+						$phpconfigs[] = array(
+							'label' => $row['description'] . " [" . $row['interpreter'] . "]<br />",
+							'value' => $row['id']
+						);
+					} else {
+						$phpconfigs[] = array(
+							'label' => $row['description'] . "<br />",
+							'value' => $row['id']
+						);
+					}
+				}
+
+				$result['imap'] = $result['email_imap'];
+				$result['pop3'] = $result['email_pop3'];
+
+				// dummy to avoid unknown variables
+				$result['loginname'] = null;
+				$result['documentroot'] = null;
+				$result['standardsubdomain'] = null;
+				$result['deactivated'] = null;
+				$language_options = null;
+				$result['firstname'] = null;
+				$gender_options = null;
+				$result['company'] = null;
+				$result['street'] = null;
+				$result['zipcode'] = null;
+				$result['city'] = null;
+				$result['phone'] = null;
+				$result['fax'] = null;
+				$result['email'] = null;
+				$result['customernumber'] = null;
+				$result['custom_notes'] = null;
+				$result['custom_notes_show'] = null;
+				$hosting_plans = null;
+				$admin_select_cnt = null;
+				$admin_select = null;
+
+				$plans_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/plans/formfield.plans_edit.php';
+				$cust_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/customer/formfield.customer_edit.php';
+				// unset unneeded stuff
+				unset($cust_edit_data['customer_edit']['sections']['section_a']);
+				unset($cust_edit_data['customer_edit']['sections']['section_b']);
+				unset($cust_edit_data['customer_edit']['sections']['section_cpre']);
+				// merge
+				$plans_edit_data['plans_edit']['sections'] = array_merge($plans_edit_data['plans_edit']['sections'], $cust_edit_data['customer_edit']['sections']);
+				$plans_edit_form = htmlform::genHTMLForm($plans_edit_data);
+				
+				$title = $plans_edit_data['plans_edit']['title'];
+				$image = $plans_edit_data['plans_edit']['image'];
+				
+				eval("echo \"" . getTemplate("plans/plans_edit") . "\";");
+			}
+		}
+	} elseif ($action == 'jqGetPlanValues') {
+		$planid = isset($_POST['planid']) ? (int)$_POST['planid'] : 0;
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_PLANS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $planid
+		));
+		echo $result['value'];
+		exit;
+	}
+}
--- a/admin_settings.php
+++ b/admin_settings.php
@@ -290,3 +290,113 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 	}
 	eval("echo \"" . getTemplate("settings/integritycheck") . "\";");
 }
+elseif ($page == 'importexport' && $userinfo['change_serversettings'] == '1')
+{
+	// check for json-stuff
+	if (! extension_loaded('json')) {
+		standard_error('jsonextensionnotfound');
+	}
+
+	if (isset($_GET['action']) && $_GET['action'] == "export") {
+		// export
+		try {
+			$json_export = SImExporter::export();
+		} catch(Exception $e) {
+			dynamic_error($e->getMessage());
+		}
+		header('Content-disposition: attachment; filename=Froxlor_settings-'.$version.'-'.$dbversion.'_'.date('d.m.Y').'.json');
+		header('Content-type: application/json');
+		echo $json_export;
+		exit;
+	} elseif (isset($_GET['action']) && $_GET['action'] == "import") {
+		// import
+		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			// get uploaded file
+			if (isset($_FILES["import_file"]["tmp_name"])) {
+				$imp_content = file_get_contents($_FILES["import_file"]["tmp_name"]);
+				try {
+					SImExporter::import($imp_content);
+				} catch(Exception $e) {
+					dynamic_error($e->getMessage());
+				}
+				inserttask('1');
+				inserttask('10');
+				// Using nameserver, insert a task which rebuilds the server config
+				inserttask('4');
+				// cron.d file
+				inserttask('99');
+				standard_success('settingsimported', '', array('filename' => 'admin_settings.php'));
+			}
+			dynamic_error("Upload failed");
+		}
+	} else {
+		eval("echo \"" . getTemplate("settings/importexport/index") . "\";");
+	}
+}
+elseif ($page == 'testmail')
+{
+		if (isset($_POST['send']) && $_POST['send'] == 'send')
+		{
+			$test_addr = isset($_POST['test_addr']) ? $_POST['test_addr'] : null;
+
+			/**
+			 * Initialize the mailingsystem
+			 */
+			$testmail = new PHPMailer(true);
+			$testmail->CharSet = "UTF-8";
+
+			if (Settings::Get('system.mail_use_smtp')) {
+				$testmail->isSMTP();
+				$testmail->Host = Settings::Get('system.mail_smtp_host');
+				$testmail->SMTPAuth = Settings::Get('system.mail_smtp_auth') == '1' ? true : false;
+				$testmail->Username = Settings::Get('system.mail_smtp_user');
+				$testmail->Password = Settings::Get('system.mail_smtp_passwd');
+				if (Settings::Get('system.mail_smtp_usetls')) {
+					$testmail->SMTPSecure = 'tls';
+				} else {
+					$testmail->SMTPAutoTLS = false;
+				}
+				$testmail->Port = Settings::Get('system.mail_smtp_port');
+			}
+
+			$_mailerror = false;
+			if (PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')) !== false) {
+				// set return-to address and custom sender-name, see #76
+				$testmail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
+				if (Settings::Get('panel.adminmail_return') != '') {
+					$testmail->AddReplyTo(Settings::Get('panel.adminmail_return'), Settings::Get('panel.adminmail_defname'));
+				}
+
+				try {
+					$testmail->Subject = "Froxlor Test-Mail";
+					$mail_body = "Yay, this worked :)";
+					$testmail->AltBody = $mail_body;
+					$testmail->MsgHTML(str_replace("\n", "<br />", $mail_body));
+					$testmail->AddAddress($test_addr);
+					$testmail->Send();
+				} catch(phpmailerException $e) {
+					$mailerr_msg = $e->errorMessage();
+					$_mailerror = true;
+				} catch (Exception $e) {
+					$mailerr_msg = $e->getMessage();
+					$_mailerror = true;
+				}
+
+				if (!$_mailerror) {
+					// success
+					$mail->ClearAddresses();
+					standard_success('testmailsent', '', array('filename' => 'admin_settings.php', 'page' => 'testmail'));
+				}
+			} else {
+				// invalid sender e-mail
+				$mailerr_msg = "Invalid sender e-mail address: ".Settings::Get('panel.adminmail');
+				$_mailerror = true;
+			}
+		}
+
+		$mail_smtp_user = Settings::Get('system.mail_smtp_user');
+		$mail_smtp_host = Settings::Get('system.mail_smtp_host');
+		$mail_smtp_port = Settings::Get('system.mail_smtp_port');
+
+		eval("echo \"" . getTemplate("settings/testmail") . "\";");
+}
--- a/admin_templates.php
+++ b/admin_templates.php
@@ -99,7 +99,7 @@ if ($action == '') {
 	}

 	$add = false;
-	while (list($language_file, $language_name) = each($languages)) {
+	foreach ($languages as $language_file => $language_name) {

 		$templates_done = array();
 		$result_stmt = Database::prepare("
@@ -328,7 +328,7 @@ if ($action == '') {
 		$language_options = '';
 		$template_options = '';

-		while (list($language_file, $language_name) = each($languages)) {
+		foreach ($languages as $language_file => $language_name) {
 			$templates = array();
 			$result_stmt = Database::prepare("
 				SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
--- a/customer_domains.php
+++ b/customer_domains.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','domains')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -36,7 +41,7 @@ if ($page == 'overview') {
 			'd.domain' => $lng['domains']['domainname']
 		);
 		$paging = new paging($userinfo, TABLE_PANEL_DOMAINS, $fields);
-		$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `d`.`letsencrypt`, `d`.`termination_date`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d`
+		$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isbinddomain`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `d`.`letsencrypt`, `d`.`termination_date`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `da` ON `da`.`aliasdomain`=`d`.`id`
 			WHERE `d`.`customerid`= :customerid
@@ -255,12 +260,12 @@ if ($page == 'overview') {
 		if ($userinfo['subdomains_used'] < $userinfo['subdomains'] || $userinfo['subdomains'] == '-1') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {

-				if (strpos($_POST['subdomain'], '--') !== false) {
+				if (substr($_POST['subdomain'], 0, 4) == 'xn--') {
 					standard_error('domain_nopunycode');
 				}

 				$subdomain = $idna_convert->encode(preg_replace(array('/\:(\d)+$/', '/^https?\:\/\//'), '', validate($_POST['subdomain'], 'subdomain', '', 'subdomainiswrong')));
-				$domain = $idna_convert->encode($_POST['domain']);
+				$domain = $_POST['domain'];
 				$domain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `domain` = :domain
 					AND `customerid` = :customerid
@@ -272,6 +277,13 @@ if ($page == 'overview') {

 				$completedomain = $subdomain . '.' . $domain;

+				if (Settings::Get('system.validate_domain') && ! validateDomain($completedomain)) {
+					standard_error(array(
+						'stringiswrong',
+						'mydomain'
+					));
+				}
+
 				if ($completedomain == Settings::Get('system.hostname')) {
 					standard_error('admin_domain_emailsystemhostname');
 				}
@@ -307,14 +319,17 @@ if ($page == 'overview') {
 					triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
 				}

-				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
+				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($_POST['url'])) {
 					$path = $_POST['url'];
 					$_doredirect = true;
 				} else {
 					$path = validate($_POST['path'], 'path');
 				}

-				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) {
+				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
+					if (strstr($path, ":") !== FALSE) {
+						standard_error('pathmaynotcontaincolon');
+					}
 					// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 					// set default path to subdomain or domain name
 					if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -322,9 +337,6 @@ if ($page == 'overview') {
 					} else {
 						$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
 					}
-					if (strstr($path, ":") !== FALSE) {
-						standard_error('pathmaynotcontaincolon');
-					}
 				} else {
 					$_doredirect = true;
 				}
@@ -362,6 +374,11 @@ if ($page == 'overview') {
 					$ssl_redirect = 2;
 				}

+				// HSTS
+				$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+				$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+				$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 				if ($path == '') {
 					standard_error('patherror');
 				} elseif ($subdomain == '') {
@@ -388,6 +405,10 @@ if ($page == 'overview') {
 						// assign default config
 						$phpsid_result['phpsettingid'] = 1;
 					}
+					// check whether the customer has chosen its own php-config
+					if (isset($_POST['phpsettingid']) && intval($_POST['phpsettingid']) != $phpsid_result['phpsettingid']) {
+						$phpsid_result['phpsettingid'] = intval($_POST['phpsettingid']);
+					}

 					$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
 						`customerid` = :customerid,
@@ -398,13 +419,17 @@ if ($page == 'overview') {
 						`wwwserveralias` = :wwwserveralias,
 						`isemaildomain` = :isemaildomain,
 						`iswildcarddomain` = :iswildcarddomain,
+						`phpenabled` = :phpenabled,
 						`openbasedir` = :openbasedir,
 						`openbasedir_path` = :openbasedir_path,
 						`speciallogfile` = :speciallogfile,
 						`specialsettings` = :specialsettings,
 						`ssl_redirect` = :ssl_redirect,
 						`phpsettingid` = :phpsettingid,
-						`letsencrypt` = :letsencrypt"
+						`letsencrypt` = :letsencrypt,
+						`hsts` = :hsts,
+						`hsts_sub` = :hsts_sub,
+						`hsts_preload` = :hsts_preload"
 					);
 					$params = array(
 						"customerid" => $userinfo['customerid'],
@@ -417,11 +442,15 @@ if ($page == 'overview') {
 						"isemaildomain" => $domain_check['subcanemaildomain'] == '3' ? '1' : '0',
 						"openbasedir" => $domain_check['openbasedir'],
 						"openbasedir_path" => $openbasedir_path,
+						"phpenabled" => $domain_check['phpenabled'],
 						"speciallogfile" => $domain_check['speciallogfile'],
 						"specialsettings" => $domain_check['specialsettings'],
 						"ssl_redirect" => $ssl_redirect,
 						"phpsettingid" => $phpsid_result['phpsettingid'],
-						"letsencrypt" => $letsencrypt
+						"letsencrypt" => $letsencrypt,
+						"hsts" => $hsts_maxage,
+						"hsts_sub" => $hsts_sub,
+						"hsts_preload" => $hsts_preload
 					);
 					Database::pexecute($stmt, $params);

@@ -494,7 +523,12 @@ if ($page == 'overview') {

 				// check if we at least have one ssl-ip/port, #1179
 				$ssl_ipsandports = '';
-				$ssl_ip_stmt = Database::prepare("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'");
+				$ssl_ip_stmt = Database::prepare("
+					SELECT COUNT(*) as countSSL
+					FROM `".TABLE_PANEL_IPSANDPORTS."` pip
+					LEFT JOIN `".TABLE_DOMAINTOIP."` dti ON dti.id_ipandports = pip.id
+					WHERE pip.`ssl`='1'
+				");
 				Database::pexecute($ssl_ip_stmt);
 				$resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC);
 				if (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) {
@@ -504,6 +538,27 @@ if ($page == 'overview') {
 				$openbasedir = makeoption($lng['domain']['docroot'], 0, NULL, true) . makeoption($lng['domain']['homedir'], 1, NULL, true);
 				$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);

+				$phpconfigs = '';
+				$has_phpconfigs = false;
+				if (isset($userinfo['allowed_phpconfigs']) && !empty($userinfo['allowed_phpconfigs']))
+				{
+					$has_phpconfigs = true;
+					$allowed_cfg = json_decode($userinfo['allowed_phpconfigs'], JSON_OBJECT_AS_ARRAY);
+					$phpconfigs_result_stmt = Database::query("
+						SELECT c.*, fc.description as interpreter
+						FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+						LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+						WHERE c.id IN (".implode(", ", $allowed_cfg).")
+					");
+					while ($phpconfigs_row = $phpconfigs_result_stmt->fetch(PDO::FETCH_ASSOC)) {
+						if ((int) Settings::Get('phpfpm.enabled') == 1) {
+							$phpconfigs .= makeoption($phpconfigs_row['description'] . " [".$phpconfigs_row['interpreter']."]", $phpconfigs_row['id'], Settings::Get('phpfpm.defaultini'), true, true);
+						} else {
+							$phpconfigs .= makeoption($phpconfigs_row['description'], $phpconfigs_row['id'], Settings::Get('system.mod_fcgid_defaultini'), true, true);
+						}
+					}
+				}
+
 				$subdomain_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/domains/formfield.domains_add.php';
 				$subdomain_add_form = htmlform::genHTMLForm($subdomain_add_data);

@@ -515,8 +570,7 @@ if ($page == 'overview') {
 		}
 	} elseif ($action == 'edit' && $id != 0) {

-		$stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`isbinddomain`, `d`.`wwwserveralias`, `d`.`iswildcarddomain`,
-			`d`.`parentdomainid`, `d`.`ssl_redirect`, `d`.`aliasdomain`, `d`.`openbasedir`, `d`.`openbasedir_path`, `d`.`letsencrypt`, `pd`.`subcanemaildomain`
+		$stmt = Database::prepare("SELECT `d`.*, `pd`.`subcanemaildomain`
 			FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_DOMAINS . "` `pd`
 			WHERE `d`.`customerid` = :customerid
 			AND `d`.`id` = :id
@@ -534,14 +588,17 @@ if ($page == 'overview') {

 		if (isset($result['customerid']) && $result['customerid'] == $userinfo['customerid']) {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
-				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
+				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($_POST['url'])) {
 					$path = $_POST['url'];
 					$_doredirect = true;
 				} else {
 					$path = validate($_POST['path'], 'path');
 				}

-				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) {
+				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
+					if (strstr($path, ":") !== FALSE) {
+						standard_error('pathmaynotcontaincolon');
+					}
 					// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 					// set default path to subdomain or domain name
 					if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -549,14 +606,11 @@ if ($page == 'overview') {
 					} else {
 						$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
 					}
-					if (strstr($path, ":") !== FALSE) {
-						standard_error('pathmaynotcontaincolon');
-					}
 				} else {
 					$_doredirect = true;
 				}

-				$aliasdomain = intval($_POST['alias']);
+				$aliasdomain = isset($_POST['alias']) ? intval($_POST['alias']) : 0;

 				if (isset($_POST['selectserveralias'])) {
 					$iswildcarddomain = ($_POST['selectserveralias'] == '0') ? '1' : '0';
@@ -595,6 +649,13 @@ if ($page == 'overview') {
 					$openbasedir_path = '0';
 				}

+				// check whether the customer has chosen its own php-config
+				if (isset($_POST['phpsettingid'])) {
+					$phpsettingid = intval($_POST['phpsettingid']);
+				} else {
+					$phpsettingid = $result['phpsettingid'];
+				}
+
 				if (isset($_POST['ssl_redirect']) && $_POST['ssl_redirect'] == '1') {
 					// a ssl-redirect only works if there actually is a
 					// ssl ip/port assigned to the domain
@@ -620,9 +681,14 @@ if ($page == 'overview') {
 					$letsencrypt = '0';
 				}

-				// We can't enable let's encrypt for wildcard - domains
-				if ($iswildcarddomain == '1' && $letsencrypt == '1') {
-				    standard_error('nowildcardwithletsencrypt');
+				// We can't enable let's encrypt for wildcard - domains when using acme-v1
+				if ($iswildcarddomain == '1' && $letsencrypt == '1' && Settings::Get('system.leapiversion') == '1') {
+					standard_error('nowildcardwithletsencrypt');
+				}
+				// if using acme-v2 we cannot issue wildcard-certificates
+				// because they currently only support the dns-01 challenge
+				if ($iswildcarddomain == '0' && $letsencrypt == '1' && Settings::Get('system.leapiversion') == '2') {
+					standard_error('nowildcardwithletsencryptv2');
 				}

 				// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
@@ -630,6 +696,11 @@ if ($page == 'overview') {
 					$ssl_redirect = 2;
 				}

+				// HSTS
+				$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+				$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+				$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 				if ($path == '') {
 					standard_error('patherror');
 				} else {
@@ -654,7 +725,12 @@ if ($page == 'overview') {
 						|| $aliasdomain != $result['aliasdomain']
 						|| $openbasedir_path != $result['openbasedir_path']
 						|| $ssl_redirect != $result['ssl_redirect']
-						|| $letsencrypt != $result['letsencrypt']) {
+						|| $letsencrypt != $result['letsencrypt']
+						|| $hsts_maxage != $result['hsts']
+						|| $hsts_sub != $result['hsts_sub']
+						|| $hsts_preload != $result['hsts_preload']
+						|| $phpsettingid != $result['phpsettingid']
+					) {
 						$log->logAction(USR_ACTION, LOG_INFO, "edited domain '" . $idna_convert->decode($result['domain']) . "'");

 						$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
@@ -665,7 +741,11 @@ if ($page == 'overview') {
 							`aliasdomain`= :aliasdomain,
 							`openbasedir_path`= :openbasedir_path,
 							`ssl_redirect`= :ssl_redirect,
-							`letsencrypt`= :letsencrypt
+							`letsencrypt`= :letsencrypt,
+							`hsts` = :hsts,
+							`hsts_sub` = :hsts_sub,
+							`hsts_preload` = :hsts_preload,
+							`phpsettingid` = :phpsettingid
 							WHERE `customerid`= :customerid
 							AND `id`= :id"
 						);
@@ -678,6 +758,10 @@ if ($page == 'overview') {
 							"openbasedir_path" => $openbasedir_path,
 							"ssl_redirect" => $ssl_redirect,
 							"letsencrypt" => $letsencrypt,
+							"hsts" => $hsts_maxage,
+							"hsts_sub" => $hsts_sub,
+							"hsts_preload" => $hsts_preload,
+							"phpsettingid" => $phpsettingid,
 							"customerid" => $userinfo['customerid'],
 							"id" => $id
 						);
@@ -687,11 +771,28 @@ if ($page == 'overview') {
 							// trigger when domain id for alias destination has changed: both for old and new destination
 							triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
 							triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
-						} else
-							if ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
-								// or when wwwserveralias or letsencrypt was changed
-								triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
+						} elseif ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
+							// or when wwwserveralias or letsencrypt was changed
+
+							triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
+
+							if ($aliasdomain === 0) {
+								// in case the wwwserveralias is set on a main domain, $aliasdomain is 0
+								// --> the call just above to triggerLetsEncryptCSRForAliasDestinationDomain
+								//     is a noop...let's repeat it with the domain id of the main domain
+								triggerLetsEncryptCSRForAliasDestinationDomain($id, $log);
 							}
+						}
+
+						// check whether LE has been disabled, so we remove the certificate
+						if ($letsencrypt == '0' && $result['letsencrypt'] == '1')  {
+							$del_stmt = Database::prepare("
+								DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = :id
+							");
+							Database::pexecute($del_stmt, array(
+								'id' => $id
+							));
+						}

 						inserttask('1');

@@ -718,7 +819,7 @@ if ($page == 'overview') {
 					AND `dip`.`id_ipandports`
 					IN (SELECT `id_ipandports` FROM `".TABLE_DOMAINTOIP."`
 						WHERE `id_domain` = :id)
-					GROUP BY `d`.`domain`
+					GROUP BY `d`.`id`, `d`.`domain`
 					ORDER BY `d`.`domain` ASC"
 				);
 				Database::pexecute($domains_stmt, array("id" => $result['id'], "customerid" => $userinfo['customerid']));
@@ -727,7 +828,7 @@ if ($page == 'overview') {
 					$domains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id'], $result['aliasdomain']);
 				}

-				if (preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($idna_convert->encode($result['documentroot']))) {
+				if (preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($result['documentroot'])) {
 					if (Settings::Get('panel.pathedit') == 'Dropdown') {
 						$urlvalue = $result['documentroot'];
 						$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
@@ -751,8 +852,13 @@ if ($page == 'overview') {

 				// check if we at least have one ssl-ip/port, #1179
 				$ssl_ipsandports = '';
-				$ssl_ip_stmt = Database::prepare("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'");
-				Database::pexecute($ssl_ip_stmt);
+				$ssl_ip_stmt = Database::prepare("
+					SELECT COUNT(*) as countSSL
+					FROM `".TABLE_PANEL_IPSANDPORTS."` pip
+					LEFT JOIN `".TABLE_DOMAINTOIP."` dti ON dti.id_ipandports = pip.id
+					WHERE `dti`.`id_domain` = :id_domain AND pip.`ssl`='1'
+				");
+				Database::pexecute($ssl_ip_stmt, array("id_domain" => $result['id']));
 				$resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC);
 				if (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) {
 					$ssl_ipsandports = 'notempty';
@@ -788,6 +894,27 @@ if ($page == 'overview') {
 					$result_ipandport['ip'] .= $rowip['ip'] . "<br />";
 				}

+				$phpconfigs = '';
+				$has_phpconfigs = false;
+				if (isset($userinfo['allowed_phpconfigs']) && !empty($userinfo['allowed_phpconfigs']))
+				{
+					$has_phpconfigs = true;
+					$allowed_cfg = json_decode($userinfo['allowed_phpconfigs'], JSON_OBJECT_AS_ARRAY);
+					$phpconfigs_result_stmt = Database::query("
+						SELECT c.*, fc.description as interpreter
+						FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+						LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+						WHERE c.id IN (".implode(", ", $allowed_cfg).")
+					");
+					while ($phpconfigs_row = $phpconfigs_result_stmt->fetch(PDO::FETCH_ASSOC)) {
+						if ((int) Settings::Get('phpfpm.enabled') == 1) {
+							$phpconfigs .= makeoption($phpconfigs_row['description'] . " [".$phpconfigs_row['interpreter']."]", $phpconfigs_row['id'], $result['phpsettingid'], true, true);
+						} else {
+							$phpconfigs .= makeoption($phpconfigs_row['description'], $phpconfigs_row['id'], $result['phpsettingid'], true, true);
+						}
+					}
+				}
+
 				$domainip = $result_ipandport['ip'];
 				$result = htmlentities_array($result);

@@ -923,4 +1050,9 @@ if ($page == 'overview') {
 } elseif ($page == 'domaindnseditor' && $userinfo['dnsenabled'] == '1' && Settings::Get('system.dnsenabled') == '1') {

 	require_once __DIR__.'/dns_editor.php';
+
+} elseif ($page == 'sslcertificates') {
+
+	require_once __DIR__.'/ssl_certificates.php';
+
 }
--- a/customer_email.php
+++ b/customer_email.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','email')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -91,7 +96,8 @@ if ($page == 'overview') {
 					$row['destination'] = explode(' ', $row['destination']);
 					uasort($row['destination'], 'strcasecmp');

-					while (list($dest_id, $destination) = each($row['destination'])) {
+					$dest_list = $row['destination'];
+					foreach ($dest_list as $dest_id => $destination) {
 						$row['destination'][$dest_id] = $idna_convert->decode($row['destination'][$dest_id]);

 						if ($row['destination'][$dest_id] == $row['email_full']) {
@@ -159,7 +165,7 @@ if ($page == 'overview') {
 						Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $result['popaccountid']));
 						$update_users_query_addon .= " , `email_accounts_used` = `email_accounts_used` - 1 ";
 						$number_forwarders-= 1;
-						$log->logAction(USR_ACTION, LOG_NOTICE, "deleted forwarder for email address '" . $result['email'] . "'");
+						$log->logAction(USR_ACTION, LOG_INFO, "deleted forwarder for email address '" . $result['email'] . "'");
 					}
 				} else {
 					$number_forwarders = 0;
@@ -200,7 +206,8 @@ if ($page == 'overview') {
 		if ($userinfo['emails_used'] < $userinfo['emails'] || $userinfo['emails'] == '-1') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$email_part = $_POST['email_part'];
-				$domain = $idna_convert->encode(validate($_POST['domain'], 'domain'));
+				// domain does not need idna encoding as the value of the select-box is already Punycode
+				$domain = validate($_POST['domain'], 'domain');
 				$stmt = Database::prepare("SELECT `id`, `domain`, `customerid` FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `domain`= :domain
 					AND `customerid`= :customerid
@@ -317,7 +324,7 @@ if ($page == 'overview') {
 			$forwarders = '';
 			$forwarders_count = 0;

-			while (list($dest_id, $destination) = each($result['destination'])) {
+			foreach ($result['destination'] as $dest_id => $destination) {
 				$destination = $idna_convert->decode($destination);

 				if ($destination != $result['email_full'] && $destination != '') {
@@ -646,7 +653,7 @@ if ($page == 'overview') {

 				$password = validatePassword($password);

-				$log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'");
+				$log->logAction(USR_ACTION, LOG_INFO, "changed email password for '" . $result['email_full'] . "'");
 				$cryptPassword = makeCryptPassword($password);
 				$stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "`
 					SET " . (Settings::Get('system.mailpwcleartext') == '1' ? "`password` = :password, " : '') . "
@@ -693,7 +700,7 @@ if ($page == 'overview') {
 				if ($userinfo['email_quota'] != '-1' && ($quota == 0 || ($quota + $userinfo['email_quota_used'] - $result['quota']) > $userinfo['email_quota'])) {
 					standard_error('allocatetoomuchquota', $quota);
 				} else {
-					$log->logAction(USR_ACTION, LOG_NOTICE, "updated quota for email address '" . $result['email'] . "' to " . $quota . " MB");
+					$log->logAction(USR_ACTION, LOG_INFO, "updated quota for email address '" . $result['email'] . "' to " . $quota . " MB");
 					$stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "`
 						SET `quota` = :quota
 						WHERE `id` = :id
@@ -828,7 +835,7 @@ if ($page == 'overview') {
 						);
 						Database::pexecute($stmt, array("cid" => $userinfo['customerid']));

-						$log->logAction(USR_ACTION, LOG_NOTICE, "added email forwarder for '" . $result['email_full'] . "'");
+						$log->logAction(USR_ACTION, LOG_INFO, "added email forwarder for '" . $result['email_full'] . "'");
 						redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
 					}
 				} else {
@@ -889,7 +896,7 @@ if ($page == 'overview') {
 					);
 					Database::pexecute($stmt, array("cid" => $userinfo['customerid']));

-					$log->logAction(USR_ACTION, LOG_NOTICE, "deleted email forwarder for '" . $result['email_full'] . "'");
+					$log->logAction(USR_ACTION, LOG_INFO, "deleted email forwarder for '" . $result['email_full'] . "'");
 					redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
 				} else {
 					ask_yesno('email_reallydelete_forwarder', $filename, array('id' => $id, 'forwarderid' => $forwarderid, 'page' => $page, 'action' => $action), $idna_convert->decode($result['email_full']) . ' -> ' . $idna_convert->decode($forwarder));
--- a/customer_extras.php
+++ b/customer_extras.php
@@ -19,6 +19,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','extras')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -29,6 +34,12 @@ if ($page == 'overview') {
 	$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras");
 	eval("echo \"" . getTemplate("extras/extras") . "\";");
 } elseif ($page == 'htpasswds') {
+
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.directoryprotection')) {
+		redirectTo('customer_index.php');
+	}
+
 	if ($action == '') {
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htpasswds");
 		$fields = array(
@@ -262,6 +273,12 @@ if ($page == 'overview') {
 		}
 	}
 } elseif ($page == 'htaccess') {
+
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.pathoptions')) {
+		redirectTo('customer_index.php');
+	}
+
 	if ($action == '') {
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htaccess");
 		$fields = array(
@@ -520,6 +537,11 @@ if ($page == 'overview') {
 	}
 } elseif ($page == 'backup') {

+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.backup')) {
+		redirectTo('customer_index.php');
+	}
+
 	if (Settings::Get('system.backupenabled') == 1)
 	{
 		if ($action == 'abort' && isset($_POST['send']) && $_POST['send'] == 'send') {
@@ -541,7 +563,7 @@ if ($page == 'overview') {
 			$existing_backupJob = null;
 			while ($entry = $sel_stmt->fetch())
 			{
-				$data = unserialize($entry['data']);
+				$data = json_decode($entry['data'], true);
 				if ($data['customerid'] == $userinfo['customerid']) {
 					$existing_backupJob = $entry;
 					break;
@@ -557,6 +579,11 @@ if ($page == 'overview') {
 				$path = makeCorrectDir(validate($_POST['path'], 'path'));
 				$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);

+				// path cannot be the customers docroot
+				if ($path == makeCorrectDir($userinfo['documentroot'])) {
+					standar_error('backupfoldercannotbedocroot');
+				}
+
 				$backup_dbs = isset($_POST['backup_dbs']) ? intval($_POST['backup_dbs']) : 0;
 				$backup_mail = isset($_POST['backup_mail']) ? intval($_POST['backup_mail']) : 0;
 				$backup_web = isset($_POST['backup_web']) ? intval($_POST['backup_web']) : 0;
@@ -591,7 +618,7 @@ if ($page == 'overview') {

 				if (!empty($existing_backupJob)) {
 					$action = "abort";
-					$row = unserialize($entry['data']);
+					$row = json_decode($entry['data'], true);
 					$row['path'] = makeCorrectDir(str_replace($userinfo['documentroot'], "/", $row['destdir']));
 					$row['backup_web'] = ($row['backup_web'] == '1') ? $lng['panel']['yes'] : $lng['panel']['no'];
 					$row['backup_mail'] = ($row['backup_mail'] == '1') ? $lng['panel']['yes'] : $lng['panel']['no'];
--- a/customer_ftp.php
+++ b/customer_ftp.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','ftp')) {
+	redirectTo('customer_index.php');
+}
+
 $id = 0;
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
@@ -40,7 +45,7 @@ if ($page == 'overview') {
 		);
 		$paging = new paging($userinfo, TABLE_FTP_USERS, $fields);

-		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir` FROM `" . TABLE_FTP_USERS . "`
+		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `shell` FROM `" . TABLE_FTP_USERS . "`
 			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
 		);
 		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
@@ -129,6 +134,12 @@ if ($page == 'overview') {
 				// refs #293
 				if (isset($_POST['delete_userfiles']) && (int)$_POST['delete_userfiles'] == 1) {
 					inserttask('8', $userinfo['loginname'], $result['homedir']);
+				} else {
+					if (Settings::Get('system.nssextrausers') == 1)
+					{
+						// this is used so that the libnss-extrausers cron is fired
+						inserttask(5);
+					}
 				}

 				$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
@@ -153,6 +164,10 @@ if ($page == 'overview') {
 				$path = validate($_POST['path'], 'path');
 				$password = validate($_POST['ftp_password'], 'password');
 				$password = validatePassword($password);
+				$shell = "/bin/false";
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shell = isset($_POST['shell']) ? validate($_POST['shell'], 'shell') : '/bin/false';
+				}

 				$sendinfomail = isset($_POST['sendinfomail']) ? 1 : 0;
 				if ($sendinfomail != 1) {
@@ -200,8 +215,8 @@ if ($page == 'overview') {
 					$cryptPassword = makeCryptPassword($password);

 					$stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_USERS . "`
-						(`customerid`, `username`, `description`, `password`, `homedir`, `login_enabled`, `uid`, `gid`)
-						VALUES (:customerid, :username, :description, :password, :homedir, 'y', :guid, :guid)"
+						(`customerid`, `username`, `description`, `password`, `homedir`, `login_enabled`, `uid`, `gid`, `shell`)
+						VALUES (:customerid, :username, :description, :password, :homedir, 'y', :guid, :guid, :shell)"
 					);
 					$params = array(
 						"customerid" => $userinfo['customerid'],
@@ -209,7 +224,8 @@ if ($page == 'overview') {
 						"description" => $description,
 						"password" => $cryptPassword,
 						"homedir" => $path,
-						"guid" => $userinfo['guid']
+						"guid" => $userinfo['guid'],
+						"shell" => $shell
 					);
 					Database::pexecute($stmt, $params);

@@ -329,6 +345,18 @@ if ($page == 'overview') {
 					}
 				}

+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shells = makeoption("/bin/false", "/bin/false", "/bin/false");
+					$shells_avail = Settings::Get('system.available_shells');
+					if (!empty($shells_avail)) {
+						$shells_avail = explode(",", $shells_avail);
+						$shells_avail = array_map("trim", $shells_avail);
+						foreach ($shells_avail as $_shell) {
+							$shells .= makeoption($_shell, $_shell, "/bin/false");
+						}
+					}
+				}
+
 				//$sendinfomail = makeyesno('sendinfomail', '1', '0', '0');

 				$ftp_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/ftp/formfield.ftp_add.php';
@@ -341,7 +369,7 @@ if ($page == 'overview') {
 			}
 		}
 	} elseif ($action == 'edit' && $id != 0) {
-		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `uid`, `gid` FROM `" . TABLE_FTP_USERS . "`
+		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `uid`, `gid`, `shell` FROM `" . TABLE_FTP_USERS . "`
 			WHERE `customerid` = :customerid
 			AND `id` = :id"
 		);
@@ -353,6 +381,11 @@ if ($page == 'overview') {
 				// @FIXME use a good path-validating regex here (refs #1231)
 				$path = validate($_POST['path'], 'path');

+				$shell = "/bin/false";
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shell = isset($_POST['shell']) ? validate($_POST['shell'], 'shell') : '/bin/false';
+				}
+
 				$_setnewpass = false;
 				if (isset($_POST['ftp_password']) && $_POST['ftp_password'] != '') {
 					$password = validate($_POST['ftp_password'], 'password');
@@ -404,13 +437,14 @@ if ($page == 'overview') {
 				}

 				$log->logAction(USR_ACTION, LOG_INFO, "edited ftp-account '" . $result['username'] . "'");
+				inserttask(5);
 				$description = validate($_POST['ftp_description'], 'description');
 				$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
-					SET `description` = :desc
+					SET `description` = :desc, `shell` = :shell
 					WHERE `customerid` = :customerid
 					AND `id` = :id"
 				);
-				Database::pexecute($stmt, array("desc" => $description, "customerid" => $userinfo['customerid'], "id" => $id));
+				Database::pexecute($stmt, array("desc" => $description, "shell" => $shell, "customerid" => $userinfo['customerid'], "id" => $id));

 				redirectTo($filename, array('page' => $page, 's' => $s));
 			} else {
@@ -436,6 +470,18 @@ if ($page == 'overview') {
 					}
 				}

+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shells = makeoption("/bin/false", "/bin/false", $result['shell']);
+					$shells_avail = Settings::Get('system.available_shells');
+					if (!empty($shells_avail)) {
+						$shells_avail = explode(",", $shells_avail);
+						$shells_avail = array_map("trim", $shells_avail);
+						foreach ($shells_avail as $_shell) {
+							$shells .= makeoption($_shell, $_shell, $result['shell']);
+						}
+					}
+				}
+
 				$ftp_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/ftp/formfield.ftp_edit.php';
 				$ftp_edit_form = htmlform::genHTMLForm($ftp_edit_data);

--- a/customer_index.php
+++ b/customer_index.php
@@ -78,8 +78,15 @@ if ($page == 'overview') {
 	$yesterday = time() - (60 * 60 * 24);
 	$month = date('M Y', $yesterday);

+	// get disk-space usages for web, mysql and mail
+	$usages_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_DISKSPACE."` WHERE `customerid` = :cid ORDER BY `stamp` DESC LIMIT 1");
+	$usages = Database::pexecute_first($usages_stmt, array('cid' => $userinfo['customerid']));
+
 	$userinfo['diskspace'] = round($userinfo['diskspace'] / 1024, Settings::Get('panel.decimal_places'));
-	$userinfo['diskspace_used'] = round($userinfo['diskspace_used'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['diskspace_used'] = round($usages['webspace'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['mailspace_used'] = round($usages['mail'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['dbspace_used'] = round($usages['mysql'] / 1024, Settings::Get('panel.decimal_places'));
+
 	$userinfo['traffic'] = round($userinfo['traffic'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 	$userinfo['traffic_used'] = round($userinfo['traffic_used'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 	$userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'diskspace traffic mysqls emails email_accounts email_forwarders email_quota ftps tickets subdomains');
@@ -197,7 +204,7 @@ if ($page == 'overview') {
 		}

 		$language_options = '';
-		while (list($language_file, $language_name) = each($languages)) {
+		foreach ($languages as $language_file => $language_name) {
 			$language_options .= makeoption($language_name, $language_file, $default_lang, true);
 		}

@@ -267,7 +274,8 @@ if ($page == 'overview') {
 			$mail_body .= "File: ".$_error['file'].':'.$_error['line']."\n\n";
 			$mail_body .= "Trace:\n".trim($_error['trace'])."\n\n";
 			$mail_body .= "-------------------------------------------------------------\n\n";
-			$mail_body .= "Froxlor-version: ".$version."\n\n";
+			$mail_body .= "Froxlor-version: ".$version."\n";
+			$mail_body .= "DB-version: ".$dbversion."\n\n";
 			$mail_body .= "End of report";
 			$mail_html = str_replace("\n", "<br />", $mail_body);

--- a/customer_logger.php
+++ b/customer_logger.php
@@ -16,12 +16,15 @@
 * @package    Panel
 *
 */
-
 define('AREA', 'customer');
 require './lib/init.php';

-if ($page == 'log'
-) {
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options', 'extras.logger')) {
+	redirectTo('customer_index.php');
+}
+
+if ($page == 'log') {
 	if ($action == '') {
 		$fields = array(
 			'date' => $lng['logger']['date'],
@@ -29,37 +32,39 @@ if ($page == 'log'
 			'user' => $lng['logger']['user'],
 			'text' => $lng['logger']['action']
 		);
-		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, null, null, 0, 'desc');
-		$result_stmt = Database::prepare('
-			SELECT * FROM `' . TABLE_PANEL_LOG . '` WHERE `user` = :loginname ' . $paging->getSqlWhere(true) . ' ' . $paging->getSqlOrderBy() . ' ' . $paging->getSqlLimit()
-		);
-		Database::pexecute($result_stmt, array("loginname" => $userinfo['loginname']));
-		$logs_count = Database::num_rows();
+		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, null, null, 0, 'desc', 30);
+		$query = 'SELECT * FROM `' . TABLE_PANEL_LOG . '` WHERE `user` = :loginname ' . $paging->getSqlWhere(true) . ' ' . $paging->getSqlOrderBy();
+		$result_stmt = Database::prepare($query . ' ' . $paging->getSqlLimit());
+		Database::pexecute($result_stmt, array(
+			"loginname" => $userinfo['loginname']
+		));
+		$result_cnt_stmt = Database::prepare($query);
+		Database::pexecute($result_cnt_stmt, array(
+			"loginname" => $userinfo['loginname']
+		));
+		$res_cnt = $result_cnt_stmt->fetch(PDO::FETCH_ASSOC);
+		$logs_count = $result_cnt_stmt->rowCount();
 		$paging->setEntries($logs_count);
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 		$searchcode = $paging->getHtmlSearchCode($lng);
 		$pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s);
 		$clog = array();
-
+		
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
-
-			if (!isset($clog[$row['action']])
-				|| !is_array($clog[$row['action']])
-			) {
+			
+			if (! isset($clog[$row['action']]) || ! is_array($clog[$row['action']])) {
 				$clog[$row['action']] = array();
 			}
 			$clog[$row['action']][$row['logid']] = $row;
 		}
-
-		if ($paging->sortfield == 'date'
-			&& $paging->sortorder == 'desc'
-		) {
+		
+		if ($paging->sortfield == 'date' && $paging->sortorder == 'desc') {
 			krsort($clog);
 		} else {
 			ksort($clog);
 		}
-
+		
 		$i = 0;
 		$count = 0;
 		$log_count = 0;
@@ -67,51 +72,50 @@ if ($page == 'log'
 		foreach ($clog as $action => $logrows) {
 			$_action = 0;
 			foreach ($logrows as $row) {
-				if ($paging->checkDisplay($i)) {
-					$row = htmlentities_array($row);
-					$row['date'] = date("d.m.y H:i:s", $row['date']);
-
-					if ($_action != $action) {
-						switch ($action) {
-							case USR_ACTION:
-								$_action = $lng['admin']['customer'];
-								break;
-							case RES_ACTION:
-								$_action = $lng['logger']['reseller'];
-								break;
-							case ADM_ACTION:
-								$_action = $lng['logger']['admin'];
-								break;
-							case CRON_ACTION:
-								$_action = $lng['logger']['cron'];
-								break;
-							case LOGIN_ACTION:
-								$_action = $lng['logger']['login'];
-								break;
-							case LOG_ERROR:
-								$_action = $lng['logger']['intern'];
-								break;
-							default:
-								$_action = $lng['logger']['unknown'];
-								break;
-						}
-
-						$row['action'] = $_action;
-						eval("\$log.=\"" . getTemplate('logger/logger_action') . "\";");
+				// if ($paging->checkDisplay($i)) {
+				$row = htmlentities_array($row);
+				$row['date'] = date("d.m.y H:i:s", $row['date']);
+				
+				if ($_action != $action) {
+					switch ($action) {
+						case USR_ACTION:
+							$_action = $lng['admin']['customer'];
+							break;
+						case RES_ACTION:
+							$_action = $lng['logger']['reseller'];
+							break;
+						case ADM_ACTION:
+							$_action = $lng['logger']['admin'];
+							break;
+						case CRON_ACTION:
+							$_action = $lng['logger']['cron'];
+							break;
+						case LOGIN_ACTION:
+							$_action = $lng['logger']['login'];
+							break;
+						case LOG_ERROR:
+							$_action = $lng['logger']['intern'];
+							break;
+						default:
+							$_action = $lng['logger']['unknown'];
+							break;
 					}
-
-					$log_count++;
-					$row['type'] = getLogLevelDesc($row['type']);
-					eval("\$log.=\"" . getTemplate('logger/logger_log') . "\";");
-					$count++;
-					$_action = $action;
+					
+					$row['action'] = $_action;
+					eval("\$log.=\"" . getTemplate('logger/logger_action') . "\";");
 				}
-				$i++;
+				
+				$log_count ++;
+				$row['type'] = getLogLevelDesc($row['type']);
+				eval("\$log.=\"" . getTemplate('logger/logger_log') . "\";");
+				$count ++;
+				$_action = $action;
+				// }
+				$i ++;
 			}
-			$i++;
+			$i ++;
 		}
-
+		
 		eval("echo \"" . getTemplate('logger/logger') . "\";");
-
 	}
 }
--- a/customer_mysql.php
+++ b/customer_mysql.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','mysql')) {
+	redirectTo('customer_index.php');
+}
+
 // get sql-root access data
 Database::needRoot(true);
 Database::needSqlData();
--- a/customer_tickets.php
+++ b/customer_tickets.php
@@ -20,6 +20,7 @@
 define('AREA', 'customer');
 require './lib/init.php';

+
 if (isset($_POST['id'])) {

 	$id = intval($_POST['id']);
@@ -237,7 +238,11 @@ if ($page == 'overview') {
 		}
 	} elseif ($action == 'answer' && $id != 0) {
 		if (isset($_POST['send']) && $_POST['send'] == 'send') {
-			$replyticket = ticket::getInstanceOf($userinfo, -1);
+			try {
+				$replyticket = ticket::getInstanceOf($userinfo, -1);
+			} catch(Exception $e) {
+				standard_error($e->getMessage());
+			}
 			$replyticket->Set('subject', validate($_POST['subject'], 'subject'), true, false);
 			$replyticket->Set('priority', validate($_POST['priority'], 'priority'), true, false);
 			$replyticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false);
@@ -245,6 +250,11 @@ if ($page == 'overview') {
 			if ($replyticket->Get('message') == null) {
 				standard_error(array('stringisempty', 'mymessage'));
 			} else {
+				try {
+					$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
+				} catch(Exception $e) {
+					standard_error($e->getMessage());
+				}
 				$now = time();
 				$replyticket->Set('customer', (int)$userinfo['customerid'], true, true);
 				$replyticket->Set('lastchange', $now, true, true);
@@ -255,8 +265,6 @@ if ($page == 'overview') {
 				$replyticket->Insert();

 				// Update priority if changed
-				$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
-
 				if ($replyticket->Get('priority') != $mainticket->Get('priority')) {
 					$mainticket->Set('priority', $replyticket->Get('priority'), true);
 				}
@@ -271,7 +279,11 @@ if ($page == 'overview') {
 			}
 		} else {
 			$ticket_replies = '';
-			$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
+			try {
+				$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
+			} catch(Exception $e) {
+				standard_error($e->getMessage());
+			}
 			$dt = date("d.m.Y H:i\h", $mainticket->Get('dt'));
 			$status = ticket::getStatusText($lng, $mainticket->Get('status'));

@@ -327,7 +339,7 @@ if ($page == 'overview') {

 				$subject = $subticket->Get('subject');
 				$message = $subticket->Get('message');
-				
+
 				$row2 = htmlentities_array($row2);
 				eval("\$ticket_replies.=\"" . getTemplate("tickets/tickets_tickets_list") . "\";");
 			}
@@ -350,7 +362,11 @@ if ($page == 'overview') {
 	} elseif ($action == 'close' && $id != 0) {
 		if (isset($_POST['send']) && $_POST['send'] == 'send') {
 			$now = time();
-			$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
+			try {
+				$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
+			} catch(Exception $e) {
+				standard_error($e->getMessage());
+			}
 			$mainticket->Set('lastchange', $now, true, true);
 			$mainticket->Set('lastreplier', '0', true, true);
 			$mainticket->Set('status', '3', true, true);
@@ -358,7 +374,11 @@ if ($page == 'overview') {
 			$log->logAction(USR_ACTION, LOG_NOTICE, "closed support-ticket '" . $mainticket->Get('subject') . "'");
 			redirectTo($filename, array('page' => $page, 's' => $s));
 		} else {
-			$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
+			try {
+				$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
+			} catch(Exception $e) {
+				standard_error($e->getMessage());
+			}
 			ask_yesno('ticket_reallyclose', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject'));
 		}
 	} elseif ($action == 'reopen' && $id != 0) {
@@ -376,7 +396,11 @@ if ($page == 'overview') {
 		}

