set version to 0.9.38-rc2 for second release candidate

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

actions/admin/settings/100.panel.php

@@ -227,6 +227,31 @@ return array(
 					'default' => false,
 					'save_method' => 'storeSettingField',
 					),
+				'panel_customer_hide_options' => array(
+					'label' => $lng['serversettings']['panel_customer_hide_options'],
+					'settinggroup' => 'panel',
+					'varname' => 'customer_hide_options',
+					'type' => 'option',
+					'default' => '',
+					'option_mode' => 'multiple',
+					'option_emptyallowed' => true,
+					'option_options' => array(
+						'email'                       => $lng['menue']['email']['email'],
+						'mysql'                       => $lng['menue']['mysql']['mysql'],
+						'domains'                     => $lng['menue']['domains']['domains'],
+						'ftp'                         => $lng['menue']['ftp']['ftp'],
+						'extras'                      => $lng['menue']['extras']['extras'],
+						'extras.directoryprotection'  => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['directoryprotection'],
+						'extras.pathoptions'          => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['pathoptions'],
+						'extras.logger'               => $lng['menue']['extras']['extras']." / ".$lng['menue']['logger']['logger'],
+						'extras.backup'               => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['backup'],
+						'traffic'                     => $lng['menue']['traffic']['traffic'],
+						'traffic.http'                => $lng['menue']['traffic']['traffic']." / HTTP",
+						'traffic.ftp'                 => $lng['menue']['traffic']['traffic']." / FTP",
+						'traffic.mail'                => $lng['menue']['traffic']['traffic']." / Mail",
+					),
+					'save_method' => 'storeSettingField',
+					),
 				),
 			),
 		),

actions/admin/settings/120.system.php

@@ -69,14 +69,6 @@ return array(
 					'save_method' => 'storeSettingHostname',
 					'plausibility_check_method' => 'checkHostname',
 					),
-				'system_froxlordirectlyviahostname' => array(
-					'label' => $lng['serversettings']['froxlordirectlyviahostname'],
-					'settinggroup' => 'system',
-					'varname' => 'froxlordirectlyviahostname',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-					),
 				'system_validatedomain' => array(
 					'label' => $lng['serversettings']['validate_domain'],
 					'settinggroup' => 'system',
@@ -160,6 +152,65 @@ return array(
 					'default' => 90,
 					'save_method' => 'storeSettingField',
 					),
+
+				'system_mail_use_smtp' => array(
+					'label' => $lng['serversettings']['mail_use_smtp'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_use_smtp',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_host' => array(
+					'label' => $lng['serversettings']['mail_smtp_host'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_host',
+					'type' => 'string',
+					'default' => 'localhost',
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_port' => array(
+					'label' => $lng['serversettings']['mail_smtp_port'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_port',
+					'type' => 'int',
+					'int_min' => 1,
+					'int_max' => 65535,
+					'default' => 25,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_usetls' => array(
+					'label' => $lng['serversettings']['mail_smtp_usetls'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_usetls',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_auth' => array(
+					'label' => $lng['serversettings']['mail_smtp_auth'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_auth',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_user' => array(
+					'label' => $lng['serversettings']['mail_smtp_user'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_user',
+					'type' => 'string',
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_passwd' => array(
+					'label' => $lng['serversettings']['mail_smtp_passwd'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_passwd',
+					'type' => 'hiddenString',
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					),
 				),
 			),
 		),

actions/admin/settings/122.froxlorvhost.php

@@ -0,0 +1,163 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2016-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Settings
+ *
+ */
+return array(
+	'groups' => array(
+		'froxlorvhost' => array(
+			'title' => $lng['admin']['froxlorvhost'],
+			'fields' => array(
+				/**
+				 * Webserver-Vhost
+				 */
+				'system_froxlordirectlyviahostname' => array(
+					'label' => $lng['serversettings']['froxlordirectlyviahostname'],
+					'settinggroup' => 'system',
+					'varname' => 'froxlordirectlyviahostname',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				/**
+				 * SSL / Let's Encrypt
+				 */
+				'system_le_froxlor_enabled' => array(
+					'label' => $lng['serversettings']['le_froxlor_enabled'],
+					'settinggroup' => 'system',
+					'varname' => 'le_froxlor_enabled',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingClearCertificates',
+					'visible' => Settings::Get('system.leenabled')
+				),
+				'system_le_froxlor_redirect' => array(
+					'label' => $lng['serversettings']['le_froxlor_redirect'],
+					'settinggroup' => 'system',
+					'varname' => 'le_froxlor_redirect',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.leenabled')
+				),
+				/**
+				 * FCGID
+				 */
+				'system_mod_fcgid_enabled_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_ownvhost',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_httpuser' => array(
+					'label' => $lng['admin']['mod_fcgid_user'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_httpuser',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingWebserverFcgidFpmUser',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_httpgroup' => array(
+					'label' => $lng['admin']['mod_fcgid_group'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_httpgroup',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_defaultini_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_defaultini_ownvhost',
+					'type' => 'option',
+					'default' => '2',
+					'option_mode' => 'one',
+					'option_options_method' => 'getPhpConfigs',
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				/**
+				 * php-fpm
+				 */
+				'system_phpfpm_enabled_ownvhost' => array(
+					'label' => $lng['phpfpm']['ownvhost'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'enabled_ownvhost',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_httpuser' => array(
+					'label' => $lng['phpfpm']['vhost_httpuser'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_httpuser',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingWebserverFcgidFpmUser',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_httpgroup' => array(
+					'label' => $lng['phpfpm']['vhost_httpgroup'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_httpgroup',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_defaultini_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_defaultini',
+					'type' => 'option',
+					'default' => '2',
+					'option_mode' => 'one',
+					'option_options_method' => 'getPhpConfigs',
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				/**
+				 * DNS
+				 */
+				'system_dns_createhostnameentry' => array(
+					'label' => $lng['serversettings']['dns_createhostnameentry'],
+					'settinggroup' => 'system',
+					'varname' => 'dns_createhostnameentry',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.bind_enable')
+				)
+			)
+		)
+	)
+);

actions/admin/settings/130.webserver.php

@@ -260,11 +260,7 @@ return array(
 					'varname' => 'enabled',
 					'type' => 'bool',
 					'default' => false,
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array(
-						'apache2',
-						'lighttpd'
-					)
+					'save_method' => 'storeSettingField'
 				),
 				'customredirect_default' => array(
 					'label' => $lng['serversettings']['customredirect_default'],
@@ -274,11 +270,7 @@ return array(
 					'default' => '1',
 					'option_mode' => 'one',
 					'option_options_method' => 'getRedirectCodes',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array(
-						'apache2',
-						'lighttpd'
-					)
+					'save_method' => 'storeSettingField'
 				)
 			)
 		)

actions/admin/settings/131.ssl.php

@@ -16,7 +16,6 @@
  * @package    Settings
  *
  */
-
 return array(
 	'groups' => array(
 		'ssl' => array(
@@ -38,7 +37,7 @@ return array(
 					'type' => 'string',
 					'string_emptyallowed' => false,
 					'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_ssl_cert_file' => array(
 					'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
@@ -48,7 +47,7 @@ return array(
 					'string_type' => 'file',
 					'string_emptyallowed' => true,
 					'default' => '/etc/apache2/apache2.pem',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_ssl_key_file' => array(
 					'label' => $lng['serversettings']['ssl']['ssl_key_file'],
@@ -58,7 +57,7 @@ return array(
 					'string_type' => 'file',
 					'string_emptyallowed' => true,
 					'default' => '/etc/apache2/apache2.key',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_ssl_cert_chainfile' => array(
 					'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
@@ -68,7 +67,7 @@ return array(
 					'string_type' => 'file',
 					'string_emptyallowed' => true,
 					'default' => '',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_ssl_ca_file' => array(
 					'label' => $lng['serversettings']['ssl']['ssl_ca_file'],
@@ -78,7 +77,7 @@ return array(
 					'string_type' => 'file',
 					'string_emptyallowed' => true,
 					'default' => '',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_leenabled' => array(
 					'label' => $lng['serversettings']['leenabled'],
@@ -89,6 +88,15 @@ return array(
 					'cronmodule' => 'froxlor/letsencrypt',
 					'save_method' => 'storeSettingField'
 				),
+				'system_letsencryptacmeconf' => array(
+					'label' => $lng['serversettings']['letsencryptacmeconf'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptacmeconf',
+					'type' => 'string',
+					'string_type' => 'file',
+					'default' => '/etc/apache2/conf-enabled/acme.conf',
+					'save_method' => 'storeSettingField',
+				),
 				'system_letsencryptca' => array(
 					'label' => $lng['serversettings']['letsencryptca'],
 					'settinggroup' => 'system',
@@ -96,8 +104,11 @@ return array(
 					'type' => 'option',
 					'default' => 'testing',
 					'option_mode' => 'one',
-									'option_options' => array('testing' => 'https://acme-staging.api.letsencrypt.org (Test)', 'production' => 'https://acme-v01.api.letsencrypt.org (Live)'),
-									'save_method' => 'storeSettingField',
+					'option_options' => array(
+						'testing' => 'https://acme-staging.api.letsencrypt.org (Test)',
+						'production' => 'https://acme-v01.api.letsencrypt.org (Live)'
+					),
+					'save_method' => 'storeSettingField'
 				),
 				'system_letsencryptcountrycode' => array(
 					'label' => $lng['serversettings']['letsencryptcountrycode'],
@@ -106,7 +117,7 @@ return array(
 					'type' => 'string',
 					'string_emptyallowed' => false,
 					'default' => 'DE',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_letsencryptstate' => array(
 					'label' => $lng['serversettings']['letsencryptstate'],
@@ -115,7 +126,7 @@ return array(
 					'type' => 'string',
 					'string_emptyallowed' => false,
 					'default' => 'Hessen',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_letsencryptchallengepath' => array(
 					'label' => $lng['serversettings']['letsencryptchallengepath'],
@@ -124,7 +135,7 @@ return array(
 					'type' => 'string',
 					'string_emptyallowed' => false,
 					'default' => FROXLOR_INSTALL_DIR,
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_letsencryptkeysize' => array(
 					'label' => $lng['serversettings']['letsencryptkeysize'],
@@ -133,7 +144,7 @@ return array(
 					'type' => 'int',
 					'int_min' => 2048,
 					'default' => 4096,
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_letsencryptreuseold' => array(
 					'label' => $lng['serversettings']['letsencryptreuseold'],
@@ -141,7 +152,33 @@ return array(
 					'varname' => 'letsencryptreuseold',
 					'type' => 'bool',
 					'default' => false,
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
+				),
+				'system_hsts_maxage' => array(
+					'label' => $lng['admin']['domain_hsts_maxage'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_maxage',
+					'type' => 'int',
+					'int_min' => 0,
+					'int_max' => 94608000, // 3-years
+					'default' => 0,
+					'save_method' => 'storeSettingField'
+				),
+				'system_hsts_incsub' => array(
+					'label' => $lng['admin']['domain_hsts_incsub'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_incsub',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				'system_hsts_preload' => array(
+					'label' => $lng['admin']['domain_hsts_preload'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_preload',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
 				),
 			)
 		)

actions/admin/settings/135.fcgid.php

@@ -97,44 +97,6 @@ return array(
 					'option_options_method' => 'getPhpConfigs',
 					'save_method' => 'storeSettingField',
 					),
-				'system_mod_fcgid_enabled_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_ownvhost',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_httpuser' => array(
-					'label' => $lng['admin']['mod_fcgid_user'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_httpuser',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingWebserverFcgidFpmUser',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_httpgroup' => array(
-					'label' => $lng['admin']['mod_fcgid_group'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_httpgroup',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_defaultini_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_defaultini_ownvhost',
-					'type' => 'option',
-					'default' => '2',
-					'option_mode' => 'one',
-					'option_options_method' => 'getPhpConfigs',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
 				'system_mod_fcgid_idle_timeout' => array(
 					'label' => $lng['serversettings']['mod_fcgid']['idle_timeout'],
 					'settinggroup' => 'system',

actions/admin/settings/136.phpfpm.php

@@ -30,30 +30,6 @@ return array(
 					'plausibility_check_method' => 'checkFcgidPhpFpm',
 					'overview_option' => true
 					),
-				'system_phpfpm_enabled_ownvhost' => array(
-					'label' => $lng['phpfpm']['ownvhost'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'enabled_ownvhost',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_httpuser' => array(
-					'label' => $lng['phpfpm']['vhost_httpuser'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_httpuser',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingWebserverFcgidFpmUser'
-					),
-				'system_phpfpm_httpgroup' => array(
-					'label' => $lng['phpfpm']['vhost_httpgroup'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_httpgroup',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField'
-					),
 				'system_phpfpm_defaultini' => array(
 					'label' => $lng['serversettings']['mod_fcgid']['defaultini'],
 					'settinggroup' => 'phpfpm',
@@ -64,16 +40,6 @@ return array(
 					'option_options_method' => 'getPhpConfigs',
 					'save_method' => 'storeSettingField'
 					),
-				'system_phpfpm_defaultini_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_defaultini',
-					'type' => 'option',
-					'default' => '2',
-					'option_mode' => 'one',
-					'option_options_method' => 'getPhpConfigs',
-					'save_method' => 'storeSettingField'
-					),
 				'system_phpfpm_configdir' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['configdir'],
 					'settinggroup' => 'phpfpm',

actions/admin/settings/160.nameserver.php

@@ -97,14 +97,6 @@ return array(
 					'default' => '',
 					'save_method' => 'storeSettingField',
 				),
-				'system_dns_createhostnameentry' => array(
-					'label' => $lng['serversettings']['dns_createhostnameentry'],
-					'settinggroup' => 'system',
-					'varname' => 'dns_createhostnameentry',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField'
-				),
 				'system_dns_createmailentry' => array(
 					'label' => $lng['serversettings']['mail_also_with_mxservers'],
 					'settinggroup' => 'system',
@@ -127,5 +119,3 @@ return array(
 			),
 		),
 	);
-
-?>

actions/admin/settings/210.security.php

@@ -63,6 +63,23 @@ return array(
 					'type' => 'bool',
 					'default' => false,
 					'save_method' => 'storeSettingField',
+					),
+				'system_allow_customer_shell' => array(
+					'label' => $lng['serversettings']['allow_allow_customer_shell'],
+					'settinggroup' => 'system',
+					'varname' => 'allow_customer_shell',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'system_available_shells' => array(
+					'label' => $lng['serversettings']['available_shells'],
+					'settinggroup' => 'system',
+					'varname' => 'available_shells',
+					'type' => 'string',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField',
 					)
 				)
 			)

admin_autoupdate.php

@@ -32,7 +32,7 @@ if (ini_get('allow_url_fopen') === false) {
 }
 
 // check for archive-stuff
-if (function_exists('gzopen') === false) {
+if (! extension_loaded('zip')) {
 	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 2));
 }
 
@@ -166,8 +166,8 @@ elseif ($page == 'extract') {
 		$zip = new ZipArchive;
 		$res = $zip->open($localArchive);
 		if ($res === true) {
-		    $log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting ".$localArchive." to ".dirname(FROXLOR_INSTALL_DIR));
-			$zip->extractTo(dirname(FROXLOR_INSTALL_DIR));
+			$log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting ".$localArchive." to ".FROXLOR_INSTALL_DIR);
+			$zip->extractTo(FROXLOR_INSTALL_DIR);
 			$zip->close();
 			// success - remove unused archive
 			@unlink($localArchive);

admin_customers.php

@@ -84,6 +84,15 @@ if ($page == 'customers'
 				$domains = $domains_stmt->fetch(PDO::FETCH_ASSOC);
 				$row['domains'] = intval($domains['domains']);
 				$dec_places = Settings::Get('panel.decimal_places');
+
+				// get disk-space usages for web, mysql and mail
+				$usages_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_DISKSPACE."` WHERE `customerid` = :cid ORDER BY `stamp` DESC LIMIT 1");
+				$usages = Database::pexecute_first($usages_stmt, array('cid' => $row['customerid']));
+
+				$row['webspace_used'] = round($usages['webspace'] / 1024, $dec_places);
+				$row['mailspace_used'] = round($usages['mail'] / 1024, $dec_places);
+				$row['dbspace_used'] = round($usages['mysql'] / 1024, $dec_places);
+
 				$row['traffic_used'] = round($row['traffic_used'] / (1024 * 1024), $dec_places);
 				$row['traffic'] = round($row['traffic'] / (1024 * 1024), $dec_places);
 				$row['diskspace_used'] = round($row['diskspace_used'] / 1024, $dec_places);
@@ -869,7 +878,7 @@ if ($page == 'customers'
 						}
 						// check froxlor-local user membership in ftp-group
 						// without this check addition may duplicate user in list if httpuser == local_user
-						if (strpos($ins_data['members'], $local_user) !== false) {
+						if (strpos($ins_data['members'], $local_user) == false) {
 							$ins_data['members'] .= ','.$local_user;
 						}
 					}

admin_domains.php

@@ -166,7 +166,7 @@ if ($page == 'domains' || $page == 'overview') {
 
 				$subresult_stmt = Database::prepare("
 					SELECT `id` FROM `" . TABLE_PANEL_DOMAINS . "`
-					WHERE (`id` = :id OR `parentdomainid` = :id " . $rsd_sql . ") AND `isemaildomain` = '1'");
+					WHERE (`id` = :id OR `parentdomainid` = :id " . $rsd_sql . ")");
 				Database::pexecute($subresult_stmt, array(
 					'id' => $id
 				));
@@ -189,13 +189,26 @@ if ($page == 'domains' || $page == 'overview') {
 					$log->logAction(ADM_ACTION, LOG_NOTICE, "deleted domain/s from mail-tables");
 				}
 
+				// if mainbutsubto-domains are not to be deleted, re-assign the (ismainbutsubto value of the main
+				// domain which is being deleted) as their new ismainbutsubto value
+				if ($remove_subbutmain_domains !== 1) {
+					$upd_stmt = Database::prepare("
+						UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
+						`ismainbutsubto` = :newIsMainButSubtoValue
+						WHERE `ismainbutsubto` = :deletedMainDomainId
+						");
+					Database::pexecute($upd_stmt, array(
+						'newIsMainButSubtoValue' => $result['ismainbutsubto'],
+						'deletedMainDomainId' => $id,
+					));
+				}
+
 				$del_stmt = Database::prepare("
 					DELETE FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `id` = :id OR `parentdomainid` = :id " . $rsd_sql);
 				Database::pexecute($del_stmt, array(
 					'id' => $id
 				));
-				$deleted_domains = $del_stmt->rowCount();
 
 				$upd_stmt = Database::prepare("
 					UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
@@ -380,6 +393,9 @@ if ($page == 'domains' || $page == 'overview') {
 					'0',
 					''
 				));
+				if ($registration_date == '0000-00-00') {
+					$registration_date = null;
+				}
 
 				$termination_date = trim($_POST['termination_date']);
 				$termination_date = validate($termination_date, 'termination_date', '/^(19|20)\d\d[-](0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])$/', '', array(
@@ -387,6 +403,9 @@ if ($page == 'domains' || $page == 'overview') {
 					'0',
 					''
 				));
+				if ($termination_date == '0000-00-00') {
+					$termination_date = null;
+				}
 
 				if ($userinfo['change_serversettings'] == '1') {
 
@@ -565,12 +584,23 @@ if ($page == 'domains' || $page == 'overview') {
 								$ssl_ipandports[] = $ssl_ipandport;
 							}
 						}
+
+						// HSTS
+						$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+						$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+						$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 					} else {
 						$ssl_redirect = 0;
 						$letsencrypt = 0;
 						// we need this for the serialize
 						// if ssl is disabled or no ssl-ip/port exists
 						$ssl_ipandports[] = - 1;
+
+						// HSTS
+						$hsts_maxage = 0;
+						$hsts_sub = 0;
+						$hsts_preload = 0;
 					}
 				} else {
 					$ssl_redirect = 0;
@@ -578,6 +608,11 @@ if ($page == 'domains' || $page == 'overview') {
 					// we need this for the serialize
 					// if ssl is disabled or no ssl-ip/port exists
 					$ssl_ipandports[] = - 1;
+
+					// HSTS
+					$hsts_maxage = 0;
+					$hsts_sub = 0;
+					$hsts_preload = 0;
 				}
 
 				// We can't enable let's encrypt for wildcard - domains
@@ -741,7 +776,10 @@ if ($page == 'domains' || $page == 'overview') {
 						'registration_date' => $registration_date,
 						'termination_date' => $termination_date,
 						'issubof' => $issubof,
-						'letsencrypt' => $letsencrypt
+						'letsencrypt' => $letsencrypt,
+						'hsts_maxage' => $hsts_maxage,
+						'hsts_sub' => $hsts_sub,
+						'hsts_preload' => $hsts_preload
 					);
 
 					$security_questions = array(
@@ -789,7 +827,10 @@ if ($page == 'domains' || $page == 'overview') {
 						'mod_fcgid_starter' => $mod_fcgid_starter,
 						'mod_fcgid_maxrequests' => $mod_fcgid_maxrequests,
 						'ismainbutsubto' => $issubof,
-						'letsencrypt' => $letsencrypt
+						'letsencrypt' => $letsencrypt,
+						'hsts' => $hsts_maxage,
+						'hsts_sub' => $hsts_sub,
+						'hsts_preload' => $hsts_preload
 					);
 
 					$ins_stmt = Database::prepare("
@@ -822,7 +863,10 @@ if ($page == 'domains' || $page == 'overview') {
 						`mod_fcgid_starter` = :mod_fcgid_starter,
 						`mod_fcgid_maxrequests` = :mod_fcgid_maxrequests,
 						`ismainbutsubto` = :ismainbutsubto,
-						`letsencrypt` = :letsencrypt
+						`letsencrypt` = :letsencrypt,
+						`hsts` = :hsts,
+						`hsts_sub` = :hsts_sub,
+						`hsts_preload` = :hsts_preload
 					");
 					Database::pexecute($ins_stmt, $ins_data);
 					$domainid = Database::lastInsertId();
@@ -1037,8 +1081,12 @@ if ($page == 'domains' || $page == 'overview') {
 	} elseif ($action == 'edit' && $id != 0) {
 
 		$result_stmt = Database::prepare("
-			SELECT `d`.*, `c`.`customerid` FROM `" . TABLE_PANEL_DOMAINS . "` `d` LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
-			WHERE `d`.`parentdomainid` = '0' AND `d`.`id` = :id" . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid"));
+			SELECT `d`.*, `c`.`customerid`
+			FROM `" . TABLE_PANEL_DOMAINS . "` `d`
+			LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
+			WHERE `d`.`parentdomainid` = '0'
+			AND `d`.`id` = :id" . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid")
+		);
 		$params = array(
 			'id' => $id
 		);
@@ -1183,7 +1231,7 @@ if ($page == 'domains' || $page == 'overview') {
 					$adminid = $result['adminid'];
 				}
 
-				$aliasdomain = intval($_POST['alias']);
+				$aliasdomain = isset($_POST['alias']) ? intval($_POST['alias']) : 0;
 				$issubof = intval($_POST['issubof']);
 				$subcanemaildomain = intval($_POST['subcanemaildomain']);
 				$caneditdomain = isset($_POST['caneditdomain']) ? intval($_POST['caneditdomain']) : 0;
@@ -1193,12 +1241,18 @@ if ($page == 'domains' || $page == 'overview') {
 					'0',
 					''
 				));
+				if ($registration_date == '0000-00-00') {
+					$registration_date = null;
+				}
 				$termination_date = trim($_POST['termination_date']);
 				$termination_date = validate($termination_date, 'termination_date', '/^(19|20)\d\d[-](0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])$/', '', array(
 					'0000-00-00',
 					'0',
 					''
 				));
+				if ($termination_date == '0000-00-00') {
+					$termination_date = null;
+				}
 
 				$isemaildomain = 0;
 				if (isset($_POST['isemaildomain'])) {
@@ -1348,6 +1402,11 @@ if ($page == 'domains' || $page == 'overview') {
 						$letsencrypt = (int) $_POST['letsencrypt'];
 					}
 
+					// HSTS
+					$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+					$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+					$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 					$ssl_ipandports = array();
 					if (isset($_POST['ssl_ipandport']) && ! is_array($_POST['ssl_ipandport'])) {
 						$_POST['ssl_ipandport'] = unserialize($_POST['ssl_ipandport']);
@@ -1373,12 +1432,18 @@ if ($page == 'domains' || $page == 'overview') {
 								$ssl_ipandports[] = $ssl_ipandport;
 							}
 						}
+
 					} else {
 						$ssl_redirect = 0;
 						$letsencrypt = 0;
 						// we need this for the serialize
 						// if ssl is disabled or no ssl-ip/port exists
 						$ssl_ipandports[] = - 1;
+
+						// HSTS
+						$hsts_maxage = 0;
+						$hsts_sub = 0;
+						$hsts_preload = 0;
 					}
 				} else {
 					$ssl_redirect = 0;
@@ -1386,6 +1451,11 @@ if ($page == 'domains' || $page == 'overview') {
 					// we need this for the serialize
 					// if ssl is disabled or no ssl-ip/port exists
 					$ssl_ipandports[] = - 1;
+
+					// HSTS
+					$hsts_maxage = 0;
+					$hsts_sub = 0;
+					$hsts_preload = 0;
 				}
 
 				// We can't enable let's encrypt for wildcard domains
@@ -1523,7 +1593,10 @@ if ($page == 'domains' || $page == 'overview') {
 					'speciallogverified' => $speciallogverified,
 					'ipandport' => serialize($ipandports),
 					'ssl_ipandport' => serialize($ssl_ipandports),
-					'letsencrypt' => $letsencrypt
+					'letsencrypt' => $letsencrypt,
+					'hsts_maxage' => $hsts_maxage,
+					'hsts_sub' => $hsts_sub,
+					'hsts_preload' => $hsts_preload
 				);
 
 				$security_questions = array(
@@ -1542,7 +1615,7 @@ if ($page == 'domains' || $page == 'overview') {
 				$wwwserveralias = ($serveraliasoption == '1') ? '1' : '0';
 				$iswildcarddomain = ($serveraliasoption == '0') ? '1' : '0';
 
-				if ($documentroot != $result['documentroot'] || $ssl_redirect != $result['ssl_redirect'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $openbasedir != $result['openbasedir'] || $phpsettingid != $result['phpsettingid'] || $mod_fcgid_starter != $result['mod_fcgid_starter'] || $mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests'] || $specialsettings != $result['specialsettings'] || $aliasdomain != $result['aliasdomain'] || $issubof != $result['ismainbutsubto'] || $email_only != $result['email_only'] || ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1') || $letsencrypt != $result['letsencrypt']) {
+				if ($documentroot != $result['documentroot'] || $ssl_redirect != $result['ssl_redirect'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $openbasedir != $result['openbasedir'] || $phpsettingid != $result['phpsettingid'] || $mod_fcgid_starter != $result['mod_fcgid_starter'] || $mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests'] || $specialsettings != $result['specialsettings'] || $aliasdomain != $result['aliasdomain'] || $issubof != $result['ismainbutsubto'] || $email_only != $result['email_only'] || ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1') || $letsencrypt != $result['letsencrypt'] || $hsts_maxage != $result['hsts'] || $hsts_sub != $result['hsts_sub'] || $hsts_preload != $result['hsts_preload']) {
 					inserttask('1');
 				}
 
@@ -1571,6 +1644,16 @@ if ($page == 'domains' || $page == 'overview') {
 					$log->logAction(ADM_ACTION, LOG_NOTICE, "deleted domain #" . $id . " from mail-tables");
 				}
 
+				// check whether LE has been disabled, so we remove the certificate
+				if ($letsencrypt == '0' && $result['letsencrypt'] == '1')  {
+					$del_stmt = Database::prepare("
+						DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = :id
+					");
+					Database::pexecute($del_stmt, array(
+						'id' => $id
+					));
+				}
+
 				$updatechildren = '';
 
 				if ($subcanemaildomain == '0' && $result['subcanemaildomain'] != '0') {
@@ -1683,6 +1766,9 @@ if ($page == 'domains' || $page == 'overview') {
 				$update_data['termination_date'] = $termination_date;
 				$update_data['ismainbutsubto'] = $issubof;
 				$update_data['letsencrypt'] = $letsencrypt;
+				$update_data['hsts'] = $hsts_maxage;
+				$update_data['hsts_sub'] = $hsts_sub;
+				$update_data['hsts_preload'] = $hsts_preload;
 				$update_data['id'] = $id;
 
 				$update_stmt = Database::prepare("
@@ -1710,7 +1796,10 @@ if ($page == 'domains' || $page == 'overview') {
 					`registration_date` = :registration_date,
 					`termination_date` = :termination_date,
 					`ismainbutsubto` = :ismainbutsubto,
-					`letsencrypt` = :letsencrypt
+					`letsencrypt` = :letsencrypt,
+					`hsts` = :hsts,
+					`hsts_sub` = :hsts_sub,
+					`hsts_preload` = :hsts_preload
 					WHERE `id` = :id
 				");
 				Database::pexecute($update_stmt, $update_data);
@@ -2086,6 +2175,11 @@ if ($page == 'domains' || $page == 'overview') {
 } elseif ($page == 'domaindnseditor' && Settings::Get('system.dnsenabled') == '1') {
 
 	require_once __DIR__.'/dns_editor.php';
+
+} elseif ($page == 'sslcertificates') {
+
+	require_once __DIR__.'/ssl_certificates.php';
+
 }
 
 function formatDomainEntry(&$row, &$idna_convert)

admin_index.php

@@ -144,6 +144,15 @@ if ($page == 'overview') {
 	$cron_last_runs = getCronjobsLastRun();
 	$outstanding_tasks = getOutstandingTasks();
 
+	$system_hostname = gethostname();
+	$meminfo= explode("\n", @file_get_contents("/proc/meminfo"));
+	$memory = "";
+	for ($i = 0; $i < sizeof($meminfo); ++$i) {
+		if (substr($meminfo[$i], 0, 3) === "Mem") {
+			$memory.= $meminfo[$i] . PHP_EOL;
+		}
+	}
+
 	if (function_exists('sys_getloadavg')) {
 		$loadArray = sys_getloadavg();
 		$load = number_format($loadArray[0], 2, '.', '') . " / " . number_format($loadArray[1], 2, '.', '') . " / " . number_format($loadArray[2], 2, '.', '');
@@ -360,7 +369,8 @@ if ($page == 'overview') {
 			$mail_body .= "File: ".$_error['file'].':'.$_error['line']."\n\n";
 			$mail_body .= "Trace:\n".trim($_error['trace'])."\n\n";
 			$mail_body .= "-------------------------------------------------------------\n\n";
-			$mail_body .= "Froxlor-version: ".$version."\n\n";
+			$mail_body .= "Froxlor-version: ".$version."\n";
+			$mail_body .= "DB-version: ".$dbversion."\n\n";
 			$mail_body .= "End of report";
 			$mail_html = nl2br($mail_body);
 

admin_ipsandports.php

@@ -33,6 +33,7 @@ if ($page == 'ipsandports'
 	$websrv = Settings::Get('system.webserver');
 	$is_nginx = ($websrv == 'nginx');
 	$is_apache = ($websrv == 'apache2');
+	$is_apache24 = $is_apache && (Settings::Get('system.apache24') === '1');
 
 	if ($action == '') {
 

customer_domains.php

@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';
 
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','domains')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -36,7 +41,7 @@ if ($page == 'overview') {
 			'd.domain' => $lng['domains']['domainname']
 		);
 		$paging = new paging($userinfo, TABLE_PANEL_DOMAINS, $fields);
-		$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `d`.`letsencrypt`, `d`.`termination_date`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d`
+		$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isbinddomain`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `d`.`letsencrypt`, `d`.`termination_date`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `da` ON `da`.`aliasdomain`=`d`.`id`
 			WHERE `d`.`customerid`= :customerid
@@ -260,7 +265,7 @@ if ($page == 'overview') {
 				}
 
 				$subdomain = $idna_convert->encode(preg_replace(array('/\:(\d)+$/', '/^https?\:\/\//'), '', validate($_POST['subdomain'], 'subdomain', '', 'subdomainiswrong')));
-				$domain = $idna_convert->encode($_POST['domain']);
+				$domain = $_POST['domain'];
 				$domain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `domain` = :domain
 					AND `customerid` = :customerid
@@ -272,6 +277,13 @@ if ($page == 'overview') {
 
 				$completedomain = $subdomain . '.' . $domain;
 
+				if (Settings::Get('system.validate_domain') && ! validateDomain($completedomain)) {
+					standard_error(array(
+						'stringiswrong',
+						'mydomain'
+					));
+				}
+
 				if ($completedomain == Settings::Get('system.hostname')) {
 					standard_error('admin_domain_emailsystemhostname');
 				}
@@ -307,14 +319,14 @@ if ($page == 'overview') {
 					triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
 				}
 
-				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
+				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($_POST['url'])) {
 					$path = $_POST['url'];
 					$_doredirect = true;
 				} else {
 					$path = validate($_POST['path'], 'path');
 				}
 
-				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) {
+				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
 					// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 					// set default path to subdomain or domain name
 					if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -362,6 +374,11 @@ if ($page == 'overview') {
 					$ssl_redirect = 2;
 				}
 
+				// HSTS
+				$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+				$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+				$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 				if ($path == '') {
 					standard_error('patherror');
 				} elseif ($subdomain == '') {
@@ -404,7 +421,10 @@ if ($page == 'overview') {
 						`specialsettings` = :specialsettings,
 						`ssl_redirect` = :ssl_redirect,
 						`phpsettingid` = :phpsettingid,
-						`letsencrypt` = :letsencrypt"
+						`letsencrypt` = :letsencrypt,
+						`hsts` = :hsts,
+						`hsts_sub` = :hsts_sub,
+						`hsts_preload` = :hsts_preload"
 					);
 					$params = array(
 						"customerid" => $userinfo['customerid'],
@@ -421,7 +441,10 @@ if ($page == 'overview') {
 						"specialsettings" => $domain_check['specialsettings'],
 						"ssl_redirect" => $ssl_redirect,
 						"phpsettingid" => $phpsid_result['phpsettingid'],
-						"letsencrypt" => $letsencrypt
+						"letsencrypt" => $letsencrypt,
+						"hsts" => $hsts_maxage,
+						"hsts_sub" => $hsts_sub,
+						"hsts_preload" => $hsts_preload
 					);
 					Database::pexecute($stmt, $params);
 
@@ -515,8 +538,7 @@ if ($page == 'overview') {
 		}
 	} elseif ($action == 'edit' && $id != 0) {
 