 		$now = time();
-		$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
+		try {
+			$mainticket = ticket::getInstanceOf($userinfo, (int)$id);
+		} catch(Exception $e) {
+			standard_error($e->getMessage());
+		}
 		$mainticket->Set('lastchange', $now, true, true);
 		$mainticket->Set('lastreplier', '0', true, true);
 		$mainticket->Set('status', '0', true, true);
--- a/customer_traffic.php
+++ b/customer_traffic.php
@@ -20,6 +20,12 @@
 define('AREA', 'customer');
 $intrafficpage = 1;
 require './lib/init.php';
+
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','traffic')) {
+	redirectTo('customer_index.php');
+}
+
 $traffic = '';
 $month = null;
 $year = null;
@@ -109,8 +115,7 @@ if (!is_null($month) && !is_null($year)) {
 	$result_stmt = Database::prepare("SELECT `month`, `year`, SUM(`http`) AS http, SUM(`ftp_up`) AS ftp_up, SUM(`ftp_down`) AS ftp_down, SUM(`mail`) AS mail
 		FROM `" . TABLE_PANEL_TRAFFIC . "`
 		WHERE `customerid` = :customerid
-		GROUP BY CONCAT(`year`,`month`)
-		ORDER BY CONCAT(`year`,`month`) DESC
+		GROUP BY `year` DESC, `month` DESC
 		LIMIT 12"
 	);
 	Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
--- a/dns_editor.php
+++ b/dns_editor.php
@@ -56,13 +56,29 @@ if ($action == 'add_record' && ! empty($_POST)) {
 		if (strpos($record, '--') !== false) {
 			$errors[] = $lng['error']['domain_nopunycode'];
 		} else {
+			// check for wildcard-record
+			$add_wildcard_again = false;
+			if (substr($record, 0, 2) == '*.') {
+				$record = substr($record, 2);
+				$add_wildcard_again = true;
+			}
+			// convert entry
 			$record = $idna_convert->encode($record);
+
+			if ($add_wildcard_again) {
+				$record = '*.'.$record;
+			}
+
+			/*
+			 * see https://redmine.froxlor.org/issues/1697
+			 *
 			if ($type != 'SRV' && $type != 'TXT') {
 				$check_dom = $record . '.example.com';
 				if (! validateDomain($check_dom)) {
 					$errors[] = sprintf($lng['error']['subdomainiswrong'], $idna_convert->decode($record));
 				}
 			}
+			*/
 			if (strlen($record) > 63) {
 				$errors[] = $lng['error']['dns_record_toolong'];
 			}
@@ -112,6 +128,9 @@ if ($action == 'add_record' && ! empty($_POST)) {
 		if (substr($content, - 1) == '.') {
 			// remove it for checks
 			$content = substr($content, 0, - 1);
+		} else {
+			// add domain name
+			$content .= '.' . $domain;
 		}
 		if (! validateDomain($content)) {
 			$errors[] = $lng['error']['dns_cname_invaliddom'];
@@ -171,8 +190,8 @@ if ($action == 'add_record' && ! empty($_POST)) {
 				}
 			}
 		}
-		// append trailing dot (again)
-		if ($target != '.') {
+		// append trailing dot if there's none
+		if (substr($content, - 1) != '.') {
 			$content .= '.';
 		}
 	}
@@ -189,7 +208,7 @@ if ($action == 'add_record' && ! empty($_POST)) {

 	// check for duplicate
 	foreach ($dom_entries as $existing_entry) {
-		// compare serialized string of array
+		// compare json-encoded string of array
 		$check_entry = $existing_entry;
 		// new entry has no ID yet
 		unset($check_entry['id']);
@@ -199,9 +218,9 @@ if ($action == 'add_record' && ! empty($_POST)) {
 		$check_entry['prio'] = (int) $check_entry['prio'];
 		$check_entry['ttl'] = (int) $check_entry['ttl'];
 		$check_entry['domain_id'] = (int) $check_entry['domain_id'];
-		// serialize both
-		$check_entry = serialize($check_entry);
-		$new = serialize($new_entry);
+		// encode both
+		$check_entry = json_encode($check_entry);
+		$new = json_encode($new_entry);
 		// compare
 		if ($check_entry === $new) {
 			$errors[] = $lng['error']['dns_duplicate_entry'];
--- a/index.php
+++ b/index.php
@@ -250,7 +250,7 @@ if ($action == 'login') {
 		$language_options = '';
 		$language_options .= makeoption($lng['login']['profile_lng'], 'profile', 'profile', true, true);

-		while (list($language_file, $language_name) = each($languages)) {
+		foreach ($languages as $language_file => $language_name) {
 			$language_options .= makeoption($language_name, $language_file, 'profile', true);
 		}

--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -66,7 +66,7 @@ CREATE TABLE `mail_virtual` (
  `id` int(11) NOT NULL auto_increment,
  `email` varchar(255) NOT NULL default '',
  `email_full` varchar(255) NOT NULL default '',
-  `destination` text NOT NULL,
+  `destination` text,
  `domainid` int(11) NOT NULL default '0',
  `customerid` int(11) NOT NULL default '0',
  `popaccountid` int(11) NOT NULL default '0',
@@ -195,8 +195,11 @@ CREATE TABLE `panel_customers` (
  `theme` varchar(255) NOT NULL default 'Sparkle',
  `custom_notes` text,
  `custom_notes_show` tinyint(1) NOT NULL default '0',
-  `lepublickey` mediumtext DEFAULT NULL,
-  `leprivatekey` mediumtext DEFAULT NULL,
+  `lepublickey` mediumtext default NULL,
+  `leprivatekey` mediumtext default NULL,
+  `leregistered` tinyint(1) NOT NULL default '0',
+  `leaccount` varchar(255) default '',
+  `allowed_phpconfigs` varchar(500) NOT NULL default '',
   PRIMARY KEY  (`customerid`),
   UNIQUE KEY `loginname` (`loginname`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
@@ -237,6 +240,7 @@ CREATE TABLE `panel_domains` (
  `dkim_pubkey` text,
  `wwwserveralias` tinyint(1) NOT NULL default '1',
  `parentdomainid` int(11) NOT NULL default '0',
+  `phpenabled` tinyint(1) NOT NULL default '0',
  `openbasedir` tinyint(1) NOT NULL default '0',
  `openbasedir_path` tinyint(1) NOT NULL default '0',
  `speciallogfile` tinyint(1) NOT NULL default '0',
@@ -245,8 +249,8 @@ CREATE TABLE `panel_domains` (
  `deactivated` tinyint(1) NOT NULL default '0',
  `bindserial` varchar(10) NOT NULL default '2000010100',
  `add_date` int( 11 ) NOT NULL default '0',
-  `registration_date` date NOT NULL,
-  `termination_date` date NOT NULL,
+  `registration_date` date DEFAULT NULL,
+  `termination_date` date DEFAULT NULL,
  `phpsettingid` INT( 11 ) UNSIGNED NOT NULL DEFAULT '1',
  `mod_fcgid_starter` int(4) default '-1',
  `mod_fcgid_maxrequests` int(4) default '-1',
@@ -254,7 +258,10 @@ CREATE TABLE `panel_domains` (
  `letsencrypt` tinyint(1) NOT NULL default '0',
  `hsts` varchar(10) NOT NULL default '0',
  `hsts_sub` tinyint(1) NOT NULL default '0',
-  `hsts_preload` tinyint(1) NOT NULL default '1',
+  `hsts_preload` tinyint(1) NOT NULL default '0',
+  `ocsp_stapling` tinyint(1) DEFAULT '0',
+  `http2` tinyint(1) DEFAULT '0',
+  `notryfiles` tinyint(1) DEFAULT '0',
  PRIMARY KEY  (`id`),
  KEY `customerid` (`customerid`),
  KEY `parentdomain` (`parentdomainid`),
@@ -274,13 +281,14 @@ CREATE TABLE `panel_ipsandports` (
  `vhostcontainer_servername_statement` tinyint(1) NOT NULL default '0',
  `specialsettings` text,
  `ssl` tinyint(4) NOT NULL default '0',
-  `ssl_cert_file` varchar(255) NOT NULL,
-  `ssl_key_file` varchar(255) NOT NULL,
-  `ssl_ca_file` varchar(255) NOT NULL,
+  `ssl_cert_file` varchar(255) NOT NULL default '',
+  `ssl_key_file` varchar(255) NOT NULL default '',
+  `ssl_ca_file` varchar(255) NOT NULL default '',
  `default_vhostconf_domain` text,
-  `ssl_cert_chainfile` varchar(255) NOT NULL,
+  `ssl_cert_chainfile` varchar(255) NOT NULL default '',
  `docroot` varchar(255) NOT NULL default '',
-  PRIMARY KEY  (`id`)
+  PRIMARY KEY  (`id`),
+  UNIQUE KEY `ip_port` (`ip`,`port`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;


@@ -398,25 +406,113 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('login', 'maxloginattempts', '3'),
 	('login', 'deactivatetime', '900'),
 	('phpfpm', 'enabled', '0'),
-	('phpfpm', 'configdir', '/etc/php-fpm.d/'),
-	('phpfpm', 'reload', '/etc/init.d/php-fpm restart'),
-	('phpfpm', 'pm', 'static'),
-	('phpfpm', 'max_children', '1'),
-	('phpfpm', 'start_servers', '20'),
-	('phpfpm', 'min_spare_servers', '5'),
-	('phpfpm', 'max_spare_servers', '35'),
-	('phpfpm', 'max_requests', '0'),
 	('phpfpm', 'tmpdir', '/var/customers/tmp/'),
 	('phpfpm', 'peardir', '/usr/share/php/:/usr/share/php5/'),
+	('phpfpm', 'envpath', '/usr/local/bin:/usr/bin:/bin'),
 	('phpfpm', 'enabled_ownvhost', '0'),
 	('phpfpm', 'vhost_httpuser', 'froxlorlocal'),
 	('phpfpm', 'vhost_httpgroup', 'froxlorlocal'),
-	('phpfpm', 'idle_timeout', '30'),
 	('phpfpm', 'aliasconfigdir', '/var/www/php-fpm/'),
 	('phpfpm', 'defaultini', '1'),
 	('phpfpm', 'vhost_defaultini', '2'),
 	('phpfpm', 'fastcgi_ipcdir', '/var/lib/apache2/fastcgi/'),
 	('phpfpm', 'use_mod_proxy', '0'),
+	('phpfpm', 'ini_flags', 'asp_tags
+display_errors
+display_startup_errors
+html_errors
+log_errors
+magic_quotes_gpc
+magic_quotes_runtime
+magic_quotes_sybase
+mail.add_x_header
+session.cookie_secure
+session.use_cookies
+short_open_tag
+track_errors
+xmlrpc_errors
+suhosin.simulation
+suhosin.session.encrypt
+suhosin.session.cryptua
+suhosin.session.cryptdocroot
+suhosin.cookie.encrypt
+suhosin.cookie.cryptua
+suhosin.cookie.cryptdocroot
+suhosin.executor.disable_eval
+mbstring.func_overload'),
+	('phpfpm', 'ini_values', 'auto_append_file
+auto_prepend_file
+date.timezone
+default_charset
+error_reporting
+include_path
+log_errors_max_len
+mail.log
+max_execution_time
+session.cookie_domain
+session.cookie_lifetime
+session.cookie_path
+session.name
+session.serialize_handler
+upload_max_filesize
+xmlrpc_error_number
+session.auto_start
+always_populate_raw_post_data
+suhosin.session.cryptkey
+suhosin.session.cryptraddr
+suhosin.session.checkraddr
+suhosin.cookie.cryptkey
+suhosin.cookie.plainlist
+suhosin.cookie.cryptraddr
+suhosin.cookie.checkraddr
+suhosin.executor.func.blacklist
+suhosin.executor.eval.whitelist'),
+	('phpfpm', 'ini_admin_flags', 'allow_call_time_pass_reference
+allow_url_fopen
+allow_url_include
+auto_detect_line_endings
+cgi.fix_pathinfo
+cgi.force_redirect
+enable_dl
+expose_php
+file_uploads
+ignore_repeated_errors
+ignore_repeated_source
+log_errors
+register_argc_argv
+report_memleaks
+opcache.enable
+opcache.consistency_checks
+opcache.dups_fix
+opcache.load_comments
+opcache.revalidate_path
+opcache.save_comments
+opcache.use_cwd
+opcache.validate_timestamps
+opcache.fast_shutdown'),
+	('phpfpm', 'ini_admin_values', 'cgi.redirect_status_env
+date.timezone
+disable_classes
+disable_functions
+error_log
+gpc_order
+max_input_time
+max_input_vars
+memory_limit
+open_basedir
+output_buffering
+post_max_size
+precision
+sendmail_path
+session.gc_divisor
+session.gc_probability
+variables_order
+opcache.log_verbosity_level
+opcache.restrict_api
+opcache.revalidate_freq
+opcache.max_accelerated_files
+opcache.memory_consumption
+opcache.interned_strings_buffer'),
 	('nginx', 'fastcgiparams', '/etc/nginx/fastcgi_params'),
 	('system', 'lastaccountnumber', '0'),
 	('system', 'lastguid', '9999'),
@@ -438,7 +534,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'defaultip', '1'),
 	('system', 'phpappendopenbasedir', '/tmp/'),
 	('system', 'deactivateddocroot', ''),
-	('system', 'mailpwcleartext', '1'),
+	('system', 'mailpwcleartext', '0'),
 	('system', 'last_tasks_run', '000000'),
 	('system', 'nameservers', ''),
 	('system', 'mxservers', ''),
@@ -496,9 +592,11 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'ssl_cert_chainfile', ''),
 	('system', 'ssl_cipher_list', 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128'),
 	('system', 'nginx_php_backend', '127.0.0.1:8888'),
+	('system', 'http2_support', '0'),
 	('system', 'perl_server', 'unix:/var/run/nginx/cgiwrap-dispatch.sock'),
 	('system', 'phpreload_command', ''),
-	('system', 'apache24', '0'),
+	('system', 'apache24', '1'),
+	('system', 'apache24_ocsp_cache_path', 'shmcb:/var/run/apache2/ocsp-stapling.cache(131072)'),
 	('system', 'documentroot_use_default_value', '0'),
 	('system', 'passwordcryptfunc', '3'),
 	('system', 'axfrservers', ''),
@@ -521,15 +619,40 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'lepublickey', 'unset'),
 	('system', 'letsencryptca', 'production'),
 	('system', 'letsencryptcountrycode', 'DE'),
-	('system', 'letsencryptstate', 'Germany'),
+	('system', 'letsencryptstate', 'Hessen'),
 	('system', 'letsencryptchallengepath', '/var/www/froxlor'),
 	('system', 'letsencryptkeysize', '4096'),
 	('system', 'letsencryptreuseold', 0),
 	('system', 'leenabled', '0'),
+	('system', 'leapiversion', '1'),
 	('system', 'backupenabled', '0'),
 	('system', 'dnsenabled', '0'),
 	('system', 'dns_server', 'bind'),
 	('system', 'apacheglobaldiropt', ''),
+	('system', 'allow_customer_shell', '0'),
+	('system', 'available_shells', ''),
+	('system', 'le_froxlor_enabled', '0'),
+	('system', 'le_froxlor_redirect', '0'),
+	('system', 'letsencryptacmeconf', '/etc/apache2/conf-enabled/acme.conf'),
+	('system', 'mail_use_smtp', '0'),
+	('system', 'mail_smtp_host', 'localhost'),
+	('system', 'mail_smtp_port', '25'),
+	('system', 'mail_smtp_usetls', '1'),
+	('system', 'mail_smtp_auth', '1'),
+	('system', 'mail_smtp_user', ''),
+	('system', 'mail_smtp_passwd', ''),
+	('system', 'hsts_maxage', '0'),
+	('system', 'hsts_incsub', '0'),
+	('system', 'hsts_preload', '0'),
+	('system', 'leregistered', '0'),
+  ('system', 'leaccount', ''),
+	('system', 'nssextrausers', '0'),
+	('system', 'disable_le_selfcheck', '0'),
+	('system', 'ssl_protocols', 'TLSv1,TLSv1.2'),
+	('system', 'logfiles_format', ''),
+	('system', 'logfiles_type', '1'),
+	('system', 'logfiles_piped', '0'),
+	('system', 'logfiles_script', ''),
 	('panel', 'decimal_places', '4'),
 	('panel', 'adminmail', 'admin@SERVERNAME'),
 	('panel', 'phpmyadmin_url', ''),
@@ -560,8 +683,9 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'password_numeric', '0'),
 	('panel', 'password_special_char_required', '0'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
-	('panel', 'version', '0.9.37-rc1'),
-	('panel', 'db_version', '201607140');
+	('panel', 'customer_hide_options', ''),
+	('panel', 'version', '0.9.40'),
+	('panel', 'db_version', '201809280');


 DROP TABLE IF EXISTS `panel_tasks`;
@@ -727,6 +851,33 @@ CREATE TABLE IF NOT EXISTS `panel_syslog` (
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;


+
+DROP TABLE IF EXISTS `panel_fpmdaemons`;
+CREATE TABLE `panel_fpmdaemons` (
+  `id` int(11) unsigned NOT NULL auto_increment,
+  `description` varchar(50) NOT NULL,
+  `reload_cmd` varchar(255) NOT NULL,
+  `config_dir` varchar(255) NOT NULL,
+  `pm` varchar(15) NOT NULL DEFAULT 'static',
+  `max_children` int(4) NOT NULL DEFAULT '1',
+  `start_servers` int(4) NOT NULL DEFAULT '20',
+  `min_spare_servers` int(4) NOT NULL DEFAULT '5',
+  `max_spare_servers` int(4) NOT NULL DEFAULT '35',
+  `max_requests` int(4) NOT NULL DEFAULT '0',
+  `idle_timeout` int(4) NOT NULL DEFAULT '30',
+  `limit_extensions` varchar(255) NOT NULL default '.php',
+  PRIMARY KEY  (`id`),
+  UNIQUE KEY `reload` (`reload_cmd`),
+  UNIQUE KEY `config` (`config_dir`)
+) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
+
+
+
+INSERT INTO `panel_fpmdaemons` (`id`, `description`, `reload_cmd`, `config_dir`) VALUES
+(1, 'System default', 'service php7.0-fpm restart', '/etc/php/7.0/fpm/pool.d/');
+
+
+
 DROP TABLE IF EXISTS `panel_phpconfigs`;
 CREATE TABLE `panel_phpconfigs` (
  `id` int(11) unsigned NOT NULL auto_increment,
@@ -740,14 +891,26 @@ CREATE TABLE `panel_phpconfigs` (
  `fpm_reqterm` varchar(15) NOT NULL default '60s',
  `fpm_reqslow` varchar(15) NOT NULL default '5s',
  `phpsettings` text NOT NULL,
-  PRIMARY KEY  (`id`)
+  `fpmsettingid` int(11) NOT NULL DEFAULT '1',
+  `pass_authorizationheader` tinyint(1) NOT NULL default '0',
+  `override_fpmconfig` tinyint(1) NOT NULL DEFAULT '0',
+  `pm` varchar(15) NOT NULL DEFAULT 'static',
+  `max_children` int(4) NOT NULL DEFAULT '1',
+  `start_servers` int(4) NOT NULL DEFAULT '20',
+  `min_spare_servers` int(4) NOT NULL DEFAULT '5',
+  `max_spare_servers` int(4) NOT NULL DEFAULT '35',
+  `max_requests` int(4) NOT NULL DEFAULT '0',
+  `idle_timeout` int(4) NOT NULL DEFAULT '30',
+  `limit_extensions` varchar(255) NOT NULL default '.php',
+  PRIMARY KEY  (`id`),
+  KEY `fpmsettingid` (`fpmsettingid`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;



 INSERT INTO `panel_phpconfigs` (`id`, `description`, `binary`, `file_extensions`, `mod_fcgid_starter`, `mod_fcgid_maxrequests`, `phpsettings`) VALUES
 (1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = "{DOCUMENT_ROOT}"\r\n'),
-(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\nnoutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = ""\r\n');
+(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = ""\r\n');


 DROP TABLE IF EXISTS `cronjobs_run`;
@@ -842,11 +1005,12 @@ DROP TABLE IF EXISTS `domain_ssl_settings`;
 CREATE TABLE IF NOT EXISTS `domain_ssl_settings` (
  `id` int(5) NOT NULL auto_increment,
  `domainid` int(11) NOT NULL,
-  `ssl_cert_file` mediumtext NOT NULL,
-  `ssl_key_file` mediumtext NOT NULL,
+  `ssl_cert_file` mediumtext,
+  `ssl_key_file` mediumtext,
  `ssl_ca_file` mediumtext,
  `ssl_cert_chainfile` mediumtext,
  `ssl_csr_file` mediumtext,
+  `ssl_fullchain_file` mediumtext,
  `expirationdate` datetime DEFAULT NULL,
  PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
@@ -872,3 +1036,16 @@ CREATE TABLE `domain_dns_entries` (
  PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;

+
+DROP TABLE IF EXISTS `panel_plans`;
+CREATE TABLE `panel_plans` (
+  `id` int(11) NOT NULL auto_increment,
+  `adminid` int(11) NOT NULL default '0',
+  `name` varchar(255) NOT NULL default '',
+  `description` text NOT NULL,
+  `value` longtext NOT NULL,
+  `ts` int(15) NOT NULL default '0',
+  PRIMARY KEY  (id),
+  KEY adminid (adminid)
+) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
+
--- a/install/lib/class.FroxlorInstall.php
+++ b/install/lib/class.FroxlorInstall.php
@@ -28,7 +28,7 @@
 * @author Froxlor team <team@froxlor.org> (2010-)
 * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
 * @package Install
- *
+ *         
 */
 class FroxlorInstall
 {
@@ -74,10 +74,17 @@ class FroxlorInstall
 	/**
 	 * currently used language
 	 *
-	 * @var unknown
+	 * @var string
 	 */
 	private $_activelng = 'english';

+	/**
+	 * check whether to abort due to errors
+	 *
+	 * @var bool
+	 */
+	private $_abort = false;
+
 	/**
 	 * Class constructor
 	 */
@@ -154,7 +161,7 @@ class FroxlorInstall
 		$this->_guessServerName();
 		$this->_guessServerIP();
 		$this->_guessWebserver();
-
+		
 		$this->_getPostField('mysql_host', '127.0.0.1');
 		$this->_getPostField('mysql_database', 'froxlor');
 		$this->_getPostField('mysql_unpriv_user', 'froxlor');
@@ -169,18 +176,22 @@ class FroxlorInstall
 		$this->_getPostField('httpuser', $posixusername['name']);
 		$posixgroup = posix_getgrgid(posix_getgid());
 		$this->_getPostField('httpgroup', $posixgroup['name']);
-
+		
 		if ($this->_data['mysql_host'] == 'localhost' || $this->_data['mysql_host'] == '127.0.0.1') {
 			$this->_data['mysql_access_host'] = $this->_data['mysql_host'];
 		} else {
 			$this->_data['mysql_access_host'] = $this->_data['serverip'];
 		}
-
+		
 		// check system-hostname to be a FQDN
-		if ($this->_validate_ip($this->_data['servername'], true) !== false) {
+		if ($this->_validate_ip($this->_data['servername']) !== false) {
 			$this->_data['servername'] = '';
 		}
-
+		
+		if (empty($this->_data['serverip']) || $this->_validate_ip($this->_data['serverip']) == false) {
+			return false;
+		}
+		
 		if (isset($_POST['installstep']) && $_POST['installstep'] == '1' && $this->_data['admin_pass1'] == $this->_data['admin_pass2'] && $this->_data['admin_pass1'] != '' && $this->_data['admin_pass2'] != '' && $this->_data['mysql_unpriv_pass'] != '' && $this->_data['mysql_root_pass'] != '' && $this->_data['servername'] != '' && $this->_data['serverip'] != '' && $this->_data['httpuser'] != '' && $this->_data['httpgroup'] != '' && $this->_data['mysql_unpriv_user'] != $this->_data['mysql_root_user']) {
 			return true;
 		}
@@ -195,12 +206,12 @@ class FroxlorInstall
 	private function _doInstall()
 	{
 		$content = "<table class=\"noborder\">";
-
+		
 		// check for mysql-root-connection
 		$content .= $this->_status_message('begin', $this->_lng['install']['testing_mysql']);
-
+		
 		$options = array(
-			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8'
+			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8,sql_mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"'
 		);
 		$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";";
 		$fatal_fail = false;
@@ -223,9 +234,9 @@ class FroxlorInstall
 				$fatal_fail = true;
 			}
 		}
-
+		
 		if (! $fatal_fail) {
-
+			
 			// ok, if we are here, the database connection is up and running
 			$content .= $this->_status_message('green', "OK");
 			// check for existing db and create backup if so
@@ -234,36 +245,37 @@ class FroxlorInstall
 			$content .= $this->_createDatabaseAndUser($db_root);
 			// importing data to new database
 			$content .= $this->_importDatabaseData();
-			// create DB object for new database
-			$options = array(
-				'PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8'
-			);
-			$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";dbname=" . $this->_data['mysql_database'] . ";";
-			$another_fail = false;
-			try {
-				$db = new PDO($dsn, $this->_data['mysql_unpriv_user'], $this->_data['mysql_unpriv_pass'], $options);
-			} catch (PDOException $e) {
-				// dafuq? this should have happened in _importDatabaseData()
-				$content .= $this->_status_message('red', $e->getMessage());
-				$another_fail = true;
-			}
-			;
+			if (! $this->_abort) {
+				// create DB object for new database
+				$options = array(
+					'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8,sql_mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"'
+				);
+				$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";dbname=" . $this->_data['mysql_database'] . ";";
+				$another_fail = false;
+				try {
+					$db = new PDO($dsn, $this->_data['mysql_unpriv_user'], $this->_data['mysql_unpriv_pass'], $options);
+				} catch (PDOException $e) {
+					// dafuq? this should have happened in _importDatabaseData()
+					$content .= $this->_status_message('red', $e->getMessage());
+					$another_fail = true;
+				}

-			if (! $another_fail) {
-				// change settings accordingly
-				$content .= $this->_doSettings($db);
-				// create entries
-				$content .= $this->_doDataEntries($db);
-				$db = null;
-				// create config-file
-				$content .= $this->_createUserdataConf();
+				if (! $another_fail) {
+					// change settings accordingly
+					$content .= $this->_doSettings($db);
+					// create entries
+					$content .= $this->_doDataEntries($db);
+					$db = null;
+					// create config-file
+					$content .= $this->_createUserdataConf();
+				}
 			}
 		}
-
+		
 		$content .= "</table>";
-
+		
 		// check if we have unrecoverable errors
-		if ($fatal_fail || $another_fail) {
+		if ($fatal_fail || $another_fail || $this->_abort) {
 			// D'oh
 			$navigation = '';
 			$msgcolor = 'red';
@@ -278,9 +290,9 @@ class FroxlorInstall
 			$link = '../index.php';
 			$linktext = $this->_lng['click_here_to_login'];
 		}
-
+		
 		eval("\$navigation .= \"" . $this->_getTemplate("pagebottom") . "\";");
-
+		
 		return array(
 			'pagecontent' => $content,
 			'pagenavigation' => $navigation
@@ -293,7 +305,7 @@ class FroxlorInstall
 	private function _createUserdataConf()
 	{
 		$content = "";
-
+		
 		$content .= $this->_status_message('begin', $this->_lng['install']['creating_configfile']);
 		$userdata = "<?php\n";
 		$userdata .= "// automatically generated userdata.inc.php for Froxlor\n";
@@ -308,13 +320,14 @@ class FroxlorInstall
 		$userdata .= "// enable debugging to browser in case of SQL errors\n";
 		$userdata .= "\$sql['debug'] = false;\n";
 		$userdata .= "?>";
-
+		
 		// test if we can store the userdata.inc.php in ../lib
-		if ($fp = @fopen(dirname(dirname(dirname(__FILE__))) . '/lib/userdata.inc.php', 'w')) {
+		$userdata_file = dirname(dirname(dirname(__FILE__))) . '/lib/userdata.inc.php';
+		if ($fp = @fopen($userdata_file, 'w')) {
 			$result = @fputs($fp, $userdata, strlen($userdata));
 			@fclose($fp);
 			$content .= $this->_status_message('green', 'OK');
-			chmod('../lib/userdata.inc.php', 0440);
+			chmod($userdata_file, 0440);
 		} elseif ($fp = @fopen('/tmp/userdata.inc.php', 'w')) {
 			$result = @fputs($fp, $userdata, strlen($userdata));
 			@fclose($fp);
@@ -325,7 +338,7 @@ class FroxlorInstall
 			$escpduserdata = nl2br(htmlspecialchars($userdata));
 			eval("\$content .= \"" . $this->_getTemplate("textarea") . "\";");
 		}
-
+		
 		return $content;
 	}

@@ -339,9 +352,9 @@ class FroxlorInstall
 	private function _doDataEntries(&$db)
 	{
 		$content = "";
-
+		
 		$content .= $this->_status_message('begin', $this->_lng['install']['creating_entries']);
-
+		
 		// and lets insert the default ip and port
 		$stmt = $db->prepare("
 				INSERT INTO `" . TABLE_PANEL_IPSANDPORTS . "` SET
@@ -355,7 +368,7 @@ class FroxlorInstall
 			'serverip' => $this->_data['serverip']
 		));
 		$defaultip = $db->lastInsertId();
-
+		
 		// insert the defaultip
 		$upd_stmt = $db->prepare("
 				UPDATE `" . TABLE_PANEL_SETTINGS . "` SET
@@ -365,9 +378,9 @@ class FroxlorInstall
 		$upd_stmt->execute(array(
 			'defaultip' => $defaultip
 		));
-
+		
 		$content .= $this->_status_message('green', 'OK');
-
+		
 		// last but not least create the main admin
 		$content .= $this->_status_message('begin', $this->_lng['install']['adding_admin_user']);
 		$ins_data = array(
@@ -402,11 +415,11 @@ class FroxlorInstall
 				`subdomains` = -1,
 				`traffic` = -1048576
 				");
-
+		
 		$ins_stmt->execute($ins_data);
-
+		
 		$content .= $this->_status_message('green', 'OK');
-
+		
 		return $content;
 	}

@@ -437,14 +450,14 @@ class FroxlorInstall
 	private function _doSettings(&$db)
 	{
 		$content = "";
-
+		
 		$content .= $this->_status_message('begin', $this->_lng['install']['changing_data']);
 		$upd_stmt = $db->prepare("
 				UPDATE `" . TABLE_PANEL_SETTINGS . "` SET
 				`value` = :value
 				WHERE `settinggroup` = :group AND `varname` = :varname
 				");
-
+		
 		$this->_updateSetting($upd_stmt, 'admin@' . $this->_data['servername'], 'panel', 'adminmail');
 		$this->_updateSetting($upd_stmt, $this->_data['serverip'], 'system', 'ipaddress');
 		$this->_updateSetting($upd_stmt, $this->_data['servername'], 'system', 'hostname');
@@ -453,7 +466,7 @@ class FroxlorInstall
 		$this->_updateSetting($upd_stmt, $this->_data['webserver'], 'system', 'webserver');
 		$this->_updateSetting($upd_stmt, $this->_data['httpuser'], 'system', 'httpuser');
 		$this->_updateSetting($upd_stmt, $this->_data['httpgroup'], 'system', 'httpgroup');
-
+		
 		// necessary changes for webservers != apache2
 		if ($this->_data['webserver'] == "apache24") {
 			$this->_updateSetting($upd_stmt, 'apache2', 'system', 'webserver');
@@ -473,25 +486,25 @@ class FroxlorInstall
 			$this->_updateSetting($upd_stmt, '/etc/nginx/nginx.pem', 'system', 'ssl_cert_file');
 			$this->_updateSetting($upd_stmt, '/var/run/', 'phpfpm', 'fastcgi_ipcdir');
 		}
-
+		
 		$this->_updateSetting($upd_stmt, $this->_data['activate_newsfeed'], 'admin', 'show_news_feed');
 		$this->_updateSetting($upd_stmt, dirname(dirname(dirname(__FILE__))), 'system', 'letsencryptchallengepath');
-
+		
 		// insert the lastcronrun to be the installation date
 		$this->_updateSetting($upd_stmt, time(), 'system', 'lastcronrun');
-
+		
 		// set specific times for some crons (traffic only at night, etc.)
 		$ts = mktime(0, 0, 0, date('m', time()), date('d', time()), date('Y', time()));
 		$db->query("UPDATE `" . TABLE_PANEL_CRONRUNS . "` SET `lastrun` = '" . $ts . "' WHERE `cronfile` ='cron_traffic.php';");
 		$ts = mktime(1, 0, 0, date('m', time()), date('d', time()), date('Y', time()));
 		$db->query("UPDATE `" . TABLE_PANEL_CRONRUNS . "` SET `lastrun` = '" . $ts . "' WHERE `cronfile` ='cron_used_tickets_reset.php';");
 		$db->query("UPDATE `" . TABLE_PANEL_CRONRUNS . "` SET `lastrun` = '" . $ts . "' WHERE `cronfile` ='cron_ticketarchive.php';");
-
+		
 		// insert task 99 to generate a correct cron.d-file automatically
 		$db->query("INSERT INTO `" . TABLE_PANEL_TASKS . "` SET `type` = '99';");
-
+		
 		$content .= $this->_status_message('green', 'OK');
-
+		
 		return $content;
 	}

@@ -507,22 +520,28 @@ class FroxlorInstall
 		$content = "";
 		$content .= $this->_status_message('begin', $this->_lng['install']['testing_new_db']);
 		$options = array(
-			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8'
+			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8,sql_mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"'
 		);
 		$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";dbname=" . $this->_data['mysql_database'] . ";";
 		$fatal_fail = false;
 		try {
 			$db = new PDO($dsn, $this->_data['mysql_unpriv_user'], $this->_data['mysql_unpriv_pass'], $options);
+			$attributes = array(
+				'ATTR_ERRMODE' => 'ERRMODE_EXCEPTION'
+			);
+			// set attributes
+			foreach ($attributes as $k => $v) {
+				$db->setAttribute(constant("PDO::" . $k), constant("PDO::" . $v));
+			}
 		} catch (PDOException $e) {
 			$content .= $this->_status_message('red', $e->getMessage());
 			$fatal_fail = true;
 		}
-		;
-
+		
 		if (! $fatal_fail) {
-
+			
 			$content .= $this->_status_message('green', 'OK');
-
+			
 			$content .= $this->_status_message('begin', $this->_lng['install']['importing_data']);
 			$db_schema = dirname(dirname(__FILE__)) . '/froxlor.sql';
 			$sql_query = @file_get_contents($db_schema);
@@ -530,14 +549,23 @@ class FroxlorInstall
 			$sql_query = $this->_split_sql_file($sql_query, ';');
 			for ($i = 0; $i < sizeof($sql_query); $i ++) {
 				if (trim($sql_query[$i]) != '') {
-					$result = $db->query($sql_query[$i]);
+					try {
+						$result = $db->query($sql_query[$i]);
+					} catch (\PDOException $e) {
+						$content .= $this->_status_message('red', $e->getMessage());
+						$fatal_fail = true;
+						$this->_abort = true;
+						break;
+					}
 				}
 			}
+			
+			if (! $fatal_fail) {
+				$content .= $this->_status_message('green', 'OK');
+			}
 			$db = null;
-
-			$content .= $this->_status_message('green', 'OK');
 		}
-
+		
 		return $content;
 	}

@@ -551,56 +579,56 @@ class FroxlorInstall
 	private function _createDatabaseAndUser(&$db_root)
 	{
 		$content = "";
-
+		
 		// so first we have to delete the database and
 		// the user given for the unpriv-user if they exit
 		$content .= $this->_status_message('begin', $this->_lng['install']['prepare_db']);
-
+		
 		$del_stmt = $db_root->prepare("DELETE FROM `mysql`.`user` WHERE `User` = :user AND `Host` = :accesshost");
 		$del_stmt->execute(array(
 			'user' => $this->_data['mysql_unpriv_user'],
 			'accesshost' => $this->_data['mysql_access_host']
 		));
-
+		
 		$del_stmt = $db_root->prepare("DELETE FROM `mysql`.`db` WHERE `User` = :user AND `Host` = :accesshost");
 		$del_stmt->execute(array(
 			'user' => $this->_data['mysql_unpriv_user'],
 			'accesshost' => $this->_data['mysql_access_host']
 		));
-
+		
 		$del_stmt = $db_root->prepare("DELETE FROM `mysql`.`tables_priv` WHERE `User` = :user AND `Host` =:accesshost");
 		$del_stmt->execute(array(
 			'user' => $this->_data['mysql_unpriv_user'],
 			'accesshost' => $this->_data['mysql_access_host']
 		));
-
+		
 		$del_stmt = $db_root->prepare("DELETE FROM `mysql`.`columns_priv` WHERE `User` = :user AND `Host` = :accesshost");
 		$del_stmt->execute(array(
 			'user' => $this->_data['mysql_unpriv_user'],
 			'accesshost' => $this->_data['mysql_access_host']
 		));
-
+		
 		$del_stmt = $db_root->prepare("DROP DATABASE IF EXISTS `" . str_replace('`', '', $this->_data['mysql_database']) . "`;");
 		$del_stmt->execute();
-
+		
 		$db_root->query("FLUSH PRIVILEGES;");
 		$content .= $this->_status_message('green', 'OK');
-
+		
 		// we have to create a new user and database for the froxlor unprivileged mysql access
 		$content .= $this->_status_message('begin', $this->_lng['install']['create_mysqluser_and_db']);
 		$ins_stmt = $db_root->prepare("CREATE DATABASE `" . str_replace('`', '', $this->_data['mysql_database']) . "` CHARACTER SET=utf8 COLLATE=utf8_general_ci");
 		$ins_stmt->execute();
-
+		
 		$mysql_access_host_array = array_map('trim', explode(',', $this->_data['mysql_access_host']));
-
+		
 		if (in_array('127.0.0.1', $mysql_access_host_array) && ! in_array('localhost', $mysql_access_host_array)) {
 			$mysql_access_host_array[] = 'localhost';
 		}
-
+		
 		if (! in_array('127.0.0.1', $mysql_access_host_array) && in_array('localhost', $mysql_access_host_array)) {
 			$mysql_access_host_array[] = '127.0.0.1';
 		}
-
+		
 		$mysql_access_host_array[] = $this->_data['serverip'];
 		foreach ($mysql_access_host_array as $mysql_access_host) {
 			$_db = str_replace('`', '', $this->_data['mysql_database']);
@@ -619,11 +647,11 @@ class FroxlorInstall
 				"password" => $this->_data['mysql_unpriv_pass']
 			));
 		}
-
+		
 		$db_root->query("FLUSH PRIVILEGES;");
 		$this->_data['mysql_access_host'] = implode(',', $mysql_access_host_array);
 		$content .= $this->_status_message('green', 'OK');
-
+		
 		return $content;
 	}

@@ -637,7 +665,7 @@ class FroxlorInstall
 	private function _backupExistingDatabase(&$db_root)
 	{
 		$content = "";
-
+		
 		// check for existing of former database
 		$tables_exist = false;
 		$sql = "SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = :database";
@@ -646,19 +674,19 @@ class FroxlorInstall
 			'database' => $this->_data['mysql_database']
 		));
 		$rows = $db_root->query("SELECT FOUND_ROWS()")->fetchColumn();
-
+		
 		// check result
 		if ($result_stmt !== false && $rows > 0) {
 			$tables_exist = true;
 		}
-
+		
 		if ($tables_exist) {
 			// tell whats going on
 			$content .= $this->_status_message('begin', $this->_lng['install']['backup_old_db']);
-
+			
 			// create temporary backup-filename
 			$filename = "/tmp/froxlor_backup_" . date('YmdHi') . ".sql";
-
+			
 			// look for mysqldump
 			$do_backup = false;
 			if (file_exists("/usr/bin/mysqldump")) {
@@ -668,7 +696,7 @@ class FroxlorInstall
 				$do_backup = true;
 				$mysql_dump = '/usr/local/bin/mysqldump';
 			}
-
+			
 			if ($do_backup) {
 				$command = $mysql_dump . " " . $this->_data['mysql_database'] . " -u " . $this->_data['mysql_root_user'] . " --password='" . $this->_data['mysql_root_pass'] . "' --result-file=" . $filename;
 				$output = exec($command);
@@ -681,7 +709,7 @@ class FroxlorInstall
 				$content .= $this->_status_message('red', $this->_lng['install']['backup_binary_missing']);
 			}
 		}
-
+		
 		return $content;
 	}

@@ -698,12 +726,12 @@ class FroxlorInstall
 		}
 		// language selection
 		$language_options = '';
-		while (list ($language_file, $language_name) = each($this->_languages)) {
+		foreach ($this->_languages as $language_name => $language_file) {
 			$language_options .= makeoption($language_name, $language_file, $this->_activelng, true, true);
 		}
 		// get language-form-template
 		eval("\$content .= \"" . $this->_getTemplate("lngform") . "\";");
-
+		
 		// form-data
 		$formdata = "";
 		/**
@@ -743,7 +771,7 @@ class FroxlorInstall
 			$style = '';
 		}
 		$formdata .= $this->_getSectionItemString('mysql_root_pass', true, $style, 'password');
-
+		
 		/**
 		 * admin data
 		 */
@@ -767,7 +795,7 @@ class FroxlorInstall
 		$formdata .= $this->_getSectionItemString('admin_pass2', true, $style, 'password');
 		// activate newsfeed?
 		$formdata .= $this->_getSectionItemYesNo('activate_newsfeed', true);
-
+		
 		/**
 		 * Server data
 		 */
@@ -781,7 +809,7 @@ class FroxlorInstall
 		}
 		$formdata .= $this->_getSectionItemString('servername', true, $style);
 		// serverip
-		if (! empty($_POST['installstep']) && $this->_data['serverip'] == '') {
+		if (! empty($_POST['installstep']) && ($this->_data['serverip'] == '' || $this->_validate_ip($this->_data['serverip']) == false)) {
 			$style = 'color:red;';
 		} else {
 			$style = '';
@@ -814,11 +842,11 @@ class FroxlorInstall
 			$style = '';
 		}
 		$formdata .= $this->_getSectionItemString('httpgroup', true, $style);
-
+		
 		// get data-form-template
 		$language = htmlspecialchars($this->_activelng);
 		eval("\$content .= \"" . $this->_getTemplate("dataform2") . "\";");
-
+		
 		$navigation = '';
 		return array(
 			'pagecontent' => $content,
@@ -835,7 +863,7 @@ class FroxlorInstall
 	 *        	optional css
 	 * @param string $type
 	 *        	optional type of input-box (default: text)
-	 *
+	 *        	
 	 * @return string
 	 */
 	private function _getSectionItemString($fieldname = null, $required = false, $style = "", $type = 'text')
@@ -895,26 +923,26 @@ class FroxlorInstall
 	 */
 	private function _requirementCheck()
 	{
-
+		
 		// indicator whether we need to abort or not
 		$_die = false;
-
+		
 		$content = "<table class=\"noborder\">";
-
+		
 		// check for correct php version
 		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpversion']);
-
+		
 		if (version_compare("5.3.0", PHP_VERSION, ">=")) {
 			$content .= $this->_status_message('red', $this->_lng['requirements']['notfound'] . ' (' . PHP_VERSION . ')');
 			$_die = true;
 		} else {
 			if (version_compare("5.6.0", PHP_VERSION, ">=")) {
-				$content .= $this->_status_message('orange', $this->_lng['requirements']['newerphpprefered'] . ' (' .PHP_VERSION . ')');
+				$content .= $this->_status_message('orange', $this->_lng['requirements']['newerphpprefered'] . ' (' . PHP_VERSION . ')');
 			} else {
 				$content .= $this->_status_message('green', PHP_VERSION);
 			}
 		}
-
+		
 		// Check if magic_quotes_runtime is active | get_magic_quotes_runtime() is always FALSE since 5.4
 		if (version_compare(PHP_VERSION, "5.4.0", "<")) {
 			$content .= $this->_status_message('begin', $this->_lng['requirements']['phpmagic_quotes_runtime']);
@@ -926,10 +954,10 @@ class FroxlorInstall
 				$content .= $this->_status_message('green', 'off');
 			}
 		}
-
+		
 		// check for php_pdo and pdo_mysql
 		$content .= $this->_status_message('begin', $this->_lng['requirements']['phppdo']);
-
+		
 		if (! extension_loaded('pdo') || in_array("mysql", PDO::getAvailableDrivers()) == false) {
 			$content .= $this->_status_message('red', $this->_lng['requirements']['notinstalled']);
 			$_die = true;
@@ -937,64 +965,38 @@ class FroxlorInstall
 			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
 		}

+		// check for session-extension
+		$this->_requirementCheckFor($content, $_die, 'session', false, 'phpsession');
+
+		// check for ctype-extension
+		$this->_requirementCheckFor($content, $_die, 'ctype', false, 'phpctype');
+
+		// check for SimpleXML-extension
+		$this->_requirementCheckFor($content, $_die, 'simplexml', false, 'phpsimplexml');
+
 		// check for xml-extension
-		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpxml']);
-
-		if (! extension_loaded('xml')) {
-			$content .= $this->_status_message('red', $this->_lng['requirements']['notinstalled']);
-			$_die = true;
-		} else {
-			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
-		}
-
+		$this->_requirementCheckFor($content, $_die, 'xml', false, 'phpxml');
+		
 		// check for filter-extension
-		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpfilter']);
-
-		if (! extension_loaded('filter')) {
-			$content .= $this->_status_message('red', $this->_lng['requirements']['notinstalled']);
-			$_die = true;
-		} else {
-			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
-		}
-
+		$this->_requirementCheckFor($content, $_die, 'filter', false, 'phpfilter');
+		
 		// check for posix-extension
-		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpposix']);
-
-		if (! extension_loaded('posix')) {
-			$content .= $this->_status_message('red', $this->_lng['requirements']['notinstalled']);
-			$_die = true;
-		} else {
-			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
-		}
-
-		// check for bstring-extension
-		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpmbstring']);
-
-		if (! extension_loaded('mbstring')) {
-			$content .= $this->_status_message('red', $this->_lng['requirements']['notinstalled']);
-			$_die = true;
-		} else {
-			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
-		}
+		$this->_requirementCheckFor($content, $_die, 'posix', false, 'phpposix');

+		// check for mbstring-extension
+		$this->_requirementCheckFor($content, $_die, 'mbstring', false, 'phpmbstring');
+		
 		// check for curl extension
-		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpcurl']);
+		$this->_requirementCheckFor($content, $_die, 'curl', false, 'phpcurl');

-		if (! extension_loaded('curl')) {
-			$content .= $this->_status_message('red', $this->_lng['requirements']['notinstalled']);
-			$_die = true;
-		} else {
-			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
-		}
+		// check for json extension
+		$this->_requirementCheckFor($content, $_die, 'json', false, 'phpjson');

 		// check for bcmath extension
-		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpbcmath']);
-
-		if (! extension_loaded('bcmath')) {
-			$content .= $this->_status_message('orange', $this->_lng['requirements']['notinstalled'] . "<br />" . $this->_lng['requirements']['bcmathdescription']);
-		} else {
-			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
-		}
+		$this->_requirementCheckFor($content, $_die, 'bcmath', true, 'phpbcmath', 'bcmathdescription');
+		
+		// check for zip extension
+		$this->_requirementCheckFor($content, $_die, 'zip', true, 'phpzip', 'zipdescription');

 		// check for open_basedir
 		$content .= $this->_status_message('begin', $this->_lng['requirements']['openbasedir']);
@@ -1004,8 +1006,18 @@ class FroxlorInstall
 		} else {
 			$content .= $this->_status_message('green', 'off');
 		}
-		$content .= "</table>";
+		
+		// check for mysqldump binary in order to backup existing database
+		$content .= $this->_status_message('begin', $this->_lng['requirements']['mysqldump']);

+		if (file_exists("/usr/bin/mysqldump") || file_exists("/usr/local/bin/mysqldump")) {
+			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
+		} else {
+			$content .= $this->_status_message('orange', $this->_lng['requirements']['notinstalled'] . "<br />" . $this->_lng['requirements']['mysqldumpmissing']);
+		}
+		
+		$content .= "</table>";
+		
 		// check if we have unrecoverable errors
 		$navigation = '';
 		if ($_die) {
@@ -1020,12 +1032,28 @@ class FroxlorInstall
 			$linktext = $this->_lng['click_here_to_continue'];
 		}
 		eval("\$navigation .= \"" . $this->_getTemplate("pagebottom") . "\";");
-
+		
 		return array(
 			'pagecontent' => $content,
 			'pagenavigation' => $navigation
 		);
 	}
+	
+	private function _requirementCheckFor(&$content, &$_die, $ext = '', $optional = false, $lng_txt = "", $lng_desc = "")
+	{
+		$content .= $this->_status_message('begin', $this->_lng['requirements'][$lng_txt]);
+		
+		if (! extension_loaded($ext)) {
+			if (!$optional) {
+				$content .= $this->_status_message('red', $this->_lng['requirements']['notinstalled']);
+				$_die = true;
+			} else {
+				$content .= $this->_status_message('orange', $this->_lng['requirements']['notinstalled'] . "<br />" . $this->_lng['requirements'][$lng_desc]);
+			}
+		} else {
+			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
+		}
+	}

 	/**
 	 * send no-caching headers and set the default timezone
@@ -1037,7 +1065,7 @@ class FroxlorInstall
 		header("Pragma: no-cache");
 		header('Last-Modified: ' . gmdate('D, d M Y H:i:s \G\M\T', time()));
 		header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time()));
-
+		
 		// ensure that default timezone is set
 		if (function_exists("date_default_timezone_set") && function_exists("date_default_timezone_get")) {
 			@date_default_timezone_set(@date_default_timezone_get());
@@ -1055,7 +1083,7 @@ class FroxlorInstall
 			// includes the usersettings (MySQL-Username/Passwort)
 			// to test if Froxlor is already installed
 			require $this->_basepath . '/lib/userdata.inc.php';
-
+			
 			if (isset($sql) && is_array($sql)) {
 				// use sparkle theme for the notice
 				$installed_hint = file_get_contents($this->_basepath . '/templates/Sparkle/misc/alreadyinstalledhint.tpl');
@@ -1072,7 +1100,7 @@ class FroxlorInstall
 	{
 		// set default
 		$standardlanguage = 'english';
-
+		
 		// check either _GET or _POST
 		if (isset($_GET['language']) && isset($this->_languages[$_GET['language']])) {
 			$this->_activelng = $_GET['language'];
@@ -1093,13 +1121,25 @@ class FroxlorInstall
 					break;
 			}
 		}
-
-		$lngfile = $this->_basepath . '/install/lng/' . $this->_activelng . '.lng.php';
+		
+		// require english base language as fallback
+		$lngfile = $this->_basepath . '/install/lng/' . $standardlanguage . '.lng.php';
 		if (file_exists($lngfile)) {
 			// includes file /lng/$language.lng.php if it exists
 			require $lngfile;
 			$this->_lng = $lng;
 		}
+		
+		// require chosen language if not english
+		if ($this->_activelng != $standardlanguage)
+		{
+			$lngfile = $this->_basepath . '/install/lng/' . $this->_activelng . '.lng.php';
+			if (file_exists($lngfile)) {
+				// includes file /lng/$language.lng.php if it exists
+				require $lngfile;
+				$this->_lng = $lng;
+			}
+		}
 	}

 	/**
@@ -1107,7 +1147,7 @@ class FroxlorInstall
 	 *
 	 * @param string $template
 	 *        	name of the template including subdirectory
-	 *
+	 *        	
 	 * @return string
 	 */
 	private function _getTemplate($template = null)
@@ -1124,7 +1164,7 @@ class FroxlorInstall
 		} else {
 			$templatefile = 'TEMPLATE NOT FOUND: ' . $filename;
 		}
-
+		
 		return $templatefile;
 	}

@@ -1155,14 +1195,13 @@ class FroxlorInstall
 			$this->_data['servername'] = $_POST['servername'];
 			return;
 			// from $_SERVER
-		} else
-			if (! empty($_SERVER['SERVER_NAME'])) {
-				// no ips
-				if ($this->_validate_ip($_SERVER['SERVER_NAME']) == false) {
-					$this->_data['servername'] = $_SERVER['SERVER_NAME'];
-					return;
-				}
+		} else if (! empty($_SERVER['SERVER_NAME'])) {
+			// no ips
+			if ($this->_validate_ip($_SERVER['SERVER_NAME']) == false) {
+				$this->_data['servername'] = $_SERVER['SERVER_NAME'];
+				return;
 			}
+		}
 		// empty
 		$this->_data['servername'] = '';
 	}
@@ -1195,7 +1234,7 @@ class FroxlorInstall
 			$this->_data['webserver'] = $_POST['webserver'];
 		} else {
 			if (strtoupper(@php_sapi_name()) == "APACHE2HANDLER" || stristr($_SERVER['SERVER_SOFTWARE'], "apache/2")) {
-				$this->_data['webserver'] = 'apache2';
+				$this->_data['webserver'] = 'apache24';
 			} elseif (substr(strtoupper(@php_sapi_name()), 0, 8) == "LIGHTTPD" || stristr($_SERVER['SERVER_SOFTWARE'], "lighttpd")) {
 				$this->_data['webserver'] = 'lighttpd';
 			} elseif (substr(strtoupper(@php_sapi_name()), 0, 8) == "NGINX" || stristr($_SERVER['SERVER_SOFTWARE'], "nginx")) {
@@ -1281,17 +1320,17 @@ class FroxlorInstall
 	 */
 	private function _split_sql_file($sql, $delimiter)
 	{
-
+		
 		// Split up our string into "possible" SQL statements.
 		$tokens = explode($delimiter, $sql);
-
+		
 		// try to save mem.
 		$sql = "";
 		$output = array();
-
+		
 		// we don't actually care about the matches preg gives us.
 		$matches = array();
-
+		
 		// this is faster than calling count($tokens) every time through the loop.
 		$token_count = count($tokens);
 		for ($i = 0; $i < $token_count; $i ++) {
@@ -1299,12 +1338,12 @@ class FroxlorInstall
 			if (($i != ($token_count - 1)) || (strlen($tokens[$i] > 0))) {
 				// This is the total number of single quotes in the token.
 				$total_quotes = preg_match_all("/'/", $tokens[$i], $matches);
-
+				
 				// Counts single quotes that are preceded by an odd number of backslashes,
 				// which means they're escaped quotes.
 				$escaped_quotes = preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $tokens[$i], $matches);
 				$unescaped_quotes = $total_quotes - $escaped_quotes;
-
+				
 				// If the number of unescaped quotes is even, then the delimiter
 				// did NOT occur inside a string literal.
 				if (($unescaped_quotes % 2) == 0) {
@@ -1327,7 +1366,7 @@ class FroxlorInstall
 						// which means they're escaped quotes.
 						$escaped_quotes = preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $tokens[$j], $matches);
 						$unescaped_quotes = $total_quotes - $escaped_quotes;
-
+						
 						if (($unescaped_quotes % 2) == 1) {
 							// odd number of unescaped quotes. In combination with the previous incomplete
 							// statement(s), we now have a complete statement. (2 odds always make an even)
--- a/install/lng/english.lng.php
+++ b/install/lng/english.lng.php
@@ -28,15 +28,23 @@ $lng['requirements']['newerphpprefered'] = 'Good, but php-5.6 is prefered.';
 $lng['requirements']['phpmagic_quotes_runtime'] = 'magic_quotes_runtime...';
 $lng['requirements']['phpmagic_quotes_runtime_description'] = 'PHP setting "magic_quotes_runtime" must be set to "Off". We have disabled it temporary for now please fix the coresponding php.ini.';
 $lng['requirements']['phppdo'] = 'PHP PDO extension and PDO-MySQL driver...';
+$lng['requirements']['phpsession'] = 'PHP session-extension...';
+$lng['requirements']['phpctype'] = 'PHP ctype-extension...';
+$lng['requirements']['phpsimplexml'] = 'PHP SimpleXML-extension...';
 $lng['requirements']['phpxml'] = 'PHP XML-extension...';
 $lng['requirements']['phpfilter'] = 'PHP filter-extension...';
 $lng['requirements']['phpposix'] = 'PHP posix-extension...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-extension...';
 $lng['requirements']['phpcurl'] = 'PHP curl-extension...';
 $lng['requirements']['phpmbstring'] = 'PHP mbstring-extension...';
+$lng['requirements']['phpzip'] = 'PHP zip-extension...';
+$lng['requirements']['phpjson'] = 'PHP json-extension...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-calculation related functions will not work correctly!';
+$lng['requirements']['zipdescription'] = 'The auto-update feature requires the zip extension.';
 $lng['requirements']['openbasedir'] = 'open_basedir...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor will not work properly with open_basedir enabled. Please disable open_basedir for Froxlor in the coresponding php.ini';
+$lng['requirements']['mysqldump'] = 'MySQL dump tool';
+$lng['requirements']['mysqldumpmissing'] = 'Automatic backup of possible existing database is not possible. Please install mysql-client tools';
 $lng['requirements']['diedbecauseofrequirements'] = 'Cannot install Froxlor without these requirements! Try to fix them and retry.';
 $lng['requirements']['froxlor_succ_checks'] = 'All requirements are satisfied';

@@ -61,7 +69,7 @@ $lng['install']['serversettings'] = 'Server settings';
 $lng['install']['servername'] = 'Server name (FQDN, no ip-address)';
 $lng['install']['serverip'] = 'Server IP';
 $lng['install']['webserver'] = 'Webserver';
-$lng['install']['apache2'] = 'Apache 2';
+$lng['install']['apache2'] = 'Apache 2.2';
 $lng['install']['apache24'] = 'Apache 2.4';
 $lng['install']['lighttpd'] = 'LigHTTPd';
 $lng['install']['nginx'] = 'NGINX';
@@ -81,8 +89,8 @@ $lng['install']['changing_data'] = 'Adjusting settings...';
 $lng['install']['creating_entries'] = 'Inserting new values...';
 $lng['install']['adding_admin_user'] = 'Creating admin-account...';
 $lng['install']['creating_configfile'] = 'Creating configfile...';
-$lng['install']['creating_configfile_temp'] = 'File was saved in /tmp/userdata.inc.php, please move to lib/.';
-$lng['install']['creating_configfile_failed'] = 'Could not create lib/userdata.inc.php, please create it manually with the following content:';
+$lng['install']['creating_configfile_temp'] = 'File was saved in /tmp/userdata.inc.php, please move to '.dirname(dirname(__DIR__)).'/lib/.';
+$lng['install']['creating_configfile_failed'] = 'Could not create '.dirname(dirname(__DIR__)).'/lib/userdata.inc.php, please create it manually with the following content:';
 $lng['install']['froxlor_succ_installed'] = 'Froxlor was installed successfully.';

 $lng['click_here_to_refresh'] = 'Click here to check again';
--- a/install/lng/french.lng.php
+++ b/install/lng/french.lng.php
@@ -79,8 +79,8 @@ $lng['install']['changing_data'] = 'Ajustement des paramètres...';
 $lng['install']['creating_entries'] = 'Insertion des nouvelles valeurs...';
 $lng['install']['adding_admin_user'] = 'Création du compte administrateur...';
 $lng['install']['creating_configfile'] = 'Création du fichier de configuration...';
-$lng['install']['creating_configfile_temp'] = 'Le fichier a été enregistré dans /tmp/userdata.inc.php, merci de le déplacer dans lib/.';
-$lng['install']['creating_configfile_failed'] = 'Impossible de créer lib/userdata.inc.php, merci de le créer manuellement avec le contenu suivant:';
+$lng['install']['creating_configfile_temp'] = 'Le fichier a été enregistré dans /tmp/userdata.inc.php, merci de le déplacer dans '.dirname(dirname(__DIR__)).'/lib/.';
+$lng['install']['creating_configfile_failed'] = 'Impossible de créer '.dirname(dirname(__DIR__)).'/lib/userdata.inc.php, merci de le créer manuellement avec le contenu suivant:';
 $lng['install']['froxlor_succ_installed'] = 'Froxlor a été installé avec succès.';

 $lng['click_here_to_refresh'] = 'Cliquez ici pour vérifier à nouveau';
--- a/install/lng/german.lng.php
+++ b/install/lng/german.lng.php
@@ -28,15 +28,23 @@ $lng['requirements']['newerphpprefered'] = 'Passt, aber php-5.6 wird bevorzugt.'
 $lng['requirements']['phpmagic_quotes_runtime'] = 'magic_quotes_runtime';
 $lng['requirements']['phpmagic_quotes_runtime_description'] = 'Die PHP Einstellung "magic_quotes_runtime" muss deaktiviert sein ("Off"). Die Einstellung wurde temporär deaktiviert, bitte ändern Sie diese in der entsprechenden php.ini.';
 $lng['requirements']['phppdo'] = 'PHP PDO Erweiterung und PDO-MySQL Treiber...';
+$lng['requirements']['phpsession'] = 'PHP session-Erweiterung...';
+$lng['requirements']['phpctype'] = 'PHP ctype-Erweiterung...';
+$lng['requirements']['phpsimplexml'] = 'PHP SimpleXML-Erweiterung...';
 $lng['requirements']['phpxml'] = 'PHP XML-Erweiterung...';
 $lng['requirements']['phpfilter'] = 'PHP filter-Erweiterung...';
 $lng['requirements']['phpposix'] = 'PHP posix-Erweiterung...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-Erweiterung...';
 $lng['requirements']['phpcurl'] = 'PHP curl-Erweiterung...';
 $lng['requirements']['phpmbstring'] = 'PHP mbstring-Erweiterung...';
+$lng['requirements']['phpzip'] = 'PHP zip-Erweiterung...';
+$lng['requirements']['phpjson'] = 'PHP json-Erweiterung...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-Berechnungs bezogene Funktionen stehen nicht vollständig zur Verfügung!';
+$lng['requirements']['zipdescription'] = 'Die Auto-Update Funktion benötigt die zip Erweiterung.';
 $lng['requirements']['openbasedir'] = 'open_basedir genutzt wird...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor wird mit aktiviertem open_basedir nicht vollständig funktionieren. Bitte deaktivieren Sie open_basedir für Froxlor in der entsprechenden php.ini';
+$lng['requirements']['mysqldump'] = 'MySQL dump Tool';
+$lng['requirements']['mysqldumpmissing'] = 'Ein automatisches Backup einer möglicherweise schon existierenden Datenbank nicht möglich. Bitte mysql-client installieren';
 $lng['requirements']['diedbecauseofrequirements'] = 'Kann Froxlor ohne diese Voraussetzungen nicht installieren! Beheben Sie die angezeigten Probleme und versuchen Sie es erneut.';
 $lng['requirements']['froxlor_succ_checks'] = 'Alle Vorraussetzungen sind erfüllt';

@@ -81,8 +89,8 @@ $lng['install']['changing_data'] = 'Einstellungen anpassen...';
 $lng['install']['creating_entries'] = 'Trage neue Werte ein...';
 $lng['install']['adding_admin_user'] = 'Erstelle Admin-Benutzer...';
 $lng['install']['creating_configfile'] = 'Erstelle Konfigurationsdatei...';
-$lng['install']['creating_configfile_temp'] = 'Datei wurde in /tmp/userdata.inc.php gespeichert, bitte nach lib/ verschieben.';
-$lng['install']['creating_configfile_failed'] = 'Konnte lib/userdata.inc.php nicht erstellen, bitte manuell mit folgendem Inhalt anlegen:';
+$lng['install']['creating_configfile_temp'] = 'Datei wurde in /tmp/userdata.inc.php gespeichert, bitte nach '.dirname(dirname(__DIR__)).'/lib/ verschieben.';
+$lng['install']['creating_configfile_failed'] = 'Konnte '.dirname(dirname(__DIR__)).'/lib/userdata.inc.php nicht erstellen, bitte manuell mit folgendem Inhalt anlegen:';
 $lng['install']['froxlor_succ_installed'] = 'Froxlor wurde erfolgreich installiert.';

 $lng['click_here_to_refresh'] = 'Hier klicken, um erneut zu prüfen';
--- a/install/scripts/config-services.php
+++ b/install/scripts/config-services.php
@@ -0,0 +1,489 @@
+#!/usr/bin/php
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2018 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Froxlor team <team@froxlor.org> (2018-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Cron
+ *         
+ */
+
+// Check if we're in the CLI
+if (@php_sapi_name() !== 'cli') {
+	die('This script will only work in the shell.');
+}
+
+require dirname(dirname(__DIR__)) . '/lib/classes/output/class.CmdLineHandler.php';
+
+class ConfigServicesCmd extends CmdLineHandler
+{
+
+	/**
+	 * list of valid switches
+	 *
+	 * @var array
+	 */
+	public static $switches = array(
+		'h'
+	);
+
+	/**
+	 * list of valid parameters
+	 *
+	 * @var array
+	 */
+	public static $params = array(
+		'create',
+		'apply',
+		'import-settings',
+		'daemon',
+		'list-daemons',
+		'froxlor-dir',
+		'help'
+	);
+
+	public static $action_class = 'Action';
+
+	public static function printHelp()
+	{
+		self::println("");
+		self::println("Help / command line parameters:");
+		self::println("");
+		// commands
+		self::println("--create\t\tlets you create a services list configuration for the 'apply' command");
+		self::println("");
+		self::println("--apply\t\t\tconfigure your services by given configuration file. To create one run the --create command");
+		self::println("\t\t\tExample: --apply=/path/to/my-config.json or --apply=http://domain.tld/my-config.json");
+		self::println("");
+		self::println("--list-daemons\t\tOutput the services that are going to be configured using a given config file. No services will be configured.");
+		self::println("\t\t\tExample: --apply=/path/to/my-config.json --list-daemons");
+		self::println("");
+		self::println("--daemon\t\tWhen running --apply you can specify a daemon. This will be the only service that gets configured");
+		self::println("\t\t\tExample: --apply=/path/to/my-config.json --daemon=apache24");
+		self::println("");
+		self::println("--import-settings\tImport settings from another froxlor installation. This should be done prior to running --apply or alternatively in the same command together.");
+		self::println("\t\t\tExample: --import-settings=/path/to/Froxlor_settings-[version]-[dbversion]-[date].json or --import-settings=http://domain.tld/Froxlor_settings-[version]-[dbversion]-[date].json");
+		self::println("");
+		self::println("--froxlor-dir\t\tpath to froxlor installation");
+		self::println("\t\t\tExample: --froxlor-dir=/var/www/froxlor/");
+		self::println("");
+		self::println("--help\t\t\tshow help screen (this)");
+		self::println("");
+		// switches
+		// self::println("-d\t\t\tenable debug output");
+		self::println("-h\t\t\tsame as --help");
+		self::println("");
+		
+		die(); // end of execution
+	}
+}
+
+class Action
+{
+
+	private $_args = null;
+
+	private $_name = null;
+
+	private $_db = null;
+
+	public function __construct($args)
+	{
+		$this->_args = $args;
+		$this->_validate();
+	}
+
+	public function getActionName()
+	{
+		return $this->_name;
+	}
+
+	/**
+	 * validates the parsed command line parameters
+	 *
+	 * @throws Exception
+	 */
+	private function _validate()
+	{
+		$this->_checkConfigParam(true);
+		$this->_parseConfig();
+		
+		require FROXLOR_INSTALL_DIR . '/lib/tables.inc.php';
+		require FROXLOR_INSTALL_DIR . '/lib/functions.php';
+		require FROXLOR_INSTALL_DIR . '/lib/classes/settings/class.Settings.php';
+		require FROXLOR_INSTALL_DIR . '/lib/classes/settings/class.SImExporter.php';
+		require FROXLOR_INSTALL_DIR . '/lib/classes/config/class.ConfigParser.php';
+		require FROXLOR_INSTALL_DIR . '/lib/classes/config/class.ConfigService.php';
+		require FROXLOR_INSTALL_DIR . '/lib/classes/config/class.ConfigDaemon.php';
+		
+		if (array_key_exists("import-settings", $this->_args)) {
+			$this->_importSettings();
+		}
+		
+		if (array_key_exists("create", $this->_args)) {
+			$this->_createConfig();
+		} elseif (array_key_exists("apply", $this->_args)) {
+			$this->_applyConfig();
+		} elseif (array_key_exists("list-daemons", $this->_args) || array_key_exists("daemon", $this->_args)) {
+			CmdLineHandler::printwarn("--list-daemons and --daemon only work together with --apply");
+		}
+	}
+
+	private function _importSettings()
+	{
+		if (strtoupper(substr($this->_args["import-settings"], 0, 4)) == 'HTTP') {
+			echo "Settings file seems to be an URL, trying to download" . PHP_EOL;
+			$target = "/tmp/froxlor-import-settings-" . time() . ".json";
+			if (@file_exists($target)) {
+				@unlink($target);
+			}
+			$this->downloadFile($this->_args["import-settings"], $target);
+			$this->_args["import-settings"] = $target;
+		}
+		if (! is_file($this->_args["import-settings"])) {
+			throw new Exception("Given settings file is not a file");
+		} elseif (! file_exists($this->_args["import-settings"])) {
+			throw new Exception("Given settings file cannot be found ('" . $this->_args["import-settings"] . "')");
+		} elseif (! is_readable($this->_args["import-settings"])) {
+			throw new Exception("Given settings file cannot be read ('" . $this->_args["import-settings"] . "')");
+		}
+		$imp_content = file_get_contents($this->_args["import-settings"]);
+		SImExporter::import($imp_content);
+		CmdLineHandler::printsucc("Successfully imported settings from '" . $this->_args["import-settings"] . "'");
+	}
+
+	private function _createConfig()
+	{
+		$_daemons_config = array(
+			'distro' => ""
+		);
+		
+		$config_dir = FROXLOR_INSTALL_DIR . '/lib/configfiles/';
+		// show list of available distro's
+		$distros = glob($config_dir . '*.xml');
+		// tmp array
+		$distributions_select_data = array();
+		// read in all the distros
+		foreach ($distros as $_distribution) {
+			// get configparser object
+			$dist = new ConfigParser($_distribution);
+			// get distro-info
+			$dist_display = $this->getCompleteDistroName($dist);
+			// store in tmp array
+			$distributions_select_data[$dist_display] = str_replace(".xml", "", strtolower(basename($_distribution)));
+		}
+		
+		// sort by distribution name
+		ksort($distributions_select_data);
+		
+		// list all distributions
+		$mask = "|%-50.50s |%-50.50s |\n";
+		printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+		printf($mask, 'dist', 'name');
+		printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+		foreach ($distributions_select_data as $name => $filename) {
+			printf($mask, $filename, $name);
+		}
+		printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+		echo PHP_EOL;
+		
+		while (! in_array($_daemons_config['distro'], $distributions_select_data)) {
+			$_daemons_config['distro'] = CmdLineHandler::getInput("choose distribution", "stretch");
+		}
+		
+		// go through all services and let user check whether to include it or not
+		$configfiles = new ConfigParser($config_dir . '/' . $_daemons_config['distro'] . ".xml");
+		$services = $configfiles->getServices();
+		
+		foreach ($services as $si => $service) {
+			echo PHP_EOL . "--- " . strtoupper($si) . " ---" . PHP_EOL . PHP_EOL;
+			$_daemons_config[$si] = "";
+			
+			$daemons = $service->getDaemons();
+			$mask = "|%-50.50s |%-50.50s |\n";
+			printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+			printf($mask, 'value', 'name');
+			printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+			$default_daemon = "";
+			foreach ($daemons as $di => $dd) {
+				$title = $dd->title;
+				if ($dd->default) {
+					$default_daemon = $di;
+					$title = $title . " (default)";
+				}
+				printf($mask, $di, $title);
+			}
+			printf($mask, "x", "No " . $si);
+			$daemons['x'] = 'x';
+			printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+			echo PHP_EOL;
+			if ($si == 'system') {
+				$_daemons_config[$si] = array();
+				// for the system/other services we need a multiple choice possibility
+				CmdLineHandler::println("Select every service you need. Enter empty value when done");
+				$sysservice = "";
+				do {
+					$sysservice = CmdLineHandler::getInput("choose service");
+					if (! empty($sysservice)) {
+						$_daemons_config[$si][] = $sysservice;
+					}
+				} while (! empty($sysservice));
+			} else {
+				// for all others -> only one value
+				while (! array_key_exists($_daemons_config[$si], $daemons)) {
+					$_daemons_config[$si] = CmdLineHandler::getInput("choose service", $default_daemon);
+				}
+			}
+		}
+		
+		echo PHP_EOL . PHP_EOL;
+		$daemons_config = json_encode($_daemons_config);
+		$output = CmdLineHandler::getInput("choose output-filename", "/tmp/froxlor-config-" . date('Ymd') . ".json");
+		file_put_contents($output, $daemons_config);
+		CmdLineHandler::printsucc("Successfully generated service-configfile '" . $output . "'");
+	}
+
+	private function getCompleteDistroName($cparser)
+	{
+		// get distro-info
+		$dist_display = $cparser->distributionName;
+		if ($cparser->distributionCodename != '') {
+			$dist_display .= " " . $cparser->distributionCodename;
+		}
+		if ($cparser->distributionVersion != '') {
+			$dist_display .= " (" . $cparser->distributionVersion . ")";
+		}
+		if ($cparser->deprecated) {
+			$dist_display .= " [deprecated]";
+		}
+		return $dist_display;
+	}
+
+	private function _applyConfig()
+	{
+		if (strtoupper(substr($this->_args["apply"], 0, 4)) == 'HTTP') {
+			echo "Config file seems to be an URL, trying to download" . PHP_EOL;
+			$target = "/tmp/froxlor-config-" . time() . ".json";
+			if (@file_exists($target)) {
+				@unlink($target);
+			}
+			$this->downloadFile($this->_args["apply"], $target);
+			$this->_args["apply"] = $target;
+		}
+		if (! is_file($this->_args["apply"])) {
+			throw new Exception("Given config file is not a file");
+		} elseif (! file_exists($this->_args["apply"])) {
+			throw new Exception("Given config file cannot be found ('" . $this->_args["apply"] . "')");
+		} elseif (! is_readable($this->_args["apply"])) {
+			throw new Exception("Given config file cannot be read ('" . $this->_args["apply"] . "')");
+		}
+		
+		$config = file_get_contents($this->_args["apply"]);
+		$decoded_config = json_decode($config, true);
+		
+		if (array_key_exists("list-daemons", $this->_args)) {
+			$mask = "|%-50.50s |%-50.50s |\n";
+			printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+			printf($mask, 'service', 'daemon');
+			printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+			foreach ($decoded_config as $service => $daemon) {
+				if (is_array($daemon) && count($daemon) > 0) {
+					foreach ($daemon as $sysdaemon) {
+						printf($mask, $service, $sysdaemon);
+					}
+				} else {
+					if ($daemon == 'x') {
+						$daemon = '--- skipped ---';
+					}
+					printf($mask, $service, $daemon);
+				}
+			}
+			printf($mask, str_repeat("-", 50), str_repeat("-", 50));
+			echo PHP_EOL;
+			exit();
+		}
+		
+		$only_daemon = null;
+		if (array_key_exists("daemon", $this->_args)) {
+			$only_daemon = $this->_args['daemon'];
+		}
+		
+		if (! empty($decoded_config)) {
+			$config_dir = FROXLOR_INSTALL_DIR . '/lib/configfiles/';
+			$configfiles = new ConfigParser($config_dir . '/' . $decoded_config['distro'] . ".xml");
+			$services = $configfiles->getServices();
+			$replace_arr = $this->_getReplacerArray();
+			
+			foreach ($services as $si => $service) {
+				echo PHP_EOL . "--- Configuring: " . strtoupper($si) . " ---" . PHP_EOL . PHP_EOL;
+				if (! isset($decoded_config[$si]) || $decoded_config[$si] == 'x') {
+					CmdLineHandler::printwarn("Skipping " . strtoupper($si) . " configuration as desired");
+					continue;
+				}
+				$daemons = $service->getDaemons();
+				foreach ($daemons as $di => $dd) {
+					// check for desired service
+					if (($si != 'system' && $decoded_config[$si] != $di) || (is_array($decoded_config[$si]) && ! in_array($di, $decoded_config[$si]))) {
+						continue;
+					}
+					CmdLineHandler::println("Configuring '" . $di . "'");
+					
+					if (! empty($only_daemon) && $only_daemon != $di) {
+						CmdLineHandler::printwarn("Skipping " . $di . " configuration as desired");
+						continue;
+					}
+					// run all cmds
+					$confarr = $dd->getConfig();
+					foreach ($confarr as $idx => $action) {
+						switch ($action['type']) {
+							case "install":
+								CmdLineHandler::println("Installing required packages");
+								passthru(strtr($action['content'], $replace_arr), $result);
+								if (strlen($result) > 1) {
+									echo $result;
+								}
+								break;
+							case "command":
+								exec(strtr($action['content'], $replace_arr));
+								break;
+							case "file":
+								if (array_key_exists('content', $action)) {
+									CmdLineHandler::printwarn("Creating file '" . $action['name'] . "'");
+									file_put_contents($action['name'], trim(strtr($action['content'], $replace_arr)));
+								} elseif (array_key_exists('subcommands', $action)) {
+									foreach ($action['subcommands'] as $fileaction) {
+										if (array_key_exists('execute', $fileaction) && $fileaction['execute'] == "pre") {
+											exec(strtr($fileaction['content'], $replace_arr));
+										} elseif (array_key_exists('execute', $fileaction) && $fileaction['execute'] == "post") {
+											exec(strtr($fileaction['content'], $replace_arr));
+										} elseif ($fileaction['type'] == 'file') {
+											CmdLineHandler::printwarn("Creating file '" . $fileaction['name'] . "'");
+											file_put_contents($fileaction['name'], trim(strtr($fileaction['content'], $replace_arr)));
+										}
+									}
+								}
+								break;
+						}
+					}
+				}
+			}
+			// run cronjob at the end to ensure configs are all up to date
+			exec('php ' . FROXLOR_INSTALL_DIR . '/scripts/froxlor_master_cronjob.php --force');
+			// and done
+			CmdLineHandler::printsucc("All services have been configured");
+		} else {
+			CmdLineHandler::printerr("Unable to decode given JSON file");
+		}
+	}
+
+	private function _getReplacerArray()
+	{
+		$customer_tmpdir = '/tmp/';
+		if (Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_tmpdir') != '') {
+			$customer_tmpdir = Settings::Get('system.mod_fcgid_tmpdir');
+		} elseif (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.tmpdir') != '') {
+			$customer_tmpdir = Settings::Get('phpfpm.tmpdir');
+		}
+		
+		// try to convert namserver hosts to ip's
+		$ns_ips = "";
+		if (Settings::Get('system.nameservers') != '') {
+			$nameservers = explode(',', Settings::Get('system.nameservers'));
+			foreach ($nameservers as $nameserver) {
+				$nameserver = trim($nameserver);
+				$nameserver_ips = gethostbynamel($nameserver);
+				if (is_array($nameserver_ips) && count($nameserver_ips) > 0) {
+					$ns_ips .= implode(",", $nameserver_ips);
+				}
+			}
+		}
+		
+		Database::needSqlData();
+		$sql = Database::getSqlData();
+		
+		$replace_arr = array(
+			'<SQL_UNPRIVILEGED_USER>' => $sql['user'],
+			'<SQL_UNPRIVILEGED_PASSWORD>' => $sql['passwd'],
+			'<SQL_DB>' => $sql['db'],
+			'<SQL_HOST>' => $sql['host'],
+			'<SQL_SOCKET>' => isset($sql['socket']) ? $sql['socket'] : null,
+			'<SERVERNAME>' => Settings::Get('system.hostname'),
+			'<SERVERIP>' => Settings::Get('system.ipaddress'),
+			'<NAMESERVERS>' => Settings::Get('system.nameservers'),
+			'<NAMESERVERS_IP>' => $ns_ips,
+			'<AXFRSERVERS>' => Settings::Get('system.axfrservers'),
+			'<VIRTUAL_MAILBOX_BASE>' => Settings::Get('system.vmail_homedir'),
+			'<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
+			'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),
+			'<SSLPROTOCOLS>' => (Settings::Get('system.use_ssl') == '1') ? 'imaps pop3s' : '',
+			'<CUSTOMER_TMP>' => makeCorrectDir($customer_tmpdir),
+			'<BASE_PATH>' => makeCorrectDir(FROXLOR_INSTALL_DIR),
+			'<BIND_CONFIG_PATH>' => makeCorrectDir(Settings::Get('system.bindconf_directory')),
+			'<WEBSERVER_RELOAD_CMD>' => Settings::Get('system.apachereload_command'),
+			'<CUSTOMER_LOGS>' => makeCorrectDir(Settings::Get('system.logfiles_directory')),
+			'<FPM_IPCDIR>' => makeCorrectDir(Settings::Get('phpfpm.fastcgi_ipcdir')),
+			'<WEBSERVER_GROUP>' => Settings::Get('system.httpgroup')
+		);
+		return $replace_arr;
+	}
+
+	private function _parseConfig()
+	{
+		define('FROXLOR_INSTALL_DIR', $this->_args['froxlor-dir']);
+		if (! file_exists(FROXLOR_INSTALL_DIR . '/lib/classes/database/class.Database.php')) {
+			throw new Exception("Could not find froxlor's Database class. Is froxlor really installed to '" . FROXLOR_INSTALL_DIR . "'?");
+		}
+		if (! file_exists(FROXLOR_INSTALL_DIR . '/lib/userdata.inc.php')) {
+			throw new Exception("Could not find froxlor's userdata.inc.php file. You should use this script only with a fully installed and setup froxlor system.");
+		}
+		require FROXLOR_INSTALL_DIR . '/lib/classes/database/class.Database.php';
+	}
+
+	private function _checkConfigParam($needed = false)
+	{
+		if ($needed) {
+			if (! isset($this->_args["froxlor-dir"])) {
+				throw new Exception("No configuration given (missing --froxlor-dir parameter?)");
+			} elseif (! is_dir($this->_args["froxlor-dir"])) {
+				throw new Exception("Given --froxlor-dir parameter is not a directory");
+			} elseif (! file_exists($this->_args["froxlor-dir"])) {
+				throw new Exception("Given froxlor directory cannot be found ('" . $this->_args["froxlor-dir"] . "')");
+			} elseif (! is_readable($this->_args["froxlor-dir"])) {
+				throw new Exception("Given froxlor direcotry cannot be read ('" . $this->_args["froxlor-dir"] . "')");
+			}
+		}
+	}
+
+	private function downloadFile($src, $dest)
+	{
+		set_time_limit(0);
+		// This is the file where we save the information
+		$fp = fopen($dest, 'w+');
+		// Here is the file we are downloading, replace spaces with %20
+		$ch = curl_init(str_replace(" ", "%20", $src));
+		curl_setopt($ch, CURLOPT_TIMEOUT, 50);
+		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+		// write curl response to file
+		curl_setopt($ch, CURLOPT_FILE, $fp);
+		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+		// get curl response
+		curl_exec($ch);
+		curl_close($ch);
+		fclose($fp);
+	}
+}
+
+// give control to command line handler
+try {
+	ConfigServicesCmd::processParameters($argc, $argv);
+} catch (Exception $e) {
+	ConfigServicesCmd::printerr($e->getMessage());
+}
--- a/install/scripts/switch-server-ip.php
+++ b/install/scripts/switch-server-ip.php
@@ -13,46 +13,33 @@
 * @author Froxlor team <team@froxlor.org> (2016-)
 * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
 * @package Cron
- *
+ *         
 */

 // Check if we're in the CLI
-if(@php_sapi_name() !== 'cli') {
+if (@php_sapi_name() !== 'cli') {
 	die('This script will only work in the shell.');
 }

-// give control to command line handler
-try {
-	CmdLineHandler::processParameters($argc, $argv);
-} catch (Exception $e) {
-	CmdLineHandler::printerr($e->getMessage());
-}
+require dirname(dirname(__DIR__)) . '/lib/classes/output/class.CmdLineHandler.php';

-class CmdLineHandler
+class SwitchServerIp extends CmdLineHandler
 {

 	/**
-	 * internal variable for passed arguments
+	 * list of valid switches
 	 *
 	 * @var array
 	 */
-	private static $args = null;
-
-	/**
-	 * Action object read from commandline/config
-	 *
-	 * @var Action
-	 */
-	private $_action = null;
-
-	/**
-	 * list of valid parameters/switches
-	 */
 	public static $switches = array(
-		/* 'd', // debug / output information for everything */
 		'h'
 	);
- // same as --help
+
+	/**
+	 * list of valid parameters
+	 *
+	 * @var array
+	 */
 	public static $params = array(
 		'switch',
 		'list',
@@ -60,131 +47,7 @@ class CmdLineHandler
 		'help'
 	);

-	/**
-	 * Returns a CmdLineHandler object with given
-	 * arguments from command line
-	 *
-	 * @param int $argc
-	 * @param array $argv
-	 *
-	 * @return CmdLineHandler
-	 */
-	public static function processParameters($argc, $argv)
-	{
-		return new CmdLineHandler($argc, $argv);
-	}
-
-	/**
-	 * returns the Action object generated in
-	 * the class constructor
-	 *
-	 * @return Action
-	 */
-	public function getAction()
-	{
-		return $this->_action;
-	}
-
-	/**
-	 * class constructor, validates the command line parameters
-	 * and sets the Action-object if valid
-	 *
-	 * @param int $argc
-	 * @param string[] $argv
-	 *
-	 * @return null
-	 * @throws Exception
-	 */
-	private function __construct($argc, $argv)
-	{
-		self::$args = $this->_parseArgs($argv);
-		$this->_action = $this->_createAction();
-	}
-
-	/**
-	 * Parses the arguments given via the command line;
-	 * three types are supported:
-	 * 1.
-	 * --parm1 or --parm2=value
-	 * 2. -xyz (multiple switches in one) or -a=value
-	 * 3. parm1 parm2
-	 *
-	 * The 1. will be mapped as
-	 * ["parm1"] => true, ["parm2"] => "value"
-	 * The 2. as
-	 * ["x"] => true, ["y"] => true, ["z"] => true, ["a"] => "value"
-	 * And the 3. as
-	 * [0] => "parm1", [1] => "parm2"
-	 *
-	 * @param array $argv
-	 *
-	 * @return array
-	 */
-	private function _parseArgs($argv)
-	{
-		array_shift($argv);
-		$o = array();
-		foreach ($argv as $a) {
-			if (substr($a, 0, 2) == '--') {
-				$eq = strpos($a, '=');
-				if ($eq !== false) {
-					$o[substr($a, 2, $eq - 2)] = substr($a, $eq + 1);
-				} else {
-					$k = substr($a, 2);
-					if (! isset($o[$k])) {
-						$o[$k] = true;
-					}
-				}
-			} else
-				if (substr($a, 0, 1) == '-') {
-					if (substr($a, 2, 1) == '=') {
-						$o[substr($a, 1, 1)] = substr($a, 3);
-					} else {
-						foreach (str_split(substr($a, 1)) as $k) {
-							if (! isset($o[$k])) {
-								$o[$k] = true;
-							}
-						}
-					}
-				} else {
-					$o[] = $a;
-				}
-		}
-		return $o;
-	}
-
-	/**
-	 * Creates an Action-Object for the Action-Handler
-	 *
-	 * @return Action
-	 * @throws Exception
-	 */
-	private function _createAction()
-	{
-
-		// Test for help-switch
-		if (empty(self::$args) || array_key_exists("help", self::$args) || array_key_exists("h", self::$args)) {
-			self::printHelp();
-			// end of execution
-		}
-		// check if no unknown parameters are present
-		foreach (self::$args as $arg => $value) {
-
-			if (is_numeric($arg)) {
-				throw new Exception("Unknown parameter '" . $value . "' in argument list");
-			} elseif (! in_array($arg, self::$params) && ! in_array($arg, self::$switches)) {
-				throw new Exception("Unknown parameter '" . $arg . "' in argument list");
-			}
-		}
-
-		// set debugger switch
-		if (isset(self::$args["d"]) && self::$args["d"] == true) {
-			// Debugger::getInstance()->setEnabled(true);
-			// Debugger::getInstance()->debug("debug output enabled");
-		}
-
-		return new Action(self::$args);
-	}
+	public static $action_class = 'Action';

 	public static function printHelp()
 	{
@@ -207,34 +70,9 @@ class CmdLineHandler
 		// self::println("-d\t\t\tenable debug output");
 		self::println("-h\t\t\tsame as --help");
 		self::println("");
-
+		
 		die(); // end of execution
 	}
-
-	public static function println($msg = "")
-	{
-		print $msg . PHP_EOL;
-	}
-
-	private static function _printcolor($msg = "", $color = "0")
-	{
-		print "\033[" . $color . "m" . $msg . "\033[0m" . PHP_EOL;
-	}
-
-	public static function printerr($msg = "")
-	{
-		self::_printcolor($msg, "31");
-	}
-
-	public static function printsucc($msg = "")
-	{
-		self::_printcolor($msg, "32");
-	}
-
-	public static function printwarn($msg = "")
-	{
-		self::_printcolor($msg, "33");
-	}
 }

 class Action
@@ -268,11 +106,11 @@ class Action
 		if (array_key_exists("list", $this->_args) || array_key_exists("switch", $this->_args)) {
 			$need_config = true;
 		}
-
+		
 		$this->_checkConfigParam($need_config);
-
+		
 		$this->_parseConfig();
-
+		
 		if (array_key_exists("list", $this->_args)) {
 			$this->_listIPs();
 		}
@@ -300,11 +138,11 @@ class Action
 	private function _switchIPs()
 	{
 		$ip_list = $this->_args['switch'];
-
+		
 		if (empty($ip_list) || is_bool($ip_list)) {
 			throw new Exception("No paramters given for --switch action.");
 		}
-
+		
 		$ips_to_switch = array();
 		$ip_list = explode(" ", $ip_list);
 		foreach ($ip_list as $ips_combo) {
@@ -324,34 +162,42 @@ class Action
 			}
 			$ips_to_switch[] = $ip_pair;
 		}
-
+		
 		if (count($ips_to_switch) > 0) {
+			$check_stmt = Database::prepare("SELECT `id` FROM panel_ipsandports WHERE `ip` = :newip");
 			$upd_stmt = Database::prepare("UPDATE panel_ipsandports SET `ip` = :newip WHERE `ip` = :oldip");
-
+			
 			// system.ipaddress
 			$check_sysip_stmt = Database::prepare("SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'system' and `varname` = 'ipaddress'");
 			$check_sysip = Database::pexecute_first($check_sysip_stmt);
-
+			
 			// system.mysql_access_host
 			$check_mysqlip_stmt = Database::prepare("SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'system' and `varname` = 'mysql_access_host'");
 			$check_mysqlip = Database::pexecute_first($check_mysqlip_stmt);
-
+			
 			// system.axfrservers
 			$check_axfrip_stmt = Database::prepare("SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'system' and `varname` = 'axfrservers'");
 			$check_axfrip = Database::pexecute_first($check_axfrip_stmt);
-
+			
 			foreach ($ips_to_switch as $ip_pair) {
 				echo "Switching IP \033[1m" . $ip_pair[0] . "\033[0m to IP \033[1m" . $ip_pair[1] . "\033[0m" . PHP_EOL;
+
+				$ip_check = Database::pexecute_first($check_stmt, array('newip' => $ip_pair[1]));
+				if ($ip_check) {
+					CmdLineHandler::printwarn("Note: " . $ip_pair[0] . " not updated to " . $ip_pair[1] . " - IP already exists in froxlor's database");
+					continue;
+				}
+
 				Database::pexecute($upd_stmt, array(
 					'newip' => $ip_pair[1],
 					'oldip' => $ip_pair[0]
 				));
 				$rows_updated = $upd_stmt->rowCount();
-
+				
 				if ($rows_updated == 0) {
 					CmdLineHandler::printwarn("Note: " . $ip_pair[0] . " not updated to " . $ip_pair[1] . " (possibly no entry found in froxlor database. Use --list to see what IP addresses are added in froxlor");
 				}
-
+				
 				// check whether the system.ipaddress needs updating
 				if ($check_sysip['value'] == $ip_pair[0]) {
 					$upd2_stmt = Database::prepare("UPDATE `panel_settings` SET `value` = :newip WHERE `settinggroup` = 'system' and `varname` = 'ipaddress'");
@@ -360,7 +206,7 @@ class Action
 					));
 					CmdLineHandler::printsucc("Updated system-ipaddress from '" . $ip_pair[0] . "' to '" . $ip_pair[1] . "'");
 				}
-
+				
 				// check whether the system.mysql_access_host needs updating
 				if (strstr($check_mysqlip['value'], $ip_pair[0]) !== false) {
 					$new_mysqlip = str_replace($ip_pair[0], $ip_pair[1], $check_mysqlip['value']);
@@ -370,7 +216,7 @@ class Action
 					));
 					CmdLineHandler::printsucc("Updated mysql_access_host from '" . $check_mysqlip['value'] . "' to '" . $new_mysqlip . "'");
 				}
-
+				
 				// check whether the system.axfrservers needs updating
 				if (strstr($check_axfrip['value'], $ip_pair[0]) !== false) {
 					$new_axfrip = str_replace($ip_pair[0], $ip_pair[1], $check_axfrip['value']);
@@ -382,7 +228,7 @@ class Action
 				}
 			}
 		}
-
+		
 		echo PHP_EOL;
 		CmdLineHandler::printwarn("*** ATTENTION *** Remember to replace IP addresses in configuration files if used anywhere.");
 		CmdLineHandler::printsucc("IP addresses updated");
@@ -391,12 +237,15 @@ class Action
 	private function _parseConfig()
 	{
 		define('FROXLOR_INSTALL_DIR', $this->_args['froxlor-dir']);
-		if (!file_exists(FROXLOR_INSTALL_DIR . '/lib/classes/database/class.Database.php')) {
-			throw new Exception("Could not find froxlor's Database class. Is froxlor really installed to '".FROXLOR_INSTALL_DIR."'?");
+		if (! file_exists(FROXLOR_INSTALL_DIR . '/lib/classes/database/class.Database.php')) {
+			throw new Exception("Could not find froxlor's Database class. Is froxlor really installed to '" . FROXLOR_INSTALL_DIR . "'?");
 		}
-		if (!file_exists(FROXLOR_INSTALL_DIR . '/lib/userdata.inc.php')) {
+		if (! file_exists(FROXLOR_INSTALL_DIR . '/lib/userdata.inc.php')) {
 			throw new Exception("Could not find froxlor's userdata.inc.php file. You should use this script only with a fully installed and setup froxlor system.");
 		}
+		require FROXLOR_INSTALL_DIR . '/lib/functions/filedir/function.makeSecurePath.php';
+		require FROXLOR_INSTALL_DIR . '/lib/functions/filedir/function.makeCorrectDir.php';
+		require FROXLOR_INSTALL_DIR . '/lib/functions/filedir/function.makeCorrectFile.php';
 		require FROXLOR_INSTALL_DIR . '/lib/classes/database/class.Database.php';
 	}