-		$stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`isbinddomain`, `d`.`wwwserveralias`, `d`.`iswildcarddomain`,
-			`d`.`parentdomainid`, `d`.`ssl_redirect`, `d`.`aliasdomain`, `d`.`openbasedir`, `d`.`openbasedir_path`, `d`.`letsencrypt`, `pd`.`subcanemaildomain`
+		$stmt = Database::prepare("SELECT `d`.*, `pd`.`subcanemaildomain`
 			FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_DOMAINS . "` `pd`
 			WHERE `d`.`customerid` = :customerid
 			AND `d`.`id` = :id
@@ -534,14 +556,14 @@ if ($page == 'overview') {
 
 		if (isset($result['customerid']) && $result['customerid'] == $userinfo['customerid']) {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
-				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
+				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($_POST['url'])) {
 					$path = $_POST['url'];
 					$_doredirect = true;
 				} else {
 					$path = validate($_POST['path'], 'path');
 				}
 
-				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) {
+				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
 					// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 					// set default path to subdomain or domain name
 					if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -556,7 +578,7 @@ if ($page == 'overview') {
 					$_doredirect = true;
 				}
 
-				$aliasdomain = intval($_POST['alias']);
+				$aliasdomain = isset($_POST['alias']) ? intval($_POST['alias']) : 0;
 
 				if (isset($_POST['selectserveralias'])) {
 					$iswildcarddomain = ($_POST['selectserveralias'] == '0') ? '1' : '0';
@@ -630,6 +652,11 @@ if ($page == 'overview') {
 					$ssl_redirect = 2;
 				}
 
+				// HSTS
+				$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+				$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+				$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 				if ($path == '') {
 					standard_error('patherror');
 				} else {
@@ -654,7 +681,11 @@ if ($page == 'overview') {
 						|| $aliasdomain != $result['aliasdomain']
 						|| $openbasedir_path != $result['openbasedir_path']
 						|| $ssl_redirect != $result['ssl_redirect']
-						|| $letsencrypt != $result['letsencrypt']) {
+						|| $letsencrypt != $result['letsencrypt']
+						|| $hsts_maxage != $result['hsts']
+						|| $hsts_sub != $result['hsts_sub']
+						|| $hsts_preload != $result['hsts_preload']
+					) {
 						$log->logAction(USR_ACTION, LOG_INFO, "edited domain '" . $idna_convert->decode($result['domain']) . "'");
 
 						$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
@@ -665,7 +696,10 @@ if ($page == 'overview') {
 							`aliasdomain`= :aliasdomain,
 							`openbasedir_path`= :openbasedir_path,
 							`ssl_redirect`= :ssl_redirect,
-							`letsencrypt`= :letsencrypt
+							`letsencrypt`= :letsencrypt,
+							`hsts` = :hsts,
+							`hsts_sub` = :hsts_sub,
+							`hsts_preload` = :hsts_preload
 							WHERE `customerid`= :customerid
 							AND `id`= :id"
 						);
@@ -678,6 +712,9 @@ if ($page == 'overview') {
 							"openbasedir_path" => $openbasedir_path,
 							"ssl_redirect" => $ssl_redirect,
 							"letsencrypt" => $letsencrypt,
+							"hsts" => $hsts_maxage,
+							"hsts_sub" => $hsts_sub,
+							"hsts_preload" => $hsts_preload,
 							"customerid" => $userinfo['customerid'],
 							"id" => $id
 						);
@@ -687,12 +724,21 @@ if ($page == 'overview') {
 							// trigger when domain id for alias destination has changed: both for old and new destination
 							triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
 							triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
-						} else
-							if ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
+						} elseif ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
 							// or when wwwserveralias or letsencrypt was changed
 							triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
 						}
 
+						// check whether LE has been disabled, so we remove the certificate
+						if ($letsencrypt == '0' && $result['letsencrypt'] == '1')  {
+							$del_stmt = Database::prepare("
+								DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = :id
+							");
+							Database::pexecute($del_stmt, array(
+								'id' => $id
+							));
+						}
+
 						inserttask('1');
 
 						// Using nameserver, insert a task which rebuilds the server config
@@ -718,7 +764,7 @@ if ($page == 'overview') {
 					AND `dip`.`id_ipandports`
 					IN (SELECT `id_ipandports` FROM `".TABLE_DOMAINTOIP."`
 						WHERE `id_domain` = :id)
-					GROUP BY `d`.`domain`
+					GROUP BY `d`.`id`, `d`.`domain`
 					ORDER BY `d`.`domain` ASC"
 				);
 				Database::pexecute($domains_stmt, array("id" => $result['id'], "customerid" => $userinfo['customerid']));
@@ -727,7 +773,7 @@ if ($page == 'overview') {
 					$domains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id'], $result['aliasdomain']);
 				}
 
-				if (preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($idna_convert->encode($result['documentroot']))) {
+				if (preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($result['documentroot'])) {
 					if (Settings::Get('panel.pathedit') == 'Dropdown') {
 						$urlvalue = $result['documentroot'];
 						$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
@@ -923,4 +969,9 @@ if ($page == 'overview') {
 } elseif ($page == 'domaindnseditor' && $userinfo['dnsenabled'] == '1' && Settings::Get('system.dnsenabled') == '1') {
 
 	require_once __DIR__.'/dns_editor.php';
+
+} elseif ($page == 'sslcertificates') {
+
+	require_once __DIR__.'/ssl_certificates.php';
+
 }

customer_email.php

@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';
 
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','email')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -200,7 +205,8 @@ if ($page == 'overview') {
 		if ($userinfo['emails_used'] < $userinfo['emails'] || $userinfo['emails'] == '-1') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$email_part = $_POST['email_part'];
-				$domain = $idna_convert->encode(validate($_POST['domain'], 'domain'));
+				// domain does not need idna encoding as the value of the select-box is already Punycode
+				$domain = validate($_POST['domain'], 'domain');
 				$stmt = Database::prepare("SELECT `id`, `domain`, `customerid` FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `domain`= :domain
 					AND `customerid`= :customerid

customer_extras.php

@@ -19,6 +19,11 @@
 define('AREA', 'customer');
 require './lib/init.php';
 
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','extras')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -29,6 +34,12 @@ if ($page == 'overview') {
 	$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras");
 	eval("echo \"" . getTemplate("extras/extras") . "\";");
 } elseif ($page == 'htpasswds') {
+
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.directoryprotection')) {
+		redirectTo('customer_index.php');
+	}
+
 	if ($action == '') {
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htpasswds");
 		$fields = array(
@@ -262,6 +273,12 @@ if ($page == 'overview') {
 		}
 	}
 } elseif ($page == 'htaccess') {
+
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.pathoptions')) {
+		redirectTo('customer_index.php');
+	}
+
 	if ($action == '') {
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htaccess");
 		$fields = array(
@@ -520,6 +537,11 @@ if ($page == 'overview') {
 	}
 } elseif ($page == 'backup') {
 
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.backup')) {
+		redirectTo('customer_index.php');
+	}
+
 	if (Settings::Get('system.backupenabled') == 1)
 	{
 		if ($action == 'abort' && isset($_POST['send']) && $_POST['send'] == 'send') {

customer_ftp.php

@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';
 
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','ftp')) {
+	redirectTo('customer_index.php');
+}
+
 $id = 0;
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
@@ -40,7 +45,7 @@ if ($page == 'overview') {
 		);
 		$paging = new paging($userinfo, TABLE_FTP_USERS, $fields);
 
-		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir` FROM `" . TABLE_FTP_USERS . "`
+		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `shell` FROM `" . TABLE_FTP_USERS . "`
 			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
 		);
 		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
@@ -153,6 +158,10 @@ if ($page == 'overview') {
 				$path = validate($_POST['path'], 'path');
 				$password = validate($_POST['ftp_password'], 'password');
 				$password = validatePassword($password);
+				$shell = "/bin/false";
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shell = isset($_POST['shell']) ? validate($_POST['shell'], 'shell') : '/bin/false';
+				}
 
 				$sendinfomail = isset($_POST['sendinfomail']) ? 1 : 0;
 				if ($sendinfomail != 1) {
@@ -200,8 +209,8 @@ if ($page == 'overview') {
 					$cryptPassword = makeCryptPassword($password);
 
 					$stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_USERS . "`
-						(`customerid`, `username`, `description`, `password`, `homedir`, `login_enabled`, `uid`, `gid`)
-						VALUES (:customerid, :username, :description, :password, :homedir, 'y', :guid, :guid)"
+						(`customerid`, `username`, `description`, `password`, `homedir`, `login_enabled`, `uid`, `gid`, `shell`)
+						VALUES (:customerid, :username, :description, :password, :homedir, 'y', :guid, :guid, :shell)"
 					);
 					$params = array(
 						"customerid" => $userinfo['customerid'],
@@ -209,7 +218,8 @@ if ($page == 'overview') {
 						"description" => $description,
 						"password" => $cryptPassword,
 						"homedir" => $path,
-						"guid" => $userinfo['guid']
+						"guid" => $userinfo['guid'],
+						"shell" => $shell
 					);
 					Database::pexecute($stmt, $params);
 
@@ -329,6 +339,18 @@ if ($page == 'overview') {
 					}
 				}
 
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shells = makeoption("/bin/false", "/bin/false", "/bin/false");
+					$shells_avail = Settings::Get('system.available_shells');
+					if (!empty($shells_avail)) {
+						$shells_avail = explode(",", $shells_avail);
+						$shells_avail = array_map("trim", $shells_avail);
+						foreach ($shells_avail as $_shell) {
+							$shells .= makeoption($_shell, $_shell, "/bin/false");
+						}
+					}
+				}
+
 				//$sendinfomail = makeyesno('sendinfomail', '1', '0', '0');
 
 				$ftp_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/ftp/formfield.ftp_add.php';
@@ -341,7 +363,7 @@ if ($page == 'overview') {
 			}
 		}
 	} elseif ($action == 'edit' && $id != 0) {
-		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `uid`, `gid` FROM `" . TABLE_FTP_USERS . "`
+		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `uid`, `gid`, `shell` FROM `" . TABLE_FTP_USERS . "`
 			WHERE `customerid` = :customerid
 			AND `id` = :id"
 		);
@@ -353,6 +375,11 @@ if ($page == 'overview') {
 				// @FIXME use a good path-validating regex here (refs #1231)
 				$path = validate($_POST['path'], 'path');
 
+				$shell = "/bin/false";
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shell = isset($_POST['shell']) ? validate($_POST['shell'], 'shell') : '/bin/false';
+				}
+
 				$_setnewpass = false;
 				if (isset($_POST['ftp_password']) && $_POST['ftp_password'] != '') {
 					$password = validate($_POST['ftp_password'], 'password');
@@ -406,11 +433,11 @@ if ($page == 'overview') {
 				$log->logAction(USR_ACTION, LOG_INFO, "edited ftp-account '" . $result['username'] . "'");
 				$description = validate($_POST['ftp_description'], 'description');
 				$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
-					SET `description` = :desc
+					SET `description` = :desc, `shell` = :shell
 					WHERE `customerid` = :customerid
 					AND `id` = :id"
 				);
-				Database::pexecute($stmt, array("desc" => $description, "customerid" => $userinfo['customerid'], "id" => $id));
+				Database::pexecute($stmt, array("desc" => $description, "shell" => $shell, "customerid" => $userinfo['customerid'], "id" => $id));
 
 				redirectTo($filename, array('page' => $page, 's' => $s));
 			} else {
@@ -436,6 +463,18 @@ if ($page == 'overview') {
 					}
 				}
 
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shells = makeoption("/bin/false", "/bin/false", $result['shell']);
+					$shells_avail = Settings::Get('system.available_shells');
+					if (!empty($shells_avail)) {
+						$shells_avail = explode(",", $shells_avail);
+						$shells_avail = array_map("trim", $shells_avail);
+						foreach ($shells_avail as $_shell) {
+							$shells .= makeoption($_shell, $_shell, $result['shell']);
+						}
+					}
+				}
+
 				$ftp_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/ftp/formfield.ftp_edit.php';
 				$ftp_edit_form = htmlform::genHTMLForm($ftp_edit_data);
 

customer_index.php

@@ -78,8 +78,15 @@ if ($page == 'overview') {
 	$yesterday = time() - (60 * 60 * 24);
 	$month = date('M Y', $yesterday);
 
+	// get disk-space usages for web, mysql and mail
+	$usages_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_DISKSPACE."` WHERE `customerid` = :cid ORDER BY `stamp` DESC LIMIT 1");
+	$usages = Database::pexecute_first($usages_stmt, array('cid' => $userinfo['customerid']));
+
 	$userinfo['diskspace'] = round($userinfo['diskspace'] / 1024, Settings::Get('panel.decimal_places'));
-	$userinfo['diskspace_used'] = round($userinfo['diskspace_used'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['diskspace_used'] = round($usages['webspace'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['mailspace_used'] = round($usages['mail'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['dbspace_used'] = round($usages['mysql'] / 1024, Settings::Get('panel.decimal_places'));
+
 	$userinfo['traffic'] = round($userinfo['traffic'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 	$userinfo['traffic_used'] = round($userinfo['traffic_used'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 	$userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'diskspace traffic mysqls emails email_accounts email_forwarders email_quota ftps tickets subdomains');
@@ -267,7 +274,8 @@ if ($page == 'overview') {
 			$mail_body .= "File: ".$_error['file'].':'.$_error['line']."\n\n";
 			$mail_body .= "Trace:\n".trim($_error['trace'])."\n\n";
 			$mail_body .= "-------------------------------------------------------------\n\n";
-			$mail_body .= "Froxlor-version: ".$version."\n\n";
+			$mail_body .= "Froxlor-version: ".$version."\n";
+			$mail_body .= "DB-version: ".$dbversion."\n\n";
 			$mail_body .= "End of report";
 			$mail_html = str_replace("\n", "<br />", $mail_body);
 

customer_logger.php

@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';
 
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','extras.logger')) {
+	redirectTo('customer_index.php');
+}
+
 if ($page == 'log'
 ) {
 	if ($action == '') {

customer_mysql.php

@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';
 
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','mysql')) {
+	redirectTo('customer_index.php');
+}
+
 // get sql-root access data
 Database::needRoot(true);
 Database::needSqlData();

customer_tickets.php

@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';
 
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','domains')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 
 	$id = intval($_POST['id']);

customer_traffic.php

@@ -20,6 +20,12 @@
 define('AREA', 'customer');
 $intrafficpage = 1;
 require './lib/init.php';
+
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','traffic')) {
+	redirectTo('customer_index.php');
+}
+
 $traffic = '';
 $month = null;
 $year = null;
@@ -109,8 +115,7 @@ if (!is_null($month) && !is_null($year)) {
 	$result_stmt = Database::prepare("SELECT `month`, `year`, SUM(`http`) AS http, SUM(`ftp_up`) AS ftp_up, SUM(`ftp_down`) AS ftp_down, SUM(`mail`) AS mail
 		FROM `" . TABLE_PANEL_TRAFFIC . "`
 		WHERE `customerid` = :customerid
-		GROUP BY CONCAT(`year`,`month`)
-		ORDER BY CONCAT(`year`,`month`) DESC
+		GROUP BY `year` DESC, `month` DESC
 		LIMIT 12"
 	);
 	Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));

install/froxlor.sql

@@ -66,7 +66,7 @@ CREATE TABLE `mail_virtual` (
   `id` int(11) NOT NULL auto_increment,
   `email` varchar(255) NOT NULL default '',
   `email_full` varchar(255) NOT NULL default '',
-  `destination` text NOT NULL,
+  `destination` text NOT NULL default '',
   `domainid` int(11) NOT NULL default '0',
   `customerid` int(11) NOT NULL default '0',
   `popaccountid` int(11) NOT NULL default '0',
@@ -245,8 +245,8 @@ CREATE TABLE `panel_domains` (
   `deactivated` tinyint(1) NOT NULL default '0',
   `bindserial` varchar(10) NOT NULL default '2000010100',
   `add_date` int( 11 ) NOT NULL default '0',
-  `registration_date` date NOT NULL,
-  `termination_date` date NOT NULL,
+  `registration_date` date DEFAULT NULL,
+  `termination_date` date DEFAULT NULL,
   `phpsettingid` INT( 11 ) UNSIGNED NOT NULL DEFAULT '1',
   `mod_fcgid_starter` int(4) default '-1',
   `mod_fcgid_maxrequests` int(4) default '-1',
@@ -254,7 +254,7 @@ CREATE TABLE `panel_domains` (
   `letsencrypt` tinyint(1) NOT NULL default '0',
   `hsts` varchar(10) NOT NULL default '0',
   `hsts_sub` tinyint(1) NOT NULL default '0',
-  `hsts_preload` tinyint(1) NOT NULL default '1',
+  `hsts_preload` tinyint(1) NOT NULL default '0',
   PRIMARY KEY  (`id`),
   KEY `customerid` (`customerid`),
   KEY `parentdomain` (`parentdomainid`),
@@ -521,7 +521,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'lepublickey', 'unset'),
 	('system', 'letsencryptca', 'production'),
 	('system', 'letsencryptcountrycode', 'DE'),
-	('system', 'letsencryptstate', 'Germany'),
+	('system', 'letsencryptstate', 'Hessen'),
 	('system', 'letsencryptchallengepath', '/var/www/froxlor'),
 	('system', 'letsencryptkeysize', '4096'),
 	('system', 'letsencryptreuseold', 0),
@@ -530,6 +530,21 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'dnsenabled', '0'),
 	('system', 'dns_server', 'bind'),
 	('system', 'apacheglobaldiropt', ''),
+	('system', 'allow_customer_shell', '0'),
+	('system', 'available_shells', ''),
+	('system', 'le_froxlor_enabled', '0'),
+	('system', 'le_froxlor_redirect', '0'),
+	('system', 'letsencryptacmeconf', '/etc/apache2/conf-enabled/acme.conf'),
+	('system', 'mail_use_smtp', '0'),
+	('system', 'mail_smtp_host', 'localhost'),
+	('system', 'mail_smtp_port', '25'),
+	('system', 'mail_smtp_usetls', '1'),
+	('system', 'mail_smtp_auth', '1'),
+	('system', 'mail_smtp_user', ''),
+	('system', 'mail_smtp_passwd', ''),
+	('system', 'hsts_maxage', '0'),
+	('system', 'hsts_sub', '0'),
+	('system', 'hsts_preload', '0'),
 	('panel', 'decimal_places', '4'),
 	('panel', 'adminmail', 'admin@SERVERNAME'),
 	('panel', 'phpmyadmin_url', ''),
@@ -560,8 +575,9 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'password_numeric', '0'),
 	('panel', 'password_special_char_required', '0'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
-	('panel', 'version', '0.9.37-rc1'),
-	('panel', 'db_version', '201607140');
+	('panel', 'customer_hide_options', ''),
+	('panel', 'version', '0.9.38-rc2'),
+	('panel', 'db_version', '201610070');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;

install/lib/class.FroxlorInstall.php

@@ -996,6 +996,15 @@ class FroxlorInstall
 			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
 		}
 
+		// check for zip extension
+		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpzip']);
+
+		if (! extension_loaded('zip')) {
+			$content .= $this->_status_message('orange', $this->_lng['requirements']['notinstalled'] . "<br />" . $this->_lng['requirements']['zipdescription']);
+		} else {
+			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
+		}
+
 		// check for open_basedir
 		$content .= $this->_status_message('begin', $this->_lng['requirements']['openbasedir']);
 		$php_ob = @ini_get("open_basedir");

install/lng/english.lng.php

@@ -34,7 +34,9 @@ $lng['requirements']['phpposix'] = 'PHP posix-extension...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-extension...';
 $lng['requirements']['phpcurl'] = 'PHP curl-extension...';
 $lng['requirements']['phpmbstring'] = 'PHP mbstring-extension...';
+$lng['requirements']['phpzip'] = 'PHP zip-extension...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-calculation related functions will not work correctly!';
+$lng['requirements']['zipdescription'] = 'The auto-update feature requires the zip extension.';
 $lng['requirements']['openbasedir'] = 'open_basedir...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor will not work properly with open_basedir enabled. Please disable open_basedir for Froxlor in the coresponding php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Cannot install Froxlor without these requirements! Try to fix them and retry.';

install/lng/german.lng.php

@@ -34,7 +34,9 @@ $lng['requirements']['phpposix'] = 'PHP posix-Erweiterung...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-Erweiterung...';
 $lng['requirements']['phpcurl'] = 'PHP curl-Erweiterung...';
 $lng['requirements']['phpmbstring'] = 'PHP mbstring-Erweiterung...';
+$lng['requirements']['phpzip'] = 'PHP zip-Erweiterung...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-Berechnungs bezogene Funktionen stehen nicht vollständig zur Verfügung!';
+$lng['requirements']['zipdescription'] = 'Die Auto-Update Funktion benötigt die zip Erweiterung.';
 $lng['requirements']['openbasedir'] = 'open_basedir genutzt wird...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor wird mit aktiviertem open_basedir nicht vollständig funktionieren. Bitte deaktivieren Sie open_basedir für Froxlor in der entsprechenden php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Kann Froxlor ohne diese Voraussetzungen nicht installieren! Beheben Sie die angezeigten Probleme und versuchen Sie es erneut.';

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -3397,8 +3397,119 @@ if (isDatabaseVersion('201606190')) {
 
 if (isFroxlorVersion('0.9.36')) {
 
-	showUpdateStep("Updating from 0.9.36 to 0.9.37-rc1");
-	lastStepStatus(0);
-
+	showUpdateStep("Updating from 0.9.36 to 0.9.37-rc1", false);
 	updateToVersion('0.9.37-rc1');
 }
+
+if (isDatabaseVersion('201607140')) {
+
+	showUpdateStep("Adding new setting to hide certain options in customer panel");
+	Settings::AddNew("panel.customer_hide_options", "");
+	lastStepStatus(0);
+
+	updateToDbVersion('201607210');
+}
+
+if (isFroxlorVersion('0.9.37-rc1')) {
+
+	showUpdateStep("Updating from 0.9.37-rc1 to 0.9.37 final", false);
+	updateToVersion('0.9.37');
+}
+
+if (isDatabaseVersion('201607210')) {
+
+	showUpdateStep("Adding new settings for customer shell option");
+	Settings::AddNew("system.allow_customer_shell", "0");
+	Settings::AddNew("system.available_shells", "");
+	lastStepStatus(0);
+
+	updateToDbVersion('201608260');
+}
+
+if (isDatabaseVersion('201608260')) {
+
+	showUpdateStep("Adding new settings to use Let's Encrypt for froxlor");
+	Settings::AddNew("system.le_froxlor_enabled", "0");
+	Settings::AddNew("system.le_froxlor_redirect", "0");
+	lastStepStatus(0);
+
+	updateToDbVersion('201609050');
+}
+
+if (isDatabaseVersion('201609050')) {
+
+	showUpdateStep("Adding new settings for acme.conf (Let's Encrypt)");
+	// get user-chosen value
+	$websrv_default = "/etc/apache2/conf-enabled/acme.conf";
+	if (Settings::Get('system.webserver') == 'nginx') {
+		$websrv_default = "/etc/nginx/acme.conf";
+	}
+	$acmeconffile = isset($_POST['acmeconffile']) ? $_POST['acmeconffile'] : $websrv_default;
+	$acmeconffile = makeCorrectFile($acmeconffile);
+	Settings::AddNew("system.letsencryptacmeconf", $acmeconffile);
+	lastStepStatus(0);
+
+	updateToDbVersion('201609120');
+}
+
+if (isDatabaseVersion('201609120')) {
+
+	showUpdateStep("Adding new SMTP settings for emails sent by froxlor");
+	// get user-chosen value
+	$smtp_enable = isset($_POST['smtp_enable']) ? (int) $_POST['smtp_enable'] : 0;
+	$smtp_host = isset($_POST['smtp_host']) ? $_POST['smtp_host'] : "localhost";
+	$smtp_port = isset($_POST['smtp_port']) ? (int)$_POST['smtp_port'] : 25;
+	$smtp_usetls = isset($_POST['smtp_usetls']) ? (int) $_POST['smtp_usetls'] : 1;
+	$smtp_useauth = isset($_POST['smtp_auth']) ? (int) $_POST['smtp_auth'] : 1;
+	$smtp_user = isset($_POST['smtp_user']) ? $_POST['smtp_user'] : "";
+	$smtp_passwd = isset($_POST['smtp_passwd']) ? $_POST['smtp_passwd'] : "";
+
+	Settings::AddNew("system.mail_use_smtp", $smtp_enable);
+	Settings::AddNew("system.mail_smtp_host", $smtp_host);
+	Settings::AddNew("system.mail_smtp_port", $smtp_port);
+	Settings::AddNew("system.mail_smtp_usetls", $smtp_usetls);
+	Settings::AddNew("system.mail_smtp_auth", $smtp_useauth);
+	Settings::AddNew("system.mail_smtp_user", $smtp_user);
+	Settings::AddNew("system.mail_smtp_passwd", $smtp_passwd);
+	lastStepStatus(0);
+
+	updateToDbVersion('201609200');
+}
+
+if (isDatabaseVersion('201609200')) {
+
+	showUpdateStep("Changing tables to be more mysql strict-mode compatible");
+	Database::query("ALTER TABLE `".TABLE_MAIL_VIRTUAL."` CHANGE `destination` `destination` TEXT NOT NULL DEFAULT '';");
+	Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` CHANGE `registration_date` `registration_date` DATE NULL DEFAULT NULL;");
+	Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` CHANGE `termination_date` `termination_date` DATE NULL DEFAULT NULL;");
+	lastStepStatus(0);
+
+	updateToDbVersion('201609240');
+}
+
+if (isDatabaseVersion('201609240')) {
+
+	showUpdateStep("Add HSTS settings for froxlor-vhost");
+	Settings::AddNew("system.hsts_maxage", 0);
+	Settings::AddNew("system.hsts_incsub", 0);
+	Settings::AddNew("system.hsts_preload", 0);
+	lastStepStatus(0);
+
+	showUpdateStep("Settings HSTS default values for all domains (deactivated)");
+	Database::query("UPDATE `".TABLE_PANEL_DOMAINS."` SET `hsts_sub` = '0', `hsts_preload` = '0';");
+	lastStepStatus(0);
+
+	updateToDbVersion('201610070');
+}
+
+if (isFroxlorVersion('0.9.37')) {
+
+	showUpdateStep("Updating from 0.9.37 to 0.9.38-rc1", false);
+	updateToVersion('0.9.38-rc1');
+}
+
+if (isFroxlorVersion('0.9.38-rc1')) {
+
+	showUpdateStep("Updating from 0.9.38-rc1 to 0.9.38-rc2", false);
+	updateToVersion('0.9.38-rc2');
+}

install/updates/preconfig/0.9/preconfig_0.9.inc.php

@@ -679,4 +679,34 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version, $c
 		$question .= $dnsdaemons . '</select>';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}
+
+	if (versionInUpdate($current_db_version, '201609120')) {
+		if (Settings::Get('system.leenabled') == 1) {
+			$has_preconfig = true;
+			$description = 'You can now customize the path to your acme.conf file (global alias for Let\'s Encrypt). If you already set up Let\'s Encrypt and the acme.conf file, please set this to the complete path to the file!<br /><br />';
+			$question = '<strong>Path to the acme.conf alias-file.</strong><br />';
+			$question .= '<input type="text" class="text" name="acmeconffile" value="/etc/apache2/conf-enabled/acme.conf" /><br />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
+
+	if (versionInUpdate($current_db_version, '201609200')) {
+		$has_preconfig = true;
+		$description = 'Specify SMTP settings which froxlor should use to send mail (optional)<br /><br />';
+		$question = '<strong>Enable sending mails via SMTP?</strong><br />';
+		$question .= makeyesno('smtp_enable', '1', '0', '0') . '<br />';
+		$question .= '<strong>Enable sending mails via SMTP?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_host" value="localhost" /><br />';
+		$question .= '<strong>TCP port to connect to?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_port" value="25" /><br />';
+		$question .= '<strong>Enable TLS encryption?</strong><br />';
+		$question .= makeyesno('smtp_usetls', '1', '0', '1') . '<br />';
+		$question .= '<strong>Enable SMTP authentication?</strong><br />';
+		$question .= makeyesno('smtp_auth', '1', '0', '1') . '<br />';
+		$question .= '<strong>SMTP user?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_user" value="" /><br />';
+		$question .= '<strong>SMTP password?</strong><br />';
+		$question .= '<input type="password" class="text" name="smtp_passwd" value="" /><br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
 }

lib/classes/config/class.ConfigDaemon.php

@@ -399,10 +399,11 @@ class ConfigDaemon {
 			case "false": if ($order == true) { $return = -1; }; break;
 			case "true": if ($order == false) { $return = -1; }; break;
 			case "notempty": if ($order == "") { $return = -1; }; break;
-			case "userexists": if (posix_getpwnam($order) === false) { $return = -1; }; break;
-			case "groupexists": if (posix_getgrnam($order) === false) { $return = -1; }; break;
-			case "usernotexists": if (is_array(posix_getpwnam($order))) { $return = -1; }; break;
-			case "groupnotexists": if (is_array(posix_getgrnam($order))) { $return = -1; }; break;
+			case "userexists": if (posix_getpwuid($order) === false) { $return = -1; }; break;
+			case "groupexists": if (posix_getgrgid($order) === false) { $return = -1; }; break;
+			case "usernotexists": if (is_array(posix_getpwuid($order))) { $return = -1; }; break;
+			case "groupnotexists": if (is_array(posix_getgrgid($order))) { $return = -1; }; break;
+			case "usernamenotexists": if (is_array(posix_getpwnam($order))) { $return = -1; }; break;
 			case "equals": $return = (isset($attributes['value']) && $attributes['value'] == $order ? 0 : -1); break;
 		}
 		return $return;

lib/classes/idna/class.idna_convert_wrapper.php

@@ -67,6 +67,16 @@ class idna_convert_wrapper
 		}
 	}
 
+	public function encode_uri($to_encode)
+	{
+		if (version_compare("5.6.0", PHP_VERSION, ">=")) {
+			return $this->_do_action('encode', $to_encode);
+		} else {
+			$to_encode = $this->is_utf8($to_encode) ? $to_encode : utf8_encode($to_encode);
+			return $this->idna_converter->encodeUri($to_encode);
+		}
+	}
+
 	/**
 	 * Decode a domain name, a email address or a list of one of both.
 	 *

lib/classes/output/class.htmlform.php

@@ -122,6 +122,8 @@ class htmlform
 				return self::_checkbox($fieldname, $data); break;
 			case 'file':
 				return self::_file($fieldname, $data); break;
+			case 'int':
+				return self::_int($fieldname, $data); break;
 		}
 	}
 
@@ -313,4 +315,29 @@ class htmlform
 		return $return;
 	}
 
+	private static function _int($fieldname = '', $data = array())
+	{
+		$return = '';
+		$extras = '';
+		if(isset($data['int_min'])) {
+			$extras .= ' min="'.$data['int_min'].'"';
+		}
+		if(isset($data['int_max'])) {
+			$extras .= ' max="'.$data['int_max'].'"';
+		}
+
+		// add support to save reloaded forms
+		if (isset($data['value'])) {
+			$value = $data['value'];
+		} elseif (isset($_SESSION['requestData'][$fieldname])) {
+			$value = $_SESSION['requestData'][$fieldname];
+		} else {
+			$value = '';
+		}
+
+		$type = 'number';
+		$ulfield = '';
+		eval("\$return = \"" . getTemplate("misc/form/input_text", "1") . "\";");
+		return $return;
+	}
 }

lib/classes/output/class.paging.php

@@ -319,6 +319,8 @@ class paging {
 				$condition.= $searchfield . " ".$oper." " . Database::quote($searchtext);
 			} else {
 				$searchtext = str_replace('*', '%', $this->searchtext);
+				// append wildcards if user did not enter any
+				if (strpos($searchtext,'%') === false) $searchtext='%'.$searchtext.'%';
 				$condition.= $searchfield . " LIKE " . Database::quote($searchtext);
 			}
 			

lib/classes/phpinterface/class.phpinterface_fcgid.php

@@ -166,14 +166,13 @@ class phpinterface_fcgid {
 		);
 
 		//insert a small header for the file
-
 		$phpini_file = ";\n";
 		$phpini_file.= "; php.ini created/changed on " . date("Y.m.d H:i:s") . " for domain '" . $this->_domain['domain'] . "' with id #" . $this->_domain['id'] . " from php template '" . $phpconfig['description'] . "' with id #" . $phpconfig['id'] . "\n";
 		$phpini_file.= "; Do not change anything in this file, it will be overwritten by the Froxlor Cronjob!\n";
 		$phpini_file.= ";\n\n";
 		$phpini_file.= replace_variables($phpconfig['phpsettings'], $php_ini_variables);
 		$phpini_file = str_replace('"none"', 'none', $phpini_file);
-		$phpini_file = preg_replace('/\"+/', '"', $phpini_file);
+		//$phpini_file = preg_replace('/\"+/', '"', $phpini_file);
 		$phpini_file_handler = fopen($this->getIniFile(), 'w');
 		fwrite($phpini_file_handler, $phpini_file);
 		fclose($phpini_file_handler);

lib/classes/phpmailer/class.PHPMailer.php

@@ -31,7 +31,7 @@ class PHPMailer
      * The PHPMailer Version number.
      * @var string
      */
-    public $Version = '5.2.15';
+    public $Version = '5.2.16';
 
     /**
      * Email priority.
@@ -285,7 +285,7 @@ class PHPMailer
 
     /**
      * SMTP auth type.
-     * Options are LOGIN (default), PLAIN, NTLM, CRAM-MD5
+     * Options are CRAM-MD5, LOGIN, PLAIN, NTLM, XOAUTH2, attempted in that order if not specified
      * @var string
      */
     public $AuthType = '';
@@ -395,7 +395,7 @@ class PHPMailer
 
     /**
      * DKIM Identity.
-     * Usually the email address used as the source of the email
+     * Usually the email address used as the source of the email.
      * @var string
      */
     public $DKIM_identity = '';
@@ -681,7 +681,9 @@ class PHPMailer
         } else {
             $subject = $this->encodeHeader($this->secureHeader($subject));
         }
-        if (ini_get('safe_mode') || !($this->UseSendmailOptions)) {
+        //Can't use additional_parameters in safe_mode
+        //@link http://php.net/manual/en/function.mail.php
+        if (ini_get('safe_mode') or !$this->UseSendmailOptions) {
             $result = @mail($to, $subject, $body, $header);
         } else {
             $result = @mail($to, $subject, $body, $header, $params);
@@ -1425,9 +1427,9 @@ class PHPMailer
         }
         $to = implode(', ', $toArr);
 
-        if (empty($this->Sender)) {
-            $params = ' ';
-        } else {
+        $params = null;
+        //This sets the SMTP envelope sender which gets turned into a return-path header by the receiver
+        if (!empty($this->Sender)) {
             $params = sprintf('-f%s', $this->Sender);
         }
         if ($this->Sender != '' and !ini_get('safe_mode')) {
@@ -1435,7 +1437,7 @@ class PHPMailer
             ini_set('sendmail_from', $this->Sender);
         }
         $result = false;
-        if ($this->SingleTo && count($toArr) > 1) {
+        if ($this->SingleTo and count($toArr) > 1) {
             foreach ($toArr as $toAddr) {
                 $result = $this->mailPassthru($toAddr, $this->Subject, $body, $header, $params);
                 $this->doCallback($result, array($toAddr), $this->cc, $this->bcc, $this->Subject, $body, $this->From);
@@ -1541,12 +1543,17 @@ class PHPMailer
      * @throws phpmailerException
      * @return boolean
      */
-    public function smtpConnect($options = array())
+    public function smtpConnect($options = null)
     {
         if (is_null($this->smtp)) {
             $this->smtp = $this->getSMTPInstance();
         }
 
+        //If no options are provided, use whatever is set in the instance
+        if (is_null($options)) {
+            $options = $this->SMTPOptions;
+        }
+
         // Already connected?
         if ($this->smtp->connected()) {
             return true;
@@ -1616,7 +1623,7 @@ class PHPMailer
                         if (!$this->smtp->startTLS()) {
                             throw new phpmailerException($this->lang('connect_host'));
                         }
-                        // We must resend HELO after tls negotiation
+                        // We must resend EHLO after TLS negotiation
                         $this->smtp->hello($hello);
                     }
                     if ($this->SMTPAuth) {
@@ -2125,12 +2132,12 @@ class PHPMailer
         //Can we do a 7-bit downgrade?
         if ($bodyEncoding == '8bit' and !$this->has8bitChars($this->Body)) {
             $bodyEncoding = '7bit';
+            //All ISO 8859, Windows codepage and UTF-8 charsets are ascii compatible up to 7-bit
             $bodyCharSet = 'us-ascii';
         }
         //If lines are too long, and we're not already using an encoding that will shorten them,
-        //change to quoted-printable transfer encoding
+        //change to quoted-printable transfer encoding for the body part only
         if ('base64' != $this->Encoding and self::hasLineLongerThanMax($this->Body)) {
-            $this->Encoding = 'quoted-printable';
             $bodyEncoding = 'quoted-printable';
         }
 
@@ -2139,10 +2146,11 @@ class PHPMailer
         //Can we do a 7-bit downgrade?
         if ($altBodyEncoding == '8bit' and !$this->has8bitChars($this->AltBody)) {
             $altBodyEncoding = '7bit';
+            //All ISO 8859, Windows codepage and UTF-8 charsets are ascii compatible up to 7-bit
             $altBodyCharSet = 'us-ascii';
         }
         //If lines are too long, and we're not already using an encoding that will shorten them,
-        //change to quoted-printable transfer encoding
+        //change to quoted-printable transfer encoding for the alt body part only
         if ('base64' != $altBodyEncoding and self::hasLineLongerThanMax($this->AltBody)) {
             $altBodyEncoding = 'quoted-printable';
         }
@@ -2246,8 +2254,10 @@ class PHPMailer
                 $body .= $this->attachAll('attachment', $this->boundary[1]);
                 break;
             default:
-                // catch case 'plain' and case ''
-                $body .= $this->encodeString($this->Body, $bodyEncoding);
+                // Catch case 'plain' and case '', applies to simple `text/plain` and `text/html` body content types
+                //Reset the `Encoding` property in case we changed it for line length reasons
+                $this->Encoding = $bodyEncoding;
+                $body .= $this->encodeString($this->Body, $this->Encoding);
                 break;
         }
 
@@ -2353,8 +2363,7 @@ class PHPMailer
 
     /**
      * Set the message type.
-     * PHPMailer only supports some preset message types,
-     * not arbitrary MIME structures.
+     * PHPMailer only supports some preset message types, not arbitrary MIME structures.
      * @access protected
      * @return void
      */
@@ -2372,6 +2381,7 @@ class PHPMailer
         }
         $this->message_type = implode('_', $type);
         if ($this->message_type == '') {
+            //The 'plain' message_type refers to the message having a single body element, not that it is plain-text
             $this->message_type = 'plain';
         }
     }

lib/classes/phpmailer/class.SMTP.php

@@ -30,7 +30,7 @@ class SMTP
      * The PHPMailer SMTP version number.
      * @var string
      */
-    const VERSION = '5.2.15';
+    const VERSION = '5.2.16';
 
     /**
      * SMTP line break constant.
@@ -81,7 +81,7 @@ class SMTP
      * @deprecated Use the `VERSION` constant instead
      * @see SMTP::VERSION
      */
-    public $Version = '5.2.15';
+    public $Version = '5.2.16';
 
     /**
      * SMTP server port number.
@@ -400,7 +400,7 @@ class SMTP
             );
 
             if (empty($authtype)) {
-                foreach (array('LOGIN', 'CRAM-MD5', 'NTLM', 'PLAIN', 'XOAUTH2') as $method) {
+                foreach (array('CRAM-MD5', 'LOGIN', 'PLAIN', 'NTLM', 'XOAUTH2') as $method) {
                     if (in_array($method, $this->server_caps['AUTH'])) {
                         $authtype = $method;
                         break;

lib/classes/settings/class.Settings.php

@@ -124,6 +124,23 @@ class Settings {
 		return $result;
 	}
 
+	/**
+	 * tests if a setting-value that i s a comma separated list contains an entry
+	 *
+	 * @param string $setting a group and a varname separated by a dot (group.varname)
+	 * @param string $entry the entry that is expected to be in the list
+	 *
+	 * @return boolean true, if the list contains $entry
+	 */
+	public function pIsInList($setting = null, $entry = null) {
+		$s=Settings::Get($setting);
+		if ($s==null) {
+			return false;
+		}
+		$slist = explode(",",$s);
+		return in_array($entry, $slist);
+	}
+
 	/**
 	 * update a setting / set a new value
 	 *

lib/classes/ssl/class.lescript.php

@@ -29,7 +29,8 @@
 class lescript
 {
 
-	public $license = 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf';
+	// https://letsencrypt.org/repository/
+	public $license;
 
 	private $logger;
 
@@ -37,9 +38,12 @@ class lescript
 
 	private $accountKey;
 
-	public function __construct($logger)
+	private $version;
+
+	public function __construct($logger, $version = '1')
 	{
 		$this->logger = $logger;
+		$this->version = $version;
 		if (Settings::Get('system.letsencryptca') == 'production') {
 			$ca = 'https://acme-v01.api.letsencrypt.org';
 		} else {
@@ -49,7 +53,7 @@ class lescript
 		$this->log("Using '$ca' to generate certificate");
 	}
 
-	public function initAccount($certrow)
+	public function initAccount($certrow, $isFroxlorVhost = false)
 	{
 		// Let's see if we have the private accountkey
 		$this->accountKey = $certrow['leprivatekey'];
@@ -62,24 +66,30 @@ class lescript
 			$keys = $this->generateKey();
 			// Only store the accountkey in production, in staging always generate a new key
 			if (Settings::Get('system.letsencryptca') == 'production') {
-				$upd_stmt = Database::prepare(
-					"UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private " .
-						 "WHERE `customerid` = :customerid;");
-				Database::pexecute($upd_stmt,
-					array(
+				if ($isFroxlorVhost) {
+					Settings::Set('system.lepublickey', $keys['public']);
+					Settings::Set('system.leprivatekey', $keys['private']);
+				} else {
+					$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private " . "WHERE `customerid` = :customerid;");
+					Database::pexecute($upd_stmt, array(
 						'public' => $keys['public'],
 						'private' => $keys['private'],
 						'customerid' => $certrow['customerid']
 					));
 				}
+			}
 			$this->accountKey = $keys['private'];
 
 			$response = $this->postNewReg();
 			if ($this->client->getLastCode() != 201) {
-				throw new \RuntimeException("Account not initialized, probably due to rate limiting. Whole response: " . $response);
+				throw new \RuntimeException("Account not initialized, probably due to rate limiting. Whole response: " . json_encode($response));
 			}
+			$this->license = $this->client->getAgreementURL();
 
-			$this->postNewReg();
+			// Terms of Servce are optional according to ACME specs; if no ToS are presented, no need to update registration
+			if (!empty($this->license)) {
+				$this->postRegAgreement(parse_url($this->client->getLastLocation(), PHP_URL_PATH));
+			}
 			$this->log('New account certificate registered');
 		} else {
 
@@ -87,6 +97,16 @@ class lescript
 		}
 	}
 
+	/**
+	 *
+	 * @param array $domains
+	 * @param string $domainkey
+	 * @param string $csr
+	 *        	optional, same behavior as $reuseCsr from the original class, but we're passing the content of the csr already
+	 *
+	 * @throws \RuntimeException
+	 * @return string[]
+	 */
 	public function signDomains(array $domains, $domainkey = null, $csr = null)
 	{
 		if (! $this->accountKey) {
@@ -108,8 +128,7 @@ class lescript
 
 			$this->log("Requesting challenge for $domain");
 
-			$response = $this->signedRequest("/acme/new-authz",
-				array(
+			$response = $this->signedRequest("/acme/new-authz", array(
 				"resource" => "new-authz",
 				"identifier" => array(
 					"type" => "dns",
@@ -129,12 +148,13 @@ class lescript
 			}
 
 			// choose http-01 challenge only
-			$challenge = array_reduce($response['challenges'],
-				function ($v, $w) {
+			$challenge = array_reduce($response['challenges'], function ($v, $w) {
 				return $v ? $v : ($w['type'] == 'http-01' ? $w : false);
 			});
-			if (! $challenge)
+
+			if (! $challenge) {
 				throw new RuntimeException("HTTP Challenge for $domain is not available. Whole response: " . json_encode($response));
+			}
 
 			$this->log("Got challenge token for $domain");
 			$location = $this->client->getLastLocation();
@@ -168,7 +188,9 @@ class lescript
 			$this->log("Token for $domain saved at $tokenPath and should be available at $uri");
 
 			// simple self check
-			if ($payload !== trim(@file_get_contents($uri))) {
+			$selfcheckContextOptions = array('http' => array('header' => "User Agent: Froxlor/".$this->version));
+			$selfcheckContext = stream_context_create($selfcheckContextOptions);
+			if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) {
 				$errmsg = json_encode(error_get_last());
 				if ($errmsg != "null") {
 					$errmsg = "; PHP error: " . $errmsg;
@@ -176,14 +198,13 @@ class lescript
 					$errmsg = "";
 				}
 				@unlink($tokenPath);
-				throw new \RuntimeException("Please check $uri - token not available" . $errmsg);
+				$this->logger->logAction(CRON_ACTION, LOG_ERR, "letsencrypt Please check $uri - token not available" . $errmsg);
 			}
 
 			$this->log("Sending request to challenge");
 
 			// send request to challenge
-			$result = $this->signedRequest($challenge['uri'],
-				array(
+			$result = $this->signedRequest($challenge['uri'], array(
 				"resource" => "challenge",
 				"type" => "http-01",
 				"keyAuthorization" => $payload,
@@ -227,7 +248,9 @@ class lescript
 
 		$this->client->getLastLinks();
 
+		if (empty($csr)) {
 			$csr = $this->generateCSR($privateDomainKey, $domains);
+		}
 
 		// request certificates creation
 		$result = $this->signedRequest("/acme/new-cert", array(
@@ -302,6 +325,16 @@ class lescript
 		));
 	}
 
+	private function postRegAgreement($uri)
+	{
+		$this->log('Accepting agreement at URL: ' . $this->license);
+
+		return $this->signedRequest($uri, array(
+			'resource' => 'reg',
+			'agreement' => $this->license
+		));
+	}
+
 	private function generateCSR($privateKey, array $domains)
 	{
 		$domain = reset($domains);
@@ -313,8 +346,7 @@ class lescript
 		$tmpConfPath = $tmpConfMeta["uri"];
 
 		// workaround to get SAN working
-		fwrite($tmpConf,
-			'HOME = .
+		fwrite($tmpConf, 'HOME = .
 RANDFILE = $ENV::HOME/.rnd
 [ req ]
 default_bits = ' . Settings::Get('system.letsencryptkeysize') . '
@@ -328,8 +360,7 @@ basicConstraints = CA:FALSE
 subjectAltName = ' . $san . '
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment');
 
-		$csr = openssl_csr_new(
-			array(
+		$csr = openssl_csr_new(array(
 			"CN" => $domain,
 			"ST" => Settings::Get('system.letsencryptstate'),
 			"C" => Settings::Get('system.letsencryptcountrycode'),
@@ -352,8 +383,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment');
 
 	private function generateKey()
 	{
-		$res = openssl_pkey_new(
-			array(
+		$res = openssl_pkey_new(array(
 			"private_key_type" => OPENSSL_KEYTYPE_RSA,
 			"private_key_bits" => (int) Settings::Get('system.letsencryptkeysize')
 		));
@@ -506,6 +536,13 @@ class Client
 		preg_match_all('~Link: <(.+)>;rel="up"~', $this->lastHeader, $matches);
 		return $matches[1];
 	}
+
+	public function getAgreementURL()
+	{
+		preg_match_all('~Link: <(.+)>;rel="terms-of-service"~', $this->lastHeader, $matches);
+		return $matches[1][0];
+	}
+
 }
 
 class Base64UrlSafeEncoder

lib/classes/webserver/class.DomainSSL.php

@@ -46,7 +46,7 @@ class DomainSSL {
 				|| $dom_certs['ssl_cert_file'] == ''
 		) {
 			// maybe its parent?
-			if ($domain['parentdomainid'] != 0) {
+			if (isset($domain['parentdomainid']) && $domain['parentdomainid'] != 0) {
 				$dom_certs = Database::pexecute_first($dom_certs_stmt, array('domid' => $domain['parentdomainid']));
 			}
 		}

lib/configfiles/gentoo.xml

@@ -64,7 +64,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/modules.d/80_acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -96,7 +96,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/modules.d/80_acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -267,7 +267,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -3875,7 +3875,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>

lib/configfiles/jessie.xml

@@ -68,7 +68,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -287,7 +287,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -4696,7 +4696,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>

lib/configfiles/precise.xml

@@ -66,7 +66,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -246,7 +246,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -1695,7 +1695,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>

lib/configfiles/rhel_centos.xml

@@ -46,7 +46,7 @@
 				<daemon name="apache" version="2.4" title="Apache 2.4"
 					default="true">
 					<include>//service[@type='http']/general/commands</include>
-					<file name="/etc/httpd/conf.d/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[

lib/configfiles/trusty.xml

@@ -66,7 +66,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -100,7 +100,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -279,7 +279,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -1703,7 +1703,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>

lib/configfiles/wheezy.xml

@@ -66,7 +66,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf.d/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -100,7 +100,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -319,7 +319,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -5504,7 +5504,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>

lib/formfields/admin/domains/formfield.domains_add.php

@@ -101,40 +101,6 @@ return array(
 						'is_array' => 1,
 						'mandatory' => true
 					),
-					'ssl_ipandport' => array(
-						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
-						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
-						'type' => 'checkbox',
-						'values' => $ssl_ipsandports,
-						'value' => '',
-						'is_array' => 1
-					),
-					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
-						'label' => $lng['domains']['ssl_redirect']['title'],
-						'desc' => $lng['domains']['ssl_redirect']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array()
-					),
-					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
-						'label' => $lng['admin']['letsencrypt']['title'],
-						'desc' => $lng['admin']['letsencrypt']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array()
-					),
-					'no_ssl_available_info' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports == '' ? true : false) : false),
-						'label' => 'SSL',
-						'type' => 'label',
-						'value' => $lng['panel']['nosslipsavailable']
-					),
 					'selectserveralias' => array(
 						'label' => $lng['admin']['selectserveralias'],
 						'desc' => $lng['admin']['selectserveralias_desc'],
@@ -161,6 +127,76 @@ return array(
 					)
 				)
 			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_add.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'fields' => array(
+					'ssl_ipandport' => array(
+						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
+						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
+						'type' => 'checkbox',
+						'values' => $ssl_ipsandports,
+						'value' => '',
+						'is_array' => 1
+					),
+					'ssl_redirect' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'letsencrypt' => array(
+						'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+						'label' => $lng['admin']['letsencrypt']['title'],
+						'desc' => $lng['admin']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'no_ssl_available_info' => array(
+						'visible' => ($ssl_ipsandports == '' ? true : false),
+						'label' => 'SSL',
+						'type' => 'label',
+						'value' => $lng['panel']['nosslipsavailable']
+					),
+					'hsts_maxage' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => 0
+					),
+					'hsts_incsub' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'hsts_preload' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+				),
+			),
 			'section_c' => array(
 				'title' => $lng['admin']['phpserversettings'],
 				'image' => 'icons/domain_add.png',

lib/formfields/admin/domains/formfield.domains_edit.php

@@ -113,40 +113,6 @@ return array(
 						'is_array' => 1,
 						'mandatory' => true
 					),
-					'ssl_ipandport' => array(
-						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
-						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
-						'type' => 'checkbox',
-						'values' => $ssl_ipsandports,
-						'value' => $usedips,
-						'is_array' => 1
-					),
-					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
-						'label' => $lng['domains']['ssl_redirect']['title'],
-						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array($result['ssl_redirect'])
-					),
-					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
-						'label' => $lng['admin']['letsencrypt']['title'],
-						'desc' => $lng['admin']['letsencrypt']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array($result['letsencrypt'])
-					),
-					'no_ssl_available_info' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports == '' ? true : false) : false),
-						'label' => 'SSL',
-						'type' => 'label',
-						'value' => $lng['panel']['nosslipsavailable']
-					),
 					'selectserveralias' => array(
 						'label' => $lng['admin']['selectserveralias'],
 						'desc' => $lng['admin']['selectserveralias_desc'],
@@ -184,6 +150,76 @@ return array(
 					)
 				)
 			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_edit.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'fields' => array(
+					'ssl_ipandport' => array(
+						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
+						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
+						'type' => 'checkbox',
+						'values' => $ssl_ipsandports,
+						'value' => $usedips,
+						'is_array' => 1
+					),
+					'ssl_redirect' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['ssl_redirect'])
+					),
+					'letsencrypt' => array(
+						'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+						'label' => $lng['admin']['letsencrypt']['title'],
+						'desc' => $lng['admin']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['letsencrypt'])
+					),
+					'no_ssl_available_info' => array(
+						'visible' => ($ssl_ipsandports == '' ? true : false),
+						'label' => 'SSL',
+						'type' => 'label',
+						'value' => $lng['panel']['nosslipsavailable']
+					),
+					'hsts_maxage' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => $result['hsts']
+					),
+					'hsts_incsub' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['hsts_sub'])
+					),
+					'hsts_preload' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['hsts_preload'])
+					),
+				)
+			),
 			'section_c' => array(
 				'title' => $lng['admin']['phpserversettings'],
 				'image' => 'icons/domain_edit.png',

lib/formfields/admin/ipsandports/formfield.ipsandports_add.php

@@ -49,7 +49,7 @@ return array(
 						'value' => array('1')
 					),
 					'namevirtualhost_statement' => array(
-						'visible' => $is_apache,
+						'visible' => $is_apache && !$is_apache24,
 						'label' => $lng['admin']['ipsandports']['create_namevirtualhost_statement'],
 						'type' => 'checkbox',
 						'values' => array(

lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php

@@ -51,7 +51,7 @@ return array(
 						'value' => array($result['listen_statement'])
 					),
 					'namevirtualhost_statement' => array(
-						'visible' => $is_apache,
+						'visible' => $is_apache && !$is_apache24,
 						'label' => $lng['admin']['ipsandports']['create_namevirtualhost_statement'],
 						'type' => 'checkbox',
 						'values' => array(

lib/formfields/customer/domains/formfield.domains_add.php

@@ -54,7 +54,7 @@ return array(
 						'type' => 'text'
 					),
 					'redirectcode' => array(
-						'visible' => ((Settings::Get('system.webserver') == 'apache2' && Settings::Get('customredirect.enabled') == '1') ? true : false),
+						'visible' => (Settings::Get('customredirect.enabled') == '1' ? true : false),
 						'label' => $lng['domains']['redirectifpathisurl'],
 						'desc' => $lng['domains']['redirectifpathisurlinfo'],
 						'type' => 'select',
@@ -66,8 +66,20 @@ return array(
 						'type' => 'label',
 						'value' => $lng['customer']['selectserveralias_addinfo']
 					),
+					'openbasedir_path' => array(
+						'label' => $lng['domain']['openbasedirpath'],
+						'type' => 'select',
+						'select_var' => $openbasedir
+					)
+				)
+			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_add.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'fields' => array(
 					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+						'visible' => ($ssl_ipsandports != '' ? true : false),
 						'label' => $lng['domains']['ssl_redirect']['title'],
 						'desc' => $lng['domains']['ssl_redirect']['description'],
 						'type' => 'checkbox',
@@ -77,7 +89,7 @@ return array(
 						'value' => array()
 					),
 					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
+						'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
 						'label' => $lng['customer']['letsencrypt']['title'],
 						'desc' => $lng['customer']['letsencrypt']['description'],
 						'type' => 'checkbox',
@@ -86,13 +98,37 @@ return array(
 						),
 						'value' => array()
 					),
-					'openbasedir_path' => array(
-						'label' => $lng['domain']['openbasedirpath'],
-						'type' => 'select',
-						'select_var' => $openbasedir
-					)
-				)
-			)
+					'hsts_maxage' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => 0
+					),
+					'hsts_incsub' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'hsts_preload' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+				),
+			),
 		)
 	)
 );

lib/formfields/customer/domains/formfield.domains_edit.php

@@ -54,7 +54,7 @@ return array(
 						'value' => $urlvalue
 					),
 					'redirectcode' => array(
-						'visible' => ((Settings::Get('system.webserver') == 'apache2' && Settings::Get('customredirect.enabled') == '1') ? true : false),
+						'visible' => (Settings::Get('customredirect.enabled') == '1' ? true : false),
 						'label' => $lng['domains']['redirectifpathisurl'],
 						'desc' => $lng['domains']['redirectifpathisurlinfo'],
 						'type' => 'select',
@@ -76,6 +76,19 @@ return array(
 									),
 						'value' => array($result['isemaildomain'])
 					),
+					'openbasedir_path' => array(
+						'visible' => ($result['openbasedir'] == '1') ? true : false,
+						'label' => $lng['domain']['openbasedirpath'],
+						'type' => 'select',
+						'select_var' => $openbasedir
+					)
+				)
+			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_edit.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'fields' => array(
 					'ssl_redirect' => array(
 						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false),
 						'label' => $lng['domains']['ssl_redirect']['title'],
@@ -96,14 +109,37 @@ return array(
 						),
 						'value' => array($result['letsencrypt'])
 					),
-					'openbasedir_path' => array(
-						'visible' => ($result['openbasedir'] == '1') ? true : false,
-						'label' => $lng['domain']['openbasedirpath'],
-						'type' => 'select',
-						'select_var' => $openbasedir
-					)
-				)
+					'hsts_maxage' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => $result['hsts']
+					),
+					'hsts_incsub' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['hsts_sub'])
+					),
+					'hsts_preload' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['hsts_preload'])
+					),
 				)
+			),
 		)
 	)
 );

lib/formfields/customer/ftp/formfield.ftp_add.php

@@ -64,6 +64,12 @@ return array(
 									),
 						'value' => array()
 					),
+					'shell' => array(
+						'visible' => (Settings::Get('system.allow_customer_shell') == '1' ? true : false),
+						'label' => $lng['panel']['shell'],
+						'type' => 'select',
+						'select_var' => (isset($shells) ? $shells : ""),
+					)
 				)
 			)
 		)

lib/formfields/customer/ftp/formfield.ftp_edit.php

@@ -51,6 +51,12 @@ return array(
 						'type' => 'text',
 						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
+					),
+					'shell' => array(
+						'visible' => (Settings::Get('system.allow_customer_shell') == '1' ? true : false),
+						'label' => $lng['panel']['shell'],
+						'type' => 'select',
+						'select_var' => (isset($shells) ? $shells : ""),
 					)
 				)
 			)

lib/functions/dns/function.createDomainZone.php

@@ -55,8 +55,8 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo
 	if ($domain['isemaildomain'] === '1') {
 		addRequiredEntry('@', 'MX', $required_entries);
 		if (Settings::Get('system.dns_createmailentry')) {
-			foreach(['imap', 'pop3', 'mail', 'smtp'] as $record) {
-				foreach(['AAAA', 'A'] as $type) {
+			foreach(array('imap', 'pop3', 'mail', 'smtp') as $record) {
+				foreach(array('AAAA', 'A') as $type) {
 					addRequiredEntry($record, $type, $required_entries);
 				}
 			}
@@ -205,6 +205,7 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo
 			if (Settings::Get('system.mxservers') != '') {
 				$mxservers = explode(',', Settings::Get('system.mxservers'));
 				foreach ($mxservers as $mxserver) {
+					$mxserver = trim($mxserver);
 					if (substr($mxserver, - 1, 1) != '.') {
 						$mxserver .= '.';
 					}
@@ -274,13 +275,11 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo
 			Database::pexecute($upd_stmt, array('serial' => $domain['bindserial'], 'id' => $domain['id']));
 		}
 
-		$soa_content = $primary_ns . " " . escapeSoaAdminMail(Settings::Get('panel.adminmail')) . " (" . PHP_EOL;
-		$soa_content .= $domain['bindserial'] . "\t; serial" . PHP_EOL;
+		// PowerDNS does not like multi-line-format
+		$soa_content = $primary_ns . " " . escapeSoaAdminMail(Settings::Get('panel.adminmail')) . " ";
+		$soa_content .= $domain['bindserial'] . " ";
 		// TODO for now, dummy time-periods
-		$soa_content .= "1800\t; refresh (30 mins)" . PHP_EOL;
-		$soa_content .= "900\t; retry (15 mins)" . PHP_EOL;
-		$soa_content .= "604800\t; expire (7 days)" . PHP_EOL;
-		$soa_content .= "1200\t)\t; minimum (20 mins)";
+		$soa_content .= "1800 900 604800 1200";
 
 		$soa_record = new DnsEntry('@', 'SOA', $soa_content);
 		array_unshift($zonerecords, $soa_record);

lib/functions/filedir/function.findDirs.php

@@ -17,27 +17,57 @@
  *
  */
 
+
 /**
  * Returns an array of found directories
  *
  * This function checks every found directory if they match either $uid or $gid, if they do
  * the found directory is valid. It uses recursive-iterators to find subdirectories.
  *
- * @param  string $path the path to start searching in
- * @param  int $uid the uid which must match the found directories
- * @param  int $gid the gid which must match the found direcotries
+ * @param string $path
+ *        	the path to start searching in
+ * @param int $uid
+ *        	the uid which must match the found directories
+ * @param int $gid
+ *        	the gid which must match the found direcotries
  *
  * @return array Array of found valid paths
  */
-function findDirs($path, $uid, $gid) {
-
+function findDirs($path, $uid, $gid)
+{
 	$_fileList = array();
 	$path = makeCorrectDir($path);
 
 	// valid directory?
 	if (is_dir($path)) {
+
+		// Will exclude everything under these directories
+		$exclude = array(
+			'awstats',
+			'webalizer'
+		);
+
+		/**
+		 *
+		 * @param SplFileInfo $file
+		 * @param mixed $key
+		 * @param RecursiveCallbackFilterIterator $iterator
+		 * @return bool True if you need to recurse or if the item is acceptable
+		 */
+		$filter = function ($file, $key, $iterator) use ($exclude) {
+			if (in_array($file->getFilename(), $exclude)) {
+				return false;
+			}
+			return true;
+		};
+
 		// create RecursiveIteratorIterator
-		$its = new RecursiveIteratorIterator(new IgnorantRecursiveDirectoryIterator($path));
+		$its = new RecursiveIteratorIterator(
+			new RecursiveCallbackFilterIterator(
+				new IgnorantRecursiveDirectoryIterator($path, RecursiveDirectoryIterator::SKIP_DOTS),
+				$filter
+			)
+		);
 		// we can limit the recursion-depth, but will it be helpful or
 		// will people start asking "why do I only see 2 subdirectories, i want to use /a/b/c"
 		// let's keep this in mind and see whether it will be useful
@@ -50,10 +80,10 @@ function findDirs($path, $uid, $gid) {
 				$_fileList[] = makeCorrectDir(dirname($fullFileName));
 			}
 		}
+		$_fileList[] = $path;
 	}
 
 	return array_unique($_fileList);
-
 }
 
 /**
@@ -61,9 +91,12 @@ function findDirs($path, $uid, $gid) {
  * into UnexpectedValueException you may use this little hack to ignore those
  * directories, such as lost+found on linux.
  * (User "antennen" @ http://php.net/manual/en/class.recursivedirectoryiterator.php#101654)
-**/
-class IgnorantRecursiveDirectoryIterator extends RecursiveDirectoryIterator {
-    function getChildren() {
+ */
+class IgnorantRecursiveDirectoryIterator extends RecursiveDirectoryIterator
+{
+
+	function getChildren()
+	{
 		try {
 			return new IgnorantRecursiveDirectoryIterator($this->getPathname());
 		} catch (UnexpectedValueException $e) {

lib/functions/filedir/function.makeCorrectDir.php

@@ -26,7 +26,7 @@
  */
 function makeCorrectDir($dir) {
 
-	assert('is_string($dir) && strlen($dir) > 0 /* $dir does not look like an actual folder name */');
+	assert('is_string($dir) && strlen($dir) > 0', 'Value "' . $dir .'" does not look like an actual folder name');
 
 	$dir = trim($dir);
 

lib/functions/filedir/function.makePathfield.php

@@ -64,7 +64,12 @@ function makePathfield($path, $uid, $gid, $value = '', $dom = false) {
 				$_field = '';
 				foreach ($dirList as $key => $dir) {
 					if (strpos($dir, $path) === 0) {
-						$dir = makeCorrectDir(substr($dir, strlen($path)));
+						$dir = substr($dir, strlen($path));
+						// docroot cut off of current directory == empty -> directory is the docroot
+						if (empty($dir)) {
+							$dir = '/';
+						}
+						$dir = makeCorrectDir($dir);
 					}
 					$_field.= makeoption($dir, $dir, $value);
 				}

lib/functions/formfields/bool/function.getFormFieldOutputBool.php

@@ -17,7 +17,7 @@
  *
  */
 
-function getFormFieldOutputBool($fieldname, $fielddata)
+function getFormFieldOutputBool($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$boolswitch = makeYesNo($fieldname, '1', '0', $fielddata['value']);

lib/functions/formfields/date/function.getFormFieldOutputDate.php

@@ -17,12 +17,12 @@
  *
  */
 
-function getFormFieldOutputDate($fieldname, $fielddata)
+function getFormFieldOutputDate($fieldname, $fielddata, $do_show = true)
 {
 	if(isset($fielddata['date_timestamp']) && $fielddata['date_timestamp'] === true)
 	{
 		$fielddata['value'] = date('Y-m-d', $fielddata['value']);
 	}
 
-	return getFormFieldOutputString($fieldname, $fielddata);
+	return getFormFieldOutputString($fieldname, $fielddata, $do_show);
 }

lib/functions/formfields/file/function.getFormFieldOutputFile.php

@@ -15,7 +15,7 @@
  *
  */
 
-function getFormFieldOutputFile($fieldname, $fielddata)
+function getFormFieldOutputFile($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$value = htmlentities($fielddata['value']);

lib/functions/formfields/function.buildFormEx.php

@@ -49,7 +49,7 @@ function buildFormEx($form, $part = '') {
 					$do_show = $groupdetails['visible'];
 				}
 
-				if ($do_show) {
+				//if ($do_show) {
 					if (isset($groupdetails['title']) && $groupdetails['title'] != '') {
 						$fields .= getFormGroupOutput($groupname, $groupdetails);
 					}
@@ -66,7 +66,7 @@ function buildFormEx($form, $part = '') {
 							$fields .= getFormFieldOutput($fieldname, $fielddetails);
 						}
 					}
-				}
+				//}
 			}
 		}
 	}

lib/functions/formfields/function.getFormFieldData.php

@@ -21,7 +21,8 @@ function getFormFieldData($fieldname, $fielddata, &$input)
 {
 	if(is_array($fielddata) && isset($fielddata['type']) && $fielddata['type'] != '' && function_exists('getFormFieldData' . ucfirst($fielddata['type'])))
 	{
-		$newfieldvalue = call_user_func('getFormFieldData' . ucfirst($fielddata['type']), $fieldname, $fielddata, $input);
+		$gfdFunc = 'getFormFieldData' . ucfirst($fielddata['type']);
+		$newfieldvalue = $gfdFunc($fieldname, $fielddata, $input);
 	}
 	else
 	{

lib/functions/formfields/function.getFormFieldOutput.php

@@ -19,6 +19,8 @@
 
 function getFormFieldOutput($fieldname, $fielddata) {
 
+	global $lng;
+
 	$returnvalue = '';
 	if (is_array($fielddata)
 		&& isset($fielddata['type'])
@@ -51,6 +53,7 @@ function getFormFieldOutput($fieldname, $fielddata) {
 			$websrv = Settings::Get('system.webserver');
 			if (!in_array($websrv, $fielddata['websrv_avail'])) {
 				$do_show = false;
+				$fielddata['label'].= sprintf($lng['serversettings']['option_unavailable_websrv'], implode(", ", $fielddata['websrv_avail']));
 			}
 		}
 
@@ -59,11 +62,14 @@ function getFormFieldOutput($fieldname, $fielddata) {
 		// be false due to websrv_avail
 		if (isset($fielddata['visible']) && $do_show) {
 			$do_show = $fielddata['visible'];
+			if (!$do_show) {
+				$fielddata['label'].= $lng['serversettings']['option_unavailable'];
+			}
 		}
 
-		if ($do_show) {
-			$returnvalue = call_user_func('getFormFieldOutput' . ucfirst($fielddata['type']), $fieldname, $fielddata);
-		}
+		//if ($do_show) {
+			$returnvalue = call_user_func('getFormFieldOutput' . ucfirst($fielddata['type']), $fieldname, $fielddata, $do_show);
+		//}
 	}
 	return $returnvalue;
 }

lib/functions/formfields/function.getFormGroupOutput.php

@@ -81,11 +81,13 @@ function getFormOverviewGroupOutput($groupname, $groupdetails) {
 		$websrv = Settings::Get('system.webserver');
 		if (!in_array($websrv, $groupdetails['websrv_avail'])) {
 			$do_show = false;
+			$title .= sprintf($lng['serversettings']['option_unavailable_websrv'], implode(", ", $groupdetails['websrv_avail']));
+			// hack disabled flag into select-box
+			$option = str_replace('<select class', '<select disabled="disabled" class', $option);
 		}
 	}
 