@@ -415,3 +264,10 @@ class Action
 		}
 	}
 }
+
+// give control to command line handler
+try {
+	SwitchServerIp::processParameters($argc, $argv);
+} catch (Exception $e) {
+	SwitchServerIp::printerr($e->getMessage());
+}
--- a/install/templates/dataitemchk.tpl
+++ b/install/templates/dataitemchk.tpl
@@ -1,4 +1,4 @@
 <p>
 	<label for="{$fieldname}" class="install-block {$style}">{$this->_lng['install']['webserver']} {$fieldlabel}:</label>
-	<input type="radio" name="webserver" id="{$fieldname}" value="{$fieldname}" {$checked} /><span>{$fieldlabel}<span>
+	<input type="radio" name="webserver" id="{$fieldname}" value="{$fieldname}" {$checked} /><span>{$fieldlabel}</span>
 </p>
--- a/install/updates/froxlor/0.9/update_0.9.inc.php
+++ b/install/updates/froxlor/0.9/update_0.9.inc.php
@@ -14,9 +14,11 @@
 * @package    Install
 *
 */
-if (! defined('AREA') || (defined('AREA') && AREA != 'admin') || ! isset($userinfo['loginname']) || (isset($userinfo['loginname']) && $userinfo['loginname'] == '')) {
-	header('Location: ../../../../index.php');
-	exit();
+if (!defined('_CRON_UPDATE')) {
+	if (! defined('AREA') || (defined('AREA') && AREA != 'admin') || ! isset($userinfo['loginname']) || (isset($userinfo['loginname']) && $userinfo['loginname'] == '')) {
+		header('Location: ../../../../index.php');
+		exit();
+	}
 }

 if (isFroxlorVersion('0.9-r0')) {
@@ -3397,8 +3399,670 @@ if (isDatabaseVersion('201606190')) {

 if (isFroxlorVersion('0.9.36')) {

-	showUpdateStep("Updating from 0.9.36 to 0.9.37-rc1");
-	lastStepStatus(0);
-
+	showUpdateStep("Updating from 0.9.36 to 0.9.37-rc1", false);
 	updateToVersion('0.9.37-rc1');
 }
+
+if (isDatabaseVersion('201607140')) {
+
+	showUpdateStep("Adding new setting to hide certain options in customer panel");
+	Settings::AddNew("panel.customer_hide_options", "");
+	lastStepStatus(0);
+
+	updateToDbVersion('201607210');
+}
+
+if (isFroxlorVersion('0.9.37-rc1')) {
+
+	showUpdateStep("Updating from 0.9.37-rc1 to 0.9.37 final", false);
+	updateToVersion('0.9.37');
+}
+
+if (isDatabaseVersion('201607210')) {
+
+	showUpdateStep("Adding new settings for customer shell option");
+	Settings::AddNew("system.allow_customer_shell", "0");
+	Settings::AddNew("system.available_shells", "");
+	lastStepStatus(0);
+
+	updateToDbVersion('201608260');
+}
+
+if (isDatabaseVersion('201608260')) {
+
+	showUpdateStep("Adding new settings to use Let's Encrypt for froxlor");
+	Settings::AddNew("system.le_froxlor_enabled", "0");
+	Settings::AddNew("system.le_froxlor_redirect", "0");
+	lastStepStatus(0);
+
+	updateToDbVersion('201609050');
+}
+
+if (isDatabaseVersion('201609050')) {
+
+	showUpdateStep("Adding new settings for acme.conf (Let's Encrypt)");
+	// get user-chosen value
+	$websrv_default = "/etc/apache2/conf-enabled/acme.conf";
+	if (Settings::Get('system.webserver') == 'nginx') {
+		$websrv_default = "/etc/nginx/acme.conf";
+	}
+	$acmeconffile = isset($_POST['acmeconffile']) ? $_POST['acmeconffile'] : $websrv_default;
+	$acmeconffile = makeCorrectFile($acmeconffile);
+	Settings::AddNew("system.letsencryptacmeconf", $acmeconffile);
+	lastStepStatus(0);
+
+	updateToDbVersion('201609120');
+}
+
+if (isDatabaseVersion('201609120')) {
+
+	showUpdateStep("Adding new SMTP settings for emails sent by froxlor");
+	// get user-chosen value
+	$smtp_enable = isset($_POST['smtp_enable']) ? (int) $_POST['smtp_enable'] : 0;
+	$smtp_host = isset($_POST['smtp_host']) ? $_POST['smtp_host'] : "localhost";
+	$smtp_port = isset($_POST['smtp_port']) ? (int)$_POST['smtp_port'] : 25;
+	$smtp_usetls = isset($_POST['smtp_usetls']) ? (int) $_POST['smtp_usetls'] : 1;
+	$smtp_useauth = isset($_POST['smtp_auth']) ? (int) $_POST['smtp_auth'] : 1;
+	$smtp_user = isset($_POST['smtp_user']) ? $_POST['smtp_user'] : "";
+	$smtp_passwd = isset($_POST['smtp_passwd']) ? $_POST['smtp_passwd'] : "";
+
+	Settings::AddNew("system.mail_use_smtp", $smtp_enable);
+	Settings::AddNew("system.mail_smtp_host", $smtp_host);
+	Settings::AddNew("system.mail_smtp_port", $smtp_port);
+	Settings::AddNew("system.mail_smtp_usetls", $smtp_usetls);
+	Settings::AddNew("system.mail_smtp_auth", $smtp_useauth);
+	Settings::AddNew("system.mail_smtp_user", $smtp_user);
+	Settings::AddNew("system.mail_smtp_passwd", $smtp_passwd);
+	lastStepStatus(0);
+
+	updateToDbVersion('201609200');
+}
+
+if (isDatabaseVersion('201609200')) {
+
+	showUpdateStep("Changing tables to be more mysql strict-mode compatible");
+	Database::query("ALTER TABLE `".TABLE_MAIL_VIRTUAL."` CHANGE `destination` `destination` TEXT NOT NULL DEFAULT '';");
+	Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` CHANGE `registration_date` `registration_date` DATE NULL DEFAULT NULL;");
+	Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` CHANGE `termination_date` `termination_date` DATE NULL DEFAULT NULL;");
+	lastStepStatus(0);
+
+	updateToDbVersion('201609240');
+}
+
+if (isDatabaseVersion('201609240')) {
+
+	showUpdateStep("Add HSTS settings for froxlor-vhost");
+	Settings::AddNew("system.hsts_maxage", 0);
+	Settings::AddNew("system.hsts_incsub", 0);
+	Settings::AddNew("system.hsts_preload", 0);
+	lastStepStatus(0);
+
+	showUpdateStep("Settings HSTS default values for all domains (deactivated)");
+	Database::query("UPDATE `".TABLE_PANEL_DOMAINS."` SET `hsts_sub` = '0', `hsts_preload` = '0';");
+	lastStepStatus(0);
+
+	updateToDbVersion('201610070');
+}
+
+if (isFroxlorVersion('0.9.37')) {
+
+	showUpdateStep("Updating from 0.9.37 to 0.9.38-rc1", false);
+	updateToVersion('0.9.38-rc1');
+}
+
+if (isFroxlorVersion('0.9.38-rc1')) {
+
+	showUpdateStep("Updating from 0.9.38-rc1 to 0.9.38-rc2", false);
+	updateToVersion('0.9.38-rc2');
+}
+
+if (isFroxlorVersion('0.9.38-rc2')) {
+
+	showUpdateStep("Updating from 0.9.38-rc2 to 0.9.38 final", false);
+	updateToVersion('0.9.38');
+}
+
+if (isDatabaseVersion('201610070')) {
+
+	showUpdateStep("Add Nginx http2 setting");
+	Settings::AddNew("system.nginx_http2_support", 0);
+	lastStepStatus(0);
+
+	updateToDbVersion('201611180');
+}
+
+if (isFroxlorVersion('0.9.38')) {
+
+	showUpdateStep("Updating from 0.9.38 to 0.9.38.1", false);
+	updateToVersion('0.9.38.1');
+}
+
+if (isFroxlorVersion('0.9.38.1')) {
+
+	showUpdateStep("Updating from 0.9.38.1 to 0.9.38.2", false);
+	updateToVersion('0.9.38.2');
+}
+
+if (isFroxlorVersion('0.9.38.2')) {
+
+	showUpdateStep("Updating from 0.9.38.2 to 0.9.38.3", false);
+	updateToVersion('0.9.38.3');
+}
+
+if (isFroxlorVersion('0.9.38.3')) {
+
+	showUpdateStep("Updating from 0.9.38.3 to 0.9.38.4", false);
+	updateToVersion('0.9.38.4');
+}
+
+if (isDatabaseVersion('201611180')) {
+
+	showUpdateStep("Updating database table definition for panel_domains");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `phpenabled` tinyint(1) NOT NULL default '1' AFTER `parentdomainid`;");
+	lastStepStatus(0);
+
+	showUpdateStep("Adding field for let's-encrypt registration status");
+	Database::query("ALTER TABLE `".TABLE_PANEL_CUSTOMERS."` add `leregistered` TINYINT(1) NOT NULL DEFAULT 0;");
+	lastStepStatus(0);
+
+	showUpdateStep("Adding system setting for let's-encrypt registration status");
+	Settings::AddNew('system.leregistered', '0');
+	lastStepStatus(0);
+
+  showUpdateStep("Adding unique key to ipsandports table");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_IPSANDPORTS . "` ADD UNIQUE KEY `ip_port` (`ip`,`port`)");
+	lastStepStatus(0);
+
+	updateToDbVersion('201612110');
+}
+
+if (isFroxlorVersion('0.9.38.4')) {
+
+	showUpdateStep("Updating from 0.9.38.4 to 0.9.38.5", false);
+	updateToVersion('0.9.38.5');
+}
+
+if (isFroxlorVersion('0.9.38.5')) {
+
+	showUpdateStep("Updating from 0.9.38.5 to 0.9.38.6", false);
+	updateToVersion('0.9.38.6');
+}
+
+if (isFroxlorVersion('0.9.38.6')) {
+
+	showUpdateStep("Updating from 0.9.38.6 to 0.9.38.7", false);
+	updateToVersion('0.9.38.7');
+}
+
+if (isDatabaseVersion('201612110')) {
+
+	showUpdateStep("Adding field for OCSP stapling");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS .
+		"` ADD `ocsp_stapling` TINYINT(1) NOT NULL DEFAULT '0';");
+	lastStepStatus(0);
+
+	showUpdateStep("Adding default setting for Apache 2.4 OCSP cache path");
+	Settings::AddNew('system.apache24_ocsp_cache_path', 'shmcb:/var/run/apache2/ocsp-stapling.cache(131072)');
+	lastStepStatus(0);
+
+	updateToDbVersion('201704100');
+}
+
+if (isDatabaseVersion('201704100')) {
+
+	showUpdateStep("Adding new setting for libnss-extrausers");
+	$system_nssextrausers= isset($_POST['system_nssextrausers']) ? (int) $_POST['system_nssextrausers'] : 0;
+	Settings::AddNew('system.nssextrausers', $system_nssextrausers);
+	lastStepStatus(0);
+
+	updateToDbVersion('201705050');
+}
+
+if (isDatabaseVersion('201705050')) {
+
+	showUpdateStep("Updating HTTP2 setting");
+	if (Settings::Get('system.nginx_http2_support') != null) {
+		Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `varname` = 'http2_support' WHERE `varname` = 'nginx_http2_support';");
+	} else {
+		Settings::AddNew('system.http2_support', 0);
+	}
+	lastStepStatus(0);
+	showUpdateStep("Adding domain field for HTTP2 stapling");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `http2` TINYINT(1) NOT NULL DEFAULT '0';");
+	lastStepStatus(0);
+
+	updateToDbVersion('201708240');
+}
+
+if (isDatabaseVersion('201708240')) {
+	
+	showUpdateStep("Adding new 'disable LE self-check' setting");
+	$system_disable_le_selfcheck = isset($_POST['system_disable_le_selfcheck']) ? (int) $_POST['system_disable_le_selfcheck'] : 0;
+	Settings::AddNew('system.disable_le_selfcheck', $system_disable_le_selfcheck);
+	lastStepStatus(0);
+
+	updateToDbVersion('201712310');
+
+	showUpdateStep("Updating from 0.9.38.7 to 0.9.38.8", false);
+	updateToVersion('0.9.38.8');
+}
+
+if (isDatabaseVersion('201712310')) {
+
+	showUpdateStep("Adding field for fpm-daemon configs");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_PHPCONFIGS . "` ADD `fpmsettingid` int(11) NOT NULL DEFAULT '1';");
+	lastStepStatus(0);
+
+	showUpdateStep("Adding new fpm-daemons table");
+	Database::query("DROP TABLE IF EXISTS `panel_fpmdaemons`;");
+	$sql = "CREATE TABLE `panel_fpmdaemons` (
+	  `id` int(11) unsigned NOT NULL auto_increment,
+	  `description` varchar(50) NOT NULL,
+	  `reload_cmd` varchar(255) NOT NULL,
+	  `config_dir` varchar(255) NOT NULL,
+	  `pm` varchar(15) NOT NULL DEFAULT 'static',
+	  `max_children` int(4) NOT NULL DEFAULT '1',
+	  `start_servers` int(4) NOT NULL DEFAULT '20',
+	  `min_spare_servers` int(4) NOT NULL DEFAULT '5',
+	  `max_spare_servers` int(4) NOT NULL DEFAULT '35',
+	  `max_requests` int(4) NOT NULL DEFAULT '0',
+	  `idle_timeout` int(4) NOT NULL DEFAULT '30',
+	  PRIMARY KEY  (`id`),
+	  UNIQUE KEY `reload` (`reload_cmd`),
+	  UNIQUE KEY `config` (`config_dir`)
+	) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;";
+	Database::query($sql);
+	lastStepStatus(0);
+
+	showUpdateStep("Converting php-fpm settings to new layout");
+	$ins_stmt = Database::prepare("
+		INSERT INTO `panel_fpmdaemons` SET
+		`id` = 1,
+		`description` = 'System default',
+		`reload_cmd` = :reloadcmd,
+		`config_dir` = :confdir,
+		`pm` = :pm,
+		`max_children` = :maxc,
+		`start_servers` = :starts,
+		`min_spare_servers` = :minss,
+		`max_spare_servers` = :maxss,
+		`max_requests` = :maxr,
+		`idle_timeout` = :it
+	");
+	Database::pexecute($ins_stmt, array(
+		'reloadcmd' => Settings::Get('phpfpm.reload'),
+		'confdir' => Settings::Get('phpfpm.configdir'),
+		'pm' => Settings::Get('phpfpm.pm'),
+		'maxc' => Settings::Get('phpfpm.max_children'),
+		'starts' => Settings::Get('phpfpm.start_servers'),
+		'minss' => Settings::Get('phpfpm.min_spare_servers'),
+		'maxss' => Settings::Get('phpfpm.max_spare_servers'),
+		'maxr' => Settings::Get('phpfpm.max_requests'),
+		'it' => Settings::Get('phpfpm.idle_timeout')
+	));
+	lastStepStatus(0);
+
+	showUpdateStep("Deleting unneeded settings");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'reload'");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'configdir'");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'pm'");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'max_children'");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'start_servers'");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'min_spare_servers'");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'max_spare_servers'");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'max_requests'");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'idle_timeout'");
+	lastStepStatus(0);
+
+	updateToDbVersion('201801070');
+}
+
+if (isDatabaseVersion('201801070')) {
+
+	showUpdateStep("Adding field allowed_phpconfigs for customers");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` ADD `allowed_phpconfigs` varchar(500) NOT NULL default '';");
+	lastStepStatus(0);
+
+	updateToDbVersion('201801080');
+}
+
+if (isDatabaseVersion('201801080')) {
+
+	showUpdateStep("Adding new setting for Let's Encrypt ACME version");
+	Settings::AddNew('system.leapiversion', '1');
+	lastStepStatus(0);
+
+	updateToDbVersion('201801090');
+}
+
+if (isDatabaseVersion('201801090')) {
+
+	showUpdateStep("Adding field pass_authorizationheader for php-configs");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_PHPCONFIGS . "` ADD `pass_authorizationheader` tinyint(1) NOT NULL default '0';");
+	lastStepStatus(0);
+
+	updateToDbVersion('201801091');
+}
+
+if (isDatabaseVersion('201801091')) {
+
+	showUpdateStep("Adding new setting for SSL protocols");
+	Settings::AddNew('system.ssl_protocols', 'TLSv1,TLSv1.2');
+	lastStepStatus(0);
+
+	updateToDbVersion('201801100');
+}
+
+if (isDatabaseVersion('201801100')) {
+
+	showUpdateStep("Adding field for security.limit_extensions fpm-setting");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_FPMDAEMONS . "` ADD `limit_extensions` varchar(255) NOT NULL default '.php';");
+	lastStepStatus(0);
+
+	updateToDbVersion('201801101');
+}
+
+if (isDatabaseVersion('201801101')) {
+
+	showUpdateStep("Adding dynamic php-fpm php.ini settings");
+	Settings::AddNew('phpfpm.ini_flags', 'asp_tags
+display_errors
+display_startup_errors
+html_errors
+log_errors
+magic_quotes_gpc
+magic_quotes_runtime
+magic_quotes_sybase
+mail.add_x_header
+session.cookie_secure
+session.use_cookies
+short_open_tag
+track_errors
+xmlrpc_errors
+suhosin.simulation
+suhosin.session.encrypt
+suhosin.session.cryptua
+suhosin.session.cryptdocroot
+suhosin.cookie.encrypt
+suhosin.cookie.cryptua
+suhosin.cookie.cryptdocroot
+suhosin.executor.disable_eval
+mbstring.func_overload');
+	Settings::AddNew('phpfpm.ini_values', 'auto_append_file
+auto_prepend_file
+date.timezone
+default_charset
+error_reporting
+include_path
+log_errors_max_len
+mail.log
+max_execution_time
+session.cookie_domain
+session.cookie_lifetime
+session.cookie_path
+session.name
+session.serialize_handler
+upload_max_filesize
+xmlrpc_error_number
+session.auto_start
+always_populate_raw_post_data
+suhosin.session.cryptkey
+suhosin.session.cryptraddr
+suhosin.session.checkraddr
+suhosin.cookie.cryptkey
+suhosin.cookie.plainlist
+suhosin.cookie.cryptraddr
+suhosin.cookie.checkraddr
+suhosin.executor.func.blacklist
+suhosin.executor.eval.whitelist');
+	Settings::AddNew('phpfpm.ini_admin_flags', 'allow_call_time_pass_reference
+allow_url_fopen
+allow_url_include
+auto_detect_line_endings
+cgi.fix_pathinfo
+cgi.force_redirect
+enable_dl
+expose_php
+file_uploads
+ignore_repeated_errors
+ignore_repeated_source
+log_errors
+register_argc_argv
+report_memleaks
+opcache.enable
+opcache.consistency_checks
+opcache.dups_fix
+opcache.load_comments
+opcache.revalidate_path
+opcache.save_comments
+opcache.use_cwd
+opcache.validate_timestamps
+opcache.fast_shutdown');
+	Settings::AddNew('phpfpm.ini_admin_values', 'cgi.redirect_status_env
+date.timezone
+disable_classes
+disable_functions
+error_log
+gpc_order
+max_input_time
+max_input_vars
+memory_limit
+open_basedir
+output_buffering
+post_max_size
+precision
+sendmail_path
+session.gc_divisor
+session.gc_probability
+variables_order
+opcache.log_verbosity_level
+opcache.restrict_api
+opcache.revalidate_freq
+opcache.max_accelerated_files
+opcache.memory_consumption
+opcache.interned_strings_buffer');
+	lastStepStatus(0);
+
+	updateToDbVersion('201801110');
+}
+
+if (isDatabaseVersion('201801110')) {
+
+	showUpdateStep("Adding php-fpm php PATH setting for envrironment");
+	Settings::AddNew("phpfpm.envpath",  '/usr/local/bin:/usr/bin:/bin');
+	lastStepStatus(0);
+
+	updateToDbVersion('201801260');
+}
+
+if (isFroxlorVersion('0.9.38.8')) {
+
+	showUpdateStep("Updating from 0.9.38.8 to 0.9.39 final", false);
+	updateToVersion('0.9.39');
+}
+
+if (isFroxlorVersion('0.9.39')) {
+
+	showUpdateStep("Updating from 0.9.39 to 0.9.39.1", false);
+	updateToVersion('0.9.39.1');
+}
+
+if (isFroxlorVersion('0.9.39.1')) {
+
+	showUpdateStep("Updating from 0.9.39.1 to 0.9.39.2", false);
+	updateToVersion('0.9.39.2');
+}
+
+if (isDatabaseVersion('201801260')) {
+
+	showUpdateStep("Adding new plans table");
+	Database::query("DROP TABLE IF EXISTS `panel_plans`;");
+	$sql = "CREATE TABLE `panel_plans` (
+	  `id` int(11) NOT NULL auto_increment,
+	  `adminid` int(11) NOT NULL default '0',
+	  `name` varchar(255) NOT NULL default '',
+	  `description` text NOT NULL,
+	  `value` longtext NOT NULL,
+	  `ts` int(15) NOT NULL default '0',
+	  PRIMARY KEY  (id),
+	  KEY adminid (adminid)
+	) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;";
+	Database::query($sql);
+	lastStepStatus(0);
+
+	updateToDbVersion('201802120');
+}
+
+if (isDatabaseVersion('201802120')) {
+
+	showUpdateStep("Adding domain field for try_files flag");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `notryfiles` tinyint(1) DEFAULT '0';");
+	lastStepStatus(0);
+
+	updateToDbVersion('201802130');
+}
+
+if (isFroxlorVersion('0.9.39.2')) {
+
+	showUpdateStep("Updating from 0.9.39.2 to 0.9.39.3", false);
+	updateToVersion('0.9.39.3');
+}
+
+if (isFroxlorVersion('0.9.39.3')) {
+
+	showUpdateStep("Updating from 0.9.39.3 to 0.9.39.4", false);
+	updateToVersion('0.9.39.4');
+}
+
+if (isFroxlorVersion('0.9.39.4')) {
+
+	showUpdateStep("Updating from 0.9.39.4 to 0.9.39.5", false);
+	updateToVersion('0.9.39.5');
+}
+
+if (isDatabaseVersion('201802130')) {
+
+	showUpdateStep("Adding fullchain field to ssl certificates");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` ADD `ssl_fullchain_file` mediumtext AFTER `ssl_csr_file`;");
+	lastStepStatus(0);
+
+	updateToDbVersion('201802250');
+}
+
+if (isDatabaseVersion('201802250')) {
+
+	showUpdateStep("Adding webserver logfile settings");
+	Settings::AddNew("system.logfiles_format",  '');
+	Settings::AddNew("system.logfiles_type",  '1');
+	Settings::AddNew("system.logfiles_piped",  '0');
+	lastStepStatus(0);
+
+	updateToDbVersion('201805240');
+}
+
+if (isDatabaseVersion('201805240')) {
+
+	showUpdateStep("Adding webserver logfile-script settings");
+	Settings::AddNew("system.logfiles_script",  '');
+	lastStepStatus(0);
+
+	updateToDbVersion('201805241');
+}
+
+if (isDatabaseVersion('201805241')) {
+
+	$do_update = true;
+	showUpdateStep("Checking for required PHP json-extension");
+	if (! extension_loaded('json')) {
+		$do_update = false;
+		lastStepStatus(2, 'not installed');
+	} else {
+		lastStepStatus(0);
+
+		showUpdateStep("Checking for current cronjobs that need converting");
+		$result_tasks_stmt = Database::query("
+			SELECT * FROM `" . TABLE_PANEL_TASKS . "` ORDER BY `id` ASC
+		");
+		$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_TASKS . "` SET `data` = :data WHERE `id` = :taskid");
+		while ($row = $result_tasks_stmt->fetch(PDO::FETCH_ASSOC)) {
+			if (! empty($row['data'])) {
+				$data = unserialize($row['data']);
+				Database::pexecute($upd_stmt, array(
+					'data' => json_encode($data),
+					'taskid' => $row['id']
+				));
+			}
+		}
+		lastStepStatus(0);
+
+		updateToDbVersion('201805290');
+	}
+}
+
+if (isDatabaseVersion('201805290')) {
+
+	showUpdateStep("Adding leaccount field to panel customers");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` ADD COLUMN `leaccount` varchar(255) default '' AFTER `leregistered`;");
+	lastStepStatus(0);
+
+	showUpdateStep("Adding system setting for let's-encrypt account");
+	Settings::AddNew('system.leaccount', "");
+	lastStepStatus(0);
+
+	updateToDbVersion('201809180');
+}
+
+if (isDatabaseVersion('201809180')) {
+	
+	showUpdateStep("Adding new fields for php configs");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_PHPCONFIGS . "` ADD `override_fpmconfig` tinyint(1) NOT NULL DEFAULT '0';");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_PHPCONFIGS . "` ADD `pm` varchar(15) NOT NULL DEFAULT 'static';");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_PHPCONFIGS . "` ADD `max_children` int(4) NOT NULL DEFAULT '1';");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_PHPCONFIGS . "` ADD `start_servers` int(4) NOT NULL DEFAULT '20';");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_PHPCONFIGS . "` ADD `min_spare_servers` int(4) NOT NULL DEFAULT '5';");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_PHPCONFIGS . "` ADD `max_spare_servers` int(4) NOT NULL DEFAULT '35';");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_PHPCONFIGS . "` ADD `max_requests` int(4) NOT NULL DEFAULT '0';");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_PHPCONFIGS . "` ADD `idle_timeout` int(4) NOT NULL DEFAULT '30';");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_PHPCONFIGS . "` ADD `limit_extensions` varchar(255) NOT NULL default '.php';");
+	lastStepStatus(0);
+	
+	showUpdateStep("Synchronize fpm-daemon process manager settings with php-configs");
+	// get all fpm-daemons
+	$sel_stmt = Database::prepare("SELECT * FROM `panel_fpmdaemons`;");
+	Database::pexecute($sel_stmt);
+	$fpm_daemons = $sel_stmt->fetchAll(PDO::FETCH_ASSOC);
+	$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_PHPCONFIGS . "` SET
+		`pm` = :pm,
+		`max_children` = :maxc,
+		`start_servers` = :starts,
+		`min_spare_servers` = :minss,
+		`max_spare_servers` = :maxss,
+		`max_requests` = :maxr,
+		`idle_timeout` = :it,
+		`limit_extensions` = :le
+		WHERE `fpmsettingid` = :fpmid
+	");
+	// update all php-configs with the pm data from the fpm-daemon
+	foreach ($fpm_daemons as $fpm_daemon) {
+		Database::pexecute($upd_stmt, array(
+			'pm' => $fpm_daemon['pm'],
+			'maxc' => $fpm_daemon['max_children'],
+			'starts' => $fpm_daemon['start_servers'],
+			'minss' => $fpm_daemon['min_spare_servers'],
+			'maxss' => $fpm_daemon['max_spare_servers'],
+			'maxr' => $fpm_daemon['max_requests'],
+			'it' => $fpm_daemon['idle_timeout'],
+			'le' => $fpm_daemon['limit_extensions'],
+			'fpmid' => $fpm_daemon['id']
+		));
+	}
+	lastStepStatus(0);
+	
+	updateToDbVersion('201809280');
+}
+
+if (isFroxlorVersion('0.9.39.5')) {
+
+	showUpdateStep("Updating from 0.9.39.5 to 0.9.40", false);
+	updateToVersion('0.9.40');
+}
--- a/install/updates/preconfig/0.9/preconfig_0.9.inc.php
+++ b/install/updates/preconfig/0.9/preconfig_0.9.inc.php
@@ -679,4 +679,52 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version, $c
 		$question .= $dnsdaemons . '</select>';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}
+
+	if (versionInUpdate($current_db_version, '201609120')) {
+		if (Settings::Get('system.leenabled') == 1) {
+			$has_preconfig = true;
+			$description = 'You can now customize the path to your acme.conf file (global alias for Let\'s Encrypt). If you already set up Let\'s Encrypt and the acme.conf file, please set this to the complete path to the file!<br /><br />';
+			$question = '<strong>Path to the acme.conf alias-file.</strong><br />';
+			$question .= '<input type="text" class="text" name="acmeconffile" value="/etc/apache2/conf-enabled/acme.conf" /><br />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
+
+	if (versionInUpdate($current_db_version, '201609200')) {
+		$has_preconfig = true;
+		$description = 'Specify SMTP settings which froxlor should use to send mail (optional)<br /><br />';
+		$question = '<strong>Enable sending mails via SMTP?</strong><br />';
+		$question .= makeyesno('smtp_enable', '1', '0', '0') . '<br />';
+		$question .= '<strong>Enable sending mails via SMTP?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_host" value="localhost" /><br />';
+		$question .= '<strong>TCP port to connect to?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_port" value="25" /><br />';
+		$question .= '<strong>Enable TLS encryption?</strong><br />';
+		$question .= makeyesno('smtp_usetls', '1', '0', '1') . '<br />';
+		$question .= '<strong>Enable SMTP authentication?</strong><br />';
+		$question .= makeyesno('smtp_auth', '1', '0', '1') . '<br />';
+		$question .= '<strong>SMTP user?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_user" value="" /><br />';
+		$question .= '<strong>SMTP password?</strong><br />';
+		$question .= '<input type="password" class="text" name="smtp_passwd" value="" /><br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201705050')) {
+		$has_preconfig = true;
+		$description = 'DEBIAN/UBUNTU ONLY: Enable usage of libnss-extrausers as alternative to libnss-mysql (NOTE: if enabled, go through the configuration steps right after the update!!!)<br /><br />';
+		$question = '<strong>Enable usage of libnss-extrausers?</strong><br />';
+		$question .= makeyesno('system_nssextrausers', '1', '0', '0') . '<br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201712310')) {
+		if (Settings::Get('system.leenabled') == 1) {
+			$has_preconfig = true;
+			$description = 'Chose whether you want to disable the Let\'s Encrypt selfcheck as it causes false positives for some configurations.<br /><br />';
+			$question = '<strong>Disable Let\'s Encrypt self-check?</strong><br />';
+			$question .= makeyesno('system_disable_le_selfcheck', '1', '0', '0') . '<br />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
 }
--- a/install/updatesql.php
+++ b/install/updatesql.php
@@ -17,13 +17,15 @@
 *
 */

-if (!defined('AREA')
-	|| (defined('AREA') && AREA != 'admin')
-	|| !isset($userinfo['loginname'])
-	|| (isset($userinfo['loginname']) && $userinfo['loginname'] == '')
-) {
-	header('Location: ../index.php');
-	exit;
+if (!defined('_CRON_UPDATE')) {
+	if (!defined('AREA')
+		|| (defined('AREA') && AREA != 'admin')
+		|| !isset($userinfo['loginname'])
+		|| (isset($userinfo['loginname']) && $userinfo['loginname'] == '')
+	) {
+		header('Location: ../index.php');
+		exit;
+	}
 }

 $updatelog = FroxlorLogger::getInstanceOf(array('loginname' => 'updater'));
--- a/lib/ajax.php
+++ b/lib/ajax.php
@@ -18,7 +18,7 @@

 // Load the user settings
 define('FROXLOR_INSTALL_DIR', dirname(dirname(__FILE__)));
-if (!file_exists('./userdata.inc.php')) {
+if (! file_exists('./userdata.inc.php')) {
 	die();
 }
 require './userdata.inc.php';
@@ -27,10 +27,11 @@ require './classes/database/class.Database.php';
 require './classes/settings/class.Settings.php';
 require './functions/validate/function.validate_ip.php';
 require './functions/validate/function.validateDomain.php';
+require './classes/cURL/class.HttpClient.php';

-if(isset($_POST['action'])) {
+if (isset($_POST['action'])) {
 	$action = $_POST['action'];
-} elseif(isset($_GET['action'])) {
+} elseif (isset($_GET['action'])) {
 	$action = $_GET['action'];
 } else {
 	$action = "";
@@ -42,51 +43,31 @@ if ($action == "newsfeed") {
 	} else {
 		$feed = "https://inside.froxlor.org/news/";
 	}
-
+	
 	if (function_exists("simplexml_load_file") == false) {
-		die();
+		outputItem("Newsfeed not available due to missing php-simplexml extension", "Please install the php-simplexml extension in order to view our newsfeed.");
+		exit();
 	}
-
+	
 	if (function_exists('curl_version')) {
-		$ch = curl_init();
-		curl_setopt($ch, CURLOPT_URL, $feed);
-		curl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/'.$version);
-		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-		$output = curl_exec($ch);
-		curl_close($ch);
+		$output = HttpClient::urlGet($feed);
 		$news = simplexml_load_string(trim($output));
 	} else {
-		if (ini_get('allow_url_fopen')) {
-			ini_set('user_agent', 'Froxlor/'.$version);
-			$news = simplexml_load_file($feed, null, LIBXML_NOCDATA);
-		} else {
-			$news = false;
-		}
+		outputItem("Newsfeed not available due to missing php-curl extension", "Please install the php-curl extension in order to view our newsfeed.");
+		exit();
 	}
-
+	
 	if ($news !== false) {
-		for ($i = 0; $i < 3; $i++) {
+		for ($i = 0; $i < 3; $i ++) {
 			$item = $news->channel->item[$i];
-
-			$title = (string)$item->title;
-			$link = (string)$item->link;
+			
+			$title = (string) $item->title;
+			$link = (string) $item->link;
 			$date = date("Y-m-d G:i", strtotime($item->pubDate));
 			$content = preg_replace("/[\r\n]+/", " ", strip_tags($item->description));
 			$content = substr($content, 0, 150) . "...";
-
-			echo "<li class=\"clearfix\">
-                <div class=\"newsfeed-body clearfix\">
-                    <div class=\"header\">
-                        <strong class=\"primary-font\"><a href=\"{$link}\" target=\"_blank\">{$title}</a></strong>
-                        <small class=\"pull-right text-muted\">
-                            <i class=\"fa fa-clock-o fa-fw\"></i> {$date}
-                        </small>
-                    </div>
-                    <p>
-                        {$content}
-                    </p>
-                </div>
-            </li>";
+			
+			outputItem($title, $content, $link, $date);
 		}
 	} else {
 		echo "";
@@ -94,3 +75,30 @@ if ($action == "newsfeed") {
 } else {
 	echo "No action set.";
 }
+
+function outputItem($title, $content, $link = null, $date = null)
+{
+	echo "<li class=\"clearfix\">
+			<div class=\"newsfeed-body clearfix\">
+				<div class=\"header\">
+					<strong class=\"primary-font\">";
+			if (! empty($link)) {
+				echo "<a href=\"{$link}\" target=\"_blank\">";
+			}
+			echo $title;
+			if (! empty($link)) {
+				echo "</a>";
+			}
+			echo "</strong>";
+			if (! empty($date)) {
+				echo "<small class=\"pull-right text-muted\">
+                            <i class=\"fa fa-clock-o fa-fw\"></i> {$date}
+                        </small>";
+			}
+			echo "</div>
+                    <p>
+                        {$content}
+                    </p>
+                </div>
+            </li>";
+}
--- a/lib/classes/bulk/class.DomainBulkAction.php
+++ b/lib/classes/bulk/class.DomainBulkAction.php
@@ -93,6 +93,13 @@ class DomainBulkAction
 /* 16 */    'use_ssl',
 /* 17 */	'registration_date',
 /* 18 */	'ips',
+/* 19 */	'letsencrypt',
+/* 20 */	'hsts',
+/* 21 */	'hsts_sub',
+/* 22 */	'hsts_preload',
+/* 23 */	'ocsp_stapling',
+/* 24 */	'phpenabled',
+/* 25 */	'http2',
 	    /* automatically added */
 		'adminid',
        'customerid',
@@ -180,13 +187,14 @@ class DomainBulkAction
        }
        
        // preapre insert statement as it is used a few times
+        // leave out aliasdomain for now, cause empty = NULL value which cannot be
+        // added this easily using prepared statements
        $this->_ins_stmt = Database::prepare("
 			INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
 				`domain` = :domain,
 				`adminid` = :adminid,
 				`customerid` = :customerid,
 				`documentroot` = :documentroot,
-                `aliasdomain` = :aliasdomain,
 				`isbinddomain` = :isbinddomain,
 				`isemaildomain` = :isemaildomain,
 				`email_only` = :email_only,
@@ -200,7 +208,14 @@ class DomainBulkAction
 				`specialsettings` = :specialsettings,
 				`ssl_redirect` = :ssl_redirect,
 				`registration_date` = :registration_date,
-				`add_date` = :add_date
+				`add_date` = :add_date,
+				`letsencrypt` = :letsencrypt,
+				`hsts` = :hsts,
+				`hsts_sub` = :hsts_sub,
+				`hsts_preload` = :hsts_preload,
+				`ocsp_stapling` = :ocsp_stapling,
+				`phpenabled` = :phpenabled,
+				`http2` = :http2
 		");
        
        // prepare insert statement for ip/port <> domain
@@ -293,6 +308,7 @@ class DomainBulkAction
        }
        
        // check for alias-domain
+        $hasAlias = false;
        if (! empty($domain_data['aliasdomain'])) {
            // format
            $domain_data['aliasdomain'] = $idna_convert->encode(preg_replace(array(
@@ -311,6 +327,7 @@ class DomainBulkAction
                // - we'd better skip
                return false;
            }
+            $hasAlias = $domain_data['aliasdomain'];
        }
        
        // check for use_ssl and ssl_redirect
@@ -335,6 +352,38 @@ class DomainBulkAction
            $domain_data['ssl_redirect'] = 0;
        }
        
+        // only check for letsencrypt, hsts and oscp-stapling if ssl is enabled
+        if ($domain_data['use_ssl'] == 1) {
+			//lets encrypt
+			if ($domain_data['letsencrypt'] != 1 || $domain_data['iswildcarddomain'] == 1) {
+				$domain_data['letsencrypt'] = 0;
+			}
+		} else {
+			$domain_data['letsencrypt'] = 0;
+		}
+
+		// hsts
+		if ($domain_data['hsts'] != 1) {
+			$domain_data['hsts'] = 0;
+		}
+		if ($domain_data['hsts_sub'] != 1) {
+			$domain_data['hsts_sub'] = 0;
+		}
+		if ($domain_data['hsts_preload'] != 1) {
+			$domain_data['hsts_preload'] = 0;
+		}
+		if ($domain_data['ocsp_stapling'] != 1) {
+			$domain_data['ocsp_stapling'] = 0;
+		}
+
+		if ($domain_data['phpenabled'] != 1) {
+			$domain_data['phpenabled'] = 0;
+		}
+
+		if ($domain_data['http2'] != 1) {
+			$domain_data['http2'] = 0;
+		}
+
        // add to known domains
        $this->_knownDomains[] = $domain_data['domain'];
        
@@ -416,13 +465,21 @@ class DomainBulkAction
        $use_ssl = (bool)$domain_data['use_ssl'];
        // don't need that for the domain-insert-statement
        unset($domain_data['use_ssl']);
-        
+        // don't need alias
+        unset($domain_data['aliasdomain']);
+
        // finally ADD the domain to panel_domains
        Database::pexecute($this->_ins_stmt, $domain_data);
        
        // get the newly inserted domain-id
        $domain_id = Database::lastInsertId();
        
+        // add alias if any
+        if ($hasAlias != false) {
+			$alias_stmt = Database::prepare("UPDATE `".TABLE_PANEL_DOMAINS."` SET `aliasdomain` = :aliasdomain WHERE `id` = :did");
+			Database::pexecute($alias_stmt, array('aliasdomain' => $hasAlias, 'did' => $domain_id));
+        }
+
        // insert domain <-> ip/port reference
        if (empty($iplist)) {
            $iplist = Settings::Get('system.ipaddress');
--- a/lib/classes/cURL/class.HttpClient.php
+++ b/lib/classes/cURL/class.HttpClient.php
@@ -0,0 +1,62 @@
+<?php
+
+class HttpClient
+{
+
+	/**
+	 * Executes simple GET request
+	 *
+	 * @param string $url
+	 *
+	 * @return array
+	 */
+	public static function urlGet($url, $follow_location = true)
+	{
+		include FROXLOR_INSTALL_DIR . '/lib/version.inc.php';
+		$ch = curl_init();
+		curl_setopt($ch, CURLOPT_URL, $url);
+		curl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/' . $version);
+		if ($follow_location) {
+			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+		}
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+		$output = curl_exec($ch);
+		if ($output === false) {
+			$e = curl_error($ch);
+			curl_close($ch);
+			throw new \Exception("Curl error: " . $e);
+		}
+		curl_close($ch);
+		return $output;
+	}
+	
+	/**
+	 * Downloads and stores a file from an url
+	 *
+	 * @param string $url
+	 * @param string $target
+	 *
+	 * @return array
+	 */
+	public static function fileGet($url, $target)
+	{
+		include FROXLOR_INSTALL_DIR . '/lib/version.inc.php';
+		$fh = fopen($target, 'w');
+		$ch = curl_init();
+		curl_setopt($ch, CURLOPT_URL, $url);
+		curl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/' . $version);
+		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+		curl_setopt($ch, CURLOPT_TIMEOUT, 50);
+		//give curl the file pointer so that it can write to it
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+		curl_setopt($ch, CURLOPT_FILE, $fh);
+		$output = curl_exec($ch);
+		if ($output === false) {
+			$e = curl_error($ch);
+			curl_close($ch);
+			throw new \Exception("Curl error: " . $e);
+		}
+		curl_close($ch);
+		return $output;
+	}
+}
--- a/lib/classes/config/class.ConfigDaemon.php
+++ b/lib/classes/config/class.ConfigDaemon.php
@@ -71,7 +71,7 @@ class ConfigDaemon {
 	 * @var string
 	 */
 	public $title;
-	
+
 	/**
 	 * Whether this is the default daemon of the service-category
 	 * @var boolean
@@ -321,7 +321,7 @@ class ConfigDaemon {
 		if (array_key_exists('chown', $attributes)) {
 			$return[] = array('type' => 'command', 'content' => 'chown ' . $attributes['chown'] . ' "' . $this->_parseContent($attributes['name']) . '"', 'execute' => "post");
 		}
-		
+
 		// If we have more than 1 element, we want to group this stuff for easier processing later
 		if (count($return) > 1) {
 			$return = array('type' => 'file', 'subcommands' => $return, 'name' => $this->_parseContent($attributes['name']));
@@ -399,10 +399,11 @@ class ConfigDaemon {
 			case "false": if ($order == true) { $return = -1; }; break;
 			case "true": if ($order == false) { $return = -1; }; break;
 			case "notempty": if ($order == "") { $return = -1; }; break;
-			case "userexists": if (posix_getpwnam($order) === false) { $return = -1; }; break;
-			case "groupexists": if (posix_getgrnam($order) === false) { $return = -1; }; break;
-			case "usernotexists": if (is_array(posix_getpwnam($order))) { $return = -1; }; break;
-			case "groupnotexists": if (is_array(posix_getgrnam($order))) { $return = -1; }; break;
+			case "userexists": if (posix_getpwuid($order) === false) { $return = -1; }; break;
+			case "groupexists": if (posix_getgrgid($order) === false) { $return = -1; }; break;
+			case "usernotexists": if (is_array(posix_getpwuid($order))) { $return = -1; }; break;
+			case "groupnotexists": if (is_array(posix_getgrgid($order))) { $return = -1; }; break;
+			case "usernamenotexists": if (is_array(posix_getpwnam($order))) { $return = -1; }; break;
 			case "equals": $return = (isset($attributes['value']) && $attributes['value'] == $order ? 0 : -1); break;
 		}
 		return $return;
--- a/lib/classes/database/class.Database.php
+++ b/lib/classes/database/class.Database.php
@@ -28,6 +28,11 @@
 * @author     Froxlor team <team@froxlor.org> (2010-)
 * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
 * @package    Classes
+ *
+ * @method static \PDOStatement prepare($statement, array $driver_options = null) Prepares a statement for execution and returns a statement object
+ * @method static \PDOStatement query ($statement) Executes an SQL statement, returning a result set as a PDOStatement object
+ * @method static string lastInsertId ($name = null) Returns the ID of the last inserted row or sequence value
+ * @method static string quote ($string, $parameter_type = null) Quotes a string for use in a query.
 */
 class Database {

@@ -262,7 +267,7 @@ class Database {
 		// build up connection string
 		$driver = 'mysql';
 		$dsn = $driver.":";
-		$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'set names utf8');
+		$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET names utf8,sql_mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"');
 		$attributes = array('ATTR_ERRMODE' => 'ERRMODE_EXCEPTION');

 		$dbconf["dsn"] = array(
--- a/lib/classes/database/manager/class.DbManagerMySQL.php
+++ b/lib/classes/database/manager/class.DbManagerMySQL.php
@@ -134,7 +134,7 @@ class DbManagerMySQL {
 	 * @param string $host (unused in mysql)
 	 */
 	public function disableUser($username = null, $host = null) {
-		$stmt = Database::prepare("REVOKE ALL PRIVILEGES, GRANT OPTION FROM `".$row_database['databasename']."`");
+		$stmt = Database::prepare('REVOKE ALL PRIVILEGES, GRANT OPTION FROM `' . $username . '`@`' . $host . '`');
 		Database::pexecute($stmt, array(), false);
 	}

--- a/lib/classes/dns/class.DnsEntry.php
+++ b/lib/classes/dns/class.DnsEntry.php
@@ -41,7 +41,31 @@ class DnsEntry

 	public function __toString()
 	{
-		$result = $this->record . "\t" . $this->ttl . "\t" . $this->class . "\t" . $this->type . "\t" . (($this->priority >= 0 && ($this->type == 'MX' || $this->type == 'SRV')) ? $this->priority . "\t" : "") . $this->content . PHP_EOL;
+		$_content = $this->content;
+		// check content length for txt records for bind9 (multiline)
+		if (Settings::Get('system.dns_server') != 'pdns' && $this->type == 'TXT' && strlen($_content) >= 255) {
+			// split string
+			$_contentlines = str_split($_content, 254);
+			// first line
+			$_l = array_shift($_contentlines);
+			// check for starting quote
+			if (substr($_l, 0, 1) == '"') {
+				$_l = substr($_l, 1);
+			}
+			$_content = '("' . $_l . '"' . PHP_EOL;
+			$_l = array_pop($_contentlines);
+			// check for ending quote
+			if (substr($_l, - 1) == '"') {
+				$_l = substr($_l, 0, - 1);
+			}
+			foreach ($_contentlines as $_cl) {
+				// lines in between
+				$_content .= "\t\t\t\t" . '"' . $_cl . '"' . PHP_EOL;
+			}
+			// last line
+			$_content .= "\t\t\t\t" . '"' . $_l . '")';
+		}
+		$result = $this->record . "\t" . $this->ttl . "\t" . $this->class . "\t" . $this->type . "\t" . (($this->priority >= 0 && ($this->type == 'MX' || $this->type == 'SRV')) ? $this->priority . "\t" : "") . $_content . PHP_EOL;
 		return $result;
 	}
 }
--- a/lib/classes/idna/class.idna_convert_wrapper.php
+++ b/lib/classes/idna/class.idna_convert_wrapper.php
@@ -67,6 +67,16 @@ class idna_convert_wrapper
 		}
 	}