-	if ($do_show) {
 	eval("\$group = \"" . getTemplate("settings/settings_overviewgroup") . "\";");
-	}
+
 	return $group;
 }

lib/functions/formfields/hiddenstring/function.getFormFieldOutputString.php

@@ -17,7 +17,7 @@
  *
  */
 
-function getFormFieldOutputHiddenString($fieldname, $fielddata)
+function getFormFieldOutputHiddenString($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$value = htmlentities($fielddata['value']);

lib/functions/formfields/int/function.getFormFieldOutputInt.php

@@ -17,7 +17,7 @@
  *
  */
 
-function getFormFieldOutputInt($fieldname, $fielddata)
+function getFormFieldOutputInt($fieldname, $fielddata, $do_show = true)
 {
-	return getFormFieldOutputString($fieldname, $fielddata);
+	return getFormFieldOutputString($fieldname, $fielddata, $do_show);
 }

lib/functions/formfields/option/function.getFormFieldOutputOption.php

@@ -17,7 +17,7 @@
  *
  */
 
-function getFormFieldOutputOption($fieldname, $fielddata)
+function getFormFieldOutputOption($fieldname, $fielddata, $do_show = true)
 {
 	$returnvalue = '';
 

lib/functions/formfields/option/function.validateFormFieldOption.php

@@ -40,6 +40,9 @@ function validateFormFieldOption($fieldname, $fielddata, $newfieldvalue)
 	}
 	else
 	{
+		if (isset($fielddata['option_emptyallowed']) && $fielddata['option_emptyallowed']) {
+			return true;
+		}
 		return 'not in option';
 	}
 }

lib/functions/formfields/string/function.getFormFieldOutputString.php

@@ -17,7 +17,7 @@
  *
  */
 
-function getFormFieldOutputString($fieldname, $fielddata)
+function getFormFieldOutputString($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$value = htmlentities($fielddata['value']);

lib/functions/formfields/text/function.getFormFieldOutputText.php

@@ -17,7 +17,7 @@
  *
  */
 
-function getFormFieldOutputText($fieldname, $fielddata)
+function getFormFieldOutputText($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$value = htmlentities($fielddata['value']);

lib/functions/froxlor/function.CorrectErrorDocument.php

@@ -32,7 +32,7 @@ function correctErrorDocument($errdoc = null) {
 		// not a URL
 		if ((strtoupper(substr($errdoc, 0, 5)) != 'HTTP:'
 				&& strtoupper(substr($errdoc, 0, 6)) != 'HTTPS:')
-				|| !validateUrl($idna_convert->encode($errdoc))
+				|| !validateUrl($errdoc)
 		) {
 			// a file
 			if (substr($errdoc, 0, 1) != '"') {

lib/functions/output/function.dieWithMail.php

@@ -34,6 +34,18 @@ function dieWithMail($message, $subject = "[froxlor] Cronjob error") {
 		$_mail = new PHPMailer(true);
 		$_mail->CharSet = "UTF-8";
 
+		if (Settings::Get('system.mail_use_smtp')) {
+			$_mail->isSMTP();
+			$_mail->Host = Settings::Get('system.mail_smtp_host');
+			$_mail->SMTPAuth = Settings::Get('system.mail_smtp_auth') == '1' ? true : false;
+			$_mail->Username = Settings::Get('system.mail_smtp_user');
+			$_mail->Password = Settings::Get('system.mail_smtp_passwd');
+			if (Settings::Get('system.mail_smtp_usetls')) {
+				$_mail->SMTPSecure = 'tls';
+			}
+			$_mail->Port = Settings::Get('system.mail_smtp_port');
+		}
+
 		if (PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')) !== false) {
 			// set return-to address and custom sender-name, see #76
 			$_mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));

lib/functions/settings/function.storeSettingClearCertificates.php

@@ -0,0 +1,37 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+* Copyright (c) 2003-2009 the SysCP Team (see authors).
+* Copyright (c) 2010 the Froxlor Team (see authors).
+*
+* For the full copyright and license information, please view the COPYING
+* file that was distributed with this source code. You can also view the
+* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+*
+* @copyright  (c) the authors
+* @author     Froxlor team <team@froxlor.org> (2010-)
+* @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+* @package    Functions
+*
+*/
+
+function storeSettingClearCertificates($fieldname, $fielddata, $newfieldvalue) {
+
+	$returnvalue = storeSettingField($fieldname, $fielddata, $newfieldvalue);
+
+	if ($returnvalue !== false
+		&& is_array($fielddata)
+		&& isset($fielddata['settinggroup'])
+		&& $fielddata['settinggroup'] == 'system'
+		&& isset($fielddata['varname'])
+		&& $fielddata['varname'] == 'le_froxlor_enabled'
+		&& $newfieldvalue == '0'
+		) {
+			Database::query("
+				DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
+			");
+		}
+
+		return $returnvalue;
+}

lib/init.php

@@ -39,11 +39,6 @@ header("X-XSS-Protection: 1; mode=block");
 // Don't allow to load Froxlor in an iframe to prevent i.e. clickjacking
 header("X-Frame-Options: DENY");
 
-// If Froxlor was called via HTTPS -> enforce it for the next time
-if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
-	header("Strict-Transport-Security: max-age=15768000");
-}
-
 // Internet Explorer shall not guess the Content-Type, see:
 // http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
 header("X-Content-Type-Options: nosniff");
@@ -127,6 +122,24 @@ require FROXLOR_INSTALL_DIR.'/lib/tables.inc.php';
  */
 $idna_convert = new idna_convert_wrapper();
 
+/**
+ * If Froxlor was called via HTTPS -> enforce it for the next time by settings HSTS header according to settings
+ */
+if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
+	$maxage = Settings::Get('system.hsts_maxage');
+	if (empty($maxage)) {
+		$maxage = 0;
+	}
+	$hsts_header = "Strict-Transport-Security: max-age=".$maxage;
+	if (Settings::Get('system.hsts_incsub') == '1') {
+		$hsts_header .= "; includeSubDomains";
+	}
+	if (Settings::Get('system.hsts_preload') == '1') {
+		$hsts_header .= "; preload";
+	}
+	header($hsts_header);
+}
+
 /**
  * disable magic_quotes_runtime if enabled
  */
@@ -542,6 +555,18 @@ if ($page == '') {
 $mail = new PHPMailer(true);
 $mail->CharSet = "UTF-8";
 
+if (Settings::Get('system.mail_use_smtp')) {
+	$mail->isSMTP();
+	$mail->Host = Settings::Get('system.mail_smtp_host');
+	$mail->SMTPAuth = Settings::Get('system.mail_smtp_auth') == '1' ? true : false;
+	$mail->Username = Settings::Get('system.mail_smtp_user');
+	$mail->Password = Settings::Get('system.mail_smtp_passwd');
+	if (Settings::Get('system.mail_smtp_usetls')) {
+		$mail->SMTPSecure = 'tls';
+	}
+	$mail->Port = Settings::Get('system.mail_smtp_port');
+}
+
 if (PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')) !== false) {
 	// set return-to address and custom sender-name, see #76
 	$mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));

lib/navigation/00.froxlor.main.php

@@ -16,7 +16,6 @@
  * @package    Navigation
  *
  */
-
 return array(
 	'customer' => array(
 		'index' => array(
@@ -24,15 +23,15 @@ return array (
 			'label' => $lng['admin']['overview'],
 			'elements' => array(
 				array(
-					'label' => $lng['menue']['main']['username'],
+					'label' => $lng['menue']['main']['username']
 				),
 				array(
 					'url' => 'customer_index.php?page=change_password',
-					'label' => $lng['menue']['main']['changepassword'],
+					'label' => $lng['menue']['main']['changepassword']
 				),
 				array(
 					'url' => 'customer_index.php?page=change_language',
-					'label' => $lng['menue']['main']['changelanguage'],
+					'label' => $lng['menue']['main']['changelanguage']
 				),
 				array(
 					'url' => 'customer_index.php?page=change_theme',
@@ -41,18 +40,19 @@ return array (
 				),
 				array(
 					'url' => 'customer_index.php?action=logout',
-					'label' => $lng['login']['logout'],
-				),
-			),
+					'label' => $lng['login']['logout']
+				)
+			)
 		),
 		'email' => array(
 			'url' => 'customer_email.php',
 			'label' => $lng['menue']['email']['email'],
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'email')),
 			'elements' => array(
 				array(
 					'url' => 'customer_email.php?page=emails',
 					'label' => $lng['menue']['email']['emails'],
-					'required_resources' => 'emails',
+					'required_resources' => 'emails'
 				),
 				array(
 					'url' => 'customer_email.php?page=emails&action=add',
@@ -64,88 +64,99 @@ return array (
 					'new_window' => true,
 					'label' => $lng['menue']['email']['webmail'],
 					'required_resources' => 'emails_used',
-					'show_element' => ( Settings::Get('panel.webmail_url') != '' ),
-				),
-			),
+					'show_element' => (Settings::Get('panel.webmail_url') != '')
+				)
+			)
 		),
 		'mysql' => array(
 			'url' => 'customer_mysql.php',
 			'label' => $lng['menue']['mysql']['mysql'],
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'mysql')),
 			'elements' => array(
 				array(
 					'url' => 'customer_mysql.php?page=mysqls',
 					'label' => $lng['menue']['mysql']['databases'],
-					'required_resources' => 'mysqls',
+					'required_resources' => 'mysqls'
 				),
 				array(
 					'url' => Settings::Get('panel.phpmyadmin_url'),
 					'new_window' => true,
 					'label' => $lng['menue']['mysql']['phpmyadmin'],
 					'required_resources' => 'mysqls_used',
-					'show_element' => ( Settings::Get('panel.phpmyadmin_url') != '' ),
-				),
-			),
+					'show_element' => (Settings::Get('panel.phpmyadmin_url') != '')
+				)
+			)
 		),
 		'domains' => array(
 			'url' => 'customer_domains.php',
 			'label' => $lng['menue']['domains']['domains'],
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'domains')),
 			'elements' => array(
 				array(
 					'url' => 'customer_domains.php?page=domains',
-					'label' => $lng['menue']['domains']['settings'],
-				),
+					'label' => $lng['menue']['domains']['settings']
 				),
+				array(
+					'url' => 'customer_domains.php?page=sslcertificates',
+					'label' => $lng['domains']['ssl_certificates']
+				)
+			)
 		),
 		'ftp' => array(
 			'url' => 'customer_ftp.php',
 			'label' => $lng['menue']['ftp']['ftp'],
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'ftp')),
 			'elements' => array(
 				array(
 					'url' => 'customer_ftp.php?page=accounts',
-					'label' => $lng['menue']['ftp']['accounts'],
+					'label' => $lng['menue']['ftp']['accounts']
 				),
 				array(
 					'url' => Settings::Get('panel.webftp_url'),
 					'new_window' => true,
 					'label' => $lng['menue']['ftp']['webftp'],
-					'show_element' => ( Settings::Get('panel.webftp_url') != '' ),
-				),
-			),
+					'show_element' => (Settings::Get('panel.webftp_url') != '')
+				)
+			)
 		),
 		'extras' => array(
 			'url' => 'customer_extras.php',
 			'label' => $lng['menue']['extras']['extras'],
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'extras')),
 			'elements' => array(
 				array(
 					'url' => 'customer_extras.php?page=htpasswds',
 					'label' => $lng['menue']['extras']['directoryprotection'],
+					'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'extras.directoryprotection'))
 				),
 				array(
 					'url' => 'customer_extras.php?page=htaccess',
 					'label' => $lng['menue']['extras']['pathoptions'],
+					'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'extras.pathoptions'))
 				),
 				array(
 					'url' => 'customer_logger.php?page=log',
 					'label' => $lng['menue']['logger']['logger'],
-					'show_element' => ( Settings::Get('logger.enabled') == true )
+					'show_element' => (Settings::Get('logger.enabled') == true) && (! Settings::IsInList('panel.customer_hide_options', 'extras.logger'))
 				),
 				array(
 					'url' => 'customer_extras.php?page=backup',
 					'label' => $lng['menue']['extras']['backup'],
-					'show_element' => ( Settings::Get('system.backupenabled') == true ),
-				),
-			),
+					'show_element' => (Settings::Get('system.backupenabled') == true) && (! Settings::IsInList('panel.customer_hide_options', 'extras.backup'))
+				)
+			)
 		),
 		'traffic' => array(
 			'url' => 'customer_traffic.php',
 			'label' => $lng['menue']['traffic']['traffic'],
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'traffic')),
 			'elements' => array(
 				array(
 					'url' => 'customer_traffic.php?page=current',
-					'label' => $lng['menue']['traffic']['current'],
-				),
-			),
-		),
+					'label' => $lng['menue']['traffic']['current']
+				)
+			)
+		)
 	),
 	'admin' => array(
 		'index' => array(
@@ -153,15 +164,15 @@ return array (
 			'label' => $lng['admin']['overview'],
 			'elements' => array(
 				array(
-					'label' => $lng['menue']['main']['username'],
+					'label' => $lng['menue']['main']['username']
 				),
 				array(
 					'url' => 'admin_index.php?page=change_password',
-					'label' => $lng['menue']['main']['changepassword'],
+					'label' => $lng['menue']['main']['changepassword']
 				),
 				array(
 					'url' => 'admin_index.php?page=change_language',
-					'label' => $lng['menue']['main']['changelanguage'],
+					'label' => $lng['menue']['main']['changelanguage']
 				),
 				array(
 					'url' => 'admin_index.php?page=change_theme',
@@ -170,9 +181,9 @@ return array (
 				),
 				array(
 					'url' => 'admin_index.php?action=logout',
-					'label' => $lng['login']['logout'],
-				),
-			),
+					'label' => $lng['login']['logout']
+				)
+			)
 		),
 		'resources' => array(
 			'label' => $lng['admin']['resources'],
@@ -181,29 +192,34 @@ return array (
 				array(
 					'url' => 'admin_customers.php?page=customers',
 					'label' => $lng['admin']['customers'],
-					'required_resources' => 'customers',
+					'required_resources' => 'customers'
 				),
 				array(
 					'url' => 'admin_admins.php?page=admins',
 					'label' => $lng['admin']['admins'],
-					'required_resources' => 'change_serversettings',
+					'required_resources' => 'change_serversettings'
 				),
 				array(
 					'url' => 'admin_domains.php?page=domains',
 					'label' => $lng['admin']['domains'],
-			        'required_resources' => 'domains',
+					'required_resources' => 'domains'
+				),
+				array(
+					'url' => 'admin_domains.php?page=sslcertificates',
+					'label' => $lng['domains']['ssl_certificates'],
+					'required_resources' => 'domains'
 				),
 				array(
 					'url' => 'admin_ipsandports.php?page=ipsandports',
 					'label' => $lng['admin']['ipsandports']['ipsandports'],
-			        'required_resources' => 'change_serversettings',
+					'required_resources' => 'change_serversettings'
 				),
 				array(
 					'url' => 'admin_settings.php?page=updatecounters',
 					'label' => $lng['admin']['updatecounters'],
-			        'required_resources' => 'change_serversettings',
-			    ),
-			),
+					'required_resources' => 'change_serversettings'
+				)
+			)
 		),
 		'traffic' => array(
 			'label' => $lng['admin']['traffic'],
@@ -212,9 +228,9 @@ return array (
 				array(
 					'url' => 'admin_traffic.php?page=customers',
 					'label' => $lng['admin']['customertraffic'],
-					'required_resources' => 'customers',
-				),
-			),
+					'required_resources' => 'customers'
+				)
+			)
 		),
 		'server' => array(
 			'label' => $lng['admin']['server'],
@@ -223,35 +239,36 @@ return array (
 				array(
 					'url' => 'admin_configfiles.php?page=configfiles',
 					'label' => $lng['admin']['configfiles']['serverconfiguration'],
-					'required_resources' => 'change_serversettings',
+					'required_resources' => 'change_serversettings'
 				),
 				array(
 					'url' => 'admin_settings.php?page=overview',
 					'label' => $lng['admin']['serversettings'],
-					'required_resources' => 'change_serversettings',
+					'required_resources' => 'change_serversettings'
 				),
 				array(
 					'url' => 'admin_cronjobs.php?page=overview',
 					'label' => $lng['admin']['cron']['cronsettings'],
-					'required_resources' => 'change_serversettings',
+					'required_resources' => 'change_serversettings'
 				),
 				array(
 					'url' => 'admin_logger.php?page=log',
 					'label' => $lng['menue']['logger']['logger'],
 					'required_resources' => 'change_serversettings',
-			        'show_element' => ( Settings::Get('logger.enabled') == true ),
+					'show_element' => (Settings::Get('logger.enabled') == true)
 				),
 				array(
 					'url' => 'admin_settings.php?page=rebuildconfigs',
 					'label' => $lng['admin']['rebuildconf'],
-					'required_resources' => 'change_serversettings',
+					'required_resources' => 'change_serversettings'
 				),
 				array(
 					'url' => 'admin_autoupdate.php?page=overview',
 					'label' => $lng['admin']['autoupdate'],
 					'required_resources' => 'change_serversettings',
-			    ),
-			),
+					'show_element' => extension_loaded('zip')
+				)
+			)
 		),
 		'server_php' => array(
 			'label' => $lng['admin']['server_php'],
@@ -260,33 +277,26 @@ return array (
 				array(
 					'url' => 'admin_phpsettings.php?page=overview',
 					'label' => $lng['menue']['phpsettings']['maintitle'],
-	                'show_element' => (
-	                    Settings::Get('system.mod_fcgid') == true ||
-	                    Settings::Get('phpfpm.enabled') == true
-	                ),
+					'show_element' => (Settings::Get('system.mod_fcgid') == true || Settings::Get('phpfpm.enabled') == true)
 				),
 				array(
 					'url' => 'admin_settings.php?page=phpinfo',
 					'label' => $lng['admin']['phpinfo'],
-	                'required_resources' => 'change_serversettings',
+					'required_resources' => 'change_serversettings'
 				),
 				array(
 					'url' => 'admin_apcuinfo.php?page=showinfo',
 					'label' => $lng['admin']['apcuinfo'],
 					'required_resources' => 'change_serversettings',
-	                'show_element' => (
-	                    function_exists('apcu_cache_info') === true
-	                ),
+					'show_element' => (function_exists('apcu_cache_info') === true)
 				),
 				array(
 					'url' => 'admin_opcacheinfo.php?page=showinfo',
 					'label' => $lng['admin']['opcacheinfo'],
 					'required_resources' => 'change_serversettings',
-	                'show_element' => (
-	                    function_exists('opcache_get_configuration') === true
-	                ),
-	            ),
-	        ),
+					'show_element' => (function_exists('opcache_get_configuration') === true)
+				)
+			)
 		),
 		'misc' => array(
 			'label' => $lng['admin']['misc'],
@@ -294,17 +304,17 @@ return array (
 				array(
 					'url' => 'admin_settings.php?page=integritycheck',
 					'label' => $lng['admin']['integritycheck'],
-			        'required_resources' => 'change_serversettings',
+					'required_resources' => 'change_serversettings'
 				),
 				array(
 					'url' => 'admin_templates.php?page=email',
-			        'label' => $lng['admin']['templates']['email'],
+					'label' => $lng['admin']['templates']['email']
 				),
 				array(
 					'url' => 'admin_message.php?page=message',
-					'label' => $lng['admin']['message'],
-				),
-			),
-		),
-	),
+					'label' => $lng['admin']['message']
+				)
+			)
+		)
+	)
 );

lib/version.inc.php

@@ -16,10 +16,10 @@
  */
 
 // Main version variable
-$version = '0.9.37-rc1';
+$version = '0.9.38-rc2';
 
 // Database version (YYYYMMDDC where C is a daily counter)
-$dbversion = '201607140';
+$dbversion = '201610070';
 
 // Distribution branding-tag (used for Debian etc.)
 $branding = '';

lng/english.lng.php

@@ -71,6 +71,7 @@ $lng['customer']['ftps'] = 'FTP-accounts';
 $lng['customer']['subdomains'] = 'Subdomains';
 $lng['customer']['domains'] = 'Domains';
 $lng['customer']['unlimited'] = '∞';
+$lng['customer']['mib'] = 'MiB';
 
 /**
  * Customermenue
@@ -903,7 +904,7 @@ $lng['serversettings']['mail_quota_enabled']['enforcelink'] = 'Click here to enf
 $lng['question']['admin_quotas_reallywipe'] = 'Do you really want to wipe all quotas on table mail_users? This cannot be reverted!';
 $lng['question']['admin_quotas_reallyenforce'] = 'Do you really want to enforce the default quota to all Users? This cannot be reverted!';
 $lng['error']['vmailquotawrong'] = 'The quotasize must be positive number.';
-$lng['customer']['email_quota'] = 'E-mail quota';
+$lng['customer']['email_quota'] = 'E-mail quota (MiB)';
 $lng['customer']['email_imap'] = 'E-mail IMAP';
 $lng['customer']['email_pop3'] = 'E-mail POP3';
 $lng['customer']['mail_quota'] = 'Mailquota';
@@ -1961,7 +1962,7 @@ $lng['admin']['autoupdate'] = 'Auto-Update';
 $lng['error']['customized_version'] = 'It looks like your Froxlor installation has been customized, no support sorry.';
 $lng['error']['autoupdate_0'] = 'Unknown error';
 $lng['error']['autoupdate_1'] = 'PHP setting allow_url_fopen is disabled. Autoupdate needs this setting to be enabled in php.ini';
-$lng['error']['autoupdate_2'] = 'PHP extension Zlib not found, please ensure it is installed and activated';
+$lng['error']['autoupdate_2'] = 'PHP zip extension not found, please ensure it is installed and activated';
 $lng['error']['autoupdate_4'] = 'The froxlor archive could not be stored to the disk :(';
 $lng['error']['autoupdate_5'] = 'version.froxlor.org returned inacceptable values :(';
 $lng['error']['autoupdate_6'] = 'Woops, there was no (valid) version given to download :(';
@@ -2021,3 +2022,43 @@ $lng['serversettings']['dns_server']['description'] = 'Remember that daemons hav
 $lng['error']['domain_nopunycode'] = 'You must not specify punycode (IDNA). The domain will automatically be converted';
 $lng['admin']['dnsenabled'] = 'Enable DNS editor';
 $lng['error']['dns_record_toolong'] = 'Records/labels can only be up to 63 characters';
+
+// Added in froxlor 0.9.37-rc1
+$lng['serversettings']['panel_customer_hide_options']['title'] = 'Hide menu items and traffic charts in customer panel';
+$lng['serversettings']['panel_customer_hide_options']['description'] = 'Select items to hide in customer panel. To select multiple options, hold down CTRL while selecting.';
+
+// Added in froxlor 0.9.38-rc1
+$lng['serversettings']['allow_allow_customer_shell']['title'] = 'Allow customers to enable shell access for ftp-users';
+$lng['serversettings']['allow_allow_customer_shell']['description'] = '<strong class="red">Please note: Shell access allows the user to execute various binaries on your system. Use with extrem caution. Please only activate this if you REALLY know what you are doing!!!</strong>';
+$lng['serversettings']['available_shells']['title'] = 'List of available shells';
+$lng['serversettings']['available_shells']['description'] = 'Comma seperated list of shells that are available for the customer to chose from for their ftp-users.<br><br>Note that the default shell <strong>/bin/false</strong> will always be a choice (if enabled), even if this setting is empty. It is the default value for ftp-users in any case';
+$lng['panel']['shell'] = 'Shell';
+$lng['serversettings']['le_froxlor_enabled']['title'] = "Enable Let's Encrypt for the froxlor vhost";
+$lng['serversettings']['le_froxlor_enabled']['description'] = "If activated, the froxlor vhost will automatically be secured using a Let's Encrypt certificate.";
+$lng['serversettings']['le_froxlor_redirect']['title'] = "Enable SSL-redirect for the froxlor vhost";
+$lng['serversettings']['le_froxlor_redirect']['description'] = "If activated, all http requests to your froxlor will be redirected to the corresponding SSL site.";
+$lng['admin']['froxlorvhost'] = 'Froxlor VirtualHost settings';
+$lng['serversettings']['option_unavailable_websrv'] = '<br><em class="red">Availble only for: %s</em>';
+$lng['serversettings']['option_unavailable'] = '<br><em class="red">Option not availble due to other settings.</em>';
+$lng['serversettings']['letsencryptacmeconf']['title'] = "Path to the acme.conf snippet";
+$lng['serversettings']['letsencryptacmeconf']['description'] = "File name of the config snippet which allows the web server to serve the acme challenge.";
+$lng['admin']['hostname'] = 'Hostname';
+$lng['admin']['memory'] = 'Memory usage';
+$lng['serversettings']['mail_use_smtp'] = 'Set mailer to use SMTP';
+$lng['serversettings']['mail_smtp_host'] = 'Specify SMTP server';
+$lng['serversettings']['mail_smtp_usetls'] = 'Enable TLS encryption';
+$lng['serversettings']['mail_smtp_auth'] = 'Enable SMTP authentication';
+$lng['serversettings']['mail_smtp_port'] = 'TCP port to connect to';
+$lng['serversettings']['mail_smtp_user'] = 'SMTP username';
+$lng['serversettings']['mail_smtp_passwd'] = 'SMTP password';
+$lng['domains']['ssl_certificates'] = 'SSL certificates';
+$lng['domains']['ssl_certificate_removed'] = 'The certificate with the id #%s has been removed successfully';
+$lng['domains']['ssl_certificate_error'] = "Error reading certificate for domain: %s";
+$lng['domains']['no_ssl_certificates'] = "There are no domains with SSL certificate";
+$lng['admin']['webserversettings_ssl'] = 'Webserver SSL settings';
+$lng['admin']['domain_hsts_maxage']['title'] = 'HTTP Strict Transport Security (HSTS)';
+$lng['admin']['domain_hsts_maxage']['description'] = 'Specify the max-age value for the Strict-Transport-Security header<br>The value <i>0</i> will disable HSTS for the domain. Most user set a value of <i>31536000</i> (one year).';
+$lng['admin']['domain_hsts_incsub']['title'] = 'Include HSTS for any subdomain';
+$lng['admin']['domain_hsts_incsub']['description'] = 'The optional "includeSubDomains" directive, if present, signals the UA that the HSTS Policy applies to this HSTS Host as well as any subdomains of the host\'s domain name.';
+$lng['admin']['domain_hsts_preload']['title'] = 'Include domain in <a href="https://hstspreload.appspot.com/" target="_blank">HSTS preload list</a>';
+$lng['admin']['domain_hsts_preload']['description'] = 'If you would like this domain to be included in the HSTS preload list maintained by Chrome (and used by Firefox and Safari), then use activate this.<br>Sending the preload directive from your site can have PERMANENT CONSEQUENCES and prevent users from accessing your site and any of its subdomains.<br>Please read the details at <a href="hstspreload.appspot.com/#removal" target="_blank">hstspreload.appspot.com/#removal</a> before sending the header with "preload".';

lng/german.lng.php

@@ -900,7 +900,7 @@ $lng['serversettings']['mail_quota_enabled']['enforcelink'] = 'Hier klicken, um
 $lng['question']['admin_quotas_reallywipe'] = 'Sind Sie sicher, dass alle E-Mail-Kontingente aus der Tabelle mail_users entfernt werden sollen? Dieser Schritt kann nicht rückgängig gemacht werden!';
 $lng['question']['admin_quotas_reallyenforce'] = 'Sind Sie sicher, dass Sie allen Benutzern das Default-Quota zuweisen wollen? Dies kann nicht rückgängig gemacht werden!';
 $lng['error']['vmailquotawrong'] = 'Die Kontingent-Größe muss positiv sein.';
-$lng['customer']['email_quota'] = 'E-Mail-Kontingent';
+$lng['customer']['email_quota'] = 'E-Mail-Kontingent (MiB)';
 $lng['customer']['email_imap'] = 'IMAP';
 $lng['customer']['email_pop3'] = 'POP3';
 $lng['customer']['mail_quota'] = 'E-Mail-Kontingent';
@@ -1202,7 +1202,7 @@ $lng['serversettings']['perl_path']['description'] = 'Standard ist /usr/bin/perl
 // ADDED IN FROXLOR 0.9.12-svn1
 $lng['admin']['fcgid_settings'] = 'FCGID';
 $lng['serversettings']['mod_fcgid_ownvhost']['title'] = 'Verwende FCGID im Froxlor-Vhost';
-$lng['serversettings']['mod_fcgid_ownvhost']['description'] = 'Wenn verwendet, wird Froxlor selbst unter einem lokalem Benutzer ausgeführt';
+$lng['serversettings']['mod_fcgid_ownvhost']['description'] = 'Wenn verwendet, wird Froxlor selbst unter einem lokalen Benutzer ausgeführt';
 $lng['admin']['mod_fcgid_user'] = 'Lokaler Benutzer für FCGID (Froxlor Vhost)';
 $lng['admin']['mod_fcgid_group'] = 'Lokale Gruppe für FCGID (Froxlor Vhost)';
 
@@ -1291,7 +1291,7 @@ $lng['error']['fcgidstillenabled'] = 'FCGID ist derzeit aktiviert. Bitte deaktiv
 $lng['phpfpm']['vhost_httpuser'] = 'Lokaler Benutzer für PHP-FPM (Froxlor-Vhost)';
 $lng['phpfpm']['vhost_httpgroup'] = 'Lokale Gruppe für PHP-FPM (Froxlor-Vhost)';
 $lng['phpfpm']['ownvhost']['title'] = 'Verwende PHP-FPM im Froxlor-Vhost';
-$lng['phpfpm']['ownvhost']['description'] = 'Wenn verwendet, wird Froxlor selbst unter einem lokalem Benutzer ausgeführt';
+$lng['phpfpm']['ownvhost']['description'] = 'Wenn verwendet, wird Froxlor selbst unter einem lokalen Benutzer ausgeführt';
 
 // ADDED IN FROXLOR 0.9.17
 $lng['crondesc']['cron_usage_report'] = 'Webspace- und Trafficreport';
@@ -1615,7 +1615,7 @@ $lng['admin']['autoupdate'] = 'Auto-Update';
 $lng['error']['customized_version'] = 'Es scheint als wäre die Froxlor Installation angepasst worden. Kein Support, sorry.';
 $lng['error']['autoupdate_0'] = 'Unbekannter Fehler';
 $lng['error']['autoupdate_1'] = 'PHP Einstellung allow_url_fopen ist deaktiviert. Autoupdate benötigt diese Option, bitte in der php.ini aktivieren.';
-$lng['error']['autoupdate_2'] = 'PHP Extension Zlib nicht gefunden, bitte prüfen, ob diese installiert und aktiviert ist.';
+$lng['error']['autoupdate_2'] = 'PHP zip Erweiterung nicht gefunden, bitte prüfen, ob diese installiert und aktiviert ist.';
 $lng['error']['autoupdate_4'] = 'Das froxlor Archiv konnte nicht auf der Festplatte gespeichert werden :(';
 $lng['error']['autoupdate_5'] = 'version.froxlor.org gab ungültige Werte zurück :(';
 $lng['error']['autoupdate_6'] = 'Woops, keine (gültige) Version angegeben für den Download :(';
@@ -1674,3 +1674,42 @@ $lng['serversettings']['dns_server']['description'] = 'Dienste müssen mit den f
 $lng['error']['domain_nopunycode'] = 'Die Eingabe von Punycode (IDNA) ist nicht notwendig. Die Domain wird automatisch konvertiert.';
 $lng['admin']['dnsenabled'] = 'Zugriff auf DNS Editor';
 $lng['error']['dns_record_toolong'] = 'Records/Labels können maximal 63 Zeichen lang sein';
+
+// Added in froxlor 0.9.37-rc1
+$lng['serversettings']['panel_customer_hide_options']['title'] = 'Menüpunkte und Traffic-Charts im Kundenbereich ausblenden';
+$lng['serversettings']['panel_customer_hide_options']['description'] = 'Wählen Sie hier die gewünschten Menüpunkte und Traffic-Charts aus, welche im Kundenbereich ausgeblendet werden sollen. Für Mehrfachauswahl, halten Sie während der Auswahl STRG gedrückt.';
+
+// Added in froxlor 0.9.38-rc1
+$lng['serversettings']['allow_allow_customer_shell']['title'] = 'Erlaube Kunden für FTP Benutzer eine Shell auszuwählen';
+$lng['serversettings']['allow_allow_customer_shell']['description'] = '<strong class="red">Bitte beachten: Shell Zugriff gestattet dem Benutzer verschiedene Programme auf Ihrem System auszuführen. Mit großer Vorsicht verwenden. Bitte aktiviere dies nur wenn WIRKLICH bekannt ist, was das bedeutet!!!</strong>';
+$lng['serversettings']['available_shells']['title'] = 'Liste der verfügbaren Shells';
+$lng['serversettings']['available_shells']['description'] = 'Komme-getrennte Liste von Shells die der Kunde für seine FTP-Konten wählen kann.<br><br>Hinweis: Die Standard-Shell <strong>/bin/false</strong> wird immer eine Auswahlmöglichkeit sein (wenn aktiviert), auch wenn diese Einstellung leer ist. Sie ist in jedem Fall der Standardwert für alle FTP-Konten';
+$lng['serversettings']['le_froxlor_enabled']['title'] = "Let's Encrypt für den froxlor Vhost verwenden";
+$lng['serversettings']['le_froxlor_enabled']['description'] = "Wenn dies aktiviert ist, erstellt froxlor für seinen vhost automatisch ein Let's Encrypt Zertifikat.";
+$lng['serversettings']['le_froxlor_redirect']['title'] = "SSL-Weiterleitung für den froxlor Vhost aktivieren";
+$lng['serversettings']['le_froxlor_redirect']['description'] = "Wenn dies aktiviert ist, werden alle HTTP Anfragen an die entsprechende SSL Seite weitergeleitet.";
+$lng['admin']['froxlorvhost'] = 'Froxlor VirtualHost Einstellungen';
+$lng['serversettings']['option_unavailable_websrv'] = '<br><em class="red">Nur verfügbar für: %s</em>';
+$lng['serversettings']['option_unavailable'] = '<br><em class="red">Option aufgrund anderer Einstellungen nicht verfügbar.</em>';
+$lng['serversettings']['letsencryptacmeconf']['title'] = "Pfad zu acme.conf";
+$lng['serversettings']['letsencryptacmeconf']['description'] = "Dateiname der Konfiguration, die dem Webserver erlaubt, die ACME-Challenges zu bedienen.";
+$lng['admin']['hostname'] = 'Hostname';
+$lng['admin']['memory'] = 'Speicherauslastung';
+$lng['serversettings']['mail_use_smtp'] = 'Nutze SMTP für das Senden von E-Mails';
+$lng['serversettings']['mail_smtp_host'] = 'SMTP Server';
+$lng['serversettings']['mail_smtp_usetls'] = 'Aktiviere TLS Verschlüsselung';
+$lng['serversettings']['mail_smtp_auth'] = 'Nutze SMTP Authentifizierung';
+$lng['serversettings']['mail_smtp_port'] = 'TCP Port für SMTP';
+$lng['serversettings']['mail_smtp_user'] = 'SMTP Benutzer';
+$lng['serversettings']['mail_smtp_passwd'] = 'SMTP Passwort';
+$lng['domains']['ssl_certificates'] = 'SSL Zertifikate';
+$lng['domains']['ssl_certificate_removed'] = 'Das Zertifikat mit der ID #%s wurde erfolgreich gelöscht.';
+$lng['domains']['ssl_certificate_error'] = "Fehler beim Lesen des Zertifikats für die Domain: %s";
+$lng['domains']['no_ssl_certificates'] = "Es wurden keine SSL-Zertifikate gefunden";
+$lng['admin']['webserversettings_ssl'] = 'Webserver SSL-Einstellungen';
+$lng['admin']['domain_hsts_maxage']['title'] = 'HTTP Strict Transport Security (HSTS)';
+$lng['admin']['domain_hsts_maxage']['description'] = '"max-age" Wert für den Strict-Transport-Security Header<br>Der Wert <i>0</i> deaktiviert HSTS für diese Domain. Meist wird der Wert <i>31536000</i> gerne genutzt (ein Jahr).';
+$lng['admin']['domain_hsts_incsub']['title'] = 'Inkludiere HSTS für jede Subdomain';
+$lng['admin']['domain_hsts_incsub']['description'] = 'Die optionale "includeSubDomains" Direktive, wenn vorhanden, signalisiert dem UA, dass die HSTS that the HSTS Regel für diese Domain und auch jede Subdomain dieser gilt.';
+$lng['admin']['domain_hsts_preload']['title'] = 'Füge Domain in die <a href="https://hstspreload.appspot.com/" target="_blank">HSTS preload Liste</a> hinzu';
+$lng['admin']['domain_hsts_preload']['description'] = 'Wenn die Domain in die HSTS preload Liste, verwaltet von Chrome (und genutzt von Firefox und Safari), hinzugefügt werden soll, dann aktiviere diese Einstellung.<br>Die preload-Direktive zu senden kann PERMANTENTE KONSEQUENZEN haben und dazu führen, dass Benutzer auf diese Domain und auch Subdomains nicht zugreifen können.<br>Beachte Details unter <a href="hstspreload.appspot.com/#removal" target="_blank">hstspreload.appspot.com/#removal</a> bevor ein Header mit "preload" gesendet wird.';

scripts/classes/class.DnsBase.php

@@ -1,10 +1,24 @@
 <?php
 
-/***
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2016-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Cron
+ *
+ */
+
+/**
  * Class DnsBase
  *
  * Base class for all DNS server configs
- *
  */
 abstract class DnsBase
 {
@@ -69,8 +83,7 @@ abstract class DnsBase
 
 	protected function getDomainList()
 	{
-		$result_domains_stmt = Database::query(
-			"
+		$result_domains_stmt = Database::query("
 			SELECT
 				`d`.`id`,
 				`d`.`domain`,
@@ -134,28 +147,14 @@ abstract class DnsBase
 				if (isset($domains[$domains[$key]['ismainbutsubto']])) {
 					$domains[$domains[$key]['ismainbutsubto']]['children'][] = $domains[$key]['id'];
 				} else {
-					$this->_logger->logAction(CRON_ACTION, LOG_ERR,
-						'Database inconsistency: domain ' . $domain['domain'] . ' (ID #' . $key .
-						') is set to to be subdomain to non-existent domain ID #' .
-						$domains[$key]['ismainbutsubto'] .
-						'. No DNS record(s) will be created for this domain.');
+					$this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Database inconsistency: domain ' . $domain['domain'] . ' (ID #' . $key . ') is set to to be subdomain to non-existent domain ID #' . $domains[$key]['ismainbutsubto'] . '. No DNS record(s) will be created for this domain.');
 				}
 			}
 		}
 
-		$this->_logger->logAction(CRON_ACTION, LOG_DEBUG,
-			str_pad('domId', 9, ' ') . str_pad('domain', 40, ' ') .
-			'ismainbutsubto ' . str_pad('parent domain', 40, ' ') .
-			"list of child domain ids");
+		$this->_logger->logAction(CRON_ACTION, LOG_DEBUG, str_pad('domId', 9, ' ') . str_pad('domain', 40, ' ') . 'ismainbutsubto ' . str_pad('parent domain', 40, ' ') . "list of child domain ids");
 		foreach ($domains as $domain) {
-				$logLine =
-				str_pad($domain['id'], 9, ' ') .
-				str_pad($domain['domain'], 40, ' ') .
-				str_pad($domain['ismainbutsubto'], 15, ' ') .
-				str_pad(((isset($domains[  $domain['ismainbutsubto']  ])) ?
-					$domains[  $domain['ismainbutsubto']  ]['domain'] :
-					'-'), 40, ' ') .
-					join(', ', $domain['children']);
+			$logLine = str_pad($domain['id'], 9, ' ') . str_pad($domain['domain'], 40, ' ') . str_pad($domain['ismainbutsubto'], 15, ' ') . str_pad(((isset($domains[$domain['ismainbutsubto']])) ? $domains[$domain['ismainbutsubto']]['domain'] : '-'), 40, ' ') . join(', ', $domain['children']);
 			$this->_logger->logAction(CRON_ACTION, LOG_DEBUG, $logLine);
 		}
 
@@ -171,8 +170,7 @@ abstract class DnsBase
 		if ($cmdStatus === 0) {
 			$this->_logger->logAction(CRON_ACTION, LOG_INFO, Settings::Get('system.dns_server') . ' daemon reloaded');
 		} else {
-			$this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Error while running `' . $cmd .
-				'`: exit code (' . $cmdStatus . ') - please check your system logs');
+			$this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Error while running `' . $cmd . '`: exit code (' . $cmdStatus . ') - please check your system logs');
 		}
 	}
 

scripts/classes/class.HttpConfigBase.php

@@ -1,11 +1,28 @@
 <?php
-/***
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2016-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Cron
+ *
+ */
+
+/**
  * Class HttpConfigBase
  *
  * Base class for all HTTP server configs
  *
  */
-class HttpConfigBase {
+class HttpConfigBase
+{
 
 	/**
 	 * process special config as template, by substituting {VARIABLE} with the
@@ -20,10 +37,12 @@ class HttpConfigBase {
 	 * {IS_SSL} - evaluates to 'ssl' if domain/ip is ssl, otherwise it is an empty string
 	 * {DOCROOT} - document root for this domain
 	 *
-	 * @param $template
+	 * @param
+	 *        	$template
 	 * @return string
 	 */
-	protected function processSpecialConfigTemplate($template, $domain, $ip, $port, $is_ssl_vhost) {
+	protected function processSpecialConfigTemplate($template, $domain, $ip, $port, $is_ssl_vhost)
+	{
 		$templateVars = array(
 			'DOMAIN' => $domain['domain'],
 			'CUSTOMER' => $domain['loginname'],
@@ -35,4 +54,68 @@ class HttpConfigBase {
 		return replace_variables($template, $templateVars);
 	}
 
+	protected function getMyPath($ip_port = null)
+	{
+		if (! empty($ip_port) && $ip_port['docroot'] == '') {
+			if (Settings::Get('system.froxlordirectlyviahostname')) {
+				$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
+			} else {
+				$mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
+			}
+		} else {
+			// user-defined docroot, #417
+			$mypath = makeCorrectDir($ip_port['docroot']);
+		}
+		return $mypath;
+	}
+
+	protected function checkAlternativeSslPort()
+	{
+		// We must not check if our port differs from port 443,
+		// but if there is a destination-port != 443
+		$_sslport = '';
+		// This returns the first port that is != 443 with ssl enabled,
+		// ordered by ssl-certificate (if any) so that the ip/port combo
+		// with certificate is used
+		$ssldestport_stmt = Database::prepare("
+			SELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip`
+			WHERE `ip`.`ssl` = '1'  AND `ip`.`port` != 443
+			ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;
+		");
+		$ssldestport = Database::pexecute_first($ssldestport_stmt);
+
+		if ($ssldestport['port'] != '') {
+			$_sslport = ":" . $ssldestport['port'];
+		}
+
+		return $_sslport;
+	}
+
+	protected function froxlorVhostHasLetsEncryptCert()
+	{
+		// check whether we have an entry with valid certificates which just does not need
+		// updating yet, so we need to skip this here
+		$froxlor_ssl_settings_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
+		");
+		$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
+		if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
+			return true;
+		}
+		return false;
+	}
+
+	protected function froxlorVhostLetsEncryptNeedsRenew()
+	{
+		$froxlor_ssl_settings_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
+			WHERE `domainid` = '0' AND
+			(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
+		");
+		$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
+		if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
+			return true;
+		}
+		return false;
+	}
 }

scripts/jobs/cron_letsencrypt.php

@@ -27,8 +27,7 @@ if (! extension_loaded('curl')) {
 	exit();
 }
 
-$certificates_stmt = Database::query(
-	"
+$certificates_stmt = Database::query("
 		SELECT
 			domssl.`id`,
 			domssl.`domainid`,
@@ -63,8 +62,7 @@ $certificates_stmt = Database::query(
 			)
 	");
 
-$aliasdomains_stmt = Database::prepare(
-	"
+$aliasdomains_stmt = Database::prepare("
 		SELECT
 			dom.`id` as domainid,
 			dom.`domain`,
@@ -76,8 +74,7 @@ $aliasdomains_stmt = Database::prepare(
 			AND dom.`iswildcarddomain` = 0
 	");
 
-$updcert_stmt = Database::prepare(
-	"
+$updcert_stmt = Database::prepare("
 		REPLACE INTO
 			`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
 		SET
@@ -93,7 +90,107 @@ $updcert_stmt = Database::prepare(
 
 $upddom_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `ssl_redirect` = '1' WHERE `id` = :domainid");
 
+// flag for re-generation of vhost files
 $changedetected = 0;
+
+// first - generate LE for system-vhost if enabled
+if (Settings::Get('system.le_froxlor_enabled') == '1') {
+
+	$certrow = array(
+		'loginname' => 'froxlor.panel',
+		'domain' => Settings::Get('system.hostname'),
+		'domainid' => 0,
+		'documentroot' => FROXLOR_INSTALL_DIR,
+		'leprivatekey' => Settings::Get('system.leprivatekey'),
+		'lepublickey' => Settings::Get('system.lepublickey'),
+		'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'),
+		'expirationdate' => null,
+		'ssl_cert_file' => null,
+		'ssl_key_file' => null,
+		'ssl_ca_file' => null,
+		'ssl_csr_file' => null,
+		'id' => null
+	);
+
+	$froxlor_ssl_settings_stmt = Database::prepare("
+		SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
+		WHERE `domainid` = '0' AND
+		(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
+	");
+	$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
+
+	$insert_or_update_required = true;
+	if ($froxlor_ssl) {
+		$certrow['id'] = $froxlor_ssl['id'];
+		$certrow['expirationdate'] = $froxlor_ssl['expirationdate'];
+		$certrow['ssl_cert_file'] = $froxlor_ssl['ssl_cert_file'];
+		$certrow['ssl_key_file'] = $froxlor_ssl['ssl_key_file'];
+		$certrow['ssl_ca_file'] = $froxlor_ssl['ssl_ca_file'];
+		$certrow['ssl_csr_file'] = $froxlor_ssl['ssl_csr_file'];
+	} else {
+		// check whether we have an entry with valid certificates which just does not need
+		// updating yet, so we need to skip this here
+		$froxlor_ssl_settings_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
+		");
+		$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
+		if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
+			$insert_or_update_required = false;
+		}
+	}
+
+	if ($insert_or_update_required) {
+		$domains = array(
+			$certrow['domain']
+		);
+
+		// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
+		// - this temp. deactivation of the ssl-redirect is handled by the webserver-cronjob
+		$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']);
+
+		$cronlog = FroxlorLogger::getInstanceOf(array(
+			'loginname' => $certrow['loginname']
+		));
+
+		try {
+			// Initialize Lescript with documentroot
+			$le = new lescript($cronlog, $version);
+
+			// Initialize Lescript
+			$le->initAccount($certrow, true);
+
+			// Request the new certificate (old key may be used)
+			$return = $le->signDomains($domains, $certrow['ssl_key_file']);
+
+			// We are interessted in the expirationdate
+			$newcert = openssl_x509_parse($return['crt']);
+
+			// Store the new data
+			Database::pexecute($updcert_stmt, array(
+				'id' => $certrow['id'],
+				'domainid' => $certrow['domainid'],
+				'crt' => $return['crt'],
+				'key' => $return['key'],
+				'ca' => $return['chain'],
+				'chain' => $return['chain'],
+				'csr' => $return['csr'],
+				'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
+			));
+
+			if ($certrow['ssl_redirect'] == 3) {
+				Settings::Set('system.le_froxlor_redirect', '1');
+			}
+
+			$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
+
+			$changedetected = 1;
+		} catch (Exception $e) {
+			$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
+		}
+	}
+}
+
+// customer domains
 $certrows = $certificates_stmt->fetchAll(PDO::FETCH_ASSOC);
 foreach ($certrows as $certrow) {
 
@@ -104,15 +201,15 @@ foreach ($certrows as $certrow) {
 
 	// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
 	if ($certrow['ssl_redirect'] != 2) {
-		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Updating " . $certrow['domain']);
+		$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']);
 
-		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: " . $certrow['domain']);
+		$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $certrow['domain']);
 		$domains = array(
 			$certrow['domain']
 		);
 		// add www.<domain> to SAN list
 		if ($certrow['wwwserveralias'] == 1) {
-			$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: www." . $certrow['domain']);
+			$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $certrow['domain']);
 			$domains[] = 'www.' . $certrow['domain'];
 		}
 
@@ -122,30 +219,29 @@ foreach ($certrows as $certrow) {
 		));
 		$aliasdomains = $aliasdomains_stmt->fetchAll(PDO::FETCH_ASSOC);
 		foreach ($aliasdomains as $aliasdomain) {
-			$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: " . $aliasdomain['domain']);
+			$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $aliasdomain['domain']);
 			$domains[] = $aliasdomain['domain'];
 			if ($aliasdomain['wwwserveralias'] == 1) {
-				$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: www." . $aliasdomain['domain']);
+				$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $aliasdomain['domain']);
 				$domains[] = 'www.' . $aliasdomain['domain'];
 			}
 		}
 
 		try {
 			// Initialize Lescript with documentroot
-			$le = new lescript($cronlog);
+			$le = new lescript($cronlog, $version);
 
 			// Initialize Lescript
 			$le->initAccount($certrow);
 
 			// Request the new certificate (old key may be used)
-			$return = $le->signDomains($domains, $certrow['ssl_key_file'], $certrow['ssl_csr_file']);
+			$return = $le->signDomains($domains, $certrow['ssl_key_file']);
 
 			// We are interessted in the expirationdate
 			$newcert = openssl_x509_parse($return['crt']);
 
 			// Store the new data
-			Database::pexecute($updcert_stmt,
-				array(
+			Database::pexecute($updcert_stmt, array(
 				'id' => $certrow['id'],
 				'domainid' => $certrow['domainid'],
 				'crt' => $return['crt'],
@@ -166,12 +262,10 @@ foreach ($certrows as $certrow) {
 
 			$changedetected = 1;
 		} catch (Exception $e) {
-			$cronlog->logAction(CRON_ACTION, LOG_ERR,
-				"Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
+			$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
 		}
 	} else {
-		$cronlog->logAction(CRON_ACTION, LOG_WARNING,
-			"Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
+		$cronlog->logAction(CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
 	}
 }
 

scripts/jobs/cron_tasks.inc.dns.20.pdns.php

@@ -29,11 +29,11 @@ class pdns extends DnsBase
 		// connect to db
 		$this->_connectToPdnsDb();
 
-		// clean up
-		$this->_clearZoneTables();
-
 		$domains = $this->getDomainList();
 
+		// clean up
+		$this->_clearZoneTables($domains);
+
 		if (empty($domains)) {
 			$this->_logger->logAction(CRON_ACTION, LOG_INFO, 'No domains found for nameserver-config, skipping...');
 			return;
@@ -91,19 +91,30 @@ class pdns extends DnsBase
 			}
 		} else {
 			$this->_logger->logAction(CRON_ACTION, LOG_ERROR,
-				'Zonefiles are NOT supported when PowerDNS is selected as DNS daemon (triggered by: ' .
+				'Custom zonefiles are NOT supported when PowerDNS is selected as DNS daemon (triggered by: ' .
 				$domain['domain'] . ')');
-			$this->_bindconf_file .= $this->_generateDomainConfig($domain);
 		}
 	}
 
-	private function _clearZoneTables()
+	private function _clearZoneTables($domains = null)
 	{
 		$this->_logger->logAction(CRON_ACTION, LOG_INFO, 'Cleaning dns zone entries from database');
 
-		$this->pdns_db->query("TRUNCATE TABLE `records`");
-		$this->pdns_db->query("TRUNCATE TABLE `domains`");
-		$this->pdns_db->query("TRUNCATE TABLE `domainmetadata`");
+		$pdns_domains_stmt = $this->pdns_db->prepare("SELECT `id`, `name` FROM `domains` WHERE `name` = :domain");
+
+		$del_rec_stmt = $this->pdns_db->prepare("DELETE FROM `records` WHERE `domain_id` = :did");
+		$del_meta_stmt = $this->pdns_db->prepare("DELETE FROM `domainmetadata` WHERE `domain_id` = :did");
+		$del_dom_stmt = $this->pdns_db->prepare("DELETE FROM `domains` WHERE `id` = :did");
+
+		foreach ($domains as $domain)
+		{
+			$pdns_domains_stmt->execute(array('domain' => $domain['domain']));
+			$pdns_domain = $pdns_domains_stmt->fetch(\PDO::FETCH_ASSOC);
+
+			$del_rec_stmt->execute(array('did' => $pdns_domain['id']));
+			$del_meta_stmt->execute(array('did' => $pdns_domain['id']));
+			$del_dom_stmt->execute(array('did' => $pdns_domain['id']));
+		}
 	}
 
 	private function _insertZone($domainname, $serial = 0)

scripts/jobs/cron_tasks.inc.http.10.apache.php

@@ -1,4 +1,6 @@
-<?php if (!defined('MASTER_CRONJOB')) die('You cannot access this file directly!');
+<?php
+if (! defined('MASTER_CRONJOB'))
+	die('You cannot access this file directly!');
 
 /**
  * This file is part of the Froxlor project.
@@ -19,16 +21,24 @@
 
 require_once (dirname(__FILE__) . '/../classes/class.HttpConfigBase.php');
 
-class apache extends HttpConfigBase {
+class apache extends HttpConfigBase
+{
+
 	private $logger = false;
+
 	private $idnaConvert = false;
 
 	// protected
 	protected $known_vhostfilenames = array();
+
 	protected $known_diroptionsfilenames = array();
+
 	protected $known_htpasswdsfilenames = array();
+
 	protected $virtualhosts_data = array();
+
 	protected $diroptions_data = array();
+
 	protected $htpasswds_data = array();
 
 	/**
@@ -39,13 +49,14 @@ class apache extends HttpConfigBase {
 	 */
 	private $_deactivated = false;
 
-	public function __construct($logger, $idnaConvert) {
+	public function __construct($logger, $idnaConvert)
+	{
 		$this->logger = $logger;
 		$this->idnaConvert = $idnaConvert;
 	}
 
-
-	public function reload() {
+	public function reload()
+	{
 		if ((int) Settings::Get('phpfpm.enabled') == 1) {
 			$this->logger->logAction(CRON_ACTION, LOG_INFO, 'apache::reload: reloading php-fpm');
 			safe_exec(escapeshellcmd(Settings::Get('phpfpm.reload')));
@@ -54,11 +65,11 @@ class apache extends HttpConfigBase {
 		safe_exec(escapeshellcmd(Settings::Get('system.apachereload_command')));
 	}
 
-
 	/**
 	 * define a standard <Directory>-statement, bug #32
 	 */
-	private function _createStandardDirectoryEntry() {
+	private function _createStandardDirectoryEntry()
+	{
 		$vhosts_folder = '';
 		if (is_dir(Settings::Get('system.apacheconf_vhost'))) {
 			$vhosts_folder = makeCorrectDir(Settings::Get('system.apacheconf_vhost'));
@@ -67,9 +78,7 @@ class apache extends HttpConfigBase {
 		}
 		$vhosts_filename = makeCorrectFile($vhosts_folder . '/05_froxlor_dirfix_nofcgid.conf');
 
-		if (Settings::Get('system.mod_fcgid') == '1'
-			|| Settings::Get('phpfpm.enabled') == '1'
-		) {
+		if (Settings::Get('system.mod_fcgid') == '1' || Settings::Get('phpfpm.enabled') == '1') {
 			// if we use fcgid or php-fpm we don't need this file
 			if (file_exists($vhosts_filename)) {
 				$this->logger->logAction(CRON_ACTION, LOG_NOTICE, 'apache::_createStandardDirectoryEntry: unlinking ' . basename($vhosts_filename));
@@ -84,12 +93,9 @@ class apache extends HttpConfigBase {
 
 			// check for custom values, see #1638
 			$custom_opts = Settings::Get('system.apacheglobaldiropt');
-			if (!empty($custom_opts))
-			{
+			if (! empty($custom_opts)) {
 				$this->virtualhosts_data[$vhosts_filename] .= $custom_opts . "\n";
-			}
-			else
-			{
+			} else {
 				// >=apache-2.4 enabled?
 				if (Settings::Get('system.apache24') == '1') {
 					$this->virtualhosts_data[$vhosts_filename] .= '    Require all granted' . "\n";
@@ -103,17 +109,12 @@ class apache extends HttpConfigBase {
 		}
 	}
 
-
 	/**
 	 * define a default ErrorDocument-statement, bug #unknown-yet
 	 */
-	private function _createStandardErrorHandler() {
-		if (Settings::Get('defaultwebsrverrhandler.enabled') == '1'
-			&& (Settings::Get('defaultwebsrverrhandler.err401') != ''
-				|| Settings::Get('defaultwebsrverrhandler.err403') != ''
-				|| Settings::Get('defaultwebsrverrhandler.err404') != ''
-				|| Settings::Get('defaultwebsrverrhandler.err500') != '')
-		) {
+	private function _createStandardErrorHandler()
+	{
+		if (Settings::Get('defaultwebsrverrhandler.enabled') == '1' && (Settings::Get('defaultwebsrverrhandler.err401') != '' || Settings::Get('defaultwebsrverrhandler.err403') != '' || Settings::Get('defaultwebsrverrhandler.err404') != '' || Settings::Get('defaultwebsrverrhandler.err500') != '')) {
 			$vhosts_folder = '';
 			if (is_dir(Settings::Get('system.apacheconf_vhost'))) {
 				$vhosts_folder = makeCorrectDir(Settings::Get('system.apacheconf_vhost'));
@@ -127,7 +128,12 @@ class apache extends HttpConfigBase {
 				$this->virtualhosts_data[$vhosts_filename] = '';
 			}
 
-			$statusCodes = array('401', '403', '404', '500');
+			$statusCodes = array(
+				'401',
+				'403',
+				'404',
+				'500'
+			);
 			foreach ($statusCodes as $statusCode) {
 				if (Settings::Get('defaultwebsrverrhandler.err' . $statusCode) != '') {
 					$defhandler = Settings::Get('defaultwebsrverrhandler.err' . $statusCode);
@@ -142,8 +148,8 @@ class apache extends HttpConfigBase {
 		}
 	}
 
-
-	public function createIpPort() {
+	public function createIpPort()
+	{
 		$result_ipsandports_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC");
 
 		while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
@@ -176,21 +182,13 @@ class apache extends HttpConfigBase {
 			}
 
 			if ($row_ipsandports['vhostcontainer'] == '1') {
+
+				$without_vhost = $this->virtualhosts_data[$vhosts_filename];
+				$close_vhost = true;
+
 				$this->virtualhosts_data[$vhosts_filename] .= '<VirtualHost ' . $ipport . '>' . "\n";
 
-				if ($row_ipsandports['docroot'] == '') {
-					/**
-					 * add 'real'-vhost content here, like doc-root :)
-					 */
-					if (Settings::Get('system.froxlordirectlyviahostname')) {
-						$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
-					} else {
-						$mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
-					}
-				} else {
-					// user-defined docroot, #417
-					$mypath = makeCorrectDir($row_ipsandports['docroot']);
-				}
+				$mypath = $this->getMyPath($row_ipsandports);
 
 				$this->virtualhosts_data[$vhosts_filename] .= 'DocumentRoot "' . $mypath . '"' . "\n";
 
@@ -198,10 +196,40 @@ class apache extends HttpConfigBase {
 					$this->virtualhosts_data[$vhosts_filename] .= ' ServerName ' . Settings::Get('system.hostname') . "\n";
 				}
 
+				$is_redirect = false;
+				// check for SSL redirect
+				if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
+					$is_redirect = true;
+					// check whether froxlor uses Let's Encrypt and not cert is being generated yet
+					// or a renew is ongoing - disable redirect
+					if (Settings::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {
+						$this->virtualhosts_data[$vhosts_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL;
+						$is_redirect = false;
+					} else {
+						$_sslport = $this->checkAlternativeSslPort();
+
+						$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
+						$code = '301';
+						$modrew_red = ' [R=' . $code . ';L,NE]';
+
+						// redirect everything, not only root-directory, #541
+						$this->virtualhosts_data[$vhosts_filename] .= '  <IfModule mod_rewrite.c>' . "\n";
+						$this->virtualhosts_data[$vhosts_filename] .= '    RewriteEngine On' . "\n";
+						$this->virtualhosts_data[$vhosts_filename] .= '    RewriteCond %{HTTPS} off' . "\n";
+						if (Settings::Get('system.le_froxlor_enabled') == '1') {
+							$this->virtualhosts_data[$vhosts_filename] .= '    RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge' . "\n";
+						}
+						$this->virtualhosts_data[$vhosts_filename] .= '    RewriteRule ^/(.*) ' . $mypath . '$1' . $modrew_red . "\n";
+						$this->virtualhosts_data[$vhosts_filename] .= '  </IfModule>' . "\n";
+						$this->virtualhosts_data[$vhosts_filename] .= '  <IfModule !mod_rewrite.c>' . "\n";
+						$this->virtualhosts_data[$vhosts_filename] .= '    Redirect ' . $code . ' / ' . $mypath . "\n";
+						$this->virtualhosts_data[$vhosts_filename] .= '  </IfModule>' . "\n";
+					}
+				}
+
+				if (! $is_redirect) {
 					// create fcgid <Directory>-Part (starter is created in apache_fcgid)
-				if (Settings::Get('system.mod_fcgid_ownvhost') == '1'
-					&& Settings::Get('system.mod_fcgid') == '1'
-				) {
+					if (Settings::Get('system.mod_fcgid_ownvhost') == '1' && Settings::Get('system.mod_fcgid') == '1') {
 						$configdir = makeCorrectDir(Settings::Get('system.mod_fcgid_configdir') . '/froxlor.panel/' . Settings::Get('system.hostname'));
 						$this->virtualhosts_data[$vhosts_filename] .= '  FcgidIdleTimeout ' . Settings::Get('system.mod_fcgid_idle_timeout') . "\n";
 						if ((int) Settings::Get('system.mod_fcgid_wrapper') == 0) {
@@ -250,8 +278,8 @@ class apache extends HttpConfigBase {
 							$this->virtualhosts_data[$vhosts_filename] .= '  </Directory>' . "\n";
 						}
 					}
-				// create php-fpm <Directory>-Part (config is created in apache_fcgid)
 					elseif (Settings::Get('phpfpm.enabled') == '1') {
+						// create php-fpm <Directory>-Part (config is created in apache_fcgid)
 						$domain = array(
 							'id' => 'none',
 							'domain' => Settings::Get('system.hostname'),
@@ -262,7 +290,7 @@ class apache extends HttpConfigBase {
 							'openbasedir' => 0,
 							'email' => Settings::Get('panel.adminmail'),
 							'loginname' => 'froxlor.panel',
-						'documentroot' => $mypath,
+							'documentroot' => $mypath
 						);
 
 						$php = new phpinterface($domain);
@@ -273,13 +301,10 @@ class apache extends HttpConfigBase {
 						}
 
 						// mod_proxy stuff for apache-2.4
-					if (Settings::Get('system.apache24') == '1'
-							&& Settings::Get('phpfpm.use_mod_proxy') == '1'
-					) {
+						if (Settings::Get('system.apache24') == '1' && Settings::Get('phpfpm.use_mod_proxy') == '1') {
 							$this->virtualhosts_data[$vhosts_filename] .= '  <FilesMatch \.php$>' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= '  SetHandler proxy:unix:' . $php->getInterface()->getSocketFile() . '|fcgi://localhost' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= '  </FilesMatch>' . "\n";
-
 						} else {
 							$this->virtualhosts_data[$vhosts_filename] .= '  FastCgiExternalServer ' . $php->getInterface()->getAliasConfigDir() . $srvName . ' -socket ' . $php->getInterface()->getSocketFile() . ' -idle-timeout ' . Settings::Get('phpfpm.idle_timeout') . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= '  <Directory "' . $mypath . '">' . "\n";
@@ -305,9 +330,7 @@ class apache extends HttpConfigBase {
 							$this->virtualhosts_data[$vhosts_filename] .= '  </Directory>' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= '  Alias /fastcgiphp ' . $php->getInterface()->getAliasConfigDir() . $srvName . "\n";
 						}
-				}
-                else
-                {
+					} else {
 						// mod_php
 						$domain = array(
 							'id' => 'none',
@@ -320,29 +343,26 @@ class apache extends HttpConfigBase {
 							'documentroot' => $mypath
 						);
 					}
+				} // end of ssl-redirect check
 
 				/**
 				 * dirprotection, see #72
-				 * @TODO deferred until 0.9.5, needs more testing
-				 $this->virtualhosts_data[$vhosts_filename] .= "\t<Directory \"'.$mypath.'(images|packages|templates)\">\n";
-				 $this->virtualhosts_data[$vhosts_filename] .= "\t\tAllow from all\n";
-				 $this->virtualhosts_data[$vhosts_filename] .= "\t\tOptions -Indexes\n";
-				 $this->virtualhosts_data[$vhosts_filename] .= "\t</Directory>\n";
-
-				 $this->virtualhosts_data[$vhosts_filename] .= "\t<Directory \"'.$mypath.'*\">\n";
-				 $this->virtualhosts_data[$vhosts_filename] .= "\t\tOrder Deny,Allow\n";
-				 $this->virtualhosts_data[$vhosts_filename] .= "\t\tDeny from All\n";
-				 $this->virtualhosts_data[$vhosts_filename] .= "\t</Directory>\n";
+				 *
+				 * @todo deferred until 0.9.5, needs more testing
+				 *       $this->virtualhosts_data[$vhosts_filename] .= "\t<Directory \"'.$mypath.'(images|packages|templates)\">\n";
+				 *       $this->virtualhosts_data[$vhosts_filename] .= "\t\tAllow from all\n";
+				 *       $this->virtualhosts_data[$vhosts_filename] .= "\t\tOptions -Indexes\n";
+				 *       $this->virtualhosts_data[$vhosts_filename] .= "\t</Directory>\n";
+				 *
+				 *       $this->virtualhosts_data[$vhosts_filename] .= "\t<Directory \"'.$mypath.'*\">\n";
+				 *       $this->virtualhosts_data[$vhosts_filename] .= "\t\tOrder Deny,Allow\n";
+				 *       $this->virtualhosts_data[$vhosts_filename] .= "\t\tDeny from All\n";
+				 *       $this->virtualhosts_data[$vhosts_filename] .= "\t</Directory>\n";
 				 *       end of dirprotection
 				 */
 
 				if ($row_ipsandports['specialsettings'] != '') {
-					$this->virtualhosts_data[$vhosts_filename] .= $this->processSpecialConfigTemplate(
-							$row_ipsandports['specialsettings'],
-							$domain,
-							$row_ipsandports['ip'],
-							$row_ipsandports['port'],
-							$row_ipsandports['ssl'] == '1') . "\n";
+					$this->virtualhosts_data[$vhosts_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";
 				}
 
 				if ($row_ipsandports['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
@@ -363,57 +383,83 @@ class apache extends HttpConfigBase {
 						$row_ipsandports['ssl_cert_chainfile'] = Settings::Get('system.ssl_cert_chainfile');
 					}
 
-					if ($row_ipsandports['ssl_cert_file'] != '') {
+					$domain = array(
+						'id' => 0,
+						'domain' => Settings::Get('system.hostname'),
+						'adminid' => 1, /* first admin-user (superadmin) */
+						'loginname' => 'froxlor.panel',
+						'documentroot' => $mypath,
+						'parentdomainid' => 0
+					);
+
+					// override corresponding array values
+					$domain['ssl_cert_file'] = $row_ipsandports['ssl_cert_file'];
+					$domain['ssl_key_file'] = $row_ipsandports['ssl_key_file'];
+					$domain['ssl_ca_file'] = $row_ipsandports['ssl_ca_file'];
+					$domain['ssl_cert_chainfile'] = $row_ipsandports['ssl_cert_chainfile'];
+
+					// SSL STUFF
+					$dssl = new DomainSSL();
+					// this sets the ssl-related array-indices in the $domain array
+					// if the domain has customer-defined ssl-certificates
+					$dssl->setDomainSSLFilesArray($domain);
+
+					if ($domain['ssl_cert_file'] != '') {
 
 						// check for existence, #1485
-						if (!file_exists($row_ipsandports['ssl_cert_file'])) {
-							$this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate file "'.$row_ipsandports['ssl_cert_file'].'" does not exist! Cannot create ssl-directives');
-							echo $ipport . ' :: certificate file "'.$row_ipsandports['ssl_cert_file'].'" does not exist! Cannot create SSL-directives'."\n";
+						if (! file_exists($domain['ssl_cert_file'])) {
+							$this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate file "' . $domain['ssl_cert_file'] . '" does not exist! Cannot create ssl-directives');
 						} else {
 