+	public function encode_uri($to_encode)
+	{
+		if (version_compare("5.6.0", PHP_VERSION, ">=")) {
+			return $this->_do_action('encode', $to_encode);
+		} else {
+			$to_encode = $this->is_utf8($to_encode) ? $to_encode : utf8_encode($to_encode);
+			return $this->idna_converter->encodeUri($to_encode);
+		}
+	}
+
 	/**
 	 * Decode a domain name, a email address or a list of one of both.
 	 *
--- a/lib/classes/integrity/class.IntegrityCheck.php
+++ b/lib/classes/integrity/class.IntegrityCheck.php
@@ -85,11 +85,10 @@ class IntegrityCheck {
 				// fix database
 				Database::query('ALTER DATABASE `' . Database::getDbName() . '` CHARACTER SET utf8 COLLATE utf8_general_ci');
 				// fix all tables
-				$handle = Database::query('SHOW TABLES');
-				while ($row = $handle->fetch(PDO::FETCH_ASSOC)) {
-					foreach ($row as $table) {
-						Database::query('ALTER TABLE `' . $table . '` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;');
-					}
+				$handle = Database::query('SHOW FULL TABLES WHERE Table_type != "VIEW"');
+				while ($row = $handle->fetch(PDO::FETCH_BOTH)) {
+					$table = $row[0];
+					Database::query('ALTER TABLE `' . $table . '` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;');
 				}
 				$this->_log->logAction(ADM_ACTION, LOG_WARNING, "database charset was different from UTF-8, integrity-check fixed that");
 			} else {
--- a/lib/classes/output/class.CmdLineHandler.php
+++ b/lib/classes/output/class.CmdLineHandler.php
@@ -0,0 +1,196 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2018 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Froxlor team <team@froxlor.org> (2018-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Cron
+ *
+ */
+abstract class CmdLineHandler
+{
+
+	/**
+	 * internal variable for passed arguments
+	 *
+	 * @var array
+	 */
+	private static $args = null;
+
+	/**
+	 * Action object read from commandline/config
+	 *
+	 * @var Action
+	 */
+	private $_action = null;
+
+	/**
+	 * Returns a CmdLineHandler object with given
+	 * arguments from command line
+	 *
+	 * @param int $argc
+	 * @param array $argv
+	 *
+	 * @return CmdLineHandler
+	 */
+	public static function processParameters($argc, $argv)
+	{
+		$me = get_called_class();
+		return new $me($argc, $argv);
+	}
+
+	/**
+	 * returns the Action object generated in
+	 * the class constructor
+	 *
+	 * @return Action
+	 */
+	public function getAction()
+	{
+		return $this->_action;
+	}
+
+	/**
+	 * class constructor, validates the command line parameters
+	 * and sets the Action-object if valid
+	 *
+	 * @param int $argc
+	 * @param string[] $argv
+	 *
+	 * @return null
+	 * @throws Exception
+	 */
+	private function __construct($argc, $argv)
+	{
+		self::$args = $this->_parseArgs($argv);
+		$this->_action = $this->_createAction();
+	}
+
+	/**
+	 * Parses the arguments given via the command line;
+	 * three types are supported:
+	 * 1.
+	 * --parm1 or --parm2=value
+	 * 2. -xyz (multiple switches in one) or -a=value
+	 * 3. parm1 parm2
+	 *
+	 * The 1. will be mapped as
+	 * ["parm1"] => true, ["parm2"] => "value"
+	 * The 2. as
+	 * ["x"] => true, ["y"] => true, ["z"] => true, ["a"] => "value"
+	 * And the 3. as
+	 * [0] => "parm1", [1] => "parm2"
+	 *
+	 * @param array $argv
+	 *
+	 * @return array
+	 */
+	private function _parseArgs($argv)
+	{
+		array_shift($argv);
+		$o = array();
+		foreach ($argv as $a) {
+			if (substr($a, 0, 2) == '--') {
+				$eq = strpos($a, '=');
+				if ($eq !== false) {
+					$o[substr($a, 2, $eq - 2)] = substr($a, $eq + 1);
+				} else {
+					$k = substr($a, 2);
+					if (! isset($o[$k])) {
+						$o[$k] = true;
+					}
+				}
+			} else if (substr($a, 0, 1) == '-') {
+				if (substr($a, 2, 1) == '=') {
+					$o[substr($a, 1, 1)] = substr($a, 3);
+				} else {
+					foreach (str_split(substr($a, 1)) as $k) {
+						if (! isset($o[$k])) {
+							$o[$k] = true;
+						}
+					}
+				}
+			} else {
+				$o[] = $a;
+			}
+		}
+		return $o;
+	}
+
+	/**
+	 * Creates an Action-Object for the Action-Handler
+	 *
+	 * @return Action
+	 * @throws Exception
+	 */
+	private function _createAction()
+	{
+		
+		// Test for help-switch
+		if (empty(self::$args) || array_key_exists("help", self::$args) || array_key_exists("h", self::$args)) {
+			static::printHelp();
+			// end of execution
+		}
+		// check if no unknown parameters are present
+		foreach (self::$args as $arg => $value) {
+			
+			if (is_numeric($arg)) {
+				throw new Exception("Unknown parameter '" . $value . "' in argument list");
+			} elseif (! in_array($arg, static::$params) && ! in_array($arg, static::$switches)) {
+				throw new Exception("Unknown parameter '" . $arg . "' in argument list");
+			}
+		}
+		
+		// set debugger switch
+		if (isset(self::$args["d"]) && self::$args["d"] == true) {
+			// Debugger::getInstance()->setEnabled(true);
+			// Debugger::getInstance()->debug("debug output enabled");
+		}
+		
+		return new static::$action_class(self::$args);
+	}
+
+	public static function getInput($prompt = "#", $default = "")
+	{
+		if (! empty($default)) {
+			$prompt .= " [" . $default . "]";
+		}
+		$result = readline($prompt . ":");
+		if (empty($result) && ! empty($default)) {
+			$result = $default;
+		}
+		return mb_strtolower($result);
+	}
+
+	public static function println($msg = "")
+	{
+		print $msg . PHP_EOL;
+	}
+
+	private static function _printcolor($msg = "", $color = "0")
+	{
+		print "\033[" . $color . "m" . $msg . "\033[0m" . PHP_EOL;
+	}
+
+	public static function printerr($msg = "")
+	{
+		self::_printcolor($msg, "31");
+	}
+
+	public static function printsucc($msg = "")
+	{
+		self::_printcolor($msg, "32");
+	}
+
+	public static function printwarn($msg = "")
+	{
+		self::_printcolor($msg, "33");
+	}
+}
--- a/lib/classes/output/class.htmlform.php
+++ b/lib/classes/output/class.htmlform.php
@@ -122,6 +122,8 @@ class htmlform
 				return self::_checkbox($fieldname, $data); break;
 			case 'file':
 				return self::_file($fieldname, $data); break;
+			case 'int':
+				return self::_int($fieldname, $data); break;
 		}
 	}

@@ -313,4 +315,29 @@ class htmlform
 		return $return;
 	}

+	private static function _int($fieldname = '', $data = array())
+	{
+		$return = '';
+		$extras = '';
+		if(isset($data['int_min'])) {
+			$extras .= ' min="'.$data['int_min'].'"';
+		}
+		if(isset($data['int_max'])) {
+			$extras .= ' max="'.$data['int_max'].'"';
+		}
+
+		// add support to save reloaded forms
+		if (isset($data['value'])) {
+			$value = $data['value'];
+		} elseif (isset($_SESSION['requestData'][$fieldname])) {
+			$value = $_SESSION['requestData'][$fieldname];
+		} else {
+			$value = '';
+		}
+
+		$type = 'number';
+		$ulfield = '';
+		eval("\$return = \"" . getTemplate("misc/form/input_text", "1") . "\";");
+		return $return;
+	}
 }
--- a/lib/classes/output/class.paging.php
+++ b/lib/classes/output/class.paging.php
@@ -88,6 +88,8 @@ class paging {
 	 * @var bool
 	 */
 	private $natSorting = false;
+	
+	private $_limit = 0;

 	/**
 	 * Class constructor. Loads settings from request or from userdata and saves them to session.
@@ -101,7 +103,7 @@ class paging {
 	 * @param string $default_order default sorting order 'asc' or 'desc'
 	 *
 	 */
-	public function __construct($userinfo, $table, $fields, $entriesperpage = 0, $natSorting = false, $default_field = 0, $default_order = 'asc') {
+	public function __construct($userinfo, $table, $fields, $entriesperpage = 0, $natSorting = false, $default_field = 0, $default_order = 'asc', $limit = 0) {

 		// entries per page and natsorting-flag are not
 		// passed as parameter anymore, because these are
@@ -112,7 +114,7 @@ class paging {
 		$this->userinfo = $userinfo;

 		if (!is_array($this->userinfo['lastpaging'])) {
-			$this->userinfo['lastpaging'] = unserialize($this->userinfo['lastpaging']);
+			$this->userinfo['lastpaging'] = json_decode($this->userinfo['lastpaging'], true);
 		}

 		$this->table = $table;
@@ -222,7 +224,7 @@ class paging {
 			AND `adminsession` = :adminsession
 		");
 		$upd_data = array(
-			'lastpaging' => serialize($this->userinfo['lastpaging']),
+			'lastpaging' => json_encode($this->userinfo['lastpaging']),
 			'hash' => $userinfo['hash'],
 			'userid' => $userinfo['userid'],
 			'ipaddr' => $userinfo['ipaddress'],
@@ -230,6 +232,8 @@ class paging {
 			'adminsession' => $userinfo['adminsession']
 		);
 		Database::pexecute($upd_stmt, $upd_data);
+		
+		$this->_limit = $limit;
 	}

 	/**
@@ -319,6 +323,8 @@ class paging {
 				$condition.= $searchfield . " ".$oper." " . Database::quote($searchtext);
 			} else {
 				$searchtext = str_replace('*', '%', $this->searchtext);
+				// append wildcards if user did not enter any
+				if (strpos($searchtext,'%') === false) $searchtext='%'.$searchtext.'%';
 				$condition.= $searchfield . " LIKE " . Database::quote($searchtext);
 			}
 			
@@ -376,6 +382,11 @@ class paging {
 	 * @return string always empty
 	 */
 	public function getSqlLimit() {
+
+		if ($this->_limit > 0) {
+			$_offset = ($this->pageno - 1) * $this->_limit;
+			return ' LIMIT '.$_offset.','.$this->_limit;
+		}
 		/**
 		 * currently not in use
 		 */
--- a/lib/classes/phpinterface/class.phpinterface.php
+++ b/lib/classes/phpinterface/class.phpinterface.php
@@ -91,6 +91,12 @@ class phpinterface {
 					SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
 			);
 			$this->_php_configs_cache[$php_config_id] = Database::pexecute_first($stmt, array('id' => $php_config_id));
+			if ((int)Settings::Get('phpfpm.enabled') == 1) {
+				$stmt = Database::prepare("
+					SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id"
+				);
+				$this->_php_configs_cache[$php_config_id]['fpm_settings'] = Database::pexecute_first($stmt, array('id' => $this->_php_configs_cache[$php_config_id]['fpmsettingid']));
+			}
 		}

 		return $this->_php_configs_cache[$php_config_id];
--- a/lib/classes/phpinterface/class.phpinterface_fcgid.php
+++ b/lib/classes/phpinterface/class.phpinterface_fcgid.php
@@ -135,15 +135,6 @@ class phpinterface_fcgid {
 			$openbasedir .= appendOpenBasedirPath($this->getTempDir());
 			$openbasedir .= $_phpappendopenbasedir;

-			$openbasedir = explode(':', $openbasedir);
-			$clean_openbasedir = array();
-			foreach ($openbasedir as $number => $path) {
-				if (trim($path) != '/') {
-					$clean_openbasedir[] = makeCorrectDir($path);
-				}
-			}
-			$openbasedir = implode(':', $clean_openbasedir);
-
 		} else {
 			$openbasedir = 'none';
 			$openbasedirc = ';';
@@ -166,14 +157,13 @@ class phpinterface_fcgid {
 		);

 		//insert a small header for the file
-
 		$phpini_file = ";\n";
 		$phpini_file.= "; php.ini created/changed on " . date("Y.m.d H:i:s") . " for domain '" . $this->_domain['domain'] . "' with id #" . $this->_domain['id'] . " from php template '" . $phpconfig['description'] . "' with id #" . $phpconfig['id'] . "\n";
 		$phpini_file.= "; Do not change anything in this file, it will be overwritten by the Froxlor Cronjob!\n";
 		$phpini_file.= ";\n\n";
 		$phpini_file.= replace_variables($phpconfig['phpsettings'], $php_ini_variables);
 		$phpini_file = str_replace('"none"', 'none', $phpini_file);
-		$phpini_file = preg_replace('/\"+/', '"', $phpini_file);
+		//$phpini_file = preg_replace('/\"+/', '"', $phpini_file);
 		$phpini_file_handler = fopen($this->getIniFile(), 'w');
 		fwrite($phpini_file_handler, $phpini_file);
 		fclose($phpini_file_handler);
--- a/lib/classes/phpinterface/class.phpinterface_fpm.php
+++ b/lib/classes/phpinterface/class.phpinterface_fpm.php
@@ -18,19 +18,28 @@
 * @since      0.9.16
 *
 */
-
-class phpinterface_fpm {
+class phpinterface_fpm
+{

 	/**
 	 * Domain-Data array
+	 *
 	 * @var array
-	*/
+	 */
 	private $_domain = array();

 	/**
-	 * Admin-Date cache array
+	 * fpm config
+	 *
 	 * @var array
-	*/
+	 */
+	private $_fpm_cfg = array();
+
+	/**
+	 * Admin-Date cache array
+	 *
+	 * @var array
+	 */
 	private $_admin_cache = array();

 	/**
@@ -38,119 +47,38 @@ class phpinterface_fpm {
 	 * Mostly taken from http://php.net/manual/en/ini.list.php
 	 *
 	 * @var array
-	*/
-	private $_ini = array(
-			'php_value' => array(
-				'auto_append_file',
-				'auto_prepend_file',
-				'date.timezone',
-				'default_charset',
-				'error_reporting',
-				'include_path',
-				'log_errors_max_len',
-				'mail.log',
-				'max_execution_time',
-				'session.cookie_domain',
-				'session.cookie_lifetime',
-				'session.cookie_path',
-				'session.name',
-				'session.serialize_handler',
-				'upload_max_filesize',
-				'xmlrpc_error_number',
-				'session.auto_start',
-				'always_populate_raw_post_data',
-				'suhosin.session.cryptkey',
-				'suhosin.session.cryptraddr',
-				'suhosin.session.checkraddr',
-				'suhosin.cookie.cryptkey',
-				'suhosin.cookie.plainlist',
-				'suhosin.cookie.cryptraddr',
-				'suhosin.cookie.checkraddr',
-				'suhosin.executor.func.blacklist',
-				'suhosin.executor.eval.whitelist'
-			),
-			'php_flag' => array(
-				'asp_tags',
-				'display_errors',
-				'display_startup_errors',
-				'html_errors',
-				'log_errors',
-				'magic_quotes_gpc',
-				'magic_quotes_runtime',
-				'magic_quotes_sybase',
-				'mail.add_x_header',
-				'session.cookie_secure',
-				'session.use_cookies',
-				'short_open_tag',
-				'track_errors',
-				'xmlrpc_errors',
-				'suhosin.simulation',
-				'suhosin.session.encrypt',
-				'suhosin.session.cryptua',
-				'suhosin.session.cryptdocroot',
-				'suhosin.cookie.encrypt',
-				'suhosin.cookie.cryptua',
-				'suhosin.cookie.cryptdocroot',
-				'suhosin.executor.disable_eval',
-				'mbstring.func_overload'
-			),
-			'php_admin_value' => array(
-				'cgi.redirect_status_env',
-				'date.timezone',
-				'disable_classes',
-				'disable_functions',
-				'error_log',
-				'gpc_order',
-				'max_input_time',
-				'max_input_vars',
-				'memory_limit',
-				'open_basedir',
-				'output_buffering',
-				'post_max_size',
-				'precision',
-				'sendmail_path',
-				'session.gc_divisor',
-				'session.gc_probability',
-				'variables_order',
-				'opcache.log_verbosity_level',
-				'opcache.restrict_api',
-				'opcache.revalidate_freq',
-				'opcache.max_accelerated_files',
-				'opcache.memory_consumption',
-				'opcache.interned_strings_buffer'
-			),
-			'php_admin_flag' => array(
-				'allow_call_time_pass_reference',
-				'allow_url_fopen',
-				'allow_url_include',
-				'auto_detect_line_endings',
-				'cgi.fix_pathinfo',
-				'cgi.force_redirect',
-				'enable_dl',
-				'expose_php',
-				'file_uploads',
-				'ignore_repeated_errors',
-				'ignore_repeated_source',
-				'log_errors',
-				'register_argc_argv',
-				'report_memleaks',
-				'opcache.enable',
-				'opcache.consistency_checks',
-				'opcache.dups_fix',
-				'opcache.load_comments',
-				'opcache.revalidate_path',
-				'opcache.save_comments',
-				'opcache.use_cwd',
-				'opcache.validate_timestamps',
-				'opcache.fast_shutdown'
-			)
-	);
+	 */
+	private $_ini = array();

 	/**
 	 * main constructor
-	*/
-	public function __construct($domain) {
+	 */
+	public function __construct($domain)
+	{
+		if (!isset($domain['fpm_config_id']) || empty($domain['fpm_config_id'])) {
+			$domain['fpm_config_id'] = 1;
+		}
 		$this->_domain = $domain;
+		$this->_readFpmConfig($domain['fpm_config_id']);
+		$this->_buildIniMapping();
+	}
+
+	private function _buildIniMapping()
+	{
+		$this->_ini = array(
+			'php_flag' => explode("\n", Settings::Get('phpfpm.ini_flags')),
+			'php_value' => explode("\n", Settings::Get('phpfpm.ini_values')),
+			'php_admin_flag' => explode("\n", Settings::Get('phpfpm.ini_admin_flags')),
+			'php_admin_value' => explode("\n", Settings::Get('phpfpm.ini_admin_values'))
+		);
+	}
+
+	private function _readFpmConfig($fpm_config_id)
+	{
+		$stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id");
+		$this->_fpm_cfg = Database::pexecute_first($stmt, array(
+			'id' => $fpm_config_id
+		));
 	}

 	/**
@@ -158,47 +86,60 @@ class phpinterface_fpm {
 	 *
 	 * @param array $phpconfig
 	 */
-	public function createConfig($phpconfig) {
-
+	public function createConfig($phpconfig)
+	{
 		$fh = @fopen($this->getConfigFile(), 'w');
-
+		
 		if ($fh) {
-			$fpm_pm = Settings::Get('phpfpm.pm');
-			$fpm_children = (int)Settings::Get('phpfpm.max_children');
-			$fpm_start_servers = (int)Settings::Get('phpfpm.start_servers');
-			$fpm_min_spare_servers = (int)Settings::Get('phpfpm.min_spare_servers');
-			$fpm_max_spare_servers = (int)Settings::Get('phpfpm.max_spare_servers');
-			$fpm_requests = (int)Settings::Get('phpfpm.max_requests');
-			$fpm_process_idle_timeout = (int)Settings::Get('phpfpm.idle_timeout');
-
+			
+			if ($phpconfig['override_fpmconfig'] == 1) {
+				$this->_fpm_cfg['pm'] = $phpconfig['pm'];
+				$this->_fpm_cfg['max_children'] = $phpconfig['max_children'];
+				$this->_fpm_cfg['start_servers'] = $phpconfig['start_servers'];
+				$this->_fpm_cfg['min_spare_servers'] = $phpconfig['min_spare_servers'];
+				$this->_fpm_cfg['max_spare_servers'] = $phpconfig['max_spare_servers'];
+				$this->_fpm_cfg['max_requests'] = $phpconfig['max_requests'];
+				$this->_fpm_cfg['idle_timeout'] = $phpconfig['idle_timeout'];
+				$this->_fpm_cfg['limit_extensions'] = $phpconfig['limit_extensions'];
+			}
+			
+			$fpm_pm = $this->_fpm_cfg['pm'];
+			$fpm_children = (int) $this->_fpm_cfg['max_children'];
+			$fpm_start_servers = (int) $this->_fpm_cfg['start_servers'];
+			$fpm_min_spare_servers = (int) $this->_fpm_cfg['min_spare_servers'];
+			$fpm_max_spare_servers = (int) $this->_fpm_cfg['max_spare_servers'];
+			$fpm_requests = (int) $this->_fpm_cfg['max_requests'];
+			$fpm_process_idle_timeout = (int) $this->_fpm_cfg['idle_timeout'];
+			$fpm_limit_extensions = $this->_fpm_cfg['limit_extensions'];
+			
 			if ($fpm_children == 0) {
 				$fpm_children = 1;
 			}
-
-			$fpm_config = ';PHP-FPM configuration for "'.$this->_domain['domain'].'" created on ' . date("Y.m.d H:i:s") . "\n";
-			$fpm_config.= '['.$this->_domain['domain'].']'."\n";
-			$fpm_config.= 'listen = '.$this->getSocketFile()."\n";
+			
+			$fpm_config = ';PHP-FPM configuration for "' . $this->_domain['domain'] . '" created on ' . date("Y.m.d H:i:s") . "\n";
+			$fpm_config .= '[' . $this->_domain['domain'] . ']' . "\n";
+			$fpm_config .= 'listen = ' . $this->getSocketFile() . "\n";
 			if ($this->_domain['loginname'] == 'froxlor.panel') {
-				$fpm_config.= 'listen.owner = '.$this->_domain['guid']."\n";
-				$fpm_config.= 'listen.group = '.$this->_domain['guid']."\n";
+				$fpm_config .= 'listen.owner = ' . $this->_domain['guid'] . "\n";
+				$fpm_config .= 'listen.group = ' . $this->_domain['guid'] . "\n";
 			} else {
-				$fpm_config.= 'listen.owner = '.$this->_domain['loginname']."\n";
-				$fpm_config.= 'listen.group = '.$this->_domain['loginname']."\n";
+				$fpm_config .= 'listen.owner = ' . $this->_domain['loginname'] . "\n";
+				$fpm_config .= 'listen.group = ' . $this->_domain['loginname'] . "\n";
 			}
 			// see #1418 why this is 0660
-			$fpm_config.= 'listen.mode = 0660'."\n";
-
+			$fpm_config .= 'listen.mode = 0660' . "\n";
+			
 			if ($this->_domain['loginname'] == 'froxlor.panel') {
-				$fpm_config.= 'user = '.$this->_domain['guid']."\n";
-				$fpm_config.= 'group = '.$this->_domain['guid']."\n";
+				$fpm_config .= 'user = ' . $this->_domain['guid'] . "\n";
+				$fpm_config .= 'group = ' . $this->_domain['guid'] . "\n";
 			} else {
-				$fpm_config.= 'user = '.$this->_domain['loginname']."\n";
-				$fpm_config.= 'group = '.$this->_domain['loginname']."\n";
+				$fpm_config .= 'user = ' . $this->_domain['loginname'] . "\n";
+				$fpm_config .= 'group = ' . $this->_domain['loginname'] . "\n";
 			}
-
-			$fpm_config.= 'pm = '.$fpm_pm."\n";
-			$fpm_config.= 'pm.max_children = '.$fpm_children."\n";
-
+			
+			$fpm_config .= 'pm = ' . $fpm_pm . "\n";
+			$fpm_config .= 'pm.max_children = ' . $fpm_children . "\n";
+			
 			if ($fpm_pm == 'dynamic') {
 				// honor max_children
 				if ($fpm_children < $fpm_min_spare_servers) {
@@ -214,35 +155,40 @@ class phpinterface_fpm {
 				if ($fpm_start_servers > $fpm_max_spare_servers) {
 					$fpm_start_servers = $fpm_max_spare_servers;
 				}
-				$fpm_config.= 'pm.start_servers = '.$fpm_start_servers."\n";
-				$fpm_config.= 'pm.min_spare_servers = '.$fpm_min_spare_servers."\n";
-				$fpm_config.= 'pm.max_spare_servers = '.$fpm_max_spare_servers."\n";
+				$fpm_config .= 'pm.start_servers = ' . $fpm_start_servers . "\n";
+				$fpm_config .= 'pm.min_spare_servers = ' . $fpm_min_spare_servers . "\n";
+				$fpm_config .= 'pm.max_spare_servers = ' . $fpm_max_spare_servers . "\n";
 			} elseif ($fpm_pm == 'ondemand') {
-				$fpm_config.= 'pm.process_idle_timeout = '.$fpm_process_idle_timeout."\n";
+				$fpm_config .= 'pm.process_idle_timeout = ' . $fpm_process_idle_timeout . "\n";
 			}
-
-			$fpm_config.= 'pm.max_requests = '.$fpm_requests."\n";
-
+			
+			$fpm_config .= 'pm.max_requests = ' . $fpm_requests . "\n";
+			
 			// possible slowlog configs
 			if ($phpconfig['fpm_slowlog'] == '1') {
-				$fpm_config.= 'request_terminate_timeout = ' . $phpconfig['fpm_reqterm'] . "\n";
-				$fpm_config.= 'request_slowlog_timeout = ' . $phpconfig['fpm_reqslow'] . "\n";
+				$fpm_config .= 'request_terminate_timeout = ' . $phpconfig['fpm_reqterm'] . "\n";
+				$fpm_config .= 'request_slowlog_timeout = ' . $phpconfig['fpm_reqslow'] . "\n";
 				$slowlog = makeCorrectFile(Settings::Get('system.logfiles_directory') . '/' . $this->_domain['loginname'] . '-php-slow.log');
-				$fpm_config.= 'slowlog = ' . $slowlog . "\n";
-				$fpm_config.= 'catch_workers_output = yes' . "\n";
+				$fpm_config .= 'slowlog = ' . $slowlog . "\n";
+				$fpm_config .= 'catch_workers_output = yes' . "\n";
 			}
-
-			$fpm_config.= ';chroot = '.makeCorrectDir($this->_domain['documentroot'])."\n";
-
+			
+			$fpm_config .= ';chroot = ' . makeCorrectDir($this->_domain['documentroot']) . "\n";
+			$fpm_config .= 'security.limit_extensions = '.$fpm_limit_extensions . "\n";
+			
 			$tmpdir = makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/');
-			if (!is_dir($tmpdir)) {
+			if (! is_dir($tmpdir)) {
 				$this->getTempDir();
 			}
-
-			$fpm_config.= 'env[TMP] = '.$tmpdir."\n";
-			$fpm_config.= 'env[TMPDIR] = '.$tmpdir."\n";
-			$fpm_config.= 'env[TEMP] = '.$tmpdir."\n";
-
+			
+			$env_path = Settings::Get('phpfpm.envpath');
+			if (!empty($env_path)) {
+				$fpm_config .= 'env[PATH] = ' . $env_path . "\n";
+			}
+			$fpm_config .= 'env[TMP] = ' . $tmpdir . "\n";
+			$fpm_config .= 'env[TMPDIR] = ' . $tmpdir . "\n";
+			$fpm_config .= 'env[TEMP] = ' . $tmpdir . "\n";
+			
 			$openbasedir = '';
 			if ($this->_domain['loginname'] != 'froxlor.panel') {
 				if ($this->_domain['openbasedir'] == '1') {
@@ -251,56 +197,45 @@ class phpinterface_fpm {
 					foreach ($_custom_openbasedir as $cobd) {
 						$_phpappendopenbasedir .= appendOpenBasedirPath($cobd);
 					}
-
+					
 					$_custom_openbasedir = explode(':', Settings::Get('system.phpappendopenbasedir'));
 					foreach ($_custom_openbasedir as $cobd) {
 						$_phpappendopenbasedir .= appendOpenBasedirPath($cobd);
 					}
-
-					if ($this->_domain['openbasedir_path'] == '0'
-							&& strstr($this->_domain['documentroot'], ":") === false
-					) {
+					
+					if ($this->_domain['openbasedir_path'] == '0' && strstr($this->_domain['documentroot'], ":") === false) {
 						$openbasedir = appendOpenBasedirPath($this->_domain['documentroot'], true);
 					} else {
 						$openbasedir = appendOpenBasedirPath($this->_domain['customerroot'], true);
 					}
-
+					
 					$openbasedir .= appendOpenBasedirPath($this->getTempDir());
 					$openbasedir .= $_phpappendopenbasedir;
-
-					$openbasedir = explode(':', $openbasedir);
-					$clean_openbasedir = array();
-					foreach ($openbasedir as $number => $path) {
-						if (trim($path) != '/') {
-							$clean_openbasedir[] = makeCorrectDir($path);
-						}
-					}
-					$openbasedir = implode(':', $clean_openbasedir);
 				}
 			}
-			$fpm_config.= 'php_admin_value[session.save_path] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";
-			$fpm_config.= 'php_admin_value[upload_tmp_dir] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";
-
+			$fpm_config .= 'php_admin_value[session.save_path] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";
+			$fpm_config .= 'php_admin_value[upload_tmp_dir] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";
+			
 			$admin = $this->_getAdminData($this->_domain['adminid']);
 			$php_ini_variables = array(
-					'SAFE_MODE' => 'Off', // keep this for compatibility, just in case
-					'PEAR_DIR' => Settings::Get('phpfpm.peardir'),
-					'TMP_DIR' => $this->getTempDir(),
-					'CUSTOMER_EMAIL' => $this->_domain['email'],
-					'ADMIN_EMAIL' => $admin['email'],
-					'DOMAIN' => $this->_domain['domain'],
-					'CUSTOMER' => $this->_domain['loginname'],
-					'ADMIN' => $admin['loginname'],
-					'OPEN_BASEDIR' => $openbasedir,
-					'OPEN_BASEDIR_C' => '',
-					'OPEN_BASEDIR_GLOBAL' => Settings::Get('system.phpappendopenbasedir'),
-					'DOCUMENT_ROOT' => makeCorrectDir($this->_domain['documentroot'])
+				'SAFE_MODE' => 'Off', // keep this for compatibility, just in case
+				'PEAR_DIR' => Settings::Get('phpfpm.peardir'),
+				'TMP_DIR' => $this->getTempDir(),
+				'CUSTOMER_EMAIL' => $this->_domain['email'],
+				'ADMIN_EMAIL' => $admin['email'],
+				'DOMAIN' => $this->_domain['domain'],
+				'CUSTOMER' => $this->_domain['loginname'],
+				'ADMIN' => $admin['loginname'],
+				'OPEN_BASEDIR' => $openbasedir,
+				'OPEN_BASEDIR_C' => '',
+				'OPEN_BASEDIR_GLOBAL' => Settings::Get('system.phpappendopenbasedir'),
+				'DOCUMENT_ROOT' => makeCorrectDir($this->_domain['documentroot'])
 			);
-
+			
 			$phpini = replace_variables($phpconfig['phpsettings'], $php_ini_variables);
 			$phpini_array = explode("\n", $phpini);
-
-			$fpm_config.= "\n\n";
+			
+			$fpm_config .= "\n\n";
 			foreach ($phpini_array as $inisection) {
 				$is = explode("=", $inisection);
 				foreach ($this->_ini as $sec => $possibles) {
@@ -309,17 +244,17 @@ class phpinterface_fpm {
 						if (trim($is[0]) == 'open_basedir' && $openbasedir == '') {
 							continue;
 						}
-						$fpm_config.= $sec.'['.trim($is[0]).'] = ' . trim($is[1]) . "\n";
+						$fpm_config .= $sec . '[' . trim($is[0]) . '] = ' . trim($is[1]) . "\n";
 					}
 				}
 			}
-
+			
 			// now check if 'sendmail_path' has not beed set in the custom-php.ini
 			// if not we use our fallback-default as usual
 			if (strpos($fpm_config, 'php_admin_value[sendmail_path]') === false) {
-				$fpm_config.= 'php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f '.$this->_domain['email']."\n";
+				$fpm_config .= 'php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f ' . $this->_domain['email'] . "\n";
 			}
-
+			
 			fwrite($fh, $fpm_config, strlen($fpm_config));
 			fclose($fh);
 		}
@@ -331,108 +266,138 @@ class phpinterface_fpm {
 	 *
 	 * @param string $phpconfig
 	 */
-	public function createIniFile($phpconfig) {
+	public function createIniFile($phpconfig)
+	{
 		return;
 	}

 	/**
 	 * fpm-config file
 	 *
-	 * @param boolean $createifnotexists create the directory if it does not exist
-	 *
+	 * @param boolean $createifnotexists
+	 *        	create the directory if it does not exist
+	 *        	
 	 * @return string the full path to the file
 	 */
-	public function getConfigFile($createifnotexists = true) {
-
-		$configdir = makeCorrectDir(Settings::Get('phpfpm.configdir'));
-		$config = makeCorrectFile($configdir.'/'.$this->_domain['domain'].'.conf');
-
-		if (!is_dir($configdir) && $createifnotexists) {
+	public function getConfigFile($createifnotexists = true)
+	{
+		$configdir = $this->_fpm_cfg['config_dir'];
+		$config = makeCorrectFile($configdir . '/' . $this->_domain['domain'] . '.conf');
+		
+		if (! is_dir($configdir) && $createifnotexists) {
 			safe_exec('mkdir -p ' . escapeshellarg($configdir));
 		}
-
+		
 		return $config;
 	}

 	/**
 	 * return path of fpm-socket file
 	 *
-	 * @param boolean $createifnotexists create the directory if it does not exist
-	 *
+	 * @param boolean $createifnotexists
+	 *        	create the directory if it does not exist
+	 *        	
 	 * @return string the full path to the socket
 	 */
-	public function getSocketFile($createifnotexists = true) {
-
+	public function getSocketFile($createifnotexists = true)
+	{
 		$socketdir = makeCorrectDir(Settings::Get('phpfpm.fastcgi_ipcdir'));
-		$socket = strtolower(makeCorrectFile($socketdir.'/'.$this->_domain['loginname'].'-'.$this->_domain['domain'].'-php-fpm.socket'));
-
-		if (!is_dir($socketdir) && $createifnotexists) {
-			safe_exec('mkdir -p '.escapeshellarg($socketdir));
-			safe_exec('chown -R '.Settings::Get('system.httpuser').':'.Settings::Get('system.httpgroup').' '.escapeshellarg($socketdir));
+		// add fpm-config-id to filename so it's unique for the fpm-daemon and doesn't interfere with running configs when reuilding
+		$socket = strtolower(makeCorrectFile($socketdir . '/' . $this->_domain['fpm_config_id'] . '-' . $this->_domain['loginname'] . '-' . $this->_domain['domain'] . '-php-fpm.socket'));
+		
+		if (! is_dir($socketdir) && $createifnotexists) {
+			safe_exec('mkdir -p ' . escapeshellarg($socketdir));
+			safe_exec('chown -R ' . Settings::Get('system.httpuser') . ':' . Settings::Get('system.httpgroup') . ' ' . escapeshellarg($socketdir));
 		}
-
+		
 		return $socket;
 	}

 	/**
 	 * fpm-temp directory
 	 *
-	 * @param boolean $createifnotexists create the directory if it does not exist
-	 *
+	 * @param boolean $createifnotexists
+	 *        	create the directory if it does not exist
+	 *        	
 	 * @return string the directory
 	 */
-	public function getTempDir($createifnotexists = true) {
-
+	public function getTempDir($createifnotexists = true)
+	{
 		$tmpdir = makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/');
-
-		if (!is_dir($tmpdir) && $createifnotexists) {
+		
+		if (! is_dir($tmpdir) && $createifnotexists) {
 			safe_exec('mkdir -p ' . escapeshellarg($tmpdir));
 			safe_exec('chown -R ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($tmpdir));
 			safe_exec('chmod 0750 ' . escapeshellarg($tmpdir));
 		}
-
+		
 		return $tmpdir;
 	}

 	/**
 	 * fastcgi-fakedirectory directory
 	 *
-	 * @param boolean $createifnotexists create the directory if it does not exist
-	 *
+	 * @param boolean $createifnotexists
+	 *        	create the directory if it does not exist
+	 *        	
 	 * @return string the directory
 	 */
-	public function getAliasConfigDir($createifnotexists = true) {
-
+	public function getAliasConfigDir($createifnotexists = true)
+	{
+		
 		// ensure default...
 		if (Settings::Get('phpfpm.aliasconfigdir') == null) {
 			Settings::Set('phpfpm.aliasconfigdir', '/var/www/php-fpm');
 		}
-
+		
 		$configdir = makeCorrectDir(Settings::Get('phpfpm.aliasconfigdir') . '/' . $this->_domain['loginname'] . '/' . $this->_domain['domain'] . '/');
-		if (!is_dir($configdir) && $createifnotexists) {
+		if (! is_dir($configdir) && $createifnotexists) {
 			safe_exec('mkdir -p ' . escapeshellarg($configdir));
 			safe_exec('chown ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($configdir));
 		}
-
+		
 		return $configdir;
 	}

+	/**
+	 * create a dummy fpm pool config with minimal configuration
+	 * (this is used whenever a config directory is empty but needs at least one pool to startup/restart)
+	 *
+	 * @param string $configdir
+	 */
+	public static function createDummyPool($configdir)
+	{
+		if (! is_dir($configdir)) {
+			safe_exec('mkdir -p ' . escapeshellarg($configdir));
+		}
+		$config = makeCorrectFile($configdir . '/dummy.conf');
+		$dummy = "[dummy]
+user = ".Settings::Get('system.httpuser')."
+listen = /run/" . md5($configdir) . "-fpm.sock
+pm = static
+pm.max_children = 1
+";
+		file_put_contents($config, $dummy);
+	}
+
 	/**
 	 * return the admin-data of a specific admin
 	 *
-	 * @param int $adminid id of the admin-user
-	 *
+	 * @param int $adminid
+	 *        	id of the admin-user
+	 *        	
 	 * @return array
 	 */
-	private function _getAdminData($adminid) {
-
+	private function _getAdminData($adminid)
+	{
 		$adminid = intval($adminid);
-
-		if (!isset($this->_admin_cache[$adminid])) {
+		
+		if (! isset($this->_admin_cache[$adminid])) {
 			$stmt = Database::prepare("
-					SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :id"
-			);
-			$this->_admin_cache[$adminid] = Database::pexecute_first($stmt, array('id' => $adminid));
+					SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :id");
+			$this->_admin_cache[$adminid] = Database::pexecute_first($stmt, array(
+				'id' => $adminid
+			));
 		}
 		return $this->_admin_cache[$adminid];
 	}
--- a/lib/classes/phpmailer/PHPMailerAutoload.php
+++ b/lib/classes/phpmailer/PHPMailerAutoload.php
@@ -1,49 +1,49 @@
 <?php
 /**
 * PHPMailer SPL autoloader.
- * PHP Version 5
- * @package PHPMailer
- * @link https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
- * @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
- * @author Jim Jagielski (jimjag) <jimjag@gmail.com>
- * @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
- * @author Brent R. Matzelle (original founder)
- * @copyright 2012 - 2014 Marcus Bointon
- * @copyright 2010 - 2012 Jim Jagielski
- * @copyright 2004 - 2009 Andy Prevost
- * @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
- * @note This program is distributed in the hope that it will be useful - WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.
- */
+* PHP Version 5
+* @package PHPMailer
+* @link https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
+* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
+* @author Jim Jagielski (jimjag) <jimjag@gmail.com>
+* @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
+* @author Brent R. Matzelle (original founder)
+* @copyright 2012 - 2014 Marcus Bointon
+* @copyright 2010 - 2012 Jim Jagielski
+* @copyright 2004 - 2009 Andy Prevost
+* @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
+* @note This program is distributed in the hope that it will be useful - WITHOUT
+* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+* FITNESS FOR A PARTICULAR PURPOSE.
+*/

 /**
 * PHPMailer SPL autoloader.
- * @param string $classname The name of the class to load
- */
+* @param string $classname The name of the class to load
+*/
 function PHPMailerAutoload($classname)
 {
-    //Can't use __DIR__ as it's only in PHP 5.3+
-    $filename = dirname(__FILE__).DIRECTORY_SEPARATOR.'class.'.strtolower($classname).'.php';
-    if (is_readable($filename)) {
-        require $filename;
-    }
+	//Can't use __DIR__ as it's only in PHP 5.3+
+	$filename = dirname(__FILE__).DIRECTORY_SEPARATOR.'class.'.strtolower($classname).'.php';
+	if (is_readable($filename)) {
+		require $filename;
+	}
 }

 if (version_compare(PHP_VERSION, '5.1.2', '>=')) {
-    //SPL autoloading was introduced in PHP 5.1.2
-    if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
-        spl_autoload_register('PHPMailerAutoload', true, true);
-    } else {
-        spl_autoload_register('PHPMailerAutoload');
-    }
+	//SPL autoloading was introduced in PHP 5.1.2
+	if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
+		spl_autoload_register('PHPMailerAutoload', true, true);
+	} else {
+		spl_autoload_register('PHPMailerAutoload');
+	}
 } else {
-    /**
-     * Fall back to traditional autoload for old PHP versions
-     * @param string $classname The name of the class to load
-     */
-    function __autoload($classname)
-    {
-        PHPMailerAutoload($classname);
-    }
+	/**
+	 * Fall back to traditional autoload for old PHP versions
+	 * @param string $classname The name of the class to load
+	 */
+	function __autoload($classname)
+	{
+		PHPMailerAutoload($classname);
+	}
 }
--- a/lib/classes/phpmailer/class.PHPMailer.php
+++ b/lib/classes/phpmailer/class.PHPMailer.php
--- a/lib/classes/phpmailer/class.SMTP.php
+++ b/lib/classes/phpmailer/class.SMTP.php
--- a/lib/classes/settings/class.SImExporter.php
+++ b/lib/classes/settings/class.SImExporter.php
@@ -0,0 +1,128 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2018 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <d00p@froxlor.org>
+ * @author     Froxlor team <team@froxlor.org> (2018-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Classes
+ *
+ * @since      0.9.39
+ *
+ */
+
+/**
+ * Class SImExporter
+ *
+ * Import/Export settings to JSON
+ *
+ * @copyright (c) the authors
+ * @author Michael Kaufmann <d00p@froxlor.org>
+ * @author Froxlor team <team@froxlor.org> (2018-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Classes
+ */
+class SImExporter
+{
+
+	/**
+	 * settings which are not being exported
+	 *
+	 * @var array
+	 */
+	private static $_no_export = [
+		'panel.adminmail',
+		'admin.show_news_feed',
+		'system.lastaccountnumber',
+		'system.lastguid',
+		'system.ipaddress',
+		'system.last_traffic_run',
+		'system.hostname',
+		'system.mysql_access_host',
+		'system.lastcronrun',
+		'system.defaultip',
+		'system.last_tasks_run',
+		'system.last_archive_run',
+		'system.leprivatekey',
+		'system.lepublickey'
+	];
+
+	public static function export()
+	{
+		$result_stmt = Database::query("
+			SELECT * FROM `" . TABLE_PANEL_SETTINGS . "` ORDER BY `settingid` ASC
+		");
+		$_data = array();
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			$index = $row['settinggroup'] . "." . $row['varname'];
+			if (! in_array($index, self::$_no_export)) {
+				$_data[$index] = $row['value'];
+			}
+		}
+		// add checksum for validation
+		$_data['_sha'] = sha1(var_export($_data, true));
+		$_export = json_encode($_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
+		if (! $_export) {
+			throw new Exception("Error exporting settings: " . json_last_error_msg());
+		}
+		return $_export;
+	}
+
+	public static function import($json_str = null)
+	{
+		// decode data
+		$_data = json_decode($json_str, true);
+		if ($_data) {
+			// get validity check data
+			$_sha = isset($_data['_sha']) ? $_data['_sha'] : false;
+			$_version = isset($_data['panel.version']) ? $_data['panel.version'] : false;
+			$_dbversion = isset($_data['panel.db_version']) ? $_data['panel.db_version'] : false;
+			// check if we have everything we need
+			if (! $_sha || ! $_version || ! $_dbversion) {
+				throw new Exception("Invalid froxlor settings data. Unable to import.");
+			}
+			// validate import file
+			unset($_data['_sha']);
+			// compare
+			if ($_sha != sha1(var_export($_data, true))) {
+				throw new Exception("SHA check of import data failed. Unable to import.");
+			}
+			// do not import version info - but we need that to possibily update settings
+			// when there were changes in the variable-name or similar
+			unset($_data['panel.version']);
+			unset($_data['panel.db_version']);
+			// validate we got ssl enabled ips when ssl is enabled
+			// otherwise deactivate it
+			if ($_data['system.use_ssl'] == 1) {
+				$result_ssl_ipsandports_stmt = Database::prepare("
+					SELECT COUNT(*) as count_ssl_ip FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='1'
+				");
+				$result = Database::pexecute_first($result_ssl_ipsandports_stmt);
+				if ($result['count_ssl_ip'] <= 0) {
+					// no ssl-ip -> deactivate
+					$_data['system.use_ssl'] = 0;
+					// deactivate other ssl-related settings
+					$_data['system.leenabled'] = 0;
+					$_data['system.le_froxlor_enabled'] = 0;
+					$_data['system.le_froxlor_redirect'] = 0;
+				}
+			}
+			// store new data
+			foreach ($_data as $index => $value) {
+				Settings::Set($index, $value);
+			}
+			// save to DB
+			Settings::Flush();
+			// all good
+			return true;
+		}
+		throw new Exception("Invalid JSON data: " . json_last_error_msg());
+	}
+}
--- a/lib/classes/settings/class.Settings.php
+++ b/lib/classes/settings/class.Settings.php
@@ -86,6 +86,7 @@ class Settings {
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			self::$_data[$row['settinggroup']][$row['varname']] = $row['value'];
 		}
+		return true;
 	}

 	/**
@@ -124,6 +125,23 @@ class Settings {
 		return $result;
 	}

+	/**
+	 * tests if a setting-value that i s a comma separated list contains an entry
+	 *
+	 * @param string $setting a group and a varname separated by a dot (group.varname)
+	 * @param string $entry the entry that is expected to be in the list
+	 *
+	 * @return boolean true, if the list contains $entry
+	 */
+	public function pIsInList($setting = null, $entry = null) {
+		$s=Settings::Get($setting);
+		if ($s==null) {
+			return false;
+		}
+		$slist = explode(",",$s);
+		return in_array($entry, $slist);
+	}
+
 	/**
 	 * update a setting / set a new value
 	 *
@@ -144,10 +162,16 @@ class Settings {
 			if ($instant_save) {
 				$this->_storeSetting($sstr[0], $sstr[1], $value);
 			} else {
-				if (!is_array(self::$_data[$sstr[0]])) {
+				// set temporary data for usage
+				if (!isset(self::$_data[$sstr[0]]) || !is_array(self::$_data[$sstr[0]])) {
 					self::$_data[$sstr[0]] = array();
 				}
 				self::$_data[$sstr[0]][$sstr[1]] = $value;
+				// set update-data when invoking Flush()
+				if (!isset(self::$_updatedata[$sstr[0]]) || !is_array(self::$_updatedata[$sstr[0]])) {
+					self::$_updatedata[$sstr[0]] = array();
+				}
+				self::$_updatedata[$sstr[0]][$sstr[1]] = $value;
 			}
 			return true;
 		}
@@ -206,8 +230,9 @@ class Settings {
 			// now empty the array
 			self::$_updatedata = array();
 			// re-read in all settings
-			$this->_readSettings();
+			return $this->_readSettings();
 		}
+		return false;
 	}

 	/**
--- a/lib/classes/ssl/class.lescript.php
+++ b/lib/classes/ssl/class.lescript.php
@@ -29,7 +29,7 @@
 class lescript
 {

-	public $license = 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf';
+	// https://letsencrypt.org/repository/

 	private $logger;

@@ -37,9 +37,18 @@ class lescript

 	private $accountKey;

-	public function __construct($logger)
+	private $customerid;
+
+	private $isFroxlorVhost;
+
+	private $isLeProduction;
+
+	private $version;
+
+	public function __construct($logger, $version = '1')
 	{
 		$this->logger = $logger;
+		$this->version = $version;
 		if (Settings::Get('system.letsencryptca') == 'production') {
 			$ca = 'https://acme-v01.api.letsencrypt.org';
 		} else {
@@ -49,44 +58,75 @@ class lescript
 		$this->log("Using '$ca' to generate certificate");
 	}

-	public function initAccount($certrow)
+	public function initAccount($certrow, $isFroxlorVhost = false)
 	{
 		// Let's see if we have the private accountkey
 		$this->accountKey = $certrow['leprivatekey'];
-		if (! $this->accountKey || $this->accountKey == 'unset' || Settings::Get('system.letsencryptca') != 'production') {
+		$this->customerId = (!$isFroxlorVhost ? $certrow['customerid'] : null);
+		$this->isFroxlorVhost = $isFroxlorVhost;
+		$this->isLeProduction = (Settings::Get('system.letsencryptca') == 'production');
+
+		$leregistered=$certrow['leregistered'];
+
+		if (! $this->accountKey || $this->accountKey == 'unset' || !$this->isLeProduction) {

 			// generate and save new private key for account
 			// ---------------------------------------------

-			$this->log('Starting new account registration');
+			$this->log('Creating new account key');
 			$keys = $this->generateKey();
 			// Only store the accountkey in production, in staging always generate a new key
-			if (Settings::Get('system.letsencryptca') == 'production') {
-				$upd_stmt = Database::prepare(
-					"UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private " .
-						 "WHERE `customerid` = :customerid;");
-				Database::pexecute($upd_stmt,
-					array(
+			if ($this->isLeProduction) {
+				if ($isFroxlorVhost) {
+					Settings::Set('system.lepublickey', $keys['public']);
+					Settings::Set('system.leprivatekey', $keys['private']);
+					Settings::Set('system.leregistered', 0); // key is not registered
+				} else {
+					$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private, `leregistered` = :registered WHERE `customerid` = :customerid;");
+					Database::pexecute($upd_stmt, array(
 						'public' => $keys['public'],
 						'private' => $keys['private'],
-						'customerid' => $certrow['customerid']
+						'registered' => 0,
+						'customerid' => $this->customerId
 					));
+				}
 			}
+			$leregistered=0;
 			$this->accountKey = $keys['private'];
-
-			$response = $this->postNewReg();
-			if ($this->client->getLastCode() != 201) {
-				throw new \RuntimeException("Account not initialized, probably due to rate limiting. Whole response: " . $response);
-			}
-
-			$this->postNewReg();
-			$this->log('New account certificate registered');
 		} else {
-
-			$this->log('Account already registered. Continuing.');
+			$this->log('Using existing account key');
 		}
+
+		if ($leregistered==0) { // Account not registered
+
+			$this->log('Starting new account registration');
+			$response = $this->postNewReg();
+			if ($this->client->getLastCode() == 409) {
+				$this->log('The key was already registered. Using existing account.');
+			} else if ($this->client->getLastCode() == 201) {
+				$this->log('New account registered.');
+			} else {
+				throw new \RuntimeException("Account not initialized, probably due to rate limiting. Whole response: " . json_encode($response));
+			}
+			$accountUrl=$this->client->getLastLocation();
+
+			$leregistered = 1;
+			$this->setLeRegisteredState($leregistered); // Account registered
+			$this->log('Lets encrypt Terms of Service accepted');
+		}
+
 	}

+	/**
+	 *
+	 * @param array $domains
+	 * @param string $domainkey
+	 * @param string $csr
+	 *        	optional, same behavior as $reuseCsr from the original class, but we're passing the content of the csr already
+	 *
+	 * @throws \RuntimeException
+	 * @return string[]
+	 */
 	public function signDomains(array $domains, $domainkey = null, $csr = null)
 	{
 		if (! $this->accountKey) {
@@ -108,20 +148,25 @@ class lescript

 			$this->log("Requesting challenge for $domain");

-			$response = $this->signedRequest("/acme/new-authz",
-				array(
-					"resource" => "new-authz",
-					"identifier" => array(
-						"type" => "dns",
-						"value" => $domain
-					)
-				));
+			$response = $this->signedRequest("/acme/new-authz", array(
+				"resource" => "new-authz",
+				"identifier" => array(
+					"type" => "dns",
+					"value" => $domain
+				)
+			));
+
+			if ($this->client->getLastCode() == 403) {
+				$this->log("Got status 403 - setting LE status to unregistered.");
+				$this->setLeRegisteredState(0);
+				throw new RuntimeException("Got 'unauthorized' response - we need to re-register at next run.  Whole response: " . json_encode($response));
+			}

 			// if response is not an array but a string, it's most likely a server-error, e.g.
 			// <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>An error occurred while processing your request.
 			// <p>Reference&#32;&#35;179&#46;d8be1402&#46;1458059103&#46;3613c4db</BODY></HTML>
 			if (! is_array($response)) {
-				throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . $response);
+				throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . json_encode($response));
 			}

 			if (! array_key_exists('challenges', $response)) {
@@ -129,12 +174,13 @@ class lescript
 			}

 			// choose http-01 challenge only
-			$challenge = array_reduce($response['challenges'],
-				function ($v, $w) {
-					return $v ? $v : ($w['type'] == 'http-01' ? $w : false);
-				});
-			if (! $challenge)
+			$challenge = array_reduce($response['challenges'], function ($v, $w) {
+				return $v ? $v : ($w['type'] == 'http-01' ? $w : false);
+			});
+
+			if (! $challenge) {
 				throw new RuntimeException("HTTP Challenge for $domain is not available. Whole response: " . json_encode($response));
+			}

 			$this->log("Got challenge token for $domain");
 			$location = $this->client->getLastLocation();
@@ -168,27 +214,29 @@ class lescript
 			$this->log("Token for $domain saved at $tokenPath and should be available at $uri");

 			// simple self check
-			if ($payload !== trim(@file_get_contents($uri))) {
-				$errmsg = json_encode(error_get_last());
-				if ($errmsg != "null") {
-					$errmsg = "; PHP error: " . $errmsg;
-				} else {
-					$errmsg = "";
+			if (Settings::Get('system.disable_le_selfcheck') == '0')
+			{
+				$selfcheckpayload = HttpClient::urlGet($uri, false);
+				if ($payload !== trim($selfcheckpayload)) {
+					$errmsg = json_encode(error_get_last());
+					if ($errmsg != "null") {
+						$errmsg = "; PHP error: " . $errmsg;
+					} else {
+						$errmsg = "";
+					}
+					$this->logger->logAction(CRON_ACTION, LOG_WARNING, "[Lets Encrypt self-check] Please check $uri - token seems to be not available. This is just a simple self-check, it might be wrong but consider using this information when Let's Encrypt fails to issue a certificate" . $errmsg);
 				}
-				@unlink($tokenPath);
-				throw new \RuntimeException("Please check $uri - token not available" . $errmsg);
 			}

 			$this->log("Sending request to challenge");

 			// send request to challenge
-			$result = $this->signedRequest($challenge['uri'],
-				array(
-					"resource" => "challenge",
-					"type" => "http-01",
-					"keyAuthorization" => $payload,
-					"token" => $challenge['token']
-				));
+			$result = $this->signedRequest($challenge['uri'], array(
+				"resource" => "challenge",
+				"type" => "http-01",
+				"keyAuthorization" => $payload,
+				"token" => $challenge['token']
+			));

 			// waiting loop
 			// we wait for a maximum of 30 seconds to avoid endless loops
@@ -227,7 +275,9 @@ class lescript

 		$this->client->getLastLinks();

-		$csr = $this->generateCSR($privateDomainKey, $domains);
+		if (empty($csr)) {
+			$csr = $this->generateCSR($privateDomainKey, $domains);
+		}

 		// request certificates creation
 		$result = $this->signedRequest("/acme/new-cert", array(
@@ -286,6 +336,21 @@ class lescript
 		);
 	}

+	private function setLeRegisteredState($state)
+	{
+		if ($this->isLeProduction) {
+			if ($this->isFroxlorVhost) {
+				Settings::Set('system.leregistered', $state);
+			} else {
+				$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `leregistered` = :registered WHERE `customerid` = :customerid;");
+				Database::pexecute($upd_stmt, array(
+					'registered' => $state,
+					'customerid' => $this->customerId
+				));
+			}
+		}
+	}
+
 	private function parsePemFromBody($body)
 	{
 		$pem = chunk_split(base64_encode($body), 64, "\n");
@@ -294,11 +359,16 @@ class lescript

 	private function postNewReg()
 	{
+		$this->log('Getting last terms of service URL');
+		$directory = $this->client->get('/directory');
+		if (!isset($directory['meta']) || !isset($directory['meta']['terms-of-service'])) {
+			throw new \RuntimeException("No terms of service link available!");
+		}
 		$this->log('Sending registration to letsencrypt server');

 		return $this->signedRequest('/acme/new-reg', array(
 			'resource' => 'new-reg',
-			'agreement' => $this->license
+			'agreement' => $directory['meta']['terms-of-service']
 		));
 	}

@@ -313,8 +383,7 @@ class lescript
 		$tmpConfPath = $tmpConfMeta["uri"];

 		// workaround to get SAN working
-		fwrite($tmpConf,
-			'HOME = .
+		fwrite($tmpConf, 'HOME = .
 RANDFILE = $ENV::HOME/.rnd
 [ req ]
 default_bits = ' . Settings::Get('system.letsencryptkeysize') . '
@@ -328,16 +397,15 @@ basicConstraints = CA:FALSE
 subjectAltName = ' . $san . '
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment');

-		$csr = openssl_csr_new(
-			array(
-				"CN" => $domain,
-				"ST" => Settings::Get('system.letsencryptstate'),
-				"C" => Settings::Get('system.letsencryptcountrycode'),
-				"O" => "Unknown"
-			), $privateKey, array(
-				"config" => $tmpConfPath,
-				"digest_alg" => "sha256"
-			));
+		$csr = openssl_csr_new(array(
+			"CN" => $domain,
+			"ST" => Settings::Get('system.letsencryptstate'),
+			"C" => Settings::Get('system.letsencryptcountrycode'),
+			"O" => "Unknown"
+		), $privateKey, array(
+			"config" => $tmpConfPath,
+			"digest_alg" => "sha256"
+		));

 		if (! $csr)
 			throw new \RuntimeException("CSR couldn't be generated! " . openssl_error_string());
@@ -352,11 +420,10 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment');

 	private function generateKey()
 	{
-		$res = openssl_pkey_new(
-			array(
-				"private_key_type" => OPENSSL_KEYTYPE_RSA,
-				"private_key_bits" => (int) Settings::Get('system.letsencryptkeysize')
-			));
+		$res = openssl_pkey_new(array(
+			"private_key_type" => OPENSSL_KEYTYPE_RSA,
+			"private_key_bits" => (int) Settings::Get('system.letsencryptkeysize')
+		));

 		if (! openssl_pkey_export($res, $privateKey)) {
 			throw new \RuntimeException("Key export failed!");
--- a/lib/classes/ssl/class.lescript_v2.php
+++ b/lib/classes/ssl/class.lescript_v2.php
@@ -0,0 +1,609 @@
+<?php
+
+// Copyright (c) 2015, Stanislav Humplik <sh@analogic.cz>
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+// * Neither the name of the <organization> nor the
+// names of its contributors may be used to endorse or promote products
+// derived from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
+// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// This file is copied from https://github.com/analogic/lescript
+// and modified to work without files and integrate in Froxlor
+class lescript_v2
+{
+
+	// https://letsencrypt.org/repository/
+	private $logger;
+
+	private $client;
+
+	private $accountKey;
+
+	private $customerid;
+
+	private $isFroxlorVhost;
+
+	private $isLeProduction;
+
+	private $version;
+
+	private $_req_uris = array();
+
+	private $_acc_location = null;
+
+	public function __construct($logger, $version = '2')
+	{
+		$this->logger = $logger;
+		$this->version = $version;
+		if (Settings::Get('system.letsencryptca') == 'production') {
+			$ca = 'https://acme-v02.api.letsencrypt.org';
+		} else {
+			$ca = 'https://acme-staging-v02.api.letsencrypt.org';
+		}
+		$this->client = new Client($ca);
+		$this->log("Using '$ca' to generate certificate");
+		
+		// get request-uris from /directory
+		$response = $this->client->get('/directory');
+		$this->_req_uris['newAccount'] = $response['newAccount'];
+		$this->_req_uris['newOrder'] = $response['newOrder'];
+		$this->_req_uris['newNonce'] = $response['newNonce'];
+		$this->_req_uris['revokeCert'] = $response['revokeCert'];
+	}
+
+	public function initAccount($certrow, $isFroxlorVhost = false)
+	{
+		// Let's see if we have the private accountkey
+		$this->accountKey = $certrow['leprivatekey'];
+		$this->customerId = (! $isFroxlorVhost ? $certrow['customerid'] : null);
+		$this->isFroxlorVhost = $isFroxlorVhost;
+		$this->isLeProduction = (Settings::Get('system.letsencryptca') == 'production');
+		$this->_acc_location = $certrow['leaccount'];
+		
+		$leregistered = $certrow['leregistered'];
+		
+		if (! $this->accountKey || $this->accountKey == 'unset' || ! $this->isLeProduction) {
+			
+			// generate and save new private key for account
+			// ---------------------------------------------
+			
+			$this->log('Creating new account key');
+			$keys = $this->generateKey();
+			// Only store the accountkey in production, in staging always generate a new key
+			if ($this->isLeProduction) {
+				if ($isFroxlorVhost) {
+					Settings::Set('system.lepublickey', $keys['public']);
+					Settings::Set('system.leprivatekey', $keys['private']);
+					Settings::Set('system.leregistered', 0); // key is not registered
+				} else {
+					$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private, `leregistered` = :registered WHERE `customerid` = :customerid;");
+					Database::pexecute($upd_stmt, array(
+						'public' => $keys['public'],
+						'private' => $keys['private'],
+						'registered' => 0,
+						'customerid' => $this->customerId
+					));
+				}
+			}
+			$leregistered = 0;
+			$this->accountKey = $keys['private'];
+		} else {
+			$this->log('Using existing account key');
+		}
+		
+		if ($leregistered == 0) { // Account not registered
+			
+			$this->log('Starting new account registration');
+			$response = $this->postNewReg();
+			if ($this->client->getLastCode() == 409) {
+				$this->log('The key was already registered. Using existing account.');
+			} else if ($this->client->getLastCode() == 201) {
+				$this->log('New account registered.');
+			} else {
+				throw new \RuntimeException("Account not initialized, probably due to rate limiting. Whole response: " . json_encode($response));
+			}
+			$this->_acc_location = $this->client->getLastLocation();
+			
+			$leregistered = 1;
+			$this->setLeRegisteredState($leregistered);
+		}
+	}
+
+	/**
+	 *
+	 * @param array $domains
+	 * @param string $domainkey
+	 * @param string $csr
+	 *        	optional, same behavior as $reuseCsr from the original class, but we're passing the content of the csr already
+	 *        	
+	 * @throws \RuntimeException
+	 * @return string[]
+	 */
+	public function signDomains(array $domains, $domainkey = null, $csr = null)
+	{
+		if (! $this->accountKey) {
+			throw new \RuntimeException("Account not initialized");
+		}
+		
+		$this->log('Starting certificate generation process for domains');
+		
+		$privateAccountKey = openssl_pkey_get_private($this->accountKey);
+		$accountKeyDetails = openssl_pkey_get_details($privateAccountKey);
+		
+		// start domains authentication
+		// ----------------------------
+
+		// Prepare order
+		$domains_in_order = array();
+		foreach ($domains as $domain) {
+			$domains_in_order []= array(
+				"type" => "dns",
+				"value" => $domain
+			);
+		}
+
+		// Send new-order request
+		$response = $this->signedRequest($this->_req_uris['newOrder'], array(
+			"identifiers" => $domains_in_order
+		), false);
+		
+		if ($this->client->getLastCode() == 403) {
+			$this->log("Got status 403 - setting LE status to unregistered.");
+			$this->_acc_location = '';
+			$this->setLeRegisteredState(0);
+			throw new RuntimeException("Got 'unauthorized' response - we need to re-register at next run.  Whole response: " . json_encode($response));
+		}
+		
+		// if response is not an array but a string, it's most likely a server-error, e.g.
+		// <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>An error occurred while processing your request.
+		// <p>Reference&#32;&#35;179&#46;d8be1402&#46;1458059103&#46;3613c4db</BODY></HTML>
+		if (! is_array($response)) {
+			throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . json_encode($response));
+		}
+		
+		if (! array_key_exists('authorizations', $response)) {
+			throw new RuntimeException("No authorizations received for $domain. Whole response: " . json_encode($response));
+		}
+
+		$authorizations = $response['authorizations'];
+		$finalizeLink = $response['finalize'];
+
+		$i = 0;
+		
+		foreach ($authorizations as $authorization) {
+			
+			// 1. getting available authentication options
+			// -------------------------------------------
+
+			$domain = $response['identifiers'][$i++]['value'];
+			
+			$this->log("Requesting challenge for $domain");
+			
+			// get authorization
+			$auth_response = $this->client->get($authorization);
+			
+			if (! array_key_exists('challenges', $auth_response)) {
+				throw new RuntimeException("No challenges received for $domain. Whole response: " . json_encode($auth_response));
+			}
+			
+			// choose http-01 challenge only
+			$challenge = array_reduce($auth_response['challenges'], function ($v, $w) {
+				return $v ? $v : ($w['type'] == 'http-01' ? $w : false);
+			});
+			
+			if (! $challenge) {
+				throw new RuntimeException("HTTP Challenge for $domain is not available. Whole response: " . json_encode($response));
+			}
+			
+			$this->log("Got challenge token for $domain");
+			$location = $challenge['url'];
+			
+			// 2. saving authentication token for web verification
+			// ---------------------------------------------------
+			
+			$directory = Settings::Get('system.letsencryptchallengepath') . '/.well-known/acme-challenge';
+			$tokenPath = $directory . '/' . $challenge['token'];
+			
+			if (! file_exists($directory) && ! @mkdir($directory, 0755, true)) {
+				throw new \RuntimeException("Couldn't create directory to expose challenge: ${tokenPath}");
+			}
+			
+			$header = array(
+				// need to be in precise order!
+				"e" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["e"]),
+				"kty" => "RSA",
+				"n" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["n"])
+			);
+			$payload = $challenge['token'] . '.' . Base64UrlSafeEncoder::encode(hash('sha256', json_encode($header), true));
+			
+			file_put_contents($tokenPath, $payload);
+			chmod($tokenPath, 0644);
+			
+			// 3. verification process itself
+			// -------------------------------
+			
+			$uri = "http://${domain}/.well-known/acme-challenge/${challenge['token']}";
+			
+			$this->log("Token for $domain saved at $tokenPath and should be available at $uri");
+			
+			// simple self check
+			if (Settings::Get('system.disable_le_selfcheck') == '0') {
+				$selfcheckpayload = HttpClient::urlGet($uri, false);
+				if ($payload !== trim($selfcheckpayload)) {
+					$errmsg = json_encode(error_get_last());
+					if ($errmsg != "null") {
+						$errmsg = "; PHP error: " . $errmsg;
+					} else {
+						$errmsg = "";
+					}
+					$this->logger->logAction(CRON_ACTION, LOG_WARNING, "[Lets Encrypt self-check] Please check $uri - token seems to be not available. This is just a simple self-check, it might be wrong but consider using this information when Let's Encrypt fails to issue a certificate" . $errmsg);
+				}
+			}
+			
+			$this->log("Sending request to challenge");
+			
+			// send request to challenge
+			$result = $this->signedRequest($challenge['url'], array(
+				"type" => "http-01",
+				"keyAuthorization" => $payload,
+				"token" => $challenge['token']
+			), false);
+			
+			// waiting loop
+			// we wait for a maximum of 30 seconds to avoid endless loops
+			$count = 0;
+			do {
+				if (empty($result['status']) || $result['status'] == "invalid") {
+					@unlink($tokenPath);
+					throw new \RuntimeException("Verification ended with error: " . json_encode($result));
+				}
+				$ended = ! ($result['status'] === "pending" || $result['status'] === "processing");
+				
+				if (! $ended) {
+					$this->log("Verification " . $result['status'] . ", sleeping 1s");
+					sleep(1);
+					$count ++;
+				}
+				
+				$result = $this->client->get($location);
+			} while (! $ended && $count < 30);
+			
+			$this->log("Verification ended with status: ${result['status']}");
+			@unlink($tokenPath);
+		}
+		
+		// requesting certificate
+		// ----------------------
+		
+		// generate private key for domain if not exist
+		if (empty($domainkey) || Settings::Get('system.letsencryptreuseold') == 0) {
+			$keys = $this->generateKey();
+			$domainkey = $keys['private'];
+		}
+		
+		// load domain key
+		$privateDomainKey = openssl_pkey_get_private($domainkey);
+		
+		if (empty($csr)) {
+			$csr = $this->generateCSR($privateDomainKey, $domains);
+		}
+		
+		// request certificates creation
+		$result = $this->signedRequest($finalizeLink, array(
+			'csr' => $csr
+		), false);
+		if ($this->client->getLastCode() !== 200) {
+			throw new \RuntimeException("Invalid response code: " . $this->client->getLastCode() . ", " . json_encode($result));
+		}
+		if (! isset($result['certificate'])) {
+			throw new \RuntimeException("No certificate URL specified in result");
+		}
+		
+		$certificates = array();
+		$certdata = $this->client->get($result['certificate']);
+		$this->log("Got certificate! YAY!");
+		$certificates[] = $certdata;
+		foreach ($this->client->getLastLinks() as $link) {
+			$this->log("Requesting chained cert at $link");
+			$result = $this->client->get($link);
+			$certificates[] = $result;
+		}
+		
+		if (empty($certificates))
+			throw new \RuntimeException('No certificates generated');
+		
+		$fullchain = implode("\n", $certificates);
+		$crt = array_shift($certificates);
+		$chain = implode("\n", $certificates);
+		
+		$this->log("Done, returning new certificates and key");
+		return array(
+			'fullchain' => $fullchain,
+			'crt' => $crt,
+			'chain' => $chain,
+			'key' => $domainkey,
+			'csr' => $csr
+		);
+	}
+
+	private function setLeRegisteredState($state)
+	{
+		if ($this->isLeProduction) {
+			if ($this->isFroxlorVhost) {
+				Settings::Set('system.leregistered', $state);
+				Settings::Set('system.leaccount', $this->_acc_location);
+			} else {
+				$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `leregistered` = :registered, `leaccount` = :kid WHERE `customerid` = :customerid;");
+				Database::pexecute($upd_stmt, array(
+					'registered' => $state,
+					'kid' => $this->_acc_location,
+					'customerid' => $this->customerId
+				));
+			}
+		}
+	}
+
+	private function parsePemFromBody($body)
+	{
+		$pem = chunk_split(base64_encode($body), 64, "\n");
+		return "-----BEGIN CERTIFICATE-----\n" . $pem . "-----END CERTIFICATE-----\n";
+	}
+
+	private function postNewReg()
+	{
+		$this->log('Getting last terms of service URL');
+		$directory = $this->client->get('/directory');
+		if (! isset($directory['meta']) || ! isset($directory['meta']['termsOfService'])) {
+			throw new \RuntimeException("No terms of service link available!");
+		}
+		$this->log('Sending registration to letsencrypt server');
+		
+		return $this->signedRequest($this->_req_uris['newAccount'], array(
+			'termsOfServiceAgreed' => true
+		));
+	}
+
+	private function generateCSR($privateKey, array $domains)
+	{
+		$domain = reset($domains);
+		$san = implode(",", array_map(function ($dns) {
+			return "DNS:" . $dns;
+		}, $domains));
+		$tmpConf = tmpfile();
+		$tmpConfMeta = stream_get_meta_data($tmpConf);
+		$tmpConfPath = $tmpConfMeta["uri"];
+		
+		// workaround to get SAN working
+		fwrite($tmpConf, 'HOME = .
+RANDFILE = $ENV::HOME/.rnd
+[ req ]
+default_bits = ' . Settings::Get('system.letsencryptkeysize') . '
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+[ v3_req ]
+basicConstraints = CA:FALSE
+subjectAltName = ' . $san . '
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment');
+		
+		$csr = openssl_csr_new(array(
+			"CN" => $domain,
+			"ST" => Settings::Get('system.letsencryptstate'),
+			"C" => Settings::Get('system.letsencryptcountrycode'),
+			"O" => "Unknown"
+		), $privateKey, array(
+			"config" => $tmpConfPath,
+			"digest_alg" => "sha256"
+		));
+		
+		if (! $csr)
+			throw new \RuntimeException("CSR couldn't be generated! " . openssl_error_string());
+		
+		openssl_csr_export($csr, $csr);
+		fclose($tmpConf);
+		
+		preg_match('~REQUEST-----(.*)-----END~s', $csr, $matches);
+		
+		return trim(Base64UrlSafeEncoder::encode(base64_decode($matches[1])));
+	}
+
+	private function generateKey()
+	{
+		$res = openssl_pkey_new(array(
+			"private_key_type" => OPENSSL_KEYTYPE_RSA,
+			"private_key_bits" => (int) Settings::Get('system.letsencryptkeysize')
+		));
+		
+		if (! openssl_pkey_export($res, $privateKey)) {
+			throw new \RuntimeException("Key export failed!");
+		}
+		
+		$details = openssl_pkey_get_details($res);
+		
+		return array(
+			'private' => $privateKey,
+			'public' => $details['key']
+		);
+	}
+
+	private function signedRequest($uri, array $payload, $needs_jwk = true)
+	{
+		$privateKey = openssl_pkey_get_private($this->accountKey);
+		$details = openssl_pkey_get_details($privateKey);
+		
+		$header = array(
+			"alg" => "RS256"
+		);
+		
+		if ($needs_jwk) {
+			$header["jwk"] = array(
+				"kty" => "RSA",
+				"n" => Base64UrlSafeEncoder::encode($details["rsa"]["n"]),
+				"e" => Base64UrlSafeEncoder::encode($details["rsa"]["e"])
+			);
+		} else {
+			// need account-url
+			$header["kid"] = $this->_acc_location;
+		}
+		
+		$protected = $header;
+		$protected["nonce"] = $this->client->getLastNonce();
+		$protected["url"] = $uri;
+		
+		$payload64 = Base64UrlSafeEncoder::encode(json_encode($payload, JSON_UNESCAPED_SLASHES));
+		$protected64 = Base64UrlSafeEncoder::encode(json_encode($protected));
+		
+		openssl_sign($protected64 . '.' . $payload64, $signed, $privateKey, "SHA256");
+		
+		$signed64 = Base64UrlSafeEncoder::encode($signed);
+		
+		$data = array(
+			'protected' => $protected64,
+			'payload' => $payload64,
+			'signature' => $signed64
+		);
+		
+		$this->log("Sending signed request to $uri");
+		return $this->client->post($uri, json_encode($data));
+	}
+
+	protected function log($message)
+	{
+		$this->logger->logAction(CRON_ACTION, LOG_INFO, "letsencrypt-v2 " . $message);
+	}
+}
+
+class Client
+{
+
+	private $lastCode;
+
+	public $lastHeader;
+
+	private $base;
+
+	public function __construct($base)
+	{
+		$this->base = $base;
+	}
+
+	private function curl($method, $url, $data = null)
+	{
+		$headers = array(
+			'Accept: application/jose+json',
+			'Content-Type: application/jose+json'
+		);
+		$handle = curl_init();
+		curl_setopt($handle, CURLOPT_URL, preg_match('~^http~', $url) ? $url : $this->base . $url);
+		curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
+		curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($handle, CURLOPT_HEADER, true);
+		
+		// DO NOT DO THAT!
+		// curl_setopt($handle, CURLOPT_SSL_VERIFYHOST, false);
+		// curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, false);
+		
+		switch ($method) {
+			case 'GET':
+				break;
+			case 'POST':
+				curl_setopt($handle, CURLOPT_POST, true);
+				curl_setopt($handle, CURLOPT_POSTFIELDS, $data);
+				break;
+		}
+		$response = curl_exec($handle);
+		
+		if (curl_errno($handle)) {
+			throw new \RuntimeException('Curl: ' . curl_error($handle));
+		}
+		
+		$header_size = curl_getinfo($handle, CURLINFO_HEADER_SIZE);
+		
+		$header = substr($response, 0, $header_size);
+		$body = substr($response, $header_size);
+		
+		$this->lastHeader = $header;
+		$this->lastCode = curl_getinfo($handle, CURLINFO_HTTP_CODE);
+		
+		$data = json_decode($body, true);
+		return $data === null ? $body : $data;
+	}
+
+	public function post($url, $data)
+	{
+		return $this->curl('POST', $url, $data);
+	}
+
+	public function get($url)
+	{
+		return $this->curl('GET', $url);
+	}
+
+	public function getLastNonce()
+	{
+		if (preg_match('~Replay\-Nonce: (.+)~i', $this->lastHeader, $matches)) {
+			return trim($matches[1]);
+		}
+		
+		$this->curl('GET', '/acme/new-nonce');
+		return $this->getLastNonce();
+	}
+
+	public function getLastLocation()
+	{
+		if (preg_match('~Location: (.+)~i', $this->lastHeader, $matches)) {
+			return trim($matches[1]);
+		}
+		return null;
+	}
+
+	public function getLastCode()
+	{
+		return $this->lastCode;
+	}
+
+	public function getLastLinks()
+	{
+		preg_match_all('~Link: <(.+)>;rel="up"~', $this->lastHeader, $matches);
+		return $matches[1];
+	}
+}
+
+class Base64UrlSafeEncoder
+{
+
+	public static function encode($input)
+	{
+		return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
+	}
+
+	public static function decode($input)
+	{
+		$remainder = strlen($input) % 4;
+		if ($remainder) {
+			$padlen = 4 - $remainder;
+			$input .= str_repeat('=', $padlen);
+		}
+		return base64_decode(strtr($input, '-_', '+/'));
+	}
+}
--- a/lib/classes/ticket/class.ticket.php
+++ b/lib/classes/ticket/class.ticket.php
@@ -19,46 +19,53 @@
 *
 * Support Tickets - Tickets-Class
 */
-
-class ticket {
+class ticket
+{

 	/**
 	 * Userinfo
+	 *
 	 * @var array
 	 */
 	private $userinfo = array();

 	/**
 	 * Ticket ID
-	 * @var tid
+	 *
+	 * @var int
 	 */
 	private $tid = - 1;

 	/**
 	 * Ticket Data Array
-	 * @var t_data
+	 *
+	 * @var array
 	 */
 	private $t_data = array();

 	/**
 	 * Ticket-Object-Array
-	 * @var tickets
+	 *
+	 * @var ticket[]
 	 */
-	static private $tickets = array();
+	private static $tickets = array();

 	/**
 	 * Class constructor.
 	 *
-	 * @param array userinfo
-	 * @param int ticket id
+	 * @param
+	 *        	array userinfo
+	 * @param
+	 *        	int ticket id
 	 */
-	private function __construct($userinfo, $tid = - 1) {
+	private function __construct($userinfo, $tid = - 1)
+	{
 		$this->userinfo = $userinfo;
 		$this->tid = $tid;
-
+		
 		// initialize data array
 		$this->initData();
-
+		
 		// read data from database
 		$this->readData();
 	}
@@ -66,21 +73,24 @@ class ticket {
 	/**
 	 * Singleton ftw ;-)
 	 *
-	 * @param array userinfo
-	 * @param int ticket id
+	 * @param
+	 *        	array userinfo
+	 * @param
+	 *        	int ticket id
 	 */
-	static public function getInstanceOf($_usernfo, $_tid) {
-		if (!isset(self::$tickets[$_tid])) {
-			self::$tickets[$_tid] = new ticket($_usernfo, $_tid);
+	static public function getInstanceOf($_usernfo, $_tid)
+	{
+		if (! isset(self::$tickets[$_tid . '-' . $_usernfo['userid']])) {
+			self::$tickets[$_tid . '-' . $_usernfo['userid']] = new ticket($_usernfo, $_tid);
 		}
-		return self::$tickets[$_tid];
+		return self::$tickets[$_tid . '-' . $_usernfo['userid']];
 	}

 	/**
 	 * Initialize data-array
 	 */
-	private function initData() {
-
+	private function initData()
+	{
 		$this->Set('customer', 0, true, true);
 		$this->Set('admin', 1, true, true);
 		$this->Set('subject', '', true, true);
@@ -100,16 +110,33 @@ class ticket {
 	/**
 	 * Read ticket data from database.
 	 */
-	private function readData() {
-
-		if (isset($this->tid)
-			&& $this->tid != - 1
-		) {
-			$_ticket_stmt = Database::prepare('
-				SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid'
-			);
-			$_ticket = Database::pexecute_first($_ticket_stmt, array('tid' => $this->tid));
-
+	private function readData()
+	{
+		if (isset($this->tid) && $this->tid != - 1) {
+			
+			if ($this->userinfo['customerid'] > 0) {
+				$_ticket_stmt = Database::prepare('
+					SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid AND `customerid` = :cid');
+				$tdata = array(
+					'tid' => $this->tid,
+					'cid' => $this->userinfo['customerid']
+				);
+			} else {
+				$_ticket_stmt = Database::prepare('
+					SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid' . ($this->userinfo['customers_see_all'] ? '' : ' AND `adminid` = :adminid'));
+				$tdata = array(
+					'tid' => $this->tid
+				);
+				if ($this->userinfo['customers_see_all'] != '1') {
+					$tdata['adminid'] = $this->userinfo['adminid'];
+				}
+			}
+			$_ticket = Database::pexecute_first($_ticket_stmt, $tdata);
+			
+			if ($_ticket == false) {
+				throw new Exception("Invalid ticket id");
+			}
+			
 			$this->Set('customer', $_ticket['customerid'], true, false);
 			$this->Set('admin', $_ticket['adminid'], true, false);
 			$this->Set('subject', $_ticket['subject'], true, false);
@@ -130,8 +157,8 @@ class ticket {
 	/**
 	 * Insert data to database
 	 */
-	public function Insert() {
-
+	public function Insert()
+	{
 		$ins_stmt = Database::prepare("
 			INSERT INTO `" . TABLE_PANEL_TICKETS . "` SET
                `customerid` = :customerid,
@@ -146,8 +173,7 @@ class ticket {
                `status` = :status,
                `lastreplier` = :lastreplier,
                `by` = :by,
-                `answerto` = :answerto"
-		);
+                `answerto` = :answerto");
 		$ins_data = array(
 			'customerid' => $this->Get('customer'),
 			'adminid' => $this->Get('admin'),
@@ -171,8 +197,9 @@ class ticket {
 	/**
 	 * Update data in database
 	 */
-	public function Update() {
-
+	public function Update()
+	{
+		
 		// Update "main" ticket
 		$upd_stmt = Database::prepare('
 			UPDATE `' . TABLE_PANEL_TICKETS . '` SET
@@ -180,8 +207,7 @@ class ticket {
                `lastchange` = :lastchange,
                `status` = :status,
                `lastreplier` = :lastreplier
-                WHERE `id` = :tid'
-		);
+                WHERE `id` = :tid');
 		$upd_data = array(
 			'priority' => $this->Get('priority'),
 			'lastchange' => $this->Get('lastchange'),
@@ -196,38 +222,44 @@ class ticket {
 	/**
 	 * Moves a ticket to the archive
 	 */
-	public function Archive() {
-
+	public function Archive()
+	{
+		
 		// Update "main" ticket
 		$upd_stmt = Database::prepare('
-			UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `id` = :tid'
-		);
-		Database::pexecute($upd_stmt, array('tid' => $this->tid));
-
+			UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `id` = :tid');
+		Database::pexecute($upd_stmt, array(
+			'tid' => $this->tid
+		));
+		
 		// Update "answers" to ticket
 		$upd_stmt = Database::prepare('
-			UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `answerto` = :tid'
-		);
-		Database::pexecute($upd_stmt, array('tid' => $this->tid));
+			UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `answerto` = :tid');
+		Database::pexecute($upd_stmt, array(
+			'tid' => $this->tid
+		));
 		return true;
 	}

 	/**
 	 * Remove ticket from database
 	 */
-	public function Delete() {
-
+	public function Delete()
+	{
+		
 		// Delete "main" ticket
 		$del_stmt = Database::prepare('
-			DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid'
-		);
-		Database::pexecute($del_stmt, array('tid' => $this->tid));
-
+			DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid');
+		Database::pexecute($del_stmt, array(
+			'tid' => $this->tid
+		));
+		
 		// Delete "answers" to ticket"
 		$del_stmt = Database::prepare('
-			DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto` = :tid'
-		);
-		Database::pexecute($del_stmt, array('tid' => $this->tid));
+			DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto` = :tid');
+		Database::pexecute($del_stmt, array(
+			'tid' => $this->tid
+		));
 		return true;
 	}

@@ -237,16 +269,17 @@ class ticket {
 	public function sendMail($customerid = - 1, $template_subject = null, $default_subject = null, $template_body = null, $default_body = null)
 	{
 		global $mail, $theme;
-
+		
 		// Some checks are to be made here in the future
 		if ($customerid != - 1) {
 			// Get e-mail message for customer
 			$usr_stmt = Database::prepare('
 				SELECT `name`, `firstname`, `company`, `email`
-				FROM `' . TABLE_PANEL_CUSTOMERS . '` WHERE `customerid` = :customerid'
-			);
-			$usr = Database::pexecute_first($usr_stmt, array('customerid' => $customerid));
-
+				FROM `' . TABLE_PANEL_CUSTOMERS . '` WHERE `customerid` = :customerid');
+			$usr = Database::pexecute_first($usr_stmt, array(
+				'customerid' => $customerid
+			));
+			
 			$replace_arr = array(
 				'FIRSTNAME' => $usr['firstname'],
 				'NAME' => $usr['name'],
@@ -268,23 +301,21 @@ class ticket {
 			SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
 			WHERE `adminid`= :adminid
 			AND `language`= :lang
-			AND `templategroup`= 'mails' AND `varname`= :tplsubject"
-		);
+			AND `templategroup`= 'mails' AND `varname`= :tplsubject");
 		$result = Database::pexecute_first($result_stmt, $tpl_seldata);
 		$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $default_subject), $replace_arr));
-
+		
 		unset($tpl_seldata['tplsubject']);
 		$tpl_seldata['tplmailbody'] = $template_body;
-
+		
 		$result_stmt = Database::prepare("
 			SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
 			WHERE `adminid`= :adminid
 			AND `language`= :lang
-			AND `templategroup`= 'mails' AND `varname`= :tplmailbody"
-		);
+			AND `templategroup`= 'mails' AND `varname`= :tplmailbody");
 		$result = Database::pexecute_first($result_stmt, $tpl_seldata);
 		$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $default_body), $replace_arr));
-
+		
 		if ($customerid != - 1) {
 			$_mailerror = false;
 			try {
@@ -294,28 +325,30 @@ class ticket {
 				$mail->MsgHTML(str_replace("\n", "<br />", $mail_body));
 				$mail->AddAddress($usr['email'], $usr['firstname'] . ' ' . $usr['name']);
 				$mail->Send();
-			} catch(phpmailerException $e) {
+			} catch (phpmailerException $e) {
 				$mailerr_msg = $e->errorMessage();
 				$_mailerror = true;
 			} catch (Exception $e) {
 				$mailerr_msg = $e->getMessage();
 				$_mailerror = true;
 			}
-
+			
 			if ($_mailerror) {
-				$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'ticket_class'));
+				$rstlog = FroxlorLogger::getInstanceOf(array(
+					'loginname' => 'ticket_class'
+				));
 				$rstlog->logAction(ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
 				standard_error('errorsendingmail', $usr['email']);
 			}
 			$mail->ClearAddresses();
-
 		} else {
-
+			
 			$admin_stmt = Database::prepare("
 				SELECT `name`, `email` FROM `" . TABLE_PANEL_ADMINS . "`
-				WHERE `adminid` = :adminid"
-			);
-			$admin = Database::pexecute_first($admin_stmt, array('adminid' => $this->userinfo['adminid']));
+				WHERE `adminid` = :adminid");
+			$admin = Database::pexecute_first($admin_stmt, array(
+				'adminid' => $this->userinfo['adminid']
+			));
 			$_mailerror = false;
 			try {
 				$mail->SetFrom(Settings::Get('ticket.noreply_email'), Settings::Get('ticket.noreply_name'));
@@ -324,20 +357,22 @@ class ticket {
 				$mail->MsgHTML(str_replace("\n", "<br />", $mail_body));
 				$mail->AddAddress($admin['email'], $admin['name']);
 				$mail->Send();
-			} catch(phpmailerException $e) {
+			} catch (phpmailerException $e) {
 				$mailerr_msg = $e->errorMessage();
 				$_mailerror = true;
 			} catch (Exception $e) {
 				$mailerr_msg = $e->getMessage();
 				$_mailerror = true;
 			}
-
+			
 			if ($_mailerror) {
-				$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'ticket_class'));
+				$rstlog = FroxlorLogger::getInstanceOf(array(
+					'loginname' => 'ticket_class'
+				));
 				$rstlog->logAction(ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
 				standard_error('errorsendingmail', $admin['email']);
 			}
-
+			
 			$mail->ClearAddresses();
 		}
 	}
@@ -345,21 +380,18 @@ class ticket {
 	/**
 	 * Add a support-categories
 	 */
-	static public function addCategory($_category = null, $_admin = 1, $_order = 1) {
-
-		if ($_category != null
-			&& $_category != ''
-		) {
+	static public function addCategory($_category = null, $_admin = 1, $_order = 1)
+	{
+		if ($_category != null && $_category != '') {
 			if ($_order < 1) {
 				$_order = 1;
 			}
-
+			
 			$ins_stmt = Database::prepare("
 				INSERT INTO `" . TABLE_PANEL_TICKET_CATS . "` SET
 					`name` = :name,
 					`adminid` = :adminid,
-					`logicalorder` = :lo"
-			);
+					`logicalorder` = :lo");
 			$ins_data = array(
 				'name' => $_category,
 				'adminid' => $_admin,
@@ -374,23 +406,24 @@ class ticket {
 	/**
 	 * Edit a support-categories
 	 */
-	static public function editCategory($_category = null, $_id = 0, $_order = 1) {
-
-		if ($_category != null
-			&& $_category != ''
-			&& $_id != 0
-		) {
+	static public function editCategory($_category = null, $_id = 0, $_order = 1)
+	{
+		if ($_category != null && $_category != '' && $_id != 0) {
 			if ($_order < 1) {
 				$_order = 1;
 			}
-
+			
 			$upd_stmt = Database::prepare("
 				UPDATE `" . TABLE_PANEL_TICKET_CATS . "` SET
 					`name` = :name,
 					`logicalorder` = :lo
                  WHERE `id` = :id
 			");
-			Database::pexecute($upd_stmt, array('name' => $_category, 'lo' => $_order, 'id' => $_id));
+			Database::pexecute($upd_stmt, array(
+				'name' => $_category,
+				'lo' => $_order,
+				'id' => $_id
+			));
 			return true;
 		}
 		return false;
@@ -399,40 +432,43 @@ class ticket {
 	/**
 	 * Delete a support-categories
 	 */
-	static public function deleteCategory($_id = 0) {
-
+	static public function deleteCategory($_id = 0)
+	{
 		if ($_id != 0) {
-
+			
 			$result_stmt = Database::prepare("
 				SELECT COUNT(`id`) as `numtickets` FROM `" . TABLE_PANEL_TICKETS . "`
-				WHERE `category` = :cat"
-			);
-			$result = Database::pexecute_first($result_stmt, array('cat' => $_id));
-
+				WHERE `category` = :cat");
+			$result = Database::pexecute_first($result_stmt, array(
+				'cat' => $_id
+			));
+			
 			if ($result['numtickets'] == "0") {
 				$del_stmt = Database::prepare("
-					DELETE FROM `" . TABLE_PANEL_TICKET_CATS . "` WHERE `id` = :id"
-				);
-				Database::pexecute($del_stmt, array('id' => $_id));
+					DELETE FROM `" . TABLE_PANEL_TICKET_CATS . "` WHERE `id` = :id");
+				Database::pexecute($del_stmt, array(
+					'id' => $_id
+				));
 				return true;
 			} else {
 				return false;
 			}
 		}
-
+		
 		return false;
 	}

 	/**
 	 * Return a support-category-name
 	 */
-	static public function getCategoryName($_id = 0) {
-
+	static public function getCategoryName($_id = 0)
+	{
 		if ($_id != 0) {
 			$stmt = Database::prepare("
-				SELECT `name` FROM `" . TABLE_PANEL_TICKET_CATS . "` WHERE `id` = :id"
-			);
-			$category = Database::pexecute_first($stmt, array('id' => $_id));
+				SELECT `name` FROM `" . TABLE_PANEL_TICKET_CATS . "` WHERE `id` = :id");
+			$category = Database::pexecute_first($stmt, array(
+				'id' => $_id
+			));
 			return $category['name'];
 		}
 		return null;
@@ -440,32 +476,33 @@ class ticket {

 	/**
 	 * get the highest order number
-	 * 
-	 * @param object $_uid admin-id (optional)
-	 * 
+	 *
+	 * @param object $_uid
+	 *        	admin-id (optional)
+	 *        	
 	 * @return int highest order number
 	 */
-	static public function getHighestOrderNumber($_uid = 0) {
-
+	static public function getHighestOrderNumber($_uid = 0)
+	{
 		$where = '';
 		$sel_data = array();
 		if ($_uid > 0) {
 			$where = " WHERE `adminid` = :adminid";
 			$sel_data['adminid'] = $_uid;
 		}
-		$sql = "SELECT MAX(`logicalorder`) as `highestorder` FROM `" . TABLE_PANEL_TICKET_CATS . "`".$where.";";
+		$sql = "SELECT MAX(`logicalorder`) as `highestorder` FROM `" . TABLE_PANEL_TICKET_CATS . "`" . $where . ";";
 		$result_stmt = Database::prepare($sql);
 		$result = Database::pexecute_first($result_stmt, $sel_data);
-		return (isset($result['highestorder']) ? (int)$result['highestorder'] : 0);
+		return (isset($result['highestorder']) ? (int) $result['highestorder'] : 0);
 	}

 	/**
 	 * returns the last x archived tickets
 	 */
-	static public function getLastArchived($_num = 10, $_admin = 1) {
-
+	static public function getLastArchived($_num = 10, $_admin = 1)
+	{
 		if ($_num > 0) {
-
+			
 			$archived = array();
 			$counter = 0;
 			$result_stmt = Database::prepare("
@@ -477,12 +514,13 @@ class ticket {
 				FROM `" . TABLE_PANEL_TICKETS . "` `main`
 				WHERE `main`.`answerto` = '0' AND `main`.`archived` = '1'
 				AND `main`.`adminid` = :adminid
-				ORDER BY `main`.`lastchange` DESC LIMIT 0, ".(int)$_num
-			);
-			Database::pexecute($result_stmt, array('adminid' => $_admin));
-
+				ORDER BY `main`.`lastchange` DESC LIMIT 0, " . (int) $_num);
+			Database::pexecute($result_stmt, array(
+				'adminid' => $_admin
+			));
+			
 			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
-
+				
 				$archived[$counter]['id'] = $row['id'];
 				$archived[$counter]['customerid'] = $row['customerid'];
 				$archived[$counter]['adminid'] = $row['adminid'];
@@ -496,9 +534,9 @@ class ticket {
 				$archived[$counter]['lastchange'] = $row['lastchange'];
 				$archived[$counter]['status'] = $row['status'];
 				$archived[$counter]['by'] = $row['by'];
-				$counter++;
+				$counter ++;
 			}
-
+			
 			if (isset($archived[0]['id'])) {
 				return $archived;
 			} else {
@@ -516,129 +554,102 @@ class ticket {
 	static public function getArchiveSearchStatement($subject = null, $priority = null, $fromdate = null, $todate = null, $message = null, $customer = - 1, $admin = 1, $categories = null)
 	{
 		$search_params = array();
-
+		
 		$query = "
 			SELECT `main`.*, (
 				SELECT COUNT(`sub`.`id`) FROM `" . TABLE_PANEL_TICKETS . "` `sub`
 				WHERE `sub`.`answerto` = `main`.`id`
 			) as `ticket_answers`
 			FROM `" . TABLE_PANEL_TICKETS . "` `main`
-			WHERE `main`.`archived` = '1' AND `main`.`adminid` = :admin"
-		;
-
+			WHERE `main`.`archived` = '1' AND `main`.`adminid` = :admin";
+		
 		$search_params['admin'] = $admin;
-
-		if ($subject != NULL
-			&& $subject != ''
-		) {
+		
+		if ($subject != NULL && $subject != '') {
 			$query .= " AND `main`.`subject` LIKE :subject";
-			$search_params['subject'] = "%".$subject."%";
+			$search_params['subject'] = "%" . $subject . "%";
 		}
-
-		if ($priority != null
-			&& isset($priority[0])
-			&& $priority[0] != ''
-		) {
-
-			if (isset($priority[1])
-				&& $priority[1] != ''
-			) {
-
-				if (isset($priority[2])
-					&& $priority[2] != ''
-				) {
-
+		
+		if ($priority != null && isset($priority[0]) && $priority[0] != '') {
+			
+			if (isset($priority[1]) && $priority[1] != '') {
+				
+				if (isset($priority[2]) && $priority[2] != '') {
+					
 					$query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '2' OR `main`.`priority` = '3')";
-
 				} else {
-
+					
 					$query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '1')";
 				}
-
-			} elseif (isset($priority[2])
-				&& $priority[2] != ''
-			) {
-
+			} elseif (isset($priority[2]) && $priority[2] != '') {
+				
 				$query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '3')";
-
 			} else {
 				$query .= " AND `main`.`priority` = '1'";
 			}
-
-		} elseif($priority != null
-			&& isset($priority[1])
-			&& $priority[1] != ''
-		) {
-			if (isset($priority[2])
-				&& $priority[2] != ''
-			) {
+		} elseif ($priority != null && isset($priority[1]) && $priority[1] != '') {
+			if (isset($priority[2]) && $priority[2] != '') {
 				$query .= " AND (`main`.`priority` = '2' OR `main`.`priority` = '3')";
 			} else {
 				$query .= " AND `main`.`priority` = '2'";
 			}
-
-		} elseif($priority != null) {
-
-			if (isset($priority[3])
-				&& $priority[3] != ''
-			) {
+		} elseif ($priority != null) {
+			
+			if (isset($priority[3]) && $priority[3] != '') {
 				$query .= " AND `main`.`priority` = '3'";
 			}
 		}
-
-		if ($fromdate != null
-			&& $fromdate > 0
-		) {
+		
+		if ($fromdate != null && $fromdate > 0) {
 			$query .= " AND `main`.`lastchange` > :fromdate";
 			$search_params['fromdate'] = strtotime($fromdate);
 		}
-
-		if ($todate != null
-			&& $todate > 0
-		) {
+		
+		if ($todate != null && $todate > 0) {
 			$query .= " AND `main`.`lastchange` < :todate";
 			$search_params['todate'] = strtotime($todate);
 		}
-
-		if ($message != null
-			&& $message != ''
-		) {
+		
+		if ($message != null && $message != '') {
 			$query .= " AND `main`.`message` LIKE :message";
-			$search_params['message'] = "%".$message."%";
+			$search_params['message'] = "%" . $message . "%";
 		}
-
+		
 		if ($customer != - 1) {
 			$query .= " AND `main`.`customerid` = :customer";
 			$search_params['customer'] = $customer;
 		}
-
+		
 		if ($categories != null) {
-
+			
 			$cats = array();
 			foreach ($categories as $index => $catid) {
 				if ($catid != "") {
 					$cats[] = $catid;
 				}
 			}
-
+			
 			if (count($cats) > 0) {
 				$query .= " AND (";
 			}
-
+			
 			foreach ($cats as $catid) {
 				if (isset($catid) && $catid > 0) {
-					$query .= "`main`.`category` = :catid_".$catid." OR ";
-					$search_params['catid_'.$catid] = $catid;
+					$query .= "`main`.`category` = :catid_" . $catid . " OR ";
+					$search_params['catid_' . $catid] = $catid;
 				}
 			}
-
+			
 			if (count($cats) > 0) {
 				$query = substr($query, 0, strlen($query) - 3);
 				$query .= ") ";
 			}
 		}
-
-		return array('0' => $query, '1' => $search_params);
+		
+		return array(
+			'0' => $query,
+			'1' => $search_params
+		);
 	}