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n";
-							$this->virtualhosts_data[$vhosts_filename] .= ' SSLProtocol ALL -SSLv2 -SSLv3' . "\n";
+							$this->virtualhosts_data[$vhosts_filename] .= ' SSLProtocol -ALL +TLSv1 +TLSv1.2' . "\n";
 							// this makes it more secure, thx to Marcel (08/2013)
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder On' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLVerifyDepth 10' . "\n";
-							$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateFile ' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . "\n";
+							$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateFile ' . makeCorrectFile($domain['ssl_cert_file']) . "\n";
 
-							if ($row_ipsandports['ssl_key_file'] != '') {
+							if ($domain['ssl_key_file'] != '') {
 								// check for existence, #1485
-								if (!file_exists($row_ipsandports['ssl_key_file'])) {
-									$this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate key file "'.$row_ipsandports['ssl_key_file'].'" does not exist! Cannot create ssl-directives');
-									echo $ipport . ' :: certificate key file "'.$row_ipsandports['ssl_key_file'].'" does not exist! SSL-directives might not be working'."\n";
+								if (! file_exists($domain['ssl_key_file'])) {
+									$this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate key file "' . $domain['ssl_key_file'] . '" does not exist! Cannot create ssl-directives');
 								} else {
-									$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateKeyFile ' . makeCorrectFile($row_ipsandports['ssl_key_file']) . "\n";
+									$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateKeyFile ' . makeCorrectFile($domain['ssl_key_file']) . "\n";
 								}
 							}
 
-							if ($row_ipsandports['ssl_ca_file'] != '') {
+							if ($domain['ssl_ca_file'] != '') {
 								// check for existence, #1485
-								if (!file_exists($row_ipsandports['ssl_ca_file'])) {
-									$this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate CA file "'.$row_ipsandports['ssl_ca_file'].'" does not exist! Cannot create ssl-directives');
-									echo $ipport . ' :: certificate CA file "'.$row_ipsandports['ssl_ca_file'].'" does not exist! SSL-directives might not be working'."\n";
+								if (! file_exists($domain['ssl_ca_file'])) {
+									$this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate CA file "' . $domain['ssl_ca_file'] . '" does not exist! Cannot create ssl-directives');
 								} else {
-									$this->virtualhosts_data[$vhosts_filename] .= ' SSLCACertificateFile ' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . "\n";
+									$this->virtualhosts_data[$vhosts_filename] .= ' SSLCACertificateFile ' . makeCorrectFile($domain['ssl_ca_file']) . "\n";
 								}
 							}
 
 							// #418
-							if ($row_ipsandports['ssl_cert_chainfile'] != '') {
+							if ($domain['ssl_cert_chainfile'] != '') {
 								// check for existence, #1485
-								if (!file_exists($row_ipsandports['ssl_cert_chainfile'])) {
-									$this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate chain file "'.$row_ipsandports['ssl_cert_chainfile'].'" does not exist! Cannot create ssl-directives');
-									echo $ipport . ' :: certificate chain file "'.$row_ipsandports['ssl_cert_chainfile'].'" does not exist! SSL-directives might not be working'."\n";
+								if (! file_exists($domain['ssl_cert_chainfile'])) {
+									$this->logger->logAction(CRON_ACTION, LOG_ERR, $ipport . ' :: certificate chain file "' . $domain['ssl_cert_chainfile'] . '" does not exist! Cannot create ssl-directives');
 								} else {
-									$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateChainFile ' . makeCorrectFile($row_ipsandports['ssl_cert_chainfile']) . "\n";
+									$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateChainFile ' . makeCorrectFile($domain['ssl_cert_chainfile']) . "\n";
 								}
 							}
 						}
+					} else {
+						// if there is no cert-file specified but we are generating a ssl-vhost,
+						// we should return an empty string because this vhost would suck dick, ref #1583
+						$this->logger->logAction(CRON_ACTION, LOG_ERR, $domain['domain'] . ' :: empty certificate file! Cannot create ssl-directives');
+						$this->virtualhosts_data[$vhosts_filename] = $without_vhost;
+						$this->virtualhosts_data[$vhosts_filename] .= '# no ssl-certificate was specified for this domain, therefore no explicit vhost-container is being generated';
+						$close_vhost = false;
 					}
 				}
 
+				if ($close_vhost) {
 					$this->virtualhosts_data[$vhosts_filename] .= '</VirtualHost>' . "\n";
+				}
 				$this->logger->logAction(CRON_ACTION, LOG_DEBUG, $ipport . ' :: inserted vhostcontainer');
 			}
 			unset($vhosts_filename);
@@ -430,7 +476,6 @@ class apache extends HttpConfigBase {
 		$this->_createStandardErrorHandler();
 	}
 
-
 	/**
 	 * We put together the needed php options in the virtualhost entries
 	 *
@@ -439,20 +484,17 @@ class apache extends HttpConfigBase {
 	 *
 	 * @return string
 	 */
-	protected function composePhpOptions($domain, $ssl_vhost = false) {
+	protected function composePhpOptions($domain, $ssl_vhost = false)
+	{
 		$php_options_text = '';
 
 		if ($domain['phpenabled'] == '1') {
 			// This vHost has PHP enabled and we are using the regular mod_php
 
-            if ($domain['openbasedir'] == '1')
-            {
-                if ($domain['openbasedir_path'] == '1' || strstr($domain['documentroot'], ":") !== false)
-                {
+			if ($domain['openbasedir'] == '1') {
+				if ($domain['openbasedir_path'] == '1' || strstr($domain['documentroot'], ":") !== false) {
 					$_phpappendopenbasedir = appendOpenBasedirPath($domain['customerroot'], true);
-                }
-                else
-                {
+				} else {
 					$_phpappendopenbasedir = appendOpenBasedirPath($domain['documentroot'], true);
 				}
 
@@ -481,14 +523,14 @@ class apache extends HttpConfigBase {
 		return $php_options_text;
 	}
 
-
-	public function createOwnVhostStarter() {}
-
+	public function createOwnVhostStarter()
+	{}
 
 	/**
 	 * We collect all servernames and Aliases
 	 */
-	protected function getServerNames($domain) {
+	protected function getServerNames($domain)
+	{
 		$servernames_text = '  ServerName ' . $domain['domain'] . "\n";
 
 		$server_alias = '';
@@ -507,7 +549,9 @@ class apache extends HttpConfigBase {
 			FROM `" . TABLE_PANEL_DOMAINS . "`
 			WHERE `aliasdomain`= :domainid
 		");
-		Database::pexecute($alias_domains_stmt, array('domainid' => $domain['id']));
+		Database::pexecute($alias_domains_stmt, array(
+			'domainid' => $domain['id']
+		));
 
 		while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {
 			$server_alias = '  ServerAlias ' . $alias_domain['domain'];
@@ -527,18 +571,16 @@ class apache extends HttpConfigBase {
 		return $servernames_text;
 	}
 
-
 	/**
 	 * Let's get the webroot
 	 */
-	protected function getWebroot($domain) {
+	protected function getWebroot($domain)
+	{
 		$webroot_text = '';
 		$domain['customerroot'] = makeCorrectDir($domain['customerroot']);
 		$domain['documentroot'] = makeCorrectDir($domain['documentroot']);
 
-		if ($domain['deactivated'] == '1'
-			&& Settings::Get('system.deactivateddocroot') != ''
-		) {
+		if ($domain['deactivated'] == '1' && Settings::Get('system.deactivateddocroot') != '') {
 			$webroot_text .= '  # Using docroot for deactivated users...' . "\n";
 			$webroot_text .= '  DocumentRoot "' . makeCorrectDir(Settings::Get('system.deactivateddocroot')) . "\"\n";
 			$this->_deactivated = true;
@@ -550,11 +592,11 @@ class apache extends HttpConfigBase {
 		return $webroot_text;
 	}
 
-
 	/**
 	 * Lets set the text part for the stats software
 	 */
-	protected function getStats($domain) {
+	protected function getStats($domain)
+	{
 		$stats_text = '';
 
 		if ($domain['speciallogfile'] == '1') {
@@ -573,8 +615,7 @@ class apache extends HttpConfigBase {
 				} else {
 					$stats_text .= '  Alias /webalizer "' . makeCorrectFile($domain['customerroot'] . '/webalizer') . '"' . "\n";
 				}
-			}
-			// if the docroots are equal, we still have to set an alias for awstats
+			} // if the docroots are equal, we still have to set an alias for awstats
 			  // because the stats are in /awstats/[domain], not just /awstats/
 			  // also, the awstats-icons are someplace else too!
 			  // -> webalizer does not need this!
@@ -587,12 +628,11 @@ class apache extends HttpConfigBase {
 		return $stats_text;
 	}
 
-
 	/**
 	 * Lets set the logfiles
 	 */
-	protected function getLogfiles($domain) {
-
+	protected function getLogfiles($domain)
+	{
 		$logfiles_text = '';
 
 		if ($domain['speciallogfile'] == '1') {
@@ -630,7 +670,9 @@ class apache extends HttpConfigBase {
 					FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `aliasdomain` = :domainid OR `parentdomainid` = :domainid
 				");
-				Database::pexecute($alias_domains_stmt, array('domainid' => $domain['id']));
+				Database::pexecute($alias_domains_stmt, array(
+					'domainid' => $domain['id']
+				));
 
 				while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {
 
@@ -661,21 +703,14 @@ class apache extends HttpConfigBase {
 		return $logfiles_text;
 	}
 
-
 	/**
 	 * Get the filename for the virtualhost
 	 */
-	protected function getVhostFilename($domain, $ssl_vhost = false) {
-		if ((int)$domain['parentdomainid'] == 0
-			&& isCustomerStdSubdomain((int)$domain['id']) == false
-			&& ((int)$domain['ismainbutsubto'] == 0
-				|| domainMainToSubExists($domain['ismainbutsubto']) == false)
-		) {
+	protected function getVhostFilename($domain, $ssl_vhost = false)
+	{
+		if ((int) $domain['parentdomainid'] == 0 && isCustomerStdSubdomain((int) $domain['id']) == false && ((int) $domain['ismainbutsubto'] == 0 || domainMainToSubExists($domain['ismainbutsubto']) == false)) {
 			$vhost_no = '35';
-		} elseif ((int)$domain['parentdomainid'] == 0
-			&& isCustomerStdSubdomain((int)$domain['id']) == false
-			&& (int)$domain['ismainbutsubto'] > 0
-		) {
+		} elseif ((int) $domain['parentdomainid'] == 0 && isCustomerStdSubdomain((int) $domain['id']) == false && (int) $domain['ismainbutsubto'] > 0) {
 			$vhost_no = '30';
 		} else {
 			// number of dots in a domain specifies it's position (and depth of subdomain) starting at 29 going downwards on higher depth
@@ -694,20 +729,16 @@ class apache extends HttpConfigBase {
 	/**
 	 * We compose the virtualhost entry for one domain
 	 */
-	protected function getVhostContent($domain, $ssl_vhost = false) {
-		if ($ssl_vhost === true
-			&& ($domain['ssl_redirect'] != '1'
-				&& $domain['ssl'] != '1')
-		) {
+	protected function getVhostContent($domain, $ssl_vhost = false)
+	{
+		if ($ssl_vhost === true && ($domain['ssl_redirect'] != '1' && $domain['ssl'] != '1')) {
 			return '';
 		}
 
 		$query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip`
 			WHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports ";
 
-		if ($ssl_vhost === true
-			&& ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')
-		) {
+		if ($ssl_vhost === true && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')) {
 			// by ordering by cert-file the row with filled out SSL-Fields will be shown last, thus it is enough to fill out 1 set of SSL-Fields
 			$query .= "AND i.ssl = '1' ORDER BY i.ssl_cert_file ASC;";
 		} else {
@@ -716,7 +747,9 @@ class apache extends HttpConfigBase {
 
 		$vhost_content = '';
 		$result_stmt = Database::prepare($query);
-		Database::pexecute($result_stmt, array('domainid' => $domain['id']));
+		Database::pexecute($result_stmt, array(
+			'domainid' => $domain['id']
+		));
 
 		$ipportlist = '';
 		$_vhost_content = '';
@@ -745,12 +778,7 @@ class apache extends HttpConfigBase {
 			}
 
 			if ($ipandport['default_vhostconf_domain'] != '') {
-				$_vhost_content .= $this->processSpecialConfigTemplate(
-										$ipandport['default_vhostconf_domain'],
-										$domain,
-										$domain['ip'],
-										$domain['port'],
-										$ssl_vhost) . "\n";
+				$_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
 			}
 			$ipportlist .= $ipport;
 		}
@@ -758,10 +786,7 @@ class apache extends HttpConfigBase {
 		$vhost_content .= '<VirtualHost ' . trim($ipportlist) . '>' . "\n";
 		$vhost_content .= $this->getServerNames($domain);
 
-		if (($ssl_vhost == false
-				&& $domain['ssl'] == '1'
-				&& $domain['ssl_redirect'] == '1')
-		) {
+		if (($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1')) {
 			// We must not check if our port differs from port 443,
 			// but if there is a destination-port != 443
 			$_sslport = '';
@@ -775,7 +800,9 @@ class apache extends HttpConfigBase {
 				AND `ip`.`ssl` = '1'  AND `ip`.`port` != 443
 				ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;
 			");
-			$ssldestport = Database::pexecute_first($ssldestport_stmt, array('domainid' => $domain['id']));
+			$ssldestport = Database::pexecute_first($ssldestport_stmt, array(
+				'domainid' => $domain['id']
+			));
 
 			if ($ssldestport['port'] != '') {
 				$_sslport = ":" . $ssldestport['port'];
@@ -784,10 +811,7 @@ class apache extends HttpConfigBase {
 			$domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
 		}
 
-		if ($ssl_vhost === true
-			&& $domain['ssl'] == '1'
-			&& Settings::Get('system.use_ssl') == '1'
-		) {
+		if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
 			if ($domain['ssl_cert_file'] == '') {
 				$domain['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
 			}
@@ -806,7 +830,7 @@ class apache extends HttpConfigBase {
 
 			if ($domain['ssl_cert_file'] != '') {
 				$vhost_content .= '  SSLEngine On' . "\n";
-				$vhost_content .= '  SSLProtocol ALL -SSLv2 -SSLv3' . "\n";
+				$vhost_content .= '  SSLProtocol -ALL +TLSv1 +TLSv1.2' . "\n";
 				// this makes it more secure, thx to Marcel (08/2013)
 				$vhost_content .= '  SSLHonorCipherOrder On' . "\n";
 				$vhost_content .= '  SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
@@ -825,11 +849,11 @@ class apache extends HttpConfigBase {
 					$vhost_content .= '  SSLCertificateChainFile ' . makeCorrectFile($domain['ssl_cert_chainfile']) . "\n";
 				}
 
-				if ($domain['hsts'] > 0) {
+				if ($domain['hsts'] >= 0) {
 					$vhost_content .= '  <IfModule mod_headers.c>' . "\n";
 					$vhost_content .= '    Header always set Strict-Transport-Security "max-age=' . $domain['hsts'];
 					if ($domain['hsts_sub'] == 1) {
-						$vhost_content .= '; includeSubdomains';
+						$vhost_content .= '; includeSubDomains';
 					}
 					if ($domain['hsts_preload'] == 1) {
 						$vhost_content .= '; preload';
@@ -845,9 +869,14 @@ class apache extends HttpConfigBase {
 			}
 		}
 
-		if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
-			$corrected_docroot = $this->idnaConvert->encode($domain['documentroot']);
+		// avoid using any whitespaces
+		$domain['documentroot'] = trim($domain['documentroot']);
 
+		if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
+			$corrected_docroot = $domain['documentroot'];
+
+			// prevent empty return-cde
+			$code = "301";
 			// Get domain's redirect code
 			$code = getDomainRedirectCode($domain['id']);
 			$modrew_red = '';
@@ -861,11 +890,14 @@ class apache extends HttpConfigBase {
 			if (! $ssl_vhost) {
 				$vhost_content .= '    RewriteCond %{HTTPS} off' . "\n";
 			}
+			if ($domain['letsencrypt'] == '1') {
+				$vhost_content .= '    RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge' . "\n";
+			}
 			$vhost_content .= '    RewriteRule ^/(.*) ' . $corrected_docroot . '$1' . $modrew_red . "\n";
 			$vhost_content .= '  </IfModule>' . "\n";
-
-			$vhost_content .= '  Redirect '.$code.' / ' . $this->idnaConvert->encode($domain['documentroot']) . "\n";
-
+			$vhost_content .= '  <IfModule !mod_rewrite.c>' . "\n";
+			$vhost_content .= '    Redirect ' . $code . ' / ' . $corrected_docroot . "\n";
+			$vhost_content .= '  </IfModule>' . "\n";
 		} else {
 
 			mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true, true);
@@ -877,12 +909,7 @@ class apache extends HttpConfigBase {
 			$vhost_content .= $this->getLogfiles($domain);
 
 			if ($domain['specialsettings'] != '') {
-				$vhost_content .= $this->processSpecialConfigTemplate(
-						$domain['specialsettings'],
-						$domain,
-						$domain['ip'],
-						$domain['port'],
-						$ssl_vhost) . "\n";
+				$vhost_content .= $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
 			}
 
 			if ($_vhost_content != '') {
@@ -890,12 +917,7 @@ class apache extends HttpConfigBase {
 			}
 
 			if (Settings::Get('system.default_vhostconf') != '') {
-				$vhost_content .= $this->processSpecialConfigTemplate(
-						Settings::Get('system.default_vhostconf'),
-						$domain,
-						$domain['ip'],
-						$domain['port'],
-						$ssl_vhost) . "\n";
+				$vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
 			}
 		}
 
@@ -904,12 +926,11 @@ class apache extends HttpConfigBase {
 		return $vhost_content;
 	}
 
-
 	/**
 	 * We compose the virtualhost entries for the domains
 	 */
-	public function createVirtualHosts() {
-
+	public function createVirtualHosts()
+	{
 		$domains = WebserverBase::getVhostsToCreate();
 		foreach ($domains as $domain) {
 
@@ -919,9 +940,7 @@ class apache extends HttpConfigBase {
 			// Apply header
 			$this->virtualhosts_data[$vhosts_filename] = '# Domain ID: ' . $domain['id'] . ' - CustomerID: ' . $domain['customerid'] . ' - CustomerLogin: ' . $domain['loginname'] . "\n";
 
-			if ($domain['deactivated'] != '1'
-				|| Settings::Get('system.deactivateddocroot') != ''
-			) {
+			if ($domain['deactivated'] != '1' || Settings::Get('system.deactivateddocroot') != '') {
 				// Create vhost without ssl
 				$this->virtualhosts_data[$vhosts_filename] .= $this->getVhostContent($domain, false);
 
@@ -937,11 +956,11 @@ class apache extends HttpConfigBase {
 		}
 	}
 
-
 	/**
 	 * We compose the diroption entries for the paths
 	 */
-	public function createFileDirOptions() {
+	public function createFileDirOptions()
+	{
 		$result_stmt = Database::query("
 			SELECT `htac`.*, `c`.`guid`, `c`.`documentroot` AS `customerroot`
 			FROM `" . TABLE_PANEL_HTACCESS . "` `htac`
@@ -951,10 +970,7 @@ class apache extends HttpConfigBase {
 		$diroptions = array();
 
 		while ($row_diroptions = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
-			if ($row_diroptions['customerid'] != 0
-				&& isset($row_diroptions['customerroot'])
-				&& $row_diroptions['customerroot'] != ''
-			) {
+			if ($row_diroptions['customerid'] != 0 && isset($row_diroptions['customerroot']) && $row_diroptions['customerroot'] != '') {
 				$diroptions[$row_diroptions['path']] = $row_diroptions;
 				$diroptions[$row_diroptions['path']]['htpasswds'] = array();
 			}
@@ -968,10 +984,7 @@ class apache extends HttpConfigBase {
 		");
 
 		while ($row_htpasswds = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
-			if ($row_htpasswds['customerid'] != 0
-				&& isset($row_htpasswds['customerroot'])
-				&& $row_htpasswds['customerroot'] != ''
-			) {
+			if ($row_htpasswds['customerid'] != 0 && isset($row_htpasswds['customerroot']) && $row_htpasswds['customerroot'] != '') {
 				if (! isset($diroptions[$row_htpasswds['path']]) || ! is_array($diroptions[$row_htpasswds['path']])) {
 					$diroptions[$row_htpasswds['path']] = array();
 				}
@@ -998,16 +1011,11 @@ class apache extends HttpConfigBase {
 
 				$this->diroptions_data[$diroptions_filename] .= '<Directory "' . $row_diroptions['path'] . '">' . "\n";
 
-				if (isset($row_diroptions['options_indexes'])
-					&& $row_diroptions['options_indexes'] == '1'
-				) {
+				if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '1') {
 					$this->diroptions_data[$diroptions_filename] .= '  Options +Indexes';
 
 					// add perl options if enabled
-					if ($cperlenabled
-						&& isset($row_diroptions['options_cgi'])
-						&& $row_diroptions['options_cgi'] == '1'
-					) {
+					if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') {
 						$this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n";
 					} else {
 						$this->diroptions_data[$diroptions_filename] .= "\n";
@@ -1015,16 +1023,11 @@ class apache extends HttpConfigBase {
 					$this->logger->logAction(CRON_ACTION, LOG_INFO, 'Setting Options +Indexes for ' . $row_diroptions['path']);
 				}
 
-				if (isset($row_diroptions['options_indexes'])
-					&& $row_diroptions['options_indexes'] == '0'
-				) {
+				if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '0') {
 					$this->diroptions_data[$diroptions_filename] .= '  Options -Indexes';
 
 					// add perl options if enabled
-					if ($cperlenabled
-						&& isset($row_diroptions['options_cgi'])
-						&& $row_diroptions['options_cgi'] == '1'
-					) {
+					if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') {
 						$this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n";
 					} else {
 						$this->diroptions_data[$diroptions_filename] .= "\n";
@@ -1032,11 +1035,13 @@ class apache extends HttpConfigBase {
 					$this->logger->logAction(CRON_ACTION, LOG_INFO, 'Setting Options -Indexes for ' . $row_diroptions['path']);
 				}
 
-				$statusCodes = array('404', '403', '500');
+				$statusCodes = array(
+					'404',
+					'403',
+					'500'
+				);
 				foreach ($statusCodes as $statusCode) {
-					if (isset($row_diroptions['error' . $statusCode . 'path'])
-						&& $row_diroptions['error' . $statusCode . 'path'] != ''
-					) {
+					if (isset($row_diroptions['error' . $statusCode . 'path']) && $row_diroptions['error' . $statusCode . 'path'] != '') {
 						$defhandler = $row_diroptions['error' . $statusCode . 'path'];
 						if (! validateUrl($defhandler)) {
 							if (substr($defhandler, 0, 1) != '"' && substr($defhandler, - 1, 1) != '"') {
@@ -1047,10 +1052,7 @@ class apache extends HttpConfigBase {
 					}
 				}
 
-				if ($cperlenabled
-					&& isset($row_diroptions['options_cgi'])
-					&& $row_diroptions['options_cgi'] == '1'
-				) {
+				if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') {
 					$this->diroptions_data[$diroptions_filename] .= '  AllowOverride None' . "\n";
 					$this->diroptions_data[$diroptions_filename] .= '  AddHandler cgi-script .cgi .pl' . "\n";
 					// >=apache-2.4 enabled?
@@ -1128,11 +1130,11 @@ class apache extends HttpConfigBase {
 		}
 	}
 
-
 	/**
 	 * We write the configs
 	 */
-	public function writeConfigs() {
+	public function writeConfigs()
+	{
 		// Write diroptions
 		$this->logger->logAction(CRON_ACTION, LOG_INFO, "apache::writeConfigs: rebuilding " . Settings::Get('system.apacheconf_diroptions'));
 
@@ -1247,6 +1249,4 @@ class apache extends HttpConfigBase {
 			}
 		}
 	}
-
-
 }

scripts/jobs/cron_tasks.inc.http.20.lighttpd.php

@@ -1,4 +1,7 @@
-<?php if (!defined('MASTER_CRONJOB')) die('You cannot access this file directly!');
+<?php
+
+if (! defined('MASTER_CRONJOB'))
+	die('You cannot access this file directly!');
 
 /**
  * This file is part of the Froxlor project.
@@ -15,20 +18,27 @@
  * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
  * @package Cron
  *
- * @TODO ssl-redirect to non-standard port
+ * @todo ssl-redirect to non-standard port
  */
 
 require_once (dirname(__FILE__) . '/../classes/class.HttpConfigBase.php');
 
-class lighttpd extends HttpConfigBase {
+class lighttpd extends HttpConfigBase
+{
+
 	private $logger = false;
+
 	private $idnaConvert = false;
 
 	// protected
 	protected $lighttpd_data = array();
+
 	protected $needed_htpasswds = array();
+
 	protected $auth_backend_loaded = false;
+
 	protected $htpasswd_files = array();
+
 	protected $mod_accesslog_loaded = "0";
 
 	/**
@@ -39,13 +49,14 @@ class lighttpd extends HttpConfigBase {
 	 */
 	private $_deactivated = false;
 
-	public function __construct($logger, $idnaConvert) {
+	public function __construct($logger, $idnaConvert)
+	{
 		$this->logger = $logger;
 		$this->idnaConvert = $idnaConvert;
 	}
 
-
-	public function reload() {
+	public function reload()
+	{
 		if ((int) Settings::Get('phpfpm.enabled') == 1) {
 			$this->logger->logAction(CRON_ACTION, LOG_INFO, 'lighttpd::reload: reloading php-fpm');
 			safe_exec(escapeshellcmd(Settings::Get('phpfpm.reload')));
@@ -54,8 +65,8 @@ class lighttpd extends HttpConfigBase {
 		safe_exec(escapeshellcmd(Settings::Get('system.apachereload_command')));
 	}
 
-
-	public function createIpPort() {
+	public function createIpPort()
+	{
 		$result_ipsandports_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC");
 
 		while ($row_ipsandports = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
@@ -89,26 +100,38 @@ class lighttpd extends HttpConfigBase {
 				$this->lighttpd_data[$vhost_filename] .= '# Froxlor default vhost' . "\n";
 				$this->lighttpd_data[$vhost_filename] .= '$HTTP["host"] =~ "^(?:www\.|)' . $myhost . '$" {' . "\n";
 
-				if ($row_ipsandports['docroot'] == '') {
-					if (Settings::Get('system.froxlordirectlyviahostname')) {
-						$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
-					} else {
-						$mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
-					}
-				} else {
-					// user-defined docroot, #417
-					$mypath = makeCorrectDir($row_ipsandports['docroot']);
-				}
+				$mypath = $this->getMyPath($row_ipsandports);
 
 				$this->lighttpd_data[$vhost_filename] .= '  server.document-root = "' . $mypath . '"' . "\n";
 
+				$is_redirect = false;
+				// check for SSL redirect
+				if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
+					$is_redirect = true;
+					// check whether froxlor uses Let's Encrypt and not cert is being generated yet
+					// or a renew is ongoing - disable redirect
+					if (Settings::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {
+						$this->lighttpd_data[$vhost_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL;
+						$is_redirect = false;
+					} else {
+						$_sslport = $this->checkAlternativeSslPort();
+						$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
+
+						$this->lighttpd_data[$vhost_filename] .= '  url.redirect = (' . "\n";
+						$this->lighttpd_data[$vhost_filename] .= '     "^/(.*)$" => "' . $mypath . '$1"' . "\n";
+						$this->lighttpd_data[$vhost_filename] .= '  )' . "\n";
+					}
+				}
+
+				if (!$is_redirect) {
 					/**
 					 * dirprotection, see #72
-				 * @TODO use better regex for this, deferred until 0.9.5
 					 *
-				 $this->lighttpd_data[$vhost_filename].= '  $HTTP["url"] =~ "^/(.+)\/(.+)\.php" {' . "\n";
-				 $this->lighttpd_data[$vhost_filename].= '    url.access-deny = ("")' . "\n";
-				 $this->lighttpd_data[$vhost_filename].= '  }' . "\n";
+					 * @todo use better regex for this, deferred until 0.9.5
+					 *
+					 *       $this->lighttpd_data[$vhost_filename].= ' $HTTP["url"] =~ "^/(.+)\/(.+)\.php" {' . "\n";
+					 *       $this->lighttpd_data[$vhost_filename].= ' url.access-deny = ("")' . "\n";
+					 *       $this->lighttpd_data[$vhost_filename].= ' }' . "\n";
 					 */
 
 					/**
@@ -140,15 +163,10 @@ class lighttpd extends HttpConfigBase {
 						$this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
 						$this->lighttpd_data[$vhost_filename] .= '  )' . "\n";
 					}
+				}
 
 				if ($row_ipsandports['specialsettings'] != '') {
-					$this->lighttpd_data[$vhost_filename].= $this->processSpecialConfigTemplate(
-							$row_ipsandports['specialsettings'],
-							$domain,
-							$row_ipsandports['ip'],
-							$row_ipsandports['port'],
-							$row_ipsandports['ssl'] == '1'
-					). "\n";
+					$this->lighttpd_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], $domain, $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";
 				}
 
 				$this->lighttpd_data[$vhost_filename] .= '}' . "\n";
@@ -163,26 +181,49 @@ class lighttpd extends HttpConfigBase {
 					$row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');
 				}
 
-				if ($row_ipsandports['ssl_cert_file'] != '') {
+				$domain = array(
+					'id' => 0,
+					'domain' => Settings::Get('system.hostname'),
+					'adminid' => 1, /* first admin-user (superadmin) */
+					'loginname' => 'froxlor.panel',
+					'documentroot' => $mypath,
+					'parentdomainid' => 0,
+				);
+
+				// override corresponding array values
+				$domain['ssl_cert_file'] = $row_ipsandports['ssl_cert_file'];
+				$domain['ssl_key_file'] = $row_ipsandports['ssl_key_file'];
+				$domain['ssl_ca_file'] = $row_ipsandports['ssl_ca_file'];
+				$domain['ssl_cert_chainfile'] = $row_ipsandports['ssl_cert_chainfile'];
+
+				// SSL STUFF
+				$dssl = new DomainSSL();
+				// this sets the ssl-related array-indices in the $domain array
+				// if the domain has customer-defined ssl-certificates
+				$dssl->setDomainSSLFilesArray($domain);
+
+				if ($domain['ssl_cert_file'] != '') {
 
 					// check for existence, #1485
-				    if (!file_exists($row_ipsandports['ssl_cert_file'])) {
-				        $this->logger->logAction(CRON_ACTION, LOG_ERR, $ip.':'.$port . ' :: certificate file "'.$row_ipsandports['ssl_cert_file'].'" does not exist! Cannot create ssl-directives');
-				        echo $ip.':'.$port . ' :: certificate file "'.$row_ipsandports['ssl_cert_file'].'" does not exist! Cannot create SSL-directives'."\n";
+					if (! file_exists($domain['ssl_cert_file'])) {
+						$this->logger->logAction(CRON_ACTION, LOG_ERR, $ip . ':' . $port . ' :: certificate file "' . $domain['ssl_cert_file'] . '" does not exist! Cannot create ssl-directives');
+						echo $ip . ':' . $port . ' :: certificate file "' . $domain['ssl_cert_file'] . '" does not exist! Cannot create SSL-directives' . "\n";
 					} else {
 						$this->lighttpd_data[$vhost_filename] .= 'ssl.engine = "enable"' . "\n";
+						$this->lighttpd_data[$vhost_filename] .= 'ssl.use-compression = "disable"' . "\n";
 						$this->lighttpd_data[$vhost_filename] .= 'ssl.use-sslv2 = "disable"' . "\n";
+						$this->lighttpd_data[$vhost_filename] .= 'ssl.use-sslv3 = "disable"' . "\n";
 						$this->lighttpd_data[$vhost_filename] .= 'ssl.cipher-list = "' . Settings::Get('system.ssl_cipher_list') . '"' . "\n";
 						$this->lighttpd_data[$vhost_filename] .= 'ssl.honor-cipher-order = "enable"' . "\n";
-    					$this->lighttpd_data[$vhost_filename].= 'ssl.pemfile = "' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . '"' . "\n";
+						$this->lighttpd_data[$vhost_filename] .= 'ssl.pemfile = "' . makeCorrectFile($domain['ssl_cert_file']) . '"' . "\n";
 
-    					if ($row_ipsandports['ssl_ca_file'] != '') {
+						if ($domain['ssl_ca_file'] != '') {
 							// check for existence, #1485
-    					    if (!file_exists($row_ipsandports['ssl_ca_file'])) {
-    					        $this->logger->logAction(CRON_ACTION, LOG_ERR, $ip.':'.$port . ' :: certificate CA file "'.$row_ipsandports['ssl_ca_file'].'" does not exist! Cannot create ssl-directives');
-    					        echo $ip.':'.port . ' :: certificate CA file "'.$row_ipsandports['ssl_ca_file'].'" does not exist! SSL-directives might not be working'."\n";
+							if (! file_exists($domain['ssl_ca_file'])) {
+								$this->logger->logAction(CRON_ACTION, LOG_ERR, $ip . ':' . $port . ' :: certificate CA file "' . $domain['ssl_ca_file'] . '" does not exist! Cannot create ssl-directives');
+								echo $ip . ':' . port . ' :: certificate CA file "' . $domain['ssl_ca_file'] . '" does not exist! SSL-directives might not be working' . "\n";
 							} else {
-    						  $this->lighttpd_data[$vhost_filename].= 'ssl.ca-file = "' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . '"' . "\n";
+								$this->lighttpd_data[$vhost_filename] .= 'ssl.ca-file = "' . makeCorrectFile($domain['ssl_ca_file']) . '"' . "\n";
 							}
 						}
 					}
@@ -213,14 +254,12 @@ class lighttpd extends HttpConfigBase {
 		$this->_createStandardErrorHandler();
 	}
 
-
 	/**
 	 * define a default server.error-handler-404-statement, bug #unknown-yet
 	 */
-	private function _createStandardErrorHandler() {
-		if (Settings::Get('defaultwebsrverrhandler.enabled') == '1'
-			&& Settings::Get('defaultwebsrverrhandler.err404') != ''
-		) {
+	private function _createStandardErrorHandler()
+	{
+		if (Settings::Get('defaultwebsrverrhandler.enabled') == '1' && Settings::Get('defaultwebsrverrhandler.err404') != '') {
 			$vhost_filename = makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/05_froxlor_default_errorhandler.conf');
 
 			if (! isset($this->lighttpd_data[$vhost_filename])) {
@@ -235,14 +274,16 @@ class lighttpd extends HttpConfigBase {
 		}
 	}
 