 	/**
@@ -646,8 +657,7 @@ class ticket {
 	 */
 	static public function getStatusText($_lng, $_status = 0)
 	{
-		switch($_status)
-		{
+		switch ($_status) {
 			case 0:
 				return $_lng['ticket']['open'];
 				break;
@@ -668,8 +678,7 @@ class ticket {
 	 */
 	static public function getPriorityText($_lng, $_priority = 0)
 	{
-		switch($_priority)
-		{
+		switch ($_priority) {
 			case 1:
 				return $_lng['ticket']['high'];
 				break;
@@ -684,19 +693,19 @@ class ticket {

 	private function convertLatin1ToHtml($str)
 	{
-		$html_entities = array (
-					"Ä" =>  "&Auml;",
-					"ä" =>  "&auml;",
-					"Ö" =>  "&Ouml;",
-					"ö" =>  "&ouml;",
-					"Ü" =>  "&Uuml;",
-					"ü" =>  "&uuml;",
-					"ß" =>  "&szlig;"
-					/*
-					 * @TODO continue this table for all the special-characters
-					 */
+		$html_entities = array(
+			"Ä" => "&Auml;",
+			"ä" => "&auml;",
+			"Ö" => "&Ouml;",
+			"ö" => "&ouml;",
+			"Ü" => "&Uuml;",
+			"ü" => "&uuml;",
+			"ß" => "&szlig;"
+			/*
+		 * @TODO continue this table for all the special-characters
+		 */
 		);
-
+		
 		foreach ($html_entities as $key => $value) {
 			$str = str_replace($key, $value, $str);
 		}
@@ -706,45 +715,47 @@ class ticket {
 	/**
 	 * function customerHasTickets
 	 *
-	 * @param	int		customer-id
-	 *
-	 * @return	array/bool	array of ticket-ids if customer has any, else false
+	 * @param
+	 *        	int customer-id
+	 *        	
+	 * @return array/bool array of ticket-ids if customer has any, else false
 	 */
-	static public function customerHasTickets($_cid = 0) {
-
+	static public function customerHasTickets($_cid = 0)
+	{
 		if ($_cid != 0) {
 			$result_stmt = Database::prepare("
-				SELECT `id` FROM `" . TABLE_PANEL_TICKETS . "` WHERE `customerid` = :cid"
-			);
-			Database::pexecute($result_stmt, array('cid' => $_cid));
-
+				SELECT `id` FROM `" . TABLE_PANEL_TICKETS . "` WHERE `customerid` = :cid");
+			Database::pexecute($result_stmt, array(
+				'cid' => $_cid
+			));
+			
 			$tickets = array();
 			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 				$tickets[] = $row['id'];
 			}
-
+			
 			return $tickets;
 		}
-
+		
 		return false;
 	}

 	/**
 	 * Get a data-var
 	 */
-	public function Get($_var = '', $_vartrusted = false) {
-
+	public function Get($_var = '', $_vartrusted = false)
+	{
 		if ($_var != '') {
-			if (!$_vartrusted) {
+			if (! $_vartrusted) {
 				$_var = htmlspecialchars($_var);
 			}
-
+			
 			if (isset($this->t_data[$_var])) {
 				if (strtolower($_var) == 'message') {
 					// avoid double line-breaks, #1413
 					$this->t_data[$_var] = str_replace("<br />\n", "\n", $this->t_data[$_var]);
 					return nl2br($this->t_data[$_var]);
-				} elseif(strtolower($_var) == 'subject') {
+				} elseif (strtolower($_var) == 'subject') {
 					return nl2br($this->t_data[$_var]);
 				} else {
 					return $this->t_data[$_var];
@@ -758,25 +769,21 @@ class ticket {
 	/**
 	 * Set a data-var
 	 */
-	public function Set($_var = '', $_value = '', $_vartrusted = false, $_valuetrusted = false) {
-
-		if ($_var != ''
-			&& $_value != ''
-		) {
-			if (!$_vartrusted) {
+	public function Set($_var = '', $_value = '', $_vartrusted = false, $_valuetrusted = false)
+	{
+		if ($_var != '' && $_value != '') {
+			if (! $_vartrusted) {
 				$_var = strip_tags($_var);
 			}
-
-			if (!$_valuetrusted) {
+			
+			if (! $_valuetrusted) {
 				$_value = strip_tags($_value, '<br />');
 			}
-
-			if (strtolower($_var) == 'message'
-				|| strtolower($_var) == 'subject'
-			) {
+			
+			if (strtolower($_var) == 'message' || strtolower($_var) == 'subject') {
 				$_value = $this->convertLatin1ToHtml($_value);
 			}
-
+			
 			$this->t_data[$_var] = $_value;
 		}
 	}
--- a/lib/classes/webserver/class.ConfigIO.php
+++ b/lib/classes/webserver/class.ConfigIO.php
@@ -17,13 +17,14 @@
 * @since      0.9.29
 *
 */
-
-class ConfigIO {
+class ConfigIO
+{

 	/**
 	 * constructor
 	 */
-	public function __construct() {}
+	public function __construct()
+	{}

 	/**
 	 * clean up former created configs, including (if enabled)
@@ -32,39 +33,40 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	public function cleanUp() {
-
+	public function cleanUp()
+	{
+		
 		// old error logs
 		$this->_cleanErrLogs();
-
+		
 		// awstats files
 		$this->_cleanAwstatsFiles();
-
+		
 		// fcgid files
 		$this->_cleanFcgidFiles();
-
+		
 		// php-fpm files
 		$this->_cleanFpmFiles();
-
+		
 		// clean webserver-configs
 		$this->_cleanWebserverConfigs();
-
+		
 		// old htpasswd files
 		$this->_cleanHtpasswdFiles();
-
+		
 		// customer-specified ssl-certificates
 		$this->_cleanCustomerSslCerts();
 	}

-	private function _cleanErrLogs() {
-
-	    $err_dir = makeCorrectDir(FROXLOR_INSTALL_DIR."/logs/");
-	    if (@is_dir($err_dir)) {
-	        // now get rid of old stuff
-	        //(but append /*.log so we don't delete the directory)
-	        $err_dir.='/*.log';
-	        safe_exec('rm -rf '. makeCorrectFile($err_dir));
-	    }
+	private function _cleanErrLogs()
+	{
+		$err_dir = makeCorrectDir(FROXLOR_INSTALL_DIR . "/logs/");
+		if (@is_dir($err_dir)) {
+			// now get rid of old stuff
+			// (but append /*.log so we don't delete the directory)
+			$err_dir .= '/*.log';
+			safe_exec('rm -f ' . makeCorrectFile($err_dir));
+		}
 	}

 	/**
@@ -73,8 +75,9 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanCustomerSslCerts() {
-
+	private function _cleanCustomerSslCerts()
+	{
+		
 		/*
 		 * only clean up if we're actually using SSL
 		 */
@@ -82,14 +85,14 @@ class ConfigIO {
 			// get correct directory
 			$configdir = $this->_getFile('system', 'customer_ssl_path');
 			if ($configdir !== false) {
-
+				
 				$configdir = makeCorrectDir($configdir);
-
+				
 				if (@is_dir($configdir)) {
 					// now get rid of old stuff
-					//(but append /* so we don't delete the directory)
-					$configdir.='/*';
-					safe_exec('rm -rf '. makeCorrectFile($configdir));
+					// (but append /* so we don't delete the directory)
+					$configdir .= '/*';
+					safe_exec('rm -f ' . makeCorrectFile($configdir));
 				}
 			}
 		}
@@ -100,39 +103,38 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanWebserverConfigs() {
-
+	private function _cleanWebserverConfigs()
+	{
+		
 		// get directories
 		$configdirs = array();
 		$dir = $this->_getFile('system', 'apacheconf_vhost');
 		if ($dir !== false)
 			$configdirs[] = makeCorrectDir($dir);
-
+		
 		$dir = $this->_getFile('system', 'apacheconf_diroptions');
 		if ($dir !== false)
 			$configdirs[] = makeCorrectDir($dir);
-
+		
 		// file pattern
 		$pattern = "/^([0-9]){2}_(froxlor|syscp)_(.+)\.conf$/";
-
+		
 		// check ALL the folders
 		foreach ($configdirs as $config_dir) {
-
+			
 			// check directory
 			if (@is_dir($config_dir)) {
-
+				
 				// create directory iterator
-				$its = new RecursiveIteratorIterator(
-						new RecursiveDirectoryIterator($config_dir)
-				);
-
+				$its = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($config_dir));
+				
 				// iterate through all subdirs,
 				// look for vhost/diroption files
 				// and delete them
-				foreach ($its as $fullFileName => $it ) {
+				foreach ($its as $fullFileName => $it) {
 					if ($it->isFile() && preg_match($pattern, $it->getFilename())) {
 						// remove file
-						safe_exec('rm -f '. escapeshellarg(makeCorrectFile($its->getPathname())));
+						safe_exec('rm -f ' . escapeshellarg(makeCorrectFile($its->getPathname())));
 					}
 				}
 			}
@@ -144,19 +146,20 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanHtpasswdFiles() {
-
+	private function _cleanHtpasswdFiles()
+	{
+		
 		// get correct directory
 		$configdir = $this->_getFile('system', 'apacheconf_htpasswddir');
-
+		
 		if ($configdir !== false) {
 			$configdir = makeCorrectDir($configdir);
-
+			
 			if (@is_dir($configdir)) {
 				// now get rid of old stuff
-				//(but append /* so we don't delete the directory)
-				$configdir.='/*';
-				safe_exec('rm -rf '. makeCorrectFile($configdir));
+				// (but append /* so we don't delete the directory)
+				$configdir .= '/*';
+				safe_exec('rm -f ' . makeCorrectFile($configdir));
 			}
 		}
 	}
@@ -166,37 +169,36 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanAwstatsFiles() {
-
+	private function _cleanAwstatsFiles()
+	{
 		if (Settings::Get('system.awstats_enabled') == '0') {
 			return;
 		}
-
-		//dhr: cleanout froxlor-generated awstats configs prior to re-creation
+		
+		// dhr: cleanout froxlor-generated awstats configs prior to re-creation
 		$awstatsclean['header'] = "## GENERATED BY FROXLOR\n";
 		$awstatsclean['headerold'] = "## GENERATED BY SYSCP\n";
 		$awstatsclean['path'] = $this->_getFile('system', 'awstats_conf');
-
+		
 		/**
 		 * don't do anything if the directory does not exist
-		 * (e.g. awstats not installed yet or whatever)
+		 * (e.g.
+		 * awstats not installed yet or whatever)
 		 * fixes #45
-		*/
+		 */
 		if ($awstatsclean['path'] !== false && is_dir($awstatsclean['path'])) {
 			$awstatsclean['dir'] = dir($awstatsclean['path']);
 			while ($awstatsclean['entry'] = $awstatsclean['dir']->read()) {
-				$awstatsclean['fullentry'] = makeCorrectFile($awstatsclean['path'].'/'.$awstatsclean['entry']);
+				$awstatsclean['fullentry'] = makeCorrectFile($awstatsclean['path'] . '/' . $awstatsclean['entry']);
 				/**
 				 * don't do anything if the file does not exist
-				*/
+				 */
 				if (@file_exists($awstatsclean['fullentry'])) {
 					$awstatsclean['fh'] = fopen($awstatsclean['fullentry'], 'r');
-					$awstatsclean['headerRead'] = fgets($awstatsclean['fh'], strlen($awstatsclean['header'])+1);
+					$awstatsclean['headerRead'] = fgets($awstatsclean['fh'], strlen($awstatsclean['header']) + 1);
 					fclose($awstatsclean['fh']);
-
-					if ($awstatsclean['headerRead'] == $awstatsclean['header']
-							|| $awstatsclean['headerRead'] == $awstatsclean['headerold']
-					) {
+					
+					if ($awstatsclean['headerRead'] == $awstatsclean['header'] || $awstatsclean['headerRead'] == $awstatsclean['headerold']) {
 						$awstats_conf_file = makeCorrectFile($awstatsclean['fullentry']);
 						@unlink($awstats_conf_file);
 					}
@@ -204,7 +206,7 @@ class ConfigIO {
 			}
 		}
 		unset($awstatsclean);
-		//end dhr
+		// end dhr
 	}

 	/**
@@ -212,39 +214,37 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanFcgidFiles() {
-
+	private function _cleanFcgidFiles()
+	{
 		if (Settings::Get('system.mod_fcgid') == '0') {
 			return;
 		}
-
+		
 		// get correct directory
 		$configdir = $this->_getFile('system', 'mod_fcgid_configdir');
 		if ($configdir !== false) {
-
+			
 			$configdir = makeCorrectDir($configdir);
-
+			
 			if (@is_dir($configdir)) {
 				// create directory iterator
-				$its = new RecursiveIteratorIterator(
-						new RecursiveDirectoryIterator($configdir)
-				);
-
+				$its = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($configdir));
+				
 				// iterate through all subdirs,
 				// look for php-fcgi-starter files
 				// and take immutable-flag away from them
 				// so we can delete them :)
-				foreach ($its as $fullFileName => $it ) {
+				foreach ($its as $fullFileName => $it) {
 					if ($it->isFile() && $it->getFilename() == 'php-fcgi-starter') {
 						// set chattr -i
 						removeImmutable($its->getPathname());
 					}
 				}
-
+				
 				// now get rid of old stuff
-				//(but append /* so we don't delete the directory)
-				$configdir.='/*';
-				safe_exec('rm -rf '. makeCorrectFile($configdir));
+				// (but append /* so we don't delete the directory)
+				$configdir .= '/*';
+				safe_exec('rm -rf ' . makeCorrectFile($configdir));
 			}
 		}
 	}
@@ -254,33 +254,36 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanFpmFiles() {
-
+	private function _cleanFpmFiles()
+	{
 		if (Settings::Get('phpfpm.enabled') == '0') {
 			return;
 		}
-
-		// get correct directory
-		$configdir = $this->_getFile('phpfpm', 'configdir');
-		if ($configdir !== false) {
-
-			$configdir = makeCorrectDir($configdir);
-
+		
+		// get all fpm config paths
+		$fpmconf_sel = Database::prepare("SELECT config_dir FROM `" . TABLE_PANEL_FPMDAEMONS . "`");
+		Database::pexecute($fpmconf_sel);
+		$fpmconf_paths = $fpmconf_sel->fetchAll(PDO::FETCH_ASSOC);
+		// clean all php-fpm config-dirs
+		foreach ($fpmconf_paths as $configdir) {
+			$configdir = makeCorrectDir($configdir['config_dir']);
 			if (@is_dir($configdir)) {
 				// now get rid of old stuff
-				//(but append /* so we don't delete the directory)
-				$configdir.='/*';
-				safe_exec('rm -rf '. makeCorrectFile($configdir));
+				// (but append /*.conf so we don't delete the directory)
+				$configdir .= '/*.conf';
+				safe_exec('rm -f ' . makeCorrectFile($configdir));
+			} else {
+				safe_exec('mkdir -p ' . $configdir);
 			}
 		}
-
+		
 		// also remove aliasconfigdir #1273
 		$aliasconfigdir = $this->_getFile('phpfpm', 'aliasconfigdir');
 		if ($aliasconfigdir !== false) {
 			$aliasconfigdir = makeCorrectDir($aliasconfigdir);
 			if (@is_dir($aliasconfigdir)) {
-				$aliasconfigdir.='/*';
-				safe_exec('rm -rf '. makeCorrectFile($aliasconfigdir));
+				$aliasconfigdir .= '/*';
+				safe_exec('rm -rf ' . makeCorrectFile($aliasconfigdir));
 			}
 		}
 	}
@@ -288,17 +291,21 @@ class ConfigIO {
 	/**
 	 * returns a file/direcotry from the settings and checks whether it exists
 	 *
-	 * @param string $group         settings-group
-	 * @param string $varname       var-name
-	 * @param boolean $check_exists check if the file exists
-	 *
+	 * @param string $group
+	 *        	settings-group
+	 * @param string $varname
+	 *        	var-name
+	 * @param boolean $check_exists
+	 *        	check if the file exists
+	 *        	
 	 * @return string|boolean complete path including filename if any or false on error
 	 */
-	private function _getFile($group, $varname, $check_exists = true) {
-
+	private function _getFile($group, $varname, $check_exists = true)
+	{
+		
 		// read from settings
-		$file = Settings::Get($group.'.'.$varname);
-
+		$file = Settings::Get($group . '.' . $varname);
+		
 		// check whether it exists
 		if ($check_exists && @file_exists($file) == false) {
 			return false;
--- a/lib/classes/webserver/class.DomainSSL.php
+++ b/lib/classes/webserver/class.DomainSSL.php
@@ -46,7 +46,7 @@ class DomainSSL {
 				|| $dom_certs['ssl_cert_file'] == ''
 		) {
 			// maybe its parent?
-			if ($domain['parentdomainid'] != 0) {
+			if (isset($domain['parentdomainid']) && $domain['parentdomainid'] != 0) {
 				$dom_certs = Database::pexecute_first($dom_certs_stmt, array('domid' => $domain['parentdomainid']));
 			}
 		}
@@ -89,6 +89,10 @@ class DomainSSL {
 					$ssl_files['ssl_cert_chainfile'] = makeCorrectFile($sslcertpath.'/'.$domain['domain'].'_chain.pem');
 				}
 			}
+			// will only be generated to be used externally, froxlor does not need this
+			if ($dom_certs['ssl_fullchain_file'] != '') {
+				$ssl_files['ssl_fullchain_file'] = makeCorrectFile($sslcertpath.'/'.$domain['domain'].'_fullchain.pem');
+			}
 			// create them on the filesystem
 			foreach ($ssl_files as $type => $filename) {
 				if ($filename != '') {
--- a/lib/classes/webserver/class.WebserverBase.php
+++ b/lib/classes/webserver/class.WebserverBase.php
@@ -17,8 +17,8 @@
 * @since      0.9.31
 *
 */
-
-class WebserverBase {
+class WebserverBase
+{

 	/**
 	 * returns an array with all entries required for all
@@ -26,27 +26,45 @@ class WebserverBase {
 	 *
 	 * @return array
 	 */
-	public static function getVhostsToCreate() {
-
+	public static function getVhostsToCreate()
+	{
 		$query = "SELECT `d`.*, `pd`.`domain` AS `parentdomain`, `c`.`loginname`,
 				`d`.`phpsettingid`, `c`.`adminid`, `c`.`guid`, `c`.`email`,
 				`c`.`documentroot` AS `customerroot`, `c`.`deactivated`,
-				`c`.`phpenabled` AS `phpenabled`, `d`.`mod_fcgid_starter`,
-				`d`.`mod_fcgid_maxrequests`
-				FROM `".TABLE_PANEL_DOMAINS."` `d`
+				`c`.`phpenabled` AS `phpenabled_customer`,
+				`d`.`phpenabled` AS `phpenabled_vhost`,
+				`d`.`mod_fcgid_starter`,`d`.`mod_fcgid_maxrequests`,
+				`d`.`ocsp_stapling`
+				FROM `" . TABLE_PANEL_DOMAINS . "` `d`

-				LEFT JOIN `".TABLE_PANEL_CUSTOMERS."` `c` USING(`customerid`)
-				LEFT JOIN `".TABLE_PANEL_DOMAINS."` `pd` ON (`pd`.`id` = `d`.`parentdomainid`)
+				LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
+				LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `pd` ON (`pd`.`id` = `d`.`parentdomainid`)

 				WHERE `d`.`aliasdomain` IS NULL AND `d`.`email_only` <> '1'
 				ORDER BY `d`.`parentdomainid` DESC, `d`.`iswildcarddomain`, `d`.`domain` ASC;
 		";
-
+		
 		$result_domains_stmt = Database::query($query);
-
+		
+		// prepare IP statement
+		$ip_stmt = Database::prepare("
+			SELECT `di`.`id_domain` , `p`.`ssl`, `p`.`ssl_cert_file`, `p`.`ssl_key_file`, `p`.`ssl_ca_file`, `p`.`ssl_cert_chainfile`
+			FROM `" . TABLE_DOMAINTOIP . "` `di`, `" . TABLE_PANEL_IPSANDPORTS . "` `p`
+			WHERE `p`.`id` = `di`.`id_ipandports`
+			AND `di`.`id_domain` = :domainid
+			AND `p`.`ssl` = '1'
+		");
+		
+		// prepare fpm-config select query
+		$fpm_sel_stmt = Database::prepare("
+			SELECT f.id FROM `" . TABLE_PANEL_FPMDAEMONS . "` f
+			LEFT JOIN `" . TABLE_PANEL_PHPCONFIGS . "` p ON p.fpmsettingid = f.id
+			WHERE p.id = :phpconfigid
+		");
+		
 		$domains = array();
 		while ($domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) {
-
+			
 			// set whole domain
 			$domains[$domain['domain']] = $domain;
 			// set empty-defaults for non-ssl
@@ -55,31 +73,38 @@ class WebserverBase {
 			$domains[$domain['domain']]['ssl_key_file'] = '';
 			$domains[$domain['domain']]['ssl_ca_file'] = '';
 			$domains[$domain['domain']]['ssl_cert_chainfile'] = '';
-
+			
 			// now, if the domain has an ssl ip/port assigned, get
 			// the corresponding information from the db
 			if (domainHasSslIpPort($domain['id'])) {

-				$ip_stmt = Database::prepare("
-						SELECT `di`.`id_domain` , `p`.`ssl`, `p`.`ssl_cert_file`, `p`.`ssl_key_file`, `p`.`ssl_ca_file`, `p`.`ssl_cert_chainfile`
-						FROM `".TABLE_DOMAINTOIP."` `di`, `".TABLE_PANEL_IPSANDPORTS."` `p`
-						WHERE `p`.`id` = `di`.`id_ipandports`
-						AND `di`.`id_domain` = :domainid
-						AND `p`.`ssl` = '1'
-						");
-				$ssl_ip = Database::pexecute_first($ip_stmt, array('domainid' => $domain['id']));
-
+				$ssl_ip = Database::pexecute_first($ip_stmt, array(
+					'domainid' => $domain['id']
+				));
+				
 				// set ssl info for domain
 				$domains[$domain['domain']]['ssl'] = '1';
 				$domains[$domain['domain']]['ssl_cert_file'] = $ssl_ip['ssl_cert_file'];
 				$domains[$domain['domain']]['ssl_key_file'] = $ssl_ip['ssl_key_file'];
 				$domains[$domain['domain']]['ssl_ca_file'] = $ssl_ip['ssl_ca_file'];
 				$domains[$domain['domain']]['ssl_cert_chainfile'] = $ssl_ip['ssl_cert_chainfile'];
+			}
+			
+			// read fpm-config-id if using fpm
+			if ((int) Settings::Get('phpfpm.enabled') == 1) {

+				$fpm_config = Database::pexecute_first($fpm_sel_stmt, array(
+					'phpconfigid' => $domain['phpsettingid']
+				));
+				if ($fpm_config) {
+					$domains[$domain['domain']]['fpm_config_id'] = $fpm_config['id'];
+				} else {
+					// fallback
+					$domains[$domain['domain']]['fpm_config_id'] = 1;
+				}
 			}
 		}
-
+		
 		return $domains;
 	}
-
 }
--- a/lib/configfiles/gentoo.xml
+++ b/lib/configfiles/gentoo.xml
@@ -64,7 +64,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/modules.d/80_acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -96,7 +96,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/modules.d/80_acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -267,7 +267,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -353,7 +353,7 @@ exit "$RETVAL"
 			<!--DNS -->
 			<service type="dns" title="{{lng.admin.configfiles.dns}}">
 				<!--Bind9 -->
-				<daemon name="bind" title="Bind9 nameserver">
+				<daemon name="bind" title="Bind9 nameserver" default="true">
 					<install><![CDATA[emerge net-dns/bind]]></install>
 					<file name="/etc/bind/default.zone">
 						<content><![CDATA[
@@ -396,7 +396,8 @@ mail	IN		A	<SERVERIP>
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>

 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -938,7 +939,8 @@ gmysql-password=
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>

 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -2136,7 +2138,7 @@ protocol lda {
 driver = mysql
 connect = host=<SQL_HOST> dbname=<SQL_DB> user=<SQL_UNPRIVILEGED_USER> password=<SQL_UNPRIVILEGED_PASSWORD>
 default_pass_scheme = CRYPT
-password_query = "SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota,'M') AS userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp' OR '%Ls' = 'sieve')"
+password_query = "SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota,'M') AS userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve')))"
 user_query = "SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('*:storage=', quota,'M') AS quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u')"
 iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)"
 ]]>
@@ -3420,10 +3422,17 @@ MAILDIRPATH=.maildir
 				<daemon name="proftpd" title="ProFTPd" default="true">
 					<command><![CDATA[echo "net-ftp/proftpd mysql" >> /etc/portage/package.use]]></command>
 					<install><![CDATA[emerge net-ftp/proftpd]]></install>
-					<commands>
-						<command><![CDATA[[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
-						<command><![CDATA[[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
-						<command><![CDATA[chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key]]></command>
+					<file name="/etc/proftpd/create-cert.sh" chown="root:0" chmod="0700">
+						<content><![CDATA[#!/bin/bash
+[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"
+[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"
+chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key
+]]>
+						</content>
+					</file>
+					<commands index="1">
+						<command><![CDATA[/etc/proftpd/create-cert.sh]]></command>
+						<command><![CDATA[rm -f /etc/proftpd/create-cert.sh]]></command>
 					</commands>
 					<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
 						backup="true">
@@ -3875,7 +3884,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>
--- a/lib/configfiles/jessie.xml
+++ b/lib/configfiles/jessie.xml
@@ -48,6 +48,11 @@
 					<include>//service[@type='http']/general/commands</include>
 					<command><![CDATA[a2dismod userdir]]></command>
 					<command><![CDATA[a2enmod headers]]></command>
+					<command>
+						<visibility mode="true">{{settings.system.use_ssl}}
+						</visibility>
+						<content><![CDATA[a2enmod ssl]]></content>
+					</command>
 					<command>
 						<visibility mode="true">{{settings.phpfpm.enabled}}
 						</visibility>
@@ -68,7 +73,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -287,7 +292,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -365,7 +370,7 @@ exit "$RETVAL"
 			<!--DNS -->
 			<service type="dns" title="{{lng.admin.configfiles.dns}}">
 				<!--Bind9 -->
-				<daemon name="bind" title="Bind9 nameserver">
+				<daemon name="bind" title="Bind9 nameserver" default="true">
 					<install><![CDATA[apt-get install bind9]]></install>
 					<command><![CDATA[echo "include \"{{settings.system.bindconf_directory}}froxlor_bind.conf\";" >> /etc/bind/named.conf.local]]></command>
 					<command><![CDATA[touch {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
@@ -380,7 +385,8 @@ exit "$RETVAL"
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>

 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -921,7 +927,8 @@ gmysql-password=
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-# allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+# allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>

 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -2712,7 +2719,7 @@ user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir
 #  SELECT userid AS user, password, \
 #    home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \
 #  FROM users WHERE userid = '%u'
-password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp' OR '%Ls' = 'sieve')
+password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve')))

 # Query to get a list of all usernames.
 #iterate_query = SELECT username AS user FROM users
@@ -3812,10 +3819,17 @@ plugin {
 				<!-- Proftpd -->
 				<daemon name="proftpd" title="ProFTPd" default="true">
 					<install><![CDATA[apt-get install proftpd-basic proftpd-mod-mysql]]></install>
-					<commands>
-						<command><![CDATA[[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
-						<command><![CDATA[[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
-						<command><![CDATA[chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key]]></command>
+					<file name="/etc/proftpd/create-cert.sh" chown="root:0" chmod="0700">
+						<content><![CDATA[#!/bin/bash
+[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"
+[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"
+chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key
+]]>
+						</content>
+					</file>
+					<commands index="1">
+						<command><![CDATA[/etc/proftpd/create-cert.sh]]></command>
+						<command><![CDATA[rm -f /etc/proftpd/create-cert.sh]]></command>
 					</commands>
 					<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
 						backup="true">
@@ -4467,9 +4481,9 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 				<!-- libnss-mysql -->
 				<daemon name="libnss" title="libnss-mysql (required for FCGID/php-fpm/mpm-itk)">
 					<install><![CDATA[apt-get install nscd
-wget http://ftp.us.debian.org/debian/pool/main/libn/libnss-mysql-bg/libnss-mysql-bg_1.5-4_`dpkg --print-architecture`.deb
-dpkg -i libnss-mysql-bg_1.5-4_`dpkg --print-architecture`.deb
-rm libnss-mysql-bg_1.5-4_`dpkg --print-architecture`.deb
+wget http://debian.froxlor.org/pool/main/libn/libnss-mysql-bg/libnss-mysql-bg_1.5-3+frx1_amd64.deb
+dpkg -i libnss-mysql-bg_1.5-3+frx1_amd64.deb
+rm libnss-mysql-bg_1.5-3+frx1_amd64.deb
 ]]></install>
 					<file name="/etc/libnss-mysql.cfg" chown="root:root" chmod="0600"
 						backup="true">
@@ -4632,6 +4646,44 @@ aliases:     files
 						</content>
 					</file>
 				</daemon>
+				<!-- libnss-extrausers -->
+				<daemon name="libnssextrausers" title="libnss-extrausers (alternative to libnss-mysql, required for FCGID/php-fpm/mpm-itk)">
+					<install><![CDATA[apt-get install nscd libnss-extrausers]]></install>
+					<commands index="1">
+						<command><![CDATA[mkdir -p /var/lib/extrausers]]></command>
+						<command><![CDATA[touch /var/lib/extrausers/passwd]]></command>
+						<command><![CDATA[touch /var/lib/extrausers/group]]></command>
+						<command><![CDATA[touch /var/lib/extrausers/shadow]]></command>
+					</commands>
+					<file name="/etc/nsswitch.conf" backup="true">
+						<content><![CDATA[
+# Make sure that `passwd`, `group` and `shadow` have extrausers in their lines
+# You should place extrausers at the end, so that it is queried after the other mechanisams
+#
+passwd:         compat extrausers
+group:          compat extrausers
+shadow:         compat extrausers
+
+hosts:       files dns
+networks:    files dns
+
+services:    db files
+protocols:   db files
+rpc:         db files
+ethers:      db files
+netmasks:    files
+netgroup:    files
+bootparams:  files
+
+automount:   files
+aliases:     files
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/nscd restart]]></command>
+					<!-- clear group chache -->
+					<command><![CDATA[nscd --invalidate=group]]></command>
+				</daemon>
 				<!-- Logrotate -->
 				<daemon name="logrotate" title="Logrotate">
 					<install><![CDATA[apt-get install logrotate]]></install>
@@ -4696,7 +4748,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>
@@ -4708,6 +4760,11 @@ aliases:     files
 						</visibility>
 						<command><![CDATA[a2dismod php5]]></command>
 					</commands>
+					<commands index="5">
+						<visibility mode="equals" value="apache2">{{settings.system.webserver}}
+						</visibility>
+						<command><![CDATA[/etc/init.d/apache2 restart]]></command>
+					</commands>
 					<!-- instead of just restarting apache, we let the cronjob do all the
 						dirty work -->
 					<command><![CDATA[php {{const.FROXLOR_INSTALL_DIR}}/scripts/froxlor_master_cronjob.php --force]]></command>
--- a/lib/configfiles/precise.xml
+++ b/lib/configfiles/precise.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <froxlor>
-	<distribution name="Ubuntu" codename="Precise" version="12.04" defaulteditor="/usr/bin/nano">
+	<distribution name="Ubuntu" codename="Precise" version="12.04" defaulteditor="/usr/bin/nano" deprecated="true">
 		<services>
 			<!-- HTTP -->
 			<service type="http" title="{{lng.admin.configfiles.http}}">
@@ -49,6 +49,11 @@
 					<include>//service[@type='http']/general/commands</include>
 					<command><![CDATA[a2dismod userdir]]></command>
 					<command><![CDATA[a2enmod headers]]></command>
+					<command>
+						<visibility mode="true">{{settings.system.use_ssl}}
+						</visibility>
+						<content><![CDATA[a2enmod ssl]]></content>
+					</command>
 					<file name="/etc/apache2/mods-enabled/fastcgi.conf">
 						<visibility mode="true">{{settings.phpfpm.enabled}}
 						</visibility>
@@ -66,7 +71,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -246,7 +251,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -334,7 +339,7 @@ exit "$RETVAL"
 			<!--DNS -->
 			<service type="dns" title="{{lng.admin.configfiles.dns}}">
 				<!--Bind9 -->
-				<daemon name="bind" title="Bind9 nameserver">
+				<daemon name="bind" title="Bind9 nameserver" default="true">
 					<install><![CDATA[apt-get install bind9]]></install>
 					<command><![CDATA[echo "include \"{{settings.system.bindconf_directory}}froxlor_bind.conf\";" >> /etc/bind/named.conf]]></command>
 					<command><![CDATA[touch {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
@@ -346,7 +351,8 @@ exit "$RETVAL"
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
 					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 allow-recursion=127.0.0.1
 config-dir=/etc/powerdns
 daemon=yes
@@ -407,7 +413,8 @@ include-dir=/etc/powerdns/froxlor/
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
 						chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 #local-ipv6=YOUR_IPv6_(if_any)
 bind-config=<BIND_CONFIG_PATH>named.conf
 bind-check-interval=180
@@ -724,7 +731,7 @@ smtpd_sasl_local_domain = $myhostname
 broken_sasl_auth_clients = yes

 # Virtual delivery settings
-virtual_mailbox_base = <VIRTUAL_MAILBOX_BASE>
+virtual_mailbox_base = /
 virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
 virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
 virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
@@ -1027,7 +1034,7 @@ userdb {
 driver = mysql
 connect = host=<SQL_HOST> dbname=<SQL_DB> user=<SQL_UNPRIVILEGED_USER> password=<SQL_UNPRIVILEGED_PASSWORD>
 default_pass_scheme = CRYPT
-password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('maildir:storage=', (quota*1024)) as userdb_quota FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp' OR '%Ls' = 'sieve')
+password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('maildir:storage=', (quota*1024)) as userdb_quota FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve')))
 user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('maildir:storage=', (quota*1024)) as quota FROM mail_users WHERE (username = '%u' OR email = '%u')
 iterate_query = SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)
 ]]>
@@ -1141,10 +1148,17 @@ MYSQL_AUXOPTIONS_FIELD CONCAT("allowimap=",imap,",allowpop3=",pop3)
 				<!-- Proftpd -->
 				<daemon name="proftpd" title="ProFTPd" default="true">
 					<install><![CDATA[apt-get install proftpd-basic proftpd-mod-mysql]]></install>
-					<commands>
-						<command><![CDATA[[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
-						<command><![CDATA[[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
-						<command><![CDATA[chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key]]></command>
+					<file name="/etc/proftpd/create-cert.sh" chown="root:0" chmod="0700">
+						<content><![CDATA[#!/bin/bash
+[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"
+[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"
+chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key
+]]>
+						</content>
+					</file>
+					<commands index="1">
+						<command><![CDATA[/etc/proftpd/create-cert.sh]]></command>
+						<command><![CDATA[rm -f /etc/proftpd/create-cert.sh]]></command>
 					</commands>
 					<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
 						backup="true">
@@ -1622,6 +1636,44 @@ netmasks:    files
 netgroup:    files
 bootparams:  files

+automount:   files
+aliases:     files
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/nscd restart]]></command>
+					<!-- clear group chache -->
+					<command><![CDATA[nscd --invalidate=group]]></command>
+				</daemon>
+				<!-- libnss-extrausers -->
+				<daemon name="libnssextrausers" title="libnss-extrausers (alternative to libnss-mysql, required for FCGID/php-fpm/mpm-itk)">
+					<install><![CDATA[apt-get install nscd libnss-extrausers]]></install>
+					<commands index="1">
+						<command><![CDATA[mkdir -p /var/lib/extrausers]]></command>
+						<command><![CDATA[touch /var/lib/extrausers/passwd]]></command>
+						<command><![CDATA[touch /var/lib/extrausers/group]]></command>
+						<command><![CDATA[touch /var/lib/extrausers/shadow]]></command>
+					</commands>
+					<file name="/etc/nsswitch.conf" backup="true">
+						<content><![CDATA[
+# Make sure that `passwd`, `group` and `shadow` have extrausers in their lines
+# You should place extrausers at the end, so that it is queried after the other mechanisams
+#
+passwd:         compat extrausers
+group:          compat extrausers
+shadow:         compat extrausers
+
+hosts:       files dns
+networks:    files dns
+
+services:    db files
+protocols:   db files
+rpc:         db files
+ethers:      db files
+netmasks:    files
+netgroup:    files
+bootparams:  files
+
 automount:   files
 aliases:     files
 ]]>
@@ -1695,7 +1747,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>
@@ -1707,6 +1759,11 @@ aliases:     files
 						</visibility>
 						<command><![CDATA[a2dismod php5]]></command>
 					</commands>
+					<commands index="5">
+						<visibility mode="equals" value="apache2">{{settings.system.webserver}}
+						</visibility>
+						<command><![CDATA[/etc/init.d/apache2 restart]]></command>
+					</commands>
 					<!-- instead of just restarting apache, we let the cronjob do all the
 						dirty work -->
 					<command><![CDATA[php {{const.FROXLOR_INSTALL_DIR}}/scripts/froxlor_master_cronjob.php --force]]></command>
--- a/lib/configfiles/rhel_centos.xml
+++ b/lib/configfiles/rhel_centos.xml
@@ -46,7 +46,7 @@
 				<daemon name="apache" version="2.4" title="Apache 2.4"
 					default="true">
 					<include>//service[@type='http']/general/commands</include>
-					<file name="/etc/httpd/conf.d/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -1774,7 +1774,7 @@ default_pass_scheme = CRYPT
 #password_query = \
 #  SELECT username, domain, password \
 #  FROM users WHERE username = '%n' AND domain = '%d'
-password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp' OR '%Ls' = 'sieve')
+password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve')))
 #password_query = SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, 'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 12 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'

 # userdb query to retrieve the user information. It can return fields:
@@ -2089,7 +2089,7 @@ LoadModule mod_ctrls_admin.c
 # (http://www.castaglia.org/proftpd/modules/mod_vroot.html)
 # Using this module rather than the kernel's chroot() system call works
 # around issues with PAM and chroot (http://bugzilla.redhat.com/506735)
-LoadModule mod_vroot.c
+# LoadModule mod_vroot.c
 #
 # Provide a flexible way of specifying that certain configuration directives
 # only apply to certain sessions, based on credentials such as connection
--- a/lib/configfiles/stretch.xml
+++ b/lib/configfiles/stretch.xml
--- a/lib/configfiles/trusty.xml
+++ b/lib/configfiles/trusty.xml
@@ -49,6 +49,11 @@
 					<include>//service[@type='http']/general/commands</include>
 					<command><![CDATA[a2dismod userdir]]></command>
 					<command><![CDATA[a2enmod headers]]></command>
+					<command>
+						<visibility mode="true">{{settings.system.use_ssl}}
+						</visibility>
+						<content><![CDATA[a2enmod ssl]]></content>
+					</command>
 					<file name="/etc/apache2/mods-enabled/fastcgi.conf">
 						<visibility mode="true">{{settings.phpfpm.enabled}}
 						</visibility>
@@ -66,7 +71,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -85,6 +90,11 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 					<include>//service[@type='http']/general/commands</include>
 					<command><![CDATA[a2dismod userdir]]></command>
 					<command><![CDATA[a2enmod headers]]></command>
+					<command>
+						<visibility mode="true">{{settings.system.use_ssl}}
+						</visibility>
+						<content><![CDATA[a2enmod ssl]]></content>
+					</command>
 					<file name="/etc/apache2/mods-enabled/fastcgi.conf">
 						<visibility mode="true">{{settings.phpfpm.enabled}}
 						</visibility>
@@ -100,7 +110,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -279,7 +289,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -367,7 +377,7 @@ exit "$RETVAL"
 			<!--DNS -->
 			<service type="dns" title="{{lng.admin.configfiles.dns}}">
 				<!--Bind9 -->
-				<daemon name="bind" title="Bind9 nameserver">
+				<daemon name="bind" title="Bind9 nameserver" default="true">
 					<install><![CDATA[apt-get install bind9]]></install>
 					<command><![CDATA[echo "include \"{{settings.system.bindconf_directory}}froxlor_bind.conf\";" >> /etc/bind/named.conf]]></command>
 					<command><![CDATA[touch {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
@@ -379,7 +389,8 @@ exit "$RETVAL"
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
 					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 allow-recursion=127.0.0.1
 config-dir=/etc/powerdns
 daemon=yes
@@ -417,7 +428,8 @@ gmysql-password=
 					<install><![CDATA[apt-get install pdns-server]]></install>
 					<file name="/etc/powerdns/pdns.conf" backup="true">
 						<content><![CDATA[
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 allow-recursion=127.0.0.1
 config-dir=/etc/powerdns
 daemon=yes
@@ -441,7 +453,8 @@ include-dir=/etc/powerdns/froxlor/
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
 						chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 #local-ipv6=YOUR_IPv6_(if_any)
 bind-config=<BIND_CONFIG_PATH>named.conf
 bind-check-interval=180
@@ -758,7 +771,7 @@ smtpd_sasl_local_domain = $myhostname
 broken_sasl_auth_clients = yes

 # Virtual delivery settings
-virtual_mailbox_base = <VIRTUAL_MAILBOX_BASE>
+virtual_mailbox_base = /
 virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
 virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
 virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
@@ -1035,7 +1048,7 @@ auth_mechanisms = plain login
 driver = mysql
 connect = host=<SQL_HOST> dbname=<SQL_DB> user=<SQL_UNPRIVILEGED_USER> password=<SQL_UNPRIVILEGED_PASSWORD>
 default_pass_scheme = CRYPT
-password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp' OR '%Ls' = 'sieve')
+password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve')))
 user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('*:storage=', quota, 'M') as quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u')
 iterate_query = SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)
 ]]>
@@ -1149,10 +1162,17 @@ MYSQL_AUXOPTIONS_FIELD CONCAT("allowimap=",imap,",allowpop3=",pop3)
 				<!-- Proftpd -->
 				<daemon name="proftpd" title="ProFTPd" default="true">
 					<install><![CDATA[apt-get install proftpd-basic proftpd-mod-mysql]]></install>
-					<commands>
-						<command><![CDATA[[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
-						<command><![CDATA[[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
-						<command><![CDATA[chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key]]></command>
+					<file name="/etc/proftpd/create-cert.sh" chown="root:0" chmod="0700">
+						<content><![CDATA[#!/bin/bash
+[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"
+[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"
+chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key
+]]>
+						</content>
+					</file>
+					<commands index="1">
+						<command><![CDATA[/etc/proftpd/create-cert.sh]]></command>
+						<command><![CDATA[rm -f /etc/proftpd/create-cert.sh]]></command>
 					</commands>
 					<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
 						backup="true">
@@ -1639,6 +1659,44 @@ aliases:     files
 					<!-- clear group chache -->
 					<command><![CDATA[nscd --invalidate=group]]></command>
 				</daemon>
+				<!-- libnss-extrausers -->
+				<daemon name="libnssextrausers" title="libnss-extrausers (alternative to libnss-mysql, required for FCGID/php-fpm/mpm-itk)">
+					<install><![CDATA[apt-get install nscd libnss-extrausers]]></install>
+					<commands index="1">
+						<command><![CDATA[mkdir -p /var/lib/extrausers]]></command>
+						<command><![CDATA[touch /var/lib/extrausers/passwd]]></command>
+						<command><![CDATA[touch /var/lib/extrausers/group]]></command>
+						<command><![CDATA[touch /var/lib/extrausers/shadow]]></command>
+					</commands>
+					<file name="/etc/nsswitch.conf" backup="true">
+						<content><![CDATA[
+# Make sure that `passwd`, `group` and `shadow` have extrausers in their lines
+# You should place extrausers at the end, so that it is queried after the other mechanisams
+#
+passwd:         compat extrausers
+group:          compat extrausers
+shadow:         compat extrausers
+
+hosts:       files dns
+networks:    files dns
+
+services:    db files
+protocols:   db files
+rpc:         db files
+ethers:      db files
+netmasks:    files
+netgroup:    files
+bootparams:  files
+
+automount:   files
+aliases:     files
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/nscd restart]]></command>
+					<!-- clear group chache -->
+					<command><![CDATA[nscd --invalidate=group]]></command>
+				</daemon>
 				<!-- Logrotate -->
 				<daemon name="logrotate" title="Logrotate">
 					<install><![CDATA[apt-get install logrotate]]></install>
@@ -1703,7 +1761,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>
@@ -1715,6 +1773,11 @@ aliases:     files
 						</visibility>
 						<command><![CDATA[a2dismod php5]]></command>
 					</commands>
+					<commands index="5">
+						<visibility mode="equals" value="apache2">{{settings.system.webserver}}
+						</visibility>
+						<command><![CDATA[/etc/init.d/apache2 restart]]></command>
+					</commands>
 					<!-- instead of just restarting apache, we let the cronjob do all the
 						dirty work -->
 					<command><![CDATA[php {{const.FROXLOR_INSTALL_DIR}}/scripts/froxlor_master_cronjob.php --force]]></command>
--- a/lib/configfiles/xenial.xml
+++ b/lib/configfiles/xenial.xml
--- a/lib/cron_init.php
+++ b/lib/cron_init.php
@@ -205,6 +205,7 @@ if (hasUpdates($version) || hasDbUpdates($dbversion)
 		fwrite($debugHandler, '*** WARNING *** - all new settings etc. will be stored with the default value, that might not always be right for your system!' . "\n");
 		fwrite($debugHandler, "*** WARNING *** - If you don't want this to happen in the future consider removing the --allow-autoupdate flag from the cronjob\n");
 		// including update procedures
+		define('_CRON_UPDATE', 1);
 		include_once FROXLOR_INSTALL_DIR.'/install/updatesql.php';
 		// pew - everything went better than expected
 		$cronlog->logAction(CRON_ACTION, LOG_WARNING, 'Automatic update done - you should check your settings to be sure everything is fine');
--- a/lib/formfields/admin/customer/formfield.customer_add.php
+++ b/lib/formfields/admin/customer/formfield.customer_add.php
@@ -14,7 +14,6 @@
 * @package    Formfields
 *
 */
-
 return array(
 	'customer_add' => array(
 		'title' => $lng['admin']['customer_add'],
@@ -29,20 +28,30 @@ return array(
 						'type' => 'text'
 					),
 					'createstdsubdomain' => array(
-						'label' => $lng['admin']['stdsubdomain_add'].'?',
+						'label' => $lng['admin']['stdsubdomain_add'] . '?',
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
-						'value' => array('1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
+						)
 					),
 					'store_defaultindex' => array(
-						'label' => $lng['admin']['store_defaultindex'].'?',
+						'label' => $lng['admin']['store_defaultindex'] . '?',
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
-						'value' => array('1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
+						)
 					),
 					'new_customer_password' => array(
 						'label' => $lng['login']['password'],
@@ -53,15 +62,20 @@ return array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
 						'visible' => (Settings::Get('panel.password_regex') == ''),
-						'value' => generatePassword(),
+						'value' => generatePassword()
 					),
 					'sendpassword' => array(
 						'label' => $lng['admin']['sendpassword'],
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
-						'value' => array('1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
+						)
 					),
 					'def_language' => array(
 						'label' => $lng['login']['language'],
@@ -135,12 +149,27 @@ return array(
 						'label' => $lng['usersettings']['custom_notes']['show'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
 						'value' => array()
 					)
 				)
 			),
+			'section_cpre' => array(
+				'visible' => !empty($hosting_plans),
+				'title' => $lng['admin']['plans']['use_plan'],
+				'image' => 'icons/user_add.png',
+				'fields' => array(
+					'use_plan' => array(
+						'label' => $lng['admin']['plans']['use_plan'],
+						'type' => 'select',
+						'select_var' => $hosting_plans
+					)
+				)
+			),
 			'section_c' => array(
 				'title' => $lng['admin']['servicedata'],
 				'image' => 'icons/user_add.png',
@@ -149,7 +178,7 @@ return array(
 						'label' => $lng['customer']['diskspace'],
 						'type' => 'textul',
 						'value' => 0,
-						'maxlength' => 6,
+						'maxlength' => 16,
 						'mandatory' => true,
 						'ul_field' => $diskspace_ul
 					),
@@ -157,7 +186,7 @@ return array(
 						'label' => $lng['customer']['traffic'],
 						'type' => 'textul',
 						'value' => 0,
-						'maxlength' => 4,
+						'maxlength' => 14,
 						'mandatory' => true,
 						'ul_field' => $traffic_ul
 					),
@@ -206,18 +235,28 @@ return array(
 						'label' => $lng['customer']['email_imap'],
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
-						'value' => array('1'),
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
+						),
 						'mandatory' => true
 					),
 					'email_pop3' => array(
 						'label' => $lng['customer']['email_pop3'],
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
-						'value' => array('1'),
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
+						),
 						'mandatory' => true
 					),
 					'ftps' => array(
@@ -244,28 +283,51 @@ return array(
 						'ul_field' => $mysqls_ul
 					),
 					'phpenabled' => array(
-						'label' => $lng['admin']['phpenabled'].'?',
+						'label' => $lng['admin']['phpenabled'] . '?',
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
-						'value' => array('1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
+						)
+					),
+					'allowed_phpconfigs' => array(
+						'visible' => (((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) ? true : false),
+						'label' => $lng['admin']['phpsettings']['title'],
+						'type' => 'checkbox',
+						'values' => $phpconfigs,
+						'value' => ((int) Settings::Get('system.mod_fcgid') == 1 ? array(
+							Settings::Get('system.mod_fcgid_defaultini')
+						) : (int) Settings::Get('phpfpm.enabled') == 1 ? array(
+							Settings::Get('phpfpm.defaultini')
+						) : array()),
+						'is_array' => 1
 					),
 					'perlenabled' => array(
-						'label' => $lng['admin']['perlenabled'].'?',
+						'label' => $lng['admin']['perlenabled'] . '?',
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									)
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						)
 					),
 					'dnsenabled' => array(
-						'label' => $lng['admin']['dnsenabled'].'?',
+						'label' => $lng['admin']['dnsenabled'] . '?',
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
 						'visible' => (Settings::Get('system.dnsenabled') == '1' ? true : false)
-					),
+					)
 				)
 			)
 		)
--- a/lib/formfields/admin/customer/formfield.customer_edit.php
+++ b/lib/formfields/admin/customer/formfield.customer_edit.php
@@ -150,6 +150,18 @@ return array(
 					)
 				)
 			),
+			'section_cpre' => array(
+				'visible' => !empty($hosting_plans),
+				'title' => $lng['admin']['plans']['use_plan'],
+				'image' => 'icons/user_add.png',
+				'fields' => array(
+					'use_plan' => array(
+						'label' => $lng['admin']['plans']['use_plan'],
+						'type' => 'select',
+						'select_var' => $hosting_plans
+					)
+				)
+			),
 			'section_c' => array(
 				'title' => $lng['admin']['servicedata'],
 				'image' => 'icons/user_edit.png',
@@ -158,7 +170,7 @@ return array(
 						'label' => $lng['customer']['diskspace'],
 						'type' => 'textul',
 						'value' => $result['diskspace'],
-						'maxlength' => 6,
+						'maxlength' => 16,
 						'mandatory' => true,
 						'ul_field' => $diskspace_ul
 					),
@@ -166,7 +178,7 @@ return array(
 						'label' => $lng['customer']['traffic'],
 						'type' => 'textul',
 						'value' => $result['traffic'],
-						'maxlength' => 4,
+						'maxlength' => 14,
 						'mandatory' => true,
 						'ul_field' => $traffic_ul
 					),
@@ -260,6 +272,14 @@ return array(
 						),
 						'value' => array($result['phpenabled'])
 					),
+					'allowed_phpconfigs' => array(
+						'visible' => (((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) ? true : false),
+						'label' => $lng['admin']['phpsettings']['title'],
+						'type' => 'checkbox',
+						'values' => $phpconfigs,
+						'value' => isset($result['allowed_phpconfigs']) && !empty($result['allowed_phpconfigs']) ? json_decode($result['allowed_phpconfigs'], JSON_OBJECT_AS_ARRAY) : array(),
+						'is_array' => 1
+					),
 					'perlenabled' => array(
 						'label' => $lng['admin']['perlenabled'].'?',
 						'type' => 'checkbox',
--- a/lib/formfields/admin/domains/formfield.domains_add.php
+++ b/lib/formfields/admin/domains/formfield.domains_add.php
@@ -14,7 +14,6 @@
 * @package    Formfields
 *
 */
-
 return array(
 	'domain_add' => array(
 		'title' => $lng['admin']['domain_add'],
@@ -27,20 +26,20 @@ return array(
 					'domain' => array(
 						'label' => 'Domain',
 						'type' => 'text',
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'customerid' => array(
 						'label' => $lng['admin']['customer'],
 						'type' => 'select',
 						'select_var' => $customers,
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'adminid' => array(
 						'visible' => ($userinfo['customers_see_all'] == '1' ? true : false),
 						'label' => $lng['admin']['admin'],
 						'type' => 'select',
 						'select_var' => $admins,
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'alias' => array(
 						'label' => $lng['domains']['aliasdomain'],
@@ -58,9 +57,14 @@ return array(
 						'desc' => $lng['admin']['domain_editable']['desc'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					),
 					'add_date' => array(
 						'label' => $lng['domains']['add_date'],
@@ -101,40 +105,6 @@ return array(
 						'is_array' => 1,
 						'mandatory' => true
 					),
-					'ssl_ipandport' => array(
-						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
-						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
-						'type' => 'checkbox',
-						'values' => $ssl_ipsandports,
-						'value' => '',
-						'is_array' => 1
-					),
-					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
-						'label' => $lng['domains']['ssl_redirect']['title'],
-						'desc' => $lng['domains']['ssl_redirect']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array()
-					),
-					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
-						'label' => $lng['admin']['letsencrypt']['title'],
-						'desc' => $lng['admin']['letsencrypt']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array()
-					),
-					'no_ssl_available_info' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports == '' ? true : false) : false),
-						'label' => 'SSL',
-						'type' => 'label',
-						'value' => $lng['panel']['nosslipsavailable']
-					),
 					'selectserveralias' => array(
 						'label' => $lng['admin']['selectserveralias'],
 						'desc' => $lng['admin']['selectserveralias_desc'],
@@ -146,7 +116,10 @@ return array(
 						'desc' => $lng['admin']['speciallogfile']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
 						'value' => array()
 					),
@@ -158,9 +131,134 @@ return array(
 						'type' => 'textarea',
 						'cols' => 60,
 						'rows' => 12
+					),
+					'notryfiles' => array(
+						'visible' => (Settings::Get('system.webserver') == 'nginx' && $userinfo['change_serversettings'] == '1'),
+						'label' => $lng['admin']['notryfiles']['title'],
+						'desc' => $lng['admin']['notryfiles']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
 					)
 				)
 			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_add.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'fields' => array(
+					'ssl_ipandport' => array(
+						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
+						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
+						'type' => 'checkbox',
+						'values' => $ssl_ipsandports,
+						'value' => '',
+						'is_array' => 1
+					),
+					'ssl_redirect' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+					'letsencrypt' => array(
+						'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+						'label' => $lng['admin']['letsencrypt']['title'],
+						'desc' => $lng['admin']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+					'http2' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false) && Settings::Get('system.webserver') != 'lighttpd' && Settings::Get('system.http2_support') == '1',
+						'label' => $lng['admin']['domain_http2']['title'],
+						'desc' => $lng['admin']['domain_http2']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array (
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+					'no_ssl_available_info' => array(
+						'visible' => ($ssl_ipsandports == '' ? true : false),
+						'label' => 'SSL',
+						'type' => 'label',
+						'value' => $lng['panel']['nosslipsavailable']
+					),
+					'hsts_maxage' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => 0
+					),
+					'hsts_sub' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+					'hsts_preload' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+					'ocsp_stapling' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false) &&
+								Settings::Get('system.webserver') != 'lighttpd',
+						'label' => $lng['admin']['domain_ocsp_stapling']['title'],
+						'desc' => $lng['admin']['domain_ocsp_stapling']['description'] .
+								(Settings::Get('system.webserver') == 'nginx' ?
+								$lng['admin']['domain_ocsp_stapling']['nginx_version_warning'] :
+								""),
+						'type' => 'checkbox',
+						'values' => array(
+							array (
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+				)
+			),
 			'section_c' => array(
 				'title' => $lng['admin']['phpserversettings'],
 				'image' => 'icons/domain_add.png',
@@ -170,23 +268,41 @@ return array(
 						'label' => 'OpenBasedir',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
+					),
+					'phpenabled' => array(
+						'label' => $lng['admin']['phpenabled'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
+						)
 					),
 					'phpsettingid' => array(
-						'visible' => (((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) ? true : false),
+						'visible' => (((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) ? true : false),
 						'label' => $lng['admin']['phpsettings']['title'],
 						'type' => 'select',
 						'select_var' => $phpconfigs
 					),
 					'mod_fcgid_starter' => array(
-						'visible' => ((int)Settings::Get('system.mod_fcgid') == 1 ? true : false),
+						'visible' => ((int) Settings::Get('system.mod_fcgid') == 1 ? true : false),
 						'label' => $lng['admin']['mod_fcgid_starter']['title'],
 						'type' => 'text'
 					),
 					'mod_fcgid_maxrequests' => array(
-						'visible' => ((int)Settings::Get('system.mod_fcgid') == 1 ? true : false),
+						'visible' => ((int) Settings::Get('system.mod_fcgid') == 1 ? true : false),
 						'label' => $lng['admin']['mod_fcgid_maxrequests']['title'],
 						'type' => 'text'
 					)
@@ -201,9 +317,14 @@ return array(
 						'label' => 'Nameserver',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					),
 					'zonefile' => array(
 						'label' => 'Zonefile',
@@ -220,15 +341,23 @@ return array(
 						'label' => $lng['admin']['emaildomain'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					),
 					'email_only' => array(
 						'label' => $lng['admin']['email_only'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
 						'value' => array()
 					),
@@ -242,9 +371,14 @@ return array(
 						'label' => 'DomainKeys',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					)
 				)
 			)
--- a/lib/formfields/admin/domains/formfield.domains_edit.php
+++ b/lib/formfields/admin/domains/formfield.domains_edit.php
@@ -14,7 +14,6 @@
 * @package    Formfields
 *
 */
-
 return array(
 	'domain_edit' => array(
 		'title' => $lng['admin']['domain_edit'],
@@ -28,14 +27,14 @@ return array(
 						'label' => 'Domain',
 						'type' => 'label',
 						'value' => $result['domain'],
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'customerid' => array(
 						'label' => $lng['admin']['customer'],
 						'type' => (Settings::Get('panel.allow_domain_change_customer') == '1' ? 'select' : 'label'),
 						'select_var' => (isset($customers) ? $customers : null),
 						'value' => (isset($result['customername']) ? $result['customername'] : null),
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'adminid' => array(
 						'visible' => ($userinfo['customers_see_all'] == '1' ? true : false),
@@ -43,7 +42,7 @@ return array(
 						'type' => (Settings::Get('panel.allow_domain_change_admin') == '1' ? 'select' : 'label'),
 						'select_var' => (isset($admins) ? $admins : null),
 						'value' => (isset($result['adminname']) ? $result['adminname'] : null),
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'alias' => array(
 						'visible' => ($alias_check == '0' ? true : false),
@@ -60,16 +59,21 @@ return array(
 					'associated_info' => array(
 						'label' => $lng['domains']['associated_with_domain'],
 						'type' => 'label',
-						'value' => $subdomains.' '.$lng['customer']['subdomains'].', '.$alias_check.' '.$lng['domains']['aliasdomains'].', '.$emails.' '.$lng['customer']['emails'].', '.$email_accounts.' '.$lng['customer']['accounts'].', '.$email_forwarders.' '.$lng['customer']['forwarders']
+						'value' => $subdomains . ' ' . $lng['customer']['subdomains'] . ', ' . $alias_check . ' ' . $lng['domains']['aliasdomains'] . ', ' . $emails . ' ' . $lng['customer']['emails'] . ', ' . $email_accounts . ' ' . $lng['customer']['accounts'] . ', ' . $email_forwarders . ' ' . $lng['customer']['forwarders']
 					),
 					'caneditdomain' => array(
 						'label' => $lng['admin']['domain_editable']['title'],
 						'desc' => $lng['admin']['domain_editable']['desc'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['caneditdomain'])
+						'value' => array(
+							$result['caneditdomain']
+						)
 					),
 					'add_date' => array(
 						'label' => $lng['domains']['add_date'],
@@ -113,40 +117,6 @@ return array(
 						'is_array' => 1,
 						'mandatory' => true
 					),
-					'ssl_ipandport' => array(
-						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
-						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
-						'type' => 'checkbox',
-						'values' => $ssl_ipsandports,
-						'value' => $usedips,
-						'is_array' => 1
-					),
-					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
-						'label' => $lng['domains']['ssl_redirect']['title'],
-						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array($result['ssl_redirect'])
-					),
-					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
-						'label' => $lng['admin']['letsencrypt']['title'],
-						'desc' => $lng['admin']['letsencrypt']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array($result['letsencrypt'])
-					),
-					'no_ssl_available_info' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports == '' ? true : false) : false),
-						'label' => 'SSL',
-						'type' => 'label',
-						'value' => $lng['panel']['nosslipsavailable']
-					),
 					'selectserveralias' => array(
 						'label' => $lng['admin']['selectserveralias'],
 						'desc' => $lng['admin']['selectserveralias_desc'],
@@ -158,9 +128,14 @@ return array(
 						'desc' => $lng['admin']['speciallogfile']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['speciallogfile'])
+						'value' => array(
+							$result['speciallogfile']
+						)
 					),
 					'specialsettings' => array(
 						'visible' => ($userinfo['change_serversettings'] == '1' ? true : false),
@@ -178,12 +153,156 @@ return array(
 						'desc' => $lng['serversettings']['specialsettingsforsubdomains']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
+					),
+					'notryfiles' => array(
+						'visible' => (Settings::Get('system.webserver') == 'nginx' && $userinfo['change_serversettings'] == '1'),
+						'label' => $lng['admin']['notryfiles']['title'],
+						'desc' => $lng['admin']['notryfiles']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['notryfiles']
+						)
 					)
 				)
 			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_edit.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'fields' => array(
+					'ssl_ipandport' => array(
+						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
+						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
+						'type' => 'checkbox',
+						'values' => $ssl_ipsandports,
+						'value' => $usedips,
+						'is_array' => 1
+					),
+					'ssl_redirect' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['ssl_redirect']
+						)
+					),
+					'letsencrypt' => array(
+						'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+						'label' => $lng['admin']['letsencrypt']['title'],
+						'desc' => $lng['admin']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['letsencrypt']
+						)
+					),
+					'http2' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false) && Settings::Get('system.webserver') != 'lighttpd' && Settings::Get('system.http2_support') == '1',
+						'label' => $lng['admin']['domain_http2']['title'],
+						'desc' => $lng['admin']['domain_http2']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array (
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['http2']
+						)
+					),
+					'no_ssl_available_info' => array(
+						'visible' => ($ssl_ipsandports == '' ? true : false),
+						'label' => 'SSL',
+						'type' => 'label',
+						'value' => $lng['panel']['nosslipsavailable']
+					),
+					'hsts_maxage' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => $result['hsts']
+					),
+					'hsts_sub' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['hsts_sub']
+						)
+					),
+					'hsts_preload' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['hsts_preload']
+						)
+					),
+					'ocsp_stapling' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false) &&
+								Settings::Get('system.webserver') != 'lighttpd',
+						'label' => $lng['admin']['domain_ocsp_stapling']['title'],
+						'desc' => $lng['admin']['domain_ocsp_stapling']['description'] .
+								(Settings::Get('system.webserver') == 'nginx' ?
+								$lng['admin']['domain_ocsp_stapling']['nginx_version_warning'] :
+								""),
+						'type' => 'checkbox',
+						'values' => array(
+							array (
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['ocsp_stapling']
+						)
+					),
+				)
+			),
 			'section_c' => array(
 				'title' => $lng['admin']['phpserversettings'],
 				'image' => 'icons/domain_edit.png',
@@ -193,27 +312,60 @@ return array(
 						'label' => 'OpenBasedir',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['openbasedir'])
+						'value' => array(
+							$result['openbasedir']
+						)
+					),
+					'phpenabled' => array(
+						'label' => $lng['admin']['phpenabled'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['phpenabled']
+						)
 					),
 					'phpsettingid' => array(
-						'visible' => (((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) ? true : false),
+						'visible' => (((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) ? true : false),
 						'label' => $lng['admin']['phpsettings']['title'],
 						'type' => 'select',
 						'select_var' => $phpconfigs
 					),
+					'phpsettingsforsubdomains' => array(
+						'visible' => ($userinfo['change_serversettings'] == '1' ? true : false),
+						'label' => $lng['admin']['phpsettingsforsubdomains'],
+						'desc' => $lng['serversettings']['phpsettingsforsubdomains']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
+						)
+					),
 					'mod_fcgid_starter' => array(
-						'visible' => ((int)Settings::Get('system.mod_fcgid') == 1 ? true : false),
+						'visible' => ((int) Settings::Get('system.mod_fcgid') == 1 ? true : false),
 						'label' => $lng['admin']['mod_fcgid_starter']['title'],
 						'type' => 'text',
-						'value' => ((int)$result['mod_fcgid_starter'] != - 1 ? $result['mod_fcgid_starter'] : '')
+						'value' => ((int) $result['mod_fcgid_starter'] != - 1 ? $result['mod_fcgid_starter'] : '')
 					),
 					'mod_fcgid_maxrequests' => array(
-						'visible' => ((int)Settings::Get('system.mod_fcgid') == 1 ? true : false),
+						'visible' => ((int) Settings::Get('system.mod_fcgid') == 1 ? true : false),
 						'label' => $lng['admin']['mod_fcgid_maxrequests']['title'],
 						'type' => 'text',
-						'value' => ((int)$result['mod_fcgid_maxrequests'] != - 1 ? $result['mod_fcgid_maxrequests'] : '')
+						'value' => ((int) $result['mod_fcgid_maxrequests'] != - 1 ? $result['mod_fcgid_maxrequests'] : '')
 					)
 				)
 			),
@@ -226,9 +378,14 @@ return array(
 						'label' => 'Nameserver',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['isbinddomain'])
+						'value' => array(
+							$result['isbinddomain']
+						)
 					),
 					'zonefile' => array(
 						'label' => 'Zonefile',
@@ -246,17 +403,27 @@ return array(
 						'label' => $lng['admin']['emaildomain'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['isemaildomain'])
+						'value' => array(
+							$result['isemaildomain']
+						)
 					),
 					'email_only' => array(
 						'label' => $lng['admin']['email_only'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['email_only'])
+						'value' => array(
+							$result['email_only']
+						)
 					),
 					'subcanemaildomain' => array(
 						'label' => $lng['admin']['subdomainforemail'],
@@ -268,9 +435,14 @@ return array(
 						'label' => 'DomainKeys',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['dkim'])
+						'value' => array(
+							$result['dkim']
+						)
 					)
 				)
 			)
--- a/lib/formfields/admin/ipsandports/formfield.ipsandports_add.php
+++ b/lib/formfields/admin/ipsandports/formfield.ipsandports_add.php
@@ -49,7 +49,7 @@ return array(
 						'value' => array('1')
 					),
 					'namevirtualhost_statement' => array(
-						'visible' => $is_apache,
+						'visible' => $is_apache && !$is_apache24,
 						'label' => $lng['admin']['ipsandports']['create_namevirtualhost_statement'],
 						'type' => 'checkbox',
 						'values' => array(
--- a/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php
+++ b/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php
@@ -51,7 +51,7 @@ return array(
 						'value' => array($result['listen_statement'])
 					),
 					'namevirtualhost_statement' => array(
-						'visible' => $is_apache,
+						'visible' => $is_apache && !$is_apache24,
 						'label' => $lng['admin']['ipsandports']['create_namevirtualhost_statement'],
 						'type' => 'checkbox',
 						'values' => array(
--- a/lib/formfields/admin/phpconfig/formfield.fpmconfig_add.php
+++ b/lib/formfields/admin/phpconfig/formfield.fpmconfig_add.php
@@ -0,0 +1,95 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Formfields
+ *
+ */
+
+return array(
+	'fpmconfig_add' => array(
+		'title' => $lng['admin']['phpsettings']['addsettings'],
+		'image' => 'icons/phpsettings_add.png',
+		'sections' => array(
+			'section_a' => array(
+				'title' => $lng['admin']['phpsettings']['addsettings'],
+				'image' => 'icons/phpsettings_add.png',
+				'fields' => array(
+					'description' => array(
+						'label' => $lng['admin']['phpsettings']['description'],
+						'type' => 'text',
+						'maxlength' => 50
+					),
+					'reload_cmd' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['reload'],
+						'type' => 'text',
+						'maxlength' => 255,
+						'value' => 'service php7.0-fpm restart'
+					),
+					'config_dir' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['configdir'],
+						'type' => 'text',
+						'maxlength' => 255,
+						'value' => '/etc/php/7.0/fpm/pool.d/'
+					),
+					'pm' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['pm'],
+						'type' => 'select',
+						'select_var' => $pm_select
+					),
+					'max_children' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['max_children']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_children']['description'],
+						'type' => 'int',
+						'value' => 1
+					),
+					'start_servers' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['start_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['start_servers']['description'],
+						'type' => 'int',
+						'value' => 20
+					),
+					'min_spare_servers' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['min_spare_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['min_spare_servers']['description'],
+						'type' => 'int',
+						'value' => 5
+					),
+					'max_spare_servers' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['max_spare_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_spare_servers']['description'],
+						'type' => 'int',
+						'value' => 35
+					),
+					'max_requests' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['max_requests']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_requests']['description'],
+						'type' => 'int',
+						'value' => 0
+					),
+					'idle_timeout' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['idle_timeout']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['idle_timeout']['description'],
+						'type' => 'int',
+						'value' => 30
+					),
+					'limit_extensions' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['limit_extensions']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['limit_extensions']['description'],
+						'type' => 'text',
+						'value' => '.php'
+					)
+				)
+			)
+		)
+	)
+);
--- a/lib/formfields/admin/phpconfig/formfield.fpmconfig_edit.php
+++ b/lib/formfields/admin/phpconfig/formfield.fpmconfig_edit.php
@@ -0,0 +1,96 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Formfields
+ *
+ */
+
+return array(
+	'fpmconfig_edit' => array(
+		'title' => $lng['admin']['phpsettings']['editsettings'],
+		'image' => 'icons/phpsettings_edit.png',
+		'sections' => array(
+			'section_a' => array(
+				'title' => $lng['admin']['phpsettings']['editsettings'],
+				'image' => 'icons/phpsettings_edit.png',
+				'fields' => array(
+					'description' => array(
+						'label' => $lng['admin']['phpsettings']['description'],
+						'type' => 'text',
+						'maxlength' => 50,
+						'value' => $result['description']
+					),
+					'reload_cmd' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['reload'],
+						'type' => 'text',
+						'maxlength' => 255,
+						'value' => $result['reload_cmd']
+					),
+					'config_dir' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['configdir'],
+						'type' => 'text',
+						'maxlength' => 255,
+						'value' => $result['config_dir']
+					),
+					'pm' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['pm'],
+						'type' => 'select',
+						'select_var' => $pm_select
+					),
+					'max_children' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['max_children']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_children']['description'],
+						'type' => 'int',
+						'value' => $result['max_children']
+					),
+					'start_servers' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['start_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['start_servers']['description'],
+						'type' => 'int',
+						'value' => $result['start_servers']
+					),
+					'min_spare_servers' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['min_spare_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['min_spare_servers']['description'],
+						'type' => 'int',
+						'value' => $result['min_spare_servers']
+					),
+					'max_spare_servers' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['max_spare_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_spare_servers']['description'],
+						'type' => 'int',
+						'value' => $result['max_spare_servers']
+					),
+					'max_requests' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['max_requests']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_requests']['description'],
+						'type' => 'int',
+						'value' => $result['max_requests']
+					),
+					'idle_timeout' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['idle_timeout']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['idle_timeout']['description'],
+						'type' => 'int',
+						'value' => $result['idle_timeout']
+					),
+					'limit_extensions' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['limit_extensions']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['limit_extensions']['description'],
+						'type' => 'text',
+						'value' => $result['limit_extensions']
+					)
+				)
+			)
+		)
+	)
+);
--- a/lib/formfields/admin/phpconfig/formfield.phpconfig_add.php
+++ b/lib/formfields/admin/phpconfig/formfield.phpconfig_add.php
@@ -36,6 +36,12 @@ return array(
 						'maxlength' => 255,
 						'value' => '/usr/bin/php-cgi'
 					),
+					'fpmconfig' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['admin']['phpsettings']['fpmdesc'],
+						'type' => 'select',
+						'select_var' => $fpmconfigs
+					),
 					'file_extensions' => array(
 						'visible' => (Settings::Get('system.mod_fcgid') == 1 ? true : false),
 						'label' => $lng['admin']['phpsettings']['file_extensions'],
@@ -84,6 +90,79 @@ return array(
 						'maxlength' => 10,
 						'value' => '5s'
 					),
+					'phpfpm_pass_authorizationheader' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['admin']['phpsettings']['pass_authorizationheader'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'override_fpmconfig' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['override_fpmconfig'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'pm' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['serversettings']['phpfpm_settings']['pm'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['override_fpmconfig_addinfo'],
+						'type' => 'select',
+						'select_var' => $pm_select
+					),
+					'max_children' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['serversettings']['phpfpm_settings']['max_children']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_children']['description'].$lng['serversettings']['phpfpm_settings']['override_fpmconfig_addinfo'],
+						'type' => 'int',
+						'value' => 1
+					),
+					'start_servers' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['serversettings']['phpfpm_settings']['start_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['start_servers']['description'].$lng['serversettings']['phpfpm_settings']['override_fpmconfig_addinfo'],
+						'type' => 'int',
+						'value' => 20
+					),
+					'min_spare_servers' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['serversettings']['phpfpm_settings']['min_spare_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['min_spare_servers']['description'].$lng['serversettings']['phpfpm_settings']['override_fpmconfig_addinfo'],
+						'type' => 'int',
+						'value' => 5
+					),
+					'max_spare_servers' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['serversettings']['phpfpm_settings']['max_spare_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_spare_servers']['description'].$lng['serversettings']['phpfpm_settings']['override_fpmconfig_addinfo'],
+						'type' => 'int',
+						'value' => 35
+					),
+					'max_requests' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['serversettings']['phpfpm_settings']['max_requests']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_requests']['description'].$lng['serversettings']['phpfpm_settings']['override_fpmconfig_addinfo'],
+						'type' => 'int',
+						'value' => 0
+					),
+					'idle_timeout' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['serversettings']['phpfpm_settings']['idle_timeout']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['idle_timeout']['description'].$lng['serversettings']['phpfpm_settings']['override_fpmconfig_addinfo'],
+						'type' => 'int',
+						'value' => 30
+					),
+					'limit_extensions' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['serversettings']['phpfpm_settings']['limit_extensions']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['limit_extensions']['description'].$lng['serversettings']['phpfpm_settings']['override_fpmconfig_addinfo'],
+						'type' => 'text',
+						'value' => '.php'
+					),
 					'phpsettings' => array(
 						'style' => 'align-top',
 						'label' => $lng['admin']['phpsettings']['phpinisettings'],
--- a/lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php
+++ b/lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php
@@ -37,6 +37,12 @@ return array(
 						'maxlength' => 255,
 						'value' => $result['binary']
 					),
+					'fpmconfig' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['admin']['phpsettings']['fpmdesc'],
+						'type' => 'select',
+						'select_var' => $fpmconfigs
+					),
 					'file_extensions' => array(
 						'visible' => (Settings::Get('system.mod_fcgid') == 1 ? true : false),
 						'label' => $lng['admin']['phpsettings']['file_extensions'],
@@ -87,6 +93,79 @@ return array(
 						'maxlength' => 10,
 						'value' => $result['fpm_reqslow']
 					),
+					'phpfpm_pass_authorizationheader' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['admin']['phpsettings']['pass_authorizationheader'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['pass_authorizationheader'])
+					),
+					'override_fpmconfig' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['override_fpmconfig'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['override_fpmconfig'])
+					),
+					'pm' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['serversettings']['phpfpm_settings']['pm'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['override_fpmconfig_addinfo'],
+						'type' => 'select',
+						'select_var' => $pm_select
+					),
+					'max_children' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['serversettings']['phpfpm_settings']['max_children']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_children']['description'].$lng['serversettings']['phpfpm_settings']['override_fpmconfig_addinfo'],
+						'type' => 'int',
+						'value' => $result['max_children']
+					),
+					'start_servers' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['serversettings']['phpfpm_settings']['start_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['start_servers']['description'].$lng['serversettings']['phpfpm_settings']['override_fpmconfig_addinfo'],
+						'type' => 'int',
+						'value' => $result['start_servers']
+					),
+					'min_spare_servers' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['serversettings']['phpfpm_settings']['min_spare_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['min_spare_servers']['description'].$lng['serversettings']['phpfpm_settings']['override_fpmconfig_addinfo'],
+						'type' => 'int',
+						'value' => $result['min_spare_servers']
+					),
+					'max_spare_servers' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['serversettings']['phpfpm_settings']['max_spare_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_spare_servers']['description'].$lng['serversettings']['phpfpm_settings']['override_fpmconfig_addinfo'],
+						'type' => 'int',
+						'value' => $result['max_spare_servers']
+					),
+					'max_requests' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['serversettings']['phpfpm_settings']['max_requests']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_requests']['description'].$lng['serversettings']['phpfpm_settings']['override_fpmconfig_addinfo'],
+						'type' => 'int',
+						'value' => $result['max_requests']
+					),
+					'idle_timeout' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['serversettings']['phpfpm_settings']['idle_timeout']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['idle_timeout']['description'].$lng['serversettings']['phpfpm_settings']['override_fpmconfig_addinfo'],
+						'type' => 'int',
+						'value' => $result['idle_timeout']
+					),
+					'limit_extensions' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['serversettings']['phpfpm_settings']['limit_extensions']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['limit_extensions']['description'].$lng['serversettings']['phpfpm_settings']['override_fpmconfig_addinfo'],
+						'type' => 'text',
+						'value' => $result['limit_extensions']
+					),
 					'phpsettings' => array(
 						'style' => 'align-top',
 						'label' => $lng['admin']['phpsettings']['phpinisettings'],
--- a/lib/formfields/admin/plans/formfield.plans_add.php
+++ b/lib/formfields/admin/plans/formfield.plans_add.php
@@ -0,0 +1,41 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Formfields
+ *
+ */
+
+return array(
+	'plans_add' => array(
+		'title' => $lng['admin']['plans']['add'],
+		'image' => 'icons/templates_add_big.png',
+		'sections' => array(
+			'section_a' => array(
+				'title' => $lng['admin']['plans']['plan_details'],
+				'image' => 'icons/templates_add_big.png',
+				'fields' => array(
+					'name' => array(
+						'label' => $lng['admin']['plans']['name'],
+						'type' => 'text'
+					),
+					'description' => array(
+						'label' => $lng['admin']['plans']['description'],
+						'type' => 'textarea',
+						'cols' => 60,
+						'rows' => 12
+					)
+				)
+			)
+		)
+	)
+);
--- a/lib/formfields/admin/plans/formfield.plans_edit.php
+++ b/lib/formfields/admin/plans/formfield.plans_edit.php
@@ -0,0 +1,43 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Formfields
+ *
+ */
+
+return array(
+	'plans_edit' => array(
+		'title' => $lng['admin']['plans']['edit'],
+		'image' => 'icons/templates_edit_big.png',
+		'sections' => array(
+			'section_a' => array(
+				'title' => $lng['admin']['plans']['plan_details'],
+				'image' => 'icons/templates_edit_big.png',
+				'fields' => array(
+					'name' => array(
+						'label' => $lng['admin']['plans']['name'],
+						'type' => 'text',
+						'value' => $result['name']
+					),
+					'description' => array(
+						'label' => $lng['admin']['plans']['description'],
+						'type' => 'textarea',
+						'cols' => 60,
+						'rows' => 12,
+						'value' => $result['description']
+					)
+				)
+			)
+		)
+	)
+);
--- a/lib/formfields/customer/domains/formfield.domains_add.php
+++ b/lib/formfields/customer/domains/formfield.domains_add.php
@@ -54,7 +54,7 @@ return array(
 						'type' => 'text'
 					),
 					'redirectcode' => array(
-						'visible' => ((Settings::Get('system.webserver') == 'apache2' && Settings::Get('customredirect.enabled') == '1') ? true : false),
+						'visible' => (Settings::Get('customredirect.enabled') == '1' ? true : false),
 						'label' => $lng['domains']['redirectifpathisurl'],
 						'desc' => $lng['domains']['redirectifpathisurlinfo'],
 						'type' => 'select',
@@ -66,33 +66,71 @@ return array(
 						'type' => 'label',
 						'value' => $lng['customer']['selectserveralias_addinfo']
 					),
-					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
-						'label' => $lng['domains']['ssl_redirect']['title'],
-						'desc' => $lng['domains']['ssl_redirect']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
-						'value' => array()
-					),
-					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
-						'label' => $lng['customer']['letsencrypt']['title'],
-						'desc' => $lng['customer']['letsencrypt']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
-						'value' => array()
-					),
 					'openbasedir_path' => array(
 						'label' => $lng['domain']['openbasedirpath'],
 						'type' => 'select',
 						'select_var' => $openbasedir
+					),
+					'phpsettingid' => array(
+						'visible' => (((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) && $has_phpconfigs ? true : false),
+						'label' => $lng['admin']['phpsettings']['title'],
+						'type' => 'select',
+						'select_var' => $phpconfigs
 					)
 				)
-			)
+			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_add.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false,
+				'fields' => array(
+					'ssl_redirect' => array(
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'letsencrypt' => array(
+						'visible' => (Settings::Get('system.leenabled') == '1' ? true : false),
+						'label' => $lng['customer']['letsencrypt']['title'],
+						'desc' => $lng['customer']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'hsts_maxage' => array(
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => 0
+					),
+					'hsts_sub' => array(
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'hsts_preload' => array(
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+				),
+			),
 		)
 	)
 );
--- a/lib/formfields/customer/domains/formfield.domains_edit.php
+++ b/lib/formfields/customer/domains/formfield.domains_edit.php
@@ -54,7 +54,7 @@ return array(
 						'value' => $urlvalue
 					),
 					'redirectcode' => array(
-						'visible' => ((Settings::Get('system.webserver') == 'apache2' && Settings::Get('customredirect.enabled') == '1') ? true : false),
+						'visible' => (Settings::Get('customredirect.enabled') == '1' ? true : false),
 						'label' => $lng['domains']['redirectifpathisurl'],
 						'desc' => $lng['domains']['redirectifpathisurlinfo'],
 						'type' => 'select',
@@ -76,34 +76,72 @@ return array(
 									),
 						'value' => array($result['isemaildomain'])
 					),
-					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false),
-						'label' => $lng['domains']['ssl_redirect']['title'],
-						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
-						'type' => 'checkbox',
-						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
-						'value' => array($result['ssl_redirect'])
-					),
-					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false) : false),
-						'label' => $lng['customer']['letsencrypt']['title'],
-						'desc' => $lng['customer']['letsencrypt']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
-						'value' => array($result['letsencrypt'])
-					),
 					'openbasedir_path' => array(
 						'visible' => ($result['openbasedir'] == '1') ? true : false,
 						'label' => $lng['domain']['openbasedirpath'],
 						'type' => 'select',
 						'select_var' => $openbasedir
+					),
+					'phpsettingid' => array(
+						'visible' => (((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) && $has_phpconfigs ? true : false),
+						'label' => $lng['admin']['phpsettings']['title'],
+						'type' => 'select',
+						'select_var' => $phpconfigs
 					)
 				)
-			)
+			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_edit.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false,
+				'fields' => array(
+					'ssl_redirect' => array(
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['ssl_redirect'])
+					),
+					'letsencrypt' => array(
+						'visible' => Settings::Get('system.leenabled') == '1' ? true : false,
+						'label' => $lng['customer']['letsencrypt']['title'],
+						'desc' => $lng['customer']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['letsencrypt'])
+					),
+					'hsts_maxage' => array(
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => $result['hsts']
+					),
+					'hsts_sub' => array(
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['hsts_sub'])
+					),
+					'hsts_preload' => array(
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['hsts_preload'])
+					),
+				)
+			),
 		)
 	)
 );
--- a/lib/formfields/customer/extras/formfield.backup.php
+++ b/lib/formfields/customer/extras/formfield.backup.php
@@ -24,8 +24,8 @@ return array(
 				'image' => 'icons/backup_big.png',
 				'fields' => array(
 					'path' => array(
-						'label' => $lng['panel']['path'],
-						'desc' => (Settings::Get('panel.pathedit') != 'Dropdown' ? $lng['panel']['pathDescription'] : null).(isset($pathSelect['note']) ? '<br />'.$pathSelect['value'] : ''),
+						'label' => $lng['panel']['backuppath']['title'],
+						'desc' => $lng['panel']['backuppath']['description'].'<br>'.(Settings::Get('panel.pathedit') != 'Dropdown' ? $lng['panel']['pathDescription'] : null).(isset($pathSelect['note']) ? '<br />'.$pathSelect['value'] : ''),
 						'type' => $pathSelect['type'],
 						'select_var' => $pathSelect['value'],
 						'value' => $pathSelect['value']
--- a/lib/formfields/customer/ftp/formfield.ftp_add.php
+++ b/lib/formfields/customer/ftp/formfield.ftp_add.php
@@ -64,6 +64,12 @@ return array(
 									),
 						'value' => array()
 					),
+					'shell' => array(
+						'visible' => (Settings::Get('system.allow_customer_shell') == '1' ? true : false),
+						'label' => $lng['panel']['shell'],
+						'type' => 'select',
+						'select_var' => (isset($shells) ? $shells : ""),
+					)
 				)
 			)
 		)
--- a/lib/formfields/customer/ftp/formfield.ftp_edit.php
+++ b/lib/formfields/customer/ftp/formfield.ftp_edit.php
@@ -51,6 +51,12 @@ return array(
 						'type' => 'text',
 						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
+					),
+					'shell' => array(
+						'visible' => (Settings::Get('system.allow_customer_shell') == '1' ? true : false),
+						'label' => $lng['panel']['shell'],
+						'type' => 'select',
+						'select_var' => (isset($shells) ? $shells : ""),
 					)
 				)
 			)
--- a/lib/functions/dns/function.createDomainZone.php
+++ b/lib/functions/dns/function.createDomainZone.php
@@ -55,8 +55,8 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo
 	if ($domain['isemaildomain'] === '1') {
 		addRequiredEntry('@', 'MX', $required_entries);
 		if (Settings::Get('system.dns_createmailentry')) {
-			foreach(['imap', 'pop3', 'mail', 'smtp'] as $record) {
-				foreach(['AAAA', 'A'] as $type) {
+			foreach(array('imap', 'pop3', 'mail', 'smtp') as $record) {
+				foreach(array('AAAA', 'A') as $type) {
 					addRequiredEntry($record, $type, $required_entries);
 				}
 			}
@@ -205,6 +205,7 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo
 			if (Settings::Get('system.mxservers') != '') {
 				$mxservers = explode(',', Settings::Get('system.mxservers'));
 				foreach ($mxservers as $mxserver) {
+					$mxserver = trim($mxserver);
 					if (substr($mxserver, - 1, 1) != '.') {
 						$mxserver .= '.';
 					}
@@ -274,13 +275,11 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo
 			Database::pexecute($upd_stmt, array('serial' => $domain['bindserial'], 'id' => $domain['id']));
 		}

-		$soa_content = $primary_ns . " " . escapeSoaAdminMail(Settings::Get('panel.adminmail')) . " (" . PHP_EOL;
-		$soa_content .= $domain['bindserial'] . "\t; serial" . PHP_EOL;
+		// PowerDNS does not like multi-line-format
+		$soa_content = $primary_ns . " " . escapeSoaAdminMail(Settings::Get('panel.adminmail')) . " ";
+		$soa_content .= $domain['bindserial'] . " ";
 		// TODO for now, dummy time-periods
-		$soa_content .= "1800\t; refresh (30 mins)" . PHP_EOL;
-		$soa_content .= "900\t; retry (15 mins)" . PHP_EOL;
-		$soa_content .= "604800\t; expire (7 days)" . PHP_EOL;
-		$soa_content .= "1200\t)\t; minimum (20 mins)";
+		$soa_content .= "3600 900 604800 1200";

 		$soa_record = new DnsEntry('@', 'SOA', $soa_content);
 		array_unshift($zonerecords, $soa_record);
--- a/lib/functions/dns/function.generateDkimEntries.php
+++ b/lib/functions/dns/function.generateDkimEntries.php
@@ -54,20 +54,8 @@ function generateDkimEntries($domain)
 		// end-part
 		$dkim_txt .= 't=s';

-		if (Settings::Get('system.dns_server') == 'pdns') {
-			// PowerDNS does not need/want splitted content
-			$txt_record_split = $dkim_txt;
-		} else {
-			// split if necessary
-			$txt_record_split = '';
-			$lbr = 50;
-			for ($pos = 0; $pos <= strlen($dkim_txt) - 1; $pos += $lbr) {
-				$txt_record_split .= (($pos == 0) ? '("' : "\t\t\t\t\t \"") . substr($dkim_txt, $pos, $lbr) . (($pos >= strlen($dkim_txt) - $lbr) ? '")' : '"') . "\n";
-			}
-		}
-
 		// dkim-entry
-		$zone_dkim[] = $txt_record_split;
+		$zone_dkim[] = $dkim_txt;

 		// adsp-entry
 		if (Settings::Get('dkim.dkim_add_adsp') == "1") {
--- a/lib/functions/filedir/function.findDirs.php
+++ b/lib/functions/filedir/function.findDirs.php
@@ -17,27 +17,57 @@
 *
 */

+
 /**
 * Returns an array of found directories
 *
 * This function checks every found directory if they match either $uid or $gid, if they do
 * the found directory is valid. It uses recursive-iterators to find subdirectories.
 *
- * @param  string $path the path to start searching in
- * @param  int $uid the uid which must match the found directories
- * @param  int $gid the gid which must match the found direcotries
+ * @param string $path
+ *        	the path to start searching in
+ * @param int $uid
+ *        	the uid which must match the found directories
+ * @param int $gid
+ *        	the gid which must match the found direcotries
 *
 * @return array Array of found valid paths
 */
-function findDirs($path, $uid, $gid) {
-
-	$_fileList = array ();
+function findDirs($path, $uid, $gid)
+{
+	$_fileList = array();
 	$path = makeCorrectDir($path);

 	// valid directory?
 	if (is_dir($path)) {
+
+		// Will exclude everything under these directories
+		$exclude = array(
+			'awstats',
+			'webalizer'
+		);
+
+		/**
+		 *
+		 * @param SplFileInfo $file
+		 * @param mixed $key
+		 * @param RecursiveCallbackFilterIterator $iterator
+		 * @return bool True if you need to recurse or if the item is acceptable
+		 */
+		$filter = function ($file, $key, $iterator) use ($exclude) {
+			if (in_array($file->getFilename(), $exclude)) {
+				return false;
+			}
+			return true;
+		};
+
 		// create RecursiveIteratorIterator
-		$its = new RecursiveIteratorIterator(new IgnorantRecursiveDirectoryIterator($path));
+		$its = new RecursiveIteratorIterator(
+			new RecursiveCallbackFilterIterator(
+				new IgnorantRecursiveDirectoryIterator($path, RecursiveDirectoryIterator::SKIP_DOTS),
+				$filter
+			)
+		);
 		// we can limit the recursion-depth, but will it be helpful or
 		// will people start asking "why do I only see 2 subdirectories, i want to use /a/b/c"
 		// let's keep this in mind and see whether it will be useful
@@ -50,24 +80,27 @@ function findDirs($path, $uid, $gid) {
 				$_fileList[] = makeCorrectDir(dirname($fullFileName));
 			}
 		}
+		$_fileList[] = $path;
 	}

 	return array_unique($_fileList);
-
 }

 /**
-* If you use RecursiveDirectoryIterator with RecursiveIteratorIterator and run
-* into UnexpectedValueException you may use this little hack to ignore those
-* directories, such as lost+found on linux.
-* (User "antennen" @ http://php.net/manual/en/class.recursivedirectoryiterator.php#101654)
-**/
-class IgnorantRecursiveDirectoryIterator extends RecursiveDirectoryIterator {
-    function getChildren() {
-        try {
-            return new IgnorantRecursiveDirectoryIterator($this->getPathname());
-        } catch(UnexpectedValueException $e) {
-            return new RecursiveArrayIterator(array());
-        }
-    }
+ * If you use RecursiveDirectoryIterator with RecursiveIteratorIterator and run
+ * into UnexpectedValueException you may use this little hack to ignore those
+ * directories, such as lost+found on linux.
+ * (User "antennen" @ http://php.net/manual/en/class.recursivedirectoryiterator.php#101654)
+ */
+class IgnorantRecursiveDirectoryIterator extends RecursiveDirectoryIterator
+{
+
+	function getChildren()
+	{
+		try {
+			return new IgnorantRecursiveDirectoryIterator($this->getPathname());
+		} catch (UnexpectedValueException $e) {
+			return new RecursiveArrayIterator(array());
+		}
+	}
 }
--- a/Show More
+++ b/Show More