-
-	protected function create_htaccess($domain) {
+	protected function create_htaccess($domain)
+	{
 		$needed_htpasswds = array();
 		$result_htpasswds_stmt = Database::prepare("
 			SELECT * FROM " . TABLE_PANEL_HTPASSWDS . "
 			WHERE `path` LIKE :docroot
 		");
-		Database::pexecute($result_htpasswds_stmt, array('docroot' => $domain['documentroot'] . '%'));
+		Database::pexecute($result_htpasswds_stmt, array(
+			'docroot' => $domain['documentroot'] . '%'
+		));
 
 		$htaccess_text = '';
 		while ($row_htpasswds = $result_htpasswds_stmt->fetch(PDO::FETCH_ASSOC)) {
@@ -283,25 +324,20 @@ class lighttpd extends HttpConfigBase {
 		return $htaccess_text;
 	}
 
+	public function createVirtualHosts()
+	{}
 
-	public function createVirtualHosts() {
-	}
+	public function createFileDirOptions()
+	{}
 
+	protected function composePhpOptions($domain)
+	{}
 
-	public function createFileDirOptions() {
-	}
-
-
-	protected function composePhpOptions($domain) {
-	}
-
-
-	public function createOwnVhostStarter() {
-	}
-
-
-	protected function createLighttpdHosts($ipid, $ssl, $vhost_filename) {
+	public function createOwnVhostStarter()
+	{}
 
+	protected function createLighttpdHosts($ipid, $ssl, $vhost_filename)
+	{
 		$domains = WebserverBase::getVhostsToCreate();
 		foreach ($domains as $domain) {
 
@@ -316,21 +352,12 @@ class lighttpd extends HttpConfigBase {
 				$_inc_path = substr($_tmp_path, $_pos + 1);
 
 				// maindomain
-				if ((int)$domain['parentdomainid'] == 0
-					&& isCustomerStdSubdomain((int)$domain['id']) == false
-					&& ((int)$domain['ismainbutsubto'] == 0
-						|| domainMainToSubExists($domain['ismainbutsubto']) == false)
-				) {
+				if ((int) $domain['parentdomainid'] == 0 && isCustomerStdSubdomain((int) $domain['id']) == false && ((int) $domain['ismainbutsubto'] == 0 || domainMainToSubExists($domain['ismainbutsubto']) == false)) {
 					$vhost_no = '50';
-				}
-				// sub-but-main-domain
-				elseif ((int)$domain['parentdomainid'] == 0
-					&& isCustomerStdSubdomain((int)$domain['id']) == false
-					&& (int)$domain['ismainbutsubto'] > 0
-				) {
+				}				// sub-but-main-domain
+				elseif ((int) $domain['parentdomainid'] == 0 && isCustomerStdSubdomain((int) $domain['id']) == false && (int) $domain['ismainbutsubto'] > 0) {
 					$vhost_no = '51';
-				}
-				// subdomains
+				} 				// subdomains
 				else {
 					// number of dots in a domain specifies it's position (and depth of subdomain) starting at 89 going downwards on higher depth
 					$vhost_no = (string) (90 - substr_count($domain['domain'], ".") + 1);
@@ -348,10 +375,7 @@ class lighttpd extends HttpConfigBase {
 				$this->lighttpd_data[$vhost_filename] = '';
 			}
 
-			if ((!empty($this->lighttpd_data[$vhost_filename])
-					&& !is_dir(Settings::Get('system.apacheconf_vhost')))
-				|| is_dir(Settings::Get('system.apacheconf_vhost'))
-			) {
+			if ((! empty($this->lighttpd_data[$vhost_filename]) && ! is_dir(Settings::Get('system.apacheconf_vhost'))) || is_dir(Settings::Get('system.apacheconf_vhost'))) {
 				if ($ssl == '1') {
 					$ssl_vhost = true;
 					$ips_and_ports_index = 'ssl_ipandport';
@@ -370,12 +394,9 @@ class lighttpd extends HttpConfigBase {
 		return $included_vhosts;
 	}
 
-
-	protected function getVhostContent($domain, $ssl_vhost = false, $ipid) {
-		if ($ssl_vhost === true
-			&& $domain['ssl'] != '1'
-			&& $domain['ssl_redirect'] != '1'
-		) {
+	protected function getVhostContent($domain, $ssl_vhost = false, $ipid)
+	{
+		if ($ssl_vhost === true && $domain['ssl'] != '1' && $domain['ssl_redirect'] != '1') {
 			return '';
 		}
 
@@ -383,24 +404,21 @@ class lighttpd extends HttpConfigBase {
 		$vhost_content .= $this->getServerNames($domain) . " {\n";
 
 		// respect ssl_redirect settings, #542
-		if ($ssl_vhost == false
-			&& $domain['ssl'] == '1'
-			&& $domain['ssl_redirect'] == '1'
-		) {
+		if ($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1') {
 			// We must not check if our port differs from port 443,
 			// but if there is a destination-port != 443
 			$_sslport = '';
 			// This returns the first port that is != 443 with ssl enabled, if any
 			// ordered by ssl-certificate (if any) so that the ip/port combo
 			// with certificate is used
-			$ssldestport_stmt = Database::prepare(
-				"SELECT `ip`.`port` FROM ".TABLE_PANEL_IPSANDPORTS." `ip`
+			$ssldestport_stmt = Database::prepare("SELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip`
 				LEFT JOIN `" . TABLE_DOMAINTOIP . "` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`)
 				WHERE `dip`.`id_domain` = :domainid
 				AND `ip`.`ssl` = '1'  AND `ip`.`port` != 443
-				ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;"
-			);
-			$ssldestport = Database::pexecute_first($ssldestport_stmt, array('domainid' => $domain['id']));
+				ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;");
+			$ssldestport = Database::pexecute_first($ssldestport_stmt, array(
+				'domainid' => $domain['id']
+			));
 
 			if ($ssldestport['port'] != '') {
 				$_sslport = ":" . $ssldestport['port'];
@@ -409,19 +427,26 @@ class lighttpd extends HttpConfigBase {
 			$domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
 		}
 
-		if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
-			$vhost_content.= '  url.redirect = (' . "\n";
-			$vhost_content.= '     "^/(.*)$" => "'. $this->idnaConvert->encode($domain['documentroot']) . '$1"'. "\n";
-			$vhost_content.= '  )' . "\n";
+		// avoid using any whitespaces
+		$domain['documentroot'] = trim($domain['documentroot']);
 
+		if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
+			$uri = $domain['documentroot'];
+			// prevent empty return-cde
+			$code = "301";
+			// Get domain's redirect code
+			$code = getDomainRedirectCode($domain['id']);
+
+			$vhost_content .= '  url.redirect-code = ' . $code. "\n";
+			$vhost_content .= '  url.redirect = (' . "\n";
+			$vhost_content .= '     "^/(.*)$" => "' . $uri . '$1"' . "\n";
+			$vhost_content .= '  )' . "\n";
 		} else {
 
 			mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true, true);
 
 			$only_webroot = false;
-			if ($ssl_vhost === false
-				&& $domain['ssl_redirect'] == '1'
-			) {
+			if ($ssl_vhost === false && $domain['ssl_redirect'] == '1') {
 				$only_webroot = true;
 			}
 
@@ -437,7 +462,9 @@ class lighttpd extends HttpConfigBase {
 						SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "`
 						WHERE `id` = :id
 					");
-					$ipandport = Database::pexecute_first($ipandport_stmt, array('id' => $ipid));
+					$ipandport = Database::pexecute_first($ipandport_stmt, array(
+						'id' => $ipid
+					));
 
 					$domain['ip'] = $ipandport['ip'];
 					$domain['port'] = $ipandport['port'];
@@ -456,30 +483,15 @@ class lighttpd extends HttpConfigBase {
 					$vhost_content .= $this->getSslSettings($domain, $ssl_vhost);
 
 					if ($domain['specialsettings'] != "") {
-						$vhost_content.= $this->processSpecialConfigTemplate(
-								$domain['specialsettings'],
-								$domain,
-								$domain['ip'],
-								$domain['port'],
-								$ssl_vhost). "\n";
+						$vhost_content .= $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
 					}
 
 					if ($ipandport['default_vhostconf_domain'] != '') {
-						$vhost_content.= $this->processSpecialConfigTemplate(
-								$ipandport['default_vhostconf_domain'],
-								$domain,
-								$domain['ip'],
-								$domain['port'],
-								$ssl_vhost) . "\n";
+						$vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
 					}
 
 					if (Settings::Get('system.default_vhostconf') != '') {
-						$vhost_content.= $this->processSpecialConfigTemplate(
-							Settings::Get('system.default_vhostconf'),
-								$domain,
-								$domain['ip'],
-								$domain['port'],
-								$ssl_vhost). "\n";
+						$vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
 					}
 				}
 				$vhost_content .= $this->getLogFiles($domain);
@@ -491,14 +503,11 @@ class lighttpd extends HttpConfigBase {
 		return $vhost_content;
 	}
 
-
-	protected function getSslSettings($domain, $ssl_vhost) {
+	protected function getSslSettings($domain, $ssl_vhost)
+	{
 		$ssl_settings = '';
 
-		if ($ssl_vhost === true
-			&& $domain['ssl'] == '1'
-			&& (int)Settings::Get('system.use_ssl') == 1
-		) {
+		if ($ssl_vhost === true && $domain['ssl'] == '1' && (int) Settings::Get('system.use_ssl') == 1) {
 			if ($domain['ssl_cert_file'] == '') {
 				$domain['ssl_cert_file'] = Settings::Get('system.ssl_cert_file');
 			}
@@ -510,7 +519,9 @@ class lighttpd extends HttpConfigBase {
 			if ($domain['ssl_cert_file'] != '') {
 
 				$ssl_settings .= 'ssl.engine = "enable"' . "\n";
+				$ssl_settings .= 'ssl.use-compression = "disable"' . "\n";
 				$ssl_settings .= 'ssl.use-sslv2 = "disable"' . "\n";
+				$ssl_settings .= 'ssl.use-sslv3 = "disable"' . "\n";
 				$ssl_settings .= 'ssl.cipher-list = "' . Settings::Get('system.ssl_cipher_list') . '"' . "\n";
 				$ssl_settings .= 'ssl.honor-cipher-order = "enable"' . "\n";
 				$ssl_settings .= 'ssl.pemfile = "' . makeCorrectFile($domain['ssl_cert_file']) . '"' . "\n";
@@ -519,11 +530,11 @@ class lighttpd extends HttpConfigBase {
 					$ssl_settings .= 'ssl.ca-file = "' . makeCorrectFile($domain['ssl_ca_file']) . '"' . "\n";
 				}
 
-				if ($domain['hsts'] > 0) {
+				if ($domain['hsts'] >= 0) {
 
 					$vhost_content .= '$HTTP["scheme"] == "https" { setenv.add-response-header  = ( "Strict-Transport-Security" => "max-age=' . $domain['hsts'];
 					if ($domain['hsts_sub'] == 1) {
-						$vhost_content .= '; includeSubdomains';
+						$vhost_content .= '; includeSubDomains';
 					}
 					if ($domain['hsts_preload'] == 1) {
 						$vhost_content .= '; preload';
@@ -535,9 +546,8 @@ class lighttpd extends HttpConfigBase {
 		return $ssl_settings;
 	}
 
-
-	protected function getLogFiles($domain) {
-
+	protected function getLogFiles($domain)
+	{
 		$logfiles_text = '';
 
 		$speciallogfile = '';
@@ -570,7 +580,9 @@ class lighttpd extends HttpConfigBase {
 					FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `aliasdomain` = :domainid OR `parentdomainid` = :domainid
 				");
-				Database::pexecute($alias_domains_stmt, array('domainid' => $domain['id']));
+				Database::pexecute($alias_domains_stmt, array(
+					'domainid' => $domain['id']
+				));
 
 				while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {
 
@@ -608,13 +620,15 @@ class lighttpd extends HttpConfigBase {
 		return $logfiles_text;
 	}
 
-
-	protected function create_pathOptions($domain) {
+	protected function create_pathOptions($domain)
+	{
 		$result_stmt = Database::prepare("
 			SELECT * FROM " . TABLE_PANEL_HTACCESS . "
 			WHERE `path` LIKE :docroot
 		");
-		Database::pexecute($result_stmt, array('docroot' => $domain['documentroot'] . '%'));
+		Database::pexecute($result_stmt, array(
+			'docroot' => $domain['documentroot'] . '%'
+		));
 
 		$path_options = '';
 		$error_string = '';
@@ -650,9 +664,7 @@ class lighttpd extends HttpConfigBase {
 				$path_options = $error_string;
 			}
 
-			if (customerHasPerlEnabled($domain['customerid'])
-				&& $row['options_cgi'] != '0'
-			) {
+			if (customerHasPerlEnabled($domain['customerid']) && $row['options_cgi'] != '0') {
 				$path = makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1));
 				mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']);
 
@@ -672,18 +684,18 @@ class lighttpd extends HttpConfigBase {
 		return $path_options;
 	}
 
-
-	protected function getDirOptions($domain) {
+	protected function getDirOptions($domain)
+	{
 		$result_stmt = Database::prepare("
 			SELECT * FROM " . TABLE_PANEL_HTPASSWDS . "
 			WHERE `customerid` = :customerid
 		");
-		Database::pexecute($result_stmt, array('customerid' => $domain['customerid']));
+		Database::pexecute($result_stmt, array(
+			'customerid' => $domain['customerid']
+		));
 
 		while ($row_htpasswds = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
-			if ($auth_backend_loaded[$domain['ipandport']] != 'yes'
-				&& $auth_backend_loaded[$domain['ssl_ipandport']] != 'yes'
-			) {
+			if ($auth_backend_loaded[$domain['ipandport']] != 'yes' && $auth_backend_loaded[$domain['ssl_ipandport']] != 'yes') {
 				$filename = $domain['customerid'] . '.htpasswd';
 
 				if ($this->auth_backend_loaded[$domain['ipandport']] != 'yes') {
@@ -722,8 +734,8 @@ class lighttpd extends HttpConfigBase {
 		return '  auth.backend.htpasswd.userfile = "' . makeCorrectFile(Settings::Get('system.apacheconf_htpasswddir') . '/' . $filename) . '"' . "\n";
 	}
 
-
-	protected function getServerNames($domain) {
+	protected function getServerNames($domain)
+	{
 		$server_string = array();
 		$domain_name = str_replace('.', '\.', $domain['domain']);
 
@@ -742,7 +754,9 @@ class lighttpd extends HttpConfigBase {
 			FROM `" . TABLE_PANEL_DOMAINS . "`
 			WHERE `aliasdomain` = :domainid
 		");
-		Database::pexecute($alias_domains_stmt, array('domainid' => $domain['id']));
+		Database::pexecute($alias_domains_stmt, array(
+			'domainid' => $domain['id']
+		));
 
 		while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {
 			$alias_domain_name = str_replace('.', '\.', $alias_domain['domain']);
@@ -785,20 +799,16 @@ class lighttpd extends HttpConfigBase {
 		return $servernames_text;
 	}
 
-
-	protected function getWebroot($domain, $ssl) {
+	protected function getWebroot($domain, $ssl)
+	{
 		$webroot_text = '';
 
-		if ($domain['deactivated'] == '1'
-			&& Settings::Get('system.deactivateddocroot') != ''
-		) {
+		if ($domain['deactivated'] == '1' && Settings::Get('system.deactivateddocroot') != '') {
 			$webroot_text .= '  # Using docroot for deactivated users...' . "\n";
 			$webroot_text .= '  server.document-root = "' . makeCorrectDir(Settings::Get('system.deactivateddocroot')) . "\"\n";
 			$this->_deactivated = true;
 		} else {
-			if ($ssl === false
-				&& $domain['ssl_redirect'] == '1'
-			) {
+			if ($ssl === false && $domain['ssl_redirect'] == '1') {
 				$redirect_domain = $this->idnaConvert->encode('https://' . $domain['domain']);
 				$webroot_text .= '  url.redirect = (' . "\n";
 				$webroot_text .= "\t" . '"^/(.*)" => "' . $redirect_domain . '/$1",' . "\n";
@@ -821,11 +831,11 @@ class lighttpd extends HttpConfigBase {
 		return $webroot_text;
 	}
 
-
 	/**
 	 * Lets set the text part for the stats software
 	 */
-	protected function getStats($domain) {
+	protected function getStats($domain)
+	{
 		$stats_text = '';
 
 		if ($domain['speciallogfile'] == '1') {
@@ -852,8 +862,7 @@ class lighttpd extends HttpConfigBase {
 				} else {
 					$stats_text .= '  alias.url = ( "/webalizer/" => "' . makeCorrectFile($domain['customerroot'] . '/webalizer/') . '" )' . "\n";
 				}
-			}
-			// if the docroots are equal, we still have to set an alias for awstats
+			}			// if the docroots are equal, we still have to set an alias for awstats
 			// because the stats are in /awstats/[domain], not just /awstats/
 			// also, the awstats-icons are someplace else too!
 			// -> webalizer does not need this!
@@ -866,8 +875,8 @@ class lighttpd extends HttpConfigBase {
 		return $stats_text;
 	}
 
-
-	public function writeConfigs() {
+	public function writeConfigs()
+	{
 		$this->logger->logAction(CRON_ACTION, LOG_INFO, "lighttpd::writeConfigs: rebuilding " . Settings::Get('system.apacheconf_vhost'));
 
 		$vhostDir = new frxDirectory(Settings::Get('system.apacheconf_vhost'));

scripts/jobs/cron_tasks.inc.http.30.nginx.php

@@ -1,4 +1,7 @@
-<?php if (!defined('MASTER_CRONJOB')) die('You cannot access this file directly!');
+<?php
+
+if (! defined('MASTER_CRONJOB'))
+	die('You cannot access this file directly!');
 
 /**
  * This file is part of the Froxlor project.
@@ -17,20 +20,32 @@
 
 require_once (dirname(__FILE__) . '/../classes/class.HttpConfigBase.php');
 
-class nginx extends HttpConfigBase {
+class nginx extends HttpConfigBase
+{
+
 	private $logger = false;
+
 	private $idnaConvert = false;
+
 	private $nginx_server = array();
 
 	// protected
 	protected $nginx_data = array();
+
 	protected $needed_htpasswds = array();
+
 	protected $auth_backend_loaded = false;
+
 	protected $htpasswds_data = array();
+
 	protected $known_htpasswdsfilenames = array();
+
 	protected $mod_accesslog_loaded = '0';
+
 	protected $vhost_root_autoindex = false;
+
 	protected $known_vhostfilenames = array();
+
 	/**
 	 * indicator whether a customer is deactivated or not
 	 * if yes, only the webroot will be generated
@@ -39,23 +54,22 @@ class nginx extends HttpConfigBase {
 	 */
 	private $_deactivated = false;
 
-	public function __construct($logger, $idnaConvert, $nginx_server=array()) {
+	public function __construct($logger, $idnaConvert, $nginx_server = array())
+	{
 		$this->logger = $logger;
 		$this->idnaConvert = $idnaConvert;
 		$this->nginx_server = $nginx_server;
 	}
 
-
-	public function reload() {
+	public function reload()
+	{
 		$this->logger->logAction(CRON_ACTION, LOG_INFO, 'nginx::reload: reloading nginx');
 		safe_exec(Settings::Get('system.apachereload_command'));
 
 		/**
 		 * nginx does not auto-spawn fcgi-processes
 		 */
-		if (Settings::Get('system.phpreload_command') != ''
-			&& (int)Settings::Get('phpfpm.enabled') == 0
-		) {
+		if (Settings::Get('system.phpreload_command') != '' && (int) Settings::Get('phpfpm.enabled') == 0) {
 			$this->logger->logAction(CRON_ACTION, LOG_INFO, 'nginx::reload: restarting php processes');
 			safe_exec(Settings::Get('system.phpreload_command'));
 		} elseif ((int) Settings::Get('phpfpm.enabled') == 1) {
@@ -64,17 +78,12 @@ class nginx extends HttpConfigBase {
 		}
 	}
 
-
 	/**
 	 * define a default ErrorDocument-statement, bug #unknown-yet
 	 */
-	private function _createStandardErrorHandler() {
-		if (Settings::Get('defaultwebsrverrhandler.enabled') == '1'
-			&& (Settings::Get('defaultwebsrverrhandler.err401') != ''
-				|| Settings::Get('defaultwebsrverrhandler.err403') != ''
-				|| Settings::Get('defaultwebsrverrhandler.err404') != ''
-				|| Settings::Get('defaultwebsrverrhandler.err500') != '')
-		) {
+	private function _createStandardErrorHandler()
+	{
+		if (Settings::Get('defaultwebsrverrhandler.enabled') == '1' && (Settings::Get('defaultwebsrverrhandler.err401') != '' || Settings::Get('defaultwebsrverrhandler.err403') != '' || Settings::Get('defaultwebsrverrhandler.err404') != '' || Settings::Get('defaultwebsrverrhandler.err500') != '')) {
 			$vhosts_folder = '';
 			if (is_dir(Settings::Get('system.apacheconf_vhost'))) {
 				$vhosts_folder = makeCorrectDir(Settings::Get('system.apacheconf_vhost'));
@@ -88,7 +97,12 @@ class nginx extends HttpConfigBase {
 				$this->nginx_data[$vhosts_filename] = '';
 			}
 
-			$statusCodes = array('401', '403', '404', '500');
+			$statusCodes = array(
+				'401',
+				'403',
+				'404',
+				'500'
+			);
 			foreach ($statusCodes as $statusCode) {
 				if (Settings::Get('defaultwebsrverrhandler.err' . $statusCode) != '') {
 					$defhandler = Settings::Get('defaultwebsrverrhandler.err' . $statusCode);
@@ -101,16 +115,14 @@ class nginx extends HttpConfigBase {
 		}
 	}
 
+	public function createVirtualHosts()
+	{}
 
-	public function createVirtualHosts() {
-	}
+	public function createFileDirOptions()
+	{}
 
-
-	public function createFileDirOptions() {
-	}
-
-
-	public function createIpPort() {
+	public function createIpPort()
+	{
 		$result_ipsandports_stmt = Database::query("
 			SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC
 		");
@@ -134,6 +146,8 @@ class nginx extends HttpConfigBase {
 
 				$this->nginx_data[$vhost_filename] .= 'server { ' . "\n";
 
+				$mypath = $this->getMyPath($row_ipsandports);
+
 				// check for ssl before anything else so
 				// we know whether it's an ssl vhost or not
 				$ssl_vhost = false;
@@ -150,6 +164,36 @@ class nginx extends HttpConfigBase {
 					if ($row_ipsandports['ssl_cert_file'] != '' && file_exists($row_ipsandports['ssl_cert_file'])) {
 						$ssl_vhost = true;
 					}
+
+					$domain = array(
+						'id' => 0,
+						'domain' => Settings::Get('system.hostname'),
+						'adminid' => 1, /* first admin-user (superadmin) */
+						'loginname' => 'froxlor.panel',
+						'documentroot' => $mypath,
+						'parentdomainid' => 0
+					);
+
+					// override corresponding array values
+					$domain['ssl_cert_file'] = $row_ipsandports['ssl_cert_file'];
+					$domain['ssl_key_file'] = $row_ipsandports['ssl_key_file'];
+					$domain['ssl_ca_file'] = $row_ipsandports['ssl_ca_file'];
+					$domain['ssl_cert_chainfile'] = $row_ipsandports['ssl_cert_chainfile'];
+
+					// SSL STUFF
+					$dssl = new DomainSSL();
+					// this sets the ssl-related array-indices in the $domain array
+					// if the domain has customer-defined ssl-certificates
+					$dssl->setDomainSSLFilesArray($domain);
+
+					if ($domain['ssl_cert_file'] != '' && file_exists($domain['ssl_cert_file'])) {
+						// override corresponding array values
+						$row_ipsandports['ssl_cert_file'] = $domain['ssl_cert_file'];
+						$row_ipsandports['ssl_key_file'] = $domain['ssl_key_file'];
+						$row_ipsandports['ssl_ca_file'] = $domain['ssl_ca_file'];
+						$row_ipsandports['ssl_cert_chainfile'] = $domain['ssl_cert_chainfile'];
+						$ssl_vhost = true;
+					}
 				}
 
 				/**
@@ -161,36 +205,37 @@ class nginx extends HttpConfigBase {
 				$this->nginx_data[$vhost_filename] .= "\t" . 'server_name    ' . Settings::Get('system.hostname') . ';' . "\n";
 				$this->nginx_data[$vhost_filename] .= "\t" . 'access_log      /var/log/nginx/access.log;' . "\n";
 
-				$mypath = '';
-
-				// no custom docroot set?
-				if ($row_ipsandports['docroot'] == '') {
-					// check whether the hostname should directly point to
-					// the froxlor-installation or not
-					if (Settings::Get('system.froxlordirectlyviahostname')) {
-						$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
+				$is_redirect = false;
+				// check for SSL redirect
+				if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
+					$is_redirect = true;
+					// check whether froxlor uses Let's Encrypt and not cert is being generated yet
+					// or a renew is ongoing - disable redirect
+					if (Settings::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {
+						$this->nginx_data[$vhost_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL;
+						$is_redirect = false;
 					} else {
-						$mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
+						$_sslport = $this->checkAlternativeSslPort();
+						$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
+						$this->nginx_data[$vhost_filename] .= "\t" . 'if ($request_uri !~ "^/\.well-known/acme-challenge/\w+$") {' . "\n";
+						$this->nginx_data[$vhost_filename] .= "\t\t" . 'return 301 ' . $mypath . '$request_uri;' . "\n";
+						$this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
 					}
-				} else {
-					// user-defined docroot, #417
-					$mypath = makeCorrectDir($row_ipsandports['docroot']);
 				}
 
+				if (! $is_redirect) {
 					$this->nginx_data[$vhost_filename] .= "\t" . 'root     ' . $mypath . ';' . "\n";
 					$this->nginx_data[$vhost_filename] .= "\t" . 'index    index.php index.html index.htm;' . "\n\n";
 					$this->nginx_data[$vhost_filename] .= "\t" . 'location / {' . "\n";
 					$this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
+				}
 
 				if ($row_ipsandports['specialsettings'] != '') {
-					$this->nginx_data[$vhost_filename].= $this->processSpecialConfigTemplate(
-							$row_ipsandports['specialsettings'],
-							array('domain'=> Settings::Get('system.hostname'),
+					$this->nginx_data[$vhost_filename] .= $this->processSpecialConfigTemplate($row_ipsandports['specialsettings'], array(
+						'domain' => Settings::Get('system.hostname'),
 						'loginname' => Settings::Get('phpfpm.vhost_httpuser'),
-								  'documentroot'=> $mypath),
-							$row_ipsandports['ip'],
-							$row_ipsandports['port'],
-							$row_ipsandports['ssl'] == '1'). "\n";
+						'documentroot' => $mypath
+					), $row_ipsandports['ip'], $row_ipsandports['port'], $row_ipsandports['ssl'] == '1') . "\n";
 				}
 
 				/**
@@ -201,6 +246,7 @@ class nginx extends HttpConfigBase {
 					$this->nginx_data[$vhost_filename] .= $this->composeSslSettings($row_ipsandports);
 				}
 
+				if (! $is_redirect) {
 					$this->nginx_data[$vhost_filename] .= "\tlocation ~ \.php {\n";
 					$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_split_path_info ^(.+\.php)(/.+)\$;\n";
 					$this->nginx_data[$vhost_filename] .= "\t\tinclude " . Settings::Get('nginx.fastcgiparams') . ";\n";
@@ -223,7 +269,7 @@ class nginx extends HttpConfigBase {
 							'openbasedir' => 0,
 							'email' => Settings::Get('panel.adminmail'),
 							'loginname' => 'froxlor.panel',
-						'documentroot' => $mypath,
+							'documentroot' => $mypath
 						);
 
 						$php = new phpinterface($domain);
@@ -234,6 +280,7 @@ class nginx extends HttpConfigBase {
 
 					$this->nginx_data[$vhost_filename] .= "\t\tfastcgi_index index.php;\n";
 					$this->nginx_data[$vhost_filename] .= "\t}\n";
+				}
 
 				$this->nginx_data[$vhost_filename] .= "}\n\n";
 				// End of Froxlor server{}-part
@@ -248,12 +295,11 @@ class nginx extends HttpConfigBase {
 		$this->_createStandardErrorHandler();
 	}
 
-
 	/**
 	 * create vhosts
 	 */
-	protected function createNginxHosts() {
-
+	protected function createNginxHosts()
+	{
 		$domains = WebserverBase::getVhostsToCreate();
 		foreach ($domains as $domain) {
 
@@ -267,10 +313,7 @@ class nginx extends HttpConfigBase {
 				$this->nginx_data[$vhost_filename] = '';
 			}
 
-			if ((empty($this->nginx_data[$vhost_filename])
-					&& !is_dir(Settings::Get('system.apacheconf_vhost')))
-				|| is_dir(Settings::Get('system.apacheconf_vhost'))
-			) {
+			if ((empty($this->nginx_data[$vhost_filename]) && ! is_dir(Settings::Get('system.apacheconf_vhost'))) || is_dir(Settings::Get('system.apacheconf_vhost'))) {
 				$domain['nonexistinguri'] = '/' . md5(uniqid(microtime(), 1)) . '.htm';
 
 				// Create non-ssl host
@@ -287,18 +330,11 @@ class nginx extends HttpConfigBase {
 		}
 	}
 
-
-	protected function getVhostFilename($domain, $ssl_vhost = false) {
-		if ((int)$domain['parentdomainid'] == 0
-			&& isCustomerStdSubdomain((int)$domain['id']) == false
-			&& ((int)$domain['ismainbutsubto'] == 0
-				|| domainMainToSubExists($domain['ismainbutsubto']) == false)
-		) {
+	protected function getVhostFilename($domain, $ssl_vhost = false)
+	{
+		if ((int) $domain['parentdomainid'] == 0 && isCustomerStdSubdomain((int) $domain['id']) == false && ((int) $domain['ismainbutsubto'] == 0 || domainMainToSubExists($domain['ismainbutsubto']) == false)) {
 			$vhost_no = '35';
-		} elseif ((int)$domain['parentdomainid'] == 0
-			&& isCustomerStdSubdomain((int)$domain['id']) == false
-			&& (int)$domain['ismainbutsubto'] > 0
-		) {
+		} elseif ((int) $domain['parentdomainid'] == 0 && isCustomerStdSubdomain((int) $domain['id']) == false && (int) $domain['ismainbutsubto'] > 0) {
 			$vhost_no = '30';
 		} else {
 			// number of dots in a domain specifies it's position (and depth of subdomain) starting at 29 going downwards on higher depth
@@ -314,12 +350,9 @@ class nginx extends HttpConfigBase {
 		return $vhost_filename;
 	}
 
-
-	protected function getVhostContent($domain, $ssl_vhost = false) {
-		if ($ssl_vhost === true
-			&& $domain['ssl'] != '1'
-			&& $domain['ssl_redirect'] != '1'
-		) {
+	protected function getVhostContent($domain, $ssl_vhost = false)
+	{
+		if ($ssl_vhost === true && $domain['ssl'] != '1' && $domain['ssl_redirect'] != '1') {
 			return '';
 		}
 
@@ -335,9 +368,7 @@ class nginx extends HttpConfigBase {
 		$query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip`
 			WHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports ";
 
-		if ($ssl_vhost === true
-			&& ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')
-		) {
+		if ($ssl_vhost === true && ($domain['ssl'] == '1' || $domain['ssl_redirect'] == '1')) {
 			// by ordering by cert-file the row with filled out SSL-Fields will be shown last,
 			// thus it is enough to fill out 1 set of SSL-Fields
 			$query .= "AND i.ssl = 1 ORDER BY i.ssl_cert_file ASC;";
@@ -349,7 +380,9 @@ class nginx extends HttpConfigBase {
 		$vhost_content .= 'server { ' . "\n";
 
 		$result_stmt = Database::prepare($query);
-		Database::pexecute($result_stmt, array('domainid' => $domain['id']));
+		Database::pexecute($result_stmt, array(
+			'domainid' => $domain['id']
+		));
 
 		while ($ipandport = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 
@@ -375,12 +408,7 @@ class nginx extends HttpConfigBase {
 			}
 
 			if ($ipandport['default_vhostconf_domain'] != '') {
-				$_vhost_content .= $this->processSpecialConfigTemplate(
-						$ipandport['default_vhostconf_domain'],
-						$domain,
-						$domain['ip'],
-						$domain['port'],
-						$ssl_vhost). "\n";
+				$_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
 			}
 
 			$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
@@ -390,23 +418,21 @@ class nginx extends HttpConfigBase {
 		$vhost_content .= $this->getServerNames($domain);
 
 		// respect ssl_redirect settings, #542
-		if ($ssl_vhost == false
-			&& $domain['ssl'] == '1'
-			&& $domain['ssl_redirect'] == '1') {
+		if ($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1') {
 			// We must not check if our port differs from port 443,
 			// but if there is a destination-port != 443
 			$_sslport = '';
 			// This returns the first port that is != 443 with ssl enabled, if any
 			// ordered by ssl-certificate (if any) so that the ip/port combo
 			// with certificate is used
-			$ssldestport_stmt = Database::prepare(
-				"SELECT `ip`.`port` FROM ".TABLE_PANEL_IPSANDPORTS." `ip`
+			$ssldestport_stmt = Database::prepare("SELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip`
 				LEFT JOIN `" . TABLE_DOMAINTOIP . "` `dip` ON (`ip`.`id` = `dip`.`id_ipandports`)
 				WHERE `dip`.`id_domain` = :domainid
 				AND `ip`.`ssl` = '1'  AND `ip`.`port` != 443
-				ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;"
-			);
-			$ssldestport = Database::pexecute_first($ssldestport_stmt, array('domainid' => $domain['id']));
+				ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;");
+			$ssldestport = Database::pexecute_first($ssldestport_stmt, array(
+				'domainid' => $domain['id']
+			));
 
 			if ($ssldestport['port'] != '') {
 				$_sslport = ":" . $ssldestport['port'];
@@ -415,26 +441,33 @@ class nginx extends HttpConfigBase {
 			$domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
 		}
 
+		// avoid using any whitespaces
+		$domain['documentroot'] = trim($domain['documentroot']);
+
 		// create ssl settings first since they are required for normal and redirect vhosts
-		if ($ssl_vhost === true
-			&& $domain['ssl'] == '1'
-			&& Settings::Get('system.use_ssl') == '1'
-		) {
+		if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
 			$vhost_content .= "\n" . $this->composeSslSettings($domain) . "\n";
 		}
 
-		if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.leenabled') == '1')
-		{
-			$vhost_content.= "\t".'include /etc/nginx/acme.conf;'."\n";
+		if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.leenabled') == '1') {
+			$acmeConfFilename = Settings::Get('system.letsencryptacmeconf');
+			$vhost_content .= "\t" . 'include ' . $acmeConfFilename . ';' . "\n";
 		}
 
 		// if the documentroot is an URL we just redirect
 		if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
-			$uri = $this->idnaConvert->encode($domain['documentroot']);
+			$uri = $domain['documentroot'];
 			if (substr($uri, - 1) == '/') {
 				$uri = substr($uri, 0, - 1);
 			}
-			$vhost_content .= "\t".'return 301 '.$uri.'$request_uri;'."\n";
+			// prevent empty return-cde
+			$code = "301";
+			// Get domain's redirect code
+			$code = getDomainRedirectCode($domain['id']);
+
+			$vhost_content .= "\t" . 'if ($request_uri !~ "^/\.well-known/acme-challenge/\w+$") {' . "\n";
+			$vhost_content .= "\t\t" . 'return ' . $code .' ' . $uri . '$request_uri;' . "\n";
+			$vhost_content .= "\t" . '}' . "\n";
 		} else {
 			mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true);
 
@@ -449,13 +482,7 @@ class nginx extends HttpConfigBase {
 				$vhost_content .= isset($this->needed_htpasswds[$domain['id']]) ? $this->needed_htpasswds[$domain['id']] . "\n" : '';
 
 				if ($domain['specialsettings'] != "") {
-					$vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate(
-						$domain['specialsettings'],
-						$domain,
-						$domain['ip'],
-						$domain['port'],
-						$ssl_vhost
-					));
+					$vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost));
 				}
 
 				if ($_vhost_content != '') {
@@ -463,13 +490,7 @@ class nginx extends HttpConfigBase {
 				}
 
 				if (Settings::Get('system.default_vhostconf') != '') {
-					$vhost_content = $this->mergeVhostCustom($vhost_content,
-						$this->processSpecialConfigTemplate(
-							Settings::Get('system.default_vhostconf'),
-							$domain,
-							$domain['ip'],
-							$domain['port'],
-							$ssl_vhost)."\n");
+					$vhost_content = $this->mergeVhostCustom($vhost_content, $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n");
 				}
 			}
 		}
@@ -478,14 +499,21 @@ class nginx extends HttpConfigBase {
 		return $vhost_content;
 	}
 
-	protected function mergeVhostCustom($vhost_frx, $vhost_usr) {
+	protected function mergeVhostCustom($vhost_frx, $vhost_usr)
+	{
 		// Clean froxlor defined settings
 		$vhost_frx = explode("\n", preg_replace('/[ \t]+/', ' ', trim(preg_replace('/\t+/', '', $vhost_frx)))); // Break into array items
 		$vhost_frx = array_map("trim", $vhost_frx); // remove unnecessary whitespaces
 
 		// Clean user defined settings
 		$vhost_usr = str_replace("\r", "\n", $vhost_usr); // Remove windows linebreaks
-		$vhost_usr = str_replace(array("{ ", " }"), array("{\n", "\n}"), $vhost_usr); // Break blocks into lines
+		$vhost_usr = str_replace(array(
+			"{ ",
+			" }"
+		), array(
+			"{\n",
+			"\n}"
+		), $vhost_usr); // Break blocks into lines
 		$vhost_usr = explode("\n", preg_replace('/[ \t]+/', ' ', trim(preg_replace('/\t+/', '', $vhost_usr)))); // Break into array items
 		$vhost_usr = array_filter($vhost_usr, create_function('$a', 'return preg_match("#\S#", $a);')); // Remove empty lines
 
@@ -544,8 +572,8 @@ class nginx extends HttpConfigBase {
 		return implode("\n", $vhost_frx);
 	}
 
-	protected function composeSslSettings($domain_or_ip) {
-
+	protected function composeSslSettings($domain_or_ip)
+	{
 		$sslsettings = '';
 
 		if ($domain_or_ip['ssl_cert_file'] == '') {
@@ -570,11 +598,10 @@ class nginx extends HttpConfigBase {
 			// check for existence, #1485
 			if (! file_exists($domain_or_ip['ssl_cert_file'])) {
 				$this->logger->logAction(CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate file "' . $domain_or_ip['ssl_cert_file'] . '" does not exist! Cannot create ssl-directives');
-		        echo $domain_or_ip['domain'] . ' :: certificate file "'.$domain_or_ip['ssl_cert_file'].'" does not exist! Cannot create SSL-directives'."\n";
 			} else {
 				// obsolete: ssl on now belongs to the listen block as 'ssl' at the end
 				// $sslsettings .= "\t" . 'ssl on;' . "\n";
-    			$sslsettings .= "\t" . 'ssl_protocols TLSv1 TLSv1.1 TLSv1.2;' . "\n";
+				$sslsettings .= "\t" . 'ssl_protocols TLSv1 TLSv1.2;' . "\n";
 				$sslsettings .= "\t" . 'ssl_ciphers ' . Settings::Get('system.ssl_cipher_list') . ';' . "\n";
 				$sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n";
 				$sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n";
@@ -584,32 +611,20 @@ class nginx extends HttpConfigBase {
 					// check for existence, #1485
 					if (! file_exists($domain_or_ip['ssl_key_file'])) {
 						$this->logger->logAction(CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate key file "' . $domain_or_ip['ssl_key_file'] . '" does not exist! Cannot create ssl-directives');
-    			        echo $domain_or_ip['domain'] . ' :: certificate key file "'.$domain_or_ip['ssl_key_file'].'" does not exist! SSL-directives might not be working'."\n";
 					} else {
 						$sslsettings .= "\t" . 'ssl_certificate_key ' . makeCorrectFile($domain_or_ip['ssl_key_file']) . ';' . "\n";
 					}
 				}
 
-    			if ($domain_or_ip['ssl_ca_file'] != '') {
-    			    // check for existence, #1485
-    			    if (!file_exists($domain_or_ip['ssl_ca_file'])) {
-    			        $this->logger->logAction(CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate CA file "'.$domain_or_ip['ssl_ca_file'].'" does not exist! Cannot create ssl-directives');
-    			        echo $domain_or_ip['domain'] . ' :: certificate CA file "'.$domain_or_ip['ssl_ca_file'].'" does not exist! SSL-directives might not be working'."\n";
-    			    } else {
-    				    $sslsettings.= "\t" . 'ssl_client_certificate ' . makeCorrectFile($domain_or_ip['ssl_ca_file']) . ';' . "\n";
-    			    }
-    			}
-
-				if (isset($domain_or_ip['hsts']) && $domain_or_ip['hsts'] > 0) {
-
-					$vhost_content .= 'add_header Strict-Transport-Security "max-age=' . $domain_or_ip['hsts'];
+				if (isset($domain_or_ip['hsts']) && $domain_or_ip['hsts'] >= 0) {
+					$sslsettings .= 'add_header Strict-Transport-Security "max-age=' . $domain_or_ip['hsts'];
 					if ($domain_or_ip['hsts_sub'] == 1) {
-						$vhost_content .= '; includeSubdomains';
+						$sslsettings .= '; includeSubDomains';
 					}
 					if ($domain_or_ip['hsts_preload'] == 1) {
-						$vhost_content .= '; preload';
+						$sslsettings .= '; preload';
 					}
-					$vhost_content .= '";' . "\n";
+					$sslsettings .= '";' . "\n";
 				}
 			}
 		}
@@ -617,15 +632,17 @@ class nginx extends HttpConfigBase {
 		return $sslsettings;
 	}
 
-
-	protected function create_pathOptions($domain) {
+	protected function create_pathOptions($domain)
+	{
 		$has_location = false;
 
 		$result_stmt = Database::prepare("
 			SELECT * FROM " . TABLE_PANEL_HTACCESS . "
 			WHERE `path` LIKE :docroot
 		");
-		Database::pexecute($result_stmt, array('docroot' => $domain['documentroot'] . '%'));
+		Database::pexecute($result_stmt, array(
+			'docroot' => $domain['documentroot'] . '%'
+		));
 
 		$path_options = '';
 		$htpasswds = $this->getHtpasswds($domain);
@@ -712,9 +729,7 @@ class nginx extends HttpConfigBase {
 			 * Perl support
 			 * required the fastCGI wrapper to be running to receive the CGI requests.
 			 */
-			if (customerHasPerlEnabled($domain['customerid'])
-				&& $row['options_cgi'] != '0'
-			) {
+			if (customerHasPerlEnabled($domain['customerid']) && $row['options_cgi'] != '0') {
 				$path = makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1));
 				mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']);
 
@@ -729,7 +744,6 @@ class nginx extends HttpConfigBase {
 				$path_options .= "\t\t" . 'include ' . Settings::Get('nginx.fastcgiparams') . ';' . "\n";
 				$path_options .= "\t" . '}' . "\n";
 			}
-
 		}
 
 		// now the rest of the htpasswds
@@ -759,16 +773,18 @@ class nginx extends HttpConfigBase {
 		return $path_options;
 	}
 
-
-	protected function getHtpasswds($domain) {
-
+	protected function getHtpasswds($domain)
+	{
 		$result_stmt = Database::prepare("
 			SELECT *
 			FROM `" . TABLE_PANEL_HTPASSWDS . "` AS a
 			JOIN `" . TABLE_PANEL_DOMAINS . "` AS b USING (`customerid`)
 			WHERE b.customerid = :customerid AND b.domain = :domain
 		");
-		Database::pexecute($result_stmt, array('customerid' => $domain['customerid'], 'domain' => $domain['domain']));
+		Database::pexecute($result_stmt, array(
+			'customerid' => $domain['customerid'],
+			'domain' => $domain['domain']
+		));
 
 		$returnval = array();
 		$x = 0;
@@ -819,8 +835,8 @@ class nginx extends HttpConfigBase {
 		return $returnval;
 	}
 
-
-	protected function composePhpOptions($domain, $ssl_vhost = false) {
+	protected function composePhpOptions($domain, $ssl_vhost = false)
+	{
 		$phpopts = '';
 		if ($domain['phpenabled'] == '1') {
 			$phpopts = "\tlocation ~ \.php {\n";
@@ -839,18 +855,15 @@ class nginx extends HttpConfigBase {
 				$phpopts .= "\t\tfastcgi_param HTTPS on;\n";
 			}
 			$phpopts .= "\t}\n\n";
-
 		}
 		return $phpopts;
 	}
 
-
-	protected function getWebroot($domain, $ssl) {
+	protected function getWebroot($domain, $ssl)
+	{
 		$webroot_text = '';
 
-		if ($domain['deactivated'] == '1'
-			&& Settings::Get('system.deactivateddocroot') != ''
-		) {
+		if ($domain['deactivated'] == '1' && Settings::Get('system.deactivateddocroot') != '') {
 			$webroot_text .= "\t" . '# Using docroot for deactivated users...' . "\n";
 			$webroot_text .= "\t" . 'root     ' . makeCorrectDir(Settings::Get('system.deactivateddocroot')) . ';' . "\n";
 			$this->_deactivated = true;
@@ -861,13 +874,10 @@ class nginx extends HttpConfigBase {
 
 		$webroot_text .= "\n\t" . 'location / {' . "\n";
 
-		if ($domain['phpenabled'] == '1')
-		{
+		if ($domain['phpenabled'] == '1') {
 			$webroot_text .= "\t" . 'index    index.php index.html index.htm;' . "\n";
 			$webroot_text .= "\t\t" . 'try_files $uri $uri/ @rewrites;' . "\n";
-		}
-		else
-		{
+		} else {
 			$webroot_text .= "\t" . 'index    index.html index.htm;' . "\n";
 		}
 
@@ -877,8 +887,7 @@ class nginx extends HttpConfigBase {
 		}
 
 		$webroot_text .= "\t" . '}' . "\n\n";
-		if ($domain['phpenabled'] == '1')
-		{
+		if ($domain['phpenabled'] == '1') {
 			$webroot_text .= "\tlocation @rewrites {\n";
 			$webroot_text .= "\t\trewrite ^ /index.php last;\n";
 			$webroot_text .= "\t}\n\n";
@@ -887,8 +896,8 @@ class nginx extends HttpConfigBase {
 		return $webroot_text;
 	}
 
-
-	protected function getStats($domain, $single) {
+	protected function getStats($domain, $single)
+	{
 		$stats_text = '';
 
 		// define basic path to the stats
@@ -928,8 +937,8 @@ class nginx extends HttpConfigBase {
 		return $stats_text;
 	}
 
-
-	protected function getLogFiles($domain) {
+	protected function getLogFiles($domain)
+	{
 		$logfiles_text = '';
 
 		$speciallogfile = '';
@@ -966,7 +975,9 @@ class nginx extends HttpConfigBase {
 					FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `aliasdomain` = :domainid OR `parentdomainid` = :domainid
 				");
-				Database::pexecute($alias_domains_stmt, array('domainid' => $domain['id']));
+				Database::pexecute($alias_domains_stmt, array(
+					'domainid' => $domain['id']
+				));
 
 				while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {
 					$server_alias .= ' ' . $alias_domain['domain'] . ' ';
@@ -1000,12 +1011,11 @@ class nginx extends HttpConfigBase {
 		return $logfiles_text;
 	}
 
+	public function createOwnVhostStarter()
+	{}
 
-	public function createOwnVhostStarter() {
-	}
-
-
-	protected function getServerNames($domain) {
+	protected function getServerNames($domain)
+	{
 		$server_alias = '';
 
 		if ($domain['iswildcarddomain'] == '1') {
@@ -1019,7 +1029,9 @@ class nginx extends HttpConfigBase {
 			FROM `" . TABLE_PANEL_DOMAINS . "`
 			WHERE `aliasdomain` = :domainid
 		");
-		Database::pexecute($alias_domains_stmt, array('domainid' => $domain['id']));
+		Database::pexecute($alias_domains_stmt, array(
+			'domainid' => $domain['id']
+		));
 
 		while (($alias_domain = $alias_domains_stmt->fetch(PDO::FETCH_ASSOC)) !== false) {
 			$server_alias .= ' ' . $alias_domain['domain'];
@@ -1040,8 +1052,8 @@ class nginx extends HttpConfigBase {
 		return $servernames_text;
 	}
 
-
-	public function writeConfigs() {
+	public function writeConfigs()
+	{
 		$this->logger->logAction(CRON_ACTION, LOG_INFO, "nginx::writeConfigs: rebuilding " . Settings::Get('system.apacheconf_vhost'));
 
 		$vhostDir = new frxDirectory(Settings::Get('system.apacheconf_vhost'));
@@ -1084,7 +1096,6 @@ class nginx extends HttpConfigBase {
 					fwrite($vhosts_file_handler, $vhosts_file);
 					fclose($vhosts_file_handler);
 				}
-
 			}
 		}
 
@@ -1111,6 +1122,4 @@ class nginx extends HttpConfigBase {
 			}
 		}
 	}
-
-
 }

scripts/jobs/cron_usage_report.php

@@ -26,6 +26,18 @@ $yesterday = time() - (60 * 60 * 24);
 $mail = new PHPMailer(true);
 $mail->CharSet = "UTF-8";
 
+if (Settings::Get('system.mail_use_smtp')) {
+	$mail->isSMTP();
+	$mail->Host = Settings::Get('system.mail_smtp_host');
+	$mail->SMTPAuth = Settings::Get('system.mail_smtp_auth') == '1' ? true : false;
+	$mail->Username = Settings::Get('system.mail_smtp_user');
+	$mail->Password = Settings::Get('system.mail_smtp_passwd');
+	if (Settings::Get('system.mail_smtp_usetls')) {
+		$mail->SMTPSecure = 'tls';
+	}
+	$mail->Port = Settings::Get('system.mail_smtp_port');
+}
+
 if (PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')) !== false) {
 	// set return-to address and custom sender-name, see #76
 	$mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));

ssl_certificates.php

@@ -0,0 +1,152 @@
+<?php
+if (! defined('AREA'))
+	die('You cannot access this file directly!');
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Froxlor team <team@froxlor.org> (2016-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Panel
+ *
+ */
+
+// This file is being included in admin_domains and customer_domains
+	// and therefore does not need to require lib/init.php
+
+$del_stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE id = :id");
+$success_message = "";
+
+// do the delete and then just showa success-message and the certificates list again
+if ($action == 'delete') {
+	$id = isset($_GET['id']) ? (int) $_GET['id'] : 0;
+	if ($id > 0) {
+		Database::pexecute($del_stmt, array(
+			'id' => $id
+		));
+		$success_message = sprintf($lng['domains']['ssl_certificate_removed'], $id);
+	}
+}
+
+$log->logAction(USR_ACTION, LOG_NOTICE, "viewed domains::ssl_certificates");
+$fields = array(
+	'd.domain' => $lng['domains']['domainname']
+);
+$paging = new paging($userinfo, TABLE_PANEL_DOMAIN_SSL_SETTINGS, $fields);
+
+// select all my (accessable) certificates
+$certs_stmt_query = "SELECT s.*, d.domain, d.letsencrypt, c.customerid, c.loginname
+	FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` s
+	LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` d ON `d`.`id` = `s`.`domainid`
+	LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` c ON `c`.`customerid` = `d`.`customerid`
+	WHERE ";
+
+$qry_params = array();
+
+if (AREA == 'admin' && $userinfo['customers_see_all'] == '0') {
+	// admin with only customer-specific permissions
+	$certs_stmt_query .= "d.adminid = :adminid ";
+	$qry_params['adminid'] = $userinfo['adminid'];
+} elseif (AREA == 'customer') {
+	// customer-area
+	$certs_stmt_query .= "d.customerid = :cid ";
+	$qry_params['cid'] = $userinfo['customerid'];
+} else {
+	$certs_stmt_query .= "1 ";
+}
+
+// sorting by domain-name
+$certs_stmt_query .= $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit();
+
+$certs_stmt = Database::prepare($certs_stmt_query);
+Database::pexecute($certs_stmt, $qry_params);
+$all_certs = $certs_stmt->fetchAll(PDO::FETCH_ASSOC);
+$certificates = "";
+
+if (count($all_certs) == 0) {
+	$message = $lng['domains']['no_ssl_certificates'];
+	$sortcode = "";
+	$arrowcode = array('d.domain' => '');
+	$searchcode = "";
+	$pagingcode = "";
+	eval("\$certificates.=\"" . getTemplate("ssl_certificates/certs_error", true) . "\";");
+} else {
+	$paging->setEntries(count($all_certs));
+	$sortcode = $paging->getHtmlSortCode($lng);
+	$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
+	$searchcode = $paging->getHtmlSearchCode($lng);
+	$pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s);
+
+	foreach ($all_certs as $idx => $cert) {
+		if ($paging->checkDisplay($idx)) {
+
+			// respect froxlor-hostname
+			if ($cert['domainid'] == 0) {
+				$cert['domain'] = Settings::Get('system.hostname');
+				$cert['letsencrypt'] = Settings::Get('system.le_froxlor_enabled');
+				$cert['loginname'] = 'froxlor.panel';
+			}
+
+			if (empty($cert['domain']) || empty($cert['ssl_cert_file'])) {
+				// no domain found to the entry or empty entry - safely delete it from the DB
+				Database::pexecute($del_stmt, array(
+					'id' => $cert['id']
+				));
+				continue;
+			}
+
+			$cert_data = openssl_x509_parse($cert['ssl_cert_file']);
+
+			$cert['domain'] = $idna_convert->decode($cert['domain']);
+
+			$adminCustomerLink = "";
+			if (AREA == 'admin' && $cert['domainid'] > 0) {
+				if (! empty($cert['loginname'])) {
+					$adminCustomerLink = '&nbsp;(<a href="' . $linker->getLink(array(
+						'section' => 'customers',
+						'page' => 'customers',
+						'action' => 'su',
+						'id' => $cert['customerid']
+					)) . '" rel="external">' . $cert['loginname'] . '</a>)';
+				}
+			}
+
+			if ($cert_data) {
+				$validFrom = date('d.m.Y H:i:s', $cert_data['validFrom_time_t']);
+				$validTo = date('d.m.Y H:i:s', $cert_data['validTo_time_t']);
+
+				$isValid = true;
+				if ($cert_data['validTo_time_t'] < time()) {
+					$isValid = false;
+				}
+
+				$san_list = "";
+				if (isset($cert_data['extensions']['subjectAltName']) && !empty($cert_data['extensions']['subjectAltName'])) {
+					$SANs = explode(",", $cert_data['extensions']['subjectAltName']);
+					$SANs = array_map('trim', $SANs);
+					foreach ($SANs as $san) {
+						$san = str_replace("DNS:", "", $san);
+						if ($san != $cert_data['subject']['CN'] && strpos($san, "othername:") === false) {
+							$san_list .= $san."<br>";
+						}
+					}
+				}
+
+				$row = htmlentities_array($cert);
+				eval("\$certificates.=\"" . getTemplate("ssl_certificates/certs_cert", true) . "\";");
+			} else {
+				$message = sprintf($lng['domains']['ssl_certificate_error'], $cert['domain']);
+				eval("\$certificates.=\"" . getTemplate("ssl_certificates/certs_error", true) . "\";");
+			}
+		} else {
+			continue;
+		}
+	}
+}
+eval("echo \"" . getTemplate("ssl_certificates/certs_list", true) . "\";");

templates/Sparkle/admin/customers/customers_customer.tpl

@@ -26,16 +26,16 @@
 				<span>Webspace:</span>
 				<if $row['diskspace'] != 'UL'>
 					<if (($row['diskspace']/100)*(int)Settings::Get('system.report_webmax')) < $row['diskspace_used']>
-						<div class="progress progress-danger tipper" title="{$row['diskspace_used']} MiB {$lng['panel']['used']}, {$row['diskspace']} MiB {$lng['panel']['assigned']}">
+						<div class="progress progress-danger tipper" title="{$lng['panel']['used']}:<br>web: {$row['webspace_used']} {$lng['customer']['mib']}<br>mail: {$row['mailspace_used']} {$lng['customer']['mib']}<br>mysql: {$row['dbspace_used']} MiB<br><br>{$lng['panel']['assigned']}:<br>{$row['diskspace']} {$lng['customer']['mib']}">
 							<div class="bar" aria-valuenow="{$disk_percent}" aria-valuemin="0" aria-valuemax="100"></div>
 						</div>
 					<else>
 						<if (($row['diskspace']/100)*((int)Settings::Get('system.report_webmax') - 15)) < $row['diskspace_used']>
-							<div class="progress progress-warn tipper" title="{$row['diskspace_used']} MiB {$lng['panel']['used']}, {$row['diskspace']} MiB {$lng['panel']['assigned']}">
+							<div class="progress progress-warn tipper" title="{$lng['panel']['used']}:<br>web: {$row['webspace_used']} {$lng['customer']['mib']}<br>mail: {$row['mailspace_used']} {$lng['customer']['mib']}<br>mysql: {$row['dbspace_used']} MiB<br><br>{$lng['panel']['assigned']}:<br>{$row['diskspace']} {$lng['customer']['mib']}">
 								<div class="bar" aria-valuenow="{$disk_percent}" aria-valuemin="0" aria-valuemax="100"></div>
 							</div>
 						<else>
-							<div class="progress tipper" title="{$row['diskspace_used']} MiB {$lng['panel']['used']}, {$row['diskspace']} MiB {$lng['panel']['assigned']}">
+							<div class="progress tipper" title="{$lng['panel']['used']}:<br>web: {$row['webspace_used']} {$lng['customer']['mib']}<br>mail: {$row['mailspace_used']} {$lng['customer']['mib']}<br>mysql: {$row['dbspace_used']} MiB<br><br>{$lng['panel']['assigned']}:<br>{$row['diskspace']} {$lng['customer']['mib']}">
 								<div class="bar" aria-valuenow="{$disk_percent}" aria-valuemin="0" aria-valuemax="100"></div>
 							</div>
 						</if>

templates/Sparkle/admin/domains/domains_domain.tpl

@@ -20,8 +20,13 @@
 		<a href="{$linker->getLink(array('section' => 'domains', 'page' => $page, 'action' => 'edit', 'id' => $row['id']))}">
 			<img src="templates/{$theme}/assets/img/icons/edit.png" alt="{$lng['panel']['edit']}" title="{$lng['panel']['edit']}" />
 		</a>
+		<if $row['isbinddomain'] == '1' && Settings::Get('system.bind_enable') == '1' && Settings::Get('system.dnsenabled') == '1'>
+			&nbsp;<a href="{$linker->getLink(array('section' => 'domains', 'page' => 'domaindnseditor', 'domain_id' => $row['id']))}">
+				<img src="templates/{$theme}/assets/img/icons/dns_edit.png" alt="{$lng['dnseditor']['edit']}" title="{$lng['dnseditor']['edit']}" />
+			</a>
+		</if>
 		<if $row['letsencrypt'] == '1'>
-			<img src="templates/{$theme}/assets/img/icons/ssl_letsencrypt.png" alt="{$lng['panel']['letsencrypt']}" title="{$lng['panel']['letsencrypt']}" />
+			&nbsp;<img src="templates/{$theme}/assets/img/icons/ssl_letsencrypt.png" alt="{$lng['panel']['letsencrypt']}" title="{$lng['panel']['letsencrypt']}" />
 		</if>
 		<if !(isset($row['domainaliasid']) && $row['domainaliasid'] != 0) && $row['id'] != Settings::Get('system.hostname_id')>
 			<if !(isset($row['standardsubdomain']) && $row['standardsubdomain'] == $row['id'])>

templates/Sparkle/admin/domains/domains_edit.tpl

@@ -4,7 +4,7 @@ $header
 			<h2>
 				<img src="templates/{$theme}/assets/img/icons/domain_edit_big.png" alt="{$title}" />&nbsp;
 				{$title}
-				<if $result['isbinddomain'] == '1' && Settings::Get('system.dnsenabled') == '1'>
+				<if $result['isbinddomain'] == '1' && Settings::Get('system.bind_enable') == '1' && Settings::Get('system.dnsenabled') == '1'>
 					&nbsp;(<small><a href="{$linker->getLink(array('section' => 'domains', 'page' => 'domaindnseditor', 'domain_id' => $id))}">{$lng['dnseditor']['edit']}</a></small>)
 				</if>
 			</h2>

templates/Sparkle/admin/index/index.tpl

@@ -211,6 +211,10 @@ $header
 						</tr>
 					</thead>
 					<tbody>
+						<tr>
+							<td>{$lng['admin']['hostname']}:</td>
+							<td>{$system_hostname}</td>
+						</tr>
 						<tr>
 							<td>{$lng['admin']['serversoftware']}:</td>
 							<td>{$_SERVER['SERVER_SOFTWARE']}</td>
@@ -227,6 +231,10 @@ $header
 							<td>{$lng['admin']['webserverinterface']}:</td>
 							<td>$webserverinterface</td>
 						</tr>
+						<tr>
+							<td>{$lng['admin']['memory']}:</td>
+							<td><pre>$memory</pre></td>
+						</tr>
 						<tr>
 							<td>{$lng['admin']['sysload']}:</td>
 							<td>$load</td>

templates/Sparkle/assets/js/traffic.js

@@ -93,9 +93,9 @@ $(document).ready(function() {
 	};
 
 
-	$.plot('#ftpchart', ftpdata, options);
-	$.plot('#httpchart', httpdata, options);
-	$.plot('#mailchart', maildata, options);
+	$('#ftpchart').plot(ftpdata, options);
+	$('#httpchart').plot(httpdata, options);
+	$('#mailchart').plot(maildata, options);
 
 	$("<div id='tooltip'></div>").css({
 		position: "absolute",

templates/Sparkle/customer/domains/domains_domain.tpl

@@ -4,7 +4,8 @@
 <if $row['termination_date'] == ''>
 	<tr>
 </if>
-	<td><a href="http://{$row['domain']}" target="_blank">{$row['domain']}</a>
+	<td>
+		<a href="http://{$row['domain']}" target="_blank">{$row['domain']}</a>
 		<if $row['termination_date'] != ''>
 			<br><small><div class="red">({$lng['domains']['termination_date_overview']} {$row['termination_date']})</div></small>
 		</if>
@@ -24,6 +25,11 @@
 				<img src="templates/{$theme}/assets/img/icons/delete.png" alt="{$lng['panel']['delete']}" title="{$lng['panel']['delete']}" />
 			</a>&nbsp;
 		</if>
+		<if $row['isbinddomain'] == '1' && $userinfo['dnsenabled'] == '1' && $row['caneditdomain'] == '1' && Settings::Get('system.bind_enable') == '1' && Settings::Get('system.dnsenabled') == '1'>
+			<a href="{$linker->getLink(array('section' => 'domains', 'page' => 'domaindnseditor', 'domain_id' => $row['id']))}">
+				<img src="templates/{$theme}/assets/img/icons/dns_edit.png" alt="{$lng['dnseditor']['edit']}" title="{$lng['dnseditor']['edit']}" />
+			</a>&nbsp;
+		</if>
 		<if $show_ssledit == 1>
 			<a href="{$linker->getLink(array('section' => 'domains', 'page' => 'domainssleditor', 'action' => 'view', 'id' => $row['id']))}">
 				<img src="templates/{$theme}/assets/img/icons/ssl_<if $row['domain_hascert'] == 1>customer</if><if $row['domain_hascert'] == 2>shared</if><if $row['domain_hascert'] == 0>global</if>.png" alt="{$lng['panel']['ssleditor']}" title="{$lng['panel']['ssleditor']}" />

templates/Sparkle/customer/domains/domains_edit.tpl

@@ -4,7 +4,7 @@ $header
 		<h2>
 			<img src="templates/{$theme}/assets/img/icons/domain_edit_big.png" alt="{$title}" />&nbsp;
 			{$title}
-			<if $result['isbinddomain'] == '1' && $userinfo['dnsenabled'] == '1' && Settings::Get('system.dnsenabled') == '1'>
+			<if $result['isbinddomain'] == '1' && $userinfo['dnsenabled'] == '1' && Settings::Get('system.bind_enable') == '1' && Settings::Get('system.dnsenabled') == '1'>
 				&nbsp;(<small><a href="{$linker->getLink(array('section' => 'domains', 'page' => 'domaindnseditor', 'domain_id' => $id))}">{$lng['dnseditor']['edit']}</a></small>)
 			</if>
 		</h2>

templates/Sparkle/customer/ftp/accounts.tpl

@@ -30,6 +30,9 @@
 							<th>{$lng['login']['username']}&nbsp;{$arrowcode['username']}</th>
 							<th>{$lng['panel']['ftpdesc']}&nbsp;{$arrowcode['description']}</th>
 							<th>{$lng['panel']['path']}&nbsp;{$arrowcode['homedir']}</th>
+							<if Settings::Get('system.allow_customer_shell') == '1' >
+							<th>{$lng['panel']['shell']}</th>
+							</if>
 							<th>{$lng['panel']['options']}</th>
 						</tr>
 					</thead>
@@ -58,4 +61,3 @@
 		</section>
 	</article>
 $footer
-

templates/Sparkle/customer/ftp/accounts_account.tpl

@@ -2,6 +2,9 @@
 	<td>{$row['username']}</td>
 	<td>{$row['description']}</td>
 	<td>{$row['documentroot']}</td>
+	<if Settings::Get('system.allow_customer_shell') == '1' >
+		<td>{$row['shell']}</td>
+	</if>
 	<td>
 		<a href="{$linker->getLink(array('section' => 'ftp', 'page' => 'accounts', 'action' => 'edit', 'id' => $row['id']))}">
 			<img src="templates/{$theme}/assets/img/icons/edit.png" alt="{$lng['panel']['edit']}" title="{$lng['panel']['edit']}" />

templates/Sparkle/customer/index/index.tpl

@@ -71,8 +71,9 @@ $header
 					<small>
 						{$userinfo['email_accounts_used']} {$lng['panel']['used']}<br />
 						<if $userinfo['email_accounts'] != '∞'>
-						{$userinfo['email_accounts']} {$lng['panel']['available']}
+						{$userinfo['email_accounts']} {$lng['panel']['available']}<br />
 						</if>
+						{$userinfo['mailspace_used']} {$lng['customer']['mib']}
 					</small>
 				</div>
 				</if>
@@ -113,8 +114,9 @@ $header
 					<small>
 						{$userinfo['mysqls_used']} {$lng['panel']['used']}<br />
 						<if $userinfo['mysqls'] != '∞'>
-						{$userinfo['mysqls']} {$lng['panel']['available']}
+						{$userinfo['mysqls']} {$lng['panel']['available']}<br />
 						</if>
+						{$userinfo['dbspace_used']} {$lng['customer']['mib']}
 					</small>
 				</div>
 				</if>
@@ -248,4 +250,3 @@ $header
 		</div>
 	</article>
 $footer
-

templates/Sparkle/customer/traffic/traffic.tpl

@@ -37,12 +37,18 @@ $header
 	</form>
 	
 	<div id="charts" class="hidden">
+		<if !Settings::IsInList('panel.customer_hide_options','traffic.http')>
 			<h3>HTTP {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['http']})</h3>
 			<div id="httpchart" class="trafficchart"></div>
+		</if>			
+		<if !Settings::IsInList('panel.customer_hide_options','traffic.ftp')>
 			<h3>FTP {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['ftp']})</h3>
 			<div id="ftpchart" class="trafficchart"></div>
+		</if>			
+		<if !Settings::IsInList('panel.customer_hide_options','traffic.mail')>
 			<h3>Mail {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['mail']})</h3>
 			<div id="mailchart" class="trafficchart"></div>
+		</if>			
 	</div>
 </article>
 $footer

templates/Sparkle/customer/traffic/traffic_details.tpl

@@ -31,12 +31,18 @@ $header
 		</tbody>
 	</table>
 	<div id="charts" class="hidden">
+		<if !Settings::IsInList('panel.customer_hide_options','traffic.http')>
 			<h3>HTTP {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['http']})</h3>
 			<div id="httpchart" class="trafficchart"></div>
+		</if>
+		<if !Settings::IsInList('panel.customer_hide_options','traffic.ftp')>
 			<h3>FTP {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['ftp']})</h3>
 			<div id="ftpchart" class="trafficchart"></div>
+		</if>
+		<if !Settings::IsInList('panel.customer_hide_options','traffic.mail')>
 			<h3>Mail {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['mail']})</h3>
 			<div id="mailchart" class="trafficchart"></div>
+		</if>
 	</div>
 </article>
 $footer